Skip to content

linux/rust/kernel/task.rs

Imported from _research/manual-study-linux/file-notes/linux__rust__kernel__task.rs.md.

File Notes: rust/kernel/task.rs

Status: reviewed.

Purpose

rust/kernel/task.rs wraps Linux struct task_struct for Rust. It provides typed access to the current task, task identity, signal state, pid namespaces, credentials, wakeups, and sleep annotations while preserving C-side lifetime rules.

Key Types And Functions

  • current!(): safe macro for borrowing the current task.
  • Task: transparent wrapper around bindings::task_struct.
  • CurrentTask: current-context-only task wrapper with NotThreadSafe.
  • Pid and Kuid: process/user identifier wrappers.
  • Task::current_raw, unsafe Task::current, pid, uid, euid, signal_pending, get_pid_ns, tgid_nr_ns, and wake_up.
  • CurrentTask::mm, active_pid_ns, and group_leader.
  • AlwaysRefCounted for Task: bridges get_task_struct / put_task_struct.
  • might_sleep: Rust-side annotation for sleepable contexts.

Data Flow

current!() creates a scoped temporary reference to CurrentTask from the raw current task pointer. Task can also be held beyond the current scope through ARef<Task>, which increments the task refcount through the AlwaysRefCounted implementation.

Current-task-only APIs borrow data such as the current mm, active pid namespace, and group leader without taking references when the file can prove that the borrow cannot outlive the current task context.

Invariants And Safety Contracts

  • Every Task instance must be a valid task created by the C kernel.
  • Task allocations are refcounted with get_task_struct / put_task_struct.
  • CurrentTask must only be accessed from the task context in which it was created.
  • Returning to userspace, release_task, and begin_new_exec permanently leave a current task context.
  • kthread_use_mm creates a temporary sub-context; NotThreadSafe prevents leaking CurrentTask across it.
  • Shared Task access is allowed because immutable fields do not change and mutable C-owned fields are synchronized by C code.

Rust Translation Guidance

This is a direct model for Rust wrappers around scheduler/process objects: separate “the current task in this dynamic context” from “a refcounted task handle”. A Rust-first kernel should encode context-sensitive access in types instead of letting every API accept a generic task pointer.

Use NotThreadSafe-style markers for values that must not cross task, thread, or temporary context boundaries. Pair refcounted long-lived handles with short borrowed handles to avoid unnecessary increments in hot paths.

AI-Native Systems Guidance

Agent systems should distinguish ambient context from durable handles. An agent action running “as current task/session/workspace” should not be allowed to leak that authority into detached work unless it explicitly converts to an audited refcounted handle. This maps cleanly onto scoped permissions, capability leases, and cancellation.

Evidence

  • rust/kernel/task.rs:33-49: current!() macro and context-safety comments.
  • rust/kernel/task.rs:51-59: Task wrapper invariants.
  • rust/kernel/task.rs:95-107: Task representation and Send / Sync safety.
  • rust/kernel/task.rs:109-136: CurrentTask purpose and context invariants.
  • rust/kernel/task.rs:156-198: raw current task access and unsafe current reference contract.
  • rust/kernel/task.rs:206-270: task property, pid namespace, and wakeup APIs.
  • rust/kernel/task.rs:273-345: current-task-only mm, pid namespace, and group leader access.
  • rust/kernel/task.rs:349-361: AlwaysRefCounted implementation.
  • rust/kernel/task.rs:413-435: sleepable-context annotation.