vmm: Start using exterror

For now, just describe the error where an unprivileged user attempts to
run a VM without DESTROY_ON_CLOSE semantics, i.e., monitor mode.

Reviewed by:	bnovkov
MFC after:	2 months
Sponsored by:	The FreeBSD Foundation
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54743

3 files changed, 6 insertions, 1 deletions

diff --git a/lib/libc/gen/exterr_cat_filenames.h b/lib/libc/gen/exterr_cat_filenames.h
index d55396a1b286..e45d05e384bd 100644
--- a/lib/libc/gen/exterr_cat_filenames.h
+++ b/lib/libc/gen/exterr_cat_filenames.h
@@ -2,6 +2,7 @@
  * Automatically @generated, use
  * tools/build/make_libc_exterr_cat_filenames.sh
  */
+	[EXTERR_CAT_VMM] = "dev/vmm/vmm_dev.c",
 	[EXTERR_CAT_FUSE_DEVICE] = "fs/fuse/fuse_device.c",
 	[EXTERR_CAT_FUSE_VFS] = "fs/fuse/fuse_vfsops.c",
 	[EXTERR_CAT_FUSE_VNOPS] = "fs/fuse/fuse_vnops.c",
diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c
index 0e5477745db5..ed8e5b2e0777 100644
--- a/sys/dev/vmm/vmm_dev.c
+++ b/sys/dev/vmm/vmm_dev.c
@@ -8,6 +8,8 @@
 
 #include <sys/param.h>
 #include <sys/conf.h>
+#define	EXTERR_CATEGORY	EXTERR_CAT_VMM
+#include <sys/exterrvar.h>
 #include <sys/fcntl.h>
 #include <sys/ioccom.h>
 #include <sys/jail.h>
@@ -1010,7 +1012,8 @@ vmmdev_create(const char *name, uint32_t flags, struct ucred *cred)
 	if ((flags & VMMCTL_CREATE_DESTROY_ON_CLOSE) == 0 &&
 	    (error = priv_check_cred(cred, PRIV_VMM_CREATE)) != 0) {
 		sx_xunlock(&vmmdev_mtx);
-		return (error);
+		return (EXTERROR(error,
+		    "An unprivileged user must run VMs in monitor mode"));
 	}
 
 	if (!chgvmmcnt(cred->cr_ruidinfo, 1, vm_maxvmms)) {
diff --git a/sys/sys/exterr_cat.h b/sys/sys/exterr_cat.h
index 015eb6a1ae76..4f3ff6925242 100644
--- a/sys/sys/exterr_cat.h
+++ b/sys/sys/exterr_cat.h
@@ -39,6 +39,7 @@
 #define	EXTERR_CAT_FUSE_DEVICE	14
 #define	EXTERR_CAT_FORK		15
 #define	EXTERR_CAT_PROCEXIT	16
+#define	EXTERR_CAT_VMM		17
 
 #endif