[PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode.

[Matthew Garrett]

On Fri, Nov 29, 2019 at 10:50 PM Matt Parnell <mparnell at gmail.com> wrote:
> For Intel CPUs, some of the MDS mitigations utilize the new "flush" MSR, and
> while this isn't something normally used in userspace, it does cause false
> positives for the "Forshadow" vulnerability.

The msr interface is pretty terrible - it exposes a consistent
interface over very inconsistent CPUs. Where there's CPU functionality
that's implemented via MSRs it makes sense to expose that over a
separate kernel interface.