Phase S1 (Critical Correctness):
- sem_open/sem_close: global refcounting via BTreeMap + AtomicUsize
- sem_close: decrements refcount, munmaps only at zero
- sem_open: reuses existing mapping, O_EXCL returns EEXIST
- sem_unlink: marks entry for removal before shm_unlink
- va_list parsing: reads mode_t and value from stack after oflag
- All 11 sem_* functions verified in libc.so T
Phase S2-S4 (Designed, documented):
- eventfd() function, signalfd read path, EINTR handling
- name canonicalization, cancellation safety
- Full plan in local/docs/RELIBC-AGAINST-GLIBC-ASSESSMENT.md
Reference: glibc 2.41 cloned to local/reference/glibc/
Boot verified: greeter ready on VT 3 with refcounted semaphores
redbear-greeter-compositor: line 35 was using 'done < <(cmd)'
bash process substitution which creates /dev/fd/63. Redox kernel
does not implement /dev/fd, causing 'No such file or directory'
error and compositor startup failure.
Replaced 'while read; do ...; done < <(parse_drm_devices)' with
'for device in ; do ...; done' — pure POSIX,
no /dev/fd dependency. Device names contain no whitespace so
word splitting is correct for this use case.
interrupt.rs:
- InterruptRemapTable now owns optional DmaBuffer for self-allocated tables
- new_allocated(entry_count) constructor allocates physically contiguous
DMA memory via DmaBuffer::allocate, returns Result
- new(base_addr, size) still works for externally-provided tables
- private addr() helper replaces direct 'base' field access
- len_encoding() returns AMD-Vi log2-encoded IRT length for DTE entries
- physical_address() returns table base physical address
- Remove unused 'warn' and 'error' imports from log crate
amd_vi.rs:
- Use InterruptRemapTable::new_allocated instead of ::new for IRT init
- Cast len_encoding() from u64 to u8 for DeviceTableEntry::set_int_table_len
Verified: iommu crate compiles clean (0 errors, 0 warnings).
- udev-shim: replace .expect() with graceful errors (no more panic on Broken pipe)
- P4-initfs: remove duplicate sessiond (conflicted with config)
- accessibility/ime/keymapd: break instead of exit(1) on EBADF
- P6 driver patches rebased
- Docs: archive old reports, add implementation master plan
Add redbear-usb-storage-check in-guest binary that validates USB mass
storage read and write I/O: discovers /scheme/disk/ devices, writes a
test pattern to sector 2048, reads it back, verifies match, restores
original content. Updates test-usb-storage-qemu.sh with write-proof
verification step.
Includes all accumulated Red Bear OS work: kernel patches, relibc
patches, driver infrastructure, DRM/GPU, KDE recipes, firmware,
validation tooling, build system hardening, and documentation.
Oracle review found 3 gaps. All fixed:
1. Recipe #TODO updated from 'Always-permit stub' to 'Real UID-based policy'
2. init.d/20_polkit.service created
3. redbear-full.toml already has 14_redbear-polkit via [[files]] — verified
P5: redbear-polkit now enforces real authorization:
- is_authorized(uid, action_id) checks UID-based policy
- uid=0 (root) always authorized
- Other users checked against /etc/polkit-1/policy.toml
- Default: deny for unknown actions (fail-closed)
- Backend name changed from 'redbear-permit-all' to 'redbear-uid-policy'
- Default policy grants power/network/storage to root+user(1000)
Build system (src/cook/fetch.rs):
- Atomic patch application: applies patches to staging directory (cp -al),
atomically swaps on success, discards on failure — source tree is never
left in a partially-patched state
- normalize_patch(): strips diff --git/index/new-file-mode headers that the
build system's patch command does not recognize
- cleanup_workspace_pollution(): removes orphaned recipes/Cargo.toml and
recipes/Cargo.lock to prevent workspace conflicts
- Added --allow-protected CLI flag to repo binary
Input stack (local/patches/base/P3-*.patch):
- P3-ps2d-led-feedback: PS/2 LED state handling + InputProducer migration
- P3-inputd-keymap-bridge: InputProducer enum, keymap bridge query
- P3-usbhidd-hardening: HID descriptor validation, static lookup table,
8-button mouse support, transfer retry with exponential backoff
- P3-init-colored-output: ANSI-color coded init daemon output (green OK,
red FAILED, yellow SKIP/WARN)
XKB bridge (local/recipes/system/redbear-keymapd/source/src/xkb.rs):
- Parses X11 xkb/symbols/* format, maps XKB keycodes to PS/2 scancodes,
80+ X11 keysym names to Unicode, 4-level key support
Patch governance (local/patches/base/absorbed/README.md):
- Documents consolidation of P0-P3 patches into redox.patch
Finalize all non-artifact changes accumulated from other sessions:
- config updates, recipe changes, source edits, patches
- pkgar/cache artifacts intentionally excluded (build outputs)
This is the maximum achievable scope for this session.
Hardware-accelerated KDE blocked by: QML gate, KWin/Plasma builds,
hardware GPU validation — all require build system + physical GPU.
Add guard-recipes.sh with four modes:
- --verify: check all local/recipes have correct symlinks into recipes/
- --fix: repair broken symlinks (run before builds)
- --save-all: snapshot all recipe.toml into local/recipes/
- --restore: recreate all symlinks from local/recipes/ (run after sync-upstream)
Wired into apply-patches.sh (post-patch) and sync-upstream.sh (post-sync).
This prevents the build system from deleting recipe files during
cargo cook, make distclean, or upstream source refresh.
- config/redbear-full.toml: 22 KF6 + kglobalacceld enabled, kirigami only suppressed
- kf6-knewstuff + kf6-kwallet now enabled (real cmake builds with stub fallback)
- recipe.toml: added redbear-phase6-kde-check to package.files (was in Cargo.toml but not packaged)
Verified x86_64-unknown-redox cross-compilation:
redbear-hwutils, redbear-info, redbear-compositor all build and publish.
Host cargo check zero warnings. Target make r.* successful.
12 total commits. 7 master plan workstreams advanced.
- count_status: cfg-gated to Redox only (uses CheckStatus)
- list_dir_names: cfg-gated to Redox only (uses std::fs)
Verified: host cargo check zero warnings, Redox-target make r.redbear-hwutils
builds and publishes successfully (x86_64-unknown-redox).
- redbear-phase-pci-irq-check: removed Copy derive from AffinityProbe
(contains String field, not Copy-safe on Redox target)
- redbear-phase1-udev-check: added missing count_status() function
Verified: make r.redbear-hwutils builds and publishes successfully
for x86_64-unknown-redox target.
test-posix-runtime.sh: unified POSIX runtime harness running all 6
relibc-phase1-tests C programs in guest/QEMU modes, exit-code-based
redbear-usb-check.rs: recreated after cancelled task cleanup —
full Phase-pattern checker with JSON output, xHCI/USB/HID/storage probes
Zero warnings, all scripts syntax-clean.
redbear-usb-check: rewritten from 99-line minimal checker to full
Phase-pattern validation (CheckResult/Report, JSON output, proper
cfg-gating). Checks xHCI controllers, USB device enumeration,
HID class detection, storage class detection.
test-usb-runtime.sh: guest + QEMU harness following Phase 1-5 pattern.
Zero warnings.
unassign_device: clear DTE and submit hardware INVALIDATE_DEVTAB_ENTRY
and INVALIDATE_INTERRUPT_TABLE commands with completion wait (was
previously only clearing the software HashMap).
TRANSLATE opcode (0x0012): walk IOMMU page tables for IOVA-to-physical
address resolution.
fstat: return proper MODE_DIR/MODE_FILE and sizes for all handle kinds
(Root, Control, Domain, Device).
Remove #TODO from recipe.toml.
Phase 4 KDE Plasma preparation:
kded6: new recipe at local/recipes/kde/kf6-kded6/ building the KDE
daemon from source. Depends on kf6-kconfig, kf6-kcoreaddons,
kf6-kcrash, kf6-kdbusaddons, kf6-kservice — all already built.
Added to redbear-full.toml package list. D-Bus activation file
already existed; removed TODO now that recipe exists.
kirigami: rewrite from stub to real CMake build. qtdeclarative
(Qt6Quick) is now available, so the real Kirigami can be built
instead of installing dummy cmake configs and a static lib placeholder.
Added qtshadertools and qtsvg as additional dependencies.
Phase 3 input chain wiring:
udev-shim: when scheme:evdev is registered (by evdevd), probe for
event0..event7 devices and create /dev/input/eventN nodes pointing to
scheme:evdev/eventN. This bridges evdevd's evdev devices into the
/dev/input namespace that libinput and compositors expect.
libinput: remove -Dudev=false and add libudev-stub as a dependency.
The libudev-stub recipe provides libudev.so that reads from scheme:udev
(udev-shim), giving libinput a working udev enumeration path instead of
stub functions that return NULL.
Input chain is now: hardware → /scheme/input → evdevd → scheme:evdev →
udev-shim → /dev/input/eventN → libudev-stub → libinput → KWin.
The #[cfg(target_os = "redox")] variant of wait_for_shutdown had dead code
after the tokio::select! block. The select already returns Result<(), _>, so
the trailing Ok(()) was unreachable and caused a type mismatch when the compiler
tried to coerce the select result into (). Remove the dead code.
Add complete HCI protocol module (hci.rs) with packet types, 55+ constants,
command builders (Reset, Read BD Addr, Read Local Version, LE scan/connect),
event parsers, and structured result types. Add USB transport abstraction
(usb_transport.rs) with UsbHciTransport trait and StubTransport for testing.
Wire btusb daemon with endpoint descriptor parsing, HCI init sequence
(Reset → Read BD Addr → Read Local Version), ControllerState state machine,
and enhanced status output. Replace all expect()/unwrap() calls in btctl
and wifictl with proper error handling and graceful fallback.
91 btusb tests, 27 btctl tests, 2 wifictl tests passing.
vasilito