Add U-mode task isolation and fix self-termination

HeatCrab · HeatCrab · commit 8f6f1326baa9 · 2026-02-02T17:47:46.000+08:00
U-mode tasks could previously control other tasks and had no way to
properly terminate themselves. This adds permission checks to restrict
task control syscalls to self-only operations and enables safe
self-termination through the existing zombie task mechanism.
diff --git a/kernel/syscall.c b/kernel/syscall.c
@@ -278,8 +278,8 @@ int sys_task_spawn(void *task, int stack_size)
 
 static int _tcancel(int id)
 {
-    if (unlikely(id <= 0))
-        return -EINVAL;
+    if (id <= 0 || (uint16_t) id != mo_task_id())
+        return -EPERM;
 
     return mo_task_cancel(id);
 }
@@ -316,8 +316,8 @@ int sys_tdelay(int ticks)
 
 static int _tsuspend(int id)
 {
-    if (unlikely(id <= 0))
-        return -EINVAL;
+    if (id <= 0 || (uint16_t) id != mo_task_id())
+        return -EPERM;
 
     return mo_task_suspend(id);
 }
@@ -329,10 +329,9 @@ int sys_tsuspend(int id)
 
 static int _tresume(int id)
 {
-    if (unlikely(id <= 0))
-        return -EINVAL;
-
-    return mo_task_resume(id);
+    (void) id;
+    /* U-mode cannot resume any task; suspended task cannot call syscall */
+    return -EPERM;
 }
 
 int sys_tresume(int id)
@@ -342,8 +341,8 @@ int sys_tresume(int id)
 
 static int _tpriority(int id, int priority)
 {
-    if (unlikely(id <= 0))
-        return -EINVAL;
+    if (id <= 0 || (uint16_t) id != mo_task_id())
+        return -EPERM;
 
     return mo_task_priority(id, priority);
 }
diff --git a/kernel/task.c b/kernel/task.c
@@ -992,9 +992,20 @@ int32_t mo_task_spawn_user(void *task_entry, uint16_t stack_size)
 
 int32_t mo_task_cancel(uint16_t id)
 {
-    if (id == 0 || id == mo_task_id())
+    if (id == 0)
         return ERR_TASK_CANT_REMOVE;
 
+    /* Self-termination marks the task as zombie and yields to the scheduler.
+     * The dispatcher will reclaim resources after context switch completes.
+     */
+    if (id == mo_task_id()) {
+        tcb_t *self = kcb->task_current->data;
+        self->state = TASK_ZOMBIE;
+        _yield();
+        while (1)
+            ;
+    }
+
     CRITICAL_ENTER();
     list_node_t *node = find_task_node_by_id(id);
     if (!node) {

Original file line number	Diff line number	Diff line change
`@@ -278,8 +278,8 @@ int sys_task_spawn(void *task, int stack_size)`
`278`	`278`
`279`	`279`	`static int _tcancel(int id)`
`280`	`280`	`{`
`281`		`- if (unlikely(id <= 0))`
`282`		`- return -EINVAL;`
	`281`	`+ if (id <= 0 \|\| (uint16_t) id != mo_task_id())`
	`282`	`+ return -EPERM;`
`283`	`283`
`284`	`284`	`return mo_task_cancel(id);`
`285`	`285`	`}`
`@@ -316,8 +316,8 @@ int sys_tdelay(int ticks)`
`316`	`316`
`317`	`317`	`static int _tsuspend(int id)`
`318`	`318`	`{`
`319`		`- if (unlikely(id <= 0))`
`320`		`- return -EINVAL;`
	`319`	`+ if (id <= 0 \|\| (uint16_t) id != mo_task_id())`
	`320`	`+ return -EPERM;`
`321`	`321`
`322`	`322`	`return mo_task_suspend(id);`
`323`	`323`	`}`
`@@ -329,10 +329,9 @@ int sys_tsuspend(int id)`
`329`	`329`
`330`	`330`	`static int _tresume(int id)`
`331`	`331`	`{`
`332`		`- if (unlikely(id <= 0))`
`333`		`- return -EINVAL;`
`334`		`-`
`335`		`- return mo_task_resume(id);`
	`332`	`+ (void) id;`
	`333`	`+ /* U-mode cannot resume any task; suspended task cannot call syscall */`
	`334`	`+ return -EPERM;`
`336`	`335`	`}`
`337`	`336`
`338`	`337`	`int sys_tresume(int id)`
`@@ -342,8 +341,8 @@ int sys_tresume(int id)`
`342`	`341`
`343`	`342`	`static int _tpriority(int id, int priority)`
`344`	`343`	`{`
`345`		`- if (unlikely(id <= 0))`
`346`		`- return -EINVAL;`
	`344`	`+ if (id <= 0 \|\| (uint16_t) id != mo_task_id())`
	`345`	`+ return -EPERM;`
`347`	`346`
`348`	`347`	`return mo_task_priority(id, priority);`
`349`	`348`	`}`