From 10b8d94724b0914a4000b3f1a85b87799239202c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Tue, 10 Apr 2018 22:09:38 +0200
Subject: [PATCH] feat: detect latest Red Hat kernels' RO ibpb_enabled knob

---
 spectre-meltdown-checker.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index ef2cec6..de036d0 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -2362,7 +2362,12 @@ check_variant2_linux()
 				fi
 				if [ -n "$cpuid_ibpb" ] && [ -n "$ibpb_supported" ]; then
 					if [ -e "$specex_knob_dir/ibpb_enabled" ]; then
-						explain "Both your CPU and your kernel have IBPB support, but it is currently disabled. You may enable it with \`echo 1 > $specex_knob_dir/ibpb_enabled\`."
+						# newer (April 2018) Red Hat kernels have ibpb_enabled as ro, and automatically enables it with retpoline
+						if [ ! -w "$specex_knob_dir/ibpb_enabled" ] && [ -e "$specex_knob_dir/retp_enabled" ]; then
+							explain "Both your CPU and your kernel have IBPB support, but it is currently disabled. You kernel should enable IBPB automatically if you enable retpoline. You may enable it with \`echo 1 > $specex_knob_dir/retp_enabled\`."
+						else
+							explain "Both your CPU and your kernel have IBPB support, but it is currently disabled. You may enable it with \`echo 1 > $specex_knob_dir/ibpb_enabled\`."
+						fi
 					else
 						explain "Both your CPU and your kernel have IBPB support, but it is currently disabled. You may enable it. Check in your distro's documentation on how to do this."
 					fi