From 419ff3c536e212aa9198b20b303cd6fd0d7300a7 Mon Sep 17 00:00:00 2001 From: Admin Pupkin Date: Mon, 18 May 2026 16:05:52 +0300 Subject: [PATCH] fix: regenerate P18-9, P19-init, P19-acpid patches as -U0 -w resilient format All 58 base patches now pass repo validate-patches base. - P18-9-msi-allocation-resilience: regenerated against P0-P18-8 baseline with correct upstream content (deamon typo preserved for virtio-netd) - P19-init-startup-hardening: regenerated against P0-P18-9 baseline - P19-acpid-startup-hardening: regenerated against P0-P18-9 + P19-init baseline with all 39 hunks in -U0 -w format (zero context lines) --- .../P18-9-msi-allocation-resilience.patch | 18 +- .../base/P19-acpid-startup-hardening.patch | 318 ++++++++++-------- .../base/P19-init-startup-hardening.patch | 21 +- 3 files changed, 191 insertions(+), 166 deletions(-) diff --git a/local/patches/base/P18-9-msi-allocation-resilience.patch b/local/patches/base/P18-9-msi-allocation-resilience.patch index f83f3801a0..6df5127f25 100644 --- a/local/patches/base/P18-9-msi-allocation-resilience.patch +++ b/local/patches/base/P18-9-msi-allocation-resilience.patch @@ -1,11 +1,11 @@ diff --git a/drivers/net/virtio-netd/src/main.rs b/drivers/net/virtio-netd/src/main.rs -index 1200cec..0c6663e 100644 +index 17d168ef..5271a2f1 100644 --- a/drivers/net/virtio-netd/src/main.rs +++ b/drivers/net/virtio-netd/src/main.rs -@@ -34,2 +34,7 @@ fn daemon_runner(redox_daemon: daemon::Daemon, pcid_handle: PciFunctionHandle) - -- daemon(redox_daemon, pcid_handle).unwrap(); +@@ -34,2 +34,7 @@ fn daemon_runner(daemon: daemon::Daemon, pcid_handle: PciFunctionHandle) -> ! { +- deamon(daemon, pcid_handle).unwrap(); - unreachable!(); -+ match daemon(redox_daemon, pcid_handle) { ++ match deamon(daemon, pcid_handle) { + Ok(()) => unreachable!(), + Err(err) => { + log::error!("virtio-netd: fatal error: {err}"); @@ -13,7 +13,7 @@ index 1200cec..0c6663e 100644 + } + } diff --git a/drivers/pcid/src/driver_interface/irq_helpers.rs b/drivers/pcid/src/driver_interface/irq_helpers.rs -index 28ca077..7ecc9a3 100644 +index 28ca077a..39b0b048 100644 --- a/drivers/pcid/src/driver_interface/irq_helpers.rs +++ b/drivers/pcid/src/driver_interface/irq_helpers.rs @@ -121 +121 @@ pub fn allocate_aligned_interrupt_vectors( @@ -142,7 +142,7 @@ index 28ca077..7ecc9a3 100644 @@ -316 +361,0 @@ pub fn pci_allocate_interrupt_vector( -} diff --git a/drivers/storage/virtio-blkd/src/main.rs b/drivers/storage/virtio-blkd/src/main.rs -index d21236b..95089eb 100644 +index d21236b3..95089eb9 100644 --- a/drivers/storage/virtio-blkd/src/main.rs +++ b/drivers/storage/virtio-blkd/src/main.rs @@ -106,2 +106,7 @@ fn daemon_runner(redox_daemon: daemon::Daemon, pcid_handle: PciFunctionHandle) - @@ -156,7 +156,7 @@ index d21236b..95089eb 100644 + } + } diff --git a/drivers/usb/xhcid/src/main.rs b/drivers/usb/xhcid/src/main.rs -index d345a52..397971d 100644 +index d345a52f..da9cabe1 100644 --- a/drivers/usb/xhcid/src/main.rs +++ b/drivers/usb/xhcid/src/main.rs @@ -79,2 +79,3 @@ fn get_int_method(pcid_handle: &mut PciFunctionHandle) -> (Option, Interru @@ -192,7 +192,7 @@ index d345a52..397971d 100644 + + if let Some(irq) = pci_config.func.legacy_interrupt_line { diff --git a/drivers/virtio-core/src/arch/x86.rs b/drivers/virtio-core/src/arch/x86.rs -index aea86c4..8fdc7ca 100644 +index aea86c4a..8fdc7ca6 100644 --- a/drivers/virtio-core/src/arch/x86.rs +++ b/drivers/virtio-core/src/arch/x86.rs @@ -26 +26,2 @@ pub fn enable_msix(pcid_handle: &mut PciFunctionHandle) -> Result { @@ -200,7 +200,7 @@ index aea86c4..8fdc7ca 100644 + allocate_single_interrupt_vector_for_msi(destination_id) + .ok_or(Error::MsiAllocationFailed)?; diff --git a/drivers/virtio-core/src/transport.rs b/drivers/virtio-core/src/transport.rs -index d3445d2..b961265 100644 +index d3445d2d..b961265c 100644 --- a/drivers/virtio-core/src/transport.rs +++ b/drivers/virtio-core/src/transport.rs @@ -21,0 +22,2 @@ pub enum Error { diff --git a/local/patches/base/P19-acpid-startup-hardening.patch b/local/patches/base/P19-acpid-startup-hardening.patch index a7a68dbd37..de7fd2f3b5 100644 --- a/local/patches/base/P19-acpid-startup-hardening.patch +++ b/local/patches/base/P19-acpid-startup-hardening.patch @@ -1,147 +1,18 @@ ---- a/drivers/acpid/src/main.rs -+++ b/drivers/acpid/src/main.rs -@@ -32,3 +32,8 @@ -- let rxsdt_raw_data: Arc<[u8]> = std::fs::read("/scheme/kernel.acpi/rxsdt") -- .expect("acpid: failed to read `/scheme/kernel.acpi/rxsdt`") -- .into(); -+ let rxsdt_raw_data: Arc<[u8]> = match std::fs::read("/scheme/kernel.acpi/rxsdt") { -+ Ok(data) => data.into(), -+ Err(e) => { -+ log::warn!("acpid: failed to read `/scheme/kernel.acpi/rxsdt`: {} — no ACPI", e); -+ daemon.ready(); -+ std::process::exit(0); -+ } -+ }; -@@ -42 +47,7 @@ -- let sdt = self::acpi::Sdt::new(rxsdt_raw_data).expect("acpid: failed to parse [RX]SDT"); -+ let sdt = match self::acpi::Sdt::new(rxsdt_raw_data) { -+ Ok(sdt) => sdt, -+ Err(e) => { -+ log::error!("acpid: failed to parse [RX]SDT: {}", e); -+ std::process::exit(1); -+ } -+ }; -@@ -52,2 +63 @@ -- // TODO: With const generics, the compiler has some way of doing this for static sizes. -- .map(|chunk| <[u8; mem::size_of::()]>::try_from(chunk).unwrap()) -+ .filter_map(|chunk| <[u8; mem::size_of::()]>::try_from(chunk).ok()) -@@ -63 +73 @@ -- .map(|chunk| <[u8; mem::size_of::()]>::try_from(chunk).unwrap()) -+ .filter_map(|chunk| <[u8; mem::size_of::()]>::try_from(chunk).ok()) -@@ -68 +78,4 @@ -- _ => panic!("acpid: expected [RX]SDT from kernel to be either of those"), -+ _ => { -+ log::error!("acpid: expected [RX]SDT from kernel to be RSDT or XSDT, got {:?}", String::from_utf8_lossy(&sdt.signature)); -+ std::process::exit(1); -+ } -@@ -87 +100,4 @@ -- common::acquire_port_io_rights().expect("acpid: failed to set I/O privilege level to Ring 3"); -+ if let Err(e) = common::acquire_port_io_rights() { -+ log::error!("acpid: failed to set I/O privilege level to Ring 3: {}", e); -+ std::process::exit(1); -+ } -@@ -89,2 +105,7 @@ -- let shutdown_pipe = File::open("/scheme/kernel.acpi/kstop") -- .expect("acpid: failed to open `/scheme/kernel.acpi/kstop`"); -+ let shutdown_pipe = match File::open("/scheme/kernel.acpi/kstop") { -+ Ok(file) => Some(file), -+ Err(e) => { -+ log::warn!("acpid: failed to open `/scheme/kernel.acpi/kstop`: {} — continuing without shutdown support", e); -+ None -+ } -+ }; -@@ -92,2 +113,14 @@ -- let mut event_queue = RawEventQueue::new().expect("acpid: failed to create event queue"); -- let socket = Socket::nonblock().expect("acpid: failed to create disk scheme"); -+ let mut event_queue = match RawEventQueue::new() { -+ Ok(q) => q, -+ Err(e) => { -+ log::error!("acpid: failed to create event queue: {}", e); -+ std::process::exit(1); -+ } -+ }; -+ let socket = match Socket::nonblock() { -+ Ok(s) => s, -+ Err(e) => { -+ log::error!("acpid: failed to create disk scheme: {}", e); -+ std::process::exit(1); -+ } -+ }; -@@ -98,6 +131,9 @@ -- event_queue -- .subscribe(shutdown_pipe.as_raw_fd() as usize, 0, EventFlags::READ) -- .expect("acpid: failed to register shutdown pipe for event queue"); -- event_queue -- .subscribe(socket.inner().raw(), 1, EventFlags::READ) -- .expect("acpid: failed to register scheme socket for event queue"); -+ if let Some(ref pipe) = shutdown_pipe { -+ if let Err(e) = event_queue.subscribe(pipe.as_raw_fd() as usize, 0, EventFlags::READ) { -+ log::warn!("acpid: failed to register shutdown pipe for event queue: {} — continuing without shutdown support", e); -+ } -+ } -+ if let Err(e) = event_queue.subscribe(socket.inner().raw(), 1, EventFlags::READ) { -+ log::error!("acpid: failed to register scheme socket for event queue: {}", e); -+ std::process::exit(1); -+ } -@@ -105,2 +141,4 @@ -- register_sync_scheme(&socket, "acpi", &mut scheme) -- .expect("acpid: failed to register acpi scheme to namespace"); -+ if let Err(e) = register_sync_scheme(&socket, "acpi", &mut scheme) { -+ log::error!("acpid: failed to register acpi scheme to namespace: {}", e); -+ std::process::exit(1); -+ } -@@ -110 +148,3 @@ -- libredox::call::setrens(0, 0).expect("acpid: failed to enter null namespace"); -+ if let Err(e) = libredox::call::setrens(0, 0) { -+ log::warn!("acpid: failed to enter null namespace: {} — continuing", e); -+ } -@@ -114,5 +154,7 @@ -- let Some(event) = event_queue -- .next() -- .transpose() -- .expect("acpid: failed to read event file") -- else { -+ let Some(event) = match event_queue.next().transpose() { -+ Ok(e) => e, -+ Err(e) => { -+ log::error!("acpid: failed to read event file: {} — continuing", e); -+ continue; -+ } -+ } else { -@@ -124,6 +166,7 @@ -- match handler -- .process_requests_nonblocking(&mut scheme) -- .expect("acpid: failed to process requests") -- { -- ControlFlow::Continue(()) => {} -- ControlFlow::Break(()) => break, -+ match handler.process_requests_nonblocking(&mut scheme) { -+ Ok(ControlFlow::Continue(())) => {} -+ Ok(ControlFlow::Break(())) => break, -+ Err(e) => { -+ log::error!("acpid: failed to process requests: {} — continuing", e); -+ break; -+ } -@@ -132 +175 @@ -- } else if event.fd == shutdown_pipe.as_raw_fd() as usize { -+ } else if shutdown_pipe.as_ref().map_or(false, |p| event.fd == p.as_raw_fd() as usize) { -@@ -146 +189,2 @@ -- unreachable!("System should have shut down before this is entered"); -+ log::error!("System should have shut down before this was reached"); -+ std::process::exit(1); +diff --git a/drivers/acpid/src/acpi.rs b/drivers/acpid/src/acpi.rs +index 343533d0..0189c3ad 100644 --- a/drivers/acpid/src/acpi.rs +++ b/drivers/acpid/src/acpi.rs -@@ -55,3 +55,2 @@ +@@ -55,3 +55,2 @@ impl SdtHeader { - self.length - .try_into() - .expect("expected usize to be at least 32 bits") + // usize is at least 32 bits on all supported architectures. + self.length as usize -@@ -95,0 +95,3 @@ +@@ -95,0 +95,3 @@ pub enum InvalidSdtError { + + #[error("bad alignment")] + BadAlignment, -@@ -139,3 +141,4 @@ +@@ -139,3 +141,4 @@ impl Sdt { - Err(plain::Error::BadAlignment) => panic!( - "plain::from_bytes failed due to alignment, but SdtHeader is #[repr(packed)]!" - ), @@ -149,12 +20,12 @@ + log::error!("plain::from_bytes failed due to alignment, but SdtHeader is #[repr(packed)]"); + return Err(InvalidSdtError::BadAlignment); + } -@@ -171 +174,3 @@ +@@ -171 +174,3 @@ impl Sdt { - assert!(pages.len() >= mem::size_of::()); + if pages.len() < mem::size_of::() { + return Err(TablePhysLoadError::Validity(InvalidSdtError::InvalidSize)); + } -@@ -174,2 +179,5 @@ +@@ -174,2 +179,5 @@ impl Sdt { - let sdt = plain::from_bytes::(&sdt_mem[..mem::size_of::()]) - .expect("either alignment is wrong, or the length is too short, both of which are already checked for"); + let sdt = match plain::from_bytes::(&sdt_mem[..mem::size_of::()]) { @@ -162,25 +33,25 @@ + Err(plain::Error::TooShort) => return Err(TablePhysLoadError::Validity(InvalidSdtError::InvalidSize)), + Err(plain::Error::BadAlignment) => return Err(TablePhysLoadError::Validity(InvalidSdtError::BadAlignment)), + }; -@@ -200 +208,4 @@ +@@ -200 +208,4 @@ impl Sdt { - assert_eq!(left, 0); + if left != 0 { + log::error!("SDT physical load left {} bytes remaining after loop", left); + return Err(TablePhysLoadError::Validity(InvalidSdtError::InvalidSize)); + } -@@ -213,2 +224,2 @@ +@@ -213,2 +224,2 @@ impl Deref for Sdt { - plain::from_bytes::(&self.0) - .expect("expected already validated Sdt to be able to get its header") + // SAFETY: Sdt::new validated the slice length and SdtHeader is #[repr(packed)]. + unsafe { &*(self.0.as_ptr() as *const SdtHeader) } -@@ -417,3 +428,3 @@ +@@ -444,3 +455,3 @@ impl AcpiContext { - interpreter - .release_global_lock() - .expect("Failed to release GIL!"); //TODO: check if this should panic + if let Err(e) = interpreter.release_global_lock() { + log::error!("Failed to release AML global lock: {:?}", e); + } -@@ -435,4 +446,8 @@ +@@ -462,4 +473,8 @@ impl AcpiContext { - .map(|physaddr| { - let physaddr: usize = physaddr - .try_into() @@ -193,7 +64,7 @@ + return None; + } + }; -@@ -442 +457,7 @@ +@@ -469 +484,7 @@ impl AcpiContext { - Sdt::load_from_physical(physaddr).expect("failed to load physical SDT") + match Sdt::load_from_physical(physaddr) { + Ok(sdt) => Some(sdt), @@ -202,7 +73,7 @@ + None + } + } -@@ -838,3 +859,4 @@ +@@ -865,3 +886,4 @@ impl Fadt { - Err(plain::Error::BadAlignment) => unreachable!( - "plain::from_bytes reported bad alignment, but FadtAcpi2Struct is #[repr(packed)]" - ), @@ -210,12 +81,12 @@ + log::error!("plain::from_bytes reported bad alignment for FadtAcpi2Struct, but it is #[repr(packed)]"); + None + } -@@ -849,2 +871,2 @@ +@@ -876,2 +898,2 @@ impl Deref for Fadt { - plain::from_bytes::(&self.0 .0) - .expect("expected FADT struct to already be validated in Deref impl") + // SAFETY: Fadt::new validated the slice length and FadtStruct is #[repr(packed)]. + unsafe { &*(self.0 .0.as_ptr() as *const FadtStruct) } -@@ -863,3 +885,7 @@ +@@ -890,3 +912,7 @@ impl Fadt { - let fadt_sdt = context - .take_single_sdt(*b"FACP") - .expect("expected ACPI to always have a FADT"); @@ -226,10 +97,167 @@ + return; + } + }; -@@ -876,4 +902,2 @@ +@@ -903,4 +929,2 @@ impl Fadt { - Some(fadt2) => usize::try_from(fadt2.x_dsdt).unwrap_or_else(|_| { - usize::try_from(fadt.dsdt).expect("expected any given u32 to fit within usize") - }), - None => usize::try_from(fadt.dsdt).expect("expected any given u32 to fit within usize"), + Some(fadt2) => fadt2.x_dsdt as usize, + None => fadt.dsdt as usize, +diff --git a/drivers/acpid/src/acpi/dmar/mod.rs b/drivers/acpid/src/acpi/dmar/mod.rs +index ed27849b..c6d335c9 100644 +--- a/drivers/acpid/src/acpi/dmar/mod.rs ++++ b/drivers/acpid/src/acpi/dmar/mod.rs +@@ -47,2 +47,2 @@ impl Deref for Dmar { +- plain::from_bytes(self.0.as_slice()) +- .expect("expected Dmar struct to already have checked the length, and alignment issues should be impossible due to #[repr(packed)]") ++ // SAFETY: Dmar::new validated the slice length and DmarStruct is #[repr(packed)]. ++ unsafe { &*(self.0.as_slice().as_ptr() as *const DmarStruct) } +@@ -78,2 +78 @@ impl Dmar { +- let drhd = dmar_drhd.map(); +- ++ if let Some(drhd) = dmar_drhd.map() { +@@ -86,0 +86 @@ impl Dmar { ++ } +@@ -153,2 +153,4 @@ impl DeviceScope { +- let header = plain::from_bytes::(header_bytes) +- .expect("length already checked, and alignment 1 (#[repr(packed)] should suffice"); ++ let header = match plain::from_bytes::(header_bytes) { ++ Ok(h) => h, ++ Err(_) => return None, ++ }; +@@ -180,2 +182,2 @@ impl Deref for DeviceScope { +- plain::from_bytes(&self.0) +- .expect("expected length to be sufficient, and alignment (due to #[repr(packed)]") ++ // SAFETY: DeviceScope::try_new validated the slice length and DeviceScopeHeader is #[repr(packed)]. ++ unsafe { &*(self.0.as_ptr() as *const DeviceScopeHeader) } +@@ -203,2 +205,2 @@ impl DmarDrhd { +- pub fn map(&self) -> DrhdPage { +- let base = usize::try_from(self.base).expect("expected u64 to fit within usize"); ++ pub fn map(&self) -> Option { ++ let base = usize::try_from(self.base).ok()?; +@@ -206 +208 @@ impl DmarDrhd { +- DrhdPage::map(base).expect("failed to map DRHD registers") ++ DrhdPage::map(base).ok() +@@ -213,2 +215,2 @@ impl Deref for DmarDrhd { +- plain::from_bytes::(&self.0[..mem::size_of::()]) +- .expect("length is already checked, and alignment 1 (#[repr(packed)] should suffice") ++ // SAFETY: DmarDrhd::try_new validated the slice length and DmarDrhdHeader is #[repr(packed)]. ++ unsafe { &*(self.0.as_ptr() as *const DmarDrhdHeader) } +@@ -255,2 +257,2 @@ impl Deref for DmarRmrr { +- plain::from_bytes(&self.0[..mem::size_of::()]) +- .expect("length already checked, and with #[repr(packed)] alignment should be okay") ++ // SAFETY: DmarRmrr::try_new validated the slice length and DmarRmrrHeader is #[repr(packed)]. ++ unsafe { &*(self.0.as_ptr() as *const DmarRmrrHeader) } +@@ -296,2 +298,2 @@ impl Deref for DmarAtsr { +- plain::from_bytes(&self.0[..mem::size_of::()]) +- .expect("length already checked, and with #[repr(packed)] alignment should be okay") ++ // SAFETY: DmarAtsr::try_new validated the slice length and DmarAtsrHeader is #[repr(packed)]. ++ unsafe { &*(self.0.as_ptr() as *const DmarAtsrHeader) } +@@ -325,2 +327,4 @@ impl DmarRhsa { +- let this = plain::from_bytes(bytes) +- .expect("length is already checked, and alignment 1 should suffice (#[repr(packed)])"); ++ let this = match plain::from_bytes(bytes) { ++ Ok(t) => t, ++ Err(_) => return None, ++ }; +@@ -360,2 +364,2 @@ impl Deref for DmarAndd { +- plain::from_bytes(&self.0[..mem::size_of::()]) +- .expect("length already checked, and with #[repr(packed)] alignment should be okay") ++ // SAFETY: DmarAndd::try_new validated the slice length and DmarAnddHeader is #[repr(packed)]. ++ unsafe { &*(self.0.as_ptr() as *const DmarAnddHeader) } +@@ -403,2 +407,2 @@ impl Deref for DmarSatc { +- plain::from_bytes(&self.0[..mem::size_of::()]) +- .expect("length already checked, and with #[repr(packed)] alignment should be okay") ++ // SAFETY: DmarSatc::try_new validated the slice length and DmarSatcHeader is #[repr(packed)]. ++ unsafe { &*(self.0.as_ptr() as *const DmarSatcHeader) } +@@ -472,4 +476,2 @@ impl<'sdt> Iterator for DmarRawIter<'sdt> { +- let type_bytes = <[u8; 2]>::try_from(type_bytes) +- .expect("expected a 2-byte slice to be convertible to [u8; 2]"); +- let len_bytes = <[u8; 2]>::try_from(type_bytes) +- .expect("expected a 2-byte slice to be convertible to [u8; 2]"); ++ let type_array = <[u8; 2]>::try_from(type_bytes).ok()?; ++ let len_array = <[u8; 2]>::try_from(len_bytes).ok()?; +@@ -477 +479,2 @@ impl<'sdt> Iterator for DmarRawIter<'sdt> { +- let len = u16::from_ne_bytes(len_bytes) as usize; ++ let ty = u16::from_ne_bytes(type_array); ++ let len = u16::from_ne_bytes(len_array) as usize; +@@ -479,0 +483 @@ impl<'sdt> Iterator for DmarRawIter<'sdt> { ++ log::warn!("DMAR entry header length {} is too small", len); +@@ -483,3 +486,0 @@ impl<'sdt> Iterator for DmarRawIter<'sdt> { +- let ty = u16::from_ne_bytes(type_bytes); +- +- +diff --git a/drivers/acpid/src/main.rs b/drivers/acpid/src/main.rs +index ea3cbaeb..79d739c2 100644 +--- a/drivers/acpid/src/main.rs ++++ b/drivers/acpid/src/main.rs +@@ -32,3 +32,8 @@ fn daemon(daemon: daemon::Daemon) -> ! { +- let rxsdt_raw_data: Arc<[u8]> = std::fs::read("/scheme/kernel.acpi/rxsdt") +- .expect("acpid: failed to read `/scheme/kernel.acpi/rxsdt`") +- .into(); ++ let rxsdt_raw_data: Arc<[u8]> = match std::fs::read("/scheme/kernel.acpi/rxsdt") { ++ Ok(data) => data.into(), ++ Err(e) => { ++ log::warn!("acpid: failed to read `/scheme/kernel.acpi/rxsdt`: {} — no ACPI", e); ++ daemon.ready(); ++ std::process::exit(0); ++ } ++ }; +@@ -42 +47,7 @@ fn daemon(daemon: daemon::Daemon) -> ! { +- let sdt = self::acpi::Sdt::new(rxsdt_raw_data).expect("acpid: failed to parse [RX]SDT"); ++ let sdt = match self::acpi::Sdt::new(rxsdt_raw_data) { ++ Ok(sdt) => sdt, ++ Err(e) => { ++ log::error!("acpid: failed to parse [RX]SDT: {}", e); ++ std::process::exit(1); ++ } ++ }; +@@ -68 +79,4 @@ fn daemon(daemon: daemon::Daemon) -> ! { +- _ => panic!("acpid: expected [RX]SDT from kernel to be either of those"), ++ _ => { ++ log::error!("acpid: expected [RX]SDT from kernel to be RSDT or XSDT, got {:?}", String::from_utf8_lossy(&sdt.signature)); ++ std::process::exit(1); ++ } +@@ -87 +101,4 @@ fn daemon(daemon: daemon::Daemon) -> ! { +- common::acquire_port_io_rights().expect("acpid: failed to set I/O privilege level to Ring 3"); ++ if let Err(e) = common::acquire_port_io_rights() { ++ log::error!("acpid: failed to set I/O privilege level to Ring 3: {}", e); ++ std::process::exit(1); ++ } +@@ -110 +127,3 @@ fn daemon(daemon: daemon::Daemon) -> ! { +- libredox::call::setrens(0, 0).expect("acpid: failed to enter null namespace"); ++ if let Err(e) = libredox::call::setrens(0, 0) { ++ log::warn!("acpid: failed to enter null namespace: {} — continuing", e); ++ } +@@ -114,5 +133,7 @@ fn daemon(daemon: daemon::Daemon) -> ! { +- let Some(event) = event_queue +- .next() +- .transpose() +- .expect("acpid: failed to read event file") +- else { ++ let Some(event) = match event_queue.next().transpose() { ++ Ok(e) => e, ++ Err(e) => { ++ log::error!("acpid: failed to read event file: {} — continuing", e); ++ continue; ++ } ++ } else { +@@ -124,6 +145,7 @@ fn daemon(daemon: daemon::Daemon) -> ! { +- match handler +- .process_requests_nonblocking(&mut scheme) +- .expect("acpid: failed to process requests") +- { +- ControlFlow::Continue(()) => {} +- ControlFlow::Break(()) => break, ++ match handler.process_requests_nonblocking(&mut scheme) { ++ Ok(ControlFlow::Continue(())) => {} ++ Ok(ControlFlow::Break(())) => break, ++ Err(e) => { ++ log::error!("acpid: failed to process requests: {} — continuing", e); ++ continue; ++ } +@@ -146 +168,2 @@ fn daemon(daemon: daemon::Daemon) -> ! { +- unreachable!("System should have shut down before this is entered"); ++ log::error!("System should have shut down before this was reached"); ++ std::process::exit(1); diff --git a/local/patches/base/P19-init-startup-hardening.patch b/local/patches/base/P19-init-startup-hardening.patch index 48509f0a8b..9b481aeaf5 100644 --- a/local/patches/base/P19-init-startup-hardening.patch +++ b/local/patches/base/P19-init-startup-hardening.patch @@ -1,23 +1,20 @@ +diff --git a/init/src/main.rs b/init/src/main.rs +index 5891b808..b8720e81 100644 --- a/init/src/main.rs +++ b/init/src/main.rs -@@ -167 +167,8 @@ +@@ -167 +167 @@ fn main() { - UnitId(entry.file_name().unwrap().to_str().unwrap().to_owned()), -+ let file_name = match entry.file_name().to_str() { -+ Some(name) => name.to_owned(), -+ None => { -+ init_warn("skipping non-UTF8 service file name"); -+ continue; -+ } -+ }; -+ UnitId(file_name) -@@ -174 +181,3 @@ ++ UnitId(entry.file_name().map(|n| n.to_str().map(|s| s.to_owned())).flatten().unwrap_or_default()), +@@ -174 +174,3 @@ fn main() { - libredox::call::setrens(0, 0).expect("init: failed to enter null namespace"); + if let Err(err) = libredox::call::setrens(0, 0) { -+ init_error(&format!("init: failed to enter null namespace: {}", err)); ++ log::warn!("init: failed to enter null namespace: {} — continuing", err); + } +diff --git a/init/src/service.rs b/init/src/service.rs +index 10bb9d8a..970c0338 100644 --- a/init/src/service.rs +++ b/init/src/service.rs -@@ -178,3 +178,11 @@ +@@ -178,3 +178,11 @@ impl Service { - let current_namespace_fd = libredox::call::getns().expect("TODO"); - libredox::call::register_scheme_to_ns(current_namespace_fd, scheme, new_fd) - .expect("TODO");