Annotation of wikisrc/security/meltdown_spectre.mdwn, revision 1.24

1.6       maxv        1: [[!meta title="Meltdown and Spectre Status Page"]]
1.1       maxv        2: 
                      3: Status of the Fixes
                      4: -------------------
                      5: 
1.18      maxv        6: NetBSD-6, and all the anterior releases, have no planned fixes.
                      7: 
1.7       maxv        8: ## Spectre Variant 1
                      9: 
1.1       maxv       10: [[!table data="""
1.18      maxv       11: Port           |Vendor/Model   |Spectre (V1)   |NetBSD-7       |NetBSD-8       |NetBSD-current
                     12: amd64          |Intel          |Vulnerable     |Not fixed      |Not fixed      |Not fixed
                     13: amd64          |AMD            |Vulnerable     |Not fixed      |Not fixed      |Not fixed
                     14: amd64          |VIA            |Unknown        |               |               |
                     15: i386           |Intel          |Vulnerable     |Not fixed      |Not fixed      |Not fixed
                     16: i386           |AMD            |Vulnerable     |Not fixed      |Not fixed      |Not fixed
                     17: i386           |VIA            |Unknown        |               |               |
                     18: mips           |MIPS P5600     |Vulnerable     |Not fixed      |Not fixed      |Not fixed
                     19: mips           |MIPS P6600     |Vulnerable     |Not fixed      |Not fixed      |Not fixed
                     20: mips           |Other Models   |Not vulnerable |               |               |
                     21: ia64           |Intel          |Not vulnerable |               |               |
                     22: riscv          |(Spec.)        |Not vulnerable |               |               |
1.1       maxv       23: """]]
                     24: 
1.7       maxv       25: ## Spectre Variant 2
                     26: 
1.1       maxv       27: [[!table data="""
1.18      maxv       28: Port           |Vendor/Model   |Spectre (V2)   |NetBSD-7       |NetBSD-8       |NetBSD-current
1.23      maxv       29: amd64          |Intel          |Vulnerable     |Not fixed      |Not fixed      |Fixed [MitigB] [MitigD]
                     30: amd64          |AMD            |Vulnerable     |Not fixed      |Not fixed      |Fixed [MitigC] [MitigD]
1.18      maxv       31: amd64          |VIA            |Unknown        |               |               |
1.23      maxv       32: i386           |Intel          |Vulnerable     |Not fixed      |Not fixed      |Fixed [MitigD]
1.24    ! maxv       33: i386           |AMD            |Vulnerable     |Not fixed      |Not fixed      |Fixed [MitigC] [MitigD]
1.18      maxv       34: i386           |VIA            |Unknown        |               |               |
                     35: mips           |MIPS P5600     |Vulnerable     |Not fixed      |Not fixed      |Not fixed
                     36: mips           |MIPS P6600     |Vulnerable     |Not fixed      |Not fixed      |Not fixed
                     37: mips           |Other Models   |Not vulnerable |               |               |
                     38: ia64           |Intel          |Not vulnerable |               |               |
                     39: riscv          |(Spec.)        |Not vulnerable |               |               |
1.1       maxv       40: """]]
                     41: 
1.7       maxv       42: ## Meltdown
                     43: 
1.1       maxv       44: [[!table data="""
1.18      maxv       45: Port           |Vendor/Model   |Meltdown (V3)  |NetBSD-7       |NetBSD-8       |NetBSD-current
1.20      maxv       46: amd64          |Intel          |Vulnerable     |Not fixed      |Fixed [MitigA] |Fixed [MitigA]
1.18      maxv       47: amd64          |AMD            |Not vulnerable |               |               |
                     48: amd64          |VIA            |Unknown        |               |               |
                     49: i386           |Intel          |Vulnerable     |Not fixed      |Not fixed      |Not fixed
                     50: i386           |AMD            |Not vulnerable |               |               |
                     51: i386           |VIA            |Unknown        |               |               |
                     52: mips           |MIPS P5600     |Not vulnerable |               |               |
                     53: mips           |MIPS P6600     |Not vulnerable |               |               |
                     54: mips           |Other Models   |Not vulnerable |               |               |
                     55: ia64           |Intel          |Not vulnerable |               |               |
                     56: riscv          |(Spec.)        |Not vulnerable |               |               |
1.1       maxv       57: """]]
                     58: 
1.16      maxv       59: ## Mitigations
                     60: 
                     61: ### Mitigation A: SVS
                     62: 
                     63: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
                     64: by changing the "machdep.svs.enabled" sysctl.
                     65: 
1.19      maxv       66: ### Mitigation B: Intel IBRS
                     67: 
                     68: SpectreV2 can be mitigated with the IBRS method (Intel only for now). If
                     69: the CPU supports this method, it is used automatically. It can be
                     70: dynamically disabled by changing the "machdep.spectre_v2.mitigated"
                     71: sysctl.
                     72: 
                     73: ### Mitigation C: AMD DIS_IND
                     74: 
                     75: SpectreV2 can be mitigated with the DIS_IND method, available only on a
                     76: few AMD families. If the CPU supports this method, it is used
                     77: automatically. It can be dynamically disabled by changing the
                     78: "machdep.spectre_v2.mitigated" sysctl.
                     79: 
1.23      maxv       80: ### Mitigation D: Retpoline
                     81: 
                     82: SpectreV2 is mitigated in the kernel with the GCC "retpoline" compilation
                     83: flag, which is enabled by default in GENERIC.
                     84: 
1.10      maxv       85: ## External Resources
                     86: 
1.11      maxv       87: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
1.12      maxv       88: * [ARM Security Update](https://developer.arm.com/support/security-update)
1.15      maxv       89: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
1.10      maxv       90: 
1.13      maxv       91: ## Notes
                     92: 
                     93: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
                     94: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb