CN109753347A - A kind of system and method for realizing driving - Google Patents
A kind of system and method for realizing driving Download PDFInfo
- Publication number
- CN109753347A CN109753347A CN201711078956.3A CN201711078956A CN109753347A CN 109753347 A CN109753347 A CN 109753347A CN 201711078956 A CN201711078956 A CN 201711078956A CN 109753347 A CN109753347 A CN 109753347A
- Authority
- CN
- China
- Prior art keywords
- interrupt
- driver
- space
- interrupt processing
- user space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000012545 processing Methods 0.000 claims abstract description 87
- 230000006870 function Effects 0.000 claims abstract description 57
- 238000013507 mapping Methods 0.000 claims abstract description 17
- 230000004913 activation Effects 0.000 abstract 1
- 238000011161 development Methods 0.000 description 8
- 230000010354 integration Effects 0.000 description 6
- 230000004044 response Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
- Diaphragms For Electromechanical Transducers (AREA)
- Vehicle Body Suspensions (AREA)
- Control Of Multiple Motors (AREA)
Abstract
This application discloses a kind of system and methods for realizing driving, comprising: in the attribute of user's space configuration driven TA;When kernel spacing load driver program, the attribute of parsing driving TA, to complete distribution resource, registration driving, by least one function in equipment physical address map to corresponding virtual address space.By scheme provided by the present application, the code of driver does not need to carry out integrated processing with OS again in user's space, fully achieves and carries out developing integrated and management to the driver of user in the form of TA.Also, it is not necessary to using information such as the memory mappings of sysfs record user's space driving, the activation bit of all user's spaces all only in the TA of driving and in the memory of TEE dynamic operation, therefore not will cause information leakage, ensure that the safety of driver.
Description
Technical Field
The present application relates to, but not limited to, computer technology, and more particularly, to a system and method for implementing a driver.
Background
At present, in implementation of a driver, taking an example of implementing an input/output interface (UIO) driver of a user space in a Linux kernel (Linux kernel), the user space (userpace) of the UIO implements mmap () for processing mapping of a device memory. If the driver of the UIO waits for an interrupt in the user space, the driver needs to simply block the read () operation of/dev/uioX, and the kernel space (Kernelspace) of the UIO driver still needs to set an interrupt processing function, so that when the device generates an interrupt, the kernel space responds to the interrupt, the interrupt calculator adds 1, and the read () operation immediately returns. In addition, the driver of the UIO implements the poll () system call, and can wait for an interrupt to occur using the select () function. Registered UIO devices will appear under/sys/class/uioX and control of the devices can be accomplished by reading and writing files under/sys/class/uioX.
In the scheme of implementing the UIO driver for the user space in the Linux kernel in the related art, on one hand, a part of the driver still runs in the kernel space, and therefore, the driver for the user space cannot be developed and integrated in a secure Application (TA) manner, and dynamic installation and upgrade cannot be performed by using a Trusted Application Management (TAM) program. On the other hand, functions such as calling mmap (), driver registration, and the like, which need to be displayed by a developer of a driver, increase the complexity of design, and are not suitable for use in a small Operating System (OS), and information in sysfs has a problem of security leakage and is not suitable for use in a Trusted Execution Environment (TEE); moreover, the waiting (wait) of the user space for an interrupt is not uniform with the development behavior of the original non-UIO driver on the read operation of the device, and the understanding complexity is undoubtedly increased for the initial developer.
Disclosure of Invention
In order to solve the above technical problems, the present invention provides a system and method for implementing driver, which can manage the driver of the user in a TA manner and greatly reduce the complexity of program development.
In order to achieve the object of the present invention, the present invention provides a system for implementing driving, comprising: user space and kernel space, wherein, be provided with in the user space: a first trusted execution environment internal application programming interface, a secure application, and a driver; the inner core space is provided with: the internal application programming interface of the second trusted execution environment, the trusted execution environment framework and the secure operating system; wherein,
the driver is configured with an attribute for driving the security application;
the first trusted execution environment internal application programming interface and the second trusted execution environment internal application programming interface are used for realizing mutual calling inside a user space, inside a kernel space and between the user space and the kernel space;
and the trusted execution environment framework analyzes and drives the attribute of the security application when the driver is loaded based on the security operating system so as to complete at least one function of allocating resources, registering a driver and mapping a device physical address to a corresponding virtual address space.
Optionally, the kernel space further includes: a user space driven framework;
the trusted execution environment framework is further to: when the interrupt driven by the user space needs to be registered, establishing a single interrupt processing thread for a driver which needs to respond to the interrupt;
the user space driving framework is used for storing the corresponding relation among the interrupt processing thread established by the trusted execution environment framework, the interrupt processing function in the user space and the interrupt number of the interrupt, and the interrupt processing function which is commonly used by the registered user space driving equipment is called by the internal application programming interface of the second trusted execution environment; when an interrupt is generated, the user space driving framework calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address of the user space interrupt processing function to the woken-up interrupt processing thread.
The application also provides a method for realizing driving, which comprises the following steps:
when the kernel space loads the driver, the attribute of the driver security application is analyzed to complete at least one function of allocating resources, registering the driver and mapping the physical address of the device to the corresponding virtual address space, wherein the attribute of the driver security application is configured in the user space.
Optionally, the method further comprises:
when the interrupt driven by the user space needs to be registered, the kernel space establishes a single interrupt processing thread for a driver program to which the interrupt needs to respond;
the kernel space stores the corresponding relation of the established interrupt processing thread, the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function which is universal for the user space driving equipment;
when an interrupt is generated, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address for driving the user space interrupt processing function to the woken-up interrupt processing thread.
The present application further provides a computer-readable storage medium storing computer-executable instructions for performing any one of the methods of implementing a driver.
The present application further provides an apparatus for implementing driving, comprising a memory and a processor, wherein the memory stores the following instructions executable by the processor: when the kernel space loads the driver, the attribute of the driver security application is analyzed to complete at least one function of allocating resources, registering the driver and mapping the physical address of the device to the corresponding virtual address space, wherein the attribute of the driver security application is configured in the user space.
Optionally, the memory further stores the following instructions executable by the processor:
when the interrupt driven by the user space needs to be registered, the kernel space establishes a single interrupt processing thread for a driver program to which the interrupt needs to respond; the kernel space stores the corresponding relation of the established interrupt processing thread, the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function universal to the user space driving equipment; when an interrupt is generated, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address for driving the user space interrupt processing function to the woken-up interrupt processing thread.
The technical scheme at least comprises the following steps: configuring the attribute of a driving TA in a user space; when the kernel space loads the driver, the attribute of the driver TA is analyzed to complete at least one function of allocating resources, registering the driver and mapping the physical address of the device to the corresponding virtual address space. According to the scheme provided by the application, the codes of the driver are all in the user space, and the driver is not required to be integrated with the OS, so that the driver of the user is completely developed, integrated and managed in a TA (timing advance) mode. Moreover, information such as memory mapping of user space drive does not need to be recorded by using sysfs, and all the drive information of the user space is only in the TA of the drive and the memory of the TEE in dynamic operation, so that information leakage is avoided, and the safety of a drive program is ensured.
Optionally, the present application further includes: when registering the interrupt driven by the user space, the kernel space establishes a single interrupt processing thread for the TA of the drive which needs to respond to the interrupt; the kernel space stores the established interrupt processing thread, the corresponding relation between the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function which is universal for the user space driving equipment; when an interrupt is generated, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address for driving the user space interrupt processing function to the woken-up interrupt processing thread. In the scheme for realizing the driver, on one hand, codes of the interrupt driver are all in a user space, and do not need to be integrated with an OS, so that development, integration and management of the driver of the user in a TA form are completely realized. On the other hand, the interrupt registration can still adopt a scheme of calling an interrupt registration API, so that a user does not need to sense an internal processing flow; only the single high-priority thread is needed to process the interrupt, so that the timeliness of interrupt response is ensured to the maximum extent.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the claimed subject matter and are incorporated in and constitute a part of this specification, illustrate embodiments of the subject matter and together with the description serve to explain the principles of the subject matter and not to limit the subject matter.
FIG. 1 is a schematic diagram of the system for implementing the driving according to the present application;
fig. 2 is a flowchart of a method for implementing driving according to the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more apparent, embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
In one exemplary configuration of the present application, a computing device includes one or more processors (CPUs), input/output interfaces, a network interface, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
Trusted Execution Environment (TEE) ensures that sensitive data is stored, processed, and protected in an isolated, trusted environment through isolation of hardware. TEE is widely used in various security applications such as payment, fingerprinting, and digital rights protection (DRM). The TEE realizes a driver in a user space, can meet the requirement of higher security level, and meanwhile, the driver of the user can be developed, integrated and managed in a mode of running a secure Application (TA) inside the TEE.
Fig. 1 is a schematic diagram of a system for implementing a driver according to the present application, and as shown in fig. 1, the system includes a user space and a kernel space, where the user space at least includes: a first TEE Internal (Internal) Application Programming Interface (API), a secure Application (TA), and a driver such as driver TA; the kernel space is at least provided with: a second TEE Internal API, a TEE Framework (Framework), and a Secure operating system (Secure OS); wherein,
and the first TEE Internal API and the second TEE Internal API are used for realizing mutual calling inside the user space, inside the kernel space and between the user space and the kernel space. Such as: the TA calls a first TEE Internal AP, a first TEE Internal API of a user space calls a second TEE Internal API of the kernel space through syscall, so that the second TEE Internal API can call interfaces of other modules of the kernel space.
The attributes of the driver TA are configured in the driver TA, such as: the name of the drive, the physical address to be mapped and the corresponding virtual address, etc.
The configuration mode is similar to the attribute configuration mode of the ordinary TA. These properties are placed in a special section at compile time.
The driving TAs include one or more than one, and a TA of a third party may correspond to one driving TA.
And the TEE framework analyzes the attribute of the driver TA when loading the driver based on the secure OS so as to finish at least one function of allocating resources, registering the driver and mapping the physical address of the equipment to the corresponding virtual address space.
In the framework for realizing the driver, codes of the driver are all in the driver TA of the user space, and the driver TA does not need to be integrated with the OS, so that the driver of the user is completely developed, integrated and managed in the TA form. Moreover, information such as memory mapping of user space drive does not need to be recorded by using sysfs, and all the drive information of the user space is only in the TA of the drive and the memory of the TEE in dynamic operation, so that information leakage is avoided, and the safety of a drive program is ensured.
Through the framework for realizing the drive, relevant functions such as calling mmap (), registration of the drive and the like displayed by a developer of the drive are not needed, and only the attribute of the drive TA is simply configured and is consistent with the development mode of the common TA as much as possible, so that the workload of a third-party drive developer is reduced; in addition, the participation of sysfs is not needed, the hidden danger of no drive information leakage is realized, and the safety of a drive program is ensured. The TA mode of the driver of the third party is integrated into the TEE, so that the dynamic update by adopting the TAM mode is realized, and the integration cost of the driver is reduced.
Optionally, the kernel space further includes: a user space driver framework (userpace driver framework); accordingly, the number of the first and second electrodes,
the TEE framework is also used to: when an external developer such as a driver needs to register the interrupt driven by a user space, establishing a single interrupt processing thread for a TA (timing advance) driven by the interrupt needing to be responded;
the user space driver framework is used for storing the corresponding relation among the interrupt processing thread established by the TEE framework, the interrupt processing function in the user space and the interrupt number of the registered interrupt, and the interrupt processing function which is commonly used by the registered user space driver equipment is called by a second TEE Internal API of the TEE kernel space; when an interrupt occurs, a general interrupt processing function is called, then the corresponding interrupt processing thread is awakened according to the interrupt number corresponding to the generated interrupt in the corresponding relation, and the entry address of the interrupt processing function driving the user space is transmitted to the awakened interrupt processing thread.
Thus, the interrupt handling thread switches to an interrupt handling function that drives user space and handles the interrupt.
In the system for realizing the drive, the codes of the interrupt drive program are all in the drive TA of the user space, and the integrated processing with the OS is not needed, so that the development, integration and management of the drive program of the user in the TA form are completely realized.
By the system for realizing the drive, the interrupt registration can still adopt a scheme of calling the interrupt registration API, so that a user does not need to sense an internal processing flow; when an interrupt is generated, the interrupt is processed only by utilizing the single high-priority thread, so that the timeliness of interrupt response is ensured to the maximum extent.
That is to say, through the system for implementing the driver provided by the present application, it is not necessary for the developer of the driver to perceive the operations such as memory mapping, registration driving, and waiting for the device read operation in response to the interrupt of the user space.
Fig. 2 is a flowchart of a method for implementing driving according to the present application, as shown in fig. 2, including:
step 200: the attributes of the driver TAs are configured in user space.
Optionally, attributes include, but are not limited to: the name of the drive, the physical address to be mapped and the corresponding virtual address, etc.
The configuration mode is similar to the attribute configuration mode of the ordinary TA. These properties are placed in a special section at compile time.
The driving TAs include one or more than one, and a TA of a third party may correspond to one driving TA.
Step 201: based on the secure OS, when the kernel space loads the driver, the attribute of the driver TA is analyzed to complete at least one function of allocating resources, registering the driver, and mapping the device physical address to the corresponding virtual address space.
In the method for realizing the driver, the codes of the driver are all in the driver TA of the user space, and the driver TA does not need to be integrated with the OS, so that the driver of the user is completely developed, integrated and managed in the TA form. Moreover, information such as memory mapping of user space drive does not need to be recorded by using sysfs, and all the drive information of the user space is only in the TA of the drive and the memory of the TEE in dynamic operation, so that information leakage is avoided, and the safety of a drive program is ensured.
Through the method for realizing the drive, relevant functions such as calling mmap (), registering of the drive and the like displayed by a developer of the drive are not needed, only the attribute of the drive TA is simply configured, and the attribute is consistent with the development mode of the common TA as much as possible, so that the workload of a third-party drive developer is reduced; in addition, the participation of sysfs is not needed, the hidden danger of no drive information leakage is realized, and the safety of a drive program is ensured. The TA mode of the driver of the third party is integrated into the TEE, so that the dynamic update by adopting the TAM mode is realized, and the integration cost of the driver is reduced.
The method for realizing the driving further comprises the following steps:
when the interrupt of the user space driver needs to be registered, the kernel space establishes a single interrupt processing thread for the TA of the driver which needs to respond to the interrupt;
the kernel space stores the established interrupt processing thread, the corresponding relation between the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function which is universal for the user space driving equipment;
when an interrupt is generated, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address for driving the user space interrupt processing function to the woken-up interrupt processing thread.
Thus, the interrupt handling thread switches to an interrupt handling function that drives user space and handles the interrupt.
In the method for realizing the drive, the codes of the interrupt drive program are all in the drive TA of the user space, and the integrated processing with the OS is not needed, so that the development, integration and management of the drive program of the user in the TA form are completely realized.
By the method for realizing the drive, the interrupt registration can still adopt a scheme of calling the interrupt registration API, so that a user does not need to sense an internal processing flow; when an interrupt is generated, the interrupt is processed only by utilizing the single high-priority thread, so that the timeliness of interrupt response is ensured to the maximum extent.
That is to say, through the method for implementing the driver provided by the present application, it is not necessary for the developer of the driver to perceive the operations such as memory mapping, registration driving, and waiting for the device read operation in response to the interrupt of the user space.
In practical applications, to ensure security, many drivers are configured to be accessible only to the TEE, such as encryption engines, in which case they need to be integrated in the TEE. By utilizing the framework and the method for realizing the drive, the drive programs of the third party can be integrated in the user space under the requirement of high security level, so that errors (bugs) of the drive programs of the third party can not cause the TEE to have bugs and be attacked by people; the driver crash (crash) can not cause the whole TEE crash, and the development and debugging of a developer of the driver are facilitated. Meanwhile, by utilizing the framework and the method for realizing the driver, the driver is integrated in a TA mode, so that the development and integration of the driver are facilitated, and the operations of dynamic installation, deletion, updating and the like of the driver by using the TAM are facilitated.
The application also provides a computer-readable storage medium storing computer-executable instructions for executing any one of the above methods for implementing the driver.
The application also provides a device for realizing the driving, which comprises a memory and a processor, wherein the memory stores the following instructions which can be executed by the processor: when the kernel space loads the TA, analyzing the attribute of the driver TA to finish at least one function of allocating resources, registering the driver and mapping the physical address of the equipment to the corresponding virtual address space, wherein the attribute of the driver security application is configured in the user space.
Optionally, the memory further stores the following instructions executable by the processor:
when registering the interrupt driven by the user space, the kernel space establishes a single interrupt processing thread for the TA of the drive which needs to respond to the interrupt; the kernel space stores the established interrupt processing thread, drives the corresponding relation between the interrupt processing function in the user space and the interrupt number of the interrupt, and registers the interrupt processing function which is universal for the user space driving equipment; when an interrupt is generated, the kernel space wakes up the corresponding interrupt processing thread according to the interrupt number, and transmits the entry address of the interrupt processing function of the driving user space to the woken-up interrupt processing thread.
Although the embodiments disclosed in the present application are described above, the descriptions are only for the convenience of understanding the present application, and are not intended to limit the present application. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims.
Claims (7)
1. A system for implementing a drive, comprising: user space and kernel space, wherein, be provided with in the user space: a first trusted execution environment internal application programming interface, a secure application, and a driver; the inner core space is provided with: the internal application programming interface of the second trusted execution environment, the trusted execution environment framework and the secure operating system; wherein,
the driver is configured with an attribute for driving the security application;
the first trusted execution environment internal application programming interface and the second trusted execution environment internal application programming interface are used for realizing mutual calling inside a user space, inside a kernel space and between the user space and the kernel space;
and the trusted execution environment framework analyzes and drives the attribute of the security application when the driver is loaded based on the security operating system so as to complete at least one function of allocating resources, registering a driver and mapping a device physical address to a corresponding virtual address space.
2. The system of claim 1, wherein the kernel space further comprises: a user space driven framework;
the trusted execution environment framework is further to: when the interrupt driven by the user space needs to be registered, establishing a single interrupt processing thread for a driver which needs to respond to the interrupt;
the user space driving framework is used for storing the corresponding relation among the interrupt processing thread established by the trusted execution environment framework, the interrupt processing function in the user space and the interrupt number of the interrupt, and the interrupt processing function which is commonly used by the registered user space driving equipment is called by the internal application programming interface of the second trusted execution environment; when an interrupt is generated, the user space driving framework calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address of the user space interrupt processing function to the woken-up interrupt processing thread.
3. A method of implementing a drive, comprising:
when the kernel space loads the driver, the attribute of the driver security application is analyzed to complete at least one function of allocating resources, registering the driver and mapping the physical address of the device to the corresponding virtual address space, wherein the attribute of the driver security application is configured in the user space.
4. The method of claim 3, further comprising:
when the interrupt driven by the user space needs to be registered, the kernel space establishes a single interrupt processing thread for a driver program to which the interrupt needs to respond;
the kernel space stores the corresponding relation of the established interrupt processing thread, the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function which is universal for the user space driving equipment;
when an interrupt is generated, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address for driving the user space interrupt processing function to the woken-up interrupt processing thread.
5. A computer-readable storage medium storing computer-executable instructions for performing the method of implementing a driver of any of the above claims 3-4.
6. An apparatus for implementing a drive, comprising a memory and a processor, wherein the memory has stored therein the following instructions executable by the processor: when the kernel space loads the driver, the attribute of the driver security application is analyzed to complete at least one function of allocating resources, registering the driver and mapping the physical address of the device to the corresponding virtual address space, wherein the attribute of the driver security application is configured in the user space.
7. The apparatus of claim 6, wherein the memory further has stored therein the following instructions executable by the processor:
when the interrupt driven by the user space needs to be registered, the kernel space establishes a single interrupt processing thread for a driver program to which the interrupt needs to respond; the kernel space stores the corresponding relation of the established interrupt processing thread, the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function universal to the user space driving equipment; when an interrupt is generated, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address for driving the user space interrupt processing function to the woken-up interrupt processing thread.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711078956.3A CN109753347B (en) | 2017-11-06 | 2017-11-06 | System and method for realizing driving |
| TW107131126A TWI783034B (en) | 2017-11-06 | 2018-09-05 | System and method for implementing drive |
| PCT/CN2018/111815 WO2019085811A1 (en) | 2017-11-06 | 2018-10-25 | System and method for implementing driving |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711078956.3A CN109753347B (en) | 2017-11-06 | 2017-11-06 | System and method for realizing driving |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109753347A true CN109753347A (en) | 2019-05-14 |
| CN109753347B CN109753347B (en) | 2023-03-21 |
Family
ID=66332819
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711078956.3A Active CN109753347B (en) | 2017-11-06 | 2017-11-06 | System and method for realizing driving |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN109753347B (en) |
| TW (1) | TWI783034B (en) |
| WO (1) | WO2019085811A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116049809A (en) * | 2022-06-14 | 2023-05-02 | 荣耀终端有限公司 | A kind of drive calling method and device |
| WO2023134376A1 (en) * | 2022-01-17 | 2023-07-20 | 荣耀终端有限公司 | Information processing method and apparatus |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110399235B (en) | 2019-07-16 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Multithreading data transmission method and device in TEE system |
| CN110442462B (en) | 2019-07-16 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Multithreading data transmission method and device in TEE system |
| US10699015B1 (en) | 2020-01-10 | 2020-06-30 | Alibaba Group Holding Limited | Method and apparatus for data transmission in a tee system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030172109A1 (en) * | 2001-01-31 | 2003-09-11 | Dalton Christoper I. | Trusted operating system |
| WO2006115533A2 (en) * | 2005-04-22 | 2006-11-02 | Microsoft Corporation | Protected computing environment |
| CN1988534A (en) * | 2005-12-23 | 2007-06-27 | 联想(北京)有限公司 | Credible computing platform and method for access TPM service under kernel state |
| CN102193862A (en) * | 2010-03-10 | 2011-09-21 | 微软公司 | Testing user interfaces in multiple execution environments |
| CN103593189A (en) * | 2013-11-14 | 2014-02-19 | 昆明理工大学 | Method for implementing user mode drive program in embedded Linux |
| CN103679006A (en) * | 2013-10-25 | 2014-03-26 | 华为技术有限公司 | Method and device for operating drive program |
| CN106936774A (en) * | 2015-12-29 | 2017-07-07 | 中国电信股份有限公司 | Authentication method and system in credible performing environment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200722992A (en) * | 2005-12-14 | 2007-06-16 | Inventec Corp | Physical memory testing method under Linux system |
| CN101453572A (en) * | 2007-11-30 | 2009-06-10 | 上海复旦上科多媒体有限公司 | Control method for multimedia show system equipment |
| CN106775833B (en) * | 2016-11-28 | 2021-03-16 | 青岛海信移动通信技术股份有限公司 | Device driver loading method, terminal and system |
| CN107247578A (en) * | 2017-06-12 | 2017-10-13 | 北京奇虎科技有限公司 | Configuration parameter storage method and device |
-
2017
- 2017-11-06 CN CN201711078956.3A patent/CN109753347B/en active Active
-
2018
- 2018-09-05 TW TW107131126A patent/TWI783034B/en active
- 2018-10-25 WO PCT/CN2018/111815 patent/WO2019085811A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030172109A1 (en) * | 2001-01-31 | 2003-09-11 | Dalton Christoper I. | Trusted operating system |
| WO2006115533A2 (en) * | 2005-04-22 | 2006-11-02 | Microsoft Corporation | Protected computing environment |
| CN1988534A (en) * | 2005-12-23 | 2007-06-27 | 联想(北京)有限公司 | Credible computing platform and method for access TPM service under kernel state |
| CN102193862A (en) * | 2010-03-10 | 2011-09-21 | 微软公司 | Testing user interfaces in multiple execution environments |
| CN103679006A (en) * | 2013-10-25 | 2014-03-26 | 华为技术有限公司 | Method and device for operating drive program |
| CN103593189A (en) * | 2013-11-14 | 2014-02-19 | 昆明理工大学 | Method for implementing user mode drive program in embedded Linux |
| CN106936774A (en) * | 2015-12-29 | 2017-07-07 | 中国电信股份有限公司 | Authentication method and system in credible performing environment |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023134376A1 (en) * | 2022-01-17 | 2023-07-20 | 荣耀终端有限公司 | Information processing method and apparatus |
| CN116484438A (en) * | 2022-01-17 | 2023-07-25 | 荣耀终端有限公司 | Information processing method and device |
| CN116049809A (en) * | 2022-06-14 | 2023-05-02 | 荣耀终端有限公司 | A kind of drive calling method and device |
| CN116049809B (en) * | 2022-06-14 | 2023-11-07 | 荣耀终端有限公司 | A driver calling method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| TWI783034B (en) | 2022-11-11 |
| TW201923568A (en) | 2019-06-16 |
| WO2019085811A1 (en) | 2019-05-09 |
| CN109753347B (en) | 2023-03-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109753347B (en) | System and method for realizing driving | |
| US9443079B2 (en) | Application execution in a restricted application execution environment | |
| US9058197B2 (en) | Method for sharing memory of virtual machine and computer system using the same | |
| CN111736838A (en) | A kind of cross-language compilation method and device | |
| US10102154B2 (en) | Protected memory area | |
| CN114327777B (en) | Method and device for determining global page directory, electronic equipment and storage medium | |
| CN114691391A (en) | Super-calling method and device for kernel mode program of enhanced packet filter | |
| US20160321116A1 (en) | Translating operating system processes | |
| CN109582453A (en) | The method, apparatus and electronic equipment of coordinated scheduling between multisystem | |
| US12164675B2 (en) | Capability management method and computer device | |
| CN110837446A (en) | Equipment management method and device applied to embedded system, medium and embedded equipment | |
| CN112148709A (en) | Data migration method, system and storage medium | |
| EP4320535B1 (en) | Controlled data access via container visible location | |
| KR20100110710A (en) | Method for simplifying interfaces having dynamic libraries | |
| US8788785B1 (en) | Systems and methods for preventing heap-spray attacks | |
| CN114416402A (en) | Information transmission method, terminal device and storage medium | |
| CN105844151B (en) | File storage protection implementation method and system | |
| US20250021327A1 (en) | Delta patching for shared libraries | |
| US20110041134A1 (en) | Pluggable component interface | |
| CN112347058B (en) | A method, system and device for data encryption and decryption | |
| CN115617496B (en) | Method, device, electronic equipment and medium for communication between user mode and kernel mode | |
| CN114327980B (en) | Method and device for obtaining thread crash address | |
| CN119376946A (en) | Data processing equipment management system and method, electronic equipment and storage medium | |
| CN117932589A (en) | Authority management method and related device | |
| KR20070030041A (en) | Memory Management Method of Mobile Communication Terminal Using Paging Technique |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |