Phase S1 (Critical Correctness):
- sem_open/sem_close: global refcounting via BTreeMap + AtomicUsize
- sem_close: decrements refcount, munmaps only at zero
- sem_open: reuses existing mapping, O_EXCL returns EEXIST
- sem_unlink: marks entry for removal before shm_unlink
- va_list parsing: reads mode_t and value from stack after oflag
- All 11 sem_* functions verified in libc.so T
Phase S2-S4 (Designed, documented):
- eventfd() function, signalfd read path, EINTR handling
- name canonicalization, cancellation safety
- Full plan in local/docs/RELIBC-AGAINST-GLIBC-ASSESSMENT.md
Reference: glibc 2.41 cloned to local/reference/glibc/
Boot verified: greeter ready on VT 3 with refcounted semaphores
Bug: src/cook/cook_build.rs:268 only bumps source_modified when
recipe.toml is STRICTLY newer than source. In normal workflow:
1. Recipe edited at T1 (adds patch to patches array)
2. Source re-fetched at T2 > T1 (during make r.<recipe>)
3. Build caches stage at T3
4. Next build: recipe(T1) > source(T2) = FALSE → edit ignored
Fix: source_modified = source_modified.max(recipe_modified);
always considers recipe timestamp regardless of relative ordering.
Root cause of kernel rebrand not taking effect was ALSO a missing
.git/HEAD in the source tree (cookbook skips patches for release
archives). Re-fetch with 'repo --allow-protected fetch kernel'
restored the git repo and enabled patch application.
Verified: 'RedBear OS starting...' appears in QEMU boot log.
Generated from clean 866dfad0 + consolidated.patch state via diff.
Two hunks for x86_64: comment on line 87 and info! on line 110.
aarch64 (line 94) and riscv64 (line 100) — one hunk each.
Verified: patch applies with --fuzz=0 on top of redbear-consolidated.
Wired into kernel recipe after P8-msi.patch.
redbear-greeter-compositor: line 35 was using 'done < <(cmd)'
bash process substitution which creates /dev/fd/63. Redox kernel
does not implement /dev/fd, causing 'No such file or directory'
error and compositor startup failure.
Replaced 'while read; do ...; done < <(parse_drm_devices)' with
'for device in ; do ...; done' — pure POSIX,
no /dev/fd dependency. Device names contain no whitespace so
word splitting is correct for this use case.
check-unwired-patches.sh: scans local/patches/ for .patch files not
referenced in any recipe.toml patches = [...] array. Detects 262
unwired patches (most intentionally kept for reference/rebase).
P2-rebrand-start-message.patch: minimal 39-line patch changing
'Redox OS starting' to 'RedBear OS starting' in x86_64, aarch64,
and riscv64 arch start files. Wired into kernel recipe after
P8-msi.patch. Verified: make r.kernel builds with all 3 patches.
Build system issues surfaced by the detector:
- 250+ kernel individual patches kept for reference (absorbed/)
- ~50 base individual patches — many intentionally unwired
- ~30 relibc patches — may need wiring into relibc recipe
- build-system patches applied by scripts, not recipes
Add missing alloc_cpu_id() function (atomic round-robin CPU selection).
Fix type chain: MsiAllocation.irq u8→u32 to match allocate_irq_vector
return type. irq_set_affinity accepts u32 irq for consistency.
Verified: driver-sys compiles on Linux (x86_64-unknown-linux-gnu).
Full redbear-mini image builds and boots in QEMU.
P6-e1000d-msi-migration.patch conflicts with P6-driver-main-fixes.patch
— both modify e1000d/src/main.rs at overlapping lines. The MSI migration
must be merged into P6-driver-main-fixes during the upcoming P6 rebase.
P6-e1000d-msi-migration.patch preserved in local/patches/base/ for reference.
e1000d was the last NIC driver using legacy IRQ (irq.irq_handle()).
Migrated to pci_allocate_interrupt_vector which tries MSI-X first,
then MSI, then falls back to legacy INTx — matching rtl8168d, rtl8139d,
ihdad, ihdgd, and nvmed.
63-line patch at local/patches/base/P6-e1000d-msi-migration.patch,
symlinked and wired into recipes/core/base/recipe.toml.
interrupt.rs:
- InterruptRemapTable now owns optional DmaBuffer for self-allocated tables
- new_allocated(entry_count) constructor allocates physically contiguous
DMA memory via DmaBuffer::allocate, returns Result
- new(base_addr, size) still works for externally-provided tables
- private addr() helper replaces direct 'base' field access
- len_encoding() returns AMD-Vi log2-encoded IRT length for DTE entries
- physical_address() returns table base physical address
- Remove unused 'warn' and 'error' imports from log crate
amd_vi.rs:
- Use InterruptRemapTable::new_allocated instead of ::new for IRT init
- Cast len_encoding() from u64 to u8 for DeviceTableEntry::set_int_table_len
Verified: iommu crate compiles clean (0 errors, 0 warnings).
dma.rs: IommuDmaAllocator (145 lines)
- New struct wires existing IOMMU daemon (1003 lines) to existing DmaBuffer (261)
- allocate(): phys-contiguous alloc via scheme:memory, then MAP through IOMMU domain
- unmap(): sends UNMAP to IOMMU domain, releases IOVA
- Inlined IOMMU protocol constants — no new crate dependency
- encode_iommu_request/decode_iommu_response for scheme write/read cycle
Documentation updates:
- IMPLEMENTATION-MASTER-PLAN.md: K2 DMA/IOMMU section expanded from 3-line gap
list to full audit with component inventory, gap analysis, implementation plan
(D2.1-D2.5), Linux reference table. Added K2b thread/fork audit.
- CPU-DMA-IRQ-MSI-SCHEDULER-FIX-PLAN.md: Phase 1 (MSI) marked complete with
per-task status. Phase 2 (DMA) re-scoped from 'create' to 'wire' based on
audit. Phase 3 (scheduler) marked mostly done.
- IRQ-AND-LOWLEVEL-CONTROLLERS-ENHANCEMENT-PLAN.md: kernel MSI support noted
as materially strong with P8-msi.patch reference.
Audit findings:
- IOMMU daemon is solid: 1003-line lib.rs with full scheme protocol,
427-line amd_vi.rs, host-runnable tests. Needs wiring, not rewriting.
- DmaBuffer exists but is IOMMU-unaware — IommuDmaAllocator bridges this.
- relibc rlct_clone is correct for threads (shares addr space implicitly).
'3 IPC hops' claim is microkernel-architectural, not a real perf issue.
- No stale docs to archive at this time.
- Add GuiPrivate to Qt6 find_package in top-level CMakeLists.txt
- Add missing QElapsedTimer include in toolbarlayout.cpp
- Add network stub infrastructure in recipe (incomplete, Qt6Network
cross-compilation still needed for full build)
- udev-shim: replace .expect() with graceful errors (no more panic on Broken pipe)
- P4-initfs: remove duplicate sessiond (conflicted with config)
- accessibility/ime/keymapd: break instead of exit(1) on EBADF
- P6 driver patches rebased
- Docs: archive old reports, add implementation master plan
Base: fix P6-driver-new-modules.patch (ed format -> unified diff) for new
driver modules (ncq, itr, phy). P6-driver-main-fixes.patch now applies with
offset on current upstream source.
Relibc: remove stale P5-named-semaphores (upstream has stubs), add
P10-stack-size-8mb and P11-getrlimit-getrusage (per-process rlimit table,
sysconf integration, getdtablesize fix, null-pointer safety).
Kernel: consolidate 29 individual patches into single redbear-consolidated.patch.
Userutils: P5-redbear-branding replaces P4-login-rate-limit.
Recipe.toml changes now committed so they survive source resets.
Config [[files]] entries for init services used /usr/lib/init.d/ paths,
which get silently overwritten by package staging (Layer 2 over Layer 1).
Per AGENTS.md, config overrides MUST use /etc/init.d/ so the init system's
config_for_dirs() gives them priority over package defaults.
Fixes mini image debug console failure (getty: failed to open TTY
/scheme/fbcon/3: No such file or directory) caused by base package's
31_debug_console.service overwriting minimal.toml's debug scheme override.
The Wayland compositor was commented out, causing the greeter to fail
when trying to launch the UI. With the compositor enabled, the full
greeter flow now works: compositor starts, creates Wayland socket,
greeter UI launches on VT 3, and Qt6 client connects successfully.
MouseTx::handle() treated 0xFE (PS/2 RESEND) as an unknown response,
causing mouse init to fail on hardware where the mouse requests a
resend during the reset/command exchange. Now resends the current
command byte when the mouse returns 0xFE, matching the PS/2 protocol.
Bootloader hardcoded RedoxFS partition offset at 2 MiB, which fails when
efi_partition_size > 1 (redbear-full, redbear-grub use 16 MiB, placing
RedoxFS at LBA 34816 = 17 MiB). Added GPT partition table parser that
scans for Linux filesystem GUID (0FC63DAF) to find the actual offset.
Also removed invalid 'respawn = true' from 31_debug_console.service in
redbear-full.toml — init's service format does not support this field.
Verified: all three ISOs boot in QEMU UEFI and reach login prompt.
Add redbear-usb-storage-check in-guest binary that validates USB mass
storage read and write I/O: discovers /scheme/disk/ devices, writes a
test pattern to sector 2048, reads it back, verifies match, restores
original content. Updates test-usb-storage-qemu.sh with write-proof
verification step.
Includes all accumulated Red Bear OS work: kernel patches, relibc
patches, driver infrastructure, DRM/GPU, KDE recipes, firmware,
validation tooling, build system hardening, and documentation.
5-phase hardening to prevent silent file-layer collisions (the D-Bus
regression class):
Phase 1: lint-config-paths.sh + make lint-config in depends.mk
Phase 2: CollisionTracker in installer (content-hash comparison)
Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh
Phase 4: validate-init-services.sh + make validate in disk.mk
Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md)
Both redbear-mini and redbear-full build and validate clean.
66 declared install paths in base, zero conflicts.
The init system parser (serde deny_unknown_fields) rejects [service]
sections in .target files. The P4-initfs-dbus-services patch was
creating 05_boot_essential.target and 12_boot_late.target with a
no-op [service] section (cmd=/usr/bin/true). Removed those sections
so targets only contain [unit].
This eliminates "unknown field service, expected unit" init warnings
that could prevent proper service dependency resolution.
The [users.root] override in redbear-full.toml only set shell, which
replaced (not merged) the base.toml entry that had uid=0 gid=0
password="password". Without explicit uid/gid, the installer assigned
root UID 1000, causing D-Bus to fail looking up user "root" and
"messagebus" — all D-Bus clients (sessiond, polkit, udisks, upower)
timed out and exited.
Verified: D-Bus daemon starts, polkit registers PolicyKit1, sessiond
registers login1, zero timeouts or retries in QEMU boot.
P1 (ACPI/PCI/xHCI, 11 patches) and P5 (init hardening, 2 patches)
exist in local/patches/base/ but cannot be wired due to conflicts
from redox.patch removal. Documented with # TODO rebase notes
per PATCH-GOVERNANCE.md rules.
Oracle review found 3 gaps. All fixed:
1. Recipe #TODO updated from 'Always-permit stub' to 'Real UID-based policy'
2. init.d/20_polkit.service created
3. redbear-full.toml already has 14_redbear-polkit via [[files]] — verified
P5: redbear-polkit now enforces real authorization:
- is_authorized(uid, action_id) checks UID-based policy
- uid=0 (root) always authorized
- Other users checked against /etc/polkit-1/policy.toml
- Default: deny for unknown actions (fail-closed)
- Backend name changed from 'redbear-permit-all' to 'redbear-uid-policy'
- Default policy grants power/network/storage to root+user(1000)
P3-3: fbcond scrollback is now fully functional:
- text.rs: 1000-line ring buffer captures all console output
- scheme.rs: new Scrollback handle type, path/N/scrollback open
- main.rs: Scrollback match arm in event loop
- Users can read scrollback via:
cat /scheme/fbcon/2/scrollback
19/19 patches. base + base-initfs build.
Fixed common dependency path (../../common → ../common).
Added workspace member entry for drivers/thermald.
thermald now builds as part of base recipe.
19/19 patches. base + base-initfs build.
vasilito