splatink/lbmk
1
0
Fork 0
mirror of https://codeberg.org/libreboot/lbmk.git synced 2026-03-25 21:39:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,768 Commits 23 Branches 45 Tags
cedcb2c68affcbfb94534b823ea2b3562958988e
Commit Graph

3768 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leah Rowe
cedcb2c68a util/nvmutil: tidy up io_args 
i don't like it grouped together. do it
all separate, for clarity.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 23:48:27 +00:00
Leah Rowe
8875a712ae util/nvmutil: tidy up err() 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 23:43:08 +00:00
Leah Rowe
23e7170897 util/nvmutil: re-add io_args() 
unified arg check for prw and rw_file_exact

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 23:35:24 +00:00
Leah Rowe
67a7f16ba2 util/nvmutil: rw_file_exact: check inputs also 
we check them in prw, but we used to rely
on prw because we called that first. no more.

it's correct to also check them here anyway,
in case i ever call another function here.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 23:29:11 +00:00
Leah Rowe
4db11cd4ed util/nvmutil: rw_over_nrw: err if nrw is zero 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 23:26:54 +00:00
Leah Rowe
9d7e990df4 util/nvmutil: rw: safer bound check 
avoid pointer-range overflow arithmetic. this
patch doesn't change behaviour, but makes an
overflow impossible.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 23:23:01 +00:00
Leah Rowe
e97f64cb33 util/nvmutil rw: make off_reset a toggle 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 23:17:53 +00:00
Leah Rowe
0e7ac43f28 util/nvmutil: rw_file_exact: explicit casts 
don't do it inside functions. some compilers may
be inconsistent, ditto several auditing tools.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 23:15:14 +00:00
Leah Rowe
7c79db20e3 util/nvmutil: fix potential overflow in rw 
off is signed, so converting that to unsigned
is better than converting rc (unsigned)
to signed. i had the right idea, but got
it wrong in the earlier version. this
should fix potential overflow issues.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 22:50:06 +00:00
Leah Rowe
ef4e9dc895 util/nvmutil: rw file: guard rc before addition 
otherwise, it could still overflow

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 22:47:16 +00:00
Leah Rowe
93603e1572 nvmutil: toggle for fd thread-safety err state 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 22:40:10 +00:00
Leah Rowe
0a4257f4ed util/nvmutil: clean up pwrite/pread case 
some unused variables if enabled. hide them.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 22:25:34 +00:00
Leah Rowe
f229c722a9 util/nvmutil: partially mitigate fd offset race 
our fallback pwrite/pread behaviour still does not
properly replicate the safety of real pwrite/pread

i intend to put this i/o code into a library for use
in other programs; nvmutil is single-threaded so
this change is largely redundant (but can't hurt)

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 22:15:33 +00:00
Leah Rowe
d66ba5f781 util/nvmutil: tidy up rw_file_exact 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 22:01:06 +00:00
Leah Rowe
1b0d348172 comment 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:57:06 +00:00
Leah Rowe
7b2761ee11 util/nvmutil: cleanup 
remove ptr casts to ulong. size_t is better.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:45:57 +00:00
Leah Rowe
c6aba2acdb nope, use size_t 
despite my cast, size_t is better for mem index

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:36:42 +00:00
Leah Rowe
46cd8b80c8 util/nvmutil: use ulong on ptr casts 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:33:22 +00:00
Leah Rowe
d6f3aadff1 util/nvmutil: remove rw_file_once 
we don't need it anymore.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:30:20 +00:00
Leah Rowe
74d26d446e util/nvmutil: move looping logic to rw_file_exact 
rw_file_once was doing what rw_file_exact should be
doing

_once does what it says: once

we were passing an offset (rc) to it that it was not
meaningfully using.

this makes the code now more robust, especially if
we later swap out or break _once - then we don't
get weird behaviour (if there is a regression).

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:25:24 +00:00
Leah Rowe
6bc7efe675 nvmutil: move increment logic to rw_file_exact 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:06:20 +00:00
Leah Rowe
d61f9f7f88 nvmutil: fix redundant check 
we already check not-zero in the next if

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 19:18:23 +00:00
Leah Rowe
6e21b2cd44 util/nvmutil: cast gbe file size on ptr cmp 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 19:15:59 +00:00
Leah Rowe
58a80f8c3f util/nvmutil: even safer pointer comparison 
we assert now that ulong is the size of a pointer,
therefore we know that it can fit a pointer reliably.

this code is written for c90 spec so lacks uintptr

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 19:13:38 +00:00
Leah Rowe
feb4db34a2 util/nvmutil: safer pointer comparison 
technically we're never supposed to do arithmetic on
pointers (there's uintptr for that)

very anal fix

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 19:09:34 +00:00
Leah Rowe
48d17cae0f util/nvmutil: enable arc4random on linux 
not available on older systems. can just pass
the relevant flag in the compiler:

HAVE_ARC4RANDOM_BUF=0 at build time if you need
the fallback.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:57:40 +00:00
Leah Rowe
b26a292d3e util/nvmutil: re-add arc4random 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:55:14 +00:00
Leah Rowe
430682d7e9 util/nvmutil: 5 retries, not 10 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:31:16 +00:00
Leah Rowe
3e0ec8cd5e util/nvmutil: check if gbe.bin is seekable 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:27:34 +00:00
Leah Rowe
e015e1103a util/nvmutil: check inode during post-verify 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:24:53 +00:00
Leah Rowe
cf5708957b util/nvmutil: warn about gbe.bin hard links 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:23:52 +00:00
Leah Rowe
a80c189011 util/nvmutil: guard file replacement attacks 
i already also guard other toctuo attacks :)

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:21:44 +00:00
Leah Rowe
ebffecf04b util/nvmutil: guard against unlinking file 
if someone deletes gbe.bin while operating, nvmutil
will now abort

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:19:46 +00:00
Leah Rowe
cde085d54e util/nvmutil: don't use /dev/urandom 
too over engineered and cumbersome.

the new security in prw() makes it brittle,
and i'd rather not move checks outside of it.

the fallback rand is random enough.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:11:48 +00:00
Leah Rowe
fac0017532 util/nvmutil: fix file check 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:02:11 +00:00
Leah Rowe
573fdf0b22 util/nvmutil: fix cast check 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 17:58:06 +00:00
Leah Rowe
ea210177fd util/nvmutil: more aggressive file checking 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 17:57:13 +00:00
Leah Rowe
01fd54bc11 util/nvmutil: prevent overflow in rw_file_exact 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 17:49:18 +00:00
Leah Rowe
c02dfc4c33 util/nvmutil: verify final offset in pwrite/pread 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 17:47:53 +00:00
Leah Rowe
276b9d34e8 util/nvmutil: check regular file in rw_file_exact 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 17:45:06 +00:00
Leah Rowe
94b89beef9 util/nvmutil: fix if (PWRITE) 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 16:16:55 +00:00
Leah Rowe
0e295fbdc4 util/nvmutil: don't check o_append in prw 
slow, per call. prw should be generic.

do it just for gbe files, once

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 16:13:48 +00:00
Leah Rowe
3efa7754cd util/nvmutil: configurable eintr/eagain 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 16:04:56 +00:00
Leah Rowe
c33e60531a util/nvmutil: configurable retries/pread 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 16:01:19 +00:00
Leah Rowe
144965d9e6 util/nvmutil: support real pwrite/pread 
build flag

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 15:52:10 +00:00
Leah Rowe
6d456e403b util/nvmutil: better commented I/O functions 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 15:33:38 +00:00
Leah Rowe
228bed20fe util/nvmutil: make eintr/eagain setup clearer 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 15:07:12 +00:00
Leah Rowe
bdd23b234b nvmutil: fix rval in close_files 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 07:28:06 +00:00
Leah Rowe
fbc0a62ab0 util/nvmutil: don't check write checksums on partial 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 07:24:37 +00:00
Leah Rowe
90ed69474c util/nvmutil: don't recurse err/close_files 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 07:20:50 +00:00