redox-os issueshttps://gitlab.redox-os.org/groups/redox-os/-/issues2024-03-17T23:48:03Zhttps://gitlab.redox-os.org/redox-os/drivers/-/issues/40Community hardware device porting2024-03-17T23:48:03ZRibbonCommunity hardware device portingThis tracking issue covers the devices from the community that needs a driver.
Unfortunately we can't know the most sold device models of the world to measure our device porting priority, thus we will use our community data to measure o...This tracking issue covers the devices from the community that needs a driver.
Unfortunately we can't know the most sold device models of the world to measure our device porting priority, thus we will use our community data to measure our device priorities, if you find a "device model users" survey (similar to [Debian Popularity Contest](https://popcon.debian.org/) and [Steam Hardware/Software Survey](https://store.steampowered.com/hwsurvey/Steam-Hardware-Software-Survey-Welcome-to-Steam)), please comment.
If you want to contribute to this table, install [pciutils](https://mj.ucw.cz/sw/pciutils/) on your Linux (it should have a package on your distribution), run `lspci -v` to see your hardware devices and their kernel drivers and give the results of these items on each device:
- The first field (each device has an unique name for this item)
- Kernel driver in use
- Kernel modules
If you are unsure of what to do, you can copy and paste the entire text to a code block and comment.
| **Device model** | **Kernel driver** | **Kernel module** | **There's a Redox driver?** |
|------------------|-------------------|-------------------|-----------------------------|
| Realtek RTL8821CE 802.11ac (Wi-Fi) | rtw_8821ce | rtw88_8821ce | No |
| Intel Ice Lake-LP SPI Controller | intel-spi | spi_intel_pci | No |
| Intel Ice Lake-LP SMBus Controller | i801_smbus | i2c_i801 | No |
| Intel Ice Lake-LP Smart Sound Technology Audio Controller | snd_hda_intel | snd_hda_intel, snd_sof_pci_intel_icl | No |
| Intel Ice Lake-LP Serial IO SPI Controller | intel-lpss | No | No |
| Intel Ice Lake-LP Serial IO UART Controller | intel-lpss | No | No |
| Intel Ice Lake-LP Serial IO I2C Controller | intel-lpss | No | No |
| Ice Lake-LP USB 3.1 xHCI Host Controller | xhci_hcd | No | No |
| Intel Processor Power and Thermal Controller | proc_thermal | processor_thermal_device_pci_legacy | No |
| Intel Device 8a02 | icl_uncore | No | No |
| Iris Plus Graphics G1 (Ice Lake) | i915 | i915 | No |https://gitlab.redox-os.org/redox-os/kernel/-/issues/148Support generic interrupts on arm642024-03-17T20:29:57Zbjorn3Support generic interrupts on arm64See the thread starting at https://matrix.to/#/%23redox-dev%3Amatrix.org/%24hVX4XI4x2tbwbJCSl1vQ5wx0C7GOBNGfWTmXAtW6e3c?via=mozilla.org&via=matrix.org&via=artifact8.xyz&via=envs.net But basically only timer and serial interrupts currentl...See the thread starting at https://matrix.to/#/%23redox-dev%3Amatrix.org/%24hVX4XI4x2tbwbJCSl1vQ5wx0C7GOBNGfWTmXAtW6e3c?via=mozilla.org&via=matrix.org&via=artifact8.xyz&via=envs.net But basically only timer and serial interrupts currently work. The `irq:` scheme required by most PCI drivers (and other drivers) is non-functional. This needs to be implemented for each of the three irq chips supported by the kernel.https://gitlab.redox-os.org/redox-os/kernel/-/issues/147Support huge pages2024-03-16T10:21:13ZJacob Lorentzon4ldo2@protonmail.comSupport huge pagesHuge pages are heavier, slower to CoW, and possibly wasting memory, and would waste 0.4% being unused `PageInfo`s. But they do almost always reduce TLB overhead, and most importantly, they require far less page table mappings and flushes...Huge pages are heavier, slower to CoW, and possibly wasting memory, and would waste 0.4% being unused `PageInfo`s. But they do almost always reduce TLB overhead, and most importantly, they require far less page table mappings and flushes than small pages. That means they can potentially, in some cases, be a huge improvement (512x for 2 MiB pages) in IPC latency and to a lesser extent, throughput. 1 GiB pages may also allow (recently-used) physical addresses to hopefully always reside in at least the L2DTLB in kernel mode, speeding up e.g. copying of pages. Jeremy measured the optimal buffer size for throughput, (for most schemes including redoxfs), was 4 MiB, with larger sizes being slower due to mapping/flushing and possibly TLB overhead.
Worth noting AArch64 supports two additional standard page sizes -- 16 KiB and 64 KiB, which for some if not most workloads is more efficient, and 16k could maybe even be a better default. Ironically, Zen3+ AMD CPUs also support a 16 KiB page size, by merging any 4 virtually-contiguous pages that are physically contiguous and naturally 16k-aligned, into a single 16 KiB TLB entry. Although it would waste 4x as much page table memory, that might also be worth looking into.https://gitlab.redox-os.org/redox-os/kernel/-/issues/114Allow splitting and merging (all) grants2024-03-16T09:18:23ZJacob Lorentzon4ldo2@protonmail.comAllow splitting and merging (all) grantsCurrently, some parts of the kernel assume that simply the base address is enough to obtain grants. However, grants are memory regions with both base and size, and the ability to merge grants that are contiguous and with identical attrib...Currently, some parts of the kernel assume that simply the base address is enough to obtain grants. However, grants are memory regions with both base and size, and the ability to merge grants that are contiguous and with identical attributes, would reduce fragmentation and be more correct.
~~Currently, the primary blocker is the current `UserScheme` code.~~
As of https://gitlab.redox-os.org/redox-os/kernel/-/merge_requests/238, the simplest `Allocated` grants are mergeable, but the remaining grant types (AllocatedShared, External, FmapBorrowed, and PhysBorrowed) need to be mergeable too.https://gitlab.redox-os.org/redox-os/kernel/-/issues/124Implement x86 security mitigations2024-03-16T08:44:54ZJacob Lorentzon4ldo2@protonmail.comImplement x86 security mitigationsHere's the list based on the x86 CPU vulnerabilities that Linux's lscpu prints. IIRC some of these only require updated microcode (but Redox doesn't currently support microcode updates).
- [ ] Spec store bypass (add IA32_SPEC_CTRL to co...Here's the list based on the x86 CPU vulnerabilities that Linux's lscpu prints. IIRC some of these only require updated microcode (but Redox doesn't currently support microcode updates).
- [ ] Spec store bypass (add IA32_SPEC_CTRL to context state)
- [ ] Spectre v1
- [ ] usercopy lfence barriers
- [ ] swapgs lfence barriers
- [ ] race condition induced Spectre (Ghostrace)
- [ ] etc...
- [ ] Spectre v2
- [ ] Retpolines
- [ ] RSB filling on context switches
- [ ] etc...
- [ ] Meltdown (PTI - unfinished)
- [ ] Retbleed - https://lwn.net/Articles/901834/, https://lwn.net/Articles/907054/
- [ ] Mmio stale data
- [ ] Mds
- [x] L1tf (VMM) - does not affect the Redox kernel... yet (no hypervisor support).
- [x] L1tf (OS) - `Frame`s are statically enforced not to be 0x0, and RMM is clearing page entries to zero (though it could be enforced better: https://gitlab.redox-os.org/redox-os/rmm/-/issues/3)
- [ ] Itlb multihit - does not yet affect the Redox kernel... but once hypervisor support is added, ensure that large/huge pages are not executable on vulnerable CPU models.
- [ ] Srbds - requires microcode update (mitigation can be disabled via MSRs)
- [ ] Tsx async abort - requires microcode update, Linux defaults to disabling TSX entirely in that case
- [ ] Gather data sampling ("DOWNFALL") - requires microcode update. TODO: anything else?
- [ ] RAS overflow ("INCEPTION") - requires microcode update too. TODO: anything else?
- [ ] Register File Data Sampling (only affects Intel Atom though)
Some other useful security-enhancing x86 features less related to side channels:
- [x] UMIP (trivial to add support for)
- [x] SMEP (also trivial) - apparently related to RSB filling
- [x] SMAP (will require [usercopy functions](https://gitlab.redox-os.org/redox-os/kernel/-/issues/115), hard)
- [ ] Protection keys
- [ ] Shadow stacks
It would most likely be wise to prioritize vulnerabilities affecting newer CPUs first, most notably Spec Store Bypass and Spectre V1/V2, then continuing with Retbleed, Meltdown, and lastly, the Intel-specific mostly-patched bugs (MDS, L1TF, TSX, MMIO stale data, SRBDS).
Redox also needs to implement microcode loading, which can probably be done from userspace.https://gitlab.redox-os.org/redox-os/kernel/-/issues/146Implement CPU softlockup and hardlockup detection2024-03-15T14:17:19ZRibbonImplement CPU softlockup and hardlockup detectionhttps://www.kernel.org/doc/html/latest/admin-guide/lockup-watchdogs.htmlhttps://www.kernel.org/doc/html/latest/admin-guide/lockup-watchdogs.htmlhttps://gitlab.redox-os.org/redox-os/uutils/-/issues/6whoami not working for non-root user2024-03-15T04:37:42ZRon Williamswhoami not working for non-root userhttps://gitlab.redox-os.org/redox-os/uutils/-/issues/5df not working correctly2024-03-15T03:38:04ZRon Williamsdf not working correctlyAfter the change to RedoxFS to add records, df is not working correctly.After the change to RedoxFS to add records, df is not working correctly.https://gitlab.redox-os.org/redox-os/kernel/-/issues/145Support process-context identifiers2024-03-11T15:24:56ZJacob Lorentzon4ldo2@protonmail.comSupport process-context identifiersPage table switching is a significant part of context switch overhead, which process-context identifiers help reduce. With [TLB shootdown](https://gitlab.redox-os.org/redox-os/kernel/-/merge_requests/282) now properly implemented, it wou...Page table switching is a significant part of context switch overhead, which process-context identifiers help reduce. With [TLB shootdown](https://gitlab.redox-os.org/redox-os/kernel/-/merge_requests/282) now properly implemented, it would be a natural extension to add a percpu queue of `Weak<AddrSpaceWrapper>`, and retain the address space CPU users bits set as long as they are still in that queue. PCIDs would only be used for userspace mappings, as the redox kernel memory layout makes a clear distinction between user and kernel addresses. An address space is user-accessible if and only if it's lower half, and if and only if it's non-Global.
Because this may impact TLB shootdown performance, it would need to be benchmarked thoroughly before being enabled at least by default.https://gitlab.redox-os.org/redox-os/cookbook/-/issues/196Build shared objects in some recipes2024-03-11T14:19:57ZRibbonBuild shared objects in some recipesTo enforce our [package size policy](https://gitlab.redox-os.org/redox-os/cookbook#library-linking) we need to make the bigger libraries build shared objects for dynamic linking.
(If you find other dependencies bigger than 20MB, comment...To enforce our [package size policy](https://gitlab.redox-os.org/redox-os/cookbook#library-linking) we need to make the bigger libraries build shared objects for dynamic linking.
(If you find other dependencies bigger than 20MB, comment on this issue)
- [ ] llvm - Most big dependency
- [ ] ffmpeg6
- [ ] gstreamer
- [ ] boosthttps://gitlab.redox-os.org/redox-os/kernel/-/issues/110Moving namespace functionality to userspace2024-03-08T12:24:20ZJacob Lorentzon4ldo2@protonmail.comMoving namespace functionality to userspaceWe can move namespace functionality to relibc (while obviously preserving security). The kernel root scheme will be replaced by a scheme that only gives out anonymous scheme sockets. Userspace will implement `:` instead, as a scheme wher...We can move namespace functionality to relibc (while obviously preserving security). The kernel root scheme will be replaced by a scheme that only gives out anonymous scheme sockets. Userspace will implement `:` instead, as a scheme where namespaces are file descriptors, and where the usual `open(":name")` registers that name and fd-forwards the kernel-provided anonymous fd. FD forwarding will also allow insertion and removal of schemes from namespaces, with great flexibility.
Relibc will have a global variable called ACTIVE_NS, containing a namespace fd, and possibly more namespace fds as well. This eliminates getens/getrns/setrens/makens. Prefixes would be parsed in relibc's open(3), scheme access would be obtained through openat(ns, scheme_name) (possibly cached) and openat(scheme_access, path) would do the rest. The idea is that both ns and scheme access will be fd-based "capabilities".
This would require SYS_OPENAT to be implemented, and the libredox migration (https://gitlab.redox-os.org/redox-os/libredox/-/issues/1) needs to be completed first (because this will break `syscall::open`).https://gitlab.redox-os.org/redox-os/mesa/-/issues/1Update the patches with the current upstream code2024-03-01T20:15:03ZRibbonUpdate the patches with the current upstream codehttps://gitlab.redox-os.org/redox-os/redox/-/issues/1433Port OpenSSL 32024-03-01T20:09:13ZRibbonPort OpenSSL 3It's necessary to run many programs.It's necessary to run many programs.https://gitlab.redox-os.org/redox-os/redox/-/issues/1432Making Cosmic Edit and File Manager the defaults2024-03-01T19:56:31ZRon WilliamsMaking Cosmic Edit and File Manager the defaultsTo make Cosmic Edit and File Manager the defaults in Orbital, a little bit of work is required.
- [ ] Decide if we will drop Orbital Edit and File Manager or if we want to keep them as an option.
- [ ] If we want to keep them, we will n...To make Cosmic Edit and File Manager the defaults in Orbital, a little bit of work is required.
- [ ] Decide if we will drop Orbital Edit and File Manager or if we want to keep them as an option.
- [ ] If we want to keep them, we will need a orbdata-cosmic recipe that will replace orbdata. If we will drop them, then we can just update orbdata. Alternatively, we could remove the `launcher` data for the OrbUtils versions from orbdata, and have the `launcher` data defined in the configuration file.
- [ ] Make a recipe for orbutils-extras that only builds the orbutils we need to add when using Cosmic apps.
- [ ] If we will drop Orbital Edit and File Manager, then we should modify `config/desktop.toml` to add the Cosmic apps and drop the Orbital versions. If we will keep them, we need two versions of `desktop.toml`, one for orbutils and one for Cosmic.
- [ ] It would be nice if all the parts of the Cosmic desktop were defined in one config file, for clarity. That file would then be included by the `desktop.toml` config file.https://gitlab.redox-os.org/redox-os/website/-/issues/195(Goal) Up-to-date translations2024-03-01T19:45:05ZRibbon(Goal) Up-to-date translationsThe official language of the website is English, the goal is to make all outdated translations in pair with the English pages, this issue will cover the progress.
Each translator will comment if the translation is in pair with English (...The official language of the website is English, the goal is to make all outdated translations in pair with the English pages, this issue will cover the progress.
Each translator will comment if the translation is in pair with English (up-to-date) and the language box will be marked.
- [x] Portuguese
- [ ] Mandarin
- [ ] Spanish
- [ ] Russian
- [ ] French
- [ ] German
- [ ] Italian
- [ ] Turkish
- [ ] Swedish
- [ ] Dutch
- [ ] Danish
- [ ] Norwegian
- [ ] Czech
- [ ] Esperanto
- [ ] Japanese
- [ ] Korean
- [ ] Hungarian
- [ ] Polish
- [ ] Ukrainian
- [ ] Arabichttps://gitlab.redox-os.org/redox-os/redox/-/issues/1431Tracking Issue for UNIX-style paths2024-03-01T13:39:43ZRon WilliamsTracking Issue for UNIX-style pathsThe following is a list of changes to made to complete the implementation of the new path format.
- [ ] Update the documentation to use the new format wherever possible but describe the legacy format and say it is still used
- [ ] Final...The following is a list of changes to made to complete the implementation of the new path format.
- [ ] Update the documentation to use the new format wherever possible but describe the legacy format and say it is still used
- [ ] Finalize the [namespace RFC](https://gitlab.redox-os.org/redox-os/rfcs/-/merge_requests/20 "Add RFC for the namespace root.")
- [ ] Decide when `/scheme/file` should be explicit and when it should be removed/hidden
- [ ] Convert relibc to the new path format (this should have it's own tracking issue)
- [ ] Finish converting the kernel to the new path format everywhere
- [ ] Implement the namespace RFC in the kernel with support for both current and new formats
- [ ] Stablize the redox-scheme crate and redox-event crate and update to the new format for paths and namespace
- [ ] Convert all schemes and drivers to use redox-scheme and redox-event rather than creating sockets directly (this should have its own tracking issue)
- [ ] Decide on Orbital paths and get/set window attributes (may need its own RFC)
- [ ] Convert OrbUtils and other Orbital-compatible programs to use the new Orbital path format
- [ ] Wrap all legacy format support (and conversion between formats) with a feature guard going forward
- [ ] Add the feature guard to the kernel, relibc, RedoxFS and anything else that supports both formats
- [ ] Convert all libraries to the new format (or to handle both formats if appropriate) (this should have its own tracking issue)
- [ ] Convert all programs to the new format (this should have its own tracking issue)
- [ ] Disable the legacy format feature guard in each program and test
- [ ] Remove all guarded legacy format support
- [ ] Update the documentation to remove all references to the old formathttps://gitlab.redox-os.org/redox-os/netstack/-/issues/34Support multiple network adapters at the same time2024-02-29T11:33:25Zbjorn3Support multiple network adapters at the same timehttps://gitlab.redox-os.org/redox-os/drivers/-/merge_requests/143 and https://gitlab.redox-os.org/redox-os/netstack/-/merge_requests/45 allow multiple network adapters to co-exist, but smolnetd will not actually use any beyond the first ...https://gitlab.redox-os.org/redox-os/drivers/-/merge_requests/143 and https://gitlab.redox-os.org/redox-os/netstack/-/merge_requests/45 allow multiple network adapters to co-exist, but smolnetd will not actually use any beyond the first yet.https://gitlab.redox-os.org/redox-os/netstack/-/issues/35Support promiscuous mode2024-02-28T11:40:43Zbjorn3Support promiscuous modeIn other word allow tools like wireshark to receive packets sent to a different application or even different computer (depending on the network connection mechanism used).In other word allow tools like wireshark to receive packets sent to a different application or even different computer (depending on the network connection mechanism used).https://gitlab.redox-os.org/redox-os/kernel/-/issues/144Allow the kernel to log a panic message while the logger is still locked2024-02-27T10:44:41Zbjorn3Allow the kernel to log a panic message while the logger is still lockedNormally you can't log anything while the logger is locked to avoid multiple log messages from getting interleaved. When panicking the logger may never be unlocked as you may be panicking on the same kernel thread that holds the lock. Ge...Normally you can't log anything while the logger is locked to avoid multiple log messages from getting interleaved. When panicking the logger may never be unlocked as you may be panicking on the same kernel thread that holds the lock. Getting the panic message interleaved with other messages is much better than hanging without any panic message getting printed at all.https://gitlab.redox-os.org/redox-os/ion_lsp/-/issues/4"Not", "and" and "or" builtin2024-02-26T08:31:23ZFlorian Naumann"Not", "and" and "or" builtin