From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH qemu-server 3/7] api: add endpoint for querying available cpu flags
Date: Fri, 31 Oct 2025 13:27:39 +0100 [thread overview]
Message-ID: <20251031122834.62482-4-f.ebner@proxmox.com> (raw)
In-Reply-To: <20251031122834.62482-1-f.ebner@proxmox.com>
Descriptions and ordering are taken from pve-manager's
VMCPUFlagSelector.js. The double quotes in the descriptions were
replaced with single quotes to have nicer JSON output.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
src/PVE/API2/Qemu/CPUFlags.pm | 45 +++++++++++++++++++
src/PVE/API2/Qemu/Makefile | 2 +-
src/PVE/QemuServer/CPUConfig.pm | 76 +++++++++++++++++++++++++--------
3 files changed, 105 insertions(+), 18 deletions(-)
create mode 100644 src/PVE/API2/Qemu/CPUFlags.pm
diff --git a/src/PVE/API2/Qemu/CPUFlags.pm b/src/PVE/API2/Qemu/CPUFlags.pm
new file mode 100644
index 00000000..cc06a1d6
--- /dev/null
+++ b/src/PVE/API2/Qemu/CPUFlags.pm
@@ -0,0 +1,45 @@
+package PVE::API2::Qemu::CPUFlags;
+
+use v5.36;
+
+use PVE::RESTHandler;
+use PVE::JSONSchema qw(get_standard_option);
+use PVE::QemuServer::CPUConfig;
+
+use base qw(PVE::RESTHandler);
+
+__PACKAGE__->register_method({
+ name => 'index',
+ path => '',
+ method => 'GET',
+ description => 'List of available VM-specific CPU flags.',
+ permissions => { user => 'all' },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ node => get_standard_option('pve-node'),
+ },
+ },
+ returns => {
+ type => 'array',
+ items => {
+ type => 'object',
+ properties => {
+ name => {
+ type => 'string',
+ description => "Name of the CPU flag.",
+ },
+ description => {
+ type => 'string',
+ description => "Description of the CPU flag.",
+ },
+ },
+ },
+ links => [{ rel => 'child', href => '{flag}' }],
+ },
+ code => sub {
+ return $PVE::QemuServer::CPUConfig::supported_cpu_flags;
+ },
+});
+
+1;
diff --git a/src/PVE/API2/Qemu/Makefile b/src/PVE/API2/Qemu/Makefile
index 7c539702..c348af75 100644
--- a/src/PVE/API2/Qemu/Makefile
+++ b/src/PVE/API2/Qemu/Makefile
@@ -2,7 +2,7 @@ DESTDIR=
PREFIX=/usr
PERLDIR=$(PREFIX)/share/perl5
-SOURCES=Agent.pm CPU.pm HMPPerms.pm Machine.pm
+SOURCES=Agent.pm CPU.pm CPUFlags.pm HMPPerms.pm Machine.pm
.PHONY: install
install:
diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm
index e72bdf2f..20e26ee2 100644
--- a/src/PVE/QemuServer/CPUConfig.pm
+++ b/src/PVE/QemuServer/CPUConfig.pm
@@ -161,21 +161,62 @@ my $cpu_vendor_list = {
max => 'default',
};
-my @supported_cpu_flags = (
- 'pcid',
- 'spec-ctrl',
- 'ibpb',
- 'ssbd',
- 'virt-ssbd',
- 'amd-ssbd',
- 'amd-no-ssb',
- 'pdpe1gb',
- 'md-clear',
- 'hv-tlbflush',
- 'hv-evmcs',
- 'aes',
-);
-my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags)]})/;
+our $supported_cpu_flags = [
+ {
+ name => 'md-clear',
+ description => "Required to let the guest OS know if MDS is mitigated correctly.",
+ },
+ {
+ name => 'pcid',
+ description =>
+ "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.",
+ },
+ {
+ name => 'spec-ctrl',
+ description => "Allows improved Spectre mitigation with Intel CPUs.",
+ },
+ {
+ name => 'ssbd',
+ description => "Protection for 'Speculative Store Bypass' for Intel models.",
+ },
+ {
+ name => 'ibpb',
+ description => "Allows improved Spectre mitigation with AMD CPUs.",
+ },
+ {
+ name => 'virt-ssbd',
+ description => "Basis for 'Speculative Store Bypass' protection for AMD models.",
+ },
+ {
+ name => 'amd-ssbd',
+ description => "Improves Spectre mitigation performance with AMD CPUs, best used with"
+ . " 'virt-ssbd'.",
+ },
+ {
+ name => 'amd-no-ssb',
+ description => "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.",
+ },
+ {
+ name => 'pdpe1gb',
+ description => "Allow guest OS to use 1GB size pages, if host HW supports it.",
+ },
+ {
+ name => 'hv-tlbflush',
+ description => "Improve performance in overcommitted Windows guests. May lead to guest"
+ . " bluescreens on old CPUs.",
+ },
+ {
+ name => 'hv-evmcs',
+ description => "Improve performance for nested virtualization. Only supported on Intel"
+ . " CPUs.",
+ },
+ {
+ name => 'aes',
+ description => "Activate AES instruction set for HW acceleration.",
+ },
+];
+my @supported_cpu_flags_names = map { $_->{name} } $supported_cpu_flags->@*;
+my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags_names)]})/;
my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/;
our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-\._=]+,?)+)$/;
@@ -217,7 +258,7 @@ my $cpu_fmt = {
description => "List of additional CPU flags separated by ';'. Use '+FLAG' to enable,"
. " '-FLAG' to disable a flag. Custom CPU models can specify any flag supported by"
. " QEMU/KVM, VM-specific flags must be from the following set for security reasons: "
- . join(', ', @supported_cpu_flags),
+ . join(', ', @supported_cpu_flags_names),
format_description => '+FLAG[;-FLAG...]',
type => 'string',
pattern => qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/,
@@ -333,7 +374,8 @@ sub validate_vm_cpu_conf {
# in a VM-specific config, certain properties are limited/forbidden
if ($cpu->{flags} && $cpu->{flags} !~ m/^$cpu_flag_supported_re(;$cpu_flag_supported_re)*$/) {
- die "VM-specific CPU flags must be a subset of: @{[join(', ', @supported_cpu_flags)]}\n";
+ die "VM-specific CPU flags must be a subset of: "
+ . join(', ', @supported_cpu_flags_names) . "\n";
}
if (defined($cpu->{'reported-model'})) {
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-10-31 12:28 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-31 12:27 [pve-devel] [PATCH-SERIES qemu-server/manager 0/7] VM CPU flags: introduce vendor-agnostic 'nested-virt' CPU flag Fiona Ebner
2025-10-31 12:27 ` [pve-devel] [PATCH qemu-server 1/7] cpu config: style fix: avoid multiline post-if expressions Fiona Ebner
2025-10-31 12:27 ` [pve-devel] [PATCH qemu-server 2/7] cpu config: style fix: avoid overly long ternary conditional expression Fiona Ebner
2025-10-31 12:27 ` Fiona Ebner [this message]
2025-10-31 12:27 ` [pve-devel] [PATCH qemu-server 4/7] cpu config: introduce vendor-agnostic 'nested-virt' CPU flag Fiona Ebner
2025-10-31 12:27 ` [pve-devel] [PATCH manager 5/7] api: capabilities: register module for VM CPU flags Fiona Ebner
2025-10-31 12:27 ` [pve-devel] [PATCH manager 6/7] ui: cpu flag selector: code style: use 'let' for declarations Fiona Ebner
2025-10-31 12:27 ` [pve-devel] [PATCH manager 7/7] ui: cpu flag selector: query CPU flag list via API Fiona Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251031122834.62482-4-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox