diff options
Diffstat (limited to 'docs/report/introduction')
7 files changed, 234 insertions, 207 deletions
diff --git a/docs/report/introduction/methodology_aws/aws_ami.rst b/docs/report/introduction/methodology_aws/aws_ami.rst index 264da01a1f..d772976b09 100644 --- a/docs/report/introduction/methodology_aws/aws_ami.rst +++ b/docs/report/introduction/methodology_aws/aws_ami.rst @@ -37,13 +37,7 @@ details examples: - Root Device Type: ebs Both TG and SUT AMIs are created manually before launching topology and are not -part of automated scripts. To create CSIT AMIs: - -:: - - cd csit/fdio.infra.packer/aws_c5n/ - packer init - packer build +part of automated scripts. Building AMIs requires Hashicorp Packer with Amazon plugin installed. diff --git a/docs/report/introduction/methodology_aws/aws_terraform.rst b/docs/report/introduction/methodology_aws/aws_terraform.rst index ebbef9000a..4b063d5ee4 100644 --- a/docs/report/introduction/methodology_aws/aws_terraform.rst +++ b/docs/report/introduction/methodology_aws/aws_terraform.rst @@ -34,71 +34,10 @@ Requirements - `Vault <https://releases.hashicorp.com/vault/>`_ service available on specified ip/port. -Usage -~~~~~ - -- OPTIONAL: Enable logging - - - Terraform does not have logging enabled by default, to enable logging - to stderr, set up TF_LOG variable with specified loglevel. - - Available loglevels: TRACE, DEBUG, INFO, WARN, ERROR: - - :: - - export TF_LOG="LOGLEVEL" - - - It is also possible to store logged output to a file by setting up - TF_LOG_PATH variable: - - :: - - export TF_LOG_PATH="path/to/logfile" - -- Run Terraform in a given root module folder depending on chosen testbed - topology. - - - Terraform will deploy and configure instances and other resources, - all of these resources can be later identified on AWS via - Environment tag. - - By default, Environment tag "CSIT-AWS" is used. Example: - - :: - - cd fdio.infra.terraform/2n_aws_c5n/ - terraform init - terraform plan - terraform apply - - - This will deploy environment with default values, you can check the - defaults in `./2n_aws_c5n/main.tf` and `./2n_aws_c5n/variables.tf` - files. - - If you would like to change some of these values, you can: - - - Set up TF_VAR_* environment variables prior to running 'terraform apply': - - :: - - export TF_VAR_testbed_name="testbed1" - - - Use '-var=varname=value' flag when running 'terraform apply': - - :: - - terraform apply -var=testbed_name=testbed1 - - - Note: Only variables defined in `variables.tf` file of the root - module can be changed using these methods. - -- To clean up the AWS environment and remove all used resources, run: - - :: - - terraform destroy - Deployment Example ~~~~~~~~~~~~~~~~~~ -Following is an example of a +Following is an example of a `Terraform deploy module <https://git.fd.io/csit/tree/fdio.infra.terraform/2n_aws_c5n/main.tf>`_ for a CSIT 2-Node testbed topology with AWS variables set to default values. A number of variables is also defined in a diff --git a/docs/report/introduction/methodology_mellanox_nic.rst b/docs/report/introduction/methodology_mellanox_nic.rst deleted file mode 100644 index 7f8a8a0c31..0000000000 --- a/docs/report/introduction/methodology_mellanox_nic.rst +++ /dev/null @@ -1,110 +0,0 @@ -Mellanox NIC ------------- - -Performance test results using Mellanox ConnectX5 2p100GE are reported for -2-Node Xeon Cascade Lake physical testbed type present in FD.io labs. For -description of physical testbeds used please refer to -:ref:`tested_physical_topologies`. - -Mellanox NIC settings -~~~~~~~~~~~~~~~~~~~~~ - -Mellanox ConnectX5 NIC settings are following recommendations from -[DpdkPerformanceReport]_, [MellanoxDpdkGuide]_ and [MellanoxDpdkBits]_. -Specifically: - -- Flow Control OFF: - :: - - $ ethtool -A $netdev rx off tx off - -- Set CQE COMPRESSION to "AGGRESSIVE": - :: - - $ mlxconfig -d $PORT_PCI_ADDRESS set CQE_COMPRESSION=1 - -Mellanox :abbr:`OFED (OpenFabrics Enterprise Distribution)` driver is installed -and used to manage the NIC settings. - -:: - - $ sudo lspci -vvvs 5e:00.0 - 5e:00.0 Ethernet controller: Mellanox Technologies MT28800 Family [ConnectX-5 Ex] - Subsystem: Mellanox Technologies MT28800 Family [ConnectX-5 Ex] - Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr+ Stepping- SERR+ FastB2B- DisINTx+ - Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- - Latency: 0, Cache Line Size: 32 bytes - Interrupt: pin A routed to IRQ 37 - NUMA node: 0 - Region 0: Memory at 38fffe000000 (64-bit, prefetchable) [size=32M] - Expansion ROM at c5e00000 [disabled] [size=1M] - Capabilities: [60] Express (v2) Endpoint, MSI 00 - DevCap: MaxPayload 512 bytes, PhantFunc 0, Latency L0s unlimited, L1 unlimited - ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W - DevCtl: Report errors: Correctable- Non-Fatal- Fatal+ Unsupported- - RlxdOrd+ ExtTag+ PhantFunc- AuxPwr- NoSnoop+ FLReset- - MaxPayload 256 bytes, MaxReadReq 4096 bytes - DevSta: CorrErr+ UncorrErr- FatalErr- UnsuppReq+ AuxPwr- TransPend- - LnkCap: Port #0, Speed 16GT/s, Width x16, ASPM not supported, Exit Latency L0s unlimited, L1 unlimited - ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+ - LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+ - ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt- - LnkSta: Speed 8GT/s, Width x16, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt- - DevCap2: Completion Timeout: Range ABCD, TimeoutDis+, LTR-, OBFF Not Supported - DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled - LnkCtl2: Target Link Speed: 16GT/s, EnterCompliance- SpeedDis- - Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS- - Compliance De-emphasis: -6dB - LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete+, EqualizationPhase1+ - EqualizationPhase2+, EqualizationPhase3+, LinkEqualizationRequest- - Capabilities: [48] Vital Product Data - Product Name: CX556A - ConnectX-5 QSFP28 - Read-only fields: - [PN] Part number: MCX556A-EDAT - [EC] Engineering changes: AA - [V2] Vendor specific: MCX556A-EDAT - [SN] Serial number: MT1945X00360 - [V3] Vendor specific: f8d15ef7e701ea118000b8599ffe4aa8 - [VA] Vendor specific: MLX:MODL=CX556A:MN=MLNX:CSKU=V2:UUID=V3:PCI=V0 - [V0] Vendor specific: PCIeGen4 x16 - [RV] Reserved: checksum good, 2 byte(s) reserved - End - Capabilities: [9c] MSI-X: Enable+ Count=64 Masked- - Vector table: BAR=0 offset=00002000 - PBA: BAR=0 offset=00003000 - Capabilities: [c0] Vendor Specific Information: Len=18 <?> - Capabilities: [40] Power Management version 3 - Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0-,D1-,D2-,D3hot-,D3cold+) - Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME- - Capabilities: [100 v1] Advanced Error Reporting - UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol- - UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol- - UESvrt: DLP+ SDES- TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol- - CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr- - CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr+ - AERCap: First Error Pointer: 04, GenCap+ CGenEn- ChkCap+ ChkEn- - Capabilities: [150 v1] Alternative Routing-ID Interpretation (ARI) - ARICap: MFVC- ACS-, Next Function: 1 - ARICtl: MFVC- ACS-, Function Group: 0 - Capabilities: [1c0 v1] #19 - Capabilities: [230 v1] Access Control Services - ACSCap: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans- - ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans- - Capabilities: [320 v1] #27 - Capabilities: [370 v1] #26 - Capabilities: [420 v1] #25 - Kernel driver in use: mlx5_core - Kernel modules: mlx5_core - -TG and SUT settings -~~~~~~~~~~~~~~~~~~~ - -For the TG and SUT environment settings please refer to -:ref:`_vpp_test_environment` and :ref:`_dpdk_test_environment`. - -Links -~~~~~ - -.. [DpdkPerformanceReport] `DPDK 19.11 performance report <http://static.dpdk.org/doc/perf/DPDK_19_11_Mellanox_NIC_performance_report.pdf>` -.. [MellanoxDpdkGuide] `Mellanox DPDK guide <https://www.mellanox.com/related-docs/prod_software/MLNX_DPDK_Quick_Start_Guide_v16.11_3.0.pdf>` -.. [MellanoxDpdkBits] `Mellanox DPDK bits <https://community.mellanox.com/s/article/mellanox-dpdk>` diff --git a/docs/report/introduction/physical_testbeds.rst b/docs/report/introduction/physical_testbeds.rst index be0c393409..9bb0a05f99 100644 --- a/docs/report/introduction/physical_testbeds.rst +++ b/docs/report/introduction/physical_testbeds.rst @@ -26,18 +26,11 @@ Two physical server topology types are used: Current FD.io production testbeds are built with SUT servers based on the following processor architectures: -- Intel Xeon: Skylake Platinum 8180, Cascadelake 6252N, (Icelake 8358 - to be added). +- Intel Xeon: Skylake Platinum 8180, Cascadelake 6252N, Icelake 8358. - Intel Atom: Denverton C3858. - Arm: TaiShan 2280, hip07-d05. - AMD EPYC: Zen2 7532. -CSIT-2106 report data for Intel Xeon Icelake testbeds comes from -testbeds in Intel labs set up per CSIT specification and running CSIT -code. Physical setup used is specified in 2n-icx and 3n-icx sections -below. For details about tested VPP and CSIT versions -see :ref:`vpp_performance_tests_release_notes`. - Server SUT performance depends on server and processor type, hence results for testbeds based on different servers must be reported separately, and compared if appropriate. @@ -53,7 +46,7 @@ SUT and TG servers are equipped with a number of different NIC models. VPP is performance tested on SUTs with the following NICs and drivers: -#. 2p10GE: x520, x550, x553 Intel (codename Niantic) +#. 2p10GE: x550, x553 Intel (codename Niantic) - DPDK Poll Mode Driver (PMD). #. 4p10GE: x710-DA4 Intel (codename Fortville, FVL) - DPDK PMD. @@ -167,15 +160,12 @@ TG NICs: All Intel Xeon Cascadelake servers run with Intel Hyper-Threading enabled, doubling the number of logical cores exposed to Linux. -2-Node Xeon Icelake (2n-icx) EXPERIMENTAL ------------------------------------------ +2-Node Xeon Icelake (2n-icx) +---------------------------- -One 2n-icx testbed located in Intel labs was used for CSIT testing. It -is built with two SuperMicro SYS-740GP-TNRT servers. SUT is equipped -with two Intel Xeon Gold 6338N processors (48 MB Cache, 2.20 GHz, 32 -cores). TG is equiped with two Intel Xeon Ice Lake Platinum 8360Y -processors (54 MB Cache, 2.40 GHz, 36 cores). 2n-icx physical topology -is shown below. +One 2n-icx testbed is in operation in FD.io labs. It is built with two +SuperMicro SYS-740GP-TNRT servers, each in turn equipped with two Intel Xeon +Platinum 8358 processors (48 MB Cache, 2.60 GHz, 32 cores). .. only:: latex @@ -196,20 +186,19 @@ is shown below. SUT and TG NICs: -#. NIC-1: E810-2CQDA2 2p100GbE Intel. +#. NIC-1: xxv710-DA2 2p25GE Intel. +#. NIC-2: E810-2CQDA2 2p100GbE Intel (* to be added). +#. NIC-3: E810-CQDA4 4p100GbE Intel (* to be added). All Intel Xeon Icelake servers run with Intel Hyper-Threading enabled, doubling the number of logical cores exposed to Linux. -3-Node Xeon Icelake (3n-icx) EXPERIMENTAL ------------------------------------------ +3-Node Xeon Icelake (3n-icx) +---------------------------- -One 3n-icx testbed located in Intel labs was used for CSIT testing. It -is built with three SuperMicro SYS-740GP-TNRT servers. SUTs are -equipped each with two Intel Xeon Platinum 8360Y processors (54 MB -Cache, 2.40 GHz, 36 cores). TG is equiped with two Intel Xeon Ice Lake -Platinum 8360Y processors (54 MB Cache, 2.40 GHz, 36 cores). 3n-icx -physical topology is shown below. +One 3n-icx testbed is in operation in FD.io labs. It is built with three +SuperMicro SYS-740GP-TNRT servers, each in turn equipped with two Intel Xeon +Platinum 8358 processors (48 MB Cache, 2.60 GHz, 32 cores). .. only:: latex @@ -230,7 +219,9 @@ physical topology is shown below. SUT and TG NICs: -#. NIC-1: E810-2CQDA2 2p100GbE Intel. +#. NIC-1: xxv710-DA2 2p25GE Intel. +#. NIC-2: E810-2CQDA2 2p100GbE Intel (* to be added). +#. NIC-3: E810-CQDA4 4p100GbE Intel (* to be added). All Intel Xeon Icelake servers run with Intel Hyper-Threading enabled, doubling the number of logical cores exposed to Linux. diff --git a/docs/report/introduction/test_environment_intro.rst b/docs/report/introduction/test_environment_intro.rst index c2feb1b4c4..cc7bd74185 100644 --- a/docs/report/introduction/test_environment_intro.rst +++ b/docs/report/introduction/test_environment_intro.rst @@ -101,4 +101,13 @@ Following is the list of CSIT versions to date: `CSIT <https://git.fd.io/csit/tree/?h=rls2110>`_). - Intel NIC 700/800 series firmware upgrade based on DPDK compatibility - matrix: `depends on testbed type <https://gerrit.fd.io/r/c/csit/+/33311>`_. + matrix. +- Ver. 9 associated with CSIT rls2202 branch (`HW + <https://git.fd.io/csit/tree/docs/lab?h=rls2202>`_, `Linux + <https://s3-docs.fd.io/csit/rls2202/report/vpp_performance_tests/test_environment.html#sut-settings-linux>`_, + `TRex + <https://s3-docs.fd.io/csit/rls2202/report/vpp_performance_tests/test_environment.html#tg-settings-trex>`_, + `CSIT <https://git.fd.io/csit/tree/?h=rls2202>`_). + + - Intel NIC 700/800 series firmware upgrade based on DPDK compatibility + matrix.
\ No newline at end of file diff --git a/docs/report/introduction/test_environment_sut_calib_icx.rst b/docs/report/introduction/test_environment_sut_calib_icx.rst new file mode 100644 index 0000000000..39245ff8ae --- /dev/null +++ b/docs/report/introduction/test_environment_sut_calib_icx.rst @@ -0,0 +1,73 @@ +Ice Lake +~~~~~~~~ + +Following sections include sample calibration data measured on +s71-t212-sut1 server running in one of the Intel Xeon Ice Lake testbeds as +specified in `FD.io CSIT testbeds - Xeon Ice Lake`_. + +Calibration data obtained from all other servers in Ice Lake testbeds +shows the same or similar values. + + +Linux cmdline +^^^^^^^^^^^^^ + +:: + + $ cat /proc/cmdline + BOOT_IMAGE=/boot/vmlinuz-5.4.0-65-generic root=UUID=3250758a-9bb6-48c8-9c36-ecb6a269223f ro audit=0 default_hugepagesz=2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768 hpet=disable intel_idle.max_cstate=1 intel_iommu=on intel_pstate=disable iommu=pt isolcpus=1-31,33-63,65-95,97-127 mce=off nmi_watchdog=0 nohz_full=1-31,33-63,65-95,97-127 nosoftlockup numa_balancing=disable processor.max_cstate=1 rcu_nocbs=1-31,33-63,65-95,97-127 tsc=reliable console=ttyS0,115200n8 quiet + +Linux uname +^^^^^^^^^^^ + +:: + + $ uname -a + Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux + + +System-level Core Jitter +^^^^^^^^^^^^^^^^^^^^^^^^ + +:: + + $ sudo taskset -c 3 /home/testuser/pma_tools/jitter/jitter -i 30 + Linux Jitter testing program version 1.9 + Iterations=20 + The pragram will execute a dummy function 80000 times + Display is updated every 20000 displayUpdate intervals + Thread affinity will be set to core_id:7 + Timings are in CPU Core cycles + Inst_Min: Minimum Excution time during the display update interval(default is ~1 second) + Inst_Max: Maximum Excution time during the display update interval(default is ~1 second) + Inst_jitter: Jitter in the Excution time during rhe display update interval. This is the value of interest + last_Exec: The Excution time of last iteration just before the display update + Abs_Min: Absolute Minimum Excution time since the program started or statistics were reset + Abs_Max: Absolute Maximum Excution time since the program started or statistics were reset + tmp: Cumulative value calcualted by the dummy function + Interval: Time interval between the display updates in Core Cycles + Sample No: Sample number + + Inst_Min,Inst_Max,Inst_jitter,last_Exec,Abs_min,Abs_max,tmp,Interval,Sample No + 126082,133950,7868,126094,126082,133950,3829268480,2524167454,1 + 126082,134696,8614,126094,126082,134696,1778253824,2524273022,2 + 126082,136092,10010,126094,126082,136092,4022206464,2524203296,3 + 126082,135094,9012,126094,126082,136092,1971191808,2524274302,4 + 126082,136482,10400,126094,126082,136482,4215144448,2524318496,5 + 126082,134990,8908,126094,126082,136482,2164129792,2524155038,6 + 126082,134710,8628,126092,126082,136482,113115136,2524215228,7 + 126082,135080,8998,126092,126082,136482,2357067776,2524168906,8 + 126082,134470,8388,126094,126082,136482,306053120,2524163312,9 + 126082,135246,9164,126092,126082,136482,2550005760,2524394986,10 + 126082,132662,6580,126094,126082,136482,498991104,2524163156,11 + 126082,132954,6872,126094,126082,136482,2742943744,2524154386,12 + 126082,135340,9258,126092,126082,136482,691929088,2524222386,13 + 126082,133036,6954,126094,126082,136482,2935881728,2524150132,14 + 126082,137776,11694,126094,126082,137776,884867072,2524239346,15 + 126082,137850,11768,126094,126082,137850,3128819712,2524342944,16 + 126082,133000,6918,126094,126082,137850,1077805056,2524160062,17 + 126082,133332,7250,126094,126082,137850,3321757696,2524158804,18 + 126082,133234,7152,126092,126082,137850,1270743040,2524174400,19 + 126082,152552,26470,126094,126082,152552,3514695680,2524857280,20 + +.. include:: ../introduction/test_environment_sut_meltspec_icx.rst diff --git a/docs/report/introduction/test_environment_sut_meltspec_icx.rst b/docs/report/introduction/test_environment_sut_meltspec_icx.rst new file mode 100644 index 0000000000..256391e13d --- /dev/null +++ b/docs/report/introduction/test_environment_sut_meltspec_icx.rst @@ -0,0 +1,131 @@ +Spectre and Meltdown Checks +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Following section displays the output of a running shell script to tell if +system is vulnerable against the several speculative execution CVEs that were +made public in 2018. Script is available on `Spectre & Meltdown Checker Github +<https://github.com/speed47/spectre-meltdown-checker>`_. + +:: + + Spectre and Meltdown mitigation detection tool v0.44+ + + Checking for vulnerabilities on current system + Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 + CPU is Intel(R) Xeon(R) Platinum 8358 CPU @ 2.60GHz + + Hardware check + * Hardware support (CPU microcode) for mitigation techniques + * Indirect Branch Restricted Speculation (IBRS) + * SPEC_CTRL MSR is available: YES + * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit) + * Indirect Branch Prediction Barrier (IBPB) + * PRED_CMD MSR is available: YES + * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit) + * Single Thread Indirect Branch Predictors (STIBP) + * SPEC_CTRL MSR is available: YES + * CPU indicates STIBP capability: YES (Intel STIBP feature bit) + * Speculative Store Bypass Disable (SSBD) + * CPU indicates SSBD capability: YES (Intel SSBD) + * L1 data cache invalidation + * FLUSH_CMD MSR is available: YES + * CPU indicates L1D flush capability: YES (L1D flush feature bit) + * Microarchitectural Data Sampling + * VERW instruction is available: YES (MD_CLEAR feature bit) + * Enhanced IBRS (IBRS_ALL) + * CPU indicates ARCH_CAPABILITIES MSR availability: YES + * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES + * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES + * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO + * CPU/Hypervisor indicates L1D flushing is not necessary on this system: YES + * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO + * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): YES + * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO): YES + * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO): YES + * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): YES + * TSX_CTRL MSR indicates TSX RTM is disabled: YES + * TSX_CTRL MSR indicates TSX CPUID bit is cleared: YES + * CPU supports Transactional Synchronization Extensions (TSX): NO + * CPU supports Software Guard Extensions (SGX): YES + * CPU supports Special Register Buffer Data Sampling (SRBDS): NO + * CPU microcode is known to cause stability problems: NO (family 0x6 model 0x6a stepping 0x6 ucode 0xd000280 cpuid 0x606a6) + * CPU microcode is the latest known available version: NO (latest version is 0xd0002a0 dated 2021/04/25 according to builtin firmwares DB v191+i20210217) + * CPU vulnerability to the speculative execution attack variants + * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES + * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES + * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO + * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES + * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES + * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): YES + * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES + * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES + * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO + * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO + * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO + * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO + * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO + * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES + * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO + + CVE-2017-5753 aka Spectre Variant 1, bounds check bypass + * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization) + > STATUS: UNKNOWN (/sys vulnerability interface use forced, but its not available!) + + CVE-2017-5715 aka Spectre Variant 2, branch target injection + * Mitigated according to the /sys interface: YES (Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling) + > STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the vulnerability) + + CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load + * Mitigated according to the /sys interface: YES (Not affected) + * Running as a Xen PV DomU: NO + > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable) + + CVE-2018-3640 aka Variant 3a, rogue system register read + * CPU microcode mitigates the vulnerability: YES + > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability) + + CVE-2018-3639 aka Variant 4, speculative store bypass + * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp) + > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp) + + CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault + * CPU microcode mitigates the vulnerability: YES + > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability) + + CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault + * Mitigated according to the /sys interface: YES (Not affected) + > STATUS: NOT VULNERABLE (Not affected) + + CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault + * Information from the /sys interface: Not affected + > STATUS: NOT VULNERABLE (your kernel reported your CPU model as not vulnerable) + + CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS) + * Mitigated according to the /sys interface: YES (Not affected) + > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable) + + CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS) + * Mitigated according to the /sys interface: YES (Not affected) + > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable) + + CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS) + * Mitigated according to the /sys interface: YES (Not affected) + > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable) + + CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM) + * Mitigated according to the /sys interface: YES (Not affected) + > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable) + + CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA) + * Mitigated according to the /sys interface: YES (Not affected) + > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable) + + CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC) + * Mitigated according to the /sys interface: YES (Not affected) + > STATUS: NOT VULNERABLE (Not affected) + + CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS) + * Mitigated according to the /sys interface: YES (Not affected) + > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable) + + > SUMMARY: CVE-2017-5753:?? CVE-2017-5715:KO CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK |