initskript: smt: disable smt on vulnerable cpu

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2026-04-27 11:13:24 +02:00 · 2023-08-12 09:11:52 +02:00
parent ee0ee29843
commit f41a54a2ea
2 changed files with 10 additions and 23 deletions
--- a/src/initscripts/system/smt
+++ b/src/initscripts/system/smt
@@ -1,23 +1,7 @@
 #!/bin/sh
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
+########################################################################
+# Begin $rc_base/init.d/smt
+########################################################################

 . /etc/sysconfig/rc
 . ${rc_functions}
@@ -41,10 +25,10 @@ case "${1}" in
 			exit 0
 		fi

-		# Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
-		for vuln in l1tf mds; do
-			if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
-					[[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" =~ "SMT vulnerable" ]]; then
+		# Disable SMT when the processor is vulnerable if SMT is enabled
+		for vuln in $(ls /sys/devices/system/cpu/vulnerabilities/*) ; do
+			if [ -r "${vuln}" ] && \
+					[[ "$(<${vuln})" =~ "SMT vulnerable" ]]; then
 				# Disable SMT
 				boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
 				echo "forceoff" > /sys/devices/system/cpu/smt/control
@@ -61,3 +45,5 @@ case "${1}" in
 		exit 1
 		;;
 esac
+
+# End $rc_base/init.d/smt