| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
older compilers might not have -std for example.
the code is portable, but old compilers can't
compile with just "make", you have to add lots
of flags
i will now use "make strict" and "make hell"
in testing, but otherwise make without flags
are fine.
move the current strictness to command:
make strict
added an extra command:
make hell
hell uses -Weverything, and is useful with
clang's strict testing, on which i only got
a very small number of errors (it's way less
than a lot of programs would get with this
flag, because -Weverything is REALLY STRICT):
ja, mich nvmutil$ make hell CC=clang
clang -I. -Wall -Wextra -pedantic -std=c90 -Os -Werror -Weverything nvmutil.c -o nvmutil
In file included from nvmutil.c:35:
./nvmutil.h:225:16: error: padding struct 'struct commands' with 1 byte to align 'rw_size' [-Werror,-Wpadded]
225 | unsigned long rw_size; /* within the 4KB GbE part */
| ^
./nvmutil.h:217:8: error: padding size of 'struct commands' with 4 bytes to alignment boundary [-Werror,-Wpadded]
217 | struct commands {
| ^
./nvmutil.h:235:8: error: padding size of 'struct xfile' with 4 bytes to alignment boundary [-Werror,-Wpadded]
235 | struct xfile {
| ^
./nvmutil.h:288:16: error: padding struct 'struct xstate' with 4 bytes to align 'xsize' [-Werror,-Wpadded]
288 | unsigned long xsize;
| ^
nvmutil.c:617:43: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
617 | _r = rw_file_exact(f->gbe_fd, f->buf, f->gbe_file_size,
| ~~~~~~~~~~~~~ ~~~^~~~~~~~~~~~~
nvmutil.c:626:43: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
626 | _r = rw_file_exact(f->tmp_fd, f->buf, f->gbe_file_size,
| ~~~~~~~~~~~~~ ~~~^~~~~~~~~~~~~
nvmutil.c:654:46: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
654 | _r = rw_file_exact(f->tmp_fd, f->bufcmp, f->gbe_file_size,
| ~~~~~~~~~~~~~ ~~~^~~~~~~~~~~~~
nvmutil.c:661:39: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
661 | if (x_i_memcmp(f->buf, f->bufcmp, f->gbe_file_size) != 0)
| ~~~~~~~~~~ ~~~^~~~~~~~~~~~~
nvmutil.c:702:23: error: implicit conversion loses integer precision: 'int' to 'unsigned char' [-Werror,-Wimplicit-int-conversion]
702 | f->part_valid[_p] = good_checksum(_p);
| ~ ^~~~~~~~~~~~~~~~~
nvmutil.c:1045:21: error: implicit conversion loses integer precision: 'int' to 'unsigned char' [-Werror,-Wimplicit-int-conversion]
1045 | f->part_valid[0] = good_checksum(0);
| ~ ^~~~~~~~~~~~~~~~
nvmutil.c:1046:21: error: implicit conversion loses integer precision: 'int' to 'unsigned char' [-Werror,-Wimplicit-int-conversion]
1046 | f->part_valid[1] = good_checksum(1);
| ~ ^~~~~~~~~~~~~~~~
nvmutil.c:1170:45: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
1170 | (unsigned long)(p * (f->gbe_file_size >> 1)));
| ~ ~~~~~~~~~~~~~~~~~^~~~
nvmutil.c:1269:37: error: implicit conversion loses integer precision: 'int' to 'unsigned short' [-Werror,-Wimplicit-int-conversion]
1269 | return (unsigned short)f->buf[pos] |
| ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
1270 | ((unsigned short)f->buf[pos + 1] << 8);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nvmutil.c:1610:9: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
1609 | r = rw_file_exact(f->tmp_fd, f->bufcmp,
| ~~~~~~~~~~~~~
1610 | f->gbe_file_size, 0, IO_PREAD,
| ~~~^~~~~~~~~~~~~
nvmutil.c:1618:9: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
1617 | r = rw_file_exact(dest_fd, f->bufcmp,
| ~~~~~~~~~~~~~
1618 | f->gbe_file_size, 0, IO_PWRITE,
| ~~~^~~~~~~~~~~~~
nvmutil.c:1609:6: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
1609 | r = rw_file_exact(f->tmp_fd, f->bufcmp,
| ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1610 | f->gbe_file_size, 0, IO_PREAD,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1611 | NO_LOOP_EAGAIN, LOOP_EINTR,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
1612 | MAX_ZERO_RW_RETRY, OFF_ERR);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
nvmutil.c:1617:6: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
1617 | r = rw_file_exact(dest_fd, f->bufcmp,
| ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1618 | f->gbe_file_size, 0, IO_PWRITE,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1619 | NO_LOOP_EAGAIN, LOOP_EINTR,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
1620 | MAX_ZERO_RW_RETRY, OFF_ERR);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
nvmutil.c:1936:45: error: implicit conversion changes signedness: 'long' to 'unsigned long' [-Werror,-Wsign-conversion]
1936 | if (rv >= 0 && (unsigned long)rv > (nrw - rc))
| ~ ^~
nvmutil.c:2193:27: error: signed shift result (0x8000000000000000) sets the sign bit of the shift expression's type ('long') and becomes negative [-Werror,-Wshift-sign-overflow]
2193 | if (nrw > (unsigned long)X_LONG_MAX)
| ^~~~~~~~~~
./nvmutil.h:147:38: note: expanded from macro 'X_LONG_MAX'
147 | #define X_LONG_MAX ((long)(~((long)1 << (sizeof(long)*CHAR_BIT-1))))
| ~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make: *** [Makefile:42: hell] Fehler 1
in a future commit, i intend to fix all of these issues,
so that the code reliably compiles in hell-mode.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this program needs bits to be 8
some obscure systems set it to something else
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and add another
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i need to re-initialise r each time.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
yes, this begins the next phase of nvmutil:
remove global status in functions that should be
generic, and make functions that are not generic,
generic. make everything as re-useable in a library
as possible.
most of the program is error control, as it should
be, but much of it is mixed in with functions
that really should just be split up for libraries.
so that is what i'm now beginning.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i still use a global variable, but now only
one, which is a structure containing the
state of the entire program
now i can easily start modifying it to make
functions generic, and then i can start
making parts of it into easy libraries
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
for now still actually global, but i'm gradually
putting variables into a single global stucture
which will then allow me to make everything
local, which would then allow me to start
splitting up the program and modularising it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
run it for a bit longer
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's a pretty insane hack. i should probably
just use normal fchmod
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
also improved the macro, making it stricter
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
guards against replacement attacks, on systems
that support this flag
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i made the string longer, but forgot
to adjust it. the new random function
is also better
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we assume the fallback will be rare, so now we
make the mix static and keep xoring it, on the
theory that the number of failures on urandom
will be random, and tthat the fallback may only
apply once or twice in thousands of calls.
the time jitter is adjusted; rather than judge
the difference between two points close to each
other in time, we judge tthe randomness in
difference of time elapsed. this mitigates fast
CPUs being very fast and introducing rounding
errors, and also improves performonce on much
slower CPUs
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i was being cute earlier, but the rewrite
defeats the purpose of atomic file handling
in nvmutil, by not actually renaming! it was
more like, doing an actual copy, which meant
that corruption is likely during power loss
i've commented the code because i may
use it in a library in the future.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this improves reliability, making it more
likely that data actually gets synced,
since fsync can return -1 with EINTR,
indicating that a re-try should be
attempted.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
unreliable
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
better to just use standard names
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
arandom probably isn't available on super old obsd right??????
rather, unveil isn't. on systems that have arandom
yet we should not unveil something that may not
exist on modern systems
just don't unveil arandom, and don't check arandom
if unveil is enabled
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
some systems may not even have it
works with /dev/fd (bsd/mac etc)
works with linux (/proc/self/fd)
and falls back on super old systems
that have neither
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not compiling without it is a bug
don't let the default exclude it
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
settting it to -Werror is wrong, should set
it not -Werror.
however, put the WERROR variable in the make
command. that way, i could test with
make WERROR=-Werror
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and with that, now the code compiles on gcc
with -std=c90 -pedantic
with -Werror and -Wall -Wextra
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit bdb43afac6edef21a15f99b8c3beac01be8b86f7.
|
|
have A-Z too, for more randomness
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
