From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Khushit Shah <khushit.shah@nutanix.com>
Cc: "seanjc@google.com" <seanjc@google.com>,
"pbonzini@redhat.com"
<pbonzini@redhat.com>,"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Shaju Abraham <shaju.abraham@nutanix.com>
Subject: Re: [BUG] [KVM/VMX] Level triggered interrupts mishandled on Windows w/ nested virt(Credential Guard) when using split irqchip
Date: Mon, 08 Sep 2025 12:05:47 +0300 [thread overview]
Message-ID: <87a535fh5g.fsf@redhat.com> (raw)
In-Reply-To: <7D497EF1-607D-4D37-98E7-DAF95F099342@nutanix.com>
Khushit Shah <khushit.shah@nutanix.com> writes:
[trimmed 'Cc' list a bit]
> [1.] One line summary:
> [KVM/VMX] Level triggered interrupts mishandled on Windows w/ nested virt(Credential Guard) when using split irqchip
>
> [2.] Problem/Report:
> When running Windows with Credential Guard enabled and with split-irqchip, level triggered interrupts are not properly forwarded to L2 (Credential Guard) by L1 (Windows), instead L1 EOIs the interrupt. Which leads to extremely slow Windows boot time. This issue is only seen on Intel + split-irqchip. Intel + kernel-irqchip, AMD + (kernel/split)-irqchip works fine.
>
> Qemu command used to create the vm:
> /usr/libexec/qemu-kvm \
> -machine q35,accel=kvm,smm=on,usb=off,acpi=on,kernel-irqchip=split \
> -cpu host,+vmx,+invpcid,+ssse3,+aes,+xsave,+xsaveopt,+xgetbv1,+xsaves,+rdtscp,+tsc-deadline \
Is there a specific reason to not enable any Hyper-V enlightenments for
your guest? For nested cases, features like Enightended VMCS
('hv-evmcs'), 'hv-vapic', 'hv-apicv', ... can change Windows's behavior
a lot. I'd even suggest you start with 'hv-passthrough' to see if the
slowness goes away and if yes, then try to find the required set of
options you can use in your setup.
> -m 20G -smp 1 \
Single CPU Windows guests are always very slow, doubly so when running
nested.
...
--
Vitaly
next prev parent reply other threads:[~2025-09-08 9:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-05 15:26 [BUG] [KVM/VMX] Level triggered interrupts mishandled on Windows w/ nested virt(Credential Guard) when using split irqchip Khushit Shah
2025-09-08 9:05 ` Vitaly Kuznetsov [this message]
2025-09-08 11:19 ` Khushit Shah
2025-09-08 11:42 ` Vitaly Kuznetsov
2025-09-09 10:34 ` Khushit Shah
2025-09-10 8:34 ` Vitaly Kuznetsov
2025-09-10 9:39 ` David Woodhouse
2025-09-18 16:05 ` Khushit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a535fh5g.fsf@redhat.com \
--to=vkuznets@redhat.com \
--cc=khushit.shah@nutanix.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=shaju.abraham@nutanix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox