NetBSD Has SVS To Mitigate Meltdown, Still Working On Spectre
The NetBSD project has issued an update concerning recent security efforts for this popular BSD operating system.
NetBSD has landed "Separate Virtual Space" (SVS) within their development repository as their mitigation effort for the Meltdown CPU vulnerability. SVS unmaps kernel pages when running in user-space. Initially only the PTE area is being unmapped. After tuning the past month, NetBSD developers now consider SVS to be stable but at the moment has not yet been back-ported to their stable branches. SVS for now is only supported on x86 64-bit.
But when it comes to the Spectre Variant One/Two vulnerabilities, NetBSD is still working on taking advantage of the new model-specific registers for disabling branch prediction. NetBSD supports Intel/AMD CPU microcode updates but has yet to develop the patches for taking advantage of those new MSRs in the microcode updates for disabling branch prediction.
More details on NetBSD's latest security work can be found via this blog post.
NetBSD has landed "Separate Virtual Space" (SVS) within their development repository as their mitigation effort for the Meltdown CPU vulnerability. SVS unmaps kernel pages when running in user-space. Initially only the PTE area is being unmapped. After tuning the past month, NetBSD developers now consider SVS to be stable but at the moment has not yet been back-ported to their stable branches. SVS for now is only supported on x86 64-bit.
But when it comes to the Spectre Variant One/Two vulnerabilities, NetBSD is still working on taking advantage of the new model-specific registers for disabling branch prediction. NetBSD supports Intel/AMD CPU microcode updates but has yet to develop the patches for taking advantage of those new MSRs in the microcode updates for disabling branch prediction.
More details on NetBSD's latest security work can be found via this blog post.
5 Comments