Last week, AMD released a security analysis of AMD Zen 3’s new Predictive Store Forwarding (PSF) functionality. In it they recognized the possibility that poor PSF functionality could lead to a side-channel attack, although the real- world exposure would be quite low. In any case, they allow interested users to disable the Predictive Store Forwarding functionality, but what they didn’t comment on in that article was the expected performance overhead when disabling PSF. So my Easter weekend turned into AMD Zen 3 PSF benchmarking.
AMD does not recommend that end users disable the Zen 3’s Protective Store Forwarding functionality, but rather be proactive in their public security analysis and ensure that their customers are informed of its behavior and how to disable it if they be interested. The impact of bad PSF speculation would be similar to that of Specter Variant Four / Speculative Store Bypass. AMD’s PSF security analysis noted: “customers with software that implements sandboxing and are concerned about PSF behavior on AMD Zen3 processors may choose to disable PSF functionality.
PSF is disabled with Zen 3 CPUs if Speculative Store Bypass Disable (SSBD) throttling is present or optionally just force disabled via another bit. AMD’s whitepaper says they publish Linux patches to easily disable PSF if desired, but at the time of writing, I shouldn’t see those public patches anywhere. Presumably they will be fine in the next few days to enable the easy “nopsfd” kernel option. But for the first tests this weekend, I just built a kernel that set MSR 48h Bit 7 to disable this Predictive Store Forwarding functionality. By default, Linux offers no limitation with SSBD unless you choose it through the prctl interface or SECCOMP.
Not knowing what to expect this weekend with the lack of detail on the performance implications of disabling Predictive Store Forwarding, I ran dozens of benchmarks on a few different AMD Ryzen 5000 and EPYC 7003 series systems with the default kernel and then same kernel / configuration but with PSF disabled via bit 7.
Over the multiple systems tested and the wide variety of workloads and with the Phoronix Test Suite automatically running each test multiple times, etc., the results with PSF disabling were ultimately of minimal difference. At most some workloads had an impact of almost 1% over the duration of multiple runs and the multiple systems, but overall it was difficult to find a statistically significant difference.
For example, with the Ryzen 7 5800X box, this set was results from more than 100 tests. With the geometric mean of all those results, there was less than a half percent loss of performance when turning off this new Zen 3 feature. The other result files are even more boring than that.
Long story short, even though AMD generally doesn’t recommend that their customers turn off Predictive Store Forwarding, if you decide to turn it off in the name of increased security, it probably won’t make a significant performance difference . I’m still running some larger server workloads, but with everything I’ve seen on multiple Zen 3 systems today and yesterday, turning off the PSF doesn’t have a major impact. Fortunately, nothing is as scary as some of the earlier x86_64 speculative execution throttling we’ve seen over the years.
For those who appreciate the fast turnaround time on AMD Zen 3 PSF benchmarkng this Easter weekend, consider joining Phoronix Premium or maybe a tip. In any case, do not use an adblocker; your support makes it possible to benchmark every day of the year.
If you liked this article, please consider joining Phoronix Premium to view this ad-free site, multi-page articles on one page, and other benefits. PayPal tips are also kindly accepted. Thanks for your support.