1: [[!meta title="Meltdown and Spectre Status Page"]]
2:
3: Status of the Fixes
4: -------------------
5:
6: NetBSD-6, and all the anterior releases, have no planned fixes.
7:
8: ## Spectre Variant 1
9:
10: [[!table data="""
11: Port |Vendor/Model |Spectre (V1) |NetBSD-7 |NetBSD-8 |NetBSD-current
12: amd64 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
13: amd64 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed
14: amd64 |VIA |Unknown | | |
15: i386 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
16: i386 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed
17: i386 |VIA |Unknown | | |
18: |MIPS P5600 |Vulnerable |Not fixed |Not fixed |Not fixed
19: |MIPS P6600 |Vulnerable |Not fixed |Not fixed |Not fixed
20: |MIPS (others) |Not vulnerable | | |
21: ia64 |Intel |Not vulnerable | | |
22: riscv |(Spec.) |Not vulnerable | | |
23: |ARM Cortex-R7 |Vulnerable |Not fixed |Not fixed |Not fixed
24: |ARM Cortex-R8 |Vulnerable |Not fixed |Not fixed |Not fixed
25: |ARM Cortex-A8 |Vulnerable |Not fixed |Not fixed |Not fixed
26: |ARM Cortex-A9 |Vulnerable |Not fixed |Not fixed |Not fixed
27: |ARM Cortex-A12 |Vulnerable |Not fixed |Not fixed |Not fixed
28: |ARM Cortex-A15 |Vulnerable |Not fixed |Not fixed |Not fixed
29: |ARM Cortex-A17 |Vulnerable |Not fixed |Not fixed |Not fixed
30: |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed |Not fixed
31: |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed |Not fixed
32: |ARM Cortex-A73 |Vulnerable |Not fixed |Not fixed |Not fixed
33: |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed |Not fixed
34: |ARM (others) |Not vulnerable | | |
35: """]]
36:
37: ## Spectre Variant 2
38:
39: [[!table data="""
40: Port |Vendor/Model |Spectre (V2) |NetBSD-7 |NetBSD-8 |NetBSD-current
41: amd64 |Intel |Vulnerable |Not fixed |Fixed [MitigD] |Fixed [MitigB] [MitigD]
42: amd64 |AMD |Vulnerable |Not fixed |Fixed [MitigD] |Fixed [MitigC] [MitigD]
43: amd64 |VIA |Unknown | | |
44: i386 |Intel |Vulnerable |Not fixed |Fixed [MitigD] |Fixed [MitigD]
45: i386 |AMD |Vulnerable |Not fixed |Fixed [MitigD] |Fixed [MitigC] [MitigD]
46: i386 |VIA |Unknown | | |
47: |MIPS P5600 |Vulnerable |Not fixed |Not fixed |Not fixed
48: |MIPS P6600 |Vulnerable |Not fixed |Not fixed |Not fixed
49: |MIPS (others) |Not vulnerable | | |
50: ia64 |Intel |Not vulnerable | | |
51: riscv |(Spec.) |Not vulnerable | | |
52: |ARM Cortex-R7 |Vulnerable |Not fixed |Not fixed |Not fixed
53: |ARM Cortex-R8 |Vulnerable |Not fixed |Not fixed |Not fixed
54: |ARM Cortex-A8 |Vulnerable |Not fixed |Not fixed |Not fixed
55: |ARM Cortex-A9 |Vulnerable |Not fixed |Not fixed |Not fixed
56: |ARM Cortex-A12 |Vulnerable |Not fixed |Not fixed |Not fixed
57: |ARM Cortex-A15 |Vulnerable |Not fixed |Not fixed |Not fixed
58: |ARM Cortex-A17 |Vulnerable |Not fixed |Not fixed |Not fixed
59: |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed |Not fixed
60: |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed |Not fixed
61: |ARM Cortex-A73 |Vulnerable |Not fixed |Not fixed |Not fixed
62: |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed |Not fixed
63: |ARM (others) |Not vulnerable | | |
64: """]]
65:
66: ## Meltdown
67:
68: [[!table data="""
69: Port |Vendor/Model |Meltdown (V3) |NetBSD-7 |NetBSD-8 |NetBSD-current
70: amd64 |Intel |Vulnerable |Not fixed |Fixed [MitigA] |Fixed [MitigA]
71: amd64 |AMD |Not vulnerable | | |
72: amd64 |VIA |Unknown | | |
73: i386 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed
74: i386 |AMD |Not vulnerable | | |
75: i386 |VIA |Unknown | | |
76: |MIPS P5600 |Not vulnerable | | |
77: |MIPS P6600 |Not vulnerable | | |
78: |MIPS (others) |Not vulnerable | | |
79: ia64 |Intel |Not vulnerable | | |
80: riscv |(Spec.) |Not vulnerable | | |
81: |ARM Cortex-R7 |Not vulnerable | | |
82: |ARM Cortex-R8 |Not vulnerable | | |
83: |ARM Cortex-A8 |Not vulnerable | | |
84: |ARM Cortex-A9 |Not vulnerable | | |
85: |ARM Cortex-A12 |Not vulnerable | | |
86: |ARM Cortex-A15 |Vulnerable |Not fixed |Not fixed |Not fixed
87: |ARM Cortex-A17 |Not vulnerable | | |
88: |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed |Not fixed
89: |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed |Not fixed
90: |ARM Cortex-A73 |Not vulnerable | | |
91: |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed |Not fixed
92: |ARM (others) |Not vulnerable | | |
93: """]]
94:
95: ## Spectre Variant 4
96:
97: [[!table data="""
98: Port |Vendor/Model |Spectre (V4) |NetBSD-7 |NetBSD-8 |NetBSD-current
99: amd64 |Intel |Vulnerable |Not fixed |Not fixed |Fixed [MitigE]
100: amd64 |AMD |Unknown | | |
101: amd64 |VIA |Unknown | | |
102: i386 |Intel |Vulnerable |Not fixed |Not fixed |Fixed [MitigE]
103: i386 |AMD |Unknown | | |
104: i386 |VIA |Unknown | | |
105: """]]
106:
107: ## Mitigations
108:
109: ### Mitigation A: SVS
110:
111: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
112: by changing the "machdep.svs.enabled" sysctl.
113:
114: ### Mitigation B: Intel IBRS
115:
116: SpectreV2 can be mitigated with the IBRS method (Intel only for now). If
117: the CPU supports this method, it is used automatically. It can be
118: dynamically disabled by changing the "machdep.spectre_v2.mitigated"
119: sysctl.
120:
121: ### Mitigation C: AMD DIS_IND
122:
123: SpectreV2 can be mitigated with the DIS_IND method, available only on a
124: few AMD families. If the CPU supports this method, it is used
125: automatically. It can be dynamically disabled by changing the
126: "machdep.spectre_v2.mitigated" sysctl.
127:
128: ### Mitigation D: Retpoline
129:
130: SpectreV2 is mitigated in the kernel with the GCC "retpoline" compilation
131: flag, which is enabled by default in GENERIC.
132:
133: ### Mitigation E: Intel SSBD
134:
135: SpectreV4 can be mitigated with the SSBD method (Intel only for now). It
136: can be dynamically enabled by changing the "machdep.spectre_v4.mitigated"
137: sysctl.
138:
139: ## External Resources
140:
141: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
142: * [ARM Security Update](https://developer.arm.com/support/security-update)
143: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
144:
145: ## Notes
146:
147: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
148:
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb