vm: implement demand-paging via userspace services with vm-controller

interrupts will need to be enable to allow for requesting missing pages from userspace
services.

arch/x86_64/asm-offset.c

@@ -1,10 +1,11 @@
-#include <kernel/sched.h>
 #include <kernel/compiler.h>
+#include <kernel/sched.h>
+#include <kernel/thread.h>
 
-//size_t THREAD_sp = offsetof(struct thread, tr_sp);
+// size_t THREAD_sp = offsetof(struct thread, tr_sp);
 
-/* Use %a0 instead of %0 to prevent gcc from emitting a $ before the symbol value
-   in the generated assembly.
+/* Use %a0 instead of %0 to prevent gcc from emitting a $ before the symbol
+   value in the generated assembly.
 
    emitting
      .set TASK_sp, $56
@@ -16,10 +17,13 @@
 */
 
 #define DEFINE(sym, val)                                                       \
-	asm volatile("\n.global " #sym "\n.type " #sym ", @object" "\n.set " #sym ", %a0" : : "i" (val))
+	asm volatile("\n.global " #sym "\n.type " #sym                         \
+	             ", @object"                                               \
+	             "\n.set " #sym ", %a0"                                    \
+	             :                                                         \
+	             : "i"(val))
 
-#define OFFSET(sym, str, mem) \
-	DEFINE(sym, offsetof(str, mem))
+#define OFFSET(sym, str, mem) DEFINE(sym, offsetof(str, mem))
 
 static void __used common(void)
 {

arch/x86_64/include/kernel/machine/random.h

@@ -0,0 +1,10 @@
+#ifndef KERNEL_X86_64_RANDOM_H_
+#define KERNEL_X86_64_RANDOM_H_
+
+#include <stdbool.h>
+#include <stdint.h>
+
+extern bool ml_hwrng_available(void);
+extern uint64_t ml_hwrng_generate(void);
+
+#endif

arch/x86_64/init.c

@@ -10,12 +10,14 @@
 #include <kernel/init.h>
 #include <kernel/libc/stdio.h>
 #include <kernel/machine/cpu.h>
+#include <kernel/machine/random.h>
 #include <kernel/memblock.h>
 #include <kernel/object.h>
 #include <kernel/percpu.h>
 #include <kernel/pmap.h>
 #include <kernel/printk.h>
 #include <kernel/types.h>
+#include <kernel/util.h>
 #include <kernel/vm.h>
 
 #define PTR32(x)            ((void *)((uintptr_t)(x)))
@@ -123,6 +125,18 @@ int ml_init(uintptr_t arg)
 		reserve_end = bsp.mod_base + bsp.mod_size;
 	}
 
+	if (ml_hwrng_available()) {
+		printk("cpu: ardware RNG available");
+		uint64_t seed = ml_hwrng_generate();
+		printk("cpu: RNG seed=%zx", seed);
+		init_random(seed);
+	} else {
+		printk("cpu: hardware RNG unavailable");
+		uint64_t seed = 0xeddc4c8a679dc23f;
+		printk("cpu: RNG seed=%zx", seed);
+		init_random(seed);
+	}
+
 	early_vm_init(reserve_end);
 
 	e820_scan(PTR32(mb->mmap_addr), mb->mmap_length);

arch/x86_64/irq.c

@@ -97,7 +97,9 @@ static void pf_handler(struct ml_cpu_context *regs)
 
 	virt_addr_t fault_ptr = pf_faultptr();
 
+	ml_int_enable();
 	kern_status_t status = pmap_handle_fault(fault_ptr, fault_flags);
+	ml_int_disable();
 
 	if (status == KERN_OK) {
 		return;

arch/x86_64/panic.c

@@ -1,8 +1,11 @@
 #include <arch/irq.h>
+#include <kernel/address-space.h>
 #include <kernel/libc/stdio.h>
 #include <kernel/machine/cpu.h>
 #include <kernel/machine/panic.h>
 #include <kernel/printk.h>
+#include <kernel/sched.h>
+#include <kernel/task.h>
 #include <kernel/vm.h>
 
 #define R_CF  0
@@ -166,36 +169,64 @@ static void print_stack_item(uintptr_t addr)
 	printk("%s", buf);
 }
 
-static void print_stack_trace(uintptr_t ip, uintptr_t *bp)
+static bool read_stack_frame(
+	struct address_space *space,
+	uintptr_t bp,
+	struct stack_frame *out)
 {
-	struct stack_frame *stk = (struct stack_frame *)bp;
+	if (bp >= VM_PAGEMAP_BASE) {
+		*out = *(struct stack_frame *)out;
+		return true;
+	}
+
+	if (!space) {
+		return false;
+	}
+
+	size_t tmp;
+	kern_status_t status
+		= address_space_read(space, bp, sizeof *out, out, &tmp);
+	return status == KERN_OK;
+}
+
+static void print_stack_trace(
+	struct address_space *space,
+	uintptr_t ip,
+	uintptr_t bp)
+{
+	struct stack_frame stk;
+	if (!read_stack_frame(space, bp, &stk)) {
+		return;
+	}
 	printk("call trace:");
 
 	print_stack_item(ip);
 
 	int max_frames = 10, current_frame = 0;
-	while (1) {
-		if (!vm_virt_to_phys(stk) || bp == NULL
-		    || current_frame > max_frames) {
-			break;
-		}
-
-		uintptr_t addr = stk->rip;
+	while (current_frame < max_frames) {
+		uintptr_t addr = stk.rip;
 		print_stack_item(addr);
 
-		stk = (struct stack_frame *)stk->rbp;
+		bp = stk.rbp;
+		if (!read_stack_frame(space, bp, &stk)) {
+			break;
+		}
 		current_frame++;
 	}
 }
 
 void ml_print_stack_trace(uintptr_t ip)
 {
-	uintptr_t *bp;
+	struct task *task = current_task();
+	struct address_space *space = task ? task->t_address_space : NULL;
+	uintptr_t bp;
 	asm volatile("mov %%rbp, %0" : "=r"(bp));
-	print_stack_trace(ip, bp);
+	print_stack_trace(space, ip, bp);
 }
 
 void ml_print_stack_trace_irq(struct ml_cpu_context *ctx)
 {
-	print_stack_trace(ctx->rip, (uintptr_t *)ctx->rbp);
+	struct task *task = current_task();
+	struct address_space *space = task ? task->t_address_space : NULL;
+	print_stack_trace(space, ctx->rip, ctx->rbp);
 }

arch/x86_64/pmap.c

@@ -1,12 +1,13 @@
+#include <kernel/address-space.h>
 #include <kernel/compiler.h>
 #include <kernel/libc/stdio.h>
 #include <kernel/memblock.h>
 #include <kernel/pmap.h>
 #include <kernel/printk.h>
 #include <kernel/sched.h>
+#include <kernel/task.h>
 #include <kernel/types.h>
 #include <kernel/vm-object.h>
-#include <kernel/vm-region.h>
 #include <kernel/vm.h>
 #include <mango/status.h>
 
@@ -362,14 +363,17 @@ kern_status_t pmap_handle_fault(
 	}
 
 	struct task *task = current_task();
-	struct vm_region *space = task->t_address_space;
+	if (!task) {
+		return KERN_FATAL_ERROR;
+	}
 
-	unsigned long lock_flags;
-	vm_region_lock_irqsave(space, &lock_flags);
-	kern_status_t status = vm_region_demand_map(space, fault_addr, flags);
-	vm_region_unlock_irqrestore(space, lock_flags);
+	struct address_space *space = task->t_address_space;
+	if (!space) {
+		return KERN_FATAL_ERROR;
+	}
 
-	return status;
+	/* this must be called with `space` unlocked. */
+	return address_space_demand_map(space, fault_addr, flags);
 }
 
 kern_status_t pmap_add(

arch/x86_64/random.S

@@ -0,0 +1,43 @@
+.code64
+
+.global ml_hwrng_available
+.type ml_hwrng_available, @function
+
+ml_hwrng_available:
+	push %rbp
+	mov %rsp, %rbp
+	push %rbx
+	push %rdx
+
+	mov $1, %eax
+	mov $0, %ecx
+
+	cpuid
+
+	shr $30, %ecx
+	and $1, %ecx
+	mov %ecx, %eax
+
+	pop %rdx
+	pop %rbx
+	pop %rbp
+	ret
+
+.global ml_hwrng_generate
+.type ml_hwrng_generate, @function
+
+ml_hwrng_generate:
+	push %rbp
+	mov %rsp, %rbp
+
+	mov $100, %rcx
+.retry:
+	rdrand %rax
+	jc .done
+	loop .retry
+
+.fail:
+	mov $0, %rax
+.done:
+	pop %rbp
+	ret

ds/ringbuffer.c

@@ -1,5 +1,6 @@
 #include <kernel/ringbuffer.h>
 #include <kernel/sched.h>
+#include <kernel/vm.h>
 
 size_t ringbuffer_unread(struct ringbuffer *ring_buffer)
 {
@@ -45,7 +46,11 @@ static inline void increment_write(struct ringbuffer *ring_buffer)
 	}
 }
 
-size_t ringbuffer_read(struct ringbuffer *ring_buffer, size_t size, void *p, mango_flags_t flags)
+size_t ringbuffer_read(
+	struct ringbuffer *ring_buffer,
+	size_t size,
+	void *p,
+	mango_flags_t flags)
 {
 	if (!ring_buffer) {
 		return 0;
@@ -58,7 +63,9 @@ size_t ringbuffer_read(struct ringbuffer *ring_buffer, size_t size, void *p, man
 	while (collected < size) {
 		spin_lock_irqsave(&ring_buffer->r_lock, &lock_flags);
 		while (ringbuffer_unread(ring_buffer) > 0 && collected < size) {
-			buffer[collected] = ring_buffer->r_buffer[ring_buffer->r_read_ptr];
+			buffer[collected]
+				= ring_buffer
+			                  ->r_buffer[ring_buffer->r_read_ptr];
 			increment_read(ring_buffer);
 			collected++;
 		}
@@ -66,7 +73,9 @@ size_t ringbuffer_read(struct ringbuffer *ring_buffer, size_t size, void *p, man
 		wakeup_queue(&ring_buffer->r_wait_writers);
 
 		if (flags & S_NOBLOCK) {
-			spin_unlock_irqrestore(&ring_buffer->r_lock, lock_flags);
+			spin_unlock_irqrestore(
+				&ring_buffer->r_lock,
+				lock_flags);
 			break;
 		}
 
@@ -86,7 +95,11 @@ size_t ringbuffer_read(struct ringbuffer *ring_buffer, size_t size, void *p, man
 	return collected;
 }
 
-size_t ringbuffer_write(struct ringbuffer *ring_buffer, size_t size, const void *p, mango_flags_t flags)
+size_t ringbuffer_write(
+	struct ringbuffer *ring_buffer,
+	size_t size,
+	const void *p,
+	mango_flags_t flags)
 {
 	if (!ring_buffer || !size) {
 		return 0;
@@ -100,7 +113,8 @@ size_t ringbuffer_write(struct ringbuffer *ring_buffer, size_t size, const void
 		spin_lock_irqsave(&ring_buffer->r_lock, &lock_flags);
 
 		while (ringbuffer_avail(ring_buffer) > 0 && written < size) {
-			ring_buffer->r_buffer[ring_buffer->r_write_ptr] = buffer[written];
+			ring_buffer->r_buffer[ring_buffer->r_write_ptr]
+				= buffer[written];
 			increment_write(ring_buffer);
 			written++;
 		}
@@ -108,7 +122,9 @@ size_t ringbuffer_write(struct ringbuffer *ring_buffer, size_t size, const void
 		wakeup_queue(&ring_buffer->r_wait_readers);
 
 		if (flags & S_NOBLOCK) {
-			spin_unlock_irqrestore(&ring_buffer->r_lock, lock_flags);
+			spin_unlock_irqrestore(
+				&ring_buffer->r_lock,
+				lock_flags);
 			break;
 		}
 

include/kernel/address-space.h

@@ -0,0 +1,163 @@
+#ifndef KERNEL_ADDRESS_SPACE_H_
+#define KERNEL_ADDRESS_SPACE_H_
+
+#include <kernel/object.h>
+#include <kernel/pmap.h>
+#include <kernel/vm.h>
+
+#define ADDRESS_SPACE_COPY_ALL ((size_t)-1)
+
+struct address_space;
+struct vm_object;
+
+struct vm_area {
+	/* the vm-object mapped into this area.
+	 * if this is NULL, the vm_area represents an area of reserved memory.
+	 * it cannot be accessed, and mapping operations with MAP_ADDRESS_ANY
+	 * will avoid the area, but fixed address mappings in this area
+	 * will succeed. */
+	struct vm_object *vma_object;
+	/* used to link to vm_object->vo_mappings */
+	struct queue_entry vma_object_entry;
+	/* the memory protection flags applied to this area */
+	vm_prot_t vma_prot;
+	/* offset in bytes to the start of the object data that was mapped */
+	off_t vma_object_offset;
+	/* used to link to address_space->s_mappings */
+	struct btree_node vma_node;
+	/* address of the first byte in this area */
+	virt_addr_t vma_base;
+	/* address of the last byte in this area */
+	virt_addr_t vma_limit;
+};
+
+struct address_space {
+	struct object s_base;
+
+	/* address of the first byte in this address space */
+	virt_addr_t s_base_address;
+	/* address of the last byte in this address space */
+	virt_addr_t s_limit_address;
+
+	/* btree of struct vm_area representing mapped vm-objects.
+	 * sibling entries cannot overlap each other. */
+	struct btree s_mappings;
+	/* btree of struct vm_area representing reserved regions of the
+	 * address space.
+	 * reserved regions will not be automatically allocated by the kernel.
+	 * sibling entries cannot overlap each other.
+	 * overlap between s_mappings and s_reserved IS allowed. */
+	struct btree s_reserved;
+
+	/* the corresponding physical address space */
+	pmap_t s_pmap;
+};
+
+extern kern_status_t address_space_type_init(void);
+extern struct address_space *address_space_cast(struct object *obj);
+
+/* create a new vm-region, optionally within a parent region.
+ * `offset` is the byte offset within the parent region where the new region
+ * should start.
+ * if no parent is specified, `offset` is the absolute virtual address of the
+ * start of the region.
+ * in both cases, `len` is the length of the new region in bytes. */
+extern kern_status_t address_space_create(
+	virt_addr_t base,
+	virt_addr_t limit,
+	struct address_space **out);
+
+/* map a vm-object into a vm-region.
+ * [region_offset,length] must fall within exactly one region, and cannot span
+ * multiple sibling regions.
+ * if [region_offset,length] falls within a child region, the map operation
+ * will be transparently redirected to the relevant region.
+ * `prot` must be allowed both by the region into which the mapping is being
+ * created AND the vm-object being mapped. */
+extern kern_status_t address_space_map(
+	struct address_space *space,
+	virt_addr_t map_address,
+	struct vm_object *object,
+	off_t object_offset,
+	size_t length,
+	vm_prot_t prot,
+	virt_addr_t *out);
+extern kern_status_t address_space_unmap(
+	struct address_space *region,
+	virt_addr_t base,
+	size_t length);
+
+/* reserve an area of the address space. the kernel will not place any
+ * new mappings in this area unless explicitly told to (i.e. by not using
+ * MAP_ADDRESS_ANY). Use MAP_ADDRESS_ANY to have the kernel allocate a region
+ * of the address space for you */
+extern kern_status_t address_space_reserve(
+	struct address_space *space,
+	virt_addr_t base,
+	size_t length,
+	virt_addr_t *out);
+/* release a previously reserved area of the address space. */
+extern kern_status_t address_space_release(
+	struct address_space *space,
+	virt_addr_t base,
+	size_t length);
+
+extern bool address_space_validate_access(
+	struct address_space *region,
+	virt_addr_t base,
+	size_t len,
+	vm_prot_t prot);
+
+/* find the mapping corresponding to the given virtual address, and page-in the
+ * necessary vm_page to allow the memory access to succeed. if the relevant
+ * vm-object page hasn't been allocated yet, it will be allocated here.
+ * this function must be called with `region` UNLOCKED and interrupts ENABLED.
+ */
+extern kern_status_t address_space_demand_map(
+	struct address_space *region,
+	virt_addr_t addr,
+	enum pmap_fault_flags flags);
+
+/* read data from the user-space area of a vm-region into a kernel-mode buffer
+ */
+extern kern_status_t address_space_read(
+	struct address_space *src_region,
+	virt_addr_t src_ptr,
+	size_t count,
+	void *dest,
+	size_t *nr_read);
+
+/* write data to the user-space area of a vm-region from a kernel-mode buffer
+ */
+extern kern_status_t address_space_write(
+	struct address_space *dst_region,
+	virt_addr_t dst_ptr,
+	size_t count,
+	const void *src,
+	size_t *nr_written);
+
+extern kern_status_t address_space_memmove(
+	struct address_space *dest_space,
+	virt_addr_t dest_ptr,
+	struct address_space *src_space,
+	virt_addr_t src_ptr,
+	size_t count,
+	size_t *nr_moved);
+
+extern kern_status_t address_space_memmove_v(
+	struct address_space *dest_space,
+	size_t dest_offset,
+	const kern_iovec_t *dest_iov,
+	size_t nr_dest_iov,
+	struct address_space *src_space,
+	size_t src_offset,
+	const kern_iovec_t *src_iov,
+	size_t nr_src_iov,
+	size_t bytes_to_move,
+	size_t *nr_bytes_moved);
+
+void address_space_dump(struct address_space *region);
+
+DEFINE_OBJECT_LOCK_FUNCTION(address_space, s_base)
+
+#endif

include/kernel/channel.h

@@ -9,7 +9,7 @@ struct msg;
 struct channel {
 	struct object c_base;
 	unsigned int c_id;
-	struct waitqueue c_wq;
+	unsigned int c_msg_waiting;
 	struct btree c_msg;
 	struct btree_node c_node;
 };
@@ -37,7 +37,7 @@ extern kern_status_t channel_read_msg(
 	struct channel *channel,
 	msgid_t msg,
 	size_t offset,
-	struct vm_region *dest_region,
+	struct address_space *dest_region,
 	const kern_iovec_t *dest_iov,
 	size_t dest_iov_count,
 	size_t *nr_read);
@@ -45,7 +45,7 @@ extern kern_status_t channel_write_msg(
 	struct channel *channel,
 	msgid_t msg,
 	size_t offset,
-	struct vm_region *src_region,
+	struct address_space *src_region,
 	const kern_iovec_t *src_iov,
 	size_t src_iov_count,
 	size_t *nr_written);

include/kernel/cpu.h

@@ -1,10 +1,11 @@
 #ifndef KERNEL_CPU_H_
 #define KERNEL_CPU_H_
 
-#include <kernel/types.h>
 #include <kernel/machine/cpu.h>
-#include <stdint.h>
 #include <kernel/sched.h>
+#include <kernel/types.h>
+#include <kernel/work.h>
+#include <stdint.h>
 
 #ifdef __cplusplus
 extern "C" {

include/kernel/equeue.h

@@ -0,0 +1,34 @@
+#ifndef KERNEL_EQUEUE_H_
+#define KERNEL_EQUEUE_H_
+
+#include <kernel/locks.h>
+#include <kernel/object.h>
+#include <kernel/sched.h>
+#include <mango/types.h>
+
+#define EQUEUE_PACKET_MAX 100
+
+enum equeue_flags {
+	EQUEUE_WAIT,
+	EQUEUE_DISCARD,
+};
+
+struct equeue {
+	struct object eq_base;
+	unsigned short eq_read_ptr, eq_write_ptr;
+	equeue_packet_t eq_packets[EQUEUE_PACKET_MAX];
+	struct waitqueue eq_wq;
+};
+
+extern kern_status_t equeue_type_init(void);
+extern struct equeue *equeue_cast(struct object *obj);
+
+extern struct equeue *equeue_create(void);
+
+extern kern_status_t equeue_enqueue(
+	struct equeue *q,
+	const equeue_packet_t *pkt,
+	enum equeue_flags flags);
+extern kern_status_t equeue_dequeue(struct equeue *q, equeue_packet_t *out);
+
+#endif

include/kernel/handle.h

@@ -17,7 +17,7 @@ typedef uintptr_t handle_flags_t;
 
 struct task;
 struct object;
-struct vm_region;
+struct address_space;
 struct handle_list;
 
 struct handle {
@@ -57,11 +57,11 @@ extern struct handle *handle_table_get_handle(
 	kern_handle_t handle);
 
 extern kern_status_t handle_table_transfer(
-	struct vm_region *dst_region,
+	struct address_space *dst_region,
 	struct handle_table *dst,
 	kern_msg_handle_t *dst_handles,
 	size_t dst_handles_max,
-	struct vm_region *src_region,
+	struct address_space *src_region,
 	struct handle_table *src,
 	kern_msg_handle_t *src_handles,
 	size_t src_handles_count);

include/kernel/iovec.h

@@ -4,10 +4,12 @@
 #include <mango/types.h>
 #include <stddef.h>
 
+struct address_space;
+
 struct iovec_iterator {
 	/* if this is set, we are iterating over a list of iovecs stored in
 	 * userspace, and must go through this region to retrieve the data. */
-	struct vm_region *it_region;
+	struct address_space *it_region;
 	const kern_iovec_t *it_vecs;
 	size_t it_nr_vecs;
 	size_t it_vec_ptr;
@@ -22,7 +24,7 @@ extern void iovec_iterator_begin(
 	size_t nr_vecs);
 extern void iovec_iterator_begin_user(
 	struct iovec_iterator *it,
-	struct vm_region *address_space,
+	struct address_space *address_space,
 	const kern_iovec_t *vecs,
 	size_t nr_vecs);
 

include/kernel/locks.h

@@ -22,6 +22,32 @@ typedef __aligned(8) ml_hwlock_t spin_lock_t;
 #define spin_unlock_irqrestore(lck, flags)                                     \
 	ml_hwlock_unlock_irqrestore(lck, flags);
 
+static inline void spin_lock_pair(spin_lock_t *a, spin_lock_t *b)
+{
+	if (a == b) {
+		spin_lock(a);
+	} else if (a < b) {
+		spin_lock(a);
+		spin_lock(b);
+	} else {
+		spin_lock(b);
+		spin_lock(a);
+	}
+}
+
+static inline void spin_unlock_pair(spin_lock_t *a, spin_lock_t *b)
+{
+	if (a == b) {
+		spin_unlock(a);
+	} else if (a < b) {
+		spin_unlock(b);
+		spin_unlock(a);
+	} else {
+		spin_unlock(a);
+		spin_unlock(b);
+	}
+}
+
 static inline void spin_lock_pair_irqsave(
 	spin_lock_t *a,
 	spin_lock_t *b,

include/kernel/object.h

@@ -4,6 +4,7 @@
 #include <kernel/flags.h>
 #include <kernel/locks.h>
 #include <kernel/vm.h>
+#include <kernel/wait.h>
 #include <mango/status.h>
 #include <stddef.h>
 
@@ -32,6 +33,18 @@ extern "C" {
 	{                                                                      \
 		object_unlock_irqrestore(&p->base, flags);                     \
 	}                                                                      \
+	static inline void object_name##_lock_pair(                            \
+		struct object_name *a,                                         \
+		struct object_name *b)                                         \
+	{                                                                      \
+		object_lock_pair(&a->base, &b->base);                          \
+	}                                                                      \
+	static inline void object_name##_unlock_pair(                          \
+		struct object_name *a,                                         \
+		struct object_name *b)                                         \
+	{                                                                      \
+		object_unlock_pair(&a->base, &b->base);                        \
+	}                                                                      \
 	static inline void object_name##_lock_pair_irqsave(                    \
 		struct object_name *a,                                         \
 		struct object_name *b,                                         \
@@ -87,9 +100,11 @@ struct object {
 	koid_t ob_id;
 	struct object_type *ob_type;
 	spin_lock_t ob_lock;
+	uint32_t ob_signals;
 	unsigned int ob_refcount;
 	unsigned int ob_handles;
 	struct queue_entry ob_list;
+	struct waitqueue ob_wq;
 } __aligned(sizeof(long));
 
 extern kern_status_t object_bootstrap(void);
@@ -106,6 +121,9 @@ extern void object_unlock(struct object *obj);
 extern void object_lock_irqsave(struct object *obj, unsigned long *flags);
 extern void object_unlock_irqrestore(struct object *obj, unsigned long flags);
 
+extern void object_lock_pair(struct object *a, struct object *b);
+extern void object_unlock_pair(struct object *a, struct object *b);
+
 extern void object_lock_pair_irqsave(
 	struct object *a,
 	struct object *b,
@@ -115,6 +133,13 @@ extern void object_unlock_pair_irqrestore(
 	struct object *b,
 	unsigned long flags);
 
+extern void object_assert_signal(struct object *obj, uint32_t signals);
+extern void object_clear_signal(struct object *obj, uint32_t signals);
+extern void object_wait_signal(
+	struct object *obj,
+	uint32_t signals,
+	unsigned long *irq_flags);
+
 #ifdef __cplusplus
 }
 #endif

include/kernel/ringbuffer.h

@@ -1,8 +1,10 @@
 #ifndef KERNEL_RINGBUFFER_H_
 #define KERNEL_RINGBUFFER_H_
 
+#include <kernel/flags.h>
 #include <kernel/locks.h>
-#include <kernel/sched.h>
+#include <kernel/types.h>
+#include <kernel/wait.h>
 
 struct ringbuffer {
 	unsigned char *r_buffer;
@@ -22,12 +24,21 @@ extern kern_status_t ringbuffer_deinit(struct ringbuffer *buf);
 
 extern size_t ringbuffer_unread(struct ringbuffer *buf);
 extern size_t ringbuffer_avail(struct ringbuffer *buf);
-extern size_t ringbuffer_read(struct ringbuffer *buf, size_t size, void *buffer, mango_flags_t flags);
-extern size_t ringbuffer_write(struct ringbuffer *buf, size_t size, const void *buffer, mango_flags_t flags);
+extern size_t ringbuffer_read(
+	struct ringbuffer *buf,
+	size_t size,
+	void *buffer,
+	mango_flags_t flags);
+extern size_t ringbuffer_write(
+	struct ringbuffer *buf,
+	size_t size,
+	const void *buffer,
+	mango_flags_t flags);
 
 /* TODO */
-//extern size_t ringbuffer_peek(struct ringbuffer *buf, size_t at, size_t size, void *buffer);
-//extern size_t ringbuffer_skip(struct ringbuffer *buf, size_t count);
+// extern size_t ringbuffer_peek(struct ringbuffer *buf, size_t at, size_t size,
+// void *buffer); extern size_t ringbuffer_skip(struct ringbuffer *buf, size_t
+// count);
 
 extern int ringbuffer_write_would_block(struct ringbuffer *buf);
 

include/kernel/sched.h

@@ -4,32 +4,11 @@
 #include <kernel/btree.h>
 #include <kernel/handle.h>
 #include <kernel/locks.h>
-#include <kernel/msg.h>
-#include <kernel/object.h>
-#include <kernel/pmap.h>
 #include <kernel/queue.h>
+#include <kernel/types.h>
 #include <mango/status.h>
 
-#define TASK_NAME_MAX       64
 #define PRIO_MAX 32
-#define PID_MAX             99999
-#define THREAD_KSTACK_ORDER VM_PAGE_4K
-#define THREAD_MAX          65536
-
-#define wait_event(wq, cond)                                                   \
-	({                                                                     \
-		struct thread *self = current_thread();                        \
-		struct wait_item waiter;                                       \
-		wait_item_init(&waiter, self);                                 \
-		for (;;) {                                                     \
-			thread_wait_begin(&waiter, wq);                        \
-			if (cond) {                                            \
-				break;                                         \
-			}                                                      \
-			schedule(SCHED_NORMAL);                                \
-		}                                                              \
-		thread_wait_end(&waiter, wq);                                  \
-	})
 
 #ifdef __cplusplus
 extern "C" {
@@ -37,23 +16,6 @@ extern "C" {
 
 struct channel;
 struct runqueue;
-struct work_item;
-
-enum task_state {
-	TASK_RUNNING,
-	TASK_STOPPED,
-};
-
-enum thread_state {
-	THREAD_READY = 1,
-	THREAD_SLEEPING = 2,
-	THREAD_STOPPED = 3,
-};
-
-enum thread_flags {
-	THREAD_F_NEED_RESCHED = 0x01u,
-	THREAD_F_NO_PREEMPT = 0x02u,
-};
 
 enum sched_priority {
 	PRIO_IDLE = 4,
@@ -75,55 +37,6 @@ enum sched_mode {
 	SCHED_IRQ = 1,
 };
 
-struct task {
-	struct object t_base;
-
-	struct task *t_parent;
-	long t_id;
-	enum task_state t_state;
-	char t_name[TASK_NAME_MAX];
-
-	pmap_t t_pmap;
-	struct vm_region *t_address_space;
-	spin_lock_t t_handles_lock;
-	struct handle_table *t_handles;
-	struct btree b_channels;
-
-	struct btree_node t_tasklist;
-	struct queue_entry t_child_entry;
-
-	size_t t_next_thread_id;
-	struct queue t_threads;
-	struct queue t_children;
-};
-
-struct thread {
-	struct object thr_base;
-
-	enum thread_state tr_state;
-	enum thread_flags tr_flags;
-	struct task *tr_parent;
-
-	unsigned int tr_id;
-	unsigned int tr_prio;
-
-	cycles_t tr_charge_period_start;
-	cycles_t tr_quantum_cycles, tr_quantum_target;
-	cycles_t tr_total_cycles;
-
-	virt_addr_t tr_ip, tr_sp, tr_bp;
-	virt_addr_t tr_cpu_user_sp, tr_cpu_kernel_sp;
-
-	struct runqueue *tr_rq;
-	struct msg tr_msg;
-
-	struct queue_entry tr_parent_entry;
-	struct queue_entry tr_rqentry;
-
-	struct vm_page *tr_kstack;
-	struct vm_object *tr_ustack;
-};
-
 struct runqueue {
 	struct queue rq_queues[PRIO_MAX];
 	uint32_t rq_readybits;
@@ -141,34 +54,6 @@ struct timer {
 	void (*t_callback)(struct timer *);
 };
 
-struct wait_item {
-	struct thread *w_thread;
-	struct queue_entry w_entry;
-};
-
-struct waitqueue {
-	struct queue wq_waiters;
-	spin_lock_t wq_lock;
-};
-
-typedef void (*work_func_t)(struct work_item *);
-
-struct work_item {
-	void *w_data;
-	work_func_t w_func;
-	struct queue_entry w_head;
-};
-
-struct worker_pool {
-	struct thread **wp_workers;
-	size_t wp_nworkers;
-};
-
-struct workqueue {
-	spin_lock_t wq_lock;
-	struct queue wq_queue; /* list of struct work_item */
-};
-
 extern kern_status_t sched_init(void);
 extern void schedule(enum sched_mode mode);
 extern void preempt_disable(void);
@@ -188,38 +73,6 @@ static inline void rq_unlock(struct runqueue *rq, unsigned long flags)
 extern void rq_remove_thread(struct runqueue *rq, struct thread *thr);
 extern struct runqueue *cpu_rq(unsigned int cpu);
 
-extern struct task *task_alloc(void);
-extern struct task *task_cast(struct object *obj);
-extern struct task *task_create(const char *name, size_t name_len);
-static inline struct task *task_ref(struct task *task)
-{
-	return OBJECT_CAST(struct task, t_base, object_ref(&task->t_base));
-}
-static inline void task_unref(struct task *task)
-{
-	object_unref(&task->t_base);
-}
-extern kern_status_t task_add_child(struct task *parent, struct task *child);
-extern kern_status_t task_add_channel(
-	struct task *task,
-	struct channel *channel,
-	unsigned int id);
-extern struct channel *task_get_channel(struct task *task, unsigned int id);
-extern struct task *task_from_tid(tid_t id);
-extern kern_status_t task_open_handle(
-	struct task *task,
-	struct object *obj,
-	handle_flags_t flags,
-	kern_handle_t *out);
-extern kern_status_t task_resolve_handle(
-	struct task *task,
-	kern_handle_t handle,
-	struct object **out_obj,
-	handle_flags_t *out_flags);
-extern kern_status_t task_close_handle(struct task *task, kern_handle_t handle);
-extern struct thread *task_create_thread(struct task *parent);
-extern struct task *kernel_task(void);
-extern struct task *idle_task(void);
 extern cycles_t default_quantum(void);
 
 extern bool need_resched(void);
@@ -232,45 +85,12 @@ extern void schedule_thread_on_cpu(struct thread *thr);
 extern void start_charge_period(void);
 extern void end_charge_period(void);
 
-DEFINE_OBJECT_LOCK_FUNCTION(task, t_base)
-
-extern struct thread *thread_alloc(void);
-extern struct thread *thread_cast(struct object *obj);
-extern kern_status_t thread_init_kernel(struct thread *thr, virt_addr_t ip);
-extern kern_status_t thread_init_user(
-	struct thread *thr,
-	virt_addr_t ip,
-	virt_addr_t sp,
-	const uintptr_t *args,
-	size_t nr_args);
-extern int thread_priority(struct thread *thr);
-extern void thread_awaken(struct thread *thr);
-extern void idle(void);
-extern struct thread *create_kernel_thread(void (*fn)(void));
-extern struct thread *create_idle_thread(void);
-
 extern void add_timer(struct timer *timer);
 extern void remove_timer(struct timer *timer);
 extern unsigned long schedule_timeout(unsigned long clock_ticks);
 extern unsigned long milli_sleep(unsigned long ms);
 extern void sleep_forever(void);
 
-extern void wait_item_init(struct wait_item *item, struct thread *thr);
-extern void thread_wait_begin(struct wait_item *waiter, struct waitqueue *q);
-extern void thread_wait_end(struct wait_item *waiter, struct waitqueue *q);
-extern void wait_on_queue(struct waitqueue *q);
-extern void wakeup_queue(struct waitqueue *q);
-extern void wakeup_one(struct waitqueue *q);
-
-extern void work_item_init(work_func_t func, void *data, struct work_item *out);
-extern void workqueue_init(struct workqueue *wq);
-extern struct worker_pool *worker_pool_create(size_t nworkers);
-extern struct worker_pool *global_worker_pool(void);
-extern bool schedule_work_on(struct workqueue *wq, struct work_item *work);
-extern bool schedule_work(struct work_item *work);
-
-extern void wake_workers(struct workqueue *wq, struct worker_pool *pool);
-
 #ifdef __cplusplus
 }
 #endif

include/kernel/syscall.h

@@ -1,9 +1,9 @@
 #ifndef KERNEL_SYSCALL_H_
 #define KERNEL_SYSCALL_H_
 
+#include <kernel/address-space.h>
 #include <kernel/handle.h>
-#include <kernel/sched.h>
-#include <kernel/vm-region.h>
+#include <kernel/task.h>
 #include <kernel/vm.h>
 #include <mango/status.h>
 #include <mango/syscall.h>
@@ -28,13 +28,13 @@ static inline bool __validate_access(
 	vm_prot_t flags)
 {
 	unsigned long irq_flags;
-	vm_region_lock_irqsave(task->t_address_space, &irq_flags);
-	bool result = vm_region_validate_access(
+	address_space_lock_irqsave(task->t_address_space, &irq_flags);
+	bool result = address_space_validate_access(
 		task->t_address_space,
 		(virt_addr_t)ptr,
 		len,
 		flags | VM_PROT_USER);
-	vm_region_unlock_irqrestore(task->t_address_space, irq_flags);
+	address_space_unlock_irqrestore(task->t_address_space, irq_flags);
 	return result;
 }
 
@@ -85,29 +85,19 @@ extern kern_status_t sys_vm_object_copy(
 	size_t count,
 	size_t *nr_copied);
 
-extern kern_status_t sys_vm_region_create(
-	kern_handle_t parent,
-	const char *name,
-	size_t name_len,
-	off_t offset,
-	size_t region_len,
-	vm_prot_t prot,
-	kern_handle_t *out,
-	virt_addr_t *out_base_address);
-extern kern_status_t sys_vm_region_kill(kern_handle_t region);
-extern kern_status_t sys_vm_region_read(
+extern kern_status_t sys_address_space_read(
 	kern_handle_t region,
 	void *dst,
-	off_t offset,
+	virt_addr_t base,
 	size_t count,
 	size_t *nr_read);
-extern kern_status_t sys_vm_region_write(
+extern kern_status_t sys_address_space_write(
 	kern_handle_t region,
 	const void *src,
-	off_t offset,
+	virt_addr_t base,
 	size_t count,
 	size_t *nr_read);
-extern kern_status_t sys_vm_region_map_absolute(
+extern kern_status_t sys_address_space_map(
 	kern_handle_t region,
 	virt_addr_t map_address,
 	kern_handle_t object,
@@ -115,25 +105,25 @@ extern kern_status_t sys_vm_region_map_absolute(
 	size_t length,
 	vm_prot_t prot,
 	virt_addr_t *out_base_address);
-extern kern_status_t sys_vm_region_map_relative(
+extern kern_status_t sys_address_space_unmap(
 	kern_handle_t region,
-	off_t region_offset,
-	kern_handle_t object,
-	off_t object_offset,
-	size_t length,
-	vm_prot_t prot,
-	virt_addr_t *out_base_address);
-extern kern_status_t sys_vm_region_unmap_absolute(
-	kern_handle_t region,
-	virt_addr_t address,
+	virt_addr_t base,
 	size_t length);
-extern kern_status_t sys_vm_region_unmap_relative(
+extern kern_status_t sys_address_space_reserve(
 	kern_handle_t region,
-	off_t offset,
+	virt_addr_t base,
+	size_t length,
+	virt_addr_t *out_base_address);
+extern kern_status_t sys_address_space_release(
+	kern_handle_t region,
+	virt_addr_t base,
 	size_t length);
 
 extern kern_status_t sys_kern_log(const char *s);
 extern kern_status_t sys_kern_handle_close(kern_handle_t handle);
+extern kern_status_t sys_kern_handle_duplicate(
+	kern_handle_t handle,
+	kern_handle_t *out);
 extern kern_status_t sys_kern_config_get(
 	kern_config_key_t key,
 	void *ptr,
@@ -176,6 +166,37 @@ extern kern_status_t sys_msg_write(
 	size_t nr_in,
 	size_t *nr_written);
 
+extern kern_status_t sys_kern_object_wait(
+	kern_wait_item_t *items,
+	size_t nr_items);
+
+extern kern_status_t sys_vm_controller_create(kern_handle_t *out);
+extern kern_status_t sys_vm_controller_recv(
+	kern_handle_t ctrl,
+	equeue_packet_page_request_t *out);
+extern kern_status_t sys_vm_controller_recv_async(
+	kern_handle_t ctrl,
+	kern_handle_t eq,
+	equeue_key_t key);
+extern kern_status_t sys_vm_controller_create_object(
+	kern_handle_t ctrl,
+	const char *name,
+	size_t name_len,
+	equeue_key_t key,
+	size_t data_len,
+	vm_prot_t prot,
+	kern_handle_t *out);
+extern kern_status_t sys_vm_controller_detach_object(
+	kern_handle_t ctrl,
+	kern_handle_t vmo);
+extern kern_status_t sys_vm_controller_supply_pages(
+	kern_handle_t ctrl,
+	kern_handle_t dst_vmo,
+	off_t dst_offset,
+	kern_handle_t src_vmo,
+	off_t src_offset,
+	size_t count);
+
 extern virt_addr_t syscall_get_function(unsigned int sysid);
 
 #endif

include/kernel/task.h

@@ -0,0 +1,75 @@
+#ifndef KERNEL_TASK_H_
+#define KERNEL_TASK_H_
+
+#include <kernel/handle.h>
+#include <kernel/object.h>
+#include <kernel/pmap.h>
+
+#define TASK_NAME_MAX 64
+#define PID_MAX       99999
+
+struct channel;
+
+enum task_state {
+	TASK_RUNNING,
+	TASK_STOPPED,
+};
+
+struct task {
+	struct object t_base;
+
+	struct task *t_parent;
+	long t_id;
+	enum task_state t_state;
+	char t_name[TASK_NAME_MAX];
+
+	pmap_t t_pmap;
+	struct address_space *t_address_space;
+	spin_lock_t t_handles_lock;
+	struct handle_table *t_handles;
+	struct btree b_channels;
+
+	struct btree_node t_tasklist;
+	struct queue_entry t_child_entry;
+
+	size_t t_next_thread_id;
+	struct queue t_threads;
+	struct queue t_children;
+};
+
+extern struct task *task_alloc(void);
+extern struct task *task_cast(struct object *obj);
+extern struct task *task_create(const char *name, size_t name_len);
+static inline struct task *task_ref(struct task *task)
+{
+	return OBJECT_CAST(struct task, t_base, object_ref(&task->t_base));
+}
+static inline void task_unref(struct task *task)
+{
+	object_unref(&task->t_base);
+}
+extern kern_status_t task_add_child(struct task *parent, struct task *child);
+extern kern_status_t task_add_channel(
+	struct task *task,
+	struct channel *channel,
+	unsigned int id);
+extern struct channel *task_get_channel(struct task *task, unsigned int id);
+extern struct task *task_from_tid(tid_t id);
+extern kern_status_t task_open_handle(
+	struct task *task,
+	struct object *obj,
+	handle_flags_t flags,
+	kern_handle_t *out);
+extern kern_status_t task_resolve_handle(
+	struct task *task,
+	kern_handle_t handle,
+	struct object **out_obj,
+	handle_flags_t *out_flags);
+extern kern_status_t task_close_handle(struct task *task, kern_handle_t handle);
+extern struct thread *task_create_thread(struct task *parent);
+extern struct task *kernel_task(void);
+extern struct task *idle_task(void);
+
+DEFINE_OBJECT_LOCK_FUNCTION(task, t_base)
+
+#endif

include/kernel/thread.h

@@ -0,0 +1,67 @@
+#ifndef KERNEL_THREAD_H_
+#define KERNEL_THREAD_H_
+
+#include <kernel/msg.h>
+#include <kernel/object.h>
+#include <kernel/vm-controller.h>
+
+#define THREAD_KSTACK_ORDER VM_PAGE_4K
+
+enum thread_state {
+	THREAD_READY = 1,
+	THREAD_SLEEPING = 2,
+	THREAD_STOPPED = 3,
+};
+
+enum thread_flags {
+	/* this thread has exhausted its quantum and is due to be re-scheduled.
+	 */
+	THREAD_F_NEED_RESCHED = 0x01u,
+	/* this thread is currently scheduled (i.e. is present on a runqueue) */
+	THREAD_F_SCHEDULED = 0x04u,
+};
+
+struct thread {
+	struct object thr_base;
+
+	enum thread_state tr_state;
+	enum thread_flags tr_flags;
+	struct task *tr_parent;
+
+	unsigned int tr_id;
+	unsigned int tr_prio;
+
+	cycles_t tr_charge_period_start;
+	cycles_t tr_quantum_cycles, tr_quantum_target;
+	cycles_t tr_total_cycles;
+
+	virt_addr_t tr_ip, tr_sp, tr_bp;
+	virt_addr_t tr_cpu_user_sp, tr_cpu_kernel_sp;
+
+	struct runqueue *tr_rq;
+	struct msg tr_msg;
+	struct page_request tr_page_req;
+
+	struct queue_entry tr_parent_entry;
+	struct queue_entry tr_rqentry;
+
+	struct vm_page *tr_kstack;
+	struct vm_object *tr_ustack;
+};
+
+extern struct thread *thread_alloc(void);
+extern struct thread *thread_cast(struct object *obj);
+extern kern_status_t thread_init_kernel(struct thread *thr, virt_addr_t ip);
+extern kern_status_t thread_init_user(
+	struct thread *thr,
+	virt_addr_t ip,
+	virt_addr_t sp,
+	const uintptr_t *args,
+	size_t nr_args);
+extern int thread_priority(struct thread *thr);
+extern void thread_awaken(struct thread *thr);
+extern void idle(void);
+extern struct thread *create_kernel_thread(void (*fn)(void));
+extern struct thread *create_idle_thread(void);
+
+#endif

include/kernel/util.h

@@ -61,6 +61,7 @@ extern uint64_t host_to_little_u64(uint64_t v);
 extern uint64_t big_to_host_u64(uint64_t v);
 extern uint64_t little_to_host_u64(uint64_t v);
 
+extern void init_random(uint64_t seed);
 extern bool fill_random(void *buffer, unsigned int size);
 
 #ifdef __cplusplus

include/kernel/vm-controller.h

@@ -0,0 +1,85 @@
+#ifndef KERNEL_VM_CONTROLLER_H_
+#define KERNEL_VM_CONTROLLER_H_
+
+#include <kernel/locks.h>
+#include <kernel/object.h>
+#include <mango/types.h>
+
+struct thread;
+struct equeue;
+struct vm_object;
+
+enum page_request_status {
+	PAGE_REQUEST_PENDING = 0,
+	PAGE_REQUEST_IN_PROGRESS,
+	PAGE_REQUEST_COMPLETE,
+};
+
+struct vm_controller {
+	struct object vc_base;
+	/* tree of struct vm_objects bound to this controller, keyed with the
+	 * equeue_key_t specified when the object(s) were created. */
+	struct btree vc_objects;
+	/* tree of pending page requests */
+	struct btree vc_requests;
+	/* the equeue to send async page requests to */
+	struct equeue *vc_eq;
+	equeue_key_t vc_eq_key;
+	/* the number of page requests queued with status PAGE_REQUEST_PENDING.
+	 * used to assert/clear VM_CONTROLLER_SIGNAL_REQUEST_RECEIVED */
+	size_t vc_requests_waiting;
+};
+
+struct page_request {
+	uint64_t req_id;
+	unsigned int req_type;
+	enum page_request_status req_status;
+	kern_status_t req_result;
+	spin_lock_t req_lock;
+	struct vm_object *req_object;
+	struct thread *req_sender;
+	struct btree_node req_node;
+	off_t req_offset;
+	size_t req_length;
+};
+
+extern kern_status_t vm_controller_type_init(void);
+extern struct vm_controller *vm_controller_cast(struct object *obj);
+
+extern struct vm_controller *vm_controller_create(void);
+
+extern kern_status_t vm_controller_recv(
+	struct vm_controller *ctrl,
+	equeue_packet_page_request_t *out);
+extern kern_status_t vm_controller_recv_async(
+	struct vm_controller *ctrl,
+	struct equeue *eq,
+	equeue_key_t key);
+
+extern kern_status_t vm_controller_create_object(
+	struct vm_controller *ctrl,
+	const char *name,
+	size_t name_len,
+	equeue_key_t key,
+	size_t data_len,
+	vm_prot_t prot,
+	struct vm_object **out);
+extern kern_status_t vm_controller_detach_object(
+	struct vm_controller *ctrl,
+	struct vm_object *vmo);
+extern kern_status_t vm_controller_supply_pages(
+	struct vm_controller *ctrl,
+	struct vm_object *dst,
+	off_t dst_offset,
+	struct vm_object *src,
+	off_t src_offset,
+	size_t count);
+
+extern kern_status_t vm_controller_send_request(
+	struct vm_controller *ctrl,
+	struct page_request *req,
+	unsigned long *irq_flags);
+
+DEFINE_OBJECT_LOCK_FUNCTION(vm_controller, vc_base)
+
+#endif

include/kernel/vm-object.h

@@ -6,10 +6,27 @@
 
 #define VM_OBJECT_NAME_MAX 64
 
+struct vm_controller;
+
 enum vm_object_flags {
 	/* the memory behind this vm-object wasn't allocated by us, and
 	 * therefore shouldn't be freed by us */
 	VMO_IN_PLACE = 0x01u,
+	/* this vm-object is/was attached to a vm-controller */
+	VMO_CONTROLLER = 0x02u,
+
+	/* these flags are for use with vm_object_get_page */
+	/**************************************************/
+
+	/* if the relevant page hasn't been allocated yet, it will be allocated
+	 * and returned. if this flag isn't specified, NULL will be returned. */
+	VMO_ALLOCATE_MISSING_PAGE = 0x04u,
+	/* if the vm-object is attached to a vm-controller, and the relevant
+	 * page is uncommitted, send a request to the vm-controller to provide
+	 * the missing page. will result in the vm-object being unlocked and
+	 * the current thread sleeping until the request is fulfilled. the
+	 * vm-object will be re-locked before the function returns. */
+	VMO_REQUEST_MISSING_PAGE = 0x08u,
 };
 
 struct vm_object {
@@ -21,8 +38,12 @@ struct vm_object {
 	/* queue of struct vm_region_mapping */
 	struct queue vo_mappings;
 
-	/* memory protection flags. mappings of this vm_object can only use
-	 * a subset of the flags set in this mask. */
+	struct vm_controller *vo_ctrl;
+	equeue_key_t vo_key;
+	struct btree_node vo_ctrl_node;
+
+	/* memory protection flags. mappings of this vm_object can only
+	 * use a subset of the flags set in this mask. */
 	vm_prot_t vo_prot;
 
 	/* btree of vm_pages that have been allocated to this vm_object.
@@ -58,13 +79,10 @@ extern struct vm_object *vm_object_create_in_place(
 	vm_prot_t prot);
 
 extern struct vm_page *vm_object_get_page(
-	const struct vm_object *vo,
-	off_t offset);
-
-extern struct vm_page *vm_object_alloc_page(
 	struct vm_object *vo,
 	off_t offset,
-	enum vm_page_order size);
+	enum vm_object_flags flags,
+	unsigned long *irq_flags);
 
 extern kern_status_t vm_object_read(
 	struct vm_object *vo,
@@ -85,6 +103,13 @@ extern kern_status_t vm_object_copy(
 	off_t src_offset,
 	size_t count,
 	size_t *nr_copied);
+extern kern_status_t vm_object_transfer(
+	struct vm_object *dst,
+	off_t dst_offset,
+	struct vm_object *src,
+	off_t src_offset,
+	size_t count,
+	size_t *nr_moved);
 
 DEFINE_OBJECT_LOCK_FUNCTION(vm_object, vo_base)
 

include/kernel/vm-region.h

@@ -1,191 +0,0 @@
-#ifndef KERNEL_VM_REGION_H_
-#define KERNEL_VM_REGION_H_
-
-#include <kernel/object.h>
-#include <kernel/pmap.h>
-#include <kernel/vm.h>
-
-#define VM_REGION_NAME_MAX 64
-#define VM_REGION_COPY_ALL ((size_t)-1)
-
-struct vm_region;
-struct vm_object;
-
-enum vm_region_status {
-	VM_REGION_DEAD = 0,
-	VM_REGION_ONLINE,
-};
-
-enum vm_region_entry_type {
-	VM_REGION_ENTRY_NONE = 0,
-	VM_REGION_ENTRY_REGION,
-	VM_REGION_ENTRY_MAPPING,
-};
-
-struct vm_region_entry {
-	union {
-		struct btree_node e_node;
-		/* this entry is only used to queue vm-region objects for
-		 * recursive cleanup */
-		struct queue_entry e_entry;
-	};
-	struct vm_region_entry *e_parent;
-	enum vm_region_entry_type e_type;
-	/* absolute address of this entry */
-	virt_addr_t e_address;
-	/* offset in bytes of this entry within its immediate parent. */
-	off_t e_offset;
-	/* size of the entry in bytes */
-	size_t e_size;
-};
-
-struct vm_region_mapping {
-	struct vm_region_entry m_entry;
-	struct vm_object *m_object;
-
-	/* used to link to vm_object->vo_mappings */
-	struct queue_entry m_object_entry;
-
-	vm_prot_t m_prot;
-	/* offset in bytes to the start of the object data that was mapped */
-	off_t m_object_offset;
-};
-
-struct vm_region {
-	struct object vr_base;
-	enum vm_region_status vr_status;
-	struct vm_region_entry vr_entry;
-
-	char vr_name[VM_REGION_NAME_MAX];
-
-	/* btree of struct vm_region_entry.
-	 * sibling entries cannot overlap each other, and child entries must
-	 * be entirely contained within their immediate parent entry. */
-	struct btree vr_entries;
-
-	/* memory protection restriction mask.
-	 * any mapping in this region, or any of its children, cannot use
-	 * protection flags that are not set in this mask.
-	 * for example, if VM_PROT_EXEC is /not/ set here, no mapping
-	 * can be created in this region or any child region with VM_PROT_EXEC
-	 * set. */
-	vm_prot_t vr_prot;
-
-	/* the physical address space in which mappings in this region (and
-	 * its children) are created */
-	pmap_t vr_pmap;
-};
-
-extern kern_status_t vm_region_type_init(void);
-extern struct vm_region *vm_region_cast(struct object *obj);
-
-/* create a new vm-region, optionally within a parent region.
- * `offset` is the byte offset within the parent region where the new region
- * should start.
- * if no parent is specified, `offset` is the absolute virtual address of the
- * start of the region.
- * in both cases, `len` is the length of the new region in bytes. */
-extern kern_status_t vm_region_create(
-	struct vm_region *parent,
-	const char *name,
-	size_t name_len,
-	off_t offset,
-	size_t region_len,
-	vm_prot_t prot,
-	struct vm_region **out);
-
-/* recursively kills a given region and all of its sub-regions.
- * when a region is killed, all of its mappings are unmapped, and any further
- * operations on the region are denied. however, all handles and references to
- * the region (any any sub-region) remain valid, and no kernel memory is
- * de-allocated.
- * the memory used by the vm-region object itself is de-allocated when the last
- * handle/reference to the object is released.
- * this function should be called with `region` locked.
- */
-extern kern_status_t vm_region_kill(
-	struct vm_region *region,
-	unsigned long *lock_flags);
-
-/* map a vm-object into a vm-region.
- * [region_offset,length] must fall within exactly one region, and cannot span
- * multiple sibling regions.
- * if [region_offset,length] falls within a child region, the map operation
- * will be transparently redirected to the relevant region.
- * `prot` must be allowed both by the region into which the mapping is being
- * created AND the vm-object being mapped. */
-extern kern_status_t vm_region_map_object(
-	struct vm_region *region,
-	off_t region_offset,
-	struct vm_object *object,
-	off_t object_offset,
-	size_t length,
-	vm_prot_t prot,
-	virt_addr_t *out);
-
-extern kern_status_t vm_region_unmap(
-	struct vm_region *region,
-	off_t region_offset,
-	size_t length);
-
-extern bool vm_region_validate_access(
-	struct vm_region *region,
-	off_t offset,
-	size_t len,
-	vm_prot_t prot);
-
-/* find the mapping corresponding to the given virtual address, and page-in the
- * necessary vm_page to allow the memory access to succeed. if the relevant
- * vm-object page hasn't been allocated yet, it will be allocated here. */
-extern kern_status_t vm_region_demand_map(
-	struct vm_region *region,
-	virt_addr_t addr,
-	enum pmap_fault_flags flags);
-
-/* get the absolute base virtual address of a region within its
- * parent/ancestors. */
-extern virt_addr_t vm_region_get_base_address(const struct vm_region *region);
-
-extern void vm_region_dump(struct vm_region *region);
-
-/* read data from the user-space area of a vm-region into a kernel-mode buffer
- */
-extern kern_status_t vm_region_read_kernel(
-	struct vm_region *src_region,
-	virt_addr_t src_ptr,
-	size_t count,
-	void *dest,
-	size_t *nr_read);
-
-/* write data to the user-space area of a vm-region from a kernel-mode buffer
- */
-extern kern_status_t vm_region_write_kernel(
-	struct vm_region *dst_region,
-	virt_addr_t dst_ptr,
-	size_t count,
-	const void *src,
-	size_t *nr_written);
-
-extern kern_status_t vm_region_memmove(
-	struct vm_region *dest_region,
-	virt_addr_t dest_ptr,
-	struct vm_region *src_region,
-	virt_addr_t src_ptr,
-	size_t count,
-	size_t *nr_moved);
-
-extern kern_status_t vm_region_memmove_v(
-	struct vm_region *dest_region,
-	size_t dest_offset,
-	const kern_iovec_t *dest,
-	size_t nr_dest,
-	struct vm_region *src_region,
-	size_t src_offset,
-	const kern_iovec_t *src,
-	size_t nr_src,
-	size_t bytes_to_move,
-	size_t *nr_bytes_moved);
-
-DEFINE_OBJECT_LOCK_FUNCTION(vm_region, vr_base)
-
-#endif

include/kernel/wait.h

@@ -0,0 +1,45 @@
+#ifndef KERNEL_WAIT_H_
+#define KERNEL_WAIT_H_
+
+#include <kernel/locks.h>
+#include <kernel/queue.h>
+
+#define wait_event(wq, cond)                                                   \
+	({                                                                     \
+		struct thread *self = current_thread();                        \
+		struct wait_item waiter;                                       \
+		wait_item_init(&waiter, self);                                 \
+		for (;;) {                                                     \
+			thread_wait_begin(&waiter, wq);                        \
+			if (cond) {                                            \
+				break;                                         \
+			}                                                      \
+			schedule(SCHED_NORMAL);                                \
+		}                                                              \
+		thread_wait_end(&waiter, wq);                                  \
+	})
+
+struct wait_item {
+	struct thread *w_thread;
+	struct queue_entry w_entry;
+};
+
+struct waitqueue {
+	struct queue wq_waiters;
+	spin_lock_t wq_lock;
+};
+
+extern void wait_item_init(struct wait_item *item, struct thread *thr);
+extern void thread_wait_begin(struct wait_item *waiter, struct waitqueue *q);
+extern void thread_wait_end(struct wait_item *waiter, struct waitqueue *q);
+extern void thread_wait_begin_nosleep(
+	struct wait_item *waiter,
+	struct waitqueue *q);
+extern void thread_wait_end_nosleep(
+	struct wait_item *waiter,
+	struct waitqueue *q);
+extern void wait_on_queue(struct waitqueue *q);
+extern void wakeup_queue(struct waitqueue *q);
+extern void wakeup_one(struct waitqueue *q);
+
+#endif

include/kernel/work.h

@@ -0,0 +1,37 @@
+#ifndef KERNEL_WORK_H_
+#define KERNEL_WORK_H_
+
+#include <kernel/locks.h>
+#include <kernel/queue.h>
+#include <stddef.h>
+
+struct work_item;
+
+typedef void (*work_func_t)(struct work_item *);
+
+struct work_item {
+	void *w_data;
+	work_func_t w_func;
+	struct queue_entry w_head;
+};
+
+struct worker_pool {
+	struct thread **wp_workers;
+	size_t wp_nworkers;
+};
+
+struct workqueue {
+	spin_lock_t wq_lock;
+	struct queue wq_queue; /* list of struct work_item */
+};
+
+extern void work_item_init(work_func_t func, void *data, struct work_item *out);
+extern void workqueue_init(struct workqueue *wq);
+extern struct worker_pool *worker_pool_create(size_t nworkers);
+extern struct worker_pool *global_worker_pool(void);
+extern bool schedule_work_on(struct workqueue *wq, struct work_item *work);
+extern bool schedule_work(struct work_item *work);
+
+extern void wake_workers(struct workqueue *wq, struct worker_pool *pool);
+
+#endif

init/main.c

@@ -13,7 +13,9 @@
 #include <kernel/port.h>
 #include <kernel/printk.h>
 #include <kernel/sched.h>
+#include <kernel/task.h>
 #include <kernel/test.h>
+#include <kernel/thread.h>
 #include <kernel/vm-object.h>
 #include <stdint.h>
 
@@ -110,7 +112,10 @@ void kernel_init(uintptr_t arg)
 	struct task *bootstrap_task = task_create("bootstrap", 9);
 	tracek("created bootstrap task (pid=%u)", bootstrap_task->t_id);
 
-	bsp_launch_async(&bsp, bootstrap_task);
+	status = bsp_launch_async(&bsp, bootstrap_task);
+	if (status != KERN_OK) {
+		printk("bsp launch failed with status %d", status);
+	}
 
 	hang();
 }

kernel/bsp.c

@@ -1,10 +1,12 @@
+#include <kernel/address-space.h>
 #include <kernel/bsp.h>
 #include <kernel/handle.h>
 #include <kernel/printk.h>
 #include <kernel/sched.h>
+#include <kernel/task.h>
+#include <kernel/thread.h>
 #include <kernel/util.h>
 #include <kernel/vm-object.h>
-#include <kernel/vm-region.h>
 
 #define BOOTSTRAP_STACK_SIZE 0x10000
 
@@ -69,101 +71,6 @@ kern_status_t bsp_load(struct bsp *bsp, const struct boot_module *mod)
 	return KERN_OK;
 }
 
-static kern_status_t map_executable_dyn(
-	struct bsp *bsp,
-	struct task *task,
-	virt_addr_t *entry)
-{
-	kern_status_t status = KERN_OK;
-	size_t exec_size = 0;
-	if (bsp->bsp_trailer.bsp_text_vaddr > bsp->bsp_trailer.bsp_data_vaddr) {
-		exec_size = bsp->bsp_trailer.bsp_text_vaddr
-		          + bsp->bsp_trailer.bsp_text_size;
-	} else {
-		exec_size = bsp->bsp_trailer.bsp_data_vaddr
-		          + bsp->bsp_trailer.bsp_data_size;
-	}
-
-	struct vm_region *region;
-	status = vm_region_create(
-		task->t_address_space,
-		"exec",
-		4,
-		VM_REGION_ANY_OFFSET,
-		exec_size,
-		VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXEC | VM_PROT_USER,
-		&region);
-	if (status != KERN_OK) {
-		return status;
-	}
-
-	struct vm_object *data = vm_object_create(
-		".data",
-		5,
-		bsp->bsp_trailer.bsp_data_size,
-		VM_PROT_READ | VM_PROT_WRITE | VM_PROT_USER);
-	if (!data) {
-		return KERN_NO_MEMORY;
-	}
-
-	virt_addr_t text_base = 0, data_base = 0;
-
-	off_t text_foffset = bsp->bsp_trailer.bsp_exec_offset
-	                   + bsp->bsp_trailer.bsp_text_faddr;
-	off_t data_foffset = 0;
-	off_t text_voffset = bsp->bsp_trailer.bsp_text_vaddr;
-	off_t data_voffset = bsp->bsp_trailer.bsp_data_vaddr;
-
-#if 0
-	size_t tmp = 0;
-	status = vm_object_copy(
-		data,
-		0,
-		bsp->bsp_vmo,
-		bsp->bsp_trailer.bsp_data_faddr,
-		bsp->bsp_trailer.bsp_data_size,
-		&tmp);
-
-	tracek("read %zuB of data from executable", tmp);
-#endif
-
-	tracek("text_foffset=%06llx, data_foffset=%06llx",
-	       text_foffset,
-	       data_foffset);
-	tracek("text_voffset=%08llx, data_voffset=%08llx",
-	       text_voffset,
-	       data_voffset);
-
-	status = vm_region_map_object(
-		region,
-		text_voffset,
-		bsp->bsp_vmo,
-		text_foffset,
-		bsp->bsp_trailer.bsp_text_size,
-		VM_PROT_READ | VM_PROT_EXEC | VM_PROT_USER,
-		&text_base);
-	if (status != KERN_OK) {
-		return status;
-	}
-
-	status = vm_region_map_object(
-		region,
-		data_voffset,
-		data,
-		data_foffset,
-		bsp->bsp_trailer.bsp_data_size,
-		VM_PROT_READ | VM_PROT_WRITE | VM_PROT_USER,
-		&data_base);
-	if (status != KERN_OK) {
-		return status;
-	}
-
-	tracek("text_base=%08llx, data_base=%08llx", text_base, data_base);
-
-	*entry = text_base + bsp->bsp_trailer.bsp_exec_entry;
-	return KERN_OK;
-}
-
 static kern_status_t map_executable_exec(
 	struct bsp *bsp,
 	struct task *task,
@@ -187,9 +94,6 @@ static kern_status_t map_executable_exec(
 	off_t text_voffset = bsp->bsp_trailer.bsp_text_vaddr;
 	off_t data_voffset = bsp->bsp_trailer.bsp_data_vaddr;
 
-	text_voffset -= vm_region_get_base_address(task->t_address_space);
-	data_voffset -= vm_region_get_base_address(task->t_address_space);
-
 #if 0
 	size_t tmp = 0;
 	status = vm_object_copy(
@@ -210,7 +114,7 @@ static kern_status_t map_executable_exec(
 	       text_voffset,
 	       data_voffset);
 
-	status = vm_region_map_object(
+	status = address_space_map(
 		task->t_address_space,
 		text_voffset,
 		bsp->bsp_vmo,
@@ -222,7 +126,7 @@ static kern_status_t map_executable_exec(
 		return status;
 	}
 
-	status = vm_region_map_object(
+	status = address_space_map(
 		task->t_address_space,
 		data_voffset,
 		data,
@@ -255,9 +159,9 @@ kern_status_t bsp_launch_async(struct bsp *bsp, struct task *task)
 		return KERN_NO_ENTRY;
 	}
 
-	status = vm_region_map_object(
+	status = address_space_map(
 		task->t_address_space,
-		VM_REGION_ANY_OFFSET,
+		MAP_ADDRESS_ANY,
 		user_stack,
 		0,
 		BOOTSTRAP_STACK_SIZE,
@@ -268,9 +172,9 @@ kern_status_t bsp_launch_async(struct bsp *bsp, struct task *task)
 		return status;
 	}
 
-	status = vm_region_map_object(
+	status = address_space_map(
 		task->t_address_space,
-		VM_REGION_ANY_OFFSET,
+		MAP_ADDRESS_ANY,
 		bsp->bsp_vmo,
 		0,
 		bsp->bsp_trailer.bsp_exec_offset,
@@ -286,7 +190,7 @@ kern_status_t bsp_launch_async(struct bsp *bsp, struct task *task)
 		return status;
 	}
 #ifdef TRACE
-	vm_region_dump(task->t_address_space);
+	address_space_dump(task->t_address_space);
 #endif
 
 	sp = stack_buffer + BOOTSTRAP_STACK_SIZE;
@@ -296,7 +200,7 @@ kern_status_t bsp_launch_async(struct bsp *bsp, struct task *task)
 	task_open_handle(task, &task->t_base, 0, &self);
 	task_open_handle(
 		task,
-		&task->t_address_space->vr_base,
+		&task->t_address_space->s_base,
 		0,
 		&self_address_space);
 

kernel/channel.c

@@ -1,8 +1,11 @@
+#include <kernel/address-space.h>
 #include <kernel/channel.h>
 #include <kernel/msg.h>
 #include <kernel/port.h>
+#include <kernel/task.h>
+#include <kernel/thread.h>
 #include <kernel/util.h>
-#include <kernel/vm-region.h>
+#include <mango/signal.h>
 
 #define CHANNEL_CAST(p) OBJECT_C_CAST(struct channel, c_base, &channel_type, p)
 
@@ -98,6 +101,7 @@ static struct msg *get_next_msg(
 		if (msg->msg_status == KMSG_WAIT_RECEIVE) {
 			msg->msg_status = KMSG_WAIT_REPLY;
 			msg->msg_sender_port->p_status = PORT_REPLY_BLOCKED;
+			channel->c_msg_waiting--;
 			return msg;
 		}
 
@@ -117,7 +121,8 @@ extern kern_status_t channel_enqueue_msg(
 		msg->msg_id++;
 	}
 
-	wakeup_one(&channel->c_wq);
+	channel->c_msg_waiting++;
+	object_assert_signal(&channel->c_base, CHANNEL_SIGNAL_MSG_RECEIVED);
 
 	return KERN_OK;
 }
@@ -127,11 +132,21 @@ extern kern_status_t channel_recv_msg(
 	kern_msg_t *out_msg,
 	unsigned long *irq_flags)
 {
-	struct wait_item waiter;
 	struct thread *self = current_thread();
 	struct msg *msg = NULL;
 	unsigned long msg_lock_flags;
 
+	msg = get_next_msg(channel, &msg_lock_flags);
+	if (!msg) {
+		return KERN_NO_ENTRY;
+	}
+
+	if (channel->c_msg_waiting == 0) {
+		object_clear_signal(
+			&channel->c_base,
+			CHANNEL_SIGNAL_MSG_RECEIVED);
+	}
+#if 0
 	wait_item_init(&waiter, self);
 	for (;;) {
 		thread_wait_begin(&waiter, &channel->c_wq);
@@ -145,19 +160,20 @@ extern kern_status_t channel_recv_msg(
 		object_lock_irqsave(&channel->c_base, irq_flags);
 	}
 	thread_wait_end(&waiter, &channel->c_wq);
+#endif
 
 	/* msg is now set to the next message to process */
 
 	struct task *sender = msg->msg_sender_thread->tr_parent;
 	struct task *receiver = self->tr_parent;
 
-	struct vm_region *src = sender->t_address_space,
+	struct address_space *src = sender->t_address_space,
 			     *dst = receiver->t_address_space;
 
 	unsigned long f;
-	vm_region_lock_pair_irqsave(src, dst, &f);
+	address_space_lock_pair_irqsave(src, dst, &f);
 
-	kern_status_t status = vm_region_memmove_v(
+	kern_status_t status = address_space_memmove_v(
 		dst,
 		0,
 		out_msg->msg_data,
@@ -166,7 +182,7 @@ extern kern_status_t channel_recv_msg(
 		0,
 		msg->msg_req.msg_data,
 		msg->msg_req.msg_data_count,
-		VM_REGION_COPY_ALL,
+		ADDRESS_SPACE_COPY_ALL,
 		NULL);
 
 	if (status != KERN_OK) {
@@ -194,7 +210,7 @@ extern kern_status_t channel_recv_msg(
 		&sender->t_handles_lock,
 		&receiver->t_handles_lock,
 		f);
-	vm_region_unlock_pair_irqrestore(src, dst, f);
+	address_space_unlock_pair_irqrestore(src, dst, f);
 
 	if (status != KERN_OK) {
 		kmsg_reply_error(msg, status, &msg_lock_flags);
@@ -234,12 +250,12 @@ extern kern_status_t channel_reply_msg(
 	/* the task that is about to send the response */
 	struct task *sender = self->tr_parent;
 
-	struct vm_region *src = sender->t_address_space,
+	struct address_space *src = sender->t_address_space,
 			     *dst = receiver->t_address_space;
 	unsigned long f;
-	vm_region_lock_pair_irqsave(src, dst, &f);
+	address_space_lock_pair_irqsave(src, dst, &f);
 
-	kern_status_t status = vm_region_memmove_v(
+	kern_status_t status = address_space_memmove_v(
 		dst,
 		0,
 		msg->msg_resp.msg_data,
@@ -248,7 +264,7 @@ extern kern_status_t channel_reply_msg(
 		0,
 		reply->msg_data,
 		reply->msg_data_count,
-		VM_REGION_COPY_ALL,
+		ADDRESS_SPACE_COPY_ALL,
 		NULL);
 
 	if (status != KERN_OK) {
@@ -276,7 +292,7 @@ extern kern_status_t channel_reply_msg(
 		&sender->t_handles_lock,
 		&receiver->t_handles_lock,
 		f);
-	vm_region_unlock_pair_irqrestore(src, dst, f);
+	address_space_unlock_pair_irqrestore(src, dst, f);
 
 	if (status != KERN_OK) {
 		kmsg_reply_error(msg, status, &msg_lock_flags);
@@ -292,7 +308,7 @@ extern kern_status_t channel_read_msg(
 	struct channel *channel,
 	msgid_t id,
 	size_t offset,
-	struct vm_region *dest_region,
+	struct address_space *dest_region,
 	const kern_iovec_t *dest_iov,
 	size_t dest_iov_count,
 	size_t *nr_read)
@@ -309,13 +325,13 @@ extern kern_status_t channel_read_msg(
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	struct vm_region *src_region
+	struct address_space *src_region
 		= msg->msg_sender_thread->tr_parent->t_address_space;
 
 	unsigned long f;
-	vm_region_lock_pair_irqsave(src_region, dest_region, &f);
+	address_space_lock_pair_irqsave(src_region, dest_region, &f);
 
-	kern_status_t status = vm_region_memmove_v(
+	kern_status_t status = address_space_memmove_v(
 		dest_region,
 		0,
 		dest_iov,
@@ -324,9 +340,9 @@ extern kern_status_t channel_read_msg(
 		offset,
 		msg->msg_req.msg_data,
 		msg->msg_req.msg_data_count,
-		VM_REGION_COPY_ALL,
+		ADDRESS_SPACE_COPY_ALL,
 		nr_read);
-	vm_region_unlock_pair_irqrestore(src_region, dest_region, f);
+	address_space_unlock_pair_irqrestore(src_region, dest_region, f);
 
 	spin_unlock_irqrestore(&msg->msg_lock, msg_lock_flags);
 
@@ -337,7 +353,7 @@ extern kern_status_t channel_write_msg(
 	struct channel *channel,
 	msgid_t id,
 	size_t offset,
-	struct vm_region *src_region,
+	struct address_space *src_region,
 	const kern_iovec_t *src_iov,
 	size_t src_iov_count,
 	size_t *nr_written)
@@ -354,13 +370,13 @@ extern kern_status_t channel_write_msg(
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	struct vm_region *dest_region
+	struct address_space *dest_region
 		= msg->msg_sender_thread->tr_parent->t_address_space;
 
 	unsigned long f;
-	vm_region_lock_pair_irqsave(src_region, dest_region, &f);
+	address_space_lock_pair_irqsave(src_region, dest_region, &f);
 
-	kern_status_t status = vm_region_memmove_v(
+	kern_status_t status = address_space_memmove_v(
 		dest_region,
 		offset,
 		msg->msg_resp.msg_data,
@@ -369,9 +385,9 @@ extern kern_status_t channel_write_msg(
 		0,
 		src_iov,
 		src_iov_count,
-		VM_REGION_COPY_ALL,
+		ADDRESS_SPACE_COPY_ALL,
 		nr_written);
-	vm_region_unlock_pair_irqrestore(src_region, dest_region, f);
+	address_space_unlock_pair_irqrestore(src_region, dest_region, f);
 
 	spin_unlock_irqrestore(&msg->msg_lock, msg_lock_flags);
 

kernel/console.c

@@ -1,9 +1,9 @@
 #include <kernel/console.h>
-#include <kernel/queue.h>
-#include <kernel/locks.h>
 #include <kernel/libc/string.h>
+#include <kernel/locks.h>
+#include <kernel/queue.h>
 
-static struct queue consoles;
+static struct queue consoles = {0};
 static spin_lock_t consoles_lock = SPIN_LOCK_INIT;
 
 static void unregister_boot_consoles(void)
@@ -11,7 +11,8 @@ static void unregister_boot_consoles(void)
 	struct queue_entry *cur = queue_first(&consoles);
 	while (cur) {
 		struct queue_entry *next = cur->qe_next;
-		struct console *con = QUEUE_CONTAINER(struct console, c_list, cur);
+		struct console *con
+			= QUEUE_CONTAINER(struct console, c_list, cur);
 		if (con->c_flags & CON_BOOT) {
 			queue_delete(&consoles, cur);
 		}
@@ -25,7 +26,8 @@ kern_status_t console_register(struct console *con)
 	unsigned long flags;
 	spin_lock_irqsave(&consoles_lock, &flags);
 
-	queue_foreach (struct console, cur, &consoles, c_list) {
+	queue_foreach(struct console, cur, &consoles, c_list)
+	{
 		if (!strcmp(cur->c_name, con->c_name)) {
 			spin_unlock_irqrestore(&consoles_lock, flags);
 			return KERN_NAME_EXISTS;

kernel/equeue.c

@@ -0,0 +1,29 @@
+#include <kernel/equeue.h>
+
+kern_status_t equeue_type_init(void)
+{
+	return KERN_UNIMPLEMENTED;
+}
+
+struct equeue *equeue_cast(struct object *obj)
+{
+	return NULL;
+}
+
+struct equeue *equeue_create(void)
+{
+	return NULL;
+}
+
+kern_status_t equeue_enqueue(
+	struct equeue *q,
+	const equeue_packet_t *pkt,
+	enum equeue_flags flags)
+{
+	return KERN_UNIMPLEMENTED;
+}
+
+kern_status_t equeue_dequeue(struct equeue *q, equeue_packet_t *out)
+{
+	return KERN_UNIMPLEMENTED;
+}

kernel/handle.c

@@ -1,9 +1,9 @@
+#include <kernel/address-space.h>
 #include <kernel/handle.h>
 #include <kernel/libc/string.h>
 #include <kernel/object.h>
 #include <kernel/sched.h>
 #include <kernel/util.h>
-#include <kernel/vm-region.h>
 #include <kernel/vm.h>
 #include <mango/types.h>
 
@@ -195,11 +195,11 @@ struct handle *handle_table_get_handle(
 }
 
 kern_status_t handle_table_transfer(
-	struct vm_region *dst_region,
+	struct address_space *dst_region,
 	struct handle_table *dst,
 	kern_msg_handle_t *dst_handles,
 	size_t dst_handles_max,
-	struct vm_region *src_region,
+	struct address_space *src_region,
 	struct handle_table *src,
 	kern_msg_handle_t *src_handles,
 	size_t src_handles_count)
@@ -214,7 +214,7 @@ kern_status_t handle_table_transfer(
 			= (virt_addr_t)src_handles + (i * sizeof src_handle);
 		virt_addr_t dst_handle_addr
 			= (virt_addr_t)dst_handles + (i * sizeof dst_handle);
-		status = vm_region_read_kernel(
+		status = address_space_read(
 			src_region,
 			src_handle_addr,
 			sizeof src_handle,
@@ -223,7 +223,7 @@ kern_status_t handle_table_transfer(
 
 		if (status != KERN_OK) {
 			src_handle.hnd_result = KERN_OK;
-			vm_region_write_kernel(
+			address_space_write(
 				src_region,
 				src_handle_addr,
 				sizeof src_handle,
@@ -232,6 +232,10 @@ kern_status_t handle_table_transfer(
 			break;
 		}
 
+		if (src_handle.hnd_value == KERN_HANDLE_INVALID) {
+			continue;
+		}
+
 		struct handle *src_entry
 			= handle_table_get_handle(src, src_handle.hnd_value);
 		struct handle *dst_entry = NULL;
@@ -239,8 +243,8 @@ kern_status_t handle_table_transfer(
 
 		if (!src_entry) {
 			status = KERN_INVALID_ARGUMENT;
-			src_handle.hnd_result = KERN_OK;
-			vm_region_write_kernel(
+			src_handle.hnd_result = KERN_INVALID_ARGUMENT;
+			address_space_write(
 				src_region,
 				src_handle_addr,
 				sizeof src_handle,
@@ -295,13 +299,13 @@ kern_status_t handle_table_transfer(
 
 		src_handle.hnd_result = status;
 
-		vm_region_write_kernel(
+		address_space_write(
 			src_region,
 			src_handle_addr,
 			sizeof src_handle,
 			&src_handle,
 			NULL);
-		vm_region_write_kernel(
+		address_space_write(
 			dst_region,
 			dst_handle_addr,
 			sizeof dst_handle,
@@ -313,7 +317,7 @@ kern_status_t handle_table_transfer(
 		kern_msg_handle_t handle = {0};
 		virt_addr_t handle_addr
 			= (virt_addr_t)src_handles + (i * sizeof handle);
-		vm_region_read_kernel(
+		address_space_read(
 			src_region,
 			handle_addr,
 			sizeof handle,

kernel/iovec.c

@@ -1,7 +1,7 @@
+#include <kernel/address-space.h>
 #include <kernel/iovec.h>
 #include <kernel/libc/string.h>
 #include <kernel/util.h>
-#include <kernel/vm-region.h>
 
 static bool read_iovec(
 	struct iovec_iterator *it,
@@ -18,7 +18,7 @@ static bool read_iovec(
 	}
 
 	size_t nr_read = 0;
-	kern_status_t status = vm_region_read_kernel(
+	kern_status_t status = address_space_read(
 		it->it_region,
 		(virt_addr_t)it->it_vecs + (index * sizeof(kern_iovec_t)),
 		sizeof(kern_iovec_t),
@@ -30,7 +30,7 @@ static bool read_iovec(
 
 void iovec_iterator_begin_user(
 	struct iovec_iterator *it,
-	struct vm_region *region,
+	struct address_space *region,
 	const kern_iovec_t *vecs,
 	size_t nr_vecs)
 {

kernel/object.c

@@ -1,6 +1,8 @@
 #include <kernel/locks.h>
 #include <kernel/object.h>
 #include <kernel/queue.h>
+#include <kernel/sched.h>
+#include <kernel/thread.h>
 
 #define HAS_OP(obj, opname) ((obj)->ob_type->ob_ops.opname)
 
@@ -178,20 +180,22 @@ void object_unlock_irqrestore(struct object *obj, unsigned long flags)
 	spin_unlock_irqrestore(&obj->ob_lock, flags);
 }
 
+void object_lock_pair(struct object *a, struct object *b)
+{
+	spin_lock_pair(&a->ob_lock, &b->ob_lock);
+}
+
+void object_unlock_pair(struct object *a, struct object *b)
+{
+	spin_unlock_pair(&a->ob_lock, &b->ob_lock);
+}
+
 void object_lock_pair_irqsave(
 	struct object *a,
 	struct object *b,
 	unsigned long *flags)
 {
-	if (a == b) {
-		object_lock_irqsave(a, flags);
-	} else if (a < b) {
-		object_lock_irqsave(a, flags);
-		object_lock(b);
-	} else {
-		object_lock_irqsave(b, flags);
-		object_lock(a);
-	}
+	spin_lock_pair_irqsave(&a->ob_lock, &b->ob_lock, flags);
 }
 
 void object_unlock_pair_irqrestore(
@@ -199,15 +203,7 @@ void object_unlock_pair_irqrestore(
 	struct object *b,
 	unsigned long flags)
 {
-	if (a == b) {
-		object_unlock_irqrestore(a, flags);
-	} else if (a < b) {
-		object_unlock(b);
-		object_unlock_irqrestore(a, flags);
-	} else {
-		object_unlock(a);
-		object_unlock_irqrestore(b, flags);
-	}
+	spin_unlock_pair_irqrestore(&a->ob_lock, &b->ob_lock, flags);
 }
 
 void *object_data(struct object *obj)
@@ -224,3 +220,35 @@ struct object *object_header(void *p)
 
 	return obj;
 }
+
+void object_assert_signal(struct object *obj, uint32_t signals)
+{
+	obj->ob_signals |= signals;
+	wakeup_queue(&obj->ob_wq);
+}
+
+void object_clear_signal(struct object *obj, uint32_t signals)
+{
+	obj->ob_signals &= ~signals;
+}
+
+void object_wait_signal(
+	struct object *obj,
+	uint32_t signals,
+	unsigned long *irq_flags)
+{
+	struct thread *self = current_thread();
+	struct wait_item waiter;
+	wait_item_init(&waiter, self);
+	for (;;) {
+		thread_wait_begin(&waiter, &obj->ob_wq);
+		if (obj->ob_signals & signals) {
+			break;
+		}
+
+		object_unlock_irqrestore(obj, *irq_flags);
+		schedule(SCHED_NORMAL);
+		object_lock_irqsave(obj, irq_flags);
+	}
+	thread_wait_end(&waiter, &obj->ob_wq);
+}

kernel/panic.c

@@ -2,7 +2,8 @@
 #include <kernel/libc/stdio.h>
 #include <kernel/machine/panic.h>
 #include <kernel/printk.h>
-#include <kernel/sched.h>
+#include <kernel/task.h>
+#include <kernel/thread.h>
 #include <stdarg.h>
 
 static int has_panicked = 0;

kernel/port.c

@@ -1,5 +1,6 @@
 #include <kernel/channel.h>
 #include <kernel/port.h>
+#include <kernel/thread.h>
 #include <kernel/util.h>
 
 #define PORT_CAST(p) OBJECT_C_CAST(struct port, p_base, &port_type, p)

kernel/printk.c

@@ -1,7 +1,7 @@
-#include <kernel/printk.h>
-#include <kernel/locks.h>
 #include <kernel/console.h>
 #include <kernel/libc/stdio.h>
+#include <kernel/locks.h>
+#include <kernel/printk.h>
 #include <stdarg.h>
 
 #define LOG_BUFFER_SIZE 0x40000
@@ -26,13 +26,18 @@ static void flush_log_buffer(void)
 	        return;
 	}
 
-	console_write(early_console, log_buffer + log_buffer_readp, log_buffer_writep - log_buffer_readp);
+	console_write(early_console, log_buffer + log_buffer_readp,
+	log_buffer_writep - log_buffer_readp);
 	*/
 
 	unsigned long flags;
 	struct queue *consoles = get_consoles(&flags);
-	queue_foreach(struct console, con, consoles, c_list) {
-		console_write(con, log_buffer + log_buffer_readp, log_buffer_writep - log_buffer_readp);
+	queue_foreach(struct console, con, consoles, c_list)
+	{
+		console_write(
+			con,
+			log_buffer + log_buffer_readp,
+			log_buffer_writep - log_buffer_readp);
 	}
 
 	put_consoles(consoles, flags);
@@ -61,6 +66,18 @@ void early_printk_init(struct console *con)
 	early_console = con;
 }
 
+static void print_msg_direct(const char *s, size_t len)
+{
+	unsigned long flags;
+	struct queue *consoles = get_consoles(&flags);
+	queue_foreach(struct console, con, consoles, c_list)
+	{
+		console_write(con, s, len);
+	}
+
+	put_consoles(consoles, flags);
+}
+
 int printk(const char *format, ...)
 {
 	char msg[LOG_MSG_SIZE];
@@ -74,7 +91,8 @@ int printk(const char *format, ...)
 	msg[len + 1] = '\0';
 
 	if (log_buffer_writep == LOG_BUFFER_SIZE - 1) {
-		console_write(early_console, msg, len + 1);
+		print_msg_direct(msg, len + 1);
+		return 0;
 	}
 
 	unsigned long flags;

libmango/arch/x86_64/syscall.S

@@ -68,17 +68,16 @@ SYSCALL_GATE vm_object_read SYS_VM_OBJECT_READ 5
 SYSCALL_GATE vm_object_write SYS_VM_OBJECT_WRITE 5
 SYSCALL_GATE vm_object_copy SYS_VM_OBJECT_COPY 6
 
-SYSCALL_GATE vm_region_create SYS_VM_REGION_CREATE 8
-SYSCALL_GATE vm_region_kill SYS_VM_REGION_KILL 1
-SYSCALL_GATE vm_region_read SYS_VM_REGION_READ 5
-SYSCALL_GATE vm_region_write SYS_VM_REGION_WRITE 5
-SYSCALL_GATE vm_region_map_absolute SYS_VM_REGION_MAP_ABSOLUTE 7
-SYSCALL_GATE vm_region_map_relative SYS_VM_REGION_MAP_RELATIVE 7
-SYSCALL_GATE vm_region_unmap_absolute SYS_VM_REGION_UNMAP_ABSOLUTE 3
-SYSCALL_GATE vm_region_unmap_relative SYS_VM_REGION_UNMAP_RELATIVE 3
+SYSCALL_GATE address_space_read SYS_ADDRESS_SPACE_READ 5
+SYSCALL_GATE address_space_write SYS_ADDRESS_SPACE_WRITE 5
+SYSCALL_GATE address_space_map SYS_ADDRESS_SPACE_MAP 7
+SYSCALL_GATE address_space_unmap SYS_ADDRESS_SPACE_UNMAP 3
+SYSCALL_GATE address_space_reserve SYS_ADDRESS_SPACE_RESERVE 4
+SYSCALL_GATE address_space_release SYS_ADDRESS_SPACE_RELEASE 3
 
 SYSCALL_GATE kern_log SYS_KERN_LOG 1
 SYSCALL_GATE kern_handle_close SYS_KERN_HANDLE_CLOSE 1
+SYSCALL_GATE kern_handle_duplicate SYS_KERN_HANDLE_DUPLICATE 2
 SYSCALL_GATE kern_config_get SYS_KERN_CONFIG_GET 3
 SYSCALL_GATE kern_config_set SYS_KERN_CONFIG_SET 3
 
@@ -92,3 +91,12 @@ SYSCALL_GATE msg_reply SYS_MSG_REPLY 4
 SYSCALL_GATE msg_read SYS_MSG_READ 6
 SYSCALL_GATE msg_write SYS_MSG_WRITE 6
 
+SYSCALL_GATE vm_controller_create SYS_VM_CONTROLLER_CREATE 1
+SYSCALL_GATE vm_controller_recv SYS_VM_CONTROLLER_RECV 2
+SYSCALL_GATE vm_controller_recv_async SYS_VM_CONTROLLER_RECV_ASYNC 3
+SYSCALL_GATE vm_controller_create_object SYS_VM_CONTROLLER_CREATE_OBJECT 7
+SYSCALL_GATE vm_controller_detach_object SYS_VM_CONTROLLER_DETACH_OBJECT 2
+SYSCALL_GATE vm_controller_supply_pages SYS_VM_CONTROLLER_SUPPLY_PAGES 6
+
+SYSCALL_GATE kern_object_wait SYS_KERN_OBJECT_WAIT 2
+

libmango/include-user/mango/equeue.h

@@ -0,0 +1,9 @@
+#ifndef MANGO_EQUEUE_H_
+#define MANGO_EQUEUE_H_
+
+#include <mango/types.h>
+
+extern kern_status_t equeue_create(kern_handle_t *out);
+extern kern_status_t equeue_dequeue(kern_handle_t eq, equeue_packet_t *out);
+
+#endif

libmango/include-user/mango/handle.h

@@ -5,5 +5,8 @@
 #include <mango/types.h>
 
 extern kern_status_t kern_handle_close(kern_handle_t handle);
+extern kern_status_t kern_handle_duplicate(
+	kern_handle_t handle,
+	kern_handle_t *out);
 
 #endif

libmango/include-user/mango/object.h

@@ -0,0 +1,8 @@
+#ifndef MANGO_OBJECT_H_
+#define MANGO_OBJECT_H_
+
+#include <mango/types.h>
+
+extern kern_status_t kern_object_wait(kern_wait_item_t *items, size_t nr_items);
+
+#endif

libmango/include-user/mango/vm.h

@@ -30,29 +30,19 @@ extern kern_status_t vm_object_copy(
 	size_t count,
 	size_t *nr_copied);
 
-extern kern_status_t vm_region_create(
-	kern_handle_t parent,
-	const char *name,
-	size_t name_len,
-	off_t offset,
-	size_t region_len,
-	vm_prot_t prot,
-	kern_handle_t *out,
-	virt_addr_t *out_base_address);
-extern kern_status_t vm_region_kill(kern_handle_t region);
-extern kern_status_t vm_region_read(
+extern kern_status_t address_space_read(
 	kern_handle_t region,
 	void *dst,
-	off_t offset,
+	virt_addr_t base,
 	size_t count,
 	size_t *nr_read);
-extern kern_status_t vm_region_write(
+extern kern_status_t address_space_write(
 	kern_handle_t region,
 	const void *src,
-	off_t offset,
+	virt_addr_t base,
 	size_t count,
 	size_t *nr_read);
-extern kern_status_t vm_region_map_absolute(
+extern kern_status_t address_space_map(
 	kern_handle_t region,
 	virt_addr_t map_address,
 	kern_handle_t object,
@@ -60,21 +50,45 @@ extern kern_status_t vm_region_map_absolute(
 	size_t length,
 	vm_prot_t prot,
 	virt_addr_t *out_base_address);
-extern kern_status_t vm_region_map_relative(
+extern kern_status_t address_space_unmap(
 	kern_handle_t region,
-	off_t region_offset,
-	kern_handle_t object,
-	off_t object_offset,
-	size_t length,
-	vm_prot_t prot,
-	virt_addr_t *out_base_address);
-extern kern_status_t vm_region_unmap_absolute(
-	kern_handle_t region,
-	virt_addr_t address,
+	virt_addr_t base,
 	size_t length);
-extern kern_status_t vm_region_unmap_relative(
+extern kern_status_t address_space_reserve(
 	kern_handle_t region,
-	off_t offset,
+	virt_addr_t base,
+	size_t length,
+	virt_addr_t *out_base_address);
+extern kern_status_t address_space_release(
+	kern_handle_t region,
+	virt_addr_t base,
+	size_t length);
+
+extern kern_status_t vm_controller_create(kern_handle_t *out);
+extern kern_status_t vm_controller_recv(
+	kern_handle_t ctrl,
+	equeue_packet_page_request_t *out);
+extern kern_status_t vm_controller_recv_async(
+	kern_handle_t ctrl,
+	kern_handle_t eq,
+	equeue_key_t key);
+extern kern_status_t vm_controller_create_object(
+	kern_handle_t ctrl,
+	const char *name,
+	size_t name_len,
+	equeue_key_t key,
+	size_t data_len,
+	vm_prot_t prot,
+	kern_handle_t *out);
+extern kern_status_t vm_controller_detach_object(
+	kern_handle_t ctrl,
+	kern_handle_t vmo);
+extern kern_status_t vm_controller_supply_pages(
+	kern_handle_t ctrl,
+	kern_handle_t dst_vmo,
+	off_t dst_offset,
+	kern_handle_t src_vmo,
+	off_t src_offset,
 	size_t length);
 
 #endif

libmango/include/mango/signal.h

@@ -0,0 +1,10 @@
+#ifndef MANGO_SIGNAL_H_
+#define MANGO_SIGNAL_H_
+
+#define CHANNEL_SIGNAL_MSG_RECEIVED           0x01u
+
+#define VM_CONTROLLER_SIGNAL_REQUEST_RECEIVED 0x01u
+
+#define EQUEUE_SIGNAL_PACKET_RECEIVED         0x01u
+
+#endif

libmango/include/mango/syscall.h

@@ -1,36 +1,45 @@
 #ifndef MANGO_SYSCALL_H_
 #define MANGO_SYSCALL_H_
 
-#define SYS_TASK_EXIT                1
-#define SYS_TASK_SELF                31
-#define SYS_TASK_CREATE              2
-#define SYS_TASK_CREATE_THREAD       3
-#define SYS_TASK_GET_ADDRESS_SPACE   33
-#define SYS_THREAD_START             30
-#define SYS_VM_OBJECT_CREATE         4
-#define SYS_VM_OBJECT_READ           5
-#define SYS_VM_OBJECT_WRITE          6
-#define SYS_VM_OBJECT_COPY           29
-#define SYS_VM_REGION_CREATE         7
-#define SYS_VM_REGION_KILL           34
-#define SYS_VM_REGION_READ           8
-#define SYS_VM_REGION_WRITE          9
-#define SYS_VM_REGION_MAP_ABSOLUTE   10
-#define SYS_VM_REGION_MAP_RELATIVE   11
-#define SYS_VM_REGION_UNMAP_ABSOLUTE 12
-#define SYS_VM_REGION_UNMAP_RELATIVE 13
-#define SYS_KERN_LOG                 14
-#define SYS_KERN_HANDLE_CLOSE        15
-#define SYS_KERN_CONFIG_GET          16
-#define SYS_KERN_CONFIG_SET          17
-#define SYS_MSG_SEND                 18
-#define SYS_MSG_RECV                 19
-#define SYS_MSG_REPLY                20
-#define SYS_MSG_READ                 21
-#define SYS_MSG_WRITE                23
-#define SYS_CHANNEL_CREATE           25
-#define SYS_PORT_CREATE              26
-#define SYS_PORT_CONNECT             27
-#define SYS_PORT_DISCONNECT          28
+#define SYS_KERN_LOG                    0x00u
+#define SYS_KERN_HANDLE_CLOSE           0x01u
+#define SYS_KERN_HANDLE_DUPLICATE       0x02u
+#define SYS_KERN_CONFIG_GET             0x03u
+#define SYS_KERN_CONFIG_SET             0x04u
+#define SYS_KERN_OBJECT_WAIT            0x05u
+#define SYS_KERN_OBJECT_WAIT_ASYNC      0x06u
+#define SYS_TASK_EXIT                   0x07u
+#define SYS_TASK_SELF                   0x08u
+#define SYS_TASK_CREATE                 0x09u
+#define SYS_TASK_CREATE_THREAD          0x0Au
+#define SYS_TASK_GET_ADDRESS_SPACE      0x0Bu
+#define SYS_THREAD_START                0x0Cu
+#define SYS_VM_OBJECT_CREATE            0x0Du
+#define SYS_VM_OBJECT_READ              0x0Eu
+#define SYS_VM_OBJECT_WRITE             0x0Fu
+#define SYS_VM_OBJECT_COPY              0x10u
+#define SYS_ADDRESS_SPACE_READ          0x11u
+#define SYS_ADDRESS_SPACE_WRITE         0x12u
+#define SYS_ADDRESS_SPACE_MAP           0x13u
+#define SYS_ADDRESS_SPACE_UNMAP         0x14u
+#define SYS_ADDRESS_SPACE_RESERVE       0x15u
+#define SYS_ADDRESS_SPACE_RELEASE       0x16u
+#define SYS_MSG_SEND                    0x17u
+#define SYS_MSG_RECV                    0x18u
+#define SYS_MSG_REPLY                   0x19u
+#define SYS_MSG_READ                    0x1Au
+#define SYS_MSG_WRITE                   0x1Bu
+#define SYS_CHANNEL_CREATE              0x1Cu
+#define SYS_PORT_CREATE                 0x1Du
+#define SYS_PORT_CONNECT                0x1Eu
+#define SYS_PORT_DISCONNECT             0x1Fu
+#define SYS_EQUEUE_CREATE               0x20u
+#define SYS_EQUEUE_DEQUEUE              0x21u
+#define SYS_VM_CONTROLLER_CREATE        0x22u
+#define SYS_VM_CONTROLLER_RECV          0x23u
+#define SYS_VM_CONTROLLER_RECV_ASYNC    0x24u
+#define SYS_VM_CONTROLLER_CREATE_OBJECT 0x25u
+#define SYS_VM_CONTROLLER_DETACH_OBJECT 0x26u
+#define SYS_VM_CONTROLLER_SUPPLY_PAGES  0x27u
 
 #endif

libmango/include/mango/types.h

@@ -12,17 +12,38 @@
 #define VM_PROT_NOCACHE         0x10u
 #define VM_PROT_MAP_SPECIFIC    0x40u
 
-#define VM_REGION_ANY_OFFSET   ((off_t) - 1)
+#define MAP_ADDRESS_ANY         ((virt_addr_t) - 1)
+#define MAP_ADDRESS_INVALID     ((virt_addr_t)0)
 #define KERN_HANDLE_INVALID     ((kern_handle_t)0xFFFFFFFF)
 
 #define KERN_CFG_INVALID        0x00u
 #define KERN_CFG_PAGE_SIZE      0x01u
 
+/* maximum number of handles that can be sent in a single message */
 #define KERN_MSG_MAX_HANDLES    64
+
+/* the corresponding handle should be ignored */
 #define KERN_MSG_HANDLE_IGNORE  0
+/* the corresponding handle should be moved to the recipient task. the handle
+ * will be closed. */
 #define KERN_MSG_HANDLE_MOVE    1
+/* the corresponding handle should be copied to the recipient task. the handle
+ * will remain valid for the sending task. */
 #define KERN_MSG_HANDLE_COPY    2
 
+/* maximum number of objects that can be waited on in a single call to
+ * kern_object_wait */
+#define KERN_WAIT_MAX_ITEMS     64
+
+/* equeue packet types */
+#define EQUEUE_PKT_PAGE_REQUEST 0x01u
+#define EQUEUE_PKT_ASYNC_SIGNAL 0x02u
+
+/* page request types */
+#define PAGE_REQUEST_READ       0x01u
+#define PAGE_REQUEST_DIRTY      0x02u
+#define PAGE_REQUEST_DETACH     0x03u
+
 #define IOVEC(p, len)                                                          \
 	{                                                                      \
 		.io_base = (virt_addr_t)(p),                                   \
@@ -46,13 +67,17 @@ typedef uintptr_t virt_addr_t;
 typedef uint64_t msgid_t;
 typedef uint64_t off_t;
 typedef uint64_t koid_t;
+typedef uintptr_t equeue_key_t;
 typedef unsigned int tid_t;
+typedef unsigned int vm_controller_packet_type_t;
 typedef unsigned int kern_status_t;
 typedef uint32_t kern_handle_t;
 typedef uint32_t kern_config_key_t;
 typedef uint32_t vm_prot_t;
 typedef int64_t ssize_t;
 
+typedef unsigned short equeue_packet_type_t;
+
 typedef unsigned int umode_t;
 
 typedef struct {
@@ -60,6 +85,12 @@ typedef struct {
 	size_t io_len;
 } kern_iovec_t;
 
+typedef struct {
+	kern_handle_t w_handle;
+	uint32_t w_waitfor;
+	uint32_t w_observed;
+} kern_wait_item_t;
+
 typedef struct {
 	unsigned int hnd_mode;
 	kern_handle_t hnd_value;
@@ -84,4 +115,36 @@ typedef struct {
 	size_t msg_handles_count;
 } kern_msg_t;
 
+typedef struct {
+	uint32_t s_observed;
+} equeue_packet_async_signal_t;
+
+typedef struct {
+	/* the key of the vm-object for which the page request relates, as
+	 * specified when the vm-object was created */
+	equeue_key_t req_vmo;
+	/* page request type. one of PAGE_REQUEST_* */
+	unsigned short req_type;
+	/* of the offset into the vm-object for which pages are being requested
+	 */
+	off_t req_offset;
+	/* the length in bytes of the region being requested */
+	size_t req_length;
+} equeue_packet_page_request_t;
+
+typedef struct {
+	/* the type of packet. one of EQUEUE_PKT_* */
+	equeue_packet_type_t p_type;
+	/* the key of the object that is responsible for the event, as specified
+	 * when the event was first subscribed to */
+	equeue_key_t p_key;
+
+	union {
+		/* p_type = EQUEUE_PKT_PAGE_REQUEST */
+		equeue_packet_page_request_t page_request;
+		/* p_type = EQUEUE_PKT_ASYNC_SIGNAL */
+		equeue_packet_async_signal_t async_signal;
+	};
+} equeue_packet_t;
+
 #endif

sched/core.c

@@ -4,7 +4,8 @@
 #include <kernel/object.h>
 #include <kernel/printk.h>
 #include <kernel/sched.h>
-#include <kernel/vm-region.h>
+#include <kernel/task.h>
+#include <kernel/thread.h>
 
 extern kern_status_t setup_kernel_task(void);
 extern kern_status_t setup_idle_task(void);

sched/runqueue.c

@@ -1,6 +1,8 @@
-#include <kernel/sched.h>
-#include <kernel/percpu.h>
 #include <kernel/cpu.h>
+#include <kernel/percpu.h>
+#include <kernel/sched.h>
+#include <kernel/task.h>
+#include <kernel/thread.h>
 
 #define PRIO_MASK(p)  (((uint32_t)1) << (p))
 #define FIRST_PRIO(m) (m > 0 ? (PRIO_MAX - __builtin_clz(m) - 1) : -1)
@@ -19,6 +21,7 @@ struct thread *rq_dequeue(struct runqueue *rq)
 	}
 
 	struct queue *q = &rq->rq_queues[prio];
+
 	struct queue_entry *qe = queue_pop_front(q);
 	if (!qe) {
 		rq->rq_readybits &= ~PRIO_MASK(prio);
@@ -26,6 +29,7 @@ struct thread *rq_dequeue(struct runqueue *rq)
 	}
 
 	struct thread *thr = QUEUE_CONTAINER(struct thread, tr_rqentry, qe);
+	thr->tr_flags &= ~THREAD_F_SCHEDULED;
 
 	if (rq->rq_nthreads > 0) {
 		rq->rq_nthreads--;
@@ -40,17 +44,24 @@ struct thread *rq_dequeue(struct runqueue *rq)
 
 void rq_enqueue(struct runqueue *rq, struct thread *thr)
 {
+	if (thr->tr_flags & THREAD_F_SCHEDULED) {
+		return;
+	}
+
 	int prio = thread_priority(thr);
 	if (prio < 0 || prio > PRIO_MAX) {
 		return;
 	}
 
 	struct queue *q = &rq->rq_queues[prio];
+
 	queue_push_back(q, &thr->tr_rqentry);
+
 	rq->rq_nthreads++;
 
 	rq->rq_readybits |= PRIO_MASK(thread_priority(thr));
 	thr->tr_rq = rq;
+	thr->tr_flags |= THREAD_F_SCHEDULED;
 }
 
 struct runqueue *cpu_rq(unsigned int cpu)
@@ -64,6 +75,10 @@ struct runqueue *cpu_rq(unsigned int cpu)
 
 void rq_remove_thread(struct runqueue *rq, struct thread *thr)
 {
+	if (!(thr->tr_flags & THREAD_F_SCHEDULED)) {
+		return;
+	}
+
 	int prio = thread_priority(thr);
 	if (prio < 0 || prio > PRIO_MAX) {
 		return;
@@ -71,6 +86,7 @@ void rq_remove_thread(struct runqueue *rq, struct thread *thr)
 
 	struct queue *q = &rq->rq_queues[prio];
 	queue_delete(q, &thr->tr_rqentry);
+	thr->tr_flags &= ~THREAD_F_SCHEDULED;
 
 	if (rq->rq_nthreads > 0) {
 		rq->rq_nthreads--;

sched/task.c

@@ -1,3 +1,4 @@
+#include <kernel/address-space.h>
 #include <kernel/channel.h>
 #include <kernel/clock.h>
 #include <kernel/cpu.h>
@@ -7,8 +8,9 @@
 #include <kernel/object.h>
 #include <kernel/printk.h>
 #include <kernel/sched.h>
+#include <kernel/task.h>
+#include <kernel/thread.h>
 #include <kernel/util.h>
-#include <kernel/vm-region.h>
 
 #define TASK_CAST(p) OBJECT_C_CAST(struct task, t_base, &task_type, p)
 
@@ -93,15 +95,6 @@ kern_status_t setup_kernel_task(void)
 	__kernel_task->t_state = TASK_RUNNING;
 	__kernel_task->t_pmap = get_kernel_pmap();
 
-	vm_region_create(
-		NULL,
-		"root",
-		4,
-		VM_KERNEL_BASE,
-		VM_KERNEL_LIMIT - VM_KERNEL_BASE,
-		VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXEC | VM_PROT_SVR,
-		&__kernel_task->t_address_space);
-
 	snprintf(
 		__kernel_task->t_name,
 		sizeof __kernel_task->t_name,
@@ -193,16 +186,12 @@ struct task *task_create(const char *name, size_t name_len)
 
 	task->t_id = pid_alloc();
 	task->t_pmap = pmap;
-	vm_region_create(
-		NULL,
-		"root",
-		4,
+	address_space_create(
 		VM_USER_BASE,
-		VM_USER_LIMIT - VM_USER_BASE,
-		VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXEC | VM_PROT_USER,
+		VM_USER_LIMIT,
 		&task->t_address_space);
 
-	task->t_address_space->vr_pmap = pmap;
+	task->t_address_space->s_pmap = pmap;
 	task->t_state = TASK_RUNNING;
 	task->t_handles = handle_table_create();
 
@@ -324,7 +313,7 @@ kern_status_t task_resolve_handle(
 	}
 
 	if (out_obj) {
-		*out_obj = handle_data->h_object;
+		*out_obj = object_ref(handle_data->h_object);
 	}
 
 	if (out_flags) {

sched/thread.c

@@ -2,7 +2,8 @@
 #include <kernel/cpu.h>
 #include <kernel/machine/thread.h>
 #include <kernel/object.h>
-#include <kernel/sched.h>
+#include <kernel/task.h>
+#include <kernel/thread.h>
 
 #define THREAD_CAST(p) OBJECT_C_CAST(struct thread, thr_base, &thread_type, p)
 
@@ -135,7 +136,10 @@ void thread_awaken(struct thread *thr)
 	}
 
 	thr->tr_state = THREAD_READY;
+	unsigned long flags;
+	rq_lock(rq, &flags);
 	rq_enqueue(rq, thr);
+	rq_unlock(rq, flags);
 }
 
 struct thread *create_kernel_thread(void (*fn)(void))

sched/timer.c

@@ -1,7 +1,8 @@
-#include <kernel/sched.h>
-#include <kernel/printk.h>
-#include <kernel/cpu.h>
 #include <kernel/clock.h>
+#include <kernel/cpu.h>
+#include <kernel/printk.h>
+#include <kernel/sched.h>
+#include <kernel/thread.h>
 
 static void timeout_expiry(struct timer *timer)
 {

sched/wait.c

@@ -1,5 +1,7 @@
 #include <kernel/cpu.h>
 #include <kernel/sched.h>
+#include <kernel/thread.h>
+#include <kernel/wait.h>
 
 void wait_item_init(struct wait_item *item, struct thread *thr)
 {
@@ -30,6 +32,26 @@ void thread_wait_end(struct wait_item *waiter, struct waitqueue *q)
 	spin_unlock_irqrestore(&q->wq_lock, flags);
 }
 
+void thread_wait_begin_nosleep(struct wait_item *waiter, struct waitqueue *q)
+{
+	unsigned long flags;
+	spin_lock_irqsave(&q->wq_lock, &flags);
+
+	queue_push_back(&q->wq_waiters, &waiter->w_entry);
+
+	spin_unlock_irqrestore(&q->wq_lock, flags);
+}
+
+void thread_wait_end_nosleep(struct wait_item *waiter, struct waitqueue *q)
+{
+	unsigned long flags;
+	spin_lock_irqsave(&q->wq_lock, &flags);
+
+	queue_delete(&q->wq_waiters, &waiter->w_entry);
+
+	spin_unlock_irqrestore(&q->wq_lock, flags);
+}
+
 void wakeup_queue(struct waitqueue *q)
 {
 	unsigned long flags;

sched/workqueue.c

@@ -1,7 +1,8 @@
-#include <kernel/sched.h>
-#include <kernel/vm.h>
-#include <kernel/util.h>
 #include <kernel/cpu.h>
+#include <kernel/sched.h>
+#include <kernel/thread.h>
+#include <kernel/util.h>
+#include <kernel/vm.h>
 
 static struct worker_pool *__global_worker_pool = NULL;
 
@@ -48,8 +49,12 @@ static void worker_func()
 			continue;
 		}
 
-		struct queue_entry *work_item_qe = queue_pop_front(&this_cpu->c_wq.wq_queue);
-		struct work_item *work_item = QUEUE_CONTAINER(struct work_item, w_head, work_item_qe);
+		struct queue_entry *work_item_qe
+			= queue_pop_front(&this_cpu->c_wq.wq_queue);
+		struct work_item *work_item = QUEUE_CONTAINER(
+			struct work_item,
+			w_head,
+			work_item_qe);
 		spin_unlock_irqrestore(&this_cpu->c_wq.wq_lock, flags);
 		put_cpu(this_cpu);
 

syscall/address-space.c

@@ -1,136 +1,13 @@
+#include <kernel/address-space.h>
 #include <kernel/printk.h>
 #include <kernel/sched.h>
 #include <kernel/syscall.h>
 #include <kernel/vm-object.h>
-#include <kernel/vm-region.h>
 
-kern_status_t sys_vm_region_create(
-	kern_handle_t parent,
-	const char *name,
-	size_t name_len,
-	off_t offset,
-	size_t region_len,
-	vm_prot_t prot,
-	kern_handle_t *out,
-	virt_addr_t *out_base_address)
-{
-	struct task *self = current_task();
-
-	if (name_len && !validate_access_r(self, name, name_len)) {
-		return KERN_MEMORY_FAULT;
-	}
-
-	if (!validate_access_w(self, out, sizeof *out)) {
-		return KERN_MEMORY_FAULT;
-	}
-
-	if (!validate_access_w(
-		    self,
-		    out_base_address,
-		    sizeof *out_base_address)) {
-		return KERN_MEMORY_FAULT;
-	}
-
-	unsigned long flags;
-	task_lock_irqsave(self, &flags);
-
-	struct object *obj = NULL;
-	handle_flags_t handle_flags = 0;
-	kern_status_t status
-		= task_resolve_handle(self, parent, &obj, &handle_flags);
-	if (status != KERN_OK) {
-		task_unlock_irqrestore(self, flags);
-		return status;
-	}
-
-	struct vm_region *parent_region = vm_region_cast(obj);
-	if (!parent_region) {
-		task_unlock_irqrestore(self, flags);
-		return KERN_INVALID_ARGUMENT;
-	}
-
-	struct handle *child_handle_slot = NULL;
-	kern_handle_t child_handle = KERN_HANDLE_INVALID;
-
-	status = handle_table_alloc_handle(
-		self->t_handles,
-		&child_handle_slot,
-		&child_handle);
-	if (status != KERN_OK) {
-		task_unlock_irqrestore(self, flags);
-		return status;
-	}
-
-	object_ref(obj);
-	task_unlock_irqrestore(self, flags);
-	vm_region_lock_irqsave(parent_region, &flags);
-
-	struct vm_region *child = NULL;
-	status = vm_region_create(
-		parent_region,
-		name,
-		name_len,
-		offset,
-		region_len,
-		prot,
-		&child);
-	vm_region_unlock_irqrestore(parent_region, flags);
-	object_unref(obj);
-
-	if (status != KERN_OK) {
-		task_lock_irqsave(self, &flags);
-		handle_table_free_handle(self->t_handles, child_handle);
-		task_unlock_irqrestore(self, flags);
-		return status;
-	}
-
-	child_handle_slot->h_object = &child->vr_base;
-	object_add_handle(&child->vr_base);
-	object_unref(&child->vr_base);
-
-	*out = child_handle;
-	*out_base_address = vm_region_get_base_address(child);
-
-	return KERN_OK;
-}
-
-kern_status_t sys_vm_region_kill(kern_handle_t region_handle)
-{
-	struct task *self = current_task();
-
-	unsigned long flags;
-	task_lock_irqsave(self, &flags);
-
-	struct object *obj = NULL;
-	handle_flags_t handle_flags = 0;
-	kern_status_t status
-		= task_resolve_handle(self, region_handle, &obj, &handle_flags);
-	if (status != KERN_OK) {
-		task_unlock_irqrestore(self, flags);
-		return status;
-	}
-
-	struct vm_region *region = vm_region_cast(obj);
-	if (!region) {
-		task_unlock_irqrestore(self, flags);
-		return KERN_INVALID_ARGUMENT;
-	}
-
-	object_ref(obj);
-	task_unlock_irqrestore(self, flags);
-
-	vm_region_lock_irqsave(region, &flags);
-	status = vm_region_kill(region, &flags);
-	vm_region_unlock_irqrestore(region, flags);
-	object_unref(obj);
-
-	return status;
-}
-
-kern_status_t sys_vm_region_read(
+kern_status_t sys_address_space_read(
 	kern_handle_t region_handle,
 	void *dst,
-	off_t offset,
+	virt_addr_t base,
 	size_t count,
 	size_t *nr_read)
 {
@@ -156,32 +33,33 @@ kern_status_t sys_vm_region_read(
 		return status;
 	}
 
-	struct vm_region *region = vm_region_cast(obj);
+	struct address_space *region = address_space_cast(obj);
 	if (!region) {
 		task_unlock_irqrestore(self, flags);
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	object_ref(obj);
 	task_unlock_irqrestore(self, flags);
 
-	virt_addr_t src_address = vm_region_get_base_address(region) + offset;
-	status = vm_region_memmove(
+	address_space_lock_irqsave(region, &flags);
+	status = address_space_memmove(
 		self->t_address_space,
 		(virt_addr_t)dst,
 		region,
-		src_address,
+		base,
 		count,
 		nr_read);
+	address_space_unlock_irqrestore(region, flags);
+
 	object_unref(obj);
 
 	return status;
 }
 
-kern_status_t sys_vm_region_write(
+kern_status_t sys_address_space_write(
 	kern_handle_t region_handle,
 	const void *src,
-	off_t offset,
+	virt_addr_t base,
 	size_t count,
 	size_t *nr_written)
 {
@@ -208,29 +86,30 @@ kern_status_t sys_vm_region_write(
 		return status;
 	}
 
-	struct vm_region *region = vm_region_cast(obj);
+	struct address_space *region = address_space_cast(obj);
 	if (!region) {
 		task_unlock_irqrestore(self, flags);
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	object_ref(obj);
 	task_unlock_irqrestore(self, flags);
 
-	virt_addr_t dst_address = vm_region_get_base_address(region) + offset;
-	status = vm_region_memmove(
+	address_space_lock_irqsave(region, &flags);
+	status = address_space_memmove(
 		region,
-		dst_address,
+		base,
 		self->t_address_space,
 		(virt_addr_t)src,
 		count,
 		nr_written);
+	address_space_unlock_irqrestore(region, flags);
+
 	object_unref(obj);
 
 	return status;
 }
 
-kern_status_t sys_vm_region_map_absolute(
+kern_status_t sys_address_space_map(
 	kern_handle_t region_handle,
 	virt_addr_t map_address,
 	kern_handle_t object_handle,
@@ -271,7 +150,7 @@ kern_status_t sys_vm_region_map_absolute(
 		return status;
 	}
 
-	struct vm_region *region = vm_region_cast(region_obj);
+	struct address_space *region = address_space_cast(region_obj);
 	if (!region) {
 		task_unlock_irqrestore(self, flags);
 		return KERN_INVALID_ARGUMENT;
@@ -283,24 +162,18 @@ kern_status_t sys_vm_region_map_absolute(
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	object_ref(vmo_obj);
-	object_ref(region_obj);
 	task_unlock_irqrestore(self, flags);
-
-	off_t region_offset = VM_REGION_ANY_OFFSET;
-	if (map_address != VM_REGION_ANY_OFFSET) {
-		region_offset
-			= map_address - vm_region_get_base_address(region);
-	}
-
-	status = vm_region_map_object(
+	address_space_lock_irqsave(region, &flags);
+	/* address_space_map will take care of locking `vmo` */
+	status = address_space_map(
 		region,
-		region_offset,
+		map_address,
 		vmo,
 		object_offset,
 		length,
 		prot,
 		out_base_address);
+	address_space_unlock_irqrestore(region, flags);
 
 	object_unref(vmo_obj);
 	object_unref(region_obj);
@@ -308,23 +181,50 @@ kern_status_t sys_vm_region_map_absolute(
 	return status;
 }
 
-kern_status_t sys_vm_region_map_relative(
+kern_status_t sys_address_space_unmap(
 	kern_handle_t region_handle,
-	off_t region_offset,
-	kern_handle_t object_handle,
-	off_t object_offset,
+	virt_addr_t base,
+	size_t length)
+{
+	struct task *self = current_task();
+
+	kern_status_t status = KERN_OK;
+	unsigned long flags;
+	task_lock_irqsave(self, &flags);
+
+	struct object *region_obj = NULL;
+	handle_flags_t region_flags = 0;
+	status = task_resolve_handle(
+		self,
+		region_handle,
+		&region_obj,
+		&region_flags);
+	if (status != KERN_OK) {
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	struct address_space *region = address_space_cast(region_obj);
+	if (!region) {
+		task_unlock_irqrestore(self, flags);
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	task_unlock_irqrestore(self, flags);
+
+	status = address_space_unmap(region, base, length);
+
+	object_unref(region_obj);
+
+	return status;
+}
+
+kern_status_t sys_address_space_reserve(
+	kern_handle_t region_handle,
+	virt_addr_t map_address,
 	size_t length,
-	vm_prot_t prot,
 	virt_addr_t *out_base_address)
 {
-	tracek("vm_region_map_relative(%x, %x, %x, %x, %x, %x, %p)",
-	       region_handle,
-	       region_offset,
-	       object_handle,
-	       object_offset,
-	       length,
-	       prot,
-	       out_base_address);
 	struct task *self = current_task();
 
 	if (out_base_address
@@ -339,8 +239,8 @@ kern_status_t sys_vm_region_map_relative(
 	unsigned long flags;
 	task_lock_irqsave(self, &flags);
 
-	struct object *region_obj = NULL, *vmo_obj = NULL;
-	handle_flags_t region_flags = 0, vmo_flags = 0;
+	struct object *region_obj = NULL;
+	handle_flags_t region_flags = 0;
 	status = task_resolve_handle(
 		self,
 		region_handle,
@@ -351,47 +251,30 @@ kern_status_t sys_vm_region_map_relative(
 		return status;
 	}
 
-	status = task_resolve_handle(self, object_handle, &vmo_obj, &vmo_flags);
-	if (status != KERN_OK) {
-		task_unlock_irqrestore(self, flags);
-		return status;
-	}
-
-	struct vm_region *region = vm_region_cast(region_obj);
+	struct address_space *region = address_space_cast(region_obj);
 	if (!region) {
 		task_unlock_irqrestore(self, flags);
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	struct vm_object *vmo = vm_object_cast(vmo_obj);
-	if (!vmo) {
-		task_unlock_irqrestore(self, flags);
-		return KERN_INVALID_ARGUMENT;
-	}
-
-	object_ref(vmo_obj);
-	object_ref(region_obj);
 	task_unlock_irqrestore(self, flags);
 
-	status = vm_region_map_object(
+	address_space_lock_irqsave(region, &flags);
+	status = address_space_reserve(
 		region,
-		region_offset,
-		vmo,
-		object_offset,
+		map_address,
 		length,
-		prot,
 		out_base_address);
+	address_space_unlock_irqrestore(region, flags);
 
-	object_unref(vmo_obj);
 	object_unref(region_obj);
 
-	tracek("result: %u", status);
 	return status;
 }
 
-kern_status_t sys_vm_region_unmap_absolute(
+kern_status_t sys_address_space_release(
 	kern_handle_t region_handle,
-	virt_addr_t address,
+	virt_addr_t base,
 	size_t length)
 {
 	struct task *self = current_task();
@@ -412,56 +295,17 @@ kern_status_t sys_vm_region_unmap_absolute(
 		return status;
 	}
 
-	struct vm_region *region = vm_region_cast(region_obj);
+	struct address_space *region = address_space_cast(region_obj);
 	if (!region) {
 		task_unlock_irqrestore(self, flags);
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	object_ref(region_obj);
 	task_unlock_irqrestore(self, flags);
 
-	off_t region_offset = address - vm_region_get_base_address(region);
-	status = vm_region_unmap(region, region_offset, length);
-
-	object_unref(region_obj);
-
-	return status;
-}
-
-kern_status_t sys_vm_region_unmap_relative(
-	kern_handle_t region_handle,
-	off_t offset,
-	size_t length)
-{
-	struct task *self = current_task();
-
-	kern_status_t status = KERN_OK;
-	unsigned long flags;
-	task_lock_irqsave(self, &flags);
-
-	struct object *region_obj = NULL;
-	handle_flags_t region_flags = 0;
-	status = task_resolve_handle(
-		self,
-		region_handle,
-		&region_obj,
-		&region_flags);
-	if (status != KERN_OK) {
-		task_unlock_irqrestore(self, flags);
-		return status;
-	}
-
-	struct vm_region *region = vm_region_cast(region_obj);
-	if (!region) {
-		task_unlock_irqrestore(self, flags);
-		return KERN_INVALID_ARGUMENT;
-	}
-
-	object_ref(region_obj);
-	task_unlock_irqrestore(self, flags);
-
-	status = vm_region_unmap(region, offset, length);
+	address_space_lock_irqsave(region, &flags);
+	status = address_space_unmap(region, base, length);
+	address_space_unlock_irqrestore(region, flags);
 
 	object_unref(region_obj);
 

syscall/config.c

@@ -1,6 +1,5 @@
 #include <kernel/sched.h>
 #include <kernel/syscall.h>
-#include <kernel/vm-region.h>
 
 kern_status_t sys_kern_config_get(kern_config_key_t key, void *ptr, size_t len)
 {

syscall/dispatch.c

@@ -15,16 +15,15 @@ static const virt_addr_t syscall_table[] = {
 	SYSCALL_TABLE_ENTRY(VM_OBJECT_READ, vm_object_read),
 	SYSCALL_TABLE_ENTRY(VM_OBJECT_WRITE, vm_object_write),
 	SYSCALL_TABLE_ENTRY(VM_OBJECT_COPY, vm_object_copy),
-	SYSCALL_TABLE_ENTRY(VM_REGION_CREATE, vm_region_create),
-	SYSCALL_TABLE_ENTRY(VM_REGION_KILL, vm_region_kill),
-	SYSCALL_TABLE_ENTRY(VM_REGION_READ, vm_region_read),
-	SYSCALL_TABLE_ENTRY(VM_REGION_WRITE, vm_region_write),
-	SYSCALL_TABLE_ENTRY(VM_REGION_MAP_ABSOLUTE, vm_region_map_absolute),
-	SYSCALL_TABLE_ENTRY(VM_REGION_MAP_RELATIVE, vm_region_map_relative),
-	SYSCALL_TABLE_ENTRY(VM_REGION_UNMAP_ABSOLUTE, vm_region_unmap_absolute),
-	SYSCALL_TABLE_ENTRY(VM_REGION_UNMAP_RELATIVE, vm_region_unmap_relative),
+	SYSCALL_TABLE_ENTRY(ADDRESS_SPACE_READ, address_space_read),
+	SYSCALL_TABLE_ENTRY(ADDRESS_SPACE_WRITE, address_space_write),
+	SYSCALL_TABLE_ENTRY(ADDRESS_SPACE_MAP, address_space_map),
+	SYSCALL_TABLE_ENTRY(ADDRESS_SPACE_UNMAP, address_space_unmap),
+	SYSCALL_TABLE_ENTRY(ADDRESS_SPACE_RESERVE, address_space_reserve),
+	SYSCALL_TABLE_ENTRY(ADDRESS_SPACE_RELEASE, address_space_release),
 	SYSCALL_TABLE_ENTRY(KERN_LOG, kern_log),
 	SYSCALL_TABLE_ENTRY(KERN_HANDLE_CLOSE, kern_handle_close),
+	SYSCALL_TABLE_ENTRY(KERN_HANDLE_DUPLICATE, kern_handle_duplicate),
 	SYSCALL_TABLE_ENTRY(KERN_CONFIG_GET, kern_config_get),
 	SYSCALL_TABLE_ENTRY(KERN_CONFIG_SET, kern_config_set),
 	SYSCALL_TABLE_ENTRY(CHANNEL_CREATE, channel_create),
@@ -36,6 +35,19 @@ static const virt_addr_t syscall_table[] = {
 	SYSCALL_TABLE_ENTRY(MSG_REPLY, msg_reply),
 	SYSCALL_TABLE_ENTRY(MSG_READ, msg_read),
 	SYSCALL_TABLE_ENTRY(MSG_WRITE, msg_write),
+	SYSCALL_TABLE_ENTRY(VM_CONTROLLER_CREATE, vm_controller_create),
+	SYSCALL_TABLE_ENTRY(VM_CONTROLLER_RECV, vm_controller_recv),
+	SYSCALL_TABLE_ENTRY(VM_CONTROLLER_RECV_ASYNC, vm_controller_recv_async),
+	SYSCALL_TABLE_ENTRY(
+		VM_CONTROLLER_CREATE_OBJECT,
+		vm_controller_create_object),
+	SYSCALL_TABLE_ENTRY(
+		VM_CONTROLLER_DETACH_OBJECT,
+		vm_controller_detach_object),
+	SYSCALL_TABLE_ENTRY(
+		VM_CONTROLLER_SUPPLY_PAGES,
+		vm_controller_supply_pages),
+	SYSCALL_TABLE_ENTRY(KERN_OBJECT_WAIT, kern_object_wait),
 };
 static const size_t syscall_table_count
 	= sizeof syscall_table / sizeof syscall_table[0];

syscall/handle.c

@@ -4,5 +4,36 @@
 kern_status_t sys_kern_handle_close(kern_handle_t handle)
 {
 	struct task *self = current_task();
+
 	return task_close_handle(self, handle);
 }
+
+kern_status_t sys_kern_handle_duplicate(
+	kern_handle_t handle,
+	kern_handle_t *out)
+{
+	struct task *self = current_task();
+
+	if (!validate_access_w(self, out, sizeof *out)) {
+		return KERN_MEMORY_FAULT;
+	}
+
+	unsigned long flags;
+	task_lock_irqsave(self, &flags);
+
+	struct object *obj = NULL;
+	handle_flags_t handle_flags = 0;
+	kern_status_t status
+		= task_resolve_handle(self, handle, &obj, &handle_flags);
+	if (status != KERN_OK) {
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	status = task_open_handle(self, obj, handle_flags, out);
+	object_unref(obj);
+
+	task_unlock_irqrestore(self, flags);
+
+	return status;
+}

syscall/log.c

@@ -1,5 +1,6 @@
 #include <kernel/printk.h>
 #include <kernel/sched.h>
+#include <kernel/task.h>
 
 kern_status_t sys_kern_log(const char *s)
 {

syscall/msg.c

@@ -3,7 +3,7 @@
 #include <kernel/printk.h>
 #include <kernel/sched.h>
 #include <kernel/syscall.h>
-#include <kernel/vm-region.h>
+#include <kernel/task.h>
 
 kern_status_t sys_channel_create(unsigned int id, kern_handle_t *out)
 {
@@ -91,9 +91,6 @@ kern_status_t sys_port_connect(
 		return status;
 	}
 
-	/* add a reference to the port object to make sure it isn't deleted
-	 * while we're using it */
-	object_ref(port_obj);
 	struct port *port = port_cast(port_obj);
 	task_unlock_irqrestore(self, flags);
 
@@ -116,7 +113,6 @@ kern_status_t sys_port_connect(
 	port_lock_irqsave(port, &flags);
 	status = port_connect(port, remote);
 	port_unlock_irqrestore(port, flags);
-	object_unref(port_obj);
 	object_unref(&remote->c_base);
 
 	return KERN_OK;
@@ -140,9 +136,6 @@ kern_status_t sys_port_disconnect(kern_handle_t port_handle)
 		return status;
 	}
 
-	/* add a reference to the port object to make sure it isn't deleted
-	 * while we're using it */
-	object_ref(port_obj);
 	task_unlock_irqrestore(self, flags);
 
 	struct port *port = port_cast(port_obj);
@@ -250,9 +243,6 @@ kern_status_t sys_msg_send(
 		return status;
 	}
 
-	/* add a reference to the port object to make sure it isn't deleted
-	 * while we're using it */
-	object_ref(port_obj);
 	task_unlock_irqrestore(self, flags);
 
 	struct port *port = port_cast(port_obj);
@@ -292,9 +282,6 @@ kern_status_t sys_msg_recv(kern_handle_t channel_handle, kern_msg_t *out_msg)
 		return status;
 	}
 
-	/* add a reference to the port object to make sure it isn't deleted
-	 * while we're using it */
-	object_ref(channel_obj);
 	task_unlock_irqrestore(self, flags);
 
 	struct channel *channel = channel_cast(channel_obj);
@@ -337,9 +324,6 @@ kern_status_t sys_msg_reply(
 		return status;
 	}
 
-	/* add a reference to the port object to make sure it isn't deleted
-	 * while we're using it */
-	object_ref(channel_obj);
 	task_unlock_irqrestore(self, flags);
 
 	struct channel *channel = channel_cast(channel_obj);
@@ -389,9 +373,6 @@ kern_status_t sys_msg_read(
 		return status;
 	}
 
-	/* add a reference to the port object to make sure it isn't deleted
-	 * while we're using it */
-	object_ref(channel_obj);
 	task_unlock_irqrestore(self, flags);
 
 	struct channel *channel = channel_cast(channel_obj);
@@ -449,9 +430,6 @@ kern_status_t sys_msg_write(
 		return status;
 	}
 
-	/* add a reference to the port object to make sure it isn't deleted
-	 * while we're using it */
-	object_ref(channel_obj);
 	task_unlock_irqrestore(self, flags);
 
 	struct channel *channel = channel_cast(channel_obj);

syscall/object.c

@@ -0,0 +1,82 @@
+#include <kernel/object.h>
+#include <kernel/sched.h>
+#include <kernel/syscall.h>
+#include <kernel/task.h>
+#include <kernel/thread.h>
+#include <kernel/wait.h>
+#include <mango/status.h>
+#include <mango/types.h>
+
+kern_status_t sys_kern_object_wait(kern_wait_item_t *items, size_t nr_items)
+{
+	if (nr_items > KERN_WAIT_MAX_ITEMS) {
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	struct task *self = current_task();
+	struct thread *self_thread = current_thread();
+	if (!validate_access_rw(self, items, nr_items * sizeof *items)) {
+		return KERN_MEMORY_FAULT;
+	}
+
+	self_thread->tr_state = THREAD_SLEEPING;
+
+	kern_status_t status = KERN_OK;
+	struct object *objects[KERN_WAIT_MAX_ITEMS];
+	struct wait_item waiters[KERN_WAIT_MAX_ITEMS];
+	unsigned long irq_flags = 0;
+
+	size_t nr_retained = 0;
+	bool signals_observed = false;
+	for (nr_retained = 0; nr_retained < nr_items; nr_retained++) {
+		kern_handle_t handle = items[nr_retained].w_handle;
+		handle_flags_t flags;
+		struct object *object = NULL;
+
+		status = task_resolve_handle(self, handle, &object, &flags);
+		if (status != KERN_OK) {
+			break;
+		}
+
+		objects[nr_retained] = object;
+
+		object_lock_irqsave(object, &irq_flags);
+		wait_item_init(&waiters[nr_retained], self_thread);
+		thread_wait_begin_nosleep(
+			&waiters[nr_retained],
+			&object->ob_wq);
+
+		if (object->ob_signals & items[nr_retained].w_waitfor) {
+			signals_observed = true;
+			items[nr_retained].w_observed = object->ob_signals;
+		}
+
+		object_unlock_irqrestore(object, irq_flags);
+	}
+
+	if (signals_observed || status != KERN_OK) {
+		goto cleanup;
+	}
+
+	schedule(SCHED_NORMAL);
+
+	for (size_t i = 0; i < nr_retained; i++) {
+		object_lock_irqsave(objects[i], &irq_flags);
+
+		if (objects[i]->ob_signals & items[i].w_waitfor) {
+			signals_observed = true;
+			items[i].w_observed = objects[i]->ob_signals;
+		}
+
+		object_unlock_irqrestore(objects[i], irq_flags);
+	}
+
+cleanup:
+	for (size_t i = 0; i < nr_retained; i++) {
+		thread_wait_end_nosleep(&waiters[i], &objects[i]->ob_wq);
+		object_unref(objects[i]);
+	}
+
+	self_thread->tr_state = THREAD_READY;
+	return status;
+}

syscall/task.c

@@ -1,8 +1,10 @@
+#include <kernel/address-space.h>
 #include <kernel/machine/cpu.h>
 #include <kernel/printk.h>
 #include <kernel/sched.h>
 #include <kernel/syscall.h>
-#include <kernel/vm-region.h>
+#include <kernel/task.h>
+#include <kernel/thread.h>
 
 extern kern_status_t sys_task_exit(int status)
 {
@@ -82,7 +84,6 @@ kern_status_t sys_task_create(
 		return status;
 	}
 
-	object_ref(parent_obj);
 	struct task *parent = task_cast(parent_obj);
 
 	struct handle *child_handle_slot = NULL, *space_handle_slot = NULL;
@@ -92,6 +93,7 @@ kern_status_t sys_task_create(
 		&child_handle_slot,
 		&child_handle);
 	if (status != KERN_OK) {
+		object_unref(parent_obj);
 		task_unlock_irqrestore(self, flags);
 		return status;
 	}
@@ -101,6 +103,7 @@ kern_status_t sys_task_create(
 		&space_handle_slot,
 		&space_handle);
 	if (status != KERN_OK) {
+		object_unref(parent_obj);
 		handle_table_free_handle(self->t_handles, child_handle);
 		task_unlock_irqrestore(self, flags);
 		return status;
@@ -125,10 +128,10 @@ kern_status_t sys_task_create(
 	task_unlock_irqrestore(parent, flags);
 
 	child_handle_slot->h_object = &child->t_base;
-	space_handle_slot->h_object = &child->t_address_space->vr_base;
+	space_handle_slot->h_object = &child->t_address_space->s_base;
 
 	object_add_handle(&child->t_base);
-	object_add_handle(&child->t_address_space->vr_base);
+	object_add_handle(&child->t_address_space->s_base);
 
 	object_unref(parent_obj);
 
@@ -167,7 +170,6 @@ kern_status_t sys_task_create_thread(
 		return status;
 	}
 
-	object_ref(target_obj);
 	struct task *target = task_cast(target_obj);
 
 	struct handle *target_handle = NULL;
@@ -236,6 +238,7 @@ kern_status_t sys_task_get_address_space(
 		&handle_slot,
 		&handle);
 	if (status != KERN_OK) {
+		object_unref(task_obj);
 		task_unlock_irqrestore(self, flags);
 		return status;
 	}
@@ -243,14 +246,16 @@ kern_status_t sys_task_get_address_space(
 	struct task *task = task_cast(task_obj);
 
 	if (!task) {
+		object_unref(task_obj);
 		handle_table_free_handle(self->t_handles, handle);
 		task_unlock_irqrestore(self, flags);
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	handle_slot->h_object = &task->t_address_space->vr_base;
-	object_add_handle(&task->t_address_space->vr_base);
+	handle_slot->h_object = &task->t_address_space->s_base;
+	object_add_handle(&task->t_address_space->s_base);
 	task_unlock_irqrestore(self, flags);
+	object_unref(task_obj);
 
 	*out = handle;
 	return KERN_OK;
@@ -274,11 +279,11 @@ kern_status_t sys_thread_start(kern_handle_t thread_handle)
 		return status;
 	}
 
-	object_ref(thread_obj);
 	struct thread *thread = thread_cast(thread_obj);
 	task_unlock_irqrestore(self, flags);
 
 	schedule_thread_on_cpu(thread);
+	object_unref(thread_obj);
 
 	return KERN_OK;
 }

syscall/vm-controller.c

@@ -0,0 +1,309 @@
+#include <kernel/equeue.h>
+#include <kernel/sched.h>
+#include <kernel/syscall.h>
+#include <kernel/task.h>
+#include <kernel/vm-controller.h>
+#include <kernel/vm-object.h>
+
+kern_status_t sys_vm_controller_create(kern_handle_t *out)
+{
+	struct task *self = current_task();
+
+	if (!validate_access_w(self, out, sizeof *out)) {
+		return KERN_MEMORY_FAULT;
+	}
+
+	struct vm_controller *ctrl = vm_controller_create();
+	if (!ctrl) {
+		return KERN_NO_MEMORY;
+	}
+
+	kern_status_t status = task_open_handle(self, &ctrl->vc_base, 0, out);
+	if (status != KERN_OK) {
+		object_unref(&ctrl->vc_base);
+		return status;
+	}
+
+	return KERN_OK;
+}
+
+kern_status_t sys_vm_controller_recv(
+	kern_handle_t ctrl_handle,
+	equeue_packet_page_request_t *out)
+{
+	struct task *self = current_task();
+
+	if (!validate_access_w(self, out, sizeof *out)) {
+		return KERN_MEMORY_FAULT;
+	}
+
+	kern_status_t status = KERN_OK;
+	unsigned long flags;
+	task_lock_irqsave(self, &flags);
+
+	struct object *ctrl_obj = NULL;
+	handle_flags_t handle_flags = 0;
+	status = task_resolve_handle(
+		self,
+		ctrl_handle,
+		&ctrl_obj,
+		&handle_flags);
+	if (status != KERN_OK) {
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	struct vm_controller *ctrl = vm_controller_cast(ctrl_obj);
+	task_unlock_irqrestore(self, flags);
+	if (!ctrl) {
+		object_unref(ctrl_obj);
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	vm_controller_lock_irqsave(ctrl, &flags);
+	status = vm_controller_recv(ctrl, out);
+	vm_controller_unlock_irqrestore(ctrl, flags);
+
+	object_unref(ctrl_obj);
+
+	return status;
+}
+
+kern_status_t sys_vm_controller_recv_async(
+	kern_handle_t ctrl_handle,
+	kern_handle_t eq_handle,
+	equeue_key_t key)
+{
+	struct task *self = current_task();
+
+	kern_status_t status = KERN_OK;
+	unsigned long flags;
+	task_lock_irqsave(self, &flags);
+
+	struct object *ctrl_obj = NULL, *eq_obj = NULL;
+	handle_flags_t ctrl_flags = 0, eq_flags = 0;
+	status = task_resolve_handle(self, ctrl_handle, &ctrl_obj, &ctrl_flags);
+	if (status != KERN_OK) {
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	status = task_resolve_handle(self, eq_handle, &eq_obj, &eq_flags);
+	if (status != KERN_OK) {
+		object_unref(ctrl_obj);
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	struct vm_controller *ctrl = vm_controller_cast(ctrl_obj);
+	struct equeue *eq = equeue_cast(eq_obj);
+	task_unlock_irqrestore(self, flags);
+
+	if (!ctrl || !eq) {
+		object_unref(ctrl_obj);
+		object_unref(eq_obj);
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	vm_controller_lock_irqsave(ctrl, &flags);
+	status = vm_controller_recv_async(ctrl, eq, key);
+	vm_controller_unlock_irqrestore(ctrl, flags);
+
+	object_unref(ctrl_obj);
+	object_unref(eq_obj);
+
+	return status;
+}
+
+kern_status_t sys_vm_controller_create_object(
+	kern_handle_t ctrl_handle,
+	const char *name,
+	size_t name_len,
+	equeue_key_t key,
+	size_t data_len,
+	vm_prot_t prot,
+	kern_handle_t *out)
+{
+	struct task *self = current_task();
+
+	if (!validate_access_r(self, name, name_len)) {
+		return KERN_MEMORY_FAULT;
+	}
+
+	if (!validate_access_w(self, out, sizeof *out)) {
+		return KERN_MEMORY_FAULT;
+	}
+
+	kern_status_t status = KERN_OK;
+	unsigned long flags;
+	task_lock_irqsave(self, &flags);
+
+	struct object *ctrl_obj = NULL;
+	handle_flags_t handle_flags = 0;
+	status = task_resolve_handle(
+		self,
+		ctrl_handle,
+		&ctrl_obj,
+		&handle_flags);
+	if (status != KERN_OK) {
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	struct handle *out_slot = NULL;
+	kern_handle_t out_handle = KERN_HANDLE_INVALID;
+	status = handle_table_alloc_handle(
+		self->t_handles,
+		&out_slot,
+		&out_handle);
+
+	struct vm_controller *ctrl = vm_controller_cast(ctrl_obj);
+	task_unlock_irqrestore(self, flags);
+	if (!ctrl) {
+		object_unref(ctrl_obj);
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	vm_controller_lock_irqsave(ctrl, &flags);
+	struct vm_object *out_vmo = NULL;
+	status = vm_controller_create_object(
+		ctrl,
+		name,
+		name_len,
+		key,
+		data_len,
+		prot,
+		&out_vmo);
+	vm_controller_unlock_irqrestore(ctrl, flags);
+
+	object_unref(ctrl_obj);
+
+	if (status != KERN_OK) {
+		task_lock_irqsave(self, &flags);
+		handle_table_free_handle(self->t_handles, out_handle);
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	out_slot->h_object = &out_vmo->vo_base;
+	object_add_handle(&out_vmo->vo_base);
+	object_unref(&out_vmo->vo_base);
+
+	*out = out_handle;
+	return KERN_OK;
+}
+
+kern_status_t sys_vm_controller_detach_object(
+	kern_handle_t ctrl_handle,
+	kern_handle_t vmo_handle)
+{
+	struct task *self = current_task();
+
+	kern_status_t status = KERN_OK;
+	unsigned long flags;
+	task_lock_irqsave(self, &flags);
+
+	struct object *ctrl_obj = NULL, *vmo_obj = NULL;
+	handle_flags_t ctrl_flags = 0, vmo_flags = 0;
+	status = task_resolve_handle(self, ctrl_handle, &ctrl_obj, &ctrl_flags);
+	if (status != KERN_OK) {
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	status = task_resolve_handle(self, vmo_handle, &vmo_obj, &vmo_flags);
+	if (status != KERN_OK) {
+		object_unref(ctrl_obj);
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	struct vm_controller *ctrl = vm_controller_cast(ctrl_obj);
+	struct vm_object *vmo = vm_object_cast(vmo_obj);
+	task_unlock_irqrestore(self, flags);
+
+	if (!ctrl || !vmo) {
+		object_unref(ctrl_obj);
+		object_unref(vmo_obj);
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	vm_controller_lock_irqsave(ctrl, &flags);
+	vm_object_lock(vmo);
+	status = vm_controller_detach_object(ctrl, vmo);
+	vm_object_unlock(vmo);
+	vm_controller_unlock_irqrestore(ctrl, flags);
+
+	object_unref(ctrl_obj);
+	object_unref(vmo_obj);
+
+	return status;
+}
+
+kern_status_t sys_vm_controller_supply_pages(
+	kern_handle_t ctrl_handle,
+	kern_handle_t dst_handle,
+	off_t dst_offset,
+	kern_handle_t src_handle,
+	off_t src_offset,
+	size_t count)
+{
+	struct task *self = current_task();
+
+	kern_status_t status = KERN_OK;
+	unsigned long flags;
+	task_lock_irqsave(self, &flags);
+
+	struct object *ctrl_obj = NULL, *src_obj = NULL, *dst_obj = NULL;
+	handle_flags_t ctrl_flags = 0, src_flags = 0, dst_flags = 0;
+	status = task_resolve_handle(self, ctrl_handle, &ctrl_obj, &ctrl_flags);
+	if (status != KERN_OK) {
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	status = task_resolve_handle(self, dst_handle, &dst_obj, &dst_flags);
+	if (status != KERN_OK) {
+		object_unref(ctrl_obj);
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	status = task_resolve_handle(self, src_handle, &src_obj, &src_flags);
+	if (status != KERN_OK) {
+		object_unref(ctrl_obj);
+		object_unref(dst_obj);
+		task_unlock_irqrestore(self, flags);
+		return status;
+	}
+
+	struct vm_controller *ctrl = vm_controller_cast(ctrl_obj);
+	struct vm_object *dst = vm_object_cast(dst_obj);
+	struct vm_object *src = vm_object_cast(src_obj);
+	task_unlock_irqrestore(self, flags);
+
+	if (!ctrl || !dst || !src) {
+		object_unref(ctrl_obj);
+		object_unref(dst_obj);
+		object_unref(src_obj);
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	vm_controller_lock_irqsave(ctrl, &flags);
+	vm_object_lock_pair(src, dst);
+	status = vm_controller_supply_pages(
+		ctrl,
+		dst,
+		dst_offset,
+		src,
+		src_offset,
+		count);
+	vm_object_unlock_pair(src, dst);
+	vm_controller_unlock_irqrestore(ctrl, flags);
+
+	object_unref(ctrl_obj);
+	object_unref(dst_obj);
+	object_unref(src_obj);
+
+	return status;
+}

syscall/vm-object.c

@@ -3,7 +3,6 @@
 #include <kernel/sched.h>
 #include <kernel/syscall.h>
 #include <kernel/vm-object.h>
-#include <kernel/vm-region.h>
 
 kern_status_t sys_vm_object_create(
 	const char *name,
@@ -144,9 +143,6 @@ kern_status_t sys_vm_object_copy(
 		return status;
 	}
 
-	object_ref(src_obj);
-	object_ref(dst_obj);
-
 	task_unlock_irqrestore(self, flags);
 
 	struct vm_object *dst_vmo = vm_object_cast(dst_obj);

util/random.c

@@ -1,35 +1,81 @@
 #include <kernel/util.h>
 
-static unsigned int random_seed = 53455346;
+typedef uint64_t word_t;
+#define STATE_SIZE 312
+#define MIDDLE     156
+#define INIT_SHIFT 62
+#define TWIST_MASK 0xb5026f5aa96619e9
+#define INIT_FACT  6364136223846793005
+#define SHIFT1     29
+#define MASK1      0x5555555555555555
+#define SHIFT2     17
+#define MASK2      0x71d67fffeda60000
+#define SHIFT3     37
+#define MASK3      0xfff7eee000000000
+#define SHIFT4     43
+
+#define LOWER_MASK 0x7fffffff
+#define UPPER_MASK (~(word_t)LOWER_MASK)
+static word_t state[STATE_SIZE];
+static size_t index = STATE_SIZE + 1;
+
+static void seed(word_t s)
+{
+	index = STATE_SIZE;
+	state[0] = s;
+	for (size_t i = 1; i < STATE_SIZE; i++) {
+		state[i] = (INIT_FACT
+		            * (state[i - 1] ^ (state[i - 1] >> INIT_SHIFT)))
+		         + i;
+	}
+}
+
+static void twist(void)
+{
+	for (size_t i = 0; i < STATE_SIZE; i++) {
+		word_t x = (state[i] & UPPER_MASK)
+		         | (state[(i + 1) % STATE_SIZE] & LOWER_MASK);
+		x = (x >> 1) ^ (x & 1 ? TWIST_MASK : 0);
+		state[i] = state[(i + MIDDLE) % STATE_SIZE] ^ x;
+	}
+
+	index = 0;
+}
+
+static word_t mt_random(void)
+{
+	if (index >= STATE_SIZE) {
+		twist();
+	}
+
+	word_t y = state[index];
+	y ^= (y >> SHIFT1) & MASK1;
+	y ^= (y << SHIFT2) & MASK2;
+	y ^= (y << SHIFT3) & MASK3;
+	y ^= y >> SHIFT4;
+
+	index++;
+	return y;
+}
+
+void init_random(uint64_t seedvalue)
+{
+	seed(seedvalue);
+}
 
 bool fill_random(void *p, unsigned int size)
 {
-	unsigned char *buffer = p;
+	unsigned char *dst = p;
+	uint64_t w = mt_random();
+	unsigned char *src = (unsigned char *)&w;
 
-	if (!buffer || !size) {
-		return false;
+	for (size_t i = 0, j = 0; i < size; i++, j++) {
+		dst[i] = src[j];
+
+		if (j == (sizeof w) - 1) {
+			w = mt_random();
+			j = 0;
 		}
-
-	for (uint32_t i = 0; i < size; i++) {
-		uint32_t next = random_seed;
-		uint32_t result;
-
-		next *= 1103515245;
-		next += 12345;
-		result = (uint32_t)(next / 65536) % 2048;
-
-		next *= 1103515245;
-		next += 12345;
-		result <<= 10;
-		result ^= (uint32_t)(next / 65536) % 1024;
-
-		next *= 1103515245;
-		next += 12345;
-		result <<= 10;
-		result ^= (uint32_t)(next / 65536) % 1024;
-		random_seed = next;
-
-		buffer[i] = (uint8_t)(result % 256);
 	}
 
 	return true;

vm/bootstrap.c

@@ -1,11 +1,12 @@
-#include <limits.h>
+#include <kernel/address-space.h>
 #include <kernel/machine/cpu.h>
 #include <kernel/memblock.h>
 #include <kernel/printk.h>
-#include <mango/status.h>
+#include <kernel/vm-controller.h>
 #include <kernel/vm-object.h>
-#include <kernel/vm-region.h>
 #include <kernel/vm.h>
+#include <limits.h>
+#include <mango/status.h>
 #include <stddef.h>
 #include <stdint.h>
 
@@ -42,7 +43,8 @@ kern_status_t vm_bootstrap(
 
 	kmalloc_init();
 	vm_object_type_init();
-	vm_region_type_init();
+	vm_controller_type_init();
+	address_space_type_init();
 	return KERN_OK;
 }
 

vm/vm-controller.c

@@ -0,0 +1,313 @@
+#include <kernel/equeue.h>
+#include <kernel/sched.h>
+#include <kernel/thread.h>
+#include <kernel/util.h>
+#include <kernel/vm-controller.h>
+#include <kernel/vm-object.h>
+#include <mango/signal.h>
+
+#define VM_CONTROLLER_CAST(p)                                                  \
+	OBJECT_C_CAST(struct vm_controller, vc_base, &vm_controller_type, p)
+
+BTREE_DEFINE_SIMPLE_INSERT(struct vm_object, vo_ctrl_node, vo_key, put_object)
+BTREE_DEFINE_SIMPLE_GET(
+	struct vm_object,
+	equeue_key_t,
+	vo_ctrl_node,
+	vo_key,
+	get_object)
+
+static struct object_type vm_controller_type = {
+	.ob_name = "vm-controller",
+	.ob_size = sizeof(struct vm_controller),
+	.ob_header_offset = offsetof(struct vm_controller, vc_base),
+};
+
+kern_status_t vm_controller_type_init(void)
+{
+	return object_type_register(&vm_controller_type);
+}
+
+struct vm_controller *vm_controller_cast(struct object *obj)
+{
+	return VM_CONTROLLER_CAST(obj);
+}
+
+struct vm_controller *vm_controller_create(void)
+{
+	struct object *ctrl_object = object_create(&vm_controller_type);
+	if (!ctrl_object) {
+		return NULL;
+	}
+
+	struct vm_controller *ctrl = VM_CONTROLLER_CAST(ctrl_object);
+
+	return ctrl;
+}
+
+static struct page_request *get_next_request(struct vm_controller *ctrl)
+{
+	struct btree_node *cur = btree_first(&ctrl->vc_requests);
+	while (cur) {
+		struct page_request *req
+			= BTREE_CONTAINER(struct page_request, req_node, cur);
+		spin_lock(&req->req_lock);
+		if (req->req_status == PAGE_REQUEST_PENDING) {
+			req->req_status = PAGE_REQUEST_IN_PROGRESS;
+			ctrl->vc_requests_waiting--;
+			return req;
+		}
+
+		spin_unlock(&req->req_lock);
+		cur = btree_next(cur);
+	}
+
+	return NULL;
+}
+
+kern_status_t vm_controller_recv(
+	struct vm_controller *ctrl,
+	equeue_packet_page_request_t *out)
+{
+	struct page_request *req = NULL;
+
+	req = get_next_request(ctrl);
+	if (!req) {
+		return KERN_NO_ENTRY;
+	}
+
+	if (ctrl->vc_requests_waiting == 0) {
+		object_clear_signal(
+			&ctrl->vc_base,
+			VM_CONTROLLER_SIGNAL_REQUEST_RECEIVED);
+	}
+
+	out->req_vmo = req->req_object->vo_key;
+	out->req_type = req->req_type;
+	out->req_offset = req->req_offset;
+	out->req_length = req->req_length;
+
+	spin_unlock(&req->req_lock);
+	return KERN_OK;
+}
+
+kern_status_t vm_controller_recv_async(
+	struct vm_controller *ctrl,
+	struct equeue *eq,
+	equeue_key_t key)
+{
+	if (ctrl->vc_eq) {
+		object_unref(&ctrl->vc_eq->eq_base);
+	}
+
+	object_ref(&eq->eq_base);
+	ctrl->vc_eq = eq;
+	ctrl->vc_eq_key = key;
+
+	return KERN_OK;
+}
+
+kern_status_t vm_controller_create_object(
+	struct vm_controller *ctrl,
+	const char *name,
+	size_t name_len,
+	equeue_key_t key,
+	size_t data_len,
+	vm_prot_t prot,
+	struct vm_object **out)
+{
+	struct vm_object *vmo = get_object(&ctrl->vc_objects, key);
+	if (vmo) {
+		return KERN_NAME_EXISTS;
+	}
+
+	vmo = vm_object_create(name, name_len, data_len, prot);
+	if (!vmo) {
+		return KERN_NO_MEMORY;
+	}
+
+	object_ref(&ctrl->vc_base);
+	object_ref(&vmo->vo_base);
+
+	vmo->vo_flags |= VMO_CONTROLLER;
+	vmo->vo_ctrl = ctrl;
+	vmo->vo_key = key;
+
+	put_object(&ctrl->vc_objects, vmo);
+
+	*out = vmo;
+	return KERN_OK;
+}
+
+kern_status_t vm_controller_detach_object(
+	struct vm_controller *ctrl,
+	struct vm_object *vmo)
+{
+	if (vmo->vo_ctrl != ctrl) {
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	vmo->vo_ctrl = NULL;
+	vmo->vo_key = 0;
+	btree_delete(&ctrl->vc_objects, &vmo->vo_ctrl_node);
+
+	object_unref(&ctrl->vc_base);
+	object_unref(&vmo->vo_base);
+
+	return KERN_OK;
+}
+
+static kern_status_t try_enqueue(struct btree *tree, struct page_request *req)
+{
+	if (!tree->b_root) {
+		tree->b_root = &req->req_node;
+		btree_insert_fixup(tree, &req->req_node);
+		return true;
+	}
+
+	struct btree_node *cur = tree->b_root;
+	while (1) {
+		struct page_request *cur_node
+			= BTREE_CONTAINER(struct page_request, req_node, cur);
+		struct btree_node *next = NULL;
+
+		if (req->req_id > cur_node->req_id) {
+			next = btree_right(cur);
+
+			if (!next) {
+				btree_put_right(cur, &req->req_node);
+				break;
+			}
+		} else if (req->req_id < cur_node->req_id) {
+			next = btree_left(cur);
+
+			if (!next) {
+				btree_put_left(cur, &req->req_node);
+				break;
+			}
+		} else {
+			return false;
+		}
+
+		cur = next;
+	}
+
+	btree_insert_fixup(tree, &req->req_node);
+	return true;
+}
+
+static void wait_for_reply(
+	struct vm_controller *ctrl,
+	struct page_request *req,
+	unsigned long *lock_flags)
+{
+	struct wait_item waiter;
+	struct thread *self = current_thread();
+
+	wait_item_init(&waiter, self);
+	for (;;) {
+		self->tr_state = THREAD_SLEEPING;
+		if (req->req_status == PAGE_REQUEST_COMPLETE) {
+			break;
+		}
+
+		spin_unlock_irqrestore(&req->req_lock, *lock_flags);
+		schedule(SCHED_NORMAL);
+		spin_lock_irqsave(&req->req_lock, lock_flags);
+	}
+
+	self->tr_state = THREAD_READY;
+}
+
+static void fulfill_requests(
+	struct vm_controller *ctrl,
+	struct vm_object *obj,
+	off_t offset,
+	size_t length,
+	kern_status_t result)
+{
+	off_t limit = offset + length - 1;
+	struct btree_node *cur = btree_first(&ctrl->vc_requests);
+	while (cur) {
+		struct page_request *req
+			= BTREE_CONTAINER(struct page_request, req_node, cur);
+		spin_lock(&req->req_lock);
+		bool match = false;
+		off_t req_base = req->req_offset;
+		off_t req_limit = req->req_offset + req->req_length - 1;
+
+		if (req_base >= offset && req_base <= limit) {
+			match = true;
+		} else if (req_limit >= offset && req_limit <= limit) {
+			match = true;
+		}
+
+		if (req->req_object != obj) {
+			match = false;
+		}
+
+		if (match) {
+			req->req_status = PAGE_REQUEST_COMPLETE;
+			req->req_result = result;
+			thread_awaken(req->req_sender);
+		}
+
+		spin_unlock(&req->req_lock);
+		cur = btree_next(cur);
+	}
+}
+
+kern_status_t vm_controller_supply_pages(
+	struct vm_controller *ctrl,
+	struct vm_object *dst,
+	off_t dst_offset,
+	struct vm_object *src,
+	off_t src_offset,
+	size_t count)
+{
+	if (src->vo_flags & VMO_CONTROLLER) {
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	if (dst->vo_ctrl != ctrl) {
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	kern_status_t status = vm_object_transfer(
+		dst,
+		dst_offset,
+		src,
+		src_offset,
+		count,
+		NULL);
+	fulfill_requests(ctrl, dst, dst_offset, count, status);
+
+	return status;
+}
+
+kern_status_t vm_controller_send_request(
+	struct vm_controller *ctrl,
+	struct page_request *req,
+	unsigned long *irq_flags)
+{
+	fill_random(&req->req_id, sizeof req->req_id);
+	while (!try_enqueue(&ctrl->vc_requests, req)) {
+		req->req_id++;
+	}
+
+	ctrl->vc_requests_waiting++;
+	object_assert_signal(
+		&ctrl->vc_base,
+		VM_CONTROLLER_SIGNAL_REQUEST_RECEIVED);
+
+	vm_controller_unlock(ctrl);
+	wait_for_reply(ctrl, req, irq_flags);
+
+	spin_unlock_irqrestore(&req->req_lock, *irq_flags);
+	vm_controller_lock_irqsave(ctrl, irq_flags);
+	spin_lock(&req->req_lock);
+
+	btree_delete(&ctrl->vc_requests, &req->req_node);
+
+	return KERN_OK;
+}

vm/vm-object.c

@@ -1,5 +1,7 @@
 #include <kernel/printk.h>
+#include <kernel/sched.h>
 #include <kernel/util.h>
+#include <kernel/vm-controller.h>
 #include <kernel/vm-object.h>
 
 #define VM_OBJECT_CAST(p)                                                      \
@@ -39,15 +41,16 @@ static kern_status_t object_iterator_begin(
 
 	it->it_obj = obj;
 	it->it_alloc = alloc;
+	enum vm_object_flags flags = 0;
 
 	if (alloc) {
-		it->it_pg = vm_object_alloc_page(obj, 0, VM_PAGE_4K);
-
-		if (!it->it_pg) {
-			return KERN_NO_MEMORY;
+		flags |= VMO_ALLOCATE_MISSING_PAGE;
 	}
-	} else {
-		it->it_pg = vm_object_get_page(obj, 0);
+
+	it->it_pg = vm_object_get_page(obj, 0, flags, NULL);
+
+	if (alloc && !it->it_pg) {
+		return KERN_NO_MEMORY;
 	}
 
 	if (it->it_pg) {
@@ -82,17 +85,16 @@ static kern_status_t object_iterator_seek(
 		return KERN_OK;
 	}
 
-	if (it->it_alloc) {
-		it->it_pg = vm_object_alloc_page(
-			it->it_obj,
-			it->it_offset,
-			VM_PAGE_4K);
+	enum vm_object_flags flags = 0;
 
-		if (!it->it_pg) {
-			return KERN_NO_MEMORY;
+	if (it->it_alloc) {
+		flags |= VMO_ALLOCATE_MISSING_PAGE;
 	}
-	} else {
-		it->it_pg = vm_object_get_page(it->it_obj, it->it_offset);
+
+	it->it_pg = vm_object_get_page(it->it_obj, it->it_offset, flags, NULL);
+
+	if (it->it_alloc && !it->it_pg) {
+		return KERN_NO_MEMORY;
 	}
 
 	if (it->it_pg) {
@@ -247,36 +249,7 @@ extern struct vm_object *vm_object_create_in_place(
 	return vmo;
 }
 
-extern struct vm_page *vm_object_get_page(
-	const struct vm_object *vo,
-	off_t offset)
-{
-	struct btree_node *cur = vo->vo_pages.b_root;
-	while (cur) {
-		struct vm_page *page
-			= BTREE_CONTAINER(struct vm_page, p_bnode, cur);
-		struct btree_node *next = NULL;
-
-		off_t base = page->p_vmo_offset;
-		off_t limit = base + vm_page_get_size_bytes(page);
-		if (offset < base) {
-			next = btree_left(cur);
-		} else if (offset >= limit) {
-			next = btree_right(cur);
-		} else {
-			return page;
-		}
-
-		cur = next;
-	}
-
-	return NULL;
-}
-
-extern struct vm_page *vm_object_alloc_page(
-	struct vm_object *vo,
-	off_t offset,
-	enum vm_page_order size)
+static struct vm_page *alloc_page(struct vm_object *vo, off_t offset)
 {
 	struct vm_page *page = NULL;
 	struct btree_node *cur = vo->vo_pages.b_root;
@@ -339,6 +312,87 @@ extern struct vm_page *vm_object_alloc_page(
 	return NULL;
 }
 
+static struct vm_page *get_page(struct vm_object *vo, off_t offset)
+{
+	struct btree_node *cur = vo->vo_pages.b_root;
+	while (cur) {
+		struct vm_page *page
+			= BTREE_CONTAINER(struct vm_page, p_bnode, cur);
+		struct btree_node *next = NULL;
+
+		off_t base = page->p_vmo_offset;
+		off_t limit = base + vm_page_get_size_bytes(page);
+		if (offset < base) {
+			next = btree_left(cur);
+		} else if (offset >= limit) {
+			next = btree_right(cur);
+		} else {
+			return page;
+		}
+
+		cur = next;
+	}
+
+	return NULL;
+}
+
+static kern_status_t request_page(
+	struct vm_object *vo,
+	off_t offset,
+	unsigned long *irq_flags)
+{
+	struct vm_controller *ctrl = vo->vo_ctrl;
+	struct page_request req = {0};
+	req.req_status = PAGE_REQUEST_PENDING;
+	req.req_offset = offset;
+	req.req_length = vm_page_order_to_bytes(VM_PAGE_4K);
+	req.req_sender = current_thread();
+
+	object_ref(&vo->vo_base);
+	req.req_object = vo;
+
+	vm_object_unlock_irqrestore(vo, *irq_flags);
+	vm_controller_lock_irqsave(ctrl, irq_flags);
+	spin_lock(&req.req_lock);
+
+	kern_status_t status
+		= vm_controller_send_request(ctrl, &req, irq_flags);
+
+	spin_unlock(&req.req_lock);
+	vm_controller_unlock_irqrestore(ctrl, *irq_flags);
+	object_unref(&vo->vo_base);
+	vm_object_lock_irqsave(vo, irq_flags);
+
+	return status;
+}
+
+struct vm_page *vm_object_get_page(
+	struct vm_object *vo,
+	off_t offset,
+	enum vm_object_flags flags,
+	unsigned long *irq_flags)
+{
+	if (!vo->vo_ctrl && (flags & VMO_ALLOCATE_MISSING_PAGE)) {
+		return alloc_page(vo, offset);
+	}
+
+	struct vm_page *pg = get_page(vo, offset);
+	if (pg) {
+		return pg;
+	}
+
+	if (!vo->vo_ctrl) {
+		return NULL;
+	}
+
+	kern_status_t status = request_page(vo, offset, irq_flags);
+	if (status != KERN_OK) {
+		return NULL;
+	}
+
+	return get_page(vo, offset);
+}
+
 #if 0
 /* read data from a vm-object, where [offset, offset+count] is confined to
  * a single page */
@@ -779,3 +833,50 @@ kern_status_t vm_object_copy(
 
 	return KERN_OK;
 }
+
+kern_status_t vm_object_transfer(
+	struct vm_object *dst,
+	off_t dst_offset,
+	struct vm_object *src,
+	off_t src_offset,
+	size_t count,
+	size_t *nr_moved)
+{
+	dst_offset &= ~VM_PAGE_MASK;
+	src_offset &= ~VM_PAGE_MASK;
+
+	if (count & VM_PAGE_MASK) {
+		count &= ~VM_PAGE_MASK;
+		count += VM_PAGE_SIZE;
+	}
+
+	size_t moved = 0;
+	for (size_t i = 0; i < count; i += VM_PAGE_SIZE) {
+		struct vm_page *src_pg
+			= vm_object_get_page(src, src_offset + i, 0, NULL);
+		if (!src_pg) {
+			continue;
+		}
+
+		btree_delete(&src->vo_pages, &src_pg->p_bnode);
+
+		struct vm_page *dst_pg
+			= vm_object_get_page(src, dst_offset + i, 0, NULL);
+		if (dst_pg) {
+			vm_page_free(src_pg);
+			continue;
+		}
+
+		put_page(dst, src_pg, dst_offset + i);
+		moved += VM_PAGE_SIZE;
+	}
+
+	/* TODO evict all page table entries that reference the transferred
+	 * pages in `src` */
+
+	if (nr_moved) {
+		*nr_moved = moved;
+	}
+
+	return KERN_OK;
+}