Gleb Natapov <gleb@xxxxxxxxxx> writes: >> >> +int nested = 1; >> +EXPORT_SYMBOL_GPL(nested); Unless this is a lot better tested and audited wouldn't it make more sense to default it to off? I don't think it's a big burden to let users set a special knob for this, but it would be a big problem if there was some kind of jail break hidden in there that could be exploited by malicious guests. Since VMX was not originally designed to be nested that wouldn't surprise me. -Andi -- ak@xxxxxxxxxxxxxxx -- Speaking for myself only. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
