From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 21 Jul 2020 10:36:41 +0000 (+0000)
Subject: smt: Do not disable SMT in virtual machines
X-Git-Tag: v2.25-core149~6^2~119
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8531a9503c2328f88deb83820364ce21bc8a357d;p=ipfire-2.x.git

smt: Do not disable SMT in virtual machines

Processors in virtual machines are *virtual*. Therefore this
only degrades the performance of the guest, but does not increase
it's security.

This patch always leaves SMT enabled in all virtual environments.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt
index cc4128b2d9..bfa7d57b3e 100644
--- a/src/initscripts/system/smt
+++ b/src/initscripts/system/smt
@@ -20,6 +20,11 @@ case "${1}" in
 			exit 0
 		fi 2>/dev/null
 
+		# Do not disable SMT inside virtual machines
+		if [ -d "/sys/hypervisor" ]; then
+			exit 0
+		fi
+
 		# Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
 		for vuln in l1tf mds; do
 			if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \