# under certain race-conditions, this module might be loaded before pve-cluster
# has started completely, so ensure we don't prevent the FUSE mount with our dir
-if (PVE::Cluster::check_cfs_is_mounted()) {
+if (PVE::Cluster::check_cfs_is_mounted(1)) {
mkdir "/etc/pve/virtual-guest";
}
my $default_filename = "virtual-guest/cpu-models.conf";
-cfs_register_file($default_filename,
- sub { PVE::QemuServer::CPUConfig->parse_config(@_); },
- sub { PVE::QemuServer::CPUConfig->write_config(@_); });
+cfs_register_file(
+ $default_filename,
+ sub { PVE::QemuServer::CPUConfig->parse_config(@_); },
+ sub { PVE::QemuServer::CPUConfig->write_config(@_); },
+);
sub load_custom_model_conf {
return cfs_read_file($default_filename);
}
+my $depreacated_cpu_map = {
+ # there never was such a client CPU, so map it to the server one for backward compat
+ 'Icelake-Client' => 'Icelake-Server',
+ 'Icelake-Client-noTSX' => 'Icelake-Server-noTSX',
+};
+
my $cpu_vendor_list = {
# Intel CPUs
486 => 'GenuineIntel',
'Cascadelake-Server' => 'GenuineIntel',
'Cascadelake-Server-noTSX' => 'GenuineIntel',
KnightsMill => 'GenuineIntel',
- 'Icelake-Client' => 'GenuineIntel',
- 'Icelake-Client-noTSX' => 'GenuineIntel',
+ 'Icelake-Client' => 'GenuineIntel', # depreacated, removed with QEMU 7.1
+ 'Icelake-Client-noTSX' => 'GenuineIntel', # depreacated, removed with QEMU 7.1
'Icelake-Server' => 'GenuineIntel',
'Icelake-Server-noTSX' => 'GenuineIntel',
Opteron_G5 => 'AuthenticAMD',
EPYC => 'AuthenticAMD',
'EPYC-IBPB' => 'AuthenticAMD',
+ 'EPYC-Rome' => 'AuthenticAMD',
+ 'EPYC-Milan' => 'AuthenticAMD',
# generic types, use vendor from host node
host => 'default',
'hv-evmcs',
'aes'
);
-my $cpu_flag = qr/[+-](@{[join('|', @supported_cpu_flags)]})/;
+my $cpu_flag_supported_re = qr/([+-])(@{[join('|', @supported_cpu_flags)]})/;
+my $cpu_flag_any_re = qr/([+-])([a-zA-Z0-9\-_\.]+)/;
-our $cpu_fmt = {
+our $qemu_cmdline_cpu_re = qr/^((?>[+-]?[\w\-\._=]+,?)+)$/;
+
+my $cpu_fmt = {
cputype => {
description => "Emulated CPU type. Can be default or custom name (custom model names must be prefixed with 'custom-').",
type => 'string',
},
'reported-model' => {
description => "CPU model and vendor to report to the guest. Must be a QEMU/KVM supported model."
- . " Only valid for custom CPU model definitions, default models will always report themselves to the guest OS.",
+ ." Only valid for custom CPU model definitions, default models will always report themselves to the guest OS.",
type => 'string',
enum => [ sort { lc("$a") cmp lc("$b") } keys %$cpu_vendor_list ],
default => 'kvm64',
optional => 1,
},
flags => {
- description => "List of additional CPU flags separated by ';'."
- . " Use '+FLAG' to enable, '-FLAG' to disable a flag."
- . " Currently supported flags: @{[join(', ', @supported_cpu_flags)]}.",
+ description => "List of additional CPU flags separated by ';'. Use '+FLAG' to enable,"
+ ." '-FLAG' to disable a flag. Custom CPU models can specify any flag supported by"
+ ." QEMU/KVM, VM-specific flags must be from the following set for security reasons: "
+ . join(', ', @supported_cpu_flags),
format_description => '+FLAG[;-FLAG...]',
type => 'string',
- pattern => qr/$cpu_flag(;$cpu_flag)*/,
+ pattern => qr/$cpu_flag_any_re(;$cpu_flag_any_re)*/,
+ optional => 1,
+ },
+ 'phys-bits' => {
+ type => 'string',
+ format => 'pve-phys-bits',
+ format_description => '8-64|host',
+ description => "The physical memory address bits that are reported to the guest OS. Should"
+ ." be smaller or equal to the host's. Set to 'host' to use value from host CPU, but"
+ ." note that doing so will break live migration to CPUs with other values.",
optional => 1,
},
};
+PVE::JSONSchema::register_format('pve-phys-bits', \&parse_phys_bits);
+sub parse_phys_bits {
+ my ($str, $noerr) = @_;
+
+ my $err_msg = "value must be an integer between 8 and 64 or 'host'\n";
+
+ if ($str !~ m/^(host|\d{1,2})$/) {
+ die $err_msg if !$noerr;
+ return;
+ }
+
+ if ($str =~ m/^\d+$/ && (int($str) < 8 || int($str) > 64)) {
+ die $err_msg if !$noerr;
+ return;
+ }
+
+ return $str;
+}
+
+# $cpu_fmt describes both the CPU config passed as part of a VM config, as well
+# as the definition of a custom CPU model. There are some slight differences
+# though, which we catch in the custom validation functions below.
+PVE::JSONSchema::register_format('pve-cpu-conf', $cpu_fmt, \&validate_cpu_conf);
+sub validate_cpu_conf {
+ my ($cpu) = @_;
+ # required, but can't be forced in schema since it's encoded in section header for custom models
+ die "CPU is missing cputype\n" if !$cpu->{cputype};
+ return $cpu;
+}
+PVE::JSONSchema::register_format('pve-vm-cpu-conf', $cpu_fmt, \&validate_vm_cpu_conf);
+sub validate_vm_cpu_conf {
+ my ($cpu) = @_;
+
+ validate_cpu_conf($cpu);
+
+ my $cputype = $cpu->{cputype};
+
+ # a VM-specific config is only valid if the cputype exists
+ if (is_custom_model($cputype)) {
+ # dies on unknown model
+ get_custom_model($cputype);
+ } else {
+ die "Built-in cputype '$cputype' is not defined (missing 'custom-' prefix?)\n"
+ if !defined($cpu_vendor_list->{$cputype});
+ }
+
+ # in a VM-specific config, certain properties are limited/forbidden
+
+ die "VM-specific CPU flags must be a subset of: @{[join(', ', @supported_cpu_flags)]}\n"
+ if ($cpu->{flags} && $cpu->{flags} !~ m/^$cpu_flag_supported_re(;$cpu_flag_supported_re)*$/);
+
+ die "Property 'reported-model' not allowed in VM-specific CPU config.\n"
+ if defined($cpu->{'reported-model'});
+
+ return $cpu;
+}
+
# Section config settings
my $defaultData = {
# shallow copy, since SectionConfig modifies propertyList internally
my ($type, $sectionId, $errmsg, $config) =
$class->SUPER::parse_section_header($line);
- return undef if !$type;
+ return if !$type;
return ($type, $sectionId, $errmsg, {
# name is given by section header, and we can always prepend 'custom-'
# since we're reading the custom CPU file
$class->SUPER::write_config($filename, $cfg);
}
+sub add_cpu_json_properties {
+ my ($prop) = @_;
+
+ foreach my $opt (keys %$cpu_fmt) {
+ $prop->{$opt} = $cpu_fmt->{$opt};
+ }
+
+ return $prop;
+}
+
+sub get_cpu_models {
+ my ($include_custom) = @_;
+
+ my $models = [];
+
+ for my $default_model (keys %{$cpu_vendor_list}) {
+ push @$models, {
+ name => $default_model,
+ custom => 0,
+ vendor => $cpu_vendor_list->{$default_model},
+ };
+ }
+
+ return $models if !$include_custom;
+
+ my $conf = load_custom_model_conf();
+ for my $custom_model (keys %{$conf->{ids}}) {
+ my $reported_model = $conf->{ids}->{$custom_model}->{'reported-model'};
+ $reported_model //= $cpu_fmt->{'reported-model'}->{default};
+ my $vendor = $cpu_vendor_list->{$reported_model};
+ push @$models, {
+ name => "custom-$custom_model",
+ custom => 1,
+ vendor => $vendor,
+ };
+ }
+
+ return $models;
+}
+
sub is_custom_model {
my ($cputype) = @_;
return $cputype =~ m/^custom-/;
my $entry = $conf->{ids}->{$name};
if (!defined($entry)) {
die "Custom cputype '$name' not found\n" if !$noerr;
- return undef;
+ return;
}
my $model = {};
my $kvm = $conf->{kvm} // 1;
my $cpu = $kvm ? "kvm64" : "qemu64";
if (my $cputype = $conf->{cpu}) {
- my $cpuconf = PVE::JSONSchema::parse_property_string($cpu_fmt, $cputype)
+ my $cpuconf = PVE::JSONSchema::parse_property_string('pve-vm-cpu-conf', $cputype)
or die "Cannot parse cpu description: $cputype\n";
$cpu = $cpuconf->{cputype};
if (is_custom_model($cpu)) {
my $custom_cpu = get_custom_model($cpu);
- $cpu = $custom_cpu->{'reported-model'} //
- $cpu_fmt->{'reported-model'}->{default};
+ $cpu = $custom_cpu->{'reported-model'} // $cpu_fmt->{'reported-model'}->{default};
+ }
+ if (my $replacement_type = $depreacated_cpu_map->{$cpu}) {
+ $cpu = $replacement_type;
}
}
my $current_core = ($id - 1) % $cores;
my $current_socket = int(($id - 1 - $current_core)/$cores);
+ # FIXME: hot plugging other architectures like our unofficial arch64 support?
return "$cpu-x86_64-cpu,id=cpu$id,socket-id=$current_socket,core-id=$current_core,thread-id=0";
}
-# Calculate QEMU's '-cpu' argument from a given VM configuration
-sub get_cpu_options {
- my ($conf, $arch, $kvm, $kvm_off, $machine_version, $winversion, $gpu_passthrough) = @_;
-
- my $cpuFlags = [];
- my $ostype = $conf->{ostype};
+# Resolves multiple arrays of hashes representing CPU flags with metadata to a
+# single string in QEMU "-cpu" compatible format. Later arrays have higher
+# priority.
+#
+# Hashes take the following format:
+# {
+# aes => {
+# op => "+", # defaults to "" if undefined
+# reason => "to support AES acceleration", # for override warnings
+# value => "" # needed for kvm=off (value: off) etc...
+# },
+# ...
+# }
+sub resolve_cpu_flags {
+ my $flags = {};
+
+ for my $hash (@_) {
+ for my $flag_name (keys %$hash) {
+ my $flag = $hash->{$flag_name};
+ my $old_flag = $flags->{$flag_name};
+
+ $flag->{op} //= "";
+ $flag->{reason} //= "unknown origin";
+
+ if ($old_flag) {
+ my $value_changed = (defined($flag->{value}) != defined($old_flag->{value})) ||
+ (defined($flag->{value}) && $flag->{value} ne $old_flag->{value});
+
+ if ($old_flag->{op} eq $flag->{op} && !$value_changed) {
+ $flags->{$flag_name}->{reason} .= " & $flag->{reason}";
+ next;
+ }
+
+ my $old = print_cpuflag_hash($flag_name, $flags->{$flag_name});
+ my $new = print_cpuflag_hash($flag_name, $flag);
+ warn "warning: CPU flag/setting $new overwrites $old\n";
+ }
+
+ $flags->{$flag_name} = $flag;
+ }
+ }
- my $cpu = $kvm ? "kvm64" : "qemu64";
- if ($arch eq 'aarch64') {
- $cpu = 'cortex-a57';
+ my $flag_str = '';
+ # sort for command line stability
+ for my $flag_name (sort keys %$flags) {
+ $flag_str .= ',';
+ $flag_str .= $flags->{$flag_name}->{op};
+ $flag_str .= $flag_name;
+ $flag_str .= "=$flags->{$flag_name}->{value}"
+ if $flags->{$flag_name}->{value};
}
- my $hv_vendor_id;
- if (my $cputype = $conf->{cpu}) {
- my $cpuconf = PVE::JSONSchema::parse_property_string($cpu_fmt, $cputype)
- or die "Cannot parse cpu description: $cputype\n";
- $cpu = $cpuconf->{cputype};
- $kvm_off = 1 if $cpuconf->{hidden};
- $hv_vendor_id = $cpuconf->{'hv-vendor-id'};
- if (defined(my $flags = $cpuconf->{flags})) {
- push @$cpuFlags, split(";", $flags);
+ return $flag_str;
+}
+
+sub print_cpuflag_hash {
+ my ($flag_name, $flag) = @_;
+ my $formatted = "'$flag->{op}$flag_name";
+ $formatted .= "=$flag->{value}" if defined($flag->{value});
+ $formatted .= "'";
+ $formatted .= " ($flag->{reason})" if defined($flag->{reason});
+ return $formatted;
+}
+
+sub parse_cpuflag_list {
+ my ($re, $reason, $flaglist) = @_;
+
+ my $res = {};
+ return $res if !$flaglist;
+
+ foreach my $flag (split(";", $flaglist)) {
+ if ($flag =~ m/^$re$/) {
+ $res->{$2} = { op => $1, reason => $reason };
}
}
- push @$cpuFlags , '+lahf_lm' if $cpu eq 'kvm64' && $arch eq 'x86_64';
+ return $res;
+}
- push @$cpuFlags , '-x2apic' if $ostype && $ostype eq 'solaris';
+# Calculate QEMU's '-cpu' argument from a given VM configuration
+sub get_cpu_options {
+ my ($conf, $arch, $kvm, $kvm_off, $machine_version, $winversion, $gpu_passthrough) = @_;
- push @$cpuFlags, '+sep' if $cpu eq 'kvm64' || $cpu eq 'kvm32';
+ my $cputype = $kvm ? "kvm64" : "qemu64";
+ if ($arch eq 'aarch64') {
+ $cputype = 'cortex-a57';
+ }
- push @$cpuFlags, '-rdtscp' if $cpu =~ m/^Opteron/;
+ my $cpu = {};
+ my $custom_cpu;
+ my $hv_vendor_id;
+ if (my $cpu_prop_str = $conf->{cpu}) {
+ $cpu = PVE::JSONSchema::parse_property_string('pve-vm-cpu-conf', $cpu_prop_str)
+ or die "Cannot parse cpu description: $cpu_prop_str\n";
- if (min_version($machine_version, 2, 3) && $arch eq 'x86_64') {
+ $cputype = $cpu->{cputype};
- push @$cpuFlags , '+kvm_pv_unhalt' if $kvm;
- push @$cpuFlags , '+kvm_pv_eoi' if $kvm;
- }
+ if (is_custom_model($cputype)) {
+ $custom_cpu = get_custom_model($cputype);
- add_hyperv_enlightenments($cpuFlags, $winversion, $machine_version, $conf->{bios}, $gpu_passthrough, $hv_vendor_id) if $kvm;
+ $cputype = $custom_cpu->{'reported-model'} // $cpu_fmt->{'reported-model'}->{default};
+ $kvm_off = $custom_cpu->{hidden} if defined($custom_cpu->{hidden});
+ $hv_vendor_id = $custom_cpu->{'hv-vendor-id'};
+ }
- push @$cpuFlags, 'enforce' if $cpu ne 'host' && $kvm && $arch eq 'x86_64';
+ if (my $replacement_type = $depreacated_cpu_map->{$cputype}) {
+ $cputype = $replacement_type;
+ }
- push @$cpuFlags, 'kvm=off' if $kvm_off;
+ # VM-specific settings override custom CPU config
+ $kvm_off = $cpu->{hidden} if defined($cpu->{hidden});
+ $hv_vendor_id = $cpu->{'hv-vendor-id'} if defined($cpu->{'hv-vendor-id'});
+ }
- if (my $cpu_vendor = $cpu_vendor_list->{$cpu}) {
- push @$cpuFlags, "vendor=${cpu_vendor}"
- if $cpu_vendor ne 'default';
+ my $pve_flags = get_pve_cpu_flags($conf, $kvm, $cputype, $arch, $machine_version);
+
+ my $hv_flags = $kvm
+ ? get_hyperv_enlightenments(
+ $winversion,
+ $machine_version,
+ $conf->{bios},
+ $gpu_passthrough,
+ $hv_vendor_id,
+ )
+ : undef;
+
+ my $custom_cputype_flags = parse_cpuflag_list(
+ $cpu_flag_any_re, "set by custom CPU model", $custom_cpu->{flags});
+
+ my $vm_flags = parse_cpuflag_list(
+ $cpu_flag_supported_re, "manually set for VM", $cpu->{flags});
+
+ my $pve_forced_flags = {};
+ $pve_forced_flags->{'enforce'} = {
+ reason => "error if requested CPU settings not available",
+ } if $cputype ne 'host' && $kvm && $arch eq 'x86_64';
+ $pve_forced_flags->{'kvm'} = {
+ value => "off",
+ reason => "hide KVM virtualization from guest",
+ } if $kvm_off;
+
+ # $cputype is the "reported-model" for custom types, so we can just look up
+ # the vendor in the default list
+ my $cpu_vendor = $cpu_vendor_list->{$cputype};
+ if ($cpu_vendor) {
+ $pve_forced_flags->{'vendor'} = {
+ value => $cpu_vendor,
+ } if $cpu_vendor ne 'default';
} elsif ($arch ne 'aarch64') {
die "internal error"; # should not happen
}
- $cpu .= "," . join(',', @$cpuFlags) if scalar(@$cpuFlags);
+ my $cpu_str = $cputype;
+
+ # will be resolved in parameter order
+ $cpu_str .= resolve_cpu_flags(
+ $pve_flags, $hv_flags, $custom_cputype_flags, $vm_flags, $pve_forced_flags);
+
+ my $phys_bits = '';
+ foreach my $conf ($custom_cpu, $cpu) {
+ next if !defined($conf);
+ my $conf_val = $conf->{'phys-bits'};
+ next if !$conf_val;
+ if ($conf_val eq 'host') {
+ $phys_bits = ",host-phys-bits=true";
+ } else {
+ $phys_bits = ",phys-bits=$conf_val";
+ }
+ }
+ $cpu_str .= $phys_bits;
- return ('-cpu', $cpu);
+ return ('-cpu', $cpu_str);
}
-sub add_hyperv_enlightenments {
- my ($cpuFlags, $winversion, $machine_version, $bios, $gpu_passthrough, $hv_vendor_id) = @_;
+# Some hardcoded flags required by certain configurations
+sub get_pve_cpu_flags {
+ my ($conf, $kvm, $cputype, $arch, $machine_version) = @_;
+
+ my $pve_flags = {};
+ my $pve_msg = "set by PVE;";
+
+ $pve_flags->{'lahf_lm'} = {
+ op => '+',
+ reason => "$pve_msg to support Windows 8.1+",
+ } if $cputype eq 'kvm64' && $arch eq 'x86_64';
+
+ $pve_flags->{'x2apic'} = {
+ op => '-',
+ reason => "$pve_msg incompatible with Solaris",
+ } if $conf->{ostype} && $conf->{ostype} eq 'solaris';
+
+ $pve_flags->{'sep'} = {
+ op => '+',
+ reason => "$pve_msg to support Windows 8+ and improve Windows XP+",
+ } if $cputype eq 'kvm64' || $cputype eq 'kvm32';
+
+ $pve_flags->{'rdtscp'} = {
+ op => '-',
+ reason => "$pve_msg broken on AMD Opteron",
+ } if $cputype =~ m/^Opteron/;
+
+ if (min_version($machine_version, 2, 3) && $kvm && $arch eq 'x86_64') {
+ $pve_flags->{'kvm_pv_unhalt'} = {
+ op => '+',
+ reason => "$pve_msg to improve Linux guest spinlock performance",
+ };
+ $pve_flags->{'kvm_pv_eoi'} = {
+ op => '+',
+ reason => "$pve_msg to improve Linux guest interrupt performance",
+ };
+ }
+
+ return $pve_flags;
+}
+
+sub get_hyperv_enlightenments {
+ my ($winversion, $machine_version, $bios, $gpu_passthrough, $hv_vendor_id) = @_;
return if $winversion < 6;
return if $bios && $bios eq 'ovmf' && $winversion < 8;
- if ($gpu_passthrough || defined($hv_vendor_id)) {
+ my $flags = {};
+ my $default_reason = "automatic Hyper-V enlightenment for Windows";
+ my $flagfn = sub {
+ my ($flag, $value, $reason) = @_;
+ $flags->{$flag} = {
+ reason => $reason // $default_reason,
+ value => $value,
+ }
+ };
+
+ my $hv_vendor_set = defined($hv_vendor_id);
+ if ($gpu_passthrough || $hv_vendor_set) {
$hv_vendor_id //= 'proxmox';
- push @$cpuFlags , "hv_vendor_id=$hv_vendor_id";
+ $flagfn->('hv_vendor_id', $hv_vendor_id, $hv_vendor_set ?
+ "custom hv_vendor_id set" : "NVIDIA workaround for GPU passthrough");
}
if (min_version($machine_version, 2, 3)) {
- push @$cpuFlags , 'hv_spinlocks=0x1fff';
- push @$cpuFlags , 'hv_vapic';
- push @$cpuFlags , 'hv_time';
+ $flagfn->('hv_spinlocks', '0x1fff');
+ $flagfn->('hv_vapic');
+ $flagfn->('hv_time');
} else {
- push @$cpuFlags , 'hv_spinlocks=0xffff';
+ $flagfn->('hv_spinlocks', '0xffff');
}
if (min_version($machine_version, 2, 6)) {
- push @$cpuFlags , 'hv_reset';
- push @$cpuFlags , 'hv_vpindex';
- push @$cpuFlags , 'hv_runtime';
+ $flagfn->('hv_reset');
+ $flagfn->('hv_vpindex');
+ $flagfn->('hv_runtime');
}
if ($winversion >= 7) {
- push @$cpuFlags , 'hv_relaxed';
+ my $win7_reason = $default_reason . " 7 and higher";
+ $flagfn->('hv_relaxed', undef, $win7_reason);
if (min_version($machine_version, 2, 12)) {
- push @$cpuFlags , 'hv_synic';
- push @$cpuFlags , 'hv_stimer';
+ $flagfn->('hv_synic', undef, $win7_reason);
+ $flagfn->('hv_stimer', undef, $win7_reason);
}
if (min_version($machine_version, 3, 1)) {
- push @$cpuFlags , 'hv_ipi';
+ $flagfn->('hv_ipi', undef, $win7_reason);
}
}
+
+ return $flags;
+}
+
+sub get_cpu_from_running_vm {
+ my ($pid) = @_;
+
+ my $cmdline = PVE::QemuServer::Helpers::parse_cmdline($pid);
+ die "could not read commandline of running machine\n"
+ if !$cmdline->{cpu}->{value};
+
+ # sanitize and untaint value
+ $cmdline->{cpu}->{value} =~ $qemu_cmdline_cpu_re;
+ return $1;
}
__PACKAGE__->register();
projects / qemu-server.git / blobdiff