1 package PVE
::QemuServer
::CPUConfig
;
7 use PVE
::Cluster
qw(cfs_register_file cfs_read_file);
8 use PVE
::QemuServer
::Helpers
qw(min_version);
10 use base
qw(PVE::SectionConfig Exporter);
17 # under certain race-conditions, this module might be loaded before pve-cluster
18 # has started completely, so ensure we don't prevent the FUSE mount with our dir
19 if (PVE
::Cluster
::check_cfs_is_mounted
(1)) {
20 mkdir "/etc/pve/virtual-guest";
23 my $default_filename = "virtual-guest/cpu-models.conf";
24 cfs_register_file
($default_filename,
25 sub { PVE
::QemuServer
::CPUConfig-
>parse_config(@_); },
26 sub { PVE
::QemuServer
::CPUConfig-
>write_config(@_); });
28 sub load_custom_model_conf
{
29 return cfs_read_file
($default_filename);
32 my $cpu_vendor_list = {
34 486 => 'GenuineIntel',
35 pentium
=> 'GenuineIntel',
36 pentium2
=> 'GenuineIntel',
37 pentium3
=> 'GenuineIntel',
38 coreduo
=> 'GenuineIntel',
39 core2duo
=> 'GenuineIntel',
40 Conroe
=> 'GenuineIntel',
41 Penryn
=> 'GenuineIntel',
42 Nehalem
=> 'GenuineIntel',
43 'Nehalem-IBRS' => 'GenuineIntel',
44 Westmere
=> 'GenuineIntel',
45 'Westmere-IBRS' => 'GenuineIntel',
46 SandyBridge
=> 'GenuineIntel',
47 'SandyBridge-IBRS' => 'GenuineIntel',
48 IvyBridge
=> 'GenuineIntel',
49 'IvyBridge-IBRS' => 'GenuineIntel',
50 Haswell
=> 'GenuineIntel',
51 'Haswell-IBRS' => 'GenuineIntel',
52 'Haswell-noTSX' => 'GenuineIntel',
53 'Haswell-noTSX-IBRS' => 'GenuineIntel',
54 Broadwell
=> 'GenuineIntel',
55 'Broadwell-IBRS' => 'GenuineIntel',
56 'Broadwell-noTSX' => 'GenuineIntel',
57 'Broadwell-noTSX-IBRS' => 'GenuineIntel',
58 'Skylake-Client' => 'GenuineIntel',
59 'Skylake-Client-IBRS' => 'GenuineIntel',
60 'Skylake-Client-noTSX-IBRS' => 'GenuineIntel',
61 'Skylake-Server' => 'GenuineIntel',
62 'Skylake-Server-IBRS' => 'GenuineIntel',
63 'Skylake-Server-noTSX-IBRS' => 'GenuineIntel',
64 'Cascadelake-Server' => 'GenuineIntel',
65 'Cascadelake-Server-noTSX' => 'GenuineIntel',
66 KnightsMill
=> 'GenuineIntel',
67 'Icelake-Client' => 'GenuineIntel',
68 'Icelake-Client-noTSX' => 'GenuineIntel',
69 'Icelake-Server' => 'GenuineIntel',
70 'Icelake-Server-noTSX' => 'GenuineIntel',
73 athlon
=> 'AuthenticAMD',
74 phenom
=> 'AuthenticAMD',
75 Opteron_G1
=> 'AuthenticAMD',
76 Opteron_G2
=> 'AuthenticAMD',
77 Opteron_G3
=> 'AuthenticAMD',
78 Opteron_G4
=> 'AuthenticAMD',
79 Opteron_G5
=> 'AuthenticAMD',
80 EPYC
=> 'AuthenticAMD',
81 'EPYC-IBPB' => 'AuthenticAMD',
83 # generic types, use vendor from host node
92 my @supported_cpu_flags = (
106 my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags)]})/;
107 my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/;
109 our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-_=]+,?)+)$/;
113 description
=> "Emulated CPU type. Can be default or custom name (custom model names must be prefixed with 'custom-').",
115 format_description
=> 'string',
120 'reported-model' => {
121 description
=> "CPU model and vendor to report to the guest. Must be a QEMU/KVM supported model."
122 . " Only valid for custom CPU model definitions, default models will always report themselves to the guest OS.",
124 enum
=> [ sort { lc("$a") cmp lc("$b") } keys %$cpu_vendor_list ],
129 description
=> "Do not identify as a KVM virtual machine.",
136 pattern
=> qr/[a-zA-Z0-9]{1,12}/,
137 format_description
=> 'vendor-id',
138 description
=> 'The Hyper-V vendor ID. Some drivers or programs inside Windows guests need a specific ID.',
142 description
=> "List of additional CPU flags separated by ';'."
143 . " Use '+FLAG' to enable, '-FLAG' to disable a flag."
144 . " Custom CPU models can specify any flag supported by"
145 . " QEMU/KVM, VM-specific flags must be from the following"
146 . " set for security reasons: @{[join(', ', @supported_cpu_flags)]}.",
147 format_description
=> '+FLAG[;-FLAG...]',
149 pattern
=> qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/,
154 format
=> 'pve-phys-bits',
155 description
=> "The physical memory address bits that are reported to"
156 . " the guest OS. Should be smaller or equal to the host's."
157 . " Set to 'host' to use value from host CPU, but note that"
158 . " doing so will break live migration to CPUs with other values.",
163 PVE
::JSONSchema
::register_format
('pve-phys-bits', \
&parse_phys_bits
);
164 sub parse_phys_bits
{
165 my ($str, $noerr) = @_;
167 my $err_msg = "value must be an integer between 8 and 64 or 'host'\n";
169 if ($str !~ m/^(host|\d{1,2})$/) {
170 die $err_msg if !$noerr;
174 if ($str =~ m/^\d+$/ && (int($str) < 8 || int($str) > 64)) {
175 die $err_msg if !$noerr;
182 # $cpu_fmt describes both the CPU config passed as part of a VM config, as well
183 # as the definition of a custom CPU model. There are some slight differences
184 # though, which we catch in the custom verification function below.
185 PVE
::JSONSchema
::register_format
('pve-cpu-conf', \
&parse_cpu_conf_basic
);
186 sub parse_cpu_conf_basic
{
187 my ($cpu_str, $noerr) = @_;
189 my $cpu = eval { PVE
::JSONSchema
::parse_property_string
($cpu_fmt, $cpu_str) };
195 # required, but can't be forced in schema since it's encoded in section
196 # header for custom models
197 if (!$cpu->{cputype
}) {
198 die "CPU is missing cputype\n" if !$noerr;
205 PVE
::JSONSchema
::register_format
('pve-vm-cpu-conf', \
&parse_vm_cpu_conf
);
206 sub parse_vm_cpu_conf
{
207 my ($cpu_str, $noerr) = @_;
209 my $cpu = parse_cpu_conf_basic
($cpu_str, $noerr);
210 return undef if !$cpu;
212 my $cputype = $cpu->{cputype
};
214 # a VM-specific config is only valid if the cputype exists
215 if (is_custom_model
($cputype)) {
216 eval { get_custom_model
($cputype); };
222 if (!defined($cpu_vendor_list->{$cputype})) {
223 die "Built-in cputype '$cputype' is not defined (missing 'custom-' prefix?)\n" if !$noerr;
228 # in a VM-specific config, certain properties are limited/forbidden
230 if ($cpu->{flags
} && $cpu->{flags
} !~ m/$cpu_flag_supported_re(;$cpu_flag_supported_re)*/) {
231 die "VM-specific CPU flags must be a subset of: @{[join(', ', @supported_cpu_flags)]}\n"
236 die "Property 'reported-model' not allowed in VM-specific CPU config.\n"
237 if defined($cpu->{'reported-model'});
242 # Section config settings
244 # shallow copy, since SectionConfig modifies propertyList internally
245 propertyList
=> { %$cpu_fmt },
253 return { %$cpu_fmt };
260 sub parse_section_header
{
261 my ($class, $line) = @_;
263 my ($type, $sectionId, $errmsg, $config) =
264 $class->SUPER::parse_section_header
($line);
266 return undef if !$type;
267 return ($type, $sectionId, $errmsg, {
268 # name is given by section header, and we can always prepend 'custom-'
269 # since we're reading the custom CPU file
270 cputype
=> "custom-$sectionId",
275 my ($class, $filename, $cfg) = @_;
277 mkdir "/etc/pve/virtual-guest";
279 for my $model (keys %{$cfg->{ids
}}) {
280 my $model_conf = $cfg->{ids
}->{$model};
282 die "internal error: tried saving built-in CPU model (or missing prefix): $model_conf->{cputype}\n"
283 if !is_custom_model
($model_conf->{cputype
});
285 die "internal error: tried saving custom cpumodel with cputype (ignoring prefix: $model_conf->{cputype}) not equal to \$cfg->ids entry ($model)\n"
286 if "custom-$model" ne $model_conf->{cputype
};
288 # saved in section header
289 delete $model_conf->{cputype
};
292 $class->SUPER::write_config
($filename, $cfg);
295 sub is_custom_model
{
297 return $cputype =~ m/^custom-/;
300 # Use this to get a single model in the format described by $cpu_fmt.
301 # Allows names with and without custom- prefix.
302 sub get_custom_model
{
303 my ($name, $noerr) = @_;
305 $name =~ s/^custom-//;
306 my $conf = load_custom_model_conf
();
308 my $entry = $conf->{ids
}->{$name};
309 if (!defined($entry)) {
310 die "Custom cputype '$name' not found\n" if !$noerr;
315 for my $property (keys %$cpu_fmt) {
316 if (my $value = $entry->{$property}) {
317 $model->{$property} = $value;
324 # Print a QEMU device node for a given VM configuration for hotplugging CPUs
325 sub print_cpu_device
{
326 my ($conf, $id) = @_;
328 my $kvm = $conf->{kvm
} // 1;
329 my $cpu = $kvm ?
"kvm64" : "qemu64";
330 if (my $cputype = $conf->{cpu
}) {
331 my $cpuconf = parse_cpu_conf_basic
($cputype)
332 or die "Cannot parse cpu description: $cputype\n";
333 $cpu = $cpuconf->{cputype
};
335 if (is_custom_model
($cpu)) {
336 my $custom_cpu = get_custom_model
($cpu);
338 $cpu = $custom_cpu->{'reported-model'} //
339 $cpu_fmt->{'reported-model'}->{default};
343 my $cores = $conf->{cores
} || 1;
345 my $current_core = ($id - 1) % $cores;
346 my $current_socket = int(($id - 1 - $current_core)/$cores);
348 return "$cpu-x86_64-cpu,id=cpu$id,socket-id=$current_socket,core-id=$current_core,thread-id=0";
351 # Resolves multiple arrays of hashes representing CPU flags with metadata to a
352 # single string in QEMU "-cpu" compatible format. Later arrays have higher
355 # Hashes take the following format:
358 # op => "+", # defaults to "" if undefined
359 # reason => "to support AES acceleration", # for override warnings
360 # value => "" # needed for kvm=off (value: off) etc...
364 sub resolve_cpu_flags
{
368 for my $flag_name (keys %$hash) {
369 my $flag = $hash->{$flag_name};
370 my $old_flag = $flags->{$flag_name};
373 $flag->{reason
} //= "unknown origin";
376 my $value_changed = (defined($flag->{value
}) != defined($old_flag->{value
})) ||
377 (defined($flag->{value
}) && $flag->{value
} ne $old_flag->{value
});
379 if ($old_flag->{op
} eq $flag->{op
} && !$value_changed) {
380 $flags->{$flag_name}->{reason
} .= " & $flag->{reason}";
384 my $old = print_cpuflag_hash
($flag_name, $flags->{$flag_name});
385 my $new = print_cpuflag_hash
($flag_name, $flag);
386 warn "warning: CPU flag/setting $new overwrites $old\n";
389 $flags->{$flag_name} = $flag;
394 # sort for command line stability
395 for my $flag_name (sort keys %$flags) {
397 $flag_str .= $flags->{$flag_name}->{op
};
398 $flag_str .= $flag_name;
399 $flag_str .= "=$flags->{$flag_name}->{value}"
400 if $flags->{$flag_name}->{value
};
406 sub print_cpuflag_hash
{
407 my ($flag_name, $flag) = @_;
408 my $formatted = "'$flag->{op}$flag_name";
409 $formatted .= "=$flag->{value}" if defined($flag->{value
});
411 $formatted .= " ($flag->{reason})" if defined($flag->{reason
});
415 sub parse_cpuflag_list
{
416 my ($re, $reason, $flaglist) = @_;
419 return $res if !$flaglist;
421 foreach my $flag (split(";", $flaglist)) {
423 $res->{$2} = { op
=> $1, reason
=> $reason };
430 # Calculate QEMU's '-cpu' argument from a given VM configuration
431 sub get_cpu_options
{
432 my ($conf, $arch, $kvm, $kvm_off, $machine_version, $winversion, $gpu_passthrough) = @_;
434 my $cputype = $kvm ?
"kvm64" : "qemu64";
435 if ($arch eq 'aarch64') {
436 $cputype = 'cortex-a57';
442 if (my $cpu_prop_str = $conf->{cpu
}) {
443 $cpu = parse_vm_cpu_conf
($cpu_prop_str)
444 or die "Cannot parse cpu description: $cpu_prop_str\n";
446 $cputype = $cpu->{cputype
};
448 if (is_custom_model
($cputype)) {
449 $custom_cpu = get_custom_model
($cputype);
451 $cputype = $custom_cpu->{'reported-model'} //
452 $cpu_fmt->{'reported-model'}->{default};
453 $kvm_off = $custom_cpu->{hidden
}
454 if defined($custom_cpu->{hidden
});
455 $hv_vendor_id = $custom_cpu->{'hv-vendor-id'};
458 # VM-specific settings override custom CPU config
459 $kvm_off = $cpu->{hidden
}
460 if defined($cpu->{hidden
});
461 $hv_vendor_id = $cpu->{'hv-vendor-id'}
462 if defined($cpu->{'hv-vendor-id'});
465 my $pve_flags = get_pve_cpu_flags
($conf, $kvm, $cputype, $arch,
468 my $hv_flags = get_hyperv_enlightenments
($winversion, $machine_version,
469 $conf->{bios
}, $gpu_passthrough, $hv_vendor_id) if $kvm;
471 my $custom_cputype_flags = parse_cpuflag_list
($cpu_flag_any_re,
472 "set by custom CPU model", $custom_cpu->{flags
});
474 my $vm_flags = parse_cpuflag_list
($cpu_flag_supported_re,
475 "manually set for VM", $cpu->{flags
});
477 my $pve_forced_flags = {};
478 $pve_forced_flags->{'enforce'} = {
479 reason
=> "error if requested CPU settings not available",
480 } if $cputype ne 'host' && $kvm && $arch eq 'x86_64';
481 $pve_forced_flags->{'kvm'} = {
483 reason
=> "hide KVM virtualization from guest",
486 # $cputype is the "reported-model" for custom types, so we can just look up
487 # the vendor in the default list
488 my $cpu_vendor = $cpu_vendor_list->{$cputype};
490 $pve_forced_flags->{'vendor'} = {
491 value
=> $cpu_vendor,
492 } if $cpu_vendor ne 'default';
493 } elsif ($arch ne 'aarch64') {
494 die "internal error"; # should not happen
497 my $cpu_str = $cputype;
499 # will be resolved in parameter order
500 $cpu_str .= resolve_cpu_flags
($pve_flags, $hv_flags, $custom_cputype_flags,
501 $vm_flags, $pve_forced_flags);
504 foreach my $conf ($custom_cpu, $cpu) {
505 next if !defined($conf);
506 my $conf_val = $conf->{'phys-bits'};
508 if ($conf_val eq 'host') {
509 $phys_bits = ",host-phys-bits=true";
511 $phys_bits = ",phys-bits=$conf_val";
514 $cpu_str .= $phys_bits;
516 return ('-cpu', $cpu_str);
519 # Some hardcoded flags required by certain configurations
520 sub get_pve_cpu_flags
{
521 my ($conf, $kvm, $cputype, $arch, $machine_version) = @_;
524 my $pve_msg = "set by PVE;";
526 $pve_flags->{'lahf_lm'} = {
528 reason
=> "$pve_msg to support Windows 8.1+",
529 } if $cputype eq 'kvm64' && $arch eq 'x86_64';
531 $pve_flags->{'x2apic'} = {
533 reason
=> "$pve_msg incompatible with Solaris",
534 } if $conf->{ostype
} && $conf->{ostype
} eq 'solaris';
536 $pve_flags->{'sep'} = {
538 reason
=> "$pve_msg to support Windows 8+ and improve Windows XP+",
539 } if $cputype eq 'kvm64' || $cputype eq 'kvm32';
541 $pve_flags->{'rdtscp'} = {
543 reason
=> "$pve_msg broken on AMD Opteron",
544 } if $cputype =~ m/^Opteron/;
546 if (min_version
($machine_version, 2, 3) && $kvm && $arch eq 'x86_64') {
547 $pve_flags->{'kvm_pv_unhalt'} = {
549 reason
=> "$pve_msg to improve Linux guest spinlock performance",
551 $pve_flags->{'kvm_pv_eoi'} = {
553 reason
=> "$pve_msg to improve Linux guest interrupt performance",
560 sub get_hyperv_enlightenments
{
561 my ($winversion, $machine_version, $bios, $gpu_passthrough, $hv_vendor_id) = @_;
563 return if $winversion < 6;
564 return if $bios && $bios eq 'ovmf' && $winversion < 8;
567 my $default_reason = "automatic Hyper-V enlightenment for Windows";
569 my ($flag, $value, $reason) = @_;
571 reason
=> $reason // $default_reason,
576 my $hv_vendor_set = defined($hv_vendor_id);
577 if ($gpu_passthrough || $hv_vendor_set) {
578 $hv_vendor_id //= 'proxmox';
579 $flagfn->('hv_vendor_id', $hv_vendor_id, $hv_vendor_set ?
580 "custom hv_vendor_id set" : "NVIDIA workaround for GPU passthrough");
583 if (min_version
($machine_version, 2, 3)) {
584 $flagfn->('hv_spinlocks', '0x1fff');
585 $flagfn->('hv_vapic');
586 $flagfn->('hv_time');
588 $flagfn->('hv_spinlocks', '0xffff');
591 if (min_version
($machine_version, 2, 6)) {
592 $flagfn->('hv_reset');
593 $flagfn->('hv_vpindex');
594 $flagfn->('hv_runtime');
597 if ($winversion >= 7) {
598 my $win7_reason = $default_reason . " 7 and higher";
599 $flagfn->('hv_relaxed', undef, $win7_reason);
601 if (min_version
($machine_version, 2, 12)) {
602 $flagfn->('hv_synic', undef, $win7_reason);
603 $flagfn->('hv_stimer', undef, $win7_reason);
606 if (min_version
($machine_version, 3, 1)) {
607 $flagfn->('hv_ipi', undef, $win7_reason);
614 sub get_cpu_from_running_vm
{
617 my $cmdline = PVE
::QemuServer
::Helpers
::parse_cmdline
($pid);
618 die "could not read commandline of running machine\n"
619 if !$cmdline->{cpu
}->{value
};
621 # sanitize and untaint value
622 $cmdline->{cpu
}->{value
} =~ $qemu_cmdline_cpu_re;
626 __PACKAGE__-
>register();