SMT: Disable when system is vulnerable to L1TF (Foreshadow)

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-25 18:32:57 +02:00 · 2019-06-04 23:55:17 +01:00
parent cfbb61a74d
commit 0bb25a4f61
2 changed files with 14 additions and 9 deletions
--- a/src/initscripts/system/smt
+++ b/src/initscripts/system/smt
@@ -15,20 +15,24 @@ case "${1}" in
 			exit 0
 		fi

-		# Nothing to do if this processor is not vulnerable
-		# to Fallout/RIDL.
-		if [ -r "/sys/devices/system/cpu/vulnerabilities/mds" ]; then
-			if [ "$(</sys/devices/system/cpu/vulnerabilities/mds)" = "Not affected" ]; then
-				exit 0
-			fi
+		# Nothing to do when SMT is not enabled or not supported anyways
+		if [ "$(</sys/devices/system/cpu/smt/control)" != "on" ]; then
+			exit 0
+		fi

-			# Disable SMT when supported and enabled
-			if [ "$(</sys/devices/system/cpu/smt/control)" = "on" ]; then
+		# Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
+		for vuln in l1tf mds; do
+			if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
+					[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" != "Not affected" ]; then
+				# Disable SMT
 				boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
 				echo "forceoff" > /sys/devices/system/cpu/smt/control
 				echo_ok
+
+				# No need to check any further when we have disabled SMT already
+				break
 			fi
-		fi
+		done
 		;;

 	*)