From: Arthur Bied-Charreton <a.bied-charreton@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH qemu-server v5 03/21] cpu flags: move cpu flags-related utilities to their own module
Date: Fri, 15 May 2026 11:28:20 +0200 [thread overview]
Message-ID: <20260515092839.238064-4-a.bied-charreton@proxmox.com> (raw)
In-Reply-To: <20260515092839.238064-1-a.bied-charreton@proxmox.com>
Introduce PVE::QemuServer::CPUFlags module as the new home for cpu
flags-related helpers, and move various utilities from QemuServer
and CPUConfig into it.
`query_supported_cpu_flags` is not yet moved to the new module, as it is
trickier to migrate without creating circular dependencies.
Signed-off-by: Arthur Bied-Charreton <a.bied-charreton@proxmox.com>
---
src/PVE/API2/Qemu/CPUFlags.pm | 4 +-
src/PVE/QemuServer.pm | 24 +-----
src/PVE/QemuServer/CPUConfig.pm | 89 ++-------------------
src/PVE/QemuServer/CPUFlags.pm | 137 ++++++++++++++++++++++++++++++++
src/PVE/QemuServer/Makefile | 1 +
5 files changed, 149 insertions(+), 106 deletions(-)
create mode 100644 src/PVE/QemuServer/CPUFlags.pm
diff --git a/src/PVE/API2/Qemu/CPUFlags.pm b/src/PVE/API2/Qemu/CPUFlags.pm
index 672bd2d2..4b409a40 100644
--- a/src/PVE/API2/Qemu/CPUFlags.pm
+++ b/src/PVE/API2/Qemu/CPUFlags.pm
@@ -6,7 +6,7 @@ use PVE::JSONSchema qw(get_standard_option);
use PVE::RESTHandler;
use PVE::Tools qw(extract_param);
-use PVE::QemuServer::CPUConfig;
+use PVE::QemuServer::CPUFlags;
use base qw(PVE::RESTHandler);
@@ -44,7 +44,7 @@ __PACKAGE__->register_method({
my $arch = extract_param($param, 'arch');
- return PVE::QemuServer::CPUConfig::get_supported_cpu_flags($arch);
+ return PVE::QemuServer::CPUFlags::get_supported_cpu_flags($arch);
},
});
diff --git a/src/PVE/QemuServer.pm b/src/PVE/QemuServer.pm
index a894684a..e58dddec 100644
--- a/src/PVE/QemuServer.pm
+++ b/src/PVE/QemuServer.pm
@@ -2916,9 +2916,10 @@ sub vga_conf_has_spice {
return $1 || 1;
}
-# To use query_supported_cpu_flags and query_understood_cpu_flags to get flags
-# to use in a QEMU command line (-cpu element), first array_intersect the result
-# of query_supported_ with query_understood_. This is necessary because:
+# To use query_supported_cpu_flags and query_understood_cpu_flags (moved to the
+# PVE::QemuServer::CPUFlags module) to get flags to use in a QEMU command line
+# (-cpu element), first array_intersect the result of query_supported_ with
+# query_understood_. This is necessary because:
#
# a) query_understood_ returns flags the host cannot use and
# b) query_supported_ (rather the QMP call) doesn't actually return CPU
@@ -3025,23 +3026,6 @@ sub query_supported_cpu_flags {
return $flags;
}
-# Understood CPU flags are written to a file at 'pve-qemu' compile time
-my $understood_cpu_flag_dir = "/usr/share/kvm";
-
-sub query_understood_cpu_flags {
- my $arch = get_host_arch();
- my $filepath = "$understood_cpu_flag_dir/recognized-CPUID-flags-$arch";
-
- die "Cannot query understood QEMU CPU flags for architecture: $arch (file not found)\n"
- if !-e $filepath;
-
- my $raw = file_get_contents($filepath);
- $raw =~ s/^\s+|\s+$//g;
- my @flags = split(/\s+/, $raw);
-
- return \@flags;
-}
-
# Since commit 277d33454f77ec1d1e0bc04e37621e4dd2424b67 in pve-qemu, smm is not off by default
# anymore. But smm=off seems to be required when using SeaBIOS and serial display.
my sub should_disable_smm {
diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm
index 7adfdf45..0ee9b991 100644
--- a/src/PVE/QemuServer/CPUConfig.pm
+++ b/src/PVE/QemuServer/CPUConfig.pm
@@ -12,6 +12,7 @@ use PVE::RESTEnvironment qw(log_warn);
use PVE::Tools qw(run_command);
use PVE::QemuServer::Helpers qw(min_version get_host_arch);
+use PVE::QemuServer::CPUFlags qw(cpu_flag_supported_re cpu_flag_any_re supported_cpu_flags_names);
use base qw(PVE::SectionConfig Exporter);
@@ -261,89 +262,9 @@ sub get_all_cpu_models {
return $all_cpu_models;
}
-my $supported_cpu_flags_by_arch = {
- x86_64 => [
- {
- name => 'nested-virt',
- description =>
- "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for"
- . " Intel CPUs. Live migration still only works if it's the same flag on both sides."
- . " Use a CPU model similar to the host, with the same vendor, not x86-64-vX!",
- },
- {
- name => 'md-clear',
- description => "Required to let the guest OS know if MDS is mitigated correctly.",
- },
- {
- name => 'pcid',
- description =>
- "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.",
- },
- {
- name => 'spec-ctrl',
- description => "Allows improved Spectre mitigation with Intel CPUs.",
- },
- {
- name => 'ssbd',
- description => "Protection for 'Speculative Store Bypass' for Intel models.",
- },
- {
- name => 'ibpb',
- description => "Allows improved Spectre mitigation with AMD CPUs.",
- },
- {
- name => 'virt-ssbd',
- description => "Basis for 'Speculative Store Bypass' protection for AMD models.",
- },
- {
- name => 'amd-ssbd',
- description =>
- "Improves Spectre mitigation performance with AMD CPUs, best used with"
- . " 'virt-ssbd'.",
- },
- {
- name => 'amd-no-ssb',
- description =>
- "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.",
- },
- {
- name => 'pdpe1gb',
- description => "Allow guest OS to use 1GB size pages, if host HW supports it.",
- },
- {
- name => 'hv-tlbflush',
- description =>
- "Improve performance in overcommitted Windows guests. May lead to guest"
- . " bluescreens on old CPUs.",
- },
- {
- name => 'hv-evmcs',
- description =>
- "Improve performance for nested virtualization. Only supported on Intel" . " CPUs.",
- },
- {
- name => 'aes',
- description => "Activate AES instruction set for HW acceleration.",
- },
- ],
- aarch64 => [],
-};
-
-sub get_supported_cpu_flags {
- my ($arch) = @_;
- $arch = get_host_arch() if !defined($arch);
- return $supported_cpu_flags_by_arch->{$arch};
-}
-
-my $all_supported_cpu_flags = {};
-for my $arch ($supported_cpu_flags_by_arch->%*) {
- for my $flag ($supported_cpu_flags_by_arch->{$arch}->@*) {
- $all_supported_cpu_flags->{ $flag->{name} } = 1;
- }
-}
-my @supported_cpu_flags_names = sort keys $all_supported_cpu_flags->%*;
-my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags_names)]})/;
-my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/;
+my $cpu_flag_supported_re = cpu_flag_supported_re();
+my $cpu_flag_any_re = cpu_flag_any_re();
+my @supported_cpu_flags_names = (supported_cpu_flags_names());
our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-\._=]+,?)+)$/;
@@ -388,7 +309,7 @@ my $cpu_fmt = {
. " controls nested virtualization for the current CPU ('svm' for AMD and 'vmx' for"
. " Intel). Custom CPU models can specify any flag supported by QEMU/KVM, VM-specific"
. " flags must be from the following set for security reasons: "
- . join(', ', @supported_cpu_flags_names),
+ . join(', ', PVE::QemuServer::CPUFlags::supported_cpu_flags_names()),
format_description => '+FLAG[;-FLAG...]',
type => 'string',
pattern => qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/,
diff --git a/src/PVE/QemuServer/CPUFlags.pm b/src/PVE/QemuServer/CPUFlags.pm
new file mode 100644
index 00000000..a681eb75
--- /dev/null
+++ b/src/PVE/QemuServer/CPUFlags.pm
@@ -0,0 +1,137 @@
+package PVE::QemuServer::CPUFlags;
+
+use v5.36;
+
+use Exporter qw(import);
+
+use PVE::Cluster;
+use PVE::File;
+use PVE::QemuServer::Helpers qw(get_host_arch);
+
+our @EXPORT_OK = qw(
+ cpu_flag_supported_re
+ cpu_flag_any_re
+ supported_cpu_flags_names
+ get_supported_cpu_flags
+ query_understood_cpu_flags
+);
+
+my $supported_vm_specific_cpu_flags_by_arch = {
+ x86_64 => [
+ {
+ name => 'nested-virt',
+ description =>
+ "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for"
+ . " Intel CPUs. Live migration still only works if it's the same flag on both sides."
+ . " Use a CPU model similar to the host, with the same vendor, not x86-64-vX!",
+ },
+ {
+ name => 'md-clear',
+ description => "Required to let the guest OS know if MDS is mitigated correctly.",
+ },
+ {
+ name => 'pcid',
+ description =>
+ "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.",
+ },
+ {
+ name => 'spec-ctrl',
+ description => "Allows improved Spectre mitigation with Intel CPUs.",
+ },
+ {
+ name => 'ssbd',
+ description => "Protection for 'Speculative Store Bypass' for Intel models.",
+ },
+ {
+ name => 'ibpb',
+ description => "Allows improved Spectre mitigation with AMD CPUs.",
+ },
+ {
+ name => 'virt-ssbd',
+ description => "Basis for 'Speculative Store Bypass' protection for AMD models.",
+ },
+ {
+ name => 'amd-ssbd',
+ description =>
+ "Improves Spectre mitigation performance with AMD CPUs, best used with"
+ . " 'virt-ssbd'.",
+ },
+ {
+ name => 'amd-no-ssb',
+ description =>
+ "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.",
+ },
+ {
+ name => 'pdpe1gb',
+ description => "Allow guest OS to use 1GB size pages, if host HW supports it.",
+ },
+ {
+ name => 'hv-tlbflush',
+ description =>
+ "Improve performance in overcommitted Windows guests. May lead to guest"
+ . " bluescreens on old CPUs.",
+ },
+ {
+ name => 'hv-evmcs',
+ description =>
+ "Improve performance for nested virtualization. Only supported on Intel" . " CPUs.",
+ },
+ {
+ name => 'aes',
+ description => "Activate AES instruction set for HW acceleration.",
+ },
+ ],
+ aarch64 => [],
+};
+
+my $all_supported_vm_specific_cpu_flags = {};
+for my $arch ($supported_vm_specific_cpu_flags_by_arch->%*) {
+ for my $flag ($supported_vm_specific_cpu_flags_by_arch->{$arch}->@*) {
+ $all_supported_vm_specific_cpu_flags->{ $flag->{name} } = 1;
+ }
+}
+
+my @supported_cpu_flags_name_sorted = sort keys $all_supported_vm_specific_cpu_flags->%*;
+
+# Understood CPU flags are written to a file at 'pve-qemu' compile time and
+# shipped below this directory by the pve-qemu-kvm package.
+my $understood_cpu_flag_dir = "/usr/share/kvm";
+
+sub supported_cpu_flags_names() {
+ return @supported_cpu_flags_name_sorted;
+}
+
+sub cpu_flag_supported_re() {
+ return qr/([+-])(@{[join('|', supported_cpu_flags_names())]})/;
+}
+
+sub cpu_flag_any_re() {
+ return qr/([+-])([a-zA-Z0-9\-_\.]+)/;
+}
+
+=head3 get_supported_cpu_flags($arch)
+
+Return supported VM-specific CPU flags for $arch. $arch defaults to the host architecture
+if C<undef>.
+
+=cut
+
+sub get_supported_cpu_flags($arch) {
+ $arch = get_host_arch() if !defined($arch);
+ return $supported_vm_specific_cpu_flags_by_arch->{$arch};
+}
+
+sub query_understood_cpu_flags($arch) {
+ my $filepath = "$understood_cpu_flag_dir/recognized-CPUID-flags-$arch";
+
+ die "Cannot query understood QEMU CPU flags for architecture: $arch (file not found)\n"
+ if !-e $filepath;
+
+ my $raw = PVE::File::file_get_contents($filepath);
+ $raw =~ s/^\s+|\s+$//g;
+ my @flags = split(/\s+/, $raw);
+
+ return \@flags;
+}
+
+1;
diff --git a/src/PVE/QemuServer/Makefile b/src/PVE/QemuServer/Makefile
index 821556ef..060fac23 100644
--- a/src/PVE/QemuServer/Makefile
+++ b/src/PVE/QemuServer/Makefile
@@ -9,6 +9,7 @@ SOURCES=Agent.pm \
CGroup.pm \
Cloudinit.pm \
CPUConfig.pm \
+ CPUFlags.pm \
DBusVMState.pm \
Drive.pm \
DriveDevice.pm \
--
2.47.3
next prev parent reply other threads:[~2026-05-15 9:30 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-15 9:28 [PATCH docs/manager/qemu-server v5 00/21] Add API and UI for custom CPU models Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-docs v5 01/21] qm: add anchor to "CPU Type" section Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 02/21] cpu config: rename CPU models config path variable Arthur Bied-Charreton
2026-05-15 9:28 ` Arthur Bied-Charreton [this message]
2026-05-15 9:28 ` [PATCH qemu-server v5 04/21] cpu flags: compare against JSON::true when querying supported flags Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 05/21] cpu flags: normalize CPU flags to QEMU's format Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 06/21] cpu flags: add helper querying CPU flags with nodes supporting them Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 07/21] cpu config: rename custom CPU model config loader Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 08/21] cpu config: add helpers to lock and write config Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 09/21] cpu: register standard option for CPU format Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 10/21] api: cpu flags: improve flags list returned by endpoint Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH qemu-server v5 11/21] custom cpu models: avoid redundant config load Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 12/21] cluster: reorder imports Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 13/21] cluster: makefile: reorder perl sources and align backslashes Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 14/21] api: add endpoint querying available CPU flags cluster-wide Arthur Bied-Charreton
2026-05-15 9:45 ` Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 15/21] api: add CRUD handlers for custom CPU models Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 16/21] ui: cpu model selector: allow filtering out custom models Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 17/21] ui: add basic custom CPU model editor Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 18/21] ui: cpu flags selector: add CPU flag editor for custom models Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 19/21] ui: cpu flags selector: allow filtering out flags supported on 0 nodes Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 20/21] ui: cpu flags selector: add search bar for large lists of flags Arthur Bied-Charreton
2026-05-15 9:28 ` [PATCH pve-manager v5 21/21] ui: group custom CPU with resource mappings Arthur Bied-Charreton
2026-05-15 17:05 ` [PATCH docs/manager/qemu-server v5 00/21] Add API and UI for custom CPU models Max R. Carrara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260515092839.238064-4-a.bied-charreton@proxmox.com \
--to=a.bied-charreton@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox