redox-os issueshttps://gitlab.redox-os.org/groups/redox-os/-/issues2023-07-13T14:25:48Zhttps://gitlab.redox-os.org/redox-os/kernel/-/issues/132Boot time scales inversely by the number of CPUs2023-07-13T14:25:48ZJacob Lorentzon4ldo2@protonmail.comBoot time scales inversely by the number of CPUsThis can be checked by comparing the boot time (context switch and syscall heavy), when setting QEMU's `-smp` to 1, 4, or 16.
The global context switch lock, combined with every processor being preempted exactly at the same time (the BS...This can be checked by comparing the boot time (context switch and syscall heavy), when setting QEMU's `-smp` to 1, 4, or 16.
The global context switch lock, combined with every processor being preempted exactly at the same time (the BSP sends out IPIs when there are PIT ticks), and that the context is locked numerous times for each syscall, might be the primary causes of this slowdown.https://gitlab.redox-os.org/redox-os/relibc/-/issues/178Rustify2024-01-12T17:50:49ZRibbonRustifyThis issue covers the relibc parts that benefit from using a Rustier implementation, in order to be less prone to memory unsafety and to some extent logic bugs.
- [ ] [Rusty error handling](https://gitlab.redox-os.org/redox-os/relibc/-/...This issue covers the relibc parts that benefit from using a Rustier implementation, in order to be less prone to memory unsafety and to some extent logic bugs.
- [ ] [Rusty error handling](https://gitlab.redox-os.org/redox-os/relibc/-/issues/176)
- [ ] [Rust's libm port](https://gitlab.redox-os.org/redox-os/relibc/-/issues/154)
- [x] dlmallochttps://gitlab.redox-os.org/redox-os/redox/-/issues/1393Exploit mitigations2023-10-27T11:07:14ZRibbonExploit mitigationsThis issue will cover the mandatory and optional exploit mitigations for Redox.
As Redox is written in Rust there's memory-safety though the compiler, thus it might make sense to disable most exploit mitigations, at least by default.
B...This issue will cover the mandatory and optional exploit mitigations for Redox.
As Redox is written in Rust there's memory-safety though the compiler, thus it might make sense to disable most exploit mitigations, at least by default.
But Redox is not fully safe Rust because many crates rely on less thoroughly checked unsafe, such as when heavily using FFI. Therefore, it might make more sense to enable mitigations for such programs, as well as for C/C++ programs, even though unsafe Rust is generally still safer than C/C++.
Exploit mitigations specific to C/C++ memory errors are unnecessary for safe Rust code.
### Criteria
The exploit mitigations on this issue must follow some criteria.
1. The mitigation is needed for microkernel-based systems?
2. If the mitigation is cheap (low performance penault) and the security benefit is considerable, it can be enabled by default.
3. Classify if it's a compiler, manual system-wide/some programs or x86-specific mitigation.
### Mitigations
This list will filter the exploit mitigations.
- Address Space Layout Randomization - userspace
- ~~Kernel Address Space Layout Randomization~~ probably overkill for a microkernel; seL4 for example uses `-static -fno-pie -fno-pic`
- Position-Independent Executables - compiler-based
- RELRO
- BIND_NOW
- SEGVGUARD (ASLR brute force protection)
- W^X (memory mappings and switching pages)
- SROP
- Trusted Path Execution
- SafeStack
- Non-Cross-DSO Control-Flow Integrity
- Retpoline - Spectre mitigation for monolithic kernels?
### Implementations
This list will track the exploit mitigations implementation.
- [x] SMAP - x86-specific, manual system-wide
- [x] SMEP - x86-specific, manual system-wide
- [x] Zero-initialized userspace stack - manual system-wide
- [ ] Read-only pages where necessary - manual?
- [ ] IP ID randomization - netstack or smoltcp? manual.
- [ ] Temporary IPv6 addresses - netstack or smoltcp? manual.https://gitlab.redox-os.org/redox-os/kernel/-/issues/131Support 32-bit userspace when using 64-bit kernels2023-07-08T09:22:45ZJacob Lorentzon4ldo2@protonmail.comSupport 32-bit userspace when using 64-bit kernelshttps://gitlab.redox-os.org/redox-os/kernel/-/issues/130 needs to be fixed, and there probably needs to be two permanent GDT entries, for FS and GS.
It might be possible to allow enabling/disabling compatibility mode, at compile time.https://gitlab.redox-os.org/redox-os/kernel/-/issues/130 needs to be fixed, and there probably needs to be two permanent GDT entries, for FS and GS.
It might be possible to allow enabling/disabling compatibility mode, at compile time.https://gitlab.redox-os.org/redox-os/kernel/-/issues/130x86 segment registers are not saved/restored2023-08-08T09:50:44ZJacob Lorentzon4ldo2@protonmail.comx86 segment registers are not saved/restoredOn x86, segment registers are currently not saved and restored when context switching. Since userspace is capable of loading available selector values into segment registers,
- CS is immutable, everything but GDT_USER_CODE #GPs
- SS (wi...On x86, segment registers are currently not saved and restored when context switching. Since userspace is capable of loading available selector values into segment registers,
- CS is immutable, everything but GDT_USER_CODE #GPs
- SS (will be) immutable, can only be set to GDT_USER_DATA
- DS, ES, FS, and GS, can be either NULL or GDT_USER_DATA,
at most four bits of data can be leaked between contexts when switching.https://gitlab.redox-os.org/redox-os/redox/-/issues/1392Dev room2024-03-18T00:02:32ZRibbonDev roomThis issue cover what is necessary for the dev variant of Redox.
- [x] Port Rust
- [x] Port GCC
- [x] Port LLVM
- [ ] Port Python
- [ ] Port Go
- [x] Port Vim
- [ ] Port Neovim
- [ ] Port Emacs
- [ ] Port zsh
- [ ] Port fish
- [ ] Port ...This issue cover what is necessary for the dev variant of Redox.
- [x] Port Rust
- [x] Port GCC
- [x] Port LLVM
- [ ] Port Python
- [ ] Port Go
- [x] Port Vim
- [ ] Port Neovim
- [ ] Port Emacs
- [ ] Port zsh
- [ ] Port fish
- [ ] Port Nushell (WIP)
- [ ] Port GDB
- [ ] Port NodeJS
- [ ] Port OpenSSHhttps://gitlab.redox-os.org/redox-os/redox/-/issues/1391Desktop room2024-03-17T23:59:15ZRibbonDesktop roomThis issue cover what is necessary for the desktop variant of Redox.
- [ ] Port GTK
- [ ] Port Qt
- [ ] Port Firefox
- [ ] Port VLC
- [ ] Port Servo
- [ ] Port Chromium (hard)
- [ ] Port WebAssembly
- [ ] Implement GPU acceleration (thr...This issue cover what is necessary for the desktop variant of Redox.
- [ ] Port GTK
- [ ] Port Qt
- [ ] Port Firefox
- [ ] Port VLC
- [ ] Port Servo
- [ ] Port Chromium (hard)
- [ ] Port WebAssembly
- [ ] Implement GPU acceleration (through Linux driver VMs on QEMU)
- [ ] Port COSMIC Desktop
- [ ] Port GNOME (time-consuming)
- [ ] Port KDE Plasma (time-consuming)
- [ ] Port Swayhttps://gitlab.redox-os.org/redox-os/redox/-/issues/1390Self-hosting status2024-01-31T04:12:30ZRibbonSelf-hosting statusThis issue will cover the self-hosting status of Redox OS.
Self-hosting in the low-level world is when the operating system can build itself (compile Redox on Redox), to achieve this the toolchain and tools needs to run on it.
### Buil...This issue will cover the self-hosting status of Redox OS.
Self-hosting in the low-level world is when the operating system can build itself (compile Redox on Redox), to achieve this the toolchain and tools needs to run on it.
### Build Redox on Redox
- [ ] rustc
- [ ] cargo - close to work, some deadlocks remain.
- [ ] gcc
- [ ] llvm
- [ ] make
- [x] git - included by default
- [x] curl - included by default
### Build all recipes
- [ ] autopoint?
- [x] bash - included by default
- [ ] bison
- [ ] cmake
- [ ] wget
- [ ] file
- [ ] flex
- [ ] gperf
- [x] libexpat
- [ ] libfuse
- [x] libgmp
- [x] libpng
- [x] libjpeg
- [x] sdl1.2
- [x] sdl2-ttf
- [ ] html-parser-perl
- [ ] libtool
- [ ] m4
- [x] nasm
- [x] patch
- [x] automake
- [x] autoconf
- [ ] scons
- [x] pkg-config
- [ ] po4a
- [ ] texinfo
- [ ] ninja-build
- [ ] meson
- [ ] python3
- [ ] python3-mako
- [ ] xdg-utils
- [x] vim - included by default
- [ ] perl
- [ ] doxygen
### bootstrap.sh
Once all recipes are ported the Redox package manager function and command must be added on the script.
We can do this before the fully porting by adding the Redox OS functions and command as a comment.
- A function to detect if the OS is Redox.
- A function to detect what is installed.
#### Package manager command
```sh
# sudo pkg install rust \
# cargo \
# gcc \
# llvm \
# gnu-make \
# bison \
# cmake \
# wget \
# file \
# flex \
# gperf \
# expat \
# libgmp \
# libpng \
# libjpeg \
# sdl \
# sdl2_ttf \
# html-parser-perl \
# libtool \
# m4 \
# nasm \
# patch \
# automake \
# autoconf \
# scons \
# pkg-config \
# po4a \
# texinfo \
# ninja-build \
# meson \
# python \
# python3-mako \
# xdg-utils \
# vim \
# perl \
# doxygen \
```https://gitlab.redox-os.org/redox-os/redox/-/issues/1388(Feature request) Provide VM images for new versions2023-07-08T00:08:15ZRibbon(Feature request) Provide VM images for new versionsWe can offer QEMU and Virtual Box disk images with Redox pre-installed, like FreeBSD does.We can offer QEMU and Virtual Box disk images with Redox pre-installed, like FreeBSD does.https://gitlab.redox-os.org/redox-os/redox/-/issues/1387Feature requests index2024-02-10T18:35:35ZRibbonFeature requests indexThis issue will cover the open feature requests of Redox GitLab, send a comment if you want to see your feature request on the list.
- [ ] [Recipe categories on the Cookbook configuration](https://gitlab.redox-os.org/redox-os/redox/-/is...This issue will cover the open feature requests of Redox GitLab, send a comment if you want to see your feature request on the list.
- [ ] [Recipe categories on the Cookbook configuration](https://gitlab.redox-os.org/redox-os/redox/-/issues/1395) - build system
- [x] [Add an option for make to delete the recipe source](https://gitlab.redox-os.org/redox-os/redox/-/issues/1386) - build system
- [x] [Add an option to ignore recipe errors](https://gitlab.redox-os.org/redox-os/redox/-/issues/1416) - build system
- [x] [Enable the recipe binary syntax by default](https://gitlab.redox-os.org/redox-os/redox/-/issues/1401) - build system
- [x] [Recipe override list](https://gitlab.redox-os.org/redox-os/redox/-/issues/1402) - build system
- [x] [Dark theme by default](https://gitlab.redox-os.org/redox-os/website/-/issues/192) - website
- [ ] [Provide VM images for new versions](https://gitlab.redox-os.org/redox-os/redox/-/issues/1388) - CI server
- [ ] [CI testing for packages](https://gitlab.redox-os.org/redox-os/redox/-/issues/1394) - CI server
- [ ] [memtest86+ for the Redox bootloader](https://gitlab.redox-os.org/redox-os/redox/-/issues/1397) - recipe
- [ ] [Automatic operating system detection on boot loader](https://gitlab.redox-os.org/redox-os/redox/-/issues/1407) - boot loaderhttps://gitlab.redox-os.org/redox-os/redox/-/issues/1384Tracking issues index2024-03-28T11:00:41ZRibbonTracking issues indexThis issue cover the current tracking issues of Redox.
- [ ] [Implement the missing POSIX APIs on relibc](https://gitlab.redox-os.org/redox-os/relibc/-/issues/173) - high priority
- [ ] [Kernel/userspace separation policy](https://gitla...This issue cover the current tracking issues of Redox.
- [ ] [Implement the missing POSIX APIs on relibc](https://gitlab.redox-os.org/redox-os/relibc/-/issues/173) - high priority
- [ ] [Kernel/userspace separation policy](https://gitlab.redox-os.org/redox-os/redox/-/issues/1412) - medium priority
- [ ] [Repositories with missing GitLab CI](https://gitlab.redox-os.org/redox-os/redox/-/issues/1377) - high priority
- [ ] [Self-hosting status](https://gitlab.redox-os.org/redox-os/redox/-/issues/1390) - medium priority
- [ ] [Community hardware device porting](https://gitlab.redox-os.org/redox-os/drivers/-/issues/40) - medium priority
- [ ] [Port the most used crates of the Rust ecossystem](https://gitlab.redox-os.org/redox-os/redox/-/issues/1378) - medium priority
- [ ] [Rustify relibc](https://gitlab.redox-os.org/redox-os/relibc/-/issues/178) - medium priority
- [ ] [Forks status](https://gitlab.redox-os.org/redox-os/redox/-/issues/1380) - low priority
- [ ] [Linux driver VM optimizations](https://gitlab.redox-os.org/redox-os/redox/-/issues/1382) - low priority
- [ ] [Linux app VMs](https://gitlab.redox-os.org/redox-os/redox/-/issues/1383) - low priority
- [ ] [RedoxFS tooling](https://gitlab.redox-os.org/redox-os/redoxfs/-/issues/42) - low priority
- [ ] [Convert all legacy recipes to TOML](https://gitlab.redox-os.org/redox-os/cookbook/-/issues/174) - low priority
- [ ] [Desktop improvements](https://gitlab.redox-os.org/redox-os/redox/-/issues/1391) - low priority
- [ ] [Server improvements](https://gitlab.redox-os.org/redox-os/redox/-/issues/1375) - medium priority
- [ ] [Dev improvements](https://gitlab.redox-os.org/redox-os/redox/-/issues/1392) - medium priority
- [ ] [Exploit mitigations](https://gitlab.redox-os.org/redox-os/redox/-/issues/1393) - low priority
- [ ] [Orbital improvements](https://gitlab.redox-os.org/redox-os/redox/-/issues/1430) - low priority
- [ ] [Feature requests index](https://gitlab.redox-os.org/redox-os/redox/-/issues/1387) - low priorityhttps://gitlab.redox-os.org/redox-os/kernel/-/issues/129Support syscall62023-10-29T20:44:40ZJacob Lorentzon4ldo2@protonmail.comSupport syscall6Redox currently supports syscall0..=syscall5, i.e. rax+rdi+rsi+rdx+r10+r8, but some future syscalls like preadv2/pwritev2 (and futex?) on 32-bit architectures would need e.g. SYS_PWRITEV2+fd+addr+len+off_lo+off_hi+flags, i.e. 7 args.
Th...Redox currently supports syscall0..=syscall5, i.e. rax+rdi+rsi+rdx+r10+r8, but some future syscalls like preadv2/pwritev2 (and futex?) on 32-bit architectures would need e.g. SYS_PWRITEV2+fd+addr+len+off_lo+off_hi+flags, i.e. 7 args.
The registers Linux uses for that, are
- x86_64: rax, rdi, rsi, rdx, r10, r8, r9
- x86_32: eax, ebx, ecx, ecx, edi, esi, ebp
- aarch64: x8, x0, x1, x2, x3, x4, x5, x6
Might be worth looking into whether supporting full-width syscall return values, on x86/x86_64, by setting the carry flag, improves performance (the BSDs do this IIRC).https://gitlab.redox-os.org/redox-os/redox/-/issues/1383Linux app VMs2023-07-08T02:30:22ZRibbonLinux app VMsSimilar to the Linux driver VMs [issue](https://gitlab.redox-os.org/redox-os/redox/-/issues/1382), the Linux app VMs will make Linux-only programs run on Redox.
Why? some programs rely on Linux kernel technologies/interfaces to work, li...Similar to the Linux driver VMs [issue](https://gitlab.redox-os.org/redox-os/redox/-/issues/1382), the Linux app VMs will make Linux-only programs run on Redox.
Why? some programs rely on Linux kernel technologies/interfaces to work, like containers and filesystems.
FreeBSD and NetBSD have a Linux compatibility layer to run unmodified Linux binaries using their ported Linux kernel API, it's possible because the BSDs design is similar to Linux, thus a kernel module is developed without massive changes.
Even with that kernel module, some Linux programs don't work, this kind of implementation can't be done on Redox without massive changes, because it's a microkernel with much more simplicity.
Filesystems rely more on the kernel APIs than other programs, all development is focused on these APIs, even if you port a filesystem to other OS, it will be hard/time-consuming to adapt the new changes from other OS if it's a big/complex filesystem.
To mitigate this you can use a FUSE driver or a VM, FUSE is an universal API but lack some filesystems and the drivers can be unmaintained easily.
A VM will bring many filesystems and their improvements over the time with a small configuration effort, at the cost of some overhead (can be optimized).
Like the Linux driver VMs proposal, the Linux app VMs can be simple and made for a specific use-case, we can have a specific daemon VM for Flatpak, other for Docker, other for Snappy, etc.
Each daemon VM will be optimized/built for his specific necessities, that way we reduce memory usage, CPU time, bugs and complexity.
### Daemon proposals
- [ ] flatpakd (a VM for Flatpak applications)
- [ ] snappyd (a VM for Snappy applications)
- [ ] dockerd (a VM for Docker applications)
- [ ] podmand (a VM for Podman applications)
- [ ] genericd (a VM for any application)
### Suggestions
- Flatpak, Snappy, Docker and Podman binaries can be static linked to relibc.
- Remove the GNU/Linux userland libraries/tools from VM images.
- We could have an option to have one VM per app.
Using one VM per app we will have the VM crash isolated on the program, but it will use more memory and CPU.https://gitlab.redox-os.org/redox-os/redox/-/issues/1382Linux driver VM optimizations2023-07-12T05:10:33ZRibbonLinux driver VM optimizationsThis issue will cover the optimizations that can be done to the Linux driver VMs.
Linux driver VMs are VMs created to offer driver support for Redox, see how it works:
- The Linux VM access the device though PCI passthrough (the host s...This issue will cover the optimizations that can be done to the Linux driver VMs.
Linux driver VMs are VMs created to offer driver support for Redox, see how it works:
- The Linux VM access the device though PCI passthrough (the host system doesn't need a driver, similar to Qubes OS).
- A Redox bridge program will run on Linux userspace, this bridge will communicate with some Redox host scheme based on the driver type (audio: for sound cards, video: for GPUs).
- The Linux VM will communicate with the bridge and the Redox host will control the device without native drivers.
This is a guest-to-host communication using VirtIO interfaces, because of the virtualization some overhead will exist.
Most operating systems speed up their VMs with a type-2 hypervisor running on the kernel (KVM and Hyper-V, for example), we will use Revirt-U to do that, but more optimizations can be done to reduce CPU cycles and memory usage.
- [ ] Build a separated bridge for each device type or Linux device system.
- `drmd` - GPUs.
- `netd` - network devices (Ethernet).
- `fsd` - filesystems.
- `wifid` - Wi-Fi adapters.
- `audiod` - sound devices.
- `inputd` - mouse/keyboards/gamepads/joysticks.
- `sensord` - sensor drivers.
The userspace part can be minimal or even empty, depending on whether a kernel module is needed/beneficial for communication with the bridged device. Userspace can be empty besides init, which might not have to do anything useful either depending on much how much of the bridging is done by a kernel module.
- [ ] Use a real-time scheduler.
Linux CFS have a multitasking design in mind, as our Linux driver VMs only run the Redox bridge, as well as a few background kthreads, so we can use a monotasking low-latency scheduler to have maximum performance.https://gitlab.redox-os.org/redox-os/syscall/-/issues/33Strict pointer provenance2023-06-27T08:50:59ZniluxvStrict pointer provenanceMuch of the current API violates [strict provenance](https://github.com/rust-lang/rust/issues/95228), for example `syscall::call::fmap` returning a `usize` instead of a pointer. Changing this would obviously be a breaking change, but goo...Much of the current API violates [strict provenance](https://github.com/rust-lang/rust/issues/95228), for example `syscall::call::fmap` returning a `usize` instead of a pointer. Changing this would obviously be a breaking change, but good to keep in mind for the next semver-breaking version bump (i.e. `0.4.0`).https://gitlab.redox-os.org/redox-os/redoxer/-/issues/9rsync is required2023-06-19T03:38:47Zthe ssdrsync is requiredCheck if rsync is installedCheck if rsync is installedhttps://gitlab.redox-os.org/redox-os/rmm/-/issues/3Guarantee L1TF immunity2023-06-14T10:14:43ZJacob Lorentzon4ldo2@protonmail.comGuarantee L1TF immunityL1TF is unconditionally handled on Linux by inverting address bits if PRESENT is cleared. On FreeBSD, it is handled by always reserving page zero, and ensuring the address bits are zeroed for non-PRESENT pages.
RMM probably does this al...L1TF is unconditionally handled on Linux by inverting address bits if PRESENT is cleared. On FreeBSD, it is handled by always reserving page zero, and ensuring the address bits are zeroed for non-PRESENT pages.
RMM probably does this already, but that needs to be properly ensured.https://gitlab.redox-os.org/redox-os/rmm/-/issues/2Remove virt_is_valid?2023-06-14T10:11:15ZJacob Lorentzon4ldo2@protonmail.comRemove virt_is_valid?https://gitlab.redox-os.org/redox-os/rmm/-/merge_requests/7#note_27379https://gitlab.redox-os.org/redox-os/rmm/-/merge_requests/7#note_27379https://gitlab.redox-os.org/redox-os/redox/-/issues/1380Forks status2023-07-08T02:30:22ZRibbonForks statusThis issue will track the forks used by Redox, from GitHub to GitLab and the toolchains.
Forks with pending patches to be merged on upstream or waiting relibc improve its portability (they will be merged once the Redox APIs are stable)....This issue will track the forks used by Redox, from GitHub to GitLab and the toolchains.
Forks with pending patches to be merged on upstream or waiting relibc improve its portability (they will be merged once the Redox APIs are stable).
Mark them when it's merged or don't have patches.
- [ ] binutils
- [ ] openssl
- [ ] mesa
- [ ] sdl2
- [ ] atk
- [ ] bash
- [ ] cairo
- [ ] classicube
- [ ] coreutils
- [ ] cpal
- [ ] curl
- [ ] dash
- [ ] diffutils
- [ ] dosbox
- [ ] duktape
- [ ] eduke32
- [ ] extrautils
- [ ] ffmpeg
- [ ] findutils
- [ ] flycast
- [ ] fontconfig
- [ ] freeciv
- [ ] freedoom
- [ ] freepats
- [ ] game-2048
- [ ] gawk
- [ ] gdbserver
- [ ] generaluser-gs
- [ ] gettext
- [ ] gigalomania
- [ ] git
- [ ] glib
- [ ] glium
- [ ] glutin
- [ ] grep
- [ ] make
- [ ] gstreamer
- [ ] hematite
- [ ] iced
- [ ] jansson
- [ ] libc-bench
- [ ] libcosmic
- [ ] libffi
- [ ] libiconv
- [ ] libogg
- [ ] libretro-super
- [ ] libsodium
- [ ] mednafen
- [ ] mgba
- [ ] miniserve
- [ ] netsurf
- [ ] neverball
- [ ] openttd
- [ ] pango
- [ ] patch
- [ ] pathfinder
- [ ] pcre
- [ ] perl
- [ ] pixelcannon
- [ ] pixman
- [ ] prboom
- [ ] python
- [ ] qemu
- [ ] readline
- [ ] retroarch
- [ ] ripgrep
- [ ] rs-nes
- [ ] rust64
- [ ] rustual-boy
- [ ] schismtracker
- [ ] scummvm
- [ ] sdl1.2
- [ ] sdl_gfx
- [ ] sdl_image
- [ ] sdl_mixer
- [ ] sdl_ttf
- [ ] sdl-player
- [ ] sdl2_mixer
- [ ] sed
- [ ] servo
- [ ] sm64ex
- [ ] spacecadetpinball
- [ ] openssh
- [ ] syobonaction
- [ ] timidity
- [ ] uutils
- [ ] vice
- [ ] vim
- [ ] vttest
- [ ] vvvvvv
- [ ] webrender
### Permanent forks
- gcc
- llvm
- rustc
- cargohttps://gitlab.redox-os.org/redox-os/redox/-/issues/1379Golang port2023-06-12T22:21:36ZRibbonGolang portGolang have its own standard library, thus it will need to use the Redox system calls directly (massive).Golang have its own standard library, thus it will need to use the Redox system calls directly (massive).