exit 0
fi
- # Nothing to do if this processor is not vulnerable
- # to Fallout/RIDL.
- if [ -r "/sys/devices/system/cpu/vulnerabilities/mds" ]; then
- if [ "$(</sys/devices/system/cpu/vulnerabilities/mds)" = "Not affected" ]; then
- exit 0
- fi
+ # Nothing to do when SMT is not enabled or not supported anyways
+ if [ "$(</sys/devices/system/cpu/smt/control)" != "on" ]; then
+ exit 0
+ fi
- # Disable SMT when supported and enabled
- if [ "$(</sys/devices/system/cpu/smt/control)" = "on" ]; then
+ # Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
+ for vuln in l1tf mds; do
+ if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
+ [ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" != "Not affected" ]; then
+ # Disable SMT
boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
echo "forceoff" > /sys/devices/system/cpu/smt/control
echo_ok
+
+ # No need to check any further when we have disabled SMT already
+ break
fi
- fi
+ done
;;
*)