kernel/tty: Use GID_TTY for non root users by default.
[dragonfly.git] / sys / kern / tty_pty.c
1 /*
2  * (MPSAFE)
3  *
4  * Copyright (c) 1982, 1986, 1989, 1993
5  *      The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the University nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  *      @(#)tty_pty.c   8.4 (Berkeley) 2/20/95
32  * $FreeBSD: src/sys/kern/tty_pty.c,v 1.74.2.4 2002/02/20 19:58:13 dillon Exp $
33  */
34
35 /*
36  * Most functions here could use a separate lock to deal with concurrent
37  * access to the 'pt's.
38  */
39
40 /*
41  * Pseudo-teletype Driver
42  * (Actually two drivers, requiring two dev_ops structures)
43  */
44
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/proc.h>
48 #include <sys/priv.h>
49 #include <sys/tty.h>
50 #include <sys/ttydefaults.h>    /* for TTYDEF_* */
51 #include <sys/conf.h>
52 #include <sys/fcntl.h>
53 #include <sys/kernel.h>
54 #include <sys/vnode.h>
55 #include <sys/signalvar.h>
56 #include <sys/malloc.h>
57 #include <sys/device.h>
58 #include <sys/devfs.h>
59 #include <sys/stat.h>
60 #include <sys/sysctl.h>
61
62 MALLOC_DEFINE(M_PTY, "ptys", "pty data structures");
63
64 static void ptsstart (struct tty *tp);
65 static void ptsstop (struct tty *tp, int rw);
66 static void ptsunhold (struct tty *tp);
67 static void ptcwakeup (struct tty *tp, int flag);
68 static void ptyinit (int n);
69 static int  filt_ptcread (struct knote *kn, long hint);
70 static void filt_ptcrdetach (struct knote *kn);
71 static int  filt_ptcwrite (struct knote *kn, long hint);
72 static void filt_ptcwdetach (struct knote *kn);
73
74 static  d_open_t        ptsopen;
75 static  d_close_t       ptsclose;
76 static  d_read_t        ptsread;
77 static  d_write_t       ptswrite;
78 static  d_ioctl_t       ptyioctl;
79 static  d_open_t        ptcopen;
80 static  d_close_t       ptcclose;
81 static  d_read_t        ptcread;
82 static  d_write_t       ptcwrite;
83 static  d_kqfilter_t    ptckqfilter;
84
85 DEVFS_DEFINE_CLONE_BITMAP(pty);
86 static struct pt_ioctl **ptis;          /* keep pti's intact */
87
88 static  d_clone_t       ptyclone;
89
90 static int      pty_debug_level = 0;
91
92 static struct dev_ops pts98_ops = {
93         { "pts98", 0, D_TTY | D_MPSAFE },
94         .d_open =       ptsopen,
95         .d_close =      ptsclose,
96         .d_read =       ptsread,
97         .d_write =      ptswrite,
98         .d_ioctl =      ptyioctl,
99         .d_kqfilter =   ttykqfilter,
100         .d_revoke =     ttyrevoke
101 };
102
103 static struct dev_ops ptc98_ops = {
104         { "ptc98", 0, D_TTY | D_MASTER | D_MPSAFE },
105         .d_open =       ptcopen,
106         .d_close =      ptcclose,
107         .d_read =       ptcread,
108         .d_write =      ptcwrite,
109         .d_ioctl =      ptyioctl,
110         .d_kqfilter =   ptckqfilter,
111         .d_revoke =     ttyrevoke
112 };
113
114 static struct dev_ops pts_ops = {
115         { "pts", 0, D_TTY | D_MPSAFE },
116         .d_open =       ptsopen,
117         .d_close =      ptsclose,
118         .d_read =       ptsread,
119         .d_write =      ptswrite,
120         .d_ioctl =      ptyioctl,
121         .d_kqfilter =   ttykqfilter,
122         .d_revoke =     ttyrevoke
123 };
124
125 #define CDEV_MAJOR_C    6
126 static struct dev_ops ptc_ops = {
127         { "ptc", 0, D_TTY | D_MASTER | D_MPSAFE },
128         .d_open =       ptcopen,
129         .d_close =      ptcclose,
130         .d_read =       ptcread,
131         .d_write =      ptcwrite,
132         .d_ioctl =      ptyioctl,
133         .d_kqfilter =   ptckqfilter,
134         .d_revoke =     ttyrevoke
135 };
136
137 #define BUFSIZ  100             /* Chunk size iomoved to/from user */
138
139 #define MAXPTYS 1000            /* Maximum cloneable ptys */
140
141 struct  pt_ioctl {
142         int     pt_flags;
143         int     pt_refs;        /* Structural references interlock S/MOPEN */
144         int     pt_uminor;
145         struct  kqinfo pt_kqr, pt_kqw;
146         u_char  pt_send;
147         u_char  pt_ucntl;
148         struct tty pt_tty;
149         cdev_t  devs, devc;
150         struct  prison *pt_prison;
151 };
152
153 /*
154  * pt_flags ptc state
155  */
156 #define PF_PKT          0x0008          /* packet mode */
157 #define PF_STOPPED      0x0010          /* user told stopped */
158 #define PF_REMOTE       0x0020          /* remote and flow controlled input */
159 #define PF_NOSTOP       0x0040
160 #define PF_UCNTL        0x0080          /* user control mode */
161
162 #define PF_PTCSTATEMASK 0x00FF
163
164 /*
165  * pt_flags open state.  Note that PF_SCLOSED is used to activate
166  * read EOF on the ptc so it is only set after the slave has been
167  * opened and then closed, and cleared again if the slave is opened
168  * again.
169  */
170 #define PF_UNIX98       0x0100
171 #define PF_SOPEN        0x0200
172 #define PF_MOPEN        0x0400
173 #define PF_SCLOSED      0x0800
174 #define PF_TERMINATED   0x8000
175
176 /*
177  * This function creates and initializes a pts/ptc pair
178  *
179  * pts == /dev/tty[pqrsPQRS][0123456789abcdefghijklmnopqrstuv]
180  * ptc == /dev/pty[pqrsPQRS][0123456789abcdefghijklmnopqrstuv]
181  *
182  * XXX: define and add mapping of upper minor bits to allow more 
183  *      than 256 ptys.
184  */
185 static void
186 ptyinit(int n)
187 {
188         cdev_t devs, devc;
189         char *names = "pqrsPQRS";
190         struct pt_ioctl *pti;
191
192         /* For now we only map the lower 8 bits of the minor */
193         if (n & ~0xff)
194                 return;
195
196         pti = kmalloc(sizeof(*pti), M_PTY, M_WAITOK | M_ZERO);
197         pti->devs = devs = make_dev(&pts_ops, n, 0, 0, 0666,
198                                     "tty%c%c",
199                                     names[n / 32], hex2ascii(n % 32));
200         pti->devc = devc = make_dev(&ptc_ops, n, 0, 0, 0666,
201                                     "pty%c%c",
202                                     names[n / 32], hex2ascii(n % 32));
203
204         pti->pt_tty.t_dev = devs;
205         pti->pt_uminor = n;
206         devs->si_drv1 = devc->si_drv1 = pti;
207         devs->si_tty = devc->si_tty = &pti->pt_tty;
208         devs->si_flags |= SI_OVERRIDE;  /* uid, gid, perms from dev */
209         devc->si_flags |= SI_OVERRIDE;  /* uid, gid, perms from dev */
210         ttyinit(&pti->pt_tty);
211         ttyregister(&pti->pt_tty);
212 }
213
214 static int
215 ptyclone(struct dev_clone_args *ap)
216 {
217         int unit;
218         struct pt_ioctl *pti;
219
220         /*
221          * Limit the number of unix98 pty (slave) devices to 1000, as
222          * the utmp(5) format only allows for 8 bytes for the tty,
223          * "pts/XXX".
224          *
225          * If this limit is reached, we don't clone and return an error
226          * to devfs.
227          */
228         unit = devfs_clone_bitmap_get(&DEVFS_CLONE_BITMAP(pty), MAXPTYS);
229
230         if (unit < 0) {
231                 ap->a_dev = NULL;
232                 return 1;
233         }
234
235         /*
236          * pti structures must be persistent once allocated.
237          */
238         if ((pti = ptis[unit]) == NULL) {
239                 lwkt_gettoken(&tty_token);
240                 pti = kmalloc(sizeof(*pti), M_PTY, M_WAITOK | M_ZERO);
241                 if (ptis[unit] == NULL) {
242                         ptis[unit] = pti;
243                         ttyinit(&pti->pt_tty);
244                 } else {
245                         kfree(pti, M_PTY);
246                 }
247                 lwkt_reltoken(&tty_token);
248         }
249
250         /*
251          * The cloning bitmap should guarantee isolation during
252          * initialization.
253          */
254         pti->devc = make_only_dev(&ptc98_ops, unit,
255                                   ap->a_cred->cr_ruid,
256                                   0, 0600, "ptm/%d", unit);
257         pti->devs = make_dev(&pts98_ops, unit,
258                              ap->a_cred->cr_ruid,
259                              GID_TTY, 0620, "pts/%d", unit);
260         ap->a_dev = pti->devc;
261
262         pti->devs->si_flags |= SI_OVERRIDE;     /* uid, gid, perms from dev */
263         pti->devc->si_flags |= SI_OVERRIDE;     /* uid, gid, perms from dev */
264
265         pti->pt_tty.t_dev = pti->devs;
266         pti->pt_flags = PF_UNIX98;
267         pti->pt_uminor = unit;
268         pti->devs->si_drv1 = pti->devc->si_drv1 = pti;
269         pti->devs->si_tty = pti->devc->si_tty = &pti->pt_tty;
270         ttyregister(&pti->pt_tty);
271
272         return 0;
273 }
274
275 /*
276  * pti_hold() prevents the pti from being destroyed due to a termination
277  * while a pt*open() is blocked.
278  *
279  * This function returns non-zero if we cannot hold due to a termination
280  * interlock.
281  */
282 static int
283 pti_hold(struct pt_ioctl *pti)
284 {
285         if (pti->pt_flags & PF_TERMINATED)
286                 return(ENXIO);
287         ++pti->pt_refs;
288
289         return(0);
290 }
291
292 /*
293  * pti_done() releases the reference and checks to see if both sides have
294  * been closed on a unix98 pty, allowing us to destroy the device and
295  * release resources.
296  *
297  * We do not release resources on non-unix98 ptys.  Those are left
298  * statically allocated.
299  */
300 static void
301 pti_done(struct pt_ioctl *pti)
302 {
303         lwkt_gettoken(&pti->pt_tty.t_token);
304         if (--pti->pt_refs == 0) {
305                 cdev_t dev;
306                 int uminor_no;
307
308                 /*
309                  * Only unix09 ptys are freed up (the pti structure itself
310                  * is never freed, regardless).
311                  */
312                 if ((pti->pt_flags & PF_UNIX98) == 0) {
313                         lwkt_reltoken(&pti->pt_tty.t_token);
314                         return;
315                 }
316
317                 /*
318                  * Interlock open attempts against termination by setting
319                  * PF_TERMINATED.  This allows us to block while cleaning
320                  * out the device infrastructure.
321                  *
322                  * Do not terminate the tty if it still has a session
323                  * association (t_refs).
324                  */
325                 if ((pti->pt_flags & (PF_SOPEN|PF_MOPEN)) == 0 &&
326                     pti->pt_tty.t_refs == 0) {
327                         pti->pt_flags |= PF_TERMINATED;
328                         uminor_no = pti->pt_uminor;
329
330                         if ((dev = pti->devs) != NULL) {
331                                 dev->si_drv1 = NULL;
332                                 pti->devs = NULL;
333                                 destroy_dev(dev);
334                         }
335                         if ((dev = pti->devc) != NULL) {
336                                 dev->si_drv1 = NULL;
337                                 pti->devc = NULL;
338                                 destroy_dev(dev);
339                         }
340                         ttyunregister(&pti->pt_tty);
341                         pti->pt_tty.t_dev = NULL;
342
343                         devfs_clone_bitmap_put(&DEVFS_CLONE_BITMAP(pty),
344                                                uminor_no);
345                         /* pti structure remains intact */
346                 }
347         }
348         lwkt_reltoken(&pti->pt_tty.t_token);
349 }
350
351 /*ARGSUSED*/
352 static  int
353 ptsopen(struct dev_open_args *ap)
354 {
355         cdev_t dev = ap->a_head.a_dev;
356         struct tty *tp;
357         int error;
358         struct pt_ioctl *pti;
359
360         /*
361          * The pti will already be assigned by the clone code or
362          * pre-created if a non-unix 98 pty.  If si_drv1 is NULL
363          * we are somehow racing a unix98 termination.
364          */
365         if (dev->si_drv1 == NULL)
366                 return(ENXIO);
367         pti = dev->si_drv1;
368
369         lwkt_gettoken(&pti->pt_tty.t_token);
370         if (pti_hold(pti)) {
371                 lwkt_reltoken(&pti->pt_tty.t_token);
372                 return(ENXIO);
373         }
374
375         tp = dev->si_tty;
376
377         /*
378          * Reinit most of the tty state if it isn't open.  Handle
379          * exclusive access.
380          */
381         if ((tp->t_state & TS_ISOPEN) == 0) {
382                 ttychars(tp);           /* Set up default chars */
383                 tp->t_iflag = TTYDEF_IFLAG;
384                 tp->t_oflag = TTYDEF_OFLAG;
385                 tp->t_lflag = TTYDEF_LFLAG;
386                 tp->t_cflag = TTYDEF_CFLAG;
387                 tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
388         } else if ((tp->t_state & TS_XCLUDE) &&
389                    priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
390                 pti_done(pti);
391                 lwkt_reltoken(&pti->pt_tty.t_token);
392                 return (EBUSY);
393         } else if (pti->pt_prison != ap->a_cred->cr_prison) {
394                 pti_done(pti);
395                 lwkt_reltoken(&pti->pt_tty.t_token);
396                 return (EBUSY);
397         }
398
399         /*
400          * If the ptc is already present this will connect us up.  It
401          * is unclear if this is actually needed.
402          *
403          * If neither side is open be sure to clear any left over
404          * ZOMBIE state before continuing.
405          */
406         if (tp->t_oproc)
407                 (void)(*linesw[tp->t_line].l_modem)(tp, 1);
408         else if ((pti->pt_flags & PF_SOPEN) == 0)
409                 tp->t_state &= ~TS_ZOMBIE;
410
411         /*
412          * Wait for the carrier (ptc side)
413          */
414         while ((tp->t_state & TS_CARR_ON) == 0) {
415                 if (ap->a_oflags & FNONBLOCK)
416                         break;
417                 error = ttysleep(tp, TSA_CARR_ON(tp), PCATCH, "ptsopn", 0);
418                 if (error) {
419                         pti_done(pti);
420                         lwkt_reltoken(&pti->pt_tty.t_token);
421                         return (error);
422                 }
423         }
424
425         /*
426          * Mark the tty open and mark the slave side as being open.
427          */
428         error = (*linesw[tp->t_line].l_open)(dev, tp);
429
430         if (error == 0) {
431                 pti->pt_flags |= PF_SOPEN;
432                 pti->pt_flags &= ~PF_SCLOSED;
433                 ptcwakeup(tp, FREAD|FWRITE);
434         }
435         pti_done(pti);
436         lwkt_reltoken(&pti->pt_tty.t_token);
437
438         return (error);
439 }
440
441 static  int
442 ptsclose(struct dev_close_args *ap)
443 {
444         cdev_t dev = ap->a_head.a_dev;
445         struct tty *tp;
446         struct pt_ioctl *pti = dev->si_drv1;
447         int err;
448
449         lwkt_gettoken(&pti->pt_tty.t_token);
450         if (pti_hold(pti))
451                 panic("ptsclose on terminated pti");
452
453         /*
454          * Disconnect the slave side
455          */
456         tp = dev->si_tty;
457         err = (*linesw[tp->t_line].l_close)(tp, ap->a_fflag);
458         ptsstop(tp, FREAD|FWRITE);
459         ttyclose(tp);                   /* clears t_state */
460
461         /*
462          * Mark the pts side closed and signal the ptc.  Do not mark the
463          * tty a zombie... that is, allow the tty to be re-opened as long
464          * as the ptc is still open.  The ptc will read() EOFs until the
465          * pts side is reopened or the ptc is closed.
466          *
467          * xterm() depends on this behavior as it will revoke() the pts
468          * and then reopen it after the (unnecessary old code) chmod.
469          */
470         pti->pt_flags &= ~PF_SOPEN;
471         pti->pt_flags |= PF_SCLOSED;
472         if (tp->t_oproc)
473                 ptcwakeup(tp, FREAD);
474         pti_done(pti);
475         lwkt_reltoken(&pti->pt_tty.t_token);
476         return (err);
477 }
478
479 static  int
480 ptsread(struct dev_read_args *ap)
481 {
482         cdev_t dev = ap->a_head.a_dev;
483         struct proc *p = curproc;
484         struct tty *tp = dev->si_tty;
485         struct pt_ioctl *pti = dev->si_drv1;
486         struct lwp *lp;
487
488         int error = 0;
489
490         lp = curthread->td_lwp;
491
492         lwkt_gettoken(&pti->pt_tty.t_token);
493 again:
494         if (pti->pt_flags & PF_REMOTE) {
495                 while (isbackground(p, tp)) {
496                         if (SIGISMEMBER(p->p_sigignore, SIGTTIN) ||
497                             SIGISMEMBER(lp->lwp_sigmask, SIGTTIN) ||
498                             p->p_pgrp->pg_jobc == 0 ||
499                             (p->p_flags & P_PPWAIT)) {
500                                 lwkt_reltoken(&pti->pt_tty.t_token);
501                                 return (EIO);
502                         }
503                         pgsignal(p->p_pgrp, SIGTTIN, 1);
504                         error = ttysleep(tp, &lbolt, PCATCH, "ptsbg", 0);
505                         if (error) {
506                                 lwkt_reltoken(&pti->pt_tty.t_token);
507                                 return (error);
508                         }
509                 }
510                 if (tp->t_canq.c_cc == 0) {
511                         if (ap->a_ioflag & IO_NDELAY) {
512                                 lwkt_reltoken(&pti->pt_tty.t_token);
513                                 return (EWOULDBLOCK);
514                         }
515                         error = ttysleep(tp, TSA_PTS_READ(tp), PCATCH,
516                                          "ptsin", 0);
517                         if (error) {
518                                 lwkt_reltoken(&pti->pt_tty.t_token);
519                                 return (error);
520                         }
521                         goto again;
522                 }
523                 while (tp->t_canq.c_cc > 1 && ap->a_uio->uio_resid > 0)
524                         if (ureadc(clist_getc(&tp->t_canq), ap->a_uio) < 0) {
525                                 error = EFAULT;
526                                 break;
527                         }
528                 if (tp->t_canq.c_cc == 1)
529                         clist_getc(&tp->t_canq);
530                 if (tp->t_canq.c_cc) {
531                         lwkt_reltoken(&pti->pt_tty.t_token);
532                         return (error);
533                 }
534         } else
535                 if (tp->t_oproc)
536                         error = (*linesw[tp->t_line].l_read)(tp, ap->a_uio, ap->a_ioflag);
537         ptcwakeup(tp, FWRITE);
538         lwkt_reltoken(&pti->pt_tty.t_token);
539
540         return (error);
541 }
542
543 /*
544  * Write to pseudo-tty.
545  * Wakeups of controlling tty will happen
546  * indirectly, when tty driver calls ptsstart.
547  */
548 static  int
549 ptswrite(struct dev_write_args *ap)
550 {
551         cdev_t dev = ap->a_head.a_dev;
552         struct tty *tp;
553         int ret;
554
555         tp = dev->si_tty;
556         lwkt_gettoken(&tp->t_token);
557         if (tp->t_oproc == NULL) {
558                 lwkt_reltoken(&tp->t_token);
559                 return (EIO);
560         }
561         ret = ((*linesw[tp->t_line].l_write)(tp, ap->a_uio, ap->a_ioflag));
562         lwkt_reltoken(&tp->t_token);
563
564         return ret;
565 }
566
567 /*
568  * Start output on pseudo-tty.
569  * Wake up process selecting or sleeping for input from controlling tty.
570  */
571 static void
572 ptsstart(struct tty *tp)
573 {
574         struct pt_ioctl *pti = tp->t_dev->si_drv1;
575
576         lwkt_gettoken(&pti->pt_tty.t_token);
577         lwkt_gettoken(&tp->t_token);
578         if (tp->t_state & TS_TTSTOP) {
579                 lwkt_reltoken(&tp->t_token);
580                 lwkt_reltoken(&pti->pt_tty.t_token);
581                 return;
582         }
583         if (pti) {
584                 if (pti->pt_flags & PF_STOPPED) {
585                         pti->pt_flags &= ~PF_STOPPED;
586                         pti->pt_send = TIOCPKT_START;
587                 }
588         }
589         ptcwakeup(tp, FREAD);
590         lwkt_reltoken(&tp->t_token);
591         lwkt_reltoken(&pti->pt_tty.t_token);
592 }
593
594 /*
595  * NOTE: Must be called with tp->t_token held
596  */
597 static void
598 ptcwakeup(struct tty *tp, int flag)
599 {
600         if (flag & FREAD) {
601                 wakeup(TSA_PTC_READ(tp));
602                 KNOTE(&tp->t_rkq.ki_note, 0);
603         }
604         if (flag & FWRITE) {
605                 wakeup(TSA_PTC_WRITE(tp));
606                 KNOTE(&tp->t_wkq.ki_note, 0);
607         }
608 }
609
610 static  int
611 ptcopen(struct dev_open_args *ap)
612 {
613         cdev_t dev = ap->a_head.a_dev;
614         struct tty *tp;
615         struct pt_ioctl *pti;
616
617         /*
618          * The pti will already be assigned by the clone code or
619          * pre-created if a non-unix 98 pty.  If si_drv1 is NULL
620          * we are somehow racing a unix98 termination.
621          */
622         pti = dev->si_drv1;
623         if (pti == NULL)
624                 return(ENXIO);
625
626         lwkt_gettoken(&pti->pt_tty.t_token);
627         if (pti_hold(pti)) {
628                 lwkt_reltoken(&pti->pt_tty.t_token);
629                 return(ENXIO);
630         }
631         if (pti->pt_prison && pti->pt_prison != ap->a_cred->cr_prison) {
632                 pti_done(pti);
633                 lwkt_reltoken(&pti->pt_tty.t_token);
634                 return(EBUSY);
635         }
636         tp = dev->si_tty;
637         lwkt_gettoken(&tp->t_token);
638         if (tp->t_oproc) {
639                 pti_done(pti);
640                 lwkt_reltoken(&tp->t_token);
641                 lwkt_reltoken(&pti->pt_tty.t_token);
642                 return (EIO);
643         }
644
645         /*
646          * If the slave side is not yet open clear any left over zombie
647          * state before doing our modem control.
648          */
649         if ((pti->pt_flags & PF_SOPEN) == 0)
650                 tp->t_state &= ~TS_ZOMBIE;
651
652         tp->t_oproc = ptsstart;
653         tp->t_stop = ptsstop;
654         tp->t_unhold = ptsunhold;
655
656         /*
657          * Carrier on!
658          */
659         (void)(*linesw[tp->t_line].l_modem)(tp, 1);
660
661         tp->t_lflag &= ~EXTPROC;
662         pti->pt_prison = ap->a_cred->cr_prison;
663         pti->pt_flags &= ~PF_PTCSTATEMASK;
664         pti->pt_send = 0;
665         pti->pt_ucntl = 0;
666
667         pti->devs->si_uid = ap->a_cred->cr_uid;
668         pti->devs->si_gid = ap->a_cred->cr_uid ? GID_TTY : 0;
669         pti->devs->si_perms = 0600;
670         pti->devc->si_uid = ap->a_cred->cr_uid;
671         pti->devc->si_gid = 0;
672         pti->devc->si_perms = 0600;
673
674         /*
675          * Mark master side open.  This does not cause any events
676          * on the slave side.
677          */
678         pti->pt_flags |= PF_MOPEN;
679         pti_done(pti);
680
681         lwkt_reltoken(&tp->t_token);
682         lwkt_reltoken(&pti->pt_tty.t_token);
683
684         return (0);
685 }
686
687 static  int
688 ptcclose(struct dev_close_args *ap)
689 {
690         cdev_t dev = ap->a_head.a_dev;
691         struct tty *tp;
692         struct pt_ioctl *pti = dev->si_drv1;
693
694         lwkt_gettoken(&pti->pt_tty.t_token);
695         if (pti_hold(pti)) {
696                 lwkt_reltoken(&pti->pt_tty.t_token);
697                 panic("ptcclose on terminated pti");
698         }
699         tp = dev->si_tty;
700         lwkt_gettoken(&tp->t_token);
701
702         (void)(*linesw[tp->t_line].l_modem)(tp, 0);
703
704         /*
705          * Mark the master side closed.  If the slave is still open
706          * mark the tty ZOMBIE, preventing any new action until both
707          * sides have closed.
708          *
709          * NOTE: The ttyflush() will wake up the slave once we've
710          *       set appropriate flags.  The ZOMBIE flag will be
711          *       cleared when the slave side is closed.
712          */
713         pti->pt_flags &= ~PF_MOPEN;
714         if (pti->pt_flags & PF_SOPEN)
715                 tp->t_state |= TS_ZOMBIE;
716
717         /*
718          * Turn off the carrier and disconnect.  This will notify the slave
719          * side.
720          */
721         if (tp->t_state & TS_ISOPEN) {
722                 tp->t_state &= ~(TS_CARR_ON | TS_CONNECTED);
723                 ttyflush(tp, FREAD | FWRITE);
724         }
725         tp->t_oproc = NULL;             /* mark closed */
726
727         pti->pt_prison = NULL;
728         pti->devs->si_uid = 0;
729         pti->devs->si_gid = 0;
730         pti->devs->si_perms = 0666;
731         pti->devc->si_uid = 0;
732         pti->devc->si_gid = 0;
733         pti->devc->si_perms = 0666;
734
735         pti_done(pti);
736         lwkt_reltoken(&tp->t_token);
737         lwkt_reltoken(&pti->pt_tty.t_token);
738
739         return (0);
740 }
741
742 static  int
743 ptcread(struct dev_read_args *ap)
744 {
745         cdev_t dev = ap->a_head.a_dev;
746         struct tty *tp = dev->si_tty;
747         struct pt_ioctl *pti = dev->si_drv1;
748         char buf[BUFSIZ];
749         int error = 0, cc;
750
751         lwkt_gettoken(&pti->pt_tty.t_token);
752         lwkt_gettoken(&tp->t_token);
753
754         /*
755          * We want to block until the slave
756          * is open, and there's something to read;
757          * but if we lost the slave or we're NBIO,
758          * then return the appropriate error instead.
759          */
760         for (;;) {
761                 if (tp->t_state&TS_ISOPEN) {
762                         if ((pti->pt_flags & PF_PKT) && pti->pt_send) {
763                                 error = ureadc((int)pti->pt_send, ap->a_uio);
764                                 if (error) {
765                                         lwkt_reltoken(&tp->t_token);
766                                         lwkt_reltoken(&pti->pt_tty.t_token);
767                                         return (error);
768                                 }
769                                 if (pti->pt_send & TIOCPKT_IOCTL) {
770                                         cc = (int)szmin(ap->a_uio->uio_resid,
771                                                         sizeof(tp->t_termios));
772                                         uiomove((caddr_t)&tp->t_termios, cc,
773                                                 ap->a_uio);
774                                 }
775                                 pti->pt_send = 0;
776                                 lwkt_reltoken(&tp->t_token);
777                                 lwkt_reltoken(&pti->pt_tty.t_token);
778
779                                 return (0);
780                         }
781                         if ((pti->pt_flags & PF_UCNTL) && pti->pt_ucntl) {
782                                 error = ureadc((int)pti->pt_ucntl, ap->a_uio);
783                                 if (error) {
784                                         lwkt_reltoken(&tp->t_token);
785                                         lwkt_reltoken(&pti->pt_tty.t_token);
786                                         return (error);
787                                 }
788                                 pti->pt_ucntl = 0;
789                                 lwkt_reltoken(&tp->t_token);
790                                 lwkt_reltoken(&pti->pt_tty.t_token);
791
792                                 return (0);
793                         }
794                         if (tp->t_outq.c_cc && (tp->t_state&TS_TTSTOP) == 0)
795                                 break;
796                 }
797                 if ((tp->t_state & TS_CONNECTED) == 0) {
798                         lwkt_reltoken(&tp->t_token);
799                         lwkt_reltoken(&pti->pt_tty.t_token);
800                         return (0);     /* EOF */
801                 }
802                 if (ap->a_ioflag & IO_NDELAY) {
803                         lwkt_reltoken(&tp->t_token);
804                         lwkt_reltoken(&pti->pt_tty.t_token);
805                         return (EWOULDBLOCK);
806                 }
807                 error = tsleep(TSA_PTC_READ(tp), PCATCH, "ptcin", 0);
808                 if (error) {
809                         lwkt_reltoken(&tp->t_token);
810                         lwkt_reltoken(&pti->pt_tty.t_token);
811                         return (error);
812                 }
813         }
814         if (pti->pt_flags & (PF_PKT|PF_UCNTL))
815                 error = ureadc(0, ap->a_uio);
816         while (ap->a_uio->uio_resid > 0 && error == 0) {
817                 cc = clist_qtob(&tp->t_outq, buf,
818                                 (int)szmin(ap->a_uio->uio_resid, BUFSIZ));
819                 if (cc <= 0)
820                         break;
821                 error = uiomove(buf, (size_t)cc, ap->a_uio);
822         }
823         ttwwakeup(tp);
824         lwkt_reltoken(&tp->t_token);
825         lwkt_reltoken(&pti->pt_tty.t_token);
826
827         return (error);
828 }
829
830 static  void
831 ptsstop(struct tty *tp, int flush)
832 {
833         struct pt_ioctl *pti = tp->t_dev->si_drv1;
834         int flag;
835
836         lwkt_gettoken(&pti->pt_tty.t_token);
837         /* note: FLUSHREAD and FLUSHWRITE already ok */
838         if (pti) {
839                 if (flush == 0) {
840                         flush = TIOCPKT_STOP;
841                         pti->pt_flags |= PF_STOPPED;
842                 } else {
843                         pti->pt_flags &= ~PF_STOPPED;
844                 }
845                 pti->pt_send |= flush;
846                 /* change of perspective */
847         }
848         flag = 0;
849         if (flush & FREAD)
850                 flag |= FWRITE;
851         if (flush & FWRITE)
852                 flag |= FREAD;
853         ptcwakeup(tp, flag);
854
855         lwkt_reltoken(&pti->pt_tty.t_token);
856 }
857
858 /*
859  * ttyunhold() calls us instead of just decrementing tp->t_refs.  This
860  * is needed because a session can hold onto a pts (half closed state)
861  * even if there are no live file descriptors.  Without the callback
862  * we can't clean up.
863  */
864 static  void
865 ptsunhold(struct tty *tp)
866 {
867         struct pt_ioctl *pti = tp->t_dev->si_drv1;
868
869         lwkt_gettoken(&pti->pt_tty.t_token);
870         lwkt_gettoken(&tp->t_token);
871         pti_hold(pti);
872         --tp->t_refs;
873         pti_done(pti);
874         lwkt_reltoken(&tp->t_token);
875         lwkt_reltoken(&pti->pt_tty.t_token);
876 }
877
878 /*
879  * kqueue ops for pseudo-terminals.
880  */
881 static struct filterops ptcread_filtops =
882         { FILTEROP_ISFD|FILTEROP_MPSAFE, NULL, filt_ptcrdetach, filt_ptcread };
883 static struct filterops ptcwrite_filtops =
884         { FILTEROP_ISFD|FILTEROP_MPSAFE, NULL, filt_ptcwdetach, filt_ptcwrite };
885
886 static  int
887 ptckqfilter(struct dev_kqfilter_args *ap)
888 {
889         cdev_t dev = ap->a_head.a_dev;
890         struct knote *kn = ap->a_kn;
891         struct tty *tp = dev->si_tty;
892         struct klist *klist;
893
894         ap->a_result = 0;
895         switch (kn->kn_filter) {
896         case EVFILT_READ:
897                 klist = &tp->t_rkq.ki_note;
898                 kn->kn_fop = &ptcread_filtops;
899                 break;
900         case EVFILT_WRITE:
901                 klist = &tp->t_wkq.ki_note;
902                 kn->kn_fop = &ptcwrite_filtops;
903                 break;
904         default:
905                 ap->a_result = EOPNOTSUPP;
906                 return (0);
907         }
908
909         kn->kn_hook = (caddr_t)dev;
910         knote_insert(klist, kn);
911         return (0);
912 }
913
914 static int
915 filt_ptcread (struct knote *kn, long hint)
916 {
917         struct tty *tp = ((cdev_t)kn->kn_hook)->si_tty;
918         struct pt_ioctl *pti = ((cdev_t)kn->kn_hook)->si_drv1;
919
920         lwkt_gettoken(&pti->pt_tty.t_token);
921         lwkt_gettoken(&tp->t_token);
922
923         if ((tp->t_state & TS_ZOMBIE) || (pti->pt_flags & PF_SCLOSED)) {
924                 kn->kn_flags |= (EV_EOF | EV_NODATA);
925                 lwkt_reltoken(&tp->t_token);
926                 lwkt_reltoken(&pti->pt_tty.t_token);
927                 return (1);
928         }
929
930         if ((tp->t_state & TS_ISOPEN) &&
931             ((tp->t_outq.c_cc && (tp->t_state & TS_TTSTOP) == 0) ||
932              ((pti->pt_flags & PF_PKT) && pti->pt_send) ||
933              ((pti->pt_flags & PF_UCNTL) && pti->pt_ucntl))) {
934                 kn->kn_data = tp->t_outq.c_cc;
935                 lwkt_reltoken(&tp->t_token);
936                 lwkt_reltoken(&pti->pt_tty.t_token);
937                 return(1);
938         } else {
939                 lwkt_reltoken(&tp->t_token);
940                 lwkt_reltoken(&pti->pt_tty.t_token);
941                 return(0);
942         }
943 }
944
945 static int
946 filt_ptcwrite (struct knote *kn, long hint)
947 {
948         struct tty *tp = ((cdev_t)kn->kn_hook)->si_tty;
949         struct pt_ioctl *pti = ((cdev_t)kn->kn_hook)->si_drv1;
950
951         lwkt_gettoken(&pti->pt_tty.t_token);
952         lwkt_gettoken(&tp->t_token);
953         if (tp->t_state & TS_ZOMBIE) {
954                 lwkt_reltoken(&tp->t_token);
955                 lwkt_reltoken(&pti->pt_tty.t_token);
956                 kn->kn_flags |= (EV_EOF | EV_NODATA);
957                 return (1);
958         }
959
960         if (tp->t_state & TS_ISOPEN &&
961             ((pti->pt_flags & PF_REMOTE) ?
962              (tp->t_canq.c_cc == 0) :
963              ((tp->t_rawq.c_cc + tp->t_canq.c_cc < TTYHOG - 2) ||
964               (tp->t_canq.c_cc == 0 && (tp->t_lflag & ICANON))))) {
965                 kn->kn_data = tp->t_canq.c_cc + tp->t_rawq.c_cc;
966                 lwkt_reltoken(&tp->t_token);
967                 lwkt_reltoken(&pti->pt_tty.t_token);
968                 return(1);
969         } else {
970                 lwkt_reltoken(&tp->t_token);
971                 lwkt_reltoken(&pti->pt_tty.t_token);
972                 return(0);
973         }
974         /* NOTREACHED */
975 }
976
977 static void
978 filt_ptcrdetach (struct knote *kn)
979 {
980         struct tty *tp = ((cdev_t)kn->kn_hook)->si_tty;
981
982         knote_remove(&tp->t_rkq.ki_note, kn);
983 }
984
985 static void
986 filt_ptcwdetach (struct knote *kn)
987 {
988         struct tty *tp = ((cdev_t)kn->kn_hook)->si_tty;
989
990         knote_remove(&tp->t_wkq.ki_note, kn);
991 }
992
993 /*
994  * I/O ops
995  */
996 static  int
997 ptcwrite(struct dev_write_args *ap)
998 {
999         cdev_t dev = ap->a_head.a_dev;
1000         struct tty *tp = dev->si_tty;
1001         u_char *cp = NULL;
1002         int cc = 0;
1003         u_char locbuf[BUFSIZ];
1004         int cnt = 0;
1005         struct pt_ioctl *pti = dev->si_drv1;
1006         int error = 0;
1007
1008         lwkt_gettoken(&pti->pt_tty.t_token);
1009         lwkt_gettoken(&tp->t_token);
1010 again:
1011         if ((tp->t_state&TS_ISOPEN) == 0)
1012                 goto block;
1013         if (pti->pt_flags & PF_REMOTE) {
1014                 if (tp->t_canq.c_cc)
1015                         goto block;
1016                 while ((ap->a_uio->uio_resid > 0 || cc > 0) &&
1017                        tp->t_canq.c_cc < TTYHOG - 1) {
1018                         if (cc == 0) {
1019                                 cc = (int)szmin(ap->a_uio->uio_resid, BUFSIZ);
1020                                 cc = imin(cc, TTYHOG - 1 - tp->t_canq.c_cc);
1021                                 cp = locbuf;
1022                                 error = uiomove(cp, (size_t)cc, ap->a_uio);
1023                                 if (error) {
1024                                         lwkt_reltoken(&tp->t_token);
1025                                         lwkt_reltoken(&pti->pt_tty.t_token);
1026                                         return (error);
1027                                 }
1028                                 /* check again for safety */
1029                                 if ((tp->t_state & TS_ISOPEN) == 0) {
1030                                         /* adjust as usual */
1031                                         ap->a_uio->uio_resid += cc;
1032                                         lwkt_reltoken(&tp->t_token);
1033                                         lwkt_reltoken(&pti->pt_tty.t_token);
1034                                         return (EIO);
1035                                 }
1036                         }
1037                         if (cc > 0) {
1038                                 cc = clist_btoq((char *)cp, cc, &tp->t_canq);
1039                                 /*
1040                                  * XXX we don't guarantee that the canq size
1041                                  * is >= TTYHOG, so the above btoq() may
1042                                  * leave some bytes uncopied.  However, space
1043                                  * is guaranteed for the null terminator if
1044                                  * we don't fail here since (TTYHOG - 1) is
1045                                  * not a multiple of CBSIZE.
1046                                  */
1047                                 if (cc > 0)
1048                                         break;
1049                         }
1050                 }
1051                 /* adjust for data copied in but not written */
1052                 ap->a_uio->uio_resid += cc;
1053                 clist_putc(0, &tp->t_canq);
1054                 ttwakeup(tp);
1055                 wakeup(TSA_PTS_READ(tp));
1056                 lwkt_reltoken(&tp->t_token);
1057                 lwkt_reltoken(&pti->pt_tty.t_token);
1058
1059                 return (0);
1060         }
1061         while (ap->a_uio->uio_resid > 0 || cc > 0) {
1062                 if (cc == 0) {
1063                         cc = (int)szmin(ap->a_uio->uio_resid, BUFSIZ);
1064                         cp = locbuf;
1065                         error = uiomove(cp, (size_t)cc, ap->a_uio);
1066                         if (error) {
1067                                 lwkt_reltoken(&tp->t_token);
1068                                 lwkt_reltoken(&pti->pt_tty.t_token);
1069                                 return (error);
1070                         }
1071                         /* check again for safety */
1072                         if ((tp->t_state & TS_ISOPEN) == 0) {
1073                                 /* adjust for data copied in but not written */
1074                                 ap->a_uio->uio_resid += cc;
1075                                 lwkt_reltoken(&tp->t_token);
1076                                 lwkt_reltoken(&pti->pt_tty.t_token);
1077                                 return (EIO);
1078                         }
1079                 }
1080                 while (cc > 0) {
1081                         if ((tp->t_rawq.c_cc + tp->t_canq.c_cc) >= TTYHOG - 2 &&
1082                            (tp->t_canq.c_cc > 0 || !(tp->t_lflag&ICANON))) {
1083                                 wakeup(TSA_HUP_OR_INPUT(tp));
1084                                 goto block;
1085                         }
1086                         (*linesw[tp->t_line].l_rint)(*cp++, tp);
1087                         cnt++;
1088                         cc--;
1089                 }
1090                 cc = 0;
1091         }
1092         lwkt_reltoken(&tp->t_token);
1093         lwkt_reltoken(&pti->pt_tty.t_token);
1094         return (0);
1095 block:
1096         /*
1097          * Come here to wait for slave to open, for space
1098          * in outq, or space in rawq, or an empty canq.
1099          */
1100         if ((tp->t_state & TS_CONNECTED) == 0) {
1101                 /* adjust for data copied in but not written */
1102                 ap->a_uio->uio_resid += cc;
1103                 lwkt_reltoken(&tp->t_token);
1104                 lwkt_reltoken(&pti->pt_tty.t_token);
1105                 return (EIO);
1106         }
1107         if (ap->a_ioflag & IO_NDELAY) {
1108                 /* adjust for data copied in but not written */
1109                 ap->a_uio->uio_resid += cc;
1110                 if (cnt == 0) {
1111                         lwkt_reltoken(&tp->t_token);
1112                         lwkt_reltoken(&pti->pt_tty.t_token);
1113                         return (EWOULDBLOCK);
1114                 }
1115                 lwkt_reltoken(&tp->t_token);
1116                 lwkt_reltoken(&pti->pt_tty.t_token);
1117                 return (0);
1118         }
1119         error = tsleep(TSA_PTC_WRITE(tp), PCATCH, "ptcout", 0);
1120         if (error) {
1121                 /* adjust for data copied in but not written */
1122                 ap->a_uio->uio_resid += cc;
1123                 lwkt_reltoken(&tp->t_token);
1124                 lwkt_reltoken(&pti->pt_tty.t_token);
1125                 return (error);
1126         }
1127         goto again;
1128 }
1129
1130 /*ARGSUSED*/
1131 static  int
1132 ptyioctl(struct dev_ioctl_args *ap)
1133 {
1134         cdev_t dev = ap->a_head.a_dev;
1135         struct tty *tp = dev->si_tty;
1136         struct pt_ioctl *pti = dev->si_drv1;
1137         u_char *cc = tp->t_cc;
1138         int stop, error;
1139
1140         lwkt_gettoken(&pti->pt_tty.t_token);
1141         lwkt_gettoken(&tp->t_token);
1142
1143         if (dev_dflags(dev) & D_MASTER) {
1144                 switch (ap->a_cmd) {
1145
1146                 case TIOCGPGRP:
1147                         /*
1148                          * We avoid calling ttioctl on the controller since,
1149                          * in that case, tp must be the controlling terminal.
1150                          */
1151                         *(int *)ap->a_data = tp->t_pgrp ? tp->t_pgrp->pg_id : 0;
1152                         lwkt_reltoken(&tp->t_token);
1153                         lwkt_reltoken(&pti->pt_tty.t_token);
1154                         return (0);
1155
1156                 case TIOCPKT:
1157                         if (*(int *)ap->a_data) {
1158                                 if (pti->pt_flags & PF_UCNTL) {
1159                                         lwkt_reltoken(&tp->t_token);
1160                                         lwkt_reltoken(&pti->pt_tty.t_token);
1161                                         return (EINVAL);
1162                                 }
1163                                 pti->pt_flags |= PF_PKT;
1164                         } else {
1165                                 pti->pt_flags &= ~PF_PKT;
1166                         }
1167                         lwkt_reltoken(&tp->t_token);
1168                         lwkt_reltoken(&pti->pt_tty.t_token);
1169                         return (0);
1170
1171                 case TIOCUCNTL:
1172                         if (*(int *)ap->a_data) {
1173                                 if (pti->pt_flags & PF_PKT) {
1174                                         lwkt_reltoken(&tp->t_token);
1175                                         lwkt_reltoken(&pti->pt_tty.t_token);
1176                                         return (EINVAL);
1177                                 }
1178                                 pti->pt_flags |= PF_UCNTL;
1179                         } else {
1180                                 pti->pt_flags &= ~PF_UCNTL;
1181                         }
1182                         lwkt_reltoken(&tp->t_token);
1183                         lwkt_reltoken(&pti->pt_tty.t_token);
1184                         return (0);
1185
1186                 case TIOCREMOTE:
1187                         if (*(int *)ap->a_data)
1188                                 pti->pt_flags |= PF_REMOTE;
1189                         else
1190                                 pti->pt_flags &= ~PF_REMOTE;
1191                         ttyflush(tp, FREAD|FWRITE);
1192                         lwkt_reltoken(&tp->t_token);
1193                         lwkt_reltoken(&pti->pt_tty.t_token);
1194                         return (0);
1195
1196                 case TIOCISPTMASTER:
1197                         if ((pti->pt_flags & PF_UNIX98) &&
1198                             (pti->devc == dev)) {
1199                                 lwkt_reltoken(&tp->t_token);
1200                                 lwkt_reltoken(&pti->pt_tty.t_token);
1201                                 return (0);
1202                         } else {
1203                                 lwkt_reltoken(&tp->t_token);
1204                                 lwkt_reltoken(&pti->pt_tty.t_token);
1205                                 return (EINVAL);
1206                         }
1207                 }
1208
1209                 /*
1210                  * The rest of the ioctls shouldn't be called until 
1211                  * the slave is open.
1212                  */
1213                 if ((tp->t_state & TS_ISOPEN) == 0) {
1214                         lwkt_reltoken(&tp->t_token);
1215                         lwkt_reltoken(&pti->pt_tty.t_token);
1216                         return (EAGAIN);
1217                 }
1218
1219                 switch (ap->a_cmd) {
1220                 case TIOCSETD:
1221                 case TIOCSETA:
1222                 case TIOCSETAW:
1223                 case TIOCSETAF:
1224                         /*
1225                          * IF CONTROLLER STTY THEN MUST FLUSH TO PREVENT A HANG.
1226                          * ttywflush(tp) will hang if there are characters in
1227                          * the outq.
1228                          */
1229                         ndflush(&tp->t_outq, tp->t_outq.c_cc);
1230                         break;
1231
1232                 case TIOCSIG:
1233                         if (*(unsigned int *)ap->a_data >= NSIG ||
1234                             *(unsigned int *)ap->a_data == 0) {
1235                                 lwkt_reltoken(&tp->t_token);
1236                                 lwkt_reltoken(&pti->pt_tty.t_token);
1237                                 return(EINVAL);
1238                         }
1239                         if ((tp->t_lflag&NOFLSH) == 0)
1240                                 ttyflush(tp, FREAD|FWRITE);
1241                         pgsignal(tp->t_pgrp, *(unsigned int *)ap->a_data, 1);
1242                         if ((*(unsigned int *)ap->a_data == SIGINFO) &&
1243                             ((tp->t_lflag&NOKERNINFO) == 0))
1244                                 ttyinfo(tp);
1245                         lwkt_reltoken(&tp->t_token);
1246                         lwkt_reltoken(&pti->pt_tty.t_token);
1247                         return(0);
1248                 }
1249         }
1250         if (ap->a_cmd == TIOCEXT) {
1251                 /*
1252                  * When the EXTPROC bit is being toggled, we need
1253                  * to send an TIOCPKT_IOCTL if the packet driver
1254                  * is turned on.
1255                  */
1256                 if (*(int *)ap->a_data) {
1257                         if (pti->pt_flags & PF_PKT) {
1258                                 pti->pt_send |= TIOCPKT_IOCTL;
1259                                 ptcwakeup(tp, FREAD);
1260                         }
1261                         tp->t_lflag |= EXTPROC;
1262                 } else {
1263                         if ((tp->t_lflag & EXTPROC) &&
1264                             (pti->pt_flags & PF_PKT)) {
1265                                 pti->pt_send |= TIOCPKT_IOCTL;
1266                                 ptcwakeup(tp, FREAD);
1267                         }
1268                         tp->t_lflag &= ~EXTPROC;
1269                 }
1270                 lwkt_reltoken(&tp->t_token);
1271                 lwkt_reltoken(&pti->pt_tty.t_token);
1272                 return(0);
1273         }
1274         error = (*linesw[tp->t_line].l_ioctl)(tp, ap->a_cmd, ap->a_data,
1275                                               ap->a_fflag, ap->a_cred);
1276         if (error == ENOIOCTL)
1277                  error = ttioctl(tp, ap->a_cmd, ap->a_data, ap->a_fflag);
1278         if (error == ENOIOCTL) {
1279                 if (pti->pt_flags & PF_UCNTL &&
1280                     (ap->a_cmd & ~0xff) == UIOCCMD(0)) {
1281                         if (ap->a_cmd & 0xff) {
1282                                 pti->pt_ucntl = (u_char)ap->a_cmd;
1283                                 ptcwakeup(tp, FREAD);
1284                         }
1285                         lwkt_reltoken(&tp->t_token);
1286                         lwkt_reltoken(&pti->pt_tty.t_token);
1287                         return (0);
1288                 }
1289                 error = ENOTTY;
1290         }
1291         /*
1292          * If external processing and packet mode send ioctl packet.
1293          */
1294         if ((tp->t_lflag&EXTPROC) && (pti->pt_flags & PF_PKT)) {
1295                 switch(ap->a_cmd) {
1296                 case TIOCSETA:
1297                 case TIOCSETAW:
1298                 case TIOCSETAF:
1299                         pti->pt_send |= TIOCPKT_IOCTL;
1300                         ptcwakeup(tp, FREAD);
1301                 default:
1302                         break;
1303                 }
1304         }
1305         stop = (tp->t_iflag & IXON) && CCEQ(cc[VSTOP], CTRL('s'))
1306                 && CCEQ(cc[VSTART], CTRL('q'));
1307         if (pti->pt_flags & PF_NOSTOP) {
1308                 if (stop) {
1309                         pti->pt_send &= ~TIOCPKT_NOSTOP;
1310                         pti->pt_send |= TIOCPKT_DOSTOP;
1311                         pti->pt_flags &= ~PF_NOSTOP;
1312                         ptcwakeup(tp, FREAD);
1313                 }
1314         } else {
1315                 if (!stop) {
1316                         pti->pt_send &= ~TIOCPKT_DOSTOP;
1317                         pti->pt_send |= TIOCPKT_NOSTOP;
1318                         pti->pt_flags |= PF_NOSTOP;
1319                         ptcwakeup(tp, FREAD);
1320                 }
1321         }
1322         lwkt_reltoken(&tp->t_token);
1323         lwkt_reltoken(&pti->pt_tty.t_token);
1324
1325         return (error);
1326 }
1327
1328
1329 static void ptc_drvinit (void *unused);
1330
1331 SYSCTL_INT(_kern, OID_AUTO, pty_debug, CTLFLAG_RW, &pty_debug_level,
1332                 0, "Change pty debug level");
1333
1334 static void
1335 ptc_drvinit(void *unused)
1336 {
1337         int i;
1338
1339         /*
1340          * Unix98 pty stuff.
1341          * Create the clonable base device.
1342          */
1343         make_autoclone_dev(&ptc_ops, &DEVFS_CLONE_BITMAP(pty), ptyclone,
1344                            0, 0, 0666, "ptmx");
1345         ptis = kmalloc(sizeof(struct pt_ioctl *) * MAXPTYS, M_PTY,
1346                        M_WAITOK | M_ZERO);
1347
1348         for (i = 0; i < 256; i++) {
1349                 ptyinit(i);
1350         }
1351 }
1352
1353 SYSINIT(ptcdev, SI_SUB_DRIVERS, SI_ORDER_MIDDLE + CDEV_MAJOR_C,
1354         ptc_drvinit, NULL);