Skip to main content

AMD Rolls Out Patches To Disable Predictive Store Forwarding on Zen 3 CPUs

Stock Image
(Image credit: Shutterstock)

Making good on its promise, AMD has deployed new patches to the Linux kernel to mitigate the potential security risk with the Predictive Store Forwarding (PSF) feature. Linux publication Phoronix spotted five patches that allow users to disable Predictive Store Forwarding if security is a concern.

Predictive Store Forwarding is a feature baked into AMD's Zen 3 processors that boosts code execution performance by predicting the relationship between loads and stores. In AMD's whitepaper, the chipmaker exposed the benefits and security complications with Predictive Store Forwarding. The vulnerability is similar to Spectre v4 that affected Intel processors. We reached out to AMD about the feature, and the chipmaker responded with this statement:

"AMD recommends leaving the feature enabled. We do however outline methods to disable PSF if desired."

Software that uses "sandboxing" is more susceptible to the exploit, which is why AMD gives users the power to turn off Predictive Store Forwarding. As Phoronix noted, Predictive Store Forwarding is enabled by default even on the patched Linux kernel. The Linux publication shared two ways to disable Predictive Store Forwarding: You can do so through the Spectre v4 mitigation control or implement the nopsfd parameter boot option.

Predictive Store Forwarding's job is to improve performance, so you might wonder if it presents a significant performance hit. Fortunately, it doesn't. Phoronix conducted a plethora of tests before AMD's patches and discovered performance deltas that were less than a half percent.

  • ingtar33
    meanwhile Spector and Spector like viruses still plague intel; and it took AMD < week to fix the problem.
    Reply
  • cryoburner
    ingtar33 said:
    meanwhile Spector and Spector like viruses still plague intel; and it took AMD < week to fix the problem.
    The report about the vulnerability apparently came from AMD's own engineers, so there's no telling how long they actually knew about it. It could have potentially been something they knew about since before the 5000-series even launched, and they may have just not reported on it until a fix was ready.

    It doesn't sound all that critical though, and the performance hit from the optional patch appears to be imperceptible based on initial reports, so it doesn't seem to be nearly as bad as some of the Intel exploits.
    Reply
  • ginthegit
    ingtar33 said:
    meanwhile Spector and Spector like viruses still plague intel; and it took AMD < week to fix the problem.

    It is arguable that Intel deliberately left the Vulnerabilities in to allow agencies like the CIA and FBI , direct access to the CPU to spy. It would be easy to fix the problems with a Kernel fix, but they simply didn't want to.
    For a start, predictive branch execution pipelines allow a non-user controlled environment that is rife to be exploited, however it also has a hit on the performance, which can be both negative and positive. Personally, as a digital designer, I always think that direct execution pipelines, would be a better performance enhancer, than something that can get things both right and wrong. Predictive coding requires AI which is Transistor count intensive and completely unnecessary.
    Reply