splatink/lbmk
1
0
Fork 0
mirror of https://codeberg.org/libreboot/lbmk.git synced 2026-03-28 23:19:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,756 Commits 22 Branches 45 Tags
f229c722a93c05abcc4cd544681d8d0cd1cfe204
Commit Graph

3756 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leah Rowe
f229c722a9 util/nvmutil: partially mitigate fd offset race 
our fallback pwrite/pread behaviour still does not
properly replicate the safety of real pwrite/pread

i intend to put this i/o code into a library for use
in other programs; nvmutil is single-threaded so
this change is largely redundant (but can't hurt)

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 22:15:33 +00:00
Leah Rowe
d66ba5f781 util/nvmutil: tidy up rw_file_exact 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 22:01:06 +00:00
Leah Rowe
1b0d348172 comment 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:57:06 +00:00
Leah Rowe
7b2761ee11 util/nvmutil: cleanup 
remove ptr casts to ulong. size_t is better.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:45:57 +00:00
Leah Rowe
c6aba2acdb nope, use size_t 
despite my cast, size_t is better for mem index

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:36:42 +00:00
Leah Rowe
46cd8b80c8 util/nvmutil: use ulong on ptr casts 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:33:22 +00:00
Leah Rowe
d6f3aadff1 util/nvmutil: remove rw_file_once 
we don't need it anymore.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:30:20 +00:00
Leah Rowe
74d26d446e util/nvmutil: move looping logic to rw_file_exact 
rw_file_once was doing what rw_file_exact should be
doing

_once does what it says: once

we were passing an offset (rc) to it that it was not
meaningfully using.

this makes the code now more robust, especially if
we later swap out or break _once - then we don't
get weird behaviour (if there is a regression).

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:25:24 +00:00
Leah Rowe
6bc7efe675 nvmutil: move increment logic to rw_file_exact 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 21:06:20 +00:00
Leah Rowe
d61f9f7f88 nvmutil: fix redundant check 
we already check not-zero in the next if

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 19:18:23 +00:00
Leah Rowe
6e21b2cd44 util/nvmutil: cast gbe file size on ptr cmp 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 19:15:59 +00:00
Leah Rowe
58a80f8c3f util/nvmutil: even safer pointer comparison 
we assert now that ulong is the size of a pointer,
therefore we know that it can fit a pointer reliably.

this code is written for c90 spec so lacks uintptr

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 19:13:38 +00:00
Leah Rowe
feb4db34a2 util/nvmutil: safer pointer comparison 
technically we're never supposed to do arithmetic on
pointers (there's uintptr for that)

very anal fix

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 19:09:34 +00:00
Leah Rowe
48d17cae0f util/nvmutil: enable arc4random on linux 
not available on older systems. can just pass
the relevant flag in the compiler:

HAVE_ARC4RANDOM_BUF=0 at build time if you need
the fallback.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:57:40 +00:00
Leah Rowe
b26a292d3e util/nvmutil: re-add arc4random 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:55:14 +00:00
Leah Rowe
430682d7e9 util/nvmutil: 5 retries, not 10 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:31:16 +00:00
Leah Rowe
3e0ec8cd5e util/nvmutil: check if gbe.bin is seekable 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:27:34 +00:00
Leah Rowe
e015e1103a util/nvmutil: check inode during post-verify 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:24:53 +00:00
Leah Rowe
cf5708957b util/nvmutil: warn about gbe.bin hard links 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:23:52 +00:00
Leah Rowe
a80c189011 util/nvmutil: guard file replacement attacks 
i already also guard other toctuo attacks :)

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:21:44 +00:00
Leah Rowe
ebffecf04b util/nvmutil: guard against unlinking file 
if someone deletes gbe.bin while operating, nvmutil
will now abort

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:19:46 +00:00
Leah Rowe
cde085d54e util/nvmutil: don't use /dev/urandom 
too over engineered and cumbersome.

the new security in prw() makes it brittle,
and i'd rather not move checks outside of it.

the fallback rand is random enough.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:11:48 +00:00
Leah Rowe
fac0017532 util/nvmutil: fix file check 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 18:02:11 +00:00
Leah Rowe
573fdf0b22 util/nvmutil: fix cast check 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 17:58:06 +00:00
Leah Rowe
ea210177fd util/nvmutil: more aggressive file checking 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 17:57:13 +00:00
Leah Rowe
01fd54bc11 util/nvmutil: prevent overflow in rw_file_exact 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 17:49:18 +00:00
Leah Rowe
c02dfc4c33 util/nvmutil: verify final offset in pwrite/pread 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 17:47:53 +00:00
Leah Rowe
276b9d34e8 util/nvmutil: check regular file in rw_file_exact 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 17:45:06 +00:00
Leah Rowe
94b89beef9 util/nvmutil: fix if (PWRITE) 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 16:16:55 +00:00
Leah Rowe
0e295fbdc4 util/nvmutil: don't check o_append in prw 
slow, per call. prw should be generic.

do it just for gbe files, once

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 16:13:48 +00:00
Leah Rowe
3efa7754cd util/nvmutil: configurable eintr/eagain 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 16:04:56 +00:00
Leah Rowe
c33e60531a util/nvmutil: configurable retries/pread 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 16:01:19 +00:00
Leah Rowe
144965d9e6 util/nvmutil: support real pwrite/pread 
build flag

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 15:52:10 +00:00
Leah Rowe
6d456e403b util/nvmutil: better commented I/O functions 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 15:33:38 +00:00
Leah Rowe
228bed20fe util/nvmutil: make eintr/eagain setup clearer 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 15:07:12 +00:00
Leah Rowe
bdd23b234b nvmutil: fix rval in close_files 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 07:28:06 +00:00
Leah Rowe
fbc0a62ab0 util/nvmutil: don't check write checksums on partial 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 07:24:37 +00:00
Leah Rowe
90ed69474c util/nvmutil: don't recurse err/close_files 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 07:20:50 +00:00
Leah Rowe
1a8896b82d util/nvmutil: restore pad before reading to it 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 06:40:21 +00:00
Leah Rowe
0d908923a3 util/nvmutil: don't show checksum on bad pwrite 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 06:33:25 +00:00
Leah Rowe
4af9f431da util/nvmutil: always restore saved errno 
the last lseek there is only there to reset
state, so its errors are irrelevant.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 06:21:58 +00:00
Leah Rowe
b1725b6a84 util/nvmutil: post-write verification report 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 06:13:25 +00:00
Leah Rowe
ee511881b3 util/nvmutil: optimise fsync / write check 
write all at once, then sync all at once,
then verify all at once.

this increases the chancce that all data
gets written first, in the case of power
less, because fsync may take a while on
some systems.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 04:47:28 +00:00
Leah Rowe
05b39d2ff2 util/nvmutil: set EIO on bad memcmp 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 04:06:29 +00:00
Leah Rowe
55564d4064 util/nvmutil: split up rw_gbe_file_part 
the post-verification stage deserves a function

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 03:55:12 +00:00
Leah Rowe
eb8a297ba0 util/nvmutil: detect partial gbe rw 
we already covered this in prw() which is
what ultimately gets called, but still.

it's logically correct not to check it here.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 03:40:46 +00:00
Leah Rowe
76a00c48b4 util/nvmutil: verify gbe contents after writing 
read it back and check. sync to disk first.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 03:26:07 +00:00
Leah Rowe
36f48e055f util/nvmutil: consistent types 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 02:51:53 +00:00
Leah Rowe
c1ff35b781 util/nvmutil: handle zero return in rw_file_exact 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 01:18:57 +00:00
Leah Rowe
ad44c1f9b4 util/nvmutil: rename lseek_eintr 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-14 01:04:03 +00:00