File:  [NetBSD Developer Wiki] / wikisrc / security / meltdown_spectre.mdwn
Revision 1.19: download - view: text, annotated - select for diffs
Wed Apr 4 13:05:14 2018 UTC (4 years, 1 month ago) by maxv
Branches: MAIN
CVS tags: HEAD
Mark SpectreV2 as fixed on current-amd64, and list the two mitigation
methods available.

    1: [[!meta title="Meltdown and Spectre Status Page"]]
    2: 
    3: Status of the Fixes
    4: -------------------
    5: 
    6: NetBSD-6, and all the anterior releases, have no planned fixes.
    7: 
    8: ## Spectre Variant 1
    9: 
   10: [[!table data="""
   11: Port		|Vendor/Model	|Spectre (V1)	|NetBSD-7	|NetBSD-8	|NetBSD-current
   12: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   13: amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   14: amd64		|VIA		|Unknown	|		|		|
   15: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   16: i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   17: i386		|VIA		|Unknown	|		|		|
   18: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   19: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   20: mips		|Other Models	|Not vulnerable	|		|		|
   21: ia64		|Intel		|Not vulnerable	|		|		|
   22: riscv		|(Spec.)	|Not vulnerable	|		|		|
   23: """]]
   24: 
   25: ## Spectre Variant 2
   26: 
   27: [[!table data="""
   28: Port		|Vendor/Model	|Spectre (V2)	|NetBSD-7	|NetBSD-8	|NetBSD-current
   29: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigB]
   30: amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC]
   31: amd64		|VIA		|Unknown	|		|		|
   32: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   33: i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   34: i386		|VIA		|Unknown	|		|		|
   35: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   36: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   37: mips		|Other Models	|Not vulnerable	|		|		|
   38: ia64		|Intel		|Not vulnerable	|		|		|
   39: riscv		|(Spec.)	|Not vulnerable	|		|		|
   40: """]]
   41: 
   42: ## Meltdown
   43: 
   44: [[!table data="""
   45: Port		|Vendor/Model	|Meltdown (V3)	|NetBSD-7	|NetBSD-8	|NetBSD-current
   46: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigA]
   47: amd64		|AMD		|Not vulnerable	|		|		|
   48: amd64		|VIA		|Unknown	|		|		|
   49: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   50: i386		|AMD		|Not vulnerable	|		|		|
   51: i386		|VIA		|Unknown	|		|		|
   52: mips		|MIPS P5600	|Not vulnerable	|		|		|
   53: mips		|MIPS P6600	|Not vulnerable	|		|		|
   54: mips		|Other Models	|Not vulnerable	|		|		|
   55: ia64		|Intel		|Not vulnerable	|		|		|
   56: riscv		|(Spec.)	|Not vulnerable	|		|		|
   57: """]]
   58: 
   59: ## Mitigations
   60: 
   61: ### Mitigation A: SVS
   62: 
   63: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
   64: by changing the "machdep.svs.enabled" sysctl.
   65: 
   66: ### Mitigation B: Intel IBRS
   67: 
   68: SpectreV2 can be mitigated with the IBRS method (Intel only for now). If
   69: the CPU supports this method, it is used automatically. It can be
   70: dynamically disabled by changing the "machdep.spectre_v2.mitigated"
   71: sysctl.
   72: 
   73: ### Mitigation C: AMD DIS_IND
   74: 
   75: SpectreV2 can be mitigated with the DIS_IND method, available only on a
   76: few AMD families. If the CPU supports this method, it is used
   77: automatically. It can be dynamically disabled by changing the
   78: "machdep.spectre_v2.mitigated" sysctl.
   79: 
   80: ## External Resources
   81: 
   82: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
   83: * [ARM Security Update](https://developer.arm.com/support/security-update)
   84: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
   85: 
   86: ## Notes
   87: 
   88: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
   89: * For Spectre Variant 2, neither Intel, nor AMD, has issued a stable microcode update.
   90: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb