Dear All, I'm testing a bare metal application on qemu. This worked great up until now. I start it with qemu-system-aarch64 -M raspi3 -kernel kernel8.img
My problem is, although I configure the ARM Generic Timer Non-Secure EL1 physical timer correctly (according to DDI0487), I don't get an interrupt. In short, I'm at EL1, VBAR CSSel selects the correct handler, I have interrupts enabled in PSTATE with DAIFClr etc. I set up CNTP_CTL_EL0 and CNTP_CVAL_EL0 correctly, I can see the timer running, and after the given time, I can see CNTP_CTL_EL0 changing to 5 (ISTATUS=1, IMASK=0, ENABLE=1), but ISR_EL1 remains 0. Checking qemu's source I can see in hw/arm/bcm2836.c line 156 that CNTPNSIRQ (the one I'm after) is connected to the ARM Control peripheral. So I've also configured 0x4000040 = (1<<1), 0x4000044 = (1<<1), 0x4000048 = (1<<1) and 0x400004C = (1<<1) to enable nCNTPNSIRQ on all 4 cores. I've also tried to enable ARM and ARM Timer bits in bcm2836-ic's registers but didn't help. I can confirm that in target/arm/helper.c line 2416, function gt_recalc_timer() ISTATUS is set, IMASK is not set and "qemu_set_irq(cpu->gt_timer_outputs[1], 1);" is called. After that I'm stuck, because that should call struct IRQState's cpu->gt_timer_outputs[1]->handler(), but I failed to find what it is initialized to. Only thing I've found is in target/arm/cpu.c line 717 in function arm_cpu_initfn(), but that does not tell me which function is used as a handler for GTIMER_PHYS, so I can't follow that path to figure out which IRQ line in which controller to enable. Setting ARM Control alone is clearly not enough, so my question is, what am I missing? Why don't I get an interrupt? Which system/MMIO register should I set to get the IRQ? Thanks, bzt
