Commit Graph

1056 Commits (4708da2ca9a72520f39749b3b34b0bdc2fbfa15d)

Author SHA1 Message Date
Leah Rowe 334bfedfd4 util/spkmodem-recv: simplify sample_cnt/char reset
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-05 02:05:36 +01:00
Leah Rowe 4a6b582777 util/spkmodem-recv: print stats in other function
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-05 01:57:20 +01:00
Leah Rowe 2652a1ddfa util/spkmodem-recv: only print unhandled err on -d
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-05 01:53:24 +01:00
Leah Rowe 3fb99a017d util/spkmodem-recv: make debug a runtime option
it's currently a build-time option

make it a runtime option instead, so that every
user can optionally make use of it, on all builds

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-05 01:37:06 +01:00
Leah Rowe 264a31b95d util/spkmodem-recv: always disable line buffering
thus, there's no need to handle flushing of stdout
whatsoever, and the code can be greatly simplified

ascii bits are still reset, when no input on stdin
is given

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-05 01:05:38 +01:00
Leah Rowe 118bb19ff8 util/spkmodem-recv: simplify stdout flush logic
when spkmodem-recv doesn't receive anything (via stdout)
after a few frames, it's assumed that the console is dead
and the buffered output is flushed

this logic is assumed superfluous when -u is set

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-05 00:46:41 +01:00
Leah Rowe af36cc7f93 util/spkmodem-recv: rename variables for clarity
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-05 00:34:44 +01:00
Leah Rowe f7fccb5963 util/spkmodem-recv: split print_char() up
the logic for *setting* a character, and the logic
for outputting it, ought to be separate. do that.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 17:16:26 +01:00
Leah Rowe b40a30b11b util/spkmodem-recv: reduce indent in print_char()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 17:05:24 +01:00
Leah Rowe b21c1dd5e8 util/spkmodem-recv: squash a few code lines
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 16:30:03 +01:00
Leah Rowe 3401f287b4 util/spkmodem-recv: bsd-style indent
my style was: 2 tabs. bsd-style, for extending a line, is
4 spaces. this style has grown on me, so let's do it here

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 15:42:01 +01:00
Leah Rowe 2a6ad97150 util/spkmodem-recv: order prototypes per function
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 15:38:03 +01:00
Leah Rowe 212ce3a8ac util/spkmodem-recv: warn on unhandled exit error
my style of C programming is this: always return errno
upon exit from the program, or from a thread.

handle errno in the calling/forking function.

returning errno at the end of main has this intention:
if an unhandled error occured, the program exits with
non-zero status.

a correctly written program should *never* return non-zero
at the end of main, and if it does, this indicates a bug
in the code (per my code style / philosophy).

so, warn the user with a message if this occurs. the
intention is that this message should never be printed.

do not use assert() for this. i don't believe in that.
such a test should always be present, for everyone.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 15:33:23 +01:00
Leah Rowe 9a6d290871 util/spkmodem-recv: another minor code cleanup
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 15:31:23 +01:00
Leah Rowe a61ab37b67 util/spkmodem-recv: always set errno on err()
This version of spkmodem uses err() to indicate an error,
and the value of errno is used as exit status at all times,
even when it is zero.

When calling err(), it is intended that errno always be
non-zero, so modify the code accordingly.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 15:27:29 +01:00
Leah Rowe e8889fd107 util/spkmodem-recv: minor code cleanup
also be more thorough about errno value when calling
pledge. rename variable in a for loop for clarity.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 15:23:51 +01:00
Leah Rowe 3c2a287eea util/spkmodem-recv: handle sample errors correctly
when calling fread(), errno may be set to EOVEFLOW if
the range being read will cause an integer overflow

if end-of-file is reached, errno may not be set. when
calling this function, you must check errno or check
feof() - ferror() should also be checked, so this check
is added immediately afterwards in the code

ferror() does not set errno, so ERR() is used to set
errno to ECANCELED as program exit status

further separate reading of frames into a new function

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 15:19:53 +01:00
Leah Rowe 979db74ca5 util/spkmodem-recv: simplify pulse check
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-04 15:10:35 +01:00
Leah Rowe 94aa43d857 util/nvmutil: call unveil earlier, and harden
The mentality behind pledge and unveil is that you should
think ahead, so that large parts of code can run under
extremely tight restrictions.

The pledge calls have been adjusted accordingly, also.
Disallow all unveil calls after the gbe file and the
file /dev/urandom have been unveiled.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-03 21:03:21 +01:00
Leah Rowe db63fcffb5 util/nvmutil: hardening: reduce pledges earlier
also remove wpath if using the dump command

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-03 19:44:14 +01:00
Leah Rowe dbd6defe9a util/nvmutil: fix faulty arg check
in practise, no other condition would be met and the
program still worked. this is a pre-emptive fix.
2023-06-03 15:08:29 +01:00
Leah Rowe 270693fc92 util/nvmutil: cleanup: move logic out of main()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-03 13:44:04 +01:00
Leah Rowe 46a9eea0f6 util/nvmutil: major cleanup. simpler arg handling.
Also hardened the pledges.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-03 13:36:10 +01:00
Leah Rowe c9fdfce34e util/nvmutil: simplify writeGbeFile()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-02 11:52:49 +01:00
Leah Rowe bdccd7cb0c util/nvmutil: don't call writeGbeFile if O_RDONLY
This replaces a check in the function for O_RDONLY, and
fixes the bug where the "dump" command triggers such error.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 14:07:20 +01:00
Leah Rowe 99258a38ae util/nvmutil: code cleanup (pledge/unveil calls)
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 14:04:44 +01:00
Leah Rowe 69fa333e25 util/nvmutil: harden pledge/unveil calls (OpenBSD)
*Open* files at the start, then unveil. The same overall
behaviour is observed. In the case that invalid arguments
are given, simply opening a file does not cause much
performance impact (if any).

Restrict operations as early as possible in code.

Bonus:

writeGbeFile also hardened; if flags is O_RDONLY, it aborts.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 13:35:34 +01:00
Leah Rowe adf3aece6f util/nvmutil: fix faulty fd check
i screwed up in an earlier commit

this change fixes a bug where on rhex(), each
call would re-open /dev/urandom, resetting rfd

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 12:58:33 +01:00
Leah Rowe b49da12dad util/nvmutil: only swap/copy if checksum is valid
in practise, the file was never written unless the checksum
was valid, but in the same of sloccount reduction i made it
do the swap/copy before checking. while functionally ok, it
never sat right with me. this is one example of where sloc
count doesn't mean everything. code correctness is critical

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 12:21:55 +01:00
Leah Rowe 9aa34f1e20 util/nvmutil: use bsd-style indentation
the style was already quite similar, but extended lines in
bsd are indented by 4 spaces instead of a tab. this style
has grown on me, so i'm adopting it here

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 12:18:48 +01:00
Leah Rowe 18f39ab6fa util/nvmutil: clean up rhex()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 12:02:16 +01:00
Leah Rowe 4d91bcc2d7 util/nvmutil: check correct return value on close()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 11:14:49 +01:00
Leah Rowe c2c31677a3 util/nvmutil: massive code cleanup
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 11:11:15 +01:00
Leah Rowe f0846134b7 util/nvmutil: move includes to nvmutil.h
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 08:48:39 +01:00
Leah Rowe 2dabafe691 util/nvmutil: move xpledge/xunveil to nvmutil.h
They don't precisely *pertain* to nvmutil, but they are
useful helper functions for calling pledge/unveil in
OpenBSD. Ideally, the main file should only contain core
logic pertaining to the execution of *nvmutil*.

Put xpledge() and xunveil() in nvmutil.h.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 08:40:01 +01:00
Leah Rowe 9a3e651656 util/nvmutil: use SPDX license headers
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 08:31:08 +01:00
Leah Rowe 5d6af06a73 util/nvmutil: move non-functions to nvmutil.h
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 08:25:55 +01:00
Leah Rowe a2136933af util/nvmutil: use even more macros (code cleanup)
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 08:21:25 +01:00
Leah Rowe 5a9fac2a63 util/nvmutil: remove unnecessary parentheses 2023-06-01 07:40:40 +01:00
Leah Rowe 6885200c8b util/nvmutil: simplify setWord() with word() macro
There is nothing cooler than a macro.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 07:31:52 +01:00
Leah Rowe 7ab209d545 util/nvmutil: do xor swap in a macro
eventually, everything will be a macro!

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 07:23:38 +01:00
Leah Rowe 293ca0fcbb util/nvmutil pledge,unveil: use correct err string 2023-06-01 07:05:48 +01:00
Leah Rowe a1df8fd154 util/nvmutil: ensure that errno is set on err()
When err() is called, it is intended that nvmutil will
always exit with non-zero status, but with errno as the
return value. Ensure that errno is *not* zero.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 07:04:23 +01:00
Leah Rowe 1f54860401 util/nvmutil: minor code cleanup
Make word() a macro, simplify err_if().

Could also make setWord() a macro if I forego certain
optimisations, but I'll leave it as-is.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01 06:58:30 +01:00
Leah Rowe 8f1e6d792f util/nvmutil: simplified error handling in main
This change also reduces code indentation.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-31 09:30:13 +01:00
Leah Rowe 78fc89352b util/nvmutil: Use unveil, and harden pledges
After /dev/urandom (for MAC address randomisation) and
the GbE file have been handled, unveil them. Unveil is
a system call provided by OpenBSD that, when called,
restricts access only to the files and/or directories
specified, each given specific permissions.

You can learn more about unveil here:

https://man.openbsd.org/unveil.2

An ifdef rule makes nvmutil only use unveil on OpenBSD,
because it's not available anywhere else. This is the same
as with the pledge() system call.

Where invalid arguments are given, and no action performed,
pledge promises are also reduced to just stdio, preventing
any writes to files, or reads from files.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-31 08:53:08 +01:00
Leah Rowe c2cd191676 util/nvmutil: Harden pledge promises
After reading a file, remove rpath.

When removing rpath, also remove wpath if flags
are not to O_RDONLY (read-only disk operation).

When wpath is permitted, and a file was successfully
written, remove wpath.

In order to permit /dev/urandom access in rhex(),
I call it as a void just before re-calling pledge.

The rhex() function has been written in such a way
that /dev/urandom only needs to be read *once*.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-31 08:02:46 +01:00
Leah Rowe c759a7a095 util/nvmutil: Simplify use of pledge (on OpenBSD)
Define xpledge which calls pledge and handles errors.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-31 06:32:43 +01:00
Leah Rowe f37bd75925 util/nvmutil: Use correct pledge promise (OpenBSD)
I assumed wpath was all that's needed, but this simply
allows writes.

rpath must be specified alongside wpath, for reads.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-30 16:16:24 +01:00
Leah Rowe 83ecf26833 util/*: Properly detect OpenBSD for pledge() call
The utils that are pledged checked HAVE_PLEDGE which was
bogus. OpenBSD defines __OpenBSD__, which you can check
for in ifdef.

This change makes nvmutil and spkmodem-recv *actually*
use pledge, when the utils are compiled on OpenBSD.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-30 16:02:25 +01:00