Macros
#define	PRIO K_PRIO_PREEMPT(1)
	Show that moving a thread from one domain to another works.

Functions
void	test_k_mem_map_phys_bare_rw (void)
	Show that mapping an irregular size buffer works and RW flag is respected.

void	test_k_mem_map_phys_bare_exec (void)
	Show that mapping with/without K_MEM_PERM_EXEC works as expected.

void	test_k_mem_map_phys_bare_side_effect (void)
	Show that memory mapping doesn't have unintended side effects.

void	test_k_mem_unmap_phys_bare (void)
	Test that k_mem_unmap_phys_bare() unmaps the memory and it is no longer accessible afterwards.

void	test_k_mem_map_phys_bare_unmap_reclaim_addr (void)
	Show that k_mem_unmap_phys_bare() can reclaim the virtual region correctly.

void	test_permission_inheritance (void)
	Test object permission inheritance except of the parent thread object.

void	test_inherit_resource_pool (void)
	Test child thread inherits parent's thread resource pool.

void	test_kobject_access_grant (void)
	Test access to a invalid semaphore who's address is NULL.

void	test_kobject_access_grant_error (void)
	Test grant access of given NULL kobject.

void	test_kobject_access_grant_error_user (void)
	Test grant access of given NULL thread in usermode.

void	test_kobject_access_grant_error_user_null (void)
	Test grant access of given NULL kobject in usermode.

void	test_kobject_access_all_grant_error (void)
	Test grant access to all the kobject for thread.

void	test_syscall_invalid_kobject (void)
	Test syscall can take a different type of kobject.

void	test_thread_without_kobject_permission (void)
	Test user thread can access a k_object without grant.

void	test_kobject_revoke_access (void)
	Test access revoke.

void	test_kobject_grant_access_kobj (void)
	Test access revoke.

void	test_kobject_grant_access_kobj_invalid (void)
	Test access grant between threads.

void	test_kobject_release_from_user (void)
	Test revoke permission of a k_object from userspace.

void	test_kobject_invalid (void)
	Test release and access grant an invalid kobject.

void	test_kobject_access_all_grant (void)
	Test supervisor thread grants kernel objects all access public status.

void	test_thread_has_residual_permissions (void)
	Test access permission of a terminated thread.

void	test_kobject_access_grant_to_invalid_thread (void)
	Test grant access to a valid kobject but invalid thread id.

void	test_kobject_access_invalid_kobject (void)
	Object validation checks.

void	test_access_kobject_without_init_access (void)
	Object validation checks without init access.

void	test_access_kobject_without_init_with_access (void)
	Test syscall on a kobject which is not initialized and has access.

void	test_kobject_reinitialize_thread_kobj (void)
	Test to reinitialize the k_thread object.

void	test_create_new_thread_from_user (void)
	Test thread create from a user thread and check permissions.

void	test_new_user_thread_with_in_use_stack_obj (void)
	Test create new user thread from a user thread with in-use stack obj.

void	test_create_new_thread_from_user_no_access_stack (void)
	Test creates new thread from usermode without stack access.

void	test_create_new_thread_from_user_invalid_stacksize (void)
	Test to validate user thread spawning with stack overflow.

void	test_create_new_thread_from_user_huge_stacksize (void)
	Test to check stack overflow from user thread.

void	test_create_new_supervisor_thread_from_user (void)
	Test to create a new supervisor thread from user.

void	test_create_new_essential_thread_from_user (void)
	Create a new essential thread from user.

void	test_create_new_higher_prio_thread_from_user (void)
	Thread creation with priority is higher than current thread.

void	test_create_new_invalid_prio_thread_from_user (void)
	Create a new thread whose priority is invalid.

void	test_mark_thread_exit_uninitialized (void)
	Test when thread exits, kernel marks stack objects uninitialized.

void	test_kobject_free_error (void)
	Test free an invalid kernel object.

void	test_kobject_init_error (void)
	Test alloc an invalid kernel object.

void	test_kobj_create_out_of_memory (void)
	Test kernel object until out of memory.

void	test_alloc_kobjects (void)
	Test kernel object allocation.

void	test_kobject_perm_error (void)
	Test grant access failed in user mode.

void	test_all_kobjects_str (void)
	Test get all kernel object list.

void	test_mem_domain_valid_access (void)
	Check if the mem_domain is configured and accessible for userspace.

void	test_mem_domain_invalid_access (void)
	Show that a user thread can't touch partitions not in its domain.

void	test_mem_domain_no_writes_to_ro (void)
	Show that a read-only partition can't be written to.

void	test_mem_domain_remove_add_partition (void)
	Show that adding/removing partitions works.

void	test_mem_domain_api_supervisor_only (void)
	Test access memory domain APIs allowed to supervisor threads only.

void	test_mem_domain_boot_threads (void)
	Show that boot threads belong to the default memory domain.

void	test_mem_part_overlap (void)
	Test system assert when new partition overlaps the existing partition.

void	test_mem_part_assert_add_overmax (void)
	Test system assert when adding memory partitions more than possible.

void	test_mem_domain_init_fail (void)
	Test error case of initializing memory domain fail.

void	test_mem_part_add_error_null (void)
	Test error case of adding null memory partition fail.

void	test_mem_part_add_error_zerosize (void)
	Test error case of adding zero sized memory partition fail.

void	test_mem_part_error_wraparound (void)
	Test error case of memory partition address wraparound.

void	test_mem_part_remove_error_zerosize (void)
	Test error case of removing memory partition fail.

static volatile	K_APP_DMEM (ztest_mem_partition)
	Test assigning global data and BSS variables to memory partitions.

	K_APP_BMEM (part_arch)
	Test partitions sized per the constraints of the MPU hardware.

void	test_generic_object (void)
	Test to verify object permission.

void	test_kobj_assign_perms_on_alloc_obj (void)
	Test requestor thread will implicitly be assigned permission on the dynamically allocated object.

void	test_no_ref_dyn_kobj_release_mem (void)
	Test dynamically allocated kernel object release memory.

void	test_write_ro (void)
	Test write to read only section.

void	test_write_text (void)
	Test to execute on text section.

void	test_exec_data (void)
	Test execution from data section.

void	test_exec_stack (void)
	Test execution from stack section.

void	test_exec_heap (void)
	Test execution from heap.

	TOOLCHAIN_ENABLE_GCC_WARNING (TOOLCHAIN_WARNING_DANGLING_POINTER)
	Test stack pointer randomization.

void	test_stackprot (void)
	test Stack Protector feature using canary

void	test_create_alt_thread (void)
	Test optional mechanism to detect stack overflow.

void	test_canary_value (void)
	Test stack canaries behavior.

void	test_guard_page_front (void)
	Test faulting on front guard page.

void	test_guard_page_rear (void)
	Test faulting on rear guard page.

void	test_guard_page_front_user (void)
	Test faulting on front guard page in user mode.

void	test_guard_page_rear_user (void)
	Test faulting on rear guard page in user mode.

void	test_string_nlen (void)
	Test to demonstrate usage of k_usermode_string_nlen()

void	test_user_string_alloc_copy (void)
	Test to verify syscall for string alloc copy.

void	test_user_string_copy (void)
	Test sys_call for string copy.

void	test_to_copy (void)
	Test to demonstrate system call for copy.

void	test_is_usermode (void)
	Test to check if the thread is in user mode.

void	test_write_control (void)
	Test to write to a control register.

void	test_disable_mmu_mpu (void)
	Test to disable memory protection.

void	test_read_kernram (void)
	Test to read from kernel RAM.

void	test_write_kernram (void)
	Test to write to kernel RAM.

void	test_write_kernro (void)
	Test to write kernel RO.

void	test_write_kerntext (void)
	Test to write to kernel text section.

void	test_read_kernel_data (void)
	Test to read from kernel data section.

void	test_write_kernel_data (void)
	Test to write to kernel data section.

	K_APP_DMEM (default_part) volatile
	Test to read privileged stack.

void	test_write_priv_stack (void)
	Test to write to privilege stack.

	K_APP_BMEM (default_part)
	Test to pass a user object to system call.

void	test_pass_noperms_object (void)
	Test to pass object to a system call without permissions.

void	test_start_kernel_thread (void)
	Test to start kernel thread from usermode.

void	test_read_other_stack (void)
	Test to read from another thread's stack.

void	test_write_other_stack (void)
	Test to write to other thread's stack.

void	test_revoke_noperms_object (void)
	Test to revoke access to kobject without permission.

void	test_access_after_revoke (void)
	Test to access object after revoking access.

void	test_user_mode_enter (void)
	Test to check supervisor thread enter one-way to usermode.

void	test_write_kobject_user_pipe (void)
	Test to write to kobject using pipe.

void	test_read_kobject_user_pipe (void)
	Test to read from kobject using pipe.

void	test_1st_init_and_access_other_memdomain (void)
	Test creation of new memory domains.

void	test_domain_add_thread_drop_to_user (void)
	Show that changing between memory domains and dropping to user mode works as expected.

void	test_domain_remove_part_drop_to_user (void)
	Show that self-removing a partition from a domain we are a member of, and then dropping to user mode faults as expected.

void	test_domain_add_thread_context_switch (void)
	Show that changing between memory domains and then switching to another thread in the same domain works as expected.

void	test_domain_remove_part_context_switch (void)
	Show that self-removing a partition from a domain we are a member of, and then switching to another user thread in the same domain faults as expected.

void	test_unimplemented_syscall (void)
	Test unimplemented system call.

void	test_bad_syscall (void)
	Test bad syscall handler.

void	test_object_recycle (void)
	Test recycle object.

void	test_access_kernel_obj_with_priv_data (void)
	Test access kernel object with private data using system call.

void	test_stack_buffer (void)
	Test kernel provides user thread read/write access to its own stack memory buffer.

void	test_idle_stack (void)
	Show that the idle thread stack size is correct.

void	test_user_corrupt_stack_pointer (void)
	Test sys_call does not write to user stack.

void	test_syscall_cpu_scrubs_regs (void)
	Test CPU scrubs registers after system call.

void	test_ram_perms (void)
	Test that MMU flags on RAM virtual address range are set properly.

void	test_null_map (void)
	Test that the NULL virtual page is always non-present.

void	test_dump_ptables_user (void)
	Dump kernel's page tables to console.

Detailed Description

Macro Definition Documentation

◆ PRIO

#define PRIO K_PRIO_PREEMPT(1)

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Show that moving a thread from one domain to another works.

Start a thread and have it spin. Then while it is spinning, show that adding it to another memory domain doesn't cause any faults.

This test is of particular importance on SMP systems where the child thread is spinning on a different CPU concurrently with the migration operation.

See also: k_mem_domain_add_thread()

Function Documentation

◆ K_APP_BMEM() [1/2]

K_APP_BMEM ( default_part ) volatile

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to pass a user object to system call.

◆ K_APP_BMEM() [2/2]

K_APP_BMEM ( part_arch )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_partition.c>

Test partitions sized per the constraints of the MPU hardware.

MEM_REGION_ALLOC is pre-sized to naturally fit in the target hardware's memory management granularity. Show that the partition size matches.
Show that the base address of the partition is properly set, it should match the base address of buf_arc.

◆ K_APP_DMEM() [1/2]

K_APP_DMEM ( default_part ) volatile

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to read privileged stack.

◆ K_APP_DMEM() [2/2]

static volatile K_APP_DMEM ( ztest_mem_partition )

static

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_partition.c>

Test assigning global data and BSS variables to memory partitions.

Test that system supports application assigning global data and BSS variables using macros K_APP_BMEM() and K_APP_DMEM

◆ test_1st_init_and_access_other_memdomain()

void test_1st_init_and_access_other_memdomain ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test creation of new memory domains.

We initialize a new memory domain and show that its partition configuration is correct. This new domain has "alt_part" in it, but not "default_part". We then try to modify data in "default_part" and show it produces an exception since that partition is not in the new domain.

This caught a bug once where an MMU system copied page tables for the new domain and accidentally copied memory partition permissions from the source page tables, allowing the write to "default_part" to work.

◆ test_access_after_revoke()

void test_access_after_revoke ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to access object after revoking access.

◆ test_access_kernel_obj_with_priv_data()

void test_access_kernel_obj_with_priv_data ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/queue/src/test_queue_contexts.c>

Test access kernel object with private data using system call.

When defining system calls, it is very important to ensure that access to the API’s private data is done exclusively through system call interfaces. Private kernel data should never be made available to user mode threads directly. For example, the k_queue APIs were intentionally not made available as they store bookkeeping information about the queue directly in the queue buffers which are visible from user mode.
Current test makes user thread try to access private kernel data within their associated data structures. Kernel will track that system call access to these object with the kernel object permission system. Current user thread doesn't have permission on it, trying to access &pqueue kernel object will happen kernel oops, because current user thread doesn't have permission on k_queue object with private kernel data.

◆ test_access_kobject_without_init_access()

void test_access_kobject_without_init_access ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Object validation checks without init access.

Test syscall on a kobject which is not initialized and has no access

◆ test_access_kobject_without_init_with_access()

void test_access_kobject_without_init_with_access ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test syscall on a kobject which is not initialized and has access.

See also: k_thread_access_grant()

◆ test_all_kobjects_str()

void test_all_kobjects_str ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test get all kernel object list.

Get all of the kernel object in kobject list.

◆ test_alloc_kobjects()

void test_alloc_kobjects ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test kernel object allocation.

Allocate all kinds of kernel object and do permission operation functions.

See also: k_object_alloc()

◆ test_bad_syscall()

void test_bad_syscall ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test bad syscall handler.

When a system call handler decides to terminate the calling thread, the kernel will produce error which indicates the context, where the faulting system call was made from user code.

◆ test_canary_value()

void test_canary_value ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/stackprot/src/main.c>

Test stack canaries behavior.

Test that canaries value are different between threads when CONFIG_STACK_CANARIES_TLS is enabled.

◆ test_create_alt_thread()

void test_create_alt_thread ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/stackprot/src/main.c>

Test optional mechanism to detect stack overflow.

Test that the system provides an optional mechanism to detect when supervisor threads overflow stack memory buffer.

◆ test_create_new_essential_thread_from_user()

void test_create_new_essential_thread_from_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Create a new essential thread from user.

◆ test_create_new_higher_prio_thread_from_user()

void test_create_new_higher_prio_thread_from_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Thread creation with priority is higher than current thread.

_handler_k_thread_create validation.

◆ test_create_new_invalid_prio_thread_from_user()

void test_create_new_invalid_prio_thread_from_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Create a new thread whose priority is invalid.

_handler_k_thread_create validation.

◆ test_create_new_supervisor_thread_from_user()

void test_create_new_supervisor_thread_from_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test to create a new supervisor thread from user.

The system kernel must prevent user threads from creating supervisor threads.

◆ test_create_new_thread_from_user()

void test_create_new_thread_from_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test thread create from a user thread and check permissions.

Test user thread can create new thread.
Verify that given thread and thread stack permissions to the user thread, allow to create new user thread.
Verify that new created user thread have access to its own thread object by aborting itself.

◆ test_create_new_thread_from_user_huge_stacksize()

void test_create_new_thread_from_user_huge_stacksize ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test to check stack overflow from user thread.

Create a new thread from user and use a stack bigger than allowed size. This is_handler_k_thread_create validation.

◆ test_create_new_thread_from_user_invalid_stacksize()

void test_create_new_thread_from_user_invalid_stacksize ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test to validate user thread spawning with stack overflow.

Create a new thread from user and use a huge stack size which overflows. This is _handler_k_thread_create validation.

◆ test_create_new_thread_from_user_no_access_stack()

void test_create_new_thread_from_user_no_access_stack ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test creates new thread from usermode without stack access.

Create a new thread from user and the user doesn't have access to the stack region of new thread. _handler_k_thread_create validation.

◆ test_disable_mmu_mpu()

void test_disable_mmu_mpu ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to disable memory protection.

◆ test_domain_add_thread_context_switch()

void test_domain_add_thread_context_switch ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Show that changing between memory domains and then switching to another thread in the same domain works as expected.

◆ test_domain_add_thread_drop_to_user()

void test_domain_add_thread_drop_to_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Show that changing between memory domains and dropping to user mode works as expected.

◆ test_domain_remove_part_context_switch()

void test_domain_remove_part_context_switch ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Show that self-removing a partition from a domain we are a member of, and then switching to another user thread in the same domain faults as expected.

◆ test_domain_remove_part_drop_to_user()

void test_domain_remove_part_drop_to_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Show that self-removing a partition from a domain we are a member of, and then dropping to user mode faults as expected.

◆ test_dump_ptables_user()

void test_dump_ptables_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/arch/x86/pagetables/src/main.c>

Dump kernel's page tables to console.

We don't verify any specific output, but this shouldn't crash

◆ test_exec_data()

void test_exec_data ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/protection/src/main.c>

Test execution from data section.

◆ test_exec_heap()

void test_exec_heap ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/protection/src/main.c>

Test execution from heap.

◆ test_exec_stack()

void test_exec_stack ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/protection/src/main.c>

Test execution from stack section.

◆ test_generic_object()

void test_generic_object ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/obj_validation/src/main.c>

Test to verify object permission.

The kernel must be able to associate kernel object memory addresses with whether the calling thread has access to that object, the object is of the expected type, and the object is of the expected init state.
Test support freeing kernel objects allocated at runtime manually.

See also: k_object_alloc(), k_object_access_grant()

◆ test_guard_page_front()

void test_guard_page_front ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/stackprot/src/mapped_stack.c>

Test faulting on front guard page.

◆ test_guard_page_front_user()

void test_guard_page_front_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/stackprot/src/mapped_stack.c>

Test faulting on front guard page in user mode.

◆ test_guard_page_rear()

void test_guard_page_rear ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/stackprot/src/mapped_stack.c>

Test faulting on rear guard page.

◆ test_guard_page_rear_user()

void test_guard_page_rear_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/stackprot/src/mapped_stack.c>

Test faulting on rear guard page in user mode.

◆ test_idle_stack()

void test_idle_stack ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/threads/thread_stack/src/main.c>

Show that the idle thread stack size is correct.

The idle thread has to occasionally clean up self-exiting threads. Exercise this and show that we didn't overflow, reporting out stack usage.

◆ test_inherit_resource_pool()

void test_inherit_resource_pool ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/inherit.c>

Test child thread inherits parent's thread resource pool.

Create a memory heap heap_mem for the parent thread.
Then special system call ret_resource_pool_ptr() returns pointer to the resource pool of the current thread.
Call it in the parent_handler() and in the child_handler()
Then in the main test function test_inherit_resource_pool() compare returned addresses
If the addresses are the same, it means that child thread inherited resource pool of the parent's thread -test passed.

See also: k_thread_heap_assign()

◆ test_is_usermode()

void test_is_usermode ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to check if the thread is in user mode.

◆ test_k_mem_map_phys_bare_exec()

void test_k_mem_map_phys_bare_exec ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_map/src/main.c>

Show that mapping with/without K_MEM_PERM_EXEC works as expected.

◆ test_k_mem_map_phys_bare_rw()

void test_k_mem_map_phys_bare_rw ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_map/src/main.c>

Show that mapping an irregular size buffer works and RW flag is respected.

◆ test_k_mem_map_phys_bare_side_effect()

void test_k_mem_map_phys_bare_side_effect ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_map/src/main.c>

Show that memory mapping doesn't have unintended side effects.

◆ test_k_mem_map_phys_bare_unmap_reclaim_addr()

void test_k_mem_map_phys_bare_unmap_reclaim_addr ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_map/src/main.c>

Show that k_mem_unmap_phys_bare() can reclaim the virtual region correctly.

◆ test_k_mem_unmap_phys_bare()

void test_k_mem_unmap_phys_bare ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_map/src/main.c>

Test that k_mem_unmap_phys_bare() unmaps the memory and it is no longer accessible afterwards.

◆ test_kobj_assign_perms_on_alloc_obj()

void test_kobj_assign_perms_on_alloc_obj ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/obj_validation/src/main.c>

Test requestor thread will implicitly be assigned permission on the dynamically allocated object.

Create kernel object semaphore, dynamically allocate it from the calling thread's resource pool.
Check that object's address is in bounds of that memory pool.
Then check the requestor thread will implicitly be assigned permission on the allocated object by using semaphore API k_sem_init()

See also: k_object_alloc()

◆ test_kobj_create_out_of_memory()

void test_kobj_create_out_of_memory ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test kernel object until out of memory.

Create a dynamic kernel object repeatedly until run out of all heap memory, an expected out of memory error generated.

See also: k_object_alloc()

◆ test_kobject_access_all_grant()

void test_kobject_access_all_grant ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test supervisor thread grants kernel objects all access public status.

System makes kernel object kobject_public_sem public to all threads Test the access to that kernel object by creating two new user threads.

See also: k_object_access_all_grant()

◆ test_kobject_access_all_grant_error()

void test_kobject_access_all_grant_error ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test grant access to all the kobject for thread.

Call function with a NULL parameter, an expected fault happened.

See also: k_thread_access_all_grant()

◆ test_kobject_access_grant()

void test_kobject_access_grant ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test access to a invalid semaphore who's address is NULL.

See also: k_thread_access_grant(), k_thread_user_mode_enter()

◆ test_kobject_access_grant_error()

void test_kobject_access_grant_error ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test grant access of given NULL kobject.

Call function with a NULL parameter in supervisor mode, nothing happened.

See also: k_thread_access_grant()

◆ test_kobject_access_grant_error_user()

void test_kobject_access_grant_error_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test grant access of given NULL thread in usermode.

Call function with NULL parameter, an expected fault happened.

See also: k_thread_access_grant()

◆ test_kobject_access_grant_error_user_null()

void test_kobject_access_grant_error_user_null ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test grant access of given NULL kobject in usermode.

Call function with a NULL parameter, an expected fault happened.

See also: k_thread_access_grant()

◆ test_kobject_access_grant_to_invalid_thread()

void test_kobject_access_grant_to_invalid_thread ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test grant access to a valid kobject but invalid thread id.

See also: k_object_access_grant(), k_object_access_revoke(), k_object_find()

◆ test_kobject_access_invalid_kobject()

void test_kobject_access_invalid_kobject ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Object validation checks.

Test syscall on a kobject which is not present in the hash table.

◆ test_kobject_free_error()

void test_kobject_free_error ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test free an invalid kernel object.

Spawn a thread free a NULL, an expected fault happened.

See also: k_object_free()

◆ test_kobject_grant_access_kobj()

void test_kobject_grant_access_kobj ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test access revoke.

See also: k_thread_access_grant(), k_object_access_revoke()

◆ test_kobject_grant_access_kobj_invalid()

void test_kobject_grant_access_kobj_invalid ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test access grant between threads.

Test access grant to thread B from thread A which doesn't have required permissions.

See also: k_thread_access_grant()

◆ test_kobject_init_error()

void test_kobject_init_error ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test alloc an invalid kernel object.

Allocate invalid kernel objects, then no allocation will be returned.

See also: k_object_alloc()

◆ test_kobject_invalid()

void test_kobject_invalid ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test release and access grant an invalid kobject.

Validate release and access grant an invalid kernel object.

See also: k_object_release(), k_object_access_all_grant()

◆ test_kobject_perm_error()

void test_kobject_perm_error ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test grant access failed in user mode.

Before grant access of static kobject to user thread, any grant access to this thread, will trigger an expected thread permission error.

See also: k_thread_access_grant()

◆ test_kobject_reinitialize_thread_kobj()

void test_kobject_reinitialize_thread_kobj ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test to reinitialize the k_thread object.

◆ test_kobject_release_from_user()

void test_kobject_release_from_user ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test revoke permission of a k_object from userspace.

See also: k_thread_access_grant(), k_object_release()

◆ test_kobject_revoke_access()

void test_kobject_revoke_access ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test access revoke.

See also: k_thread_access_grant(), k_object_access_revoke()

◆ test_mark_thread_exit_uninitialized()

void test_mark_thread_exit_uninitialized ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test when thread exits, kernel marks stack objects uninitialized.

When thread exits, the kernel upon thread exit, should mark the exiting thread and thread stack object as uninitialized

◆ test_mem_domain_api_supervisor_only()

void test_mem_domain_api_supervisor_only ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Test access memory domain APIs allowed to supervisor threads only.

Show that invoking any of the memory domain APIs from user mode leads to a fault.

See also: k_mem_domain_init(), k_mem_domain_add_partition(), k_mem_domain_remove_partition(), k_mem_domain_add_thread()

◆ test_mem_domain_boot_threads()

void test_mem_domain_boot_threads ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Show that boot threads belong to the default memory domain.

Static threads and the main thread are supposed to start as members of the default memory domain. Prove this is the case by examining the memory domain membership of z_main_thread and a static thread.

◆ test_mem_domain_init_fail()

void test_mem_domain_init_fail ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Test error case of initializing memory domain fail.

Try to initialize a domain with invalid partition. k_mem_domain_init() should return non-zero.

◆ test_mem_domain_invalid_access()

void test_mem_domain_invalid_access ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Show that a user thread can't touch partitions not in its domain.

◆ test_mem_domain_no_writes_to_ro()

void test_mem_domain_no_writes_to_ro ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Show that a read-only partition can't be written to.

◆ test_mem_domain_remove_add_partition()

void test_mem_domain_remove_add_partition ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Show that adding/removing partitions works.

Show that removing a partition doesn't affect access to other partitions. Show that removing a partition generates a fault if its data is accessed. Show that adding a partition back restores access from a user thread.

◆ test_mem_domain_valid_access()

void test_mem_domain_valid_access ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Check if the mem_domain is configured and accessible for userspace.

Join a memory domain with a read-write memory partition and a read-only partition within it, and show that the data in the partition is accessible as expected by the permissions provided.

◆ test_mem_part_add_error_null()

void test_mem_part_add_error_null ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Test error case of adding null memory partition fail.

Try to add a null partition to memory domain. k_mem_domain_add_partition() should return error.

◆ test_mem_part_add_error_zerosize()

void test_mem_part_add_error_zerosize ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Test error case of adding zero sized memory partition fail.

Try to add a zero sized partition to memory domain. k_mem_domain_add_partition() should return error.

◆ test_mem_part_assert_add_overmax()

void test_mem_part_assert_add_overmax ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Test system assert when adding memory partitions more than possible.

Add memory partitions one by one and more than architecture allows to add.
When partitions added more than it is allowed by architecture, test that k_mem_domain_add_partition() returns non-zero.

◆ test_mem_part_error_wraparound()

void test_mem_part_error_wraparound ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Test error case of memory partition address wraparound.

Try to add a partition whose address is wraparound. k_mem_domain_add_partition() should return error.

◆ test_mem_part_overlap()

void test_mem_part_overlap ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Test system assert when new partition overlaps the existing partition.

Test Objective:

Test assertion if the new partition overlaps existing partition in domain

Testing techniques:

System testing

Prerequisite Conditions:

N/A

Input Specifications:

N/A

Test Procedure:

Define testing memory partition overlap_part with the same start ro_buf as has the existing memory partition ro_part
Try to add overlap_part to the memory domain. When adding the new partition to the memory domain the system will assert that new partition overlaps with the existing partition ro_part .

Expected Test Result:

Must happen an assertion error indicating that the new partition overlaps the existing one.

Pass/Fail Criteria:

Success if the overlap assertion will happen.
Failure if the overlap assertion will not happen.

Assumptions and Constraints:

N/A

See also: k_mem_domain_add_partition()

◆ test_mem_part_remove_error_zerosize()

void test_mem_part_remove_error_zerosize ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/mem_domain.c>

Test error case of removing memory partition fail.

Try to remove a partition size mismatched will result in k_mem_domain_remove_partition() returning error.

◆ test_new_user_thread_with_in_use_stack_obj()

void test_new_user_thread_with_in_use_stack_obj ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test create new user thread from a user thread with in-use stack obj.

The kernel must prevent new user threads to use initialized (in-use) stack objects. In that case extra_thread is going to be create with in-use stack object child_stack. That will generate error, showing that kernel memory protection is working correctly.

◆ test_no_ref_dyn_kobj_release_mem()

void test_no_ref_dyn_kobj_release_mem ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/obj_validation/src/main.c>

Test dynamically allocated kernel object release memory.

Dynamically allocated kernel objects whose access is controlled by the permission system will use object permission as a reference count. If no threads have access to an object, the object's memory released.

See also: k_object_alloc()

◆ test_null_map()

void test_null_map ( void )

#include </home/runner/work/safety-doc/zephyr/tests/arch/x86/pagetables/src/main.c>

Test that the NULL virtual page is always non-present.

◆ test_object_recycle()

void test_object_recycle ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test recycle object.

Test recycle valid/invalid kernel object, see if perms_count changes as expected.

See also: k_object_recycle(), k_object_find()

◆ test_pass_noperms_object()

void test_pass_noperms_object ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to pass object to a system call without permissions.

◆ test_permission_inheritance()

void test_permission_inheritance ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/inherit.c>

Test object permission inheritance except of the parent thread object.

To the parent current thread grant permissions on kernel objects.
Create a child thread and check that it inherited permissions on that kernel objects.
Then check child thread can't access to the parent thread object using API command k_thread_priority_get()
At the same moment that test verifies that child thread was granted permission on a kernel objects. That means child user thread caller already has permission on the thread objects being granted.

See also: k_mem_domain_init(), k_mem_domain_add_thread(), k_thread_access_grant()

◆ test_ram_perms()

void test_ram_perms ( void )

#include </home/runner/work/safety-doc/zephyr/tests/arch/x86/pagetables/src/main.c>

Test that MMU flags on RAM virtual address range are set properly.

◆ test_read_kernel_data()

void test_read_kernel_data ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to read from kernel data section.

◆ test_read_kernram()

void test_read_kernram ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to read from kernel RAM.

◆ test_read_kobject_user_pipe()

void test_read_kobject_user_pipe ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to read from kobject using pipe.

◆ test_read_other_stack()

void test_read_other_stack ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to read from another thread's stack.

◆ test_revoke_noperms_object()

void test_revoke_noperms_object ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to revoke access to kobject without permission.

User thread can only revoke their own access to an object. In that test user thread to revokes access to unathorized object, as a result the system will assert.

◆ test_stack_buffer()

void test_stack_buffer ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/threads/thread_stack/src/main.c>

Test kernel provides user thread read/write access to its own stack memory buffer.

Thread can access its own stack memory buffer and perform read/write operations.

◆ test_stackprot()

void test_stackprot ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/stackprot/src/main.c>

test Stack Protector feature using canary

This is the test program to test stack protection using canary. The main thread starts a second thread, which generates a stack check failure. By design, the second thread will not complete its execution and will not set ret to TC_FAIL. This is the entry point to the test stack protection feature. It starts the thread that tests stack protection, then prints out a few messages before terminating.

◆ test_start_kernel_thread()

void test_start_kernel_thread ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to start kernel thread from usermode.

◆ test_string_nlen()

void test_string_nlen ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/syscalls/src/main.c>

Test to demonstrate usage of k_usermode_string_nlen()

The test will be called from user mode and kernel mode to check the behavior of k_usermode_string_nlen()

See also: k_usermode_string_nlen()

◆ test_syscall_cpu_scrubs_regs()

void test_syscall_cpu_scrubs_regs ( void )

#include </home/runner/work/safety-doc/zephyr/tests/arch/arm/arm_thread_swap/src/arm_syscalls.c>

Test CPU scrubs registers after system call.

Call from user mode a syscall test_arm_cpu_write_reg(), the system call function writes into registers 0xDEADBEEF value

Then in main test function below check registers values, if no 0xDEADBEEF value detected, that means CPU scrubbed registers before exit from the system call.

Call from user mode a syscall test_x86_cpu_write_reg(), the system call function writes into registers 0xDEADBEEF value

Then in main test function below check registers values, if no 0xDEADBEEF value detected, that means CPU scrubbed registers before exit from the system call.

◆ test_syscall_invalid_kobject()

void test_syscall_invalid_kobject ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test syscall can take a different type of kobject.

Test syscall can take a different type of kobject and syscall will generate fatal error if check fails.

See also: k_thread_access_grant()

◆ test_thread_has_residual_permissions()

void test_thread_has_residual_permissions ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test access permission of a terminated thread.

If a deleted thread with some permissions is recreated with the same tid, check if it still has the permissions.

See also: k_thread_access_grant()

◆ test_thread_without_kobject_permission()

void test_thread_without_kobject_permission ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/mem_protect/src/kobject.c>

Test user thread can access a k_object without grant.

The kernel will fail system call on kernel object that tracks thread permissions, on thread that don't have permission granted on the object.

See also: k_thread_access_grant(), k_thread_user_mode_enter()

◆ test_to_copy()

void test_to_copy ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/syscalls/src/main.c>

Test to demonstrate system call for copy.

See also: memcpy(), k_usermode_to_copy()

◆ test_unimplemented_syscall()

void test_unimplemented_syscall ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test unimplemented system call.

Created a syscall with name missing_syscall() without a verification function. The kernel shall safety handle invocations of unimplemented system calls.

◆ test_user_corrupt_stack_pointer()

void test_user_corrupt_stack_pointer ( void )

#include </home/runner/work/safety-doc/zephyr/tests/arch/arm/arm_mem_protect/src/main.c>

Test sys_call does not write to user stack.

◆ test_user_mode_enter()

void test_user_mode_enter ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to check supervisor thread enter one-way to usermode.

A thread running in supervisor mode must have one-way operation ability to drop privileges to user mode.

◆ test_user_string_alloc_copy()

void test_user_string_alloc_copy ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/syscalls/src/main.c>

Test to verify syscall for string alloc copy.

See also: k_usermode_string_alloc_copy(), strcmp()

◆ test_user_string_copy()

void test_user_string_copy ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/syscalls/src/main.c>

Test sys_call for string copy.

See also: k_usermode_string_copy(), strcmp()

◆ test_write_control()

void test_write_control ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to write to a control register.

◆ test_write_kernel_data()

void test_write_kernel_data ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to write to kernel data section.

◆ test_write_kernram()

void test_write_kernram ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to write to kernel RAM.

◆ test_write_kernro()

void test_write_kernro ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to write kernel RO.

◆ test_write_kerntext()

void test_write_kerntext ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to write to kernel text section.

◆ test_write_kobject_user_pipe()

void test_write_kobject_user_pipe ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to write to kobject using pipe.

◆ test_write_other_stack()

void test_write_other_stack ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to write to other thread's stack.

◆ test_write_priv_stack()

void test_write_priv_stack ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/userspace/src/main.c>

Test to write to privilege stack.

◆ test_write_ro()

void test_write_ro ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/protection/src/main.c>

Test write to read only section.

◆ test_write_text()

void test_write_text ( void )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/protection/src/main.c>

Test to execute on text section.

◆ TOOLCHAIN_ENABLE_GCC_WARNING()

TOOLCHAIN_ENABLE_GCC_WARNING ( TOOLCHAIN_WARNING_DANGLING_POINTER )

#include </home/runner/work/safety-doc/zephyr/tests/kernel/mem_protect/stack_random/src/main.c>

Test stack pointer randomization.

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ PRIO

Function Documentation

◆ K_APP_BMEM() [1/2]

◆ K_APP_BMEM() [2/2]

◆ K_APP_DMEM() [1/2]

◆ K_APP_DMEM() [2/2]

◆ test_1st_init_and_access_other_memdomain()

◆ test_access_after_revoke()

◆ test_access_kernel_obj_with_priv_data()

◆ test_access_kobject_without_init_access()

◆ test_access_kobject_without_init_with_access()

◆ test_all_kobjects_str()

◆ test_alloc_kobjects()

◆ test_bad_syscall()

◆ test_canary_value()

◆ test_create_alt_thread()

◆ test_create_new_essential_thread_from_user()

◆ test_create_new_higher_prio_thread_from_user()

◆ test_create_new_invalid_prio_thread_from_user()

◆ test_create_new_supervisor_thread_from_user()

◆ test_create_new_thread_from_user()

◆ test_create_new_thread_from_user_huge_stacksize()

◆ test_create_new_thread_from_user_invalid_stacksize()

◆ test_create_new_thread_from_user_no_access_stack()

◆ test_disable_mmu_mpu()

◆ test_domain_add_thread_context_switch()

◆ test_domain_add_thread_drop_to_user()

◆ test_domain_remove_part_context_switch()

◆ test_domain_remove_part_drop_to_user()

◆ test_dump_ptables_user()

◆ test_exec_data()

◆ test_exec_heap()

◆ test_exec_stack()

◆ test_generic_object()

◆ test_guard_page_front()

◆ test_guard_page_front_user()

◆ test_guard_page_rear()

◆ test_guard_page_rear_user()

◆ test_idle_stack()

◆ test_inherit_resource_pool()

◆ test_is_usermode()

◆ test_k_mem_map_phys_bare_exec()

◆ test_k_mem_map_phys_bare_rw()

◆ test_k_mem_map_phys_bare_side_effect()

◆ test_k_mem_map_phys_bare_unmap_reclaim_addr()

◆ test_k_mem_unmap_phys_bare()

◆ test_kobj_assign_perms_on_alloc_obj()

◆ test_kobj_create_out_of_memory()

◆ test_kobject_access_all_grant()

◆ test_kobject_access_all_grant_error()

◆ test_kobject_access_grant()

◆ test_kobject_access_grant_error()

◆ test_kobject_access_grant_error_user()

◆ test_kobject_access_grant_error_user_null()

◆ test_kobject_access_grant_to_invalid_thread()

◆ test_kobject_access_invalid_kobject()

◆ test_kobject_free_error()

◆ test_kobject_grant_access_kobj()

◆ test_kobject_grant_access_kobj_invalid()

◆ test_kobject_init_error()

◆ test_kobject_invalid()

◆ test_kobject_perm_error()

◆ test_kobject_reinitialize_thread_kobj()

◆ test_kobject_release_from_user()

◆ test_kobject_revoke_access()

◆ test_mark_thread_exit_uninitialized()

◆ test_mem_domain_api_supervisor_only()

◆ test_mem_domain_boot_threads()

◆ test_mem_domain_init_fail()

◆ test_mem_domain_invalid_access()

◆ test_mem_domain_no_writes_to_ro()

◆ test_mem_domain_remove_add_partition()

◆ test_mem_domain_valid_access()

◆ test_mem_part_add_error_null()

◆ test_mem_part_add_error_zerosize()

◆ test_mem_part_assert_add_overmax()