Re: [PATCH v3 00/27] KVM: combined patchset for MBEC/GMET support

[Jon Kohler]

> On Apr 15, 2026, at 3:06 AM, David Riley <d.riley@xxxxxxxxxxx> wrote:
> 
> Hi Paolo, Jon,
> 
> Thanks to Paolo for sending the new patch series (v3), and to Jon
> for the feedback on my previous test.
> 
> I have once again tested this patchset (v3) on both Intel and AMD
> platforms using Proxmox VE (based on Debian Trixie) with a Windows
> Server guest (24H2, Build 26100.1742).
> 
> The focus of the tests were live migrations between different hosts
> (Intel <-> Intel & AMD <-> AMD).
> 
> All tests used the same base setup:
> 
> Kernel: mainline 7.0.0-rc7 (with MBEC/GMET v3 patches applied)
> QEMU: our downstream QEMU build based on 10.2.1, plus Jon's patches
> virtio-win: 0.1.271
> 
> Windows Guest:
> For the guest setup I enabled Virtualization-Based Security (VBS)
> and Hypervisor-Protected Code Integrity (HVCI).
> 
> I set the following in the Group Policy Editor (DeviceGuard):
> * Select Platform Security Level: Secure Boot
> * Virtualization Based Protection of Code Integrity: Enabled without
>   lock
> * Require UEFI Memory Attributes Table: Checked
> 
> Hosts:
> Intel Nodes:
>    CPU: Intel(R) Xeon(R) Gold 6426Y
> 
> AMD Nodes:
>    CPU: AMD EPYC 7302P
> 
> 
> I tested the following:
> 
> 1. Intel without Hyper-V Enlightenments:
> 
> QEMU CPU options: -cpu 'host,+kvm_pv_eoi,+kvm_pv_unhalt,level=30'
> AvailableSecurityProperties [0]:  1,2,4,5,7
> 
> Security Property 7 indicates MBEC/GMET support. [0]
> 
> I migrated the virtual guest between the two Intel hosts whilst
> running Cinebench R32.200. No issues were found, but the VM does not
> perform well without Hyper-V Enlightenments.
> 
> 2. Intel with Hyper-V Enlightenments:
> 
> QEMU CPU options: -cpu 'host,+hv-evmcs,+hv-ipi,+hv-relaxed,
>   +hv-runtime,hv-spinlocks=0x1fff,+hv-stimer,+hv-synic,+hv-time,
> +hv-tlbflush,+hv-tlbflush-ext,+hv-vapic,+hv-vpindex,+hv-xmm-input,
>   +kvm_pv_eoi,+kvm_pv_unhalt,level=30,+vmx-mbec'
> 
> AvailableSecurityProperties [0]: 1,2,4,5,7
> 
> I again migrated the virtual machine between the two Intel hosts
> whilst running Cinebench R32.200. No issues were found, but the VM
> performs significantly better with Hyper-V Enlightenments set.
> 
> 3. AMD without Hyper-V Enlightenments:
> 
> QEMU CPU options: -cpu 'host,+kvm_pv_eoi,+kvm_pv_unhalt,level=30'
> 
> AvailableSecurityProperties [0]: 1,2,4,5,7
> 
> I migrated the virtual machine between the two AMD hosts whilst
> running Cinebench R32.200. No issues were found.
> 
> 4. AMD with Hyper-V Enlightenments:
> 
> QEMU CPU options: -cpu 'host,+gmet,+hv-emsr-bitmap,+hv-ipi,
> +hv-relaxed,+hv-runtime,hv-spinlocks=0x1fff,+hv-stimer,+hv-synic,
>   +hv-time,+hv-tlbflush,+hv-tlbflush-ext,+hv-vapic,+hv-vpindex,
>   +hv-xmm-input,+kvm_pv_eoi,+kvm_pv_unhalt,level=30'
> 
> AvailableSecurityProperties [0]: 1,2,4,5,7
> 
> I again migrated the virtual machine between the two AMD hosts whilst
> running Cinebench R32.200. I have not found any issues.
> 
> Tested-by: David Riley <d.riley@xxxxxxxxxxx>

Great! Thanks for testing these various permutations out, that’s
a very helpful datapoint. 

For posterity, we’ve also done a similar round of testing on both
AMD/Intel and knock on wood, things are holding up nicely, with
no trouble reports from QA as of yet (more knocking on wood).