 |
Zephyr API Documentation
2.7.0-rc2
A Scalable Open Source RTOS
|
|
Zephyr API Documentation
2.7.0-rc2
A Scalable Open Source RTOS
|
#include <zephyr.h>#include <ztest.h>#include <kernel_structs.h>#include <string.h>#include <stdlib.h>#include <syscalls/mem_protect.h>Go to the source code of this file.
Macros | |
| #define | INHERIT_STACK_SIZE CONFIG_MAIN_STACK_SIZE |
| #define | SEMAPHORE_MAX_COUNT (10) |
| #define | SEMAPHORE_INIT_COUNT (0) |
| #define | SYNC_SEM_MAX_COUNT (1) |
| #define | SYNC_SEM_INIT_COUNT (0) |
| #define | MSG_Q_SIZE (10) |
| #define | MSG_Q_MAX_NUM_MSGS (10) |
| #define | MSG_Q_ALIGN (2) |
| #define | PRIORITY 5 |
| #define | STACK_SIZE (512 + CONFIG_TEST_EXTRA_STACKSIZE) |
| #define | BLK_SIZE_MIN 16 |
| #define | BLK_SIZE_MAX 64 |
| #define | BLK_NUM_MIN 8 |
| #define | BLK_NUM_MAX 2 |
| #define | BLK_ALIGN BLK_SIZE_MIN |
| #define | SEM_INIT_VAL (0U) |
| #define | SEM_MAX_VAL (1U) |
| #define | MEM_DOMAIN_STACK_SIZE CONFIG_MAIN_STACK_SIZE |
| #define | MEM_PARTITION_INIT_NUM (1) |
| #define | BLK_SIZE_MIN_MD 8 |
| #define | BLK_SIZE_MAX_MD 16 |
| #define | BLK_NUM_MAX_MD 4 |
| #define | BLK_ALIGN_MD BLK_SIZE_MIN_MD |
| #define | DESC_SIZE sizeof(struct sys_mem_pool_block) |
| #define | STACK_SIZE_MD (512 + CONFIG_TEST_EXTRA_STACKSIZE) |
| #define | PRIORITY_MD 5 |
| #define | MEM_DOMAIN_ALIGNMENT __aligned(MEM_REGION_ALLOC) |
| #define | KOBJECT_STACK_SIZE (512 + CONFIG_TEST_EXTRA_STACKSIZE) |
| #define | TEST_HEAP_SIZE (2 << CONFIG_MAX_THREAD_BYTES) * 256 |
| #define | MAX_OBJ 256 |
Functions | |
| void | test_permission_inheritance (void) |
| Test object permission inheritance except of the parent thread object. More... | |
| void | test_inherit_resource_pool (void) |
| Test child thread inherits parent's thread resource pool. More... | |
| void | test_mem_domain_setup (void) |
| void | test_mem_domain_valid_access (void) |
| Check if the mem_domain is configured and accessible for userspace. More... | |
| void | test_mem_domain_invalid_access (void) |
| Show that a user thread can't touch partitions not in its domain. More... | |
| void | test_mem_domain_no_writes_to_ro (void) |
| Show that a read-only partition can't be written to. More... | |
| void | test_mem_domain_remove_add_partition (void) |
| Show that adding/removing partitions works. More... | |
| void | test_mem_domain_api_supervisor_only (void) |
| Test access memory domain APIs allowed to supervisor threads only. More... | |
| void | test_mem_domain_boot_threads (void) |
| Show that boot threads belong to the default memory domain. More... | |
| void | test_mem_domain_migration (void) |
| void | test_mem_domain_init_fail (void) |
| Test error case of initializing memory domain fail. More... | |
| void | test_mem_domain_remove_part_fail (void) |
| void | test_macros_obtain_names_data_bss (void) |
| void | test_mem_part_assign_bss_vars_zero (void) |
| void | test_mem_part_auto_determ_size (void) |
| void | test_kobject_access_grant (void) |
| Test access to a invalid semaphore who's address is NULL. More... | |
| void | test_syscall_invalid_kobject (void) |
| Test syscall can take a different type of kobject. More... | |
| void | test_thread_without_kobject_permission (void) |
| Test user thread can access a k_object without grant. More... | |
| void | test_kobject_revoke_access (void) |
| Test access revoke. More... | |
| void | test_kobject_grant_access_kobj (void) |
| Test access revoke. More... | |
| void | test_kobject_grant_access_kobj_invalid (void) |
| Test access grant between threads. More... | |
| void | test_kobject_release_from_user (void) |
| Test revoke permission of a k_object from userspace. More... | |
| void | test_kobject_access_all_grant (void) |
| Test supervisor thread grants kernel objects all access public status. More... | |
| void | test_thread_has_residual_permissions (void) |
| Test access permission of a terminated thread. More... | |
| void | test_kobject_access_grant_to_invalid_thread (void) |
| Test grant access to a valid kobject but invalid thread id. More... | |
| void | test_kobject_access_invalid_kobject (void) |
| Object validation checks. More... | |
| void | test_access_kobject_without_init_access (void) |
| Object validation checks without init access. More... | |
| void | test_access_kobject_without_init_with_access (void) |
| Test syscall on a kobject which is not initialized and has access. More... | |
| void | test_kobject_reinitialize_thread_kobj (void) |
| Test to reinitialize the k_thread object. More... | |
| void | test_create_new_thread_from_user (void) |
| Test thread create from a user thread and check permissions. More... | |
| void | test_new_user_thread_with_in_use_stack_obj (void) |
| Test create new user thread from a user thread with in-use stack obj. More... | |
| void | test_create_new_thread_from_user_no_access_stack (void) |
| Test creates new thread from usermode without stack access. More... | |
| void | test_create_new_thread_from_user_invalid_stacksize (void) |
| Test to validate user thread spawning with stack overflow. More... | |
| void | test_create_new_thread_from_user_huge_stacksize (void) |
| Test to check stack overflow from user thread. More... | |
| void | test_create_new_supervisor_thread_from_user (void) |
| Test to create a new supervisor thread from user. More... | |
| void | test_create_new_essential_thread_from_user (void) |
| Create a new essential thread from user. More... | |
| void | test_create_new_higher_prio_thread_from_user (void) |
| Thread creation with prority is higher than current thread. More... | |
| void | test_create_new_invalid_prio_thread_from_user (void) |
| Create a new thread whose prority is invalid. More... | |
| void | test_mark_thread_exit_uninitialized (void) |
| Test when thread exits, kernel marks stack objects uninitialized. More... | |
| void | test_krnl_obj_static_alloc_build_time (void) |
| void | test_mem_part_overlap (void) |
| Test system assert when new partition overlaps the existing partition. More... | |
| void | test_mem_part_assert_add_overmax (void) |
| Test system assert when adding memory partitions more than possible. More... | |
| void | test_kobject_access_grant_error (void) |
| Test grant access of given NULL kobject. More... | |
| void | test_kobject_access_grant_error_user (void) |
| Test grant access of given NULL thread in usermode. More... | |
| void | test_kobject_access_grant_error_user_null (void) |
| Test grant access of given NULL kobject in usermode. More... | |
| void | test_kobject_access_all_grant_error (void) |
| Test grant access to all the kobject for thread. More... | |
| void | test_kobject_release_null (void) |
| void | test_kobject_free_error (void) |
| Test free an invalid kernel object. More... | |
| void | test_kobject_init_error (void) |
| Test alloc an invalid kernel object. More... | |
| void | test_kobj_create_out_of_memory (void) |
| Test kernel object until out of memory. More... | |
| void | test_thread_alloc_out_of_idx (void) |
| void | test_alloc_kobjects (void) |
| Test kernel object allocation. More... | |
| void | test_kobject_perm_error (void) |
| Test grant access failed in user mode. More... | |
| static void | set_fault_valid (bool valid) |
| struct k_heap * | ret_resource_pool_ptr (void) |
Variables | |
| volatile bool | valid_fault |
| #define BLK_ALIGN BLK_SIZE_MIN |
| #define BLK_ALIGN_MD BLK_SIZE_MIN_MD |
| #define BLK_NUM_MAX 2 |
| #define BLK_NUM_MAX_MD 4 |
| #define BLK_NUM_MIN 8 |
| #define BLK_SIZE_MAX 64 |
| #define BLK_SIZE_MAX_MD 16 |
| #define BLK_SIZE_MIN 16 |
| #define BLK_SIZE_MIN_MD 8 |
| #define DESC_SIZE sizeof(struct sys_mem_pool_block) |
| #define INHERIT_STACK_SIZE CONFIG_MAIN_STACK_SIZE |
| #define KOBJECT_STACK_SIZE (512 + CONFIG_TEST_EXTRA_STACKSIZE) |
| #define MAX_OBJ 256 |
| #define MEM_DOMAIN_ALIGNMENT __aligned(MEM_REGION_ALLOC) |
| #define MEM_DOMAIN_STACK_SIZE CONFIG_MAIN_STACK_SIZE |
| #define MEM_PARTITION_INIT_NUM (1) |
| #define MSG_Q_ALIGN (2) |
| #define MSG_Q_MAX_NUM_MSGS (10) |
| #define MSG_Q_SIZE (10) |
| #define PRIORITY 5 |
| #define PRIORITY_MD 5 |
| #define SEM_INIT_VAL (0U) |
| #define SEM_MAX_VAL (1U) |
| #define SEMAPHORE_INIT_COUNT (0) |
| #define SEMAPHORE_MAX_COUNT (10) |
| #define STACK_SIZE (512 + CONFIG_TEST_EXTRA_STACKSIZE) |
| #define STACK_SIZE_MD (512 + CONFIG_TEST_EXTRA_STACKSIZE) |
| #define SYNC_SEM_INIT_COUNT (0) |
| #define SYNC_SEM_MAX_COUNT (1) |
| #define TEST_HEAP_SIZE (2 << CONFIG_MAX_THREAD_BYTES) * 256 |
Object validation checks without init access.
Test syscall on a kobject which is not initialized and has no access
Test syscall on a kobject which is not initialized and has access.
Test kernel object allocation.
Allocate all kinds of kernel object and do permission operation functions.
Thread creation with prority is higher than current thread.
_handler_k_thread_create validation.
Create a new thread whose prority is invalid.
_handler_k_thread_create validation.
Test to create a new supervisor thread from user.
The system kernel must prevent user threads from creating supervisor threads.
Test thread create from a user thread and check permissions.
Test to check stack overflow from user thread.
Create a new thread from user and use a stack bigger than allowed size. This is_handler_k_thread_create validation.
Test to validate user thread spawning with stack overflow.
Create a new thread from user and use a huge stack size which overflows. This is _handler_k_thread_create validation.
Test creates new thread from usermode without stack access.
Create a new thread from user and the user doesn't have access to the stack region of new thread. _handler_k_thread_create validation.
Test child thread inherits parent's thread resource pool.
Test kernel object until out of memory.
Create a dynamic kernel object repeatedly until run out of all heap memory, an expected out of memory error generated.
Test supervisor thread grants kernel objects all access public status.
System makes kernel object kobject_public_sem public to all threads Test the access to that kernel object by creating two new user threads.
Test grant access to all the kobject for thread.
Call function with a NULL parameter, an expected fault happened.
Test access to a invalid semaphore who's address is NULL.
Test grant access of given NULL kobject.
Call function with a NULL parameter in supervisor mode, nothing happened.
Test grant access of given NULL thread in usermode.
Call function with NULL parameter, an expected fault happened.
Test grant access of given NULL kobject in usermode.
Call function with a NULL parameter, an expected fault happened.
Test grant access to a valid kobject but invalid thread id.
Object validation checks.
Test syscall on a kobject which is not present in the hash table.
Test free an invalid kernel object.
Spawn a thread free a NULL, an expected fault happened.
Test access revoke.
Test access grant between threads.
Test access grant to thread B from thread A which doesn't have required permissions.
Test alloc an invalid kernel object.
Allocate invalid kernel objects, then no alloction will be returned.
Test grant access failed in user mode.
Before grant access of static kobject to user thread, any grant access to this thread, will trigger an expected thread permission error.
Test revoke permission of a k_object from userspace.
Test access revoke.
Test when thread exits, kernel marks stack objects uninitialized.
When thread exits, the kernel upon thread exit, should mark the exiting thread and thread stack object as uninitialized
Test access memory domain APIs allowed to supervisor threads only.
Show that invoking any of the memory domain APIs from user mode leads to a fault.
Show that boot threads belong to the default memory domain.
Static threads and the main thread are supposed to start as members of the default memory domain. Prove this is the case by examining the memory domain membership of z_main_thread and a static thread.
Test error case of initializing memory domain fail.
Try to initialize a domain with invalid partition, then see if an expected fatal error happens. And while the fatal error happened, the memory domain spinlock is held, we need to release them to make other follow test case.
Show that a user thread can't touch partitions not in its domain.
Show that adding/removing partitions works.
Show that removing a partition doesn't affect access to other partitions. Show that removing a partition generates a fault if its data is accessed. Show that adding a partition back restores access from a user thread.
Check if the mem_domain is configured and accessible for userspace.
Join a memory domain with a read-write memory partition and a read-only partition within it, and show that the data in the partition is accessible as expected by the permissions provided.
Test system assert when adding memory partitions more than possible.
Test system assert when new partition overlaps the existing partition.
Test Objective:
Testing techniques:
Prerequisite Conditions:
Input Specifications:
Test Procedure:
Expected Test Result:
Pass/Fail Criteria:
Assumptions and Constraints:
Test create new user thread from a user thread with in-use stack obj.
The kernel must prevent new user threads to use initiliazed (in-use) stack objects. In that case extra_thread is going to be create with in-use stack object child_stack. That will generate error, showing that kernel memory protection is working correctly.
Test object permission inheritance except of the parent thread object.
Test syscall can take a different type of kobject.
Test syscall can take a different type of kobject and syscall will generate fatal error if check fails.
Test access permission of a terminated thread.
If a deleted thread with some permissions is recreated with the same tid, check if it still has the permissions.
Test user thread can access a k_object without grant.
The kernel will fail system call on kernel object that tracks thread permissions, on thread that don't have permission granted on the object.
|
extern |
1.9.4