On 08/16/2016 02:23 AM, Lars Bull wrote: [...] > We've done the following work on this front: [...] Thanks for doing this. Are the tests closed or public? Would it make sense to also use these for others archslike s390/ppc (lets say with less effort than a rewrite) or is this really x86-specific code? > Our testing was focused primarily on security of the host from both > guest levels rather than the security of L1 and did not check for > correctness. We are fairly confident after this work that nested VMX > doesn't present a significant increase in risk for the host. We're > curious what the next steps should be in getting this considered > production-ready. Are there any plans to do L2->L1 testing? If we cannot be sure that L2 does not violate the integrity of L1, we certainly cannot enable that by default. (to make it more obvious, would you buy a hypervisor that provides a "give-me-root" interface for its guests. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
