Projects (at) Tadryanom (dot) Me

author	Tulio A M Mendes <[email protected]>
	Mon, 16 Feb 2026 22:32:09 +0000 (19:32 -0300)
committer	Tulio A M Mendes <[email protected]>
	Mon, 16 Feb 2026 22:32:09 +0000 (19:32 -0300)
commit	69b12c7adcb163b911bd7e70f7efe2a1761c128b
tree	36a6022799d78a93ae0239d142752350989a419d	tree \| snapshot
parent	33bbe8963d1397eae95b6651e4754152680d18a4	commit \| diff

fix: fork FD race condition + orphaned zombie memory leak

Bug 1 — Fork FD race (HIGH severity):
  process_fork_create() enqueued the child to the runqueue under
  sched_lock, but syscall_fork_impl() copied file descriptors AFTER
  the function returned — with sched_lock released. On SMP, the child
  could be scheduled on another CPU and reach userspace before FDs
  were populated, seeing NULL file descriptors.

  Fix: move FD copying (with refcount bumps) into process_fork_create()
  itself, under sched_lock, before the child is enqueued. Added proper
  rollback of refcount bumps if kstack_alloc fails.

Bug 2 — Orphaned zombie leak (MEDIUM severity):
  When a process exited, its children were not reparented to PID 1
  (init). Zombie children of exited parents could never be reaped via
  waitpid, leaking process structs and kernel stacks forever.

  Fix: in process_exit_notify(), iterate the process list and reparent
  all children to PID 1. If any reparented child is already a zombie
  and init is blocked in waitpid(-1), wake init immediately.

Also verified (no bugs found):
- EOI handling correct (sent before handlers, spurious skips EOI)
- Lock ordering safe (all locks use irqsave, no cross-CPU ABBA)
- Heap has double-free and corruption detection
- User stack has guard pages

83/83 smoke tests pass, cppcheck clean.

src/kernel/scheduler.c		diff \| blob \| blame \| history
src/kernel/syscall.c		diff \| blob \| blame \| history