This article describes a Fast Store Forwarding Predictor (FSFP) performance feature that is supported on certain Intel processors, the implications of this feature on potential transient execution disclosure gadgets, and the properties maintained by those processors to help prevent potential exploitation of such disclosure gadgets. The guidance presented herein reflects Intel’s current information and understanding, and may be revised as new information emerges and as the threat landscape evolves.
We also describe an issue affecting certain processors that requires a microcode update to fully support the Fast Store Forwarding Predictor training domain isolation properties described here.
Description
Certain Intel processors support a performance feature called Fast Store Forwarding Predictor (FSFP). Based on observing previous behavior, FSFP enables the processor to predict that a store will forward data to a younger load and optimize that case. This optimization may allow the load to speculatively execute with data from an older store before all forwarding conditions (like store-load address match) have been resolved. If data is incorrectly forwarded to the load, the processor will prevent the load from committing to the architectural state and will re-execute the load with the correct data.
Potential for Transient Execution Disclosure Gadgets
As an effective performance optimization, FSFP predicts store-to-load forwarding with high accuracy. These predictions are based on the observed behavior of previous stores and loads. However, misprediction of store-to-load forwarding can happen for specific reasons. For example, either dynamically varying behavior of specific store and load instruction instances, or predictor aliasing between different instruction instances could cause FSFP to mispredict the correct store-to-load forwarding.
As with other forms of speculation, the transient execution of FSFP store-to-load forwarding has the potential to reveal data through a covert channel that would not otherwise be revealed. If a malicious actor is able to identify a disclosure gadget in vulnerable victim code and also induce FSFP store-forwarding speculation as required for the gadget, it may be possible to disclose targeted data accessible to the victim with a “confused-deputy” form of attack.
FSFP Mitigation Properties
Processors that support FSFP maintain several properties to help mitigate the risk of potential transient execution attacks. These properties are intended to enable prediction domain isolation for FSFP, as well as provide mechanisms to disable FSFP where desired.
Cross-Domain and Cross-Thread Training Isolation
The FSFP domain isolation architecture is analogous to the indirect branch prediction domain isolation properties documented for the Indirect Branch Restricted Speculation (IBRS) and Single Thread Indirect Branch Predictors (STIBP) mechanisms.
For processors supporting FSFP, the following domain isolation properties are maintained (regardless of IBRS or STIBP enabling):
- Activity in user mode does not control FSFP prediction in supervisor mode.
- Activity in Virtual Machine Extensions (VMX) guest (non-root) mode does not control FSFP prediction in host (root) mode.
- Activity on one logical processor does not control FSFP prediction on another logical processor.
In addition, the Indirect Branch Predictor Barrier (IBPB) additionally serves as an FSFP prediction barrier. Activity before the barrier on a logical processor does not control FSFP prediction after the barrier.
Note that FSFP does not affect system management mode (SMM) and Intel® Software Guard Extensions (Intel® SGX) enclaves. This is described in more detail below.
Predictive Forwarding Barriers
Processors supporting FSFP prevent predictive forwarding of data values of older stores to younger loads across certain architectural boundaries. If any of the following occur between an older store and a younger load, FSFP will not predictively forward data from that store to that load:
- LFENCE
- Change to memory protection key restriction registers PKRU or PKRS
- Serializing instructions or events
Also note that no store in one privileged predictor mode can be predictively forwarded to a load from another predictor mode. This includes not only mode transitions (such as SYSCALL), but also implicit supervisor loads (for example, loads from the Global Descriptor Table (GDT) performed by a segment load instruction).
FSFP Disabled Modes
When FSFP is disabled, the processor does not speculatively execute loads with a value forwarded from a store when the store and load do not have matching addresses. This FSFP-disabled behavior does not intrinsically preclude speculative store bypass.
Both Speculative Store Bypass (SSB) and FSFP are disabled whenever IA32_SPEC_CTRL.SSBD (Speculative Store Bypass Disable) MSR bit is set to 1, or inside Intel® SGX enclaves or system management mode (SMM)). All processors that support FSFP also support SSBD.
In addition to SSBD, a finer-grained control is provided for disabling FSFP without disabling SSB. If enumerated by CPUID.(EAX=7,ECX=2).EDX[0], the processor supports setting IA32_SPEC_CTRL.PSFD (bit 7). FSFP will be disabled if either SSBD or PSFD are enabled or if in SMM or Intel SGX mode.
The PSFD bit offset is chosen to align with the Predictive Store Forwarding Disable (PSFD) bit defined here by AMD*.
Going forward, PSFD is expected to be supported on all processors that support FSFP. Some processors may require a microcode update to enable PSFD support. Refer to the Processors Affected by FSFP Cross-Domain Training Isolation Issue section for more details.
Software Guidance
In many cases, software environments employing mitigations for Branch Target Injection (Spectre variant 2) and Speculative Store Bypass (Spectre variant 4) may require no further changes for FSFP.
The combination of processor domain isolation, along with software invocation of IBPB on security context switches, can help mitigate the risk of cross-domain FSFP training attacks.
Same-domain exposure for FSFP may be similar to that of Speculative Store Bypass. As with Speculative Store Bypass, language-based security environments (for example, a managed runtime) present the most likely environment where a potential malicious actor may seek to influence the generation of code. Mitigation for such environments are similar to those described for Speculative Store Bypass. Some options include:
- Process isolation
- SSBD
- Targeted mitigation of specific disclosure gadgets (for example, placing LFENCE between potential store/load pairs)
Using PSFD to disable FSFP may be of interest in specific environments that are concerned with same-domain FSFP attacks, but which are not concerned about Speculative Store Bypass attacks and where the performance impact of SSBD is a concern.
Current Processors Supporting FSFP
Future Intel processors that support FSFP will enumerate support for PSFD control. The current processors supporting FSFP include:
Processor | Stepping (All unless otherwise noted) | Code Names/Microarchitectures | Product Family | Brand Names |
---|---|---|---|---|
06_7EH | 5 | Ice Lake U,Y | 10th Generation Intel® Core™ Processor Family | Intel® Core™ Processor i7-1060G7, i7-1065G7 Intel® Core™ Processor i5-1030G4, i5-1030G7, i5-1035G1, i5-1035G4, i5-1035G7 Intel® Core™ Processor i3-1000G1, i3-1000G4, i3-1005G1 |
06_6AH | 4,5,6 | Ice Lake Xeon-SP | 3rd Gen Intel® Xeon® Scalable processor family | Intel® Xeon® Gold 8300 processors, Intel® Xeon® Gold 6300 processors, Intel® Xeon® Gold 5300 processors, Intel® Xeon® Silver 4300 processors |
06_8AH | 1 | Lakefield B-step (Sunny Cove and Tremont hybrid) | Intel® Core™ Processors with Intel® Hybrid Technology | Intel® Core™ Processor i3-L13G4, i5-L16G7 |
06_8CH | <=2 | Tiger Lake U-series | 11th Generation Intel® Core™ Processor Family | Intel® Core™ i7-1185G7, i7-1165G7, i7-1185GRE, i7-1185G7E, i7-1180G7, i7-1160G7, i5-1145G7, i5-1145GRE, i5-1145G7E, i5-1140G7, i5-1130G7, i3-1125G4, i3-1115GRE, i3-1115G4E, i3-1120G4, i3-1110G4, Intel® Celeron® 6305, Intel® Celeron® 6305E Processor |
06_8DH | 1 | Tiger Lake H-series | 1. 11th Generation Intel® Core™ Processor Family 2. Intel® Xeon® Processor Family |
1. Intel® Core™ i9-11980HK, i9-11950H, i9-11900H, i7-11850H, i7-11800H, i5-11500H, i5-11400H, i5-11260H, i7-11390H, i7-11375H, i7-11370H, i5-11320H, i5-11300H, 2. Intel® Xeon® W-11955M, Intel® Xeon® W-11855M, |
06_8DH | 1 | Tiger Lake H-series | 1. 11th Generation Intel® Core™ Processor Family 2. Intel® Xeon® Processor Family |
1. Intel® Core™ i7-11850HE, i3-11100HE 2. Intel® Xeon® W-11865MRE, W-11555MRE, W-11155MRE, W-11555MLE, W-11865MLE, W-11155MLE, Intel® Celeron®6600HE |
06_8CH | 2 | 1. Tiger Lake U Refresh 2. Tiger Lake H35 |
11th Generation Intel® Core™ Processor Family | 1. Intel® Core™ i7-1195G7, i5-1155G7, i5-1135G7, i3-1115G4, Intel® Pentium® Gold 7505 2. Intel® Core™ i7-11390H, i5-11320H |
06_A7H | 1 | Rocket Lake | 11th Generation Intel® Core™ Processor Family | Intel® Core™ Processor i9-11900K, i9-11900KF, i9-11900, i9-11900T, i9-11900F, i7-11700K, i7-11700KF, i7-11700, i7-11700T, i7-11700F, i5-11600K, i5-11600KF, i5-11600, i5-11600T, i5-11500, i5-11500T, i5-11400, i5-11400F, i5-11400T |
06_9AH | 3 | Alder Lake (Golden Cove and Gracemont hybrid) P/M series | 12th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Family Intel® Celeron® Processor Family |
Intel® Core™ Processor i7-12800P, i7-12700P, i7-12600P, i5-12500P, i5-12400P, i3-12200P i7-1260U, i7-1250U, i5-1240U, i5-1230U, i3-1210U, Intel® Pentium® Gold Processor 8500, Intel® Celeron® Processor 7300 |
06_97H | 2 | Alder Lake (Golden Cove and Gracemont hybrid) S-series | 12th Generation Intel® Core™ Processor Family | Intel® Core™ Processor i9-12900K, i9-12900KF, i7-12700K, i7-12700KF, i5-12600K, i5-12600KF |
06_97H | 5 | Alder Lake S-series (Golden Cove) |
12th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Family Intel® Celeron® Processor Family |
Intel® Core™ Processor i5-12600, i5-12500, i5-12400, i5-12400F, i3-12300, i3-12100, i3-12100F, i5-12600T, i5-12500T, i5-12400T, i3-12300T, i3-12100T Intel® Pentium® Gold Processor G7400, G7400T Intel® Celeron® Processor G6900, G6900T |
FSFP Cross-Domain Training Isolation Issue
Certain processors that support FSFP do not fully maintain cross-domain training isolation properties without recent microcode update. In some cases, user mode software may be able to control FSFP prediction in supervisor mode software, or VMX guest software may be able to control prediction in host (VMX root) software. Such control could be used by a malicious program running on the same logical processor to trigger transient execution gadgets in a higher-privileged mode, potentially leading to data disclosure.
This issue can be addressed on affected processors by deploying the latest microcode update. Refer to the related CVE (CVE-2021-0145, CVSS: 6.5 Medium) and Intel Technical Advisory (INTEL-SA-00561).
Processor | Stepping (All unless otherwise noted) | Code Names/Microarchitectures | Product Family | Brand Names | Affected |
---|---|---|---|---|---|
06_7EH | 5 | Ice Lake U,Y | 10th Generation Intel® Core™ Processor Family | Intel® Core™ Processor i7-1060G7, i7-1065G7 Intel® Core™ Processor i5-1030G4, i5-1030G7, i5-1035G1, i5-1035G4, i5-1035G7 Intel® Core™ Processor i3-1000G1, i3-1000G4, i3-1005G1 |
Y |
06_6AH | 4,5,6 | Ice Lake Xeon-SP | 3rd Gen Intel® Xeon® Scalable processor family | Intel® Xeon® Gold 8300 processors, Intel® Xeon® Gold 6300 processors, Intel® Xeon® Gold 5300 processors, Intel® Xeon® Silver 4300 processors | Y |
06_8AH | 1 | Lakefield B-step (Sunny Cove) | Intel® Core™ Processors with Intel® Hybrid Technology | Intel® Core™ Processor i3-L13G4, i5-L16G7 | Y |
06_8CH | <=2 | Tiger Lake U-series | 11th Generation Intel® Core™ Processor Family | Intel® Core™ i7-1185G7, i7-1165G7, i7-1185GRE, i7-1185G7E, i7-1180G7, i7-1160G7, i5-1145G7, i5-1145GRE, i5-1145G7E, i5-1140G7, i5-1130G7, i3-1125G4, i3-1115GRE, i3-1115G4E, i3-1120G4, i3-1110G4, Intel® Celeron® 6305, Intel® Celeron® 6305E Processor | Y |
06_8DH | 1 | Tiger Lake H-series | 1. 11th Generation Intel® Core™ Processor Family 2. Intel® Xeon® Processor Family |
1. Intel® Core™ i9-11980HK, i9-11950H, i9-11900H, i7-11850H, i7-11800H, i5-11500H, i5-11400H, i5-11260H, i7-11390H, i7-11375H, i7-11370H, i5-11320H, i5-11300H, 2. Intel® Xeon® W-11955M, Intel® Xeon® W-11855M |
Y |
06_8DH | 1 | Tiger Lake H-series | 1. 11th Generation Intel® Core™ Processor Family 2. Intel® Xeon® Processor Family |
1. Intel® Core™ i7-11850HE, i3-11100HE 2. Intel® Xeon® W-11865MRE, W-11555MRE, W-11155MRE, W-11555MLE, W-11865MLE, W-11155MLE, Intel® Celeron®6600HE |
Y |
06_8CH | 2 | 1. Tiger Lake U Refresh 2. Tiger Lake H35 |
11th Generation Intel® Core™ Processor Family | 1. Intel® Core™ i7-1195G7, i5-1155G7, i5-1135G7, i3-1115G4, Intel® Pentium® Gold 7505 2. Intel® Core™ i7-11390H, i5-11320H |
Y |
06_A7H | 1 | Rocket Lake | 11th Generation Intel® Core™ Processor Family | Intel® Core™ Processor i9-11900K, i9-11900KF, i9-11900, i9-11900T, i9-11900F, i7-11700K, i7-11700KF, i7-11700, i7-11700T, i7-11700F, i5-11600K, i5-11600KF, i5-11600, i5-11600T, i5-11500, i5-11500T, i5-11400, i5-11400F, i5-11400T | Y |
FSFP Cross-Thread Training Isolation Issue
Certain processors that support FSFP do not fully maintain cross-thread training isolation properties without recent microcode update. In some cases, software executing on one hyperthread may be able to control FSFP prediction on a sibling hyperthread of the same core.
Such control could help a malicious program running on the same core to trigger transient execution gadgets in a higher-privileged mode, potentially leading to data disclosure.
This issue can be addressed on affected processors by deploying the latest microcode update. Refer to the previously disclosed CVE (CVE-2020-8698, CVSS: 6.5 Medium) and Intel Technical Advisory (INTEL-SA-00381).
Processors Affected by FSFP Cross-Thread Training Isolation Issue
Refer to the list of affected processors for the Fast Store Forwarding Predictor: Cross Thread issue in the consolidated Affected Processors table.