[pve-devel] [PATCH-SERIES qemu-server/manager 0/7] VM CPU flags: introduce vendor-agnostic 'nested-virt' CPU flag

Thu Nov 6 18:13:39 CET 2025

On Fri Oct 31, 2025 at 1:27 PM CET, Fiona Ebner wrote:
> The flag will automatically resolve to the flag required for the
> current CPU on the host. The 'nested-virt' flag takes precendence over
> the CPU-specific flag for nesting which might already be present with
> custom CPU models. In that case, a warning is printed.
>
> Moves the cpu flag descriptions to qemu-server and introduces an API
> endpoint for querying. Could later be extended with further
> information, for example, which flags are actually supported on the
> current host (some are specific to vendor or CPU).
>
> Dependency and build-dependency bump pve-manger -> qemu-server needed!

Works great for what I have tested on an Intel CPU:

- setting both `-nested-virt` and `+nested-virt` results in:

    CPU flag 'nested-virt' resolved to 'vmx'

but only the latter will make `lscpu | grep vmx` true. I think it's
valueable to also show it in the former case `-nested-virt`.

- setting e.g. `-vmx` in a custom model and `+nested-virt` in the VM's
  cpu flags will result in:

    CPU flag 'nested-virt' resolved to 'vmx'
    warning: CPU flag/setting '+vmx' (manually set for VM) overwrites
    '-vmx' (set by custom CPU model)

- but setting `-vmx` in the custom model and `-nested-virt` in the VM's
  cpu flags will result in only:

    CPU flag 'nested-virt' resolved to 'vmx'

The same happens vice versa with `+vmx` in the custom model and
`{+,-}nested-virt` in the VM's cpu flags.

>From what I can figure this should also work with live migration,
because resolve_cpu_flags will be called at vm_start, right?