這裡將詳細地對示例性實施例進行說明,其示例表示在圖式中。下面的描述關於圖式時,除非另有表示,不同圖式中的相同數字表示相同或相似的要素。以下示例性實施例中所描述的實施方式並不代表與本說明書一個或多個實施例相一致的所有實施方式。相反,它們僅是與如所附申請專利範圍中所詳述的、本說明書一個或多個實施例的一些態樣相一致的裝置和方法的範例。
需要說明的是:在其他實施例中並不一定按照本說明書示出和描述的順序來執行相應方法的步驟。在一些其他實施例中,其方法所包括的步驟可以比本說明書所描述的更多或更少。此外,本說明書中所描述的單個步驟,在其他實施例中可能被分解為多個步驟進行描述;而本說明書中所描述的多個步驟,在其他實施例中也可能被合併為單個步驟進行描述。
電子設備通常包括多個處理器,但每個處理器獨立運行各自的作業系統,並在其運行的作業系統下執行各自的任務。各處理器之間互不影響各自的任務處理。換言之,各處理器處理各自的任務,並且不會處理其他處理器的任務。
當電子設備中用於處理安全任務的目標處理器檢測到使用者觸發的安全任務時,可將作業系統由基礎作業系統切換為安全作業系統,在安全作業系統的系統環境中執行安全任務。而當安全任務複雜繁多時,僅由該目標處理器處理該安全任務就會大大降低安全任務的處理效率。
有鑑於此,本說明書提出一種安全任務處理方法,電子設備中的用於處理安全任務的目標處理器可以因應監測到的安全任務處理器請求,並將目標處理器運行的作業系統切換為安全作業系統;
所述目標處理器在安全作業系統的系統環境中,將所述安全任務處理請求對應的安全任務劃分為多個安全子任務,並在所述安全作業系統的系統環境中執行劃分出的安全子任務;以及將所述多個安全子任務儲存至共用儲存空間;
目標處理器以外的滿足預設條件的其它處理器,將該其他處理器運行的作業系統切換為安全作業系統,並在所述安全作業系統的系統環境中執行從所述共用儲存空間中讀取到的安全子任務。
由上述描述可以看出,目標處理器將安全任務進行劃分,並將劃分得到的安全子任務儲存在共用儲存空間中,使得該目標處理器以外的滿足條件的其他處理器可以讀取並執行該共用儲存空間中的安全子任務。由於不再是由目標處理器單獨處理安全任務,而是由多個處理器共同處理安全任務,所以可以大大提高安全任務的處理效率。
參見圖1,圖1是本說明書一示例性實施例示出的一種電子設備的示意圖。
該電子設備包括多個處理器、網路介面、儲存媒體和匯流排。當然,在實際應用中,該電子設備還可包括其他硬體,比如邏輯晶片、輸入/輸出介面等。這裡只是對電子設備的硬體進行示例性地說明,不對其進行具體地限定。
其中,多個處理器、網路介面、儲存媒體可透過匯流排完成相互間的通訊。
上述處理器可以是ARM(Advanced RISC Machines,先進RISC處理器晶片)晶片(比如ARMv8),也可以是Intel x86(英特爾x86)晶片等。這裡只是對處理器的型號進行示例性地說明,不對該處理器型號進行具體地限定。
上述儲存媒體可以是任何電子、磁性、光學或其它物理儲存裝置,可以包含儲存資訊,如可執行指令、資料讀寫,等等。例如,處理器可讀寫儲存媒體可以是:動態記憶體、非揮發性記憶體或者類似的儲存媒體。
下面參見圖2並結合圖1,對本說明書提供的安全任務處理方法進行詳細地說明。
參見圖2,圖2是本說明書一示例性實施例示出的一種安全任務處理方法的流程圖,該方法可應用在如圖1所示的電子設備上,該安全任務處理方法可包括如下所示的步驟。
步驟202:目標處理器因應監測到的安全任務處理請求,將該目標處理器運行的作業系統切換為安全作業系統。
其中,目標處理器是指電子設備的多個處理器中、用於處理安全任務的處理器。該目標處理器可以是預先指定的一個用於處理安全任務的處理器,也可以是最先監測到安全任務處理請求的處理器。這裡不對其進行具體地限定。
其中,安全任務是指安全性要求高的任務。比如,用戶透過安全應用(比如支付類的APP等)完成帳單或者訂單支付相關的任務。使用者透過安全應用進行使用者資訊認證的任務等。這裡只是對安全任務進行示例性地說明,不對其進行具體地限定。
在本說明書實施例中,當安全應用(比如支付寶應用等)的驅動監測到用戶觸發安全應用上的安全任務時,安全應用的驅動可發起安全任務處理請求。
目標處理器可以回應該安全任務處理請求,獲取該安全任務處理請求對應的安全任務。
在一種可選的獲取方式中,該安全任務處理請求中攜帶了安全任務,目標處理器可以對該安全任務處理請求進行解析,獲取該安全任務處理請求中攜帶的安全任務。
在另一種可選的獲取方式中,該安全任務處理請求攜帶了安全任務的標識。當用戶觸發該安全任務後,該安全任務可以記錄在快取中。目標處理器可以對該安全任務處理請求進行解析,獲取該安全任務處理請求攜帶的安全任務的標識,並基於該安全任務的標識在快取中讀取該安全任務。
此外,目標處理器還可將該目標處理器運行的作業系統由基礎作業系統切換為安全作業系統。
在實現切換時,處理器可以調取儲存媒體中的切換模組中記錄的切換邏輯,將該處理器的作業系統由基礎作業系統切換為安全作業系統。
例如,當該目標處理器為ARMv8處理器時,該電子設備的儲存媒體中儲存有Secure monitor(安全監控器)模組。目標處理器可以調用Secure monitor模組中的切換邏輯,將該目標處理器運行的作業系統由基礎作業系統切換為安全作業系統。
這裡只是對作業系統切換方式進行示例性地說明,不對其進行具體地限定。
步驟204:目標處理器在安全作業系統的系統環境中,將所述安全任務處理請求對應的安全任務劃分為多個安全子任務,並在所述安全作業系統的系統環境中執行劃分出的安全子任務;以及將所述多個安全子任務儲存至共用儲存空間。
下面透過步驟2041至步驟2043對步驟204進行詳細地說明。
步驟2041:目標處理器在安全作業系統的系統環境中,將所述安全任務處理請求對應的安全任務劃分為多個安全子任務。
在一種可選的實現方式中,目標處理器可檢測獲取到的該安全任務處理請求對應的安全任務是否為可劃分的安全任務。若該安全任務為可劃分的安全任務,目標處理器可將該安全任務劃分為多個可獨立執行的安全子任務。若該安全任務為不可劃分的安全任務,則不對該安全任務進行劃分,仍由目標處理器來處理該安全任務。
下面介紹下“檢測該安全任務是否為可劃分的安全任務”的實現方式。
方式一:該安全任務中攜帶了可劃分標識。
目標處理器可檢測該可劃分標識的取值,若該可劃分標識的取值為第一預設值(比如1)時,可確定該安全任務為可劃分的安全任務。若該可劃分標識的取值為第二預設值(比如0)時,可確定該安全任務為不可劃分的安全任務。
方式二:目標處理器可依據預設的策略檢測該安全任務是否為可劃分的安全任務。
比如目標處理器可依據安全任務的任務類型確定該安全任務是否為可劃分的安全任務。
當然,安全任務中可能包括多個可獨立執行的子步驟,每個子步驟結束或者開始時配置有預設關鍵字。目標處理器還可基於該安全任務中是否攜帶有預設關鍵字的個數,來確定該安全任務是否是可劃分的安全任務。
例如,當目標處理器確定安全任務攜帶的預設關鍵字的個數大於1時,確定該安全任務是可劃分的安全任務。當該安全任務攜帶的預設關鍵字的個數等於1時,確定該安全任務是不可劃分的安全任務。
這裡只是對“檢測該安全任務是否為可劃分的安全任務”進行示例性地說明,不對該其進行具體地限定。
在對安全任務進行劃分時,目標處理器可以基於預設的劃分策略,將該安全任務劃分為多個可獨立運行的安全子任務。
例如,安全任務中可能包括多個可獨立執行的子步驟,每個子步驟結束或者開始時配置有預設關鍵字。
目標處理器可以基於安全任務中的預設關鍵字,將安全任務劃分為多個安全子任務。
這裡只是對“將所述安全任務處理請求對應的安全任務劃分為多個安全子任務”進行示例性地說明,不對其進行具體地限定。
步驟2042:目標處理器將劃分出的多個安全子任務儲存至共用儲存空間中。
在本說明書實施例中,圖1中的儲存媒體開闢了共用儲存空間。該電子設備中的所有處理器可以向該共用儲存空間中寫入資料,也可從該共用儲存空間中讀取資料。
在一種可選的實現方式中,目標處理器可將劃分出的多個安全子任務直接儲存至共用儲存空間中。
在另一種可選的實現方式中,安全子任務需要按照循序執行的。目標處理器可以按照安全子任務的執行順序,將該多個安全子任務構造成安全子任務鏈表,並將該安全子任務鏈表儲存在共用儲存空間中。
例如,假設安全任務劃分出的安全子任務包括:安全子任務1、安全子任務2和安全子任務3。
安全子任務1、安全子任務2和安全子任務3需要循序執行。比如,需要依賴處理安全子任務1的結果才能處理安全子任務2,需要依賴處理安全子任務2的結果才能處理安全子任務3。此時,安全子任務的執行順序分別為:安全子任務1、安全子任務2、安全子任務3。
然後,目標處理器可按照該執行順序,將安全子任務1、安全子任務2和安全子任務3構造成安全子任務鏈表,並將該安全子任務鏈表儲存在共用儲存空間。
步驟2043:目標處理器可以在安全作業系統的系統環境下,執行劃分出的安全子任務。
在一種可選的實現方式中,共用儲存空間中儲存了待處理的安全子任務。目標處理器可從該共用儲存空間中讀取該待處理的安全子任務。若目標處理器可以讀取到待處理的安全子任務,則確定該安全任務未被執行完。此時,目標處理器可以在安全作業系統的系統環境下,執行該待處理的安全子任務。在目標處理器完安全子任務後,目標處理器可將該安全子任務從共用儲存空間中刪除。
若該目標處理器從該共用儲存空間中讀取不到待處理的安全子任務,則確定完成了該安全任務的處理。目標處理器可將本處理器運行的作業系統由安全作業系統切換為基礎作業系統。
在另一種可選的實現方式中,共用儲存單元儲存了所有安全子任務。各安全子任務被標記為待處理的安全子任務或已處理的安全子任務。
目標處理器可以讀取被標記為待處理的安全子任務,若目標處理器可以讀取到待處理的安全子任務,則確定該安全任務未被執行完。此時,目標處理器可以在安全作業系統的系統環境下,執行該待處理的安全子任務。目標處理器在處理完該待處理的安全子任務後,可將該安全子任務標記為已處理的安全子任務。
若該目標處理器從該共用儲存空間中讀取不到待處理的安全子任務,則確定完成了該安全任務的處理。目標處理器可將本處理器運行的作業系統由安全作業系統切換為基礎作業系統。
在標記安全任務是待處理的安全任務或者已處理的安全任務時,目標處理器可以為已處理的安全任務添加已處理標記,使得帶有已處理標記的安全認為為已處理的安全任務,未帶有已處理標記的安全任務為待處理的安全任務。
當然,目標處理器還可為共用儲存空間中的每個安全子任務配置一個處理標識。當該處理標識取值為第一預設值(如0)時,表明該安全子任務為待處理的安全子任務。當該處理標識取值為第二預設值(如1)時,表明該安全子任務為已處理的安全子任務。
步驟206:所述目標處理器以外的滿足預設條件的其它處理器,將該其他處理器運行的作業系統切換為安全作業系統,並在所述安全作業系統的系統環境中執行從所述共用儲存空間中讀取到的安全子任務。
其中,預設條件可包括:處理器負載小於預設閾值;及/或,沒有待處理的任務。滿足預設條件的其他處理器包括:處理器負載小於預設閾值的處理器,及/或,沒有待處理的任務的處理器。
設置這樣的預設條件目的是使得較為空閒的處理器(比如有少量任務需要處理的處理器或者沒有任務需要處理的處理器)可以協助目標處理器,共同完成安全任務的處理。由於由多個處理器共同完成該安全任務的處理,所以大大提高了安全任務的處理效率。
當然,在實際應用中,該預設條件可以依據實際情況進行設定,比如該預設條件還可以是除目標處理器外的所有其他處理器,或者是預先指定的任意幾個其他處理器。這裡只是對預設條件進行示例性地說明,不對其進行具體地限定。
其中,處理器負載可以由處理器的CPU佔用率,記憶體佔用率等負載參數進行表徵。這裡只是對處理器負載進行示例性地說明,不對其進行具體地限定。
下面透過步驟2061至步驟2062對步驟206進行詳細地說明。
步驟2061:滿足預設條件的其它處理器,將該其他處理器運行的作業系統切換為安全作業系統。
在一種可選的實現方式中,當目標處理器將劃分出的多個安全子任務儲存在共用儲存空間後,目標處理器可向除目標處理器外的其他處理器發出安全子任務處理請求。
對於每一個其他處理器,該其他處理器在接收到該安全子任務處理請求後,可檢查自身是否滿足上述的預設條件。若該其他處理器滿足上述預設條件,其他處理器可將該處理器運行的作業系統由基礎作業系統切換為安全作業系統,並執行步驟2062。若該其他處理器不滿足上述預設條件,則仍維持自身當前的運行的基礎作業系統。
在另一種可選的實現方式中,其他處理器在檢測到自身滿足預設條件時,可檢測本處理器是否滿足進入休眠狀態的條件。若該其他處理器檢測到本處理器滿足進入休眠狀態的條件,則將本處理的運行的作業系統切換為安全作業系統,並執行步驟2062。若該其他處理器檢測到本處理器不滿足進入休眠狀態的條件,則仍維持自身當前的運行的基礎作業系統。
其中,檢測本處理器是否滿足進入休眠狀態的條件,可採用現有的方式進行檢測。比如檢測本處理器的負載是否低於比上述預設閾值更低的預設閾值,或者檢測到沒有待處理的任務等。這裡只是示例性地說明,不進行具體地限定。
步驟2062:其它處理器在所述安全作業系統的系統環境中執行從所述共用儲存空間中讀取到的安全子任務。
在一種可選的實現方式中,共用儲存空間中儲存了待處理的安全子任務。其他處理器可從該共用儲存空間中讀取該待處理的安全子任務。若該其他處理器可以讀取到待處理的安全子任務,則確定該安全任務未被執行完。此時,該其他處理器可以在安全作業系統的系統環境下,執行該待處理的安全子任務。在該其他處理器完安全子任務後,其他處理器可將該安全子任務從共用儲存空間中刪除。
若該其他處理器從該共用儲存空間中讀取不到待處理的安全子任務,則確定完成了該安全任務的處理。其他處理器可將本處理器運行的作業系統由安全作業系統切換為基礎作業系統。
在另一種可選的方式中,共用儲存單元儲存了所有安全子任務。各安全子任務被標記為待處理的安全子任務或已處理的安全子任務。
其他處理器可以讀取被標記為待處理的安全子任務,若其他處理器可以讀取到待處理的安全子任務,則確定該安全任務未被執行完。此時,其他處理器可以在安全作業系統的系統環境下,執行該待處理的安全子任務。其他處理器在處理完該待處理的安全子任務後,可將該安全子任務標記為已處理的安全子任務。
若該其他處理器從該共用儲存空間中讀取不到待處理的安全子任務,則確定完成了該安全任務的處理。其他處理器可將本處理器運行的作業系統由安全作業系統切換為基礎作業系統。
在本說明書實施例中,在其他處理器將自身運行的作業系統由安全作業系統切換為基礎作業系統後,可繼續執行在切換前所要做的操作。
例如,在切換前,其他處理器檢測到自身滿足進入休眠狀態的條件,則其他處理器將本處理器運行的作業系統由安全作業系統切換為基礎作業系統後,可進入休眠狀態。
由上述描述可以看出,目標處理器將安全任務進行劃分,並將劃分得到的安全子任務儲存在共用儲存空間中,使得該目標處理器以外的滿足條件的其他處理器可以讀取並執行該共用儲存空間中的安全子任務。由於不再是由目標處理器單獨處理安全任務,而是由多個處理器共同處理安全任務,所以可以大大提高安全任務的處理效率。
下面以目標處理器為處理器1,以滿足條件的其他處理器為處理器2,並結合圖3和圖4,對上述安全任務的處理方法進行詳細地說明。
參見圖3,圖3是本說明書一示例性實施例示出的一種安全任務的處理方法的流程圖,該方法可應用在用於處理安全任務的處理器1上,可包括如下所示步驟。
步驟302:處理器1因應監測到的安全任務處理請求,將處理器1運行的作業系統切換為安全作業系統。
步驟304:處理器1獲取該安全任務處理請求對應的安全任務,並將該安全任務劃分為多個安全子任務。
步驟306:處理器1將安全子任務儲存在共用儲存空間中。
步驟308:處理器1從共用儲存空間中讀取安全子任務。
步驟310:處理器1檢測是否讀取到安全子任務;
步驟312:若處理器1讀取到安全子任務,則在安全作業系統的系統環境下,執行讀取到的安全子任務,並在執行完安全子任務後,從所述共用儲存空間中刪除該執行完的安全子任務,並返回步驟308。
步驟314:若處理器1未讀取到安全子任務,則將處理器1的作業系統由安全作業系統切換為基礎作業系統。
參見圖4,圖4是本說明書一示例性實施例示出的一種安全任務的處理方法的流程圖,該方法可應用在用於處理安全任務的處理器2上,可包括如下所示步驟。
步驟402:處理器2在確定本處理器滿足進入休眠狀態的條件時,將處理器2運行的作業系統切換為安全作業系統。
步驟404:處理器2從共用儲存空間中讀取安全子任務。
步驟406:處理器2檢測是否可以從共用儲存空間讀取到安全子任務。
步驟408:若處理器2從共用儲存空間中讀取到了安全子任務,則在安全作業系統的系統環境下,執行該安全子任務,並在執行完該安全子任務後,從共用儲存空間中刪除該執行完的安全子任務,並返回步驟404(即處理器2從共用儲存空間中讀取安全子任務)。
步驟410:若處理器2從共用儲存空間中未讀取到安全子任務,則處理器2將處理器2運行的作業系統由安全作業系統切換為基礎作業系統,並進入休眠狀態。
此外,本說明書還提供了一種電子設備,所述電子設備包括多個處理器;其中,所述多個處理器包括至少一用於處理安全任務的目標處理器;
所述目標處理器,用於因應監測到的安全任務處理請求,將該目標處理器運行的作業系統切換為安全作業系統;在所述安全作業系統的系統環境中,將所述安全任務處理請求對應的安全任務劃分為多個安全子任務,並在所述安全作業系統的系統環境中執行劃分出的安全子任務;以及將所述多個安全子任務儲存至共用儲存空間;
所述目標處理器以外的滿足預設條件的其它處理器,用於將該其他處理器運行的作業系統切換為安全作業系統,並在所述安全作業系統的系統環境中執行從所述共用儲存空間中讀取到的安全子任務。
可選的,所述目標處理器,還用於在將所述多個安全子任務儲存至共用儲存空間後,發出安全子任務處理請求;
所述滿足條件的其他處理器,用於因應所述安全子任務處理請求,將該其他處理器運行的作業系統切換為安全作業系統。
可選的,所述滿足條件的其他處理器,用於檢測本處理器是滿足進入休眠狀態的條件;若是,將該其他處理器運行的作業系統切換為安全作業系統。
可選的,所述預設條件包括:
處理器負載小於預設閾值;及/或,
沒有待處理的任務。
可選的,所述目標處理器,用於將所述安全子任務按照執行順序構造成安全子任務鏈表;將所述安全子任務鏈表儲存在所述儲存空間。
可選的,所述目標處理器,用於檢測所述安全任務是否可被劃分;若是,則將所述安全任務處理請求對應的安全任務劃分為多個安全子任務。
可選的,所述目標處理器,還用於在監測到所述儲存空間中的所有安全子任務均執行完成後,將所述目標處理器運行的作業系統切換為基礎作業系統。
可選的,所述滿足條件的其他處理器,還用於在監測到所述儲存空間中的所有安全子任務均執行完成後,將本處理器運行的作業系統切換為基礎作業系統,並進入休眠狀態。
上述裝置中各個模組的功能和作用的實現過程具體詳見上述方法中對應步驟的實現過程,在此不再贅述。
對於裝置實施例而言,由於其基本對應於方法實施例,所以相關之處參見方法實施例的部分說明即可。以上所描述的裝置實施例僅僅是示意性的,其中所述作為分離部件說明的模組可以是或者也可以不是物理上分開的,作為模組顯示的部件可以是或者也可以不是物理模組,即可以位於一個地方,或者也可以分佈到多個網路模組上。可以根據實際的需要選擇其中的部分或者全部模組來實現本說明書方案的目的。本領域普通技術人員在不付出創造性勞動的情況下,即可以理解並實施。
上述實施例闡明的系統、裝置、模組或單元,具體可以由電腦晶片或實體實現,或者由具有某種功能的產品來實現。一種典型的實現設備為電腦,電腦的具體形式可以是個人電腦、膝上型電腦、蜂巢式電話、相機電話、智慧型電話、個人數位助理、媒體播放機、導航設備、電子郵件收發設備、遊戲控制台、平板電腦、可穿戴設備或者這些設備中的任意幾種設備的組合。
在一個典型的配置中,電腦包括一個或多個處理器(CPU)、輸入/輸出介面、網路介面和記憶體。
記憶體可能包括電腦可讀媒體中的非永久性記憶體,隨機存取記憶體(RAM)及/或非揮發性記憶體等形式,如唯讀記憶體(ROM)或快閃記憶體(flash RAM)。記憶體是電腦可讀媒體的示例。
電腦可讀媒體包括永久性和非永久性、可移動和非可移動媒體可以由任何方法或技術來實現資訊儲存。資訊可以是電腦可讀指令、資料結構、程式的模組或其他資料。電腦的儲存媒體的範例包括,但不限於相變記憶體(PRAM)、靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、其他類型的隨機存取記憶體(RAM)、唯讀記憶體(ROM)、電可擦除可程式設計唯讀記憶體(EEPROM)、快閃記憶體或其他記憶體技術、唯讀光碟唯讀記憶體(CD-ROM)、數位多功能光碟(DVD)或其他光學儲存、磁盒式磁帶、磁片儲存、量子記憶體、基於石墨烯的儲存媒體或其他磁性存放裝置或任何其他非傳輸媒體,可用於儲存可以被計算設備存取的資訊。按照本文中的界定,電腦可讀媒體不包括暫存電腦可讀媒體(transitory media),如調變的資料訊號和載波。
還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個……”限定的要素,並不排除在包括所述要素的過程、方法、商品或者設備中還存在另外的相同要素。
上述對本說明書特定實施例進行了描述。其它實施例在所附申請專利範圍的範圍內。在一些情況下,在申請專利範圍中記載的動作或步驟可以按照不同於實施例中的順序來執行並且仍然可以實現期望的結果。另外,在圖式中描繪的過程不一定要求示出的特定順序或者連續順序才能實現期望的結果。在某些實施方式中,多工處理和並行處理也是可以的或者可能是有利的。
在本說明書一個或多個實施例使用的術語是僅僅出於描述特定實施例的目的,而非旨在限制本說明書一個或多個實施例。在本說明書一個或多個實施例和所附申請專利範圍中所使用的單數形式的“一種”、“所述”和“該”也旨在包括多數形式,除非上下文清楚地表示其他含義。還應當理解,本文中使用的術語“及/或”是指並包含一個或多個相關聯的列出專案的任何或所有可能組合。
應當理解,儘管在本說明書一個或多個實施例可能採用術語第一、第二、第三等來描述各種資訊,但這些資訊不應限於這些術語。這些術語僅用來將同一類型的資訊彼此區分開。例如,在不脫離本說明書一個或多個實施例範圍的情況下,第一資訊也可以被稱為第二資訊,類似地,第二資訊也可以被稱為第一資訊。取決於上下文,如在此所使用的詞語“如果”可以被解釋成為“在……時”或“當……時”或“因應確定”。
以上所述僅為本說明書一個或多個實施例的較佳實施例而已,並不用以限制本說明書一個或多個實施例,凡在本說明書一個或多個實施例的精神和原則之內,所做的任何修改、等同替換、改進等,均應包含在本說明書一個或多個實施例保護的範圍之內。 Exemplary embodiments will be described in detail herein, examples of which are illustrated in the drawings. When the following description refers to the drawings, the same numerals in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with one or more embodiments of this specification. Rather, they are merely exemplary of apparatus and methods consistent with some aspects of one or more embodiments of the present specification as detailed in the appended claims. It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described in this specification. In some other embodiments, the method may include more or fewer steps than described in this specification. In addition, a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe. Electronic devices usually include multiple processors, but each processor independently runs its own operating system and performs its own tasks under the operating system it runs. Each processor does not affect each other's task processing. In other words, each processor handles its own tasks and does not handle the tasks of the other processors. When the target processor for processing the security task in the electronic device detects the security task triggered by the user, it can switch the operating system from the basic operating system to the security operating system, and execute the security task in the system environment of the security operating system. However, when the safety task is complex and numerous, only the target processor processing the safety task will greatly reduce the processing efficiency of the safety task. In view of this, this specification proposes a method for processing a safety task, in which a target processor for processing a safety task in an electronic device can switch the operating system running on the target processor to a safety operation in response to the detected safety task processor request. system; the target processor divides the security task corresponding to the security task processing request into a plurality of security subtasks in the system environment of the security operating system, and executes the divided security tasks in the system environment of the security operating system. a security subtask; and storing the plurality of security subtasks in a shared storage space; other processors other than the target processor that meet the preset conditions, switch the operating system running on the other processor to the secure operating system, and The security subtasks read from the shared storage space are executed in the system environment of the security operating system. It can be seen from the above description that the target processor divides the security task, and stores the divided security subtasks in the shared storage space, so that other processors other than the target processor that meet the conditions can read and execute the security task. Safe subtasks in shared storage. Since the safety task is no longer handled by the target processor alone, but multiple processors jointly handle the safety task, the processing efficiency of the safety task can be greatly improved. Referring to FIG. 1 , FIG. 1 is a schematic diagram of an electronic device shown in an exemplary embodiment of the present specification. The electronic device includes a plurality of processors, a network interface, a storage medium and a bus. Of course, in practical applications, the electronic device may also include other hardware, such as logic chips, input/output interfaces, and the like. The hardware of the electronic device is only exemplarily described here, and is not specifically limited. Among them, a plurality of processors, network interfaces, and storage media can communicate with each other through the bus. The above-mentioned processor may be an ARM (Advanced RISC Machines, advanced RISC processor chip) chip (such as ARMv8), or an Intel x86 (Intel x86) chip or the like. The model of the processor is only exemplarily described here, and the model of the processor is not specifically limited. The above-mentioned storage medium may be any electronic, magnetic, optical or other physical storage device, and may contain stored information, such as executable instructions, data reading and writing, and the like. For example, the processor-readable storage medium may be: dynamic memory, non-volatile memory, or the like. Referring to FIG. 2 and in conjunction with FIG. 1 , the security task processing method provided in this specification will be described in detail below. Referring to FIG. 2, FIG. 2 is a flowchart of a method for processing a safety task shown in an exemplary embodiment of the present specification. The method can be applied to the electronic device shown in FIG. 1, and the method for processing a safety task may include the following steps: A step of. Step 202: In response to the detected security task processing request, the target processor switches the operating system running on the target processor to a secure operating system. The target processor refers to a processor used for processing security tasks among multiple processors of the electronic device. The target processor may be a processor pre-designated for processing the safety task, or may be the processor that first detects the processing request of the safety task. It is not specifically limited here. Among them, the safety task refers to the task with high safety requirements. For example, users complete tasks related to bill or order payment through secure applications (such as payment APPs, etc.). The user performs the task of user information authentication through the security application, etc. The safety task is only exemplarily described here, and is not specifically limited. In the embodiment of this specification, when the driver of the security application (such as an Alipay application, etc.) detects that the user triggers a security task on the security application, the driver of the security application may initiate a security task processing request. The target processor can respond to the security task processing request, and obtain the security task corresponding to the security task processing request. In an optional acquisition method, the security task processing request carries a security task, and the target processor can parse the security task processing request to acquire the security task carried in the security task processing request. In another optional obtaining manner, the safety task processing request carries the safety task identifier. After the user triggers the security task, the security task can be recorded in the cache. The target processor can parse the security task processing request, obtain the security task identifier carried in the security task processing request, and read the security task in the cache based on the security task identifier. In addition, the target processor can also switch the operating system running on the target processor from the basic operating system to the secure operating system. When switching is implemented, the processor can call the switching logic recorded in the switching module in the storage medium, and switch the operating system of the processor from the basic operating system to the secure operating system. For example, when the target processor is an ARMv8 processor, a Secure monitor module is stored in the storage medium of the electronic device. The target processor can call the switching logic in the Secure monitor module to switch the operating system running on the target processor from the basic operating system to the secure operating system. Here, the operating system switching mode is only exemplarily described, and is not specifically limited. Step 204: In the system environment of the secure operating system, the target processor divides the security task corresponding to the security task processing request into a plurality of security subtasks, and executes the divided security tasks in the system environment of the secure operating system. subtasks; and storing the plurality of secure subtasks to a common storage space. Step 204 will be described in detail through steps 2041 to 2043 below. Step 2041: In the system environment of the secure operating system, the target processor divides the security task corresponding to the security task processing request into a plurality of security subtasks. In an optional implementation manner, the target processor may detect whether the acquired security task corresponding to the security task processing request is a divisible security task. If the safety task is a divisible safety task, the target processor may divide the safety task into a plurality of independently executable safety subtasks. If the safety task is an indivisible safety task, the safety task is not divided, and the safety task is still processed by the target processor. The following describes the implementation of "detecting whether the safety task is a divisible safety task". Mode 1: The security task carries a divisible identifier. The target processor can detect the value of the divisible identifier, and if the value of the divisible identifier is a first preset value (eg, 1), it can determine that the security task is a divisible security task. If the value of the divisible flag is a second preset value (for example, 0), it can be determined that the safety task is an indivisible safety task. Mode 2: The target processor may detect whether the security task is a divisible security task according to a preset policy. For example, the target processor may determine whether the safety task is a divisible safety task according to the task type of the safety task. Of course, a security task may include multiple independently executable sub-steps, and each sub-step is configured with a preset keyword at the end or at the beginning. The target processor may also determine whether the safety task is a divisible safety task based on whether the safety task carries the number of preset keywords. For example, when the target processor determines that the number of preset keywords carried by the security task is greater than 1, it determines that the security task is a divisible security task. When the number of preset keywords carried by the security task is equal to 1, it is determined that the security task is an indivisible security task. Here, "detecting whether the safety task is a divisible safety task" is only illustratively described, and is not specifically limited. When dividing the security task, the target processor may divide the security task into a plurality of independently runnable security subtasks based on a preset dividing strategy. For example, a security task may include multiple independently executable sub-steps, and each sub-step is configured with a preset keyword at the end or at the beginning. The target processor may divide the safety task into multiple safety subtasks based on the preset keywords in the safety task. Here, "dividing the safety task corresponding to the safety task processing request into a plurality of safety subtasks" is merely illustrative, and not specifically limited. Step 2042: The target processor stores the divided security subtasks in the shared storage space. In the embodiment of this specification, the storage medium in FIG. 1 has opened up a common storage space. All processors in the electronic device can write data into the shared storage space, and can also read data from the shared storage space. In an optional implementation manner, the target processor may directly store the divided security subtasks into the shared storage space. In another optional implementation manner, the security subtasks need to be executed sequentially. The target processor may construct the multiple safety subtasks into a safety subtask linked list according to the execution sequence of the safety subtasks, and store the safety subtask linked list in the common storage space. For example, it is assumed that the safety subtasks divided by the safety task include: safety subtask 1 , safety subtask 2 and safety subtask 3 . Safety subtask 1, safety subtask 2 and safety subtask 3 need to be executed sequentially. For example, it is necessary to rely on the result of processing security subtask 1 to process security subtask 2, and it is necessary to rely on the result of processing security subtask 2 to process security subtask 3. At this time, the execution sequences of the safety subtasks are: safety subtask 1 , safety subtask 2 , and safety subtask 3 . Then, the target processor may construct the safety subtask 1 , the safety subtask 2 and the safety subtask 3 into a safety subtask linked list according to the execution sequence, and store the safety subtask linked list in the common storage space. Step 2043: The target processor may execute the divided security subtasks under the system environment of the secure operating system. In an optional implementation manner, to-be-processed safety subtasks are stored in the shared storage space. The target processor can read the pending safe subtask from the shared storage space. If the target processor can read the safety subtask to be processed, it is determined that the safety task has not been executed. At this time, the target processor may execute the to-be-processed security subtask under the system environment of the security operating system. After the target processor completes the security subtask, the target processor may delete the security subtask from the shared storage space. If the target processor cannot read the security subtask to be processed from the shared storage space, it is determined that the processing of the security task is completed. The target processor can switch the operating system running on the processor from the secure operating system to the basic operating system. In another optional implementation, the common storage unit stores all safety subtasks. Each safety subtask is marked as a pending safety subtask or a processed safety subtask. The target processor can read the safety subtask marked as pending, and if the target processor can read the safety subtask to be processed, it is determined that the safety task has not been executed. At this time, the target processor may execute the to-be-processed security subtask under the system environment of the security operating system. After processing the to-be-processed safety subtask, the target processor may mark the safety subtask as a processed safety subtask. If the target processor cannot read the security subtask to be processed from the shared storage space, it is determined that the processing of the security task is completed. The target processor can switch the operating system running on the processor from the secure operating system to the basic operating system. When the marked safety task is a pending safety task or a processed safety task, the target processor can add a processed safety task to the processed safety task, so that the safety with the processed safety task is regarded as a processed safety task, and the unprocessed safety task is regarded as a processed safety task. Safety tasks marked as Processed are pending safety tasks. Of course, the target processor can also configure a processing identifier for each safety subtask in the shared storage space. When the processing flag takes the value of the first preset value (eg, 0), it indicates that the safety subtask is a safety subtask to be processed. When the processing identifier is a second preset value (eg, 1), it indicates that the safety subtask is a processed safety subtask. Step 206 : other processors other than the target processor that meet the preset conditions, switch the operating system running on the other processor to a secure operating system, and execute the operation system from the shared operating system in the system environment of the secure operating system. Safe subtasks read from storage. The preset conditions may include: the processor load is less than a preset threshold; and/or, there are no tasks to be processed. Other processors that meet the preset conditions include: processors whose processor load is less than a preset threshold, and/or processors that have no tasks to be processed. The purpose of setting such a preset condition is to enable a relatively idle processor (for example, a processor with a small number of tasks to be processed or a processor with no tasks to be processed) to assist the target processor to jointly complete the processing of the security task. Since the processing of the safety task is jointly completed by a plurality of processors, the processing efficiency of the safety task is greatly improved. Of course, in practical applications, the preset condition may be set according to the actual situation, for example, the preset condition may also be all other processors except the target processor, or any number of other processors specified in advance. The preset conditions are only exemplarily described here, and are not specifically limited. The processor load can be represented by load parameters such as CPU usage and memory usage of the processor. The processor load is only exemplarily described here, and is not specifically limited. Step 206 will be described in detail through steps 2061 to 2062 below. Step 2061 : For other processors that meet the preset conditions, switch the operating system running on the other processors to a secure operating system. In an optional implementation manner, after the target processor stores the divided multiple safety subtasks in the shared storage space, the target processor may send a safety subtask processing request to other processors except the target processor. For each other processor, after receiving the processing request of the safety subtask, the other processor can check whether it satisfies the above-mentioned preset conditions. If the other processor satisfies the above preset conditions, the other processor may switch the operating system running on the processor from the basic operating system to the secure operating system, and execute step 2062 . If the other processor does not meet the above preset conditions, it still maintains its current running basic operating system. In another optional implementation manner, when the other processors detect that they meet the preset conditions, they can detect whether the processor meets the conditions for entering the sleep state. If the other processor detects that the processor satisfies the condition for entering the sleep state, the operating system for this process is switched to the secure operating system, and step 2062 is executed. If the other processor detects that the processor does not meet the conditions for entering the sleep state, it still maintains its current running basic operating system. Wherein, to detect whether the processor satisfies the condition for entering the sleep state, the existing method can be used for detection. For example, it is detected whether the load of the processor is lower than a preset threshold value lower than the preset threshold value, or it is detected that there are no tasks to be processed. It is only exemplified here, and not specifically limited. Step 2062: The other processors execute the security subtasks read from the shared storage space in the system environment of the secure operating system. In an optional implementation manner, to-be-processed safety subtasks are stored in the shared storage space. Other processors can read the pending safe subtasks from the shared storage space. If the other processor can read the to-be-processed safety subtask, it is determined that the safety task has not been executed. At this time, the other processor may execute the to-be-processed security subtask under the system environment of the security operating system. After the other processor completes the safety subtask, the other processor may delete the safety subtask from the shared storage space. If the other processor cannot read the security subtask to be processed from the shared storage space, it is determined that the processing of the security task is completed. Other processors can switch the operating system run by this processor from the secure operating system to the basic operating system. In another alternative, the common storage unit stores all safety subtasks. Each safety subtask is marked as a pending safety subtask or a processed safety subtask. Other processors can read the safety subtask marked as pending, and if other processors can read the pending safety subtask, it is determined that the safety task has not been executed. At this time, other processors can execute the to-be-processed security subtask under the system environment of the security operating system. After processing the pending safety subtask, other processors may mark the safety subtask as a processed safety subtask. If the other processor cannot read the security subtask to be processed from the shared storage space, it is determined that the processing of the security task is completed. Other processors can switch the operating system run by this processor from the secure operating system to the basic operating system. In the embodiment of the present specification, after another processor switches the operating system running by itself from the secure operating system to the basic operating system, the operations to be performed before the switching may continue to be performed. For example, before switching, other processors detect that they meet the conditions for entering the hibernation state, and the other processors can enter the hibernation state after switching the operating system run by the processor from the secure operating system to the basic operating system. It can be seen from the above description that the target processor divides the security task, and stores the divided security subtasks in the shared storage space, so that other processors other than the target processor that meet the conditions can read and execute the security task. Safe subtasks in shared storage. Since the safety task is no longer handled by the target processor alone, but multiple processors jointly handle the safety task, the processing efficiency of the safety task can be greatly improved. Hereinafter, the target processor is taken as the processor 1, and other processors that satisfy the conditions are taken as the processor 2, and the processing method of the above-mentioned security task will be described in detail with reference to FIG. 3 and FIG. 4 . Referring to FIG. 3 , FIG. 3 is a flowchart of a method for processing a safety task shown in an exemplary embodiment of the present specification. The method can be applied to the processor 1 for processing safety tasks, and may include the following steps. Step 302 : The processor 1 switches the operating system running on the processor 1 to the safe operating system in response to the detected security task processing request. Step 304: The processor 1 acquires the security task corresponding to the security task processing request, and divides the security task into multiple security subtasks. Step 306: The processor 1 stores the safety subtask in the shared storage space. Step 308: The processor 1 reads the security subtask from the shared storage space. Step 310: The processor 1 detects whether the security subtask is read; Step 312: If the processor 1 reads the security subtask, in the system environment of the secure operating system, the read security subtask is executed, and the After the security subtask is executed, the executed security subtask is deleted from the shared storage space, and the process returns to step 308 . Step 314 : If the processor 1 does not read the secure subtask, switch the operating system of the processor 1 from the secure operating system to the basic operating system. Referring to FIG. 4 , FIG. 4 is a flowchart of a method for processing a safety task shown in an exemplary embodiment of the present specification. The method can be applied to the processor 2 for processing a safety task, and may include the following steps. Step 402: The processor 2 switches the operating system running on the processor 2 to a secure operating system when determining that the processor satisfies the conditions for entering the dormant state. Step 404: The processor 2 reads the security subtask from the shared storage space. Step 406: The processor 2 detects whether the security subtask can be read from the shared storage space. Step 408 : If the processor 2 reads the security subtask from the shared storage space, it executes the security subtask under the system environment of the secure operating system, and after executing the security subtask, removes the security subtask from the shared storage space. The executed safety subtask is deleted, and the process returns to step 404 (that is, the processor 2 reads the safety subtask from the shared storage space). Step 410 : If the processor 2 does not read the secure subtask from the shared storage space, the processor 2 switches the operating system running on the processor 2 from the secure operating system to the basic operating system, and enters a sleep state. In addition, this specification also provides an electronic device, the electronic device includes multiple processors; wherein, the multiple processors include at least one target processor for processing security tasks; the target processor is used for In response to the detected security task processing request, the operating system running on the target processor is switched to the security operating system; in the system environment of the security operating system, the security tasks corresponding to the security task processing request are divided into multiple security subtasks, and execute the divided security subtasks in the system environment of the secure operating system; and store the plurality of security subtasks in a common storage space; other than the target processor that meets preset conditions The other processor is used for switching the operating system run by the other processor to the safe operating system, and executing the safe subtask read from the shared storage space in the system environment of the safe operating system. Optionally, the target processor is further configured to issue a safety subtask processing request after storing the multiple safety subtasks in the shared storage space; the other processors that meet the conditions are configured to respond to the The safe subtask processes the request and switches the operating system running on the other processor to the safe operating system. Optionally, the other processors that meet the conditions are used to detect that the current processor meets the conditions for entering the dormant state; if so, switch the operating system running on the other processors to the safe operating system. Optionally, the preset conditions include: the processor load is less than a preset threshold; and/or, there are no tasks to be processed. Optionally, the target processor is configured to construct the safety subtasks into a safety subtask linked list according to the execution sequence; and store the safety subtask linked list in the storage space. Optionally, the target processor is configured to detect whether the safety task can be divided; if so, divide the safety task corresponding to the safety task processing request into multiple safety subtasks. Optionally, the target processor is further configured to switch the operating system run by the target processor to the basic operating system after monitoring that all security subtasks in the storage space are executed. Optionally, the other processors that meet the conditions are further configured to switch the operating system run by the processor to the basic operating system after monitoring that all the security subtasks in the storage space are completed, and enter the sleep state. For details of the realization process of the functions and functions of each module in the above device, please refer to the realization process of the corresponding steps in the above method, which will not be repeated here. For the apparatus embodiments, since they basically correspond to the method embodiments, reference may be made to the partial descriptions of the method embodiments for related parts. The device embodiments described above are only illustrative, wherein the modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules, That is, it can be located in one place, or it can be distributed to multiple network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in this specification. Those of ordinary skill in the art can understand and implement it without creative effort. The systems, devices, modules or units described in the above embodiments may be specifically implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. The specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email sending and receiving device, a game Consoles, tablets, wearables, or a combination of any of these devices. In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory. Memory may include forms of non-persistent memory, random access memory (RAM), and/or non-volatile memory in computer-readable media, such as read-only memory (ROM) or flash memory. RAM). Memory is an example of a computer-readable medium. Computer-readable media includes both permanent and non-permanent, removable and non-removable media, and can be implemented by any method or technology for storage of information. Information can be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM) , Read-Only Memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash Memory or Other Memory Technologies, CD-ROM Read-Only Memory (CD-ROM), Digital Versatile Compact Disc (DVD) or other optical storage, magnetic cassette tape, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage device or any other non-transmission media that can be used to store data that can be accessed by a computing device News. As defined herein, computer-readable media does not include transitory computer-readable media, such as modulated data signals and carrier waves. It should also be noted that the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device comprising a series of elements includes not only those elements, but also Other elements not expressly listed, or which are inherent to such a process, method, article of manufacture, or apparatus are also included. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article of manufacture, or device that includes the element. The foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. Additionally, the processes depicted in the figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multiplexing and parallel processing are also possible or may be advantageous. The terminology used in one or more embodiments of this specification is for the purpose of describing a particular embodiment only and is not intended to limit the one or more embodiments of this specification. As used in this specification and in one or more embodiments and the appended claims, the singular forms "a," "the," and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items. It should be understood that although the terms first, second, third, etc. may be used in this specification to describe various information, such information should not be limited by these terms. These terms are only used to distinguish information of the same type from one another. For example, the first information may also be referred to as the second information, and similarly, the second information may also be referred to as the first information without departing from the scope of one or more embodiments of the present specification. Depending on the context, the word "if" as used herein can be interpreted as "at" or "when" or "as determined." The above descriptions are only preferred embodiments of one or more embodiments of this specification, and are not intended to limit one or more embodiments of this specification. All within the spirit and principles of one or more embodiments of this specification, Any modifications, equivalent replacements, improvements, etc. made should be included within the protection scope of one or more embodiments of this specification.