下面將結合圖式描述本說明書實施例。
圖1示出根據本說明書實施例的TEE系統100及其中的資料流向示意圖。如圖中所示,系統100包括TEE側11和非TEE側12。其中,在非TEE側12預設有專用的緩衝暫存器121作為共享內部儲存器,用於快取從TEE側傳輸出的特定資料(例如日誌)。在TEE側11運行有第一執行緒,該第一執行緒可獲取第一資料(例如,日誌資料),其藉由調用例如列印函數(_pringf),而將第一資料存入所述緩衝暫存器121中。具體是,例如,所述TEE系統為SGX系統,則_pringf函數可藉由調用Ocall函數切換為非TEE側執行緒。在非TEE側12,第一執行緒將日誌寫入緩衝暫存器121,之後,第一執行緒返回到TEE側,以進行後續步驟。在非TEE側12運行有第二執行緒,該第二執行緒例如藉由輪詢的方式藉由定期調用pop函數從緩衝暫存器121中讀取存入的資料,例如在一次讀取中讀取第二資料。該第二執行緒在讀取到第二資料之後,將該第二資料發送給非TEE側的特定程式(例如日誌系統log4cplus)進行資料列印。
在上述示意圖中,為了保證第一執行緒和第二執行緒同時存取共享內部儲存器的資料安全性,設計了特定的資料結構以允許進行上述過程,下文將對此進行詳細描述。
圖2示出根據本說明書實施例的一種TEE系統中的資料傳輸方法流程圖,所述TEE系統包括TEE側和非TEE側,在所述非TEE側包括共享內部儲存器,所述共享內部儲存器中包括第一位址、第二位址和連續的多個第三位址,其中,所述第一位址用於儲存寫入偏移位址,所述寫入偏移位址指示所述多個第三位址中可寫入的起始位址,所述第二位址用於儲存讀取偏移位址,所述讀取偏移位址指示所述多個第三位址中可讀取的起始位址,所述第三位址用於儲存來自TEE側的資料,所述方法由來自TEE側的第一執行緒執行,包括:
步驟S202,獲取第一資料;
步驟S204,以所述第一資料作為輸入參數調用預定函數,以切換到非TEE側;
步驟S206,藉由讀取第一位址,獲取寫入偏移位址;
步驟S208,藉由讀取第二位址,獲取讀取偏移位址;
步驟S210,判斷所述第一資料的位元組數是否小於等於可寫位元組數,其中,所述可寫位元組數基於所述寫入偏移位址和所述讀取偏移位址確定,其中,每個位址對應於一個位元組;
步驟S212,在所述第一資料的位元組數小於等於可寫位元組數的情況中,將所述第一資料寫入從所述寫入偏移位址開始的第三位址中;
步驟S214,更新所述第一位址中的寫入偏移位址;以及
步驟S216,返回TEE側。
圖3示意示出根據本說明書實施例的共享內部儲存器中資料結構的示意圖。如圖3中所示,所述共享內部儲存器中包括第一位址、第二位址和連續的多個第三位址。圖中示意示出10個第三位址,該10個連續的第三位址例如可分別標識為“1,2,…,10”。該內部儲存器中的每個位址可寫入一個位元組,其中,第一位址用於儲存寫入偏移位址,該寫入偏移位址指示第三位址中可寫入的起始位址;第二位址用於儲存讀取偏移位址,該讀取偏移位址指示第三位址中可讀取的起始位址;第三位址用於儲存希望從TEE側傳輸到非TEE側的資料。例如,在初始還未從TEE側向該共享內部儲存器存入資料的情況中,第三位址中可寫入的起始位址為第1個位址,即位址“1”,因此,第一位址中儲存的寫入偏移位址為“1”。在該情況中,在讀取資料時,由於最多只能讀到寫入偏移位址前一個位址,因此此時的第二位址中的讀取偏移位址也為位址“1”,圖中示意示出了讀取偏移位址(圖中以R表示)和寫入偏移位址(圖中以W表示)分別對應的第三位址(即位址“1”)。可以理解,在該共享內部儲存器中,只限定了多個第三位址是連續的位址,對於第一位址、第二位址和第三位址的位置關係並沒有特別限定,例如,第一位址、第二位址可以分別位於第三位址的兩頭,或者第一位址、第二位址可位於第三位址之後等等。另外,圖3中雖然示意示出該共享內部儲存器中包括10個連續第三位址,在實際應用中,可根據待傳輸資料的具體位元組數確定共享內部儲存器中包括的第三位址的數目。例如,待傳輸資料為TEE側的日誌,例如,該日誌通常有幾十個位元組,從而,可將該共享內部儲存器設置為包括幾百個連續的第三位址。
當TEE側希望向非TEE側傳輸特定資料時,藉由運行TEE側的第一執行緒執行該方法而向共享內部儲存器的第三位址中寫入資料,該第一執行緒例如屬於用於從TEE側向非TEE側傳輸資料的進程。由於在藉由該方法向共享內部儲存器中寫入資料之後,在非TEE側將藉由另外的執行緒將該資料傳送至目標程式,因此,該方法對資料的傳輸方式為非同步傳輸方式,因此,該方法適用於對實時性要求不高、傳輸量較大、且對性能要求較高的資料。從而,所述特定資料例如為日誌、監控資料、統計資料等等。
首先,在步驟S202,獲取第一資料。
所述第一資料例如為TEE中生成的日誌。TEE側在生成日誌之後例如將其儲存到TEE側的預定內部儲存器位置。所述第一執行緒可預設為定期從所述預定內部儲存器位置讀取日誌,從而可定期獲取待傳輸的資料,以定期執行該方法。
步驟S204,以所述第一資料作為輸入參數調用預定函數,以切換到非TEE側。
所述TEE系統例如為SGX系統,在該SGX系統中包括指定位址空間(enclave)作為可信執行環境(TEE),在該指定位址空間中,第一執行緒可藉由調用Ocall函數切換到非指定位址空間側(即非TEE側)。Ocall函數是SGX系統中提供的一種資料傳輸方式,指定位址空間側的執行緒調用Ocall函數之後,使得cpu切換到非指定位址空間側。具體是,在以第一資料作為輸入參數調用Ocall函數之後,在指定位址空間側備份指定位址空間側的暫存器,藉由以第一資料作為輸入參數從而將該第一資料傳輸到非TEE側,然後在非指定位址空間側恢復非指定位址空間側的暫存器資訊,其中包括,將作為輸入參數的第一資料儲存到暫存器中。第一執行緒切換到非TEE側之後,然後可藉由調用其它函數進行後續步驟。
在步驟S206,藉由讀取第一位址,獲取寫入偏移位址。在步驟S208,藉由讀取第二位址,獲取讀取偏移位址。
除了上述圖3示出的寫入偏移位址和讀取偏移位址分別指示第三位址中的位址“1”的情況之外,圖4-圖8分別示出了藉由所述共享內部儲存器傳輸資料過程中的寫入偏移位址和讀取偏移位址。在圖4-圖8中,每個方塊對應於一個位址,方塊內部的資料為其中儲存一個位元組的資料,方塊下方的數字為其位址標識,“R”和“W”如上文指示分別對應於讀取偏移位址和寫入偏移位址。
在圖4中,已經藉由該方法從位址1開始向第三位址中順序寫入了四個位元組“ab\n\0”,並且在非TEE側還未對該共享內部儲存器進行資料讀取,在該情況中,第一位址中儲存的寫入偏移位址(W)指向儲存“\0”之後的位址,即,位址5,第二位址中儲存的讀取偏移位址(R)仍指向位址1。
在圖5中,已經又藉由該方法從位址5開始順序寫入了四個位元組“cd\n\0”,並且在非TEE側仍未對該共享內部儲存器進行資料讀取,在該情況中,寫入偏移位址(W)指向儲存第二個“\0”之後的位址,即,位址9,讀取偏移位址(R)仍指向位址1。
在圖6中,已經在非TEE側藉由下文將描述的方法從讀取偏移位址開始進行資料讀取,該讀取最多只能讀到所述寫入偏移位址之前的一個位址,即該讀取過程讀取了共享內部儲存器中已經寫入的八個位元組“ab\n\0cd\n\0”。在該情況中,在第一位址中儲存的寫入偏移位址仍指向位址9,在第二位址中儲存的讀取偏移位址指向第二個“\0”之後的位址,即,也是位址9。
在圖7中,已經又藉由圖2所示方法從位址9開始向第三位址中順序寫入“ef\n\0”四個位元組。在該情況中,讀取偏移位址未發生變化,仍為位址9,在寫入資料的過程中,當10個位址都寫滿了之後,由於在讀取偏移位址之前的資料都是經過讀取的資料,從而,從位址1到讀取偏移位址(在該情況中為位址9)之前的位址(即位址8)的每個位址都是可以寫入的,因此從位址10跳到位址1繼續進行寫入,在寫完之後,寫入偏移位址指向位址3。
在圖8中,已經又在非TEE側進行對該共享內部儲存器的讀取。具體是,從讀取偏移位址(位址9)開始一直讀取到寫入偏移位址的前一個位址(位址2),在進行該讀取之後,第一位址中的寫入偏移位址仍指向位址3,第二位址中的讀取偏移位址也指向位址3。
在步驟S210,判斷所述第一資料的位元組數是否小於等於可寫位元組數,其中,所述可寫位元組數基於所述寫入偏移位址和所述讀取偏移位址確定,其中,每個位址對應於一個位元組。
本領域技術人員根據寫入偏移位址和讀取偏移位址可容易地確定多個第三位址中的可寫位址,由於一個位址對應於一個位元組,從而可確定可寫位元組數。
例如,在圖3、圖6和圖8所示的情況中,讀取偏移位址和寫入偏移位址指向同一個位址,則可寫位元組數為全部第三位址的數目,即10個。
在圖4、5所示的情況中,寫入偏移位址在讀取偏移位址之後,可寫位元組數是第三位址的數目減去不可寫位元組數,所述不可寫位元組數為寫入偏移位址減去讀取偏移位址的差。例如,在圖4中,寫入偏移位址為5,讀取偏移位址為1,從而,不可寫位元組數為5-1=4,可寫位元組數為10-4=6,其分別對應於位址5到位址10共六個位址。
在圖7所示的情況中,寫入偏移位址在讀取偏移位址之前,在該情況中,可寫位元組數為讀取偏移位址減去寫入偏移位址之差。例如,在圖7中,寫入偏移位址為3,讀取偏移位址為9,從而,可寫位元組數為9-3=6,其分別對應於位址3到位址8共六個位址。
在步驟S212,在所述第一資料的位元組數小於等於可寫位元組數的情況中,將所述第一資料寫入從所述寫入偏移位址開始的第三位址中。
例如,在所述共享內部儲存器中已儲存的資料如圖4所示的情況中,如上文所述,可寫位元組數為6個,當將要寫入的第一資料為“ef\n\0”4個位元組的情況中,由於4<6,因此,可將“ef\n\0”4個位元組寫入5、6、7、8四個位址中。
在所述共享內部儲存器中已儲存的資料如圖7所示的情況中,如上文所述,可寫位元組數為6個,當將要寫入的第一資料為“ghijkl\n\0”8個位元組的情況中,即第一資料的位元組數大於可寫位元組數,從而,將不能向共享內部儲存器中寫入該資料。在該情況中,該寫入執行緒或者進行等待,直到共享內部儲存器中有足夠的可寫位元組數,或者可丟棄該第一資料並返回。圖9示出了根據本說明書另一實施例的共享內部儲存器資料結構。在該資料結構中,除了包括圖3所述的第一位址、第二位址和第三位址之外,還包括第四位址,第四位址中儲存丟棄資料數目。在如上文所述丟棄第一資料之後,在第四位址中將該丟棄資料數目加1。在一個實施例中,該丟棄資料數目為原子變量,從而在TEE側和非TEE側雙執行緒同時操作的情況下,可保證資料安全性。
在步驟S214,更新所述第一位址中的寫入偏移位址。
例如,在對圖3中的第三位址寫入“ab\n\0”之後,將初始的寫入偏移位址“1”更新為寫入偏移位址“5”,從而以便於下次寫入或讀取時對寫入偏移位址的讀取。例如,在對圖4所示的第三位址寫入時,可讀取到最新的寫入偏移位址“5”,從而進行可寫位元組數的計算。
在步驟S216,返回TEE側。
所述第一執行緒可預設為在進行完步驟S214之後返回TEE側,從而,第一執行緒在進行步驟S214之後將自動返回到TEE側,以進行TEE側的後續步驟,例如再次重複該方法。
圖10示出根據本說明書實施例的一種TEE系統中的資料傳輸方法流程圖,所述TEE系統包括TEE側和非TEE側,在所述非TEE側包括共享內部儲存器,所述共享內部儲存器中包括第一位址、第二位址和連續的多個第三位址,其中,所述第一位址用於儲存寫入偏移位址,所述寫入偏移位址指示所述多個第三位址中可寫入的起始位址,所述第二位址用於儲存讀取偏移位址,所述讀取偏移位址指示所述多個第三位址中可讀取的起始位址,所述第三位址用於儲存來自TEE側的資料,所述方法由非TEE側執行,包括:
步驟S1002,藉由讀取第一位址,獲取寫入偏移位址;
步驟S1004,藉由讀取第二位址,獲取讀取偏移位址;
步驟S1006,讀取所述第三位址中的寫入資料中的未讀取位元組作為第二資料,所述未讀取位元組基於所述寫入偏移位址和所述讀取偏移位址確定,其中,每個位址對應於一個位元組;以及
步驟S1008,更新所述第二位址中的讀取偏移位址。
該方法可藉由非TEE側運行的第二執行緒執行,該第二執行緒可同樣屬於上述用於從TEE側向非TEE側傳輸資料的進程。
其中,步驟S1002和步驟S1004可參考上述對步驟S206和步驟S208的描述,在此不再贅述。
在步驟S1006,讀取所述第三位址中的寫入資料中的未讀取位元組作為第二資料,所述未讀取位元組基於所述寫入偏移位址和所述讀取偏移位址確定,其中,每個位址對應於一個位元組。
本領域技術人員根據寫入偏移位址和讀取偏移位址可容易地確定第三位址中的未讀取位元組。
例如,在圖3、圖6和圖8所示的情況中,讀取偏移位址和寫入偏移位址指向同一個位址,則第三位址中不包括未讀取位元組。
在圖4、5所示的情況中,寫入偏移位址在讀取偏移位址之後,所述第三位址中的全部未讀取位元組包括從所述讀取偏移位址開始到所述寫入偏移位址的前一個位址中的各個位元組。例如,在圖4中,寫入偏移位址為5,讀取偏移位址為1,從而,全部未讀取位元組為位址1到4中各個位元組。
在圖7所示的情況中,寫入偏移位址在讀取偏移位址之前,在該情況中,所述全部未讀取位元組為所述第三位址中除已讀取位元組之外的位元組,所述已讀取位元組包括從所述寫入偏移位址開始到所述讀取偏移位址的前一個位址中的各個位元組。例如,在圖7中,寫入偏移位址為3,讀取偏移位址為9,從而,已讀取位元組為位址3到位址8中各個位址中的位元組,從而,全部未讀取位元組為位址1-2和位址9-10中的各個位元組。可以理解,在該步驟中,不一定讀取所述第三位址中的全部未讀取位元組,而可以僅讀取部分未讀取位元組。例如,可預設為一次僅讀取3個位元組,從而,在一次讀取中可讀取全部未讀取位元組中的前三個位元組,剩餘的一個未讀取位元組可留到下一次讀取時讀取。
在步驟S1008,更新所述第二位址中的讀取偏移位址。
例如,在從圖5所示的第三位址讀取八個位元組“ab\n\0cd\n\0”之後,將讀取偏移位址從“1”更新為“9”,從而便於下次寫入或讀取時對讀取偏移位址的讀取。
在一個實施例中,所述第二資料為日誌資料,所述方法還包括,在更新所述第二位址中的讀取偏移位址之後,將所述第二資料發送給在非TEE側的日誌列印程式,以用於列印該第二資料。該列印例如包括在顯示器上顯示,或者存入硬碟中等。
圖11示出根據本說明書實施例的一種TEE系統中的資料傳輸裝置1100,所述TEE系統包括TEE側和非TEE側,在所述非TEE側包括共享內部儲存器,所述共享內部儲存器中包括第一位址、第二位址和連續的多個第三位址,其中,所述第一位址用於儲存寫入偏移位址,所述寫入偏移位址指示所述多個第三位址中可寫入的起始位址,所述第二位址用於儲存讀取偏移位址,所述讀取偏移位址指示所述多個第三位址中可讀取的起始位址,所述第三位址用於儲存來自TEE側的資料,所述裝置部署於來自TEE側的第一執行緒中,包括:
第一獲取單元1101,配置為,獲取第一資料;
調用單元1102,配置為,以所述第一資料作為輸入參數調用預定函數,以切換到非TEE側;
第二獲取單元1103,配置為,藉由讀取第一位址,獲取寫入偏移位址;
第三獲取單元1104,配置為,藉由讀取第二位址,獲取讀取偏移位址;
判斷單元1105,配置為,判斷所述第一資料的位元組數是否小於等於可寫位元組數,其中,所述可寫位元組數基於所述寫入偏移位址和所述讀取偏移位址確定,其中,每個位址對應於一個位元組;
寫入單元1106,配置為,在所述第一資料的位元組數小於等於可寫位元組數的情況中,將所述第一資料寫入從所述寫入偏移位址開始的第三位址中;
更新單元1107,配置為,更新所述第一位址中的寫入偏移位址;以及
返回單元1108,配置為,返回TEE側。
在一個實施例中,所述裝置還包括等待單元1109,配置為,在所述第一資料的位元組數大於可寫位元組數的情況中,進行等待。
在一個實施例中,所述共享內部儲存器中還包括第四位址,用於儲存丟棄資料數目,所述裝置還包括丟棄單元1110,配置為,在所述第一資料的位元組數大於可寫位元組數的情況中,丟棄所述第一資料,並將第四位址中儲存的丟棄資料數目加一。
本說明書另一方面提供一種電腦可讀儲存媒體,其上儲存有電腦程式,當所述電腦程式在電腦中執行時,令電腦執行上述任一項方法。
本說明書另一方面提供一種計算設備,包括儲存器和處理器,其特徵在於,所述儲存器中儲存有可執行代碼,所述處理器執行所述可執行代碼時,實現上述任一項方法。
在本說明書實施例中,因為所述共享內部儲存器會被TEE和非TEE環境同時使用,TEE的特殊性使得無法使用鎖來保證執行緒安全,所以在本方案中,使用了無鎖資料結構,並藉由特殊設計保證執行緒安全。具體是,在共享內部儲存器中包括上述第一位址-第四位址,其中,對於第一位址和第二位址,只會單側寫,另一側只會讀,所以沒有同時寫的問題。另外,針對一邊讀另一邊在寫的情況,因為寫的時候是在寫完了更新寫偏位址,讀的時候是在讀完了更新讀取偏移位址,因此不存在偏移位址更新了,但是資料還沒處理的情況,所以不會讀到未寫完的資料,也不會寫資料覆蓋掉未讀的資料。第三位址中儲存的資料雖然是雙側讀寫,但是藉由由寫入偏移位址和讀取偏移位址控制讀寫的範圍,所以其實是分開的區域,互不干擾。另外,對於第四位址中的丟棄資料數目,雖然也是同時讀寫,但是藉由將其設置為原子變量而保證了資料安全性。
藉由上述無鎖資料結構的設計,為TEE環境提供一種高性能的非同步資料傳輸系統,例如非同步日誌列印系統,減少了TEE系統列印日誌的開銷,提高了TEE系統的運行速度,同時滿足了對日誌系統的一些基本要求。
需要理解,本文中的“第一”,“第二”等描述,僅僅為了描述的簡單而對相似概念進行區分,並不具有其他限定作用。
本說明書中的各個實施例均採用遞進的方式描述,各個實施例之間相同相似的部分互相參見即可,每個實施例重點說明的都是與其他實施例的不同之處。尤其,對於系統實施例而言,由於其基本相似於方法實施例,所以描述的比較簡單,相關之處參見方法實施例的部分說明即可。
上述對本說明書特定實施例進行了描述。其它實施例在所附申請專利範圍的範圍內。在一些情況下,在申請專利範圍中記載的動作或步驟可以按照不同於實施例中的順序來執行並且仍然可以實現期望的結果。另外,在圖式中描繪的過程不一定要求示出的特定順序或者連續順序才能實現期望的結果。在某些實施方式中,多任務處理和並行處理也是可以的或者可能是有利的。
本領域具有通常知識者應該還可以進一步意識到,結合本文中所公開的實施例描述的各示例的單元及演算法步驟,能夠以電子硬體、電腦軟體或者二者的結合來實現,為了清楚地說明硬體和軟體的可互換性,在上述說明中已經按照功能一般性地描述了各示例的組成及步驟。這些功能究竟以硬體還是軟體方式來執行,取決於技術方案的特定應用和設計約束條件。本領域具有通常知識者可以對每個特定的應用來使用不同方法來實現所描述的功能,但是這種實現不應認為超出本申請的範圍。
結合本文中所公開的實施例描述的方法或演算法的步驟可以用硬體、處理器執行的軟體模組,或者二者的結合來實施。軟體模組可以置於隨機存取記憶體(RAM)、內部儲存器、唯讀記憶體(ROM)、電可程式化ROM、電可擦除可程式化ROM、暫存器、硬碟、抽取式磁碟、CD-ROM、或技術領域內所公知的任意其它形式的儲存媒體中。
以上所述的具體實施方式,對本發明的目的、技術方案和有益效果進行了進一步詳細說明,所應理解的是,以上所述僅為本發明的具體實施方式而已,並不用於限定本發明的保護範圍,凡在本發明的精神和原則之內,所做的任何修改、等同替換、改進等,均應包含在本發明的保護範圍之內。
The embodiments of this specification will be described below in conjunction with the drawings.
FIG. 1 shows a schematic diagram of the TEE system 100 and the data flow therein according to an embodiment of the present specification. As shown in the figure, the system 100 includes a TEE side 11 and a non-TEE side 12. Among them, a dedicated buffer register 121 is preset on the non-TEE side 12 as a shared internal storage for caching specific data (such as logs) transmitted from the TEE side. A first thread runs on the TEE side 11, and the first thread can obtain first data (for example, log data), and stores the first data in the buffer by calling, for example, a printing function (_pringf) In the register 121. Specifically, for example, if the TEE system is an SGX system, the _pringf function can be switched to a non-TEE side thread by calling the Ocall function. On the non-TEE side 12, the first thread writes the log into the buffer register 121, and then the first thread returns to the TEE side for subsequent steps. There is a second thread running on the non-TEE side 12, and the second thread, for example, by polling, reads the stored data from the buffer register 121 by periodically calling the pop function, for example, in a read Read the second data. After reading the second data, the second thread sends the second data to a specific program on the non-TEE side (for example, the log system log4cplus) for data printing.
In the above schematic diagram, in order to ensure the data security of the first thread and the second thread simultaneously accessing the shared internal storage, a specific data structure is designed to allow the above process, which will be described in detail below.
Fig. 2 shows a flow chart of a data transmission method in a TEE system according to an embodiment of the specification. The TEE system includes a TEE side and a non-TEE side. The non-TEE side includes a shared internal storage, and the shared internal storage The device includes a first address, a second address, and a plurality of consecutive third addresses, wherein the first address is used to store the write offset address, and the write offset address indicates the A writable start address among the plurality of third addresses, the second address is used to store a read offset address, and the read offset address indicates the plurality of third addresses The third address is used to store data from the TEE side. The method is executed by the first thread from the TEE side and includes:
Step S202, obtain the first data;
Step S204, calling a predetermined function with the first data as an input parameter to switch to the non-TEE side;
Step S206, obtaining a write offset address by reading the first address;
Step S208, obtaining the read offset address by reading the second address;
Step S210: Determine whether the number of bytes of the first data is less than or equal to the number of writable bytes, wherein the number of writable bytes is based on the write offset address and the read offset Address determination, where each address corresponds to a byte;
Step S212: In the case that the number of bytes of the first data is less than or equal to the number of writable bytes, write the first data into a third address starting from the write offset address ;
Step S214, updating the write offset address in the first address; and
Step S216, return to the TEE side.
Fig. 3 schematically shows a schematic diagram of a data structure in a shared internal storage according to an embodiment of the present specification. As shown in FIG. 3, the shared internal storage includes a first address, a second address, and a plurality of consecutive third addresses. The figure schematically shows 10 third addresses, and the 10 consecutive third addresses may be respectively identified as "1,2,...,10", for example. Each address in the internal memory can be written into a byte, where the first address is used to store the write offset address, and the write offset address indicates that the third address can be written The second address is used to store the read offset address, and the read offset address indicates the readable start address in the third address; the third address is used to store the desired Data transmitted from the TEE side to the non-TEE side. For example, in the case where data has not been initially stored in the shared internal memory from the TEE side, the start address that can be written in the third address is the first address, that is, address "1". Therefore, The write offset address stored in the first address is "1". In this case, when reading data, since the address before the write offset can only be read at most, the read offset address in the second address at this time is also address "1" ", the figure schematically shows the third address (ie address "1") corresponding to the read offset address (represented by R in the figure) and the write offset address (represented by W in the figure). It can be understood that in the shared internal storage, only multiple third addresses are limited to be consecutive addresses, and the positional relationship between the first address, the second address, and the third address is not particularly limited, for example , The first address and the second address can be located at both ends of the third address, or the first address and the second address can be located after the third address, etc. In addition, although FIG. 3 schematically shows that the shared internal storage includes 10 consecutive third addresses, in practical applications, the third address included in the shared internal storage can be determined according to the specific number of bytes of the data to be transmitted. The number of addresses. For example, the data to be transmitted is a log on the TEE side. For example, the log usually has tens of bytes. Therefore, the shared internal storage can be set to include hundreds of consecutive third addresses.
When the TEE side wants to transmit specific data to the non-TEE side, the method is executed by running the first thread on the TEE side to write data to the third address of the shared internal memory. The first thread is for example In the process of transferring data from the TEE side to the non-TEE side. Since the data is written to the shared internal storage by this method, the data will be sent to the target program by another thread on the non-TEE side, therefore, the data transmission method of this method is asynchronous transmission method Therefore, this method is suitable for data that does not require high real-time performance, large transmission volume, and high performance requirements. Thus, the specific data is, for example, logs, monitoring data, statistical data, and so on.
First, in step S202, first data is acquired.
The first data is, for example, a log generated in the TEE. After generating the log, the TEE side stores it, for example, in a predetermined internal storage location on the TEE side. The first thread can be preset to periodically read the log from the predetermined internal storage location, so that the data to be transmitted can be periodically obtained to execute the method regularly.
Step S204, call a predetermined function with the first data as an input parameter to switch to the non-TEE side.
The TEE system is, for example, an SGX system. The SGX system includes a designated address space (enclave) as a trusted execution environment (TEE). In the designated address space, the first thread can be switched by calling the Ocall function To the side of the non-designated address space (that is, the non-TEE side). The Ocall function is a data transmission method provided in the SGX system. After the thread on the designated address space side calls the Ocall function, the cpu is switched to the non-designated address space side. Specifically, after calling the Ocall function with the first data as the input parameter, back up the temporary memory on the designated address space side on the designated address space side, and transfer the first data to the designated address space side by using the first data as the input parameter The non-TEE side, and then restore the register information on the non-designated address space side on the non-designated address space side, including storing the first data as the input parameter in the register. After the first thread is switched to the non-TEE side, the subsequent steps can then be performed by calling other functions.
In step S206, the write offset address is obtained by reading the first address. In step S208, the read offset address is obtained by reading the second address.
Except for the case where the write offset address and the read offset address shown in Figure 3 respectively indicate the address "1" in the third address, Figures 4 to 8 respectively show the The write offset address and read offset address in the process of data transmission in shared internal storage are described. In Figure 4-8, each box corresponds to an address, the data inside the box is the data stored in one byte, and the number below the box is the address identifier, "R" and "W" are as above The instructions correspond to the read offset address and the write offset address respectively.
In Figure 4, four bytes "ab\n\0" have been written sequentially from address 1 to the third address by this method, and the shared internal storage has not yet been performed on the non-TEE side. In this case, the write offset address (W) stored in the first address points to the address after "\0" is stored, that is, address 5, and the second address is stored The read offset address (R) still points to address 1.
In Figure 5, four bytes "cd\n\0" have been written sequentially from address 5 by this method, and the shared internal memory has not been read yet on the non-TEE side. In this case, the write offset address (W) points to the address after the second "\0" is stored, that is, address 9, and the read offset address (R) still points to address 1.
In FIG. 6, data reading has been performed from the read offset address on the non-TEE side by the method described below, and the read can only read up to one bit before the write offset address. This means that the reading process reads the eight bytes "ab\n\0cd\n\0" that have been written in the shared internal storage. In this case, the write offset address stored in the first address still points to address 9, and the read offset address stored in the second address points to the bit after the second "\0" Address, that is, also address 9.
In FIG. 7, the method shown in FIG. 2 has been used to sequentially write the four bytes of "ef\n\0" from address 9 to the third address. In this case, the read offset address has not changed, and it is still address 9. In the process of writing data, when the 10 addresses are full, because the offset address before the read The data are all read data, so that each address from address 1 to the address before the read offset address (in this case, address 9) (ie address 8) can be written Therefore, jump from address 10 to address 1 to continue writing. After writing, the write offset address points to address 3.
In Figure 8, the shared internal memory has been read on the non-TEE side again. Specifically, from the read offset address (address 9) to the previous address (address 2) of the write offset address, after the read, the value in the first address The write offset address still points to address 3, and the read offset address in the second address also points to address 3.
In step S210, it is determined whether the number of bytes of the first data is less than or equal to the number of writable bytes, wherein the number of writable bytes is based on the write offset address and the read offset. The shift address is determined, where each address corresponds to a byte group.
Those skilled in the art can easily determine the writable address among the multiple third addresses according to the write offset address and the read offset address. Since one address corresponds to a byte, it can be determined that Write the number of bytes.
For example, in the cases shown in Figure 3, Figure 6, and Figure 8, the read offset address and the write offset address point to the same address, and the number of writable bytes is that of the third address. The number is 10.
In the cases shown in Figures 4 and 5, after the offset address is read, the number of writable bytes is the number of the third address minus the number of unwritable bytes. The number of unwritable bytes is the difference between the write offset address and the read offset address. For example, in Figure 4, the write offset address is 5 and the read offset address is 1, so that the number of unwritable bytes is 5-1=4, and the number of writable bytes is 10-4 =6, which respectively correspond to six addresses from address 5 to address 10.
In the case shown in Figure 7, the write offset address is before the read offset address. In this case, the number of writable bytes is the read offset address minus the write offset address Difference. For example, in Figure 7, the write offset address is 3 and the read offset address is 9, so that the number of writable bytes is 9-3=6, which respectively correspond to addresses 3 to 8 There are six addresses in total.
In step S212, in the case that the number of bytes of the first data is less than or equal to the number of writable bytes, write the first data to a third address starting from the write offset address in.
For example, in the case where the data stored in the shared internal storage is shown in Figure 4, as described above, the number of writable bytes is 6, when the first data to be written is "ef\ In the case of n\0" 4 bytes, since 4<6, 4 bytes of "ef\n\0" can be written into the four addresses of 5, 6, 7, and 8.
In the case where the data stored in the shared internal storage is shown in Figure 7, as described above, the number of writable bytes is 6, when the first data to be written is "ghijkl\n\ In the case of 0" 8 bytes, that is, the number of bytes of the first data is greater than the number of writable bytes, and therefore, the data cannot be written to the shared internal storage. In this case, the write thread may wait until there are enough writable bytes in the shared internal storage, or the first data may be discarded and returned. FIG. 9 shows a data structure of shared internal storage according to another embodiment of the present specification. In this data structure, in addition to the first address, the second address, and the third address described in FIG. 3, it also includes a fourth address, and the fourth address stores the number of discarded data. After discarding the first data as described above, the number of discarded data is increased by 1 in the fourth address. In one embodiment, the number of discarded data is an atomic variable, so that data security can be ensured when the TEE side and the non-TEE side are dual-threaded simultaneously.
In step S214, the write offset address in the first address is updated.
For example, after writing "ab\n\0" to the third address in Figure 3, the initial write offset address "1" is updated to the write offset address "5" to facilitate Read the write offset address during the next write or read. For example, when writing to the third address shown in FIG. 4, the latest write offset address "5" can be read, so as to calculate the number of writable bytes.
In step S216, return to the TEE side.
The first thread can be preset to return to the TEE side after performing step S214. Therefore, the first thread will automatically return to the TEE side after performing step S214 to perform subsequent steps on the TEE side, for example, repeat the step again. method.
FIG. 10 shows a flow chart of a data transmission method in a TEE system according to an embodiment of the present specification. The TEE system includes a TEE side and a non-TEE side. The non-TEE side includes a shared internal storage, and the shared internal storage The device includes a first address, a second address, and a plurality of consecutive third addresses, wherein the first address is used to store the write offset address, and the write offset address indicates the A writable start address among the plurality of third addresses, the second address is used to store a read offset address, and the read offset address indicates the plurality of third addresses The third address is used to store data from the TEE side. The method is executed by the non-TEE side and includes:
Step S1002, obtaining a write offset address by reading the first address;
Step S1004, obtaining the read offset address by reading the second address;
Step S1006: Read unread bytes in the written data in the third address as second data, and the unread bytes are based on the write offset address and the read Determine by taking the offset address, where each address corresponds to a byte; and
Step S1008, update the read offset address in the second address.
The method can be executed by a second thread running on the non-TEE side, and the second thread can also belong to the aforementioned process for transmitting data from the TEE side to the non-TEE side.
For step S1002 and step S1004, reference may be made to the above description of step S206 and step S208, which will not be repeated here.
In step S1006, read unread bytes in the written data in the third address as second data, and the unread bytes are based on the write offset address and the The read offset address is determined, where each address corresponds to a byte group.
Those skilled in the art can easily determine the unread byte group in the third address according to the write offset address and the read offset address.
For example, in the cases shown in Figure 3, Figure 6 and Figure 8, the read offset address and the write offset address point to the same address, and the third address does not include unread bytes .
In the cases shown in FIGS. 4 and 5, the write offset address is after the read offset address, and all unread bytes in the third address include the offset from the read Each byte group from the address beginning to the address preceding the write offset address. For example, in FIG. 4, the write offset address is 5, and the read offset address is 1. Therefore, all unread bytes are each of the addresses 1 to 4.
In the case shown in FIG. 7, the offset address is written before the offset address is read. In this case, the all unread bytes are the third address except the read A byte group other than a byte group, and the read byte group includes each byte group from the write offset address to the previous address of the read offset address. For example, in Figure 7, the write offset address is 3, and the read offset address is 9. Therefore, the read byte is the byte in each address from address 3 to address 8. Therefore, all the unread bytes are the respective bytes in the address 1-2 and the address 9-10. It can be understood that in this step, it is not necessary to read all the unread bytes in the third address, but only part of the unread bytes may be read. For example, it can be preset to read only 3 bytes at a time, so that the first three bytes of all unread bytes can be read in one read, and the remaining one unread byte The group can be read until the next time it is read.
In step S1008, the read offset address in the second address is updated.
For example, after reading eight bytes "ab\n\0cd\n\0" from the third address shown in Figure 5, update the read offset address from "1" to "9", This facilitates the reading of the read offset address during the next write or read.
In one embodiment, the second data is log data, and the method further includes, after updating the read offset address in the second address, sending the second data to the non-TEE The log printing program on the side is used to print the second data. The printing includes, for example, displaying on a display, or storing in a hard disk.
FIG. 11 shows a data transmission device 1100 in a TEE system according to an embodiment of the present specification. The TEE system includes a TEE side and a non-TEE side, and the non-TEE side includes a shared internal storage, the shared internal storage Includes a first address, a second address, and a plurality of consecutive third addresses, where the first address is used to store a write offset address, and the write offset address indicates the A writable start address among a plurality of third addresses, the second address is used to store a read offset address, and the read offset address indicates that among the plurality of third addresses A readable start address, the third address is used to store data from the TEE side, and the device is deployed in the first thread from the TEE side, including:
The first obtaining unit 1101 is configured to obtain the first data;
The calling unit 1102 is configured to call a predetermined function using the first data as an input parameter to switch to the non-TEE side;
The second obtaining unit 1103 is configured to obtain the write offset address by reading the first address;
The third obtaining unit 1104 is configured to obtain the read offset address by reading the second address;
The determining unit 1105 is configured to determine whether the number of bytes of the first data is less than or equal to the number of writable bytes, wherein the number of writable bytes is based on the write offset address and the The read offset address is determined, where each address corresponds to a byte group;
The writing unit 1106 is configured to, when the number of bytes of the first data is less than or equal to the number of writable bytes, write the first data into the data starting from the write offset address In the third address;
The update unit 1107 is configured to update the write offset address in the first address; and
The returning unit 1108 is configured to return to the TEE side.
In one embodiment, the device further includes a waiting unit 1109 configured to wait when the number of bytes of the first data is greater than the number of writable bytes.
In one embodiment, the shared internal storage further includes a fourth address for storing the number of discarded data, and the device further includes a discarding unit 1110 configured to set the number of bytes in the first data In the case of greater than the number of writable bytes, the first data is discarded, and the number of discarded data stored in the fourth address is increased by one.
Another aspect of this specification provides a computer-readable storage medium on which a computer program is stored. When the computer program is executed in a computer, the computer is made to execute any of the above methods.
Another aspect of this specification provides a computing device, including a storage and a processor, wherein the storage stores executable code, and when the processor executes the executable code, any one of the above methods is implemented .
In the embodiment of this specification, because the shared internal storage will be used by both TEE and non-TEE environments, the particularity of TEE makes it impossible to use locks to ensure thread security, so in this solution, a lock-free data structure is used , And guarantee thread safety by special design. Specifically, the shared internal storage includes the above-mentioned first address-fourth address, among which, for the first address and the second address, only one-sided writing will be performed, and the other side will only be read, so there is no simultaneous Questions written. In addition, for the situation where one side is reading and the other is writing, because when writing, the write offset address is updated after writing, and when reading, the read offset address is updated after reading, so there is no offset address update. However, if the data has not been processed, the unwritten data will not be read, and the unread data will not be written over. Although the data stored in the third address is read and written on both sides, the read and write range is controlled by the write offset address and the read offset address, so they are actually separate areas and do not interfere with each other. In addition, although the number of discarded data in the fourth address is also read and written at the same time, data security is ensured by setting it as an atomic variable.
Through the design of the above-mentioned lock-free data structure, a high-performance asynchronous data transmission system is provided for the TEE environment, such as an asynchronous log printing system, which reduces the overhead of the TEE system for printing logs and improves the operating speed of the TEE system. At the same time, it satisfies some basic requirements for the log system.
It should be understood that the descriptions of "first", "second", etc. in this text are merely used to distinguish similar concepts for simplicity of description, and do not have other limiting effects.
The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the attached patent application. In some cases, the actions or steps described in the scope of the patent application may be performed in a different order from the embodiment and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired result. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Those with ordinary knowledge in the art should be further aware that the units and algorithm steps of the examples described in the embodiments disclosed in this article can be implemented by electronic hardware, computer software, or a combination of the two, for clarity Explain the interchangeability of hardware and software. In the above description, the composition and steps of each example have been described generally in terms of function. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those with ordinary knowledge in the art can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
The steps of the method or algorithm described in combination with the embodiments disclosed herein can be implemented by hardware, a software module executed by a processor, or a combination of the two. The software module can be placed in random access memory (RAM), internal storage, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, register, hard disk, extractor Disk, CD-ROM, or any other form of storage medium known in the technical field.
The specific embodiments described above further describe the purpose, technical solutions and beneficial effects of the present invention in further detail. It should be understood that the above are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. The scope of protection, any modification, equivalent replacement, improvement, etc., made within the spirit and principle of the present invention should be included in the scope of protection of the present invention.
