From: Arthur Bied-Charreton <a.bied-charreton@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH qemu-server v5 03/21] cpu flags: move cpu flags-related utilities to their own module
Date: Fri, 15 May 2026 11:28:20 +0200 [thread overview]
Message-ID: <20260515092839.238064-4-a.bied-charreton@proxmox.com> (raw)
In-Reply-To: <20260515092839.238064-1-a.bied-charreton@proxmox.com>
Introduce PVE::QemuServer::CPUFlags module as the new home for cpu
flags-related helpers, and move various utilities from QemuServer
and CPUConfig into it.
`query_supported_cpu_flags` is not yet moved to the new module, as it is
trickier to migrate without creating circular dependencies.
Signed-off-by: Arthur Bied-Charreton <a.bied-charreton@proxmox.com>
---
src/PVE/API2/Qemu/CPUFlags.pm | 4 +-
src/PVE/QemuServer.pm | 24 +-----
src/PVE/QemuServer/CPUConfig.pm | 89 ++-------------------
src/PVE/QemuServer/CPUFlags.pm | 137 ++++++++++++++++++++++++++++++++
src/PVE/QemuServer/Makefile | 1 +
5 files changed, 149 insertions(+), 106 deletions(-)
create mode 100644 src/PVE/QemuServer/CPUFlags.pm
diff --git a/src/PVE/API2/Qemu/CPUFlags.pm b/src/PVE/API2/Qemu/CPUFlags.pm
index 672bd2d2..4b409a40 100644
--- a/src/PVE/API2/Qemu/CPUFlags.pm
+++ b/src/PVE/API2/Qemu/CPUFlags.pm
@@ -6,7 +6,7 @@ use PVE::JSONSchema qw(get_standard_option);
use PVE::RESTHandler;
use PVE::Tools qw(extract_param);
-use PVE::QemuServer::CPUConfig;
+use PVE::QemuServer::CPUFlags;
use base qw(PVE::RESTHandler);
@@ -44,7 +44,7 @@ __PACKAGE__->register_method({
my $arch = extract_param($param, 'arch');
- return PVE::QemuServer::CPUConfig::get_supported_cpu_flags($arch);
+ return PVE::QemuServer::CPUFlags::get_supported_cpu_flags($arch);
},
});
diff --git a/src/PVE/QemuServer.pm b/src/PVE/QemuServer.pm
index a894684a..e58dddec 100644
--- a/src/PVE/QemuServer.pm
+++ b/src/PVE/QemuServer.pm
@@ -2916,9 +2916,10 @@ sub vga_conf_has_spice {
return $1 || 1;
}
-# To use query_supported_cpu_flags and query_understood_cpu_flags to get flags
-# to use in a QEMU command line (-cpu element), first array_intersect the result
-# of query_supported_ with query_understood_. This is necessary because:
+# To use query_supported_cpu_flags and query_understood_cpu_flags (moved to the
+# PVE::QemuServer::CPUFlags module) to get flags to use in a QEMU command line
+# (-cpu element), first array_intersect the result of query_supported_ with
+# query_understood_. This is necessary because:
#
# a) query_understood_ returns flags the host cannot use and
# b) query_supported_ (rather the QMP call) doesn't actually return CPU
@@ -3025,23 +3026,6 @@ sub query_supported_cpu_flags {
return $flags;
}
-# Understood CPU flags are written to a file at 'pve-qemu' compile time
-my $understood_cpu_flag_dir = "/usr/share/kvm";
-
-sub query_understood_cpu_flags {
- my $arch = get_host_arch();
- my $filepath = "$understood_cpu_flag_dir/recognized-CPUID-flags-$arch";
-
- die "Cannot query understood QEMU CPU flags for architecture: $arch (file not found)\n"
- if !-e $filepath;
-
- my $raw = file_get_contents($filepath);
- $raw =~ s/^\s+|\s+$//g;
- my @flags = split(/\s+/, $raw);
-
- return \@flags;
-}
-
# Since commit 277d33454f77ec1d1e0bc04e37621e4dd2424b67 in pve-qemu, smm is not off by default
# anymore. But smm=off seems to be required when using SeaBIOS and serial display.
my sub should_disable_smm {
diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm
index 7adfdf45..0ee9b991 100644
--- a/src/PVE/QemuServer/CPUConfig.pm
+++ b/src/PVE/QemuServer/CPUConfig.pm
@@ -12,6 +12,7 @@ use PVE::RESTEnvironment qw(log_warn);
use PVE::Tools qw(run_command);
use PVE::QemuServer::Helpers qw(min_version get_host_arch);
+use PVE::QemuServer::CPUFlags qw(cpu_flag_supported_re cpu_flag_any_re supported_cpu_flags_names);
use base qw(PVE::SectionConfig Exporter);
@@ -261,89 +262,9 @@ sub get_all_cpu_models {
return $all_cpu_models;
}
-my $supported_cpu_flags_by_arch = {
- x86_64 => [
- {
- name => 'nested-virt',
- description =>
- "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for"
- . " Intel CPUs. Live migration still only works if it's the same flag on both sides."
- . " Use a CPU model similar to the host, with the same vendor, not x86-64-vX!",
- },
- {
- name => 'md-clear',
- description => "Required to let the guest OS know if MDS is mitigated correctly.",
- },
- {
- name => 'pcid',
- description =>
- "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.",
- },
- {
- name => 'spec-ctrl',
- description => "Allows improved Spectre mitigation with Intel CPUs.",
- },
- {
- name => 'ssbd',
- description => "Protection for 'Speculative Store Bypass' for Intel models.",
- },
- {
- name => 'ibpb',
- description => "Allows improved Spectre mitigation with AMD CPUs.",
- },
- {
- name => 'virt-ssbd',
- description => "Basis for 'Speculative Store Bypass' protection for AMD models.",
- },
- {
- name => 'amd-ssbd',
- description =>
- "Improves Spectre mitigation performance with AMD CPUs, best used with"
- . " 'virt-ssbd'.",
- },
- {
- name => 'amd-no-ssb',
- description =>
- "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.",
- },
- {
- name => 'pdpe1gb',
- description => "Allow guest OS to use 1GB size pages, if host HW supports it.",
- },
- {
- name => 'hv-tlbflush',
- description =>
- "Improve performance in overcommitted Windows guests. May lead to guest"
- . " bluescreens on old CPUs.",
- },
- {
- name => 'hv-evmcs',
- description =>
- "Improve performance for nested virtualization. Only supported on Intel" . " CPUs.",
- },
- {
- name => 'aes',
- description => "Activate AES instruction set for HW acceleration.",
- },
- ],
- aarch64 => [],
-};
-
-sub get_supported_cpu_flags {
- my ($arch) = @_;
- $arch = get_host_arch() if !defined($arch);
- return $supported_cpu_flags_by_arch->{$arch};
-}
-
-my $all_supported_cpu_flags = {};
-for my $arch ($supported_cpu_flags_by_arch->%*) {
- for my $flag ($supported_cpu_flags_by_arch->{$arch}->@*) {
- $all_supported_cpu_flags->{ $flag->{name} } = 1;
- }
-}
-my @supported_cpu_flags_names = sort keys $all_supported_cpu_flags->%*;
-my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags_names)]})/;
-my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/;
+my $cpu_flag_supported_re = cpu_flag_supported_re();
+my $cpu_flag_any_re = cpu_flag_any_re();
+my @supported_cpu_flags_names = (supported_cpu_flags_names());
our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-\._=]+,?)+)$/;
@@ -388,7 +309,7 @@ my $cpu_fmt = {
. " controls nested virtualization for the current CPU ('svm' for AMD and 'vmx' for"
. " Intel). Custom CPU models can specify any flag supported by QEMU/KVM, VM-specific"
. " flags must be from the following set for security reasons: "
- . join(', ', @supported_cpu_flags_names),
+ . join(', ', PVE::QemuServer::CPUFlags::supported_cpu_flags_names()),
format_description => '+FLAG[;-FLAG...]',
type => 'string',
pattern => qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/,
diff --git a/src/PVE/QemuServer/CPUFlags.pm b/src/PVE/QemuServer/CPUFlags.pm
new file mode 100644
index 00000000..a681eb75
--- /dev/null
+++ b/src/PVE/QemuServer/CPUFlags.pm
@@ -0,0 +1,137 @@
+package PVE::QemuServer::CPUFlags;
+
+use v5.36;
+
+use Exporter qw(import);
+
+use PVE::Cluster;
+use PVE::File;
+use PVE::QemuServer::Helpers qw(get_host_arch);
+
+our @EXPORT_OK = qw(
+ cpu_flag_supported_re
+ cpu_flag_any_re
+ supported_cpu_flags_names
+ get_supported_cpu_flags
+ query_understood_cpu_flags
+);
+
+my $supported_vm_specific_cpu_flags_by_arch = {
+ x86_64 => [
+ {
+ name => 'nested-virt',
+ description =>
+ "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for"
+ . " Intel CPUs. Live migration still only works if it's the same flag on both sides."
+ . " Use a CPU model similar to the host, with the same vendor, not x86-64-vX!",
+ },
+ {
+ name => 'md-clear',
+ description => "Required to let the guest OS know if MDS is mitigated correctly.",
+ },
+ {
+ name => 'pcid',
+ description =>
+ "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.",
+ },
+ {
+ name => 'spec-ctrl',
+ description => "Allows improved Spectre mitigation with Intel CPUs.",
+ },
+ {
+ name => 'ssbd',
+ description => "Protection for 'Speculative Store Bypass' for Intel models.",
+ },
+ {
+ name => 'ibpb',
+ description => "Allows improved Spectre mitigation with AMD CPUs.",
+ },
+ {
+ name => 'virt-ssbd',
+ description => "Basis for 'Speculative Store Bypass' protection for AMD models.",
+ },
+ {
+ name => 'amd-ssbd',
+ description =>
+ "Improves Spectre mitigation performance with AMD CPUs, best used with"
+ . " 'virt-ssbd'.",
+ },
+ {
+ name => 'amd-no-ssb',
+ description =>
+ "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.",
+ },
+ {
+ name => 'pdpe1gb',
+ description => "Allow guest OS to use 1GB size pages, if host HW supports it.",
+ },
+ {
+ name => 'hv-tlbflush',
+ description =>
+ "Improve performance in overcommitted Windows guests. May lead to guest"
+ . " bluescreens on old CPUs.",
+ },
+ {
+ name => 'hv-evmcs',
+ description =>
+ "Improve performance for nested virtualization. Only supported on Intel" . " CPUs.",
+ },
+ {
+ name => 'aes',
+ description => "Activate AES instruction set for HW acceleration.",
+ },
+ ],
+ aarch64 => [],
+};
+
+my $all_supported_vm_specific_cpu_flags = {};
+for my $arch ($supported_vm_specific_cpu_flags_by_arch->%*) {
+ for my $flag ($supported_vm_specific_cpu_flags_by_arch->{$arch}->@*) {
+ $all_supported_vm_specific_cpu_flags->{ $flag->{name} } = 1;
+ }
+}
+
+my @supported_cpu_flags_name_sorted = sort keys $all_supported_vm_specific_cpu_flags->%*;
+
+# Understood CPU flags are written to a file at 'pve-qemu' compile time and
+# shipped below this directory by the pve-qemu-kvm package.
+my $understood_cpu_flag_dir = "/usr/share/kvm";
+
+sub supported_cpu_flags_names() {
+ return @supported_cpu_flags_name_sorted;
+}
+
+sub cpu_flag_supported_re() {
+ return qr/([+-])(@{[join('|', supported_cpu_flags_names())]})/;
+}
+
+sub cpu_flag_any_re() {
+ return qr/([+-])([a-zA-Z0-9\-_\.]+)/;
+}
+
+=head3 get_supported_cpu_flags($arch)
+
+Return supported VM-specific CPU flags for $arch. $arch defaults to the host architecture
+if C<undef>.
+
+=cut
+
+sub get_supported_cpu_flags($arch) {
+ $arch = get_host_arch() if !defined($arch);
+ return $supported_vm_specific_cpu_flags_by_arch->{$arch};
+}
+
+sub query_understood_cpu_flags($arch) {
+ my $filepath = "$understood_cpu_flag_dir/recognized-CPUID-flags-$arch";
+
+ die "Cannot query understood QEMU CPU flags for architecture: $arch (file not found)\n"
+ if !-e $filepath;
+
+ my $raw = PVE::File::file_get_contents($filepath);
+ $raw =~ s/^\s+|\s+$//g;
+ my @flags = split(/\s+/, $raw);
+
+ return \@flags;
+}
+
+1;
diff --git a/src/PVE/QemuServer/Makefile b/src/PVE/QemuServer/Makefile
index 821556ef..060fac23 100644
--- a/src/PVE/QemuServer/Makefile
+++ b/src/PVE/QemuServer/Makefile
@@ -9,6 +9,7 @@ SOURCES=Agent.pm \
CGroup.pm \
Cloudinit.pm \
CPUConfig.pm \
+ CPUFlags.pm \
DBusVMState.pm \
Drive.pm \
DriveDevice.pm \
--
2.47.3
next prev parent reply other threads:[~2026-05-15 9:30 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-15 9:28 [PATCH docs/manager/qemu-server v5 00/21] Add API and UI for custom CPU models Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-docs v5 01/21] qm: add anchor to "CPU Type" section Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 02/21] cpu config: rename CPU models config path variable Arthur Bied-Charreton
2026-05-15 9:28 ` Arthur Bied-Charreton [this message]
2026-05-15 9:28 ` [PATCH qemu-server v5 04/21] cpu flags: compare against JSON::true when querying supported flags Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 05/21] cpu flags: normalize CPU flags to QEMU's format Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 06/21] cpu flags: add helper querying CPU flags with nodes supporting them Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 07/21] cpu config: rename custom CPU model config loader Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 08/21] cpu config: add helpers to lock and write config Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 09/21] cpu: register standard option for CPU format Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 10/21] api: cpu flags: improve flags list returned by endpoint Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 11/21] custom cpu models: avoid redundant config load Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 12/21] cluster: reorder imports Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 13/21] cluster: makefile: reorder perl sources and align backslashes Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 14/21] api: add endpoint querying available CPU flags cluster-wide Arthur Bied-Charreton
2026-05-15 9:45 ` Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 15/21] api: add CRUD handlers for custom CPU models Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 16/21] ui: cpu model selector: allow filtering out custom models Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 17/21] ui: add basic custom CPU model editor Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 18/21] ui: cpu flags selector: add CPU flag editor for custom models Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 19/21] ui: cpu flags selector: allow filtering out flags supported on 0 nodes Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 20/21] ui: cpu flags selector: add search bar for large lists of flags Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 21/21] ui: group custom CPU with resource mappings Arthur Bied-Charreton
2026-05-15 17:05 ` [PATCH docs/manager/qemu-server v5 00/21] Add API and UI for custom CPU models Max R. Carrara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260515092839.238064-4-a.bied-charreton@proxmox.com \
--to=a.bied-charreton@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.