CN118444987A - Jailhouse non-root cell internal OS restart method, system and storage medium - Google Patents

Abstract

The present invention provides a jailhouse non-root cell internal OS restart method, system and storage medium, the OS restart method comprises the following steps: starting the non-root cell based on the jailhouse user mode tool to obtain a backup area; wherein the backup area does not belong to the memory area range accessible to the non-root cell, and the backup area has startup resources backed up; monitoring the operation instructions of the non-root cell at the hypervisor layer, and when the guest OS executes the reboot command, triggering the instruction, and falling into the jailhouse hyperviosr; when the hyperviosr layer receives the preset operation instruction, copying the guest startup resources from the backup area to the startup area, and executing the startup operation process. By backing up the startup resources, the internal restart of the non-root cell OS is realized without destroying the isolation of the jailhouse. At the same time, by monitoring the operation instructions of the non-root cell at the hypervisor layer, when the internal operation instructions of the non-root cell are issued, the instruction operation can be restricted and protected at the hypervisor layer, thereby enhancing the security and isolation of the OS.

Description

Jailhouse non-root cell internal OS restart method, system and storage medium

Technical Field

The present invention belongs to the field of computer technology, and in particular relates to a jailhouse non-root cell internal OS restart method, system and storage medium.

Background technique

Jailhouse is a virtualization tool for embedded systems, which places great emphasis on partitions. It has better real-time performance and better isolation security. It was developed by Siemens in Germany and started in November 2013. It is a Type 1 partition hypervisor that focuses on isolation rather than virtualization, and aims to create small, lightweight hypervisors for industrial applications. Jailhouse is loaded from Linux and requires Linux to provide a management interface, which makes the overall code size relatively small. But after startup, Jailhouse will fully control the hardware resources and divide the hardware resources into independent cells, which are completely dedicated to the Guest (inmate). There is a special cell called the root cell, which runs the Linux operating system.

In jailhouse, each cell (root cell/non-root cell) must be statically configured before startup. Non-root cells are managed in Linux. The kernel image, device tree, and file system that the guest OS in non-root cells rely on for startup need to be pre-loaded into the RAM space controlled by the non-root cell through Linux in the root cell. After the guest OS is started, this RAM space will be reset. Therefore, the guest OS in jailhouse non-root cell cannot be restarted through the reboot command like a general OS.

Summary of the invention

In order to overcome the deficiencies of the prior art, the present invention provides a jailhouse non-root cell internal OS restart method, system and storage medium to solve the problem in the prior art that the guest OS in the jailhouse non-root cell cannot be restarted by internally using a reboot command like a general OS.

One embodiment of the present invention provides a method for restarting an internal OS of a jailhouse non-root cell, comprising the following steps:

Based on the jailhouse user mode tool, the non-root cell is started to obtain a backup area; wherein the backup area does not belong to the memory area range accessible to the non-root cell, and the backup area backs up startup resources, and the startup resources include a guest OS kernel image, a device tree, and a file system;

Monitor the operation instructions of non-root cells at the hypervisor layer. When the guest OS executes the reboot command, the instruction is triggered and the system falls into the jailhouse hyperviosr.

When the hyperviosr layer receives the preset operation instruction, it copies the guest startup resources from the backup area to the startup area and executes the startup operation process.

The jailhouse non-root cell internal OS restart method provided by the present invention has the following beneficial effects: by backing up the startup resources, the internal restart of the non-root cell OS is realized without destroying the jailhouse isolation. Since the backup area does not belong to the memory area accessible to the non-root cell, it is ensured that the non-root cell will not change the memory block information of the backup area during operation. At the same time, by monitoring the operation instructions of the non-root cell at the hypervisor layer, when the internal operation instructions of the non-root cell are issued, the instruction operation can be restricted and protected at the hypervisor layer, thereby enhancing the security and isolation of the OS.

In one embodiment, starting a non-root cell based on a jailhouse user mode tool includes:

Based on the non-root cell configuration file and resource configuration file operations, the backup area is obtained;

During the non-root cell startup resource loading process, the memory area of the loaded resource is backed up to the backup area to obtain the guest startup resource.

In one embodiment, the backup area is obtained based on the non-root cell configuration file and the resource configuration file operation, including:

Add a memory configuration in the non-root cell configuration file to back up the resource files that the non-root cell os startup depends on;

In the resource configuration file, a memory block configuration is newly added, and a macro definition identifier is used to distinguish the usage of the memory block.

In one embodiment, backing up the memory area for loading resources to the backup area includes:

In the cell load_image loading process, add a branch process and load resources into the memory space.

In one of the embodiments, the process of loading resources into the memory space is repeated multiple times.

In one embodiment, monitoring the operation instructions of the non-root cell at the hypervisor layer includes:

Distinguish and process the received instructions to determine whether the instructions are relevant instructions;

The command is further subdivided. If it is a restart command, the restart command processing logic is added;

When receiving the restart sgi message, check whether there is a configured restart resource block in the configuration;

If it exists, perform memory space mapping on the restart-related physical blocks to obtain the virtual address;

If it does not exist, exit directly and prompt that the restart failed.

In one of the embodiments, a restart instruction processing logic is added, including: sending an sgi message to notify the rootcell to call the restart process code.

In one embodiment, the startup operation process is performed, including:

First determine whether the current cell is a non-root cell, obtain the cell pointer object from the list, send an SGI interrupt message, and suspend the CPU of the current cell of the root cell;

Unmap the JAILHOUSE_MEM_LOADABLE mem_region from the root cell;

Reset PCI, cell information, and device startup entry;

Restore the CPU and set the reset state to true.

One embodiment of the present invention further provides a system, comprising a microprocessor and a storage medium connected to each other, wherein the microprocessor is programmed or configured to execute the jailhouse non-root cell internal OS restart method as described in any one of the above items.

One embodiment of the present invention further provides a storage medium, wherein the storage medium stores a computer program, wherein the computer program is used to be programmed or configured by a microprocessor to execute the jailhouse non-root cell internal OS restart method as described in any one of the above items.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on the structures shown in these drawings without paying any creative work.

FIG1 is a schematic flow chart of a method for restarting an internal OS of a jailhouse non-root cell provided by one embodiment of the present invention;

FIG2 is a schematic diagram showing the working principle of a jailhouse non-root cell internal OS restart method provided by one embodiment of the present invention;

FIG3 is a schematic diagram of a sub-process of S100 in FIG1 ;

FIG4 is a schematic diagram of a sub-process of S200 in FIG1 ;

FIG. 5 is a schematic diagram showing the working principle of an electronic device provided by one embodiment of the present invention.

Detailed ways

The following will be combined with the drawings in the embodiments of the present invention to clearly and completely describe the technical solutions in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

It should be noted that if the embodiments of the present invention involve directional indications (such as up, down, left, right, front, back, etc.), the directional indications are only used to explain the relative position relationship, movement status, etc. between the components in a certain specific posture. If the specific posture changes, the directional indication will also change accordingly.

In addition, if there are descriptions involving "first", "second", etc. in the embodiments of the present invention, the descriptions of "first", "second", etc. are only used for descriptive purposes and cannot be understood as indicating or implying their relative importance or implicitly indicating the number of technical features indicated. Therefore, the features limited to "first" and "second" may explicitly or implicitly include at least one of the features. In addition, if "and/or" or "and/or" appears in the full text, its meaning includes three parallel schemes. Taking "A and/or B" as an example, it includes scheme A, or scheme B, or a scheme that satisfies both A and B. In addition, the technical solutions between the various embodiments can be combined with each other, but it must be based on the ability of ordinary technicians in this field to implement. When the combination of technical solutions is contradictory or cannot be implemented, it should be deemed that such a combination of technical solutions does not exist and is not within the scope of protection required by the present invention.

Referring to FIG. 1-4 , one embodiment of the present invention provides a method for restarting an OS in a jailhouse non-root cell, including the following steps:

S100, starting the non-root cell based on the jailhouse user mode tool to obtain a backup area; wherein the backup area does not belong to the memory area range accessible to the non-root cell, and the backup area backs up startup resources, and the startup resources include a guest OS kernel image, a device tree, and a file system;

In this embodiment, since the backup area does not belong to the memory area range accessible to the non-root cell, it is ensured that the non-root cell will not change the memory block information of the backup area during operation, thereby enhancing the security and isolation of the OS.

Referring to FIG. 3 , in one embodiment, starting a non-root cell based on a jailhouse user mode tool includes:

S110, based on the non-root cell configuration file and the resource configuration file, obtain a backup area; specifically, including:

S111, adding a memory configuration in the non-root cell configuration file, for backing up resource files that the non-root cell OS depends on for startup;

In this embodiment, a memory configuration is added to the configuration file of the non-root cell to back up the resource files required for the startup of the operating system of the non-root cell, which can be achieved by the following steps:

Open the configuration file of the non-root unit, which is usually a text file and may have a structure similar to JSON or INI format. Find the section about memory allocation in the configuration file; add a new entry in the memory section to specify the memory size and location required for the backup resource file. In this newly added "backup-region", make sure to set the appropriate size (size) and starting address (start) to ensure that there is enough space for the backup resource file. You may need to adjust the memory size and location according to actual conditions; save and close the configuration file. Next, during the startup process of the non-root unit, this backup memory area will be used to store the resource files required for the operating system to start, providing additional security and backup functions.

S112: Add a memory block configuration in the resource configuration file, and use a macro definition identifier to distinguish the usage of the memory block.

In this embodiment, adding a new memory block configuration to the resource configuration file and using a macro definition to identify the purpose can be achieved through the following steps: Open the resource configuration file, which is usually a text file that describes the layout and allocation of system hardware resources. Find the part that describes the memory resource allocation in the file, and in the memory block configuration, add a new macro definition to distinguish the purpose of this block of memory area. In this newly added configuration, add a field called "usage" to specify the purpose of the memory block. Here we use "BACKUP" as an example. You can customize a more specific purpose identification according to your needs, save and close the configuration file. In this way, when the system is running, the memory management module can identify and distinguish each memory area according to different purpose identifications, so as to more effectively manage and utilize system resources.

S120. During the non-root cell startup resource loading process, the memory area of the loaded resource is backed up to the backup area to obtain the guest startup resource.

In this embodiment, please refer to FIG. 2 , resource-load refers to the process of resource loading in a system or software. In the computer field, resource loading generally refers to the operation of loading various resources (such as library files, configuration files, images, audio, etc.) required for program execution from storage media (such as hard disk, network, etc.) into memory for program access and use. That is, in the loading process, resources are first loaded in the OS resource region, and the loaded resources are backed up in the bak_region, thereby realizing resource backup.

In one embodiment, backing up the memory area for loading resources to the backup area includes:

S121. In the cell load_image loading process, add a branch process and load resources into the memory space.

Specifically, the process of loading resources into the memory space may be repeated multiple times.

In this embodiment, since RTOS has only one bin image file, the loading process is generally only once, but Linux startup requires resources such as kernel image, device tree, file system, etc., so the loading process may occur multiple times.

Please refer to FIG. 3 , S200 , monitoring the operation instructions of the non-root cell at the hypervisor layer, when the guest OS executes the reboot command, the instruction is triggered and falls into the jailhouse hyperviosr;

In this embodiment, in the cell_create of the hypervisor layer, the mapping operation of the backup mem_region needs to be excluded. To ensure the isolation and independence of the memory block, the guest OS in the non-root cell cannot access the data of this memory block. This can improve the security and isolation of the system and prevent unauthorized access and data leakage. The method to achieve this goal includes the following steps:

Identify the backup memory area: In the cell_create function, you first need to clearly define and identify the specific memory area for backup.

Exclude backup memory area mapping: When creating a non-root unit, you need to exclude the mapping operation of the backup memory area, that is, do not map the backup memory area to the address space of the non-root unit.

Restrict access permissions: Ensure that the Guest OS in the non-root unit cannot directly access the backup memory area. This can be achieved by setting appropriate access permissions, memory mapping rules, or other security mechanisms.

Maintain isolation: Continuously monitor and maintain the isolation of the backup memory area to ensure that only authorized operations can access and modify the backup data, avoiding information leakage and security risks.

In one embodiment, monitoring the operation instructions of the non-root cell at the hypervisor layer includes:

S210, distinguishing and processing the received instructions to determine whether the instructions are relevant instructions;

Specifically, the following steps can be followed: Ensure that the Hypervisor layer can effectively monitor operation instructions from different sources, which can be achieved through interrupts, event polling or other methods. According to system design and needs, classify different types of instructions to distinguish relevant instructions from irrelevant instructions. Relevant instructions may be related to specific functions or security checks and require special processing. Write corresponding processing logic for received instructions. For relevant instructions, perform corresponding operations; for irrelevant instructions, ignore or perform default processing. Before processing instructions, perform instruction matching judgment to verify whether the received instructions are relevant instructions. Judgment can be made by comparing instruction content, operation code, etc. When processing relevant instructions, security factors must be considered to ensure that only authorized instructions will perform relevant operations to prevent the influence of malicious instructions. Log the received instructions and processing results for subsequent auditing and troubleshooting. Finally, conduct sufficient testing and verification to ensure that the classification and judgment logic of instructions are correct and can effectively identify and process relevant instructions.

S220, further subdividing the instruction, if it is a restart instruction, adding restart instruction processing logic;

In one of the embodiments, a restart instruction processing logic is added, including: S221, sending an sgi message to notify the root cell to call the restart process code.

In this embodiment, since the restart operation of the non-root cell needs to be controlled by the root cell, inter-core communication is required.

The following is a possible implementation method. Specifically: After receiving the instruction, further subdivide the instruction type to determine whether it is a restart instruction. Write the corresponding processing logic for the restart instruction. When processing the restart instruction, the particularity of cross-core restart must be taken into account to ensure that the restart process is completed safely and reliably. Use the inter-core communication mechanism provided by the system, such as SGI message (Software Generated Interrupt), to implement communication between the root unit and the non-root unit. When the non-root unit needs to perform a restart operation, it sends an SGI message to the root unit as a trigger signal. Implement the function of listening to SGI messages in the root unit. Once a restart request is received from a non-root unit, the root unit calls the corresponding restart process code according to the situation. After receiving the restart request, the root unit executes the restart process control according to the design requirements, which may include operations such as saving status, cleaning up resources, and resetting the system. When designing inter-core communication and restart processes, the security and reliability of the system must be considered to prevent unauthorized restart operations or unexpected situations from causing system abnormalities. Log the inter-core communication and restart process for subsequent tracking and troubleshooting, and monitor the communication status and execution results in real time.

S230, after receiving the restart sgi message, search in the configuration whether there is a configured restart resource block;

S240. If it exists, perform memory space mapping on the restart-related physical blocks to obtain the virtual address; to facilitate subsequent memory operations; wherein, the following steps can be followed: determine which physical blocks in the system are related to the restart, and these physical blocks may contain the status, data or other information required for the restart. Use appropriate kernel functions or methods to map these restart-related physical blocks to the virtual address space at the Hypervisor layer. Through the memory mapping operation, obtain the virtual address for accessing these physical blocks. After the mapping is completed, the system will return the virtual address for subsequent read and write operations on these physical blocks. Once the virtual address is obtained, necessary memory operations such as reading, writing or other processing can be performed in the non-root unit.

S250, if it does not exist, exit directly and prompt that the restart failed.

According to the needs, the following is a possible implementation step: after receiving the restart SGI message sent by the non-root unit, the root unit triggers the restart operation. According to the system design, it is checked whether there is a restart resource block configured in the configuration information. The restart resource block usually includes data, status and other information that need to be retained or restored during the restart process.

If there are configured restart resource blocks, it means that the system supports the use of these resource blocks to save the relevant data and status required for the restart operation; if the configuration is not found, it means that the complete restart operation cannot be performed. If there are configured restart resource blocks, continue to execute the restart process according to the configuration information, including operations such as saving and loading related resources. If the configured restart resource block is not found, exit the restart process immediately and send a failure notification to the root unit for further processing or recording the cause of the failure. Before performing a restart operation, the integrity and security of the data should be considered to ensure the legitimacy and correctness of the restart resource block to prevent potential vulnerabilities or data corruption. Record the execution of the restart operation, including the results of finding the restart resource block, whether the process continues successfully, and the final restart success or failure status, etc., for subsequent analysis and auditing.

S300: When the hyperviosr layer receives the preset operation instruction, it copies the guest startup resources from the backup area to the startup area and executes the startup operation process.

In this embodiment, after the information of the backup area is copied to the guest os ram space, the startup operation process is executed, wherein the startup code can refer to the existing cell_start code.

The following steps are usually required to copy the information in the backup area to the RAM (random access memory) space of the guest OS (client operating system): First, the location and content of the backup area need to be determined, including the physical block or storage device where the backup data is located. Use appropriate kernel functions or methods to map the physical block where the backup area is located to the virtual address space at the Hypervisor layer to obtain the virtual address of the backup area. Allocate a memory space of the corresponding size for the backup data in the Guest OS to store the data copied from the backup area. Through memory operations, copy the backup data from the virtual address of the backup area to the RAM space of the Guest OS. This can be achieved through simple memory copy operations or more advanced data transfer mechanisms. After the data is copied, verify the integrity of the data to ensure that the data is correctly copied to the RAM space. The consistency of the data can be verified by checksum or other verification algorithms.

In one embodiment, the startup operation process is performed, including:

S310, first determine whether the current cell is a non-root cell, obtain the cell pointer object from the list, send an SGI interrupt message, and suspend the CPU of the current cell of the root cell;

S320, unmap the JAILHOUSE_MEM_LOADABLE mem_region from the root cell;

S330, reset PCI, cell information, and device startup entry;

S340, restore the CPU and set the reset state to true.

The jailhouse non-root cell internal OS restart method provided by the present invention has the following beneficial effects: by backing up the startup resources, the internal restart of the non-root cell OS is realized without destroying the jailhouse isolation. Since the backup area does not belong to the memory area accessible to the non-root cell, it is ensured that the non-root cell will not change the memory block information of the backup area during operation. At the same time, by monitoring the operation instructions of the non-root cell at the hypervisor layer, when the internal operation instructions of the non-root cell are issued, the instruction operation can be restricted and protected at the hypervisor layer, thereby enhancing the security and isolation of the OS.

Please refer to FIG2 , the technical solution adopted by the present invention is specifically as follows:

1. The user starts the non-root cell through the jailhouse user mode tool;

2. During the resource loading process of the non-root cell startup, the memory area of the loaded resources (including the guest OS kernel image, device tree, file system, etc.) is backed up. The backup area does not belong to the memory area accessible to the non-root cell to ensure that the non-root cell will not change the memory block information of the backup area during operation. Among them, rootcell ram refers to the memory space in the root cell. In a virtualized environment, the root cell is usually the main control unit in the system, responsible for managing the resource allocation, scheduling and monitoring of the entire virtualization platform. Therefore, the memory in the root cell is one of the most important resources in the entire virtualization system. Non-root cell ram refers to the memory space in the non-root cell. In a virtualized environment, non-root cells refer to other virtualization units different from the root cell, which are usually used to host client operating systems or applications. OS resource region refers to the memory area in the operating system (OS) used to manage and allocate resources. In the design and implementation of the operating system, resource management is an important aspect, including the allocation and control of various resources such as memory, CPU time, devices, and file systems. bak_region refers to the backup area, which is used to back up the memory area where resources are loaded (including guest os kernel image, device tree, file system, etc.). Resource-load refers to the process of resource loading in the system or software. In the computer field, resource loading usually refers to the operation of loading various resources (such as library files, configuration files, images, audio, etc.) required for program execution from storage media (such as hard disk, network, etc.) into memory for program access and use. That is, during the loading process, resources are first loaded in the OSresource region, and the loaded resources are backed up to the bak_region; in addition, cpu_reset_address refers to the specific address that the CPU jumps to when performing a reset. When the CPU receives a reset signal, it will perform a series of operations to restore the system to its initial state. One of the key steps is to determine the address from which the CPU should start executing instructions.

3. Listen to the operation instructions of the non-root cell at the hypervisor layer. When the guest OS executes the reboot command, the instruction will be triggered and the system will fall into the jailhouse hyperviosr. Among them, OS restart refers to the process of restarting the operating system (OS). In a computer system, restarting the operating system means stopping the current running state of the operating system, reinitializing the system and reloading the operating system kernel so that it can start running from the beginning. (Tools) refers to tools, software or methods used to complete specific tasks or achieve specific purposes. In the computer field, tools can be various software programs, programming tools, debugging tools, etc., which are used to help developers, system administrators or users complete various operations and tasks. Jailhouse restaet refers to the restart operation in jailhouse virtualization.

4. The hyperviosr layer receives the restart operation instruction (or other triggering methods), copies the guest startup resources from the backup area to the startup area, and then executes the startup operation process.

RAM refers to Random Access Memory, which is a main type of memory used in computers to temporarily store data and programs. RAM is a volatile memory, which means that when the computer is turned off or the power is cut off, the data stored in it will be lost.

RAM is mainly used to store running programs, operating systems and related data, as well as temporary data that the processor needs to access quickly. Compared with permanent storage media such as hard disks, it has faster read and write speeds, allowing the computer to execute programs and process data faster.

The following are several important features and functions of RAM:

Temporary storage: RAM is used to temporarily store currently running programs and data, including operating systems, applications, and user data.

Faster access: Since RAM has faster read and write speeds, the processor can access data stored in RAM more quickly, thereby improving system performance.

Multitasking: RAM can store data for multiple programs at the same time, supporting multitasking, allowing users to run multiple applications at the same time.

Cache function: Part of the RAM is used as cache to store frequently used data and instructions to speed up access to these data and instructions.

Volatility: RAM is a volatile memory that loses data when power is removed or restarted, so it is not usually used for long-term data storage.

Expandability: The RAM capacity of a computer can be expanded by adding additional RAM modules to meet more memory needs.

One embodiment of the present invention further provides a computer system, comprising a microprocessor and a computer-readable storage medium connected to each other, wherein the microprocessor is programmed or configured to execute the jailhouse non-root cell internal OS restart method as described in any one of the above items.

One embodiment of the present invention further provides a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, wherein the computer program is used to be programmed or configured by a microprocessor to execute the jailhouse non-root cell internal OS restart method as described in any one of the above items.

One of the embodiments of the present invention further provides an electronic device, including: a processor and a memory, the memory is used to store computer program code, the computer program code includes computer instructions, when the processor executes the computer instructions, the electronic device executes the steps of the jailhouse non-root cell internal OS restart method as described above.

Please refer to FIG. 5 , which is a schematic diagram of the hardware structure of an electronic device provided by an embodiment of the present invention.

The electronic device 2 includes a processor 21, a memory 22, an input device 23, and an output device 24. The processor 21, the memory 22, the input device 23, and the output device 24 are coupled via a connector, and the connector includes various interfaces, transmission lines, or buses, etc., which are not limited in the embodiments of the present invention. It should be understood that in various embodiments of the present invention, coupling refers to mutual connection in a specific manner, including direct connection or indirect connection through other devices, for example, through various interfaces, transmission lines, buses, etc.

The processor 21 may be one or more graphics processing units (GPUs). When the processor 21 is a GPU, the GPU may be a single-core GPU or a multi-core GPU. Optionally, the processor 21 may be a processor group consisting of multiple GPUs, and the multiple processors are coupled to each other via one or more buses. Optionally, the processor may also be other types of processors, etc., which are not limited in the embodiments of the present invention.

The memory 22 can be used to store computer program instructions and various computer program codes including program codes for executing the scheme of the present invention. Optionally, the memory includes but is not limited to random access memory (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM), or portable read only memory (CD-ROM), which is used for related instructions and data.

The input device 23 is used to input data and/or signals, and the output device 24 is used to output data and/or signals. The output device 23 and the input device 24 can be independent devices or an integrated device.

It is understandable that in the embodiment of the present invention, the memory 22 can be used not only to store relevant instructions, and the embodiment of the present invention does not limit the specific data stored in the memory.

It is understandable that FIG5 only shows a simplified design of an electronic device. In practical applications, the electronic device may also include other necessary components, including but not limited to any number of input/output devices, processors, memories, etc., and all video analysis devices that can implement the embodiments of the present invention are within the protection scope of the present invention.

Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of the present invention.

Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working processes of the systems, devices and units described above can refer to the corresponding processes in the aforementioned method embodiments, and will not be repeated here. Those skilled in the art can also clearly understand that the descriptions of the various embodiments of the present invention have different focuses. For the convenience and brevity of description, the same or similar parts may not be repeated in different embodiments. Therefore, for parts not described or not described in detail in a certain embodiment, refer to the records of other embodiments.

In the several embodiments provided by the present invention, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

In the above embodiments, it can be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented by software, it can be implemented in whole or in part in the form of a computer program to be sealed. The computer program to be sealed includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the process or function described in the embodiment of the present invention is generated in whole or in part. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium or transmitted through the computer-readable storage medium. The computer instructions can be transmitted from a website site, computer, server or data center to another website site, computer, server or data center by wired (e.g., coaxial cable, optical fiber, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) mode. The computer-readable storage medium can be any available medium that a computer can access or a data storage device such as a server or data center that contains one or more available media integrations. The available medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a digital versatile disc (DVD)), or a semiconductor medium (eg, a solid state disk (SSD)).

A person skilled in the art can understand that to implement all or part of the processes in the above-mentioned embodiments, the processes can be completed by a computer program to instruct the relevant hardware, and the program can be stored in a computer-readable storage medium. When the program is executed, it can include the processes of the above-mentioned method embodiments. The aforementioned storage medium includes: a read-only memory (ROM) or a random access memory (RAM), a magnetic disk or an optical disk, and other media that can store program codes.

The above description is only a preferred embodiment of the present invention, and does not limit the patent scope of the present invention. All equivalent structural changes made by using the contents of the present invention specification and drawings under the inventive concept of the present invention, or directly/indirectly applied in other related technical fields are included in the patent protection scope of the present invention.

Claims (10)

1. A jailhouse non-root cell internal os restarting method is characterized by comprising the following steps:

Starting a non-root cell based on jailhouse user mode tools to obtain a backup area; the backup area does not belong to the range of a memory area accessible by the non-root cell, starting resources are backed up in the backup area, and the starting resources comprise a guests os kernel mirror image, an equipment tree and a file system;

monitoring an operation instruction of a non-root cell in a hypervisor layer, and triggering the instruction to sink into jailhouse hyperviosr when a deboot command is executed by a gust os;

And when receiving a preset operation instruction, the hyperviosr layer copies the gust starting resource from the backup area to the starting area and executes a starting operation flow.

2. The jailhouse non-root cell internal os restart method of claim 1, wherein starting a non-root cell based on a jailhouse user state tool comprises:

operating based on the non-root cell configuration file and the resource configuration file to obtain a backup area;

and in the non-root cell starting resource loading process, backing up the memory area loading the resources to the backup area to obtain the gust starting resources.

3. The jailhouse non-root cell internal os restart method of claim 2, wherein obtaining a backup area based on non-root cell configuration file and resource configuration file operations comprises:

Adding a memory configuration in the non-root cell configuration file for backing up the resource file on which the non-root cell os is started to depend;

And in the resource configuration file, newly adding memory block configuration, and using macro definition identification to distinguish the purposes of the memory blocks.

4. The jailhouse non-root cell internal os restart method of claim 2, wherein backing up a memory area loading a resource to the backup area comprises:

in the cell load_image loading process, a branch process is added, and resources are loaded into a memory space.

5. The jailhouse non-root cell internal os restart method of claim 4, comprising: the load process of loading the resource into the memory space is multiple times.

6. The jailhouse non-root cell internal os restart method of claim 1, wherein monitoring the operation instruction of the non-root cell at the hypervisor layer comprises:

Distinguishing the received instructions, and judging whether the instructions are related instructions or not;

subdividing the instruction again, and if the instruction is restarted, adding a restarting instruction processing logic;

After receiving the restart sgi message, searching whether a configuration restart resource block exists in the configuration;

if the virtual address exists, performing memory space mapping on the restarting related physical block to acquire the virtual address;

if not, the method directly exits to prompt the restarting failure.

7. The jailhouse non-root cell internal os restart method of claim 6, wherein adding restart instruction processing logic comprises: and sending sgi a message to inform the root cell to call the restart flow code.

8. The jailhouse non-root cell internal os restart method of claim 1, wherein executing a startup operation flow comprises:

Firstly judging the current cell as a non-root cell, acquiring a cell pointer object from a list, sending sgi an interrupt message, and suspending the cpu of the current cell of the root cell;

Demapping JAILHOUSE _mem_ LOADABLE MEM _region from the root cell;

Resetting the information of the PCi and the cell, and starting an inlet by the equipment;

And restoring the cpu, and setting the reset state as true.

9. A system comprising a microprocessor and a storage medium interconnected, wherein the microprocessor is programmed or configured to perform the jailhouse non-root cell internal os restart method of any one of claims 1-8.

10. A storage medium having a computer program stored therein, wherein the computer program is for programming or configuring by a microprocessor to perform the jailhouse non-root cell internal os restart method of any one of claims 1-8.