xref: /titanic_50/usr/src/uts/common/io/ptm.c (revision 71e32251703c729dbbebef2101770135584fd8d4)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
26 /*	  All Rights Reserved  	*/
27 
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 /*
32  * Pseudo Terminal Master Driver.
33  *
34  * The pseudo-tty subsystem simulates a terminal connection, where the master
35  * side represents the terminal and the slave represents the user process's
36  * special device end point. The master device is set up as a cloned device
37  * where its major device number is the major for the clone device and its minor
38  * device number is the major for the ptm driver. There are no nodes in the file
39  * system for master devices. The master pseudo driver is opened using the
40  * open(2) system call with /dev/ptmx as the device parameter.  The clone open
41  * finds the next available minor device for the ptm major device.
42  *
43  * A master device is available only if it and its corresponding slave device
44  * are not already open. When the master device is opened, the corresponding
45  * slave device is automatically locked out. Only one open is allowed on a
46  * master device.  Multiple opens are allowed on the slave device.  After both
47  * the master and slave have been opened, the user has two file descriptors
48  * which are the end points of a full duplex connection composed of two streams
49  * which are automatically connected at the master and slave drivers. The user
50  * may then push modules onto either side of the stream pair.
51  *
52  * The master and slave drivers pass all messages to their adjacent queues.
53  * Only the M_FLUSH needs some processing.  Because the read queue of one side
54  * is connected to the write queue of the other, the FLUSHR flag is changed to
55  * the FLUSHW flag and vice versa. When the master device is closed an M_HANGUP
56  * message is sent to the slave device which will render the device
57  * unusable. The process on the slave side gets the EIO when attempting to write
58  * on that stream but it will be able to read any data remaining on the stream
59  * head read queue.  When all the data has been read, read() returns 0
60  * indicating that the stream can no longer be used.  On the last close of the
61  * slave device, a 0-length message is sent to the master device. When the
62  * application on the master side issues a read() or getmsg() and 0 is returned,
63  * the user of the master device decides whether to issue a close() that
64  * dismantles the pseudo-terminal subsystem. If the master device is not closed,
65  * the pseudo-tty subsystem will be available to another user to open the slave
66  * device.
67  *
68  * If O_NONBLOCK or O_NDELAY is set, read on the master side returns -1 with
69  * errno set to EAGAIN if no data is available, and write returns -1 with errno
70  * set to EAGAIN if there is internal flow control.
71  *
72  * IOCTLS:
73  *
74  *  ISPTM: determines whether the file descriptor is that of an open master
75  *	   device. Return code of zero indicates that the file descriptor
76  *	   represents master device.
77  *
78  *  UNLKPT: unlocks the master and slave devices.  It returns 0 on success. On
79  *	    failure, the errno is set to EINVAL indicating that the master
80  *	    device is not open.
81  *
82  *  ZONEPT: sets the zone membership of the associated pts device.
83  *
84  *  GRPPT:  sets the group owner of the associated pts device.
85  *
86  * Synchronization:
87  *
88  *   All global data synchronization between ptm/pts is done via global
89  *   ptms_lock mutex which is initialized at system boot time from
90  *   ptms_initspace (called from space.c).
91  *
92  *   Individual fields of pt_ttys structure (except ptm_rdq, pts_rdq and
93  *   pt_nullmsg) are protected by pt_ttys.pt_lock mutex.
94  *
95  *   PT_ENTER_READ/PT_ENTER_WRITE are reference counter based read-write locks
96  *   which allow reader locks to be reacquired by the same thread (usual
97  *   reader/writer locks can't be used for that purpose since it is illegal for
98  *   a thread to acquire a lock it already holds, even as a reader). The sole
99  *   purpose of these macros is to guarantee that the peer queue will not
100  *   disappear (due to closing peer) while it is used. It is safe to use
101  *   PT_ENTER_READ/PT_EXIT_READ brackets across calls like putq/putnext (since
102  *   they are not real locks but reference counts).
103  *
104  *   PT_ENTER_WRITE/PT_EXIT_WRITE brackets are used ONLY in master/slave
105  *   open/close paths to modify ptm_rdq and pts_rdq fields. These fields should
106  *   be set to appropriate queues *after* qprocson() is called during open (to
107  *   prevent peer from accessing the queue with incomplete plumbing) and set to
108  *   NULL before qprocsoff() is called during close.
109  *
110  *   The pt_nullmsg field is only used in open/close routines and it is also
111  *   protected by PT_ENTER_WRITE/PT_EXIT_WRITE brackets to avoid extra mutex
112  *   holds.
113  *
114  * Lock Ordering:
115  *
116  *   If both ptms_lock and per-pty lock should be held, ptms_lock should always
117  *   be entered first, followed by per-pty lock.
118  *
119  * See ptms.h, pts.c and ptms_conf.c for more information.
120  */
121 
122 #include <sys/types.h>
123 #include <sys/param.h>
124 #include <sys/file.h>
125 #include <sys/sysmacros.h>
126 #include <sys/stream.h>
127 #include <sys/stropts.h>
128 #include <sys/proc.h>
129 #include <sys/errno.h>
130 #include <sys/debug.h>
131 #include <sys/cmn_err.h>
132 #include <sys/ptms.h>
133 #include <sys/stat.h>
134 #include <sys/strsun.h>
135 #include <sys/systm.h>
136 #include <sys/modctl.h>
137 #include <sys/conf.h>
138 #include <sys/ddi.h>
139 #include <sys/sunddi.h>
140 #include <sys/zone.h>
141 
142 #ifdef DEBUG
143 int ptm_debug = 0;
144 #define	DBG(a)	 if (ptm_debug) cmn_err(CE_NOTE, a)
145 #else
146 #define	DBG(a)
147 #endif
148 
149 static int ptmopen(queue_t *, dev_t *, int, int, cred_t *);
150 static int ptmclose(queue_t *, int, cred_t *);
151 static void ptmwput(queue_t *, mblk_t *);
152 static void ptmrsrv(queue_t *);
153 static void ptmwsrv(queue_t *);
154 
155 /*
156  * Master Stream Pseudo Terminal Module: stream data structure definitions
157  */
158 
159 static struct module_info ptm_info = {
160 	0xdead,
161 	"ptm",
162 	0,
163 	512,
164 	512,
165 	128
166 };
167 
168 static struct qinit ptmrint = {
169 	NULL,
170 	(int (*)()) ptmrsrv,
171 	ptmopen,
172 	ptmclose,
173 	NULL,
174 	&ptm_info,
175 	NULL
176 };
177 
178 static struct qinit ptmwint = {
179 	(int (*)()) ptmwput,
180 	(int (*)()) ptmwsrv,
181 	NULL,
182 	NULL,
183 	NULL,
184 	&ptm_info,
185 	NULL
186 };
187 
188 static struct streamtab ptminfo = {
189 	&ptmrint,
190 	&ptmwint,
191 	NULL,
192 	NULL
193 };
194 
195 static int ptm_attach(dev_info_t *, ddi_attach_cmd_t);
196 static int ptm_detach(dev_info_t *, ddi_detach_cmd_t);
197 static int ptm_devinfo(dev_info_t *, ddi_info_cmd_t, void *, void **);
198 
199 static dev_info_t	*ptm_dip;		/* private devinfo pointer */
200 
201 /*
202  * this will define (struct cb_ops cb_ptm_ops) and (struct dev_ops ptm_ops)
203  */
204 DDI_DEFINE_STREAM_OPS(ptm_ops, nulldev, nulldev, ptm_attach, ptm_detach,
205     nodev, ptm_devinfo, D_MP, &ptminfo);
206 
207 /*
208  * Module linkage information for the kernel.
209  */
210 
211 static struct modldrv modldrv = {
212 	&mod_driverops, /* Type of module.  This one is a pseudo driver */
213 	"Master streams driver 'ptm' %I%",
214 	&ptm_ops,	/* driver ops */
215 };
216 
217 static struct modlinkage modlinkage = {
218 	MODREV_1,
219 	&modldrv,
220 	NULL
221 };
222 
223 int
224 _init(void)
225 {
226 	int rc;
227 
228 	if ((rc = mod_install(&modlinkage)) == 0)
229 		ptms_init();
230 	return (rc);
231 }
232 
233 int
234 _fini(void)
235 {
236 	return (mod_remove(&modlinkage));
237 }
238 
239 int
240 _info(struct modinfo *modinfop)
241 {
242 	return (mod_info(&modlinkage, modinfop));
243 }
244 
245 static int
246 ptm_attach(dev_info_t *devi, ddi_attach_cmd_t cmd)
247 {
248 	if (cmd != DDI_ATTACH)
249 		return (DDI_FAILURE);
250 
251 	if (ddi_create_minor_node(devi, "ptmajor", S_IFCHR,
252 	    0, DDI_PSEUDO, NULL) == DDI_FAILURE) {
253 		ddi_remove_minor_node(devi, NULL);
254 		return (DDI_FAILURE);
255 	}
256 	if (ddi_create_minor_node(devi, "ptmx", S_IFCHR,
257 	    0, DDI_PSEUDO, CLONE_DEV) == DDI_FAILURE) {
258 		ddi_remove_minor_node(devi, NULL);
259 		return (DDI_FAILURE);
260 	}
261 	ptm_dip = devi;
262 
263 	return (DDI_SUCCESS);
264 }
265 
266 static int
267 ptm_detach(dev_info_t *devi, ddi_detach_cmd_t cmd)
268 {
269 	if (cmd != DDI_DETACH)
270 		return (DDI_FAILURE);
271 
272 	ddi_remove_minor_node(devi, NULL);
273 	return (DDI_SUCCESS);
274 }
275 
276 /*ARGSUSED*/
277 static int
278 ptm_devinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg,
279     void **result)
280 {
281 	int error;
282 
283 	switch (infocmd) {
284 	case DDI_INFO_DEVT2DEVINFO:
285 		if (ptm_dip == NULL) {
286 			error = DDI_FAILURE;
287 		} else {
288 			*result = (void *)ptm_dip;
289 			error = DDI_SUCCESS;
290 		}
291 		break;
292 	case DDI_INFO_DEVT2INSTANCE:
293 		*result = (void *)0;
294 		error = DDI_SUCCESS;
295 		break;
296 	default:
297 		error = DDI_FAILURE;
298 	}
299 	return (error);
300 }
301 
302 
303 /* ARGSUSED */
304 /*
305  * Open a minor of the master device. Store the write queue pointer and set the
306  * pt_state field to (PTMOPEN | PTLOCK).
307  * This code will work properly with both clone opens and direct opens of the
308  * master device.
309  */
310 static int
311 ptmopen(
312 	queue_t *rqp,		/* pointer to the read side queue */
313 	dev_t   *devp,		/* pointer to stream tail's dev */
314 	int	oflag,		/* the user open(2) supplied flags */
315 	int	sflag,		/* open state flag */
316 	cred_t  *credp)		/* credentials */
317 {
318 	struct pt_ttys	*ptmp;
319 	mblk_t		*mop;		/* ptr to a setopts message block */
320 	struct stroptions *sop;
321 	minor_t		dminor = getminor(*devp);
322 
323 	/* Allow reopen */
324 	if (rqp->q_ptr != NULL)
325 		return (0);
326 
327 	if (sflag & MODOPEN)
328 		return (ENXIO);
329 
330 	if (!(sflag & CLONEOPEN) && dminor != 0) {
331 		/*
332 		 * This is a direct open to specific master device through an
333 		 * artificially created entry with specific minor in
334 		 * /dev/directory. Such behavior is not supported.
335 		 */
336 		return (ENXIO);
337 	}
338 
339 	/*
340 	 * The master open requires that the slave be attached
341 	 * before it returns so that attempts to open the slave will
342 	 * succeeed
343 	 */
344 	if (ptms_attach_slave() != 0) {
345 		return (ENXIO);
346 	}
347 
348 	mop = allocb(sizeof (struct stroptions), BPRI_MED);
349 	if (mop == NULL) {
350 		DDBG("ptmopen(): mop allocation failed\n", 0);
351 		return (ENOMEM);
352 	}
353 
354 	if ((ptmp = pt_ttys_alloc()) == NULL) {
355 		DDBG("ptmopen(): pty allocation failed\n", 0);
356 		freemsg(mop);
357 		return (ENOMEM);
358 	}
359 
360 	dminor = ptmp->pt_minor;
361 
362 	DDBGP("ptmopen(): allocated ptmp %p\n", (uintptr_t)ptmp);
363 	DDBG("ptmopen(): allocated minor %d\n", dminor);
364 
365 	WR(rqp)->q_ptr = rqp->q_ptr = ptmp;
366 
367 	qprocson(rqp);
368 
369 	/* Allow slave to send messages to master */
370 	PT_ENTER_WRITE(ptmp);
371 	ptmp->ptm_rdq = rqp;
372 	PT_EXIT_WRITE(ptmp);
373 
374 	/*
375 	 * set up hi/lo water marks on stream head read queue
376 	 * and add controlling tty if not set
377 	 */
378 	mop->b_datap->db_type = M_SETOPTS;
379 	mop->b_wptr += sizeof (struct stroptions);
380 	sop = (struct stroptions *)mop->b_rptr;
381 	if (oflag & FNOCTTY)
382 		sop->so_flags = SO_HIWAT | SO_LOWAT;
383 	else
384 		sop->so_flags = SO_HIWAT | SO_LOWAT | SO_ISTTY;
385 	sop->so_hiwat = 512;
386 	sop->so_lowat = 256;
387 	putnext(rqp, mop);
388 
389 	/*
390 	 * The input, devp, is a major device number, the output is put
391 	 * into the same parm as a major,minor pair.
392 	 */
393 	*devp = makedevice(getmajor(*devp), dminor);
394 
395 	return (0);
396 }
397 
398 
399 /*
400  * Find the address to private data identifying the slave's write queue.
401  * Send a hang-up message up the slave's read queue to designate the
402  * master/slave pair is tearing down. Uattach the master and slave by
403  * nulling out the write queue fields in the private data structure.
404  * Finally, unlock the master/slave pair and mark the master as closed.
405  */
406 /*ARGSUSED1*/
407 static int
408 ptmclose(queue_t *rqp, int flag, cred_t *credp)
409 {
410 	struct pt_ttys	*ptmp;
411 	queue_t *pts_rdq;
412 
413 	ASSERT(rqp->q_ptr);
414 
415 	ptmp = (struct pt_ttys *)rqp->q_ptr;
416 	PT_ENTER_READ(ptmp);
417 	if (ptmp->pts_rdq) {
418 		pts_rdq = ptmp->pts_rdq;
419 		if (pts_rdq->q_next) {
420 			DBG(("send hangup message to slave\n"));
421 			(void) putnextctl(pts_rdq, M_HANGUP);
422 		}
423 	}
424 	PT_EXIT_READ(ptmp);
425 	/*
426 	 * ptm_rdq should be cleared before call to qprocsoff() to prevent pts
427 	 * write procedure to attempt using ptm_rdq after qprocsoff.
428 	 */
429 	PT_ENTER_WRITE(ptmp);
430 	ptmp->ptm_rdq = NULL;
431 	freemsg(ptmp->pt_nullmsg);
432 	ptmp->pt_nullmsg = NULL;
433 	/*
434 	 * qenable slave side write queue so that it can flush
435 	 * its messages as master's read queue is going away
436 	 */
437 	if (ptmp->pts_rdq)
438 		qenable(WR(ptmp->pts_rdq));
439 	PT_EXIT_WRITE(ptmp);
440 
441 	qprocsoff(rqp);
442 
443 	/* Finish the close */
444 	rqp->q_ptr = NULL;
445 	WR(rqp)->q_ptr = NULL;
446 
447 	ptms_close(ptmp, PTMOPEN | PTLOCK);
448 
449 	return (0);
450 }
451 
452 static boolean_t
453 ptmptsopencb(ptmptsopencb_arg_t arg)
454 {
455 	struct pt_ttys	*ptmp = (struct pt_ttys *)arg;
456 	boolean_t rval;
457 
458 	PT_ENTER_READ(ptmp);
459 	rval = (ptmp->pt_nullmsg != NULL);
460 	PT_EXIT_READ(ptmp);
461 	return (rval);
462 }
463 
464 /*
465  * The wput procedure will only handle ioctl and flush messages.
466  */
467 static void
468 ptmwput(queue_t *qp, mblk_t *mp)
469 {
470 	struct pt_ttys	*ptmp;
471 	struct iocblk	*iocp;
472 
473 	DBG(("entering ptmwput\n"));
474 	ASSERT(qp->q_ptr);
475 
476 	ptmp = (struct pt_ttys *)qp->q_ptr;
477 	PT_ENTER_READ(ptmp);
478 
479 	switch (mp->b_datap->db_type) {
480 	/*
481 	 * if write queue request, flush master's write
482 	 * queue and send FLUSHR up slave side. If read
483 	 * queue request, convert to FLUSHW and putnext().
484 	 */
485 	case M_FLUSH:
486 		{
487 			unsigned char flush_flg = 0;
488 
489 			DBG(("ptm got flush request\n"));
490 			if (*mp->b_rptr & FLUSHW) {
491 				DBG(("got FLUSHW, flush ptm write Q\n"));
492 				if (*mp->b_rptr & FLUSHBAND)
493 					/*
494 					 * if it is a FLUSHBAND, do flushband.
495 					 */
496 					flushband(qp, *(mp->b_rptr + 1),
497 					    FLUSHDATA);
498 				else
499 					flushq(qp, FLUSHDATA);
500 				flush_flg = (*mp->b_rptr & ~FLUSHW) | FLUSHR;
501 			}
502 			if (*mp->b_rptr & FLUSHR) {
503 				DBG(("got FLUSHR, set FLUSHW\n"));
504 				flush_flg |= (*mp->b_rptr & ~FLUSHR) | FLUSHW;
505 			}
506 			if (flush_flg != 0 && ptmp->pts_rdq &&
507 			    !(ptmp->pt_state & PTLOCK)) {
508 				DBG(("putnext to pts\n"));
509 				*mp->b_rptr = flush_flg;
510 				putnext(ptmp->pts_rdq, mp);
511 			} else
512 				freemsg(mp);
513 			break;
514 		}
515 
516 	case M_IOCTL:
517 		iocp = (struct iocblk *)mp->b_rptr;
518 		switch (iocp->ioc_cmd) {
519 		default:
520 			if ((ptmp->pt_state & PTLOCK) ||
521 			    (ptmp->pts_rdq == NULL)) {
522 				DBG(("got M_IOCTL but no slave\n"));
523 				miocnak(qp, mp, 0, EINVAL);
524 				PT_EXIT_READ(ptmp);
525 				return;
526 			}
527 			(void) putq(qp, mp);
528 			break;
529 		case UNLKPT:
530 			mutex_enter(&ptmp->pt_lock);
531 			ptmp->pt_state &= ~PTLOCK;
532 			mutex_exit(&ptmp->pt_lock);
533 			/*FALLTHROUGH*/
534 		case ISPTM:
535 			DBG(("ack the UNLKPT/ISPTM\n"));
536 			miocack(qp, mp, 0, 0);
537 			break;
538 		case ZONEPT:
539 		{
540 			zoneid_t z;
541 			int error;
542 
543 			if ((error = drv_priv(iocp->ioc_cr)) != 0) {
544 				miocnak(qp, mp, 0, error);
545 				break;
546 			}
547 			if ((error = miocpullup(mp, sizeof (zoneid_t))) != 0) {
548 				miocnak(qp, mp, 0, error);
549 				break;
550 			}
551 			z = *((zoneid_t *)mp->b_cont->b_rptr);
552 			if (z < MIN_ZONEID || z > MAX_ZONEID) {
553 				miocnak(qp, mp, 0, EINVAL);
554 				break;
555 			}
556 
557 			mutex_enter(&ptmp->pt_lock);
558 			ptmp->pt_zoneid = z;
559 			mutex_exit(&ptmp->pt_lock);
560 			miocack(qp, mp, 0, 0);
561 			break;
562 		}
563 		case OWNERPT:
564 		{
565 			pt_own_t *ptop;
566 			int error;
567 
568 			if ((error = miocpullup(mp, sizeof (pt_own_t))) != 0) {
569 				miocnak(qp, mp, 0, error);
570 				break;
571 			}
572 
573 			ptop = (pt_own_t *)mp->b_cont->b_rptr;
574 
575 			if (!VALID_UID(ptop->pto_ruid) ||
576 			    !VALID_GID(ptop->pto_rgid)) {
577 				miocnak(qp, mp, 0, EINVAL);
578 				break;
579 			}
580 
581 			mutex_enter(&ptmp->pt_lock);
582 			ptmp->pt_ruid = ptop->pto_ruid;
583 			ptmp->pt_rgid = ptop->pto_rgid;
584 			mutex_exit(&ptmp->pt_lock);
585 			miocack(qp, mp, 0, 0);
586 			break;
587 		}
588 		case PTMPTSOPENCB:
589 		{
590 			mblk_t		*dp;	/* ioctl reply data */
591 			ptmptsopencb_t	*ppocb;
592 
593 			/* only allow the kernel to invoke this ioctl */
594 			if (iocp->ioc_cr != kcred) {
595 				miocnak(qp, mp, 0, EINVAL);
596 				break;
597 			}
598 
599 			/* we don't support transparent ioctls */
600 			ASSERT(iocp->ioc_count != TRANSPARENT);
601 			if (iocp->ioc_count == TRANSPARENT) {
602 				miocnak(qp, mp, 0, EINVAL);
603 				break;
604 			}
605 
606 			/* allocate a response message */
607 			dp = allocb(sizeof (ptmptsopencb_t), BPRI_MED);
608 			if (dp == NULL) {
609 				miocnak(qp, mp, 0, EAGAIN);
610 				break;
611 			}
612 
613 			/* initialize the ioctl results */
614 			ppocb = (ptmptsopencb_t *)dp->b_rptr;
615 			ppocb->ppocb_func = ptmptsopencb;
616 			ppocb->ppocb_arg = (ptmptsopencb_arg_t)ptmp;
617 
618 			/* send the reply data */
619 			mioc2ack(mp, dp, sizeof (ptmptsopencb_t), 0);
620 			qreply(qp, mp);
621 			break;
622 		}
623 		}
624 		break;
625 
626 	case M_READ:
627 		/* Caused by ldterm - can not pass to slave */
628 		freemsg(mp);
629 		break;
630 
631 	/*
632 	 * send other messages to slave
633 	 */
634 	default:
635 		if ((ptmp->pt_state  & PTLOCK) || (ptmp->pts_rdq == NULL)) {
636 			DBG(("got msg. but no slave\n"));
637 			mp = mexchange(NULL, mp, 2, M_ERROR, -1);
638 			if (mp != NULL) {
639 				mp->b_rptr[0] = NOERROR;
640 				mp->b_rptr[1] = EINVAL;
641 				qreply(qp, mp);
642 			}
643 			PT_EXIT_READ(ptmp);
644 			return;
645 		}
646 		DBG(("put msg on master's write queue\n"));
647 		(void) putq(qp, mp);
648 		break;
649 	}
650 	DBG(("return from ptmwput()\n"));
651 	PT_EXIT_READ(ptmp);
652 }
653 
654 
655 /*
656  * enable the write side of the slave. This triggers the
657  * slave to send any messages queued on its write side to
658  * the read side of this master.
659  */
660 static void
661 ptmrsrv(queue_t *qp)
662 {
663 	struct pt_ttys	*ptmp;
664 
665 	DBG(("entering ptmrsrv\n"));
666 	ASSERT(qp->q_ptr);
667 
668 	ptmp = (struct pt_ttys *)qp->q_ptr;
669 	PT_ENTER_READ(ptmp);
670 	if (ptmp->pts_rdq) {
671 		qenable(WR(ptmp->pts_rdq));
672 	}
673 	PT_EXIT_READ(ptmp);
674 	DBG(("leaving ptmrsrv\n"));
675 }
676 
677 
678 /*
679  * If there are messages on this queue that can be sent to
680  * slave, send them via putnext(). Else, if queued messages
681  * cannot be sent, leave them on this queue. If priority
682  * messages on this queue, send them to slave no matter what.
683  */
684 static void
685 ptmwsrv(queue_t *qp)
686 {
687 	struct pt_ttys	*ptmp;
688 	mblk_t 		*mp;
689 
690 	DBG(("entering ptmwsrv\n"));
691 	ASSERT(qp->q_ptr);
692 
693 	ptmp = (struct pt_ttys *)qp->q_ptr;
694 
695 	if ((mp = getq(qp)) == NULL) {
696 		/* If there are no messages there's nothing to do. */
697 		DBG(("leaving ptmwsrv (no messages)\n"));
698 		return;
699 	}
700 
701 	PT_ENTER_READ(ptmp);
702 	if ((ptmp->pt_state  & PTLOCK) || (ptmp->pts_rdq == NULL)) {
703 		DBG(("in master write srv proc but no slave\n"));
704 		/*
705 		 * Free messages on the write queue and send
706 		 * NAK for any M_IOCTL type messages to wakeup
707 		 * the user process waiting for ACK/NAK from
708 		 * the ioctl invocation
709 		 */
710 		do {
711 			if (mp->b_datap->db_type == M_IOCTL)
712 				miocnak(qp, mp, 0, EINVAL);
713 			else
714 				freemsg(mp);
715 		} while ((mp = getq(qp)) != NULL);
716 		flushq(qp, FLUSHALL);
717 
718 		mp = mexchange(NULL, NULL, 2, M_ERROR, -1);
719 		if (mp != NULL) {
720 			mp->b_rptr[0] = NOERROR;
721 			mp->b_rptr[1] = EINVAL;
722 			qreply(qp, mp);
723 		}
724 		PT_EXIT_READ(ptmp);
725 		return;
726 	}
727 	/*
728 	 * while there are messages on this write queue...
729 	 */
730 	do {
731 		/*
732 		 * if don't have control message and cannot put
733 		 * msg. on slave's read queue, put it back on
734 		 * this queue.
735 		 */
736 		if (mp->b_datap->db_type <= QPCTL &&
737 		    !bcanputnext(ptmp->pts_rdq, mp->b_band)) {
738 			DBG(("put msg. back on queue\n"));
739 			(void) putbq(qp, mp);
740 			break;
741 		}
742 		/*
743 		 * else send the message up slave's stream
744 		 */
745 		DBG(("send message to slave\n"));
746 		putnext(ptmp->pts_rdq, mp);
747 	} while ((mp = getq(qp)) != NULL);
748 	DBG(("leaving ptmwsrv\n"));
749 	PT_EXIT_READ(ptmp);
750 }
751