AMD PSF Control Support Still Awaiting The Mainline Linux Kernel

It's been three months since AMD published a security whitepaper outlining the possibility of a side channel attack with PSF. The Predictive Store Forwarding functionality is new to AMD Zen 3 (Ryzen 5000 / EPYC 7003 series) processors and as part of their security analysis they are allowing users the ability to opt-out of using this feature in the name of greater security but the feature still hasn't been picked up for the mainline Linux kernel.

While the security whitepaper mentioned Linux patches for allowing PSF to be disabled, it wasn't until days after that when the PSF control patches were published.

Fortunately, the risk of any real-world impact from Predictive Store Forwarding leading to a side-channel attack is low and disabling PSF appears to have a minimal performance hit at least when toggling the bit back in April, but now mid-way through summer this feature still hasn't been picked up by the mainline kernel tree.

Since the original patches in April, the AMD PSF control patch for Linux is currently up to its sixth revision. Over the past three months there have been multiple revisions ranging from relabeling it from a "mitigation" to feature "control" (though seemingly since relabeled again back as a mitigation) to code refactoring and other low-level changes as a result of upstream review.

The control knob for disabling AMD PSF has also been renamed from the original revision and what was reported in the whitepaper. Once the patch lands, the way to disable PSF for Zen 3 and later (assuming no further changes) is by using predictive_store_fwd_disable=on to disable the Predictive Store Forwarding feature.

From the v6 revision concerns were again over the "predictive_store_fwd_disable=on" option being a double negative to disable the functionality and some possible moving around of the code. But the last ping by the AMD engineer last week looking for anymore feedback on the PSF control/mitigation has so far not turned up any responses.

Thus for now the work is just on the kernel mailing list and hasn't been picked up by any "-next" branches. We'll see if there is any activity in the next few days considering the Linux 5.14 merge window is opening up in the next week or two while being days ahead of the three month mark since this security analysis was made public. This looks to be an area where AMD has room to further improve upon considering Intel for their well known security mitigations has setup the processes, clout among the upstream kernel community, and their large pool of Linux kernel engineers for being able to usher in such work normally on same-day / embargo lift days, granted usually for more pressing issues.

In any case, we'll see if the PSF control lands for Linux 5.14 and back-ported to prior stable series. Once it happens, I'll be back through with a fresh round of benchmarks.