This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via f41a54a2eae3c21732863dba8851f87029cfd8d6 (commit) from ee0ee298435ada541e4cfed95cfd38b328a41eca (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit f41a54a2eae3c21732863dba8851f87029cfd8d6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Aug 12 09:11:52 2023 +0200
initskript: smt: disable smt on vulnerable cpu
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/178/filelists/files | 1 + src/initscripts/system/smt | 32 +++++++++---------------------- 2 files changed, 10 insertions(+), 23 deletions(-)
Difference in files: diff --git a/config/rootfiles/core/178/filelists/files b/config/rootfiles/core/178/filelists/files index 00198bcc3..957d268c9 100644 --- a/config/rootfiles/core/178/filelists/files +++ b/config/rootfiles/core/178/filelists/files @@ -1 +1,2 @@ +etc/rc.d/init.d/smt srv/web/ipfire/cgi-bin/vulnerabilities.cgi diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt index 821bb5178..7757a21e5 100644 --- a/src/initscripts/system/smt +++ b/src/initscripts/system/smt @@ -1,23 +1,7 @@ #!/bin/sh -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### +######################################################################## +# Begin $rc_base/init.d/smt +########################################################################
. /etc/sysconfig/rc . ${rc_functions} @@ -41,10 +25,10 @@ case "${1}" in exit 0 fi
- # Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL - for vuln in l1tf mds; do - if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \ - [[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" =~ "SMT vulnerable" ]]; then + # Disable SMT when the processor is vulnerable if SMT is enabled + for vuln in $(ls /sys/devices/system/cpu/vulnerabilities/*) ; do + if [ -r "${vuln}" ] && \ + [[ "$(<${vuln})" =~ "SMT vulnerable" ]]; then # Disable SMT boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..." echo "forceoff" > /sys/devices/system/cpu/smt/control @@ -61,3 +45,5 @@ case "${1}" in exit 1 ;; esac + +# End $rc_base/init.d/smt
hooks/post-receive -- IPFire 2.x development tree