Linux 5.16 To Expose AMD PSF Disable Bit To KVM Guests
While the Linux kernel still hasn't added any formal control yet for AMD Predictive Store Forwarding to disable it short of also toggling Spectre V4 / SSBD, with the Linux 5.16 kernel the AMD PSF bit will now be exposed to KVM guest virtual machines so that they -- either with a patched/future kernel or for other operating systems -- may choose to toggle explicitly disable this AMD CPU feature.
Predictive Store Forwarding is the Zen 3 feature in the name of performance that AMD provided a security analysis of earlier this year and the (small) possibility it could lead to incorrect CPU speculation. More than a half-year later, there still are no indications of any real-world attack on AMD PSF and the functionality remains enabled by default. But efforts to expose a PSF option for disabling it under Linux if so desired (aside from also engaging SSBD) have stalled.
There was initially some disagreement over the naming of the PSF enable/disable control and other semantics around there. Some upstream developers also question the usefulness of a separate PSF control as if administrators are wanting to disable it chances are they also will make use of SSBD that in turn disables it. Basically it might be unnecessary controls and complexity to the kernel.
So while no PSF control for the Linux kernel is happening upstream at the moment, published recently and queued today into the KVM development code for planned introduction in Linux 5.16 is this patch. That patch is just about exposing the Predictive Store Forwarding bit to KVM (the Kernel-based Virtual Machine) so that the guest kernel can make use of it if desired -- such as if having a patched kernel, a future kernel with such a control, or another operating system able to toggle the PSF disable bit. The few lines of code are ready to go for the next kernel cycle.
Add A Comment