splatink/lbmk
1
0
Fork 0
mirror of https://codeberg.org/libreboot/lbmk.git synced 2026-03-25 13:29:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: splatink:e2d873415083fbddb965bece133090628cbab772
Branches Tags
splatink:master splatink:mkhtemp-wip splatink:26.01_branch splatink:x270wip splatink:chromebookwip1 splatink:25.06_branch splatink:25.04_branch splatink:20241206_branch splatink:20241206-t480-thunderbolt-unstable splatink:m920qwip splatink:3050wip splatink:20240612_branch splatink:quackboot splatink:audit6 splatink:9020tpm splatink:haswell/nri-update splatink:9020nri splatink:9020vga splatink:btrfsvols splatink:a88hm_test splatink:msater splatink:testxz splatink:fsdg20230625
splatink:26.01rev1 splatink:26.01 splatink:26.01rc4 splatink:26.01rc3 splatink:26.01rc2 splatink:26.01rc1 splatink:25.06 splatink:25.04rev1 splatink:25.04 splatink:20241206rev11 splatink:20241206rev10 splatink:20241206rev9 splatink:20241206rev8 splatink:20241206rev7 splatink:20241206rev6 splatink:20241206rev5 splatink:20241206rev4 splatink:20241206rev3 splatink:20241206rev2 splatink:20241206rev1 splatink:20241206 splatink:20241205 splatink:20241008 splatink:20240612rev3 splatink:20240612rev2 splatink:20240612rev1 splatink:20240612 splatink:20240504 splatink:20240225 splatink:20240126 splatink:20231106 splatink:20231101 splatink:20231021fix2 splatink:20231021fix splatink:20231021 splatink:c20230710 splatink:20230625 splatink:20230423 splatink:20230413 splatink:20230319 splatink:20221214 splatink:psdg splatink:20220710 splatink:20211122 splatink:20210522
...
compare: splatink:045d85dcc57fc32cd89ed695ab1d85fc5f680973
Branches Tags
splatink:mkhtemp-wip splatink:master splatink:26.01_branch splatink:x270wip splatink:chromebookwip1 splatink:25.06_branch splatink:25.04_branch splatink:20241206_branch splatink:20241206-t480-thunderbolt-unstable splatink:m920qwip splatink:3050wip splatink:20240612_branch splatink:quackboot splatink:audit6 splatink:9020tpm splatink:haswell/nri-update splatink:9020nri splatink:9020vga splatink:btrfsvols splatink:a88hm_test splatink:msater splatink:testxz splatink:fsdg20230625
splatink:26.01rev1 splatink:26.01 splatink:26.01rc4 splatink:26.01rc3 splatink:26.01rc2 splatink:26.01rc1 splatink:25.06 splatink:25.04rev1 splatink:25.04 splatink:20241206rev11 splatink:20241206rev10 splatink:20241206rev9 splatink:20241206rev8 splatink:20241206rev7 splatink:20241206rev6 splatink:20241206rev5 splatink:20241206rev4 splatink:20241206rev3 splatink:20241206rev2 splatink:20241206rev1 splatink:20241206 splatink:20241205 splatink:20241008 splatink:20240612rev3 splatink:20240612rev2 splatink:20240612rev1 splatink:20240612 splatink:20240504 splatink:20240225 splatink:20240126 splatink:20231106 splatink:20231101 splatink:20231021fix2 splatink:20231021fix splatink:20231021 splatink:c20230710 splatink:20230625 splatink:20230423 splatink:20230413 splatink:20230319 splatink:20221214 splatink:psdg splatink:20220710 splatink:20211122 splatink:20210522

51 Commits
e2d8734150 ... 045d85dcc5

Author SHA1 Message Date
Leah Rowe
045d85dcc5 util/nvmutil: add bound check to x_try_fdpath 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:53:30 +00:00
Leah Rowe
841fe878f3 another comment 
it's a pretty insane hack. i should probably
just use normal fchmod

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:51:01 +00:00
Leah Rowe
ce139ab0ae comment 
also improved the macro, making it stricter

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:46:06 +00:00
Leah Rowe
82f38ed87a cleanup (fix potential overflow in mkstemp) 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:17:54 +00:00
Leah Rowe
26a2224d82 fsync_dir: abort if path length is empty 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:15:01 +00:00
Leah Rowe
ed9eae213b nvmutil: prevent theoretical overflow on time() 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:13:13 +00:00
Leah Rowe
ca76a35f93 also O_NOFOLLOW 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:09:05 +00:00
Leah Rowe
a622151965 util/nvmutil: dir fsync with O_DIRECTORY 
guards against replacement attacks, on systems
that support this flag

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:07:49 +00:00
Leah Rowe
ea9d108529 util/nvmutil: fix mkstemp randomness 
i made the string longer, but forgot
to adjust it. the new random function
is also better

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:06:15 +00:00
Leah Rowe
5d0d74af4c cast 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:01:33 +00:00
Leah Rowe
e33831ef20 util/nvmutil: more reliable fallback crypto 
we assume the fallback will be rare, so now we
make the mix static and keep xoring it, on the
theory that the number of failures on urandom
will be random, and tthat the fallback may only
apply once or twice in thousands of calls.

the time jitter is adjusted; rather than judge
the difference between two points close to each
other in time, we judge tthe randomness in
difference of time elapsed. this mitigates fast
CPUs being very fast and introducing rounding
errors, and also improves performonce on much
slower CPUs

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 21:00:07 +00:00
Leah Rowe
46432005ed util/nvmutil: use real rename() syscall 
i was being cute earlier, but the rewrite
defeats the purpose of atomic file handling
in nvmutil, by not actually renaming! it was
more like, doing an actual copy, which meant
that corruption is likely during power loss

i've commented the code because i may
use it in a library in the future.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 19:56:53 +00:00
Leah Rowe
4bcb671755 nvmutil: harden against hardlink attacks 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 18:41:03 +00:00
Leah Rowe
04fc4259d8 redundancy 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 18:38:21 +00:00
Leah Rowe
b76166f7e0 util/nvmutil: loop EINTR on fsync 
this improves reliability, making it more
likely that data actually gets synced,
since fsync can return -1 with EINTR,
indicating that a re-try should be
attempted.

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 18:35:35 +00:00
Leah Rowe
9f9e220ff9 pointer safety 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 18:28:36 +00:00
Leah Rowe
655ce99d74 don't use PATH_MAX 
unreliable

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 18:22:29 +00:00
Leah Rowe
ff769306ba macro safety 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 18:19:42 +00:00
Leah Rowe
7da3173ead util/nvmutil: portable S_IFMT 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 18:18:44 +00:00
Leah Rowe
8bd04bc5ad util/nvmutil: remove integer typedefs 
better to just use standard names

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 18:14:53 +00:00
Leah Rowe
3c4ad4231f util/nvmutil: remove global statics 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 18:11:30 +00:00
Leah Rowe
31a5ab3e15 util/nvmutil: fix unveil usage 
arandom probably isn't available on super old obsd right??????

rather, unveil isn't. on systems that have arandom

yet we should not unveil something that may not
exist on modern systems

just don't unveil arandom, and don't check arandom
if unveil is enabled

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 17:30:03 +00:00
Leah Rowe
a4b2d0218a util/nvmutil: proper /dev/fd search in fchmod 
some systems may not even have it

works with /dev/fd (bsd/mac etc)

works with linux (/proc/self/fd)

and falls back on super old systems
that have neither

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 17:14:20 +00:00
Leah Rowe
8b887eb7b2 util/nvmutil: tidy up makefile options 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:59:17 +00:00
Leah Rowe
f05776f5ff nope. put -Werror in the makefile 
not compiling without it is a bug

don't let the default exclude it

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:57:53 +00:00
Leah Rowe
4437e41b38 nvmutil makefile: define WERROR but blank it 
settting it to -Werror is wrong, should set
it not -Werror.

however, put the WERROR variable in the make
command. that way, i could test with

make WERROR=-Werror

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:54:17 +00:00
Leah Rowe
849a73012e util/nvmutil: portable fchmod 
and with that, now the code compiles on gcc
with -std=c90 -pedantic

with -Werror and -Wall -Wextra

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:52:28 +00:00
Leah Rowe
fb4f263005 Revert "util/nvmutil: don't use fsync()" 
This reverts commit bdb43afac6.
 2026-03-16 16:39:59 +00:00
Leah Rowe
9ef92b3b25 util/nvmutil: longer string in mkstemp 
have A-Z too, for more randomness

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:38:47 +00:00
Leah Rowe
7674550083 util/nvmutil: don't use mktemp 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:36:07 +00:00
Leah Rowe
1cc7c91b2c util/nvmutil: don't declare libc prototypes 
i no longer use -Werror

these can actually conflict on some weird
systems, so better just remove them

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:32:23 +00:00
Leah Rowe
9b82c8fe11 util/nvmutil: portable memcpy/memcmp 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:27:56 +00:00
Leah Rowe
806993621c util/nvmutil: more portable close() 
close may set errno to EINTR, which could
cause weird edge case behaviour in our
prw() functtion

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:21:07 +00:00
Leah Rowe
a261bab075 util/nvmutil: more secure tmpdir() 
use stat instead of access (race conditions)

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:19:27 +00:00
Leah Rowe
bc2cf24993 util/nvmutil: fix O_NONBLOCK fallback 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:16:58 +00:00
Leah Rowe
f62ac24d8f util/nvmutil: more secure mkstemp 
try a few more times until success

explicitly return EEXIST when needed

we try multiple times and check more
thoroughly if a file exists, thus
reducing the risk of race conditions

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:13:50 +00:00
Leah Rowe
e5e107d8cd util/nvmutil: more reliable TMPDIR handling 
more portable

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:10:25 +00:00
Leah Rowe
bdb43afac6 util/nvmutil: don't use fsync() 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:05:45 +00:00
Leah Rowe
d345712172 util/nvmutil: more portable functtions 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 16:00:49 +00:00
Leah Rowe
7d5ada2272 util/nvmutil: add portable malloc extern 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:50:52 +00:00
Leah Rowe
6744867e4e util/nvmutil: don't use size_t/ssize_t 
not portable. some old systems don't have it,
or handle it very poorly

unsigned long is a reasonable way to refer
to indexes inside pointters

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:46:19 +00:00
Leah Rowe
7a66c78016 util/nvmutil: don't use SSIZE_MAX (not portable) 
some old systems don't have ssize_t or size_t

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:43:06 +00:00
Leah Rowe
d2d2fb778a util/nvmutil: typeset size_t explicitly 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:40:05 +00:00
Leah Rowe
440d6ce5ba util/nvmutil: run-time CHAR_BIT test 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:36:10 +00:00
Leah Rowe
f3956a2482 util/nvmutil: lower default PATH_LEN 
older unix needed lower

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:34:28 +00:00
Leah Rowe
37387a8e2d util/nvmutil: portable struct timeval 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:33:02 +00:00
Leah Rowe
36344f84b5 util/nvmutil: portable S_ISREG 
very old libc doesn't have it

Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:23:20 +00:00
Leah Rowe
06ff9d27e8 mktemp prototype 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:22:28 +00:00
Leah Rowe
139f19f867 util/nvmutil: portable gettimeofday 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:22:23 +00:00
Leah Rowe
4ecce163d6 util/nvmutil: use portable mkstemp 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:15:53 +00:00
Leah Rowe
68ef78e439 util/nvmutil: better urandom portability 
Signed-off-by: Leah Rowe <leah@libreboot.org>
 2026-03-16 15:10:49 +00:00
2 changed files with 775 additions and 457 deletions
Expand all files Collapse all files

7
util/nvmutil/Makefile
View File

@@ -7,18 +7,21 @@ CSTD?=-std=c90
WERROR?=-Werror
CWARN?=-Wall -Wextra -pedantic
COPT?=-Os
CFLAGS?=-I. $(COPT) $(CWARN) $(CSTD)
CFLAGS?=$(CWARN) $(CSTD)
LDFLAGS?=
DESTDIR?=
PREFIX?=/usr/local
INSTALL?=install
LDIR?=-I.
OPTS=$(LDIR) $(COPT) $(WERROR) $(CFLAGS) $(LDFLAGS)
PROG=nvmutil
all: $(PROG)
$(PROG): nvmutil.c
$(CC) $(CFLAGS) $(LDFLAGS) nvmutil.c -o $(PROG)
$(CC) $(OPTS) nvmutil.c -o $(PROG)
install: $(PROG)
$(INSTALL) -d $(DESTDIR)$(PREFIX)/bin

1225
util/nvmutil/nvmutil.c
View File

File diff suppressed because it is too large Load Diff