Add multicore example

cortex-a-rt/src/lib.rs

@@ -56,6 +56,24 @@
 //! `__sbss` and `__ebss` is zeroed, and the memory between `__sdata` and
 //! `__edata` is initialised with the data found at `__sidata`.
 //!
+//! The stacks look like:
+//!
+//! ```text
+//! +------------------+ <----_stack_top
+//! |     UND Stack    | } _und_stack_size bytes
+//! +------------------+
+//! |     SVC Stack    | } _svc_stack_size bytes
+//! +------------------+
+//! |     ABT Stack    | } _abt_stack_size bytes
+//! +------------------+
+//! |     IRQ Stack    | } _irq_stack_size bytes
+//! +------------------+
+//! |     FIQ Stack    | } _fiq_stack_size bytes
+//! +------------------+
+//! |     SYS Stack    | } No specific size
+//! +------------------+
+//! ```
+//!
 //! ### C-Compatible Functions
 //!
 //! * `kmain` - the `extern "C"` entry point to your application.

cortex-ar/Cargo.toml

@@ -28,7 +28,7 @@ version = "0.1.0"
 arbitrary-int = "1.3.0"
 bitbybit = "1.3.3"
 num_enum = { version = "0.7", default-features = false }
-critical-section = {version = "1.2.0", features = ["restore-state-bool"], optional = true}
+critical-section = {version = "1.2.0", features = ["restore-state-u8"], optional = true}
 defmt = {version = "0.3", optional = true}
 
 [build-dependencies]
@@ -38,5 +38,8 @@ arm-targets = {version = "0.1.0", path = "../arm-targets"}
 # Adds a critical-section implementation that only disables interrupts.
 # This is not sound on multi-core systems because interrupts are per-core.
 critical-section-single-core = ["critical-section"]
+# Adds a critical-section implementation that disables interrupts and does
+# a CAS spinlock.
+critical-section-multi-core = ["critical-section"]
 # Adds defmt::Format implementation for the register types
 defmt = ["dep:defmt"]

cortex-ar/src/asm.rs

@@ -56,3 +56,15 @@ pub fn sev() {
         core::arch::asm!("sev");
     }
 }
+
+/// Which core are we?
+///
+/// Return the bottom 24-bits of the MPIDR
+#[inline]
+pub fn core_id() -> u32 {
+    let r: u32;
+    unsafe {
+        core::arch::asm!("MRC p15, 0, {}, c0, c0, 5", out(reg) r, options(nomem, nostack, preserves_flags));
+    }
+    return r & 0x00FF_FFFF;
+}

cortex-ar/src/critical_section.rs

@@ -1,30 +1,147 @@
-//! Code that implements the `critical-section` traits on Cortex-R or Cortex-A when only a single
-//! core is used.
+//! Code that implements the `critical-section` traits on Cortex-R or Cortex-A
 //!
-//! Only valid if you have a single core.
+//! We have single-core and multi-core versions. Select with the
+//! `critical-section-single-core` and `critical-section-multi-core` features.
 
-use core::sync::atomic;
+#[cfg(feature = "critical-section-single-core")]
+mod single_core {
+    struct SingleCoreCriticalSection;
 
-struct SingleCoreCriticalSection;
-critical_section::set_impl!(SingleCoreCriticalSection);
+    critical_section::set_impl!(SingleCoreCriticalSection);
 
-unsafe impl critical_section::Impl for SingleCoreCriticalSection {
-    unsafe fn acquire() -> critical_section::RawRestoreState {
-        // the i bit means "masked"
-        let was_active = !crate::register::Cpsr::read().i();
-        crate::interrupt::disable();
-        atomic::compiler_fence(atomic::Ordering::SeqCst);
-        was_active
+    /// Indicates the critical section was entered with interrupts on
+    pub const INT_ON: u8 = 0;
+
+    /// Indicates the critical section was entered with interrupts off
+    pub const INT_OFF: u8 = 1;
+
+    #[cfg(feature = "critical-section-single-core")]
+    unsafe impl critical_section::Impl for SingleCoreCriticalSection {
+        unsafe fn acquire() -> critical_section::RawRestoreState {
+            use core::sync::atomic;
+            // the i bit means "masked"
+            let was_active = !crate::register::Cpsr::read().i();
+            crate::interrupt::disable();
+            atomic::compiler_fence(atomic::Ordering::SeqCst);
+            if was_active {
+                INT_ON
+            } else {
+                INT_OFF
+            }
+        }
+
+        unsafe fn release(was_active: critical_section::RawRestoreState) {
+            use core::sync::atomic;
+            // Only re-enable interrupts if they were enabled before the critical section.
+            if was_active == INT_ON {
+                atomic::compiler_fence(atomic::Ordering::SeqCst);
+                // Safety: This is OK because we're releasing a lock that was
+                // entered with interrupts enabled
+                unsafe {
+                    crate::interrupt::enable();
+                }
+            }
+        }
     }
+}
+
+#[cfg(feature = "critical-section-multi-core")]
+mod multi_core {
+    struct MultiCoreCriticalSection;
+
+    critical_section::set_impl!(MultiCoreCriticalSection);
+
+    /// The default value for our spin-lock
+    pub const UNLOCKED: u32 = 0xFFFF_FFFF;
+
+    /// Indicates the critical section was entered with interrupts on, and the spin-lock unlocked
+    pub const INT_ON_UNLOCKED: u8 = 0;
+
+    /// Indicates the critical section was entered with interrupts off, and the spin-lock locked (by us)
+    pub const INT_OFF_LOCKED: u8 = 1;
+
+    /// Indicates the critical section was entered with interrupts off, and the spin-lock unlocked
+    pub const INT_OFF_UNLOCKED: u8 = 2;
+
+    pub static CORE_SPIN_LOCK: core::sync::atomic::AtomicU32 =
+        core::sync::atomic::AtomicU32::new(UNLOCKED);
+    unsafe impl critical_section::Impl for MultiCoreCriticalSection {
+        unsafe fn acquire() -> critical_section::RawRestoreState {
+            use core::sync::atomic;
+
+            // the i bit means "masked"
+            let was_active = !crate::register::Cpsr::read().i();
+            crate::interrupt::disable();
+
+            let core_id = crate::asm::core_id();
+
+            let locked_already = loop {
+                match CORE_SPIN_LOCK.compare_exchange(
+                    UNLOCKED,
+                    core_id,
+                    atomic::Ordering::Acquire,
+                    atomic::Ordering::Relaxed,
+                ) {
+                    Ok(_) => {
+                        // we got the lock
+                        break false;
+                    }
+                    Err(n) if n == core_id => {
+                        // we already held the lock
+                        break true;
+                    }
+                    Err(_) => {
+                        // someone else holds the lock
+                        core::hint::spin_loop();
+                    }
+                }
+            };
+
+            atomic::compiler_fence(atomic::Ordering::SeqCst);
+
+            match (was_active, locked_already) {
+                (true, true) => {
+                    panic!("Invalid CS state?!");
+                }
+                (true, false) => {
+                    // we need to turn interrupts on, and release the lock
+                    INT_ON_UNLOCKED
+                }
+                (false, false) => {
+                    // we need release the lock
+                    INT_OFF_UNLOCKED
+                }
+                (false, true) => {
+                    // we need to do nothing
+                    INT_OFF_LOCKED
+                }
+            }
+        }
+
+        unsafe fn release(was_active: critical_section::RawRestoreState) {
+            use core::sync::atomic;
 
-    unsafe fn release(was_active: critical_section::RawRestoreState) {
-        // Only re-enable interrupts if they were enabled before the critical section.
-        if was_active {
             atomic::compiler_fence(atomic::Ordering::SeqCst);
-            // Safety: This is OK because we're releasing a lock that was
-            // entered with interrupts enabled
-            unsafe {
-                crate::interrupt::enable();
+            match was_active {
+                INT_OFF_LOCKED => {
+                    // do nothing
+                }
+                INT_OFF_UNLOCKED => {
+                    // the spin-lock was unlocked before, so unlock it
+                    CORE_SPIN_LOCK.store(UNLOCKED, atomic::Ordering::Release);
+                }
+                INT_ON_UNLOCKED => {
+                    // the spin-lock was unlocked before, so unlock it
+                    CORE_SPIN_LOCK.store(UNLOCKED, atomic::Ordering::Release);
+                    // Safety: This is OK because we're releasing a lock that was
+                    // entered with interrupts enabled
+                    unsafe {
+                        crate::interrupt::enable();
+                    }
+                }
+                _ => {
+                    unreachable!()
+                }
             }
         }
     }

cortex-ar/src/lib.rs

@@ -2,7 +2,6 @@
 
 #![no_std]
 
-#[cfg(feature = "critical-section-single-core")]
 mod critical_section;
 
 pub mod asm;

cortex-r-rt/link.x

@@ -1,7 +1,8 @@
 /*
 Basic Cortex-R linker script.
 
-You must supply a file called `memory.x` which defines the memory regions 'CODE' and 'DATA'.
+You must supply a file called `memory.x` which defines the memory regions
+'VECTORS', 'CODE' and 'DATA'.
 
 The stack pointer(s) will be (near) the top of the DATA region by default.
 
@@ -10,13 +11,17 @@ Based upon the linker script from https://github.com/rust-embedded/cortex-m
 
 INCLUDE memory.x
 
-ENTRY(_vector_table);
+ENTRY(_start);
 EXTERN(_vector_table);
+EXTERN(_start);
 
 SECTIONS {
-    .text : {
+    .vector_table ORIGIN(VECTORS) : {
         /* The vector table must come first */
         *(.vector_table)
+    } > VECTORS
+
+    .text : {
         /* Now the rest of the code */
         *(.text .text*)
     } > CODE
@@ -76,6 +81,7 @@ remainder is our system mode stack.
 You must keep _stack_top and the stack sizes aligned to eight byte boundaries.
 */
 PROVIDE(_stack_top = ORIGIN(DATA) + LENGTH(DATA));
+PROVIDE(_hyp_stack_size = 0x400);
 PROVIDE(_und_stack_size = 0x400);
 PROVIDE(_svc_stack_size = 0x400);
 PROVIDE(_abt_stack_size = 0x400);