feat(sched): global task registry to be able to enumerate system-wide processes + stellux proc kill system call#119
Merged
FlareCoding merged 4 commits intostellux-3.0-prototypingfrom Apr 1, 2026
Conversation
FlareCoding
changed the title
FlareCoding
changed the title
…egistry (hashmap-based)
* test(sched): exhaustive unit and integration tests for global task registry DS-tier tests (29 tests, no scheduler required): - init/count: empty registry starts at zero - insert: single, multiple, TID identity preservation, boundary TID values - remove: single, from-many, first/last, never-inserted safety, empty registry, remove-all, double-remove safety - reinsert: after remove, multiple cycles - snapshot_tids: empty, single, multiple, max capping, zero max, after remove - count tracking: incremental insert/removal, mixed operations - stress: 64-task insert/remove patterns, full cycle reinsert with new TIDs - consistency: snapshot agrees with count, reinit clears state - link integrity: pprev null after remove SCHED-tier integration tests (11 tests, real kernel tasks): - created task appears in global registry before enqueue - multiple created tasks all visible in registry - count increases on task creation - exited task eventually removed by reaper - task visible while alive, gone after exit+reap - batch exits all cleaned up - snapshot captures running/sleeping tasks - concurrent inserts from multiple CPUs via sub-task creation - rapid create/exit waves don't corrupt registry - count consistent with snapshot in quiescent state - no duplicate TIDs in snapshot All 500 tests pass on both x86_64 and aarch64. Co-authored-by: Albert Slepak <FlareCoding@users.noreply.github.com> * fix(tests): suppress nodiscard warnings in dma and poll_resource tests Cast intentionally-discarded [[nodiscard]] return values to (void): - dma.test.cpp: dma::alloc_pages in page_alloc_free_no_leak - poll_resource.test.cpp: ring_buffer_write in 4 test setup sites All 500 tests pass warning-free on both x86_64 and aarch64. Co-authored-by: Albert Slepak <FlareCoding@users.noreply.github.com> * fix(tests): fix task leak in multiple_tasks_appear integration test Save task pointers across the RUN_ELEVATED block so all created tasks can be enqueued after TID verification. Previously the pointers were lost after the block exited, leaking 4 task structs, stacks, and handles per test run and permanently polluting g_task_registry. Co-authored-by: Albert Slepak <FlareCoding@users.noreply.github.com> * fix(boot): add 1s delay before unit tests to let APs finish initialization Some CI runners use slow machines and smp::init() may not be able to initialize all CPUs quickly enough. Sleep for 1 second to give the APs a chance to fully initialize before running unit tests. Co-authored-by: Albert Slepak <FlareCoding@users.noreply.github.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Albert Slepak <FlareCoding@users.noreply.github.com>
FlareCoding
force-pushed
the
pr/global-task-registry
branch
from
4f3ab06 to
8acf33e
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| sched::g_task_registry.unlock(irq); | ||
| }); | ||
|
|
||
| return result; |
There was a problem hiding this comment.
No authorization check in proc_kill_tid syscall
Medium Severity · Security Issue
The proc_kill_tid syscall allows any userland process to kill any other userland process by TID with no ownership or permission check. The existing proc_kill uses handle-based authorization (callers can only kill processes they created), but proc_kill_tid bypasses this entirely — only checking that the target isn't a kernel or idle task. Any unprivileged process knowing a TID can terminate an arbitrary user process.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
High Risk
Touches core scheduler/task lifecycle by inserting/removing tasks from a new global registry during creation and reaping, which could introduce race conditions or leaks if ordering is wrong. Also adds a new process-control syscall (
proc_kill_tid) that can terminate tasks system-wide, so correctness and permission checks are security/stability relevant.Overview
Introduces a global
sched::g_task_registry(hashmap keyed by TID) to track all tasks and support system-wide enumeration via snapshotting.Scheduler/task teardown paths now register tasks on creation and unregister them on cleanup (including the unstarted-task destroy path), and the scheduler init now initializes the registry.
Adds a new syscall
SYS_PROC_KILL_TID/proc_kill_tidthat looks up a task by TID via the registry and forces a kill-wake for userland tasks, rejecting idle/kernel/self targets with appropriate errors; userland gains aproc_kill_tid()wrapper and a newkillapp.Fixes a poll/wake race by resolving aborted
poll_waitblocking so the task doesn’t continue running with a queuedsched_link, and adds debug-only detection for ready-list double-enqueue; includes extensive new unit/integration tests covering the registry and the poll race.Written by Cursor Bugbot for commit 8acf33e. This will update automatically on new commits. Configure here.