	US 12,411,940 B2
	Technologies for untrusted code execution with processor sandbox support
Mingwei Zhang, Hillsboro, OR (US); Mingqiu Sun, Beaverton, OR (US); Ravi L. Sahita, Portland, OR (US); Chunhui Zhang, Hillsboro, OR (US); and Xiaoning Li, Portland, OR (US)
Assigned to INTEL CORPORATION, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Dec. 1, 2023, as Appl. No. 18/526,279.
Application 18/526,279 is a continuation of application No. 17/367,106, filed on Jul. 2, 2021, granted, now 11,847,206.
Application 17/367,106 is a continuation of application No. 15/720,083, filed on Sep. 29, 2017, granted, now 11,055,401, issued on Jul. 6, 2021.
Prior Publication US 2024/0095340 A1, Mar. 21, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/00 (2006.01); G06F 8/41 (2018.01); G06F 9/38 (2018.01); G06F 21/12 (2013.01); G06F 21/53 (2013.01)

CPC G06F 21/53 (2013.01) [G06F 8/441 (2013.01); G06F 9/3836 (2013.01); G06F 21/126 (2013.01); G06F 2221/2143 (2013.01)]

15 Claims

1. At least one computer-readable medium having stored thereon instructions which, when executed, cause a computing device to perform operations comprising:

executing code included in a native domain of a first virtual address space in a non-privileged, native processor mode;

invoking, while executing the code in the native processor mode, a first processor instruction to add a memory page to a first sandbox domain of the first virtual address space, wherein the memory page is not included in the native domain, wherein, in response to the invocation of the first processor instruction, loading an execution state from a memory and jumping to an entry point within the sandbox domain; and

in response to invoking the first processor instruction, allowing access to the memory associated with the first sandbox domain by executing code included in the first sandbox domain in a non-privileged, sandbox processor mode.