[qemu-server.git] / PVE / QemuServer / CPUConfig.pm

package PVE::QemuServer::CPUConfig;

use strict;
use warnings;

use PVE::JSONSchema;
use PVE::Cluster qw(cfs_register_file cfs_read_file);
use PVE::QemuServer::Helpers qw(min_version);

use base qw(PVE::SectionConfig Exporter);

our @EXPORT_OK = qw(
print_cpu_device
get_cpu_options
);

# under certain race-conditions, this module might be loaded before pve-cluster
# has started completely, so ensure we don't prevent the FUSE mount with our dir
if (PVE::Cluster::check_cfs_is_mounted(1)) {
    mkdir "/etc/pve/virtual-guest";
}

my $default_filename = "virtual-guest/cpu-models.conf";
cfs_register_file($default_filename,
		  sub { PVE::QemuServer::CPUConfig->parse_config(@_); },
		  sub { PVE::QemuServer::CPUConfig->write_config(@_); });

sub load_custom_model_conf {
    return cfs_read_file($default_filename);
}

my $cpu_vendor_list = {
    # Intel CPUs
    486 => 'GenuineIntel',
    pentium => 'GenuineIntel',
    pentium2 => 'GenuineIntel',
    pentium3 => 'GenuineIntel',
    coreduo => 'GenuineIntel',
    core2duo => 'GenuineIntel',
    Conroe => 'GenuineIntel',
    Penryn => 'GenuineIntel',
    Nehalem => 'GenuineIntel',
    'Nehalem-IBRS' => 'GenuineIntel',
    Westmere => 'GenuineIntel',
    'Westmere-IBRS' => 'GenuineIntel',
    SandyBridge => 'GenuineIntel',
    'SandyBridge-IBRS' => 'GenuineIntel',
    IvyBridge => 'GenuineIntel',
    'IvyBridge-IBRS' => 'GenuineIntel',
    Haswell => 'GenuineIntel',
    'Haswell-IBRS' => 'GenuineIntel',
    'Haswell-noTSX' => 'GenuineIntel',
    'Haswell-noTSX-IBRS' => 'GenuineIntel',
    Broadwell => 'GenuineIntel',
    'Broadwell-IBRS' => 'GenuineIntel',
    'Broadwell-noTSX' => 'GenuineIntel',
    'Broadwell-noTSX-IBRS' => 'GenuineIntel',
    'Skylake-Client' => 'GenuineIntel',
    'Skylake-Client-IBRS' => 'GenuineIntel',
    'Skylake-Client-noTSX-IBRS' => 'GenuineIntel',
    'Skylake-Server' => 'GenuineIntel',
    'Skylake-Server-IBRS' => 'GenuineIntel',
    'Skylake-Server-noTSX-IBRS' => 'GenuineIntel',
    'Cascadelake-Server' => 'GenuineIntel',
    'Cascadelake-Server-noTSX' => 'GenuineIntel',
    KnightsMill => 'GenuineIntel',
    'Icelake-Client' => 'GenuineIntel',
    'Icelake-Client-noTSX' => 'GenuineIntel',
    'Icelake-Server' => 'GenuineIntel',
    'Icelake-Server-noTSX' => 'GenuineIntel',

    # AMD CPUs
    athlon => 'AuthenticAMD',
    phenom => 'AuthenticAMD',
    Opteron_G1 => 'AuthenticAMD',
    Opteron_G2 => 'AuthenticAMD',
    Opteron_G3 => 'AuthenticAMD',
    Opteron_G4 => 'AuthenticAMD',
    Opteron_G5 => 'AuthenticAMD',
    EPYC => 'AuthenticAMD',
    'EPYC-IBPB' => 'AuthenticAMD',

    # generic types, use vendor from host node
    host => 'default',
    kvm32 => 'default',
    kvm64 => 'default',
    qemu32 => 'default',
    qemu64 => 'default',
    max => 'default',
};

my @supported_cpu_flags = (
    'pcid',
    'spec-ctrl',
    'ibpb',
    'ssbd',
    'virt-ssbd',
    'amd-ssbd',
    'amd-no-ssb',
    'pdpe1gb',
    'md-clear',
    'hv-tlbflush',
    'hv-evmcs',
    'aes'
);
my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags)]})/;
my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/;

our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-_=]+,?)+)$/;

my $cpu_fmt = {
    cputype => {
	description => "Emulated CPU type. Can be default or custom name (custom model names must be prefixed with 'custom-').",
	type => 'string',
	format_description => 'string',
	default => 'kvm64',
	default_key => 1,
	optional => 1,
    },
    'reported-model' => {
	description => "CPU model and vendor to report to the guest. Must be a QEMU/KVM supported model."
		     . " Only valid for custom CPU model definitions, default models will always report themselves to the guest OS.",
	type => 'string',
	enum => [ sort { lc("$a") cmp lc("$b") } keys %$cpu_vendor_list ],
	default => 'kvm64',
	optional => 1,
    },
    hidden => {
	description => "Do not identify as a KVM virtual machine.",
	type => 'boolean',
	optional => 1,
	default => 0
    },
    'hv-vendor-id' => {
	type => 'string',
	pattern => qr/[a-zA-Z0-9]{1,12}/,
	format_description => 'vendor-id',
	description => 'The Hyper-V vendor ID. Some drivers or programs inside Windows guests need a specific ID.',
	optional => 1,
    },
    flags => {
	description => "List of additional CPU flags separated by ';'."
		     . " Use '+FLAG' to enable, '-FLAG' to disable a flag."
		     . " Custom CPU models can specify any flag supported by"
		     . " QEMU/KVM, VM-specific flags must be from the following"
		     . " set for security reasons: @{[join(', ', @supported_cpu_flags)]}.",
	format_description => '+FLAG[;-FLAG...]',
	type => 'string',
	pattern => qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/,
	optional => 1,
    },
};

# $cpu_fmt describes both the CPU config passed as part of a VM config, as well
# as the definition of a custom CPU model. There are some slight differences
# though, which we catch in the custom verification function below.
PVE::JSONSchema::register_format('pve-cpu-conf', \&parse_cpu_conf_basic);
sub parse_cpu_conf_basic {
    my ($cpu_str, $noerr) = @_;

    my $cpu = eval { PVE::JSONSchema::parse_property_string($cpu_fmt, $cpu_str) };
    if ($@) {
        die $@ if !$noerr;
        return undef;
    }

    # required, but can't be forced in schema since it's encoded in section
    # header for custom models
    if (!$cpu->{cputype}) {
	die "CPU is missing cputype\n" if !$noerr;
	return undef;
    }

    return $cpu;
}

PVE::JSONSchema::register_format('pve-vm-cpu-conf', \&parse_vm_cpu_conf);
sub parse_vm_cpu_conf {
    my ($cpu_str, $noerr) = @_;

    my $cpu = parse_cpu_conf_basic($cpu_str, $noerr);
    return undef if !$cpu;

    my $cputype = $cpu->{cputype};

    # a VM-specific config is only valid if the cputype exists
    if (is_custom_model($cputype)) {
	eval { get_custom_model($cputype); };
	if ($@) {
	    die $@ if !$noerr;
	    return undef;
	}
    } else {
	if (!defined($cpu_vendor_list->{$cputype})) {
	    die "Built-in cputype '$cputype' is not defined (missing 'custom-' prefix?)\n" if !$noerr;
	    return undef;
	}
    }

    # in a VM-specific config, certain properties are limited/forbidden

    if ($cpu->{flags} && $cpu->{flags} !~ m/$cpu_flag_supported_re(;$cpu_flag_supported_re)*/) {
	die "VM-specific CPU flags must be a subset of: @{[join(', ', @supported_cpu_flags)]}\n"
	    if !$noerr;
	return undef;
    }

    die "Property 'reported-model' not allowed in VM-specific CPU config.\n"
	if defined($cpu->{'reported-model'});

    return $cpu;
}

# Section config settings
my $defaultData = {
    # shallow copy, since SectionConfig modifies propertyList internally
    propertyList => { %$cpu_fmt },
};

sub private {
    return $defaultData;
}

sub options {
    return { %$cpu_fmt };
}

sub type {
    return 'cpu-model';
}

sub parse_section_header {
    my ($class, $line) = @_;

    my ($type, $sectionId, $errmsg, $config) =
	$class->SUPER::parse_section_header($line);

    return undef if !$type;
    return ($type, $sectionId, $errmsg, {
	# name is given by section header, and we can always prepend 'custom-'
	# since we're reading the custom CPU file
	cputype => "custom-$sectionId",
    });
}

sub write_config {
    my ($class, $filename, $cfg) = @_;

    mkdir "/etc/pve/virtual-guest";

    for my $model (keys %{$cfg->{ids}}) {
	my $model_conf = $cfg->{ids}->{$model};

	die "internal error: tried saving built-in CPU model (or missing prefix): $model_conf->{cputype}\n"
	    if !is_custom_model($model_conf->{cputype});

	die "internal error: tried saving custom cpumodel with cputype (ignoring prefix: $model_conf->{cputype}) not equal to \$cfg->ids entry ($model)\n"
	    if "custom-$model" ne $model_conf->{cputype};

	# saved in section header
	delete $model_conf->{cputype};
    }

    $class->SUPER::write_config($filename, $cfg);
}

sub is_custom_model {
    my ($cputype) = @_;
    return $cputype =~ m/^custom-/;
}

# Use this to get a single model in the format described by $cpu_fmt.
# Allows names with and without custom- prefix.
sub get_custom_model {
    my ($name, $noerr) = @_;

    $name =~ s/^custom-//;
    my $conf = load_custom_model_conf();

    my $entry = $conf->{ids}->{$name};
    if (!defined($entry)) {
	die "Custom cputype '$name' not found\n" if !$noerr;
	return undef;
    }

    my $model = {};
    for my $property (keys %$cpu_fmt) {
	if (my $value = $entry->{$property}) {
	    $model->{$property} = $value;
	}
    }

    return $model;
}

# Print a QEMU device node for a given VM configuration for hotplugging CPUs
sub print_cpu_device {
    my ($conf, $id) = @_;

    my $kvm = $conf->{kvm} // 1;
    my $cpu = $kvm ? "kvm64" : "qemu64";
    if (my $cputype = $conf->{cpu}) {
	my $cpuconf = parse_cpu_conf_basic($cputype)
	    or die "Cannot parse cpu description: $cputype\n";
	$cpu = $cpuconf->{cputype};

	if (is_custom_model($cpu)) {
	    my $custom_cpu = get_custom_model($cpu);

	    $cpu = $custom_cpu->{'reported-model'} //
		$cpu_fmt->{'reported-model'}->{default};
	}
    }

    my $cores = $conf->{cores} || 1;

    my $current_core = ($id - 1) % $cores;
    my $current_socket = int(($id - 1 - $current_core)/$cores);

    return "$cpu-x86_64-cpu,id=cpu$id,socket-id=$current_socket,core-id=$current_core,thread-id=0";
}

# Resolves multiple arrays of hashes representing CPU flags with metadata to a
# single string in QEMU "-cpu" compatible format. Later arrays have higher
# priority.
#
# Hashes take the following format:
# {
#     aes => {
#         op => "+", # defaults to "" if undefined
#         reason => "to support AES acceleration", # for override warnings
#         value => "" # needed for kvm=off (value: off) etc...
#     },
#     ...
# }
sub resolve_cpu_flags {
    my $flags = {};

    for my $hash (@_) {
	for my $flag_name (keys %$hash) {
	    my $flag = $hash->{$flag_name};
	    my $old_flag = $flags->{$flag_name};

	    $flag->{op} //= "";
	    $flag->{reason} //= "unknown origin";

	    if ($old_flag) {
		my $value_changed = (defined($flag->{value}) != defined($old_flag->{value})) ||
				    (defined($flag->{value}) && $flag->{value} ne $old_flag->{value});

		if ($old_flag->{op} eq $flag->{op} && !$value_changed) {
		    $flags->{$flag_name}->{reason} .= " & $flag->{reason}";
		    next;
		}

		my $old = print_cpuflag_hash($flag_name, $flags->{$flag_name});
		my $new = print_cpuflag_hash($flag_name, $flag);
		warn "warning: CPU flag/setting $new overwrites $old\n";
	    }

	    $flags->{$flag_name} = $flag;
	}
    }

    my $flag_str = '';
    # sort for command line stability
    for my $flag_name (sort keys %$flags) {
	$flag_str .= ',';
	$flag_str .= $flags->{$flag_name}->{op};
	$flag_str .= $flag_name;
	$flag_str .= "=$flags->{$flag_name}->{value}"
	    if $flags->{$flag_name}->{value};
    }

    return $flag_str;
}

sub print_cpuflag_hash {
    my ($flag_name, $flag) = @_;
    my $formatted = "'$flag->{op}$flag_name";
    $formatted .= "=$flag->{value}" if defined($flag->{value});
    $formatted .= "'";
    $formatted .= " ($flag->{reason})" if defined($flag->{reason});
    return $formatted;
}

# Calculate QEMU's '-cpu' argument from a given VM configuration
sub get_cpu_options {
    my ($conf, $arch, $kvm, $kvm_off, $machine_version, $winversion, $gpu_passthrough) = @_;

    my $cpuFlags = [];
    my $ostype = $conf->{ostype};

    my $cpu = $kvm ? "kvm64" : "qemu64";
    if ($arch eq 'aarch64') {
	$cpu = 'cortex-a57';
    }
    my $hv_vendor_id;
    if (my $cputype = $conf->{cpu}) {
	my $cpuconf = PVE::JSONSchema::parse_property_string($cpu_fmt, $cputype)
	    or die "Cannot parse cpu description: $cputype\n";
	$cpu = $cpuconf->{cputype};
	$kvm_off = 1 if $cpuconf->{hidden};
	$hv_vendor_id = $cpuconf->{'hv-vendor-id'};

	if (defined(my $flags = $cpuconf->{flags})) {
	    push @$cpuFlags, split(";", $flags);
	}
    }

    push @$cpuFlags , '+lahf_lm' if $cpu eq 'kvm64' && $arch eq 'x86_64';

    push @$cpuFlags , '-x2apic' if $ostype && $ostype eq 'solaris';

    push @$cpuFlags, '+sep' if $cpu eq 'kvm64' || $cpu eq 'kvm32';

    push @$cpuFlags, '-rdtscp' if $cpu =~ m/^Opteron/;

    if (min_version($machine_version, 2, 3) && $arch eq 'x86_64') {

	push @$cpuFlags , '+kvm_pv_unhalt' if $kvm;
	push @$cpuFlags , '+kvm_pv_eoi' if $kvm;
    }

    add_hyperv_enlightenments($cpuFlags, $winversion, $machine_version, $conf->{bios}, $gpu_passthrough, $hv_vendor_id) if $kvm;

    push @$cpuFlags, 'enforce' if $cpu ne 'host' && $kvm && $arch eq 'x86_64';

    push @$cpuFlags, 'kvm=off' if $kvm_off;

    if (my $cpu_vendor = $cpu_vendor_list->{$cpu}) {
	push @$cpuFlags, "vendor=${cpu_vendor}"
	    if $cpu_vendor ne 'default';
    } elsif ($arch ne 'aarch64') {
	die "internal error"; # should not happen
    }

    $cpu .= "," . join(',', @$cpuFlags) if scalar(@$cpuFlags);

    return ('-cpu', $cpu);
}

sub add_hyperv_enlightenments {
    my ($cpuFlags, $winversion, $machine_version, $bios, $gpu_passthrough, $hv_vendor_id) = @_;

    return if $winversion < 6;
    return if $bios && $bios eq 'ovmf' && $winversion < 8;

    if ($gpu_passthrough || defined($hv_vendor_id)) {
	$hv_vendor_id //= 'proxmox';
	push @$cpuFlags , "hv_vendor_id=$hv_vendor_id";
    }

    if (min_version($machine_version, 2, 3)) {
	push @$cpuFlags , 'hv_spinlocks=0x1fff';
	push @$cpuFlags , 'hv_vapic';
	push @$cpuFlags , 'hv_time';
    } else {
	push @$cpuFlags , 'hv_spinlocks=0xffff';
    }

    if (min_version($machine_version, 2, 6)) {
	push @$cpuFlags , 'hv_reset';
	push @$cpuFlags , 'hv_vpindex';
	push @$cpuFlags , 'hv_runtime';
    }

    if ($winversion >= 7) {
	push @$cpuFlags , 'hv_relaxed';

	if (min_version($machine_version, 2, 12)) {
	    push @$cpuFlags , 'hv_synic';
	    push @$cpuFlags , 'hv_stimer';
	}

	if (min_version($machine_version, 3, 1)) {
	    push @$cpuFlags , 'hv_ipi';
	}
    }
}

sub get_cpu_from_running_vm {
    my ($pid) = @_;

    my $cmdline = PVE::QemuServer::Helpers::parse_cmdline($pid);
    die "could not read commandline of running machine\n"
	if !$cmdline->{cpu}->{value};

    # sanitize and untaint value
    $cmdline->{cpu}->{value} =~ $qemu_cmdline_cpu_re;
    return $1;
}

__PACKAGE__->register();
__PACKAGE__->init();

1;
Commit	Line	Data
d786a274 SR	1	package PVE::QemuServer::CPUConfig;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::JSONSchema;
b3e89488	7	use PVE::Cluster qw(cfs_register_file cfs_read_file);
d786a274 SR	8	use PVE::QemuServer::Helpers qw(min_version);
d786a274 SR	9
b3e89488	10	use base qw(PVE::SectionConfig Exporter);
d786a274 SR	11
	12	our @EXPORT_OK = qw(
	13	print_cpu_device
	14	get_cpu_options
	15	);
	16
b3e89488 SR	17	# under certain race-conditions, this module might be loaded before pve-cluster
b3e89488 SR	18	# has started completely, so ensure we don't prevent the FUSE mount with our dir
1dbe979c	19	if (PVE::Cluster::check_cfs_is_mounted(1)) {
b3e89488 SR	20	mkdir "/etc/pve/virtual-guest";
	21	}
	22
	23	my $default_filename = "virtual-guest/cpu-models.conf";
	24	cfs_register_file($default_filename,
	25	sub { PVE::QemuServer::CPUConfig->parse_config(@_); },
	26	sub { PVE::QemuServer::CPUConfig->write_config(@_); });
	27
	28	sub load_custom_model_conf {
	29	return cfs_read_file($default_filename);
	30	}
	31
d786a274 SR	32	my $cpu_vendor_list = {
	33	# Intel CPUs
	34	486 => 'GenuineIntel',
	35	pentium => 'GenuineIntel',
	36	pentium2 => 'GenuineIntel',
	37	pentium3 => 'GenuineIntel',
	38	coreduo => 'GenuineIntel',
	39	core2duo => 'GenuineIntel',
	40	Conroe => 'GenuineIntel',
	41	Penryn => 'GenuineIntel',
	42	Nehalem => 'GenuineIntel',
	43	'Nehalem-IBRS' => 'GenuineIntel',
	44	Westmere => 'GenuineIntel',
	45	'Westmere-IBRS' => 'GenuineIntel',
	46	SandyBridge => 'GenuineIntel',
	47	'SandyBridge-IBRS' => 'GenuineIntel',
	48	IvyBridge => 'GenuineIntel',
	49	'IvyBridge-IBRS' => 'GenuineIntel',
	50	Haswell => 'GenuineIntel',
	51	'Haswell-IBRS' => 'GenuineIntel',
	52	'Haswell-noTSX' => 'GenuineIntel',
	53	'Haswell-noTSX-IBRS' => 'GenuineIntel',
	54	Broadwell => 'GenuineIntel',
	55	'Broadwell-IBRS' => 'GenuineIntel',
	56	'Broadwell-noTSX' => 'GenuineIntel',
	57	'Broadwell-noTSX-IBRS' => 'GenuineIntel',
	58	'Skylake-Client' => 'GenuineIntel',
	59	'Skylake-Client-IBRS' => 'GenuineIntel',
bb84db9d	60	'Skylake-Client-noTSX-IBRS' => 'GenuineIntel',
d786a274 SR	61	'Skylake-Server' => 'GenuineIntel',
d786a274 SR	62	'Skylake-Server-IBRS' => 'GenuineIntel',
bb84db9d	63	'Skylake-Server-noTSX-IBRS' => 'GenuineIntel',
d786a274	64	'Cascadelake-Server' => 'GenuineIntel',
bb84db9d	65	'Cascadelake-Server-noTSX' => 'GenuineIntel',
d786a274	66	KnightsMill => 'GenuineIntel',
257ae687	67	'Icelake-Client' => 'GenuineIntel',
bb84db9d AD	68	'Icelake-Client-noTSX' => 'GenuineIntel',
bb84db9d AD	69	'Icelake-Server' => 'GenuineIntel',
d0cdb1de	70	'Icelake-Server-noTSX' => 'GenuineIntel',
d786a274 SR	71
	72	# AMD CPUs
	73	athlon => 'AuthenticAMD',
	74	phenom => 'AuthenticAMD',
	75	Opteron_G1 => 'AuthenticAMD',
	76	Opteron_G2 => 'AuthenticAMD',
	77	Opteron_G3 => 'AuthenticAMD',
	78	Opteron_G4 => 'AuthenticAMD',
	79	Opteron_G5 => 'AuthenticAMD',
	80	EPYC => 'AuthenticAMD',
	81	'EPYC-IBPB' => 'AuthenticAMD',
	82
	83	# generic types, use vendor from host node
	84	host => 'default',
	85	kvm32 => 'default',
	86	kvm64 => 'default',
	87	qemu32 => 'default',
	88	qemu64 => 'default',
	89	max => 'default',
	90	};
	91
	92	my @supported_cpu_flags = (
	93	'pcid',
	94	'spec-ctrl',
	95	'ibpb',
	96	'ssbd',
	97	'virt-ssbd',
	98	'amd-ssbd',
	99	'amd-no-ssb',
	100	'pdpe1gb',
	101	'md-clear',
	102	'hv-tlbflush',
	103	'hv-evmcs',
	104	'aes'
	105	);
5d008ad3 SR	106	my $cpu_flag_supported_re = qr/([+-])(@{[join('\|', @supported_cpu_flags)]})/;
5d008ad3 SR	107	my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/;
d786a274	108
58c64ad5 SR	109	our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-_=]+,?)+)$/;
58c64ad5 SR	110
5d008ad3	111	my $cpu_fmt = {
d786a274	112	cputype => {
b3e89488	113	description => "Emulated CPU type. Can be default or custom name (custom model names must be prefixed with 'custom-').",
d786a274	114	type => 'string',
b3e89488	115	format_description => 'string',
d786a274 SR	116	default => 'kvm64',
d786a274 SR	117	default_key => 1,
b3e89488 SR	118	optional => 1,
	119	},
	120	'reported-model' => {
	121	description => "CPU model and vendor to report to the guest. Must be a QEMU/KVM supported model."
	122	. " Only valid for custom CPU model definitions, default models will always report themselves to the guest OS.",
	123	type => 'string',
	124	enum => [ sort { lc("$a") cmp lc("$b") } keys %$cpu_vendor_list ],
	125	default => 'kvm64',
	126	optional => 1,
d786a274 SR	127	},
	128	hidden => {
	129	description => "Do not identify as a KVM virtual machine.",
	130	type => 'boolean',
	131	optional => 1,
	132	default => 0
	133	},
	134	'hv-vendor-id' => {
	135	type => 'string',
	136	pattern => qr/[a-zA-Z0-9]{1,12}/,
	137	format_description => 'vendor-id',
	138	description => 'The Hyper-V vendor ID. Some drivers or programs inside Windows guests need a specific ID.',
	139	optional => 1,
	140	},
	141	flags => {
	142	description => "List of additional CPU flags separated by ';'."
	143	. " Use '+FLAG' to enable, '-FLAG' to disable a flag."
5d008ad3 SR	144	. " Custom CPU models can specify any flag supported by"
	145	. " QEMU/KVM, VM-specific flags must be from the following"
	146	. " set for security reasons: @{[join(', ', @supported_cpu_flags)]}.",
d786a274 SR	147	format_description => '+FLAG[;-FLAG...]',
d786a274 SR	148	type => 'string',
5d008ad3	149	pattern => qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/,
d786a274 SR	150	optional => 1,
	151	},
	152	};
	153
5d008ad3 SR	154	# $cpu_fmt describes both the CPU config passed as part of a VM config, as well
	155	# as the definition of a custom CPU model. There are some slight differences
	156	# though, which we catch in the custom verification function below.
	157	PVE::JSONSchema::register_format('pve-cpu-conf', \&parse_cpu_conf_basic);
	158	sub parse_cpu_conf_basic {
	159	my ($cpu_str, $noerr) = @_;
	160
	161	my $cpu = eval { PVE::JSONSchema::parse_property_string($cpu_fmt, $cpu_str) };
	162	if ($@) {
	163	die $@ if !$noerr;
	164	return undef;
	165	}
	166
	167	# required, but can't be forced in schema since it's encoded in section
	168	# header for custom models
	169	if (!$cpu->{cputype}) {
	170	die "CPU is missing cputype\n" if !$noerr;
	171	return undef;
	172	}
	173
	174	return $cpu;
	175	}
	176
	177	PVE::JSONSchema::register_format('pve-vm-cpu-conf', \&parse_vm_cpu_conf);
	178	sub parse_vm_cpu_conf {
	179	my ($cpu_str, $noerr) = @_;
	180
	181	my $cpu = parse_cpu_conf_basic($cpu_str, $noerr);
	182	return undef if !$cpu;
	183
	184	my $cputype = $cpu->{cputype};
	185
	186	# a VM-specific config is only valid if the cputype exists
	187	if (is_custom_model($cputype)) {
	188	eval { get_custom_model($cputype); };
	189	if ($@) {
	190	die $@ if !$noerr;
	191	return undef;
	192	}
	193	} else {
	194	if (!defined($cpu_vendor_list->{$cputype})) {
	195	die "Built-in cputype '$cputype' is not defined (missing 'custom-' prefix?)\n" if !$noerr;
	196	return undef;
	197	}
	198	}
	199
	200	# in a VM-specific config, certain properties are limited/forbidden
	201
	202	if ($cpu->{flags} && $cpu->{flags} !~ m/$cpu_flag_supported_re(;$cpu_flag_supported_re)*/) {
	203	die "VM-specific CPU flags must be a subset of: @{[join(', ', @supported_cpu_flags)]}\n"
	204	if !$noerr;
	205	return undef;
	206	}
	207
	208	die "Property 'reported-model' not allowed in VM-specific CPU config.\n"
	209	if defined($cpu->{'reported-model'});
	210
	211	return $cpu;
	212	}
	213
b3e89488 SR	214	# Section config settings
	215	my $defaultData = {
	216	# shallow copy, since SectionConfig modifies propertyList internally
	217	propertyList => { %$cpu_fmt },
	218	};
	219
	220	sub private {
	221	return $defaultData;
	222	}
	223
	224	sub options {
	225	return { %$cpu_fmt };
	226	}
	227
	228	sub type {
	229	return 'cpu-model';
	230	}
	231
	232	sub parse_section_header {
	233	my ($class, $line) = @_;
	234
	235	my ($type, $sectionId, $errmsg, $config) =
	236	$class->SUPER::parse_section_header($line);
	237
	238	return undef if !$type;
	239	return ($type, $sectionId, $errmsg, {
	240	# name is given by section header, and we can always prepend 'custom-'
	241	# since we're reading the custom CPU file
	242	cputype => "custom-$sectionId",
	243	});
	244	}
	245
	246	sub write_config {
	247	my ($class, $filename, $cfg) = @_;
	248
	249	mkdir "/etc/pve/virtual-guest";
	250
	251	for my $model (keys %{$cfg->{ids}}) {
	252	my $model_conf = $cfg->{ids}->{$model};
	253
	254	die "internal error: tried saving built-in CPU model (or missing prefix): $model_conf->{cputype}\n"
	255	if !is_custom_model($model_conf->{cputype});
	256
	257	die "internal error: tried saving custom cpumodel with cputype (ignoring prefix: $model_conf->{cputype}) not equal to \$cfg->ids entry ($model)\n"
	258	if "custom-$model" ne $model_conf->{cputype};
	259
	260	# saved in section header
	261	delete $model_conf->{cputype};
	262	}
	263
	264	$class->SUPER::write_config($filename, $cfg);
	265	}
	266
	267	sub is_custom_model {
	268	my ($cputype) = @_;
	269	return $cputype =~ m/^custom-/;
	270	}
	271
	272	# Use this to get a single model in the format described by $cpu_fmt.
	273	# Allows names with and without custom- prefix.
	274	sub get_custom_model {
	275	my ($name, $noerr) = @_;
	276
	277	$name =~ s/^custom-//;
278	my $conf = load_custom_model_conf();
279
280	my $entry = $conf->{ids}->{$name};
281	if (!defined($entry)) {
282	die "Custom cputype '$name' not found\n" if !$noerr;
283	return undef;
284	}
285
286	my $model = {};
287	for my $property (keys %$cpu_fmt) {
288	if (my $value = $entry->{$property}) {
289	$model->{$property} = $value;
290	}
291	}
292
293	return $model;
294	}
295
d786a274 SR	296	# Print a QEMU device node for a given VM configuration for hotplugging CPUs
	297	sub print_cpu_device {
	298	my ($conf, $id) = @_;
	299
	300	my $kvm = $conf->{kvm} // 1;
	301	my $cpu = $kvm ? "kvm64" : "qemu64";
	302	if (my $cputype = $conf->{cpu}) {
5d008ad3	303	my $cpuconf = parse_cpu_conf_basic($cputype)
d786a274 SR	304	or die "Cannot parse cpu description: $cputype\n";
d786a274 SR	305	$cpu = $cpuconf->{cputype};
b3e89488 SR	306
	307	if (is_custom_model($cpu)) {
	308	my $custom_cpu = get_custom_model($cpu);
	309
	310	$cpu = $custom_cpu->{'reported-model'} //
	311	$cpu_fmt->{'reported-model'}->{default};
	312	}
d786a274 SR	313	}
	314
	315	my $cores = $conf->{cores} \|\| 1;
	316
	317	my $current_core = ($id - 1) % $cores;
	318	my $current_socket = int(($id - 1 - $current_core)/$cores);
	319
	320	return "$cpu-x86_64-cpu,id=cpu$id,socket-id=$current_socket,core-id=$current_core,thread-id=0";
	321	}
	322
45619185 SR	323	# Resolves multiple arrays of hashes representing CPU flags with metadata to a
	324	# single string in QEMU "-cpu" compatible format. Later arrays have higher
	325	# priority.
	326	#
	327	# Hashes take the following format:
	328	# {
	329	# aes => {
	330	# op => "+", # defaults to "" if undefined
	331	# reason => "to support AES acceleration", # for override warnings
	332	# value => "" # needed for kvm=off (value: off) etc...
	333	# },
	334	# ...
	335	# }
	336	sub resolve_cpu_flags {
	337	my $flags = {};
	338
	339	for my $hash (@_) {
	340	for my $flag_name (keys %$hash) {
	341	my $flag = $hash->{$flag_name};
	342	my $old_flag = $flags->{$flag_name};
	343
	344	$flag->{op} //= "";
	345	$flag->{reason} //= "unknown origin";
	346
	347	if ($old_flag) {
	348	my $value_changed = (defined($flag->{value}) != defined($old_flag->{value})) \|\|
	349	(defined($flag->{value}) && $flag->{value} ne $old_flag->{value});
	350
	351	if ($old_flag->{op} eq $flag->{op} && !$value_changed) {
	352	$flags->{$flag_name}->{reason} .= " & $flag->{reason}";
	353	next;
	354	}
	355
	356	my $old = print_cpuflag_hash($flag_name, $flags->{$flag_name});
	357	my $new = print_cpuflag_hash($flag_name, $flag);
	358	warn "warning: CPU flag/setting $new overwrites $old\n";
	359	}
	360
	361	$flags->{$flag_name} = $flag;
	362	}
	363	}
	364
	365	my $flag_str = '';
	366	# sort for command line stability
	367	for my $flag_name (sort keys %$flags) {
	368	$flag_str .= ',';
	369	$flag_str .= $flags->{$flag_name}->{op};
	370	$flag_str .= $flag_name;
	371	$flag_str .= "=$flags->{$flag_name}->{value}"
	372	if $flags->{$flag_name}->{value};
	373	}
	374
	375	return $flag_str;
	376	}
	377
	378	sub print_cpuflag_hash {
	379	my ($flag_name, $flag) = @_;
	380	my $formatted = "'$flag->{op}$flag_name";
	381	$formatted .= "=$flag->{value}" if defined($flag->{value});
	382	$formatted .= "'";
	383	$formatted .= " ($flag->{reason})" if defined($flag->{reason});
	384	return $formatted;
	385	}
	386
d786a274 SR	387	# Calculate QEMU's '-cpu' argument from a given VM configuration
	388	sub get_cpu_options {
	389	my ($conf, $arch, $kvm, $kvm_off, $machine_version, $winversion, $gpu_passthrough) = @_;
	390
	391	my $cpuFlags = [];
	392	my $ostype = $conf->{ostype};
	393
	394	my $cpu = $kvm ? "kvm64" : "qemu64";
	395	if ($arch eq 'aarch64') {
	396	$cpu = 'cortex-a57';
	397	}
	398	my $hv_vendor_id;
	399	if (my $cputype = $conf->{cpu}) {
	400	my $cpuconf = PVE::JSONSchema::parse_property_string($cpu_fmt, $cputype)
	401	or die "Cannot parse cpu description: $cputype\n";
	402	$cpu = $cpuconf->{cputype};
	403	$kvm_off = 1 if $cpuconf->{hidden};
	404	$hv_vendor_id = $cpuconf->{'hv-vendor-id'};
	405
	406	if (defined(my $flags = $cpuconf->{flags})) {
	407	push @$cpuFlags, split(";", $flags);
	408	}
	409	}
	410
	411	push @$cpuFlags , '+lahf_lm' if $cpu eq 'kvm64' && $arch eq 'x86_64';
	412
	413	push @$cpuFlags , '-x2apic' if $ostype && $ostype eq 'solaris';
	414
	415	push @$cpuFlags, '+sep' if $cpu eq 'kvm64' \|\| $cpu eq 'kvm32';
	416
	417	push @$cpuFlags, '-rdtscp' if $cpu =~ m/^Opteron/;
	418
	419	if (min_version($machine_version, 2, 3) && $arch eq 'x86_64') {
	420
	421	push @$cpuFlags , '+kvm_pv_unhalt' if $kvm;
	422	push @$cpuFlags , '+kvm_pv_eoi' if $kvm;
	423	}
	424
	425	add_hyperv_enlightenments($cpuFlags, $winversion, $machine_version, $conf->{bios}, $gpu_passthrough, $hv_vendor_id) if $kvm;
	426
	427	push @$cpuFlags, 'enforce' if $cpu ne 'host' && $kvm && $arch eq 'x86_64';
	428
	429	push @$cpuFlags, 'kvm=off' if $kvm_off;
	430
	431	if (my $cpu_vendor = $cpu_vendor_list->{$cpu}) {
	432	push @$cpuFlags, "vendor=${cpu_vendor}"
	433	if $cpu_vendor ne 'default';
	434	} elsif ($arch ne 'aarch64') {
	435	die "internal error"; # should not happen
	436	}
	437
	438	$cpu .= "," . join(',', @$cpuFlags) if scalar(@$cpuFlags);
	439
	440	return ('-cpu', $cpu);
	441	}
	442
	443	sub add_hyperv_enlightenments {
	444	my ($cpuFlags, $winversion, $machine_version, $bios, $gpu_passthrough, $hv_vendor_id) = @_;
	445
	446	return if $winversion < 6;
	447	return if $bios && $bios eq 'ovmf' && $winversion < 8;
	448
	449	if ($gpu_passthrough \|\| defined($hv_vendor_id)) {
	450	$hv_vendor_id //= 'proxmox';
451	push @$cpuFlags , "hv_vendor_id=$hv_vendor_id";
452	}
453
454	if (min_version($machine_version, 2, 3)) {
455	push @$cpuFlags , 'hv_spinlocks=0x1fff';
456	push @$cpuFlags , 'hv_vapic';
457	push @$cpuFlags , 'hv_time';
458	} else {
459	push @$cpuFlags , 'hv_spinlocks=0xffff';
460	}
461
462	if (min_version($machine_version, 2, 6)) {
463	push @$cpuFlags , 'hv_reset';
464	push @$cpuFlags , 'hv_vpindex';
465	push @$cpuFlags , 'hv_runtime';
466	}
467
468	if ($winversion >= 7) {
469	push @$cpuFlags , 'hv_relaxed';
470
471	if (min_version($machine_version, 2, 12)) {
472	push @$cpuFlags , 'hv_synic';
473	push @$cpuFlags , 'hv_stimer';
474	}
475
476	if (min_version($machine_version, 3, 1)) {
477	push @$cpuFlags , 'hv_ipi';
478	}
479	}
480	}
481
58c64ad5 SR	482	sub get_cpu_from_running_vm {
	483	my ($pid) = @_;
	484
	485	my $cmdline = PVE::QemuServer::Helpers::parse_cmdline($pid);
	486	die "could not read commandline of running machine\n"
	487	if !$cmdline->{cpu}->{value};
	488
	489	# sanitize and untaint value
	490	$cmdline->{cpu}->{value} =~ $qemu_cmdline_cpu_re;
	491	return $1;
	492	}
	493
b3e89488 SR	494	__PACKAGE__->register();
	495	__PACKAGE__->init();
	496
d786a274	497	1;