Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in... | linux-security-module

[PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-11-30
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Kees Cook <hidden> · 2019-11-30
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-11-30
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-12-01
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-12-02
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Jordan Glover <hidden> · 2019-12-02
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-12-02
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matthew Garrett <hidden> · 2019-12-02
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-12-02
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-12-03
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matthew Garrett <hidden> · 2019-12-03
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-12-03
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-12-03
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-12-03
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matthew Garrett <hidden> · 2019-12-02
Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode. · Matt Parnell <hidden> · 2019-12-02

Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode.

From: Matthew Garrett <hidden>
Date: 2019-12-02 19:43:59

On Fri, Nov 29, 2019 at 10:50 PM Matt Parnell [off-list ref] wrote:

For Intel CPUs, some of the MDS mitigations utilize the new "flush" MSR, and
while this isn't something normally used in userspace, it does cause false
positives for the "Forshadow" vulnerability.

The msr interface is pretty terrible - it exposes a consistent
interface over very inconsistent CPUs. Where there's CPU functionality
that's implemented via MSRs it makes sense to expose that over a
separate kernel interface.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help