High VM-EXIT and Host CPU usage on idle with Windows Server 2025

[Upstairs_Cycle384]

According to the readme [0], stable should kinda match the most recent Red Hat Enterprise Linux release. Seems like November was the last one!?

On Fedora People, the last release was from November 2025.

On Rocky Linux, the last release was from March 24th 2026.

The `release-drivers-versions.txt` in the Rocky Linux RPM outlines the various versions of the drivers shipped in their version of the ISO.

I skimmed through it. The latest is driver build is 0.1.297 on Rocky Linux. This is newer than 0.1.285 on Fedora People. Additionally, the tools are newer -- The qemu guest agent for Windows is from Feb 19th 2026.

 

[Upstairs_Cycle384]

I narrowed it down to this new property (8):
AvailableSecurityProperties: 1,2,4,5,7,8
"8, If present, APIC virtualization is available."
see: Enable virtualization-based protection of code integrity

I'm not sure how you guys got APIC virtualization enabled. on my EPYC Milan, I only have 1, 2, 5, and 7. Is anyone seeing 8 on Zen3 or above or is that just showing up for Intel users?

I've been trying to trigger APIC virtualization so I can generate a BSOD dump on my end. I've been trying a bunch of stuff between settings in the bios, kvm_amd parameters, and vm conf file changes.

My motherboard is a bit unique in that I do have AVIC forced enabled "force_avic=Y" if that's somehow a factor in preventing APIC virtualization from showing up on the guest

 

[prinskarnatie]

I'm in a similar situation with Zen5 9955HX. I also had to go the force_avic=Y route. I did add the +hv-avic cpu flag, but propery 8 not showing in the Windows VM .

 

[Upstairs_Cycle384]

I'm in a similar situation with Zen5 9955HX. I also had to go the force_avic=Y route. I did add the +hv-avic cpu flag, but propery 8 not showing in the Windows VM .

Can you post the output of:

dmesg | grep AMD-Vi

 

[prinskarnatie]

Can you post the output of:

dmesg | grep AMD-Vi

I'm on kernel 7.0.0-3-pve and stock pve-qemu (unpatched for GMET)

dmesg | grep AMD-Vi
AMD-Vi: Using global IVHD EFR:0x246577efa2254afa, EFR2:0x0
pci 0000:00:00.2: AMD-Vi: IOMMU performance counters supported
AMD-Vi: Extended features (0x246577efa2254afa, 0x0): PPR NX GT [5] IA GA PC GA_vAPIC
AMD-Vi: Interrupt remapping enabled
AMD-Vi: Virtual APIC enabled

dmesg | grep -i kvm_amd
kvm_amd: TSC scaling supported
kvm_amd: Nested Virtualization enabled
kvm_amd: Nested Paging enabled
kvm_amd: LBR virtualization supported
kvm_amd: AVIC unsupported in CPUID but force enabled, your system might crash and burn
kvm_amd: AVIC enabled
kvm_amd: x2AVIC enabled (max 512 vCPUs)
kvm_amd: Virtual VMLOAD VMSAVE supported
kvm_amd: Virtual GIF supported
kvm_amd: Virtual NMI enabled

cpuid -l 0x8000000a -1
CPU:
SVM Secure Virtual Machine (0x8000000a/eax):
SvmRev: SVM revision = 0x1 (1)
SVM Secure Virtual Machine (0x8000000a/edx):
nested paging = true
LBR virtualization = true
SVM lock = true
NRIP save = true
MSR based TSC rate control = true
VMCB clean bits support = true
flush by ASID = true
decode assists = true
PMC virtualization = true
SSSE3/SSE5 opcode set disable = false
pause intercept filter = true
pause filter threshold = true
AVIC: AMD virtual interrupt controller = false
virtualized VMLOAD/VMSAVE = true
virtualized global interrupt flag (GIF) = true
GMET: guest mode execute trap = true
X2AVIC: virtualized X2APIC = true
supervisor shadow stack = true
guest Spec_ctl support = true
ROGPT: read-only guest page table = true
host MCE override = true
INVLPGB/TLBSYNC hyperv interc enable = false
VNMI: NMI virtualization = true
IBS virtualization = true
extended LVT AVIC access changes = true
guest VMCB addr check = true
bus lock threshold = true
idlt HLT intercept = true
EXITINFO1 non-interceptible shutdown = true
NASID: number of address space identifiers = 0x8000 (32768)