From 0bb25a4f61e494a8118bfb764625cd98fe209438 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 4 Jun 2019 23:55:17 +0100 Subject: [PATCH] SMT: Disable when system is vulnerable to L1TF (Foreshadow) Signed-off-by: Michael Tremer --- config/rootfiles/core/133/filelists/files | 1 + src/initscripts/system/smt | 22 +++++++++++++--------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/config/rootfiles/core/133/filelists/files b/config/rootfiles/core/133/filelists/files index 187b1de7f0..f78013c4e3 100644 --- a/config/rootfiles/core/133/filelists/files +++ b/config/rootfiles/core/133/filelists/files @@ -1,5 +1,6 @@ etc/system-release etc/issue +etc/rc.d/init.d/smt srv/web/ipfire/cgi-bin/credits.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/vulnerabilities.cgi diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt index a31cd7beab..f85f567fa8 100644 --- a/src/initscripts/system/smt +++ b/src/initscripts/system/smt @@ -15,20 +15,24 @@ case "${1}" in exit 0 fi - # Nothing to do if this processor is not vulnerable - # to Fallout/RIDL. - if [ -r "/sys/devices/system/cpu/vulnerabilities/mds" ]; then - if [ "$( /sys/devices/system/cpu/smt/control echo_ok + + # No need to check any further when we have disabled SMT already + break fi - fi + done ;; *) -- 2.39.2