Show that this mechanism can detect stack overflows with the
guard page. We only do it once since are are in an alternate
IA HW task after it happens.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
As there is no suffix to represent a literal as unsigned short
it is typecasted. It is fix for Jira ZEP-2156
Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
The IA32 MMU has no concept of a "no execute" flag, this is
unfortunately only implemented in x86_64.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Upcoming memory protection features will be placing some additional
constraints on kernel objects:
- They need to reside in memory owned by the kernel and not the
application
- Certain kernel object validation schemes will require some run-time
initialization of all kernel objects before they can be used.
Per Ben these initializer macros were never intended to be public. It is
not forbidden to use them, but doing so requires care: the memory being
initialized must reside in kernel space, and extra runtime
initialization steps may need to be peformed before they are fully
usable as kernel objects. In particular, kernel subsystems or drivers
whose objects are already in kernel memory may still need to use these
macros if they define kernel objects as members of a larger data
structure.
It is intended that application developers instead use the
K_<object>_DEFINE macros, which will automatically put the object in the
right memory and add them to a section which can be iterated over at
boot to complete initiailization.
There was no K_WORK_DEFINE() macro for creating struct k_work objects,
this is now added.
k_poll_event and k_poll_signal are intended to be instatiated from
application memory and have not been changed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Build issues caused by commit fe882f407d
which missed camel case conversion of _TimestampOpen, _TimestampRead,
and _TimestampClose.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Test whichever had Camel case defined for functions and variables have
been replaced.
Following warnings have been fixed in test cases as well.
- line over 80 characters
- Macros with flow control statements should be avoided
- Macros with complex values should be enclosed in parentheses
- break quoted strings at a space character
- do not add new typedefs
- Comparisons should place the constant on the right
side of the test
- suspect code indent for conditional statements
- Missing a blank line after declarations
- macros should not use a trailing semicolon
- Macros with multiple statements should be
enclosed in a do - while loop
- do not use C99 // comments
JIRA: ZEP-2249
Signed-off-by: Punit Vara <punit.vara@intel.com>
Where possible, replace the use of filter with newly added keywords.
This will speed things up and in some cases add more coverage due to bad
filters.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
commit d859295be9 ("tests: protection: convert to testcase.yaml")
removed testcase.ini but did not add an equivalent testcase.yaml.
Add it.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Add a self-protection test suite with a set of tests
to check whether one can overwrite read-only data
and text, and whether one can execute from data,
stack, or heap buffers. These tests are modeled after
a subset of the lkdtm tests in the Linux kernel.
These tests have twice caught bugs in the Zephyr NXP MPU
driver, once during initial testing/review of the code
(in its earliest forms on gerrit, reported to the original
author there) and most recently the regression introduced
by commit bacbea6e21 ("arm: nxp: mpu: Rework handling
of region descriptor 0"), which was fixed by
commit a8aa9d4f3dbbe8 ("arm: nxp: mpu: Fix region descriptor
0 attributes") after being reported.
This is intended to be a testsuite of self-protection features
rather than just a test of MPU functionality. It is envisioned
that these tests will be expanded to cover a wider range of
protection features beyond just memory protection, and the
current tests are independent of any particular enforcement
mechanism (e.g. MPU, MMU, or other).
The tests are intended to be cross-platform, and have been
built and run on both x86- and ARM-based boards. The tests
currently fail on x86-based boards, but this is an accurate
reflection of current protections and should change as MMU
support arrives.
The tests leverage the ztest framework, making them suitable
for incorporation into automated regression testing for Zephyr.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This will prepare test cases and samples with metadata and information
that will be consumed by the sanitycheck script which will be changed to
parse YAML files instead of ini.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This is unmaintained and currently has no known users. It was
added to support a Wind River project. If in the future we need it
again, we should re-introduce it with an exception-based mechanism
for catching out-of-bounds memory queries from the debugger.
The mem_safe subsystem is also removed, it is only used by the
GDB server. If its functionality is needed in the future, it
shoudl be replaced with an exception-based mechanism.
The _image_{ram, rom, text}_{start, end} linker variables have
been left in place, they will be re-purposed and expanded to
support memory protection.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
