技术领域technical field
本公开涉及集成电路领域,且更具体地,涉及处理方法、片上系统、电子装置和存储介质。The present disclosure relates to the field of integrated circuits, and more particularly, to processing methods, systems on chips, electronic devices, and storage media.
背景技术Background technique
可信计算联盟(Confidential Computing Consortium,CCC)定义了可信执行环境(Trusted Execution Environment,TEE),用于构建使用中数据(Data in Use)安全执行环境,确保数据在使用阶段的机密性、完整性与可使用性。业界有多种CCC的解决方案,比如Intel SGX、ARM Trust-zone等。The Trusted Computing Consortium (CCC) defines the Trusted Execution Environment (TEE), which is used to build a secure execution environment for data in use (Data in Use) to ensure the confidentiality and integrity of data during the use phase. performance and usability. There are many CCC solutions in the industry, such as Intel SGX, ARM Trust-zone, etc.
发明内容Contents of the invention
本公开的至少一实施例提供了一种处理方法,包括:由主装置通过系统总线发出执行域状态信息,执行域状态信息与事务的执行域相关联;以及由从装置通过系统总线接收执行域状态信息,并基于匹配执行域状态信息的结果来确定是否处理事务。At least one embodiment of the present disclosure provides a processing method, including: the master device sends execution domain status information through the system bus, and the execution domain status information is associated with the execution domain of the transaction; and the slave device receives the execution domain through the system bus State information, and based on the result of matching the state information of the execution domain to determine whether to process the transaction.
本公开的至少一实施例提供了一种片上系统,包括:主装置,被配置为通过系统总线发出执行域状态信息,执行域状态信息与事务的执行域相关联;以及从装置,被配置为通过系统总线接收执行域状态信息,并基于匹配执行域状态信息的结果来确定是否处理事务。At least one embodiment of the present disclosure provides a system on chip, including: a master device configured to send execution domain status information through a system bus, where the execution domain status information is associated with an execution domain of a transaction; and a slave device configured to The execution domain state information is received through the system bus, and based on the result of matching the execution domain state information, it is determined whether to process the transaction.
本公开的至少一实施例提供了一种电子装置,包括:处理器;存储器,包括一个或多个计算机程序模块;其中,一个或多个计算机程序模块被存储在存储器中并被配置为由处理器执行以实施如上所述的处理方法。At least one embodiment of the present disclosure provides an electronic device, including: a processor; a memory including one or more computer program modules; wherein, one or more computer program modules are stored in the memory and configured to be processed by the processor The processor executes to implement the processing method as described above.
本公开的至少一实施例提供了一种非瞬时可读存储介质,其上存储有计算机可执行指令,其中,计算机可执行指令在被处理器执行时,以实施如上所述的处理方法。At least one embodiment of the present disclosure provides a non-transitory readable storage medium on which computer-executable instructions are stored, wherein the computer-executable instructions implement the above processing method when executed by a processor.
附图说明Description of drawings
为了更清楚地说明本公开的实施例的技术方案,下面将对本公开的实施例的附图作简单地介绍。明显地,下面描述中的附图仅仅涉及本公开的一些实施例,而非对本公开的限制。In order to illustrate the technical solutions of the embodiments of the present disclosure more clearly, the accompanying drawings of the embodiments of the present disclosure will be briefly introduced below. Apparently, the drawings in the following description only relate to some embodiments of the present disclosure, rather than limiting the present disclosure.
图1示出了示出了示例性的隔离方式与上下文切换的示意图;FIG. 1 shows a schematic diagram illustrating an exemplary isolation manner and context switching;
图2示出了根据本公开的至少一实施例的处理器级别的系统架构的示意图;FIG. 2 shows a schematic diagram of a processor-level system architecture according to at least one embodiment of the present disclosure;
图3示出了根据本公开的至少一实施例的执行域切换的示意图;Fig. 3 shows a schematic diagram of performing domain switching according to at least one embodiment of the present disclosure;
图4示出了根据本公开的至少一实施例的控制状态寄存器设置的数据对象示意图;Fig. 4 shows a schematic diagram of data objects for controlling status register settings according to at least one embodiment of the present disclosure;
图5示出了根据本公开的至少一实施例的中断隔离的示意图;FIG. 5 shows a schematic diagram of interrupt isolation according to at least one embodiment of the present disclosure;
图6示出了根据本公开的至少一实施例的数据高速缓存隔离的示意图;FIG. 6 shows a schematic diagram of data cache isolation according to at least one embodiment of the present disclosure;
图7A示出了根据本公开的至少一实施例的处理方法的流程图;FIG. 7A shows a flowchart of a processing method according to at least one embodiment of the present disclosure;
图7B示出了根据本公开的至少一实施例的系统的示意图;Figure 7B shows a schematic diagram of a system according to at least one embodiment of the present disclosure;
图8A示出了根据本公开的至少一实施例的中断处理方法的流程图;FIG. 8A shows a flowchart of an interrupt handling method according to at least one embodiment of the present disclosure;
图8B示出了根据本公开的至少一实施例的中断控制器的示意图;FIG. 8B shows a schematic diagram of an interrupt controller according to at least one embodiment of the present disclosure;
图9A示出了根据本公开的至少一实施例的操作高速缓存的方法的流程图;FIG. 9A shows a flowchart of a method of operating a cache according to at least one embodiment of the present disclosure;
图9B示出了根据本公开的至少一实施例的高速缓存控制器的示意图;FIG. 9B shows a schematic diagram of a cache controller according to at least one embodiment of the present disclosure;
图10A示出了根据本公开的至少一实施例的操作翻译后备缓冲器的方法的流程图;FIG. 10A shows a flowchart of a method of operating a translation lookaside buffer according to at least one embodiment of the present disclosure;
图10B示出了根据本公开的至少一实施例的翻译后备缓冲器控制器的示意图;FIG. 10B shows a schematic diagram of a translation lookaside buffer controller according to at least one embodiment of the present disclosure;
图11示出了根据本公开的至少一实施例的片上系统级别的系统架构的示意图;FIG. 11 shows a schematic diagram of a system architecture at the system-on-chip level according to at least one embodiment of the present disclosure;
图12示出了根据本公开的至少一实施例的传输执行域标识符信息和/或非安全标识信息的示意图;Fig. 12 shows a schematic diagram of transmitting execution domain identifier information and/or non-secure identification information according to at least one embodiment of the present disclosure;
图13A示出了根据本公开的至少一实施例的处理方法的流程图;FIG. 13A shows a flowchart of a processing method according to at least one embodiment of the present disclosure;
图13B示出了根据本公开的至少一实施例的片上系统的示意图;FIG. 13B shows a schematic diagram of a system-on-chip according to at least one embodiment of the present disclosure;
图14A示出了根据本公开的至少一实施例的操作处理器的方法的流程图;Figure 14A shows a flowchart of a method of operating a processor according to at least one embodiment of the present disclosure;
图14B示出了根据本公开的至少一实施例的处理器的示意图;Figure 14B shows a schematic diagram of a processor according to at least one embodiment of the present disclosure;
图15示出了根据本公开的至少一实施例的电子装置的示意图;FIG. 15 shows a schematic diagram of an electronic device according to at least one embodiment of the present disclosure;
图16示出了根据本公开的至少一实施例的非瞬时可读存储介质的示意图。FIG. 16 shows a schematic diagram of a non-transitory readable storage medium according to at least one embodiment of the present disclosure.
具体实施方式Detailed ways
现在将详细参考本公开的具体实施例,在附图中例示了本公开的示例。尽管将结合具体实施例描述本公开,但将理解,不是想要将本公开限于描述的实施例。相反,想要覆盖由所附权利要求限定的在本公开的精神和范围内包括的变更、修改和等价物。应注意,本文描述的方法操作都可以由任何功能块或功能布置来实现,且任何功能块或功能布置可被实现为物理实体或逻辑实体、或者两者的组合。Reference will now be made in detail to specific embodiments of the present disclosure, examples of which are illustrated in the accompanying drawings. While the disclosure will be described in conjunction with specific embodiments, it will be understood that it is not intended to limit the disclosure to the described embodiments. On the contrary, it is intended to cover alterations, modifications and equivalents as included within the spirit and scope of the present disclosure as defined by the appended claims. It should be noted that the method operations described herein can all be realized by any functional blocks or functional arrangements, and any functional blocks or functional arrangements can be realized as physical entities or logical entities, or a combination of both.
为了使本领域技术人员更好地理解本公开,下面结合附图和具体实施方式对本公开作进一步详细说明。In order to enable those skilled in the art to better understand the present disclosure, the present disclosure will be described in further detail below in conjunction with the accompanying drawings and specific embodiments.
注意,接下来要介绍的示例仅是具体的示例,而不作为限制本公开的实施例必须为示出和描述的具体的外形、硬件、连接关系、操作、数值、条件、数据、顺序等等。本领域技术人员可以通过阅读本说明书来运用本公开的构思来构造本说明书中未提到的更多实施例。Note that the examples to be introduced next are only specific examples, and are not intended to limit the embodiments of the present disclosure to the specific appearance, hardware, connection relationship, operation, value, condition, data, sequence, etc. . Those skilled in the art can construct more embodiments not mentioned in this specification by using the concept of the present disclosure by reading this specification.
本公开中使用的术语是考虑到关于本公开的功能而在本领域中当前广泛使用的那些通用术语,但是这些术语可以根据本领域普通技术人员的意图、先例或本领域新技术而变化。此外,特定术语可以由申请人选择,并且在这种情况下,其详细含义将在本公开的详细描述中描述。因此,说明书中使用的术语不应理解为简单的名称,而是基于术语的含义和本公开的总体描述。Terms used in the present disclosure are those general terms currently widely used in the art in consideration of functions about the present disclosure, but the terms may be changed according to the intention of those of ordinary skill in the art, precedents, or new technologies in the art. Also, specific terms may be selected by the applicant, and in this case, their detailed meanings will be described in the detailed description of the present disclosure. Therefore, the terms used in the specification should not be understood as simple names, but based on the meaning of the terms and the general description of the present disclosure.
本公开中使用了流程图来说明根据本申请的实施例的系统所执行的操作。应当理解的是,前面或下面操作不一定按照顺序来精确地执行。相反,根据需要,可以按照倒序或同时处理各种步骤。同时,也可以将其他操作添加到这些过程中,或从这些过程移除某一步或数步操作。Flow charts are used in this disclosure to illustrate the operations performed by the system according to the embodiments of the present application. It should be understood that the preceding or following operations are not necessarily performed in an exact order. Instead, various steps may be processed in reverse order or concurrently, as desired. At the same time, other operations can be added to these procedures, or a certain step or steps can be removed from these procedures.
处理器核(或CPU核)是可以独立完成中央处理器(CPU)操作步骤的核心(Core)。例如,中央处理器(CPU)可能包含一个或多个CPU核,根据所包括的CPU核的多少,CPU可以为单核处理器(CPU)或多核处理器(CPU)。CPU中可以包括一级或多级缓存,例如CPU核通常包括一级缓存,而二级缓存、三级缓存则设置在CPU核之外。A processor core (or CPU core) is a core (Core) that can independently complete the operation steps of a central processing unit (CPU). For example, a central processing unit (CPU) may include one or more CPU cores. According to the number of included CPU cores, the CPU may be a single-core processor (CPU) or a multi-core processor (CPU). A CPU may include one or more levels of cache. For example, a CPU core usually includes a level-1 cache, while a level-2 cache and a level-3 cache are set outside the CPU core.
另外,为描述方便,例如在示例性的RISC-V架构中,本文描述的Core、Hart、CPU/CPU核或者处理器/处理器核可以在语义上不作区分并且可以指示相同的对象。但是可以理解的,虽然在各种架构中,上述术语可能指示不同的对象,但是本公开的各方面可以在经过或不经过修改的情况下适用于这些架构中,而不超出本公开的保护范围。In addition, for convenience of description, for example, in an exemplary RISC-V architecture, Core, Hart, CPU/CPU core or processor/processor core described herein may not be semantically distinguished and may indicate the same object. However, it can be understood that although the above terms may refer to different objects in various architectures, aspects of the present disclosure can be applied to these architectures with or without modification, without going beyond the protection scope of the present disclosure .
处理器通过流水线技术提高指令执行效率,处理器中的流水线例如包括分支预测、取指、译码、寄存器重命名、发射、执行、退休等。为了进一步提高指令执行效率,处理器还可以提供多个并行流水线(多个硬件线程),这些并行流水线可以共享部分组件(例如缓存队列等)。The processor improves instruction execution efficiency through pipeline technology, and the pipeline in the processor includes, for example, branch prediction, instruction fetching, decoding, register renaming, launch, execution, retirement, and the like. In order to further improve instruction execution efficiency, the processor can also provide multiple parallel pipelines (multiple hardware threads), and these parallel pipelines can share some components (such as cache queues, etc.).
操作系统给一个进程分配内存时,需要把使用到的虚拟地址映射到物理地址(即地址翻译),物理地址才是真正的物理内存访问地址。地址翻译是一个非常耗时的过程。为了节省地址翻译时间,提升计算机系统性能,提供翻译后备缓冲器(TranslationLookasideBuffer,TLB)来存放之前使用过的第一级页表的页表项PTE。例如,当需要从内存中读取一条指令或一项数据时,则需要将该读取指令中所采用的虚拟地址翻译为物理地址,即产生了地址翻译的请求,这时首先使用需要被翻译的虚拟地址查询TLB,如果命中TLB则可以立即获得相应的物理地址,否则再逐级查询页表以获得相应的物理地址。When the operating system allocates memory to a process, it needs to map the used virtual address to a physical address (that is, address translation), and the physical address is the real physical memory access address. Address translation is a very time-consuming process. In order to save address translation time and improve computer system performance, a translation lookaside buffer (TranslationLookasideBuffer, TLB) is provided to store the page table entry PTE of the previously used first-level page table. For example, when an instruction or an item of data needs to be read from the memory, the virtual address used in the read instruction needs to be translated into a physical address, that is, a request for address translation is generated. At this time, the first use needs to be translated The TLB is queried by the virtual address of the virtual address. If the TLB is hit, the corresponding physical address can be obtained immediately, otherwise, the page table is queried step by step to obtain the corresponding physical address.
目前,在计算机系统中,物理内存保护/增强型物理内存保护(PMP/ePMP)是一种硬件级别的内存保护机制,用于隔离物理内存区间。例如基于RISC-V架构等的处理器芯片可以支持PMP/ePMP。有多种基于PMP的Enclave(飞地)方案来实现TEE,比如Berkeleykeystone、Hex-Five Multi-zone等。Currently, in computer systems, physical memory protection/enhanced physical memory protection (PMP/ePMP) is a hardware-level memory protection mechanism for isolating physical memory intervals. For example, processor chips based on RISC-V architecture can support PMP/ePMP. There are a variety of PMP-based Enclave (enclave) solutions to implement TEE, such as Berkeleykeystone, Hex-Five Multi-zone, etc.
然而,基于PMP的方案无法提供更丰富的运行级别灵活的执行域;细粒度的硬件级别内存保护,无法解决多个飞地之间上下文切换/中断、高速缓存(Cache)/翻译后备缓冲器(TLB)等的隔离问题。However, the PMP-based solution cannot provide a richer run-level flexible execution domain; fine-grained hardware-level memory protection cannot solve context switching/interruption between multiple enclaves, cache (Cache)/translation look-aside buffer ( TLB) and other isolation issues.
图1示出了示例性的隔离方式与上下文切换的示意图。FIG. 1 shows a schematic diagram of an exemplary isolation mode and context switching.
可信计算安全解决方案的重点是隔离机制与上下文切换。逻辑上根据特权模式(Privilege Mode)可以有多种隔离方式。例如,由较高特权模式(Higher Privilege Mode)提供较低特权模式(Lower Privilege Mode)的隔离和上下文切换机制。Trusted computing security solutions focus on isolation mechanisms and context switching. Logically, there are multiple isolation methods according to the Privilege Mode. For example, the isolation and context switching mechanism of the Lower Privilege Mode (Lower Privilege Mode) is provided by the Higher Privilege Mode (Higher Privilege Mode).
例如,参见图1(其中隔离通过虚线进行标识),操作系统的内核(例如Linux内核,简称Kernel)运作在超级模式(SuperVisor mode),提供运行在用户模式(User mode)下的进程(Process)间的隔离和上下文切换机制;虚拟机管理器(例如VMM)运行在高超级模式(HS Mode),并且提供虚拟机(例如访客操作系统)间的隔离和上下文切换机制;安全监视器(Security Monitor)运行在机器模式(Machine mode),并且提供执行域(下文简称为域或Domain)间的隔离和上下文切换机制。另外,也可以在硬件级别(例如硬件原语)提供隔离和上下文切换机制。硬件级别可以包括RISC-V核(例如RISC-Vcore)、PMP/ePMP、安全监视器扩展(Security Monitor Extension)以及硬件支持的切换扩展(Hardware-backedSwitching Extension)等。For example, referring to Figure 1 (where the isolation is marked by a dotted line), the kernel of the operating system (such as the Linux kernel, referred to as Kernel) operates in the super mode (SuperVisor mode), providing a process (Process) running in the user mode (User mode) The isolation and context switching mechanism between virtual machines; the virtual machine manager (such as VMM) runs in high super mode (HS Mode), and provides the isolation and context switching mechanism between virtual machines (such as guest operating systems); the security monitor (Security Monitor) ) runs in machine mode (Machine mode), and provides isolation and context switching mechanisms between execution domains (hereinafter referred to as domains or Domains). Additionally, isolation and context switching mechanisms can also be provided at the hardware level (eg, hardware primitives). The hardware level may include RISC-V core (such as RISC-Vcore), PMP/ePMP, Security Monitor Extension (Security Monitor Extension), and hardware-backed Switching Extension (Hardware-backedSwitching Extension), etc.
这些隔离方式在可信计算基(Trusted Computing Base,TCB)方面有安全上的区别:TCB的复杂程度决定了安全等级,其中越复杂的TCB安全等级越低;同时TCB可以读取上下文的所有数据会导致业务数据泄露。These isolation methods have security differences in the Trusted Computing Base (TCB): the complexity of the TCB determines the security level, and the more complex the TCB, the lower the security level; at the same time, the TCB can read all the data of the context Will lead to business data leakage.
同时,各种隔离方式在提供给业务的特权模式上也有比较大的区别。例如,以寄存器组块的方式提供给业务可运行的特权模式可以包括从用户模式到机器模式,而Linux内核的隔离方式只能提供业务用户模式的运行级别。因此,在一些方面,如何为业务提供更丰富的运行级别是构建灵活安全的业务系统的关键。At the same time, various isolation methods also have relatively large differences in the privileged modes provided to the business. For example, the privileged mode provided to the service in the form of register blocks can include from user mode to machine mode, while the isolation method of the Linux kernel can only provide the operation level of the service user mode. Therefore, in some respects, how to provide a richer operating level for the business is the key to building a flexible and secure business system.
本公开的发明人意识到,在上述实施例中,处理器架构例如不能满足可信计算需求,不能真正落地到产品;TCB的复杂度太高会带来更多安全隐患;以及业务系统需要丰富的特权模式以满足业务需求。The inventors of the present disclosure realize that, in the above-mentioned embodiments, the processor architecture cannot meet the requirements of trusted computing, and cannot be implemented in products; the complexity of TCB is too high, which will bring more security risks; and the business system needs to be rich The privileged mode to meet business needs.
本发明的至少一实施例提供一种处理器级别的系统架构(隔离模型),例如涉及以下中的一个或多个:提供更丰富的运行级别灵活的执行域;细粒度的硬件级别内存保护,例如解决多个飞地之间上下文切换/中断、高速缓存/翻译后备缓冲器等的隔离问题。以此,本公开的至少一实施例提供的处理器级别的系统架构(隔离模型),例如可以支持多个执行域,以满足可信计算安全需求;简化和优化上下文切换,降低上下文切换带来的性能开销;以及在机器模式提供安全监视器实现,提供超级模式和用户模式以支持安全业务模型等。At least one embodiment of the present invention provides a processor-level system architecture (isolation model), for example, involving one or more of the following: providing richer execution levels and flexible execution domains; fine-grained hardware-level memory protection, Such as addressing the isolation of context switches/interrupts between multiple enclaves, caching/translation lookaside buffers, etc. Therefore, the processor-level system architecture (isolation model) provided by at least one embodiment of the present disclosure can, for example, support multiple execution domains to meet the security requirements of trusted computing; simplify and optimize context switching, and reduce context switching performance overhead; and provide security monitor implementation in machine mode, provide super mode and user mode to support security business model, etc.
下面描述本公开的示例性架构或模型,可以理解的是,这些描述仅是示例性的,而没有穷尽列举示例性架构或模型的各个方面,并且这些描述的各方面与其他实施例描述的各方面可以相互引用,而不超出本公开的范围。Exemplary architectures or models of the present disclosure are described below, and it should be understood that these descriptions are only exemplary rather than exhaustively enumerating various aspects of the exemplary architectures or models, and that aspects of these descriptions are consistent with those described in other embodiments. Aspects may refer to each other without exceeding the scope of this disclosure.
下面介绍示例性的隔离模型。An exemplary isolation model is presented below.
图2示出了根据本公开的至少一实施例的处理器级别的系统架构的示意图。在该系统架构中,可以实现执行域的隔离,因此,参见图2及相关实施例描述的系统架构也被称为隔离模型。FIG. 2 shows a schematic diagram of a processor-level system architecture according to at least one embodiment of the present disclosure. In this system architecture, the isolation of execution domains can be realized. Therefore, the system architecture described with reference to FIG. 2 and related embodiments is also called an isolation model.
参见图2,运行指令集的处理器核(Core)或多线程处理器核中的硬件线程(Hart)(以下二者可以混用)在逻辑上划分为多个执行域,例如包括执行域0、执行域X、执行域Y和执行域Z。例如,执行域0作为安全监视器的运行环境,同时可以根据业务需要扩展到例如超级模式,作为特殊的安全执行域。执行域0中还可以运行特权功能(Privileged function)和执行域上下文管理器(Domain Context Manager)。执行域X、执行域Y和执行域Z的切换和中断操作等由执行域0控制,执行域X、执行域Y和执行域Z例如可以分别提供高超级模式、超级模式以及用户模式等。Referring to Fig. 2, the processor core (Core) running the instruction set or the hardware thread (Hart) in the multi-threaded processor core (the following two can be mixed) is logically divided into multiple execution domains, for example including execution domain 0, Execution Domain X, Execution Domain Y, and Execution Domain Z. For example, the execution domain 0 is used as the operating environment of the security monitor, and can be extended to, for example, a super mode as a special security execution domain according to business needs. In execution domain 0, privileged functions (Privileged function) and execution domain context managers (Domain Context Manager) can also be run. Execution domain X, execution domain Y, and execution domain Z switch and interrupt operations are controlled by execution domain 0, and execution domain X, execution domain Y, and execution domain Z, for example, can respectively provide high super mode, super mode, and user mode.
进程和任务可以分别运行在执行域的用户模式。例如,进程PA、PB和PC可以运行在执行域X的用户模式,任务A、任务B可以运行在执行域Y的用户模式。Processes and tasks can run separately in user mode in the execution domain. For example, processes PA, PB and PC can run in user mode of execution domain X, and tasks A and B can run in user mode of execution domain Y.
内核、REE/TEE操作系统、可信服务可以运行在任意执行域的超级模式。如图2所示,系统内核可以运行在执行域X的超级模式,实时操作系统(RTOS)可以运行在执行域Y的超级模式,可信服务可以运行在执行域Z的超级模式。The kernel, REE/TEE operating system, and trusted services can run in super mode of any execution domain. As shown in Figure 2, the system kernel can run in the hypermode of execution domain X, the real-time operating system (RTOS) can run in the hypermode of execution domain Y, and the trusted service can run in the hypermode of execution domain Z.
如图2所示,除执行域0以外,执行域X、执行域Y和执行域Z在安全等级上可以没有特殊的区分,业务可以根据所运行的操作系统做REE/TEE或者其他语义上的区分。在CPU集群(cluster)内部多核环境,每个Hart可以根据业务或者中断自主做上下文切换。As shown in Figure 2, except for execution domain 0, execution domain X, execution domain Y, and execution domain Z may not have special distinctions in terms of security levels, and services can be implemented as REE/TEE or other semantics according to the operating system. distinguish. In the multi-core environment inside the CPU cluster (cluster), each Hart can independently perform context switching according to business or interruption.
软件系统架构可以根据业务需求灵活设计,支持同时部署例如Linux/Android、RTOS、Bare-Metal等多个软件操作系统。执行域之间的隔离可以使用例如PMP/ePMP实现。在执行域切换时,保存当前运行执行域的上下文,恢复即将运行的执行域的上下文。The software system architecture can be flexibly designed according to business needs, and supports simultaneous deployment of multiple software operating systems such as Linux/Android, RTOS, and Bare-Metal. Isolation between execution domains can be achieved using eg PMP/ePMP. When executing domain switching, save the context of the currently running execution domain and restore the context of the upcoming execution domain.
执行域0、执行域X、执行域Y和执行域Z基于处理器核(例如核0、核1、核2、核3)进行控制和操作。例如,处理器核可以对执行域进行切换和中断操作等。例如,中断控制器可以包括核本地中断控制器(ACLINT)、平台级中断控制器(PLIC)等,其中ACLINT可以向处理器核发起中断请求。PLIC可以接收来自处理器外部设备的中断请求,并将这些请求分发给处理器核进行处理。Execution domain 0, execution domain X, execution domain Y, and execution domain Z are controlled and operated based on processor cores (eg, core 0, core 1, core 2, and core 3). For example, the processor core can perform switching and interrupt operations on execution domains. For example, the interrupt controller may include a core-local interrupt controller (ACLINT), a platform-level interrupt controller (PLIC), etc., wherein the ACLINT may initiate an interrupt request to the processor core. PLIC can receive interrupt requests from external devices of the processor, and distribute these requests to the processor core for processing.
执行域X、执行域Y和执行域Z可以同时使用例如STimer机制进行调度。在多核系统下,安全监视器可以根据MTimer中断做多核间调度执行域X、执行域Y和执行域Z。这将在下面结合图3详细描述。Execution Domain X, Execution Domain Y, and Execution Domain Z can simultaneously use, for example, the STimer mechanism for scheduling. In a multi-core system, the safety monitor can schedule execution domain X, execution domain Y, and execution domain Z among multi-cores according to the MTimer interrupt. This will be described in detail below with reference to FIG. 3 .
图3示出了根据本公开的至少一实施例的执行域切换的示意图。Fig. 3 shows a schematic diagram of performing domain switching according to at least one embodiment of the present disclosure.
在图3所示的示例中,执行域X为正在执行的执行域或当前运行执行域并且被标识为当前运行的执行域,执行域Y和执行域Z为非当前运行执行域。In the example shown in FIG. 3 , execution domain X is an executing domain or a currently running execution domain and is identified as a currently running execution domain, and execution domain Y and execution domain Z are non-current running execution domains.
执行域X、执行域Y和执行域Z的切换包括多种触发情况,例如ECALL、MTimer中断、MSWI/MEI、MEXG、WFI等,其详细介绍如下。The switching of execution domain X, execution domain Y, and execution domain Z includes various trigger situations, such as ECALL, MTimer interrupt, MSWI/MEI, MEXG, WFI, etc., which are described in detail as follows.
ECALL:从低特权模式陷入(trap)到机器模式,安全监视器根据当前寄存器数据切换到对应的服务。ECALL: Trapped from low-privilege mode to machine mode, the security monitor switches to the corresponding service according to the current register data.
MTimer中断:安全监视器可以实现多种调度机制,例如时间片公平调度,抢占调度等方式。根据MTimer中断判断是否做执行域上下文切换。如果仅有执行域X使用MTimer做执行域内(Intra-Domain)调度,可以使用委托(delegate)方式直接让执行域X处理Timer中断。MTimer interrupt: The security monitor can implement various scheduling mechanisms, such as time slice fair scheduling, preemptive scheduling, etc. Determine whether to perform domain context switching according to the MTimer interrupt. If only execution domain X uses MTimer for intra-domain (Intra-Domain) scheduling, you can use the delegate method to directly let execution domain X handle Timer interrupts.
MSWI/MEI:安全监视器处理完中断后,根据调度机制确定切换到执行域X、执行域Y和执行域Z。MSWI/MEI: After the security monitor finishes processing the interrupt, it determines to switch to execution domain X, execution domain Y, and execution domain Z according to the scheduling mechanism.
MEXG:ACLINT和PLIC根据超级模式下中断未决(Pending)状态确定是否触发MEXG,安全监视器在处理MEXG时根据ACLINT和PLIC寄存器确定切换到对应的执行域。例如,MEXG优先级最低,待所有ACLINT/PLIC未决中断处理完之后自动清除。关于MEXG的附加方面将在下文详细描述。MEXG: ACLINT and PLIC determine whether to trigger MEXG according to the interrupt pending (Pending) status in super mode. When processing MEXG, the safety monitor determines to switch to the corresponding execution domain according to the ACLINT and PLIC registers. For example, MEXG has the lowest priority and is automatically cleared after all ACLINT/PLIC pending interrupts are processed. Additional aspects of MEXG are described in detail below.
WFI:执行域运行在超级模式使用WFI时,触发非法指令异常,参考RISC-VPrivilegedSpec 3.3.3,SME使能后mstatus.TW强制设置为1,不可修改。安全监视器根据当前执行域X、执行域Y和执行域Z需求判断是否进行调度或者进入WFI状态。执行域0机器模式下的WFI沿用RISC-V标准定义。WFI: When the execution domain runs in super mode and uses WFI, an illegal instruction exception is triggered. Refer to RISC-VPrivilegedSpec 3.3.3. After SME is enabled, mstatus.TW is forced to be set to 1 and cannot be modified. The security monitor judges whether to schedule or enter the WFI state according to the requirements of the current execution domain X, execution domain Y, and execution domain Z. WFI in execution domain 0 machine mode follows the definition of RISC-V standard.
需要说明的是,SSWI/SEI不会直接触发执行域X、执行域Y和执行域Z切换,如果SSWI/SEI中断发生在当前运行执行域(例如,执行域X),则直接在超级模式下进行处理。如果SSWI/SEI中断发生在非当前运行执行域(例如,执行域Y和执行域Z),则根据MEXG中断进行调度后处理。完成上下文保存和恢复后,使用mret指令切换到目标执行域。关于MEXG中断的示例性附加方面将在下文中断隔离部分详细描述。It should be noted that SSWI/SEI will not directly trigger the switching of execution domain X, execution domain Y, and execution domain Z. If the SSWI/SEI interrupt occurs in the current running execution domain (for example, execution domain X), it will be directly in super mode to process. If the SSWI/SEI interrupt occurs in a non-currently running execution domain (eg, execution domain Y and execution domain Z), then post-scheduling processing is performed according to the MEXG interrupt. After context saving and restoration is complete, use the mret instruction to switch to the target execution domain. Exemplary additional aspects regarding MEXG interrupts are described in detail in the Interrupt Isolation section below.
下面介绍示例性的MDID CSR定义。An exemplary MDID CSR definition is presented below.
mdid是机器模式下的控制状态寄存器(CSR),包括mdid.DID和mdid.NS,分别用于配置执行域标识符(执行域ID或DID)和/或非安全标识信息(NS),长度为XLEN比特,这里的XLEN可以指控制状态寄存器或由控制状态寄存器设置的数据对象的位数或长度。mdid is the control status register (CSR) in machine mode, including mdid.DID and mdid.NS, which are used to configure the execution domain identifier (execution domain ID or DID) and/or non-security identification information (NS) respectively, and the length is XLEN bit, where XLEN may refer to the control status register or the number of bits or length of the data object set by the control status register.
需要说明的是,贯穿本公开的各个实施例,mdid(例如可以对应于上下文的执行域状态信息,并且可以包括DID和NS信息)通常情况下与当前执行域相关联,并且在进行执行域的上下文切换时与目标执行域相关联。It should be noted that, throughout the various embodiments of the present disclosure, mdid (for example, may correspond to execution domain status information of the context, and may include DID and NS information) is generally associated with the current execution domain, and is executed during the execution domain Associated with the target execution domain when context switching.
图4示出了根据本公开的至少一实施例的控制状态寄存器设置的数据对象示意图。参见图4,该数据对象长度为XLEN比特,其中,mdid.DID例如是4比特的写任意读合法(WARL)字段,用来标识Hart执行mret指令之后运行的执行域。FIG. 4 shows a schematic diagram of a data object controlling status register settings according to at least one embodiment of the present disclosure. Referring to FIG. 4 , the length of the data object is XLEN bits, wherein, mdid.DID is, for example, a 4-bit Write Any Read Legal (WARL) field, which is used to identify the execution domain after Hart executes the mret instruction.
这里,mret指令是机器指令,用于从机器模式返回到先前的特权模式,只能在特权级别为机器模式时使用。mret指令的作用是将机器模式下的程序计数器(PC)和特权级别(MPP)还原为之前保存的值,并将当前特权级别设置为之前保存的特权级别。Here, the mret instruction is a machine instruction for returning from the machine mode to the previous privileged mode, and can only be used when the privilege level is the machine mode. The function of the mret instruction is to restore the program counter (PC) and privilege level (MPP) in machine mode to the previously saved values, and set the current privilege level to the previously saved privilege level.
参见图4,mdid.NS例如是1比特写任意读合法(WARL)字段,用来标识Hart当前的状态是非安全(non-secure)还是安全(secure)。例如,当NS字段为0时,指示为安全状态,当NS字段为1时,指示为非安全状态。在一些实施例中,NS字段的复位值或初始值为0。Referring to FIG. 4 , mdid.NS is, for example, a 1-bit Write Any Read Legal (WARL) field, which is used to identify whether the current state of Hart is non-secure or secure. For example, when the NS field is 0, it indicates a secure state, and when the NS field is 1, it indicates a non-secure state. In some embodiments, the reset or initial value of the NS field is zero.
这里的mdid.DID和mdid.NS的字节的长度仅是示例性,本公开的实施例不以此为限。The byte lengths of mdid.DID and mdid.NS here are only exemplary, and the embodiments of the present disclosure are not limited thereto.
另外,参见图4,mdid还可以包括长度为XLEN-5比特的写保留读忽略(WPRI)字段,例如用于保存与业务相关联的其他信息。In addition, referring to FIG. 4 , mdid may also include a write-preserve-read-ignore (WPRI) field with a length of XLEN-5 bits, for example, for storing other information associated with the service.
在机器模式下设置mdid可以立刻引起中断控制器(例如PLIC/ACLINT)状态更新,但是不会引起系统访存单元(LSU)和取指单元(IFU)事务DID/NS发生变化。例如,仅当执行mret指令后该设置才会生效。机器模式下中断和ECALL不会引起mdid值发生变化,所以中断控制器不会发生状态更新,但是访存单元(LSU)和取指单元(IFU)事务DID/NS会根据当前的机器模式切换到执行域0状态。Setting mdid in machine mode can immediately cause an interrupt controller (such as PLIC/ACLINT) status update, but will not cause system access unit (LSU) and instruction fetch unit (IFU) transaction DID/NS to change. For example, this setting will take effect only after the mret command is executed. Interrupts and ECALLs in machine mode will not cause the mdid value to change, so the interrupt controller will not update the state, but the memory access unit (LSU) and instruction fetch unit (IFU) transaction DID/NS will be switched to according to the current machine mode Execute domain 0 state.
基于执行域标识符和/或非安全标识信息,可以进行下面示例性描述的中断隔离、高速缓存隔离以及翻译后备缓冲器隔离等。Based on the execution domain identifier and/or the non-safety identification information, the interrupt isolation, cache isolation, and translation lookaside buffer isolation described exemplarily below can be performed.
下面介绍示例性的中断隔离。Exemplary interrupt isolation is described below.
诸如RISC-V的中断控制器(ACLINT/PLIC)标准定义中断控制器触发SSWI/MSWI/STIMER/MTIMER/SEI/MEI给每个Hart。在此基础上,需要对ACLINT和PLIC进行扩展以支持执行域和特权模式状态,另外,可以同时增加MEXG中断信号用于触发执行域上下文切换。Hart被MEXG中断信号中断后由软件根据业务需要分别查询ACLINT和PLIC MEXGx寄存器,获取需要切换到的目标执行域的执行域标识符。The interrupt controller (ACLINT/PLIC) standard such as RISC-V defines that the interrupt controller triggers SSWI/MSWI/STIMER/MTIMER/SEI/MEI for each Hart. On this basis, ACLINT and PLIC need to be extended to support the execution domain and privileged mode state. In addition, the MEXG interrupt signal can be added at the same time to trigger the execution domain context switch. After the Hart is interrupted by the MEXG interrupt signal, the software queries the ACLINT and PLIC MEXGx registers respectively according to the business needs, and obtains the execution domain identifier of the target execution domain to be switched to.
图5示出了根据本公开的至少一实施例的中断隔离的示意图。FIG. 5 shows a schematic diagram of interrupt isolation according to at least one embodiment of the present disclosure.
如图5所示,CPU核(例如Core 0、Core 1、Core M、Core N等)需要把当前Hart的特权模式(Privilege Mode)和执行域标识符(执行域ID)信息送往中断控制器ACLINT和PLIC,并根据ECALL/xRET(例如sret/mret)和执行域ID的变化实时更新。例如,机器模式对ACLINT和PLIC有完全的读写权限。As shown in Figure 5, the CPU core (such as Core 0, Core 1, Core M, Core N, etc.) needs to send the current Hart's privileged mode (Privilege Mode) and execution domain identifier (execution domain ID) information to the interrupt controller ACLINT and PLIC, and updated in real time according to ECALL/xRET (eg sret/mret) and execution domain ID changes. For example, machine mode has full read and write access to ACLINT and PLIC.
例如,ACLINT和PLIC只触发机器模式和当前运行执行域(例如,执行域X)的中断,根据基于中断信号的中断的设置状态来分别在安全监视器和操作系统内核(例如Linux内核)里进行处理。例如,非当前运行执行域(例如,执行域Y和执行域Z)的超级模式中断会被ACLINT和PLIC抑制,转换为MEXG中断要求安全监视器进行执行域切换,在对应的执行域切换到运行状态时,当前运行执行域的超级模式中断才会被触发。For example, ACLINT and PLIC only trigger interrupts for the machine mode and the currently running execution domain (e.g., execution domain X), respectively, in the security monitor and operating system kernel (e.g., the Linux kernel) according to the set state of the interrupt based on the interrupt signal. deal with. For example, the super-mode interrupts of non-currently running execution domains (for example, execution domain Y and execution domain Z) will be suppressed by ACLINT and PLIC, and converted to MEXG interrupts require the safety monitor to perform execution domain switching, and switch to running in the corresponding execution domain state, the power mode interrupt of the currently running execution domain will be triggered.
例如,中断控制器(例如PLIC)可以从外部接收中断请求信号,通过比较中断请求信号对应的执行域与当前的执行域ID是否一致。如果一致,可以生成与中断请求信号相对应的信号或者直接透传中断请求信号,使得中断控制器进行中断操作;如果不一致,可以生成MEXG中断信号,并且使得中断控制器基于MEXG中断信号进行执行域切换,在执行域切换之后(此时当前的执行域ID将变得与中断请求信号对应的执行域一致),再生成与中断请求信号相对应的信号或者透传中断请求信号。For example, an interrupt controller (such as PLIC) may receive an interrupt request signal from the outside, and compare whether the execution domain corresponding to the interrupt request signal is consistent with the current execution domain ID. If they are consistent, a signal corresponding to the interrupt request signal can be generated or the interrupt request signal can be transparently transmitted directly, so that the interrupt controller can perform an interrupt operation; if not, a MEXG interrupt signal can be generated, and the interrupt controller can be executed based on the MEXG interrupt signal Switching, after the execution domain is switched (the current execution domain ID will become consistent with the execution domain corresponding to the interrupt request signal), regenerate the signal corresponding to the interrupt request signal or transparently transmit the interrupt request signal.
下面介绍示例性的高速缓存隔离。Exemplary cache isolation is described below.
诸如RISC-V的处理器核通常支持多级高速缓存,诸如一级指令高速缓存(I-Cache)/一级数据高速缓存(D-Cache)/二级缓存(L2Cache)/最后一级缓存(LLC)等。高速缓存隔离可以增加对I-Cache/D-Cache/L2Cache/LLC等的DID/NS支持,例如在做清除(Flush)和逐出(Evict)时在总线上使能DID/NS信号,例如使得存入高速缓存的数据或从高速缓存读取的数据带有相应的DID/NS信息。Processor cores such as RISC-V usually support multi-level caches, such as level 1 instruction cache (I-Cache) / level 1 data cache (D-Cache) / level 2 cache (L2Cache) / last level cache ( LLC) etc. Cache isolation can increase DID/NS support for I-Cache/D-Cache/L2Cache/LLC, etc., such as enabling the DID/NS signal on the bus when doing flush (Flush) and eviction (Evict), such as enabling Data stored in the cache or read from the cache has corresponding DID/NS information.
例如,DID扩展要求PMP区域允许的最小粒度保持和缓存行(Cache line)的长度一致,因此可以一个缓存行对应一个DID/NS。当然,本公开不以此为限,例如,DID扩展要求PMP区域允许的最小粒度保持和采用组相联映射方式的缓存中的缓存组(Cache Set)或缓存区域的长度一致,因此可以多个缓存行对应一个DID/NS。For example, the DID extension requires that the minimum granularity allowed by the PMP area is consistent with the length of the cache line (Cache line), so one cache line can correspond to one DID/NS. Of course, the present disclosure is not limited thereto. For example, the DID extension requires that the minimum granularity allowed by the PMP area be kept consistent with the length of the cache set (Cache Set) or the cache area in the cache using the set associative mapping method, so multiple A cache line corresponds to a DID/NS.
在DID扩展要求PMP区域允许的最小粒度保持和缓存行的长度一致的情况下,高速缓存的每条缓存行可以增加额外的空间用来记录DID/NS字段来扩展高速缓存。In the case where the DID extension requires that the minimum granularity allowed by the PMP area is consistent with the length of the cache line, each cache line of the cache can add additional space to record the DID/NS field to expand the cache.
图6示出了根据本公开的至少一实施例的数据高速缓存(D-Cache)隔离的示意图。在图6中,以数据高速缓存为例进行描述,并且针对其他级的高速缓存可以通过相同或相似的方式来实现。FIG. 6 shows a schematic diagram of data cache (D-Cache) isolation according to at least one embodiment of the present disclosure. In FIG. 6 , data cache is taken as an example for description, and caches of other levels may be implemented in the same or similar manner.
参见图6,数据高速缓存的每个缓存行除了通常的数据存储部分、标签(Tag)字段、有效位(未示出)之外通过额外的空间来记录DID字段和NS字段,以将所存储的数据与DID和NS字段相关联。如此,参见图6,每个缓存行可以包括DID和NS字段、标签(Tag)以及相应的数据(Data)。当然,本公开的实施例不限于此。例如,在仅需要考虑安全访问和非安全访问的情况下,可以通过额外的空间来记录NS字段。又例如,在仅需要执行域的情况下,可以通过额外的空间来记录DID字段。Referring to FIG. 6, each cache line of the data cache records the DID field and the NS field through an extra space except the usual data storage part, a tag (Tag) field, and a valid bit (not shown), so as to store the The data is associated with the DID and NS fields. Thus, referring to FIG. 6 , each cache line may include DID and NS fields, a tag (Tag) and corresponding data (Data). Of course, the embodiments of the present disclosure are not limited thereto. For example, in the case where only secure access and non-secure access need to be considered, additional space can be used to record the NS field. For another example, in the case where only the execution domain is required, the DID field can be recorded through an extra space.
参见图6,可以基于DID信息(DID/NS)来操作高速缓存。Referring to FIG. 6, the cache may be operated based on DID information (DID/NS).
例如,当填充缓存行向总线发出加载(Load)请求时,例如CPU核和/或高速缓存可以往外部总线送出DID和NS信号。CPU核当有加载或者存储(Store)请求发出时,DID和NS可以与请求的标签、索引等其它信号一起送往高速缓存。信号中附带的DID和NS字段不用于缓存行的匹配,匹配规则仍旧按照原有的方式进行,例如,通过物理地址(PA)中的标签和索引进行匹配并且通过物理地址中的偏移(Offset)查找到缓存行汇总相应的地址以进行读写操作。For example, when filling a cache line and sending a load (Load) request to the bus, for example, the CPU core and/or the cache may send DID and NS signals to the external bus. When the CPU core sends a load or store (Store) request, the DID and NS can be sent to the cache together with other signals such as the requested label and index. The DID and NS fields attached to the signal are not used for the matching of the cache line, and the matching rules are still performed in the original way, for example, matching through the tag and index in the physical address (PA) and matching through the offset in the physical address (Offset ) to find the corresponding address of the cache line summary for read and write operations.
例如,当数据高速缓存未命中(miss)而需要将数据从数据源(例如内存)读入高速数据缓存中而进行填充时,将信号带出的DID和NS字段写入需要填充的缓存行中。当数据高速缓存命中(hit)时,不更新缓存行的DID和NS字段。如果对应的地址在运行时有DID变化,软件可以做主动的清理(Clean)和无效(Invalid)操作,重新按照新的DID来填充缓存行。For example, when the data cache misses (miss) and data needs to be read from the data source (such as memory) into the high-speed data cache for filling, the DID and NS fields brought out by the signal are written into the cache line that needs to be filled . When a data cache hits, the DID and NS fields of the cache line are not updated. If the corresponding address has a DID change during operation, the software can perform active cleaning (Clean) and invalid (Invalid) operations, and refill the cache line according to the new DID.
当数据高速缓存由于CMO指令或者逐出执行清除操作时,将缓存行所带的DID和NS字段一起送至外部总线中。When the data cache is cleared due to a CMO instruction or eviction, the DID and NS fields carried by the cache line are sent to the external bus together.
下面介绍示例性的翻译后备缓冲器隔离。Exemplary translation lookaside buffer isolation is described below.
RISC-V特权规范(RISC-V Privilege Spec)定义了监管者地址转换和保护寄存器(SATP)和页表项(PTE)。翻译后备缓冲器(TLB)可以通过额外的空间来记录DID字段,例如,在翻译后备缓冲器的部分增加DID的标签扩展。由此,可以基于DID字段操作翻译后备缓冲器。The RISC-V Privilege Spec defines the Supervisor Address Translation and Protection Register (SATP) and Page Table Entry (PTE). The translation lookaside buffer (TLB) can record the DID field with extra space, for example, adding a tag extension of the DID to the part of the translation lookaside buffer. Thus, the translation lookaside buffer can be manipulated based on the DID field.
例如,在翻译后备缓冲器中保存DID和地址空间标识符(ASID)作为其条目(Entry)的标签,只有DID和ASID匹配的情况下才命中翻译后备缓冲器的条目。换句话说,在匹配到DID以及ASID时,命中继续查询翻译后备缓冲器以确定是否匹配翻译后备缓冲器中的条目。另外,可以同时引入一条内存屏障指令(MFENCE.VMA指令)来确保完成之前的PTE操作,同时控制翻译后备缓冲器的清除。例如,MFENCE.VMA指令只能在机器模式执行,在其他特权模式执行时出现指令异常。For example, a DID and an address space identifier (ASID) are stored in the translation lookaside buffer as tags of its entry (Entry), and only when the DID and the ASID match, the entry of the translation lookaside buffer is hit. In other words, when a DID as well as an ASID is matched, the hit continues to query the translation lookaside buffer to determine if there is a match for an entry in the translation lookaside buffer. In addition, a memory barrier instruction (MFENCE.VMA instruction) can be introduced at the same time to ensure that the previous PTE operation is completed, and at the same time control the clearing of the translation lookaside buffer. For example, the MFENCE.VMA instruction can only be executed in the machine mode, and an instruction exception occurs when it is executed in other privileged modes.
基于以上示例性的系统架构的描述,本公开的至少一实施例提供了处理器级别的安全执行域。Based on the description of the exemplary system architecture above, at least one embodiment of the present disclosure provides a secure execution domain at the processor level.
图7A示出了根据本公开的至少一实施例的处理方法700的流程图。该处理方法700例如可以在参见图2描述的隔离模型中或者其他合适的处理器系统架构中实现。参见图7A,该处理方法700包括步骤S710至步骤S720。FIG. 7A shows a flowchart of a processing method 700 according to at least one embodiment of the present disclosure. The processing method 700 can be implemented, for example, in the isolation model described with reference to FIG. 2 or in other suitable processor system architectures. Referring to FIG. 7A, the processing method 700 includes step S710 to step S720.
在步骤S710中,在系统中提供第一执行域,其中,第一执行域运行在第一模式,并且作为安全监视器的运行环境,其中第一模式在非扩展的情形是机器模式。In step S710, a first execution domain is provided in the system, wherein the first execution domain runs in a first mode, and serves as an execution environment of a security monitor, wherein the first mode is a machine mode in a non-extended situation.
在步骤S720中,在系统中创建至少一个第二执行域,其中,每个第二执行域基于第一执行域运行,并且运行在对应设置的第二模式,其中第二模式的权限低于第一机器模式的权限。In step S720, at least one second execution domain is created in the system, wherein each second execution domain operates based on the first execution domain, and operates in a correspondingly set second mode, wherein the authority of the second mode is lower than that of the first execution domain. A machine-mode permission.
上述系统可以是例如参见图2描述的RISV-C处理器系统架构的部分或全部或者其他合适的处理器系统。第一执行域可以对应于上文的执行域0,第二执行域可以对应于上文的执行域X、执行域Y和执行域Z。第一模式在非扩展的情形是机器模式时,第二模式可以是高超级模式、超级模式或用户模式。The above system may be, for example, part or all of the RISV-C processor system architecture described with reference to FIG. 2 or other suitable processor systems. The first execution domain may correspond to the above execution domain 0, and the second execution domain may correspond to the above execution domain X, execution domain Y, and execution domain Z. When the first mode is machine mode in the non-extended case, the second mode may be high hypermode, hypermode or user mode.
如此,根据本公开的至少一实施例的处理方法可以为执行域提供丰富的特权模式,从而促进构建灵活和丰富的安全业务模型。In this way, the processing method according to at least one embodiment of the present disclosure can provide rich privilege modes for the execution domain, thereby promoting the construction of flexible and rich security business models.
下面描述根据本公开的至少一实施例的处理方法的一些示例性的附加方面。Some exemplary additional aspects of the processing method according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的处理方法,第一模式可以扩展到例如高超级模式、超级模式等。例如,参见图2,第一模式可以扩展为例如高超级模式、超级模式等。在一些示例中,根据业务需要,第一模式可以从机器模式扩展到超级模式。如此,根据本公开的至少一实施例的处理方法可以进一步提供丰富的特权模式,从而促进构建灵活和丰富的安全业务模型。For example, according to the processing method of at least one embodiment of the present disclosure, the first mode may be extended to, for example, a high hyper mode, a hyper mode, and the like. For example, referring to FIG. 2 , the first mode can be extended to, for example, high hyper mode, hyper mode, and the like. In some examples, the first mode can be extended from machine mode to super mode according to business needs. In this way, the processing method according to at least one embodiment of the present disclosure can further provide a rich privilege model, thereby promoting the construction of a flexible and rich security business model.
例如,根据本公开的至少一实施例的处理方法,至少一个第二执行域包括多个第二执行域,多个第二执行域在安全等级上没有区分。例如,参见图2,执行域X、执行域Y和执行域Z在安全等级上没有区分。如此,根据本公开的至少一实施例的处理方法可以为具有各种安全等级提供灵活的执行域。For example, according to the processing method of at least one embodiment of the present disclosure, at least one second execution domain includes multiple second execution domains, and the multiple second execution domains are not differentiated in terms of security levels. For example, referring to FIG. 2 , execution domain X, execution domain Y, and execution domain Z are not distinguished in terms of security levels. In this way, the processing method according to at least one embodiment of the present disclosure can provide flexible execution domains with various security levels.
例如,根据本公开的至少一实施例的处理方法,第一执行域与至少一个第二执行域之间,以及多个第二执行域中的每一个执行域之间的隔离通过物理内存保护/增强型物理内存保护实现。例如,参见图2,执行域0与执行域X、执行域Y和执行域Z之间的隔离可以通过PMP/ePMP实现,执行域X、执行域Y和执行域Z之间的隔离可以通过PMP/ePMP实现。如此,根据本公开的至少一实施例的处理方法可以通过特定的内存保护实现执行域的隔离,保证了执行域内数据的安全性。For example, in the processing method according to at least one embodiment of the present disclosure, the isolation between the first execution domain and at least one second execution domain, and between each of the plurality of second execution domains is achieved through physical memory protection/ Enhanced physical memory protection implementation. For example, referring to Figure 2, the isolation between execution domain 0 and execution domain X, execution domain Y, and execution domain Z can be achieved through PMP/ePMP, and the isolation between execution domain X, execution domain Y, and execution domain Z can be achieved through PMP /ePMP implementation. In this way, the processing method according to at least one embodiment of the present disclosure can realize the isolation of execution domains through specific memory protection, ensuring the security of data in the execution domains.
例如,根据本公开的至少一实施例的处理方法,还包括:基于执行域标识符,在当前运行执行域与目标执行域之间切换,其中,执行域标识符用于标识执行域切换时的目标执行域,当前执行域和目标执行域选自包括第一执行域和至少一个第二执行域的组,当前执行域和目标执行域不同。例如,当前执行域可以是执行域0,目标执行域可以是执行域X。又例如,参见图5,当前执行域可以是执行域X,目标执行域可以是执行域Y。例如,参见图5的实施例,在进行执行域切换时,例如从执行域X切换到执行域Y,可以基于标识执行域Y的执行域标识符例如经由中断操作、保护执行域X的当前上下文并恢复执行域Y的上下文等来将执行域X切换到执行域Y。如此,根据本公开的至少一实施例的处理方法可以基于执行域标识符进行执行域或上下文切换。For example, the processing method according to at least one embodiment of the present disclosure further includes: switching between the current running execution domain and the target execution domain based on the execution domain identifier, wherein the execution domain identifier is used to identify the The target execution domain, the current execution domain and the target execution domain are selected from the group consisting of a first execution domain and at least one second execution domain, the current execution domain and the target execution domain being different. For example, the current execution domain may be execution domain 0, and the target execution domain may be execution domain X. For another example, referring to FIG. 5 , the current execution domain may be execution domain X, and the target execution domain may be execution domain Y. For example, referring to the embodiment of FIG. 5 , when switching execution domains, such as switching from execution domain X to execution domain Y, the current context of execution domain X can be protected based on the execution domain identifier that identifies execution domain Y, for example, via an interrupt operation. And restore the context of execution domain Y, etc. to switch execution domain X to execution domain Y. In this way, the processing method according to at least one embodiment of the present disclosure can perform execution domain or context switching based on the execution domain identifier.
例如,根据本公开的至少一实施例的处理方法,目标执行域在处理器核执行特权模式解除指令之后被切换为运行的执行域。例如,特权模式解除指令可以用于在从例如机器模式下返回到先前的特权级模式。例如,在RISC-V架构中,特权模式解除指令可以为mret指令,然而本公开的实施例不限于此,在其他架构中,可以存着其他的特权模式解除指令。例如,在从执行域X到执行域Y的执行域切换过程中,执行域X为当前运行执行域,执行域Y为目标执行域,在Hart执行mret指令之后,完成从执行域X到执行域Y的切换,当前运行的执行域将为执行域Y。也就是说,Hart完成执行mret指令可以作为执行域切换完成的时间点。For example, according to the processing method of at least one embodiment of the present disclosure, the target execution domain is switched to the running execution domain after the processor core executes the privilege mode release instruction. For example, a privileged mode release instruction may be used to return to a previous privileged level mode from, for example, machine mode. For example, in the RISC-V architecture, the privileged mode release instruction may be the mret instruction, but embodiments of the present disclosure are not limited thereto, and other privileged mode release instructions may exist in other architectures. For example, in the process of switching from execution domain X to execution domain Y, execution domain X is the current execution domain, and execution domain Y is the target execution domain. After Hart executes the mret instruction, the transition from execution domain X to execution domain is completed. When Y is switched, the currently running execution domain will be execution domain Y. That is to say, the completion of the execution of the mret instruction by the Hart can be used as the time point when the domain switching is completed.
例如,根据本公开的至少一实施例的处理方法,提供控制状态寄存器以设置并记录执行域标识符。例如,参见图4,可以控制状态寄存器以设置并记录执行域标识符DID。如此,根据本公开的至少一实施例的处理方法可以通过在处理器内设置相应的寄存器来促进执行域标识符的设置和记录。与通过处理外部输入执行域标识符相比,可以提高处理器的处理速度。For example, in the processing method according to at least one embodiment of the present disclosure, a control status register is provided to set and record the execution domain identifier. For example, referring to FIG. 4, the status register may be controlled to set and record the execution domain identifier DID. In this way, the processing method according to at least one embodiment of the present disclosure can facilitate setting and recording of domain identifiers by setting corresponding registers in the processor. The processing speed of the processor can be increased compared to executing the domain identifier by processing an external input.
这里,在执行域切换时,控制状态寄存器(CSR)设置并记录的执行域标识符是目标执行域的执行域标识符(例如,在从执行域X到执行域Y的执行域切换过程中的执行域Y的执行域标识符)。当然,在执行域切换完成时,由于目标执行域已经变为当前执行域(例如已经执行域X变为执行域Y,因而当前执行域为执行域Y),因此控制状态寄存器设置并记录的执行域标识符是当前执行域的执行域标识符(即为执行域Y的执行域的执行域标识符)。也就是说,控制状态寄存器设置并记录的执行域标识符是执行域切换时的目标执行域的执行域标识符,而未切换时控制状态寄存器(CSR)设置并记录的执行域标识符是当前执行域的执行域标识符。Here, at the time of execution domain switching, the execution domain identifier set and recorded in the control status register (CSR) is the execution domain identifier of the target execution domain (for example, during execution domain switching from execution domain X to execution domain Y Execution Domain Identifier of Execution Domain Y). Of course, when the execution domain switching is completed, since the target execution domain has become the current execution domain (for example, the execution domain X has changed to the execution domain Y, so the current execution domain is the execution domain Y), the execution of the control status register setting and recording The domain identifier is the execution domain identifier of the current execution domain (that is, the execution domain identifier of the execution domain Y). That is to say, the execution domain identifier set and recorded by the control status register is the execution domain identifier of the target execution domain when the execution domain is switched, while the execution domain identifier set and recorded by the control status register (CSR) is the current The execution domain identifier of the execution domain.
例如,根据本公开的至少一实施例的处理方法,至少一个第二执行域包括多个第二执行域,多个第二执行域之间基于普通执行环境/可信执行环境(REE/TEE)语义进行区分。例如,参见图2,执行域X、执行域Y和执行域Z可以是REE或者TEE。例如执行域X、执行域Y可以是REE,执行域Z可以是TEE。这样,第二执行域中的部分执行域可以是REE并且其上可以运行或执行一般的业务,而第二执行域中的其他部分执行域为TEE并且其上可以运行或执行可信业务。如此,根据本公开的至少一实施例的处理方法可以提供REE/TEE环境,促进各种业务在系统上的执行。For example, according to the processing method of at least one embodiment of the present disclosure, at least one second execution domain includes multiple second execution domains, and the common execution environment/trusted execution environment (REE/TEE) between the multiple second execution domains Semantics are distinguished. For example, referring to FIG. 2, execution domain X, execution domain Y, and execution domain Z may be REE or TEE. For example, execution domain X and execution domain Y can be REE, and execution domain Z can be TEE. In this way, some of the second execution domains may be REEs on which general services can be run or executed, while other parts of the second execution domains are TEEs on which trusted services can be run or executed. In this way, the processing method according to at least one embodiment of the present disclosure can provide a REE/TEE environment to facilitate the execution of various services on the system.
例如,根据本公开的至少一实施例的处理方法,系统运行在硬件设备上,硬件设备包括至少一个处理器核以及系统总线,该处理方法还包括:在至少一个处理器核的流水线和系统总线中传输执行域标识符。例如,参见图2,处理器系统可以运行在处理器核(Core)、LLC与中断控制器等硬件设备上,并且可以在处理器流水线和系统总线中传输执行域标识符。如此,根据本公开的至少一实施例的处理方法可以促进执行域标识符在例如处理器系统架构中的传输,以便基于执行域标识符进行进一步地处理。For example, according to the processing method of at least one embodiment of the present disclosure, the system runs on a hardware device, and the hardware device includes at least one processor core and a system bus, and the processing method further includes: running the pipeline on the at least one processor core and the system bus Transport execution domain identifier. For example, referring to FIG. 2 , the processor system can run on hardware devices such as processor core (Core), LLC and interrupt controller, and can transmit execution domain identifiers in the processor pipeline and system bus. In this way, the processing method according to at least one embodiment of the present disclosure can facilitate the transmission of the execution domain identifier in, for example, the processor system architecture for further processing based on the execution domain identifier.
在其他附加方面,也可以在处理器流水线和系统总线中传输非安全标识信息。例如,NS信息的比特可以映射到AXI总线AxPROT[1]来进行NS信息的传输。例如,AxPROT[1]的值为0可以指示安全访问,并且AxPROT[1]的值为1可以指示非安全访问。In other additional aspects, non-secure identification information may also be transmitted in the processor pipeline and system bus. For example, the bits of NS information can be mapped to the AXI bus AxPROT[1] to transmit NS information. For example, a value of 0 for AxPROT[1] may indicate secure access, and a value of 1 for AxPROT[1] may indicate non-secure access.
例如,根据本公开的至少一实施例的处理方法,还包括:基于执行域标识符进行中断操作。例如,如上文参见图5的关于中断操作的描述,可以基于执行域标识符DID经由中断控制器来进行中断操作。如此,根据本公开的至少一实施例的处理方法可以实现基于执行域的安全及高效的中断处理。For example, the processing method according to at least one embodiment of the present disclosure further includes: performing an interrupt operation based on the execution domain identifier. For example, as described above regarding the interrupt operation with reference to FIG. 5 , the interrupt operation may be performed via the interrupt controller based on the execution domain identifier DID. In this way, the processing method according to at least one embodiment of the present disclosure can realize safe and efficient interrupt processing based on the execution domain.
例如,根据本公开的至少一实施例的处理方法,还包括:基于执行域标识符操作高速缓存。例如,如上文参见图6的关于高速缓存的描述,可以基于执行域标识符DID和NS信息来操作高速缓存。如此,根据本公开的至少一实施例的处理方法可以实现基于执行域的安全及高效的缓存操作。例如,可以实现基于执行域的细粒度操作,实现细粒度的硬件级别内存保护。For example, the processing method according to at least one embodiment of the present disclosure further includes: operating the cache based on the execution domain identifier. For example, as described above regarding the cache with reference to FIG. 6 , the cache may be operated based on the execution domain identifier DID and NS information. In this way, the processing method according to at least one embodiment of the present disclosure can realize safe and efficient caching operations based on execution domains. For example, fine-grained operations based on execution domains can be implemented to achieve fine-grained hardware-level memory protection.
例如,根据本公开的至少一实施例的处理方法,还包括:基于执行域标识符操作翻译后备缓冲器。例如,如上文关于翻译后备缓冲器的描述,可以基于执行域标识符DID和NS信息来操作翻译后备缓冲器。如此,根据本公开的至少一实施例的处理方法可以实现基于执行域的安全及高效的地址翻译操作。例如,可以实现基于执行域的细粒度操作,实现细粒度的硬件级别内存保护。For example, the processing method according to at least one embodiment of the present disclosure further includes: operating the translation lookaside buffer based on the execution domain identifier. For example, as described above with respect to the translation lookaside buffer, the translation lookaside buffer may be operated based on the execution domain identifier DID and NS information. In this way, the processing method according to at least one embodiment of the present disclosure can implement safe and efficient address translation operations based on execution domains. For example, fine-grained operations based on execution domains can be implemented to achieve fine-grained hardware-level memory protection.
与上述根据本公开的至少一实施例的处理方法相对应地,本公开的至少一实施例提供了一种系统,参见图7B。在其他方面,该系统例如与参见图2描述的隔离模型相对应。Corresponding to the above processing method according to at least one embodiment of the present disclosure, at least one embodiment of the present disclosure provides a system, see FIG. 7B . In other respects, the system corresponds eg to the isolation model described with reference to FIG. 2 .
图7B示出了根据本公开的至少一实施例的系统750的示意图。FIG. 7B shows a schematic diagram of a system 750 in accordance with at least one embodiment of the present disclosure.
参见图7B,系统750包括第一执行域760以及至少一个第二执行域770。Referring to FIG. 7B , the system 750 includes a first execution domain 760 and at least one second execution domain 770 .
第一执行域760运行在第一模式,并且作为安全监视器的运行环境,第一模式在非扩展的情形是机器模式。The first execution domain 760 runs in a first mode, and as the running environment of the security monitor, the first mode is a machine mode in a non-extended situation.
至少一个第二执行域770中的每个第二执行域基于第一执行域760运行并且运行在对应设置的第二模式,其中第二模式的权限低于机器模式的权限。Each of the at least one second execution domain 770 operates based on the first execution domain 760 and operates in a correspondingly set second mode, wherein the authority of the second mode is lower than that of the machine mode.
如此,根据本公开的至少一实施例的系统可以为执行域提供丰富的特权模式,从而促进构建灵活和丰富的安全业务模型。In this way, the system according to at least one embodiment of the present disclosure can provide rich privilege modes for the execution domain, thereby promoting the construction of flexible and rich security business models.
下面描述根据本公开的至少一实施例的系统的一些示例性的附加方面。Some exemplary additional aspects of a system according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的系统,至少一个第二执行域包括多个第二执行域,多个第二执行域在安全等级上没有区分或者多个第二执行域之间基于普通执行环境/可信执行环境语义进行区分。For example, in the system according to at least one embodiment of the present disclosure, at least one second execution domain includes multiple second execution domains, and there is no distinction between the multiple second execution domains in terms of security levels, or the multiple second execution domains are based on common execution environment/trusted execution environment semantics.
例如,根据本公开的至少一实施例的系统,第一执行域与至少一个第二执行域之间,以及多个第二执行域中的每一个执行域之间的隔离通过物理内存保护/增强型物理内存保护实现。For example, in the system according to at least one embodiment of the present disclosure, the isolation between the first execution domain and at least one second execution domain, and between each of the plurality of second execution domains is protected/enhanced by physical memory Type physical memory protection implementation.
例如,根据本公开的至少一实施例的系统,还包括:执行域切换单元,被配置为基于执行域标识符,在当前运行执行域与目标执行域之间切换,其中,执行域标识符用于标识执行域切换时的目标执行域,当前运行执行域和目标执行域选自包括第一执行域和至少一个第二执行域的组,当前运行执行域和目标执行域不同。For example, the system according to at least one embodiment of the present disclosure further includes: an execution domain switching unit configured to switch between the current running execution domain and the target execution domain based on the execution domain identifier, wherein the execution domain identifier is represented by For identifying a target execution domain when switching execution domains, the current running execution domain and the target execution domain are selected from the group consisting of a first execution domain and at least one second execution domain, and the current running execution domain and the target execution domain are different.
例如,根据本公开的至少一实施例的系统,目标执行域在处理器核执行特权模式解除指令之后被切换为运行的执行域。For example, in the system according to at least one embodiment of the present disclosure, the target execution domain is switched to the running execution domain after the processor core executes the privilege mode release instruction.
例如,根据本公开的至少一实施例的系统,还包括:控制状态寄存器,被配置为设置并记录执行域标识符。For example, the system according to at least one embodiment of the present disclosure further includes: a control status register configured to set and record the execution domain identifier.
例如,根据本公开的至少一实施例的系统,系统运行在硬件设备上,硬件设备包括至少一个处理器核以及系统总线,并且执行域标识符在至少一个处理器核的流水线和系统总线中传输。For example, in the system according to at least one embodiment of the present disclosure, the system runs on a hardware device, the hardware device includes at least one processor core and a system bus, and the execution domain identifier is transmitted in the pipeline of the at least one processor core and the system bus .
例如,根据本公开的至少一实施例的系统,还包括中断控制器,被配置为基于执行域标识符进行中断操作;高速缓存控制器,被配置为基于执行域标识符操作高速缓存;或者翻译后备缓冲器控制器,被配置为基于执行域标识符操作翻译后备缓冲器。For example, the system according to at least one embodiment of the present disclosure further includes an interrupt controller configured to perform interrupt operations based on the execution domain identifier; a cache controller configured to operate the cache based on the execution domain identifier; or translate A lookaside buffer controller configured to manipulate the translation lookaside buffer based on the execution domain identifier.
上述根据本公开的至少一实施例的系统750的附加方面可以与根据本公开的至少一实施例的处理方法700的附加方面相对应,因此根据本公开的至少一实施例的处理方法700的附加方面的技术效果同样可以映射到根据本公开的至少一实施例的系统750的附加方面,在此不再赘述。The above additional aspects of the system 750 according to at least one embodiment of the present disclosure may correspond to the additional aspects of the processing method 700 according to at least one embodiment of the present disclosure, so the additional aspects of the processing method 700 according to at least one embodiment of the present disclosure The technical effects of the aspects can also be mapped to the additional aspects of the system 750 according to at least one embodiment of the present disclosure, which will not be repeated here.
另外,上述根据本公开的至少一实施例的系统的附加方面仅是示例性的,可以通过其他架构来实现上述系统的附加方面并且可以参考或结合例如如上结合图2描述的各个方面。In addition, the additional aspects of the above-mentioned system according to at least one embodiment of the present disclosure are only exemplary, and the additional aspects of the above-mentioned system may be implemented through other architectures and may refer to or combine the various aspects described above in conjunction with FIG. 2 .
图8A示出了根据本公开的至少一实施例的中断处理方法的流程图。该中断处理方法例如可以在参见图2、图3、图5描述的各方面或者其他合适的处理器系统架构中实现。示例性地,该中断处理方法可以由参见图2或图5描述的中断控制器(核本地中断控制器/平台级中断控制器)执行域。参见图8A,该中断处理方法包括步骤S810至步骤S820。FIG. 8A shows a flowchart of an interrupt handling method according to at least one embodiment of the present disclosure. For example, the interrupt handling method may be implemented in various aspects described with reference to FIG. 2 , FIG. 3 , and FIG. 5 or in other suitable processor system architectures. Exemplarily, the interrupt processing method can be executed by an interrupt controller (core-local interrupt controller/platform-level interrupt controller) described with reference to FIG. 2 or FIG. 5 . Referring to FIG. 8A, the interrupt handling method includes steps S810 to S820.
在步骤S810中,接收执行域标识符,其中,执行域标识符标识中断处理的目标执行域。In step S810, an execution domain identifier is received, wherein the execution domain identifier identifies a target execution domain of the interrupt process.
在步骤S820中,基于执行域标识符进行中断操作。In step S820, an interrupt operation is performed based on the execution domain identifier.
例如,在涉及从当前运行执行域到目标执行域的切换的中断操作时,执行域标识符可以标识目标执行域。进一步地,中断控制器可以基于执行域标识符触发处理器核进行中断操作,以执行从当前运行执行域到目标执行域的切换。例如,参见图5,在从当前运行执行域(执行域X)到目标执行域(执行域Y)的切换的中断操作中,中断控制器(ACLINT/PLIC)可以接收目标执行域(执行域Y)的执行域标识符(例如DID Y),中断控制器(ACLINT/PLIC)可以基于执行域标识符(DID Y)控制处理器核(例如Linux内核/安全监视器)进行中断操作。For example, an execution domain identifier may identify a target execution domain when an interrupt operation involves switching from a currently running execution domain to a target execution domain. Further, the interrupt controller may trigger the processor core to perform an interrupt operation based on the execution domain identifier, so as to switch from the current execution domain to the target execution domain. For example, referring to Figure 5, in an interrupt operation for switching from the currently running execution domain (execution domain X) to the target execution domain (execution domain Y), the interrupt controller (ACLINT/PLIC) may receive the target execution domain (execution domain Y) ), the interrupt controller (ACLINT/PLIC) can control the processor core (such as the Linux kernel/safety monitor) to perform interrupt operations based on the execution domain identifier (DID Y).
如此,根据本公开的至少一实施例的中断处理方法可以基于执行域标识符进行中断操作,可以实现基于执行域的安全及高效的中断处理。In this way, the interrupt processing method according to at least one embodiment of the present disclosure can perform interrupt operations based on the execution domain identifier, and can realize safe and efficient interrupt processing based on the execution domain.
下面描述根据本公开的至少一实施例的中断处理方法的一些示例性的附加方面。Some exemplary additional aspects of the interrupt handling method according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的中断处理方法,基于执行域标识符进行中断操作,包括:基于执行域标识符生成中断信号。这里,中断信号可以被传输到例如处理器核,以进行进一步的操作。例如,参见图5,在一些情况下,中断控制器PLIC可以接收基于执行域标识符生成中断信号SEI/MEI,以触发和控制例如安全监视器和Linux内核进行中断操作。For example, in the interrupt processing method according to at least one embodiment of the present disclosure, performing an interrupt operation based on the execution domain identifier includes: generating an interrupt signal based on the execution domain identifier. Here, the interrupt signal can be transmitted, for example, to a processor core for further operations. For example, referring to FIG. 5 , in some cases, the interrupt controller PLIC may receive an interrupt signal SEI/MEI generated based on the execution domain identifier to trigger and control, for example, the security monitor and the Linux kernel to perform interrupt operations.
如此,根据本公开的至少一实施例的中断处理方法可以基于执行域标识符来实现相应的中断操作。In this way, the interrupt handling method according to at least one embodiment of the present disclosure can implement corresponding interrupt operations based on the execution domain identifier.
例如,根据本公开的至少一实施例的中断处理方法,中断操作仅涉及触发机器模式和当前运行执行域的中断,并且根据基于中断信号的中断的设置状态来分别在安全监视器和操作系统内核里进行处理。例如,参见图5,当前运行执行域为执行域X,则中断控制器PLIC只触发机器模式和执行域X的中断,根据基于中断信号的中断的设置状态,中断信号MEI以及可能的MEXG在安全监视器里进行处理,并且中断信号SEI在操作系统内核(例如Linux内核)里进行处理。如此,根据本公开的至少一实施例的中断处理方法可以保证中断操作的安全性。For example, according to the interrupt handling method of at least one embodiment of the present disclosure, the interrupt operation only involves triggering the interrupt of the machine mode and the currently running execution domain, and according to the setting status of the interrupt based on the interrupt signal, the interrupt is executed in the security monitor and the operating system kernel respectively. in for processing. For example, referring to Figure 5, the current execution domain is execution domain X, then the interrupt controller PLIC only triggers the interrupt of the machine mode and execution domain X, according to the interrupt setting state based on the interrupt signal, the interrupt signal MEI and possibly MEXG are in the safe The monitor is processed, and the interrupt signal SEI is processed in the operating system kernel (eg, Linux kernel). In this way, the interrupt processing method according to at least one embodiment of the present disclosure can ensure the security of interrupt operations.
例如,根据本公开的至少一实施例的中断处理方法,基于执行域标识符生成中断信号,包括:响应于基于执行域标识符确定当前运行执行域和与中断请求信号对应的执行域不一致,生成上下文切换中断信号,上下文切换中断信号用于触发从当前运行执行域到与中断请求信号对应的执行域的切换;以及响应于从当前运行执行域到与中断请求信号对应的执行域的切换,生成与中断请求的信号对应的中断信号作为中断信号。例如,上下文切换中断信号可以是参见图5描述的MEXG中断信号。例如,MEXG中断信号可以用于经由例如处理器核来触发从当前运行执行域到与中断请求信号对应的执行域的切换。For example, in the interrupt processing method according to at least one embodiment of the present disclosure, generating the interrupt signal based on the execution domain identifier includes: in response to determining that the current running execution domain is inconsistent with the execution domain corresponding to the interrupt request signal based on the execution domain identifier, generating a context switching interrupt signal, the context switching interrupt signal is used to trigger switching from the current running execution domain to the execution domain corresponding to the interrupt request signal; and in response to switching from the current running execution domain to the execution domain corresponding to the interrupt request signal, generating An interrupt signal corresponding to a signal of an interrupt request serves as an interrupt signal. For example, the context switch interrupt signal may be the MEXG interrupt signal described with reference to FIG. 5 . For example, a MEXG interrupt signal may be used to trigger a switch from the currently running execution domain to the execution domain corresponding to the interrupt request signal via, for example, a processor core.
例如,在涉及从当前运行执行域到目标执行域的切换的中断操作时,执行域标识符可以标识目标执行域,如果当前执行域与目标执行域不一致,可以认为中断异常。此时,中断控制器可以生成MEXG中断信号,以控制处理器核触发从当前运行执行域到目标执行域的切换。随后,切换后的而正在运行的执行域即为最新的当前运行执行域,此后可以进行正常的中断操作。For example, when an interrupt operation involves switching from the current execution domain to the target execution domain, the execution domain identifier can identify the target execution domain, and if the current execution domain is inconsistent with the target execution domain, it can be considered that the interruption is abnormal. At this time, the interrupt controller may generate a MEXG interrupt signal to control the processor core to trigger switching from the current execution domain to the target execution domain. Subsequently, the running execution domain after switching is the latest current running execution domain, after which normal interrupt operations can be performed.
例如,参见图3,当前运行执行域可以为执行域X,目标执行域可以为执行域Y。For example, referring to FIG. 3 , the current execution domain may be execution domain X, and the target execution domain may be execution domain Y.
如此,根据本公开的至少一实施例的中断处理方法可以在中断异常时进行执行域的切换,以促进中断操作。In this way, the interrupt handling method according to at least one embodiment of the present disclosure can switch the execution domain when the interrupt is abnormal, so as to facilitate the interrupt operation.
例如,根据本公开的至少一实施例的中断处理方法,还包括:在处理器核被上下文切换中断信号中断之后,提供目标执行域的执行域标识符。例如,参见图3,在处理器核被MEXG中断信号中断之后,中断控制器(ACLINT/PLIC)的上下文切换寄存器(例如,MEXGx寄存器或其他合适的寄存器)可以存储有目标执行域的执行域标识符,可以由软件根据业务需要分别查询中断控制器(ACLINT/PLIC)的上下文切换寄存器,以获取需要切换到的目标执行域的执行域标识符(例如参见图3的执行域Y)。For example, the interrupt processing method according to at least one embodiment of the present disclosure further includes: after the processor core is interrupted by the context switching interrupt signal, providing an execution domain identifier of the target execution domain. For example, referring to FIG. 3, after the processor core is interrupted by the MEXG interrupt signal, the context switch register (for example, MEXGx register or other suitable register) of the interrupt controller (ACLINT/PLIC) may store the execution domain identification of the target execution domain The software can query the context switching registers of the interrupt controller (ACLINT/PLIC) according to business needs, so as to obtain the execution domain identifier of the target execution domain to be switched to (for example, refer to execution domain Y in FIG. 3 ).
如此,根据本公开的至少一实施例的中断处理方法可以在中断异常时通过中断控制器的寄存器获取执行域标识符。当然,本公开不以此为限,例如可以通过外部输入、处理器核再次发送、或者查找其他合适的寄存器来实现上述执行域标识符的获取。In this way, the interrupt processing method according to at least one embodiment of the present disclosure can obtain the execution domain identifier through the register of the interrupt controller when the interrupt is abnormal. Of course, the present disclosure is not limited thereto, for example, the acquisition of the above-mentioned execution domain identifier may be realized through external input, retransmission by the processor core, or searching for other suitable registers.
例如,根据本公开的至少一实施例的中断处理方法,基于执行域标识符生成中断信号,包括:响应于基于执行域标识符确定目标执行域和与中断请求信号对应的执行域一致,生成与中断请求的信号对应的中断信号作为中断信号。例如,在涉及从第一执行域到第二执行域的切换的中断操作时,执行域标识符可以标识第二执行域,并且当前运行执行域为第二执行域,此时,可以认为不存在中断异常,中断控制器可以直接生成中断信号来促使处理器核进行中断处理。For example, in the interrupt processing method according to at least one embodiment of the present disclosure, generating the interrupt signal based on the execution domain identifier includes: in response to determining that the target execution domain is consistent with the execution domain corresponding to the interrupt request signal based on the execution domain identifier, generating a The interrupt signal corresponding to the interrupt request signal is used as the interrupt signal. For example, when an interrupt operation involving switching from the first execution domain to the second execution domain, the execution domain identifier can identify the second execution domain, and the current running execution domain is the second execution domain, at this time, it can be considered that there is no For interrupt exceptions, the interrupt controller can directly generate an interrupt signal to prompt the processor core to perform interrupt processing.
例如,根据本公开的至少一实施例的中断处理方法,还包括:接收由处理器发送的当前处理器核的特权模式和执行域标识符,并且根据特权模式陷入指令/特权模式解除指令和执行域标识符的变化而实时更新,以基于该更新进行中断操作。例如,特权模式陷入指令可以用于从低特权模式陷入(trap)到机器模式。例如,在RISC-V架构中,特权模式陷入指令/特权模式解除指令可以为ECALL/xRET(sret/mret),然而本公开的实施例不限于此,在其他架构中,可以存着其他的特权模式陷入指令/特权模式解除指令。处理器将当前Hart的特权模式和执行域标识符送往中断控制器,并且根据ECALL/xRET(sret/mret)和执行域标识符的变化而实时更新,中断控制器基于这些更新后的信息触发中断。如此,根据本公开的至少一实施例的中断处理方法可以实时更新相应的特权模式和执行域标识符,以经由中断控制器促进中断操作。For example, the interrupt processing method according to at least one embodiment of the present disclosure further includes: receiving the privileged mode and execution domain identifier of the current processor core sent by the processor, and according to the privileged mode trapping instruction/privileged mode release instruction and execution The domain identifier is updated in real time to interrupt operations based on the update. For example, a privileged mode trap instruction may be used to trap from a low privileged mode to machine mode. For example, in the RISC-V architecture, the privileged mode trap instruction/privileged mode release instruction can be ECALL/xRET (sret/mret), but the embodiments of the present disclosure are not limited thereto, in other architectures, there may be other privileges Mode trap command/privileged mode release command. The processor sends the current Hart's privileged mode and execution domain identifier to the interrupt controller, and updates in real time according to the changes of ECALL/xRET (sret/mret) and execution domain identifier, and the interrupt controller triggers based on these updated information interruption. As such, the interrupt handling method according to at least one embodiment of the present disclosure can update corresponding privileged mode and execution domain identifiers in real time to facilitate interrupt operations via the interrupt controller.
与上述根据本公开的至少一实施例的处理方法相对应地,本公开的至少一实施例提供了一种中断控制器,参见图8B。在其他方面,该中断控制器例如与参见图2、图5描述的中断控制器(例如核本地中断控制器/平台级中断控制器)相对应。Corresponding to the above processing method according to at least one embodiment of the present disclosure, at least one embodiment of the present disclosure provides an interrupt controller, see FIG. 8B . In other respects, the interrupt controller corresponds to, for example, the interrupt controllers described with reference to FIG. 2 and FIG. 5 (eg, core-local interrupt controller/platform-level interrupt controller).
图8B示出了根据本公开的至少一实施例的中断控制器850的示意图。FIG. 8B shows a schematic diagram of an interrupt controller 850 according to at least one embodiment of the present disclosure.
参见图8B,中断控制器850包括接收单元860以及中断操作单元870。Referring to FIG. 8B , the interrupt controller 850 includes a receiving unit 860 and an interrupt operating unit 870 .
接收单元860被配置为接收执行域标识符,其中,执行域标识符标识中断处理的目标执行域。The receiving unit 860 is configured to receive an execution domain identifier, wherein the execution domain identifier identifies a target execution domain of the interrupt processing.
中断操作单元870被配置为基于执行域标识符进行中断操作。The interrupt operation unit 870 is configured to perform an interrupt operation based on the execution domain identifier.
如此,根据本公开的至少一实施例的中断处理器可以基于执行域标识符进行中断操作,可以实现基于执行域的安全及高效的中断处理。In this way, the interrupt handler according to at least one embodiment of the present disclosure can perform interrupt operations based on the execution domain identifier, and can realize safe and efficient interrupt processing based on the execution domain.
下面描述根据本公开的至少一实施例的中断处理方法的一些示例性的附加方面。Some exemplary additional aspects of the interrupt handling method according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的中断控制器,中断操作单元还被配置为基于执行域标识符生成中断信号。For example, according to the interrupt controller in at least one embodiment of the present disclosure, the interrupt operation unit is further configured to generate an interrupt signal based on the execution domain identifier.
例如,根据本公开的至少一实施例的中断控制器,中断操作单元还被配置为仅触发机器模式和当前运行执行域的中断,并且根据基于中断信号的中断的设置状态来分别在安全监视器和操作系统内核里进行处理。For example, according to the interrupt controller according to at least one embodiment of the present disclosure, the interrupt operation unit is further configured to only trigger the interrupt of the machine mode and the current running execution domain, and according to the setting state of the interrupt based on the interrupt signal, respectively in the security monitor and the operating system kernel for processing.
例如,根据本公开的至少一实施例的中断控制器,中断操作单元还被配置为:响应于基于执行域标识符确定当前运行执行域和与中断请求信号对应的执行域不一致,生成上下文切换中断信号,上下文切换中断信号用于触发从当前运行执行域到与中断请求信号对应的执行域的切换;以及响应于从当前运行执行域到与中断请求信号对应的执行域的切换,生成与中断请求的信号对应的中断信号作为中断信号。For example, according to the interrupt controller in at least one embodiment of the present disclosure, the interrupt operation unit is further configured to: generate a context switch interrupt in response to determining that the current running execution domain is inconsistent with the execution domain corresponding to the interrupt request signal based on the execution domain identifier signal, the context switch interrupt signal is used to trigger switching from the currently running execution domain to the execution domain corresponding to the interrupt request signal; and in response to switching from the currently running execution domain to the execution domain corresponding to the interrupt request signal, generate an interrupt request The interrupt signal corresponding to the signal is used as the interrupt signal.
例如,根据本公开的至少一实施例的中断控制器,还包括上下文切换寄存器,并且中断操作单元还被配置为在处理器核被上下文切换中断信号中断之后,查询上下文切换寄存器以提供目标执行域的执行域标识符。For example, the interrupt controller according to at least one embodiment of the present disclosure further includes a context switch register, and the interrupt operation unit is further configured to query the context switch register to provide the target execution domain after the processor core is interrupted by the context switch interrupt signal The execution domain identifier.
例如,根据本公开的至少一实施例的中断控制器,中断操作单元还被配置为响应于基于执行域标识符确定目标执行域和与中断请求信号对应的执行域一致,生成与中断请求的信号对应的中断信号作为中断信号。For example, according to the interrupt controller of at least one embodiment of the present disclosure, the interrupt operation unit is further configured to generate a signal corresponding to the interrupt request in response to determining that the target execution domain is consistent with the execution domain corresponding to the interrupt request signal based on the execution domain identifier The corresponding interrupt signal is used as an interrupt signal.
例如,根据本公开的至少一实施例的中断控制器,接收单元还被配置为接收由处理器发送的当前处理器核的特权模式和执行域标识符,并且中断操作单元还被配置为根据特权模式陷入指令/特权模式解除指令和执行域标识符的变化而实时更新,以基于更新进行中断操作。For example, according to the interrupt controller in at least one embodiment of the present disclosure, the receiving unit is further configured to receive the privilege mode and execution domain identifier of the current processor core sent by the processor, and the interrupt operation unit is further configured to The mode trapping instruction/privileged mode release instruction and the change of the execution domain identifier are updated in real time to perform interrupt operations based on the update.
上述根据本公开的至少一实施例的中断控制器850的附加方面可以与根据本公开的至少一实施例的中断处理方法800的附加方面相对应,因此根据本公开的至少一实施例的中断处理方法800的附加方面的技术效果同样可以映射到根据本公开的至少一实施例的中断控制器850的附加方面,在此不再赘述。The above additional aspects of the interrupt controller 850 according to at least one embodiment of the present disclosure may correspond to the additional aspects of the interrupt processing method 800 according to at least one embodiment of the present disclosure, so the interrupt processing according to at least one embodiment of the present disclosure The technical effects of the additional aspects of the method 800 can also be mapped to the additional aspects of the interrupt controller 850 according to at least one embodiment of the present disclosure, which will not be repeated here.
另外,上述根据本公开的至少一实施例的中断控制器的附加方面仅是示例性的,可以通过其他架构来实现上述中断控制器的附加方面并且可以参考或结合例如如上结合图2、图5描述的各个方面。In addition, the above-mentioned additional aspects of the interrupt controller according to at least one embodiment of the present disclosure are only exemplary, and the above-mentioned additional aspects of the interrupt controller can be implemented through other architectures and can be referred to or combined with, for example, the above in conjunction with FIG. 2 and FIG. 5 aspects of the description.
图9A示出了根据本公开的至少一实施例的操作高速缓存的方法的流程图。该操作高速缓存的方法例如可以在参见图2描述的隔离模型中、参见图6描述的高速缓存或者其他合适的处理器系统架构中实现。参见图9A,该操作高速缓存的方法包括步骤S910至步骤S920。FIG. 9A shows a flowchart of a method of operating a cache according to at least one embodiment of the present disclosure. The method for operating the cache can be implemented, for example, in the isolation model described with reference to FIG. 2 , the cache described with reference to FIG. 6 , or other suitable processor system architectures. Referring to FIG. 9A, the method for operating a cache includes steps S910 to S920.
在步骤S910中,接收访问高速缓存的事务的执行域状态信息,其中,执行域状态信息与事务的执行域相关联。例如,执行域状态信息可以与事务的目标地址空间所属的执行域相关联或者与事务所属的执行域相关联。例如,这里的执行域状态信息可以包括执行域标识符和/或非安全标识信息。执行域标识符用于标识执行域,非安全标识信息可以标识该执行域是否安全或可信。例如,参见图6,可以接收访问数据高速缓存的事务的执行域状态信息,事务可以涉及该数据高速缓存的读取、写入、逐出等操作。In step S910, the execution domain state information of the transaction accessing the cache is received, wherein the execution domain state information is associated with the execution domain of the transaction. For example, the execution domain state information may be associated with the execution domain to which the target address space of the transaction belongs or associated with the execution domain to which the transaction belongs. For example, the execution domain state information here may include an execution domain identifier and/or non-secure identification information. The execution domain identifier is used to identify the execution domain, and the non-secure identification information can identify whether the execution domain is safe or credible. For example, referring to FIG. 6, execution domain state information of a transaction accessing a data cache may be received, and the transaction may involve operations such as reading, writing, and evicting the data cache.
在步骤S920中,基于执行域状态信息操作高速缓存。例如,可以针对来自不同执行域的事务而相应地采用不同的缓存方式,例如禁止或允许访存操作、缓存在高速缓存的不同存储位置等。例如,参见图6,可以基于DID和NS信息来操作高速缓存,以实现高速缓存的加载和存储操作等。In step S920, the cache is operated based on the execution domain status information. For example, different cache methods may be adopted correspondingly for transactions from different execution domains, such as prohibiting or allowing memory access operations, caching in different storage locations of the cache, and so on. For example, referring to FIG. 6 , the cache may be operated based on DID and NS information to implement cache load and store operations, and the like.
如此,根据本公开的至少一实施例的操作高速缓存的方法可以基于执行域标识符操作高速缓存,可以实现基于执行域的安全及高效的缓存操作。例如,可以实现基于执行域的细粒度操作,实现细粒度的硬件级别内存保护。In this way, the cache operation method according to at least one embodiment of the present disclosure can operate the cache based on the identifier of the execution domain, and can realize safe and efficient cache operation based on the execution domain. For example, fine-grained operations based on execution domains can be implemented to achieve fine-grained hardware-level memory protection.
下面描述根据本公开的至少一实施例的操作高速缓存的方法的一些示例性的附加方面。Some exemplary additional aspects of a method of operating a cache according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的操作高速缓存的方法,基于执行域状态信息操作高速缓存,包括:在高速缓存中缓存事务的数据或指令且记录数据或指令的执行域状态信息。例如,参见图6,可以在数据高速缓存中缓存数据以及相应的DID和NS信息。For example, in the method for operating a cache according to at least one embodiment of the present disclosure, operating the cache based on execution domain status information includes: caching transaction data or instructions in the cache and recording the execution domain status information of the data or instructions. For example, referring to FIG. 6, data and corresponding DID and NS information may be cached in a data cache.
如此,根据本公开的至少一实施例的操作高速缓存的方法可以针对执行域实现细粒度的高速缓存。根据本公开的至少一实施例的操作高速缓存的方法可以在高速缓存中提供用于记录数据或指令的执行域状态信息的空间。然而,实施例不限于此,也可以通过外部空间来记录数据或指令的执行域状态信息。In this way, the method for operating a cache according to at least one embodiment of the present disclosure can implement a fine-grained cache for an execution domain. The method for operating a cache according to at least one embodiment of the present disclosure may provide a space for recording execution domain state information of data or instructions in the cache. However, the embodiment is not limited thereto, and the execution domain status information of data or instructions may also be recorded in an external space.
例如,根据本公开的至少一实施例的操作高速缓存的方法,在高速缓存中缓存事务的数据或指令且记录数据或指令的执行域状态信息,包括:为高速缓存中的缓存数据或指令的缓存行提供用于记录执行域状态信息的空间且在空间中记录数据或指令的对应的执行域状态信息。例如,参见图6,可以为数据高速缓存中的每个缓存行提供空间,并且在空间中记录相应的DID和NS信息。For example, in the method for operating a cache according to at least one embodiment of the present disclosure, cache transaction data or instructions in the cache and record execution domain status information of the data or instructions, including: The cache line provides a space for recording execution domain state information and records corresponding execution domain state information of data or instructions in the space. For example, referring to FIG. 6 , space may be provided for each cache line in the data cache, and corresponding DID and NS information may be recorded in the space.
如此,根据本公开的至少一实施例的操作高速缓存的方法可以针对缓存行为对象提供细粒度的基于执行域标识符和/或非安全标识信息提供高速缓存。In this way, the method for operating a cache according to at least one embodiment of the present disclosure can provide a fine-grained cache based on execution domain identifiers and/or non-secure identification information for cache behavior objects.
例如,根据本公开的至少一实施例的操作高速缓存的方法,为高速缓存中的缓存数据或指令的缓存行提供用于记录执行域状态信息的空间且在空间中记录数据或指令的对应的执行域状态信息,包括:当填充缓存行而由高速缓存向总线发出加载请求时,使能高速缓存往总线送出执行域状态信息。例如,参见图6,当填充缓存行而由数据高速缓存向总线发出加载请求时,例如通过高速缓存控制器使能高速缓存往总线送出DID和NS信息。For example, in the method for operating a cache according to at least one embodiment of the present disclosure, a space for recording execution domain state information is provided for the cache line of cache data or instructions in the cache, and the corresponding data or instructions are recorded in the space. The execution domain state information includes: when the cache line is filled and the cache sends a load request to the bus, the cache is enabled to send the execution domain state information to the bus. For example, referring to FIG. 6 , when a cache line is filled and the data cache sends a load request to the bus, for example, the cache controller enables the cache to send DID and NS information to the bus.
如此,根据本公开的至少一实施例的操作高速缓存的方法可以促进包括DID和NS信息的缓存行的填充。As such, the method of operating a cache according to at least one embodiment of the present disclosure may facilitate filling of cache lines including DID and NS information.
例如,根据本公开的至少一实施例的操作高速缓存的方法,为高速缓存中的缓存数据或指令的缓存行提供用于记录执行域状态信息的空间且在空间中记录数据或指令的对应的执行域状态信息,包括:当处理器有针对高速缓存的缓存行的加载请求或存储请求发出时,使能高速缓存接收包括执行域状态信息与标签信息的信号(以及可选的索引等信息的信号),其中,所述执行域状态信息不用于所述缓存行的匹配。例如,参见图6,当处理器有针对数据高速缓存的缓存行的加载请求或存储请求发出时,例如通过高速缓存控制器使能高速缓存接收包括DID、NS信息、标签(tag)以及可选的索引(index)等信息的信号,以实现对该数据高速缓存的读取、写入操作。例如,信号中附带的DID和NS字段可以不用于缓存行的匹配,匹配规则仍旧按照原有的方式进行。例如,在做高速缓存命中时,可以不检查DID和NS字段,即在匹配时DID和NS字段信息可以不作为标签参与命中操作。For example, in the method for operating a cache according to at least one embodiment of the present disclosure, a space for recording execution domain state information is provided for the cache line of cache data or instructions in the cache, and the corresponding data or instructions are recorded in the space. Execution domain state information, including: when the processor has a load request or a store request for the cache line of the cache, the cache is enabled to receive signals including execution domain state information and tag information (and optional index information, etc. signal), wherein the execution domain state information is not used for matching of the cache line. For example, referring to FIG. 6, when the processor has a load request or a store request for a cache line of the data cache, for example, the cache controller enables the cache to receive information including DID, NS information, tag (tag) and optional The index (index) and other information signals to realize the read and write operations of the data cache. For example, the DID and NS fields attached to the signal may not be used for cache line matching, and the matching rules are still performed in the original manner. For example, when performing a cache hit, the DID and NS fields may not be checked, that is, the DID and NS field information may not be used as tags to participate in the hit operation during matching.
如此,根据本公开的至少一实施例的操作高速缓存的方法可以促进包括DID和NS信息的缓存行的填充。As such, the method of operating a cache according to at least one embodiment of the present disclosure may facilitate filling of cache lines including DID and NS information.
例如,根据本公开的至少一实施例的操作高速缓存的方法,为高速缓存中的缓存数据或指令的缓存行提供用于记录执行域状态信息的空间且在空间中记录数据或指令的对应的执行域状态信息,包括:当高速缓存未命中而进行填充时,将执行域状态信息写入需要填充的缓存行中;当高速缓存命中时,不更新缓存行的执行域状态信息,以及当对应的地址在运行时存在执行域状态信息的变化时,进行清理和无效操作,并且重新按照变化后的执行域状态信息填充缓存行。例如,参见图6,当数据高速缓存未命中而进行填充时,可以将DID和NS信息写入需要填充的缓存行中,以促进对相应的DID和NS信息的存储。又例如,当数据高速缓存命中时,可以不更新缓存行的DID和NS信息,并且响应于对应的地址在运行时存在DID和NS信息的变化,进行清理和无效操作,并且重新按照变化后的DID和NS信息填充缓存行。For example, in the method for operating a cache according to at least one embodiment of the present disclosure, a space for recording execution domain state information is provided for the cache line of cache data or instructions in the cache, and the corresponding data or instructions are recorded in the space. Execution domain state information, including: when the cache misses and is filled, write the execution domain state information into the cache line that needs to be filled; when the cache hits, do not update the execution domain state information of the cache line, and when the corresponding When there is a change in the execution domain state information of the address at runtime, cleanup and invalidation operations are performed, and the cache line is refilled according to the changed execution domain state information. For example, referring to FIG. 6 , when the data cache is filled due to a miss, the DID and NS information can be written into the cache line that needs to be filled, so as to facilitate the storage of the corresponding DID and NS information. For another example, when the data cache hits, the DID and NS information of the cache line may not be updated, and in response to changes in the DID and NS information of the corresponding address during operation, cleanup and invalidation operations are performed, and the changed DID and NS information populate the cache line.
如此,根据本公开的至少一实施例的操作高速缓存的方法可以为高速缓存提供了的记录执行域状态信息的具体方式。In this way, the method for operating a cache according to at least one embodiment of the present disclosure may provide a specific way for the cache to record execution domain state information.
例如,根据本公开的至少一实施例的操作高速缓存的方法,为高速缓存中的缓存数据或指令的缓存行提供用于记录执行域状态信息的空间且在空间中记录数据或指令的对应的执行域状态信息,包括:使能高速缓存发起预取操作时使用上次缓存行对应的执行域标识符。例如,参见图6,可以由数据高速缓存发起预取操作时使用上次缓存行对应的执行域标识符。For example, in the method for operating a cache according to at least one embodiment of the present disclosure, a space for recording execution domain state information is provided for the cache line of cache data or instructions in the cache, and the corresponding data or instructions are recorded in the space. Execution domain status information, including: enabling the cache to use the execution domain identifier corresponding to the last cache line when initiating a prefetch operation. For example, referring to FIG. 6 , the execution domain identifier corresponding to the last cache line may be used when the data cache initiates the prefetch operation.
如此,根据本公开的至少一实施例的操作高速缓存的方法可以促进快速命中对应的数据。In this way, the method for operating a cache according to at least one embodiment of the present disclosure can facilitate fast matching of corresponding data.
例如,根据本公开的至少一实施例的操作高速缓存的方法,还包括:当高速缓存执行清除或逐出操作时,将高速缓存行所带的执行域状态信息一起送出。例如,参见图6,当高速缓存执行清除或逐出操作时,可以将高速缓存行所带的DID和NS信息一起送出,例如送往总线,以写入到内存中。例如,此时需要将高速缓存中的数据写入到内存中,由于需要经总线操作,所以这里需要DID,因此这里的执行域状态信息包括DID和NS信息。然而实施例不限于此,当仅涉及一个执行域的简单系统架构时,DID可以不是必须的。For example, the method for operating a cache according to at least one embodiment of the present disclosure further includes: when the cache executes a clear or evict operation, sending the execution domain status information carried by the cache line together. For example, referring to FIG. 6 , when the cache performs a clear or evict operation, the DID and NS information carried by the cache line can be sent together, for example, to the bus to be written into the memory. For example, at this time, the data in the cache needs to be written into the memory, and since the bus operation is required, a DID is required here, so the execution domain state information here includes DID and NS information. However, the embodiment is not limited thereto, and DID may not be necessary when only one execution domain is involved in a simple system architecture.
如此,根据本公开的至少一实施例的操作高速缓存的方法可以得到带有执行域状态信息的数据,以便其他组件基于执行域状态信息对数据进行进一步地操作。In this way, the method for operating a cache according to at least one embodiment of the present disclosure can obtain data with execution domain status information, so that other components can further operate on the data based on the execution domain status information.
例如,根据本公开的至少一实施例的操作高速缓存的方法,高速缓存包括指令高速缓存、数据高速缓存、二级高速缓存以及最后一级高速缓存(LLC)。For example, according to the method for operating a cache according to at least one embodiment of the present disclosure, the cache includes an instruction cache, a data cache, a second-level cache, and a last-level cache (LLC).
如此,根据本公开的至少一实施例的操作高速缓存的方法可以适用于广泛的高速缓存系统。In this way, the method for operating a cache according to at least one embodiment of the present disclosure can be applied to a wide range of cache systems.
上述与缓存行相关联的实施例例如涉及基于执行域状态信息操作高速缓存的缓存行。然而实施例不限于此,例如,在一些实施例中,在高速缓存中提供用于记录数据或指令的执行域状态信息的空间,包括:为高速缓存中用于缓存数据或指令的缓存组提供用于记录执行域状态信息的空间,以及基于执行域标识符操作缓存组。这里的缓存组包括多个缓存行。在一些示例中,对应于相同执行域状态信息的缓存组可以专用于该相同的执行域。例如,参见图6,可以多个缓存行的data共享一个DID和NS信息。如此,可以提高存储器存储数据或指令的效率。The above-described embodiments associated with cache lines relate, for example, to manipulating cache lines of a cache based on execution domain state information. However, the embodiment is not limited thereto. For example, in some embodiments, providing a space for recording execution domain status information of data or instructions in the cache includes: providing a cache group for caching data or instructions in the cache Space for recording execution domain state information, and for manipulating cache groups based on execution domain identifiers. A cache group here includes multiple cache lines. In some examples, cache groups corresponding to the same execution domain state information may be dedicated to that same execution domain. For example, referring to FIG. 6 , data of multiple cache lines can share one DID and NS information. In this way, the efficiency of storing data or instructions in the memory can be improved.
与上述根据本公开的至少一实施例的操作高速缓存的方法相对应地,本公开的至少一实施例提供了一种高速缓存控制器,参见图9B。在其他方面,该高速缓存控制器例如用于促进实现参见图6描述的高速缓存的各个方面。Corresponding to the above method for operating a cache according to at least one embodiment of the present disclosure, at least one embodiment of the present disclosure provides a cache controller, see FIG. 9B . Among other things, the cache controller is used, for example, to facilitate implementation of various aspects of caching described with reference to FIG. 6 .
图9B示出了根据本公开的至少一实施例的高速缓存控制器950的示意图。FIG. 9B shows a schematic diagram of a cache controller 950 according to at least one embodiment of the present disclosure.
参见图9B,高速缓存控制器950包括接收单元960以及高速缓存操作单元970。Referring to FIG. 9B , the cache controller 950 includes a receiving unit 960 and a cache operating unit 970 .
接收单元960被配置为接收访问高速缓存的事务的执行域状态信息,其中,执行域状态信息与事务的执行域相关联。The receiving unit 960 is configured to receive execution domain state information of a transaction accessing the cache, wherein the execution domain state information is associated with the execution domain of the transaction.
高速缓存操作单元970被配置为基于执行域状态信息操作高速缓存。The cache operation unit 970 is configured to operate the cache based on the execution domain status information.
如此,根据本公开的至少一实施例的高速缓存控制器可以基于执行域标识符操作高速缓存,可以实现基于执行域的安全及高效的缓存操作。例如,可以实现基于执行域的细粒度操作,实现细粒度的硬件级别内存保护。In this way, the cache controller according to at least one embodiment of the present disclosure can operate the cache based on the execution domain identifier, and can implement safe and efficient cache operations based on the execution domain. For example, fine-grained operations based on execution domains can be implemented to achieve fine-grained hardware-level memory protection.
下面描述根据本公开的至少一实施例的高速缓存控制器的一些示例性的附加方面。Some exemplary additional aspects of a cache controller according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的高速缓存控制器,高速缓存操作单元还被配置为:在高速缓存中缓存事务的数据或指令且记录数据或指令的执行域状态信息。For example, according to the cache controller in at least one embodiment of the present disclosure, the cache operation unit is further configured to: cache transaction data or instructions in the cache and record execution domain state information of the data or instructions.
例如,根据本公开的至少一实施例的高速缓存控制器,高速缓存操作单元还被配置为:为高速缓存中的缓存数据或指令的缓存行提供用于记录执行域状态信息的空间且在空间中记录数据或指令的对应的执行域状态信息。For example, according to the cache controller in at least one embodiment of the present disclosure, the cache operation unit is further configured to: provide cache data or instruction cache lines in the cache with a space for recording execution domain state information, and in the space Record the corresponding execution domain state information of the data or instruction.
例如,根据本公开的至少一实施例的高速缓存控制器,高速缓存操作单元还被配置为:当填充缓存行而由高速缓存向总线发出加载请求时,使能高速缓存往总线送出执行域状态信息。For example, according to the cache controller in at least one embodiment of the present disclosure, the cache operation unit is further configured to: enable the cache to send the execution domain state to the bus when the cache line is filled and the cache sends a load request to the bus information.
例如,根据本公开的至少一实施例的高速缓存控制器,高速缓存操作单元还被配置为:当处理器有针对高速缓存的加载请求或存储请求发出时,使能高速缓存接收包括执行域状态信息与标签信息的信号,其中,所述执行域状态信息不用于所述缓存行的匹配。For example, according to the cache controller in at least one embodiment of the present disclosure, the cache operation unit is further configured to: when the processor sends a load request or a store request for the cache, enable the cache to receive information including execution domain status A signal of information and tag information, wherein the execution domain state information is not used for matching of the cache line.
例如,根据本公开的至少一实施例的高速缓存控制器,高速缓存操作单元还被配置为:当高速缓存未命中而进行填充时,将执行域状态信息写入需要填充的缓存行中;当高速缓存命中时,不更新缓存行的执行域状态信息;以及当对应的地址在运行时存在执行域状态信息的变化时,进行清理和无效操作,并且重新按照变化后的执行域状态信息填充缓存行。For example, according to the cache controller in at least one embodiment of the present disclosure, the cache operation unit is further configured to: when filling the cache due to a miss, write the execution domain state information into the cache line that needs to be filled; When the cache hits, do not update the execution domain state information of the cache line; and when the corresponding address has a change in the execution domain state information during operation, perform cleanup and invalidation operations, and refill the cache according to the changed execution domain state information OK.
例如,根据本公开的至少一实施例的高速缓存控制器,高速缓存操作单元还被配置为:使能高速缓存发起预取操作时使用上次缓存行对应的执行域标识符。For example, according to the cache controller in at least one embodiment of the present disclosure, the cache operation unit is further configured to: enable the cache to use the execution domain identifier corresponding to the last cache line when initiating a prefetch operation.
例如,根据本公开的至少一实施例的高速缓存控制器,高速缓存操作单元还被配置为:当高速缓存执行清除或逐出操作时,将高速缓存行所带的执行域状态信息一起送出。For example, according to the cache controller in at least one embodiment of the present disclosure, the cache operation unit is further configured to: when the cache executes a clear or evict operation, send the execution domain state information carried by the cache line together.
例如,根据本公开的至少一实施例的高速缓存控制器,高速缓存包括指令高速缓存、数据高速缓存、二级高速缓存以及最后一级高速缓存。For example, according to the cache controller of at least one embodiment of the present disclosure, the cache includes an instruction cache, a data cache, a second-level cache, and a last-level cache.
上述根据本公开的至少一实施例的高速缓存控制器950的附加方面可以与根据本公开的至少一实施例的操作高速缓存的方法900的附加方面相对应,因此根据本公开的至少一实施例的操作高速缓存的方法900的附加方面的技术效果同样可以映射到根据本公开的至少一实施例的高速缓存控制器950的附加方面,在此不再赘述。The above additional aspects of the cache controller 950 according to at least one embodiment of the present disclosure may correspond to the additional aspects of the method 900 for operating a cache according to at least one embodiment of the present disclosure, so according to at least one embodiment of the present disclosure The technical effects of the additional aspects of the method 900 for operating a cache can also be mapped to the additional aspects of the cache controller 950 according to at least one embodiment of the present disclosure, which will not be repeated here.
另外,上述根据本公开的至少一实施例的中断控制器的附加方面仅是示例性的,可以通过其他架构来实现上述高速缓存控制器的附加方面并且可以参考或结合例如如上结合图2、图6描述的各个方面。In addition, the above-mentioned additional aspects of the interrupt controller according to at least one embodiment of the present disclosure are only exemplary, and the above-mentioned additional aspects of the cache controller can be implemented through other architectures and can be referred to or combined with, for example, the above in conjunction with FIG. 2 and FIG. 6 describe various aspects.
图10A示出了根据本公开的至少一实施例的操作翻译后备缓冲器的方法的流程图。该操作翻译后备缓冲器例如可以在参见图2描述的隔离模型中、参见上文描述的翻译后备缓冲器或者其他合适的处理器系统架构中实现。参见图10A,该操作翻译后备缓冲器的方法包括步骤S1010至步骤S1020。FIG. 10A shows a flowchart of a method of operating a translation lookaside buffer according to at least one embodiment of the present disclosure. The operation of the translation lookaside buffer can be implemented, for example, in the isolation model described with reference to FIG. 2 , in the translation lookaside buffer described above, or in other suitable processor system architectures. Referring to FIG. 10A , the method for operating the translation lookaside buffer includes steps S1010 to S1020.
在步骤S1010中,接收访问翻译后备缓冲器的事务的执行域状态信息,其中,执行域状态信息与事务的执行域相关联。例如,执行域状态信息可以与事务的目标地址空间所属的执行域相关联或者与事务所属的执行域相关联。例如,这里的执行域状态信息可以包括执行域标识符和/或非安全标识信息。执行域标识符用于标识执行域,非安全标识信息可以标识该执行域是否安全或可信。In step S1010, the execution domain state information of the transaction accessing the translation lookaside buffer is received, wherein the execution domain state information is associated with the execution domain of the transaction. For example, the execution domain state information may be associated with the execution domain to which the target address space of the transaction belongs or associated with the execution domain to which the transaction belongs. For example, the execution domain state information here may include an execution domain identifier and/or non-secure identification information. The execution domain identifier is used to identify the execution domain, and the non-secure identification information can identify whether the execution domain is safe or credible.
在步骤S1020中,基于执行域状态信息操作翻译后备缓冲器。例如,可以针对来自不同执行域的事务而相应地操作翻译后备缓冲器。In step S1020, the translation lookaside buffer is operated based on the execution domain state information. For example, translation lookaside buffers may be manipulated accordingly for transactions from different execution domains.
如此,根据本公开的至少一实施例的操作翻译后备缓冲器的方法可以基于执行域标识符操作翻译后备缓冲器,可以实现基于执行域的安全及高效的地址翻译操作。例如,可以实现基于执行域的细粒度操作,实现细粒度的硬件级别内存保护。In this way, the method for operating the translation lookaside buffer according to at least one embodiment of the present disclosure can operate the translation lookaside buffer based on the execution domain identifier, and can realize safe and efficient address translation operations based on the execution domain. For example, fine-grained operations based on execution domains can be implemented to achieve fine-grained hardware-level memory protection.
下面描述根据本公开的至少一实施例的操作翻译后备缓冲器的方法的一些示例性的附加方面。Some exemplary additional aspects of a method of operating a translation lookaside buffer according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的操作翻译后备缓冲器的方法,基于执行域状态信息操作翻译后备缓冲器,包括:在操作翻译后备缓冲器中记录事务的执行域状态信息。当然,本公开的实施例不限于此,可以通过在翻译后备缓冲器外部记录事务的执行域状态信息。For example, in the method for operating a translation lookaside buffer according to at least one embodiment of the present disclosure, operating the translation lookaside buffer based on execution domain state information includes: recording execution domain state information of a transaction in the operation translation lookaside buffer. Of course, the embodiments of the present disclosure are not limited thereto, and the transaction execution domain state information may be recorded outside the translation lookaside buffer.
如此,根据本公开的至少一实施例的操作翻译后备缓冲器的方法可以实现翻译后备缓冲器内部执行域状态信息的存储,以促进后续基于执行域状态信息的查询操作。In this way, the method for operating the translation lookaside buffer according to at least one embodiment of the present disclosure can realize the storage of execution domain state information inside the translation lookaside buffer, so as to facilitate subsequent query operations based on the execution domain state information.
例如,根据本公开的至少一实施例的操作翻译后备缓冲器的方法,在操作翻译后备缓冲器中记录事务的执行域状态信息,包括:在翻译后备缓冲器中提供用于记录执行域状态信息的空间。例如,如上文所述,翻译后备缓冲器(TLB)可以通过额外的空间来记录DID字段。然而,实施例不限于此,也可以通过外部空间来记录执行域状态信息。For example, in the method for operating a translation lookaside buffer according to at least one embodiment of the present disclosure, recording the execution domain state information of a transaction in the operation translation lookaside buffer includes: providing the translation lookaside buffer for recording the execution domain state information Space. For example, a translation lookaside buffer (TLB) may record the DID field with additional space, as described above. However, the embodiment is not limited thereto, and the execution domain state information may also be recorded in an external space.
如此,根据本公开的至少一实施例的操作翻译后备缓冲器的方法可以促进在操作翻译后备缓冲器中记录事务的执行域状态信息。In this way, the method for operating a translation lookaside buffer according to at least one embodiment of the present disclosure can facilitate recording execution domain state information of a transaction in the operation translation lookaside buffer.
例如,根据本公开的至少一实施例的操作翻译后备缓冲器的方法,在翻译后备缓冲器中提供用于记录执行域状态信息的空间,包括:在翻译后备缓冲器中提供用于保存执行域状态信息以及地址空间标识符作为翻译后备缓冲器的条目的标签或标签的组成部分。例如,如上文所述,可以在翻译后备缓冲器中保存DID信息和地址空间标识符作为其条目的标签。For example, in the method for operating a translation lookaside buffer according to at least one embodiment of the present disclosure, providing a space for recording execution domain state information in the translation lookaside buffer includes: providing a space for saving execution domain status in the translation lookaside buffer The state information as well as the address space identifier are included as tags or as part of tags of the entries of the translation lookaside buffer. For example, as described above, DID information and address space identifiers may be stored in the translation lookaside buffer as tags of its entries.
如此,根据本公开的至少一实施例的操作翻译后备缓冲器的方法提供了具体地方式来促进在操作翻译后备缓冲器中记录事务的执行域状态信息。As such, the method of manipulating a translation lookaside buffer according to at least one embodiment of the present disclosure provides a specific way to facilitate recording execution domain state information of a transaction in the manipulating translation lookaside buffer.
例如,根据本公开的至少一实施例的操作翻译后备缓冲器的方法,基于执行域状态信息操作翻译后备缓冲器,包括:在匹配到执行域状态信息以及地址空间标识符时,继续查询翻译后备缓冲器以确定是否匹配翻译后备缓冲器中的条目。例如,如上文所述,可以在翻译后备缓冲器中保存DID信息和地址空间标识符作为其条目的标签,并且只有DID信息和ASID匹配的情况下才命中翻译后备缓冲器的条目。For example, in the method for operating a translation lookaside buffer according to at least one embodiment of the present disclosure, operating the translation lookaside buffer based on the execution domain state information includes: when the execution domain state information and the address space identifier are matched, continue to query the translation lookaside buffer to determine if there is a match for an entry in the translation lookaside buffer. For example, as mentioned above, the DID information and the address space identifier may be stored in the translation lookaside buffer as tags of its entries, and the entry of the translation lookaside buffer is hit only when the DID information and the ASID match.
如此,根据本公开的至少一实施例的操作翻译后备缓冲器的方法增加了DID信息和ASID作为命中条件之一,并且常规的TLB查询命中可以保持不变,在对翻译后备缓冲器具有较少改动的情况下促进基于执行域状态信息的地址翻译操作。In this way, the method for operating the translation lookaside buffer according to at least one embodiment of the present disclosure adds DID information and ASID as one of the hit conditions, and conventional TLB query hits can remain unchanged, with less input to the translation lookaside buffer. Facilitates address translation operations based on domain state information in case of change.
例如,根据本公开的至少一实施例的操作翻译后备缓冲器的方法,还包括:使用内存屏障指令,确保完成之前的页表项(PTE)操作,以及控制翻译后备缓冲器的清除操作。例如,如上文所述,可以同时引入一条内存屏障指令(MFENCE.VMA指令)来确保完成之前的PTE操作,同时控制翻译后备缓冲器的清除。For example, the method for operating the translation lookaside buffer according to at least one embodiment of the present disclosure further includes: using a memory barrier instruction to ensure completion of previous page table entry (PTE) operations, and controlling clearing of the translation lookaside buffer. For example, as mentioned above, a memory barrier instruction (MFENCE.VMA instruction) can be introduced at the same time to ensure that the previous PTE operation is completed, and at the same time control the clearing of the translation lookaside buffer.
如此,根据本公开的至少一实施例的操作翻译后备缓冲器的方法可以保证相应的地址翻译操作的顺利完成。In this way, the method for operating the translation lookaside buffer according to at least one embodiment of the present disclosure can ensure the smooth completion of the corresponding address translation operation.
例如,根据本公开的至少一实施例的操作翻译后备缓冲器的方法,内存屏障指令在机器模式执行,并且在其他特权模式执行时出现指令异常。For example, according to the method for operating the translation lookaside buffer in at least one embodiment of the present disclosure, the memory barrier instruction is executed in a machine mode, and an instruction exception occurs when executed in other privileged modes.
如此,根据本公开的至少一实施例的操作翻译后备缓冲器的方法由于仅在机器模式执行而可以保证系统的安全性。In this way, the method for operating the translation lookaside buffer according to at least one embodiment of the present disclosure can ensure system security because it is only executed in machine mode.
与上述根据本公开的至少一实施例的操作翻译后备缓冲器的方法相对应地,本公开的至少一实施例提供了一种翻译后备缓冲器控制器,参见图10B。在其他方面,该翻译后备缓冲器控制器例如用于促进实现上文描述的翻译后备缓冲器的各个方面。Corresponding to the above method for operating a translation lookaside buffer according to at least one embodiment of the present disclosure, at least one embodiment of the present disclosure provides a translation lookaside buffer controller, see FIG. 10B . In other aspects, the translation lookaside buffer controller is used, for example, to facilitate implementing various aspects of the translation lookaside buffer described above.
图10B示出了根据本公开的至少一实施例的翻译后备缓冲器控制器1050的示意图。FIG. 10B shows a schematic diagram of a translation lookaside buffer controller 1050 according to at least one embodiment of the present disclosure.
参见图10B,翻译后备缓冲器控制器1050包括接收单元1060以及翻译后备缓冲器控制器操作单元1070。Referring to FIG. 10B , the translation lookaside buffer controller 1050 includes a receiving unit 1060 and a translation lookaside buffer controller operating unit 1070 .
接收单元1060被配置为接收访问翻译后备缓冲器的事务的执行域状态信息,其中,执行域状态信息与事务的执行域相关联。The receiving unit 1060 is configured to receive execution domain state information of a transaction accessing the translation lookaside buffer, wherein the execution domain state information is associated with the execution domain of the transaction.
翻译后备缓冲器控制器操作单元1070被配置为基于执行域状态信息操作翻译后备缓冲器。The translation lookaside buffer controller operating unit 1070 is configured to operate the translation lookaside buffer based on the execution domain state information.
如此,根据本公开的至少一实施例的翻译后备缓冲器控制器可以基于执行域标识符操作翻译后备缓冲器,可以实现基于执行域的安全及高效的地址翻译操作。例如,可以实现基于执行域的细粒度操作,实现细粒度的硬件级别内存保护。In this way, the translation lookaside buffer controller according to at least one embodiment of the present disclosure can operate the translation lookaside buffer based on the execution domain identifier, and can implement safe and efficient address translation operations based on the execution domain. For example, fine-grained operations based on execution domains can be implemented to achieve fine-grained hardware-level memory protection.
下面描述根据本公开的至少一实施例的高速缓存控制器的一些示例性的附加方面。Some exemplary additional aspects of a cache controller according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的翻译后备缓冲器控制器,翻译后备缓冲器控制器操作单元还被配置为:在操作翻译后备缓冲器中记录事务的执行域状态信息。For example, according to the translation lookaside buffer controller in at least one embodiment of the present disclosure, the translation lookaside buffer controller operation unit is further configured to: record the execution domain state information of the transaction in the operation translation lookaside buffer.
例如,根据本公开的至少一实施例的翻译后备缓冲器控制器翻译后备缓冲器控制器操作单元还被配置为:在翻译后备缓冲器中提供保存执行域状态信息以及地址空间标识符作为翻译后备缓冲器的条目的标签或标签的组成部分。For example, the translation lookaside buffer controller translation lookaside buffer controller operation unit according to at least one embodiment of the present disclosure is further configured to: provide the translation lookaside buffer to save the execution domain state information and the address space identifier as a translation lookaside The tag or component of a tag for the buffer's entry.
例如,根据本公开的至少一实施例的翻译后备缓冲器控制器,翻译后备缓冲器控制器操作单元还被配置为:在匹配到执行域状态信息以及地址空间标识符时,继续查询翻译后备缓冲器以确定是否匹配翻译后备缓冲器中的条目。For example, according to the translation lookaside buffer controller in at least one embodiment of the present disclosure, the translation lookaside buffer controller operation unit is further configured to: continue to query the translation lookaside buffer when the execution domain state information and the address space identifier are matched translator to determine if there is a match for an entry in the translation lookaside buffer.
例如,根据本公开的至少一实施例的翻译后备缓冲器控制器,翻译后备缓冲器控制器操作单元还被配置为:使用内存屏障指令,确保完成之前的页表项操作,以及控制翻译后备缓冲器的清除操作。For example, in the translation lookaside buffer controller according to at least one embodiment of the present disclosure, the translation lookaside buffer controller operation unit is further configured to: use a memory barrier instruction to ensure that the previous page table entry operation is completed, and control the translation lookaside buffer device clear operation.
例如,根据本公开的至少一实施例的翻译后备缓冲器控制器,内存屏障指令在机器模式执行,并且在其他特权模式执行时出现指令异常。For example, according to the translation lookaside buffer controller of at least one embodiment of the present disclosure, the memory barrier instruction is executed in machine mode, and an instruction exception occurs when executed in other privileged modes.
例如,根据本公开的至少一实施例的翻译后备缓冲器控制器,执行域状态信息包括执行域标识符和非安全标识信息中的至少一个。For example, according to the translation lookaside buffer controller in at least one embodiment of the present disclosure, the execution domain state information includes at least one of an execution domain identifier and non-secure identification information.
上述根据本公开的至少一实施例的翻译后备缓冲器控制器1050的附加方面可以与根据本公开的至少一实施例的操作翻译后备缓冲器的方法1000的附加方面相对应,因此根据本公开的至少一实施例的操作翻译后备缓冲器的方法1000的附加方面的技术效果同样可以映射到根据本公开的至少一实施例的翻译后备缓冲器控制器1050的附加方面,在此不再赘述。The above additional aspects of the translation lookaside buffer controller 1050 according to at least one embodiment of the present disclosure may correspond to the additional aspects of the method 1000 for operating a translation lookaside buffer according to at least one embodiment of the present disclosure, so according to the present disclosure The technical effects of the additional aspects of the method 1000 for operating the translation lookaside buffer of at least one embodiment can also be mapped to the additional aspects of the translation lookaside buffer controller 1050 according to at least one embodiment of the present disclosure, which will not be repeated here.
另外,上述根据本公开的至少一实施例的中断控制器的附加方面仅是示例性的,可以通过其他架构来实现上述翻译后备缓冲器控制器的附加方面并且可以参考或结合例如上文描述的翻译后备缓冲器的各个方面。In addition, the above-mentioned additional aspects of the interrupt controller according to at least one embodiment of the present disclosure are only exemplary, and the above-mentioned additional aspects of the translation lookaside buffer controller can be implemented through other architectures and can be referred to or combined with, for example, the above-described Aspects of the translation lookaside buffer.
本公开的发明人意识到,虽然有多种基于PMP的飞地方案来实现TEE,但是这些基于PMP的方案没有考虑与片上系统(SOC)级别其他主装置(Master)共存的场景。在真实业务场景中,SOC需要配合处理器(例如CPU)来处理安全和非安全请求。The inventors of the present disclosure realized that although there are various PMP-based enclave solutions to implement TEE, these PMP-based solutions do not consider the scenario of coexistence with other masters (Masters) at the System-on-Chip (SOC) level. In a real business scenario, the SOC needs to cooperate with a processor (such as a CPU) to handle security and non-security requests.
例如,本公开的发明人意识到,可信计算安全解决方案是个系统级的方案,需要在SOC设计时解决多个Master和从装置(Slave)之间的交互问题。例如,可信计算安全解决方案需要同时考虑CPU和其他主装置对从装置的访问隔离问题,在例如基于RISC-V架构的SOC设计中,只使用PMP做CPU的安全防护,来自其他主装置的访问会带来比较大的安全问题。IO-PMP的方案可以部分解决从装置的安全访问问题,但是无法与来自于CPU的多飞地(Multi-Enclave)或者多执行域协调工作。如何解决多飞地与多主装置(Multi-Master)的安全访问问题是可信计算安全解决方案的关键。For example, the inventors of the present disclosure realized that the trusted computing security solution is a system-level solution, and it is necessary to solve the interaction problem between multiple Masters and slaves (Slaves) during SOC design. For example, the trusted computing security solution needs to consider the access isolation of the CPU and other master devices to the slave devices. For example, in the SOC design based on the RISC-V architecture, only the PMP is used for the security protection of the CPU, and the access from other master devices Access will bring relatively large security problems. The IO-PMP solution can partially solve the security access problem of the slave device, but cannot coordinate with the multi-enclave (Multi-Enclave) or multi-execution domain from the CPU. How to solve the security access problem of multi-enclaves and multi-master devices (Multi-Master) is the key to trusted computing security solutions.
本公开的至少一实施例提出了一种基于域标识符(执行域ID或DID)的方案,可以支持多可信执行域,使得SOC主装置和从装置可以根据执行域ID信息处理SOC安全和非安全请求。At least one embodiment of the present disclosure proposes a scheme based on a domain identifier (execution domain ID or DID), which can support multiple trusted execution domains, so that the SOC master device and slave device can process SOC security and Non-secure request.
例如,本公开的至少一实施例提出的基于域标识符的方案可以在多执行域和多主装置场景下,解决安全地址空间访问问题,从而提供SOC级别可信计算安全解决方案。For example, the domain identifier-based solution proposed by at least one embodiment of the present disclosure can solve the problem of secure address space access in the scenario of multiple execution domains and multiple master devices, thereby providing a SOC-level trusted computing security solution.
下面介绍示例性的SOC级别安全模型。An exemplary SOC-level security model is introduced below.
图11示出了根据本公开的至少一实施例的SOC级别的系统架构的示意图。在该系统架构中,可以在SOC级别实现执行域的隔离,因此,参见图11及相关实施例描述的系统架构也被称为SOC级别安全模型。FIG. 11 shows a schematic diagram of an SOC-level system architecture according to at least one embodiment of the present disclosure. In this system architecture, isolation of execution domains can be implemented at the SOC level, therefore, the system architecture described with reference to FIG. 11 and related embodiments is also called the SOC level security model.
该系统架构可以包括主装置侧的主装置以及从装置侧的从装置,主装置和从装置通过系统互联总线进行通信连接。主装置包括处理器核(例如示出为RISC-V核,例如参见上文描述的CPU核)、安全主装置、非安全主装置。从装置包括内存(例如DDR)、SRAM、KMI、计时器(Timer)和非安全计时器(Non-Sec Timer),并且从装置侧部署有安全过滤器(SecurityFilter)。The system architecture may include a master device on the master device side and a slave device on the slave device side, and the master device and the slave devices are connected through a system interconnection bus for communication. The master includes a processor core (eg shown as a RISC-V core, eg see CPU core described above), a secure master, a non-secure master. The slave device includes memory (such as DDR), SRAM, KMI, timer (Timer) and non-secure timer (Non-Sec Timer), and a security filter (SecurityFilter) is deployed on the slave device side.
在该系统架构中,安全主装置、系统互联总线、安全过滤器以及Timer可以被设置为安全的(Secure),非安全主装置以及Non-Sec Timer可以被设置为非安全的(Non-secure),处理器核、DDR、SRAM、KMI可以被认为可以是包括安全的、非安全的混合模式(Mixed)。In this system architecture, the safety master device, system interconnection bus, safety filter and Timer can be set as secure (Secure), and the non-safety master device and Non-Sec Timer can be set as non-safety (Non-secure) , the processor core, DDR, SRAM, and KMI can be considered to include secure and non-secure mixed modes (Mixed).
可以理解的是,在操作中,主装置是系统总线的控制方,能够对从装置进行控制和数据传输。从装置是系统总线上的被控制者,负责接收来自主装置的指令和数据,并向主装置返回响应信息。因此,在不同的业务中,主装置和从装置可以发生改变,因而本公开的实施例的主装置和从装置不以该示例为限。It can be understood that, in operation, the master device is the controller of the system bus and can control and transmit data to the slave devices. The slave device is the controlled person on the system bus, responsible for receiving instructions and data from the master device, and returning response information to the master device. Therefore, in different services, the master device and the slave device may change, so the master device and the slave device in the embodiments of the present disclosure are not limited to this example.
在该系统架构中,RISC-V核或RISC-V CPU和其他主装置可以使用自定义扩展信号来传递执行域ID和/或NS信息到安全过滤器模块,以进行后续操作。In this system architecture, RISC-V cores or RISC-V CPUs and other master devices can use custom extension signals to pass execution domain ID and/or NS information to the security filter module for subsequent operations.
图12示出了根据本公开的至少一实施例的传输执行域ID和/或NS信息的示意图。如前所述,在处理器核(例如RISC-V架构的CPU核)中,任务A、任务B具有用户模式、RTOS具有超级模式并且可以运行在执行域Y的用户模式。可以在执行域0中设置DID,并且执行域0和LLC可以通过PMP/ePMP隔离。在LLC中,可以通过DID进行扩展,例如通过具有DID的标签来实现该扩展,例如参照上文所述的高速缓存隔离和/或参照下文所述的高速缓存优化。Fig. 12 shows a schematic diagram of transmission execution domain ID and/or NS information according to at least one embodiment of the present disclosure. As mentioned above, in a processor core (such as a CPU core of RISC-V architecture), task A and task B have a user mode, and the RTOS has a super mode and can run in the user mode of execution domain Y. DID can be set in execution domain 0, and execution domain 0 and LLC can be isolated by PMP/ePMP. In LLC, extensions may be made by DIDs, for example by tags with DIDs, for example with reference to cache isolation described above and/or with reference to cache optimization described below.
处理器核可以在其部分流水线中传输DID/NS信息。如此,可以促进基于DID/NS信息进行进一步地操作,例如上下文中描述的中断隔离、执行域的上下文切换、高速缓存隔离、高速缓存优化、翻译后备缓冲器隔离等。当DID/NS信息涉及例如外部主装置,参见上文描述的处理器级别的系统架构的各方面(例如中断隔离、上下文切换、高速缓存隔离、翻译后备缓冲器隔离等)可以类似地扩展到这里描述的SOC级别安全模型,在此不再赘述。A processor core can transmit DID/NS information in part of its pipeline. In this way, further operations based on DID/NS information can be facilitated, such as interrupt isolation described in the context, context switching of execution domains, cache isolation, cache optimization, translation lookaside buffer isolation, etc. When the DID/NS information relates to, for example, an external master, aspects of system architecture at the processor level (e.g., interrupt isolation, context switching, cache isolation, translation lookaside buffer isolation, etc.) described above can be similarly extended here The SOC-level security model described above will not be repeated here.
例如,在处理器与主装置交互方面,处理器核可以经由总线接收来自主装置的DID/NS信息。如图所述,核MN可以通过前端口(Front Port)经由来自主装置的DIDXYZ和S/NS,其中DID XYZ可以标识装置的执行域,S/NS可以标识执行域安全/不安全。在后续的步骤中,处理器可以向总线发送DID/NS信息。如图所述,核MN可以将DID XYZ和S/NS发送到总线。For example, in terms of processor interaction with the host device, the processor core may receive DID/NS information from the host device via the bus. As shown in the figure, the core MN can pass the DIDXYZ and S/NS from the main device through the front port (Front Port), wherein the DID XYZ can identify the execution domain of the device, and the S/NS can identify the execution domain safety/unsafety. In subsequent steps, the processor may send DID/NS information to the bus. As shown, the core MN can send DID XYZ and S/NS to the bus.
例如,在处理器内部方面,处理器核可以将相应的执行域的DID/NS信息发送到总线,高速缓存可以将与缓存数据相关的执行域的DID/NS信息发送到总线。如图所述,处理器核可以将执行域Y的执行域标识符DID Y以及相应的NS信息S/NS发送到总线,处理器核可以将执行域0的执行域标识符DID 0以及相应的非安全标识符S发送到总线,LLC将与缓存数据相关的执行域的DID以及相应的NS信息S/NS发送到总线。For example, in terms of inside the processor, the processor core may send the DID/NS information of the corresponding execution domain to the bus, and the cache may send the DID/NS information of the execution domain related to cached data to the bus. As shown in the figure, the processor core can send the execution domain identifier DID Y of the execution domain Y and the corresponding NS information S/NS to the bus, and the processor core can send the execution domain identifier DID 0 of the execution domain 0 and the corresponding The non-secure identifier S is sent to the bus, and the LLC sends the DID of the execution domain related to the cached data and the corresponding NS information S/NS to the bus.
下面介绍示例性的MDID CSR定义。An exemplary MDID CSR definition is presented below.
与上文描述的MDID CSR定义相似或者结合上文描述的MDID CSR定义,可以通过上文的MDID CSR(例如RISC-V核的MDID CSR)定义来为每个执行域配置DID和/或NS信息。在SOC级别的系统架构中,每个主装置和从装置可以各自包括一个或多个执行域。例如,RISC-V核可以包括一个或多个执行域,并且可以为该多个执行域分别配置DID和/或NS信息,又例如,安全主装置可以包括一个执行域,并且可以为该执行域分配DID和/或NS信息(例如标识该执行域安全的NS信息)。Similar to the MDID CSR definition described above or combined with the MDID CSR definition described above, DID and/or NS information can be configured for each execution domain through the above MDID CSR (such as the MDID CSR of the RISC-V core) definition . In a system architecture at the SOC level, each master device and slave device may each include one or more execution domains. For example, the RISC-V core may include one or more execution domains, and DID and/or NS information may be configured for the multiple execution domains respectively. For another example, the security master may include one execution domain, and may configure Allocate DID and/or NS information (eg, NS information identifying the security of the enforcement domain).
下面介绍示例性的信号映射。Exemplary signal mappings are described below.
当处理器核(例如,RISC-V CPU)与外部主装置/从装置交互时,或者主装置与从装置交互时,可以通过总线传输当前事务(例如,读写请求等)对应的执行域ID和NS信息。例如,NS信息的比特可以映射到AXI总线AxPROT[1]来进行NS信息的传输。When the processor core (for example, RISC-V CPU) interacts with an external master device/slave device, or when the master device interacts with a slave device, the execution domain ID corresponding to the current transaction (for example, read and write requests, etc.) can be transmitted through the bus and NS information. For example, the bits of NS information can be mapped to the AXI bus AxPROT[1] to transmit NS information.
表1示出了用于NS信号映射的映射表。Table 1 shows a mapping table for NS signal mapping.
表1Table 1
参见表1,AxPROT[1]的值为0可以指示安全访问,并且AxPROT[1]的值为1可以指示非安全访问。Referring to Table 1, a value of 0 for AxPROT[1] may indicate secure access, and a value of 1 for AxPROT[1] may indicate non-secure access.
DID可以使用AXI用户(AXI User)信号进行传递。例如可以根据执行域ID位宽设置使用1-4比特。在一些示例中,简化的SOC设计可以忽略DID状态,例如在仅需要考虑安全访问和非安全访问的情况下,可以仅使用AxPROT传递NS信息到安全过滤器即可。在一些示例中,简化的SOC设计可以忽略NS状态,例如在仅需要执行域的情况下,可以仅使用AXI用户信号传递DID到安全过滤器即可。DID can be transmitted using AXI User (AXI User) signal. For example, 1-4 bits can be used according to the execution domain ID bit width setting. In some examples, the simplified SOC design can ignore the DID state. For example, in the case where only secure access and non-secure access need to be considered, only AxPROT can be used to pass NS information to the security filter. In some examples, the simplified SOC design can ignore the NS state, for example, in the case where only the execution domain is required, only the AXI user signal can be used to pass the DID to the security filter.
接下来,可以由部署在从装置所在侧的安全过滤器匹配DID和/或NS信息,以确定是否处理相应的事务。Next, the DID and/or NS information can be matched by a security filter deployed on the side of the slave device to determine whether to process the corresponding transaction.
例如,响应于匹配DID,并且NS信息指示执行域安全,可以处理该事务;以及响应于未匹配DID,和/或NS信息指示执行域不安全,禁止处理该事务。又例如,在仅传递NS信息的情况下,响应于匹配NS信息来禁止处理该事务;以及响应于未匹配NS信息来处理事务。又例如,在仅传递DID信息的情况下,响应于匹配DID信息来处理该事务;以及响应于未匹配DID信息来禁止处理该事务。在一些实施例中,可以通过用于包括DID和/或NS信息的黑名单或白名单、或者其他判断机制来判断是否禁止处理事务。For example, in response to a DID being matched, and the NS information indicating that the execution domain is secure, the transaction may be processed; and in response to a DID not being matched, and/or the NS information indicating that the execution domain is not secure, processing of the transaction is prohibited. For another example, in case only NS information is passed, the transaction is prohibited from being processed in response to matching NS information; and the transaction is processed in response to non-matching NS information. For another example, in case only DID information is delivered, the transaction is processed in response to matching DID information; and processing of the transaction is prohibited in response to non-matching DID information. In some embodiments, whether to prohibit processing a transaction may be determined through a blacklist or whitelist including DID and/or NS information, or other determination mechanisms.
例如,安全过滤器可以由IO-PMP技术或其他合适的技术来实现。For example, the security filter may be implemented by IO-PMP technology or other suitable technologies.
本公开的上述实施例中以安全过滤器来决定是否禁止处理事务。然而,本公开不以此为限,也可以通过从装置的其他组件来基于DID和/或NS来决定是否禁止处理事务。In the above embodiments of the present disclosure, a security filter is used to determine whether to prohibit transaction processing. However, the present disclosure is not limited thereto, and other components of the slave device may also determine whether to prohibit transaction processing based on the DID and/or NS.
下面介绍示例性的高速缓存优化。Exemplary cache optimizations are described below.
与上文描述的高速缓存隔离相似或者结合上文描述的高速缓存隔离,每级高速缓存可以进行执行域ID扩展,高速缓存在执行预取和逐出操作时,可以做为一个独立的主装置发起事务操作,这时可以将高速缓存的缓存行所带的DID和NS字段一起送至外部总线。Similar to the cache isolation described above or combined with the cache isolation described above, each level of cache can perform domain ID extension, and the cache can be used as an independent master device when performing prefetch and eviction operations Initiate a transaction operation, at this time, the DID and NS fields carried by the cache line of the cache can be sent to the external bus together.
对于高速缓存的预取功能,可以使用上次缓存行对应的DID发起预取操作,如果IO-PMP拒绝操作,预取模块直接忽略这一错误。For the cache prefetch function, the DID corresponding to the last cache line can be used to initiate a prefetch operation. If the IO-PMP rejects the operation, the prefetch module directly ignores this error.
根据本公开的至少一实施例,提供了基于执行域ID的机制,以构建SOC级别的安全执行域。根据本公开的至少一实施例,提供了高速缓存的优化技术,减少高速缓存设计的复杂度。According to at least one embodiment of the present disclosure, a mechanism based on an execution domain ID is provided to construct a security execution domain at the SOC level. According to at least one embodiment of the present disclosure, cache optimization technology is provided to reduce the complexity of cache design.
基于以上示例性的系统架构的描述,本公开的至少一实施例提供了SOC级别的安全执行域。Based on the description of the exemplary system architecture above, at least one embodiment of the present disclosure provides a security execution domain at the SOC level.
图13A示出了根据本公开的至少一实施例的处理方法的流程图。该处理方法例如可以在参见图11描述的片上系统中或者其他合适的系统架构中实现。参见图13A,该处理方法包括步骤S1310至步骤S1320。FIG. 13A shows a flowchart of a processing method according to at least one embodiment of the present disclosure. The processing method can be implemented, for example, in the system on chip described with reference to FIG. 11 or in other suitable system architectures. Referring to Fig. 13A, the processing method includes step S1310 to step S1320.
在步骤S1310中,由主装置通过系统总线发出执行域状态信息,执行域状态信息与事务的执行域相关联。例如,执行域状态信息可以与事务的目标地址空间所属的执行域相关联或者与事务所属的执行域相关联。例如,这里的执行域状态信息可以包括执行域标识符和/或非安全标识信息。执行域标识符用于标识执行域,非安全标识信息可以标识该执行域是否安全或可信。In step S1310, the master device sends execution domain status information through the system bus, and the execution domain status information is associated with the execution domain of the transaction. For example, the execution domain state information may be associated with the execution domain to which the target address space of the transaction belongs or associated with the execution domain to which the transaction belongs. For example, the execution domain state information here may include an execution domain identifier and/or non-secure identification information. The execution domain identifier is used to identify the execution domain, and the non-secure identification information can identify whether the execution domain is safe or credible.
在步骤S1320中,由从装置通过系统总线接收执行域状态信息,并基于匹配执行域状态信息的结果来确定是否处理事务。In step S1320, the slave device receives the execution domain status information through the system bus, and determines whether to process the transaction based on the result of matching the execution domain status information.
例如,参见图11,主装置可以是处理器核(例如示出为RISC-V核)、安全主装置、非安全主装置,从装置可以是内存(例如DDR)、SRAM、KMI、Timer和Non-Sec Timer。For example, referring to FIG. 11, the master can be a processor core (such as shown as a RISC-V core), a secure master, a non-secure master, and the slave can be memory (such as DDR), SRAM, KMI, Timer, and Non- -Sec Timer.
如此,根据本公开的至少一实施例的处理方法可以构建SOC级别的安全执行域。In this way, the processing method according to at least one embodiment of the present disclosure can construct a security execution domain at the SOC level.
下面描述根据本公开的至少一实施例的处理方法的一些示例性的附加方面。Some exemplary additional aspects of the processing method according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的处理方法,执行域状态信息包括执行域标识符和非安全标识信息,并且基于匹配执行域状态信息的结果来确定是否处理事务,包括:响应于匹配执行域标识符并且非安全标识信息指示执行域安全,处理事务;以及响应于未匹配执行域标识符和/或非安全标识信息指示执行域不安全,禁止处理事务。如此,根据本公开的至少一实施例的处理方法可以基于执行域标识符并且非安全标识信息的匹配结果来确定是否事务的处理,促进了SOC级别的安全执行域。For example, according to the processing method of at least one embodiment of the present disclosure, the execution domain state information includes the execution domain identifier and non-secure identification information, and determining whether to process the transaction based on the result of matching the execution domain state information includes: responding to the matching execution The domain identifier and the non-secure identification information indicate that the execution domain is secure, processing the transaction; and in response to a mismatch of the execution domain identifier and/or the non-secure identification information indicating that the execution domain is not secure, processing the transaction is prohibited. In this way, the processing method according to at least one embodiment of the present disclosure can determine whether to process the transaction based on the matching result of the execution domain identifier and the non-security identification information, which promotes the security execution domain at the SOC level.
例如,根据本公开的至少一实施例的处理方法,执行域状态信息包括非安全标识信息,并且基于匹配执行域状态信息的结果来确定是否处理事务,包括:响应于匹配非安全标识信息指示执行域不安全来禁止处理事务;以及响应于未匹配非安全标识信息指示执行域不安全来处理事务。如此,根据本公开的至少一实施例的处理方法可以基于执行域标识符的匹配结果来确定是否事务的处理,促进了例如简化架构下SOC级别的安全执行域。For example, according to the processing method in at least one embodiment of the present disclosure, the execution domain status information includes non-secure identification information, and determining whether to process the transaction based on the result of matching the execution domain status information includes: responding to the matching non-security identification information indicating execution The domain is not secure to prohibit processing the transaction; and the non-matching non-secure identification information indicates that the execution domain is not secure to process the transaction. In this way, the processing method according to at least one embodiment of the present disclosure can determine whether to process a transaction based on the matching result of the execution domain identifier, which facilitates, for example, a secure execution domain at the SOC level under a simplified architecture.
例如,根据本公开的至少一实施例的处理方法,执行域状态信息包括执行域标识符,并且基于匹配执行域状态信息的结果来确定是否处理事务,包括:响应于匹配执行域标识符来处理事务;以及响应于未匹配执行域标识符来禁止处理事务。如此,根据本公开的至少一实施例的处理方法可以基于执行域状态信息的匹配结果来确定是否事务的处理,促进了例如简化架构下SOC级别的安全执行域。For example, in the processing method according to at least one embodiment of the present disclosure, the execution domain status information includes the execution domain identifier, and determining whether to process the transaction based on the result of matching the execution domain status information includes: processing in response to matching the execution domain identifier the transaction; and in response to the execution domain identifier not being matched, inhibiting processing the transaction. In this way, the processing method according to at least one embodiment of the present disclosure can determine whether to process a transaction based on the matching result of the state information of the execution domain, which facilitates, for example, a secure execution domain at the SOC level under a simplified architecture.
例如,根据本公开的至少一实施例的处理方法,非安全标识信息通过映射到AXI总线AxPROT[1]来传递。例如,参见上文的表1,非安全标识信息通过映射到AXI总线AxPROT[1]来传递,其中AxPROT[1]的值0表示安全访问,并且AxPROT[1]的值1表示非安全访问。如此,根据本公开的至少一实施例的处理方法可以促进非安全标识信息的传输的实现。For example, according to the processing method of at least one embodiment of the present disclosure, the non-secure identification information is transferred by mapping to the AXI bus AxPROT[1]. For example, referring to Table 1 above, non-secure identification information is communicated by mapping to the AXI bus AxPROT[1], where a value of 0 for AxPROT[1] indicates secure access, and a value of 1 for AxPROT[1] indicates non-secure access. In this way, the processing method according to at least one embodiment of the present disclosure can facilitate the realization of the transmission of non-secure identification information.
例如,根据本公开的至少一实施例的处理方法,执行域标识符通过基于AXI用户(AXI User)信号来传递。这里,AXI用户信号例如是基于AXI扩展的信号。如此,根据本公开的至少一实施例的处理方法可以促进执行域标识符的传输的实现。For example, according to the processing method of at least one embodiment of the present disclosure, the execution domain identifier is transmitted based on an AXI User (AXI User) signal. Here, the AXI user signal is, for example, a signal based on AXI extension. In this way, the processing method according to at least one embodiment of the present disclosure can facilitate the realization of performing the transmission of the domain identifier.
例如,根据本公开的至少一实施例的处理方法,由部署在从装置所在侧的安全过滤器匹配执行域标识符和/或确定是否处理事务。例如,参见图11,可以通过从装置侧部署的安全过滤器执行域标识符的匹配和/或确定是否处理事务。如此,根据本公开的至少一实施例的处理方法可以经由安全过滤器来实现上述匹配操作,以确定是否处理事务。For example, in the processing method according to at least one embodiment of the present disclosure, the security filter deployed on the slave device side matches the execution domain identifier and/or determines whether to process the transaction. For example, referring to FIG. 11 , matching of domain identifiers and/or determining whether to process a transaction may be performed by a security filter deployed from the device side. In this way, the processing method according to at least one embodiment of the present disclosure can implement the above-mentioned matching operation through a security filter to determine whether to process a transaction.
例如,根据本公开的至少一实施例的处理方法,安全过滤器由IO-PMP技术实现。如此,根据本公开的至少一实施例的处理方法提供了实现上述安全过滤器的示例性技术。For example, according to the processing method of at least one embodiment of the present disclosure, the security filter is implemented by IO-PMP technology. Thus, the processing method according to at least one embodiment of the present disclosure provides an exemplary technique for implementing the above-mentioned security filter.
例如,根据本公开的至少一实施例的处理方法,还包括:使能高速缓存接收事务的数据和/或指令,其中,高速缓存包括用于记录执行域状态信息的字段;以及基于执行域状态信息操作高速缓存。例如,基于执行域状态信息操作高速缓存,使得存入高速缓存的数据和从高速缓存读出的数据带有执行域状态信息。例如,响应于执行域状态信息对应于写入操作,将执行域状态信息和相应的数据写入高速缓存中;或者响应于执行域状态信息对应于读取操作,将执行域状态信息和相应的数据一起读取到总线中。For example, the processing method according to at least one embodiment of the present disclosure further includes: enabling the cache to receive data and/or instructions of the transaction, wherein the cache includes a field for recording execution domain state information; and Information operation cache. For example, the cache is operated based on the execution domain state information, so that the data stored in the cache and the data read from the cache carry the execution domain state information. For example, in response to the execution domain state information corresponding to a write operation, the execution domain state information and corresponding data are written into the cache; or in response to the execution domain state information corresponding to a read operation, the execution domain state information and the corresponding Data is read onto the bus together.
如此,根据本公开的至少一实施例的处理方法可以通过携带有的执行域状态信息(例如DID和/或NS)实现基于执行域的细粒度操作。关于高速缓存的附加方面可以参见例如上文关于图6描述的部分以及高速缓存的优化。In this way, the processing method according to at least one embodiment of the present disclosure can implement fine-grained operations based on the execution domain by carrying the execution domain state information (such as DID and/or NS). Additional aspects regarding caching can be found, for example, in the section described above with respect to FIG. 6 and optimization of caching.
例如,根据本公开的至少一实施例的处理方法,主装置属于一个执行域或多个不同的执行域。例如,参见图11,主装置处理器核可以包括三个执行域,安全主装置、非安全主装置可以各自包括一个执行域。For example, according to the processing method of at least one embodiment of the present disclosure, the master device belongs to one execution domain or multiple different execution domains. For example, referring to FIG. 11 , the processor core of the master device may include three execution domains, and the secure master device and the non-secure master device may each include one execution domain.
如此,根据本公开的至少一实施例的处理方法可以针对主装置单独或分别执行事务,以促进系统的安全性。In this way, the processing method according to at least one embodiment of the present disclosure can execute transactions individually or separately for the master device, so as to promote the security of the system.
与上述根据本公开的至少一实施例的处理方法相对应地,本公开的至少一实施例提供了一种片上系统,参见图13B。在其他方面,该片上系统例如与参见图11描述的片上系统相对应。Corresponding to the above processing method according to at least one embodiment of the present disclosure, at least one embodiment of the present disclosure provides a system on a chip, see FIG. 13B . In other respects, the system-on-chip corresponds, for example, to the system-on-chip described with reference to FIG. 11 .
图13B示出了根据本公开的至少一实施例的片上系统1350的示意图。FIG. 13B shows a schematic diagram of a system-on-chip 1350 according to at least one embodiment of the present disclosure.
参见图13B,片上系统1350主装置1360以及从装置1370。Referring to FIG. 13B , the SoC 1350 has a master device 1360 and a slave device 1370 .
主装置1360被配置为通过系统总线发出执行域状态信息,执行域状态信息与事务的执行域相关联。The master device 1360 is configured to send out execution domain status information through the system bus, the execution domain status information being associated with the execution domain of the transaction.
从装置1370被配置为通过系统总线接收执行域状态信息,并基于匹配执行域状态信息的结果来确定是否处理事务。The slave device 1370 is configured to receive execution domain status information through the system bus, and determine whether to process a transaction based on a result of matching the execution domain status information.
如此,根据本公开的至少一实施例的片上系统可以构建SOC级别的安全执行域。In this way, the system on chip according to at least one embodiment of the present disclosure can construct a SOC-level security execution domain.
下面描述根据本公开的至少一实施例的片上系统的一些示例性的附加方面。Some exemplary additional aspects of a system-on-chip according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的片上系统,执行域状态信息包括执行域标识符和非安全标识信息,并且从装置还被配置为:响应于匹配执行域标识符并且非安全标识信息指示执行域安全,处理事务;并且响应于未匹配执行域标识符和/或非安全标识信息指示执行域不安全,禁止处理事务。For example, in the system-on-chip according to at least one embodiment of the present disclosure, the execution domain status information includes the execution domain identifier and non-secure identification information, and the slave device is further configured to: respond to matching the execution domain identifier and the non-secure identification information indicates The execution domain is secured, processing the transaction; and in response to the failure to match the execution domain identifier and/or the non-secure identification information indicating that the execution domain is not secure, refraining from processing the transaction.
例如,根据本公开的至少一实施例的片上系统,执行域状态信息包括非安全标识信息,并且从装置还被配置为:响应于匹配非安全标识信息指示执行域不安全来禁止处理事务;并且响应于未匹配非安全标识信息指示执行域不安全来处理事务。For example, according to the system on chip of at least one embodiment of the present disclosure, the execution domain status information includes non-secure identification information, and the slave device is further configured to: prohibit processing transactions in response to matching the non-secure identification information indicating that the execution domain is unsafe; and The transaction is processed in response to the failure to match the non-secure identification information indicating that the execution domain is not secure.
例如,根据本公开的至少一实施例的片上系统,执行域状态信息包括执行域标识符,并且从装置还被配置为:响应于匹配执行域标识符来处理事务;并且响应于未匹配执行域标识符来禁止处理事务。For example, according to the system on chip of at least one embodiment of the present disclosure, the execution domain state information includes the execution domain identifier, and the slave device is further configured to: process the transaction in response to matching the execution domain identifier; Identifier to disable transactions.
例如,根据本公开的至少一实施例的片上系统,非安全标识信息通过映射到AXI总线AxPROT[1]来传递。For example, in the system on chip according to at least one embodiment of the present disclosure, the non-secure identification information is transferred by mapping to the AXI bus AxPROT[1].
例如,根据本公开的至少一实施例的片上系统,执行域标识符通过基于AXI用户信号来传递。For example, in the system-on-chip according to at least one embodiment of the present disclosure, the execution domain identifier is transferred based on an AXI user signal.
例如,根据本公开的至少一实施例的片上系统,还包括:部署在从装置所在侧的安全过滤器,被配置为匹配执行域标识符和/或确定是否处理事务。For example, the system on chip according to at least one embodiment of the present disclosure further includes: a security filter deployed on the side where the slave device is located, configured to match the execution domain identifier and/or determine whether to process the transaction.
例如,根据本公开的至少一实施例的片上系统,安全过滤器由IO-PMP技术实现。For example, in the system on chip according to at least one embodiment of the present disclosure, the security filter is implemented by IO-PMP technology.
例如,根据本公开的至少一实施例的片上系统,还包括:高速缓存控制器,被配置为:使能高速缓存接收事务的数据和/或指令,其中,高速缓存包括用于记录执行域状态信息的字段;以及基于执行域状态信息操作高速缓存。For example, the system on chip according to at least one embodiment of the present disclosure further includes: a cache controller configured to: enable the cache to receive data and/or instructions of a transaction, wherein the cache includes a fields of information; and manipulating the cache based on the execution domain state information.
例如,根据本公开的至少一实施例的片上系统,主装置属于一个执行域或多个不同的执行域。For example, in the system on chip according to at least one embodiment of the present disclosure, the master device belongs to one execution domain or a plurality of different execution domains.
上述根据本公开的至少一实施例的片上系统1350的附加方面可以与根据本公开的至少一实施例的处理方法1300的附加方面相对应,因此根据本公开的至少一实施例的处理方法1300的附加方面的技术效果同样可以映射到根据本公开的至少一实施例的片上系统1350的附加方面,在此不再赘述。The above additional aspects of the system on chip 1350 according to at least one embodiment of the present disclosure may correspond to the additional aspects of the processing method 1300 according to at least one embodiment of the present disclosure, so the processing method 1300 according to at least one embodiment of the present disclosure The technical effects of the additional aspects may also be mapped to the additional aspects of the system on chip 1350 according to at least one embodiment of the present disclosure, which will not be repeated here.
另外,上述根据本公开的至少一实施例的片上系统的附加方面仅是示例性的,可以通过其他架构来实现上述片上系统的附加方面并且可以参考或结合例如上文图11描述的各个方面。In addition, the additional aspects of the above-mentioned system on chip according to at least one embodiment of the present disclosure are only exemplary, and the additional aspects of the above-mentioned system on chip can be implemented by other architectures and can refer to or combine various aspects such as those described in FIG. 11 above.
图14A示出了根据本公开的至少一实施例的操作处理器的方法的流程图。该操作处理器的方法例如可以在参见图2、图11或者图12描述的部分中或者其他合适的CPU或SOC系统架构中实现。参见图14A,该处理方法包括步骤S1410至步骤S1420。14A shows a flowchart of a method of operating a processor according to at least one embodiment of the present disclosure. The method for operating a processor can be implemented, for example, in the parts described with reference to FIG. 2 , FIG. 11 or FIG. 12 , or in other suitable CPU or SOC system architectures. Referring to FIG. 14A , the processing method includes steps S1410 to S1420.
在步骤S1410中,在处理器的控制状态寄存器中记录处理器的当前运行执行域的执行域状态信息。例如,这里的执行域状态信息可以包括执行域标识符和/或非安全标识信息。执行域标识符用于标识执行域,非安全标识信息可以标识该执行域是否安全或可信。例如,这里的控制状态寄存器可以是参见图4描述的控制状态寄存器。In step S1410, the execution domain status information of the currently running execution domain of the processor is recorded in the control status register of the processor. For example, the execution domain state information here may include an execution domain identifier and/or non-secure identification information. The execution domain identifier is used to identify the execution domain, and the non-secure identification information can identify whether the execution domain is safe or credible. For example, the control status register here may be the control status register described with reference to FIG. 4 .
在步骤S1420中,在处理器处理当前运行执行域的事务的过程中,至少在处理器的部分流水线中传输执行域状态信息。例如,参见图12,可以在处理器的部分流水线中传输DID/NS信息。在通过总线连接到主装置的SOC系统架构中(例如,参见图11或图12),还可以促进SOC系统架构级别的DID/NS信息的传输。In step S1420, when the processor is processing the transaction of the current execution domain, the execution domain status information is transmitted in at least part of the pipeline of the processor. For example, referring to FIG. 12, the DID/NS information may be transmitted in a partial pipeline of the processor. In an SOC system architecture connected to a master device via a bus (eg, see FIG. 11 or FIG. 12 ), transmission of DID/NS information at the SOC system architecture level can also be facilitated.
如此,根据本公开的至少一实施例的操作处理器的方法可以促进基于执行域状态信息构建例如CPU、SOC等级别的安全执行域。In this way, the method for operating a processor according to at least one embodiment of the present disclosure can facilitate the construction of secure execution domains such as CPU, SOC and other levels based on execution domain state information.
下面描述根据本公开的至少一实施例的操作处理器的方法的一些示例性的附加方面。Some exemplary additional aspects of a method of operating a processor according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的操作处理器的方法,当前运行执行域是在执行紧接的上次特权模式解除指令进行执行域切换之后运行的执行域。如此,根据本公开的至少一实施例的操作处理器的方法可以将处理器核完成执行特权模式解除指令作为执行域切换完成的时间点。For example, according to the method for operating a processor according to at least one embodiment of the present disclosure, the currently running execution domain is the execution domain running after executing the execution domain switching of the last privileged mode release instruction. In this way, the method for operating a processor according to at least one embodiment of the present disclosure may take the completion of execution of the privileged mode release instruction by the processor core as the time point at which domain switching is completed.
例如,根据本公开的至少一实施例的操作处理器的方法,在机器模式下设置执行域状态信息将引起处理器的中断控制器的状态更新。如此,根据本公开的至少一实施例的操作处理器的方法可以促进中断操作的实现和安全性。For example, according to the method of operating a processor according to at least one embodiment of the present disclosure, setting execution domain state information in machine mode will cause a state update of the processor's interrupt controller. As such, the method of operating a processor according to at least one embodiment of the present disclosure can facilitate implementation and security of interrupt operations.
例如,根据本公开的至少一实施例的操作处理器的方法,还包括:处理器的访存单元和取指单元中针对事务的执行域状态信息仅当执行紧接的上次特权模式解除指令之后发生变化。例如,访存单元和取指单元中针对事务的执行域状态信息可以为LSU和IFU事务DID/NS信息。如此,根据本公开的至少一实施例的操作处理器的方法保证相应事务的流水线的正常运行。For example, the method for operating a processor according to at least one embodiment of the present disclosure further includes: the execution domain state information for transactions in the processor's memory access unit and instruction fetch unit is only executed when the last privileged mode release instruction is executed immediately Then change. For example, the execution domain status information for transactions in the memory access unit and the instruction fetch unit may be LSU and IFU transaction DID/NS information. In this way, the method for operating a processor according to at least one embodiment of the present disclosure ensures the normal operation of the pipeline of the corresponding transaction.
例如,根据本公开的至少一实施例的操作处理器的方法,在机器模式下,中断和特权模式陷入指令不会引起执行域状态信息发生变化。例如,在RISC-V架构中,特权模式陷入指令可以为ECALL,然而本公开的实施例不限于此,在其他架构中,可以存着其他的特权模式陷入指令。例如,参见图5,机器模式下中断和ECALL不会引起mdid值(DID/NS信息)发生变化,所以中断控制器(核本地中断控制器/平台级中断控制器)不会发生状态更新。如此,根据本公开的至少一实施例的操作处理器的方法可以促进执行域切换的正常运行。For example, according to the method for operating a processor according to at least one embodiment of the present disclosure, in machine mode, interrupts and privileged mode trapping instructions will not cause changes in execution domain state information. For example, in the RISC-V architecture, the privileged mode trapping instruction may be ECALL, but the embodiments of the present disclosure are not limited thereto, and other privileged mode trapping instructions may exist in other architectures. For example, referring to Figure 5, interrupts and ECALLs in machine mode will not cause mdid values (DID/NS information) to change, so interrupt controllers (core-local interrupt controllers/platform-level interrupt controllers) will not have status updates. As such, the method of operating a processor according to at least one embodiment of the present disclosure can facilitate normal operation for performing domain switching.
例如,根据本公开的至少一实施例的操作处理器的方法,还包括:处理器的访存单元和取指单元中针对事务的执行域状态信息将根据当前的机器模式切换到第一执行域,其中,第一执行域在处理器中具有最高的权限。这里,访存单元和取指单元中针对事务的执行域状态信息可以为LSU和IFU事务DID/NS信息,第一执行域例如为参见图2描述的执行域0。如此,根据本公开的至少一实施例的操作处理器的方法可以促进执行域切换的安全性。For example, the method for operating a processor according to at least one embodiment of the present disclosure further includes: the execution domain state information for transactions in the memory access unit and instruction fetch unit of the processor will be switched to the first execution domain according to the current machine mode , where the first execution domain has the highest authority in the processor. Here, the execution domain status information for transactions in the memory access unit and the instruction fetch unit may be LSU and IFU transaction DID/NS information, and the first execution domain is, for example, execution domain 0 described with reference to FIG. 2 . As such, the method of operating a processor according to at least one embodiment of the present disclosure may facilitate security in performing domain switching.
例如,根据本公开的至少一实施例的操作处理器的方法,执行域状态信息包括执行域标识符和非安全标识信息中的至少一个。例如,参见图12,执行域状态信息可以包括DID和NS信息。又例如,在简化的架构中,执行域状态信息可以包括DID和NS信息中的一者。如此,根据本公开的至少一实施例的操作处理器的方法可以适用于不同的应用场景。For example, according to the method of operating a processor according to at least one embodiment of the present disclosure, the execution domain status information includes at least one of an execution domain identifier and non-secure identification information. For example, referring to FIG. 12, the execution domain state information may include DID and NS information. For another example, in a simplified architecture, the execution domain state information may include one of DID and NS information. In this way, the method for operating a processor according to at least one embodiment of the present disclosure may be applicable to different application scenarios.
与上述根据本公开的至少一实施例的操作处理器的方法相对应地,本公开的至少一实施例提供了一种处理器,参见图14B。在其他方面,该处理器例如与参见图2、图12描述的架构相对应。Corresponding to the above method for operating a processor according to at least one embodiment of the present disclosure, at least one embodiment of the present disclosure provides a processor, see FIG. 14B . In other respects, the processor corresponds, for example, to the architecture described with reference to FIGS. 2 and 12 .
图14B示出了根据本公开的至少一实施例的处理器1450的示意图。FIG. 14B shows a schematic diagram of a processor 1450 according to at least one embodiment of the present disclosure.
参见图14B,处理器1450包括控制状态寄存器1460以及传输单元1470。Referring to FIG. 14B , the processor 1450 includes a control status register 1460 and a transmission unit 1470 .
控制状态寄存器1460被配置为记录处理器的当前运行执行域的执行域状态信息。The control status register 1460 is configured to record execution domain status information of the currently running execution domain of the processor.
传输单元1470被配置为在处理器处理当前运行执行域的事务的过程中,至少在处理器的部分流水线中传输执行域状态信息。例如,传输单元可以是基于各种数据传输协议在处理器内部或处理器与外部组件进行数据传输的各种组件。The transmission unit 1470 is configured to transmit the execution domain state information in at least part of the pipeline of the processor during the processing of the transaction of the current execution domain by the processor. For example, the transmission unit may be various components that perform data transmission within the processor or between the processor and external components based on various data transmission protocols.
如此,根据本公开的至少一实施例的处理器可以促进基于执行域状态信息构建例如CPU、SOC等级别的安全执行域。In this way, the processor according to at least one embodiment of the present disclosure can facilitate the construction of secure execution domains such as CPU, SOC and other levels based on execution domain state information.
下面描述根据本公开的至少一实施例的处理器的一些示例性的附加方面。Some exemplary additional aspects of a processor according to at least one embodiment of the present disclosure are described below.
例如,根据本公开的至少一实施例的处理器,当前运行执行域是在执行紧接的上次特权模式解除指令进行执行域切换之后运行的执行域。For example, in the processor according to at least one embodiment of the present disclosure, the currently running execution domain is the execution domain running after executing the execution domain switching of the last privileged mode release instruction.
例如,根据本公开的至少一实施例的处理器,还包括:中断控制器,被配置为响应于在机器模式下设置执行域状态信息来更新处理器的中断控制器的状态。For example, the processor according to at least one embodiment of the present disclosure further includes: an interrupt controller configured to update the state of the interrupt controller of the processor in response to setting the execution domain state information in the machine mode.
例如,根据本公开的至少一实施例的处理器,还包括:访存单元和取指单元,被配置为仅当执行紧接的上次特权模式解除指令之后变化访存单元和取指单元中针对事务的执行域状态信息。For example, the processor according to at least one embodiment of the present disclosure further includes: a memory access unit and an instruction fetch unit configured to change the memory access unit and the instruction fetch unit only after executing the last privileged mode release instruction Execution domain state information for a transaction.
例如,根据本公开的至少一实施例的处理器,在机器模式下,中断和特权模式陷入指令不会引起执行域状态信息发生变化。For example, in the processor according to at least one embodiment of the present disclosure, in the machine mode, interrupts and privileged mode trapping instructions will not cause changes in the state information of the execution domain.
例如,根据本公开的至少一实施例的处理器,还包括:访存单元和取指单元,被配置为根据当前的机器模式将访存单元和取指单元中针对事务的执行域状态信息切换到第一执行域,其中,第一执行域在处理器中具有最高的权限。For example, the processor according to at least one embodiment of the present disclosure further includes: a memory access unit and an instruction fetch unit configured to switch the execution domain state information for transactions in the memory access unit and the instruction fetch unit according to the current machine mode to the first execution domain, where the first execution domain has the highest authority in the processor.
例如,根据本公开的至少一实施例的处理器,执行域状态信息包括执行域标识符和非安全标识信息中的至少一个。For example, according to the processor in at least one embodiment of the present disclosure, the execution domain state information includes at least one of an execution domain identifier and non-secure identification information.
上述根据本公开的至少一实施例的处理器1450的附加方面可以与根据本公开的至少一实施例的操作处理器的方法1400的附加方面相对应,因此根据本公开的至少一实施例的操作处理器的方法1400的附加方面的技术效果同样可以映射到根据本公开的至少一实施例的处理器1450的附加方面,在此不再赘述。The above additional aspects of the processor 1450 according to at least one embodiment of the present disclosure may correspond to the additional aspects of the method 1400 for operating a processor according to at least one embodiment of the present disclosure, so the operation according to at least one embodiment of the present disclosure The technical effects of the additional aspects of the processor method 1400 may also be mapped to the additional aspects of the processor 1450 according to at least one embodiment of the present disclosure, which will not be repeated here.
另外,上述根据本公开的至少一实施例的处理器的附加方面仅是示例性的,可以通过其他架构来实现上述处理器的附加方面并且可以参考或结合例如上文图2或图12描述的各个方面。In addition, the above-mentioned additional aspects of the processor according to at least one embodiment of the present disclosure are only exemplary, and the above-mentioned additional aspects of the processor can be implemented through other architectures and can be referred to or combined with, for example, the above described in FIG. 2 or FIG. 12 every aspect.
图15示出了根据本公开的至少一实施例的电子装置1500的示意图。FIG. 15 shows a schematic diagram of an electronic device 1500 according to at least one embodiment of the present disclosure.
如图15所示,电子装置1500包括处理器1510和存储器1520。存储器1520包括一个或多个计算机程序模块1521。一个或多个计算机程序模块1521被存储在存储器1520中并被配置为由处理器1510执行,该一个或多个计算机程序模块1521包括用于执行根据本公开的至少一实施例的上述各种方法的指令,其被处理器1510执行时,可以执行根据本公开的至少一实施例的上述各种方法及其附加方面的一个或多个步骤。存储器1520和处理器1510可以通过总线系统和/或其他形式的连接机构(未示出)互连。例如,该总线可以是外设部件互连标准(PCI)总线或扩展工业标准结构(EISA)总线等。该通信总线可以分为地址总线、数据总线、控制总线等。As shown in FIG. 15 , the electronic device 1500 includes a processor 1510 and a memory 1520 . Memory 1520 includes one or more computer program modules 1521 . One or more computer program modules 1521 are stored in the memory 1520 and are configured to be executed by the processor 1510, and the one or more computer program modules 1521 include a method for performing the above-mentioned various methods according to at least one embodiment of the present disclosure. The instructions, when executed by the processor 1510, may perform one or more steps of the above-mentioned various methods and additional aspects thereof according to at least one embodiment of the present disclosure. The memory 1520 and the processor 1510 may be interconnected by a bus system and/or other forms of connection mechanisms (not shown). For example, the bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus can be divided into an address bus, a data bus, a control bus, and the like.
示例性地,处理器1510可以是中央处理单元(CPU)、数字信号处理器(DSP)或者具有数据处理能力和/或程序执行能力的其他形式的处理单元,例如现场可编程门阵列(FPGA)等;例如,中央处理单元(CPU)可以为RISC-V架构或其他合适类型的架构等。处理器1510可以为通用处理器或专用处理器,可以控制电子装置1500中的其他组件以执行期望的功能。Exemplarily, the processor 1510 may be a central processing unit (CPU), a digital signal processor (DSP) or other forms of processing units with data processing capability and/or program execution capability, such as a field programmable gate array (FPGA) etc.; for example, the central processing unit (CPU) may be a RISC-V architecture or other suitable types of architectures, etc. The processor 1510 can be a general-purpose processor or a special-purpose processor, and can control other components in the electronic device 1500 to perform desired functions.
示例性地,存储器1520可以包括一个或多个计算机程序产品的任意组合,计算机程序产品可以包括各种形式的计算机可读存储介质,例如易失性存储器和/或非易失性存储器。易失性存储器例如可以包括随机存取存储器(RAM)和/或高速缓存(cache)等。非易失性存储器例如可以包括只读存储器(ROM)、硬盘、可擦除可编程只读存储器(EPROM)、便携式紧致盘只读存储器(CD-ROM)、USB存储器、闪存等。在计算机可读存储介质上可以存储一个或多个计算机程序模块1521,处理器1510可以运行一个或多个计算机程序模块1521,以实现电子装置1500的各种功能。在计算机可读存储介质中还可以存储各种应用程序和各种数据以及应用程序使用和/或产生的各种数据等。Exemplarily, memory 1520 may include any combination of one or more computer program products, and computer program products may include various forms of computer-readable storage media, such as volatile memory and/or nonvolatile memory. The volatile memory may include random access memory (RAM) and/or cache (cache), etc., for example. Non-volatile memory may include, for example, read only memory (ROM), hard disks, erasable programmable read only memory (EPROM), compact disc read only memory (CD-ROM), USB memory, flash memory, and the like. One or more computer program modules 1521 can be stored on a computer-readable storage medium, and the processor 1510 can run one or more computer program modules 1521 to realize various functions of the electronic device 1500 . Various application programs, various data, and various data used and/or generated by the application programs can also be stored in the computer-readable storage medium.
例如,电子装置1500还可以包括例如触摸屏、触摸板、键盘、鼠标、摄像头、麦克风、加速度计、陀螺仪等输入装置;包括诸如液晶显示器、扬声器、振动器等输出装置;包括例如磁带、硬盘(HDD或SDD)等存储装置;例如还可以包括诸如LAN卡、调制解调器等的网络接口卡等通信装置。通信装置可以允许电子装置1500与其他设备进行无线或有线通信以交换数据,经由诸如因特网的网络执行通信处理。根据需要驱动器连接至I/O接口。可拆卸存储介质,诸如磁盘、光盘、磁光盘、半导体存储器等,根据需要安装在该驱动器上,以便于从其上读出的计算机程序根据需要被安装入存储装置。For example, the electronic device 1500 may also include input devices such as a touch screen, a touchpad, a keyboard, a mouse, a camera, a microphone, an accelerometer, and a gyroscope; include output devices such as a liquid crystal display, a speaker, and a vibrator; include, for example, a magnetic tape, a hard disk ( storage devices such as HDD or SDD); for example, communication devices such as network interface cards such as LAN cards and modems may also be included. The communication device may allow the electronic device 1500 to perform wireless or wired communication with other devices to exchange data, perform communication processing via a network such as the Internet. Drivers are connected to the I/O interface as required. A removable storage medium, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is mounted on the drive as necessary so that a computer program read therefrom is installed into the storage device as necessary.
例如,该电子装置1500还可以进一步包括外设接口(图中未示出)等。该外设接口可以为各种类型的接口,例如为USB接口、闪电(lighting)接口等。该通信装置可以通过无线通信来与网络和其他设备进行通信,该网络例如为因特网、内部网和/或诸如蜂窝电话网络之类的无线网络、无线局域网(LAN)和/或城域网(MAN)。无线通信可以使用多种通信标准、协议和技术中的任何一种,包括但不局限于全球移动通信系统(GSM)、增强型数据GSM环境(EDGE)、宽带码分多址(W-CDMA)、码分多址(CDMA)、时分多址(TDMA)、蓝牙、Wi-Fi(例如基于IEEE 802.11a、IEEE 802.11b、IEEE 802.11g和/或IEEE 802.11n标准)、基于因特网协议的语音传输(VoIP)、Wi-MAX,用于电子邮件、即时消息传递和/或短消息服务(SMS)的协议,或任何其他合适的通信协议。For example, the electronic device 1500 may further include a peripheral interface (not shown in the figure) and the like. The peripheral interface may be various types of interfaces, for example, a USB interface, a lightning (lightning) interface, and the like. The communication device can communicate with networks and other devices by wireless communication, such as the Internet, an intranet and/or a wireless network such as a cellular telephone network, a wireless local area network (LAN) and/or a metropolitan area network (MAN ). Wireless communications can use any of a variety of communications standards, protocols, and technologies, including but not limited to Global System for Mobile Communications (GSM), Enhanced Data GSM Environment (EDGE), Wideband Code Division Multiple Access (W-CDMA) , Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), Bluetooth, Wi-Fi (e.g. based on IEEE 802.11a, IEEE 802.11b, IEEE 802.11g and/or IEEE 802.11n standards), Voice over Internet Protocol (VoIP), Wi-MAX, protocols for email, instant messaging and/or Short Message Service (SMS), or any other suitable communication protocol.
该电子装置1500例如可以是片上系统(SOC)或者包括该SOC的设备,例如,可以为手机、平板电脑、笔记本电脑、电子书、游戏机、电视机、数码相框、导航仪、家用电器、通信基站、工业控制器、服务器等任何设备,也可以为任意的数据处理装置及硬件的组合,本公开的实施例对此不作限制。该电子装置1500的具体功能和技术效果可以参考上文中关于根据本公开的至少一实施例的用于精简指令集计算机处理器的上述各种方法及其附加方面的描述,此处不再赘述。The electronic device 1500 may be, for example, a system-on-chip (SOC) or a device including the SOC, for example, a mobile phone, a tablet computer, a notebook computer, an e-book, a game console, a television, a digital photo frame, a navigator, a household appliance, a communication Any equipment such as a base station, an industrial controller, and a server may also be any combination of data processing devices and hardware, which is not limited in the embodiments of the present disclosure. For specific functions and technical effects of the electronic device 1500 , reference may be made to the above descriptions of various methods and additional aspects thereof for a RISC processor according to at least one embodiment of the present disclosure, and details are not repeated here.
图16示出了根据本公开的至少一实施例的非瞬时可读存储介质1600的示意图。FIG. 16 shows a schematic diagram of a non-transitory readable storage medium 1600 according to at least one embodiment of the present disclosure.
如图16所示,非瞬时可读存储介质1600上存储有计算机指令1610,该计算机指令1610被处理器执行时执行如上所述的各种方法及其附加方面中的一个或多个步骤。As shown in FIG. 16 , computer instructions 1610 are stored on a non-transitory readable storage medium 1600 , and when the computer instructions 1610 are executed by a processor, one or more steps in the above-mentioned various methods and additional aspects thereof are executed.
示例性地,该非瞬时可读存储介质1600可以是一个或多个计算机可读存储介质的任意组合,例如,一个计算机可读存储介质包含用于执行上述各种方法的程序代码。Exemplarily, the non-transitory readable storage medium 1600 may be any combination of one or more computer-readable storage media, for example, one computer-readable storage medium contains program codes for executing the above-mentioned various methods.
示例性地,当该程序代码由计算机读取时,计算机可以执行该计算机存储介质中存储的程序代码,执行以实现例如根据本公开的至少一实施例的上述各种方法及其附加方面的一个或多个步骤。Exemplarily, when the program code is read by a computer, the computer can execute the program code stored in the computer storage medium to implement, for example, one of the above-mentioned various methods and additional aspects thereof according to at least one embodiment of the present disclosure. or multiple steps.
示例性地,该非瞬时可读存储介质可以包括智能电话的存储卡、平板电脑的存储部件、个人计算机的硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦除可编程只读存储器(EPROM)、便携式紧致盘只读存储器(CD-ROM)、闪存、以及其他的非瞬时可读存储介质或其任意组合。Exemplarily, the non-transitory readable storage medium may include a memory card of a smart phone, a storage component of a tablet computer, a hard disk of a personal computer, random access memory (RAM), read only memory (ROM), erasable programmable Read Only Memory (EPROM), Compact Disc Read Only Memory (CD-ROM), Flash Memory, and other non-transitory readable storage media or any combination thereof.
本说明书中的至少部分实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。At least some of the embodiments in this specification are described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of the various embodiments can be referred to each other.
需要说明的是,在本文中,诸如第一、第二等的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且进一步包括没有明确列出的其他要素,或者是进一步包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括……”限定的要素,并不排除在包括要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that in this article, relational terms such as first, second, etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that there is a relationship between these entities or operations. Any such actual relationship or sequence. The term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or apparatus comprising a set of elements includes not only those elements, but further includes other elements not expressly listed elements, or further include elements inherent in such a process, method, article, or apparatus. Without further limitations, an element defined by the statement "comprising..." does not exclude the presence of additional identical elements in the process, method, article or device that includes the element.
对于本公开,还有以下几点需要说明:For this disclosure, the following points need to be explained:
(1)本公开实施例附图只涉及到与本公开实施例涉及到的结构,其他结构可参考通常设计。(1) The drawings of the embodiments of the present disclosure only relate to the structures involved in the embodiments of the present disclosure, and other structures may refer to general designs.
(2)在不冲突的情况下,本公开的实施例及实施例中的特征可以相互组合以得到新的实施例。(2) In the case of no conflict, the embodiments of the present disclosure and the features in the embodiments can be combined with each other to obtain new embodiments.
以上所述仅是本公开的示范性实施方式,而非用于限制本公开的保护范围,本公开的保护范围由所附的权利要求确定。The above descriptions are only exemplary implementations of the present disclosure, and are not intended to limit the protection scope of the present disclosure, which is determined by the appended claims.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310632553.8ACN116644413A (en) | 2023-05-31 | 2023-05-31 | Processing method, system on chip, electronic device and storage medium |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310632553.8ACN116644413A (en) | 2023-05-31 | 2023-05-31 | Processing method, system on chip, electronic device and storage medium |
| Publication Number | Publication Date |
|---|---|
| CN116644413Atrue CN116644413A (en) | 2023-08-25 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310632553.8APendingCN116644413A (en) | 2023-05-31 | 2023-05-31 | Processing method, system on chip, electronic device and storage medium |
| Country | Link |
|---|---|
| CN (1) | CN116644413A (en) |
| Publication | Publication Date | Title |
|---|---|---|
| US8677457B2 (en) | Security for codes running in non-trusted domains in a processor core | |
| US11030126B2 (en) | Techniques for managing access to hardware accelerator memory | |
| EP3311282B1 (en) | Shared pages | |
| US10552337B2 (en) | Memory management and device | |
| US10838877B2 (en) | Protected exception handling | |
| US7516247B2 (en) | Avoiding silent data corruption and data leakage in a virtual environment with multiple guests | |
| US7543131B2 (en) | Controlling an I/O MMU | |
| EP3311281B1 (en) | Address translation | |
| US8893267B1 (en) | System and method for partitioning resources in a system-on-chip (SoC) | |
| US7480784B2 (en) | Ensuring deadlock free operation for peer to peer traffic in an input/output memory management unit (IOMMU) | |
| IL255645A (en) | Secure initialisation | |
| US20160019168A1 (en) | On-Demand Shareability Conversion In A Heterogeneous Shared Virtual Memory | |
| IL255644A (en) | Data processing apparatus and method | |
| CN109791584B (en) | Processor extensions for identifying and avoiding tracking conflicts between virtual machine monitors and guest virtual machines | |
| JP2014211891A (en) | Virtualizing performance counters | |
| JP6071341B2 (en) | Memory management unit with region descriptor globalization control | |
| US10140148B1 (en) | Copy based IOMMU emulation for out-of-process emulated devices | |
| CN116644414A (en) | Processing method, system, electronic system and storage medium | |
| CN116644007A (en) | Method of operating a translation look-aside buffer and a translation look-aside buffer controller | |
| CN116644413A (en) | Processing method, system on chip, electronic device and storage medium | |
| CN116644416A (en) | Method for operating a processor, processor, electronic device and storage medium | |
| Kornaros et al. | Towards full virtualization of heterogeneous noc-based multicore embedded architectures | |
| Bost | Hardware support for robust partitioning in freescale qoriq multicore socs (p4080 and derivatives) | |
| CN116644415A (en) | Interrupt processing method, interrupt controller, electronic device and storage medium | |
| CN116644003A (en) | Method of operating cache and cache controller |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |