projects / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 6a83dbb4 MT |
1 | #!/bin/sh |
| 2 | ######################################################################## | |
| 3 | # Begin $rc_base/init.d/smt | |
| 4 | ######################################################################## | |
| 5 | ||
| 6 | . /etc/sysconfig/rc | |
| 7 | . ${rc_functions} | |
| 8 | ||
| 9 | eval $(/usr/local/bin/readhash /var/ipfire/main/security) | |
| 10 | ||
| 11 | case "${1}" in | |
| 12 | start) | |
| 13 | # Nothing to do here when SMT is forced on | |
| 14 | if [ "${ENABLE_SMT}" = "on" ]; then | |
| 15 | exit 0 | |
| 16 | fi | |
| 17 | ||
| 0bb25a4f MT |
18 | # Nothing to do when SMT is not enabled or not supported anyways |
| 19 | if [ "$(</sys/devices/system/cpu/smt/control)" != "on" ]; then | |
| 20 | exit 0 | |
| 559e94ba | 21 | fi 2>/dev/null |
| 6a83dbb4 | 22 | |
| 0bb25a4f MT |
23 | # Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL |
| 24 | for vuln in l1tf mds; do | |
| 25 | if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \ | |
| 894eaf51 | 26 | [[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" =~ "SMT vulnerable" ]]; then |
| 0bb25a4f | 27 | # Disable SMT |
| 6a83dbb4 MT |
28 | boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..." |
| 29 | echo "forceoff" > /sys/devices/system/cpu/smt/control | |
| 30 | echo_ok | |
| 0bb25a4f MT |
31 | |
| 32 | # No need to check any further when we have disabled SMT already | |
| 33 | break | |
| 6a83dbb4 | 34 | fi |
| 0bb25a4f | 35 | done |
| 6a83dbb4 MT |
36 | ;; |
| 37 | ||
| 38 | *) | |
| 39 | echo "Usage: ${0} {start}" | |
| 40 | exit 1 | |
| 41 | ;; | |
| 42 | esac | |
| 43 | ||
| 44 | # End $rc_base/init.d/smt |