libmango: types: add macro to define a kern_msg_handle_t

when locking a pair of objects, the object with the lesser memory address
is always locked first. the pair is unlocked in the opposite order.

include/kernel/arg.h

@@ -1,8 +1,8 @@
 #ifndef KERNEL_ARG_H_
 #define KERNEL_ARG_H_
 
+#include <mango/types.h>
 #include <stdbool.h>
-#include <mango/status.h>
 
 #define CMDLINE_MAX 4096
 

include/kernel/channel.h

@@ -4,7 +4,7 @@
 #include <kernel/object.h>
 #include <kernel/sched.h>
 
-struct kmsg;
+struct msg;
 
 struct channel {
 	struct object c_base;
@@ -21,17 +21,16 @@ extern struct channel *channel_create(void);
 
 extern kern_status_t channel_enqueue_msg(
 	struct channel *channel,
-	struct kmsg *msg);
+	struct msg *msg);
 
 extern kern_status_t channel_recv_msg(
 	struct channel *channel,
-	struct msg *out_msg,
+	kern_msg_t *out_msg,
-	msgid_t *out_id,
 	unsigned long *irq_flags);
 extern kern_status_t channel_reply_msg(
 	struct channel *channel,
 	msgid_t id,
-	const struct msg *resp,
+	const kern_msg_t *reply,
 	unsigned long *irq_flags);
 
 extern kern_status_t channel_read_msg(
@@ -39,7 +38,7 @@ extern kern_status_t channel_read_msg(
 	msgid_t msg,
 	size_t offset,
 	struct vm_region *dest_region,
-	const struct iovec *dest_iov,
+	const kern_iovec_t *dest_iov,
 	size_t dest_iov_count,
 	size_t *nr_read);
 extern kern_status_t channel_write_msg(
@@ -47,7 +46,7 @@ extern kern_status_t channel_write_msg(
 	msgid_t msg,
 	size_t offset,
 	struct vm_region *src_region,
-	const struct iovec *src_iov,
+	const kern_iovec_t *src_iov,
 	size_t src_iov_count,
 	size_t *nr_written);
 

include/kernel/console.h

@@ -14,9 +14,10 @@
    representing a serial port may allow both sending AND receiving over the
    port.
 */
-#include <kernel/queue.h>
 #include <kernel/locks.h>
+#include <kernel/queue.h>
 #include <mango/status.h>
+#include <mango/types.h>
 
 #ifdef __cplusplus
 extern "C" {

include/kernel/handle.h

@@ -3,6 +3,7 @@
 
 #include <kernel/bitmap.h>
 #include <mango/status.h>
+#include <mango/types.h>
 #include <stddef.h>
 #include <stdint.h>
 
@@ -16,6 +17,7 @@ typedef uintptr_t handle_flags_t;
 
 struct task;
 struct object;
+struct vm_region;
 struct handle_list;
 
 struct handle {
@@ -54,12 +56,14 @@ extern struct handle *handle_table_get_handle(
 	struct handle_table *tab,
 	kern_handle_t handle);
 
-extern kern_status_t handle_list_transfer(
+extern kern_status_t handle_table_transfer(
-	struct handle_table *dest,
+	struct vm_region *dst_region,
-	struct handle_list *dest_list,
+	struct handle_table *dst,
-	size_t dest_list_count,
+	kern_msg_handle_t *dst_handles,
+	size_t dst_handles_max,
+	struct vm_region *src_region,
 	struct handle_table *src,
-	const struct handle_list *src_list,
+	kern_msg_handle_t *src_handles,
-	size_t src_list_count);
+	size_t src_handles_count);
 
 #endif

include/kernel/iovec.h

@@ -8,7 +8,7 @@ struct iovec_iterator {
 	/* if this is set, we are iterating over a list of iovecs stored in
 	 * userspace, and must go through this region to retrieve the data. */
 	struct vm_region *it_region;
-	const struct iovec *it_vecs;
+	const kern_iovec_t *it_vecs;
 	size_t it_nr_vecs;
 	size_t it_vec_ptr;
 
@@ -18,12 +18,12 @@ struct iovec_iterator {
 
 extern void iovec_iterator_begin(
 	struct iovec_iterator *it,
-	const struct iovec *vecs,
+	const kern_iovec_t *vecs,
 	size_t nr_vecs);
 extern void iovec_iterator_begin_user(
 	struct iovec_iterator *it,
 	struct vm_region *address_space,
-	const struct iovec *vecs,
+	const kern_iovec_t *vecs,
 	size_t nr_vecs);
 
 extern void iovec_iterator_seek(struct iovec_iterator *it, size_t nr_bytes);

include/kernel/locks.h

@@ -22,6 +22,38 @@ typedef __aligned(8) ml_hwlock_t spin_lock_t;
 #define spin_unlock_irqrestore(lck, flags)                                     \
 	ml_hwlock_unlock_irqrestore(lck, flags);
 
+static inline void spin_lock_pair_irqsave(
+	spin_lock_t *a,
+	spin_lock_t *b,
+	unsigned long *flags)
+{
+	if (a == b) {
+		spin_lock_irqsave(a, flags);
+	} else if (a < b) {
+		spin_lock_irqsave(a, flags);
+		spin_lock(b);
+	} else {
+		spin_lock_irqsave(b, flags);
+		spin_lock(a);
+	}
+}
+
+static inline void spin_unlock_pair_irqrestore(
+	spin_lock_t *a,
+	spin_lock_t *b,
+	unsigned long flags)
+{
+	if (a == b) {
+		spin_unlock_irqrestore(a, flags);
+	} else if (a < b) {
+		spin_unlock(b);
+		spin_unlock_irqrestore(a, flags);
+	} else {
+		spin_unlock(a);
+		spin_unlock_irqrestore(b, flags);
+	}
+}
+
 #ifdef __cplusplus
 }
 #endif

include/kernel/msg.h

@@ -15,7 +15,7 @@ enum kmsg_status {
 	KMSG_REPLY_SENT,
 };
 
-struct kmsg {
+struct msg {
 	spin_lock_t msg_lock;
 	enum kmsg_status msg_status;
 	struct btree_node msg_node;
@@ -23,8 +23,7 @@ struct kmsg {
 	kern_status_t msg_result;
 	struct port *msg_sender_port;
 	struct thread *msg_sender_thread;
-	struct msg msg_req;
+	kern_msg_t msg_req, msg_resp;
-	struct msg msg_resp;
 };
 
 #endif

include/kernel/object.h

@@ -31,6 +31,20 @@ extern "C" {
 		unsigned long flags)                                           \
 	{                                                                      \
 		object_unlock_irqrestore(&p->base, flags);                     \
+	}                                                                      \
+	static inline void object_name##_lock_pair_irqsave(                    \
+		struct object_name *a,                                         \
+		struct object_name *b,                                         \
+		unsigned long *flags)                                          \
+	{                                                                      \
+		object_lock_pair_irqsave(&a->base, &b->base, flags);           \
+	}                                                                      \
+	static inline void object_name##_unlock_pair_irqrestore(               \
+		struct object_name *a,                                         \
+		struct object_name *b,                                         \
+		unsigned long flags)                                           \
+	{                                                                      \
+		object_unlock_pair_irqrestore(&a->base, &b->base, flags);      \
 	}
 
 #define OBJECT_MAGIC    0xBADDCAFE
@@ -92,6 +106,15 @@ extern void object_unlock(struct object *obj);
 extern void object_lock_irqsave(struct object *obj, unsigned long *flags);
 extern void object_unlock_irqrestore(struct object *obj, unsigned long flags);
 
+extern void object_lock_pair_irqsave(
+	struct object *a,
+	struct object *b,
+	unsigned long *flags);
+extern void object_unlock_pair_irqrestore(
+	struct object *a,
+	struct object *b,
+	unsigned long flags);
+
 #ifdef __cplusplus
 }
 #endif

include/kernel/port.h

@@ -32,8 +32,8 @@ extern kern_status_t port_connect(struct port *port, struct channel *remote);
 extern kern_status_t port_disconnect(struct port *port);
 extern kern_status_t port_send_msg(
 	struct port *port,
-	const struct msg *req,
+	const kern_msg_t *msg,
-	struct msg *resp,
+	kern_msg_t *out_response,
 	unsigned long *lock_flags);
 
 DEFINE_OBJECT_LOCK_FUNCTION(port, p_base)

include/kernel/sched.h

@@ -85,6 +85,7 @@ struct task {
 
 	pmap_t t_pmap;
 	struct vm_region *t_address_space;
+	spin_lock_t t_handles_lock;
 	struct handle_table *t_handles;
 	struct btree b_channels;
 
@@ -114,7 +115,7 @@ struct thread {
 	virt_addr_t tr_cpu_user_sp, tr_cpu_kernel_sp;
 
 	struct runqueue *tr_rq;
-	struct kmsg tr_msg;
+	struct msg tr_msg;
 
 	struct queue_entry tr_parent_entry;
 	struct queue_entry tr_rqentry;

include/kernel/syscall.h

@@ -2,16 +2,14 @@
 #define KERNEL_SYSCALL_H_
 
 #include <kernel/handle.h>
+#include <kernel/sched.h>
+#include <kernel/vm-region.h>
 #include <kernel/vm.h>
 #include <mango/status.h>
 #include <mango/syscall.h>
 
 #define validate_access(task, ptr, len, flags)                                 \
-	vm_region_validate_access(                                             \
+	__validate_access(task, (const void *)ptr, len, flags)
-		task->t_address_space,                                         \
-		(virt_addr_t)ptr,                                              \
-		len,                                                           \
-		flags | VM_PROT_USER)
 #define validate_access_r(task, ptr, len)                                      \
 	validate_access(task, ptr, len, VM_PROT_READ | VM_PROT_USER)
 #define validate_access_w(task, ptr, len)                                      \
@@ -23,6 +21,23 @@
 		len,                                                           \
 		VM_PROT_READ | VM_PROT_WRITE | VM_PROT_USER)
 
+static inline bool __validate_access(
+	struct task *task,
+	const void *ptr,
+	size_t len,
+	vm_prot_t flags)
+{
+	unsigned long irq_flags;
+	vm_region_lock_irqsave(task->t_address_space, &irq_flags);
+	bool result = vm_region_validate_access(
+		task->t_address_space,
+		(virt_addr_t)ptr,
+		len,
+		flags | VM_PROT_USER);
+	vm_region_unlock_irqrestore(task->t_address_space, irq_flags);
+	return result;
+}
+
 extern kern_status_t sys_task_exit(int status);
 extern kern_status_t sys_task_self(kern_handle_t *out);
 extern kern_status_t sys_task_create(
@@ -128,10 +143,7 @@ extern kern_status_t sys_kern_config_set(
 	const void *ptr,
 	size_t len);
 
-extern kern_status_t sys_channel_create(
+extern kern_status_t sys_channel_create(unsigned int id, kern_handle_t *out);
-	unsigned int id,
-	channel_flags_t flags,
-	kern_handle_t *out);
 extern kern_status_t sys_port_create(kern_handle_t *out);
 extern kern_status_t sys_port_connect(
 	kern_handle_t port,
@@ -141,48 +153,28 @@ extern kern_status_t sys_port_disconnect(kern_handle_t port);
 
 extern kern_status_t sys_msg_send(
 	kern_handle_t port,
-	msg_flags_t flags,
+	const kern_msg_t *msg,
-	const struct msg *req,
+	kern_msg_t *out_reply);
-	struct msg *resp);
+extern kern_status_t sys_msg_recv(kern_handle_t channel, kern_msg_t *out_msg);
-
-extern kern_status_t sys_msg_recv(
-	kern_handle_t channel,
-	msg_flags_t flags,
-	msgid_t *out_id,
-	struct msg *out_msg);
 
 extern kern_status_t sys_msg_reply(
 	kern_handle_t channel,
-	msg_flags_t flags,
 	msgid_t id,
-	const struct msg *reply);
+	const kern_msg_t *msg);
-
 extern kern_status_t sys_msg_read(
 	kern_handle_t channel_handle,
 	msgid_t id,
 	size_t offset,
-	const struct iovec *iov,
+	const kern_iovec_t *iov,
 	size_t iov_count,
 	size_t *nr_read);
-extern kern_status_t sys_msg_read_handles(
-	kern_handle_t channel,
-	msgid_t id,
-	size_t offset,
-	struct handle_list *out,
-	size_t nr_out);
-
 extern kern_status_t sys_msg_write(
 	kern_handle_t channel,
 	msgid_t id,
 	size_t offset,
-	const struct iovec *in,
+	const kern_iovec_t *in,
-	size_t nr_in);
+	size_t nr_in,
-extern kern_status_t sys_msg_write_handles(
+	size_t *nr_written);
-	kern_handle_t channel,
-	msgid_t id,
-	size_t offset,
-	const struct handle_list *in,
-	size_t nr_in);
 
 extern virt_addr_t syscall_get_function(unsigned int sysid);
 

include/kernel/vm-region.h

@@ -6,7 +6,7 @@
 #include <kernel/vm.h>
 
 #define VM_REGION_NAME_MAX 64
-#define VM_REGION_COPY_ALL ((size_t) - 1)
+#define VM_REGION_COPY_ALL ((size_t)-1)
 
 struct vm_region;
 struct vm_object;
@@ -157,6 +157,15 @@ extern kern_status_t vm_region_read_kernel(
 	void *dest,
 	size_t *nr_read);
 
+/* write data to the user-space area of a vm-region from a kernel-mode buffer
+ */
+extern kern_status_t vm_region_write_kernel(
+	struct vm_region *dst_region,
+	virt_addr_t dst_ptr,
+	size_t count,
+	const void *src,
+	size_t *nr_written);
+
 extern kern_status_t vm_region_memmove(
 	struct vm_region *dest_region,
 	virt_addr_t dest_ptr,
@@ -168,11 +177,11 @@ extern kern_status_t vm_region_memmove(
 extern kern_status_t vm_region_memmove_v(
 	struct vm_region *dest_region,
 	size_t dest_offset,
-	const struct iovec *dest,
+	const kern_iovec_t *dest,
 	size_t nr_dest,
 	struct vm_region *src_region,
 	size_t src_offset,
-	const struct iovec *src,
+	const kern_iovec_t *src,
 	size_t nr_src,
 	size_t bytes_to_move,
 	size_t *nr_bytes_moved);

kernel/arg.c

@@ -1,6 +1,7 @@
 #include <kernel/arg.h>
-#include <kernel/libc/string.h>
 #include <kernel/libc/ctype.h>
+#include <kernel/libc/string.h>
+#include <mango/status.h>
 
 static char g_cmdline[CMDLINE_MAX + 1] = {0};
 
@@ -81,7 +82,6 @@ static char *advance_to_next_arg(char *s, char *max)
 	return s;
 }
 
-
 const char *arg_value(const char *arg_name)
 {
 	char *s = g_cmdline;

kernel/bsp.c

@@ -69,7 +69,7 @@ kern_status_t bsp_load(struct bsp *bsp, const struct boot_module *mod)
 	return KERN_OK;
 }
 
-static kern_status_t map_executable(
+static kern_status_t map_executable_dyn(
 	struct bsp *bsp,
 	struct task *task,
 	virt_addr_t *entry)
@@ -164,6 +164,82 @@ static kern_status_t map_executable(
 	return KERN_OK;
 }
 
+static kern_status_t map_executable_exec(
+	struct bsp *bsp,
+	struct task *task,
+	virt_addr_t *entry)
+{
+	kern_status_t status = KERN_OK;
+	struct vm_object *data = vm_object_create(
+		".data",
+		5,
+		bsp->bsp_trailer.bsp_data_size,
+		VM_PROT_READ | VM_PROT_WRITE | VM_PROT_USER);
+	if (!data) {
+		return KERN_NO_MEMORY;
+	}
+
+	virt_addr_t text_base = 0, data_base = 0;
+
+	off_t text_foffset = bsp->bsp_trailer.bsp_exec_offset
+	                   + bsp->bsp_trailer.bsp_text_faddr;
+	off_t data_foffset = 0;
+	off_t text_voffset = bsp->bsp_trailer.bsp_text_vaddr;
+	off_t data_voffset = bsp->bsp_trailer.bsp_data_vaddr;
+
+	text_voffset -= vm_region_get_base_address(task->t_address_space);
+	data_voffset -= vm_region_get_base_address(task->t_address_space);
+
+#if 0
+	size_t tmp = 0;
+	status = vm_object_copy(
+		data,
+		0,
+		bsp->bsp_vmo,
+		bsp->bsp_trailer.bsp_data_faddr,
+		bsp->bsp_trailer.bsp_data_size,
+		&tmp);
+
+	tracek("read %zuB of data from executable", tmp);
+#endif
+
+	tracek("text_foffset=%06llx, data_foffset=%06llx",
+	       text_foffset,
+	       data_foffset);
+	tracek("text_voffset=%08llx, data_voffset=%08llx",
+	       text_voffset,
+	       data_voffset);
+
+	status = vm_region_map_object(
+		task->t_address_space,
+		text_voffset,
+		bsp->bsp_vmo,
+		text_foffset,
+		bsp->bsp_trailer.bsp_text_size,
+		VM_PROT_READ | VM_PROT_EXEC | VM_PROT_USER,
+		&text_base);
+	if (status != KERN_OK) {
+		return status;
+	}
+
+	status = vm_region_map_object(
+		task->t_address_space,
+		data_voffset,
+		data,
+		data_foffset,
+		bsp->bsp_trailer.bsp_data_size,
+		VM_PROT_READ | VM_PROT_WRITE | VM_PROT_USER,
+		&data_base);
+	if (status != KERN_OK) {
+		return status;
+	}
+
+	tracek("text_base=%08llx, data_base=%08llx", text_base, data_base);
+
+	*entry = bsp->bsp_trailer.bsp_exec_entry;
+	return KERN_OK;
+}
+
 kern_status_t bsp_launch_async(struct bsp *bsp, struct task *task)
 {
 	virt_addr_t stack_buffer, bsp_data_base;
@@ -205,7 +281,7 @@ kern_status_t bsp_launch_async(struct bsp *bsp, struct task *task)
 		return status;
 	}
 
-	status = map_executable(bsp, task, &entry);
+	status = map_executable_exec(bsp, task, &entry);
 	if (status != KERN_OK) {
 		return status;
 	}

kernel/channel.c

@@ -1,5 +1,6 @@
 #include <kernel/channel.h>
 #include <kernel/msg.h>
+#include <kernel/port.h>
 #include <kernel/util.h>
 #include <kernel/vm-region.h>
 
@@ -11,7 +12,7 @@ static struct object_type channel_type = {
 	.ob_header_offset = offsetof(struct channel, c_base),
 };
 
-BTREE_DEFINE_SIMPLE_GET(struct kmsg, msgid_t, msg_node, msg_id, get_msg_with_id)
+BTREE_DEFINE_SIMPLE_GET(struct msg, msgid_t, msg_node, msg_id, get_msg_with_id)
 
 kern_status_t channel_type_init(void)
 {
@@ -35,7 +36,7 @@ extern struct channel *channel_create(void)
 	return channel;
 }
 
-static bool try_enqueue(struct btree *tree, struct kmsg *msg)
+static bool try_enqueue(struct btree *tree, struct msg *msg)
 {
 	if (!tree->b_root) {
 		tree->b_root = &msg->msg_node;
@@ -45,8 +46,8 @@ static bool try_enqueue(struct btree *tree, struct kmsg *msg)
 
 	struct btree_node *cur = tree->b_root;
 	while (1) {
-		struct kmsg *cur_node
+		struct msg *cur_node
-			= BTREE_CONTAINER(struct kmsg, msg_node, cur);
+			= BTREE_CONTAINER(struct msg, msg_node, cur);
 		struct btree_node *next = NULL;
 
 		if (msg->msg_id > cur_node->msg_id) {
@@ -75,26 +76,28 @@ static bool try_enqueue(struct btree *tree, struct kmsg *msg)
 }
 
 static void kmsg_reply_error(
-	struct kmsg *msg,
+	struct msg *msg,
 	kern_status_t status,
 	unsigned long *lock_flags)
 {
 	msg->msg_status = KMSG_REPLY_SENT;
+	msg->msg_sender_port->p_status = PORT_READY;
 	msg->msg_result = status;
 	thread_awaken(msg->msg_sender_thread);
 	spin_unlock_irqrestore(&msg->msg_lock, *lock_flags);
 }
 
-static struct kmsg *get_next_msg(
+static struct msg *get_next_msg(
 	struct channel *channel,
 	unsigned long *lock_flags)
 {
 	struct btree_node *cur = btree_first(&channel->c_msg);
 	while (cur) {
-		struct kmsg *msg = BTREE_CONTAINER(struct kmsg, msg_node, cur);
+		struct msg *msg = BTREE_CONTAINER(struct msg, msg_node, cur);
 		spin_lock_irqsave(&msg->msg_lock, lock_flags);
 		if (msg->msg_status == KMSG_WAIT_RECEIVE) {
 			msg->msg_status = KMSG_WAIT_REPLY;
+			msg->msg_sender_port->p_status = PORT_REPLY_BLOCKED;
 			return msg;
 		}
 
@@ -107,7 +110,7 @@ static struct kmsg *get_next_msg(
 
 extern kern_status_t channel_enqueue_msg(
 	struct channel *channel,
-	struct kmsg *msg)
+	struct msg *msg)
 {
 	fill_random(&msg->msg_id, sizeof msg->msg_id);
 	while (!try_enqueue(&channel->c_msg, msg)) {
@@ -121,13 +124,12 @@ extern kern_status_t channel_enqueue_msg(
 
 extern kern_status_t channel_recv_msg(
 	struct channel *channel,
-	struct msg *out_msg,
+	kern_msg_t *out_msg,
-	msgid_t *out_id,
 	unsigned long *irq_flags)
 {
 	struct wait_item waiter;
 	struct thread *self = current_thread();
-	struct kmsg *msg = NULL;
+	struct msg *msg = NULL;
 	unsigned long msg_lock_flags;
 
 	wait_item_init(&waiter, self);
@@ -149,35 +151,59 @@ extern kern_status_t channel_recv_msg(
 	struct task *sender = msg->msg_sender_thread->tr_parent;
 	struct task *receiver = self->tr_parent;
 
+	struct vm_region *src = sender->t_address_space,
+			 *dst = receiver->t_address_space;
+
+	unsigned long f;
+	vm_region_lock_pair_irqsave(src, dst, &f);
+
 	kern_status_t status = vm_region_memmove_v(
-		receiver->t_address_space,
+		dst,
 		0,
 		out_msg->msg_data,
 		out_msg->msg_data_count,
-		sender->t_address_space,
+		src,
 		0,
 		msg->msg_req.msg_data,
 		msg->msg_req.msg_data_count,
 		VM_REGION_COPY_ALL,
 		NULL);
+
 	if (status != KERN_OK) {
 		kmsg_reply_error(msg, status, &msg_lock_flags);
 		return status;
 	}
 
-	status = handle_list_transfer(
+	struct handle_table *src_table = sender->t_handles,
-		receiver->t_handles,
+			    *dst_table = receiver->t_handles;
+
+	spin_lock_pair_irqsave(
+		&sender->t_handles_lock,
+		&receiver->t_handles_lock,
+		&f);
+	status = handle_table_transfer(
+		dst,
+		dst_table,
 		out_msg->msg_handles,
 		out_msg->msg_handles_count,
-		sender->t_handles,
+		src,
+		src_table,
 		msg->msg_req.msg_handles,
 		msg->msg_req.msg_handles_count);
+	spin_unlock_pair_irqrestore(
+		&sender->t_handles_lock,
+		&receiver->t_handles_lock,
+		f);
+	vm_region_unlock_pair_irqrestore(src, dst, f);
+
 	if (status != KERN_OK) {
 		kmsg_reply_error(msg, status, &msg_lock_flags);
 		return status;
 	}
 
-	*out_id = msg->msg_id;
+	out_msg->msg_id = msg->msg_id;
+	out_msg->msg_sender = msg->msg_sender_thread->tr_parent->t_id;
+	out_msg->msg_endpoint = msg->msg_sender_port->p_base.ob_id;
 
 	spin_unlock_irqrestore(&msg->msg_lock, msg_lock_flags);
 
@@ -187,11 +213,11 @@ extern kern_status_t channel_recv_msg(
 extern kern_status_t channel_reply_msg(
 	struct channel *channel,
 	msgid_t id,
-	const struct msg *resp,
+	const kern_msg_t *reply,
 	unsigned long *irq_flags)
 {
 	unsigned long msg_lock_flags;
-	struct kmsg *msg = get_msg_with_id(&channel->c_msg, id);
+	struct msg *msg = get_msg_with_id(&channel->c_msg, id);
 	if (!msg) {
 		return KERN_INVALID_ARGUMENT;
 	}
@@ -208,29 +234,50 @@ extern kern_status_t channel_reply_msg(
 	/* the task that is about to send the response */
 	struct task *sender = self->tr_parent;
 
+	struct vm_region *src = sender->t_address_space,
+			 *dst = receiver->t_address_space;
+	unsigned long f;
+	vm_region_lock_pair_irqsave(src, dst, &f);
+
 	kern_status_t status = vm_region_memmove_v(
-		receiver->t_address_space,
+		dst,
 		0,
 		msg->msg_resp.msg_data,
 		msg->msg_resp.msg_data_count,
-		sender->t_address_space,
+		src,
 		0,
-		resp->msg_data,
+		reply->msg_data,
-		resp->msg_data_count,
+		reply->msg_data_count,
 		VM_REGION_COPY_ALL,
 		NULL);
+
 	if (status != KERN_OK) {
 		kmsg_reply_error(msg, status, &msg_lock_flags);
 		return status;
 	}
 
-	status = handle_list_transfer(
+	struct handle_table *src_table = sender->t_handles,
-		receiver->t_handles,
+			    *dst_table = receiver->t_handles;
+
+	spin_lock_pair_irqsave(
+		&sender->t_handles_lock,
+		&receiver->t_handles_lock,
+		&f);
+	status = handle_table_transfer(
+		dst,
+		dst_table,
 		msg->msg_resp.msg_handles,
 		msg->msg_resp.msg_handles_count,
-		sender->t_handles,
+		src,
-		resp->msg_handles,
+		src_table,
-		resp->msg_handles_count);
+		reply->msg_handles,
+		reply->msg_handles_count);
+	spin_unlock_pair_irqrestore(
+		&sender->t_handles_lock,
+		&receiver->t_handles_lock,
+		f);
+	vm_region_unlock_pair_irqrestore(src, dst, f);
+
 	if (status != KERN_OK) {
 		kmsg_reply_error(msg, status, &msg_lock_flags);
 		return status;
@@ -246,12 +293,12 @@ extern kern_status_t channel_read_msg(
 	msgid_t id,
 	size_t offset,
 	struct vm_region *dest_region,
-	const struct iovec *dest_iov,
+	const kern_iovec_t *dest_iov,
 	size_t dest_iov_count,
 	size_t *nr_read)
 {
 	unsigned long msg_lock_flags;
-	struct kmsg *msg = get_msg_with_id(&channel->c_msg, id);
+	struct msg *msg = get_msg_with_id(&channel->c_msg, id);
 	if (!msg) {
 		return KERN_INVALID_ARGUMENT;
 	}
@@ -262,17 +309,24 @@ extern kern_status_t channel_read_msg(
 		return KERN_INVALID_ARGUMENT;
 	}
 
+	struct vm_region *src_region
+		= msg->msg_sender_thread->tr_parent->t_address_space;
+
+	unsigned long f;
+	vm_region_lock_pair_irqsave(src_region, dest_region, &f);
+
 	kern_status_t status = vm_region_memmove_v(
 		dest_region,
 		0,
 		dest_iov,
 		dest_iov_count,
-		msg->msg_sender_thread->tr_parent->t_address_space,
+		src_region,
 		offset,
 		msg->msg_req.msg_data,
 		msg->msg_req.msg_data_count,
 		VM_REGION_COPY_ALL,
 		nr_read);
+	vm_region_unlock_pair_irqrestore(src_region, dest_region, f);
 
 	spin_unlock_irqrestore(&msg->msg_lock, msg_lock_flags);
 
@@ -281,12 +335,45 @@ extern kern_status_t channel_read_msg(
 
 extern kern_status_t channel_write_msg(
 	struct channel *channel,
-	msgid_t msg,
+	msgid_t id,
 	size_t offset,
 	struct vm_region *src_region,
-	const struct iovec *src_iov,
+	const kern_iovec_t *src_iov,
 	size_t src_iov_count,
 	size_t *nr_written)
 {
-	return KERN_UNIMPLEMENTED;
+	unsigned long msg_lock_flags;
+	struct msg *msg = get_msg_with_id(&channel->c_msg, id);
+	if (!msg) {
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	spin_lock_irqsave(&msg->msg_lock, &msg_lock_flags);
+	if (msg->msg_status != KMSG_WAIT_REPLY) {
+		spin_unlock_irqrestore(&msg->msg_lock, msg_lock_flags);
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	struct vm_region *dest_region
+		= msg->msg_sender_thread->tr_parent->t_address_space;
+
+	unsigned long f;
+	vm_region_lock_pair_irqsave(src_region, dest_region, &f);
+
+	kern_status_t status = vm_region_memmove_v(
+		dest_region,
+		offset,
+		msg->msg_resp.msg_data,
+		msg->msg_resp.msg_data_count,
+		src_region,
+		0,
+		src_iov,
+		src_iov_count,
+		VM_REGION_COPY_ALL,
+		nr_written);
+	vm_region_unlock_pair_irqrestore(src_region, dest_region, f);
+
+	spin_unlock_irqrestore(&msg->msg_lock, msg_lock_flags);
+
+	return status;
 }

kernel/handle.c

@@ -3,7 +3,9 @@
 #include <kernel/object.h>
 #include <kernel/sched.h>
 #include <kernel/util.h>
+#include <kernel/vm-region.h>
 #include <kernel/vm.h>
+#include <mango/types.h>
 
 /* depth=3 gives a maximum of ~66.6 million handles */
 #define MAX_TABLE_DEPTH  3
@@ -192,122 +194,143 @@ struct handle *handle_table_get_handle(
 	return &tab->t_handles.t_handle_list[handle_index];
 }
 
-struct handle_list_iterator {
+kern_status_t handle_table_transfer(
-	struct handle_list *it_list;
+	struct vm_region *dst_region,
-	size_t it_list_count;
+	struct handle_table *dst,
-	size_t it_list_ptr;
+	kern_msg_handle_t *dst_handles,
-
+	size_t dst_handles_max,
-	kern_handle_t *it_handles;
+	struct vm_region *src_region,
-	size_t it_nr_handles;
+	struct handle_table *src,
-};
+	kern_msg_handle_t *src_handles,
-
+	size_t src_handles_count)
-static void handle_list_iterator_begin(
-	struct handle_list_iterator *it,
-	struct handle_list *list,
-	size_t list_count)
 {
-	memset(it, 0x0, sizeof *it);
+	kern_status_t status = KERN_OK;
-	it->it_list = list;
+	size_t to_transfer = MIN(dst_handles_max, src_handles_count);
-	it->it_list_count = list_count;
 
-	while (it->it_list_ptr < list_count) {
+	size_t i = 0;
-		if (list[it->it_list_ptr].l_nr_handles > 0) {
+	for (size_t i = 0; i < to_transfer; i++) {
+		kern_msg_handle_t src_handle = {0}, dst_handle = {0};
+		virt_addr_t src_handle_addr
+			= (virt_addr_t)src_handles + (i * sizeof src_handle);
+		virt_addr_t dst_handle_addr
+			= (virt_addr_t)dst_handles + (i * sizeof dst_handle);
+		status = vm_region_read_kernel(
+			src_region,
+			src_handle_addr,
+			sizeof src_handle,
+			&src_handle,
+			NULL);
+
+		if (status != KERN_OK) {
+			src_handle.hnd_result = KERN_OK;
+			vm_region_write_kernel(
+				src_region,
+				src_handle_addr,
+				sizeof src_handle,
+				&src_handle,
+				NULL);
 			break;
 		}
 
-		it->it_list_ptr++;
+		struct handle *src_entry
-	}
+			= handle_table_get_handle(src, src_handle.hnd_value);
+		struct handle *dst_entry = NULL;
+		kern_handle_t dst_value = KERN_HANDLE_INVALID;
 
-	if (it->it_list_ptr >= list_count) {
+		if (!src_entry) {
-		return;
+			status = KERN_INVALID_ARGUMENT;
-	}
+			src_handle.hnd_result = KERN_OK;
-
+			vm_region_write_kernel(
-	it->it_handles = list[it->it_list_ptr].l_handles;
+				src_region,
-	it->it_nr_handles = list[it->it_list_ptr].l_nr_handles;
+				src_handle_addr,
-}
+				sizeof src_handle,
-
+				&src_handle,
-static void handle_list_iterator_seek(
+				NULL);
-	struct handle_list_iterator *it,
-	size_t nr_handles)
-{
-	if (nr_handles > it->it_nr_handles) {
-		nr_handles = it->it_nr_handles;
-	}
-
-	if (nr_handles < it->it_nr_handles) {
-		it->it_handles += nr_handles;
-		it->it_nr_handles -= nr_handles;
-		return;
-	}
-
-	it->it_list_ptr++;
-	while (it->it_list_ptr < it->it_list_count) {
-		if (it->it_list[it->it_list_ptr].l_nr_handles > 0) {
 			break;
 		}
 
-		it->it_list_ptr++;
+		switch (src_handle.hnd_mode) {
-	}
+		case KERN_MSG_HANDLE_IGNORE:
-
+			break;
-	if (it->it_list_ptr >= it->it_list_count) {
+		case KERN_MSG_HANDLE_MOVE:
-		return;
+			status = handle_table_alloc_handle(
-	}
+				dst,
-
+				&dst_entry,
-	it->it_handles = it->it_list[it->it_list_ptr].l_handles;
+				&dst_value);
-	it->it_nr_handles = it->it_list[it->it_list_ptr].l_nr_handles;
-}
-
-kern_status_t handle_list_transfer(
-	struct handle_table *dest_table,
-	struct handle_list *dest_list,
-	size_t dest_list_count,
-	struct handle_table *src_table,
-	const struct handle_list *src_list,
-	size_t src_list_count)
-{
-	struct handle_list_iterator src, dest;
-	handle_list_iterator_begin(
-		&src,
-		(struct handle_list *)src_list,
-		src_list_count);
-	handle_list_iterator_begin(&dest, dest_list, dest_list_count);
-
-	while (src.it_nr_handles && dest.it_nr_handles) {
-		size_t to_copy = MIN(src.it_nr_handles, dest.it_nr_handles);
-		for (size_t i = 0; i < to_copy; i++) {
-			kern_handle_t handle_v = src.it_handles[i];
-			struct handle *handle
-				= handle_table_get_handle(src_table, handle_v);
-			if (!handle) {
-				return KERN_HANDLE_INVALID;
-			}
-
-			struct object *obj = object_ref(handle->h_object);
-			handle_flags_t flags = handle->h_flags;
-
-			handle_table_free_handle(src_table, handle_v);
-
-			struct handle *dest_slot = NULL;
-			kern_status_t status = handle_table_alloc_handle(
-				dest_table,
-				&dest_slot,
-				&handle_v);
 			if (status != KERN_OK) {
-				return status;
+				break;
 			}
 
-			dest_slot->h_object = obj;
+			dst_entry->h_object = src_entry->h_object;
-			dest_slot->h_flags = flags;
+			dst_entry->h_flags = src_entry->h_flags;
+			object_add_handle(dst_entry->h_object);
 
-			object_add_handle(obj);
+			handle_table_free_handle(src, src_handles[i].hnd_value);
-			object_unref(obj);
 
-			dest.it_handles[i] = handle_v;
+			dst_handle.hnd_mode = src_handles[i].hnd_mode;
+			dst_handle.hnd_value = dst_value;
+			dst_handle.hnd_result = KERN_OK;
+			break;
+		case KERN_MSG_HANDLE_COPY:
+			status = handle_table_alloc_handle(
+				dst,
+				&dst_entry,
+				&dst_value);
+			if (status != KERN_OK) {
+				break;
+			}
+
+			dst_entry->h_object = src_entry->h_object;
+			dst_entry->h_flags = src_entry->h_flags;
+			object_add_handle(dst_entry->h_object);
+
+			dst_handle.hnd_mode = src_handles[i].hnd_mode;
+			dst_handle.hnd_value = dst_value;
+			dst_handle.hnd_result = KERN_OK;
+			break;
+		default:
+			status = KERN_INVALID_ARGUMENT;
+			break;
 		}
 
-		handle_list_iterator_seek(&src, to_copy);
+		src_handle.hnd_result = status;
-		handle_list_iterator_seek(&dest, to_copy);
+
+		vm_region_write_kernel(
+			src_region,
+			src_handle_addr,
+			sizeof src_handle,
+			&src_handle,
+			NULL);
+		vm_region_write_kernel(
+			dst_region,
+			dst_handle_addr,
+			sizeof dst_handle,
+			&dst_handle,
+			NULL);
 	}
 
-	return KERN_OK;
+	for (; i < src_handles_count; i++) {
+		kern_msg_handle_t handle = {0};
+		virt_addr_t handle_addr
+			= (virt_addr_t)src_handles + (i * sizeof handle);
+		vm_region_read_kernel(
+			src_region,
+			handle_addr,
+			sizeof handle,
+			&handle,
+			NULL);
+
+		if (handle.hnd_mode != KERN_MSG_HANDLE_MOVE) {
+			continue;
+		}
+
+		struct handle *src_entry
+			= handle_table_get_handle(src, handle.hnd_value);
+		if (src_entry) {
+			object_remove_handle(src_entry->h_object);
+			handle_table_free_handle(src, handle.hnd_value);
+		}
+	}
+
+	return status;
 }

kernel/iovec.c

@@ -6,7 +6,7 @@
 static bool read_iovec(
 	struct iovec_iterator *it,
 	size_t index,
-	struct iovec *out)
+	kern_iovec_t *out)
 {
 	if (index >= it->it_nr_vecs) {
 		return false;
@@ -20,18 +20,18 @@ static bool read_iovec(
 	size_t nr_read = 0;
 	kern_status_t status = vm_region_read_kernel(
 		it->it_region,
-		(virt_addr_t)it->it_vecs + (index * sizeof(struct iovec)),
+		(virt_addr_t)it->it_vecs + (index * sizeof(kern_iovec_t)),
-		sizeof(struct iovec),
+		sizeof(kern_iovec_t),
 		out,
 		&nr_read);
 
-	return (status == KERN_OK && nr_read != sizeof(struct iovec));
+	return (status == KERN_OK && nr_read != sizeof(kern_iovec_t));
 }
 
 void iovec_iterator_begin_user(
 	struct iovec_iterator *it,
 	struct vm_region *region,
-	const struct iovec *vecs,
+	const kern_iovec_t *vecs,
 	size_t nr_vecs)
 {
 	memset(it, 0x0, sizeof *it);
@@ -39,7 +39,7 @@ void iovec_iterator_begin_user(
 	it->it_vecs = vecs;
 	it->it_nr_vecs = nr_vecs;
 
-	struct iovec iov;
+	kern_iovec_t iov;
 
 	while (it->it_vec_ptr < nr_vecs) {
 		read_iovec(it, it->it_vec_ptr, &iov);
@@ -60,7 +60,7 @@ void iovec_iterator_begin_user(
 
 void iovec_iterator_begin(
 	struct iovec_iterator *it,
-	const struct iovec *vecs,
+	const kern_iovec_t *vecs,
 	size_t nr_vecs)
 {
 	memset(it, 0x0, sizeof *it);
@@ -97,7 +97,7 @@ void iovec_iterator_seek(struct iovec_iterator *it, size_t nr_bytes)
 		}
 
 		nr_bytes -= to_seek;
-		struct iovec iov;
+		kern_iovec_t iov;
 
 		it->it_vec_ptr++;
 		while (it->it_vec_ptr < it->it_nr_vecs) {

kernel/object.c

@@ -178,6 +178,38 @@ void object_unlock_irqrestore(struct object *obj, unsigned long flags)
 	spin_unlock_irqrestore(&obj->ob_lock, flags);
 }
 
+void object_lock_pair_irqsave(
+	struct object *a,
+	struct object *b,
+	unsigned long *flags)
+{
+	if (a == b) {
+		object_lock_irqsave(a, flags);
+	} else if (a < b) {
+		object_lock_irqsave(a, flags);
+		object_lock(b);
+	} else {
+		object_lock_irqsave(b, flags);
+		object_lock(a);
+	}
+}
+
+void object_unlock_pair_irqrestore(
+	struct object *a,
+	struct object *b,
+	unsigned long flags)
+{
+	if (a == b) {
+		object_unlock_irqrestore(a, flags);
+	} else if (a < b) {
+		object_unlock(b);
+		object_unlock_irqrestore(a, flags);
+	} else {
+		object_unlock(a);
+		object_unlock_irqrestore(b, flags);
+	}
+}
+
 void *object_data(struct object *obj)
 {
 	return (char *)obj + sizeof *obj;

kernel/port.c

@@ -20,7 +20,7 @@ struct port *port_cast(struct object *obj)
 	return PORT_CAST(obj);
 }
 
-static void wait_for_reply(struct kmsg *msg, unsigned long *lock_flags)
+static void wait_for_reply(struct msg *msg, unsigned long *lock_flags)
 {
 	struct wait_item waiter;
 	struct thread *self = current_thread();
@@ -78,8 +78,8 @@ kern_status_t port_disconnect(struct port *port)
 
 kern_status_t port_send_msg(
 	struct port *port,
-	const struct msg *req,
+	const kern_msg_t *in_msg,
-	struct msg *resp,
+	kern_msg_t *out_reply,
 	unsigned long *lock_flags)
 {
 	if (port->p_status != PORT_READY) {
@@ -87,13 +87,13 @@ kern_status_t port_send_msg(
 	}
 
 	struct thread *self = current_thread();
-	struct kmsg *msg = &self->tr_msg;
+	struct msg *msg = &self->tr_msg;
 	memset(msg, 0x0, sizeof *msg);
 	msg->msg_status = KMSG_WAIT_RECEIVE;
 	msg->msg_sender_thread = self;
 	msg->msg_sender_port = port;
-	msg->msg_req = *req;
+	memcpy(&msg->msg_req, in_msg, sizeof msg->msg_req);
-	msg->msg_resp = *resp;
+	memcpy(&msg->msg_resp, out_reply, sizeof msg->msg_req);
 
 	unsigned long flags;
 	channel_lock_irqsave(port->p_remote, &flags);
@@ -103,5 +103,9 @@ kern_status_t port_send_msg(
 
 	wait_for_reply(msg, lock_flags);
 
+	channel_lock_irqsave(port->p_remote, &flags);
+	btree_delete(&port->p_remote->c_msg, &msg->msg_node);
+	channel_unlock_irqrestore(port->p_remote, flags);
+
 	return msg->msg_result;
 }

kernel/status.c

@@ -1,8 +1,9 @@
 #include <mango/status.h>
+#include <mango/types.h>
 
-#define ERROR_STRING_CASE(code) \
+#define ERROR_STRING_CASE(code)                                                \
-	case code: \
+	case code:                                                             \
-	return #code
+		return #code
 
 const char *kern_status_string(kern_status_t status)
 {

libmango/arch/x86_64/syscall.S

@@ -82,15 +82,13 @@ SYSCALL_GATE kern_handle_close SYS_KERN_HANDLE_CLOSE 1
 SYSCALL_GATE kern_config_get SYS_KERN_CONFIG_GET 3
 SYSCALL_GATE kern_config_set SYS_KERN_CONFIG_SET 3
 
-SYSCALL_GATE channel_create SYS_CHANNEL_CREATE 3
+SYSCALL_GATE channel_create SYS_CHANNEL_CREATE 2
 SYSCALL_GATE port_create SYS_PORT_CREATE 1
 SYSCALL_GATE port_connect SYS_PORT_CONNECT 3
 SYSCALL_GATE port_disconnect SYS_PORT_DISCONNECT 1
-SYSCALL_GATE msg_send SYS_MSG_SEND 4
+SYSCALL_GATE msg_send SYS_MSG_SEND 5
 SYSCALL_GATE msg_recv SYS_MSG_RECV 4
 SYSCALL_GATE msg_reply SYS_MSG_REPLY 4
-SYSCALL_GATE msg_read SYS_MSG_READ 5
+SYSCALL_GATE msg_read SYS_MSG_READ 6
-SYSCALL_GATE msg_read_handles SYS_MSG_READ_HANDLES 5
+SYSCALL_GATE msg_write SYS_MSG_WRITE 6
-SYSCALL_GATE msg_write SYS_MSG_WRITE 5
-SYSCALL_GATE msg_write_handles SYS_MSG_WRITE_HANDLES 5
 

libmango/include-user/mango/log.h

@@ -2,6 +2,7 @@
 #define MANGO_LOG_H_
 
 #include <mango/status.h>
+#include <mango/types.h>
 
 #undef TRACE
 
@@ -9,18 +10,18 @@ extern kern_status_t kern_log(const char *s);
 
 #define kern_logf(...)                                                         \
 	do {                                                                   \
-		char s[128];                                                   \
+		char __logbuf[128];                                            \
-		snprintf(s, sizeof s, __VA_ARGS__);                            \
+		snprintf(__logbuf, sizeof __logbuf, __VA_ARGS__);              \
-		kern_log(s);                                                   \
+		kern_log(__logbuf);                                            \
 	} while (0)
 
 #ifdef TRACE
 #define kern_trace(...) kern_log(__VA_ARGS__)
 #define kern_tracef(...)                                                       \
 	do {                                                                   \
-		char s[128];                                                   \
+		char __logbuf[128];                                            \
-		snprintf(s, sizeof s, __VA_ARGS__);                            \
+		snprintf(__logbuf, sizeof __logbuf, __VA_ARGS__);              \
-		kern_log(s);                                                   \
+		kern_log(__logbuf);                                            \
 	} while (0)
 #else
 #define kern_trace(...)

libmango/include-user/mango/msg.h

@@ -4,10 +4,7 @@
 #include <mango/status.h>
 #include <mango/types.h>
 
-extern kern_status_t channel_create(
+extern kern_status_t channel_create(unsigned int id, kern_handle_t *out);
-	unsigned int id,
-	channel_flags_t flags,
-	kern_handle_t *out);
 extern kern_status_t port_create(kern_handle_t *out);
 extern kern_status_t port_connect(
 	kern_handle_t port,
@@ -17,47 +14,30 @@ extern kern_status_t port_disconnect(kern_handle_t port);
 
 extern kern_status_t msg_send(
 	kern_handle_t port,
-	msg_flags_t flags,
+	const kern_msg_t *msg,
-	const struct msg *req,
+	kern_msg_t *out_response);
-	struct msg *resp);
 
-extern kern_status_t msg_recv(
+extern kern_status_t msg_recv(kern_handle_t channel, kern_msg_t *out);
-	kern_handle_t channel,
-	msg_flags_t flags,
-	msgid_t *out_id,
-	struct msg *out_msg);
 
 extern kern_status_t msg_reply(
 	kern_handle_t channel,
-	msg_flags_t flags,
 	msgid_t id,
-	const struct msg *reply);
+	const kern_msg_t *response);
 
 extern kern_status_t msg_read(
 	kern_handle_t channel,
 	msgid_t id,
 	size_t offset,
-	struct iovec *out,
+	kern_iovec_t *out,
 	size_t out_count,
 	size_t *nr_read);
-extern kern_status_t msg_read_handles(
-	kern_handle_t channel,
-	msgid_t id,
-	size_t offset,
-	struct handle_list *out,
-	size_t nr_out);
 
 extern kern_status_t msg_write(
 	kern_handle_t channel,
 	msgid_t id,
 	size_t offset,
-	const struct iovec *in,
+	const kern_iovec_t *in,
-	size_t nr_in);
+	size_t nr_in,
-extern kern_status_t msg_write_handles(
+	size_t *nr_written);
-	kern_handle_t channel,
-	msgid_t id,
-	size_t offset,
-	const struct handle_list *in,
-	size_t nr_in);
 
 #endif

libmango/include/mango/status.h

@@ -1,8 +1,6 @@
 #ifndef MANGO_STATUS_H_
 #define MANGO_STATUS_H_
 
-typedef unsigned int kern_status_t;
-
 #define KERN_OK               (0)
 #define KERN_UNIMPLEMENTED    (1)
 #define KERN_NAME_EXISTS      (2)

libmango/include/mango/syscall.h

@@ -27,9 +27,7 @@
 #define SYS_MSG_RECV                 19
 #define SYS_MSG_REPLY                20
 #define SYS_MSG_READ                 21
-#define SYS_MSG_READ_HANDLES         22
 #define SYS_MSG_WRITE                23
-#define SYS_MSG_WRITE_HANDLES        24
 #define SYS_CHANNEL_CREATE           25
 #define SYS_PORT_CREATE              26
 #define SYS_PORT_CONNECT             27

libmango/include/mango/types.h

@@ -4,35 +4,35 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#define VM_PROT_READ                       0x01u
+#define VM_PROT_READ           0x01u
-#define VM_PROT_WRITE                      0x02u
+#define VM_PROT_WRITE          0x02u
-#define VM_PROT_EXEC                       0x04u
+#define VM_PROT_EXEC           0x04u
-#define VM_PROT_USER                       0x08u
+#define VM_PROT_USER           0x08u
-#define VM_PROT_SVR                        0x10u
+#define VM_PROT_SVR            0x10u
-#define VM_PROT_NOCACHE                    0x10u
+#define VM_PROT_NOCACHE        0x10u
-#define VM_PROT_MAP_SPECIFIC               0x40u
+#define VM_PROT_MAP_SPECIFIC   0x40u
 
-/* if this flag is set, other tasks can connect to this channel using
+#define VM_REGION_ANY_OFFSET   ((off_t) - 1)
- * the port_connect_* syscalls.
+#define KERN_HANDLE_INVALID    ((kern_handle_t)0xFFFFFFFF)
- * if this flag is NOT set, only threads in the task that owns the channel
- * can create ports connecting to it. */
-#define CHANNEL_F_ALLOW_DIRECT_CONNECTIONS 0x01u
 
-/* msg_reply: once the reply has been sent, disconnect the port that sent the
+#define KERN_CFG_INVALID       0x00u
- * original message */
+#define KERN_CFG_PAGE_SIZE     0x01u
-#define MSG_F_DISCONNECT_AFTER_REPLY       0x01u
 
-#define VM_REGION_ANY_OFFSET               ((off_t) - 1)
+#define KERN_MSG_MAX_HANDLES   64
-#define KERN_HANDLE_INVALID                ((kern_handle_t)0xFFFFFFFF)
+#define KERN_MSG_HANDLE_IGNORE 0
-
+#define KERN_MSG_HANDLE_MOVE   1
-#define KERN_CFG_INVALID                   0x00u
+#define KERN_MSG_HANDLE_COPY   2
-#define KERN_CFG_PAGE_SIZE                 0x01u
 
 #define IOVEC(p, len)                                                          \
 	{                                                                      \
 		.io_base = (virt_addr_t)(p),                                   \
 		.io_len = (len),                                               \
 	}
+#define MSG_HANDLE(mode, value)                                                \
+	{                                                                      \
+		.hnd_mode = (mode),                                            \
+		.hnd_value = (value),                                          \
+	}
 #define MSG(data, data_count, handles, handles_len)                            \
 	{                                                                      \
 		.msg_data = (data),                                            \
@@ -47,30 +47,41 @@ typedef uint64_t msgid_t;
 typedef uint64_t off_t;
 typedef uint64_t koid_t;
 typedef unsigned int tid_t;
+typedef unsigned int kern_status_t;
 typedef uint32_t kern_handle_t;
 typedef uint32_t kern_config_key_t;
 typedef uint32_t vm_prot_t;
-typedef uint32_t channel_flags_t;
+typedef int64_t ssize_t;
-typedef uint32_t msg_flags_t;
 
 typedef unsigned int umode_t;
 
-struct iovec {
+typedef struct {
 	virt_addr_t io_base;
 	size_t io_len;
-};
+} kern_iovec_t;
 
-struct handle_list {
+typedef struct {
-	kern_handle_t *l_handles;
+	unsigned int hnd_mode;
-	size_t l_nr_handles;
+	kern_handle_t hnd_value;
-};
+	kern_status_t hnd_result;
+} kern_msg_handle_t;
 
-struct msg {
+typedef struct {
-	struct iovec *msg_data;
+	/* transaction id. identifies a particular request/response exchange.
+	 * used when replying to a particular message. */
+	msgid_t msg_id;
+	/* the id of the task that sent a particular message. */
+	tid_t msg_sender;
+	/* the id of the port or channel used to send a particular message. */
+	koid_t msg_endpoint;
+	/* a list of iovecs that point to the buffers that make up the main
+	 * message data. */
+	kern_iovec_t *msg_data;
 	size_t msg_data_count;
-
+	/* a list of handle entries that contain the kernel handles included
-	struct handle_list *msg_handles;
+	 * in a message. */
+	kern_msg_handle_t *msg_handles;
 	size_t msg_handles_count;
-};
+} kern_msg_t;
 
 #endif

syscall/dispatch.c

@@ -35,9 +35,7 @@ static const virt_addr_t syscall_table[] = {
 	SYSCALL_TABLE_ENTRY(MSG_RECV, msg_recv),
 	SYSCALL_TABLE_ENTRY(MSG_REPLY, msg_reply),
 	SYSCALL_TABLE_ENTRY(MSG_READ, msg_read),
-	SYSCALL_TABLE_ENTRY(MSG_READ_HANDLES, msg_read_handles),
 	SYSCALL_TABLE_ENTRY(MSG_WRITE, msg_write),
-	SYSCALL_TABLE_ENTRY(MSG_WRITE_HANDLES, msg_write_handles),
 };
 static const size_t syscall_table_count
 	= sizeof syscall_table / sizeof syscall_table[0];

syscall/log.c

@@ -4,6 +4,6 @@
 kern_status_t sys_kern_log(const char *s)
 {
 	struct task *task = current_task();
-	printk("%s: %s", task->t_name, s);
+	printk("%s[%d]: %s", task->t_name, task->t_id, s);
 	return KERN_OK;
 }

syscall/msg.c

@@ -5,10 +5,7 @@
 #include <kernel/syscall.h>
 #include <kernel/vm-region.h>
 
-kern_status_t sys_channel_create(
+kern_status_t sys_channel_create(unsigned int id, kern_handle_t *out)
-	unsigned int id,
-	channel_flags_t flags,
-	kern_handle_t *out)
 {
 	struct task *self = current_task();
 	if (!validate_access_w(self, out, sizeof *out)) {
@@ -164,13 +161,17 @@ kern_status_t sys_port_disconnect(kern_handle_t port_handle)
 
 static bool validate_iovec(
 	struct task *task,
-	const struct iovec *iov,
+	const kern_iovec_t *iov,
 	size_t count,
 	bool rw)
 {
+	if (!validate_access_r(task, iov, count * sizeof(*iov))) {
+		return false;
+	}
+
 	for (size_t i = 0; i < count; i++) {
 		bool ok = false;
-		const struct iovec *vec = &iov[i];
+		const kern_iovec_t *vec = &iov[i];
 		if (rw) {
 			ok = validate_access_w(task, vec->io_base, vec->io_len);
 		} else {
@@ -185,25 +186,20 @@ static bool validate_iovec(
 	return true;
 }
 
-static bool validate_msg(struct task *task, const struct msg *msg, bool rw)
+static bool validate_msg(struct task *task, const kern_msg_t *msg, bool rw)
 {
-	if (!validate_access_r(task, msg, sizeof *msg)) {
+	if (!msg) {
 		return false;
 	}
 
-	if (msg->msg_data_count
+	vm_prot_t flags;
-	    && !validate_access_r(
+	if (rw) {
-		    task,
+		flags = VM_PROT_WRITE | VM_PROT_USER;
-		    msg->msg_data,
+	} else {
-		    sizeof(struct iovec) * msg->msg_data_count)) {
+		flags = VM_PROT_READ | VM_PROT_USER;
-		return false;
 	}
 
-	if (msg->msg_handles_count
+	if (!validate_access(task, msg, sizeof *msg, flags)) {
-	    && !validate_access_r(
-		    task,
-		    msg->msg_handles,
-		    sizeof(struct handle_list) * msg->msg_handles_count)) {
 		return false;
 	}
 
@@ -211,24 +207,14 @@ static bool validate_msg(struct task *task, const struct msg *msg, bool rw)
 		return false;
 	}
 
-	for (size_t i = 0; i < msg->msg_handles_count; i++) {
+	size_t handle_buffer_len
-		bool ok = false;
+		= msg->msg_handles_count * sizeof(*msg->msg_handles);
-		const struct handle_list *list = &msg->msg_handles[i];
+	if (!validate_access(
-		if (rw) {
+		    task,
-			ok = validate_access_w(
+		    msg->msg_handles,
-				task,
+		    handle_buffer_len,
-				list->l_handles,
+		    flags)) {
-				list->l_nr_handles * sizeof(kern_handle_t));
+		return false;
-		} else {
-			ok = validate_access_r(
-				task,
-				list->l_handles,
-				list->l_nr_handles * sizeof(kern_handle_t));
-		}
-
-		if (!ok) {
-			return false;
-		}
 	}
 
 	return true;
@@ -236,17 +222,16 @@ static bool validate_msg(struct task *task, const struct msg *msg, bool rw)
 
 kern_status_t sys_msg_send(
 	kern_handle_t port_handle,
-	msg_flags_t msg_flags,
+	const kern_msg_t *msg,
-	const struct msg *req,
+	kern_msg_t *out_reply)
-	struct msg *resp)
 {
 	struct task *self = current_task();
 
-	if (!validate_msg(self, req, false)) {
+	if (!validate_msg(self, msg, false)) {
 		return KERN_MEMORY_FAULT;
 	}
 
-	if (!validate_msg(self, resp, true)) {
+	if (!validate_msg(self, out_reply, true)) {
 		return KERN_MEMORY_FAULT;
 	}
 
@@ -277,25 +262,17 @@ kern_status_t sys_msg_send(
 	}
 
 	port_lock_irqsave(port, &flags);
-	status = port_send_msg(port, req, resp, &flags);
+	status = port_send_msg(port, msg, out_reply, &flags);
 	port_unlock_irqrestore(port, flags);
 	object_unref(port_obj);
 
 	return status;
 }
 
-kern_status_t sys_msg_recv(
+kern_status_t sys_msg_recv(kern_handle_t channel_handle, kern_msg_t *out_msg)
-	kern_handle_t channel_handle,
-	msg_flags_t msg_flags,
-	msgid_t *out_id,
-	struct msg *out_msg)
 {
 	struct task *self = current_task();
 
-	if (!validate_access_w(self, out_id, sizeof *out_id)) {
-		return KERN_MEMORY_FAULT;
-	}
-
 	if (!validate_msg(self, out_msg, true)) {
 		return KERN_MEMORY_FAULT;
 	}
@@ -327,7 +304,7 @@ kern_status_t sys_msg_recv(
 	}
 
 	channel_lock_irqsave(channel, &flags);
-	status = channel_recv_msg(channel, out_msg, out_id, &flags);
+	status = channel_recv_msg(channel, out_msg, &flags);
 	channel_unlock_irqrestore(channel, flags);
 	object_unref(channel_obj);
 
@@ -336,13 +313,12 @@ kern_status_t sys_msg_recv(
 
 kern_status_t sys_msg_reply(
 	kern_handle_t channel_handle,
-	msg_flags_t msg_flags,
 	msgid_t id,
-	const struct msg *reply)
+	const kern_msg_t *reply)
 {
 	struct task *self = current_task();
 
-	if (!validate_msg(self, reply, false)) {
+	if (!validate_msg(self, reply, true)) {
 		return KERN_MEMORY_FAULT;
 	}
 
@@ -384,12 +360,20 @@ kern_status_t sys_msg_read(
 	kern_handle_t channel_handle,
 	msgid_t id,
 	size_t offset,
-	const struct iovec *iov,
+	const kern_iovec_t *iov,
 	size_t iov_count,
 	size_t *nr_read)
 {
 	struct task *self = current_task();
 
+	if (nr_read && !validate_access_w(self, nr_read, sizeof *nr_read)) {
+		return KERN_MEMORY_FAULT;
+	}
+
+	if (!validate_iovec(self, iov, iov_count, true)) {
+		return KERN_MEMORY_FAULT;
+	}
+
 	unsigned long flags;
 
 	task_lock_irqsave(self, &flags);
@@ -417,7 +401,6 @@ kern_status_t sys_msg_read(
 	}
 
 	channel_lock_irqsave(channel, &flags);
-	vm_region_lock(self->t_address_space);
 	status = channel_read_msg(
 		channel,
 		id,
@@ -426,39 +409,68 @@ kern_status_t sys_msg_read(
 		iov,
 		iov_count,
 		nr_read);
-	vm_region_unlock(self->t_address_space);
 	channel_unlock_irqrestore(channel, flags);
 	object_unref(channel_obj);
 
 	return status;
 }
 
-kern_status_t sys_msg_read_handles(
-	kern_handle_t channel,
-	msgid_t id,
-	size_t offset,
-	struct handle_list *out,
-	size_t nr_out)
-{
-	return KERN_UNIMPLEMENTED;
-}
-
 kern_status_t sys_msg_write(
-	kern_handle_t channel,
+	kern_handle_t channel_handle,
 	msgid_t id,
 	size_t offset,
-	const struct iovec *in,
+	const kern_iovec_t *iov,
-	size_t nr_in)
+	size_t iov_count,
+	size_t *nr_written)
 {
-	return KERN_UNIMPLEMENTED;
+	struct task *self = current_task();
-}
 
-kern_status_t sys_msg_write_handles(
+	if (nr_written
-	kern_handle_t channel,
+	    && !validate_access_w(self, nr_written, sizeof *nr_written)) {
-	msgid_t id,
+		return KERN_MEMORY_FAULT;
-	size_t offset,
+	}
-	const struct handle_list *in,
+
-	size_t nr_in)
+	if (!validate_iovec(self, iov, iov_count, false)) {
-{
+		return KERN_MEMORY_FAULT;
-	return KERN_UNIMPLEMENTED;
+	}
+
+	unsigned long flags;
+
+	task_lock_irqsave(self, &flags);
+
+	struct object *channel_obj = NULL;
+	handle_flags_t channel_handle_flags = 0;
+	kern_status_t status = task_resolve_handle(
+		self,
+		channel_handle,
+		&channel_obj,
+		&channel_handle_flags);
+	if (status != KERN_OK) {
+		return status;
+	}
+
+	/* add a reference to the port object to make sure it isn't deleted
+	 * while we're using it */
+	object_ref(channel_obj);
+	task_unlock_irqrestore(self, flags);
+
+	struct channel *channel = channel_cast(channel_obj);
+	if (!channel) {
+		object_unref(channel_obj);
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	channel_lock_irqsave(channel, &flags);
+	status = channel_write_msg(
+		channel,
+		id,
+		offset,
+		self->t_address_space,
+		iov,
+		iov_count,
+		nr_written);
+	channel_unlock_irqrestore(channel, flags);
+	object_unref(channel_obj);
+
+	return status;
 }

syscall/task.c

@@ -6,9 +6,10 @@
 
 extern kern_status_t sys_task_exit(int status)
 {
+	struct task *self = current_task();
+	printk("%s[%d]: task_exit(%d)", self->t_name, self->t_id, status);
 	while (1) {
-		printk("sys_exit(%d)", status);
+		milli_sleep(5000);
-		milli_sleep(1000);
 	}
 
 	return KERN_UNIMPLEMENTED;

vm/vm-region.c

@@ -36,6 +36,15 @@
 	region_find_free_area_linear(region, length)
 #endif
 
+#define unlock_mapping_parent(p, root)                                         \
+	do {                                                                   \
+		struct vm_region *parent                                       \
+			= region_from_entry(p->m_entry.e_parent);              \
+		if (parent != root) {                                          \
+			vm_region_unlock(parent);                              \
+		}                                                              \
+	} while (0)
+
 /* iterates over a range of mapped virtual memory in a region, and provides
  * a moving buffer through which the memory can be accessed */
 struct vm_iterator {
@@ -296,12 +305,13 @@ static struct vm_region *region_get_child_region_recursive(
  * this function should be called with `region` locked. if a mapping is found,
  * it will be returned with its immediate parent locked. */
 static struct vm_region_mapping *region_get_mapping_recursive(
-	struct vm_region *region,
+	struct vm_region *root,
 	off_t *offp,
 	size_t len)
 {
 	off_t offset = *offp;
-	region = region_get_child_region_recursive(region, &offset, len);
+	struct vm_region *region
+		= region_get_child_region_recursive(root, &offset, len);
 	if (!region) {
 		return NULL;
 	}
@@ -311,6 +321,14 @@ static struct vm_region_mapping *region_get_mapping_recursive(
 	struct vm_region_entry *entry = region_get_entry(region, offset, len);
 	*offp = offset;
 
+	if (!entry) {
+		if (region != root) {
+			vm_region_unlock(region);
+		}
+
+		return NULL;
+	}
+
 	/* return the mapping with the parent region still locked */
 	return mapping_from_entry(entry);
 }
@@ -593,7 +611,12 @@ static void vm_iterator_begin(
 
 	off_t offset = base - vm_region_get_base_address(region);
 	it->it_mapping = region_get_mapping_recursive(region, &offset, 1);
-	if (!it->it_mapping || (it->it_mapping->m_prot & prot) != prot) {
+	if (!it->it_mapping) {
+		return;
+	}
+
+	if ((it->it_mapping->m_prot & prot) != prot) {
+		unlock_mapping_parent(it->it_mapping, region);
 		return;
 	}
 
@@ -612,6 +635,7 @@ static void vm_iterator_begin(
 	}
 
 	if (!pg) {
+		unlock_mapping_parent(it->it_mapping, region);
 		return;
 	}
 
@@ -643,15 +667,6 @@ static void vm_iterator_begin(
 
 static kern_status_t vm_iterator_seek(struct vm_iterator *it, size_t nr_bytes)
 {
-#define UNLOCK_MAPPING_PARENT(p)                                               \
-	do {                                                                   \
-		struct vm_region *parent                                       \
-			= region_from_entry(p->m_entry.e_parent);              \
-		if (parent != it->it_region) {                                 \
-			vm_region_unlock(parent);                              \
-		}                                                              \
-	} while (0)
-
 	if (nr_bytes < it->it_max) {
 		it->it_base += nr_bytes;
 		it->it_buf = (char *)it->it_buf + nr_bytes;
@@ -661,7 +676,7 @@ static kern_status_t vm_iterator_seek(struct vm_iterator *it, size_t nr_bytes)
 
 	/* the parent region of it->it_mapping is locked here. if it is
 	 * different from it->it_region, it must be unlocked */
-	UNLOCK_MAPPING_PARENT(it->it_mapping);
+	unlock_mapping_parent(it->it_mapping, it->it_region);
 
 	it->it_base += nr_bytes;
 	off_t offset = it->it_base - vm_region_get_base_address(it->it_region);
@@ -674,13 +689,13 @@ static kern_status_t vm_iterator_seek(struct vm_iterator *it, size_t nr_bytes)
 		return KERN_MEMORY_FAULT;
 	}
 
-	/* past this point, if we encounter an error, must remember to unlock
+	/* past this point, if we encounter an error, must remember to
-	 * the parent region of next_mapping */
+	 * unlock the parent region of next_mapping */
 
 	if ((next_mapping->m_prot & it->it_prot) != it->it_prot) {
 		it->it_buf = NULL;
 		it->it_max = 0;
-		UNLOCK_MAPPING_PARENT(next_mapping);
+		unlock_mapping_parent(next_mapping, it->it_region);
 		return KERN_MEMORY_FAULT;
 	}
 
@@ -699,7 +714,7 @@ static kern_status_t vm_iterator_seek(struct vm_iterator *it, size_t nr_bytes)
 	}
 
 	if (!pg) {
-		UNLOCK_MAPPING_PARENT(next_mapping);
+		unlock_mapping_parent(next_mapping, it->it_region);
 		return KERN_NO_MEMORY;
 	}
 
@@ -730,9 +745,20 @@ static kern_status_t vm_iterator_seek(struct vm_iterator *it, size_t nr_bytes)
 	return KERN_OK;
 }
 
-/* this function must be called with `root` locked. `root` will be the first
+/* this function must be called when you are finished with a
- * entry visited by the iterator. from there, child entries are visited in
+ * vm_iterator, to ensure that all held locks are released. */
- * depth-first order. */
+static void vm_iterator_finish(struct vm_iterator *it)
+{
+	if (it->it_mapping) {
+		unlock_mapping_parent(it->it_mapping, it->it_region);
+	}
+
+	memset(it, 0x0, sizeof *it);
+}
+
+/* this function must be called with `root` locked. `root` will be the
+ * first entry visited by the iterator. from there, child entries are
+ * visited in depth-first order. */
 static void entry_iterator_begin(
 	struct entry_iterator *it,
 	struct vm_region *root)
@@ -742,8 +768,8 @@ static void entry_iterator_begin(
 	it->it_entry = &root->vr_entry;
 }
 
-/* this function must be called when you are finished with an entry_iterator,
+/* this function must be called when you are finished with an
- * to ensure that all held locks are released. */
+ * entry_iterator, to ensure that all held locks are released. */
 static void entry_iterator_finish(struct entry_iterator *it)
 {
 	struct vm_region_entry *cur = it->it_entry;
@@ -771,10 +797,10 @@ static void entry_iterator_finish(struct entry_iterator *it)
 /* move to the next entry in the traversal order.
  * when this function returns:
  *   1. if the visited entry is a region, it will be locked.
- *   2. if the visited entry is a mapping, its parent region will be locked.
+ *   2. if the visited entry is a mapping, its parent region will be
- * a region will remain locked until all of its children and n-grand-children
+ * locked. a region will remain locked until all of its children and
- * have been visited. once iteration is finished, only `it->it_root` will be
+ * n-grand-children have been visited. once iteration is finished, only
- * locked.
+ * `it->it_root` will be locked.
  */
 static void entry_iterator_move_next(struct entry_iterator *it)
 {
@@ -791,8 +817,9 @@ static void entry_iterator_move_next(struct entry_iterator *it)
 		if (entry->e_type == VM_REGION_ENTRY_REGION) {
 			struct vm_region *child_region
 				= region_from_entry(entry);
-			/* since `region` is locked, interrupts are already
+			/* since `region` is locked, interrupts are
-			 * disabled, so don't use lock_irq() here */
+			 * already disabled, so don't use lock_irq()
+			 * here */
 			vm_region_lock(child_region);
 		}
 
@@ -839,8 +866,9 @@ static void entry_iterator_move_next(struct entry_iterator *it)
 	}
 }
 
-/* erase the current entry and move to the next entry in the traversal order.
+/* erase the current entry and move to the next entry in the traversal
- * the current entry MUST be a mapping, otherwise nothing will happen.
+ * order. the current entry MUST be a mapping, otherwise nothing will
+ * happen.
  */
 static void entry_iterator_erase(struct entry_iterator *it)
 {
@@ -999,7 +1027,8 @@ struct vm_region *vm_region_cast(struct object *obj)
 	return VM_REGION_CAST(obj);
 }
 
-/* this function should be called with `parent` locked (if parent is non-NULL)
+/* this function should be called with `parent` locked (if parent is
+ * non-NULL)
  */
 kern_status_t vm_region_create(
 	struct vm_region *parent,
@@ -1088,9 +1117,9 @@ kern_status_t vm_region_kill(
 			= region_from_entry(region->vr_entry.e_parent);
 		region->vr_entry.e_parent = NULL;
 
-		/* locks must be acquired in parent->child order. since we're
+		/* locks must be acquired in parent->child order. since
-		 * going backwards here, unlock `region` before locking its
+		 * we're going backwards here, unlock `region` before
-		 * parent */
+		 * locking its parent */
 		vm_region_unlock_irqrestore(region, *lock_flags);
 		vm_region_lock_irqsave(parent, lock_flags);
 		btree_delete(&parent->vr_entries, &region->vr_entry.e_node);
@@ -1175,8 +1204,8 @@ kern_status_t vm_region_map_object(
 			root,
 			&region_offset,
 			length);
-		/* if `region` != `root`, it will need to be unlocked at the end
+		/* if `region` != `root`, it will need to be unlocked at
-		 * of the function */
+		 * the end of the function */
 	}
 
 	if (region->vr_status != VM_REGION_ONLINE) {
@@ -1257,8 +1286,8 @@ kern_status_t vm_region_map_object(
 	return KERN_OK;
 }
 
-/* unmap some pages in the middle of a mapping, splitting it into two separate
+/* unmap some pages in the middle of a mapping, splitting it into two
- * mappings */
+ * separate mappings */
 static kern_status_t split_mapping(
 	struct vm_region_mapping *mapping,
 	struct vm_region *root,
@@ -1488,7 +1517,8 @@ kern_status_t vm_region_unmap(
 				unmap_area_offset,
 				unmap_area_limit);
 		} else {
-			panic("don't know what to do with this mapping");
+			panic("don't know what to do with this "
+			      "mapping");
 		}
 
 		if (delete) {
@@ -1557,15 +1587,18 @@ bool vm_region_validate_access(
 			return false;
 		}
 
-		if ((mapping->m_prot & prot) != prot) {
+		bool ok = (mapping->m_prot & prot) == prot;
-			return false;
-		}
 
 		struct vm_region *parent
 			= region_from_entry(mapping->m_entry.e_parent);
+
 		if (parent != region) {
 			vm_region_unlock(parent);
 		}
+
+		if (!ok) {
+			return false;
+		}
 	}
 
 	return true;
@@ -1671,6 +1704,8 @@ kern_status_t vm_region_read_kernel(
 		dest += to_move;
 	}
 
+	vm_iterator_finish(&src);
+
 	if (nr_read) {
 		*nr_read = r;
 	}
@@ -1678,6 +1713,52 @@ kern_status_t vm_region_read_kernel(
 	return status;
 }
 
+kern_status_t vm_region_write_kernel(
+	struct vm_region *dst_region,
+	virt_addr_t dst_ptr,
+	size_t count,
+	const void *srcp,
+	size_t *nr_written)
+{
+	if (dst_region->vr_status != VM_REGION_ONLINE) {
+		return KERN_BAD_STATE;
+	}
+
+	struct vm_iterator dst;
+	const char *src = srcp;
+
+	vm_iterator_begin(
+		&dst,
+		dst_region,
+		dst_ptr,
+		VM_PROT_WRITE | VM_PROT_USER);
+
+	kern_status_t status = KERN_OK;
+	size_t r = 0;
+
+	while (r < count && dst.it_max) {
+		size_t remaining = count - r;
+		size_t to_move = MIN(dst.it_max, remaining);
+		memmove(dst.it_buf, src, to_move);
+
+		status = vm_iterator_seek(&dst, to_move);
+		if (status != KERN_OK) {
+			break;
+		}
+
+		r += to_move;
+		src += to_move;
+	}
+
+	vm_iterator_finish(&dst);
+
+	if (nr_written) {
+		*nr_written = r;
+	}
+
+	return status;
+}
+
 kern_status_t vm_region_memmove(
 	struct vm_region *dest_region,
 	virt_addr_t dest_ptr,
@@ -1727,6 +1808,9 @@ kern_status_t vm_region_memmove(
 		r += to_move;
 	}
 
+	vm_iterator_finish(&src);
+	vm_iterator_finish(&dest);
+
 	if (nr_moved) {
 		*nr_moved = r;
 	}
@@ -1737,11 +1821,11 @@ kern_status_t vm_region_memmove(
 extern kern_status_t vm_region_memmove_v(
 	struct vm_region *dest_region,
 	size_t dest_offset,
-	const struct iovec *dest_vecs,
+	const kern_iovec_t *dest_vecs,
 	size_t nr_dest_vecs,
 	struct vm_region *src_region,
 	size_t src_offset,
-	const struct iovec *src_vecs,
+	const kern_iovec_t *src_vecs,
 	size_t nr_src_vecs,
 	size_t bytes_to_move,
 	size_t *nr_bytes_moved)