[people/pmueller/ipfire-2.x.git] / src / initscripts / system / smt

#!/bin/sh
########################################################################
# Begin $rc_base/init.d/smt
########################################################################

. /etc/sysconfig/rc
. ${rc_functions}

eval $(/usr/local/bin/readhash /var/ipfire/main/security)

case "${1}" in
	start)
		# Nothing to do here when SMT is forced on
		if [ "${ENABLE_SMT}" = "on" ]; then
			exit 0
		fi

		# Nothing to do when SMT is not enabled or not supported anyways
		if [ "$(</sys/devices/system/cpu/smt/control)" != "on" ]; then
			exit 0
		fi 2>/dev/null

		# Do not disable SMT inside virtual machines
		if [ -d "/sys/hypervisor" ]; then
			exit 0
		fi

		# Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
		for vuln in l1tf mds; do
			if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
					[[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" =~ "SMT vulnerable" ]]; then
				# Disable SMT
				boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
				echo "forceoff" > /sys/devices/system/cpu/smt/control
				echo_ok

				# No need to check any further when we have disabled SMT already
				break
			fi
		done
		;;

	*)
		echo "Usage: ${0} {start}"
		exit 1
		;;
esac

# End $rc_base/init.d/smt
Commit	Line	Data
6a83dbb4 MT	1	#!/bin/sh
	2	########################################################################
	3	# Begin $rc_base/init.d/smt
	4	########################################################################
	5
	6	. /etc/sysconfig/rc
	7	. ${rc_functions}
	8
	9	eval $(/usr/local/bin/readhash /var/ipfire/main/security)
	10
	11	case "${1}" in
	12	start)
	13	# Nothing to do here when SMT is forced on
	14	if [ "${ENABLE_SMT}" = "on" ]; then
	15	exit 0
	16	fi
	17
0bb25a4f MT	18	# Nothing to do when SMT is not enabled or not supported anyways
	19	if [ "$(</sys/devices/system/cpu/smt/control)" != "on" ]; then
	20	exit 0
559e94ba	21	fi 2>/dev/null
6a83dbb4	22
8531a950 MT	23	# Do not disable SMT inside virtual machines
	24	if [ -d "/sys/hypervisor" ]; then
	25	exit 0
	26	fi
	27
0bb25a4f MT	28	# Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
	29	for vuln in l1tf mds; do
	30	if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
894eaf51	31	[[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" =~ "SMT vulnerable" ]]; then
0bb25a4f	32	# Disable SMT
6a83dbb4 MT	33	boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
	34	echo "forceoff" > /sys/devices/system/cpu/smt/control
	35	echo_ok
0bb25a4f MT	36
	37	# No need to check any further when we have disabled SMT already
	38	break
6a83dbb4	39	fi
0bb25a4f	40	done
6a83dbb4 MT	41	;;
	42
	43	*)
	44	echo "Usage: ${0} {start}"
	45	exit 1
	46	;;
	47	esac
	48
	49	# End $rc_base/init.d/smt