Do not add any flags for now and wait until requested. Available would be (for kvm and tcg):
"aarch64" "kvm-no-adjvtime" (kvm only) "kvm-steal-time" (kvm only) "pauth" "pmu" "sve" "sve1024" "sve1152" "sve128" "sve1280" "sve1408" "sve1536" "sve1664" "sve1792" "sve1920" "sve2048" "sve256" "sve384" "sve512" "sve640" "sve768" "sve896" Signed-off-by: Fiona Ebner <[email protected]> --- New in v2. src/PVE/QemuServer/CPUConfig.pm | 139 ++++++++++++++++++-------------- 1 file changed, 77 insertions(+), 62 deletions(-) diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm index 00d56b22..32ec4954 100644 --- a/src/PVE/QemuServer/CPUConfig.pm +++ b/src/PVE/QemuServer/CPUConfig.pm @@ -224,72 +224,87 @@ for my $arch (keys $cpu_models_by_arch->%*) { } } -my $supported_cpu_flags = [ - { - name => 'nested-virt', - description => "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for" - . " Intel CPUs. Live migration still only works if it's the same flag on both sides." - . " Use a CPU model similar to the host, with the same vendor, not x86-64-vX!", - }, - { - name => 'md-clear', - description => "Required to let the guest OS know if MDS is mitigated correctly.", - }, - { - name => 'pcid', - description => - "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.", - }, - { - name => 'spec-ctrl', - description => "Allows improved Spectre mitigation with Intel CPUs.", - }, - { - name => 'ssbd', - description => "Protection for 'Speculative Store Bypass' for Intel models.", - }, - { - name => 'ibpb', - description => "Allows improved Spectre mitigation with AMD CPUs.", - }, - { - name => 'virt-ssbd', - description => "Basis for 'Speculative Store Bypass' protection for AMD models.", - }, - { - name => 'amd-ssbd', - description => "Improves Spectre mitigation performance with AMD CPUs, best used with" - . " 'virt-ssbd'.", - }, - { - name => 'amd-no-ssb', - description => "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.", - }, - { - name => 'pdpe1gb', - description => "Allow guest OS to use 1GB size pages, if host HW supports it.", - }, - { - name => 'hv-tlbflush', - description => "Improve performance in overcommitted Windows guests. May lead to guest" - . " bluescreens on old CPUs.", - }, - { - name => 'hv-evmcs', - description => "Improve performance for nested virtualization. Only supported on Intel" - . " CPUs.", - }, - { - name => 'aes', - description => "Activate AES instruction set for HW acceleration.", - }, -]; +my $supported_cpu_flags_by_arch = { + x86_64 => [ + { + name => 'nested-virt', + description => + "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for" + . " Intel CPUs. Live migration still only works if it's the same flag on both sides." + . " Use a CPU model similar to the host, with the same vendor, not x86-64-vX!", + }, + { + name => 'md-clear', + description => "Required to let the guest OS know if MDS is mitigated correctly.", + }, + { + name => 'pcid', + description => + "Meltdown fix cost reduction on Westmere, Sandy-, and IvyBridge Intel CPUs.", + }, + { + name => 'spec-ctrl', + description => "Allows improved Spectre mitigation with Intel CPUs.", + }, + { + name => 'ssbd', + description => "Protection for 'Speculative Store Bypass' for Intel models.", + }, + { + name => 'ibpb', + description => "Allows improved Spectre mitigation with AMD CPUs.", + }, + { + name => 'virt-ssbd', + description => "Basis for 'Speculative Store Bypass' protection for AMD models.", + }, + { + name => 'amd-ssbd', + description => + "Improves Spectre mitigation performance with AMD CPUs, best used with" + . " 'virt-ssbd'.", + }, + { + name => 'amd-no-ssb', + description => + "Notifies guest OS that host is not vulnerable for Spectre on AMD CPUs.", + }, + { + name => 'pdpe1gb', + description => "Allow guest OS to use 1GB size pages, if host HW supports it.", + }, + { + name => 'hv-tlbflush', + description => + "Improve performance in overcommitted Windows guests. May lead to guest" + . " bluescreens on old CPUs.", + }, + { + name => 'hv-evmcs', + description => + "Improve performance for nested virtualization. Only supported on Intel" . " CPUs.", + }, + { + name => 'aes', + description => "Activate AES instruction set for HW acceleration.", + }, + ], + aarch64 => [], +}; sub get_supported_cpu_flags { - return $supported_cpu_flags; + my ($arch) = @_; + $arch = $host_arch if !defined($arch); + return $supported_cpu_flags_by_arch->{$arch}; } -my @supported_cpu_flags_names = map { $_->{name} } $supported_cpu_flags->@*; +my $all_supported_cpu_flags = {}; +for my $arch ($supported_cpu_flags_by_arch->%*) { + for my $flag ($supported_cpu_flags_by_arch->{$arch}->@*) { + $all_supported_cpu_flags->{ $flag->{name} } = 1; + } +} +my @supported_cpu_flags_names = sort keys $all_supported_cpu_flags->%*; my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags_names)]})/; my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/; -- 2.47.3
