AMD has verified that a microarchitecture optimisation within Zen 3 CPUs can be abused in the same manner that the Spectre bugs that troubled Intel CPUs a few generations ago can be exploited. Disabling the optimisation is feasible, but it will result in a performance penalty that AMD feels is not worth it on all but the most important processor deployments.
AMD explains the essence of the vulnerability and addresses the associated complexities in a newly released whitepaper titled “Security Analysis of AMD Predictive Store Forwarding,” Because of its speculative existence, the implementation of Predictive Store Forwarding (PSF) reopens the lines of attack previously challenged by Spectre v1, v2, and v4.
AMD defines PSF as a hardware optimisation “designed to increase code execution efficiency by predicting dependencies between loads and stores.” PSF, like branch prediction, which allowed some previous Spectre attacks, allows predictions to allow the processor to execute subsequent instructions more quickly. If PSF makes an erroneous prediction, it introduces a vulnerability.
According to AMD, incorrect forecasts may be the product of two examples. “Second, it’s possible that the store/load pair had a dependency for a while but then lost it.” This arises spontaneously when stocks and loads change during the execution of a programme. The second case happens “if an alias exists in the PSF predictor structure” and the alias is used although it should not have been. Both cases, at least technically, can be caused by malicious code.
AMD writes, “because PSF speculation is limited to the current program context, the impact of bad PSF speculation is similar to that of speculative store bypass (Spectre v4).”
The flaw, like Spectre v4, happens when inaccurate speculation bypasses one of the processor’s security mechanisms. When combined with other attacks, such as AMD’s Spectre v1, the incorrect prediction will result in data leakage. “This is analogous to the vulnerability risk associated with other Spectre-type attacks,” AMD states.
PSF attacks are most dangerous to programmes that rely on software sandboxing for stability. Since PSF speculation may not exist across address spaces, programmes that use hardware isolation “can be deemed secure” from PSF attacks. It also does not happen in all privilege realms.
AMD has discovered that strategies such as address space isolation are necessary to prevent PSF attacks; however, AMD has also offered the ability to disable PSF, even on a per-thread basis, if needed. However, since the security risk is “small,” and “AMD is not currently aware of any code that may be deemed insecure due to PSF action,” they unanimously suggest having the PSF option active as the default setting, even though no defences are present.
176 Interactions, 4 today