GIC v2 Virtualization Supported System

Question

I'm trying to implement some kind of Interrupt routine.

It's related to virtualization with GIC v2 H/W support.

My question is :

 When catch a interrupt number, Hypervisor should distingush if it's for 
own itself or for guests ran on the hypervisor.
But how to check it? if it's for hyp or guest?

it's my question. Please let me know if correct or not. I need more backgrounds. Thank you for your replay before.

[Here is a similar question](http://stackoverflow.com/questions/26326563/arm-trustzone-usage). — artless noise, Feb 29 '16 at 05:15

artless noise · Accepted Answer · 2016-02-29T05:09:47.670

1

The simplest way is for FIQ interrupt assigned to the secure world and IRQ to the normal world. There is a trustzone register (SCR or secure configuration registers) that will route IRQ/FIQ to the monitor or straight to the OS in the current world. The GIC itself allows all interrupt to be either FIQ or IRQ (I think the documentation calls it type 0 and type 1). You can always route to the monitor or you can dynamically switch (on a world switch) where the interrupt are routed.

  World | Normal | Secure
  ------+--------+--------
  FIQ   | Monitor| Through
  IRQ   | Through| Monitor

The monitor trap will require saving a lot of registers (a world switch to save registers). You can trust the secure interrupt handler somewhat, but all bets should be off for the normal world.

There maybe other ways to handle it, but this is the least complex. For instance, you can always have a fixed table of interrupt sources owners (which world they belong to). I imagine there are many other ways. Most will always trap to monitor mode which is somewhat undesirable for performance reasons.

For your hypervisor case, you would have to disallow FIQ interrupts in the guest OS. Probably they will not work well as they are suppose to be FAST and the virtualization is going to interfere with this. You can leave the SCR in the Normal column if this is the case (so the SCR is constant).

edited Feb 29 '16 at 05:09

answered Feb 29 '16 at 05:02

artless noise

21,212
6
68
105

Actually, My project is related to Hypervisor. This Hypervisor should be ran in Hyper mode that is implemented in ARM with HW support and this mode is only exist in Normal world. (Non-secure mode) It means routing IRQ from Secure to Non-secure took quite big overhead. So i think your suggestion is good but not suitable for my situaion. But thank you so much for you reply – Jeungwoo Yoo Feb 29 '16 at 09:57
What interrupt does you hyper-visor need? [These people use a trap](http://genode.org/documentation/articles/arm_virtualization) and execute for the distributor and let the VM have a per-cpu controller. You can use this scheme for multi-CPU. You didn't say you had ARM VM extentions nor if you have SMP in your question (so you sort of wasted my time). – artless noise Feb 29 '16 at 14:01
You should add some details about exactly how you want things to work. What interrupts are for the hypervisor (or do you just mean interrupt per VM). If the VM is assigned a CPU, then the GIC distributor can route per-CPU. However, you will probably then say 'that is not how my architecture works...', if someone where to give that answer. A paper/link with [TZ and hyper](http://genode.org/documentation/articles/trustzone). As asked, it is certainly appropriate to run hypervisor management tasks in the secure world and use FIQ for it's interrupts; maybe not what you want. Please clarify. – artless noise Feb 29 '16 at 14:23
Thank you for detailed answers and sorry for made you upset. Actually my hypervisor is running on ARM CortexA15 and running on hyper mode one of modes arm processor have. And as you guess, virtual machines are not dedicated on per core. In this situation, What i want to know is when irq arised how to determine if this irq is belongs to whom. If there's no way, then i have to give the irq to all of the virtual machines that mapped the irq number. Anyway this is my detailed question and i'm sorry again. And thank you for you paper and link. – Jeungwoo Yoo Feb 29 '16 at 19:20
Surely, you can not run more than one OS on a CPU at a time? So when an OS is scheduled on that CPU, you use the distributor to route the interrupts. Your hypervisor must maintain a list of assigned interrupts? When a CPU enter `WFi` mode, then you need the hypervisor to listen for this and schedule migration? TZ is nice for unhosted hypervisor. You should add details to your question. Click *edit* near the bottom. – artless noise Mar 01 '16 at 02:53
Yes as you mentioned, my hypervisor is more than one os is running on one core. And TZ do not support the hyp mode. To use stage-2 address translation, my hypervisor should ran on non-secure mode. – Jeungwoo Yoo Mar 01 '16 at 03:08
You can use both TZ and hyper mode. Hyper can switch OS on the CPU, but TZ can handle the interrupts on behalf of your 'hypervisor'. TZ does support hyper; they can both co-exist. Many people have tried to create virtualization with TZ only; that does not work well. You can combine them. – artless noise Mar 01 '16 at 16:05

GIC v2 Virtualization Supported System

1 Answers1