SMT can be forced on.
By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.
Systems that are not vulnerable to that will keep SMT enabled.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
etc/rc.d/rcsysinit.d/S40mountfs
etc/rc.d/rcsysinit.d/S42fsresize
etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
etc/rc.d/rcsysinit.d/S40mountfs
etc/rc.d/rcsysinit.d/S42fsresize
etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
etc/rc.d/rcsysinit.d/S40mountfs
etc/rc.d/rcsysinit.d/S42fsresize
etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
etc/rc.d/rcsysinit.d/S40mountfs
etc/rc.d/rcsysinit.d/S42fsresize
etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
ln -sf ../init.d/mountfs /etc/rc.d/rcsysinit.d/S40mountfs
ln -sf ../init.d/fsresize /etc/rc.d/rcsysinit.d/S42fsresize
ln -sf ../init.d/mounttmpfs /etc/rc.d/rcsysinit.d/S43mounttmpfs
+ ln -sf ../init.d/smt /etc/rc.d/rcsysinit.d/S44smt
ln -sf ../init.d/udev_retry /etc/rc.d/rcsysinit.d/S45udev_retry
ln -sf ../init.d/cleanfs /etc/rc.d/rcsysinit.d/S50cleanfs
ln -sf ../init.d/setclock /etc/rc.d/rcsysinit.d/S60setclock
--- /dev/null
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/smt
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+eval $(/usr/local/bin/readhash /var/ipfire/main/security)
+
+case "${1}" in
+ start)
+ # Nothing to do here when SMT is forced on
+ if [ "${ENABLE_SMT}" = "on" ]; then
+ exit 0
+ fi
+
+ # Nothing to do if this processor is not vulnerable
+ # to Fallout/RIDL.
+ if [ -r "/sys/devices/system/cpu/vulnerabilities/mds" ]; then
+ if [ "$(</sys/devices/system/cpu/vulnerabilities/mds)" = "Not affected" ]; then
+ exit 0
+ fi
+
+ # Disable SMT when supported and enabled
+ if [ "$(</sys/devices/system/cpu/smt/control)" = "on" ]; then
+ boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
+ echo "forceoff" > /sys/devices/system/cpu/smt/control
+ echo_ok
+ fi
+ fi
+ ;;
+
+ *)
+ echo "Usage: ${0} {start}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/smt