Add redbear-usb-storage-check in-guest binary that validates USB mass
storage read and write I/O: discovers /scheme/disk/ devices, writes a
test pattern to sector 2048, reads it back, verifies match, restores
original content. Updates test-usb-storage-qemu.sh with write-proof
verification step.
Includes all accumulated Red Bear OS work: kernel patches, relibc
patches, driver infrastructure, DRM/GPU, KDE recipes, firmware,
validation tooling, build system hardening, and documentation.
Kernel hardening (proc.rs +23 lines):
- NGROUPS_MAX=65536 enforcement in Groups write handler
- Reject non-u32-aligned writes with EINVAL
- Process-scope propagation: setgroups() now fans out to
ALL threads sharing the same owner_proc_id
Relibc robustness:
- setrlimit: EINVAL for unknown resources (was silent Ok)
- posix_getgroups: kernel readback when cache is empty,
fixes exec() cache-staleness gap
Oracle audit fixes: H (kernel cap), E (alignment reject),
G (process-scope), C (cache readback), B (rlimit errors)
Analysis shows existing P0/P1 patches cover ~85% of kernel/redox.patch
(2,335 lines). Extract the two uncovered sections as new patches:
P2-redbear-os-branding.patch (65 lines): Redox->RedBear OS branding in
aarch64, riscv64, x86_shared start files + device init logging milestones.
P3-eventfd-kernel.patch (368 lines): Full EventCounter implementation
in event.rs with blocking read/write, semaphore mode, wait conditions,
and EventScheme eventfd path dispatch in scheme/event.rs.
Update desktop status doc with Wave 2 changes.
- IOAPIC: enable full IOAPIC initialization on AMD/Intel bare metal,
dual GSI 0/2 timer mapping for platform compatibility, NMI handler
uses raw COM1 PIO writes to avoid mutex deadlock
- HPET: counter validation, graceful fallback to PIT when HPET missing
- PS/2: fix 0xFE RESEND handling in all MouseState variants, add
controller flush/self-test retry/aux port test from Linux 7.0
- ACPI: defer AML evaluation to avoid blocking initfs driver spawn
- VT chain: remove duplicate rootfs service files (inputd, vesad,
fbcond, getty) that were already handled by initfs phase 1 and the
legacy 30_console script from minimal.toml
- QEMU verified: boots to login prompt, 20 rootfs units (was 26),
single login prompt (was double), only 1 expected error (wifictl)
Consolidate the active desktop path around redbear-full while landing the greeter/session stack and the runtime fixes needed to keep Wayland and KWin bring-up moving forward.
Add MadtLocalApicNmi (type 0x4), MadtLapicAddressOverride (type 0x5), and MadtLocalX2ApicNmi (type 0xA) structs with compile-time size assertions. Add enum variants and iterator cases for all three. Implement set_lvt_nmi() on LocalApic for both xAPIC (LINT0/LINT1 at offsets 0x350/0x360) and x2APIC (MSRs 0x835/0x836) with NMI delivery mode, polarity, and trigger mode from MADT flags. Process NMI entries in x86.rs MADT loop to configure per-CPU LVT NMI registers. Parse and log LAPIC address override (64-bit) for future use.
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Add Sdt::validate_checksum() method that sums all bytes in the table and verifies the result is zero per ACPI spec. Call it during ACPI table iteration in init() — warn on invalid checksum but do not skip the table, to avoid breaking boot on firmware with slightly incorrect checksums.
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
The critical fix: local_apic.rs id() now returns (read(0x20) >> 24) for xAPIC mode instead of the raw register value. This was causing wrong APIC IDs on Intel, leading to misrouted IPIs, missed TLB shootdowns, and the page fault during context switch at switch.rs:317.
Also adds:
- Named ICR constants (ICR_INIT_ASSERT, ICR_STARTUP) with bit-layout comments
- Comment documenting x2APIC timeout limitation (cpu_id allocated before timeout check)
- All existing changes preserved (x2APIC MADT type 9, cpuid split, memory alignment, RSDP checksum, ICR pending wait, MADT entry length guard)
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Derivative of Redox OS (https://www.redox-os.org) adding:
- AMD GPU driver (amdgpu) via LinuxKPI compat layer
- ext4 filesystem support (ext4d scheme daemon)
- ACPI fixes for AMD bare metal (x2APIC, DMAR, IVRS, MCFG)
- Custom branding (hostname, os-release, boot identity)
Build system is full upstream Redox with RBOS overlay in local/.
Patches for kernel, base, and relibc are symlinked from local/patches/
and protected from make clean/distclean. Custom recipes live in
local/recipes/ with symlinks into the recipes/ search path.
Build: make all CONFIG_NAME=redbear-full
Sync: ./local/scripts/sync-upstream.sh
vasilito