CN109753347B - System and method for realizing driving - Google Patents
System and method for realizing driving Download PDFInfo
- Publication number
- CN109753347B CN109753347B CN201711078956.3A CN201711078956A CN109753347B CN 109753347 B CN109753347 B CN 109753347B CN 201711078956 A CN201711078956 A CN 201711078956A CN 109753347 B CN109753347 B CN 109753347B
- Authority
- CN
- China
- Prior art keywords
- interrupt
- driver
- user space
- interrupt processing
- space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
- Vehicle Body Suspensions (AREA)
- Control Of Multiple Motors (AREA)
- Diaphragms For Electromechanical Transducers (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a system and a method for realizing driving, which comprises the following steps: configuring the attribute of a driving TA in a user space; when the kernel space loads the driver, the attribute of the driver TA is analyzed to complete at least one function of allocating resources, registering the driver and mapping the physical address of the device to the corresponding virtual address space. According to the scheme provided by the application, the codes of the driver are all in the user space, and the driver is not required to be integrated with the OS, so that the driver of the user is completely developed, integrated and managed in a TA (timing advance) mode. Moreover, information such as memory mapping of user space drive does not need to be recorded by using sysfs, and all the drive information of the user space is only in the TA of the drive and the memory of the TEE in dynamic operation, so that information leakage is avoided, and the safety of a drive program is ensured.
Description
Technical Field
The present application relates to, but not limited to, computer technology, and more particularly, to a system and method for implementing a driver.
Background
At present, in implementation of a driver, for example, an input/output interface (UIO) driver for implementing a user space in a Linux kernel (Linux kernel), a user space (userpace) of the UIO implements mmap (), which is used for processing mapping of a device memory. If the driver of UIO waits for an interrupt in the user space, simple blocking is needed on the read () operation of/dev/uioX, and the kernel space (Kernelspace) of UIO driver still needs to set an interrupt handling function, so that when the device generates an interrupt, the kernel space responds to the interrupt, and the interrupt calculator adds 1,read () operation and returns immediately. In addition, the driver of the UIO implements the poll () system call, and may wait for an interrupt to occur using the select () function. Registered UIO devices will appear under/sys/class/uioX and control of the devices can be accomplished by reading and writing files under/sys/class/uioX.
In the scheme of implementing the UIO driver for the user space in the Linux kernel in the related art, on one hand, a part of the driver still runs in the kernel space, and therefore, the driver for the user space cannot be developed and integrated in a secure Application (TA) manner, and dynamic installation and upgrade cannot be performed by using a Trusted Application Management (TAM) program. On the other hand, functions such as calling mmap (), driver registration and the like, which are displayed by a developer of a driver, are required, so that the complexity of design is increased, and the functions are not suitable for being used in a small Operating System (OS), and information in sysfs has a security leakage problem and is not suitable for being used in a Trusted Execution Environment (TEE); moreover, the user space needs to wait (wait) for an interrupt in the read operation of the device, which is not uniform with the development behavior of the original non-UIO driver, and the understanding complexity is undoubtedly increased for the initial developer.
Disclosure of Invention
In order to solve the above technical problem, the present invention provides a system and a method for implementing a driver, which can implement management of a driver of a user in a TA manner and can greatly reduce the complexity of program development.
In order to achieve the object of the present invention, the present invention provides a system for implementing driving, comprising: user space and kernel space, wherein, be provided with in the user space: a first trusted execution environment internal application programming interface, a secure application, and a driver; the kernel space is provided with: the system comprises a second trusted execution environment internal application programming interface, a trusted execution environment framework and a secure operating system; wherein the content of the first and second substances,
the driver is configured with the attribute for driving the security application;
the first trusted execution environment internal application programming interface and the second trusted execution environment internal application programming interface are used for realizing mutual calling inside a user space, inside a kernel space and between the user space and the kernel space;
and the trusted execution environment framework analyzes and drives the attribute of the security application when the driver is loaded based on the security operating system so as to complete at least one function of allocating resources, registering a driver and mapping a device physical address to a corresponding virtual address space.
Optionally, the kernel space further includes: a user space driven framework;
the trusted execution environment framework is further to: when the user space drive interrupt needs to be registered, establishing a single interrupt processing thread for a drive program which needs to respond to the interrupt;
the user space driving framework is used for storing the corresponding relation among the interrupt processing thread established by the trusted execution environment framework, the interrupt processing function in the user space and the interrupt number of the interrupt, and the interrupt processing function which is commonly used by the registered user space driving equipment is called by the application programming interface in the second trusted execution environment; when an interrupt occurs, the user space driving framework calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address of the user space interrupt processing function to the woken-up interrupt processing thread.
The application also provides a method for realizing driving, which comprises the following steps:
when the kernel space loads a driver, analyzing the attribute of the driving security application to complete at least one function of allocating resources, registering a driver and mapping the physical address of the device to the corresponding virtual address space, wherein the attribute of the driving security application is configured in the user space.
Optionally, the method further comprises:
when the interrupt driven by the user space needs to be registered, the kernel space establishes a single interrupt processing thread for a driver program to which the interrupt needs to respond;
the kernel space stores the corresponding relation of the established interrupt processing thread, the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function which is universal for the user space driving equipment;
when an interrupt occurs, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address for driving the user space interrupt processing function to the woken-up interrupt processing thread.
The present application further provides a computer-readable storage medium storing computer-executable instructions for performing any one of the methods of implementing a driver.
The present application further provides an apparatus for implementing driving, comprising a memory and a processor, wherein the memory stores the following instructions executable by the processor: when the kernel space loads the driver, the attribute of the driver security application is analyzed to complete at least one function of allocating resources, registering the driver and mapping the physical address of the device to the corresponding virtual address space, wherein the attribute of the driver security application is configured in the user space.
Optionally, the memory further stores the following instructions executable by the processor:
when the interrupt driven by the user space needs to be registered, the kernel space establishes a single interrupt processing thread for a driver program to which the interrupt needs to respond; the kernel space stores the corresponding relation between the established interrupt processing thread, the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function commonly used by the user space driving equipment; when an interrupt is generated, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address for driving the user space interrupt processing function to the woken-up interrupt processing thread.
The technical scheme at least comprises the following steps: configuring the attribute of a driving TA in a user space; when the kernel space loads the driver, the attribute of the driver TA is analyzed to complete at least one function of allocating resources, registering the driver and mapping the physical address of the device to the corresponding virtual address space. According to the scheme provided by the application, the codes of the driver are all in the user space, and do not need to be integrated with the OS, so that the driver of the user can be completely developed, integrated and managed in a TA (timing advance) mode. In addition, information such as memory mapping of user space drive and the like does not need to be recorded by using sysfs, and all the drive information of the user space is only in the TA of the drive and the memory of the TEE in dynamic operation, so that information leakage is avoided, and the safety of a drive program is ensured.
Optionally, the present application further includes: when registering the interrupt driven by the user space, the kernel space establishes a single interrupt processing thread for the TA of the drive which needs to respond to the interrupt; the kernel space stores the established interrupt processing thread, the corresponding relation between the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function which is universal for the user space driving equipment; when an interrupt occurs, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address driving the user space interrupt processing function to the woken-up interrupt processing thread. In the scheme for realizing the driver, on one hand, codes of the interrupt driver are all in a user space, and do not need to be integrated with an OS, so that development, integration and management of the driver of the user in a TA form are completely realized. On the other hand, the interrupt registration still can adopt a scheme of calling the interrupt registration API, so that a user does not need to sense an internal processing flow; and only a single high-priority thread is needed to process the interrupt, so that the timeliness of interrupt response is ensured to the maximum extent.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the claimed subject matter and are incorporated in and constitute a part of this specification, illustrate embodiments of the subject matter and together with the description serve to explain the principles of the subject matter and not to limit the subject matter.
FIG. 1 is a schematic diagram of the system for implementing the driving according to the present application;
fig. 2 is a flowchart of a method for implementing driving according to the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more apparent, embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
In one exemplary configuration of the present application, a computing device includes one or more processors (CPUs), input/output interfaces, a network interface, and a memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
Trusted Execution Environments (TEE) ensure that sensitive data is stored, processed, and protected in an isolated, trusted environment through hardware isolation. TEE is widely used in various security applications such as payment, fingerprinting, and digital rights protection (DRM). The TEE realizes a driver in a user space, can meet the requirement of higher security level, and meanwhile, the driver of the user can be developed, integrated and managed in a mode of running a secure Application (TA) inside the TEE.
Fig. 1 is a schematic diagram of a system for implementing a driver according to the present application, and as shown in fig. 1, the system includes a user space and a kernel space, where the user space at least includes: a first TEE Internal (Internal) Application Programming Interface (API), a secure Application (TA), and a Driver such as Driver TA; the kernel space is at least provided with: a second TEE Internal API, a TEE Framework (Framework), and a Secure operating system (Secure OS); wherein the content of the first and second substances,
and the first TEE Internal API and the second TEE Internal API are used for realizing mutual calling inside the user space, inside the kernel space and between the user space and the kernel space. Such as: the TA calls a first TEE Internal AP, a first TEE Internal API of a user space calls a second TEE Internal API of the kernel space through syscall, so that the second TEE Internal API can call interfaces of other modules of the kernel space.
The attributes of the driver TA are configured in the driver TA, such as: the name of the drive, the physical address to be mapped and the corresponding virtual address, etc.
The configuration mode is similar to the attribute configuration mode of the ordinary TA. These properties are placed in a special section at compile time.
The driving TAs include one or more than one, and a TA of a third party may correspond to one driving TA.
And the TEE framework is based on the secure OS, and when the driver is loaded, the attribute of the driver TA is analyzed so as to finish at least one function of allocating resources, registering the driver and mapping the physical address of the equipment to the corresponding virtual address space.
In the framework for realizing the driver, codes of the driver are all in the driver TA of the user space, and the driver TA does not need to be integrated with the OS, so that the driver of the user is completely developed, integrated and managed in the TA form. Moreover, information such as memory mapping of user space drive does not need to be recorded by using sysfs, and all the drive information of the user space is only in the TA of the drive and the memory of the TEE in dynamic operation, so that information leakage is avoided, and the safety of a drive program is ensured.
Through the framework for realizing the drive, relevant functions such as calling mmap (), registration of the drive and the like displayed by a developer of the drive are not needed, and only the attribute of the drive TA is simply configured and is consistent with the development mode of the common TA as much as possible, so that the workload of a third-party drive developer is reduced; in addition, the participation of sysfs is not needed, the hidden danger of no drive information leakage is realized, and the safety of a drive program is ensured. The TA mode of the driver of the third party is integrated into the TEE, so that the dynamic update by adopting the TAM mode is realized, and the integration cost of the driver is reduced.
Optionally, the kernel space further includes: a user space Driver Framework (userpace Driver Framework); accordingly, the number of the first and second electrodes,
the TEE framework is also used to: when an external developer such as a driver needs to register the interrupt driven by a user space, establishing a single interrupt processing thread for a TA (timing advance) driven by the interrupt needing to be responded;
the user space driver framework is used for storing the corresponding relation among the interrupt processing thread established by the TEE framework, the interrupt processing function in the user space and the interrupt number of the registered interrupt, and the interrupt processing function which is commonly used by the registered user space driver equipment is called by a second TEE Internal API of the TEE kernel space; when an interrupt occurs, a general interrupt processing function is called, then a corresponding interrupt processing thread is awakened according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and an entry address for driving the user space interrupt processing function is transmitted to the awakened interrupt processing thread.
Thus, the interrupt handling thread switches to an interrupt handling function that drives user space and handles the interrupt.
In the system for realizing the drive, the codes of the interrupt drive program are all in the drive TA of the user space, and the integrated processing with the OS is not needed, so that the development, integration and management of the drive program of the user in the TA form are completely realized.
By the system for realizing the drive, the interrupt registration can still adopt a scheme of calling the interrupt registration API, so that a user does not need to sense an internal processing flow; when an interrupt is generated, the interrupt is processed only by utilizing the single high-priority thread, so that the timeliness of interrupt response is ensured to the maximum extent.
That is to say, through the system for implementing the driver provided by the present application, it is not necessary for the developer of the driver to perceive the operations such as memory mapping, registration driving, and waiting for the device read operation in response to the interrupt of the user space.
Fig. 2 is a flowchart of a method for implementing driving according to the present application, as shown in fig. 2, including:
step 200: the attributes of the driver TAs are configured in user space.
Optionally, attributes include, but are not limited to: the name of the drive, the physical address to be mapped and the corresponding virtual address, etc.
The configuration mode is similar to the attribute configuration mode of the ordinary TA. These properties are placed in a special section at compile time.
The driving TAs include one or more than one, and a TA of a third party may correspond to one driving TA.
Step 201: based on the secure OS, when the kernel space loads the driver, the attribute of the driver TA is analyzed to complete at least one function of allocating resources, registering the driver, and mapping the device physical address to the corresponding virtual address space.
In the method for realizing the driver, the codes of the driver are all in the driver TA of the user space, and the driver TA does not need to be integrated with the OS, so that the driver of the user is completely developed, integrated and managed in the TA form. Moreover, information such as memory mapping of user space drive does not need to be recorded by using sysfs, and all the drive information of the user space is only in the TA of the drive and the memory of the TEE in dynamic operation, so that information leakage is avoided, and the safety of a drive program is ensured.
Through the method for realizing the drive, relevant functions such as calling mmap (), registering of the drive and the like displayed by a developer of the drive are not needed, only the attribute of the drive TA is simply configured, and the attribute is consistent with the development mode of the common TA as much as possible, so that the workload of a third-party drive developer is reduced; in addition, the participation of sysfs is not needed, the hidden danger of no drive information leakage is realized, and the safety of a drive program is ensured. The TA mode of the driver of the third party is integrated into the TEE, so that the dynamic update by adopting the TAM mode is realized, and the integration cost of the driver is reduced.
The method for realizing the driving further comprises the following steps:
when the interrupt of the user space driver needs to be registered, the kernel space establishes a single interrupt processing thread for the TA of the driver which needs to respond to the interrupt;
the kernel space stores the corresponding relation between the established interrupt processing thread, the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function commonly used by the user space driving equipment;
when an interrupt occurs, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address driving the user space interrupt processing function to the woken-up interrupt processing thread.
Thus, the interrupt handling thread switches to an interrupt handling function that drives user space and handles the interrupt.
In the method for realizing the drive, the codes of the interrupt drive program are all in the drive TA of the user space, and the integrated processing with the OS is not needed, so that the development, integration and management of the drive program of the user in the TA form are completely realized.
By the method for realizing the drive, the interrupt registration can still adopt a scheme of calling the interrupt registration API, so that a user does not need to sense an internal processing flow; when an interrupt is generated, the interrupt is processed only by utilizing the single high-priority thread, so that the timeliness of interrupt response is ensured to the maximum extent.
That is to say, with the method for implementing driver provided by the present application, it is not necessary for the developer of the driver to perceive the operations such as memory mapping, registration driving, and waiting for the device read operation when the user space responds to the interrupt.
In practical applications, to ensure security, many drivers need to be configured to be accessible only to the TEE, such as encryption engines, in which case they need to be integrated in the TEE. By utilizing the framework and the method for realizing the drive, the drive programs of the third party can be integrated in the user space under the requirement of high security level, so that errors (bugs) of the drive programs of the third party can not cause the TEE to have bugs and be attacked by people; the whole TEE can not be crashed when the driver crashes (crash), and development and debugging of a developer of the driver are facilitated. Meanwhile, by utilizing the framework and the method for realizing the driver, the driver is integrated in a TA mode, so that the development and integration of the driver are facilitated, and the operations of dynamic installation, deletion, updating and the like of the driver by using the TAM are facilitated.
The application also provides a computer-readable storage medium storing computer-executable instructions for executing any one of the methods for implementing the driver.
The present application further provides an apparatus for implementing driving, comprising a memory and a processor, wherein the memory stores the following instructions executable by the processor: when the kernel space loads the TA, analyzing the attribute of the driver TA to finish at least one function of allocating resources, registering the driver and mapping the physical address of the equipment to the corresponding virtual address space, wherein the attribute of the driver security application is configured in the user space.
Optionally, the memory further stores the following instructions executable by the processor:
when registering the interrupt driven by the user space, the kernel space establishes a single interrupt processing thread for the TA of the drive which needs to respond to the interrupt; the kernel space stores the established interrupt processing thread, drives the corresponding relation between the interrupt processing function in the user space and the interrupt number of the interrupt, and registers the interrupt processing function which is universal for the user space driving equipment; when an interrupt occurs, the kernel space wakes up the corresponding interrupt processing thread according to the interrupt number, and transmits the entry address of the interrupt processing function driving the user space to the woken-up interrupt processing thread.
Although the embodiments disclosed in the present application are described above, the descriptions are only for the convenience of understanding the present application, and are not intended to limit the present application. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims.
Claims (4)
1. A system for implementing a drive, comprising: user space and kernel space, wherein, be provided with in the user space: a first trusted execution environment internal application programming interface, a secure application, and a driver; the kernel space is provided with: the system comprises a second trusted execution environment internal application programming interface, a trusted execution environment framework, a user space driving framework and a secure operating system; wherein, the driver is configured with an attribute for driving the security application, and the attribute includes: the name of the driver, the physical address to be mapped and the corresponding virtual address;
the first trusted execution environment internal application programming interface and the second trusted execution environment internal application programming interface are used for realizing mutual calling inside a user space, inside a kernel space and between the user space and the kernel space;
the trusted execution environment framework analyzes and drives the attribute of the security application when the driver is loaded based on the security operating system so as to complete at least one function of allocating resources, registering a driver and mapping a device physical address to a corresponding virtual address space; when the interrupt driven by the user space needs to be registered, establishing a single interrupt processing thread for a driver which needs to respond to the interrupt;
the user space driving framework is used for storing the corresponding relation among the interrupt processing thread established by the trusted execution environment framework, the interrupt processing function in the user space and the interrupt number of the interrupt, and the interrupt processing function which is commonly used by the registered user space driving equipment is called by the internal application programming interface of the second trusted execution environment; when an interrupt is generated, the user space driving framework calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address of the user space interrupt processing function to the woken-up interrupt processing thread.
2. A method of implementing a drive, comprising:
when a kernel space loads a driver, analyzing the attribute of the driver security application to complete at least one function of allocating resources, registering a driver and mapping a device physical address to a corresponding virtual address space, wherein the attribute of the driver security application is configured in a user space, and the attribute comprises: the name of the driver, the physical address to be mapped and the corresponding virtual address;
when the interrupt driven by the user space needs to be registered, the kernel space establishes a single interrupt processing thread for a driver program to which the interrupt needs to respond;
the kernel space stores the corresponding relation between the established interrupt processing thread, the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function commonly used by the user space driving equipment;
when an interrupt is generated, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address for driving the user space interrupt processing function to the woken-up interrupt processing thread.
3. A computer-readable storage medium storing computer-executable instructions for performing the method of implementing a driver recited in claim 2 above.
4. An apparatus for implementing a drive, comprising a memory and a processor, wherein the memory has stored therein the following instructions executable by the processor: when a kernel space loads a driver, analyzing the attribute of the driver security application to complete at least one function of allocating resources, registering a driver and mapping a device physical address to a corresponding virtual address space, wherein the attribute of the driver security application is configured in a user space, and the attribute comprises: the name of the driver, the physical address to be mapped and the corresponding virtual address;
when the interrupt driven by the user space needs to be registered, the kernel space establishes a single interrupt processing thread for a driver program to which the interrupt needs to respond; the kernel space stores the corresponding relation of the established interrupt processing thread, the interrupt processing function in the user space and the registered interrupt number of the interrupt, and registers the interrupt processing function universal to the user space driving equipment; when an interrupt is generated, the kernel space calls a general interrupt processing function, wakes up a corresponding interrupt processing thread according to an interrupt number corresponding to the generated interrupt in the corresponding relation, and transmits an entry address for driving the user space interrupt processing function to the woken-up interrupt processing thread.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711078956.3A CN109753347B (en) | 2017-11-06 | 2017-11-06 | System and method for realizing driving |
| TW107131126A TWI783034B (en) | 2017-11-06 | 2018-09-05 | System and method for implementing drive |
| PCT/CN2018/111815 WO2019085811A1 (en) | 2017-11-06 | 2018-10-25 | System and method for implementing driving |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711078956.3A CN109753347B (en) | 2017-11-06 | 2017-11-06 | System and method for realizing driving |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109753347A CN109753347A (en) | 2019-05-14 |
| CN109753347B true CN109753347B (en) | 2023-03-21 |
Family
ID=66332819
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711078956.3A Active CN109753347B (en) | 2017-11-06 | 2017-11-06 | System and method for realizing driving |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN109753347B (en) |
| TW (1) | TWI783034B (en) |
| WO (1) | WO2019085811A1 (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110399235B (en) | 2019-07-16 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Multithreading data transmission method and device in TEE system |
| US10699015B1 (en) | 2020-01-10 | 2020-06-30 | Alibaba Group Holding Limited | Method and apparatus for data transmission in a tee system |
| CN110442462B (en) | 2019-07-16 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Multithreading data transmission method and device in TEE system |
| EP4273731A1 (en) * | 2022-01-17 | 2023-11-08 | Honor Device Co., Ltd. | Information processing method and apparatus |
| CN116049809B (en) * | 2022-06-14 | 2023-11-07 | 荣耀终端有限公司 | Drive calling method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006115533A2 (en) * | 2005-04-22 | 2006-11-02 | Microsoft Corporation | Protected computing environment |
| CN1988534A (en) * | 2005-12-23 | 2007-06-27 | 联想(北京)有限公司 | Credible computing platform and method for access TPM service under kernel state |
| CN102193862A (en) * | 2010-03-10 | 2011-09-21 | 微软公司 | Testing user interfaces in multiple execution environments |
| CN103593189A (en) * | 2013-11-14 | 2014-02-19 | 昆明理工大学 | Method for implementing user mode drive program in embedded Linux |
| CN103679006A (en) * | 2013-10-25 | 2014-03-26 | 华为技术有限公司 | Method and device for operating drive program |
| CN106936774A (en) * | 2015-12-29 | 2017-07-07 | 中国电信股份有限公司 | Authentication method and system in credible performing environment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB0102518D0 (en) * | 2001-01-31 | 2001-03-21 | Hewlett Packard Co | Trusted operating system |
| TW200722992A (en) * | 2005-12-14 | 2007-06-16 | Inventec Corp | Physical memory testing method under Linux system |
| CN101453572A (en) * | 2007-11-30 | 2009-06-10 | 上海复旦上科多媒体有限公司 | Control method for multimedia show system equipment |
| CN106775833B (en) * | 2016-11-28 | 2021-03-16 | 青岛海信移动通信技术股份有限公司 | Device driver loading method, terminal and system |
| CN107247578A (en) * | 2017-06-12 | 2017-10-13 | 北京奇虎科技有限公司 | Configuration parameter storage method and device |
-
2017
- 2017-11-06 CN CN201711078956.3A patent/CN109753347B/en active Active
-
2018
- 2018-09-05 TW TW107131126A patent/TWI783034B/en active
- 2018-10-25 WO PCT/CN2018/111815 patent/WO2019085811A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006115533A2 (en) * | 2005-04-22 | 2006-11-02 | Microsoft Corporation | Protected computing environment |
| CN1988534A (en) * | 2005-12-23 | 2007-06-27 | 联想(北京)有限公司 | Credible computing platform and method for access TPM service under kernel state |
| CN102193862A (en) * | 2010-03-10 | 2011-09-21 | 微软公司 | Testing user interfaces in multiple execution environments |
| CN103679006A (en) * | 2013-10-25 | 2014-03-26 | 华为技术有限公司 | Method and device for operating drive program |
| CN103593189A (en) * | 2013-11-14 | 2014-02-19 | 昆明理工大学 | Method for implementing user mode drive program in embedded Linux |
| CN106936774A (en) * | 2015-12-29 | 2017-07-07 | 中国电信股份有限公司 | Authentication method and system in credible performing environment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019085811A1 (en) | 2019-05-09 |
| CN109753347A (en) | 2019-05-14 |
| TWI783034B (en) | 2022-11-11 |
| TW201923568A (en) | 2019-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109753347B (en) | System and method for realizing driving | |
| KR102255767B1 (en) | Systems and methods for virtual machine auditing | |
| US9443079B2 (en) | Application execution in a restricted application execution environment | |
| US8181176B2 (en) | Uniform storage device access using partial virtual machine executing within a secure enclave session | |
| US20190087212A1 (en) | Android simulator and method for implementing android simulator | |
| EP3968160A1 (en) | Inter-process communication method and apparatus, and computer device | |
| CN112231007B (en) | Device driving method based on user mode and kernel mode driving cooperative processing framework | |
| US10102154B2 (en) | Protected memory area | |
| CN114327777B (en) | Method and device for determining global page directory, electronic equipment and storage medium | |
| US8209707B2 (en) | Gathering state information for an application and kernel components called by the application | |
| US20150199210A1 (en) | Methods, Devices and Computer Readable Storage Devices for Confluence of Multiple Operating Systems | |
| CN110837446A (en) | Equipment management method and device applied to embedded system, medium and embedded equipment | |
| US20150212832A1 (en) | Techniques for dynamically redirecting device driver operations to user space | |
| CN112148709A (en) | Data migration method, system and storage medium | |
| WO2023123850A1 (en) | Method and apparatus for implementing firmware root of trust, device, and readable storage medium | |
| CN110609680A (en) | Parameter transmission method and device based on Spring interceptor, storage medium and equipment | |
| US8788785B1 (en) | Systems and methods for preventing heap-spray attacks | |
| CN114416402A (en) | Information transmission method, terminal device and storage medium | |
| US11385927B2 (en) | Interrupt servicing in userspace | |
| CN105844151B (en) | File storage protection implementation method and system | |
| US11074200B2 (en) | Use-after-free exploit prevention architecture | |
| US20220327230A1 (en) | Controlled data access via container visible location | |
| US11467889B2 (en) | System and method of utilizing legacy applications with secure memory medium portions | |
| TW201317781A (en) | Method for sharing memory of virtual machine and computer system using the same | |
| CN112347058A (en) | Data encryption and decryption method, system and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |