linux Kernel Interrupt Implementation Principle


This article mainly explains several questions:

  • What is interruption and what are the categories of interruption?
  • How can interrupt events be passed step by step from the event source to the kernel layer and the corresponding interrupt handling functions are invoked?
  • How is the interrupt system initialized during kernel startup?
  • What are the internal principles of interrupt request and release in the kernel?

Note: The source code used in this article is still based on ARM platform, and the kernel version is 4.8.0.


Interrupt is an asynchronous event of the cpu, which interrupts the normal execution logic of the cpu, forcing the cpu to save the current context (or possibly manually) and then jump to the interrupt processing function for interrupt processing. Different CPUs (even those with the same architecture) generally have different interrupt systems, such as different types and quantities of interrupt sources. There are differences between interrupt and exception. Interrupt generally refers to external hardware interrupt and software interrupt, while exception generally includes interrupt, but exception also includes other abnormal events such as prefetch instruction exception. Exceptions in the cpu usually exist in the form of anomaly vector tables at the front of program startup. For example, reset vector is the code entry that the cpu executes when it is powered on or reset. It usually completes the basic initialization of cpu peripherals at assembly level and prepares the running environment for the next c language.

The following is a classical anomaly vector table in ARM architecture:


Among them, swi is a soft interrupt, which is mainly used in linux kernel to implement system calls, and can be participated in another article of mine: Seeing System Call Principle from glibc Source Code IRQ/FIQ is the hardware interrupt. The difference between IRQ and FIQ does not belong to the scope of this paper.

Kernel interrupt

I mentioned the interrupt vector table, which is the entry of all interrupts. In the linux kernel, the vector table is defined in / arch/arm/kernel/entry-armv.S.

	W(b)	swi
	W(b)	vector_und
	W(ldr)	pc, .L__vectors_start + 0x1000  //swi corresponds to the interrupt vector. The origin of 0x1000 is shown below.
	W(b)	vector_pabt
	W(b)	vector_dabt
	W(b)	vector_addrexcptn
	W(b)	vector_irq
	W(b)	vector_fiq

This paper mainly focuses on the processing logic of hardware interrupt, because it is the most frequently used interrupt (such as keyboard interrupt, USB interrupt, etc.) in the development of kernel driver. The interrupt processing logic corresponding to IRQ is vector_irq:

 * Interrupt dispatcher
	vector_stub	irq, IRQ_MODE, 4

	.long	__irq_usr			@  0  (USR_26 / USR_32) Processing function from user mode to interrupt
	.long	__irq_invalid			@  1  (FIQ_26 / FIQ_32)
	.long	__irq_invalid			@  2  (IRQ_26 / IRQ_32)
	.long	__irq_svc			@  3  (SVC_26 / SVC_32) from SVC Processing function entering interrupt
	.long	__irq_invalid			@  4
	.long	__irq_invalid			@  5
	.long	__irq_invalid			@  6
	.long	__irq_invalid			@  7
	.long	__irq_invalid			@  8
	.long	__irq_invalid			@  9
	.long	__irq_invalid			@  a
	.long	__irq_invalid			@  b
	.long	__irq_invalid			@  c
	.long	__irq_invalid			@  d
	.long	__irq_invalid			@  e
	.long	__irq_invalid			@  f

Obviously, because the current code can be in the user state or the kernel state when the interrupt occurs, it needs to be treated differently. This paper mainly discusses the logic from the user state to the interrupt, i.e. _irq_usr:

	.align	5
	get_thread_info tsk
	mov	why, #0
	b	ret_to_user_from_irq
 UNWIND(.fnend		)

_ In irq_usr, irq_handler is called for further interruption processing. Let's look at the definition of irq_handler:

 * Interrupt handling.
	.macro	irq_handler
	ldr	r1, =handle_arch_irq
	mov	r0, sp
	badr	lr, 9997f
	ldr	pc, [r1]

arch_irq_handler_default (at / arch/arm/include/asm/entry-macro-multi.S) is called by default in irq_handler:

 * Interrupt handling.  Preserves r7, r8, r9
	.macro	arch_irq_handler_default
	get_irqnr_preamble r6, lr
1:	get_irqnr_and_base r0, r2, r6, lr
	movne	r1, sp
	@ routine called with r0 = irq number, r1 = struct pt_regs *
	badrne	lr, 1b
	bne	asm_do_IRQ

arch_irq_handler_default eventually calls asm_do_IRQ (before calling, the interrupt number is assigned to the r0 register, the pt_regs register address is assigned to the r1 register, essentially passing parameters to the asm_do_IRQ). This function is very special because it is written in C language, that is, interrupt processing enters the world of C language from the beginning of asm_do_IRQ, which is defined in C language./ arch/arm/kernel/irq.c:

 * asm_do_IRQ is the interface to be used from assembly code.
asmlinkage void __exception_irq_entry
asm_do_IRQ(unsigned int irq, struct pt_regs *regs)
	handle_IRQ(irq, regs);

Continue to look at handle_IRQ implementation:

 * handle_IRQ handles all hardware IRQ's.  Decoded IRQs should
 * not come via this function.  Instead, they should provide their
 * own 'handler'.  Used by platform code implementing C-based 1st
 * level decoding.
void handle_IRQ(unsigned int irq, struct pt_regs *regs)
	__handle_domain_irq(NULL, irq, false, regs);

In/kernel/irq/irqdesc.c, _handle_domain_irq is defined as follows:

 * __handle_domain_irq - Invoke the handler for a HW irq belonging to a domain
 * @domain:	The domain where to perform the lookup
 * @hwirq:	The HW irq number to convert to a logical one
 * @lookup:	Whether to perform the domain lookup or not
 * @regs:	Register file coming from the low-level handling code
 * Returns:	0 on success, or -EINVAL if conversion has failed
int __handle_domain_irq(struct irq_domain *domain, unsigned int hwirq,
			bool lookup, struct pt_regs *regs)
    // Save the interrupt register status first
	struct pt_regs *old_regs = set_irq_regs(regs);
	unsigned int irq = hwirq;
	int ret = 0;


	if (lookup)
		irq = irq_find_mapping(domain, hwirq);

	 * Some hardware gives randomly wrong interrupts.  Rather
	 * than crashing, do something sensible.
	if (unlikely(!irq || irq >= nr_irqs)) {
		ret = -EINVAL;
	} else {
        // Come here by default

    // Restore interrupt register status
	return ret;

Call generic_handle_irq for further processing:

 * generic_handle_irq - Invoke the handler for a particular irq
 * @irq:	The irq number to handle
int generic_handle_irq(unsigned int irq)
    // Get the irq_desc structure according to the interrupt number
	struct irq_desc *desc = irq_to_desc(irq);

	if (!desc)
		return -EINVAL;
    // Further treatment
	return 0;

Among them, irq_to_desc is to get the corresponding irq_desc structure according to the interrupt number:

struct irq_desc *irq_to_desc(unsigned int irq)
	return (irq < NR_IRQS) ? irq_desc + irq : NULL;

Irq_desc is a struct irq_desc structured array (array size is NR_IRQS):

struct irq_desc irq_desc[NR_IRQS] __cacheline_aligned_in_smp = {
	[0 ... NR_IRQS-1] = {
		.handle_irq	= handle_bad_irq,
		.depth		= 1,
		.lock		= __RAW_SPIN_LOCK_UNLOCKED(irq_desc->lock),

Go back and look at generic_handle_irq_desc, which simply calls handle_irq of the irq_desc structure:

 * Architectures call this to let the generic IRQ layer
 * handle an interrupt.
static inline void generic_handle_irq_desc(struct irq_desc *desc)

irq_desc is the interrupt descriptor, which is defined in / include/linux/irqdesc.h. Its detailed definition will be listed later. Here it is explained that handle_irq is not the final interrupt handler. It is a "high level irq-events handler", which is a high level interrupt event handler (type is typedef void (*irq_flow_handler_t) (struct q_descir).) These functions are: handle_level_irq, handle_edge_irq, handle_simple_irq, handle_fasteoi_irq, handle_edge_irq, source code of handle_edge_irq (/kernel/irq/chip.c):

 *	handle_edge_irq - edge type IRQ handler
 *	@desc:	the interrupt description structure for this irq
 *	Interrupt occures on the falling and/or rising edge of a hardware
 *	signal. The occurrence is latched into the irq controller hardware
 *	and must be acked in order to be reenabled. After the ack another
 *	interrupt can happen on the same source even before the first one
 *	is handled by the associated event handler. If this happens it
 *	might be necessary to disable (mask) the interrupt depending on the
 *	controller hardware. This requires to reenable the interrupt inside
 *	of the loop which handles the interrupts which have arrived while
 *	the handler was running. If all pending interrupts are handled, the
 *	loop is left.
void handle_edge_irq(struct irq_desc *desc)

	desc->istate &= ~(IRQS_REPLAY | IRQS_WAITING);

	if (!irq_may_run(desc)) {
		desc->istate |= IRQS_PENDING;
		goto out_unlock;

	 * If its disabled or no action available then mask it and get
	 * out of here.
	if (irqd_irq_disabled(&desc->irq_data) || !desc->action) {
		desc->istate |= IRQS_PENDING;
		goto out_unlock;


	/* Start handling the irq This is different from the level trigger mode.*/

	do {
		if (unlikely(!desc->action)) {
			goto out_unlock;

		 * When another irq arrived while we were handling
		 * one, we could have masked the irq.
		 * Renable it, if it was not disabled in meantime.
		if (unlikely(desc->istate & IRQS_PENDING)) {
			if (!irqd_irq_disabled(&desc->irq_data) &&


	} while ((desc->istate & IRQS_PENDING) &&


To compare handle_edge_irq with handle_edge_irq, the handle_level_irq code is also pasted to show the difference between them.

 *	handle_level_irq - Level type irq handler
 *	@desc:	the interrupt description structure for this irq
 *	Level type interrupts are active as long as the hardware line has
 *	the active level. This may require to mask the interrupt and unmask
 *	it after the associated handler has acknowledged the device, so the
 *	interrupt line is back to inactive.
void handle_level_irq(struct irq_desc *desc)

	if (!irq_may_run(desc))
		goto out_unlock;

	desc->istate &= ~(IRQS_REPLAY | IRQS_WAITING);

	 * If its disabled or no action available
	 * keep it masked and get out of here
	if (unlikely(!desc->action || irqd_irq_disabled(&desc->irq_data))) {
		desc->istate |= IRQS_PENDING;
		goto out_unlock;




The high-level interrupt handler will continue to call handle_irq_event (/kernel/irq/handle.c):

irqreturn_t handle_irq_event(struct irq_desc *desc)
	irqreturn_t ret;

	desc->istate &= ~IRQS_PENDING;
	irqd_set(&desc->irq_data, IRQD_IRQ_INPROGRESS);
    // Processing interrupts on each cpu
	ret = handle_irq_event_percpu(desc);

	irqd_clear(&desc->irq_data, IRQD_IRQ_INPROGRESS);
	return ret;

Keep looking at handle_irq_event_percpu:

irqreturn_t handle_irq_event_percpu(struct irq_desc *desc)
	irqreturn_t retval;
	unsigned int flags = 0;
    // Internal call
	retval = __handle_irq_event_percpu(desc, &flags);

	add_interrupt_randomness(desc->irq_data.irq, flags);

	if (!noirqdebug)
		note_interrupt(desc, retval);
	return retval;

_ handle_irq_event_percpu calls the real interrupt handler set by the user:

irqreturn_t __handle_irq_event_percpu(struct irq_desc *desc, unsigned int *flags)
	irqreturn_t retval = IRQ_NONE;
	unsigned int irq = desc->irq_data.irq;
	struct irqaction *action;

    // Traversing all action s in the interrupt descriptor irq_desc
	for_each_action_of_desc(desc, action) {
		irqreturn_t res;

		trace_irq_handler_entry(irq, action);
        // Call the interrupt handler set by the user
		res = action->handler(irq, action->dev_id);
		trace_irq_handler_exit(irq, action, res);

		if (WARN_ONCE(!irqs_disabled(),"irq %u handler %pF enabled interrupts\n",
			      irq, action->handler))

		switch (res) {
			 * Catch drivers which return WAKE_THREAD but
			 * did not set up a thread function
			if (unlikely(!action->thread_fn)) {
				warn_no_thread(irq, action);

			__irq_wake_thread(desc, action);

			/* Fall through to add to randomness */
			*flags |= action->flags;


		retval |= res;

	return retval;

At this point, a complete interrupt event delivery process is completed (hardware interrupt event - > kernel - > final interrupt handler).

Interrupt-related data structures

First of all, the most important data structure, interrupt descriptor irq_desc, is not introduced too much in this paper because it has very detailed annotations in English.

 * struct irq_desc - interrupt descriptor
 * @irq_common_data:	per irq and chip data passed down to chip functions
 * @kstat_irqs:		irq stats per cpu
 * @handle_irq:		highlevel irq-events handler
 * @preflow_handler:	handler called before the flow handler (currently used by sparc)
 * @action:		the irq action chain
 * @status:		status information
 * @core_internal_state__do_not_mess_with_it: core internal status information
 * @depth:		disable-depth, for nested irq_disable() calls
 * @wake_depth:		enable depth, for multiple irq_set_irq_wake() callers
 * @irq_count:		stats field to detect stalled irqs
 * @last_unhandled:	aging timer for unhandled count
 * @irqs_unhandled:	stats field for spurious unhandled interrupts
 * @threads_handled:	stats field for deferred spurious detection of threaded handlers
 * @threads_handled_last: comparator field for deferred spurious detection of theraded handlers
 * @lock:		locking for SMP
 * @affinity_hint:	hint to user space for preferred irq affinity
 * @affinity_notify:	context for notification of affinity changes
 * @pending_mask:	pending rebalanced interrupts
 * @threads_oneshot:	bitfield to handle shared oneshot threads
 * @threads_active:	number of irqaction threads currently running
 * @wait_for_threads:	wait queue for sync_irq to wait for threaded handlers
 * @nr_actions:		number of installed actions on this descriptor
 * @no_suspend_depth:	number of irqactions on a irq descriptor with
 * @force_resume_depth:	number of irqactions on a irq descriptor with
 * @rcu:		rcu head for delayed free
 * @dir:		/proc/irq/ procfs entry
 * @name:		flow handler name for /proc/interrupts output
struct irq_desc {
	struct irq_common_data	irq_common_data;
	struct irq_data		irq_data;
	unsigned int __percpu	*kstat_irqs;
	irq_flow_handler_t	handle_irq;
	irq_preflow_handler_t	preflow_handler;
	struct irqaction	   *action;	/* IRQ action list */
	unsigned int		status_use_accessors;
	unsigned int		core_internal_state__do_not_mess_with_it;
	unsigned int		depth;		/* nested irq disables */
	unsigned int		wake_depth;	/* nested wake enables */
	unsigned int		irq_count;	/* For detecting broken IRQs */
	unsigned long		last_unhandled;	/* Aging timer for unhandled count */
	unsigned int		irqs_unhandled;
	atomic_t		threads_handled;
	int			threads_handled_last;
	raw_spinlock_t		lock;
	struct cpumask		*percpu_enabled;
	const struct cpumask	*percpu_affinity;
	const struct cpumask	*affinity_hint;
	struct irq_affinity_notify *affinity_notify;
	cpumask_var_t		pending_mask;
	unsigned long		threads_oneshot;
	atomic_t		threads_active;
	wait_queue_head_t       wait_for_threads;
	unsigned int		nr_actions;
	unsigned int		no_suspend_depth;
	unsigned int		cond_suspend_depth;
	unsigned int		force_resume_depth;
	struct proc_dir_entry	*dir;
	struct rcu_head		rcu;
	int			parent_irq;
	struct module		*owner;
	const char		*name;
} ____cacheline_internodealigned_in_smp;

There is an action member in irq_desc, which is a struct irqaction type pointer and ultimately points to the struct irqaction list. Strct irqaction is defined as follows:

 * struct irqaction - per interrupt action descriptor
 * @handler:	interrupt handler function
 * @name:	name of the device
 * @dev_id:	cookie to identify the device
 * @percpu_dev_id:	cookie to identify the device
 * @next:	pointer to the next irqaction for shared interrupts
 * @irq:	interrupt number
 * @flags:	flags (see IRQF_* above)
 * @thread_fn:	interrupt handler function for threaded interrupts
 * @thread:	thread pointer for threaded interrupts
 * @secondary:	pointer to secondary irqaction (force threading)
 * @thread_flags:	flags related to @thread
 * @thread_mask:	bitmask for keeping track of @thread activity
 * @dir:	pointer to the proc/irq/NN/name entry
struct irqaction {
	irq_handler_t		handler;/* Here is the interrupt handler set by the user*/
	void			*dev_id;/* Private data set by users */
	void __percpu		*percpu_dev_id;
	struct irqaction     	*next; /* Used to compose linked lists */
	irq_handler_t		thread_fn;
	struct task_struct	*thread;
	struct irqaction	*secondary;
	unsigned int		irq;       /* interrupt number */
	unsigned int		flags;       /* Interrupt identification */    
	unsigned long		thread_flags;
	unsigned long		thread_mask;
	const char		*name;
	struct proc_dir_entry	*dir;
} ____cacheline_internodealigned_in_smp;

Another important member of irq_desc is irq_data, which is struct irq_data. It is mainly used to encapsulate interrupt operations related to hardware architecture. Its definition is as follows:

 * struct irq_data - per irq chip data passed down to chip functions
 * @mask:		precomputed bitmask for accessing the chip registers
 * @irq:		interrupt number
 * @hwirq:		hardware interrupt number, local to the interrupt domain
 * @common:		point to data shared by all irqchips
 * @chip:		low level interrupt hardware access
 * @domain:		Interrupt translation domain; responsible for mapping
 *			between hwirq number and linux irq number.
 * @parent_data:	pointer to parent struct irq_data to support hierarchy
 *			irq_domain
 * @chip_data:		platform-specific per-chip private data for the chip
 *			methods, to allow shared chip implementations
struct irq_data {
	u32			mask;
	unsigned int		irq;
	unsigned long		hwirq;
	struct irq_common_data	*common;
	struct irq_chip		*chip;      /* Processor hardware-related interrupt operations */
	struct irq_domain	*domain;
	struct irq_data		*parent_data;
	void			*chip_data;

The chip members in irq_data are related to the specific hardware processor. The opening and closing of interrupts and the setting and clearing of interrupt flag bits are related to the specific hardware cpu. In order to improve the framework hierarchy, the core abstracts all interrupt hardware operations into the struct irq_chip structure, which is defined in/include/linux/irq.h:

 * struct irq_chip - hardware interrupt chip descriptor
 * @parent_device:	pointer to parent device for irqchip
 * @name:		name for /proc/interrupts
 * @irq_startup:	start up the interrupt (defaults to ->enable if NULL)
 * @irq_shutdown:	shut down the interrupt (defaults to ->disable if NULL)
 * @irq_enable:		enable the interrupt (defaults to chip->unmask if NULL)
 * @irq_disable:	disable the interrupt
 * @irq_ack:		start of a new interrupt
 * @irq_mask:		mask an interrupt source
 * @irq_mask_ack:	ack and mask an interrupt source
 * @irq_unmask:		unmask an interrupt source
 * @irq_eoi:		end of interrupt
 * @irq_set_affinity:	set the CPU affinity on SMP machines
 * @irq_retrigger:	resend an IRQ to the CPU
 * @irq_set_type:	set the flow type (IRQ_TYPE_LEVEL/etc.) of an IRQ
 * @irq_set_wake:	enable/disable power-management wake-on of an IRQ
 * @irq_bus_lock:	function to lock access to slow bus (i2c) chips
 * @irq_bus_sync_unlock:function to sync and unlock slow bus (i2c) chips
 * @irq_cpu_online:	configure an interrupt source for a secondary CPU
 * @irq_cpu_offline:	un-configure an interrupt source for a secondary CPU
 * @irq_suspend:	function called from core code on suspend once per
 *			chip, when one or more interrupts are installed
 * @irq_resume:		function called from core code on resume once per chip,
 *			when one ore more interrupts are installed
 * @irq_pm_shutdown:	function called from core code on shutdown once per chip
 * @irq_calc_mask:	Optional function to set irq_data.mask for special cases
 * @irq_print_chip:	optional to print special chip info in show_interrupts
 * @irq_request_resources:	optional to request resources before calling
 *				any other callback related to this irq
 * @irq_release_resources:	optional to release resources acquired with
 *				irq_request_resources
 * @irq_compose_msi_msg:	optional to compose message content for MSI
 * @irq_write_msi_msg:	optional to write message content for MSI
 * @irq_get_irqchip_state:	return the internal state of an interrupt
 * @irq_set_irqchip_state:	set the internal state of a interrupt
 * @irq_set_vcpu_affinity:	optional to target a vCPU in a virtual machine
 * @ipi_send_single:	send a single IPI to destination cpus
 * @ipi_send_mask:	send an IPI to destination cpus in cpumask
 * @flags:		chip specific flags
struct irq_chip {
	struct device	*parent_device;
	const char	*name;
	unsigned int	(*irq_startup)(struct irq_data *data);
	void		(*irq_shutdown)(struct irq_data *data);
	void		(*irq_enable)(struct irq_data *data);
	void		(*irq_disable)(struct irq_data *data);

	void		(*irq_ack)(struct irq_data *data);
	void		(*irq_mask)(struct irq_data *data);
	void		(*irq_mask_ack)(struct irq_data *data);
	void		(*irq_unmask)(struct irq_data *data);
	void		(*irq_eoi)(struct irq_data *data);

	int		(*irq_set_affinity)(struct irq_data *data, const struct cpumask *dest, bool force);
	int		(*irq_retrigger)(struct irq_data *data);
	int		(*irq_set_type)(struct irq_data *data, unsigned int flow_type);
	int		(*irq_set_wake)(struct irq_data *data, unsigned int on);

	void		(*irq_bus_lock)(struct irq_data *data);
	void		(*irq_bus_sync_unlock)(struct irq_data *data);

	void		(*irq_cpu_online)(struct irq_data *data);
	void		(*irq_cpu_offline)(struct irq_data *data);

	void		(*irq_suspend)(struct irq_data *data);
	void		(*irq_resume)(struct irq_data *data);
	void		(*irq_pm_shutdown)(struct irq_data *data);

	void		(*irq_calc_mask)(struct irq_data *data);

	void		(*irq_print_chip)(struct irq_data *data, struct seq_file *p);
	int		(*irq_request_resources)(struct irq_data *data);
	void		(*irq_release_resources)(struct irq_data *data);

	void		(*irq_compose_msi_msg)(struct irq_data *data, struct msi_msg *msg);
	void		(*irq_write_msi_msg)(struct irq_data *data, struct msi_msg *msg);

	int		(*irq_get_irqchip_state)(struct irq_data *data, enum irqchip_irq_state which, bool *state);
	int		(*irq_set_irqchip_state)(struct irq_data *data, enum irqchip_irq_state which, bool state);

	int		(*irq_set_vcpu_affinity)(struct irq_data *data, void *vcpu_info);

	void		(*ipi_send_single)(struct irq_data *data, unsigned int cpu);
	void		(*ipi_send_mask)(struct irq_data *data, const struct cpumask *dest);

	unsigned long	flags;

Finally, another structure that must be mentioned is pt_regs, which, as you can see from the annotations, is mainly used to save the contents of registers to the kernel stack when the kernel interrupts and system calls occur, so that the context can be restored later.

 * This struct defines the way the registers are stored on the
 * kernel stack during a system call or other kernel entry
 * NOTE! I want to minimize the overhead of system calls, so this
 * struct has as little information as possible.  I does not have
 *  - floating point regs: the kernel doesn't change those
 *  - r9-15: saved by the C compiler
 * This makes "fork()" and "exec()" a bit more complex, but should
 * give us low system call latency.

struct pt_regs {
	unsigned long r0;
	unsigned long r1;
	unsigned long r2;
	unsigned long r3;
	unsigned long r4;
	unsigned long r5;
	unsigned long r6;
	unsigned long r7;
	unsigned long r8;
	unsigned long r19;
	unsigned long r20;
	unsigned long r21;
	unsigned long r22;
	unsigned long r23;
	unsigned long r24;
	unsigned long r25;
	unsigned long r26;
	unsigned long r27;
	unsigned long r28;
	unsigned long hae;
/* JRP - These are the values provided to a0-a2 by PALcode */
	unsigned long trap_a0;
	unsigned long trap_a1;
	unsigned long trap_a2;
/* These are saved by PAL-code: */
	unsigned long ps;
	unsigned long pc;
	unsigned long gp;
	unsigned long r16;
	unsigned long r17;
	unsigned long r18;

 * This is the extended stack used by signal handlers and the context
 * switcher: it's pushed after the normal "struct pt_regs".
struct switch_stack {
	unsigned long r9;
	unsigned long r10;
	unsigned long r11;
	unsigned long r12;
	unsigned long r13;
	unsigned long r14;
	unsigned long r15;
	unsigned long r26;
	unsigned long fp[32];	/* fp[31] is fpcr */

Kernel interrupt initialization process

In the process of discussing interrupt event propagation, the previous paper has not mentioned how and when some hardware-related operations are initialized, such as struct irq_chip-related settings, etc. To discuss these contents, we have to go back to the linux kernel boot stage.

In the start_kernel of / init/main.c, early_irq_init is called, which is located in / kernel/irq/irqdesc.c:

int __init early_irq_init(void)
	int count, i, node = first_online_node;
	struct irq_desc *desc;


	printk(KERN_INFO "NR_IRQS:%d\n", NR_IRQS);

	desc = irq_desc;
	count = ARRAY_SIZE(irq_desc);

    // Allocate interrupt descriptor structure for interrupts
	for (i = 0; i < count; i++) {
		desc[i].kstat_irqs = alloc_percpu(unsigned int);
		alloc_masks(&desc[i], GFP_KERNEL, node);
		lockdep_set_class(&desc[i].lock, &irq_desc_lock_class);
		desc_set_defaults(i, &desc[i], node, NULL, NULL);
    // arch_early_irq_init() is mainly used on x86 and PPC platforms, and is empty on other platforms.
	return arch_early_irq_init();

In start_kernel, immediately after early_irq_init is called init_IRQ, which is located at / arch/arm/kernel/irq.c:

void __init init_IRQ(void)
	int ret;

    // If the configuration is closed and machine_desc-> init_irq is not defined, machine_desc-> init_irq is generally defined.
	if (IS_ENABLED(CONFIG_OF) && !machine_desc->init_irq)
		machine_desc->init_irq();/* The specific cpu-related interrupt initialization function is called here. */

    // cpu-related cache-related initialization
	    (machine_desc->l2c_aux_mask || machine_desc->l2c_aux_val)) {
		if (!outer_cache.write_sec)
			outer_cache.write_sec = machine_desc->l2c_write_sec;
		ret = l2x0_of_init(machine_desc->l2c_aux_val,
		if (ret && ret != -ENODEV)
			pr_err("L2C: failed to init: %d\n", ret);


What is machine_desc mentioned above? Literally, it is a machine descriptor. For the ARM architecture, it is defined in / arch/arm/include/asm/mach/arch.h:

struct machine_desc {
	unsigned int		nr;		/* architecture number	*/
	const char		*name;		/* architecture name	*/
	unsigned long		atag_offset;	/* tagged list (relative) */
	const char *const 	*dt_compat;	/* array of device tree
						 * 'compatible' strings	*/

	unsigned int		nr_irqs;	/* number of IRQs */

	phys_addr_t		dma_zone_size;	/* size of DMA-able area */

	unsigned int		video_start;	/* start of video RAM	*/
	unsigned int		video_end;	/* end of video RAM	*/

	unsigned char		reserve_lp0 :1;	/* never has lp0	*/
	unsigned char		reserve_lp1 :1;	/* never has lp1	*/
	unsigned char		reserve_lp2 :1;	/* never has lp2	*/
	enum reboot_mode	reboot_mode;	/* default restart mode	*/
	unsigned		l2c_aux_val;	/* L2 cache aux value	*/
	unsigned		l2c_aux_mask;	/* L2 cache aux mask	*/
	void			(*l2c_write_sec)(unsigned long, unsigned);
	const struct smp_operations	*smp;	/* SMP operations	*/
	bool			(*smp_init)(void);
	void			(*fixup)(struct tag *, char **);
	void			(*dt_fixup)(void);
	long long		(*pv_fixup)(void);
	void			(*reserve)(void);/* reserve mem blocks	*/
	void			(*map_io)(void);/* IO mapping function	*/
	void			(*init_early)(void);
	void			(*init_irq)(void);
	void			(*init_time)(void);
	void			(*init_machine)(void);
	void			(*init_late)(void);
	void			(*handle_irq)(struct pt_regs *);
	void			(*restart)(enum reboot_mode, const char *);

The machine_desc structure is not usually defined directly in the kernel. Instead, the kernel provides a macro MACHINE_START to accomplish this task, which is defined in / arch/arm/include/asm/mach/arch.h:

 * Set of macros to define architecture features.  This is built into
 * a table by the linker.
#define MACHINE_START(_type,_name)			\
static const struct machine_desc __mach_desc_##_type	\
 __used							\
 __attribute__((__section__(""))) = {	\
	.nr		= MACH_TYPE_##_type,		\
	.name		= _name,

#define MACHINE_END				\

As you can see, the MACHINE_START macro not only simply defines the machine_desc structure, but also specifies that the machine_desc structure must be stored in the "" section using the gcc compiler attribute _attribute (("")) and where is the "" section? Now you need to look at / arch/arm/kernel/ The connection script has the following fragments: : {
		__arch_info_begin = .;
		__arch_info_end = .;

At the same time, the kernel provides the following tool functions for accessing and traversing the contents of the "" section:

 * Machine type table - also only accessible during boot
extern const struct machine_desc __arch_info_begin[], __arch_info_end[];
#define for_each_machine_desc(p)			\
	for (p = __arch_info_begin; p < __arch_info_end; p++)

With all that said, let's look at a specific example, such as the machine_desc definition for the commonly used mini2440 development board, which is located at / arch/arm/mach-s3c24xx/mach-mini2440.c:

	/* Maintainer: Michel Pollet <> */
	.atag_offset	= 0x100,
	.map_io		= mini2440_map_io,
	.init_machine	= mini2440_init,
	.init_irq	= s3c2440_init_irq,
	.init_time	= mini2440_init_time,

Since this article mainly talks about interruption, we will focus on s3c2440_init_irq:

void __init s3c2440_init_irq(void)
	pr_info("S3C2440: IRQ Support\n");


	s3c_intc[0] = s3c24xx_init_intc(NULL, &init_s3c2440base[0], NULL,
	if (IS_ERR(s3c_intc[0])) {
		pr_err("irq: could not create main interrupt controller\n");

	s3c24xx_init_intc(NULL, &init_eint[0], s3c_intc[0], 0x560000a4);
	s3c_intc[1] = s3c24xx_init_intc(NULL, &init_s3c2440subint[0],
					s3c_intc[0], 0x4a000018);

However, up to now, there is still no code for setting chip. In fact, the setting of chip is not a display call. It uses the same call mechanism as the kernel module initialization function, that is, the setting of chip is placed in an init initialization function, and the kernel automatically calls it. Take S3C2440 as an example, the code is in/arch/arm/mach-s3c24xx/bast-ir.c:

static __init int bast_irq_init(void)
	unsigned int i;

	if (machine_is_bast()) {
		printk(KERN_INFO "BAST PC104 IRQ routing, Copyright 2005 Simtec Electronics\n");

		/* zap all the IRQs */

		__raw_writeb(0x0, BAST_VA_PC104_IRQMASK);

		irq_set_chained_handler(BAST_IRQ_ISA, bast_irq_pc104_demux);

		/* register our IRQs */

		for (i = 0; i < 4; i++) {
			unsigned int irqno = bast_pc104_irqs[i];
            // Here we set the chip
			irq_set_chip_and_handler(irqno, &bast_pc104_chip,
			irq_clear_status_flags(irqno, IRQ_NOREQUEST);

	return 0;


Note the implementation of arch_initcall(bast_irq_init), in / include/linux/init.h:

#define arch_initcall(fn)		__define_initcall(fn, 3)

#define __define_initcall(fn, id) \
	static initcall_t __initcall_##fn##id __used \
	__attribute__((__section__(".initcall" #id ".init"))) = fn; \

See, principle and Modle_init and Modle_exit Principles of Kernel Modules Consistently, it's in the. initcall section.

Kernel interrupt request

Finally, the simplest part is the application and release of interrupts, which are often used in kernel-driven development. For example, an interrupt must be applied before using an interrupt. It is defined by the function request_irq in / include/linux/interrupt.h:

static inline int __must_check
request_irq(unsigned int irq, irq_handler_t handler, unsigned long flags,
	    const char *name, void *dev)
    // Convert directly to call request_threaded_irq
	return request_threaded_irq(irq, handler, NULL, flags, name, dev);
// Types of interrupt handling functions that users need to define
typedef irqreturn_t (*irq_handler_t)(int, void *);

Continue with the request_threaded_irq implementation:

 *	request_threaded_irq - allocate an interrupt line
 *	@irq: Interrupt line to allocate
 *	@handler: Function to be called when the IRQ occurs.
 *		  Primary handler for threaded interrupts
 *		  If NULL and thread_fn != NULL the default
 *		  primary handler is installed
 *	@thread_fn: Function called from the irq handler thread
 *		    If NULL, no irq thread is created
 *	@irqflags: Interrupt type flags
 *	@devname: An ascii name for the claiming device
 *	@dev_id: A cookie passed back to the handler function
 *	This call allocates interrupt resources and enables the
 *	interrupt line and IRQ handling. From the point this
 *	call is made your handler function may be invoked. Since
 *	your handler function must clear any interrupt the board
 *	raises, you must take care both to initialise your hardware
 *	and to set up the interrupt handler in the right order.
 *	If you want to set up a threaded irq handler for your device
 *	then you need to supply @handler and @thread_fn. @handler is
 *	still called in hard interrupt context and has to check
 *	whether the interrupt originates from the device. If yes it
 *	needs to disable the interrupt on the device and return
 *	IRQ_WAKE_THREAD which will wake up the handler thread and run
 *	@thread_fn. This split handler design is necessary to support
 *	shared interrupts.
 *	Dev_id must be globally unique. Normally the address of the
 *	device data structure is used as the cookie. Since the handler
 *	receives this value it makes sense to use it.
 *	If your interrupt is shared you must pass a non NULL dev_id
 *	as this is required when freeing the interrupt.
 *	Flags:
 *	IRQF_SHARED		Interrupt is shared
 *	IRQF_TRIGGER_*		Specify active edge(s) or level
int request_threaded_irq(unsigned int irq, irq_handler_t handler,
			 irq_handler_t thread_fn, unsigned long irqflags,
			 const char *devname, void *dev_id)
	struct irqaction *action;  // Define an action pointer that encapsulates the interrupt handler provided by the user
	struct irq_desc *desc;     // Interrupt descriptor
	int retval;

		return -ENOTCONN;

	 * Sanity-check: shared interrupts must pass in a real dev-ID,
	 * otherwise we'll have trouble later trying to figure out
	 * which interrupt is which (messes up the interrupt freeing
	 * logic etc).
	 * Also IRQF_COND_SUSPEND only makes sense for shared interrupts and
	 * it cannot be set along with IRQF_NO_SUSPEND.
	if (((irqflags & IRQF_SHARED) && !dev_id) ||
	    (!(irqflags & IRQF_SHARED) && (irqflags & IRQF_COND_SUSPEND)) ||
	    ((irqflags & IRQF_NO_SUSPEND) && (irqflags & IRQF_COND_SUSPEND)))
		return -EINVAL;

	desc = irq_to_desc(irq);  // The corresponding interrupt descriptor can be obtained according to the interrupt number (its allocation process has been discussed earlier)
	if (!desc)
		return -EINVAL;

	if (!irq_settings_can_request(desc) ||
		return -EINVAL;

	if (!handler) {
		if (!thread_fn)
			return -EINVAL;
		handler = irq_default_primary_handler;

	action = kzalloc(sizeof(struct irqaction), GFP_KERNEL); // Allocation acrion structure
	if (!action)
		return -ENOMEM;

    // Setting up action structure
	action->handler = handler;
	action->thread_fn = thread_fn;
	action->flags = irqflags;
	action->name = devname;
	action->dev_id = dev_id;  // Private data passed by users

	retval = irq_chip_pm_get(&desc->irq_data);
	if (retval < 0) {
		return retval;

    // Setting interrupts is actually adding the action structure to the list.
	retval = __setup_irq(irq, desc, action);

	if (retval) {

	if (!retval && (irqflags & IRQF_SHARED)) {
		 * It's a shared IRQ -- the driver ought to be prepared for it
		 * to happen immediately, so let's make sure....
		 * We disable the irq to make sure that a 'real' IRQ doesn't
		 * run in parallel with our fake.
		unsigned long flags;


		handler(irq, dev_id);

	return retval;

After interruption is completed, request_threaded_irq is used to release the interrupt. The code is located in / kernel/irq/management.c:

 *	free_irq - free an interrupt allocated with request_irq
 *	@irq: Interrupt line to free
 *	@dev_id: Device identity to free
 *	Remove an interrupt handler. The handler is removed and if the
 *	interrupt line is no longer in use by any driver it is disabled.
 *	On a shared IRQ the caller must ensure the interrupt is disabled
 *	on the card it drives before calling this function. The function
 *	does not return until any executing interrupts for this IRQ
 *	have completed.
 *	This function must not be called from interrupt context.
void free_irq(unsigned int irq, void *dev_id)
	struct irq_desc *desc = irq_to_desc(irq);// Again, get the interrupt descriptor first according to the interrupt number

	if (!desc || WARN_ON(irq_settings_is_per_cpu_devid(desc)))

	if (WARN_ON(desc->affinity_notify))
		desc->affinity_notify = NULL;

	kfree(__free_irq(irq, dev_id)); // Release the corresponding memory


_ free_irq has a lot of code, but the principle can be imagined as simple as finding the corresponding interrupt descriptor according to the interrupt number, finding the corresponding action, deleting it from the list, and releasing memory.

 * Internal function to unregister an irqaction - used to free
 * regular and special interrupts that are part of the architecture.
static struct irqaction *__free_irq(unsigned int irq, void *dev_id)
	struct irq_desc *desc = irq_to_desc(irq);
	struct irqaction *action, **action_ptr;
	unsigned long flags;

	WARN(in_interrupt(), "Trying to free IRQ %d from IRQ context!\n", irq);

	if (!desc)
		return NULL;

	raw_spin_lock_irqsave(&desc->lock, flags);

	 * There can be multiple actions per IRQ descriptor, find the right
	 * one based on the dev_id:
	action_ptr = &desc->action;
	for (;;) {
		action = *action_ptr;

		if (!action) {
			WARN(1, "Trying to free already-free IRQ %d\n", irq);
			raw_spin_unlock_irqrestore(&desc->lock, flags);
			return NULL;

		if (action->dev_id == dev_id)
		action_ptr = &action->next;

	/* Found it - now remove it from the list of entries: */
	*action_ptr = action->next;

	irq_pm_remove_action(desc, action);

	/* If this was the last handler, shut down the IRQ line: */
	if (!desc->action) {

	/* make sure affinity_hint is cleaned up */
	if (WARN_ON_ONCE(desc->affinity_hint))
		desc->affinity_hint = NULL;

	raw_spin_unlock_irqrestore(&desc->lock, flags);

	unregister_handler_proc(irq, action);

	/* Make sure it's not being used on another CPU: */

	 * It's a shared IRQ -- the driver ought to be prepared for an IRQ
	 * event to happen even now it's being freed, so let's make sure that
	 * is so by doing an extra call to the handler ....
	 * ( We do this after actually deregistering it, to make sure that a
	 *   'real' IRQ doesn't run in * parallel with our fake. )
	if (action->flags & IRQF_SHARED) {
		action->handler(irq, dev_id);

	if (action->thread) {
		if (action->secondary && action->secondary->thread) {

	return action;


As I said so much, I think many people are confused. In fact, although there are many contents, the idea is clear. In order to string the structures mentioned above, I embezzle a diagram on the Internet to illustrate that the structure shown in the following figure and the source code of my analysis are somewhat surprising, because the version of the core based on this graph is much lower than the version I refer to (after 4.0). No hindrance to understanding.


Keywords: Linux C glibc Linker

Added by michaellunsford on Mon, 24 Jun 2019 03:51:20 +0300