Diff for /wikisrc/security/meltdown_spectre.mdwn between versions 1.30 and 1.31

version 1.30, 2018/05/22 07:37:22 version 1.31, 2018/05/22 08:24:53
Line 94  riscv  |(Spec.) |Not vulnerable |  |  | Line 94  riscv  |(Spec.) |Not vulnerable |  |  |
   
 ## Spectre Variant 3a  ## Spectre Variant 3a
   
 This issue will be addressed in future microcode updates. No software  This issue will be addressed in future microcode updates on x86. No
 change is required.  software change is required.
   
 ## Spectre Variant 4  ## Spectre Variant 4
   
Line 116  i386  |VIA  |Unknown |  |  | Line 116  i386  |VIA  |Unknown |  |  |
 Meltdown is mitigated with the SVS feature. It can be dynamically disabled  Meltdown is mitigated with the SVS feature. It can be dynamically disabled
 by changing the "machdep.svs.enabled" sysctl.  by changing the "machdep.svs.enabled" sysctl.
   
 ### Mitigation B: Intel IBRS  ### Mitigations B, C, D
   
 SpectreV2 can be mitigated with the IBRS method (Intel only for now). If  There is no unified mitigation for SpectreV2. Rather, a set of mitigations
 the CPU supports this method, it is used automatically. It can be  are available, in both hardware and software.
 dynamically disabled by changing the "machdep.spectre_v2.mitigated"  
 sysctl.  Three sysctls exist, under the machdep.spectre_v2 node:
   
   [[!template id=programlisting text="""
   machdep.spectre_v2.hwmitigated = {0/1} user-settable
   machdep.spectre_v2.swmitigated = {0/1} set by the kernel
   machdep.spectre_v2.method = {string} set by the kernel
   """]]
   
   Only hwmitigated can be set by the user. When set to one, the kernel will
   determine the best hardware mitigation available for the currently
   running CPU, and will apply it.
   
   #### Mitigation B: Intel IBRS
   
   Hardware mitigation, Intel only (for now). If the CPU supports this method,
   it is used automatically by the kernel. It can be dynamically
   enabled/disabled by changing the "hwmitigated" sysctl.
   
 ### Mitigation C: AMD DIS_IND  #### Mitigation C: AMD DIS_IND
   
 SpectreV2 can be mitigated with the DIS_IND method, available only on a  Hardware mitigation, available only on a few AMD families. If the CPU
 few AMD families. If the CPU supports this method, it is used  supports this method, it is used automatically by the kernel. It can be
 automatically. It can be dynamically disabled by changing the  dynamically enabled/disabled by changing the "hwmitigated" sysctl.
 "machdep.spectre_v2.mitigated" sysctl.  
   
 ### Mitigation D: Retpoline  #### Mitigation D: GCC Retpoline
   
 SpectreV2 is mitigated in the kernel with the GCC "retpoline" compilation  Software mitigation. It is enabled by default in GENERIC. When enabled,
 flag, which is enabled by default in GENERIC.  the "swmitigated" sysctl is set to one.
   
 ### Mitigation E: Intel SSBD  ### Mitigation E: Intel SSBD
   

Removed from v.1.30  
changed lines
  Added in v.1.31


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb