From ddc7197b868b8762217b6d0ba8ba10791caa6b9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Mon, 22 Jan 2018 10:48:48 +0100
Subject: [PATCH] fix(retpoline): retpoline-compiler detection

When kernel is not compiled with retpoline option, doesn't
have the sysfs vulnerability hierarchy and our heuristic to
detect a retpoline-aware compiler didn't match, change result
for retpoline-aware compiler detection from UNKNOWN to NO.
When CONFIG_RETPOLINE is not set, a retpoline-aware compiler
won't produce different asm than a standard one anyway.
---
 spectre-meltdown-checker.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index a48716c..f73b92a 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -1131,7 +1131,7 @@ check_variant2()
 				retpoline_compiler=1
 				pstatus green YES "kernel reports full retpoline compilation"
 			else
-				pstatus yellow UNKNOWN
+				[ "$retpoline" = 1 ] && pstatus yellow UNKNOWN || pstatus red NO
 			fi
 		elif [ -n "$opt_map" ]; then
 			# look for the symbol
@@ -1139,7 +1139,7 @@ check_variant2()
 				retpoline_compiler=1
 				pstatus green YES "noretpoline_setup symbol found in System.map"
 			else
-				pstatus yellow UNKNOWN
+				[ "$retpoline" = 1 ] && pstatus yellow UNKNOWN || pstatus red NO
 			fi
 		elif [ -n "$vmlinux" ]; then
 			# look for the symbol
@@ -1149,7 +1149,7 @@ check_variant2()
 					retpoline_compiler=1
 					pstatus green YES "noretpoline_setup found in vmlinux symbols"
 				else
-					pstatus yellow UNKNOWN
+					[ "$retpoline" = 1 ] && pstatus yellow UNKNOWN || pstatus red NO
 				fi
 			elif grep -q noretpoline_setup "$vmlinux"; then
 				# if we don't have nm, nevermind, the symbol name is long enough to not have
@@ -1157,10 +1157,10 @@ check_variant2()
 				retpoline_compiler=1
 				pstatus green YES "noretpoline_setup found in vmlinux"
 			else
-				pstatus yellow UNKNOWN
+				[ "$retpoline" = 1 ] && pstatus yellow UNKNOWN || pstatus red NO
 			fi
 		else
-			pstatus yellow UNKNOWN "couldn't find your kernel image or System.map"
+			[ "$retpoline" = 1 ] && pstatus yellow UNKNOWN "couldn't find your kernel image or System.map" || pstatus red NO
 		fi
 
 		_info_nol "*   Retpoline enabled: "