From: Chao Gao <chao.gao@intel.com>
To: Jim Mattson <jmattson@google.com>
Cc: Sean Christopherson <seanjc@google.com>,
Reinette Chatre <reinette.chatre@intel.com>,
<isaku.yamahata@intel.com>, <pbonzini@redhat.com>,
<erdemaktas@google.com>, <vkuznets@redhat.com>,
<vannapurve@google.com>, <mlevitsk@redhat.com>,
<xiaoyao.li@intel.com>, <rick.p.edgecombe@intel.com>,
<kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<chenyi.qiang@intel.com>, Yosry Ahmed <yosry@kernel.org>
Subject: Re: VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX
Date: Fri, 5 Jun 2026 10:56:06 +0800 [thread overview]
Message-ID: <aiI6xge3Ev3PCpUV@intel.com> (raw)
In-Reply-To: <CALMp9eQ17UaAje1DQ7v24U7iKujvnOknY4itQjSqOaKSn_FqBw@mail.gmail.com>
On Thu, Jun 04, 2026 at 02:59:45PM -0700, Jim Mattson wrote:
>?
>
>On Thu, Jun 4, 2026 at 12:58 PM Sean Christopherson <seanjc@google.com> wrote:
>>
>> On Wed, Jun 03, 2026, Jim Mattson wrote:
>> > On Thu, May 14, 2026 at 11:35 PM Chao Gao <chao.gao@intel.com> wrote:
>> > >
>> > > >> EMR158. VMX-Preemption Timer May Expire Earlier With Certain Large Timer Values
>> > > >
>> > > >I assume the same erratum applies to previous generations as well?
>> > >
>> > > Yes.
>> >
>> > This test still fails on our SKX, CLX, and ICX systems.
>> >
>> > Sean,
>> >
>> > Were you thinking of enforcing a cap on delta_tsc in vmx_set_hv_timer()?
>>
>> Heh, to be honest, I wasn't thinking of a whole lot of nothing. Falling back to
>> hrtimers does seem like the easiest solution.
>
>I think vmx_set_hv_timer() should return -EINVAL for values impacted
>by this erratum. However, the only documented issue is for EMR, and we
>have not observed the problem on EMR. That's unsettling.
Could you clarify what tests you ran?
I am using the reproducer from Yuan:
https://lore.kernel.org/kvm/20240708055559.rl4w5xfhj3uru6j2@yy-desk-7060/
I write -1 to the VMX preemption timer, do VM-Enter, and have the guest
execute VMCALL to force a VM-Exit. On VM-Exit, we read back the preemption
timer. The delta should be very small; otherwise, the platform likely has the
same issue.
I tested several platforms, including EMR. The results are consistent with the
erratum, i.e., I observed premature VMX preemption-timer VM-Exits, and the
documented limit did not trigger premature VMX preemption-timer VM-Exits in my
testing.
>
>Chao:
>
>1) Should we just assume that all Intel CPUs are affected?
I think that is reasonable unless we have explicit evidence to exclude specific
parts.
>
>2) Is there any compelling reason not to simplify the limit to 2^25?
We can use 2^25 as a conservative bound, but it is much lower than necessary.
The current bound comes from theoretical analysis and was validated on multiple
platforms.
>
>3) Is it just coincidence that 25 + IA32_VMX_MISC[4:0] (on EMR) == 32,
>or should the limit be calculated as 32 - IA32_VMX_MISC[4:0]?
My understanding is that hardware scales the preemption-timer value and
converts it to a 32-bit core crystal clock counter, rather than directly
using a 32-bit TSC delta. IA32_VMX_MISC[4:0] likely participates in that
calculation.
next prev parent reply other threads:[~2026-06-05 2:56 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-12 18:16 [PATCH V9 0/2] KVM: x86: Make bus clock frequency for vAPIC timer configurable Reinette Chatre
2024-06-12 18:16 ` [PATCH V9 1/2] KVM: selftests: Add x86_64 guest udelay() utility Reinette Chatre
2024-06-28 22:46 ` Sean Christopherson
2024-06-12 18:16 ` [PATCH V9 2/2] KVM: selftests: Add test for configure of x86 APIC bus frequency Reinette Chatre
2024-06-28 22:50 ` Sean Christopherson
2024-06-29 0:39 ` VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX Sean Christopherson
2024-07-03 20:14 ` Reinette Chatre
2024-07-03 21:37 ` Reinette Chatre
2024-07-08 5:55 ` Yuan Yao
2026-05-13 1:31 ` Chao Gao
2026-05-14 21:09 ` Sean Christopherson
2026-05-15 6:34 ` Chao Gao
2026-06-04 5:09 ` Jim Mattson
2026-06-04 19:58 ` Sean Christopherson
2026-06-04 21:59 ` Jim Mattson
2026-06-05 2:56 ` Chao Gao [this message]
2026-06-05 5:34 ` Jim Mattson
2026-06-05 5:56 ` Chao Gao
2024-06-28 22:55 ` [PATCH V9 0/2] KVM: x86: Make bus clock frequency for vAPIC timer configurable Sean Christopherson
2024-06-29 0:10 ` Reinette Chatre
2024-07-10 15:42 ` Sean Christopherson
2024-07-10 17:14 ` Reinette Chatre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aiI6xge3Ev3PCpUV@intel.com \
--to=chao.gao@intel.com \
--cc=chenyi.qiang@intel.com \
--cc=erdemaktas@google.com \
--cc=isaku.yamahata@intel.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=vannapurve@google.com \
--cc=vkuznets@redhat.com \
--cc=xiaoyao.li@intel.com \
--cc=yosry@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.