commit d859295be9 ("tests: protection: convert to testcase.yaml")
removed testcase.ini but did not add an equivalent testcase.yaml.
Add it.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Add a self-protection test suite with a set of tests
to check whether one can overwrite read-only data
and text, and whether one can execute from data,
stack, or heap buffers. These tests are modeled after
a subset of the lkdtm tests in the Linux kernel.
These tests have twice caught bugs in the Zephyr NXP MPU
driver, once during initial testing/review of the code
(in its earliest forms on gerrit, reported to the original
author there) and most recently the regression introduced
by commit bacbea6e21 ("arm: nxp: mpu: Rework handling
of region descriptor 0"), which was fixed by
commit a8aa9d4f3d ("arm: nxp: mpu: Fix region descriptor
0 attributes") after being reported.
This is intended to be a testsuite of self-protection features
rather than just a test of MPU functionality. It is envisioned
that these tests will be expanded to cover a wider range of
protection features beyond just memory protection, and the
current tests are independent of any particular enforcement
mechanism (e.g. MPU, MMU, or other).
The tests are intended to be cross-platform, and have been
built and run on both x86- and ARM-based boards. The tests
currently fail on x86-based boards, but this is an accurate
reflection of current protections and should change as MMU
support arrives.
The tests leverage the ztest framework, making them suitable
for incorporation into automated regression testing for Zephyr.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This will prepare test cases and samples with metadata and information
that will be consumed by the sanitycheck script which will be changed to
parse YAML files instead of ini.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This is unmaintained and currently has no known users. It was
added to support a Wind River project. If in the future we need it
again, we should re-introduce it with an exception-based mechanism
for catching out-of-bounds memory queries from the debugger.
The mem_safe subsystem is also removed, it is only used by the
GDB server. If its functionality is needed in the future, it
shoudl be replaced with an exception-based mechanism.
The _image_{ram, rom, text}_{start, end} linker variables have
been left in place, they will be re-purposed and expanded to
support memory protection.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Stephen Smalley