The flag will automatically resolve to the flag required for the current CPU on the host. The 'nested-virt' flag takes precendence over the CPU-specific flag for nesting which might already be present with custom CPU models. In that case, a warning is printed.
Suggested-by: Thomas Lamprecht <[email protected]> Signed-off-by: Fiona Ebner <[email protected]> --- I was thinking about using special characters in the flag name or some custom-/pve-/special- prefix to distinguish from regular flags, but decided against it in the end, because I got the gut feeling it might cause more confusion than it helps. Users who are interested in details will hopefully read the description and for others, having the flag name be direct and descriptive is better. src/PVE/QemuServer/CPUConfig.pm | 40 +++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm index 20e26ee2..dc8929c9 100644 --- a/src/PVE/QemuServer/CPUConfig.pm +++ b/src/PVE/QemuServer/CPUConfig.pm @@ -7,7 +7,10 @@ use JSON; use PVE::JSONSchema; use PVE::Cluster qw(cfs_register_file cfs_read_file); +use PVE::ProcFSTools; +use PVE::RESTEnvironment qw(log_warn); use PVE::Tools qw(run_command get_host_arch); + use PVE::QemuServer::Helpers qw(min_version); use base qw(PVE::SectionConfig Exporter); @@ -162,6 +165,11 @@ my $cpu_vendor_list = { }; our $supported_cpu_flags = [ + { + name => 'nested-virt', + description => "Controls nested virtualization, namely 'svm' for AMD CPUs and 'vmx' for" + . " Intel CPUs.", + }, { name => 'md-clear', description => "Required to let the guest OS know if MDS is mitigated correctly.", @@ -256,8 +264,10 @@ my $cpu_fmt = { }, flags => { description => "List of additional CPU flags separated by ';'. Use '+FLAG' to enable," - . " '-FLAG' to disable a flag. Custom CPU models can specify any flag supported by" - . " QEMU/KVM, VM-specific flags must be from the following set for security reasons: " + . " '-FLAG' to disable a flag. There is a special 'nested-virt' shorthand which" + . " controls nested virtualization for the current CPU ('svm' for AMD and 'vmx' for" + . " Intel). Custom CPU models can specify any flag supported by QEMU/KVM, VM-specific" + . " flags must be from the following set for security reasons: " . join(', ', @supported_cpu_flags_names), format_description => '+FLAG[;-FLAG...]', type => 'string', @@ -578,8 +588,34 @@ sub print_cpu_device { sub resolve_cpu_flags { my $flags = {}; + my $nested_flag; + my $nested_flag_resolved; + my $resolve_nested_flag = sub { + if (!$nested_flag_resolved) { + my $host_cpu_flags = PVE::ProcFSTools::read_cpuinfo()->{flags}; + if ($host_cpu_flags =~ m/\s(svm|vmx)\s/) { + $nested_flag = $1; + } else { + log_warn("ignoring 'nested-virt' CPU flag - unable to resolve from host CPU flags"); + } + $nested_flag_resolved = 1; + } + return $nested_flag; + }; + for my $hash (@_) { for my $flag_name (keys %$hash) { + if ($flag_name eq 'nested-virt') { + my $nested_flag_name = $resolve_nested_flag->() or next; + if ($hash->{$nested_flag_name}) { + warn "warning: CPU flag '$flag_name' overrides '$nested_flag_name'\n"; + } else { + print "CPU flag '$flag_name' resolved to '$nested_flag_name'\n"; + } + $hash->{$nested_flag_name} = delete($hash->{$flag_name}); + $flag_name = $nested_flag_name; + } + my $flag = $hash->{$flag_name}; my $old_flag = $flags->{$flag_name}; -- 2.47.3 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
