android qemu-kvm i8259 中断控制器虚拟设备

本文链接：https://blog.youkuaiyun.com/ayu_ag/article/details/52858461

本文介绍了在Ubuntu 12.04下，使用Android Emulator（启用了kvm加速）模拟i8259中断控制器的过程。文章详细讲解了8259的初始化、elcr的读写、寄存器操作以及如何通知CPU处理中断。还探讨了APIC、I/O APIC和LAPIC在虚拟化环境中的作用，指出qemu的8259模拟已采用QOM模型，并讨论了性能优化的可能性。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

ubuntu12.04下使用android emulator，启用kvm加速，模拟i8259中断控制器的代码比较旧，对应于qemu0.14或者之前的版本，这时还没有QOM(qemu object model)模型，虚拟设备的代码是比较简单的。

玩虚拟设备之前，首先得搞明白真实设备怎么玩：http://www.360doc.com/content/09/1017/08/128139_7395798.shtml和http://blog.youkuaiyun.com/duguteng/article/details/7552774

8259主片的IRQ0~7对应INT 8~INT F，从片的IRQ8~IRQ15对应INT 70~INT 77。

建议先看《android qemu-kvm i8254 pit虚拟设备》

初始化

8259是在pc_init1中初始化的，cpu_irq是8259的parent_irq：

cpu_irq = qemu_allocate_irqs(pic_irq_request, NULL, 1);
i8259 = i8259_init(cpu_irq[0]);

qemu_allocate_irqs用来申请并设置qemu_irq结构体的：

qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n)
{
    qemu_irq *s;
    struct IRQState *p;
    int i;

    s = (qemu_irq *)g_malloc0(sizeof(qemu_irq) * n);
    p = (struct IRQState *)g_malloc0(sizeof(struct IRQState) * n);
    for (i = 0; i < n; i++) {
        p->handler = handler;
        p->opaque = opaque;
        p->n = i;
        s[i] = p;
        p++;
    }
    return s;
}

i8259_init是8259的初始化函数，初始化了主从两片8259，iobase分别为0x20，0xa0，length都是2，宽度都是8bit。

elcr地址分别为0x4d0，0x4d1，分别对应两片8259，每一位对应一个irq，是控制边沿触发还是电平触发的，置1时是电平触发，elcr_mask是因为有些irq不支持电平触发，所以需要mask。

<a target=_blank href="https://en.wikipedia.org/wiki/Intel_8259">Edge and level triggered modes</a>[edit]
Since the ISA bus does not support level triggered interrupts, level triggered mode may not be used for interrupts connected to ISA devices. This means that on PC/XT, PC/AT, and compatible systems the 8259 must be programmed for edge triggered mode. On MCA systems, devices use level triggered interrupts and the interrupt controller is hardwired to always work in level triggered mode. On newer EISA, PCI, and later systems the Edge/Level Control Registers (ELCRs) control the mode per IRQ line, effectively making the mode of the 8259 irrelevant for such systems with ISA buses. The ELCR is programmed by the BIOS at system startup for correct operation.

The ELCRs are located 0x4d0 and 0x4d1 in the x86 I/O address space. They are 8-bits wide, each bit corresponding to an IRQ from the 8259s. When a bit is set, the IRQ is in level triggered mode; otherwise, the IRQ is in edge triggered mode.

最后申请了GFD_MAX_IRQ个，也就是16个qemu_irq结构体：

qemu_irq *i8259_init(qemu_irq parent_irq)
{
    PicState2 *s;

    s = g_malloc0(sizeof(PicState2));
    pic_init1(0x20, 0x4d0, &s->pics[0]);
    pic_init1(0xa0, 0x4d1, &s->pics[1]);
    s->pics[0].elcr_mask = 0xf8;
    s->pics[1].elcr_mask = 0xde;
    s->parent_irq = parent_irq;
    s->pics[0].pics_state = s;
    s->pics[1].pics_state = s;
    isa_pic = s;
    return qemu_allocate_irqs(i8259_set_irq, s, GFD_MAX_IRQ);
}

struct PicState2 {
    /* 0 is master pic, 1 is slave pic */
    /* XXX: better separation between the two pics */
    PicState pics[2];
    qemu_irq parent_irq;
    void *irq_request_opaque;
    /* IOAPIC callback support */
    SetIRQFunc *alt_irq_func;
    void *alt_irq_opaque;
};

typedef struct PicState {
    uint8_t last_irr; /* edge detection */
    uint8_t irr; /* interrupt request r