aboutsummaryrefslogtreecommitdiffstats
path: root/docs/report/introduction
diff options
context:
space:
mode:
authorPeter Mikus <pmikus@cisco.com>2022-01-31 12:25:21 +0100
committerPeter Mikus <pmikus@cisco.com>2022-01-31 11:28:15 +0000
commited72f828240f6184b38c38f8ccd078308c9cdfb9 (patch)
tree713fb05002b53b8fcc8e40ee4f1df094d53084ac /docs/report/introduction
parent87ad7ca7db9581990effa792a55a8a9bc9cac58a (diff)
feat(docs): Static content update
Signed-off-by: Peter Mikus <pmikus@cisco.com> Change-Id: I1cdd628be1d358fcca4bf05c9357c195ee3a8288
Diffstat (limited to 'docs/report/introduction')
-rw-r--r--docs/report/introduction/methodology_aws/aws_ami.rst8
-rw-r--r--docs/report/introduction/methodology_aws/aws_terraform.rst63
-rw-r--r--docs/report/introduction/methodology_mellanox_nic.rst110
-rw-r--r--docs/report/introduction/physical_testbeds.rst45
-rw-r--r--docs/report/introduction/test_environment_intro.rst11
-rw-r--r--docs/report/introduction/test_environment_sut_calib_icx.rst73
-rw-r--r--docs/report/introduction/test_environment_sut_meltspec_icx.rst131
7 files changed, 234 insertions, 207 deletions
diff --git a/docs/report/introduction/methodology_aws/aws_ami.rst b/docs/report/introduction/methodology_aws/aws_ami.rst
index 264da01a1f..d772976b09 100644
--- a/docs/report/introduction/methodology_aws/aws_ami.rst
+++ b/docs/report/introduction/methodology_aws/aws_ami.rst
@@ -37,13 +37,7 @@ details examples:
- Root Device Type: ebs
Both TG and SUT AMIs are created manually before launching topology and are not
-part of automated scripts. To create CSIT AMIs:
-
-::
-
- cd csit/fdio.infra.packer/aws_c5n/
- packer init
- packer build
+part of automated scripts.
Building AMIs requires Hashicorp Packer with Amazon plugin installed.
diff --git a/docs/report/introduction/methodology_aws/aws_terraform.rst b/docs/report/introduction/methodology_aws/aws_terraform.rst
index ebbef9000a..4b063d5ee4 100644
--- a/docs/report/introduction/methodology_aws/aws_terraform.rst
+++ b/docs/report/introduction/methodology_aws/aws_terraform.rst
@@ -34,71 +34,10 @@ Requirements
- `Vault <https://releases.hashicorp.com/vault/>`_ service available
on specified ip/port.
-Usage
-~~~~~
-
-- OPTIONAL: Enable logging
-
- - Terraform does not have logging enabled by default, to enable logging
- to stderr, set up TF_LOG variable with specified loglevel.
- - Available loglevels: TRACE, DEBUG, INFO, WARN, ERROR:
-
- ::
-
- export TF_LOG="LOGLEVEL"
-
- - It is also possible to store logged output to a file by setting up
- TF_LOG_PATH variable:
-
- ::
-
- export TF_LOG_PATH="path/to/logfile"
-
-- Run Terraform in a given root module folder depending on chosen testbed
- topology.
-
- - Terraform will deploy and configure instances and other resources,
- all of these resources can be later identified on AWS via
- Environment tag.
- - By default, Environment tag "CSIT-AWS" is used. Example:
-
- ::
-
- cd fdio.infra.terraform/2n_aws_c5n/
- terraform init
- terraform plan
- terraform apply
-
- - This will deploy environment with default values, you can check the
- defaults in `./2n_aws_c5n/main.tf` and `./2n_aws_c5n/variables.tf`
- files.
- - If you would like to change some of these values, you can:
-
- - Set up TF_VAR_* environment variables prior to running 'terraform apply':
-
- ::
-
- export TF_VAR_testbed_name="testbed1"
-
- - Use '-var=varname=value' flag when running 'terraform apply':
-
- ::
-
- terraform apply -var=testbed_name=testbed1
-
- - Note: Only variables defined in `variables.tf` file of the root
- module can be changed using these methods.
-
-- To clean up the AWS environment and remove all used resources, run:
-
- ::
-
- terraform destroy
-
Deployment Example
~~~~~~~~~~~~~~~~~~
-Following is an example of a
+Following is an example of a
`Terraform deploy module <https://git.fd.io/csit/tree/fdio.infra.terraform/2n_aws_c5n/main.tf>`_
for a CSIT 2-Node testbed topology with AWS variables set to default
values. A number of variables is also defined in a
diff --git a/docs/report/introduction/methodology_mellanox_nic.rst b/docs/report/introduction/methodology_mellanox_nic.rst
deleted file mode 100644
index 7f8a8a0c31..0000000000
--- a/docs/report/introduction/methodology_mellanox_nic.rst
+++ /dev/null
@@ -1,110 +0,0 @@
-Mellanox NIC
-------------
-
-Performance test results using Mellanox ConnectX5 2p100GE are reported for
-2-Node Xeon Cascade Lake physical testbed type present in FD.io labs. For
-description of physical testbeds used please refer to
-:ref:`tested_physical_topologies`.
-
-Mellanox NIC settings
-~~~~~~~~~~~~~~~~~~~~~
-
-Mellanox ConnectX5 NIC settings are following recommendations from
-[DpdkPerformanceReport]_, [MellanoxDpdkGuide]_ and [MellanoxDpdkBits]_.
-Specifically:
-
-- Flow Control OFF:
- ::
-
- $ ethtool -A $netdev rx off tx off
-
-- Set CQE COMPRESSION to "AGGRESSIVE":
- ::
-
- $ mlxconfig -d $PORT_PCI_ADDRESS set CQE_COMPRESSION=1
-
-Mellanox :abbr:`OFED (OpenFabrics Enterprise Distribution)` driver is installed
-and used to manage the NIC settings.
-
-::
-
- $ sudo lspci -vvvs 5e:00.0
- 5e:00.0 Ethernet controller: Mellanox Technologies MT28800 Family [ConnectX-5 Ex]
- Subsystem: Mellanox Technologies MT28800 Family [ConnectX-5 Ex]
- Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr+ Stepping- SERR+ FastB2B- DisINTx+
- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
- Latency: 0, Cache Line Size: 32 bytes
- Interrupt: pin A routed to IRQ 37
- NUMA node: 0
- Region 0: Memory at 38fffe000000 (64-bit, prefetchable) [size=32M]
- Expansion ROM at c5e00000 [disabled] [size=1M]
- Capabilities: [60] Express (v2) Endpoint, MSI 00
- DevCap: MaxPayload 512 bytes, PhantFunc 0, Latency L0s unlimited, L1 unlimited
- ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
- DevCtl: Report errors: Correctable- Non-Fatal- Fatal+ Unsupported-
- RlxdOrd+ ExtTag+ PhantFunc- AuxPwr- NoSnoop+ FLReset-
- MaxPayload 256 bytes, MaxReadReq 4096 bytes
- DevSta: CorrErr+ UncorrErr- FatalErr- UnsuppReq+ AuxPwr- TransPend-
- LnkCap: Port #0, Speed 16GT/s, Width x16, ASPM not supported, Exit Latency L0s unlimited, L1 unlimited
- ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+
- LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
- ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
- LnkSta: Speed 8GT/s, Width x16, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
- DevCap2: Completion Timeout: Range ABCD, TimeoutDis+, LTR-, OBFF Not Supported
- DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled
- LnkCtl2: Target Link Speed: 16GT/s, EnterCompliance- SpeedDis-
- Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
- Compliance De-emphasis: -6dB
- LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete+, EqualizationPhase1+
- EqualizationPhase2+, EqualizationPhase3+, LinkEqualizationRequest-
- Capabilities: [48] Vital Product Data
- Product Name: CX556A - ConnectX-5 QSFP28
- Read-only fields:
- [PN] Part number: MCX556A-EDAT
- [EC] Engineering changes: AA
- [V2] Vendor specific: MCX556A-EDAT
- [SN] Serial number: MT1945X00360
- [V3] Vendor specific: f8d15ef7e701ea118000b8599ffe4aa8
- [VA] Vendor specific: MLX:MODL=CX556A:MN=MLNX:CSKU=V2:UUID=V3:PCI=V0
- [V0] Vendor specific: PCIeGen4 x16
- [RV] Reserved: checksum good, 2 byte(s) reserved
- End
- Capabilities: [9c] MSI-X: Enable+ Count=64 Masked-
- Vector table: BAR=0 offset=00002000
- PBA: BAR=0 offset=00003000
- Capabilities: [c0] Vendor Specific Information: Len=18 <?>
- Capabilities: [40] Power Management version 3
- Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0-,D1-,D2-,D3hot-,D3cold+)
- Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
- Capabilities: [100 v1] Advanced Error Reporting
- UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
- UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
- UESvrt: DLP+ SDES- TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
- CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr-
- CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr+
- AERCap: First Error Pointer: 04, GenCap+ CGenEn- ChkCap+ ChkEn-
- Capabilities: [150 v1] Alternative Routing-ID Interpretation (ARI)
- ARICap: MFVC- ACS-, Next Function: 1
- ARICtl: MFVC- ACS-, Function Group: 0
- Capabilities: [1c0 v1] #19
- Capabilities: [230 v1] Access Control Services
- ACSCap: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
- ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
- Capabilities: [320 v1] #27
- Capabilities: [370 v1] #26
- Capabilities: [420 v1] #25
- Kernel driver in use: mlx5_core
- Kernel modules: mlx5_core
-
-TG and SUT settings
-~~~~~~~~~~~~~~~~~~~
-
-For the TG and SUT environment settings please refer to
-:ref:`_vpp_test_environment` and :ref:`_dpdk_test_environment`.
-
-Links
-~~~~~
-
-.. [DpdkPerformanceReport] `DPDK 19.11 performance report <http://static.dpdk.org/doc/perf/DPDK_19_11_Mellanox_NIC_performance_report.pdf>`
-.. [MellanoxDpdkGuide] `Mellanox DPDK guide <https://www.mellanox.com/related-docs/prod_software/MLNX_DPDK_Quick_Start_Guide_v16.11_3.0.pdf>`
-.. [MellanoxDpdkBits] `Mellanox DPDK bits <https://community.mellanox.com/s/article/mellanox-dpdk>`
diff --git a/docs/report/introduction/physical_testbeds.rst b/docs/report/introduction/physical_testbeds.rst
index be0c393409..9bb0a05f99 100644
--- a/docs/report/introduction/physical_testbeds.rst
+++ b/docs/report/introduction/physical_testbeds.rst
@@ -26,18 +26,11 @@ Two physical server topology types are used:
Current FD.io production testbeds are built with SUT servers based on
the following processor architectures:
-- Intel Xeon: Skylake Platinum 8180, Cascadelake 6252N, (Icelake 8358
- to be added).
+- Intel Xeon: Skylake Platinum 8180, Cascadelake 6252N, Icelake 8358.
- Intel Atom: Denverton C3858.
- Arm: TaiShan 2280, hip07-d05.
- AMD EPYC: Zen2 7532.
-CSIT-2106 report data for Intel Xeon Icelake testbeds comes from
-testbeds in Intel labs set up per CSIT specification and running CSIT
-code. Physical setup used is specified in 2n-icx and 3n-icx sections
-below. For details about tested VPP and CSIT versions
-see :ref:`vpp_performance_tests_release_notes`.
-
Server SUT performance depends on server and processor type, hence
results for testbeds based on different servers must be reported
separately, and compared if appropriate.
@@ -53,7 +46,7 @@ SUT and TG servers are equipped with a number of different NIC models.
VPP is performance tested on SUTs with the following NICs and drivers:
-#. 2p10GE: x520, x550, x553 Intel (codename Niantic)
+#. 2p10GE: x550, x553 Intel (codename Niantic)
- DPDK Poll Mode Driver (PMD).
#. 4p10GE: x710-DA4 Intel (codename Fortville, FVL)
- DPDK PMD.
@@ -167,15 +160,12 @@ TG NICs:
All Intel Xeon Cascadelake servers run with Intel Hyper-Threading enabled,
doubling the number of logical cores exposed to Linux.
-2-Node Xeon Icelake (2n-icx) EXPERIMENTAL
------------------------------------------
+2-Node Xeon Icelake (2n-icx)
+----------------------------
-One 2n-icx testbed located in Intel labs was used for CSIT testing. It
-is built with two SuperMicro SYS-740GP-TNRT servers. SUT is equipped
-with two Intel Xeon Gold 6338N processors (48 MB Cache, 2.20 GHz, 32
-cores). TG is equiped with two Intel Xeon Ice Lake Platinum 8360Y
-processors (54 MB Cache, 2.40 GHz, 36 cores). 2n-icx physical topology
-is shown below.
+One 2n-icx testbed is in operation in FD.io labs. It is built with two
+SuperMicro SYS-740GP-TNRT servers, each in turn equipped with two Intel Xeon
+Platinum 8358 processors (48 MB Cache, 2.60 GHz, 32 cores).
.. only:: latex
@@ -196,20 +186,19 @@ is shown below.
SUT and TG NICs:
-#. NIC-1: E810-2CQDA2 2p100GbE Intel.
+#. NIC-1: xxv710-DA2 2p25GE Intel.
+#. NIC-2: E810-2CQDA2 2p100GbE Intel (* to be added).
+#. NIC-3: E810-CQDA4 4p100GbE Intel (* to be added).
All Intel Xeon Icelake servers run with Intel Hyper-Threading enabled,
doubling the number of logical cores exposed to Linux.
-3-Node Xeon Icelake (3n-icx) EXPERIMENTAL
------------------------------------------
+3-Node Xeon Icelake (3n-icx)
+----------------------------
-One 3n-icx testbed located in Intel labs was used for CSIT testing. It
-is built with three SuperMicro SYS-740GP-TNRT servers. SUTs are
-equipped each with two Intel Xeon Platinum 8360Y processors (54 MB
-Cache, 2.40 GHz, 36 cores). TG is equiped with two Intel Xeon Ice Lake
-Platinum 8360Y processors (54 MB Cache, 2.40 GHz, 36 cores). 3n-icx
-physical topology is shown below.
+One 3n-icx testbed is in operation in FD.io labs. It is built with three
+SuperMicro SYS-740GP-TNRT servers, each in turn equipped with two Intel Xeon
+Platinum 8358 processors (48 MB Cache, 2.60 GHz, 32 cores).
.. only:: latex
@@ -230,7 +219,9 @@ physical topology is shown below.
SUT and TG NICs:
-#. NIC-1: E810-2CQDA2 2p100GbE Intel.
+#. NIC-1: xxv710-DA2 2p25GE Intel.
+#. NIC-2: E810-2CQDA2 2p100GbE Intel (* to be added).
+#. NIC-3: E810-CQDA4 4p100GbE Intel (* to be added).
All Intel Xeon Icelake servers run with Intel Hyper-Threading enabled,
doubling the number of logical cores exposed to Linux.
diff --git a/docs/report/introduction/test_environment_intro.rst b/docs/report/introduction/test_environment_intro.rst
index c2feb1b4c4..cc7bd74185 100644
--- a/docs/report/introduction/test_environment_intro.rst
+++ b/docs/report/introduction/test_environment_intro.rst
@@ -101,4 +101,13 @@ Following is the list of CSIT versions to date:
`CSIT <https://git.fd.io/csit/tree/?h=rls2110>`_).
- Intel NIC 700/800 series firmware upgrade based on DPDK compatibility
- matrix: `depends on testbed type <https://gerrit.fd.io/r/c/csit/+/33311>`_.
+ matrix.
+- Ver. 9 associated with CSIT rls2202 branch (`HW
+ <https://git.fd.io/csit/tree/docs/lab?h=rls2202>`_, `Linux
+ <https://s3-docs.fd.io/csit/rls2202/report/vpp_performance_tests/test_environment.html#sut-settings-linux>`_,
+ `TRex
+ <https://s3-docs.fd.io/csit/rls2202/report/vpp_performance_tests/test_environment.html#tg-settings-trex>`_,
+ `CSIT <https://git.fd.io/csit/tree/?h=rls2202>`_).
+
+ - Intel NIC 700/800 series firmware upgrade based on DPDK compatibility
+ matrix. \ No newline at end of file
diff --git a/docs/report/introduction/test_environment_sut_calib_icx.rst b/docs/report/introduction/test_environment_sut_calib_icx.rst
new file mode 100644
index 0000000000..39245ff8ae
--- /dev/null
+++ b/docs/report/introduction/test_environment_sut_calib_icx.rst
@@ -0,0 +1,73 @@
+Ice Lake
+~~~~~~~~
+
+Following sections include sample calibration data measured on
+s71-t212-sut1 server running in one of the Intel Xeon Ice Lake testbeds as
+specified in `FD.io CSIT testbeds - Xeon Ice Lake`_.
+
+Calibration data obtained from all other servers in Ice Lake testbeds
+shows the same or similar values.
+
+
+Linux cmdline
+^^^^^^^^^^^^^
+
+::
+
+ $ cat /proc/cmdline
+ BOOT_IMAGE=/boot/vmlinuz-5.4.0-65-generic root=UUID=3250758a-9bb6-48c8-9c36-ecb6a269223f ro audit=0 default_hugepagesz=2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768 hpet=disable intel_idle.max_cstate=1 intel_iommu=on intel_pstate=disable iommu=pt isolcpus=1-31,33-63,65-95,97-127 mce=off nmi_watchdog=0 nohz_full=1-31,33-63,65-95,97-127 nosoftlockup numa_balancing=disable processor.max_cstate=1 rcu_nocbs=1-31,33-63,65-95,97-127 tsc=reliable console=ttyS0,115200n8 quiet
+
+Linux uname
+^^^^^^^^^^^
+
+::
+
+ $ uname -a
+ Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
+
+
+System-level Core Jitter
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+::
+
+ $ sudo taskset -c 3 /home/testuser/pma_tools/jitter/jitter -i 30
+ Linux Jitter testing program version 1.9
+ Iterations=20
+ The pragram will execute a dummy function 80000 times
+ Display is updated every 20000 displayUpdate intervals
+ Thread affinity will be set to core_id:7
+ Timings are in CPU Core cycles
+ Inst_Min: Minimum Excution time during the display update interval(default is ~1 second)
+ Inst_Max: Maximum Excution time during the display update interval(default is ~1 second)
+ Inst_jitter: Jitter in the Excution time during rhe display update interval. This is the value of interest
+ last_Exec: The Excution time of last iteration just before the display update
+ Abs_Min: Absolute Minimum Excution time since the program started or statistics were reset
+ Abs_Max: Absolute Maximum Excution time since the program started or statistics were reset
+ tmp: Cumulative value calcualted by the dummy function
+ Interval: Time interval between the display updates in Core Cycles
+ Sample No: Sample number
+
+ Inst_Min,Inst_Max,Inst_jitter,last_Exec,Abs_min,Abs_max,tmp,Interval,Sample No
+ 126082,133950,7868,126094,126082,133950,3829268480,2524167454,1
+ 126082,134696,8614,126094,126082,134696,1778253824,2524273022,2
+ 126082,136092,10010,126094,126082,136092,4022206464,2524203296,3
+ 126082,135094,9012,126094,126082,136092,1971191808,2524274302,4
+ 126082,136482,10400,126094,126082,136482,4215144448,2524318496,5
+ 126082,134990,8908,126094,126082,136482,2164129792,2524155038,6
+ 126082,134710,8628,126092,126082,136482,113115136,2524215228,7
+ 126082,135080,8998,126092,126082,136482,2357067776,2524168906,8
+ 126082,134470,8388,126094,126082,136482,306053120,2524163312,9
+ 126082,135246,9164,126092,126082,136482,2550005760,2524394986,10
+ 126082,132662,6580,126094,126082,136482,498991104,2524163156,11
+ 126082,132954,6872,126094,126082,136482,2742943744,2524154386,12
+ 126082,135340,9258,126092,126082,136482,691929088,2524222386,13
+ 126082,133036,6954,126094,126082,136482,2935881728,2524150132,14
+ 126082,137776,11694,126094,126082,137776,884867072,2524239346,15
+ 126082,137850,11768,126094,126082,137850,3128819712,2524342944,16
+ 126082,133000,6918,126094,126082,137850,1077805056,2524160062,17
+ 126082,133332,7250,126094,126082,137850,3321757696,2524158804,18
+ 126082,133234,7152,126092,126082,137850,1270743040,2524174400,19
+ 126082,152552,26470,126094,126082,152552,3514695680,2524857280,20
+
+.. include:: ../introduction/test_environment_sut_meltspec_icx.rst
diff --git a/docs/report/introduction/test_environment_sut_meltspec_icx.rst b/docs/report/introduction/test_environment_sut_meltspec_icx.rst
new file mode 100644
index 0000000000..256391e13d
--- /dev/null
+++ b/docs/report/introduction/test_environment_sut_meltspec_icx.rst
@@ -0,0 +1,131 @@
+Spectre and Meltdown Checks
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Following section displays the output of a running shell script to tell if
+system is vulnerable against the several speculative execution CVEs that were
+made public in 2018. Script is available on `Spectre & Meltdown Checker Github
+<https://github.com/speed47/spectre-meltdown-checker>`_.
+
+::
+
+ Spectre and Meltdown mitigation detection tool v0.44+
+
+ Checking for vulnerabilities on current system
+ Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64
+ CPU is Intel(R) Xeon(R) Platinum 8358 CPU @ 2.60GHz
+
+ Hardware check
+ * Hardware support (CPU microcode) for mitigation techniques
+ * Indirect Branch Restricted Speculation (IBRS)
+ * SPEC_CTRL MSR is available: YES
+ * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
+ * Indirect Branch Prediction Barrier (IBPB)
+ * PRED_CMD MSR is available: YES
+ * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
+ * Single Thread Indirect Branch Predictors (STIBP)
+ * SPEC_CTRL MSR is available: YES
+ * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
+ * Speculative Store Bypass Disable (SSBD)
+ * CPU indicates SSBD capability: YES (Intel SSBD)
+ * L1 data cache invalidation
+ * FLUSH_CMD MSR is available: YES
+ * CPU indicates L1D flush capability: YES (L1D flush feature bit)
+ * Microarchitectural Data Sampling
+ * VERW instruction is available: YES (MD_CLEAR feature bit)
+ * Enhanced IBRS (IBRS_ALL)
+ * CPU indicates ARCH_CAPABILITIES MSR availability: YES
+ * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES
+ * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES
+ * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
+ * CPU/Hypervisor indicates L1D flushing is not necessary on this system: YES
+ * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
+ * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): YES
+ * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO): YES
+ * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO): YES
+ * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): YES
+ * TSX_CTRL MSR indicates TSX RTM is disabled: YES
+ * TSX_CTRL MSR indicates TSX CPUID bit is cleared: YES
+ * CPU supports Transactional Synchronization Extensions (TSX): NO
+ * CPU supports Software Guard Extensions (SGX): YES
+ * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
+ * CPU microcode is known to cause stability problems: NO (family 0x6 model 0x6a stepping 0x6 ucode 0xd000280 cpuid 0x606a6)
+ * CPU microcode is the latest known available version: NO (latest version is 0xd0002a0 dated 2021/04/25 according to builtin firmwares DB v191+i20210217)
+ * CPU vulnerability to the speculative execution attack variants
+ * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+ * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+ * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+ * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
+ * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+ * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): YES
+ * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
+ * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
+ * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+ * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+ * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+ * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+ * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+ * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
+ * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
+
+ CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
+ * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+ > STATUS: UNKNOWN (/sys vulnerability interface use forced, but its not available!)
+
+ CVE-2017-5715 aka Spectre Variant 2, branch target injection
+ * Mitigated according to the /sys interface: YES (Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling)
+ > STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the vulnerability)
+
+ CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Running as a Xen PV DomU: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3640 aka Variant 3a, rogue system register read
+ * CPU microcode mitigates the vulnerability: YES
+ > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
+
+ CVE-2018-3639 aka Variant 4, speculative store bypass
+ * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+ > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+
+ CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
+ * CPU microcode mitigates the vulnerability: YES
+ > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
+
+ CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
+ * Mitigated according to the /sys interface: YES (Not affected)
+ > STATUS: NOT VULNERABLE (Not affected)
+
+ CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
+ * Information from the /sys interface: Not affected
+ > STATUS: NOT VULNERABLE (your kernel reported your CPU model as not vulnerable)
+
+ CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
+ * Mitigated according to the /sys interface: YES (Not affected)
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
+ * Mitigated according to the /sys interface: YES (Not affected)
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
+ * Mitigated according to the /sys interface: YES (Not affected)
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
+ * Mitigated according to the /sys interface: YES (Not affected)
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
+ * Mitigated according to the /sys interface: YES (Not affected)
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
+ * Mitigated according to the /sys interface: YES (Not affected)
+ > STATUS: NOT VULNERABLE (Not affected)
+
+ CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+ * Mitigated according to the /sys interface: YES (Not affected)
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ > SUMMARY: CVE-2017-5753:?? CVE-2017-5715:KO CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK