xref: /titanic_52/usr/src/uts/common/io/ptm.c (revision 69112edd987c28fa551d4f8d9362a84a45365f17)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
26 /*	  All Rights Reserved  	*/
27 
28 
29 
30 /*
31  * Pseudo Terminal Master Driver.
32  *
33  * The pseudo-tty subsystem simulates a terminal connection, where the master
34  * side represents the terminal and the slave represents the user process's
35  * special device end point. The master device is set up as a cloned device
36  * where its major device number is the major for the clone device and its minor
37  * device number is the major for the ptm driver. There are no nodes in the file
38  * system for master devices. The master pseudo driver is opened using the
39  * open(2) system call with /dev/ptmx as the device parameter.  The clone open
40  * finds the next available minor device for the ptm major device.
41  *
42  * A master device is available only if it and its corresponding slave device
43  * are not already open. When the master device is opened, the corresponding
44  * slave device is automatically locked out. Only one open is allowed on a
45  * master device.  Multiple opens are allowed on the slave device.  After both
46  * the master and slave have been opened, the user has two file descriptors
47  * which are the end points of a full duplex connection composed of two streams
48  * which are automatically connected at the master and slave drivers. The user
49  * may then push modules onto either side of the stream pair.
50  *
51  * The master and slave drivers pass all messages to their adjacent queues.
52  * Only the M_FLUSH needs some processing.  Because the read queue of one side
53  * is connected to the write queue of the other, the FLUSHR flag is changed to
54  * the FLUSHW flag and vice versa. When the master device is closed an M_HANGUP
55  * message is sent to the slave device which will render the device
56  * unusable. The process on the slave side gets the EIO when attempting to write
57  * on that stream but it will be able to read any data remaining on the stream
58  * head read queue.  When all the data has been read, read() returns 0
59  * indicating that the stream can no longer be used.  On the last close of the
60  * slave device, a 0-length message is sent to the master device. When the
61  * application on the master side issues a read() or getmsg() and 0 is returned,
62  * the user of the master device decides whether to issue a close() that
63  * dismantles the pseudo-terminal subsystem. If the master device is not closed,
64  * the pseudo-tty subsystem will be available to another user to open the slave
65  * device.
66  *
67  * If O_NONBLOCK or O_NDELAY is set, read on the master side returns -1 with
68  * errno set to EAGAIN if no data is available, and write returns -1 with errno
69  * set to EAGAIN if there is internal flow control.
70  *
71  * IOCTLS:
72  *
73  *  ISPTM: determines whether the file descriptor is that of an open master
74  *	   device. Return code of zero indicates that the file descriptor
75  *	   represents master device.
76  *
77  *  UNLKPT: unlocks the master and slave devices.  It returns 0 on success. On
78  *	    failure, the errno is set to EINVAL indicating that the master
79  *	    device is not open.
80  *
81  *  ZONEPT: sets the zone membership of the associated pts device.
82  *
83  *  GRPPT:  sets the group owner of the associated pts device.
84  *
85  * Synchronization:
86  *
87  *   All global data synchronization between ptm/pts is done via global
88  *   ptms_lock mutex which is initialized at system boot time from
89  *   ptms_initspace (called from space.c).
90  *
91  *   Individual fields of pt_ttys structure (except ptm_rdq, pts_rdq and
92  *   pt_nullmsg) are protected by pt_ttys.pt_lock mutex.
93  *
94  *   PT_ENTER_READ/PT_ENTER_WRITE are reference counter based read-write locks
95  *   which allow reader locks to be reacquired by the same thread (usual
96  *   reader/writer locks can't be used for that purpose since it is illegal for
97  *   a thread to acquire a lock it already holds, even as a reader). The sole
98  *   purpose of these macros is to guarantee that the peer queue will not
99  *   disappear (due to closing peer) while it is used. It is safe to use
100  *   PT_ENTER_READ/PT_EXIT_READ brackets across calls like putq/putnext (since
101  *   they are not real locks but reference counts).
102  *
103  *   PT_ENTER_WRITE/PT_EXIT_WRITE brackets are used ONLY in master/slave
104  *   open/close paths to modify ptm_rdq and pts_rdq fields. These fields should
105  *   be set to appropriate queues *after* qprocson() is called during open (to
106  *   prevent peer from accessing the queue with incomplete plumbing) and set to
107  *   NULL before qprocsoff() is called during close.
108  *
109  *   The pt_nullmsg field is only used in open/close routines and it is also
110  *   protected by PT_ENTER_WRITE/PT_EXIT_WRITE brackets to avoid extra mutex
111  *   holds.
112  *
113  * Lock Ordering:
114  *
115  *   If both ptms_lock and per-pty lock should be held, ptms_lock should always
116  *   be entered first, followed by per-pty lock.
117  *
118  * See ptms.h, pts.c and ptms_conf.c for more information.
119  */
120 
121 #include <sys/types.h>
122 #include <sys/param.h>
123 #include <sys/file.h>
124 #include <sys/sysmacros.h>
125 #include <sys/stream.h>
126 #include <sys/stropts.h>
127 #include <sys/proc.h>
128 #include <sys/errno.h>
129 #include <sys/debug.h>
130 #include <sys/cmn_err.h>
131 #include <sys/ptms.h>
132 #include <sys/stat.h>
133 #include <sys/strsun.h>
134 #include <sys/systm.h>
135 #include <sys/modctl.h>
136 #include <sys/conf.h>
137 #include <sys/ddi.h>
138 #include <sys/sunddi.h>
139 #include <sys/zone.h>
140 
141 #ifdef DEBUG
142 int ptm_debug = 0;
143 #define	DBG(a)	 if (ptm_debug) cmn_err(CE_NOTE, a)
144 #else
145 #define	DBG(a)
146 #endif
147 
148 static int ptmopen(queue_t *, dev_t *, int, int, cred_t *);
149 static int ptmclose(queue_t *, int, cred_t *);
150 static void ptmwput(queue_t *, mblk_t *);
151 static void ptmrsrv(queue_t *);
152 static void ptmwsrv(queue_t *);
153 
154 /*
155  * Master Stream Pseudo Terminal Module: stream data structure definitions
156  */
157 
158 static struct module_info ptm_info = {
159 	0xdead,
160 	"ptm",
161 	0,
162 	512,
163 	512,
164 	128
165 };
166 
167 static struct qinit ptmrint = {
168 	NULL,
169 	(int (*)()) ptmrsrv,
170 	ptmopen,
171 	ptmclose,
172 	NULL,
173 	&ptm_info,
174 	NULL
175 };
176 
177 static struct qinit ptmwint = {
178 	(int (*)()) ptmwput,
179 	(int (*)()) ptmwsrv,
180 	NULL,
181 	NULL,
182 	NULL,
183 	&ptm_info,
184 	NULL
185 };
186 
187 static struct streamtab ptminfo = {
188 	&ptmrint,
189 	&ptmwint,
190 	NULL,
191 	NULL
192 };
193 
194 static int ptm_attach(dev_info_t *, ddi_attach_cmd_t);
195 static int ptm_detach(dev_info_t *, ddi_detach_cmd_t);
196 static int ptm_devinfo(dev_info_t *, ddi_info_cmd_t, void *, void **);
197 
198 static dev_info_t	*ptm_dip;		/* private devinfo pointer */
199 
200 /*
201  * this will define (struct cb_ops cb_ptm_ops) and (struct dev_ops ptm_ops)
202  */
203 DDI_DEFINE_STREAM_OPS(ptm_ops, nulldev, nulldev, ptm_attach, ptm_detach,
204     nodev, ptm_devinfo, D_MP, &ptminfo, ddi_quiesce_not_supported);
205 
206 /*
207  * Module linkage information for the kernel.
208  */
209 
210 static struct modldrv modldrv = {
211 	&mod_driverops, /* Type of module.  This one is a pseudo driver */
212 	"Master streams driver 'ptm'",
213 	&ptm_ops,	/* driver ops */
214 };
215 
216 static struct modlinkage modlinkage = {
217 	MODREV_1,
218 	&modldrv,
219 	NULL
220 };
221 
222 int
223 _init(void)
224 {
225 	int rc;
226 
227 	if ((rc = mod_install(&modlinkage)) == 0)
228 		ptms_init();
229 	return (rc);
230 }
231 
232 int
233 _fini(void)
234 {
235 	return (mod_remove(&modlinkage));
236 }
237 
238 int
239 _info(struct modinfo *modinfop)
240 {
241 	return (mod_info(&modlinkage, modinfop));
242 }
243 
244 static int
245 ptm_attach(dev_info_t *devi, ddi_attach_cmd_t cmd)
246 {
247 	if (cmd != DDI_ATTACH)
248 		return (DDI_FAILURE);
249 
250 	if (ddi_create_minor_node(devi, "ptmajor", S_IFCHR,
251 	    0, DDI_PSEUDO, NULL) == DDI_FAILURE) {
252 		ddi_remove_minor_node(devi, NULL);
253 		return (DDI_FAILURE);
254 	}
255 	if (ddi_create_minor_node(devi, "ptmx", S_IFCHR,
256 	    0, DDI_PSEUDO, CLONE_DEV) == DDI_FAILURE) {
257 		ddi_remove_minor_node(devi, NULL);
258 		return (DDI_FAILURE);
259 	}
260 	ptm_dip = devi;
261 
262 	return (DDI_SUCCESS);
263 }
264 
265 static int
266 ptm_detach(dev_info_t *devi, ddi_detach_cmd_t cmd)
267 {
268 	if (cmd != DDI_DETACH)
269 		return (DDI_FAILURE);
270 
271 	ddi_remove_minor_node(devi, NULL);
272 	return (DDI_SUCCESS);
273 }
274 
275 /*ARGSUSED*/
276 static int
277 ptm_devinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg,
278     void **result)
279 {
280 	int error;
281 
282 	switch (infocmd) {
283 	case DDI_INFO_DEVT2DEVINFO:
284 		if (ptm_dip == NULL) {
285 			error = DDI_FAILURE;
286 		} else {
287 			*result = (void *)ptm_dip;
288 			error = DDI_SUCCESS;
289 		}
290 		break;
291 	case DDI_INFO_DEVT2INSTANCE:
292 		*result = (void *)0;
293 		error = DDI_SUCCESS;
294 		break;
295 	default:
296 		error = DDI_FAILURE;
297 	}
298 	return (error);
299 }
300 
301 
302 /* ARGSUSED */
303 /*
304  * Open a minor of the master device. Store the write queue pointer and set the
305  * pt_state field to (PTMOPEN | PTLOCK).
306  * This code will work properly with both clone opens and direct opens of the
307  * master device.
308  */
309 static int
310 ptmopen(
311 	queue_t *rqp,		/* pointer to the read side queue */
312 	dev_t   *devp,		/* pointer to stream tail's dev */
313 	int	oflag,		/* the user open(2) supplied flags */
314 	int	sflag,		/* open state flag */
315 	cred_t  *credp)		/* credentials */
316 {
317 	struct pt_ttys	*ptmp;
318 	mblk_t		*mop;		/* ptr to a setopts message block */
319 	struct stroptions *sop;
320 	minor_t		dminor = getminor(*devp);
321 
322 	/* Allow reopen */
323 	if (rqp->q_ptr != NULL)
324 		return (0);
325 
326 	if (sflag & MODOPEN)
327 		return (ENXIO);
328 
329 	if (!(sflag & CLONEOPEN) && dminor != 0) {
330 		/*
331 		 * This is a direct open to specific master device through an
332 		 * artificially created entry with specific minor in
333 		 * /dev/directory. Such behavior is not supported.
334 		 */
335 		return (ENXIO);
336 	}
337 
338 	/*
339 	 * The master open requires that the slave be attached
340 	 * before it returns so that attempts to open the slave will
341 	 * succeeed
342 	 */
343 	if (ptms_attach_slave() != 0) {
344 		return (ENXIO);
345 	}
346 
347 	mop = allocb(sizeof (struct stroptions), BPRI_MED);
348 	if (mop == NULL) {
349 		DDBG("ptmopen(): mop allocation failed\n", 0);
350 		return (ENOMEM);
351 	}
352 
353 	if ((ptmp = pt_ttys_alloc()) == NULL) {
354 		DDBG("ptmopen(): pty allocation failed\n", 0);
355 		freemsg(mop);
356 		return (ENOMEM);
357 	}
358 
359 	dminor = ptmp->pt_minor;
360 
361 	DDBGP("ptmopen(): allocated ptmp %p\n", (uintptr_t)ptmp);
362 	DDBG("ptmopen(): allocated minor %d\n", dminor);
363 
364 	WR(rqp)->q_ptr = rqp->q_ptr = ptmp;
365 
366 	qprocson(rqp);
367 
368 	/* Allow slave to send messages to master */
369 	PT_ENTER_WRITE(ptmp);
370 	ptmp->ptm_rdq = rqp;
371 	PT_EXIT_WRITE(ptmp);
372 
373 	/*
374 	 * set up hi/lo water marks on stream head read queue
375 	 * and add controlling tty if not set
376 	 */
377 	mop->b_datap->db_type = M_SETOPTS;
378 	mop->b_wptr += sizeof (struct stroptions);
379 	sop = (struct stroptions *)mop->b_rptr;
380 	if (oflag & FNOCTTY)
381 		sop->so_flags = SO_HIWAT | SO_LOWAT;
382 	else
383 		sop->so_flags = SO_HIWAT | SO_LOWAT | SO_ISTTY;
384 	sop->so_hiwat = 512;
385 	sop->so_lowat = 256;
386 	putnext(rqp, mop);
387 
388 	/*
389 	 * The input, devp, is a major device number, the output is put
390 	 * into the same parm as a major,minor pair.
391 	 */
392 	*devp = makedevice(getmajor(*devp), dminor);
393 
394 	return (0);
395 }
396 
397 
398 /*
399  * Find the address to private data identifying the slave's write queue.
400  * Send a hang-up message up the slave's read queue to designate the
401  * master/slave pair is tearing down. Uattach the master and slave by
402  * nulling out the write queue fields in the private data structure.
403  * Finally, unlock the master/slave pair and mark the master as closed.
404  */
405 /*ARGSUSED1*/
406 static int
407 ptmclose(queue_t *rqp, int flag, cred_t *credp)
408 {
409 	struct pt_ttys	*ptmp;
410 	queue_t *pts_rdq;
411 
412 	ASSERT(rqp->q_ptr);
413 
414 	ptmp = (struct pt_ttys *)rqp->q_ptr;
415 	PT_ENTER_READ(ptmp);
416 	if (ptmp->pts_rdq) {
417 		pts_rdq = ptmp->pts_rdq;
418 		if (pts_rdq->q_next) {
419 			DBG(("send hangup message to slave\n"));
420 			(void) putnextctl(pts_rdq, M_HANGUP);
421 		}
422 	}
423 	PT_EXIT_READ(ptmp);
424 	/*
425 	 * ptm_rdq should be cleared before call to qprocsoff() to prevent pts
426 	 * write procedure to attempt using ptm_rdq after qprocsoff.
427 	 */
428 	PT_ENTER_WRITE(ptmp);
429 	ptmp->ptm_rdq = NULL;
430 	freemsg(ptmp->pt_nullmsg);
431 	ptmp->pt_nullmsg = NULL;
432 	/*
433 	 * qenable slave side write queue so that it can flush
434 	 * its messages as master's read queue is going away
435 	 */
436 	if (ptmp->pts_rdq)
437 		qenable(WR(ptmp->pts_rdq));
438 	PT_EXIT_WRITE(ptmp);
439 
440 	qprocsoff(rqp);
441 
442 	/* Finish the close */
443 	rqp->q_ptr = NULL;
444 	WR(rqp)->q_ptr = NULL;
445 
446 	ptms_close(ptmp, PTMOPEN | PTLOCK);
447 
448 	return (0);
449 }
450 
451 static boolean_t
452 ptmptsopencb(ptmptsopencb_arg_t arg)
453 {
454 	struct pt_ttys	*ptmp = (struct pt_ttys *)arg;
455 	boolean_t rval;
456 
457 	PT_ENTER_READ(ptmp);
458 	rval = (ptmp->pt_nullmsg != NULL);
459 	PT_EXIT_READ(ptmp);
460 	return (rval);
461 }
462 
463 /*
464  * The wput procedure will only handle ioctl and flush messages.
465  */
466 static void
467 ptmwput(queue_t *qp, mblk_t *mp)
468 {
469 	struct pt_ttys	*ptmp;
470 	struct iocblk	*iocp;
471 
472 	DBG(("entering ptmwput\n"));
473 	ASSERT(qp->q_ptr);
474 
475 	ptmp = (struct pt_ttys *)qp->q_ptr;
476 	PT_ENTER_READ(ptmp);
477 
478 	switch (mp->b_datap->db_type) {
479 	/*
480 	 * if write queue request, flush master's write
481 	 * queue and send FLUSHR up slave side. If read
482 	 * queue request, convert to FLUSHW and putnext().
483 	 */
484 	case M_FLUSH:
485 		{
486 			unsigned char flush_flg = 0;
487 
488 			DBG(("ptm got flush request\n"));
489 			if (*mp->b_rptr & FLUSHW) {
490 				DBG(("got FLUSHW, flush ptm write Q\n"));
491 				if (*mp->b_rptr & FLUSHBAND)
492 					/*
493 					 * if it is a FLUSHBAND, do flushband.
494 					 */
495 					flushband(qp, *(mp->b_rptr + 1),
496 					    FLUSHDATA);
497 				else
498 					flushq(qp, FLUSHDATA);
499 				flush_flg = (*mp->b_rptr & ~FLUSHW) | FLUSHR;
500 			}
501 			if (*mp->b_rptr & FLUSHR) {
502 				DBG(("got FLUSHR, set FLUSHW\n"));
503 				flush_flg |= (*mp->b_rptr & ~FLUSHR) | FLUSHW;
504 			}
505 			if (flush_flg != 0 && ptmp->pts_rdq &&
506 			    !(ptmp->pt_state & PTLOCK)) {
507 				DBG(("putnext to pts\n"));
508 				*mp->b_rptr = flush_flg;
509 				putnext(ptmp->pts_rdq, mp);
510 			} else
511 				freemsg(mp);
512 			break;
513 		}
514 
515 	case M_IOCTL:
516 		iocp = (struct iocblk *)mp->b_rptr;
517 		switch (iocp->ioc_cmd) {
518 		default:
519 			if ((ptmp->pt_state & PTLOCK) ||
520 			    (ptmp->pts_rdq == NULL)) {
521 				DBG(("got M_IOCTL but no slave\n"));
522 				miocnak(qp, mp, 0, EINVAL);
523 				PT_EXIT_READ(ptmp);
524 				return;
525 			}
526 			(void) putq(qp, mp);
527 			break;
528 		case UNLKPT:
529 			mutex_enter(&ptmp->pt_lock);
530 			ptmp->pt_state &= ~PTLOCK;
531 			mutex_exit(&ptmp->pt_lock);
532 			/*FALLTHROUGH*/
533 		case ISPTM:
534 			DBG(("ack the UNLKPT/ISPTM\n"));
535 			miocack(qp, mp, 0, 0);
536 			break;
537 		case ZONEPT:
538 		{
539 			zoneid_t z;
540 			int error;
541 
542 			if ((error = drv_priv(iocp->ioc_cr)) != 0) {
543 				miocnak(qp, mp, 0, error);
544 				break;
545 			}
546 			if ((error = miocpullup(mp, sizeof (zoneid_t))) != 0) {
547 				miocnak(qp, mp, 0, error);
548 				break;
549 			}
550 			z = *((zoneid_t *)mp->b_cont->b_rptr);
551 			if (z < MIN_ZONEID || z > MAX_ZONEID) {
552 				miocnak(qp, mp, 0, EINVAL);
553 				break;
554 			}
555 
556 			mutex_enter(&ptmp->pt_lock);
557 			ptmp->pt_zoneid = z;
558 			mutex_exit(&ptmp->pt_lock);
559 			miocack(qp, mp, 0, 0);
560 			break;
561 		}
562 		case OWNERPT:
563 		{
564 			pt_own_t *ptop;
565 			int error;
566 			zone_t *zone;
567 
568 			if ((error = miocpullup(mp, sizeof (pt_own_t))) != 0) {
569 				miocnak(qp, mp, 0, error);
570 				break;
571 			}
572 
573 			zone = zone_find_by_id(ptmp->pt_zoneid);
574 			ptop = (pt_own_t *)mp->b_cont->b_rptr;
575 
576 			if (!VALID_UID(ptop->pto_ruid, zone) ||
577 			    !VALID_GID(ptop->pto_rgid, zone)) {
578 				zone_rele(zone);
579 				miocnak(qp, mp, 0, EINVAL);
580 				break;
581 			}
582 			zone_rele(zone);
583 			mutex_enter(&ptmp->pt_lock);
584 			ptmp->pt_ruid = ptop->pto_ruid;
585 			ptmp->pt_rgid = ptop->pto_rgid;
586 			mutex_exit(&ptmp->pt_lock);
587 			miocack(qp, mp, 0, 0);
588 			break;
589 		}
590 		case PTMPTSOPENCB:
591 		{
592 			mblk_t		*dp;	/* ioctl reply data */
593 			ptmptsopencb_t	*ppocb;
594 
595 			/* only allow the kernel to invoke this ioctl */
596 			if (iocp->ioc_cr != kcred) {
597 				miocnak(qp, mp, 0, EINVAL);
598 				break;
599 			}
600 
601 			/* we don't support transparent ioctls */
602 			ASSERT(iocp->ioc_count != TRANSPARENT);
603 			if (iocp->ioc_count == TRANSPARENT) {
604 				miocnak(qp, mp, 0, EINVAL);
605 				break;
606 			}
607 
608 			/* allocate a response message */
609 			dp = allocb(sizeof (ptmptsopencb_t), BPRI_MED);
610 			if (dp == NULL) {
611 				miocnak(qp, mp, 0, EAGAIN);
612 				break;
613 			}
614 
615 			/* initialize the ioctl results */
616 			ppocb = (ptmptsopencb_t *)dp->b_rptr;
617 			ppocb->ppocb_func = ptmptsopencb;
618 			ppocb->ppocb_arg = (ptmptsopencb_arg_t)ptmp;
619 
620 			/* send the reply data */
621 			mioc2ack(mp, dp, sizeof (ptmptsopencb_t), 0);
622 			qreply(qp, mp);
623 			break;
624 		}
625 		}
626 		break;
627 
628 	case M_READ:
629 		/* Caused by ldterm - can not pass to slave */
630 		freemsg(mp);
631 		break;
632 
633 	/*
634 	 * send other messages to slave
635 	 */
636 	default:
637 		if ((ptmp->pt_state  & PTLOCK) || (ptmp->pts_rdq == NULL)) {
638 			DBG(("got msg. but no slave\n"));
639 			mp = mexchange(NULL, mp, 2, M_ERROR, -1);
640 			if (mp != NULL) {
641 				mp->b_rptr[0] = NOERROR;
642 				mp->b_rptr[1] = EINVAL;
643 				qreply(qp, mp);
644 			}
645 			PT_EXIT_READ(ptmp);
646 			return;
647 		}
648 		DBG(("put msg on master's write queue\n"));
649 		(void) putq(qp, mp);
650 		break;
651 	}
652 	DBG(("return from ptmwput()\n"));
653 	PT_EXIT_READ(ptmp);
654 }
655 
656 
657 /*
658  * enable the write side of the slave. This triggers the
659  * slave to send any messages queued on its write side to
660  * the read side of this master.
661  */
662 static void
663 ptmrsrv(queue_t *qp)
664 {
665 	struct pt_ttys	*ptmp;
666 
667 	DBG(("entering ptmrsrv\n"));
668 	ASSERT(qp->q_ptr);
669 
670 	ptmp = (struct pt_ttys *)qp->q_ptr;
671 	PT_ENTER_READ(ptmp);
672 	if (ptmp->pts_rdq) {
673 		qenable(WR(ptmp->pts_rdq));
674 	}
675 	PT_EXIT_READ(ptmp);
676 	DBG(("leaving ptmrsrv\n"));
677 }
678 
679 
680 /*
681  * If there are messages on this queue that can be sent to
682  * slave, send them via putnext(). Else, if queued messages
683  * cannot be sent, leave them on this queue. If priority
684  * messages on this queue, send them to slave no matter what.
685  */
686 static void
687 ptmwsrv(queue_t *qp)
688 {
689 	struct pt_ttys	*ptmp;
690 	mblk_t 		*mp;
691 
692 	DBG(("entering ptmwsrv\n"));
693 	ASSERT(qp->q_ptr);
694 
695 	ptmp = (struct pt_ttys *)qp->q_ptr;
696 
697 	if ((mp = getq(qp)) == NULL) {
698 		/* If there are no messages there's nothing to do. */
699 		DBG(("leaving ptmwsrv (no messages)\n"));
700 		return;
701 	}
702 
703 	PT_ENTER_READ(ptmp);
704 	if ((ptmp->pt_state  & PTLOCK) || (ptmp->pts_rdq == NULL)) {
705 		DBG(("in master write srv proc but no slave\n"));
706 		/*
707 		 * Free messages on the write queue and send
708 		 * NAK for any M_IOCTL type messages to wakeup
709 		 * the user process waiting for ACK/NAK from
710 		 * the ioctl invocation
711 		 */
712 		do {
713 			if (mp->b_datap->db_type == M_IOCTL)
714 				miocnak(qp, mp, 0, EINVAL);
715 			else
716 				freemsg(mp);
717 		} while ((mp = getq(qp)) != NULL);
718 		flushq(qp, FLUSHALL);
719 
720 		mp = mexchange(NULL, NULL, 2, M_ERROR, -1);
721 		if (mp != NULL) {
722 			mp->b_rptr[0] = NOERROR;
723 			mp->b_rptr[1] = EINVAL;
724 			qreply(qp, mp);
725 		}
726 		PT_EXIT_READ(ptmp);
727 		return;
728 	}
729 	/*
730 	 * while there are messages on this write queue...
731 	 */
732 	do {
733 		/*
734 		 * if don't have control message and cannot put
735 		 * msg. on slave's read queue, put it back on
736 		 * this queue.
737 		 */
738 		if (mp->b_datap->db_type <= QPCTL &&
739 		    !bcanputnext(ptmp->pts_rdq, mp->b_band)) {
740 			DBG(("put msg. back on queue\n"));
741 			(void) putbq(qp, mp);
742 			break;
743 		}
744 		/*
745 		 * else send the message up slave's stream
746 		 */
747 		DBG(("send message to slave\n"));
748 		putnext(ptmp->pts_rdq, mp);
749 	} while ((mp = getq(qp)) != NULL);
750 	DBG(("leaving ptmwsrv\n"));
751 	PT_EXIT_READ(ptmp);
752 }
753