Signify if the documentation is for a release or if it is the
development version from master.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Add a self-protection test suite with a set of tests
to check whether one can overwrite read-only data
and text, and whether one can execute from data,
stack, or heap buffers.  These tests are modeled after
a subset of the lkdtm tests in the Linux kernel.

These tests have twice caught bugs in the Zephyr NXP MPU
driver, once during initial testing/review of the code
(in its earliest forms on gerrit, reported to the original
author there) and most recently the regression introduced
by commit bacbea6e

 ("arm: nxp: mpu: Rework handling
of region descriptor 0"), which was fixed by
commit a8aa9d4f3dbbe8 ("arm: nxp: mpu: Fix region descriptor
0 attributes") after being reported.

This is intended to be a testsuite of self-protection features
rather than just a test of MPU functionality.  It is envisioned
that these tests will be expanded to cover a wider range of
protection features beyond just memory protection, and the
current tests are independent of any particular enforcement
mechanism (e.g. MPU, MMU, or other).

The tests are intended to be cross-platform, and have been
built and run on both x86- and ARM-based boards.  The tests
currently fail on x86-based boards, but this is an accurate
reflection of current protections and should change as MMU
support arrives.

The tests leverage the ztest framework, making them suitable
for incorporation into automated regression testing for Zephyr.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

ztest provides a ztest_test_fail() interface to fail the currently
running test, but does not provide an equivalent ztest_test_pass().
Normally a test passes just by returning without an assertion failure
or other call to ztest_test_fail().  However, if the correct behavior
for a test is to trigger a fatal fault (as with tests/kernel/fatal or
protection or MPU tests), then we need a way for the test to pass the
currently running test before aborting the current thread.
Otherwise, ztest hangs forever in run_test() on the
k_sem_take(&test_end_signal, K_FOREVER) call.  Add
a ztest_test_pass() interface and implement it for kernel and
userspace variants of ztest.  This interface will be used in the
protection tests.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Clearing fields in the region descriptor attributes doesn't always have
the expected effect of revoking permissions. In the case of bus master
supervisor mode fields (MxSM), setting to zero actually enables read,
write, and execute access.

When we reworked handling of region descriptor 0, we inadvertently
enabled execution from RAM by clearing the MxSM fields and enabling the
descriptor. This caused samples/mpu_test run to throw a usage fault
instead of an MPU-triggered bus fault.

Fix this by setting all the MxSM fields to 2'b11, which gives supervisor
mode the same access as user mode.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>

Both the ARM and NXP MPU drivers incorrectly calculated the region index
by assuming the region type (e.g., THREAD_STACK_GUARD_REGION) was
zero-indexed, when in reality it is one-indexed. This had the effect of
wasting one region.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>

The NXP MPU requires special handling of region descriptor 0 to
guarantee that the debugger has access to the entire address space. It
does not allow writes from the core to affect the start or end
addresses, or the permissions associated with the debugger.

The original implementation of this driver attempted to work around
region descriptor 0, resulting in an off-by-1 error caught by Coverity.

Instead, define region descriptor 0 explicitly in the mpu_regions array,
and add some asserts to ensure that one doesn't try to change its start
or end addresses. This has an added benefit such that more permissions
can be enabled in region 0 if desired, whereas the previous
implementation always forced all writable permissions to be cleared.

Coverity-CID: 170473
Jira: ZEP-2258
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>

Sync with master
Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>

Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Fixed misspellings, cleanup summary (removed "changes go here..."
marker, removed known-issues/workaround section place holder
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>

Support for the 5x5 LED display on the BBC micro:bit makes the board
much more usable, so it's worth to mention it in the release notes.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>

Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Tempture -> Temperature
Signed-off-by: Anas Nashif <anas.nashif@intel.com>

It did not make the 1.8 release, was added by mistake.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>

Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Some files have moved from their original location, or are no longer
available.  For the mbedtls samples, tweak the link to point to a page
where links for current and previous downloads can be found.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>

Used the following command to get the full list of changes:

(v1.8-branch) $ git log v1.7.0.. subsys/bluetooth/
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>

Add general description of network stack changes in v1.8 and
two IEEE 802.15.4 driver additions in Drivers section.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>

Bash hack that will parse the list of files known to git, filter the
ones for which we think we have licensing info, filter trivial ones
and print the non-compliant ones to stdout:

$ cd WHEREVER/zephyr.git
$ scripts/scan-no-license.sh  > no-license
I: 6327 files total
I: 3568 after filtering known issues
I: 3568 files before, 1828 after filtering token 'SPDX-License-Identifier'
I: 1828 files before, 1027 after filtering token 'Copyright'
I: 1027 files before, 1023 after filtering token 'License'
I: 1023 files before, 1017 after filtering token 'licenseText'
I: 1017 files before, 78 after filtering token '([Cc])'
I: 78 files without license
$ head no-license
arch/nios2/soc/nios2f-zephyr/cpu/ghrd_10m50da.qsys
arch/nios2/soc/nios2f-zephyr/cpu/ghrd_10m50da.qws
arch/nios2/soc/nios2f-zephyr/cpu/ghrd_10m50da.sof
arch/nios2/soc/nios2f-zephyr/cpu/ghrd_10m50da.sopcinfo
arch/nios2/soc/nios2f-zephyr/cpu/ghrd_10m50da_top.v
...

Signed-off-by: Inaky Perez-Gonzalez <inaky....

In certain TCP states we should not try to send RESET segment
to peer. So check this and do not try to use NULL pkt to send
a message.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>

Various network samples contained QEMU slip setup instructions
or those instructions were missing. A reference doc in
doc/subsystems/networking/qemu_setup.rst file already has the
setup instructions for QEMU. So add a reference to that file
in samples/net/*/README.rst files and remove unnecessary slip
setup instructions in relevant files.

Fix various typos in readme files at the same time.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>

When src and dst addresses are compressed based on context
information, uncompression method should verify CID bit,
SAC and DAC bits and context ID's. But it has missed some
cases which resulted in invalid uncompressed IPv6 header.

e.g. CID is set, SAC is 0 and DAC is 1 and context id's provided.
Uncompression method assumed that src address is compressed based
on context information but it is not.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>

Empty RPL HBH header will be inserted while finalizing IPv6 packet
but updated after finding nexthop and sent the packet. In case of
Bluetooth or multicast dst address it was missed. Resulted in
empty RPL HBH header and packet dropped at peer node. It should
be updated in all circumstances.

Jira: ZEP-2088
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>

The mbedtls debugging function was set before the ssl config
struct was initialized. This meant that it was not possible
to activate mbedtls debug prints. This commit sets the debug
print option after the config struct has been initialized.

Fixed also the debug prints which print extra \n which looks
very bad in debugging outputs.

This commit does not enable mbedtls debugging, it just makes it
possible to output mbedtls debug prints. In order to get mbedlts
debug prints one needs to do this:
* set DEBUG_THRESHOLD to >0 in http_server.c
* enable CONFIG_NET_DEBUG_HTTP in project config file
* enable MBEDTLS_DEBUG_C in mbedtls config file (see file pointed
  by CONFIG_MBEDTLS_CFG_FILE option)
* in qemu, one needs to increase the size of the available RAM,
  this setting does the trick, CONFIG_RAM_SIZE=300
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>

Semantics of ENOENT error as used previously is "named entity not
found", whereas for "I/O handle is not valid", there's EBADF. For
example, POSIX/SUSV2 doesn't even list ENOENT as a possible error
for accept(), connect(), recv(), etc. whereas it lists EBADF, e.g.:
http://pubs.opengroup.org/onlinepubs/7908799/xns/connect.html

Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>

Add clarification that the DNS server configuration must be edited in
the respective prj.conf file.

JIRA: ZEP-2040
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>

Draft of 1.8 release notes with heading and jira items from
draft doc. Added 1.8 release notes to index.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>

On some devices, when k_cpu_idle() was called we were getting
interrupts that were not the timer interrupt. On bbc_micro
a power clock control driver interrupt was happening instead
and k_cpu_idle() was returning without the system tick advancing,
failing the test.

The clock control interrupts seem to only happen early in device
boot; moving the idle test much later lets the test pass on this
board (and likely all other NRF5 based boards).

Issue: ZEP-2257
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>

Also increase ISR stack to make it run on Quark D2000 CRB.

Jira: ZEP-2224
Signed-off-by: Anas Nashif <anas.nashif@intel.com>

When we build with newlib enabled and utilizing one of the other
variants (like having floating point enabled) we need to have the proper
library path setup to find the library.  This is mimicked after what we
do in Makefile.toolchain.zephyr for newlib.

Issue: ZEP-2240
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>

Stack sentinel doesn't prevent corruption, it just notices when
it happens. Any memory could be in a bad state and it's more
appropriate to take the entire system down rather than just kill
the thread.

Fatal testcase will still work since it installs its own
_SysFatalErrorHandler.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>

- _SysFatalErrorHandler is supposed to be user-overridable.
The test case now installs its own handler to show that this
has happened properly.

- Use TC_PRINT() TC_ERROR() macros

- Since we have out own _SysFatalErrorHandler, show that
k_panic() works

- Show that _SysFatalErrorHandler gets invoked with the expected
reason code for some of the scenarios.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>

Fixes an issue where if a thread calls k_panic() or k_oops()
with interrupts locked, control would return to the thread
and it would only be aborted after interrupts were unlocked
again.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>