Re: VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX

Re: VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX

[Chao Gao]

On Fri, Jun 28, 2024 at 05:39:47PM -0700, Sean Christopherson wrote:
>This test fails on our SKX, CLX, and ICX systems due to what appears to be a CPU
>bug.  It looks like something APICv related is clobbering internal VMX timer state?
>Or maybe there's a tearing or truncation issue?
>
>As mentioned ad nauseum at this point, I'm offline all of next week, so hopefully
>there's enough info here to get a root cause...
>
>
>A spurious VM-Exit will occur after programming a vmcs.PREEMPTION_TIMER_VALUE that
>shouldn't exit.  Every observed failure occurs when bits 27:16 are zero, with a
>small value in bits 15:0, e.g. VM-Enter with a timer value of 0xe0003bf7 or
>0xa0006db6 will cause a near-immediate VM-Exit.

This behavior is documented as a CPU erratum. See
https://cdrdv2.intel.com/v1/dl/getContent/793902

EMR158. VMX-Preemption Timer May Expire Earlier With Certain Large Timer Values

Problem: When the VMX-preemption timer is programmed with certain large values,
the timer may expire earlier than expected. Actual values vary by platform and Time
Stamp Counter (TSC) frequency.

Implication: Due to this erratum, software that relies on long duration VMXpreemption
timers may observe VM exits significantly earlier than the programmed
interval. Intel has not observed this erratum with any commercially available software.

Workaround: A mitigation for this erratum is for software to program the VMXpreemption
timer for values below 2^25 × CPUID.15H:EBX[31:0] / CPUID.15H:EAX[31:0].

Re: VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX

[Sean Christopherson]

On Wed, May 13, 2026, Chao Gao wrote:
> On Fri, Jun 28, 2024 at 05:39:47PM -0700, Sean Christopherson wrote:
> >This test fails on our SKX, CLX, and ICX systems due to what appears to be a CPU
> >bug.  It looks like something APICv related is clobbering internal VMX timer state?
> >Or maybe there's a tearing or truncation issue?
> >
> >As mentioned ad nauseum at this point, I'm offline all of next week, so hopefully
> >there's enough info here to get a root cause...
> >
> >
> >A spurious VM-Exit will occur after programming a vmcs.PREEMPTION_TIMER_VALUE that
> >shouldn't exit.  Every observed failure occurs when bits 27:16 are zero, with a
> >small value in bits 15:0, e.g. VM-Enter with a timer value of 0xe0003bf7 or
> >0xa0006db6 will cause a near-immediate VM-Exit.
> 
> This behavior is documented as a CPU erratum. See
> https://cdrdv2.intel.com/v1/dl/getContent/793902

Ha!

> EMR158. VMX-Preemption Timer May Expire Earlier With Certain Large Timer Values

I assume the same erratum applies to previous generations as well?

Thanks much for following up on this!

> Problem: When the VMX-preemption timer is programmed with certain large values,
> the timer may expire earlier than expected. Actual values vary by platform and Time
> Stamp Counter (TSC) frequency.
> 
> Implication: Due to this erratum, software that relies on long duration VMXpreemption
> timers may observe VM exits significantly earlier than the programmed
> interval. Intel has not observed this erratum with any commercially available software.
> 
> Workaround: A mitigation for this erratum is for software to program the VMXpreemption
> timer for values below 2^25 × CPUID.15H:EBX[31:0] / CPUID.15H:EAX[31:0].

Re: VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX

[Chao Gao]

>> EMR158. VMX-Preemption Timer May Expire Earlier With Certain Large Timer Values
>
>I assume the same erratum applies to previous generations as well?

Yes.