From 97bccaa0d711005e30f404594bb1072f81dce869 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Mon, 16 Apr 2018 09:13:04 +0200
Subject: [PATCH] feat: rephrase IBPB warning when only retpoline is enabled in
 non-paranoid mode

---
 spectre-meltdown-checker.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 3168179..9903551 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -2329,7 +2329,11 @@ check_variant2_linux()
 			pvulnstatus $cve OK "Full retpoline + IBPB are mitigating the vulnerability"
 		elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ "$opt_paranoid" = 0 ] && ( ! is_skylake_cpu || [ -n "$rsb_filling" ] ); then
 			pvulnstatus $cve OK "Full retpoline is mitigating the vulnerability"
-			_warn "You might want to enable IBPB to complete retpoline as a Variant 2 mitigation"
+			if [ -n "$cpuid_ibpb" ]; then
+				_warn "You should enable IBPB to complete retpoline as a Variant 2 mitigation"
+			else
+				_warn "IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it"
+			fi
 		elif [ -n "$ibrs_enabled" ] && [ -n "$ibpb_enabled" ] && [ "$ibrs_enabled" -ge 1 ] && [ "$ibpb_enabled" -ge 1 ]; then
 			pvulnstatus $cve OK "IBRS + IBPB are mitigating the vulnerability"
 		elif [ "$ibpb_enabled" = 2 ] && ! is_cpu_smt_enabled; then