File:  [NetBSD Developer Wiki] / wikisrc / security / meltdown_spectre.mdwn
Revision 1.34: download - view: text, annotated - select for diffs
Tue May 22 10:55:21 2018 UTC (4 years, 1 month ago) by maxv
Branches: MAIN
CVS tags: HEAD
Put the port names for arm and mips. No one has tried to determine which
cpu model is associated with which port name on NetBSD, so just put
"arm"/"mips".

Reduce the size of the tabs. The unaffected CPUs fall in the "others"
category.

Add ARM for SpectreV4, four models are affected.

    1: [[!meta title="Meltdown and Spectre Status Page"]]
    2: 
    3: Status of the Fixes
    4: -------------------
    5: 
    6: NetBSD-6, and all the anterior releases, have no planned fixes.
    7: 
    8: ## Spectre Variant 1
    9: 
   10: [[!table data="""
   11: Port		|Vendor/Model	|Spectre (V1)	|NetBSD-7	|NetBSD-8	|NetBSD-current
   12: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   13: amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   14: amd64		|VIA		|Unknown	|		|		|
   15: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   16: i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   17: i386		|VIA		|Unknown	|		|		|
   18: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   19: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   20: mips		|MIPS (others)	|Not vulnerable	|		|		|
   21: ia64		|Intel		|Not vulnerable	|		|		|
   22: riscv		|(spec)		|Not vulnerable	|		|		|
   23: arm		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   24: arm		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   25: arm		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   26: arm		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   27: arm		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   28: arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   29: arm		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   30: arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   31: arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   32: arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   33: arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   34: arm		|ARM (others)	|Not vulnerable	|		|		|
   35: """]]
   36: 
   37: ## Spectre Variant 2
   38: 
   39: [[!table data="""
   40: Port		|Vendor/Model	|Spectre (V2)	|NetBSD-7	|NetBSD-8	|NetBSD-current
   41: amd64		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigB] [MitigD]
   42: amd64		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigC] [MitigD]
   43: amd64		|VIA		|Unknown	|		|		|
   44: i386		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigD]
   45: i386		|AMD		|Vulnerable	|Not fixed	|Fixed [MitigD]	|Fixed [MitigC] [MitigD]
   46: i386		|VIA		|Unknown	|		|		|
   47: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   48: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   49: mips		|MIPS (others)	|Not vulnerable	|		|		|
   50: ia64		|Intel		|Not vulnerable	|		|		|
   51: riscv		|(spec)		|Not vulnerable	|		|		|
   52: arm		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   53: arm		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   54: arm		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   55: arm		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   56: arm		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   57: arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   58: arm		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   59: arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   60: arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   61: arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   62: arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   63: arm		|ARM (others)	|Not vulnerable	|		|		|
   64: """]]
   65: 
   66: ## Meltdown
   67: 
   68: [[!table data="""
   69: Port		|Vendor/Model	|Meltdown (V3)	|NetBSD-7	|NetBSD-8	|NetBSD-current
   70: amd64		|Intel		|Vulnerable	|Not fixed	|Fixed [MitigA]	|Fixed [MitigA]
   71: amd64		|AMD		|Not vulnerable	|		|		|
   72: amd64		|VIA		|Unknown	|		|		|
   73: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   74: i386		|AMD		|Not vulnerable	|		|		|
   75: i386		|VIA		|Unknown	|		|		|
   76: mips		|(all)		|Not vulnerable	|		|		|
   77: ia64		|Intel		|Not vulnerable	|		|		|
   78: riscv		|(spec)		|Not vulnerable	|		|		|
   79: arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   80: arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   81: arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   82: arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
   83: arm		|ARM (others)	|Not vulnerable	|		|		|
   84: """]]
   85: 
   86: ## Spectre Variant 3a
   87: 
   88: This issue will be addressed in future microcode updates on x86. No
   89: software change is required.
   90: 
   91: ## Spectre Variant 4
   92: 
   93: [[!table data="""
   94: Port		|Vendor/Model	|Spectre (V4)	|NetBSD-7	|NetBSD-8	|NetBSD-current
   95: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
   96: amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigF]
   97: amd64		|VIA		|Unknown	|		|		|
   98: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigE]
   99: i386		|AMD		|Vulnerable	|Not fixed	|Not fixed	|Fixed [MitigF]
  100: i386		|VIA		|Unknown	|		|		|
  101: arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
  102: arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
  103: arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
  104: arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed	|Not fixed
  105: arm		|ARM (others)	|Not vulnerable	|		|		|
  106: """]]
  107: 
  108: ## Mitigations
  109: 
  110: ### Mitigation A: SVS
  111: 
  112: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
  113: by changing the "machdep.svs.enabled" sysctl.
  114: 
  115: ### Mitigations B, C, D
  116: 
  117: There is no unified mitigation for SpectreV2. Rather, a set of mitigations
  118: are available, in both hardware and software.
  119: 
  120: Three sysctls exist, under the machdep.spectre_v2 node:
  121: 
  122: [[!template id=programlisting text="""
  123: machdep.spectre_v2.hwmitigated = {0/1} user-settable
  124: machdep.spectre_v2.swmitigated = {0/1} set by the kernel
  125: machdep.spectre_v2.method = {string} constructed by the kernel
  126: """]]
  127: 
  128: Only "hwmitigated" can be set by the user. When set to one, the kernel will
  129: determine the best hardware mitigation available for the currently
  130: running CPU, and will apply it.
  131: 
  132: #### Mitigation B: Intel IBRS
  133: 
  134: Hardware mitigation, Intel only (for now). If the CPU supports this method,
  135: it is used automatically by the kernel. It can be dynamically
  136: enabled/disabled by changing the "hwmitigated" sysctl.
  137: 
  138: #### Mitigation C: AMD DIS_IND
  139: 
  140: Hardware mitigation, available only on a few AMD families. If the CPU
  141: supports this method, it is used automatically by the kernel. It can be
  142: dynamically enabled/disabled by changing the "hwmitigated" sysctl.
  143: 
  144: #### Mitigation D: GCC Retpoline
  145: 
  146: Software mitigation. It is enabled by default in GENERIC. When enabled,
  147: the "swmitigated" sysctl is set to one.
  148: 
  149: ### Mitigations E, F
  150: 
  151: There are two available mitigations for SpectreV4. Their availability
  152: depends on the CPU model and the microcode or BIOS revision.
  153: 
  154: [[!template id=programlisting text="""
  155: machdep.spectre_v4.mitigated = {0/1} user-settable
  156: machdep.spectre_v4.method = {string} constructed by the kernel
  157: """]]
  158: 
  159: Only "mitigated" can be set by the user. When set to one, the kernel will
  160: determine the best hardware mitigation available for the currently
  161: running CPU, and will apply it.
  162: 
  163: #### Mitigation E: Intel SSBD
  164: 
  165: Available only on Intel (for now). It can be dynamically enabled/disabled
  166: by changing the "mitigated" sysctl.
  167: 
  168: #### Mitigation F: AMD NONARCH
  169: 
  170: Available only on AMD families 15h and 16h. It can be dynamically
  171: enabled/disabled by changing the "mitigated" sysctl.
  172: 
  173: ## External Resources
  174: 
  175: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
  176: * [ARM Security Update](https://developer.arm.com/support/security-update)
  177: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
  178: 
  179: ## Notes
  180: 
  181: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
  182: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb