cachepc-linux

hvcs.rst (23059B)

===============================================================
HVCS IBM "Hypervisor Virtual Console Server" Installation Guide
===============================================================

for Linux Kernel 2.6.4+

Copyright (C) 2004 IBM Corporation

.. ===========================================================================
.. NOTE:Eight space tabs are the optimum editor setting for reading this file.
.. ===========================================================================


Author(s): Ryan S. Arnold <rsa@us.ibm.com>

Date Created: March, 02, 2004
Last Changed: August, 24, 2004

.. Table of contents:

	1.  Driver Introduction:
	2.  System Requirements
	3.  Build Options:
		3.1  Built-in:
		3.2  Module:
	4.  Installation:
	5.  Connection:
	6.  Disconnection:
	7.  Configuration:
	8.  Questions & Answers:
	9.  Reporting Bugs:

1. Driver Introduction:
=======================

This is the device driver for the IBM Hypervisor Virtual Console Server,
"hvcs".  The IBM hvcs provides a tty driver interface to allow Linux user
space applications access to the system consoles of logically partitioned
operating systems (Linux and AIX) running on the same partitioned Power5
ppc64 system.  Physical hardware consoles per partition are not practical
on this hardware so system consoles are accessed by this driver using
firmware interfaces to virtual terminal devices.

2. System Requirements:
=======================

This device driver was written using 2.6.4 Linux kernel APIs and will only
build and run on kernels of this version or later.

This driver was written to operate solely on IBM Power5 ppc64 hardware
though some care was taken to abstract the architecture dependent firmware
calls from the driver code.

Sysfs must be mounted on the system so that the user can determine which
major and minor numbers are associated with each vty-server.  Directions
for sysfs mounting are outside the scope of this document.

3. Build Options:
=================

The hvcs driver registers itself as a tty driver.  The tty layer
dynamically allocates a block of major and minor numbers in a quantity
requested by the registering driver.  The hvcs driver asks the tty layer
for 64 of these major/minor numbers by default to use for hvcs device node
entries.

If the default number of device entries is adequate then this driver can be
built into the kernel.  If not, the default can be over-ridden by inserting
the driver as a module with insmod parameters.

3.1 Built-in:
-------------

The following menuconfig example demonstrates selecting to build this
driver into the kernel::

	Device Drivers  --->
		Character devices  --->
			<*> IBM Hypervisor Virtual Console Server Support

Begin the kernel make process.

3.2 Module:
-----------

The following menuconfig example demonstrates selecting to build this
driver as a kernel module::

	Device Drivers  --->
		Character devices  --->
			<M> IBM Hypervisor Virtual Console Server Support

The make process will build the following kernel modules:

	- hvcs.ko
	- hvcserver.ko

To insert the module with the default allocation execute the following
commands in the order they appear::

	insmod hvcserver.ko
	insmod hvcs.ko

The hvcserver module contains architecture specific firmware calls and must
be inserted first, otherwise the hvcs module will not find some of the
symbols it expects.

To override the default use an insmod parameter as follows (requesting 4
tty devices as an example)::

	insmod hvcs.ko hvcs_parm_num_devs=4

There is a maximum number of dev entries that can be specified on insmod.
We think that 1024 is currently a decent maximum number of server adapters
to allow.  This can always be changed by modifying the constant in the
source file before building.

NOTE: The length of time it takes to insmod the driver seems to be related
to the number of tty interfaces the registering driver requests.

In order to remove the driver module execute the following command::

	rmmod hvcs.ko

The recommended method for installing hvcs as a module is to use depmod to
build a current modules.dep file in /lib/modules/`uname -r` and then
execute::

	modprobe hvcs hvcs_parm_num_devs=4

The modules.dep file indicates that hvcserver.ko needs to be inserted
before hvcs.ko and modprobe uses this file to smartly insert the modules in
the proper order.

The following modprobe command is used to remove hvcs and hvcserver in the
proper order::

	modprobe -r hvcs

4. Installation:
================

The tty layer creates sysfs entries which contain the major and minor
numbers allocated for the hvcs driver.  The following snippet of "tree"
output of the sysfs directory shows where these numbers are presented::

	sys/
	|-- *other sysfs base dirs*
	|
	|-- class
	|   |-- *other classes of devices*
	|   |
	|   `-- tty
	|       |-- *other tty devices*
	|       |
	|       |-- hvcs0
	|       |   `-- dev
	|       |-- hvcs1
	|       |   `-- dev
	|       |-- hvcs2
	|       |   `-- dev
	|       |-- hvcs3
	|       |   `-- dev
	|       |
	|       |-- *other tty devices*
	|
	|-- *other sysfs base dirs*

For the above examples the following output is a result of cat'ing the
"dev" entry in the hvcs directory::

	Pow5:/sys/class/tty/hvcs0/ # cat dev
	254:0

	Pow5:/sys/class/tty/hvcs1/ # cat dev
	254:1

	Pow5:/sys/class/tty/hvcs2/ # cat dev
	254:2

	Pow5:/sys/class/tty/hvcs3/ # cat dev
	254:3

The output from reading the "dev" attribute is the char device major and
minor numbers that the tty layer has allocated for this driver's use.  Most
systems running hvcs will already have the device entries created or udev
will do it automatically.

Given the example output above, to manually create a /dev/hvcs* node entry
mknod can be used as follows::

	mknod /dev/hvcs0 c 254 0
	mknod /dev/hvcs1 c 254 1
	mknod /dev/hvcs2 c 254 2
	mknod /dev/hvcs3 c 254 3

Using mknod to manually create the device entries makes these device nodes
persistent.  Once created they will exist prior to the driver insmod.

Attempting to connect an application to /dev/hvcs* prior to insertion of
the hvcs module will result in an error message similar to the following::

	"/dev/hvcs*: No such device".

NOTE: Just because there is a device node present doesn't mean that there
is a vty-server device configured for that node.

5. Connection
=============

Since this driver controls devices that provide a tty interface a user can
interact with the device node entries using any standard tty-interactive
method (e.g. "cat", "dd", "echo").  The intent of this driver however, is
to provide real time console interaction with a Linux partition's console,
which requires the use of applications that provide bi-directional,
interactive I/O with a tty device.

Applications (e.g. "minicom" and "screen") that act as terminal emulators
or perform terminal type control sequence conversion on the data being
passed through them are NOT acceptable for providing interactive console
I/O.  These programs often emulate antiquated terminal types (vt100 and
ANSI) and expect inbound data to take the form of one of these supported
terminal types but they either do not convert, or do not _adequately_
convert, outbound data into the terminal type of the terminal which invoked
them (though screen makes an attempt and can apparently be configured with
much termcap wrestling.)

For this reason kermit and cu are two of the recommended applications for
interacting with a Linux console via an hvcs device.  These programs simply
act as a conduit for data transfer to and from the tty device.  They do not
require inbound data to take the form of a particular terminal type, nor do
they cook outbound data to a particular terminal type.

In order to ensure proper functioning of console applications one must make
sure that once connected to a /dev/hvcs console that the console's $TERM
env variable is set to the exact terminal type of the terminal emulator
used to launch the interactive I/O application.  If one is using xterm and
kermit to connect to /dev/hvcs0 when the console prompt becomes available
one should "export TERM=xterm" on the console.  This tells ncurses
applications that are invoked from the console that they should output
control sequences that xterm can understand.

As a precautionary measure an hvcs user should always "exit" from their
session before disconnecting an application such as kermit from the device
node.  If this is not done, the next user to connect to the console will
continue using the previous user's logged in session which includes
using the $TERM variable that the previous user supplied.

Hotplug add and remove of vty-server adapters affects which /dev/hvcs* node
is used to connect to each vty-server adapter.  In order to determine which
vty-server adapter is associated with which /dev/hvcs* node a special sysfs
attribute has been added to each vty-server sysfs entry.  This entry is
called "index" and showing it reveals an integer that refers to the
/dev/hvcs* entry to use to connect to that device.  For instance cating the
index attribute of vty-server adapter 30000004 shows the following::

	Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat index
	2

This index of '2' means that in order to connect to vty-server adapter
30000004 the user should interact with /dev/hvcs2.

It should be noted that due to the system hotplug I/O capabilities of a
system the /dev/hvcs* entry that interacts with a particular vty-server
adapter is not guaranteed to remain the same across system reboots.  Look
in the Q & A section for more on this issue.

6. Disconnection
================

As a security feature to prevent the delivery of stale data to an
unintended target the Power5 system firmware disables the fetching of data
and discards that data when a connection between a vty-server and a vty has
been severed.  As an example, when a vty-server is immediately disconnected
from a vty following output of data to the vty the vty adapter may not have
enough time between when it received the data interrupt and when the
connection was severed to fetch the data from firmware before the fetch is
disabled by firmware.

When hvcs is being used to serve consoles this behavior is not a huge issue
because the adapter stays connected for large amounts of time following
almost all data writes.  When hvcs is being used as a tty conduit to tunnel
data between two partitions [see Q & A below] this is a huge problem
because the standard Linux behavior when cat'ing or dd'ing data to a device
is to open the tty, send the data, and then close the tty.  If this driver
manually terminated vty-server connections on tty close this would close
the vty-server and vty connection before the target vty has had a chance to
fetch the data.

Additionally, disconnecting a vty-server and vty only on module removal or
adapter removal is impractical because other vty-servers in other
partitions may require the usage of the target vty at any time.

Due to this behavioral restriction disconnection of vty-servers from the
connected vty is a manual procedure using a write to a sysfs attribute
outlined below, on the other hand the initial vty-server connection to a
vty is established automatically by this driver.  Manual vty-server
connection is never required.

In order to terminate the connection between a vty-server and vty the
"vterm_state" sysfs attribute within each vty-server's sysfs entry is used.
Reading this attribute reveals the current connection state of the
vty-server adapter.  A zero means that the vty-server is not connected to a
vty.  A one indicates that a connection is active.

Writing a '0' (zero) to the vterm_state attribute will disconnect the VTERM
connection between the vty-server and target vty ONLY if the vterm_state
previously read '1'.  The write directive is ignored if the vterm_state
read '0' or if any value other than '0' was written to the vterm_state
attribute.  The following example will show the method used for verifying
the vty-server connection status and disconnecting a vty-server connection::

	Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat vterm_state
	1

	Pow5:/sys/bus/vio/drivers/hvcs/30000004 # echo 0 > vterm_state

	Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat vterm_state
	0

All vty-server connections are automatically terminated when the device is
hotplug removed and when the module is removed.

7. Configuration
================

Each vty-server has a sysfs entry in the /sys/devices/vio directory, which
is symlinked in several other sysfs tree directories, notably under the
hvcs driver entry, which looks like the following example::

	Pow5:/sys/bus/vio/drivers/hvcs # ls
	.  ..  30000003  30000004  rescan

By design, firmware notifies the hvcs driver of vty-server lifetimes and
partner vty removals but not the addition of partner vtys.  Since an HMC
Super Admin can add partner info dynamically we have provided the hvcs
driver sysfs directory with the "rescan" update attribute which will query
firmware and update the partner info for all the vty-servers that this
driver manages.  Writing a '1' to the attribute triggers the update.  An
explicit example follows:

	Pow5:/sys/bus/vio/drivers/hvcs # echo 1 > rescan

Reading the attribute will indicate a state of '1' or '0'.  A one indicates
that an update is in process.  A zero indicates that an update has
completed or was never executed.

Vty-server entries in this directory are a 32 bit partition unique unit
address that is created by firmware.  An example vty-server sysfs entry
looks like the following::

	Pow5:/sys/bus/vio/drivers/hvcs/30000004 # ls
	.   current_vty   devspec       name          partner_vtys
	..  index         partner_clcs  vterm_state

Each entry is provided, by default with a "name" attribute.  Reading the
"name" attribute will reveal the device type as shown in the following
example::

	Pow5:/sys/bus/vio/drivers/hvcs/30000003 # cat name
	vty-server

Each entry is also provided, by default, with a "devspec" attribute which
reveals the full device specification when read, as shown in the following
example::

	Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat devspec
	/vdevice/vty-server@30000004

Each vty-server sysfs dir is provided with two read-only attributes that
provide lists of easily parsed partner vty data: "partner_vtys" and
"partner_clcs"::

	Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat partner_vtys
	30000000
	30000001
	30000002
	30000000
	30000000

	Pow5:/sys/bus/vio/drivers/hvcs/30000004 # cat partner_clcs
	U5112.428.103048A-V3-C0
	U5112.428.103048A-V3-C2
	U5112.428.103048A-V3-C3
	U5112.428.103048A-V4-C0
	U5112.428.103048A-V5-C0

Reading partner_vtys returns a list of partner vtys.  Vty unit address
numbering is only per-partition-unique so entries will frequently repeat.

Reading partner_clcs returns a list of "converged location codes" which are
composed of a system serial number followed by "-V*", where the '*' is the
target partition number, and "-C*", where the '*' is the slot of the
adapter.  The first vty partner corresponds to the first clc item, the
second vty partner to the second clc item, etc.

A vty-server can only be connected to a single vty at a time.  The entry,
"current_vty" prints the clc of the currently selected partner vty when
read.

The current_vty can be changed by writing a valid partner clc to the entry
as in the following example::

	Pow5:/sys/bus/vio/drivers/hvcs/30000004 # echo U5112.428.10304
	8A-V4-C0 > current_vty

Changing the current_vty when a vty-server is already connected to a vty
does not affect the current connection.  The change takes effect when the
currently open connection is freed.

Information on the "vterm_state" attribute was covered earlier on the
chapter entitled "disconnection".

8. Questions & Answers:
=======================

Q: What are the security concerns involving hvcs?

A: There are three main security concerns:

	1. The creator of the /dev/hvcs* nodes has the ability to restrict
	the access of the device entries to certain users or groups.  It
	may be best to create a special hvcs group privilege for providing
	access to system consoles.

	2. To provide network security when grabbing the console it is
	suggested that the user connect to the console hosting partition
	using a secure method, such as SSH or sit at a hardware console.

	3. Make sure to exit the user session when done with a console or
	the next vty-server connection (which may be from another
	partition) will experience the previously logged in session.

---------------------------------------------------------------------------

Q: How do I multiplex a console that I grab through hvcs so that other
people can see it:

A: You can use "screen" to directly connect to the /dev/hvcs* device and
setup a session on your machine with the console group privileges.  As
pointed out earlier by default screen doesn't provide the termcap settings
for most terminal emulators to provide adequate character conversion from
term type "screen" to others.  This means that curses based programs may
not display properly in screen sessions.

---------------------------------------------------------------------------

Q: Why are the colors all messed up?
Q: Why are the control characters acting strange or not working?
Q: Why is the console output all strange and unintelligible?

A: Please see the preceding section on "Connection" for a discussion of how
applications can affect the display of character control sequences.
Additionally, just because you logged into the console using and xterm
doesn't mean someone else didn't log into the console with the HMC console
(vt320) before you and leave the session logged in.  The best thing to do
is to export TERM to the terminal type of your terminal emulator when you
get the console.  Additionally make sure to "exit" the console before you
disconnect from the console.  This will ensure that the next user gets
their own TERM type set when they login.

---------------------------------------------------------------------------

Q: When I try to CONNECT kermit to an hvcs device I get:
"Sorry, can't open connection: /dev/hvcs*"What is happening?

A: Some other Power5 console mechanism has a connection to the vty and
isn't giving it up.  You can try to force disconnect the consoles from the
HMC by right clicking on the partition and then selecting "close terminal".
Otherwise you have to hunt down the people who have console authority.  It
is possible that you already have the console open using another kermit
session and just forgot about it.  Please review the console options for
Power5 systems to determine the many ways a system console can be held.

OR

A: Another user may not have a connectivity method currently attached to a
/dev/hvcs device but the vterm_state may reveal that they still have the
vty-server connection established.  They need to free this using the method
outlined in the section on "Disconnection" in order for others to connect
to the target vty.

OR

A: The user profile you are using to execute kermit probably doesn't have
permissions to use the /dev/hvcs* device.

OR

A: You probably haven't inserted the hvcs.ko module yet but the /dev/hvcs*
entry still exists (on systems without udev).

OR

A: There is not a corresponding vty-server device that maps to an existing
/dev/hvcs* entry.

---------------------------------------------------------------------------

Q: When I try to CONNECT kermit to an hvcs device I get:
"Sorry, write access to UUCP lockfile directory denied."

A: The /dev/hvcs* entry you have specified doesn't exist where you said it
does?  Maybe you haven't inserted the module (on systems with udev).

---------------------------------------------------------------------------

Q: If I already have one Linux partition installed can I use hvcs on said
partition to provide the console for the install of a second Linux
partition?

A: Yes granted that your are connected to the /dev/hvcs* device using
kermit or cu or some other program that doesn't provide terminal emulation.

---------------------------------------------------------------------------

Q: Can I connect to more than one partition's console at a time using this
driver?

A: Yes.  Of course this means that there must be more than one vty-server
configured for this partition and each must point to a disconnected vty.

---------------------------------------------------------------------------

Q: Does the hvcs driver support dynamic (hotplug) addition of devices?

A: Yes, if you have dlpar and hotplug enabled for your system and it has
been built into the kernel the hvcs drivers is configured to dynamically
handle additions of new devices and removals of unused devices.

---------------------------------------------------------------------------

Q: For some reason /dev/hvcs* doesn't map to the same vty-server adapter
after a reboot.  What happened?

A: Assignment of vty-server adapters to /dev/hvcs* entries is always done
in the order that the adapters are exposed.  Due to hotplug capabilities of
this driver assignment of hotplug added vty-servers may be in a different
order than how they would be exposed on module load.  Rebooting or
reloading the module after dynamic addition may result in the /dev/hvcs*
and vty-server coupling changing if a vty-server adapter was added in a
slot between two other vty-server adapters.  Refer to the section above
on how to determine which vty-server goes with which /dev/hvcs* node.
Hint; look at the sysfs "index" attribute for the vty-server.

---------------------------------------------------------------------------

Q: Can I use /dev/hvcs* as a conduit to another partition and use a tty
device on that partition as the other end of the pipe?

A: Yes, on Power5 platforms the hvc_console driver provides a tty interface
for extra /dev/hvc* devices (where /dev/hvc0 is most likely the console).
In order to get a tty conduit working between the two partitions the HMC
Super Admin must create an additional "serial server" for the target
partition with the HMC gui which will show up as /dev/hvc* when the target
partition is rebooted.

The HMC Super Admin then creates an additional "serial client" for the
current partition and points this at the target partition's newly created
"serial server" adapter (remember the slot).  This shows up as an
additional /dev/hvcs* device.

Now a program on the target system can be configured to read or write to
/dev/hvc* and another program on the current partition can be configured to
read or write to /dev/hvcs*.  Now you have a tty conduit between two
partitions.

---------------------------------------------------------------------------

9. Reporting Bugs:
==================

The proper channel for reporting bugs is either through the Linux OS
distribution company that provided your OS or by posting issues to the
PowerPC development mailing list at:

linuxppc-dev@lists.ozlabs.org

This request is to provide a documented and searchable public exchange
of the problems and solutions surrounding this driver for the benefit of
all users.