syscall issueshttps://gitlab.redox-os.org/redox-os/syscall/-/issues2023-06-27T08:50:59Zhttps://gitlab.redox-os.org/redox-os/syscall/-/issues/33Strict pointer provenance2023-06-27T08:50:59ZniluxvStrict pointer provenanceMuch of the current API violates [strict provenance](https://github.com/rust-lang/rust/issues/95228), for example `syscall::call::fmap` returning a `usize` instead of a pointer. Changing this would obviously be a breaking change, but goo...Much of the current API violates [strict provenance](https://github.com/rust-lang/rust/issues/95228), for example `syscall::call::fmap` returning a `usize` instead of a pointer. Changing this would obviously be a breaking change, but good to keep in mind for the next semver-breaking version bump (i.e. `0.4.0`).https://gitlab.redox-os.org/redox-os/syscall/-/issues/32Use a safe transmute crate2023-06-08T10:08:00ZJacob Lorentzon4ldo2@protonmail.comUse a safe transmute crateCurrently, many of the redox_syscall structs are repr(C) although using Deref impls to be convertible to regular slices. This has a few downsides, such as requiring explicit unsafe when casting *slices* of structs, as well as unsafe boil...Currently, many of the redox_syscall structs are repr(C) although using Deref impls to be convertible to regular slices. This has a few downsides, such as requiring explicit unsafe when casting *slices* of structs, as well as unsafe boilerplate. Reading padding bytes from a struct is UB, and `Stat` (on x86_64 at least) does contain implicit padding, making its Deref impl unsound (cf. https://gitlab.redox-os.org/redox-os/syscall/-/issues/29).
Some Redox drivers use `plain`, which would be a great improvement, although requiring manual `unsafe impl Plain for Struct`, and only allowing `slice_from_bytes` (as opposed to `slice_to_bytes`, which is impossible since plain does not forbid padding bytes). A better alternative might be `bytemuck`, which uses a derive-macro to safely implement traits, with the addition of being able to safely convert contiguous enums to/from ints (zerocopy would also work, but might not be ideal due to licensing).https://gitlab.redox-os.org/redox-os/syscall/-/issues/29Unsound APIs2023-12-06T09:50:50ZDawid CiężarkiewiczUnsound APIsHi,
I'm looking at the crev review of `redox_syscall`: https://github.com/MaulingMonkey/crev-proofs/commit/0e29470384492587074e19a2a1ff7adc341bea25 , pasted inline:
```
version: -1
date: "2019-07-24T14:53:11.836480900-07:00"
from:
id...Hi,
I'm looking at the crev review of `redox_syscall`: https://github.com/MaulingMonkey/crev-proofs/commit/0e29470384492587074e19a2a1ff7adc341bea25 , pasted inline:
```
version: -1
date: "2019-07-24T14:53:11.836480900-07:00"
from:
id-type: crev
id: 6OZqHXqyUAF57grEY7IVMjRljdd9dgDxiNtr1NF1BdY
url: "https://github.com/MaulingMonkey/crev-proofs"
package:
source: "https://crates.io"
name: redox_syscall
version: 0.1.56
revision: e3fd644ba9830d104c309f77c36dc6b94f92f2b1
digest: FTw1q2J_JAvJHFyP4Xn0URVlkBDh1xI3mxs5sFn_A-U
review:
thoroughness: low
understanding: low
rating: negative
comment: |
Exposes unsound APIs, lots of unverified syscalls.
Reviewed:
src\arch\*.rs: Skimmed... looks reasonable, but didn't verify correct instructions / register invalidation.
src\io\dma.rs: Some unsafe... looks correct, but not thoroughly tested.
src\io\io.rs: +1
src\io\mmio.rs: UNSOUND (can construct uninitialized() T via "safe" `Mmio::new()`!)
src\io\mod.rs: +1
src\io\pio.rs: Some unsafe... looks reasonable, but didn't verify correct instructions.
src\scheme\generate.sh: +1
src\scheme\mod.rs: +1
src\scheme\scheme*.rs: UNSOUND (can construct arbitrary slices from arbitrary Packet s via `Scheme*::handle`)
.cargo_vcs_info.json: +1
.cargo-ok: +1
.gitlab-ci.yml: +1
Cargo.toml: +1
Cargo.toml.orig: +1
LICENSE: +1
README.md: +1
Skimmed:
src\call.rs: Lots of unsafe syscalls... unverified.
src\data.rs: UNSOUND (Map deref etc.)
src\error.rs: No tests for STR_ERROR, but at least it's sound.
src\flag.rs: Sound, magic constant city, meh.
src\lib.rs: LEAKS UNSOUND TRAITS into public interface!
src\number.rs: Safe, magic constant city.
src\tests.rs: Unsafe, but only #[test]s
```
I just wanted to bring it to your attention. I guess in a low-level crate like this it might be more complicated to judge the `unsafe` issues. Please let me know what you think. Are some of the unsafety issues real? Is there anything that can be improved about it?https://gitlab.redox-os.org/redox-os/syscall/-/issues/26fchmod API2021-08-06T13:19:17ZSamwiseFilmoremggmugginsmc@gmail.comfchmod API`fchmod` takes two `u32`'s as uid and gid which are subsequently cast to usize. Everywhere else in the API uids and gids are `usize`. I'd prefer to just use `u32` for uid and gid, but that's a personal preference and since `usize` is use...`fchmod` takes two `u32`'s as uid and gid which are subsequently cast to usize. Everywhere else in the API uids and gids are `usize`. I'd prefer to just use `u32` for uid and gid, but that's a personal preference and since `usize` is used everywhere else, I don't mind too much, but I'd like to see `fchmod` get changed to reflect the decision on type for uid and gid, regardless.
Originally posted in #21 https://gitlab.redox-os.org/redox-os/syscall/-/issues/24Perhaps building syscall on non-Redox platforms should error2018-06-13T19:39:49ZIan Douglas ScottPerhaps building syscall on non-Redox platforms should errorOtherwise it is potentially possible to build a program using the library on other platforms, but it will not work correctly, and potentially cause undefined behaviour. The best way to do this is probably with a `build.rs` test.
I am ...Otherwise it is potentially possible to build a program using the library on other platforms, but it will not work correctly, and potentially cause undefined behaviour. The best way to do this is probably with a `build.rs` test.
I am somewhat concerned, though, that some software ported to Redox is probably depending unconditionally on the syscall crate, and this change would make it fail to build on other platforms. This is probably the right thing to do though, and those crates can be fixed (I guess we can test every crate on crates.io that depends on redox_syscall?).https://gitlab.redox-os.org/redox-os/syscall/-/issues/21Improve syscall interfaces2023-10-23T15:42:38ZJeremy SollerImprove syscall interfaces
The current ABI stability policy, is to define the stable ABI layer in relibc, and allow internal breaking changes to the syscall ABI. This may and likely will change in the future, when the kernel and its interfaces reach a certain le...
The current ABI stability policy, is to define the stable ABI layer in relibc, and allow internal breaking changes to the syscall ABI. This may and likely will change in the future, when the kernel and its interfaces reach a certain level of maturity.
## Move most file operations to the fd
- [x] ~~Change `chmod(path, mode)` to `fchmod(fd, mode)`~~ => `chmod` has been removed in favor of `fchmod`
- [x] ~~Add `fchown(fd, owner, group)`~~ => already added
## Make `dup` less magical
- [ ] Change `dup(fd, buf)` to `dup(fd)`
- [ ] Change `dup2(fd, newfd, buf)` to `dup2(fd, newfd)`
- [ ] Add `openat(fd, path, flags)`.
With the dup buffer removed, schemes will no longer receive SYS_DUP requests, instead SYS_OPENAT.
## Use standard methods more often
### memory management
- [x] ~~Use `fmap` to implement `physmap`~~
- [x] ~~Use `funmap` to implement `physunmap`~~
- [ ] Replace `physalloc`
- [ ] Replace `physfree`
- [ ] Decide whether `virttophys` should still exist. One of the proposed alternatives to physalloc/physfree is to do mmap with a "physically contiguous" flag, which would necessitate a syscall for virt=>phys translation.
- [x] ~~Consider using `fmap` to implement `brk`~~ => SYS_BRK has already been removed from the kernel
### process management
(let `proc/...` be an alias for `thisproc:current/...`)
- [x] ~~Replace chdir and getcwd with `proc/cwd`~~
- Replace getegid, getens, geteuid, getns, getpid, getpgid/setpgid, getppid, getuid, setregid, setrens, setreuid, umask, sigprocmask with corresponding files
- Replace sigaction get/set with `proc/sigaction`
# Cleanup other syscalls
- [x] Replace `pipe2` with ~~open/openat~~ open/dup
- Implement or remove `link(old, new)`
# Misc
- Remove `int 0x80` on x86_64?
- Add UTIME_NOW and UTIME_OMIT?
# ~~ABI stabilization (WIP)~~
~~A large part of growing the adoption of a kernel is to stabilize the ABI used. I would like to work on a stable ABI in the next few months, and a 1.0 version of the `kernel` and `syscall` crate. I am proposing the following for ABI stabilization:~~Jeremy SollerJeremy Sollerhttps://gitlab.redox-os.org/redox-os/syscall/-/issues/17Nanosleep should allow None/null rmtp2018-06-13T19:39:50ZIan Douglas ScottNanosleep should allow None/null rmtpThe kernel handles this, but `syscall` doesn't. I guess the only way is a breaking change, making it an `Option`?The kernel handles this, but `syscall` doesn't. I guess the only way is a breaking change, making it an `Option`?https://gitlab.redox-os.org/redox-os/syscall/-/issues/15Rename library to redox_syscall2018-06-13T19:39:50ZJeremy SollerRename library to redox_syscallThis would probably be a major version bump, but it would be consistent with the crate nameThis would probably be a major version bump, but it would be consistent with the crate name