aboutsummaryrefslogtreecommitdiff
path: root/net/nfs.c
AgeCommit message (Collapse)Author
2024-04-10net: nfs: fix file handle length in NFSv3Sébastien Szymanski
The NFS protocol uses file handles to refer to file or directory. In NFSv2 file handles have a fixed size of 32 bytes. In NFSv3 file handles have a variable length up to 64 bytes. This is also true for the MOUNT protocol. [1] When the NFSv3 server replies with a file handle length > 32 bytes, U-Boot only copies 32 bytes of that file handle and the next LOOKUP Call fails: BIOS> nfs ${loadaddr} 192.168.1.51:/nfsroot/opos93dev-br/boot/Image Using ethernet@428a0000 device File transfer via NFS from server 192.168.1.51; our IP address is 192.168.1.133 Filename '/nfsroot/opos93dev-br/boot/Image'. Load address: 0x80400000 Loading: *** ERROR: File lookup fail done BIOS> Looking at this transfer in Wireshark, we can see that the server replies with the following file handle: length: 36 [hash (CRC-32): 0x230ac67b] FileHandle: 0100070101005e000000000091763911f87c449fa73c298552db19ba0c9f60002980cfd2 and U-Boot sends the following file handle in the next LOOKUP Call: length: 32 [hash (CRC-32): 0x6314131b] FileHandle: 000000240100070101005e000000000091763911f87c449fa73c298552db19ba Fix this by using a variable length file handle for dirfh. [1] https://www.rfc-editor.org/rfc/rfc1813.html#page-106 Fixes: b0baca982048 ("net: NFS: Add NFSv3 support") Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com> Tested-by: Andrew Davis <afd@ti.com>
2023-05-05net: add NFSv1 supportThomas RIENOESSL
NFSv1 support added by Christian Gmeiner, Thomas Rienoessl, September 27, 2018. As of now, NFSv3 is the default choice. if the server does not support NFSv3, we fall back to versions 2 or 1. Signed-off-by: Thomas RIENOESSL <thomas.rienoessl@bachmann.info>
2023-05-05nfs: handle rpc errors for mount callsThomas RIENOESSL
Signed-off-by: Thomas RIENOESSL <thomas.rienoessl@bachmann.info>
2023-05-05nfs: factor out generic reply error handlingThomas RIENOESSL
Signed-off-by: Thomas RIENOESSL <thomas.rienoessl@bachmann.info>
2023-05-05nfs: convert supported_nfs_versions bitfield to an enumThomas RIENOESSL
Prep. work to support nfs v1. Signed-off-by: Thomas RIENOESSL <thomas.rienoessl@bachmann.info>
2022-08-10common: Drop display_options.h from common headerSimon Glass
Move this out of the common header and include it only where needed. Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-04Audit <flash.h> inclusionTom Rini
A large number of files include <flash.h> as it used to be how various SPI flash related functions were found, or for other reasons entirely. In order to migrate some further CONFIG symbols to Kconfig we need to not include flash.h in cases where we don't have a NOR flash of some sort enabled. Furthermore, in cases where we are in common code and it doesn't make sense to try and further refactor the code itself in to new files we need to guard this inclusion. Signed-off-by: Tom Rini <trini@konsulko.com>
2022-05-26net: nfs: Fix CVE-2022-30767 (old CVE-2019-14196)Andrea zi0Black Cappa
This patch mitigates the vulnerability identified via CVE-2019-14196. The previous patch was bypassed/ineffective, and now the vulnerability is identified via CVE-2022-30767. The patch removes the sanity check introduced to mitigate CVE-2019-14196 since it's ineffective. filefh3_length is changed to unsigned type integer, preventing negative numbers from being used during comparison with positive values during size sanity checks. Signed-off-by: Andrea zi0Black Cappa <zi0Black@protonmail.com>
2022-03-18Convert CONFIG_NFS_TIMEOUT to KconfigTom Rini
This converts the following to Kconfig: CONFIG_NFS_TIMEOUT Cc: Ramon Fried <rfried.dev@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com>
2020-05-18common: Drop log.h from common headerSimon Glass
Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-01-17common: Move the image globals into image.hSimon Glass
These three globals relate to image handling. Move them to the image header file. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-01-17image: Rename load_addr, save_addr, save_sizeSimon Glass
These global variables are quite short and generic. In fact the same name is more often used locally for struct members and function arguments. Add a image_ prefix to make them easier to distinguish. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-01-17common: Move flash_perror() to flash.hSimon Glass
This function belongs more in flash.h than common.h so move it. Also remove the space before the bracket in some calls. Signed-off-by: Simon Glass <sjg@chromium.org>
2019-12-02common: Move get_ticks() function out of common.hSimon Glass
This function belongs in time.h so move it over and add a comment. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
2019-09-04net: nfs: remove superfluous conversionsHeinrich Schuchardt
rpc_pkt.u.call.data is an array of uint32_t. There is no need to convert it to uint32_t *. memcpy() expects void * as it 1st and 2nd argument. There is no point in converting pointers to char * before passing them to memcpy(). In ntohl(data[1]) != 0 calling ntohl() is superfluous. If the value is zero, does not depend on the byte order. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2019-09-04CVE-2019-14196: nfs: fix unbounded memcpy with a failed length check at ↵liucheng (G)
nfs_lookup_reply This patch adds a check to rpc_pkt.u.reply.data at nfs_lookup_reply. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reported-by: Fermín Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2019-09-04CVE-2019-14195: nfs: fix unbounded memcpy with unvalidated length at ↵liucheng (G)
nfs_readlink_reply This patch adds a check to rpc_pkt.u.reply.data at nfs_readlink_reply. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reported-by: Fermín Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2019-09-04CVE-2019-14194/CVE-2019-14198: nfs: fix unbounded memcpy with a failed ↵liucheng (G)
length check at nfs_read_reply This patch adds a check to rpc_pkt.u.reply.data at nfs_read_reply. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reported-by: Fermín Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2019-09-04CVE: nfs: fix stack-based buffer overflow in some nfs_handler reply helper ↵liucheng (G)
functions This patch adds a check to nfs_handler to fix buffer overflow for CVE-2019-14197, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reported-by: Fermín Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2018-07-26net: Consolidate the parsing of bootfileJoe Hershberger
The same basic parsing was implemented in tftp and nfs, so add a helper function to do the work once. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2018-07-26net: Always print basic info for nfs, just like tftpJoe Hershberger
nfs was only printing basic info about the transfer in the case of a DEBUG build. Print the same level of detail as tftp always. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2018-07-26net: Check subnet against the actual ip address in use for nfsJoe Hershberger
The check for sending to the gateway was not using the correct variable for comparison, so it was reporting that packets are sent to the gateway when they were not. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2018-06-13net: nfs: don't fail when nfs_read_reply returns -NFS_RPC_DROPVasily Khoruzhick
That can happen if duplicate UDP packet arrived, and that's not uncommon. Anyway, we ignore packets with rpc_id lower than last we sent for other requests, so it makes sense to do that for read request as well. Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2016-09-09Revert "net: nfs: Use the tx buffer to construct rpc msgs"Joe Hershberger
This reverts commit 998372b4798fd7ebb666f571950df925b8d80f69. This caused a data abort on some platform. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Reported-by: Guillaume GARDET <guillaume.gardet@free.fr>
2016-08-22net: nfs: Simplify rpc_add_credentials()Joe Hershberger
We use an empty hostname, so remove all the "processing" of the known-to-be-empty hostname and just write 0's where needed. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2016-08-22net: nfs: Use the tx buffer to construct rpc msgsJoe Hershberger
Instead of always allocating a huge temporary buffer on the stack and then memcpy()ing the result into the transmit buffer, simply figure out where in the transmit buffer the bytes will belong and write them there directly as each message is built. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2016-08-22net: nfs: Move some prints to debug statementsJoe Hershberger
Much of the information is verbose and derived directly from the environment. Only output in debug mode. This also saves about 300 bytes from the code size. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2016-08-22net: nfs: Use consistent names for the rpc_pktJoe Hershberger
Use the same name throughout the nfs code and use the same member of the union to avoid casts. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2016-08-22net: nfs: Correct a commentJoe Hershberger
The buffer is of 32-bit elements, not bytes. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2016-08-22net: nfs: Consolidate handling of NFSv3 attributesJoe Hershberger
Instead of repeating the same large snippet for dealing with attributes it should be shared with a helper function. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2016-08-22net: nfs: Fix lines that are too longJoe Hershberger
Fix complaints from checkpatch.pl. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2016-08-22net: nfs: Share the file handle buffer for v2 / v3Joe Hershberger
The v3 handles can be larger than v2, but that doesn't mean we need a separate buffer. Reuse the same (larger) buffer for both. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2016-08-22net: NFS: Add NFSv3 supportGuillaume GARDET
This patch enables NFSv3 support. If NFSv2 is available use it as usual. If NFSv2 is not available, but NFSv3 is available, use NFSv3. If NFSv2 and NFSv3 are not available, print an error message since NFSv4 is not supported. Tested on iMX6 sabrelite with 4 Linux NFS servers: * NFSv2 + NFSv3 + NFSv4 server: use NFSv2 protocol * NFSv2 + NFSv3 server: use NFSv2 protocol * NFSv3 + NFSv4 server: use NFSv3 protocol * NFSv3 server: use NFSv3 protocol Signed-off-by: Guillaume GARDET <guillaume.gardet@free.fr> Cc: Tom Rini <trini@konsulko.com> Cc: joe.hershberger@ni.com Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2016-08-22net: nfs: Remove separate buffer for default nameJoe Hershberger
There is no reason to store the default filename in a separate buffer only to immediately copy it to the main name buffer. Just write it there directly and remove the other buffer. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2016-07-06net: Fix incorrect RPC packets on 64-bit systemsRalf Hubert
This patch fixes incorrect RPC packet layout caused by 'long' type size difference on 64 and 32-bit architectures. Signed-off-by: Ralf Hubert <r.hubert@technisat.de> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2016-06-21NFS: Add error message when U-Boot NFS version (V2) is not supported by NFS ↵Guillaume GARDET
server Signed-off-by: Guillaume GARDET <guillaume.gardet@free.fr> Cc: joe.hershberger@ni.com Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2015-04-18net: cosmetic: Fix checkpatch.pl failures in net.cJoe Hershberger
Finish eliminating CamelCase from net.c and other failures Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Acked-by: Simon Glass <sjg@chromium.org>
2015-04-18net: cosmetic: Clean up NFS variables and functionsJoe Hershberger
Make a thorough pass through all variables and function names contained within nfs.c and remove CamelCase and improve naming. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Acked-by: Simon Glass <sjg@chromium.org>
2015-04-18net: cosmetic: Cleanup internal packet buffer namesJoe Hershberger
This patch cleans up the names of internal packet buffer names that are used within the network stack and the functions that use them. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2015-04-18net: cosmetic: Name ethaddr variables consistentlyJoe Hershberger
Use "_ethaddr" at the end of variables and drop CamelCase. Make constant values actually 'const'. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Acked-by: Simon Glass <sjg@chromium.org>
2015-04-18net: cosmetic: Fixup var names related to boot fileJoe Hershberger
The variables around the bootfile were inconsistent and used CamelCase. Update them to make the code more readable. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Acked-by: Simon Glass <sjg@chromium.org>
2015-04-18net: cosmetic: Change IPaddr_t to struct in_addrJoe Hershberger
This patch is simply clean-up to make the IPv4 type that is used match what Linux uses. It also attempts to move all variables that are IP addresses use good naming instead of CamelCase. No functional change. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Acked-by: Simon Glass <sjg@chromium.org>
2015-04-18net: Access mapped physmem in net functionsJoe Hershberger
Previously the net functions would access memory assuming physmem did not need to be mapped. In sandbox, that's not the case. Now we map the physmem specified by the user in loadaddr to the buffer that represents that space. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2013-06-24net: nfs: add dynamic wait periodMatthias Brugger
This patch tackles the time out problem which leads to break the boot process, when loading file over nfs. The patch does two things. First of all, we just ignore messages that arrive with a rpc_id smaller then the client id. We just interpret this messages as answers to formaly timed out messages. Second, when a time out occurs we double the time to wait, so that we do not stress the server resending the last message. Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com> Tested-by: Enric Balletbo i Serra <eballetbo@gmail.com>
2012-07-12net: nfs: make NFS_TIMEOUT configurableTetsuyuki Kobayashi
NFS_TIMEOUT is constant value defined in net/nfs.c. But sometimes it needs to adjust. This patch enables to override NFS_TIMEOUT by defining CONFIG_NFS_TIMEOUT in a board specific config file. Signed-off-by: Tetsuyuki Kobayashi <koba@kmckk.co.jp>
2012-05-23net: Refactor to separate the UDP handler from the ARP handlerJoe Hershberger
Call a built-in dummy if none is registered... don't require protocols to register a handler (eliminating dummies) NetConsole now uses the ARP handler when waiting on arp (instead of needing a #define hack in arp.c) Clear handlers at the end of net loop Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Acked-by: Simon Glass <sjg@chromium.org>
2012-05-23net: Refactor to protect access to the NetState variableJoe Hershberger
Changes to NetState now go through an accessor function called net_set_state() Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2012-05-23net: cosmetic: Un-typedef IP_tJoe Hershberger
Rename IP header related things to IP_UDP. The existing definition of IP_t includes UDP header, so name it to accurately describe the structure. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2012-05-15net: cosmetic: nfs.* checkpatch complianceJoe Hershberger
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Acked-by: Simon Glass <sjg@chromium.org>
2011-12-06net: Make sure IPaddr_t is 32 bits in sizeMatthias Weisser
When building u-boot as 64 bit application (e.g. sandbox) ulong might be 64 bits in size. This breaks network code as IPaddr_t is 64 bytes in size then and an IPv4 address is 32 bits in size. This patch makes sure that IPaddr_t is always 32 bits in size. Also some warnings introduced by this patch are fixed. Signed-off-by: Matthias Weisser <weisserm@arcor.de> Acked-by: Mike Frysinger <vapier@gentoo.org>