smt: Only disable SMT when the kernel thinks it is vulnerable
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 11 Jun 2019 17:07:23 +0000 (17:07 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 11 Jun 2019 17:07:23 +0000 (17:07 +0000)
On virtual machines, it does not make sense to disable SMT for the
virtual cores. This has to be done by the hypervisor.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/initscripts/system/smt

index f85f567..f83776c 100644 (file)
@@ -23,7 +23,7 @@ case "${1}" in
                # Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
                for vuln in l1tf mds; do
                        if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
-                                       [ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" != "Not affected" ]; then
+                                       [[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" =~ "SMT vulnerable" ]]; then
                                # Disable SMT
                                boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
                                echo "forceoff" > /sys/devices/system/cpu/smt/control