Re: VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX

[Sean Christopherson <seanjc@google.com>]

On Wed, May 13, 2026, Chao Gao wrote:
> On Fri, Jun 28, 2024 at 05:39:47PM -0700, Sean Christopherson wrote:
> >This test fails on our SKX, CLX, and ICX systems due to what appears to be a CPU
> >bug.  It looks like something APICv related is clobbering internal VMX timer state?
> >Or maybe there's a tearing or truncation issue?
> >
> >As mentioned ad nauseum at this point, I'm offline all of next week, so hopefully
> >there's enough info here to get a root cause...
> >
> >
> >A spurious VM-Exit will occur after programming a vmcs.PREEMPTION_TIMER_VALUE that
> >shouldn't exit.  Every observed failure occurs when bits 27:16 are zero, with a
> >small value in bits 15:0, e.g. VM-Enter with a timer value of 0xe0003bf7 or
> >0xa0006db6 will cause a near-immediate VM-Exit.
> 
> This behavior is documented as a CPU erratum. See
> https://cdrdv2.intel.com/v1/dl/getContent/793902

Ha!

> EMR158. VMX-Preemption Timer May Expire Earlier With Certain Large Timer Values

I assume the same erratum applies to previous generations as well?

Thanks much for following up on this!

> Problem: When the VMX-preemption timer is programmed with certain large values,
> the timer may expire earlier than expected. Actual values vary by platform and Time
> Stamp Counter (TSC) frequency.
> 
> Implication: Due to this erratum, software that relies on long duration VMXpreemption
> timers may observe VM exits significantly earlier than the programmed
> interval. Intel has not observed this erratum with any commercially available software.
> 
> Workaround: A mitigation for this erratum is for software to program the VMXpreemption
> timer for values below 2^25 × CPUID.15H:EBX[31:0] / CPUID.15H:EAX[31:0].