Semiconductor Insights conducts technical investigations of alleged patent infringement, and through this work, we have gained insight into how the inter-processor communication (IPC) mechanism works on a multicore Qualcomm chipset, like the MSM 7200. This particular chipset features two ARM processors (ARM11 and ARM9), two proprietary DSP processors and a host of cellular and support hardware.
The ARM11 processor is tasked with running the PDA functionality of the handset, communicating through IPC to other cores that support communication and multimedia functionality.
In this article, we'll examine the IPC mechanism used by Google's Android software to communicate between the main ARM11 processor and the other processor cores on the MSM 7200. We'll also examine the closed-source Windows Mobile driver for a commercial cell phone which happens to use the same MSM 7200 chipset.
Android is based on the Linux kernel (the so-called "Titanux" distribution) and provides support for communications between the user-level application programs, running under Linux, on the ARM11 and the other processors.
First off, the IPC mechanism discussed here is at the lowest level--all other inter-CPU IPC mechanisms use it as the base. For example, a TCP/IP connection through the ARM11 processor to another processor ends up going through this IPC mechanism. Diagnostic messages are another example of messages that rely on this low-level IPC.
The IPC mechanism is implemented with two sides--a "client side," which faces the kernel and provides a callback-based style of interface, and a "CPU side," which provides the interface to the other CPUs. The CPU side is implemented as a shared-memory interface, with interrupts and a "doorbell" mechanism. At the highest level, to send messages from the ARM11 to another CPU, the message content is placed in a buffer in shared memory and a hardware port is tickled to indicate to the other CPU that data is available. In the reverse direction, the data is placed into shared memory by the other CPU and a hardware interrupt is triggered on the ARM11. This hardware interrupt causes the ARM11 to examine the shared memory's buffer, retrieve the message and route it to the client.
The shared memory layout is as follows in Figure 1:
Figure 1: MSM7200 shared memory layout
The shared data structure consists of four headers: an interprocessor communications control area, 32 unsigned words of version information, information about the heap and 128 table-of-contents (TOC) entries. The four headers are followed by 64 instances of an 8,212-byte data structure, which consists of 20 bytes of header and 8,192 bytes of buffer.
The TOC entries contain information about each of the 8,212-byte data structures in shared memory (we'll refer to these data structures as "channels"). A TOC entry indicates the contents of the structure; that is to say, the structure has (1) an indication of whether it is allocated, (2) an offset within the shared memory and (3) the size of the shared memory.
Each of the 64 struct half_channel array elements contains a header and an 8,192-byte data buffer:
struct smd_half_channel
{
unsigned state;
unsigned char fDSR;
unsigned char fCTS;
unsigned char fCD;
unsigned char fRI;
unsigned char fHEAD;
unsigned char fTAIL;
unsigned char fSTATE;
unsigned char fUNUSED;
unsigned tail;
unsigned head;
unsigned char data [SMD_BUF_SIZE];
};
It's interesting to see that old, RS-232 hardware signal names are used: DSR (Data Set Ready), CTS (Clear To Send), CD (Carrier Detect) and RI (Ring Indicate).
The head and tail members allow the data buffer to be a variable size and usable with a ring-buffer implementation.
As mentioned previously, the IPC mechanism operates on an interrupt basis. When one of the other processors wants to send data to the ARM11, it places the data into one of the 64 channels (the struct half_channel); modifies the fTAIL, fHEAD and/or fSTATE flag; and raises an interrupt line to the ARM11.
