From: Chao Gao <chao.gao@intel.com>
To: Jim Mattson <jmattson@google.com>
Cc: Sean Christopherson <seanjc@google.com>,
Reinette Chatre <reinette.chatre@intel.com>,
<isaku.yamahata@intel.com>, <pbonzini@redhat.com>,
<erdemaktas@google.com>, <vkuznets@redhat.com>,
<vannapurve@google.com>, <mlevitsk@redhat.com>,
<xiaoyao.li@intel.com>, <rick.p.edgecombe@intel.com>,
<kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<chenyi.qiang@intel.com>, Yosry Ahmed <yosry@kernel.org>
Subject: Re: VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX
Date: Fri, 5 Jun 2026 13:56:18 +0800 [thread overview]
Message-ID: <aiJlAhqnU0lwOAcG@intel.com> (raw)
In-Reply-To: <CALMp9eTXLcDNAjjcsuo_nqjowk33yA58fjYZbz_Lqytn07RM-g@mail.gmail.com>
On Thu, Jun 04, 2026 at 10:34:40PM -0700, Jim Mattson wrote:
>> >
>> >I think vmx_set_hv_timer() should return -EINVAL for values impacted
>> >by this erratum. However, the only documented issue is for EMR, and we
>> >have not observed the problem on EMR. That's unsettling.
>>
>> Could you clarify what tests you ran?
>
>Just tools/testing/selftests/kvm/x86/apic_bus_clock_test.
>
>It fails on SKX, CLX, and ICX. It passes on SPR, EMR, and GMR.
Thanks. In that case, that test likely does not trigger the issue.
>> >2) Is there any compelling reason not to simplify the limit to 2^25?
>>
>> We can use 2^25 as a conservative bound, but it is much lower than necessary.
>> The current bound comes from theoretical analysis and was validated on multiple
>> platforms.
>
>Yes, but how often do guests program their local APIC timer to fire
>more than 2^(25 + IA32_VMX_MISC[4:0]) cycles in the future?
I had interpreted your earlier question as referring to the erratum write-up
itself (i.e., why Intel did not publish 2^25 directly as the limit).
If we are talking about the VMM implementation, this should indeed be rare. I
do not see a strong reason KVM could not use 2^25 as a conservative limit.
>
>> >
>> >3) Is it just coincidence that 25 + IA32_VMX_MISC[4:0] (on EMR) == 32,
>> >or should the limit be calculated as 32 - IA32_VMX_MISC[4:0]?
>>
>> My understanding is that hardware scales the preemption-timer value and
>> converts it to a 32-bit core crystal clock counter, rather than directly
>> using a 32-bit TSC delta. IA32_VMX_MISC[4:0] likely participates in that
>> calculation.
>
>That doesn't definitively answer my question. Let me try to rephrase it.
>
>With respect to EMR, you wrote previously, "A mitigation for this
>erratum is for software to program the VMX preemption timer for values
>below 2^25 * CPUID.15H:EBX[31:0] / CPUID.15H:EAX[31:0]."
>
>My question is whether the exponent, 25, is a fixed value for all
>CPUs, regardless of their IA32_VMX_MISC[4:0]. It sounds like you are
>saying that the exponent may depend on IA32_VMX_MISC[4:0].
Let me double-check this with the internal team and get back to you.
next prev parent reply other threads:[~2026-06-05 5:56 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-12 18:16 [PATCH V9 0/2] KVM: x86: Make bus clock frequency for vAPIC timer configurable Reinette Chatre
2024-06-12 18:16 ` [PATCH V9 1/2] KVM: selftests: Add x86_64 guest udelay() utility Reinette Chatre
2024-06-28 22:46 ` Sean Christopherson
2024-06-12 18:16 ` [PATCH V9 2/2] KVM: selftests: Add test for configure of x86 APIC bus frequency Reinette Chatre
2024-06-28 22:50 ` Sean Christopherson
2024-06-29 0:39 ` VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX Sean Christopherson
2024-07-03 20:14 ` Reinette Chatre
2024-07-03 21:37 ` Reinette Chatre
2024-07-08 5:55 ` Yuan Yao
2026-05-13 1:31 ` Chao Gao
2026-05-14 21:09 ` Sean Christopherson
2026-05-15 6:34 ` Chao Gao
2026-06-04 5:09 ` Jim Mattson
2026-06-04 19:58 ` Sean Christopherson
2026-06-04 21:59 ` Jim Mattson
2026-06-05 2:56 ` Chao Gao
2026-06-05 5:34 ` Jim Mattson
2026-06-05 5:56 ` Chao Gao [this message]
2024-06-28 22:55 ` [PATCH V9 0/2] KVM: x86: Make bus clock frequency for vAPIC timer configurable Sean Christopherson
2024-06-29 0:10 ` Reinette Chatre
2024-07-10 15:42 ` Sean Christopherson
2024-07-10 17:14 ` Reinette Chatre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aiJlAhqnU0lwOAcG@intel.com \
--to=chao.gao@intel.com \
--cc=chenyi.qiang@intel.com \
--cc=erdemaktas@google.com \
--cc=isaku.yamahata@intel.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=vannapurve@google.com \
--cc=vkuznets@redhat.com \
--cc=xiaoyao.li@intel.com \
--cc=yosry@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.