Kernel has a use-after-free bug in sys_read triggered by /scheme/sys/msr
access. The probe guard prevents most crashes but the kernel bug can still
trigger during MSR read paths. Removing the MSR fallback eliminates this
crash path entirely. Vendor detection now uses /scheme/sys/cpu only.
Two changes needed to enable Qt6 QML V4 JIT on Redox:
1. -DQT_FEATURE_qml_jit=ON (was OFF)
2. sed patch adding Q_OS_REDOX to qv4assemblercommon_p.h X86_64 SysV list
Without #2, the JIT PlatformAssemblerBase typedef is never defined
for Redox, causing Address/RegisterID/Jump type errors during compilation.
gem/gem_object.rs (175 lines):
GemObject struct: handle, size, region, cache_level, gtt/vram offset
GemObjectManager: BTreeMap registry with create/close/pin/unpin
Memory tracking: system/vram byte counters with limits
Export tracking, per-object cache level, name support
gem/gem_region.rs (85 lines):
MemoryRegion: System/LMEM/Stolen types with alloc/free
IO-mapped vs CPU-visible region properties
Min page size per region (4K system, 64K LMEM)
Bump allocator with free tracking
gem/gem_vma.rs (100 lines):
GemVma: virtual address binding with address space type
VmaManager: BTreeMap registry with overlap detection
Bind/unbind with bound byte tracking
Per-object VMA query
Ported from Linux 7.1:
gem/i915_gem_object_types.h → GemObject
gem/i915_gem_object.c → GemObjectManager
gem/i915_gem_region.c → MemoryRegion
i915_vma.c → VmaManager + GemVma
This is a new gem/ subdirectory under the Intel driver — the foundation
for the full 27,472-line GEM subsystem port from Linux i915.
color_pipeline.rs: CSC/CTM coefficient encoding with precision
encode_csc_coefficient: 12-bit fixed point with sign bit
encode_ctm_coefficient: 64-bit FP with mantissa + exponent
compute_hdr_metadata: ST.2086 HDR static metadata block
ColorPipelineState struct (degamma/CSC/CTM/gamma enables)
dmc_power.rs: DC5/DC6 deep power states
allow_dc5/allow_dc6 with DMC firmware handshake
disallow_dc5/disallow_dc6 for display active prevention
DC state register controls at 0x45400/0x45404/0x45504
psr_full.rs: complete PSR sink+source communication
DPCD PSR_STATUS/ERROR_STATUS/SINK_STATUS monitoring
PSR exit request via sink DPCD write
Source PSR state polling (SRDENT/SRDONACK/IDLE)
Error/entry/exit counter tracking
guc_submission.rs: GuC work queue submission protocol
WQ head/tail ring buffer management
doorbell trigger with per-context ID assignment
CT message: context register/deregister, sched policy
Timeslice + preemption timeout configuration
bandwidth.rs: link bandwidth computation
compute_data_rate per mode+bpp
compute_required_lanes for DP link negotiation
compute_dbuf_blocks per display buffer configuration
alpm.rs: Adaptive Link Power Management
ALPM_CTL enable/disable per DP port
Link power state monitoring via ALPM_STATUS
panel_fitter.rs: Panel fitting / scaling mode
compute_panel_fitter for non-native resolution handling
ScalingMode enum: None/FullScreen/Center/FullAspect
Aspect ratio-aware destination rectangle computation
pch.rs: PchType enum spanning 12 PCH generations
from_generation(): maps IntelGeneration to PchType automatically
display_well_base(): per-PCH power well register base
has_separate_ddi_wells(): Gen9+ PCH feature flag
gmbus_base(): 0x5100 (pre-PCH) vs 0xC5100 (PCH-based)
ddi_port_count(): 2-6 ports per PCH generation
This gates correct DDI buffer, power well, and GMBUS configuration
per platform. Previously all platforms used Gen9 hardcoded defaults.
Was: let _ = (ASLS_PCI_OFFSET, OPREGION_SIG, OPREGION_VBT_OFFSET);
Now: debug! with note that OpRegion VBT lookup is not yet implemented
Removes dead code while documenting the feature gap for future work.
dp_link.rs: expanded rate table to 7 entries
HBR2 (8.1Gbps), HBR3 (8.1Gbps), UHBR10/13.5/20 for DP 2.0
rate_to_khz handles all 7 rates including UHBR (1-2M kHz)
display.rs: distinct HDMI vs DP enable paths in set_mode
connector_type parameter branches DP link retrain vs HDMI
HDMI paths skip link training (uses TMDS clock instead)
mod.rs: multi-engine ring initialization
Blitter (BCS) and VideoEnhance (VECS) rings alongside Render (RCS)
Optional init — gracefully handled if ring creation fails
Stored as Mutex<Option<IntelRing>> for lazy access
display.rs: DP link retraining at set_mode time
Before enabling DDI_BUF_CTL, retrain DP link for the active port
Uses display's own dp_aux vector for DPCD communication
Fixes link recovery after mode changes
syncobj.rs: sync_file fd infrastructure
export_sync_file(): generate fd token, map syncobj → fd
import_sync_file(): resolve fd token → syncobj handle
close_sync_file(): remove fd from table
driver.rs: GpuDriver trait methods for sync_file
syncobj_export_fd() / syncobj_import_fd() with default Unsupported
mod.rs: IntelDriver implementation delegates to SyncobjManager
scheme.rs: DRM_IOCTL_REDOX_SYNCOBJ_HANDLE_TO_FD (0x73)
DRM_IOCTL_REDOX_SYNCOBJ_FD_TO_HANDLE (0x74)
Wire types with proper #[repr(C)] Copy+Clone attributes
ring.rs: fix MI_USER_INTERRUPT value
Was 0x0200_0000 (same as MI_FLUSH_DW) — GPU never generated interrupts.
Correct Gen7+ value: 0x6200_0000 (MI_USER_INTERRUPT with proper encoding)
MI_FLUSH_DW in flush() now uses proper DWord length encoding (1<<22)
scheme.rs: SETPLANE now forwards primary plane to page_flip
Primary plane (id=3) flips via driver.page_flip()
Overlay/cursor planes get silent no-op (KWin falls back to primary)
Removes EOPNOTSUPP blocker for KWin Wayland compositor
drivers/mod.rs: remove Gen8+ gate in is_supported_intel_generation()
All pre-Gen9 IDs (I965G, ILK, SNB, IVB/HSW/BDW) now pass probe.
Gen8 Broadwell/Cherryview uses DDI display engine (same as Gen9) —
expected to work with current register paths.
Gen4-Gen7 (I965G through Haswell) use FDI display engine which differs
from DDI. They will probe successfully but display init uses DDI_BUF_CTL
registers that don't exist on FDI hardware. Full FDI support is documented
as future work.
info.rs: +56 entries covering all pre-Gen9 generations
Gen4: 18 IDs (I965G, G33, Q33/Q35, GM965, G45, GM45, Pineview)
Gen5: 2 IDs (Ironlake desktop/mobile)
Gen6: 7 IDs (Sandy Bridge GT1/GT2 desktop/mobile)
Gen7: 11 IDs (Ivy Bridge, Haswell ULT/ULX GT1/GT2/GT3)
Gen8: 18 IDs (Broadwell ULT/ULX GT1/GT2/GT3, Cherryview GT1/GT2)
Total: 56 new entries → info.rs now has 157 device IDs
- cursor.rs: plane scaler (PS_CTRL/PS_WIN/PS_SIZE) with nearest filter,
rotation property (0/90/180/270) via PLANE_ROT_CTL registers
- display_power.rs: gate_ddi_wells + gate_aux_wells per active port count
- gt.rs: GpuStats struct and gpu_stats() method for utilization reporting
- Fix bootloader recipe: pass correct TARGET on make command line
instead of hardcoding x86_64-unknown-uefi (breaks BIOS build)
- Add cargo -Zunstable-options to x86_64-unknown-uefi.mk and
x86-unknown-none.mk for custom target support
- Add x86_64-unknown-uefi.json target file
Remaining: redoxer toolchain cargo/rust-src version mismatch
prevents build-std compilation. Needs 'make prefix' to rebuild
toolchain with matching versions.
Bootloader needs x86_64-unknown-uefi (UEFI target) but redoxer
sets TARGET=x86_64-unknown-redox (OS target). Added:
- x86_64-unknown-uefi.json custom target file
- cargo -Zunstable-options in Makefile for custom target support
- TARGET= override in recipe (may still be overridden by redoxer)
- RPS interactive governor: fast ramp-up on activity, slow ramp-down on idle
- Runtime PM with wakeref counting and RC6 transitions
- Forcewake automatically taken on first wakeref, released on last
- Frequency tracking with min/max/target per-GT state
Root cause chain discovered and fixed:
1. GCC built-in stddef.h shadowed by relibc's _STDDEF_H guard
→ fix_types.h with guarded typedefs for 15+ sys types
2. gnulib configure bakes raw typedefs into GL_CFLAG_GNULIB_WARNINGS
→ strip them from Makefiles after configure
3. __fseterr/__freadahead don't exist in relibc
→ compile C stubs and inject into link via Makefile patch
The recipe pattern is documented and reusable for other gnulib packages
(ninja-build, diffutils, etc.).
Also: bootloader recipe needs RUSTFLAGS=-Zunstable-options for
custom target support after redoxer toolchain restore.