From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH qemu-server 3/7] api: add endpoint for querying available cpu flags
Date: Fri, 31 Oct 2025 13:27:39 +0100 [thread overview]
Message-ID: <20251031122834.62482-4-f.ebner@proxmox.com> (raw)
In-Reply-To: <20251031122834.62482-1-f.ebner@proxmox.com>
Descriptions and ordering are taken from pve-manager's
VMCPUFlagSelector.js. The double quotes in the descriptions were
replaced with single quotes to have nicer JSON output.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
src/PVE/API2/Qemu/CPUFlags.pm | 45 +++++++++++++++++++
src/PVE/API2/Qemu/Makefile | 2 +-
src/PVE/QemuServer/CPUConfig.pm | 76 +++++++++++++++++++++++++--------
3 files changed, 105 insertions(+), 18 deletions(-)
create mode 100644 src/PVE/API2/Qemu/CPUFlags.pm
diff --git a/src/PVE/API2/Qemu/CPUFlags.pm b/src/PVE/API2/Qemu/CPUFlags.pm
new file mode 100644
index 00000000..cc06a1d6
--- /dev/null
+++ b/src/PVE/API2/Qemu/CPUFlags.pm
@@ -0,0 +1,45 @@
+package PVE::API2::Qemu::CPUFlags;
+
+use v5.36;
+
+use PVE::RESTHandler;
+use PVE::JSONSchema qw(get_standard_option);
+use PVE::QemuServer::CPUConfig;
+
+use base qw(PVE::RESTHandler);
+
+__PACKAGE__->register_method({
+ name => 'index',
+ path => '',
+ method => 'GET',
+ description => 'List of available VM-specific CPU flags.',
+ permissions => { user => 'all' },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ node => get_standard_option('pve-node'),
+ },
+ },
+ returns => {
+ type => 'array',
+ items => {
+ type => 'object',
+ properties => {
+ name => {
+ type => 'string',
+ description => "Name of the CPU flag.",
+ },
+ description => {
+ type => 'string',
+ description => "Description of the CPU flag.",
+ },
+ },
+ },
+ links => [{ rel => 'child', href => '{flag}' }],
+ },
+ code => sub {
+ return $PVE::QemuServer::CPUConfig::supported_cpu_flags;
+ },
+});
+
+1;
diff --git a/src/PVE/API2/Qemu/Makefile b/src/PVE/API2/Qemu/Makefile
index 7c539702..c348af75 100644
--- a/src/PVE/API2/Qemu/Makefile
+++ b/src/PVE/API2/Qemu/Makefile
@@ -2,7 +2,7 @@ DESTDIR=
PREFIX=/usr
PERLDIR=$(PREFIX)/share/perl5
-SOURCES=Agent.pm CPU.pm HMPPerms.pm Machine.pm
+SOURCES=Agent.pm CPU.pm CPUFlags.pm HMPPerms.pm Machine.pm
.PHONY: install
install:
diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm
index e72bdf2f..20e26ee2 100644
--- a/src/PVE/QemuServer/CPUConfig.pm
+++ b/src/PVE/QemuServer/CPUConfig.pm
@@ -161,21 +161,62 @@ my $cpu_vendor_list = {
max => 'default',
};
-my @supported_cpu_flags = (
- 'pcid',
- 'spec-ctrl',
- 'ibpb',
- 'ssbd',
- 'virt-ssbd',
- 'amd-ssbd',
- 'amd-no-ssb',
- 'pdpe1gb',
- 'md-clear',
- 'hv-tlbflush',
- 'hv-evmcs',
- 'aes',
-);
-my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags)]})/;
+our $supported_cpu_flags = [
+ {
+ name => 'md-clear',
+ description => "Required to let the guest OS know if MDS is mitigated correctly.",
+ },
+ {
+ name => 'pcid',
+ description =>
+ "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.",
+ },
+ {
+ name => 'spec-ctrl',
+ description => "Allows improved Spectre mitigation with Intel CPUs.",
+ },
+ {
+ name => 'ssbd',
+ description => "Protection for 'Speculative Store Bypass' for Intel models.",
+ },
+ {
+ name => 'ibpb',
+ description => "Allows improved Spectre mitigation with AMD CPUs.",
+ },
+ {
+ name => 'virt-ssbd',
+ description => "Basis for 'Speculative Store Bypass' protection for AMD models.",
+ },
+ {
+ name => 'amd-ssbd',
+ description => "Improves Spectre mitigation performance with AMD CPUs, best used with"
+ . " 'virt-ssbd'.",
+ },
+ {
+ name => 'amd-no-ssb',
+ description => "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.",
+ },
+ {
+ name => 'pdpe1gb',
+ description => "Allow guest OS to use 1GB size pages, if host HW supports it.",
+ },
+ {
+ name => 'hv-tlbflush',
+ description => "Improve performance in overcommitted Windows guests. May lead to guest"
+ . " bluescreens on old CPUs.",
+ },
+ {
+ name => 'hv-evmcs',
+ description => "Improve performance for nested virtualization. Only supported on Intel"
+ . " CPUs.",
+ },
+ {
+ name => 'aes',
+ description => "Activate AES instruction set for HW acceleration.",
+ },
+];
+my @supported_cpu_flags_names = map { $_->{name} } $supported_cpu_flags->@*;
+my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags_names)]})/;
my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/;
our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-\._=]+,?)+)$/;
@@ -217,7 +258,7 @@ my $cpu_fmt = {
description => "List of additional CPU flags separated by ';'. Use '+FLAG' to enable,"
. " '-FLAG' to disable a flag. Custom CPU models can specify any flag supported by"
. " QEMU/KVM, VM-specific flags must be from the following set for security reasons: "
- . join(', ', @supported_cpu_flags),
+ . join(', ', @supported_cpu_flags_names),
format_description => '+FLAG[;-FLAG...]',
type => 'string',
pattern => qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/,
@@ -333,7 +374,8 @@ sub validate_vm_cpu_conf {
# in a VM-specific config, certain properties are limited/forbidden
if ($cpu->{flags} && $cpu->{flags} !~ m/^$cpu_flag_supported_re(;$cpu_flag_supported_re)*$/) {
- die "VM-specific CPU flags must be a subset of: @{[join(', ', @supported_cpu_flags)]}\n";
+ die "VM-specific CPU flags must be a subset of: "
+ . join(', ', @supported_cpu_flags_names) . "\n";
}
if (defined($cpu->{'reported-model'})) {
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-10-31 12:28 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-31 12:27 [pve-devel] [PATCH-SERIES qemu-server/manager 0/7] VM CPU flags: introduce vendor-agnostic 'nested-virt' CPU flag Fiona Ebner
2025-10-31 12:27 ` [pve-devel] [PATCH qemu-server 1/7] cpu config: style fix: avoid multiline post-if expressions Fiona Ebner
2025-10-31 12:27 ` [pve-devel] [PATCH qemu-server 2/7] cpu config: style fix: avoid overly long ternary conditional expression Fiona Ebner
2025-10-31 12:27 ` Fiona Ebner [this message]
2025-10-31 12:27 ` [pve-devel] [PATCH qemu-server 4/7] cpu config: introduce vendor-agnostic 'nested-virt' CPU flag Fiona Ebner
2025-10-31 12:27 ` [pve-devel] [PATCH manager 5/7] api: capabilities: register module for VM CPU flags Fiona Ebner
2025-10-31 12:27 ` [pve-devel] [PATCH manager 6/7] ui: cpu flag selector: code style: use 'let' for declarations Fiona Ebner
2025-10-31 12:27 ` [pve-devel] [PATCH manager 7/7] ui: cpu flag selector: query CPU flag list via API Fiona Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251031122834.62482-4-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.