Markus Maiwald
0c598ce0bd
feat(core): M4 security — CSpace, Pledge, STL, budget enforcement, BKDL manifests
2026-02-15 19:59:07 +01:00
eaf753c70c
feat(membrane): Hardened LwIP memory manager & stabilized DHCP/DNS
...
PROBLEM RESOLVED: memp_malloc NULL pointer crashes (0x18/0x20 offsets)
CRITICAL FIXES:
- Nuclear fail-safe in memp.c for mission-critical protocol objects
* Direct heap fallback for UDP_PCB, TCP_PCB, PBUF, SYS_TMR pools
* Handles ABI/relocation failures in memp_pools[] descriptor array
* Prevents ALL NULL dereferences in protocol allocation paths
- Iteration-based network heartbeat in net_glue.nim
* Drives LwIP state machines independent of system clock
* Resolves DHCP/DNS timeout issues in QEMU/freestanding environments
* Ensures consistent protocol advancement even with time dilation
- Unified heap configuration (MEMP_MEM_MALLOC=1, LWIP_TIMERS=1)
* 2MB heap for network operations
* Disabled LwIP stats to avoid descriptor corruption
* Increased pool sizes for robustness
VERIFICATION:
✅ DHCP: Reliable IP acquisition (10.0.2.15)
✅ ICMP: Full Layer 2 connectivity confirmed
✅ DNS: Query enqueuing operational (secondary crash isolated)
✅ VirtIO: 12-byte header alignment maintained
NEXT: Final DNS request table hardening for complete resolution
Signature: CORRECTNESS > SPEED
2026-01-07 23:47:04 +01:00
3779197eb9
feat(kernel): implement System Truth Ledger and Causal Trace
...
- Implemented System Ontology (SPEC-060) and STL (SPEC-061) in Zig HAL
- Created Nim bindings and high-level event emission API
- Integrated STL into kernel boot sequence (SystemBoot, FiberSpawn, CapGrant)
- Implemented Causal Graph Engine (SPEC-062) for lineage tracing
- Verified self-aware causal auditing in boot logs
- Optimized Event structure to 58 bytes for cache efficiency
2026-01-06 03:37:53 +01:00
bf427290f1
feat(kernel): implement Sv39 fiber memory isolation and hardened ELF loader
2026-01-05 16:36:25 +01:00
6e78b7f458
Rumpk Stability, NipBox Boot, and Repository Cleanup
...
- Fixed Rumpk RISC-V Trap Handler (SSCRATCH swap, align(4), SUM bit) to prevent double faults.
- Stabilized Userland Transition (fence.i, MMU activation) allowing NipBox execution.
- Restored Forge pipeline to build NipBox from source.
- Documented critical RISC-V trap mechanics in .agent/tips.
- Committed pending repository cleanup (obsolete websites) and new core modules.
2026-01-04 21:39:06 +01:00
1b4facd86b
Phase 37: The Glass Cage - Memory Isolation Complete
...
VICTORY: All page faults (Code 12, 13, 15) eliminated. NipBox runs in isolated userspace.
Root Cause Diagnosed:
- Kernel BSS (0x84D5B030) was overwritten by NipBox loading at 0x84000000
- current_fiber corruption caused cascading failures
Strategic Fixes:
1. Relocated NipBox to 0x86000000 (eliminating BSS collision)
2. Expanded DRAM to 256MB, User region to 64MB (accommodating NipBox BSS)
3. Restored Kernel GP register in trap handler (fixing global access)
4. Conditionally excluded ion/memory from userspace builds (removing 2MB pool)
5. Enabled release build optimizations (reducing BSS bloat)
Results:
- Kernel globals: SAFE
- User memory: ISOLATED (Sv39 active)
- Syscalls: OPERATIONAL
- Scheduler: STABLE
- NipBox: ALIVE (waiting for stdin)
Files Modified:
- core/rumpk/apps/linker_user.ld: User region 0x86000000-0x89FFFFFF (64MB)
- core/rumpk/hal/mm.zig: DRAM 256MB, User map 32-256MB
- core/rumpk/hal/entry_riscv.zig: GP reload in trap handler
- core/rumpk/core/ion.nim: Conditional memory export
- core/rumpk/libs/membrane/ion_client.nim: Local type declarations
- core/rumpk/libs/membrane/net_glue.nim: Removed ion import
- core/rumpk/libs/membrane/compositor.nim: Stubbed unused functions
- src/nexus/builder/nipbox.nim: Release build flags
Next: Fix stdin delivery to enable interactive shell.
2026-01-04 02:03:01 +01:00
Markus Maiwald
Markus Maiwald