Crash KVM hypervisor

When installing the latest version of Avast Antivirus (Free) on Windows 10 that runs in a KVM hypervisor, the whole hypervisor will crash or freeze.

This is fully reproducible.

I don’t know how Avast manages to break out of the VM and tap into the hypervisor, but this is a horrible nightmarishly critical issue.

Same here.
Xbuntu 16.10 64-bit.
libvirtd (libvirt) 2.1.0
qemu-x86_64 version 2.6.1 (Debian 1:2.6.1+dfsg-0ubuntu5.1)
Using VirtIO drivers for the virtual HDD

Confirmed kills on Win 7 x64 as well as Win 8.1 x64 guests.
Once Avast is installed the host machine (Laptop) will hang and will have to be killed with a hard shut-down (long pwr-button press).

After rebooting KVM host and trying to start the Windows guest everything freezes again.

I suggest to submit a support package so avast can have a look at it.

https://www.avast.com/faq.php?article=AVKB33

This is probably nested virtualization issue. I agree this issue is critical, but it is a KVM issue. As workaround, please just disable nested virtualization support in KVM.

I was able to boot the affected Win 8.1 guest in safe mode and uninstall Avast.
Everything worked fine after that.


I also confirmed that disabling nested virtualization makes it work.

Following guidelines from here
https://kashyapc.com/2012/01/14/nested-virtualization-with-kvm-intel/

I verified first that it was enabled

cat /sys/module/kvm_intel/parameters/nested

Y

-or-

systool -m kvm_intel -v | grep -i nested

nested              = "Y"

On my Xubuntu 16.10 I disabled it by editing file
/etc/modprobe.d/qemu-system-x86.conf

Changing setting
options kvm_intel nested=1
to
options kvm_intel nested=0

After rebooting the host PC I booted the Win 8.1 guest and installed Avast.
Everything worked fine.

I then re-enabled nested virtualization and rebooted the host PC.
Starting the Win 8.1 guest with Avast installed once again froze everything.

Thank you for verification sigbee. The Avast hypervisor will not try to use virtualization extensions of CPU when running under KVM. From next Avast release.