When `z_get_fd_obj_and_vtable()` function returns NULL (no valid entry
in the FD table for the socket), there is no need for further usermode
checks on the `ctx` pointer, as there is nothing to invalidate in that
case.
Fixes#25990Fixes#25991
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Left unset it becomes the first partition, which is not what's used
for littlefs, and specifically isn't on the external flash for
nrf52840dk_nrf52840.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The flash interface header needs to be available regardless of
selected filesystem implementation.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
When millisecond/tick conversion is not exact tick delta's are
dependent on the initial tick value. In those cases exact comparisons
need to also allow an adjacent value.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
When HFCLK has a slew making it faster than LFCLK the busy wait can
expire before the timer fires.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Reduce the duration of the timer test so that it will fire before the
busywait elapses even in the worst case of slew between the tick and
busy-wait clocks.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This test sets a timer using one clock, waits using a second clock,
then sees whether the remaining time is the expected value. When the
two clocks are skewed the comparison requires a threshold. Provide a
means to estimate the maximum expected error.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This commit updates the Zephyr documentation with changes introduced
by Zephyr CMake package.
It removes 'zephyr-env.sh/cmd' where no longer needed, and updates
boilerplate inclusion to find_package.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
These CVEs have been released from embargo. Include details in the v2.3
release notes, and in the vulnerabilities document.
Signed-off-by: David Brown <david.brown@linaro.org>
Some ticks are counted additionally when the autoreload
interrupts were too close together.
This patch improve the counts of the clock cycle.
lptim_fired worked badly in particular because the flag ARRM
was not raised when the interrupt was forced.
Signed-off-by: Julien D'Ascenzio <julien.dascenzio@paratronic.fr>
If ticks is K_TICKS_FOREVER the register autoreload isn't set.
So, on the next call to the z_clock_set_timeout function
the wait for the flag ARROK will be infinite.
Signed-off-by: Julien D'Ascenzio <julien.dascenzio@paratronic.fr>
When test is performed, it assumes that no other entity is changing
the state of the clock. That was not true because calibration was
turning on/off high frequency clock.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
The original sockets system calls used file descriptors which
were actually net_context pointers. For all socket system calls,
any calls from user mode would check if the caller had permission
to use the net context.
This was later changed to not stuff net_context pointers into file
descriptors, but all the permission checking was unintentionally
lost, allowing all threads on the system to
read/write all socket file descriptors in the system at will, with
no way to isolate applications running on the same microcontroller
from each other's network activity.
This patch restores the permission checks on network context objects
for socket system calls that originated from user mode.
The call to z_object_recycle() was never removed from
zsock_socket_internal(); this is again leveraged to grant the
caller who opened the socket permission on the net_context
associated with the returned file descriptor.
To ensure that all socket calls do this checking, all uses of
z_get_fd_obj_and_vtable() have been routed through get_sock_vtable().
Objects have initialization state set and thread permissions
reset to just the caller in common zsock_socket() code.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The socketpair file descriptor context objects are heap allocated
and not drawn from a static pool. Register these as kernel objects
when we create them if user mode is enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now have a low-level function z_dynamic_object_create()
which is not a system call and is used for installing
kernel objects that are not supported by k_object_alloc().
Checking for valid object type enumeration values moved
completely to the implementation function.
A few debug messages and comments were improved.
Futexes and sys_mutexes are now properly excluded from
dynamic generation.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Anytime a file descriptor context object is updated, we need to
reset its access permissions and initialization state. This
is the most centralized place to do it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This socket is shared by all the test cases which run in
different threads. Just make it a global object here.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Zephyr running on MPU devices have a different memory model than
process-oriented OSes like Linux and require a method to set
kernel object permissions on a file descriptor's underlying
context object. Add this, and a test to show that it is working.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Used for permission validation when accessing the associated file
descriptors from user mode.
There often get defined in implementation code, expand the search
to look in drivers/ and subsys/net/.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Any data structure declaration tagged with __net_socket will end up
in the kernel object table with type K_OBJ_NET_SOCKET. These all
correspond to objects which are associated with socket file
descriptors and can handle the socket vtable API.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Now we can build up lists of data structures matching a list
of particular tags, with __subsystem being just one case.
Relax searches to also look inside C files, since struct
prototypes may be declared there as well.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Certain types of system call validation may need to be pushed
deeper in the implementation and not performed in the verification
function. If such checks are only pertinent when the caller was
from user mode, we need an API to detect this situation.
This is implemented by having thread->syscall_frame be non-NULL
only while a user system call is in progress. The template for the
system call marshalling functions is changed to clear this value
on exit.
A test is added to prove that this works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This was passing along _current->ssf, but these types of bad
syscalls do not go through the z_mrsh mechanism and was
passing stale data.
We have the syscall stack frame already as an argument,
propagate that so it works properly.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Need to use %zd in formatter string for net_pkt_get_len since it returns
a size_t otherwise we get something like:
error: format ‘%d’ expects argument of type ‘int’, but argument
3 has type ‘size_t’ {aka ‘long unsigned int’} [-Werror=format=]
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit fills the Build and Infrastructure section with the Zephyr
CMake package enhancement.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Signed-off-by: Carles Cufí <carles.cufi@nordicsemi.no>
If we are calling sendmsg() without any aux data, then msg_controllen
is 0 and msg_control is NULL. Check these allowed values properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we are calling sendmsg() for a connected socket, then msg_namelen
is 0 and msg_name is NULL. Check these allowed values properly.
Also modify unit tests so that we test this scenario.
Fixes#25925
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
