u-boot.git/net, branch v2020.01-rc2 Unnamed repository; edit this file 'description' to name the repository. net: nfs: remove superfluous packed attribute 2019-09-04T16:37:19+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2019-09-02T22:05:05+00:00 5a5d1def59024dd3225e2a6142f8ee3ee10180a8 With GCC 9.2.1 net/nfs.c leads to multiple errors of type address-of-packed-member. net/nfs.c: In function ‘rpc_req’: net/nfs.c:199:18: error: taking address of packed member of ‘struct rpc_t’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 199 | p = (uint32_t *)&(rpc_pkt.u.call.data); | ^~~~~~~~~~~~~~~~~~~~~~ net/nfs.c: In function ‘nfs_readlink_reply’: net/nfs.c:631:46: error: taking address of packed member of ‘struct rpc_t’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 631 | nfs3_get_attributes_offset(rpc_pkt.u.reply.data); | ~~~~~~~~~~~~~~~^~~~~ LD drivers/block/built-in.o net/nfs.c: In function ‘nfs_read_reply’: net/nfs.c:692:46: error: taking address of packed member of ‘struct rpc_t’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 692 | nfs3_get_attributes_offset(rpc_pkt.u.reply.data); | ~~~~~~~~~~~~~~~^~~~~ struct rpc_t is only used as local variable. It is naturally packed. So there is no need for the attribute packed. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> 
With GCC 9.2.1 net/nfs.c leads to multiple errors of type
address-of-packed-member.

net/nfs.c: In function ‘rpc_req’:
net/nfs.c:199:18: error: taking address of packed member of
‘struct rpc_t’ may result in an unaligned pointer value
[-Werror=address-of-packed-member]
  199 |  p = (uint32_t *)&(rpc_pkt.u.call.data);
      |                  ^~~~~~~~~~~~~~~~~~~~~~
net/nfs.c: In function ‘nfs_readlink_reply’:
net/nfs.c:631:46: error: taking address of packed member of
‘struct rpc_t’ may result in an unaligned pointer value
[-Werror=address-of-packed-member]
  631 |    nfs3_get_attributes_offset(rpc_pkt.u.reply.data);
      |                               ~~~~~~~~~~~~~~~^~~~~
  LD      drivers/block/built-in.o
net/nfs.c: In function ‘nfs_read_reply’:
net/nfs.c:692:46: error: taking address of packed member of
‘struct rpc_t’ may result in an unaligned pointer value
[-Werror=address-of-packed-member]
  692 |    nfs3_get_attributes_offset(rpc_pkt.u.reply.data);
      |                               ~~~~~~~~~~~~~~~^~~~~

struct rpc_t is only used as local variable. It is naturally packed. So
there is no need for the attribute packed.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
net: nfs: remove superfluous conversions 2019-09-04T16:37:19+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2019-09-02T21:55:32+00:00 15eea9a1a8166b4bbab6c02cc426a7cc806ea2ca rpc_pkt.u.call.data is an array of uint32_t. There is no need to convert it to uint32_t *. memcpy() expects void * as it 1st and 2nd argument. There is no point in converting pointers to char * before passing them to memcpy(). In ntohl(data[1]) != 0 calling ntohl() is superfluous. If the value is zero, does not depend on the byte order. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> 
rpc_pkt.u.call.data is an array of uint32_t. There is no need to convert
it to uint32_t *.

memcpy() expects void * as it 1st and 2nd argument. There is no point in
converting pointers to char * before passing them to memcpy().

In ntohl(data[1]) != 0 calling ntohl() is superfluous. If the value is
zero, does not depend on the byte order.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
CVE-2019-14196: nfs: fix unbounded memcpy with a failed length check at nfs_lookup_reply 2019-09-04T16:37:19+00:00 liucheng (G) liucheng32@huawei.com 2019-08-29T13:48:02+00:00 5d14ee4e53a81055d34ba280cb8fd90330f22a96 This patch adds a check to rpc_pkt.u.reply.data at nfs_lookup_reply. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reported-by: Fermín Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> 
This patch adds a check to rpc_pkt.u.reply.data at nfs_lookup_reply.

Signed-off-by: Cheng Liu <liucheng32@huawei.com>
Reported-by: Fermín Serna <fermin@semmle.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
CVE-2019-14195: nfs: fix unbounded memcpy with unvalidated length at nfs_readlink_reply 2019-09-04T16:37:19+00:00 liucheng (G) liucheng32@huawei.com 2019-08-29T13:47:54+00:00 cf3a4f1e86ecdd24f87b615051b49d8e1968c230 This patch adds a check to rpc_pkt.u.reply.data at nfs_readlink_reply. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reported-by: Fermín Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> 
This patch adds a check to rpc_pkt.u.reply.data at nfs_readlink_reply.

Signed-off-by: Cheng Liu <liucheng32@huawei.com>
Reported-by: Fermín Serna <fermin@semmle.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
CVE-2019-14194/CVE-2019-14198: nfs: fix unbounded memcpy with a failed length check at nfs_read_reply 2019-09-04T16:37:19+00:00 liucheng (G) liucheng32@huawei.com 2019-08-29T13:47:48+00:00 aa207cf3a6d68f39d64cd29057a4fb63943e9078 This patch adds a check to rpc_pkt.u.reply.data at nfs_read_reply. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reported-by: Fermín Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> 
This patch adds a check to rpc_pkt.u.reply.data at nfs_read_reply.

Signed-off-by: Cheng Liu <liucheng32@huawei.com>
Reported-by: Fermín Serna <fermin@semmle.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
CVE: nfs: fix stack-based buffer overflow in some nfs_handler reply helper functions 2019-09-04T16:37:19+00:00 liucheng (G) liucheng32@huawei.com 2019-08-29T13:47:40+00:00 741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21 This patch adds a check to nfs_handler to fix buffer overflow for CVE-2019-14197, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reported-by: Fermín Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> 
This patch adds a check to nfs_handler to fix buffer overflow for CVE-2019-14197,
CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204.

Signed-off-by: Cheng Liu <liucheng32@huawei.com>
Reported-by: Fermín Serna <fermin@semmle.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
CVE: net: fix unbounded memcpy of UDP packet 2019-09-04T16:37:19+00:00 liucheng (G) liucheng32@huawei.com 2019-08-29T13:47:33+00:00 fe7288069d2e6659117049f7d27e261b550bb725 This patch adds a check to udp_len to fix unbounded memcpy for CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reported-by: Fermín Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> 
This patch adds a check to udp_len to fix unbounded memcpy for
CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199.

Signed-off-by: Cheng Liu <liucheng32@huawei.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reported-by: Fermín Serna <fermin@semmle.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
net: mdio-uclass: name MDIO according to device-name property if preset 2019-09-04T16:37:19+00:00 Alex Marginean alexandru.marginean@nxp.com 2019-07-25T09:33:17+00:00 6b3abc048228bb4336dd0cc761993353a4efb206 Use the optional property device-name to name the MDIO bus. This works around limitations with using the DT node name on devices such as Armada-8040, which integrates two cp100 cores, both featuring MDIOs at the same relative offsets and with the same DT node names. The concept was originally proposed by Marvell as a custom property called mdio-name specific to Marvell driver. This patch uses the more generic property device-name and moves this into MDIO class code so other can use it as well. Signed-off-by: Alex Marginean <alexm.osslist@gmail.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> 
Use the optional property device-name to name the MDIO bus.  This works
around limitations with using the DT node name on devices such as
Armada-8040, which integrates two cp100 cores, both featuring MDIOs at the
same relative offsets and with the same DT node names.
The concept was originally proposed by Marvell as a custom property called
mdio-name specific to Marvell driver.  This patch uses the more generic
property device-name and moves this into MDIO class code so other can use
it as well.

Signed-off-by: Alex Marginean <alexm.osslist@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
net: introduce packet capture support 2019-09-04T16:37:19+00:00 Ramon Fried rfried.dev@gmail.com 2019-07-18T18:43:30+00:00 3eaac6307dff1e281f89fece521dc8a14078bf61 Add support for capturing ethernet packets and storing them in memory in PCAP(2.4) format, later to be analyzed by any PCAP viewer software (IE. Wireshark) This feature greatly assist debugging network issues such as detecting dropped packets, packet corruption etc. Signed-off-by: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Alex Marginean <alexm.osslist@gmail.com> Tested-by: Alex Marginean <alexm.osslist@gmail.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> 
Add support for capturing ethernet packets and storing
them in memory in PCAP(2.4) format, later to be analyzed by
any PCAP viewer software (IE. Wireshark)

This feature greatly assist debugging network issues such
as detecting dropped packets, packet corruption etc.

Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Alex Marginean <alexm.osslist@gmail.com>
Tested-by: Alex Marginean <alexm.osslist@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
net: Fix Covarity Defect 244093 2019-09-04T16:37:18+00:00 Joe Hershberger joe.hershberger@ni.com 2019-07-30T19:49:56+00:00 398e7512d8d7ea5aac8ba0a72c07a3810ce39f42 Don't allow unterminated strings Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> 
Don't allow unterminated strings

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>