From 0518604fe66dd621cdf7a1b9625a3a44948a37fb Mon Sep 17 00:00:00 2001
From: Corey Wright <cwright@digitalocean.com>
Date: Sat, 29 Jun 2019 19:56:11 -0500
Subject: [PATCH] Use kernel_err to avoid misreporting missing Linux kernel
 image

When checking for CVE-2017-5715 (i.e. `check_CVE_2017_5715_linux()`),
if we can't inspect (with `readelf`) or decompress the Linux kernel
image, then we report there is no kernel image (i.e. `we need the
kernel image` or `kernel image missing`, respectively), which confuses
users when the associated file exists.

Instead use `kernel_err` to provide a correct and detailed description
of the problem (e.g. `missing '...' tool, please install it, usually
it's in the '...' package`), so the user can take the prescribed
action.
---
 spectre-meltdown-checker.sh | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 4bce425..5409004 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -3064,8 +3064,10 @@ check_CVE_2017_5715_linux()
 			if [ "$ibrs_can_tell" = 1 ]; then
 				pstatus yellow NO
 			else
-				# if we're in offline mode without System.map, we can't really know
-				pstatus yellow UNKNOWN "in offline mode, we need the kernel image and System.map to be able to tell"
+				# problem obtaining/inspecting kernel or strings not installed, but if the later is true,
+				# then readelf is not installed either (both in binutils) which makes the former true, so
+				# either way kernel_err should be set
+				pstatus yellow UNKNOWN "couldn't check ($kernel_err)"
 			fi
 		else
 			if [ "$opt_verbose" -ge 2 ]; then
@@ -3276,8 +3278,8 @@ check_CVE_2017_5715_linux()
 			_info_nol "  * Kernel supports RSB filling: "
 			if ! command -v "${opt_arch_prefix}strings" >/dev/null 2>&1; then
 				pstatus yellow UNKNOWN "missing '${opt_arch_prefix}strings' tool, please install it, usually it's in the binutils package"
-			elif [ -z "$kernel" ]; then
-				pstatus yellow UNKNOWN "kernel image missing"
+			elif [ -n "$kernel_err" ]; then
+				pstatus yellow UNKNOWN "couldn't check ($kernel_err)"
 			else
 				rsb_filling=$("${opt_arch_prefix}strings" "$kernel" | grep -w 'Filling RSB on context switch')
 				if [ -n "$rsb_filling" ]; then