File:  [NetBSD Developer Wiki] / wikisrc / security / meltdown_spectre.mdwn
Revision 1.18: download - view: text, annotated - select for diffs
Fri Mar 16 10:08:00 2018 UTC (4 years, 3 months ago) by maxv
Branches: MAIN
CVS tags: HEAD
Remove the "NetBSD-6" column, and add a note to say that nothing will get
fixed in NetBSD-6.

So far there have been no fixes committed by anyone for the !x86 ports,
and realistically even if someone were to commit them right now they would
require testing and too much effort to be backported as far as NetBSD-6.

    1: [[!meta title="Meltdown and Spectre Status Page"]]
    2: 
    3: Status of the Fixes
    4: -------------------
    5: 
    6: NetBSD-6, and all the anterior releases, have no planned fixes.
    7: 
    8: ## Spectre Variant 1
    9: 
   10: [[!table data="""
   11: Port		|Vendor/Model	|Spectre (V1)	|NetBSD-7	|NetBSD-8	|NetBSD-current
   12: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   13: amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   14: amd64		|VIA		|Unknown	|		|		|
   15: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   16: i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   17: i386		|VIA		|Unknown	|		|		|
   18: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   19: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   20: mips		|Other Models	|Not vulnerable	|		|		|
   21: ia64		|Intel		|Not vulnerable	|		|		|
   22: riscv		|(Spec.)	|Not vulnerable	|		|		|
   23: """]]
   24: 
   25: ## Spectre Variant 2
   26: 
   27: [[!table data="""
   28: Port		|Vendor/Model	|Spectre (V2)	|NetBSD-7	|NetBSD-8	|NetBSD-current
   29: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   30: amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   31: amd64		|VIA		|Unknown	|		|		|
   32: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   33: i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   34: i386		|VIA		|Unknown	|		|		|
   35: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   36: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   37: mips		|Other Models	|Not vulnerable	|		|		|
   38: ia64		|Intel		|Not vulnerable	|		|		|
   39: riscv		|(Spec.)	|Not vulnerable	|		|		|
   40: """]]
   41: 
   42: ## Meltdown
   43: 
   44: [[!table data="""
   45: Port		|Vendor/Model	|Meltdown (V3)	|NetBSD-7	|NetBSD-8	|NetBSD-current
   46: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigA]
   47: amd64		|AMD		|Not vulnerable	|		|		|
   48: amd64		|VIA		|Unknown	|		|		|
   49: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   50: i386		|AMD		|Not vulnerable	|		|		|
   51: i386		|VIA		|Unknown	|		|		|
   52: mips		|MIPS P5600	|Not vulnerable	|		|		|
   53: mips		|MIPS P6600	|Not vulnerable	|		|		|
   54: mips		|Other Models	|Not vulnerable	|		|		|
   55: ia64		|Intel		|Not vulnerable	|		|		|
   56: riscv		|(Spec.)	|Not vulnerable	|		|		|
   57: """]]
   58: 
   59: ## Mitigations
   60: 
   61: ### Mitigation A: SVS
   62: 
   63: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
   64: by changing the "machdep.svs.enabled" sysctl.
   65: 
   66: ## External Resources
   67: 
   68: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
   69: * [ARM Security Update](https://developer.arm.com/support/security-update)
   70: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
   71: 
   72: ## Notes
   73: 
   74: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
   75: * For Spectre Variant 2, neither Intel, nor AMD, has issued a stable microcode update.
   76: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb