ARM Interrupt Handling in QEMU

Question

I'm trying to understand how QEMU handles interrupts for ARM processors. I have a bare metal binary blob (ie, not linux -- just some assembly code) which was built for a ARM1176. When run in QEMU, during initialisation the code in the binary blob sets bit 13 of the CPSR indicating that the interrupt vector table is located at 0xFFFF0000. Hooking up GDB and dumping the instructions at that address, I can indeed see the corresponding interrupt vector table. On an IRQ, it jumps to 0xFFFF0018, which just does a jump to 0xFFFF00070, which has the code for the first irq_handler, and ultimately jumps to a second irq_handler.

That's fine, but when I look at hooking up interrupts in QEMU every reference I find is hooking up my own irq_handler. If you allocate an irq, I need to provide a qemu_irq_handler that gets called when the IRQ is fired. But in this case, I don't want my own handler to get called. I was assuming that QEMU would emulate the ARM processor and jump to 0xFFFF0018 when I, for instance, called qemu_set_irq() and start running the code there.

I'm sure something is lacking in my understanding, but is there not some way to get QEMU to jump to the interrupt vector table and run the code there when triggering an interrupt, for example, with qemu_set_irq()?

Answer 1

I would think that QEMU is using Paravirtualization for the ARM. There is no interrupt controller for the ARM device on a PC. I think the qemu_irq_handler is a paravirtualization technique to handle an interrupt. Where are interrupts going to come from? See: QEMU tech document especially,

2.11 Hardware interrupts

In order to be faster, QEMU does not check at every basic block if a hardware interrupt is pending. Instead, the user must asynchronously call a specific function to tell that an interrupt is pending. This function resets the chaining of the currently executing basic block. It ensures that the execution will return soon in the main loop of the CPU emulator. Then the main loop can test if the interrupt is pending and handle it.

Probably QEMU comes with some code to emulate devices. However, if you want to use your own device, you will need to do something custom. It is not an actual ARM processor. Most virtualization technology have issues with interrupts; even when the virtualization is hosted by the same CPU as the target.