xref: /titanic_50/usr/src/uts/common/io/tty_pts.c (revision 5a57ddbbc80b8fbfbb5b30c31ccbca268c5c056d)
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 1983 Regents of the University of California.
8  * All rights reserved. The Berkeley software License Agreement
9  * specifies the terms and conditions for redistribution.
10  */
11 
12 /*
13  * PTY - Stream "pseudo-tty" device.
14  * This is the "slave" side.
15  */
16 
17 
18 #include <sys/param.h>
19 #include <sys/systm.h>
20 #include <sys/filio.h>
21 #include <sys/ioccom.h>
22 #include <sys/termios.h>
23 #include <sys/termio.h>
24 #include <sys/ttold.h>
25 #include <sys/stropts.h>
26 #include <sys/stream.h>
27 #include <sys/strsun.h>
28 #include <sys/tty.h>
29 #include <sys/user.h>
30 #include <sys/conf.h>
31 #include <sys/file.h>
32 #include <sys/vnode.h>	/* 1/0 on the vomit meter */
33 #include <sys/proc.h>
34 #include <sys/uio.h>
35 #include <sys/errno.h>
36 #include <sys/strsubr.h>
37 #include <sys/poll.h>
38 #include <sys/sysmacros.h>
39 #include <sys/debug.h>
40 #include <sys/procset.h>
41 #include <sys/cred.h>
42 #include <sys/ptyvar.h>
43 #include <sys/suntty.h>
44 #include <sys/stat.h>
45 #include <sys/policy.h>
46 
47 #include <sys/conf.h>
48 #include <sys/ddi.h>
49 #include <sys/sunddi.h>
50 
51 extern void gsignal(int pid, int sig);
52 
53 extern	int npty;	/* number of pseudo-ttys configured in */
54 extern struct pty *pty_softc;
55 
56 extern struct pollhead	ptcph;	/* poll head for ptcpoll() use */
57 
58 #define	IFLAGS	(CS7|CREAD|PARENB)
59 
60 
61 /*
62  * Most of these should be "void", but the people who defined the "streams"
63  * data structure for S5 didn't understand data types.
64  */
65 
66 /*
67  * Slave side.  This is a streams device.
68  */
69 static int ptslopen(queue_t *, dev_t *, int flag, int, cred_t *);
70 static int ptslclose(queue_t *, int, cred_t *);
71 static int ptslrserv(queue_t *);
72 
73 /*
74  * To save instructions, since STREAMS ignores the return value
75  * from this function, it is defined as void here. Kind of icky, but...
76  */
77 
78 static void ptslwput(queue_t *q, mblk_t *mp);
79 
80 static struct module_info ptslm_info = {
81 	0,
82 	"ptys",
83 	0,
84 	INFPSZ,
85 	2048,
86 	200
87 };
88 
89 static struct qinit ptslrinit = {
90 	putq,
91 	ptslrserv,
92 	ptslopen,
93 	ptslclose,
94 	NULL,
95 	&ptslm_info,
96 	NULL
97 };
98 
99 static struct qinit ptslwinit = {
100 	(int (*)())ptslwput,
101 	NULL,
102 	NULL,
103 	NULL,
104 	NULL,
105 	&ptslm_info,
106 	NULL
107 };
108 
109 struct	streamtab ptysinfo = {
110 	&ptslrinit,
111 	&ptslwinit,
112 	NULL,
113 	NULL
114 };
115 
116 static void	ptslreioctl(void *);
117 static void	ptslioctl(struct pty *, queue_t *, mblk_t *);
118 static void	pt_sendstop(struct pty *);
119 static void	ptcpollwakeup(struct pty *, int);
120 
121 
122 static int ptsl_info(dev_info_t *, ddi_info_cmd_t, void *, void **);
123 static int ptsl_attach(dev_info_t *, ddi_attach_cmd_t);
124 static dev_info_t *ptsl_dip;	/* for dev-to-dip conversions */
125 
126 DDI_DEFINE_STREAM_OPS(ptsl_ops, nulldev, nulldev,
127     ptsl_attach, nodev, nodev, ptsl_info, D_MP, &ptysinfo,
128     ddi_quiesce_not_supported);
129 
130 #include <sys/types.h>
131 #include <sys/conf.h>
132 #include <sys/param.h>
133 #include <sys/systm.h>
134 #include <sys/errno.h>
135 #include <sys/modctl.h>
136 
137 char _depends_on[] = "drv/ptc";
138 
139 /*
140  * Module linkage information for the kernel.
141  */
142 
143 static struct modldrv modldrv = {
144 	&mod_driverops, /* Type of module.  This one is a pseudo driver */
145 	"tty pseudo driver slave 'ptsl'",
146 	&ptsl_ops,	/* driver ops */
147 };
148 
149 static struct modlinkage modlinkage = {
150 	MODREV_1,
151 	&modldrv,
152 	NULL
153 };
154 
155 int
156 _init(void)
157 {
158 	return (mod_install(&modlinkage));
159 }
160 
161 int
162 _fini(void)
163 {
164 	return (mod_remove(&modlinkage));
165 }
166 
167 int
168 _info(struct modinfo *modinfop)
169 {
170 	return (mod_info(&modlinkage, modinfop));
171 }
172 
173 static char	*tty_banks = PTY_BANKS;
174 static char	*tty_digits = PTY_DIGITS;
175 
176 /* ARGSUSED */
177 static int
178 ptsl_attach(dev_info_t *devi, ddi_attach_cmd_t cmd)
179 {
180 	char	name[8];
181 	int	tty_num;
182 	char	*tty_digit = tty_digits;
183 	char	*tty_bank = tty_banks;
184 
185 	for (tty_num = 0; tty_num < npty; tty_num++) {
186 		(void) sprintf(name, "tty%c%c", *tty_bank, *tty_digit);
187 		if (ddi_create_minor_node(devi, name, S_IFCHR,
188 		    tty_num, DDI_PSEUDO, NULL) == DDI_FAILURE) {
189 			ddi_remove_minor_node(devi, NULL);
190 			return (-1);
191 		}
192 		if (*(++tty_digit) == '\0') {
193 			tty_digit = tty_digits;
194 			if (*(++tty_bank) == '\0')
195 				break;
196 		}
197 	}
198 	ptsl_dip = devi;
199 	return (DDI_SUCCESS);
200 }
201 
202 /* ARGSUSED */
203 static int
204 ptsl_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg,
205     void **result)
206 {
207 	int error;
208 
209 	switch (infocmd) {
210 	case DDI_INFO_DEVT2DEVINFO:
211 		if (ptsl_dip == NULL) {
212 			error = DDI_FAILURE;
213 		} else {
214 			*result = (void *)ptsl_dip;
215 			error = DDI_SUCCESS;
216 		}
217 		break;
218 	case DDI_INFO_DEVT2INSTANCE:
219 		*result = (void *)0;
220 		error = DDI_SUCCESS;
221 		break;
222 	default:
223 		error = DDI_FAILURE;
224 	}
225 	return (error);
226 }
227 
228 
229 /*
230  * Open the slave side of a pty.
231  */
232 /*ARGSUSED*/
233 static int
234 ptslopen(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *cred)
235 {
236 	minor_t unit;
237 	dev_t dev = *devp;
238 	struct pty *pty;
239 
240 	unit = getminor(dev);
241 	if (unit >= npty)
242 		return (ENXIO);
243 
244 	pty = &pty_softc[unit];
245 
246 	mutex_enter(&pty->ptc_lock);
247 	/*
248 	 * Block waiting for controller to open, unless this is a no-delay
249 	 * open.
250 	 */
251 again:
252 	if (pty->pt_ttycommon.t_writeq == NULL) {
253 		pty->pt_ttycommon.t_iflag = 0;
254 		pty->pt_ttycommon.t_cflag = (B38400 << IBSHIFT)|B38400|IFLAGS;
255 		pty->pt_ttycommon.t_iocpending = NULL;
256 		pty->pt_wbufcid = 0;
257 		pty->pt_ttycommon.t_size.ws_row = 0;
258 		pty->pt_ttycommon.t_size.ws_col = 0;
259 		pty->pt_ttycommon.t_size.ws_xpixel = 0;
260 		pty->pt_ttycommon.t_size.ws_ypixel = 0;
261 	} else if ((pty->pt_ttycommon.t_flags & TS_XCLUDE) &&
262 	    secpolicy_excl_open(cred) != 0) {
263 		mutex_exit(&pty->ptc_lock);
264 		return (EBUSY);
265 	}
266 	if (!(flag & (FNONBLOCK|FNDELAY)) &&
267 	    !(pty->pt_ttycommon.t_cflag & CLOCAL)) {
268 		if (!(pty->pt_flags & PF_CARR_ON)) {
269 			pty->pt_flags |= PF_WOPEN;
270 			if (!cv_wait_sig(&pty->pt_cv_flags, &pty->ptc_lock)) {
271 				pty->pt_flags &= ~PF_WOPEN;
272 				mutex_exit(&pty->ptc_lock);
273 				return (EINTR);
274 			}
275 			goto again;
276 		}
277 	}
278 
279 	/*
280 	 * queue has already been setup with a pointer to
281 	 * the stream head that is being referenced
282 	 */
283 	pty->pt_vnode = strq2vp(q);
284 	VN_RELE(pty->pt_vnode);
285 	pty->pt_sdev = dev;
286 	q->q_ptr = WR(q)->q_ptr = pty;
287 	pty->pt_flags &= ~PF_SLAVEGONE;
288 	pty->pt_ttycommon.t_readq = pty->pt_ttycommon.t_writeq = NULL;
289 
290 	/*
291 	 * Slave is ready to accept messages but master still can't send
292 	 * messages to the slave queue since it is not plumbed
293 	 * yet. So do qprocson() and finish slave initialization.
294 	 */
295 
296 	mutex_exit(&pty->ptc_lock);
297 
298 	qprocson(q);
299 
300 	/*
301 	 * Now it is safe to send messages to q, so wakeup master possibly
302 	 * waiting for slave queue to finish open.
303 	 */
304 	mutex_enter(&pty->ptc_lock);
305 	pty->pt_ttycommon.t_readq = q;
306 	pty->pt_ttycommon.t_writeq = WR(q);
307 	/* tell master device that slave is ready for writing */
308 	if (pty->pt_flags & PF_CARR_ON)
309 		cv_broadcast(&pty->pt_cv_readq);
310 	mutex_exit(&pty->ptc_lock);
311 
312 	return (0);
313 }
314 
315 static int
316 ptslclose(queue_t *q, int flag, cred_t *cred)
317 {
318 	struct pty *pty;
319 	bufcall_id_t pt_wbufcid = 0;
320 
321 #ifdef lint
322 	flag = flag;
323 	cred = cred;
324 #endif
325 
326 	if ((pty = (struct pty *)q->q_ptr) == NULL)
327 		return (ENODEV);	/* already been closed once */
328 
329 	/*
330 	 * Prevent the queues from being uses by master device.
331 	 * This should be done before qprocsoff or writer may attempt
332 	 * to use the slave queue after qprocsoff removed it from the stream and
333 	 * before entering mutex_enter().
334 	 */
335 	mutex_enter(&pty->ptc_lock);
336 	pty->pt_ttycommon.t_readq = NULL;
337 	pty->pt_ttycommon.t_writeq = NULL;
338 	mutex_exit(&pty->ptc_lock);
339 
340 	qprocsoff(q);
341 
342 	mutex_enter(&pty->ptc_lock);
343 
344 	while (pty->pt_flags & PF_IOCTL) {
345 		pty->pt_flags |= PF_WAIT;
346 		cv_wait(&pty->pt_cv_flags, &pty->ptc_lock);
347 	}
348 
349 	/*
350 	 * ptc_lock mutex is not dropped across
351 	 * the call to the routine ttycommon_close
352 	 */
353 	ttycommon_close(&pty->pt_ttycommon);
354 
355 	/*
356 	 * Cancel outstanding "bufcall" request.
357 	 */
358 	if (pty->pt_wbufcid) {
359 		pt_wbufcid = pty->pt_wbufcid;
360 		pty->pt_wbufcid = 0;
361 	}
362 
363 	/*
364 	 * Clear out all the slave-side state.
365 	 */
366 	pty->pt_flags &= ~(PF_WOPEN|PF_STOPPED|PF_NOSTOP);
367 	if (pty->pt_flags & PF_CARR_ON) {
368 		pty->pt_flags |= PF_SLAVEGONE;	/* let the controller know */
369 		ptcpollwakeup(pty, 0);	/* wake up readers/selectors */
370 		ptcpollwakeup(pty, FWRITE);	/* wake up writers/selectors */
371 		cv_broadcast(&pty->pt_cv_flags);
372 	}
373 	pty->pt_vnode = NULL;
374 	pty->pt_sdev = 0;
375 	q->q_ptr = WR(q)->q_ptr = NULL;
376 	mutex_exit(&pty->ptc_lock);
377 
378 	if (pt_wbufcid)
379 		unbufcall(pt_wbufcid);
380 
381 	return (0);
382 }
383 
384 /*
385  * Put procedure for write queue.
386  * Respond to M_STOP, M_START, M_IOCTL, and M_FLUSH messages here;
387  * queue up M_DATA messages for processing by the controller "read"
388  * routine; discard everything else.
389  */
390 static void
391 ptslwput(queue_t *q, mblk_t *mp)
392 {
393 	struct pty *pty;
394 	mblk_t *bp;
395 
396 	pty = (struct pty *)q->q_ptr;
397 
398 	mutex_enter(&pty->ptc_lock);
399 
400 	switch (mp->b_datap->db_type) {
401 
402 	case M_STOP:
403 		if (!(pty->pt_flags & PF_STOPPED)) {
404 			pty->pt_flags |= PF_STOPPED;
405 			pty->pt_send |= TIOCPKT_STOP;
406 			ptcpollwakeup(pty, 0);
407 		}
408 		freemsg(mp);
409 		break;
410 
411 	case M_START:
412 		if (pty->pt_flags & PF_STOPPED) {
413 			pty->pt_flags &= ~PF_STOPPED;
414 			pty->pt_send = TIOCPKT_START;
415 			ptcpollwakeup(pty, 0);
416 		}
417 		ptcpollwakeup(pty, FREAD);	/* permit controller to read */
418 		freemsg(mp);
419 		break;
420 
421 	case M_IOCTL:
422 		ptslioctl(pty, q, mp);
423 		break;
424 
425 	case M_FLUSH:
426 		if (*mp->b_rptr & FLUSHW) {
427 			/*
428 			 * Set the "flush write" flag, so that we
429 			 * notify the controller if they're in packet
430 			 * or user control mode.
431 			 */
432 			if (!(pty->pt_send & TIOCPKT_FLUSHWRITE)) {
433 				pty->pt_send |= TIOCPKT_FLUSHWRITE;
434 				ptcpollwakeup(pty, 0);
435 			}
436 			/*
437 			 * Flush our write queue.
438 			 */
439 			flushq(q, FLUSHDATA);	/* XXX doesn't flush M_DELAY */
440 			*mp->b_rptr &= ~FLUSHW;	/* it has been flushed */
441 		}
442 		if (*mp->b_rptr & FLUSHR) {
443 			/*
444 			 * Set the "flush read" flag, so that we
445 			 * notify the controller if they're in packet
446 			 * mode.
447 			 */
448 			if (!(pty->pt_send & TIOCPKT_FLUSHREAD)) {
449 				pty->pt_send |= TIOCPKT_FLUSHREAD;
450 				ptcpollwakeup(pty, 0);
451 			}
452 			flushq(RD(q), FLUSHDATA);
453 			mutex_exit(&pty->ptc_lock);
454 			qreply(q, mp);	/* give the read queues a crack at it */
455 			return;
456 		} else
457 			freemsg(mp);
458 		break;
459 
460 	case M_DATA:
461 		/*
462 		 * Throw away any leading zero-length blocks, and queue it up
463 		 * for the controller to read.
464 		 */
465 		if (pty->pt_flags & PF_CARR_ON) {
466 			bp = mp;
467 			while ((bp->b_wptr - bp->b_rptr) == 0) {
468 				mp = bp->b_cont;
469 				freeb(bp);
470 				if (mp == NULL) {
471 					mutex_exit(&pty->ptc_lock);
472 					return;	/* damp squib of a message */
473 				}
474 				bp = mp;
475 			}
476 			(void) putq(q, mp);
477 			ptcpollwakeup(pty, FREAD);	/* soup's on! */
478 		} else
479 			freemsg(mp);	/* nobody listening */
480 		break;
481 
482 	case M_CTL:
483 		if ((*(int *)mp->b_rptr) == MC_CANONQUERY) {
484 			/*
485 			 * We're being asked whether we do canonicalization
486 			 * or not.  Send a reply back up indicating whether
487 			 * we do or not.
488 			 */
489 			(void) putctl1(RD(q), M_CTL,
490 			    (pty->pt_flags & PF_REMOTE) ?
491 			    MC_NOCANON : MC_DOCANON);
492 		}
493 		freemsg(mp);
494 		break;
495 
496 	default:
497 		/*
498 		 * "No, I don't want a subscription to Chain Store Age,
499 		 * thank you anyway."
500 		 */
501 		freemsg(mp);
502 		break;
503 	}
504 	mutex_exit(&pty->ptc_lock);
505 }
506 
507 /*
508  * Retry an "ioctl", now that "bufcall" claims we may be able to allocate
509  * the buffer we need.
510  */
511 static void
512 ptslreioctl(void *arg)
513 {
514 	struct pty *pty = arg;
515 	queue_t *q;
516 	mblk_t *mp;
517 
518 	mutex_enter(&pty->ptc_lock);
519 	/*
520 	 * The bufcall is no longer pending.
521 	 */
522 	if (pty->pt_wbufcid == 0) {
523 		mutex_exit(&pty->ptc_lock);
524 		return;
525 	}
526 
527 	pty->pt_wbufcid = 0;
528 	if ((q = pty->pt_ttycommon.t_writeq) == NULL) {
529 		mutex_exit(&pty->ptc_lock);
530 		return;
531 	}
532 	if ((mp = pty->pt_ttycommon.t_iocpending) != NULL) {
533 		/* It's not pending any more. */
534 		pty->pt_ttycommon.t_iocpending = NULL;
535 		ptslioctl(pty, q, mp);
536 	}
537 	mutex_exit(&pty->ptc_lock);
538 }
539 
540 /*
541  * Process an "ioctl" message sent down to us.
542  * Drops pty's ptc_lock mutex and then reacquire
543  */
544 static void
545 ptslioctl(struct pty *pty, queue_t *q, mblk_t *mp)
546 {
547 	struct iocblk *iocp;
548 	int cmd;
549 	size_t datasize;
550 	int error = 0;
551 
552 	ASSERT(MUTEX_HELD(&pty->ptc_lock));
553 
554 	iocp = (struct iocblk *)mp->b_rptr;
555 	cmd = iocp->ioc_cmd;
556 
557 	switch (cmd) {
558 
559 	case TIOCSTI: {
560 		/*
561 		 * The permission checking has already been done at the stream
562 		 * head, since it has to be done in the context of the process
563 		 * doing the call.
564 		 */
565 		mblk_t *bp;
566 
567 		error = miocpullup(mp, sizeof (char));
568 		if (error != 0)
569 			goto out;
570 
571 		/*
572 		 * Simulate typing of a character at the terminal.
573 		 */
574 		if ((bp = allocb(1, BPRI_MED)) != NULL) {
575 			*bp->b_wptr++ = *mp->b_cont->b_rptr;
576 			if (!(pty->pt_flags & PF_REMOTE)) {
577 				if (!canput(pty->pt_ttycommon.t_readq)) {
578 					mutex_exit(&pty->ptc_lock);
579 					ttycommon_qfull(&pty->pt_ttycommon, q);
580 					mutex_enter(&pty->ptc_lock);
581 					freemsg(bp);
582 					error = EAGAIN;
583 					goto out;
584 				} else
585 					(void) putq(
586 					    pty->pt_ttycommon.t_readq, bp);
587 			} else {
588 				if (pty->pt_flags & PF_UCNTL) {
589 					/*
590 					 * XXX - flow control; don't overflow
591 					 * this "queue".
592 					 */
593 					if (pty->pt_stuffqfirst != NULL) {
594 						pty->pt_stuffqlast->b_next = bp;
595 						bp->b_prev = pty->pt_stuffqlast;
596 					} else {
597 						pty->pt_stuffqfirst = bp;
598 						bp->b_prev = NULL;
599 					}
600 					bp->b_next = NULL;
601 					pty->pt_stuffqlast = bp;
602 					pty->pt_stuffqlen++;
603 					ptcpollwakeup(pty, 0);
604 				}
605 			}
606 		} else {
607 			error = EAGAIN;
608 			goto out;
609 		}
610 
611 		/*
612 		 * Turn the ioctl message into an ioctl ACK message.
613 		 */
614 		iocp->ioc_count = 0;	/* no data returned */
615 		mp->b_datap->db_type = M_IOCACK;
616 		goto out;
617 	}
618 
619 	case TIOCSSIZE: {
620 		tty_common_t *tc = &pty->pt_ttycommon;
621 		struct ttysize *tp;
622 
623 		error = miocpullup(mp, sizeof (struct ttysize));
624 		if (error != 0)
625 			goto out;
626 
627 		/*
628 		 * Set the window size, but don't send a SIGWINCH.
629 		 */
630 		tp = (struct ttysize *)mp->b_cont->b_rptr;
631 		tc->t_size.ws_row = tp->ts_lines;
632 		tc->t_size.ws_col = tp->ts_cols;
633 		tc->t_size.ws_xpixel = 0;
634 		tc->t_size.ws_ypixel = 0;
635 
636 		/*
637 		 * Send an ACK back.
638 		 */
639 		iocp->ioc_count = 0;	/* no data returned */
640 		mp->b_datap->db_type = M_IOCACK;
641 		goto out;
642 	}
643 
644 	case TIOCGSIZE: {
645 		tty_common_t *tc = &pty->pt_ttycommon;
646 		mblk_t *datap;
647 		struct ttysize *tp;
648 
649 		if ((datap = allocb(sizeof (struct ttysize),
650 		    BPRI_HI)) == NULL) {
651 			if (pty->pt_wbufcid) {
652 				if (pty->pt_ttycommon.t_iocpending)
653 					freemsg(pty->pt_ttycommon.t_iocpending);
654 				pty->pt_ttycommon.t_iocpending = mp;
655 				return;
656 			}
657 			pty->pt_wbufcid = bufcall(sizeof (struct ttysize),
658 			    BPRI_HI, ptslreioctl, pty);
659 			if (pty->pt_wbufcid == 0) {
660 				error = ENOMEM;
661 				goto out;
662 			}
663 			pty->pt_ttycommon.t_iocpending = mp;
664 			return;
665 		}
666 		/*
667 		 * Return the current size.
668 		 */
669 		tp = (struct ttysize *)datap->b_wptr;
670 		tp->ts_lines = tc->t_size.ws_row;
671 		tp->ts_cols = tc->t_size.ws_col;
672 		datap->b_wptr += sizeof (struct ttysize);
673 		iocp->ioc_count = sizeof (struct ttysize);
674 
675 		if (mp->b_cont != NULL)
676 			freemsg(mp->b_cont);
677 		mp->b_cont = datap;
678 		mp->b_datap->db_type = M_IOCACK;
679 		goto out;
680 	}
681 
682 	/*
683 	 * Imported from ttycommon_ioctl routine
684 	 */
685 
686 	case TCSETSF: {
687 		tty_common_t *tc = &pty->pt_ttycommon;
688 		struct termios *cb;
689 
690 		error = miocpullup(mp, sizeof (struct termios));
691 		if (error != 0)
692 			goto out;
693 
694 		cb = (struct termios *)mp->b_cont->b_rptr;
695 
696 		flushq(RD(q), FLUSHDATA);
697 		mutex_exit(&pty->ptc_lock);
698 		(void) putnextctl1(RD(q), M_FLUSH, FLUSHR);
699 		mutex_enter(&pty->ptc_lock);
700 		mutex_enter(&tc->t_excl);
701 		tc->t_iflag = cb->c_iflag;
702 		tc->t_cflag = cb->c_cflag;
703 		tc->t_stopc = cb->c_cc[VSTOP];
704 		tc->t_startc = cb->c_cc[VSTART];
705 		mutex_exit(&tc->t_excl);
706 
707 		/*
708 		 * Turn the ioctl message into an ioctl ACK message.
709 		 */
710 		iocp->ioc_count = 0;	/* no data returned */
711 		mp->b_datap->db_type = M_IOCACK;
712 		goto ioctldone;
713 	}
714 
715 	case TCSETAF: {
716 		tty_common_t *tc = &pty->pt_ttycommon;
717 		struct termios *cb;
718 
719 		error = miocpullup(mp, sizeof (struct termios));
720 		if (error != 0)
721 			goto out;
722 
723 		cb = (struct termios *)mp->b_cont->b_rptr;
724 
725 		flushq(RD(q), FLUSHDATA);
726 		mutex_exit(&pty->ptc_lock);
727 		(void) putnextctl1(RD(q), M_FLUSH, FLUSHR);
728 		mutex_enter(&pty->ptc_lock);
729 		mutex_enter(&tc->t_excl);
730 		tc->t_iflag = (tc->t_iflag & 0xffff0000 | cb->c_iflag);
731 		tc->t_cflag = (tc->t_cflag & 0xffff0000 | cb->c_cflag);
732 		mutex_exit(&tc->t_excl);
733 
734 		/*
735 		 * Turn the ioctl message into an ioctl ACK message.
736 		 */
737 		iocp->ioc_count = 0;	/* no data returned */
738 		mp->b_datap->db_type = M_IOCACK;
739 		goto ioctldone;
740 	}
741 
742 	case TIOCSWINSZ: {
743 		tty_common_t *tc = &pty->pt_ttycommon;
744 		struct winsize *ws;
745 
746 		error = miocpullup(mp, sizeof (struct winsize));
747 		if (error != 0)
748 			goto out;
749 
750 		ws = (struct winsize *)mp->b_cont->b_rptr;
751 		/*
752 		 * If the window size changed, send a SIGWINCH.
753 		 */
754 		mutex_enter(&tc->t_excl);
755 		if (bcmp(&tc->t_size, ws, sizeof (struct winsize))) {
756 			tc->t_size = *ws;
757 			mutex_exit(&tc->t_excl);
758 			mutex_exit(&pty->ptc_lock);
759 			(void) putnextctl1(RD(q), M_PCSIG, SIGWINCH);
760 			mutex_enter(&pty->ptc_lock);
761 		} else
762 			mutex_exit(&tc->t_excl);
763 
764 		/*
765 		 * Turn the ioctl message into an ioctl ACK message.
766 		 */
767 		iocp->ioc_count = 0;	/* no data returned */
768 		mp->b_datap->db_type = M_IOCACK;
769 		goto ioctldone;
770 	}
771 
772 	/*
773 	 * If they were just trying to drain output, that's OK.
774 	 * If they are actually trying to send a break it's an error.
775 	 */
776 	case TCSBRK:
777 		error = miocpullup(mp, sizeof (int));
778 		if (error != 0)
779 			goto out;
780 
781 		if (*(int *)mp->b_cont->b_rptr != 0) {
782 			/*
783 			 * Turn the ioctl message into an ioctl ACK message.
784 			 */
785 			iocp->ioc_count = 0;	/* no data returned */
786 			mp->b_datap->db_type = M_IOCACK;
787 		} else {
788 			error = ENOTTY;
789 		}
790 		goto out;
791 	}
792 
793 	/*
794 	 * The only way in which "ttycommon_ioctl" can fail is if the "ioctl"
795 	 * requires a response containing data to be returned to the user,
796 	 * and no mblk could be allocated for the data.
797 	 * No such "ioctl" alters our state.  Thus, we always go ahead and
798 	 * do any state-changes the "ioctl" calls for.  If we couldn't allocate
799 	 * the data, "ttycommon_ioctl" has stashed the "ioctl" away safely, so
800 	 * we just call "bufcall" to request that we be called back when we
801 	 * stand a better chance of allocating the data.
802 	 */
803 	if ((datasize =
804 	    ttycommon_ioctl(&pty->pt_ttycommon, q, mp, &error)) != 0) {
805 		if (pty->pt_wbufcid) {
806 			if (pty->pt_ttycommon.t_iocpending)
807 				freemsg(pty->pt_ttycommon.t_iocpending);
808 			pty->pt_ttycommon.t_iocpending = mp;
809 			return;
810 		}
811 		pty->pt_wbufcid = bufcall(datasize, BPRI_HI, ptslreioctl, pty);
812 		if (pty->pt_wbufcid == 0) {
813 			error = ENOMEM;
814 			goto out;
815 		}
816 		pty->pt_ttycommon.t_iocpending = mp;
817 		return;
818 	}
819 
820 ioctldone:
821 	if (error == 0) {
822 		/*
823 		 * "ttycommon_ioctl" did most of the work; we just use the
824 		 * data it set up.
825 		 */
826 		switch (cmd) {
827 
828 		case TCSETSF:
829 		case TCSETAF:
830 			/*
831 			 * Set the "flush read" flag, so that we
832 			 * notify the controller if they're in packet
833 			 * mode.
834 			 */
835 			if (!(pty->pt_send & TIOCPKT_FLUSHREAD)) {
836 				pty->pt_send |= TIOCPKT_FLUSHREAD;
837 				ptcpollwakeup(pty, 0);
838 			}
839 			/*FALLTHROUGH*/
840 
841 		case TCSETSW:
842 		case TCSETAW:
843 			cmd = TIOCSETP;	/* map backwards to old codes */
844 			pt_sendstop(pty);
845 			break;
846 
847 		case TCSETS:
848 		case TCSETA:
849 			cmd = TIOCSETN;	/* map backwards to old codes */
850 			pt_sendstop(pty);
851 			break;
852 		}
853 	}
854 
855 	if (pty->pt_flags & PF_43UCNTL) {
856 		if (error < 0) {
857 			if ((cmd & ~0xff) == _IO('u', 0)) {
858 				if (cmd & 0xff) {
859 					pty->pt_ucntl = (uchar_t)cmd & 0xff;
860 					ptcpollwakeup(pty, FREAD);
861 				}
862 				error = 0; /* XXX */
863 				goto out;
864 			}
865 			error = ENOTTY;
866 		}
867 	} else {
868 		if ((pty->pt_flags & PF_UCNTL) &&
869 		    (cmd & (IOC_INOUT | 0xff00)) == (IOC_IN|('t'<<8)) &&
870 		    (cmd & 0xff)) {
871 			pty->pt_ucntl = (uchar_t)cmd & 0xff;
872 			ptcpollwakeup(pty, FREAD);
873 			goto out;
874 		}
875 		if (error < 0)
876 			error = ENOTTY;
877 	}
878 
879 out:
880 	if (error != 0) {
881 		((struct iocblk *)mp->b_rptr)->ioc_error = error;
882 		mp->b_datap->db_type = M_IOCNAK;
883 	}
884 
885 	mutex_exit(&pty->ptc_lock);
886 	qreply(q, mp);
887 	mutex_enter(&pty->ptc_lock);
888 }
889 
890 /*
891  * Service routine for read queue.
892  * Just wakes the controller side up so it can write some more data
893  * to that queue.
894  */
895 static int
896 ptslrserv(queue_t *q)
897 {
898 	struct pty *pty = (struct pty *)q->q_ptr;
899 	mblk_t *mp;
900 	mblk_t *head = NULL, *tail = NULL;
901 	/*
902 	 * Build up the link list of messages, then drop
903 	 * drop the lock and do putnext()
904 	 */
905 	mutex_enter(&pty->ptc_lock);
906 
907 	while ((mp = getq(q)) != NULL) {
908 		if ((mp->b_datap->db_type < QPCTL) && !canputnext(q)) {
909 			(void) putbq(q, mp);
910 			break;
911 		}
912 		if (!head) {
913 			head = mp;
914 			tail = mp;
915 		} else {
916 			tail->b_next = mp;
917 			tail = mp;
918 		}
919 	}
920 
921 	if (q->q_count <= q->q_lowat)
922 		ptcpollwakeup((struct pty *)q->q_ptr, FWRITE);
923 
924 	mutex_exit(&pty->ptc_lock);
925 
926 	while (head) {
927 		mp = head;
928 		head = mp->b_next;
929 		mp->b_next = NULL;
930 		putnext(q, mp);
931 	}
932 
933 	return (0);
934 }
935 
936 static void
937 pt_sendstop(struct pty *pty)
938 {
939 	int stop;
940 
941 	ASSERT(MUTEX_HELD(&pty->ptc_lock));
942 
943 	if ((pty->pt_ttycommon.t_cflag&CBAUD) == 0) {
944 		if (pty->pt_flags & PF_CARR_ON) {
945 			/*
946 			 * Let the controller know, then wake up
947 			 * readers/selectors and writers/selectors.
948 			 */
949 			pty->pt_flags |= PF_SLAVEGONE;
950 			ptcpollwakeup(pty, 0);
951 			ptcpollwakeup(pty, FWRITE);
952 		}
953 	}
954 
955 	stop = (pty->pt_ttycommon.t_iflag & IXON) &&
956 	    pty->pt_ttycommon.t_stopc == CTRL('s') &&
957 	    pty->pt_ttycommon.t_startc == CTRL('q');
958 
959 	if (pty->pt_flags & PF_NOSTOP) {
960 		if (stop) {
961 			pty->pt_send &= ~TIOCPKT_NOSTOP;
962 			pty->pt_send |= TIOCPKT_DOSTOP;
963 			pty->pt_flags &= ~PF_NOSTOP;
964 			ptcpollwakeup(pty, 0);
965 		}
966 	} else {
967 		if (!stop) {
968 			pty->pt_send &= ~TIOCPKT_DOSTOP;
969 			pty->pt_send |= TIOCPKT_NOSTOP;
970 			pty->pt_flags |= PF_NOSTOP;
971 			ptcpollwakeup(pty, 0);
972 		}
973 	}
974 }
975 
976 /*
977  * Wake up controller side.  "flag" is 0 if a special packet or
978  * user control mode message has been queued up (this data is readable,
979  * so we also treat it as a regular data event; should we send SIGIO,
980  * though?), FREAD if regular data has been queued up, or FWRITE if
981  * the slave's read queue has drained sufficiently to allow writing.
982  */
983 static void
984 ptcpollwakeup(struct pty *pty, int flag)
985 {
986 	ASSERT(MUTEX_HELD(&pty->ptc_lock));
987 
988 	if (flag == 0) {
989 		/*
990 		 * "Exceptional condition" occurred.  This means that
991 		 * a "read" is now possible, so do a "read" wakeup.
992 		 */
993 		flag = FREAD;
994 		pollwakeup(&ptcph, POLLIN | POLLRDBAND);
995 		if (pty->pt_flags & PF_ASYNC)
996 			gsignal(pty->pt_pgrp, SIGURG);
997 	}
998 	if (flag & FREAD) {
999 		/*
1000 		 * Wake up the parent process as there is regular
1001 		 * data to read from slave's write queue
1002 		 */
1003 		pollwakeup(&ptcph, POLLIN | POLLRDNORM);
1004 		cv_broadcast(&pty->pt_cv_writeq);
1005 		if (pty->pt_flags & PF_ASYNC)
1006 			gsignal(pty->pt_pgrp, SIGIO);
1007 	}
1008 	if (flag & FWRITE) {
1009 		/*
1010 		 * Wake up the parent process to write
1011 		 * data into slave's read queue as the
1012 		 * read queue has drained enough
1013 		 */
1014 		pollwakeup(&ptcph, POLLOUT | POLLWRNORM);
1015 		cv_broadcast(&pty->pt_cv_readq);
1016 		if (pty->pt_flags & PF_ASYNC)
1017 			gsignal(pty->pt_pgrp, SIGIO);
1018 	}
1019 }
1020