mirror of https://gitee.com/openkylin/linux.git
582 lines
22 KiB
ReStructuredText
582 lines
22 KiB
ReStructuredText
===============================================================
|
|
HVCS IBM "Hypervisor Virtual Console Server" Installation Guide
|
|
===============================================================
|
|
|
|
for Linux Kernel 2.6.4+
|
|
|
|
Copyright (C) 2004 IBM Corporation
|
|
|
|
.. ===========================================================================
|
|
.. NOTE:Eight space tabs are the optimum editor setting for reading this file.
|
|
.. ===========================================================================
|
|
|
|
|
|
Author(s): Ryan S. Arnold <rsa@us.ibm.com>
|
|
|
|
Date Created: March, 02, 2004
|
|
Last Changed: August, 24, 2004
|
|
|
|
.. Table of contents:
|
|
|
|
1. Driver Introduction:
|
|
2. System Requirements
|
|
3. Build Options:
|
|
3.1 Built-in:
|
|
3.2 Module:
|
|
4. Installation:
|
|
5. Connection:
|
|
6. Disconnection:
|
|
7. Configuration:
|
|
8. Questions & Answers:
|
|
9. Reporting Bugs:
|
|
|
|
1. Driver Introduction:
|
|
=======================
|
|
|
|
This is the device driver for the IBM Hypervisor Virtual Console Server,
|
|
"hvcs". The IBM hvcs provides a tty driver interface to allow Linux user
|
|
space applications access to the system consoles of logically partitioned
|
|
operating systems (Linux and AIX) running on the same partitioned Power5
|
|
ppc64 system. Physical hardware consoles per partition are not practical
|
|
on this hardware so system consoles are accessed by this driver using
|
|
firmware interfaces to virtual terminal devices.
|
|
|
|
2. System Requirements:
|
|
=======================
|
|
|
|
This device driver was written using 2.6.4 Linux kernel APIs and will only
|
|
build and run on kernels of this version or later.
|
|
|
|
This driver was written to operate solely on IBM Power5 ppc64 hardware
|
|
though some care was taken to abstract the architecture dependent firmware
|
|
calls from the driver code.
|
|
|
|
Sysfs must be mounted on the system so that the user can determine which
|
|
major and minor numbers are associated with each vty-server. Directions
|
|
for sysfs mounting are outside the scope of this document.
|
|
|
|
3. Build Options:
|
|
=================
|
|
|
|
The hvcs driver registers itself as a tty driver. The tty layer
|
|
dynamically allocates a block of major and minor numbers in a quantity
|
|
requested by the registering driver. The hvcs driver asks the tty layer
|
|
for 64 of these major/minor numbers by default to use for hvcs device node
|
|
entries.
|
|
|
|
If the default number of device entries is adequate then this driver can be
|
|
built into the kernel. If not, the default can be over-ridden by inserting
|
|
the driver as a module with insmod parameters.
|
|
|
|
3.1 Built-in:
|
|
-------------
|
|
|
|
The following menuconfig example demonstrates selecting to build this
|
|
driver into the kernel::
|
|
|
|
Device Drivers --->
|
|
Character devices --->
|
|
<*> IBM Hypervisor Virtual Console Server Support
|
|
|
|
Begin the kernel make process.
|
|
|
|
3.2 Module:
|
|
-----------
|
|
|
|
The following menuconfig example demonstrates selecting to build this
|
|
driver as a kernel module::
|
|
|
|
Device Drivers --->
|
|
Character devices --->
|
|
<M> IBM Hypervisor Virtual Console Server Support
|
|
|
|
The make process will build the following kernel modules:
|
|
|
|
- hvcs.ko
|
|
- hvcserver.ko
|
|
|
|
To insert the module with the default allocation execute the following
|
|
commands in the order they appear::
|
|
|
|
insmod hvcserver.ko
|
|
insmod hvcs.ko
|
|
|
|
The hvcserver module contains architecture specific firmware calls and must
|
|
be inserted first, otherwise the hvcs module will not find some of the
|
|
symbols it expects.
|
|
|
|
To override the default use an insmod parameter as follows (requesting 4
|
|
tty devices as an example)::
|
|
|
|
insmod hvcs.ko hvcs_parm_num_devs=4
|
|
|
|
There is a maximum number of dev entries that can be specified on insmod.
|
|
We think that 1024 is currently a decent maximum number of server adapters
|
|
to allow. This can always be changed by modifying the constant in the
|
|
source file before building.
|
|
|
|
NOTE: The length of time it takes to insmod the driver seems to be related
|
|
to the number of tty interfaces the registering driver requests.
|
|
|
|
In order to remove the driver module execute the following command::
|
|
|
|
rmmod hvcs.ko
|
|
|
|
The recommended method for installing hvcs as a module is to use depmod to
|
|
build a current modules.dep file in /lib/modules/`uname -r` and then
|
|
execute::
|
|
|
|
modprobe hvcs hvcs_parm_num_devs=4
|
|
|
|
The modules.dep file indicates that hvcserver.ko needs to be inserted
|
|
before hvcs.ko and modprobe uses this file to smartly insert the modules in
|
|
the proper order.
|
|
|
|
The following modprobe command is used to remove hvcs and hvcserver in the
|
|
proper order::
|
|
|
|
modprobe -r hvcs
|
|
|
|
4. Installation:
|
|
================
|
|
|
|
The tty layer creates sysfs entries which contain the major and minor
|
|
numbers allocated for the hvcs driver. The following snippet of "tree"
|
|
output of the sysfs directory shows where these numbers are presented::
|
|
|
|
sys/
|
|
|-- *other sysfs base dirs*
|
|
|
|
|
|-- class
|
|
| |-- *other classes of devices*
|
|
| |
|
|
| `-- tty
|
|
| |-- *other tty devices*
|
|
| |
|
|
| |-- hvcs0
|
|
| | `-- dev
|
|
| |-- hvcs1
|
|
| | `-- dev
|
|
| |-- hvcs2
|
|
| | `-- dev
|
|
| |-- hvcs3
|
|
| | `-- dev
|
|
| |
|
|
| |-- *other tty devices*
|
|
|
|
|
|-- *other sysfs base dirs*
|
|
|
|
For the above examples the following output is a result of cat'ing the
|
|
"dev" entry in the hvcs directory::
|
|
|
|
Pow5:/sys/class/tty/hvcs0/ # cat dev
|
|
254:0
|
|
|
|
Pow5:/sys/class/tty/hvcs1/ # cat dev
|
|
254:1
|
|
|
|
Pow5:/sys/class/tty/hvcs2/ # cat dev
|
|
254:2
|
|
|
|
Pow5:/sys/class/tty/hvcs3/ # cat dev
|
|
254:3
|
|
|
|
The output from reading the "dev" attribute is the char device major and
|
|
minor numbers that the tty layer has allocated for this driver's use. Most
|
|
systems running hvcs will already have the device entries created or udev
|
|
will do it automatically.
|
|
|
|
Given the example output above, to manually create a /dev/hvcs* node entry
|
|
mknod can be used as follows::
|
|
|
|
mknod /dev/hvcs0 c 254 0
|
|
mknod /dev/hvcs1 c 254 1
|
|
mknod /dev/hvcs2 c 254 2
|
|
mknod /dev/hvcs3 c 254 3
|
|
|
|
Using mknod to manually create the device entries makes these device nodes
|
|
persistent. Once created they will exist prior to the driver insmod.
|
|
|
|
Attempting to connect an application to /dev/hvcs* prior to insertion of
|
|
the hvcs module will result in an error message similar to the following::
|
|
|
|
"/dev/hvcs*: No such device".
|
|
|
|
NOTE: Just because there is a device node present doesn't mean that there
|
|
is a vty-server device configured for that node.
|
|
|
|
5. Connection
|
|
=============
|
|
|
|
Since this driver controls devices that provide a tty interface a user can
|
|
interact with the device node entries using any standard tty-interactive
|
|
method (e.g. "cat", "dd", "echo"). The intent of this driver however, is
|
|
to provide real time console interaction with a Linux partition's console,
|
|
which requires the use of applications that provide bi-directional,
|
|
interactive I/O with a tty device.
|
|
|
|
Applications (e.g. "minicom" and "screen") that act as terminal emulators
|
|
or perform terminal type control sequence conversion on the data being
|
|
passed through them are NOT acceptable for providing interactive console
|
|
I/O. These programs often emulate antiquated terminal types (vt100 and
|
|
ANSI) and expect inbound data to take the form of one of these supported
|
|
terminal types but they either do not convert, or do not _adequately_
|
|
convert, outbound data into the terminal type of the terminal which invoked
|
|
them (though screen makes an attempt and can apparently be configured with
|
|
much termcap wrestling.)
|
|
|
|
For this reason kermit and cu are two of the recommended applications for
|
|
interacting with a Linux console via an hvcs device. These programs simply
|
|
act as a conduit for data transfer to and from the tty device. They do not
|
|
require inbound data to take the form of a particular terminal type, nor do
|
|
they cook outbound data to a particular terminal type.
|
|
|
|
In order to ensure proper functioning of console applications one must make
|
|
sure that once connected to a /dev/hvcs console that the console's $TERM
|
|
env variable is set to the exact terminal type of the terminal emulator
|
|
used to launch the interactive I/O application. If one is using xterm and
|
|
kermit to connect to /dev/hvcs0 when the console prompt becomes available
|
|
one should "export TERM=xterm" on the console. This tells ncurses
|
|
applications that are invoked from the console that they should output
|
|
control sequences that xterm can understand.
|
|
|
|
As a precautionary measure an hvcs user should always "exit" from their
|
|
session before disconnecting an application such as kermit from the device
|
|
node. If this is not done, the next user to connect to the console will
|
|
continue using the previous user's logged in session which includes
|
|
using the $TERM variable that the previous user supplied.
|
|
|
|
Hotplug add and remove of vty-server adapters affects which /dev/hvcs* node
|
|
is used to connect to each vty-server adapter. In order to determine which
|
|
vty-server adapter is associated with which /dev/hvcs* node a special sysfs
|
|
attribute has been added to each vty-server sysfs entry. This entry is
|
|
called "index" and showing it reveals an integer that refers to the
|
|
/dev/hvcs* entry to use to connect to that device. For instance cating the
|
|
index attribute of vty-server adapter 30000004 shows the following::
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat index
|
|
2
|
|
|
|
This index of '2' means that in order to connect to vty-server adapter
|
|
30000004 the user should interact with /dev/hvcs2.
|
|
|
|
It should be noted that due to the system hotplug I/O capabilities of a
|
|
system the /dev/hvcs* entry that interacts with a particular vty-server
|
|
adapter is not guaranteed to remain the same across system reboots. Look
|
|
in the Q & A section for more on this issue.
|
|
|
|
6. Disconnection
|
|
================
|
|
|
|
As a security feature to prevent the delivery of stale data to an
|
|
unintended target the Power5 system firmware disables the fetching of data
|
|
and discards that data when a connection between a vty-server and a vty has
|
|
been severed. As an example, when a vty-server is immediately disconnected
|
|
from a vty following output of data to the vty the vty adapter may not have
|
|
enough time between when it received the data interrupt and when the
|
|
connection was severed to fetch the data from firmware before the fetch is
|
|
disabled by firmware.
|
|
|
|
When hvcs is being used to serve consoles this behavior is not a huge issue
|
|
because the adapter stays connected for large amounts of time following
|
|
almost all data writes. When hvcs is being used as a tty conduit to tunnel
|
|
data between two partitions [see Q & A below] this is a huge problem
|
|
because the standard Linux behavior when cat'ing or dd'ing data to a device
|
|
is to open the tty, send the data, and then close the tty. If this driver
|
|
manually terminated vty-server connections on tty close this would close
|
|
the vty-server and vty connection before the target vty has had a chance to
|
|
fetch the data.
|
|
|
|
Additionally, disconnecting a vty-server and vty only on module removal or
|
|
adapter removal is impractical because other vty-servers in other
|
|
partitions may require the usage of the target vty at any time.
|
|
|
|
Due to this behavioral restriction disconnection of vty-servers from the
|
|
connected vty is a manual procedure using a write to a sysfs attribute
|
|
outlined below, on the other hand the initial vty-server connection to a
|
|
vty is established automatically by this driver. Manual vty-server
|
|
connection is never required.
|
|
|
|
In order to terminate the connection between a vty-server and vty the
|
|
"vterm_state" sysfs attribute within each vty-server's sysfs entry is used.
|
|
Reading this attribute reveals the current connection state of the
|
|
vty-server adapter. A zero means that the vty-server is not connected to a
|
|
vty. A one indicates that a connection is active.
|
|
|
|
Writing a '0' (zero) to the vterm_state attribute will disconnect the VTERM
|
|
connection between the vty-server and target vty ONLY if the vterm_state
|
|
previously read '1'. The write directive is ignored if the vterm_state
|
|
read '0' or if any value other than '0' was written to the vterm_state
|
|
attribute. The following example will show the method used for verifying
|
|
the vty-server connection status and disconnecting a vty-server connection::
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat vterm_state
|
|
1
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs/30000004 # echo 0 > vterm_state
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat vterm_state
|
|
0
|
|
|
|
All vty-server connections are automatically terminated when the device is
|
|
hotplug removed and when the module is removed.
|
|
|
|
7. Configuration
|
|
================
|
|
|
|
Each vty-server has a sysfs entry in the /sys/devices/vio directory, which
|
|
is symlinked in several other sysfs tree directories, notably under the
|
|
hvcs driver entry, which looks like the following example::
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs # ls
|
|
. .. 30000003 30000004 rescan
|
|
|
|
By design, firmware notifies the hvcs driver of vty-server lifetimes and
|
|
partner vty removals but not the addition of partner vtys. Since an HMC
|
|
Super Admin can add partner info dynamically we have provided the hvcs
|
|
driver sysfs directory with the "rescan" update attribute which will query
|
|
firmware and update the partner info for all the vty-servers that this
|
|
driver manages. Writing a '1' to the attribute triggers the update. An
|
|
explicit example follows:
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs # echo 1 > rescan
|
|
|
|
Reading the attribute will indicate a state of '1' or '0'. A one indicates
|
|
that an update is in process. A zero indicates that an update has
|
|
completed or was never executed.
|
|
|
|
Vty-server entries in this directory are a 32 bit partition unique unit
|
|
address that is created by firmware. An example vty-server sysfs entry
|
|
looks like the following::
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs/30000004 # ls
|
|
. current_vty devspec name partner_vtys
|
|
.. index partner_clcs vterm_state
|
|
|
|
Each entry is provided, by default with a "name" attribute. Reading the
|
|
"name" attribute will reveal the device type as shown in the following
|
|
example::
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs/30000003 # cat name
|
|
vty-server
|
|
|
|
Each entry is also provided, by default, with a "devspec" attribute which
|
|
reveals the full device specification when read, as shown in the following
|
|
example::
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat devspec
|
|
/vdevice/vty-server@30000004
|
|
|
|
Each vty-server sysfs dir is provided with two read-only attributes that
|
|
provide lists of easily parsed partner vty data: "partner_vtys" and
|
|
"partner_clcs"::
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat partner_vtys
|
|
30000000
|
|
30000001
|
|
30000002
|
|
30000000
|
|
30000000
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat partner_clcs
|
|
U5112.428.103048A-V3-C0
|
|
U5112.428.103048A-V3-C2
|
|
U5112.428.103048A-V3-C3
|
|
U5112.428.103048A-V4-C0
|
|
U5112.428.103048A-V5-C0
|
|
|
|
Reading partner_vtys returns a list of partner vtys. Vty unit address
|
|
numbering is only per-partition-unique so entries will frequently repeat.
|
|
|
|
Reading partner_clcs returns a list of "converged location codes" which are
|
|
composed of a system serial number followed by "-V*", where the '*' is the
|
|
target partition number, and "-C*", where the '*' is the slot of the
|
|
adapter. The first vty partner corresponds to the first clc item, the
|
|
second vty partner to the second clc item, etc.
|
|
|
|
A vty-server can only be connected to a single vty at a time. The entry,
|
|
"current_vty" prints the clc of the currently selected partner vty when
|
|
read.
|
|
|
|
The current_vty can be changed by writing a valid partner clc to the entry
|
|
as in the following example::
|
|
|
|
Pow5:/sys/bus/vio/drivers/hvcs/30000004 # echo U5112.428.10304
|
|
8A-V4-C0 > current_vty
|
|
|
|
Changing the current_vty when a vty-server is already connected to a vty
|
|
does not affect the current connection. The change takes effect when the
|
|
currently open connection is freed.
|
|
|
|
Information on the "vterm_state" attribute was covered earlier on the
|
|
chapter entitled "disconnection".
|
|
|
|
8. Questions & Answers:
|
|
=======================
|
|
|
|
Q: What are the security concerns involving hvcs?
|
|
|
|
A: There are three main security concerns:
|
|
|
|
1. The creator of the /dev/hvcs* nodes has the ability to restrict
|
|
the access of the device entries to certain users or groups. It
|
|
may be best to create a special hvcs group privilege for providing
|
|
access to system consoles.
|
|
|
|
2. To provide network security when grabbing the console it is
|
|
suggested that the user connect to the console hosting partition
|
|
using a secure method, such as SSH or sit at a hardware console.
|
|
|
|
3. Make sure to exit the user session when done with a console or
|
|
the next vty-server connection (which may be from another
|
|
partition) will experience the previously logged in session.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Q: How do I multiplex a console that I grab through hvcs so that other
|
|
people can see it:
|
|
|
|
A: You can use "screen" to directly connect to the /dev/hvcs* device and
|
|
setup a session on your machine with the console group privileges. As
|
|
pointed out earlier by default screen doesn't provide the termcap settings
|
|
for most terminal emulators to provide adequate character conversion from
|
|
term type "screen" to others. This means that curses based programs may
|
|
not display properly in screen sessions.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Q: Why are the colors all messed up?
|
|
Q: Why are the control characters acting strange or not working?
|
|
Q: Why is the console output all strange and unintelligible?
|
|
|
|
A: Please see the preceding section on "Connection" for a discussion of how
|
|
applications can affect the display of character control sequences.
|
|
Additionally, just because you logged into the console using and xterm
|
|
doesn't mean someone else didn't log into the console with the HMC console
|
|
(vt320) before you and leave the session logged in. The best thing to do
|
|
is to export TERM to the terminal type of your terminal emulator when you
|
|
get the console. Additionally make sure to "exit" the console before you
|
|
disconnect from the console. This will ensure that the next user gets
|
|
their own TERM type set when they login.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Q: When I try to CONNECT kermit to an hvcs device I get:
|
|
"Sorry, can't open connection: /dev/hvcs*"What is happening?
|
|
|
|
A: Some other Power5 console mechanism has a connection to the vty and
|
|
isn't giving it up. You can try to force disconnect the consoles from the
|
|
HMC by right clicking on the partition and then selecting "close terminal".
|
|
Otherwise you have to hunt down the people who have console authority. It
|
|
is possible that you already have the console open using another kermit
|
|
session and just forgot about it. Please review the console options for
|
|
Power5 systems to determine the many ways a system console can be held.
|
|
|
|
OR
|
|
|
|
A: Another user may not have a connectivity method currently attached to a
|
|
/dev/hvcs device but the vterm_state may reveal that they still have the
|
|
vty-server connection established. They need to free this using the method
|
|
outlined in the section on "Disconnection" in order for others to connect
|
|
to the target vty.
|
|
|
|
OR
|
|
|
|
A: The user profile you are using to execute kermit probably doesn't have
|
|
permissions to use the /dev/hvcs* device.
|
|
|
|
OR
|
|
|
|
A: You probably haven't inserted the hvcs.ko module yet but the /dev/hvcs*
|
|
entry still exists (on systems without udev).
|
|
|
|
OR
|
|
|
|
A: There is not a corresponding vty-server device that maps to an existing
|
|
/dev/hvcs* entry.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Q: When I try to CONNECT kermit to an hvcs device I get:
|
|
"Sorry, write access to UUCP lockfile directory denied."
|
|
|
|
A: The /dev/hvcs* entry you have specified doesn't exist where you said it
|
|
does? Maybe you haven't inserted the module (on systems with udev).
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Q: If I already have one Linux partition installed can I use hvcs on said
|
|
partition to provide the console for the install of a second Linux
|
|
partition?
|
|
|
|
A: Yes granted that your are connected to the /dev/hvcs* device using
|
|
kermit or cu or some other program that doesn't provide terminal emulation.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Q: Can I connect to more than one partition's console at a time using this
|
|
driver?
|
|
|
|
A: Yes. Of course this means that there must be more than one vty-server
|
|
configured for this partition and each must point to a disconnected vty.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Q: Does the hvcs driver support dynamic (hotplug) addition of devices?
|
|
|
|
A: Yes, if you have dlpar and hotplug enabled for your system and it has
|
|
been built into the kernel the hvcs drivers is configured to dynamically
|
|
handle additions of new devices and removals of unused devices.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Q: For some reason /dev/hvcs* doesn't map to the same vty-server adapter
|
|
after a reboot. What happened?
|
|
|
|
A: Assignment of vty-server adapters to /dev/hvcs* entries is always done
|
|
in the order that the adapters are exposed. Due to hotplug capabilities of
|
|
this driver assignment of hotplug added vty-servers may be in a different
|
|
order than how they would be exposed on module load. Rebooting or
|
|
reloading the module after dynamic addition may result in the /dev/hvcs*
|
|
and vty-server coupling changing if a vty-server adapter was added in a
|
|
slot between two other vty-server adapters. Refer to the section above
|
|
on how to determine which vty-server goes with which /dev/hvcs* node.
|
|
Hint; look at the sysfs "index" attribute for the vty-server.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Q: Can I use /dev/hvcs* as a conduit to another partition and use a tty
|
|
device on that partition as the other end of the pipe?
|
|
|
|
A: Yes, on Power5 platforms the hvc_console driver provides a tty interface
|
|
for extra /dev/hvc* devices (where /dev/hvc0 is most likely the console).
|
|
In order to get a tty conduit working between the two partitions the HMC
|
|
Super Admin must create an additional "serial server" for the target
|
|
partition with the HMC gui which will show up as /dev/hvc* when the target
|
|
partition is rebooted.
|
|
|
|
The HMC Super Admin then creates an additional "serial client" for the
|
|
current partition and points this at the target partition's newly created
|
|
"serial server" adapter (remember the slot). This shows up as an
|
|
additional /dev/hvcs* device.
|
|
|
|
Now a program on the target system can be configured to read or write to
|
|
/dev/hvc* and another program on the current partition can be configured to
|
|
read or write to /dev/hvcs*. Now you have a tty conduit between two
|
|
partitions.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
9. Reporting Bugs:
|
|
==================
|
|
|
|
The proper channel for reporting bugs is either through the Linux OS
|
|
distribution company that provided your OS or by posting issues to the
|
|
PowerPC development mailing list at:
|
|
|
|
linuxppc-dev@lists.ozlabs.org
|
|
|
|
This request is to provide a documented and searchable public exchange
|
|
of the problems and solutions surrounding this driver for the benefit of
|
|
all users.
|