splatink/lbmk
1
0
Fork 0
mirror of https://codeberg.org/libreboot/lbmk.git synced 2026-03-25 13:29:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,898 Commits 23 Branches 45 Tags
27371af4bc6d3b1dfec6a498585769ccdb3b15f6
Commit Graph

3898 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leah Rowe
27371af4bc nvmutil: split nvmutil.c into multiple files 
this is a big program now. act like it.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 13:37:06 +00:00
Leah Rowe
722ed03179 util/nvmutil: remove global variable x 
make a singleton function instead

now there are technically no global variables,
so i can more easily start splitting this up
into multiple linked programs

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 07:17:40 +00:00
Leah Rowe
5c51352cf7 nvmutil: disable arc4random on obsd below 2.1 
arc4random added in openbsd 2,1

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 05:18:23 +00:00
Leah Rowe
71da2f53cf util/nvmutil: initialise st in tmpdir 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 05:13:02 +00:00
Leah Rowe
3b389d4aec util/nvmutil: use strlen for tmpdir length 
sizeof includes the null

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 05:08:54 +00:00
Leah Rowe
ee5ff03765 nvmutil tmpdir: check world-writeable / sticky bits 
must be world writeable and not have sticky bits

a bit theoretical, but we're also reading TMPDIR,
which could be anything

due to how this is called, it defaults back to /tmp
if null is returned, so itt's safe

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:53:10 +00:00
Leah Rowe
4810284f12 nvmutil: fix modulo bias in mkstemp 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:45:53 +00:00
Leah Rowe
8d467ecea9 util/nvmutil: limit EAGAIN/EINTR retries 
set it really high though, so it's still
basically reliably

an EINTR/EAGAIN storm could cause problems
in prw()

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:44:36 +00:00
Leah Rowe
3f2a6e749f util/nvmutil: use real fsync 
that function i added was a load of crap. it
worked, but it was a bit dumb, and crap.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:39:50 +00:00
Leah Rowe
ef2d5ccdf4 nvmutil: don't disable blocking on random 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:36:04 +00:00
Leah Rowe
e48a8046d3 re-add arc4random in nvmutil 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:33:14 +00:00
Leah Rowe
1d1f721d85 util/nvmutil: remove randomness fallback 
not secure. i'll just re-add arc4random

and use urandom as the fallback

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:26:10 +00:00
Leah Rowe
1ecea3247d nvmutil: don't read urandom fd if fd not open 
yeah. obvious bug

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:21:18 +00:00
Leah Rowe
7d5384ebb0 nvmutil: new urandom fd every time (rlong) 
otherwise, a stale descriptor could be manipulated
easily by an attacker over time

very theoretical to be honest

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:18:58 +00:00
Leah Rowe
fb9e660367 util/nvmutil: fix typo in unveil call 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:14:47 +00:00
Leah Rowe
410408cece util/nvmutil: fix rlong static variables 
whoops

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:13:50 +00:00
Leah Rowe
6b41b901ce nvmutil: remove redundant srand call 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:06:23 +00:00
Leah Rowe
6be315cf04 nvmutil: remove redundant check 
the actual cat function just writes to stdout

we need only check that the input is null, which
i've now done.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 04:04:44 +00:00
Leah Rowe
0fd3858953 util/nvmutil: obsessively check null cmd 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 03:53:05 +00:00
Leah Rowe
982c1146b3 util/nvmutil: tidy up variables 
where feasible, don't assign them at declaration

this is especially important for the next change
i'm working on

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 03:17:38 +00:00
Leah Rowe
9c450d8528 stricter S_ISREG check 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 01:52:43 +00:00
Leah Rowe
6262826627 nvmutil: even stronger double-run protection 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 00:29:33 +00:00
Leah Rowe
2723a9ccd8 util/nvmutil: guard against running twice 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 00:16:01 +00:00
Leah Rowe
6def381e3c nvmutil: make commands check themselves 
check yourself before you execute yourself

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-18 00:09:55 +00:00
Leah Rowe
ec96cb46fc util/nvmutil: check file flags properly 
masking O_ACCMODE tells you which flag it is

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 22:26:17 +00:00
Leah Rowe
6fe909f9f7 util/nvmutil: tighter pledge and unveil 
call it sooner. set new_state afterward.

i had to uncouple nv from some functions
for this, and i also added some extra
checks especially at exit, about whether
to touch nv (whether it is initialised)

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 22:21:16 +00:00
Leah Rowe
9573d872f3 util/nvmutil: stricter work buf check 
check it right after initialisation

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 21:43:37 +00:00
Leah Rowe
d01aedd289 79-character rule must be obeyed 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 21:40:25 +00:00
Leah Rowe
3fba6f2d64 util/nvmutil: fix comment 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 21:24:04 +00:00
Leah Rowe
16d50d42da util/nvmutil: default to clang on make-hell 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 21:00:43 +00:00
Leah Rowe
dcdbd5eda1 util/nvmutil: tidy up memcmp 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 20:35:10 +00:00
Leah Rowe
952a3d52a5 nvmutil: add suffixes to makefile 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 19:39:27 +00:00
Leah Rowe
63f0fe9702 nvmutil: tidy up the makefile 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 19:35:50 +00:00
Leah Rowe
fd1bafecd1 util/nvmutil: portable default make rules 
older compilers might not have -std for example.

the code is portable, but old compilers can't
compile with just "make", you have to add lots
of flags

i will now use "make strict" and "make hell"
in testing, but otherwise make without flags
are fine.

move the current strictness to command:

make strict

added an extra command:

make hell

hell uses -Weverything, and is useful with
clang's strict testing, on which i only got
a very small number of errors (it's way less
than a lot of programs would get with this
flag, because -Weverything is REALLY STRICT):

ja, mich nvmutil$ make hell CC=clang
clang -I.   -Wall -Wextra -pedantic -std=c90 -Os -Werror -Weverything nvmutil.c -o nvmutil
In file included from nvmutil.c:35:
./nvmutil.h:225:16: error: padding struct 'struct commands' with 1 byte to align 'rw_size' [-Werror,-Wpadded]
  225 |         unsigned long rw_size; /* within the 4KB GbE part */
      |                       ^
./nvmutil.h:217:8: error: padding size of 'struct commands' with 4 bytes to alignment boundary [-Werror,-Wpadded]
  217 | struct commands {
      |        ^
./nvmutil.h:235:8: error: padding size of 'struct xfile' with 4 bytes to alignment boundary [-Werror,-Wpadded]
  235 | struct xfile {
      |        ^
./nvmutil.h:288:16: error: padding struct 'struct xstate' with 4 bytes to align 'xsize' [-Werror,-Wpadded]
  288 |         unsigned long xsize;
      |                       ^
nvmutil.c:617:43: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
  617 |         _r = rw_file_exact(f->gbe_fd, f->buf, f->gbe_file_size,
      |              ~~~~~~~~~~~~~                    ~~~^~~~~~~~~~~~~
nvmutil.c:626:43: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
  626 |         _r = rw_file_exact(f->tmp_fd, f->buf, f->gbe_file_size,
      |              ~~~~~~~~~~~~~                    ~~~^~~~~~~~~~~~~
nvmutil.c:654:46: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
  654 |         _r = rw_file_exact(f->tmp_fd, f->bufcmp, f->gbe_file_size,
      |              ~~~~~~~~~~~~~                       ~~~^~~~~~~~~~~~~
nvmutil.c:661:39: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
  661 |         if (x_i_memcmp(f->buf, f->bufcmp, f->gbe_file_size) != 0)
      |             ~~~~~~~~~~                    ~~~^~~~~~~~~~~~~
nvmutil.c:702:23: error: implicit conversion loses integer precision: 'int' to 'unsigned char' [-Werror,-Wimplicit-int-conversion]
  702 |                 f->part_valid[_p] = good_checksum(_p);
      |                                   ~ ^~~~~~~~~~~~~~~~~
nvmutil.c:1045:21: error: implicit conversion loses integer precision: 'int' to 'unsigned char' [-Werror,-Wimplicit-int-conversion]
 1045 |         f->part_valid[0] = good_checksum(0);
      |                          ~ ^~~~~~~~~~~~~~~~
nvmutil.c:1046:21: error: implicit conversion loses integer precision: 'int' to 'unsigned char' [-Werror,-Wimplicit-int-conversion]
 1046 |         f->part_valid[1] = good_checksum(1);
      |                          ~ ^~~~~~~~~~~~~~~~
nvmutil.c:1170:45: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
 1170 |                     (unsigned long)(p * (f->gbe_file_size >> 1)));
      |                                       ~  ~~~~~~~~~~~~~~~~~^~~~
nvmutil.c:1269:37: error: implicit conversion loses integer precision: 'int' to 'unsigned short' [-Werror,-Wimplicit-int-conversion]
 1269 |         return (unsigned short)f->buf[pos] |
      |         ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
 1270 |             ((unsigned short)f->buf[pos + 1] << 8);
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nvmutil.c:1610:9: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
 1609 |         r = rw_file_exact(f->tmp_fd, f->bufcmp,
      |             ~~~~~~~~~~~~~
 1610 |             f->gbe_file_size, 0, IO_PREAD,
      |             ~~~^~~~~~~~~~~~~
nvmutil.c:1618:9: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
 1617 |         r = rw_file_exact(dest_fd, f->bufcmp,
      |             ~~~~~~~~~~~~~
 1618 |             f->gbe_file_size, 0, IO_PWRITE,
      |             ~~~^~~~~~~~~~~~~
nvmutil.c:1609:6: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
 1609 |         r = rw_file_exact(f->tmp_fd, f->bufcmp,
      |           ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1610 |             f->gbe_file_size, 0, IO_PREAD,
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1611 |             NO_LOOP_EAGAIN, LOOP_EINTR,
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1612 |             MAX_ZERO_RW_RETRY, OFF_ERR);
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~
nvmutil.c:1617:6: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
 1617 |         r = rw_file_exact(dest_fd, f->bufcmp,
      |           ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1618 |             f->gbe_file_size, 0, IO_PWRITE,
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1619 |             NO_LOOP_EAGAIN, LOOP_EINTR,
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1620 |             MAX_ZERO_RW_RETRY, OFF_ERR);
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~
nvmutil.c:1936:45: error: implicit conversion changes signedness: 'long' to 'unsigned long' [-Werror,-Wsign-conversion]
 1936 |                 if (rv >= 0 && (unsigned long)rv > (nrw - rc))
      |                                                         ~ ^~
nvmutil.c:2193:27: error: signed shift result (0x8000000000000000) sets the sign bit of the shift expression's type ('long') and becomes negative [-Werror,-Wshift-sign-overflow]
 2193 |         if (nrw > (unsigned long)X_LONG_MAX)
      |                                  ^~~~~~~~~~
./nvmutil.h:147:38: note: expanded from macro 'X_LONG_MAX'
  147 | #define X_LONG_MAX ((long)(~((long)1 << (sizeof(long)*CHAR_BIT-1))))
      |                              ~~~~~~~ ^  ~~~~~~~~~~~~~~~~~~~~~~~~~
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make: *** [Makefile:42: hell] Fehler 1

in a future commit, i intend to fix all of these issues,
so that the code reliably compiles in hell-mode.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 19:08:49 +00:00
Leah Rowe
5ab3b11446 util/nvmutil: move asserts to header 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 18:30:07 +00:00
Leah Rowe
2cb1797acc nvmutil: extremely defensive CHAR_BIT test 
this program needs bits to be 8

some obscure systems set it to something else

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 18:28:01 +00:00
Leah Rowe
cb8ac86bd4 util/nvmutil: add defensive buffer check 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 18:19:40 +00:00
Leah Rowe
b00fb6127e util/nvmutil: remove stale comment 
and add another

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 18:09:34 +00:00
Leah Rowe
15b8cd7833 util/nvmutil: fix randomness in mkstemp 
i need to re-initialise r each time.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 17:36:11 +00:00
Leah Rowe
0db9cc321f util/nvmutil: split up copy_gbe 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 17:29:07 +00:00
Leah Rowe
6e63106dae util/nvmuti: make fsync_dir() generic 
yes, this begins the next phase of nvmutil:

remove global status in functions that should be
generic, and make functions that are not generic,
generic. make everything as re-useable in a library
as possible.

most of the program is error control, as it should
be, but much of it is mixed in with functions
that really should just be split up for libraries.

so that is what i'm now beginning.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 16:59:50 +00:00
Leah Rowe
6b1757da57 prototype for new_state() in nvmutil 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 08:09:27 +00:00
Leah Rowe
9a9bcfe070 util/nvmutil: split up nvmutil.c 
i still use a global variable, but now only
one, which is a structure containing the
state of the entire program

now i can easily start modifying it to make
functions generic, and then i can start
making parts of it into easy libraries

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 07:49:17 +00:00
Leah Rowe
730c8b47b2 cleanup 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 03:09:27 +00:00
Leah Rowe
1d123b1f50 util/nvmutil: start removing global state 
for now still actually global, but i'm gradually
putting variables into a single global stucture
which will then allow me to make everything
local, which would then allow me to start
splitting up the program and modularising it.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-17 03:05:37 +00:00
Leah Rowe
14857555ed nvmutil: stronger entropy_jitter() 
run it for a bit longer

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 22:09:26 +00:00
Leah Rowe
db4df52576 util/nvmutil: don't use strcpy 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 22:05:42 +00:00
Leah Rowe
4f581950c2 util/nvmutil: check fd path in try_fdpath 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 22:02:17 +00:00
Leah Rowe
045d85dcc5 util/nvmutil: add bound check to x_try_fdpath 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:53:30 +00:00
Leah Rowe
841fe878f3 another comment 
it's a pretty insane hack. i should probably
just use normal fchmod

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:51:01 +00:00