src/initscripts/system/smt

   1 #!/bin/sh
   2 ########################################################################
   3 # Begin $rc_base/init.d/smt
   4 ########################################################################
   5
   6 . /etc/sysconfig/rc
   7 . ${rc_functions}
   8
   9 eval $(/usr/local/bin/readhash /var/ipfire/main/security)
  10
  11 case "${1}" in
  12         start)
  13                 # Nothing to do here when SMT is forced on
  14                 if [ "${ENABLE_SMT}" = "on" ]; then
  15                         exit 0
  16                 fi
  17
  18                 # Nothing to do when SMT is not enabled or not supported anyways
  19                 if [ "$(</sys/devices/system/cpu/smt/control)" != "on" ]; then
  20                         exit 0
  21                 fi
  22
  23                 # Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
  24                 for vuln in l1tf mds; do
  25                         if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
  26                                         [ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" != "Not affected" ]; then
  27                                 # Disable SMT
  28                                 boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
  29                                 echo "forceoff" > /sys/devices/system/cpu/smt/control
  30                                 echo_ok
  31
  32                                 # No need to check any further when we have disabled SMT already
  33                                 break
  34                         fi
  35                 done
  36                 ;;
  37
  38         *)
  39                 echo "Usage: ${0} {start}"
  40                 exit 1
  41                 ;;
  42 esac
  43
  44 # End $rc_base/init.d/smt