CN115333861B - Data transmission method, related equipment and computer readable storage medium - Google Patents
Data transmission method, related equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN115333861B CN115333861B CN202211248716.4A CN202211248716A CN115333861B CN 115333861 B CN115333861 B CN 115333861B CN 202211248716 A CN202211248716 A CN 202211248716A CN 115333861 B CN115333861 B CN 115333861B
- Authority
- CN
- China
- Prior art keywords
- tlp
- field
- target device
- target
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/30—Peripheral units, e.g. input or output ports
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2213/00—Indexing scheme relating to interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F2213/0026—PCI express
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Small-Scale Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The method includes the steps of receiving a TLP (TLP) firstly, wherein the obtained TLP comprises a first field indicating the security attribute of the TLP and a second field indicating the address of a target device to which the TLP needs to arrive, if the obtained address of the target device belongs to a preset address range corresponding to each port in a switching device, determining the target device based on the address of the target device, and further sending the TLP to the target device under the condition that the target device is a security device and the security attribute of the TLP is secure.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data transmission method, a related device, and a computer-readable storage medium.
Background
PCIe (Peripheral Component Interconnect express) is a high-speed serial computer expansion bus standard, and is widely used in computer systems. PCIe bus belongs to high-speed serial point-to-point double-channel high-bandwidth transmission bus, and the connected devices distribute independent channel bandwidth without sharing bus bandwidth, thereby having the characteristic of high transmission rate.
A PCIe bus system is generally composed of PCIe nodes of types such as an RC (Root Complex device), a Switch device (Switch), and an EP (Endpoint) device. The RC device is a root of the bus, and a Memory (Memory), a processor (CPU), and the like may be connected to the bus through the RC device; the EP device is a generic name of various types of external devices, such as a PCIe network card, a PCIe graphics card, and the like, and the EP device may implement some specific functions according to requirements; switch is a PCIe Switch for extending the PCIe interface.
The switching device is used as a middleware between the RC device and the EP device and is responsible for transmitting data between the RC device and the EP device. The inventor researches and discovers that data security in the communication process is not designed in the PCIe bus standard, so that the data security problem exists when data transmission based on a switching device is involved.
Disclosure of Invention
In view of this, the present application is directed to provide a data transmission method, a related device and a computer-readable storage medium, which are used for transmitting a message based on a communication device and a security attribute of the message, so as to implement a targeted design of data security, and help to improve the security of data transmission.
In a first aspect, the present application provides a data transmission method applied to a PCIe bus system, where the PCIe bus system includes a root complex RC device, a switch device, and at least one endpoint EP device, the switch device includes an upstream port and at least one downstream port, and each port has a preset address range correspondingly, the method includes:
receiving a transaction layer data packet (TLP) message;
wherein the TLP includes a first field and a second field, the first field indicates a security attribute of the TLP, and the second field indicates a destination device address to which the TLP needs to arrive;
if the target equipment address belongs to the preset address range corresponding to each port, determining target equipment based on the target equipment address;
and sending the TLP to the target device when the target device is determined to be a security device and the security attribute of the TLP is security.
In the application, the TLP carries the security attribute, and the TLP is sent to the target device only when the target device is the security device and the security attribute of the TLP is secure, so that not only can differentiated processing of the packet be realized based on the security attribute, but also targeted design of data security can be realized, which is beneficial to improving security of data transmission.
In a possible implementation manner, the data transmission method provided in the first aspect of the present application further includes: and shielding the TLP packet under the condition that the target device is determined to be a secure device and the security attribute of the TLP packet is non-secure.
In this application, in the case that the target device is a secure device, if the security attribute of the TLP is non-secure, the TLP obtained by shielding is shielded, that is, the TLP is not forwarded to the target device, so that the target device is prevented from processing the non-secure packet, and the possibility of data security problem caused by processing the non-secure packet is effectively reduced.
In a possible implementation manner, the data transmission method provided in the first aspect of the present invention further includes: and sending the TLP to the target device when the target device is determined to be an insecure device.
In the application, the target device is a non-secure device, and the security requirement for data processing is low, the method does not determine the security attribute of the TLP any more, omits the processes of extracting the first field code value and determining the security attribute of the TLP based on the first field code value, but directly forwards the TLP to the target device, so that the data transmission efficiency can be effectively improved on the premise of ensuring the basic data transmission requirement, and meanwhile, the data processing pressure of the switching device is reduced.
In a possible implementation manner, the TLP is processed through a common execution environment REE carried by the target device.
In the application, the target device is a non-secure device, the security attributes of the TLP are not distinguished, the TLP is obtained by directly processing the REEs carried by the target device, and the data transmission efficiency is high.
In a possible implementation manner, the TLP is processed by a trusted execution environment TEE installed in the target device.
In this application, under the condition that the target device is a security device and the security attribute of the TLP is security, the security of the TLP processing process and the target device can be effectively ensured by processing the obtained TLP through the TEE.
In a possible implementation manner, the TLP is provided by an RC device or an EP device;
if the TLP is provided by the RC device, the target device includes the EP device;
if the TLP is provided by the EP device, the target device includes an RC device.
In this application, target devices of TLPs in different transmission paths are limited, and data transmission processes in different transmission paths are protected.
In a possible implementation manner, if the target device address does not belong to the preset address range corresponding to each port, the TLP is masked.
In this application, if the address of the target device does not belong to the preset address range corresponding to each port, that is, the TLP does not hit any port of the switching device, the obtained TLP is shielded from being forwarded, so that on one hand, propagation of an invalid packet in the bus system can be effectively avoided, and the packet transmission efficiency is improved, on the other hand, each PCIe node can be prevented from receiving the invalid packet, and protection is provided for each PCIe node in the bus system, which is beneficial to improving the security of PCIe node operation.
In a possible implementation manner, the first field includes a TC field in a TLP header of the TLP;
the code value of the second field is determined based on a third field of the TLP, where the third field includes an Fmt field and a Type field in a TLP header of the TLP.
In the application, a specific implementation manner of indicating the security attribute of the TLP and indicating the destination device address to which the TLP needs to reach is provided, and the transfer of the related information is implemented by using the existing field of the TLP, so that not only can the security of the data transmission process be improved, but also the existing PCIe bus protocol can be compatible, and the application is wide.
In a second aspect, the present invention provides a data transmission apparatus, applied to a PCIe bus system, where the PCIe bus system includes a root complex RC device, a switch device, and at least one endpoint EP device, the switch device includes an upstream port and at least one downstream port, and each port has a preset address range, and the apparatus includes:
a receiving unit, configured to receive a transaction layer packet TLP;
the TLP includes a first field and a second field, the first field indicates a security attribute of the TLP, and the second field indicates a destination device address to which the TLP needs to arrive;
the processing unit is used for determining target equipment based on the target equipment address if the target equipment address belongs to the preset address range corresponding to each port;
a first sending unit, configured to send the TLP to the target device when it is determined that the target device is a secure device and a security attribute of the TLP is secure.
In a third aspect, the present invention provides a computer apparatus comprising:
a memory to store instructions;
a processor for executing the data transmission method according to any one of the first aspect of the present invention according to instructions stored in the memory.
In a fourth aspect, the invention provides a computer-readable storage medium storing a computer program which, when executed, implements the data transmission method according to any one of the first aspects of the invention.
In a fifth aspect, the present application further provides a computer program, where the computer program includes program instructions, and when the program instructions are executed by a processor, the processor executes the data transmission method provided in any one of the above first aspects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a block diagram of a topology of a PCIe bus system.
Fig. 2 is a schematic view illustrating an application scenario of a PCIe bus system.
Fig. 3 is a schematic diagram illustrating an application scenario of another PCIe bus system.
Fig. 4 is a flowchart of a data transmission method according to an embodiment of the present invention.
Fig. 5a and 5b are schematic structural diagrams of a TLP header in a TLP.
Fig. 6a and 6b are schematic structural diagrams of another TLP header in a TLP.
Fig. 7 is a schematic structural diagram of another TLP header in a TLP.
Fig. 8 is a block diagram illustrating a data transmission apparatus according to an embodiment of the present invention.
Fig. 9 is a block diagram illustrating another data transmission apparatus according to an embodiment of the present invention.
Fig. 10 is a block diagram illustrating a structure of another data transmission apparatus according to an embodiment of the present invention.
Fig. 11 is a block diagram of a further data transmission apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
PCIe (Peripheral Component Interconnect express) is a high-speed serial computer expansion bus standard, which is commonly used for communication between a processor and high-speed Peripheral devices, and in practical applications, a PCIe bus system includes a plurality of components connected to each other point-to-point. Referring to the topology structure diagram of the PCIe bus system shown in fig. 1, the PCIe bus system generally adopts a tree topology, and the aforementioned interconnected components mainly include PCIe nodes of the types of CPU (processor or processor core), root Complex (RC) device, switch device (Switch), PCIe-PCI Bridge (PCIe-PCI Bridge), and Endpoint (EP) device. In addition, a Memory (Memory) may be included in the PCIe bus system.
In a typical CPU + accelerator heterogeneous computing system, the RC device is located between the CPU and the PCIe topology, is connected to the CPU upward through a bus, and manages nodes in each PCIe tree topology downward. As shown in fig. 1, PCIe nodes include switching devices, EP devices, and the like. The RC equipment has the main functions of completing address conversion from a memory domain to a PCIe bus domain, and is also the root of the PCIe bus system, the PCIe bus system and peripheral interfaces can be integrated into the RC equipment, a plurality of PCIe interfaces can be led out, and each interface can be connected with a PCIe node. The RC device can obtain the request information transmitted by the PCIe node, so as to access the memory, and correspondingly, the RC device can also send the request information of the processor to the EP device mounted on the system, thereby implementing communication between the processor and the EP device.
The EP device may be understood as a device that implements an independent function in the PCIe bus system, and different EP devices often support different functions, so that the PCIe bus system as a whole can support diverse application functions. In practical applications, EP devices having a typical meaning include a video card, a network card, and the like, and meanwhile, similar to the RC device, the EP device can be used as an initiator or a responder of PCIe transactions in practical applications.
The primary role of a PCIe-PCI bridge is to effectively comply with the second generation Peripheral Component Interconnect (PCI) standard, which is capable of supporting two functions: 1. the PCIe bus system can be converted, so that a PCI bus is obtained, and the PCI bus is stably connected with the PCI equipment. 2. The PCI bus can be effectively converted, so that a PCIe bus is obtained and is connected with the PCIe nodes.
The switching device serves as an intermediate between the RC device and the EP device, and its main role is to be responsible for transmitting data between the RC device and the EP device, and generally not serving as an initiator or an ultimate recipient of a request. Meanwhile, the PCIe link can be expanded through the switching equipment, and each data link of the PCIe bus only covers two pieces of equipment, which inevitably cannot meet the data transmission requirement, so that the PCIe bus can be expanded through the switching equipment.
It is understood that fig. 1 is only a structural example of a system on chip, and in other examples, the system on chip may also include a switch device, or the switch device may also be disposed inside the system on chip, which is not described herein again. Further, in another possible implementation, the switch device may be further integrated with any EP device, and the PCIe node obtained by the integrated configuration may be regarded as an EP device having the function of the switch device.
Based on the above, referring to the application scenario of the PCIe bus system shown in fig. 2, the processor may be connected to multiple RC devices simultaneously, the RC devices may be numbered in advance according to a sequence for distinguishing and managing, and the RC devices are directly connected to the EP device in a point-to-point manner. On the basis of the application scenario shown in fig. 2, referring to fig. 1, more EP devices are mounted by setting a switching device, which is specifically shown in fig. 3 and will not be expanded in detail here.
In practical applications, processors typically traverse the tree structure of the PCIe bus system using a depth First search (BFS) algorithm. During enumeration, firstly scanning a device on a Bus (Bus) 0; as shown in fig. 2, first, RC0 is scanned, for example, an Identity Document (ID), such as a Vendor ID, is read to determine whether a device currently exists, if so, the type of the device is determined by reading a specified register in a configuration space, that is, it is determined whether the current PCIe node is an EP device or an RC device, and after it is determined that the node is an RC device, a downstream BUS number of the RC0 device is set as a BUS (BUS) 1; continuing to scan downwards, and then scanning to find out EP0 equipment, because the EP equipment is terminal equipment, after the enumeration scanning of the branch is finished, returning to the upper-level bus (here, bus 0) for continuous scanning; this is repeated until all PCIe nodes mounted on the PCIe bus system are found.
After undergoing the standard flow of PCIe node identification, the EP device may be directly connected in communication with the RC device or connected in communication with the RC device through the switch device, and finally connected to the processor, the memory, and the like through the RC device, so as to implement data transmission between the processor and the memory. Generally, a PCIe bus system includes two data transmission methods: direct Memory Access (DMA) and programmable Input-Output (PIO), wherein, in DMA mode, data transfers are not handled by the processor; in the PIO mode, data transfers are handled in units of bytes or more by the processor executing I/O port instructions.
Generally, when an RC device or an EP device is used as an initiator of data transmission, the RC device or the EP device encapsulates data to be transmitted into an Advanced eXtensible Interface (AXI) Packet, converts the AXI Packet into a corresponding Transaction Layer Packet (TLP) Packet, and transmits the TLP Packet in the form of a TLP in the whole PCIe bus system. Correspondingly, when the RC device or the EP device is used as a receiver of data transmission, after receiving the TLP, the TLP needs to be converted into a corresponding AXI packet, and finally, data to be transmitted is obtained by analyzing the AXI packet.
It should be emphasized that no matter which data transmission mode of DMA and PIO is adopted in practical application, in the case where a switching device is provided between the RC device and the EP device, data transmission between the RC device and the EP device is performed by the switching device. As shown in fig. 3, the switch device includes an upstream port and at least one downstream port (shown by 3 downstream ports in fig. 3), and in order to implement efficient and accurate packet transmission, each port of the switch device has a preset address range, based on which, for any port of the switch device, the PCIe bus system allocates a specific device address to any PCIe node connected to the port during initialization, and data transmission can be performed with the corresponding PCIe node through the device address. In other words, for any PCIe node, if the device address of the PCIe node belongs to the preset address range corresponding to a port in the switch device, it may be determined that the PCIe node establishes a communication connection with the corresponding port.
Further, both the upstream port and the downstream port of the switching device support the PCIe bus standard, specifically, the RC device is connected to the upstream port of the switching device, and the downstream port of the switching device is connected to the corresponding EP device. As can be seen from the foregoing, all packets that the switching device is responsible for transmitting are TLPs conforming to the PCIe bus standard. The inventor finds that, in the PCIe bus standard, data security in a communication process is not specifically designed, and therefore, when data transmission implemented based on a switching device is involved, for example, an RC device sends a TLP to the switching device, and the switching device further forwards the resulting TLP to a downstream EP device, a data security problem exists.
In order to solve the problem, the present invention provides a data transmission method, which is applied to a PCIe bus system, and is specifically applied to a switching device in the PCIe bus system, and of course, in a case that the switching device and an on-chip system to which an RC device belongs are integrally configured, or the switching device and any EP device are integrally configured, the method provided by the present invention is also applied to the on-chip system integrating the switching device function and a PCIe node integrating the switching device function, a TLP received by the switching device includes a first field indicating a security attribute of the TLP and a second field indicating a destination device address to which the TLP needs to arrive, and after determining a destination device based on the second field, if the destination device is a security device and the security attribute of the TLP is secure, the TLP is sent to the destination device, and the TLP carries the security attribute in the TLP of the method, and only in a case that the destination device is a security device and the security attribute of the TLP is secure, the TLP is sent to the destination device, which not only can implement differential processing of the packets based on the security attribute, but also can implement targeted design of data security, and is beneficial to improving security of data transmission.
Based on the above, referring to fig. 4, the flow of the data transmission method provided in this embodiment may include:
s100, receiving a TLP message.
As described above, the switching device serves as a middleware between the RC device and the EP device, and is mainly responsible for transmitting data between the RC device and the EP device, and an initiator of a data transmission process may be either the RC device or the EP device.
As known from PCIe standard specification, a TLP mainly includes three parts, namely, a TLP Header (Header), a Data (Data) and a Cyclic Redundancy Check (CRC) field. The TLP header plays a very critical role in implementing the TLP, the TLP header may be subdivided into a plurality of fields, and the information carried by different fields is often different, for example, the relevant information of the sender, the relevant information of the packet receiver, the TLP type, the packet routing mode, the routing information corresponding to the routing mode, the data length, and the like may be recorded.
Specifically, in the TLP received by the switching device in this embodiment, the TLP includes a first field used for indicating the security attribute of the TLP, and the code value of the first field may be any one of multiple code values. The first code value indicates that the security attribute of the TLP is the first security attribute, and correspondingly, the second code value indicates that the security attribute of the TLP is the second security attribute. Generally, the first security attribute is secure and corresponds to a data processing requirement with a stricter and higher security requirement, and the second security attribute is non-secure (or can be understood as a common one) and corresponds to a data processing requirement with a looser and lower security requirement.
In an alternative embodiment, the first field in the TLP may be implemented by selecting a TC field in the TLP header. For example, when the code value of the TC field is 1, the security attribute of the TLP is indicated as secure, and correspondingly, when the code value of the TC field is 0, the security attribute of the TLP is indicated as non-secure.
The TLP received by the switching device further includes a second field, where the second field is used to indicate a destination device address to which the TLP needs to arrive. As can be seen from the foregoing, if the TLP comes from the RC device in the PCIe bus system, the destination device address may be a device address of a certain EP device in the bus system, and if the TLP comes from the EP device in the PCIe bus system, the destination device address may be a device address of the RC device. The specific form of the device address for the PCIe node and the specific role in this application will be further developed and will not be described in detail here.
S110, judging whether the target device address belongs to a preset address range corresponding to each port of the switching device, if so, executing S120, and if not, executing S160.
As described above, for any port of the switch device, the PCIe bus system assigns a specific device address to any PCIe node connected to the port during initialization, and can perform data transmission with the corresponding PCIe node through the device address. In other words, for any PCIe node connected to a port of the switch device, its device address must fall within the predetermined address range of its own connected port. Based on this, if the destination device address indicated by the second field in the TLP belongs to the preset address range corresponding to each port of the switching device, it may be determined that the device to which the TLP needs to arrive actually establishes a communication connection with the switching device. In practical applications, if the device address indicated by the second field of the TLP belongs to the preset address range of the port, it is called that the TLP hits the port.
The PCIe node device address includes multiple specific implementation manners in practical application, which implementation manner is specifically sampled in the packet transmission process, and is determined by the routing manner of the TLP, and the PCIe node device address is introduced in combination with the routing manner of the TLP in the following.
The TLP further includes a third field, where the third field is used to indicate a routing manner corresponding to the TLP, and in practical application, the third field may include an Fmt field and a Type field of a TLP header in the TLP. The aforementioned second field is recorded with routing information that matches the routing manner indicated by the third field, and of course, the routing information is a device address carried in the TLP, and the actual length of the second field corresponds to the specific routing manner indicated by the third field.
Specifically, the Routing modes of the TLP mainly include an ID Routing (ID Routing), an Address Routing (Address Routing) and an implicit Routing (explicit Routing), and in practical application, a matching Routing mode needs to be selected in combination with a specific type of the TLP. Specifically, referring to table 1, table 1 shows a matching correspondence between a TLP type and a routing manner.
TABLE 1
It should be noted that table 1 is only an illustration of a matching relationship between a part of TLP types and routing manners, and in practical applications, each routing manner may also be used for transmission of TLPs not embodying other types in table 1. For example, except that the configuration information read/write packet may be transmitted by using an ID route, the "vector _ Defined Messages" packet, cpl packet, cplD packet in the PCIe protocol may also be transmitted based on the ID route, which is not listed here one by one, and may be implemented by referring to the related technology.
It should be further noted that, for a sending side of a TLP, whether the sending side is an RC device or an EP device, before encapsulating the TLP, a routing manner matched with the packet type may be determined based on the type of the TLP to be encapsulated and a PCIe node to which the TLP arrives.
The ID routing, the address routing, the implicit routing, and the specific bearer of the routing information corresponding to each routing method in the TLP header are described below.
For the ID routing, the carrying manner in the TLP header is shown in fig. 5a and fig. 5b, wherein the TLP using the ID routing can be divided into a TLP header with a length of 3DW (Double Word) and a TLP header with a length of 4DW, the TLP header with a length of 3DW is shown in fig. 5a, and the TLP header with a length of 4DW is shown in fig. 5 b. Further, in the examples shown in fig. 5a and 5b, the second fields in the TLP packet, that is, byte8 and Byte9 of the TLP header, are used to record routing information, where the routing information is specifically a BDF identifier (Bus, device, function) of the PCIe node.
It can be understood that, in practical applications, a plurality of PCIe nodes are often mounted on the PCIe bus system, and in order to effectively distinguish the PCIe nodes and ensure accuracy of data transmission, the PCIe bus system allocates unique device identification information, i.e., BDF identification, to each function of each PCIe node mounted on the system. For the specific configuration of the BDF flag, the Bus (Bus) field is composed of 8 bits, the Device (Dev) field is composed of 5 bits, and the Function (Function) is composed of 3 bits. Thus, the PCIe protocol supports 256 Bus in total, 32 devs per Bus, and 8 Func per Dev. Through the BDF identification, the differentiation and identification of any function of any PCIe node in the PCIe bus system topology can be realized, and therefore, the ID routing is also called BDF routing.
As described above, the PCIe bus system includes two data transmission paths, namely, a DMA and a PIO, in the PIO path, the processor sends configuration data to the EP device through the RC device, that is, sends a TLP of configuration information write type to the EP device, in this case, the TLP obtained by the switching device adopts ID routing, and meanwhile, BDF information carried in the TLP is a destination device address to which the TLP needs to arrive.
It is further conceivable that, in the DMA path, the EP device sends a data packet to the processor through the RC device, and usually belongs to the memory write packet listed in table 1, so address routing is usually adopted, and a target PCIe node (which will be specifically developed in subsequent content) is determined by an address in a corresponding field, and if a BDF identifier is still carried in the TLP, in this case, the BDF identifier in the packet is used to indicate that a data source is determined.
For address routing, the carrying manner in the TLP header is as shown in fig. 6a and 6b, wherein, similar to the ID routing, the TLP using the address routing can be divided into a TLP header with a length of 3DW and a TLP header with a length of 4DW, where fig. 6a shows the TLP header with the length of 3DW, and fig. 6b shows the TLP header with the length of 4DW. Further, in the example shown in fig. 6a, the second field in the TLP includes the partial bits in Byte8, byte9, byte10 and Byte11, and correspondingly, in the example shown in fig. 6b, the second field includes the partial bits in Byte8-Byte14 and Byte 15. In the case of using the routing manner of address routing, the routing information recorded in the second field in the TLP is specifically a mapping address of the internal space of the PCIe node in the memory, and may also be simply understood as a space address of the PCIe node. It is to be understood that 32-bit address information is recorded in fig. 6a, and 64-bit address information is recorded in fig. 6 b.
As shown in table 1, the memory read/write TLP and the IO device read/write TLP use address routing, specifically, for the memory read/write TLP, 32-bit address information or 64-bit address information may be used, and for the IO device read/write TLP, only 32-bit address information may be used.
For implicit routing, the bearer manner in the TLP header is as shown in fig. 7, generally, the implicit routing can only be used for routing TLPs of message types, and the TLP header lengths of TLPs adopting the implicit routing are all 4 DWs. When a downstream device in the PCIe bus system needs to perform data transfer to an upstream device, or when the RC device sends a TLP to the EP device in a broadcast manner, implicit routing may be adopted. As for the specific implementation manner of the implicit routing in practical application, reference may be made to related art implementation, and the implementation is not expanded here.
It should be noted that the data transmission method provided by the present application is mainly used for solving the security problem when the PCIe bus system performs data transmission, and does not include a TLP of a message type, so that processing of a TLP by using implicit routing is not involved.
In combination with the above, the device address of the PCIe node described in this embodiment mainly includes two implementation manners, one is a BDF identifier, and the other is a space address of the PCIe node, and accordingly, the preset address range of each port of the switch device may be an address range formed by the BDF identifier, or may be a space address range, which is feasible in practical application.
In a possible implementation manner, after receiving the TLP, the switching device first extracts a field value of the third field, determines a routing manner of the TLP, further determines a field range of the second field according to the routing manner, and extracts a field value in the corresponding field range, so as to obtain routing information, that is, an address of a destination device to which the TLP needs to arrive. Further, if the switching device determines that the destination device address indicated by the second field of the TLP belongs to the preset address range corresponding to each port of the switching device, it indicates that the switching device is connected with a corresponding PCIe node, and then S120 is performed, and conversely, if the switching device determines that the destination device address indicated by the TLP does not belong to the preset address range corresponding to each port, S160 is performed.
And S120, determining the target equipment based on the target equipment address.
It can be understood that the preset address range corresponding to each port of the switching device includes multiple device addresses, each device address may correspond to a corresponding PCIe node, and in this embodiment, the PCIe node corresponding to the destination device address of the TLP obtained by the switching device in each device address is the destination device.
In a possible implementation manner, a correspondence between the device address and the PCIe node may be established, and after the target device address in the TLP is extracted, the target device corresponding to the target device address may be determined by querying the correspondence.
It can be understood that, as mentioned above, the PCIe bus system includes two data transmission paths, i.e., a PIO path and a DMA path, in the PIO path, the RC device generally serves as an initiator of data transmission, that is, a TLP comes from the RC device, in this case, the target device is generally an EP device; correspondingly, in the DMA path, the EP device is usually used as an initiator of data transmission, that is, the TLP comes from the EP device, and in this case, the target device is usually an RC device.
S130, judging whether the target equipment is safety equipment, if so, executing S140, and if not, executing S150.
In a possible implementation manner, a corresponding relationship between PCIe nodes and security attributes may be created in advance in the switching device, that is, whether any PCIe node is a secure device or a non-secure device may be explicitly known through the corresponding relationship, and based on this, after the switching device determines the target device through the foregoing steps, the switching device queries the corresponding relationship, that is, may determine whether the target device is a secure device or a non-secure device; in another possible embodiment, a corresponding register may be set inside the switch device, one bit of the register corresponds to one PCIe node, and further characterizes the security attribute of the corresponding PCIe node by different values, for example, a PCIe node may be represented as a secure device by 1, and correspondingly, the PCIe node is represented as a non-secure device by 0, based on which, after the switch device determines the target device through the foregoing steps, the switch device queries the register storage bit corresponding to the target device, and determines whether the target device is a secure device or a non-secure device based on the value of the storage empty bit. Of course, in practical applications, the security attributes of the PCIe nodes may also be recorded in other manners, and are not expanded one by one here.
Furthermore, any switching device in the PCIe bus system may be connected with at least one PCIe node, and in the system power-on initialization process, the switching device may determine the specific number of the connected PCIe nodes and may also obtain and record the security attribute of each PCIe node, so that for the switching device, the security attribute of each PCIe node connected thereto may be determined explicitly. The specific manner of acquiring and recording the security attributes of the PCIe nodes is not limited in the present invention.
It should be emphasized that, if the target device is a secure device, it indicates that the target device has higher security requirements for data transmission and processing, and to improve the data processing and the security of the target device itself, it should be avoided to send the non-secure TLP to the target device, so that, in the case that the target device is a secure device, S140 needs to be further executed to determine the security attribute of the TLP to determine whether to send the TLP to the target device.
On the contrary, if the target device is a non-secure device, it indicates that the security requirement of the target device for data transmission and processing is low, and certainly, it may also indicate that the security requirement of the target device is also low, so that, in the case that the target device is a non-secure device, it is not necessary to continuously determine the security attribute of the TLP, that is, no matter whether the security attribute of the TLP is secure or non-secure, S150 is directly executed, and the TLP is sent to the target device.
S140, determining whether the security attribute of the TLP is secure, if so, performing S150, and if not, performing S160.
If the target device is determined to be a security device, further determining whether the security attribute of the TLP is secure, extracting, by combining the foregoing, a field value of a first field in the TLP by the switching device, determining the security attribute of the TLP according to the field value of the first field, and if the security attribute of the TLP is secure, performing S150, otherwise, if the security attribute of the TLP is non-secure, performing S160.
S150, sending the TLP message to the target device.
In practical applications, any PCIe node may be loaded with a normal Execution Environment (REE) and a Trusted Execution Environment (TEE), and these two Execution environments are set independently; accordingly, in another possible implementation, the PCIe node may only be loaded with the normal execution environment. Taking an EP device as an example, in one possible implementation, the EP device may be loaded with a common execution environment and a trusted execution environment, and the two execution environments are set independently; in one possible embodiment, the EP device may be loaded with only a common execution environment. Correspondingly, for the RC device, the execution environment may also be loaded according to the actual application requirement, that is, the normal execution environment and the trusted execution environment are loaded at the same time, or only the normal execution environment is loaded.
For a PCIe node that only mounts one execution environment, the hardware resources that any access request (i.e., the process of processing the packet) can access and use are the same, and conversely, for a PCIe node that mounts two execution environments, different access requests need to be responded to by different execution environments. Generally, access requests with high security requirements need to be responded to by the trusted execution environment, and access requests with low security requirements can be responded to by the normal execution environment.
Based on the above, when it is determined that the target device is a secure device and the security attribute of the TLP is secure, the TLP is sent to the target device, and the target device processes the obtained TLP through a TEE installed in the target device. The specific process of processing the TLP by the target device through the TEE is not limited in the present invention.
For the PCIe node with higher requirements on data transmission, processing, and resource security of itself, only a secure TLP can be processed, in this embodiment, the switching device determines the security attributes of the target device and the TLP, and only when the security attributes of the target device and the TLP are both secure, the TLP is forwarded to the target device, so that the non-secure TLP can be effectively prevented from reaching the target device, and the security of the target device and the data processing process is further ensured.
It can be understood that, in practical applications, not all PCIe nodes have higher security requirements for data processing and device security of themselves, and therefore, the TLP may be directly sent to the target device when the target device is determined to be a non-secure device in S130. For the non-secure target device, after obtaining the TLP, the security attribute of the TLP may be processed by the REE, or the security attribute of the TLP may be processed by the REE.
Based on the above, for PCIe nodes with lower security, the method does not determine the security attribute of the TLP any more, omits the process of extracting the first field code value and determining the security attribute of the TLP based on the first field code value, but directly forwards the TLP to the target device, so that on the premise of ensuring the basic data transmission requirement, the data transmission efficiency can be effectively improved, and meanwhile, the data processing pressure of the switching device is reduced.
And S160, shielding the TLP message.
As shown in fig. 4, the situations of TLP shielding mainly include two types: first, the destination device address indicated by the second field of the TLP does not belong to the preset address range corresponding to each port of the switching device; second, in the case that the target device is a secure device, the security attribute of the TLP is insecure.
For the first case, the destination device address carried in the TLP does not belong to the preset address range corresponding to each port of the switching device, which indicates that the TLP does not hit any port of the switching device, and in this case, the switching device obviously cannot forward the obtained TLP, and can only process the obtained TLP according to an unsupported request, that is, mask the obtained TLP.
For the second case, as described above, if the target device is a secure device, it indicates that the security requirement of the target device for data transmission and processing is high, and the target device only processes a TLP with a secure attribute being secure, thereby preventing the TLP with a secure attribute being non-secure from affecting the secure operation of the target device.
In summary, in the data transmission method provided by the present invention, the first field of the TLP indicates the security attribute of the packet, the second field indicates the address of the target device to which the TLP needs to arrive, after the target device is determined based on the address of the target device, it is further determined whether the target device is a secure device, and the transmission process of the TLP is determined based on the matching condition between the security attribute of the TLP and the security attribute of the target device, so as to implement differential processing of the TLP, and at the same time, it can be effectively ensured that the target device receives the TLP matched with its security attribute, and it is avoided that the target device with the security attribute processes a non-secure packet, and the security of the target device and the packet processing process is effectively ensured, and meanwhile, for the target device with the non-secure attribute, the security attribute of the packet is not further determined, but the packet is directly forwarded to the target device for processing, which is beneficial to improve the efficiency of data processing.
The data transmission device provided by the invention belongs to the same application concept as the data transmission method provided by the embodiment of the application, can execute the data transmission method provided by any embodiment of the application, and has the corresponding functional modules and beneficial effects of executing the data transmission method. For details of the data transmission method provided in the embodiments of the present application, reference may be made to the technical details not described in detail in the embodiments of the present application.
The data transmission apparatus provided in each embodiment of the present invention is applied to a PCIe bus system, and an optional configuration of the bus system may refer to the embodiment shown in fig. 1, specifically, the PCIe bus system includes an RC device, a switch device, and at least one EP device, the switch device includes an upstream port and at least one downstream port, each port has a preset address range, referring to fig. 8, and the data transmission apparatus provided in this embodiment may include:
a receiving unit 10, configured to receive a transaction layer packet TLP;
the TLP includes a first field and a second field, the first field indicates a security attribute of the TLP, and the second field indicates a destination device address to which the TLP needs to arrive;
the processing unit 20 is configured to determine, if the address of the target device belongs to a preset address range corresponding to each port, the target device based on the address of the target device;
a first sending unit 30, configured to send the TLP to the target device when it is determined that the target device is a secure device and the security attribute of the TLP is secure.
In a possible implementation manner, referring to fig. 9, fig. 9 is a block diagram of another data transmission device provided in an embodiment of the present invention, and based on the embodiment shown in fig. 8, the data transmission device provided in this embodiment further includes:
the first shielding unit 40 is configured to shield the TLP when the target device is determined to be a secure device and the security attribute of the TLP is insecure.
In a possible implementation manner, referring to fig. 10, fig. 10 is a block diagram of a structure of another data transmission device provided in an embodiment of the present invention, and based on the embodiment shown in fig. 8, the data transmission device provided in this embodiment further includes:
a second sending unit 50, configured to send the TLP to the target device when the target device is determined to be the non-secure device.
In a possible implementation manner, referring to fig. 11, fig. 11 is a block diagram of a structure of another data transmission apparatus provided in an embodiment of the present invention, and based on the embodiment shown in fig. 8, the data transmission apparatus provided in this embodiment further includes:
the second shielding unit 60 is configured to shield the TLP if the destination device address does not belong to the preset address range corresponding to each port.
In one possible implementation, the present invention also provides a computer device comprising:
a memory to store instructions;
and the processor is used for executing the data transmission method provided by any one of the previous embodiments according to the instructions stored in the memory.
In a possible embodiment, the present invention further provides a data transmission system, which includes the computer device provided in the foregoing embodiment, and other devices communicatively connected to the computer device.
In some embodiments, the present embodiment also provides a computer-readable storage medium, such as a floppy disk, an optical disk, a hard disk, a flash Memory, a usb (universal Digital Memory Card), an SD (Secure Digital Card) Card, an MMC (Multimedia Card) Card, etc., in which one or more instructions for implementing the above steps are stored, and when the one or more instructions are executed by one or more processors, the processor is caused to execute the data transmission method described above. For related implementation, reference is made to the foregoing description, which is not repeated herein.
In addition to the above-described methods and apparatus, embodiments of the present application may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps in the data transmission method according to various embodiments of the present application described in the above-mentioned content of the present specification.
The computer program product may include program code for carrying out operations for embodiments of the present application in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Those skilled in the art will appreciate that the disclosure of the present disclosure is susceptible to numerous variations and modifications. For example, the various devices or components described above may be implemented in hardware, or may be implemented in software, firmware, or a combination of some or all of the three.
Further, while the present disclosure makes various references to certain elements of a system according to embodiments of the present disclosure, any number of different elements may be used and run on a client and/or server. The units are merely illustrative and different aspects of the systems and methods may use different units.
Flow charts are used in this disclosure to illustrate steps of methods according to embodiments of the disclosure. It should be understood that the preceding or subsequent steps need not be performed in the exact order shown. Rather, various steps may be processed in reverse order or simultaneously. Also, other operations may be added to the processes.
It will be understood by those skilled in the art that all or part of the steps of the above methods may be implemented by instructing relevant hardware through a computer program, and the program may be stored in a computer readable storage medium, such as a read-only memory, etc. Alternatively, all or part of the steps of the above embodiments may be implemented using one or more integrated circuits. Accordingly, each module/unit in the above embodiments may be implemented in the form of hardware, and may also be implemented in the form of a software functional module. The present disclosure is not limited to any specific form of combination of hardware and software.
Unless otherwise defined, all terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The foregoing is illustrative of the present disclosure and is not to be construed as limiting thereof. Although a few exemplary embodiments of this disclosure have been described, those skilled in the art will readily appreciate that many modifications are possible in the exemplary embodiments without materially departing from the novel teachings and advantages of this disclosure. Accordingly, all such modifications are intended to be included within the scope of this disclosure as defined in the claims. It is to be understood that the foregoing is illustrative of the present disclosure and is not to be construed as limited to the specific embodiments disclosed, and that modifications to the disclosed embodiments, as well as other embodiments, are intended to be included within the scope of the appended claims. The present disclosure is defined by the claims and their equivalents.
Claims (9)
1. A data transmission method applied to a PCIe bus system, where the PCIe bus system includes a root complex RC device, a switch device and at least one endpoint EP device, the switch device includes an upstream port and at least one downstream port, and each port corresponds to a preset address range, the method includes:
receiving a transaction layer data packet (TLP) message;
the TLP includes a first field and a second field, the first field indicates a security attribute of the TLP, and the second field indicates a destination device address to which the TLP needs to arrive;
if the target equipment address belongs to the preset address range corresponding to each port, determining target equipment based on the target equipment address;
sending the TLP to the target device when the target device is determined to be a security device and the security attribute of the TLP is security;
or, shielding the TLP when it is determined that the target device is a secure device and the security attribute of the TLP is non-secure;
or, in a case that it is determined that the target device is a non-secure device, sending the TLP to the target device.
2. The method according to claim 1, wherein the TLP is processed through a common execution environment REE carried by the target device if it is determined that the target device is a non-secure device.
3. The method of claim 1, wherein if the target device is determined to be a secure device and the security attribute of the TLP is secure, processing the TLP through a trusted execution environment TEE hosted by the target device.
4. The method according to any of claims 1-3, wherein the TLP is provided by an RC device or an EP device;
if the TLP is provided by an RC device, the target device includes an EP device;
if the TLP is provided by the EP device, the target device includes an RC device.
5. The method according to any one of claims 1 to 3, wherein the TLP is masked if the target device address does not belong to the preset address range corresponding to each port.
6. The method according to any of claims 1-3, wherein the first field comprises a TC field in a TLP header of the TLP packet;
the code value of the second field is determined based on a third field of the TLP, where the third field includes an Fmt field and a Type field in a TLP header of the TLP.
7. A data transmission apparatus, applied to a PCIe bus system, where the PCIe bus system includes a root complex RC device, a switch device, and at least one endpoint EP device, the switch device includes an upstream port and at least one downstream port, and each port has a preset address range, the apparatus includes:
a receiving unit, configured to receive a transaction layer packet TLP;
the TLP includes a first field and a second field, the first field indicates a security attribute of the TLP, and the second field indicates a destination device address to which the TLP needs to arrive;
the processing unit is used for determining target equipment based on the target equipment address if the target equipment address belongs to the preset address range corresponding to each port;
a first sending unit, configured to send the TLP to the target device when it is determined that the target device is a security device and a security attribute of the TLP is security;
a first shielding unit, configured to shield the TLP when it is determined that the target device is a secure device and a security attribute of the TLP is insecure;
a second sending unit, configured to send the TLP to the target device when the target device is determined to be a non-secure device.
8. A computer device, comprising:
a memory to store instructions;
a processor for performing the data transfer method of any of claims 1-6 according to instructions stored in the memory.
9. A computer-readable storage medium, characterized in that a computer program is stored which, when executed, implements the data transmission method according to any one of claims 1-6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211248716.4A CN115333861B (en) | 2022-10-12 | 2022-10-12 | Data transmission method, related equipment and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211248716.4A CN115333861B (en) | 2022-10-12 | 2022-10-12 | Data transmission method, related equipment and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115333861A CN115333861A (en) | 2022-11-11 |
CN115333861B true CN115333861B (en) | 2023-02-07 |
Family
ID=83914894
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211248716.4A Active CN115333861B (en) | 2022-10-12 | 2022-10-12 | Data transmission method, related equipment and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115333861B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113489731A (en) * | 2021-07-12 | 2021-10-08 | 于洪 | Data transmission method and system based on virtualization network and network security equipment |
WO2021218278A1 (en) * | 2020-04-28 | 2021-11-04 | 华为技术有限公司 | Method for processing data, and computing device |
CN114925386A (en) * | 2022-07-15 | 2022-08-19 | 飞腾信息技术有限公司 | Data processing method, computer device, data processing system and storage medium |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200089645A1 (en) * | 2018-09-14 | 2020-03-19 | Qualcomm Incorporated | Security techniques for a peripheral component interconnect (pci) express (pcie) system |
WO2021147046A1 (en) * | 2020-01-22 | 2021-07-29 | 华为技术有限公司 | Pcie-based data transmission method and device |
US20210255973A1 (en) * | 2020-12-17 | 2021-08-19 | Intel Corporation | Stream routing and ide enhancements for pcie |
CN113934674B (en) * | 2021-12-17 | 2022-03-01 | 飞腾信息技术有限公司 | PCIE (peripheral component interface express) bus-based command transmission method and system on chip |
CN115102780B (en) * | 2022-07-15 | 2022-12-06 | 飞腾信息技术有限公司 | Data transmission method, related device, system and computer readable storage medium |
CN115150209B (en) * | 2022-09-06 | 2023-01-06 | 军工保密资格审查认证中心 | Data processing method, industrial control system, electronic device, and storage medium |
-
2022
- 2022-10-12 CN CN202211248716.4A patent/CN115333861B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021218278A1 (en) * | 2020-04-28 | 2021-11-04 | 华为技术有限公司 | Method for processing data, and computing device |
CN113489731A (en) * | 2021-07-12 | 2021-10-08 | 于洪 | Data transmission method and system based on virtualization network and network security equipment |
CN114925386A (en) * | 2022-07-15 | 2022-08-19 | 飞腾信息技术有限公司 | Data processing method, computer device, data processing system and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN115333861A (en) | 2022-11-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112534418B (en) | Logical transport over a fixed PCIE physical transport network | |
US7251704B2 (en) | Store and forward switch device, system and method | |
CN103117929B (en) | A kind of communication means of Based PC Ie exchanges data and system | |
CN115102780B (en) | Data transmission method, related device, system and computer readable storage medium | |
US8392645B2 (en) | Switch system, sub-switch and method of controlling switch system | |
US6421746B1 (en) | Method of data and interrupt posting for computer devices | |
EP4080839B1 (en) | Pcie-based data transmission method and apparatus | |
US7827343B2 (en) | Method and apparatus for providing accelerator support in a bus protocol | |
US6385211B1 (en) | Network controller | |
US20220368781A1 (en) | PCIe-Based Data Transmission Method and Apparatus | |
US8352667B2 (en) | I/O connection system and I/O connection method | |
CN115422106A (en) | Interrupt request processing method and device | |
US8090893B2 (en) | Input output control apparatus with a plurality of ports and single protocol processing circuit | |
CN114915499B (en) | Data transmission method, related device, system and computer readable storage medium | |
CN114925386B (en) | Data processing method, computer device, data processing system and storage medium | |
US7120722B2 (en) | Using information provided through tag space | |
WO2005091156A2 (en) | Signaling arrangement and approach therefor | |
CN115333861B (en) | Data transmission method, related equipment and computer readable storage medium | |
US20080263248A1 (en) | Multi-drop extension for a communication protocol | |
US20120005399A1 (en) | Data transmission system and method of reading data | |
US9769093B2 (en) | Apparatus and method for performing InfiniBand communication between user programs in different apparatuses | |
Saadé et al. | A system-level overview and comparison of three High-Speed Serial Links: USB 3.0, PCI Express 2.0 and LLI 1.0 | |
US6298409B1 (en) | System for data and interrupt posting for computer devices | |
CN118337889B (en) | CXL protocol exchange chip and message processing method | |
US20230325330A1 (en) | Data transmission control device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |