From 4dd1e83c7584670cb32dd39d85ac08fd1951c20a Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Fri, 5 Mar 2021 20:46:28 +0100
Subject: [PATCH] always pin windows VMs to a machine version by default

A fix for violating a important standard for booting[0] in recently
packaged QEMU 5.2 surfaced some issues with Windows based VMs in our
forum[1], which seem to be quite sensitive for such changes (it seems
they derive lots of their device assignment from ACPI).
User visible effects are loss of any network configuration due to
windows thinking it was swapped with a new one, and starts with a
fresh config - this is mostly problematic for setups with static
address assignment.

There may be lots of other, more subtle, effects and the PVE admin is
also not always the VM admin, so we really need to avoid such
negative effects. Do this by pinning the version of any windows based
VMs to either the minimum of (5.1, kvm-version) for existing VMs or
the kvm-version at time of VM creation for new ones.

There are patches in pve-manager for user to be able to change the
pinned version themself in the webinterface, so this can now also get
adapted more easily if there surface any other issues (with new or
old version) in the future.

0: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg08484.html
1: https://forum.proxmox.com/threads/warning-latest-patch-just-broke-all-my-windows-vms-6-3-4-patch-inside.84915/page-2#post-373331

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 PVE/API2/Qemu.pm                                | 14 ++++++++++++++
 PVE/QemuServer.pm                               | 17 ++++++++++++++++-
 .../custom-cpu-model-host-phys-bits.conf.cmd    |  2 +-
 test/cfg2cmd/custom-cpu-model.conf.cmd          |  2 +-
 test/cfg2cmd/i440fx-win10-hostpci.conf.cmd      |  2 +-
 test/cfg2cmd/q35-win10-hostpci.conf.cmd         |  2 +-
 test/cfg2cmd/spice-win.conf.cmd                 |  2 +-
 7 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index feb9ea8b..5015d82c 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -670,6 +670,20 @@ __PACKAGE__->register_method({
 			$conf->{vmgenid} = PVE::QemuServer::generate_uuid();
 		    }
 
+		    my $machine = $conf->{machine};
+		    if (!$machine || $machine =~ m/^(?:pc|q35|virt)$/) {
+			# always pin Windows' machine version on create, they get to easily confused
+			if (PVE::QemuServer::windows_version($conf->{ostype})) {
+			    my $pin_version = PVE::QemuServer::kvm_user_version();
+			    if (!$machine || $machine eq 'pc') {
+				$machine = "pc-i440fx-$pin_version";
+			    } elsif ($machine eq 'q35') {
+				$machine = "pc-q35-$pin_version";
+			    }
+			    $conf->{machine} = $machine;
+			}
+		    }
+
 		    PVE::QemuConfig->write_config($vmid, $conf);
 
 		};
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 2ee79339..0ac4fcfe 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -2897,10 +2897,25 @@ sub get_vm_machine {
     my $machine = $forcemachine || $conf->{machine};
 
     if (!$machine || $machine =~ m/^(?:pc|q35|virt)$/) {
+	$kvmversion //= kvm_user_version();
+	# we must pin Windows VMs without a specific version to 5.1, as 5.2 fixed a bug in ACPI
+	# layout which confuses windows quite a bit and may result in various regressions..
+	# see: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg08484.html
+	if (windows_version($conf->{ostype})) {
+	    my $pin_version = '5.1';
+	    if (!PVE::QemuServer::Machine::can_run_pve_machine_version($pin_version, $kvmversion)) {
+		$kvmversion =~ m/^(\d+\.\d+)/;
+		$pin_version = $1;
+	    }
+	    if (!$machine || $machine eq 'pc') {
+		$machine = "pc-i440fx-$pin_version";
+	    } elsif ($machine eq 'q35') {
+		$machine = "pc-q35-$pin_version";
+	    }
+	}
 	$arch //= 'x86_64';
 	$machine ||= $default_machines->{$arch};
 	if ($add_pve_version) {
-	    $kvmversion //= kvm_user_version();
 	    my $pvever = PVE::QemuServer::Machine::get_pve_version($kvmversion);
 	    $machine .= "+pve$pvever";
 	}
diff --git a/test/cfg2cmd/custom-cpu-model-host-phys-bits.conf.cmd b/test/cfg2cmd/custom-cpu-model-host-phys-bits.conf.cmd
index ea5dfc85..5492477c 100644
--- a/test/cfg2cmd/custom-cpu-model-host-phys-bits.conf.cmd
+++ b/test/cfg2cmd/custom-cpu-model-host-phys-bits.conf.cmd
@@ -24,5 +24,5 @@
   -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3' \
   -iscsi 'initiator-name=iqn.1993-08.org.debian:01:aabbccddeeff' \
   -rtc 'driftfix=slew,base=localtime' \
-  -machine 'type=pc+pve0' \
+  -machine 'type=pc-i440fx-5.1+pve0' \
   -global 'kvm-pit.lost_tick_policy=discard'
diff --git a/test/cfg2cmd/custom-cpu-model.conf.cmd b/test/cfg2cmd/custom-cpu-model.conf.cmd
index 7ad2e9b9..af27b65e 100644
--- a/test/cfg2cmd/custom-cpu-model.conf.cmd
+++ b/test/cfg2cmd/custom-cpu-model.conf.cmd
@@ -24,5 +24,5 @@
   -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3' \
   -iscsi 'initiator-name=iqn.1993-08.org.debian:01:aabbccddeeff' \
   -rtc 'driftfix=slew,base=localtime' \
-  -machine 'type=pc+pve0' \
+  -machine 'type=pc-i440fx-5.1+pve0' \
   -global 'kvm-pit.lost_tick_policy=discard'
diff --git a/test/cfg2cmd/i440fx-win10-hostpci.conf.cmd b/test/cfg2cmd/i440fx-win10-hostpci.conf.cmd
index a9c27209..f926be00 100644
--- a/test/cfg2cmd/i440fx-win10-hostpci.conf.cmd
+++ b/test/cfg2cmd/i440fx-win10-hostpci.conf.cmd
@@ -34,5 +34,5 @@
   -netdev 'type=tap,id=net0,ifname=tap8006i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown,vhost=on' \
   -device 'virtio-net-pci,mac=2E:01:68:F9:9C:87,netdev=net0,bus=pci.0,addr=0x12,id=net0,bootindex=300' \
   -rtc 'driftfix=slew,base=localtime' \
-  -machine 'type=pc+pve0' \
+  -machine 'type=pc-i440fx-5.1+pve0' \
   -global 'kvm-pit.lost_tick_policy=discard'
diff --git a/test/cfg2cmd/q35-win10-hostpci.conf.cmd b/test/cfg2cmd/q35-win10-hostpci.conf.cmd
index 4572348f..0ad8a3e0 100644
--- a/test/cfg2cmd/q35-win10-hostpci.conf.cmd
+++ b/test/cfg2cmd/q35-win10-hostpci.conf.cmd
@@ -35,5 +35,5 @@
   -netdev 'type=tap,id=net0,ifname=tap8006i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown,vhost=on' \
   -device 'virtio-net-pci,mac=2E:01:68:F9:9C:87,netdev=net0,bus=pci.0,addr=0x12,id=net0,bootindex=300' \
   -rtc 'driftfix=slew,base=localtime' \
-  -machine 'type=q35+pve0' \
+  -machine 'type=pc-q35-5.1+pve0' \
   -global 'kvm-pit.lost_tick_policy=discard'
diff --git a/test/cfg2cmd/spice-win.conf.cmd b/test/cfg2cmd/spice-win.conf.cmd
index 78e3c5e5..47dbd707 100644
--- a/test/cfg2cmd/spice-win.conf.cmd
+++ b/test/cfg2cmd/spice-win.conf.cmd
@@ -34,5 +34,5 @@
   -netdev 'type=tap,id=net0,ifname=tap8006i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown,vhost=on' \
   -device 'virtio-net-pci,mac=A2:C0:43:77:08:A1,netdev=net0,bus=pci.0,addr=0x12,id=net0,bootindex=300' \
   -rtc 'driftfix=slew,base=localtime' \
-  -machine 'type=pc' \
+  -machine 'type=pc-i440fx-4.0' \
   -global 'kvm-pit.lost_tick_policy=discard'