AMD has published a report analyzing the security of the PSF (Predictive Store Forwarding) optimization technology implemented in the Zen 3 series processors. The study theoretically confirmed the applicability of the Specter-STL (Spectre-v4) attack method identified in May 2018 to PSF technology, but in practice, no code patterns capable of leading to an attack have yet been found, and the overall danger is assessed as insignificant.
Recall that the Specter-v4 (Speculative Store Bypass) attack is based on the recovery of data that has settled in the processor cache after discarding the result of speculative execution of operations when processing alternating write and read operations using indirect addressing. When a read operation follows a write operation (for example, mov [rbx + rcx], 0x0; mov rax, [rdx + rsi]), the read address offset may already be known due to similar operations being performed (read operations are performed much more frequently and a read can be performed from the cache) and the processor can speculatively perform a read before a write without waiting for the write indirection offset to be computed.
This feature allows the read instruction to access the old value at some address while the store operation has not yet completed. In case of a prediction error, an unsuccessful speculative operation will be discarded, but traces of its execution will remain in the processor cache and can be retrieved by one of the methods for determining the contents of the cache based on analyzing the change in access time to cached and not cached data.
Added to AMD Zen 3 processors, PSF technology optimizes the STLF (Store-To-Load-Forwarding) method, which performs reads speculatively based on predicting the relationship between reads and writes. When using classic STLF, the processor performs a "load" operation on the data directly redirected from the previous "store" command, without waiting for the result to be actually written to memory, but making sure that the addresses used in the "load" and "store" commands match. The PSF optimization makes address checking speculative and performs a "load" operation until the address information has been computed, if a store/load pair manipulating a single address has been performed before. In case of a prediction error, the state is rolled back, but the data remains in the cache.
An attack on a PSF is only possible within one level of privilege, covers only the current process context, and is blocked by address space isolation methods or hardware sandbox mechanisms. At the same time, programmatic methods of sandbox isolation in processes can potentially be affected by the problem. The attack poses a risk to systems such as browsers, code execution virtual machines, and JITs that execute third-party code within the same process (the attack could allow untrusted sandboxed code to access other process data).
AMD has provided a number of methods for completely or selectively disabling PSF, but given the negligible risk for most applications, it has recommended that this optimization not be disabled by default. For selective protection of processes that are isolated executing untrustworthy code, it is proposed to disable PSF by setting the MSR bits "SSBD" and "PSFD", including for individual threads. For the Linux kernel, patches have been prepared with the implementation of the "psfd" and "nopsfd" command line options that control turning PSF on and off.
Source: opennet.ru