What are noticeably absent are mitigations for Spectre/Meltdown that were implemented in NetBSD 8.0. From the NetBSD 8.0 release announcement:
Quote:
Specific to i386 and amd64 CPUs:
Meltdown mitigation: SVS (Separate Virtual Space), enabled by default.
SpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.
SpectreV4 mitigations available for Intel and AMD.
PopSS workaround: user access to debug registers is turned off by default.
Lazy FPU saving disabled on vulnerable Intel CPUs ("eagerfpu").
SMAP support.
Improvement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.
(U)EFI bootloader.
|
Source:
https://www.netbsd.org/releases/form...etBSD-8.0.html