> > > > Can we just hide FRED from guests like what KVM does for other
> > > > features which have similar dependencies? see vmx_set_cpu_caps().
> > >
> > > Both of these warnings should simply be dropped. The
> > > error_on_inconsistent_vmcs_config stuff is for inconsistencies within the
> allowed
> > > VMCS fields. Having a feature that is supported in bare metal but not
> virtualized
> > > is perfectly legal, if uncommon.
> >
> > I deliberately keep it, at least for now, because these checks are helpful
> > during the development of nVMX FRED. It will be helpful for other VMMs
> > being developed/tested on KVM.
>
> No, remove it. It's architecturally legal for a CPU to support a feature in bare
> metal but not provide virtualization support.
Like the stage when native Linux has FRED support while KVM not yet?
> > > What *is* needed is for KVM to refuse to virtualize FRED if the entry/exit
> controls
> > > aren't consistent. E.g. if at least one control is present, and at least one
> > > control is missing. I.e. KVM needs a version of vmcs_entry_exit_pairs that can
> > > deal with SECONDAY_VM_EXIT controls.
> >
> > I agree there are better ways. But maybe after or before VMX FRED.
>
> Uh, no. This is not optional. FRED is the first feature that uses
> SECONDAY_VM_EXIT
> controls, so FRED gets the honor of adding the necessary infrastructure support.
The 2nd VM exit controls is a must for FRED, so I should do it.
I think you mean the consistency checks can be done in a better way (which
is not just for FRED controls consistency checks). No?
Thanks!
Xin
