From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id B31581FF13F for ; Thu, 29 Jan 2026 14:10:58 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1F31B3552; Thu, 29 Jan 2026 14:11:01 +0100 (CET) From: Fiona Ebner To: pve-devel@lists.proxmox.com Subject: [PATCH qemu-server v2 7/8] cpu config: support aarch64 CPU flags Date: Thu, 29 Jan 2026 14:10:04 +0100 Message-ID: <20260129131021.118199-8-f.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260129131021.118199-1-f.ebner@proxmox.com> References: <20260129131021.118199-1-f.ebner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1769692157409 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.015 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: EW6BEH42QKMSGK3DNNFKO4JPVPDBPMQS X-Message-ID-Hash: EW6BEH42QKMSGK3DNNFKO4JPVPDBPMQS X-MailFrom: f.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Do not add any flags for now and wait until requested. Available would be (for kvm and tcg): "aarch64" "kvm-no-adjvtime" (kvm only) "kvm-steal-time" (kvm only) "pauth" "pmu" "sve" "sve1024" "sve1152" "sve128" "sve1280" "sve1408" "sve1536" "sve1664" "sve1792" "sve1920" "sve2048" "sve256" "sve384" "sve512" "sve640" "sve768" "sve896" Signed-off-by: Fiona Ebner --- New in v2. src/PVE/QemuServer/CPUConfig.pm | 139 ++++++++++++++++++-------------- 1 file changed, 77 insertions(+), 62 deletions(-) diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm index 00d56b22..32ec4954 100644 --- a/src/PVE/QemuServer/CPUConfig.pm +++ b/src/PVE/QemuServer/CPUConfig.pm @@ -224,72 +224,87 @@ for my $arch (keys $cpu_models_by_arch->%*) { } } -my $supported_cpu_flags = [ - { - name => 'nested-virt', - description => "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for" - . " Intel CPUs. Live migration still only works if it's the same flag on both sides." - . " Use a CPU model similar to the host, with the same vendor, not x86-64-vX!", - }, - { - name => 'md-clear', - description => "Required to let the guest OS know if MDS is mitigated correctly.", - }, - { - name => 'pcid', - description => - "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.", - }, - { - name => 'spec-ctrl', - description => "Allows improved Spectre mitigation with Intel CPUs.", - }, - { - name => 'ssbd', - description => "Protection for 'Speculative Store Bypass' for Intel models.", - }, - { - name => 'ibpb', - description => "Allows improved Spectre mitigation with AMD CPUs.", - }, - { - name => 'virt-ssbd', - description => "Basis for 'Speculative Store Bypass' protection for AMD models.", - }, - { - name => 'amd-ssbd', - description => "Improves Spectre mitigation performance with AMD CPUs, best used with" - . " 'virt-ssbd'.", - }, - { - name => 'amd-no-ssb', - description => "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.", - }, - { - name => 'pdpe1gb', - description => "Allow guest OS to use 1GB size pages, if host HW supports it.", - }, - { - name => 'hv-tlbflush', - description => "Improve performance in overcommitted Windows guests. May lead to guest" - . " bluescreens on old CPUs.", - }, - { - name => 'hv-evmcs', - description => "Improve performance for nested virtualization. Only supported on Intel" - . " CPUs.", - }, - { - name => 'aes', - description => "Activate AES instruction set for HW acceleration.", - }, -]; +my $supported_cpu_flags_by_arch = { + x86_64 => [ + { + name => 'nested-virt', + description => + "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for" + . " Intel CPUs. Live migration still only works if it's the same flag on both sides." + . " Use a CPU model similar to the host, with the same vendor, not x86-64-vX!", + }, + { + name => 'md-clear', + description => "Required to let the guest OS know if MDS is mitigated correctly.", + }, + { + name => 'pcid', + description => + "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.", + }, + { + name => 'spec-ctrl', + description => "Allows improved Spectre mitigation with Intel CPUs.", + }, + { + name => 'ssbd', + description => "Protection for 'Speculative Store Bypass' for Intel models.", + }, + { + name => 'ibpb', + description => "Allows improved Spectre mitigation with AMD CPUs.", + }, + { + name => 'virt-ssbd', + description => "Basis for 'Speculative Store Bypass' protection for AMD models.", + }, + { + name => 'amd-ssbd', + description => + "Improves Spectre mitigation performance with AMD CPUs, best used with" + . " 'virt-ssbd'.", + }, + { + name => 'amd-no-ssb', + description => + "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.", + }, + { + name => 'pdpe1gb', + description => "Allow guest OS to use 1GB size pages, if host HW supports it.", + }, + { + name => 'hv-tlbflush', + description => + "Improve performance in overcommitted Windows guests. May lead to guest" + . " bluescreens on old CPUs.", + }, + { + name => 'hv-evmcs', + description => + "Improve performance for nested virtualization. Only supported on Intel" . " CPUs.", + }, + { + name => 'aes', + description => "Activate AES instruction set for HW acceleration.", + }, + ], + aarch64 => [], +}; sub get_supported_cpu_flags { - return $supported_cpu_flags; + my ($arch) = @_; + $arch = $host_arch if !defined($arch); + return $supported_cpu_flags_by_arch->{$arch}; } -my @supported_cpu_flags_names = map { $_->{name} } $supported_cpu_flags->@*; +my $all_supported_cpu_flags = {}; +for my $arch ($supported_cpu_flags_by_arch->%*) { + for my $flag ($supported_cpu_flags_by_arch->{$arch}->@*) { + $all_supported_cpu_flags->{ $flag->{name} } = 1; + } +} +my @supported_cpu_flags_names = sort keys $all_supported_cpu_flags->%*; my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags_names)]})/; my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/; -- 2.47.3