Last week, AMD released a security analysis of AMD Zen 3’s new Predictive Store Forwarding (PSF) feature. There they acknowledged that there is a possibility that PSF’s poor functionality could lead to a side attack, although the actual exposure would be quite low. In any case, they allow interested users to disable the Predictive Store Forwarding functionality, but what they did not comment on in that paper was what performance to expect if they disable PSF. So, my Easter weekend turned into AMD Zen 3 PSF benchmarking.
AMD does not recommend that end users disable the protection functionality of the Zen 3 protection store, but rather be proactive in their public safety analysis and ensure that their customers are informed about its behavior and how to disable it if they be interested. The impact of poor PSF speculation would be similar to that of the Spectr Variant Four / Speculative Store Bypass. AMD’s PSF security analysis stated that “customers with software that implements sandboxing and are concerned about the behavior of PSF on AMD Zen3 processors may choose to disable PSF functionality.“
PSF is disabled with Zen 3 CPUs if there is a reduction in speculative Bypass Disable (SSBD) or optionally only forced-disabled by a different bit. AMD’s white paper says it publishes Linux patches to allow easy disabling of PSF, if desired, but as of writing I haven’t seen these public patches anywhere. They will probably do it in the next few days to allow the convenient option of the “nopsfd” kernel. But for the purpose of this weekend’s initial testing, I just built a kernel that set MSR 48h Bit 7 to disable this Predictive Store Forwarding functionality. By default, Linux does not attenuate with SSBD unless you opt for it via the prctl or SECCOMP interface.
Knowing what to expect this weekend with the lack of details on the performance implications of disabling Predictive Store Forwarding, we ran dozens of benchmarks on a few different AMD Ryzen 5000 and EPYC 7003 series systems with the default kernel and then the same kernel / configuration, but with PSF disabled via bit 7.
On multiple systems and a wide variety of workloads tested and with Phoronix Test Suite running automatically each test multiple times, etc., in the end the results with disabling PSF had a minimal difference. At most in some tasks they were close to an impact of 1% over several rounds and several systems, but in general it was difficult to find any statistically significant difference.
For example, with the Ryzen 7 5800X box was this set of results of over 100 tests. With the geometric mean of all these results there was less than half a percent loss of performance when disabling this new Zen 3 feature. The other result files are even more boring than that.
The story is so long, even if AMD does not recommend their customers in general to disable Predictive Store Forwarding, if you decide to disable it in the name of increased security, it will probably not provide any significant difference in performance. I’m still running some larger server workloads, but with everything I’ve seen today and yesterday on multiple Zen 3 systems, disabling PSF has no major impact. Fortunately, nothing is as frightening as some of the speculative attenuation of x86_64 I’ve seen in recent years – just a few days ago, actually looking at the spectrum mitigation costs that are still borne by Intel’s Rocket Lake, among many other examples and benchmarks in the last three years.
For those who appreciate the rapid evolution of AMD Zen 3 PSF benchmarking this Easter weekend, we recommend that you join Phoronix Premium or maybe a tip. At the very least, please do not use ad blocking; your support makes it possible to evaluate every day of the year.
If you liked this article, consider joining Phoronix Premium to view this ad-free, multi-page, single-page, and other benefits site. PayPal tips are also graciously accepted. Thank you for your support.