WO2016082185A1 - Access isolation method and apparatus - Google Patents

Access isolation method and apparatus Download PDF

Info

Publication number
WO2016082185A1
WO2016082185A1 PCT/CN2014/092479 CN2014092479W WO2016082185A1 WO 2016082185 A1 WO2016082185 A1 WO 2016082185A1 CN 2014092479 W CN2014092479 W CN 2014092479W WO 2016082185 A1 WO2016082185 A1 WO 2016082185A1
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
mode
service communication
communication mode
access
Prior art date
Application number
PCT/CN2014/092479
Other languages
French (fr)
Chinese (zh)
Inventor
赵福
陈卫
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201480033937.7A priority Critical patent/CN105900070B/en
Priority to PCT/CN2014/092479 priority patent/WO2016082185A1/en
Publication of WO2016082185A1 publication Critical patent/WO2016082185A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory

Definitions

  • the embodiments of the present invention relate to communication technologies, and in particular, to an access isolation method and apparatus.
  • a network device for mobile communication in the field of wireless communication such as a baseband chip inside a base station, needs to simultaneously run one platform software and at least two baseband service software corresponding to the wireless communication mode. Since the functions implemented by different baseband service software may belong to different wireless communication modes or belong to different communication carriers, in order to provide safer and more reliable communication service services, the physical software between the platform software and the baseband service software and the baseband service software The isolation of access becomes a very important requirement.
  • APIs application programming interfaces
  • the embodiment of the invention provides an access isolation method and device to solve the problem of mutual interaction between concurrent software.
  • an embodiment of the present invention provides an access isolation method, including:
  • the peripheral device Receiving, by the peripheral device, a first access instruction corresponding to the channel group configuration space in the peripheral device; the first access instruction includes: an access address of the channel group configuration space and a mode identifier of a service communication mode;
  • the peripheral device verifies a mode identifier of the service communication mode
  • the peripheral accepts access to the channel group configuration space.
  • the peripheral device performs verification on a mode identifier of the service communication mode, including:
  • the peripheral device verifies the mode identifier of the service communication mode according to the preset mode identifier
  • the peripheral determines that the mode identifier of the service communication mode is valid.
  • the peripheral device before verifying the mode identifier of the service communication mode according to the preset mode identifier, further includes :
  • the peripheral device receives a second access instruction corresponding to the management configuration space in the peripheral device issued by the processor corresponding to the communication management mode; the second access instruction includes: an access address of the channel group configuration space;
  • the peripheral device Determining, by the peripheral device, the channel group configuration space according to the access address of the channel group configuration space, associating the channel group configuration space with at least one channel, and configuring the preset mode for the channel group configuration space Identifier.
  • the peripheral device performs verification on a mode identifier of the service communication mode, including:
  • the peripheral device determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, where the preset mode identifier group includes at least one mode identifier;
  • the peripheral device determines that the mode identifier of the service communication mode is valid.
  • the peripheral device determines, according to the preset mode identifier group, whether a mode identifier of the service communication mode is the preset Before setting the identifier in the pattern identification group, it also includes:
  • the peripheral device receives a third access instruction corresponding to the management configuration space in the peripheral device;
  • the third access instruction is an instruction issued by a processor corresponding to the communication management mode, and the third access instruction includes: The access address of the channel group configuration space;
  • the first access instruction includes: a processor sent by the processor corresponding to the service communication mode Instruction; or,
  • the first access instruction includes an instruction issued by another peripheral.
  • an embodiment of the present invention provides an access isolation method, including:
  • the fourth access instruction comprising: an access address of the memory, a mode identifier of a service communication mode, and a packet identifier of the service communication mode;
  • the memory sequentially checks a mode identifier of the service communication mode and a packet identifier of the service communication mode;
  • the memory accepts access by the peripheral to the memory.
  • the memory in sequence, checks a mode identifier of the service communication mode and a packet identifier of the service communication mode, including:
  • the memory verifies the mode identifier of the service communication mode according to the preset mode identifier
  • the memory determines that the mode identifier of the service communication mode is valid
  • the memory checks a packet identifier of the service communication mode according to a preset packet identifier
  • the memory determines that the packet identifier of the service communication mode is valid.
  • the memory sequentially checks a mode identifier of the service communication mode and a packet identifier of the service communication mode. Previously, it also included:
  • the memory receives a fifth access instruction issued by a processor corresponding to the communication management mode;
  • the five access instructions include: an access address of the memory;
  • the memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier and the preset packet identifier for the memory address segment.
  • the memory in sequence, performs verification on a mode identifier of the service communication mode and a packet identifier of the service communication mode, including:
  • the memory Determining, by the memory according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group; wherein the preset mode identifier group includes at least one mode identifier;
  • the memory determines that a mode identifier of the service communication mode is valid
  • the memory determines, according to the preset group identity group, whether the packet identifier of the service communication mode is an identifier in the preset group identity group;
  • the preset group identification group includes at least one group identifier;
  • the memory sequentially checks a mode identifier of the service communication mode and a packet identifier of the service communication mode. Previously, it also included:
  • the memory receives a sixth access instruction issued by a processor corresponding to the communication management mode; the sixth access instruction includes: an access address of the memory;
  • the memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier group and the preset group identifier group for the memory address segment.
  • an embodiment of the present invention provides an access isolation device, where the access isolation device is located in a peripheral device, where the access isolation device includes: a receiving port, and a verification module; wherein the receiving port and the verification Module connection
  • the receiving port is configured to receive a first access instruction corresponding to a channel group configuration space in the peripheral device, and send the first access instruction to the verification module;
  • the first access instruction includes: The access address of the channel group configuration space and the mode identifier of the service communication mode;
  • the verification module is configured to check a mode identifier of the service communication mode, and if the mode identifier of the service communication mode is valid, accept access to the channel group configuration space.
  • the verification module is further configured to: before the mode identifier of the service communication mode is verified, according to the preset mode identifier, And verifying the mode identifier of the service communication mode, and if the preset mode identifier is the same as the mode identifier of the service communication mode, determining that the mode identifier of the service communication mode is valid.
  • the receiving port is further configured to: in the verifying module, the service according to the preset mode identifier Before the mode identifier of the communication mode is verified, receiving a second access instruction corresponding to the management configuration space in the peripheral device sent by the processor corresponding to the management channel mode; the second access instruction includes: the channel group configuration space Access address;
  • the verification module is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and configure a space configuration for the channel group.
  • the preset mode identifier is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and configure a space configuration for the channel group.
  • the verification module is further configured to determine, according to the preset mode identifier group, whether the mode identifier of the service communication mode is the pre- An identifier in the mode identification group, if the mode identifier of the service communication mode is an identifier in the preset mode identification group, determining that the mode identifier of the service communication mode is valid; wherein the preset mode The identification group includes at least one mode identifier.
  • the receiving port is further configured to determine, by the verification module, the service according to the preset mode identifier group Receiving a third access instruction corresponding to the management configuration space in the peripheral device before the mode identifier of the communication mode is the identifier in the preset mode identification group; the third access instruction is a processor corresponding to the communication management mode An issued instruction, where the third access instruction includes: an access address of the channel group configuration space;
  • the verification module is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and configure a space configuration for the channel group.
  • the preset mode identifies a group.
  • the first access instruction includes: a processor sent by the processor corresponding to the service communication mode Instruction; or,
  • the first access instruction includes an instruction issued by another peripheral.
  • an embodiment of the present invention provides an access isolation device, where the access isolation device is located in a memory; the access isolation device includes: a receiving port, and a verification module; and the receiving port is connected to the verification module;
  • the receiving port is configured to receive a fourth access instruction sent by the peripheral device, where the fourth access instruction includes: an access address of the memory, a mode identifier of a service communication mode, and a packet identifier of the service communication mode;
  • the verification module is configured to sequentially check a mode identifier of the service communication mode and a packet identifier of the communication mode, if a mode identifier of the service communication mode and a grouping of the service communication mode When the identifiers are both valid, the peripherals are accepted for access to the memory.
  • the verification module is further configured to verify, according to the preset mode identifier, a mode identifier of the service communication mode, if Determining that the mode identifier of the service communication mode is valid if the preset mode identifier is the same as the mode identifier of the service communication mode, and if the mode identifier of the service communication mode is valid, according to a preset packet identifier And verifying, by the packet identifier of the service communication mode; if the preset packet identifier is the same as the packet identifier of the service communication mode, determining that the packet identifier of the service communication mode is valid.
  • the receiving port is further configured to sequentially perform a mode identifier and a location identifier of the service communication mode in the verification module. Before verifying the packet identifier of the service communication mode, receiving a fifth access instruction issued by the processor corresponding to the management communication mode, and determining the access of the memory according to the access address of the memory in the fifth access instruction An associated memory address segment, and configuring the preset mode identifier and the preset packet identifier for the memory address segment.
  • the verification module is further configured to determine, according to the preset mode identifier group, whether the mode identifier of the service communication mode is the pre- Setting an identifier in the mode identifier group, if the mode identifier of the service communication mode is an identifier in the preset mode identifier group, determining that the mode identifier of the service communication mode is valid, if If the mode identifier of the service communication mode is valid, determining, according to the preset group identity group, whether the packet identifier of the service communication mode is an identifier in the preset group identity group, if the packet identifier of the service communication mode And determining, by the identifier in the group, the group identifier of the service communication mode is valid, where the preset mode identifier group includes at least one mode identifier; and the preset group identifier group includes at least A packet identifier.
  • the receiving port is further configured to sequentially perform, in the verification module, a mode identifier and a location identifier of the service communication mode. Before verifying the packet identifier of the service communication mode, receiving a sixth access instruction issued by the processor corresponding to the management communication mode, and determining, according to the memory access address in the sixth access instruction, according to the memory access address.
  • the memory address segment to which the memory access address belongs, and the preset mode identifier group and the preset group identifier group are configured for the memory address segment.
  • the access isolation method and device provided by the embodiment of the present invention, because the peripheral device can verify the mode identifier of the service communication mode carried in the received access command, only the mode identifier of the service communication mode is valid. In case, the access to the channel group configuration space is accepted, so that the peripheral device can only accept the access channel group configuration space corresponding to the access instruction of the different service communication mode, and implement the access instruction of the peripheral for the received different service communication modes.
  • the isolation of physical isolation avoids the interaction of abnormal operations between concurrent software.
  • FIG. 1 is a flowchart of an access isolation method according to Embodiment 1 of the present invention.
  • FIG. 2 is a flowchart of an access isolation method according to Embodiment 2 of the present invention.
  • FIG. 3 is a flowchart of another access isolation method according to Embodiment 2 of the present invention.
  • FIG. 5 is a schematic structural diagram of an access isolation device according to Embodiment 4 of the present invention.
  • FIG. 6 is a schematic structural diagram of an access isolation device according to Embodiment 5 of the present invention.
  • FIG. 7 is a flowchart of an access isolation method according to Embodiment 6 of the present invention.
  • FIG. 8 is a flowchart of another access isolation method according to Embodiment 6 of the present invention.
  • FIG. 1 is a flowchart of an access isolation method according to Embodiment 1 of the present invention.
  • the solution provided by the embodiment of the present invention is applicable to a situation in which a network device of a mobile communication, such as an access corresponding to a different service communication mode running on a baseband chip received by a peripheral device in a base station, is isolated.
  • a substrate is included inside the base station, wherein the substrate includes: a baseband chip, a peripheral device, a memory, and the like.
  • the baseband chip includes at least one processor, and the processor may be a central processing unit (CPU) or a digital signal processing (DSP) module.
  • the memory may be, for example, a Double Data Rate Synchronous Dynamic Random Access Memory (DDR SDRAM).
  • DDR SDRAM Double Data Rate Synchronous Dynamic Random Access Memory
  • the baseband service software corresponding to the different service communication mode may be run on a processor inside the baseband chip, and the corresponding module in the base station is triggered to send an access instruction to the accessed module by calling a corresponding execution program, thereby implementing the internal base station.
  • the method can be performed by an access isolation device, which can be located in a peripheral device. As shown in FIG. 1, the method specifically includes the following:
  • Step 101 The peripheral device receives a first access instruction corresponding to the channel group configuration space in the peripheral device.
  • the first access instruction includes: an access address of the channel group configuration space and a mode identifier of the service communication mode.
  • the peripheral device may be, for example, an input/output port, a storage, a hardware accelerator, or the like on a baseband processing chip in the base station.
  • the service communication mode may be a radio access type (RAT).
  • the RAT may be, for example, an access type corresponding to different communication network standards.
  • the different communication system can be, for example, a Global System for Mobile in a 2nd Generation (2G) communication system (Global System for Mobile) Communications, referred to as GSM), Code Division Multiple Access (CDMA) system, or Time Division Multiple Access (TDMA) system, can also be third generation (3rd Generation, referred to as 3G) CDMA2000 system in communication system, Wideband Code Division Multiple Access (WCDMA) system or Time Division-Synchronous Code Division Multiple Access (TD-)
  • WCDMA Wideband Code Division Multiple Access
  • TD- Time Division-Synchronous Code Division Multiple Access
  • the SCDMA system the Worldwide Interoperability for Microwave Access (WiMAX) system, or the 4th Generation (4G) communication system or higher.
  • the 4G communication system may be a Time Division Long Term Evolution (TD-LTE) system or a Frequency Division Duplexing Long Term Evolution (FDD-LTE) system.
  • the channel group configuration space in the peripheral device may be a space with a preset address range obtained by dividing the preset space in the peripheral device according to the address segment according to the number of service communication modes supported by the base station.
  • One channel group configuration space in the peripheral device corresponds to at least one service communication mode, and the channel group configuration space with the preset address range can only accept access corresponding to the service communication mode.
  • the access address of the channel group configuration space included in the first access instruction may be any one of the address ranges corresponding to the channel group configuration space.
  • the mode identifier of the service communication mode included in the first access instruction may be a RAT identifier.
  • the RAT identifier may be, for example, a virtual mode identifier (VMID) corresponding to the service communication mode.
  • VMID virtual mode identifier
  • the base station supports two service communication modes
  • the identifiers corresponding to the two service communication modes can be represented by one binary digits of 0 and 1, respectively.
  • the identifiers corresponding to the four service communication modes in this embodiment may be represented by two binary digits 00, 01, 10, and 11, respectively.
  • the peripheral can receive the first access command, for example, via its internal signaling receiving port.
  • the signaling receiving port may be, for example, a slave interface in the peripheral device.
  • the peripheral device further includes at least a master interface for sending access commands to other modules or structures in the base station.
  • Step 102 The peripheral checks the mode identifier of the service communication mode.
  • the peripheral device verifies the mode identifier of the service communication mode, and may be a correspondence table between the preset service communication mode and the mode identifier, and is included in the first access instruction.
  • the mode identifier of the service communication mode is checked to determine whether the channel group configuration space is a configuration space corresponding to the service communication mode.
  • Step 103 If the mode identifier of the service communication mode is valid, the peripheral accepts access to the channel group configuration space.
  • the mode identifier of the service communication mode is valid, that is, the channel group configuration space is a configuration space corresponding to the service communication mode, and thus, the peripheral accepts access to the channel group configuration space, that is, the peripheral device.
  • the first access instruction is allowed to access the channel group configuration space.
  • the peripheral device needs to reject the first access instruction to access the channel group configuration space. And issued an error warning.
  • the peripheral device can verify the mode identifier of the service communication mode carried in the received access command, only the mode identifier of the service communication mode is valid. In this case, access to the channel group configuration space of the peripheral is accepted, thereby ensuring that the peripheral can only allow access to the corresponding channel group configuration space of the access instruction of different service communication modes, and realize the different service communication modes of the peripheral for receiving.
  • the isolation of the access instructions is physically isolated to avoid the interaction of abnormal operations between concurrent software.
  • FIG. 2 is a flowchart of an access isolation method according to Embodiment 2 of the present invention. As shown in FIG. 2, the access isolation method provided in this embodiment is based on the method in the foregoing embodiment, wherein the step 102 performs verification on the mode identifier of the service communication mode, which may include:
  • Step 201 The peripheral device verifies the mode identifier of the service communication mode according to the preset mode identifier.
  • Step 202 If the preset mode identifier is the same as the mode identifier of the service communication mode, the peripheral determines that the mode identifier of the service communication mode is valid.
  • the preset mode identifier is a mode identifier corresponding to the one service communication mode.
  • the peripheral device verifies the mode identifier of the service communication mode, that is, the mode identifier included in the first access instruction, according to the preset mode identifier.
  • the peripheral device may be configured to compare whether the preset mode identifier is the same as the mode identifier of the service communication mode, thereby implementing a mode of the service communication mode. The identifier is verified.
  • the peripheral device may determine that the mode identifier of the service communication mode is valid, and if not, the peripheral may determine the service communication mode.
  • the mode identifier is invalid.
  • the method further includes:
  • the peripheral device receives a second access instruction corresponding to the management configuration space in the peripheral device issued by the processor corresponding to the communication management mode; the second access instruction includes: an access address of the channel group configuration space.
  • the communication management mode may be an operation management platform of the baseband service software corresponding to the service communication, and the operation management platform may provide a running operating system platform for the baseband service software corresponding to the service communication mode.
  • the processor corresponding to the communication management mode may be any processor on the baseband chip operated by the platform software corresponding to the communication management mode, such as a CPU.
  • the management configuration space in the peripheral device may be, for example, a space having a preset address range corresponding to the communication management mode in the peripheral device.
  • the peripheral device only allows the access instruction corresponding to the communication management mode to access the management configuration space, that is, the second access instruction further includes: an access address corresponding to the management configuration space.
  • Step 201b The peripheral device determines the channel group configuration space according to the access address of the channel group configuration space, associates the channel group configuration space with at least one channel, and configures the preset mode identifier for the channel group configuration space.
  • different channels may be structures or modules that implement different functions in the peripheral.
  • the channel group configuration space is associated with at least one channel, that is, the channel group configuration space divides the corresponding address range into at least one address segment, wherein different address segments can respectively correspond to different channels, so that Accessing an address in the channel group configuration space can implement the corresponding function through the channel corresponding to the address.
  • the peripheral device associates the channel group configuration space with the at least one channel, and the channel group configuration space and the channel group correspondence table are established on the peripheral side, where one channel group configuration space corresponds to at least one channel.
  • the peripheral device also configures the preset mode identifier for the channel group, that is, in the solution of the embodiment, at least one channel in the same channel group configuration space has the same mode identifier, and a mode identifier corresponds to A business communication mode.
  • FIG. 3 is a flowchart of another access isolation method according to Embodiment 2 of the present invention. As shown in FIG. 3, the access isolation method provided by the embodiment is based on the method in the foregoing embodiment, wherein the peripheral device performs the verification of the mode identifier of the service communication mode in step 102, and may further include:
  • Step 301 The peripheral device determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, where the preset mode identifier group includes at least one mode identifier.
  • Step 302 If the mode identifier of the service communication mode is an identifier in the preset mode identification group, the peripheral determines that the mode identifier of the service communication mode is valid.
  • the preset mode identifies at least one mode identifier included in the group, corresponding to a service communication mode.
  • the peripheral device determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, and may be a mode identifier of the service communication mode in the preset mode identifier group. The symbol is searched. If it can be retrieved, the mode identifier of the service communication mode is the identifier in the preset mode identification group, that is, the mode identifier of the service communication mode is valid. Correspondingly, if not retrieved, the mode identifier of the service communication mode is invalid.
  • the peripheral device determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is the identifier in the preset mode identifier group, the method further includes:
  • Step 301a The peripheral device receives a third access instruction corresponding to the management configuration space in the peripheral device; the third access instruction is an instruction issued by a processor corresponding to the communication management mode, and the third access instruction includes: the channel group configuration space Access address.
  • Step 301b The peripheral device determines the channel group configuration space according to the access address of the channel group configuration space, associates the channel group configuration space with at least one channel, and configures the preset mode identifier group for the channel group configuration space.
  • the solution for verifying according to the preset mode identifier group is similar to the foregoing scheme for verifying according to the preset mode identifier, wherein the step 301b is similar to the foregoing step 302b, except that the space configuration is configured for the channel group.
  • the preset mode identifies the group, that is, configures at least one mode identifier.
  • the first access instruction includes: The instruction sent by the processor corresponding to the business communication mode.
  • the processor corresponding to the service communication mode may be at least one processor on a baseband chip operated by the baseband service software corresponding to the service communication mode, where each processor corresponds to an implementation of a service communication mode.
  • the first access instruction includes an instruction issued by a processor corresponding to the service communication mode, that is, the embodiment of the present invention can isolate the different service communication modes of the channel configuration space in the peripheral access of the processor.
  • the first access instruction includes instructions issued by other peripherals.
  • the embodiment of the present invention may also isolate other peripherals from accessing different service communication modes of the channel group configuration space in the peripheral.
  • the solution of the embodiment may also provide a communication mode isolation scheme in which a plurality of different physical structures access each other. This access isolation scheme is more versatile.
  • Embodiment 3 of the present invention further provides an access isolation method.
  • the method can be performed by an access isolation device that can be located in memory.
  • FIG. 4 is a flowchart of an access isolation method according to Embodiment 3 of the present invention. As shown in FIG. 4, the method may specifically include the following steps:
  • Step 401 The memory receives a fourth access instruction sent by the peripheral, where the fourth access instruction includes: an access address of the memory, a mode identifier of the service communication mode, and a packet identifier of the service communication mode.
  • the peripheral device includes at least one channel group corresponding to the service communication mode, wherein each channel group corresponds to an implementation function of the service communication mode.
  • the memory in combination with the received fourth access instruction, may be an instruction issued by the peripheral. If the peripheral needs to access the memory to implement the preset function of the preset communication mode, the fourth access instruction includes: a mode identifier of the service communication mode and a packet identifier of the service communication mode.
  • the mode identifier of the service communication mode may be the virtual mode identifier described in the foregoing embodiment, and details are not described herein again.
  • the packet identifier (Group ID) of the service communication mode may be an identifier corresponding to a function required to be implemented by the service communication mode.
  • the packet identifier can pass
  • the identifier or indication information of the function may also be represented by a preset address identifier, which corresponds to a function required to be implemented by the service communication mode.
  • Step 402 The memory sequentially checks the mode identifier of the service communication mode and the packet identifier of the service communication mode.
  • Step 403 If the mode identifier of the service communication mode and the packet identifier of the service communication mode are both valid, the memory accepts access of the peripheral to the memory.
  • the memory checks the mode identifier of the service communication mode, and actually checks whether the access address of the memory included in the fourth access instruction is a preset address segment corresponding to the service communication mode.
  • the memory verifies the packet identifier of the service communication mode, and actually checks whether the access address of the memory included in the fourth access instruction is a preset address segment corresponding to an implementation function in the service communication mode. . Therefore, the memory sequentially checks the mode identifier and the packet identifier of the service communication mode, and actually checks the service communication mode of the access address of the memory, and based on this, performs the service communication mode here. Verification of the corresponding function.
  • the memory accepts the access address of the memory by the fourth access instruction. If not, the memory rejects the fourth access instruction accessing the memory access address and issues an error warning.
  • the mode identifier and the packet identifier of the service communication mode included in the access instruction sent by the received peripheral are sequentially verified by the memory, and only the mode identifier and the packet identifier are valid.
  • the function of the service communication mode can be further finely isolated to avoid concurrent The interaction between abnormal operations between software.
  • the memory in the step 402 is used to check the mode identifier of the service communication mode and the packet identifier of the service communication mode, which may include:
  • the memory verifies the mode identifier of the service communication mode according to the preset mode identifier.
  • the memory determines that the mode identifier of the service communication mode is valid.
  • the memory checks the packet identifier of the service communication mode according to the preset packet identifier.
  • the memory is indeed The packet identifier of the service communication mode is valid.
  • the memory sequentially checks the mode identifier and the packet identifier of the service communication mode, and may be a mode identifier that first checks the service communication mode, where the mode identifier of the service communication mode is valid. Then, the packet identifier of the service communication mode is verified. At this time, if the packet identifier of the service communication mode is valid, the memory can determine that the mode identifier and the packet identifier of the service communication mode are valid.
  • the method before the verifying, in step 402, the mode identifier of the service communication mode and the packet identifier of the service communication mode, the method further includes:
  • the memory receives a fifth access instruction issued by a processor corresponding to the communication management mode; the fifth access instruction includes: an access address of the memory.
  • the memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier and the preset packet identifier for the memory address segment.
  • the memory includes at least one memory group, each memory group includes at least one memory address segment, and each memory address segment corresponds to an implementation function of a service communication mode.
  • each memory group also exists in the form of an address segment, except that the address range of the address segment included in the memory group is smaller than the address range of the address segment of the memory, that is, the address of the address segment of the memory group. The range is within the address range of the address segment of the memory.
  • the memory allocates the preset mode identifier to the memory address segment in the memory according to the fifth access instruction sent by the processor corresponding to the received communication management mode, and the preset packet identifier is actually a different memory address.
  • the segment is associated with the service communication mode and the implementation function of the service communication mode, so that the access of the memory address segment of the memory can implement the corresponding implementation function of the service communication mode.
  • the memory sequentially verifies the mode identifier of the service communication mode and the packet identifier of the service communication mode, and may include:
  • the memory determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, where the preset mode identifier group includes at least one mode identifier.
  • the memory determines that the mode identifier of the service communication mode is valid.
  • the memory identifies the group according to the preset group. Determining whether the packet identifier of the service communication mode is an identifier in the preset packet identification group; wherein the preset packet identification group includes at least one packet identifier.
  • the memory determines that the packet identifier of the service communication mode is valid.
  • the memory is configured to verify, according to the preset mode identifier group and the preset group identifier group, the mode identifier of the service communication mode included in the fifth access instruction and the packet identifier of the service communication mode.
  • the peripheral device is similar to the mode identifier of the service communication mode in the first access instruction, and the difference is only in the solution of the service communication mode in the solution in this embodiment. In the case where the character is valid, the packet identifier of the service communication mode needs to be verified, and a similar part thereof will not be described herein.
  • the method may further include:
  • the memory receives a sixth access instruction issued by a processor corresponding to the communication management mode; the sixth access instruction includes: an access address of the memory.
  • the memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier group and the preset group identifier group for the memory address segment.
  • the access isolation method provided by the embodiment of the present invention can sequentially perform the mode identifier and the packet identifier of the service communication mode included in the access instruction issued by the channel group corresponding to the service communication mode in the received peripheral device through the memory.
  • the mode identifier and the packet identifier are both valid, the access of the peripheral to the memory is accepted, and on the basis of ensuring isolation of the service communication mode of the peripheral access to the memory,
  • the implementation of the business communication mode performs more granular isolation and avoids the phenomenon of abnormal operation between concurrent software.
  • the solution of the embodiment further provides a plurality of implementation manners of the access isolation method by providing a plurality of methods for verifying the mode identifier and the packet identifier of the service communication mode, so as to better implement the memory.
  • the effective physical isolation of the access commands corresponding to different functions of the service communication mode ensures the normal operation of the concurrent software.
  • Embodiment 4 of the present invention provides an access isolation device, which may be located in a peripheral device.
  • FIG. 5 is a schematic structural diagram of an access isolation device according to Embodiment 4 of the present invention.
  • the access isolation device 500 includes a receiving port 501 and a verification module 502.
  • the receiving port 501 is connected to the check module 502.
  • the receiving port 501 can be a slave interface of the peripheral.
  • the receiving port 501 is configured to receive a first access instruction corresponding to the channel group configuration space in the peripheral device, and send the first access instruction to the verification module 502.
  • the first access instruction includes: an access address of the channel group configuration space and a mode identifier of the service communication mode.
  • the verification module 502 is configured to check the mode identifier of the service communication mode, and if the mode identifier of the service communication mode is valid, accept the access to the channel group configuration space.
  • the verification module 502 is further configured to: before the verification of the mode identifier of the service communication mode, verify the mode identifier of the service communication mode according to the preset mode identifier, if the If the mode identifier is the same as the mode identifier of the service communication mode, it is determined that the mode identifier of the service communication mode is valid.
  • the receiving port 501 is further configured to: before the verification module 502 checks the mode identifier of the service communication mode according to the preset mode identifier, receive the external sent by the processor corresponding to the management channel mode. And a second access instruction corresponding to the management configuration space; the second access instruction includes: an access address of the channel group configuration space.
  • the verification module 502 is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and configure the preset mode identifier for the channel group configuration space. symbol.
  • the verification module 502 is further configured to determine, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier corresponding to the preset mode identifier group, if the mode identifier of the service communication mode is The preset mode identifies the identifier in the group, and then determines that the mode identifier of the service communication mode is valid; wherein the preset mode identification group includes at least one mode identifier.
  • the receiving port 501 is further configured to: before the verification module 502 determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, receiving the outer And a third access instruction corresponding to the management management space; the third access instruction is an instruction issued by a processor corresponding to the communication management mode, and the third access instruction includes: an access address of the channel group configuration space.
  • the verification module 502 is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and configure the preset mode identifier for the channel group configuration space.
  • the preset mode identification group includes at least one mode identifier.
  • the first access instruction in the foregoing solution includes: the service communication mode corresponding to An instruction issued by the processor; or,
  • the first access instruction includes: an instruction issued by another peripheral.
  • the access isolation device provided in this embodiment may perform the access isolation method according to the first embodiment or the second embodiment, and the specific implementation process and the beneficial effects are similar to the first embodiment or the second embodiment, and details are not described herein again. .
  • Embodiment 5 of the present invention further provides an access isolation device.
  • FIG. 6 is a schematic structural diagram of an access isolation device according to Embodiment 5 of the present invention. As shown in FIG. 6, the access isolation device 600 is located in the memory.
  • the access isolation device 600 includes a receiving port 601 and a verification module 602.
  • the receiving port 601 is connected to the verification module 602.
  • the receiving port 601 is configured to receive a fourth access instruction sent by the peripheral device, where the fourth access instruction includes: an access address of the memory, a mode identifier of the service communication mode, and a packet identifier of the service communication mode.
  • a verification module 602 configured to sequentially verify a mode identifier of the service communication mode and a packet identifier of the communication mode, if the mode identifier of the service communication mode and the packet identifier of the service communication mode are valid, Accept the access of the peripheral to the memory.
  • the verification module 602 is further configured to check, according to the preset mode identifier, the mode identifier of the service communication mode, if the preset mode identifier is the same as the mode identifier of the service communication mode, Determining that the mode identifier of the service communication mode is valid, and if the mode identifier of the service communication mode is valid, verifying the packet identifier of the service communication mode according to the preset packet identifier; if the preset packet identifier The same as the packet identifier of the service communication mode, it is determined that the packet identifier of the service communication mode is valid.
  • the receiving port 601 is further configured to: after the verification module 602 sequentially checks the mode identifier of the service communication mode and the packet identifier of the service communication mode, receive, by the processor corresponding to the management communication mode, a fifth access instruction, determining, according to the access address of the memory in the fifth access instruction, a memory address segment to which the memory access belongs, and configuring the preset mode identifier and the preset group identifier for the memory address segment symbol.
  • the verification module 602 is further configured to determine, according to the preset mode identification group, whether the mode identifier of the service communication mode is an identifier in the preset mode identification group, if the mode identifier of the service communication mode Determining the identifier in the group for the preset mode, determining the service communication mode The mode identifier is valid. If the mode identifier of the service communication mode is valid, determining, according to the preset group identification group, whether the packet identifier of the service communication mode is an identifier in the preset group identification group, if the service communication mode The packet identifier is an identifier in the preset packet identification group, and it is determined that the packet identifier of the service communication mode is valid.
  • the preset mode identifier group includes at least one mode identifier; the preset packet identifier group includes at least one packet identifier.
  • the receiving port 601 is further configured to: after the verification module 602 sequentially checks the mode identifier of the service communication mode and the packet identifier of the service communication mode, the processor corresponding to the communication management mode is sent. a sixth access instruction, and determining, according to the memory access address in the sixth access instruction, a memory address segment to which the memory access address belongs according to the memory access address, and configuring the preset mode identifier group for the memory address segment and the Preset group identification group.
  • the access isolation device provided in this embodiment may perform the access isolation method in the foregoing embodiment 3.
  • the specific implementation process and the beneficial effects are similar to those in the foregoing embodiment 3, and details are not described herein again.
  • FIG. 7 is a flowchart of an access isolation method according to Embodiment 6 of the present invention. As shown in FIG. 7, the method may include:
  • Step 701 The peripheral device receives a first access instruction corresponding to the channel group configuration space in the peripheral device.
  • the first access instruction includes: an access address of the channel group configuration space and a mode identifier of the service communication mode.
  • the first access instruction may be an instruction issued by a processor corresponding to the service communication mode; or an instruction issued by a peripheral device.
  • Step 702 The peripheral device receives a second access instruction corresponding to a management configuration space in the peripheral device sent by the processor corresponding to the communication management mode.
  • the second access instruction includes: an access address of the channel group configuration space.
  • Step 703 The peripheral device determines the channel group configuration space according to the access address of the channel group configuration space, associates the channel group configuration space with at least one channel, and configures the preset mode identifier for the channel group configuration space.
  • Step 704 The peripheral device checks the mode identifier of the service communication mode according to the preset mode identifier.
  • Step 705 If the preset mode identifier is the same as the mode identifier of the service communication mode, Then the peripheral determines that the mode identifier of the service communication mode is valid.
  • Step 706 If the mode identifier of the service communication mode is valid, the peripheral accepts access to the channel group configuration space.
  • the access isolation method provided by the foregoing Embodiment 1 or Embodiment 2 is described by using the specific example in this embodiment, and may be performed by the access isolation device provided in Embodiment 4, and the specific implementation process and beneficial effects thereof are the same as the foregoing embodiment. Similar, I will not repeat them here.
  • FIG. 8 is a flowchart of another access isolation method according to Embodiment 6 of the present invention. As shown in FIG. 8, the method can include:
  • Step 801 The memory receives a fourth access instruction sent by the peripheral, where the fourth access instruction includes: an access address of the memory, a mode identifier of the service communication mode, and a packet identifier of the service communication mode.
  • Step 802 The memory receives a fifth access instruction sent by a processor corresponding to the communication management mode; the fifth access instruction includes: an access address of the memory.
  • Step 803 The memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier and the preset packet identifier for the memory address segment.
  • Step 804 The memory verifies the mode identifier of the service communication mode according to the preset mode identifier.
  • Step 805 If the preset mode identifier is the same as the mode identifier of the service communication mode, the memory determines that the mode identifier of the service communication mode is valid.
  • Step 806 If the mode identifier of the service communication mode is valid, the memory checks the packet identifier of the service communication mode according to the preset packet identifier.
  • Step 807 If the preset packet identifier is the same as the packet identifier of the service communication mode, the memory determines that the packet identifier of the service communication mode is valid.
  • Step 808 If the mode identifier of the service communication mode and the packet identifier of the service communication mode are both valid, the memory accepts access of the peripheral to the memory.
  • the access isolation method provided by the foregoing embodiment 3 is described by using the specific example in the embodiment, and may be performed by the access isolation device provided in the foregoing fifth embodiment.
  • the specific implementation process and beneficial effects are similar to the foregoing embodiment. Let me repeat.
  • the foregoing program may be stored in a computer readable storage medium, and when executed, the program includes the steps of the foregoing method embodiment; and the foregoing storage medium includes: ROM, RAM A variety of media that can store program code, such as a disk or a disc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Embodiments of the present invention provide an access isolation method and apparatus. The access isolation method provided in the embodiments of the present invention comprises: a peripheral device receives a first access instruction corresponding to a channel group configuration space in the peripheral device, the first access instruction comprising an access address of the channel group configuration space and a mode identifier of a service communication mode; the peripheral device verifies the mode identifier of the service communication mode; and if the mode identifier of the service communication mode is valid, the peripheral device accepts access to the channel group configuration space. By means of the embodiments of the present invention, a peripheral device can realize physical isolation on access instructions of different service communication mode, thereby preventing mutual influence caused by abnormal running of concurrent software.

Description

访问隔离方法及装置Access isolation method and device 技术领域Technical field
本发明实施例涉及通信技术,尤其涉及一种访问隔离方法及装置。The embodiments of the present invention relate to communication technologies, and in particular, to an access isolation method and apparatus.
背景技术Background technique
在无线通讯领域的移动通信的网络设备,如基站内部的基带芯片上需要同时运行一个平台软件和至少两种无线通讯模式对应的基带业务软件。由于不同的基带业务软件实现的功能可能属于不同的无线通讯模式或归属不同的通信运营商,为提供更安全、可靠的通信业务服务,平台软件与基带业务软件、及基带业务软件之间的物理访问的隔离就成为一个非常重要的需求。A network device for mobile communication in the field of wireless communication, such as a baseband chip inside a base station, needs to simultaneously run one platform software and at least two baseband service software corresponding to the wireless communication mode. Since the functions implemented by different baseband service software may belong to different wireless communication modes or belong to different communication carriers, in order to provide safer and more reliable communication service services, the physical software between the platform software and the baseband service software and the baseband service software The isolation of access becomes a very important requirement.
当前多模基带芯片大多只在软件层面通过为并发软件配置不同的应用程序编程接口(Application Programming Interface,简称API),实现并发软件间的软件接口隔离。然而,若某一软件所调用的API,由于软件设计的缺陷会发生自动篡改,或是受到攻击者的恶意篡改,发生软件异常而导致物理实体的非法地址访问,可能还会导致其他软件的异常运行。At present, most of the multi-mode baseband chips are configured at the software level by configuring different application programming interfaces (APIs) for concurrent software to implement software interface isolation between concurrent software. However, if an API invoked by a software is automatically falsified due to a defect in the software design, or is maliciously tampered with by an attacker, a software exception may result in an illegal address access of the physical entity, which may also cause other software exceptions. run.
然而,无论对于外设还是内存,若仅根据软件接口进行并发软件的访问隔离,而该软件接口发生故障,便无法实现并发软件之间的隔离。当该并发软件中一个软件异常运行,可能会导致其他软件也异常运行,即并发软件间存在异常运行的相互影响。However, whether for peripherals or memory, if the access of the concurrent software is isolated based on the software interface, and the software interface fails, the isolation between the concurrent software cannot be achieved. When one of the software in the concurrent software runs abnormally, other software may also run abnormally, that is, the interaction between the concurrent software runs abnormally.
发明内容Summary of the invention
本发明实施例提供一种访问隔离方法及装置,以解决并发软件间存在异常运行的相互影响问题。The embodiment of the invention provides an access isolation method and device to solve the problem of mutual interaction between concurrent software.
第一方面,本发明实施例提供一种访问隔离方法,包括:In a first aspect, an embodiment of the present invention provides an access isolation method, including:
外设接收所述外设中的通道组配置空间对应的第一访问指令;所述第一访问指令包括:所述通道组配置空间的访问地址及业务通信模式的模式标识符; Receiving, by the peripheral device, a first access instruction corresponding to the channel group configuration space in the peripheral device; the first access instruction includes: an access address of the channel group configuration space and a mode identifier of a service communication mode;
所述外设对所述业务通信模式的模式标识符进行校验;The peripheral device verifies a mode identifier of the service communication mode;
若所述业务通信模式的模式标识符有效,则所述外设接受对所述通道组配置空间的访问。If the mode identifier of the service communication mode is valid, the peripheral accepts access to the channel group configuration space.
根据第一方面,在第一方面的第一种可能实现的方式中,所述外设对所述业务通信模式的模式标识符进行校验,包括:According to the first aspect, in a first possible implementation manner of the first aspect, the peripheral device performs verification on a mode identifier of the service communication mode, including:
所述外设根据预设模式标识符,对所述业务通信模式的模式标识符进行校验;The peripheral device verifies the mode identifier of the service communication mode according to the preset mode identifier;
若所述预设模式标识符与所述业务通信模式的模式标识符相同,则所述外设确定所述业务通信模式的模式标识符有效。If the preset mode identifier is the same as the mode identifier of the service communication mode, the peripheral determines that the mode identifier of the service communication mode is valid.
根据第一方面的第一种可能实现方式,在第二种可能实现的方式中,所述外设根据预设模式标识符,对所述业务通信模式的模式标识符进行校验之前,还包括:According to a first possible implementation manner of the first aspect, in a second possible implementation manner, the peripheral device, before verifying the mode identifier of the service communication mode according to the preset mode identifier, further includes :
所述外设接收通信管理模式对应的处理器发出的所述外设中管理配置空间对应的第二访问指令;所述第二访问指令包括:所述通道组配置空间的访问地址;The peripheral device receives a second access instruction corresponding to the management configuration space in the peripheral device issued by the processor corresponding to the communication management mode; the second access instruction includes: an access address of the channel group configuration space;
所述外设根据所述通道组配置空间的访问地址确定所述通道组配置空间,将所述通道组配置空间与至少一个通道进行关联,并为所述通道组配置空间配置所述预设模式标识符。Determining, by the peripheral device, the channel group configuration space according to the access address of the channel group configuration space, associating the channel group configuration space with at least one channel, and configuring the preset mode for the channel group configuration space Identifier.
根据第一方面,在第一方面的第三种可能实现的方式中,所述外设对所述业务通信模式的模式标识符进行校验,包括:According to a first aspect, in a third possible implementation manner of the first aspect, the peripheral device performs verification on a mode identifier of the service communication mode, including:
所述外设根据预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识;其中,所述预设模式标识组包括至少一个模式标识符;The peripheral device determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, where the preset mode identifier group includes at least one mode identifier;
若所述业务通信模式的模式标识符为所述预设模式标识组中的标识,则所述外设确定所述业务通信模式的模式标识符有效。If the mode identifier of the service communication mode is an identifier in the preset mode identification group, the peripheral device determines that the mode identifier of the service communication mode is valid.
根据第一方面的第三种可能实现的方式,在第四种可能实现的方式中,所述外设在根据预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识之前,还包括:According to a third possible implementation manner of the first aspect, in a fourth possible implementation manner, the peripheral device determines, according to the preset mode identifier group, whether a mode identifier of the service communication mode is the preset Before setting the identifier in the pattern identification group, it also includes:
所述外设接收所述外设中管理配置空间对应的第三访问指令;所述第三访问指令为通信管理模式对应的处理器发出的指令,所述第三访问指令包括: 所述通道组配置空间的访问地址;The peripheral device receives a third access instruction corresponding to the management configuration space in the peripheral device; the third access instruction is an instruction issued by a processor corresponding to the communication management mode, and the third access instruction includes: The access address of the channel group configuration space;
所述外设根据所述通道组配置空间的访问地址确定所述通道组配置空间,将所述通道组配置空间与至少一个通道进行关联,并为所述通道组配置空间配置所述预设模式标识组。Determining, by the peripheral device, the channel group configuration space according to the access address of the channel group configuration space, associating the channel group configuration space with at least one channel, and configuring the preset mode for the channel group configuration space Identification group.
根据第一方面至第一方面的第四种可能实现的方式中任意一种,在第五种可能实现的方式中,所述第一访问指令包括:所述业务通信模式对应的处理器发出的指令;或者,According to any one of the first aspect to the fourth possible implementation manner of the first aspect, in a fifth possible implementation manner, the first access instruction includes: a processor sent by the processor corresponding to the service communication mode Instruction; or,
所述第一访问指令包括:其他外设发出的指令。The first access instruction includes an instruction issued by another peripheral.
第二方面,本发明实施例提供一种访问隔离方法,包括:In a second aspect, an embodiment of the present invention provides an access isolation method, including:
内存接收外设发出的第四访问指令,所述第四访问指令包括:所述内存的访问地址、业务通信模式的模式标识符及所述业务通信模式的分组标识符;a fourth access instruction issued by the memory receiving peripheral, the fourth access instruction comprising: an access address of the memory, a mode identifier of a service communication mode, and a packet identifier of the service communication mode;
所述内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验;The memory sequentially checks a mode identifier of the service communication mode and a packet identifier of the service communication mode;
若所述业务通信模式的模式标识符及所述业务通信模式的分组标识符均有效,则所述内存接受所述外设对所述内存的访问。If the mode identifier of the service communication mode and the packet identifier of the service communication mode are both valid, the memory accepts access by the peripheral to the memory.
根据第二方面,在第二方面的第一种可能实现的方式中,所述内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验,包括:According to the second aspect, in a first possible implementation manner of the second aspect, the memory, in sequence, checks a mode identifier of the service communication mode and a packet identifier of the service communication mode, including:
所述内存根据预设模式标识符,对所述业务通信模式的模式标识符进行校验;The memory verifies the mode identifier of the service communication mode according to the preset mode identifier;
若所述预设模式标识符与所述业务通信模式的模式标识符相同,则所述内存确定所述业务通信模式的模式标识符有效;If the preset mode identifier is the same as the mode identifier of the service communication mode, the memory determines that the mode identifier of the service communication mode is valid;
若所述业务通信模式的模式标识符有效,则所述内存根据预设分组标识符,对所述业务通信模式的分组标识符进行校验;And if the mode identifier of the service communication mode is valid, the memory checks a packet identifier of the service communication mode according to a preset packet identifier;
若所述预设分组标识符与所述业务通信模式的分组标识符相同,则所述内存确定所述业务通信模式的分组标识符有效。If the preset packet identifier is the same as the packet identifier of the service communication mode, the memory determines that the packet identifier of the service communication mode is valid.
根据第二方面的第一种可能实现的方式,在第二种可能实现的方式中,所述内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验之前,还包括:According to a first possible implementation manner of the second aspect, in a second possible implementation manner, the memory sequentially checks a mode identifier of the service communication mode and a packet identifier of the service communication mode. Previously, it also included:
所述内存接收通信管理模式对应的处理器发出的第五访问指令;所述第 五访问指令包括:所述内存的访问地址;The memory receives a fifth access instruction issued by a processor corresponding to the communication management mode; The five access instructions include: an access address of the memory;
所述内存根据所述内存的访问地址确定所述内存的访问地址所属的内存地址段,并为所述内存地址段配置所述预设模式标识符及所述预设分组标识符。The memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier and the preset packet identifier for the memory address segment.
根据第二方面,在第二方面的第三种可能实现的方式中,所述内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验,包括:According to a second aspect, in a third possible implementation manner of the second aspect, the memory, in sequence, performs verification on a mode identifier of the service communication mode and a packet identifier of the service communication mode, including:
所述内存根据预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识;其中,所述预设模式标识组包括至少一个模式标识符;Determining, by the memory according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group; wherein the preset mode identifier group includes at least one mode identifier;
若所述业务通信模式的模式标识符为所述预设模式标识组中的标识,则所述内存确定所述业务通信模式的模式标识符有效;If the mode identifier of the service communication mode is an identifier in the preset mode identification group, the memory determines that a mode identifier of the service communication mode is valid;
若所述业务通信模式的模式标识符有效,则所述内存根据预设分组标识组,判断所述业务通信模式的分组标识符是否为所述预设分组标识组中的标识;其中,所述预设分组标识组包括至少一个分组标识符;If the mode identifier of the service communication mode is valid, the memory determines, according to the preset group identity group, whether the packet identifier of the service communication mode is an identifier in the preset group identity group; The preset group identification group includes at least one group identifier;
若所述业务通信模式的分组标识符为所述预设分组标识组中的标识,则所述内存确定所述业务通信模式的分组标识符有效。If the packet identifier of the service communication mode is an identifier in the preset packet identification group, the memory determines that the packet identifier of the service communication mode is valid.
根据第二方面的第三种可能实现的方式,在第四种可能实现的方式中,所述内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验之前,还包括:According to a third possible implementation manner of the second aspect, in a fourth possible implementation manner, the memory sequentially checks a mode identifier of the service communication mode and a packet identifier of the service communication mode. Previously, it also included:
所述内存接收通信管理模式对应的处理器发出的第六访问指令;所述第六访问指令包括:所述内存的访问地址;The memory receives a sixth access instruction issued by a processor corresponding to the communication management mode; the sixth access instruction includes: an access address of the memory;
所述内存根据所述内存的访问地址确定所述内存的访问地址所属的内存地址段,并为所述内存地址段配置所述预设模式标识组及所述预设分组标识组。The memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier group and the preset group identifier group for the memory address segment.
第三方面,本发明实施例提供一种访问隔离装置,所述访问隔离装置位于外设,所述访问隔离装置包括:接收端口、及校验模块;其中,所述接收端口与所述校验模块连接;In a third aspect, an embodiment of the present invention provides an access isolation device, where the access isolation device is located in a peripheral device, where the access isolation device includes: a receiving port, and a verification module; wherein the receiving port and the verification Module connection
所述接收端口,用于接收所述外设中的通道组配置空间对应的第一访问指令,并将所述第一访问指令发送至所述校验模块;所述第一访问指令包括: 所述通道组配置空间的访问地址及业务通信模式的模式标识符;The receiving port is configured to receive a first access instruction corresponding to a channel group configuration space in the peripheral device, and send the first access instruction to the verification module; the first access instruction includes: The access address of the channel group configuration space and the mode identifier of the service communication mode;
所述校验模块,用于对所述业务通信模式的模式标识符进行校验,若所述业务通信模式的模式标识符有效,则接受对所述通道组配置空间的访问。The verification module is configured to check a mode identifier of the service communication mode, and if the mode identifier of the service communication mode is valid, accept access to the channel group configuration space.
根据第三方面,在第三方面的第一种可能实现的方式中,所述校验模块,还用于对所述业务通信模式的模式标识符进行校验之前,根据预设模式标识符,对所述业务通信模式的模式标识符进行校验,若所述预设模式标识符与所述业务通信模式的模式标识符相同,则确定所述业务通信模式的模式标识符有效。According to the third aspect, in a first possible implementation manner of the third aspect, the verification module is further configured to: before the mode identifier of the service communication mode is verified, according to the preset mode identifier, And verifying the mode identifier of the service communication mode, and if the preset mode identifier is the same as the mode identifier of the service communication mode, determining that the mode identifier of the service communication mode is valid.
根据第三方面的第一种可能实现的方式,在第二种可能实现的方式中,所述接收端口,还用于在所述校验模块根据所述预设模式标识符,对所述业务通信模式的模式标识符进行校验之前,接收管理通道模式对应的处理器发送的所述外设中管理配置空间对应的第二访问指令;所述第二访问指令包括:所述通道组配置空间的访问地址;According to a first possible implementation manner of the third aspect, in a second possible implementation manner, the receiving port is further configured to: in the verifying module, the service according to the preset mode identifier Before the mode identifier of the communication mode is verified, receiving a second access instruction corresponding to the management configuration space in the peripheral device sent by the processor corresponding to the management channel mode; the second access instruction includes: the channel group configuration space Access address;
所述校验模块,还用于根据所述通道组配置空间的访问地址确定所述通道组配置空间,将所述通道组配置空间与至少一个通道进行关联,并为所述通道组配置空间配置所述预设模式标识符。The verification module is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and configure a space configuration for the channel group. The preset mode identifier.
根据第三方面,在第三方面的第三种可能实现的方式中,所述校验模块,还用于根据预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识,若所述业务通信模式的模式标识符为所述预设模式标识组中的标识,则确定所述业务通信模式的模式标识符有效;其中,所述预设模式标识组包括至少一个模式标识符。According to the third aspect, in a third possible implementation manner of the third aspect, the verification module is further configured to determine, according to the preset mode identifier group, whether the mode identifier of the service communication mode is the pre- An identifier in the mode identification group, if the mode identifier of the service communication mode is an identifier in the preset mode identification group, determining that the mode identifier of the service communication mode is valid; wherein the preset mode The identification group includes at least one mode identifier.
根据第三方面的第三种可能实现的方式,在第四种可能实现的方式中,所述接收端口,还用于在所述校验模块根据所述预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识之前,接收所述外设中管理配置空间对应的第三访问指令;所述第三访问指令为通信管理模式对应的处理器发出的指令,所述第三访问指令包括:所述通道组配置空间的访问地址;According to a third possible implementation manner of the third aspect, in a fourth possible implementation manner, the receiving port is further configured to determine, by the verification module, the service according to the preset mode identifier group Receiving a third access instruction corresponding to the management configuration space in the peripheral device before the mode identifier of the communication mode is the identifier in the preset mode identification group; the third access instruction is a processor corresponding to the communication management mode An issued instruction, where the third access instruction includes: an access address of the channel group configuration space;
所述校验模块,还用于根据所述通道组配置空间的访问地址确定所述通道组配置空间,将所述通道组配置空间与至少一个通道进行关联,并为所述通道组配置空间配置所述预设模式标识组。 The verification module is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and configure a space configuration for the channel group. The preset mode identifies a group.
根据第三方面至第三方面的第四种可能实现的方式中任意一种,在第五种可能实现的方式中,所述第一访问指令包括:所述业务通信模式对应的处理器发出的指令;或者,According to any one of the third aspect to the fourth possible implementation manner of the third aspect, in a fifth possible implementation manner, the first access instruction includes: a processor sent by the processor corresponding to the service communication mode Instruction; or,
所述第一访问指令包括:其他外设发出的指令。The first access instruction includes an instruction issued by another peripheral.
第四方面,本发明实施例提供一种访问隔离装置,所述访问隔离装置位于内存;所述访问隔离装置包括:接收端口,及校验模块;所述接收端口与所述校验模块连接;In a fourth aspect, an embodiment of the present invention provides an access isolation device, where the access isolation device is located in a memory; the access isolation device includes: a receiving port, and a verification module; and the receiving port is connected to the verification module;
所述接收端口,用于接收外设发出的第四访问指令,所述第四访问指令包括:所述内存的访问地址、业务通信模式的模式标识符及所述业务通信模式的分组标识符;The receiving port is configured to receive a fourth access instruction sent by the peripheral device, where the fourth access instruction includes: an access address of the memory, a mode identifier of a service communication mode, and a packet identifier of the service communication mode;
所述校验模块,用于依次对所述业务通信模式的模式标识符及所述通信模式的分组标识符进行校验,若所述业务通信模式的模式标识符及所述业务通信模式的分组标识符均有效,则接受所述外设对所述内存的访问。The verification module is configured to sequentially check a mode identifier of the service communication mode and a packet identifier of the communication mode, if a mode identifier of the service communication mode and a grouping of the service communication mode When the identifiers are both valid, the peripherals are accepted for access to the memory.
根据第四方面,在第四方面的第一种可能实现的方式中,所述校验模块,还用于根据预设模式标识符,对所述业务通信模式的模式标识符进行校验,若所述预设模式标识符与所述业务通信模式的模式标识符相同,则确定所述业务通信模式的模式标识符有效,若所述业务通信模式的模式标识符有效,根据预设分组标识符,对所述业务通信模式的分组标识符进行校验;若所述预设分组标识符与所述业务通信模式的分组标识符相同,则确定所述业务通信模式的分组标识符有效。According to a fourth aspect, in a first possible implementation manner of the fourth aspect, the verification module is further configured to verify, according to the preset mode identifier, a mode identifier of the service communication mode, if Determining that the mode identifier of the service communication mode is valid if the preset mode identifier is the same as the mode identifier of the service communication mode, and if the mode identifier of the service communication mode is valid, according to a preset packet identifier And verifying, by the packet identifier of the service communication mode; if the preset packet identifier is the same as the packet identifier of the service communication mode, determining that the packet identifier of the service communication mode is valid.
根据第四方面的第一种可能实现的方式,在第二种可能实现的方式中,所述接收端口,还用于在所述校验模块依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验之前,接收管理通信模式对应的处理器发出的第五访问指令,根据所述第五访问指令中的所述内存的访问地址,确定所述内存的访问所属的内存地址段,并为所述内存地址段配置所述预设模式标识符及所述预设分组标识符。According to a first possible implementation manner of the fourth aspect, in a second possible implementation manner, the receiving port is further configured to sequentially perform a mode identifier and a location identifier of the service communication mode in the verification module. Before verifying the packet identifier of the service communication mode, receiving a fifth access instruction issued by the processor corresponding to the management communication mode, and determining the access of the memory according to the access address of the memory in the fifth access instruction An associated memory address segment, and configuring the preset mode identifier and the preset packet identifier for the memory address segment.
根据第四方面,在第四方面的第三种可能实现的方式中,所述校验模块,还用于根据预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识,若所述业务通信模式的模式标识符为所述预设模式标识组中的标识,则确定所述业务通信模式的模式标识符有效,若所述 业务通信模式的模式标识符有效,则根据预设分组标识组,判断所述业务通信模式的分组标识符是否为所述预设分组标识组中的标识,若所述业务通信模式的分组标识符为所述预设分组标识组中的标识,则确定所述业务通信模式的分组标识符有效;其中,所述预设模式标识组包括至少一个模式标识符;所述预设分组标识组包括至少一个分组标识符。According to the fourth aspect, in a third possible implementation manner of the fourth aspect, the verification module is further configured to determine, according to the preset mode identifier group, whether the mode identifier of the service communication mode is the pre- Setting an identifier in the mode identifier group, if the mode identifier of the service communication mode is an identifier in the preset mode identifier group, determining that the mode identifier of the service communication mode is valid, if If the mode identifier of the service communication mode is valid, determining, according to the preset group identity group, whether the packet identifier of the service communication mode is an identifier in the preset group identity group, if the packet identifier of the service communication mode And determining, by the identifier in the group, the group identifier of the service communication mode is valid, where the preset mode identifier group includes at least one mode identifier; and the preset group identifier group includes at least A packet identifier.
根据第四方面的第三种可能实现的方式,在第四种可能实现的方式中,所述接收端口,还用于在所述校验模块依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验之前,接收管理通信模式对应的处理器发出的第六访问指令,并根据所述第六访问指令中的内存访问地址,根据所述内存访问地址确定所述内存访问地址所属的内存地址段,并为所述内存地址段配置所述预设模式标识组及所述预设分组标识组。According to a third possible implementation manner of the fourth aspect, in a fourth possible implementation manner, the receiving port is further configured to sequentially perform, in the verification module, a mode identifier and a location identifier of the service communication mode. Before verifying the packet identifier of the service communication mode, receiving a sixth access instruction issued by the processor corresponding to the management communication mode, and determining, according to the memory access address in the sixth access instruction, according to the memory access address The memory address segment to which the memory access address belongs, and the preset mode identifier group and the preset group identifier group are configured for the memory address segment.
本发明实施例提供的访问隔离方法及装置,由于外设可通过对接收到的访问指令中所携带的业务通信模式的模式标识符进行校验,仅在该业务通信模式的模式标识符有效的情况下,接受对该通道组配置空间的访问,从而保证外设仅可接受不同业务通信模式的访问指令的访问对应的通道组配置空间,实现外设对于接收到的不同业务通信模式的访问指令的隔离物理隔离,避免并发软件间异常运行的相互影响。The access isolation method and device provided by the embodiment of the present invention, because the peripheral device can verify the mode identifier of the service communication mode carried in the received access command, only the mode identifier of the service communication mode is valid. In case, the access to the channel group configuration space is accepted, so that the peripheral device can only accept the access channel group configuration space corresponding to the access instruction of the different service communication mode, and implement the access instruction of the peripheral for the received different service communication modes. The isolation of physical isolation avoids the interaction of abnormal operations between concurrent software.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.
图1为本发明实施例一所提供的访问隔离方法的流程图;FIG. 1 is a flowchart of an access isolation method according to Embodiment 1 of the present invention;
图2为本发明实施例二所提供的访问隔离方法的流程图;2 is a flowchart of an access isolation method according to Embodiment 2 of the present invention;
图3为本发明实施例二所提供的另一种访问隔离方法的流程图;3 is a flowchart of another access isolation method according to Embodiment 2 of the present invention;
图4为本发明实施例三所提供的访问隔离方法的流程图;4 is a flowchart of an access isolation method according to Embodiment 3 of the present invention;
图5为本发明实施例四所提供的访问隔离装置的结构示意图;FIG. 5 is a schematic structural diagram of an access isolation device according to Embodiment 4 of the present invention; FIG.
图6为本发明实施例五所提供的访问隔离装置的结构示意图; 6 is a schematic structural diagram of an access isolation device according to Embodiment 5 of the present invention;
图7为本发明实施例六所提供的一种访问隔离方法的流程图;FIG. 7 is a flowchart of an access isolation method according to Embodiment 6 of the present invention;
图8为本发明实施例六所提供的另一种访问隔离方法的流程图;FIG. 8 is a flowchart of another access isolation method according to Embodiment 6 of the present invention; FIG.
具体实施方式detailed description
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described in conjunction with the drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
图1为本发明实施例一所提供的访问隔离方法的流程图。本发明实施例所提供的方案适用于将移动通信的网络设备,如基站内部的外设所接收到的基带芯片上运行的不同业务通信模式对应的访问进行隔离的情况。在基站内部包括基板,其中该基板包括:基带芯片、外设及内存等。其中,该基带芯片包括至少一个处理器,其该处理器可以为中央处理器(Central Processing Unit,简称CPU)、或数字信号处理(Digital Signal Processing,简称DSP)模块。该内存例如可以为双倍速率同步动态随机存储器(Double Data Rate Synchronous Dynamic Random Access Memory,简称DDR SDRAM)。FIG. 1 is a flowchart of an access isolation method according to Embodiment 1 of the present invention. The solution provided by the embodiment of the present invention is applicable to a situation in which a network device of a mobile communication, such as an access corresponding to a different service communication mode running on a baseband chip received by a peripheral device in a base station, is isolated. A substrate is included inside the base station, wherein the substrate includes: a baseband chip, a peripheral device, a memory, and the like. The baseband chip includes at least one processor, and the processor may be a central processing unit (CPU) or a digital signal processing (DSP) module. The memory may be, for example, a Double Data Rate Synchronous Dynamic Random Access Memory (DDR SDRAM).
该不同业务通信模式对应的基带业务软件可以是在该基带芯片内部的处理器上运行,通过调用对应的执行程序,触发该基站内部对应的模块向被访问模块发送访问指令,从而实现该基站内部不同模块之间的相互访问。该方法可由访问隔离装置执行,该访问隔离装置可位于外设中。如图1所示,该方法具体包括如下:The baseband service software corresponding to the different service communication mode may be run on a processor inside the baseband chip, and the corresponding module in the base station is triggered to send an access instruction to the accessed module by calling a corresponding execution program, thereby implementing the internal base station. Mutual access between different modules. The method can be performed by an access isolation device, which can be located in a peripheral device. As shown in FIG. 1, the method specifically includes the following:
步骤101、外设接收该外设中的通道组配置空间对应的第一访问指令;该第一访问指令包括:该通道组配置空间的访问地址及业务通信模式的模式标识符。Step 101: The peripheral device receives a first access instruction corresponding to the channel group configuration space in the peripheral device. The first access instruction includes: an access address of the channel group configuration space and a mode identifier of the service communication mode.
具体地,该外设例如可以为基站内部基带处理芯片上的输入输出端口、存储、硬件加速器等。该业务通信模式可以为无线接入类型(Radio Access Type,简称RAT)。在本发明实施例中该RAT例如可以为不同通信网络制式对应的接入类型。该不同通信制式例如可以第二代(2nd Generation,简称2G)通信系统中的全球移动通信系统(Global System for Mobile  Communications,简称GSM)、码分多址接入(Code Division Multiple Access,简称CDMA)系统、或时分多址接入(Time Division Multiple Access,简称TDMA)系统,还可以第三代(3rd Generation,简称3G)通信系统中的CDMA2000系统、宽带码分多址接入(Wide band Code Division Multiple Access,简称WCDMA)系统或时分同步码分多址接入(Time Division-Synchronous Code Division Multiple Access,简称TD-SCDMA)系统、全球互通微波接入(Worldwide Interoperability for Microwave Access,简称WiMAX)系统,也还可以为第四代(4th Generation,简称4G)通信系统或更高级别的通信系统。其中,该4G通信系统可以为分时长期演进(Time Division Long Term Evolution,简称TD-LTE)系统、或频分双工长期演进(Frequency Division Duplexing Long Term Evolution,简称FDD-LTE)系统。Specifically, the peripheral device may be, for example, an input/output port, a storage, a hardware accelerator, or the like on a baseband processing chip in the base station. The service communication mode may be a radio access type (RAT). In the embodiment of the present invention, the RAT may be, for example, an access type corresponding to different communication network standards. The different communication system can be, for example, a Global System for Mobile in a 2nd Generation (2G) communication system (Global System for Mobile) Communications, referred to as GSM), Code Division Multiple Access (CDMA) system, or Time Division Multiple Access (TDMA) system, can also be third generation (3rd Generation, referred to as 3G) CDMA2000 system in communication system, Wideband Code Division Multiple Access (WCDMA) system or Time Division-Synchronous Code Division Multiple Access (TD-) The SCDMA system, the Worldwide Interoperability for Microwave Access (WiMAX) system, or the 4th Generation (4G) communication system or higher. The 4G communication system may be a Time Division Long Term Evolution (TD-LTE) system or a Frequency Division Duplexing Long Term Evolution (FDD-LTE) system.
该外设中的通道组配置空间可以为根据基站所支持的业务通信模式的个数,将该外设中预设空间按照地址段的形式进行划分所获得的具有预设地址范围的空间。该外设中一个通道组配置空间对应至少一个业务通信模式,其具有该预设地址范围的通道组配置空间仅可接受对应业务通信模式的访问。The channel group configuration space in the peripheral device may be a space with a preset address range obtained by dividing the preset space in the peripheral device according to the address segment according to the number of service communication modes supported by the base station. One channel group configuration space in the peripheral device corresponds to at least one service communication mode, and the channel group configuration space with the preset address range can only accept access corresponding to the service communication mode.
该第一访问指令中所包括的该通道组配置空间的访问地址可以为该通道组配置空间所对应的地址范围中的任一地址。该第一访问指令中所包括的业务通信模式的模式标识符可以为RAT标识。该RAT标识例如可以为该业务通信模式对应的虚拟模式标识符(Virtual Mode ID,简称VMID)。假设该基站支持两种业务通信模式,那么在该实施例中该外设中至少存储与该两种业务通信模式与其对应的标识符,如VMID的对应关系表。该两种业务通信模式对应的标识符可以分别通过一位二进制数字0和1表示。假设该基站支持四种业务通信模式,那么在该实施例中该四种业务通信模式对应的标识符,可以分别通过二位二进制数字00、01、10及11表示。The access address of the channel group configuration space included in the first access instruction may be any one of the address ranges corresponding to the channel group configuration space. The mode identifier of the service communication mode included in the first access instruction may be a RAT identifier. The RAT identifier may be, for example, a virtual mode identifier (VMID) corresponding to the service communication mode. Assuming that the base station supports two service communication modes, in this embodiment, at least the identifier corresponding to the two service communication modes, such as a VMID correspondence table, is stored in the peripheral device. The identifiers corresponding to the two service communication modes can be represented by one binary digits of 0 and 1, respectively. Assuming that the base station supports four service communication modes, the identifiers corresponding to the four service communication modes in this embodiment may be represented by two binary digits 00, 01, 10, and 11, respectively.
该外设例如可以通过其内部的信令接收端口所接收的该第一访问指令。该信令接收端口例如可以为该外设中的从接口,对应的,该外设中至少还包括主接口,用于向该基站中其他模块或结构发送访问指令。The peripheral can receive the first access command, for example, via its internal signaling receiving port. The signaling receiving port may be, for example, a slave interface in the peripheral device. Correspondingly, the peripheral device further includes at least a master interface for sending access commands to other modules or structures in the base station.
步骤102、该外设对该业务通信模式的模式标识符进行校验。Step 102: The peripheral checks the mode identifier of the service communication mode.
具体地,该外设对该业务通信模式的模式标识符进行校验,可以是根据预设的业务通信模式与模式标识符的对应关系表,对该第一访问指令中所包 括的该业务通信模式的模式标识符进行校验,从而判断该通道组配置空间是否为该业务通信模式相对应的配置空间。Specifically, the peripheral device verifies the mode identifier of the service communication mode, and may be a correspondence table between the preset service communication mode and the mode identifier, and is included in the first access instruction. The mode identifier of the service communication mode is checked to determine whether the channel group configuration space is a configuration space corresponding to the service communication mode.
步骤103、若该业务通信模式的模式标识符有效,则该外设接受对该通道组配置空间的访问。Step 103: If the mode identifier of the service communication mode is valid, the peripheral accepts access to the channel group configuration space.
具体地,该业务通信模式的模式标识符有效,也就是说该通道组配置空间为该业务通信模式对应的配置空间,因而,该外设接受对该通道组配置空间的访问,即该外设允许该第一访问指令访问该通道组配置空间。对于业务通信模式的模式标识符无效的情况下,也就是说,该通道组配置空间并非该业务通信模式对应的配置空间,因而该外设需拒绝该第一访问指令访问该通道组配置空间,并发出错误警告。Specifically, the mode identifier of the service communication mode is valid, that is, the channel group configuration space is a configuration space corresponding to the service communication mode, and thus, the peripheral accepts access to the channel group configuration space, that is, the peripheral device. The first access instruction is allowed to access the channel group configuration space. In the case that the mode identifier of the service communication mode is invalid, that is, the channel group configuration space is not the configuration space corresponding to the service communication mode, the peripheral device needs to reject the first access instruction to access the channel group configuration space. And issued an error warning.
在本发明实施例提供的访问隔离方法中,由于外设可通过对接收到的访问指令中所携带的业务通信模式的模式标识符进行校验,仅在该业务通信模式的模式标识符有效的情况下,接受对该外设的通道组配置空间的访问,从而保证外设仅可允许不同业务通信模式的访问指令的访问对应的通道组配置空间,实现外设对于接收到的不同业务通信模式的访问指令的隔离物理隔离,避免并发软件间异常运行的相互影响。In the access isolation method provided by the embodiment of the present invention, since the peripheral device can verify the mode identifier of the service communication mode carried in the received access command, only the mode identifier of the service communication mode is valid. In this case, access to the channel group configuration space of the peripheral is accepted, thereby ensuring that the peripheral can only allow access to the corresponding channel group configuration space of the access instruction of different service communication modes, and realize the different service communication modes of the peripheral for receiving. The isolation of the access instructions is physically isolated to avoid the interaction of abnormal operations between concurrent software.
实施例二Embodiment 2
本发明实施例还提供一种访问隔离方法。图2为本发明实施例二所提供的访问隔离方法的流程图。如图2所示,该实施例所提供的访问隔离方法在上述实施例所述方法的基础上,其中步骤102该外设对该业务通信模式的模式标识符进行校验,可以包括:The embodiment of the invention further provides an access isolation method. FIG. 2 is a flowchart of an access isolation method according to Embodiment 2 of the present invention. As shown in FIG. 2, the access isolation method provided in this embodiment is based on the method in the foregoing embodiment, wherein the step 102 performs verification on the mode identifier of the service communication mode, which may include:
步骤201、该外设根据预设模式标识符,对该业务通信模式的模式标识符进行校验。Step 201: The peripheral device verifies the mode identifier of the service communication mode according to the preset mode identifier.
步骤202、若该预设模式标识符与该业务通信模式的模式标识符相同,则该外设确定该业务通信模式的模式标识符有效。Step 202: If the preset mode identifier is the same as the mode identifier of the service communication mode, the peripheral determines that the mode identifier of the service communication mode is valid.
具体的,若外设中一个通道组配置空间对应一个业务通信模式,该预设模式标识符为该一个业务通信模式对应的模式标识符。因而,该外设根据该预设模式标识符对业务通信模式的模式标识符,也就是该第一访问指令中所包括的模式标识符进行校验。该外设例如可以是通过比较该预设模式标识符与该业务通信模式的模式标识符是否相同,从而实现对该业务通信模式的模 式标识符进行校验。若该预设模式标识符与该业务通信模式的模式标识符相同,则该外设可确定该业务通信模式的模式标识符有效,对应的,若不同,则该外设可确定该业务通信模式的模式标识符无效。Specifically, if a channel group configuration space in the peripheral device corresponds to a service communication mode, the preset mode identifier is a mode identifier corresponding to the one service communication mode. Thus, the peripheral device verifies the mode identifier of the service communication mode, that is, the mode identifier included in the first access instruction, according to the preset mode identifier. The peripheral device may be configured to compare whether the preset mode identifier is the same as the mode identifier of the service communication mode, thereby implementing a mode of the service communication mode. The identifier is verified. If the preset mode identifier is the same as the mode identifier of the service communication mode, the peripheral device may determine that the mode identifier of the service communication mode is valid, and if not, the peripheral may determine the service communication mode. The mode identifier is invalid.
可选的,在上述步骤201该外设根据预设模式标识符,对该业务通信模式的模式标识符进行校验之前,该方法还包括:Optionally, before the peripheral device checks the mode identifier of the service communication mode according to the preset mode identifier, the method further includes:
步骤201a、该外设接收通信管理模式对应的处理器发出的该外设中管理配置空间对应的第二访问指令;该第二访问指令包括:该通道组配置空间的访问地址。In step 201, the peripheral device receives a second access instruction corresponding to the management configuration space in the peripheral device issued by the processor corresponding to the communication management mode; the second access instruction includes: an access address of the channel group configuration space.
具体地,该通信管理模式可以为该业务通信对应的基带业务软件的运行管理平台,该运行管理平台可为该业务通信模式对应的基带业务软件提供运行的操作系统平台。Specifically, the communication management mode may be an operation management platform of the baseband service software corresponding to the service communication, and the operation management platform may provide a running operating system platform for the baseband service software corresponding to the service communication mode.
该通信管理模式对应的处理器,可以为该通信管理模式对应的平台软件所运行的基带芯片上的任一处理器,如CPU。The processor corresponding to the communication management mode may be any processor on the baseband chip operated by the platform software corresponding to the communication management mode, such as a CPU.
该外设中的管理配置空间例如可以为该外设中该通信管理模式对应的具有预设地址范围的空间。该外设仅允许通信管理模式对应的访问指令对该管理配置空间进行访问,也就是说,该第二访问指令中至少还包括:该管理配置空间对应的访问地址。The management configuration space in the peripheral device may be, for example, a space having a preset address range corresponding to the communication management mode in the peripheral device. The peripheral device only allows the access instruction corresponding to the communication management mode to access the management configuration space, that is, the second access instruction further includes: an access address corresponding to the management configuration space.
步骤201b、该外设根据该通道组配置空间的访问地址确定该通道组配置空间,将该通道组配置空间与至少一个通道进行关联,并为该通道组配置空间配置该预设模式标识符。 Step 201b: The peripheral device determines the channel group configuration space according to the access address of the channel group configuration space, associates the channel group configuration space with at least one channel, and configures the preset mode identifier for the channel group configuration space.
具体地,不同的通道可以为外设中实现不同的功能的结构或模块。将该通道组配置空间与至少一个通道进行关联,也就是说,该通道组配置空间对对应的地址范围划分为至少一个地址段,其中,不同地址段可分别与不同的通道进行对应,以使得访问该通道组配置空间中某个地址,可通过该地址对应的通道实现对应的功能。该外设将通道组配置空间与至少一个通道进行关联,可以通过在外设侧建立通道组配置空间与通道组的对应关系表,在该对应关系表中一个通道组配置空间对应至少一个通道。同时该外设还为该通道组配置该预设模式标识符,也就是说,在本实施例方案中同一通道组配置空间中的至少一个通道具有相同的一个模式标识符,一个模式标识符对应一种业务通信模式。 In particular, different channels may be structures or modules that implement different functions in the peripheral. The channel group configuration space is associated with at least one channel, that is, the channel group configuration space divides the corresponding address range into at least one address segment, wherein different address segments can respectively correspond to different channels, so that Accessing an address in the channel group configuration space can implement the corresponding function through the channel corresponding to the address. The peripheral device associates the channel group configuration space with the at least one channel, and the channel group configuration space and the channel group correspondence table are established on the peripheral side, where one channel group configuration space corresponds to at least one channel. At the same time, the peripheral device also configures the preset mode identifier for the channel group, that is, in the solution of the embodiment, at least one channel in the same channel group configuration space has the same mode identifier, and a mode identifier corresponds to A business communication mode.
本实施例还提供一种可替代的访问隔离方案。图3为本发明实施例二所提供的另一种访问隔离方法的流程图。如图3所示,该实施例所提供的访问隔离方法在上述实施例所述方法的基础上,其中步骤102该外设对该业务通信模式的模式标识符进行校验,还可以是包括:This embodiment also provides an alternative access isolation scheme. FIG. 3 is a flowchart of another access isolation method according to Embodiment 2 of the present invention. As shown in FIG. 3, the access isolation method provided by the embodiment is based on the method in the foregoing embodiment, wherein the peripheral device performs the verification of the mode identifier of the service communication mode in step 102, and may further include:
步骤301、该外设根据预设模式标识组,判断该业务通信模式的模式标识符是否为该预设模式标识组中的标识;其中,该预设模式标识组包括至少一个模式标识符。Step 301: The peripheral device determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, where the preset mode identifier group includes at least one mode identifier.
步骤302、若该业务通信模式的模式标识符为该预设模式标识组中的标识,该外设确定该业务通信模式的模式标识符有效。Step 302: If the mode identifier of the service communication mode is an identifier in the preset mode identification group, the peripheral determines that the mode identifier of the service communication mode is valid.
具体地,若外设中一个通道组配置空间对应一个业务通信模式,该预设模式标识组所包括的至少一个模式标识符,对应该一个业务通信模式。该外设根据该预设模式标识组,判断该业务通信模式的模式标识符是否为该预设模式标识组中的标识,可以是在该预设模式标识组中对该业务通信模式的模式标识符进行检索。若可以检索到,则该业务通信模式的模式标识符为该预设模式标识组中的标识,即该业务通信模式的模式标识符有效。对应的,若未检索到,则该业务通信模式的模式标识符无效。Specifically, if a channel group configuration space in the peripheral device corresponds to a service communication mode, the preset mode identifies at least one mode identifier included in the group, corresponding to a service communication mode. The peripheral device determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, and may be a mode identifier of the service communication mode in the preset mode identifier group. The symbol is searched. If it can be retrieved, the mode identifier of the service communication mode is the identifier in the preset mode identification group, that is, the mode identifier of the service communication mode is valid. Correspondingly, if not retrieved, the mode identifier of the service communication mode is invalid.
可选的,在上述步骤301中该外设在根据预设模式标识组,判断该业务通信模式的模式标识符是否为该预设模式标识组中的标识之前,该方法还包括:Optionally, in the foregoing step 301, the peripheral device determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is the identifier in the preset mode identifier group, the method further includes:
步骤301a、该外设接收该外设中管理配置空间对应的第三访问指令;该第三访问指令为通信管理模式对应的处理器发出的指令,该第三访问指令包括:该通道组配置空间的访问地址。 Step 301a: The peripheral device receives a third access instruction corresponding to the management configuration space in the peripheral device; the third access instruction is an instruction issued by a processor corresponding to the communication management mode, and the third access instruction includes: the channel group configuration space Access address.
步骤301b、该外设根据该通道组配置空间的访问地址确定该通道组配置空间,将该通道组配置空间与至少一个通道进行关联,并为该通道组配置空间配置该预设模式标识组。 Step 301b: The peripheral device determines the channel group configuration space according to the access address of the channel group configuration space, associates the channel group configuration space with at least one channel, and configures the preset mode identifier group for the channel group configuration space.
具体地,该根据预设模式标识组进行校验的方案与上述根据预设模式标识符校验的方案类似,其中,该步骤301b与上述步骤302b类似,区别仅在于为该通道组配置空间配置该预设模式标识组,也就是配置至少一个模式标识符。Specifically, the solution for verifying according to the preset mode identifier group is similar to the foregoing scheme for verifying according to the preset mode identifier, wherein the step 301b is similar to the foregoing step 302b, except that the space configuration is configured for the channel group. The preset mode identifies the group, that is, configures at least one mode identifier.
在如上所述实施例方案的基础上,进一步地,该第一访问指令包括:该 业务通信模式对应的处理器发出的指令。Based on the solution of the embodiment described above, further, the first access instruction includes: The instruction sent by the processor corresponding to the business communication mode.
具体地,该业务通信模式对应的处理器,可以为该业务通信模式对应的基带业务软件所运行的基带芯片上的至少一个处理器,其中,每个处理器对应该业务通信模式的一种实现功能。该第一访问指令包括该业务通信模式对应的处理器发出的指令,也就是说本发明实施例可对处理器访问外设中通道配置空间的不同业务通信模式的隔离。Specifically, the processor corresponding to the service communication mode may be at least one processor on a baseband chip operated by the baseband service software corresponding to the service communication mode, where each processor corresponds to an implementation of a service communication mode. Features. The first access instruction includes an instruction issued by a processor corresponding to the service communication mode, that is, the embodiment of the present invention can isolate the different service communication modes of the channel configuration space in the peripheral access of the processor.
可替代地,该第一访问指令包括:其他外设发出的指令。Alternatively, the first access instruction includes instructions issued by other peripherals.
具体地,若该第一访问指令包括其他外设发出的指令,那么本发明实施例还可对其他外设访问该外设中通道组配置空间的不同业务通信模式的隔离。Specifically, if the first access instruction includes an instruction issued by another peripheral, the embodiment of the present invention may also isolate other peripherals from accessing different service communication modes of the channel group configuration space in the peripheral.
本发明实施例,通过两种不同的业务通信模式的模式标识符的校验,提供访问隔离方法的多种可实现方案。同时由于该第一访问指令包括该业务通信模式对应的处理器发出的指令,或其他外设发出的指令,因而本实施例方案还可提供多种不同物理结构间相互访问的通信模式隔离方案,该访问隔离方案的适用性更广。In the embodiment of the present invention, multiple achievable solutions of the access isolation method are provided by verifying the mode identifiers of two different service communication modes. At the same time, since the first access instruction includes an instruction issued by a processor corresponding to the service communication mode, or an instruction issued by another peripheral device, the solution of the embodiment may also provide a communication mode isolation scheme in which a plurality of different physical structures access each other. This access isolation scheme is more versatile.
实施例三Embodiment 3
本发明实施例三还提供一种访问隔离方法。该方法可由访问隔离装置执行,该访问隔离装置可位于内存中。图4为本发明实施例三所提供的访问隔离方法的流程图。如图4所示,该方法具体可包括如下步骤:Embodiment 3 of the present invention further provides an access isolation method. The method can be performed by an access isolation device that can be located in memory. FIG. 4 is a flowchart of an access isolation method according to Embodiment 3 of the present invention. As shown in FIG. 4, the method may specifically include the following steps:
步骤401、内存接收外设发出的第四访问指令,该第四访问指令包括:该内存的访问地址、业务通信模式的模式标识符及该业务通信模式的分组标识符。Step 401: The memory receives a fourth access instruction sent by the peripheral, where the fourth access instruction includes: an access address of the memory, a mode identifier of the service communication mode, and a packet identifier of the service communication mode.
具体地,该外设包括该业务通信模式对应的至少一个通道组,其中,每个通道组对应该业务通信模式的一种实现功能。在该步骤401中该内存结合收到的该第四访问指令,则可以为该外设发出的指令。若该外设需访问该内存,以实现预设通信模式的预设功能,则该第四访问指令中需包括:业务通信模式的模式标识符及该业务通信模式的分组标识符。Specifically, the peripheral device includes at least one channel group corresponding to the service communication mode, wherein each channel group corresponds to an implementation function of the service communication mode. In the step 401, the memory, in combination with the received fourth access instruction, may be an instruction issued by the peripheral. If the peripheral needs to access the memory to implement the preset function of the preset communication mode, the fourth access instruction includes: a mode identifier of the service communication mode and a packet identifier of the service communication mode.
其中,该业务通信模式的模式标识符可以为上述实施例中所述的虚拟模式标识符,在此不再赘述。该业务通信模式的分组标识符(Group ID)可以根据该业务通信模式的所需实现的功能对应的标识。该分组标识符可以通过 该功能的标识或指示信息表示,还可以通过预设地址标识表示,该预设地址标识与该业务通信模式所需实现的功能相对应。The mode identifier of the service communication mode may be the virtual mode identifier described in the foregoing embodiment, and details are not described herein again. The packet identifier (Group ID) of the service communication mode may be an identifier corresponding to a function required to be implemented by the service communication mode. The packet identifier can pass The identifier or indication information of the function may also be represented by a preset address identifier, which corresponds to a function required to be implemented by the service communication mode.
步骤402、该内存依次对该业务通信模式的模式标识符及该业务通信模式的分组标识符进行校验。Step 402: The memory sequentially checks the mode identifier of the service communication mode and the packet identifier of the service communication mode.
步骤403、若该业务通信模式的模式标识符及该业务通信模式的分组标识符均有效,则该内存接受该外设对该内存的访问。Step 403: If the mode identifier of the service communication mode and the packet identifier of the service communication mode are both valid, the memory accepts access of the peripheral to the memory.
具体地,该内存对该业务通信模式的模式标识符进行校验,实际是校验该第四访问指令所包括的该内存的访问地址是否为该业务通信模式所对应的预设地址段。该内存对业务通信模式的分组标识符进行校验,实际是校验该第四访问指令所包括的该内存的访问地址是否为实现该业务通信模式中某一实现功能所对应的预设地址段。因而,该内存依次对该业务通信模式的模式标识符及分组标识符进行校验,实际是对该内存的访问地址进行业务通信模式的校验,在此基础上,在此进行该业务通信模式的相应功能的校验。该实施例方案仅在该业务通信模式的模式标识符及该业务通信模式的分组标识符均有效的情况下,该内存才接受该第四访问指令访问该内存的访问地址。若否,则该内存拒绝该第四访问指令访问该内存的访问地址,并发出错误警告。Specifically, the memory checks the mode identifier of the service communication mode, and actually checks whether the access address of the memory included in the fourth access instruction is a preset address segment corresponding to the service communication mode. The memory verifies the packet identifier of the service communication mode, and actually checks whether the access address of the memory included in the fourth access instruction is a preset address segment corresponding to an implementation function in the service communication mode. . Therefore, the memory sequentially checks the mode identifier and the packet identifier of the service communication mode, and actually checks the service communication mode of the access address of the memory, and based on this, performs the service communication mode here. Verification of the corresponding function. In this embodiment, only when the mode identifier of the service communication mode and the packet identifier of the service communication mode are valid, the memory accepts the access address of the memory by the fourth access instruction. If not, the memory rejects the fourth access instruction accessing the memory access address and issues an error warning.
本实施例方案,通过内存依次对接收到的外设发出的访问指令中包括的该业务通信模式的模式标识符及分组标识符进行校验,仅在该模式标识符及该分组标识符均有效的情况下,接受该外设对该内存的访问,在保证外设对内存访问的业务通信模式的隔离的基础上,还可针对该业务通信模式的实现功能进行更精细化的隔离,避免并发软件间异常运行的相互影响。In this embodiment, the mode identifier and the packet identifier of the service communication mode included in the access instruction sent by the received peripheral are sequentially verified by the memory, and only the mode identifier and the packet identifier are valid. In the case of accepting the access of the peripheral to the memory, on the basis of ensuring the isolation of the service communication mode of the peripheral access to the memory, the function of the service communication mode can be further finely isolated to avoid concurrent The interaction between abnormal operations between software.
在上述实施例方案的基础上,进一步地,其中步骤402中该内存依次对该业务通信模式的模式标识符及该业务通信模式的分组标识符进行校验,具体可以包括:On the basis of the foregoing embodiment, the memory in the step 402 is used to check the mode identifier of the service communication mode and the packet identifier of the service communication mode, which may include:
该内存根据预设模式标识符,对该业务通信模式的模式标识符进行校验。The memory verifies the mode identifier of the service communication mode according to the preset mode identifier.
若该预设模式标识符与该业务通信模式的模式标识符相同,则该内存确定所述业务通信模式的模式标识符有效。If the preset mode identifier is the same as the mode identifier of the service communication mode, the memory determines that the mode identifier of the service communication mode is valid.
若该业务通信模式的模式标识符有效,则该内存根据预设分组标识符,对该业务通信模式的分组标识符进行校验。If the mode identifier of the service communication mode is valid, the memory checks the packet identifier of the service communication mode according to the preset packet identifier.
若该预设分组标识符与该业务通信模式的分组标识符相同,则该内存确 定该业务通信模式的分组标识符有效。If the preset packet identifier is the same as the packet identifier of the service communication mode, the memory is indeed The packet identifier of the service communication mode is valid.
具体地,该内存依次对该业务通信模式的模式标识符及分组标识符的校验,可以是先校验该业务通信模式的模式标识符,在该业务通信模式的模式标识符有效的情况下,再进行该业务通信模式的分组标识符的校验,此时,若该该业务通信模式的分组标识符有效,则该内存可确定该业务通信模式的模式标识符及分组标识符均有效。Specifically, the memory sequentially checks the mode identifier and the packet identifier of the service communication mode, and may be a mode identifier that first checks the service communication mode, where the mode identifier of the service communication mode is valid. Then, the packet identifier of the service communication mode is verified. At this time, if the packet identifier of the service communication mode is valid, the memory can determine that the mode identifier and the packet identifier of the service communication mode are valid.
可选的,在步骤402中内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验之前,还包括:Optionally, before the verifying, in step 402, the mode identifier of the service communication mode and the packet identifier of the service communication mode, the method further includes:
该内存接收通信管理模式对应的处理器发出的第五访问指令;该第五访问指令包括:该内存的访问地址。The memory receives a fifth access instruction issued by a processor corresponding to the communication management mode; the fifth access instruction includes: an access address of the memory.
该内存根据该内存的访问地址确定该内存的访问地址所属的内存地址段,并为该内存地址段配置该预设模式标识符及该预设分组标识符。The memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier and the preset packet identifier for the memory address segment.
具体地,该内存包括至少一个内存组,每个内存组包括至少一个内存地址段,每个内存地址段对应一种业务通信模式的一种实现功能。实际上,每个内存组也是以地址段的形式存在,只是该内存组所包括的地址段的地址范围要小于该内存的地址段的地址范围,也就是说,该内存组的地址段的地址范围属于内存的地址段的地址范围内。Specifically, the memory includes at least one memory group, each memory group includes at least one memory address segment, and each memory address segment corresponds to an implementation function of a service communication mode. In fact, each memory group also exists in the form of an address segment, except that the address range of the address segment included in the memory group is smaller than the address range of the address segment of the memory, that is, the address of the address segment of the memory group. The range is within the address range of the address segment of the memory.
该内存根据接收到的通信管理模式对应的处理器发出的第五访问指令,对该内存中的该内存地址段配置该预设模式标识符及该预设分组标识符实际是将不同的内存地址段与该业务通信模式及该业务通信模式的实现功能进行关联,使得该内存的该内存地址段的访问即可实现对应的该业务通信模式的实现功能。The memory allocates the preset mode identifier to the memory address segment in the memory according to the fifth access instruction sent by the processor corresponding to the received communication management mode, and the preset packet identifier is actually a different memory address. The segment is associated with the service communication mode and the implementation function of the service communication mode, so that the access of the memory address segment of the memory can implement the corresponding implementation function of the service communication mode.
可替代地,上述方案的步骤402中该内存依次对该业务通信模式的模式标识符及该业务通信模式的分组标识符进行校验,可以包括:Alternatively, in step 402 of the foregoing solution, the memory sequentially verifies the mode identifier of the service communication mode and the packet identifier of the service communication mode, and may include:
该内存根据预设模式标识组,判断该业务通信模式的模式标识符是否为该预设模式标识组中的标识;其中,该预设模式标识组包括至少一个模式标识符。The memory determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, where the preset mode identifier group includes at least one mode identifier.
若该业务通信模式的模式标识符为该预设模式标识组中的标识,则该内存确定该业务通信模式的模式标识符有效。If the mode identifier of the service communication mode is an identifier in the preset mode identification group, the memory determines that the mode identifier of the service communication mode is valid.
若该业务通信模式的模式标识符有效,则该内存根据预设分组标识组, 判断该业务通信模式的分组标识符是否为该预设分组标识组中的标识;其中,该预设分组标识组包括至少一个分组标识符。If the mode identifier of the service communication mode is valid, the memory identifies the group according to the preset group. Determining whether the packet identifier of the service communication mode is an identifier in the preset packet identification group; wherein the preset packet identification group includes at least one packet identifier.
若该业务通信模式的分组标识符为该预设分组标识组中的标识,则该内存确定该业务通信模式的分组标识符有效。If the packet identifier of the service communication mode is an identifier in the preset packet identification group, the memory determines that the packet identifier of the service communication mode is valid.
具体地,该内存根据预设模式标识组及预设分组标识组对该第五访问指令中所包括的该业务通信模式的模式标识符及该业务通信模式的分组标识符进行校验的具体实现过程与上述实施例中,该外设对该第一访问指令中的该业务通信模式的模式标识符的校验类似,其区别仅在于,在本实施例方案该内存在该业务通信模式的标识符有效的情况下,还需校验该业务通信模式的分组标识符,其相似部分在此不再赘述。Specifically, the memory is configured to verify, according to the preset mode identifier group and the preset group identifier group, the mode identifier of the service communication mode included in the fifth access instruction and the packet identifier of the service communication mode. In the foregoing embodiment, the peripheral device is similar to the mode identifier of the service communication mode in the first access instruction, and the difference is only in the solution of the service communication mode in the solution in this embodiment. In the case where the character is valid, the packet identifier of the service communication mode needs to be verified, and a similar part thereof will not be described herein.
进一步对,上述方案的步骤402中该内存依次对该业务通信模式的模式标识符及该业务通信模式的分组标识符进行校验之前,该方法还可包括:Further, before the memory in step 402 of the foregoing solution sequentially verifies the mode identifier of the service communication mode and the packet identifier of the service communication mode, the method may further include:
该内存接收通信管理模式对应的处理器发出的第六访问指令;该第六访问指令包括:该内存的访问地址。The memory receives a sixth access instruction issued by a processor corresponding to the communication management mode; the sixth access instruction includes: an access address of the memory.
该内存根据该内存的访问地址确定该内存的访问地址所属的内存地址段,并为该内存地址段配置该预设模式标识组及该预设分组标识组。The memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier group and the preset group identifier group for the memory address segment.
本发明实施例所提供的访问隔离方法,可通过内存依次对接收到的外设中业务通信模式对应的通道组发出的访问指令中包括的该业务通信模式的模式标识符及分组标识符进行校验,仅在该模式标识符及该分组标识符均有效的情况下,接受该外设对该内存的访问,在保证外设对内存访问的业务通信模式的隔离的基础上,还可针对该业务通信模式的实现功能进行更精细化的隔离,避免并发软件间异常运行的连带现象。同时本实施例方案还通过提供多种该内存对该业务通信模式的模式标识符及分组标识符进行校验的方法,提供了该访问隔离方法多种实现方案,从而更好地实现该内存对于业务通信模式的不同功能对应的访问指令的有效物理隔离,保证并发软件的正常运行。The access isolation method provided by the embodiment of the present invention can sequentially perform the mode identifier and the packet identifier of the service communication mode included in the access instruction issued by the channel group corresponding to the service communication mode in the received peripheral device through the memory. In the case that the mode identifier and the packet identifier are both valid, the access of the peripheral to the memory is accepted, and on the basis of ensuring isolation of the service communication mode of the peripheral access to the memory, The implementation of the business communication mode performs more granular isolation and avoids the phenomenon of abnormal operation between concurrent software. At the same time, the solution of the embodiment further provides a plurality of implementation manners of the access isolation method by providing a plurality of methods for verifying the mode identifier and the packet identifier of the service communication mode, so as to better implement the memory. The effective physical isolation of the access commands corresponding to different functions of the service communication mode ensures the normal operation of the concurrent software.
实施例四Embodiment 4
本发明实施例四提供一种访问隔离装置,该访问隔离装置可位于外设。图5为本发明实施例四所提供的访问隔离装置的结构示意图。Embodiment 4 of the present invention provides an access isolation device, which may be located in a peripheral device. FIG. 5 is a schematic structural diagram of an access isolation device according to Embodiment 4 of the present invention.
如图5所示,该访问隔离装置500包括:接收端口501、及校验模块502。其中接收端口501与校验模块502连接。 As shown in FIG. 5, the access isolation device 500 includes a receiving port 501 and a verification module 502. The receiving port 501 is connected to the check module 502.
具体地,接收端口501可以为该外设的从接口。Specifically, the receiving port 501 can be a slave interface of the peripheral.
接收端口501,用于接收外设中的通道组配置空间对应的第一访问指令,并将该第一访问指令发送至校验模块502。该第一访问指令包括:该通道组配置空间的访问地址及业务通信模式的模式标识符。The receiving port 501 is configured to receive a first access instruction corresponding to the channel group configuration space in the peripheral device, and send the first access instruction to the verification module 502. The first access instruction includes: an access address of the channel group configuration space and a mode identifier of the service communication mode.
校验模块502,用于对该业务通信模式的模式标识符进行校验,若该业务通信模式的模式标识符有效,则接受对该通道组配置空间的访问。The verification module 502 is configured to check the mode identifier of the service communication mode, and if the mode identifier of the service communication mode is valid, accept the access to the channel group configuration space.
可选的,上述校验模块502,还用于对该业务通信模式的模式标识符进行校验之前,根据预设模式标识符,对该业务通信模式的模式标识符进行校验,若该预设模式标识符与该业务通信模式的模式标识符相同,则确定该业务通信模式的模式标识符有效。Optionally, the verification module 502 is further configured to: before the verification of the mode identifier of the service communication mode, verify the mode identifier of the service communication mode according to the preset mode identifier, if the If the mode identifier is the same as the mode identifier of the service communication mode, it is determined that the mode identifier of the service communication mode is valid.
可选的,接收端口501,还用于在校验模块502根据该预设模式标识符,对该业务通信模式的模式标识符进行校验之前,接收管理通道模式对应的处理器发送的该外设中管理配置空间对应的第二访问指令;该第二访问指令包括:该通道组配置空间的访问地址。Optionally, the receiving port 501 is further configured to: before the verification module 502 checks the mode identifier of the service communication mode according to the preset mode identifier, receive the external sent by the processor corresponding to the management channel mode. And a second access instruction corresponding to the management configuration space; the second access instruction includes: an access address of the channel group configuration space.
校验模块502,还用于根据该通道组配置空间的访问地址确定该通道组配置空间,将该通道组配置空间与至少一个通道进行关联,并为该通道组配置空间配置该预设模式标识符。The verification module 502 is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and configure the preset mode identifier for the channel group configuration space. symbol.
可替代地,校验模块502,还用于根据预设模式标识组,判断该业务通信模式的模式标识符是否为该预设模式标识组对应的标识,若该业务通信模式的模式标识符为该预设模式标识组中的标识,则确定该业务通信模式的模式标识符有效;其中,该预设模式标识组包括至少一个模式标识符。Alternatively, the verification module 502 is further configured to determine, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier corresponding to the preset mode identifier group, if the mode identifier of the service communication mode is The preset mode identifies the identifier in the group, and then determines that the mode identifier of the service communication mode is valid; wherein the preset mode identification group includes at least one mode identifier.
可选的,其中接收端口501,还用于在校验模块502根据该预设模式标识组,判断该业务通信模式的模式标识符是否为该预设模式标识组中的标识之前,接收该外设中管理配置空间对应的第三访问指令;该第三访问指令为通信管理模式对应的处理器发出的指令,该第三访问指令包括:该通道组配置空间的访问地址。Optionally, the receiving port 501 is further configured to: before the verification module 502 determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, receiving the outer And a third access instruction corresponding to the management management space; the third access instruction is an instruction issued by a processor corresponding to the communication management mode, and the third access instruction includes: an access address of the channel group configuration space.
校验模块502,还用于根据该通道组配置空间的访问地址确定该通道组配置空间,将该通道组配置空间与至少一个通道进行关联,并为该通道组配置空间配置该预设模式标识组;该预设模式标识组包括至少一个模式标识符。The verification module 502 is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and configure the preset mode identifier for the channel group configuration space. Group; the preset mode identification group includes at least one mode identifier.
进一步地,上述方案中的该第一访问指令包括:该业务通信模式对应的 处理器发出的指令;或者,Further, the first access instruction in the foregoing solution includes: the service communication mode corresponding to An instruction issued by the processor; or,
该第一访问指令包括:其他外设发出的指令。The first access instruction includes: an instruction issued by another peripheral.
本实施例所提供的访问隔离装置可执行上述实施例一或实施例二所述的访问隔离方法,其具体的实现过程及有益效果与上述实施例一或实施例二类似,在此不再赘述。The access isolation device provided in this embodiment may perform the access isolation method according to the first embodiment or the second embodiment, and the specific implementation process and the beneficial effects are similar to the first embodiment or the second embodiment, and details are not described herein again. .
实施例五Embodiment 5
本发明实施例五还提供一种访问隔离装置。图6为本发明实施例五所提供的访问隔离装置的结构示意图。如图6所示,该访问隔离装置600位于内存。该访问隔离装置600包括:接收端口601,及校验模块602;接收端口601与校验模块602连接。Embodiment 5 of the present invention further provides an access isolation device. FIG. 6 is a schematic structural diagram of an access isolation device according to Embodiment 5 of the present invention. As shown in FIG. 6, the access isolation device 600 is located in the memory. The access isolation device 600 includes a receiving port 601 and a verification module 602. The receiving port 601 is connected to the verification module 602.
接收端口601,用于接收外设发出的第四访问指令,该第四访问指令包括:该内存的访问地址、业务通信模式的模式标识符及该业务通信模式的分组标识符。The receiving port 601 is configured to receive a fourth access instruction sent by the peripheral device, where the fourth access instruction includes: an access address of the memory, a mode identifier of the service communication mode, and a packet identifier of the service communication mode.
校验模块602,用于依次对该业务通信模式的模式标识符及该通信模式的分组标识符进行校验,若该业务通信模式的模式标识符及该业务通信模式的分组标识符均有效,接受该外设对该内存的访问。a verification module 602, configured to sequentially verify a mode identifier of the service communication mode and a packet identifier of the communication mode, if the mode identifier of the service communication mode and the packet identifier of the service communication mode are valid, Accept the access of the peripheral to the memory.
进一步地,上述校验模块602,还用于根据预设模式标识符,对该业务通信模式的模式标识符进行校验,若该预设模式标识符与该业务通信模式的模式标识符相同,则确定该业务通信模式的模式标识符有效,若该业务通信模式的模式标识符有效,根据预设分组标识符,对该业务通信模式的分组标识符进行校验;若该预设分组标识符与该业务通信模式的分组标识符相同,则确定该业务通信模式的分组标识符有效。Further, the verification module 602 is further configured to check, according to the preset mode identifier, the mode identifier of the service communication mode, if the preset mode identifier is the same as the mode identifier of the service communication mode, Determining that the mode identifier of the service communication mode is valid, and if the mode identifier of the service communication mode is valid, verifying the packet identifier of the service communication mode according to the preset packet identifier; if the preset packet identifier The same as the packet identifier of the service communication mode, it is determined that the packet identifier of the service communication mode is valid.
可选的,上述接收端口601,还用于在校验模块602依次对该业务通信模式的模式标识符及该业务通信模式的分组标识符进行校验之前,接收管理通信模式对应的处理器发出的第五访问指令,根据该第五访问指令中的该内存的访问地址,确定该内存的访问所属的内存地址段,并为该内存地址段配置该预设模式标识符及该预设分组标识符。Optionally, the receiving port 601 is further configured to: after the verification module 602 sequentially checks the mode identifier of the service communication mode and the packet identifier of the service communication mode, receive, by the processor corresponding to the management communication mode, a fifth access instruction, determining, according to the access address of the memory in the fifth access instruction, a memory address segment to which the memory access belongs, and configuring the preset mode identifier and the preset group identifier for the memory address segment symbol.
可替代地,其中校验模块602,还用于根据预设模式标识组,判断该业务通信模式的模式标识符是否为该预设模式标识组中的标识,若该业务通信模式的模式标识符为该预设模式标识组中的标识,则确定该业务通信模式的 模式标识符有效,若该业务通信模式的模式标识符有效,则根据预设分组标识组,判断该业务通信模式的分组标识符是否为该预设分组标识组中的标识,若该业务通信模式的分组标识符为该预设分组标识组中的标识,则确定该业务通信模式的分组标识符有效。其中,该预设模式标识组包括至少一个模式标识符;该预设分组标识组包括至少一个分组标识符。Alternatively, the verification module 602 is further configured to determine, according to the preset mode identification group, whether the mode identifier of the service communication mode is an identifier in the preset mode identification group, if the mode identifier of the service communication mode Determining the identifier in the group for the preset mode, determining the service communication mode The mode identifier is valid. If the mode identifier of the service communication mode is valid, determining, according to the preset group identification group, whether the packet identifier of the service communication mode is an identifier in the preset group identification group, if the service communication mode The packet identifier is an identifier in the preset packet identification group, and it is determined that the packet identifier of the service communication mode is valid. The preset mode identifier group includes at least one mode identifier; the preset packet identifier group includes at least one packet identifier.
可选的,上述接收端口601,还用于在校验模块602依次对该业务通信模式的模式标识符及该业务通信模式的分组标识符进行校验之前,接收通信管理模式对应的处理器发出的第六访问指令,并根据该第六访问指令中的内存访问地址,根据该内存访问地址确定该内存访问地址所属的内存地址段,并为该内存地址段配置该预设模式标识组及该预设分组标识组。Optionally, the receiving port 601 is further configured to: after the verification module 602 sequentially checks the mode identifier of the service communication mode and the packet identifier of the service communication mode, the processor corresponding to the communication management mode is sent. a sixth access instruction, and determining, according to the memory access address in the sixth access instruction, a memory address segment to which the memory access address belongs according to the memory access address, and configuring the preset mode identifier group for the memory address segment and the Preset group identification group.
本实施例所提供的访问隔离装置可执行上述实施例三所述的访问隔离方法,其具体的实现过程及有益效果与上述实施例三类似,在此不再赘述。The access isolation device provided in this embodiment may perform the access isolation method in the foregoing embodiment 3. The specific implementation process and the beneficial effects are similar to those in the foregoing embodiment 3, and details are not described herein again.
实施例六Embodiment 6
本发明实施例还提供一种访问隔离方法。本实施例通过具体的实例对上述实施例一或实施例二的方案进行具体说明。图7为本发明实施例六所提供的一种访问隔离方法的流程图。如图7所示,该方法可以包括:The embodiment of the invention further provides an access isolation method. The embodiment of the first embodiment or the second embodiment is specifically described by using a specific example. FIG. 7 is a flowchart of an access isolation method according to Embodiment 6 of the present invention. As shown in FIG. 7, the method may include:
步骤701、外设接收该外设中的通道组配置空间对应的第一访问指令;该第一访问指令包括:该通道组配置空间的访问地址及业务通信模式的模式标识符。Step 701: The peripheral device receives a first access instruction corresponding to the channel group configuration space in the peripheral device. The first access instruction includes: an access address of the channel group configuration space and a mode identifier of the service communication mode.
其中,该第一访问指令可以为该业务通信模式对应的处理器发出的指令;或者,他外设发出的指令。The first access instruction may be an instruction issued by a processor corresponding to the service communication mode; or an instruction issued by a peripheral device.
步骤702、该外设接收通信管理模式对应的处理器发出的该外设中管理配置空间对应的第二访问指令;该第二访问指令包括:该通道组配置空间的访问地址。Step 702: The peripheral device receives a second access instruction corresponding to a management configuration space in the peripheral device sent by the processor corresponding to the communication management mode. The second access instruction includes: an access address of the channel group configuration space.
步骤703、该外设根据该通道组配置空间的访问地址确定该通道组配置空间,将该通道组配置空间与至少一个通道进行关联,并为该通道组配置空间配置该预设模式标识符。Step 703: The peripheral device determines the channel group configuration space according to the access address of the channel group configuration space, associates the channel group configuration space with at least one channel, and configures the preset mode identifier for the channel group configuration space.
步骤704、该外设根据预设模式标识符,对该业务通信模式的模式标识符进行校验。Step 704: The peripheral device checks the mode identifier of the service communication mode according to the preset mode identifier.
步骤705、若该预设模式标识符与该业务通信模式的模式标识符相同, 则该外设确定该业务通信模式的模式标识符有效。Step 705: If the preset mode identifier is the same as the mode identifier of the service communication mode, Then the peripheral determines that the mode identifier of the service communication mode is valid.
步骤706、若该业务通信模式的模式标识符有效,则该外设接受对该通道组配置空间的访问。Step 706: If the mode identifier of the service communication mode is valid, the peripheral accepts access to the channel group configuration space.
本实施例方案通过具体实例对上述实施例一或实施例二所提供的访问隔离方法进行说明,可由上述实施例四所提供的访问隔离装置执行,其具体的实现过程及有益效果与上述实施例类似,在此不再赘述。The access isolation method provided by the foregoing Embodiment 1 or Embodiment 2 is described by using the specific example in this embodiment, and may be performed by the access isolation device provided in Embodiment 4, and the specific implementation process and beneficial effects thereof are the same as the foregoing embodiment. Similar, I will not repeat them here.
本实施例还提供一种访问隔离方法。该方法通过具体的实例对上述实施例三所提供的访问隔离方法进行说明。图8为本发明实施例六所提供的另一种访问隔离方法的流程图。如图8所示,该方法可包括:This embodiment also provides an access isolation method. The method for describing the access isolation method provided in the foregoing embodiment 3 is described by a specific example. FIG. 8 is a flowchart of another access isolation method according to Embodiment 6 of the present invention. As shown in FIG. 8, the method can include:
步骤801、内存接收外设发出的第四访问指令,该第四访问指令包括:该内存的访问地址、业务通信模式的模式标识符及该业务通信模式的分组标识符。Step 801: The memory receives a fourth access instruction sent by the peripheral, where the fourth access instruction includes: an access address of the memory, a mode identifier of the service communication mode, and a packet identifier of the service communication mode.
步骤802、该内存接收通信管理模式对应的处理器发出的第五访问指令;该第五访问指令包括:该内存的访问地址。Step 802: The memory receives a fifth access instruction sent by a processor corresponding to the communication management mode; the fifth access instruction includes: an access address of the memory.
步骤803、该内存根据该内存的访问地址确定该内存的访问地址所属的内存地址段,并为该内存地址段配置该预设模式标识符及该预设分组标识符。Step 803: The memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier and the preset packet identifier for the memory address segment.
步骤804、该内存根据预设模式标识符,对该业务通信模式的模式标识符进行校验。Step 804: The memory verifies the mode identifier of the service communication mode according to the preset mode identifier.
步骤805、若该预设模式标识符与该业务通信模式的模式标识符相同,则该内存确定该业务通信模式的模式标识符有效。Step 805: If the preset mode identifier is the same as the mode identifier of the service communication mode, the memory determines that the mode identifier of the service communication mode is valid.
步骤806、若该业务通信模式的模式标识符有效,则该内存根据预设分组标识符,对该业务通信模式的分组标识符进行校验。Step 806: If the mode identifier of the service communication mode is valid, the memory checks the packet identifier of the service communication mode according to the preset packet identifier.
步骤807、若所述预设分组标识符与所述业务通信模式的分组标识符相同,则所述内存确定所述业务通信模式的分组标识符有效。Step 807: If the preset packet identifier is the same as the packet identifier of the service communication mode, the memory determines that the packet identifier of the service communication mode is valid.
步骤808、若该业务通信模式的模式标识符及该业务通信模式的分组标识符均有效,则该内存接受该外设对该内存的访问。Step 808: If the mode identifier of the service communication mode and the packet identifier of the service communication mode are both valid, the memory accepts access of the peripheral to the memory.
本实施例方案通过具体实例对上述实施例三所提供的访问隔离方法进行说明,可由上述实施例五所提供的访问隔离装置执行,其具体的实现过程及有益效果与上述实施例类似,在此不再赘述。The access isolation method provided by the foregoing embodiment 3 is described by using the specific example in the embodiment, and may be performed by the access isolation device provided in the foregoing fifth embodiment. The specific implementation process and beneficial effects are similar to the foregoing embodiment. Let me repeat.
本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤 可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。One of ordinary skill in the art can understand that all or part of the steps of the above method embodiments are implemented. The foregoing program may be stored in a computer readable storage medium, and when executed, the program includes the steps of the foregoing method embodiment; and the foregoing storage medium includes: ROM, RAM A variety of media that can store program code, such as a disk or a disc.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。 Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the foregoing embodiments may be modified, or some or all of the technical features may be equivalently replaced; and the modifications or substitutions do not deviate from the technical solutions of the embodiments of the present invention. range.

Claims (22)

  1. 一种访问隔离方法,其特征在于,包括:An access isolation method, comprising:
    外设接收所述外设中的通道组配置空间对应的第一访问指令;所述第一访问指令包括:所述通道组配置空间的访问地址及业务通信模式的模式标识符;Receiving, by the peripheral device, a first access instruction corresponding to the channel group configuration space in the peripheral device; the first access instruction includes: an access address of the channel group configuration space and a mode identifier of a service communication mode;
    所述外设对所述业务通信模式的模式标识符进行校验;The peripheral device verifies a mode identifier of the service communication mode;
    若所述业务通信模式的模式标识符有效,则所述外设接受对所述通道组配置空间的访问。If the mode identifier of the service communication mode is valid, the peripheral accepts access to the channel group configuration space.
  2. 根据权利要求1所述的方法,其特征在于,所述外设对所述业务通信模式的模式标识符进行校验,包括:The method according to claim 1, wherein the peripheral device verifies the mode identifier of the service communication mode, including:
    所述外设根据预设模式标识符,对所述业务通信模式的模式标识符进行校验;The peripheral device verifies the mode identifier of the service communication mode according to the preset mode identifier;
    若所述预设模式标识符与所述业务通信模式的模式标识符相同,则所述外设确定所述业务通信模式的模式标识符有效。If the preset mode identifier is the same as the mode identifier of the service communication mode, the peripheral determines that the mode identifier of the service communication mode is valid.
  3. 根据权利要求2所述的方法,其特征在于,所述外设根据预设模式标识符,对所述业务通信模式的模式标识符进行校验之前,还包括:The method according to claim 2, wherein the peripheral device further checks: before the mode identifier of the service communication mode is verified according to the preset mode identifier, the method further includes:
    所述外设接收通信管理模式对应的处理器发出的所述外设中管理配置空间对应的第二访问指令;所述第二访问指令包括:所述通道组配置空间的访问地址;The peripheral device receives a second access instruction corresponding to the management configuration space in the peripheral device issued by the processor corresponding to the communication management mode; the second access instruction includes: an access address of the channel group configuration space;
    所述外设根据所述通道组配置空间的访问地址确定所述通道组配置空间,将所述通道组配置空间与至少一个通道进行关联,并为所述通道组配置空间配置所述预设模式标识符。Determining, by the peripheral device, the channel group configuration space according to the access address of the channel group configuration space, associating the channel group configuration space with at least one channel, and configuring the preset mode for the channel group configuration space Identifier.
  4. 根据权利要求1所述的方法,其特征在于,所述外设对所述业务通信模式的模式标识符进行校验,包括:The method according to claim 1, wherein the peripheral device verifies the mode identifier of the service communication mode, including:
    所述外设根据预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识;其中,所述预设模式标识组包括至少一个模式标识符;The peripheral device determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, where the preset mode identifier group includes at least one mode identifier;
    若所述业务通信模式的模式标识符为所述预设模式标识组中的标识,则所述外设确定所述业务通信模式的模式标识符有效。If the mode identifier of the service communication mode is an identifier in the preset mode identification group, the peripheral device determines that the mode identifier of the service communication mode is valid.
  5. 根据权利要求4所述的方法,其特征在于,所述外设在根据预设模式 标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识之前,还包括:The method of claim 4 wherein said peripheral is in accordance with a preset mode And the identifier group, before determining whether the mode identifier of the service communication mode is the identifier in the preset mode identifier group, the method further includes:
    所述外设接收所述外设中管理配置空间对应的第三访问指令;所述第三访问指令为通信管理模式对应的处理器发出的指令,所述第三访问指令包括:所述通道组配置空间的访问地址;The peripheral device receives a third access instruction corresponding to the management configuration space in the peripheral device; the third access instruction is an instruction issued by a processor corresponding to the communication management mode, and the third access instruction includes: the channel group The access address of the configuration space;
    所述外设根据所述通道组配置空间的访问地址确定所述通道组配置空间,将所述通道组配置空间与至少一个通道进行关联,并为所述通道组配置空间配置所述预设模式标识组。Determining, by the peripheral device, the channel group configuration space according to the access address of the channel group configuration space, associating the channel group configuration space with at least one channel, and configuring the preset mode for the channel group configuration space Identification group.
  6. 根据权利要求1-5中任一项所述的方法,其特征在于,所述第一访问指令包括:所述业务通信模式对应的处理器发出的指令;或者,The method according to any one of claims 1 to 5, wherein the first access instruction comprises: an instruction issued by a processor corresponding to the service communication mode; or
    所述第一访问指令包括:其他外设发出的指令。The first access instruction includes an instruction issued by another peripheral.
  7. 一种访问隔离方法,其特征在于,包括:An access isolation method, comprising:
    内存接收外设发出的第四访问指令,所述第四访问指令包括:所述内存的访问地址、业务通信模式的模式标识符及所述业务通信模式的分组标识符;a fourth access instruction issued by the memory receiving peripheral, the fourth access instruction comprising: an access address of the memory, a mode identifier of a service communication mode, and a packet identifier of the service communication mode;
    所述内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验;The memory sequentially checks a mode identifier of the service communication mode and a packet identifier of the service communication mode;
    若所述业务通信模式的模式标识符及所述业务通信模式的分组标识符均有效,则所述内存接受所述外设对所述内存的访问。If the mode identifier of the service communication mode and the packet identifier of the service communication mode are both valid, the memory accepts access by the peripheral to the memory.
  8. 根据权利要求7所述的方法,其特征在于,所述内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验,包括:The method according to claim 7, wherein the memory sequentially verifies the mode identifier of the service communication mode and the packet identifier of the service communication mode, including:
    所述内存根据预设模式标识符,对所述业务通信模式的模式标识符进行校验;The memory verifies the mode identifier of the service communication mode according to the preset mode identifier;
    若所述预设模式标识符与所述业务通信模式的模式标识符相同,则所述内存确定所述业务通信模式的模式标识符有效;If the preset mode identifier is the same as the mode identifier of the service communication mode, the memory determines that the mode identifier of the service communication mode is valid;
    若所述业务通信模式的模式标识符有效,则所述内存根据预设分组标识符,对所述业务通信模式的分组标识符进行校验;And if the mode identifier of the service communication mode is valid, the memory checks a packet identifier of the service communication mode according to a preset packet identifier;
    若所述预设分组标识符与所述业务通信模式的分组标识符相同,则所述内存确定所述业务通信模式的分组标识符有效。If the preset packet identifier is the same as the packet identifier of the service communication mode, the memory determines that the packet identifier of the service communication mode is valid.
  9. 根据权利要求8所述的方法,其特征在于,所述内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验之前,还 包括:The method according to claim 8, wherein said memory sequentially checks a mode identifier of said service communication mode and a packet identifier of said service communication mode, and further include:
    所述内存接收通信管理模式对应的处理器发出的第五访问指令;所述第五访问指令包括:所述内存的访问地址;The memory receives a fifth access instruction issued by a processor corresponding to the communication management mode; the fifth access instruction includes: an access address of the memory;
    所述内存根据所述内存的访问地址确定所述内存的访问地址所属的内存地址段,并为所述内存地址段配置所述预设模式标识符及所述预设分组标识符。The memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier and the preset packet identifier for the memory address segment.
  10. 根据权利要求7所述的方法,其特征在于,所述内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验,包括:The method according to claim 7, wherein the memory sequentially verifies the mode identifier of the service communication mode and the packet identifier of the service communication mode, including:
    所述内存根据预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识;其中,所述预设模式标识组包括至少一个模式标识符;Determining, by the memory according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group; wherein the preset mode identifier group includes at least one mode identifier;
    若所述业务通信模式的模式标识符为所述预设模式标识组中的标识,则所述内存确定所述业务通信模式的模式标识符有效;If the mode identifier of the service communication mode is an identifier in the preset mode identification group, the memory determines that a mode identifier of the service communication mode is valid;
    若所述业务通信模式的模式标识符有效,则所述内存根据预设分组标识组,判断所述业务通信模式的分组标识符是否为所述预设分组标识组中的标识;其中,所述预设分组标识组包括至少一个分组标识符;If the mode identifier of the service communication mode is valid, the memory determines, according to the preset group identity group, whether the packet identifier of the service communication mode is an identifier in the preset group identity group; The preset group identification group includes at least one group identifier;
    若所述业务通信模式的分组标识符为所述预设分组标识组中的标识,则所述内存确定所述业务通信模式的分组标识符有效。If the packet identifier of the service communication mode is an identifier in the preset packet identification group, the memory determines that the packet identifier of the service communication mode is valid.
  11. 根据权利要求10所述的方法,其特征在于,所述内存依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验之前,还包括:The method according to claim 10, wherein before the memory sequentially checks the mode identifier of the service communication mode and the packet identifier of the service communication mode, the method further includes:
    所述内存接收通信管理模式对应的处理器发出的第六访问指令;所述第六访问指令包括:所述内存的访问地址;The memory receives a sixth access instruction issued by a processor corresponding to the communication management mode; the sixth access instruction includes: an access address of the memory;
    所述内存根据所述内存的访问地址确定所述内存的访问地址所属的内存地址段,并为所述内存地址段配置所述预设模式标识组及所述预设分组标识组。The memory determines a memory address segment to which the access address of the memory belongs according to the access address of the memory, and configures the preset mode identifier group and the preset group identifier group for the memory address segment.
  12. 一种访问隔离装置,其特征在于,所述访问隔离装置位于外设,所述访问隔离装置包括:接收端口、及校验模块;其中,所述接收端口与所述校验模块连接;An access isolation device, wherein the access isolation device is located at a peripheral device, the access isolation device includes: a receiving port, and a verification module; wherein the receiving port is connected to the verification module;
    所述接收端口,用于接收所述外设中的通道组配置空间对应的第一访问 指令,并将所述第一访问指令发送至所述校验模块;所述第一访问指令包括:所述通道组配置空间的访问地址及业务通信模式的模式标识符;The receiving port is configured to receive a first access corresponding to a channel group configuration space in the peripheral device And executing the first access instruction to the verification module; the first access instruction includes: an access address of the channel group configuration space and a mode identifier of a service communication mode;
    所述校验模块,用于对所述业务通信模式的模式标识符进行校验,若所述业务通信模式的模式标识符有效,则接受对所述通道组配置空间的访问。The verification module is configured to check a mode identifier of the service communication mode, and if the mode identifier of the service communication mode is valid, accept access to the channel group configuration space.
  13. 根据权利要求12所述的装置,其特征在于,The device according to claim 12, characterized in that
    所述校验模块,还用于对所述业务通信模式的模式标识符进行校验之前,根据预设模式标识符,对所述业务通信模式的模式标识符进行校验,若所述预设模式标识符与所述业务通信模式的模式标识符相同,则确定所述业务通信模式的模式标识符有效。The verification module is further configured to: before the mode identifier of the service communication mode is verified, verify the mode identifier of the service communication mode according to the preset mode identifier, if the preset The mode identifier is the same as the mode identifier of the service communication mode, and then the mode identifier of the service communication mode is determined to be valid.
  14. 根据权利要求13所述的装置,其特征在于,The device of claim 13 wherein:
    所述接收端口,还用于在所述校验模块根据所述预设模式标识符,对所述业务通信模式的模式标识符进行校验之前,接收管理通道模式对应的处理器发送的所述外设中管理配置空间对应的第二访问指令;所述第二访问指令包括:所述通道组配置空间的访问地址;The receiving port is further configured to: before the verifying module checks the mode identifier of the service communication mode according to the preset mode identifier, receive the a second access instruction corresponding to the configuration space in the peripheral device; the second access instruction includes: an access address of the channel group configuration space;
    所述校验模块,还用于根据所述通道组配置空间的访问地址确定所述通道组配置空间,将所述通道组配置空间与至少一个通道进行关联,并为所述通道组配置空间配置所述预设模式标识符。The verification module is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and configure a space configuration for the channel group. The preset mode identifier.
  15. 根据权利要求12所述的装置,其特征在于,The device according to claim 12, characterized in that
    所述校验模块,还用于根据预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识,若所述业务通信模式的模式标识符为所述预设模式标识组中的标识,则确定所述业务通信模式的模式标识符有效;其中,所述预设模式标识组包括至少一个模式标识符。The verification module is further configured to determine, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, if the mode identifier of the service communication mode is And determining, by the preset mode, the identifier in the group, determining that the mode identifier of the service communication mode is valid; wherein the preset mode identifier group includes at least one mode identifier.
  16. 根据权利要求15所述的装置,其特征在于,The device of claim 15 wherein:
    所述接收端口,还用于在所述校验模块根据所述预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识之前,接收所述外设中管理配置空间对应的第三访问指令;所述第三访问指令为通信管理模式对应的处理器发出的指令,所述第三访问指令包括:所述通道组配置空间的访问地址;The receiving port is further configured to: before the determining module determines, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, receiving the a third access instruction corresponding to the configuration space is managed in the peripheral device; the third access instruction is an instruction issued by a processor corresponding to the communication management mode, and the third access instruction includes: an access address of the channel group configuration space;
    所述校验模块,还用于根据所述通道组配置空间的访问地址确定所述通道组配置空间,将所述通道组配置空间与至少一个通道进行关联,并为所述 通道组配置空间配置所述预设模式标识组。The verification module is further configured to determine the channel group configuration space according to the access address of the channel group configuration space, associate the channel group configuration space with at least one channel, and The channel group configuration space configures the preset mode identifier group.
  17. 根据权利要求12-16中任一项所述的装置,其特征在于,所述第一访问指令包括:所述业务通信模式对应的处理器发出的指令;或者,The apparatus according to any one of claims 12-16, wherein the first access instruction comprises: an instruction issued by a processor corresponding to the service communication mode; or
    所述第一访问指令包括:其他外设发出的指令。The first access instruction includes an instruction issued by another peripheral.
  18. 一种访问隔离装置,其特征在于,所述访问隔离装置位于内存;所述访问隔离装置包括:接收端口,及校验模块;所述接收端口与所述校验模块连接;An access isolation device, wherein the access isolation device is located in a memory; the access isolation device includes: a receiving port, and a verification module; and the receiving port is connected to the verification module;
    所述接收端口,用于接收外设发出的第四访问指令,所述第四访问指令包括:所述内存的访问地址、业务通信模式的模式标识符及所述业务通信模式的分组标识符;The receiving port is configured to receive a fourth access instruction sent by the peripheral device, where the fourth access instruction includes: an access address of the memory, a mode identifier of a service communication mode, and a packet identifier of the service communication mode;
    所述校验模块,用于依次对所述业务通信模式的模式标识符及所述通信模式的分组标识符进行校验,若所述业务通信模式的模式标识符及所述业务通信模式的分组标识符均有效,则接受所述外设对所述内存的访问。The verification module is configured to sequentially check a mode identifier of the service communication mode and a packet identifier of the communication mode, if a mode identifier of the service communication mode and a grouping of the service communication mode When the identifiers are both valid, the peripherals are accepted for access to the memory.
  19. 根据权利要求18所述的装置,其特征在于,The device of claim 18, wherein
    所述校验模块,还用于根据预设模式标识符,对所述业务通信模式的模式标识符进行校验,若所述预设模式标识符与所述业务通信模式的模式标识符相同,则确定所述业务通信模式的模式标识符有效,若所述业务通信模式的模式标识符有效,根据预设分组标识符,对所述业务通信模式的分组标识符进行校验;若所述预设分组标识符与所述业务通信模式的分组标识符相同,则确定所述业务通信模式的分组标识符有效。The verification module is further configured to check, according to the preset mode identifier, a mode identifier of the service communication mode, if the preset mode identifier is the same as a mode identifier of the service communication mode, Determining that the mode identifier of the service communication mode is valid, and if the mode identifier of the service communication mode is valid, verifying a packet identifier of the service communication mode according to a preset packet identifier; If the packet identifier is the same as the packet identifier of the service communication mode, it is determined that the packet identifier of the service communication mode is valid.
  20. 根据权利要求19所述的装置,其特征在于,The device according to claim 19, characterized in that
    所述接收端口,还用于在所述校验模块依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验之前,接收管理通信模式对应的处理器发出的第五访问指令,根据所述第五访问指令中的所述内存的访问地址,确定所述内存的访问所属的内存地址段,并为所述内存地址段配置所述预设模式标识符及所述预设分组标识符。The receiving port is further configured to receive, by the processor corresponding to the management communication mode, before the verification module sequentially checks the mode identifier of the service communication mode and the packet identifier of the service communication mode. a fifth access instruction, determining, according to the access address of the memory in the fifth access instruction, a memory address segment to which the memory access belongs, and configuring the preset mode identifier and the location for the memory address segment Preset the packet identifier.
  21. 根据权利要求18所述的装置,其特征在于,The device of claim 18, wherein
    所述校验模块,还用于根据预设模式标识组,判断所述业务通信模式的模式标识符是否为所述预设模式标识组中的标识,若所述业务通信模式的模式标识符为所述预设模式标识组中的标识,则确定所述业务通信模式的模式 标识符有效,若所述业务通信模式的模式标识符有效,则根据预设分组标识组,判断所述业务通信模式的分组标识符是否为所述预设分组标识组中的标识,若所述业务通信模式的分组标识符为所述预设分组标识组中的标识,则确定所述业务通信模式的分组标识符有效;其中,所述预设模式标识组包括至少一个模式标识符;所述预设分组标识组包括至少一个分组标识符。The verification module is further configured to determine, according to the preset mode identifier group, whether the mode identifier of the service communication mode is an identifier in the preset mode identifier group, if the mode identifier of the service communication mode is Determining, by the preset mode, an identifier in the group, determining a mode of the service communication mode The identifier is valid, if the mode identifier of the service communication mode is valid, determining, according to the preset group identifier group, whether the packet identifier of the service communication mode is an identifier in the preset group identifier group, if The packet identifier of the service communication mode is an identifier in the preset packet identification group, and then determining that the packet identifier of the service communication mode is valid; wherein the preset mode identification group includes at least one mode identifier; The preset group identification group includes at least one packet identifier.
  22. 根据权利要求21所述的装置,其特征在于,The device according to claim 21, wherein
    所述接收端口,还用于在所述校验模块依次对所述业务通信模式的模式标识符及所述业务通信模式的分组标识符进行校验之前,接收管理通信模式对应的处理器发出的第六访问指令,并根据所述第六访问指令中的内存访问地址,根据所述内存访问地址确定所述内存访问地址所属的内存地址段,并为所述内存地址段配置所述预设模式标识组及所述预设分组标识组。 The receiving port is further configured to receive, by the processor corresponding to the management communication mode, before the verification module sequentially checks the mode identifier of the service communication mode and the packet identifier of the service communication mode. a sixth access instruction, and determining, according to the memory access address in the sixth access instruction, a memory address segment to which the memory access address belongs according to the memory access address, and configuring the preset mode for the memory address segment The identification group and the preset group identification group.
PCT/CN2014/092479 2014-11-28 2014-11-28 Access isolation method and apparatus WO2016082185A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201480033937.7A CN105900070B (en) 2014-11-28 2014-11-28 Access partition method and device
PCT/CN2014/092479 WO2016082185A1 (en) 2014-11-28 2014-11-28 Access isolation method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/092479 WO2016082185A1 (en) 2014-11-28 2014-11-28 Access isolation method and apparatus

Publications (1)

Publication Number Publication Date
WO2016082185A1 true WO2016082185A1 (en) 2016-06-02

Family

ID=56073380

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/092479 WO2016082185A1 (en) 2014-11-28 2014-11-28 Access isolation method and apparatus

Country Status (2)

Country Link
CN (1) CN105900070B (en)
WO (1) WO2016082185A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080222369A1 (en) * 2005-07-21 2008-09-11 Mtekvision Co., Ltd. Access Control Partitioned Blocks in Shared Memory
CN101566972A (en) * 2009-05-12 2009-10-28 苏州国芯科技有限公司 Safety control method of user multi-partitioned memory space access right in embedded system
CN102567275A (en) * 2010-12-08 2012-07-11 中国科学院声学研究所 Method and system for memory access among multiple operation systems on multi-core processor
CN103713954A (en) * 2013-12-25 2014-04-09 华为技术有限公司 Processor module and electronic device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080222369A1 (en) * 2005-07-21 2008-09-11 Mtekvision Co., Ltd. Access Control Partitioned Blocks in Shared Memory
CN101566972A (en) * 2009-05-12 2009-10-28 苏州国芯科技有限公司 Safety control method of user multi-partitioned memory space access right in embedded system
CN102567275A (en) * 2010-12-08 2012-07-11 中国科学院声学研究所 Method and system for memory access among multiple operation systems on multi-core processor
CN103713954A (en) * 2013-12-25 2014-04-09 华为技术有限公司 Processor module and electronic device

Also Published As

Publication number Publication date
CN105900070B (en) 2019-03-08
CN105900070A (en) 2016-08-24

Similar Documents

Publication Publication Date Title
US10819566B2 (en) Edge or fog gateway assisted IDE redirection for failover remote management applications
US9672351B2 (en) Authenticated control stacks
US20140187224A1 (en) Protocol version negotiation method, mobile terminal, base station and communications system
CN111970726B (en) Data transmission method, device, related equipment and storage medium
US20190380068A1 (en) Management of security contexts at idle mode mobility between different wireless communication systems
CN102316043B (en) Port virtualization method, switch and communication system
US20210153022A1 (en) Radio access capabilities of a wireless device
EP3606014A1 (en) Detecting hardware address conflicts in computer networks
US10621399B2 (en) QR image based device management
US20240097974A1 (en) Generating and utilizing provisioning templates to provision voice, video, and data communication services
US10380005B2 (en) System and method for production testing of an application
JP2023179692A (en) Processing method and equipment
CN104468389A (en) Message processing method, servers and server system
WO2016082185A1 (en) Access isolation method and apparatus
KR20220104241A (en) Network working methods, devices, equipment and storage media
JP2019533221A (en) Method and device for resource reconfiguration
WO2023116680A1 (en) Fault detection method, signal processing apparatus, and control apparatus
US20230239296A1 (en) Preventing malicious processes by validating the command authority of commands between network equipment
US8417220B2 (en) Method, apparatus and computer program product for security configuration coordination during a cell update procedure
US11429593B2 (en) Maintaining a shared state among networked computing devices using a shared data store
US9485670B2 (en) Method, apparatus and computer program product for security configuration coordination during a cell update procedure
CN103226532A (en) Data processing system and method
WO2020078406A1 (en) Method and device for allocating traffic resources to mobile device
EP2523420B1 (en) Method, apparatus and computer program product for security configuration coordination during a cell update procedure
WO2024041069A1 (en) Interference suppression method and system, and terminal and base station

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14907055

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14907055

Country of ref document: EP

Kind code of ref document: A1