[rkhunter]

I think this situation not correct... When OS installing to machine, it configures system files (like ntdll) for using int 2e or sysenter.

[madaboo]

OK then I've got next question:

1. Assuming that above situation is not correct - so let's assume that all processors/cores have to suport same instructions: int2e OR systenter. In this situation I don't see the reason to check msr/idtr on each cpu - shouldn't be enough calling __readmsr just from same thread as driver is going (without creating system thrread and setting affinity thread)?

2. Do you think that algo for checking which instruction is supported by current system should go somehow like this:
- __readmsr to varA
- if varA == 0 - then system is using int 2e
- if varA != 0 then system is uisng sysenter.

Thank you so much for coming to this discussion! I really appreciate this :)

[rkhunter]

1. With calling readmsr without thread affinity give you result only for current processor, is obvious (this handlers/registers processors-depends)
2. Look definition of cpuid instruction from Intel Vol 2a that will give answer for you.