1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 /*      Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T     */
  26 /*        All Rights Reserved   */
  27 
  28 
  29 
  30 /*
  31  * Pseudo Terminal Slave Driver.
  32  *
  33  * The pseudo-tty subsystem simulates a terminal connection, where the master
  34  * side represents the terminal and the slave represents the user process's
  35  * special device end point. The master device is set up as a cloned device
  36  * where its major device number is the major for the clone device and its minor
  37  * device number is the major for the ptm driver. There are no nodes in the file
  38  * system for master devices. The master pseudo driver is opened using the
  39  * open(2) system call with /dev/ptmx as the device parameter.  The clone open
  40  * finds the next available minor device for the ptm major device.
  41  *
  42  * A master device is available only if it and its corresponding slave device
  43  * are not already open. When the master device is opened, the corresponding
  44  * slave device is automatically locked out. Only one open is allowed on a
  45  * master device.  Multiple opens are allowed on the slave device.  After both
  46  * the master and slave have been opened, the user has two file descriptors
  47  * which are the end points of a full duplex connection composed of two streams
  48  * which are automatically connected at the master and slave drivers. The user
  49  * may then push modules onto either side of the stream pair.
  50  *
  51  * The master and slave drivers pass all messages to their adjacent queues.
  52  * Only the M_FLUSH needs some processing.  Because the read queue of one side
  53  * is connected to the write queue of the other, the FLUSHR flag is changed to
  54  * the FLUSHW flag and vice versa. When the master device is closed an M_HANGUP
  55  * message is sent to the slave device which will render the device
  56  * unusable. The process on the slave side gets the EIO when attempting to write
  57  * on that stream but it will be able to read any data remaining on the stream
  58  * head read queue.  When all the data has been read, read() returns 0
  59  * indicating that the stream can no longer be used.  On the last close of the
  60  * slave device, a 0-length message is sent to the master device. When the
  61  * application on the master side issues a read() or getmsg() and 0 is returned,
  62  * the user of the master device decides whether to issue a close() that
  63  * dismantles the pseudo-terminal subsystem. If the master device is not closed,
  64  * the pseudo-tty subsystem will be available to another user to open the slave
  65  * device.
  66  *
  67  * Synchronization:
  68  *
  69  *   All global data synchronization between ptm/pts is done via global
  70  *   ptms_lock mutex which is initialized at system boot time from
  71  *   ptms_initspace (called from space.c).
  72  *
  73  *   Individual fields of pt_ttys structure (except ptm_rdq, pts_rdq and
  74  *   pt_nullmsg) are protected by pt_ttys.pt_lock mutex.
  75  *
  76  *   PT_ENTER_READ/PT_ENTER_WRITE are reference counter based read-write locks
  77  *   which allow reader locks to be reacquired by the same thread (usual
  78  *   reader/writer locks can't be used for that purpose since it is illegal for
  79  *   a thread to acquire a lock it already holds, even as a reader). The sole
  80  *   purpose of these macros is to guarantee that the peer queue will not
  81  *   disappear (due to closing peer) while it is used. It is safe to use
  82  *   PT_ENTER_READ/PT_EXIT_READ brackets across calls like putq/putnext (since
  83  *   they are not real locks but reference counts).
  84  *
  85  *   PT_ENTER_WRITE/PT_EXIT_WRITE brackets are used ONLY in master/slave
  86  *   open/close paths to modify ptm_rdq and pts_rdq fields. These fields should
  87  *   be set to appropriate queues *after* qprocson() is called during open (to
  88  *   prevent peer from accessing the queue with incomplete plumbing) and set to
  89  *   NULL before qprocsoff() is called during close.
  90  *
  91  *   The pt_nullmsg field is only used in open/close routines and it is also
  92  *   protected by PT_ENTER_WRITE/PT_EXIT_WRITE brackets to avoid extra mutex
  93  *   holds.
  94  *
  95  * Lock Ordering:
  96  *
  97  *   If both ptms_lock and per-pty lock should be held, ptms_lock should always
  98  *   be entered first, followed by per-pty lock.
  99  *
 100  * See ptms.h, ptm.c and ptms_conf.c fore more information.
 101  *
 102  */
 103 
 104 #include <sys/types.h>
 105 #include <sys/param.h>
 106 #include <sys/sysmacros.h>
 107 #include <sys/stream.h>
 108 #include <sys/stropts.h>
 109 #include <sys/stat.h>
 110 #include <sys/errno.h>
 111 #include <sys/debug.h>
 112 #include <sys/cmn_err.h>
 113 #include <sys/ptms.h>
 114 #include <sys/systm.h>
 115 #include <sys/modctl.h>
 116 #include <sys/conf.h>
 117 #include <sys/ddi.h>
 118 #include <sys/sunddi.h>
 119 #include <sys/cred.h>
 120 #include <sys/zone.h>
 121 
 122 #ifdef DEBUG
 123 int pts_debug = 0;
 124 #define DBG(a)   if (pts_debug) cmn_err(CE_NOTE, a)
 125 #else
 126 #define DBG(a)
 127 #endif
 128 
 129 static int ptsopen(queue_t *, dev_t *, int, int, cred_t *);
 130 static int ptsclose(queue_t *, int, cred_t *);
 131 static void ptswput(queue_t *, mblk_t *);
 132 static void ptsrsrv(queue_t *);
 133 static void ptswsrv(queue_t *);
 134 
 135 /*
 136  * Slave Stream Pseudo Terminal Module: stream data structure definitions
 137  */
 138 static struct module_info pts_info = {
 139         0xface,
 140         "pts",
 141         0,
 142         _TTY_BUFSIZ,
 143         _TTY_BUFSIZ,
 144         128
 145 };
 146 
 147 static struct qinit ptsrint = {
 148         NULL,
 149         (int (*)()) ptsrsrv,
 150         ptsopen,
 151         ptsclose,
 152         NULL,
 153         &pts_info,
 154         NULL
 155 };
 156 
 157 static struct qinit ptswint = {
 158         (int (*)()) ptswput,
 159         (int (*)()) ptswsrv,
 160         NULL,
 161         NULL,
 162         NULL,
 163         &pts_info,
 164         NULL
 165 };
 166 
 167 static struct streamtab ptsinfo = {
 168         &ptsrint,
 169         &ptswint,
 170         NULL,
 171         NULL
 172 };
 173 
 174 static int pts_devinfo(dev_info_t *, ddi_info_cmd_t, void *, void **);
 175 static int pts_attach(dev_info_t *, ddi_attach_cmd_t);
 176 static int pts_detach(dev_info_t *, ddi_detach_cmd_t);
 177 
 178 #define PTS_CONF_FLAG   (D_NEW | D_MP)
 179 
 180 /*
 181  * this will define (struct cb_ops cb_pts_ops) and (struct dev_ops pts_ops)
 182  */
 183 DDI_DEFINE_STREAM_OPS(pts_ops, nulldev, nulldev,        \
 184     pts_attach, pts_detach, nodev,                      \
 185     pts_devinfo, PTS_CONF_FLAG, &ptsinfo, ddi_quiesce_not_supported);
 186 
 187 /*
 188  * Module linkage information for the kernel.
 189  */
 190 
 191 static struct modldrv modldrv = {
 192         &mod_driverops, /* Type of module.  This one is a pseudo driver */
 193         "Slave Stream Pseudo Terminal driver 'pts'",
 194         &pts_ops,   /* driver ops */
 195 };
 196 
 197 static struct modlinkage modlinkage = {
 198         MODREV_1,
 199         &modldrv,
 200         NULL
 201 };
 202 
 203 int
 204 _init(void)
 205 {
 206         int rc;
 207 
 208         if ((rc = mod_install(&modlinkage)) == 0)
 209                 ptms_init();
 210         return (rc);
 211 }
 212 
 213 
 214 int
 215 _fini(void)
 216 {
 217         return (mod_remove(&modlinkage));
 218 }
 219 
 220 int
 221 _info(struct modinfo *modinfop)
 222 {
 223         return (mod_info(&modlinkage, modinfop));
 224 }
 225 
 226 static int
 227 pts_attach(dev_info_t *devi, ddi_attach_cmd_t cmd)
 228 {
 229         if (cmd != DDI_ATTACH)
 230                 return (DDI_FAILURE);
 231 
 232         mutex_enter(&ptms_lock);
 233         pts_dip = devi;
 234         mutex_exit(&ptms_lock);
 235 
 236         return (DDI_SUCCESS);
 237 }
 238 
 239 /*ARGSUSED*/
 240 static int
 241 pts_detach(dev_info_t *devi, ddi_detach_cmd_t cmd)
 242 {
 243         if (cmd != DDI_DETACH)
 244                 return (DDI_FAILURE);
 245 
 246         /*
 247          * For now, pts cannot be detached.
 248          */
 249         return (DDI_FAILURE);
 250 }
 251 
 252 /*ARGSUSED*/
 253 static int
 254 pts_devinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg,
 255     void **result)
 256 {
 257         int error;
 258 
 259         switch (infocmd) {
 260         case DDI_INFO_DEVT2DEVINFO:
 261                 if (pts_dip == NULL) {
 262                         error = DDI_FAILURE;
 263                 } else {
 264                         *result = (void *)pts_dip;
 265                         error = DDI_SUCCESS;
 266                 }
 267                 break;
 268         case DDI_INFO_DEVT2INSTANCE:
 269                 *result = (void *)0;
 270                 error = DDI_SUCCESS;
 271                 break;
 272         default:
 273                 error = DDI_FAILURE;
 274         }
 275         return (error);
 276 }
 277 
 278 /* ARGSUSED */
 279 /*
 280  * Open the slave device. Reject a clone open and do not allow the
 281  * driver to be pushed. If the slave/master pair is locked or if
 282  * the master is not open, return EACCESS.
 283  * Upon success, store the write queue pointer in private data and
 284  * set the PTSOPEN bit in the pt_state field.
 285  */
 286 static int
 287 ptsopen(
 288         queue_t *rqp,           /* pointer to the read side queue */
 289         dev_t   *devp,          /* pointer to stream tail's dev */
 290         int     oflag,          /* the user open(2) supplied flags */
 291         int     sflag,          /* open state flag */
 292         cred_t  *credp)         /* credentials */
 293 {
 294         struct pt_ttys  *ptsp;
 295         mblk_t          *mp;
 296         mblk_t          *mop;   /* ptr to a setopts message block */
 297         minor_t         dminor = getminor(*devp);
 298         struct stroptions *sop;
 299 
 300         DDBG("entering ptsopen(%d)", dminor);
 301 
 302         if (sflag != 0) {
 303                 return (EINVAL);
 304         }
 305 
 306         mutex_enter(&ptms_lock);
 307         ptsp = ptms_minor2ptty(dminor);
 308 
 309         if (ptsp == NULL) {
 310                 mutex_exit(&ptms_lock);
 311                 return (ENXIO);
 312         }
 313         mutex_enter(&ptsp->pt_lock);
 314 
 315         /*
 316          * Prevent opens from zones other than the one blessed by ptm.  We
 317          * can't even allow the global zone to open all pts's, as it would
 318          * otherwise inproperly be able to claim pts's already opened by zones.
 319          */
 320         if (ptsp->pt_zoneid != getzoneid()) {
 321                 mutex_exit(&ptsp->pt_lock);
 322                 mutex_exit(&ptms_lock);
 323                 return (EPERM);
 324         }
 325 
 326         /*
 327          * Allow reopen of this device.
 328          */
 329         if (rqp->q_ptr != NULL) {
 330                 ASSERT(rqp->q_ptr == ptsp);
 331                 ASSERT(ptsp->pts_rdq == rqp);
 332                 mutex_exit(&ptsp->pt_lock);
 333                 mutex_exit(&ptms_lock);
 334                 return (0);
 335         }
 336 
 337         DDBGP("ptsopen: p = %p\n", (uintptr_t)ptsp);
 338         DDBG("ptsopen: state = %x\n", ptsp->pt_state);
 339 
 340 
 341         ASSERT(ptsp->pt_minor == dminor);
 342 
 343         if ((ptsp->pt_state & PTLOCK) || !(ptsp->pt_state & PTMOPEN)) {
 344                 mutex_exit(&ptsp->pt_lock);
 345                 mutex_exit(&ptms_lock);
 346                 return (EAGAIN);
 347         }
 348 
 349         /*
 350          * if already, open simply return...
 351          */
 352         if (ptsp->pt_state & PTSOPEN) {
 353                 ASSERT(rqp->q_ptr == ptsp);
 354                 ASSERT(ptsp->pts_rdq == rqp);
 355                 mutex_exit(&ptsp->pt_lock);
 356                 mutex_exit(&ptms_lock);
 357                 return (0);
 358         }
 359 
 360         /*
 361          * Allocate message block for setting stream head options.
 362          */
 363         if ((mop = allocb(sizeof (struct stroptions), BPRI_MED)) == NULL) {
 364                 mutex_exit(&ptsp->pt_lock);
 365                 mutex_exit(&ptms_lock);
 366                 return (ENOMEM);
 367         }
 368 
 369         /*
 370          * Slave should send zero-length message to a master when it is
 371          * closing. If memory is low at that time, master will not detect slave
 372          * closes, this pty will not be deallocated. So, preallocate this
 373          * zero-length message block early.
 374          */
 375         if ((mp = allocb(0, BPRI_MED)) == NULL) {
 376                 mutex_exit(&ptsp->pt_lock);
 377                 mutex_exit(&ptms_lock);
 378                 freemsg(mop);
 379                 return (ENOMEM);
 380         }
 381 
 382         ptsp->pt_state |= PTSOPEN;
 383 
 384         WR(rqp)->q_ptr = rqp->q_ptr = ptsp;
 385 
 386         mutex_exit(&ptsp->pt_lock);
 387         mutex_exit(&ptms_lock);
 388 
 389         qprocson(rqp);
 390 
 391         /*
 392          * After qprocson pts driver is fully plumbed into the stream and can
 393          * send/receive messages. Setting pts_rdq will allow master side to send
 394          * messages to the slave. This setting can't occur before qprocson() is
 395          * finished because slave is not ready to process them.
 396          */
 397         PT_ENTER_WRITE(ptsp);
 398         ptsp->pts_rdq = rqp;
 399         ASSERT(ptsp->pt_nullmsg == NULL);
 400         ptsp->pt_nullmsg = mp;
 401         PT_EXIT_WRITE(ptsp);
 402 
 403         /*
 404          * set up hi/lo water marks on stream head read queue
 405          * and add controlling tty if not set
 406          */
 407 
 408         mop->b_datap->db_type = M_SETOPTS;
 409         mop->b_wptr += sizeof (struct stroptions);
 410         sop = (struct stroptions *)mop->b_rptr;
 411         sop->so_flags = SO_HIWAT | SO_LOWAT | SO_ISTTY;
 412         sop->so_hiwat = _TTY_BUFSIZ;
 413         sop->so_lowat = 256;
 414         putnext(rqp, mop);
 415 
 416         return (0);
 417 }
 418 
 419 
 420 
 421 /*
 422  * Find the address to private data identifying the slave's write
 423  * queue. Send a 0-length msg up the slave's read queue to designate
 424  * the master is closing. Uattach the master from the slave by nulling
 425  * out master's write queue field in private data.
 426  */
 427 /*ARGSUSED1*/
 428 static int
 429 ptsclose(queue_t *rqp, int flag, cred_t *credp)
 430 {
 431         struct pt_ttys  *ptsp;
 432         queue_t *wqp;
 433         mblk_t  *mp;
 434         mblk_t  *bp;
 435 
 436         /*
 437          * q_ptr should never be NULL in the close routine and it is checked in
 438          * DEBUG kernel by ASSERT. For non-DEBUG kernel the attempt is made to
 439          * behave gracefully.
 440          */
 441         ASSERT(rqp->q_ptr != NULL);
 442         if (rqp->q_ptr == NULL) {
 443                 qprocsoff(rqp);
 444                 return (0);
 445         }
 446 
 447         ptsp = (struct pt_ttys *)rqp->q_ptr;
 448 
 449         /*
 450          * Slave is going to close and doesn't want any new  messages coming
 451          * from the master side, so set pts_rdq to NULL. This should be done
 452          * before call to qprocsoff() since slave can't process additional
 453          * messages from the master after qprocsoff is called.
 454          */
 455         PT_ENTER_WRITE(ptsp);
 456         mp = ptsp->pt_nullmsg;
 457         ptsp->pt_nullmsg = NULL;
 458         ptsp->pts_rdq = NULL;
 459         PT_EXIT_WRITE(ptsp);
 460 
 461         /*
 462          * Drain the ouput
 463          */
 464         wqp = WR(rqp);
 465         PT_ENTER_READ(ptsp);
 466         while ((bp = getq(wqp)) != NULL) {
 467                 if (ptsp->ptm_rdq) {
 468                         putnext(ptsp->ptm_rdq, bp);
 469                 } else if (bp->b_datap->db_type == M_IOCTL) {
 470                         bp->b_datap->db_type = M_IOCNAK;
 471                         freemsg(bp->b_cont);
 472                         bp->b_cont = NULL;
 473                         qreply(wqp, bp);
 474                 } else {
 475                         freemsg(bp);
 476                 }
 477         }
 478         /*
 479          * qenable master side write queue so that it can flush
 480          * its messages as slaves's read queue is going away
 481          */
 482         if (ptsp->ptm_rdq) {
 483                 if (mp)
 484                         putnext(ptsp->ptm_rdq, mp);
 485                 else
 486                         qenable(WR(ptsp->ptm_rdq));
 487         } else
 488                 freemsg(mp);
 489         PT_EXIT_READ(ptsp);
 490 
 491         qprocsoff(rqp);
 492 
 493         rqp->q_ptr = NULL;
 494         WR(rqp)->q_ptr = NULL;
 495 
 496         ptms_close(ptsp, PTSOPEN | PTSTTY);
 497 
 498         return (0);
 499 }
 500 
 501 
 502 /*
 503  * The wput procedure will only handle flush messages.
 504  * All other messages are queued and the write side
 505  * service procedure sends them off to the master side.
 506  */
 507 static void
 508 ptswput(queue_t *qp, mblk_t *mp)
 509 {
 510         struct pt_ttys *ptsp;
 511         struct iocblk  *iocp;
 512         unsigned char type = mp->b_datap->db_type;
 513 
 514         DBG(("entering ptswput\n"));
 515         ASSERT(qp->q_ptr);
 516 
 517         ptsp = (struct pt_ttys *)qp->q_ptr;
 518         PT_ENTER_READ(ptsp);
 519         if (ptsp->ptm_rdq == NULL) {
 520                 DBG(("in write put proc but no master\n"));
 521                 /*
 522                  * NAK ioctl as slave side read queue is gone.
 523                  * Or else free the message.
 524                  */
 525                 if (mp->b_datap->db_type == M_IOCTL) {
 526                         mp->b_datap->db_type = M_IOCNAK;
 527                         freemsg(mp->b_cont);
 528                         mp->b_cont = NULL;
 529                         qreply(qp, mp);
 530                 } else
 531                         freemsg(mp);
 532                 PT_EXIT_READ(ptsp);
 533                 return;
 534         }
 535 
 536         if (type >= QPCTL) {
 537                 switch (type) {
 538 
 539                 /*
 540                  * if write queue request, flush slave's write
 541                  * queue and send FLUSHR to ptm. If read queue
 542                  * request, send FLUSHR to ptm.
 543                  */
 544                 case M_FLUSH:
 545                 DBG(("pts got flush request\n"));
 546                 if (*mp->b_rptr & FLUSHW) {
 547 
 548                         DBG(("got FLUSHW, flush pts write Q\n"));
 549                         if (*mp->b_rptr & FLUSHBAND)
 550                                 /*
 551                                  * if it is a FLUSHBAND, do flushband.
 552                                  */
 553                                 flushband(qp, *(mp->b_rptr + 1), FLUSHDATA);
 554                         else
 555                                 flushq(qp, FLUSHDATA);
 556 
 557                         *mp->b_rptr &= ~FLUSHW;
 558                         if ((*mp->b_rptr & FLUSHR) == 0) {
 559                                 /*
 560                                  * FLUSHW only. Change to FLUSHR and putnext
 561                                  * to ptm, then we are done.
 562                                  */
 563                                 *mp->b_rptr |= FLUSHR;
 564                                 if (ptsp->ptm_rdq)
 565                                         putnext(ptsp->ptm_rdq, mp);
 566                                 break;
 567                         } else {
 568                                 mblk_t *nmp;
 569 
 570                                 /* It is a FLUSHRW. Duplicate the mblk */
 571                                 nmp = copyb(mp);
 572                                 if (nmp) {
 573                                         /*
 574                                          * Change FLUSHW to FLUSHR before
 575                                          * putnext to ptm.
 576                                          */
 577                                         DBG(("putnext nmp(FLUSHR) to ptm\n"));
 578                                         *nmp->b_rptr |= FLUSHR;
 579                                         if (ptsp->ptm_rdq)
 580                                                 putnext(ptsp->ptm_rdq, nmp);
 581                                 }
 582                         }
 583                 }
 584                 /*
 585                  * Since the packet module will toss any
 586                  * M_FLUSHES sent to the master's stream head
 587                  * read queue, we simply turn it around here.
 588                  */
 589                 if (*mp->b_rptr & FLUSHR) {
 590                         ASSERT(RD(qp)->q_first == NULL);
 591                         DBG(("qreply(qp) turning FLUSHR around\n"));
 592                         qreply(qp, mp);
 593                 } else {
 594                         freemsg(mp);
 595                 }
 596                 break;
 597 
 598                 case M_READ:
 599                 /* Caused by ldterm - can not pass to master */
 600                 freemsg(mp);
 601                 break;
 602 
 603                 default:
 604                 if (ptsp->ptm_rdq)
 605                         putnext(ptsp->ptm_rdq, mp);
 606                 break;
 607                 }
 608                 PT_EXIT_READ(ptsp);
 609                 return;
 610         }
 611 
 612         switch (type) {
 613 
 614         case M_IOCTL:
 615                 /*
 616                  * For case PTSSTTY set the flag PTSTTY and ACK
 617                  * the ioctl so that the user program can push
 618                  * the associated modules to get tty semantics.
 619                  * See bugid 4025044
 620                  */
 621                 iocp = (struct iocblk *)mp->b_rptr;
 622                 switch (iocp->ioc_cmd) {
 623                 default:
 624                         break;
 625 
 626                 case PTSSTTY:
 627                         if (ptsp->pt_state & PTSTTY) {
 628                                 mp->b_datap->db_type = M_IOCNAK;
 629                                 iocp->ioc_error = EEXIST;
 630                         } else {
 631                                 mp->b_datap->db_type = M_IOCACK;
 632                                 mutex_enter(&ptsp->pt_lock);
 633                                 ptsp->pt_state |= PTSTTY;
 634                                 mutex_exit(&ptsp->pt_lock);
 635                                 iocp->ioc_error = 0;
 636                         }
 637                         iocp->ioc_count = 0;
 638                         qreply(qp, mp);
 639                         PT_EXIT_READ(ptsp);
 640                         return;
 641                 }
 642 
 643         default:
 644                 /*
 645                  * send other messages to the master
 646                  */
 647                 DBG(("put msg on slave's write queue\n"));
 648                 (void) putq(qp, mp);
 649                 break;
 650         }
 651 
 652         PT_EXIT_READ(ptsp);
 653         DBG(("return from ptswput()\n"));
 654 }
 655 
 656 
 657 /*
 658  * enable the write side of the master. This triggers the
 659  * master to send any messages queued on its write side to
 660  * the read side of this slave.
 661  */
 662 static void
 663 ptsrsrv(queue_t *qp)
 664 {
 665         struct pt_ttys *ptsp;
 666 
 667         DBG(("entering ptsrsrv\n"));
 668         ASSERT(qp->q_ptr);
 669 
 670         ptsp = (struct pt_ttys *)qp->q_ptr;
 671         PT_ENTER_READ(ptsp);
 672         if (ptsp->ptm_rdq == NULL) {
 673                 DBG(("in read srv proc but no master\n"));
 674                 PT_EXIT_READ(ptsp);
 675                 return;
 676         }
 677         qenable(WR(ptsp->ptm_rdq));
 678         PT_EXIT_READ(ptsp);
 679         DBG(("leaving ptsrsrv\n"));
 680 }
 681 
 682 /*
 683  * If there are messages on this queue that can be sent to
 684  * master, send them via putnext(). Else, if queued messages
 685  * cannot be sent, leave them on this queue. If priority
 686  * messages on this queue, send them to master no matter what.
 687  */
 688 static void
 689 ptswsrv(queue_t *qp)
 690 {
 691         struct pt_ttys *ptsp;
 692         queue_t *ptm_rdq;
 693         mblk_t *mp;
 694 
 695         DBG(("entering ptswsrv\n"));
 696         ASSERT(qp->q_ptr);
 697 
 698         ptsp = (struct pt_ttys *)qp->q_ptr;
 699         PT_ENTER_READ(ptsp);
 700         if (ptsp->ptm_rdq == NULL) {
 701                 DBG(("in write srv proc but no master\n"));
 702                 /*
 703                  * Free messages on the write queue and send
 704                  * NAK for any M_IOCTL type messages to wakeup
 705                  * the user process waiting for ACK/NAK from
 706                  * the ioctl invocation
 707                  */
 708                 while ((mp = getq(qp)) != NULL) {
 709                         if (mp->b_datap->db_type == M_IOCTL) {
 710                                 mp->b_datap->db_type = M_IOCNAK;
 711                                 freemsg(mp->b_cont);
 712                                 mp->b_cont = NULL;
 713                                 qreply(qp, mp);
 714                         } else
 715                                 freemsg(mp);
 716                 }
 717                 PT_EXIT_READ(ptsp);
 718                 return;
 719         } else {
 720                 ptm_rdq = ptsp->ptm_rdq;
 721         }
 722 
 723         /*
 724          * while there are messages on this write queue...
 725          */
 726         while ((mp = getq(qp)) != NULL) {
 727                 /*
 728                  * if don't have control message and cannot put
 729                  * msg. on master's read queue, put it back on
 730                  * this queue.
 731                  */
 732                 if (mp->b_datap->db_type <= QPCTL &&
 733                     !bcanputnext(ptm_rdq, mp->b_band)) {
 734                         DBG(("put msg. back on Q\n"));
 735                         (void) putbq(qp, mp);
 736                         break;
 737                 }
 738                 /*
 739                  * else send the message up master's stream
 740                  */
 741                 DBG(("send message to master\n"));
 742                 putnext(ptm_rdq, mp);
 743         }
 744         DBG(("leaving ptswsrv\n"));
 745         PT_EXIT_READ(ptsp);
 746 }