10088 ldterm_do_ioctl() shouldn't check for a NULL array

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  * Copyright (c) 2018, Joyent, Inc.
  25  * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
  26  */
  27 
  28 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T  */
  29 /* All Rights Reserved                                  */
  30 
  31 /*
  32  * University Copyright- Copyright (c) 1982, 1986, 1988
  33  * The Regents of the University of California
  34  * All Rights Reserved
  35  *
  36  * University Acknowledgment- Portions of this document are derived from
  37  * software developed by the University of California, Berkeley, and its
  38  * contributors.
  39  */
  40 
  41 /*
  42  * Standard Streams Terminal Line Discipline module.
  43  */
  44 
  45 #include <sys/param.h>
  46 #include <sys/types.h>
  47 #include <sys/termio.h>
  48 #include <sys/stream.h>
  49 #include <sys/conf.h>
  50 #include <sys/stropts.h>
  51 #include <sys/strsubr.h>
  52 #include <sys/strsun.h>
  53 #include <sys/strtty.h>
  54 #include <sys/signal.h>
  55 #include <sys/file.h>
  56 #include <sys/errno.h>
  57 #include <sys/debug.h>
  58 #include <sys/cmn_err.h>
  59 #include <sys/euc.h>
  60 #include <sys/eucioctl.h>
  61 #include <sys/csiioctl.h>
  62 #include <sys/ptms.h>
  63 #include <sys/ldterm.h>
  64 #include <sys/cred.h>
  65 #include <sys/ddi.h>
  66 #include <sys/sunddi.h>
  67 #include <sys/kmem.h>
  68 #include <sys/modctl.h>
  69 
  70 /* Time limit when draining during a close(9E) invoked by exit(2) */
  71 /* Can be set to zero to emulate the old, broken behavior */
  72 int ldterm_drain_limit = 15000000;
  73 
  74 /*
  75  * Character types.
  76  */
  77 #define ORDINARY        0
  78 #define CONTROL         1
  79 #define BACKSPACE       2
  80 #define NEWLINE         3
  81 #define TAB             4
  82 #define VTAB            5
  83 #define RETURN          6
  84 
  85 /*
  86  * The following for EUC handling:
  87  */
  88 #define T_SS2           7
  89 #define T_SS3           8
  90 
  91 /*
  92  * Table indicating character classes to tty driver.  In particular,
  93  * if the class is ORDINARY, then the character needs no special
  94  * processing on output.
  95  *
  96  * Characters in the C1 set are all considered CONTROL; this will
  97  * work with terminals that properly use the ANSI/ISO extensions,
  98  * but might cause distress with terminals that put graphics in
  99  * the range 0200-0237.  On the other hand, characters in that
 100  * range cause even greater distress to other UNIX terminal drivers....
 101  */
 102 
 103 static char typetab[256] = {
 104 /* 000 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 105 /* 004 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 106 /* 010 */       BACKSPACE,      TAB,            NEWLINE,        CONTROL,
 107 /* 014 */       VTAB,           RETURN,         CONTROL,        CONTROL,
 108 /* 020 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 109 /* 024 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 110 /* 030 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 111 /* 034 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 112 /* 040 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 113 /* 044 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 114 /* 050 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 115 /* 054 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 116 /* 060 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 117 /* 064 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 118 /* 070 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 119 /* 074 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 120 /* 100 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 121 /* 104 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 122 /* 110 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 123 /* 114 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 124 /* 120 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 125 /* 124 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 126 /* 130 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 127 /* 134 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 128 /* 140 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 129 /* 144 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 130 /* 150 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 131 /* 154 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 132 /* 160 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 133 /* 164 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 134 /* 170 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 135 /* 174 */       ORDINARY,       ORDINARY,       ORDINARY,       CONTROL,
 136 /* 200 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 137 /* 204 */       CONTROL,        CONTROL,        T_SS2,          T_SS3,
 138 /* 210 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 139 /* 214 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 140 /* 220 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 141 /* 224 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 142 /* 230 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 143 /* 234 */       CONTROL,        CONTROL,        CONTROL,        CONTROL,
 144 /* 240 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 145 /* 244 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 146 /* 250 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 147 /* 254 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 148 /* 260 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 149 /* 264 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 150 /* 270 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 151 /* 274 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 152 /* 300 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 153 /* 304 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 154 /* 310 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 155 /* 314 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 156 /* 320 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 157 /* 324 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 158 /* 330 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 159 /* 334 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 160 /* 340 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 161 /* 344 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 162 /* 350 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 163 /* 354 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 164 /* 360 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 165 /* 364 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 166 /* 370 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 167 /*
 168  * WARNING:  For EUC, 0xFF must be an ordinary character.  It is used with
 169  * single-byte EUC in some of the "ISO Latin Alphabet" codesets, and occupies
 170  * a screen position; in those ISO sets where that position isn't used, it
 171  * shouldn't make any difference.
 172  */
 173 /* 374 */       ORDINARY,       ORDINARY,       ORDINARY,       ORDINARY,
 174 };
 175 
 176 /*
 177  * Translation table for output without OLCUC.  All ORDINARY-class characters
 178  * translate to themselves.  All other characters have a zero in the table,
 179  * which stops the copying.
 180  */
 181 static unsigned char notrantab[256] = {
 182 /* 000 */       0,      0,      0,      0,      0,      0,      0,      0,
 183 /* 010 */       0,      0,      0,      0,      0,      0,      0,      0,
 184 /* 020 */       0,      0,      0,      0,      0,      0,      0,      0,
 185 /* 030 */       0,      0,      0,      0,      0,      0,      0,      0,
 186 /* 040 */       ' ',    '!',    '"',    '#',    '$',    '%',    '&',        '\'',
 187 /* 050 */       '(',    ')',    '*',    '+',    ',',    '-',    '.',    '/',
 188 /* 060 */       '0',    '1',    '2',    '3',    '4',    '5',    '6',    '7',
 189 /* 070 */       '8',    '9',    ':',    ';',    '<', '=',    '>', '?',
 190 /* 100 */       '@',    'A',    'B',    'C',    'D',    'E',    'F',    'G',
 191 /* 110 */       'H',    'I',    'J',    'K',    'L',    'M',    'N',    'O',
 192 /* 120 */       'P',    'Q',    'R',    'S',    'T',    'U',    'V',    'W',
 193 /* 130 */       'X',    'Y',    'Z',    '[',    '\\',   ']',    '^',    '_',
 194 /* 140 */       '`',    'a',    'b',    'c',    'd',    'e',    'f',    'g',
 195 /* 150 */       'h',    'i',    'j',    'k',    'l',    'm',    'n',    'o',
 196 /* 160 */       'p',    'q',    'r',    's',    't',    'u',    'v',    'w',
 197 /* 170 */       'x',    'y',    'z',    '{',    '|',    '}',    '~',    0,
 198 /* 200 */       0,      0,      0,      0,      0,      0,      0,      0,
 199 /* 210 */       0,      0,      0,      0,      0,      0,      0,      0,
 200 /* 220 */       0,      0,      0,      0,      0,      0,      0,      0,
 201 /* 230 */       0,      0,      0,      0,      0,      0,      0,      0,
 202 /* 240 */       0240,   0241,   0242,   0243,   0244,   0245,   0246,   0247,
 203 /* 250 */       0250,   0251,   0252,   0253,   0254,   0255,   0256,   0257,
 204 /* 260 */       0260,   0261,   0262,   0263,   0264,   0265,   0266,   0267,
 205 /* 270 */       0270,   0271,   0272,   0273,   0274,   0275,   0276,   0277,
 206 /* 300 */       0300,   0301,   0302,   0303,   0304,   0305,   0306,   0307,
 207 /* 310 */       0310,   0311,   0312,   0313,   0314,   0315,   0316,   0317,
 208 /* 320 */       0320,   0321,   0322,   0323,   0324,   0325,   0326,   0327,
 209 /* 330 */       0330,   0331,   0332,   0333,   0334,   0335,   0336,   0337,
 210 /* 340 */       0340,   0341,   0342,   0343,   0344,   0345,   0346,   0347,
 211 /* 350 */       0350,   0351,   0352,   0353,   0354,   0355,   0356,   0357,
 212 /* 360 */       0360,   0361,   0362,   0363,   0364,   0365,   0366,   0367,
 213 /*
 214  * WARNING: as for above ISO sets, \377 may be used.  Translate it to
 215  * itself.
 216  */
 217 /* 370 */       0370,   0371,   0372,   0373,   0374,   0375,   0376,   0377,
 218 };
 219 
 220 /*
 221  * Translation table for output with OLCUC.  All ORDINARY-class characters
 222  * translate to themselves, except for lower-case letters which translate
 223  * to their upper-case equivalents.  All other characters have a zero in
 224  * the table, which stops the copying.
 225  */
 226 static unsigned char lcuctab[256] = {
 227 /* 000 */       0,      0,      0,      0,      0,      0,      0,      0,
 228 /* 010 */       0,      0,      0,      0,      0,      0,      0,      0,
 229 /* 020 */       0,      0,      0,      0,      0,      0,      0,      0,
 230 /* 030 */       0,      0,      0,      0,      0,      0,      0,      0,
 231 /* 040 */       ' ',    '!',    '"',    '#',    '$',    '%',    '&',        '\'',
 232 /* 050 */       '(',    ')',    '*',    '+',    ',',    '-',    '.',    '/',
 233 /* 060 */       '0',    '1',    '2',    '3',    '4',    '5',    '6',    '7',
 234 /* 070 */       '8',    '9',    ':',    ';',    '<', '=',    '>', '?',
 235 /* 100 */       '@',    'A',    'B',    'C',    'D',    'E',    'F',    'G',
 236 /* 110 */       'H',    'I',    'J',    'K',    'L',    'M',    'N',    'O',
 237 /* 120 */       'P',    'Q',    'R',    'S',    'T',    'U',    'V',    'W',
 238 /* 130 */       'X',    'Y',    'Z',    '[',    '\\',   ']',    '^',    '_',
 239 /* 140 */       '`',    'A',    'B',    'C',    'D',    'E',    'F',    'G',
 240 /* 150 */       'H',    'I',    'J',    'K',    'L',    'M',    'N',    'O',
 241 /* 160 */       'P',    'Q',    'R',    'S',    'T',    'U',    'V',    'W',
 242 /* 170 */       'X',    'Y',    'Z',    '{',    '|',    '}',    '~',    0,
 243 /* 200 */       0,      0,      0,      0,      0,      0,      0,      0,
 244 /* 210 */       0,      0,      0,      0,      0,      0,      0,      0,
 245 /* 220 */       0,      0,      0,      0,      0,      0,      0,      0,
 246 /* 230 */       0,      0,      0,      0,      0,      0,      0,      0,
 247 /* 240 */       0240,   0241,   0242,   0243,   0244,   0245,   0246,   0247,
 248 /* 250 */       0250,   0251,   0252,   0253,   0254,   0255,   0256,   0257,
 249 /* 260 */       0260,   0261,   0262,   0263,   0264,   0265,   0266,   0267,
 250 /* 270 */       0270,   0271,   0272,   0273,   0274,   0275,   0276,   0277,
 251 /* 300 */       0300,   0301,   0302,   0303,   0304,   0305,   0306,   0307,
 252 /* 310 */       0310,   0311,   0312,   0313,   0314,   0315,   0316,   0317,
 253 /* 320 */       0320,   0321,   0322,   0323,   0324,   0325,   0326,   0327,
 254 /* 330 */       0330,   0331,   0332,   0333,   0334,   0335,   0336,   0337,
 255 /* 340 */       0340,   0341,   0342,   0343,   0344,   0345,   0346,   0347,
 256 /* 350 */       0350,   0351,   0352,   0353,   0354,   0355,   0356,   0357,
 257 /* 360 */       0360,   0361,   0362,   0363,   0364,   0365,   0366,   0367,
 258 /*
 259  * WARNING: as for above ISO sets, \377 may be used.  Translate it to
 260  * itself.
 261  */
 262 /* 370 */       0370,   0371,   0372,   0373,   0374,   0375,   0376,   0377,
 263 };
 264 
 265 /*
 266  * Input mapping table -- if an entry is non-zero, and XCASE is set,
 267  * when the corresponding character is typed preceded by "\" the escape
 268  * sequence is replaced by the table value.  Mostly used for
 269  * upper-case only terminals.
 270  */
 271 static char     imaptab[256] = {
 272 /* 000 */       0,      0,      0,      0,      0,      0,      0,      0,
 273 /* 010 */       0,      0,      0,      0,      0,      0,      0,      0,
 274 /* 020 */       0,      0,      0,      0,      0,      0,      0,      0,
 275 /* 030 */       0,      0,      0,      0,      0,      0,      0,      0,
 276 /* 040 */       0,      '|',    0,      0,      0,      0,      0,      '`',
 277 /* 050 */       '{',    '}',    0,      0,      0,      0,      0,      0,
 278 /* 060 */       0,      0,      0,      0,      0,      0,      0,      0,
 279 /* 070 */       0,      0,      0,      0,      0,      0,      0,      0,
 280 /* 100 */       0,      0,      0,      0,      0,      0,      0,      0,
 281 /* 110 */       0,      0,      0,      0,      0,      0,      0,      0,
 282 /* 120 */       0,      0,      0,      0,      0,      0,      0,      0,
 283 /* 130 */       0,      0,      0,      0,      '\\',   0,      '~',    0,
 284 /* 140 */       0,      'A',    'B',    'C',    'D',    'E',    'F',    'G',
 285 /* 150 */       'H',    'I',    'J',    'K',    'L',    'M',    'N',    'O',
 286 /* 160 */       'P',    'Q',    'R',    'S',    'T',    'U',    'V',    'W',
 287 /* 170 */       'X',    'Y',    'Z',    0,      0,      0,      0,      0,
 288 /* 200-377 aren't mapped */
 289 };
 290 
 291 /*
 292  * Output mapping table -- if an entry is non-zero, and XCASE is set,
 293  * the corresponding character is printed as "\" followed by the table
 294  * value.  Mostly used for upper-case only terminals.
 295  */
 296 static char     omaptab[256] = {
 297 /* 000 */       0,      0,      0,      0,      0,      0,      0,      0,
 298 /* 010 */       0,      0,      0,      0,      0,      0,      0,      0,
 299 /* 020 */       0,      0,      0,      0,      0,      0,      0,      0,
 300 /* 030 */       0,      0,      0,      0,      0,      0,      0,      0,
 301 /* 040 */       0,      0,      0,      0,      0,      0,      0,      0,
 302 /* 050 */       0,      0,      0,      0,      0,      0,      0,      0,
 303 /* 060 */       0,      0,      0,      0,      0,      0,      0,      0,
 304 /* 070 */       0,      0,      0,      0,      0,      0,      0,      0,
 305 /* 100 */       0,      'A',    'B',    'C',    'D',    'E',    'F',    'G',
 306 /* 110 */       'H',    'I',    'J',    'K',    'L',    'M',    'N',    'O',
 307 /* 120 */       'P',    'Q',    'R',    'S',    'T',    'U',    'V',    'W',
 308 /* 130 */       'X',    'Y',    'Z',    0,      0,      0,      0,      0,
 309 /* 140 */       '\'',   0,      0,      0,      0,      0,      0,      0,
 310 /* 150 */       0,      0,      0,      0,      0,      0,      0,      0,
 311 /* 160 */       0,      0,      0,      0,      0,      0,      0,      0,
 312 /* 170 */       0,      0,      0,      '(',    '!',    ')',    '^',    0,
 313 /* 200-377 aren't mapped */
 314 };
 315 
 316 /*
 317  * Translation table for TS_MEUC output without OLCUC.  All printing ASCII
 318  * characters translate to themselves.  All other _bytes_ have a zero in
 319  * the table, which stops the copying.  This and the following table exist
 320  * only so we can use the existing movtuc processing with or without OLCUC.
 321  * Maybe it speeds up something...because we can copy a block of characters
 322  * by only looking for zeros in the table.
 323  *
 324  * If we took the simple expedient of DISALLOWING "olcuc" with multi-byte
 325  * processing, we could rid ourselves of both these tables and save 512 bytes;
 326  * seriously, it doesn't make much sense to use olcuc with multi-byte, and
 327  * it will probably never be used.  Consideration should be given to disallowing
 328  * the combination TS_MEUC & OLCUC.
 329  */
 330 static unsigned char enotrantab[256] = {
 331 /* 000 */       0,      0,      0,      0,      0,      0,      0,      0,
 332 /* 010 */       0,      0,      0,      0,      0,      0,      0,      0,
 333 /* 020 */       0,      0,      0,      0,      0,      0,      0,      0,
 334 /* 030 */       0,      0,      0,      0,      0,      0,      0,      0,
 335 /* 040 */       ' ',    '!',    '"',    '#',    '$',    '%',    '&',        '\'',
 336 /* 050 */       '(',    ')',    '*',    '+',    ',',    '-',    '.',    '/',
 337 /* 060 */       '0',    '1',    '2',    '3',    '4',    '5',    '6',    '7',
 338 /* 070 */       '8',    '9',    ':',    ';',    '<', '=',    '>', '?',
 339 /* 100 */       '@',    'A',    'B',    'C',    'D',    'E',    'F',    'G',
 340 /* 110 */       'H',    'I',    'J',    'K',    'L',    'M',    'N',    'O',
 341 /* 120 */       'P',    'Q',    'R',    'S',    'T',    'U',    'V',    'W',
 342 /* 130 */       'X',    'Y',    'Z',    '[',    '\\',   ']',    '^',    '_',
 343 /* 140 */       '`',    'a',    'b',    'c',    'd',    'e',    'f',    'g',
 344 /* 150 */       'h',    'i',    'j',    'k',    'l',    'm',    'n',    'o',
 345 /* 160 */       'p',    'q',    'r',    's',    't',    'u',    'v',    'w',
 346 /* 170 */       'x',    'y',    'z',    '{',    '|',    '}',    '~',    0,
 347 /* 200 - 377 aren't mapped (they're stoppers). */
 348 };
 349 
 350 /*
 351  * Translation table for TS_MEUC output with OLCUC.  All printing ASCII
 352  * translate to themselves, except for lower-case letters which translate
 353  * to their upper-case equivalents.  All other bytes have a zero in
 354  * the table, which stops the copying.  Useless for ISO Latin Alphabet
 355  * translations, but *sigh* OLCUC is really only defined for ASCII anyway.
 356  * We only have this table so we can use the existing OLCUC processing with
 357  * TS_MEUC set (multi-byte mode).  Nobody would ever think of actually
 358  * _using_ it...would they?
 359  */
 360 static unsigned char elcuctab[256] = {
 361 /* 000 */       0,      0,      0,      0,      0,      0,      0,      0,
 362 /* 010 */       0,      0,      0,      0,      0,      0,      0,      0,
 363 /* 020 */       0,      0,      0,      0,      0,      0,      0,      0,
 364 /* 030 */       0,      0,      0,      0,      0,      0,      0,      0,
 365 /* 040 */       ' ',    '!',    '"',    '#',    '$',    '%',    '&',        '\'',
 366 /* 050 */       '(',    ')',    '*',    '+',    ',',    '-',    '.',    '/',
 367 /* 060 */       '0',    '1',    '2',    '3',    '4',    '5',    '6',    '7',
 368 /* 070 */       '8',    '9',    ':',    ';',    '<', '=',    '>', '?',
 369 /* 100 */       '@',    'A',    'B',    'C',    'D',    'E',    'F',    'G',
 370 /* 110 */       'H',    'I',    'J',    'K',    'L',    'M',    'N',    'O',
 371 /* 120 */       'P',    'Q',    'R',    'S',    'T',    'U',    'V',    'W',
 372 /* 130 */       'X',    'Y',    'Z',    '[',    '\\',   ']',    '^',    '_',
 373 /* 140 */       '`',    'A',    'B',    'C',    'D',    'E',    'F',    'G',
 374 /* 150 */       'H',    'I',    'J',    'K',    'L',    'M',    'N',    'O',
 375 /* 160 */       'P',    'Q',    'R',    'S',    'T',    'U',    'V',    'W',
 376 /* 170 */       'X',    'Y',    'Z',    '{',    '|',    '}',    '~',    0,
 377 /* 200 - 377 aren't mapped (they're stoppers). */
 378 };
 379 
 380 static struct streamtab ldtrinfo;
 381 
 382 static struct fmodsw fsw = {
 383         "ldterm",
 384         &ldtrinfo,
 385         D_MTQPAIR | D_MP | _D_SINGLE_INSTANCE
 386 };
 387 
 388 static struct modlstrmod modlstrmod = {
 389         &mod_strmodops, "terminal line discipline", &fsw
 390 };
 391 
 392 
 393 static struct modlinkage modlinkage = {
 394         MODREV_1, &modlstrmod, NULL
 395 };
 396 
 397 
 398 int
 399 _init(void)
 400 {
 401         return (mod_install(&modlinkage));
 402 }
 403 
 404 int
 405 _fini(void)
 406 {
 407         return (mod_remove(&modlinkage));
 408 }
 409 
 410 int
 411 _info(struct modinfo *modinfop)
 412 {
 413         return (mod_info(&modlinkage, modinfop));
 414 }
 415 
 416 
 417 static int      ldtermopen(queue_t *, dev_t *, int, int, cred_t *);
 418 static int      ldtermclose(queue_t *, int, cred_t *);
 419 static void     ldtermrput(queue_t *, mblk_t *);
 420 static void     ldtermrsrv(queue_t *);
 421 static int      ldtermrmsg(queue_t *, mblk_t *);
 422 static void     ldtermwput(queue_t *, mblk_t *);
 423 static void     ldtermwsrv(queue_t *);
 424 static int      ldtermwmsg(queue_t *, mblk_t *);
 425 static mblk_t   *ldterm_docanon(unsigned char, mblk_t *, size_t, queue_t *,
 426                                 ldtermstd_state_t *, int *);
 427 static int      ldterm_unget(ldtermstd_state_t *);
 428 static void     ldterm_trim(ldtermstd_state_t *);
 429 static void     ldterm_rubout(unsigned char, queue_t *, size_t,
 430                                 ldtermstd_state_t *);
 431 static int      ldterm_tabcols(ldtermstd_state_t *);
 432 static void     ldterm_erase(queue_t *, size_t, ldtermstd_state_t *);
 433 static void     ldterm_werase(queue_t *, size_t, ldtermstd_state_t *);
 434 static void     ldterm_kill(queue_t *, size_t, ldtermstd_state_t *);
 435 static void     ldterm_reprint(queue_t *, size_t, ldtermstd_state_t *);
 436 static mblk_t   *ldterm_dononcanon(mblk_t *, mblk_t *, size_t, queue_t *,
 437                                         ldtermstd_state_t *);
 438 static int      ldterm_echo(unsigned char, queue_t *, size_t,
 439                                 ldtermstd_state_t *);
 440 static void     ldterm_outchar(unsigned char, queue_t *, size_t,
 441                                 ldtermstd_state_t *);
 442 static void     ldterm_outstring(unsigned char *, int, queue_t *, size_t,
 443                                         ldtermstd_state_t *tp);
 444 static mblk_t   *newmsg(ldtermstd_state_t *);
 445 static void     ldterm_msg_upstream(queue_t *, ldtermstd_state_t *);
 446 static void     ldterm_wenable(void *);
 447 static mblk_t   *ldterm_output_msg(queue_t *, mblk_t *, mblk_t **,
 448                                 ldtermstd_state_t *, size_t, int);
 449 static void     ldterm_flush_output(unsigned char, queue_t *,
 450                                         ldtermstd_state_t *);
 451 static void     ldterm_dosig(queue_t *, int, unsigned char, int, int);
 452 static void     ldterm_do_ioctl(queue_t *, mblk_t *);
 453 static int      chgstropts(struct termios *, ldtermstd_state_t *, queue_t *);
 454 static void     ldterm_ioctl_reply(queue_t *, mblk_t *);
 455 static void     vmin_satisfied(queue_t *, ldtermstd_state_t *, int);
 456 static void     vmin_settimer(queue_t *);
 457 static void     vmin_timed_out(void *);
 458 static void     ldterm_adjust_modes(ldtermstd_state_t *);
 459 static void     ldterm_eucwarn(ldtermstd_state_t *);
 460 static void     cp_eucwioc(eucioc_t *, eucioc_t *, int);
 461 static int      ldterm_codeset(uchar_t, uchar_t);
 462 
 463 static void     ldterm_csi_erase(queue_t *, size_t, ldtermstd_state_t *);
 464 static void     ldterm_csi_werase(queue_t *, size_t, ldtermstd_state_t *);
 465 
 466 static uchar_t  ldterm_utf8_width(uchar_t *, int);
 467 
 468 /* Codeset type specific methods for EUC, PCCS, and, UTF-8 codeset types. */
 469 static int      __ldterm_dispwidth_euc(uchar_t, void *, int);
 470 static int      __ldterm_memwidth_euc(uchar_t, void *);
 471 
 472 static int      __ldterm_dispwidth_pccs(uchar_t, void *, int);
 473 static int      __ldterm_memwidth_pccs(uchar_t, void *);
 474 
 475 static int      __ldterm_dispwidth_utf8(uchar_t, void *, int);
 476 static int      __ldterm_memwidth_utf8(uchar_t, void *);
 477 
 478 static const ldterm_cs_methods_t cs_methods[LDTERM_CS_TYPE_MAX + 1] = {
 479         {
 480                 NULL,
 481                 NULL
 482         },
 483         {
 484                 __ldterm_dispwidth_euc,
 485                 __ldterm_memwidth_euc
 486         },
 487         {
 488                 __ldterm_dispwidth_pccs,
 489                 __ldterm_memwidth_pccs
 490         },
 491         {
 492                 __ldterm_dispwidth_utf8,
 493                 __ldterm_memwidth_utf8
 494         }
 495 };
 496 
 497 /*
 498  * The default codeset is presumably C locale's ISO 646 in EUC but
 499  * the data structure at below defined as the default codeset data also
 500  * support any single byte (EUC) locales.
 501  */
 502 static const ldterm_cs_data_t default_cs_data = {
 503         LDTERM_DATA_VERSION,
 504         LDTERM_CS_TYPE_EUC,
 505         (uchar_t)0,
 506         (uchar_t)0,
 507         (char *)NULL,
 508         {
 509                 '\0', '\0', '\0', '\0',
 510                 '\0', '\0', '\0', '\0',
 511                 '\0', '\0', '\0', '\0',
 512                 '\0', '\0', '\0', '\0',
 513                 '\0', '\0', '\0', '\0',
 514                 '\0', '\0', '\0', '\0',
 515                 '\0', '\0', '\0', '\0',
 516                 '\0', '\0', '\0', '\0',
 517                 '\0', '\0', '\0', '\0',
 518                 '\0', '\0', '\0', '\0'
 519         }
 520 };
 521 
 522 /*
 523  * The following tables are from either u8_textprep.c or uconv.c at
 524  * usr/src/common/unicode/. The tables are used to figure out corresponding
 525  * UTF-8 character byte lengths and also the validity of given character bytes.
 526  */
 527 extern const int8_t u8_number_of_bytes[];
 528 extern const uchar_t u8_masks_tbl[];
 529 extern const uint8_t u8_valid_min_2nd_byte[];
 530 extern const uint8_t u8_valid_max_2nd_byte[];
 531 
 532 /*
 533  * Unicode character width definition tables from uwidth.c:
 534  */
 535 extern const ldterm_unicode_data_cell_t ldterm_ucode[][16384];
 536 
 537 #ifdef LDDEBUG
 538 int     ldterm_debug = 0;
 539 #define DEBUG1(a)       if (ldterm_debug == 1) printf a
 540 #define DEBUG2(a)       if (ldterm_debug >= 2) printf a      /* allocations */
 541 #define DEBUG3(a)       if (ldterm_debug >= 3) printf a      /* M_CTL Stuff */
 542 #define DEBUG4(a)       if (ldterm_debug >= 4) printf a      /* M_READ Stuff */
 543 #define DEBUG5(a)       if (ldterm_debug >= 5) printf a
 544 #define DEBUG6(a)       if (ldterm_debug >= 6) printf a
 545 #define DEBUG7(a)       if (ldterm_debug >= 7) printf a
 546 #else
 547 #define DEBUG1(a)
 548 #define DEBUG2(a)
 549 #define DEBUG3(a)
 550 #define DEBUG4(a)
 551 #define DEBUG5(a)
 552 #define DEBUG6(a)
 553 #define DEBUG7(a)
 554 #endif          /* LDDEBUG */
 555 
 556 
 557 /*
 558  * Since most of the buffering occurs either at the stream head or in
 559  * the "message currently being assembled" buffer, we have a
 560  * relatively small input queue, so that blockages above us get
 561  * reflected fairly quickly to the module below us.  We also have a
 562  * small maximum packet size, since you can put a message of that
 563  * size on an empty queue no matter how much bigger than the high
 564  * water mark it is.
 565  */
 566 static struct module_info ldtermmiinfo = {
 567         0x0bad,
 568         "ldterm",
 569         0,
 570         _TTY_BUFSIZ,
 571         _TTY_BUFSIZ,
 572         LOWAT
 573 };
 574 
 575 
 576 static struct qinit ldtermrinit = {
 577         (int (*)())ldtermrput,
 578         (int (*)())ldtermrsrv,
 579         ldtermopen,
 580         ldtermclose,
 581         NULL,
 582         &ldtermmiinfo
 583 };
 584 
 585 
 586 static struct module_info ldtermmoinfo = {
 587         0x0bad,
 588         "ldterm",
 589         0,
 590         INFPSZ,
 591         1,
 592         0
 593 };
 594 
 595 
 596 static struct qinit ldtermwinit = {
 597         (int (*)())ldtermwput,
 598         (int (*)())ldtermwsrv,
 599         ldtermopen,
 600         ldtermclose,
 601         NULL,
 602         &ldtermmoinfo
 603 };
 604 
 605 
 606 static struct streamtab ldtrinfo = {
 607         &ldtermrinit,
 608         &ldtermwinit,
 609         NULL,
 610         NULL
 611 };
 612 
 613 /*
 614  * Dummy qbufcall callback routine used by open and close.
 615  * The framework will wake up qwait_sig when we return from
 616  * this routine (as part of leaving the perimeters.)
 617  * (The framework enters the perimeters before calling the qbufcall() callback
 618  * and leaves the perimeters after the callback routine has executed. The
 619  * framework performs an implicit wakeup of any thread in qwait/qwait_sig
 620  * when it leaves the perimeter. See qwait(9E).)
 621  */
 622 /* ARGSUSED */
 623 static void
 624 dummy_callback(void *arg)
 625 {}
 626 
 627 
 628 static mblk_t *
 629 open_ioctl(queue_t *q, uint_t cmd)
 630 {
 631         mblk_t *mp;
 632         bufcall_id_t id;
 633         int retv;
 634 
 635         while ((mp = mkiocb(cmd)) == NULL) {
 636                 id = qbufcall(q, sizeof (struct iocblk), BPRI_MED,
 637                     dummy_callback, NULL);
 638                 retv = qwait_sig(q);
 639                 qunbufcall(q, id);
 640                 if (retv == 0)
 641                         break;
 642         }
 643         return (mp);
 644 }
 645 
 646 static mblk_t *
 647 open_mblk(queue_t *q, size_t len)
 648 {
 649         mblk_t *mp;
 650         bufcall_id_t id;
 651         int retv;
 652 
 653         while ((mp = allocb(len, BPRI_MED)) == NULL) {
 654                 id = qbufcall(q, len, BPRI_MED, dummy_callback, NULL);
 655                 retv = qwait_sig(q);
 656                 qunbufcall(q, id);
 657                 if (retv == 0)
 658                         break;
 659         }
 660         return (mp);
 661 }
 662 
 663 /*
 664  * Line discipline open.
 665  */
 666 /* ARGSUSED1 */
 667 static int
 668 ldtermopen(queue_t *q, dev_t *devp, int oflag, int sflag, cred_t *crp)
 669 {
 670         ldtermstd_state_t *tp;
 671         mblk_t *bp, *qryp;
 672         int len;
 673         struct stroptions *strop;
 674         struct termios *termiosp;
 675         queue_t *wq;
 676 
 677         if (q->q_ptr != NULL) {
 678                 return (0);     /* already attached */
 679         }
 680 
 681         tp = (ldtermstd_state_t *)kmem_zalloc(sizeof (ldtermstd_state_t),
 682             KM_SLEEP);
 683 
 684         /*
 685          * Get termios defaults.  These are stored as
 686          * a property in the "options" node.
 687          */
 688         if (ddi_getlongprop(DDI_DEV_T_ANY, ddi_root_node(), DDI_PROP_NOTPROM,
 689             "ttymodes", (caddr_t)&termiosp, &len) == DDI_PROP_SUCCESS &&
 690             len == sizeof (struct termios)) {
 691                 tp->t_modes = *termiosp;
 692                 tp->t_amodes = *termiosp;
 693                 kmem_free(termiosp, len);
 694         } else {
 695                 /*
 696                  * Gack!  Whine about it.
 697                  */
 698                 cmn_err(CE_WARN, "ldterm: Couldn't get ttymodes property!");
 699         }
 700         bzero(&tp->t_dmodes, sizeof (struct termios));
 701 
 702         tp->t_state = 0;
 703 
 704         tp->t_line = 0;
 705         tp->t_col = 0;
 706 
 707         tp->t_rocount = 0;
 708         tp->t_rocol = 0;
 709 
 710         tp->t_message = NULL;
 711         tp->t_endmsg = NULL;
 712         tp->t_msglen = 0;
 713         tp->t_rd_request = 0;
 714 
 715         tp->t_echomp = NULL;
 716         tp->t_iocid = 0;
 717         tp->t_wbufcid = 0;
 718         tp->t_vtid = 0;
 719 
 720         q->q_ptr = (caddr_t)tp;
 721         WR(q)->q_ptr = (caddr_t)tp;
 722         /*
 723          * The following for EUC and also non-EUC codesets:
 724          */
 725         tp->t_codeset = tp->t_eucleft = tp->t_eucign = tp->t_scratch_len = 0;
 726         bzero(&tp->eucwioc, EUCSIZE);
 727         tp->eucwioc.eucw[0] = 1;     /* ASCII mem & screen width */
 728         tp->eucwioc.scrw[0] = 1;
 729         tp->t_maxeuc = 1;    /* the max len in bytes of an EUC char */
 730         tp->t_eucp = NULL;
 731         tp->t_csmethods = cs_methods[LDTERM_CS_TYPE_EUC];
 732         tp->t_csdata = default_cs_data;
 733 
 734         /*
 735          * Try to switch to UTF-8 mode by allocating buffer for multibyte
 736          * chars, keep EUC if allocation fails.
 737          */
 738         if ((tp->t_eucp_mp = allocb(_TTY_BUFSIZ, BPRI_HI)) != NULL) {
 739                 tp->t_eucp = tp->t_eucp_mp->b_rptr;
 740                 tp->t_state = TS_MEUC;       /* Multibyte mode. */
 741                 tp->t_maxeuc = 4; /* the max len in bytes of an UTF-8 char */
 742                 tp->t_csdata.codeset_type = LDTERM_CS_TYPE_UTF8;
 743                 tp->t_csdata.csinfo_num = 4;
 744                 /* locale_name needs string length with terminating NUL */
 745                 tp->t_csdata.locale_name = (char *)kmem_alloc(6, KM_SLEEP);
 746                 (void) strcpy(tp->t_csdata.locale_name, "UTF-8");
 747                 tp->t_csmethods = cs_methods[LDTERM_CS_TYPE_UTF8];
 748         }
 749         tp->t_eucwarn = 0;   /* no bad chars seen yet */
 750 
 751         qprocson(q);
 752 
 753         /*
 754          * Find out if the module below us does canonicalization; if
 755          * so, we won't do it ourselves.
 756          */
 757 
 758         if ((qryp = open_ioctl(q, MC_CANONQUERY)) == NULL)
 759                 goto open_abort;
 760 
 761         /*
 762          * Reformulate as an M_CTL message. The actual data will
 763          * be in the b_cont field.
 764          */
 765         qryp->b_datap->db_type = M_CTL;
 766         wq = OTHERQ(q);
 767         putnext(wq, qryp);
 768 
 769         /* allocate a TCSBRK ioctl in case we'll need it on close */
 770         if ((qryp = open_ioctl(q, TCSBRK)) == NULL)
 771                 goto open_abort;
 772         tp->t_drainmsg = qryp;
 773         if ((bp = open_mblk(q, sizeof (int))) == NULL)
 774                 goto open_abort;
 775         qryp->b_cont = bp;
 776 
 777         /*
 778          * Find out if the underlying driver supports proper POSIX close
 779          * semantics.  If not, we'll have to approximate it using TCSBRK.  If
 780          * it does, it will respond with MC_HAS_POSIX, and we'll catch that in
 781          * the ldtermrput routine.
 782          *
 783          * When the ldterm_drain_limit tunable is set to zero, we behave the
 784          * same as old ldterm: don't send this new message, and always use
 785          * TCSBRK during close.
 786          */
 787         if (ldterm_drain_limit != 0) {
 788                 if ((qryp = open_ioctl(q, MC_POSIXQUERY)) == NULL)
 789                         goto open_abort;
 790                 qryp->b_datap->db_type = M_CTL;
 791                 putnext(wq, qryp);
 792         }
 793 
 794         /* prepare to clear the water marks on close */
 795         if ((bp = open_mblk(q, sizeof (struct stroptions))) == NULL)
 796                 goto open_abort;
 797         tp->t_closeopts = bp;
 798 
 799         /*
 800          * Set the high-water and low-water marks on the stream head
 801          * to values appropriate for a terminal.  Also set the "vmin"
 802          * and "vtime" values to 1 and 0, turn on message-nondiscard
 803          * mode (as we're in ICANON mode), and turn on "old-style
 804          * NODELAY" mode.
 805          */
 806         if ((bp = open_mblk(q, sizeof (struct stroptions))) == NULL)
 807                 goto open_abort;
 808         strop = (struct stroptions *)bp->b_wptr;
 809         strop->so_flags = SO_READOPT|SO_HIWAT|SO_LOWAT|SO_NDELON|SO_ISTTY;
 810         strop->so_readopt = RMSGN;
 811         strop->so_hiwat = _TTY_BUFSIZ;
 812         strop->so_lowat = LOWAT;
 813         bp->b_wptr += sizeof (struct stroptions);
 814         bp->b_datap->db_type = M_SETOPTS;
 815         putnext(q, bp);
 816 
 817         return (0);             /* this can become a controlling TTY */
 818 
 819 open_abort:
 820         qprocsoff(q);
 821         q->q_ptr = NULL;
 822         WR(q)->q_ptr = NULL;
 823         freemsg(tp->t_closeopts);
 824         freemsg(tp->t_drainmsg);
 825         /* Dump the state structure */
 826         kmem_free(tp, sizeof (ldtermstd_state_t));
 827         return (EINTR);
 828 }
 829 
 830 struct close_timer {
 831         timeout_id_t id;
 832         ldtermstd_state_t *tp;
 833 };
 834 
 835 static void
 836 drain_timed_out(void *arg)
 837 {
 838         struct close_timer *ctp = arg;
 839 
 840         ctp->id = 0;
 841         ctp->tp->t_state &= ~TS_IOCWAIT;
 842 }
 843 
 844 /* ARGSUSED2 */
 845 static int
 846 ldtermclose(queue_t *q, int cflag, cred_t *crp)
 847 {
 848         ldtermstd_state_t *tp = (ldtermstd_state_t *)q->q_ptr;
 849         struct stroptions *strop;
 850         mblk_t *bp;
 851         struct close_timer cltimer;
 852 
 853         /*
 854          * If we have an outstanding vmin timeout, cancel it.
 855          */
 856         tp->t_state |= TS_CLOSE;
 857         if (tp->t_vtid != 0)
 858                 (void) quntimeout(q, tp->t_vtid);
 859         tp->t_vtid = 0;
 860 
 861         /*
 862          * Cancel outstanding qbufcall request.
 863          */
 864         if (tp->t_wbufcid != 0)
 865                 qunbufcall(q, tp->t_wbufcid);
 866 
 867         /*
 868          * Reset the high-water and low-water marks on the stream
 869          * head (?), turn on byte-stream mode, and turn off
 870          * "old-style NODELAY" mode.
 871          */
 872         bp = tp->t_closeopts;
 873         strop = (struct stroptions *)bp->b_wptr;
 874         strop->so_flags = SO_READOPT|SO_NDELOFF;
 875         strop->so_readopt = RNORM;
 876         bp->b_wptr += sizeof (struct stroptions);
 877         bp->b_datap->db_type = M_SETOPTS;
 878         putnext(q, bp);
 879 
 880         if (cflag & (FNDELAY|FNONBLOCK)) {
 881                 freemsg(tp->t_drainmsg);
 882         } else if ((bp = tp->t_drainmsg) != NULL) {
 883                 struct iocblk *iocb;
 884 
 885                 /*
 886                  * If the driver isn't known to have POSIX close semantics,
 887                  * then we have to emulate this the old way.  This is done by
 888                  * sending down TCSBRK,1 to drain the output and waiting for
 889                  * the reply.
 890                  */
 891                 iocb = (struct iocblk *)bp->b_rptr;
 892                 iocb->ioc_count = sizeof (int);
 893                 *(int *)bp->b_cont->b_rptr = 1;
 894                 bp->b_cont->b_wptr += sizeof (int);
 895                 tp->t_state |= TS_IOCWAIT;
 896                 tp->t_iocid = iocb->ioc_id;
 897                 if (!putq(WR(q), bp))
 898                         putnext(WR(q), bp);
 899 
 900                 /*
 901                  * If we're not able to receive signals at this point, then
 902                  * launch a timer.  This timer will prevent us from waiting
 903                  * forever for a signal that won't arrive.
 904                  */
 905                 cltimer.id = 0;
 906                 if (!ddi_can_receive_sig() && ldterm_drain_limit != 0) {
 907                         cltimer.tp = tp;
 908                         cltimer.id = qtimeout(q, drain_timed_out, &cltimer,
 909                             drv_usectohz(ldterm_drain_limit));
 910                 }
 911 
 912                 /*
 913                  * Note that the read side of ldterm and the qtimeout are
 914                  * protected by D_MTQPAIR, so no additional locking is needed
 915                  * here.
 916                  */
 917                 while (tp->t_state & TS_IOCWAIT) {
 918                         if (qwait_sig(q) == 0)
 919                                 break;
 920                 }
 921                 if (cltimer.id != 0)
 922                         (void) quntimeout(q, cltimer.id);
 923         }
 924 
 925         /*
 926          * From here to the end, the routine does not sleep and does not
 927          * reference STREAMS, so it's guaranteed to run to completion.
 928          */
 929 
 930         qprocsoff(q);
 931 
 932         freemsg(tp->t_message);
 933         freemsg(tp->t_eucp_mp);
 934 
 935         /* Dump the state structure, then unlink it */
 936         if (tp->t_csdata.locale_name != NULL)
 937                 kmem_free(tp->t_csdata.locale_name,
 938                     strlen(tp->t_csdata.locale_name) + 1);
 939         kmem_free(tp, sizeof (ldtermstd_state_t));
 940         q->q_ptr = NULL;
 941         return (0);
 942 }
 943 
 944 
 945 /*
 946  * Put procedure for input from driver end of stream (read queue).
 947  */
 948 static void
 949 ldtermrput(queue_t *q, mblk_t *mp)
 950 {
 951         ldtermstd_state_t *tp;
 952         unsigned char c;
 953         queue_t *wrq = WR(q);           /* write queue of ldterm mod */
 954         queue_t *nextq = q->q_next;  /* queue below us */
 955         mblk_t *bp;
 956         struct iocblk *qryp;
 957         unsigned char *readp;
 958         unsigned char *writep;
 959         struct termios *emodes;         /* effective modes set by driver */
 960         int dbtype;
 961 
 962         tp = (ldtermstd_state_t *)q->q_ptr;
 963         /*
 964          * We received our ack from the driver saying there is nothing left to
 965          * shovel out, so wake up the close routine.
 966          */
 967         dbtype = DB_TYPE(mp);
 968         if ((dbtype == M_IOCACK || dbtype == M_IOCNAK) &&
 969             (tp->t_state & (TS_CLOSE|TS_IOCWAIT)) == (TS_CLOSE|TS_IOCWAIT)) {
 970                 struct iocblk *iocp = (struct iocblk *)mp->b_rptr;
 971 
 972                 if (iocp->ioc_id == tp->t_iocid) {
 973                         tp->t_state &= ~TS_IOCWAIT;
 974                         freemsg(mp);
 975                         return;
 976                 }
 977         }
 978 
 979         switch (dbtype) {
 980 
 981         default:
 982                 (void) putq(q, mp);
 983                 return;
 984 
 985                 /*
 986                  * Send these up unmolested
 987                  *
 988                  */
 989         case M_PCSIG:
 990         case M_SIG:
 991         case M_IOCNAK:
 992 
 993                 putnext(q, mp);
 994                 return;
 995 
 996         case M_IOCACK:
 997 
 998                 ldterm_ioctl_reply(q, mp);
 999                 return;
1000 
1001         case M_BREAK:
1002 
1003                 /*
1004                  * Parity errors are sent up as M_BREAKS with single
1005                  * character data (formerly handled in the driver)
1006                  */
1007                 if (mp->b_wptr - mp->b_rptr == 1) {
1008                         /*
1009                          * IGNPAR       PARMRK          RESULT
1010                          * off          off             0
1011                          * off          on              3 byte sequence
1012                          * on           either          ignored
1013                          */
1014                         if (!(tp->t_amodes.c_iflag & IGNPAR)) {
1015                                 mp->b_wptr = mp->b_rptr;
1016                                 if (tp->t_amodes.c_iflag & PARMRK) {
1017                                         unsigned char c;
1018 
1019                                         c = *mp->b_rptr;
1020                                         freemsg(mp);
1021                                         if ((mp = allocb(3, BPRI_HI)) == NULL) {
1022                                                 cmn_err(CE_WARN,
1023                                                     "ldtermrput: no blocks");
1024                                                 return;
1025                                         }
1026                                         mp->b_datap->db_type = M_DATA;
1027                                         *mp->b_wptr++ = (uchar_t)'\377';
1028                                         *mp->b_wptr++ = '\0';
1029                                         *mp->b_wptr++ = c;
1030                                         putnext(q, mp);
1031                                 } else {
1032                                         mp->b_datap->db_type = M_DATA;
1033                                         *mp->b_wptr++ = '\0';
1034                                         putnext(q, mp);
1035                                 }
1036                         } else {
1037                                 freemsg(mp);
1038                         }
1039                         return;
1040                 }
1041                 /*
1042                  * We look at the apparent modes here instead of the
1043                  * effective modes. Effective modes cannot be used if
1044                  * IGNBRK, BRINT and PARMRK have been negotiated to
1045                  * be handled by the driver. Since M_BREAK should be
1046                  * sent upstream only if break processing was not
1047                  * already done, it should be ok to use the apparent
1048                  * modes.
1049                  */
1050 
1051                 if (!(tp->t_amodes.c_iflag & IGNBRK)) {
1052                         if (tp->t_amodes.c_iflag & BRKINT) {
1053                                 ldterm_dosig(q, SIGINT, '\0', M_PCSIG, FLUSHRW);
1054                                 freemsg(mp);
1055                         } else if (tp->t_amodes.c_iflag & PARMRK) {
1056                                 /*
1057                                  * Send '\377','\0', '\0'.
1058                                  */
1059                                 freemsg(mp);
1060                                 if ((mp = allocb(3, BPRI_HI)) == NULL) {
1061                                         cmn_err(CE_WARN,
1062                                             "ldtermrput: no blocks");
1063                                         return;
1064                                 }
1065                                 mp->b_datap->db_type = M_DATA;
1066                                 *mp->b_wptr++ = (uchar_t)'\377';
1067                                 *mp->b_wptr++ = '\0';
1068                                 *mp->b_wptr++ = '\0';
1069                                 putnext(q, mp);
1070                         } else {
1071                                 /*
1072                                  * Act as if a '\0' came in.
1073                                  */
1074                                 freemsg(mp);
1075                                 if ((mp = allocb(1, BPRI_HI)) == NULL) {
1076                                         cmn_err(CE_WARN,
1077                                             "ldtermrput: no blocks");
1078                                         return;
1079                                 }
1080                                 mp->b_datap->db_type = M_DATA;
1081                                 *mp->b_wptr++ = '\0';
1082                                 putnext(q, mp);
1083                         }
1084                 } else {
1085                         freemsg(mp);
1086                 }
1087                 return;
1088 
1089         case M_CTL:
1090                 DEBUG3(("ldtermrput: M_CTL received\n"));
1091                 /*
1092                  * The M_CTL has been standardized to look like an
1093                  * M_IOCTL message.
1094                  */
1095 
1096                 if ((mp->b_wptr - mp->b_rptr) != sizeof (struct iocblk)) {
1097                         DEBUG3((
1098                             "Non standard M_CTL received by ldterm module\n"));
1099                         /* May be for someone else; pass it on */
1100                         putnext(q, mp);
1101                         return;
1102                 }
1103                 qryp = (struct iocblk *)mp->b_rptr;
1104 
1105                 switch (qryp->ioc_cmd) {
1106 
1107                 case MC_PART_CANON:
1108 
1109                         DEBUG3(("ldtermrput: M_CTL Query Reply\n"));
1110                         if (!mp->b_cont) {
1111                                 DEBUG3(("No information in Query Message\n"));
1112                                 break;
1113                         }
1114                         if ((mp->b_cont->b_wptr - mp->b_cont->b_rptr) ==
1115                             sizeof (struct termios)) {
1116                                 DEBUG3(("ldtermrput: M_CTL GrandScheme\n"));
1117                                 /* elaborate turning off scheme */
1118                                 emodes = (struct termios *)mp->b_cont->b_rptr;
1119                                 bcopy(emodes, &tp->t_dmodes,
1120                                         sizeof (struct termios));
1121                                 ldterm_adjust_modes(tp);
1122                                 break;
1123                         } else {
1124                                 DEBUG3(("Incorrect query replysize\n"));
1125                                 break;
1126                         }
1127 
1128                 case MC_NO_CANON:
1129                         tp->t_state |= TS_NOCANON;
1130                         /*
1131                          * Note: this is very nasty.  It's not clear
1132                          * what the right thing to do with a partial
1133                          * message is; We throw it out
1134                          */
1135                         if (tp->t_message != NULL) {
1136                                 freemsg(tp->t_message);
1137                                 tp->t_message = NULL;
1138                                 tp->t_endmsg = NULL;
1139                                 tp->t_msglen = 0;
1140                                 tp->t_rocount = 0;
1141                                 tp->t_rocol = 0;
1142                                 if (tp->t_state & TS_MEUC) {
1143                                         ASSERT(tp->t_eucp_mp);
1144                                         tp->t_eucp = tp->t_eucp_mp->b_rptr;
1145                                         tp->t_codeset = 0;
1146                                         tp->t_eucleft = 0;
1147                                 }
1148                         }
1149                         break;
1150 
1151                 case MC_DO_CANON:
1152                         tp->t_state &= ~TS_NOCANON;
1153                         break;
1154 
1155                 case MC_HAS_POSIX:
1156                         /* no longer any reason to drain from ldterm */
1157                         if (ldterm_drain_limit != 0) {
1158                                 freemsg(tp->t_drainmsg);
1159                                 tp->t_drainmsg = NULL;
1160                         }
1161                         break;
1162 
1163                 default:
1164                         DEBUG3(("Unknown M_CTL Message\n"));
1165                         break;
1166                 }
1167                 putnext(q, mp); /* In case anyone else has to see it */
1168                 return;
1169 
1170         case M_FLUSH:
1171                 /*
1172                  * Flush everything we haven't looked at yet.
1173                  */
1174 
1175                 if ((tp->t_state & TS_ISPTSTTY) && (*mp->b_rptr & FLUSHBAND))
1176                         flushband(q, *(mp->b_rptr + 1), FLUSHDATA);
1177                 else
1178                         flushq(q, FLUSHDATA);
1179 
1180                 /*
1181                  * Flush everything we have looked at.
1182                  */
1183                 freemsg(tp->t_message);
1184                 tp->t_message = NULL;
1185                 tp->t_endmsg = NULL;
1186                 tp->t_msglen = 0;
1187                 tp->t_rocount = 0;
1188                 tp->t_rocol = 0;
1189                 if (tp->t_state & TS_MEUC) {     /* EUC multi-byte */
1190                         ASSERT(tp->t_eucp_mp);
1191                         tp->t_eucp = tp->t_eucp_mp->b_rptr;
1192                 }
1193                 putnext(q, mp); /* pass it on */
1194 
1195                 /*
1196                  * Relieve input flow control
1197                  */
1198                 if ((tp->t_modes.c_iflag & IXOFF) &&
1199                     (tp->t_state & TS_TBLOCK) &&
1200                     !(tp->t_state & TS_IFBLOCK) && q->q_count <= TTXOLO) {
1201                         tp->t_state &= ~TS_TBLOCK;
1202                         (void) putnextctl(wrq, M_STARTI);
1203                         DEBUG1(("M_STARTI down\n"));
1204                 }
1205                 return;
1206 
1207         case M_DATA:
1208                 break;
1209         }
1210         (void) drv_setparm(SYSRAWC, msgdsize(mp));
1211 
1212         /*
1213          * Flow control: send "start input" message if blocked and
1214          * our queue is below its low water mark.
1215          */
1216         if ((tp->t_modes.c_iflag & IXOFF) && (tp->t_state & TS_TBLOCK) &&
1217             !(tp->t_state & TS_IFBLOCK) && q->q_count <= TTXOLO) {
1218                 tp->t_state &= ~TS_TBLOCK;
1219                 (void) putnextctl(wrq, M_STARTI);
1220                 DEBUG1(("M_STARTI down\n"));
1221         }
1222         /*
1223          * If somebody below us ("intelligent" communications
1224          * board, pseudo-tty controlled by an editor) is doing
1225          * canonicalization, don't scan it for special characters.
1226          */
1227         if (tp->t_state & TS_NOCANON) {
1228                 (void) putq(q, mp);
1229                 return;
1230         }
1231         bp = mp;
1232 
1233         do {
1234                 readp = bp->b_rptr;
1235                 writep = readp;
1236                 if (tp->t_modes.c_iflag & (INLCR|IGNCR|ICRNL|IUCLC|IXON) ||
1237                     tp->t_modes.c_lflag & (ISIG|ICANON)) {
1238                         /*
1239                          * We're doing some sort of non-trivial
1240                          * processing of input; look at every
1241                          * character.
1242                          */
1243                         while (readp < bp->b_wptr) {
1244                                 c = *readp++;
1245 
1246                                 if (tp->t_modes.c_iflag & ISTRIP)
1247                                         c &= 0177;
1248 
1249                                 /*
1250                                  * First, check that this hasn't been
1251                                  * escaped with the "literal next"
1252                                  * character.
1253                                  */
1254                                 if (tp->t_state & TS_PLNCH) {
1255                                         tp->t_state &= ~TS_PLNCH;
1256                                         tp->t_modes.c_lflag &= ~FLUSHO;
1257                                         *writep++ = c;
1258                                         continue;
1259                                 }
1260                                 /*
1261                                  * Setting a special character to NUL
1262                                  * disables it, so if this character
1263                                  * is NUL, it should not be compared
1264                                  * with any of the special characters.
1265                                  * It should, however, restart frozen
1266                                  * output if IXON and IXANY are set.
1267                                  */
1268                                 if (c == _POSIX_VDISABLE) {
1269                                         if (tp->t_modes.c_iflag & IXON &&
1270                                             tp->t_state & TS_TTSTOP &&
1271                                             tp->t_modes.c_lflag & IEXTEN &&
1272                                             tp->t_modes.c_iflag & IXANY) {
1273                                                 tp->t_state &=
1274                                                     ~(TS_TTSTOP|TS_OFBLOCK);
1275                                                 (void) putnextctl(wrq, M_START);
1276                                         }
1277                                         tp->t_modes.c_lflag &= ~FLUSHO;
1278                                         *writep++ = c;
1279                                         continue;
1280                                 }
1281                                 /*
1282                                  * If stopped, start if you can; if
1283                                  * running, stop if you must.
1284                                  */
1285                                 if (tp->t_modes.c_iflag & IXON) {
1286                                         if (tp->t_state & TS_TTSTOP) {
1287                                                 if (c ==
1288                                                     tp->t_modes.c_cc[VSTART] ||
1289                                                     (tp->t_modes.c_lflag &
1290                                                     IEXTEN &&
1291                                                     tp->t_modes.c_iflag &
1292                                                     IXANY)) {
1293                                                         tp->t_state &=
1294                                                             ~(TS_TTSTOP |
1295                                                             TS_OFBLOCK);
1296                                                         (void) putnextctl(wrq,
1297                                                             M_START);
1298                                                 }
1299                                         } else {
1300                                                 if (c ==
1301                                                     tp->t_modes.c_cc[VSTOP]) {
1302                                                         tp->t_state |=
1303                                                             TS_TTSTOP;
1304                                                         (void) putnextctl(wrq,
1305                                                             M_STOP);
1306                                                 }
1307                                         }
1308                                         if (c == tp->t_modes.c_cc[VSTOP] ||
1309                                             c == tp->t_modes.c_cc[VSTART])
1310                                                 continue;
1311                                 }
1312                                 /*
1313                                  * Check for "literal next" character
1314                                  * and "flush output" character.
1315                                  * Note that we omit checks for ISIG
1316                                  * and ICANON, since the IEXTEN
1317                                  * setting subsumes them.
1318                                  */
1319                                 if (tp->t_modes.c_lflag & IEXTEN) {
1320                                         if (c == tp->t_modes.c_cc[VLNEXT]) {
1321                                                 /*
1322                                                  * Remember that we saw a
1323                                                  * "literal next" while
1324                                                  * scanning input, but leave
1325                                                  * leave it in the message so
1326                                                  * that the service routine
1327                                                  * can see it too.
1328                                                  */
1329                                                 tp->t_state |= TS_PLNCH;
1330                                                 tp->t_modes.c_lflag &= ~FLUSHO;
1331                                                 *writep++ = c;
1332                                                 continue;
1333                                         }
1334                                         if (c == tp->t_modes.c_cc[VDISCARD]) {
1335                                                 ldterm_flush_output(c, wrq, tp);
1336                                                 continue;
1337                                         }
1338                                 }
1339                                 tp->t_modes.c_lflag &= ~FLUSHO;
1340 
1341                                 /*
1342                                  * Check for signal-generating
1343                                  * characters.
1344                                  */
1345                                 if (tp->t_modes.c_lflag & ISIG) {
1346                                         if (c == tp->t_modes.c_cc[VINTR]) {
1347                                                 ldterm_dosig(q, SIGINT, c,
1348                                                     M_PCSIG, FLUSHRW);
1349                                                 continue;
1350                                         }
1351                                         if (c == tp->t_modes.c_cc[VQUIT]) {
1352                                                 ldterm_dosig(q, SIGQUIT, c,
1353                                                     M_PCSIG, FLUSHRW);
1354                                                 continue;
1355                                         }
1356                                         if (c == tp->t_modes.c_cc[VSWTCH]) {
1357                                                 /*
1358                                                  * Ancient SXT support; discard
1359                                                  * character without action.
1360                                                  */
1361                                                 continue;
1362                                         }
1363                                         if (c == tp->t_modes.c_cc[VSUSP]) {
1364                                                 ldterm_dosig(q, SIGTSTP, c,
1365                                                     M_PCSIG, FLUSHRW);
1366                                                 continue;
1367                                         }
1368                                         if ((tp->t_modes.c_lflag & IEXTEN) &&
1369                                             (c == tp->t_modes.c_cc[VDSUSP])) {
1370                                                 ldterm_dosig(q, SIGTSTP, c,
1371                                                     M_SIG, 0);
1372                                                 continue;
1373                                         }
1374 
1375                                         /*
1376                                          * Consumers do not expect the ^T to be
1377                                          * echoed out when we generate a
1378                                          * VSTATUS.
1379                                          */
1380                                         if (c == tp->t_modes.c_cc[VSTATUS]) {
1381                                                 ldterm_dosig(q, SIGINFO, '\0',
1382                                                     M_PCSIG, FLUSHRW);
1383                                                 continue;
1384                                         }
1385                                 }
1386                                 /*
1387                                  * Throw away CR if IGNCR set, or
1388                                  * turn it into NL if ICRNL set.
1389                                  */
1390                                 if (c == '\r') {
1391                                         if (tp->t_modes.c_iflag & IGNCR)
1392                                                 continue;
1393                                         if (tp->t_modes.c_iflag & ICRNL)
1394                                                 c = '\n';
1395                                 } else {
1396                                         /*
1397                                          * Turn NL into CR if INLCR
1398                                          * set.
1399                                          */
1400                                         if (c == '\n' &&
1401                                             tp->t_modes.c_iflag & INLCR)
1402                                                 c = '\r';
1403                                 }
1404 
1405                                 /*
1406                                  * Map upper case input to lower case
1407                                  * if IUCLC flag set.
1408                                  */
1409                                 if (tp->t_modes.c_iflag & IUCLC &&
1410                                     c >= 'A' && c <= 'Z')
1411                                         c += 'a' - 'A';
1412 
1413                                 /*
1414                                  * Put the possibly-transformed
1415                                  * character back in the message.
1416                                  */
1417                                 *writep++ = c;
1418                         }
1419 
1420                         /*
1421                          * If we didn't copy some characters because
1422                          * we were ignoring them, fix the size of the
1423                          * data block by adjusting the write pointer.
1424                          * XXX This may result in a zero-length
1425                          * block; will this cause anybody gastric
1426                          * distress?
1427                          */
1428                         bp->b_wptr -= (readp - writep);
1429                 } else {
1430                         /*
1431                          * We won't be doing anything other than
1432                          * possibly stripping the input.
1433                          */
1434                         if (tp->t_modes.c_iflag & ISTRIP) {
1435                                 while (readp < bp->b_wptr)
1436                                         *writep++ = *readp++ & 0177;
1437                         }
1438                         tp->t_modes.c_lflag &= ~FLUSHO;
1439                 }
1440 
1441         } while ((bp = bp->b_cont) != NULL); /* next block, if any */
1442 
1443         /*
1444          * Queue the message for service procedure if the
1445          * queue is not empty or canputnext() fails or
1446          * tp->t_state & TS_RESCAN is true.
1447          */
1448 
1449         if (q->q_first != NULL || !bcanputnext(q, mp->b_band) ||
1450             (tp->t_state & TS_RESCAN))
1451                 (void) putq(q, mp);
1452         else
1453                 (void) ldtermrmsg(q, mp);
1454 
1455         /*
1456          * Flow control: send "stop input" message if our queue is
1457          * approaching its high-water mark. The message will be
1458          * dropped on the floor in the service procedure, if we
1459          * cannot ship it up and we have had it upto our neck!
1460          *
1461          * Set QWANTW to ensure that the read queue service procedure
1462          * gets run when nextq empties up again, so that it can
1463          * unstop the input.
1464          */
1465         if ((tp->t_modes.c_iflag & IXOFF) && !(tp->t_state & TS_TBLOCK) &&
1466             q->q_count >= TTXOHI) {
1467                 mutex_enter(QLOCK(nextq));
1468                 nextq->q_flag |= QWANTW;
1469                 mutex_exit(QLOCK(nextq));
1470                 tp->t_state |= TS_TBLOCK;
1471                 (void) putnextctl(wrq, M_STOPI);
1472                 DEBUG1(("M_STOPI down\n"));
1473         }
1474 }
1475 
1476 
1477 /*
1478  * Line discipline input server processing.  Erase/kill and escape
1479  * ('\') processing, gathering into messages, upper/lower case input
1480  * mapping.
1481  */
1482 static void
1483 ldtermrsrv(queue_t *q)
1484 {
1485         ldtermstd_state_t *tp;
1486         mblk_t *mp;
1487 
1488         tp = (ldtermstd_state_t *)q->q_ptr;
1489 
1490         if (tp->t_state & TS_RESCAN) {
1491                 /*
1492                  * Canonicalization was turned on or off. Put the
1493                  * message being assembled back in the input queue,
1494                  * so that we rescan it.
1495                  */
1496                 if (tp->t_message != NULL) {
1497                         DEBUG5(("RESCAN WAS SET; put back in q\n"));
1498                         if (tp->t_msglen != 0)
1499                                 (void) putbq(q, tp->t_message);
1500                         else
1501                                 freemsg(tp->t_message);
1502                         tp->t_message = NULL;
1503                         tp->t_endmsg = NULL;
1504                         tp->t_msglen = 0;
1505                 }
1506                 if (tp->t_state & TS_MEUC) {
1507                         ASSERT(tp->t_eucp_mp);
1508                         tp->t_eucp = tp->t_eucp_mp->b_rptr;
1509                         tp->t_codeset = 0;
1510                         tp->t_eucleft = 0;
1511                 }
1512                 tp->t_state &= ~TS_RESCAN;
1513         }
1514 
1515         while ((mp = getq(q)) != NULL) {
1516                 if (!ldtermrmsg(q, mp))
1517                         break;
1518         }
1519 
1520         /*
1521          * Flow control: send start message if blocked and our queue
1522          * is below its low water mark.
1523          */
1524         if ((tp->t_modes.c_iflag & IXOFF) && (tp->t_state & TS_TBLOCK) &&
1525             !(tp->t_state & TS_IFBLOCK) && q->q_count <= TTXOLO) {
1526                 tp->t_state &= ~TS_TBLOCK;
1527                 (void) putctl(WR(q), M_STARTI);
1528         }
1529 }
1530 
1531 /*
1532  * This routine is called from both ldtermrput and ldtermrsrv to
1533  * do the actual work of dealing with mp. Return 1 on sucesss and
1534  * 0 on failure.
1535  */
1536 static int
1537 ldtermrmsg(queue_t *q, mblk_t *mp)
1538 {
1539         unsigned char c;
1540         int dofree;
1541         int status = 1;
1542         size_t   ebsize;
1543         mblk_t *bp;
1544         mblk_t *bpt;
1545         ldtermstd_state_t *tp;
1546 
1547         bpt = NULL;
1548 
1549         tp = (ldtermstd_state_t *)q->q_ptr;
1550 
1551         if (mp->b_datap->db_type <= QPCTL && !bcanputnext(q, mp->b_band)) {
1552                 /*
1553                  * Stream head is flow controlled. If echo is
1554                  * turned on, flush the read side or send a
1555                  * bell down the line to stop input and
1556                  * process the current message.
1557                  * Otherwise(putbq) the user will not see any
1558                  * response to to the typed input. Typically
1559                  * happens if there is no reader process.
1560                  * Note that you will loose the data in this
1561                  * case if the data is coming too fast. There
1562                  * is an assumption here that if ECHO is
1563                  * turned on its some user typing the data on
1564                  * a terminal and its not network.
1565                  */
1566                 if (tp->t_modes.c_lflag & ECHO) {
1567                         if ((tp->t_modes.c_iflag & IMAXBEL) &&
1568                             (tp->t_modes.c_lflag & ICANON)) {
1569                                 freemsg(mp);
1570                                 if (canputnext(WR(q)))
1571                                         ldterm_outchar(CTRL('g'), WR(q), 4, tp);
1572                                 status = 0;
1573                                 goto echo;
1574                         } else {
1575                                 (void) putctl1(q, M_FLUSH, FLUSHR);
1576                         }
1577                 } else {
1578                         (void) putbq(q, mp);
1579                         status = 0;
1580                         goto out;       /* read side is blocked */
1581                 }
1582         }
1583         switch (mp->b_datap->db_type) {
1584 
1585         default:
1586                 putnext(q, mp); /* pass it on */
1587                 goto out;
1588 
1589         case M_HANGUP:
1590                 /*
1591                  * Flush everything we haven't looked at yet.
1592                  */
1593                 flushq(q, FLUSHDATA);
1594 
1595                 /*
1596                  * Flush everything we have looked at.
1597                  */
1598                 freemsg(tp->t_message);
1599                 tp->t_message = NULL;
1600                 tp->t_endmsg = NULL;
1601                 tp->t_msglen = 0;
1602                 /*
1603                  * XXX  should we set read request
1604                  * tp->t_rd_request to NULL?
1605                  */
1606                 tp->t_rocount = 0;   /* if it hasn't been typed */
1607                 tp->t_rocol = 0;     /* it hasn't been echoed :-) */
1608                 if (tp->t_state & TS_MEUC) {
1609                         ASSERT(tp->t_eucp_mp);
1610                         tp->t_eucp = tp->t_eucp_mp->b_rptr;
1611                 }
1612                 /*
1613                  * Restart output, since it's probably got
1614                  * nowhere to go anyway, and we're probably
1615                  * not going to see another ^Q for a while.
1616                  */
1617                 if (tp->t_state & TS_TTSTOP) {
1618                         tp->t_state &= ~(TS_TTSTOP|TS_OFBLOCK);
1619                         (void) putnextctl(WR(q), M_START);
1620                 }
1621                 /*
1622                  * This message will travel up the read
1623                  * queue, flushing as it goes, get turned
1624                  * around at the stream head, and travel back
1625                  * down the write queue, flushing as it goes.
1626                  */
1627                 (void) putnextctl1(q, M_FLUSH, FLUSHW);
1628 
1629                 /*
1630                  * This message will travel down the write
1631                  * queue, flushing as it goes, get turned
1632                  * around at the driver, and travel back up
1633                  * the read queue, flushing as it goes.
1634                  */
1635                 (void) putctl1(WR(q), M_FLUSH, FLUSHR);
1636 
1637                 /*
1638                  * Now that that's done, we send a SIGCONT
1639                  * upstream, followed by the M_HANGUP.
1640                  */
1641                 /* (void) putnextctl1(q, M_PCSIG, SIGCONT); */
1642                 putnext(q, mp);
1643                 goto out;
1644 
1645         case M_IOCACK:
1646 
1647                 /*
1648                  * Augment whatever information the driver is
1649                  * returning  with the information we supply.
1650                  */
1651                 ldterm_ioctl_reply(q, mp);
1652                 goto out;
1653 
1654         case M_DATA:
1655                 break;
1656         }
1657 
1658         /*
1659          * This is an M_DATA message.
1660          */
1661 
1662         /*
1663          * If somebody below us ("intelligent" communications
1664          * board, pseudo-tty controlled by an editor) is
1665          * doing canonicalization, don't scan it for special
1666          * characters.
1667          */
1668         if (tp->t_state & TS_NOCANON) {
1669                 putnext(q, mp);
1670                 goto out;
1671         }
1672         bp = mp;
1673 
1674         if ((bpt = newmsg(tp)) != NULL) {
1675                 mblk_t *bcont;
1676 
1677                 do {
1678                         ASSERT(bp->b_wptr >= bp->b_rptr);
1679                         ebsize = bp->b_wptr - bp->b_rptr;
1680                         if (ebsize > EBSIZE)
1681                                 ebsize = EBSIZE;
1682                         bcont = bp->b_cont;
1683                         if (CANON_MODE) {
1684                                 /*
1685                                  * By default, free the message once processed
1686                                  */
1687                                 dofree = 1;
1688 
1689                                 /*
1690                                  * update sysinfo canch
1691                                  * character. The value of
1692                                  * canch may vary as compared
1693                                  * to character tty
1694                                  * implementation.
1695                                  */
1696                                 while (bp->b_rptr < bp->b_wptr) {
1697                                         c = *bp->b_rptr++;
1698                                         if ((bpt = ldterm_docanon(c,
1699                                             bpt, ebsize, q, tp, &dofree)) ==
1700                                             NULL)
1701                                                 break;
1702                                 }
1703                                 /*
1704                                  * Release this block or put back on queue.
1705                                  */
1706                                 if (dofree)
1707                                         freeb(bp);
1708                                 else {
1709                                         (void) putbq(q, bp);
1710                                         break;
1711                                 }
1712                         } else
1713                                 bpt = ldterm_dononcanon(bp, bpt, ebsize, q, tp);
1714                         if (bpt == NULL) {
1715                                 cmn_err(CE_WARN,
1716                                     "ldtermrsrv: out of blocks");
1717                                 freemsg(bcont);
1718                                 break;
1719                         }
1720                 } while ((bp = bcont) != NULL);
1721         }
1722 echo:
1723         /*
1724          * Send whatever we echoed downstream.
1725          */
1726         if (tp->t_echomp != NULL) {
1727                 if (canputnext(WR(q)))
1728                         putnext(WR(q), tp->t_echomp);
1729                 else
1730                         freemsg(tp->t_echomp);
1731                 tp->t_echomp = NULL;
1732         }
1733 
1734 out:
1735         return (status);
1736 }
1737 
1738 
1739 /*
1740  * Do canonical mode input; check whether this character is to be
1741  * treated as a special character - if so, check whether it's equal
1742  * to any of the special characters and handle it accordingly.
1743  * Otherwise, just add it to the current line.
1744  */
1745 static mblk_t *
1746 ldterm_docanon(uchar_t c, mblk_t *bpt, size_t ebsize, queue_t *q,
1747     ldtermstd_state_t *tp, int *dofreep)
1748 {
1749         queue_t *wrq = WR(q);
1750         int i;
1751 
1752         /*
1753          * If the previous character was the "literal next"
1754          * character, treat this character as regular input.
1755          */
1756         if (tp->t_state & TS_SLNCH)
1757                 goto escaped;
1758 
1759         /*
1760          * Setting a special character to NUL disables it, so if this
1761          * character is NUL, it should not be compared with any of
1762          * the special characters.
1763          */
1764         if (c == _POSIX_VDISABLE) {
1765                 tp->t_state &= ~TS_QUOT;
1766                 goto escaped;
1767         }
1768         /*
1769          * If this character is the literal next character, echo it
1770          * as '^', backspace over it, and record that fact.
1771          */
1772         if ((tp->t_modes.c_lflag & IEXTEN) && c == tp->t_modes.c_cc[VLNEXT]) {
1773                 if (tp->t_modes.c_lflag & ECHO)
1774                         ldterm_outstring((unsigned char *)"^\b", 2, wrq,
1775                             ebsize, tp);
1776                 tp->t_state |= TS_SLNCH;
1777                 goto out;
1778         }
1779         /*
1780          * Check for the editing character. If the display width of
1781          * the last byte at the canonical buffer is not one and also
1782          * smaller than or equal to UNKNOWN_WIDTH, the character at
1783          * the end of the buffer is a multi-byte and/or multi-column
1784          * character.
1785          */
1786         if (c == tp->t_modes.c_cc[VERASE] || c == tp->t_modes.c_cc[VERASE2]) {
1787                 if (tp->t_state & TS_QUOT) {
1788                         /*
1789                          * Get rid of the backslash, and put the
1790                          * erase character in its place.
1791                          */
1792                         ldterm_erase(wrq, ebsize, tp);
1793                         bpt = tp->t_endmsg;
1794                         goto escaped;
1795                 } else {
1796                         if ((tp->t_state & TS_MEUC) && tp->t_msglen &&
1797                             (*(tp->t_eucp - 1) != 1 &&
1798                             *(tp->t_eucp - 1) <= UNKNOWN_WIDTH))
1799                                 ldterm_csi_erase(wrq, ebsize, tp);
1800                         else
1801                                 ldterm_erase(wrq, ebsize, tp);
1802                         bpt = tp->t_endmsg;
1803                         goto out;
1804                 }
1805         }
1806         if ((tp->t_modes.c_lflag & IEXTEN) && c == tp->t_modes.c_cc[VWERASE]) {
1807                 /*
1808                  * Do "ASCII word" or "multibyte character token/chunk" erase.
1809                  */
1810                 if (tp->t_state & TS_MEUC)
1811                         ldterm_csi_werase(wrq, ebsize, tp);
1812                 else
1813                         ldterm_werase(wrq, ebsize, tp);
1814                 bpt = tp->t_endmsg;
1815                 goto out;
1816         }
1817         if (c == tp->t_modes.c_cc[VKILL]) {
1818                 if (tp->t_state & TS_QUOT) {
1819                         /*
1820                          * Get rid of the backslash, and put the kill
1821                          * character in its place.
1822                          */
1823                         ldterm_erase(wrq, ebsize, tp);
1824                         bpt = tp->t_endmsg;
1825                         goto escaped;
1826                 } else {
1827                         ldterm_kill(wrq, ebsize, tp);
1828                         bpt = tp->t_endmsg;
1829                         goto out;
1830                 }
1831         }
1832         if ((tp->t_modes.c_lflag & IEXTEN) && c == tp->t_modes.c_cc[VREPRINT]) {
1833                 ldterm_reprint(wrq, ebsize, tp);
1834                 goto out;
1835         }
1836         /*
1837          * If the preceding character was a backslash: if the current
1838          * character is an EOF, get rid of the backslash and treat
1839          * the EOF as data; if we're in XCASE mode and the current
1840          * character is part of a backslash-X escape sequence,
1841          * process it; otherwise, just treat the current character
1842          * normally.
1843          */
1844         if (tp->t_state & TS_QUOT) {
1845                 tp->t_state &= ~TS_QUOT;
1846                 if (c == tp->t_modes.c_cc[VEOF]) {
1847                         /*
1848                          * EOF character. Since it's escaped, get rid
1849                          * of the backslash and put the EOF character
1850                          * in its place.
1851                          */
1852                         ldterm_erase(wrq, ebsize, tp);
1853                         bpt = tp->t_endmsg;
1854                 } else {
1855                         /*
1856                          * If we're in XCASE mode, and the current
1857                          * character is part of a backslash-X
1858                          * sequence, get rid of the backslash and
1859                          * replace the current character with what
1860                          * that sequence maps to.
1861                          */
1862                         if ((tp->t_modes.c_lflag & XCASE) &&
1863                             imaptab[c] != '\0') {
1864                                 ldterm_erase(wrq, ebsize, tp);
1865                                 bpt = tp->t_endmsg;
1866                                 c = imaptab[c];
1867                         }
1868                 }
1869         } else {
1870                 /*
1871                  * Previous character wasn't backslash; check whether
1872                  * this was the EOF character.
1873                  */
1874                 if (c == tp->t_modes.c_cc[VEOF]) {
1875                         /*
1876                          * EOF character. Don't echo it unless
1877                          * ECHOCTL is set, don't stuff it in the
1878                          * current line, but send the line up the
1879                          * stream.
1880                          */
1881                         if ((tp->t_modes.c_lflag & ECHOCTL) &&
1882                             (tp->t_modes.c_lflag & IEXTEN) &&
1883                             (tp->t_modes.c_lflag & ECHO)) {
1884                                 i = ldterm_echo(c, wrq, ebsize, tp);
1885                                 while (i > 0) {
1886                                         ldterm_outchar('\b', wrq, ebsize, tp);
1887                                         i--;
1888                                 }
1889                         }
1890                         bpt->b_datap->db_type = M_DATA;
1891                         ldterm_msg_upstream(q, tp);
1892                         if (!canputnext(q)) {
1893                                 bpt = NULL;
1894                                 *dofreep = 0;
1895                         } else {
1896                                 bpt = newmsg(tp);
1897                                 *dofreep = 1;
1898                         }
1899                         goto out;
1900                 }
1901         }
1902 
1903 escaped:
1904         /*
1905          * First, make sure we can fit one WHOLE multi-byte char in the
1906          * buffer.  This is one place where we have overhead even if
1907          * not in multi-byte mode; the overhead is subtracting
1908          * tp->t_maxeuc from MAX_CANON before checking.
1909          *
1910          * Allows MAX_CANON bytes in the buffer before throwing awaying
1911          * the the overflow of characters.
1912          */
1913         if ((tp->t_msglen > ((_TTY_BUFSIZ + 1) - (int)tp->t_maxeuc)) &&
1914             !((tp->t_state & TS_MEUC) && tp->t_eucleft)) {
1915 
1916                 /*
1917                  * Byte will cause line to overflow, or the next EUC
1918                  * won't fit: Ring the bell or discard all input, and
1919                  * don't save the byte away.
1920                  */
1921                 if (tp->t_modes.c_iflag & IMAXBEL) {
1922                         if (canputnext(wrq))
1923                                 ldterm_outchar(CTRL('g'), wrq, ebsize, tp);
1924                         goto out;
1925                 } else {
1926                         /*
1927                          * MAX_CANON processing. free everything in
1928                          * the current line and start with the
1929                          * current character as the first character.
1930                          */
1931                         DEBUG7(("ldterm_docanon: MAX_CANON processing\n"));
1932                         freemsg(tp->t_message);
1933                         tp->t_message = NULL;
1934                         tp->t_endmsg = NULL;
1935                         tp->t_msglen = 0;
1936                         tp->t_rocount = 0;   /* if it hasn't been type */
1937                         tp->t_rocol = 0;     /* it hasn't been echoed :-) */
1938                         if (tp->t_state & TS_MEUC) {
1939                                 ASSERT(tp->t_eucp_mp);
1940                                 tp->t_eucp = tp->t_eucp_mp->b_rptr;
1941                         }
1942                         tp->t_state &= ~TS_SLNCH;
1943                         bpt = newmsg(tp);
1944                 }
1945         }
1946         /*
1947          * Add the character to the current line.
1948          */
1949         if (bpt->b_wptr >= bpt->b_datap->db_lim) {
1950                 /*
1951                  * No more room in this mblk; save this one away, and
1952                  * allocate a new one.
1953                  */
1954                 bpt->b_datap->db_type = M_DATA;
1955                 if ((bpt = allocb(IBSIZE, BPRI_MED)) == NULL)
1956                         goto out;
1957 
1958                 /*
1959                  * Chain the new one to the end of the old one, and
1960                  * mark it as the last block in the current line.
1961                  */
1962                 tp->t_endmsg->b_cont = bpt;
1963                 tp->t_endmsg = bpt;
1964         }
1965         *bpt->b_wptr++ = c;
1966         tp->t_msglen++;              /* message length in BYTES */
1967 
1968         /*
1969          * In multi-byte mode, we have to keep track of where we are.
1970          * The first bytes of multi-byte chars get the full count for the
1971          * whole character.  We don't do any column calculations
1972          * here, but we need the information for when we do. We could
1973          * come across cases where we are getting garbage on the
1974          * line, but we're in multi-byte mode.  In that case, we may
1975          * see ASCII controls come in the middle of what should have been a
1976          * multi-byte character.  Call ldterm_eucwarn...eventually, a
1977          * warning message will be printed about it.
1978          */
1979         if (tp->t_state & TS_MEUC) {
1980                 if (tp->t_eucleft) { /* if in a multi-byte char already */
1981                         --tp->t_eucleft;
1982                         *tp->t_eucp++ = 0;   /* is a subsequent byte */
1983                         if (c < (uchar_t)0x20)
1984                                 ldterm_eucwarn(tp);
1985                 } else { /* is the first byte of a multi-byte, or is ASCII */
1986                         if (ISASCII(c)) {
1987                                 *tp->t_eucp++ =
1988                                     tp->t_csmethods.ldterm_dispwidth(c,
1989                                     (void *)tp, tp->t_modes.c_lflag & ECHOCTL);
1990                                 tp->t_codeset = 0;
1991                         } else {
1992                                 *tp->t_eucp++ =
1993                                     tp->t_csmethods.ldterm_dispwidth(c,
1994                                     (void *)tp, tp->t_modes.c_lflag & ECHOCTL);
1995                                 tp->t_eucleft =
1996                                     tp->t_csmethods.ldterm_memwidth(c,
1997                                     (void *)tp) - 1;
1998                                 tp->t_codeset = ldterm_codeset(
1999                                     tp->t_csdata.codeset_type, c);
2000                         }
2001                 }
2002         }
2003         /*
2004          * AT&T is concerned about the following but we aren't since
2005          * we have already shipped code that works.
2006          *
2007          * EOL2/XCASE should be conditioned with IEXTEN to be truly
2008          * POSIX conformant. This is going to cause problems for
2009          * pre-SVR4.0 programs that don't know about IEXTEN. Hence
2010          * EOL2/IEXTEN is not conditioned with IEXTEN.
2011          */
2012         if (!(tp->t_state & TS_SLNCH) &&
2013             (c == '\n' || (c != '\0' && (c == tp->t_modes.c_cc[VEOL] ||
2014             (c == tp->t_modes.c_cc[VEOL2]))))) {
2015                 /*
2016                  * || ((tp->t_modes.c_lflag & IEXTEN) && c ==
2017                  * tp->t_modes.c_cc[VEOL2]))))) {
2018                  */
2019                 /*
2020                  * It's a line-termination character; send the line
2021                  * up the stream.
2022                  */
2023                 bpt->b_datap->db_type = M_DATA;
2024                 ldterm_msg_upstream(q, tp);
2025                 if (tp->t_state & TS_MEUC) {
2026                         ASSERT(tp->t_eucp_mp);
2027                         tp->t_eucp = tp->t_eucp_mp->b_rptr;
2028                 }
2029                 if ((bpt = newmsg(tp)) == NULL)
2030                         goto out;
2031         } else {
2032                 /*
2033                  * Character was escaped with LNEXT.
2034                  */
2035                 if (tp->t_rocount++ == 0)
2036                         tp->t_rocol = tp->t_col;
2037                 tp->t_state &= ~(TS_SLNCH|TS_QUOT);
2038                 /*
2039                  * If the current character is a single byte and single
2040                  * column character and it is the backslash character and
2041                  * IEXTEN, then the state will have TS_QUOT.
2042                  */
2043                 if ((c == '\\') && (tp->t_modes.c_lflag & IEXTEN) &&
2044                     (!(tp->t_state & TS_MEUC) ||
2045                     ((tp->t_state & TS_MEUC) && (!tp->t_eucleft))))
2046                         tp->t_state |= TS_QUOT;
2047         }
2048 
2049         /*
2050          * Echo it.
2051          */
2052         if (tp->t_state & TS_ERASE) {
2053                 tp->t_state &= ~TS_ERASE;
2054                 if (tp->t_modes.c_lflag & ECHO)
2055                         ldterm_outchar('/', wrq, ebsize, tp);
2056         }
2057         if (tp->t_modes.c_lflag & ECHO)
2058                 (void) ldterm_echo(c, wrq, ebsize, tp);
2059         else {
2060                 /*
2061                  * Echo NL when ECHO turned off, if ECHONL flag is
2062                  * set.
2063                  */
2064                 if (c == '\n' && (tp->t_modes.c_lflag & ECHONL))
2065                         ldterm_outchar(c, wrq, ebsize, tp);
2066         }
2067 
2068 out:
2069 
2070         return (bpt);
2071 }
2072 
2073 
2074 static int
2075 ldterm_unget(ldtermstd_state_t *tp)
2076 {
2077         mblk_t *bpt;
2078 
2079         if ((bpt = tp->t_endmsg) == NULL)
2080                 return (-1);    /* no buffers */
2081         if (bpt->b_rptr == bpt->b_wptr)
2082                 return (-1);    /* zero-length record */
2083         tp->t_msglen--;              /* one fewer character */
2084         return (*--bpt->b_wptr);
2085 }
2086 
2087 
2088 static void
2089 ldterm_trim(ldtermstd_state_t *tp)
2090 {
2091         mblk_t *bpt;
2092         mblk_t *bp;
2093 
2094         ASSERT(tp->t_endmsg);
2095         bpt = tp->t_endmsg;
2096 
2097         if (bpt->b_rptr == bpt->b_wptr) {
2098                 /*
2099                  * This mblk is now empty. Find the previous mblk;
2100                  * throw this one away, unless it's the first one.
2101                  */
2102                 bp = tp->t_message;
2103                 if (bp != bpt) {
2104                         while (bp->b_cont != bpt) {
2105                                 ASSERT(bp->b_cont);
2106                                 bp = bp->b_cont;
2107                         }
2108                         bp->b_cont = NULL;
2109                         freeb(bpt);
2110                         tp->t_endmsg = bp;   /* point to that mblk */
2111                 }
2112         }
2113 }
2114 
2115 
2116 /*
2117  * Rubout one character from the current line being built for tp as
2118  * cleanly as possible.  q is the write queue for tp. Most of this
2119  * can't be applied to multi-byte processing.  We do our own thing
2120  * for that... See the "ldterm_eucerase" routine.  We never call
2121  * ldterm_rubout on a multi-byte or multi-column character.
2122  */
2123 static void
2124 ldterm_rubout(uchar_t c, queue_t *q, size_t ebsize, ldtermstd_state_t *tp)
2125 {
2126         int tabcols;
2127         static unsigned char crtrubout[] = "\b \b\b \b";
2128 #define RUBOUT1 &crtrubout[3]       /* rub out one position */
2129 #define RUBOUT2 &crtrubout[0]       /* rub out two positions */
2130 
2131         if (!(tp->t_modes.c_lflag & ECHO))
2132                 return;
2133         if (tp->t_modes.c_lflag & ECHOE) {
2134                 /*
2135                  * "CRT rubout"; try erasing it from the screen.
2136                  */
2137                 if (tp->t_rocount == 0) {
2138                         /*
2139                          * After the character being erased was
2140                          * echoed, some data was written to the
2141                          * terminal; we can't erase it cleanly, so we
2142                          * just reprint the whole line as if the user
2143                          * had typed the reprint character.
2144                          */
2145                         ldterm_reprint(q, ebsize, tp);
2146                         return;
2147                 } else {
2148                         /*
2149                          * XXX what about escaped characters?
2150                          */
2151                         switch (typetab[c]) {
2152 
2153                         case ORDINARY:
2154                                 if ((tp->t_modes.c_lflag & XCASE) &&
2155                                     omaptab[c])
2156                                         ldterm_outstring(RUBOUT1, 3, q, ebsize,
2157                                             tp);
2158                                 ldterm_outstring(RUBOUT1, 3, q, ebsize, tp);
2159                                 break;
2160 
2161                         case VTAB:
2162                         case BACKSPACE:
2163                         case CONTROL:
2164                         case RETURN:
2165                         case NEWLINE:
2166                                 if ((tp->t_modes.c_lflag & ECHOCTL) &&
2167                                     (tp->t_modes.c_lflag & IEXTEN))
2168                                         ldterm_outstring(RUBOUT2, 6, q, ebsize,
2169                                             tp);
2170                                 break;
2171 
2172                         case TAB:
2173                                 if (tp->t_rocount < tp->t_msglen) {
2174                                         /*
2175                                          * While the tab being erased was
2176                                          * expanded, some data was written
2177                                          * to the terminal; we can't erase
2178                                          * it cleanly, so we just reprint
2179                                          * the whole line as if the user
2180                                          * had typed the reprint character.
2181                                          */
2182                                         ldterm_reprint(q, ebsize, tp);
2183                                         return;
2184                                 }
2185                                 tabcols = ldterm_tabcols(tp);
2186                                 while (--tabcols >= 0)
2187                                         ldterm_outchar('\b', q, ebsize, tp);
2188                                 break;
2189                         }
2190                 }
2191         } else if ((tp->t_modes.c_lflag & ECHOPRT) &&
2192             (tp->t_modes.c_lflag & IEXTEN)) {
2193                 /*
2194                  * "Printing rubout"; echo it between \ and /.
2195                  */
2196                 if (!(tp->t_state & TS_ERASE)) {
2197                         ldterm_outchar('\\', q, ebsize, tp);
2198                         tp->t_state |= TS_ERASE;
2199                 }
2200                 (void) ldterm_echo(c, q, ebsize, tp);
2201         } else
2202                 (void) ldterm_echo(tp->t_modes.c_cc[VERASE], q, ebsize, tp);
2203         tp->t_rocount--;     /* we "unechoed" this character */
2204 }
2205 
2206 
2207 /*
2208  * Find the number of characters the tab we just deleted took up by
2209  * zipping through the current line and recomputing the column
2210  * number.
2211  */
2212 static int
2213 ldterm_tabcols(ldtermstd_state_t *tp)
2214 {
2215         int col;
2216         int i;
2217         mblk_t *bp;
2218         unsigned char *readp, *endp;
2219         unsigned char c;
2220         uchar_t *startp;
2221         char errflg;
2222         uchar_t u8[LDTERM_CS_MAX_BYTE_LENGTH];
2223 
2224         col = tp->t_rocol;
2225         /*
2226          * If we're doing multi-byte stuff, zip through the list of
2227          * widths to figure out where we are (we've kept track in most
2228          * cases).
2229          */
2230         if (tp->t_state & TS_MEUC) {
2231                 ASSERT(tp->t_eucp_mp);
2232                 bp = tp->t_message;
2233                 startp = bp->b_datap->db_base;
2234                 readp = tp->t_eucp_mp->b_rptr;
2235                 endp = tp->t_eucp;
2236                 errflg = (char)0;
2237                 while (readp < endp) {
2238                         switch (*readp) {
2239                         case EUC_TWIDTH:        /* it's a tab */
2240                                 col |= 07;      /* bump up */
2241                                 col++;
2242                                 break;
2243                         case EUC_BSWIDTH:       /* backspace */
2244                                 if (col)
2245                                         col--;
2246                                 break;
2247                         case EUC_NLWIDTH:       /* newline */
2248                                 if (tp->t_modes.c_oflag & ONLRET)
2249                                         col = 0;
2250                                 break;
2251                         case EUC_CRWIDTH:       /* return */
2252                                 col = 0;
2253                                 break;
2254                         case UNKNOWN_WIDTH:     /* UTF-8 unknown width */
2255                                 if (tp->t_csdata.codeset_type !=
2256                                     LDTERM_CS_TYPE_UTF8 || errflg) {
2257                                         *readp = 1;
2258                                         col++;
2259                                         break;
2260                                 }
2261                                 /*
2262                                  * Collect the current UTF-8 character bytes
2263                                  * from (possibly multiple) data buffers so
2264                                  * that we can figure out the display width.
2265                                  */
2266                                 u8[0] = *startp;
2267                                 for (i = 1; (i < LDTERM_CS_MAX_BYTE_LENGTH) &&
2268                                     (*(readp + i) == 0); i++) {
2269                                         startp++;
2270                                         if (startp >= bp->b_datap->db_lim) {
2271                                                 if (bp->b_cont) {
2272                                                         bp = bp->b_cont;
2273                                                         startp =
2274                                                             bp->b_datap->
2275                                                             db_base;
2276                                                 } else {
2277                                                         *readp = 1;
2278                                                         col++;
2279                                                         break;
2280                                                 }
2281                                         }
2282                                         u8[i] = *startp;
2283                                 }
2284 
2285                                 /* tp->t_eucp_mp contains wrong info?? */
2286                                 if (*readp == 1)
2287                                         break;
2288 
2289                                 *readp = ldterm_utf8_width(u8, i);
2290 
2291                                 col += *readp;
2292                                 readp += (i - 1);
2293                                 break;
2294                         default:
2295                                 col += *readp;
2296                                 break;
2297                         }
2298                         ++readp;
2299                         ++startp;
2300                         if (startp >= bp->b_datap->db_lim) {
2301                                 if (bp->b_cont) {
2302                                         bp = bp->b_cont;
2303                                         startp = bp->b_datap->db_base;
2304                                 } else {
2305                                         /*
2306                                          * This will happen only if
2307                                          * tp->t_eucp_mp contains wrong
2308                                          * display width info.
2309                                          */
2310                                         errflg = (char)1;
2311                                         startp--;
2312                                 }
2313                         }
2314                 }
2315                 goto eucout;    /* finished! */
2316         }
2317         bp = tp->t_message;
2318         do {
2319                 readp = bp->b_rptr;
2320                 while (readp < bp->b_wptr) {
2321                         c = *readp++;
2322                         if ((tp->t_modes.c_lflag & ECHOCTL) &&
2323                             (tp->t_modes.c_lflag & IEXTEN)) {
2324                                 if (c <= 037 && c != '\t' && c != '\n' ||
2325                                     c == 0177) {
2326                                         col += 2;
2327                                         continue;
2328                                 }
2329                         }
2330                         /*
2331                          * Column position calculated here.
2332                          */
2333                         switch (typetab[c]) {
2334 
2335                                 /*
2336                                  * Ordinary characters; advance by
2337                                  * one.
2338                                  */
2339                         case ORDINARY:
2340                                 col++;
2341                                 break;
2342 
2343                                 /*
2344                                  * Non-printing characters; nothing
2345                                  * happens.
2346                                  */
2347                         case CONTROL:
2348                                 break;
2349 
2350                                 /* Backspace */
2351                         case BACKSPACE:
2352                                 if (col != 0)
2353                                         col--;
2354                                 break;
2355 
2356                                 /* Newline; column depends on flags. */
2357                         case NEWLINE:
2358                                 if (tp->t_modes.c_oflag & ONLRET)
2359                                         col = 0;
2360                                 break;
2361 
2362                                 /* tab */
2363                         case TAB:
2364                                 col |= 07;
2365                                 col++;
2366                                 break;
2367 
2368                                 /* vertical motion */
2369                         case VTAB:
2370                                 break;
2371 
2372                                 /* carriage return */
2373                         case RETURN:
2374                                 col = 0;
2375                                 break;
2376                         }
2377                 }
2378         } while ((bp = bp->b_cont) != NULL); /* next block, if any */
2379 
2380         /*
2381          * "col" is now the column number before the tab. "tp->t_col"
2382          * is still the column number after the tab, since we haven't
2383          * erased the tab yet. Thus "tp->t_col - col" is the number
2384          * of positions the tab moved.
2385          */
2386 eucout:
2387         col = tp->t_col - col;
2388         if (col > 8)
2389                 col = 8;        /* overflow screw */
2390         return (col);
2391 }
2392 
2393 
2394 /*
2395  * Erase a single character; We ONLY ONLY deal with ASCII or
2396  * single-column single-byte codeset character.  For multi-byte characters,
2397  * see "ldterm_csi_erase".
2398  */
2399 static void
2400 ldterm_erase(queue_t *q, size_t ebsize, ldtermstd_state_t *tp)
2401 {
2402         int c;
2403 
2404         if ((c = ldterm_unget(tp)) != -1) {
2405                 ldterm_rubout((unsigned char) c, q, ebsize, tp);
2406                 ldterm_trim(tp);
2407                 if (tp->t_state & TS_MEUC)
2408                         --tp->t_eucp;
2409         }
2410 }
2411 
2412 
2413 /*
2414  * Erase an entire word, single-byte EUC only please.
2415  */
2416 static void
2417 ldterm_werase(queue_t *q, size_t ebsize, ldtermstd_state_t *tp)
2418 {
2419         int c;
2420 
2421         /*
2422          * Erase trailing white space, if any.
2423          */
2424         while ((c = ldterm_unget(tp)) == ' ' || c == '\t') {
2425                 ldterm_rubout((unsigned char) c, q, ebsize, tp);
2426                 ldterm_trim(tp);
2427         }
2428 
2429         /*
2430          * Erase non-white-space characters, if any.
2431          */
2432         while (c != -1 && c != ' ' && c != '\t') {
2433                 ldterm_rubout((unsigned char) c, q, ebsize, tp);
2434                 ldterm_trim(tp);
2435                 c = ldterm_unget(tp);
2436         }
2437         if (c != -1) {
2438                 /*
2439                  * We removed one too many characters; put the last
2440                  * one back.
2441                  */
2442                 tp->t_endmsg->b_wptr++;   /* put 'c' back */
2443                 tp->t_msglen++;
2444         }
2445 }
2446 
2447 
2448 /*
2449  * ldterm_csi_werase - This is multi-byte equivalent of "word erase".
2450  * "Word erase" only makes sense in languages which space between words,
2451  * and it's presumptuous for us to attempt "word erase" when we don't
2452  * know anything about what's really going on.  It makes no sense for
2453  * many languages, as the criteria for defining words and tokens may
2454  * be completely different.
2455  *
2456  * In the TS_MEUC case (which is how we got here), we define a token to
2457  * be space- or tab-delimited, and erase one of them.  It helps to
2458  * have this for command lines, but it's otherwise useless for text
2459  * editing applications; you need more sophistication than we can
2460  * provide here.
2461  */
2462 static void
2463 ldterm_csi_werase(queue_t *q, size_t ebsize, ldtermstd_state_t *tp)
2464 {
2465         int c, i;
2466         int len;
2467         uchar_t *ip;
2468         uchar_t u8[LDTERM_CS_MAX_BYTE_LENGTH];
2469         uchar_t u8_2[LDTERM_CS_MAX_BYTE_LENGTH];
2470 
2471         /*
2472          * ip points to the width of the actual bytes.  t_eucp points
2473          * one byte beyond, where the next thing will be inserted.
2474          */
2475         ip = tp->t_eucp - 1;
2476         /*
2477          * Erase trailing white space, if any.
2478          */
2479         while ((c = ldterm_unget(tp)) == ' ' || c == '\t') {
2480                 tp->t_eucp--;
2481                 ldterm_rubout((unsigned char) c, q, ebsize, tp);
2482                 ldterm_trim(tp);
2483                 --ip;
2484         }
2485 
2486         /*
2487          * Erase non-white-space characters, if any.  The outer loop
2488          * bops through each byte in the buffer. Multi-byte is removed, as
2489          * is ASCII, one byte at a time. The inner loop (for) is only
2490          * executed for first bytes of multi-byte.  The inner loop erases
2491          * the number of columns required for the multi-byte char.  We check
2492          * for ASCII first, and ldterm_rubout knows about ASCII.
2493          */
2494         len = 0;
2495         while (c != -1 && c != ' ' && c != '\t') {
2496                 tp->t_eucp--;
2497                 if (len < LDTERM_CS_MAX_BYTE_LENGTH) {
2498                         u8[len++] = (uchar_t)c;
2499                 }
2500                 /*
2501                  * Unlike EUC, except the leading byte, some bytes of
2502                  * a non-EUC multi-byte characters are in the ASCII code
2503                  * range, esp., 0x41 ~ 0x7a. Thus, we cannot simply check
2504                  * ISASCII().
2505                  * Checking the (*ip == 1 || *ip == 2 || *ip > UNKNOWN_WIDTH)
2506                  * will ensure that it is a single byte character (even though
2507                  * it is on display width not byte length) and can be further
2508                  * checked whether it is an ASCII character or not.
2509                  *
2510                  * When ECHOCTL is on and 'c' is an ASCII control character,
2511                  * *ip == 2 happens.
2512                  */
2513                 if ((*ip == 1 || *ip == 2 || *ip > UNKNOWN_WIDTH) &&
2514                     ISASCII(c)) {
2515                         ldterm_rubout((unsigned char) c, q, ebsize, tp);
2516                         len = 0;
2517                 } else if (*ip) {
2518                         if (*ip == UNKNOWN_WIDTH) {
2519                                 if (tp->t_csdata.codeset_type ==
2520                                     LDTERM_CS_TYPE_UTF8) {
2521                                         for (i = 0; i < len; i++)
2522                                                 u8_2[i] = u8[len - i - 1];
2523                                         *ip = ldterm_utf8_width(u8_2, len);
2524                                 } else {
2525                                         *ip = 1;
2526                                 }
2527                         }
2528                         /*
2529                          * erase for number of columns required for
2530                          * this multi-byte character. Hopefully, matches
2531                          * ldterm_dispwidth!
2532                          */
2533                         for (i = 0; i < (int)*ip; i++)
2534                                 ldterm_rubout(' ', q, ebsize, tp);
2535                         len = 0;
2536                 }
2537                 ldterm_trim(tp);
2538                 --ip;
2539                 c = ldterm_unget(tp);
2540         }
2541         if (c != -1) {
2542                 /*
2543                  * We removed one too many characters; put the last
2544                  * one back.
2545                  */
2546                 tp->t_endmsg->b_wptr++;   /* put 'c' back */
2547                 tp->t_msglen++;
2548         }
2549 }
2550 
2551 
2552 /*
2553  * Kill an entire line, erasing each character one-by-one (if ECHOKE
2554  * is set) or just echoing the kill character, followed by a newline
2555  * (if ECHOK is set).  Multi-byte processing is included here.
2556  */
2557 
2558 static void
2559 ldterm_kill(queue_t *q, size_t ebsize, ldtermstd_state_t *tp)
2560 {
2561         int c, i;
2562         int len;
2563         uchar_t *ip;
2564         uchar_t u8[LDTERM_CS_MAX_BYTE_LENGTH];
2565         uchar_t u8_2[LDTERM_CS_MAX_BYTE_LENGTH];
2566 
2567         if ((tp->t_modes.c_lflag & ECHOKE) &&
2568             (tp->t_modes.c_lflag & IEXTEN) &&
2569             (tp->t_msglen == tp->t_rocount)) {
2570                 if (tp->t_state & TS_MEUC) {
2571                         ip = tp->t_eucp - 1;
2572                         /*
2573                          * This loop similar to "ldterm_csi_werase" above.
2574                          */
2575                         len = 0;
2576                         while ((c = ldterm_unget(tp)) != (-1)) {
2577                                 tp->t_eucp--;
2578                                 if (len < LDTERM_CS_MAX_BYTE_LENGTH) {
2579                                         u8[len++] = (uchar_t)c;
2580                                 }
2581                                 if ((*ip == 1 || *ip == 2 ||
2582                                     *ip > UNKNOWN_WIDTH) && ISASCII(c)) {
2583                                         ldterm_rubout((unsigned char) c, q,
2584                                             ebsize, tp);
2585                                         len = 0;
2586                                 } else if (*ip) {
2587                                         if (*ip == UNKNOWN_WIDTH) {
2588                                                 if (tp->t_csdata.codeset_type
2589                                                     == LDTERM_CS_TYPE_UTF8) {
2590                                                         for (i = 0; i < len;
2591                                                             i++)
2592                                                                 u8_2[i] =
2593                                                                     u8[len-i-1];
2594                                                         *ip = ldterm_utf8_width(
2595                                                             u8_2, len);
2596                                                 } else {
2597                                                         *ip = 1;
2598                                                 }
2599                                         }
2600                                         for (i = 0; i < (int)*ip; i++)
2601                                                 ldterm_rubout(' ', q, ebsize,
2602                                                     tp);
2603                                         len = 0;
2604                                 }
2605                                 ldterm_trim(tp);
2606                                 --ip;
2607                         }
2608                 } else {
2609                         while ((c = ldterm_unget(tp)) != -1) {
2610                                 ldterm_rubout((unsigned char) c, q, ebsize, tp);
2611                                 ldterm_trim(tp);
2612                         }
2613                 }
2614         } else {
2615                 (void) ldterm_echo(tp->t_modes.c_cc[VKILL], q, ebsize, tp);
2616                 if (tp->t_modes.c_lflag & ECHOK)
2617                         (void) ldterm_echo('\n', q, ebsize, tp);
2618                 while (ldterm_unget(tp) != -1) {
2619                         if (tp->t_state & TS_MEUC)
2620                                 --tp->t_eucp;
2621                         ldterm_trim(tp);
2622                 }
2623                 tp->t_rocount = 0;
2624                 if (tp->t_state & TS_MEUC)
2625                         tp->t_eucp = tp->t_eucp_mp->b_rptr;
2626         }
2627         tp->t_state &= ~(TS_QUOT|TS_ERASE|TS_SLNCH);
2628 }
2629 
2630 
2631 /*
2632  * Reprint the current input line. We assume c_cc has already been
2633  * checked. XXX just the current line, not the whole queue? What
2634  * about DEFECHO mode?
2635  */
2636 static void
2637 ldterm_reprint(queue_t *q, size_t ebsize, ldtermstd_state_t *tp)
2638 {
2639         mblk_t *bp;
2640         unsigned char *readp;
2641 
2642         if (tp->t_modes.c_cc[VREPRINT] != (unsigned char) 0)
2643                 (void) ldterm_echo(tp->t_modes.c_cc[VREPRINT], q, ebsize, tp);
2644         ldterm_outchar('\n', q, ebsize, tp);
2645 
2646         bp = tp->t_message;
2647         do {
2648                 readp = bp->b_rptr;
2649                 while (readp < bp->b_wptr)
2650                         (void) ldterm_echo(*readp++, q, ebsize, tp);
2651         } while ((bp = bp->b_cont) != NULL); /* next block, if any */
2652 
2653         tp->t_state &= ~TS_ERASE;
2654         tp->t_rocount = tp->t_msglen;     /* we reechoed the entire line */
2655         tp->t_rocol = 0;
2656 }
2657 
2658 
2659 /*
2660  * Non canonical processing. Called with q locked from  ldtermrsrv.
2661  *
2662  */
2663 static mblk_t *
2664 ldterm_dononcanon(mblk_t *bp, mblk_t *bpt, size_t ebsize, queue_t *q,
2665     ldtermstd_state_t *tp)
2666 {
2667         queue_t *wrq = WR(q);
2668         unsigned char *rptr;
2669         size_t bytes_in_bp;
2670         size_t roomleft;
2671         size_t bytes_to_move;
2672         int free_flag = 0;
2673 
2674         if (tp->t_modes.c_lflag & (ECHO|ECHONL|IEXTEN)) {
2675                 unsigned char *wptr;
2676                 unsigned char c;
2677 
2678                 /*
2679                  * Either we must echo the characters, or we must
2680                  * echo NL, or we must check for VLNEXT. Process
2681                  * characters one at a time.
2682                  */
2683                 rptr = bp->b_rptr;
2684                 wptr = bp->b_rptr;
2685                 while (rptr < bp->b_wptr) {
2686                         c = *rptr++;
2687                         /*
2688                          * If this character is the literal next
2689                          * character, echo it as '^' and backspace
2690                          * over it if echoing is enabled, indicate
2691                          * that the next character is to be treated
2692                          * literally, and remove the LNEXT from the
2693                          * input stream.
2694                          *
2695                          * If the *previous* character was the literal
2696                          * next character, don't check whether this
2697                          * is a literal next or not.
2698                          */
2699                         if ((tp->t_modes.c_lflag & IEXTEN) &&
2700                             !(tp->t_state & TS_SLNCH) &&
2701                             c != _POSIX_VDISABLE &&
2702                             c == tp->t_modes.c_cc[VLNEXT]) {
2703                                 if (tp->t_modes.c_lflag & ECHO)
2704                                         ldterm_outstring(
2705                                             (unsigned char *)"^\b",
2706                                             2, wrq, ebsize, tp);
2707                                 tp->t_state |= TS_SLNCH;
2708                                 continue;       /* and ignore it */
2709                         }
2710                         /*
2711                          * Not a "literal next" character, so it
2712                          * should show up as input. If it was
2713                          * literal-nexted, turn off the literal-next
2714                          * flag.
2715                          */
2716                         tp->t_state &= ~TS_SLNCH;
2717                         *wptr++ = c;
2718                         if (tp->t_modes.c_lflag & ECHO) {
2719                                 /*
2720                                  * Echo the character.
2721                                  */
2722                                 (void) ldterm_echo(c, wrq, ebsize, tp);
2723                         } else if (tp->t_modes.c_lflag & ECHONL) {
2724                                 /*
2725                                  * Echo NL, even though ECHO is not
2726                                  * set.
2727                                  */
2728                                 if (c == '\n')
2729                                         ldterm_outchar('\n', wrq, 1, tp);
2730                         }
2731                 }
2732                 bp->b_wptr = wptr;
2733         } else {
2734                 /*
2735                  * If there are any characters in this buffer, and
2736                  * the first of them was literal-nexted, turn off the
2737                  * literal-next flag.
2738                  */
2739                 if (bp->b_rptr != bp->b_wptr)
2740                         tp->t_state &= ~TS_SLNCH;
2741         }
2742 
2743         ASSERT(bp->b_wptr >= bp->b_rptr);
2744         bytes_in_bp = bp->b_wptr - bp->b_rptr;
2745         rptr = bp->b_rptr;
2746         while (bytes_in_bp != 0) {
2747                 roomleft = bpt->b_datap->db_lim - bpt->b_wptr;
2748                 if (roomleft == 0) {
2749                         /*
2750                          * No more room in this mblk; save this one
2751                          * away, and allocate a new one.
2752                          */
2753                         if ((bpt = allocb(IBSIZE, BPRI_MED)) == NULL) {
2754                                 freeb(bp);
2755                                 DEBUG4(("ldterm_do_noncanon: allcob failed\n"));
2756                                 return (bpt);
2757                         }
2758                         /*
2759                          * Chain the new one to the end of the old
2760                          * one, and mark it as the last block in the
2761                          * current lump.
2762                          */
2763                         tp->t_endmsg->b_cont = bpt;
2764                         tp->t_endmsg = bpt;
2765                         roomleft = IBSIZE;
2766                 }
2767                 DEBUG5(("roomleft=%d, bytes_in_bp=%d, tp->t_rd_request=%d\n",
2768                     roomleft, bytes_in_bp, tp->t_rd_request));
2769                 /*
2770                  * if there is a read pending before this data got
2771                  * here move bytes according to the minimum of room
2772                  * left in this buffer, bytes in the message and byte
2773                  * count requested in the read. If there is no read
2774                  * pending, move the minimum of the first two
2775                  */
2776                 if (tp->t_rd_request == 0)
2777                         bytes_to_move = MIN(roomleft, bytes_in_bp);
2778                 else
2779                         bytes_to_move =
2780                             MIN(MIN(roomleft, bytes_in_bp), tp->t_rd_request);
2781                 DEBUG5(("Bytes to move = %lu\n", bytes_to_move));
2782                 if (bytes_to_move == 0)
2783                         break;
2784                 bcopy(rptr, bpt->b_wptr, bytes_to_move);
2785                 bpt->b_wptr += bytes_to_move;
2786                 rptr += bytes_to_move;
2787                 tp->t_msglen += bytes_to_move;
2788                 bytes_in_bp -= bytes_to_move;
2789         }
2790         if (bytes_in_bp == 0) {
2791                 DEBUG4(("bytes_in_bp is zero\n"));
2792                 freeb(bp);
2793         } else
2794                 free_flag = 1;  /* for debugging olny */
2795 
2796         DEBUG4(("ldterm_do_noncanon: VMIN = %d, VTIME = %d, msglen = %d, \
2797                 tid = %d\n", V_MIN, V_TIME, tp->t_msglen, tp->t_vtid));
2798         /*
2799          * If there is a pending read request at the stream head we
2800          * need to do VMIN/VTIME processing. The four possible cases
2801          * are:
2802          *      MIN = 0, TIME > 0
2803          *      MIN = >, TIME = 0
2804          *      MIN > 0, TIME > 0
2805          *      MIN = 0, TIME = 0
2806          * If we can satisfy VMIN, send it up, and start a new
2807          * timer if necessary.  These four cases of VMIN/VTIME
2808          * are also dealt with in the write side put routine
2809          * when the M_READ is first seen.
2810          */
2811 
2812         DEBUG4(("Incoming data while M_READ'ing\n"));
2813         /*
2814          * Case 1:  Any data will satisfy the read, so send
2815          * it upstream.
2816          */
2817         if (V_MIN == 0 && V_TIME > 0) {
2818                 if (tp->t_msglen)
2819                         vmin_satisfied(q, tp, 1);
2820                 else {
2821                         /* EMPTY */
2822                         DEBUG4(("ldterm_do_noncanon called, but no data!\n"));
2823                 }
2824                 /*
2825                  * Case 2:  This should never time out, so
2826                  * until there's enough data, do nothing.
2827                  */
2828         } else if (V_MIN > 0 && V_TIME == 0) {
2829                 if (tp->t_msglen >= (int)V_MIN)
2830                         vmin_satisfied(q, tp, 1);
2831 
2832                 /*
2833                  * Case 3:  If MIN is satisfied, send it up.
2834                  * Also, remember to start a new timer *every*
2835                  * time we see something if MIN isn't
2836                  * safisfied
2837                  */
2838         } else if (V_MIN > 0 && V_TIME > 0) {
2839                 if (tp->t_msglen >= (int)V_MIN)
2840                         vmin_satisfied(q, tp, 1);
2841                 else
2842                         vmin_settimer(q);
2843                 /*
2844                  * Case 4:  Not possible.  This request
2845                  * should always be satisfied from the write
2846                  * side, left here for debugging.
2847                  */
2848         } else {        /* V_MIN == 0 && V_TIME == 0 */
2849                         vmin_satisfied(q, tp, 1);
2850         }
2851 
2852         if (free_flag) {
2853                 /* EMPTY */
2854                 DEBUG4(("CAUTION message block not freed\n"));
2855         }
2856         return (newmsg(tp));
2857 }
2858 
2859 
2860 /*
2861  * Echo a typed byte to the terminal.  Returns the number of bytes
2862  * printed. Bytes of EUC characters drop through the ECHOCTL stuff
2863  * and are just output as themselves.
2864  */
2865 static int
2866 ldterm_echo(uchar_t c, queue_t *q, size_t ebsize, ldtermstd_state_t *tp)
2867 {
2868         int i;
2869 
2870         if (!(tp->t_modes.c_lflag & ECHO))
2871                 return (0);
2872         i = 0;
2873 
2874         /*
2875          * Echo control characters (c <= 37) only if the ECHOCTRL
2876          * flag is set as ^X.
2877          */
2878 
2879         if ((tp->t_modes.c_lflag & ECHOCTL) &&
2880             (tp->t_modes.c_lflag & IEXTEN)) {
2881                 if (c <= 037 && c != '\t' && c != '\n') {
2882                         ldterm_outchar('^', q, ebsize, tp);
2883                         i++;
2884                         if (tp->t_modes.c_oflag & OLCUC)
2885                                 c += 'a' - 1;
2886                         else
2887                                 c += 'A' - 1;
2888                 } else if (c == 0177) {
2889                         ldterm_outchar('^', q, ebsize, tp);
2890                         i++;
2891                         c = '?';
2892                 }
2893                 ldterm_outchar(c, q, ebsize, tp);
2894                 return (i + 1);
2895                 /* echo only special control character and the Bell */
2896         } else if ((c > 037 && c != 0177) || c == '\t' || c == '\n' ||
2897             c == '\r' || c == '\b' || c == 007 ||
2898             c == tp->t_modes.c_cc[VKILL]) {
2899                 ldterm_outchar(c, q, ebsize, tp);
2900                 return (i + 1);
2901         }
2902         return (i);
2903 }
2904 
2905 
2906 /*
2907  * Put a character on the output queue.
2908  */
2909 static void
2910 ldterm_outchar(uchar_t c, queue_t *q, size_t bsize, ldtermstd_state_t *tp)
2911 {
2912         mblk_t *curbp;
2913 
2914         /*
2915          * Don't even look at the characters unless we have something
2916          * useful to do with them.
2917          */
2918         if ((tp->t_modes.c_oflag & OPOST) ||
2919             ((tp->t_modes.c_lflag & XCASE) &&
2920             (tp->t_modes.c_lflag & ICANON))) {
2921                 mblk_t *mp;
2922 
2923                 if ((mp = allocb(4, BPRI_HI)) == NULL) {
2924                         cmn_err(CE_WARN,
2925                             "ldterm: (ldterm_outchar) out of blocks");
2926                         return;
2927                 }
2928                 *mp->b_wptr++ = c;
2929                 mp = ldterm_output_msg(q, mp, &tp->t_echomp, tp, bsize, 1);
2930                 if (mp != NULL)
2931                         freemsg(mp);
2932 
2933         } else {
2934                 if ((curbp = tp->t_echomp) != NULL) {
2935                         while (curbp->b_cont != NULL)
2936                                 curbp = curbp->b_cont;
2937                         if (curbp->b_datap->db_lim == curbp->b_wptr) {
2938                                 mblk_t *newbp;
2939 
2940                                 if ((newbp = allocb(bsize, BPRI_HI)) == NULL) {
2941                                         cmn_err(CE_WARN,
2942                                             "ldterm_outchar: out of blocks");
2943                                         return;
2944                                 }
2945                                 curbp->b_cont = newbp;
2946                                 curbp = newbp;
2947                         }
2948                 } else {
2949                         if ((curbp = allocb(bsize, BPRI_HI)) == NULL) {
2950                                 cmn_err(CE_WARN,
2951                                     "ldterm_outchar: out of blocks");
2952                                 return;
2953                         }
2954                         tp->t_echomp = curbp;
2955                 }
2956                 *curbp->b_wptr++ = c;
2957         }
2958 }
2959 
2960 
2961 /*
2962  * Copy a string, of length len, to the output queue.
2963  */
2964 static void
2965 ldterm_outstring(uchar_t *cp, int len, queue_t *q, size_t bsize,
2966     ldtermstd_state_t *tp)
2967 {
2968         while (len > 0) {
2969                 ldterm_outchar(*cp++, q, bsize, tp);
2970                 len--;
2971         }
2972 }
2973 
2974 
2975 static mblk_t *
2976 newmsg(ldtermstd_state_t *tp)
2977 {
2978         mblk_t *bp;
2979 
2980         /*
2981          * If no current message, allocate a block for it.
2982          */
2983         if ((bp = tp->t_endmsg) == NULL) {
2984                 if ((bp = allocb(IBSIZE, BPRI_MED)) == NULL) {
2985                         cmn_err(CE_WARN,
2986                             "ldterm: (ldtermrsrv/newmsg) out of blocks");
2987                         return (bp);
2988                 }
2989                 tp->t_message = bp;
2990                 tp->t_endmsg = bp;
2991         }
2992         return (bp);
2993 }
2994 
2995 
2996 static void
2997 ldterm_msg_upstream(queue_t *q, ldtermstd_state_t *tp)
2998 {
2999         ssize_t s;
3000         mblk_t *bp;
3001 
3002         bp = tp->t_message;
3003         s = msgdsize(bp);
3004         if (bp)
3005                 putnext(q, tp->t_message);
3006 
3007         /*
3008          * update sysinfo canch character.
3009          */
3010         if (CANON_MODE)
3011                 (void) drv_setparm(SYSCANC, s);
3012         tp->t_message = NULL;
3013         tp->t_endmsg = NULL;
3014         tp->t_msglen = 0;
3015         tp->t_rocount = 0;
3016         tp->t_rd_request = 0;
3017         if (tp->t_state & TS_MEUC) {
3018                 ASSERT(tp->t_eucp_mp);
3019                 tp->t_eucp = tp->t_eucp_mp->b_rptr;
3020                 /* can't reset everything, as we may have other input */
3021         }
3022 }
3023 
3024 
3025 /*
3026  * Re-enable the write-side service procedure.  When an allocation
3027  * failure causes write-side processing to stall, we disable the
3028  * write side and arrange to call this function when allocation once
3029  * again becomes possible.
3030  */
3031 static void
3032 ldterm_wenable(void *addr)
3033 {
3034         queue_t *q = addr;
3035         ldtermstd_state_t *tp;
3036 
3037         tp = (ldtermstd_state_t *)q->q_ptr;
3038         /*
3039          * The bufcall is no longer pending.
3040          */
3041         tp->t_wbufcid = 0;
3042         enableok(q);
3043         qenable(q);
3044 }
3045 
3046 
3047 /*
3048  * Line discipline output queue put procedure.  Attempts to process
3049  * the message directly and send it on downstream, queueing it only
3050  * if there's already something pending or if its downstream neighbor
3051  * is clogged.
3052  */
3053 static void
3054 ldtermwput(queue_t *q, mblk_t *mp)
3055 {
3056         ldtermstd_state_t *tp;
3057         unsigned char type = mp->b_datap->db_type;
3058 
3059         tp = (ldtermstd_state_t *)q->q_ptr;
3060 
3061         /*
3062          * Always process priority messages, regardless of whether or
3063          * not our queue is nonempty.
3064          */
3065         if (type >= QPCTL) {
3066                 switch (type) {
3067 
3068                 case M_FLUSH:
3069                         /*
3070                          * Get rid of it, see comment in
3071                          * ldterm_dosig().
3072                          */
3073                         if ((tp->t_state & TS_FLUSHWAIT) &&
3074                             (*mp->b_rptr == FLUSHW)) {
3075                                 tp->t_state &= ~TS_FLUSHWAIT;
3076                                 freemsg(mp);
3077                                 return;
3078                         }
3079                         /*
3080                          * This is coming from above, so we only
3081                          * handle the write queue here.  If FLUSHR is
3082                          * set, it will get turned around at the
3083                          * driver, and the read procedure will see it
3084                          * eventually.
3085                          */
3086                         if (*mp->b_rptr & FLUSHW) {
3087                                 if ((tp->t_state & TS_ISPTSTTY) &&
3088                                     (*mp->b_rptr & FLUSHBAND))
3089                                         flushband(q, *(mp->b_rptr + 1),
3090                                             FLUSHDATA);
3091                                 else
3092                                         flushq(q, FLUSHDATA);
3093                         }
3094 
3095                         putnext(q, mp);
3096                         /*
3097                          * If a timed read is interrupted, there is
3098                          * no way to cancel an existing M_READ
3099                          * request.  We kludge by allowing a flush to
3100                          * do so.
3101                          */
3102                         if (tp->t_state & TS_MREAD)
3103                                 vmin_satisfied(RD(q), tp, 0);
3104                         break;
3105 
3106                 case M_READ:
3107                         DEBUG1(("ldtermwmsg:M_READ RECEIVED\n"));
3108                         /*
3109                          * Stream head needs data to satisfy timed
3110                          * read. Has meaning only if ICANON flag is
3111                          * off indicating raw mode
3112                          */
3113 
3114                         DEBUG4((
3115                             "M_READ: RAW_MODE=%d, CNT=%d, VMIN=%d, VTIME=%d\n",
3116                             RAW_MODE, *(unsigned int *)mp->b_rptr, V_MIN,
3117                             V_TIME));
3118 
3119                         tp->t_rd_request = *(unsigned int *)mp->b_rptr;
3120 
3121                         if (RAW_MODE) {
3122                                 if (newmsg(tp) != NULL) {
3123                                         /*
3124                                          * VMIN/VTIME processing...
3125                                          * The four possible cases are:
3126                                          *      MIN = 0, TIME > 0
3127                                          *      MIN = >, TIME = 0
3128                                          *      MIN > 0, TIME > 0
3129                                          *      MIN = 0, TIME = 0
3130                                          * These four conditions must be dealt
3131                                          * with on the read side as well in
3132                                          * ldterm_do_noncanon(). Set TS_MREAD
3133                                          * so that the read side will know
3134                                          * there is a pending read request
3135                                          * waiting at the stream head.  If we
3136                                          * can satisfy MIN do it here, rather
3137                                          * than on the read side.  If we can't,
3138                                          * start timers if necessary and let
3139                                          * the other side deal with it.
3140                                          *
3141                                          * We got another M_READ before the
3142                                          * pending one completed, cancel any
3143                                          * existing timeout.
3144                                          */
3145                                         if (tp->t_state & TS_MREAD) {
3146                                                 vmin_satisfied(RD(q),
3147                                                     tp, 0);
3148                                         }
3149                                         tp->t_state |= TS_MREAD;
3150                                         /*
3151                                          * Case 1:  Any data will
3152                                          * satisfy read, otherwise
3153                                          * start timer
3154                                          */
3155                                         if (V_MIN == 0 && V_TIME > 0) {
3156                                                 if (tp->t_msglen)
3157                                                         vmin_satisfied(RD(q),
3158                                                             tp, 1);
3159                                                 else
3160                                                         vmin_settimer(RD(q));
3161 
3162                                                 /*
3163                                                  * Case 2:  If we have enough
3164                                                  * data, send up now.
3165                                                  * Otherwise, the read side
3166                                                  * should wait forever until MIN
3167                                                  * is satisified.
3168                                                  */
3169                                         } else if (V_MIN > 0 && V_TIME == 0) {
3170                                                 if (tp->t_msglen >= (int)V_MIN)
3171                                                         vmin_satisfied(RD(q),
3172                                                             tp, 1);
3173 
3174                                                 /*
3175                                                  * Case 3:  If we can satisfy
3176                                                  * the read, send it up. If we
3177                                                  * don't have enough data, but
3178                                                  * there is at least one char,
3179                                                  * start a timer.  Otherwise,
3180                                                  * let the read side start
3181                                                  * the timer.
3182                                                  */
3183                                         } else if (V_MIN > 0 && V_TIME > 0) {
3184                                                 if (tp->t_msglen >= (int)V_MIN)
3185                                                         vmin_satisfied(RD(q),
3186                                                             tp, 1);
3187                                                 else if (tp->t_msglen)
3188                                                         vmin_settimer(RD(q));
3189                                                 /*
3190                                                  * Case 4:  Read returns
3191                                                  * whatever data is available
3192                                                  * or zero if none.
3193                                                  */
3194                                         } else { /* V_MIN == 0 && V_TIME == 0 */
3195                                                 vmin_satisfied(RD(q), tp, 1);
3196                                         }
3197 
3198                                 } else  /* should do bufcall, really! */
3199                                         cmn_err(CE_WARN,
3200                                             "ldtermwmsg: out of blocks");
3201                         }
3202                         /*
3203                          * pass M_READ down
3204                          */
3205                         putnext(q, mp);
3206                         break;
3207 
3208                 default:
3209                         /* Pass it through unmolested. */
3210                         putnext(q, mp);
3211                         break;
3212                 }
3213                 return;
3214         }
3215         /*
3216          * If our queue is nonempty or there's a traffic jam
3217          * downstream, this message must get in line.
3218          */
3219         if (q->q_first != NULL || !bcanputnext(q, mp->b_band)) {
3220                 /*
3221                  * Exception: ioctls, except for those defined to
3222                  * take effect after output has drained, should be
3223                  * processed immediately.
3224                  */
3225                 if (type == M_IOCTL) {
3226                         struct iocblk *iocp;
3227 
3228                         iocp = (struct iocblk *)mp->b_rptr;
3229                         switch (iocp->ioc_cmd) {
3230 
3231                                 /*
3232                                  * Queue these.
3233                                  */
3234                         case TCSETSW:
3235                         case TCSETSF:
3236                         case TCSETAW:
3237                         case TCSETAF:
3238                         case TCSBRK:
3239                                 break;
3240 
3241                                 /*
3242                                  * Handle all others immediately.
3243                                  */
3244                         default:
3245                                 (void) ldtermwmsg(q, mp);
3246                                 return;
3247                         }
3248                 }
3249                 (void) putq(q, mp);
3250                 return;
3251         }
3252         /*
3253          * We can take the fast path through, by simply calling
3254          * ldtermwmsg to dispose of mp.
3255          */
3256         (void) ldtermwmsg(q, mp);
3257 }
3258 
3259 
3260 /*
3261  * Line discipline output queue service procedure.
3262  */
3263 static void
3264 ldtermwsrv(queue_t *q)
3265 {
3266         mblk_t *mp;
3267 
3268         /*
3269          * We expect this loop to iterate at most once, but must be
3270          * prepared for more in case our upstream neighbor isn't
3271          * paying strict attention to what canput tells it.
3272          */
3273         while ((mp = getq(q)) != NULL) {
3274                 /*
3275                  * N.B.: ldtermwput has already handled high-priority
3276                  * messages, so we don't have to worry about them
3277                  * here. Hence, the putbq call is safe.
3278                  */
3279                 if (!bcanputnext(q, mp->b_band)) {
3280                         (void) putbq(q, mp);
3281                         break;
3282                 }
3283                 if (!ldtermwmsg(q, mp)) {
3284                         /*
3285                          * Couldn't handle the whole thing; give up
3286                          * for now and wait to be rescheduled.
3287                          */
3288                         break;
3289                 }
3290         }
3291 }
3292 
3293 
3294 /*
3295  * Process the write-side message denoted by mp.  If mp can't be
3296  * processed completely (due to allocation failures), put the
3297  * residual unprocessed part on the front of the write queue, disable
3298  * the queue, and schedule a qbufcall to arrange to complete its
3299  * processing later.
3300  *
3301  * Return 1 if the message was processed completely and 0 if not.
3302  *
3303  * This routine is called from both ldtermwput and ldtermwsrv to do the
3304  * actual work of dealing with mp.  ldtermwput will have already
3305  * dealt with high priority messages.
3306  */
3307 static int
3308 ldtermwmsg(queue_t *q, mblk_t *mp)
3309 {
3310         ldtermstd_state_t *tp;
3311         mblk_t *residmp = NULL;
3312         size_t size;
3313 
3314         tp = (ldtermstd_state_t *)q->q_ptr;
3315 
3316         switch (mp->b_datap->db_type) {
3317 
3318         case M_IOCTL:
3319                 ldterm_do_ioctl(q, mp);
3320                 break;
3321 
3322         case M_DATA:
3323                 {
3324                         mblk_t *omp = NULL;
3325 
3326                         if ((tp->t_modes.c_lflag & FLUSHO) &&
3327                             (tp->t_modes.c_lflag & IEXTEN)) {
3328                                 freemsg(mp);    /* drop on floor */
3329                                 break;
3330                         }
3331                         tp->t_rocount = 0;
3332                         /*
3333                          * Don't even look at the characters unless
3334                          * we have something useful to do with them.
3335                          */
3336                         if (((tp->t_modes.c_oflag & OPOST) ||
3337                             ((tp->t_modes.c_lflag & XCASE) &&
3338                             (tp->t_modes.c_lflag & ICANON))) &&
3339                             (msgdsize(mp) || !(tp->t_state & TS_ISPTSTTY))) {
3340                                 unsigned char band = mp->b_band;
3341                                 short flag = mp->b_flag;
3342 
3343                                 residmp = ldterm_output_msg(q, mp, &omp,
3344                                     tp, OBSIZE, 0);
3345                                 if ((mp = omp) == NULL)
3346                                         break;
3347                                 mp->b_band |= band;
3348                                 mp->b_flag |= flag;
3349                         }
3350                         /* Update sysinfo outch */
3351                         (void) drv_setparm(SYSOUTC, msgdsize(mp));
3352                         putnext(q, mp);
3353                         break;
3354                 }
3355 
3356         default:
3357                 putnext(q, mp); /* pass it through unmolested */
3358                 break;
3359         }
3360 
3361         if (residmp == NULL)
3362                 return (1);
3363 
3364         /*
3365          * An allocation failure occurred that prevented the message
3366          * from being completely processed.  First, disable our
3367          * queue, since it's pointless to attempt further processing
3368          * until the allocation situation is resolved.  (This must
3369          * precede the putbq call below, which would otherwise mark
3370          * the queue to be serviced.)
3371          */
3372         noenable(q);
3373         /*
3374          * Stuff the remnant on our write queue so that we can
3375          * complete it later when times become less lean.  Note that
3376          * this sets QFULL, so that our upstream neighbor will be
3377          * blocked by flow control.
3378          */
3379         (void) putbq(q, residmp);
3380         /*
3381          * Schedule a qbufcall to re-enable the queue.  The failure
3382          * won't have been for an allocation of more than OBSIZE
3383          * bytes, so don't ask for more than that from bufcall.
3384          */
3385         size = msgdsize(residmp);
3386         if (size > OBSIZE)
3387                 size = OBSIZE;
3388         if (tp->t_wbufcid)
3389                 qunbufcall(q, tp->t_wbufcid);
3390         tp->t_wbufcid = qbufcall(q, size, BPRI_MED, ldterm_wenable, q);
3391 
3392         return (0);
3393 }
3394 
3395 
3396 /*
3397  * Perform output processing on a message, accumulating the output
3398  * characters in a new message.
3399  */
3400 static mblk_t *
3401 ldterm_output_msg(queue_t *q, mblk_t *imp, mblk_t **omp,
3402     ldtermstd_state_t *tp, size_t bsize, int echoing)
3403 {
3404         mblk_t *ibp;            /* block we're examining from input message */
3405         mblk_t *obp;            /* block we're filling in output message */
3406         mblk_t *cbp;            /* continuation block */
3407         mblk_t *oobp;           /* old value of obp; valid if NEW_BLOCK fails */
3408         mblk_t **contpp;        /* where to stuff ptr to newly-allocated blk */
3409         unsigned char c, n;
3410         int count, ctype;
3411         ssize_t bytes_left;
3412 
3413         mblk_t *bp;             /* block to stuff an M_DELAY message in */
3414 
3415 
3416         /*
3417          * Allocate a new block into which to put bytes. If we can't,
3418          * we just drop the rest of the message on the floor. If x is
3419          * non-zero, just fall thru; failure requires cleanup before
3420          * going out
3421          */
3422 
3423 #define NEW_BLOCK(x) \
3424         { \
3425                 oobp = obp; \
3426                 if ((obp = allocb(bsize, BPRI_MED)) == NULL) { \
3427                         if (x == 0) \
3428                                 goto outofbufs; \
3429                 } else { \
3430                         *contpp = obp; \
3431                         contpp = &obp->b_cont; \
3432                         bytes_left = obp->b_datap->db_lim - obp->b_wptr; \
3433                 } \
3434         }
3435 
3436         ibp = imp;
3437 
3438         /*
3439          * When we allocate the first block of a message, we should
3440          * stuff the pointer to it in "*omp".  All subsequent blocks
3441          * should have the pointer to them stuffed into the "b_cont"
3442          * field of the previous block.  "contpp" points to the place
3443          * where we should stuff the pointer.
3444          *
3445          * If we already have a message we're filling in, continue doing
3446          * so.
3447          */
3448         if ((obp = *omp) != NULL) {
3449                 while (obp->b_cont != NULL)
3450                         obp = obp->b_cont;
3451                 contpp = &obp->b_cont;
3452                 bytes_left = obp->b_datap->db_lim - obp->b_wptr;
3453         } else {
3454                 contpp = omp;
3455                 bytes_left = 0;
3456         }
3457 
3458         do {
3459                 while (ibp->b_rptr < ibp->b_wptr) {
3460                         /*
3461                          * Make sure there's room for one more
3462                          * character.  At most, we'll need "t_maxeuc"
3463                          * bytes.
3464                          */
3465                         if ((bytes_left < (int)tp->t_maxeuc)) {
3466                                 /* LINTED */
3467                                 NEW_BLOCK(0);
3468                         }
3469                         /*
3470                          * If doing XCASE processing (not very
3471                          * likely, in this day and age), look at each
3472                          * character individually.
3473                          */
3474                         if ((tp->t_modes.c_lflag & XCASE) &&
3475                             (tp->t_modes.c_lflag & ICANON)) {
3476                                 c = *ibp->b_rptr++;
3477 
3478                                 /*
3479                                  * We need to make sure that this is not
3480                                  * a following byte of a multibyte character
3481                                  * before applying an XCASE processing.
3482                                  *
3483                                  * tp->t_eucign will be 0 if and only
3484                                  * if the current 'c' is an ASCII character
3485                                  * and also a byte. Otherwise, it will have
3486                                  * the byte length of a multibyte character.
3487                                  */
3488                                 if ((tp->t_state & TS_MEUC) &&
3489                                     tp->t_eucign == 0 && NOTASCII(c)) {
3490                                         tp->t_eucign =
3491                                             tp->t_csmethods.ldterm_memwidth(
3492                                             c, (void *)tp);
3493                                         tp->t_scratch_len = tp->t_eucign;
3494 
3495                                         if (tp->t_csdata.codeset_type !=
3496                                             LDTERM_CS_TYPE_UTF8) {
3497                                                 tp->t_col +=
3498                                                     tp->
3499                                                     t_csmethods.
3500                                                     ldterm_dispwidth(c,
3501                                                     (void *)tp,
3502                                                     tp->t_modes.c_lflag &
3503                                                     ECHOCTL);
3504                                         }
3505                                 }
3506 
3507                                 /*
3508                                  * If character is mapped on output,
3509                                  * put out a backslash followed by
3510                                  * what it is mapped to.
3511                                  */
3512                                 if (tp->t_eucign == 0 && omaptab[c] != 0 &&
3513                                     (!echoing || c != '\\')) {
3514                                         /* backslash is an ordinary character */
3515                                         tp->t_col++;
3516                                         *obp->b_wptr++ = '\\';
3517                                         bytes_left--;
3518                                         if (bytes_left == 0) {
3519                                                 /* LINTED */
3520                                                 NEW_BLOCK(1);
3521                                         }
3522                                         /*
3523                                          * Allocation failed, make
3524                                          * state consistent before
3525                                          * returning
3526                                          */
3527                                         if (obp == NULL) {
3528                                                 ibp->b_rptr--;
3529                                                 tp->t_col--;
3530                                                 oobp->b_wptr--;
3531                                                 goto outofbufs;
3532                                         }
3533                                         c = omaptab[c];
3534                                 }
3535                                 /*
3536                                  * If no other output processing is
3537                                  * required, push the character into
3538                                  * the block and get another.
3539                                  */
3540                                 if (!(tp->t_modes.c_oflag & OPOST)) {
3541                                         if (tp->t_eucign > 0) {
3542                                                 --tp->t_eucign;
3543                                         } else {
3544                                                 tp->t_col++;
3545                                         }
3546                                         *obp->b_wptr++ = c;
3547                                         bytes_left--;
3548                                         continue;
3549                                 }
3550                                 /*
3551                                  * OPOST output flag is set. Map
3552                                  * lower case to upper case if OLCUC
3553                                  * flag is set and the 'c' is a lowercase
3554                                  * ASCII character.
3555                                  */
3556                                 if (tp->t_eucign == 0 &&
3557                                     (tp->t_modes.c_oflag & OLCUC) &&
3558                                     c >= 'a' && c <= 'z')
3559                                         c -= 'a' - 'A';
3560                         } else {
3561                                 /*
3562                                  * Copy all the ORDINARY characters,
3563                                  * possibly mapping upper case to
3564                                  * lower case.  We use "movtuc",
3565                                  * STOPPING when we can't move some
3566                                  * character. For multi-byte or
3567                                  * multi-column EUC, we can't depend
3568                                  * on the regular tables. Rather than
3569                                  * just drop through to the "big
3570                                  * switch" for all characters, it
3571                                  * _might_ be faster to let "movtuc"
3572                                  * move a bunch of characters.
3573                                  * Chances are, even in multi-byte
3574                                  * mode we'll have lots of ASCII
3575                                  * going through. We check the flag
3576                                  * once, and call movtuc with the
3577                                  * appropriate table as an argument.
3578                                  *
3579                                  * "movtuc will work for all codeset
3580                                  * types since it stops at the beginning
3581                                  * byte of a multibyte character.
3582                                  */
3583                                 size_t bytes_to_move;
3584                                 size_t bytes_moved;
3585 
3586                                 ASSERT(ibp->b_wptr >= ibp->b_rptr);
3587                                 bytes_to_move = ibp->b_wptr - ibp->b_rptr;
3588                                 if (bytes_to_move > bytes_left)
3589                                         bytes_to_move = bytes_left;
3590                                 if (tp->t_state & TS_MEUC) {
3591                                         bytes_moved = movtuc(bytes_to_move,
3592                                             ibp->b_rptr, obp->b_wptr,
3593                                             (tp->t_modes.c_oflag & OLCUC ?
3594                                             elcuctab : enotrantab));
3595                                 } else {
3596                                         bytes_moved = movtuc(bytes_to_move,
3597                                             ibp->b_rptr, obp->b_wptr,
3598                                             (tp->t_modes.c_oflag & OLCUC ?
3599                                             lcuctab : notrantab));
3600                                 }
3601                                 /*
3602                                  * We're save to just do this column
3603                                  * calculation, because if TS_MEUC is
3604                                  * set, we used the proper EUC
3605                                  * tables, and won't have copied any
3606                                  * EUC bytes.
3607                                  */
3608                                 tp->t_col += bytes_moved;
3609                                 ibp->b_rptr += bytes_moved;
3610                                 obp->b_wptr += bytes_moved;
3611                                 bytes_left -= bytes_moved;
3612                                 if (ibp->b_rptr >= ibp->b_wptr)
3613                                         continue;       /* moved all of block */
3614                                 if (bytes_left == 0) {
3615                                         /* LINTED */
3616                                         NEW_BLOCK(0);
3617                                 }
3618                                 c = *ibp->b_rptr++;  /* stopper */
3619                         }
3620 
3621                         /*
3622                          * Again, we need to make sure that this is not
3623                          * a following byte of a multibyte character at
3624                          * here.
3625                          *
3626                          * 'tp->t_eucign' will be 0 iff the current 'c' is
3627                          * an ASCII character. Otherwise, it will have
3628                          * the byte length of a multibyte character.
3629                          * We also add the display width to 'tp->t_col' if
3630                          * the current codeset is not UTF-8 since this is
3631                          * a leading byte of a multibyte character.
3632                          * For UTF-8 codeset type, we add the display width
3633                          * when we get the last byte of a character.
3634                          */
3635                         if ((tp->t_state & TS_MEUC) && tp->t_eucign == 0 &&
3636                             NOTASCII(c)) {
3637                                 tp->t_eucign = tp->t_csmethods.ldterm_memwidth(
3638                                     c, (void *)tp);
3639                                 tp->t_scratch_len = tp->t_eucign;
3640 
3641                                 if (tp->t_csdata.codeset_type !=
3642                                     LDTERM_CS_TYPE_UTF8) {
3643                                         tp->t_col +=
3644                                             tp->t_csmethods.ldterm_dispwidth(c,
3645                                             (void *)tp,
3646                                             tp->t_modes.c_lflag & ECHOCTL);
3647                                 }
3648                         }
3649 
3650                         /*
3651                          * If the driver has requested, don't process
3652                          * output flags.  However, if we're in
3653                          * multi-byte mode, we HAVE to look at
3654                          * EVERYTHING going out to maintain column
3655                          * position properly. Therefore IF the driver
3656                          * says don't AND we're not doing multi-byte,
3657                          * then don't do it.  Otherwise, do it.
3658                          *
3659                          * NOTE:  Hardware USUALLY doesn't expand tabs
3660                          * properly for multi-byte situations anyway;
3661                          * that's a known problem with the 3B2
3662                          * "PORTS" board firmware, and any other
3663                          * hardware that doesn't ACTUALLY know about
3664                          * the current EUC mapping that WE are using
3665                          * at this very moment.  The problem is that
3666                          * memory width is INDEPENDENT of screen
3667                          * width - no relation - so WE know how wide
3668                          * the characters are, but an off-the-host
3669                          * board probably doesn't.  So, until we're
3670                          * SURE that the hardware below us can
3671                          * correctly expand tabs in a
3672                          * multi-byte/multi-column EUC situation, we
3673                          * do it ourselves.
3674                          */
3675                         /*
3676                          * Map <CR>to<NL> on output if OCRNL flag
3677                          * set. ONLCR processing is not done if OCRNL
3678                          * is set.
3679                          */
3680                         if (c == '\r' && (tp->t_modes.c_oflag & OCRNL)) {
3681                                 c = '\n';
3682                                 ctype = typetab[c];
3683                                 goto jocrnl;
3684                         }
3685 
3686                         if (tp->t_csdata.codeset_type == LDTERM_CS_TYPE_EUC) {
3687                                 ctype = typetab[c];
3688                         } else {
3689                                 /*
3690                                  * In other codeset types, we safely assume
3691                                  * any byte of a multibyte character will have
3692                                  * 'ORDINARY' type. For ASCII characters, we
3693                                  * still use the typetab[].
3694                                  */
3695                                 if (tp->t_eucign == 0)
3696                                         ctype = typetab[c];
3697                                 else
3698                                         ctype = ORDINARY;
3699                         }
3700 
3701                         /*
3702                          * Map <NL> to <CR><NL> on output if ONLCR
3703                          * flag is set.
3704                          */
3705                         if (c == '\n' && (tp->t_modes.c_oflag & ONLCR)) {
3706                                 if (!(tp->t_state & TS_TTCR)) {
3707                                         tp->t_state |= TS_TTCR;
3708                                         c = '\r';
3709                                         ctype = typetab['\r'];
3710                                         --ibp->b_rptr;
3711                                 } else
3712                                         tp->t_state &= ~TS_TTCR;
3713                         }
3714                         /*
3715                          * Delay values and column position
3716                          * calculated here.  For EUC chars in
3717                          * multi-byte mode, we use "t_eucign" to help
3718                          * calculate columns.  When we see the first
3719                          * byte of an EUC, we set t_eucign to the
3720                          * number of bytes that will FOLLOW it, and
3721                          * we add the screen width of the WHOLE EUC
3722                          * character to the column position.  In
3723                          * particular, we can't count SS2 or SS3 as
3724                          * printing characters.  Remember, folks, the
3725                          * screen width and memory width are
3726                          * independent - no relation. We could have
3727                          * dropped through for ASCII, but we want to
3728                          * catch any bad characters (i.e., t_eucign
3729                          * set and an ASCII char received) and
3730                          * possibly report the garbage situation.
3731                          */
3732         jocrnl:
3733 
3734                         count = 0;
3735                         switch (ctype) {
3736 
3737                         case T_SS2:
3738                         case T_SS3:
3739                         case ORDINARY:
3740                                 if (tp->t_state & TS_MEUC) {
3741                                         if (tp->t_eucign) {
3742                                                 *obp->b_wptr++ = c;
3743                                                 bytes_left--;
3744 
3745                                                 tp->t_scratch[tp->t_scratch_len
3746                                                     - tp->t_eucign] = c;
3747 
3748                                                 --tp->t_eucign;
3749 
3750                                                 if (tp->t_csdata.codeset_type
3751                                                     == LDTERM_CS_TYPE_UTF8 &&
3752                                                     tp->t_eucign <= 0) {
3753                                                         tp->t_col +=
3754                                                             ldterm_utf8_width(
3755                                                             tp->t_scratch,
3756                                                             tp->t_scratch_len);
3757                                                 }
3758                                         } else {
3759                                                 if (tp->t_modes.c_oflag & OLCUC)
3760                                                         n = elcuctab[c];
3761                                                 else
3762                                                         n = enotrantab[c];
3763                                                 if (n)
3764                                                         c = n;
3765                                                 tp->t_col++;
3766                                                 *obp->b_wptr++ = c;
3767                                                 bytes_left--;
3768                                         }
3769                                 } else {        /* ho hum, ASCII mode... */
3770                                         if (tp->t_modes.c_oflag & OLCUC)
3771                                                 n = lcuctab[c];
3772                                         else
3773                                                 n = notrantab[c];
3774                                         if (n)
3775                                                 c = n;
3776                                         tp->t_col++;
3777                                         *obp->b_wptr++ = c;
3778                                         bytes_left--;
3779                                 }
3780                                 break;
3781 
3782                                 /*
3783                                  * If we're doing ECHOCTL, we've
3784                                  * already mapped the thing during
3785                                  * the process of canonising.  Don't
3786                                  * bother here, as it's not one that
3787                                  * we did.
3788                                  */
3789                         case CONTROL:
3790                                 *obp->b_wptr++ = c;
3791                                 bytes_left--;
3792                                 break;
3793 
3794                                 /*
3795                                  * This is probably a backspace
3796                                  * received, not one that we're
3797                                  * echoing.  Let it go as a
3798                                  * single-column backspace.
3799                                  */
3800                         case BACKSPACE:
3801                                 if (tp->t_col)
3802                                         tp->t_col--;
3803                                 if (tp->t_modes.c_oflag & BSDLY) {
3804                                         if (tp->t_modes.c_oflag & OFILL)
3805                                                 count = 1;
3806                                 }
3807                                 *obp->b_wptr++ = c;
3808                                 bytes_left--;
3809                                 break;
3810 
3811                         case NEWLINE:
3812                                 if (tp->t_modes.c_oflag & ONLRET)
3813                                         goto cr;
3814                                 if ((tp->t_modes.c_oflag & NLDLY) == NL1)
3815                                         count = 2;
3816                                 *obp->b_wptr++ = c;
3817                                 bytes_left--;
3818                                 break;
3819 
3820                         case TAB:
3821                                 /*
3822                                  * Map '\t' to spaces if XTABS flag
3823                                  * is set.  The calculation of
3824                                  * "t_eucign" has probably insured
3825                                  * that column will be correct, as we
3826                                  * bumped t_col by the DISP width,
3827                                  * not the memory width.
3828                                  */
3829                                 if ((tp->t_modes.c_oflag & TABDLY) == XTABS) {
3830                                         for (;;) {
3831                                                 *obp->b_wptr++ = ' ';
3832                                                 bytes_left--;
3833                                                 tp->t_col++;
3834                                                 if ((tp->t_col & 07) == 0)
3835                                                         break;  /* every 8th */
3836                                                 /*
3837                                                  * If we don't have
3838                                                  * room to fully
3839                                                  * expand this tab in
3840                                                  * this block, back
3841                                                  * up to continue
3842                                                  * expanding it into
3843                                                  * the next block.
3844                                                  */
3845                                                 if (obp->b_wptr >=
3846                                                     obp->b_datap->db_lim) {
3847                                                         ibp->b_rptr--;
3848                                                         break;
3849                                                 }
3850                                         }
3851                                 } else {
3852                                         tp->t_col |= 07;
3853                                         tp->t_col++;
3854                                         if (tp->t_modes.c_oflag & OFILL) {
3855                                                 if (tp->t_modes.c_oflag &
3856                                                     TABDLY)
3857                                                         count = 2;
3858                                         } else {
3859                                                 switch (tp->t_modes.c_oflag &
3860                                                     TABDLY) {
3861                                                 case TAB2:
3862                                                         count = 6;
3863                                                         break;
3864 
3865                                                 case TAB1:
3866                                                         count = 1 + (tp->t_col |
3867                                                             ~07);
3868                                                         if (count < 5)
3869                                                                 count = 0;
3870                                                         break;
3871                                                 }
3872                                         }
3873                                         *obp->b_wptr++ = c;
3874                                         bytes_left--;
3875                                 }
3876                                 break;
3877 
3878                         case VTAB:
3879                                 if ((tp->t_modes.c_oflag & VTDLY) &&
3880                                     !(tp->t_modes.c_oflag & OFILL))
3881                                         count = 127;
3882                                 *obp->b_wptr++ = c;
3883                                 bytes_left--;
3884                                 break;
3885 
3886                         case RETURN:
3887                                 /*
3888                                  * Ignore <CR> in column 0 if ONOCR
3889                                  * flag set.
3890                                  */
3891                                 if (tp->t_col == 0 &&
3892                                     (tp->t_modes.c_oflag & ONOCR))
3893                                         break;
3894 
3895                 cr:
3896                                 switch (tp->t_modes.c_oflag & CRDLY) {
3897 
3898                                 case CR1:
3899                                         if (tp->t_modes.c_oflag & OFILL)
3900                                                 count = 2;
3901                                         else
3902                                                 count = tp->t_col % 2;
3903                                         break;
3904 
3905                                 case CR2:
3906                                         if (tp->t_modes.c_oflag & OFILL)
3907                                                 count = 4;
3908                                         else
3909                                                 count = 6;
3910                                         break;
3911 
3912                                 case CR3:
3913                                         if (tp->t_modes.c_oflag & OFILL)
3914                                                 count = 0;
3915                                         else
3916                                                 count = 9;
3917                                         break;
3918                                 }
3919                                 tp->t_col = 0;
3920                                 *obp->b_wptr++ = c;
3921                                 bytes_left--;
3922                                 break;
3923                         }
3924 
3925                         if (count != 0) {
3926                                 if (tp->t_modes.c_oflag & OFILL) {
3927                                         do {
3928                                                 if (bytes_left == 0) {
3929                                                         /* LINTED */
3930                                                         NEW_BLOCK(0);
3931                                                 }
3932                                                 if (tp->t_modes.c_oflag & OFDEL)
3933                                                         *obp->b_wptr++ = CDEL;
3934                                                 else
3935                                                         *obp->b_wptr++ = CNUL;
3936                                                 bytes_left--;
3937                                         } while (--count != 0);
3938                                 } else {
3939                                         if ((tp->t_modes.c_lflag & FLUSHO) &&
3940                                             (tp->t_modes.c_lflag & IEXTEN)) {
3941                                                 /* drop on floor */
3942                                                 freemsg(*omp);
3943                                         } else {
3944                                                 /*
3945                                                  * Update sysinfo
3946                                                  * outch
3947                                                  */
3948                                                 (void) drv_setparm(SYSOUTC,
3949                                                     msgdsize(*omp));
3950                                                 putnext(q, *omp);
3951                                                 /*
3952                                                  * Send M_DELAY
3953                                                  * downstream
3954                                                  */
3955                                                 if ((bp =
3956                                                     allocb(1, BPRI_MED)) !=
3957                                                     NULL) {
3958                                                         bp->b_datap->db_type =
3959                                                             M_DELAY;
3960                                                         *bp->b_wptr++ =
3961                                                             (uchar_t)count;
3962                                                         putnext(q, bp);
3963                                                 }
3964                                         }
3965                                         bytes_left = 0;
3966                                         /*
3967                                          * We have to start a new
3968                                          * message; the delay
3969                                          * introduces a break between
3970                                          * messages.
3971                                          */
3972                                         *omp = NULL;
3973                                         contpp = omp;
3974                                 }
3975                         }
3976                 }
3977                 cbp = ibp->b_cont;
3978                 freeb(ibp);
3979         } while ((ibp = cbp) != NULL);  /* next block, if any */
3980 
3981 outofbufs:
3982         return (ibp);
3983 #undef NEW_BLOCK
3984 }
3985 
3986 
3987 #if !defined(__sparc)
3988 int
3989 movtuc(size_t size, unsigned char *from, unsigned char *origto,
3990     unsigned char *table)
3991 {
3992         unsigned char *to = origto;
3993         unsigned char c;
3994 
3995         while (size != 0 && (c = table[*from++]) != 0) {
3996                 *to++ = c;
3997                 size--;
3998         }
3999         return (to - origto);
4000 }
4001 #endif
4002 
4003 static void
4004 ldterm_flush_output(uchar_t c, queue_t *q, ldtermstd_state_t *tp)
4005 {
4006         /* Already conditioned with IEXTEN during VDISCARD processing */
4007         if (tp->t_modes.c_lflag & FLUSHO)
4008                 tp->t_modes.c_lflag &= ~FLUSHO;
4009         else {
4010                 flushq(q, FLUSHDATA);   /* flush our write queue */
4011                 /* flush ones below us */
4012                 (void) putnextctl1(q, M_FLUSH, FLUSHW);
4013                 if ((tp->t_echomp = allocb(EBSIZE, BPRI_HI)) != NULL) {
4014                         (void) ldterm_echo(c, q, 1, tp);
4015                         if (tp->t_msglen != 0)
4016                                 ldterm_reprint(q, EBSIZE, tp);
4017                         if (tp->t_echomp != NULL) {
4018                                 putnext(q, tp->t_echomp);
4019                                 tp->t_echomp = NULL;
4020                         }
4021                 }
4022                 tp->t_modes.c_lflag |= FLUSHO;
4023         }
4024 }
4025 
4026 
4027 /*
4028  * Signal generated by the reader: M_PCSIG and M_FLUSH messages sent.
4029  */
4030 static void
4031 ldterm_dosig(queue_t *q, int sig, uchar_t c, int mtype, int mode)
4032 {
4033         ldtermstd_state_t *tp = (ldtermstd_state_t *)q->q_ptr;
4034         int sndsig = 0;
4035 
4036         /*
4037          * c == \0 is brk case; need to flush on BRKINT even if
4038          * noflsh is set.
4039          */
4040         if ((!(tp->t_modes.c_lflag & NOFLSH)) || (c == '\0')) {
4041                 if (mode) {
4042                         if (tp->t_state & TS_TTSTOP) {
4043                                 sndsig = 1;
4044                                 (void) putnextctl1(q, mtype, sig);
4045                         }
4046                         /*
4047                          * Flush read or write side.
4048                          * Restart the input or output.
4049                          */
4050                         if (mode & FLUSHR) {
4051                                 flushq(q, FLUSHDATA);
4052                                 (void) putnextctl1(WR(q), M_FLUSH, mode);
4053                                 if (tp->t_state & (TS_TBLOCK|TS_IFBLOCK)) {
4054                                         (void) putnextctl(WR(q), M_STARTI);
4055                                         tp->t_state &= ~(TS_TBLOCK|TS_IFBLOCK);
4056                                 }
4057                         }
4058                         if (mode & FLUSHW) {
4059                                 flushq(WR(q), FLUSHDATA);
4060                                 /*
4061                                  * XXX This is extremely gross.
4062                                  * Since we can't be sure our M_FLUSH
4063                                  * will have run its course by the
4064                                  * time we do the echo below, we set
4065                                  * state and toss it in the write put
4066                                  * routine to prevent flushing our
4067                                  * own data.  Note that downstream
4068                                  * modules on the write side will be
4069                                  * flushed by the M_FLUSH sent above.
4070                                  */
4071                                 tp->t_state |= TS_FLUSHWAIT;
4072                                 (void) putnextctl1(q, M_FLUSH, FLUSHW);
4073                                 if (tp->t_state & TS_TTSTOP) {
4074                                         (void) putnextctl(WR(q), M_START);
4075                                         tp->t_state &= ~(TS_TTSTOP|TS_OFBLOCK);
4076                                 }
4077                         }
4078                 }
4079         }
4080         tp->t_state &= ~TS_QUOT;
4081         if (sndsig == 0)
4082                 (void) putnextctl1(q, mtype, sig);
4083 
4084         if (c != '\0') {
4085                 if ((tp->t_echomp = allocb(4, BPRI_HI)) != NULL) {
4086                         if (ldterm_echo(c, WR(q), 4, tp) > 0)
4087                                 putnext(WR(q), tp->t_echomp);
4088                         else
4089                                 freemsg(tp->t_echomp);
4090                         tp->t_echomp = NULL;
4091                 }
4092         }
4093 }
4094 
4095 
4096 /*
4097  * Called when an M_IOCTL message is seen on the write queue; does
4098  * whatever we're supposed to do with it, and either replies
4099  * immediately or passes it to the next module down.
4100  */
4101 static void
4102 ldterm_do_ioctl(queue_t *q, mblk_t *mp)
4103 {
4104         ldtermstd_state_t *tp;
4105         struct iocblk *iocp;
4106         struct eucioc *euciocp; /* needed for EUC ioctls */
4107         ldterm_cs_data_user_t *csdp;
4108         int i;
4109         int locale_name_sz;
4110         uchar_t maxbytelen;
4111         uchar_t maxscreenlen;
4112         int error;
4113 
4114         iocp = (struct iocblk *)mp->b_rptr;
4115         tp = (ldtermstd_state_t *)q->q_ptr;
4116 
4117         switch (iocp->ioc_cmd) {
4118 
4119         case TCSETS:
4120         case TCSETSW:
4121         case TCSETSF:
4122                 {
4123                         /*
4124                          * Set current parameters and special
4125                          * characters.
4126                          */
4127                         struct termios *cb;
4128                         struct termios oldmodes;
4129 
4130                         error = miocpullup(mp, sizeof (struct termios));
4131                         if (error != 0) {
4132                                 miocnak(q, mp, 0, error);
4133                                 return;
4134                         }
4135 
4136                         cb = (struct termios *)mp->b_cont->b_rptr;
4137 
4138                         oldmodes = tp->t_amodes;
4139                         tp->t_amodes = *cb;
4140                         if ((tp->t_amodes.c_lflag & PENDIN) &&
4141                             (tp->t_modes.c_lflag & IEXTEN)) {
4142                                 /*
4143                                  * Yuk.  The C shell file completion
4144                                  * code actually uses this "feature",
4145                                  * so we have to support it.
4146                                  */
4147                                 if (tp->t_message != NULL) {
4148                                         tp->t_state |= TS_RESCAN;
4149                                         qenable(RD(q));
4150                                 }
4151                                 tp->t_amodes.c_lflag &= ~PENDIN;
4152                         }
4153                         bcopy(tp->t_amodes.c_cc, tp->t_modes.c_cc, NCCS);
4154 
4155                         /*
4156                          * ldterm_adjust_modes does not deal with
4157                          * cflags
4158                          */
4159                         tp->t_modes.c_cflag = tp->t_amodes.c_cflag;
4160 
4161                         ldterm_adjust_modes(tp);
4162                         if (chgstropts(&oldmodes, tp, RD(q)) == (-1)) {
4163                                 miocnak(q, mp, 0, EAGAIN);
4164                                 return;
4165                         }
4166                         /*
4167                          * The driver may want to know about the
4168                          * following iflags: IGNBRK, BRKINT, IGNPAR,
4169                          * PARMRK, INPCK, IXON, IXANY.
4170                          */
4171                         break;
4172                 }
4173 
4174         case TCSETA:
4175         case TCSETAW:
4176         case TCSETAF:
4177                 {
4178                         /*
4179                          * Old-style "ioctl" to set current
4180                          * parameters and special characters. Don't
4181                          * clear out the unset portions, leave them
4182                          * as they are.
4183                          */
4184                         struct termio *cb;
4185                         struct termios oldmodes;
4186 
4187                         error = miocpullup(mp, sizeof (struct termio));
4188                         if (error != 0) {
4189                                 miocnak(q, mp, 0, error);
4190                                 return;
4191                         }
4192 
4193                         cb = (struct termio *)mp->b_cont->b_rptr;
4194 
4195                         oldmodes = tp->t_amodes;
4196                         tp->t_amodes.c_iflag =
4197                             (tp->t_amodes.c_iflag & 0xffff0000 | cb->c_iflag);
4198                         tp->t_amodes.c_oflag =
4199                             (tp->t_amodes.c_oflag & 0xffff0000 | cb->c_oflag);
4200                         tp->t_amodes.c_cflag =
4201                             (tp->t_amodes.c_cflag & 0xffff0000 | cb->c_cflag);
4202                         tp->t_amodes.c_lflag =
4203                             (tp->t_amodes.c_lflag & 0xffff0000 | cb->c_lflag);
4204 
4205                         bcopy(cb->c_cc, tp->t_modes.c_cc, NCC);
4206                         /* TCGETS returns amodes, so update that too */
4207                         bcopy(cb->c_cc, tp->t_amodes.c_cc, NCC);
4208 
4209                         /* ldterm_adjust_modes does not deal with cflags */
4210 
4211                         tp->t_modes.c_cflag = tp->t_amodes.c_cflag;
4212 
4213                         ldterm_adjust_modes(tp);
4214                         if (chgstropts(&oldmodes, tp, RD(q)) == (-1)) {
4215                                 miocnak(q, mp, 0, EAGAIN);
4216                                 return;
4217                         }
4218                         /*
4219                          * The driver may want to know about the
4220                          * following iflags: IGNBRK, BRKINT, IGNPAR,
4221                          * PARMRK, INPCK, IXON, IXANY.
4222                          */
4223                         break;
4224                 }
4225 
4226         case TCFLSH:
4227                 /*
4228                  * Do the flush on the write queue immediately, and
4229                  * queue up any flush on the read queue for the
4230                  * service procedure to see.  Then turn it into the
4231                  * appropriate M_FLUSH message, so that the module
4232                  * below us doesn't have to know about TCFLSH.
4233                  */
4234                 error = miocpullup(mp, sizeof (int));
4235                 if (error != 0) {
4236                         miocnak(q, mp, 0, error);
4237                         return;
4238                 }
4239 
4240                 ASSERT(mp->b_datap != NULL);
4241                 if (*(int *)mp->b_cont->b_rptr == 0) {
4242                         ASSERT(mp->b_datap != NULL);
4243                         (void) putnextctl1(q, M_FLUSH, FLUSHR);
4244                         (void) putctl1(RD(q), M_FLUSH, FLUSHR);
4245                 } else if (*(int *)mp->b_cont->b_rptr == 1) {
4246                         flushq(q, FLUSHDATA);
4247                         ASSERT(mp->b_datap != NULL);
4248                         tp->t_state |= TS_FLUSHWAIT;
4249                         (void) putnextctl1(RD(q), M_FLUSH, FLUSHW);
4250                         (void) putnextctl1(q, M_FLUSH, FLUSHW);
4251                 } else if (*(int *)mp->b_cont->b_rptr == 2) {
4252                         flushq(q, FLUSHDATA);
4253                         ASSERT(mp->b_datap != NULL);
4254                         (void) putnextctl1(q, M_FLUSH, FLUSHRW);
4255                         tp->t_state |= TS_FLUSHWAIT;
4256                         (void) putnextctl1(RD(q), M_FLUSH, FLUSHRW);
4257                 } else {
4258                         miocnak(q, mp, 0, EINVAL);
4259                         return;
4260                 }
4261                 ASSERT(mp->b_datap != NULL);
4262                 iocp->ioc_rval = 0;
4263                 miocack(q, mp, 0, 0);
4264                 return;
4265 
4266         case TCXONC:
4267                 error = miocpullup(mp, sizeof (int));
4268                 if (error != 0) {
4269                         miocnak(q, mp, 0, error);
4270                         return;
4271                 }
4272 
4273                 switch (*(int *)mp->b_cont->b_rptr) {
4274                 case 0:
4275                         if (!(tp->t_state & TS_TTSTOP)) {
4276                                 (void) putnextctl(q, M_STOP);
4277                                 tp->t_state |= (TS_TTSTOP|TS_OFBLOCK);
4278                         }
4279                         break;
4280 
4281                 case 1:
4282                         if (tp->t_state & TS_TTSTOP) {
4283                                 (void) putnextctl(q, M_START);
4284                                 tp->t_state &= ~(TS_TTSTOP|TS_OFBLOCK);
4285                         }
4286                         break;
4287 
4288                 case 2:
4289                         (void) putnextctl(q, M_STOPI);
4290                         tp->t_state |= (TS_TBLOCK|TS_IFBLOCK);
4291                         break;
4292 
4293                 case 3:
4294                         (void) putnextctl(q, M_STARTI);
4295                         tp->t_state &= ~(TS_TBLOCK|TS_IFBLOCK);
4296                         break;
4297 
4298                 default:
4299                         miocnak(q, mp, 0, EINVAL);
4300                         return;
4301                 }
4302                 ASSERT(mp->b_datap != NULL);
4303                 iocp->ioc_rval = 0;
4304                 miocack(q, mp, 0, 0);
4305                 return;
4306                 /*
4307                  * TCSBRK is expected to be handled by the driver.
4308                  * The reason its left for the driver is that when
4309                  * the argument to TCSBRK is zero driver has to drain
4310                  * the data and sending a M_IOCACK from LDTERM before
4311                  * the driver drains the data is going to cause
4312                  * problems.
4313                  */
4314 
4315                 /*
4316                  * The following are EUC related ioctls.  For
4317                  * EUC_WSET, we have to pass the information on, even
4318                  * though we ACK the call.  It's vital in the EUC
4319                  * environment that everybody downstream knows about
4320                  * the EUC codeset widths currently in use; we
4321                  * therefore pass down the information in an M_CTL
4322                  * message.  It will bottom out in the driver.
4323                  */
4324         case EUC_WSET:
4325                 {
4326 
4327                         /* only needed for EUC_WSET */
4328                         struct iocblk *riocp;
4329 
4330                         mblk_t *dmp, *dmp_cont;
4331 
4332                         /*
4333                          * If the user didn't supply any information,
4334                          * NAK it.
4335                          */
4336                         error = miocpullup(mp, sizeof (struct eucioc));
4337                         if (error != 0) {
4338                                 miocnak(q, mp, 0, error);
4339                                 return;
4340                         }
4341 
4342                         euciocp = (struct eucioc *)mp->b_cont->b_rptr;
4343                         /*
4344                          * Check here for something reasonable.  If
4345                          * anything will take more than EUC_MAXW
4346                          * columns or more than EUC_MAXW bytes
4347                          * following SS2 or SS3, then just reject it
4348                          * out of hand. It's not impossible for us to
4349                          * do it, it just isn't reasonable.  So far,
4350                          * in the world, we've seen the absolute max
4351                          * columns to be 2 and the max number of
4352                          * bytes to be 3.  This allows room for some
4353                          * expansion of that, but it probably won't
4354                          * even be necessary. At the moment, we
4355                          * return a "range" error.  If you really
4356                          * need to, you can push EUC_MAXW up to over
4357                          * 200; it doesn't make sense, though, with
4358                          * only a CANBSIZ sized input limit (usually
4359                          * 256)!
4360                          */
4361                         for (i = 0; i < 4; i++) {
4362                                 if ((euciocp->eucw[i] > EUC_MAXW) ||
4363                                     (euciocp->scrw[i] > EUC_MAXW)) {
4364                                         miocnak(q, mp, 0, ERANGE);
4365                                         return;
4366                                 }
4367                         }
4368                         /*
4369                          * Otherwise, save the information in tp,
4370                          * force codeset 0 (ASCII) to be one byte,
4371                          * one column.
4372                          */
4373                         cp_eucwioc(euciocp, &tp->eucwioc, EUCIN);
4374                         tp->eucwioc.eucw[0] = tp->eucwioc.scrw[0] = 1;
4375                         /*
4376                          * Now, check out whether we're doing
4377                          * multibyte processing. if we are, we need
4378                          * to allocate a block to hold the parallel
4379                          * array. By convention, we've been passed
4380                          * what amounts to a CSWIDTH definition.  We
4381                          * actually NEED the number of bytes for
4382                          * Codesets 2 & 3.
4383                          */
4384                         tp->t_maxeuc = 0;    /* reset to say we're NOT */
4385 
4386                         tp->t_state &= ~TS_MEUC;
4387                         /*
4388                          * We'll set TS_MEUC if we're doing
4389                          * multi-column OR multi- byte OR both.  It
4390                          * makes things easier...  NOTE:  If we fail
4391                          * to get the buffer we need to hold display
4392                          * widths, then DON'T let the TS_MEUC bit get
4393                          * set!
4394                          */
4395                         for (i = 0; i < 4; i++) {
4396                                 if (tp->eucwioc.eucw[i] > tp->t_maxeuc)
4397                                         tp->t_maxeuc = tp->eucwioc.eucw[i];
4398                                 if (tp->eucwioc.scrw[i] > 1)
4399                                         tp->t_state |= TS_MEUC;
4400                         }
4401                         if ((tp->t_maxeuc > 1) || (tp->t_state & TS_MEUC)) {
4402                                 if (!tp->t_eucp_mp) {
4403                                         if ((tp->t_eucp_mp = allocb(_TTY_BUFSIZ,
4404                                             BPRI_HI)) == NULL) {
4405                                                 tp->t_maxeuc = 1;
4406                                                 tp->t_state &= ~TS_MEUC;
4407                                                 cmn_err(CE_WARN,
4408                                                     "Can't allocate eucp_mp");
4409                                                 miocnak(q, mp, 0, ENOSR);
4410                                                 return;
4411                                         }
4412                                         /*
4413                                          * here, if there's junk in
4414                                          * the canonical buffer, then
4415                                          * move the eucp pointer past
4416                                          * it, so we don't run off
4417                                          * the beginning.  This is a
4418                                          * total botch, but will
4419                                          * hopefully keep stuff from
4420                                          * getting too messed up
4421                                          * until the user flushes
4422                                          * this line!
4423                                          */
4424                                         if (tp->t_msglen) {
4425                                                 tp->t_eucp =
4426                                                     tp->t_eucp_mp->b_rptr;
4427                                                 for (i = tp->t_msglen; i; i--)
4428                                                         *tp->t_eucp++ = 1;
4429                                         } else {
4430                                                 tp->t_eucp =
4431                                                     tp->t_eucp_mp->b_rptr;
4432                                         }
4433                                 }
4434                                 /* doing multi-byte handling */
4435                                 tp->t_state |= TS_MEUC;
4436 
4437                         } else if (tp->t_eucp_mp) {
4438                                 freemsg(tp->t_eucp_mp);
4439                                 tp->t_eucp_mp = NULL;
4440                                 tp->t_eucp = NULL;
4441                         }
4442 
4443                         /*
4444                          * Save the EUC width data we have at
4445                          * the t_csdata, set t_csdata.codeset_type to
4446                          * EUC one, and, switch the codeset methods at
4447                          * t_csmethods.
4448                          */
4449                         bzero(&tp->t_csdata.eucpc_data,
4450                             (sizeof (ldterm_eucpc_data_t) *
4451                             LDTERM_CS_MAX_CODESETS));
4452                         tp->t_csdata.eucpc_data[0].byte_length =
4453                             tp->eucwioc.eucw[1];
4454                         tp->t_csdata.eucpc_data[0].screen_width =
4455                             tp->eucwioc.scrw[1];
4456                         tp->t_csdata.eucpc_data[1].byte_length =
4457                             tp->eucwioc.eucw[2];
4458                         tp->t_csdata.eucpc_data[1].screen_width =
4459                             tp->eucwioc.scrw[2];
4460                         tp->t_csdata.eucpc_data[2].byte_length =
4461                             tp->eucwioc.eucw[3];
4462                         tp->t_csdata.eucpc_data[2].screen_width =
4463                             tp->eucwioc.scrw[3];
4464                         tp->t_csdata.version = LDTERM_DATA_VERSION;
4465                         tp->t_csdata.codeset_type = LDTERM_CS_TYPE_EUC;
4466                         /*
4467                          * We are not using the 'csinfo_num' anyway if the
4468                          * current codeset type is EUC. So, set it to
4469                          * the maximum possible.
4470                          */
4471                         tp->t_csdata.csinfo_num =
4472                             LDTERM_CS_TYPE_EUC_MAX_SUBCS;
4473                         if (tp->t_csdata.locale_name != (char *)NULL) {
4474                                 kmem_free(tp->t_csdata.locale_name,
4475                                     strlen(tp->t_csdata.locale_name) + 1);
4476                                 tp->t_csdata.locale_name = (char *)NULL;
4477                         }
4478                         tp->t_csmethods = cs_methods[LDTERM_CS_TYPE_EUC];
4479 
4480                         /*
4481                          * If we are able to allocate two blocks (the
4482                          * iocblk and the associated data), then pass
4483                          * it downstream, otherwise we'll need to NAK
4484                          * it, and drop whatever we WERE able to
4485                          * allocate.
4486                          */
4487                         if ((dmp = mkiocb(EUC_WSET)) == NULL) {
4488                                 miocnak(q, mp, 0, ENOSR);
4489                                 return;
4490                         }
4491                         if ((dmp_cont = allocb(EUCSIZE, BPRI_HI)) == NULL) {
4492                                 freemsg(dmp);
4493                                 miocnak(q, mp, 0, ENOSR);
4494                                 return;
4495                         }
4496 
4497                         /*
4498                          * We got both buffers.  Copy out the EUC
4499                          * information (as we received it, not what
4500                          * we're using!) & pass it on.
4501                          */
4502                         bcopy(mp->b_cont->b_rptr, dmp_cont->b_rptr, EUCSIZE);
4503                         dmp_cont->b_wptr += EUCSIZE;
4504                         dmp->b_cont = dmp_cont;
4505                         dmp->b_datap->db_type = M_CTL;
4506                         dmp_cont->b_datap->db_type = M_DATA;
4507                         riocp = (struct iocblk *)dmp->b_rptr;
4508                         riocp->ioc_count = EUCSIZE;
4509                         putnext(q, dmp);
4510 
4511                         /*
4512                          * Now ACK the ioctl.
4513                          */
4514                         iocp->ioc_rval = 0;
4515                         miocack(q, mp, 0, 0);
4516                         return;
4517                 }
4518 
4519         case EUC_WGET:
4520                 error = miocpullup(mp, sizeof (struct eucioc));
4521                 if (error != 0) {
4522                         miocnak(q, mp, 0, error);
4523                         return;
4524                 }
4525                 euciocp = (struct eucioc *)mp->b_cont->b_rptr;
4526                 cp_eucwioc(&tp->eucwioc, euciocp, EUCOUT);
4527                 iocp->ioc_rval = 0;
4528                 miocack(q, mp, EUCSIZE, 0);
4529                 return;
4530 
4531         case CSDATA_SET:
4532                 error = miocpullup(mp, sizeof (ldterm_cs_data_user_t));
4533                 if (error != 0) {
4534                         miocnak(q, mp, 0, error);
4535                         return;
4536                 }
4537 
4538                 csdp = (ldterm_cs_data_user_t *)mp->b_cont->b_rptr;
4539 
4540                 /* Validate the codeset data provided. */
4541                 if (csdp->version > LDTERM_DATA_VERSION ||
4542                     csdp->codeset_type < LDTERM_CS_TYPE_MIN ||
4543                     csdp->codeset_type > LDTERM_CS_TYPE_MAX) {
4544                         miocnak(q, mp, 0, ERANGE);
4545                         return;
4546                 }
4547 
4548                 if ((csdp->codeset_type == LDTERM_CS_TYPE_EUC &&
4549                     csdp->csinfo_num > LDTERM_CS_TYPE_EUC_MAX_SUBCS) ||
4550                     (csdp->codeset_type == LDTERM_CS_TYPE_PCCS &&
4551                     (csdp->csinfo_num < LDTERM_CS_TYPE_PCCS_MIN_SUBCS ||
4552                     csdp->csinfo_num > LDTERM_CS_TYPE_PCCS_MAX_SUBCS))) {
4553                         miocnak(q, mp, 0, ERANGE);
4554                         return;
4555                 }
4556 
4557                 maxbytelen = maxscreenlen = 0;
4558                 if (csdp->codeset_type == LDTERM_CS_TYPE_EUC) {
4559                         for (i = 0; i < LDTERM_CS_TYPE_EUC_MAX_SUBCS; i++) {
4560                                 if (csdp->eucpc_data[i].byte_length >
4561                                     EUC_MAXW ||
4562                                     csdp->eucpc_data[i].screen_width >
4563                                     EUC_MAXW) {
4564                                         miocnak(q, mp, 0, ERANGE);
4565                                         return;
4566                                 }
4567 
4568                                 if (csdp->eucpc_data[i].byte_length >
4569                                     maxbytelen)
4570                                         maxbytelen =
4571                                             csdp->eucpc_data[i].byte_length;
4572                                 if (csdp->eucpc_data[i].screen_width >
4573                                     maxscreenlen)
4574                                         maxscreenlen =
4575                                             csdp->eucpc_data[i].screen_width;
4576                         }
4577                         /* POSIX/C locale? */
4578                         if (maxbytelen == 0 && maxscreenlen == 0)
4579                                 maxbytelen = maxscreenlen = 1;
4580                 } else if (csdp->codeset_type == LDTERM_CS_TYPE_PCCS) {
4581                         for (i = 0; i < LDTERM_CS_MAX_CODESETS; i++) {
4582                                 if (csdp->eucpc_data[i].byte_length >
4583                                     LDTERM_CS_MAX_BYTE_LENGTH) {
4584                                         miocnak(q, mp, 0, ERANGE);
4585                                         return;
4586                                 }
4587                                 if (csdp->eucpc_data[i].byte_length >
4588                                     maxbytelen)
4589                                         maxbytelen =
4590                                             csdp->eucpc_data[i].byte_length;
4591                                 if (csdp->eucpc_data[i].screen_width >
4592                                     maxscreenlen)
4593                                         maxscreenlen =
4594                                             csdp->eucpc_data[i].screen_width;
4595                         }
4596                 } else if (csdp->codeset_type == LDTERM_CS_TYPE_UTF8) {
4597                         maxbytelen = 4;
4598                         maxscreenlen = 2;
4599                 }
4600 
4601                 locale_name_sz = 0;
4602 
4603                 for (i = 0; i < MAXNAMELEN; i++)
4604                         if (csdp->locale_name[i] == '\0')
4605                                 break;
4606                 /*
4607                  * We cannot have any string that is not NULL byte
4608                  * terminated.
4609                  */
4610                 if (i >= MAXNAMELEN) {
4611                         miocnak(q, mp, 0, ERANGE);
4612                         return;
4613                 }
4614 
4615                 locale_name_sz = i + 1;

4616 
4617                 /*
4618                  * As the final check, if there was invalid codeset_type
4619                  * given, or invalid byte_length was specified, it's an error.
4620                  */
4621                 if (maxbytelen <= 0 || maxscreenlen <= 0) {
4622                         miocnak(q, mp, 0, ERANGE);
4623                         return;
4624                 }
4625 
4626                 /* Do the switching. */
4627                 tp->t_maxeuc = maxbytelen;
4628                 tp->t_state &= ~TS_MEUC;
4629                 if (maxbytelen > 1 || maxscreenlen > 1) {
4630                         if (!tp->t_eucp_mp) {
4631                                 if (!(tp->t_eucp_mp = allocb(_TTY_BUFSIZ,
4632                                     BPRI_HI))) {
4633                                         cmn_err(CE_WARN,
4634                                             "Can't allocate eucp_mp");
4635                                         miocnak(q, mp, 0, ENOSR);
4636                                         return;
4637                                 }
4638                                 /*
4639                                  * If there's junk in the canonical buffer,
4640                                  * then move the eucp pointer past it,
4641                                  * so we don't run off the beginning. This is
4642                                  * a total botch, but will hopefully keep
4643                                  * stuff from getting too messed up until
4644                                  * the user flushes this line!
4645                                  */
4646                                 if (tp->t_msglen) {
4647                                         tp->t_eucp = tp->t_eucp_mp->b_rptr;
4648                                         for (i = tp->t_msglen; i; i--)
4649                                                 *tp->t_eucp++ = 1;
4650                                 } else {
4651                                         tp->t_eucp = tp->t_eucp_mp->b_rptr;
4652                                 }
4653                         }
4654 
4655                         /*
4656                          * We only set TS_MEUC for a multibyte/multi-column
4657                          * codeset.
4658                          */
4659                         tp->t_state |= TS_MEUC;
4660 
4661                         tp->t_csdata.version = csdp->version;
4662                         tp->t_csdata.codeset_type = csdp->codeset_type;
4663                         tp->t_csdata.csinfo_num = csdp->csinfo_num;
4664                         bcopy(csdp->eucpc_data, tp->t_csdata.eucpc_data,
4665                             sizeof (ldterm_eucpc_data_t) *
4666                             LDTERM_CS_MAX_CODESETS);
4667                         tp->t_csmethods = cs_methods[csdp->codeset_type];
4668 
4669                         if (csdp->codeset_type == LDTERM_CS_TYPE_EUC) {
4670                                 tp->eucwioc.eucw[0] = 1;
4671                                 tp->eucwioc.scrw[0] = 1;
4672 
4673                                 tp->eucwioc.eucw[1] =
4674                                     csdp->eucpc_data[0].byte_length;
4675                                 tp->eucwioc.scrw[1] =
4676                                     csdp->eucpc_data[0].screen_width;
4677 
4678                                 tp->eucwioc.eucw[2] =
4679                                     csdp->eucpc_data[1].byte_length + 1;
4680                                 tp->eucwioc.scrw[2] =
4681                                     csdp->eucpc_data[1].screen_width;
4682 
4683                                 tp->eucwioc.eucw[3] =
4684                                     csdp->eucpc_data[2].byte_length + 1;
4685                                 tp->eucwioc.scrw[3] =
4686                                     csdp->eucpc_data[2].screen_width;
4687                         } else {
4688                                 /*
4689                                  * We are not going to use this data
4690                                  * structure. So, clear it. Also, stty(1) will
4691                                  * make use of the cleared tp->eucwioc when
4692                                  * it prints out codeset width setting.
4693                                  */
4694                                 bzero(&tp->eucwioc, EUCSIZE);
4695                         }
4696                 } else {
4697                         /*
4698                          * If this codeset is a single byte codeset that
4699                          * requires only single display column for all
4700                          * characters, we switch to default EUC codeset
4701                          * methods and data setting.
4702                          */
4703 
4704                         if (tp->t_eucp_mp) {
4705                                 freemsg(tp->t_eucp_mp);
4706                                 tp->t_eucp_mp = NULL;
4707                                 tp->t_eucp = NULL;
4708                         }
4709 
4710                         bzero(&tp->eucwioc, EUCSIZE);
4711                         tp->eucwioc.eucw[0] = 1;
4712                         tp->eucwioc.scrw[0] = 1;
4713                         if (tp->t_csdata.locale_name != (char *)NULL) {
4714                                 kmem_free(tp->t_csdata.locale_name,
4715                                     strlen(tp->t_csdata.locale_name) + 1);
4716                         }
4717                         tp->t_csdata = default_cs_data;
4718                         tp->t_csmethods = cs_methods[LDTERM_CS_TYPE_EUC];
4719                 }
4720 
4721                 /* Copy over locale_name. */
4722                 if (tp->t_csdata.locale_name != (char *)NULL) {
4723                         kmem_free(tp->t_csdata.locale_name,
4724                             strlen(tp->t_csdata.locale_name) + 1);
4725                 }
4726                 if (locale_name_sz > 1) {
4727                         tp->t_csdata.locale_name = (char *)kmem_alloc(
4728                             locale_name_sz, KM_SLEEP);
4729                         (void) strcpy(tp->t_csdata.locale_name,
4730                             csdp->locale_name);
4731                 } else {
4732                         tp->t_csdata.locale_name = (char *)NULL;
4733                 }
4734 
4735                 /*
4736                  * Now ACK the ioctl.
4737                  */
4738                 iocp->ioc_rval = 0;
4739                 miocack(q, mp, 0, 0);
4740                 return;
4741 
4742         case CSDATA_GET:
4743                 error = miocpullup(mp, sizeof (ldterm_cs_data_user_t));
4744                 if (error != 0) {
4745                         miocnak(q, mp, 0, error);
4746                         return;
4747                 }
4748 
4749                 csdp = (ldterm_cs_data_user_t *)mp->b_cont->b_rptr;
4750 
4751                 csdp->version = tp->t_csdata.version;
4752                 csdp->codeset_type = tp->t_csdata.codeset_type;
4753                 csdp->csinfo_num = tp->t_csdata.csinfo_num;
4754                 csdp->pad = tp->t_csdata.pad;
4755                 if (tp->t_csdata.locale_name) {
4756                         (void) strcpy(csdp->locale_name,
4757                             tp->t_csdata.locale_name);
4758                 } else {
4759                         csdp->locale_name[0] = '\0';
4760                 }
4761                 bcopy(tp->t_csdata.eucpc_data, csdp->eucpc_data,
4762                     sizeof (ldterm_eucpc_data_t) * LDTERM_CS_MAX_CODESETS);
4763                 /*
4764                  * If the codeset is an EUC codeset and if it has 2nd and/or
4765                  * 3rd supplementary codesets, we subtract one from each
4766                  * byte length of the supplementary codesets. This is
4767                  * because single shift characters, SS2 and SS3, are not
4768                  * included in the byte lengths in the user space.
4769                  */
4770                 if (csdp->codeset_type == LDTERM_CS_TYPE_EUC) {
4771                         if (csdp->eucpc_data[1].byte_length)
4772                                 csdp->eucpc_data[1].byte_length -= 1;
4773                         if (csdp->eucpc_data[2].byte_length)
4774                                 csdp->eucpc_data[2].byte_length -= 1;
4775                 }
4776                 iocp->ioc_rval = 0;
4777                 miocack(q, mp, sizeof (ldterm_cs_data_user_t), 0);
4778                 return;
4779 
4780         case PTSSTTY:
4781                 tp->t_state |= TS_ISPTSTTY;
4782                 break;
4783 
4784         }
4785 
4786         putnext(q, mp);
4787 }
4788 
4789 
4790 /*
4791  * Send an M_SETOPTS message upstream if any mode changes are being
4792  * made that affect the stream head options. returns -1 if allocb
4793  * fails, else returns 0.
4794  */
4795 static int
4796 chgstropts(struct termios *oldmodep, ldtermstd_state_t *tp, queue_t *q)
4797 {
4798         struct stroptions optbuf;
4799         mblk_t *bp;
4800 
4801         optbuf.so_flags = 0;
4802         if ((oldmodep->c_lflag ^ tp->t_modes.c_lflag) & ICANON) {
4803                 /*
4804                  * Canonical mode is changing state; switch the
4805                  * stream head to message-nondiscard or byte-stream
4806                  * mode.  Also, rerun the service procedure so it can
4807                  * change its mind about whether to send data
4808                  * upstream or not.
4809                  */
4810                 if (tp->t_modes.c_lflag & ICANON) {
4811                         DEBUG4(("CHANGING TO CANON MODE\n"));
4812                         optbuf.so_flags = SO_READOPT|SO_MREADOFF;
4813                         optbuf.so_readopt = RMSGN;
4814 
4815                         /*
4816                          * if there is a pending raw mode timeout,
4817                          * clear it
4818                          */
4819 
4820                         /*
4821                          * Clear VMIN/VTIME state, cancel timers
4822                          */
4823                         vmin_satisfied(q, tp, 0);
4824                 } else {
4825                         DEBUG4(("CHANGING TO RAW MODE\n"));
4826                         optbuf.so_flags = SO_READOPT|SO_MREADON;
4827                         optbuf.so_readopt = RNORM;
4828                 }
4829         }
4830         if ((oldmodep->c_lflag ^ tp->t_modes.c_lflag) & TOSTOP) {
4831                 /*
4832                  * The "stop on background write" bit is changing.
4833                  */
4834                 if (tp->t_modes.c_lflag & TOSTOP)
4835                         optbuf.so_flags |= SO_TOSTOP;
4836                 else
4837                         optbuf.so_flags |= SO_TONSTOP;
4838         }
4839         if (optbuf.so_flags != 0) {
4840                 if ((bp = allocb(sizeof (struct stroptions), BPRI_HI)) ==
4841                     NULL) {
4842                         return (-1);
4843                 }
4844                 *(struct stroptions *)bp->b_wptr = optbuf;
4845                 bp->b_wptr += sizeof (struct stroptions);
4846                 bp->b_datap->db_type = M_SETOPTS;
4847                 DEBUG4(("M_SETOPTS to stream head\n"));
4848                 putnext(q, bp);
4849         }
4850         return (0);
4851 }
4852 
4853 
4854 /*
4855  * Called when an M_IOCACK message is seen on the read queue;
4856  * modifies the data being returned, if necessary, and passes the
4857  * reply up.
4858  */
4859 static void
4860 ldterm_ioctl_reply(queue_t *q, mblk_t *mp)
4861 {
4862         ldtermstd_state_t *tp;
4863         struct iocblk *iocp;
4864 
4865         iocp = (struct iocblk *)mp->b_rptr;
4866         tp = (ldtermstd_state_t *)q->q_ptr;
4867 
4868         switch (iocp->ioc_cmd) {
4869 
4870         case TCGETS:
4871                 {
4872                         /*
4873                          * Get current parameters and return them to
4874                          * stream head eventually.
4875                          */
4876                         struct termios *cb =
4877                             (struct termios *)mp->b_cont->b_rptr;
4878 
4879                         /*
4880                          * cflag has cflags sent upstream by the
4881                          * driver
4882                          */
4883                         tcflag_t cflag = cb->c_cflag;
4884 
4885                         *cb = tp->t_amodes;
4886                         if (cflag != 0)
4887                                 cb->c_cflag = cflag; /* set by driver */
4888                         break;
4889                 }
4890 
4891         case TCGETA:
4892                 {
4893                         /*
4894                          * Old-style "ioctl" to get current
4895                          * parameters and return them to stream head
4896                          * eventually.
4897                          */
4898                         struct termio *cb =
4899                             (struct termio *)mp->b_cont->b_rptr;
4900 
4901                         cb->c_iflag = tp->t_amodes.c_iflag; /* all except the */
4902                         cb->c_oflag = tp->t_amodes.c_oflag; /* cb->c_cflag */
4903                         cb->c_lflag = tp->t_amodes.c_lflag;
4904 
4905                         if (cb->c_cflag == 0)        /* not set by driver */
4906                                 cb->c_cflag = tp->t_amodes.c_cflag;
4907 
4908                         cb->c_line = 0;
4909                         bcopy(tp->t_amodes.c_cc, cb->c_cc, NCC);
4910                         break;
4911                 }
4912         }
4913         putnext(q, mp);
4914 }
4915 
4916 
4917 /*
4918  * A VMIN/VTIME request has been satisfied. Cancel outstanding timers
4919  * if they exist, clear TS_MREAD state, and send upstream. If a NULL
4920  * queue ptr is passed, just reset VMIN/VTIME state.
4921  */
4922 static void
4923 vmin_satisfied(queue_t *q, ldtermstd_state_t *tp, int sendup)
4924 {
4925         ASSERT(q);
4926         if (tp->t_vtid != 0)  {
4927                 DEBUG4(("vmin_satisfied: cancelled timer id %d\n", tp->t_vtid));
4928                 (void) quntimeout(q, tp->t_vtid);
4929                 tp->t_vtid = 0;
4930         }
4931         if (sendup) {
4932                 if (tp->t_msglen == 0 && V_MIN) {
4933                         /* EMPTY */
4934                         DEBUG4(("vmin_satisfied: data swiped, msglen = 0\n"));
4935                 } else {
4936                         if ((!q->q_first) ||
4937                             (q->q_first->b_datap->db_type != M_DATA) ||
4938                             (tp->t_msglen >= LDCHUNK)) {
4939                                 ldterm_msg_upstream(q, tp);
4940                                 DEBUG4(("vmin_satisfied: delivering data\n"));
4941                         }
4942                 }
4943         } else {
4944                 /* EMPTY */
4945                 DEBUG4(("vmin_satisfied: VMIN/TIME state reset\n"));
4946         }
4947         tp->t_state &= ~TS_MREAD;
4948 }
4949 
4950 static void
4951 vmin_settimer(queue_t *q)
4952 {
4953         ldtermstd_state_t *tp;
4954 
4955         tp = (ldtermstd_state_t *)q->q_ptr;
4956 
4957         /*
4958          * Don't start any time bombs.
4959          */
4960         if (tp->t_state & TS_CLOSE)
4961                 return;
4962 
4963         /*
4964          * tp->t_vtid should NOT be set here unless VMIN > 0 and
4965          * VTIME > 0.
4966          */
4967         if (tp->t_vtid) {
4968                 if (V_MIN && V_TIME) {
4969                         /* EMPTY */
4970                         DEBUG4(("vmin_settimer: timer restarted, old tid=%d\n",
4971                             tp->t_vtid));
4972                 } else {
4973                         /* EMPTY */
4974                         DEBUG4(("vmin_settimer: tid = %d was still active!\n",
4975                             tp->t_vtid));
4976                 }
4977                 (void) quntimeout(q, tp->t_vtid);
4978                 tp->t_vtid = 0;
4979         }
4980         tp->t_vtid = qtimeout(q, vmin_timed_out, q,
4981             (clock_t)(V_TIME * (hz / 10)));
4982         DEBUG4(("vmin_settimer: timer started, tid = %d\n", tp->t_vtid));
4983 }
4984 
4985 
4986 /*
4987  * BRRrrringgg!! VTIME was satisfied instead of VMIN
4988  */
4989 static void
4990 vmin_timed_out(void *arg)
4991 {
4992         queue_t *q = arg;
4993         ldtermstd_state_t *tp;
4994 
4995         tp = (ldtermstd_state_t *)q->q_ptr;
4996 
4997         DEBUG4(("vmin_timed_out: tid = %d\n", tp->t_vtid));
4998         /* don't call untimeout now that we are in the timeout */
4999         tp->t_vtid = 0;
5000         vmin_satisfied(q, tp, 1);
5001 }
5002 
5003 
5004 /*
5005  * Routine to adjust termios flags to be processed by the line
5006  * discipline. Driver below sends a termios structure, with the flags
5007  * the driver intends to process. XOR'ing the driver sent termios
5008  * structure with current termios structure with the default values
5009  * (or set by ioctls from userland), we come up with a new termios
5010  * structrue, the flags of which will be used by the line discipline
5011  * in processing input and output. On return from this routine, we
5012  * will have the following fields set in tp structure -->
5013  * tp->t_modes:      modes the line discipline will process tp->t_amodes:
5014  * modes the user process thinks the line discipline is processing
5015  */
5016 
5017 static void
5018 ldterm_adjust_modes(ldtermstd_state_t *tp)
5019 {
5020 
5021         DEBUG6(("original iflag = %o\n", tp->t_modes.c_iflag));
5022         tp->t_modes.c_iflag = tp->t_amodes.c_iflag & ~(tp->t_dmodes.c_iflag);
5023         tp->t_modes.c_oflag = tp->t_amodes.c_oflag & ~(tp->t_dmodes.c_oflag);
5024         tp->t_modes.c_lflag = tp->t_amodes.c_lflag & ~(tp->t_dmodes.c_lflag);
5025         DEBUG6(("driver iflag = %o\n", tp->t_dmodes.c_iflag));
5026         DEBUG6(("apparent iflag = %o\n", tp->t_amodes.c_iflag));
5027         DEBUG6(("effective iflag = %o\n", tp->t_modes.c_iflag));
5028 
5029         /* No negotiation of clfags  c_cc array special characters */
5030         /*
5031          * Copy from amodes to modes already done by TCSETA/TCSETS
5032          * code
5033          */
5034 }
5035 
5036 
5037 /*
5038  * Erase one multi-byte character.  If TS_MEUC is set AND this
5039  * is a multi-byte character, then this should be called instead of
5040  * ldterm_erase.  "ldterm_erase" will handle ASCII nicely, thank you.
5041  *
5042  * We'd better be pointing to the last byte.  If we aren't, it will get
5043  * screwed up.
5044  */
5045 static void
5046 ldterm_csi_erase(queue_t *q, size_t ebsize, ldtermstd_state_t *tp)
5047 {
5048         int i, ung;
5049         uchar_t *p, *bottom;
5050         uchar_t u8[LDTERM_CS_MAX_BYTE_LENGTH];
5051         int c;
5052         int j;
5053         int len;
5054 
5055         if (tp->t_eucleft) {
5056                 /* XXX Ick.  We're in the middle of an EUC! */
5057                 /* What to do now? */
5058                 ldterm_eucwarn(tp);
5059                 return;         /* ignore it??? */
5060         }
5061         bottom = tp->t_eucp_mp->b_rptr;
5062         p = tp->t_eucp - 1;  /* previous byte */
5063         if (p < bottom)
5064                 return;
5065         ung = 1;                /* number of bytes to un-get from buffer */
5066         /*
5067          * go through the buffer until we find the beginning of the
5068          * multi-byte char.
5069          */
5070         while ((*p == 0) && (p > bottom)) {
5071                 p--;
5072                 ++ung;
5073         }
5074 
5075         /*
5076          * Now, "ung" is the number of bytes to unget from the buffer
5077          * and "*p" is the disp width of it. Fool "ldterm_rubout"
5078          * into thinking we're rubbing out ASCII characters.  Do that
5079          * for the display width of the character.
5080          *
5081          * Also we accumulate bytes of the character so that if the character
5082          * is a UTF-8 character, we will get the display width of the UTF-8
5083          * character.
5084          */
5085         if (ung >= LDTERM_CS_MAX_BYTE_LENGTH) {
5086                 j = len = LDTERM_CS_MAX_BYTE_LENGTH;
5087         } else {
5088                 j = len = ung;
5089         }
5090         for (i = 0; i < ung; i++) {  /* remove from buf */
5091                 if ((c = ldterm_unget(tp)) != (-1)) {
5092                         ldterm_trim(tp);
5093                         if (j > 0)
5094                                 u8[--j] = (uchar_t)c;
5095                 }
5096         }
5097         if (*p == UNKNOWN_WIDTH) {
5098                 if (tp->t_csdata.codeset_type == LDTERM_CS_TYPE_UTF8) {
5099                         *p = ldterm_utf8_width(u8, len);
5100                 } else {
5101                         *p = 1;
5102                 }
5103         }
5104         for (i = 0; i < (int)*p; i++)        /* remove from screen */
5105                 ldterm_rubout(' ', q, ebsize, tp);
5106         /*
5107          * Adjust the parallel array pointer.  Zero out the contents
5108          * of parallel array for this position, just to make sure...
5109          */
5110         tp->t_eucp = p;
5111         *p = 0;
5112 }
5113 
5114 
5115 /*
5116  * This is kind of a safety valve.  Whenever we see a bad sequence
5117  * come up, we call eucwarn.  It just tallies the junk until a
5118  * threshold is reached.  Then it prints ONE message on the console
5119  * and not any more. Hopefully, we can catch garbage; maybe it will
5120  * be useful to somebody.
5121  */
5122 static void
5123 ldterm_eucwarn(ldtermstd_state_t *tp)
5124 {
5125         ++tp->t_eucwarn;
5126 #ifdef DEBUG
5127         if ((tp->t_eucwarn > EUC_WARNCNT) && !(tp->t_state & TS_WARNED)) {
5128                 cmn_err(CE_WARN,
5129                     "ldterm: tty at addr %p in multi-byte mode --",
5130                     (void *)tp);
5131                 cmn_err(CE_WARN,
5132                     "Over %d bad EUC characters this session", EUC_WARNCNT);
5133                 tp->t_state |= TS_WARNED;
5134         }
5135 #endif
5136 }
5137 
5138 
5139 /*
5140  * Copy an "eucioc_t" structure.  We use the structure with
5141  * incremented values for Codesets 2 & 3.  The specification in
5142  * eucioctl is that the sames values as the CSWIDTH definition at
5143  * user level are passed to us. When we copy it "in" to ourselves, we
5144  * do the increment.  That allows us to avoid treating each character
5145  * set separately for "t_eucleft" purposes. When we copy it "out" to
5146  * return it to the user, we decrement the values so the user gets
5147  * what it expects, and it matches CSWIDTH in the environment (if
5148  * things are consistent!).
5149  */
5150 static void
5151 cp_eucwioc(eucioc_t *from, eucioc_t *to, int dir)
5152 {
5153         bcopy(from, to, EUCSIZE);
5154         if (dir == EUCOUT) {    /* copying out to user */
5155                 if (to->eucw[2])
5156                         --to->eucw[2];
5157                 if (to->eucw[3])
5158                         --to->eucw[3];
5159         } else {                /* copying in */
5160                 if (to->eucw[2])
5161                         ++to->eucw[2];
5162                 if (to->eucw[3])
5163                         ++to->eucw[3];
5164         }
5165 }
5166 
5167 
5168 /*
5169  * Take the first byte of a multi-byte, or an ASCII char.  Return its
5170  * codeset. If it's NOT the first byte of an EUC, then the return
5171  * value may be garbage, as it's probably not SS2 or SS3, and
5172  * therefore must be in codeset 1.  Another bizarre catch here is the
5173  * fact that we don't do anything about the "C1" control codes.  In
5174  * real life, we should; but nobody's come up with a good way of
5175  * treating them.
5176  */
5177 
5178 static int
5179 ldterm_codeset(uchar_t codeset_type, uchar_t c)
5180 {
5181 
5182         if (ISASCII(c))
5183                 return (0);
5184 
5185         if (codeset_type != LDTERM_CS_TYPE_EUC)
5186                 return (1);
5187 
5188         switch (c) {
5189         case SS2:
5190                 return (2);
5191         case SS3:
5192                 return (3);
5193         default:
5194                 return (1);
5195         }
5196 }
5197 
5198 /* The following two functions are additional EUC codeset specific methods. */
5199 /*
5200  * ldterm_dispwidth - Take the first byte of an EUC (or ASCII) and
5201  * return the display width.  Since this is intended mostly for
5202  * multi-byte handling, it returns EUC_TWIDTH for tabs so they can be
5203  * differentiated from EUC characters (assumption: EUC require fewer
5204  * than 255 columns).  Also, if it's a backspace and !flag, it
5205  * returns EUC_BSWIDTH.  Newline & CR also depend on flag.  This
5206  * routine SHOULD be cleaner than this, but we have the situation
5207  * where we may or may not be counting control characters as having a
5208  * column width. Therefore, the computation of ASCII is pretty messy.
5209  * The caller will be storing the value, and then switching on it
5210  * when it's used.  We really should define the EUC_TWIDTH and other
5211  * constants in a header so that the routine could be used in other
5212  * modules in the kernel.
5213  */
5214 static int
5215 __ldterm_dispwidth_euc(uchar_t c, void *p, int mode)
5216 {
5217         ldtermstd_state_t *tp = (ldtermstd_state_t *)p;
5218 
5219         if (ISASCII(c)) {
5220                 if (c <= '\037') {
5221                         switch (c) {
5222                         case '\t':
5223                                 return (EUC_TWIDTH);
5224                         case '\b':
5225                                 return (mode ? 2 : EUC_BSWIDTH);
5226                         case '\n':
5227                                 return (EUC_NLWIDTH);
5228                         case '\r':
5229                                 return (mode ? 2 : EUC_CRWIDTH);
5230                         default:
5231                                 return (mode ? 2 : 0);
5232                         }
5233                 }
5234                 return (1);
5235         }
5236         switch (c) {
5237         case SS2:
5238                 return (tp->eucwioc.scrw[2]);
5239         case SS3:
5240                 return (tp->eucwioc.scrw[3]);
5241         default:
5242                 return (tp->eucwioc.scrw[1]);
5243         }
5244 }
5245 
5246 /*
5247  * ldterm_memwidth_euc - Take the first byte of an EUC (or an ASCII char)
5248  * and return its memory width.  The routine could have been
5249  * implemented to use only the codeset number, but that would require
5250  * the caller to have that value available.  Perhaps the user doesn't
5251  * want to make the extra call or keep the value of codeset around.
5252  * Therefore, we use the actual character with which they're
5253  * concerned.  This should never be called with anything but the
5254  * first byte of an EUC, otherwise it will return a garbage value.
5255  */
5256 static int
5257 __ldterm_memwidth_euc(uchar_t c, void *p)
5258 {
5259         ldtermstd_state_t *tp = (ldtermstd_state_t *)p;
5260 
5261         if (ISASCII(c))
5262                 return (1);
5263         switch (c) {
5264         case SS2:
5265                 return (tp->eucwioc.eucw[2]);
5266         case SS3:
5267                 return (tp->eucwioc.eucw[3]);
5268         default:
5269                 return (tp->eucwioc.eucw[1]);
5270         }
5271 }
5272 
5273 
5274 /* The following two functions are PCCS codeset specific methods. */
5275 static int
5276 __ldterm_dispwidth_pccs(uchar_t c, void *p, int mode)
5277 {
5278         ldtermstd_state_t *tp = (ldtermstd_state_t *)p;
5279         int i;
5280 
5281         if (ISASCII(c)) {
5282                 if (c <= '\037') {
5283                         switch (c) {
5284                         case '\t':
5285                                 return (EUC_TWIDTH);
5286                         case '\b':
5287                                 return (mode ? 2 : EUC_BSWIDTH);
5288                         case '\n':
5289                                 return (EUC_NLWIDTH);
5290                         case '\r':
5291                                 return (mode ? 2 : EUC_CRWIDTH);
5292                         default:
5293                                 return (mode ? 2 : 0);
5294                         }
5295                 }
5296                 return (1);
5297         }
5298 
5299         for (i = 0; i < tp->t_csdata.csinfo_num; i++) {
5300                 if (c >= tp->t_csdata.eucpc_data[i].msb_start &&
5301                     c <= tp->t_csdata.eucpc_data[i].msb_end)
5302                         return (tp->t_csdata.eucpc_data[i].screen_width);
5303         }
5304 
5305         /*
5306          * If this leading byte is not in the range list, either provided
5307          * locale data is not sufficient or we encountered an invalid
5308          * character. We return 1 in this case as a fallback value.
5309          */
5310         return (1);
5311 }
5312 
5313 static int
5314 __ldterm_memwidth_pccs(uchar_t c, void *p)
5315 {
5316         ldtermstd_state_t *tp = (ldtermstd_state_t *)p;
5317         int i;
5318 
5319         for (i = 0; i < tp->t_csdata.csinfo_num; i++) {
5320                 if (c >= tp->t_csdata.eucpc_data[i].msb_start &&
5321                     c <= tp->t_csdata.eucpc_data[i].msb_end)
5322                         return (tp->t_csdata.eucpc_data[i].byte_length);
5323         }
5324 
5325         /*
5326          * If this leading byte is not in the range list, either provided
5327          * locale data is not sufficient or we encountered an invalid
5328          * character. We return 1 in this case as a fallback value.
5329          */
5330         return (1);
5331 }
5332 
5333 
5334 /* The following two functions are UTF-8 codeset specific methods. */
5335 static int
5336 __ldterm_dispwidth_utf8(uchar_t c, void *p, int mode)
5337 {
5338         ldtermstd_state_t *tp = (ldtermstd_state_t *)p;
5339 
5340         if (ISASCII(c)) {
5341                 if (c <= '\037') {
5342                         switch (c) {
5343                         case '\t':
5344                                 return (EUC_TWIDTH);
5345                         case '\b':
5346                                 return (mode ? 2 : EUC_BSWIDTH);
5347                         case '\n':
5348                                 return (EUC_NLWIDTH);
5349                         case '\r':
5350                                 return (mode ? 2 : EUC_CRWIDTH);
5351                         default:
5352                                 return (mode ? 2 : 0);
5353                         }
5354                 }
5355                 return (1);
5356         }
5357 
5358         /* This is to silence the lint. */
5359         if (tp->t_csdata.codeset_type != LDTERM_CS_TYPE_UTF8)
5360                 return (1);
5361 
5362         /*
5363          * If it is a valid leading byte of a UTF-8 character, we set
5364          * the width as 'UNKNOWN_WIDTH' for now. We need to have all
5365          * the bytes to figure out the display width.
5366          */
5367         if (c >= (uchar_t)0xc0 && c <= (uchar_t)0xfd)
5368                 return (UNKNOWN_WIDTH);
5369 
5370         /*
5371          * If it is an invalid leading byte, we just do our best by
5372          * giving the display width of 1.
5373          */
5374         return (1);
5375 }
5376 
5377 
5378 static int
5379 __ldterm_memwidth_utf8(uchar_t c, void *p)
5380 {
5381         ldtermstd_state_t *tp = (ldtermstd_state_t *)p;
5382         int len;
5383 
5384         /*
5385          * If the codeset type doesn't match, we treat them as
5386          * an illegal character and return 1.
5387          */
5388         if (tp->t_csdata.codeset_type != LDTERM_CS_TYPE_UTF8)
5389                 return (1);
5390 
5391         len = u8_number_of_bytes[c];
5392 
5393         /*
5394          * If this is a start of an illegal character, we treat
5395          * such as an 1 byte character and screen out.
5396          */
5397         return ((len <= 0) ? 1 : len);
5398 }
5399 
5400 static uchar_t
5401 ldterm_utf8_width(uchar_t *u8, int length)
5402 {
5403         int i;
5404         int j;
5405         uint_t intcode = 0;
5406 
5407         if (length == 0)
5408                 return ('\0');
5409 
5410         j = u8_number_of_bytes[u8[0]] - 1;
5411 
5412         /*
5413          * If the UTF-8 character is out of UTF-16 code range, or,
5414          * if it is either an ASCII character or an invalid leading byte for
5415          * a UTF-8 character, return 1.
5416          */
5417         if (length > 4 || j <= 0)
5418                 return ('\1');
5419 
5420         intcode = u8[0] & u8_masks_tbl[j];
5421         for (i = 1; j > 0; j--, i++) {
5422                 /*
5423                  * The following additional checking is needed to conform to
5424                  * the "UTF-8 Corrigendum" introduced at the Unicode 3.1 and
5425                  * then updated one more time at the Unicode 3.2.
5426                  */
5427                 if (i == 1) {
5428                         if (u8[i] < u8_valid_min_2nd_byte[u8[0]] ||
5429                             u8[i] > u8_valid_max_2nd_byte[u8[0]])
5430                                 return ('\1');
5431                 } else if (u8[i] < (uchar_t)LDTERM_CS_TYPE_UTF8_MIN_BYTE ||
5432                     u8[i] > (uchar_t)LDTERM_CS_TYPE_UTF8_MAX_BYTE)
5433                         return ('\1');
5434 
5435                 /*
5436                  * All subsequent bytes of UTF-8 character has the following
5437                  * binary encoding:
5438                  *
5439                  * 10xx xxxx
5440                  *
5441                  * hence left shift six bits to make space and then get
5442                  * six bits from the new byte.
5443                  */
5444                 intcode = (intcode << LDTERM_CS_TYPE_UTF8_SHIFT_BITS) |
5445                     (u8[i] & LDTERM_CS_TYPE_UTF8_BIT_MASK);
5446         }
5447 
5448         i = 0;
5449         if (intcode <= LDTERM_CS_TYPE_UTF8_MAX_P00) {
5450                 /* Basic Multilingual Plane. */
5451                 i = intcode / 4;
5452                 j = intcode % 4;
5453                 switch (j) {
5454                 case 0:
5455                         i = ldterm_ucode[0][i].u0;
5456                         break;
5457                 case 1:
5458                         i = ldterm_ucode[0][i].u1;
5459                         break;
5460                 case 2:
5461                         i = ldterm_ucode[0][i].u2;
5462                         break;
5463                 case 3:
5464                         i = ldterm_ucode[0][i].u3;
5465                         break;
5466                 }
5467         } else if (intcode <= LDTERM_CS_TYPE_UTF8_MAX_P01) {
5468                 /* Secondary Multilingual Plane. */
5469                 intcode = intcode & (uint_t)0xffff;
5470                 i = intcode / 4;
5471                 j = intcode % 4;
5472                 switch (j) {
5473                 case 0:
5474                         i = ldterm_ucode[1][i].u0;
5475                         break;
5476                 case 1:
5477                         i = ldterm_ucode[1][i].u1;
5478                         break;
5479                 case 2:
5480                         i = ldterm_ucode[1][i].u2;
5481                         break;
5482                 case 3:
5483                         i = ldterm_ucode[1][i].u3;
5484                         break;
5485                 }
5486         } else if ((intcode >= LDTERM_CS_TYPE_UTF8_MIN_CJKEXTB &&
5487             intcode <= LDTERM_CS_TYPE_UTF8_MAX_CJKEXTB) ||
5488             (intcode >= LDTERM_CS_TYPE_UTF8_MIN_CJKCOMP &&
5489             intcode <= LDTERM_CS_TYPE_UTF8_MAX_CJKCOMP) ||
5490             (intcode >= LDTERM_CS_TYPE_UTF8_MIN_P15 &&
5491             intcode <= LDTERM_CS_TYPE_UTF8_MAX_P15) ||
5492             (intcode >= LDTERM_CS_TYPE_UTF8_MIN_P16 &&
5493             intcode <= LDTERM_CS_TYPE_UTF8_MAX_P16)) {
5494                 /*
5495                  * Supplementary Plane for CJK Ideographs and
5496                  * Private Use Planes.
5497                  */
5498                 return ('\2');
5499         } else if ((intcode >= LDTERM_CS_TYPE_UTF8_MIN_P14 &&
5500             intcode <= LDTERM_CS_TYPE_UTF8_MAX_P14) ||
5501             (intcode >= LDTERM_CS_TYPE_UTF8_MIN_VARSEL &&
5502             intcode <= LDTERM_CS_TYPE_UTF8_MAX_VARSEL)) {
5503                 /*
5504                  * Some Special Purpose Plane characters:
5505                  * These are like control characters and not printable.
5506                  */
5507                 return ('\0');
5508         }
5509 
5510         /*
5511          * We return the display width of 1 for all character code points
5512          * that we didn't catch from the above logic and also for combining
5513          * and conjoining characters with width value of zero.
5514          *
5515          * In particular, the reason why we are returning 1 for combining
5516          * and conjoining characters is because the GUI-based terminal
5517          * emulators are not yet capable of properly handling such characters
5518          * and in most of the cases, they just treat such characters as if
5519          * they occupy a display cell. If the terminal emulators are capable of
5520          * handling the characters correctly, then, this logic of returning
5521          * 1 should be revisited and changed. See CR 6660526 for more
5522          * details on this.
5523          */
5524         return ((i == 0) ? '\1' : (uchar_t)i);
5525 }
--- EOF ---