--- /dev/null
+Calibration Data - Denverton
+----------------------------
+
+Following sections include sample calibration data measured on
+Denverton server at Intel SH labs.
+
+And VPP-18.10 2-Node Atom Denverton testing took place at Intel Corporation
+carefully adhering to FD.io CSIT best practices.
+
+
+Linux cmdline
+~~~~~~~~~~~~~
+
+::
+
+ $ cat /proc/cmdline
+ BOOT_IMAGE=/boot/vmlinuz-4.15.0-36-generic root=UUID=d3cfffd0-1e77-423a-a53a-a117199b6025 ro intel_iommu=on iommu=pt isolcpus=1-11 nohz_full=1-11 rcu_nocbs=1-11 default_hugepagesz=1G hugepagesz=1G hugepages=8 intel_pstate=disable nmi_watchdog=0 numa_balancing=disable tsc=reliable nosoftlockup quiet splash vt.handoff=7
+
+
+Linux uname
+~~~~~~~~~~~
+
+::
+
+ $ uname -a
+ Linux 4.15.0-36-generic #39~16.04.1-Ubuntu SMP Tue Sep 25 08:59:23 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
+
+
+System-level Core Jitter
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ $ sudo taskset -c 2 /home/testuser/pma_tools/jitter/jitter -c 2 -i 20
+ Linux Jitter testing program version 1.9
+ Iterations=20
+ The pragram will execute a dummy function 80000 times
+ Display is updated every 20000 displayUpdate intervals
+ Thread affinity will be set to core_id:2
+ Timings are in CPU Core cycles
+ Inst_Min: Minimum Excution time during the display update interval(default is ~1 second)
+ Inst_Max: Maximum Excution time during the display update interval(default is ~1 second)
+ Inst_jitter: Jitter in the Excution time during rhe display update interval. This is the value of interest
+ last_Exec: The Excution time of last iteration just before the display update
+ Abs_Min: Absolute Minimum Excution time since the program started or statistics were reset
+ Abs_Max: Absolute Maximum Excution time since the program started or statistics were reset
+ tmp: Cumulative value calcualted by the dummy function
+ Interval: Time interval between the display updates in Core Cycles
+ Sample No: Sample number
+
+ Inst_Min Inst_Max Inst_jitter last_Exec Abs_min Abs_max tmp Interval Sample No
+ 177530 196100 18570 177530 177530 196100 4156751872 3556820054 1
+ 177530 200784 23254 177530 177530 200784 321060864 3556897644 2
+ 177530 196346 18816 177530 177530 200784 780337152 3556918674 3
+ 177530 195962 18432 177530 177530 200784 1239613440 3556847928 4
+ 177530 195960 18430 177530 177530 200784 1698889728 3556860214 5
+ 177530 198824 21294 177530 177530 200784 2158166016 3556854934 6
+ 177530 198522 20992 177530 177530 200784 2617442304 3556862410 7
+ 177530 196362 18832 177530 177530 200784 3076718592 3556851636 8
+ 177530 199114 21584 177530 177530 200784 3535994880 3556870846 9
+ 177530 197194 19664 177530 177530 200784 3995271168 3556933584 10
+ 177530 198272 20742 177536 177530 200784 159580160 3556869044 11
+ 177530 197586 20056 177530 177530 200784 618856448 3556903482 12
+ 177530 196072 18542 177530 177530 200784 1078132736 3556825540 13
+ 177530 196354 18824 177530 177530 200784 1537409024 3556881664 14
+ 177530 195906 18376 177530 177530 200784 1996685312 3556839924 15
+ 177530 199066 21536 177530 177530 200784 2455961600 3556860220 16
+ 177530 196968 19438 177530 177530 200784 2915237888 3556871890 17
+ 177530 195896 18366 177530 177530 200784 3374514176 3556855338 18
+ 177530 196020 18490 177530 177530 200784 3833790464 3556839820 19
+ 177530 196030 18500 177530 177530 200784 4293066752 3556889196 20
+
+
+Memory Bandwidth
+~~~~~~~~~~~~~~~~
+
+::
+
+ $ sudo /home/testuser/mlc --bandwidth_matrix
+ Intel(R) Memory Latency Checker - v3.5
+ Command line parameters: --bandwidth_matrix
+
+ Using buffer size of 100.000MB/thread for reads and an additional 100.000MB/thread for writes
+ Measuring Memory Bandwidths between nodes within system
+ Bandwidths are in MB/sec (1 MB/sec = 1,000,000 Bytes/sec)
+ Using all the threads from each core if Hyper-threading is enabled
+ Using Read-only traffic type
+ Memory node
+ Socket 0
+ 0 28157.2
+
+::
+
+ $ sudo /home/testuser/mlc --peak_injection_bandwidth
+ Intel(R) Memory Latency Checker - v3.5
+ Command line parameters: --peak_injection_bandwidth
+
+ Using buffer size of 100.000MB/thread for reads and an additional 100.000MB/thread for writes
+
+ Measuring Peak Injection Memory Bandwidths for the system
+ Bandwidths are in MB/sec (1 MB/sec = 1,000,000 Bytes/sec)
+ Using all the threads from each core if Hyper-threading is enabled
+ Using traffic with the following read-write ratios
+ ALL Reads : 28150.0
+ 3:1 Reads-Writes : 27425.0
+ 2:1 Reads-Writes : 27565.4
+ 1:1 Reads-Writes : 27489.3
+ Stream-triad like: 26878.2
+
+::
+
+ $ sudo /home/testuser/mlc --max_bandwidth
+ Intel(R) Memory Latency Checker - v3.5
+ Command line parameters: --max_bandwidth
+
+ Using buffer size of 100.000MB/thread for reads and an additional 100.000MB/thread for writes
+
+ Measuring Maximum Memory Bandwidths for the system
+ Will take several minutes to complete as multiple injection rates will be tried to get the best bandwidth
+ Bandwidths are in MB/sec (1 MB/sec = 1,000,000 Bytes/sec)
+ Using all the threads from each core if Hyper-threading is enabled
+ Using traffic with the following read-write ratios
+ ALL Reads : 30032.40
+ 3:1 Reads-Writes : 27450.88
+ 2:1 Reads-Writes : 27567.46
+ 1:1 Reads-Writes : 27501.90
+ Stream-triad like: 27124.82
+
+
+Memory Latency
+~~~~~~~~~~~~~~
+
+::
+
+ $ sudo /home/testuser/mlc --latency_matrix
+ Intel(R) Memory Latency Checker - v3.5
+ Command line parameters: --latency_matrix
+
+ Using buffer size of 2000.000MB
+ Intel(R) Memory Latency Checker - v3.5
+ Measuring idle latencies (in ns)...
+ Memory node
+ Socket 0
+ 0 93.1
+
+::
+
+ $ sudo /home/testuser/mlc --idle_latency
+ Intel(R) Memory Latency Checker - v3.5
+ Command line parameters: --idle_latency
+
+ Using buffer size of 200.000MB
+ Each iteration took 186.7 core clocks ( 93.4 ns)
+
+::
+
+ $ sudo /home/testuser/mlc --loaded_latency
+ Intel(R) Memory Latency Checker - v3.5
+ Command line parameters: --loaded_latency
+
+ Using buffer size of 100.000MB/thread for reads and an additional 100.000MB/thread for writes
+
+ Measuring Loaded Latencies for the system
+ Using all the threads from each core if Hyper-threading is enabled
+ Using Read-only traffic type
+ Inject Latency Bandwidth
+ Delay (ns) MB/sec
+ ==========================
+ 00000 135.35 27186.0
+ 00002 135.47 27176.9
+ 00008 134.97 27063.3
+ 00015 134.41 26825.6
+ 00050 139.83 28419.1
+ 00100 124.28 22616.4
+ 00200 109.40 14139.8
+ 00300 104.56 10275.1
+ 00400 102.02 8120.0
+ 00500 100.38 6751.4
+ 00700 98.30 5124.9
+ 01000 96.56 3852.7
+ 01300 95.65 3149.0
+ 01700 95.06 2585.4
+ 02500 94.43 1988.8
+ 03500 94.16 1621.1
+ 05000 93.95 1343.1
+ 09000 93.65 1052.6
+ 20000 93.43 851.7
+
+
+L1/L2/LLC Latency
+~~~~~~~~~~~~~~~~~
+
+::
+
+ $ sudo /home/testuser/mlc --c2c_latency
+ Intel(R) Memory Latency Checker - v3.5
+ Command line parameters: --c2c_latency
+
+ Measuring cache-to-cache transfer latency (in ns)...
+ Local Socket L2->L2 HIT latency 8.8
+ Local Socket L2->L2 HITM latency 8.8
+
+.. include:: ../introduction/test_environment_sut_meltspec_dnv.rst
--- /dev/null
+Spectre and Meltdown Checks
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Following section displays the output of a running shell script to tell if
+system is vulnerable against the several "speculative execution" CVEs that were
+made public in 2018. Script is available on `Spectre & Meltdown Checker Github
+<https://github.com/speed47/spectre-meltdown-checker>`_.
+
+- CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
+- CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
+- CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
+- CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
+- CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
+- CVE-2018-3615 [L1 terminal fault] aka 'Foreshadow (SGX)'
+- CVE-2018-3620 [L1 terminal fault] aka 'Foreshadow-NG (OS)'
+- CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow-NG (VMM)'
+
+::
+
+ $ sudo ./spectre-meltdown-checker.sh --no-color
+
+ Spectre and Meltdown mitigation detection tool v0.40
+
+ Checking for vulnerabilities on current system
+ Kernel is Linux 4.15.0-36-generic #39~16.04.1-Ubuntu SMP Tue Sep 25 08:59:23 UTC 2018 x86_64
+ CPU is Intel(R) Atom(TM) CPU C3858 @ 2.00GHz
+
+ Hardware check
+ * Hardware support (CPU microcode) for mitigation techniques
+ * Indirect Branch Restricted Speculation (IBRS)
+ * SPEC_CTRL MSR is available: YES
+ * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
+ * Indirect Branch Prediction Barrier (IBPB)
+ * PRED_CMD MSR is available: YES
+ * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
+ * Single Thread Indirect Branch Predictors (STIBP)
+ * SPEC_CTRL MSR is available: YES
+ * CPU indicates STIBP capability: YES (Intel STIBP feature bit)
+ * Speculative Store Bypass Disable (SSBD)
+ * CPU indicates SSBD capability: YES (Intel SSBD)
+ * L1 data cache invalidation
+ * FLUSH_CMD MSR is available: NO
+ * CPU indicates L1D flush capability: NO
+ * Enhanced IBRS (IBRS_ALL)
+ * CPU indicates ARCH_CAPABILITIES MSR availability: YES
+ * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
+ * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): YES
+ * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
+ * CPU/Hypervisor indicates L1D flushing is not necessary on this system: YES
+ * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
+ * CPU supports Software Guard Extensions (SGX): NO
+ * CPU microcode is known to cause stability problems: NO (model 0x5f family 0x6 stepping 0x1 ucode 0x24 cpuid 0x506f1)
+ * CPU microcode is the latest known available version: YES (latest version is 0x24 dated 2018/05/11 according to builtin MCExtractor DB v84 - 2018/09/27)
+ * CPU vulnerability to the speculative execution attack variants
+ * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+ * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+ * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+ * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
+ * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
+ * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+ * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES
+ * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES
+
+ CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
+ * Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization)
+ * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
+ * Kernel has the Red Hat/Ubuntu patch: NO
+ * Kernel has mask_nospec64 (arm64): NO
+ > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
+
+ CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
+ * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
+ * Mitigation 1
+ * Kernel is compiled with IBRS support: YES
+ * IBRS enabled and active: YES (for kernel and firmware code)
+ * Kernel is compiled with IBPB support: YES
+ * IBPB enabled and active: YES
+ * Mitigation 2
+ * Kernel has branch predictor hardening (arm): NO
+ * Kernel compiled with retpoline option: YES
+ * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
+ > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
+
+ CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports Page Table Isolation (PTI): YES
+ * PTI enabled and active: NO
+ * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
+ * Running as a Xen PV DomU: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3640 aka 'Variant 3a, rogue system register read'
+ * CPU microcode mitigates the vulnerability: YES
+ > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
+
+ CVE-2018-3639 aka 'Variant 4, speculative store bypass'
+ * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+ * Kernel supports speculation store bypass: YES (found in /proc/self/status)
+ > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+
+ CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
+ * CPU microcode mitigates the vulnerability: N/A
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports PTE inversion: YES (found in kernel image)
+ * PTE inversion enabled and active: NO
+ > STATUS: NOT VULNERABLE (Not affected)
+
+ CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
+ * Information from the /sys interface:
+ * This system is a host running an hypervisor: NO
+ * Mitigation 1 (KVM)
+ * EPT is disabled: NO
+ * Mitigation 2
+ * L1D flush is supported by kernel: YES (found flush_l1d in kernel image)
+ * L1D flush enabled: UNKNOWN (unrecognized mode)
+ * Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
+ * Hyper-Threading (SMT) is enabled: NO
+ > STATUS: NOT VULNERABLE (this system is not running an hypervisor)
+
+ > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK
+
+ Need more detailed information about mitigation options? Use --explain
+ A false sense of security is worse than no security at all, see --disclaimer
Code Review / csit.git / commitdiff