xref: /freebsd/usr.sbin/bhyve/bhyve.8 (revision 8036e7876d23145ca4bce797608e2ffb3c06a870)
1.\" Copyright (c) 2013 Peter Grehan
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd Jun 25, 2020
28.Dt BHYVE 8
29.Os
30.Sh NAME
31.Nm bhyve
32.Nd "run a guest operating system inside a virtual machine"
33.Sh SYNOPSIS
34.Nm
35.Op Fl AabCDeHhPSuWwxY
36.Oo
37.Sm off
38.Fl c\~
39.Oo
40.Op Cm cpus=
41.Ar numcpus
42.Oc
43.Op Cm ,sockets= Ar n
44.Op Cm ,cores= Ar n
45.Op Cm ,threads= Ar n
46.Oc
47.Sm on
48.Op Fl G Ar port
49.Op Fl g Ar gdbport
50.Oo Fl l
51.Sm off
52.Cm help | Ar lpcdev Op Cm \&, Ar conf
53.Sm on
54.Oc
55.Oo Fl m
56.Sm off
57.Ar memsize
58.Oo
59.Cm K No | Cm k No | Cm M No | Cm m No | Cm G No | Cm g No | Cm T No | Cm t
60.Oc
61.Sm on
62.Oc
63.Op Fl p Ar vcpu Ns Cm \&: Ns Ar hostcpu
64.Op Fl r Ar file
65.Oo Fl s
66.Sm off
67.Cm help | Ar slot Cm \&, Ar emulation Op Cm \&, Ar conf
68.Sm on
69.Oc
70.Op Fl U Ar uuid
71.Ar vmname
72.Sh DESCRIPTION
73.Nm
74is a hypervisor that runs guest operating systems inside a
75virtual machine.
76.Pp
77Parameters such as the number of virtual CPUs, amount of guest memory, and
78I/O connectivity can be specified with command-line parameters.
79.Pp
80If not using a boot ROM, the guest operating system must be loaded with
81.Xr bhyveload 8
82or a similar boot loader before running
83.Nm ,
84otherwise, it is enough to run
85.Nm
86with a boot ROM of choice.
87.Pp
88.Nm
89runs until the guest operating system reboots or an unhandled hypervisor
90exit is detected.
91.Sh OPTIONS
92.Bl -tag -width 10n
93.It Fl a
94The guest's local APIC is configured in xAPIC mode.
95The xAPIC mode is the default setting so this option is redundant.
96It will be deprecated in a future version.
97.It Fl A
98Generate ACPI tables.
99Required for
100.Fx Ns /amd64
101guests.
102.It Fl b
103Enable a low-level console device supported by
104.Fx
105kernels compiled with
106.Cd "device bvmconsole" .
107This option will be deprecated in a future version.
108.It Fl c Op Ar setting ...
109Number of guest virtual CPUs
110and/or the CPU topology.
111The default value for each of
112.Ar numcpus ,
113.Ar sockets ,
114.Ar cores ,
115and
116.Ar threads
117is 1.
118The current maximum number of guest virtual CPUs is 16.
119If
120.Ar numcpus
121is not specified then it will be calculated from the other arguments.
122The topology must be consistent in that the
123.Ar numcpus
124must equal the product of
125.Ar sockets ,
126.Ar cores ,
127and
128.Ar threads .
129If a
130.Ar setting
131is specified more than once the last one has precedence.
132.It Fl C
133Include guest memory in core file.
134.It Fl D
135Destroy the VM on guest initiated power-off.
136.It Fl e
137Force
138.Nm
139to exit when a guest issues an access to an I/O port that is not emulated.
140This is intended for debug purposes.
141.It Fl g Ar gdbport
142For
143.Fx
144kernels compiled with
145.Cd "device bvmdebug" ,
146allow a remote kernel kgdb to be relayed to the guest kernel gdb stub
147via a local IPv4 address and this port.
148This option will be deprecated in a future version.
149.It Fl G Ar port
150Start a debug server that uses the GDB protocol to export guest state to a
151debugger.
152An IPv4 TCP socket will be bound to the supplied
153.Ar port
154to listen for debugger connections.
155Only a single debugger may be attached to the debug server at a time.
156If
157.Ar port
158begins with
159.Sq w ,
160.Nm
161will pause execution at the first instruction waiting for a debugger to attach.
162.It Fl h
163Print help message and exit.
164.It Fl H
165Yield the virtual CPU thread when a HLT instruction is detected.
166If this option is not specified, virtual CPUs will use 100% of a host CPU.
167.It Fl l Op Ar help|lpcdev Ns Op , Ns Ar conf
168Allow devices behind the LPC PCI-ISA bridge to be configured.
169The only supported devices are the TTY-class devices
170.Ar com1
171and
172.Ar com2
173and the boot ROM device
174.Ar bootrom .
175.Pp
176.Ar help
177print a list of supported LPC devices.
178.It Fl m Ar memsize Ns Op Ar K|k|M|m|G|g|T|t
179Guest physical memory size in bytes.
180This must be the same size that was given to
181.Xr bhyveload 8 .
182.Pp
183The size argument may be suffixed with one of K, M, G or T (either upper
184or lower case) to indicate a multiple of kilobytes, megabytes, gigabytes,
185or terabytes.
186If no suffix is given, the value is assumed to be in megabytes.
187.Pp
188.Ar memsize
189defaults to 256M.
190.It Fl p Ar vcpu:hostcpu
191Pin guest's virtual CPU
192.Em vcpu
193to
194.Em hostcpu .
195.It Fl P
196Force the guest virtual CPU to exit when a PAUSE instruction is detected.
197.It Fl r Ar file
198Resume a guest from a snapshot.
199The guest memory contents are restored from
200.Ar file ,
201and the guest device and vCPU state are restored from the file
202.Dq Ar file Ns .kern .
203.Pp
204Note that the current snapshot file format requires that the configuration of
205devices in the new VM match the VM from which the snapshot was taken by specifying the
206same
207.Op Fl s
208and
209.Op Fl l
210options.
211The count of vCPUs and memory configuration are read from the snapshot.
212.It Fl s Op Ar help|slot,emulation Ns Op , Ns Ar conf
213Configure a virtual PCI slot and function.
214.Pp
215.Nm
216provides PCI bus emulation and virtual devices that can be attached to
217slots on the bus.
218There are 32 available slots, with the option of providing up to 8 functions
219per slot.
220.Bl -tag -width 10n
221.It Ar help
222print a list of supported PCI devices.
223.It Ar slot
224.Ar pcislot[:function]
225.Ar bus:pcislot:function
226.Pp
227The
228.Ar pcislot
229value is 0 to 31.
230The optional
231.Ar function
232value is 0 to 7.
233The optional
234.Ar bus
235value is 0 to 255.
236If not specified, the
237.Ar function
238value defaults to 0.
239If not specified, the
240.Ar bus
241value defaults to 0.
242.It Ar emulation
243.Bl -tag -width 10n
244.It Li hostbridge | Li amd_hostbridge
245.Pp
246Provide a simple host bridge.
247This is usually configured at slot 0, and is required by most guest
248operating systems.
249The
250.Li amd_hostbridge
251emulation is identical but uses a PCI vendor ID of
252.Li AMD .
253.It Li passthru
254PCI pass-through device.
255.It Li virtio-net
256Virtio network interface.
257.It Li virtio-blk
258Virtio block storage interface.
259.It Li virtio-scsi
260Virtio SCSI interface.
261.It Li virtio-rnd
262Virtio RNG interface.
263.It Li virtio-console
264Virtio console interface, which exposes multiple ports
265to the guest in the form of simple char devices for simple IO
266between the guest and host userspaces.
267.It Li ahci
268AHCI controller attached to arbitrary devices.
269.It Li ahci-cd
270AHCI controller attached to an ATAPI CD/DVD.
271.It Li ahci-hd
272AHCI controller attached to a SATA hard-drive.
273.It Li e1000
274Intel e82545 network interface.
275.It Li uart
276PCI 16550 serial device.
277.It Li lpc
278LPC PCI-ISA bridge with COM1 and COM2 16550 serial ports and a boot ROM.
279The LPC bridge emulation can only be configured on bus 0.
280.It Li fbuf
281Raw framebuffer device attached to VNC server.
282.It Li xhci
283eXtensible Host Controller Interface (xHCI) USB controller.
284.It Li nvme
285NVM Express (NVMe) controller.
286.It Li hda
287High Definition Audio Controller.
288.El
289.It Op Ar conf
290This optional parameter describes the backend for device emulations.
291If
292.Ar conf
293is not specified, the device emulation has no backend and can be
294considered unconnected.
295.Pp
296Network backends:
297.Bl -tag -width 10n
298.It Ar tapN Ns Oo , Ns Ar mac=xx:xx:xx:xx:xx:xx Oc Ns Oo , Ns Ar mtu=N Oc
299.It Ar vmnetN Ns Oo , Ns Ar mac=xx:xx:xx:xx:xx:xx Oc Ns Oo , Ns Ar mtu=N Oc
300.It Ar netgraph,path=ADDRESS,peerhook=HOOK Ns Oo , Ns Ar socket=NAME Oc Ns Oo , Ns Ar hook=HOOK Oc Ns Oo , Ns Ar mac=xx:xx:xx:xx:xx:xx Oc Ns Oo , Ns Ar mtu=N Oc
301.Pp
302If
303.Ar mac
304is not specified, the MAC address is derived from a fixed OUI and the
305remaining bytes from an MD5 hash of the slot and function numbers and
306the device name.
307.Pp
308The MAC address is an ASCII string in
309.Xr ethers 5
310format.
311.Pp
312With virtio-net devices, the
313.Ar mtu
314parameter can be specified to inform the guest about the largest MTU
315that should be allowed, expressed in bytes.
316.Pp
317With netgraph backend, the
318.Ar path
319and
320.Ar peerhook
321parameters must be specified to set the destination node and corresponding hook.
322The optional parameters
323.Ar socket
324and
325.Ar hook
326may be used to set the
327.Xr ng_socket 4
328node name and source hook.
329The
330.Ar ADDRESS ,
331.Ar HOOK
332and
333.Ar NAME
334must comply with
335.Xr netgraph 4
336addressing rules.
337.El
338.Pp
339Block storage devices:
340.Bl -tag -width 10n
341.It Pa /filename Ns Oo , Ns Ar block-device-options Oc
342.It Pa /dev/xxx Ns Oo , Ns Ar block-device-options Oc
343.El
344.Pp
345The
346.Ar block-device-options
347are:
348.Bl -tag -width 8n
349.It Li nocache
350Open the file with
351.Dv O_DIRECT .
352.It Li direct
353Open the file using
354.Dv O_SYNC .
355.It Li ro
356Force the file to be opened read-only.
357.It Li sectorsize= Ns Ar logical Ns Oo / Ns Ar physical Oc
358Specify the logical and physical sector sizes of the emulated disk.
359The physical sector size is optional and is equal to the logical sector size
360if not explicitly specified.
361.El
362.Pp
363SCSI devices:
364.Bl -tag -width 10n
365.It Pa /dev/cam/ctl Ns Oo Ar pp . Ns Ar vp Oc Ns Oo , Ns Ar scsi-device-options Oc
366.El
367.Pp
368The
369.Ar scsi-device-options
370are:
371.Bl -tag -width 10n
372.It Li iid= Ns Ar IID
373Initiator ID to use when sending requests to specified CTL port.
374The default value is 0.
375.El
376.Pp
377TTY devices:
378.Bl -tag -width 10n
379.It Li stdio
380Connect the serial port to the standard input and output of
381the
382.Nm
383process.
384.It Pa /dev/xxx
385Use the host TTY device for serial port I/O.
386.El
387.Pp
388Boot ROM device:
389.Bl -tag -width 10n
390.It Pa romfile
391Map
392.Ar romfile
393in the guest address space reserved for boot firmware.
394.El
395.Pp
396Pass-through devices:
397.Bl -tag -width 10n
398.It Ns Ar slot Ns / Ns Ar bus Ns / Ns Ar function
399Connect to a PCI device on the host at the selector described by
400.Ar slot ,
401.Ar bus ,
402and
403.Ar function
404numbers.
405.El
406.Pp
407Guest memory must be wired using the
408.Fl S
409option when a pass-through device is configured.
410.Pp
411The host device must have been reserved at boot-time using the
412.Va pptdevs
413loader variable as described in
414.Xr vmm 4 .
415.Pp
416Virtio console devices:
417.Bl -tag -width 10n
418.It Li port1= Ns Pa /path/to/port1.sock Ns ,anotherport= Ns Pa ...
419A maximum of 16 ports per device can be created.
420Every port is named and corresponds to a Unix domain socket created by
421.Nm .
422.Nm
423accepts at most one connection per port at a time.
424.Pp
425Limitations:
426.Bl -bullet -offset 2n
427.It
428Due to lack of destructors in
429.Nm ,
430sockets on the filesystem must be cleaned up manually after
431.Nm
432exits.
433.It
434There is no way to use the "console port" feature, nor the console port
435resize at present.
436.It
437Emergency write is advertised, but no-op at present.
438.El
439.El
440.Pp
441Framebuffer devices:
442.Bl -tag -width 10n
443.It Xo
444.Oo rfb= Ns Oo Ar IP\&: Oc Ns Ar port Oc Ns Oo ,w= Ns Ar width Oc Ns Oo ,h= Ns
445.Ar height Oc Ns Oo ,vga= Ns Ar vgaconf Oc Ns Oo Ns ,wait Oc Ns Oo ,password= Ns
446.Ar password Oc
447.Xc
448.Bl -tag -width 8n
449.It Ar IPv4:port No or Ar [IPv6%zone]:port
450An
451.Ar IP
452address and a
453.Ar port
454VNC should listen on.
455The default is to listen on localhost IPv4 address and default VNC port 5900.
456An IPv6 address must be enclosed in square brackets and may contain an
457optional zone identifier.
458.It Ar width No and Ar height
459A display resolution, width and height, respectively.
460If not specified, a default resolution of 1024x768 pixels will be used.
461Minimal supported resolution is 640x480 pixels,
462and maximum is 1920x1200 pixels.
463.It Ar vgaconf
464Possible values for this option are
465.Dq io
466(default),
467.Dq on
468, and
469.Dq off .
470PCI graphics cards have a dual personality in that they are
471standard PCI devices with BAR addressing, but may also
472implicitly decode legacy VGA I/O space
473.Pq Ad 0x3c0-3df
474and memory space
475.Pq 64KB at Ad 0xA0000 .
476The default
477.Dq io
478option should be used for guests that attempt to issue BIOS calls which result
479in I/O port queries, and fail to boot if I/O decode is disabled.
480.Pp
481The
482.Dq on
483option should be used along with the CSM BIOS capability in UEFI
484to boot traditional BIOS guests that require the legacy VGA I/O and
485memory regions to be available.
486.Pp
487The
488.Dq off
489option should be used for the UEFI guests that assume that
490VGA adapter is present if they detect the I/O ports.
491An example of such a guest is
492.Ox
493in UEFI mode.
494.Pp
495Please refer to the
496.Nm
497.Fx
498wiki page
499.Pq Lk https://wiki.freebsd.org/bhyve
500for configuration notes of particular guests.
501.It wait
502Instruct
503.Nm
504to only boot upon the initiation of a VNC connection, simplifying the
505installation of operating systems that require immediate keyboard input.
506This can be removed for post-installation use.
507.It password
508This type of authentication is known to be cryptographically weak and is not
509intended for use on untrusted networks.
510Many implementations will want to use stronger security, such as running
511the session over an encrypted channel provided by IPsec or SSH.
512.El
513.El
514.Pp
515xHCI USB devices:
516.Bl -tag -width 10n
517.It Li tablet
518A USB tablet device which provides precise cursor synchronization
519when using VNC.
520.El
521.Pp
522NVMe devices:
523.Bl -tag -width 10n
524.It Li devpath
525Accepted device paths are:
526.Ar /dev/blockdev
527or
528.Ar /path/to/image
529or
530.Ar ram=size_in_MiB .
531.It Li maxq
532Max number of queues.
533.It Li qsz
534Max elements in each queue.
535.It Li ioslots
536Max number of concurrent I/O requests.
537.It Li sectsz
538Sector size (defaults to blockif sector size).
539.It Li ser
540Serial number with maximum 20 characters.
541.El
542.Pp
543HD Audio devices:
544.Bl -tag -width 10n
545.It Li play
546Playback device, typically
547.Ar /dev/dsp0 .
548.It Li rec
549Recording device, typically
550.Ar /dev/dsp0 .
551.El
552.El
553.It Fl S
554Wire guest memory.
555.It Fl u
556RTC keeps UTC time.
557.It Fl U Ar uuid
558Set the universally unique identifier
559.Pq UUID
560in the guest's System Management BIOS System Information structure.
561By default a UUID is generated from the host's hostname and
562.Ar vmname .
563.It Fl w
564Ignore accesses to unimplemented Model Specific Registers (MSRs).
565This is intended for debug purposes.
566.It Fl W
567Force virtio PCI device emulations to use MSI interrupts instead of MSI-X
568interrupts.
569.It Fl x
570The guest's local APIC is configured in x2APIC mode.
571.It Fl Y
572Disable MPtable generation.
573.It Ar vmname
574Alphanumeric name of the guest.
575This should be the same as that created by
576.Xr bhyveload 8 .
577.El
578.Sh DEBUG SERVER
579The current debug server provides limited support for debuggers.
580.Ss Registers
581Each virtual CPU is exposed to the debugger as a thread.
582.Pp
583General purpose registers can be queried for each virtual CPU, but other
584registers such as floating-point and system registers cannot be queried.
585.Ss Memory
586Memory (including memory mapped I/O regions) can be read and written by the debugger.
587Memory operations use virtual addresses that are resolved to physical addresses
588via the current virtual CPU's active address translation.
589.Ss Control
590The running guest can be interrupted by the debugger at any time
591.Pq for example, by pressing Ctrl-C in the debugger .
592.Pp
593Single stepping is only supported on Intel CPUs supporting the MTRAP VM exit.
594.Pp
595Breakpoints are supported on Intel CPUs that support single stepping.
596Note that continuing from a breakpoint while interrupts are enabled in the
597guest may not work as expected due to timer interrupts firing while single
598stepping over the breakpoint.
599.Sh SIGNAL HANDLING
600.Nm
601deals with the following signals:
602.Pp
603.Bl -tag -width indent -compact
604.It SIGTERM
605Trigger ACPI poweroff for a VM
606.El
607.Sh EXIT STATUS
608Exit status indicates how the VM was terminated:
609.Pp
610.Bl -tag -width indent -compact
611.It 0
612rebooted
613.It 1
614powered off
615.It 2
616halted
617.It 3
618triple fault
619.It 4
620exited due to an error
621.El
622.Sh EXAMPLES
623If not using a boot ROM, the guest operating system must have been loaded with
624.Xr bhyveload 8
625or a similar boot loader before
626.Xr bhyve 4
627can be run.
628Otherwise, the boot loader is not needed.
629.Pp
630To run a virtual machine with 1GB of memory, two virtual CPUs, a virtio
631block device backed by the
632.Pa /my/image
633filesystem image, and a serial port for the console:
634.Bd -literal -offset indent
635bhyve -c 2 -s 0,hostbridge -s 1,lpc -s 2,virtio-blk,/my/image \\
636  -l com1,stdio -A -H -P -m 1G vm1
637.Ed
638.Pp
639Run a 24GB single-CPU virtual machine with three network ports, one of which
640has a MAC address specified:
641.Bd -literal -offset indent
642bhyve -s 0,hostbridge -s 1,lpc -s 2:0,virtio-net,tap0 \\
643  -s 2:1,virtio-net,tap1 \\
644  -s 2:2,virtio-net,tap2,mac=00:be:fa:76:45:00 \\
645  -s 3,virtio-blk,/my/image -l com1,stdio \\
646  -A -H -P -m 24G bigvm
647.Ed
648.Pp
649Run an 8GB quad-CPU virtual machine with 8 AHCI SATA disks, an AHCI ATAPI
650CD-ROM, a single virtio network port, an AMD hostbridge, and the console
651port connected to an
652.Xr nmdm 4
653null-modem device.
654.Bd -literal -offset indent
655bhyve -c 4 \\
656  -s 0,amd_hostbridge -s 1,lpc \\
657  -s 1:0,ahci,hd:/images/disk.1,hd:/images/disk.2,\\
658hd:/images/disk.3,hd:/images/disk.4,\\
659hd:/images/disk.5,hd:/images/disk.6,\\
660hd:/images/disk.7,hd:/images/disk.8,\\
661cd:/images/install.iso \\
662  -s 3,virtio-net,tap0 \\
663  -l com1,/dev/nmdm0A \\
664  -A -H -P -m 8G
665.Ed
666.Pp
667Run a UEFI virtual machine with a display resolution of 800 by 600 pixels
668that can be accessed via VNC at: 0.0.0.0:5900.
669.Bd -literal -offset indent
670bhyve -c 2 -m 4G -w -H \\
671  -s 0,hostbridge \\
672  -s 3,ahci-cd,/path/to/uefi-OS-install.iso \\
673  -s 4,ahci-hd,disk.img \\
674  -s 5,virtio-net,tap0 \\
675  -s 29,fbuf,tcp=0.0.0.0:5900,w=800,h=600,wait \\
676  -s 30,xhci,tablet \\
677  -s 31,lpc -l com1,stdio \\
678  -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \\
679   uefivm
680.Ed
681.Pp
682Run a UEFI virtual machine with a VNC display that is bound to all IPv6
683addresses on port 5900.
684.Bd -literal -offset indent
685bhyve -c 2 -m 4G -w -H \\
686  -s 0,hostbridge \\
687  -s 4,ahci-hd,disk.img \\
688  -s 5,virtio-net,tap0 \\
689  -s 29,fbuf,tcp=[::]:5900,w=800,h=600 \\
690  -s 30,xhci,tablet \\
691  -s 31,lpc -l com1,stdio \\
692  -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \\
693   uefivm
694.Ed
695.Sh SEE ALSO
696.Xr bhyve 4 ,
697.Xr netgraph 4 ,
698.Xr ng_socket 4 ,
699.Xr nmdm 4 ,
700.Xr vmm 4 ,
701.Xr ethers 5 ,
702.Xr bhyvectl 8 ,
703.Xr bhyveload 8
704.Pp
705.Rs
706.%A Intel
707.%B 64 and IA-32 Architectures Software Developer’s Manual
708.%V Volume 3
709.Re
710.Sh HISTORY
711.Nm
712first appeared in
713.Fx 10.0 .
714.Sh AUTHORS
715.An Neel Natu Aq Mt neel@freebsd.org
716.An Peter Grehan Aq Mt grehan@freebsd.org
717