AMD has published a whitepaper on a potential security vulnerability that affects the company’s latest Zen 3 processors. The side-channel exploit is similar to Spectre that affected a plethora of Intel processors three years ago.
With Zen 3, AMD introduced a new technology called Predictive Store Forwarding (PSF), which helps improve code execution performance by predicting the relationship between loads and stores. In the majority of the cases, PSF’s predictions are on the spot. However, there is still a slim chance that the prediction may not be accurate, which results in an incorrect CPU speculation.
AMD’s CPU architects have discovered that bad PSF speculation is equivalent to Spectre v4. Software that relies on isolation or “sandboxing” is highly at risk when it comes to incorrect speculation. AMD provided two scenarios where an incorrect PSF prediction can occur.
“First, it is possible that the store/load pair had a dependency for a while but later stops having a dependency. This can occur if the address of either the store or load changes during the execution of the program.”
“The second source of incorrect PSF predictions can occur if there is an alias in the PSF predictor structure. The PSF predictor is designed to track stores/load pairs based on portions of their RIP. It is possible that a store/load pair which does have a dependency may alias in the predictor with another store/load pair which does not. This may result in incorrect speculation when the second store/load pair is executed.”
AMD concludes that Predictive Store Forwarding helps improve application performance, but also comes with security complications. Nevertheless, the chipmaker hasn’t seen any code that’s considered vulnerable to PSF misprediction nor are there any reported cases of such exploit. The security risk of Predictive Store Forwarding is low for most applications.
The official recommendation from AMD is to leave the Predictive Store Forwarding enabled. Since it’s a performance enhancement feature, we suspect that disabling PSF could bring a performance hit.
Consumers who work with software that employs sandboxing and are alarmed about PSF have the choice to disable the PSF functionality. AMD recently proposed Linux patches that would disable Predictive Store Forwarding as well.