kernel: move token registration into Thread

Author: Qix-

oro-kernel/src/iface/kernel/mem_token_v0.rs

@@ -18,7 +18,10 @@ use oro::{key, syscall::Error as SysError};
 
 use super::KernelInterface;
 use crate::{
-	arch::Arch, instance::TokenMapError, syscall::InterfaceResponse, tab::Tab, thread::Thread,
+	arch::Arch,
+	syscall::InterfaceResponse,
+	tab::Tab,
+	thread::{Thread, TokenMapError},
 	token::Token,
 };
 
@@ -42,8 +45,7 @@ impl KernelInterface for MemTokenV0 {
 	const TYPE_ID: u64 = oro::id::iface::KERNEL_MEM_TOKEN_V0;
 
 	fn get<A: Arch>(thread: &Tab<Thread<A>>, index: u64, key: u64) -> InterfaceResponse {
-		let instance = thread.with(|t| t.instance().clone());
-		let Some(token) = instance.with(|i| i.token(index)) else {
+		let Some(token) = thread.with(|t| t.token(index)) else {
 			return InterfaceResponse::immediate(SysError::BadIndex, 0);
 		};
 
@@ -77,16 +79,14 @@ impl KernelInterface for MemTokenV0 {
 	) -> InterfaceResponse {
 		match key {
 			key!("forget") => {
-				let instance = thread.with(|t| t.instance().clone());
-				instance.with_mut(|i| i.forget_token(index)).map_or_else(
+				thread.with_mut(|t| t.forget_token(index)).map_or_else(
 					|| InterfaceResponse::immediate(SysError::BadIndex, 0),
 					|_| InterfaceResponse::ok(0),
 				)
 			}
 			key!("base") => {
-				let instance = thread.with(|t| t.instance().clone());
-				instance.with_mut(|i| {
-					let Some(token) = i.token(index) else {
+				thread.with_mut(|t| {
+					let Some(token) = t.token(index) else {
 						return InterfaceResponse::immediate(SysError::BadIndex, 0);
 					};
 
@@ -97,7 +97,7 @@ impl KernelInterface for MemTokenV0 {
 						);
 					};
 
-					i.try_map_token_at(&token, virt).map_or_else(
+					t.try_map_token_at(&token, virt).map_or_else(
 						|err| {
 							InterfaceResponse::immediate(
 								SysError::InterfaceError,

oro-kernel/src/iface/kernel/page_alloc_v0.rs

@@ -63,11 +63,7 @@ impl KernelInterface for PageAllocV0 {
 									)
 								},
 								|tab| {
-									InterfaceResponse::ok(
-										thread
-											.with(|t| t.instance().clone())
-											.with_mut(|i| i.insert_token(tab)),
-									)
+									InterfaceResponse::ok(thread.with_mut(|t| t.insert_token(tab)))
 								},
 							)
 					},

oro-kernel/src/iface/root_ring/test_ports.rs

@@ -50,15 +50,13 @@ impl<A: Arch> Interface<A> for RootTestPorts<A> {
 			key!("prodtkn") => {
 				// Mark it owned by the current thread's instead.
 				let tkn = self.0.with(|p| p.producer());
-				let instance = thread.with(|t| t.instance().clone());
-				instance.with_mut(|i| i.insert_token(tkn.clone()));
+				thread.with_mut(|t| t.insert_token(tkn.clone()));
 				InterfaceResponse::ok(tkn.id())
 			}
 			key!("cnsmtkn") => {
 				// Mark it owned by the current thread's instead.
 				let tkn = self.0.with(|p| p.consumer());
-				let instance = thread.with(|t| t.instance().clone());
-				instance.with_mut(|i| i.insert_token(tkn.clone()));
+				thread.with_mut(|t| t.insert_token(tkn.clone()));
 				InterfaceResponse::ok(tkn.id())
 			}
 			_ => InterfaceResponse::immediate(SysError::BadKey, 0),

oro-kernel/src/instance.rs

@@ -1,9 +1,6 @@
 //! Module instance types and functionality.
 
-use oro_mem::{
-	mapper::{AddressSegment, AddressSpace as _, MapError},
-	phys::PhysAddr,
-};
+use oro_mem::mapper::{AddressSegment, AddressSpace as _, MapError};
 
 use crate::{
 	AddressSpace, Kernel, UserHandle,
@@ -63,16 +60,23 @@ pub struct Instance<A: Arch> {
 	data: TypeTable,
 	/// Memory tokens owned by this instance.
 	///
+	/// DOES cover thread-local mappings. This is managed exclusively
+	/// by [`Thread`]s; tokens here are shared between all threads in the instance.
+	///
 	/// If a token is here, the instance is allowed to map it
 	/// into its address space.
-	tokens: Table<Tab<Token>>,
+	pub(super) tokens: Table<Tab<Token>>,
 	/// The virtual memory mappings of virtual addresses to tokens.
+	///
+	/// Does NOT cover thread-local mappings. This is managed exclusively
+	/// by [`Thread`]s; tokens here are shared between all threads in the instance.
+	///
 	/// Values are `(token, page_id)` pairs.
 	// TODO(qix-): This assumes a 4096 byte page size, and is also
 	// TODO(qix-): not a very efficient data structure. It will be
 	// TODO(qix-): replaced with a more efficient data structure
 	// TODO(qix-): in the future.
-	token_vmap: Table<(Tab<Token>, usize)>,
+	pub(super) token_vmap: Table<(Tab<Token>, usize)>,
 }
 
 impl<A: Arch> Instance<A> {
@@ -132,202 +136,6 @@ impl<A: Arch> Instance<A> {
 		&self.threads
 	}
 
-	/// Attempts to return a [`Token`] from the instance's token list.
-	///
-	/// Returns `None` if the token is not present.
-	#[inline]
-	#[must_use]
-	pub fn token(&self, id: u64) -> Option<Tab<Token>> {
-		self.tokens.get(id).cloned()
-	}
-
-	/// "Forgets" a [`Token`] from the instance's token list.
-	///
-	/// Returns the forgotten token, or `None` if the token is not present.
-	#[inline]
-	pub fn forget_token(&mut self, id: u64) -> Option<Tab<Token>> {
-		self.tokens.remove(id)
-	}
-
-	/// Inserts a [`Token`] into the instance's token list.
-	///
-	/// Returns the ID of the token.
-	#[inline]
-	pub fn insert_token(&mut self, token: Tab<Token>) -> u64 {
-		self.tokens.insert_tab(token)
-	}
-
-	/// Maps (sets the base of and reserves) a [`Token`] into the instance's address space.
-	///
-	/// **This does not immediately map in any memory.** It only marks the range
-	/// in the _internal kernel_ address space as reserved for the token, to be
-	/// committed later (typically via a page fault calling [`Instance::try_commit_token_at`]).
-	pub fn try_map_token_at(
-		&mut self,
-		token: &Tab<Token>,
-		virt: usize,
-	) -> Result<(), TokenMapError> {
-		if !self.tokens.contains(token.id()) {
-			return Err(TokenMapError::BadToken);
-		}
-
-		token.with(|t| {
-			match t {
-				Token::Normal(t) => {
-					debug_assert!(
-						t.page_size() == 4096,
-						"page size != 4096 is not implemented"
-					);
-					debug_assert!(
-						t.page_size().is_power_of_two(),
-						"page size is not a power of 2"
-					);
-
-					if (virt & (t.page_size() - 1)) != 0 {
-						return Err(TokenMapError::VirtNotAligned);
-					}
-
-					let segment = AddressSpace::<A>::user_data();
-
-					// Make sure that none of the tokens exist in the vmap.
-					for page_idx in 0..t.page_count() {
-						let page_base = virt + (page_idx * t.page_size());
-
-						if !virt_resides_within::<A>(&segment, page_base)
-							|| !virt_resides_within::<A>(&segment, page_base + t.page_size() - 1)
-						{
-							return Err(TokenMapError::VirtOutOfRange);
-						}
-
-						if self.token_vmap.contains(
-							u64::try_from(page_base).map_err(|_| TokenMapError::VirtOutOfRange)?,
-						) {
-							return Err(TokenMapError::Conflict);
-						}
-					}
-
-					// Everything's okay, map them into the vmap now.
-					for page_idx in 0..t.page_count() {
-						let page_base = virt + (page_idx * t.page_size());
-						// NOTE(qix-): We can use `as` here since we already check the page base above.
-						self.token_vmap
-							.insert(page_base as u64, (token.clone(), page_idx));
-					}
-
-					Ok(())
-				}
-				Token::SlotMap(t) => {
-					debug_assert!(
-						t.page_size() == 4096,
-						"page size != 4096 is not implemented"
-					);
-					debug_assert!(
-						t.page_size().is_power_of_two(),
-						"page size is not a power of 2"
-					);
-					debug_assert!(
-						t.page_count() == 1,
-						"slot map tokens must be exactly one page"
-					);
-
-					if (virt & (t.page_size() - 1)) != 0 {
-						return Err(TokenMapError::VirtNotAligned);
-					}
-
-					let segment = AddressSpace::<A>::user_thread_local_data();
-
-					// Make sure that no other token exists in the vmap.
-					if !virt_resides_within::<A>(&segment, virt)
-						|| !virt_resides_within::<A>(&segment, virt + t.page_size() - 1)
-					{
-						return Err(TokenMapError::VirtOutOfRange);
-					}
-
-					if self
-						.token_vmap
-						.contains(u64::try_from(virt).map_err(|_| TokenMapError::VirtOutOfRange)?)
-					{
-						return Err(TokenMapError::Conflict);
-					}
-
-					// Everything's okay, map them into the vmap now.
-					// NOTE(qix-): We can use `as` here since we already check the page base above.
-					self.token_vmap.insert(virt as u64, (token.clone(), 0));
-
-					Ok(())
-				}
-			}
-		})
-	}
-
-	/// Commits a [`Token`] into the instance's address space at
-	/// the specified virtual address. Returns a mapping error
-	/// if the mapping could not be completed.
-	///
-	/// **The `maybe_unaligned_virt` parameter is not guaranteed to be aligned
-	/// to any page boundary.** In most cases, it is coming directly from a
-	/// userspace application (typically via a fault).
-	///
-	/// The `Token` must have been previously mapped via [`Instance::try_map_token_at`],
-	/// or else this method will fail.
-	pub fn try_commit_token_at(&self, maybe_unaligned_virt: usize) -> Result<(), TryCommitError> {
-		// TODO(qix-): We always assume a 4096 page boundary. This will change in the future.
-		let virt = maybe_unaligned_virt & !0xFFF;
-
-		if let Some((token, page_idx)) = u64::try_from(virt)
-			.ok()
-			.and_then(|virt| self.token_vmap.get(virt))
-		{
-			token.with_mut(|t| {
-				match t {
-					Token::Normal(t) => {
-						debug_assert!(*page_idx < t.page_count());
-						debug_assert!(
-							t.page_size() == 4096,
-							"page size != 4096 is not implemented"
-						);
-						let page_base = virt + (*page_idx * t.page_size());
-						let segment = AddressSpace::<A>::user_data();
-						let phys = t
-							.get_or_allocate(*page_idx)
-							.ok_or(TryCommitError::MapError(MapError::OutOfMemory))?;
-						segment
-							.map(self.handle.mapper(), page_base, phys.address_u64())
-							.map_err(TryCommitError::MapError)?;
-						Ok(())
-					}
-					Token::SlotMap(t) => {
-						debug_assert!(
-							*page_idx == 0,
-							"slot map tokens must be exactly one page; attempt was made to commit \
-							 page index >0"
-						);
-						debug_assert!(
-							t.page_size() == 4096,
-							"page size != 4096 is not implemented"
-						);
-						debug_assert!(
-							t.page_count() == 1,
-							"slot map tokens must be exactly one page"
-						);
-						let segment = AddressSpace::<A>::user_thread_local_data();
-						let phys = t
-							.get_or_allocate(0)
-							// NOTE(qix-): Should never happen as we don't allocate on the fly, but enforce
-							// NOTE(qix-): that the token is already allocated.
-							.ok_or(TryCommitError::MapError(MapError::OutOfMemory))?;
-						segment
-							.map(self.handle.mapper(), virt, phys.address_u64())
-							.map_err(TryCommitError::MapError)?;
-						Ok(())
-					}
-				}
-			})
-		} else {
-			Err(TryCommitError::BadVirt)
-		}
-	}
-
 	/// Returns the instance's address space handle.
 	#[inline]
 	#[must_use]
@@ -347,37 +155,3 @@ impl<A: Arch> Instance<A> {
 		&mut self.data
 	}
 }
-
-/// An error returned by [`Instance::try_map_token_at`].
-#[derive(Debug, Clone, Copy)]
-pub enum TokenMapError {
-	/// The virtual address is not aligned.
-	VirtNotAligned,
-	/// The virtual address is out of range for the
-	/// thread's address space.
-	VirtOutOfRange,
-	/// The token was not found for the instance.
-	BadToken,
-	/// The mapping conflicts (overlaps) with another mapping.
-	Conflict,
-}
-
-/// Checks if the given virtual address resides within the given address segment.
-#[inline]
-fn virt_resides_within<A: Arch>(
-	segment: &<AddressSpace<A> as ::oro_mem::mapper::AddressSpace>::UserSegment,
-	virt: usize,
-) -> bool {
-	// NOTE(qix-): Range is *inclusive*.
-	let (first, last) = segment.range();
-	virt >= first && virt <= last
-}
-
-/// An error returned by [`Instance::try_commit_token_at`].
-#[derive(Debug, Clone, Copy)]
-pub enum TryCommitError {
-	/// The virtual address was not found in the virtual map.
-	BadVirt,
-	/// Mapping the token failed.
-	MapError(MapError),
-}