[pve-devel] [PATCH-SERIES qemu-server/manager 0/7] VM CPU flags: introduce vendor-agnostic 'nested-virt' CPU flag

Fri Nov 7 13:13:18 CET 2025

On Fri Nov 7, 2025 at 12:33 PM CET, Fiona Ebner wrote:
> Am 06.11.25 um 6:14 PM schrieb Daniel Kral:
>> - setting e.g. `-vmx` in a custom model and `+nested-virt` in the VM's
>>   cpu flags will result in:
>> 
>>     CPU flag 'nested-virt' resolved to 'vmx'
>>     warning: CPU flag/setting '+vmx' (manually set for VM) overwrites
>>     '-vmx' (set by custom CPU model)
>> 
>> - but setting `-vmx` in the custom model and `-nested-virt` in the VM's
>>   cpu flags will result in only:
>> 
>>     CPU flag 'nested-virt' resolved to 'vmx'
>> 
>> The same happens vice versa with `+vmx` in the custom model and
>> `{+,-}nested-virt` in the VM's cpu flags.
>
> Well yes, this is part of the existing logic. Such a warning will only
> get logged if settings on different configuration levels are
> incompatible with each other.
>
> Note that the warning I added in the series is different and triggers
> only when both nested-virt and smv/vmx are defined on the same level of
> configuration.

As pointed out off-list, this was more of a summary what I've tested and
I think the messages are very good to have to see what 'nested-virt'
resolves to in the end.

>
>> From what I can figure this should also work with live migration,
>> because resolve_cpu_flags will be called at vm_start, right?
>
> My series does not change anything there. Between compatible models, it
> will work. Between incompatible models, for example one with the flag,
> one without or between different vendors, will not.
>
> But there is no early error and that is bad. We only pass along the
> running CPU during migration when a custom model is used, but not
> otherwise. I'll make sure to also pass it along if the nested-virt flag
> is used in v2! And I'll mention the caveat in the description to make
> sure people won't think this will magically make live migration between
> different vendors with nesting work or something.

Yeah that would be a good notice to have even though changing cpu
vendors in a 'hotplug' fashion isn't usually what I'd think someone
would expect, but you never know :).