AMD Publishes Security Analysis Of Zen 3 "PSF" That Could Possibly Lead To A Side-Channel Attack
Zen 3's Predictive Store Forwarding aims to enhance performance by trying to predict dependencies between loads and stores. PSF can speculatively execute instructions based on what it thinks the result of the load will be and while the predictions should be largely accurate, there is the possibility of incorrect CPU speculation.
AMD researchers believe the impact of bad PSF speculation is similar to that of Spectre V4 (Speculative Store Bypass) and particularly of concern for untrusted code being executed within a sandbox/isolation.
AMD is not aware of any code that would be considered vulnerable to PSF behavior and that the risk with PSF is "likely low" but did provide guidance on disabling the Predictive Store Forwarding behavior. When the Spectre V4 / SSB mitigation is in place, PSF is disabled or there is also a new bit that can be set for Zen 3 CPUs to specifically disable the Predictive Store Forwarding behavior.
Predictive Store Forwarding can be disabled on a per-thread basis. AMD's whitepaper says they have proposed Linux patches that would allow disabling of Predictive Store Forwarding using the Zen 3 "PSFD" bit as well as new kernel command line options of psfd/nopsfd. However, as of writing those patches do not appear to be public.
I've been scouring a variety of sources today and those Linux patches do not appear to have been published yet. Once they are published, I'll be running some benchmarks looking at the performance impact if just disabling this Predictive Store Forwarding functionality in the name of increased security. By default and for most users, AMD is comfortable with recommending it be left on.
See more within this AMD whitepaper and stay tuned for PSF benchmarks.