File:  [NetBSD Developer Wiki] / wikisrc / security / meltdown_spectre.mdwn
Revision 1.16: download - view: text, annotated - select for diffs
Wed Mar 14 16:31:47 2018 UTC (4 years, 3 months ago) by maxv
Branches: MAIN
CVS tags: HEAD
Add a "Mitigations" section.

    1: [[!meta title="Meltdown and Spectre Status Page"]]
    2: 
    3: Status of the Fixes
    4: -------------------
    5: 
    6: ## Spectre Variant 1
    7: 
    8: [[!table data="""
    9: Port		|Vendor/Model	|Spectre (V1)	|NetBSD-6	|NetBSD-7	|NetBSD-8	|NetBSD-current
   10: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   11: amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   12: amd64		|VIA		|Unknown	|		|		|		|
   13: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   14: i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   15: i386		|VIA		|Unknown	|		|		|		|
   16: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   17: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   18: mips		|Other Models	|Not vulnerable	|		|		|		|
   19: ia64		|Intel		|Not vulnerable	|		|		|		|
   20: riscv		|(Spec.)	|Not vulnerable	|		|		|		|
   21: """]]
   22: 
   23: ## Spectre Variant 2
   24: 
   25: [[!table data="""
   26: Port		|Vendor/Model	|Spectre (V2)	|NetBSD-6	|NetBSD-7	|NetBSD-8	|NetBSD-current
   27: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   28: amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   29: amd64		|VIA		|Unknown	|		|		|		|
   30: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   31: i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   32: i386		|VIA		|Unknown	|		|		|		|
   33: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   34: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   35: mips		|Other Models	|Not vulnerable	|		|		|		|
   36: ia64		|Intel		|Not vulnerable	|		|		|		|
   37: riscv		|(Spec.)	|Not vulnerable	|		|		|		|
   38: """]]
   39: 
   40: ## Meltdown
   41: 
   42: [[!table data="""
   43: Port		|Vendor/Model	|Meltdown (V3)	|NetBSD-6	|NetBSD-7	|NetBSD-8	|NetBSD-current
   44: amd64		|Intel		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Fixed [MitigA]
   45: amd64		|AMD		|Not vulnerable	|		|		|		|
   46: amd64		|VIA		|Unknown	|		|		|		|
   47: i386		|Intel		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Not fixed
   48: i386		|AMD		|Not vulnerable	|		|		|		|
   49: i386		|VIA		|Unknown	|		|		|		|
   50: mips		|MIPS P5600	|Not vulnerable	|		|		|		|
   51: mips		|MIPS P6600	|Not vulnerable	|		|		|		|
   52: mips		|Other Models	|Not vulnerable	|		|		|		|
   53: ia64		|Intel		|Not vulnerable	|		|		|		|
   54: riscv		|(Spec.)	|Not vulnerable	|		|		|		|
   55: """]]
   56: 
   57: ## Mitigations
   58: 
   59: ### Mitigation A: SVS
   60: 
   61: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
   62: by changing the "machdep.svs.enabled" sysctl.
   63: 
   64: ## External Resources
   65: 
   66: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
   67: * [ARM Security Update](https://developer.arm.com/support/security-update)
   68: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
   69: 
   70: ## Notes
   71: 
   72: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
   73: * For Spectre Variant 2, neither Intel, nor AMD, has issued a stable microcode update.
   74: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb