⚠ This page is served via a proxy. Original site: https://github.com
This service does not collect credentials or authentication data.
Skip to content

Refine task_spawn with defense-in-depth security #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jserv merged 1 commit into from
Jan 28, 2026
Merged

Refine task_spawn with defense-in-depth security #70

jserv merged 1 commit into from
Jan 28, 2026
+224 −80

Conversation

@jserv
Copy link
Contributor

@jserv jserv commented Jan 28, 2026
edited by cubic-dev-ai bot
Loading

This splits mo_task_spawn into two kernel-internal functions:

  • mo_task_spawn_kernel(): Creates M-mode tasks (used by logger)
  • mo_task_spawn_user(): Creates U-mode tasks (used by main, syscall)

The public mo_task_spawn() macro routes automatically based on CONFIG_PRIVILEGED build flag, maintaining backward compatibility.

Security model (three-layer defense-in-depth):

  1. Compile-time: private/task.h guard rejects non-kernel builds
  2. Runtime: in_syscall_context check rejects syscall-context calls
  3. Hardware: read_csr(mstatus) traps immediately from U-mode

Summary by cubic

Split task creation into kernel and user paths with defense-in-depth security, and simplified the app API to mo_task_spawn(entry, size) that auto-routes privileges. Renamed the syscall to sys_task_spawn and updated docs and examples.

  • New Features

    • Added mo_task_spawn_kernel (M-mode) and mo_task_spawn_user (U-mode); mo_task_spawn macro routes based on CONFIG_PRIVILEGED.
    • Defense-in-depth: compile-time guard in private/task.h, runtime in_syscall_context check, hardware mstatus trap on U-mode.
    • Centralized creation logic via task_spawn_internal; logger and kernel bootstrap use explicit kernel/user APIs.
    • Renamed syscall to SYS_task_spawn with sys_task_spawn wrapper; documentation updated.

  • Migration

    • Replace mo_task_spawn(fn, size, mode) with mo_task_spawn(fn, size).
    • Replace sys_tadd(...) with sys_task_spawn(...).
    • No app-side privilege mode needed; privileged builds create M-mode tasks automatically.

Written for commit f61d8ac. Summary will update on new commits.

@jserv jserv force-pushed the refine-task-spawn branch from da98295 to dced488 Compare January 28, 2026 04:39
@jserv jserv requested review from HeatCrab and visitorckw January 28, 2026 04:43
cubic-dev-ai[bot]

This comment was marked as resolved.

Sign in to view

HeatCrab
HeatCrab reviewed Jan 28, 2026
View reviewed changes
@jserv jserv force-pushed the refine-task-spawn branch from dced488 to d34c063 Compare January 28, 2026 06:43
@sysprog21 sysprog21 deleted a comment from github-actions bot Jan 28, 2026
@jserv
Refine task_spawn with defense-in-depth security
f61d8ac 
This splits mo_task_spawn into two kernel-internal functions:
- mo_task_spawn_kernel(): Creates M-mode tasks (used by logger)
- mo_task_spawn_user(): Creates U-mode tasks (used by main, syscall)

The public mo_task_spawn() macro routes automatically based on
CONFIG_PRIVILEGED build flag, maintaining backward compatibility.

Security model (three-layer defense-in-depth):
1. Compile-time: private/task.h guard rejects non-kernel builds
2. Runtime: in_syscall_context check rejects syscall-context calls
3. Hardware: read_csr(mstatus) traps immediately from U-mode
@jserv jserv force-pushed the refine-task-spawn branch from d34c063 to f61d8ac Compare January 28, 2026 06:56
@sysprog21 sysprog21 deleted a comment from github-actions bot Jan 28, 2026
@github-actions
Copy link

github-actions bot commented Jan 28, 2026

Linmo CI Test Results

Overall Status: ✅ passed
Timestamp: 2026-01-28T07:00:10+00:00
Commit: 516f90c

Toolchain Results

Toolchain Build Crash Test Functional
GNU ✅ passed ✅ passed ✅ passed
LLVM ✅ passed ⏭️ skipped ⏭️ skipped

Application Tests

App GNU LLVM
cond ✅ passed ⏭️ skipped
coop ✅ passed ⏭️ skipped
cpubench ✅ passed ⏭️ skipped
echo ✅ passed ⏭️ skipped
hello ✅ passed ⏭️ skipped
mqueues ✅ passed ⏭️ skipped
mutex ✅ passed ⏭️ skipped
pipes ✅ passed ⏭️ skipped
pipes_small ✅ passed ⏭️ skipped
pipes_struct ✅ passed ⏭️ skipped
prodcons ✅ passed ⏭️ skipped
progress ✅ passed ⏭️ skipped
rtsched ✅ passed ⏭️ skipped
semaphore ✅ passed ⏭️ skipped
suspend ✅ passed ⏭️ skipped
test64 ✅ passed ⏭️ skipped
test_libc ✅ passed ⏭️ skipped
timer ✅ passed ⏭️ skipped
timer_kill ✅ passed ⏭️ skipped
umode ⚠️ ⏭️ skipped

Functional Test Details

Test GNU LLVM
mutex:data_consistency ✅ passed ⏭️ skipped
mutex:fairness ✅ passed ⏭️ skipped
mutex:mutual_exclusion ✅ passed ⏭️ skipped
mutex:overall ✅ passed ⏭️ skipped
semaphore:overall ✅ passed ⏭️ skipped
umode:[exception]_illegal_instruction ✅ passed ⚠️
umode:pass:_sys_tid()_returned ✅ passed ⚠️
umode:pass:_sys_uptime()_returned ✅ passed ⚠️

Report generated from test-summary.toml

@jserv jserv requested a review from HeatCrab January 28, 2026 07:00
HeatCrab
HeatCrab approved these changes Jan 28, 2026
View reviewed changes
Copy link
Collaborator

@HeatCrab HeatCrab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jserv jserv merged commit 91f47ca into main Jan 28, 2026
6 checks passed
@jserv jserv deleted the refine-task-spawn branch January 28, 2026 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@visitorckw visitorckw Awaiting requested review from visitorckw

+1 more reviewer

@HeatCrab HeatCrab HeatCrab approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jserv @HeatCrab