git: bc7862bc916c - main - vmm: Start using exterror

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Thu, 19 Feb 2026 17:16:32 UTC
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=bc7862bc916c3b81bcdc374e5144ab2f5bf62b19

commit bc7862bc916c3b81bcdc374e5144ab2f5bf62b19
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2026-02-19 14:39:12 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2026-02-19 17:16:15 +0000

    vmm: Start using exterror
    
    For now, just describe the error where an unprivileged user attempts to
    run a VM without DESTROY_ON_CLOSE semantics, i.e., monitor mode.
    
    Reviewed by:    bnovkov
    MFC after:      2 months
    Sponsored by:   The FreeBSD Foundation
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D54743
---
 lib/libc/gen/exterr_cat_filenames.h | 1 +
 sys/dev/vmm/vmm_dev.c               | 5 ++++-
 sys/sys/exterr_cat.h                | 1 +
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/libc/gen/exterr_cat_filenames.h b/lib/libc/gen/exterr_cat_filenames.h
index d55396a1b286..e45d05e384bd 100644
--- a/lib/libc/gen/exterr_cat_filenames.h
+++ b/lib/libc/gen/exterr_cat_filenames.h
@@ -2,6 +2,7 @@
  * Automatically @generated, use
  * tools/build/make_libc_exterr_cat_filenames.sh
  */
+	[EXTERR_CAT_VMM] = "dev/vmm/vmm_dev.c",
 	[EXTERR_CAT_FUSE_DEVICE] = "fs/fuse/fuse_device.c",
 	[EXTERR_CAT_FUSE_VFS] = "fs/fuse/fuse_vfsops.c",
 	[EXTERR_CAT_FUSE_VNOPS] = "fs/fuse/fuse_vnops.c",
diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c
index 0e5477745db5..ed8e5b2e0777 100644
--- a/sys/dev/vmm/vmm_dev.c
+++ b/sys/dev/vmm/vmm_dev.c
@@ -8,6 +8,8 @@
 
 #include <sys/param.h>
 #include <sys/conf.h>
+#define	EXTERR_CATEGORY	EXTERR_CAT_VMM
+#include <sys/exterrvar.h>
 #include <sys/fcntl.h>
 #include <sys/ioccom.h>
 #include <sys/jail.h>
@@ -1010,7 +1012,8 @@ vmmdev_create(const char *name, uint32_t flags, struct ucred *cred)
 	if ((flags & VMMCTL_CREATE_DESTROY_ON_CLOSE) == 0 &&
 	    (error = priv_check_cred(cred, PRIV_VMM_CREATE)) != 0) {
 		sx_xunlock(&vmmdev_mtx);
-		return (error);
+		return (EXTERROR(error,
+		    "An unprivileged user must run VMs in monitor mode"));
 	}
 
 	if (!chgvmmcnt(cred->cr_ruidinfo, 1, vm_maxvmms)) {
diff --git a/sys/sys/exterr_cat.h b/sys/sys/exterr_cat.h
index 015eb6a1ae76..4f3ff6925242 100644
--- a/sys/sys/exterr_cat.h
+++ b/sys/sys/exterr_cat.h
@@ -39,6 +39,7 @@
 #define	EXTERR_CAT_FUSE_DEVICE	14
 #define	EXTERR_CAT_FORK		15
 #define	EXTERR_CAT_PROCEXIT	16
+#define	EXTERR_CAT_VMM		17
 
 #endif