File:  [NetBSD Developer Wiki] / wikisrc / security / meltdown_spectre.mdwn
Revision 1.17: download - view: text, annotated - select for diffs
Wed Mar 14 16:39:38 2018 UTC (4 years, 3 months ago) by maxv
Branches: MAIN
CVS tags: HEAD
Switch NetBSD-6 to "No fix planned" on x86. NetBSD-6 will reach EOL soon,
and given the effort required to backport fixes for spectre (whether it
is retpoline that needs GCC backports, or microcodes that need
hotpatching), it's just never going to be done.

    1: [[!meta title="Meltdown and Spectre Status Page"]]
    2: 
    3: Status of the Fixes
    4: -------------------
    5: 
    6: ## Spectre Variant 1
    7: 
    8: [[!table data="""
    9: Port		|Vendor/Model	|Spectre (V1)	|NetBSD-6	|NetBSD-7	|NetBSD-8	|NetBSD-current
   10: amd64		|Intel		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Not fixed
   11: amd64		|AMD		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Not fixed
   12: amd64		|VIA		|Unknown	|		|		|		|
   13: i386		|Intel		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Not fixed
   14: i386		|AMD		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Not fixed
   15: i386		|VIA		|Unknown	|		|		|		|
   16: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   17: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   18: mips		|Other Models	|Not vulnerable	|		|		|		|
   19: ia64		|Intel		|Not vulnerable	|		|		|		|
   20: riscv		|(Spec.)	|Not vulnerable	|		|		|		|
   21: """]]
   22: 
   23: ## Spectre Variant 2
   24: 
   25: [[!table data="""
   26: Port		|Vendor/Model	|Spectre (V2)	|NetBSD-6	|NetBSD-7	|NetBSD-8	|NetBSD-current
   27: amd64		|Intel		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Not fixed
   28: amd64		|AMD		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Not fixed
   29: amd64		|VIA		|Unknown	|		|		|		|
   30: i386		|Intel		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Not fixed
   31: i386		|AMD		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Not fixed
   32: i386		|VIA		|Unknown	|		|		|		|
   33: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   34: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed	|Not fixed
   35: mips		|Other Models	|Not vulnerable	|		|		|		|
   36: ia64		|Intel		|Not vulnerable	|		|		|		|
   37: riscv		|(Spec.)	|Not vulnerable	|		|		|		|
   38: """]]
   39: 
   40: ## Meltdown
   41: 
   42: [[!table data="""
   43: Port		|Vendor/Model	|Meltdown (V3)	|NetBSD-6	|NetBSD-7	|NetBSD-8	|NetBSD-current
   44: amd64		|Intel		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Fixed [MitigA]
   45: amd64		|AMD		|Not vulnerable	|		|		|		|
   46: amd64		|VIA		|Unknown	|		|		|		|
   47: i386		|Intel		|Vulnerable	|No fix planned	|Not fixed	|Not fixed	|Not fixed
   48: i386		|AMD		|Not vulnerable	|		|		|		|
   49: i386		|VIA		|Unknown	|		|		|		|
   50: mips		|MIPS P5600	|Not vulnerable	|		|		|		|
   51: mips		|MIPS P6600	|Not vulnerable	|		|		|		|
   52: mips		|Other Models	|Not vulnerable	|		|		|		|
   53: ia64		|Intel		|Not vulnerable	|		|		|		|
   54: riscv		|(Spec.)	|Not vulnerable	|		|		|		|
   55: """]]
   56: 
   57: ## Mitigations
   58: 
   59: ### Mitigation A: SVS
   60: 
   61: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
   62: by changing the "machdep.svs.enabled" sysctl.
   63: 
   64: ## External Resources
   65: 
   66: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
   67: * [ARM Security Update](https://developer.arm.com/support/security-update)
   68: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
   69: 
   70: ## Notes
   71: 
   72: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
   73: * For Spectre Variant 2, neither Intel, nor AMD, has issued a stable microcode update.
   74: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb