lib: Replace rdrbuff with a proper slab allocatorbe

This is a first step towards the Secure Shared Memory (SSM)
infrastructure for Ouroboros, which will allow proper resource
separation for non-privileged processes.

This replaces the rdrbuff (random-deletion ring buffer) PoC allocator
with a sharded slab allocator for the packet buffer pool to avoid the
head-of-line blocking behaviour of the rdrb and reduce lock contention
in multi-process scenarios. Each size class contains multiple
independent shards, allowing parallel allocations without blocking.

- Configurable shard count per size class (default: 4, set via
  SSM_POOL_SHARDS in CMake). The configured number of blocks are
  spread over the number of shards. As an example:

  	 SSM_POOL_512_BLOCKS = 768 blocks total
	 These 768 blocks are shared among 4 shards
	       (not 768 × 4 = 3072 blocks)

- Lazy block distribution: all blocks initially reside in shard 0
  and naturally migrate to process-local shards upon first
  allocation and subsequent free operations

- Fallback with work stealing: processes attempt allocation from
  their local shard (pid % SSM_POOL_SHARDS) first, then steal
  from other shards if local is exhausted, eliminating
  fragmentation while maintaining low contention

- Round-robin condvar signaling: blocking allocations cycle
  through all shard condition variables to ensure fairness

- Blocks freed to allocator's shard: uses allocator_pid to
  determine target shard, enabling natural load balancing as
  process allocation patterns stabilize over time

Maintains existing robust mutex semantics including EOWNERDEAD
handling for dead process recovery. Internal structures exposed in
ssm.h for testing purposes. Adds some tests (pool_test,
pool_sharding_test.c. etc) verifying lazy distribution, migration,
fallback stealing, and multiprocess behavior.

Updates the ring buffer (rbuff) to use relaxed/acquire/release
ordering on atomic indices. The ring buffer requires the (robust)
mutex to ensure cross-structure synchronization between pool buffer
writes and ring buffer index publication.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

7 files changed, 42 insertions, 39 deletions

diff --git a/src/irmd/config.h.in b/src/irmd/config.h.in
index 06d51ccd..43d7f4ee 100644
--- a/src/irmd/config.h.in
+++ b/src/irmd/config.h.in
@@ -76,9 +76,9 @@
 #cmakedefine HAVE_LIBGCRYPT
 #cmakedefine HAVE_OPENSSL
 #ifdef HAVE_OPENSSL
-#define IRMD_SECMEM_MAX        @IRMD_SECMEM_MAX@
 #cmakedefine HAVE_OPENSSL_PQC
 #endif
+#define IRMD_SECMEM_MAX        @IRMD_SECMEM_MAX@
 #ifdef CONFIG_OUROBOROS_DEBUG
 #cmakedefine DEBUG_PROTO_OAP
 #endif
diff --git a/src/irmd/main.c b/src/irmd/main.c
index 8a2c143d..e67fdd23 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -42,7 +42,7 @@
 #include <ouroboros/pthread.h>
 #include <ouroboros/random.h>
 #include <ouroboros/rib.h>
-#include <ouroboros/shm_rdrbuff.h>
+#include <ouroboros/ssm_pool.h>
 #include <ouroboros/sockets.h>
 #include <ouroboros/time.h>
 #include <ouroboros/tpm.h>
@@ -99,7 +99,7 @@ struct {
         char *               cfg_file;     /* configuration file path    */
 #endif
         struct lockfile *    lf;           /* single irmd per system     */
-        struct shm_rdrbuff * rdrb;         /* rdrbuff for packets        */
+        struct ssm_pool * gspp;         /* pool for packets        */
 
         int                  sockfd;       /* UNIX socket                */
 
@@ -1691,7 +1691,7 @@ static void destroy_mount(char * mnt)
 
 static int ouroboros_reset(void)
 {
-        shm_rdrbuff_purge();
+        ssm_pool_purge();
         lockfile_destroy(irmd.lf);
 
         return 0;
@@ -1712,10 +1712,8 @@ static void cleanup_pid(pid_t pid)
         }
 
         destroy_mount(mnt);
-
-#else
-        (void) pid;
 #endif
+        ssm_pool_reclaim_orphans(irmd.gspp, pid);
 }
 
 void * irm_sanitize(void * o)
@@ -1900,13 +1898,13 @@ static int irm_init(void)
                 goto fail_sock_path;
         }
 
-        if ((irmd.rdrb = shm_rdrbuff_create()) == NULL) {
-                log_err("Failed to create rdrbuff.");
-                goto fail_rdrbuff;
+        if ((irmd.gspp = ssm_pool_create()) == NULL) {
+                log_err("Failed to create pool.");
+                goto fail_pool;
         }
 
-        if (shm_rdrbuff_mlock(irmd.rdrb) < 0)
-                log_warn("Failed to mlock rdrbuff.");
+        if (ssm_pool_mlock(irmd.gspp) < 0)
+                log_warn("Failed to mlock pool.");
 
         irmd.tpm = tpm_create(IRMD_MIN_THREADS, IRMD_ADD_THREADS,
                               mainloop, NULL);
@@ -1970,8 +1968,8 @@ static int irm_init(void)
  fail_oap:
         tpm_destroy(irmd.tpm);
  fail_tpm_create:
-        shm_rdrbuff_destroy(irmd.rdrb);
- fail_rdrbuff:
+        ssm_pool_destroy(irmd.gspp);
+ fail_pool:
         close(irmd.sockfd);
  fail_sock_path:
         unlink(IRM_SOCK_PATH);
@@ -2008,8 +2006,8 @@ static void irm_fini(void)
         if (unlink(IRM_SOCK_PATH))
                 log_dbg("Failed to unlink %s.", IRM_SOCK_PATH);
 
-        if (irmd.rdrb != NULL)
-                shm_rdrbuff_destroy(irmd.rdrb);
+        if (irmd.gspp != NULL)
+                ssm_pool_destroy(irmd.gspp);
 
         if (irmd.lf != NULL)
                 lockfile_destroy(irmd.lf);
diff --git a/src/irmd/oap/tests/CMakeLists.txt b/src/irmd/oap/tests/CMakeLists.txt
index 09a40765..2e8f1319 100644
--- a/src/irmd/oap/tests/CMakeLists.txt
+++ b/src/irmd/oap/tests/CMakeLists.txt
@@ -1,6 +1,11 @@
 get_filename_component(tmp ".." ABSOLUTE)
 get_filename_component(src_folder "${tmp}" NAME)
 
+get_filename_component(OAP_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}" DIRECTORY)
+get_filename_component(OAP_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}" DIRECTORY)
+get_filename_component(IRMD_SOURCE_DIR "${OAP_SOURCE_DIR}" DIRECTORY)
+get_filename_component(IRMD_BINARY_DIR "${OAP_BINARY_DIR}" DIRECTORY)
+
 compute_test_prefix()
 
 create_test_sourcelist(${src_folder}_tests test_suite.c
@@ -15,11 +20,11 @@ create_test_sourcelist(${src_folder}_pqc_tests test_suite_pqc.c
 
 # OAP test needs io.c compiled with OAP_TEST_MODE
 set(OAP_TEST_SOURCES
-  ${CMAKE_CURRENT_SOURCE_DIR}/../io.c
-  ${CMAKE_CURRENT_SOURCE_DIR}/../hdr.c
-  ${CMAKE_CURRENT_SOURCE_DIR}/../auth.c
-  ${CMAKE_CURRENT_SOURCE_DIR}/../srv.c
-  ${CMAKE_CURRENT_SOURCE_DIR}/../cli.c
+  ${OAP_SOURCE_DIR}/io.c
+  ${OAP_SOURCE_DIR}/hdr.c
+  ${OAP_SOURCE_DIR}/auth.c
+  ${OAP_SOURCE_DIR}/srv.c
+  ${OAP_SOURCE_DIR}/cli.c
   ${CMAKE_CURRENT_SOURCE_DIR}/common.c
 )
 
@@ -32,8 +37,8 @@ set_source_files_properties(${OAP_TEST_SOURCES}
 disable_test_logging_for_target(${src_folder}_test)
 target_link_libraries(${src_folder}_test ouroboros-irm)
 target_include_directories(${src_folder}_test PRIVATE
-  ${CMAKE_CURRENT_SOURCE_DIR}/../..
-  ${CMAKE_CURRENT_BINARY_DIR}/../..
+  ${IRMD_SOURCE_DIR}
+  ${IRMD_BINARY_DIR}
 )
 
 # PQC test executable (ML-DSA)
@@ -46,8 +51,8 @@ set_source_files_properties(${OAP_TEST_SOURCES}
 disable_test_logging_for_target(${src_folder}_pqc_test)
 target_link_libraries(${src_folder}_pqc_test ouroboros-irm)
 target_include_directories(${src_folder}_pqc_test PRIVATE
-  ${CMAKE_CURRENT_SOURCE_DIR}/../..
-  ${CMAKE_CURRENT_BINARY_DIR}/../..
+  ${IRMD_SOURCE_DIR}
+  ${IRMD_BINARY_DIR}
 )
 
 add_dependencies(build_tests ${src_folder}_test ${src_folder}_pqc_test)
diff --git a/src/irmd/reg/flow.c b/src/irmd/reg/flow.c
index d6f6437f..02dc9c99 100644
--- a/src/irmd/reg/flow.c
+++ b/src/irmd/reg/flow.c
@@ -66,11 +66,11 @@ struct reg_flow * reg_flow_create(const struct flow_info * info)
 static void destroy_rbuffs(struct reg_flow * flow)
 {
         if (flow->n_rb != NULL)
-                shm_rbuff_destroy(flow->n_rb);
+                ssm_rbuff_destroy(flow->n_rb);
         flow->n_rb = NULL;
 
         if (flow->n_1_rb != NULL)
-                shm_rbuff_destroy(flow->n_1_rb);
+                ssm_rbuff_destroy(flow->n_1_rb);
         flow->n_1_rb = NULL;
 }
 
@@ -103,28 +103,28 @@ static int create_rbuffs(struct reg_flow *  flow,
         assert(flow != NULL);
         assert(info != NULL);
 
-        flow->n_rb = shm_rbuff_create(info->n_pid, info->id);
+        flow->n_rb = ssm_rbuff_create(info->n_pid, info->id);
         if (flow->n_rb == NULL)
                 goto fail_n_rb;
 
-        if (shm_rbuff_mlock(flow->n_rb) < 0)
+        if (ssm_rbuff_mlock(flow->n_rb) < 0)
                 log_warn("Failed to mlock n_rb for flow %d.", info->id);
 
         assert(flow->info.n_1_pid == 0);
         assert(flow->n_1_rb == NULL);
 
         flow->info.n_1_pid = info->n_1_pid;
-        flow->n_1_rb = shm_rbuff_create(info->n_1_pid, info->id);
+        flow->n_1_rb = ssm_rbuff_create(info->n_1_pid, info->id);
         if (flow->n_1_rb == NULL)
                 goto fail_n_1_rb;
 
-        if (shm_rbuff_mlock(flow->n_1_rb) < 0)
+        if (ssm_rbuff_mlock(flow->n_1_rb) < 0)
                 log_warn("Failed to mlock n_1_rb for flow %d.", info->id);
 
         return 0;
 
  fail_n_1_rb:
-        shm_rbuff_destroy(flow->n_rb);
+        ssm_rbuff_destroy(flow->n_rb);
  fail_n_rb:
         return -ENOMEM;
 }
diff --git a/src/irmd/reg/flow.h b/src/irmd/reg/flow.h
index d1e4811c..b671d486 100644
--- a/src/irmd/reg/flow.h
+++ b/src/irmd/reg/flow.h
@@ -28,7 +28,7 @@
 #include <ouroboros/name.h>
 #include <ouroboros/pthread.h>
 #include <ouroboros/qos.h>
-#include <ouroboros/shm_rbuff.h>
+#include <ouroboros/ssm_rbuff.h>
 #include <ouroboros/utils.h>
 
 #include <sys/types.h>
@@ -45,8 +45,8 @@ struct reg_flow {
 
         char               name[NAME_SIZE + 1];
 
-        struct shm_rbuff * n_rb;
-        struct shm_rbuff * n_1_rb;
+        struct ssm_rbuff * n_rb;
+        struct ssm_rbuff * n_1_rb;
 };
 
 struct reg_flow * reg_flow_create(const struct flow_info * info);
diff --git a/src/irmd/reg/proc.c b/src/irmd/reg/proc.c
index 9bbdf0eb..541731b2 100644
--- a/src/irmd/reg/proc.c
+++ b/src/irmd/reg/proc.c
@@ -75,7 +75,7 @@ struct reg_proc * reg_proc_create(const struct proc_info * info)
                 goto fail_malloc;
         }
 
-        proc->set = shm_flow_set_create(info->pid);
+        proc->set = ssm_flow_set_create(info->pid);
         if (proc->set == NULL) {
                 log_err("Failed to create flow set for %d.", info->pid);
                 goto fail_set;
@@ -99,7 +99,7 @@ void reg_proc_destroy(struct reg_proc * proc)
 {
         assert(proc != NULL);
 
-        shm_flow_set_destroy(proc->set);
+        ssm_flow_set_destroy(proc->set);
 
         __reg_proc_clear_names(proc);
 
diff --git a/src/irmd/reg/proc.h b/src/irmd/reg/proc.h
index 499ecc72..a790e5c9 100644
--- a/src/irmd/reg/proc.h
+++ b/src/irmd/reg/proc.h
@@ -25,7 +25,7 @@
 
 #include <ouroboros/list.h>
 #include <ouroboros/proc.h>
-#include <ouroboros/shm_flow_set.h>
+#include <ouroboros/ssm_flow_set.h>
 
 struct reg_proc {
         struct list_head      next;
@@ -35,7 +35,7 @@ struct reg_proc {
         struct list_head      names;   /* process accepts flows for names */
         size_t                n_names; /* number of names                 */
 
-        struct shm_flow_set * set;
+        struct ssm_flow_set * set;
 };
 
 struct reg_proc * reg_proc_create(const struct proc_info * info);