Descriptions and ordering are taken from pve-manager's VMCPUFlagSelector.js. The double quotes in the descriptions were replaced with single quotes to have nicer JSON output.
Signed-off-by: Fiona Ebner <[email protected]> --- src/PVE/API2/Qemu/CPUFlags.pm | 45 +++++++++++++++++++ src/PVE/API2/Qemu/Makefile | 2 +- src/PVE/QemuServer/CPUConfig.pm | 76 +++++++++++++++++++++++++-------- 3 files changed, 105 insertions(+), 18 deletions(-) create mode 100644 src/PVE/API2/Qemu/CPUFlags.pm diff --git a/src/PVE/API2/Qemu/CPUFlags.pm b/src/PVE/API2/Qemu/CPUFlags.pm new file mode 100644 index 00000000..cc06a1d6 --- /dev/null +++ b/src/PVE/API2/Qemu/CPUFlags.pm @@ -0,0 +1,45 @@ +package PVE::API2::Qemu::CPUFlags; + +use v5.36; + +use PVE::RESTHandler; +use PVE::JSONSchema qw(get_standard_option); +use PVE::QemuServer::CPUConfig; + +use base qw(PVE::RESTHandler); + +__PACKAGE__->register_method({ + name => 'index', + path => '', + method => 'GET', + description => 'List of available VM-specific CPU flags.', + permissions => { user => 'all' }, + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + }, + }, + returns => { + type => 'array', + items => { + type => 'object', + properties => { + name => { + type => 'string', + description => "Name of the CPU flag.", + }, + description => { + type => 'string', + description => "Description of the CPU flag.", + }, + }, + }, + links => [{ rel => 'child', href => '{flag}' }], + }, + code => sub { + return $PVE::QemuServer::CPUConfig::supported_cpu_flags; + }, +}); + +1; diff --git a/src/PVE/API2/Qemu/Makefile b/src/PVE/API2/Qemu/Makefile index 7c539702..c348af75 100644 --- a/src/PVE/API2/Qemu/Makefile +++ b/src/PVE/API2/Qemu/Makefile @@ -2,7 +2,7 @@ DESTDIR= PREFIX=/usr PERLDIR=$(PREFIX)/share/perl5 -SOURCES=Agent.pm CPU.pm HMPPerms.pm Machine.pm +SOURCES=Agent.pm CPU.pm CPUFlags.pm HMPPerms.pm Machine.pm .PHONY: install install: diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm index e72bdf2f..20e26ee2 100644 --- a/src/PVE/QemuServer/CPUConfig.pm +++ b/src/PVE/QemuServer/CPUConfig.pm @@ -161,21 +161,62 @@ my $cpu_vendor_list = { max => 'default', }; -my @supported_cpu_flags = ( - 'pcid', - 'spec-ctrl', - 'ibpb', - 'ssbd', - 'virt-ssbd', - 'amd-ssbd', - 'amd-no-ssb', - 'pdpe1gb', - 'md-clear', - 'hv-tlbflush', - 'hv-evmcs', - 'aes', -); -my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags)]})/; +our $supported_cpu_flags = [ + { + name => 'md-clear', + description => "Required to let the guest OS know if MDS is mitigated correctly.", + }, + { + name => 'pcid', + description => + "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.", + }, + { + name => 'spec-ctrl', + description => "Allows improved Spectre mitigation with Intel CPUs.", + }, + { + name => 'ssbd', + description => "Protection for 'Speculative Store Bypass' for Intel models.", + }, + { + name => 'ibpb', + description => "Allows improved Spectre mitigation with AMD CPUs.", + }, + { + name => 'virt-ssbd', + description => "Basis for 'Speculative Store Bypass' protection for AMD models.", + }, + { + name => 'amd-ssbd', + description => "Improves Spectre mitigation performance with AMD CPUs, best used with" + . " 'virt-ssbd'.", + }, + { + name => 'amd-no-ssb', + description => "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.", + }, + { + name => 'pdpe1gb', + description => "Allow guest OS to use 1GB size pages, if host HW supports it.", + }, + { + name => 'hv-tlbflush', + description => "Improve performance in overcommitted Windows guests. May lead to guest" + . " bluescreens on old CPUs.", + }, + { + name => 'hv-evmcs', + description => "Improve performance for nested virtualization. Only supported on Intel" + . " CPUs.", + }, + { + name => 'aes', + description => "Activate AES instruction set for HW acceleration.", + }, +]; +my @supported_cpu_flags_names = map { $_->{name} } $supported_cpu_flags->@*; +my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags_names)]})/; my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/; our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-\._=]+,?)+)$/; @@ -217,7 +258,7 @@ my $cpu_fmt = { description => "List of additional CPU flags separated by ';'. Use '+FLAG' to enable," . " '-FLAG' to disable a flag. Custom CPU models can specify any flag supported by" . " QEMU/KVM, VM-specific flags must be from the following set for security reasons: " - . join(', ', @supported_cpu_flags), + . join(', ', @supported_cpu_flags_names), format_description => '+FLAG[;-FLAG...]', type => 'string', pattern => qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/, @@ -333,7 +374,8 @@ sub validate_vm_cpu_conf { # in a VM-specific config, certain properties are limited/forbidden if ($cpu->{flags} && $cpu->{flags} !~ m/^$cpu_flag_supported_re(;$cpu_flag_supported_re)*$/) { - die "VM-specific CPU flags must be a subset of: @{[join(', ', @supported_cpu_flags)]}\n"; + die "VM-specific CPU flags must be a subset of: " + . join(', ', @supported_cpu_flags_names) . "\n"; } if (defined($cpu->{'reported-model'})) { -- 2.47.3 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
