A processor is circuitry that can be used to carry out instructions specified in a computer program. The processor may include an arithmetic logic unit (ALU) that performs arithmetic and logic operations. The processor may also include registers that supply operands to the ALU and store results produced by the ALU. The processor may further include a control unit that coordinates the operations of the ALU, the registers, and other components, including, e.g., one or more levels of cache, one or more levels of translation lookaside buffers (TLBs), and one or more memory controllers.
Multiple processors may be packaged together to form a multi-core processor. Each processor contained in a multi-core processor may be referred to as a physical processing unit, or a “core.” These physical processing units may support multithreading, meaning that each physical processing unit may execute two or more sets of operations or applications in parallel. Various techniques may be utilized to implement multithreading, including, e.g., time sliced multithreading (where a physical processing unit rapidly switches between applications executing on the physical processing unit according to a predefined time interval, e.g., every processing cycle), simultaneous multithreading (where each physical processing unit can host multiple logical processing units, one for each application executing on that physical processing unit), or a combination thereof. Intel® Hyperthreading technology is a multithreading technology that uses a combination of time sliced multithreading and simultaneous multithreading. Specifically, Intel® Hyperthreading uses time sliced multithreading to fetch and decode operations and uses simultaneous multithreading thereafter to carry out the executions.
Logical processing units are typically presented to the applications executing thereon as being logically indifferent from the underlying physical processing unit hosting them. In reality, however, logical processing units may not have full control over some of the resources available on the physical processing unit. For example, if a physical processing unit needs to host multiple logical processing units to support simultaneous multithreading of multiple applications, often times the physical processing unit may set up the logical processing units to share some resources, such as the level 1 (L1) cache, L1 TLB, or the like. Sharing resources in this manner may expose certain types of data to intruders. For example, suppose that a physical processing unit provides a first logical processing unit to handle execution of Application A and a second logical processing unit to handle execution of Application B, and further suppose that the physical processing unit sets up the two logical processing units to share the L1 cache, Application B may then be able to gain access to data stored by Application A in the L1 cache, and vice versa.
Extensions to processors, such as the Intel® Software Guard Extensions (SGX) and the like, may provide some protections for Applications A and B. Even processors enabled with these extensions, however, are still vulnerable to attacks. Security vulnerabilities such as Spectre, L1 Terminal Fault (L1TF) and the like have been discovered in recent years. Other potential vulnerabilities may be discovered in the future. One possible solution to avoid these attacks is to disable simultaneous multithreading. In this manner, the problem associated with Application A and Application B sharing the L1 cache, as described in the example above, can be eliminated. However, this solution reduces the number of logical processing units to be the same as the number of physical processing units, which in turn reduces the multithreading capabilities of the processors. Therefore, there is a need for a method to improve data security for applications executing on processors that support simultaneous multithreading.