File:  [NetBSD Developer Wiki] / wikisrc / security / meltdown_spectre.mdwn
Revision 1.38: download - view: text, annotated - select for diffs
Sat Dec 22 08:20:01 2018 UTC (21 months ago) by maxv
Branches: MAIN
CVS tags: HEAD
No fixes planned for NetBSD 7.

    1: [[!meta title="Meltdown and Spectre Status Page"]]
    2: 
    3: Status of the Fixes
    4: -------------------
    5: 
    6: NetBSD-7, and all the anterior releases, have no planned fixes.
    7: 
    8: ## Spectre Variant 1
    9: 
   10: [[!table data="""
   11: Port		|Vendor/Model	|Spectre (V1)	|NetBSD-8	|NetBSD-current
   12: amd64		|Intel		|Vulnerable	|Not fixed	|Not fixed
   13: amd64		|AMD		|Vulnerable	|Not fixed	|Not fixed
   14: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed
   15: i386		|AMD		|Vulnerable	|Not fixed	|Not fixed
   16: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed
   17: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed
   18: mips		|MIPS (others)	|Not vulnerable	|		|
   19: ia64		|Intel		|Not vulnerable	|		|
   20: riscv		|(spec)		|Not vulnerable	|		|
   21: arm		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed
   22: arm		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed
   23: arm		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed
   24: arm		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed
   25: arm		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed
   26: arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed
   27: arm		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed
   28: arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed
   29: arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed
   30: arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed
   31: arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed
   32: arm		|ARM (others)	|Not vulnerable	|		|
   33: """]]
   34: 
   35: ## Spectre Variant 2
   36: 
   37: [[!table data="""
   38: Port		|Vendor/Model	|Spectre (V2)	|NetBSD-8	|NetBSD-current
   39: amd64		|Intel		|Vulnerable	|Fixed [MitigD]	|Fixed [MitigB] [MitigD]
   40: amd64		|AMD		|Vulnerable	|Fixed [MitigC] [MitigD]	|Fixed [MitigC] [MitigD]
   41: i386		|Intel		|Vulnerable	|Fixed [MitigD]	|Fixed [MitigD]
   42: i386		|AMD		|Vulnerable	|Fixed [MitigC] [MitigD]	|Fixed [MitigC] [MitigD]
   43: mips		|MIPS P5600	|Vulnerable	|Not fixed	|Not fixed
   44: mips		|MIPS P6600	|Vulnerable	|Not fixed	|Not fixed
   45: mips		|MIPS (others)	|Not vulnerable	|		|
   46: ia64		|Intel		|Not vulnerable	|		|
   47: riscv		|(spec)		|Not vulnerable	|		|
   48: arm		|ARM Cortex-R7	|Vulnerable	|Not fixed	|Not fixed
   49: arm		|ARM Cortex-R8	|Vulnerable	|Not fixed	|Not fixed
   50: arm		|ARM Cortex-A8	|Vulnerable	|Not fixed	|Not fixed
   51: arm		|ARM Cortex-A9	|Vulnerable	|Not fixed	|Not fixed
   52: arm		|ARM Cortex-A12	|Vulnerable	|Not fixed	|Not fixed
   53: arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed
   54: arm		|ARM Cortex-A17	|Vulnerable	|Not fixed	|Not fixed
   55: arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed
   56: arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed
   57: arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed
   58: arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed
   59: arm		|ARM (others)	|Not vulnerable	|		|
   60: """]]
   61: 
   62: ## Meltdown
   63: 
   64: [[!table data="""
   65: Port		|Vendor/Model	|Meltdown (V3)	|NetBSD-8	|NetBSD-current
   66: amd64		|Intel		|Vulnerable	|Fixed [MitigA]	|Fixed [MitigA]
   67: amd64		|AMD		|Not vulnerable	|		|
   68: i386		|Intel		|Vulnerable	|Not fixed	|Not fixed
   69: i386		|AMD		|Not vulnerable	|		|
   70: mips		|(all)		|Not vulnerable	|		|
   71: ia64		|Intel		|Not vulnerable	|		|
   72: riscv		|(spec)		|Not vulnerable	|		|
   73: arm		|ARM Cortex-A15	|Vulnerable	|Not fixed	|Not fixed
   74: arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed
   75: arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed
   76: arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed
   77: arm		|ARM (others)	|Not vulnerable	|		|
   78: """]]
   79: 
   80: ## Spectre Variant 3a
   81: 
   82: This issue will be addressed in future microcode updates on x86. No
   83: software change is required.
   84: 
   85: ## Spectre Variant 4
   86: 
   87: [[!table data="""
   88: Port		|Vendor/Model	|Spectre (V4)	|NetBSD-8	|NetBSD-current
   89: amd64		|Intel		|Vulnerable	|Fixed [MitigE]	|Fixed [MitigE]
   90: amd64		|AMD		|Vulnerable	|Fixed [MitigF]	|Fixed [MitigF]
   91: i386		|Intel		|Vulnerable	|Fixed [MitigE]	|Fixed [MitigE]
   92: i386		|AMD		|Vulnerable	|Fixed [MitigF]	|Fixed [MitigF]
   93: arm		|ARM Cortex-A57	|Vulnerable	|Not fixed	|Not fixed
   94: arm		|ARM Cortex-A72	|Vulnerable	|Not fixed	|Not fixed
   95: arm		|ARM Cortex-A73	|Vulnerable	|Not fixed	|Not fixed
   96: arm		|ARM Cortex-A75	|Vulnerable	|Not fixed	|Not fixed
   97: arm		|ARM (others)	|Not vulnerable	|		|
   98: """]]
   99: 
  100: ## Mitigations
  101: 
  102: ### Mitigation A: SVS
  103: 
  104: Meltdown is mitigated with the SVS feature. It can be dynamically disabled
  105: by changing the "machdep.svs.enabled" sysctl.
  106: 
  107: ### Mitigations B, C, D
  108: 
  109: There is no unified mitigation for SpectreV2. Rather, a set of mitigations
  110: are available, in both hardware and software.
  111: 
  112: Three sysctls exist, under the machdep.spectre_v2 node:
  113: 
  114: [[!template id=programlisting text="""
  115: machdep.spectre_v2.hwmitigated = {0/1} user-settable
  116: machdep.spectre_v2.swmitigated = {0/1} set by the kernel
  117: machdep.spectre_v2.method = {string} constructed by the kernel
  118: """]]
  119: 
  120: Only "hwmitigated" can be set by the user. When set to one, the kernel will
  121: determine the best hardware mitigation available for the currently
  122: running CPU, and will apply it.
  123: 
  124: #### Mitigation B: Intel IBRS
  125: 
  126: Hardware mitigation, Intel only (for now). If the CPU supports this method,
  127: it is used automatically by the kernel. It can be dynamically
  128: enabled/disabled by changing the "hwmitigated" sysctl.
  129: 
  130: #### Mitigation C: AMD DIS_IND
  131: 
  132: Hardware mitigation, available only on a few AMD families. If the CPU
  133: supports this method, it is used automatically by the kernel. It can be
  134: dynamically enabled/disabled by changing the "hwmitigated" sysctl.
  135: 
  136: #### Mitigation D: GCC Retpoline
  137: 
  138: Software mitigation. It is enabled by default in GENERIC. When enabled,
  139: the "swmitigated" sysctl is set to one.
  140: 
  141: Note: there is no retpoline for the ASM parts, and no RSB-stuffing either
  142: for Skylake.
  143: 
  144: ### Mitigations E, F
  145: 
  146: There are two available mitigations for SpectreV4. Their availability
  147: depends on the CPU model and the microcode or BIOS revision.
  148: 
  149: [[!template id=programlisting text="""
  150: machdep.spectre_v4.mitigated = {0/1} user-settable
  151: machdep.spectre_v4.method = {string} constructed by the kernel
  152: """]]
  153: 
  154: Only "mitigated" can be set by the user. When set to one, the kernel will
  155: determine the best hardware mitigation available for the currently
  156: running CPU, and will apply it.
  157: 
  158: #### Mitigation E: Intel SSBD
  159: 
  160: Available only on Intel (for now). It can be dynamically enabled/disabled
  161: by changing the "mitigated" sysctl.
  162: 
  163: #### Mitigation F: AMD NONARCH
  164: 
  165: Available only on AMD families 15h, 16h and 17h. It can be dynamically
  166: enabled/disabled by changing the "mitigated" sysctl.
  167: 
  168: ## External Resources
  169: 
  170: * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)
  171: * [ARM Security Update](https://developer.arm.com/support/security-update)
  172: * [RISC-V](https://riscv.org/2018/01/more-secure-world-risc-v-isa/)
  173: 
  174: ## Notes
  175: 
  176: * VIA Technologies did not issue any statement regarding their CPUs. It is not currently known whether they are affected.
  177: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb