zephyr/tests/kernel/mem_protect/userspace/CMakeLists.txt

# SPDX-License-Identifier: Apache-2.0

cmake_minimum_required(VERSION 3.20.0)
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
project(userspace)

FILE(GLOB app_sources src/*.c)
target_sources(app PRIVATE ${app_sources})
license: cleanup: add SPDX Apache-2.0 license identifier Update the files which contain no license information with the 'Apache-2.0' SPDX license identifier. Many source files in the tree are missing licensing information, which makes it harder for compliance tools to determine the correct license. By default all files without license information are under the default license of Zephyr, which is Apache version 2. Signed-off-by: Anas Nashif <anas.nashif@intel.com> 2019-04-06 15:08:09 +02:00			`# SPDX-License-Identifier: Apache-2.0`

cmake: increase minimal required version to 3.20.0 Move to CMake 3.20.0. At the Toolchain WG it was decided to move to CMake 3.20.0. The main reason for increasing CMake version is better toolchain support. Better toolchain support is added in the following CMake versions: - armclang, CMake 3.15 - Intel oneAPI, CMake 3.20 - IAR, CMake 3.15 and 3.20 Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> 2021-08-10 14:44:56 +02:00			`cmake_minimum_required(VERSION 3.20.0)`
tests: make find_package(Zephyr...) REQUIRED ... because it is (required). This makes a difference when building with CMake and forgetting ZEPHYR_BASE or not registering Zephyr in the CMake package registry. In this particular case, REQUIRED turns this harmless looking log statement: -- Could NOT find Zephyr (missing: Zephyr_DIR) -- The C compiler identification is GNU 9.3.0 -- The CXX compiler identification is GNU 9.3.0 -- Check for working C compiler: /usr/bin/cc -- ... -- ... -- ... -- Detecting CXX compile features -- Detecting CXX compile features - done CMake Error at CMakeLists.txt:8 (target_sources): Cannot specify sources for target "app" which is not built by this project. ... into this louder, clearer, faster and (last but not least) final error: CMake Error at CMakeLists.txt:5 (find_package): Could not find a package configuration file provided by "Zephyr" with any of the following names: ZephyrConfig.cmake zephyr-config.cmake Add the installation prefix of "Zephyr" to CMAKE_PREFIX_PATH or set "Zephyr_DIR" to a directory containing one of the above files. If "Zephyr" provides a separate development package or SDK, be sure it has been installed. -- Configuring incomplete, errors occurred! Signed-off-by: Marc Herbert <marc.herbert@intel.com> 2020-05-29 02:58:50 +02:00			`find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})`
samples, tests: Use semi-accurate project names When using an IDE (e.g. Eclipse, Qt Creator), the project name gets displayed. This greatly simplifies the navigation between projects when having many of them open at the same time. Naming every project "NONE" defeats this functionality. This patch tries to use sensible project names while not duplicating too much of what is already represented in the path. This is done by using the name of the directory the relevant CMakeLists.txt file is stored in. To ensure unique project names in the samples (and again, in the tests folder) folder, small manual adjustments have been done. Signed-off-by: Reto Schneider <code@reto-schneider.ch> 2018-10-25 16:54:09 +02:00			`project(userspace)`
tests/kernel/mem_protect/userspace: Add userspace protection tests This is still work-in-progress, but putting it up in case it is helpful to people working in this area and for early comments. Add a set of tests to validate the expected security properties of threads created with K_USER when CONFIG_USERSPACE=y. This can be used as a regression test for architectures that already implement this support and as a validation test for others. I considered incorporating these tests into the existing protection test, but decided against it since protection does not enable or rely upon CONFIG_USERSPACE for its existing tests and passes on everything that provides MPU or MMU support, even without full userspace support. I also considered incorporating these tests into the existing obj_validation test, but decided against it since obj_validation only tests the object validation/permission logic, does not run any user mode threads (or strictly depend on that support), and passes on both x86 and arm today, unlike these tests. That said, I have no strong objections if it would be preferable to fold these into it (and perhaps rename it to be more general). The current tests implemented in this test program verify the following for a thread created with K_USER: is_usermode: is running in usermode priv_insn: cannot invoke privileged insns directly write_control: cannot write to control registers disable_mmu_mpu: cannot disable memory protections (MMU/MPU) read_kernram: cannot read from kernel RAM write_kernram: cannot write to kernel RAM write_kernro: cannot write to kernel rodata write_kerntext: cannot write to kernel text read_kernel_data: cannot read __kernel-marked data write_kernel_data: cannot write __kernel-marked data read_kernel_stack: cannot read the kernel/privileged stack write_kernel_stack: cannot write the kernel/privileged stack pass_user_object: cannot pass a non-kernel object to a syscall pass_noperms_object: cannot pass an object to a syscall without a grant start_kernel_thread: cannot start a kernel (non-user) thread Some of the tests overlap and could possibly be dropped, but it seems harmless to retain them. The particular targets of read/write tests are arbitrary other than meeting the test criteria and can be changed (e.g. in data, rodata, or text) if desired to avoid coupling to kernel implementation details that may change in the future. On qemu_x86, all of the tests pass. And, if you replace all occurrences of ztest_user_unit_test() with ztest_unit_test(), then all of the tests fail (i.e. when the tests are run in kernel mode, they all fail as expected). On frdm_k64f presently (w/o the arm userspace patches), all of the tests fail except for write_kernro and write_kerntext, as expected. ToDo: - Verify that a user thread cannot access data in another memory domain. - Verify that a user thread cannot access another thread's stack. - Verify that a user thread cannot access another thread's kobject. - Verify that k_thread_user_mode_enter() transitions correctly. - Verify that k_object_access_revoke() is enforced. - Verify that syscalls return to user mode upon completion. - Verify that a user thread cannot abuse other svc calls (ARM-specific). - Other suggested properties we should be testing? Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2017-11-20 22:39:20 +01:00
			`FILE(GLOB app_sources src/*.c)`
			`target_sources(app PRIVATE ${app_sources})`