Step 1 – Find your current FreeBSD version
#freebsd-version11.1-RELEASE-p4
Note down the current version.
Step 2 – Update your vulnerable system via a binary patch
Type the following to fetch, install, and patch Meltdown and Spectre vulnerabilities:
# freebsd-update fetch
then
# freebsd-update install
Step 3 – Reboot the FreeBSD box
Type the following shutdown command or reboot command
# shutdown -r now
OR
# reboot
Step 4 – Verification for Meltdown vulnerability on FreeBSD
The mitigation is known as Page Table Isolation (PTI). PTI largely separates kernel and user mode page tables, so that even during speculative execution most of the kernel’s data is unmapped and not accessible. A patched kernel will automatically enable PTI on Intel CPUs. The status can be checked by typing the following sysctl command:
# sysctl vm.pmap.pti
vm.pmap.pti: 1
Another option is to download the Meltdown attack tools from here as follows:
# cd /tmp
# git clone https://github.com/dag-erling/meltdown
Built it:
# cd /tmp/meltdown
# make
The mdcheck tool attempts to determine if your system is vulnerable. The exact method varies from one platform to another. The result is indicated by the exit code: 0 for complete success, 1 for partial success (mostly seen in virtual machines) and 2 for complete failure:
# mdcheck
# echo $?
The mdattack tool performs a Meltdown attack on a designated target specified as a virtual address and a length and prints the result:
# mdattack
