2 * Copyright (c) 2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2006 Robert N. M. Watson
4 * Copyright (c) 2006 Olivier Houchard
7 * This software was developed for the FreeBSD Project in part by Network
8 * Associates Laboratories, the Security Research Division of Network
9 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
10 * as part of the DARPA CHATS research program.
12 * Copyright (c) 1982, 1986, 1989, 1993
13 * The Regents of the University of California. All rights reserved.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 4. Neither the name of the University nor the names of its contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
27 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * @(#)tty_pty.c 8.4 (Berkeley) 2/20/95
42 #include <sys/cdefs.h>
43 __FBSDID("$FreeBSD$");
46 * Pseudo-teletype Driver
47 * (Actually two drivers, requiring two entries in 'cdevsw')
49 * XXX: This driver is currently disabled in FreeBSD 7.x due to reference
50 * count issues that prevent allocated but unused pty/pts devices from being
53 #include "opt_compat.h"
55 #include <sys/param.h>
56 #include <sys/systm.h>
58 #include <sys/mutex.h>
60 #if defined(COMPAT_43TTY)
61 #include <sys/ioctl_compat.h>
65 #include <sys/queue.h>
67 #include <sys/fcntl.h>
69 #include <sys/kernel.h>
70 #include <sys/vnode.h>
71 #include <sys/signalvar.h>
72 #include <sys/malloc.h>
74 #include <sys/sysctl.h>
75 #include <sys/filio.h>
77 static MALLOC_DEFINE(M_PTY, "ptys", "pty data structures");
79 static void ptsstart(struct tty *tp);
80 static void ptsstop(struct tty *tp, int rw);
81 static void ptcwakeup(struct tty *tp, int flag);
83 static d_open_t ptsopen;
84 static d_close_t ptsclose;
85 static d_read_t ptsread;
86 static d_write_t ptswrite;
87 static d_ioctl_t ptsioctl;
88 static d_ioctl_t ptcioctl;
89 static d_open_t ptcopen;
90 static d_close_t ptcclose;
91 static d_read_t ptcread;
92 static d_write_t ptcwrite;
93 static d_poll_t ptcpoll;
95 static struct cdevsw pts_cdevsw = {
96 .d_version = D_VERSION,
104 .d_flags = D_TTY | D_NEEDGIANT,
105 .d_kqfilter = ttykqfilter,
108 static struct cdevsw ptc_cdevsw = {
109 .d_version = D_VERSION,
117 .d_flags = D_TTY | D_NEEDGIANT,
118 .d_kqfilter = ttykqfilter,
121 #define BUFSIZ 100 /* Chunk size iomoved to/from user */
123 #define TSA_PTC_READ(tp) ((void *)&(tp)->t_outq.c_cf)
124 #define TSA_PTC_WRITE(tp) ((void *)&(tp)->t_rawq.c_cl)
125 #define TSA_PTS_READ(tp) ((void *)&(tp)->t_canq)
127 #define NUM_TO_MINOR(c) ((c & 0xff) | ((c & ~0xff) << 16))
129 * Once a tty is allocated, it cannot (currently) be freed. As such,
130 * we keep a global list of ptys that have been used so we can recycle
131 * them. Another list is provided for released pts, which are
132 * not currently allocated, permitting reuse. pt_flags holds state
133 * associated with a particular session, so isn't overloaded for this.
134 * When a pty descriptor is unused, its number is set to -1 giving
135 * more consistent and traditional allocation orders to pty numbers.
137 * Locking: (p) indicates that the field is locked by the global pt_mtx.
138 * (c) indicates the value is constant after allocation. Other fields
139 * await tty locking generally, and are protected by Giant.
142 int pt_num; /* (c) pty number */
143 LIST_ENTRY(pt_desc) pt_list; /* (p) global pty list */
146 struct selinfo pt_selr, pt_selw;
150 struct cdev *pt_devs, *pt_devc;
151 int pt_pts_open, pt_ptc_open;
152 struct prison *pt_prison;
155 static struct mtx pt_mtx;
156 static LIST_HEAD(,pt_desc) pt_list;
157 static LIST_HEAD(,pt_desc) pt_free_list;
159 #define PF_PKT 0x008 /* packet mode */
160 #define PF_STOPPED 0x010 /* user told stopped */
161 #define PF_NOSTOP 0x040
162 #define PF_UCNTL 0x080 /* user control mode */
164 static unsigned int next_avail_nb;
166 static int use_pts = 0;
168 static unsigned int max_pts = 1000;
170 static unsigned int nb_allocated;
172 TUNABLE_INT("kern.pts.enable", &use_pts);
174 SYSCTL_NODE(_kern, OID_AUTO, pts, CTLFLAG_RD, 0, "pts");
176 SYSCTL_INT(_kern_pts, OID_AUTO, enable, CTLFLAG_RW, &use_pts, 0,
179 SYSCTL_INT(_kern_pts, OID_AUTO, max, CTLFLAG_RW, &max_pts, 0, "max pts");
182 * If there's a free pty descriptor in the pty descriptor list, retrieve it.
183 * Otherwise, allocate a new one, initialize it, and hook it up. If there's
184 * not a tty number, reject.
186 static struct pt_desc *
193 if (nb_allocated >= max_pts || nb_allocated == 0xffffff) {
198 pt = LIST_FIRST(&pt_free_list);
200 LIST_REMOVE(pt, pt_list);
202 nb = next_avail_nb++;
204 pt = malloc(sizeof(*pt), M_PTY, M_WAITOK | M_ZERO);
205 pt->pt_tty = ttyalloc();
209 LIST_INSERT_HEAD(&pt_list, pt, pt_list);
215 * Release a pty descriptor back to the pool for reuse. The pty number
221 struct pt_desc *pt = (struct pt_desc *)v;
224 KASSERT(pt->pt_ptc_open == 0 && pt->pt_pts_open == 0,
225 ("pty_release: pts/%d freed while open\n", pt->pt_num));
226 KASSERT(pt->pt_devs == NULL && pt->pt_devc == NULL,
227 ("pty_release: pts/%d freed whith non-null struct cdev\n", pt->pt_num));
229 LIST_REMOVE(pt, pt_list);
230 LIST_INSERT_HEAD(&pt_free_list, pt, pt_list);
235 * Given a pty descriptor, if both endpoints are closed, release all
236 * resources and destroy the device nodes to flush file system level
237 * state for the tty (owner, avoid races, etc).
240 pty_maybecleanup(struct pt_desc *pt)
242 struct cdev *pt_devs, *pt_devc;
244 if (pt->pt_ptc_open || pt->pt_pts_open)
247 if (pt->pt_tty->t_refcnt > 1)
251 printf("destroying pty %d\n", pt->pt_num);
253 pt_devs = pt->pt_devs;
254 pt_devc = pt->pt_devc;
255 pt->pt_devs = pt->pt_devc = NULL;
256 pt->pt_tty->t_dev = NULL;
257 pt_devc->si_drv1 = NULL;
260 destroy_dev_sched(pt_devs);
261 destroy_dev_sched_cb(pt_devc, pty_release, pt);
266 ptsopen(struct cdev *dev, int flag, int devtype, struct thread *td)
274 if ((tp->t_state & TS_ISOPEN) == 0)
275 ttyinitmode(tp, 1, 0);
276 else if (tp->t_state & TS_XCLUDE && priv_check(td,
277 PRIV_TTY_EXCLUSIVE)) {
279 } else if (pt->pt_prison != td->td_ucred->cr_prison &&
280 priv_check(td, PRIV_TTY_PRISON)) {
283 if (tp->t_oproc) /* Ctrlr still around. */
285 while ((tp->t_state & TS_CARR_ON) == 0) {
286 if (flag & FNONBLOCK)
288 error = ttysleep(tp, TSA_CARR_ON(tp), TTIPRI | PCATCH,
293 error = ttyld_open(tp, dev);
295 ptcwakeup(tp, FREAD|FWRITE);
302 ptsclose(struct cdev *dev, int flag, int mode, struct thread *td)
304 struct pt_desc *pt = dev->si_drv1;
309 err = ttyld_close(tp, flag);
310 ptsstop(tp, FREAD|FWRITE);
311 (void) tty_close(tp);
313 pty_maybecleanup(pt);
318 ptsread(struct cdev *dev, struct uio *uio, int flag)
320 struct tty *tp = dev->si_tty;
324 error = ttyld_read(tp, uio, flag);
325 ptcwakeup(tp, FWRITE);
330 * Write to pseudo-tty.
331 * Wakeups of controlling tty will happen
332 * indirectly, when tty driver calls ptsstart.
335 ptswrite(struct cdev *dev, struct uio *uio, int flag)
340 if (tp->t_oproc == 0)
342 return (ttyld_write(tp, uio, flag));
346 * Start output on pseudo-tty.
347 * Wake up process selecting or sleeping for input from controlling tty.
350 ptsstart(struct tty *tp)
352 struct pt_desc *pt = tp->t_dev->si_drv1;
354 if (tp->t_state & TS_TTSTOP)
356 if (pt->pt_flags & PF_STOPPED) {
357 pt->pt_flags &= ~PF_STOPPED;
358 pt->pt_send = TIOCPKT_START;
360 ptcwakeup(tp, FREAD);
364 ptcwakeup(struct tty *tp, int flag)
366 struct pt_desc *pt = tp->t_dev->si_drv1;
369 selwakeup(&pt->pt_selr);
370 wakeup(TSA_PTC_READ(tp));
373 selwakeup(&pt->pt_selw);
374 wakeup(TSA_PTC_WRITE(tp));
379 * ptcopen implementes exclusive access to the master/control device
380 * as well as creating the slave device based on the credential of the
381 * process opening the master. By creating the slave here, we avoid
382 * a race to access the master in terms of having a process with access
383 * to an incorrectly owned slave, but it does create the possibility
384 * that a racing process can cause a ptmx user to get EIO if it gets
385 * there first. Consumers of ptmx must look for EIO and retry if it
386 * happens. VFS locking may actually prevent this from occurring due
387 * to the lookup into devfs holding the vnode lock through open, but
388 * it's better to be careful.
391 ptcopen(struct cdev *dev, int flag, int devtype, struct thread *td)
401 * In case we have destroyed the struct tty at the last connect time,
402 * we need to recreate it.
404 if (pt->pt_tty == NULL) {
407 if (pt->pt_tty == NULL) {
409 dev->si_tty = pt->pt_tty;
421 * XXX: Might want to make the ownership/permissions here more
427 pt->pt_devs = devs = make_dev_cred(&pts_cdevsw,
428 NUM_TO_MINOR(pt->pt_num),
429 td->td_ucred, UID_ROOT, GID_WHEEL, 0666, "pts/%d",
432 devs->si_tty = pt->pt_tty;
433 pt->pt_tty->t_dev = devs;
436 tp->t_oproc = ptsstart;
437 tp->t_stop = ptsstop;
439 tp->t_lflag &= ~EXTPROC;
441 pt->pt_prison = td->td_ucred->cr_prison;
450 ptcclose(struct cdev *dev, int flags, int fmt, struct thread *td)
452 struct pt_desc *pt = dev->si_drv1;
459 * XXX MDMBUF makes no sense for ptys but would inhibit the above
460 * l_modem(). CLOCAL makes sense but isn't supported. Special
461 * l_modem()s that ignore carrier drop make no sense for ptys but
462 * may be in use because other parts of the line discipline make
463 * sense for ptys. Recover by doing everything that a normal
464 * ttymodem() would have done except for sending a SIGHUP.
466 if (tp->t_state & TS_ISOPEN) {
467 tp->t_state &= ~(TS_CARR_ON | TS_CONNECTED);
468 tp->t_state |= TS_ZOMBIE;
469 ttyflush(tp, FREAD | FWRITE);
472 tp->t_oproc = 0; /* mark closed */
474 pty_maybecleanup(pt);
479 ptcread(struct cdev *dev, struct uio *uio, int flag)
481 struct tty *tp = dev->si_tty;
482 struct pt_desc *pt = dev->si_drv1;
487 * We want to block until the slave
488 * is open, and there's something to read;
489 * but if we lost the slave or we're NBIO,
490 * then return the appropriate error instead.
493 if (tp->t_state&TS_ISOPEN) {
494 if (pt->pt_flags&PF_PKT && pt->pt_send) {
495 error = ureadc((int)pt->pt_send, uio);
498 if (pt->pt_send & TIOCPKT_IOCTL) {
499 cc = min(uio->uio_resid,
500 sizeof(tp->t_termios));
501 uiomove(&tp->t_termios, cc, uio);
506 if (pt->pt_flags&PF_UCNTL && pt->pt_ucntl) {
507 error = ureadc((int)pt->pt_ucntl, uio);
513 if (tp->t_outq.c_cc && (tp->t_state&TS_TTSTOP) == 0)
516 if ((tp->t_state & TS_CONNECTED) == 0)
517 return (0); /* EOF */
518 if (flag & O_NONBLOCK)
519 return (EWOULDBLOCK);
520 error = tsleep(TSA_PTC_READ(tp), TTIPRI | PCATCH, "ptcin", 0);
524 if (pt->pt_flags & (PF_PKT|PF_UCNTL))
525 error = ureadc(0, uio);
526 while (uio->uio_resid > 0 && error == 0) {
527 cc = q_to_b(&tp->t_outq, buf, min(uio->uio_resid, BUFSIZ));
530 error = uiomove(buf, cc, uio);
537 ptsstop(struct tty *tp, int flush)
539 struct pt_desc *pt = tp->t_dev->si_drv1;
542 /* note: FLUSHREAD and FLUSHWRITE already ok */
544 flush = TIOCPKT_STOP;
545 pt->pt_flags |= PF_STOPPED;
547 pt->pt_flags &= ~PF_STOPPED;
548 pt->pt_send |= flush;
549 /* change of perspective */
559 ptcpoll(struct cdev *dev, int events, struct thread *td)
561 struct tty *tp = dev->si_tty;
562 struct pt_desc *pt = dev->si_drv1;
566 if ((tp->t_state & TS_CONNECTED) == 0)
568 (POLLHUP | POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM));
571 * Need to block timeouts (ttrstart).
575 if (events & (POLLIN | POLLRDNORM))
576 if ((tp->t_state & TS_ISOPEN) &&
577 ((tp->t_outq.c_cc && (tp->t_state & TS_TTSTOP) == 0) ||
578 ((pt->pt_flags & PF_PKT) && pt->pt_send) ||
579 ((pt->pt_flags & PF_UCNTL) && pt->pt_ucntl)))
580 revents |= events & (POLLIN | POLLRDNORM);
582 if (events & (POLLOUT | POLLWRNORM))
583 if (tp->t_state & TS_ISOPEN &&
584 (((tp->t_rawq.c_cc + tp->t_canq.c_cc < TTYHOG - 2) ||
585 (tp->t_canq.c_cc == 0 && (tp->t_lflag & ICANON)))))
586 revents |= events & (POLLOUT | POLLWRNORM);
588 if (events & POLLHUP)
589 if ((tp->t_state & TS_CARR_ON) == 0)
593 if (events & (POLLIN | POLLRDNORM))
594 selrecord(td, &pt->pt_selr);
596 if (events & (POLLOUT | POLLWRNORM))
597 selrecord(td, &pt->pt_selw);
605 ptcwrite(struct cdev *dev, struct uio *uio, int flag)
607 struct tty *tp = dev->si_tty;
610 u_char locbuf[BUFSIZ];
615 if ((tp->t_state&TS_ISOPEN) == 0)
617 while (uio->uio_resid > 0 || cc > 0) {
619 cc = min(uio->uio_resid, BUFSIZ);
621 error = uiomove(cp, cc, uio);
624 /* check again for safety */
625 if ((tp->t_state & TS_ISOPEN) == 0) {
626 /* adjust for data copied in but not written */
627 uio->uio_resid += cc;
632 if ((tp->t_rawq.c_cc + tp->t_canq.c_cc) >= TTYHOG - 2 &&
633 (tp->t_canq.c_cc > 0 || !(tp->t_lflag&ICANON))) {
634 wakeup(TSA_HUP_OR_INPUT(tp));
637 ttyld_rint(tp, *cp++);
646 * Come here to wait for slave to open, for space
647 * in outq, or space in rawq, or an empty canq.
649 if ((tp->t_state & TS_CONNECTED) == 0) {
650 /* adjust for data copied in but not written */
651 uio->uio_resid += cc;
654 if (flag & IO_NDELAY) {
655 /* adjust for data copied in but not written */
656 uio->uio_resid += cc;
658 return (EWOULDBLOCK);
661 error = tsleep(TSA_PTC_WRITE(tp), TTOPRI | PCATCH, "ptcout", 0);
663 /* adjust for data copied in but not written */
664 uio->uio_resid += cc;
671 ptcioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td)
673 struct tty *tp = dev->si_tty;
674 struct pt_desc *pt = dev->si_drv1;
675 #if defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD5) || \
676 defined(COMPAT_FREEBSD4) || defined(COMPAT_43)
684 * We avoid calling ttioctl on the controller since,
685 * in that case, tp must be the controlling terminal.
687 *(int *)data = tp->t_pgrp ? tp->t_pgrp->pg_id : 0;
692 if (pt->pt_flags & PF_UCNTL)
694 pt->pt_flags |= PF_PKT;
696 pt->pt_flags &= ~PF_PKT;
701 if (pt->pt_flags & PF_PKT)
703 pt->pt_flags |= PF_UCNTL;
705 pt->pt_flags &= ~PF_UCNTL;
708 *(unsigned int *)data = pt->pt_num;
713 * The rest of the ioctls shouldn't be called until
716 if ((tp->t_state & TS_ISOPEN) == 0) {
717 if (cmd == TIOCGETA) {
719 * TIOCGETA is used by isatty() to make sure it's
720 * a tty. Linux openpty() calls isatty() very early,
721 * before the slave is opened, so don't actually
722 * fill the struct termios, but just let isatty()
727 if (cmd != FIONBIO && cmd != FIOASYNC)
741 * IF CONTROLLER STTY THEN MUST FLUSH TO PREVENT A HANG.
742 * ttywflush(tp) will hang if there are characters in
745 ndflush(&tp->t_outq, tp->t_outq.c_cc);
748 #if defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD5) || \
749 defined(COMPAT_FREEBSD4) || defined(COMPAT_43)
751 ival = IOCPARM_IVAL(data);
752 data = (caddr_t)&ival;
756 if (*(unsigned int *)data >= NSIG ||
757 *(unsigned int *)data == 0)
759 if ((tp->t_lflag&NOFLSH) == 0)
760 ttyflush(tp, FREAD|FWRITE);
761 if (tp->t_pgrp != NULL) {
762 PGRP_LOCK(tp->t_pgrp);
763 pgsignal(tp->t_pgrp, *(unsigned int *)data, 1);
764 PGRP_UNLOCK(tp->t_pgrp);
766 if ((*(unsigned int *)data == SIGINFO) &&
767 ((tp->t_lflag&NOKERNINFO) == 0))
771 return (ptsioctl(dev, cmd, data, flag, td));
775 ptsioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td)
777 struct tty *tp = dev->si_tty;
778 struct pt_desc *pt = dev->si_drv1;
779 u_char *cc = tp->t_cc;
782 if (cmd == TIOCEXT) {
784 * When the EXTPROC bit is being toggled, we need
785 * to send an TIOCPKT_IOCTL if the packet driver
789 if (pt->pt_flags & PF_PKT) {
790 pt->pt_send |= TIOCPKT_IOCTL;
791 ptcwakeup(tp, FREAD);
793 tp->t_lflag |= EXTPROC;
795 if ((tp->t_lflag & EXTPROC) &&
796 (pt->pt_flags & PF_PKT)) {
797 pt->pt_send |= TIOCPKT_IOCTL;
798 ptcwakeup(tp, FREAD);
800 tp->t_lflag &= ~EXTPROC;
804 error = ttioctl(tp, cmd, data, flag);
805 if (error == ENOTTY) {
806 if (pt->pt_flags & PF_UCNTL &&
807 (cmd & ~0xff) == UIOCCMD(0)) {
809 pt->pt_ucntl = (u_char)cmd;
810 ptcwakeup(tp, FREAD);
817 * If external processing and packet mode send ioctl packet.
819 if ((tp->t_lflag&EXTPROC) && (pt->pt_flags & PF_PKT)) {
833 pt->pt_send |= TIOCPKT_IOCTL;
834 ptcwakeup(tp, FREAD);
840 stop = (tp->t_iflag & IXON) && CCEQ(cc[VSTOP], CTRL('s'))
841 && CCEQ(cc[VSTART], CTRL('q'));
842 if (pt->pt_flags & PF_NOSTOP) {
844 pt->pt_send &= ~TIOCPKT_NOSTOP;
845 pt->pt_send |= TIOCPKT_DOSTOP;
846 pt->pt_flags &= ~PF_NOSTOP;
847 ptcwakeup(tp, FREAD);
851 pt->pt_send &= ~TIOCPKT_DOSTOP;
852 pt->pt_send |= TIOCPKT_NOSTOP;
853 pt->pt_flags |= PF_NOSTOP;
854 ptcwakeup(tp, FREAD);
861 * Match lookups on /dev/ptmx, find the next free pty (if any), set up
862 * the pty descriptor, register it, and return a reference to the master.
864 * pts == /dev/pts/xxx (oldstyle: ttyp...)
865 * ptc == /dev/pty/xxx (oldstyle: ptyp...)
868 pty_clone(void *arg, struct ucred *cred, char *name, int namelen,
880 if (strcmp(name, "ptmx") != 0)
891 * XXX: Lack of locking here considered worrying. We expose the
892 * pts/pty device nodes before they are fully initialized, although
893 * Giant likely protects us (unless make_dev blocks...?).
895 * XXX: If a process performs a lookup on /dev/ptmx but never an
896 * open, we won't GC the device node. We should have a callout
897 * sometime later that GC's device instances that were never
898 * opened, or some way to tell devfs that "this had better be for
899 * an open() or we won't create a device".
901 pt->pt_devc = devc = make_dev_credf(MAKEDEV_REF, &ptc_cdevsw,
902 NUM_TO_MINOR(pt->pt_num), cred, UID_ROOT, GID_WHEEL, 0666,
903 "pty/%d", pt->pt_num);
906 devc->si_tty = pt->pt_tty;
911 printf("pty_clone: allocated pty %d to uid %d\n", pt->pt_num,
918 pty_drvinit(void *unused)
921 mtx_init(&pt_mtx, "pt_mtx", NULL, MTX_DEF);
923 LIST_INIT(&pt_free_list);
924 EVENTHANDLER_REGISTER(dev_clone, pty_clone, 0, 1000);
927 SYSINIT(ptydev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,pty_drvinit,NULL);