1. Field of the Invention
This invention relates to the field of interrupt handling in data processing systems.
2. Description of the Prior Art
Hypervisor systems are known to run at a variety of different execution levels. The execution levels are organised in a hierarchy, with higher execution levels being given a greater number of privileges to the data processing system than lower execution levels. Typically, a particular execution level is able to perform any action and access any data that a lower execution level can.
A virtualised system may operate using four execution levels. User software may execute at the lowest and least privileged level, EL0. This software may include those applications run by a user in day-to-day work and software that does not require any special privileges in order to execute correctly.
At a next highest level, EL1, an operating system may execute. Typically, an operating system manages a number of user applications that run under it at EL0 and enables access to hardware resources for user applications. Accordingly, an operating system executing within EL1 has an increased privilege level with respect to EL0 as it is able to access and control the behaviour of the user applications that run under EL0.
A hypervisor may run in EL2. A hypervisor typically controls the number, behaviour, and resource management of a number of operating systems that execute under EL1. Since multiple operating systems may compete for access to hardware resources, the hypervisor must be able to grant or deny such access requests. Accordingly, the hypervisor runs at the higher privilege level EL2 as compared to the operating systems that run at EL1.
Data processing systems are also known to operate in a variety of execution modes, such as secure and non-secure states. By providing a data processing apparatus that can operate in both a secure and non-secure state, it is possible to separate the execution of secure operations from those that are non-secure operations. Furthermore, data that is considered to be secure can be kept separate from data that is not secure. Consequently, secure data and secure operations can be isolated from other data and operations that may be considered to be insecure. Hence, the security of the system is preserved. Hypervisor systems may also operate in secure and non-secure modes. In these instances, each execution level may operate in one or either of the secure and non-secure mode.
Switching between the secure and non-secure mode must be handled at the most secure and privileged execution level in order to ensure that software executing in the non-secure mode of operation cannot access data belonging to the secure mode of operation and in some cases, vice-versa. Thus, an EL3 level may be provided at which a secure monitor which controls this switching operates. This EL3 level is the highest privilege level, whose responsibility is to determine when a change of mode is required and to effect this required change of execution mode.
When handling interrupts in a system that runs at a number of different execution levels, it is necessary to isolate particular data storage elements that are used during the handling of the interrupt. For example, a subset of system registers may be partitioned such that only software running at execution level EL1 or above is able to access a first subset of registers, only software running at execution EL2 or above is able to access a second subset of registers, and only software executing at execution EL3 is able to access a third set of subset registers. This partitioning may be carried out for both secure and non-secure modes for operation, where appropriate. Such isolation ensures that software running at a lower execution level is not able to interfere with, or affect the execution of software running at a higher execution level.