1.\" Copyright (c) 2013 Peter Grehan 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 24, 2018 28.Dt BHYVE 8 29.Os 30.Sh NAME 31.Nm bhyve 32.Nd "run a guest operating system inside a virtual machine" 33.Sh SYNOPSIS 34.Nm 35.Op Fl abehuwxACHPSWY 36.Oo 37.Fl c\~ Ns 38.Oo 39.Op Ar cpus= Ns 40.Ar numcpus Ns 41.Oc Ns 42.Op Ar ,sockets=n Ns 43.Op Ar ,cores=n Ns 44.Op Ar ,threads=n 45.Oc 46.Op Fl g Ar gdbport 47.Op Fl l Ar help|lpcdev Ns Op , Ns Ar conf 48.Op Fl m Ar memsize Ns Op Ar K|k|M|m|G|g|T|t 49.Op Fl p Ar vcpu:hostcpu 50.Op Fl s Ar help|slot,emulation Ns Op , Ns Ar conf 51.Op Fl G Ar port 52.Op Fl U Ar uuid 53.Ar vmname 54.Sh DESCRIPTION 55.Nm 56is a hypervisor that runs guest operating systems inside a 57virtual machine. 58.Pp 59Parameters such as the number of virtual CPUs, amount of guest memory, and 60I/O connectivity can be specified with command-line parameters. 61.Pp 62If not using a boot ROM, the guest operating system must be loaded with 63.Xr bhyveload 8 64or a similar boot loader before running 65.Nm , 66otherwise, it is enough to run 67.Nm 68with a boot ROM of choice. 69.Pp 70.Nm 71runs until the guest operating system reboots or an unhandled hypervisor 72exit is detected. 73.Sh OPTIONS 74.Bl -tag -width 10n 75.It Fl a 76The guest's local APIC is configured in xAPIC mode. 77The xAPIC mode is the default setting so this option is redundant. 78It will be deprecated in a future version. 79.It Fl A 80Generate ACPI tables. 81Required for 82.Fx Ns /amd64 83guests. 84.It Fl b 85Enable a low-level console device supported by 86.Fx 87kernels compiled with 88.Cd "device bvmconsole" . 89This option will be deprecated in a future version. 90.It Fl c Op Ar setting ... 91Number of guest virtual CPUs 92and/or the CPU topology. 93The default value for each of 94.Ar numcpus , 95.Ar sockets , 96.Ar cores , 97and 98.Ar threads 99is 1. 100The current maximum number of guest virtual CPUs is 16. 101If 102.Ar numcpus 103is not specified then it will be calculated from the other arguments. 104The topology must be consistent in that the 105.Ar numcpus 106must equal the product of 107.Ar sockets , 108.Ar cores , 109and 110.Ar threads . 111If a 112.Ar setting 113is specified more than once the last one has precedence. 114.It Fl C 115Include guest memory in core file. 116.It Fl e 117Force 118.Nm 119to exit when a guest issues an access to an I/O port that is not emulated. 120This is intended for debug purposes. 121.It Fl g Ar gdbport 122For 123.Fx 124kernels compiled with 125.Cd "device bvmdebug" , 126allow a remote kernel kgdb to be relayed to the guest kernel gdb stub 127via a local IPv4 address and this port. 128This option will be deprecated in a future version. 129.It Fl G Ar port 130Start a debug server that uses the GDB protocol to export guest state to a 131debugger. 132An IPv4 TCP socket will be bound to the supplied 133.Ar port 134to listen for debugger connections. 135Only a single debugger may be attached to the debug server at a time. 136If 137.Ar port 138begins with 139.Sq w , 140.Nm 141will pause execution at the first instruction waiting for a debugger to attach. 142.It Fl h 143Print help message and exit. 144.It Fl H 145Yield the virtual CPU thread when a HLT instruction is detected. 146If this option is not specified, virtual CPUs will use 100% of a host CPU. 147.It Fl l Op Ar help|lpcdev Ns Op , Ns Ar conf 148Allow devices behind the LPC PCI-ISA bridge to be configured. 149The only supported devices are the TTY-class devices 150.Ar com1 151and 152.Ar com2 153and the boot ROM device 154.Ar bootrom . 155.Pp 156.Ar help 157print a list of supported LPC devices. 158.It Fl m Ar memsize Ns Op Ar K|k|M|m|G|g|T|t 159Guest physical memory size in bytes. 160This must be the same size that was given to 161.Xr bhyveload 8 . 162.Pp 163The size argument may be suffixed with one of K, M, G or T (either upper 164or lower case) to indicate a multiple of kilobytes, megabytes, gigabytes, 165or terabytes. 166If no suffix is given, the value is assumed to be in megabytes. 167.Pp 168.Ar memsize 169defaults to 256M. 170.It Fl p Ar vcpu:hostcpu 171Pin guest's virtual CPU 172.Em vcpu 173to 174.Em hostcpu . 175.It Fl P 176Force the guest virtual CPU to exit when a PAUSE instruction is detected. 177.It Fl s Op Ar help|slot,emulation Ns Op , Ns Ar conf 178Configure a virtual PCI slot and function. 179.Pp 180.Nm 181provides PCI bus emulation and virtual devices that can be attached to 182slots on the bus. 183There are 32 available slots, with the option of providing up to 8 functions 184per slot. 185.Bl -tag -width 10n 186.It Ar help 187print a list of supported PCI devices. 188.It Ar slot 189.Ar pcislot[:function] 190.Ar bus:pcislot:function 191.Pp 192The 193.Ar pcislot 194value is 0 to 31. 195The optional 196.Ar function 197value is 0 to 7. 198The optional 199.Ar bus 200value is 0 to 255. 201If not specified, the 202.Ar function 203value defaults to 0. 204If not specified, the 205.Ar bus 206value defaults to 0. 207.It Ar emulation 208.Bl -tag -width 10n 209.It Li hostbridge | Li amd_hostbridge 210.Pp 211Provide a simple host bridge. 212This is usually configured at slot 0, and is required by most guest 213operating systems. 214The 215.Li amd_hostbridge 216emulation is identical but uses a PCI vendor ID of 217.Li AMD . 218.It Li passthru 219PCI pass-through device. 220.It Li virtio-net 221Virtio network interface. 222.It Li virtio-blk 223Virtio block storage interface. 224.It Li virtio-scsi 225Virtio SCSI interface. 226.It Li virtio-rnd 227Virtio RNG interface. 228.It Li virtio-console 229Virtio console interface, which exposes multiple ports 230to the guest in the form of simple char devices for simple IO 231between the guest and host userspaces. 232.It Li ahci 233AHCI controller attached to arbitrary devices. 234.It Li ahci-cd 235AHCI controller attached to an ATAPI CD/DVD. 236.It Li ahci-hd 237AHCI controller attached to a SATA hard-drive. 238.It Li e1000 239Intel e82545 network interface. 240.It Li uart 241PCI 16550 serial device. 242.It Li lpc 243LPC PCI-ISA bridge with COM1 and COM2 16550 serial ports and a boot ROM. 244The LPC bridge emulation can only be configured on bus 0. 245.It Li fbuf 246Raw framebuffer device attached to VNC server. 247.It Li xhci 248eXtensible Host Controller Interface (xHCI) USB controller. 249.It Li nvme 250NVM Express (NVMe) controller. 251.El 252.It Op Ar conf 253This optional parameter describes the backend for device emulations. 254If 255.Ar conf 256is not specified, the device emulation has no backend and can be 257considered unconnected. 258.Pp 259Network devices: 260.Bl -tag -width 10n 261.It Ar tapN Ns Op , Ns Ar mac=xx:xx:xx:xx:xx:xx 262.It Ar vmnetN Ns Op , Ns Ar mac=xx:xx:xx:xx:xx:xx 263.Pp 264If 265.Ar mac 266is not specified, the MAC address is derived from a fixed OUI and the 267remaining bytes from an MD5 hash of the slot and function numbers and 268the device name. 269.Pp 270The MAC address is an ASCII string in 271.Xr ethers 5 272format. 273.El 274.Pp 275Block storage devices: 276.Bl -tag -width 10n 277.It Pa /filename Ns Oo , Ns Ar block-device-options Oc 278.It Pa /dev/xxx Ns Oo , Ns Ar block-device-options Oc 279.El 280.Pp 281The 282.Ar block-device-options 283are: 284.Bl -tag -width 8n 285.It Li nocache 286Open the file with 287.Dv O_DIRECT . 288.It Li direct 289Open the file using 290.Dv O_SYNC . 291.It Li ro 292Force the file to be opened read-only. 293.It Li sectorsize= Ns Ar logical Ns Oo / Ns Ar physical Oc 294Specify the logical and physical sector sizes of the emulated disk. 295The physical sector size is optional and is equal to the logical sector size 296if not explicitly specified. 297.El 298.Pp 299SCSI devices: 300.Bl -tag -width 10n 301.It Pa /dev/cam/ Ns Oo , Ns Ar port and initiator_id Oc 302.El 303.Pp 304TTY devices: 305.Bl -tag -width 10n 306.It Li stdio 307Connect the serial port to the standard input and output of 308the 309.Nm 310process. 311.It Pa /dev/xxx 312Use the host TTY device for serial port I/O. 313.El 314.Pp 315Boot ROM device: 316.Bl -tag -width 10n 317.It Pa romfile 318Map 319.Ar romfile 320in the guest address space reserved for boot firmware. 321.El 322.Pp 323Pass-through devices: 324.Bl -tag -width 10n 325.It Ns Ar slot Ns / Ns Ar bus Ns / Ns Ar function 326Connect to a PCI device on the host at the selector described by 327.Ar slot , 328.Ar bus , 329and 330.Ar function 331numbers. 332.El 333.Pp 334Guest memory must be wired using the 335.Fl S 336option when a pass-through device is configured. 337.Pp 338The host device must have been reserved at boot-time using the 339.Va pptdev 340loader variable as described in 341.Xr vmm 4 . 342.Pp 343Virtio console devices: 344.Bl -tag -width 10n 345.It Li port1= Ns Pa /path/to/port1.sock Ns ,anotherport= Ns Pa ... 346A maximum of 16 ports per device can be created. 347Every port is named and corresponds to a Unix domain socket created by 348.Nm . 349.Nm 350accepts at most one connection per port at a time. 351.Pp 352Limitations: 353.Bl -bullet -offset 2n 354.It 355Due to lack of destructors in 356.Nm , 357sockets on the filesystem must be cleaned up manually after 358.Nm 359exits. 360.It 361There is no way to use the "console port" feature, nor the console port 362resize at present. 363.It 364Emergency write is advertised, but no-op at present. 365.El 366.El 367.Pp 368Framebuffer devices: 369.Bl -tag -width 10n 370.It Oo rfb= Ns Oo Ar IP: Oc Ns Ar port Oc Ns Oo ,w= Ns Ar width Oc Ns Oo ,h= Ns Ar height Oc Ns Oo ,vga= Ns Ar vgaconf Oc Ns Oo Ns ,wait Oc Ns Oo ,password= Ns Ar password Oc 371.Bl -tag -width 8n 372.It Ar IPv4:port No or Ar [IPv6%zone]:port 373An 374.Ar IP 375address and a 376.Ar port 377VNC should listen on. 378The default is to listen on localhost IPv4 address and default VNC port 5900. 379An IPv6 address must be enclosed in square brackets and may contain an 380optional zone identifer. 381.It Ar width No and Ar height 382A display resolution, width and height, respectively. 383If not specified, a default resolution of 1024x768 pixels will be used. 384Minimal supported resolution is 640x480 pixels, 385and maximum is 1920x1200 pixels. 386.It Ar vgaconf 387Possible values for this option are 388.Dq io 389(default), 390.Dq on 391, and 392.Dq off . 393PCI graphics cards have a dual personality in that they are 394standard PCI devices with BAR addressing, but may also 395implicitly decode legacy VGA I/O space 396.Pq Ad 0x3c0-3df 397and memory space 398.Pq 64KB at Ad 0xA0000 . 399The default 400.Dq io 401option should be used for guests that attempt to issue BIOS 402calls which result in I/O port queries, and fail to boot if I/O decode is disabled. 403.Pp 404The 405.Dq on 406option should be used along with the CSM BIOS capability in UEFI 407to boot traditional BIOS guests that require the legacy VGA I/O and 408memory regions to be available. 409.Pp 410The 411.Dq off 412option should be used for the UEFI guests that assume that 413VGA adapter is present if they detect the I/O ports. 414An example of such a guest is 415.Ox 416in UEFI mode. 417.Pp 418Please refer to the 419.Nm 420.Fx 421wiki page 422.Pq Lk https://wiki.freebsd.org/bhyve 423for configuration notes of particular guests. 424.It wait 425Instruct 426.Nm 427to only boot upon the initiation of a VNC connection, simplifying the installation 428of operating systems that require immediate keyboard input. 429This can be removed for post-installation use. 430.It password 431This type of authentication is known to be cryptographically weak and is not 432intended for use on untrusted networks. 433Many implementations will want to use stronger security, such as running 434the session over an encrypted channel provided by IPsec or SSH. 435.El 436.El 437.Pp 438xHCI USB devices: 439.Bl -tag -width 10n 440.It Li tablet 441A USB tablet device which provides precise cursor synchronization 442when using VNC. 443.El 444.Pp 445NVMe devices: 446.Bl -tag -width 10n 447.It Li devpath 448Accepted device paths are: 449.Ar /dev/blockdev 450or 451.Ar /path/to/image 452or 453.Ar ram=size_in_MiB . 454.It Li maxq 455Max number of queues. 456.It Li qsz 457Max elements in each queue. 458.It Li ioslots 459Max number of concurrent I/O requests. 460.It Li sectsz 461Sector size (defaults to blockif sector size). 462.It Li ser 463Serial number with maximum 20 characters. 464.El 465.El 466.It Fl S 467Wire guest memory. 468.It Fl u 469RTC keeps UTC time. 470.It Fl U Ar uuid 471Set the universally unique identifier 472.Pq UUID 473in the guest's System Management BIOS System Information structure. 474By default a UUID is generated from the host's hostname and 475.Ar vmname . 476.It Fl w 477Ignore accesses to unimplemented Model Specific Registers (MSRs). 478This is intended for debug purposes. 479.It Fl W 480Force virtio PCI device emulations to use MSI interrupts instead of MSI-X 481interrupts. 482.It Fl x 483The guest's local APIC is configured in x2APIC mode. 484.It Fl Y 485Disable MPtable generation. 486.It Ar vmname 487Alphanumeric name of the guest. 488This should be the same as that created by 489.Xr bhyveload 8 . 490.El 491.Sh DEBUG SERVER 492The current debug server provides limited support for debuggers. 493.Ss Registers 494Each virtual CPU is exposed to the debugger as a thread. 495.Pp 496General purpose registers can be queried for each virtual CPU, but other 497registers such as floating-point and system registers cannot be queried. 498.Ss Memory 499Memory (including memory mapped I/O regions) can be read by the debugger, 500but not written. Memory operations use virtual addresses that are resolved 501to physical addresses via the current virtual CPU's active address translation. 502.Ss Control 503The running guest can be interrupted by the debugger at any time 504.Pq for example, by pressing Ctrl-C in the debugger . 505.Pp 506Single stepping is only supported on Intel CPUs supporting the MTRAP VM exit. 507.Pp 508Breakpoints are not supported. 509.Sh SIGNAL HANDLING 510.Nm 511deals with the following signals: 512.Pp 513.Bl -tag -width indent -compact 514.It SIGTERM 515Trigger ACPI poweroff for a VM 516.El 517.Sh EXIT STATUS 518Exit status indicates how the VM was terminated: 519.Pp 520.Bl -tag -width indent -compact 521.It 0 522rebooted 523.It 1 524powered off 525.It 2 526halted 527.It 3 528triple fault 529.It 4 530exited due to an error 531.El 532.Sh EXAMPLES 533If not using a boot ROM, the guest operating system must have been loaded with 534.Xr bhyveload 8 535or a similar boot loader before 536.Xr bhyve 4 537can be run. 538Otherwise, the boot loader is not needed. 539.Pp 540To run a virtual machine with 1GB of memory, two virtual CPUs, a virtio 541block device backed by the 542.Pa /my/image 543filesystem image, and a serial port for the console: 544.Bd -literal -offset indent 545bhyve -c 2 -s 0,hostbridge -s 1,lpc -s 2,virtio-blk,/my/image \\ 546 -l com1,stdio -A -H -P -m 1G vm1 547.Ed 548.Pp 549Run a 24GB single-CPU virtual machine with three network ports, one of which 550has a MAC address specified: 551.Bd -literal -offset indent 552bhyve -s 0,hostbridge -s 1,lpc -s 2:0,virtio-net,tap0 \\ 553 -s 2:1,virtio-net,tap1 \\ 554 -s 2:2,virtio-net,tap2,mac=00:be:fa:76:45:00 \\ 555 -s 3,virtio-blk,/my/image -l com1,stdio \\ 556 -A -H -P -m 24G bigvm 557.Ed 558.Pp 559Run an 8GB quad-CPU virtual machine with 8 AHCI SATA disks, an AHCI ATAPI 560CD-ROM, a single virtio network port, an AMD hostbridge, and the console 561port connected to an 562.Xr nmdm 4 563null-modem device. 564.Bd -literal -offset indent 565bhyve -c 4 \\ 566 -s 0,amd_hostbridge -s 1,lpc \\ 567 -s 1:0,ahci,hd:/images/disk.1,hd:/images/disk.2,\\ 568hd:/images/disk.3,hd:/images/disk.4,\\ 569hd:/images/disk.5,hd:/images/disk.6,\\ 570hd:/images/disk.7,hd:/images/disk.8,\\ 571cd:/images/install.iso \\ 572 -s 3,virtio-net,tap0 \\ 573 -l com1,/dev/nmdm0A \\ 574 -A -H -P -m 8G 575.Ed 576.Pp 577Run a UEFI virtual machine with a display resolution of 800 by 600 pixels 578that can be accessed via VNC at: 0.0.0.0:5900. 579.Bd -literal -offset indent 580bhyve -c 2 -m 4G -w -H \\ 581 -s 0,hostbridge \\ 582 -s 3,ahci-cd,/path/to/uefi-OS-install.iso \\ 583 -s 4,ahci-hd,disk.img \\ 584 -s 5,virtio-net,tap0 \\ 585 -s 29,fbuf,tcp=0.0.0.0:5900,w=800,h=600,wait \\ 586 -s 30,xhci,tablet \\ 587 -s 31,lpc -l com1,stdio \\ 588 -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \\ 589 uefivm 590.Ed 591.Pp 592Run a UEFI virtual machine with a VNC display that is bound to all IPv6 593addresses on port 5900. 594.Bd -literal -offset indent 595bhyve -c 2 -m 4G -w -H \\ 596 -s 0,hostbridge \\ 597 -s 4,ahci-hd,disk.img \\ 598 -s 5,virtio-net,tap0 \\ 599 -s 29,fbuf,tcp=[::]:5900,w=800,h=600 \\ 600 -s 30,xhci,tablet \\ 601 -s 31,lpc -l com1,stdio \\ 602 -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \\ 603 uefivm 604.Ed 605.Sh SEE ALSO 606.Xr bhyve 4 , 607.Xr nmdm 4 , 608.Xr vmm 4 , 609.Xr ethers 5 , 610.Xr bhyvectl 8 , 611.Xr bhyveload 8 612.Sh HISTORY 613.Nm 614first appeared in 615.Fx 10.0 . 616.Sh AUTHORS 617.An Neel Natu Aq Mt neel@freebsd.org 618.An Peter Grehan Aq Mt grehan@freebsd.org 619