[[!meta title="Meltdown and Spectre Status Page"]] [[!template id=needs-update reason="netbsd-9 and netbsd-10 aren't catalogued and more recent Spectre-class vulnerabilities are probably missing"]] Status of the Fixes ------------------- NetBSD-7, and all the anterior releases, have no planned fixes. ## Spectre Variant 1 [[!table data=""" Port |Vendor/Model |Spectre (V1) |NetBSD-8 |NetBSD-current amd64 |Intel |Vulnerable |Not fixed |Not fixed amd64 |AMD |Vulnerable |Not fixed |Not fixed i386 |Intel |Vulnerable |Not fixed |Not fixed i386 |AMD |Vulnerable |Not fixed |Not fixed mips |MIPS P5600 |Vulnerable |Not fixed |Not fixed mips |MIPS P6600 |Vulnerable |Not fixed |Not fixed mips |MIPS (others) |Not vulnerable | | ia64 |Intel |Not vulnerable | | riscv |(spec) |Not vulnerable | | arm |ARM Cortex-R7 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-R8 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A8 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A9 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A12 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A15 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A17 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A73 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed arm |ARM (others) |Not vulnerable | | """]] ## Spectre Variant 2 [[!table data=""" Port |Vendor/Model |Spectre (V2) |NetBSD-8 |NetBSD-current amd64 |Intel |Vulnerable |Fixed [MitigD] |Fixed [MitigB] [MitigD] amd64 |AMD |Vulnerable |Fixed [MitigC] [MitigD] |Fixed [MitigC] [MitigD] i386 |Intel |Vulnerable |Fixed [MitigD] |Fixed [MitigD] i386 |AMD |Vulnerable |Fixed [MitigC] [MitigD] |Fixed [MitigC] [MitigD] mips |MIPS P5600 |Vulnerable |Not fixed |Not fixed mips |MIPS P6600 |Vulnerable |Not fixed |Not fixed mips |MIPS (others) |Not vulnerable | | ia64 |Intel |Not vulnerable | | riscv |(spec) |Not vulnerable | | arm |ARM Cortex-R7 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-R8 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A8 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A9 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A12 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A15 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A17 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A73 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed arm |ARM (others) |Not vulnerable | | """]] ## Meltdown [[!table data=""" Port |Vendor/Model |Meltdown (V3) |NetBSD-8 |NetBSD-current amd64 |Intel |Vulnerable |Fixed [MitigA] |Fixed [MitigA] amd64 |AMD |Not vulnerable | | i386 |Intel |Vulnerable |Not fixed |Not fixed i386 |AMD |Not vulnerable | | mips |(all) |Not vulnerable | | ia64 |Intel |Not vulnerable | | riscv |(spec) |Not vulnerable | | arm |ARM Cortex-A15 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed arm |ARM (others) |Not vulnerable | | """]] ## Spectre Variant 3a This issue will be addressed in future microcode updates on x86. No software change is required. ## Spectre Variant 4 [[!table data=""" Port |Vendor/Model |Spectre (V4) |NetBSD-8 |NetBSD-current amd64 |Intel |Vulnerable |Fixed [MitigE] |Fixed [MitigE] amd64 |AMD |Vulnerable |Fixed [MitigF] |Fixed [MitigF] i386 |Intel |Vulnerable |Fixed [MitigE] |Fixed [MitigE] i386 |AMD |Vulnerable |Fixed [MitigF] |Fixed [MitigF] arm |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A73 |Vulnerable |Not fixed |Not fixed arm |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed arm |ARM (others) |Not vulnerable | | """]] ## Mitigations ### Mitigation A: SVS Meltdown is mitigated with the SVS feature. It can be dynamically disabled by changing the "machdep.svs.enabled" sysctl. ### Mitigations B, C, D There is no unified mitigation for SpectreV2. Rather, a set of mitigations are available, in both hardware and software. Three sysctls exist, under the machdep.spectre_v2 node: [[!template id=programlisting text=""" machdep.spectre_v2.hwmitigated = {0/1} user-settable machdep.spectre_v2.swmitigated = {0/1} set by the kernel machdep.spectre_v2.method = {string} constructed by the kernel """]] Only "hwmitigated" can be set by the user. When set to one, the kernel will determine the best hardware mitigation available for the currently running CPU, and will apply it. #### Mitigation B: Intel IBRS Hardware mitigation, Intel only (for now). If the CPU supports this method, it is used automatically by the kernel. It can be dynamically enabled/disabled by changing the "hwmitigated" sysctl. #### Mitigation C: AMD DIS_IND Hardware mitigation, available only on a few AMD families. If the CPU supports this method, it is used automatically by the kernel. It can be dynamically enabled/disabled by changing the "hwmitigated" sysctl. #### Mitigation D: GCC Retpoline Software mitigation. It is enabled by default in GENERIC. When enabled, the "swmitigated" sysctl is set to one. Note: there is no retpoline for the ASM parts, and no RSB-stuffing either for Skylake. ### Mitigations E, F There are two available mitigations for SpectreV4. Their availability depends on the CPU model and the microcode or BIOS revision. [[!template id=programlisting text=""" machdep.spectre_v4.mitigated = {0/1} user-settable machdep.spectre_v4.method = {string} constructed by the kernel """]] Only "mitigated" can be set by the user. When set to one, the kernel will determine the best hardware mitigation available for the currently running CPU, and will apply it. #### Mitigation E: Intel SSBD Available only on Intel (for now). It can be dynamically enabled/disabled by changing the "mitigated" sysctl. #### Mitigation F: AMD NONARCH Available only on AMD families 15h, 16h and 17h. It can be dynamically enabled/disabled by changing the "mitigated" sysctl. ## External Resources * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/) * [ARM Security Update](https://developer.arm.com/support/security-update) * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/) ## Notes * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.