[go: up one dir, main page]

CN113553107A - Method for guaranteeing secondary development real-time performance by using ARMv8 interrupt packet routing mechanism - Google Patents

Method for guaranteeing secondary development real-time performance by using ARMv8 interrupt packet routing mechanism Download PDF

Info

Publication number
CN113553107A
CN113553107A CN202110695450.7A CN202110695450A CN113553107A CN 113553107 A CN113553107 A CN 113553107A CN 202110695450 A CN202110695450 A CN 202110695450A CN 113553107 A CN113553107 A CN 113553107A
Authority
CN
China
Prior art keywords
interrupt
secure
armv8
cpu
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110695450.7A
Other languages
Chinese (zh)
Inventor
陈小杰
张晓凤
苏雪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Unittec Co Ltd
Original Assignee
Unittec Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Unittec Co Ltd filed Critical Unittec Co Ltd
Priority to CN202110695450.7A priority Critical patent/CN113553107A/en
Publication of CN113553107A publication Critical patent/CN113553107A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/545Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for ensuring the real-time performance of secondary development by utilizing an ARMv8 interrupt packet routing mechanism, which comprises the following steps: step S1, starting the external device, and initializing the CPU of ARMv 8; step S2, after the initialization of the operating system is completed, the real-time program is started, the CPU informs the EL3 to set the unused interrupt numbers of the two parties as Group0, and the corresponding interrupt processing function is one of error reporting and illegal use prompting or Ignore returning; step S3, when the safety processing program is needed, calling an interface provided by an operating system, and installing a corresponding interrupt function; step S4, judging the running state of the safety program; when the security program is running normally: for the pre-designed interrupt, when the interrupt comes temporarily, the interrupt can be captured and processed by the operating system normally; for non-pre-programmed interrupts, when the interrupt comes on, it will be captured by the EL3 program, generating an alarm or ignore. The scheme fully ensures the real-time performance of the system when the performance of the system is not reduced and the requirement of the other party is met.

Description

Method for guaranteeing secondary development real-time performance by using ARMv8 interrupt packet routing mechanism
Technical Field
The invention relates to the technical field of computer bottom development, in particular to a method for guaranteeing the instantaneity of secondary development by utilizing an ARMv8 interrupt packet routing mechanism.
Background
The ARMv8 supports four operation permission levels of EL 0-EL 3, wherein the larger the number is, the higher the permission is; the EL grade with high authority can modify and set the configuration of the lower grade, but the EL grade with low authority can not modify and read the setting of the higher grade; when the CPU of the ARMv8 is started, the CPU works at the highest authority of the EL3, and is switched to a low EL level according to the requirement, and operating systems such as Linux and VxWorks are all operated on the EL 1. Meanwhile, ARMv8 divides the interrupt into three types of Group0, Secure Group1 and Non-Secure Group1, wherein the Group0 interrupt is fixed in the EL3 to operate, the Secure Group1 can work in the Secure EL1 or the Secure EL2, and the Non-Secure Group1 works in the Non-Secure EL1 or the Non-Secure EL 2. Meanwhile, for each interrupt, any one of three types of Group0, Secure Group1 and Non-Secure Group1 can be configured.
The mode of operation of ARM v8 is as follows: EL0 (user state), EL1 (kernel state), EL2 (virtual machine/optional), EL3 (Monitor state Monitor/optional); each working state has different access rights, the CPU runs at ELx, the interrupt type is synchronous and asynchronous, and the synchronous middle section has 1 kind, syn; there are 3 kinds of asynchronous interrupts, irq, fiq, err.
For real-time programs which need to be subjected to secondary joint development (different departments and different manufacturers), due to the inconvenience of mutually opening source codes, the two parties usually work in the same high-authority CPU context environment and mutually agree on resources to use; or one party works in a limited CPU context environment (similar to a user mode), one party works in a high-authority CPU context environment (similar to a kernel mode), and the limited party carries out interface calling through a specified interface; the former has the disadvantages that because both sides work in the same CPU context environment, if both sides can use privilege instructions and access privilege registers, one side has the risk of improper use and interruption, which affects the real-time performance; for the latter, extra CPU overhead is required due to CPU context switching, which also affects the real-time performance of the program.
Disclosure of Invention
The invention aims to solve the problem of poor real-time performance in the process of secondary joint development of a system, and provides a method for ensuring the real-time performance of secondary development by utilizing an ARMv8 interrupt packet routing mechanism; by utilizing the characteristic that ARMv8 interrupts packet routing, programs needing secondary development or accessing other manufacturers can be effectively prevented from abusing interruption randomly, and the real-time performance of the system is fully guaranteed when the performance of the system is not reduced and the requirements of the opposite side are met.
In order to achieve the technical purpose, the method for ensuring the secondary development instantaneity by utilizing the ARMv8 packet routing interruption mechanism comprises the following steps:
step S1, starting the external device, and switching to Non-Secure EL1 to guide the operating system after the CPU initialization setting of ARMv8 is completed;
step S2, after the operating system is initialized, the real-time program is started, the CPU informs the EL3 to set the unused interrupt numbers of the two parties to be Group0 through the GICD _ IGROUPR and GICR _ IGROUPR registers, and the corresponding interrupt processing function is one of error reporting, illegal use prompting or Ignore returning;
step S3, when the safety processing program is needed, calling an interface provided by an operating system, and installing a corresponding interrupt function;
step S4, judging the running state of the safety program; when the security program is running normally:
for the pre-designed interrupt, when the interrupt comes temporarily, the interrupt can be captured and processed by the operating system normally;
for non-pre-programmed interrupts, when the interrupt comes on, it will be captured by the EL3 program, generating an alarm or ignore.
Preferably, in step S1, the CPU initialization setting of the ARMv8 includes the configuration of the GIC, which is configured to operate in two secure states or a single secure state through the configuration register GICD _ ctrl.ds;
when the value of GICD _ ctrl. ds is "0", two states, secure and non secure, are supported; the correspondingly supported group types are: group0, secure group1, non secure group 1;
when the value of GICD _ ctrl. ds is "1", one of secure or non secure states is supported; the correspondingly supported group types are: group0 and group 1.
Preferably, the GIC configuration includes defining a terminal type:
four interrupt types are defined, respectively: SGI, PPI, SPI and LPI;
wherein, the interrupt number of SGI is between 0 and 15, which is used for the mutual communication between the cores and the interrupt triggered by software;
the PPI has interrupt numbers between 16 and 31, is private for each core and is only used when the current core processes some services;
an interrupt signal production line triggered by peripheral equipment, wherein the interrupt number of the SPI is 32-1020;
LPI is based only on interrupts of message type.
Preferably, the CPU initialization setting of the ARMv8 further includes the configuration of the CPU, and security is configured through the SCR _ EL3 register; including secure EL1 interrupt, non secure EL1 interrupt, EL3 interrupt and their corresponding triggering modes;
wherein secure EL1 is interrupted:
when the current execution is at secure EL1, the triggering mode is irq;
when the current execution is non secure EL1, the trigger mode is fiq;
current execution is at EL3, then the trigger mode is fiq;
non secure EL1 interrupt:
currently executing in secure EL1, the trigger mode is fiq;
when the current execution is non secure EL1, the triggering mode is irq;
current execution is at EL3, then the trigger mode is fiq;
EL3 interrupts:
currently executing in secure EL1, the trigger mode is fiq;
when the current execution is non secure EL1, the trigger mode is fiq;
the current execution is at EL3, the trigger mode is fiq.
Preferably, the CPU initialization setup further includes sorting the interrupt priority with an arbiter within the register GICD _ CTLR and distributing the SPI and PPI interrupts into the arbiter and CPU-Interface modules.
Preferably, the CPU-Interface module is configured to determine whether the interrupt status is resolved and to which CPU the interrupt status is routed.
The invention has the beneficial effects that:
1. the safety is strong: because the mechanism is provided by the ARMv8 architecture, the abuse interruption of the real-time program accessed by secondary development can be effectively prevented;
2. the real-time performance is strong: the real-time program accessed by secondary development is also operated in Non-secure EL1 and has the same EL level with the operating system, and the expenses of calling the operating system interface and switching the process, such as Linux kernel state and user state, are avoided;
3. the applicability is strong: when initializing the ARMv8 GIC interrupt controller, each operating system sets each interrupt as the self-running EL grade in the initial stage and does not modify the interrupt subsequently; therefore, after the operating systems are initialized, the allowed interrupt numbers are set to Group0 through the EL3 program, and the operating systems can be adapted.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments, it should be understood that the specific embodiment described herein is only a preferred embodiment of the present invention, and is only used for explaining the present invention, and does not limit the scope of the present invention, and all other embodiments obtained by a person of ordinary skill in the art without making creative efforts shall fall within the scope of the present invention.
Example (b): the method for ensuring the secondary development instantaneity by utilizing the ARMv8 packet routing interruption mechanism comprises the following steps:
step S1, starting the external device, and switching to Non-Secure EL1 to guide the operating system after the CPU initialization setting of ARMv8 is completed;
step S2, after the operating system is initialized, the real-time program is started, the CPU informs the EL3 to set the unused interrupt numbers of the two parties to be Group0 through the GICD _ IGROUPR and GICR _ IGROUPR registers, and the corresponding interrupt processing function is one of error reporting, illegal use prompting or Ignore returning;
step S3, when the safety processing program is needed, calling an interface provided by an operating system, and installing a corresponding interrupt function;
step S4, judging the running state of the safety program; when the security program is running normally:
for the pre-designed interrupt, when the interrupt comes temporarily, the interrupt can be captured and processed by the operating system normally;
for non-pre-programmed interrupts, when the interrupt comes on, it will be captured by the EL3 program, generating an alarm or ignore.
The CPU initialization settings of the ARMv8 comprise the configuration of the GIC, and the GIC is configured to work in two secure states or a single secure state through a configuration register GICD _ CTRL.DS;
when the value of GICD _ ctrl. ds is "0", two states, secure and non secure, are supported; the correspondingly supported group types are: group0, secure group1, non secure group 1;
when the value of GICD _ ctrl. ds is "1", one of secure or non secure states is supported; the correspondingly supported group types are: group0 and group 1.
Including the definition of the terminal type in the GIC configuration:
four interrupt types are defined, respectively: SGI, PPI, SPI and LPI;
wherein, the interrupt number of SGI is between 0 and 15, which is used for the mutual communication between the cores and the interrupt triggered by software;
the PPI has interrupt numbers between 16 and 31, is private for each core and is only used when the current core processes some services;
an interrupt signal production line triggered by peripheral equipment, wherein the interrupt number of the SPI is 32-1020;
LPI is based only on interrupts of message type.
The CPU initialization setting of the ARMv8 further comprises the configuration of the CPU, and security is configured through an SCR _ EL3 register; including secure EL1 interrupt, non secure EL1 interrupt, EL3 interrupt and their corresponding triggering modes; wherein secure EL1 is interrupted:
when the current execution is at secure EL1, the triggering mode is irq; since a secure EL1 interrupt needs to be handled in secure EL1, it can be routed to FEL as long as scr.irq is set to 0;
when the current execution is non secure EL1, the trigger mode is fiq; since it needs to be handled by secure EL1, while EL3 has interrupt forwarding functionality, interrupts can be routed first to EL3 and then forwarded by EL3 to secure EL 1. So scr.fiq can be set to 1;
current execution is at EL3, then the trigger mode is fiq; at this point, FIQ needs to be set to 1, the interrupt is routed to EL3, and then forwarded to secure EL 1.
non secure EL1 interrupt:
currently executing in secure EL1, the trigger mode is fiq; since the interrupt is intended to be handled by the non secure EL1, the interrupt may be routed to EL3 before being forwarded to the non secure EL 1. Hence scr.fiq is set to 1;
when the current execution is non secure EL1, the triggering mode is irq; at this time, the interrupt is processed by the current EL, so scr.irq needs to be set to 0;
current execution is at EL3, then the trigger mode is fiq; at this point, the FIQ needs to be set to 1, the interrupt is routed to EL3, and then forwarded to non secure EL 1.
EL3 interrupts:
currently executing in secure EL1, the trigger mode is fiq; fix to 1 to route the interrupt to EL 3;
when the current execution is non secure EL1, the trigger mode is fiq; fix to 1 to route the interrupt to EL 3;
current execution is at EL3, then the trigger mode is fiq; fix is set to 1 to route the interrupt to EL 3.
The CPU initialization setting also comprises the steps of sequencing the interrupt priority by adopting an arbiter in a register GICD _ CTLR, and distributing the SPI and the PPI interrupt to the arbiter and a CPU-Interface module; the CPU-Interface module is used for judging whether the interrupt state is released and routing to which CPU.
The above-mentioned embodiments are the preferred embodiments of the method for guaranteeing the real-time performance of the second development by using the ARMv8 interrupt packet routing mechanism, and the scope of the present invention is not limited thereto, and the scope of the present invention includes and is not limited to the embodiments, and all equivalent changes made according to the shape and structure of the present invention are within the protection scope of the present invention.

Claims (6)

1. The method for guaranteeing the instantaneity of secondary development by utilizing the ARMv8 interrupt packet routing mechanism is characterized by comprising the following steps: the method comprises the following steps:
step S1, starting the external device, and switching to Non-Secure EL1 to guide the operating system after the CPU initialization setting of ARMv8 is completed;
step S2, after the operating system is initialized, the real-time program is started, the CPU informs the EL3 to set the unused interrupt numbers of the two parties to be Group0 through the GICD _ IGROUPR and GICR _ IGROUPR registers, and the corresponding interrupt processing function is one of error reporting, illegal use prompting or Ignore returning;
step S3, when the safety processing program is needed, calling an interface provided by an operating system, and installing a corresponding interrupt function;
step S4, judging the running state of the safety program; when the security program is running normally:
for the pre-designed interrupt, when the interrupt comes temporarily, the interrupt can be captured and processed by the operating system normally;
for non-pre-programmed interrupts, when the interrupt comes on, it will be captured by the EL3 program, generating an alarm or ignore.
2. The method for guaranteeing the secondary development real-time performance by using the ARMv8 interrupt packet routing mechanism according to claim 1, wherein:
in step S1, the CPU initialization setting of the ARMv8 includes the configuration of the GIC, and the GIC is configured to operate in two secure states or a single secure state through the configuration register GICD _ ctrl.ds;
when the value of GICD _ ctrl. ds is "0", two states, secure and non secure, are supported; the correspondingly supported group types are: group0, secure group1, non secure group 1;
when the value of GICD _ ctrl. ds is "1", one of secure or non secure states is supported; the correspondingly supported group types are: group0 and group 1.
3. The method for guaranteeing the secondary development real-time performance by using the ARMv8 interrupt packet routing mechanism according to claim 2, wherein: including the definition of the terminal type in the GIC configuration:
four interrupt types are defined, respectively: SGI, PPI, SPI and LPI;
wherein, the interrupt number of SGI is between 0 and 15, which is used for the mutual communication between the cores and the interrupt triggered by software;
the PPI has interrupt numbers between 16 and 31, is private for each core and is only used when the current core processes some services;
an interrupt signal production line triggered by peripheral equipment, wherein the interrupt number of the SPI is 32-1020;
LPI is based only on interrupts of message type.
4. The method for guaranteeing the secondary development real-time performance by using the ARMv8 interrupt packet routing mechanism according to claim 2, wherein:
the CPU initialization setting of the ARMv8 further comprises the configuration of the CPU, and security is configured through an SCR _ EL3 register; including secure EL1 interrupt, non secure EL1 interrupt, EL3 interrupt and their corresponding triggering modes;
wherein secure EL1 is interrupted:
when the current execution is at secure EL1, the triggering mode is irq;
when the current execution is non secure EL1, the trigger mode is fiq;
current execution is at EL3, then the trigger mode is fiq;
non secure EL1 interrupt:
currently executing in secure EL1, the trigger mode is fiq;
when the current execution is non secure EL1, the triggering mode is irq;
current execution is at EL3, then the trigger mode is fiq;
EL3 interrupts:
currently executing in secure EL1, the trigger mode is fiq;
when the current execution is non secure EL1, the trigger mode is fiq;
the current execution is at EL3, the trigger mode is fiq.
5. The method for guaranteeing secondary development real-time performance by using the ARMv8 interrupt packet routing mechanism according to claim 3, wherein: the CPU initialization setup also includes sorting the interrupt priority with an arbiter within the register GICD _ CTLR and distributing the SPI and PPI interrupts into the arbiter and CPU-Interface modules.
6. The method for guaranteeing secondary development real-time performance by using the ARMv8 interrupt packet routing mechanism according to claim 5, wherein: the CPU-Interface module is used for judging whether the interrupt state is released and routing to which CPU.
CN202110695450.7A 2021-06-23 2021-06-23 Method for guaranteeing secondary development real-time performance by using ARMv8 interrupt packet routing mechanism Pending CN113553107A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110695450.7A CN113553107A (en) 2021-06-23 2021-06-23 Method for guaranteeing secondary development real-time performance by using ARMv8 interrupt packet routing mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110695450.7A CN113553107A (en) 2021-06-23 2021-06-23 Method for guaranteeing secondary development real-time performance by using ARMv8 interrupt packet routing mechanism

Publications (1)

Publication Number Publication Date
CN113553107A true CN113553107A (en) 2021-10-26

Family

ID=78102300

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110695450.7A Pending CN113553107A (en) 2021-06-23 2021-06-23 Method for guaranteeing secondary development real-time performance by using ARMv8 interrupt packet routing mechanism

Country Status (1)

Country Link
CN (1) CN113553107A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105224403A (en) * 2015-09-17 2016-01-06 华为技术有限公司 A kind of interruption processing method and device
CN105247485A (en) * 2013-05-23 2016-01-13 Arm有限公司 A method and apparatus for interrupt handling
CN111414626A (en) * 2020-04-01 2020-07-14 中国人民解放军国防科技大学 TEE extension-based real-time guaranteeing method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105247485A (en) * 2013-05-23 2016-01-13 Arm有限公司 A method and apparatus for interrupt handling
CN105224403A (en) * 2015-09-17 2016-01-06 华为技术有限公司 A kind of interruption processing method and device
CN111414626A (en) * 2020-04-01 2020-07-14 中国人民解放军国防科技大学 TEE extension-based real-time guaranteeing method and system

Similar Documents

Publication Publication Date Title
KR100762388B1 (en) Low-overhead processor interfacing
CA2496064C (en) System, method and computer program product for monitoring and controlling network connections from a supervisory operating system
CN108647513B (en) TrustZone-based shared library security isolation method and system
US10318723B1 (en) Hardware-trusted network-on-chip (NOC) and system-on-chip (SOC) network function virtualization (NFV) data communications
CN106462508B (en) Access control and code scheduling
CN106034120B (en) method and system for multi-process access to trusted application
WO2006134691A1 (en) Information processing device, restoration device, program and restoration method
WO2006022161A1 (en) Information communication device, and program execution environment control method
CN111859395B (en) Communication optimization method and system on computing platform with TEE expansion
US8984659B2 (en) Dual trust architecture
CN106603498B (en) Event reporting method and device
CN112559117A (en) Timer processing method and device, electronic equipment and computer storage medium
CN113553107A (en) Method for guaranteeing secondary development real-time performance by using ARMv8 interrupt packet routing mechanism
CN108090376B (en) CAN bus data protection method and system based on TrustZone
CN110276214B (en) Dual-core trusted SOC architecture and method based on slave access protection
US6195715B1 (en) Interrupt control for multiple programs communicating with a common interrupt by associating programs to GP registers, defining interrupt register, polling GP registers, and invoking callback routine associated with defined interrupt register
TW202008159A (en) Circuitry system for processing interrupt priority
EP4134850A1 (en) Computer system, service processing method, readable storage medium, and chip
CN115248726A (en) Interrupt processing method and device, computer equipment and storage medium
CN114416408A (en) Interrupt processing method and device
WO2019012996A1 (en) Vehicle control device
WO2003075167A1 (en) Method and arrangement for virtual direct memory access
CN109190383B (en) Access instruction processing method, device and equipment
KR20000038091A (en) How to Handle Software Interrupts in Real-Time Operating Systems
CN117851988A (en) Application security reinforcement method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination