My scenario: I wanted to use Hyper-V's GPU Partitioning and WSL technology inside a Proxmox Virtual machine so that I could continue using Linux natively while taking advantage of Microsoft's groundbreaking virtualization features.
There is a vulnerability with the Ryzen Processor that allows a nested virtual machine's application to crash the underlying host system and even compromise the host entirely.
Sources:
- https://vulners.com/redhatcve/RH:CVE-2021-3656
- https://lore.kernel.org/kvm/[email protected]%2F/T/
- https://www.reddit.com/r/Proxmox/comments/1cym3pl/nested_virtualization_crashing_ryzen_7000_series/
- https://forum.proxmox.com/threads/stability-issues-with-nested-hyper-v.105780/
Ideally, seeing as this is a vulnerability patched by the kernel, you want to upgrade your kernel, and maybe update your BIOS!
Alternatively, as an insecure workaround, you can add this to your grub boot parameters:
kvm_amd.vls=0 kvm_amd.nested=1 pcie_aspm=off
Those grub boot parameters will at least fix the crashing, but it might not help protect you against the part of the vulnerability that allows guests to compromise the security of the host, upgrading is crucial.