AMD Zen 3 CPUs vulnerable to Spectre-like attacks via PSF feature
US chipmaker AMD advised customers last week to disable a new performance feature if they plan to use CPUs for sensitive operations, as this feature is vulnerable to Spectre-like side-channel attacks.
Called Predictive Store Forwarding (PSF), this feature was added to AMD CPUs part of the company's Zen 3 core architecture, a processor series dedicated to gaming and high-performance computing, which launched in November 2020. (full article)
The feature implements a technique called speculative execution, which works by running multiple alternative CPU operations in advance to make results available faster, and then discarding "predicted" data once deemed unneeded.
Whitepaper: SECURITY ANALYSIS OF AMD PREDICTIVE STORE FORWARDING[.pdf]
[N.B. - The last statement in the whitepaper says "AMD recommends leaving the Predictive Store Forwarding feature enabled as the default setting." - Fnord]
(Score: 4, Interesting) by looorg on Friday April 09 2021, @12:24PM (2 children)
How sad for them. Guess they are not as happy now as they were when this was only, or mainly, an Intel problem.
I do wonder tho if this was known since about 2017-2018 (both Meltdown and Spectre) or there about for the Intel why the hell did they incorporate it into a processor that was launched in the end of 2020? I know it might have been a long production and manufacturing process to create the CPU but they sort of had several years to either disable or remove this or fix it (unless it can't be fixed) but to keep it around? That just seems like a new kind of stupid.
(Score: 3, Funny) by Anonymous Coward on Friday April 09 2021, @12:35PM
CIA: "Hey AMD, implement this feature or we kill you"
AMD: "OK fellow three-letter agency"
(Score: 0) by Anonymous Coward on Friday April 09 2021, @02:01PM
Someone also needs to make them disable predictive text. Fuck!
(Score: 5, Funny) by Mojibake Tengu on Friday April 09 2021, @12:34PM
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by DannyB on Friday April 09 2021, @04:11PM (5 children)
What if CPUs didn't try to guess what the program was going to do, and just executed simple instructions. And there were LOTS of cores. Plus other specialized hardware such as GPUs and specialized tensor multiplication hardware. Maybe also dedicated video encode/decode, signal processing, and crypto hardware.
How many other specialized hardware units should computers grow because we don't want to do things in pure software any more?
Remember back when CPUs just executed instructions?
The people who rely on government handouts and refuse to work should be kicked out of congress.
(Score: 5, Informative) by turgid on Friday April 09 2021, @04:44PM (4 children)
The problem is memory access is so slow in comparison to CPU performance that the CPU needs to do things to make use of time it would otherwise spend idle waiting for the memory. One of the things it does is to speculatively execute code in the hope that the results of previous instructions mean that these instructions were the right ones to execute. If it guesses right often enough, this provides a big performance boost. If it gets it wrong, it has to load more data and instructions from memory, which is very slow.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2) by DannyB on Friday April 09 2021, @04:48PM
That is a good point. I remember when CPUs were slower than memory.
The people who rely on government handouts and refuse to work should be kicked out of congress.
(Score: 0, Touché) by Anonymous Coward on Friday April 09 2021, @09:28PM (2 children)
well they need to solve the memory access problem with hardware instead of making the whole computer insecure with their bullshit hacks.
(Score: 0) by Anonymous Coward on Saturday April 10 2021, @10:00AM (1 child)
(Score: 3, Interesting) by takyon on Saturday April 10 2021, @12:03PM
What are you even talking about?
https://www.anandtech.com/show/11857/memory-scaling-on-ryzen-7-with-team-groups-night-hawk-rgb/5 [anandtech.com]
Fast RAM has a negligible impact on performance most of the time.
Future AMD and Intel microarchitectures will be adding stacked RAM as L4 cache, which will actually make a difference in solving the CPU-to-memory problem. Later, we'll see monolithic 3D integration of CPU and memory.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Interesting) by Anonymous Coward on Friday April 09 2021, @07:08PM (1 child)
The researchers don't have an exploit, and it's not clear that this type of issue could leak, for example, kernel data or data from outside of a VM. It seems limited to "browser Javascript might be able to read data from outside its page" type of issues, which Javascript engines are already used to dealing with because there are lots of these issues.
Not going to say this is a complete nothingburger, but it doesn't really seem all that dangerous. If it's even exploitable in real world conditions.
(Score: 2) by takyon on Friday April 09 2021, @07:40PM
My understanding is that AMD discovered it, not a third party, and mitigation has about a 0.4% impact on performance. A nothingburger on all levels.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]