[[!meta title="Meltdown and Spectre Status Page"]]
Status of the Fixes
-------------------
NetBSD-7, and all the anterior releases, have no planned fixes.
## Spectre Variant 1
[[!table data="""
Port |Vendor/Model |Spectre (V1) |NetBSD-8 |NetBSD-current
amd64 |Intel |Vulnerable |Not fixed |Not fixed
amd64 |AMD |Vulnerable |Not fixed |Not fixed
i386 |Intel |Vulnerable |Not fixed |Not fixed
i386 |AMD |Vulnerable |Not fixed |Not fixed
mips |MIPS P5600 |Vulnerable |Not fixed |Not fixed
mips |MIPS P6600 |Vulnerable |Not fixed |Not fixed
mips |MIPS (others) |Not vulnerable | |
ia64 |Intel |Not vulnerable | |
riscv |(spec) |Not vulnerable | |
arm |ARM Cortex-R7 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-R8 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A8 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A9 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A12 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A15 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A17 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A73 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed
arm |ARM (others) |Not vulnerable | |
"""]]
## Spectre Variant 2
[[!table data="""
Port |Vendor/Model |Spectre (V2) |NetBSD-8 |NetBSD-current
amd64 |Intel |Vulnerable |Fixed [MitigD] |Fixed [MitigB] [MitigD]
amd64 |AMD |Vulnerable |Fixed [MitigC] [MitigD] |Fixed [MitigC] [MitigD]
i386 |Intel |Vulnerable |Fixed [MitigD] |Fixed [MitigD]
i386 |AMD |Vulnerable |Fixed [MitigC] [MitigD] |Fixed [MitigC] [MitigD]
mips |MIPS P5600 |Vulnerable |Not fixed |Not fixed
mips |MIPS P6600 |Vulnerable |Not fixed |Not fixed
mips |MIPS (others) |Not vulnerable | |
ia64 |Intel |Not vulnerable | |
riscv |(spec) |Not vulnerable | |
arm |ARM Cortex-R7 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-R8 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A8 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A9 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A12 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A15 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A17 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A73 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed
arm |ARM (others) |Not vulnerable | |
"""]]
## Meltdown
[[!table data="""
Port |Vendor/Model |Meltdown (V3) |NetBSD-8 |NetBSD-current
amd64 |Intel |Vulnerable |Fixed [MitigA] |Fixed [MitigA]
amd64 |AMD |Not vulnerable | |
i386 |Intel |Vulnerable |Not fixed |Not fixed
i386 |AMD |Not vulnerable | |
mips |(all) |Not vulnerable | |
ia64 |Intel |Not vulnerable | |
riscv |(spec) |Not vulnerable | |
arm |ARM Cortex-A15 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed
arm |ARM (others) |Not vulnerable | |
"""]]
## Spectre Variant 3a
This issue will be addressed in future microcode updates on x86. No
software change is required.
## Spectre Variant 4
[[!table data="""
Port |Vendor/Model |Spectre (V4) |NetBSD-8 |NetBSD-current
amd64 |Intel |Vulnerable |Fixed [MitigE] |Fixed [MitigE]
amd64 |AMD |Vulnerable |Fixed [MitigF] |Fixed [MitigF]
i386 |Intel |Vulnerable |Fixed [MitigE] |Fixed [MitigE]
i386 |AMD |Vulnerable |Fixed [MitigF] |Fixed [MitigF]
arm |ARM Cortex-A57 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A72 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A73 |Vulnerable |Not fixed |Not fixed
arm |ARM Cortex-A75 |Vulnerable |Not fixed |Not fixed
arm |ARM (others) |Not vulnerable | |
"""]]
## Mitigations
### Mitigation A: SVS
Meltdown is mitigated with the SVS feature. It can be dynamically disabled
by changing the "machdep.svs.enabled" sysctl.
### Mitigations B, C, D
There is no unified mitigation for SpectreV2. Rather, a set of mitigations
are available, in both hardware and software.
Three sysctls exist, under the machdep.spectre_v2 node:
[[!template id=programlisting text="""
machdep.spectre_v2.hwmitigated = {0/1} user-settable
machdep.spectre_v2.swmitigated = {0/1} set by the kernel
machdep.spectre_v2.method = {string} constructed by the kernel
"""]]
Only "hwmitigated" can be set by the user. When set to one, the kernel will
determine the best hardware mitigation available for the currently
running CPU, and will apply it.
#### Mitigation B: Intel IBRS
Hardware mitigation, Intel only (for now). If the CPU supports this method,
it is used automatically by the kernel. It can be dynamically
enabled/disabled by changing the "hwmitigated" sysctl.
#### Mitigation C: AMD DIS_IND
Hardware mitigation, available only on a few AMD families. If the CPU
supports this method, it is used automatically by the kernel. It can be
dynamically enabled/disabled by changing the "hwmitigated" sysctl.
#### Mitigation D: GCC Retpoline
Software mitigation. It is enabled by default in GENERIC. When enabled,
the "swmitigated" sysctl is set to one.
Note: there is no retpoline for the ASM parts, and no RSB-stuffing either
for Skylake.
### Mitigations E, F
There are two available mitigations for SpectreV4. Their availability
depends on the CPU model and the microcode or BIOS revision.
[[!template id=programlisting text="""
machdep.spectre_v4.mitigated = {0/1} user-settable
machdep.spectre_v4.method = {string} constructed by the kernel
"""]]
Only "mitigated" can be set by the user. When set to one, the kernel will
determine the best hardware mitigation available for the currently
running CPU, and will apply it.
#### Mitigation E: Intel SSBD
Available only on Intel (for now). It can be dynamically enabled/disabled
by changing the "mitigated" sysctl.
#### Mitigation F: AMD NONARCH
Available only on AMD families 15h, 16h and 17h. It can be dynamically
enabled/disabled by changing the "mitigated" sysctl.
## External Resources
* [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
* [ARM Security Update](https://developer.arm.com/support/security-update)
* [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
## Notes
* VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb