CN105224403A - A kind of interruption processing method and device - Google Patents
A kind of interruption processing method and device Download PDFInfo
- Publication number
- CN105224403A CN105224403A CN201510595712.7A CN201510595712A CN105224403A CN 105224403 A CN105224403 A CN 105224403A CN 201510595712 A CN201510595712 A CN 201510595712A CN 105224403 A CN105224403 A CN 105224403A
- Authority
- CN
- China
- Prior art keywords
- world
- processing function
- interrupt processing
- security
- target interrupt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the invention discloses a kind of interruption processing method and device, described method comprises: when system code moves to target location timing generation security interrupt in the non-security world, obtain the exception vector table of safer world; Judge whether the target interrupt processing function associated with described exception vector table is performed by the non-security world; If described target interrupt processing function is performed by the non-security world, then control described safer world by the address transfer of described target interrupt processing function to the non-security world; Control described non-security world target interrupt processing function according to described address search, and perform described target interrupt processing function.Adopt the present invention, scheduling under OS and shared drive operation can be realized, meet the relevant access of OS under the non-security world.
Description
Technical field
The present invention relates to electronic technology field, particularly relate to a kind of interruption processing method and device.
Background technology
Product business is when carrying out driving process, the operation of carrying out locking is needed in critical section, now need interrupt request (interruptrequest, IRQ) shield, with the impact preventing service disconnection from operating it, if but now the scene of deadlock appears in software, so CPU then cannot carry out any operation, interrupts conductively-closed simultaneously and also cannot enter any interrupt processing.
Need to propose corresponding solution for above-mentioned scene, at the RISC machine (Advanced (ReducedInstructionSetComputer of advanced person, RISC) Machines, ARM) in V8 framework, TrustZone technology is relied on system resource to be divided into respectively safer world and the non-security world, security of system/non-security level as shown in Figure 1, be divided into EL0/1/2/3 totally 4 levels, wherein EL3 only has security level, EL2 only has non-security level, under OS kernel state operates in non-security EL1.
The interrupt number that correspondence is interrupted can be configured to security interrupt or non-security interruption by further dependence TrustZone technology, even if to IRQ/ fast interrupt requests (fastinterruptrequest under product business OS, FIQ) interrupt shielding, security interrupt also can trigger, namely the triggering of this security interrupt cannot be shielded under OS, such as, when being security interrupt by WatchDog Timer interrupt configuration, WatchDog Timer interrupts cannot conductively-closed.
In ARMV8 framework, timing produces security interrupt and monitors, and prevents the scene of software deadlock from occurring.When security interrupt is after safer world triggers, then enter the exception vector entrance of safer world, and realize at safer world and perform the interrupt processing function associated with exception vector; When security interrupt is after the non-security world triggers, be also the exception vector entrance entering into safer world EL3, and realize in the EL3 level of safer world and perform the interrupt processing function associated with exception vector.
This mode, all execution of interrupt processing function are in the EL3 security level of safer world, and the EL3 level of safer world cannot realize scheduling under OS and shared drive operation, and safer world and the non-security world use the configuration of different page table, the relevant access of OS under the non-security world cannot be met.
Summary of the invention
The embodiment of the present invention provides a kind of interruption processing method and device, the target interrupt processing function associated with the exception vector table of safer world can be turned and be performed by the non-security world, thus scheduling under realizing OS and shared drive operation, meet the relevant access of OS under the non-security world.
Embodiment of the present invention first aspect provides a kind of interruption processing method, can comprise:
When system code moves to target location timing generation security interrupt in the non-security world, obtain the exception vector table of safer world;
Judge whether the target interrupt processing function associated with described exception vector table is performed by the non-security world;
If described target interrupt processing function is performed by the non-security world, then control described safer world by the address transfer of described target interrupt processing function to the non-security world;
Control described non-security world target interrupt processing function according to described address search, and perform described target interrupt processing function.
Based on first aspect, in the first feasible embodiment of first aspect, the address of described target interrupt processing function is system by ACPI ACPI or synchronous abnormality command to the address of safer world.
Based on first aspect, in the embodiment that the second of first aspect is feasible, whether the target interrupt processing function that described judgement associates with described exception vector table also comprises before being performed by the non-security world:
Obtain the target interrupt number of the target interrupt processing function associated with described exception vector table;
Whether the target interrupt processing function that described judgement associates with described exception vector table is performed by the non-security world, comprising:
The interrupt processing function corresponding according to each interrupt number pre-set performs world's classification, judges whether the target interrupt processing function that described target interrupt number is corresponding is performed by the non-security world; Described execution world classification comprises safer world and performs or the execution of the non-security world.
Based on the embodiment that the second of first aspect is feasible, in the third feasible embodiment of first aspect, after described execution described target interrupt processing function, also comprise:
If detect, described target interrupt processing function is complete, controls the described non-security world and indicates described target interrupt processing function to be finished by security invocation assembly instruction to described safer world;
Control described safer world according to the data backed up in advance, recover the context data of described target location, and executive system code is continued in the described target location being back to the described non-security world.
Based on the embodiment that the second of first aspect is feasible, in the 4th kind of feasible embodiment of first aspect, described method also comprises:
If the target interrupt processing function that described target interrupt number is corresponding is performed by safer world, then control described safer world and call and perform described target interrupt processing function.
Second aspect present invention provides a kind of interrupt processing device, comprising:
First acquisition module, for when system code moves to target location timing generation security interrupt in the non-security world, obtains the exception vector table of safer world;
Judge module, for judging whether the target interrupt processing function associated with described exception vector table is performed by the non-security world;
First control module, if be performed by the non-security world for described target interrupt processing function, then controls described safer world by the address transfer of described target interrupt processing function to the non-security world;
Second control module, for controlling described non-security world target interrupt processing function according to described address search, and performs described target interrupt processing function.
Based on second aspect, in the first feasible embodiment of second aspect, the address of described target interrupt processing function is system by ACPI ACPI or synchronous abnormality command to the address of safer world.
Based on second aspect, in the embodiment that the second of second aspect is feasible, described device also comprises:
Second acquisition module, for obtaining the target interrupt number of the target interrupt processing function associated with described exception vector table;
Described judge module performs world's classification specifically for the interrupt processing function corresponding according to each interrupt number pre-set, and judges whether the target interrupt processing function that described target interrupt number is corresponding is performed by the non-security world; Described execution world classification comprises safer world and performs or the execution of the non-security world.
Based on the embodiment that second aspect the second is feasible, in the third feasible embodiment of second aspect, described device also comprises:
3rd control module, if complete for described target interrupt processing function being detected, controlling the described non-security world and indicating described target interrupt processing function to be finished by security invocation assembly instruction to described safer world;
4th control module, for controlling described safer world according to the data backed up in advance, recovers the context data of described target location, and executive system code is continued in the described target location being back to the described non-security world.
Based on the embodiment that second aspect the second is feasible, in the 4th kind of feasible embodiment of second aspect, described device also comprises:
5th control module, if performed by safer world for the target interrupt processing function that described target interrupt number is corresponding, then controls described safer world and calls and perform described target interrupt processing function.
In the embodiment of the present invention, when system code moves to target location timing generation security interrupt in the non-security world, obtain the exception vector table of safer world, judge whether the target interrupt processing function associated with this exception vector table is performed by the non-security world, if this target interrupt processing function is performed by the non-security world, then control safer world by the address transfer of target interrupt processing function to the non-security world, control the non-security world according to this address search to target interrupt processing function, and perform this target interrupt processing function, the target interrupt processing function associated with the exception vector table of safer world can turn and performed by the non-security world by this mode, thus scheduling under realizing OS and shared drive operation, meet the relevant access of OS under the non-security world.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of ARMV8 configuration diagram that the embodiment of the present invention provides;
Fig. 2 is the schematic flow sheet of a kind of interruption processing method that the embodiment of the present invention provides;
Fig. 3 is the schematic flow sheet of the another kind of interruption processing method that the embodiment of the present invention provides;
Fig. 4 is a kind of application scenarios schematic diagram in conjunction with concrete software that the embodiment of the present invention provides;
Fig. 5 is the structural representation of a kind of interrupt processing device that the embodiment of the present invention provides;
Fig. 6 is a kind of hardware structure schematic diagram that the embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Please refer to Fig. 1, it is a kind of ARMV8 configuration diagram that the embodiment of the present invention provides, as shown in the figure, this system architecture comprises the non-security world and safer world, and wherein safety/non-security level is as shown below, is divided into abnormal level (ExceptionLevel, EL) 0/1/2/3 totally 4 levels, wherein EL3 only has security level, and EL2 only has non-security level, under OS kernel state operates in the EL1 in the non-security world.Rely on TrustZone technology corresponding interrupt number can be configured to security interrupt or non-security interruption, even if interrupt shielding to IRQ/FIQ under product business OS, security interrupt also can trigger, and namely cannot shield the triggering of this interruption under OS, such as WatchDog Timer.
After security interrupt triggers, the exception vector entrance process of the non-security world EL1 that this security interrupt configures under cannot directly entering OS, but enter into the exception vector entrance of safer world EL3, this exception vector is by safer world initialization, and the safer world of EL3 level cannot realize scheduling under OS and shared drive operation (only having the non-security world just can realize scheduling under OS and shared drive), and safer world and the non-security world use different page table configurations, the relevant access of OS under the non-security world cannot be met, as operations such as log recordings.Therefore, the embodiment of the present invention proposes a kind of interruption processing method for this problem, the target interrupt processing function needs that associate with the exception vector of safer world can be worked as when the non-security world performs, the address of this target interrupt processing function is transferred to the non-security world by safer world, and performing this target interrupt processing function by the non-security world, the address of this target interrupt processing function is passed to safer world by system in advance.This mode can realize scheduling under OS and shared drive, can meet the relevant access of OS under the non-security world simultaneously.
Below in conjunction with accompanying drawing 2 to accompanying drawing 4, the interruption processing method that the embodiment of the present invention provides is introduced and is illustrated.
Please refer to Fig. 2, is the schematic flow sheet of a kind of interruption processing method that the embodiment of the present invention provides; As shown in Figure 2, described interruption processing method comprises:
S200, when system code moves to target location timing generation security interrupt in the non-security world, obtains the exception vector table of safer world;
In the embodiment of the present invention, in order to prevent software deadlock, system regularly can produce security interrupt, obtains the exception vector table of safer world, thus processes corresponding problem and prevent software deadlock, namely software deadlock is lock in critical section, IRQ is interrupted shielding, but there is deadlock in the software now in processor, cannot run, processor then can not carry out any operation, can not process other and interrupt.In the present embodiment, timing produces security interrupt, obtains the exception vector table of safer world, thus can Timeliness coverage problem, then processes, prevents software deadlock.
Interruption refers to when occurring needs, and namely during down trigger, CPU temporarily stops the execution of present procedure then performs the program of process new situation.Such as, in program operation process, there is a situation that must be processed immediately by CPU in system, and now, CPU supspends the execution of program then processes this news.Interrupt a kind of asynchronous exception at last.
Interruption is divided into IRQ and FIQ, and the interruption usually used in operating system aspect is IRQ, is generally used for non-security interruption.And FIQ is generally used for and responds interruption fast, be generally used for security interrupt.Security interrupt in this programme is the interruption entering into the process of EL3 safer world, is therefore FIQ, FIQ is configured to security interrupt, and security interrupt routes to EL3 process after producing, and obtains the exception vector table of safer world.
S201, judges whether the target interrupt processing function associated with described exception vector table is performed by the non-security world;
In the embodiment of the present invention, judge whether the target interrupt processing function associated with the exception vector table of safer world is performed by the non-security world.It should be noted that, before interruption is enable, system OS is first by ACPI (advancedconfigurationandpowerinterface, ACPI) or security invocation monitoring (securemonitorcall, smc) synchronous abnormality instruction the address of this target interrupt processing function is passed to security level EL3.
Smc is the assembly instruction of a security invocation, is the synchronous abnormality instruction being entered safer world based on the CPU of ARM64 framework by the non-security world.Time execution smc calls, Transfer Parameters can be carried out by the value X0-X7 of register in core at that time.The specification calling the calling convention meeting SMC of smc, this programme uses and has entity number (OwningEntityNumber in its specification, OEM) item utilizes, X1 transmits the address of target interrupt processing function, after entering safer world EL3 by smc instruction, preserve in EL3.
After security interrupt triggers, enter into the exception vector table of safer world EL3Firmware, walk different branches by the target interrupt number of target interrupt processing function, if interruption corresponding to this target interrupt number is the non-security world perform classification, then walk the flow process of being taken over by the non-security world; Otherwise then walk the flow process of safer world adapter.Different execution world classification corresponding to interrupt number is preset by system, performs world's classification and comprises safer world execution and the execution of the non-security world.
S202, if described target interrupt processing function is performed by the non-security world, then controls described safer world by the address transfer of described target interrupt processing function to the non-security world; The address of described target interrupt processing function is system by ACPI ACPI or synchronous abnormality command to the address of safer world.
In the embodiment of the present invention, if target interrupt processing function is performed by the non-security world, then the interruption context of target location is preserved by EL3 firmware, target interrupt processing function address is transferred to the non-security world simultaneously, wherein, interrupt context and comprise the general-purpose register X0-X30 before interrupting generation, status register, interruption produce the stack pointer in address and the non-security world.
S203, controls described non-security world target interrupt processing function according to described address search, and performs described target interrupt processing function.
In the embodiment of the present invention, the target interrupt processing function in the non-security world can be entered into by an eret assembly instruction by safer world, in this eret assembly instruction, carry the address of target interrupt processing function.Get final product the execution of target approach interrupt processing function according to the address of target interrupt processing function, in performance objective interrupt processing functional procedure, carry out black box record.
After executing target interrupt processing function, be back to safer world, then recover according to the context preserved before, exit treatment scheme thus continue to perform under the non-security world.
In the embodiment of the present invention, when system code moves to target location timing generation security interrupt in the non-security world, obtain the exception vector table of safer world, judge whether the target interrupt processing function associated with this exception vector table is performed by the non-security world, if this target interrupt processing function is performed by the non-security world, then control safer world by the address transfer of target interrupt processing function to the non-security world, control the non-security world according to this address search to target interrupt processing function, and perform this target interrupt processing function, the target interrupt processing function associated with the exception vector table of safer world can turn and performed by the non-security world by this mode, thus scheduling under realizing OS and shared drive operation, meet the relevant access of OS under the non-security world.
Please refer to Fig. 3, is the schematic flow sheet of the another kind of interruption processing method that the embodiment of the present invention provides; As shown in Figure 3, described interruption processing method comprises:
S300, when system code moves to target location timing generation security interrupt in the non-security world, obtains the exception vector table of safer world;
Embodiment of the present invention step S300 please refer to the embodiment step S200 of Fig. 2, does not repeat them here.
S301, obtains the target interrupt number of the target interrupt processing function associated with described exception vector table;
In the embodiment of the present invention, in safer world, all interrupt number is provided with to each interrupt processing function, obtaining the execution world classification of the target interrupt processing function associated with exception vector table, need the target interrupt number obtaining target interrupt processing function in advance, this target interrupt number is used for this target interrupt function of unique identification.
S302, the interrupt processing function corresponding according to each interrupt number pre-set performs world's classification, judges whether the target interrupt processing function that described target interrupt number is corresponding is performed by the non-security world; Described execution world classification comprises safer world and performs or the execution of the non-security world.
In the embodiment of the present invention, interrupt processing function corresponding to each interrupt number in safer world is all provided with and performs world's classification, performs world's classification and comprises safer world execution or the execution of the non-security world.In each interrupt number pre-set, search the interrupt number mated with target interrupt number, and the execution world classification corresponding with the interrupt number that target interrupt number mates is defined as the execution world classification of target interrupt processing function.
S303, if described target interrupt processing function is performed by the non-security world, then controls described safer world by the address transfer of described target interrupt processing function to the non-security world;
S304, controls described non-security world target interrupt processing function according to described address search, and performs described target interrupt processing function.
Embodiment of the present invention step S303-S304 please refer to the embodiment step S202-S203 of Fig. 2, does not repeat them here.
S305, if detect, described target interrupt processing function is complete, controls the described non-security world and indicates described target interrupt processing function to be finished by security invocation assembly instruction to described safer world;
In the embodiment of the present invention, if detect, target interrupt processing function is complete, and the non-security world enters EL3 level by the instruction of smc synchronous abnormality, and indicating target interrupt processing function is finished, import assigned I D into, this assigned I D is used to indicate follow-up processing flow simultaneously.
S306, controls described safer world according to the data backed up in advance, recovers the context data of described target location, and executive system code is continued in the described target location being back to the described non-security world.
In the embodiment of the present invention, when smc enters EL3 level synchronous abnormality vector, software, according to the value importing different ID into, walks different process branches.Recover according to the context data of the target location of preserving before again, thus the target location after exiting treatment scheme under the non-security world continues to perform.
S307, if target interrupt processing function corresponding to described target interrupt number is performed by safer world, then controls described safer world and calls and perform described target interrupt processing function.
In the embodiment of the present invention, if target interrupt processing function corresponding to target interrupt number pre-set is performed by safer world, then safer world can directly call and performance objective interrupt processing function.
In the embodiment of the present invention, when system code moves to target location timing generation security interrupt in the non-security world, obtain the exception vector table of safer world, judge whether the target interrupt processing function associated with this exception vector table is performed by the non-security world, if this target interrupt processing function is performed by the non-security world, then control safer world by the address transfer of target interrupt processing function to the non-security world, control the non-security world according to this address search to target interrupt processing function, and perform this target interrupt processing function, the target interrupt processing function associated with the exception vector table of safer world can turn and performed by the non-security world by this mode, thus scheduling under realizing OS and shared drive operation, meet the relevant access of OS under the non-security world.
Please refer to Fig. 4, for a kind of application scenarios schematic diagram in conjunction with concrete software that the embodiment of the present invention provides, in the EL1 level in the non-security world, when OS system code moves to A place timing generation security interrupt, enter the exception vector table of EL3 safer world, the context of safer world EL3 to A place is preserved simultaneously, is generally general-purpose register X0-X30, interrupts producing address ELR_EL3, SPSR_EL3;
Then judge whether to be performed by the non-security world according to the interrupt number of the target interrupt processing function associated with exception vector table;
If not perform (being namely performed by safer world) by the non-security world, then called and performance objective interrupt processing function by safer world, then interrupt context and recover, the A place being finally back to the non-security world continues to perform;
If performed by the non-security world, amendment ELR_EL3 abnormal return address is the address of the target interrupt processing function that system is transmitted, and is namely to the non-security world by the address transfer of target interrupt processing function.The context preserved is preserved together with SP_EL0, SP_EL1, SP_EL2 simultaneously, and back up;
Non-security world's performance objective interrupt processing function, when target interrupt processing function is finished, is called by smc instruction, enters EL3, and import assigned I D into;
The instruction of Smc synchronous abnormality enters EL3, enters corresponding process grouping according to instruction ID, carries out the context recovery of target location in process branched program according to backup;
The A place that synchronous abnormality is back to the non-security world continues to perform.
Below in conjunction with accompanying drawing 5 to accompanying drawing 6, set forth the specific implementation of the interrupt processing device that the embodiment of the present invention provides.
Please refer to Fig. 5, for the structural representation of a kind of interrupt processing device that the embodiment of the present invention provides, as shown in Figure 5, a kind of interrupt processing device described in the present embodiment comprises: the first acquisition module 100, judge module 101, first control module 102 and the second control module 103.
First acquisition module 100, for when system code moves to target location timing generation security interrupt in the non-security world, obtains the exception vector table of safer world;
In the embodiment of the present invention, in order to prevent software deadlock, system regularly can produce security interrupt, and the first acquisition module 100 obtains the exception vector table of safer world, thus processes corresponding problem and prevent software deadlock, namely software deadlock is lock in critical section, IRQ is interrupted shielding, but there is deadlock in the software now in processor, cannot run, processor then can not carry out any operation, can not process other and interrupt.In the present embodiment, timing produces security interrupt, obtains the exception vector table of safer world, thus can Timeliness coverage problem, then processes, prevents software deadlock.
Interruption refers to when occurring needs, and namely during down trigger, CPU temporarily stops the execution of present procedure then performs the program of process new situation.Such as, in program operation process, there is a situation that must be processed immediately by CPU in system, and now, CPU supspends the execution of program then processes this news.Interrupt a kind of asynchronous exception at last.
Interruption is divided into IRQ and FIQ, and the interruption usually used in operating system aspect is IRQ, is generally used for non-security interruption.And FIQ is generally used for and responds interruption fast, be generally used for security interrupt.Security interrupt in this programme is the interruption entering into the process of EL3 safer world, is therefore FIQ, FIQ is configured to security interrupt, and security interrupt routes to EL3 process after producing, and obtains the exception vector table of safer world.
Judge module 101, for judging whether the target interrupt processing function associated with described exception vector table is performed by the non-security world;
In the embodiment of the present invention, judge module 101 judges whether the target interrupt processing function associated with the exception vector table of safer world is performed by the non-security world.It should be noted that, before interruption is enable, system OS is first by ACPI (advancedconfigurationandpowerinterface, ACPI) or security invocation monitoring (securemonitorcall, smc) synchronous abnormality instruction the address of this target interrupt processing function is passed to security level EL3.
Smc is the assembly instruction of a security invocation, is the synchronous abnormality instruction being entered safer world based on the CPU of ARM64 framework by the non-security world.Time execution smc calls, Transfer Parameters can be carried out by the value X0-X7 of register in core at that time.The specification calling the calling convention meeting SMC of smc, this programme uses and has entity number (OwningEntityNumber in its specification, OEM) item utilizes, X1 transmits the address of target interrupt processing function, after entering safer world EL3 by smc instruction, preserve in EL3.
After security interrupt triggers, enter into the exception vector table of safer world EL3Firmware, walk different branches by the target interrupt number of target interrupt processing function, if interruption corresponding to this target interrupt number is the non-security world perform classification, then walk the flow process of being taken over by the non-security world; Otherwise then walk the flow process of safer world adapter.Different execution world classification corresponding to interrupt number is preset by system, performs world's classification and comprises safer world execution and the execution of the non-security world.
First control module 102, if be performed by the non-security world for described target interrupt processing function, then controls described safer world by the address transfer of described target interrupt processing function to the non-security world;
In the embodiment of the present invention, if target interrupt processing function is performed by the non-security world, then the interruption context of target location is preserved by EL3 firmware, target interrupt processing function address is transferred to the non-security world by the first control module 102 simultaneously, wherein, interrupt context and comprise the general-purpose register X0-X30 before interrupting generation, status register, interruption produce the stack pointer in address and the non-security world.
Second control module 103, for controlling described non-security world target interrupt processing function according to described address search, and performs described target interrupt processing function.
In the embodiment of the present invention, the target interrupt processing function in the non-security world can be entered into by an eret assembly instruction by safer world, in this eret assembly instruction, carry the address of target interrupt processing function.Second control module 103 gets final product the execution of target approach interrupt processing function according to the address of target interrupt processing function, carries out black box record in performance objective interrupt processing functional procedure.
After executing target interrupt processing function, be back to safer world, then recover according to the context preserved before, exit treatment scheme thus continue to perform under the non-security world.
Optionally, this device can also comprise the second acquisition module 104;
Second acquisition module 104, for obtaining the target interrupt number of the target interrupt processing function associated with described exception vector table;
In the embodiment of the present invention, in safer world, all interrupt number is provided with to each interrupt processing function, second acquisition module 104 is obtaining the execution world classification of the target interrupt processing function associated with exception vector table, need the target interrupt number obtaining target interrupt processing function in advance, this target interrupt number is used for this target interrupt function of unique identification.
Described judge module 101 performs world's classification specifically for the interrupt processing function corresponding according to each interrupt number pre-set, and judges whether the target interrupt processing function that described target interrupt number is corresponding is performed by the non-security world; Described execution world classification comprises safer world and performs or the execution of the non-security world.
In the embodiment of the present invention, interrupt processing function corresponding to each interrupt number in safer world is all provided with and performs world's classification, performs world's classification and comprises safer world execution or the execution of the non-security world.In each interrupt number pre-set, search the interrupt number mated with target interrupt number, and the execution world classification corresponding with the interrupt number that target interrupt number mates is defined as the execution world classification of target interrupt processing function.
Further alternative, this device can also comprise the 3rd control module 105 and the 4th control module 106;
3rd control module 105, if complete for described target interrupt processing function being detected, controlling the described non-security world and indicating described target interrupt processing function to be finished by security invocation assembly instruction to described safer world;
In the embodiment of the present invention, if detect, target interrupt processing function is complete, 3rd control module 105 controls the non-security world and enters EL3 level by the instruction of smc synchronous abnormality, indicating target interrupt processing function is finished, import assigned I D into, this assigned I D is used to indicate follow-up processing flow simultaneously.
4th control module 106, for controlling described safer world according to the data backed up in advance, recovers the context data of described target location, and executive system code is continued in the described target location being back to the described non-security world.
In the embodiment of the present invention, when smc enters EL3 level synchronous abnormality vector, software, according to the value importing different ID into, walks different process branches.4th control module 106 is recovered according to the context data of the target location of preserving before again, thus the target location after exiting treatment scheme under the non-security world continues to perform.
Further alternative, this device also comprises the 5th control module 107;
5th control module 107, if performed by safer world for the target interrupt processing function that described target interrupt number is corresponding, then controls described safer world and calls and perform described target interrupt processing function.
In the embodiment of the present invention, if target interrupt processing function corresponding to target interrupt number pre-set is performed by safer world, then the 5th control module 107 controls safer world and can directly call and performance objective interrupt processing function.
In the embodiment of the present invention, when system code moves to target location timing generation security interrupt in the non-security world, obtain the exception vector table of safer world, judge whether the target interrupt processing function associated with this exception vector table is performed by the non-security world, if this target interrupt processing function is performed by the non-security world, then control safer world by the address transfer of target interrupt processing function to the non-security world, control the non-security world according to this address search to target interrupt processing function, and perform this target interrupt processing function, the target interrupt processing function associated with the exception vector table of safer world can turn and performed by the non-security world by this mode, thus scheduling under realizing OS and shared drive operation, meet the relevant access of OS under the non-security world.
Please refer to Fig. 6, for a kind of hardware structure figure that the embodiment of the present invention provides, as shown in the figure, this hardware structure comprises central processing unit (CentralProcessingUnit, CPU), such as 64 arm processors, this hardware structure also comprises internal memory, internal memory is connected with processor with main memory access 1 respectively by main memory access 0, processor is also connected with Basic Input or Output System (BIOS) by serial peripheral structure, processor is connected with network interface by physical chip, and processor also comprises multimedia card interface, and this interface connects multimedia card or flash card.This processor also can pass through serial connecting small computer system interface hard disk.Internal memory is used for program code stored, and processor performs interruption processing method for calling the program code stored in storer;
When system code moves to target location timing generation security interrupt in the non-security world, obtain the exception vector table of safer world;
Judge whether the target interrupt processing function associated with described exception vector table is performed by the non-security world;
If described target interrupt processing function is performed by the non-security world, then control described safer world by the address transfer of described target interrupt processing function to the non-security world;
Control described non-security world target interrupt processing function according to described address search, and perform described target interrupt processing function.
Optionally, in order to prevent software deadlock, system regularly can produce security interrupt, obtains the exception vector table of safer world, thus processes corresponding problem and prevent software deadlock, namely software deadlock is lock in critical section, IRQ is interrupted shielding, but there is deadlock in the software now in processor, cannot run, processor then can not carry out any operation, can not process other and interrupt.In the present embodiment, timing produces security interrupt, obtains the exception vector table of safer world, thus can Timeliness coverage problem, then processes, prevents software deadlock.
Interruption refers to when occurring needs, and namely during down trigger, CPU temporarily stops the execution of present procedure then performs the program of process new situation.Such as, in program operation process, there is a situation that must be processed immediately by CPU in system, and now, CPU supspends the execution of program then processes this news.Interrupt a kind of asynchronous exception at last.
Interruption is divided into IRQ and FIQ, and the interruption usually used in operating system aspect is IRQ, is generally used for non-security interruption.And FIQ is generally used for and responds interruption fast, be generally used for security interrupt.Security interrupt in this programme is the interruption entering into the process of EL3 safer world, is therefore FIQ, FIQ is configured to security interrupt, and security interrupt routes to EL3 process after producing, and obtains the exception vector table of safer world.
Optionally, judge whether the target interrupt processing function associated with the exception vector table of safer world is performed by the non-security world.It should be noted that, before interruption is enable, system OS is first by ACPI (advancedconfigurationandpowerinterface, ACPI) or security invocation monitoring (securemonitorcall, smc) synchronous abnormality instruction the address of this target interrupt processing function is passed to security level EL3.
Smc is the assembly instruction of a security invocation, is the synchronous abnormality instruction being entered safer world based on the CPU of ARM64 framework by the non-security world.Time execution smc calls, Transfer Parameters can be carried out by the value X0-X7 of register in core at that time.The specification calling the calling convention meeting SMC of smc, this programme uses and has entity number (OwningEntityNumber in its specification, OEM) item utilizes, X1 transmits the address of target interrupt processing function, after entering safer world EL3 by smc instruction, preserve in EL3.
After security interrupt triggers, enter into the exception vector table of safer world EL3Firmware, walk different branches by the target interrupt number of target interrupt processing function, if interruption corresponding to this target interrupt number is the non-security world perform classification, then walk the flow process of being taken over by the non-security world; Otherwise then walk the flow process of safer world adapter.Different execution world classification corresponding to interrupt number is preset by system, performs world's classification and comprises safer world execution and the execution of the non-security world.
Optionally, if target interrupt processing function is performed by the non-security world, then the interruption context of target location is preserved by EL3 firmware, target interrupt processing function address is transferred to the non-security world simultaneously, wherein, interrupt context and comprise the general-purpose register X0-X30 before interrupting generation, status register, interruption produce the stack pointer in address and the non-security world.
Optionally, the target interrupt processing function in the non-security world can be entered into by an eret assembly instruction by safer world, in this eret assembly instruction, carry the address of target interrupt processing function.Get final product the execution of target approach interrupt processing function according to the address of target interrupt processing function, in performance objective interrupt processing functional procedure, carry out black box record.
After executing target interrupt processing function, be back to safer world, then recover according to the context preserved before, exit treatment scheme thus continue to perform under the non-security world.
Whether the target interrupt processing function that described judgement associates with described exception vector table also comprises before being performed by the non-security world:
Obtain the target interrupt number of the target interrupt processing function associated with described exception vector table;
Whether the target interrupt processing function that described judgement associates with described exception vector table is performed by the non-security world, comprising:
The interrupt processing function corresponding according to each interrupt number pre-set performs world's classification, judges whether the target interrupt processing function that described target interrupt number is corresponding is performed by the non-security world; Described execution world classification comprises safer world and performs or the execution of the non-security world.
Optionally, in safer world, all interrupt number is provided with to each interrupt processing function, obtaining the execution world classification of the target interrupt processing function associated with exception vector table, need the target interrupt number obtaining target interrupt processing function in advance, this target interrupt number is used for this target interrupt function of unique identification.
Optionally, interrupt processing function corresponding to each interrupt number in safer world is all provided with and performs world's classification, performs world's classification and comprises safer world execution or the execution of the non-security world.In each interrupt number pre-set, search the interrupt number mated with target interrupt number, and the execution world classification corresponding with the interrupt number that target interrupt number mates is defined as the execution world classification of target interrupt processing function.
After described execution described target interrupt processing function, also comprise:
If detect, described target interrupt processing function is complete, controls the described non-security world and indicates described target interrupt processing function to be finished by security invocation assembly instruction to described safer world;
Control described safer world according to the data backed up in advance, recover the context data of described target location, and executive system code is continued in the described target location being back to the described non-security world.
Optionally, if detect, target interrupt processing function is complete, and the non-security world enters EL3 level by the instruction of smc synchronous abnormality, and indicating target interrupt processing function is finished, and imports assigned I D into simultaneously, and this assigned I D is used to indicate follow-up processing flow.
Optionally, when smc enters EL3 level synchronous abnormality vector, software, according to the value importing different ID into, walks different process branches.Recover according to the context data of the target location of preserving before again, thus the target location after exiting treatment scheme under the non-security world continues to perform.
If the target interrupt processing function that described target interrupt number is corresponding is performed by safer world, then control described safer world and call and perform described target interrupt processing function.
Optionally, if target interrupt processing function corresponding to target interrupt number pre-set is performed by safer world, then safer world can directly call and performance objective interrupt processing function.
One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-OnlyMemory, ROM) or random store-memory body (RandomAccessMemory, RAM) etc.
Step in embodiment of the present invention method can be carried out order according to actual needs and be adjusted, merges and delete.
Module in embodiment of the present invention terminal or unit can carry out merging, divide and deleting according to actual needs.
The parts such as the microcontroller of the embodiment of the present invention, with universal integrated circuit, as CPU, or can realize with special IC (ApplicationSpecificIntegratedCircuit, ASIC).
Above disclosedly be only present pre-ferred embodiments, certainly can not limit the interest field of the present invention with this, therefore according to the equivalent variations that the claims in the present invention are done, still belong to the scope that the present invention is contained.
Claims (10)
1. an interruption processing method, is characterized in that, comprising:
When system code moves to target location timing generation security interrupt in the non-security world, obtain the exception vector table of safer world;
Judge whether the target interrupt processing function associated with described exception vector table is performed by the non-security world;
If described target interrupt processing function is performed by the non-security world, then control described safer world by the address transfer of described target interrupt processing function to the non-security world;
Control described non-security world target interrupt processing function according to described address search, and perform described target interrupt processing function.
2. the method for claim 1, is characterized in that, the address of described target interrupt processing function is system by ACPI ACPI or synchronous abnormality command to the address of safer world.
3. the method for claim 1, is characterized in that, whether the target interrupt processing function that described judgement associates with described exception vector table also comprises before being performed by the non-security world:
Obtain the target interrupt number of the target interrupt processing function associated with described exception vector table;
Whether the target interrupt processing function that described judgement associates with described exception vector table is performed by the non-security world, comprising:
The interrupt processing function corresponding according to each interrupt number pre-set performs world's classification, judges whether the target interrupt processing function that described target interrupt number is corresponding is performed by the non-security world; Described execution world classification comprises safer world and performs or the execution of the non-security world.
4. method as claimed in claim 3, is characterized in that, after described execution described target interrupt processing function, also comprise:
If detect, described target interrupt processing function is complete, controls the described non-security world and indicates described target interrupt processing function to be finished by security invocation assembly instruction to described safer world;
Control described safer world according to the data backed up in advance, recover the context data of described target location, and executive system code is continued in the described target location being back to the described non-security world.
5. method as claimed in claim 3, it is characterized in that, described method also comprises:
If the target interrupt processing function that described target interrupt number is corresponding is performed by safer world, then control described safer world and call and perform described target interrupt processing function.
6. an interrupt processing device, is characterized in that, comprising:
First acquisition module, for when system code moves to target location timing generation security interrupt in the non-security world, obtains the exception vector table of safer world;
Judge module, for judging whether the target interrupt processing function associated with described exception vector table is performed by the non-security world;
First control module, if be performed by the non-security world for described target interrupt processing function, then controls described safer world by the address transfer of described target interrupt processing function to the non-security world;
Second control module, for controlling described non-security world target interrupt processing function according to described address search, and performs described target interrupt processing function.
7. device as claimed in claim 6, is characterized in that, the address of described target interrupt processing function is system by ACPI ACPI or synchronous abnormality command to the address of safer world.
8. device as claimed in claim 6, it is characterized in that, described device also comprises:
Second acquisition module, for obtaining the target interrupt number of the target interrupt processing function associated with described exception vector table;
Described judge module performs world's classification specifically for the interrupt processing function corresponding according to each interrupt number pre-set, and judges whether the target interrupt processing function that described target interrupt number is corresponding is performed by the non-security world; Described execution world classification comprises safer world and performs or the execution of the non-security world.
9. device as claimed in claim 8, it is characterized in that, described device also comprises:
3rd control module, if complete for described target interrupt processing function being detected, controlling the described non-security world and indicating described target interrupt processing function to be finished by security invocation assembly instruction to described safer world;
4th control module, for controlling described safer world according to the data backed up in advance, recovers the context data of described target location, and executive system code is continued in the described target location being back to the described non-security world.
10. device as claimed in claim 8, it is characterized in that, described device also comprises:
5th control module, if performed by safer world for the target interrupt processing function that described target interrupt number is corresponding, then controls described safer world and calls and perform described target interrupt processing function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510595712.7A CN105224403B (en) | 2015-09-17 | 2015-09-17 | A kind of interruption processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510595712.7A CN105224403B (en) | 2015-09-17 | 2015-09-17 | A kind of interruption processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105224403A true CN105224403A (en) | 2016-01-06 |
| CN105224403B CN105224403B (en) | 2018-09-28 |
Family
ID=54993393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510595712.7A Active CN105224403B (en) | 2015-09-17 | 2015-09-17 | A kind of interruption processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105224403B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108073108A (en) * | 2016-11-14 | 2018-05-25 | Ls 产电株式会社 | For controlling the method for the interruption in inverter |
| CN109240815A (en) * | 2018-08-24 | 2019-01-18 | 珠海格力电器股份有限公司 | A kind of multitask running method, device and equipment of shared storehouse |
| CN113486355A (en) * | 2021-06-29 | 2021-10-08 | 北京紫光展锐通信技术有限公司 | Information storage device, information storage method, communication device, chip and module equipment thereof |
| CN114007906A (en) * | 2019-07-12 | 2022-02-01 | 日立安斯泰莫株式会社 | Safety processing device |
| US11574064B2 (en) * | 2016-03-15 | 2023-02-07 | Huawei Technologies Co., Ltd. | Data input method and apparatus and user equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1070496A (en) * | 1991-08-30 | 1993-03-31 | 英特尔公司 | The transparent system that the automatic pause state restarts interrupts |
| CN1711526A (en) * | 2002-11-18 | 2005-12-21 | Arm有限公司 | Exception types within a secure processing system |
| US20140250540A1 (en) * | 2013-03-01 | 2014-09-04 | Infineon Technologies Ag | Dynamic resource sharing |
| CN104318182A (en) * | 2014-10-29 | 2015-01-28 | 中国科学院信息工程研究所 | Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension |
| CN104573565A (en) * | 2015-01-23 | 2015-04-29 | 宇龙计算机通信科技(深圳)有限公司 | Management method and device of memory on Trust Zone |
-
2015
- 2015-09-17 CN CN201510595712.7A patent/CN105224403B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1070496A (en) * | 1991-08-30 | 1993-03-31 | 英特尔公司 | The transparent system that the automatic pause state restarts interrupts |
| CN1711526A (en) * | 2002-11-18 | 2005-12-21 | Arm有限公司 | Exception types within a secure processing system |
| US20140250540A1 (en) * | 2013-03-01 | 2014-09-04 | Infineon Technologies Ag | Dynamic resource sharing |
| CN104318182A (en) * | 2014-10-29 | 2015-01-28 | 中国科学院信息工程研究所 | Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension |
| CN104573565A (en) * | 2015-01-23 | 2015-04-29 | 宇龙计算机通信科技(深圳)有限公司 | Management method and device of memory on Trust Zone |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11574064B2 (en) * | 2016-03-15 | 2023-02-07 | Huawei Technologies Co., Ltd. | Data input method and apparatus and user equipment |
| CN108073108A (en) * | 2016-11-14 | 2018-05-25 | Ls 产电株式会社 | For controlling the method for the interruption in inverter |
| CN109240815A (en) * | 2018-08-24 | 2019-01-18 | 珠海格力电器股份有限公司 | A kind of multitask running method, device and equipment of shared storehouse |
| CN109240815B (en) * | 2018-08-24 | 2021-07-23 | 珠海格力电器股份有限公司 | Multi-task running method, device and equipment for shared stack |
| CN114007906A (en) * | 2019-07-12 | 2022-02-01 | 日立安斯泰莫株式会社 | Safety processing device |
| CN114007906B (en) * | 2019-07-12 | 2024-03-15 | 日立安斯泰莫株式会社 | Safety processing device |
| CN113486355A (en) * | 2021-06-29 | 2021-10-08 | 北京紫光展锐通信技术有限公司 | Information storage device, information storage method, communication device, chip and module equipment thereof |
| CN113486355B (en) * | 2021-06-29 | 2023-03-14 | 北京紫光展锐通信技术有限公司 | Information storage device, information storage method, communication device, chip and module equipment thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105224403B (en) | 2018-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105224403A (en) | A kind of interruption processing method and device | |
| EP3352083B1 (en) | Debugging method, multi-core processor, and debugging equipment | |
| CN100423013C (en) | Method and apparatus for loading a trustable operating system | |
| CN101788949B (en) | Method and device for realizing embedded type system function monitoring | |
| US10984096B2 (en) | Systems, methods, and apparatus for detecting control flow attacks | |
| US9529750B2 (en) | Service processor (SP) initiated data transaction with bios utilizing interrupt | |
| CN101213518A (en) | System and method to optimize OS context switching by instruction group trapping | |
| CN105279021A (en) | Method and device for executing non-maskable interrupt | |
| EP3241116B1 (en) | Memory access protection using processor transactional memory support | |
| CN111858004A (en) | TEE expansion-based real-time application dynamic loading method and system for computer security world | |
| CN111124728B (en) | Service automatic recovery method, system, readable storage medium and server | |
| CN113010275A (en) | Interrupt processing method and device | |
| CN104391754B (en) | A kind of processing method and processing device of task abnormity | |
| CN111897686A (en) | Server cluster hard disk fault processing method and device, electronic equipment and storage medium | |
| CN104391777A (en) | Cloud platform based on Linux operating system and operation monitoring method and device of cloud platform | |
| CN107066331B (en) | TrustZone-based resource allocation method and equipment | |
| CN101599113A (en) | Driven malware defence method and device | |
| CN113467981A (en) | Exception handling method and device | |
| CN107818034B (en) | Method and device for monitoring running space of process in computer equipment | |
| CN102737198B (en) | Object protection method and device | |
| CN109063516B (en) | Data processor | |
| CN115576734A (en) | Multi-core heterogeneous log storage method and system | |
| CN112673354B (en) | System state detection method, system state device and terminal equipment | |
| CN110837433A (en) | Performance optimization method and device and electronic equipment | |
| CN104317728A (en) | Method and device for safely resetting storage device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |