smt: Do not disable SMT in virtual machines

Processors in virtual machines are *virtual*. Therefore this
only degrades the performance of the guest, but does not increase
it's security.

This patch always leaves SMT enabled in all virtual environments.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt
index cc4128b2d90f45b5b8b31e10362962daa7bceec1..bfa7d57b3e925f46053bbb6b63a90c5bec77b983 100644 (file)
--- a/src/initscripts/system/smt
+++ b/src/initscripts/system/smt
@@ -20,6 +20,11 @@ case "${1}" in
                        exit 0
                fi 2>/dev/null
 
+               # Do not disable SMT inside virtual machines
+               if [ -d "/sys/hypervisor" ]; then
+                       exit 0
+               fi
+
                # Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
                for vuln in l1tf mds; do
                        if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \