MFC r341484: Always treat firmware request and response sizes as unsigned.

This fixes an incomplete bounds check on the guest-supplied request
size where a very large request size could be interpreted as a negative
value and not be caught by the bounds check.

Submitted by: jhb
Reported by: Reno Robert
Security: CVE-2018-17160

MFC r298454 (araujo): Use MIN()/MAX() macros from sys/param.h.

MFC r316427, r316428: Add Log directory and SATA NCQ Send and Receive Log.

Those are used at least by Linux guests to detect queued TRIM support.

MFC r311702
Use correct PCI device id for virtio-rng.
This prevented the device from attaching with a
Windows guest (most other guests use the device type
for matching)

PR: 212711

MFH: r309295

bhyve: stability and performance improvement for dbgport

The TCP server implementation in dbgport does not track clients, so it
may try to write to a disconected socket resulting in SIGPIPE.
Avoid that by setting SO_NOSIGPIPE socket option.

Because dbgport emulates an I/O port to guest, the communication is done
byte by byte. Reduce latency of the TCP/IP transfers by using
TCP_NODELAY option. In my tests that change improves performance of
kgdb commands with lots of output (e.g. info threads) by two orders of
magnitude.

A general note. Since we have a uart emulation in bhyve, that can be
used for the console and gdb access to guests. So, bvmconsole and bvmdebug
could be de-orbited now. But there are many existing deployments that
still dependend on those.

Discussed with: julian, jhb
Sponsored by: Panzura

MFH: r307917

accept4 actually expect SOCK_NONBLOCK and not O_NONBLOCK

Reported by: jhb
Pointyhat to: bapt

MFH: r306554

Use accept4 with O_NONBLOCK rather than accept + fcntl

bhyve(8): Fix typo from r294294 that prevented bhyve from working with
vmnet devices. This is a direct commit to stable/10.

MFC r298355:
Don't use SYSDIR to avoid conflicts with existing usage.
Also, use SRCTOP to locate the top of the source tree
instead of a relative path.

PR: 208856

MFC r302504, r302666, r302668, r302932, r302933:
Add emulation for Intel e1000 (e82545) network adapter.

The code was successfully tested with FreeBSD, Linux, Solaris and Windows
guests. This interface is predictably slower (about 2x) then virtio-net,
but it is very helpful for guests not supporting virtio-net by default.

Thanks to Jeremiah Lott and Peter Grehan for doing original heavy lifting.

MFC r302460: Add emulation for multiple (up to 16) MSI vectors for AHCI.

It was useless before, but may improve performance now if multiple devices
are configured and guest supports this feature.

Sponsored by: iXsystems, Inc.

MFC r302459: Allow AHCI controller to support up to 32 arbitrary devices.

While old syntax is still supported, new syntax looks like this:

-s 3,ahci,hd:/dev/zvol/XXX,hd:/dev/zvol/YYY,cd:/storage/ZZZ.iso

Sponsored by: iXsystems, Inc.

MFC r302957: Fix NCQ TRIM emulation.

When this code was written, there was no guests using it to test.

MFC r302362,r302363,r302364,r302365,r302373:

r302362:

Fix gcc warnings

- Remove -Wunused-but-set-variable (newcpu)
- Always return VMEXIT_CONTINUE as the code always set retval to that value.

r302363:

Fix gcc warnings

Put cfl/prdt under AHCI_DEBUG #defines as they are only used in
those cases.

r302364:

Fix gcc warnings

Add `WRAPPED_CTASSERT` macro by annotating CTASSERTs with __unused
to deal with -Wunused-local-typedefs warnings from gcc 4.8+.
All other compilers (clang, etc) use CTASSERT as-is. A more generic
solution for this issue will be proposed after ^/stable/11 is forked.

Consolidate all CTASSERTs under one block instead of inlining them in
functions.

r302365:

Fix gcc warnings

Remove -Wunused-but-set-variable (`error`). Cast calls with
`(void)` to note that the return value is explicitly ignored.

r302373:

Fix CTASSERT issue in a more clean way

- Replace all CTASSERT macro instances with static_assert's.
- Remove the WRAPPED_CTASSERT macro; it's now an unnecessary obfuscation.
- Localize all static_assert's to the structures being tested.
- Sort some headers per-style(9).

MFC 297932,298295:
Improvements for PCI passthru devices.

297932:
Handle PBA that shares a page with MSI-X table for passthrough devices.

If the PBA shares a page with the MSI-X table, map the shared page via
/dev/mem and emulate accesses to the portion of the PBA in the shared
page by accessing the mapped page.

298295:
Always emit an error message on passthru configuration errors.

Previously, many errors (such as the PCI device not being attached
to the ppt(4) driver) resulted in bhyve silently exiting without
starting the virtual machine. Now any errors encountered when
configuring a virtual slot for a PCI passthru device should be noted
on stderr.

MFC r284539, r284630, r284688, r284877, r285217, r285218,
r286837, r286838, r288470, r288522, r288524, r288826,
r289001

Pull in bhyve bug fixes and changes to allow UEFI booting.
This provides Windows support.

Tested on Intel and AMD with:
- Arch Linux i386+amd64 (kernel 4.3.3)
- Ubuntu 15.10 server 64-bit
- FreeBSD-CURRENT/amd64 20160127 snap
- FreeBSD 10.2 i386+amd64
- OpenBSD 5.8 i386+amd64
- SmartOS latest
- Windows 10 build 1511'

Huge thanks to Yamagi Burmeister who submitted the patch
and did the majority of the testing.

r284539 - bootrom mem allocation support
r284630 - Add SO_REUSEADDR when starting debug port
r284688 - Fix a regression in "movs" emulation
r284877 - verify_gla() non-zero segment base fix
r285217 - Always assert DCD and DSR in the uart
r285218 - devmem nodes moved to /dev/vmm.io/
r286837 - Add define for SATA Check-Power-Mode
r286838 - Add simple (no-op) SATA cmd emulations
r288470 - Increase virtio-blk indirect descs
r288522 - Firmware guest query interface
r288524 - Fix post-test typo
r288826 - Clean up SATA unimplemented cmd msg
r289001 - Add -l option to specify userboot path

Submitted by: Yamagi Burmeister
Approved by: re (kib)

MFC: 293459,293643

Add netmap support for bhyve

MFC: r292982

Remove unused variable after r292981 to unbreak the build.

MFC: r292981

Clean up unused-but-set-variable spotted by gcc-4.9.

Reviewed by: ngie
Approved by: rodrigc (mentor)
Sponsored by: gandi.net
Differential Revision: https://reviews.freebsd.org/D4773

MFC: r292970

Clean up unused-but-set-variable spotted by gcc-4.9.

Reviewed by: ngie
Approved by: rodrigc (mentor)
Sponsored by: gandi.net
Differential Revision: https://reviews.freebsd.org/D4777

MFC r289677:

Fix a ton of speelling errors

MFC r289746:

Exit with a user-friendly message instead of tripping an assert
if vm_activate_cpu(..) fails when called from fbsdrun_addcpu(..)

PR: 203884
Reviewed by: grehan
Submitted by: William Orr <will@worrbase.com>

MFC r287927:

Use strlcpy() instead of strncpy() because subsequent mkstemps expects
the string be nul-terminated.

Reviewed by: neel

MFC: r286409

Manpage cleanup.

- new sentence -> new line
- fix manpage references
- fix macro usage
- fix a typo

MFC r286621, r286622: Fix couple minor typos.

MFC r282209:
Emulate the 'bit test' instruction.

MFC r282259:
Re-implement RTC current time calculation to eliminate the possibility of
losing time.

MFC r282281:
Advertise the MTRR feature via CPUID and emulate the minimal set of MTRR MSRs.

MFC r282284:
When an instruction cannot be decoded just return to userspace so bhyve(8)
can dump the instruction bytes.

MFC r282287:
Don't require <sys/cpuset.h> to be always included before <machine/vmm.h>.

MFC r282296:
Emulate MSR_SYSCFG which is accessed by Linux on AMD cpus when MTRRs are
enabled.

MFC r282301:
Relax limits when transitioning a vector from the IRR to the ISR and also
when extinguishing it from the ISR in response to an EOI.

MFC r282335:
Advertise an additional memory BAR in the "dummy" device emulation.

MFC r282336:
Emulate machine check related MSRs to allow guest OSes like Windows to boot.

MFC r282351:
Don't advertise the Intel SMX capability to the guest.

MFC r282407:
Emulate the 'CMP r/m8, imm8' instruction.

MFC r282519:
Add macros for AMD-specific bits in MSR_EFER: LMSLE, FFXSR and TCE.

MFC r282520:
Emulate guest writes to EFER_MSR properly.

MFC r282558:
Deprecate the 3-way return values from vm_gla2gpa() and vm_copy_setup().

MFC r282571:
Check 'td_owepreempt' and yield the vcpu thread if it is set.

MFC r282595:
Allow byte reads of AHCI registers.

MFC r282784:
Handling indirect descriptors is a capability of the host and not one that
needs to be negotiated. Use the host capabilities field and not the negotiated
field when verifying that indirect descriptors are supported.

MFC r282788:
Allow configuration of the sector size advertised to the guest.

MFC r282865:
Set the subvendor field in config space to the vendor ID. This is required
by the Windows virtio drivers to correctly match a device.

MFC r282922:
Bump the size of the blockif scatter-gather list to 67.

MFC r283075:
Fix off-by-one in array index bounds check. bhyveload would allow you to
create 33 entries on an array that only has 32 slots

MFC r283168:
Temporarily revert r282922 which bumped the max descriptors.

MFC r283255:
Emulate the "CMP r/m, reg" instruction (opcode 39H).

MFC r283256:
Add an option "--get-vmcs-exit-inst-length" to display the instruction length
of the instruction that caused the VM-exit.

MFC r283264:
Change the header type of the emulated host-bridge from type 1 to type 0.

MFC r283293:
Don't rely on the 'VM-exit instruction length' field in the VMCS to always
have an accurate length on an EPT violation.

MFC r283299:
Remove bogus verification of instruction length after instruction decode.

MFC r283308:
Exceptions don't deliver an error code in real mode.

MFC r283657:
Fix non-deterministic delays when accessing a vcpu that was in "running" or
"sleeping" state.

MFC r283973:
Use tunable 'hw.vmm.svm.features' to disable specific SVM features even
though they might be available in hardware. Use tunable 'hw.vmm.svm.num_asids'
to limit the number of ASIDs used by the hypervisor.

MFC r284046:
Fix regression in 'verify_gla()' with the RIP-relative addressing mode.

MFC r284174:
Support guest writes to the TSC by enabling the "use TSC offsetting"
execution control.

MFC r279444:
Allow passthrough devices to be hinted.

MFC r279683:
When ICW1 is issued the edge sense circuit is reset which means that
following an initialization a low-to-high transistion is necesary to
generate an interrupt.

MFC r279925:
Add -p parameter to list PCI device to pass through to the guest.

MFC r281559:
Fix handling of BUS_PROBE_NOWILDCARD in 'device_probe_child()'.

MFC r280447:
When fetching an instruction in non-64bit mode, consider the value of the
code segment base address.

MFC r280725:
Move legacy interrupt allocation for virtio devices to common code.

MFC r280775:
Fix the RTC device model to operate correctly in 12-hour mode.

MFC r280929:
Fix "MOVS" instruction memory to MMIO emulation.

MFC r280968:
Display instruction bytes and %rip prior to aborting due to an instruction
emulation error.

MFC r281145:
Enhance the support for Group 1 Extended opcodes for CMP, AND, OR instructions.

MFC r281542:
Initialize 'error' before use (Coverity IDs 1249748, 1249747, 1249751, 1249749)

MFC r281561:
Prior to aborting due to an ioport error, it is always interesting to see what
the guest's %rip is.

MFC r281611:
If the number of guest vcpus is less than '1' then flag it as an error.

MFC r281612:
Prefer 'vcpu_should_yield()' over checking 'curthread->td_flags' directly.

MFC r281630:
Relax the check on which vectors can be delivered through the APIC. According
to the Intel SDM vectors 16 through 255 are allowed to be delivered via the
local APIC.

MFC r281879:
Missing break in switch case (Coverity ID 1292499)

MFC r281946:
Don't allow guest to modify readonly bits in the PCI config 'status' register.

MFC r281987:
STOS/STOSB/STOSW/STOSD/STOSQ instruction emulation.

MFC r282206:
Implement the century byte in the RTC.

MFC r276428:
Replace bhyve's minimal RTC emulation with a fully featured one in vmm.ko.

MFC r276432:
Initialize all fields of 'struct vm_exception exception' before passing it
to vm_inject_exception().

MFC r276763:
Clear blocking due to STI or MOV SS in the hypervisor when an instruction is
emulated or when the vcpu incurs an exception.

MFC r277149:
Clean up usage of 'struct vm_exception' to only to communicate information
from userspace to vmm.ko when injecting an exception.

MFC r277168:
Fix typo (missing comma).

MFC r277309:
Make the error message explicit instead of just printing the usage if the
virtual machine name is not specified.

MFC r277310:
Simplify instruction restart logic in bhyve.

MFC r277359:
Fix a bug in libvmmapi 'vm_copy_setup()' where it would return success even
if the 'gpa' was in the guest MMIO region.

MFC r277360:
MOVS instruction emulation.

MFC r277626:
Add macro to identify AVIC capability (advanced virtual interrupt controller)
in AMD processors.

MFC r279220:
Don't close a block context if it couldn't be opened avoiding a null deref.

MFC r279225:
Add "-u" option to bhyve(8) to indicate that the RTC should maintain UTC time.

MFC r279227:
Emulate MSR 0xC0011024 when running on AMD processors.

MFC r279228:
Always emulate MSR_PAT on Intel processors and don't rely on PAT save/restore
capability of VT-x. This lets bhyve run nested in older VMware versions that
don't support the PAT save/restore capability.

MFC r279540:
Fix warnings/errors when building vmm.ko with gcc.

MFC 281887:
Reassign copyright statements on several files from Advanced
Computing Technologies LLC to Hudson River Trading LLC.

MFC r274720:

Fix improper .Fx macro usage.

Sponsored by: The FreeBSD Foundation

MFC r282364, r282429, r282524:
Implement BSY reporting and in-order execution of non-NCQ commands.

Block command queue on BSY or DRQ bits set or device error reported.
This can be a performance penalization for non-NCQ commands, but it is
required for proper error recovery and standard compliance.

MFC r282345: Initialize PxCMD on reset and make its read-only bits such.

MFC r282344: Handle ATA_SEND_FPDMA_QUEUED as NCQ in ahci_port_stop().

MFC r281766, r281767:
Report link as up only if we managed to open tap device.

It would be cool to report tap device status, but it has no such API.

MFC r281764, r282563: Disable RX/TX queues notifications when not needed.

This reduces CPU load and doubles iperf throughput, reaching 2-3Gbit/s.

Sponsored by: iXsystems, Inc.

MFC r281782: Don't set bits that should be zero for SATA devices.

Old value made Linux think that it is PATA device with SATA bridge.

MFC r281700:
Workaround bhyve virtual disks operation on top of GEOM providers.

GEOM does not support scatter/gather lists in its I/Os. Such requests
are cut in pieces by physio(), that may be problematic, if those pieces
are not multiple of provider's sector size. If such case is detected,
move the data through temporary sequential buffer.

MFC r281666: Make virtual AHCI more careful with I/O lengths.

MFC r272481.
Add new fields in the FADT, required by IASL 20140926-64.

MFC r280154:
Report that we may have write cache, and that we do support FLUSH.

MFC r280133: Increase S/G list size of 32 to 33 entries.

32 entries are not enough for the worst case of misaligned 128KB request,
that made FreeBSD to chunk large quests in odd pieces.

MFC r280126: Pre-allocate one extra request per processing thread.

Processing threads call callbacks before freeing requests. As result,
new requests may arrive before old ones are freed.

MFC r280044:
According to Linux and QEMU, s/n equal to buffer is not zero-terminated.

This makes same s/n reported for both virtio and AHCI drivers.

MFC r280042: Close potential race on blockif_close().

Reported by: vangyzen

MFC r280040:
Give AHCI disk serial based on backing file path same as for virtio block.

It is still not good that they may intersect on different hosts, but that
is better then intersecting on the same host.

MFC r280037:
Rewrite virtio block device driver to work asynchronously and use the block
I/O interface.

Asynchronous operation, based on r280026 change, allows to not block virtual
CPU during I/O processing, that on slow/busy storage can take seconds.
Use of recently improved block I/O interface allows to process multiple
requests same time, that improves random I/O performance on wide storages.

Benchmarks of virtual disk, backed by ZVOL on RAID10 pool of 4 HDDs, show
~3.5 times random read performance improvements, while no degradation on
linear I/O. Guest CPU usage during test dropped from 100% to almost zero.

MFC r280026, r280041:
Modify virtqueue helpers added in r253440 to allow queuing.

Original virtqueue design allows queued and out-of-order processing, but
helpers added in r253440 suppose only direct blocking in-order one.
It could be fine for network, etc., but it is a huge limitation for storage
devices.

MFC r280004: Give block I/O interface multiple (8) execution threads.

On parallel random I/O this allows better utilize wide storage pools.
To not confuse prefetcher on linear I/O, consecutive requests are executed
sequentially, following the same logic as was earlier implemented in CTL.

Benchmarks of virtual AHCI disk, backed by ZVOL on RAID10 pool of 4 HDDs,
show ~3.5 times random read performance improvements, while no degradation
on linear I/O.

MFC r279987: Add checksums to identify data and NCQ command error log.

MFC r279979: Slightly polish virtual AHCI CD reporting.

MFC r279977: Fix NOP and IDLE commands for virtual AHCI disks.

MFC r279976: Add support for NCQ variant of DSM TRIM for virtual AHCI disks.

The code is not really tested yet due to lack of initiator support.

MFC r279975: Improve NCQ errors reporting for virtual AHCI disks.

While this implementation is still not perfect, previous was just broken.

MFC r279968: Remove incorrect SERR register setting.

At this point we have nothing to report through that register.

MFC r279967: Change prdbc value reporting.

MFC r279965: Polish AHCI disk identify data and fix speed negotiation.

MFC r279960:
Add support for PIO variants of READ/WRITE commands for AHCI disks.

AHCI API hides all PIO specifics, so this functionality is almost free.

MFC r279975: Use ahci_write_fis_d2h() for commands completion.

MFC r279957, r280017: Add DSM TRIM command support for virtual AHCI disks.

It works only for virtual disks backed by ZVOLs and raw devices supporting
BIO_DELETE. Virtual disks backed by files won't report this capability.

Relnotes: yes

MFC r280293: Add missing variable initialization.

Reported by: Coverity
CID: 1288938

MFC r279658, r279673, r279675:
Implement cache flush for ahci-hd and for virtio-blk over device.

MFC r279654: Report logical/physical sector sizes for virtual SATA disk.

MFC r279651, r279652, r279657:
Add support for TOPOLOGY feature of virtio block device.

Passing through physical block size/offset from underlying storage allows
guest to manage proper data and I/O alignment to improve performance.

MFC r273683
Move the ACPI PM timer emulation into vmm.ko.

MFC r273706
Change the type of the first argument to the I/O emulation handlers to
'struct vm *'.

MFC r273710
Add a comment explaining the intent behind the I/O reservation [0x72-0x77].

MFC r273744
Add foo_genassym.c files to DPSRCS so dependencies for them are generated.
This ensures these objects are rebuilt to generate an updated header of
assembly constants if needed.

MFC r274045
If the start bit, PxCMD.ST, is cleared and nothing is in-flight then
PxCI, PxSACT, PxCMD.CCS and PxCMD.CR should be 0.

MFC r274076
Improve the ability to cancel an in-flight request by using an interrupt,
via SIGCONT, to force the read or write system call to return prematurely.

MFC r274330
To allow a request to be submitted from within the callback routine of
a completing one increase the total by 1 but don't advertise it.

MFC r274931
Change the lower bound for guest vmspace allocation to 0 instead of using
the VM_MIN_ADDRESS constant.

MFC r275817
For level triggered interrupts clear the PIC IRR bit when the interrupt pin
is deasserted.

MFC r275850
Fix 8259 IRQ priority resolver.

MFC r275952
Various 8259 device model improvements.

MFC r275965
Emulate writes to the IA32_MISC_ENABLE MSR.

MFC r273375
Add support AMD processors with the SVM/AMD-V hardware extensions.

MFC r273749
Remove bhyve SVM feature printf's now that they are available in the general
CPU feature detection code.

MFC r273766
Add missing 'break' pointed out by Coverity CID 1249760.

MFC r276098
Allow ktr(4) tracing of all guest exceptions via the tunable "hw.vmm.trace_guest_exceptions"

MFC r276392
Inject #UD into the guest when it executes either 'MONITOR' or 'MWAIT' on an
AMD/SVM host.

MFC r276402
Remove "svn:mergeinfo" property that was dragged along when these files were
svn copied in r273375.

MFC r270326
Fix a recursive lock acquisition in vi_reset_dev().

MFC r270434
Return the spurious interrupt vector (IRQ7 or IRQ15) if the atpic cannot find
any unmasked pin with an interrupt asserted.

MFC r270436
Fix a bug in the emulation of CPUID leaf 0x4.

MFC r270437
Add "hw.vmm.topology.threads_per_core" and "hw.vmm.topology.cores_per_package"
tunables to modify the default cpu topology advertised by bhyve.

MFC r270855
Set the 'inst_length' to '0' early on before any error conditions are detected
in the emulation of the task switch. If any exceptions are triggered then the
guest %rip should point to instruction that caused the task switch as opposed
to the one after it.

MFC r270857
The "SUB" instruction used in getcc() actually does 'x -= y' so use the
proper constraint for 'x'. The "+r" constraint indicates that 'x' is an
input and output register operand.

While here generate code for different variants of getcc() using a macro
GETCC(sz) where 'sz' indicates the operand size.

Update the status bits in %rflags when emulating AND and OR opcodes.

MFC r271439
Initialize 'bc_rdonly' to the right value.

MFC r271451
Optimize the common case of injecting an interrupt into a vcpu after a HLT
by explicitly moving it out of the interrupt shadow.

MFC r271888
Restructure the MSR handling so it is entirely handled by processor-specific
code.

MFC r271890
MSR_KGSBASE is no longer saved and restored from the guest MSR save area. This
behavior was changed in r271888 so update the comment block to reflect this.

MFC r271891
Add some more KTR events to help debugging.

MFC r272197
mmap(2) requires either MAP_PRIVATE or MAP_SHARED for non-anonymous mappings.

MFC r272395
Get rid of code that dealt with the hardware not being able to save/restore
the PAT MSR on guest exit/entry. This workaround was done for a beta release
of VMware Fusion 5 but is no longer needed in later versions.

All Intel CPUs since Nehalem have supported saving and restoring MSR_PAT
in the VM exit and entry controls.

MFC r272670
Inject #UD into the guest when it executes either 'MONITOR' or 'MWAIT'.

MFC r272710
Implement the FLUSH operation in the virtio-block emulation.

MFC r272838
iasl(8) expects integer fields in data tables to be specified as hexadecimal
values. Therefore the bit width of the "PM Timer Block" was actually being
interpreted as 50-bits instead of the expected 32-bit.

This eliminates an error message emitted by a Linux 3.17 guest during boot:
"Invalid length for FADT/PmTimerBlock: 50, using default 32"

MFC r272839
Support Intel-specific MSRs that are accessed when booting up a linux in bhyve:
- MSR_PLATFORM_INFO
- MSR_TURBO_RATIO_LIMITx
- MSR_RAPL_POWER_UNIT

MFC r273108
Emulate "POP r/m". This is needed to boot OpenBSD/i386 MP kernel in bhyve.

MFC r273212
Support stopping and restarting the AHCI command list via toggling PxCMD.ST
from '1' to '0' and back. This allows the driver a chance to recover if
for instance a timeout occurred due to activity on the host.

MFC r272007

Correct display of bhyve SMBIOS UUIDs with dmidecode by bumping the version.

The mixed little/big-endianness of SMBIOS UUIDs was clarified in v2.6
of the SMBIOS spec. dmidecode uses the reported version of SMBIOS to
determine the layout and what to byte-swap.

bhyve's SMBIOS reported as 2.4 though it implemented the 2.6-style of
memory layout. This resulted in dmidecode reporting a different
UUID than one passed in via the -U option.

Fix by exporting a version of 2.6.

Approved by: re (gjb)

MFC r271711:
Update the bhyve(8) manual to reflect that it is no
longer considered 'experimental.'

Approved by: re (delphij)
Sponsored by: The FreeBSD Foundation

MFC virtio-net changes.

Re-tested with NetBSD/amd64 5.2.2, 6.1.4 and 7-beta.

r271299:
Add a callback to be notified about negotiated features.

r271338:
Allow vtnet operation without merged rx buffers.

NetBSD's virtio-net implementation doesn't negotiate
the merged rx-buffers feature. To support this, check
to see if the feature was negotiated, and then adjust
the operation of the receive path accordingly by using
a larger iovec, and a smaller rx header.
In addition, ignore writes to the (read-only) status byte.

Approved by: re (glebius)
Obtained from: Vincenzo Maffione, Universita` di Pisa (r271299)

MFC r267921, r267934, r267949, r267959, r267966, r268202, r268276,
r268427, r268428, r268521, r268638, r268639, r268701, r268777,
r268889, r268922, r269008, r269042, r269043, r269080, r269094,
r269108, r269109, r269281, r269317, r269700, r269896, r269962,
r269989.

Catch bhyve up to CURRENT.

Lightly tested with FreeBSD i386/amd64, Linux i386/amd64, and
OpenBSD/amd64. Still resolving an issue with OpenBSD/i386.

Many thanks to jhb@ for all the hard work on the prior MFCs !

r267921 - support the "mov r/m8, imm8" instruction
r267934 - document options
r267949 - set DMI vers/date to fixed values
r267959 - doc: sort cmd flags
r267966 - EPT misconf post-mortem info
r268202 - use correct flag for event index
r268276 - 64-bit virtio capability api
r268427 - invalidate guest TLB when cr3 is updated, needed for TSS
r268428 - identify vcpu's operating mode
r268521 - use correct offset in guest logical-to-linear translation
r268638 - chs value
r268639 - chs fake values
r268701 - instr emul operand/address size override prefix support
r268777 - emulation for legacy x86 task switching
r268889 - nested exception support
r268922 - fix INVARIANTS build
r269008 - emulate instructions found in the OpenBSD/i386 5.5 kernel
r269042 - fix fault injection
r269043 - Reduce VMEXIT_RESTARTs in task_switch.c
r269080 - fix issues in PUSH emulation
r269094 - simplify return values from the inout handlers
r269108 - don't return -1 from the push emulation handler
r269109 - avoid permanent sleep in vm_handle_hlt()
r269281 - list VT-x features in base kernel dmesg
r269317 - Mark AHCI fatal errors as not completed
r269700 - Support PCI extended config space in bhyve
r269896 - Minor cleanup
r269962 - use max guest memory when creating IOMMU domain
r269989 - fix interrupt mode names

MFC r267311, r267330, r267811, r267884

Turn on interrupt window exiting unconditionally when an ExtINT is being
injected into the guest.

Add helper functions to populate VM exit information for rendezvous and
astpending exits.

Provide APIs to directly get 'lowmem' and 'highmem' size directly.

Expose the amount of resident and wired memory from the guest's vmspace

MFC r266933
Activate vcpus from bhyve(8) using the ioctl VM_ACTIVATE_CPU instead of doing
it implicitly in vmm.ko.

MFC 266424,266476,266524,266573,266595,266626,266627,266633,266641,266642,
266708,266724,266934,266935,268521:
Emulation of the "ins" and "outs" instructions.

Various fixes for translating guest linear addresses to guest physical
addresses.

MFC 266125:
Implement a PCI interrupt router to route PCI legacy INTx interrupts to
the legacy 8259A PICs.

MFC 264353,264509,264768,264770,264825,264846,264988,265114,265165,265365,
265941,265951,266390,266550,266910:
Various bhyve fixes:
- Don't save host's return address in 'struct vmxctx'.
- Permit non-32-bit accesses to local APIC registers.
- Factor out common ioport handler code.
- Use calloc() in favor of malloc + memset.
- Change the vlapic timer frequency to be in the ballpark of contemporary
hardware.
- Allow the guest to read the TSC via MSR 0x10.
- A VMCS is always inactive when it exits the vmx_run() loop. Remove
redundant code and the misleading comment that suggest otherwise.
- Ignore writes to microcode update MSR. This MSR is accessed by RHEL7
guest.
Add KTR tracepoints to annotate wrmsr and rdmsr VM exits.
- Provide an alias for the userboot console and name it 'comconsole'.
- Use EV_ADD to create an mevent and EV_ENABLE to enable it.
- abort(3) the process in response to a VMEXIT_ABORT.
- Don't include the guest memory segments in the bhyve(8) process core dump.
- Make the vmx asm code dtrace-fbt-friendly.
- Allow vmx_getdesc() and vmx_setdesc() to be called for a vcpu that is in
the VCPU_RUNNING state.
- Enable VMX in the IA32_FEATURE_CONTROL MSR if it not enabled and the MSR
isn't locked.

MFC 263780,264516,265062,265101,265203,265364:
Add an ioctl to suspend a virtual machine (VM_SUSPEND).

Add logic in the HLT exit handler to detect if the guest has put all vcpus
to sleep permanently by executing a HLT with interrupts disabled.

When this condition is detected the guest with be suspended with a reason of
VM_SUSPEND_HALT and the bhyve(8) process will exit.

This logic can be disabled via the tunable 'hw.vmm.halt_detection'.

MFC 264916,267611:
Provide a very basic stub for the 8042 PS/2 keyboard controller.

MFC 260847,264055,264867:
- Add a very simple virtio_random(4) driver for FreeBSD guests to harvest
entropy from hypervisors.
- Add support to bhyve for the virtio RNG entropy-source device to provide
entry to bhyve guests.

MFC 263432,265366,265376:
Fixes for vcpu management in bhyve:
- Use 'cpuset_t' to represent the vcpus active in a virtual machine.
- Modify the "-p" option to be more flexible when associating a 'vcpu' with
a 'hostcpu'.

MFC 262884,263236,265407:
Various uart fixes:
- Open the uart emulation's backing tty in non-blocking mode.
- Support 16-bit register access.
- Disable the 'uart_drain()' callback when the emulated receive FIFO
is full.

MFC 259942,262274,263035,263054,263211,263744,264179,264324,264468,264631,
264648,264650,264651,266572,267558:
Flesh out the AT PIC and 8254 PIT emulations and move them into the kernel.

MFC 261904,261905,262143,262184,264921,265211,267169,267292,267294:
Various PCI fixes:
- Allow PCI devices to be configured on all valid bus numbers from 0 to 255.
- Tweak the handling of PCI capabilities in emulated devices to remove
the non-standard zero capability list terminator.
- Add a check to validate that memory BARs of passthru devices are 4KB
aligned.
- Respect and track the enable bit in the PCI configuration address word.
- Handle quad-word access to 32-bit register pairs.

MFC 264277:
Handle single-byte reads from the bvmcons port (0x220) by returning
0xff. Some guests may attempt to read from this port to identify
psuedo-PNP ISA devices. (The ie(4) driver in FreeBSD/i386 is one
example.)

MFC 262744:
Add SMBIOS support.

A new option, -U, can be used to set the UUID in the System
Information (Type 1) structure.

MFC 262139,262140,262236,262281,262532:
Various x2APIC fixes and enhancements:
- Use spinlocks for the vioapic.
- Handle the SELF_IPI MSR.
- Simplify the APIC mode switching between MMIO and x2APIC. The guest is
no longer allowed to switch modes at runtime. Instead, the desired mode
is set when the virtual machine is created.
- Disallow MMIO access in x2APIC mode and MSR access in xAPIC mode.
- Add support for x2APIC virtualization assist in Intel VT-x.

MFC 261638,262144,262506,266765:
Add virtualized XSAVE support to bhyve which permits guests to use XSAVE and
XSAVE-enabled features like AVX.
- Store a per-cpu guest xcr0 register and handle xsetbv VM exits by emulating
the instruction.
- Only expose XSAVE to guests if XSAVE is enabled in the host. Only expose
a subset of XSAVE features currently supported by the guest and for which
the proper emulation of xsetbv is known. Currently this includes X87, SSE,
AVX, AVX-512, and Intel MPX.
- Add support for injecting hardware exceptions into the guest and use this
to trigger exceptions in the guest for invalid xsetbv operations instead
of potentially faulting in the host.
- Queue pending exceptions in the 'struct vcpu' instead of directly updating
the processor-specific VMCS or VMCB. The pending exception will be delivered
right before entering the guest.
- Rename the unused ioctl VM_INJECT_EVENT to VM_INJECT_EXCEPTION and restrict
it to only deliver x86 hardware exceptions. This new ioctl is now used to
inject a protection fault when the guest accesses an unimplemented MSR.
- Expose a subset of known-safe features from leaf 0 of the structured
extended features to guests if they are supported on the host including
RDFSBASE/RDGSBASE, BMI1/2, AVX2, AVX-512, HLE, ERMS, and RTM. Aside
from AVX-512, these features are all new instructions available for use
in ring 3 with no additional hypervisor changes needed.

MFC 262311: Fix virtio spec URL.

MFC 260239,261268,265058:
Expand the support for PCI INTx interrupts including providing interrupt
routing information for INTx interrupts to I/O APIC pins and enabling
INTx interrupts in the virtio and AHCI backends.

MFC 261217:
Remove support for legacy PCI devices. These haven't been needed since
support for LPC uart devices was added and it conflicts with upcoming
patches to add PCI INTx support.

Approved by: grehan

MFC 261000,261785,263238,263322,264302:
Various AHCI fixes:
- Fix issue with stale fields from a recycled request pulled off the
freelist.
- Provide an indication a "PIO Setup Device to Host FIS" occurred while
executing the IDENTIFY DEVICE and IDENTIFY PACKET DEVICE commands.
- Provide an indication a "D2H Register FIS" occurred during a SET FEATURES
command.
- Though there currently isn't a way to insert new media into an ATAPI
drive, at least pretend to support Asynchronous Notification (AN) to
avoid a guest needlessly polling for it.
- Don't reissue in-flight commands.
- Constrain the amount of data returned to what is actually available
not the size of the buffer.

MFC 260999:
Increase the block-layer backend maximum number of requests to match
the AHCI command queue depth.

MFC 260469:
Fix issue with the virtio descriptor region being truncated
if it was above 4GB.

MFC 259737, 262646:
Fix a couple of issues with vcpu state:
- Add a parameter to 'vcpu_set_state()' to enforce that the vcpu is in the
IDLE state before the requested state transition. This guarantees that
there is exactly one ioctl() operating on a vcpu at any point in time and
prevents unintended state transitions.
- Fix a race between VMRUN() and vcpu_notify_event() due to 'vcpu->hostcpu'
being updated outside of the vcpu_lock().

MFC 258860,260167,260238,260397:
- Restructure the VMX code to enter and exit the guest. In large part this
change hides the setjmp/longjmp semantics of VM enter/exit.
vmx_enter_guest() is used to enter guest context and vmx_exit_guest() is
used to transition back into host context.

Fix a longstanding race where a vcpu interrupt notification might be
ignored if it happens after vmx_inject_interrupts() but before host
interrupts are disabled in vmx_resume/vmx_launch. We now call
vmx_inject_interrupts() with host interrupts disabled to prevent this.
- The 'protection' field in the VM exit collateral for the PAGING exit is
not used - get rid of it.

Reviewed by: grehan

MFC 259635:
Add an option to ignore accesses by the guest to unimplemented MSRs.

Also, ignore a couple of SandyBridge uncore PMC MSRs that Centos 6.4 writes
to during boot.

MFC 258859,259081,259085,259205,259213,259275,259482,259537,259702,259779:
Several changes to the local APIC support in bhyve:
- Rename 'vm_interrupt_hostcpu()' to 'vcpu_notify_event()'.
- If a vcpu disables its local apic and then executes a 'HLT' then spin
down the vcpu and destroy its thread context. Also modify the 'HLT'
processing to ignore pending interrupts in the IRR if interrupts have
been disabled by the guest. The interrupt cannot be injected into the
guest in any case so resuming it is futile.
- Use callout(9) to drive the vlapic timer instead of clocking it on each
VM exit.
- When the guest is bringing up the APs in the x2APIC mode a write to the
ICR register will now trigger a return to userspace with an exitcode of
VM_EXITCODE_SPINUP_AP.
- Change the vlapic timer lock to be a spinlock because the vlapic can be
accessed from within a critical section (vm run loop) when guest is using
x2apic mode.
- Fix the vlapic version register.
- Add a command to bhyvectl to inject an NMI on a specific vcpu.
- Add an API to deliver message signalled interrupts to vcpus. This allows
callers to treat the MSI 'addr' and 'data' fields as opaque and also lets
bhyve implement multiple destination modes: physical, flat and clustered.
- Rename the ambiguously named 'vm_setup_msi()' and 'vm_setup_msix()' to
'vm_setup_pptdev_msi()' and 'vm_setup_pptdev_msix()' respectively.
- Consolidate the virtual apic initialization in a single function:
vlapic_reset()
- Add a generic routine to trigger an LVT interrupt that supports both
fixed and NMI delivery modes.
- Add an ioctl and bhyvectl command to trigger local interrupts inside a
guest. In particular, a global NMI similar to that raised by SERR# or
PERR# can be simulated by asserting LINT1 on all vCPUs.
- Extend the LVT table in the vCPU local APIC to support CMCI.
- Flesh out the local APIC error reporting a bit to cache errors and
report them via ESR when ESR is written to. Add support for asserting
the error LVT when an error occurs. Raise illegal vector errors when
attempting to signal an invalid vector for an interrupt or when sending
an IPI.
- Export table entries in the MADT and MP Table advertising the stock x86
config of LINT0 set to ExtInt and LINT1 wired to NMI.

MFC 261607:
Mark the I/O ports used by the bhyve console and debug devices as system
resources.

MFC 260206:
Rework the DSDT generation code a bit to generate more accurate info about
LPC devices. Among other things, the LPC serial ports now appear as
ACPI devices.

MFC 259826,259997,259998:
Support soft power-off via the ACPI S5 state for bhyve guests and wire
up a virtual power button to SIGTERM:
- Implement the PM1_EVT and PM1_CTL registers required by ACPI.
- Emulate the Reset Control register at I/O port 0xcf9.
- Advertise an _S5 package.
- Implement an SMI_CMD register with commands to enable and disable ACPI.
Currently the only change when ACPI is enabled is to enable the virtual
power button via SIGTERM.
- Implement a fixed-feature power button when ACPI is enabled by asserting
PWRBTN_STS in PM1_EVT when SIGTERM is received.
- Add support for EVFILT_SIGNAL events to mevent.
- Implement support for the ACPI system command interrupt (SCI) and assert
it when needed based on the values in PM1_EVT. Mark the SCI as active-low
and level triggered in the MADT and MP Table.

MFC 257422,257661,258075,258476,258494,258579,258609,258699:
Several enhancements to the I/O APIC support in bhyve including:
- Move the I/O APIC device model from userspace into vmm.ko and add
ioctls to assert and deassert I/O APIC pins.
- Add HPET device emulation including a single timer block with 8 timers.
- Remove the 'vdev' abstraction.

Approved by: neel

MFC r260446

virtio-block does not exist, the correct name is virtio-blk.

PR: 185573
Submitted by: Allan Jude
Facilitated by: Snow B.V.

MFC 259013:
Fix the processor table entry structure to use a fixed-width type for
32-bit fields so it is the correct size on amd64. Remove a workaround
for the broken structure from bhyve(8).

MFC r259302,r259413

r259302
bhyve(8) man page

r259413
mdoc: sort SEE ALSO

MFC r256657,r257018,r257347,r257423,r257729,r257767,
r257933,r258609,r258614,r258668,r258673,r258855

Pull in some minor bugfixes and functionality enhancements
from CURRENT. These are candidates to be moved to 10.0-release.

r258855
mdoc: quote string properly.

r258673
Don't create an initial value for the host filesystem of "/".

r258668
Allow bhyve and bhyveload to attach to tty devices.

r258614
The 22-bit Data Byte Count (DBC) field of a Physical Region Descriptor was
being read as a 32-bit quantity by the bhyve AHCI driver.

r258609
Fix discrepancy between the IOAPIC ID advertised by firmware tables and the
actual value read by the guest.

r257933
Route the legacy timer interrupt (IRQ0) to pin 2 of the IOAPIC.

r257767
Fix an off-by-one error when iterating over the emulated PCI BARs.

r257729
Add the VM name to the process name with setproctitle().

r257423
Make the virtual ioapic available unconditionally in a bhyve virtual machine.

r257347
Update copyright to include the author of the LPC bridge emulation code.

hand-merge r257018
Tidy usage messages for bhyve and bhyveload.

r256657
Add an option to bhyveload(8) that allows setting a loader environment variable
from the command line.

Discussed with: neel

Hoist all the mergeinfo up to the root in preparation for enforcing merges
to the root only. All MFC's were rerecorded to the root.

Going forward, if an MFC includes mergeinfo, it will need to be made to
the root and committed from the root. Merges with --ignore-ancestry
or diff | patch can go anywhere.

The mergeinfo in HEAD is in a bad state from years of neglect and manual
tampering and this was branched into 10.x. This confuses the coalescing
code and prevents it from doing its job.

Approved by: re (gjb, implicit)

MFC r257092

Fix bug in the ioapic emulation for level-triggered interrupts,
where a pin assertion while a source was masked would result in
the interrupt being lost, with the symptom being a console hang.
The condition is now recorded, and the interrupt generated when
the source is unmasked.

Approved by: re (glebius)

MFC r257293.

Add support for PCI-to-ISA LPC bridge emulation. If the LPC bus is attached
to a virtual machine then we implicitly create COM1 and COM2 ISA devices.

Prior to this change the only way of attaching a COM port to the virtual
machine was by presenting it as a PCI device that is mapped at the legacy
I/O address 0x3F8 or 0x2F8.

There were some issues with the original approach:
- It did not work at all with UEFI because UEFI will reprogram the PCI device
BARs and remap the COM1/COM2 ports at non-legacy addresses.
- OpenBSD GENERIC kernel does not create a /dev/console because it expects
the uart device at the legacy 0x3F8/0x2F8 address to be an ISA device.
- It was functional with a FreeBSD guest but caused the console to appear
on /dev/ttyu2 which was not intuitive.

The uart emulation is now independent of the bus on which it resides. Thus it
is possible to have uart devices on the PCI bus in addition to the legacy
COM1/COM2 devices behind the LPC bus.

The command line option to attach ISA COM1/COM2 ports to a virtual machine is
"-s <bus>,lpc -l com1,stdio".

The command line option to create a PCI-attached uart device is:
"-s <bus>,uart[,stdio]"

The command line option to create PCI-attached COM1/COM2 device is:
"-S <bus>,uart[,stdio]". This style of creating COM ports is deprecated.

Approved by: re (glebius)

MFC r256926, r257005

r256926
Fix AHCI ATAPI emulation when backed with /dev/cd0

- remove assumption that the backing file/device had
512-byte sectors
- fix incorrect iovec size variable that would result
in a buffer overrun when an o/s issued an i/o request
with more s/g elements than the blockif api

r257005
Export the block size capability to guests.
- Use #defines for capability bits
- Export the VTBLK_F_BLK_SIZE capability
- Fix bug in calculating capacity: it is in
512-byte units, not the underlying sector size

This allows virtio-blk to have backing devices
with non 512-byte sector sizes e.g. /dev/cd0, and
4K-block harddrives.

Approved by: re (glebius)

MFC r256645.

Add a new capability, VM_CAP_ENABLE_INVPCID, that can be enabled to expose
'invpcid' instruction to the guest. Currently bhyve will try to enable this
capability unconditionally if it is available.

Consolidate code in bhyve to set the capabilities so it is no longer
duplicated in BSP and AP bringup.

Add a sysctl 'vm.pmap.invpcid_works' to display whether the 'invpcid'
instruction is available.

Approved by: re (hrs)

MFC r256709:

Eliminate unconditional debug printfs.

Linux writes to these nominally read-only registers,
so avoid having bhyve write warning messages to stdout
when the reg writes can be safely ignored. Change the
WPRINTF to DPRINTF which is conditional.

Approved by: re (delphij)

MFC r256709:

Eliminate unconditional debug printfs.

Linux writes to these nominally read-only registers,
so avoid having bhyve write warning messages to stdout
when the reg writes can be safely ignored. Change the
WPRINTF to DPRINTF which is conditional.

Approved by: re (gjb)

MFC r256389

Implement the virtio block 'get-ident' operation. This eliminates the
annoying verbose boot error of the form

g_handleattr: vtbd0 bio_length 24 len 28 -> EFAULT

The ident returned by bhyve is a text string 'BHYVE-XXXX-XXXX', where
the X's are the first bytes of the md5 hash of the backing filename.

Approved by: re (gjb)

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Allow a 4-byte write to PCI config space to overlap
the 2 read-only bytes at the start of a PCI capability.
This is the sequence that OpenBSD uses when enabling
MSI interrupts, and works fine on real h/w.

In bhyve, convert the 4 byte write to a 2-byte write to
the r/w area past the first 2 r/o bytes of a capability.

Reviewed by: neel
Approved by: re@ (blanket)

Parse the memory size parameter using expand_number() to allow specifying
the memory size more intuitively (e.g. 512M, 4G etc).

Submitted by: rodrigc
Reviewed by: grehan
Approved by: re (blanket)

In usr.sbin/bhyve/pci_ahci.c, fix several gcc warnings of the form
"assignment makes pointer from integer without a cast", by changing the
cmd_lst and rbis members of struct ahci_port from integers to pointers.

Also surround a pow-of-2 test expression with parentheses to clarify it,
and avoid another gcc warning.

Approved by: re (glebius)
Reviewed by: grehan, mav

After r256062, the static function fbsdrun_get_next_cpu() in
usr.sbin/bhyve/bhyverun.c is no longer used, so remove it to silence a
gcc warning.

Approved by: re (glebius)

Change the behavior of bhyve such that the gdb listening port is opt-in
rather than opt-out.

Prior to this change if the "-g" option was not specified then a listening
socket for tunneling gdb packets would be opened at port 6466. If a second
virtual machine is fired up, also without the "-g" option, then that would
fail because there is already a listener on port 6466.

After this change if a gdb tunnel port needs to be created it needs to be
explicitly specified with a "-g <portnum>" command line option.

Reviewed by: grehan@
Approved by: re@ (blanket)

Merge projects/bhyve_npt_pmap into head.

Make the amd64/pmap code aware of nested page table mappings used by bhyve
guests. This allows bhyve to associate each guest with its own vmspace and
deal with nested page faults in the context of that vmspace. This also
enables features like accessed/dirty bit tracking, swapping to disk and
transparent superpage promotions of guest memory.

Guest vmspace:
Each bhyve guest has a unique vmspace to represent the physical memory
allocated to the guest. Each memory segment allocated by the guest is
mapped into the guest's address space via the 'vmspace->vm_map' and is
backed by an object of type OBJT_DEFAULT.

pmap types:
The amd64/pmap now understands two types of pmaps: PT_X86 and PT_EPT.

The PT_X86 pmap type is used by the vmspace associated with the host kernel
as well as user processes executing on the host. The PT_EPT pmap is used by
the vmspace associated with a bhyve guest.

Page Table Entries:
The EPT page table entries as mostly similar in functionality to regular
page table entries although there are some differences in terms of what
bits are used to express that functionality. For e.g. the dirty bit is
represented by bit 9 in the nested PTE as opposed to bit 6 in the regular
x86 PTE. Therefore the bitmask representing the dirty bit is now computed
at runtime based on the type of the pmap. Thus PG_M that was previously a
macro now becomes a local variable that is initialized at runtime using
'pmap_modified_bit(pmap)'.

An additional wrinkle associated with EPT mappings is that older Intel
processors don't have hardware support for tracking accessed/dirty bits in
the PTE. This means that the amd64/pmap code needs to emulate these bits to
provide proper accounting to the VM subsystem. This is achieved by using
the following mapping for EPT entries that need emulation of A/D bits:
Bit Position Interpreted By
PG_V 52 software (accessed bit emulation handler)
PG_RW 53 software (dirty bit emulation handler)
PG_A 0 hardware (aka EPT_PG_RD)
PG_M 1 hardware (aka EPT_PG_WR)

The idea to use the mapping listed above for A/D bit emulation came from
Alan Cox (alc@).

The final difference with respect to x86 PTEs is that some EPT implementations
do not support superpage mappings. This is recorded in the 'pm_flags' field
of the pmap.

TLB invalidation:
The amd64/pmap code has a number of ways to do invalidation of mappings
that may be cached in the TLB: single page, multiple pages in a range or the
entire TLB. All of these funnel into a single EPT invalidation routine called
'pmap_invalidate_ept()'. This routine bumps up the EPT generation number and
sends an IPI to the host cpus that are executing the guest's vcpus. On a
subsequent entry into the guest it will detect that the EPT has changed and
invalidate the mappings from the TLB.

Guest memory access:
Since the guest memory is no longer wired we need to hold the host physical
page that backs the guest physical page before we can access it. The helper
functions 'vm_gpa_hold()/vm_gpa_release()' are available for this purpose.

PCI passthru:
Guest's with PCI passthru devices will wire the entire guest physical address
space. The MMIO BAR associated with the passthru device is backed by a
vm_object of type OBJT_SG. An IOMMU domain is created only for guest's that
have one or more PCI passthru devices attached to them.

Limitations:
There isn't a way to map a guest physical page without execute permissions.
This is because the amd64/pmap code interprets the guest physical mappings as
user mappings since they are numerically below VM_MAXUSER_ADDRESS. Since PG_U
shares the same bit position as EPT_PG_EXECUTE all guest mappings become
automatically executable.

Thanks to Alan Cox and Konstantin Belousov for their rigorous code reviews
as well as their support and encouragement.

Thanks for John Baldwin for reviewing the use of OBJT_SG as the backing
object for pci passthru mmio regions.

Special thanks to Peter Holm for testing the patch on short notice.

Approved by: re
Discussed with: grehan
Reviewed by: alc, kib
Tested by: pho

Remove obsolete cmd-line options and code associated with
these.
The mux-vcpus option may return at some point, given it's utility
in finding bhyve (and FreeBSD) bugs.

Approved by: re@ (blanket)
Discussed with: neel@

Hook up the AHCI and blockif code to the build.

Approved by: re@ (blanket)

Import Zhixiang Yu's GSoC'13 AHCI emulation:
https://wiki.freebsd.org/SummerOfCode2013/bhyveAHCI

This provides ICH8 SATA disk and ATAPI ports, selectable
via the bhyve slot command-line parameter:

SATA
-s <slot>,ahci-hd,<image-file>

ATAPI
-s <slot>,ahci-cd,<image-file>

Slight modifications by: grehan@
Approved by: re@ (blanket)
Obtained from: FreeBSD GSoC'13

Block-layer backend interface for bhyve block-io device emulations.

Approved by: re@ (blanket)

Fix incorrect assertion on the minimum side. ZFS would
trigger this.

Reported by: Chris Torek, Allan Jude
Approved by: re@ (blanket)

Implement support for the interrupt-on-terminal-count and
s/w-strobe timer modes. These are commonly used by non-FreeBSD
o/s's.

Approved by: re@ (blanket)

Add simplistic periodic timer support to mevent using kqueue's
timer support. This should be enough for the emulation of
h/w periodic timers (and no more) e.g. some of the 8254's
more esoteric modes that happen to be used by non-FreeBSD o/s's.

Approved by: re@ (blanket)

Allow the alarm hours/mins/seconds registers to be read/written,
though without any action. This avoids a hypervisor exit when
o/s's access these regs (Linux).

Reviewed by: neel
Approved by: re@ (blanket)

Use correct offset for the high byte of high memory written to
RTC NVRAM.

Submitted by: Bela Lubkin bela dot lubkin at tidalscale dot com
Approved by: re@ (blanket)

Pass the number of supported vectors to pci_emul_add_msicap() and
not the actual PCI BAR number.

Reviewed by: neel
Approved by: re@ (blanket)

Go way past 11 and bump bhyve's max vCPUs to 16.

This should be sufficient for 10.0 and will do
until forthcoming work to avoid limitations
in this area is complete.

Thanks to Bela Lubkin at tidalscale for the
headsup on the apic/cpu id/io apic ASL parameters
that are actually hex values and broke when
written as decimal when 11 vCPUs were configured.

Approved by: re@

Fix spelling.

Allow level-triggered interrupt sources. While this isn't
precisely emulated, it is good enough for the single consumer
i.e. irq4, the serial port on Linux.

Allow single byte reads of the emulated MSI-X tables. This is not required
by the PCI specification but needed to dump MMIO space from "ddb" in the
guest.

Fix off-by-1 error in assert.

Submitted by: Tycho Nightingale (tycho.nightingale@pluribusnetworks.com)

Fix ordering of legacy IRQ reservations.

Submitted by: Jeremiah Lott jlott at averesystems dot com

Sanity-check the vm exitcode, and exit the process if it's out-of-bounds
or there is no registered handler.

Submitted by: Bela Lubkin bela dot lubkin at tidalscale dot com

Major rework of the virtio code. Split out common parts, and modify
the net/block devices accordingly.

Submitted by: Chris Torek torek at torek dot net
Reviewed by: grehan

Implement RTC CMOS nvram. Init some fields that are used
by FreeBSD and UEFI.
Tested with nvram(4).

Reviewed by: neel

Support an optional "mac=" parameter to virtio-net config, to allow
users to set the MAC address for a device.

Clean up some obsolete code in pci_virtio_net.c

Allow an error return from a PCI device emulation's init routine
to be propagated all the way back to the top-level and result in
the process exiting.

Submitted by: Dinakar Medavaram dinnu sun at gmail (original version)

Fix up option parsing to allow a colon in the config section.
Clean up some other unnecessary code.

Submitted by: Dinakar Medavaram dinnu sun at gmail
Reviewed by: neel

Allow 8259 registers to be read. This is a transient condition
during Linux boot.

Submitted by: tycho nightingale at pluribusnetworks com
Reviewed by: neel

Allow the PCI config address register to be read. The Linux
kernel does this. Also remove an unused header file.

Submitted by: tycho nightingale at pluribusnetworks com
Reviewed by: neel

Implement the NOTIFY_ON_EMPTY capability in the virtio-net device.

If this capability is negotiated by the guest then the device will
generate an interrupt when it runs out of available tx/rx descriptors.

Reviewed by: grehan
Obtained from: NetApp

Reset some more softc state when the guest resets the virtio network device.

Obtained from: NetApp

Use a separate mutex for the receive path instead of overloading the softc
mutex for this purpose.

Reviewed by: grehan

Get rid of the 'vsc_rxpend' state - it doesn't serve any purpose because we
drop any frames that arrive while the device is starved for receive buffers.

This makes the receive path to only execute in context of the receive thread
and allows for further simplification.

Reviewed by: grehan

Use a thread for the processing of virtio tx descriptors rather
than blocking the vCPU thread. This improves bulk data performance
by ~30-40% and doesn't harm req/resp time for stock netperf runs.

Future work will use a thread pool rather than a thread per tx queue.

Submitted by: Dinakar Medavaram
Reviewed by: neel, grehan
Obtained from: NetApp

Gripe if some <slot,function> tuple is specified more than once instead of
silently overwriting the previous assignment.

Gripe if the emulation is not recognized instead of silently ignoring the
emulated device.

If an error is detected by pci_parse_slot() then exit from the command line
parsing loop in main().

Submitted by (initial version): Chris Torek (chris.torek@gmail.com)

Teach the virtio block device to deal with direct as well as indirect
descriptors. Prior to this change the device would only work with guests
that chose to use indirect descriptors.

Modify the device reset callback to actually reset the device state.

Submitted by: Tycho Nightingale (tycho.nightingale@pluribusnetworks.com)

Setup accesses to the memory hole below 4GB to return all 1's on read and
consume all writes without any side effects.

Obtained from: NetApp

Need to call init_mem() to really initialize the MMIO range lookups.

This was working by accident because:
- the RB_HEADs were being initialized to zero as part of BSS
- the pthread_rwlock functions were implicitly initializing the lock object

Obtained from: NetApp

Remove obsolete comment about lack of locking for MMIO range lookup.

Pointed out by: Tycho Nightingale (tycho.nightingale@plurisbusnetworks.com)

Unsynchronized TSCs on the host require special handling in bhyve:

- use clock_gettime(2) as the time base for the emulated ACPI timer instead
of directly using rdtsc().

- don't advertise the invariant TSC capability to the guest to discourage it
from using the TSC as its time base.

Discussed with: jhb@ (about making 'smp_tsc' a global)
Reported by: Dan Mack on freebsd-virtualization@
Obtained from: NetApp

Change name of variable from 'rwlock' to more descriptive 'mmio_rwlock'

Requested by: grehan
Obtained from: NetApp

Improve PCI BAR emulation:
- Respect the MEMEN and PORTEN bits in the command register
- Allow the guest to reprogram the address decoded by the BAR

Submitted by: Gopakumar T
Obtained from: NetApp

Remove dangling ISA uart stubs.

Obtained from: NetApp

config checksum is over the entire fixed portion, not just the
config header. FreeBSD doesn't check this but other o/s's do.

Obtained from: NetApp

Simplify the assignment of memory to virtual machines by requiring a single
command line option "-m <memsize in MB>" to specify the memory size.

Prior to this change the user needed to explicitly specify the amount of
memory allocated below 4G (-m <lowmem>) and the amount above 4G (-M <highmem>).

The "-M" option is no longer supported by 'bhyveload' and 'bhyve'.

The start of the PCI hole is fixed at 3GB and cannot be directly changed
using command line options. However it is still possible to change this in
special circumstances via the 'vm_set_lowmem_limit()' API provided by
libvmmapi.

Submitted by: Dinakar Medavaram (initial version)
Reviewed by: grehan
Obtained from: NetApp

Change the type of 'ndesc' from 'int' to 'uint16_t' so that descriptor index
wraparound is handled correctly.

The gory details are available here:
http://lists.freebsd.org/pipermail/freebsd-virtualization/2013-March/001119.html

This fixes a regression introduced in r247871.

Pointed out by: Bruce Evans, Chris Torek

Convert the offset into the bar that contains the MSI-X table to an offset
into the MSI-X table before using it to calculate the table index.

In the common case where the MSI-X table is located at the begining of the
BAR these two offsets are identical and thus the code was working by accident.

This change will fix the case where the MSI-X table is located in the middle
or at the end of the BAR that contains it.

Obtained from: NetApp

Simplify virtio ring num-available calculation.

Submitted by: Chris Torek, torek at torek dot net

Reorder code to avoid the stat buffer being used uninitialized.

Obtained from: NetApp

Specify the length of the mapping requested from 'paddr_guest2host()'.

This seems prudent to do in its own right but it also opens up the possibility
of not having to mmap the entire guest address space in the 'bhyve' process
context.

Discussed with: grehan
Obtained from: NetApp

Ignore the BARRIER flag in the virtio block header.

This capability is not advertised by the host so ignore it even if the guest
insists on setting the flag.

Reviewed by: grehan
Obtained from: NetApp

Get rid of unused struct member.

Pointed out by: Gopakumar T
Obtained from: NetApp

Add the ability to have a 'fallback' search for memory ranges.
These set of ranges will be looked at if a standard memory
range isn't found, and won't be installed in the cache.
Use this to implement the memory behaviour of the PCI hole on
x86 systems, where writes are ignored and reads always return -1.
This allows breakpoints to be set when issuing a 'boot -d', which
has the side effect of accessing the PCI hole when changing the
PTE protection on kernel code, since the pmap layer hasn't been
initialized (a bug, but present in existing FreeBSD releases so
has to be handled).

Reviewed by: neel
Obtained from: NetApp

Advertise PCI-E capability in the hostbridge device presented to the guest.

FreeBSD wants to see this capability in at least one device in the PCI
hierarchy before it allows use of MSI or MSI-X.

Obtained from: NetApp

Implement guest vcpu pinning using 'pthread_setaffinity_np(3)'.

Prior to this change pinning was implemented via an ioctl (VM_SET_PINNING)
that called 'sched_bind()' on behalf of the user thread.

The ULE implementation of 'sched_bind()' bumps up 'td_pinned' which in turn
runs afoul of the assertion '(td_pinned == 0)' in userret().

Using the cpuset affinity to implement pinning of the vcpu threads works with
both 4BSD and ULE schedulers and has the happy side-effect of getting rid
of a bunch of code in vmm.ko.

Discussed with: grehan

Install <dev/agp/agpreg.h> and <dev/pci/pcireg.h> as userland headers
in /usr/include.

MFC after: 2 weeks

Add support for MSI-X interrupts in the virtio block device and make that
the default.

The current behavior of advertising a single MSI vector can be requested by
setting the environment variable "BHYVE_USE_MSI" to "yes". The use of MSI
is not compliant with the virtio specification and will be eventually phased
out.

Submitted by: Gopakumar T
Obtained from: NetApp

Fix a broken assumption in the passthru implementation that the MSI-X table
can only be located at the beginning or the end of the BAR.

If the MSI-table is located in the middle of a BAR then we will split the
BAR into two and create two mappings - one before the table and one after
the table - leaving a hole in place of the table so accesses to it can be
trapped and emulated.

Obtained from: NetApp

Fix a bug in the passthru implementation where it would assume that all
devices are MSI-X capable. This in turn would lead it to treat bar 0 as
the MSI-X table bar even if the underlying device did not support MSI-X.

Fix this by providing an API to query the MSI-X table index of the emulated
device. If the underlying device does not support MSI-X then this API will
return -1.

Obtained from: NetApp

Add support for MSI-X interrupts in the virtio network device and make that
the default.

The current behavior of advertising a single MSI vector can be requested by
setting the environment variable "BHYVE_USE_MSI" to "true". The use of MSI
is not compliant with the virtio specification and will be eventually phased
out.

Submitted by: Gopakumar T
Obtained from: NetApp

Improve correctness of rtc register implementation.

Submitted by: tycho nightingale at pluribusnetworks com

Use the correct type (uint64_t) to retrieve sysctl machdep.tsc_freq.

Simplify the function a bit by falling through after initialization and
return via the normal code path.

Reviewed by: grehan
Obtained from: NetApp

Allocate the memory for the MSI-X table dynamically instead of allocating 32KB
statically. In most cases the number of table entries will be far less than
the maximum of 2048 allowed by the PCI specification.

Reuse macros from pcireg.h to interpret the MSI-X capability instead of rolling
our own.

Obtained from: NetApp

Get rid of redundant 'table_size' field in struct pi_msix. If needed it can
always be calculated from the number of entries in the MSI-X table.

Obtained from: NetApp

Use <vmname> in a consistent manner in usage messages output by 'bhyve',
'bhyveload' and 'bhyvectl'.

Pointed out by: joel@

Add svn properties to the recently merged bhyve source files.

The pre-commit hook will not allow any commits without the svn:keywords
property in head.

Merge projects/bhyve to head.

'bhyve' was developed by grehan@ and myself at NetApp (thanks!).

Special thanks to Peter Snyder, Joe Caradonna and Michael Dexter for their
support and encouragement.

Obtained from: NetApp

Don't completely drain the read file descriptor. Instead, only
fill up to the uart's rx fifo size, and leave any remaining input
for when the rx fifo is read. This allows cut'n'paste of long lines
to be done into the bhyve console without truncation.

Also, introduce a mutex since the file input will run in the mevent
thread context and may corrupt state accessed by a vCPU thread.

Reviewed by: neel
Approved by: NetApp

Use 64-bit arithmetic throughout, and lock accesses to globals.
With this change, dbench with >= 4 processes runs without getting
weird jumps forward in time when the APCI pmtimer is the default
timecounter.

Obtained from: NetApp

The "unrestricted guest" capability is a feature of Intel VT-x that allows
the guest to execute real or unpaged protected mode code - bhyve relies on
this feature to execute the AP bootstrap code.

Get rid of the hack that allowed bhyve to support SMP guests on processors
that do not have the "unrestricted guest" capability. This hack was entirely
FreeBSD-specific and would not work with any other guest OS.

Instead, limit the number of vcpus to 1 when executing on processors without
"unrestricted guest" capability.

Suggested by: grehan
Obtained from: NetApp

Change thread name for the main kqueue event loop to "<vmname> mevent" so
it can be easily distinguished from other non-vCPU threads in forthcoming
changes.

Obtained from: NetApp

Rename fbsdrun.* -> bhyverun.*

bhyve is intended to be a generic hypervisor, and not FreeBSD-specific.

(renaming internal routines will come later)

Reviewed by: neel
Obtained from: NetApp

Properly reset the tx/rx rings when a guest requests a device reset.

Obtained from: NetApp

Create unique MAC addresses for virtio devices that are
created with non-zero PCI function numbers.

Remove obsolete reference to CFE.

Obtained from: NetApp

Determine the correct length and sector size for raw devices.

Obtained from: NetApp
Tested by: Michael Dexter with iscsi LUNs

- Add in an XSDT to stop acpidump from exiting with a
'XSDT corrupted' error
- Fix up OEMID/OEM Table ID string padding in the DSDT.

Output on a verbose boot now looks like

...
ACPI: RSDP 0xf0400 00024 (v02 BHYVE )
ACPI: XSDT 0xf0480 00034 (v01 BHYVE BVXSDT 00000001 INTL 20120320)
ACPI: APIC 0xf0500 0004A (v01 BHYVE BVMADT 00000001 INTL 20120320)
ACPI: FACP 0xf0600 0010C (v05 BHYVE BVFACP 00000001 INTL 20120320)
ACPI: DSDT 0xf0800 000F2 (v02 BHYVE BVDSDT 00000001 INTL 20120320)
ACPI: FACS 0xf0780 00040
...

Obtained from: NetApp

Cleanup the user-space paging exit handler now that the unified instruction
emulation is in place.

Obtained from: NetApp

Revamp the x86 instruction emulation in bhyve.

On a nested page table fault the hypervisor will:
- fetch the instruction using the guest %rip and %cr3
- decode the instruction in 'struct vie'
- emulate the instruction in host kernel context for local apic accesses
- any other type of mmio access is punted up to user-space (e.g. ioapic)

The decoded instruction is passed as collateral to the user-space process
that is handling the PAGING exit.

The emulation code is fleshed out to include more addressing modes (e.g. SIB)
and more types of operands (e.g. imm8). The source code is unified into a
single file (vmm_instruction_emul.c) that is compiled into vmm.ko as well
as /usr/sbin/bhyve.

Reviewed by: grehan
Obtained from: NetApp

MSI-X does not need to be enabled in the message control register for the
guest to access the MSI-x tables.

Obtained from: NetApp

Mask the %eax register properly based on whether the "out" instruction is
operating on 1, 2 or 4 bytes.

There could be garbage in the unused bytes so zero them off.

Obtained from: NetApp

ACPI support for bhyve.

The -A option will create the minimal set of required ACPI tables in
guest memory. Since ACPI mandates an IOAPIC, the -I option must also
be used.

Template ASL files are created, and then passed to the iasl compiler
to generate AML files. These are then loaded into guest physical mem.

In support of this, the ACPI PM timer is implemented, in 32-bit mode.

Tested on 7.4/8.*/9.*/10-CURRENT.

Reviewed by: neel
Obtained from: NetApp
Discussed with: jhb (a long while back)

IFC @ r242684

Change the thread name of the vCPU threads to contain the
name of the VM and the vCPU number. This helps hugely
when using top -H to identify what a VM is doing.

Reviewed by: neel
Obtained from: NetApp

Exit if the requested num vCPUs exceeds the maximum rather
than waiting until AP bringup detects an out-of-range vCPU.

While here, fix all error output to use fprintf(stderr, ...

Reviewed by: neel
Reported by: @allanjude

Present the bvm dbgport to the guest only when explicitly requested via
the "-g" command line option.

Suggested by: grehan
Obtained from: NetApp

Present the bvm console device to the guest only when explicitly requested via
the "-b" command line option.

Reviewed by: grehan
Obtained from: NetApp

Ignore PCI configuration accesses to all bus numbers other than PCI bus 0.

Obtained from: NetApp

Remove mptable generation code from libvmmapi and move it to bhyve.
Firmware tables require too much knowledge of system configuration,
and it's difficult to pass that information in general terms to a library.
The upcoming ACPI work exposed this - it will also livein bhyve.

Also, remove code specific to NetApp from the mptable name, and remove
the -n option from bhyve.

Reviewed by: neel
Obtained from: NetApp

Rework how guest MMIO regions are dealt with.

- New memory region interface. An RB tree holds the regions,
with a last-found per-vCPU cache to deal with the common case
of repeated guest accesses to MMIO registers in the same page.

- Support memory-mapped BARs in PCI emulation.

mem.c/h - memory region interface

instruction_emul.c/h - remove old region interface.
Use gpa from EPT exit to avoid a tablewalk to
determine operand address. Determine operand size
and use when calling through to region handler.

fbsdrun.c - call into region interface on paging
exit. Distinguish between instruction emul error
and region not found

pci_emul.c/h - implement new BAR callback api.
Split BAR alloc routine into routines that
require/don't require the BAR phys address.

ioapic.c
pci_passthru.c
pci_virtio_block.c
pci_virtio_net.c
pci_uart.c - update to new BAR callback i/f

Reviewed by: neel
Obtained from: NetApp

Deal with transient EBUSY error return from vm_run() by retrying the operation.

Add an option "-a" to present the local apic in the XAPIC mode instead of the
default X2APIC mode to the guest.

Add an explicit exit code 'SPINUP_AP' to tell the controlling process that an
AP needs to be activated by spinning up an execution context for it.

The local apic emulation is now completely done in the hypervisor and it will
detect writes to the ICR_LO register that try to bring up the AP. In response
to such writes it will return to userspace with an exit code of SPINUP_AP.

Reviewed by: grehan

Fix a bug in how a 64-bit bar in a pci passthru device would be presented to
the guest. Prior to the fix it was possible for such a bar to appear as a
32-bit bar as long as it was allocated from the region below 4GB.

This had the potential to confuse some drivers that were particular about
the size of the bars.

Obtained from: NetApp

Add support for emulating PCI multi-function devices.

These function number is specified by an optional [:<func>] after the slot
number: -s 1:0,virtio-net,tap0

Ditto for the mptable naming: -n 1:0,e0a

Obtained from: NetApp

Device model for ioapic emulation.

With this change the uart emulation is entirely interrupt driven.

Obtained from: NetApp

The displacement field in the decoded instruction should be treated as a 8-bit
or 32-bit signed integer.

Simplify the handling of indirect addressing with displacement by
unconditionally adding the 'instruction->disp' to the target address.
This is alright since 'instruction->disp' is non-zero only for the
addressing modes that specify a displacement.

Obtained from: NetApp

Add the "-I" option to control whether or not an ioapic is visible to the guest.

Obtained from: NetApp

Use the correct variable to index into the 'lirq[]' array to check the legacy
IRQ ownership.

Check that 'opts' is actually not NULL before dereferencing it. It is expected
that 'opts' will be NULL for the second serial port (-S <slot>,uart)

Add 16550 uart emulation as a PCI device. This allows it to
be activated as part of the slot config options.
The syntax is:

-s <slotnum>,uart[,stdio]

The stdio parameter instructs the code to perform i/o using
stdin/stdout. It can only be used for one instance.
To allow legacy i/o ports/irqs to be used, a new variant of
the slot command, -S, is introduced. When used to specify a
slot, the device will use legacy resources if it supports
them; otherwise it will be treated the same as the '-s' option.
Specifying the -S option with the uart will first use the 0x3f8/irq 4
config, and the second -S will use 0x2F8/irq 3.

Interrupt delivery is awaiting the arrival of the i/o apic code,
but this works fine in uart(4)'s polled mode.

This code was written by Cynthia Lu @ MIT while an intern at NetApp,
with further work from neel@ and grehan@.

Obtained from: NetApp

MSI-x interrupt support for PCI pass-thru devices.

Includes instruction emulation for memory r/w access. This
opens the door for io-apic, local apic, hpet timer, and
legacy device emulation.

Submitted by: ryan dot berryhill at sandvine dot com
Reviewed by: grehan
Obtained from: Sandvine

Ignore legacy INIT de-asserts in x2apic mode before verifying
the contents of the IPI.
Uncovered by jhb's x2apic patch.

Obtained from: NetApp

Allow access to the device's config area with any size i/o access at any
offset. This is now spec-compliant.

Catch up with CURRENTs different timer usage compared to 8.1. A counter
value of 0 in rategen mode is equivalent to a max initial value.
The TSC is now correctly calibrated on a 9.0 guest.

Obtained from: NetApp

Changes to allow the GENERIC+bhye kernel built from this branch to
run as a 1/2 CPU guest on an 8.1 bhyve host.

bhyve/inout.c
inout.h
fbsdrun.c
- Rather than exiting on accesses to unhandled i/o ports, emulate
hardware by returning -1 on reads and ignoring writes to unhandled
ports. Support the previous mode by allowing a 'strict' parameter
to be set from the command line.
The 8.1 guest kernel was vastly cut down from GENERIC and had no
ISA devices. Booting GENERIC exposes a massive amount of random
touching of i/o ports (hello syscons/vga/atkbdc).

bhyve/consport.c
dev/bvm/bvm_console.c
- implement a simplistic signature for the bvm console by returning
'bv' for an inw on the port. Also, set the priority of the console
to CN_REMOTE if the signature was returned. This works better in
an environment where multiple consoles are in the kernel (hello syscons)

bhyve/rtc.c
- return 0 for the access to RTC_EQUIPMENT (yes, you syscons)

amd64/vmm/x86.c
x86.h
- hide a bunch more CPUID leaf 1 bits from the guest to prevent
cpufreq drivers from probing.
The next step will be to move CPUID handling completely into
user-space. This will allow the full spectrum of changes from
presenting a lowest-common-denominator CPU type/feature set, to
exposing (almost) everything that the host can support.

Reviewed by: neel
Obtained from: NetApp

First cut to port bhyve, vmmctl, and libvmmapi to HEAD.

Import of bhyve hypervisor and utilities, part 1.
vmm.ko - kernel module for VT-x, VT-d and hypervisor control
bhyve - user-space sequencer and i/o emulation
vmmctl - dump of hypervisor register state
libvmm - front-end to vmm.ko chardev interface

bhyve was designed and implemented by Neel Natu.

Thanks to the following folk from NetApp who helped to make this available:
Joe CaraDonna
Peter Snyder
Jeff Heller
Sandeep Mann
Steve Miller
Brian Pawlowski