Re-entrancy: run_server_step() is called while waiting for a reply on a return continuation object. It will handle incoming requests -- these should be queued instead. * I don't think this actually causes any bugs, since there are no TOCTTOU problems in the code. (There aren't really any invariants that are broken during a method call.)
No resource accountability (not really a bug)
Make sure that messages are encoded and decoded properly on 64-bit and other-endian machines. * Currently I assume sizeof(int) == 4.
Sending on a socket is never queued. This could lead to DoS of servers. It could potentially lead to deadlocks, if both ends of a connection send at the same time (this doesn't happen at the moment because all connections are client-server and call-return).
There may be cases where libc calls should preserve errno but don't.
Behaviour that might need changing:
build-fs.c attaches copies of symlinks into processes' file namespaces, so the process won't see them change when they change in the real filesystem. This may not be expected. Actually, symlinks are immutable and the inode would change if you replaced one.