Report: Update Infra sections

Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I14aa6f64b2621ad306e1cd79fafefe94dd1ed85a

diff --git a/docs/report/dpdk_performance_tests/csit_release_notes.rst b/docs/report/dpdk_performance_tests/csit_release_notes.rst
index 622d9c4..4f33231 100644 (file)
--- a/docs/report/dpdk_performance_tests/csit_release_notes.rst
+++ b/docs/report/dpdk_performance_tests/csit_release_notes.rst
@@ -4,16 +4,6 @@ Release Notes
 Changes in |csit-release|
 -------------------------
 
 Changes in |csit-release|
 -------------------------
 

-#. DPDK PERFORMANCE TESTS
-
-   - Fixed DPDK compilation on ARM systems.
-
-   - **AMD 2n-zn2 testbed**: New physical testbed type installed in
-     FD.io CSIT, with DPDK performance data added to this report.
-
-   - **Arm 2n-tx2 testbed**: New physical testbed type installed in
-     FD.io CSIT, with DPDK performance data added to this report.
-

 #. DPDK RELEASE VERSION CHANGE
 
    - |csit-release| tested |dpdk-release|, as used by |vpp-release|.
 #. DPDK RELEASE VERSION CHANGE
 
    - |csit-release| tested |dpdk-release|, as used by |vpp-release|.


@@ -28,9 +18,6 @@ List of known issues in |csit-release| for DPDK performance tests:
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 | #  | JiraID                                  | Issue Description                                                                                         |
 +====+=========================================+===========================================================================================================+
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 | #  | JiraID                                  | Issue Description                                                                                         |
 +====+=========================================+===========================================================================================================+

-|  1 | `CSIT-1761                              | Denverton systems in FD.io CSIT lab (2n-dnv and 3n-dnv) reports dpdk compilation error very often.        |
-|    | <https://jira.fd.io/browse/CSIT-1761>`_ |                                                                                                           |
-+----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
-|  2 | `CSIT-1762                              | TRex reports link DOWN in case of dpdk testpmd tests on FD.io CSIT Denverton systems (2n-dnv and 3n-dnv). |
+|  1 | `CSIT-1762                              | TRex reports link DOWN in case of dpdk testpmd tests on FD.io CSIT Denverton systems (2n-dnv and 3n-dnv). |

 |    | <https://jira.fd.io/browse/CSIT-1762>`_ |                                                                                                           |
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 |    | <https://jira.fd.io/browse/CSIT-1762>`_ |                                                                                                           |
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+

diff --git a/docs/report/introduction/methodology_ipsec.rst b/docs/report/introduction/methodology_ipsec.rst
index 99119e1..6cfa69c 100644 (file)
--- a/docs/report/introduction/methodology_ipsec.rst
+++ b/docs/report/introduction/methodology_ipsec.rst
@@ -47,7 +47,3 @@ dpdk_cryptodev
 | crypto_ipsecmb    | async/crypto worker | AES[128]-CBC     | SHA[256|512]   | 1, 4, 1k tunnels |
 +-------------------+---------------------+------------------+----------------+------------------+
 
 | crypto_ipsecmb    | async/crypto worker | AES[128]-CBC     | SHA[256|512]   | 1, 4, 1k tunnels |
 +-------------------+---------------------+------------------+----------------+------------------+
 

-..
-    VPP IPsec with HW crypto are executed in both tunnel and policy modes,
-    with tests running on 3-node Haswell testbeds (3n-hsw), as these are the
-    only testbeds equipped with Intel QAT cards.

diff --git a/docs/report/introduction/methodology_multi_core_speedup.rst b/docs/report/introduction/methodology_multi_core_speedup.rst
index 095f0f7..0530754 100644 (file)
--- a/docs/report/introduction/methodology_multi_core_speedup.rst
+++ b/docs/report/introduction/methodology_multi_core_speedup.rst
@@ -14,8 +14,7 @@ applied in BIOS and requires server SUT reload for it to take effect,
 making it impractical for continuous changes of HT mode of operation.
 
 |csit-release| performance tests are executed with server SUTs' Intel
 making it impractical for continuous changes of HT mode of operation.
 
 |csit-release| performance tests are executed with server SUTs' Intel

-XEON processors configured with Intel Hyper-Threading Disabled for all
-Xeon Haswell testbeds (3n-hsw) and with Intel Hyper-Threading Enabled
+XEON processors configured with Intel Hyper-Threading Enabled

 for all Xeon Skylake and Xeon Cascadelake testbeds.
 
 More information about physical testbeds is provided in
 for all Xeon Skylake and Xeon Cascadelake testbeds.
 
 More information about physical testbeds is provided in


@@ -27,13 +26,6 @@ Multi-core Tests
 |csit-release| multi-core tests are executed in the following VPP worker
 thread and physical core configurations:
 
 |csit-release| multi-core tests are executed in the following VPP worker
 thread and physical core configurations:
 

-#. Intel Xeon Haswell testbeds (3n-hsw) with Intel HT disabled
-   (1 logical CPU core per each physical core):
-
-  #. 1t1c - 1 VPP worker thread on 1 physical core.
-  #. 2t2c - 2 VPP worker threads on 2 physical cores.
-  #. 4t4c - 4 VPP worker threads on 4 physical cores.
-

 #. Intel Xeon Skylake and Cascadelake testbeds (2n-skx, 3n-skx, 2n-clx)
    with Intel HT enabled (2 logical CPU cores per each physical core):
 
 #. Intel Xeon Skylake and Cascadelake testbeds (2n-skx, 3n-skx, 2n-clx)
    with Intel HT enabled (2 logical CPU cores per each physical core):
 

diff --git a/docs/report/introduction/methodology_vpp_startup_settings.rst b/docs/report/introduction/methodology_vpp_startup_settings.rst
index e3e8d29..c583ae7 100644 (file)
--- a/docs/report/introduction/methodology_vpp_startup_settings.rst
+++ b/docs/report/introduction/methodology_vpp_startup_settings.rst
@@ -26,7 +26,7 @@ List of VPP startup.conf settings applied to all tests:
    256). For Xeon Skylake platforms configured with 2MB hugepages and VPP
    data-size and buffer-size defaults (2048B and 2496B respectively), this
    results in value of 215040 (256 * 840 = 215040, 840 * 2496B buffers fit
    256). For Xeon Skylake platforms configured with 2MB hugepages and VPP
    data-size and buffer-size defaults (2048B and 2496B respectively), this
    results in value of 215040 (256 * 840 = 215040, 840 * 2496B buffers fit

-   in 2MB hugepage ). For Xeon Haswell nodes value of 107520 is used.
+   in 2MB hugepage).

 
 Per Test Settings
 ~~~~~~~~~~~~~~~~~
 
 Per Test Settings
 ~~~~~~~~~~~~~~~~~

diff --git a/docs/report/introduction/physical_testbeds.rst b/docs/report/introduction/physical_testbeds.rst
index 5f62f1b..7755bdd 100644 (file)
--- a/docs/report/introduction/physical_testbeds.rst
+++ b/docs/report/introduction/physical_testbeds.rst
@@ -26,8 +26,8 @@ Two physical server topology types are used:
 Current FD.io production testbeds are built with SUT servers based on
 the following processor architectures:
 
 Current FD.io production testbeds are built with SUT servers based on
 the following processor architectures:
 

-- Intel Xeon: Skylake Platinum 8180, Haswell-SP E5-2699v3,
-  Cascade Lake Platinum 8280, Cascade Lake 6252N.
+- Intel Xeon: Skylake Platinum 8180, Cascade Lake Platinum 8280,
+  Cascade Lake 6252N.

 - Intel Atom: Denverton C3858.
 - Arm: TaiShan 2280, hip07-d05.
 - AMD EPYC: Zen2 7532.
 - Intel Atom: Denverton C3858.
 - Arm: TaiShan 2280, hip07-d05.
 - AMD EPYC: Zen2 7532.

diff --git a/docs/report/introduction/test_environment_intro.rst b/docs/report/introduction/test_environment_intro.rst
index 2aa4f44..c1ab7ea 100644 (file)
--- a/docs/report/introduction/test_environment_intro.rst
+++ b/docs/report/introduction/test_environment_intro.rst
@@ -79,7 +79,17 @@ Following is the list of CSIT versions to date:
 
   - The main change is TRex version upgrade:
     `increase from 2.82 to 2.86 <https://gerrit.fd.io/r/c/csit/+/29980>`_.
 
   - The main change is TRex version upgrade:
     `increase from 2.82 to 2.86 <https://gerrit.fd.io/r/c/csit/+/29980>`_.

+- Ver. 7 associated with CSIT rls2106 branch (`HW
+  <https://git.fd.io/csit/tree/docs/lab?h=rls2106>`_, `Linux
+  <https://docs.fd.io/csit/rls2106/report/vpp_performance_tests/test_environment.html#sut-settings-linux>`_,
+  `TRex
+  <https://docs.fd.io/csit/rls2106/report/vpp_performance_tests/test_environment.html#tg-settings-trex>`_,
+  `CSIT <https://git.fd.io/csit/tree/?h=rls2106>`_).

 
 

+  - TRex version upgrade:
+    `increase from 2.86 to 2.88 <https://gerrit.fd.io/r/c/csit/+/31652>`_.
+  - Ubuntu upgrade:
+    `upgrade from 18.04 LTS to 20.04.2 LTS <https://gerrit.fd.io/r/c/csit/+/31290>`_.

 
 To identify performance changes due to VPP code development between previous
 and current VPP release version, both have been tested in CSIT environment of
 
 To identify performance changes due to VPP code development between previous
 and current VPP release version, both have been tested in CSIT environment of


@@ -101,7 +111,7 @@ topology types are used:
   server as TG both connected in ring topology.
 
 Tested SUT servers are based on a range of processors including Intel
   server as TG both connected in ring topology.
 
 Tested SUT servers are based on a range of processors including Intel

-Xeon Haswell-SP, Intel Xeon Skylake-SP, Intel Xeon Cascade Lake-SP, Arm,
+Intel Xeon Skylake-SP, Intel Xeon Cascade Lake-SP, Arm,

 Intel Atom. More detailed description is provided in
 :ref:`tested_physical_topologies`. Tested logical topologies are
 described in :ref:`tested_logical_topologies`.
 Intel Atom. More detailed description is provided in
 :ref:`tested_physical_topologies`. Tested logical topologies are
 described in :ref:`tested_logical_topologies`.


@@ -112,5 +122,4 @@ Server Specifications
 Complete technical specifications of compute servers used in CSIT
 physical testbeds are maintained in FD.io CSIT repository:
 `FD.io CSIT testbeds - Xeon Cascade Lake`_,
 Complete technical specifications of compute servers used in CSIT
 physical testbeds are maintained in FD.io CSIT repository:
 `FD.io CSIT testbeds - Xeon Cascade Lake`_,

-`FD.io CSIT testbeds - Xeon Skylake, Arm, Atom`_ and
-`FD.io CSIT Testbeds - Xeon Haswell`_.
+`FD.io CSIT testbeds - Xeon Skylake, Arm, Atom`_.
\ No newline at end of file

diff --git a/docs/report/introduction/test_environment_sut_calib_clx.rst b/docs/report/introduction/test_environment_sut_calib_clx.rst
index ed44eb9..ef4812d 100644 (file)
--- a/docs/report/introduction/test_environment_sut_calib_clx.rst
+++ b/docs/report/introduction/test_environment_sut_calib_clx.rst
@@ -15,7 +15,7 @@ Linux cmdline
 ::
 
     $ cat /proc/cmdline
 ::
 
     $ cat /proc/cmdline

-    BOOT_IMAGE=/boot/vmlinuz-4.15.0-72-generic root=UUID=1d03969e-a2a0-41b2-a97e-1cc171b07e88 ro isolcpus=1-23,25-47,49-71,73-95 nohz_full=1-23,25-47,49-71,73-95 rcu_nocbs=1-23,25-47,49-71,73-95 numa_balancing=disable intel_pstate=disable intel_iommu=on iommu=pt nmi_watchdog=0 audit=0 nosoftlockup processor.max_cstate=1 intel_idle.max_cstate=1 hpet=disable tsc=reliable mce=off console=tty0 console=ttyS0,115200n8
+    BOOT_IMAGE=/boot/vmlinuz-5.4.0-65-generic root=UUID=b1f0dc29-1d4f-4777-b37d-a5e26e233d55 ro audit=0 hpet=disable intel_idle.max_cstate=1 intel_iommu=on intel_pstate=disable iommu=pt isolcpus=1-27,29-55,57-83,85-111 mce=off nmi_watchdog=0 nohz_full=1-27,29-55,57-83,85-111 nosoftlockup numa_balancing=disable processor.max_cstate=1 rcu_nocbs=1-27,29-55,57-83,85-111 tsc=reliable console=ttyS0,115200n8 quiet

 
 Linux uname
 ^^^^^^^^^^^
 
 Linux uname
 ^^^^^^^^^^^


@@ -23,7 +23,7 @@ Linux uname
 ::
 
     $ uname -a
 ::
 
     $ uname -a

-    Linux s32-t27-sut1 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
+    Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

 
 
 System-level Core Jitter
 
 
 System-level Core Jitter

diff --git a/docs/report/introduction/test_environment_sut_calib_dnv.rst b/docs/report/introduction/test_environment_sut_calib_dnv.rst
index 13f9806..d38ba2f 100644 (file)
--- a/docs/report/introduction/test_environment_sut_calib_dnv.rst
+++ b/docs/report/introduction/test_environment_sut_calib_dnv.rst
@@ -14,7 +14,7 @@ Linux cmdline
 ::
 
     $ cat /proc/cmdline
 ::
 
     $ cat /proc/cmdline

-    BOOT_IMAGE=/boot/vmlinuz-4.15.0-36-generic root=UUID=d3cfffd0-1e77-423a-a53a-a117199b6025 ro intel_iommu=on iommu=pt isolcpus=1-11 nohz_full=1-11 rcu_nocbs=1-11 default_hugepagesz=1G hugepagesz=1G hugepages=8 intel_pstate=disable nmi_watchdog=0 numa_balancing=disable tsc=reliable nosoftlockup quiet splash vt.handoff=7
+    BOOT_IMAGE=/boot/vmlinuz-5.4.0-65-generic root=UUID=26ca7b0f-904a-462d-a1c6-98c420c29515 ro audit=0 hpet=disable intel_idle.max_cstate=1 intel_iommu=on intel_pstate=disable iommu=pt isolcpus=1-5 mce=off nmi_watchdog=0 nohz_full=1-5 nosoftlockup numa_balancing=disable processor.max_cstate=1 rcu_nocbs=1-5 tsc=reliable console=tty0 console=ttyS0,115200n8

 
 
 Linux uname
 
 
 Linux uname


@@ -23,7 +23,7 @@ Linux uname
 ::
 
     $ uname -a
 ::
 
     $ uname -a

-    Linux 4.15.0-36-generic #39~16.04.1-Ubuntu SMP Tue Sep 25 08:59:23 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
+    Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

 
 
 System-level Core Jitter
 
 
 System-level Core Jitter

diff --git a/docs/report/introduction/test_environment_sut_calib_hsw.rst b/docs/report/introduction/test_environment_sut_calib_hsw.rst
deleted file mode 100644 (file)
index d2e8d3d..0000000
--- a/docs/report/introduction/test_environment_sut_calib_hsw.rst
+++ /dev/null
@@ -1,223 +0,0 @@
-Haswell
-~~~~~~~
-
-Following sections include sample calibration data measured on t1-sut1
-server running in one of the Intel Xeon Haswell testbeds as specified in
-`FD.io CSIT Testbeds - Xeon Haswell`_.
-
-Calibration data obtained from all other servers in Haswell testbeds
-shows the same or similar values.
-
-Linux cmdline
-^^^^^^^^^^^^^
-
-::
-
-    $ cat /proc/cmdline
-    BOOT_IMAGE=/vmlinuz-4.15.0-72-generic root=UUID=c59ae603-8076-41f4-bb5d-bc3fc8dd3ea1 ro isolcpus=1-17,19-35 nohz_full=1-17,19-35 rcu_nocbs=1-17,19-35 numa_balancing=disable intel_pstate=disable intel_iommu=on iommu=pt nmi_watchdog=0 audit=0 nosoftlockup processor.max_cstate=1 intel_idle.max_cstate=1 hpet=disable tsc=reliable mce=off console=tty0console=ttyS0,115200n8
-
-
-Linux uname
-^^^^^^^^^^^
-
-::
-
-    $ uname -a
-    Linux t1-tg1 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
-
-
-System-level Core Jitter
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-::
-
-    $ sudo taskset -c 3 /home/testuser/pma_tools/jitter/jitter -i 30
-    Linux Jitter testing program version 1.8
-    Iterations=30
-    The pragram will execute a dummy function 80000 times
-    Display is updated every 20000 displayUpdate intervals
-    Timings are in CPU Core cycles
-    Inst_Min:    Minimum Excution time during the display update interval(default is ~1 second)
-    Inst_Max:    Maximum Excution time during the display update interval(default is ~1 second)
-    Inst_jitter: Jitter in the Excution time during rhe display update interval. This is the value of interest
-    last_Exec:   The Excution time of last iteration just before the display update
-    Abs_Min:     Absolute Minimum Excution time since the program started or statistics were reset
-    Abs_Max:     Absolute Maximum Excution time since the program started or statistics were reset
-    tmp:         Cumulative value calcualted by the dummy function
-    Interval:    Time interval between the display updates in Core Cycles
-    Sample No:   Sample number
-
-       Inst_Min   Inst_Max   Inst_jitter last_Exec  Abs_min    Abs_max      tmp       Interval     Sample No
-        160024     172636      12612     160028     160024     172636    1573060608 3205463144          1
-        160024     188236      28212     160028     160024     188236     958595072 3205500844          2
-        160024     185676      25652     160028     160024     188236     344129536 3205485976          3
-        160024     172608      12584     160024     160024     188236    4024631296 3205472740          4
-        160024     179260      19236     160028     160024     188236    3410165760 3205502164          5
-        160024     172432      12408     160024     160024     188236    2795700224 3205452036          6
-        160024     178820      18796     160024     160024     188236    2181234688 3205455408          7
-        160024     172512      12488     160028     160024     188236    1566769152 3205461528          8
-        160024     172636      12612     160028     160024     188236     952303616 3205478820          9
-        160024     173676      13652     160028     160024     188236     337838080 3205470412         10
-        160024     178776      18752     160028     160024     188236    4018339840 3205481472         11
-        160024     172788      12764     160028     160024     188236    3403874304 3205492336         12
-        160024     174616      14592     160028     160024     188236    2789408768 3205474904         13
-        160024     174440      14416     160028     160024     188236    2174943232 3205479448         14
-        160024     178748      18724     160024     160024     188236    1560477696 3205482668         15
-        160024     172588      12564     169404     160024     188236     946012160 3205510496         16
-        160024     172636      12612     160024     160024     188236     331546624 3205472204         17
-        160024     172480      12456     160024     160024     188236    4012048384 3205455864         18
-        160024     172740      12716     160028     160024     188236    3397582848 3205464932         19
-        160024     179200      19176     160028     160024     188236    2783117312 3205476012         20
-        160024     172480      12456     160028     160024     188236    2168651776 3205465632         21
-        160024     172728      12704     160024     160024     188236    1554186240 3205497204         22
-        160024     172620      12596     160028     160024     188236     939720704 3205466972         23
-        160024     172640      12616     160028     160024     188236     325255168 3205471216         24
-        160024     172484      12460     160028     160024     188236    4005756928 3205467388         25
-        160024     172636      12612     160028     160024     188236    3391291392 3205482748         26
-        160024     179056      19032     160024     160024     188236    2776825856 3205467152         27
-        160024     172672      12648     160024     160024     188236    2162360320 3205483268         28
-        160024     176932      16908     160024     160024     188236    1547894784 3205488536         29
-        160024     172452      12428     160028     160024     188236     933429248 3205440636         30
-
-
-Memory Bandwidth
-^^^^^^^^^^^^^^^^
-
-::
-
-    $ sudo /home/testuser/mlc --bandwidth_matrix
-    Intel(R) Memory Latency Checker - v3.5
-    Command line parameters: --bandwidth_matrix
-
-    Using buffer size of 100.000MB/thread for reads and an additional 100.000MB/thread for writes
-    Measuring Memory Bandwidths between nodes within system
-    Bandwidths are in MB/sec (1 MB/sec = 1,000,000 Bytes/sec)
-    Using all the threads from each core if Hyper-threading is enabled
-    Using Read-only traffic type
-                     Numa node
-    Numa node        0       1
-        0        57935.5   30265.2
-        1        30284.6   58409.9
-
-::
-
-    $ sudo /home/testuser/mlc --peak_injection_bandwidth
-    Intel(R) Memory Latency Checker - v3.5
-    Command line parameters: --peak_injection_bandwidth
-
-    Using buffer size of 100.000MB/thread for reads and an additional 100.000MB/thread for writes
-
-    Measuring Peak Injection Memory Bandwidths for the system
-    Bandwidths are in MB/sec (1 MB/sec = 1,000,000 Bytes/sec)
-    Using all the threads from each core if Hyper-threading is enabled
-    Using traffic with the following read-write ratios
-    ALL Reads        :  115762.2
-    3:1 Reads-Writes :  106242.2
-    2:1 Reads-Writes :  103031.8
-    1:1 Reads-Writes :  87943.7
-    Stream-triad like:  100048.4
-
-::
-
-    $ sudo /home/testuser/mlc --max_bandwidth
-    Intel(R) Memory Latency Checker - v3.5
-    Command line parameters: --max_bandwidth
-
-    Using buffer size of 100.000MB/thread for reads and an additional 100.000MB/thread for writes
-
-    Measuring Maximum Memory Bandwidths for the system
-    Will take several minutes to complete as multiple injection rates will be tried to get the best bandwidth
-    Bandwidths are in MB/sec (1 MB/sec = 1,000,000 Bytes/sec)
-    Using all the threads from each core if Hyper-threading is enabled
-    Using traffic with the following read-write ratios
-    ALL Reads        :  115782.41
-    3:1 Reads-Writes :  105965.78
-    2:1 Reads-Writes :  103162.38
-    1:1 Reads-Writes :  88255.82
-    Stream-triad like:  105608.10
-
-
-Memory Latency
-^^^^^^^^^^^^^^
-
-::
-
-    $ sudo /home/testuser/mlc --latency_matrix
-    Intel(R) Memory Latency Checker - v3.5
-    Command line parameters: --latency_matrix
-
-    Using buffer size of 200.000MB
-    Measuring idle latencies (in ns)...
-                     Numa node
-    Numa node        0       1
-        0           101.0   132.0
-        1           141.2    98.8
-
-::
-
-    $ sudo /home/testuser/mlc --idle_latency
-    Intel(R) Memory Latency Checker - v3.5
-    Command line parameters: --idle_latency
-
-    Using buffer size of 200.000MB
-    Each iteration took 227.2 core clocks ( 99.0    ns)
-
-::
-
-    $ sudo /home/testuser/mlc --loaded_latency
-    Intel(R) Memory Latency Checker - v3.5
-    Command line parameters: --loaded_latency
-
-    Using buffer size of 100.000MB/thread for reads and an additional 100.000MB/thread for writes
-
-    Measuring Loaded Latencies for the system
-    Using all the threads from each core if Hyper-threading is enabled
-    Using Read-only traffic type
-    Inject  Latency Bandwidth
-    Delay   (ns)    MB/sec
-    ==========================
-     00000  294.08   115841.6
-     00002  294.27   115851.5
-     00008  293.67   115821.8
-     00015  278.92   115587.5
-     00050  246.80   113991.2
-     00100  206.86   104508.1
-     00200  123.72    72873.6
-     00300  113.35    52641.1
-     00400  108.89    41078.9
-     00500  108.11    33699.1
-     00700  106.19    24878.0
-     01000  104.75    17948.1
-     01300  103.72    14089.0
-     01700  102.95    11013.6
-     02500  102.25     7756.3
-     03500  101.81     5749.3
-     05000  101.46     4230.4
-     09000  101.05     2641.4
-     20000  100.77     1542.5
-
-
-L1/L2/LLC Latency
-^^^^^^^^^^^^^^^^^
-
-::
-
-    $ sudo /home/testuser/mlc --c2c_latency
-    Intel(R) Memory Latency Checker - v3.5
-    Command line parameters: --c2c_latency
-
-    Measuring cache-to-cache transfer latency (in ns)...
-    Local Socket L2->L2 HIT  latency    42.1
-    Local Socket L2->L2 HITM latency    47.0
-    Remote Socket L2->L2 HITM latency (data address homed in writer socket)
-                      Reader Numa Node
-    Writer Numa Node     0       1
-                0        -   108.0
-                1    106.9       -
-    Remote Socket L2->L2 HITM latency (data address homed in reader socket)
-                      Reader Numa Node
-    Writer Numa Node     0       1
-                0        -   107.7
-                1    106.6       -
-
-.. include:: ../introduction/test_environment_sut_meltspec_hsw.rst

diff --git a/docs/report/introduction/test_environment_sut_calib_skx.rst b/docs/report/introduction/test_environment_sut_calib_skx.rst
index e3038a2..cbb8011 100644 (file)
--- a/docs/report/introduction/test_environment_sut_calib_skx.rst
+++ b/docs/report/introduction/test_environment_sut_calib_skx.rst
@@ -15,7 +15,7 @@ Linux cmdline
 ::
 
     $ cat /proc/cmdline
 ::
 
     $ cat /proc/cmdline

-    BOOT_IMAGE=/boot/vmlinuz-4.15.0-72-generic root=UUID=e05120bb-7127-43db-b1e3-a66edd4c43bd ro isolcpus=1-27,29-55,57-83,85-111 nohz_full=1-27,29-55,57-83,85-111 rcu_nocbs=1-27,29-55,57-83,85-111 numa_balancing=disable intel_pstate=disable intel_iommu=on iommu=pt nmi_watchdog=0 audit=0 nosoftlockup processor.max_cstate=1 intel_idle.max_cstate=1 hpet=disable tsc=reliable mce=off console=tty0 console=ttyS0,115200n8
+    BOOT_IMAGE=/boot/vmlinuz-5.4.0-65-generic root=UUID=55d44abd-94d6-4b26-9d93-5877a8658016 ro audit=0 hpet=disable intel_idle.max_cstate=1 intel_iommu=on intel_pstate=disable iommu=pt isolcpus=1-27,29-55,57-83,85-111 mce=off nmi_watchdog=0 nohz_full=1-27,29-55,57-83,85-111 nosoftlockup numa_balancing=disable processor.max_cstate=1 rcu_nocbs=1-27,29-55,57-83,85-111 tsc=reliable console=ttyS0,115200n8 quiet

 
 
 Linux uname
 
 
 Linux uname


@@ -24,7 +24,7 @@ Linux uname
 ::
 
     $ uname -a
 ::
 
     $ uname -a

-    Linux s3-t21-sut1 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
+    Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

 
 
 System-level Core Jitter
 
 
 System-level Core Jitter

diff --git a/docs/report/introduction/test_environment_sut_calib_tsh.rst b/docs/report/introduction/test_environment_sut_calib_tsh.rst
index a503a42..36284f3 100644 (file)
--- a/docs/report/introduction/test_environment_sut_calib_tsh.rst
+++ b/docs/report/introduction/test_environment_sut_calib_tsh.rst
@@ -14,7 +14,7 @@ Linux cmdline
 ::
 
     $ cat /proc/cmdline
 ::
 
     $ cat /proc/cmdline

-    BOOT_IMAGE=/boot/vmlinuz-4.15.0-54-generic root=/dev/mapper/huawei--1--vg-root ro isolcpus=1-15,17-31,33-47,49-63 nohz_full=1-15     17-31,33-47,49-63 rcu_nocbs=1-15     17-31,33-47,49-63 intel_iommu=on nmi_watchdog=0 audit=0 nosoftlockup processor.max_cstate=1 console=ttyAMA0,115200n8
+    BOOT_IMAGE=/boot/vmlinuz-5.4.0-65-generic root=UUID=7d1d0e77-4df0-43df-9619-a99db29ffb83 ro audit=0 intel_iommu=on isolcpus=1-27,29-55 nmi_watchdog=0 nohz_full=1-27,29-55 nosoftlockup processor.max_cstate=1 rcu_nocbs=1-27,29-55 console=ttyAMA0,115200n8 quiet

 
 Linux uname
 ^^^^^^^^^^^
 
 Linux uname
 ^^^^^^^^^^^


@@ -22,7 +22,7 @@ Linux uname
 ::
 
     $ uname -a
 ::
 
     $ uname -a

-    Linux s17-t33-sut1 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:56:40 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux
+    Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

 
 
 System-level Core Jitter
 
 
 System-level Core Jitter

diff --git a/docs/report/introduction/test_environment_sut_calib_tx2.rst b/docs/report/introduction/test_environment_sut_calib_tx2.rst
index 4b715c8..2844ec1 100644 (file)
--- a/docs/report/introduction/test_environment_sut_calib_tx2.rst
+++ b/docs/report/introduction/test_environment_sut_calib_tx2.rst
@@ -11,7 +11,7 @@ Linux cmdline
 ::
 
     $ cat /proc/cmdline
 ::
 
     $ cat /proc/cmdline

-    BOOT_IMAGE=/boot/vmlinuz-4.15.0-72-generic root=UUID=19debf43-de1a-4f0d-97a7-c4d0ccd04327 ro audit=0 intel_iommu=on isolcpus=1-27,29-55 nmi_watchdog=0 nohz_full=1-27,29-55 nosoftlockup processor.max_cstate=1 rcu_nocbs=1-27,29-55 splash quiet vt.handoff=1
+    BOOT_IMAGE=/boot/vmlinuz-5.4.0-65-generic root=UUID=7d1d0e77-4df0-43df-9619-a99db29ffb83 ro audit=0 intel_iommu=on isolcpus=1-27,29-55 nmi_watchdog=0 nohz_full=1-27,29-55 nosoftlockup processor.max_cstate=1 rcu_nocbs=1-27,29-55 console=ttyAMA0,115200n8 quiet

 
 Linux uname
 ^^^^^^^^^^^
 
 Linux uname
 ^^^^^^^^^^^


@@ -19,7 +19,7 @@ Linux uname
 ::
 
     $ uname -a
 ::
 
     $ uname -a

-    Linux s27-t34-sut1 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:21:09 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux
+    Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

 
 
 .. include:: ../introduction/test_environment_sut_meltspec_tx2.rst
 
 
 .. include:: ../introduction/test_environment_sut_meltspec_tx2.rst

diff --git a/docs/report/introduction/test_environment_sut_calib_zn2.rst b/docs/report/introduction/test_environment_sut_calib_zn2.rst
index c181b5f..9454edd 100644 (file)
--- a/docs/report/introduction/test_environment_sut_calib_zn2.rst
+++ b/docs/report/introduction/test_environment_sut_calib_zn2.rst
@@ -12,7 +12,7 @@ Linux cmdline
 ::
 
     $ cat /proc/cmdline
 ::
 
     $ cat /proc/cmdline

-    BOOT_IMAGE=/boot/vmlinuz-4.15.0-72-generic root=UUID=1672f0ef-755e-4a26-884d-02a3f4ac933c ro isolcpus=1-15,33-47,17-31,49-63 nohz_full=1-15,33-47,17-31,49-63 rcu_nocbs=1-15,33-47,17-31,49-63 numa_balancing=disable amd_iommu=on iommu=pt nmi_watchdog=0 audit=0 nosoftlockup processor.max_cstate=0 hpet=disable tsc=reliable mce=off splash quiet vt.handoff=1
+    BOOT_IMAGE=/boot/vmlinuz-5.4.0-65-generic root=UUID=3c4b56e3-1f01-4211-a652-ea77468f58b7 ro amd_iommu=on audit=0 hpet=disable iommu=pt isolcpus=1-15,17-31,33-47,49-63 nmi_watchdog=0 nohz_full=off nosoftlockup numa_balancing=disable processor.max_cstate=0 rcu_nocbs=1-15,17-31,33-47,49-63 tsc=reliable console=ttyS0,115200n8 quiet

 
 
 Linux uname
 
 
 Linux uname


@@ -21,7 +21,7 @@ Linux uname
 ::
 
     $ uname -a
 ::
 
     $ uname -a

-    Linux s60-t210-sut1 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
+    Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

 
 
 System-level Core Jitter
 
 
 System-level Core Jitter

diff --git a/docs/report/introduction/test_environment_sut_conf_1.rst b/docs/report/introduction/test_environment_sut_conf_1.rst
index 63ff502..7f724dd 100644 (file)
--- a/docs/report/introduction/test_environment_sut_conf_1.rst
+++ b/docs/report/introduction/test_environment_sut_conf_1.rst
@@ -5,19 +5,6 @@ System provisioning is done by combination of PXE boot unattented
 install and
 `Ansible <https://www.ansible.com>`_ described in `CSIT Testbed Setup`_.
 
 install and
 `Ansible <https://www.ansible.com>`_ described in `CSIT Testbed Setup`_.
 

-Below a subset of the running configuration:
-
-1. Ubuntu 18.04.2 LTS
-
-::
-
-    $ lsb_release -a
-    No LSB modules are available.
-    Distributor ID: Ubuntu
-    Description:    Ubuntu 18.04.2 LTS
-    Release:        18.04
-    Codename:       bionic
-

 Linux Boot Parameters
 ~~~~~~~~~~~~~~~~~~~~~
 
 Linux Boot Parameters
 ~~~~~~~~~~~~~~~~~~~~~
 

diff --git a/docs/report/introduction/test_environment_sut_meltspec_clx.rst b/docs/report/introduction/test_environment_sut_meltspec_clx.rst
index 826e6d3..6261c56 100644 (file)
--- a/docs/report/introduction/test_environment_sut_meltspec_clx.rst
+++ b/docs/report/introduction/test_environment_sut_meltspec_clx.rst
@@ -8,174 +8,130 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
 
 ::
 
 
 ::
 

-  Spectre and Meltdown mitigation detection tool v0.43
-
-  awk: fatal: cannot open file `bash for reading (No such file or directory)
-  Checking for vulnerabilities on current system
-  Kernel is Linux 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64
-  CPU is Intel(R) Xeon(R) Platinum 8280 CPU @ 2.70GHz
+  Spectre and Meltdown mitigation detection tool v0.44+

 
   Hardware check
 
   Hardware check

-  * Hardware support (CPU microcode) for mitigation techniques
-    * Indirect Branch Restricted Speculation (IBRS)
-      * SPEC_CTRL MSR is available: YES
-      * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
-    * Indirect Branch Prediction Barrier (IBPB)
-      * PRED_CMD MSR is available: YES
-      * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
-    * Single Thread Indirect Branch Predictors (STIBP)
-      * SPEC_CTRL MSR is available: YES
-      * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
-    * Speculative Store Bypass Disable (SSBD)
-      * CPU indicates SSBD capability: YES (Intel SSBD)
-    * L1 data cache invalidation
-      * FLUSH_CMD MSR is available: YES
-      * CPU indicates L1D flush capability: YES (L1D flush feature bit)
-    * Microarchitectural Data Sampling
-      * VERW instruction is available: YES (MD_CLEAR feature bit)
-    * Enhanced IBRS (IBRS_ALL)
-      * CPU indicates ARCH_CAPABILITIES MSR availability: YES
-      * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES
-    * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES
-    * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
-    * CPU/Hypervisor indicates L1D flushing is not necessary on this system: YES
-    * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
-    * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): YES
-    * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO): NO
-    * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO): NO
-    * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): YES
-      * TSX_CTRL MSR indicates TSX RTM is disabled: YES
-      * TSX_CTRL MSR indicates TSX CPUID bit is cleared: YES
-    * CPU supports Transactional Synchronization Extensions (TSX): NO
-    * CPU supports Software Guard Extensions (SGX): NO
-    * CPU microcode is known to cause stability problems: NO (model 0x55 family 0x6 stepping 0x7 ucode 0x500002c cpuid 0x50657)
-    * CPU microcode is the latest known available version: awk: fatal: cannot open file `bash for reading (No such file or directory)
-  UNKNOWN (latest microcode version for your CPU model is unknown)
-  * CPU vulnerability to the speculative execution attack variants
-    * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
-    * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
-    * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
-    * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
-    * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
-    * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
-    * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
-    * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
-    * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
-    * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
-    * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
-    * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
-    * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
-
-  CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
-  * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
-  * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
-  * Kernel has the Red Hat/Ubuntu patch: NO
-  * Kernel has mask_nospec64 (arm64): NO
-  > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
-
-  CVE-2017-5715 aka Spectre Variant 2, branch target injection
-  * Mitigated according to the /sys interface: YES (Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling)
-  * Mitigation 1
-    * Kernel is compiled with IBRS support: YES
-      * IBRS enabled and active: YES (Enhanced flavor, performance impact will be greatly reduced)
-    * Kernel is compiled with IBPB support: YES
-      * IBPB enabled and active: YES
-  * Mitigation 2
-    * Kernel has branch predictor hardening (arm): NO
-    * Kernel compiled with retpoline option: YES
-    * Kernel supports RSB filling: YES
-  > STATUS: NOT VULNERABLE (Enhanced IBRS + IBPB are mitigating the vulnerability)
-
-  CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports Page Table Isolation (PTI): YES
-    * PTI enabled and active: UNKNOWN (dmesg truncated, please reboot and relaunch this script)
-    * Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
-  * Running as a Xen PV DomU: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3640 aka Variant 3a, rogue system register read
-  * CPU microcode mitigates the vulnerability: YES
-  > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
-
-  CVE-2018-3639 aka Variant 4, speculative store bypass
-  * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
-  * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
-  * SSB mitigation is enabled and active: YES (per-thread through prctl)
-  * SSB mitigation currently active for selected processes: YES (systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
-  > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
-
-  CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
-  * CPU microcode mitigates the vulnerability: N/A
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports PTE inversion: YES (found in kernel image)
-  * PTE inversion enabled and active: NO
-  > STATUS: NOT VULNERABLE (Not affected)
-
-  CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
-  * Information from the /sys interface: Not affected
-  * This system is a host running a hypervisor: NO
-  * Mitigation 1 (KVM)
-    * EPT is disabled: NO
-  * Mitigation 2
-    * L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
-    * L1D flush enabled: NO
-    * Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
-    * Hyper-Threading (SMT) is enabled: YES
-  > STATUS: NOT VULNERABLE (your kernel reported your CPU model as not vulnerable)
-
-  CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
-  * Mitigated according to the /sys interface: YES (Mitigation: TSX disabled)
-  * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
-  * TAA mitigation enabled and active: YES (Mitigation: TSX disabled)
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
-  * Mitigated according to the /sys interface: YES (KVM: Mitigation: Split huge pages)
-  * This system is a host running a hypervisor: NO
-  * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
-  * iTLB Multihit mitigation enabled and active: YES (KVM: Mitigation: Split huge pages)
-  > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
-
-  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK
+   * Hardware support (CPU microcode) for mitigation techniques
+     * Indirect Branch Restricted Speculation (IBRS)
+       * SPEC_CTRL MSR is available: YES
+       * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
+     * Indirect Branch Prediction Barrier (IBPB)
+       * PRED_CMD MSR is available: YES
+       * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
+     * Single Thread Indirect Branch Predictors (STIBP)
+       * SPEC_CTRL MSR is available: YES
+       * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
+     * Speculative Store Bypass Disable (SSBD)
+       * CPU indicates SSBD capability: YES (Intel SSBD)
+     * L1 data cache invalidation
+       * FLUSH_CMD MSR is available: YES
+       * CPU indicates L1D flush capability: YES (L1D flush feature bit)
+     * Microarchitectural Data Sampling
+       * VERW instruction is available: YES (MD_CLEAR feature bit)
+     * Enhanced IBRS (IBRS_ALL)
+       * CPU indicates ARCH_CAPABILITIES MSR availability: YES
+       * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES
+     * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES
+     * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
+     * CPU/Hypervisor indicates L1D flushing is not necessary on this system: YES
+     * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
+     * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): YES
+     * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO): NO
+     * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO): NO
+     * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): YES
+       * TSX_CTRL MSR indicates TSX RTM is disabled: YES
+       * TSX_CTRL MSR indicates TSX CPUID bit is cleared: YES
+     * CPU supports Transactional Synchronization Extensions (TSX): NO
+     * CPU supports Software Guard Extensions (SGX): NO
+     * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
+     * CPU microcode is known to cause stability problems: NO (family 0x6 model 0x55 stepping 0x7 ucode 0x500002c cpuid 0x50657)
+     * CPU microcode is the latest known available version: NO (latest version is 0x5003102 dated 2021/03/08 according to builtin firmwares DB v191+i20210217)
+   * CPU vulnerability to the speculative execution attack variants
+     * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+     * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+     * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+     * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
+     * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+     * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+     * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
+     * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
+     * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+     * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+     * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+     * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+     * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+     * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
+     * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
+
+  CVE-2017-5753 aka  Spectre Variant 1, bounds check bypass
+   * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+   > STATUS: UNKNOWN (/sys vulnerability interface use forced, but it  s not available!)
+
+  CVE-2017-5715 aka  Spectre Variant 2, branch target injection
+   * Mitigated according to the /sys interface: YES (Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling)
+   > STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, is needed to mitigate the vulnerability)
+
+  CVE-2017-5754 aka  Variant 3, Meltdown, rogue data cache load
+   * Mitigated according to the /sys interface: YES (Not affected)
+   * Running as a Xen PV DomU: NO
+   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3640 aka  Variant 3a, rogue system register read
+   * CPU microcode mitigates the vulnerability: YES
+   > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
+
+  CVE-2018-3639 aka  Variant 4, speculative store bypass
+   * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+   > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+
+  CVE-2018-3615 aka  Foreshadow (SGX), L1 terminal fault
+   * CPU microcode mitigates the vulnerability: N/A
+   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3620 aka  Foreshadow-NG (OS), L1 terminal fault
+   * Mitigated according to the /sys interface: YES (Not affected)
+   > STATUS: NOT VULNERABLE (Not affected)
+
+  CVE-2018-3646 aka  Foreshadow-NG (VMM), L1 terminal fault
+   * Information from the /sys interface: Not affected
+   > STATUS: NOT VULNERABLE (your kernel reported your CPU model as not vulnerable)
+
+  CVE-2018-12126 aka  Fallout, microarchitectural store buffer data sampling (MSBDS)
+   * Mitigated according to the /sys interface: YES (Not affected)
+   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12130 aka  ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
+   * Mitigated according to the /sys interface: YES (Not affected)
+   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12127 aka  RIDL, microarchitectural load port data sampling (MLPDS)
+   * Mitigated according to the /sys interface: YES (Not affected)
+   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2019-11091 aka  RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
+   * Mitigated according to the /sys interface: YES (Not affected)
+   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2019-11135 aka  ZombieLoad V2, TSX Asynchronous Abort (TAA)
+   * Mitigated according to the /sys interface: YES (Mitigation: TSX disabled)
+   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12207 aka  No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
+   * Mitigated according to the /sys interface: YES (KVM: Mitigation: Split huge pages)
+   > STATUS: NOT VULNERABLE (KVM: Mitigation: Split huge pages)
+
+  CVE-2020-0543 aka  Special Register Buffer Data Sampling (SRBDS)
+   * Mitigated according to the /sys interface: YES (Not affected)
+   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+   > SUMMARY: CVE-2017-5753:?? CVE-2017-5715:KO CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK

 
 ::
 
 
 ::
 

-  awk: fatal: cannot open file `bash for reading (No such file or directory)
+  Spectre and Meltdown mitigation detection tool v0.44+
+

   Checking for vulnerabilities on current system
   Checking for vulnerabilities on current system

-  Kernel is Linux 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64
+  Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64

   CPU is Intel(R) Xeon(R) Gold 6252N CPU @ 2.30GHz
 
   Hardware check
   CPU is Intel(R) Xeon(R) Gold 6252N CPU @ 2.30GHz
 
   Hardware check


@@ -211,50 +167,36 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
       * TSX_CTRL MSR indicates TSX CPUID bit is cleared: YES
     * CPU supports Transactional Synchronization Extensions (TSX): NO
     * CPU supports Software Guard Extensions (SGX): NO
       * TSX_CTRL MSR indicates TSX CPUID bit is cleared: YES
     * CPU supports Transactional Synchronization Extensions (TSX): NO
     * CPU supports Software Guard Extensions (SGX): NO

+    * CPU supports Special Register Buffer Data Sampling (SRBDS): NO

     * CPU microcode is known to cause stability problems: NO (family 0x6 model 0x55 stepping 0x7 ucode 0x500002c cpuid 0x50657)
     * CPU microcode is known to cause stability problems: NO (family 0x6 model 0x55 stepping 0x7 ucode 0x500002c cpuid 0x50657)

-    * CPU microcode is the latest known available version: awk: fatal: cannot open file `bash for reading (No such file or directory)
-  UNKNOWN (latest microcode version for your CPU model is unknown)
+    * CPU microcode is the latest known available version: NO (latest version is 0x5003102 dated 2021/03/08 according to builtin firmwares DB v191+i20210217)

   * CPU vulnerability to the speculative execution attack variants
   * CPU vulnerability to the speculative execution attack variants

-    * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
-    * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
-    * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
-    * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
-    * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
-    * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
-    * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
-    * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
-    * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
-    * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
-    * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
-    * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
-    * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
+    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
+    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
+    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
+    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
+    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO

 
   CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
   * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
 
   CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
   * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)

-  * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
-  * Kernel has the Red Hat/Ubuntu patch: NO
-  * Kernel has mask_nospec64 (arm64): NO
-  > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+  > STATUS: UNKNOWN (/sys vulnerability interface use forced, but its not available!)

 
   CVE-2017-5715 aka Spectre Variant 2, branch target injection
   * Mitigated according to the /sys interface: YES (Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling)
 
   CVE-2017-5715 aka Spectre Variant 2, branch target injection
   * Mitigated according to the /sys interface: YES (Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling)

-  * Mitigation 1
-    * Kernel is compiled with IBRS support: YES
-      * IBRS enabled and active: YES (Enhanced flavor, performance impact will be greatly reduced)
-    * Kernel is compiled with IBPB support: YES
-      * IBPB enabled and active: YES
-  * Mitigation 2
-    * Kernel has branch predictor hardening (arm): NO
-    * Kernel compiled with retpoline option: YES
-    * Kernel supports RSB filling: YES
-  > STATUS: NOT VULNERABLE (Enhanced IBRS + IBPB are mitigating the vulnerability)
+  > STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB+RSB filling, is needed to mitigate the vulnerability)

 
   CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
   * Mitigated according to the /sys interface: YES (Not affected)
 
   CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
   * Mitigated according to the /sys interface: YES (Not affected)

-  * Kernel supports Page Table Isolation (PTI): YES
-    * PTI enabled and active: UNKNOWN (dmesg truncated, please reboot and relaunch this script)
-    * Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)

   * Running as a Xen PV DomU: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * Running as a Xen PV DomU: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 


@@ -264,9 +206,6 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
 
   CVE-2018-3639 aka Variant 4, speculative store bypass
   * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
 
   CVE-2018-3639 aka Variant 4, speculative store bypass
   * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

-  * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
-  * SSB mitigation is enabled and active: YES (per-thread through prctl)
-  * SSB mitigation currently active for selected processes: YES (systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)

   > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
 
   CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
   > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
 
   CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault


@@ -275,61 +214,38 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
 
   CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
   * Mitigated according to the /sys interface: YES (Not affected)
 
   CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
   * Mitigated according to the /sys interface: YES (Not affected)

-  * Kernel supports PTE inversion: YES (found in kernel image)
-  * PTE inversion enabled and active: NO

   > STATUS: NOT VULNERABLE (Not affected)
 
   CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
   * Information from the /sys interface: Not affected
   > STATUS: NOT VULNERABLE (Not affected)
 
   CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
   * Information from the /sys interface: Not affected

-  * This system is a host running a hypervisor: NO
-  * Mitigation 1 (KVM)
-    * EPT is disabled: NO
-  * Mitigation 2
-    * L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
-    * L1D flush enabled: NO
-    * Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
-    * Hyper-Threading (SMT) is enabled: YES

   > STATUS: NOT VULNERABLE (your kernel reported your CPU model as not vulnerable)
 
   CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
   * Mitigated according to the /sys interface: YES (Not affected)
   > STATUS: NOT VULNERABLE (your kernel reported your CPU model as not vulnerable)
 
   CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
   * Mitigated according to the /sys interface: YES (Not affected)

-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO

   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
   * Mitigated according to the /sys interface: YES (Not affected)
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
   * Mitigated according to the /sys interface: YES (Not affected)

-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO

   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
   * Mitigated according to the /sys interface: YES (Not affected)
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
   * Mitigated according to the /sys interface: YES (Not affected)

-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO

   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
   * Mitigated according to the /sys interface: YES (Not affected)
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
   * Mitigated according to the /sys interface: YES (Not affected)

-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO

   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
   * Mitigated according to the /sys interface: YES (Mitigation: TSX disabled)
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
   * Mitigated according to the /sys interface: YES (Mitigation: TSX disabled)

-  * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
-  * TAA mitigation enabled and active: YES (Mitigation: TSX disabled)

   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
   * Mitigated according to the /sys interface: YES (KVM: Mitigation: Split huge pages)
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
   * Mitigated according to the /sys interface: YES (KVM: Mitigation: Split huge pages)

-  * This system is a host running a hypervisor: NO
-  * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
-  * iTLB Multihit mitigation enabled and active: YES (KVM: Mitigation: Split huge pages)
-  > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
+  > STATUS: NOT VULNERABLE (KVM: Mitigation: Split huge pages)
+
+  CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

 
 

-  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK
+  > SUMMARY: CVE-2017-5753:?? CVE-2017-5715:KO CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK

diff --git a/docs/report/introduction/test_environment_sut_meltspec_dnv.rst b/docs/report/introduction/test_environment_sut_meltspec_dnv.rst
index 616449e..4b3a8a1 100644 (file)
--- a/docs/report/introduction/test_environment_sut_meltspec_dnv.rst
+++ b/docs/report/introduction/test_environment_sut_meltspec_dnv.rst
@@ -8,10 +8,11 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
 
 ::
 
 
 ::
 

-  Spectre and Meltdown mitigation detection tool v0.42
+  Spectre and Meltdown mitigation detection tool v0.44+
+

   Checking for vulnerabilities on current system
   Checking for vulnerabilities on current system

-  Kernel is Linux 4.15.0-51-generic #55-Ubuntu SMP Wed May 15 14:27:21 UTC 2019 x86_64
-  CPU is Intel(R) Atom(TM) CPU C3858 @ 2.00GHz
+  Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64
+  CPU is Intel(R) Xeon(R) Platinum 8180 CPU @ 2.50GHz

 
   Hardware check
   * Hardware support (CPU microcode) for mitigation techniques
 
   Hardware check
   * Hardware support (CPU microcode) for mitigation techniques


@@ -26,43 +27,222 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
       * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
     * Speculative Store Bypass Disable (SSBD)
       * CPU indicates SSBD capability: YES (Intel SSBD)
       * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
     * Speculative Store Bypass Disable (SSBD)
       * CPU indicates SSBD capability: YES (Intel SSBD)

+    * L1 data cache invalidation
+      * FLUSH_CMD MSR is available: YES
+      * CPU indicates L1D flush capability: YES (L1D flush feature bit)
+    * Microarchitectural Data Sampling
+      * VERW instruction is available: YES (MD_CLEAR feature bit)
+    * Enhanced IBRS (IBRS_ALL)
+      * CPU indicates ARCH_CAPABILITIES MSR availability: NO
+      * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
+    * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): NO
+    * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
+    * CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
+    * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
+    * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO
+    * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO): NO
+    * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO): NO
+    * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): NO
+    * CPU supports Transactional Synchronization Extensions (TSX): YES (RTM feature bit)
+    * CPU supports Software Guard Extensions (SGX): NO
+    * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
+    * CPU microcode is known to cause stability problems: NO (family 0x6 model 0x55 stepping 0x4 ucode 0x2000065 cpuid 0x50654)
+    * CPU microcode is the latest known available version: NO (latest version is 0x2006b06 dated 2021/03/08 according to builtin firmwares DB v191+i20210217)
+  * CPU vulnerability to the speculative execution attack variants
+    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
+    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
+    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
+    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
+    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
+    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
+    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
+    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
+    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): YES
+    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
+    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
+
+  CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
+  * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+  * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
+  * Kernel has the Red Hat/Ubuntu patch: NO
+  * Kernel has mask_nospec64 (arm64): NO
+  * Kernel has array_index_nospec (arm64): NO
+  > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+
+  CVE-2017-5715 aka Spectre Variant 2, branch target injection
+  * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
+  * Mitigation 1
+    * Kernel is compiled with IBRS support: YES
+      * IBRS enabled and active: YES (for firmware code only)
+    * Kernel is compiled with IBPB support: YES
+      * IBPB enabled and active: YES
+  * Mitigation 2
+    * Kernel has branch predictor hardening (arm): NO
+    * Kernel compiled with retpoline option: YES
+      * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
+    * Kernel supports RSB filling: YES
+  > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
+
+  CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
+  * Mitigated according to the /sys interface: YES (Mitigation: PTI)
+  * Kernel supports Page Table Isolation (PTI): YES
+    * PTI enabled and active: YES
+    * Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
+  * Running as a Xen PV DomU: NO
+  > STATUS: NOT VULNERABLE (Mitigation: PTI)
+
+  CVE-2018-3640 aka Variant 3a, rogue system register read
+  * CPU microcode mitigates the vulnerability: YES
+  > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
+
+  CVE-2018-3639 aka Variant 4, speculative store bypass
+  * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+  * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
+  * SSB mitigation is enabled and active: YES (per-thread through prctl)
+  * SSB mitigation currently active for selected processes: YES (boltd fwupd irqbalance systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
+  > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+
+  CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
+  * CPU microcode mitigates the vulnerability: N/A
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
+  * Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
+  * Kernel supports PTE inversion: YES (found in kernel image)
+  * PTE inversion enabled and active: YES
+  > STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
+
+  CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
+  * Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
+  * This system is a host running a hypervisor: NO
+  * Mitigation 1 (KVM)
+    * EPT is disabled: NO
+  * Mitigation 2
+    * L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
+    * L1D flush enabled: YES (conditional flushes)
+    * Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
+    * Hyper-Threading (SMT) is enabled: YES
+  > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
+
+  CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
+  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel mitigation is enabled and active: YES
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
+
+  CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
+  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel mitigation is enabled and active: YES
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
+
+  CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
+  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel mitigation is enabled and active: YES
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
+
+  CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
+  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel mitigation is enabled and active: YES
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
+
+  CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
+  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
+  * TAA mitigation enabled and active: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  > STATUS: NOT VULNERABLE (Mitigation: Clear CPU buffers; SMT vulnerable)
+
+  CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
+  * Mitigated according to the /sys interface: YES (KVM: Mitigation: Split huge pages)
+  * This system is a host running a hypervisor: NO
+  * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
+  * iTLB Multihit mitigation enabled and active: YES (KVM: Mitigation: Split huge pages)
+  > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
+
+  CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
+  * SRBDS mitigation control is enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
+
+::
+
+  Spectre and Meltdown mitigation detection tool v0.44+
+
+  Checking for vulnerabilities on current system
+  Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64
+  CPU is Intel(R) Atom(TM) CPU C3858 @ 2.00GHz
+
+  Hardware check
+  * Hardware support (CPU microcode) for mitigation techniques
+    * Indirect Branch Restricted Speculation (IBRS)
+      * SPEC_CTRL MSR is available: YES
+      * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
+    * Indirect Branch Prediction Barrier (IBPB)
+      * PRED_CMD MSR is available: YES
+      * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
+    * Single Thread Indirect Branch Predictors (STIBP)
+      * SPEC_CTRL MSR is available: YES
+      * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
+    * Speculative Store Bypass Disable (SSBD)
+      * CPU indicates SSBD capability: NO

     * L1 data cache invalidation
       * FLUSH_CMD MSR is available: NO
       * CPU indicates L1D flush capability: NO
     * L1 data cache invalidation
       * FLUSH_CMD MSR is available: NO
       * CPU indicates L1D flush capability: NO

-    * Microarchitecture Data Sampling
-      * VERW instruction is available: YES (MD_CLEAR feature bit)
+    * Microarchitectural Data Sampling
+      * VERW instruction is available: NO

     * Enhanced IBRS (IBRS_ALL)
       * CPU indicates ARCH_CAPABILITIES MSR availability: YES
       * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
     * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES
     * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
     * Enhanced IBRS (IBRS_ALL)
       * CPU indicates ARCH_CAPABILITIES MSR availability: YES
       * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
     * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES
     * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO

-    * CPU/Hypervisor indicates L1D flushing is not necessary on this system: YES
+    * CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO

     * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
     * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO

-    * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): YES
+    * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO
+    * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO): NO
+    * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO): NO
+    * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): NO
+    * CPU supports Transactional Synchronization Extensions (TSX): NO

     * CPU supports Software Guard Extensions (SGX): NO
     * CPU supports Software Guard Extensions (SGX): NO

-    * CPU microcode is known to cause stability problems: NO (model 0x5f family 0x6 stepping 0x1 ucode 0x2e cpuid 0x506f1)
-    * CPU microcode is the latest known available version: awk: fatal: cannot open file `bash for reading (No such file or directory)
-  UNKNOWN (latest microcode version for your CPU model is unknown)
+    * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
+    * CPU microcode is known to cause stability problems: NO (family 0x6 model 0x5f stepping 0x1 ucode 0x20 cpuid 0x506f1)
+    * CPU microcode is the latest known available version: NO (latest version is 0x34 dated 2020/10/23 according to builtin firmwares DB v191+i20210217)

   * CPU vulnerability to the speculative execution attack variants
   * CPU vulnerability to the speculative execution attack variants

-    * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
-    * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
-    * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
-    * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
-    * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
-    * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
-    * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
-    * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
-    * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
+    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
+    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
+    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
+    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO

 
   CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
 
   CVE-2017-5753 aka Spectre Variant 1, bounds check bypass

-  * Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
+  * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)

   * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
   * Kernel has the Red Hat/Ubuntu patch: NO
   * Kernel has mask_nospec64 (arm64): NO
   * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
   * Kernel has the Red Hat/Ubuntu patch: NO
   * Kernel has mask_nospec64 (arm64): NO

-  > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
+  * Kernel has array_index_nospec (arm64): NO
+  > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)

 
   CVE-2017-5715 aka Spectre Variant 2, branch target injection
   * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling)
 
   CVE-2017-5715 aka Spectre Variant 2, branch target injection
   * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling)


@@ -80,21 +260,20 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
   CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports Page Table Isolation (PTI): YES
   CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports Page Table Isolation (PTI): YES

-    * PTI enabled and active: UNKNOWN (dmesg truncated, please reboot and relaunch this script)
+    * PTI enabled and active: NO

     * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
   * Running as a Xen PV DomU: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-3640 aka Variant 3a, rogue system register read
     * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
   * Running as a Xen PV DomU: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-3640 aka Variant 3a, rogue system register read

-  * CPU microcode mitigates the vulnerability: YES
-  > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
+  * CPU microcode mitigates the vulnerability: NO
+  > STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)

 
   CVE-2018-3639 aka Variant 4, speculative store bypass
 
   CVE-2018-3639 aka Variant 4, speculative store bypass

-  * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+  * Mitigated according to the /sys interface: NO (Vulnerable)

   * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
   * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)

-  * SSB mitigation is enabled and active: YES (per-thread through prctl)
-  * SSB mitigation currently active for selected processes: YES (systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
-  > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+  * SSB mitigation is enabled and active: NO
+  > STATUS: VULNERABLE (Your CPU doesnt support SSBD)

 
   CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
   * CPU microcode mitigates the vulnerability: N/A
 
   CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
   * CPU microcode mitigates the vulnerability: N/A


@@ -120,30 +299,49 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
 
   CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
   * Mitigated according to the /sys interface: YES (Not affected)
 
   CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
   * Mitigated according to the /sys interface: YES (Not affected)

-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)

   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
   * Mitigated according to the /sys interface: YES (Not affected)

-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)

   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
   * Mitigated according to the /sys interface: YES (Not affected)

-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)

   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
   * Mitigated according to the /sys interface: YES (Not affected)

-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)

   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK
+  CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
+  * TAA mitigation enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * This system is a host running a hypervisor: NO
+  * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
+  * iTLB Multihit mitigation enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
+  * SRBDS mitigation control is enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK

diff --git a/docs/report/introduction/test_environment_sut_meltspec_hsw.rst b/docs/report/introduction/test_environment_sut_meltspec_hsw.rst
deleted file mode 100644 (file)
index 092bfb3..0000000
--- a/docs/report/introduction/test_environment_sut_meltspec_hsw.rst
+++ /dev/null
@@ -1,170 +0,0 @@
-Spectre and Meltdown Checks
-^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Following section displays the output of a running shell script to tell if
-system is vulnerable against the several "speculative execution" CVEs that were
-made public in 2018. Script is available on `Spectre & Meltdown Checker Github
-<https://github.com/speed47/spectre-meltdown-checker>`_.
-
-::
-
-  Spectre and Meltdown mitigation detection tool v0.43
-
-  awk: cannot open bash (No such file or directory)
-  Checking for vulnerabilities on current system
-  Kernel is Linux 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64
-  CPU is Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz
-
-  Hardware check
-  * Hardware support (CPU microcode) for mitigation techniques
-    * Indirect Branch Restricted Speculation (IBRS)
-      * SPEC_CTRL MSR is available: YES
-      * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
-    * Indirect Branch Prediction Barrier (IBPB)
-      * PRED_CMD MSR is available: YES
-      * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
-    * Single Thread Indirect Branch Predictors (STIBP)
-      * SPEC_CTRL MSR is available: YES
-      * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
-    * Speculative Store Bypass Disable (SSBD)
-      * CPU indicates SSBD capability: YES (Intel SSBD)
-    * L1 data cache invalidation
-      * FLUSH_CMD MSR is available: YES
-      * CPU indicates L1D flush capability: YES (L1D flush feature bit)
-    * Microarchitectural Data Sampling
-      * VERW instruction is available: YES (MD_CLEAR feature bit)
-    * Enhanced IBRS (IBRS_ALL)
-      * CPU indicates ARCH_CAPABILITIES MSR availability: NO
-      * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
-    * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): NO
-    * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
-    * CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
-    * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
-    * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO
-    * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO): NO
-    * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO): NO
-    * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): NO
-    * CPU supports Transactional Synchronization Extensions (TSX): NO
-    * CPU supports Software Guard Extensions (SGX): NO
-    * CPU microcode is known to cause stability problems: NO (model 0x3f family 0x6 stepping 0x2 ucode 0x43 cpuid 0x306f2)
-    * CPU microcode is the latest known available version: awk: cannot open bash (No such file or directory)
-  UNKNOWN (latest microcode version for your CPU model is unknown)
-  * CPU vulnerability to the speculative execution attack variants
-    * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
-    * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
-    * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
-    * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
-    * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
-    * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
-    * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
-    * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
-    * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
-    * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
-    * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
-    * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
-    * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
-
-  CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
-  * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
-  * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
-  * Kernel has the Red Hat/Ubuntu patch: NO
-  * Kernel has mask_nospec64 (arm64): NO
-  > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
-
-  CVE-2017-5715 aka Spectre Variant 2, branch target injection
-  * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling)
-  * Mitigation 1
-    * Kernel is compiled with IBRS support: YES
-      * IBRS enabled and active: YES (for firmware code only)
-    * Kernel is compiled with IBPB support: YES
-      * IBPB enabled and active: YES
-  * Mitigation 2
-    * Kernel has branch predictor hardening (arm): NO
-    * Kernel compiled with retpoline option: YES
-      * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
-  > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
-
-  CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
-  * Mitigated according to the /sys interface: YES (Mitigation: PTI)
-  * Kernel supports Page Table Isolation (PTI): YES
-    * PTI enabled and active: YES
-    * Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
-  * Running as a Xen PV DomU: NO
-  > STATUS: NOT VULNERABLE (Mitigation: PTI)
-
-  CVE-2018-3640 aka Variant 3a, rogue system register read
-  * CPU microcode mitigates the vulnerability: YES
-  > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
-
-  CVE-2018-3639 aka Variant 4, speculative store bypass
-  * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
-  * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
-  * SSB mitigation is enabled and active: YES (per-thread through prctl)
-  * SSB mitigation currently active for selected processes: YES (systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
-  > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
-
-  CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
-  * CPU microcode mitigates the vulnerability: N/A
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
-  * Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
-  * Kernel supports PTE inversion: YES (found in kernel image)
-  * PTE inversion enabled and active: YES
-  > STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
-
-  CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
-  * Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
-  * This system is a host running a hypervisor: NO
-  * Mitigation 1 (KVM)
-    * EPT is disabled: NO
-  * Mitigation 2
-    * L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
-    * L1D flush enabled: YES (conditional flushes)
-    * Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
-    * Hyper-Threading (SMT) is enabled: NO
-  > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
-
-  CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
-  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: YES
-  * SMT is either mitigated or disabled: YES
-  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
-
-  CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
-  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: YES
-  * SMT is either mitigated or disabled: YES
-  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
-
-  CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
-  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: YES
-  * SMT is either mitigated or disabled: YES
-  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
-
-  CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
-  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled)
-  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
-  * Kernel mitigation is enabled and active: YES
-  * SMT is either mitigated or disabled: YES
-  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
-
-  CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
-  * TAA mitigation enabled and active: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
-  * Mitigated according to the /sys interface: YES (KVM: Mitigation: Split huge pages)
-  * This system is a host running a hypervisor: NO
-  * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
-  * iTLB Multihit mitigation enabled and active: YES (KVM: Mitigation: Split huge pages)
-  > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
-
-  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK

diff --git a/docs/report/introduction/test_environment_sut_meltspec_skx.rst b/docs/report/introduction/test_environment_sut_meltspec_skx.rst
index e242e19..0e2f5b9 100644 (file)
--- a/docs/report/introduction/test_environment_sut_meltspec_skx.rst
+++ b/docs/report/introduction/test_environment_sut_meltspec_skx.rst
@@ -8,89 +8,90 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
 
 ::
 
 
 ::
 

-  Spectre and Meltdown mitigation detection tool v0.43
+  Spectre and Meltdown mitigation detection tool v0.44+

 
 

-  awk: cannot open bash (No such file or directory)

   Checking for vulnerabilities on current system
   Checking for vulnerabilities on current system

-  Kernel is Linux 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64
+  Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64

   CPU is Intel(R) Xeon(R) Platinum 8180 CPU @ 2.50GHz
 
   Hardware check
   * Hardware support (CPU microcode) for mitigation techniques
   CPU is Intel(R) Xeon(R) Platinum 8180 CPU @ 2.50GHz
 
   Hardware check
   * Hardware support (CPU microcode) for mitigation techniques

-   * Indirect Branch Restricted Speculation (IBRS)
-     * SPEC_CTRL MSR is available: YES
-     * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
-   * Indirect Branch Prediction Barrier (IBPB)
-     * PRED_CMD MSR is available: YES
-     * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
-   * Single Thread Indirect Branch Predictors (STIBP)
-     * SPEC_CTRL MSR is available: YES
-     * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
-   * Speculative Store Bypass Disable (SSBD)
-     * CPU indicates SSBD capability: YES (Intel SSBD)
-   * L1 data cache invalidation
-     * FLUSH_CMD MSR is available: YES
-     * CPU indicates L1D flush capability: YES (L1D flush feature bit)
-   * Microarchitectural Data Sampling
-     * VERW instruction is available: YES (MD_CLEAR feature bit)
-   * Enhanced IBRS (IBRS_ALL)
-     * CPU indicates ARCH_CAPABILITIES MSR availability: NO
-     * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
-   * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): NO
-   * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
-   * CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
-   * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
-   * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO
-   * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO): NO
-   * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO): NO
-   * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): NO
-   * CPU supports Transactional Synchronization Extensions (TSX): YES (RTM feature bit)
-   * CPU supports Software Guard Extensions (SGX): NO
-   * CPU microcode is known to cause stability problems: NO (model 0x55 family 0x6 stepping 0x4 ucode 0x2000064 cpuid 0x50654)
-   * CPU microcode is the latest known available version: awk: cannot open bash (No such file or directory)
-  UNKNOWN (latest microcode version for your CPU model is unknown)
+    * Indirect Branch Restricted Speculation (IBRS)
+      * SPEC_CTRL MSR is available: YES
+      * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
+    * Indirect Branch Prediction Barrier (IBPB)
+      * PRED_CMD MSR is available: YES
+      * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
+    * Single Thread Indirect Branch Predictors (STIBP)
+      * SPEC_CTRL MSR is available: YES
+      * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
+    * Speculative Store Bypass Disable (SSBD)
+      * CPU indicates SSBD capability: YES (Intel SSBD)
+    * L1 data cache invalidation
+      * FLUSH_CMD MSR is available: YES
+      * CPU indicates L1D flush capability: YES (L1D flush feature bit)
+    * Microarchitectural Data Sampling
+      * VERW instruction is available: YES (MD_CLEAR feature bit)
+    * Enhanced IBRS (IBRS_ALL)
+      * CPU indicates ARCH_CAPABILITIES MSR availability: NO
+      * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
+    * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): NO
+    * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
+    * CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
+    * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
+    * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO
+    * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO): NO
+    * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO): NO
+    * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): NO
+    * CPU supports Transactional Synchronization Extensions (TSX): YES (RTM feature bit)
+    * CPU supports Software Guard Extensions (SGX): NO
+    * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
+    * CPU microcode is known to cause stability problems: NO (family 0x6 model 0x55 stepping 0x4 ucode 0x2000065 cpuid 0x50654)
+    * CPU microcode is the latest known available version: NO (latest version is 0x2006b06 dated 2021/03/08 according to builtin firmwares DB v191+i20210217)

   * CPU vulnerability to the speculative execution attack variants
   * CPU vulnerability to the speculative execution attack variants

-   * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
-   * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
-   * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
-   * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
-   * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
-   * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
-   * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
-   * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
-   * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
-   * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
-   * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
-   * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
-   * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): YES
-   * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
+    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
+    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
+    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
+    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
+    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
+    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
+    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
+    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
+    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): YES
+    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
+    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO

 
   CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
   * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
   * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
   * Kernel has the Red Hat/Ubuntu patch: NO
   * Kernel has mask_nospec64 (arm64): NO
 
   CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
   * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
   * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
   * Kernel has the Red Hat/Ubuntu patch: NO
   * Kernel has mask_nospec64 (arm64): NO

+  * Kernel has array_index_nospec (arm64): NO

   > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
 
   CVE-2017-5715 aka Spectre Variant 2, branch target injection
   * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
   * Mitigation 1
   > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
 
   CVE-2017-5715 aka Spectre Variant 2, branch target injection
   * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
   * Mitigation 1

-   * Kernel is compiled with IBRS support: YES
-     * IBRS enabled and active: YES (for firmware code only)
-   * Kernel is compiled with IBPB support: YES
-     * IBPB enabled and active: YES
+    * Kernel is compiled with IBRS support: YES
+      * IBRS enabled and active: YES (for firmware code only)
+    * Kernel is compiled with IBPB support: YES
+      * IBPB enabled and active: YES

   * Mitigation 2
   * Mitigation 2

-   * Kernel has branch predictor hardening (arm): NO
-   * Kernel compiled with retpoline option: YES
-     * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
-   * Kernel supports RSB filling: YES
+    * Kernel has branch predictor hardening (arm): NO
+    * Kernel compiled with retpoline option: YES
+      * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
+    * Kernel supports RSB filling: YES

   > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
 
   CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
   * Mitigated according to the /sys interface: YES (Mitigation: PTI)
   * Kernel supports Page Table Isolation (PTI): YES
   > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
 
   CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
   * Mitigated according to the /sys interface: YES (Mitigation: PTI)
   * Kernel supports Page Table Isolation (PTI): YES

-   * PTI enabled and active: YES
-   * Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
+    * PTI enabled and active: YES
+    * Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced)

   * Running as a Xen PV DomU: NO
   > STATUS: NOT VULNERABLE (Mitigation: PTI)
 
   * Running as a Xen PV DomU: NO
   > STATUS: NOT VULNERABLE (Mitigation: PTI)
 


@@ -102,7 +103,7 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
   * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
   * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
   * SSB mitigation is enabled and active: YES (per-thread through prctl)
   * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
   * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
   * SSB mitigation is enabled and active: YES (per-thread through prctl)

-  * SSB mitigation currently active for selected processes: YES (systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
+  * SSB mitigation currently active for selected processes: YES (boltd fwupd irqbalance systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)

   > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
 
   CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
   > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
 
   CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault


@@ -119,12 +120,12 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
   * Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
   * This system is a host running a hypervisor: NO
   * Mitigation 1 (KVM)
   * Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
   * This system is a host running a hypervisor: NO
   * Mitigation 1 (KVM)

-   * EPT is disabled: NO
+    * EPT is disabled: NO

   * Mitigation 2
   * Mitigation 2

-   * L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
-   * L1D flush enabled: YES (conditional flushes)
-   * Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
-   * Hyper-Threading (SMT) is enabled: YES
+    * L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
+    * L1D flush enabled: YES (conditional flushes)
+    * Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
+    * Hyper-Threading (SMT) is enabled: YES

   > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
 
   CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
   > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
 
   CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)


@@ -168,4 +169,10 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
   * iTLB Multihit mitigation enabled and active: YES (KVM: Mitigation: Split huge pages)
   > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
 
   * iTLB Multihit mitigation enabled and active: YES (KVM: Mitigation: Split huge pages)
   > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
 

-  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK
+  CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
+  * SRBDS mitigation control is enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK

diff --git a/docs/report/introduction/test_environment_sut_meltspec_tsh.rst b/docs/report/introduction/test_environment_sut_meltspec_tsh.rst
index f7d3850..67c9055 100644 (file)
--- a/docs/report/introduction/test_environment_sut_meltspec_tsh.rst
+++ b/docs/report/introduction/test_environment_sut_meltspec_tsh.rst
@@ -8,11 +8,10 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
 
 ::
 
 
 ::
 

-  Spectre and Meltdown mitigation detection tool v0.43
+  Spectre and Meltdown mitigation detection tool v0.44+

 
 

-  awk: cannot open bash (No such file or directory)

   Checking for vulnerabilities on current system
   Checking for vulnerabilities on current system

-  Kernel is Linux 4.15.0-23-generic #25-Ubuntu SMP Wed May 23 18:02:16 UTC 2018 x86_64
+  Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64

   CPU is Intel(R) Xeon(R) Platinum 8180 CPU @ 2.50GHz
 
   Hardware check
   CPU is Intel(R) Xeon(R) Platinum 8180 CPU @ 2.50GHz
 
   Hardware check


@@ -27,12 +26,12 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
       * SPEC_CTRL MSR is available: YES
       * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
     * Speculative Store Bypass Disable (SSBD)
       * SPEC_CTRL MSR is available: YES
       * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
     * Speculative Store Bypass Disable (SSBD)

-      * CPU indicates SSBD capability: NO
+      * CPU indicates SSBD capability: YES (Intel SSBD)

     * L1 data cache invalidation
     * L1 data cache invalidation

-      * FLUSH_CMD MSR is available: NO
-      * CPU indicates L1D flush capability: NO
+      * FLUSH_CMD MSR is available: YES
+      * CPU indicates L1D flush capability: YES (L1D flush feature bit)

     * Microarchitectural Data Sampling
     * Microarchitectural Data Sampling

-      * VERW instruction is available: NO
+      * VERW instruction is available: YES (MD_CLEAR feature bit)

     * Enhanced IBRS (IBRS_ALL)
       * CPU indicates ARCH_CAPABILITIES MSR availability: NO
       * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
     * Enhanced IBRS (IBRS_ALL)
       * CPU indicates ARCH_CAPABILITIES MSR availability: NO
       * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO


@@ -46,34 +45,36 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
     * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): NO
     * CPU supports Transactional Synchronization Extensions (TSX): YES (RTM feature bit)
     * CPU supports Software Guard Extensions (SGX): NO
     * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR): NO
     * CPU supports Transactional Synchronization Extensions (TSX): YES (RTM feature bit)
     * CPU supports Software Guard Extensions (SGX): NO

-    * CPU microcode is known to cause stability problems: NO (model 0x55 family 0x6 stepping 0x4 ucode 0x2000043 cpuid 0x50654)
-    * CPU microcode is the latest known available version: awk: cannot open bash (No such file or directory)
-  UNKNOWN (latest microcode version for your CPU model is unknown)
+    * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
+    * CPU microcode is known to cause stability problems: NO (family 0x6 model 0x55 stepping 0x4 ucode 0x2000065 cpuid 0x50654)
+    * CPU microcode is the latest known available version: NO (latest version is 0x2006b06 dated 2021/03/08 according to builtin firmwares DB v191+i20210217)

   * CPU vulnerability to the speculative execution attack variants
   * CPU vulnerability to the speculative execution attack variants

-    * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
-    * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
-    * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
-    * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
-    * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
-    * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
-    * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
-    * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
-    * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
-    * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
-    * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
-    * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): YES
-    * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
+    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES
+    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
+    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
+    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
+    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES
+    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES
+    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES
+    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES
+    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): YES
+    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): YES
+    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO

 
   CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
 
   CVE-2017-5753 aka Spectre Variant 1, bounds check bypass

-  * Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
+  * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)

   * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
   * Kernel has the Red Hat/Ubuntu patch: NO
   * Kernel has mask_nospec64 (arm64): NO
   * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
   * Kernel has the Red Hat/Ubuntu patch: NO
   * Kernel has mask_nospec64 (arm64): NO

-  > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
+  * Kernel has array_index_nospec (arm64): NO
+  > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)

 
   CVE-2017-5715 aka Spectre Variant 2, branch target injection
 
   CVE-2017-5715 aka Spectre Variant 2, branch target injection

-  * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
+  * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)

   * Mitigation 1
     * Kernel is compiled with IBRS support: YES
       * IBRS enabled and active: YES (for firmware code only)
   * Mitigation 1
     * Kernel is compiled with IBRS support: YES
       * IBRS enabled and active: YES (for firmware code only)


@@ -94,6 +95,143 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
   * Running as a Xen PV DomU: NO
   > STATUS: NOT VULNERABLE (Mitigation: PTI)
 
   * Running as a Xen PV DomU: NO
   > STATUS: NOT VULNERABLE (Mitigation: PTI)
 

+  CVE-2018-3640 aka Variant 3a, rogue system register read
+  * CPU microcode mitigates the vulnerability: YES
+  > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
+
+  CVE-2018-3639 aka Variant 4, speculative store bypass
+  * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+  * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
+  * SSB mitigation is enabled and active: YES (per-thread through prctl)
+  * SSB mitigation currently active for selected processes: YES (boltd fwupd irqbalance systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
+  > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+
+  CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
+  * CPU microcode mitigates the vulnerability: N/A
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
+  * Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
+  * Kernel supports PTE inversion: YES (found in kernel image)
+  * PTE inversion enabled and active: YES
+  > STATUS: NOT VULNERABLE (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable)
+
+  CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
+  * Information from the /sys interface: Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
+  * This system is a host running a hypervisor: NO
+  * Mitigation 1 (KVM)
+    * EPT is disabled: NO
+  * Mitigation 2
+    * L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo)
+    * L1D flush enabled: YES (conditional flushes)
+    * Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced)
+    * Hyper-Threading (SMT) is enabled: YES
+  > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
+
+  CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
+  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel mitigation is enabled and active: YES
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
+
+  CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
+  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel mitigation is enabled and active: YES
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
+
+  CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
+  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel mitigation is enabled and active: YES
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
+
+  CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
+  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
+  * Kernel mitigation is enabled and active: YES
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
+
+  CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
+  * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
+  * TAA mitigation enabled and active: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
+  > STATUS: NOT VULNERABLE (Mitigation: Clear CPU buffers; SMT vulnerable)
+
+  CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
+  * Mitigated according to the /sys interface: YES (KVM: Mitigation: Split huge pages)
+  * This system is a host running a hypervisor: NO
+  * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
+  * iTLB Multihit mitigation enabled and active: YES (KVM: Mitigation: Split huge pages)
+  > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
+
+  CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
+  * SRBDS mitigation control is enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
+
+::
+
+  Spectre and Meltdown mitigation detection tool v0.44+
+
+  Checking for vulnerabilities on current system
+  Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:27:25 UTC 2021 aarch64
+  CPU is ARM v8 model 0xd08
+
+  Hardware check
+  * CPU vulnerability to the speculative execution attack variants
+    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
+    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
+    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
+    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
+    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
+
+  CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
+  * Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
+  * Kernel has array_index_mask_nospec: NO
+  * Kernel has the Red Hat/Ubuntu patch: NO
+  * Kernel has mask_nospec64 (arm64): NO
+  * Kernel has array_index_nospec (arm64): NO
+  * Checking count of LFENCE instructions following a jump in kernel... NO (only 0 jump-then-lfence instructions found, should be >= 30 (heuristic))
+  > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
+
+  CVE-2017-5715 aka Spectre Variant 2, branch target injection
+  * Mitigated according to the /sys interface: NO (Vulnerable)
+  * Mitigation 1
+    * Kernel is compiled with IBRS support: YES
+      * IBRS enabled and active: NO
+    * Kernel is compiled with IBPB support: NO
+      * IBPB enabled and active: NO
+  * Mitigation 2
+    * Kernel has branch predictor hardening (arm): YES
+    * Kernel compiled with retpoline option: NO
+  > STATUS: NOT VULNERABLE (Branch predictor hardening mitigates the vulnerability)
+
+  CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports Page Table Isolation (PTI): YES
+    * PTI enabled and active: UNKNOWN (dmesg truncated, please reboot and relaunch this script)
+    * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
+  * Running as a Xen PV DomU: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+

   CVE-2018-3640 aka Variant 3a, rogue system register read
   * CPU microcode mitigates the vulnerability: NO
   > STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
   CVE-2018-3640 aka Variant 3a, rogue system register read
   * CPU microcode mitigates the vulnerability: NO
   > STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)


@@ -109,46 +247,206 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault

+  * Mitigated according to the /sys interface: YES (Not affected)

   * Kernel supports PTE inversion: NO
   * Kernel supports PTE inversion: NO

-  * PTE inversion enabled and active: UNKNOWN (sysfs interface not available)
-  > STATUS: VULNERABLE (Your kernel doesnt support PTE inversion, update it)
+  * PTE inversion enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

 
   CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
 
   CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault

+  * Information from the /sys interface: Not affected

   * This system is a host running a hypervisor: NO
   * Mitigation 1 (KVM)
   * This system is a host running a hypervisor: NO
   * Mitigation 1 (KVM)

-    * EPT is disabled: NO
+    * EPT is disabled: N/A (the kvm_intel module is not loaded)

   * Mitigation 2
     * L1D flush is supported by kernel: NO
   * Mitigation 2
     * L1D flush is supported by kernel: NO

-    * L1D flush enabled: UNKNOWN (cant find or read /sys/devices/system/cpu/vulnerabilities/l1tf)
+    * L1D flush enabled: NO

     * Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
     * Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)

-    * Hyper-Threading (SMT) is enabled: YES
-  > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
+    * Hyper-Threading (SMT) is enabled: UNKNOWN
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

 
   CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
 
   CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)

+  * Mitigated according to the /sys interface: YES (Not affected)

   * Kernel supports using MD_CLEAR mitigation: NO
   * Kernel supports using MD_CLEAR mitigation: NO

-  > STATUS: VULNERABLE (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

 
   CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
 
   CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)

+  * Mitigated according to the /sys interface: YES (Not affected)

   * Kernel supports using MD_CLEAR mitigation: NO
   * Kernel supports using MD_CLEAR mitigation: NO

-  > STATUS: VULNERABLE (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

 
   CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
 
   CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)

+  * Mitigated according to the /sys interface: YES (Not affected)

   * Kernel supports using MD_CLEAR mitigation: NO
   * Kernel supports using MD_CLEAR mitigation: NO

-  > STATUS: VULNERABLE (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

 
   CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
 
   CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)

+  * Mitigated according to the /sys interface: YES (Not affected)

   * Kernel supports using MD_CLEAR mitigation: NO
   * Kernel supports using MD_CLEAR mitigation: NO

-  > STATUS: VULNERABLE (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

 
   CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
 
   CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)

-  * TAA mitigation is supported by kernel: NO
-  * TAA mitigation enabled and active: NO (tsx_async_abort not found in sysfs hierarchy)
-  > STATUS: VULNERABLE (Your kernel doesnt support TAA mitigation, update it)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
+  * TAA mitigation enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

 
   CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
 
   CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)

+  * Mitigated according to the /sys interface: YES (Not affected)

   * This system is a host running a hypervisor: NO
   * This system is a host running a hypervisor: NO

-  * iTLB Multihit mitigation is supported by kernel: NO
-  * iTLB Multihit mitigation enabled and active: NO (itlb_multihit not found in sysfs hierarchy)
-  > STATUS: NOT VULNERABLE (this system is not running a hypervisor)
+  * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
+  * iTLB Multihit mitigation enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * SRBDS mitigation control is supported by the kernel: NO
+  * SRBDS mitigation control is enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
+
+  Need more detailed information about mitigation options? Use --explain
+  A false sense of security is worse than no security at all, see --disclaimer
+ok: [10.30.51.37] =>
+  spectre_meltdown_poll_results.stdout_lines:
+  Spectre and Meltdown mitigation detection tool v0.44+
+
+  Checking for vulnerabilities on current system
+  Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:27:25 UTC 2021 aarch64
+  CPU is ARM v8 model 0xd08
+
+  Hardware check
+  * CPU vulnerability to the speculative execution attack variants
+    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): YES
+    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
+    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
+    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
+    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
+
+  CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
+  * Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
+  * Kernel has array_index_mask_nospec: NO
+  * Kernel has the Red Hat/Ubuntu patch: NO
+  * Kernel has mask_nospec64 (arm64): NO
+  * Kernel has array_index_nospec (arm64): NO
+  * Checking count of LFENCE instructions following a jump in kernel... NO (only 0 jump-then-lfence instructions found, should be >= 30 (heuristic))
+  > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
+
+  CVE-2017-5715 aka Spectre Variant 2, branch target injection
+  * Mitigated according to the /sys interface: NO (Vulnerable)
+  * Mitigation 1
+    * Kernel is compiled with IBRS support: YES
+      * IBRS enabled and active: NO
+    * Kernel is compiled with IBPB support: NO
+      * IBPB enabled and active: NO
+  * Mitigation 2
+    * Kernel has branch predictor hardening (arm): YES
+    * Kernel compiled with retpoline option: NO
+  > STATUS: NOT VULNERABLE (Branch predictor hardening mitigates the vulnerability)
+
+  CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports Page Table Isolation (PTI): YES
+    * PTI enabled and active: UNKNOWN (dmesg truncated, please reboot and relaunch this script)
+    * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
+  * Running as a Xen PV DomU: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3640 aka Variant 3a, rogue system register read
+  * CPU microcode mitigates the vulnerability: NO
+  > STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
+
+  CVE-2018-3639 aka Variant 4, speculative store bypass
+  * Mitigated according to the /sys interface: NO (Vulnerable)
+  * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
+  * SSB mitigation is enabled and active: NO
+  > STATUS: VULNERABLE (Your CPU doesnt support SSBD)
+
+  CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
+  * CPU microcode mitigates the vulnerability: N/A
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports PTE inversion: NO
+  * PTE inversion enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
+  * Information from the /sys interface: Not affected
+  * This system is a host running a hypervisor: NO
+  * Mitigation 1 (KVM)
+    * EPT is disabled: N/A (the kvm_intel module is not loaded)
+  * Mitigation 2
+    * L1D flush is supported by kernel: NO
+    * L1D flush enabled: NO
+    * Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
+    * Hyper-Threading (SMT) is enabled: UNKNOWN
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports using MD_CLEAR mitigation: NO
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports using MD_CLEAR mitigation: NO
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports using MD_CLEAR mitigation: NO
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports using MD_CLEAR mitigation: NO
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
+  * TAA mitigation enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * This system is a host running a hypervisor: NO
+  * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
+  * iTLB Multihit mitigation enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * SRBDS mitigation control is supported by the kernel: NO
+  * SRBDS mitigation control is enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

 
 

-  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:KO CVE-2018-3646:OK CVE-2018-12126:KO CVE-2018-12130:KO CVE-2018-12127:KO CVE-2019-11091:KO CVE-2019-11135:KO CVE-2018-12207:OK
+  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK

diff --git a/docs/report/introduction/test_environment_sut_meltspec_tx2.rst b/docs/report/introduction/test_environment_sut_meltspec_tx2.rst
index 06a6921..f12113a 100644 (file)
--- a/docs/report/introduction/test_environment_sut_meltspec_tx2.rst
+++ b/docs/report/introduction/test_environment_sut_meltspec_tx2.rst
@@ -11,131 +11,133 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
   Spectre and Meltdown mitigation detection tool v0.44+
 
   Checking for vulnerabilities on current system
   Spectre and Meltdown mitigation detection tool v0.44+
 
   Checking for vulnerabilities on current system

-  Kernel is Linux 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:21:09 UTC 2019 aarch64
+  Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:27:25 UTC 2021 aarch64

   CPU is
 
   Hardware check
   * CPU vulnerability to the speculative execution attack variants
   CPU is
 
   Hardware check
   * CPU vulnerability to the speculative execution attack variants

-    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES
-    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES
-    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  NO
-    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read):  NO
-    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass):  YES
-    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO
-    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  NO
-    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  NO
-    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  NO
-    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  NO
-    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  NO
-    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  NO
-    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)):  NO
-    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)):  NO
-    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)):  NO
-
-  CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
-  * Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
-  * Kernel has array_index_mask_nospec:  NO
-  * Kernel has the Red Hat/Ubuntu patch:  NO
-  * Kernel has mask_nospec64 (arm64):  NO
-  * Kernel has array_index_nospec (arm64):  NO
-  * Checking count of LFENCE instructions following a jump in kernel...  NO  (only 0 jump-then-lfence instructions found, should be >= 30 (heuristic))
-  > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
-
-  CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
-  * Mitigated according to the /sys interface:  NO  (Vulnerable)
+    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): NO
+    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
+    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
+    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
+    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
+
+  CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
+  * Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
+  * Kernel has array_index_mask_nospec: NO
+  * Kernel has the Red Hat/Ubuntu patch: NO
+  * Kernel has mask_nospec64 (arm64): NO
+  * Kernel has array_index_nospec (arm64): NO
+  * Checking count of LFENCE instructions following a jump in kernel... NO (only 0 jump-then-lfence instructions found, should be >= 30 (heuristic))
+  > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
+
+  CVE-2017-5715 aka Spectre Variant 2, branch target injection
+  * Mitigated according to the /sys interface: NO (Vulnerable)

   * Mitigation 1
   * Mitigation 1

-    * Kernel is compiled with IBRS support:  YES
-    * IBRS enabled and active:  NO
-    * Kernel is compiled with IBPB support:  NO
-    * IBPB enabled and active:  NO
+    * Kernel is compiled with IBRS support: YES
+      * IBRS enabled and active: NO
+    * Kernel is compiled with IBPB support: NO
+      * IBPB enabled and active: NO

   * Mitigation 2
   * Mitigation 2

-    * Kernel has branch predictor hardening (arm):  YES
-    * Kernel compiled with retpoline option:  NO
-  > STATUS:  NOT VULNERABLE  (Branch predictor hardening mitigates the vulnerability)
-
-  CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
-  * Mitigated according to the /sys interface:  YES  (Not affected)
-  * Kernel supports Page Table Isolation (PTI):  YES
-    * PTI enabled and active:  UNKNOWN  (dmesg truncated, please reboot and relaunch this script)
-    * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
-  * Running as a Xen PV DomU:  NO
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3640 aka 'Variant 3a, rogue system register read'
-  * CPU microcode mitigates the vulnerability:  NO
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3639 aka 'Variant 4, speculative store bypass'
-  * Mitigated according to the /sys interface:  NO  (Vulnerable)
-  * Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)
-  * SSB mitigation is enabled and active: > STATUS:  VULNERABLE  (Your CPU doesn't support SSBD)
-
-  CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
-  * CPU microcode mitigates the vulnerability:  N/A
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
-  * Mitigated according to the /sys interface:  YES  (Not affected)
-  * Kernel supports PTE inversion:  NO
-  * PTE inversion enabled and active:  NO
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
+    * Kernel has branch predictor hardening (arm): YES
+    * Kernel compiled with retpoline option: NO
+  > STATUS: NOT VULNERABLE (Branch predictor hardening mitigates the vulnerability)
+
+  CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports Page Table Isolation (PTI): YES
+    * PTI enabled and active: UNKNOWN (dmesg truncated, please reboot and relaunch this script)
+    * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
+  * Running as a Xen PV DomU: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3640 aka Variant 3a, rogue system register read
+  * CPU microcode mitigates the vulnerability: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3639 aka Variant 4, speculative store bypass
+  * Mitigated according to the /sys interface: NO (Vulnerable)
+  * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
+  * SSB mitigation is enabled and active: NO
+  > STATUS: VULNERABLE (Your CPU doesnt support SSBD)
+
+  CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
+  * CPU microcode mitigates the vulnerability: N/A
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports PTE inversion: NO
+  * PTE inversion enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault

   * Information from the /sys interface: Not affected
   * Information from the /sys interface: Not affected

-  * This system is a host running a hypervisor:  NO
+  * This system is a host running a hypervisor: NO

   * Mitigation 1 (KVM)
   * Mitigation 1 (KVM)

-    * EPT is disabled:  N/A  (the kvm_intel module is not loaded)
+    * EPT is disabled: N/A (the kvm_intel module is not loaded)

   * Mitigation 2
   * Mitigation 2

-    * L1D flush is supported by kernel:  NO
-    * L1D flush enabled:  NO
-    * Hardware-backed L1D flush supported:  NO  (flush will be done in software, this is slower)
-    * Hyper-Threading (SMT) is enabled:  UNKNOWN
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
-  * Mitigated according to the /sys interface:  YES  (Not affected)
-  * Kernel supports using MD_CLEAR mitigation:  NO
-  * Kernel mitigation is enabled and active:  NO
-  * SMT is either mitigated or disabled:  NO
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
-  * Mitigated according to the /sys interface:  YES  (Not affected)
-  * Kernel supports using MD_CLEAR mitigation:  NO
-  * Kernel mitigation is enabled and active:  NO
-  * SMT is either mitigated or disabled:  NO
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
-  * Mitigated according to the /sys interface:  YES  (Not affected)
-  * Kernel supports using MD_CLEAR mitigation:  NO
-  * Kernel mitigation is enabled and active:  NO
-  * SMT is either mitigated or disabled:  NO
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
-  * Mitigated according to the /sys interface:  YES  (Not affected)
-  * Kernel supports using MD_CLEAR mitigation:  NO
-  * Kernel mitigation is enabled and active:  NO
-  * SMT is either mitigated or disabled:  NO
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
-  * Mitigated according to the /sys interface:  YES  (Not affected)
-  * TAA mitigation is supported by kernel:  YES  (found tsx_async_abort in kernel image)
-  * TAA mitigation enabled and active:  NO
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
-  * Mitigated according to the /sys interface:  YES  (Not affected)
-  * This system is a host running a hypervisor:  NO
-  * iTLB Multihit mitigation is supported by kernel:  YES  (found itlb_multihit in kernel image)
-  * iTLB Multihit mitigation enabled and active:  NO
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
-  * SRBDS mitigation control is supported by the kernel:  NO
-  * SRBDS mitigation control is enabled and active:  NO  (SRBDS not found in sysfs hierarchy)
-  > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
+    * L1D flush is supported by kernel: NO
+    * L1D flush enabled: NO
+    * Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
+    * Hyper-Threading (SMT) is enabled: UNKNOWN
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports using MD_CLEAR mitigation: NO
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports using MD_CLEAR mitigation: NO
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports using MD_CLEAR mitigation: NO
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * Kernel supports using MD_CLEAR mitigation: NO
+  * Kernel mitigation is enabled and active: NO
+  * SMT is either mitigated or disabled: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
+  * TAA mitigation enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * This system is a host running a hypervisor: NO
+  * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
+  * iTLB Multihit mitigation enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+  CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * SRBDS mitigation control is supported by the kernel: NO
+  * SRBDS mitigation control is enabled and active: NO
+  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

 
   > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
\ No newline at end of file
 
   > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
\ No newline at end of file

diff --git a/docs/report/introduction/test_environment_sut_meltspec_zn2.rst b/docs/report/introduction/test_environment_sut_meltspec_zn2.rst
index 2416933..8269ce7 100644 (file)
--- a/docs/report/introduction/test_environment_sut_meltspec_zn2.rst
+++ b/docs/report/introduction/test_environment_sut_meltspec_zn2.rst
@@ -8,10 +8,10 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
 
 ::
 
 
 ::
 

-  Spectre and Meltdown mitigation detection tool v0.43
+  Spectre and Meltdown mitigation detection tool v0.44+

 
   Checking for vulnerabilities on current system
 
   Checking for vulnerabilities on current system

-  Kernel is Linux 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64
+  Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64

   CPU is AMD EPYC 7532 32-Core Processor
 
   Hardware check
   CPU is AMD EPYC 7532 32-Core Processor
 
   Hardware check


@@ -36,26 +36,26 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
     * CPU supports Transactional Synchronization Extensions (TSX): NO
     * CPU supports Software Guard Extensions (SGX): NO
     * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
     * CPU supports Transactional Synchronization Extensions (TSX): NO
     * CPU supports Software Guard Extensions (SGX): NO
     * CPU supports Special Register Buffer Data Sampling (SRBDS): NO

-    * CPU microcode is known to cause stability problems: NO (family 0x17 model 0x31 stepping 0x0 ucode 0x8301034 cpuid 0x830f10)
-    * CPU microcode is the latest known available version: NO (latest version is 0x8301039 dated 2020/02/07 according to builtin firmwares DB v160.20200912+i20200722)
+    * CPU microcode is known to cause stability problems: NO (family 0x17 model 0x31 stepping 0x0 ucode 0x8301038 cpuid 0x830f10)
+    * CPU microcode is the latest known available version: NO (latest version is 0x830104d dated 2020/07/28 according to builtin firmwares DB v191+i20210217)

   * CPU vulnerability to the speculative execution attack variants
   * CPU vulnerability to the speculative execution attack variants

-    * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
-    * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
-    * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
-    * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): NO
-    * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
-    * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
-    * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
-    * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
-    * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
-    * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
-    * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
-    * Vulnerable to CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
-
-  CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
+    * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+    * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+    * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+    * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): NO
+    * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+    * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+    * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
+    * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
+    * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+    * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+    * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+    * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+    * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+    * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
+    * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
+
+  CVE-2017-5753 aka Spectre Variant 1, bounds check bypass

   * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
   * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
   * Kernel has the Red Hat/Ubuntu patch: NO
   * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
   * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
   * Kernel has the Red Hat/Ubuntu patch: NO


@@ -63,7 +63,7 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
   * Kernel has array_index_nospec (arm64): NO
   > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
 
   * Kernel has array_index_nospec (arm64): NO
   > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
 

-  CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
+  CVE-2017-5715 aka Spectre Variant 2, branch target injection

   * Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
   * Mitigation 1
     * Kernel is compiled with IBRS support: YES
   * Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
   * Mitigation 1
     * Kernel is compiled with IBRS support: YES


@@ -76,7 +76,7 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
       * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
   > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
 
       * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
   > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
 

-  CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
+  CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load

   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports Page Table Isolation (PTI): YES
     * PTI enabled and active: NO
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports Page Table Isolation (PTI): YES
     * PTI enabled and active: NO


@@ -84,28 +84,28 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
   * Running as a Xen PV DomU: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * Running as a Xen PV DomU: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2018-3640 aka 'Variant 3a, rogue system register read'
+  CVE-2018-3640 aka Variant 3a, rogue system register read

   * CPU microcode mitigates the vulnerability: YES
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * CPU microcode mitigates the vulnerability: YES
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2018-3639 aka 'Variant 4, speculative store bypass'
+  CVE-2018-3639 aka Variant 4, speculative store bypass

   * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
   * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
   * SSB mitigation is enabled and active: YES (per-thread through prctl)
   * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
   * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
   * SSB mitigation is enabled and active: YES (per-thread through prctl)

-  * SSB mitigation currently active for selected processes: YES (systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
+  * SSB mitigation currently active for selected processes: YES (irqbalance systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)

   > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
 
   > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
 

-  CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
+  CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault

   * CPU microcode mitigates the vulnerability: N/A
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * CPU microcode mitigates the vulnerability: N/A
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
+  CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault

   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports PTE inversion: YES (found in kernel image)
   * PTE inversion enabled and active: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports PTE inversion: YES (found in kernel image)
   * PTE inversion enabled and active: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
+  CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault

   * Information from the /sys interface: Not affected
   * This system is a host running a hypervisor: NO
   * Mitigation 1 (KVM)
   * Information from the /sys interface: Not affected
   * This system is a host running a hypervisor: NO
   * Mitigation 1 (KVM)


@@ -117,215 +117,211 @@ made public in 2018. Script is available on `Spectre & Meltdown Checker Github
     * Hyper-Threading (SMT) is enabled: YES
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
     * Hyper-Threading (SMT) is enabled: YES
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
+  CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)

   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
+  CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)

   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
+  CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)

   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
+  CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)

   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * Mitigated according to the /sys interface: YES (Not affected)
   * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
   * Kernel mitigation is enabled and active: NO
   * SMT is either mitigated or disabled: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
+  CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)

   * Mitigated according to the /sys interface: YES (Not affected)
   * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
   * TAA mitigation enabled and active: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * Mitigated according to the /sys interface: YES (Not affected)
   * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
   * TAA mitigation enabled and active: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
+  CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)

   * Mitigated according to the /sys interface: YES (Not affected)
   * This system is a host running a hypervisor: NO
   * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
   * iTLB Multihit mitigation enabled and active: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   * Mitigated according to the /sys interface: YES (Not affected)
   * This system is a host running a hypervisor: NO
   * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
   * iTLB Multihit mitigation enabled and active: NO
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 

-  CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
-  * SRBDS mitigation control is supported by the kernel: NO
-  * SRBDS mitigation control is enabled and active: NO (SRBDS not found in sysfs hierarchy)
+  CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+  * Mitigated according to the /sys interface: YES (Not affected)
+  * SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
+  * SRBDS mitigation control is enabled and active: NO

   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
 
   > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
 
   > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
 

-  Need more detailed information about mitigation options? Use --explain
-  A false sense of security is worse than no security at all, see --disclaimer
-

 ::
 
 ::
 

-  Spectre and Meltdown mitigation detection tool v0.43
-
-  Checking for vulnerabilities on current system
-  Kernel is Linux 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64
-  CPU is AMD EPYC 7532 32-Core Processor
-
-  Hardware check
-  * Hardware support (CPU microcode) for mitigation techniques
-    * Indirect Branch Restricted Speculation (IBRS)
-      * SPEC_CTRL MSR is available: YES
-      * CPU indicates IBRS capability: YES (IBRS_SUPPORT feature bit)
-      * CPU indicates preferring IBRS always-on: NO
-      * CPU indicates preferring IBRS over retpoline: YES
-    * Indirect Branch Prediction Barrier (IBPB)
-      * PRED_CMD MSR is available: YES
-      * CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
-    * Single Thread Indirect Branch Predictors (STIBP)
-      * SPEC_CTRL MSR is available: YES
-      * CPU indicates STIBP capability: YES (AMD STIBP feature bit)
-      * CPU indicates preferring STIBP always-on: NO
-    * Speculative Store Bypass Disable (SSBD)
-      * CPU indicates SSBD capability: YES (AMD SSBD in SPEC_CTRL)
-    * L1 data cache invalidation
-      * FLUSH_CMD MSR is available: NO
-      * CPU indicates L1D flush capability: NO
-    * CPU supports Transactional Synchronization Extensions (TSX): NO
-    * CPU supports Software Guard Extensions (SGX): NO
-    * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
-    * CPU microcode is known to cause stability problems: NO (family 0x17 model 0x31 stepping 0x0 ucode 0x8301034 cpuid 0x830f10)
-    * CPU microcode is the latest known available version: NO (latest version is 0x8301039 dated 2020/02/07 according to builtin firmwares DB v160.20200912+i20200722)
-  * CPU vulnerability to the speculative execution attack variants
-    * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
-    * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
-    * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
-    * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): NO
-    * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
-    * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
-    * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
-    * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
-    * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
-    * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
-    * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
-    * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
-    * Vulnerable to CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
-
-  CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
-  * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
-  * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
-  * Kernel has the Red Hat/Ubuntu patch: NO
-  * Kernel has mask_nospec64 (arm64): NO
-  * Kernel has array_index_nospec (arm64): NO
-  > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
-
-  CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
-  * Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
-  * Mitigation 1
-    * Kernel is compiled with IBRS support: YES
-      * IBRS enabled and active: YES (for firmware code only)
-    * Kernel is compiled with IBPB support: YES
-      * IBPB enabled and active: YES
-  * Mitigation 2
-    * Kernel has branch predictor hardening (arm): NO
-    * Kernel compiled with retpoline option: YES
-      * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
-  > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
-
-  CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports Page Table Isolation (PTI): YES
-    * PTI enabled and active: NO
-    * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
-  * Running as a Xen PV DomU: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3640 aka 'Variant 3a, rogue system register read'
-  * CPU microcode mitigates the vulnerability: YES
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3639 aka 'Variant 4, speculative store bypass'
-  * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
-  * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
-  * SSB mitigation is enabled and active: YES (per-thread through prctl)
-  * SSB mitigation currently active for selected processes: YES (systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
-  > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
-
-  CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
-  * CPU microcode mitigates the vulnerability: N/A
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports PTE inversion: YES (found in kernel image)
-  * PTE inversion enabled and active: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
-  * Information from the /sys interface: Not affected
-  * This system is a host running a hypervisor: NO
-  * Mitigation 1 (KVM)
-    * EPT is disabled: N/A (the kvm_intel module is not loaded)
-  * Mitigation 2
-    * L1D flush is supported by kernel: YES (found flush_l1d in kernel image)
-    * L1D flush enabled: NO
-    * Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
-    * Hyper-Threading (SMT) is enabled: YES
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
-  * Kernel mitigation is enabled and active: NO
-  * SMT is either mitigated or disabled: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
-  * TAA mitigation enabled and active: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
-  * Mitigated according to the /sys interface: YES (Not affected)
-  * This system is a host running a hypervisor: NO
-  * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
-  * iTLB Multihit mitigation enabled and active: NO
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
-  * SRBDS mitigation control is supported by the kernel: NO
-  * SRBDS mitigation control is enabled and active: NO (SRBDS not found in sysfs hierarchy)
-  > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
-
-  > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
-
-  Need more detailed information about mitigation options? Use --explain
-  A false sense of security is worse than no security at all, see --disclaimer
\ No newline at end of file
+Spectre and Meltdown mitigation detection tool v0.44+
+
+Checking for vulnerabilities on current system
+Kernel is Linux 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64
+CPU is AMD EPYC 7532 32-Core Processor
+
+Hardware check
+* Hardware support (CPU microcode) for mitigation techniques
+  * Indirect Branch Restricted Speculation (IBRS)
+    * SPEC_CTRL MSR is available: YES
+    * CPU indicates IBRS capability: YES (IBRS_SUPPORT feature bit)
+    * CPU indicates preferring IBRS always-on: NO
+    * CPU indicates preferring IBRS over retpoline: YES
+  * Indirect Branch Prediction Barrier (IBPB)
+    * PRED_CMD MSR is available: YES
+    * CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
+  * Single Thread Indirect Branch Predictors (STIBP)
+    * SPEC_CTRL MSR is available: YES
+    * CPU indicates STIBP capability: YES (AMD STIBP feature bit)
+    * CPU indicates preferring STIBP always-on: NO
+  * Speculative Store Bypass Disable (SSBD)
+    * CPU indicates SSBD capability: YES (AMD SSBD in SPEC_CTRL)
+  * L1 data cache invalidation
+    * FLUSH_CMD MSR is available: NO
+    * CPU indicates L1D flush capability: NO
+  * CPU supports Transactional Synchronization Extensions (TSX): NO
+  * CPU supports Software Guard Extensions (SGX): NO
+  * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
+  * CPU microcode is known to cause stability problems: NO (family 0x17 model 0x31 stepping 0x0 ucode 0x8301038 cpuid 0x830f10)
+  * CPU microcode is the latest known available version: NO (latest version is 0x830104d dated 2020/07/28 according to builtin firmwares DB v191+i20210217)
+* CPU vulnerability to the speculative execution attack variants
+  * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+  * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+  * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+  * Affected by CVE-2018-3640 (Variant 3a, rogue system register read): NO
+  * Affected by CVE-2018-3639 (Variant 4, speculative store bypass): YES
+  * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+  * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
+  * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
+  * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+  * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+  * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+  * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+  * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+  * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
+  * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
+
+CVE-2017-5753 aka Spectre Variant 1, bounds check bypass
+* Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
+* Kernel has the Red Hat/Ubuntu patch: NO
+* Kernel has mask_nospec64 (arm64): NO
+* Kernel has array_index_nospec (arm64): NO
+> STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+
+CVE-2017-5715 aka Spectre Variant 2, branch target injection
+* Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
+* Mitigation 1
+  * Kernel is compiled with IBRS support: YES
+    * IBRS enabled and active: YES (for firmware code only)
+  * Kernel is compiled with IBPB support: YES
+    * IBPB enabled and active: YES
+* Mitigation 2
+  * Kernel has branch predictor hardening (arm): NO
+  * Kernel compiled with retpoline option: YES
+    * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
+> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
+
+CVE-2017-5754 aka Variant 3, Meltdown, rogue data cache load
+* Mitigated according to the /sys interface: YES (Not affected)
+* Kernel supports Page Table Isolation (PTI): YES
+  * PTI enabled and active: UNKNOWN (dmesg truncated, please reboot and relaunch this script)
+  * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
+* Running as a Xen PV DomU: NO
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2018-3640 aka Variant 3a, rogue system register read
+* CPU microcode mitigates the vulnerability: YES
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2018-3639 aka Variant 4, speculative store bypass
+* Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+* Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
+* SSB mitigation is enabled and active: YES (per-thread through prctl)
+* SSB mitigation currently active for selected processes: YES (irqbalance systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
+> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+
+CVE-2018-3615 aka Foreshadow (SGX), L1 terminal fault
+* CPU microcode mitigates the vulnerability: N/A
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2018-3620 aka Foreshadow-NG (OS), L1 terminal fault
+* Mitigated according to the /sys interface: YES (Not affected)
+* Kernel supports PTE inversion: YES (found in kernel image)
+* PTE inversion enabled and active: NO
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2018-3646 aka Foreshadow-NG (VMM), L1 terminal fault
+* Information from the /sys interface: Not affected
+* This system is a host running a hypervisor: NO
+* Mitigation 1 (KVM)
+  * EPT is disabled: N/A (the kvm_intel module is not loaded)
+* Mitigation 2
+  * L1D flush is supported by kernel: YES (found flush_l1d in kernel image)
+  * L1D flush enabled: NO
+  * Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
+  * Hyper-Threading (SMT) is enabled: YES
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2018-12126 aka Fallout, microarchitectural store buffer data sampling (MSBDS)
+* Mitigated according to the /sys interface: YES (Not affected)
+* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+* Kernel mitigation is enabled and active: NO
+* SMT is either mitigated or disabled: NO
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2018-12130 aka ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)
+* Mitigated according to the /sys interface: YES (Not affected)
+* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+* Kernel mitigation is enabled and active: NO
+* SMT is either mitigated or disabled: NO
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2018-12127 aka RIDL, microarchitectural load port data sampling (MLPDS)
+* Mitigated according to the /sys interface: YES (Not affected)
+* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+* Kernel mitigation is enabled and active: NO
+* SMT is either mitigated or disabled: NO
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2019-11091 aka RIDL, microarchitectural data sampling uncacheable memory (MDSUM)
+* Mitigated according to the /sys interface: YES (Not affected)
+* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+* Kernel mitigation is enabled and active: NO
+* SMT is either mitigated or disabled: NO
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2019-11135 aka ZombieLoad V2, TSX Asynchronous Abort (TAA)
+* Mitigated according to the /sys interface: YES (Not affected)
+* TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
+* TAA mitigation enabled and active: NO
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2018-12207 aka No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)
+* Mitigated according to the /sys interface: YES (Not affected)
+* This system is a host running a hypervisor: NO
+* iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
+* iTLB Multihit mitigation enabled and active: NO
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+CVE-2020-0543 aka Special Register Buffer Data Sampling (SRBDS)
+* Mitigated according to the /sys interface: YES (Not affected)
+* SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
+* SRBDS mitigation control is enabled and active: NO
+> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK

diff --git a/docs/report/introduction/test_scenarios_overview.rst b/docs/report/introduction/test_scenarios_overview.rst
index 0d520f0..1c3516b 100644 (file)
--- a/docs/report/introduction/test_scenarios_overview.rst
+++ b/docs/report/introduction/test_scenarios_overview.rst
@@ -11,10 +11,10 @@ Brief overview of test scenarios covered in this report:
 
 #. **VPP Performance**: VPP performance tests are executed in physical
    FD.io testbeds, focusing on VPP network data plane performance in
 
 #. **VPP Performance**: VPP performance tests are executed in physical
    FD.io testbeds, focusing on VPP network data plane performance in

-   NIC-to-NIC switching topologies. Tested across Intel Xeon Haswell
-   and Skylake servers, ARM, Denverton, range of NICs (10GE, 25GE, 40GE) and
-   multi-thread/multi-core configurations. VPP application runs in bare-metal
-   host user-mode handling NICs. TRex is used as a traffic generator.
+   NIC-to-NIC switching topologies. Tested across Intel Cascadelake
+   and Skylake servers, ARM, Denverton, range of NICs (10GE, 25GE, 40GE, 100GE)
+   and multi-thread/multi-core configurations. VPP application runs in
+   bare-metal host user-mode handling NICs. TRex is used as a traffic generator.

 
 #. **VPP Vhostuser Performance with KVM VMs**: VPP VM service switching
    performance tests using vhostuser virtual interface for
 
 #. **VPP Vhostuser Performance with KVM VMs**: VPP VM service switching
    performance tests using vhostuser virtual interface for


@@ -55,7 +55,7 @@ against |vpp-release| artifacts. References are provided to the
 original FD.io Jenkins job results and all archived source files.
 
 FD.io CSIT system is developed using two main coding platforms: :abbr:`RF (Robot
 original FD.io Jenkins job results and all archived source files.
 
 FD.io CSIT system is developed using two main coding platforms: :abbr:`RF (Robot

-Framework)` and Python2.7. |csit-release| source code for the executed test
+Framework)` and Python. |csit-release| source code for the executed test

 suites is available in CSIT branch |release| in the directory
 :file:`./tests/<name_of_the_test_suite>`. A local copy of CSIT source code
 can be obtained by cloning CSIT git repository - :command:`git clone
 suites is available in CSIT branch |release| in the directory
 :file:`./tests/<name_of_the_test_suite>`. A local copy of CSIT source code
 can be obtained by cloning CSIT git repository - :command:`git clone

diff --git a/docs/report/vpp_device_tests/csit_release_notes.rst b/docs/report/vpp_device_tests/csit_release_notes.rst
index b29e45d..ca5bf82 100644 (file)
--- a/docs/report/vpp_device_tests/csit_release_notes.rst
+++ b/docs/report/vpp_device_tests/csit_release_notes.rst
@@ -6,20 +6,10 @@ Changes in |csit-release|
 
 #. TEST FRAMEWORK
 
 
 #. TEST FRAMEWORK
 

-   - **Bug fixes**.
-
-   - **Speedup**: Shortened overall test job duration
-     by using a different test selection mechanism (using --test
-     instead of --include) and by avoiding unnecessary PAPI reconnects.
-
-#. TEST COVERAGE
-
-   - Increased test coverage: **GENEVE**, **ACL** and **MACIP** from ACL plugin.
-
-#. DEPRECATED API MESSAGES
-
-   - Updated API calls for **link bonding**, **COP**, **IPSEC**, **NAT** and
-     **NSIM**.
+   - **Upgrade to Ubuntu 20.04 LTS**: Reinstall base operating system to Ubuntu
+     20.04.2 LTS. Upgrade includes also baseline Docker containers used for
+     spawning topology. In latest LTS version we are using iavf driver instead
+     of i40evf.

 
 Known Issues
 ------------
 
 Known Issues
 ------------


@@ -29,7 +19,5 @@ List of known issues in |csit-release| for VPP functional tests in VPP Device:
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 | #  | JiraID                                  | Issue Description                                                                                         |
 +====+=========================================+===========================================================================================================+
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 | #  | JiraID                                  | Issue Description                                                                                         |
 +====+=========================================+===========================================================================================================+

-|  1 | `VPP-1943                               | Running multiple VPPs with SR-IOV VFs belonging to the same PF sometimes results in VPP not initializing  |
-|    | <https://jira.fd.io/browse/VPP-1943>`_  | the VF interfaces properly due to a race condition between the PF and VFs. Observed with Intel NIC        |
-|    |                                         | firmware version 6.01 0x800035da 1.1747.0 and i40e driver versions 2.1.14-k and 2.13.10.                  |
+|    |                                         |                                                                                                           |

 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+

diff --git a/docs/report/vpp_performance_tests/csit_release_notes.rst b/docs/report/vpp_performance_tests/csit_release_notes.rst
index a70061d..5b90710 100644 (file)
--- a/docs/report/vpp_performance_tests/csit_release_notes.rst
+++ b/docs/report/vpp_performance_tests/csit_release_notes.rst
@@ -9,39 +9,19 @@ Changes in |csit-release|
    - CSIT test environment is versioned, see
      :ref:`test_environment_versioning`.
 
    - CSIT test environment is versioned, see
      :ref:`test_environment_versioning`.
 

-   - **GENEVE tests**: Added VPP performance tests for GENEVE tunnels.
-     See :ref:`geneve_methodology` for more details.
+   - **Upgrade to Ubuntu 20.04 LTS**: Reinstall base operating system to Ubuntu
+     20.04.2 LTS. Upgrade includes also baseline Docker containers used for
+     spawning topology.

 
 

+   - **AF_XDP**: Added af_xdp driver testing for all testcases.

 
 

-   - **GSO tests**: Added VPP performance tests for GSOtap and GSOvirtio.
-     All tested topologies are compared with GSO enabled and disabled.
-     In |csit-release| there is only 1t1c tests running.
-     See :ref:`gso_methodology` for more details.
+   - **GTPU tunnel**: Added GTPU HW Offload IPv4 routing tests.

 
 

-
-   - **NAT44 tests**: Added new test type, pure throughput tests.
-     They are similar to PPS tests, but they employ ramp-up trials
-     to ensure all sessions are created (and not timing out)
-     for performance trials.
-
-   - **Jumbo for ipsec**: Test cases with 9000 byte frames are re-enabled
-     in ipsec suites.
-
-   - **Randomized profiles**: Improved repeatability and cycle length.
-     For details, see :ref:`packet_flow_ordering`.
-
-   - **Arm 2n-tx2 testbed**: New physical testbed type installed in
-     FD.io CSIT, with VPP and DPDK performance data added to CSIT
-     trending and this report.
-
-   - **Framework speedup**: Shortened overall test job duration
-     by using a different test selection mechanism (using --test
-     instead of --include) and by avoiding unnecessary PAPI reconnects.
+   - **Telemetry retouch**: Redesign telemetry retrieval from DUT. Include
+     VPP perfmon plugin telemetry.

 
 #. TEST FRAMEWORK
 
 
 #. TEST FRAMEWORK
 

-   - **TRex ASTF**: Improved capability to run TRex in advanced stateful mode.
-

    - **CSIT PAPI support**: Due to issues with PAPI performance, VAT is
      still used in CSIT for all VPP scale tests. See known issues below.
 
    - **CSIT PAPI support**: Due to issues with PAPI performance, VAT is
      still used in CSIT for all VPP scale tests. See known issues below.
 


@@ -67,28 +47,18 @@ List of known issues in |csit-release| for VPP performance tests:
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 | #  | JiraID                                  | Issue Description                                                                                         |
 +====+=========================================+===========================================================================================================+
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 | #  | JiraID                                  | Issue Description                                                                                         |
 +====+=========================================+===========================================================================================================+

-|  1 | `CSIT-570                               | Sporadic (1 in 200) NDR discovery test failures on x520. DPDK reporting rx-errors, indicating L1 issue.   |
-|    | <https://jira.fd.io/browse/CSIT-570>`_  | Suspected issue with HW combination of X710-X520 in LF testbeds. Not observed outside of LF testbeds.     |
-+----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
-|  2 | `VPP-662                                | 9000B packets not supported by NICs VIC1227 and VIC1387.                                                  |
+|  1 | `VPP-662                                | 9000B packets not supported by NICs VIC1227 and VIC1387.                                                  |

 |    | <https://jira.fd.io/browse/VPP-662>`_   |                                                                                                           |
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 |    | <https://jira.fd.io/browse/VPP-662>`_   |                                                                                                           |
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+

-|  3 | `CSIT-1763                              | Adapt ramp-up phase of nat44 tests for different frame sizes.                                             |
+|  2 | `CSIT-1763                              | Adapt ramp-up phase of nat44 tests for different frame sizes.                                             |

 |    | <https://jira.fd.io/browse/CSIT-1763>`_ | Currently ramp-up phase rate and duration values are correctly set for tests with 64B frame size.         |
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 |    | <https://jira.fd.io/browse/CSIT-1763>`_ | Currently ramp-up phase rate and duration values are correctly set for tests with 64B frame size.         |
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+

-|  4 | `CSIT-1671                              | All CSIT scale tests can not use PAPI due to much slower performance compared to VAT/CLI (it takes much   |
+|  3 | `CSIT-1671                              | All CSIT scale tests can not use PAPI due to much slower performance compared to VAT/CLI (it takes much   |

 |    | <https://jira.fd.io/browse/CSIT-1671>`_ | longer to program VPP). This needs to be addressed on the PAPI side.                                      |
 |    +-----------------------------------------+ The usual PAPI library spends too much time parsing arguments, so even with async processing (hundreds of |
 |    | `VPP-1763                               | commands in flight over socket), the VPP configuration for large scale tests (millions of messages) takes |
 |    | <https://jira.fd.io/browse/VPP-1763>`_  | too long.                                                                                                 |
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+
 |    | <https://jira.fd.io/browse/CSIT-1671>`_ | longer to program VPP). This needs to be addressed on the PAPI side.                                      |
 |    +-----------------------------------------+ The usual PAPI library spends too much time parsing arguments, so even with async processing (hundreds of |
 |    | `VPP-1763                               | commands in flight over socket), the VPP configuration for large scale tests (millions of messages) takes |
 |    | <https://jira.fd.io/browse/VPP-1763>`_  | too long.                                                                                                 |
 +----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+

-|  5 | `VPP-1934                               | [i40e] Interfaces are not brought up from carrier-down.                                                   |
-|    | <https://jira.fd.io/browse/VPP-1934>`_  | In case of i40e -based interface (e.g Intel x700 series NIC) is bound to kernel driver (i40e) and is in   |
-|    |                                         | state "no-carrier" (<NO-CARRIER,BROADCAST,MULTICAST,UP>) because previously it was disabled via           |
-|    |                                         | "I40E_AQ_PHY_LINK_ENABLED" call, then VPP during initialization of AVF interface is not re-enabling       |
-|    |                                         | interface link via i40e driver to up.                                                                     |
-|    |                                         | CSIT implemented `workaround for AVF interface <https://gerrit.fd.io/r/c/csit/+/29086>`_ until fixed.     |
-+----+-----------------------------------------+-----------------------------------------------------------------------------------------------------------+

 
 Root Cause Analysis for Performance Changes
 -------------------------------------------
 
 Root Cause Analysis for Performance Changes
 -------------------------------------------