]> git.ipfire.org Git - ipfire-2.x.git/blob - src/initscripts/system/smt
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
smt: Fix check to detect if a system is running virtually
[ipfire-2.x.git] / src / initscripts / system / smt
1 #!/bin/sh
2 ########################################################################
3 # Begin $rc_base/init.d/smt
4 ########################################################################
5
6 . /etc/sysconfig/rc
7 . ${rc_functions}
8
9 eval $(/usr/local/bin/readhash /var/ipfire/main/security)
10
11 case "${1}" in
12 start)
13 # Nothing to do here when SMT is forced on
14 if [ "${ENABLE_SMT}" = "on" ]; then
15 exit 0
16 fi
17
18 # Nothing to do when SMT is not enabled or not supported anyways
19 if [ "$(</sys/devices/system/cpu/smt/control)" != "on" ]; then
20 exit 0
21 fi 2>/dev/null
22
23 # Do not disable SMT inside virtual machines
24 if running_on_hypervisor; then
25 exit 0
26 fi
27
28 # Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
29 for vuln in l1tf mds; do
30 if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
31 [[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" =~ "SMT vulnerable" ]]; then
32 # Disable SMT
33 boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
34 echo "forceoff" > /sys/devices/system/cpu/smt/control
35 echo_ok
36
37 # No need to check any further when we have disabled SMT already
38 break
39 fi
40 done
41 ;;
42
43 *)
44 echo "Usage: ${0} {start}"
45 exit 1
46 ;;
47 esac
48
49 # End $rc_base/init.d/smt
IPFire 2.x development tree