From 53b9eda0406019ad09987b4b08c390b2e94282ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Wed, 24 Jan 2018 08:53:33 +0100
Subject: [PATCH] fix: don't make IBPB mandatory when it's not there

On some kernels there could be IBRS support but not
IBPB support, in that case, don't report VULN just
because IBPB is not enabled when IBRS is
---
 spectre-meltdown-checker.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index c3f9202..a275c5d 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -1011,6 +1011,7 @@ check_variant2()
 						ibpb_enabled=$(cat "$dir/ibpb_enabled" 2>/dev/null)
 						_debug "ibpb: found $dir/ibpb_enabled=$ibpb_enabled"
 					else
+						ibpb_enabled=-1
 						_debug "ibpb: no ibpb_enabled file in $dir"
 					fi
 					break
@@ -1193,6 +1194,9 @@ check_variant2()
 		elif [ "$opt_live" = 1 ]; then
 			if [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ] && [ "$ibpb_enabled" = 1 ]; then
 				pvulnstatus $cve OK "IBRS/IBPB are mitigating the vulnerability"
+			elif [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ] && [ "$ibpb_enabled" = -1 ]; then
+				# IBPB doesn't seem here on this kernel
+				pvulnstatus $cve OK "IBRS is mitigating the vulnerability"
 			elif [ "$ibpb_enabled" = 2 ]; then
 				pvulnstatus $cve OK "Full IBPB is mitigating the vulnerability"
 			else