public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed
* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. f41a54a2eae3c21732863dba8851f87029cfd8d6
@ 2023-08-12  7:29 Arne Fitzenreiter
  0 siblings, 0 replies; only message in thread
From: Arne Fitzenreiter @ 2023-08-12  7:29 UTC (permalink / raw)
  To: ipfire-scm

[-- Attachment #1: Type: text/plain, Size: 4315 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  f41a54a2eae3c21732863dba8851f87029cfd8d6 (commit)
      from  ee0ee298435ada541e4cfed95cfd38b328a41eca (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f41a54a2eae3c21732863dba8851f87029cfd8d6
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date:   Sat Aug 12 09:11:52 2023 +0200

    initskript: smt: disable smt on vulnerable cpu
    
    Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/core/178/filelists/files |  1 +
 src/initscripts/system/smt                | 32 +++++++++----------------------
 2 files changed, 10 insertions(+), 23 deletions(-)

Difference in files:
diff --git a/config/rootfiles/core/178/filelists/files b/config/rootfiles/core/178/filelists/files
index 00198bcc3..957d268c9 100644
--- a/config/rootfiles/core/178/filelists/files
+++ b/config/rootfiles/core/178/filelists/files
@@ -1 +1,2 @@
+etc/rc.d/init.d/smt
 srv/web/ipfire/cgi-bin/vulnerabilities.cgi
diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt
index 821bb5178..7757a21e5 100644
--- a/src/initscripts/system/smt
+++ b/src/initscripts/system/smt
@@ -1,23 +1,7 @@
 #!/bin/sh
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info(a)ipfire.org>                     #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
+########################################################################
+# Begin $rc_base/init.d/smt
+########################################################################
 
 . /etc/sysconfig/rc
 . ${rc_functions}
@@ -41,10 +25,10 @@ case "${1}" in
 			exit 0
 		fi
 
-		# Disable SMT when the processor is vulnerable to Foreshadow or Fallout/ZombieLoad/RIDL
-		for vuln in l1tf mds; do
-			if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
-					[[ "$(</sys/devices/system/cpu/vulnerabilities/${vuln})" =~ "SMT vulnerable" ]]; then
+		# Disable SMT when the processor is vulnerable if SMT is enabled
+		for vuln in $(ls /sys/devices/system/cpu/vulnerabilities/*) ; do
+			if [ -r "${vuln}" ] && \
+					[[ "$(<${vuln})" =~ "SMT vulnerable" ]]; then
 				# Disable SMT
 				boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
 				echo "forceoff" > /sys/devices/system/cpu/smt/control
@@ -61,3 +45,5 @@ case "${1}" in
 		exit 1
 		;;
 esac
+
+# End $rc_base/init.d/smt


hooks/post-receive
--
IPFire 2.x development tree

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2023-08-12  7:29 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-12  7:29 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. f41a54a2eae3c21732863dba8851f87029cfd8d6 Arne Fitzenreiter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox