The maximum data length that can be appended using net_pkt_append()
should be set to TCP send_mss only if it is smaller than allowed
payload length in net_pkt.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
For calculating amount of payload data that can be added in a packet,
we need to subtract IPv6 or IPv4 header lengths from MTU.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Define _image_rodata_start/end to match x86 and so that we can
refer to them in the userspace test among others.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This is still work-in-progress, but putting it up in case it is
helpful to people working in this area and for early comments.
Add a set of tests to validate the expected security properties
of threads created with K_USER when CONFIG_USERSPACE=y. This can
be used as a regression test for architectures that already implement
this support and as a validation test for others.
I considered incorporating these tests into the existing protection
test, but decided against it since protection does not enable or rely
upon CONFIG_USERSPACE for its existing tests and passes on everything
that provides MPU or MMU support, even without full userspace support.
I also considered incorporating these tests into the existing
obj_validation test, but decided against it since obj_validation only
tests the object validation/permission logic, does not run any user
mode threads (or strictly depend on that support), and passes
on both x86 and arm today, unlike these tests. That said, I have no
strong objections if it would be preferable to fold these into it
(and perhaps rename it to be more general).
The current tests implemented in this test program verify the following
for a thread created with K_USER:
is_usermode: is running in usermode
priv_insn: cannot invoke privileged insns directly
write_control: cannot write to control registers
disable_mmu_mpu: cannot disable memory protections (MMU/MPU)
read_kernram: cannot read from kernel RAM
write_kernram: cannot write to kernel RAM
write_kernro: cannot write to kernel rodata
write_kerntext: cannot write to kernel text
read_kernel_data: cannot read __kernel-marked data
write_kernel_data: cannot write __kernel-marked data
read_kernel_stack: cannot read the kernel/privileged stack
write_kernel_stack: cannot write the kernel/privileged stack
pass_user_object: cannot pass a non-kernel object to a syscall
pass_noperms_object: cannot pass an object to a syscall without a grant
start_kernel_thread: cannot start a kernel (non-user) thread
Some of the tests overlap and could possibly be dropped, but it
seems harmless to retain them. The particular targets of read/write
tests are arbitrary other than meeting the test criteria and can be
changed (e.g. in data, rodata, or text) if desired to avoid coupling
to kernel implementation details that may change in the future.
On qemu_x86, all of the tests pass. And, if you replace all
occurrences of ztest_user_unit_test() with ztest_unit_test(), then
all of the tests fail (i.e. when the tests are run in kernel mode,
they all fail as expected). On frdm_k64f presently (w/o the arm
userspace patches), all of the tests fail except for write_kernro and
write_kerntext, as expected.
ToDo:
- Verify that a user thread cannot access data in another memory domain.
- Verify that a user thread cannot access another thread's stack.
- Verify that a user thread cannot access another thread's kobject.
- Verify that k_thread_user_mode_enter() transitions correctly.
- Verify that k_object_access_revoke() is enforced.
- Verify that syscalls return to user mode upon completion.
- Verify that a user thread cannot abuse other svc calls (ARM-specific).
- Other suggested properties we should be testing?
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
When net debugging is enabled, the count variable is initialized to -1.
This may cause division by zero if there is only one fragment in pkt.
Solve this by setting the count to 0 and checking the value before the
print at the end of the function.
Successfully tested on STM32F407 SoC.
Signed-off-by: Ding Tao <miyatsu@qq.com>
This patch makes minor improvements to the flash documentation:
* spi -> SPI
* Capitialise the first word in a sentance
* Adding the, and, all, etc where appropriate.
Signed-off-by: Michael Hope <mlhx@google.com>
Waiting for transfer complete and stop condition uses while loops
even when interrupt mode is enabled.
Implement use of TC, TCR and STOP interrupt for interrupt mode.
msg_done is not needed in interrupt mode anymore, so move it
to non-interrupt section
Tested with stm32f3_disco board.
Signed-off-by: Daniel Wagenknecht <wagenknecht@clage.de>
Disabling of Interrupts is duplicated. Move it to a position
that is common to messages that end with and without errors.
Signed-off-by: Daniel Wagenknecht <wagenknecht@clage.de>
There were several issues with the code:
- queue_size wasn't properly kept up to date, leading to erroneous
buffer discarding logic.
- Poll timeout when there were buffers in the Friend Queue didn't
work because we didn't track if there'd been a preceding request
for messages or not (hence the added pending_req variable).
- We would overwrite the recv_delay timer if there was another
request while the previous one was still sending (a likely scenario
if we send out multiple advertising events per packet).
- We weren't canceling the sending of a buffer if the Friendship was
suddenly cleared.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
When receiving Friend Offers we should also consider unestablished
contexts, and simply start from the beginning if that happens.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Pass the subnet to some friend_cred_* APIs since it contains all
necessary information for choosing the right keys to generate them
from. Also shorten the API names to avoid awkward line splitting -
these are internal APIs so it's an acceptable compromise. One bug that
this fixes as part of the cleanup is using the right NetKey Index when
clearing Friendship: previously the code was always using the index of
the first subnet, regardless of which subnet the Friendship was based
on.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Key Refresh Phase 2 is analogous to the Key Refresh flag being set.
This means that the flag can directly be used as the index to the
new/old key two-element array.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Since the stack supports runtime reset and reprovisioning, we need to
clear the network message cache whenever creating a new mesh network.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Remove inconsistent and sometimes unreliable tracking of what
advertising parameters should be used and when the Node Identity
advertising started. The main change that facilitates this is to have
the Node ID start timestamp as part of the mesh subnet context.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Some PTS test cases only work when we're advertising using Network
Identity. Using the default timeout of 60 seconds for Node Identity
will cause this test cases to fail (i.e. the PTS gives up before
Zephyr transitions to advertising from Node Identity to Network
Identity).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The shell was being inconsistent in its parsing of boolean parameters.
Some commands were documented as accepting "on" but were actually
parsing the parameter with strtoul() which would result in 0.
Introduce a new helper to convert a string to a u8_t which still
accepts "on" or "enable". This gives us full flexibility of having a
simple interface to the user, but still allowing non-boolean values to
be tested (since on-air the value is a full octet).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Instead of having a hard-coded UUID, introduce a command to change it.
This is particularly useful if there are many unprovisioned nodes
around.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Having the Static OOB value set up-front can be confusing to the user
since they will not know what the value is. Start off by having it
unset, but introduce a new command using which the user can either set
or clear it.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Both options were originally parameters to *make*, not cmake, so people
can augment QEMU ibocation from run to run, not from complete rebuild
to complete rebuild. Make them such again.
However, just in case, ability to set "default" value for those options
on CMake level is preserved.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The target_cc_option[_fallback]() CMake extentions are now C++
aware. This means that they will now test options with both C and C++
compiler and include flags appropriately.
This fixes a warning that was issued when -Wno-pointer-sign was used
with .cpp files.
cc1plus: warning: command line option ‘-Wno-pointer-sign’ is valid for
C/ObjC but not for C++
NB: This patch is designed to only affect CONFIG_CPLUSPLUS builds in
case there are any adverse affects with using generator expressions.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This function has presents an easy-to-use interface that wraps the two
CMake built-in functions check_c_compiler_flag() and
check_cxx_compiler_flag().
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Fixes the following compile error when building
tests/bluetooth/shell application:
In file included from subsys/bluetooth/shell/ticker.c:16:0:
subsys/bluetooth/shell/../controller/util/mayfly.h:21:2:
error: unknown type name 'memq_link_t'
memq_link_t *_link;
^~~~~~~~~~~
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
test_main() takes no arguments, so this was causing a fault
after returning from test_main due to the stack canary checking.
Before, the test run ends with:
PROJECT EXECUTION SUCCESSFUL
***** CPU Page Fault (error code 0x00000011)
Supervisor thread executed address 0x00400000
PDE: 0x027 Present, Writable, User, Execute Enabled
PTE: 0x80000000267 Present, Writable, User, Execute Disable
Current thread ID = 0x00401080
Faulting segment:address = 0x0008:0x00400000
eax: 0x00000000, ebx: 0x00000000, ecx: 0x0040b19c, edx: 0x000056df
esi: 0x00000000, edi: 0x00000000, ebp: 0x000051c0, esp: 0x0040b1d8
eflags: 0x246
Caught system error -- reason 6
After, the test run ends with:
PROJECT EXECUTION SUCCESSFUL
Reported-by: Joshua Domagalski <jedomag@tycho.ncsc.mil>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Save the required scratch pad register (in this case only edx)
before calling the C function.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
We need to send out a Health Fault Current Status (the Health Model's
publication message) when all faults are cleared. The logic for
calculating number of faults was also wrong after the updated model
publication API.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The Health Current Fault message size was being set too small to fit
any faults. Use a macro to make sure the size gets applied in both
places where appropriate.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Fixes error encountered during connecting BLE endpoint.
[bt] [ERR] le_remote_feat_complete: Unable to lookup conn for handle 32
This is to work around a buggy controller that states support for
enhanced privacy, but misbehaves when it's enabled. This change
makes it possible to ensure the host doesn't try to enable the enhanced
event by simply disabling the privacy feature in Kconfig.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
If we get a different key value in Phase 1 we should return the same
"Cannot Update" error as in phases 2 and 3. This fixes test case
MESH/NODE/KR/BI-02-C.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This makes it possible to pass all IV Update tests without having to
build a custom configuration for some of the tests. We also disable
the feature in all sample configurations, but leave it on in the
tests.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
There was a chance that initial beacons for subnets would be sent with
uninitialized data. Make sure we initialize the beacon data each time
when we create a new subnet.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Make sure committers have correct and valid git settings and verify that
the committer idenity matches one of the signed-off-by entries.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Vakul Garg