HackerLangs
TopNewTrendsCommentsPastAskShowJobs

bonzini

9,490 karmajoined hace 15 años

Submissions

IBM Announces Strategic Collaboration with Arm

newsroom.ibm.com
282 points·by bonzini·hace 3 meses·191 comments

comments

bonzini
·hace 15 horas·discuss
There are two ways to run the Libvirt daemon, which are unprivileged and privileged aka system. You are using unprivileged mode, the parent is using system mode which is more powerful and provides better isolation but does hide stuff in /var.

For example, running QEMU as its own user and using PCI passthrough is only possible with the system daemon.

You also need the system daemon to set up bridged networking, though the unprivileged daemon can use it through a setuid helper.
bonzini
·hace 15 horas·discuss
Red Hat is still using and developing libvirt (though the user facing layer is Kubevirt instead of oVirt) and virt-install, and even though virt-manager is not growing new features libvirt takes backwards compatibility extremely seriously, so new libvirt works with relatively old virt-manager.
bonzini
·anteayer·discuss
Much less if you consider buy vs build+maintain.
bonzini
·hace 3 días·discuss
Point taken, I didn't go as far as scrolling comments and only checked the user page. Apologies to dataviz1000.
bonzini
·hace 3 días·discuss
Maybe, or maybe there is no yacht and no 2 star restaurant. Since your profile doesn't have any personal info (which is certainly your right, mind) I have only one data point and it tilts towards the latter.
bonzini
·hace 3 días·discuss
It's spelled osso buco though.
bonzini
·hace 3 días·discuss
On POWER, LPARs and the first level of hypervisor do not use any LPAR-specific nesting support in the processor. It's all handled by the firmware, not the hardware.
bonzini
·hace 3 días·discuss
If you're a cloud provider, it's all hands on deck.

For everyone else it's dangerous enough to look seriously at getting an updated kernel or apply mitigations, especially since those are easy (disable nested virtualization, only requires restarting guests). Note that this is true even if you're not running guests, having a user running untrusted code and with access to /dev/kvm is enough.

If you're not running anything untrusted, you probably won't be affected but probably should still look at getting an updated kernel or apply mitigations.

It's the worst class of vulnerabilities for KVM in many years (this is the third variant, after CVE-2026-23401 which is a bit different and not guest teiggerable, and 46113 which I have already mentioned and is basically the same bug as this one), on the other hand it also says something about KVM that nothing similar was found in so many years. It's interesting that while this one was found with AI the first two were found with old school (albeit very sophisticated) fuzzing.
bonzini
·hace 4 días·discuss
That's exactly the same as x86. Nested virtualization support is almost entirely in the hypervisor.
bonzini
·hace 4 días·discuss
No, even s390 needs shadow paging.

Intel and AMD both have some small amount of acceleration of nested virtualization, respectively with shadow VMCS and virtualized VMLOAD/VMSAVE.
bonzini
·hace 4 días·discuss
KVM maintainer here, yes it is.
bonzini
·hace 4 días·discuss
Yes you can disable it via kernel module parameters kvm_intel.nested=0 or kvm_amd.nested=0.
bonzini
·hace 4 días·discuss
In that case you'd have to combine this vulnerability with a local privilege escalation to reach guest kernel mode.

Also the vulnerability requires enabling nested virtualization on the VM.
bonzini
·hace 4 días·discuss
KVM maintainer here.

For what it's worth, this is a variant of a vulnerability discovered via fuzzing last April, CVE-2026-46113.
bonzini
·hace 5 días·discuss
The initial definition of the meter would have been such that g=pi^2. It was then adjusted but enough for it to remain an interesting (if not too good) approximation.
bonzini
·hace 7 días·discuss
> If AI accelerates productive development like with software, move the objectives up the ladder in complexity, or expectations.

The problem is that the purpose of group projects is (besides practicing programming) to facilitate learning together, splitting tasks, discussing approaches, presenting the outcome. Doing these requires understanding what's going on, and if you just vibe code everything you don't have enough knowledge to experience the soft-skill parts of the work.
bonzini
·hace 7 días·discuss
For what it's worth, my understanding is that fentanyl is pretty bad as a recreational drug, which is why it started as a scam for people looking for heroin. It's too strong as an anesthetic and the effect lasts very little.
bonzini
·hace 7 días·discuss
Both things can be true at the same time. The article mention switching to shorter reports and oral discussion but other courses may not have the luxury, especially the introductory ones.
bonzini
·hace 10 días·discuss
Forest-related is "forestale" in Italian.
bonzini
·hace 12 días·discuss
Interestingly, here in Italy a substantial part of grades in Italian classes is exactly in-class written essays.