hvcs.txt 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567
  1. ===========================================================================
  2. HVCS
  3. IBM "Hypervisor Virtual Console Server" Installation Guide
  4. for Linux Kernel 2.6.4+
  5. Copyright (C) 2004 IBM Corporation
  6. ===========================================================================
  7. NOTE:Eight space tabs are the optimum editor setting for reading this file.
  8. ===========================================================================
  9. Author(s) : Ryan S. Arnold <[email protected]>
  10. Date Created: March, 02, 2004
  11. Last Changed: August, 24, 2004
  12. ---------------------------------------------------------------------------
  13. Table of contents:
  14. 1. Driver Introduction:
  15. 2. System Requirements
  16. 3. Build Options:
  17. 3.1 Built-in:
  18. 3.2 Module:
  19. 4. Installation:
  20. 5. Connection:
  21. 6. Disconnection:
  22. 7. Configuration:
  23. 8. Questions & Answers:
  24. 9. Reporting Bugs:
  25. ---------------------------------------------------------------------------
  26. 1. Driver Introduction:
  27. This is the device driver for the IBM Hypervisor Virtual Console Server,
  28. "hvcs". The IBM hvcs provides a tty driver interface to allow Linux user
  29. space applications access to the system consoles of logically partitioned
  30. operating systems (Linux and AIX) running on the same partitioned Power5
  31. ppc64 system. Physical hardware consoles per partition are not practical
  32. on this hardware so system consoles are accessed by this driver using
  33. firmware interfaces to virtual terminal devices.
  34. ---------------------------------------------------------------------------
  35. 2. System Requirements:
  36. This device driver was written using 2.6.4 Linux kernel APIs and will only
  37. build and run on kernels of this version or later.
  38. This driver was written to operate solely on IBM Power5 ppc64 hardware
  39. though some care was taken to abstract the architecture dependent firmware
  40. calls from the driver code.
  41. Sysfs must be mounted on the system so that the user can determine which
  42. major and minor numbers are associated with each vty-server. Directions
  43. for sysfs mounting are outside the scope of this document.
  44. ---------------------------------------------------------------------------
  45. 3. Build Options:
  46. The hvcs driver registers itself as a tty driver. The tty layer
  47. dynamically allocates a block of major and minor numbers in a quantity
  48. requested by the registering driver. The hvcs driver asks the tty layer
  49. for 64 of these major/minor numbers by default to use for hvcs device node
  50. entries.
  51. If the default number of device entries is adequate then this driver can be
  52. built into the kernel. If not, the default can be over-ridden by inserting
  53. the driver as a module with insmod parameters.
  54. ---------------------------------------------------------------------------
  55. 3.1 Built-in:
  56. The following menuconfig example demonstrates selecting to build this
  57. driver into the kernel.
  58. Device Drivers --->
  59. Character devices --->
  60. <*> IBM Hypervisor Virtual Console Server Support
  61. Begin the kernel make process.
  62. ---------------------------------------------------------------------------
  63. 3.2 Module:
  64. The following menuconfig example demonstrates selecting to build this
  65. driver as a kernel module.
  66. Device Drivers --->
  67. Character devices --->
  68. <M> IBM Hypervisor Virtual Console Server Support
  69. The make process will build the following kernel modules:
  70. hvcs.ko
  71. hvcserver.ko
  72. To insert the module with the default allocation execute the following
  73. commands in the order they appear:
  74. insmod hvcserver.ko
  75. insmod hvcs.ko
  76. The hvcserver module contains architecture specific firmware calls and must
  77. be inserted first, otherwise the hvcs module will not find some of the
  78. symbols it expects.
  79. To override the default use an insmod parameter as follows (requesting 4
  80. tty devices as an example):
  81. insmod hvcs.ko hvcs_parm_num_devs=4
  82. There is a maximum number of dev entries that can be specified on insmod.
  83. We think that 1024 is currently a decent maximum number of server adapters
  84. to allow. This can always be changed by modifying the constant in the
  85. source file before building.
  86. NOTE: The length of time it takes to insmod the driver seems to be related
  87. to the number of tty interfaces the registering driver requests.
  88. In order to remove the driver module execute the following command:
  89. rmmod hvcs.ko
  90. The recommended method for installing hvcs as a module is to use depmod to
  91. build a current modules.dep file in /lib/modules/`uname -r` and then
  92. execute:
  93. modprobe hvcs hvcs_parm_num_devs=4
  94. The modules.dep file indicates that hvcserver.ko needs to be inserted
  95. before hvcs.ko and modprobe uses this file to smartly insert the modules in
  96. the proper order.
  97. The following modprobe command is used to remove hvcs and hvcserver in the
  98. proper order:
  99. modprobe -r hvcs
  100. ---------------------------------------------------------------------------
  101. 4. Installation:
  102. The tty layer creates sysfs entries which contain the major and minor
  103. numbers allocated for the hvcs driver. The following snippet of "tree"
  104. output of the sysfs directory shows where these numbers are presented:
  105. sys/
  106. |-- *other sysfs base dirs*
  107. |
  108. |-- class
  109. | |-- *other classes of devices*
  110. | |
  111. | `-- tty
  112. | |-- *other tty devices*
  113. | |
  114. | |-- hvcs0
  115. | | `-- dev
  116. | |-- hvcs1
  117. | | `-- dev
  118. | |-- hvcs2
  119. | | `-- dev
  120. | |-- hvcs3
  121. | | `-- dev
  122. | |
  123. | |-- *other tty devices*
  124. |
  125. |-- *other sysfs base dirs*
  126. For the above examples the following output is a result of cat'ing the
  127. "dev" entry in the hvcs directory:
  128. Pow5:/sys/class/tty/hvcs0/ # cat dev
  129. 254:0
  130. Pow5:/sys/class/tty/hvcs1/ # cat dev
  131. 254:1
  132. Pow5:/sys/class/tty/hvcs2/ # cat dev
  133. 254:2
  134. Pow5:/sys/class/tty/hvcs3/ # cat dev
  135. 254:3
  136. The output from reading the "dev" attribute is the char device major and
  137. minor numbers that the tty layer has allocated for this driver's use. Most
  138. systems running hvcs will already have the device entries created or udev
  139. will do it automatically.
  140. Given the example output above, to manually create a /dev/hvcs* node entry
  141. mknod can be used as follows:
  142. mknod /dev/hvcs0 c 254 0
  143. mknod /dev/hvcs1 c 254 1
  144. mknod /dev/hvcs2 c 254 2
  145. mknod /dev/hvcs3 c 254 3
  146. Using mknod to manually create the device entries makes these device nodes
  147. persistent. Once created they will exist prior to the driver insmod.
  148. Attempting to connect an application to /dev/hvcs* prior to insertion of
  149. the hvcs module will result in an error message similar to the following:
  150. "/dev/hvcs*: No such device".
  151. NOTE: Just because there is a device node present doesn't mean that there
  152. is a vty-server device configured for that node.
  153. ---------------------------------------------------------------------------
  154. 5. Connection
  155. Since this driver controls devices that provide a tty interface a user can
  156. interact with the device node entries using any standard tty-interactive
  157. method (e.g. "cat", "dd", "echo"). The intent of this driver however, is
  158. to provide real time console interaction with a Linux partition's console,
  159. which requires the use of applications that provide bi-directional,
  160. interactive I/O with a tty device.
  161. Applications (e.g. "minicom" and "screen") that act as terminal emulators
  162. or perform terminal type control sequence conversion on the data being
  163. passed through them are NOT acceptable for providing interactive console
  164. I/O. These programs often emulate antiquated terminal types (vt100 and
  165. ANSI) and expect inbound data to take the form of one of these supported
  166. terminal types but they either do not convert, or do not _adequately_
  167. convert, outbound data into the terminal type of the terminal which invoked
  168. them (though screen makes an attempt and can apparently be configured with
  169. much termcap wrestling.)
  170. For this reason kermit and cu are two of the recommended applications for
  171. interacting with a Linux console via an hvcs device. These programs simply
  172. act as a conduit for data transfer to and from the tty device. They do not
  173. require inbound data to take the form of a particular terminal type, nor do
  174. they cook outbound data to a particular terminal type.
  175. In order to ensure proper functioning of console applications one must make
  176. sure that once connected to a /dev/hvcs console that the console's $TERM
  177. env variable is set to the exact terminal type of the terminal emulator
  178. used to launch the interactive I/O application. If one is using xterm and
  179. kermit to connect to /dev/hvcs0 when the console prompt becomes available
  180. one should "export TERM=xterm" on the console. This tells ncurses
  181. applications that are invoked from the console that they should output
  182. control sequences that xterm can understand.
  183. As a precautionary measure an hvcs user should always "exit" from their
  184. session before disconnecting an application such as kermit from the device
  185. node. If this is not done, the next user to connect to the console will
  186. continue using the previous user's logged in session which includes
  187. using the $TERM variable that the previous user supplied.
  188. Hotplug add and remove of vty-server adapters affects which /dev/hvcs* node
  189. is used to connect to each vty-server adapter. In order to determine which
  190. vty-server adapter is associated with which /dev/hvcs* node a special sysfs
  191. attribute has been added to each vty-server sysfs entry. This entry is
  192. called "index" and showing it reveals an integer that refers to the
  193. /dev/hvcs* entry to use to connect to that device. For instance cating the
  194. index attribute of vty-server adapter 30000004 shows the following.
  195. Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat index
  196. 2
  197. This index of '2' means that in order to connect to vty-server adapter
  198. 30000004 the user should interact with /dev/hvcs2.
  199. It should be noted that due to the system hotplug I/O capabilities of a
  200. system the /dev/hvcs* entry that interacts with a particular vty-server
  201. adapter is not guaranteed to remain the same across system reboots. Look
  202. in the Q & A section for more on this issue.
  203. ---------------------------------------------------------------------------
  204. 6. Disconnection
  205. As a security feature to prevent the delivery of stale data to an
  206. unintended target the Power5 system firmware disables the fetching of data
  207. and discards that data when a connection between a vty-server and a vty has
  208. been severed. As an example, when a vty-server is immediately disconnected
  209. from a vty following output of data to the vty the vty adapter may not have
  210. enough time between when it received the data interrupt and when the
  211. connection was severed to fetch the data from firmware before the fetch is
  212. disabled by firmware.
  213. When hvcs is being used to serve consoles this behavior is not a huge issue
  214. because the adapter stays connected for large amounts of time following
  215. almost all data writes. When hvcs is being used as a tty conduit to tunnel
  216. data between two partitions [see Q & A below] this is a huge problem
  217. because the standard Linux behavior when cat'ing or dd'ing data to a device
  218. is to open the tty, send the data, and then close the tty. If this driver
  219. manually terminated vty-server connections on tty close this would close
  220. the vty-server and vty connection before the target vty has had a chance to
  221. fetch the data.
  222. Additionally, disconnecting a vty-server and vty only on module removal or
  223. adapter removal is impractical because other vty-servers in other
  224. partitions may require the usage of the target vty at any time.
  225. Due to this behavioral restriction disconnection of vty-servers from the
  226. connected vty is a manual procedure using a write to a sysfs attribute
  227. outlined below, on the other hand the initial vty-server connection to a
  228. vty is established automatically by this driver. Manual vty-server
  229. connection is never required.
  230. In order to terminate the connection between a vty-server and vty the
  231. "vterm_state" sysfs attribute within each vty-server's sysfs entry is used.
  232. Reading this attribute reveals the current connection state of the
  233. vty-server adapter. A zero means that the vty-server is not connected to a
  234. vty. A one indicates that a connection is active.
  235. Writing a '0' (zero) to the vterm_state attribute will disconnect the VTERM
  236. connection between the vty-server and target vty ONLY if the vterm_state
  237. previously read '1'. The write directive is ignored if the vterm_state
  238. read '0' or if any value other than '0' was written to the vterm_state
  239. attribute. The following example will show the method used for verifying
  240. the vty-server connection status and disconnecting a vty-server connection.
  241. Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat vterm_state
  242. 1
  243. Pow5:/sys/bus/vio/drivers/hvcs/30000004 # echo 0 > vterm_state
  244. Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat vterm_state
  245. 0
  246. All vty-server connections are automatically terminated when the device is
  247. hotplug removed and when the module is removed.
  248. ---------------------------------------------------------------------------
  249. 7. Configuration
  250. Each vty-server has a sysfs entry in the /sys/devices/vio directory, which
  251. is symlinked in several other sysfs tree directories, notably under the
  252. hvcs driver entry, which looks like the following example:
  253. Pow5:/sys/bus/vio/drivers/hvcs # ls
  254. . .. 30000003 30000004 rescan
  255. By design, firmware notifies the hvcs driver of vty-server lifetimes and
  256. partner vty removals but not the addition of partner vtys. Since an HMC
  257. Super Admin can add partner info dynamically we have provided the hvcs
  258. driver sysfs directory with the "rescan" update attribute which will query
  259. firmware and update the partner info for all the vty-servers that this
  260. driver manages. Writing a '1' to the attribute triggers the update. An
  261. explicit example follows:
  262. Pow5:/sys/bus/vio/drivers/hvcs # echo 1 > rescan
  263. Reading the attribute will indicate a state of '1' or '0'. A one indicates
  264. that an update is in process. A zero indicates that an update has
  265. completed or was never executed.
  266. Vty-server entries in this directory are a 32 bit partition unique unit
  267. address that is created by firmware. An example vty-server sysfs entry
  268. looks like the following:
  269. Pow5:/sys/bus/vio/drivers/hvcs/30000004 # ls
  270. . current_vty devspec name partner_vtys
  271. .. index partner_clcs vterm_state
  272. Each entry is provided, by default with a "name" attribute. Reading the
  273. "name" attribute will reveal the device type as shown in the following
  274. example:
  275. Pow5:/sys/bus/vio/drivers/hvcs/30000003 # cat name
  276. vty-server
  277. Each entry is also provided, by default, with a "devspec" attribute which
  278. reveals the full device specification when read, as shown in the following
  279. example:
  280. Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat devspec
  281. /vdevice/vty-server@30000004
  282. Each vty-server sysfs dir is provided with two read-only attributes that
  283. provide lists of easily parsed partner vty data: "partner_vtys" and
  284. "partner_clcs".
  285. Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat partner_vtys
  286. 30000000
  287. 30000001
  288. 30000002
  289. 30000000
  290. 30000000
  291. Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat partner_clcs
  292. U5112.428.103048A-V3-C0
  293. U5112.428.103048A-V3-C2
  294. U5112.428.103048A-V3-C3
  295. U5112.428.103048A-V4-C0
  296. U5112.428.103048A-V5-C0
  297. Reading partner_vtys returns a list of partner vtys. Vty unit address
  298. numbering is only per-partition-unique so entries will frequently repeat.
  299. Reading partner_clcs returns a list of "converged location codes" which are
  300. composed of a system serial number followed by "-V*", where the '*' is the
  301. target partition number, and "-C*", where the '*' is the slot of the
  302. adapter. The first vty partner corresponds to the first clc item, the
  303. second vty partner to the second clc item, etc.
  304. A vty-server can only be connected to a single vty at a time. The entry,
  305. "current_vty" prints the clc of the currently selected partner vty when
  306. read.
  307. The current_vty can be changed by writing a valid partner clc to the entry
  308. as in the following example:
  309. Pow5:/sys/bus/vio/drivers/hvcs/30000004 # echo U5112.428.10304
  310. 8A-V4-C0 > current_vty
  311. Changing the current_vty when a vty-server is already connected to a vty
  312. does not affect the current connection. The change takes effect when the
  313. currently open connection is freed.
  314. Information on the "vterm_state" attribute was covered earlier on the
  315. chapter entitled "disconnection".
  316. ---------------------------------------------------------------------------
  317. 8. Questions & Answers:
  318. ===========================================================================
  319. Q: What are the security concerns involving hvcs?
  320. A: There are three main security concerns:
  321. 1. The creator of the /dev/hvcs* nodes has the ability to restrict
  322. the access of the device entries to certain users or groups. It
  323. may be best to create a special hvcs group privilege for providing
  324. access to system consoles.
  325. 2. To provide network security when grabbing the console it is
  326. suggested that the user connect to the console hosting partition
  327. using a secure method, such as SSH or sit at a hardware console.
  328. 3. Make sure to exit the user session when done with a console or
  329. the next vty-server connection (which may be from another
  330. partition) will experience the previously logged in session.
  331. ---------------------------------------------------------------------------
  332. Q: How do I multiplex a console that I grab through hvcs so that other
  333. people can see it:
  334. A: You can use "screen" to directly connect to the /dev/hvcs* device and
  335. setup a session on your machine with the console group privileges. As
  336. pointed out earlier by default screen doesn't provide the termcap settings
  337. for most terminal emulators to provide adequate character conversion from
  338. term type "screen" to others. This means that curses based programs may
  339. not display properly in screen sessions.
  340. ---------------------------------------------------------------------------
  341. Q: Why are the colors all messed up?
  342. Q: Why are the control characters acting strange or not working?
  343. Q: Why is the console output all strange and unintelligible?
  344. A: Please see the preceding section on "Connection" for a discussion of how
  345. applications can affect the display of character control sequences.
  346. Additionally, just because you logged into the console using and xterm
  347. doesn't mean someone else didn't log into the console with the HMC console
  348. (vt320) before you and leave the session logged in. The best thing to do
  349. is to export TERM to the terminal type of your terminal emulator when you
  350. get the console. Additionally make sure to "exit" the console before you
  351. disconnect from the console. This will ensure that the next user gets
  352. their own TERM type set when they login.
  353. ---------------------------------------------------------------------------
  354. Q: When I try to CONNECT kermit to an hvcs device I get:
  355. "Sorry, can't open connection: /dev/hvcs*"What is happening?
  356. A: Some other Power5 console mechanism has a connection to the vty and
  357. isn't giving it up. You can try to force disconnect the consoles from the
  358. HMC by right clicking on the partition and then selecting "close terminal".
  359. Otherwise you have to hunt down the people who have console authority. It
  360. is possible that you already have the console open using another kermit
  361. session and just forgot about it. Please review the console options for
  362. Power5 systems to determine the many ways a system console can be held.
  363. OR
  364. A: Another user may not have a connectivity method currently attached to a
  365. /dev/hvcs device but the vterm_state may reveal that they still have the
  366. vty-server connection established. They need to free this using the method
  367. outlined in the section on "Disconnection" in order for others to connect
  368. to the target vty.
  369. OR
  370. A: The user profile you are using to execute kermit probably doesn't have
  371. permissions to use the /dev/hvcs* device.
  372. OR
  373. A: You probably haven't inserted the hvcs.ko module yet but the /dev/hvcs*
  374. entry still exists (on systems without udev).
  375. OR
  376. A: There is not a corresponding vty-server device that maps to an existing
  377. /dev/hvcs* entry.
  378. ---------------------------------------------------------------------------
  379. Q: When I try to CONNECT kermit to an hvcs device I get:
  380. "Sorry, write access to UUCP lockfile directory denied."
  381. A: The /dev/hvcs* entry you have specified doesn't exist where you said it
  382. does? Maybe you haven't inserted the module (on systems with udev).
  383. ---------------------------------------------------------------------------
  384. Q: If I already have one Linux partition installed can I use hvcs on said
  385. partition to provide the console for the install of a second Linux
  386. partition?
  387. A: Yes granted that your are connected to the /dev/hvcs* device using
  388. kermit or cu or some other program that doesn't provide terminal emulation.
  389. ---------------------------------------------------------------------------
  390. Q: Can I connect to more than one partition's console at a time using this
  391. driver?
  392. A: Yes. Of course this means that there must be more than one vty-server
  393. configured for this partition and each must point to a disconnected vty.
  394. ---------------------------------------------------------------------------
  395. Q: Does the hvcs driver support dynamic (hotplug) addition of devices?
  396. A: Yes, if you have dlpar and hotplug enabled for your system and it has
  397. been built into the kernel the hvcs drivers is configured to dynamically
  398. handle additions of new devices and removals of unused devices.
  399. ---------------------------------------------------------------------------
  400. Q: For some reason /dev/hvcs* doesn't map to the same vty-server adapter
  401. after a reboot. What happened?
  402. A: Assignment of vty-server adapters to /dev/hvcs* entries is always done
  403. in the order that the adapters are exposed. Due to hotplug capabilities of
  404. this driver assignment of hotplug added vty-servers may be in a different
  405. order than how they would be exposed on module load. Rebooting or
  406. reloading the module after dynamic addition may result in the /dev/hvcs*
  407. and vty-server coupling changing if a vty-server adapter was added in a
  408. slot between two other vty-server adapters. Refer to the section above
  409. on how to determine which vty-server goes with which /dev/hvcs* node.
  410. Hint; look at the sysfs "index" attribute for the vty-server.
  411. ---------------------------------------------------------------------------
  412. Q: Can I use /dev/hvcs* as a conduit to another partition and use a tty
  413. device on that partition as the other end of the pipe?
  414. A: Yes, on Power5 platforms the hvc_console driver provides a tty interface
  415. for extra /dev/hvc* devices (where /dev/hvc0 is most likely the console).
  416. In order to get a tty conduit working between the two partitions the HMC
  417. Super Admin must create an additional "serial server" for the target
  418. partition with the HMC gui which will show up as /dev/hvc* when the target
  419. partition is rebooted.
  420. The HMC Super Admin then creates an additional "serial client" for the
  421. current partition and points this at the target partition's newly created
  422. "serial server" adapter (remember the slot). This shows up as an
  423. additional /dev/hvcs* device.
  424. Now a program on the target system can be configured to read or write to
  425. /dev/hvc* and another program on the current partition can be configured to
  426. read or write to /dev/hvcs*. Now you have a tty conduit between two
  427. partitions.
  428. ---------------------------------------------------------------------------
  429. 9. Reporting Bugs:
  430. The proper channel for reporting bugs is either through the Linux OS
  431. distribution company that provided your OS or by posting issues to the
  432. PowerPC development mailing list at:
  433. [email protected]
  434. This request is to provide a documented and searchable public exchange
  435. of the problems and solutions surrounding this driver for the benefit of
  436. all users.