Changeset View
Standalone View
share/man/man4/vmm.4
| Show First 20 Lines • Show All 53 Lines • ▼ Show 20 Lines | |||||||||
| controller. | controller. | ||||||||
| VHE support will be used if available. | VHE support will be used if available. | ||||||||
| .It | .It | ||||||||
| riscv: The CPUs must implement the H (hypervisor) RISC-V ISA extension. | riscv: The CPUs must implement the H (hypervisor) RISC-V ISA extension. | ||||||||
| .El | .El | ||||||||
| .Pp | .Pp | ||||||||
| PCI device passthrough to a virtual machine requires | PCI device passthrough to a virtual machine requires | ||||||||
| hardware with VT-d support and is available only on amd64. | hardware with VT-d support and is available only on amd64. | ||||||||
| .Sh ACCESS CONTROL | |||||||||
| Only the super-user and processes with write access to the | |||||||||
| .Pa /dev/vmmctl | |||||||||
| device file may create and destroy virtual machines. | |||||||||
| By default, members of the | |||||||||
| .Va vmm | |||||||||
ziaee: You're using Va here but nothing in bhyve.8 | |||||||||
| group have such access. | |||||||||
| Once created, a virtual machine may be destroyed only by that user or | |||||||||
| the super-user. | |||||||||
| .Pp | |||||||||
| Unprivileged users must use | |||||||||
| .Dq monitor mode | |||||||||
| to run the virtual machine; in this mode, the virtual machine is automatically | |||||||||
| destroyed when its device file is closed. | |||||||||
| When running | |||||||||
| .Xr bhyve 8 , | |||||||||
| this mode can be selected by specifying the | |||||||||
| .Fl M | |||||||||
| flag. | |||||||||
| .Pp | |||||||||
| Virtual machines can be created in a jail if the jail has the | |||||||||
| .Va allow.vmm | |||||||||
| flag set. | |||||||||
| .Sh PCI PASSTHROUGH | .Sh PCI PASSTHROUGH | ||||||||
Not Done Inline ActionsGiven the changes in D54739, should we perhaps add an explicit disclaimer about PCI passthrough not being supported for unprivileged users? bnovkov: Given the changes in D54739, should we perhaps add an explicit disclaimer about PCI passthrough… | |||||||||
Done Inline ActionsYes, that's a good point. I should make passthru_init() print a message when it fails due to lack of permissions. I also realized after the fact that pci_lpc_get_sel() will fail with unprivileged bhyve, but the info it's fetching is available to unprivileged users via PCIOCGETCONF. We should rewrite that code to use PCIOCGETCONF instead. markj: Yes, that's a good point. I should make passthru_init() print a message when it fails due to… | |||||||||
Not Done Inline Actions
wonder if its worth having a block of sanity-checks specific to provide normal users with fine-grained error messages? if (normal_user) is_bhyve_in_monitor_mode() is_passthru_being_requested() is_user_in_vmm_group() I did notice the error message you already have for monitor mode...that was helpful hint when I tested this out
yea, I saw this warning when I tried this out...the review https://reviews.freebsd.org/D39311 that brought the warning in made it sound like a somewhat expected scenario I was gonna look into further it but I'm glad you mentioned the future fix here rew: > Yes, that's a good point. I should make passthru_init() print a message when it fails due to… | |||||||||
| On amd64 where the hardware supports VT-d, | On amd64 where the hardware supports VT-d, | ||||||||
| PCI devices can be reserved for use by the hypervisor. | PCI devices can be reserved for use by the hypervisor. | ||||||||
| Entries consisting of the PCI | Entries consisting of the PCI | ||||||||
| .Ar bus Ns / Ns Ar slot Ns / Ns Ar function | .Ar bus Ns / Ns Ar slot Ns / Ns Ar function | ||||||||
| are added to the | are added to the | ||||||||
| .Va pptdevs | .Va pptdevs | ||||||||
| .Xr loader.conf 5 | .Xr loader.conf 5 | ||||||||
| variable. | variable. | ||||||||
| Show All 23 Lines | |||||||||
| 128-character limit of | 128-character limit of | ||||||||
| .Xr loader.conf 5 | .Xr loader.conf 5 | ||||||||
| variables. | variables. | ||||||||
| The | The | ||||||||
| .Va pptdevs2 | .Va pptdevs2 | ||||||||
| and | and | ||||||||
| .Va pptdevs3 | .Va pptdevs3 | ||||||||
| variables can be used for additional entries. | variables can be used for additional entries. | ||||||||
| .Pp | |||||||||
| In general, PCI passthrough cannot be used when running | |||||||||
| .Xr bhyve 8 | |||||||||
| as an unprivileged user or in a jail, as this feature requires write | |||||||||
| access to | |||||||||
| .Pa /dev/pci . | |||||||||
| .Sh LOADER TUNABLES | .Sh LOADER TUNABLES | ||||||||
| Tunables can be set at the | Tunables can be set at the | ||||||||
| .Xr loader 8 | .Xr loader 8 | ||||||||
| prompt before booting the kernel or stored in | prompt before booting the kernel or stored in | ||||||||
| .Xr loader.conf 5 . | .Xr loader.conf 5 . | ||||||||
| .Bl -tag -width indent | .Bl -tag -width indent | ||||||||
| .It Va hw.vmm.maxcpu | .It Va hw.vmm.maxcpu | ||||||||
| Maximum number of virtual CPUs. | Maximum number of virtual CPUs. | ||||||||
| The default is the number of physical CPUs in the system. | The default is the number of physical CPUs in the system. | ||||||||
| .El | .El | ||||||||
| .Sh FILES | |||||||||
| .Bl -tag -width /dev/vmmctl -compact | |||||||||
ziaeeUnsubmitted Not Done Inline Actions
ziaee: | |||||||||
| .It Pa /dev/vmmctl | |||||||||
| control interface for creating and destroying virtual machines. | |||||||||
| .It Pa /dev/vmm/* | |||||||||
| device interface for individual virtual machines. | |||||||||
| .It Pa /dev/vmm.io/* | |||||||||
| device interface for device memory mapped into virtual machines. | |||||||||
| .Sh EXAMPLES | .Sh EXAMPLES | ||||||||
| Reserve three PCI devices for use by the hypervisor: bus 10 slot 0 function 0, | Reserve three PCI devices for use by the hypervisor: bus 10 slot 0 function 0, | ||||||||
| bus 6 slot 5 function 0, and bus 6 slot 5 function 1. | bus 6 slot 5 function 0, and bus 6 slot 5 function 1. | ||||||||
| .Bd -literal -offset indent | .Bd -literal -offset indent | ||||||||
| pptdevs="10/0/0 6/5/0 6/5/1" | pptdevs="10/0/0 6/5/0 6/5/1" | ||||||||
| .Ed | .Ed | ||||||||
| .Pp | .Pp | ||||||||
| It is possible to detach | It is possible to detach | ||||||||
| Show All 18 Lines | |||||||||
| back: | back: | ||||||||
| .Bd -literal -offset indent | .Bd -literal -offset indent | ||||||||
| # devctl set driver -f pci0:0:1:0 ppt | # devctl set driver -f pci0:0:1:0 ppt | ||||||||
| .Ed | .Ed | ||||||||
| .Sh SEE ALSO | .Sh SEE ALSO | ||||||||
| .Xr bhyve 4 , | .Xr bhyve 4 , | ||||||||
| .Xr loader.conf 5 , | .Xr loader.conf 5 , | ||||||||
| .Xr bhyve 8 , | .Xr bhyve 8 , | ||||||||
| .Xr bhyvectl 8 , | |||||||||
| .Xr bhyveload 8 , | .Xr bhyveload 8 , | ||||||||
| .Xr devctl 8 , | .Xr devctl 8 , | ||||||||
| .Xr jail 8 , | |||||||||
| .Xr kldload 8 | .Xr kldload 8 | ||||||||
| .Sh HISTORY | .Sh HISTORY | ||||||||
| .Nm vmm.ko | .Nm vmm.ko | ||||||||
| first appeared in | first appeared in | ||||||||
| .Fx 10.0 . | .Fx 10.0 . | ||||||||
| arm64 and riscv support first appeared in | arm64 and riscv support first appeared in | ||||||||
| .Fx 15.0 . | .Fx 15.0 . | ||||||||
| .Sh AUTHORS | .Sh AUTHORS | ||||||||
| .An Neel Natu Aq neel@freebsd.org | .An Neel Natu Aq neel@freebsd.org | ||||||||
| .An Peter Grehan Aq grehan@freebsd.org | .An Peter Grehan Aq grehan@freebsd.org | ||||||||
You're using Va here but nothing in bhyve.8