summaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
5 daysMerge branch 'next'Tom Rini
2026-06-25Kconfig: net: restyleJohan Jonker
Restyle all Kconfigs for "net": Menu entries : no space left Menu attributes: 1 TAB Help text : 1 TAB + 2 spaces Replace '---help---' by 'help' Signed-off-by: Johan Jonker <[email protected]>
2026-06-23net: cdp: reject CDP TLVs with a length below the 4-byte headerPiyush Paliwal
cdp_receive() reads a 16-bit TLV length (tlen) from the packet and only checks that it does not exceed the remaining buffer (tlen > len). It then unconditionally does "tlen -= 4" to skip the TLV header. As tlen is a u16, a crafted TLV with a length of 0..3 underflows tlen to ~65532-65535. For a CDP_APPLIANCE_VLAN_TLV the underflowed length then drives the inner "while (tlen > 0)" loop, which walks ~64KB past the receive buffer reading *ss each step -> out-of-bounds read (crash / info-influence). A length of 0 additionally fails to advance pkt/len, hanging the parse loop. Reject any TLV whose declared length is smaller than its own 4-byte header. This is the same class of bug as the recent bootp/dhcpv6/sntp/nfs fixes (unchecked length field), in a sibling LAN parser that was missed. Verified with a standalone AddressSanitizer harness using the verbatim cdp_receive()/cdp_compute_csum() routines: a 16-byte CDP frame with an appliance-VLAN TLV of length 3 triggers a heap-buffer-overflow READ that the check eliminates. Fixes: f575ae1f7d39 ("net: Move CDP out of net.c") Cc: [email protected] Signed-off-by: Piyush Paliwal <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-06-23net: lwip: introduce net_lwip_eth_stop() functionDavid Lechner
Add a introduce net_lwip_eth_stop() function and use that to stop the network interface after each command that uses the network. This makes the behavior the same as the legacy net code and avoids potential issues with the network interface being left in an active state after a command finishes. The start/stop is reference-counted since there is at least one command (dhcp) that calls another command (tftp) to avoid starting and stopping the network interface multiple times in a single command. Signed-off-by: David Lechner <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-06-23net: lwip: wget: return errno codes from wget_do_request()David Lechner
Change the return values of the lwip implementation of wget_do_request() to be errno codes instead of command return codes. wget_do_request() is not a command, so it does not make sense to return command return codes from it. Also, the legacy network implementation of wget_do_request() already returns errno codes so it is logical for the lwip implementation to do the same. This fixes a bug in try_load_from_uri_path() in efi_manager.c where it checks that the return value of wget_do_request() is < 0. Before this change, CMD_RET_FAILURE would not be considered an error since it has a value of 1. The value of ENODEV is used in places where there could actually be a number of different causes of failure and it isn't possible to discriminate (i.e. failing function returns NULL for all errors). Since all callers of wget_do_request() don't propagate the error code, it doesn't matter so much that this is not ideal, at least at this point in time. Fixes: 3c656c928bd7 ("net: lwip: add wget command") Reviewed-by: Jerome Forissier <[email protected]> Signed-off-by: David Lechner <[email protected]>
2026-06-23net: lwip: wget: fix error handling in wget_do_request()David Lechner
Split wget_do_request() into two functions to make error handling less error-prone. After a successful call to net_lwip_new_netif(), net_lwip_remove_netif() must always be called to prevent leaks. This was missed in the CACERT section of the code where we returned on error without cleaning up. Instead of adding more calls to net_lwip_remove_netif(), refactor the code into two functions. The outer function handles managing the netif lifecycle. The inner function no longer has to worry about cleaning up before returning on error. To keep things simple, the `path` local variable is removed during the refactoring. Instead, ctx.path is used directly everywhere. Fixes: 3c656c928bd7 ("net: lwip: add wget command") Reviewed-by: Jerome Forissier <[email protected]> Acked-by: Ilias Apalodimas <[email protected]> Signed-off-by: David Lechner <[email protected]>
2026-06-23net: clear IP defragmentation state after returning a complete packetMateusz Furdyna
During the IP defragmentation process, after the reassembly is finished with the last packet arriving with MF=0, the reassembly state wrt. static counters is not cleared. In case this last arriving packet with MF=0 gets duplicated, payload bytes are mistakenly treated as hole data. A malicious actor who can deliver fragmented IP traffic to a U-Boot instance with CONFIG_IP_DEFRAG=y can corrupt memory via out-of-bound writes and redirect control flow into attacker-supplied payload bytes that already sit in `pkt_buff[]`. Publicly available AI models are able to generate a reproducer based on the provided information. Fix: once the assembled packet has been handed back to the caller, mark the reassembly state empty so that any further fragment (duplicate, replay, or a brand-new datagram that happens to reuse the `ip_id`) goes through the normal re-init path and rebuilds a clean hole list instead of dereferencing payload bytes as struct hole. Fixes: 5cfaa4e54d0e ("net: defragment IP packets") Reported-by: Mariusz Madej <[email protected]> Reviewed-by: Simon Glass <[email protected]> Acked-by: Alessandro Rubini <[email protected]> Signed-off-by: Mateusz Furdyna <[email protected]>
2026-06-08Merge tag 'v2026.07-rc4' into nextTom Rini
Prepare v2026.07-rc4
2026-06-03net: bootp: Prevent out-of-bounds read in dhcp_message_typeFrancois Berder
dhcp_message_type() scans DHCP options looking for a 0xff end-of-options marker with no check that the scan pointer stays within the received packet. A server can send a crafted OFFER with no 0xff terminator and large option length fields, advancing the pointer past bp_vend[312] into adjacent heap memory. This is the same class of bug as CVE-2024-42040, which fixed the related bootp_process_vendor() call site. Fix it by adding an end parameter to dhcp_message_type() and checking that popt is lower than end. Signed-off-by: Francois Berder <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-06-03net: dhcpv6: Prevent out-of-bounds reads while parsing optionsFrancois Berder
dhcp6_parse_options() verifies that an option's declared data fits within the packet, but does not check that option_len is large enough for the fixed-size read each case performs. A malicious DHCP server can send an ADVERTISE with a zero-length IA_NA, STATUS_CODE, SOL_MAX_RT, or BOOTFILE_PARAM option, causing the parser to read 2-4 bytes past the option's declared data. Check option_len value before each dereference of option_ptr. Signed-off-by: Francois Berder <[email protected]>
2026-06-03net: dhcpv6: Prevent buffer overflow during BOOTFILE_URL parsingFrancois Berder
The net_boot_file_name is a 1024 byte buffer. However, based on DHCPv6 RFC, bootfile-url length is specified by option_len, a 16-bit unsigned integer (valid range: 0-65535). Hence, one needs to make sure that option_len is less than the size of net_boot_file_name array before copying bootfile-url to net_boot_file_name. Signed-off-by: Francois Berder <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-06-03net: sntp: Check packet length in sntp_handlerFrancois Berder
Currently, the sntp_handler uses data in the UDP packet regardless of the actual packet size. A OOB read can occur if the packet is too small. Fix it by checking the packet length before extracting seconds from a SNTP packet. Signed-off-by: Francois Berder <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-06-03net: SYS_RX_ETH_BUFFER defaults to 8 when CONFIG_FSL_ENETC=yQuentin Schulz
drivers/net/fsl_enetc.h specifies ENETC_BD_CNT "buffer descriptors count must be a multiple of 8". This constant is set to CONFIG_SYS_RX_ETH_BUFFER which defaults to 4. All defconfigs enabling CONFIG_FSL_ENETC fortunately have it set to 8, according to ./tools/qconfig.py -l -f CONFIG_FSL_ENETC '~CONFIG_SYS_RX_ETH_BUFFER=8'. Let's make sure the default is sane by having it set to 8 when this driver is enabled. Note that originally[1] it was said EEPRO100 and 405 EMAC should be 8 or higher. 405 (PPC405?) support seems to have been dropped in commit b5e7c84f72ee ("ppc4xx: remove ASH405 board"), 11 years ago. Maybe there's something we can do for EEPRO100 though? Start all lines with a tab instead of spaces. Specify limitation for FSL_ENETC in the help text. [1] commit 53cf9435ccf9 ("- CFG_RX_ETH_BUFFER added.") Reviewed-by: Simon Glass <[email protected]> Signed-off-by: Quentin Schulz <[email protected]>
2026-06-03net: guard SYS_RX_ETH_BUFFER with NETQuentin Schulz
SYS_RX_ETH_BUFFER represents the number of Ethernet receive packet buffers. It therefore doesn't make sense it's reachable if NET isn't enabled. Direct users of SYS_RX_ETH_BUFFER are: - drivers/net/rtl8169.c, only compiled if CONFIG_RTL8169=y, depends on CONFIG_NETDEVICES=y, depends on CONFIG_NET=y, - drivers/net/fsl_enetc.h, via ENETC_BD_CNT, included in drivers/net/{fsl_enetc.c,fsl_enetc_mdio.c,mscc_eswitch/felix_switch.c} First two only compiled if CONFIG_FSL_ENETC=y, latter with CONFIG_MSCC_FELIX_SWITCH=y. Both symbols depends on CONFIG_NETDEVICES=y, depends on CONFIG_NET=y. - include/net-common.h via PKTBUFSRX, Indirect users via PKTBUFSRX: - arch/sandbox/include/asm/eth.h - according to ./tools/qconfig.py -l -f CONFIG_SANDBOX CONFIG_NO_NET, all sandbox defconfigs have network enabled so ignore this for now, - drivers/dma/ti/k3-udma.c - sets UDMA_RX_DESC_NUM to that if defined, else 4. PKTBUFSRX is CONFIG_SYS_RX_ETH_BUFFER which defaults to 4. According to ./tools/qconfig.py -l -f CONFIG_TI_K3_NAVSS_UDMA '~CONFIG_SYS_RX_ETH_BUFFER=4' no defconfig enabling this DMA driver sets CONFIG_SYS_RX_ETH_BUFFER to anything but the default of 4, so regardless of NET being built UDMA_RX_DESC_NUM will always be 4 with current defconfigs. - drivers/net/{airoha_eth.c,bcm6348-eth.c,bcm6368-eth.c,cortina_ni.c, dc2114x.c,eepro100.c,essedma.c,ethoc.c,ftgmac100.c,ftmac100.c, hifemac.c,mcffec.c,mpc8xx_fec.c,pic32_eth.c,sandbox.c,sni_ave.c, sni_netsec.c,ti/am65-cpsw-nuss.c,ti/cpsw.c,ti/icssg_prueth.c, tsec.c} all depends on CONFIG_NETDEVICES=y, depends on CONFIG_NET=y, - net/lwip/net-lwip.c, only compiled if CONFIG_NET_LWIP=y, depends on CONFIG_NET=y, - net/{net.c,tcp.c}, only compiled if CONFIG_NET_LEGACY=y, depends on CONFIG_NET=y, - net/net-common.c, only compiled if CONFIG_NET=y, - test/cmd/wget.c, only compiled if CONFIG_NET_LEGACY=y, depends on CONFIG_NET=y, - test/image/spl_load_net.c, only compiled if CONFIG_SPL_UT_LOAD_NET=y, depends on CONFIG_SPL_ETH=y, depends on CONFIG_SPL_NET=y, depends on CONFIG_NET_LEGACY=y, depends on CONFIG_NET=y, Indirect users via net_rx_packets[PKTBUFSRX]. This array is only externally defined in net/net-common.c which is only compiled if CONFIG_NET=y. Users of net_rx_packets are: - drivers/net/{airoha_eth.c,bcm6348-eth.c,bcm6368-eth.c,cortina_ni.c, dc2114x.c,dm9000x.c,essedma.c,ethoc.c,fsl_enetc.c,ftgmac100.c, ftmac100.c,hifemac.c,ks8851_mll.c,macb.c,mcffec.c,mpc8xx_fec.c, mscc_eswitch/jr2_switch.c,mscc_eswitch/luton_switch.c, mscc_eswitch/ocelot_switch.c,mscc_eswitch/serval_switch.c, mscc_eswitch/servalt_switch.c,pic32_eth.c,sandbox-raw.c, sandbox.c,smc911x.c,sni_ave.c,sni_netsec.c,ti/am65-cpsw-nuss.c, ti/cpsw.c,ti/icssg_prueth.c,tsec.c,xilinx_axi_mrmac.c} all depends on CONFIG_NETDEVICES=y, depends on CONFIG_NET=y, - drivers/usb/gadget/ether.c only built if CONFIG_$(PHASE_)USB_ETHER=y, depends on CONFIG_NET=y/CONFIG_SPL_NET=y, - net/lwip/net-lwip.c only compiled if CONFIG_NET_LWIP=y, depends on CONFIG_NET=y, - net/net.c, only compiled if CONFIG_NET_LEGACY=y, depends on CONFIG_NET=y, - net/net-common.c, only compiled if CONFIG_NET=y, Reviewed-by: Simon Glass <[email protected]> Signed-off-by: Quentin Schulz <[email protected]>
2026-05-06net: lwip/wget: don't print progress bar when silentHeinrich Schuchardt
When the EFI sub-system request to silence output, do not output a progress bar. Signed-off-by: Heinrich Schuchardt <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-05-06net: lwip/wget: don't print content size twiceHeinrich Schuchardt
If wget_info->silent is set, we should not print anything. If wget_info->silent we print the received content size. Printing the value of the Content-Length header is redundant For chunked transfer no Content-Length header is sent. The content length is returned as HTTPC_CONTENT_LEN_INVALID by the LwIP library. In this case we were incorrectly printing '4 GiB'. Signed-off-by: Heinrich Schuchardt <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-05-06net: lwip/wget: missing linefeed in diagnostic outputHeinrich Schuchardt
With NET_LWIP wget produces this output with an overlong line and missing white space: => wget $kernel_addr_r http://example.com/ ################################################# 4 GiB540 bytes transferred in 2 ms (263.7 KiB/s) Bytes transferred = 540 (21c hex) Removing the condition on inserting a line feed yields: => wget $kernel_addr_r http://example.com/ ################################################# 4 GiB 540 bytes transferred in 2 ms (263.7 KiB/s) Bytes transferred = 540 (21c hex) Signed-off-by: Heinrich Schuchardt <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-05-06net: nfs: fix buffer overflow in nfs_readlink_reply()Sebastian Josue Alba Vives
nfs_readlink_reply() validates rlen only against the incoming packet length (inherited from CVE-2019-14195), but not against the destination buffer nfs_path_buff[2048]. A malicious NFS server can send a valid READLINK reply where pathlen + rlen exceeds sizeof(nfs_path_buff), overflowing the BSS buffer into adjacent memory. The recent fix in fd6e3d34097f addressed the same overflow class in net/lwip/nfs.c but left the legacy path in net/nfs-common.c unpatched. Add bounds checks before both memcpy calls in nfs_readlink_reply(): - relative path branch: reject if pathlen + rlen >= sizeof(nfs_path_buff) - absolute path branch: reject if rlen >= sizeof(nfs_path_buff) Fixes: cf3a4f1e86 ("net: nfs: Fix CVE-2019-14195") Cc: [email protected] Signed-off-by: Sebastian Alba Vives <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-04-27simplify NET_LEGACY || NET_LWIP condition with NET conditionQuentin Schulz
Since the move to make NET a menuconfig and NO_NET a synonym of NET=n, when NET is enabled, NET_LEGACY || NET_LWIP is necessarily true, so let's simplify the various checks across the codebase. SPL_NET_LWIP doesn't exist but SPL_NET_LEGACY is an alias for SPL_NET so the proper symbol is still defined in SPL whenever needed. Signed-off-by: Quentin Schulz <[email protected]> Reviewed-by: Simon Glass <[email protected]> Reviewed-by: Peter Robinson <[email protected]> Reviewed-by: Tom Rini <[email protected]>
2026-04-27net: make NET a menuconfig (and downgrade NO_NET to a simple config)Quentin Schulz
This will allow a bunch of simplifications across the code base. Disabling NET is the equivalent of today's NO_NET choice. This means that if NET is enabled, either the legacy or lwIP stack is necessarily selected, which allows us to simplify if NET_LEGACY || NET_LWIP into if NET in a later commit. Config fragments - or defconfigs including other defconfigs - setting the network stack (NET_LEGACY or NET_LWIP) must also set NET (or unset NO_NET) if the config they apply to - or the included defconfigs - unsets NET (or selects NO_NET) as otherwise the NET_LEGACY and NET_LWIP symbols are unreachable. This is the case for the two defconfig modified in this commit. NO_NET is now a convenience symbol which hides NET entirely to avoid modifying many defconfigs. If one selected NO_NET to disable the networking stack in the past, this will still work for now. Technically, we should be using the "transitional" Kconfig attribute but that is only available since Kconfig from Linux kernel v6.18 and we're on 6.1 right now. Note that this moves CONFIG_SYS_RX_ETH_BUFFER from under the Network menu back into the main menu as it seems like it needs to be defined even when there's no need for NET support at all and menuconfig option doesn't work the same way as a menu. Signed-off-by: Quentin Schulz <[email protected]> Reviewed-by: Simon Glass <[email protected]> Acked-by: Heinrich Schuchardt <[email protected]> Reviewed-by: Peter Robinson <[email protected]> Reviewed-by: Tom Rini <[email protected]>
2026-04-27rename NET to NET_LEGACYQuentin Schulz
Highlight that NET really is the legacy networking stack by renaming the option to NET_LEGACY. This requires us to add an SPL_NET_LEGACY alias to SPL_NET as otherwise CONFIG_IS_ENABLED(NET_LEGACY) will not work for SPL. The "depends on !NET_LWIP" for SPL_NET clearly highlights that it is using the legacy networking app so this seems fine to do. This also has the benefit of removing potential confusion on NET being a specific networking stack instead of "any" network stack. Signed-off-by: Quentin Schulz <[email protected]> Acked-by: Ilias Apalodimas <[email protected]> Reviewed-by: Peter Robinson <[email protected]> Reviewed-by: Tom Rini <[email protected]>
2026-04-27move networking menu in net/KconfigQuentin Schulz
In the main Kconfig, there are only two more menus, General Setup and Expert, in addition to the net menu. Since the part in the main Kconfig is mostly about selecting the network stack (legacy or lwIP), and that we already have a net/Kconfig, let's move those to net/Kconfig to have everything in the same place. No intended change in behavior. Signed-off-by: Quentin Schulz <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Reviewed-by: Simon Glass <[email protected]> Reviewed-by: Peter Robinson <[email protected]> Reviewed-by: Tom Rini <[email protected]>
2026-03-31net: lwip: tftp: update image_load_addr after successful transferPranav Sanwal
do_tftpb() parses the load address into a local variable laddr but never updates the global image_load_addr. Commands that rely on image_load_addr as their default address (e.g. 'bmp info') therefore operate on the wrong address when called without an explicit argument after tftpboot. Update image_load_addr to laddr only on a successful transfer, so that it accurately reflects where data was actually loaded. Fixes: 4d4d7838127e ("net: lwip: add TFTP support and tftpboot command") Signed-off-by: Pranav Sanwal <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-03-31net: bootp: Drop unused codeMarek Vasut
This code is surely unused and there are not even commented out references to the function name. Drop the code. Signed-off-by: Marek Vasut <[email protected]> Reviewed-by: Heiko Schocher <[email protected]> Reviewed-by: Kory Maincent <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]>
2026-03-31net: lwip: nfs: fix buffer overflow when using symlinksPranav Tilak
When resolving a symlink, nfs_path points into a heap allocated buffer which is just large enough to hold the original path with no extra space. If the symlink target name is longer than the original filename, the write goes beyond the end of the buffer corrupting heap memory. Fix this by ensuring nfs_path always points to a buffer large enough to accommodate the resolved symlink path. Fixes: 230cf3bc2776 ("net: lwip: nfs: Port the NFS code to work with lwIP") Signed-off-by: Pranav Tilak <[email protected]> Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-03-18Merge patch series "led: remove legacy API"Tom Rini
Quentin Schulz <[email protected]> says: This migrates the last user of the legacy LED API, IMX233-OLinuXino and net/bootp.c, to the modern LED framework. I do have concern about being able to use BOOTP in SPL? In which case, I should probably add an additional check on CONFIG_IS_ENABLED(LED) in addition to IS_ENABLED(CONFIG_LED_BOOT)? I haven't tested this as I do not own an IMX233-OLinuXino, so please give this a try if you own this device. Then, since there's no user left of this legacy API, it is entirely removed. Link: https://lore.kernel.org/r/[email protected]
2026-03-18led: migrate last legacy LED user (olinuxino+net) to modern LED frameworkQuentin Schulz
This migrates the last user of the legacy LED API, IMX233-OLinuXino, to the modern LED framework. The current implementation does the following: - lit the LED when booting, - turn off the LED the moment a BOOTP packet is received, The first step is easily reproduced by using the /options/u-boot/boot-led property to point at the LED. Unfortunately, the boot-led is only lit by U-Boot proper at the very end of the boot process, much later than currently. We can however force the LED on whenever the GPIO LED driver is bound by marking the LED as default-state = "on", and this happens slightly before board_init() is called. We then do not need /options/u-boot/boot-led property for that anymore. However, the second step relies on /options/u-boot/boot-led and CONFIG_LED_BOOT being set to reproduce the same behavior and requires us to migrate net/bootp.c to the modern LED framework at the same time to keep bisectability. I couldn't figure out how to map CONFIG_LED_STATUS_BIT=778 to an actual GPIO on the SoC but according to the schematics[1] only one LED is present. I couldn't also map the SoC pin number to an actual GPIO from the IMX23 manual, but there's already one GPIO LED specified in the Device Tree so my guess is all of those are one and the same. This was only build tested as I do not own this device. [1] https://github.com/OLIMEX/OLINUXINO/blob/master/HARDWARE/iMX233-OLinuXino-Mini/1.%20Latest%20hardware%20revision/iMX233-OLINUXINO-MINI%20hardware%20revision%20E/iMX233-OLINUXINO-MINI_Rev_E.pdf Signed-off-by: Quentin Schulz <[email protected]>
2026-02-17Merge patch series "treewide: Clean up usage of DECLARE_GLOBAL_DATA_PTR"Tom Rini
Peng Fan (OSS) <[email protected]> says: This patch set primarily removes unused DECLARE_GLOBAL_DATA_PTR instances. Many files declare DECLARE_GLOBAL_DATA_PTR and include asm/global_data.h even though gd is never used. In these cases, asm/global_data.h is effectively treated as a proxy header, which is not a good practice. Following the Include What You Use principle, files should include only the headers they actually depend on, rather than relying on global_data.h indirectly. This approach is also adopted in Linux kernel [1]. The first few patches are prepartion to avoid building break after remove the including of global_data.h. A script is for filtering the files: list=`find . -name "*.[ch]"` for source in ${list} do result=`sed -n '/DECLARE_GLOBAL_DATA_PTR/p' ${source}` if [ "${result}" == "DECLARE_GLOBAL_DATA_PTR;" ]; then echo "Found in ${source}" result=`sed -n '/\<gd\>/p' ${source}` result2=`sed -n '/\<gd_/p' ${source}` result3=`sed -n '/\<gd->/p' ${source}` if [ "${result}" == "" ] && [ "${result2}" == "" ] && [ "${result3}" == "" ];then echo "Cleanup ${source}" sed -i '/DECLARE_GLOBAL_DATA_PTR/{N;/\n[[:space:]]*$/d;s/.*\n//;}' ${source} sed -i '/DECLARE_GLOBAL_DATA_PTR/d' ${source} sed -i '/global_data.h/d' ${source} git add ${source} fi fi done [1] https://lpc.events/event/17/contributions/1620/attachments/1228/2520/Linux%20Kernel%20Header%20Optimization.pdf CI: https://github.com/u-boot/u-boot/pull/865 Link: https://lore.kernel.org/r/[email protected]
2026-02-17treewide: Clean up DECLARE_GLOBAL_DATA_PTR usagePeng Fan
Remove DECLARE_GLOBAL_DATA_PTR from files where gd is not used, and drop the unnecessary inclusion of asm/global_data.h. Headers should be included directly by the files that need them, rather than indirectly via global_data.h. Reviewed-by: Patrice Chotard <[email protected]> #STMicroelectronics boards and STM32MP1 ram test driver Tested-by: Anshul Dalal <[email protected]> #TI boards Acked-by: Yao Zi <[email protected]> #TH1520 Signed-off-by: Peng Fan <[email protected]>
2026-02-06net: lwip: wget: rework the '#' printingMarek Vasut
Currently, the LWIP wget command prints excessive amount of progress indicator '#' for very long file downloads, limit this to one line that scales according to transfer size. The HTTP server does report the size of the entire file in protocol headers, which are received before the actual data transfer. Cache this information and use it to adaptively print progress indicator '#' until it fills one entire line worth of '#', which indicates the transfer has completed. This way, long transfers don't print pages of '#', but every transfer will print exactly one line worth of '#'. The algorithm for '#' printing is the same as TFTP tsize one. Signed-off-by: Marek Vasut <[email protected]> Acked-by: Jerome Forissier <[email protected]>
2026-02-06net: lwip: tftp: add support of tsize option to clientMarek Vasut
The TFTP server can report the size of the entire file that is about to be received in the Transfer Size Option, this is described in RFC 2349. This functionality is optional and the server may not report tsize in case it is not supported. Always send tsize request to the server to query the transfer size, and in case the server does respond, cache that information locally in tftp_state.tsize, otherwise cache size 0. Introduce new function tftp_client_get_tsize() which returns the cached tftp_state.tsize so clients can determine the transfer size and use it. Update net/lwip/tftp.c to make use of tftp_client_get_tsize() and avoid excessive printing of '#' during TFTP transfers in case the transfer size is reported by the server. Submitted upstream: https://savannah.nongnu.org/patch/index.php?item_id=10557 Signed-off-by: Marek Vasut <[email protected]> Acked-by: Jerome Forissier <[email protected]>
2026-02-06net: tftp: Fix TFTP Transfer Size data typeYuya Hamamachi
The TFTP transfer size is unsigned integer, update the data type and print formating string accordingly to prevent an overflow in case the file size is longer than 2 GiB. TFTP transfer of a 3 GiB file, before (wrong) and after (right): Loading: ################################################# 16 EiB Loading: ################################################## 3 GiB Signed-off-by: Yuya Hamamachi <[email protected]> Signed-off-by: Marek Vasut <[email protected]>
2026-02-06net: Stop conflating return value with file size in net_loop()Yuya Hamamachi
The net_loop() currently conflates return value with file size at the end of successful transfer, in NETLOOP_SUCCESS state. The return type of net_loop() is int, which makes this practice workable for file sizes below 2 GiB, but anything above that will lead to overflow and bogus negative return value from net_loop(). The return file size is only used by a few sites in the code base, which can be easily fixed. Change the net_loop() return value to always be only a return code, in case of error the returned value is the error code, in case of successful transfer the value is 0 or 1 instead of 0 or net_boot_file_size . This surely always fits into a signed integer. By keeping the return code 0 or 1 in case of successful transfer, no conditionals which depended on the old behavior are broken, but all the sites had to be inspected and updated accordingly. Fix the few sites which depend on the file size by making them directly use the net_boot_file_size variable value. This variable is accessible to all of those sites already, because they all include net-common.h . Signed-off-by: Yuya Hamamachi <[email protected]> Signed-off-by: Marek Vasut <[email protected]>
2026-02-04net: lwip: nfs: Prefer nfsserverip over serverip when setJonas Karlman
Prefer use of a 'nfsserverip' env var before falling back to 'serverip' when using the nfs command. Similar to how the 'tftpserverip' env var is preferred over 'serverip' by the tftp command. This also updates the error message to closer match the error message used by the lwIP tftp command when a server ip is not set. Signed-off-by: Jonas Karlman <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-02-04net: lwip: dhcp: Save DHCP siaddr field to tftpserverip env varJonas Karlman
The DHCP siaddr field contains the IP address of next server to use in bootstrap. Typically this will be the IP address of a TFTP server or the IP address of the DHCP server itself. RFC 2131, 2. Protocol Summary, Page 10: DHCP clarifies the interpretation of the 'siaddr' field as the address of the server to use in the next step of the client's bootstrap process. A DHCP server may return its own address in the 'siaddr' field, if the server is prepared to supply the next bootstrap service (e.g., delivery of an operating system executable image). A DHCP server always returns its own address in the 'server identifier' option. Set the 'tftpserverip' env variable when the siaddr field contains an IP address that is different compared to the DHCP server IP address. Signed-off-by: Jonas Karlman <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-02-04net: lwip: Use ipaddr helpersJonas Karlman
The ip_addr_t of lwIP has support for both IPv6 and IPv4 addresses. Some lwIP commans is directly accessing the internal addr field of the ip_addr_t instead of using ipaddr helper functions. Change to use ipaddr helper functions where appropriate to remove direct access of the internal addr field. Also change a few instances from ip4 to the version less ipaddr helpers. There is no intended functional change, besides the change from using ip4 addr helper to using version less ipaddr helper. Signed-off-by: Jonas Karlman <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-02-04net: lwip: dns: Call env_set() from dns loop instead of found callbackJonas Karlman
The lwIP dns command handle env_set() calls from the found callback and printf() to console in the dns loop. Making it more complex than it needs to be. Simplify and ensure any environment variable that is being set is the same value that would have been printed on console. There should not be any intended change in behavior, besides the change from using ip4addr helper to using version less ipaddr helper. Signed-off-by: Jonas Karlman <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-02-04net: lwip: nfs: Print device name based on current udeviceJonas Karlman
Use udevice name, similar to other lwip commands, instead of using the legacy eth_get_name() when printing out the device being used. Fixes: 230cf3bc2776 ("net: lwip: nfs: Port the NFS code to work with lwIP") Signed-off-by: Jonas Karlman <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-02-04net: lwip: dns: Fix print of resolved IP addressJonas Karlman
The lwIP dns command only prints out cached resolved IP addresses. When a hostname is first resolved and ERR_INPROGRESS is returned the dns command prints out 0.0.0.0 instead of the resolved IP address. Fix this by printing out host_ipaddr instead of the temporary ipaddr that only is valid when ERR_OK is returned. Fixes: 1361d9f4f00a ("lwip: dns: do not print IP address when a variable is specified") Signed-off-by: Jonas Karlman <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-02-04net: lwip: add TFTPSERVERIP Kconfig optionJonas Karlman
With the legacy networking stack, it is possible to use USE_SERVERIP, SERVERIP and BOOTP_PREFER_SERVERIP Kconfg options to force use of a specific TFTP server ip. Using the lwIP networking stack use of the 'tftpserverip' environment variable provide the closest equivalent functionality. Add USE_TFTPSERVERIP and TFTPSERVERIP Kconfig options that can be used to add the 'tftpserverip' environment variable to force use of a specific TFTP server ip. Signed-off-by: Jonas Karlman <[email protected]> Acked-by: Jerome Forissier <[email protected]>
2026-02-04net: lwip: dhcp: Do not write past end of bufferAndrew Goodbody
sprintf will write a trailing \0 at the end of the string so when writing into a buffer, that buffer must be sized to allow for that trailing zero. In the DHCP code when the index is a number needing two digits to express the index would use up the two \0 bytes in the buffer and the trailing \0 from sprintf would be beyond the end of the allocation. Fix this by adding a third \0 in the buffer. This was found by code inspection when looking for an issue reported by Michal Simek, but I do not have the hardware to reproduce, so cannot confirm if this addresses that issue or not. Fixes: 98ad145db61a ("net: lwip: add DHCP support and dhcp commmand") Signed-off-by: Andrew Goodbody <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-01-15net: tftpput: Rework to exclude code from xPL phasesTom Rini
Given how the support for CONFIG_CMD_TFTPPUT is woven through the support for the tftp protocol we currently end up including "put" support in xPL phases, if enabled. This in turn can lead to size overflow on those platforms as xPL tends to be constrained. To resolve this, use "CMD_TFTPPUT" in the code to check for both CONFIG_CMD_TFTPPUT being true and not being in an xPL build phase. Signed-off-by: Tom Rini <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-01-15net: lwip: nfs: Port the NFS code to work with lwIPAndrew Goodbody
After the preparatory patches moved most of the NFS code into common files we now add the code to enable NFS support with lwIP. Signed-off-by: Andrew Goodbody <[email protected]> Acked-by: Jerome Forissier <[email protected]>
2026-01-15net: nfs: Move most NFS code to common filesAndrew Goodbody
Move most of the NFS code into common files so that it can be used by an lwIP port of NFS. Acked-by: Jerome Forissier <[email protected]> Signed-off-by: Andrew Goodbody <[email protected]>
2026-01-15net: nfs: Add licence headerAndrew Goodbody
Add the same GPL2+ licence header to the NFS code as appears on other NFS related files. Acked-by: Jerome Forissier <[email protected]> Signed-off-by: Andrew Goodbody <[email protected]>
2026-01-15net: Move some variables to net-common filesAndrew Goodbody
Make some variables available to be used by either the legacy network code or lwIP by moving them into the net-common files. This also allowed removing a small number of duplicated variables from the lwIP code. Signed-off-by: Andrew Goodbody <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-01-15net: move net_state to net-commonAndrew Goodbody
Move the net_state variable into common code so that it can be used by either the legacy network code or lwIP. This is needed for porting across the NFS support code for use with lwIP. Signed-off-by: Andrew Goodbody <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2026-01-15net:lwip: Add debug line to net-lwipAndrew Goodbody
When debugging the LWIP NFS implementation this debug line helped to show the cause of an error. This could be useful to someone in the future. Signed-off-by: Andrew Goodbody <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
2025-12-22Merge tag 'v2026.01-rc5' into nextTom Rini
Prepare v2026.01-rc5
2025-12-18net: lwip: tftp: Fix filename handlingAndrew Goodbody
The code to choose the filename to use does not cope with no name set at all. Firstly the test for a name in net_boot_file_name tests the pointer rather than the string it points to. Secondly the cleanup on exit in this case attempts to free a global variable. Fix both issues. Signed-off-by: Andrew Goodbody <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>