From 6a83dbb4518fae7fe7089266b78e0adceed17c35 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 20 May 2019 21:30:26 +0100
Subject: [PATCH] SMT: Apply settings according to configuration

SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/common/aarch64/initscripts  |  2 +
 config/rootfiles/common/armv5tel/initscripts |  2 +
 config/rootfiles/common/i586/initscripts     |  2 +
 config/rootfiles/common/x86_64/initscripts   |  2 +
 lfs/initscripts                              |  1 +
 src/initscripts/system/smt                   | 40 ++++++++++++++++++++
 6 files changed, 49 insertions(+)
 create mode 100644 src/initscripts/system/smt

diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index ed4f727d93..cc23cd7fec 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -184,6 +185,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index ed4f727d93..cc23cd7fec 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -184,6 +185,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 07a123a48d..c0c6cf8a9d 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -183,6 +184,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index 07a123a48d..c0c6cf8a9d 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -183,6 +184,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
diff --git a/lfs/initscripts b/lfs/initscripts
index 055e106d0a..5ed5f9524c 100644
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -169,6 +169,7 @@ $(TARGET) :
 	ln -sf ../init.d/mountfs     /etc/rc.d/rcsysinit.d/S40mountfs
 	ln -sf ../init.d/fsresize    /etc/rc.d/rcsysinit.d/S42fsresize
 	ln -sf ../init.d/mounttmpfs  /etc/rc.d/rcsysinit.d/S43mounttmpfs
+	ln -sf ../init.d/smt         /etc/rc.d/rcsysinit.d/S44smt
 	ln -sf ../init.d/udev_retry  /etc/rc.d/rcsysinit.d/S45udev_retry
 	ln -sf ../init.d/cleanfs     /etc/rc.d/rcsysinit.d/S50cleanfs
 	ln -sf ../init.d/setclock    /etc/rc.d/rcsysinit.d/S60setclock
diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt
new file mode 100644
index 0000000000..a31cd7beab
--- /dev/null
+++ b/src/initscripts/system/smt
@@ -0,0 +1,40 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/smt
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+eval $(/usr/local/bin/readhash /var/ipfire/main/security)
+
+case "${1}" in
+	start)
+		# Nothing to do here when SMT is forced on
+		if [ "${ENABLE_SMT}" = "on" ]; then
+			exit 0
+		fi
+
+		# Nothing to do if this processor is not vulnerable
+		# to Fallout/RIDL.
+		if [ -r "/sys/devices/system/cpu/vulnerabilities/mds" ]; then
+			if [ "$(</sys/devices/system/cpu/vulnerabilities/mds)" = "Not affected" ]; then
+				exit 0
+			fi
+
+			# Disable SMT when supported and enabled
+			if [ "$(</sys/devices/system/cpu/smt/control)" = "on" ]; then
+				boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
+				echo "forceoff" > /sys/devices/system/cpu/smt/control
+				echo_ok
+			fi
+		fi
+		;;
+
+	*)
+		echo "Usage: ${0} {start}"
+		exit 1
+		;;
+esac
+
+# End $rc_base/init.d/smt
-- 
2.39.2