From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 3/3] smt: Do not disable SMT in virtual machines
Date: Tue, 21 Jul 2020 10:36:41 +0000
Message-ID: <20200721103641.30305-3-michael.tremer@ipfire.org>
In-Reply-To: <20200721103641.30305-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7497819536843313796=="
List-Id: <development.lists.ipfire.org>

--===============7497819536843313796==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Processors in virtual machines are *virtual*. Therefore this
only degrades the performance of the guest, but does not increase
it's security.

This patch always leaves SMT enabled in all virtual environments.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 src/initscripts/system/smt | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt
index cc4128b2d..bfa7d57b3 100644
--- a/src/initscripts/system/smt
+++ b/src/initscripts/system/smt
@@ -20,6 +20,11 @@ case "${1}" in
 			exit 0
 		fi 2>/dev/null
=20
+		# Do not disable SMT inside virtual machines
+		if [ -d "/sys/hypervisor" ]; then
+			exit 0
+		fi
+
 		# Disable SMT when the processor is vulnerable to Foreshadow or Fallout/Zo=
mbieLoad/RIDL
 		for vuln in l1tf mds; do
 			if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
--=20
2.20.1


--===============7497819536843313796==--