No more IBRS since 3.10.0-693.21.1.el7 kernel update?

Hi,

I patched our Dell PowerEdge R730 machines with the latest BIOS last week and when I booted kernel-3.10.0-693.17.1.el7.x86_64 afterwards, I ran the spectre-meltdown-checker.sh script. It listed I was no longer vulnerable to spectre as I had IBRS enabled.

Since then I've upgraded to kernel 3.10.0-693.21.1.el7 which contains the retpoline patches. When I now run the test script it indicates that I'm still vulnerable to spectre?

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: YES
* Kernel support for IBRS: YES
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: NO

STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

It still detects the IBRS feature, but does not seem to use it because it has retpoline support? It indicates the kernel was not compiled with a retpoline-aware compiler.

These machines are also oVirt hosts, and the oVirt engine now shows IBRS: 0 in the host details.

Is this expected? Should the kernel be recompiled with a retpoline-aware compiler first? I've noticed a gcc update that includes that support?

Regards,

Rik