refactor: move to rust 1.84.0-nightly + implement disable_aslr

2024-10-31 22:53:46 +02:00 · 2024-10-31 22:53:46 +02:00 · 3639d64649
commit 3639d64649
parent 1a975af1e9
45 changed files with 721 additions and 395 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/boot/yboot-proto/src/lib.rs
+++ b/boot/yboot-proto/src/lib.rs
@ -1,4 +1,3 @@
-#![feature(const_mut_refs)]
 #![no_std]

 use bytemuck::{Pod, Zeroable};
--- a/boot/yboot/src/main.rs
+++ b/boot/yboot/src/main.rs
@ -1,4 +1,4 @@
-#![feature(asm_const)]
+#![allow(static_mut_refs)]
 #![no_std]
 #![no_main]

--- a/etc/aarch64-unknown-qemu.json
+++ b/etc/aarch64-unknown-qemu.json
@ -3,7 +3,7 @@
  "arch": "aarch64",
  "os": "none",
  "llvm-target": "aarch64-unknown-none",
-  "data-layout": "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128",
+  "data-layout": "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128-Fn32",
  "max-atomic-width": 128,
  "target-pointer-width": "64",
  "features": "+v8a,+strict-align,-neon,-fp-armv8",
--- a/kernel/arch/aarch64/src/lib.rs
+++ b/kernel/arch/aarch64/src/lib.rs
@ -37,7 +37,7 @@ pub static CPU_COUNT: AtomicUsize = AtomicUsize::new(1);
 #[naked]
 extern "C" fn idle_task(_: usize) -> ! {
    unsafe {
-        core::arch::asm!("1: nop; b 1b", options(noreturn));
+        core::arch::naked_asm!("1: nop; b 1b");
    }
 }

--- a/kernel/arch/i686/src/lib.rs
+++ b/kernel/arch/i686/src/lib.rs
@ -1,4 +1,4 @@
-#![feature(never_type, naked_functions, asm_const, strict_provenance)]
+#![feature(never_type, naked_functions)]
 #![no_std]

 extern crate alloc;
@ -34,13 +34,13 @@ static mut CPU: *mut () = null_mut();
 #[naked]
 extern "C" fn idle_task(_: usize) -> ! {
    unsafe {
-        core::arch::asm!(
+        core::arch::naked_asm!(
            r#"
        1:
            nop
            jmp 1b
        "#,
-            options(att_syntax, noreturn)
+            options(att_syntax)
        );
    }
 }
--- a/kernel/arch/x86/src/lib.rs
+++ b/kernel/arch/x86/src/lib.rs
@ -1,4 +1,4 @@
-#![feature(iter_chain, strict_provenance)]
+#![feature(iter_chain)]
 #![allow(clippy::new_without_default)]
 #![no_std]

--- a/kernel/arch/x86_64/src/lib.rs
+++ b/kernel/arch/x86_64/src/lib.rs
@ -1,6 +1,6 @@
 #![no_std]
 #![allow(clippy::new_without_default)]
-#![feature(strict_provenance, asm_const, naked_functions, trait_upcasting)]
+#![feature(naked_functions, trait_upcasting)]

 extern crate alloc;

@ -69,13 +69,13 @@ pub static CPU_COUNT: AtomicUsize = AtomicUsize::new(1);
 #[naked]
 extern "C" fn idle_task(_: usize) -> ! {
    unsafe {
-        core::arch::asm!(
+        core::arch::naked_asm!(
            r#"
-                     1:
-                         nop
-                         jmp 1b
-                     "#,
-            options(noreturn, att_syntax)
+            1:
+                nop
+                jmp 1b
+            "#,
+            options(att_syntax)
        );
    }
 }
--- a/kernel/arch/x86_64/src/mem/mod.rs
+++ b/kernel/arch/x86_64/src/mem/mod.rs
@ -384,7 +384,7 @@ pub unsafe fn init_fixed_tables() {
        (ram_mapping_l1_phys as u64) | (PageAttributes::WRITABLE | PageAttributes::PRESENT).bits();

    // TODO ENABLE EFER.NXE
-    let cr3 = &KERNEL_TABLES.l0 as *const _ as usize - KERNEL_VIRT_OFFSET;
+    let cr3 = &raw const KERNEL_TABLES.l0 as usize - KERNEL_VIRT_OFFSET;
    CR3.set_address(cr3);
 }

--- a/kernel/driver/block/nvme/src/lib.rs
+++ b/kernel/driver/block/nvme/src/lib.rs
@ -1,4 +1,4 @@
-#![feature(strict_provenance, const_trait_impl, let_chains, if_let_guard)]
+#![feature(const_trait_impl, let_chains, if_let_guard)]
 #![allow(missing_docs)]
 #![no_std]

--- a/kernel/driver/block/nvme/src/queue.rs
+++ b/kernel/driver/block/nvme/src/queue.rs
@ -282,15 +282,15 @@ impl QueuePair {
        self.cq_base
    }

-    pub fn poll_completion(&self, command_id: u32) -> Poll<Result<(), Error>> {
-        let mut inner = self.inner.lock();
+    // pub fn poll_completion(&self, command_id: u32) -> Poll<Result<(), Error>> {
+    //     let mut inner = self.inner.lock();

-        match inner.completed.remove(&command_id) {
-            Some(result) if let Some(_error) = result.error() => todo!(),
-            Some(_) => Poll::Ready(Ok(())),
-            None => Poll::Pending,
-        }
-    }
+    //     match inner.completed.remove(&command_id) {
+    //         Some(result) if let Some(_error) = result.error() => todo!(),
+    //         Some(_) => Poll::Ready(Ok(())),
+    //         None => Poll::Pending,
+    //     }
+    // }

    pub fn wait_for_completion<'r, T: Unpin + 'r>(
        &'r self,
--- a/kernel/driver/fs/memfs/src/lib.rs
+++ b/kernel/driver/fs/memfs/src/lib.rs
@ -3,7 +3,6 @@
 #![deny(missing_docs)]
 #![allow(clippy::new_without_default, clippy::new_ret_no_self)]
 #![feature(
-    const_mut_refs,
    maybe_uninit_uninit_array,
    const_maybe_uninit_uninit_array,
    maybe_uninit_array_assume_init
--- a/kernel/driver/virtio/net/src/lib.rs
+++ b/kernel/driver/virtio/net/src/lib.rs
@ -1,5 +1,4 @@
 // TODO use more fancy features of virtio-net, TCP/IP checksum offloading would be nice
-#![feature(strict_provenance)]
 #![no_std]

 extern crate alloc;
@ -248,7 +247,6 @@ impl<T: Transport + 'static> InterruptHandler for VirtioNet<T> {
            let (queue_irq, config_irq) = self.transport.lock().read_interrupt_status();

            if queue_irq {
-                log::debug!("Handle IRQ");
                self.handle_receive_interrupt(0);
            }

--- a/kernel/libk/libk-mm/interface/src/lib.rs
+++ b/kernel/libk/libk-mm/interface/src/lib.rs
@ -1,5 +1,5 @@
 #![no_std]
-#![feature(step_trait, const_trait_impl, strict_provenance)]
+#![feature(step_trait, const_trait_impl)]

 use core::ops::{Deref, DerefMut};

--- a/kernel/libk/libk-mm/src/lib.rs
+++ b/kernel/libk/libk-mm/src/lib.rs
@ -1,5 +1,4 @@
 #![feature(
-    strict_provenance,
    maybe_uninit_slice,
    slice_ptr_get,
    step_trait,
--- a/kernel/libk/libk-util/src/lib.rs
+++ b/kernel/libk/libk-util/src/lib.rs
@ -4,7 +4,6 @@
    async_fn_traits,
    async_closure,
    maybe_uninit_slice,
-    new_uninit,
    allocator_api,
    let_chains,
    const_trait_impl,
--- a/kernel/libk/src/lib.rs
+++ b/kernel/libk/src/lib.rs
@ -10,18 +10,17 @@
    step_trait,
    const_trait_impl,
    slice_ptr_get,
-    strict_provenance,
    never_type,
    let_chains,
    allocator_api,
    maybe_uninit_uninit_array,
    const_maybe_uninit_uninit_array,
-    new_uninit,
    trait_alias,
    if_let_guard,
    trait_upcasting,
    arbitrary_self_types,
-    slice_split_once
+    slice_split_once,
+    arbitrary_self_types_pointers
 )]

 extern crate alloc;
--- a/kernel/libk/src/task/binary/elf.rs
+++ b/kernel/libk/src/task/binary/elf.rs
@ -178,6 +178,7 @@ pub fn load_elf_from_file<F: Read + Seek>(
    space: &ProcessAddressSpace,
    mut elf: ElfStream<AnyEndian, FileReader<F>>,
    file: FileReader<F>,
+    aslr: bool,
 ) -> Result<ProcessImage, Error> {
    // TODO get information about interpreter: this could be a dynamic (not just relocatable)
    //      executable with required dependency libraries
@ -186,7 +187,7 @@ pub fn load_elf_from_file<F: Read + Seek>(
    let (vaddr_min, vaddr_max) = elf_virtual_range(&elf);
    let image_load_size = vaddr_max - vaddr_min;
    let (image_load_base, ip_offset) =
-        elf_load_address(elf.ehdr.e_type, vaddr_min, image_load_size);
+        elf_load_address(aslr, elf.ehdr.e_type, vaddr_min, image_load_size);

    log::debug!(
        "Loading ELF virtual {:#x?} -> real {:#x?}",
@ -306,24 +307,33 @@ pub fn elf_virtual_range<F: Read + Seek>(
    (vaddr_min, vaddr_max)
 }

-fn elf_load_address(elf_type: u16, virtual_address: usize, size: usize) -> (usize, usize) {
+fn elf_load_address(
+    aslr: bool,
+    elf_type: u16,
+    virtual_address: usize,
+    #[allow(unused)] size: usize,
+) -> (usize, usize) {
    match elf_type {
        elf::abi::ET_EXEC => (virtual_address, 0),
        elf::abi::ET_DYN => {
-            #[cfg(any(target_pointer_width = "32", rust_analyzer))]
-            {
-                let ceiling = (0x30000000 - size) / 0x1000 - 0x500;
+            let base = if aslr {
+                #[cfg(any(target_pointer_width = "32", rust_analyzer))]
+                {
+                    let ceiling = (0x30000000 - size) / 0x1000 - 0x500;

-                let index = random::range(0x500, ceiling as _);
-                let base = (index as usize) * 0x1000;
-                (base, base)
-            }
-            #[cfg(any(target_pointer_width = "64", rust_analyzer))]
-            {
-                let index = random::range(0x5000, 0x20000);
-                let base = (index as usize) * 0x1000;
-                (base, base)
-            }
+                    let index = random::range(0x500, ceiling as _);
+                    (index as usize) * 0x1000
+                }
+                #[cfg(any(target_pointer_width = "64", rust_analyzer))]
+                {
+                    let index = random::range(0x5000, 0x20000);
+                    (index as usize) * 0x1000
+                }
+            } else {
+                0x400000
+            };
+
+            (base, base)
        }
        // Handled in load_elf_from_file()
        _ => unreachable!(),
@ -404,8 +414,8 @@ fn handle_tls<F: Read + Seek>(
        if data_size > 0 {
            load_bytes(
                space,
-                master_copy_base,
                master_copy_base + data_offset,
+                data_size,
                |off, mut dst| {
                    file.file
                        .seek(SeekFrom::Start(tls_segment.p_offset + off as u64))?;
@ -569,7 +579,6 @@ where
    F: FnMut(usize, PhysicalRefMut<'_, [u8]>) -> Result<(), Error>,
 {
    // TODO check for crazy addresses here
-
    let dst_page_off = addr & 0xFFF;
    let dst_page_aligned = addr & !0xFFF;
    let mut off = 0usize;
--- a/kernel/libk/src/task/binary/mod.rs
+++ b/kernel/libk/src/task/binary/mod.rs
@ -44,6 +44,7 @@ pub struct LoadOptions<'e, P: AsRef<Path>> {
    pub args: &'e [&'e str],
    pub envs: &'e [&'e str],
    pub single_step: bool,
+    pub disable_aslr: bool,
 }

 struct BufferPlacer<'a> {
@ -208,24 +209,13 @@ where
    Ok((process, main))
 }

-// fn load_binary<F: Read + Seek>(
-//     head: &[u8],
-//     file: Arc<F>,
-//     space: &ProcessAddressSpace,
-// ) -> Result<ProcessImage, Error> {
-//     if head.starts_with(b"\x7FELF") {
-//         elf::load_elf_from_file(space, file)
-//     } else {
-//         Err(Error::UnrecognizedExecutable)
-//     }
-// }
-
 fn xxx_load_program<P: AsRef<Path>>(
    space: &ProcessAddressSpace,
    ioctx: &mut IoContext,
    path: P,
    args: Vec<String>,
    envs: Vec<String>,
+    aslr: bool,
 ) -> Result<(ProcessImage, Vec<String>, Vec<String>), Error> {
    let mut head = [0; 256];
    let path = path.as_ref();
@ -246,7 +236,14 @@ fn xxx_load_program<P: AsRef<Path>>(
        }
        shebang_args.extend_from_slice(&args);

-        return xxx_load_program(space, ioctx, shebang_args[0].clone(), shebang_args, envs);
+        return xxx_load_program(
+            space,
+            ioctx,
+            shebang_args[0].clone(),
+            shebang_args,
+            envs,
+            aslr,
+        );
    }

    file.seek(SeekFrom::Start(0))?;
@ -254,7 +251,7 @@ fn xxx_load_program<P: AsRef<Path>>(
    if head.starts_with(b"\x7FELF") {
        match elf::open_elf_file(file)? {
            ElfKind::Static(elf, file) => {
-                let image = elf::load_elf_from_file(space, elf, file)?;
+                let image = elf::load_elf_from_file(space, elf, file, aslr)?;

                Ok((image, args, envs))
            }
@ -263,7 +260,7 @@ fn xxx_load_program<P: AsRef<Path>>(
                let mut interp_args = Vec::new();
                interp_args.push(interp.as_str().into());
                interp_args.extend_from_slice(&args);
-                xxx_load_program(space, ioctx, interp, interp_args, envs)
+                xxx_load_program(space, ioctx, interp, interp_args, envs, aslr)
            }
        }
    } else {
@ -281,7 +278,8 @@ pub fn load<P: AsRef<Path>>(
    let envs = options.envs.iter().map(|&s| s.to_owned()).collect();

    let space = ProcessAddressSpace::new()?;
-    let (image, args, envs) = xxx_load_program(&space, ioctx, path, args, envs)?;
+    let (image, args, envs) =
+        xxx_load_program(&space, ioctx, path, args, envs, !options.disable_aslr)?;
    let name = path.display();
    let name = match name.rsplit_once('/') {
        Some((_, name)) => name,
@ -301,7 +299,14 @@ pub fn load_into<P: AsRef<Path>>(
    let path = options.path.as_ref().to_owned();
    let space = process.space();
    space.clear()?;
-    let (image, args, envs) = xxx_load_program(&space, io.ioctx_mut(), &path, args, envs)?;
+    let (image, args, envs) = xxx_load_program(
+        &space,
+        io.ioctx_mut(),
+        &path,
+        args,
+        envs,
+        !options.disable_aslr,
+    )?;
    let context = setup_context(options, &space, &image, &args, &envs)?;

    Ok((context, image))
--- a/kernel/libk/src/task/thread.rs
+++ b/kernel/libk/src/task/thread.rs
@ -176,6 +176,7 @@ impl Thread {
    /// # Safety
    ///
    /// `sp` must be a valid writable pointer to the task's stack, growing downward.
+    #[allow(unused)]
    pub unsafe fn setup_stack_header(
        space: &ProcessAddressSpace,
        mut sp: *mut usize,
--- a/kernel/libk/src/task/types.rs
+++ b/kernel/libk/src/task/types.rs
@ -163,13 +163,15 @@ impl ProcessTlsLayout {

        debug_assert!(align.is_power_of_two());
        let tls_block0_offset = (size_of::<usize>() * 2 + align - 1) & !(align - 1);
+        // Allocate two words in the back for extra storage
+        let back_size = size_of::<usize>() * 2;

-        let full_size = (tls_block0_offset + mem_size + align - 1) & !(align - 1);
+        let full_size = back_size + (tls_block0_offset + mem_size + align - 1) & !(align - 1);

        Self {
-            data_offset: tls_block0_offset,
-            uthread_offset: 0,
-            ptr_offset: 0,
+            data_offset: tls_block0_offset + back_size,
+            uthread_offset: back_size,
+            ptr_offset: back_size,

            data_size,
            mem_size,
@ -188,8 +190,11 @@ impl ProcessTlsLayout {
        // TP points to the TCB
        debug_assert!(align.is_power_of_two());
        let back_size = (mem_size + align - 1) & !(align - 1);
-        // Self-pointer
-        let forward_size = size_of::<usize>() * 2;
+        // 0: self-pointer
+        // 1: -
+        // 2: segment pointer
+        // 3: segment size
+        let forward_size = size_of::<usize>() * 4;

        let full_size = back_size + forward_size;

@ -212,7 +217,7 @@ impl ProcessTlsLayout {

        debug_assert!(align.is_power_of_two());
        let back_size = (mem_size + align - 1) & !(align - 1);
-        let forward_size = size_of::<usize>();
+        let forward_size = size_of::<usize>() * 4;
        let full_size = back_size + forward_size;

        Self {
--- a/kernel/libk/src/vfs/timer.rs
+++ b/kernel/libk/src/vfs/timer.rs
@ -1,6 +1,5 @@
 use core::{
    mem::size_of,
-    sync::atomic::AtomicBool,
    task::{Context, Poll},
    time::Duration,
 };
@ -37,8 +36,8 @@ impl TimerFile {
    }
 }

-impl TimerFile {
-    pub fn read(&self, buf: &mut [u8]) -> Result<usize, Error> {
+impl Read for TimerFile {
+    fn read(&self, buf: &mut [u8]) -> Result<usize, Error> {
        if buf.len() < size_of::<u8>() {
            return Err(Error::BufferTooSmall);
        }
--- a/kernel/src/init.rs
+++ b/kernel/src/init.rs
@ -82,6 +82,7 @@ pub fn kinit() -> Result<(), Error> {
            args: &["/init", "xxx"],
            envs: &[],
            single_step: false,
+            disable_aslr: false,
        };
        let (user_init, user_init_main) = proc::load_binary(&mut ioctx, &options)?;

--- a/kernel/src/main.rs
+++ b/kernel/src/main.rs
@ -4,18 +4,15 @@
    step_trait,
    decl_macro,
    naked_functions,
-    asm_const,
    optimize_attribute,
    const_trait_impl,
    maybe_uninit_slice,
    arbitrary_self_types,
-    const_mut_refs,
    let_chains,
    linked_list_cursors,
    rustc_private,
    allocator_api,
    trait_alias,
-    strict_provenance,
    slice_ptr_get,
    slice_split_once,
    iter_collect_into,
@ -36,6 +33,8 @@
 #![deny(missing_docs)]
 #![no_std]
 #![no_main]
+// XXX FIXME TODO
+#![allow(static_mut_refs)]

 use arch::Platform;
 use kernel_arch::{Architecture, ArchitectureImpl};
--- a/kernel/src/proc/mod.rs
+++ b/kernel/src/proc/mod.rs
@ -13,5 +13,7 @@ pub fn load_binary<P: AsRef<Path>>(
    ioctx: &mut IoContext,
    options: &LoadOptions<P>,
 ) -> Result<(Arc<Process>, Arc<Thread>), Error> {
-    libk::task::binary::load(ioctx, options)
+    libk::task::binary::load(ioctx, options).inspect_err(|e| {
+        log::warn!("Failed to load binary: {e:?}");
+    })
 }
--- a/kernel/src/syscall/imp/sys_process.rs
+++ b/kernel/src/syscall/imp/sys_process.rs
@ -5,8 +5,8 @@ use abi::{
    io::DeviceRequest,
    mem::MappingSource,
    process::{
-        ExitCode, MutexOperation, ProcessGroupId, ProcessId, Signal, SpawnOption, SpawnOptions,
-        ThreadSpawnOptions,
+        ExitCode, MutexOperation, ProcessGroupId, ProcessId, Signal, SpawnFlags, SpawnOption,
+        SpawnOptions, ThreadSpawnOptions,
    },
 };
 use alloc::sync::Arc;
@ -114,6 +114,7 @@ pub(crate) fn spawn_process(options: &SpawnOptions<'_>) -> Result<ProcessId, Err
            args: options.arguments,
            envs: options.arguments,
            single_step: attach_debugger.is_some(),
+            disable_aslr: options.flags.contains(SpawnFlags::DISABLE_ASLR),
        };
        let (child_process, child_main) = proc::load_binary(io.ioctx_mut(), &load_options)?;
        let pid = child_process.id;
--- a/lib/abi/def/process.abi
+++ b/lib/abi/def/process.abi
@ -18,6 +18,11 @@ newtype ProcessGroupId(u32);
 newtype ThreadId(u32);

 // Spawn
+#[default(_)]
+bitfield SpawnFlags(u32) {
+    /// Disables Address Space Layout Randomization for relocatable binaries
+    DISABLE_ASLR: 1,
+}

 /// Controls how processes are created
 #[derive(Clone, Debug)]
@ -31,6 +36,8 @@ struct SpawnOptions<'a> {
    pub environment: &'a [&'a str],
    /// Optional arguments to specify details of the creation
    pub optional: &'a [SpawnOption],
+    /// Extra flags controlling the new process behavior
+    pub flags: SpawnFlags,
 }

 /// Legacy execve(2) arguments
--- a/lib/abi/src/process/mod.rs
+++ b/lib/abi/src/process/mod.rs
@ -10,8 +10,8 @@ use crate::{
 mod exit;

 pub use crate::generated::{
-    ExecveOptions, ProcessGroupId, ProcessId, Signal, SignalEntryData, SpawnOptions, ThreadId,
-    ThreadSpawnOptions,
+    ExecveOptions, ProcessGroupId, ProcessId, Signal, SignalEntryData, SpawnFlags, SpawnOptions,
+    ThreadId, ThreadSpawnOptions,
 };
 pub use exit::ExitCode;

--- a/lib/libyalloc/src/lib.rs
+++ b/lib/libyalloc/src/lib.rs
@ -1,15 +1,12 @@
 #![feature(
    generic_const_exprs,
    arbitrary_self_types,
-    strict_provenance,
-    exposed_provenance,
    let_chains,
    test,
    allocator_api
 )]
 #![cfg_attr(not(test), no_std)]
 #![allow(incomplete_features, unexpected_cfgs, clippy::new_without_default)]
-#![deny(fuzzy_provenance_casts, lossy_provenance_casts)]

 #[cfg(test)]
 extern crate test;
--- a/lib/libyalloc/src/sys.rs
+++ b/lib/libyalloc/src/sys.rs
@ -46,7 +46,7 @@ impl PageProvider for OsPageProvider {
        }
        .ok()?;

-        NonNull::new(core::ptr::from_exposed_addr_mut(address))
+        NonNull::new(core::ptr::with_exposed_provenance_mut(address))
    }

    fn unmap_pages(address: NonNull<u8>, count: usize) {
--- a/lib/runtime/src/lib.rs
+++ b/lib/runtime/src/lib.rs
@ -1,5 +1,5 @@
 //! Yggdrasil OS application runtime
-#![feature(rustc_private, strict_provenance)]
+#![feature(rustc_private)]
 #![no_std]
 #![deny(missing_docs)]
 #![allow(nonstandard_style)]
--- a/lib/runtime/src/process.rs
+++ b/lib/runtime/src/process.rs
@ -1,7 +1,88 @@
 //! Process management data types

+use abi::mem::MappingSource;
 pub use abi::process::{
    ExecveOptions, ExitCode, MutexOperation, ProcessGroupId, ProcessId, ProcessInfoElement,
-    ProgramArgumentInner, Signal, SignalEntryData, SpawnOption, SpawnOptions, ThreadId,
+    ProgramArgumentInner, Signal, SignalEntryData, SpawnFlags, SpawnOption, SpawnOptions, ThreadId,
    ThreadSpawnOptions,
 };
+
+use crate::sys;
+
+const THREAD_LOCAL_AREA_SIZE: usize = 4096 / size_of::<usize>();
+
+/// # Safety
+///
+/// `tp` must be a proper and aligned pointer to a pair of [usize] words.
+unsafe fn thread_local_area_common(tp: usize) -> &'static mut [*mut u8] {
+    // 0: segment pointer, 1: segment len
+    // seg ptr -> thread-local pointer list base
+    let ptr: *mut *mut *mut u8 = core::ptr::with_exposed_provenance_mut(tp);
+    let len: *mut usize = core::ptr::with_exposed_provenance_mut(tp + size_of::<usize>());
+
+    let (base, len) = if unsafe { (*ptr).is_null() } {
+        // If segment is NULL, allocate some memory and map it here
+        let base = unsafe { sys::map_memory(None, 4096, &MappingSource::Anonymous) }
+            .expect("Could not allocate TLS storage");
+        let base = core::ptr::with_exposed_provenance_mut::<*mut u8>(base);
+
+        unsafe {
+            *ptr = base;
+            *len = THREAD_LOCAL_AREA_SIZE;
+        }
+
+        (base, THREAD_LOCAL_AREA_SIZE)
+    } else {
+        // Otherwise return the existing values
+        unsafe { (*ptr, *len) }
+    };
+
+    unsafe { core::slice::from_raw_parts_mut(base, len) }
+}
+
+#[cfg(any(target_arch = "x86", target_arch = "x86_64", rust_analyzer))]
+fn thread_local_area_impl() -> &'static mut [*mut u8] {
+    #[cfg(any(target_arch = "x86", rust_analyzer))]
+    fn get_tls() -> usize {
+        let tp: usize;
+        unsafe {
+            core::arch::asm!("mov %gs:0, {0}", out(reg) tp, options(att_syntax));
+        }
+        tp
+    }
+    #[cfg(any(target_arch = "x86_64", rust_analyzer))]
+    fn get_tls() -> usize {
+        let tp: usize;
+        unsafe {
+            core::arch::asm!("mov %fs:0, {0}", out(reg) tp, options(att_syntax));
+        }
+        tp
+    }
+
+    let tp = get_tls();
+
+    // Skip self-pointer
+    assert_eq!(tp % size_of::<usize>(), 0);
+    let tp = tp + size_of::<usize>() * 2;
+
+    unsafe { thread_local_area_common(tp) }
+}
+
+#[cfg(any(target_arch = "aarch64", rust_analyzer))]
+fn thread_local_area_impl() -> &'static mut [*mut u8] {
+    let tp: usize;
+    unsafe {
+        core::arch::asm!("mrs {0}, tpidr_el0", out(reg) tp);
+    }
+    // Kernel reserves two words below the TP
+    assert_eq!(tp % size_of::<usize>(), 0);
+    let tp = tp - size_of::<usize>() * 2;
+
+    unsafe { thread_local_area_common(tp) }
+}
+
+/// Returns a reference to the thread-local area, which contains thread-local pointers
+pub fn thread_local_area() -> &'static mut [*mut u8] {
+    // TODO grow thread local areas based on size requested?
+    thread_local_area_impl()
+}
--- a/lib/runtime/src/time.rs
+++ b/lib/runtime/src/time.rs
@ -11,8 +11,17 @@ pub struct Timespec {
 }

 impl Timespec {
+    /// Zero [Timespec]
+    pub const ZERO: Self = Self {
+        seconds: 0,
+        nanoseconds: 0,
+    };
+
    /// Constructs a [Timespec] with all components set to zero
    pub const fn zero() -> Self {
-        Self { seconds: 0, nanoseconds: 0 }
+        Self {
+            seconds: 0,
+            nanoseconds: 0,
+        }
    }
 }
--- a/tool/abi-generator/src/abi/mod.rs
+++ b/tool/abi-generator/src/abi/mod.rs
@ -475,15 +475,26 @@ impl GenerateTypeDefinition for BitfieldType {
        let const_default_fn = if let Some(default_attr) = default_attr {
            // TODO handle error
            let default_attr = default_attr.unwrap();
-            let value = default_attr
-                .items
-                .into_iter()
-                .map(|ident| quote!(Self::#ident.bits()))
-                .collect::<Punctuated<_, Token![|]>>();

-            quote! {
-                pub const fn const_default() -> Self {
-                    Self(#value)
+            match default_attr {
+                BitfieldDefaultValue::Empty(_) => {
+                    quote! {
+                        pub const fn const_default() -> Self {
+                            Self::empty()
+                        }
+                    }
+                }
+                BitfieldDefaultValue::Fields(items) => {
+                    let value = items
+                        .into_iter()
+                        .map(|ident| quote!(Self::#ident.bits()))
+                        .collect::<Punctuated<_, Token![|]>>();
+
+                    quote! {
+                        pub const fn const_default() -> Self {
+                            Self(#value)
+                        }
+                    }
                }
            }
        } else {
--- a/tool/abi-generator/src/lib.rs
+++ b/tool/abi-generator/src/lib.rs
@ -1,4 +1,4 @@
-#![feature(if_let_guard, extend_one, proc_macro_span, strict_provenance)]
+#![feature(if_let_guard, extend_one, proc_macro_span)]

 use crate::abi::ty::TypeWidth;

--- a/tool/abi-generator/src/syntax/bitfield_type.rs
+++ b/tool/abi-generator/src/syntax/bitfield_type.rs
@ -8,8 +8,9 @@ use super::{
 };

 #[derive(Clone)]
-pub struct BitfieldDefaultValue {
-    pub items: Punctuated<syn::Ident, Token![|]>,
+pub enum BitfieldDefaultValue {
+    Fields(Punctuated<syn::Ident, Token![|]>),
+    Empty(Token![_]),
 }

 #[derive(Clone)]
@ -41,8 +42,13 @@ impl DocumentItemAttributes for BitfieldType {

 impl syn::parse::Parse for BitfieldDefaultValue {
    fn parse(input: syn::parse::ParseStream<'_>) -> syn::Result<Self> {
-        let items = input.parse_terminated(syn::Ident::parse, Token![|])?;
-        Ok(Self { items })
+        if input.peek(Token![_]) {
+            let empty = input.parse()?;
+            Ok(Self::Empty(empty))
+        } else {
+            let items = input.parse_terminated(syn::Ident::parse, Token![|])?;
+            Ok(Self::Fields(items))
+        }
    }
 }

--- a/userspace/Cargo.lock
+++ b/userspace/Cargo.lock
@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4

 [[package]]
 name = "abi-generator"
@ -34,6 +34,12 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"

+[[package]]
+name = "base64ct"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
+
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@ -46,6 +52,15 @@ version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"

+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "bytemuck"
 version = "1.19.0"
@ -147,6 +162,21 @@ dependencies = [
 "yggdrasil-abi",
 ]

+[[package]]
+name = "const-oid"
+version = "0.9.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
+
+[[package]]
+name = "cpufeatures"
+version = "0.2.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "cross"
 version = "0.1.0"
@ -179,6 +209,53 @@ dependencies = [
 "winapi",
 ]

+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
+[[package]]
+name = "curve25519-dalek"
+version = "4.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "curve25519-dalek-derive",
+ "digest",
+ "fiat-crypto",
+ "rustc_version",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "curve25519-dalek-derive"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.85",
+]
+
+[[package]]
+name = "der"
+version = "0.7.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0"
+dependencies = [
+ "const-oid",
+ "zeroize",
+]
+
 [[package]]
 name = "deranged"
 version = "0.3.11"
@ -188,6 +265,40 @@ dependencies = [
 "powerfmt",
 ]

+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "block-buffer",
+ "crypto-common",
+]
+
+[[package]]
+name = "ed25519"
+version = "2.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
+dependencies = [
+ "pkcs8",
+ "signature",
+]
+
+[[package]]
+name = "ed25519-dalek"
+version = "2.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871"
+dependencies = [
+ "curve25519-dalek",
+ "ed25519",
+ "serde",
+ "sha2",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "elf"
 version = "0.7.4"
@ -234,6 +345,12 @@ version = "2.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e8c02a5121d4ea3eb16a80748c74f5549a5665e4c21333c6098f283870fbdea6"

+[[package]]
+name = "fiat-crypto"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
+
 [[package]]
 name = "flexbuffers"
 version = "2.0.0"
@ -293,10 +410,20 @@ dependencies = [
 "slab",
 ]

+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
 [[package]]
 name = "getrandom"
 version = "0.2.12"
-source = "git+https://git.alnyan.me/yggdrasil/getrandom.git?branch=alnyan/yggdrasil#0c156352b5ebf7a3b137b460ee5536c2c3a1e835"
+source = "git+https://git.alnyan.me/yggdrasil/getrandom.git?branch=alnyan%2Fyggdrasil#0c156352b5ebf7a3b137b460ee5536c2c3a1e835"
 dependencies = [
 "cfg-if",
 "libc",
@ -608,6 +735,16 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"

+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der",
+ "spki",
+]
+
 [[package]]
 name = "powerfmt"
 version = "0.2.0"
@ -664,27 +801,36 @@ dependencies = [
 [[package]]
 name = "rand"
 version = "0.9.0"
-source = "git+https://git.alnyan.me/yggdrasil/rand.git?branch=alnyan/yggdrasil#9fac921fcc405a936b9a88b6bb9f2ced264bc0ec"
+source = "git+https://git.alnyan.me/yggdrasil/rand.git?branch=alnyan%2Fyggdrasil#9fac921fcc405a936b9a88b6bb9f2ced264bc0ec"
 dependencies = [
 "libc",
 "rand_chacha",
- "rand_core",
+ "rand_core 0.7.0",
 "zerocopy",
 ]

 [[package]]
 name = "rand_chacha"
 version = "0.4.0"
-source = "git+https://git.alnyan.me/yggdrasil/rand.git?branch=alnyan/yggdrasil#9fac921fcc405a936b9a88b6bb9f2ced264bc0ec"
+source = "git+https://git.alnyan.me/yggdrasil/rand.git?branch=alnyan%2Fyggdrasil#9fac921fcc405a936b9a88b6bb9f2ced264bc0ec"
 dependencies = [
 "ppv-lite86",
- "rand_core",
+ "rand_core 0.7.0",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom 0.2.15",
 ]

 [[package]]
 name = "rand_core"
 version = "0.7.0"
-source = "git+https://git.alnyan.me/yggdrasil/rand.git?branch=alnyan/yggdrasil#9fac921fcc405a936b9a88b6bb9f2ced264bc0ec"
+source = "git+https://git.alnyan.me/yggdrasil/rand.git?branch=alnyan%2Fyggdrasil#9fac921fcc405a936b9a88b6bb9f2ced264bc0ec"
 dependencies = [
 "getrandom 0.2.12",
 "zerocopy",
@ -746,21 +892,6 @@ dependencies = [
 "bitflags 2.6.0",
 ]

-[[package]]
-name = "ring"
-version = "0.17.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
-dependencies = [
- "cc",
- "cfg-if",
- "getrandom 0.2.15",
- "libc",
- "spin",
- "untrusted",
- "windows-sys 0.52.0",
-]
-
 [[package]]
 name = "rsh"
 version = "0.1.0"
@ -768,9 +899,9 @@ dependencies = [
 "bytemuck",
 "clap",
 "cross",
+ "ed25519-dalek",
 "flexbuffers",
 "libterm",
- "rustls",
 "serde",
 "smallvec",
 "thiserror",
@ -782,6 +913,15 @@ version = "0.1.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"

+[[package]]
+name = "rustc_version"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92"
+dependencies = [
+ "semver",
+]
+
 [[package]]
 name = "rustix"
 version = "0.38.38"
@ -795,36 +935,6 @@ dependencies = [
 "windows-sys 0.52.0",
 ]

-[[package]]
-name = "rustls"
-version = "0.23.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eee87ff5d9b36712a58574e12e9f0ea80f915a5b0ac518d322b24a465617925e"
-dependencies = [
- "once_cell",
- "rustls-pki-types",
- "rustls-webpki",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "rustls-pki-types"
-version = "1.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b"
-
-[[package]]
-name = "rustls-webpki"
-version = "0.102.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
-dependencies = [
- "ring",
- "rustls-pki-types",
- "untrusted",
-]
-
 [[package]]
 name = "ryu"
 version = "1.0.18"
@ -837,6 +947,12 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"

+[[package]]
+name = "semver"
+version = "1.0.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
+
 [[package]]
 name = "serde"
 version = "1.0.214"
@ -879,6 +995,17 @@ dependencies = [
 "serde",
 ]

+[[package]]
+name = "sha2"
+version = "0.10.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
 [[package]]
 name = "shell"
 version = "0.1.0"
@ -927,6 +1054,15 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "rand_core 0.6.4",
+]
+
 [[package]]
 name = "slab"
 version = "0.4.9"
@ -946,10 +1082,14 @@ dependencies = [
 ]

 [[package]]
-name = "spin"
-version = "0.9.8"
+name = "spki"
+version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+dependencies = [
+ "base64ct",
+ "der",
+]

 [[package]]
 name = "spmc"
@ -1015,6 +1155,7 @@ dependencies = [
 "rand",
 "serde",
 "serde_json",
+ "sha2",
 "thiserror",
 "yggdrasil-abi",
 "yggdrasil-rt",
@ -1134,6 +1275,12 @@ version = "2.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6af6ae20167a9ece4bcb41af5b80f8a1f1df981f6391189ce00fd257af04126a"

+[[package]]
+name = "typenum"
+version = "1.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
+
 [[package]]
 name = "unicode-bidi"
 version = "0.3.17"
@ -1161,12 +1308,6 @@ version = "0.1.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af"

-[[package]]
-name = "untrusted"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
-
 [[package]]
 name = "url"
 version = "2.5.2"
--- a/userspace/dynload-program/Cargo.toml
+++ b/userspace/dynload-program/Cargo.toml
@ -4,4 +4,4 @@ version = "0.1.0"
 edition = "2021"

 [dependencies]
-yggdrasil-rt.workspace = true
+yggdrasil-rt.path = "../../lib/runtime"
--- a/userspace/lib/cross/Cargo.toml
+++ b/userspace/lib/cross/Cargo.toml
@ -10,3 +10,6 @@ libc = "*"

 [dev-dependencies]
 libc = "*"
+
+[lints.rust]
+unexpected_cfgs = { level = "allow", check-cfg = ['cfg(rust_analyzer)'] }
--- a/userspace/lib/serde-ipc/Cargo.toml
+++ b/userspace/lib/serde-ipc/Cargo.toml
@ -10,3 +10,6 @@ serde.workspace = true
 thiserror.workspace = true

 tempfile = "3.12.0"
+
+[lints.rust]
+unexpected_cfgs = { level = "allow", check-cfg = ['cfg(rust_analyzer)'] }
--- a/userspace/rdb/Cargo.toml
+++ b/userspace/rdb/Cargo.toml
@ -21,3 +21,6 @@ iced-x86 = { version = "1.21.0", default-features = false, features = ["gas", "d

 [dev-dependencies]
 iced-x86 = { version = "1.21.0", default-features = false, features = ["gas", "decoder", "std"] }
+
+[lints.rust]
+unexpected_cfgs = { level = "allow", check-cfg = ['cfg(rust_analyzer)'] }
--- a/userspace/rsh/Cargo.toml
+++ b/userspace/rsh/Cargo.toml
@ -17,4 +17,4 @@ cross.workspace = true
 bytemuck.workspace = true

 smallvec = { version = "1.13.2", features = ["serde"] }
-rustls = { version = "0.23.16", default-features = false }
+ed25519-dalek = "2.1.1"
--- a/userspace/rsh/src/rshd/main.rs
+++ b/userspace/rsh/src/rshd/main.rs
@ -245,7 +245,11 @@ impl Server {
    }

    fn remove_session_by_fd(&mut self, fd: RawFd) -> Result<Option<Session>, Error> {
-        if let Some(session) = self.pty_to_session.remove(&fd) {
+        if let Some(mut session) = self.pty_to_session.remove(&fd) {
+            // TODO: implement kernel support for pidfd or something, to poll the exit status of
+            //       the task instead of doing it here.
+            // NOTE: this will block the whole server while the process finishes.
+            session.shell.wait().ok();
            self.addr_to_session.remove(&session.remote).unwrap();
            self.poll.remove(&fd)?;
            Ok(Some(session))
--- a/userspace/sysutils/Cargo.toml
+++ b/userspace/sysutils/Cargo.toml
@ -18,7 +18,7 @@ serde_json.workspace = true

 # TODO own impl
 humansize = { version = "2.1.3", features = ["impl_style"] }
-# sha2 = { version = "0.10.8" }
+sha2 = { version = "0.10.8" }

 init = { path = "../init" }

@ -87,9 +87,9 @@ path = "src/view.rs"
 name = "chmod"
 path = "src/chmod.rs"

-# [[bin]]
-# name = "sha256sum"
-# path = "src/sha256sum.rs"
+[[bin]]
+name = "sha256sum"
+path = "src/sha256sum.rs"

 [[bin]]
 name = "sysmon"
--- a/xtask/src/build/userspace.rs
+++ b/xtask/src/build/userspace.rs
@ -32,7 +32,7 @@ const PROGRAMS: &[(&str, &str)] = &[
    ("random", "bin/random"),
    ("view", "bin/view"),
    ("chmod", "bin/chmod"),
-    //    ("sha256sum", "bin/sha256sum"),
+    ("sha256sum", "bin/sha256sum"),
    ("sysmon", "bin/sysmon"),
    ("tst", "bin/tst"),
    // netutils