When `z_get_fd_obj_and_vtable()` function returns NULL (no valid entry
in the FD table for the socket), there is no need for further usermode
checks on the `ctx` pointer, as there is nothing to invalidate in that
case.
Fixes#25990Fixes#25991
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The original sockets system calls used file descriptors which
were actually net_context pointers. For all socket system calls,
any calls from user mode would check if the caller had permission
to use the net context.
This was later changed to not stuff net_context pointers into file
descriptors, but all the permission checking was unintentionally
lost, allowing all threads on the system to
read/write all socket file descriptors in the system at will, with
no way to isolate applications running on the same microcontroller
from each other's network activity.
This patch restores the permission checks on network context objects
for socket system calls that originated from user mode.
The call to z_object_recycle() was never removed from
zsock_socket_internal(); this is again leveraged to grant the
caller who opened the socket permission on the net_context
associated with the returned file descriptor.
To ensure that all socket calls do this checking, all uses of
z_get_fd_obj_and_vtable() have been routed through get_sock_vtable().
Objects have initialization state set and thread permissions
reset to just the caller in common zsock_socket() code.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The socketpair file descriptor context objects are heap allocated
and not drawn from a static pool. Register these as kernel objects
when we create them if user mode is enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Zephyr running on MPU devices have a different memory model than
process-oriented OSes like Linux and require a method to set
kernel object permissions on a file descriptor's underlying
context object. Add this, and a test to show that it is working.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Used for permission validation when accessing the associated file
descriptors from user mode.
There often get defined in implementation code, expand the search
to look in drivers/ and subsys/net/.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Need to use %zd in formatter string for net_pkt_get_len since it returns
a size_t otherwise we get something like:
error: format ‘%d’ expects argument of type ‘int’, but argument
3 has type ‘size_t’ {aka ‘long unsigned int’} [-Werror=format=]
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
If we are calling sendmsg() without any aux data, then msg_controllen
is 0 and msg_control is NULL. Check these allowed values properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we are calling sendmsg() for a connected socket, then msg_namelen
is 0 and msg_name is NULL. Check these allowed values properly.
Also modify unit tests so that we test this scenario.
Fixes#25925
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
In this, case is_nonblock is false and will_block is true.
Therefore, we *may* block, and furthermore we *expect* to
block. Checking is_nonblock is, in fact, redundant, and
passing K_FOREVER to k_sem_take() is justified.
Fixes#25727
Coverity-CID: 210611
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
After recent changes to shell, there is no more "no_such_command:
command not found" message when executing non-existing command. Restore
that message, so users are warned once again about wrong command,
instead of silently ignoring their request.
Fixes: 512de5ecac ("shell: Refactor command execution to enable raw
arguments")
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Due to new checks in mbedTLS config sanitizer, TLS option can no longer
be left enabled, when TLS is not used. OpenThread needs MBEDTLS_MD_C
and MBEDTLS_CIPHER_C even without TLS being used, so we need an option
to enable them manually.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The bt_l2cap_le_conn_rsp struct in l2cap_internal.h has not been
declared __packed. This can cause alignment problems on some
platforms if the struct is placed on an unaligned address.
A __packed declaration solves this issue by forcing the compiler to
use store instructions that do not required alignment.
Signed-off-by: Jim Luther <jilu@oticon.com>
Implemented an intermediate decrypt buffer to cover the CCM
overrun under CRC error conditions. The workaround is
applicable to nRF52832 SoC only, which is missing the
MAXPACKETSIZE register in the NRF_CCM peripheral.
Fixes#21107 for nRF52832 SoC.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
The Router Advertisement can have prefix option. It's length
is 4 but the code did not check that which meant that we could
accept malformed packet. See RFC 4861 chapter 4.6.2 for details.
Fixes#25694
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that we do not add same IPv6 prefix, received from RA,
multiple times to prefix timer list. This avoids possible
denial-of-service issue if we receive suitably crafted RA packet.
Fixes#25698
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Set 'log_backend_rtt:panic_mode' before calling 'log_backend_std_panic',
because otherwise the RTT backend behaves as if the system is NOT
panicking and tries to do asynchronous writes via RTT_LOCK/UNLOCK.
Signed-Off-By: Andrew Fernandes <andrew@fernandes.org>
Adds propagation of error returns from the model init callbacks in
Access, and removing any other checks for successful init in the
foundation models.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Fix missing assignment of NRF_CCM->MAXPACKETSIZE register
for PDU sizes smaller than 251 bytes. If there is CRC errors
causing PDU length fields to be higher than configured PDU
buffer sizes in the controller, without the MAXPACKETSIZE
register set to correct PDU size, CCM module could overrun
the PDU buffer and cause memory corruption. This fix is
applicable for all nRF52 Series SoCs except nRF52832 SoC.
Fixes#21107.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
This will be useful to test network stack's power management support.
There is no other way to do it, so far, but to hardcode such config
option test there.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
On buffer flush request it is very probably that write buffer
contains amount of data which is non write-block-size aligned.
Flash memory need to be write at minimal by write-block-size chunks.
This patch addresses mechanism which ensure such behavior by adding
missing bytes.
fixes#25471
streamer buffer size should be multiple write-block-size of
the flash device in order to avoid unaligned flash write
request.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
After removal of legacy controller ll_adv_aux.h does not exist anymore.
This is fixed in this PR by including ull_adv_aux.h instead.
The error only shows up when Advertisement Extensions are enabled
in the LL (CONFIG_BT_CTLR_ADV_EXT=y)
Signed-off-by: Andries Kruithof <Andries.Kruithof@nordicsemi.no>
CC: mesh/access.c
mesh/access.c: In function 'model_has_dst':
mesh/access.c:483:10:
warning: returning 'u16_t *' {aka 'short unsigned int *'} from
a function with return type '_Bool8' {aka 'unsigned char'} makes
integer from pointer without a cast [-Wint-conversion]
483 | return bt_mesh_model_find_group(&mod, dst);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: chao an <anchao@xiaomi.com>
The existing feature exchange procedure does not give the proper
response as specified in the BT core spec 5.0.
The old behaviour is that the feature-response returns the logical and
of the features for both peers.
The behaviour implemented here is that the feature-response returns the
featureset of the peer, except for octet 0 which is the logical and of
the supported features.
Tested by using the bt shell, and having different featuresets
on the 2 peers.
This fixes#25483
Signed-off-by: Andries Kruithof <Andries.Kruithof@nordicsemi.no>
OpenThread moved from 4 to 5 debug levels and it was not possible
to configure all of them with Kconfig.
Signed-off-by: Eduardo Montoya <eduardo.montoya@nordicsemi.no>
In order to support the retransmission for the outgoing data:
1. The outgoing data packet is appended to the send_data queue
in net_tcp_queue_data().
2. tcp_send_queued_data() is called and will use tcp_send_data()
to sends queued but unsent data packet by packet
until there's an unsent data and the receiver's window isn't full.
tcp_send_queued_data() subscribes send_data_timer
that will handle retrasmissions with tcp_resend_data().
3. tcp_send_data() peeks a single chunk of data from the send_data
queue that will not exceed the maximum segment size
until the the receiver's window is full.
tcp_send_data() uses conn->seq and conn->unack_len as the sequence
number for the TCP packet.
conn->unacked_len is advanced on each send.
4. On data acknowledgment:
- acknowledged amount of data is removed from the beginning
of the send_data queue
- conn->seq is advanced by the acknowledged amount
- conn->unacked_len is decremented by the acknowledged amount
- send_data_timer is cancelled
- tcp_send_queued_data() is called to send queued but
prevoiusly unsent data
5. On timeout, tcp_resend_data() will reset conn->unack_len,
peek one packet from the beginning of the send_queue and resend,
terminating the connection on retries exceeded.
Meanwhile the outgoing data tcp_send_queued_data() is just
appended to the send_data but not sent.
In case of the acknowledgement, tcp_send_queued_data() will
start sending multiple packets until the receiver's window
is full.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to support the retransmission for the outgoind data,
add the following into the TCP connection:
- struct net_pkt *send_data (used as a queue)
- send_data_total
- unack_len
- send_data_timer
- send_data_retries
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to support the send window, add send_win into
the TCP connection.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to support the data retransmission, refactor tcp_out()
into tcp_out_ext() which supports passing the sequence number.
In addition drop modifications of the connection sequence number
from tcp_out_ext(), this is the responsibility of data retransmission.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to use struct net_pkt for the outgoing data queue,
update tcp_pkt_alloc() macros, so they support allocation
without buffer.
Additionally, merge tcp_pkt_alloc() macros macros into one.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Unsuccessfull packet clone in tcp_data_get() isn't handled,
add an error handling and don't ACK the incoming data in this case.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to handle sequence overflow cases, use
net_tcp_seq_greater() to check if the sequence is greater/lower.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
The initial sequence number for a connection should be randomized
to prevent easy guesses.
Do not randomize the sequence number if network test or
test protocol is enabled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Some Kconfig defined devices may be defined using dt_chosen_label
function. Since there is no way to ensure a device enabled in dts
is also defined in Kconfig, it may happen that instance is not
actually defined.
In this case device_get_binding might return 0, leading to undefined
behavior in the function that calls it.
When not already done, systematically check return of function
device_get_binding on devices defined through dt_chosen_label macro.
Trigger ASSERT when required and return error when possible.
Fixes#20068
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
This commits fixes the loading of bt/cf settings into memory. Only data
was loaded and not the address.
Signed-off-by: François Delawarde <fnde@demant.com>
For backwards compatibility ignore not-supported errors for devices
that don't support power management.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Change fixes storing the data by adding missing write retry after
the last compression. Without the change error was returned instead
of retrying.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
build breakage if SMP is disabled
In function `bt_unpair':
bluetooth/host/hci_core.c:2640: undefined reference to `bt_foreach_bond'
Signed-off-by: chao an <anchao@xiaomi.com>
There was a possible race condition between sock_is_nonblock()
and k_sem_take() in spair_read() and spair_write() that was
mitigated.
Also clarified some of the conditional branching in those
functions.
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
The boot time measurement can also run with the HPET timer so there's
no reason to restrict it to APIC.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
