#include <zephyr.h>
#include <ztest.h>
#include <kernel_structs.h>
#include <string.h>
#include <stdlib.h>
#include <syscalls/mem_protect.h>

Macros
#define	INHERIT_STACK_SIZE CONFIG_MAIN_STACK_SIZE

#define	SEMAPHORE_MAX_COUNT (10)

#define	SEMAPHORE_INIT_COUNT (0)

#define	SYNC_SEM_MAX_COUNT (1)

#define	SYNC_SEM_INIT_COUNT (0)

#define	MSG_Q_SIZE (10)

#define	MSG_Q_MAX_NUM_MSGS (10)

#define	MSG_Q_ALIGN (2)

#define	PRIORITY 5

#define	STACK_SIZE (512 + CONFIG_TEST_EXTRA_STACKSIZE)

#define	BLK_SIZE_MIN 16

#define	BLK_SIZE_MAX 64

#define	BLK_NUM_MIN 8

#define	BLK_NUM_MAX 2

#define	BLK_ALIGN BLK_SIZE_MIN

#define	SEM_INIT_VAL (0U)

#define	SEM_MAX_VAL (1U)

#define	MEM_DOMAIN_STACK_SIZE CONFIG_MAIN_STACK_SIZE

#define	MEM_PARTITION_INIT_NUM (1)

#define	BLK_SIZE_MIN_MD 8

#define	BLK_SIZE_MAX_MD 16

#define	BLK_NUM_MAX_MD 4

#define	BLK_ALIGN_MD BLK_SIZE_MIN_MD

#define	DESC_SIZE sizeof(struct sys_mem_pool_block)

#define	STACK_SIZE_MD (512 + CONFIG_TEST_EXTRA_STACKSIZE)

#define	PRIORITY_MD 5

#define	MEM_DOMAIN_ALIGNMENT __aligned(MEM_REGION_ALLOC)

#define	KOBJECT_STACK_SIZE (512 + CONFIG_TEST_EXTRA_STACKSIZE)

#define	TEST_HEAP_SIZE (2 << CONFIG_MAX_THREAD_BYTES) * 256

#define	MAX_OBJ 256

Functions
void	test_permission_inheritance (void)
	Test object permission inheritance except of the parent thread object. More...

void	test_inherit_resource_pool (void)
	Test child thread inherits parent's thread resource pool. More...

void	test_mem_domain_setup (void)

void	test_mem_domain_valid_access (void)
	Check if the mem_domain is configured and accessible for userspace. More...

void	test_mem_domain_invalid_access (void)
	Show that a user thread can't touch partitions not in its domain. More...

void	test_mem_domain_no_writes_to_ro (void)
	Show that a read-only partition can't be written to. More...

void	test_mem_domain_remove_add_partition (void)
	Show that adding/removing partitions works. More...

void	test_mem_domain_api_supervisor_only (void)
	Test access memory domain APIs allowed to supervisor threads only. More...

void	test_mem_domain_boot_threads (void)
	Show that boot threads belong to the default memory domain. More...

void	test_mem_domain_migration (void)

void	test_mem_domain_init_fail (void)
	Test error case of initializing memory domain fail. More...

void	test_mem_domain_remove_part_fail (void)

void	test_mem_part_add_error_null (void)
	Test error case of adding null memory partition fail. More...

void	test_mem_part_add_error_zerosize (void)
	Test error case of adding zero sized memory partition fail. More...

void	test_mem_part_error_wraparound (void)
	Test error case of memory partition address wraparound. More...

void	test_mem_part_remove_error_zerosize (void)
	Test error case of removing memory partition fail. More...

void	test_macros_obtain_names_data_bss (void)

void	test_mem_part_assign_bss_vars_zero (void)

void	test_mem_part_auto_determ_size (void)

void	test_kobject_access_grant (void)
	Test access to a invalid semaphore who's address is NULL. More...

void	test_syscall_invalid_kobject (void)
	Test syscall can take a different type of kobject. More...

void	test_thread_without_kobject_permission (void)
	Test user thread can access a k_object without grant. More...

void	test_kobject_revoke_access (void)
	Test access revoke. More...

void	test_kobject_grant_access_kobj (void)
	Test access revoke. More...

void	test_kobject_grant_access_kobj_invalid (void)
	Test access grant between threads. More...

void	test_kobject_release_from_user (void)
	Test revoke permission of a k_object from userspace. More...

void	test_kobject_access_all_grant (void)
	Test supervisor thread grants kernel objects all access public status. More...

void	test_thread_has_residual_permissions (void)
	Test access permission of a terminated thread. More...

void	test_kobject_access_grant_to_invalid_thread (void)
	Test grant access to a valid kobject but invalid thread id. More...

void	test_kobject_access_invalid_kobject (void)
	Object validation checks. More...

void	test_access_kobject_without_init_access (void)
	Object validation checks without init access. More...

void	test_access_kobject_without_init_with_access (void)
	Test syscall on a kobject which is not initialized and has access. More...

void	test_kobject_reinitialize_thread_kobj (void)
	Test to reinitialize the k_thread object. More...

void	test_create_new_thread_from_user (void)
	Test thread create from a user thread and check permissions. More...

void	test_new_user_thread_with_in_use_stack_obj (void)
	Test create new user thread from a user thread with in-use stack obj. More...

void	test_create_new_thread_from_user_no_access_stack (void)
	Test creates new thread from usermode without stack access. More...

void	test_create_new_thread_from_user_invalid_stacksize (void)
	Test to validate user thread spawning with stack overflow. More...

void	test_create_new_thread_from_user_huge_stacksize (void)
	Test to check stack overflow from user thread. More...

void	test_create_new_supervisor_thread_from_user (void)
	Test to create a new supervisor thread from user. More...

void	test_create_new_essential_thread_from_user (void)
	Create a new essential thread from user. More...

void	test_create_new_higher_prio_thread_from_user (void)
	Thread creation with prority is higher than current thread. More...

void	test_create_new_invalid_prio_thread_from_user (void)
	Create a new thread whose prority is invalid. More...

void	test_mark_thread_exit_uninitialized (void)
	Test when thread exits, kernel marks stack objects uninitialized. More...

void	test_krnl_obj_static_alloc_build_time (void)

void	test_mem_part_overlap (void)
	Test system assert when new partition overlaps the existing partition. More...

void	test_mem_part_assert_add_overmax (void)
	Test system assert when adding memory partitions more than possible. More...

void	test_kobject_access_grant_error (void)
	Test grant access of given NULL kobject. More...

void	test_kobject_access_grant_error_user (void)
	Test grant access of given NULL thread in usermode. More...

void	test_kobject_access_grant_error_user_null (void)
	Test grant access of given NULL kobject in usermode. More...

void	test_kobject_access_all_grant_error (void)
	Test grant access to all the kobject for thread. More...

void	test_kobject_invalid (void)
	Test release and access grant an invaild kobject. More...

void	test_kobject_free_error (void)
	Test free an invalid kernel object. More...

void	test_kobject_init_error (void)
	Test alloc an invalid kernel object. More...

void	test_kobj_create_out_of_memory (void)
	Test kernel object until out of memory. More...

void	test_thread_alloc_out_of_idx (void)

void	test_alloc_kobjects (void)
	Test kernel object allocation. More...

void	test_kobject_perm_error (void)
	Test grant access failed in user mode. More...

void	test_all_kobjects_str (void)
	Test get all kernel object list. More...

static void	set_fault_valid (bool valid)

struct k_heap *	ret_resource_pool_ptr (void)

Variables
volatile bool	valid_fault

Macro Definition Documentation

◆ BLK_ALIGN

#define BLK_ALIGN BLK_SIZE_MIN

◆ BLK_ALIGN_MD

#define BLK_ALIGN_MD BLK_SIZE_MIN_MD

◆ BLK_NUM_MAX

#define BLK_NUM_MAX 2

◆ BLK_NUM_MAX_MD

#define BLK_NUM_MAX_MD 4

◆ BLK_NUM_MIN

#define BLK_NUM_MIN 8

◆ BLK_SIZE_MAX

#define BLK_SIZE_MAX 64

◆ BLK_SIZE_MAX_MD

#define BLK_SIZE_MAX_MD 16

◆ BLK_SIZE_MIN

#define BLK_SIZE_MIN 16

◆ BLK_SIZE_MIN_MD

#define BLK_SIZE_MIN_MD 8

◆ DESC_SIZE

#define DESC_SIZE sizeof(struct sys_mem_pool_block)

◆ INHERIT_STACK_SIZE

#define INHERIT_STACK_SIZE CONFIG_MAIN_STACK_SIZE

◆ KOBJECT_STACK_SIZE

#define KOBJECT_STACK_SIZE (512 + CONFIG_TEST_EXTRA_STACKSIZE)

◆ MAX_OBJ

#define MAX_OBJ 256

◆ MEM_DOMAIN_ALIGNMENT

#define MEM_DOMAIN_ALIGNMENT __aligned(MEM_REGION_ALLOC)

◆ MEM_DOMAIN_STACK_SIZE

#define MEM_DOMAIN_STACK_SIZE CONFIG_MAIN_STACK_SIZE

◆ MEM_PARTITION_INIT_NUM

#define MEM_PARTITION_INIT_NUM (1)

◆ MSG_Q_ALIGN

#define MSG_Q_ALIGN (2)

◆ MSG_Q_MAX_NUM_MSGS

#define MSG_Q_MAX_NUM_MSGS (10)

◆ MSG_Q_SIZE

#define MSG_Q_SIZE (10)

◆ PRIORITY

#define PRIORITY 5

◆ PRIORITY_MD

#define PRIORITY_MD 5

◆ SEM_INIT_VAL

#define SEM_INIT_VAL (0U)

◆ SEM_MAX_VAL

#define SEM_MAX_VAL (1U)

◆ SEMAPHORE_INIT_COUNT

#define SEMAPHORE_INIT_COUNT (0)

◆ SEMAPHORE_MAX_COUNT

#define SEMAPHORE_MAX_COUNT (10)

◆ STACK_SIZE

#define STACK_SIZE (512 + CONFIG_TEST_EXTRA_STACKSIZE)

◆ STACK_SIZE_MD

#define STACK_SIZE_MD (512 + CONFIG_TEST_EXTRA_STACKSIZE)

◆ SYNC_SEM_INIT_COUNT

#define SYNC_SEM_INIT_COUNT (0)

◆ SYNC_SEM_MAX_COUNT

#define SYNC_SEM_MAX_COUNT (1)

◆ TEST_HEAP_SIZE

#define TEST_HEAP_SIZE (2 << CONFIG_MAX_THREAD_BYTES) * 256

Function Documentation

◆ ret_resource_pool_ptr()

struct k_heap * ret_resource_pool_ptr ( void )

◆ set_fault_valid()

static void set_fault_valid ( bool valid )

inlinestatic

◆ test_access_kobject_without_init_access()

void test_access_kobject_without_init_access ( void )

Object validation checks without init access.

Test syscall on a kobject which is not initialized and has no access

◆ test_access_kobject_without_init_with_access()

void test_access_kobject_without_init_with_access ( void )

Test syscall on a kobject which is not initialized and has access.

See also: k_thread_access_grant()

◆ test_all_kobjects_str()

void test_all_kobjects_str ( void )

Test get all kernel object list.

Get all of the kernel object in kobject list.

◆ test_alloc_kobjects()

void test_alloc_kobjects ( void )

Test kernel object allocation.

Allocate all kinds of kernel object and do permission operation functions.

See also: k_object_alloc()

◆ test_create_new_essential_thread_from_user()

void test_create_new_essential_thread_from_user ( void )

Create a new essential thread from user.

◆ test_create_new_higher_prio_thread_from_user()

void test_create_new_higher_prio_thread_from_user ( void )

Thread creation with prority is higher than current thread.

_handler_k_thread_create validation.

◆ test_create_new_invalid_prio_thread_from_user()

void test_create_new_invalid_prio_thread_from_user ( void )

Create a new thread whose prority is invalid.

_handler_k_thread_create validation.

◆ test_create_new_supervisor_thread_from_user()

void test_create_new_supervisor_thread_from_user ( void )

Test to create a new supervisor thread from user.

The system kernel must prevent user threads from creating supervisor threads.

◆ test_create_new_thread_from_user()

void test_create_new_thread_from_user ( void )

Test thread create from a user thread and check permissions.

Test user thread can create new thread.
Verify that given thread and thread stack permissions to the user thread, allow to create new user thread.
Veify that new created user thread have access to its own thread object by aborting itself.

◆ test_create_new_thread_from_user_huge_stacksize()

void test_create_new_thread_from_user_huge_stacksize ( void )

Test to check stack overflow from user thread.

Create a new thread from user and use a stack bigger than allowed size. This is_handler_k_thread_create validation.

◆ test_create_new_thread_from_user_invalid_stacksize()

void test_create_new_thread_from_user_invalid_stacksize ( void )

Test to validate user thread spawning with stack overflow.

Create a new thread from user and use a huge stack size which overflows. This is _handler_k_thread_create validation.

◆ test_create_new_thread_from_user_no_access_stack()

void test_create_new_thread_from_user_no_access_stack ( void )

Test creates new thread from usermode without stack access.

Create a new thread from user and the user doesn't have access to the stack region of new thread. _handler_k_thread_create validation.

◆ test_inherit_resource_pool()

void test_inherit_resource_pool ( void )

Test child thread inherits parent's thread resource pool.

Create a memory heap heap_mem for the parent thread.
Then special system call ret_resource_pool_ptr() returns pointer to the resource pool of the current thread.
Call it in the parent_handler() and in the child_handler()
Then in the main test function test_inherit_resource_pool() compare returned addresses
If the addresses are the same, it means that child thread inherited resource pool of the parent's thread -test passed.

See also: z_thread_heap_assign()

◆ test_kobj_create_out_of_memory()

void test_kobj_create_out_of_memory ( void )

Test kernel object until out of memory.

Create a dynamic kernel object repeatedly until run out of all heap memory, an expected out of memory error generated.

See also: k_object_alloc()

◆ test_kobject_access_all_grant()

void test_kobject_access_all_grant ( void )

Test supervisor thread grants kernel objects all access public status.

System makes kernel object kobject_public_sem public to all threads Test the access to that kernel object by creating two new user threads.

See also: k_object_access_all_grant()

◆ test_kobject_access_all_grant_error()

void test_kobject_access_all_grant_error ( void )

Test grant access to all the kobject for thread.

Call function with a NULL parameter, an expected fault happened.

See also: k_thread_access_all_grant()

◆ test_kobject_access_grant()

void test_kobject_access_grant ( void )

Test access to a invalid semaphore who's address is NULL.

See also: k_thread_access_grant(), k_thread_user_mode_enter()

◆ test_kobject_access_grant_error()

void test_kobject_access_grant_error ( void )

Test grant access of given NULL kobject.

Call function with a NULL parameter in supervisor mode, nothing happened.

See also: k_thread_access_grant()

◆ test_kobject_access_grant_error_user()

void test_kobject_access_grant_error_user ( void )

Test grant access of given NULL thread in usermode.

Call function with NULL parameter, an expected fault happened.

See also: k_thread_access_grant()

◆ test_kobject_access_grant_error_user_null()

void test_kobject_access_grant_error_user_null ( void )

Test grant access of given NULL kobject in usermode.

Call function with a NULL parameter, an expected fault happened.

See also: k_thread_access_grant()

◆ test_kobject_access_grant_to_invalid_thread()

void test_kobject_access_grant_to_invalid_thread ( void )

Test grant access to a valid kobject but invalid thread id.

See also: k_object_access_grant(), k_object_access_revoke(), z_object_find()

◆ test_kobject_access_invalid_kobject()

void test_kobject_access_invalid_kobject ( void )

Object validation checks.

Test syscall on a kobject which is not present in the hash table.

◆ test_kobject_free_error()

void test_kobject_free_error ( void )

Test free an invalid kernel object.

Spawn a thread free a NULL, an expected fault happened.

See also: k_object_free()

◆ test_kobject_grant_access_kobj()

void test_kobject_grant_access_kobj ( void )

Test access revoke.

See also: k_thread_access_grant(), k_object_access_revoke()

◆ test_kobject_grant_access_kobj_invalid()

void test_kobject_grant_access_kobj_invalid ( void )

Test access grant between threads.

Test access grant to thread B from thread A which doesn't have required permissions.

See also: k_thread_access_grant()

◆ test_kobject_init_error()

void test_kobject_init_error ( void )

Test alloc an invalid kernel object.

Allocate invalid kernel objects, then no alloction will be returned.

See also: k_object_alloc()

◆ test_kobject_invalid()

void test_kobject_invalid ( void )

Test release and access grant an invaild kobject.

Validate release and access grant an invalid kernel object.

See also: k_object_release(), k_object_access_all_grant()

◆ test_kobject_perm_error()

void test_kobject_perm_error ( void )

Test grant access failed in user mode.

Before grant access of static kobject to user thread, any grant access to this thread, will trigger an expected thread permission error.

See also: k_thread_access_grant()

◆ test_kobject_reinitialize_thread_kobj()

void test_kobject_reinitialize_thread_kobj ( void )

Test to reinitialize the k_thread object.

◆ test_kobject_release_from_user()

void test_kobject_release_from_user ( void )

Test revoke permission of a k_object from userspace.

See also: k_thread_access_grant(), k_object_release()

◆ test_kobject_revoke_access()

void test_kobject_revoke_access ( void )

Test access revoke.

See also: k_thread_access_grant(), k_object_access_revoke()

◆ test_krnl_obj_static_alloc_build_time()

void test_krnl_obj_static_alloc_build_time ( void )

◆ test_macros_obtain_names_data_bss()

void test_macros_obtain_names_data_bss ( void )

◆ test_mark_thread_exit_uninitialized()

void test_mark_thread_exit_uninitialized ( void )

Test when thread exits, kernel marks stack objects uninitialized.

When thread exits, the kernel upon thread exit, should mark the exiting thread and thread stack object as uninitialized

◆ test_mem_domain_api_supervisor_only()

void test_mem_domain_api_supervisor_only ( void )

Test access memory domain APIs allowed to supervisor threads only.

Show that invoking any of the memory domain APIs from user mode leads to a fault.

See also: k_mem_domain_init(), k_mem_domain_add_partition(), k_mem_domain_remove_partition(), k_mem_domain_add_thread()

◆ test_mem_domain_boot_threads()

void test_mem_domain_boot_threads ( void )

Show that boot threads belong to the default memory domain.

Static threads and the main thread are supposed to start as members of the default memory domain. Prove this is the case by examining the memory domain membership of z_main_thread and a static thread.

◆ test_mem_domain_init_fail()

void test_mem_domain_init_fail ( void )

Test error case of initializing memory domain fail.

Try to initialize a domain with invalid partition. k_mem_domain_init() should return non-zero.

◆ test_mem_domain_invalid_access()

void test_mem_domain_invalid_access ( void )

Show that a user thread can't touch partitions not in its domain.

◆ test_mem_domain_migration()

void test_mem_domain_migration ( void )

TESTPOINT: add to existing domain will do nothing

◆ test_mem_domain_no_writes_to_ro()

void test_mem_domain_no_writes_to_ro ( void )

Show that a read-only partition can't be written to.

◆ test_mem_domain_remove_add_partition()

void test_mem_domain_remove_add_partition ( void )

Show that adding/removing partitions works.

Show that removing a partition doesn't affect access to other partitions. Show that removing a partition generates a fault if its data is accessed. Show that adding a partition back restores access from a user thread.

◆ test_mem_domain_remove_part_fail()

void test_mem_domain_remove_part_fail ( void )

◆ test_mem_domain_setup()

void test_mem_domain_setup ( void )

◆ test_mem_domain_valid_access()

void test_mem_domain_valid_access ( void )

Check if the mem_domain is configured and accessible for userspace.

Join a memory domain with a read-write memory partition and a read-only partition within it, and show that the data in the partition is accessible as expected by the permissions provided.

◆ test_mem_part_add_error_null()

void test_mem_part_add_error_null ( void )

Test error case of adding null memory partition fail.

Try to add a null partition to memory domain. k_mem_domain_add_partition() should return error.

◆ test_mem_part_add_error_zerosize()

void test_mem_part_add_error_zerosize ( void )

Test error case of adding zero sized memory partition fail.

Try to add a zero sized partition to memory domain. k_mem_domain_add_partition() should return error.

◆ test_mem_part_assert_add_overmax()

void test_mem_part_assert_add_overmax ( void )

Test system assert when adding memory partitions more than possible.

Add memory partitions one by one and more than architecture allows to add.
When partitions added more than it is allowed by architecture, test that k_mem_domain_add_partition() returns non-zero.

◆ test_mem_part_assign_bss_vars_zero()

void test_mem_part_assign_bss_vars_zero ( void )

◆ test_mem_part_auto_determ_size()

void test_mem_part_auto_determ_size ( void )

◆ test_mem_part_error_wraparound()

void test_mem_part_error_wraparound ( void )

Test error case of memory partition address wraparound.

Try to add a partition whose adddress is wraparound. k_mem_domain_add_partition() should return error.

◆ test_mem_part_overlap()

void test_mem_part_overlap ( void )

Test system assert when new partition overlaps the existing partition.

Test Objective:

Test assertion if the new partition overlaps existing partition in domain

Testing techniques:

System testing

Prerequisite Conditions:

N/A

Input Specifications:

N/A

Test Procedure:

Define testing memory partition overlap_part with the same start ro_buf as has the existing memory partition ro_part
Try to add overlap_part to the memory domain. When adding the new partition to the memory domain the system will assert that new partition overlaps with the existing partition ro_part .

Expected Test Result:

Must happen an assertion error indicating that the new partition overlaps the existing one.

Pass/Fail Criteria:

Success if the overlap assertion will happen.
Failure if the overlap assertion will not happen.

Assumptions and Constraints:

N/A

See also: k_mem_domain_add_partition()

◆ test_mem_part_remove_error_zerosize()

void test_mem_part_remove_error_zerosize ( void )

Test error case of removing memory partition fail.

Try to remove a partition size mismatched will result in k_mem_domain_remove_partition() returning error.

◆ test_new_user_thread_with_in_use_stack_obj()

void test_new_user_thread_with_in_use_stack_obj ( void )

Test create new user thread from a user thread with in-use stack obj.

The kernel must prevent new user threads to use initiliazed (in-use) stack objects. In that case extra_thread is going to be create with in-use stack object child_stack. That will generate error, showing that kernel memory protection is working correctly.

◆ test_permission_inheritance()

void test_permission_inheritance ( void )

Test object permission inheritance except of the parent thread object.

To the parent current thread grant permissions on kernel objects.
Create a child thread and check that it inherited permissions on that kernel objects.
Then check child thread can't access to the parent thread object using API command k_thread_priority_get()
At the same moment that test verifies that child thread was granted permission on a kernel objects. That meanis child user thread caller already has permission on the thread objects being granted.

See also: k_mem_domain_init(), k_mem_domain_add_thread(), k_thread_access_grant()

◆ test_syscall_invalid_kobject()

void test_syscall_invalid_kobject ( void )

Test syscall can take a different type of kobject.

Test syscall can take a different type of kobject and syscall will generate fatal error if check fails.

See also: k_thread_access_grant()

◆ test_thread_alloc_out_of_idx()

void test_thread_alloc_out_of_idx ( void )

◆ test_thread_has_residual_permissions()

void test_thread_has_residual_permissions ( void )

Test access permission of a terminated thread.

If a deleted thread with some permissions is recreated with the same tid, check if it still has the permissions.

See also: k_thread_access_grant()

◆ test_thread_without_kobject_permission()

void test_thread_without_kobject_permission ( void )

Test user thread can access a k_object without grant.

The kernel will fail system call on kernel object that tracks thread permissions, on thread that don't have permission granted on the object.

See also: k_thread_access_grant(), k_thread_user_mode_enter()

Variable Documentation

◆ valid_fault

volatile bool valid_fault

extern

	Zephyr API Documentation 3.0.0 A Scalable Open Source RTOS
3.0.0

Macros

Functions

Variables