[[!meta title="Meltdown and Spectre Status Page"]]

Status of the Fixes
-------------------

NetBSD-6, and all the anterior releases, have no planned fixes.

## Spectre Variant 1

[[!table data="""
Port		|Vendor/Model	|Spectre (V1)	|NetBSD-7	|NetBSD-8	|NetBSD-current
amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
amd64		|VIA		|Unknown	|		|		|
i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
i386		|VIA		|Unknown	|		|		|
mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
mips		|Other Models	|Not vulnerable	|		|		|
ia64		|Intel		|Not vulnerable	|		|		|
riscv		|(Spec.)	|Not vulnerable	|		|		|
"""]]

## Spectre Variant 2

[[!table data="""
Port		|Vendor/Model	|Spectre (V2)	|NetBSD-7	|NetBSD-8	|NetBSD-current
amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigB] [MitigD]
amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC] [MitigD]
amd64		|VIA		|Unknown	|		|		|
i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigD]
i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigC]
i386		|VIA		|Unknown	|		|		|
mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
mips		|Other Models	|Not vulnerable	|		|		|
ia64		|Intel		|Not vulnerable	|		|		|
riscv		|(Spec.)	|Not vulnerable	|		|		|
"""]]

## Meltdown

[[!table data="""
Port		|Vendor/Model	|Meltdown (V3)	|NetBSD-7	|NetBSD-8	|NetBSD-current
amd64		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigA]	|Fixed [MitigA]
amd64		|AMD		|Not vulnerable	|		|		|
amd64		|VIA		|Unknown	|		|		|
i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
i386		|AMD		|Not vulnerable	|		|		|
i386		|VIA		|Unknown	|		|		|
mips		|MIPS P5600	|Not vulnerable	|		|		|
mips		|MIPS P6600	|Not vulnerable	|		|		|
mips		|Other Models	|Not vulnerable	|		|		|
ia64		|Intel		|Not vulnerable	|		|		|
riscv		|(Spec.)	|Not vulnerable	|		|		|
"""]]

## Mitigations

### Mitigation A: SVS

Meltdown is mitigated with the SVS feature. It can be dynamically disabled
by changing the "machdep.svs.enabled" sysctl.

### Mitigation B: Intel IBRS

SpectreV2 can be mitigated with the IBRS method (Intel only for now). If
the CPU supports this method, it is used automatically. It can be
dynamically disabled by changing the "machdep.spectre_v2.mitigated"
sysctl.

### Mitigation C: AMD DIS_IND

SpectreV2 can be mitigated with the DIS_IND method, available only on a
few AMD families. If the CPU supports this method, it is used
automatically. It can be dynamically disabled by changing the
"machdep.spectre_v2.mitigated" sysctl.

### Mitigation D: Retpoline

SpectreV2 is mitigated in the kernel with the GCC "retpoline" compilation
flag, which is enabled by default in GENERIC.

## External Resources

* [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
* [ARM Security Update](https://developer.arm.com/support/security-update)
* [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)

## Notes

* VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.