Processors in virtual machines are *virtual*. Therefore this only degrades the performance of the guest, but does not increase it's security.
This patch always leaves SMT enabled in all virtual environments.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- src/initscripts/system/smt | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt index cc4128b2d..bfa7d57b3 100644 --- a/src/initscripts/system/smt +++ b/src/initscripts/system/smt @@ -20,6 +20,11 @@ case "${1}" in exit 0 fi 2>/dev/null
+ # Do not disable SMT inside virtual machines + if [ -d "/sys/hypervisor" ]; then + exit 0 + fi + # Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL for vuln in l1tf mds; do if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \