====== mitigations ====== I've noticed that switching from ''kvm64'' CPU to ''x86-64-v2-AES'' or ''host'' slows down Windows guest insanely on Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz host. The ''flush_l1d'' flag in Proxmox (often passed when using ''cpu type=host'') is a security mitigation against L1 Terminal Fault (L1TF/Foreshadow) side-channel attacks. While important for security, it can significantly degrade performance, particularly in Windows VMs, resulting in high memory read latency and reduced performance in tasks like AI model loading or 3D applications Choose CPU: * ''ivybridge'' CPU mark 4236. Memory mark: 1899. User experience slower than ''kvm64'' * ''ivybridge-IBRS'' - (Adds only ''spec-ctrl'') for security. CPU mark 4202. Memory mark: 1935. * ''x86-64-v2-AES'' CPU mark: 4081. Memory mark: 1906. * ''kvm64'' CPU mark: 4030. Memory mark: 1931. * ''host'' + ''hv-passthrough''- pass HyperV flags to guest to let him know that it runs under VM. CPU mark 4249. Memory mark: 1899. * ''host'' - **insanely slow!!!** CPU mark 2750 args: -cpu host,hv-passthrough The ''spec-ctrl'' KVM feature is a CPU flag passed to virtual machines (VMs) to enable indirect branch restricted speculation (IBRS) and indirect branch prediction barrier (IBPB) support, mitigating Spectre v2 vulnerabilities. It allows guests to utilize hardware-level security, requiring microcode/BIOS updates on the host * [[https://forum.proxmox.com/threads/the-reasons-for-poor-performance-of-windows-when-the-cpu-type-is-host.163114/|The Reasons for poor performance of Windows when the CPU type is host]] Mitigations can be disabled in Windows guest using this tool: [[https://www.grc.com/inspectre.htm|InSpectre]] Or: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f