]>
Commit | Line | Data |
---|---|---|
6a83dbb4 | 1 | #!/bin/sh |
f41a54a2 AF |
2 | ######################################################################## |
3 | # Begin $rc_base/init.d/smt | |
4 | ######################################################################## | |
6a83dbb4 MT |
5 | |
6 | . /etc/sysconfig/rc | |
7 | . ${rc_functions} | |
8 | ||
9 | eval $(/usr/local/bin/readhash /var/ipfire/main/security) | |
10 | ||
11 | case "${1}" in | |
12 | start) | |
13 | # Nothing to do here when SMT is forced on | |
14 | if [ "${ENABLE_SMT}" = "on" ]; then | |
15 | exit 0 | |
16 | fi | |
17 | ||
0bb25a4f MT |
18 | # Nothing to do when SMT is not enabled or not supported anyways |
19 | if [ "$(</sys/devices/system/cpu/smt/control)" != "on" ]; then | |
20 | exit 0 | |
559e94ba | 21 | fi 2>/dev/null |
6a83dbb4 | 22 | |
8531a950 | 23 | # Do not disable SMT inside virtual machines |
0e457b13 | 24 | if running_on_hypervisor; then |
8531a950 MT |
25 | exit 0 |
26 | fi | |
27 | ||
f41a54a2 AF |
28 | # Disable SMT when the processor is vulnerable if SMT is enabled |
29 | for vuln in $(ls /sys/devices/system/cpu/vulnerabilities/*) ; do | |
30 | if [ -r "${vuln}" ] && \ | |
31 | [[ "$(<${vuln})" =~ "SMT vulnerable" ]]; then | |
0bb25a4f | 32 | # Disable SMT |
6a83dbb4 MT |
33 | boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..." |
34 | echo "forceoff" > /sys/devices/system/cpu/smt/control | |
35 | echo_ok | |
0bb25a4f MT |
36 | |
37 | # No need to check any further when we have disabled SMT already | |
38 | break | |
6a83dbb4 | 39 | fi |
0bb25a4f | 40 | done |
6a83dbb4 MT |
41 | ;; |
42 | ||
43 | *) | |
44 | echo "Usage: ${0} {start}" | |
45 | exit 1 | |
46 | ;; | |
47 | esac | |
f41a54a2 AF |
48 | |
49 | # End $rc_base/init.d/smt |