THIS PAGE NEEDS AN UPDATE BECAUSE netbsd-9 and netbsd-10 aren't catalogued and more recent Spectre-class vulnerabilities are probably missing

Status of the Fixes

NetBSD-7, and all the anterior releases, have no planned fixes.

Spectre Variant 1

Port Vendor/Model Spectre (V1) NetBSD-8 NetBSD-current
amd64 Intel Vulnerable Not fixed Not fixed
amd64 AMD Vulnerable Not fixed Not fixed
i386 Intel Vulnerable Not fixed Not fixed
i386 AMD Vulnerable Not fixed Not fixed
mips MIPS P5600 Vulnerable Not fixed Not fixed
mips MIPS P6600 Vulnerable Not fixed Not fixed
mips MIPS (others) Not vulnerable
ia64 Intel Not vulnerable
riscv (spec) Not vulnerable
arm ARM Cortex-R7 Vulnerable Not fixed Not fixed
arm ARM Cortex-R8 Vulnerable Not fixed Not fixed
arm ARM Cortex-A8 Vulnerable Not fixed Not fixed
arm ARM Cortex-A9 Vulnerable Not fixed Not fixed
arm ARM Cortex-A12 Vulnerable Not fixed Not fixed
arm ARM Cortex-A15 Vulnerable Not fixed Not fixed
arm ARM Cortex-A17 Vulnerable Not fixed Not fixed
arm ARM Cortex-A57 Vulnerable Not fixed Not fixed
arm ARM Cortex-A72 Vulnerable Not fixed Not fixed
arm ARM Cortex-A73 Vulnerable Not fixed Not fixed
arm ARM Cortex-A75 Vulnerable Not fixed Not fixed
arm ARM (others) Not vulnerable

Spectre Variant 2

Port Vendor/Model Spectre (V2) NetBSD-8 NetBSD-current
amd64 Intel Vulnerable Fixed [MitigD] Fixed [MitigB] [MitigD]
amd64 AMD Vulnerable Fixed [MitigC] [MitigD] Fixed [MitigC] [MitigD]
i386 Intel Vulnerable Fixed [MitigD] Fixed [MitigD]
i386 AMD Vulnerable Fixed [MitigC] [MitigD] Fixed [MitigC] [MitigD]
mips MIPS P5600 Vulnerable Not fixed Not fixed
mips MIPS P6600 Vulnerable Not fixed Not fixed
mips MIPS (others) Not vulnerable
ia64 Intel Not vulnerable
riscv (spec) Not vulnerable
arm ARM Cortex-R7 Vulnerable Not fixed Not fixed
arm ARM Cortex-R8 Vulnerable Not fixed Not fixed
arm ARM Cortex-A8 Vulnerable Not fixed Not fixed
arm ARM Cortex-A9 Vulnerable Not fixed Not fixed
arm ARM Cortex-A12 Vulnerable Not fixed Not fixed
arm ARM Cortex-A15 Vulnerable Not fixed Not fixed
arm ARM Cortex-A17 Vulnerable Not fixed Not fixed
arm ARM Cortex-A57 Vulnerable Not fixed Not fixed
arm ARM Cortex-A72 Vulnerable Not fixed Not fixed
arm ARM Cortex-A73 Vulnerable Not fixed Not fixed
arm ARM Cortex-A75 Vulnerable Not fixed Not fixed
arm ARM (others) Not vulnerable

Meltdown

Port Vendor/Model Meltdown (V3) NetBSD-8 NetBSD-current
amd64 Intel Vulnerable Fixed [MitigA] Fixed [MitigA]
amd64 AMD Not vulnerable
i386 Intel Vulnerable Not fixed Not fixed
i386 AMD Not vulnerable
mips (all) Not vulnerable
ia64 Intel Not vulnerable
riscv (spec) Not vulnerable
arm ARM Cortex-A15 Vulnerable Not fixed Not fixed
arm ARM Cortex-A57 Vulnerable Not fixed Not fixed
arm ARM Cortex-A72 Vulnerable Not fixed Not fixed
arm ARM Cortex-A75 Vulnerable Not fixed Not fixed
arm ARM (others) Not vulnerable

Spectre Variant 3a

This issue will be addressed in future microcode updates on x86. No software change is required.

Spectre Variant 4

Port Vendor/Model Spectre (V4) NetBSD-8 NetBSD-current
amd64 Intel Vulnerable Fixed [MitigE] Fixed [MitigE]
amd64 AMD Vulnerable Fixed [MitigF] Fixed [MitigF]
i386 Intel Vulnerable Fixed [MitigE] Fixed [MitigE]
i386 AMD Vulnerable Fixed [MitigF] Fixed [MitigF]
arm ARM Cortex-A57 Vulnerable Not fixed Not fixed
arm ARM Cortex-A72 Vulnerable Not fixed Not fixed
arm ARM Cortex-A73 Vulnerable Not fixed Not fixed
arm ARM Cortex-A75 Vulnerable Not fixed Not fixed
arm ARM (others) Not vulnerable

Mitigations

Mitigation A: SVS

Meltdown is mitigated with the SVS feature. It can be dynamically disabled by changing the "machdep.svs.enabled" sysctl.

Mitigations B, C, D

There is no unified mitigation for SpectreV2. Rather, a set of mitigations are available, in both hardware and software.

Three sysctls exist, under the machdep.spectre_v2 node:

machdep.spectre_v2.hwmitigated = {0/1} user-settable
machdep.spectre_v2.swmitigated = {0/1} set by the kernel
machdep.spectre_v2.method = {string} constructed by the kernel

Only "hwmitigated" can be set by the user. When set to one, the kernel will determine the best hardware mitigation available for the currently running CPU, and will apply it.

Mitigation B: Intel IBRS

Hardware mitigation, Intel only (for now). If the CPU supports this method, it is used automatically by the kernel. It can be dynamically enabled/disabled by changing the "hwmitigated" sysctl.

Mitigation C: AMD DIS_IND

Hardware mitigation, available only on a few AMD families. If the CPU supports this method, it is used automatically by the kernel. It can be dynamically enabled/disabled by changing the "hwmitigated" sysctl.

Mitigation D: GCC Retpoline

Software mitigation. It is enabled by default in GENERIC. When enabled, the "swmitigated" sysctl is set to one.

Note: there is no retpoline for the ASM parts, and no RSB-stuffing either for Skylake.

Mitigations E, F

There are two available mitigations for SpectreV4. Their availability depends on the CPU model and the microcode or BIOS revision.

machdep.spectre_v4.mitigated = {0/1} user-settable
machdep.spectre_v4.method = {string} constructed by the kernel

Only "mitigated" can be set by the user. When set to one, the kernel will determine the best hardware mitigation available for the currently running CPU, and will apply it.

Mitigation E: Intel SSBD

Available only on Intel (for now). It can be dynamically enabled/disabled by changing the "mitigated" sysctl.

Mitigation F: AMD NONARCH

Available only on AMD families 15h, 16h and 17h. It can be dynamically enabled/disabled by changing the "mitigated" sysctl.

External Resources

Notes