Hello Habitual!
Sorry for the delay in getting back to you as I have been very busy. I guess this can be a learning experience for the both of us. XD For the most part, I even tried hacking around with the Makefile to see if I could manually insert the flags -IBPB and/or -IBRS. I gave that a try and recompiled. Retpoline was already enabled, but it seemed like that did not work either. One other last ditch effort that I tried was installing stock versions from the Ubuntu repos. Unfortunately, that only made the status show my system vulnerable to all three CVEs and slowed my system down dramatically. I switched back to the kernels that I compiled myself and my system went back to being speedy without a hitch or those two vulnerabilities. It seemed that I was much better off configuring and compiling those kernels myself in Ubuntu to begin with. I just downloaded the latest 4.16.2 sources from kernel.org so that I can compile them myself and see what happens. I will let you all know!
I guess it seems what one guy in a different community I was in said cannot be more true: "Compiling so much stuff yourself in Ubuntu that you might as well use Arch".
Speaking of the whole 18.04 shakeup with the removal of unity and data collection compounded with Ubuntu's/Canonical's whole set of blunders in not really maintaining their stuff properly and getting cozy with Micro$oft, I guess the time is coming soon for me to switch to Fedora or CentOS. Out of curiosity, I ran the script on my i5 laptop running Fedora just to see the results. It wasn't vulnerable to any of the three CVEs! It seems that CentOS/Fedora/Red Hat seem to fix a great many things and holes ahead of others by patching the crap out of their kernels just when they come out. At least they are modern and not ancient! On my honorable relic (the great Core 2 Quad Q6600), I still haven't figured it out yet, but I guess I will keep looking to consider my options. Red Hat/Fedora/CentOS do a far superior job in taking security seriously as well as maintaining their repos properly. Let me know if you come up with anything else that might also be worth a look.
Sincerely,
donald3.heckel