File:  [NetBSD Developer Wiki] / wikisrc / security / meltdown_spectre.mdwn
Revision 1.38: download - view: text, annotated - select for diffs
Sat Dec 22 08:20:01 2018 UTC (2 years ago) by maxv
Branches: MAIN
CVS tags: HEAD
No fixes planned for NetBSD 7.

[[!meta title="Meltdown and Spectre Status Page"]]

Status of the Fixes
-------------------

NetBSD-7, and all the anterior releases, have no planned fixes.

## Spectre Variant 1

[[!table data="""
Port		|Vendor/Model	|Spectre (V1)	|NetBSD-8	|NetBSD-current
amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed
amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed
i386		|Intel		|Vulnerable	|Not fixed	|Not fixed
i386		|AMD		|Vulnerable	|Not fixed	|Not fixed
mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed
mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed
mips		|MIPS (others)	|Not vulnerable	|		|
ia64		|Intel		|Not vulnerable	|		|
riscv		|(spec)		|Not vulnerable	|		|
arm		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM (others)	|Not vulnerable	|		|
"""]]

## Spectre Variant 2

[[!table data="""
Port		|Vendor/Model	|Spectre (V2)	|NetBSD-8	|NetBSD-current
amd64		|Intel		|Vulnerable	|Fixed [MitigD]	|Fixed [MitigB] [MitigD]
amd64		|AMD		|Vulnerable	|Fixed [MitigC] [MitigD]	|Fixed [MitigC] [MitigD]
i386		|Intel		|Vulnerable	|Fixed [MitigD]	|Fixed [MitigD]
i386		|AMD		|Vulnerable	|Fixed [MitigC] [MitigD]	|Fixed [MitigC] [MitigD]
mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed
mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed
mips		|MIPS (others)	|Not vulnerable	|		|
ia64		|Intel		|Not vulnerable	|		|
riscv		|(spec)		|Not vulnerable	|		|
arm		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM (others)	|Not vulnerable	|		|
"""]]

## Meltdown

[[!table data="""
Port		|Vendor/Model	|Meltdown (V3)	|NetBSD-8	|NetBSD-current
amd64		|Intel		|Vulnerable	|Fixed [MitigA]	|Fixed [MitigA]
amd64		|AMD		|Not vulnerable	|		|
i386		|Intel		|Vulnerable	|Not fixed	|Not fixed
i386		|AMD		|Not vulnerable	|		|
mips		|(all)		|Not vulnerable	|		|
ia64		|Intel		|Not vulnerable	|		|
riscv		|(spec)		|Not vulnerable	|		|
arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM (others)	|Not vulnerable	|		|
"""]]

## Spectre Variant 3a

This issue will be addressed in future microcode updates on x86. No
software change is required.

## Spectre Variant 4

[[!table data="""
Port		|Vendor/Model	|Spectre (V4)	|NetBSD-8	|NetBSD-current
amd64		|Intel		|Vulnerable	|Fixed [MitigE]	|Fixed [MitigE]
amd64		|AMD		|Vulnerable	|Fixed [MitigF]	|Fixed [MitigF]
i386		|Intel		|Vulnerable	|Fixed [MitigE]	|Fixed [MitigE]
i386		|AMD		|Vulnerable	|Fixed [MitigF]	|Fixed [MitigF]
arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed
arm		|ARM (others)	|Not vulnerable	|		|
"""]]

## Mitigations

### Mitigation A: SVS

Meltdown is mitigated with the SVS feature. It can be dynamically disabled
by changing the "machdep.svs.enabled" sysctl.

### Mitigations B, C, D

There is no unified mitigation for SpectreV2. Rather, a set of mitigations
are available, in both hardware and software.

Three sysctls exist, under the machdep.spectre_v2 node:

[[!template id=programlisting text="""
machdep.spectre_v2.hwmitigated = {0/1} user-settable
machdep.spectre_v2.swmitigated = {0/1} set by the kernel
machdep.spectre_v2.method = {string} constructed by the kernel
"""]]

Only "hwmitigated" can be set by the user. When set to one, the kernel will
determine the best hardware mitigation available for the currently
running CPU, and will apply it.

#### Mitigation B: Intel IBRS

Hardware mitigation, Intel only (for now). If the CPU supports this method,
it is used automatically by the kernel. It can be dynamically
enabled/disabled by changing the "hwmitigated" sysctl.

#### Mitigation C: AMD DIS_IND

Hardware mitigation, available only on a few AMD families. If the CPU
supports this method, it is used automatically by the kernel. It can be
dynamically enabled/disabled by changing the "hwmitigated" sysctl.

#### Mitigation D: GCC Retpoline

Software mitigation. It is enabled by default in GENERIC. When enabled,
the "swmitigated" sysctl is set to one.

Note: there is no retpoline for the ASM parts, and no RSB-stuffing either
for Skylake.

### Mitigations E, F

There are two available mitigations for SpectreV4. Their availability
depends on the CPU model and the microcode or BIOS revision.

[[!template id=programlisting text="""
machdep.spectre_v4.mitigated = {0/1} user-settable
machdep.spectre_v4.method = {string} constructed by the kernel
"""]]

Only "mitigated" can be set by the user. When set to one, the kernel will
determine the best hardware mitigation available for the currently
running CPU, and will apply it.

#### Mitigation E: Intel SSBD

Available only on Intel (for now). It can be dynamically enabled/disabled
by changing the "mitigated" sysctl.

#### Mitigation F: AMD NONARCH

Available only on AMD families 15h, 16h and 17h. It can be dynamically
enabled/disabled by changing the "mitigated" sysctl.

## External Resources

* [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
* [ARM Security Update](https://developer.arm.com/support/security-update)
* [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)

## Notes

* VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb