Mirroring the feedback I got on the mailing list. Potentially we could add the missing bit to the required part of the 3.2 kvm-intel module. But then the comments about support and security make me wonder whether we really want to. There seems to be quite a bit of work to get even 3.13 (Trusty) into shape. Leave alone 3.2...
Paolo Bonzini wrote: > Because if we wanted to make 3.14 nested VMX stable-ish we would need > several more, at least these: > > KVM: nVMX: fix lifetime issues for vmcs02 > KVM: nVMX: clean up nested_release_vmcs12 and code around it > KVM: nVMX: Rework interception of IRQs and NMIs > KVM: nVMX: Do not inject NMI vmexits when L2 has a pending > interrupt > KVM: nVMX: Disable preemption while reading from shadow VMCS > > and for 3.13: > > KVM: nVMX: Leave VMX mode on clearing of feature control MSR > > There are also several L2-crash-L1 bugs too in Nadav Amit's patches. > > Basically, nested VMX was never considered stable-worthy. Perhaps > that can change soon---but not retroactively. > > So I'd rather avoid giving false impressions of the stability of nVMX > in 3.14. > > Even if we considered nVMX stable, I'd _really_ not want to consider > the L1<->L2 boundary a secure one for a longer time. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1431473 Title: kvm_intel (nested) module will not load [Input/output error] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1431473/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
