05 Sep, 2019
10 commits
-
With GCC 9.2.1 net/nfs.c leads to multiple errors of type
address-of-packed-member.net/nfs.c: In function ‘rpc_req’:
net/nfs.c:199:18: error: taking address of packed member of
‘struct rpc_t’ may result in an unaligned pointer value
[-Werror=address-of-packed-member]
199 | p = (uint32_t *)&(rpc_pkt.u.call.data);
| ^~~~~~~~~~~~~~~~~~~~~~
net/nfs.c: In function ‘nfs_readlink_reply’:
net/nfs.c:631:46: error: taking address of packed member of
‘struct rpc_t’ may result in an unaligned pointer value
[-Werror=address-of-packed-member]
631 | nfs3_get_attributes_offset(rpc_pkt.u.reply.data);
| ~~~~~~~~~~~~~~~^~~~~
LD drivers/block/built-in.o
net/nfs.c: In function ‘nfs_read_reply’:
net/nfs.c:692:46: error: taking address of packed member of
‘struct rpc_t’ may result in an unaligned pointer value
[-Werror=address-of-packed-member]
692 | nfs3_get_attributes_offset(rpc_pkt.u.reply.data);
| ~~~~~~~~~~~~~~~^~~~~struct rpc_t is only used as local variable. It is naturally packed. So
there is no need for the attribute packed.Signed-off-by: Heinrich Schuchardt
Reviewed-by: Bin Meng
Acked-by: Joe Hershberger -
rpc_pkt.u.call.data is an array of uint32_t. There is no need to convert
it to uint32_t *.memcpy() expects void * as it 1st and 2nd argument. There is no point in
converting pointers to char * before passing them to memcpy().In ntohl(data[1]) != 0 calling ntohl() is superfluous. If the value is
zero, does not depend on the byte order.Signed-off-by: Heinrich Schuchardt
Reviewed-by: Bin Meng
Acked-by: Joe Hershberger -
This patch adds a check to rpc_pkt.u.reply.data at nfs_lookup_reply.
Signed-off-by: Cheng Liu
Reported-by: Fermín Serna
Acked-by: Joe Hershberger -
This patch adds a check to rpc_pkt.u.reply.data at nfs_readlink_reply.
Signed-off-by: Cheng Liu
Reported-by: Fermín Serna
Acked-by: Joe Hershberger -
…eck at nfs_read_reply
This patch adds a check to rpc_pkt.u.reply.data at nfs_read_reply.
Signed-off-by: Cheng Liu <liucheng32@huawei.com>
Reported-by: Fermín Serna <fermin@semmle.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com> -
This patch adds a check to nfs_handler to fix buffer overflow for CVE-2019-14197,
CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204.Signed-off-by: Cheng Liu
Reported-by: Fermín Serna
Acked-by: Joe Hershberger -
This patch adds a check to udp_len to fix unbounded memcpy for
CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199.Signed-off-by: Cheng Liu
Reviewed-by: Simon Goldschmidt
Reported-by: Fermín Serna
Acked-by: Joe Hershberger -
Use the optional property device-name to name the MDIO bus. This works
around limitations with using the DT node name on devices such as
Armada-8040, which integrates two cp100 cores, both featuring MDIOs at the
same relative offsets and with the same DT node names.
The concept was originally proposed by Marvell as a custom property called
mdio-name specific to Marvell driver. This patch uses the more generic
property device-name and moves this into MDIO class code so other can use
it as well.Signed-off-by: Alex Marginean
Acked-by: Joe Hershberger
Reviewed-by: Bin Meng -
Add support for capturing ethernet packets and storing
them in memory in PCAP(2.4) format, later to be analyzed by
any PCAP viewer software (IE. Wireshark)This feature greatly assist debugging network issues such
as detecting dropped packets, packet corruption etc.Signed-off-by: Ramon Fried
Reviewed-by: Alex Marginean
Tested-by: Alex Marginean
Acked-by: Joe Hershberger -
Don't allow unterminated strings
Signed-off-by: Joe Hershberger
12 Aug, 2019
8 commits
-
This file contains lots of internal details about the environment. Most
code can include env.h instead, calling the functions there as needed.Rename this file and add a comment at the top to indicate its internal
nature.Signed-off-by: Simon Glass
Acked-by: Joe Hershberger
Reviewed-by: Simon Goldschmidt
[trini: Fixup apalis-tk1.c]
Signed-off-by: Tom Rini -
This header file is now only used by files that access internal
environment features. Drop it from various places where it is not needed.Acked-by: Joe Hershberger
Signed-off-by: Simon Glass -
This function fits better with the network subsystem, so move it.
Signed-off-by: Simon Glass
Suggested-by: Joe Hershberger -
Move env_get() over to the new header file.
Acked-by: Joe Hershberger
Signed-off-by: Simon Glass -
Move env_set() over to the new header file.
Acked-by: Joe Hershberger
Signed-off-by: Simon Glass -
Move env_get_ulong() over to the new header file.
Signed-off-by: Simon Glass
Acked-by: Joe Hershberger -
Move env_set_hex() over to the new header file along with env_set_addr()
which uses it.Signed-off-by: Simon Glass
Acked-by: Joe Hershberger -
Move this function over to the new header file. Also rename it to have an
env_ prefix like the other functions.Signed-off-by: Simon Glass
Acked-by: Joe Hershberger
19 Jul, 2019
1 commit
-
Adds a class for MDIO MUXes, which control access to a series of
downstream child MDIOs.
MDIO MUX drivers are required to implement a select function used to switch
between child buses.
MUX children are registered as MDIO buses and they can be used just like
regular MDIOs.Signed-off-by: Alex Marginean
Reviewed-by: Bin Meng
Acked-by: Joe Hershberger
16 Jul, 2019
1 commit
-
Adds UCLASS_MDIO DM class supporting MDIO buses that are probed as
stand-alone devices. Useful in particular for systems that support
DM_ETH and have a stand-alone MDIO hardware block shared by multiple
Ethernet interfaces.Signed-off-by: Alex Marginean
Reviewed-by: Bin Meng
Acked-by: Joe Hershberger
15 Jun, 2019
2 commits
-
Convert CONFIG_TFTP_BLOCKSIZE to Kconfig, update defconfigs,
headers and whitelist.Signed-off-by: Marek Vasut
Cc: Christian Gmeiner
Cc: Joe Hershberger -
Convert CONFIG_IP_DEFRAG to Kconfig, update defconfigs, headers
and whitelist. This patch is a follow-up on a patch by Christian
Gmeiner with the added config/header/whitelist updates.Signed-off-by: Marek Vasut
Reported-by: Christian Gmeiner
Cc: Joe Hershberger
02 Jun, 2019
2 commits
-
Add the standard Ethernet device tree bindings (imported from v5.0 of
the Linux kernel) and implement support for reading the MAC address for
Ethernet devices in the Ethernet uclass. If the "mac-address" property
exists, the MAC address will be parsed from that. If that property does
not exist, the "local-mac-address" property will be tried as fallback.MAC addresses from device tree take precedence over the ones stored in
a network interface card's ROM.Acked-by: Joe Hershberger
Reviewed-by: Grygorii Strashko
Signed-off-by: Thierry Reding -
In order for the device to use the proper MAC address, which can have
been configured in the environment prior to the device being registered,
ensure that the MAC address is written after the device has been probed.
For devices that are registered before the network stack is initialized,
this is already done during eth_initialize(). If the Ethernet device is
on a bus that is not initialized on early boot, such as PCI, the device
is not available at the time eth_initialize() is called, so we need the
MAC address programming to also happen after probe.Acked-by: Joe Hershberger
Signed-off-by: Thierry Reding
02 Feb, 2019
1 commit
-
This fixes the automatic lmb initialization and reservation for boards
with more than one DRAM bank.This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load
files into the firs DRAM bank from fs and via tftp.Found-by: Heinrich Schuchardt
Signed-off-by: Simon Goldschmidt
Tested-by: Heinrich Schuchardt
Reviewed-by: Simon Glass
26 Jan, 2019
1 commit
-
As a follow-up, change the name of the newly introduced function
'lmb_get_unreserved_size' to 'lmb_get_free_size', which is more
appropriate.Signed-off-by: Simon Goldschmidt
[trini: Fix test/lib/lmb.c]
Signed-off-by: Tom Rini
25 Jan, 2019
3 commits
-
No mainline board enables CONFIG_MCAST_TFTP and there have been
compilation issues with the code for some time. Additionally, it has a
potential buffer underrun issue (reported as a side note in
CVE-2018-18439).Remove the multicast TFTP code but keep the driver API for the future
addition of IPv6.Cc: Simon Goldschmidt
Signed-off-by: Chris Packham
Acked-by: Joe Hershberger -
ether_crc was added to the core net code in commit 53a5c424bf86
("multicast tftp: RFC2090") so that other drivers could use it. However
the only current user of it is tsec.c so move it there.Signed-off-by: Chris Packham
Acked-by: Joe Hershberger -
When dealing with two ethernet ports and having "netretry" set
to "once", it could occur that the connection (e.g. an ARP
request) failed, hence the status of the netloop was
"NETLOOP_FAIL". Due to the setting of "netretry", the network
logic would then switch to the other network interface,
assigning "ret" with the return value of "net_start_again()".
If this call succeeded we would return 0 (i.e. success) to
the caller when in reality the network action failed.Signed-off-by: Thomas RIENOESSL
Reviewed-by: Christian Gmeiner
Acked-by: Joe Hershberger
17 Jan, 2019
1 commit
-
This fixes CVE-2018-18439 ("insufficient boundary checks in network
image boot") by using lmb to check for a valid range to store
received blocks.Signed-off-by: Simon Goldschmidt
Acked-by: Joe Hershberger
[trini: Always build lib/lmb.o on LMB and lib/fdtdec.o on OF_LIBFDT]
Signed-off-by: Tom Rini
11 Oct, 2018
3 commits
-
Make it possible to add TCP versions of the same, while reusing
IP portions. This patch should not change any behavior.Signed-off-by: Duncan Hare
Acked-by: Joe Hershberger -
Peter originally sent a fix, but it breaks a number of other things.
This addresses the original reported issue in a different way.That report was:
> U-Boot has 1 common buffer to send Ethernet frames, pointed to by
> net_tx_packet. When sending to an IP address without knowing the MAC
> address, U-Boot makes an ARP request (using the arp_tx_packet buffer)
> to find out the MAC address of the IP addressr. When a matching ARP
> reply is received, U-Boot continues sending the frame stored in the
> net_tx_packet buffer.
>
> However, in the mean time, if U-Boot needs to send out any network
> packets (e.g. replying ping packets or ARP requests for its own IP
> address etc.), it will use the net_tx_packet buffer to prepare the
> new packet. Thus this buffer is no longer the original packet meant
> to be transmitted after the ARP reply. The original packet will be
> lost.This instead uses the ARP tx buffer to send async replies in the case
where we are actively waiting for an ARP reply.Signed-off-by: Joe Hershberger
Reported-by: Tran Tien Dat
Reviewed-by: Simon Glass
Reviewed-by: Bin Meng
Tested-by: Bin Meng -
This single-sources the state of the ARP.
Signed-off-by: Joe Hershberger
Reviewed-by: Simon Glass
Reviewed-by: Bin Meng
21 Aug, 2018
1 commit
-
When a USB ethernet device is halted, the device driver is removed. When
this happens the uclass private memory is freed and uclass_priv is set to
NULL. This causes a data abort when uclass_priv->state is then set to
ETH_STATE_PASSIVE.Fix it by checking if uclass_priv is NULL before setting uclass_priv->state
Signed-off-by: Jean-Jacques Hiblot
Acked-by: Joe Hershberger
27 Jul, 2018
6 commits
-
The same basic parsing was implemented in tftp and nfs, so add a helper
function to do the work once.Signed-off-by: Joe Hershberger
-
Instead of depending on a env callback for bootfile, read it explicitly.
We do this because the bootfile can be specified on the command line and
if it is, we will overwrite the internal variable. If a netboot_common()
is called again with no bootfile parameter, we want to use the one in
the environment.Signed-off-by: Joe Hershberger
-
Rather than crashing, check the src ptr and set dst to empty string.
Signed-off-by: Joe Hershberger
-
With net autoload, we check the prerequisites for the initial command,
but the greater prerequisites when autoloading are not checked.If we would attempt to autoload, check those prerequisites too.
If we are not expecting a serverip from the server, then don't worry
about it not being set, but don't attempt to load if it isn't.Signed-off-by: Joe Hershberger
-
For net_boot_common, we allow the serverip to be specified as part of
the boot file name. For net commands that require serverip, include that
source as a valid specification of serverip.Signed-off-by: Joe Hershberger
Reviewed-by: Alexander Graf -
nfs was only printing basic info about the transfer in the case of a
DEBUG build. Print the same level of detail as tftp always.Signed-off-by: Joe Hershberger