blob: cf29f884cbe04f5c703aa44ec7dd5d02e480e7c6 [file] [log] [blame]
1. Overview
-----------
This document describes the driver set for Unisys Secure Partitioning
(s-Par(R)).
s-Par is firmware that provides hardware partitioning capabilities for
splitting large-scale Intel x86 servers into multiple isolated
partitions. s-Par provides a set of para-virtualized device drivers to
allow guest partitions on the same server to share devices that would
normally be unsharable, specifically:
* visornic - network interface
* visorhba - scsi disk adapter
* visorinput - keyboard and mouse
These drivers conform to the standard Linux bus/device model described
within Documentation/driver-api/driver-model/, and utilize a driver named
visorbus to present the virtual busses involved. Drivers in the 'visor*'
driver set are commonly referred to as "guest drivers" or "client drivers".
All drivers except visorbus expose a device of a specific usable class to the
Linux guest environment (e.g., block, network, or input), and are collectively
referred to as "function drivers".
The back-end for each device is owned and managed by a small,
single-purpose service partition in the s-Par firmware, which communicates
with each guest partition sharing that device through an area of shared memory
called a "channel". In s-Par nomenclature, the back-end is often referred to
as the "service partition", "IO partition" (for virtual network and scsi disk
devices), or "console partition" (for virtual keyboard and mouse devices).
Each virtual device requires exactly 1 dedicated channel, which the guest
driver and back-end use to communicate. The hypervisor need not intervene
(other than normal interrupt handling) in the interactions that occur across
this channel.
NOT covered in this document:
* s-Par also supports sharing physical PCI adapters via SR-IOV, but
because this requires no specific support in the guest partitions, it will
not be discussed in this document. Shared SR-IOV devices should be used
wherever possible for highest performance.
* Because the s-Par back-end provides a standard EFI framebuffer to each
guest, the already-existing efifb Linux driver is used to provide guest
video access. Thus, the only s-Par-unique support that is necessary to
provide a guest graphics console are for keyboard and mouse (via visorinput).
2. Driver Descriptions
----------------------
2.1. visorbus
-------------
2.1.1. Overview
---------------
The visorbus driver handles the virtual busses on which all of the virtual
devices reside. It provides a registration function named
visorbus_register_visor_driver() that is called by each of the function
drivers at initialization time, which the function driver uses to tell
visorbus about the device classes (via specifying a list of device type
GUIDs) it wants to handle. For use by function drivers, visorbus provides
implementation for struct visor_driver and struct visor_device, as well
as utility functions for communicating with the back-end.
visorbus is associated with ACPI id "PNP0A07" in modules.alias, so if built
as a module it will typically be loaded automatically via standard udev or
systemd (God help us) configurations.
visorbus can similarly force auto-loading of function drivers for virtual
devices it discovers, as it includes a MODALIAS environment variable of this
form in the hotplug uevent environment when each virtual device is
discovered:
visorbus:<device type GUID>
visorbus notifies each function driver when a device of its registered class
arrives and departs, by calling the function driver's probe() and remove()
methods.
The actual struct device objects that correspond to each virtual bus and
each virtual device are created and owned by visorbus. These device objects
are created in response to messages from the s-Par back-end received on a
special control channel called the "controlvm channel" (each guest partition
has access to exactly 1 controlvm channel), and have a lifetime that is
independent of the function drivers that control them.
2.1.2. "struct visor device" Function Driver Interfaces
-------------------------------------------------------
The interface between visorbus and its function drivers is defined in
visorbus.h, and described below.
When a visor function driver loads, it calls visorbus_register_visor_driver()
to register itself with visorbus. The significant information passed in this
exchange is as follows:
* the GUID(s) of the channel type(s) that are handled by this driver, as
well as a "friendly name" identifying each (this will be published under
/sys/devices/visorbus<x>/dev<y>)
* the addresses of callback functions to be called whenever a virtual
device/channel with the appropriate channel-type GUID(s) appears or
disappears
* the address of a "channel_interrupt" function, which will be automatically
called at specific intervals to enable the driver to poll the device
channel for activity
The following functions implemented within each function driver will be
called automatically by the visorbus driver at appropriate times:
* The probe() function notifies about the creation of each new virtual
device/channel instance.
* The remove() function notifies about the destruction of a virtual
device/channel instance.
* The channel_interrupt() function is called at frequent intervals to
give the function driver an opportunity to poll the virtual device channel
for requests. Information is passed to this function to enable the
function driver to use the visorchannel_signalinsert() and
visorchannel_signalremove() functions to respond to and initiate activity
over the channel. (Note that since it is the visorbus driver that
determines when this is called, it is very easy to switch to
interrupt-driven mechanisms when available for particular virtual device
types.)
* The pause() function is called should it ever be necessary to direct the
function driver to temporarily stop accessing the device channel. An
example of when this is needed is when the service partition implementing
the back-end of the virtual device needs to be recovered. After a
successful return of pause(), the function driver must not access the
device channel until a subsequent resume() occurs.
* The resume() function is the "book-end" to pause(), and is described above.
2.1.3. sysfs Advertised Information
-----------------------------------
Because visorbus is a standard Linux bus driver in the model described in
Documentation/driver-api/driver-model/, the hierarchy of s-Par virtual devices is
published in the sysfs tree beneath /bus/visorbus/, e.g.,
/sys/bus/visorbus/devices/ might look like:
vbus1:dev1 -> ../../../devices/visorbus1/vbus1:dev1
vbus1:dev2 -> ../../../devices/visorbus1/vbus1:dev2
vbus1:dev3 -> ../../../devices/visorbus1/vbus1:dev3
vbus2:dev0 -> ../../../devices/visorbus2/vbus2:dev0
vbus2:dev1 -> ../../../devices/visorbus2/vbus2:dev1
vbus2:dev2 -> ../../../devices/visorbus2/vbus2:dev2
visorbus1 -> ../../../devices/visorbus1
visorbus2 -> ../../../devices/visorbus2
visor_device notes:
* Each visorbus<n> entry denotes the existence of a struct visor_device
denoting virtual bus #<n>. A unique s-Par channel exists for each such
virtual bus.
* Virtual bus numbers uniquely identify s-Par back-end service partitions.
In this example, bus 1 corresponds to the s-Par console partition
(controls keyboard, video, and mouse), whereas bus 2 corresponds to the
s-Par IO partition (controls network and disk).
* Each vbus<x>:dev<y> entry denotes the existence of a struct visor_device
denoting virtual device #<y> outboard of virtual bus #<x>. A unique s-Par
channel exists for each such virtual device.
* If a function driver has loaded and claimed a particular device, the
bus/visorbus/devices/vbus<x>:dev<y>/driver symlink will indicate that
function driver.
Every active visorbus device will have a sysfs subtree under:
/sys/devices/visorbus<x>/vbus<x>:dev<y>/
The following files exist under /sys/devices/visorbus<x>/vbus<x>:dev<y>:
subsystem link to sysfs tree that describes the
visorbus bus type; e.g.:
../../../bus/visorbus
driver link to sysfs tree that describes the
function driver controlling this device;
e.g.:
../../../bus/visorbus/drivers/visorhba
Note that this "driver" link will not exist
if the appropriate function driver has not
been loaded yet.
channel properties of the device channel (all in
ascii text format)
clientpartition handle identifying the guest (client) side
of this channel, e.g. 0x10000000.
nbytes total size of this channel in bytes
physaddr the guest physical address for the base of
the channel
typeguid a GUID identifying the channel type, in
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx notation
typename a "friendly name" for this channel type, e.g.,
"keyboard". Note that this name is provided by
a particular function driver, so "typename"
will return an empty string until AFTER the
appropriate function driver controlling this
channel type is loaded
zoneguid a GUID identifying the channel zone, in
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx notation
2.2. visorhba
-------------
The visorhba driver registers with visorbus as the function driver to
handle virtual scsi disk devices, specified using the
VISOR_VHBA_CHANNEL_GUID type in the visorbus_register_visor_driver()
call. visorhba uses scsi_add_host() to expose a Linux block device
(e.g., /sys/block/) in the guest environment for each s-Par virtual device.
visorhba provides access to a shared SCSI host bus adapter and one or more
disk devices, by proxying SCSI commands between the guest and the service
partition that owns the shared SCSI adapter, using a channel between the
guest and the service partition. The disks that appear on the shared bus
are defined by the s-Par configuration and enforced by the service partition,
while the guest driver handles sending commands and handling responses. Each
disk is shared as a whole to a guest. Sharing the bus adapter in this way
provides resiliency; should the device encounter an error, only the service
partition is rebooted, and the device is reinitialized. This allows
guests to continue running and to recover from the error.
When compiled as a module, visorhba can be autoloaded by visorbus in
standard udev/systemd environments, as it includes the modules.alias
definition:
"visorbus:"+VISOR_VHBA_CHANNEL_GUID_STR
i.e.:
alias visorbus:414815ed-c58c-11da-95a9-00e08161165f visorhba
2.3. visornic
-------------
The visornic driver registers with visorbus as the function driver to
handle virtual network devices, specified using the
VISOR_VNIC_CHANNEL_GUID type in the visorbus_register_visor_driver()
call. visornic uses register_netdev() to expose a Linux device of class net
(e.g., /sys/class/net/) in the guest environment for each s-Par virtual
device.
visornic provides a paravirtualized network interface to a
guest by proxying buffer information between the guest and the service
partition that owns the shared network interface, using a channel
between the guest and the service partition. The connectivity of this
interface with the shared interface and possibly other guest
partitions is defined by the s-Par configuration and enforced by the
service partition; the guest driver handles communication and link
status.
When compiled as a module, visornic can be autoloaded by visorbus in
standard udev/systemd environments, as it includes the modules.alias
definition:
"visorbus:"+VISOR_VNIC_CHANNEL_GUID_STR
i.e.:
alias visorbus:8cd5994d-c58e-11da-95a9-00e08161165f visornic
2.4. visorinput
---------------
The visorinput driver registers with visorbus as the function driver to
handle human input devices, specified using the
VISOR_KEYBOARD_CHANNEL_GUID and VISOR_MOUSE_CHANNEL_GUID
types in the visorbus_register_visor_driver() call. visorinput uses
input_register_device() to expose devices of class input
(e.g., /sys/class/input/) for virtual keyboard and virtual mouse devices.
A s-Par virtual keyboard device maps 1-to-1 with a Linux input device
named "visor Keyboard", while a s-Par virtual mouse device has 2 Linux input
devices created for it: 1 named "visor Wheel", and 1 named "visor Mouse".
By registering as input class devices, modern versions of X will
automatically find and properly use s-Par virtual keyboard and mouse devices.
As the s-Par back-end reports keyboard and mouse activity via events on the
virtual device channel, the visorinput driver delivers the activity to the
Linux environment by calling input_report_key() and input_report_abs().
You can interact with the guest console using the usyscon Partition Desktop
(a.k.a., "pd") application, provided as part of s-Par. After installing the
usyscon Partition Desktop into a Linux environment via the
usyscon_partitiondesktop-*.rpm, or into a Windows environment via
PartitionDesktop.msi, you will be able to launch a console for your guest
Linux environment by clicking the console icon in the s-Par web UI.
When compiled as a module, visorinput can be autoloaded by visorbus in
standard udev/systemd environments, as it includes the modules.alias
definition:
"visorbus:"+VISOR_MOUSE_CHANNEL_GUID_STR
"visorbus:"+VISOR_KEYBOARD_CHANNEL_GUID_STR
i.e.:
alias visorbus:c73416d0-b0b8-44af-b304-9d2ae99f1b3d visorinput
alias visorbus:addf07d4-94a9-46e2-81c3-61abcdbdbd87 visorinput
3. Minimum Required Driver Set
------------------------------
visorbus is required for every Linux guest running under s-Par.
visorhba is typically required for a Linux guest running under s-Par, as it
is required if your guest boot disk is a virtual device provided by the s-Par
back-end, which is the default configuration. However, for advanced
configurations where the Linux guest boots via an SR-IOV-provided HBA or
SAN disk for example, visorhba is not technically required.
visornic is typically required for a Linux guest running under s-Par, as it
is required if your guest network interface is a virtual device provided by
the s-Par back-end, which is the default configuration. However, for
configurations where the Linux guest is provided with an SR-IOV NIC
for example, visornic is not technically required.
visorinput is only required for a Linux guest running under s-Par if you
require graphics-mode access to your guest console.