1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26
27 /*
28 * Description: logindmux.c
29 *
30 * The logindmux driver is used with login modules (like telmod/rlmod).
31 * This is a 1x1 cloning mux and two of these muxes are used. The lower link
32 * of one of the muxes receives input from net and the lower link of the
33 * other mux receives input from pseudo terminal subsystem.
34 *
35 * The logdmux_qexch_lock mutex manages the race between LOGDMX_IOC_QEXCHANGE,
36 * logdmuxunlink() and logdmuxclose(), so that the instance selected as a peer
37 * in LOGDMX_IOC_QEXCHANGE cannot be unlinked or closed until the qexchange
38 * is complete; see the inline comments in the code for details.
39 *
40 * The logdmux_peerq_lock mutex manages the race between logdmuxlwsrv() and
41 * logdmuxlrput() (when null'ing tmxp->peerq during LOGDMUX_UNLINK_REQ
42 * processing).
43 *
44 * The logdmux_minor_lock mutex serializes the growth of logdmux_minor_arena
45 * (the arena is grown gradually rather than allocated all at once so that
46 * minor numbers are recycled sooner; for simplicity it is never shrunk).
47 *
48 * The unlink operation is implemented using protocol messages that flow
49 * between the two logindmux peer instances. The instance processing the
50 * I_UNLINK ioctl will send a LOGDMUX_UNLINK_REQ protocol message to its
51 * peer to indicate that it wishes to unlink; the peer will process this
52 * message in its lrput, null its tmxp->peerq and then send a
53 * LOGDMUX_UNLINK_RESP protocol message in reply to indicate that the
54 * unlink can proceed; having received the reply in its lrput, the
55 * instance processing the I_UNLINK can then continue. To ensure that only
56 * one of the peer instances will be actively processing an I_UNLINK at
57 * any one time, a single structure (an unlinkinfo_t containing a mutex,
58 * state variable and pointer to an M_CTL mblk) is allocated during
59 * the processing of the LOGDMX_IOC_QEXCHANGE ioctl. The two instances, if
60 * trying to unlink simultaneously, will race to get control of this
61 * structure which contains the resources necessary to process the
62 * I_UNLINK. The instance that wins this race will be able to continue
63 * with the unlink whilst the other instance will be obliged to wait.
64 */
65
66 #include <sys/types.h>
67 #include <sys/param.h>
68 #include <sys/errno.h>
69 #include <sys/debug.h>
70 #include <sys/stropts.h>
71 #include <sys/stream.h>
72 #include <sys/logindmux.h>
73 #include <sys/logindmux_impl.h>
74 #include <sys/stat.h>
75 #include <sys/kmem.h>
76 #include <sys/vmem.h>
77 #include <sys/strsun.h>
78 #include <sys/sysmacros.h>
79 #include <sys/mkdev.h>
80 #include <sys/ddi.h>
81 #include <sys/sunddi.h>
82 #include <sys/modctl.h>
83 #include <sys/termios.h>
84 #include <sys/cmn_err.h>
85
86 static int logdmuxopen(queue_t *, dev_t *, int, int, cred_t *);
87 static int logdmuxclose(queue_t *, int, cred_t *);
88 static int logdmuxursrv(queue_t *);
89 static int logdmuxuwput(queue_t *, mblk_t *);
90 static int logdmuxlrput(queue_t *, mblk_t *);
91 static int logdmuxlrsrv(queue_t *);
92 static int logdmuxlwsrv(queue_t *);
93 static int logdmuxuwsrv(queue_t *);
94 static int logdmux_alloc_unlinkinfo(struct tmx *, struct tmx *);
95
96 static void logdmuxlink(queue_t *, mblk_t *);
97 static void logdmuxunlink(queue_t *, mblk_t *);
98 static void logdmux_finish_unlink(queue_t *, mblk_t *);
99 static void logdmux_unlink_timer(void *arg);
100 static void recover(queue_t *, mblk_t *, size_t);
101 static void flushq_dataonly(queue_t *);
102
103 static kmutex_t logdmux_qexch_lock;
104 static kmutex_t logdmux_peerq_lock;
105 static kmutex_t logdmux_minor_lock;
106 static minor_t logdmux_maxminor = 256; /* grown as necessary */
107 static vmem_t *logdmux_minor_arena;
108 static void *logdmux_statep;
109
110 static struct module_info logdmuxm_info = {
111 LOGDMX_ID,
112 "logindmux",
113 0,
114 256,
115 512,
116 256
117 };
118
119 static struct qinit logdmuxurinit = {
120 NULL,
121 logdmuxursrv,
122 logdmuxopen,
123 logdmuxclose,
124 NULL,
125 &logdmuxm_info
126 };
127
128 static struct qinit logdmuxuwinit = {
129 logdmuxuwput,
130 logdmuxuwsrv,
131 NULL,
132 NULL,
133 NULL,
134 &logdmuxm_info
135 };
136
137 static struct qinit logdmuxlrinit = {
138 logdmuxlrput,
139 logdmuxlrsrv,
140 NULL,
141 NULL,
142 NULL,
143 &logdmuxm_info
144 };
145
146 static struct qinit logdmuxlwinit = {
147 NULL,
148 logdmuxlwsrv,
149 NULL,
150 NULL,
151 NULL,
152 &logdmuxm_info
153 };
154
155 struct streamtab logdmuxinfo = {
156 &logdmuxurinit,
157 &logdmuxuwinit,
158 &logdmuxlrinit,
159 &logdmuxlwinit
160 };
161
162 static int logdmux_info(dev_info_t *, ddi_info_cmd_t, void *, void **);
163 static int logdmux_attach(dev_info_t *, ddi_attach_cmd_t);
164 static int logdmux_detach(dev_info_t *, ddi_detach_cmd_t);
165 static dev_info_t *logdmux_dip;
166
167 DDI_DEFINE_STREAM_OPS(logdmux_ops, nulldev, nulldev, logdmux_attach,
168 logdmux_detach, nulldev, logdmux_info, D_MP | D_MTPERQ, &logdmuxinfo,
169 ddi_quiesce_not_needed);
170
171 static struct modldrv modldrv = {
172 &mod_driverops,
173 "logindmux driver",
174 &logdmux_ops
175 };
176
177 static struct modlinkage modlinkage = {
178 MODREV_1, &modldrv, NULL
179 };
180
181 int
182 _init(void)
183 {
184 int ret;
185
186 mutex_init(&logdmux_peerq_lock, NULL, MUTEX_DRIVER, NULL);
187 mutex_init(&logdmux_qexch_lock, NULL, MUTEX_DRIVER, NULL);
188
189 if ((ret = mod_install(&modlinkage)) != 0) {
190 mutex_destroy(&logdmux_peerq_lock);
191 mutex_destroy(&logdmux_qexch_lock);
192 return (ret);
193 }
194
195 logdmux_minor_arena = vmem_create("logdmux_minor", (void *)1,
196 logdmux_maxminor, 1, NULL, NULL, NULL, 0,
197 VM_SLEEP | VMC_IDENTIFIER);
198 (void) ddi_soft_state_init(&logdmux_statep, sizeof (struct tmx), 1);
199
200 return (0);
201 }
202
203 int
204 _fini(void)
205 {
206 int ret;
207
208 if ((ret = mod_remove(&modlinkage)) == 0) {
209 mutex_destroy(&logdmux_peerq_lock);
210 mutex_destroy(&logdmux_qexch_lock);
211 ddi_soft_state_fini(&logdmux_statep);
212 vmem_destroy(logdmux_minor_arena);
213 logdmux_minor_arena = NULL;
214 }
215
216 return (ret);
217 }
218
219 int
220 _info(struct modinfo *modinfop)
221 {
222 return (mod_info(&modlinkage, modinfop));
223 }
224
225 static int
226 logdmux_attach(dev_info_t *devi, ddi_attach_cmd_t cmd)
227 {
228 if (cmd != DDI_ATTACH)
229 return (DDI_FAILURE);
230
231 if (ddi_create_minor_node(devi, "logindmux", S_IFCHR, 0, DDI_PSEUDO,
232 CLONE_DEV) == DDI_FAILURE)
233 return (DDI_FAILURE);
234
235 logdmux_dip = devi;
236 return (DDI_SUCCESS);
237 }
238
239 static int
240 logdmux_detach(dev_info_t *devi, ddi_detach_cmd_t cmd)
241 {
242 if (cmd != DDI_DETACH)
243 return (DDI_FAILURE);
244
245 ddi_remove_minor_node(devi, NULL);
246 return (DDI_SUCCESS);
247 }
248
249 /* ARGSUSED */
250 static int
251 logdmux_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
252 {
253 int error;
254
255 switch (infocmd) {
256 case DDI_INFO_DEVT2DEVINFO:
257 if (logdmux_dip == NULL) {
258 error = DDI_FAILURE;
259 } else {
260 *result = logdmux_dip;
261 error = DDI_SUCCESS;
262 }
263 break;
264 case DDI_INFO_DEVT2INSTANCE:
265 *result = (void *)0;
266 error = DDI_SUCCESS;
267 break;
268 default:
269 error = DDI_FAILURE;
270 }
271 return (error);
272 }
273
274 /*
275 * Logindmux open routine
276 */
277 /*ARGSUSED*/
278 static int
279 logdmuxopen(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *crp)
280 {
281 struct tmx *tmxp;
282 minor_t minor, omaxminor;
283
284 if (sflag != CLONEOPEN)
285 return (EINVAL);
286
287 mutex_enter(&logdmux_minor_lock);
288 if (vmem_size(logdmux_minor_arena, VMEM_FREE) == 0) {
289 /*
290 * The arena has been exhausted; grow by powers of two
291 * up to MAXMIN; bail if we've run out of minors.
292 */
293 if (logdmux_maxminor == MAXMIN) {
294 mutex_exit(&logdmux_minor_lock);
295 return (ENOMEM);
296 }
297
298 omaxminor = logdmux_maxminor;
299 logdmux_maxminor = MIN(logdmux_maxminor << 1, MAXMIN);
300
301 (void) vmem_add(logdmux_minor_arena,
302 (void *)(uintptr_t)(omaxminor + 1),
303 logdmux_maxminor - omaxminor, VM_SLEEP);
304 }
305 minor = (minor_t)(uintptr_t)
306 vmem_alloc(logdmux_minor_arena, 1, VM_SLEEP);
307 mutex_exit(&logdmux_minor_lock);
308
309 if (ddi_soft_state_zalloc(logdmux_statep, minor) == DDI_FAILURE) {
310 vmem_free(logdmux_minor_arena, (void *)(uintptr_t)minor, 1);
311 return (ENOMEM);
312 }
313
314 tmxp = ddi_get_soft_state(logdmux_statep, minor);
315 tmxp->rdq = q;
316 tmxp->muxq = NULL;
317 tmxp->peerq = NULL;
318 tmxp->unlinkinfop = NULL;
319 tmxp->dev0 = minor;
320
321 *devp = makedevice(getmajor(*devp), tmxp->dev0);
322 q->q_ptr = tmxp;
323 WR(q)->q_ptr = tmxp;
324
325 qprocson(q);
326 return (0);
327 }
328
329 /*
330 * Logindmux close routine gets called when telnet connection is closed
331 */
332 /*ARGSUSED*/
333 static int
334 logdmuxclose(queue_t *q, int flag, cred_t *crp)
335 {
336 struct tmx *tmxp = q->q_ptr;
337 minor_t minor = tmxp->dev0;
338
339 ASSERT(tmxp->muxq == NULL);
340 ASSERT(tmxp->peerq == NULL);
341
342 qprocsoff(q);
343 if (tmxp->wbufcid != 0) {
344 qunbufcall(q, tmxp->wbufcid);
345 tmxp->wbufcid = 0;
346 }
347 if (tmxp->rbufcid != 0) {
348 qunbufcall(q, tmxp->rbufcid);
349 tmxp->rbufcid = 0;
350 }
351 if (tmxp->rtimoutid != 0) {
352 (void) quntimeout(q, tmxp->rtimoutid);
353 tmxp->rtimoutid = 0;
354 }
355 if (tmxp->wtimoutid != 0) {
356 (void) quntimeout(q, tmxp->wtimoutid);
357 tmxp->wtimoutid = 0;
358 }
359 if (tmxp->utimoutid != 0) {
360 (void) quntimeout(q, tmxp->utimoutid);
361 tmxp->utimoutid = 0;
362 }
363
364 /*
365 * Hold logdmux_qexch_lock to prevent another thread that might be
366 * in LOGDMX_IOC_QEXCHANGE from looking up our state while we're
367 * disposing of it.
368 */
369 mutex_enter(&logdmux_qexch_lock);
370 ddi_soft_state_free(logdmux_statep, minor);
371 vmem_free(logdmux_minor_arena, (void *)(uintptr_t)minor, 1);
372 mutex_exit(&logdmux_qexch_lock);
373
374 q->q_ptr = NULL;
375 WR(q)->q_ptr = NULL;
376
377 return (0);
378 }
379
380 /*
381 * Upper read service routine
382 */
383 static int
384 logdmuxursrv(queue_t *q)
385 {
386 struct tmx *tmxp = q->q_ptr;
387
388 if (tmxp->muxq != NULL)
389 qenable(RD(tmxp->muxq));
390 return (0);
391 }
392
393 /*
394 * This routine gets called when telnet daemon sends data or ioctl messages
395 * to upper mux queue.
396 */
397 static int
398 logdmuxuwput(queue_t *q, mblk_t *mp)
399 {
400 queue_t *qp;
401 mblk_t *newmp;
402 struct iocblk *ioc;
403 minor_t minor;
404 STRUCT_HANDLE(protocol_arg, protoh);
405 struct tmx *tmxp, *tmxpeerp;
406 int error;
407
408 tmxp = q->q_ptr;
409
410 switch (mp->b_datap->db_type) {
411
412 case M_IOCTL:
413 ASSERT(MBLKL(mp) == sizeof (struct iocblk));
414
415 ioc = (struct iocblk *)mp->b_rptr;
416 switch (ioc->ioc_cmd) {
417 /*
418 * This is a special ioctl which exchanges q info
419 * of the two peers, connected to netf and ptmx.
420 */
421 case LOGDMX_IOC_QEXCHANGE:
422 error = miocpullup(mp,
423 SIZEOF_STRUCT(protocol_arg, ioc->ioc_flag));
424 if (error != 0) {
425 miocnak(q, mp, 0, error);
426 break;
427 }
428 STRUCT_SET_HANDLE(protoh, ioc->ioc_flag,
429 (struct protocol_arg *)mp->b_cont->b_rptr);
430 #ifdef _SYSCALL32_IMPL
431 if ((ioc->ioc_flag & DATAMODEL_MASK) ==
432 DATAMODEL_ILP32) {
433 minor = getminor(expldev(
434 STRUCT_FGET(protoh, dev)));
435 } else
436 #endif
437 {
438 minor = getminor(STRUCT_FGET(protoh, dev));
439 }
440
441 /*
442 * The second argument to ddi_get_soft_state() is
443 * interpreted as an `int', so prohibit negative
444 * values.
445 */
446 if ((int)minor < 0) {
447 miocnak(q, mp, 0, EINVAL);
448 break;
449 }
450
451 /*
452 * We must hold logdmux_qexch_lock while looking up
453 * the proposed peer to prevent another thread from
454 * simultaneously I_UNLINKing or closing it.
455 */
456 mutex_enter(&logdmux_qexch_lock);
457
458 /*
459 * For LOGDMX_IOC_QEXCHANGE to succeed, our peer must
460 * exist (and not be us), and both we and our peer
461 * must be I_LINKed (i.e., muxq must not be NULL) and
462 * not already have a peer.
463 */
464 tmxpeerp = ddi_get_soft_state(logdmux_statep, minor);
465 if (tmxpeerp == NULL || tmxpeerp == tmxp ||
466 tmxpeerp->muxq == NULL || tmxpeerp->peerq != NULL ||
467 tmxp->muxq == NULL || tmxp->peerq != NULL) {
468 mutex_exit(&logdmux_qexch_lock);
469 miocnak(q, mp, 0, EINVAL);
470 break;
471 }
472
473 /*
474 * If `flag' is set then exchange queues and assume
475 * tmxp refers to the ptmx stream.
476 */
477 if (STRUCT_FGET(protoh, flag)) {
478 /*
479 * Allocate and populate the structure we
480 * need when processing an I_UNLINK ioctl.
481 * Give both logindmux instances a pointer
482 * to it from their tmx structure.
483 */
484 if ((error = logdmux_alloc_unlinkinfo(
485 tmxp, tmxpeerp)) != 0) {
486 mutex_exit(&logdmux_qexch_lock);
487 miocnak(q, mp, 0, error);
488 break;
489 }
490 tmxp->peerq = tmxpeerp->muxq;
491 tmxpeerp->peerq = tmxp->muxq;
492 tmxp->isptm = B_TRUE;
493 }
494 mutex_exit(&logdmux_qexch_lock);
495 miocack(q, mp, 0, 0);
496 break;
497
498 case I_LINK:
499 ASSERT(MBLKL(mp->b_cont) == sizeof (struct linkblk));
500 logdmuxlink(q, mp);
501 break;
502
503 case I_UNLINK:
504 ASSERT(MBLKL(mp->b_cont) == sizeof (struct linkblk));
505 logdmuxunlink(q, mp);
506 break;
507
508 default:
509 if (tmxp->muxq == NULL) {
510 miocnak(q, mp, 0, EINVAL);
511 return (0);
512 }
513 putnext(tmxp->muxq, mp);
514 break;
515 }
516
517 break;
518
519 case M_DATA:
520 if (!tmxp->isptm) {
521 if ((newmp = allocb(sizeof (char), BPRI_MED)) == NULL) {
522 recover(q, mp, sizeof (char));
523 return (0);
524 }
525 newmp->b_datap->db_type = M_CTL;
526 *newmp->b_wptr++ = M_CTL_MAGIC_NUMBER;
527 newmp->b_cont = mp;
528 mp = newmp;
529 }
530 /* FALLTHRU */
531
532 case M_PROTO:
533 case M_PCPROTO:
534 qp = tmxp->muxq;
535 if (qp == NULL) {
536 merror(q, mp, EINVAL);
537 return (0);
538 }
539
540 if (queclass(mp) < QPCTL) {
541 if (q->q_first != NULL || !canputnext(qp)) {
542 (void) putq(q, mp);
543 return (0);
544 }
545 }
546 putnext(qp, mp);
547 break;
548
549 case M_FLUSH:
550 if (*mp->b_rptr & FLUSHW)
551 flushq(q, FLUSHALL);
552
553 if (tmxp->muxq != NULL) {
554 putnext(tmxp->muxq, mp);
555 return (0);
556 }
557
558 *mp->b_rptr &= ~FLUSHW;
559 if (*mp->b_rptr & FLUSHR)
560 qreply(q, mp);
561 else
562 freemsg(mp);
563 break;
564
565 default:
566 cmn_err(CE_NOTE, "logdmuxuwput: received unexpected message"
567 " of type 0x%x", mp->b_datap->db_type);
568 freemsg(mp);
569 }
570 return (0);
571 }
572
573 /*
574 * Upper write service routine
575 */
576 static int
577 logdmuxuwsrv(queue_t *q)
578 {
579 mblk_t *mp, *newmp;
580 queue_t *qp;
581 struct tmx *tmxp = q->q_ptr;
582
583 while ((mp = getq(q)) != NULL) {
584 switch (mp->b_datap->db_type) {
585 case M_DATA:
586 if (!tmxp->isptm) {
587 if ((newmp = allocb(sizeof (char), BPRI_MED)) ==
588 NULL) {
589 recover(q, mp, sizeof (char));
590 return (0);
591 }
592 newmp->b_datap->db_type = M_CTL;
593 *newmp->b_wptr++ = M_CTL_MAGIC_NUMBER;
594 newmp->b_cont = mp;
595 mp = newmp;
596 }
597 /* FALLTHRU */
598
599 case M_CTL:
600 case M_PROTO:
601 if (tmxp->muxq == NULL) {
602 merror(q, mp, EIO);
603 break;
604 }
605 qp = tmxp->muxq;
606 if (!canputnext(qp)) {
607 (void) putbq(q, mp);
608 return (0);
609 }
610 putnext(qp, mp);
611 break;
612
613
614 default:
615 cmn_err(CE_NOTE, "logdmuxuwsrv: received unexpected"
616 " message of type 0x%x", mp->b_datap->db_type);
617 freemsg(mp);
618 }
619 }
620 return (0);
621 }
622
623 /*
624 * Logindmux lower put routine detects from which of the two lower queues
625 * the data needs to be read from and writes it out to its peer queue.
626 * For protocol, it detects M_CTL and sends its data to the daemon. Also,
627 * for ioctl and other types of messages, it lets the daemon handle it.
628 */
629 static int
630 logdmuxlrput(queue_t *q, mblk_t *mp)
631 {
632 mblk_t *savemp;
633 queue_t *qp;
634 struct iocblk *ioc;
635 struct tmx *tmxp = q->q_ptr;
636 uchar_t flush;
637 uint_t *messagep;
638 unlinkinfo_t *unlinkinfop = tmxp->unlinkinfop;
639
640 if (tmxp->muxq == NULL || tmxp->peerq == NULL) {
641 freemsg(mp);
642 return (0);
643 }
644
645 /*
646 * If there's already a message on our queue and the incoming
647 * message is not of a high-priority, enqueue the message --
648 * but not if it's a logindmux protocol message.
649 */
650 if ((q->q_first != NULL) && (queclass(mp) < QPCTL) &&
651 (!LOGDMUX_PROTO_MBLK(mp))) {
652 (void) putq(q, mp);
653 return (0);
654 }
655
656 switch (mp->b_datap->db_type) {
657
658 case M_IOCTL:
659 ioc = (struct iocblk *)mp->b_rptr;
660 switch (ioc->ioc_cmd) {
661
662 case TIOCSWINSZ:
663 case TCSETAF:
664 case TCSETSF:
665 case TCSETA:
666 case TCSETAW:
667 case TCSETS:
668 case TCSETSW:
669 case TCSBRK:
670 case TIOCSTI:
671 qp = tmxp->peerq;
672 break;
673
674 default:
675 cmn_err(CE_NOTE, "logdmuxlrput: received unexpected"
676 " request for ioctl 0x%x", ioc->ioc_cmd);
677
678 /* NAK unrecognized ioctl's. */
679 miocnak(q, mp, 0, 0);
680 return (0);
681 }
682 break;
683
684 case M_DATA:
685 case M_HANGUP:
686 qp = tmxp->peerq;
687 break;
688
689 case M_CTL:
690 /*
691 * The protocol messages that flow between the peers
692 * to implement the unlink functionality are M_CTLs
693 * which have the M_IOCTL/I_UNLINK mblk of the ioctl
694 * attached via b_cont. LOGDMUX_PROTO_MBLK() uses
695 * this to determine whether a particular M_CTL is a
696 * peer protocol message.
697 */
698 if (LOGDMUX_PROTO_MBLK(mp)) {
699 messagep = (uint_t *)mp->b_rptr;
700
701 switch (*messagep) {
702
703 case LOGDMUX_UNLINK_REQ:
704 /*
705 * We've received a message from our
706 * peer indicating that it wants to
707 * unlink.
708 */
709 *messagep = LOGDMUX_UNLINK_RESP;
710 qp = tmxp->peerq;
711
712 mutex_enter(&logdmux_peerq_lock);
713 tmxp->peerq = NULL;
714 mutex_exit(&logdmux_peerq_lock);
715
716 put(RD(qp), mp);
717 return (0);
718
719 case LOGDMUX_UNLINK_RESP:
720 /*
721 * We've received a positive response
722 * from our peer to an earlier
723 * LOGDMUX_UNLINK_REQ that we sent.
724 * We can now carry on with the unlink.
725 */
726 qp = tmxp->rdq;
727 mutex_enter(&unlinkinfop->state_lock);
728 ASSERT(unlinkinfop->state ==
729 LOGDMUX_UNLINK_PENDING);
730 unlinkinfop->state = LOGDMUX_UNLINKED;
731 mutex_exit(&unlinkinfop->state_lock);
732 logdmux_finish_unlink(WR(qp), mp->b_cont);
733 return (0);
734 }
735 }
736
737 qp = tmxp->rdq;
738 if (q->q_first != NULL || !canputnext(qp)) {
739 (void) putq(q, mp);
740 return (0);
741 }
742 if ((MBLKL(mp) == 1) && (*mp->b_rptr == M_CTL_MAGIC_NUMBER)) {
743 savemp = mp->b_cont;
744 freeb(mp);
745 mp = savemp;
746 }
747 putnext(qp, mp);
748 return (0);
749
750 case M_IOCACK:
751 case M_IOCNAK:
752 case M_PROTO:
753 case M_PCPROTO:
754 case M_PCSIG:
755 case M_SETOPTS:
756 qp = tmxp->rdq;
757 break;
758
759 case M_ERROR:
760 if (tmxp->isptm) {
761 /*
762 * This error is from ptm. We could tell TCP to
763 * shutdown the connection, but it's easier to just
764 * wait for the daemon to get SIGCHLD and close from
765 * above.
766 */
767 freemsg(mp);
768 return (0);
769 }
770 /*
771 * This is from TCP. Don't really know why we'd
772 * get this, but we have a pretty good idea what
773 * to do: Send M_HANGUP to the pty.
774 */
775 mp->b_datap->db_type = M_HANGUP;
776 mp->b_wptr = mp->b_rptr;
777 qp = tmxp->peerq;
778 break;
779
780 case M_FLUSH:
781 if (*mp->b_rptr & FLUSHR)
782 flushq_dataonly(q);
783
784 if (mp->b_flag & MSGMARK) {
785 /*
786 * This M_FLUSH has been marked by the module
787 * below as intended for the upper queue,
788 * not the peer queue.
789 */
790 qp = tmxp->rdq;
791 mp->b_flag &= ~MSGMARK;
792 } else {
793 /*
794 * Wrap this M_FLUSH through the mux.
795 * The FLUSHR and FLUSHW bits must be
796 * reversed.
797 */
798 qp = tmxp->peerq;
799 flush = *mp->b_rptr;
800 *mp->b_rptr &= ~(FLUSHR | FLUSHW);
801 if (flush & FLUSHW)
802 *mp->b_rptr |= FLUSHR;
803 if (flush & FLUSHR)
804 *mp->b_rptr |= FLUSHW;
805 }
806 break;
807
808 case M_START:
809 case M_STOP:
810 case M_STARTI:
811 case M_STOPI:
812 freemsg(mp);
813 return (0);
814
815 default:
816 cmn_err(CE_NOTE, "logdmuxlrput: received unexpected "
817 "message of type 0x%x", mp->b_datap->db_type);
818 freemsg(mp);
819 return (0);
820 }
821 if (queclass(mp) < QPCTL) {
822 if (q->q_first != NULL || !canputnext(qp)) {
823 (void) putq(q, mp);
824 return (0);
825 }
826 }
827 putnext(qp, mp);
828 return (0);
829 }
830
831 /*
832 * Lower read service routine
833 */
834 static int
835 logdmuxlrsrv(queue_t *q)
836 {
837 mblk_t *mp, *savemp;
838 queue_t *qp;
839 struct iocblk *ioc;
840 struct tmx *tmxp = q->q_ptr;
841
842 while ((mp = getq(q)) != NULL) {
843 if (tmxp->muxq == NULL || tmxp->peerq == NULL) {
844 freemsg(mp);
845 continue;
846 }
847
848 switch (mp->b_datap->db_type) {
849
850 case M_IOCTL:
851 ioc = (struct iocblk *)mp->b_rptr;
852
853 switch (ioc->ioc_cmd) {
854
855 case TIOCSWINSZ:
856 case TCSETAF:
857 case TCSETSF:
858 case TCSETA:
859 case TCSETAW:
860 case TCSETS:
861 case TCSETSW:
862 case TCSBRK:
863 case TIOCSTI:
864 qp = tmxp->peerq;
865 break;
866
867 default:
868 cmn_err(CE_NOTE, "logdmuxlrsrv: received "
869 "unexpected request for ioctl 0x%x",
870 ioc->ioc_cmd);
871
872 /* NAK unrecognized ioctl's. */
873 miocnak(q, mp, 0, 0);
874 continue;
875 }
876 break;
877
878 case M_DATA:
879 case M_HANGUP:
880 qp = tmxp->peerq;
881 break;
882
883 case M_CTL:
884 qp = tmxp->rdq;
885 if (!canputnext(qp)) {
886 (void) putbq(q, mp);
887 return (0);
888 }
889 if (MBLKL(mp) == 1 &&
890 (*mp->b_rptr == M_CTL_MAGIC_NUMBER)) {
891 savemp = mp->b_cont;
892 freeb(mp);
893 mp = savemp;
894 }
895 putnext(qp, mp);
896 continue;
897
898 case M_PROTO:
899 case M_SETOPTS:
900 qp = tmxp->rdq;
901 break;
902
903 default:
904 cmn_err(CE_NOTE, "logdmuxlrsrv: received unexpected "
905 "message of type 0x%x", mp->b_datap->db_type);
906 freemsg(mp);
907 continue;
908 }
909 ASSERT(queclass(mp) < QPCTL);
910 if (!canputnext(qp)) {
911 (void) putbq(q, mp);
912 return (0);
913 }
914 putnext(qp, mp);
915 }
916 return (0);
917 }
918
919 /*
920 * Lower side write service procedure. No messages are ever placed on
921 * the write queue here, this just back-enables all of the upper side
922 * write service procedures.
923 */
924 static int
925 logdmuxlwsrv(queue_t *q)
926 {
927 struct tmx *tmxp = q->q_ptr;
928
929 /*
930 * Qenable upper write queue and find out which lower
931 * queue needs to be restarted with flow control.
932 * Qenable the peer queue so canputnext will
933 * succeed on next call to logdmuxlrput.
934 */
935 qenable(WR(tmxp->rdq));
936
937 mutex_enter(&logdmux_peerq_lock);
938 if (tmxp->peerq != NULL)
939 qenable(RD(tmxp->peerq));
940 mutex_exit(&logdmux_peerq_lock);
941
942 return (0);
943 }
944
945 /*
946 * This routine does I_LINK operation.
947 */
948 static void
949 logdmuxlink(queue_t *q, mblk_t *mp)
950 {
951 struct tmx *tmxp = q->q_ptr;
952 struct linkblk *lp = (struct linkblk *)mp->b_cont->b_rptr;
953
954 /*
955 * Fail if we're already linked.
956 */
957 if (tmxp->muxq != NULL) {
958 miocnak(q, mp, 0, EINVAL);
959 return;
960 }
961
962 tmxp->muxq = lp->l_qbot;
963 tmxp->muxq->q_ptr = tmxp;
964 RD(tmxp->muxq)->q_ptr = tmxp;
965
966 miocack(q, mp, 0, 0);
967 }
968
969 /*
970 * logdmuxunlink() is called from logdmuxuwput() and is the first of two
971 * functions which process an I_UNLINK ioctl. logdmuxunlink() will determine
972 * the state of logindmux peer linkage and, based on this, control when the
973 * second function, logdmux_finish_unlink(), is called. It's
974 * logdmux_finish_unlink() that's sending the M_IOCACK upstream and
975 * resetting the link state.
976 */
977 static void
978 logdmuxunlink(queue_t *q, mblk_t *mp)
979 {
980 struct tmx *tmxp = q->q_ptr;
981 unlinkinfo_t *unlinkinfop;
982
983 /*
984 * If we don't have a peer, just unlink. Note that this check needs
985 * to be done under logdmux_qexch_lock to prevent racing with
986 * LOGDMX_IOC_QEXCHANGE, and we *must* set muxq to NULL prior to
987 * releasing the lock so that LOGDMX_IOC_QEXCHANGE will not consider
988 * us as a possible peer anymore (if it already considers us to be a
989 * peer, then unlinkinfop will not be NULL) -- NULLing muxq precludes
990 * use of logdmux_finish_unlink() here.
991 */
992 mutex_enter(&logdmux_qexch_lock);
993 unlinkinfop = tmxp->unlinkinfop;
994 if (unlinkinfop == NULL) {
995 ASSERT(tmxp->peerq == NULL);
996 tmxp->muxq = NULL;
997 mutex_exit(&logdmux_qexch_lock);
998 miocack(q, mp, 0, 0);
999 return;
1000 }
1001 mutex_exit(&logdmux_qexch_lock);
1002
1003 mutex_enter(&unlinkinfop->state_lock);
1004
1005 switch (unlinkinfop->state) {
1006
1007 case LOGDMUX_LINKED:
1008 /*
1009 * We're the first instance to process an I_UNLINK --
1010 * ie, the peer instance is still there. We'll change
1011 * the state so that only one instance is executing an
1012 * I_UNLINK at any one time.
1013 */
1014 unlinkinfop->state = LOGDMUX_UNLINK_PENDING;
1015 mutex_exit(&unlinkinfop->state_lock);
1016 /*
1017 * Attach the original M_IOCTL message to a
1018 * LOGDMUX_UNLINK_REQ message and send it to our peer to
1019 * tell it to unlink from us. When it has completed the
1020 * task, it will send us a LOGDMUX_UNLINK_RESP message
1021 * with the original M_IOCTL still attached, which will be
1022 * processed in our logdmuxlrput(). At that point, we will
1023 * call logdmux_finish_unlink() to complete the unlink
1024 * operation using the attached M_IOCTL.
1025 */
1026 unlinkinfop->prot_mp->b_cont = mp;
1027 /*
1028 * Put the M_CTL directly to the peer's lower RQ.
1029 */
1030 put(RD(tmxp->peerq), unlinkinfop->prot_mp);
1031 break;
1032
1033 case LOGDMUX_UNLINK_PENDING:
1034 mutex_exit(&unlinkinfop->state_lock);
1035 /*
1036 * Our peer is actively processing an I_UNLINK itself.
1037 * We have to wait for the peer to complete and we use
1038 * qtimeout as a way to poll for its completion.
1039 * We save a reference to our mblk so that we can send
1040 * it upstream once our peer is done.
1041 */
1042 tmxp->unlink_mp = mp;
1043 tmxp->utimoutid = qtimeout(q, logdmux_unlink_timer, q,
1044 drv_usectohz(LOGDMUX_POLL_WAIT));
1045 break;
1046
1047 case LOGDMUX_UNLINKED:
1048 /*
1049 * Our peer is no longer linked so we can proceed.
1050 */
1051 mutex_exit(&unlinkinfop->state_lock);
1052 mutex_destroy(&unlinkinfop->state_lock);
1053 freeb(unlinkinfop->prot_mp);
1054 kmem_free(unlinkinfop, sizeof (unlinkinfo_t));
1055 logdmux_finish_unlink(q, mp);
1056 break;
1057
1058 default:
1059 mutex_exit(&unlinkinfop->state_lock);
1060 cmn_err(CE_PANIC,
1061 "logdmuxunlink: peer linkage is in an unrecognized state");
1062 break;
1063 }
1064 }
1065
1066 /*
1067 * Finish the unlink operation. Note that no locks should be held since
1068 * this routine calls into other queues.
1069 */
1070 static void
1071 logdmux_finish_unlink(queue_t *q, mblk_t *unlink_mp)
1072 {
1073 struct tmx *tmxp = q->q_ptr;
1074 mblk_t *mp;
1075
1076 /*
1077 * Flush any write side data downstream.
1078 */
1079 while ((mp = getq(WR(q))) != NULL)
1080 putnext(tmxp->muxq, mp);
1081
1082 /*
1083 * Note that we do not NULL out q_ptr since another thread (e.g., a
1084 * STREAMS service thread) might call logdmuxlrput() between the time
1085 * we exit the logindmux perimeter and the time the STREAMS framework
1086 * resets q_ptr to stdata (since muxq is set to NULL, any messages
1087 * will just be discarded).
1088 */
1089 tmxp->muxq = NULL;
1090 tmxp->unlinkinfop = NULL;
1091 tmxp->peerq = NULL;
1092 miocack(q, unlink_mp, 0, 0);
1093 }
1094
1095 /*
1096 * logdmux_unlink_timer() is executed by qtimeout(). This function will
1097 * check unlinkinfop->state to determine whether the peer has completed
1098 * its I_UNLINK. If it hasn't, we use qtimeout() to initiate another poll.
1099 */
1100 static void
1101 logdmux_unlink_timer(void *arg)
1102 {
1103 queue_t *q = arg;
1104 struct tmx *tmxp = q->q_ptr;
1105 unlinkinfo_t *unlinkinfop = tmxp->unlinkinfop;
1106
1107 tmxp->utimoutid = 0;
1108
1109 mutex_enter(&unlinkinfop->state_lock);
1110
1111 if (unlinkinfop->state != LOGDMUX_UNLINKED) {
1112 ASSERT(unlinkinfop->state == LOGDMUX_UNLINK_PENDING);
1113 mutex_exit(&unlinkinfop->state_lock);
1114 /*
1115 * We need to wait longer for our peer to complete.
1116 */
1117 tmxp->utimoutid = qtimeout(q, logdmux_unlink_timer, q,
1118 drv_usectohz(LOGDMUX_POLL_WAIT));
1119 } else {
1120 /*
1121 * Our peer is no longer linked so we can proceed with
1122 * the cleanup.
1123 */
1124 mutex_exit(&unlinkinfop->state_lock);
1125 mutex_destroy(&unlinkinfop->state_lock);
1126 freeb(unlinkinfop->prot_mp);
1127 kmem_free(unlinkinfop, sizeof (unlinkinfo_t));
1128 logdmux_finish_unlink(q, tmxp->unlink_mp);
1129 }
1130 }
1131
1132 static void
1133 logdmux_timer(void *arg)
1134 {
1135 queue_t *q = arg;
1136 struct tmx *tmxp = q->q_ptr;
1137
1138 ASSERT(tmxp != NULL);
1139
1140 if (q->q_flag & QREADR) {
1141 ASSERT(tmxp->rtimoutid != 0);
1142 tmxp->rtimoutid = 0;
1143 } else {
1144 ASSERT(tmxp->wtimoutid != 0);
1145 tmxp->wtimoutid = 0;
1146 }
1147 enableok(q);
1148 qenable(q);
1149 }
1150
1151 static void
1152 logdmux_buffer(void *arg)
1153 {
1154 queue_t *q = arg;
1155 struct tmx *tmxp = q->q_ptr;
1156
1157 ASSERT(tmxp != NULL);
1158
1159 if (q->q_flag & QREADR) {
1160 ASSERT(tmxp->rbufcid != 0);
1161 tmxp->rbufcid = 0;
1162 } else {
1163 ASSERT(tmxp->wbufcid != 0);
1164 tmxp->wbufcid = 0;
1165 }
1166 enableok(q);
1167 qenable(q);
1168 }
1169
1170 static void
1171 recover(queue_t *q, mblk_t *mp, size_t size)
1172 {
1173 timeout_id_t tid;
1174 bufcall_id_t bid;
1175 struct tmx *tmxp = q->q_ptr;
1176
1177 /*
1178 * Avoid re-enabling the queue.
1179 */
1180 ASSERT(queclass(mp) < QPCTL);
1181 ASSERT(WR(q)->q_next == NULL); /* Called from upper queue only */
1182 noenable(q);
1183 (void) putbq(q, mp);
1184
1185 /*
1186 * Make sure there is at most one outstanding request per queue.
1187 */
1188 if (q->q_flag & QREADR) {
1189 if (tmxp->rtimoutid != 0 || tmxp->rbufcid != 0)
1190 return;
1191 } else {
1192 if (tmxp->wtimoutid != 0 || tmxp->wbufcid != 0)
1193 return;
1194 }
1195 if (!(bid = qbufcall(RD(q), size, BPRI_MED, logdmux_buffer, q))) {
1196 tid = qtimeout(RD(q), logdmux_timer, q, drv_usectohz(SIMWAIT));
1197 if (q->q_flag & QREADR)
1198 tmxp->rtimoutid = tid;
1199 else
1200 tmxp->wtimoutid = tid;
1201 } else {
1202 if (q->q_flag & QREADR)
1203 tmxp->rbufcid = bid;
1204 else
1205 tmxp->wbufcid = bid;
1206 }
1207 }
1208
1209 static void
1210 flushq_dataonly(queue_t *q)
1211 {
1212 mblk_t *mp, *nmp;
1213
1214 /*
1215 * Since we are already in the perimeter, and we are not a put-shared
1216 * perimeter, we don't need to freeze the stream or anything to
1217 * be ensured of exclusivity.
1218 */
1219 mp = q->q_first;
1220 while (mp != NULL) {
1221 if (mp->b_datap->db_type == M_DATA) {
1222 nmp = mp->b_next;
1223 rmvq(q, mp);
1224 freemsg(mp);
1225 mp = nmp;
1226 } else {
1227 mp = mp->b_next;
1228 }
1229 }
1230 }
1231
1232 /*
1233 * logdmux_alloc_unlinkinfo() is called from logdmuxuwput() during the
1234 * processing of a LOGDMX_IOC_QEXCHANGE ioctl() to allocate the
1235 * unlinkinfo_t which is needed during the processing of an I_UNLINK.
1236 */
1237 static int
1238 logdmux_alloc_unlinkinfo(struct tmx *t0, struct tmx *t1)
1239 {
1240 unlinkinfo_t *p;
1241 uint_t *messagep;
1242
1243 if ((p = kmem_zalloc(sizeof (unlinkinfo_t), KM_NOSLEEP)) == NULL)
1244 return (ENOSR);
1245
1246 if ((p->prot_mp = allocb(sizeof (uint_t), BPRI_MED)) == NULL) {
1247 kmem_free(p, sizeof (unlinkinfo_t));
1248 return (ENOSR);
1249 }
1250
1251 DB_TYPE(p->prot_mp) = M_CTL;
1252 messagep = (uint_t *)p->prot_mp->b_wptr;
1253 *messagep = LOGDMUX_UNLINK_REQ;
1254 p->prot_mp->b_wptr += sizeof (*messagep);
1255 p->state = LOGDMUX_LINKED;
1256 mutex_init(&p->state_lock, NULL, MUTEX_DRIVER, NULL);
1257
1258 t0->unlinkinfop = t1->unlinkinfop = p;
1259
1260 return (0);
1261 }