From 5e35f0a711adc3683c7c209ba1025327b742601f Mon Sep 17 00:00:00 2001
From: Dario Faggioli <dfaggioli@suse.com>
Date: Thu, 18 Apr 2019 17:54:27 +0200
Subject: [PATCH] L1TF/Linux: fix EPT on/off detection against sysfs

Checking whether or not EPT is enabled, happens via /sys.

We should therefore also make sure that we do that when being
invoked with no options, and with `--sysfs-only`, and that we
don't when invoked with `--no-sysfs`.
---
 spectre-meltdown-checker.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index e926eff..3085767 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -3845,7 +3845,9 @@ check_CVE_2018_3646_linux()
 		fi
 	fi
 
-	if [ "$opt_sysfs_only" != 1 ]; then
+	# until we find it is actually off, let's assume enabled
+	ept_disabled=0
+	if [ "$opt_no_sysfs" != 1 ]; then
 		_info "* Mitigation 1 (KVM)"
 		_info_nol "  * EPT is disabled: "
 		if [ "$opt_live" = 1 ]; then
@@ -3860,7 +3862,9 @@ check_CVE_2018_3646_linux()
 		else
 			pstatus blue N/A "not testable in offline mode"
 		fi
+	fi
 
+	if [ "$opt_sysfs_only" != 1 ]; then
 		_info "* Mitigation 2"
 		_info_nol "  * L1D flush is supported by kernel: "
 		if [ "$opt_live" = 1 ] && grep -qw flush_l1d "$procfs/cpuinfo"; then