Fixed + Security changes

[assembler-0]

Summary by CodeRabbit

• New Features

  • Added a function to allow processes to yield CPU time and request scheduling.

• Bug Fixes

  • Improved security token validation and checksum logic for enhanced process integrity.
  • Stricter privilege checks enforced during process creation.

• Refactor

  • Simplified and optimized process scheduling for better performance and reliability.
  • Enhanced the kernel's integrity subsystem to audit and terminate processes with invalid security tokens.

• Chores

  • Removed unused or redundant functions and debug prints for cleaner operation.

[coderabbitai]

Walkthrough

This update removes all uses and the declaration of the CheckPid0Magic debug function and introduces a comprehensive rework of process management, security token validation, and scheduling logic. It also enhances the kernel's security auditing subsystem and process privilege enforcement, while simplifying and optimizing process scheduling.

Changes

File(s)	Change Summary
Kernel/Core/Kernel.c	Removed two calls to CheckPid0Magic from KernelMain.
Kernel/Process/Process.c	Refactored process management: improved security token checksum/validation, stricter privilege checks,
	priority updates, simplified scheduling, enhanced security auditing, and added/renamed several functions.
Kernel/Process/Process.h	Removed the declaration of CheckPid0Magic.

Sequence Diagram(s)

sequenceDiagram
    participant UserProcess
    participant Kernel
    participant Scheduler
    participant SKIS

    UserProcess->>Kernel: Request process creation
    Kernel->>Kernel: Validate security token & privileges
    Kernel->>Scheduler: Add process (priority set)
    SKIS->>Kernel: Periodically audit tokens
    SKIS->>Kernel: Terminate process if token invalid
    Scheduler->>Kernel: Save current context
    Scheduler->>Kernel: Select next process (round-robin, by priority)
    Scheduler->>Kernel: Restore context

Loading

Possibly related PRs

• Development #18: Reversed the addition of CheckPid0Magic debug calls and the function itself, which were removed in this PR.
• Drivers, Keyboard, shell removal, added safety (crashing) #13: Introduced the security token system and CheckPid0Magic usage, both of which are directly affected by this PR’s removals.

Poem

In the kernel’s warren, deep and bright,
Debug checks hop away, out of sight.
With tokens secure and priorities clear,
Processes leap—no magic here!
Schedulers spin in round-robin delight,
While SKIS stands guard through the night.
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 315c4a4 and 95758fe.

📒 Files selected for processing (3)

• Kernel/Core/Kernel.c (0 hunks)
• Kernel/Process/Process.c (2 hunks)
• Kernel/Process/Process.h (0 hunks)

💤 Files with no reviewable changes (2)

• Kernel/Core/Kernel.c
• Kernel/Process/Process.h

🔇 Additional comments (6)

Kernel/Process/Process.c (6)

1-14: Header section looks good!

The includes and macro definitions are appropriate for kernel process management. The offsetof macro is correctly implemented.

---

37-51: Improved checksum calculation with PID inclusion!

The checksum calculation is more robust by iterating over all bytes up to the checksum field and including the process PID. This provides better integrity protection.

---

157-169: Good security boundary enforcement!

The privilege check ensures only kernel or system processes can create new system-level processes. This is a critical security control.

---

213-214: Good stack alignment practice!

Aligning the stack pointer to 16 bytes ensures compatibility with calling conventions that require aligned stacks.

---

273-287: Helper functions correctly implemented!

Good bounds checking in GetCurrentProcess and proper state validation in GetProcessByPid.

---

327-344: Background security auditing implementation looks good, but has a process counting issue.

The SKIS correctly validates tokens periodically. However, decrementing process_count (line 340) when terminating a process could lead to incorrect process counting if processes aren't contiguously allocated.

Consider removing the process_count-- line since the process slot remains allocated (just marked as TERMINATED). The process count should only track active processes, not slot allocation.

-                    process_count--;

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue

Inconsistent comment about removed functions.

The comment states that ShouldSchedule and RequestSchedule were removed, but these functions are still defined at lines 54-67. Either remove the functions or update the comment.

🤖 Prompt for AI Agents

In Kernel/Process/Process.c around lines 54 to 67 and 113 to 114, the comment
states that ShouldSchedule and RequestSchedule were removed, but these functions
are still defined. To fix this inconsistency, either remove the definitions of
ShouldSchedule and RequestSchedule if they are truly unused, or update the
comment at lines 113-114 to accurately reflect that these functions remain in
the code.

[coderabbitai]

⚠️ Potential issue

Scheduling request mechanism not integrated with scheduler.

The need_schedule flag is set by RequestSchedule() and checked by ShouldSchedule(), but the actual scheduler (ScheduleFromInterrupt) never checks this flag. This means Yield() won't trigger rescheduling as intended.

Consider either:

1. Removing these functions if not needed
2. Integrating the need_schedule check into the scheduler
3. Using a different mechanism to trigger scheduling on yield

🤖 Prompt for AI Agents

In Kernel/Process/Process.c around lines 54 to 72, the need_schedule flag set by
RequestSchedule() and checked by ShouldSchedule() is not integrated with the
actual scheduler, so Yield() does not trigger rescheduling. To fix this, either
remove the RequestSchedule, ShouldSchedule, and need_schedule flag if unused, or
modify the scheduler function (e.g., ScheduleFromInterrupt) to check the
need_schedule flag and perform scheduling accordingly. Alternatively, implement
a different mechanism to ensure Yield() triggers the scheduler as intended.

[coderabbitai]

⚠️ Potential issue

Process slot allocation logic has potential bugs.

The current implementation has issues:

1. Using process_count as slot index (line 186) assumes sequential allocation
2. Condition next_pid <= MAX_PROCESSES (line 185) incorrectly mixes PID count with slot count

-    // Find a free process slot.
-    int slot = -1;
-    for (int i = 0; i < MAX_PROCESSES; i++) { // Check all slots
-        if (processes[i].state == PROC_TERMINATED) {
-            slot = i;
-            break;
-        }
-    }
-    // If no terminated slots, use the next available one.
-    if (slot == -1) {
-        if (next_pid <= MAX_PROCESSES) {
-             slot = process_count; // Use the next empty slot
-        } else {
-             Panic("CreateSecureProcess: No free process slots");
-        }
-    }
+    // Find a free process slot.
+    int slot = -1;
+    for (int i = 0; i < MAX_PROCESSES; i++) {
+        if (processes[i].state == PROC_TERMINATED || processes[i].pid == 0) {
+            slot = i;
+            break;
+        }
+    }
+    
+    if (slot == -1) {
+        Panic("CreateSecureProcess: No free process slots");
+    }

🤖 Prompt for AI Agents

In Kernel/Process/Process.c around lines 175 to 190, the process slot allocation
logic is flawed because it incorrectly uses process_count as the slot index and
mixes next_pid with slot count in the condition. To fix this, replace the
condition to check for available slots properly without conflating PID and slot
counts, and ensure the slot index is assigned based on actual free slots or a
valid next available index rather than process_count. Adjust the logic to
reliably find or assign a free process slot without assumptions of sequential
allocation.

[coderabbitai]

⚠️ Potential issue

Scheduler loop bounds may miss processes.

The loop uses i <= process_count but iterates over MAX_PROCESSES slots with modulo. If processes aren't contiguously allocated (e.g., after some terminate), this could miss valid processes.

-    // Round-robin search for the highest priority (lowest value) process
-    for (uint32_t i = 1; i <= process_count; i++) {
-        uint32_t candidate_idx = (current_process + i) % MAX_PROCESSES;
+    // Round-robin search for the highest priority (lowest value) process
+    for (uint32_t i = 1; i < MAX_PROCESSES; i++) {
+        uint32_t candidate_idx = (current_process + i) % MAX_PROCESSES;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	for (uint32_t i = 1; i <= process_count; i++) {
	uint32_t candidate_idx = (current_process + i) % MAX_PROCESSES;
	if ((processes[candidate_idx].state == PROC_READY || processes[candidate_idx].state == PROC_RUNNING)
	&& processes[candidate_idx].pid != 0) // Don't schedule the idle process unless nothing else is ready
	{
	if (processes[candidate_idx].priority < best_priority) {
	best_priority = processes[candidate_idx].priority;
	next_proc_idx = candidate_idx;
	}
	}
	next = (next + 1) % MAX_PROCESSES;
	} while (next != start);
	// Switch to best candidate if different from current
	if (best_candidate != current_process) {
	// Save current process's full interrupt frame
	// Now this is safe because ProcessContext == struct Registers
	FastMemcpy(&processes[current_process].context, regs, sizeof(struct Registers));
	// Update current process state
	if (processes[current_process].state == PROC_RUNNING) {
	processes[current_process].state = PROC_READY;
	}
	// Update new process state
	processes[best_candidate].state = PROC_RUNNING;
	}
	// Round-robin search for the highest priority (lowest value) process
	for (uint32_t i = 1; i < MAX_PROCESSES; i++) {
	uint32_t candidate_idx = (current_process + i) % MAX_PROCESSES;
	if ((processes[candidate_idx].state == PROC_READY || processes[candidate_idx].state == PROC_RUNNING)
	&& processes[candidate_idx].pid != 0) // Don't schedule the idle process unless nothing else is ready
	{
	if (processes[candidate_idx].priority < best_priority) {
	best_priority = processes[candidate_idx].priority;
	next_proc_idx = candidate_idx;
	}
	}
	}

🤖 Prompt for AI Agents

In Kernel/Process/Process.c around lines 247 to 258, the scheduler loop uses i
<= process_count which may skip valid processes if they are not contiguous.
Change the loop to iterate exactly MAX_PROCESSES times to cover all possible
process slots, ensuring no valid process is missed regardless of allocation
gaps.