From: Fiona Ebner <f.ebner@proxmox.com>
To: Thomas Lamprecht <t.lamprecht@proxmox.com>, pve-devel@lists.proxmox.com
Subject: Re: [pve-devel] partially-applied: [PATCH-SERIES qemu-server/manager v2 0/8] VM CPU flags: introduce vendor-agnostic 'nested-virt' CPU flag
Date: Fri, 14 Nov 2025 15:27:13 +0100 [thread overview]
Message-ID: <91e9fb43-5ee3-4de2-a866-312d700e9fbe@proxmox.com> (raw)
In-Reply-To: <176307427734.2950096.5784486951090117457.b4-ty@proxmox.com>
Am 13.11.25 um 11:53 PM schrieb Thomas Lamprecht:
> On Fri, 07 Nov 2025 15:43:38 +0100, Fiona Ebner wrote:
>> Changes in v2 (thanks Dano and Thomas!):
>> * Pass running CPU configuration when using 'nested-virt'. This
>> ensures that migration fails early if the flag resolves differently
>> on the target.
>> * Describe that live migration still only works if it's the same flag.
>> * Drop adding non-existing link in API end point.
>> * Keep $supported_cpu_flags private to module and add getter method.
>> * Unpack @_ first at the beginning of resolve_cpu_flags().
>> * ui: fix function call in the CPU flag selector widget.
>> * ui: use simpler method to get all records of the store.
>> * Drop already applied patches.
>>
>> [...]
>
> Applied the first three qemu-server patches already, thanks!
>
> For the nested-flag I'm not fully sure yet if this is enough also for Windows
> guests to run e.g. WSL with a non-host CPU type like x86-64-v3, which I might
> not put into scope originally, but for many users it will IMO be assumed as
> "has to work" if we put this in the changelog.
Thanks to Mario for directing my attention to the related bugzilla entry
[0] earlier today!
What seems to be necessary is setting the base model to something
matching the vendor of the host CPU "cpu: EPYC,flags=+nested-virt"
resulting in
EPYC,enforce,hv_ipi,hv_relaxed,hv_reset,hv_runtime,hv_spinlocks=0x1fff,hv_stimer,hv_synic,hv_time,hv_vapic,hv_vpindex,+kvm_pv_eoi,+kvm_pv_unhalt,+svm,vendor=AuthenticAMD
on the QEMU commandline.
Well, I still got an error later:
PS C:\Windows\system32> wsl -d archlinux
wsl: Nested virtualization is not supported on this machine.
but I also got a bash and could issue commands. FWIW, I got the same
error and behavior when using "host" CPU model.
I couldn't get it to work with CPU type qemu64, even with all of:
qemu64,+abm,+aes,+avx,+avx2,+bmi1,+bmi2,enforce,+f16c,+fma,hv_ipi,hv_relaxed,hv_reset,hv_runtime,hv_spinlocks=0x1fff,hv_stimer,hv_synic,hv_time,hv_vapic,hv_vpindex,+kvm_pv_eoi,+kvm_pv_unhalt,+movbe,+pni,+popcnt,+sse4.1,+sse4.2,+ssse3,+xsave,+svm,hv_emsr_bitmap,hv_syndbg,hv_tlbflush,hv_tlbflush_direct,hv_tlbflush_ext,hv_xmm_input,
kvm=off,vendor=AuthenticAMD,hv-passthrough
Should we add a hint in the UI (if OS type is Windows) that the
'nested-virt' flag may require a base model matching the vendor of the
host CPU?
[0]: https://bugzilla.proxmox.com/show_bug.cgi?id=7021
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-11-14 14:26 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-07 14:43 [pve-devel] " Fiona Ebner
2025-11-07 14:43 ` [pve-devel] [PATCH qemu-server v2 1/8] critic: code style: cpu config: unpack @_ first in resolve_cpu_flags() Fiona Ebner
2025-11-07 14:43 ` [pve-devel] [PATCH qemu-server v2 2/8] api: add endpoint for querying available cpu flags Fiona Ebner
2025-11-07 14:43 ` [pve-devel] [PATCH qemu-server v2 3/8] cpu config: introduce is_abstracted() helper Fiona Ebner
2025-11-07 14:43 ` [pve-devel] [PATCH qemu-server v2 4/8] cpu config: introduce vendor-agnostic 'nested-virt' CPU flag Fiona Ebner
2025-11-14 15:07 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-07 14:43 ` [pve-devel] [PATCH manager v2 5/8] api: capabilities: register module for VM CPU flags Fiona Ebner
2025-11-14 0:14 ` Thomas Lamprecht
2025-11-07 14:43 ` [pve-devel] [PATCH manager v2 6/8] ui: cpu flag selector: code style: use 'let' for declarations Fiona Ebner
2025-11-14 0:14 ` Thomas Lamprecht
2025-11-07 14:43 ` [pve-devel] [PATCH manager v2 7/8] ui: cpu flag selector: use simpler method to get all records of the store Fiona Ebner
2025-11-14 0:14 ` Thomas Lamprecht
2025-11-07 14:43 ` [pve-devel] [PATCH manager v2 8/8] ui: cpu flag selector: query CPU flag list via API Fiona Ebner
2025-11-14 0:14 ` Thomas Lamprecht
2025-11-10 9:47 ` [pve-devel] [PATCH-SERIES qemu-server/manager v2 0/8] VM CPU flags: introduce vendor-agnostic 'nested-virt' CPU flag Daniel Kral
2025-11-13 22:51 ` [pve-devel] partially-applied: " Thomas Lamprecht
2025-11-14 14:27 ` Fiona Ebner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=91e9fb43-5ee3-4de2-a866-312d700e9fbe@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=t.lamprecht@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.