From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andi Kleen <andi@firstfloor.org>
Subject: Re: [PATCH 1/7] Nested VMX patch 1 implements vmon and vmoff
Date: Sun, 20 Dec 2009 18:08:04 +0100
Message-ID: <87eimpefpn.fsf@basil.nowhere.org>
References: <1260470309-7166-1-git-send-email-oritw@il.ibm.com>
	<1260470309-7166-2-git-send-email-oritw@il.ibm.com>
	<20091220142018.GI4490@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: oritw@il.ibm.com, avi@redhat.com, kvm@vger.kernel.org,
	benami@il.ibm.com, abelg@il.ibm.com, muli@il.ibm.com,
	aliguori@us.ibm.com, mdday@us.ibm.com
To: Gleb Natapov <gleb@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from one.firstfloor.org ([213.235.205.2]:49322 "EHLO
	one.firstfloor.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752452AbZLTRII (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sun, 20 Dec 2009 12:08:08 -0500
In-Reply-To: <20091220142018.GI4490@redhat.com> (Gleb Natapov's message of "Sun, 20 Dec 2009 16:20:18 +0200")
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Gleb Natapov <gleb@redhat.com> writes:
>>  
>> +int nested = 1;
>> +EXPORT_SYMBOL_GPL(nested);

Unless this is a lot better tested and audited wouldn't it make more sense
to default it to off?

I don't think it's a big burden to let users set a special knob for this,
but it would be a big problem if there was some kind of jail break 
hidden in there that could be exploited by malicious guests.

Since VMX was not originally designed to be nested that wouldn't surprise me.

-Andi

-- 
ak@linux.intel.com -- Speaking for myself only.