Starry-OS · AsakuraMizu · Dec 24, 2025 · Copilot · Dec 24, 2025
diff --git a/api/src/syscall/task/clone.rs b/api/src/syscall/task/clone.rs
@@ -13,10 +13,10 @@ use starry_core::{
 };
 use starry_process::Pid;
 use starry_signal::Signo;
+use starry_vm::VmMutPtr;
 
 use crate::{
     file::{FD_TABLE, FileLike, PidFd},
-    mm::UserPtr,
     task::new_user_task,
 };
 
@@ -128,9 +128,9 @@ pub fn sys_clone(
     new_uctx.set_retval(0);
 
     let set_child_tid = if flags.contains(CloneFlags::CHILD_SETTID) {
-        Some(UserPtr::<u32>::from(child_tid).get_as_mut()?)
+        child_tid
     } else {
-        None
+        0
     };
 
     let curr = current();
@@ -140,7 +140,7 @@ pub fn sys_clone(
 
     let tid = new_task.id().as_u64() as Pid;
     if flags.contains(CloneFlags::PARENT_SETTID) {
-        *UserPtr::<Pid>::from(parent_tid).get_as_mut()? = tid;
+        (parent_tid as *mut Pid).vm_write(tid)?;
     }
 
     let new_proc_data = if flags.contains(CloneFlags::THREAD) {
@@ -214,7 +214,7 @@ pub fn sys_clone(
 
     if flags.contains(CloneFlags::PIDFD) {
         let pidfd = PidFd::new(&new_proc_data);
-        *UserPtr::<i32>::from(parent_tid).get_as_mut()? = pidfd.add_to_fd_table(true)?;
+        (parent_tid as *mut i32).vm_write(pidfd.add_to_fd_table(true)?)?;
     }
 
     let thr = Thread::new(tid, new_proc_data);

diff --git a/api/src/task.rs b/api/src/task.rs
@@ -7,7 +7,6 @@ use bytemuck::AnyBitPattern;
 use linux_raw_sys::general::ROBUST_LIST_LIMIT;
 use starry_core::{
     futex::FutexKey,
-    mm::access_user_memory,
     shm::SHM_MANAGER,
     task::{
         AsThread, get_process_data, get_task, send_signal_to_process, send_signal_to_thread,
@@ -25,20 +24,14 @@ use crate::{
 };
 
 /// Create a new user task.
-pub fn new_user_task(
-    name: &str,
-    mut uctx: UserContext,
-    set_child_tid: Option<&'static mut Pid>,
-) -> TaskInner {
+pub fn new_user_task(name: &str, mut uctx: UserContext, set_child_tid: usize) -> TaskInner {
     TaskInner::new(
         move || {
             let curr = axtask::current();
 
-            access_user_memory(|| {
-                if let Some(tid) = set_child_tid {
-                    *tid = curr.id().as_u64() as Pid;
-                }
-            });
+            if let Some(tid) = (set_child_tid as *mut Pid).nullable() {
+                tid.vm_write(curr.id().as_u64() as Pid).ok();
-                tid.vm_write(curr.id().as_u64() as Pid).ok();
+                if let Err(err) = tid.vm_write(curr.id().as_u64() as Pid) {
+                    warn!(
+                        "Failed to write child TID to user memory at {:p}: {:?}",
+                        tid.as_ptr(),
+                        err
+                    );
+                    // Mirror the behavior for serious memory faults by raising SIGSEGV.
+                    raise_signal_fatal(SignalInfo::new_kernel(Signo::SIGSEGV))
+                        .expect("Failed to send SIGSEGV");
+                }
-                tid.vm_write(curr.id().as_u64() as Pid).ok();
+                if let Err(err) = tid.vm_write(curr.id().as_u64() as Pid) {
+                    warn!(
+                        "Failed to write child TID to user memory at {:p}: {:?}",
+                        tid.as_ptr(),
+                        err
+                    );
+                    // Mirror the behavior for serious memory faults by raising SIGSEGV.
+                    raise_signal_fatal(SignalInfo::new_kernel(Signo::SIGSEGV))
+                        .expect("Failed to send SIGSEGV");
+                }
+            }
 
             info!("Enter user space: ip={:#x}, sp={:#x}", uctx.ip(), uctx.sp());
 

diff --git a/src/entry.rs b/src/entry.rs
@@ -36,7 +36,7 @@ pub fn run_initproc(args: &[String], envs: &[String]) -> i32 {
 
     let uctx = UserContext::new(entry_vaddr.into(), ustack_top, 0);
 
-    let mut task = new_user_task(name, uctx, None);
+    let mut task = new_user_task(name, uctx, 0);
     task.ctx_mut().set_page_table_root(uspace.page_table_root());
 
     let pid = task.id().as_u64() as Pid;