SMT: Apply settings according to configuration
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 20 May 2019 20:30:26 +0000 (21:30 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 20 May 2019 20:30:26 +0000 (21:30 +0100)
SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/rootfiles/common/aarch64/initscripts
config/rootfiles/common/armv5tel/initscripts
config/rootfiles/common/i586/initscripts
config/rootfiles/common/x86_64/initscripts
lfs/initscripts
src/initscripts/system/smt [new file with mode: 0644]

index ed4f727..cc23cd7 100644 (file)
@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -184,6 +185,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
index ed4f727..cc23cd7 100644 (file)
@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -184,6 +185,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
index 07a123a..c0c6cf8 100644 (file)
@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -183,6 +184,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
index 07a123a..c0c6cf8 100644 (file)
@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -183,6 +184,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
index 055e106..5ed5f95 100644 (file)
@@ -169,6 +169,7 @@ $(TARGET) :
        ln -sf ../init.d/mountfs     /etc/rc.d/rcsysinit.d/S40mountfs
        ln -sf ../init.d/fsresize    /etc/rc.d/rcsysinit.d/S42fsresize
        ln -sf ../init.d/mounttmpfs  /etc/rc.d/rcsysinit.d/S43mounttmpfs
+       ln -sf ../init.d/smt         /etc/rc.d/rcsysinit.d/S44smt
        ln -sf ../init.d/udev_retry  /etc/rc.d/rcsysinit.d/S45udev_retry
        ln -sf ../init.d/cleanfs     /etc/rc.d/rcsysinit.d/S50cleanfs
        ln -sf ../init.d/setclock    /etc/rc.d/rcsysinit.d/S60setclock
diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt
new file mode 100644 (file)
index 0000000..a31cd7b
--- /dev/null
@@ -0,0 +1,40 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/smt
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+eval $(/usr/local/bin/readhash /var/ipfire/main/security)
+
+case "${1}" in
+       start)
+               # Nothing to do here when SMT is forced on
+               if [ "${ENABLE_SMT}" = "on" ]; then
+                       exit 0
+               fi
+
+               # Nothing to do if this processor is not vulnerable
+               # to Fallout/RIDL.
+               if [ -r "/sys/devices/system/cpu/vulnerabilities/mds" ]; then
+                       if [ "$(</sys/devices/system/cpu/vulnerabilities/mds)" = "Not affected" ]; then
+                               exit 0
+                       fi
+
+                       # Disable SMT when supported and enabled
+                       if [ "$(</sys/devices/system/cpu/smt/control)" = "on" ]; then
+                               boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
+                               echo "forceoff" > /sys/devices/system/cpu/smt/control
+                               echo_ok
+                       fi
+               fi
+               ;;
+
+       *)
+               echo "Usage: ${0} {start}"
+               exit 1
+               ;;
+esac
+
+# End $rc_base/init.d/smt