From: Arthur Bied-Charreton <a.bied-charreton@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH qemu-server v2 03/17] cpu flags: Create CPUFlags module
Date: Wed, 1 Apr 2026 10:00:14 +0200 [thread overview]
Message-ID: <20260401080028.62513-4-a.bied-charreton@proxmox.com> (raw)
In-Reply-To: <20260401080028.62513-1-a.bied-charreton@proxmox.com>
Introduce PVE::QemuServer::CPUFlags module as the new home for cpu
flags-related helpers, and move various utilities from QemuServer
and CPUConfig into it.
`query_supported_cpu_flags` is not yet moved to the new module, as it is
trickier to migrate without creating circular dependencies.
Signed-off-by: Arthur Bied-Charreton <a.bied-charreton@proxmox.com>
---
src/PVE/QemuServer.pm | 24 +-----
src/PVE/QemuServer/CPUConfig.pm | 89 ++--------------------
src/PVE/QemuServer/CPUFlags.pm | 126 ++++++++++++++++++++++++++++++++
src/PVE/QemuServer/Makefile | 1 +
4 files changed, 136 insertions(+), 104 deletions(-)
create mode 100644 src/PVE/QemuServer/CPUFlags.pm
diff --git a/src/PVE/QemuServer.pm b/src/PVE/QemuServer.pm
index 856dc737..9cea859f 100644
--- a/src/PVE/QemuServer.pm
+++ b/src/PVE/QemuServer.pm
@@ -2917,9 +2917,10 @@ sub vga_conf_has_spice {
return $1 || 1;
}
-# To use query_supported_cpu_flags and query_understood_cpu_flags to get flags
-# to use in a QEMU command line (-cpu element), first array_intersect the result
-# of query_supported_ with query_understood_. This is necessary because:
+# To use query_supported_cpu_flags and query_understood_cpu_flags (moved to the
+# PVE::QemuServer::CPUFlags module) to get flags to use in a QEMU command line
+# (-cpu element), first array_intersect the result of query_supported_ with
+# query_understood_. This is necessary because:
#
# a) query_understood_ returns flags the host cannot use and
# b) query_supported_ (rather the QMP call) doesn't actually return CPU
@@ -3026,23 +3027,6 @@ sub query_supported_cpu_flags {
return $flags;
}
-# Understood CPU flags are written to a file at 'pve-qemu' compile time
-my $understood_cpu_flag_dir = "/usr/share/kvm";
-
-sub query_understood_cpu_flags {
- my $arch = get_host_arch();
- my $filepath = "$understood_cpu_flag_dir/recognized-CPUID-flags-$arch";
-
- die "Cannot query understood QEMU CPU flags for architecture: $arch (file not found)\n"
- if !-e $filepath;
-
- my $raw = file_get_contents($filepath);
- $raw =~ s/^\s+|\s+$//g;
- my @flags = split(/\s+/, $raw);
-
- return \@flags;
-}
-
# Since commit 277d33454f77ec1d1e0bc04e37621e4dd2424b67 in pve-qemu, smm is not off by default
# anymore. But smm=off seems to be required when using SeaBIOS and serial display.
my sub should_disable_smm {
diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm
index 7adfdf45..0ee9b991 100644
--- a/src/PVE/QemuServer/CPUConfig.pm
+++ b/src/PVE/QemuServer/CPUConfig.pm
@@ -12,6 +12,7 @@ use PVE::RESTEnvironment qw(log_warn);
use PVE::Tools qw(run_command);
use PVE::QemuServer::Helpers qw(min_version get_host_arch);
+use PVE::QemuServer::CPUFlags qw(cpu_flag_supported_re cpu_flag_any_re supported_cpu_flags_names);
use base qw(PVE::SectionConfig Exporter);
@@ -261,89 +262,9 @@ sub get_all_cpu_models {
return $all_cpu_models;
}
-my $supported_cpu_flags_by_arch = {
- x86_64 => [
- {
- name => 'nested-virt',
- description =>
- "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for"
- . " Intel CPUs. Live migration still only works if it's the same flag on both sides."
- . " Use a CPU model similar to the host, with the same vendor, not x86-64-vX!",
- },
- {
- name => 'md-clear',
- description => "Required to let the guest OS know if MDS is mitigated correctly.",
- },
- {
- name => 'pcid',
- description =>
- "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.",
- },
- {
- name => 'spec-ctrl',
- description => "Allows improved Spectre mitigation with Intel CPUs.",
- },
- {
- name => 'ssbd',
- description => "Protection for 'Speculative Store Bypass' for Intel models.",
- },
- {
- name => 'ibpb',
- description => "Allows improved Spectre mitigation with AMD CPUs.",
- },
- {
- name => 'virt-ssbd',
- description => "Basis for 'Speculative Store Bypass' protection for AMD models.",
- },
- {
- name => 'amd-ssbd',
- description =>
- "Improves Spectre mitigation performance with AMD CPUs, best used with"
- . " 'virt-ssbd'.",
- },
- {
- name => 'amd-no-ssb',
- description =>
- "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.",
- },
- {
- name => 'pdpe1gb',
- description => "Allow guest OS to use 1GB size pages, if host HW supports it.",
- },
- {
- name => 'hv-tlbflush',
- description =>
- "Improve performance in overcommitted Windows guests. May lead to guest"
- . " bluescreens on old CPUs.",
- },
- {
- name => 'hv-evmcs',
- description =>
- "Improve performance for nested virtualization. Only supported on Intel" . " CPUs.",
- },
- {
- name => 'aes',
- description => "Activate AES instruction set for HW acceleration.",
- },
- ],
- aarch64 => [],
-};
-
-sub get_supported_cpu_flags {
- my ($arch) = @_;
- $arch = get_host_arch() if !defined($arch);
- return $supported_cpu_flags_by_arch->{$arch};
-}
-
-my $all_supported_cpu_flags = {};
-for my $arch ($supported_cpu_flags_by_arch->%*) {
- for my $flag ($supported_cpu_flags_by_arch->{$arch}->@*) {
- $all_supported_cpu_flags->{ $flag->{name} } = 1;
- }
-}
-my @supported_cpu_flags_names = sort keys $all_supported_cpu_flags->%*;
-my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags_names)]})/;
-my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/;
+my $cpu_flag_supported_re = cpu_flag_supported_re();
+my $cpu_flag_any_re = cpu_flag_any_re();
+my @supported_cpu_flags_names = (supported_cpu_flags_names());
our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-\._=]+,?)+)$/;
@@ -388,7 +309,7 @@ my $cpu_fmt = {
. " controls nested virtualization for the current CPU ('svm' for AMD and 'vmx' for"
. " Intel). Custom CPU models can specify any flag supported by QEMU/KVM, VM-specific"
. " flags must be from the following set for security reasons: "
- . join(', ', @supported_cpu_flags_names),
+ . join(', ', PVE::QemuServer::CPUFlags::supported_cpu_flags_names()),
format_description => '+FLAG[;-FLAG...]',
type => 'string',
pattern => qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/,
diff --git a/src/PVE/QemuServer/CPUFlags.pm b/src/PVE/QemuServer/CPUFlags.pm
new file mode 100644
index 00000000..51d7753e
--- /dev/null
+++ b/src/PVE/QemuServer/CPUFlags.pm
@@ -0,0 +1,126 @@
+package PVE::QemuServer::CPUFlags;
+
+use v5.36;
+
+use Exporter qw(import);
+
+use PVE::Cluster;
+use PVE::Tools;
+use PVE::QemuServer::Helpers qw(get_host_arch);
+
+our @EXPORT_OK = qw(
+ cpu_flag_supported_re
+ cpu_flag_any_re
+ supported_cpu_flags_names
+ get_supported_cpu_flags
+ query_understood_cpu_flags
+);
+
+my $supported_vm_specific_cpu_flags_by_arch = {
+ x86_64 => [
+ {
+ name => 'nested-virt',
+ description =>
+ "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for"
+ . " Intel CPUs. Live migration still only works if it's the same flag on both sides."
+ . " Use a CPU model similar to the host, with the same vendor, not x86-64-vX!",
+ },
+ {
+ name => 'md-clear',
+ description => "Required to let the guest OS know if MDS is mitigated correctly.",
+ },
+ {
+ name => 'pcid',
+ description =>
+ "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.",
+ },
+ {
+ name => 'spec-ctrl',
+ description => "Allows improved Spectre mitigation with Intel CPUs.",
+ },
+ {
+ name => 'ssbd',
+ description => "Protection for 'Speculative Store Bypass' for Intel models.",
+ },
+ {
+ name => 'ibpb',
+ description => "Allows improved Spectre mitigation with AMD CPUs.",
+ },
+ {
+ name => 'virt-ssbd',
+ description => "Basis for 'Speculative Store Bypass' protection for AMD models.",
+ },
+ {
+ name => 'amd-ssbd',
+ description =>
+ "Improves Spectre mitigation performance with AMD CPUs, best used with"
+ . " 'virt-ssbd'.",
+ },
+ {
+ name => 'amd-no-ssb',
+ description =>
+ "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.",
+ },
+ {
+ name => 'pdpe1gb',
+ description => "Allow guest OS to use 1GB size pages, if host HW supports it.",
+ },
+ {
+ name => 'hv-tlbflush',
+ description =>
+ "Improve performance in overcommitted Windows guests. May lead to guest"
+ . " bluescreens on old CPUs.",
+ },
+ {
+ name => 'hv-evmcs',
+ description =>
+ "Improve performance for nested virtualization. Only supported on Intel" . " CPUs.",
+ },
+ {
+ name => 'aes',
+ description => "Activate AES instruction set for HW acceleration.",
+ },
+ ],
+ aarch64 => [],
+};
+
+my $all_supported_vm_specific_cpu_flags = {};
+for my $arch ($supported_vm_specific_cpu_flags_by_arch->%*) {
+ for my $flag ($supported_vm_specific_cpu_flags_by_arch->{$arch}->@*) {
+ $all_supported_vm_specific_cpu_flags->{ $flag->{name} } = 1;
+ }
+}
+
+# Understood CPU flags are written to a file at 'pve-qemu' compile time
+my $understood_cpu_flag_dir = "/usr/share/kvm";
+
+sub supported_cpu_flags_names() {
+ return sort keys $all_supported_vm_specific_cpu_flags->%*;
+}
+
+sub cpu_flag_supported_re() {
+ return qr/([+-])(@{[join('|', supported_cpu_flags_names())]})/;
+}
+
+sub cpu_flag_any_re() {
+ return qr/([+-])([a-zA-Z0-9\-_\.]+)/;
+}
+
+# Return supported VM-specific CPU flags.
+sub get_supported_cpu_flags($arch) {
+ return $supported_vm_specific_cpu_flags_by_arch->{$arch};
+}
+
+sub query_understood_cpu_flags($arch) {
+ my $filepath = "$understood_cpu_flag_dir/recognized-CPUID-flags-$arch";
+
+ die "Cannot query understood QEMU CPU flags for architecture: $arch (file not found)\n"
+ if !-e $filepath;
+
+ my $raw = PVE::Tools::file_get_contents($filepath);
+ $raw =~ s/^\s+|\s+$//g;
+ my @flags = split(/\s+/, $raw);
+
+ return \@flags;
+}
+1;
diff --git a/src/PVE/QemuServer/Makefile b/src/PVE/QemuServer/Makefile
index 7e48c388..c26bdec4 100644
--- a/src/PVE/QemuServer/Makefile
+++ b/src/PVE/QemuServer/Makefile
@@ -9,6 +9,7 @@ SOURCES=Agent.pm \
CGroup.pm \
Cloudinit.pm \
CPUConfig.pm \
+ CPUFlags.pm \
DBusVMState.pm \
Drive.pm \
DriveDevice.pm \
--
2.47.3
next prev parent reply other threads:[~2026-04-01 8:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-01 8:00 [PATCH docs/manager/qemu-server v2 00/17] Add API and UI for custom CPU models Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH pve-docs v2 01/17] qm: Add anchor to "CPU Type" section Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH qemu-server v2 02/17] cpu config: Rename CPU models config path variable Arthur Bied-Charreton
2026-04-01 8:00 ` Arthur Bied-Charreton [this message]
2026-04-01 8:00 ` [PATCH qemu-server v2 04/17] cpu flags: Add query_available_cpu_flags helper Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH qemu-server v2 05/17] cpu config: Add helpers to lock and write config Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH qemu-server v2 06/17] cpu: Register standard option for CPU format Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH qemu-server v2 07/17] cpu config: Set 'type' field before writing Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH qemu-server v2 08/17] cpu flags: Improve flags list returned by endpoint Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH pve-manager v2 09/17] api: Add endpoint querying available CPU flags cluster-wide Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH pve-manager v2 10/17] api: Add CRUD handlers for custom CPU models Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH pve-manager v2 11/17] ui: CPUModelSelector: Allow filtering out custom models Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH pve-manager v2 12/17] ui: Add basic custom CPU model editor Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH pve-manager v2 13/17] ui: VMCPUFlagSelector: Add CPU flag editor for custom models Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH pve-manager v2 14/17] ui: VMCPUFlagSelector: Fix buffered rendering error Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH pve-manager v2 15/17] ui: VMCPUFlagSelector: Allow filtering out flags supported on 0 nodes Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH pve-manager v2 16/17] ui: VMCPUFlagSelector: Add search bar for large lists of flags Arthur Bied-Charreton
2026-04-01 8:00 ` [PATCH pve-manager v2 17/17] RFC: ui: Group custom CPU with resource mappings Arthur Bied-Charreton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260401080028.62513-4-a.bied-charreton@proxmox.com \
--to=a.bied-charreton@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox