4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
25 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
26 /* All Rights Reserved */
29 * Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
30 * Copyright 2021 Oxide Computer Company
34 * PSEUDO-TERMINAL SUBSIDIARY DRIVER (PTS)
36 * The pseudo-terminal subsystem simulates a terminal connection, where the
37 * manager side represents the terminal and the subsidiary represents the user
38 * process's special device end point. The manager device is set up as a
39 * cloned device where its major device number is the major for the clone
40 * device and its minor device number is the major for the ptm driver. There
41 * are no nodes in the file system for manager devices. The manager pseudo
42 * driver is opened using the open(2) system call with /dev/ptmx as the device
43 * parameter. The clone open finds the next available minor device for the ptm
46 * A manager device is available only if it and its corresponding subsidiary
47 * device are not already open. When the manager device is opened, the
48 * corresponding subsidiary device is automatically locked out. Only one open
49 * is allowed on a manager device. Multiple opens are allowed on the
50 * subsidiary device. After both the manager and subsidiary have been opened,
51 * the user has two file descriptors which are the end points of a full duplex
52 * connection composed of two streams which are automatically connected at the
53 * manager and subsidiary drivers. The user may then push modules onto either
54 * side of the stream pair.
56 * The manager and subsidiary drivers pass all messages to their adjacent
57 * queues. Only the M_FLUSH needs some processing. Because the read queue of
58 * one side is connected to the write queue of the other, the FLUSHR flag is
59 * changed to the FLUSHW flag and vice versa. When the manager device is
60 * closed an M_HANGUP message is sent to the subsidiary device which will
61 * render the device unusable. The process on the subsidiary side gets the EIO
62 * when attempting to write on that stream but it will be able to read any data
63 * remaining on the stream head read queue. When all the data has been read,
64 * read() returns 0 indicating that the stream can no longer be used. On the
65 * last close of the subsidiary device, a 0-length message is sent to the
66 * manager device. When the application on the manager side issues a read() or
67 * getmsg() and 0 is returned, the user of the manager device decides whether
68 * to issue a close() that dismantles the pseudo-terminal subsystem. If the
69 * manager device is not closed, the pseudo-tty subsystem will be available to
70 * another user to open the subsidiary device.
75 * All global data synchronization between ptm/pts is done via global ptms_lock
76 * mutex which is initialized at system boot time from ptms_initspace (called
79 * Individual fields of pt_ttys structure (except ptm_rdq, pts_rdq and
80 * pt_nullmsg) are protected by pt_ttys.pt_lock mutex.
82 * PT_ENTER_READ/PT_ENTER_WRITE are reference counter based read-write locks
83 * which allow reader locks to be reacquired by the same thread (usual
84 * reader/writer locks can't be used for that purpose since it is illegal for a
85 * thread to acquire a lock it already holds, even as a reader). The sole
86 * purpose of these macros is to guarantee that the peer queue will not
87 * disappear (due to closing peer) while it is used. It is safe to use
88 * PT_ENTER_READ/PT_EXIT_READ brackets across calls like putq/putnext (since
89 * they are not real locks but reference counts).
91 * PT_ENTER_WRITE/PT_EXIT_WRITE brackets are used ONLY in manager/subsidiary
92 * open/close paths to modify ptm_rdq and pts_rdq fields. These fields should
93 * be set to appropriate queues *after* qprocson() is called during open (to
94 * prevent peer from accessing the queue with incomplete plumbing) and set to
95 * NULL before qprocsoff() is called during close.
97 * The pt_nullmsg field is only used in open/close routines and it is also
98 * protected by PT_ENTER_WRITE/PT_EXIT_WRITE brackets to avoid extra mutex
104 * If both ptms_lock and per-pty lock should be held, ptms_lock should always
105 * be entered first, followed by per-pty lock.
107 * See ptms.h, ptm.c and ptms_conf.c fore more information.
110 #include <sys/types.h>
111 #include <sys/param.h>
112 #include <sys/sysmacros.h>
113 #include <sys/stream.h>
114 #include <sys/stropts.h>
115 #include <sys/strsubr.h>
116 #include <sys/stat.h>
117 #include <sys/errno.h>
118 #include <sys/debug.h>
119 #include <sys/cmn_err.h>
120 #include <sys/ptms.h>
121 #include <sys/systm.h>
122 #include <sys/modctl.h>
123 #include <sys/conf.h>
125 #include <sys/sunddi.h>
126 #include <sys/cred.h>
127 #include <sys/zone.h>
131 #define DBG(a) if (pts_debug) cmn_err(CE_NOTE, a)
136 static int ptsopen(queue_t
*, dev_t
*, int, int, cred_t
*);
137 static int ptsclose(queue_t
*, int, cred_t
*);
138 static int ptswput(queue_t
*, mblk_t
*);
139 static int ptsrsrv(queue_t
*);
140 static int ptswsrv(queue_t
*);
142 static struct module_info pts_info
= {
151 static struct qinit ptsrint
= {
161 static struct qinit ptswint
= {
171 static struct streamtab ptsinfo
= {
178 static int pts_devinfo(dev_info_t
*, ddi_info_cmd_t
, void *, void **);
179 static int pts_attach(dev_info_t
*, ddi_attach_cmd_t
);
180 static int pts_detach(dev_info_t
*, ddi_detach_cmd_t
);
182 #define PTS_CONF_FLAG (D_NEW | D_MP)
185 * this will define (struct cb_ops cb_pts_ops) and (struct dev_ops pts_ops)
187 DDI_DEFINE_STREAM_OPS(pts_ops
, nulldev
, nulldev
, \
188 pts_attach
, pts_detach
, nodev
, \
189 pts_devinfo
, PTS_CONF_FLAG
, &ptsinfo
, ddi_quiesce_not_supported
);
192 * Module linkage information for the kernel.
195 static struct modldrv modldrv
= {
197 "Pseudo-Terminal Subsidiary Driver",
201 static struct modlinkage modlinkage
= {
212 if ((rc
= mod_install(&modlinkage
)) == 0)
221 return (mod_remove(&modlinkage
));
225 _info(struct modinfo
*modinfop
)
227 return (mod_info(&modlinkage
, modinfop
));
231 pts_attach(dev_info_t
*devi
, ddi_attach_cmd_t cmd
)
233 if (cmd
!= DDI_ATTACH
)
234 return (DDI_FAILURE
);
236 mutex_enter(&ptms_lock
);
238 mutex_exit(&ptms_lock
);
240 return (DDI_SUCCESS
);
244 pts_detach(dev_info_t
*devi
, ddi_detach_cmd_t cmd
)
246 if (cmd
!= DDI_DETACH
)
247 return (DDI_FAILURE
);
250 * For now, pts cannot be detached.
252 return (DDI_FAILURE
);
256 pts_devinfo(dev_info_t
*dip
, ddi_info_cmd_t infocmd
, void *arg
,
262 case DDI_INFO_DEVT2DEVINFO
:
263 if (pts_dip
== NULL
) {
266 *result
= (void *)pts_dip
;
270 case DDI_INFO_DEVT2INSTANCE
:
282 * Open the subsidiary device. Reject a clone open and do not allow the
283 * driver to be pushed. If the subsidiary/manager pair is locked or if
284 * the manager is not open, return EACCESS.
285 * Upon success, store the write queue pointer in private data and
286 * set the PTSOPEN bit in the pt_state field.
290 queue_t
*rqp
, /* pointer to the read side queue */
291 dev_t
*devp
, /* pointer to stream tail's dev */
292 int oflag
, /* the user open(2) supplied flags */
293 int sflag
, /* open state flag */
294 cred_t
*credp
) /* credentials */
296 struct pt_ttys
*ptsp
;
298 mblk_t
*mop
; /* ptr to a setopts message block */
299 minor_t dminor
= getminor(*devp
);
300 struct stroptions
*sop
;
302 DDBG("entering ptsopen(%d)", dminor
);
308 mutex_enter(&ptms_lock
);
309 ptsp
= ptms_minor2ptty(dminor
);
312 mutex_exit(&ptms_lock
);
315 mutex_enter(&ptsp
->pt_lock
);
318 * Prevent opens from zones other than the one blessed by ptm. We
319 * can't even allow the global zone to open all pts's, as it would
320 * otherwise inproperly be able to claim pts's already opened by zones.
322 if (ptsp
->pt_zoneid
!= getzoneid()) {
323 mutex_exit(&ptsp
->pt_lock
);
324 mutex_exit(&ptms_lock
);
329 * Allow reopen of this device.
331 if (rqp
->q_ptr
!= NULL
) {
332 ASSERT(rqp
->q_ptr
== ptsp
);
333 ASSERT(ptsp
->pts_rdq
== rqp
);
334 mutex_exit(&ptsp
->pt_lock
);
335 mutex_exit(&ptms_lock
);
339 DDBGP("ptsopen: p = %p\n", (uintptr_t)ptsp
);
340 DDBG("ptsopen: state = %x\n", ptsp
->pt_state
);
342 ASSERT(ptsp
->pt_minor
== dminor
);
344 if ((ptsp
->pt_state
& PTLOCK
) || !(ptsp
->pt_state
& PTMOPEN
)) {
345 mutex_exit(&ptsp
->pt_lock
);
346 mutex_exit(&ptms_lock
);
351 * if already open, simply return...
353 if (ptsp
->pt_state
& PTSOPEN
) {
354 ASSERT(rqp
->q_ptr
== ptsp
);
355 ASSERT(ptsp
->pts_rdq
== rqp
);
356 mutex_exit(&ptsp
->pt_lock
);
357 mutex_exit(&ptms_lock
);
362 * Allocate message block for setting stream head options.
364 if ((mop
= allocb(sizeof (struct stroptions
), BPRI_MED
)) == NULL
) {
365 mutex_exit(&ptsp
->pt_lock
);
366 mutex_exit(&ptms_lock
);
371 * Subsidiary should send zero-length message to a manager when it is
372 * closing. If memory is low at that time, manager will not detect
373 * subsidiary closes, this pty will not be deallocated. So,
374 * preallocate this zero-length message block early.
376 if ((mp
= allocb(0, BPRI_MED
)) == NULL
) {
377 mutex_exit(&ptsp
->pt_lock
);
378 mutex_exit(&ptms_lock
);
383 ptsp
->pt_state
|= PTSOPEN
;
385 WR(rqp
)->q_ptr
= rqp
->q_ptr
= ptsp
;
387 mutex_exit(&ptsp
->pt_lock
);
388 mutex_exit(&ptms_lock
);
390 if (ptsp
->pt_state
& PTSTTY
)
391 STREAM(rqp
)->sd_flag
|= STRXPG4TTY
;
396 * After qprocson pts driver is fully plumbed into the stream and can
397 * send/receive messages. Setting pts_rdq will allow manager side to
398 * send messages to the subsidiary. This setting can't occur before
399 * qprocson() is finished because subsidiary is not ready to process
402 PT_ENTER_WRITE(ptsp
);
404 ASSERT(ptsp
->pt_nullmsg
== NULL
);
405 ptsp
->pt_nullmsg
= mp
;
409 * set up hi/lo water marks on stream head read queue
410 * and add controlling tty if not set
413 mop
->b_datap
->db_type
= M_SETOPTS
;
414 mop
->b_wptr
+= sizeof (struct stroptions
);
415 sop
= (struct stroptions
*)mop
->b_rptr
;
416 sop
->so_flags
= SO_HIWAT
| SO_LOWAT
| SO_ISTTY
;
417 sop
->so_hiwat
= _TTY_BUFSIZ
;
425 * Find the address to private data identifying the subsidiary's write queue.
426 * Send a 0-length msg up the subsidiary's read queue to designate the manager
427 * is closing. Uattach the manager from the subsidiary by nulling out
428 * manager's write queue field in private data.
431 ptsclose(queue_t
*rqp
, int flag
, cred_t
*credp
)
433 struct pt_ttys
*ptsp
;
439 * q_ptr should never be NULL in the close routine and it is checked in
440 * DEBUG kernel by ASSERT. For non-DEBUG kernel the attempt is made to
443 ASSERT(rqp
->q_ptr
!= NULL
);
444 if (rqp
->q_ptr
== NULL
) {
449 ptsp
= (struct pt_ttys
*)rqp
->q_ptr
;
452 * Subsidiary is going to close and doesn't want any new messages
453 * coming from the manager side, so set pts_rdq to NULL. This should
454 * be done before call to qprocsoff() since subsidiary can't process
455 * additional messages from the manager after qprocsoff is called.
457 PT_ENTER_WRITE(ptsp
);
458 mp
= ptsp
->pt_nullmsg
;
459 ptsp
->pt_nullmsg
= NULL
;
460 ptsp
->pts_rdq
= NULL
;
468 while ((bp
= getq(wqp
)) != NULL
) {
470 putnext(ptsp
->ptm_rdq
, bp
);
471 } else if (bp
->b_datap
->db_type
== M_IOCTL
) {
472 bp
->b_datap
->db_type
= M_IOCNAK
;
481 * qenable manager side write queue so that it can flush its messages
482 * as subsidiarys's read queue is going away:
486 putnext(ptsp
->ptm_rdq
, mp
);
488 qenable(WR(ptsp
->ptm_rdq
));
496 WR(rqp
)->q_ptr
= NULL
;
498 ptms_close(ptsp
, PTSOPEN
| PTSTTY
);
505 * The wput procedure will only handle flush messages. All other messages are
506 * queued and the write side service procedure sends them off to the manager
510 ptswput(queue_t
*qp
, mblk_t
*mp
)
512 struct pt_ttys
*ptsp
;
514 unsigned char type
= mp
->b_datap
->db_type
;
516 DBG(("entering ptswput\n"));
519 ptsp
= (struct pt_ttys
*)qp
->q_ptr
;
521 if (ptsp
->ptm_rdq
== NULL
) {
522 DBG(("in write put proc but no manager\n"));
524 * NAK ioctl as subsidiary side read queue is gone.
525 * Or else free the message.
527 if (mp
->b_datap
->db_type
== M_IOCTL
) {
528 mp
->b_datap
->db_type
= M_IOCNAK
;
542 * if write queue request, flush subsidiary's write
543 * queue and send FLUSHR to ptm. If read queue
544 * request, send FLUSHR to ptm.
547 DBG(("pts got flush request\n"));
548 if (*mp
->b_rptr
& FLUSHW
) {
550 DBG(("got FLUSHW, flush pts write Q\n"));
551 if (*mp
->b_rptr
& FLUSHBAND
)
553 * if it is a FLUSHBAND, do flushband.
555 flushband(qp
, *(mp
->b_rptr
+ 1), FLUSHDATA
);
557 flushq(qp
, FLUSHDATA
);
559 *mp
->b_rptr
&= ~FLUSHW
;
560 if ((*mp
->b_rptr
& FLUSHR
) == 0) {
562 * FLUSHW only. Change to FLUSHR and putnext
563 * to ptm, then we are done.
565 *mp
->b_rptr
|= FLUSHR
;
567 putnext(ptsp
->ptm_rdq
, mp
);
572 /* It is a FLUSHRW. Duplicate the mblk */
576 * Change FLUSHW to FLUSHR before
579 DBG(("putnext nmp(FLUSHR) to ptm\n"));
580 *nmp
->b_rptr
|= FLUSHR
;
582 putnext(ptsp
->ptm_rdq
, nmp
);
587 * Since the packet module will toss any M_FLUSHES sent to the
588 * manager's stream head read queue, we simply turn it around
591 if (*mp
->b_rptr
& FLUSHR
) {
592 ASSERT(RD(qp
)->q_first
== NULL
);
593 DBG(("qreply(qp) turning FLUSHR around\n"));
601 /* Caused by ldterm - can not pass to manager */
607 putnext(ptsp
->ptm_rdq
, mp
);
618 * For case PTSSTTY set the flag PTSTTY and ACK
619 * the ioctl so that the user program can push
620 * the associated modules to get tty semantics.
623 iocp
= (struct iocblk
*)mp
->b_rptr
;
624 switch (iocp
->ioc_cmd
) {
629 if (ptsp
->pt_state
& PTSTTY
) {
630 mp
->b_datap
->db_type
= M_IOCNAK
;
631 iocp
->ioc_error
= EEXIST
;
633 mp
->b_datap
->db_type
= M_IOCACK
;
634 mutex_enter(&ptsp
->pt_lock
);
635 ptsp
->pt_state
|= PTSTTY
;
636 mutex_exit(&ptsp
->pt_lock
);
647 * send other messages to the manager
649 DBG(("put msg on subsidiary's write queue\n"));
655 DBG(("return from ptswput()\n"));
661 * Enable the write side of the manager. This triggers the manager to send any
662 * messages queued on its write side to the read side of this subsidiary.
667 struct pt_ttys
*ptsp
;
669 DBG(("entering ptsrsrv\n"));
672 ptsp
= (struct pt_ttys
*)qp
->q_ptr
;
674 if (ptsp
->ptm_rdq
== NULL
) {
675 DBG(("in read srv proc but no manager\n"));
679 qenable(WR(ptsp
->ptm_rdq
));
681 DBG(("leaving ptsrsrv\n"));
686 * If there are messages on this queue that can be sent to manager, send them
687 * via putnext(). Otherwise, if queued messages cannot be sent, leave them on
688 * this queue. If priority messages on this queue, send them to manager no
694 struct pt_ttys
*ptsp
;
698 DBG(("entering ptswsrv\n"));
701 ptsp
= (struct pt_ttys
*)qp
->q_ptr
;
703 if (ptsp
->ptm_rdq
== NULL
) {
704 DBG(("in write srv proc but no manager\n"));
706 * Free messages on the write queue and send NAK for any
707 * M_IOCTL type messages to wakeup the user process waiting for
708 * ACK/NAK from the ioctl invocation
710 while ((mp
= getq(qp
)) != NULL
) {
711 if (mp
->b_datap
->db_type
== M_IOCTL
) {
712 mp
->b_datap
->db_type
= M_IOCNAK
;
722 ptm_rdq
= ptsp
->ptm_rdq
;
726 * While there are messages on this write queue...
728 while ((mp
= getq(qp
)) != NULL
) {
730 * If this is not a control message and we cannot put messages
731 * on the manager's read queue, put it back on this queue.
733 if (mp
->b_datap
->db_type
<= QPCTL
&&
734 !bcanputnext(ptm_rdq
, mp
->b_band
)) {
735 DBG(("put msg. back on Q\n"));
736 (void) putbq(qp
, mp
);
740 * Otherwise, send the message up manager's stream:
742 DBG(("send message to manager\n"));
743 putnext(ptm_rdq
, mp
);
745 DBG(("leaving ptswsrv\n"));