Fiasco.OC: make capability ref-counter thread-safe

Introduce process global spin-lock for Cap_index's reference-counter
to avoid non-atomic increment/decrement of the counter. Here, we don't
use a static Spinlock object, because it's constructor wouldn't be
initialized before used for the first time.

base-foc/include/base/cap_map.h

@@ -64,8 +64,8 @@ namespace Genode
 			bool     used()  const   { return _id != UNUSED;     }
 			uint16_t id()    const   { return _id;               }
 			void     id(uint16_t id) { _id = id;                 }
-			uint8_t  inc()           { return ++_ref_cnt;        }
-			uint8_t  dec()           { return --_ref_cnt;        }
+			uint8_t  inc();
+			uint8_t  dec();
 			addr_t   kcap();
 
 			void* operator new    (size_t size, Cap_index* idx) { return idx; }

base-foc/src/base/env/cap_map.cc

@@ -18,6 +18,9 @@
 
 #include <util/assert.h>
 
+/* Lock implementation local include */
+#include <spin_lock.h>
+
 namespace Fiasco {
 #include <l4/sys/consts.h>
 #include <l4/sys/task.h>
@@ -28,6 +31,9 @@ namespace Fiasco {
  **  Cap_index class  **
  ***********************/
 
+static volatile int _cap_index_spinlock = SPINLOCK_UNLOCKED;
+
+
 bool Genode::Cap_index::higher(Genode::Cap_index *n) { return n->_id > _id; }
 
 
@@ -46,6 +52,24 @@ Genode::addr_t Genode::Cap_index::kcap() {
 	return cap_idx_alloc()->idx_to_kcap(this); }
 
 
+Genode::uint8_t Genode::Cap_index::inc()
+{
+	spinlock_lock(&_cap_index_spinlock);
+	Genode::uint8_t ret = ++_ref_cnt;
+	spinlock_unlock(&_cap_index_spinlock);
+	return ret;
+}
+
+
+Genode::uint8_t Genode::Cap_index::dec()
+{
+	spinlock_lock(&_cap_index_spinlock);
+	Genode::uint8_t ret = --_ref_cnt;
+	spinlock_unlock(&_cap_index_spinlock);
+	return ret;
+}
+
+
 /****************************
  **  Capability_map class  **
  ****************************/