From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id F05E91FF15C for ; Fri, 31 Oct 2025 13:28:34 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2F61B109F3; Fri, 31 Oct 2025 13:28:45 +0100 (CET) From: Fiona Ebner To: pve-devel@lists.proxmox.com Date: Fri, 31 Oct 2025 13:27:39 +0100 Message-ID: <20251031122834.62482-4-f.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251031122834.62482-1-f.ebner@proxmox.com> References: <20251031122834.62482-1-f.ebner@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1761913704270 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.070 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment PROLO_LEO1 0.1 Meta Catches all Leo drug variations so far SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH qemu-server 3/7] api: add endpoint for querying available cpu flags X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Descriptions and ordering are taken from pve-manager's VMCPUFlagSelector.js. The double quotes in the descriptions were replaced with single quotes to have nicer JSON output. Signed-off-by: Fiona Ebner --- src/PVE/API2/Qemu/CPUFlags.pm | 45 +++++++++++++++++++ src/PVE/API2/Qemu/Makefile | 2 +- src/PVE/QemuServer/CPUConfig.pm | 76 +++++++++++++++++++++++++-------- 3 files changed, 105 insertions(+), 18 deletions(-) create mode 100644 src/PVE/API2/Qemu/CPUFlags.pm diff --git a/src/PVE/API2/Qemu/CPUFlags.pm b/src/PVE/API2/Qemu/CPUFlags.pm new file mode 100644 index 00000000..cc06a1d6 --- /dev/null +++ b/src/PVE/API2/Qemu/CPUFlags.pm @@ -0,0 +1,45 @@ +package PVE::API2::Qemu::CPUFlags; + +use v5.36; + +use PVE::RESTHandler; +use PVE::JSONSchema qw(get_standard_option); +use PVE::QemuServer::CPUConfig; + +use base qw(PVE::RESTHandler); + +__PACKAGE__->register_method({ + name => 'index', + path => '', + method => 'GET', + description => 'List of available VM-specific CPU flags.', + permissions => { user => 'all' }, + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + }, + }, + returns => { + type => 'array', + items => { + type => 'object', + properties => { + name => { + type => 'string', + description => "Name of the CPU flag.", + }, + description => { + type => 'string', + description => "Description of the CPU flag.", + }, + }, + }, + links => [{ rel => 'child', href => '{flag}' }], + }, + code => sub { + return $PVE::QemuServer::CPUConfig::supported_cpu_flags; + }, +}); + +1; diff --git a/src/PVE/API2/Qemu/Makefile b/src/PVE/API2/Qemu/Makefile index 7c539702..c348af75 100644 --- a/src/PVE/API2/Qemu/Makefile +++ b/src/PVE/API2/Qemu/Makefile @@ -2,7 +2,7 @@ DESTDIR= PREFIX=/usr PERLDIR=$(PREFIX)/share/perl5 -SOURCES=Agent.pm CPU.pm HMPPerms.pm Machine.pm +SOURCES=Agent.pm CPU.pm CPUFlags.pm HMPPerms.pm Machine.pm .PHONY: install install: diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm index e72bdf2f..20e26ee2 100644 --- a/src/PVE/QemuServer/CPUConfig.pm +++ b/src/PVE/QemuServer/CPUConfig.pm @@ -161,21 +161,62 @@ my $cpu_vendor_list = { max => 'default', }; -my @supported_cpu_flags = ( - 'pcid', - 'spec-ctrl', - 'ibpb', - 'ssbd', - 'virt-ssbd', - 'amd-ssbd', - 'amd-no-ssb', - 'pdpe1gb', - 'md-clear', - 'hv-tlbflush', - 'hv-evmcs', - 'aes', -); -my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags)]})/; +our $supported_cpu_flags = [ + { + name => 'md-clear', + description => "Required to let the guest OS know if MDS is mitigated correctly.", + }, + { + name => 'pcid', + description => + "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.", + }, + { + name => 'spec-ctrl', + description => "Allows improved Spectre mitigation with Intel CPUs.", + }, + { + name => 'ssbd', + description => "Protection for 'Speculative Store Bypass' for Intel models.", + }, + { + name => 'ibpb', + description => "Allows improved Spectre mitigation with AMD CPUs.", + }, + { + name => 'virt-ssbd', + description => "Basis for 'Speculative Store Bypass' protection for AMD models.", + }, + { + name => 'amd-ssbd', + description => "Improves Spectre mitigation performance with AMD CPUs, best used with" + . " 'virt-ssbd'.", + }, + { + name => 'amd-no-ssb', + description => "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.", + }, + { + name => 'pdpe1gb', + description => "Allow guest OS to use 1GB size pages, if host HW supports it.", + }, + { + name => 'hv-tlbflush', + description => "Improve performance in overcommitted Windows guests. May lead to guest" + . " bluescreens on old CPUs.", + }, + { + name => 'hv-evmcs', + description => "Improve performance for nested virtualization. Only supported on Intel" + . " CPUs.", + }, + { + name => 'aes', + description => "Activate AES instruction set for HW acceleration.", + }, +]; +my @supported_cpu_flags_names = map { $_->{name} } $supported_cpu_flags->@*; +my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags_names)]})/; my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/; our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-\._=]+,?)+)$/; @@ -217,7 +258,7 @@ my $cpu_fmt = { description => "List of additional CPU flags separated by ';'. Use '+FLAG' to enable," . " '-FLAG' to disable a flag. Custom CPU models can specify any flag supported by" . " QEMU/KVM, VM-specific flags must be from the following set for security reasons: " - . join(', ', @supported_cpu_flags), + . join(', ', @supported_cpu_flags_names), format_description => '+FLAG[;-FLAG...]', type => 'string', pattern => qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/, @@ -333,7 +374,8 @@ sub validate_vm_cpu_conf { # in a VM-specific config, certain properties are limited/forbidden if ($cpu->{flags} && $cpu->{flags} !~ m/^$cpu_flag_supported_re(;$cpu_flag_supported_re)*$/) { - die "VM-specific CPU flags must be a subset of: @{[join(', ', @supported_cpu_flags)]}\n"; + die "VM-specific CPU flags must be a subset of: " + . join(', ', @supported_cpu_flags_names) . "\n"; } if (defined($cpu->{'reported-model'})) { -- 2.47.3 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel