From 24ad51ff4669f0ca8a0b38ebc28eba34273be383 Mon Sep 17 00:00:00 2001 From: Carl Niklas Rydberg Date: Sun, 21 Dec 2025 22:59:31 +0100 Subject: [PATCH] Added AMDUAT_ASL_STORE_ERR_IO and used it in the FS store path so I/O/internal failures no longer surface as integrity errors; updated CLI/error mappings so the new error is visible and gets the IO exit code. This keeps integrity reserved for actual content/hash/collision issues while still preserving existing semantics for not-found/unsupported. --- include/amduat/asl/store.h | 3 +- src/adapters/asl_store_fs/asl_store_fs.c | 77 ++++++++++++++++-------- src/pel_stack/surf/surf.c | 3 + src/tools/amduat_asl_cli.c | 4 ++ src/tools/amduat_pel_cli.c | 4 ++ src/tools/amduat_pel_run.c | 4 ++ src/tools/amduat_pel_seed.c | 4 ++ 7 files changed, 72 insertions(+), 27 deletions(-) diff --git a/include/amduat/asl/store.h b/include/amduat/asl/store.h index 7f57b78..ed371d5 100644 --- a/include/amduat/asl/store.h +++ b/include/amduat/asl/store.h @@ -20,7 +20,8 @@ typedef enum { AMDUAT_ASL_STORE_OK = 0, AMDUAT_ASL_STORE_ERR_INTEGRITY = 1, AMDUAT_ASL_STORE_ERR_UNSUPPORTED = 2, - AMDUAT_ASL_STORE_ERR_NOT_FOUND = 3 + AMDUAT_ASL_STORE_ERR_NOT_FOUND = 3, + AMDUAT_ASL_STORE_ERR_IO = 4 } amduat_asl_store_error_t; typedef struct { diff --git a/src/adapters/asl_store_fs/asl_store_fs.c b/src/adapters/asl_store_fs/asl_store_fs.c index 75f71b7..b180102 100644 --- a/src/adapters/asl_store_fs/asl_store_fs.c +++ b/src/adapters/asl_store_fs/asl_store_fs.c @@ -35,7 +35,8 @@ typedef enum { typedef enum { AMDUAT_ASL_STORE_FS_READ_OK = 0, AMDUAT_ASL_STORE_FS_READ_NOT_FOUND = 1, - AMDUAT_ASL_STORE_FS_READ_ERR = 2 + AMDUAT_ASL_STORE_FS_READ_IO = 2, + AMDUAT_ASL_STORE_FS_READ_CORRUPT = 3 } amduat_asl_store_fs_read_status_t; @@ -196,7 +197,7 @@ static amduat_asl_store_fs_read_status_t amduat_asl_store_fs_read_file( int fd; if (path == NULL || out_bytes == NULL || out_size == NULL) { - return AMDUAT_ASL_STORE_FS_READ_ERR; + return AMDUAT_ASL_STORE_FS_READ_IO; } *out_bytes = NULL; *out_size = 0; @@ -205,22 +206,22 @@ static amduat_asl_store_fs_read_status_t amduat_asl_store_fs_read_file( if (errno == ENOENT || errno == ENOTDIR) { return AMDUAT_ASL_STORE_FS_READ_NOT_FOUND; } - return AMDUAT_ASL_STORE_FS_READ_ERR; + return AMDUAT_ASL_STORE_FS_READ_IO; } if (!S_ISREG(st.st_mode)) { - return AMDUAT_ASL_STORE_FS_READ_ERR; + return AMDUAT_ASL_STORE_FS_READ_CORRUPT; } if (st.st_size <= 0) { - return AMDUAT_ASL_STORE_FS_READ_ERR; + return AMDUAT_ASL_STORE_FS_READ_CORRUPT; } if ((uintmax_t)st.st_size > SIZE_MAX) { - return AMDUAT_ASL_STORE_FS_READ_ERR; + return AMDUAT_ASL_STORE_FS_READ_CORRUPT; } file_size = (size_t)st.st_size; buffer = (uint8_t *)malloc(file_size); if (buffer == NULL) { - return AMDUAT_ASL_STORE_FS_READ_ERR; + return AMDUAT_ASL_STORE_FS_READ_IO; } fd = open(path, O_RDONLY); @@ -229,7 +230,7 @@ static amduat_asl_store_fs_read_status_t amduat_asl_store_fs_read_file( if (errno == ENOENT || errno == ENOTDIR) { return AMDUAT_ASL_STORE_FS_READ_NOT_FOUND; } - return AMDUAT_ASL_STORE_FS_READ_ERR; + return AMDUAT_ASL_STORE_FS_READ_IO; } total_read = 0u; @@ -241,19 +242,19 @@ static amduat_asl_store_fs_read_status_t amduat_asl_store_fs_read_file( } close(fd); free(buffer); - return AMDUAT_ASL_STORE_FS_READ_ERR; + return AMDUAT_ASL_STORE_FS_READ_IO; } if (rc == 0) { close(fd); free(buffer); - return AMDUAT_ASL_STORE_FS_READ_ERR; + return AMDUAT_ASL_STORE_FS_READ_CORRUPT; } total_read += (size_t)rc; } if (close(fd) != 0) { free(buffer); - return AMDUAT_ASL_STORE_FS_READ_ERR; + return AMDUAT_ASL_STORE_FS_READ_IO; } *out_bytes = buffer; @@ -277,9 +278,15 @@ static amduat_asl_store_error_t amduat_asl_store_fs_compare_existing( if (read_status == AMDUAT_ASL_STORE_FS_READ_NOT_FOUND) { return AMDUAT_ASL_STORE_ERR_NOT_FOUND; } - if (read_status != AMDUAT_ASL_STORE_FS_READ_OK) { + if (read_status == AMDUAT_ASL_STORE_FS_READ_IO) { + return AMDUAT_ASL_STORE_ERR_IO; + } + if (read_status == AMDUAT_ASL_STORE_FS_READ_CORRUPT) { return AMDUAT_ASL_STORE_ERR_INTEGRITY; } + if (read_status != AMDUAT_ASL_STORE_FS_READ_OK) { + return AMDUAT_ASL_STORE_ERR_IO; + } if (stored_len != expected_len) { free(stored_bytes); @@ -315,7 +322,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_put_impl( bool wrote_new; if (ctx == NULL || out_ref == NULL) { - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } fs = (amduat_asl_store_fs_t *)ctx; @@ -340,7 +347,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_put_impl( &artifact_bytes)) { amduat_octets_free(&artifact_bytes); amduat_reference_free(&derived_ref); - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } objects_path = NULL; @@ -362,7 +369,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_put_impl( if (!ok) { amduat_octets_free(&artifact_bytes); amduat_reference_free(&derived_ref); - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } if (!amduat_asl_store_fs_require_directory(fs->root_path) || @@ -379,7 +386,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_put_impl( free(level1_path); free(level2_path); free(object_path); - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } cmp_err = amduat_asl_store_fs_compare_existing(object_path, @@ -396,7 +403,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_put_impl( free(object_path); return AMDUAT_ASL_STORE_OK; } - if (cmp_err == AMDUAT_ASL_STORE_ERR_INTEGRITY) { + if (cmp_err != AMDUAT_ASL_STORE_ERR_NOT_FOUND) { amduat_octets_free(&artifact_bytes); amduat_reference_free(&derived_ref); free(objects_path); @@ -426,7 +433,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_put_impl( free(level1_path); free(level2_path); free(object_path); - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return cmp_err; } } else if (write_status != AMDUAT_ASL_STORE_FS_WRITE_OK) { amduat_octets_free(&artifact_bytes); @@ -437,7 +444,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_put_impl( free(level1_path); free(level2_path); free(object_path); - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } else { wrote_new = true; } @@ -454,7 +461,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_put_impl( free(level1_path); free(level2_path); free(object_path); - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } if (!amduat_asl_store_fs_fsync_directory(fs->root_path)) { if (wrote_new) { @@ -468,7 +475,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_put_impl( free(level1_path); free(level2_path); free(object_path); - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } *out_ref = derived_ref; @@ -502,7 +509,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_get_impl( bool decoded; if (ctx == NULL || out_artifact == NULL) { - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } fs = (amduat_asl_store_fs_t *)ctx; @@ -541,7 +548,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_get_impl( &level1_path, &level2_path, &object_path)) { - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } stored_bytes = NULL; @@ -557,7 +564,16 @@ static amduat_asl_store_error_t amduat_asl_store_fs_get_impl( free(object_path); return AMDUAT_ASL_STORE_ERR_NOT_FOUND; } - if (read_status != AMDUAT_ASL_STORE_FS_READ_OK) { + if (read_status == AMDUAT_ASL_STORE_FS_READ_IO) { + free(objects_path); + free(profile_path); + free(hash_path); + free(level1_path); + free(level2_path); + free(object_path); + return AMDUAT_ASL_STORE_ERR_IO; + } + if (read_status == AMDUAT_ASL_STORE_FS_READ_CORRUPT) { free(objects_path); free(profile_path); free(hash_path); @@ -566,6 +582,15 @@ static amduat_asl_store_error_t amduat_asl_store_fs_get_impl( free(object_path); return AMDUAT_ASL_STORE_ERR_INTEGRITY; } + if (read_status != AMDUAT_ASL_STORE_FS_READ_OK) { + free(objects_path); + free(profile_path); + free(hash_path); + free(level1_path); + free(level2_path); + free(object_path); + return AMDUAT_ASL_STORE_ERR_IO; + } computed_digest = (uint8_t *)malloc(hash_desc->digest_len); if (computed_digest == NULL) { @@ -576,7 +601,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_get_impl( free(level1_path); free(level2_path); free(object_path); - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } stored_octets = amduat_octets(stored_bytes, stored_len); @@ -592,7 +617,7 @@ static amduat_asl_store_error_t amduat_asl_store_fs_get_impl( free(level1_path); free(level2_path); free(object_path); - return AMDUAT_ASL_STORE_ERR_INTEGRITY; + return AMDUAT_ASL_STORE_ERR_IO; } if (memcmp(computed_digest, ref.digest.data, hash_desc->digest_len) != 0) { diff --git a/src/pel_stack/surf/surf.c b/src/pel_stack/surf/surf.c index f9fa773..8033993 100644 --- a/src/pel_stack/surf/surf.c +++ b/src/pel_stack/surf/surf.c @@ -60,6 +60,9 @@ static bool amduat_store_error_map(amduat_asl_store_error_t err, case AMDUAT_ASL_STORE_ERR_UNSUPPORTED: *out_code = AMDUAT_PEL_STORE_ERROR_UNSUPPORTED; return true; + case AMDUAT_ASL_STORE_ERR_IO: + *out_code = AMDUAT_PEL_STORE_ERROR_INTEGRITY; + return true; default: return false; } diff --git a/src/tools/amduat_asl_cli.c b/src/tools/amduat_asl_cli.c index 3761b4f..53f6d92 100644 --- a/src/tools/amduat_asl_cli.c +++ b/src/tools/amduat_asl_cli.c @@ -118,6 +118,8 @@ static const char *amduat_asl_cli_store_error_str( return "unsupported"; case AMDUAT_ASL_STORE_ERR_INTEGRITY: return "integrity"; + case AMDUAT_ASL_STORE_ERR_IO: + return "io"; case AMDUAT_ASL_STORE_OK: return "ok"; default: @@ -133,6 +135,8 @@ static int amduat_asl_cli_map_store_error(amduat_asl_store_error_t err) { return AMDUAT_ASL_CLI_EXIT_UNSUPPORTED; case AMDUAT_ASL_STORE_ERR_INTEGRITY: return AMDUAT_ASL_CLI_EXIT_STORE; + case AMDUAT_ASL_STORE_ERR_IO: + return AMDUAT_ASL_CLI_EXIT_IO; case AMDUAT_ASL_STORE_OK: default: return AMDUAT_ASL_CLI_EXIT_STORE; diff --git a/src/tools/amduat_pel_cli.c b/src/tools/amduat_pel_cli.c index 2286c09..83420dc 100644 --- a/src/tools/amduat_pel_cli.c +++ b/src/tools/amduat_pel_cli.c @@ -153,6 +153,8 @@ static const char *amduat_pel_cli_store_error_str( return "unsupported"; case AMDUAT_ASL_STORE_ERR_INTEGRITY: return "integrity"; + case AMDUAT_ASL_STORE_ERR_IO: + return "io"; case AMDUAT_ASL_STORE_OK: return "ok"; default: @@ -168,6 +170,8 @@ static int amduat_pel_cli_map_store_error(amduat_asl_store_error_t err) { return AMDUAT_PEL_CLI_EXIT_UNSUPPORTED; case AMDUAT_ASL_STORE_ERR_INTEGRITY: return AMDUAT_PEL_CLI_EXIT_STORE; + case AMDUAT_ASL_STORE_ERR_IO: + return AMDUAT_PEL_CLI_EXIT_IO; case AMDUAT_ASL_STORE_OK: default: return AMDUAT_PEL_CLI_EXIT_STORE; diff --git a/src/tools/amduat_pel_run.c b/src/tools/amduat_pel_run.c index ad89242..4caa4d8 100644 --- a/src/tools/amduat_pel_run.c +++ b/src/tools/amduat_pel_run.c @@ -66,6 +66,8 @@ static const char *amduat_pel_run_store_error_str( return "unsupported"; case AMDUAT_ASL_STORE_ERR_INTEGRITY: return "integrity"; + case AMDUAT_ASL_STORE_ERR_IO: + return "io"; case AMDUAT_ASL_STORE_OK: return "ok"; default: @@ -81,6 +83,8 @@ static int amduat_pel_run_map_store_error(amduat_asl_store_error_t err) { return AMDUAT_PEL_RUN_EXIT_UNSUPPORTED; case AMDUAT_ASL_STORE_ERR_INTEGRITY: return AMDUAT_PEL_RUN_EXIT_STORE; + case AMDUAT_ASL_STORE_ERR_IO: + return AMDUAT_PEL_RUN_EXIT_IO; case AMDUAT_ASL_STORE_OK: default: return AMDUAT_PEL_RUN_EXIT_STORE; diff --git a/src/tools/amduat_pel_seed.c b/src/tools/amduat_pel_seed.c index ec277d6..0eabb56 100644 --- a/src/tools/amduat_pel_seed.c +++ b/src/tools/amduat_pel_seed.c @@ -144,6 +144,8 @@ static const char *amduat_pel_seed_store_error_str( return "unsupported"; case AMDUAT_ASL_STORE_ERR_INTEGRITY: return "integrity"; + case AMDUAT_ASL_STORE_ERR_IO: + return "io"; case AMDUAT_ASL_STORE_OK: return "ok"; default: @@ -159,6 +161,8 @@ static int amduat_pel_seed_map_store_error(amduat_asl_store_error_t err) { return AMDUAT_PEL_SEED_EXIT_UNSUPPORTED; case AMDUAT_ASL_STORE_ERR_INTEGRITY: return AMDUAT_PEL_SEED_EXIT_STORE; + case AMDUAT_ASL_STORE_ERR_IO: + return AMDUAT_PEL_SEED_EXIT_IO; case AMDUAT_ASL_STORE_OK: default: return AMDUAT_PEL_SEED_EXIT_STORE;