]>
git.ipfire.org Git - people/mfischer/ipfire-2.x.git/blob - src/initscripts/system/smt
2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
25 eval $
(/usr
/local
/bin
/readhash
/var
/ipfire
/main
/security
)
29 # Nothing to do here when SMT is forced on
30 if [ "${ENABLE_SMT}" = "on" ]; then
34 # Nothing to do when SMT is not enabled or not supported anyways
35 if [ "$(</sys/devices/system/cpu/smt/control)" != "on" ]; then
39 # Do not disable SMT inside virtual machines
40 if running_on_hypervisor
; then
44 # Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
45 for vuln
in l1tf mds
; do
46 if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
47 [[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" =~
"SMT vulnerable" ]]; then
49 boot_mesg
"Disabling Simultaneous Multi-Threading (SMT)..."
50 echo "forceoff" > /sys
/devices
/system
/cpu
/smt
/control
53 # No need to check any further when we have disabled SMT already
60 echo "Usage: ${0} {start}"