CN105224403B - A kind of interruption processing method and device - Google Patents
A kind of interruption processing method and device Download PDFInfo
- Publication number
- CN105224403B CN105224403B CN201510595712.7A CN201510595712A CN105224403B CN 105224403 B CN105224403 B CN 105224403B CN 201510595712 A CN201510595712 A CN 201510595712A CN 105224403 B CN105224403 B CN 105224403B
- Authority
- CN
- China
- Prior art keywords
- world
- security
- processing function
- interrupt processing
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The embodiment of the invention discloses a kind of interruption processing method and device, the method includes:When system code the non-security world run to target location timing generate security interrupt when, obtain the exception vector table of safer world;Judge whether executed by the non-security world with the associated target interrupt processing function of the exception vector table;If the target interrupt processing function is executed by the non-security world, controls the safer world and the address of the target interrupt processing function is transmitted to the non-security world;It controls the non-security world and the target interrupt processing function is searched according to described address, and execute the target interrupt processing function.Using the present invention, it can be achieved that the scheduling under OS and shared drive operation, meet the related of OS under the non-security world and access.
Description
Technical field
The present invention relates to electronic technology field more particularly to a kind of interruption processing method and devices.
Background technology
Product business, in the operation that critical zone is locked, is needed to interrupt at this time and be asked when carrying out driving processing
(interrupt request, IRQ) is asked to be shielded, with the influence for preventing service disconnection from being operated to it, but at this time if software
There is the scene of deadlock, then CPU can not then carry out any operation, while interrupting to be shielded and also cannot be introduced at any interruption
Reason.
It needs to propose corresponding solution for above-mentioned scene, in advanced RISC machines (Advanced (Reduced
Instruction Set Computer, RISC) Machines, ARM) in V8 frameworks, system is provided by TrustZone technologies
Source is respectively divided into safer world and the non-security world, and system safety/non-security level is total to as shown in Figure 1, being divided into EL0/1/2/3
4 levels, wherein EL3 only have security level, EL2 to only have non-security level, O/S kernel state to operate under non-security EL1.
Further rely on TrustZone technologies can will the corresponding interrupt number interrupted be configured to security interrupt or it is non-security in
It is disconnected, even if being shielded to IRQ/ fast interrupt requests (fast interrupt request, FIQ) interruption at product business OS
It covers, security interrupt can also trigger, i.e. the triggering of the security interrupt can not be shielded under OS, such as WatchDog Timer interruption is matched
When being set to security interrupt, WatchDog Timer interruption can not be shielded.
In ARM V8 frameworks, timing generates security interrupt and is monitored, and prevents the scene of software deadlock from occurring.Work as safety
Interrupt safer world triggering after, then enter safer world exception vector entrance, and safer world realize and execute with it is different
The associated interrupt processing function of constant vector;When security interrupt is after the non-security world triggers, also it is into safer world EL3's
Exception vector entrance, and realize and execute and the associated interrupt processing function of exception vector in the EL3 levels of safer world.
This mode, all execution of interrupt processing function are in the EL3 security levels of safer world, and safer world
The scheduling that cannot achieve under OS of EL3 levels and shared drive operation, and safer world and the non-security world use it is different
Page table configures, and cannot be satisfied the related of OS under the non-security world and accesses.
Invention content
A kind of interruption processing method of offer of the embodiment of the present invention and device can will be closed with the exception vector table of safer world
The target interrupt processing function of connection turns to be executed by the non-security world, to realize scheduling and the shared drive operation under OS, meets
The related of OS accesses under the non-security world.
First aspect of the embodiment of the present invention provides a kind of interruption processing method, it may include:
When system code the non-security world run to target location timing generate security interrupt when, obtain safer world
Exception vector table;
Judge whether executed by the non-security world with the associated target interrupt processing function of the exception vector table;
If the target interrupt processing function is executed by the non-security world, the safer world is controlled by the target
The address of interrupt processing function is transmitted to the non-security world;
It controls the non-security world and the target interrupt processing function is searched according to described address, and execute the target
Interrupt processing function.
Based in a first aspect, in the first feasible embodiment of first aspect, the target interrupt processing function
Address be that system is transmitted to the address of safer world by advanced configuration and power interface ACPI or synchronous abnormality instruction.
Based in a first aspect, in second of feasible embodiment of first aspect, the judgement and the exception to
Before whether the associated target interrupt processing function of scale is executed by the non-security world, further include:
Obtain the target interrupt number with the associated target interrupt processing function of the exception vector table;
Whether the judgement is executed by the non-security world with the associated target interrupt processing function of the exception vector table, packet
It includes:
World's classification is executed according to the corresponding interrupt processing function of pre-set each interrupt number, is judged in the target
Whether a disconnected number corresponding target interrupt processing function is executed by the non-security world;Execution world classification includes that safer world is held
The capable or non-security world executes.
Second of feasible embodiment based on first aspect, in the third feasible embodiment of first aspect
In, after the execution target interrupt processing function, further include:
If detecting, the target interrupt processing function executes completion, controls the non-security world and is converged by security invocation
It compiles instruction and indicates that the target interrupt processing function is finished to the safer world;
The safer world is controlled according to the data backed up in advance, restores the context data of the target location, and return
The target location for being back to the non-security world continues to execute system code.
Second of feasible embodiment based on first aspect, in the 4th kind of feasible embodiment of first aspect
In, the method further includes:
If the corresponding target interrupt processing function of the target interrupt number is executed by safer world, the safe generation is controlled
It calls and executes the target interrupt processing function in boundary.
Second aspect of the present invention provides a kind of interrupt processing device, including:
First acquisition module is run in the non-security world to target location timing generation security interrupt for working as system code
When, obtain the exception vector table of safer world;
Judgment module, for whether judging with the associated target interrupt processing function of the exception vector table by non-security generation
Boundary executes;
First control module, if for the target interrupt processing function being executed by the non-security world, described in control
The address of the target interrupt processing function is transmitted to the non-security world by safer world;
Second control module searches the target interrupt processing letter for controlling the non-security world according to described address
Number, and execute the target interrupt processing function.
Based on second aspect, in the first feasible embodiment of second aspect, the target interrupt processing function
Address be that system is transmitted to the address of safer world by advanced configuration and power interface ACPI or synchronous abnormality instruction.
Based on second aspect, in second of feasible embodiment of second aspect, described device further includes:
Second acquisition module is interrupted for obtaining with the target of the associated target interrupt processing function of the exception vector table
Number;
The judgment module is specifically used for executing generation according to the corresponding interrupt processing function of pre-set each interrupt number
Boundary's classification, judges whether the corresponding target interrupt processing function of the target interrupt number is executed by the non-security world;The execution
World's classification includes that safer world execution or the non-security world execute.
Based on second of feasible embodiment of second aspect, in the third feasible embodiment of second aspect,
Described device further includes:
Third control module, if for detecting that the target interrupt processing function executes completion, control is described non-security
The world indicates that the target interrupt processing function is finished by security invocation assembly instruction to the safer world;
4th control module restores the target location for controlling the safer world according to the data backed up in advance
Context data, and the target location for being back to the non-security world continues to execute system code.
Based on second of feasible embodiment of second aspect, in the 4th kind of feasible embodiment of second aspect,
Described device further includes:
5th control module, if being held by safer world for the corresponding target interrupt processing function of the target interrupt number
Row, then control the safer world and call and execute the target interrupt processing function.
In the embodiment of the present invention, security interrupt is generated when system code is run in the non-security world to target location timing
When, the exception vector table of safer world is obtained, whether is judged with the associated target interrupt processing function of the exception vector table by non-
Safer world executes, if the target interrupt processing function is executed by the non-security world, controlling safer world will be at target interruption
The address of reason function is transmitted to the non-security world, controls the non-security world according to the address search to target interrupt processing function,
And execute the target interrupt processing function, this mode can by at the associated target interruption of the exception vector table of safer world
Reason function turns to be executed by the non-security world, to realize scheduling and the shared drive operation under OS, meets OS under the non-security world
Related access.
Description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the invention, for ability
For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 is a kind of ARM V8 configuration diagrams provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of interruption processing method provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another interruption processing method provided in an embodiment of the present invention;
Fig. 4 is a kind of application scenarios schematic diagram of the specific software of combination provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of interrupt processing device provided in an embodiment of the present invention;
Fig. 6 is a kind of hardware structure schematic diagram provided in an embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without creative efforts
Example, shall fall within the protection scope of the present invention.
Fig. 1 is please referred to, is a kind of ARM V8 configuration diagrams provided in an embodiment of the present invention, as shown, the system tray
Structure includes that the non-security world and safer world are divided into abnormal level wherein safe/non-security level is as shown below
Totally 4 levels, wherein EL3 only have security level, EL2 there was only non-security level, OS to (Exception Level, EL) 0/1/2/3
Kernel state operates under the EL1 in the non-security world.By TrustZone technologies can will corresponding interrupt number be configured to security interrupt or
Non-security interruption, even if being shielded to IRQ/FIQ interruptions at product business OS, security interrupt can also trigger, i.e. under OS
The triggering of the interruption, such as WatchDog Timer can not be shielded.
After security interrupt triggering, the security interrupt can not be directly entered the non-security world EL1 configured under OS it is abnormal to
Entrance processing is measured, and is into the exception vector entrance of safer world EL3, which is initialized by safer world, and
The safer world of EL3 levels cannot achieve scheduling under OS and shared drive operation, and (OS just may be implemented in the only non-security world
Under scheduling and shared drive), and safer world and the non-security world are configured using different page tables, cannot be satisfied non-security
The related of OS accesses under the world, such as log recording operation.Therefore, the embodiment of the present invention proposes a kind of interruption for this problem
Processing method can need to execute in the non-security world when with the associated target interrupt processing function of the exception vector of safer world
When, the address of the target interrupt processing function is transmitted to the non-security world by safer world, and being executed by the non-security world should
The address of target interrupt processing function, the target interrupt processing function is transferred to safer world by system in advance.This mode can
To realize scheduling and the shared drive under OS, while the related of OS under the non-security world can be met and accessed.
Below in conjunction with attached drawing 2 to attached drawing 4, interruption processing method provided in an embodiment of the present invention is introduced and is said
It is bright.
Fig. 2 is please referred to, is a kind of flow diagram of interruption processing method provided in an embodiment of the present invention;As shown in Fig. 2,
The interruption processing method includes:
S200, when system code is when the non-security world runs and generates security interrupt to target location timing, acquisition is safe
The exception vector table in the world;
In the embodiment of the present invention, software deadlock, system can periodically generate security interrupt, obtain safer world in order to prevent
Exception vector table prevents software deadlock to handle corresponding problem, and software deadlock is to lock in critical zone, by IRQ
Interruption is shielded, but deadlock occurs in the software in processor at this time, can not be run, and processor cannot then carry out any behaviour
Make, other interruptions can not be handled.In the present embodiment, timing generates security interrupt, obtains the exception vector table of safer world, from
And can pinpoint the problems in time, it is then handled, prevents software deadlock.
Interruption refer to when needing, i.e., down trigger when, the execution that CPU temporarily ceases present procedure transfers to execute processing
The program of new situation.For example, in program operation process, the case where system occurs one and must be immediately treated by CPU, this
When, the execution that CPU temporarily stops program transfers to handle this news.Interrupt a kind of asynchronous exception at last.
Interruption is divided into IRQ and FIQ, and the interruption usually used in operating system level is IRQ, be generally used for it is non-security in
It is disconnected.And FIQ is generally used for quick response interruption, is generally used for security interrupt.Security interrupt in this programme is into EL3 peaces
The interruption of whole world processing, therefore be FIQ, configuring FIQ to security interrupt, security interrupt routes to EL3 processing after generating, and
Obtain the exception vector table of safer world.
S201 judges whether executed by the non-security world with the associated target interrupt processing function of the exception vector table;
In the embodiment of the present invention, judge with the associated target interrupt processing function of exception vector table of safer world whether by
The non-security world executes.It should be noted that before interruption is enabled, system OS first passes through advanced configuration and power interface
(advanced configuration and power interface, ACPI) or security invocation monitor (secure
Monitor call, smc) address of the target interrupt processing function passes to security level EL3 by synchronous abnormality instruction.
Smc is the assembly instruction of a security invocation, is that the CPU based on ARM64 frameworks enters peace by the non-security world
Global synchronous abnormality instruction.When executing smc calling, the value X0-X7 that can pass through register in core at that time is carried out
Transfer Parameters.The calling of smc meets SMC and specification, this programme is called to use the entity number (Owning defined in its specification
Entity Number, OEM) item, the address of X1 transmission target interrupt processing functions enters safer world EL3 by smc instructions
Afterwards, it is preserved in EL3.
After security interrupt triggering, the exception vector table of safer world EL3Firmware is entered, at target interruption
The target interrupt number of reason function walks different branches, if corresponding interrupt of the target interrupt number is that the non-security world executes classification,
Then walk the flow taken over by the non-security world;It is on the contrary then walk the flow that safer world is taken over.Execution corresponding to different interrupt numbers
World's classification is preset by system, and it includes that safer world executes and the execution of the non-security world to execute world's classification.
S202 controls the safer world by institute if the target interrupt processing function is executed by the non-security world
The address for stating target interrupt processing function is transmitted to the non-security world;The address of the target interrupt processing function passes through for system
Advanced configuration and power interface ACPI or synchronous abnormality instruction are transmitted to the address of safer world.
In the embodiment of the present invention, if target interrupt processing function is executed by the non-security world, EL3 firmwares are by target position
The interruption context set is preserved, while target interrupt processing function address is transmitted to the non-security world, wherein in interruption
The general register X0-X30 included below interrupted before generating, status register interrupt the heap for generating address and the non-security world
Stack pointer.
S203 controls the non-security world and searches the target interrupt processing function according to described address, and executes institute
State target interrupt processing function.
In the embodiment of the present invention, the mesh in the non-security world can be entered by safer world by an eret assembly instruction
Interrupt processing function is marked, the address of target interrupt processing function is carried in the eret assembly instructions.According to target interrupt processing letter
Several addresses can enter the execution of target interrupt processing function, and black box note is carried out in performance objective interrupt processing functional procedure
Record.
After having executed target interrupt processing function, be back to safer world, then according to previously stored context into
Row restores, and exits process flow to be continued to execute under the non-security world.
In the embodiment of the present invention, security interrupt is generated when system code is run in the non-security world to target location timing
When, the exception vector table of safer world is obtained, whether is judged with the associated target interrupt processing function of the exception vector table by non-
Safer world executes, if the target interrupt processing function is executed by the non-security world, controlling safer world will be at target interruption
The address of reason function is transmitted to the non-security world, controls the non-security world according to the address search to target interrupt processing function,
And execute the target interrupt processing function, this mode can by at the associated target interruption of the exception vector table of safer world
Reason function turns to be executed by the non-security world, to realize scheduling and the shared drive operation under OS, meets OS under the non-security world
Related access.
Fig. 3 is please referred to, is the flow diagram of another interruption processing method provided in an embodiment of the present invention;Such as Fig. 3 institutes
Show, the interruption processing method includes:
S300, when system code is when the non-security world runs and generates security interrupt to target location timing, acquisition is safe
The exception vector table in the world;
Step of embodiment of the present invention S300 please refers to the embodiment step S200 of Fig. 2, and details are not described herein.
S301 obtains the target interrupt number with the associated target interrupt processing function of the exception vector table;
In the embodiment of the present invention, interrupt number is provided with to each interrupt processing function in safer world, obtain with it is different
The execution world classification of the associated target interrupt processing function of constant vector table needs the mesh for obtaining target interrupt processing function in advance
Interrupt number is marked, the target interrupt number is for the unique mark target interrupt function.
S302 executes world's classification, described in judgement according to the corresponding interrupt processing function of pre-set each interrupt number
Whether the corresponding target interrupt processing function of target interrupt number is executed by the non-security world;Execution world classification includes safety
The world executes or the non-security world executes.
In the embodiment of the present invention, execution generation is provided with to the corresponding interrupt processing function of each interrupt number in safer world
Boundary's classification, it includes that safer world execution or the non-security world execute to execute world's classification.In pre-set each interrupt number
Middle lookup and the matched interrupt number of target interrupt number, and will the execution world corresponding with the matched interrupt number of target interrupt number classification
It is determined as the execution world classification of target interrupt processing function.
S303 controls the safer world by institute if the target interrupt processing function is executed by the non-security world
The address for stating target interrupt processing function is transmitted to the non-security world;
S304 controls the non-security world and searches the target interrupt processing function according to described address, and executes institute
State target interrupt processing function.
Step of embodiment of the present invention S303-S304 please refers to the embodiment step S202-S203 of Fig. 2, and details are not described herein.
S305, if detecting, the target interrupt processing function executes completion, controls the non-security world and passes through safety
Assembly instruction is called to indicate that the target interrupt processing function is finished to the safer world;
In the embodiment of the present invention, if detecting, target interrupt processing function executes completion, and the non-security world is synchronized by smc
Exceptional instructions enter EL3 levels, and instruction target interrupt processing function is finished, while incoming specified ID, which is used for
Indicate follow-up processing flow.
S306 controls the safer world according to the data backed up in advance, restores the context data of the target location,
And the target location for being back to the non-security world continues to execute system code.
In the embodiment of the present invention, when smc enters EL3 level synchronous abnormality vectors, software is according to incoming different ID's
Value, walks different processing branches.Restored further according to the context data of previously stored target location, to exit processing
Target location after flow under the non-security world continues to execute.
S307, if the corresponding target interrupt processing function of the target interrupt number is executed by safer world, described in control
Safer world calls and executes the target interrupt processing function.
In the embodiment of the present invention, if it is by safe generation that the corresponding target interrupt processing function of target interrupt number is pre-set
Boundary executes, then safer world can directly invoke simultaneously performance objective interrupt processing function.
In the embodiment of the present invention, security interrupt is generated when system code is run in the non-security world to target location timing
When, the exception vector table of safer world is obtained, whether is judged with the associated target interrupt processing function of the exception vector table by non-
Safer world executes, if the target interrupt processing function is executed by the non-security world, controlling safer world will be at target interruption
The address of reason function is transmitted to the non-security world, controls the non-security world according to the address search to target interrupt processing function,
And execute the target interrupt processing function, this mode can by at the associated target interruption of the exception vector table of safer world
Reason function turns to be executed by the non-security world, to realize scheduling and the shared drive operation under OS, meets OS under the non-security world
Related access.
Fig. 4 is please referred to, is a kind of application scenarios schematic diagram of the specific software of combination provided in an embodiment of the present invention, in non-peace
Global EL1 levels, OS system codes are run to when timing generates security interrupt at A, into EL3 safer worlds it is abnormal to
Scale, while safer world EL3 preserves the context at A, generally general register X0-X30, interrupts generation address
ELR_EL3, SPSR_EL3;
Then judged whether by non-security generation according to the interrupt number with the associated target interrupt processing function of exception vector table
Boundary executes;
If not executing (being to be executed by safer world) by the non-security world, then simultaneously performance objective is called by safer world
Then interrupt processing function interrupts context and restores, finally return to continuing to execute at the A in the non-security world;
If being executed by the non-security world, the abnormal return addresses modification ELR_EL3 are the target interrupt processing that system is transmitted
The address of function is that the address of target interrupt processing function is transmitted to the non-security world.The context of preservation is connected simultaneously
Same SP_EL0, SP_EL1, SP_EL2 are preserved, and are backed up;
Non-security world's performance objective interrupt processing function is instructed by smc when target interrupt processing function is finished
It is called, into EL3, and incoming specified ID;
The instruction of Smc synchronous abnormalities enters EL3, is grouped into corresponding processing according to instruction ID, in handling branched program
The context that target location is carried out according to backup restores;
Synchronous abnormality is back at the A in the non-security world and continues to execute.
5 to attached drawing 6 below in conjunction with the accompanying drawings, illustrates the specific implementation of interrupt processing device provided in an embodiment of the present invention.
Fig. 5 is please referred to, is a kind of structural schematic diagram of interrupt processing device provided in an embodiment of the present invention, as shown in figure 5,
A kind of interrupt processing device described in the present embodiment includes:First acquisition module 100, judgment module 101, the first control module
102 and second control module 103.
First acquisition module 100 is run in the non-security world to target location timing generation safety for working as system code
When interruption, the exception vector table of safer world is obtained;
In the embodiment of the present invention, software deadlock, system can periodically generate security interrupt, the first acquisition module in order to prevent
100 obtain the exception vector table of safer world, are critical to handle corresponding problem to prevent software deadlock, software deadlock
Area locks, and IRQ interruptions is shielded, but deadlock occurs in the software in processor at this time, can not run, processor is then
Any operation cannot be carried out, other interruptions can not be handled.In the present embodiment, timing generates security interrupt, obtains safer world
Exception vector table then handled so as to pinpoint the problems in time, prevent software deadlock.
Interruption refer to when needing, i.e., down trigger when, the execution that CPU temporarily ceases present procedure transfers to execute processing
The program of new situation.For example, in program operation process, the case where system occurs one and must be immediately treated by CPU, this
When, the execution that CPU temporarily stops program transfers to handle this news.Interrupt a kind of asynchronous exception at last.
Interruption is divided into IRQ and FIQ, and the interruption usually used in operating system level is IRQ, be generally used for it is non-security in
It is disconnected.And FIQ is generally used for quick response interruption, is generally used for security interrupt.Security interrupt in this programme is into EL3 peaces
The interruption of whole world processing, therefore be FIQ, configuring FIQ to security interrupt, security interrupt routes to EL3 processing after generating, and
Obtain the exception vector table of safer world.
Judgment module 101, for whether judging with the associated target interrupt processing function of the exception vector table by non-peace
The whole world executes;
In the embodiment of the present invention, judgment module 101 judges at the associated target interruption of exception vector table with safer world
Whether reason function is executed by the non-security world.It should be noted that before interruption is enabled, system OS first passes through advanced configuration and electricity
Source interface (advanced configuration and power interface, ACPI) or security invocation monitoring
The address of the target interrupt processing function is passed to security level by the instruction of (secure monitor call, smc) synchronous abnormality
EL3。
Smc is the assembly instruction of a security invocation, is that the CPU based on ARM64 frameworks enters peace by the non-security world
Global synchronous abnormality instruction.When executing smc calling, the value X0-X7 that can pass through register in core at that time is carried out
Transfer Parameters.The calling of smc meets SMC and specification, this programme is called to use the entity number (Owning defined in its specification
Entity Number, OEM) item, the address of X1 transmission target interrupt processing functions enters safer world EL3 by smc instructions
Afterwards, it is preserved in EL3.
After security interrupt triggering, the exception vector table of safer world EL3Firmware is entered, at target interruption
The target interrupt number of reason function walks different branches, if corresponding interrupt of the target interrupt number is that the non-security world executes classification,
Then walk the flow taken over by the non-security world;It is on the contrary then walk the flow that safer world is taken over.Execution corresponding to different interrupt numbers
World's classification is preset by system, and it includes that safer world executes and the execution of the non-security world to execute world's classification.
First control module 102 controls institute if for the target interrupt processing function being executed by the non-security world
It states safer world and the address of the target interrupt processing function is transmitted to the non-security world;
In the embodiment of the present invention, if target interrupt processing function is executed by the non-security world, EL3 firmwares are by target position
The interruption context set is preserved, at the same the first control module 102 target interrupt processing function address is transmitted to it is non-security
The world, wherein it includes the general register X0-X30 interrupted before generating to interrupt context, and status register interrupts generation address
With the stack pointer in the non-security world.
Second control module 103 is searched according to described address at the target interruption for controlling the non-security world
Function is managed, and executes the target interrupt processing function.
In the embodiment of the present invention, the mesh in the non-security world can be entered by safer world by an eret assembly instruction
Interrupt processing function is marked, the address of target interrupt processing function is carried in the eret assembly instructions.Second control module, 103 basis
The address of target interrupt processing function can enter the execution of target interrupt processing function, performance objective interrupt processing functional procedure
Middle progress black box subrecord.
After having executed target interrupt processing function, be back to safer world, then according to previously stored context into
Row restores, and exits process flow to be continued to execute under the non-security world.
Optionally, which can also include the second acquisition module 104;
Second acquisition module 104, for obtaining and the target of the associated target interrupt processing function of the exception vector table
Interrupt number;
In the embodiment of the present invention, interrupt number is provided with to each interrupt processing function in safer world, second obtains mould
Block 104 is obtaining the execution world classification with the associated target interrupt processing function of exception vector table, needs to obtain target in advance
The target interrupt number of interrupt processing function, the target interrupt number is for the unique mark target interrupt function.
The judgment module 101 is specifically used for being executed according to the corresponding interrupt processing function of pre-set each interrupt number
World's classification, judges whether the corresponding target interrupt processing function of the target interrupt number is executed by the non-security world;It is described to hold
Row world classification includes that safer world execution or the non-security world execute.
In the embodiment of the present invention, execution generation is provided with to the corresponding interrupt processing function of each interrupt number in safer world
Boundary's classification, it includes that safer world execution or the non-security world execute to execute world's classification.In pre-set each interrupt number
Middle lookup and the matched interrupt number of target interrupt number, and will the execution world corresponding with the matched interrupt number of target interrupt number classification
It is determined as the execution world classification of target interrupt processing function.
Further alternative, which can also include third control module 105 and the 4th control module 106;
If third control module 105 controls the non-peace for detecting that the target interrupt processing function executes completion
The whole world indicates that the target interrupt processing function is finished by security invocation assembly instruction to the safer world;
In the embodiment of the present invention, if detecting, target interrupt processing function executes completion, and third control module 105 controls non-
Safer world enters EL3 levels by the instruction of smc synchronous abnormalities, and instruction target interrupt processing function is finished, is passed to simultaneously
Specified ID, the specified ID are used to indicate follow-up processing flow.
4th control module 106 restores the target position for controlling the safer world according to the data backed up in advance
The context data set, and the target location for being back to the non-security world continues to execute system code.
In the embodiment of the present invention, when smc enters EL3 level synchronous abnormality vectors, software is according to incoming different ID's
Value, walks different processing branches.4th control module 106 carries out extensive further according to the context data of previously stored target location
It is multiple, it is continued to execute to exit the target location after process flow under the non-security world.
Further alternative, which further includes the 5th control module 107;
5th control module 107, if for the corresponding target interrupt processing function of the target interrupt number by safer world
It executes, then controls the safer world and call and execute the target interrupt processing function.
In the embodiment of the present invention, if it is by safe generation that the corresponding target interrupt processing function of target interrupt number is pre-set
Boundary executes, then the 5th control module 107 control safer world can directly invoke simultaneously performance objective interrupt processing function.
In the embodiment of the present invention, security interrupt is generated when system code is run in the non-security world to target location timing
When, the exception vector table of safer world is obtained, whether is judged with the associated target interrupt processing function of the exception vector table by non-
Safer world executes, if the target interrupt processing function is executed by the non-security world, controlling safer world will be at target interruption
The address of reason function is transmitted to the non-security world, controls the non-security world according to the address search to target interrupt processing function,
And execute the target interrupt processing function, this mode can by at the associated target interruption of the exception vector table of safer world
Reason function turns to be executed by the non-security world, to realize scheduling and the shared drive operation under OS, meets OS under the non-security world
Related access.
Fig. 6 is please referred to, is a kind of hardware architecture diagram provided in an embodiment of the present invention, as shown, the hardware structure includes
Central processing unit (Central Processing Unit, CPU), such as 64 arm processors, the hardware structure further include interior
It deposits, memory is connect by main memory access 0 and main memory access 1 with processor respectively, and processor also passes through serial peripheral structure and base
This input-output system connects, and for processor by physical chip and network interface connection, processor further includes multimedia card interface, should
Interface connects multimedia card or flash card.The processor can also pass through serial connecting small computer system interface hard disk.
Memory is used to call the program code stored in memory to execute interruption processing method for storing program code, processor;
When system code the non-security world run to target location timing generate security interrupt when, obtain safer world
Exception vector table;
Judge whether executed by the non-security world with the associated target interrupt processing function of the exception vector table;
If the target interrupt processing function is executed by the non-security world, the safer world is controlled by the target
The address of interrupt processing function is transmitted to the non-security world;
It controls the non-security world and the target interrupt processing function is searched according to described address, and execute the target
Interrupt processing function.
Optionally, software deadlock, system can periodically generate security interrupt, obtain the exception vector of safer world in order to prevent
Table is to lock in critical zone to handle corresponding problem to prevent software deadlock, software deadlock, and IRQ is interrupted and is carried out
Shielding, but there is deadlock in the software in processor at this time, can not run, and processor cannot then carry out any operation, can not
Handle other interruptions.In the present embodiment, timing generate security interrupt, obtain the exception vector table of safer world, so as to and
When pinpoint the problems, then handled, prevent software deadlock.
Interruption refer to when needing, i.e., down trigger when, the execution that CPU temporarily ceases present procedure transfers to execute processing
The program of new situation.For example, in program operation process, the case where system occurs one and must be immediately treated by CPU, this
When, the execution that CPU temporarily stops program transfers to handle this news.Interrupt a kind of asynchronous exception at last.
Interruption is divided into IRQ and FIQ, and the interruption usually used in operating system level is IRQ, be generally used for it is non-security in
It is disconnected.And FIQ is generally used for quick response interruption, is generally used for security interrupt.Security interrupt in this programme is into EL3 peaces
The interruption of whole world processing, therefore be FIQ, configuring FIQ to security interrupt, security interrupt routes to EL3 processing after generating, and
Obtain the exception vector table of safer world.
Optionally, judge the associated target interrupt processing function of exception vector table with safer world whether by non-security generation
Boundary executes.It should be noted that before interruption is enabled, system OS first passes through advanced configuration and power interface (advanced
Configuration and power interface, ACPI) or security invocation monitoring (secure monitor call,
Smc) address of the target interrupt processing function is passed to security level EL3 by synchronous abnormality instruction.
Smc is the assembly instruction of a security invocation, is that the CPU based on ARM64 frameworks enters peace by the non-security world
Global synchronous abnormality instruction.When executing smc calling, the value X0-X7 that can pass through register in core at that time is carried out
Transfer Parameters.The calling of smc meets SMC and specification, this programme is called to use the entity number (Owning defined in its specification
Entity Number, OEM) item, the address of X1 transmission target interrupt processing functions enters safer world EL3 by smc instructions
Afterwards, it is preserved in EL3.
After security interrupt triggering, the exception vector table of safer world EL3Firmware is entered, at target interruption
The target interrupt number of reason function walks different branches, if corresponding interrupt of the target interrupt number is that the non-security world executes classification,
Then walk the flow taken over by the non-security world;It is on the contrary then walk the flow that safer world is taken over.Execution corresponding to different interrupt numbers
World's classification is preset by system, and it includes that safer world executes and the execution of the non-security world to execute world's classification.
Optionally, if target interrupt processing function is executed by the non-security world, EL3 firmwares are by the interruption of target location
Context is preserved, while target interrupt processing function address is transmitted to the non-security world, wherein interrupting context includes
The general register X0-X30 before generating is interrupted, status register interrupts the stack pointer for generating address and the non-security world.
Optionally, the target interruption in the non-security world can be entered by safer world by an eret assembly instruction
Function is managed, the address of target interrupt processing function is carried in the eret assembly instructions.According to the address of target interrupt processing function
The execution of target interrupt processing function can be entered, black box subrecord is carried out in performance objective interrupt processing functional procedure.
After having executed target interrupt processing function, be back to safer world, then according to previously stored context into
Row restores, and exits process flow to be continued to execute under the non-security world.
Whether the judgement by the non-security world executes it with the associated target interrupt processing function of the exception vector table
Before, further include:
Obtain the target interrupt number with the associated target interrupt processing function of the exception vector table;
Whether the judgement is executed by the non-security world with the associated target interrupt processing function of the exception vector table, packet
It includes:
World's classification is executed according to the corresponding interrupt processing function of pre-set each interrupt number, is judged in the target
Whether a disconnected number corresponding target interrupt processing function is executed by the non-security world;Execution world classification includes that safer world is held
The capable or non-security world executes.
Optionally, interrupt number is provided with to each interrupt processing function in safer world, in acquisition and exception vector table
The execution world classification of associated target interrupt processing function needs the target for obtaining target interrupt processing function in advance to interrupt
Number, the target interrupt number is for the unique mark target interrupt function.
Optionally, the corresponding interrupt processing function of each interrupt number is provided in safer world and executes world's classification,
It includes that safer world execution or the non-security world execute to execute world's classification.In pre-set each interrupt number search with
The matched interrupt number of target interrupt number, and the execution world corresponding with the matched interrupt number of target interrupt number classification is determined as mesh
Mark the execution world classification of interrupt processing function.
After the execution target interrupt processing function, further include:
If detecting, the target interrupt processing function executes completion, controls the non-security world and is converged by security invocation
It compiles instruction and indicates that the target interrupt processing function is finished to the safer world;
The safer world is controlled according to the data backed up in advance, restores the context data of the target location, and return
The target location for being back to the non-security world continues to execute system code.
Optionally, if detecting, target interrupt processing function executes completion, and the non-security world is instructed by smc synchronous abnormalities
Into EL3 levels, instruction target interrupt processing function is finished, while incoming specified ID, which is used to indicate subsequently
Process flow.
Optionally, when smc enters EL3 level synchronous abnormality vectors, software walks difference according to the value for being passed to different ID
Processing branch.Restored further according to the context data of previously stored target location, to exit after process flow
Target location under the non-security world continues to execute.
If the corresponding target interrupt processing function of the target interrupt number is executed by safer world, the safe generation is controlled
It calls and executes the target interrupt processing function in boundary.
Optionally, if the corresponding target interrupt processing function of target interrupt number it is pre-set be to be executed by safer world,
Then safer world can directly invoke simultaneously performance objective interrupt processing function.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer read/write memory medium
In, the program is when being executed, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The steps in the embodiment of the present invention can be sequentially adjusted, merged and deleted according to actual needs.
Module or unit in terminal of the embodiment of the present invention can be combined, divided and deleted according to actual needs.
The components such as the microcontroller of the embodiment of the present invention, can be with universal integrated circuit, such as CPU, or with special integrated electricity
Road (Application Specific Integrated Circuit, ASIC) is realized.
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly
It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.
Claims (10)
1. a kind of interruption processing method, which is characterized in that including:
When system code the non-security world run to target location timing generate security interrupt when, obtain the exception of safer world
Vector table;
Judge whether executed by the non-security world with the associated target interrupt processing function of the exception vector table;
If the target interrupt processing function is executed by the non-security world, controls the safer world and interrupt the target
The address of processing function is transmitted to the non-security world;
It controls the non-security world and the target interrupt processing function is searched according to described address, and execute the target and interrupt
Handle function.
2. the method as described in claim 1, which is characterized in that the address of the target interrupt processing function is that system passes through height
Grade configuration is transmitted to the address of safer world with power interface ACPI or synchronous abnormality instruction.
3. the method as described in claim 1, which is characterized in that the judgement is interrupted with the associated target of the exception vector table
Before function is handled whether by the execution of the non-security world, further include:
Obtain the target interrupt number with the associated target interrupt processing function of the exception vector table;
Whether the judgement is executed by the non-security world with the associated target interrupt processing function of the exception vector table, including:
World's classification is executed according to the corresponding interrupt processing function of pre-set each interrupt number, judges the target interrupt number
Whether corresponding target interrupt processing function is executed by the non-security world;Execution world classification include safer world execute or
The non-security world of person executes.
4. method as claimed in claim 3, which is characterized in that after the execution target interrupt processing function, also wrap
It includes:
If detecting, the target interrupt processing function executes completion, controls the non-security world and is referred to by security invocation compilation
It enables to the safer world and indicates that the target interrupt processing function is finished;
The safer world is controlled according to the data backed up in advance, restores the context data of the target location, and be back to
The target location in the non-security world continues to execute system code.
5. method as claimed in claim 3, which is characterized in that the method further includes:
If the corresponding target interrupt processing function of the target interrupt number is executed by safer world, the safer world tune is controlled
With and execute the target interrupt processing function.
6. a kind of interrupt processing device, which is characterized in that including:
First acquisition module, for when system code the non-security world run to target location timing generate security interrupt when,
Obtain the exception vector table of safer world;
Judgment module, for judging whether held by the non-security world with the associated target interrupt processing function of the exception vector table
Row;
First control module controls the safety if for the target interrupt processing function being executed by the non-security world
The address of the target interrupt processing function is transmitted to the non-security world by the world;
Second control module searches the target interrupt processing function for controlling the non-security world according to described address,
And execute the target interrupt processing function.
7. device as claimed in claim 6, which is characterized in that the address of the target interrupt processing function is that system passes through height
Grade configuration is transmitted to the address of safer world with power interface ACPI or synchronous abnormality instruction.
8. device as claimed in claim 6, which is characterized in that described device further includes:
Second acquisition module, for obtaining and the target interrupt number of the associated target interrupt processing function of the exception vector table;
The judgment module is specifically used for executing world's class according to the corresponding interrupt processing function of pre-set each interrupt number
Not, judge whether the corresponding target interrupt processing function of the target interrupt number is executed by the non-security world;The execution world
Classification includes that safer world execution or the non-security world execute.
9. device as claimed in claim 8, which is characterized in that described device further includes:
If third control module controls the non-security world for detecting that the target interrupt processing function executes completion
Indicate that the target interrupt processing function is finished to the safer world by security invocation assembly instruction;
4th control module restores the upper of the target location for controlling the safer world according to the data backed up in advance
Context data, and the target location for being back to the non-security world continues to execute system code.
10. device as claimed in claim 8, which is characterized in that described device further includes:
5th control module, if being executed by safer world for the corresponding target interrupt processing function of the target interrupt number,
The safer world is controlled to call and execute the target interrupt processing function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510595712.7A CN105224403B (en) | 2015-09-17 | 2015-09-17 | A kind of interruption processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510595712.7A CN105224403B (en) | 2015-09-17 | 2015-09-17 | A kind of interruption processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105224403A CN105224403A (en) | 2016-01-06 |
| CN105224403B true CN105224403B (en) | 2018-09-28 |
Family
ID=54993393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510595712.7A Active CN105224403B (en) | 2015-09-17 | 2015-09-17 | A kind of interruption processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105224403B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105825128B (en) * | 2016-03-15 | 2020-05-19 | 华为技术有限公司 | Data input method and device and user equipment |
| KR101936565B1 (en) * | 2016-11-14 | 2019-01-09 | 엘에스산전 주식회사 | Method for controlling interrupt in inverter |
| CN109240815B (en) * | 2018-08-24 | 2021-07-23 | 珠海格力电器股份有限公司 | Multi-task running method, device and equipment for shared stack |
| JP7177272B2 (en) * | 2019-07-12 | 2022-11-22 | 日立Astemo株式会社 | Security processor |
| CN113486355B (en) * | 2021-06-29 | 2023-03-14 | 北京紫光展锐通信技术有限公司 | Information storage device, information storage method, communication device, chip and module equipment thereof |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1070496A (en) * | 1991-08-30 | 1993-03-31 | 英特尔公司 | The transparent system that the automatic pause state restarts interrupts |
| CN1711526A (en) * | 2002-11-18 | 2005-12-21 | Arm有限公司 | Exception types within a secure processing system |
| CN104318182A (en) * | 2014-10-29 | 2015-01-28 | 中国科学院信息工程研究所 | Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension |
| CN104573565A (en) * | 2015-01-23 | 2015-04-29 | 宇龙计算机通信科技(深圳)有限公司 | Management method and device of memory on Trust Zone |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9536075B2 (en) * | 2013-03-01 | 2017-01-03 | Infineon Technologies Ag | Dynamic resource sharing |
-
2015
- 2015-09-17 CN CN201510595712.7A patent/CN105224403B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1070496A (en) * | 1991-08-30 | 1993-03-31 | 英特尔公司 | The transparent system that the automatic pause state restarts interrupts |
| CN1711526A (en) * | 2002-11-18 | 2005-12-21 | Arm有限公司 | Exception types within a secure processing system |
| CN104318182A (en) * | 2014-10-29 | 2015-01-28 | 中国科学院信息工程研究所 | Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension |
| CN104573565A (en) * | 2015-01-23 | 2015-04-29 | 宇龙计算机通信科技(深圳)有限公司 | Management method and device of memory on Trust Zone |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105224403A (en) | 2016-01-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105224403B (en) | A kind of interruption processing method and device | |
| US10949247B2 (en) | Systems and methods for auditing a virtual machine | |
| US10032024B2 (en) | System and method for virtual partition monitoring | |
| CN101256503B (en) | Method and apparatus for multithreaded guest operating system execution through a multithreaded host virtual machine monitor | |
| JP5697206B2 (en) | System, method and program for protecting against unauthorized access | |
| US10984096B2 (en) | Systems, methods, and apparatus for detecting control flow attacks | |
| US7870443B2 (en) | Method to isolate crash of an embedded multi-threaded application to a shared library call without core dump files or debugger | |
| EP2979211B1 (en) | Protecting software application | |
| CN107301082B (en) | Method and device for realizing integrity protection of operating system | |
| CN111858004A (en) | TEE expansion-based real-time application dynamic loading method and system for computer security world | |
| US10540524B2 (en) | Memory access protection using processor transactional memory support | |
| CN105279021A (en) | Method and device for executing non-maskable interrupt | |
| CN114676424B (en) | Container escape detection and blocking method, device, equipment and storage medium | |
| US20180025158A1 (en) | System and method for detecting malware in a stream of bytes | |
| CN103294956A (en) | Method and device for processing behaviors on Windows platform | |
| CN101599113A (en) | Driven malware defence method and device | |
| CN114595462A (en) | Data processing method and device | |
| CN112231198B (en) | Malicious process debugging method and device, electronic equipment and medium | |
| CN107066331B (en) | TrustZone-based resource allocation method and equipment | |
| EP3462356B1 (en) | Using indirection to facilitate software upgrades | |
| CN102122330A (en) | ''In-VM'' malicious code detection system based on virtual machine | |
| WO2014004212A1 (en) | Timer for hardware protection of virtual machine monitor runtime integrity watcher | |
| CN107818034A (en) | The method and device of the running space of process in monitoring calculation machine equipment | |
| Zhang et al. | Brief industry paper: SylixOS: a secure and compatible RTOS with constant scheduling on SMP | |
| Molyakov | Token scanning as a new scientific approach in the creation of protected systems: A new generation OS MICROTEK |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |