cr0x.net — Hard Problems. Clean Solutions.
English

MSI/MSI-X + Interrupt Remapping: The 5‑Minute Fix for Random VM Stutters

February 22, 2026 • February 22, 2026 • Read: 21 min • Views: 0

Was this helpful?

You’re watching a VM that “mostly” behaves. Then, every few minutes, the console freezes for half a second, audio crackles,
RDP drops a frame, or a database commit spikes from 2 ms to 300 ms. Nothing is pegged. Load average is fine. Storage graphs look normal.
Your monitoring shows… vibes.

This is the kind of failure that makes smart people start blaming the application, the hypervisor, the network, the moon phase,
and eventually each other. More often than anyone likes to admit, the culprit is boring and electrical: how interrupts are delivered,
translated, and routed—specifically MSI/MSI‑X and interrupt remapping.

A usable mental model: why interrupts cause “random” stutters

Your VM stutter problem is often a latency distribution problem, not a throughput problem.
Interrupts are a primary driver of tail latency because they punch holes in CPU time.
When the hole lands at the wrong time—during a vCPU run, a network receive burst, or a storage completion wave—you don’t get “slower,”
you get spiky.

What MSI/MSI-X changes compared to legacy INTx

Legacy PCI interrupts (INTx) are level-triggered lines shared across devices. Sharing is the polite term.
In practice it can become a noisy group chat: one device asserts the line, the CPU has to ask a bunch of devices
“was that you?” until it finds the right one. That extra work is jitter.

MSI (Message Signaled Interrupts) replaced “assert a pin” with “write a message into a specific APIC address.”
MSI‑X took it further with many vectors, letting a device spread load across queues (think multiqueue NICs and NVMe).
Properly used, MSI‑X is one of the quiet heroes behind modern low-latency I/O.

Where interrupt remapping enters the plot

In virtualization and passthrough, you’re not just delivering interrupts to the host.
You’re delivering them to the right guest, safely, without letting a device scribble interrupts to arbitrary destinations.
That translation—mapping a device-generated MSI/MSI‑X message to a permitted interrupt target—is interrupt remapping,
typically provided by the IOMMU (Intel VT-d or AMD-Vi).

Without interrupt remapping, the kernel may refuse to enable MSI/MSI‑X in some passthrough scenarios,
or it may fall back to legacy INTx or less efficient paths. Even when it “works,” you may end up with:

  • Interrupt storms consolidated onto one CPU
  • Softirq backlog and ksoftirqd thrash
  • Queueing inside vhost-net, virtio, or the block layer
  • Unpredictable vCPU preemption (the stutter you feel)

Dry-funny truth: the CPU is great at math and terrible at being interrupted by everyone at once—like a surgeon asked to also answer the office phone.

What “random stutter” looks like at the interrupt layer

The classic pattern is brief but severe latency spikes correlated with:

  • Network bursts (RX/TX completions)
  • NVMe completion queues
  • USB controllers (yes, really) spiking host IRQ handling
  • GPU passthrough interrupt delivery oddities
  • Timer tick and scheduler interactions when the host is slightly oversubscribed

The host may show low overall CPU usage, but one core is getting hammered by interrupts and softirqs while others idle.
That’s why “CPU average” is the wrong graph to stare at.

One more practical nuance: “interrupts” include both hard IRQ context and softirq/NAPI processing.
A NIC can generate interrupts that trigger softirq processing on the same CPU, and that can steal time from KVM vCPU threads.
You’ll see stutters even with plenty of headroom.

Quote (paraphrased idea) from Werner Vogels: You build it, you run it—operational responsibility changes how you design and debug systems.
If you run hypervisors, interrupts are not “hardware stuff.” They’re your product.

Facts and history that actually matter

You don’t need a museum tour, but a few concrete facts help you stop making the same bad assumptions:

  1. MSI first showed up widely with PCI 2.2 era hardware to reduce shared interrupt lines and improve scalability.
  2. MSI‑X arrived with PCI 3.0 and expanded vector counts significantly, enabling per-queue interrupts for high-performance devices.
  3. Legacy INTx is level-triggered and shareable; it’s prone to “who asserted the line?” scanning and weird interactions under load.
  4. Modern NICs and NVMe are designed assuming MSI‑X; falling back to INTx can silently destroy parallelism and add jitter.
  5. Interrupt remapping is a security feature as much as a performance feature; it prevents devices from targeting arbitrary CPUs/guests with MSI writes.
  6. VT-d/AMD-Vi IOMMUs often ship enabled for DMA isolation, but interrupt remapping can still be disabled or unavailable depending on firmware/flags.
  7. Intel DMAR logs are your friend; the kernel will tell you when interrupt remapping is off, forced, or broken—if you bother to look.
  8. x2APIC and posted interrupts changed the game for scaling interrupt delivery and reducing VM-exit overhead in some virtualization paths.
  9. irqbalance is not a performance tool; it’s a compromise; it can help or harm depending on queueing, CPU pinning, and isolation strategy.

Second short joke: If someone tells you “interrupts can’t cause stutters because CPU usage is only 20%,” they’ve invented a new unit of denial.

Fast diagnosis playbook (first/second/third)

First: prove it’s interrupt/softirq latency, not raw CPU or storage throughput

  • Check per-CPU IRQ distribution and softirq pressure.
  • Correlate spikes with a device (NIC, NVMe, USB, HBA, GPU).
  • Look for INTx fallback and missing MSI/MSI‑X.

Second: validate IOMMU + interrupt remapping are actually enabled

  • Confirm kernel boot flags: Intel intel_iommu=on, AMD amd_iommu=on.
  • Confirm DMAR/IVRS logs show interrupt remapping enabled.
  • If doing VFIO passthrough: ensure the platform supports it and the kernel is using it.

Third: fix the interrupt topology (affinity, isolation, queues)

  • Spread MSI‑X vectors across CPUs intentionally, not “whatever happened at boot.”
  • Make CPU pinning and IRQ affinity agree (don’t pin vCPUs to the same core doing all NIC interrupts).
  • Re-check stutter: your goal is tighter tail latency, not necessarily higher throughput.

Practical tasks: commands, outputs, decisions (12+)

These are the checks I actually run on a Linux KVM host (Proxmox, Ubuntu, Debian, RHEL-ish).
They’re ordered so you can stop early if you find the smoking gun.
Each task includes: command, realistic output, what it means, and the decision you make.

Task 1: Confirm IOMMU is enabled in the kernel command line

cr0x@server:~$ cat /proc/cmdline
BOOT_IMAGE=/vmlinuz-6.8.0 root=/dev/mapper/vg0-root ro quiet intel_iommu=on iommu=pt

What it means: intel_iommu=on enables VT-d IOMMU. iommu=pt uses passthrough mode for host devices to reduce overhead while keeping translation available.

Decision: If you don’t see intel_iommu=on or amd_iommu=on, add it and reboot. If you do VFIO, you usually want it on. If you do pure virtio only, it still often helps for interrupt remapping sanity.

Task 2: Check DMAR/IVRS logs for interrupt remapping status

cr0x@server:~$ dmesg -T | egrep -i 'dmar|ivrs|iommu|interrupt remapping' | head -n 30
[Mon Feb  3 10:12:11 2026] DMAR: IOMMU enabled
[Mon Feb  3 10:12:11 2026] DMAR: Interrupt remapping enabled
[Mon Feb  3 10:12:11 2026] DMAR: x2apic enabled
[Mon Feb  3 10:12:12 2026] pci 0000:3b:00.0: DMAR: Skip IOMMU disabling for graphics

What it means: This is the “don’t overthink it” indicator. If it says interrupt remapping enabled, the platform + firmware + kernel are cooperating.

Decision: If you see Interrupt remapping disabled or errors, stop and fix that before tuning IRQ affinity. You can’t tune your way out of missing features.

Task 3: Confirm the IOMMU groups exist (sanity for VFIO users)

cr0x@server:~$ find /sys/kernel/iommu_groups/ -maxdepth 2 -type l | head
/sys/kernel/iommu_groups/0/devices/0000:00:00.0
/sys/kernel/iommu_groups/1/devices/0000:00:01.0
/sys/kernel/iommu_groups/2/devices/0000:00:02.0

What it means: Groups existing strongly implies the IOMMU is active.

Decision: If the directory is empty/missing, you’re not in a real IOMMU configuration. Fix BIOS/UEFI settings (VT-d/AMD-Vi) and kernel flags.

Task 4: Identify which PCI devices are using MSI/MSI‑X vs INTx

cr0x@server:~$ lspci -nnk | egrep -A3 -i 'ethernet|nvme|usb|sata|raid|vga|3d'
3b:00.0 Ethernet controller [0200]: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ [8086:1572]
	Subsystem: Intel Corporation Device [8086:0000]
	Kernel driver in use: i40e
	Kernel modules: i40e
5e:00.0 Non-Volatile memory controller [0108]: Samsung Electronics Co Ltd NVMe SSD Controller [144d:a808]
	Kernel driver in use: nvme
0a:00.0 USB controller [0c03]: ASMedia Technology Inc. ASM2142 USB 3.1 Host Controller [1b21:2142]
	Kernel driver in use: xhci_hcd

What it means: This shows who matters. NIC + NVMe + USB are common stutter sources.

Decision: Next, inspect each device for “MSI/MSI‑X enabled” and vector count.

Task 5: For a device, check whether MSI/MSI‑X is enabled and how many vectors

cr0x@server:~$ sudo lspci -s 3b:00.0 -vv | egrep -i 'msi|msi-x|interrupt'
	Capabilities: [70] MSI-X: Enable+ Count=64 Masked-
	Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
	Interrupt: pin A routed to IRQ 16

What it means: MSI‑X is enabled with 64 vectors. MSI is present but disabled (normal when MSI‑X is used). The “Interrupt pin … IRQ 16” line can exist even when MSI‑X is in use; don’t panic.

Decision: If you see MSI-X: Enable- and you expected multiqueue performance, you found a likely culprit. Investigate why it’s disabled (driver settings, kernel quirks, VFIO/IR issues).

Task 6: Detect legacy INTx usage via /proc/interrupts patterns

cr0x@server:~$ cat /proc/interrupts | head -n 15
           CPU0       CPU1       CPU2       CPU3
  16:     91233          3          1          2   IO-APIC   16-fasteoi   i40e
  24:    501223          0          0          0   PCI-MSI 524288-edge   nvme0q0
  25:    198772          0          0          0   PCI-MSI 524289-edge   nvme0q1
  26:     77211          0          0          0   PCI-MSI 524290-edge   nvme0q2

What it means: IO-APIC lines often indicate legacy or pin-based interrupts; PCI-MSI indicates MSI/MSI‑X vectors. Also note CPU distribution: everything piling on CPU0 is a latency trap.

Decision: If the hot devices are IO-APIC and mostly on CPU0, move to MSI/MSI‑X and/or set affinity. If they are MSI but still CPU0-heavy, tune affinity and irqbalance.

Task 7: Check softirq pressure (the hidden “interrupt aftermath”)

cr0x@server:~$ cat /proc/softirqs
                    CPU0       CPU1       CPU2       CPU3
          HI:          3          0          0          0
       TIMER:   1123456    902233     877112     889001
      NET_TX:      8221      9102      8455      8601
      NET_RX:   9981234     21002     19511     20110
       BLOCK:    302112     88011     90122     89300
    IRQ_POLL:          0          0          0          0
     TASKLET:      1022       1101       1002       1010
       SCHED:    512001     490002     488901     487112
     HRTIMER:        42         39         41         40
         RCU:    980002     910001     905551     907221

What it means: CPU0 has massive NET_RX compared to others. That’s exactly the “one core gets murdered” stutter profile.

Decision: Spread NIC queues (RSS), set IRQ affinity, or adjust RPS/XPS. If you pin vCPUs, keep IRQ-heavy CPUs away from latency-sensitive vCPU threads.

Task 8: Check which IRQs belong to your NIC queues and where they run

cr0x@server:~$ grep -iE 'i40e|mlx|ixgbe|bnxt|ena' /proc/interrupts | head
  16:     91233          3          1          2   IO-APIC   16-fasteoi   i40e
  98:    501223          0          0          0   PCI-MSI 327680-edge   i40e-TxRx-0
  99:    498877          0          0          0   PCI-MSI 327681-edge   i40e-TxRx-1
 100:    490112          0          0          0   PCI-MSI 327682-edge   i40e-TxRx-2

What it means: Queue interrupts are stuck on CPU0. Either affinity is defaulted badly or irqbalance pinned them there.

Decision: Explicitly set affinity for these IRQs, or configure irqbalance to avoid your “VM vCPU” cores.

Task 9: Inspect current IRQ affinity masks

cr0x@server:~$ sudo cat /proc/irq/98/smp_affinity
1

What it means: Mask 1 means CPU0 only.

Decision: Change it to spread across CPUs (example: CPUs 0-3 is mask f; CPUs 4-7 is f0 on an 8-core system). Match to your CPU topology and pinning plan.

Task 10: Set IRQ affinity (carefully) for a queue IRQ

cr0x@server:~$ echo f | sudo tee /proc/irq/98/smp_affinity
f

What it means: You allowed IRQ 98 to run on CPUs 0–3. This is a blunt tool, but it’s a fast validation.

Decision: If stutters reduce immediately, you’ve validated the diagnosis. Next, do a durable config (systemd unit, tuned profile, or irqbalance policy).

Task 11: Check whether irqbalance is running and what it might be doing to you

cr0x@server:~$ systemctl status irqbalance --no-pager
● irqbalance.service - irqbalance daemon
     Loaded: loaded (/lib/systemd/system/irqbalance.service; enabled)
     Active: active (running) since Mon 2026-02-03 10:12:38 UTC; 1h 3min ago
   Main PID: 812 (irqbalance)
      Tasks: 1
     Memory: 2.4M
        CPU: 1.231s

What it means: irqbalance is active. It may improve distribution, or it may fight your CPU isolation and undo your careful pinning.

Decision: If you use CPU pinning/isolation for VMs, consider configuring irqbalance bans, or disabling it and managing affinity explicitly.

Task 12: Check if the kernel is forcing PCI MSI off globally

cr0x@server:~$ cat /proc/cmdline | grep -o 'pci=.*' || true

What it means: No pci=nomsi present. Good.

Decision: If you find pci=nomsi in the cmdline (yes, people copy-paste this from ancient forum posts), remove it. It’s a stutter factory on modern devices.

Task 13: Check for interrupt remapping disablement by kernel quirks

cr0x@server:~$ dmesg -T | egrep -i 'remapping.*(off|disable)|no IR|intremap' | head

What it means: Nothing alarming found in this sample. On broken systems you might see messages indicating IR is disabled due to BIOS bugs or platform limitations.

Decision: If you see forced disablement, update BIOS/UEFI and microcode first. If it still fails, you may need different hardware for stable VFIO/MSI behavior.

Task 14: Check KVM threads placement and whether vCPUs share cores with IRQ storms

cr0x@server:~$ ps -eLo pid,psr,comm | egrep 'kvm|qemu-system' | head
  2311   0 qemu-system-x86
  2315   0 CPU 0/KVM
  2316   1 CPU 1/KVM
  2317   2 CPU 2/KVM
  2318   3 CPU 3/KVM

What it means: vCPU threads are on CPUs 0–3. If your interrupts are also concentrated there, you are scheduling fistfights.

Decision: Either move IRQs away from vCPU cores, or move vCPUs away from IRQ-heavy cores. Don’t “share nicely” and hope for the best.

Task 15: Quick glance at per-CPU softirq usage in real time

cr0x@server:~$ mpstat -P ALL 1 5
Linux 6.8.0 (server)  02/03/2026  _x86_64_  (8 CPU)

11:21:01 AM  CPU  %usr %nice %sys %iowait %irq %soft %steal %idle
11:21:02 AM  all  7.11  0.00  6.33    0.12  0.10  3.52   0.00 82.82
11:21:02 AM    0  4.00  0.00  9.00    0.00  0.60 18.40   0.00 68.00
11:21:02 AM    1  8.00  0.00  6.00    0.00  0.00  1.00   0.00 85.00
11:21:02 AM    2  9.00  0.00  5.00    0.00  0.00  0.90   0.00 85.10
11:21:02 AM    3  8.00  0.00  5.00    0.00  0.00  0.80   0.00 85.20

What it means: CPU0 has high %soft which often correlates with NET_RX backlog. That’s a classic VM jitter generator.

Decision: If one CPU shows elevated softirq, target the device queues mapped to it and redistribute.

The 5‑minute fix: what to change, and why

“5 minutes” assumes you have console access and can reboot once. If you can’t reboot, you can still validate and partially mitigate with affinity.
The core idea is simple: make sure MSI/MSI‑X is enabled, and make sure interrupt remapping is enabled so MSI delivery is safe and fast in virtualized paths.

Step 1: Enable IOMMU and interrupt remapping in firmware

In BIOS/UEFI, enable:

  • Intel: VT-d (sometimes “Intel Virtualization Technology for Directed I/O”)
  • AMD: AMD-Vi / IOMMU

Also check for “Interrupt Remapping” or “DMA Remapping” toggles if the firmware exposes them.
Firmware UIs vary from polished to cursed. You’re looking for anything that sounds like IOMMU/VT-d/AMD-Vi.

Step 2: Enable IOMMU in the kernel boot parameters

Add one of these in your bootloader:

  • intel_iommu=on iommu=pt
  • amd_iommu=on iommu=pt

iommu=pt is often a good default for hosts that are not doing “everything behind translation all the time.”
It can reduce overhead while keeping the IOMMU machinery available for remapping and device assignment.

Step 3: Reboot, verify DMAR/IVRS says “Interrupt remapping enabled”

If it’s not enabled, stop. Don’t do elaborate IRQ tuning on top of a broken platform config.
Fix BIOS/UEFI, update firmware/microcode, or change hardware if needed.

Step 4: Verify devices are actually using MSI/MSI‑X and have the expected queue vectors

For NICs you expect multiple Tx/Rx queues. For NVMe you expect multiple completion queues.
If you see a single vector, or MSI‑X present but disabled, stutters under burst load are unsurprising.

Step 5: Spread interrupts away from your vCPU cores

The performance trick isn’t “spread everything everywhere.” It’s separation of concerns:

  • Pick CPU cores for host IRQ/softirq work (network, storage)
  • Pick CPU cores for VM vCPUs (latency-sensitive guests)
  • Make affinity policies match those choices

If you do nothing else, at least stop defaulting all queue interrupts to CPU0. CPU0 already has housekeeping duties on many systems.
Let it breathe.

Three corporate mini-stories from the interrupt trenches

Incident: the wrong assumption (“storage must be the problem”)

A mid-size company ran a virtualization cluster hosting internal CI, a couple of databases, and a VDI farm.
Users complained that “the VMs freeze for a second” multiple times an hour. Predictably, the storage team got paged first,
because storage always gets paged first.

The initial assumption was familiar: stutters = storage latency. The team stared at SAN graphs, multipath stats,
and iSCSI retransmits. Nothing. Latency was flat. Throughput had room. The SAN vendor was politely bored.

An SRE ran a simple check: /proc/softirqs and /proc/interrupts. CPU0 had towering NET_RX counts.
The 10GbE NIC was “multiqueue capable,” but its IRQ vectors were effectively glued to one core.
They also discovered interrupt remapping was disabled in firmware after a platform update reset a BIOS profile.

With interrupt remapping off, the host had taken a less optimal interrupt delivery path for a subset of devices.
Under bursty VDI traffic, the host’s IRQ/softirq handling would briefly starve KVM vCPU threads.
Users perceived it as “the VM froze.”

The fix was boring: re-enable VT-d/IOMMU + interrupt remapping, confirm MSI‑X enabled, then distribute queue interrupts away from vCPU cores.
The SAN never changed. The tickets stopped. The storage team didn’t get an apology, but they did get quieter on-calls.

Optimization that backfired: “disable IOMMU for performance”

Another org ran a dense compute cluster: lots of VMs, heavy network, moderate local NVMe.
Someone read that IOMMU adds overhead and pushed a change to disable it across the fleet. It was pitched as “free performance.”
The change was rolled during a routine kernel update window.

Throughput benchmarks looked fine. That’s the trap: averages didn’t move much.
But a week later, support started seeing “micro-freezes” in remote sessions, plus weird bursts of packet loss inside guests.
It wasn’t consistent. It was worse on nodes with certain NIC firmware revisions. Naturally, this turned into a cross-team debate.

The postmortem found two problems. First: without IOMMU, interrupt remapping wasn’t available, and some passthrough cases fell back in ugly ways.
Second: their CPU pinning strategy assumed IRQs would be balanced away from isolated vCPU cores. irqbalance did the opposite on some nodes,
and without the expected interrupt features, the distribution was even worse.

The rollback was straightforward: re-enable IOMMU with iommu=pt to avoid unnecessary translation for host devices,
verify interrupt remapping in dmesg, then revalidate IRQ affinity. The “free performance” optimization had delivered free jitter instead.

The lasting lesson: a change that improves mean throughput can still ruin tail latency.
For user-facing systems (VDI, voice, gaming, trading, database commit latency), tail latency is the product.

Boring but correct practice that saved the day: “hardware profiles and boot-time assertions”

A financial services team operated a small but critical KVM environment. Their work wasn’t glamorous: internal services,
batch jobs, a few latency-sensitive components, and compliance constraints that made change painful.
They learned early that “same server model” doesn’t mean “same firmware settings.”

They standardized on a host baseline:
VT-d/IOMMU enabled, interrupt remapping enabled, consistent BIOS profiles exported and versioned,
and a boot-time check that would alert if dmesg didn’t contain the expected “Interrupt remapping enabled” line.
They also pinned housekeeping IRQs and NIC queues onto designated cores, leaving a clean set for vCPUs.

One quarter, they had to swap a failed motherboard under time pressure. The replacement came back with a default BIOS profile:
virtualization features partially disabled. The host booted “fine.” VMs started “fine.” And then the latency graphs started whispering.

Their boot-time assertion caught it within minutes. They fixed firmware settings before users noticed.
No incident call, no war room, no blame. Just a ticket with a checklist and a closed loop.

This is the unsexy reality of reliability: the boring practices don’t prevent every problem,
but they prevent the expensive kind—the ones you only detect when your CEO is the one on the frozen VDI session.

Common mistakes: symptom → root cause → fix

1) Symptom: “Random 200–800 ms freezes, CPU is low”

Root cause: IRQ/softirq hotspot on one CPU (often CPU0), starving vCPU threads intermittently.

Fix: Verify MSI‑X enabled; redistribute IRQ affinity; separate IRQ cores from vCPU cores; consider RPS/XPS tuning.

2) Symptom: “VFIO passthrough works but latency is awful under load”

Root cause: Interrupt remapping disabled/unavailable; device interrupts delivered through fallback paths or restricted MSI use.

Fix: Enable VT-d/AMD-Vi + interrupt remapping in firmware and kernel. Update BIOS/microcode. Re-test with dmesg confirmation.

3) Symptom: “NIC is 10/25/40GbE but behaves like 1GbE under bursts”

Root cause: MSI‑X not enabled, or only one queue/vector active; multiqueue not functioning.

Fix: Confirm MSI-X: Enable+ and vector count; check driver queue settings (ethtool -l), firmware, and kernel parameters disabling MSI.

4) Symptom: “Stutters started after a BIOS update”

Root cause: BIOS profile reset disabled VT-d/IOMMU or interrupt remapping; sometimes x2APIC toggled.

Fix: Re-apply known-good BIOS profile; verify DMAR/IVRS logs; add boot-time assertions.

5) Symptom: “Everything improved except one VM still stutters”

Root cause: That VM’s vCPUs are pinned to the same CPU handling NVMe or NIC interrupts; or a specific passthrough device uses a different IRQ path.

Fix: Align vCPU pinning with IRQ affinity; isolate host IRQ cores; confirm the passed-through device’s MSI‑X and IR status.

6) Symptom: “Disabling irqbalance made it worse”

Root cause: You disabled balancing but didn’t replace it with a deliberate affinity plan; interrupts reverted to defaults.

Fix: Either configure irqbalance with banned CPUs to protect vCPUs, or manage affinity with persistent rules (systemd unit) per IRQ group.

7) Symptom: “Kernel update changed behavior”

Root cause: Driver changed queue defaults; MSI/MSI‑X quirks changed; CPU topology/NUMA handling changed; irqbalance policy changed.

Fix: Re-run the tasks section checks. Don’t assume yesterday’s interrupt distribution persists after updates.

Checklists / step-by-step plan

Checklist A: One-host “stutter triage” (15 minutes)

  1. Run dmesg filter for DMAR/IVRS and confirm “Interrupt remapping enabled.”
  2. Check /proc/interrupts and /proc/softirqs for CPU hotspots.
  3. For suspected devices (NIC/NVMe/USB/HBA), confirm MSI/MSI‑X is enabled via lspci -vv.
  4. Check whether VM vCPU threads are on the same CPUs as the IRQ hotspot.
  5. Temporarily spread IRQ affinity for the hot IRQs and observe stutter reduction.

Checklist B: Durable fix for a virtualization node (change-controlled)

  1. Standardize BIOS profile: enable VT-d/AMD-Vi and interrupt remapping.
  2. Set kernel flags: intel_iommu=on iommu=pt (or AMD equivalent).
  3. Reboot; record DMAR/IVRS logs in your node inventory.
  4. Confirm MSI‑X vector counts on NICs and NVMe; ensure multiqueue is active.
  5. Define CPU allocation: which cores are for host IRQ/softirq, which cores are for vCPUs.
  6. Implement persistent IRQ affinity policy (irqbalance bans or explicit masks).
  7. Re-test under representative burst traffic; measure p99 latency, not just average throughput.

Checklist C: Cluster-wide prevention

  1. Add a boot-time health check that alerts when interrupt remapping is not enabled.
  2. Track firmware versions and BIOS settings drift; don’t rely on “same model.”
  3. After kernel/driver updates, re-validate MSI‑X enablement and queue counts on a canary node.
  4. Document a rollback path that includes kernel cmdline and BIOS profiles.

FAQ

1) Is interrupt remapping required for good performance?

Not universally, but for VFIO/passthrough and some modern interrupt delivery paths, it’s often the difference between clean MSI/MSI‑X usage and fallback behavior.
It’s also a security boundary. If you care about tail latency and correctness, enable it.

2) I enabled IOMMU. Why do I still see stutters?

IOMMU being enabled doesn’t guarantee your interrupts are well distributed. You can have perfect remapping and still funnel every queue interrupt onto CPU0.
Check /proc/interrupts, /proc/softirqs, and IRQ affinity masks.

3) What’s the difference between MSI and MSI‑X in practical terms?

MSI is typically a small number of vectors; MSI‑X supports many vectors. Many vectors enable per-queue interrupts, which lets NIC/NVMe scale with cores and reduce contention.
For modern high-speed I/O, MSI‑X is the normal target state.

4) Does iommu=pt make things unsafe?

It reduces translation overhead for devices not being isolated, but it doesn’t “turn off” the IOMMU’s existence. For VFIO devices you still get isolation.
Security posture depends on your full configuration; don’t use it as a substitute for understanding your threat model.

5) Should I disable irqbalance?

If you run CPU isolation/pinning for VMs, you should at least control irqbalance. Uncontrolled irqbalance can sabotage isolation.
Either configure it to avoid your vCPU cores or disable it and explicitly set IRQ affinity persistently.

6) Why does CPU0 always look guilty?

CPU0 often handles housekeeping tasks and gets default affinity for a lot of interrupts. It’s not evil; it’s just convenient.
Convenience is a bad performance plan.

7) Can a USB controller really cause VM stutters?

Yes. A noisy USB controller (or a device on it) can generate interrupts that steal CPU time, especially if those interrupts are concentrated on a core running vCPUs.
It’s less common than NIC/NVMe, but it’s real enough to check.

8) How do I know if I’m falling back to INTx?

Look at /proc/interrupts for IO-APIC lines tied to your device, and confirm MSI/MSI‑X enablement in lspci -vv.
If MSI‑X shows Enable- or you see only a single interrupt line where you expect many queues, suspect fallback.

9) My VM uses virtio only. Do I still care?

Yes, because the host still handles interrupts from the physical devices (NICs, NVMe, HBAs) that back virtio.
Even without passthrough, bad interrupt distribution can starve vhost threads and vCPU execution.

10) What’s the fastest confirmation that your changes worked?

You want to see: DMAR says interrupt remapping enabled, devices show MSI‑X enabled with expected vector counts, and IRQ/softirq load is spread across intended CPUs.
Then validate with a tail-latency measure: p99/p999 in the guest, not just average throughput on the host.

Conclusion: next steps you can ship today

Random VM stutters are often interrupt topology problems wearing a disguise. MSI/MSI‑X and interrupt remapping aren’t niche features;
they’re the plumbing that lets modern devices scale without turning one CPU into a panic room.

Practical next steps:

  1. On one stuttering host, confirm DMAR/IVRS shows “Interrupt remapping enabled.” If not, fix firmware + kernel flags.
  2. Confirm your hot devices (NIC/NVMe) have MSI‑X enabled and multiple vectors.
  3. Check /proc/interrupts and /proc/softirqs for CPU hotspots; don’t accept “CPU is low” as evidence.
  4. Align IRQ affinity with vCPU pinning: dedicate cores for host interrupts, keep VM cores clean.
  5. Make it durable: version BIOS profiles, add boot-time assertions, and re-check after updates.

Do this once, properly, and you’ll stop treating “stutter” like a ghost story. It’s just routing.

← Previous
Fix the “Your Device Is Missing Important Security and Quality Fixes” Loop
Next →
WordPress Security: The Hardening Checklist That Doesn’t Break Logins

Related articles

Linux: The 10-Minute Method to Find What’s Actually Eating Your RAM February 24, 2026 iommu=pt: The Hidden Performance Mode for Linux Virtualization (When to Use It) February 12, 2026 Debian 13 “Broken pipe” errors: when it’s harmless and when it’s your first warning (case #15) January 13, 2026 Debian 13 LACP Bonding Flaps: Proving Whether the Switch or Host Is Wrong January 9, 2026 Ubuntu 24.04: Swap on SSD — do it safely (and when you shouldn’t) (case #50) January 7, 2026 Ubuntu 24.04 Kernel Parameter Tuning: the 5 sysctls that matter (and the 10 that don’t) (case #42) January 4, 2026 Debian 13 Swapfile Pitfalls: Create It Right (Permissions, fstab, Priority) January 1, 2026 Ubuntu 24.04 tmpfs/ramdisk gone wild: stop it eating RAM (without breaking apps) December 21, 2025 Ubuntu 24.04: Disk “hangs” under load — timeout settings that prevent full stalls (case #90) December 19, 2025 Debian 13: NFS is slower than expected — prove it’s sync/rsize/wsize and fix it (case #23) December 6, 2025

Leave a comment