SMT: Apply settings according to configuration

SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/common/aarch64/initscripts

@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -184,6 +185,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock

config/rootfiles/common/armv5tel/initscripts

@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -184,6 +185,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock

config/rootfiles/common/i586/initscripts

@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -183,6 +184,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock

config/rootfiles/common/x86_64/initscripts

@@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
 etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
@@ -183,6 +184,7 @@ etc/rc.d/rcsysinit.d/S30checkfs
 etc/rc.d/rcsysinit.d/S40mountfs
 etc/rc.d/rcsysinit.d/S42fsresize
 etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
 etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock

lfs/initscripts

@@ -169,6 +169,7 @@ $(TARGET) :
 	ln -sf ../init.d/mountfs     /etc/rc.d/rcsysinit.d/S40mountfs
 	ln -sf ../init.d/fsresize    /etc/rc.d/rcsysinit.d/S42fsresize
 	ln -sf ../init.d/mounttmpfs  /etc/rc.d/rcsysinit.d/S43mounttmpfs
+	ln -sf ../init.d/smt         /etc/rc.d/rcsysinit.d/S44smt
 	ln -sf ../init.d/udev_retry  /etc/rc.d/rcsysinit.d/S45udev_retry
 	ln -sf ../init.d/cleanfs     /etc/rc.d/rcsysinit.d/S50cleanfs
 	ln -sf ../init.d/setclock    /etc/rc.d/rcsysinit.d/S60setclock

src/initscripts/system/smt

@@ -0,0 +1,40 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/smt
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+eval $(/usr/local/bin/readhash /var/ipfire/main/security)
+
+case "${1}" in
+	start)
+		# Nothing to do here when SMT is forced on
+		if [ "${ENABLE_SMT}" = "on" ]; then
+			exit 0
+		fi
+
+		# Nothing to do if this processor is not vulnerable
+		# to Fallout/RIDL.
+		if [ -r "/sys/devices/system/cpu/vulnerabilities/mds" ]; then
+			if [ "$(</sys/devices/system/cpu/vulnerabilities/mds)" = "Not affected" ]; then
+				exit 0
+			fi
+
+			# Disable SMT when supported and enabled
+			if [ "$(</sys/devices/system/cpu/smt/control)" = "on" ]; then
+				boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
+				echo "forceoff" > /sys/devices/system/cpu/smt/control
+				echo_ok
+			fi
+		fi
+		;;
+
+	*)
+		echo "Usage: ${0} {start}"
+		exit 1
+		;;
+esac
+
+# End $rc_base/init.d/smt