From: Chao Gao <chao.gao@intel.com>
To: Jim Mattson <jmattson@google.com>
Cc: Sean Christopherson <seanjc@google.com>,
Reinette Chatre <reinette.chatre@intel.com>,
<isaku.yamahata@intel.com>, <pbonzini@redhat.com>,
<erdemaktas@google.com>, <vkuznets@redhat.com>,
<vannapurve@google.com>, <mlevitsk@redhat.com>,
<xiaoyao.li@intel.com>, <rick.p.edgecombe@intel.com>,
<kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<chenyi.qiang@intel.com>, Yosry Ahmed <yosry@kernel.org>
Subject: Re: VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX
Date: Fri, 5 Jun 2026 10:56:06 +0800 [thread overview]
Message-ID: <aiI6xge3Ev3PCpUV@intel.com> (raw)
In-Reply-To: <CALMp9eQ17UaAje1DQ7v24U7iKujvnOknY4itQjSqOaKSn_FqBw@mail.gmail.com>
On Thu, Jun 04, 2026 at 02:59:45PM -0700, Jim Mattson wrote:
>?
>
>On Thu, Jun 4, 2026 at 12:58 PM Sean Christopherson <seanjc@google.com> wrote:
>>
>> On Wed, Jun 03, 2026, Jim Mattson wrote:
>> > On Thu, May 14, 2026 at 11:35 PM Chao Gao <chao.gao@intel.com> wrote:
>> > >
>> > > >> EMR158. VMX-Preemption Timer May Expire Earlier With Certain Large Timer Values
>> > > >
>> > > >I assume the same erratum applies to previous generations as well?
>> > >
>> > > Yes.
>> >
>> > This test still fails on our SKX, CLX, and ICX systems.
>> >
>> > Sean,
>> >
>> > Were you thinking of enforcing a cap on delta_tsc in vmx_set_hv_timer()?
>>
>> Heh, to be honest, I wasn't thinking of a whole lot of nothing. Falling back to
>> hrtimers does seem like the easiest solution.
>
>I think vmx_set_hv_timer() should return -EINVAL for values impacted
>by this erratum. However, the only documented issue is for EMR, and we
>have not observed the problem on EMR. That's unsettling.
Could you clarify what tests you ran?
I am using the reproducer from Yuan:
https://lore.kernel.org/kvm/20240708055559.rl4w5xfhj3uru6j2@yy-desk-7060/
I write -1 to the VMX preemption timer, do VM-Enter, and have the guest
execute VMCALL to force a VM-Exit. On VM-Exit, we read back the preemption
timer. The delta should be very small; otherwise, the platform likely has the
same issue.
I tested several platforms, including EMR. The results are consistent with the
erratum, i.e., I observed premature VMX preemption-timer VM-Exits, and the
documented limit did not trigger premature VMX preemption-timer VM-Exits in my
testing.
>
>Chao:
>
>1) Should we just assume that all Intel CPUs are affected?
I think that is reasonable unless we have explicit evidence to exclude specific
parts.
>
>2) Is there any compelling reason not to simplify the limit to 2^25?
We can use 2^25 as a conservative bound, but it is much lower than necessary.
The current bound comes from theoretical analysis and was validated on multiple
platforms.
>
>3) Is it just coincidence that 25 + IA32_VMX_MISC[4:0] (on EMR) == 32,
>or should the limit be calculated as 32 - IA32_VMX_MISC[4:0]?
My understanding is that hardware scales the preemption-timer value and
converts it to a 32-bit core crystal clock counter, rather than directly
using a 32-bit TSC delta. IA32_VMX_MISC[4:0] likely participates in that
calculation.
next prev parent reply other threads:[~2026-06-05 2:56 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-12 18:16 [PATCH V9 0/2] KVM: x86: Make bus clock frequency for vAPIC timer configurable Reinette Chatre
2024-06-12 18:16 ` [PATCH V9 1/2] KVM: selftests: Add x86_64 guest udelay() utility Reinette Chatre
2024-06-28 22:46 ` Sean Christopherson
2024-06-12 18:16 ` [PATCH V9 2/2] KVM: selftests: Add test for configure of x86 APIC bus frequency Reinette Chatre
2024-06-28 22:50 ` Sean Christopherson
2024-06-29 0:39 ` VMX Preemption Timer appears to be buggy on SKX, CLX, and ICX Sean Christopherson
2024-07-03 20:14 ` Reinette Chatre
2024-07-03 21:37 ` Reinette Chatre
2024-07-08 5:55 ` Yuan Yao
2026-05-13 1:31 ` Chao Gao
2026-05-14 21:09 ` Sean Christopherson
2026-05-15 6:34 ` Chao Gao
2026-06-04 5:09 ` Jim Mattson
2026-06-04 19:58 ` Sean Christopherson
2026-06-04 21:59 ` Jim Mattson
2026-06-05 2:56 ` Chao Gao [this message]
2026-06-05 5:34 ` Jim Mattson
2026-06-05 5:56 ` Chao Gao
2024-06-28 22:55 ` [PATCH V9 0/2] KVM: x86: Make bus clock frequency for vAPIC timer configurable Sean Christopherson
2024-06-29 0:10 ` Reinette Chatre
2024-07-10 15:42 ` Sean Christopherson
2024-07-10 17:14 ` Reinette Chatre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aiI6xge3Ev3PCpUV@intel.com \
--to=chao.gao@intel.com \
--cc=chenyi.qiang@intel.com \
--cc=erdemaktas@google.com \
--cc=isaku.yamahata@intel.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=vannapurve@google.com \
--cc=vkuznets@redhat.com \
--cc=xiaoyao.li@intel.com \
--cc=yosry@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox