Hi,
As part of the work towards making unprivileged bhyve viable I made some
changes
to the VM lifecycle, so I'd like to get some feedback on the new VM
lifecycle scheme.
The first big change was to add mechanisms to automatically reclaim a
virtual
machine's resources when the owning process goes away, especially when
it's killed
by the OOM killer.
To address this we decided to tie a virtual machine's lifecycle to a
file descriptor.
vmmctl's VMMCTL_VM_CREATE ioctl was extended with a new flag
(VMMCTL_CREATE_DESTROY_ON_CLOSE) that instructs it to destroy all virtual
machines associated with a specific vmmctl file descriptor when it is
closed.
vmmctl uses the 'devfs_xxx_cdevpriv' functions to maintain a
per-descriptor list
of such virtual machines.
Under this regime the virtual machine gets destroyed once the owning
process
dies, which is not very useful when one just wants to restart a virtual
machine.
The second big change addresses this by introducing "monitor mode" to bhyve
(for lack of a better term), which is enabled by passing the '-M' flag.
This will instruct bhyve to create a transient virtual machine using the
mechanism
described in the above paragraph. At a certain point during startup, it
will then fork
itself and let the child process continue with the setup and start the VM.
The parent process waits for the virtual machine to exit and will
automatically
restart it if the child exited with a "reboot" status (i.e., 0).
Exiting with any other status code or killing the parent process will
automatically destroy the VM. Monitor mode also works with non-transient
VMs,
but it will not destroy them when bhyve exits.
Please feel free to leave comments on any of the following reviews:
- https://reviews.freebsd.org/D53729 (vmm: Add ability to destroy VMs
on close)
- https://reviews.freebsd.org/D53731 (bhyve: Introduce monitor mode)
Thanks,
Bojan
