From f41a54a2eae3c21732863dba8851f87029cfd8d6 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 12 Aug 2023 09:11:52 +0200
Subject: [PATCH] initskript: smt: disable smt on vulnerable cpu

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 config/rootfiles/core/178/filelists/files |  1 +
 src/initscripts/system/smt                | 32 +++++++----------------
 2 files changed, 10 insertions(+), 23 deletions(-)

diff --git a/config/rootfiles/core/178/filelists/files b/config/rootfiles/core/178/filelists/files
index 00198bcc3e..957d268c9f 100644
--- a/config/rootfiles/core/178/filelists/files
+++ b/config/rootfiles/core/178/filelists/files
@@ -1 +1,2 @@
+etc/rc.d/init.d/smt
 srv/web/ipfire/cgi-bin/vulnerabilities.cgi
diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt
index 821bb51783..7757a21e51 100644
--- a/src/initscripts/system/smt
+++ b/src/initscripts/system/smt
@@ -1,23 +1,7 @@
 #!/bin/sh
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
+########################################################################
+# Begin $rc_base/init.d/smt
+########################################################################
 
 . /etc/sysconfig/rc
 . ${rc_functions}
@@ -41,10 +25,10 @@ case "${1}" in
 			exit 0
 		fi
 
-		# Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
-		for vuln in l1tf mds; do
-			if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
-					[[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" =~ "SMT vulnerable" ]]; then
+		# Disable SMT when the processor is vulnerable if SMT is enabled
+		for vuln in $(ls /sys/devices/system/cpu/vulnerabilities/*) ; do
+			if [ -r "${vuln}" ] && \
+					[[ "$(<${vuln})" =~ "SMT vulnerable" ]]; then
 				# Disable SMT
 				boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
 				echo "forceoff" > /sys/devices/system/cpu/smt/control
@@ -61,3 +45,5 @@ case "${1}" in
 		exit 1
 		;;
 esac
+
+# End $rc_base/init.d/smt
-- 
2.39.5