What technology area does this patent fall under?

Primary CPC classification G06F21/53. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Nov 21 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Technologies for object-oriented memory management with extended segmentation

US11822644B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11822644-B2
Application number	US-202117346860-A
Country	US
Kind code	B2
Filing date	Jun 14, 2021
Priority date	Oct 1, 2016
Publication date	Nov 21, 2023
Grant date	Nov 21, 2023

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.

First claim

Opening claim text (preview).

The invention claimed is: 1. An apparatus comprising: a processor coupled to a memory, the processor comprising a software isolation manager circuitry to: execute a sandbox application; enable a sandbox mode of the processor; generate a sandbox exception; dispatch the sandbox exception; and configure a range register linked to a first segment register of the processor, wherein to enable the sandbox mode comprises to enable the sandbox mode in response to configuration of the range register, and wherein to execute the sandboxed application comprises to map a logical address to a linear address, wherein the logical address comprises a segment selector and an effective address, wherein the segment selector is indicative of a segment base and an effective limit, and wherein the segment selector is associated with the first segment register. 2. The apparatus of claim 1 , wherein to configure the range register comprises to store an upper bound linear address and a lower bound linear address in the range register, wherein to generate the sandbox exception comprises to determine whether the linear address is within memory bounds defined by the range register, and wherein to dispatch the sandbox exception comprises to dispatch a segment range sandbox violation in response to a determination that the linear address is not within the memory bounds defined by the range register. 3. The apparatus of claim 1 , wherein to dispatch the sandbox exception further comprises to (i) store the linear address in a dispatch address register of the processor and (ii) store a segment identifier indicative of the first segment register in a dispatch qualification data register of the processor. 4. A method comprising: executing, by a processor of a computing device, a sandbox application; enabling a sandbox mode of the processor; generating a sandbox exception; dispatching the sandbox exception; and configuring a range register linked to a first segment register of the processor, wherein enabling the sandbox mode comprises enabling the sandbox mode in response to configuring the range register, and wherein executing the sandboxed application comprises mapping, by the processor, a logical address to a linear address, wherein the logical address comprises a segment selector and an effective address, wherein the segment selector is indicative of a segment base and an effective limit, and wherein the segment selector is associated with the first segment register. 5. The method of claim 4 , wherein to configure the range register comprises to store an upper bound linear address and a lower bound linear address in the range register, wherein generating the sandbox exception comprises determining, by the processor, whether the linear address is within memory bounds defined by the range register, and wherein dispatching the sandbox exception comprises dispatching a segment range sandbox violation in response to determining that the linear address is not within the memory bounds defined by the range register. 6. The method of claim 4 , wherein to dispatch the sandbox exception further comprises to (i) store the linear address in a dispatch address register of the processor and (ii) store a segment identifier indicative of the first segment register in a dispatch qualification data register of the processor. 7. At least one non-transitory computer-readable medium having stored thereon instructions which, when executed, cause a computing device to perform operations comprising: executing a sandbox application; enabling a sandbox mode of a processor of the computing device; generating a sandbox exception; dispatching the sandbox exception; and configuring a range register linked to a first segment register of the processor, wherein enabling the sandbox mode comprises enabling the sandbox mode in response to configuring the range register, and wherein executing the sandboxed application comprises mapping, by the processor, a logical address to a linear address, wherein the logical address comprises a segment selector and an effective address, wherein the segment selector is indicative of a segment base and an effective limit, and wherein the segment selector is associated with the first segment register. 8. The non-transitory computer-readable medium of claim 7 , wherein to configure the range register comprises to store an upper bound linear address and a lower bound linear address in the range register, wherein generating the sandbox exception comprises determining, by the processor, whether the linear address is within memory bounds defined by the range register, and wherein dispatching the sandbox exception comprises dispatching a segment range sandbox violation in response to determining that the linear address is not within the memory bounds defined by the range register. 9. The non-transitory computer-readable medium of claim 7 , wherein to dispatch the sandbox exception further comprises to (i) store the linear address in a dispatch address register of the processor and (ii) store a segment identifier indicative of the first segment register in a dispatch qualification data register of the processor. 10. A data processing system comprising: one or more processors; a memory coupled to the one or more processors, the one or more processors to: execute a sandbox application; enable a sandbox mode of a processor; generate a sandbox exception; dispatch the sandbox exception; and configure a range register linked to a first segment register of the processor, wherein to enable the sandbox mode comprises to enable the sandbox mode in response to configuration of the range register, and wherein to execute the sandboxed application comprises to map a logical address to a linear address, wherein the logical address comprises a segment selector and an effective address, wherein the segment selector is indicative of a segment base and an effective limit, and wherein the segment selector is associated with the first segment register. 11. The data processing system of claim 10 , wherein to configure the range register comprises to store an upper bound linear address and a lower bound linear address in the range register, wherein to generate the sandbox exception comprises to determine whether the linear address is within memory bounds defined by the range register, and wherein to dispatch the sandbox exception comprises to dispatch a segment range sandbox violation in response to a determination that the linear address is not within the memory bounds defined by the range register. 12. The data processing system of claim 10 , wherein to dispatch the sandbox exception further comprises to (i) store the linear address in a dispatch address register of the processor and (ii) store a segment identifier indicative of the first segment register in a dispatch qualification data register of the processor.

Assignees

Intel Corp

Inventors

Classifications

G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
G06F9/5016
the resource being the memory · CPC title
G06F12/00
Accessing, addressing or allocating within memory systems or architectures (digital input from, or digital output to record carriers, e.g. to disk storage units, G06F3/06) · CPC title
G06F21/121
Restricting unauthorised execution of programs · CPC title
G06F21/74
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title

Patent family

Related publications grouped by family.

View patent family 61758937

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11822644B2 cover?: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new …
Who is the assignee on this patent?: Intel Corp
What technology area does this patent fall under?: Primary CPC classification G06F21/53. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Nov 21 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Advanced packaging techniques for improving work flows

System and Method for Sharing Information in a Private Ecosystem

Split control stack and data stack platform

Method and system for performing a memory safety check of a program written in an unmanaged programming language

Stop bits and predication for enhanced instruction stream control

Frequently asked questions