Might be good to add https://github.com/linux-scraping/linux-grsecurity/commit/31e606aa9da683109cee72d45c9cda60992f01dc to https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F
This will be reverted once the VirtualBox devs stop disabling
SMAP unnecessarily, which seems like it will happen never.
Anyone who cares about security of their host system shouldn’t
use VirtualBox, as it already precludes the use of KERNEXEC, UDEREF, and RANDKSTACK.