1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /*
27 * modctl system call for loadable module support.
28 */
29
30 #include <sys/param.h>
31 #include <sys/user.h>
32 #include <sys/systm.h>
33 #include <sys/exec.h>
34 #include <sys/file.h>
35 #include <sys/stat.h>
36 #include <sys/conf.h>
37 #include <sys/time.h>
38 #include <sys/reboot.h>
39 #include <sys/fs/ufs_fsdir.h>
40 #include <sys/kmem.h>
41 #include <sys/sysconf.h>
42 #include <sys/cmn_err.h>
43 #include <sys/ddi.h>
44 #include <sys/sunddi.h>
45 #include <sys/sunndi.h>
46 #include <sys/ndi_impldefs.h>
47 #include <sys/ddi_impldefs.h>
48 #include <sys/ddi_implfuncs.h>
49 #include <sys/bootconf.h>
50 #include <sys/dc_ki.h>
51 #include <sys/cladm.h>
52 #include <sys/dtrace.h>
53 #include <sys/kdi.h>
54
55 #include <sys/devpolicy.h>
56 #include <sys/modctl.h>
57 #include <sys/kobj.h>
58 #include <sys/devops.h>
59 #include <sys/autoconf.h>
60 #include <sys/hwconf.h>
61 #include <sys/callb.h>
62 #include <sys/debug.h>
63 #include <sys/cpuvar.h>
64 #include <sys/sysmacros.h>
65 #include <sys/sysevent.h>
66 #include <sys/sysevent_impl.h>
67 #include <sys/instance.h>
68 #include <sys/modhash.h>
69 #include <sys/modhash_impl.h>
70 #include <sys/dacf_impl.h>
71 #include <sys/vfs.h>
72 #include <sys/pathname.h>
73 #include <sys/console.h>
74 #include <sys/policy.h>
75 #include <ipp/ipp_impl.h>
76 #include <sys/fs/dv_node.h>
77 #include <sys/strsubr.h>
78 #include <sys/fs/sdev_impl.h>
79
80 static int mod_circdep(struct modctl *);
81 static int modinfo(modid_t, struct modinfo *);
82
83 static void mod_uninstall_all(void);
84 static int mod_getinfo(struct modctl *, struct modinfo *);
85 static struct modctl *allocate_modp(const char *, const char *);
86
87 static int mod_load(struct modctl *, int);
88 static void mod_unload(struct modctl *);
89 static int modinstall(struct modctl *);
90 static int moduninstall(struct modctl *);
91
92 static struct modctl *mod_hold_by_name_common(struct modctl *, const char *);
93 static struct modctl *mod_hold_next_by_id(modid_t);
94 static struct modctl *mod_hold_loaded_mod(struct modctl *, char *, int *);
95 static struct modctl *mod_hold_installed_mod(char *, int, int, int *);
96
97 static void mod_release(struct modctl *);
98 static void mod_make_requisite(struct modctl *, struct modctl *);
99 static int mod_install_requisites(struct modctl *);
100 static void check_esc_sequences(char *, char *);
101 static struct modctl *mod_hold_by_name_requisite(struct modctl *, char *);
102
103 /*
104 * module loading thread control structure. Calls to kobj_load_module()() are
105 * handled off to a separate thead using this structure.
106 */
107 struct loadmt {
108 ksema_t sema;
109 struct modctl *mp;
110 int usepath;
111 kthread_t *owner;
112 int retval;
113 };
114
115 static void modload_thread(struct loadmt *);
116
117 kcondvar_t mod_cv;
118 kcondvar_t mod_uninstall_cv; /* Communication between swapper */
119 /* and the uninstall daemon. */
120 kmutex_t mod_lock; /* protects &modules insert linkage, */
121 /* mod_busy, mod_want, and mod_ref. */
122 /* blocking operations while holding */
123 /* mod_lock should be avoided */
124 kmutex_t mod_uninstall_lock; /* protects mod_uninstall_cv */
125 kthread_id_t mod_aul_thread;
126
127 int modunload_wait;
128 kmutex_t modunload_wait_mutex;
129 kcondvar_t modunload_wait_cv;
130 int modunload_active_count;
131 int modunload_disable_count;
132
133 int isminiroot; /* set if running as miniroot */
134 int modrootloaded; /* set after root driver and fs are loaded */
135 int moddebug = 0x0; /* debug flags for module writers */
136 int swaploaded; /* set after swap driver and fs are loaded */
137 int bop_io_quiesced = 0; /* set when BOP I/O can no longer be used */
138 int last_module_id;
139 clock_t mod_uninstall_interval = 0;
140 int mod_uninstall_pass_max = 6;
141 int mod_uninstall_ref_zero; /* # modules that went mod_ref == 0 */
142 int mod_uninstall_pass_exc; /* mod_uninstall_all left new stuff */
143
144 int ddi_modclose_unload = 1; /* 0 -> just decrement reference */
145
146 int devcnt_incr = 256; /* allow for additional drivers */
147 int devcnt_min = 512; /* and always at least this number */
148
149 struct devnames *devnamesp;
150 struct devnames orphanlist;
151
152 krwlock_t devinfo_tree_lock; /* obsolete, to be removed */
153
154 #define MAJBINDFILE "/etc/name_to_major"
155 #define SYSBINDFILE "/etc/name_to_sysnum"
156
157 static char majbind[] = MAJBINDFILE;
158 static char sysbind[] = SYSBINDFILE;
159 static uint_t mod_autounload_key; /* for module autounload detection */
160
161 extern int obpdebug;
162
163 #define DEBUGGER_PRESENT ((boothowto & RB_DEBUG) || (obpdebug != 0))
164
165 static int minorperm_loaded = 0;
166
167 void
mod_setup(void)168 mod_setup(void)
169 {
170 struct sysent *callp;
171 int callnum, exectype;
172 int num_devs;
173 int i;
174
175 /*
176 * Initialize the list of loaded driver dev_ops.
177 * XXX - This must be done before reading the system file so that
178 * forceloads of drivers will work.
179 */
180 num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
181 /*
182 * Since read_binding_file is common code, it doesn't enforce that all
183 * of the binding file entries have major numbers <= MAXMAJ32. Thus,
184 * ensure that we don't allocate some massive amount of space due to a
185 * bad entry. We can't have major numbers bigger than MAXMAJ32
186 * until file system support for larger major numbers exists.
187 */
188
189 /*
190 * Leave space for expansion, but not more than L_MAXMAJ32
191 */
192 devcnt = MIN(num_devs + devcnt_incr, L_MAXMAJ32);
193 devcnt = MAX(devcnt, devcnt_min);
194 devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
195 for (i = 0; i < devcnt; i++)
196 devopsp[i] = &mod_nodev_ops;
197
198 init_devnamesp(devcnt);
199
200 /*
201 * Sync up with the work that the stand-alone linker has already done.
202 */
203 (void) kobj_sync();
204
205 if (boothowto & RB_DEBUG)
206 kdi_dvec_modavail();
207
208 make_aliases(mb_hashtab);
209
210 /*
211 * Initialize streams device implementation structures.
212 */
213 devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
214
215 /*
216 * If the cl_bootstrap module is present,
217 * we should be configured as a cluster. Loading this module
218 * will set "cluster_bootflags" to non-zero.
219 */
220 (void) modload("misc", "cl_bootstrap");
221
222 (void) read_binding_file(sysbind, sb_hashtab, make_mbind);
223 init_syscallnames(NSYSCALL);
224
225 /*
226 * Start up dynamic autoconfiguration framework (dacf).
227 */
228 mod_hash_init();
229 dacf_init();
230
231 /*
232 * Start up IP policy framework (ipp).
233 */
234 ipp_init();
235
236 /*
237 * Allocate loadable native system call locks.
238 */
239 for (callnum = 0, callp = sysent; callnum < NSYSCALL;
240 callnum++, callp++) {
241 if (LOADABLE_SYSCALL(callp)) {
242 if (mod_getsysname(callnum) != NULL) {
243 callp->sy_lock =
244 kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
245 rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
246 } else {
247 callp->sy_flags &= ~SE_LOADABLE;
248 callp->sy_callc = nosys;
249 }
250 #ifdef DEBUG
251 } else {
252 /*
253 * Do some sanity checks on the sysent table
254 */
255 switch (callp->sy_flags & SE_RVAL_MASK) {
256 case SE_32RVAL1:
257 /* only r_val1 returned */
258 case SE_32RVAL1 | SE_32RVAL2:
259 /* r_val1 and r_val2 returned */
260 case SE_64RVAL:
261 /* 64-bit rval returned */
262 break;
263 default:
264 cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
265 callnum, callp->sy_flags);
266 }
267 #endif
268 }
269 }
270
271 #ifdef _SYSCALL32_IMPL
272 /*
273 * Allocate loadable system call locks for 32-bit compat syscalls
274 */
275 for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
276 callnum++, callp++) {
277 if (LOADABLE_SYSCALL(callp)) {
278 if (mod_getsysname(callnum) != NULL) {
279 callp->sy_lock =
280 kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
281 rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
282 } else {
283 callp->sy_flags &= ~SE_LOADABLE;
284 callp->sy_callc = nosys;
285 }
286 #ifdef DEBUG
287 } else {
288 /*
289 * Do some sanity checks on the sysent table
290 */
291 switch (callp->sy_flags & SE_RVAL_MASK) {
292 case SE_32RVAL1:
293 /* only r_val1 returned */
294 case SE_32RVAL1 | SE_32RVAL2:
295 /* r_val1 and r_val2 returned */
296 case SE_64RVAL:
297 /* 64-bit rval returned */
298 break;
299 default:
300 cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
301 callnum, callp->sy_flags);
302 goto skip;
303 }
304
305 /*
306 * Cross-check the native and compatibility tables.
307 */
308 if (callp->sy_callc == nosys ||
309 sysent[callnum].sy_callc == nosys)
310 continue;
311 /*
312 * If only one or the other slot is loadable, then
313 * there's an error -- they should match!
314 */
315 if ((callp->sy_callc == loadable_syscall) ^
316 (sysent[callnum].sy_callc == loadable_syscall)) {
317 cmn_err(CE_WARN, "sysent[%d] loadable?",
318 callnum);
319 }
320 /*
321 * This is more of a heuristic test -- if the
322 * system call returns two values in the 32-bit
323 * world, it should probably return two 32-bit
324 * values in the 64-bit world too.
325 */
326 if (((callp->sy_flags & SE_32RVAL2) == 0) ^
327 ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
328 cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
329 callnum);
330 }
331 skip:;
332 #endif /* DEBUG */
333 }
334 }
335 #endif /* _SYSCALL32_IMPL */
336
337 /*
338 * Allocate loadable exec locks. (Assumes all execs are loadable)
339 */
340 for (exectype = 0; exectype < nexectype; exectype++) {
341 execsw[exectype].exec_lock =
342 kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
343 rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
344 }
345
346 read_class_file();
347
348 /* init thread specific structure for mod_uninstall_all */
349 tsd_create(&mod_autounload_key, NULL);
350 }
351
352 static int
modctl_modload(int use_path,char * filename,int * rvp)353 modctl_modload(int use_path, char *filename, int *rvp)
354 {
355 struct modctl *modp;
356 int retval = 0;
357 char *filenamep;
358 int modid;
359
360 filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
361
362 if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
363 retval = EFAULT;
364 goto out;
365 }
366
367 filenamep[MOD_MAXPATH - 1] = 0;
368 modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
369
370 if (modp == NULL)
371 goto out;
372
373 modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
374 modid = modp->mod_id;
375 mod_release_mod(modp);
376 CPU_STATS_ADDQ(CPU, sys, modload, 1);
377 if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
378 retval = EFAULT;
379 out:
380 kmem_free(filenamep, MOD_MAXPATH);
381
382 return (retval);
383 }
384
385 static int
modctl_modunload(modid_t id)386 modctl_modunload(modid_t id)
387 {
388 int rval = 0;
389
390 if (id == 0) {
391 #ifdef DEBUG
392 /*
393 * Turn on mod_uninstall_daemon
394 */
395 if (mod_uninstall_interval == 0) {
396 mod_uninstall_interval = 60;
397 modreap();
398 return (rval);
399 }
400 #endif
401 mod_uninstall_all();
402 } else {
403 rval = modunload(id);
404 }
405 return (rval);
406 }
407
408 static int
modctl_modinfo(modid_t id,struct modinfo * umodi)409 modctl_modinfo(modid_t id, struct modinfo *umodi)
410 {
411 int retval;
412 struct modinfo modi;
413 #if defined(_SYSCALL32_IMPL)
414 int nobase;
415 struct modinfo32 modi32;
416 #endif
417
418 if (get_udatamodel() == DATAMODEL_NATIVE) {
419 if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
420 return (EFAULT);
421 }
422 #ifdef _SYSCALL32_IMPL
423 else {
424 bzero(&modi, sizeof (modi));
425 if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
426 return (EFAULT);
427 modi.mi_info = modi32.mi_info;
428 modi.mi_id = modi32.mi_id;
429 modi.mi_nextid = modi32.mi_nextid;
430 nobase = modi.mi_info & MI_INFO_NOBASE;
431 }
432 #endif
433 /*
434 * This flag is -only- for the kernels use.
435 */
436 modi.mi_info &= ~MI_INFO_LINKAGE;
437
438 retval = modinfo(id, &modi);
439 if (retval)
440 return (retval);
441
442 if (get_udatamodel() == DATAMODEL_NATIVE) {
443 if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
444 retval = EFAULT;
445 #ifdef _SYSCALL32_IMPL
446 } else {
447 int i;
448
449 if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
450 return (EOVERFLOW);
451
452 modi32.mi_info = modi.mi_info;
453 modi32.mi_state = modi.mi_state;
454 modi32.mi_id = modi.mi_id;
455 modi32.mi_nextid = modi.mi_nextid;
456 modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
457 modi32.mi_size = modi.mi_size;
458 modi32.mi_rev = modi.mi_rev;
459 modi32.mi_loadcnt = modi.mi_loadcnt;
460 bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
461 for (i = 0; i < MODMAXLINK32; i++) {
462 modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
463 bcopy(modi.mi_msinfo[i].msi_linkinfo,
464 modi32.mi_msinfo[i].msi_linkinfo,
465 sizeof (modi32.mi_msinfo[0].msi_linkinfo));
466 }
467 if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
468 retval = EFAULT;
469 #endif
470 }
471
472 return (retval);
473 }
474
475 /*
476 * Return the last major number in the range of permissible major numbers.
477 */
478 /*ARGSUSED*/
479 static int
modctl_modreserve(modid_t id,int * data)480 modctl_modreserve(modid_t id, int *data)
481 {
482 if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
483 return (EFAULT);
484 return (0);
485 }
486
487 /* Add/Remove driver and binding aliases */
488 static int
modctl_update_driver_aliases(int add,int * data)489 modctl_update_driver_aliases(int add, int *data)
490 {
491 struct modconfig mc;
492 int i, n, rv = 0;
493 struct aliases alias;
494 struct aliases *ap;
495 char name[MAXMODCONFNAME];
496 char cname[MAXMODCONFNAME];
497 char *drvname;
498 int resid;
499 struct alias_info {
500 char *alias_name;
501 int alias_resid;
502 } *aliases, *aip;
503
504 bzero(&mc, sizeof (struct modconfig));
505 if (get_udatamodel() == DATAMODEL_NATIVE) {
506 if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
507 return (EFAULT);
508 }
509 #ifdef _SYSCALL32_IMPL
510 else {
511 struct modconfig32 modc32;
512 if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
513 return (EFAULT);
514 else {
515 bcopy(modc32.drvname, mc.drvname,
516 sizeof (modc32.drvname));
517 bcopy(modc32.drvclass, mc.drvclass,
518 sizeof (modc32.drvclass));
519 mc.major = modc32.major;
520 mc.flags = modc32.flags;
521 mc.num_aliases = modc32.num_aliases;
522 mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
523 }
524 }
525 #endif
526
527 /*
528 * If the driver is already in the mb_hashtab, and the name given
529 * doesn't match that driver's name, fail. Otherwise, pass, since
530 * we may be adding aliases.
531 */
532 drvname = mod_major_to_name(mc.major);
533 if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
534 return (EINVAL);
535
536 /*
537 * Precede alias removal by unbinding as many devices as possible.
538 */
539 if (add == 0) {
540 (void) i_ddi_unload_drvconf(mc.major);
541 i_ddi_unbind_devs(mc.major);
542 }
543
544 /*
545 * Add/remove each supplied driver alias to/from mb_hashtab
546 */
547 ap = mc.ap;
548 if (mc.num_aliases > 0)
549 aliases = kmem_zalloc(
550 mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
551 aip = aliases;
552 for (i = 0; i < mc.num_aliases; i++) {
553 bzero(&alias, sizeof (struct aliases));
554 if (get_udatamodel() == DATAMODEL_NATIVE) {
555 if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
556 rv = EFAULT;
557 goto error;
558 }
559 if (alias.a_len > MAXMODCONFNAME) {
560 rv = EINVAL;
561 goto error;
562 }
563 if (copyin(alias.a_name, name, alias.a_len) != 0) {
564 rv = EFAULT;
565 goto error;
566 }
567 if (name[alias.a_len - 1] != '\0') {
568 rv = EINVAL;
569 goto error;
570 }
571 }
572 #ifdef _SYSCALL32_IMPL
573 else {
574 struct aliases32 al32;
575 bzero(&al32, sizeof (struct aliases32));
576 if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
577 rv = EFAULT;
578 goto error;
579 }
580 if (al32.a_len > MAXMODCONFNAME) {
581 rv = EINVAL;
582 goto error;
583 }
584 if (copyin((void *)(uintptr_t)al32.a_name,
585 name, al32.a_len) != 0) {
586 rv = EFAULT;
587 goto error;
588 }
589 if (name[al32.a_len - 1] != '\0') {
590 rv = EINVAL;
591 goto error;
592 }
593 alias.a_next = (void *)(uintptr_t)al32.a_next;
594 }
595 #endif
596 check_esc_sequences(name, cname);
597 aip->alias_name = strdup(cname);
598 ap = alias.a_next;
599 aip++;
600 }
601
602 if (add == 0) {
603 ap = mc.ap;
604 resid = 0;
605 aip = aliases;
606 /* attempt to unbind all devices bound to each alias */
607 for (i = 0; i < mc.num_aliases; i++) {
608 n = i_ddi_unbind_devs_by_alias(
609 mc.major, aip->alias_name);
610 resid += n;
611 aip->alias_resid = n;
612 }
613
614 /*
615 * If some device bound to an alias remains in use,
616 * and override wasn't specified, no change is made to
617 * the binding state and we fail the operation.
618 */
619 if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
620 rv = EBUSY;
621 goto error;
622 }
623
624 /*
625 * No device remains bound of any of the aliases,
626 * or force was requested. Mark each alias as
627 * inactive via delete_mbind so no future binds
628 * to this alias take place and that a new
629 * binding can be established.
630 */
631 aip = aliases;
632 for (i = 0; i < mc.num_aliases; i++) {
633 if (moddebug & MODDEBUG_BINDING)
634 cmn_err(CE_CONT, "Removing binding for %s "
635 "(%d active references)\n",
636 aip->alias_name, aip->alias_resid);
637 delete_mbind(aip->alias_name, mb_hashtab);
638 aip++;
639 }
640 rv = 0;
641 } else {
642 aip = aliases;
643 for (i = 0; i < mc.num_aliases; i++) {
644 if (moddebug & MODDEBUG_BINDING)
645 cmn_err(CE_NOTE, "Adding binding for '%s'\n",
646 aip->alias_name);
647 (void) make_mbind(aip->alias_name,
648 mc.major, NULL, mb_hashtab);
649 aip++;
650 }
651 /*
652 * Try to establish an mbinding for mc.drvname, and add it to
653 * devnames. Add class if any after establishing the major
654 * number.
655 */
656 (void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
657 if ((rv = make_devname(mc.drvname, mc.major,
658 (mc.flags & MOD_ADDMAJBIND_UPDATE) ?
659 DN_DRIVER_INACTIVE : 0)) != 0) {
660 goto error;
661 }
662
663 if (mc.drvclass[0] != '\0')
664 add_class(mc.drvname, mc.drvclass);
665 if ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0) {
666 (void) i_ddi_load_drvconf(mc.major);
667 }
668 }
669
670 /*
671 * Ensure that all nodes are bound to the most appropriate driver
672 * possible, attempting demotion and rebind when a more appropriate
673 * driver now exists. But not when adding a driver update-only.
674 */
675 if ((add == 0) || ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0)) {
676 i_ddi_bind_devs();
677 i_ddi_di_cache_invalidate();
678 }
679
680 error:
681 if (mc.num_aliases > 0) {
682 aip = aliases;
683 for (i = 0; i < mc.num_aliases; i++) {
684 if (aip->alias_name != NULL)
685 strfree(aip->alias_name);
686 aip++;
687 }
688 kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
689 }
690 return (rv);
691 }
692
693 static int
modctl_add_driver_aliases(int * data)694 modctl_add_driver_aliases(int *data)
695 {
696 return (modctl_update_driver_aliases(1, data));
697 }
698
699 static int
modctl_remove_driver_aliases(int * data)700 modctl_remove_driver_aliases(int *data)
701 {
702 return (modctl_update_driver_aliases(0, data));
703 }
704
705 static int
modctl_rem_major(major_t major)706 modctl_rem_major(major_t major)
707 {
708 struct devnames *dnp;
709
710 if (major >= devcnt)
711 return (EINVAL);
712
713 /* mark devnames as removed */
714 dnp = &devnamesp[major];
715 LOCK_DEV_OPS(&dnp->dn_lock);
716 if (dnp->dn_name == NULL ||
717 (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
718 UNLOCK_DEV_OPS(&dnp->dn_lock);
719 return (EINVAL);
720 }
721 dnp->dn_flags |= DN_DRIVER_REMOVED;
722 pm_driver_removed(major);
723 UNLOCK_DEV_OPS(&dnp->dn_lock);
724
725 (void) i_ddi_unload_drvconf(major);
726 i_ddi_unbind_devs(major);
727 i_ddi_bind_devs();
728 i_ddi_di_cache_invalidate();
729
730 /* purge all the bindings to this driver */
731 purge_mbind(major, mb_hashtab);
732 return (0);
733 }
734
735 static struct vfs *
path_to_vfs(char * name)736 path_to_vfs(char *name)
737 {
738 vnode_t *vp;
739 struct vfs *vfsp;
740
741 if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
742 return (NULL);
743
744 vfsp = vp->v_vfsp;
745 VN_RELE(vp);
746 return (vfsp);
747 }
748
749 static int
new_vfs_in_modpath()750 new_vfs_in_modpath()
751 {
752 static int n_modpath = 0;
753 static char *modpath_copy;
754 static struct pathvfs {
755 char *path;
756 struct vfs *vfsp;
757 } *pathvfs;
758
759 int i, new_vfs = 0;
760 char *tmp, *tmp1;
761 struct vfs *vfsp;
762
763 if (n_modpath != 0) {
764 for (i = 0; i < n_modpath; i++) {
765 vfsp = path_to_vfs(pathvfs[i].path);
766 if (vfsp != pathvfs[i].vfsp) {
767 pathvfs[i].vfsp = vfsp;
768 if (vfsp)
769 new_vfs = 1;
770 }
771 }
772 return (new_vfs);
773 }
774
775 /*
776 * First call, initialize the pathvfs structure
777 */
778 modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
779 tmp = modpath_copy;
780 n_modpath = 1;
781 tmp1 = strchr(tmp, ' ');
782 while (tmp1) {
783 *tmp1 = '\0';
784 n_modpath++;
785 tmp = tmp1 + 1;
786 tmp1 = strchr(tmp, ' ');
787 }
788
789 pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
790 tmp = modpath_copy;
791 for (i = 0; i < n_modpath; i++) {
792 pathvfs[i].path = tmp;
793 vfsp = path_to_vfs(tmp);
794 pathvfs[i].vfsp = vfsp;
795 tmp += strlen(tmp) + 1;
796 }
797 return (1); /* always reread driver.conf the first time */
798 }
799
800 static int
modctl_load_drvconf(major_t major,int flags)801 modctl_load_drvconf(major_t major, int flags)
802 {
803 int ret;
804
805 /*
806 * devfsadm -u - read all new driver.conf files
807 * and bind and configure devices for new drivers.
808 */
809 if (flags & MOD_LOADDRVCONF_RECONF) {
810 (void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
811 i_ddi_bind_devs();
812 i_ddi_di_cache_invalidate();
813 return (0);
814 }
815
816 /*
817 * update_drv <drv> - reload driver.conf for the specified driver
818 */
819 if (major != DDI_MAJOR_T_NONE) {
820 ret = i_ddi_load_drvconf(major);
821 if (ret == 0)
822 i_ddi_bind_devs();
823 return (ret);
824 }
825
826 /*
827 * We are invoked to rescan new driver.conf files. It is
828 * only necessary if a new file system was mounted in the
829 * module_path. Because rescanning driver.conf files can
830 * take some time on older platforms (sun4m), the following
831 * code skips unnecessary driver.conf rescans to optimize
832 * boot performance.
833 */
834 if (new_vfs_in_modpath()) {
835 (void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
836 /*
837 * If we are still initializing io subsystem,
838 * load drivers with ddi-forceattach property
839 */
840 if (!i_ddi_io_initialized())
841 i_ddi_forceattach_drivers();
842 }
843 return (0);
844 }
845
846 /*
847 * Unload driver.conf file and follow up by attempting
848 * to rebind devices to more appropriate driver.
849 */
850 static int
modctl_unload_drvconf(major_t major)851 modctl_unload_drvconf(major_t major)
852 {
853 int ret;
854
855 if (major >= devcnt)
856 return (EINVAL);
857
858 ret = i_ddi_unload_drvconf(major);
859 if (ret != 0)
860 return (ret);
861 (void) i_ddi_unbind_devs(major);
862 i_ddi_bind_devs();
863
864 return (0);
865 }
866
867 static void
check_esc_sequences(char * str,char * cstr)868 check_esc_sequences(char *str, char *cstr)
869 {
870 int i;
871 size_t len;
872 char *p;
873
874 len = strlen(str);
875 for (i = 0; i < len; i++, str++, cstr++) {
876 if (*str != '\\') {
877 *cstr = *str;
878 } else {
879 p = str + 1;
880 /*
881 * we only handle octal escape sequences for SPACE
882 */
883 if (*p++ == '0' && *p++ == '4' && *p == '0') {
884 *cstr = ' ';
885 str += 3;
886 } else {
887 *cstr = *str;
888 }
889 }
890 }
891 *cstr = 0;
892 }
893
894 static int
modctl_getmodpathlen(int * data)895 modctl_getmodpathlen(int *data)
896 {
897 int len;
898 len = strlen(default_path);
899 if (copyout(&len, data, sizeof (len)) != 0)
900 return (EFAULT);
901 return (0);
902 }
903
904 static int
modctl_getmodpath(char * data)905 modctl_getmodpath(char *data)
906 {
907 if (copyout(default_path, data, strlen(default_path) + 1) != 0)
908 return (EFAULT);
909 return (0);
910 }
911
912 static int
modctl_read_sysbinding_file(void)913 modctl_read_sysbinding_file(void)
914 {
915 (void) read_binding_file(sysbind, sb_hashtab, make_mbind);
916 return (0);
917 }
918
919 static int
modctl_getmaj(char * uname,uint_t ulen,int * umajorp)920 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
921 {
922 char name[256];
923 int retval;
924 major_t major;
925
926 if (ulen == 0)
927 return (EINVAL);
928 if ((retval = copyinstr(uname, name,
929 (ulen < 256) ? ulen : 256, 0)) != 0)
930 return (retval);
931 if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
932 return (ENODEV);
933 if (copyout(&major, umajorp, sizeof (major_t)) != 0)
934 return (EFAULT);
935 return (0);
936 }
937
938 static char **
convert_constraint_string(char * constraints,size_t len)939 convert_constraint_string(char *constraints, size_t len)
940 {
941 int i;
942 int n;
943 char *p;
944 char **array;
945
946 ASSERT(constraints != NULL);
947 ASSERT(len > 0);
948
949 for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
950 ;
951
952 n = i;
953
954 if (n == 0) {
955 kmem_free(constraints, len);
956 return (NULL);
957 }
958
959 array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
960
961 for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
962 array[i] = i_ddi_strdup(p, KM_SLEEP);
963 }
964 array[n] = NULL;
965
966 kmem_free(constraints, len);
967
968 return (array);
969 }
970 /*ARGSUSED*/
971 static int
modctl_retire(char * path,char * uconstraints,size_t ulen)972 modctl_retire(char *path, char *uconstraints, size_t ulen)
973 {
974 char *pathbuf;
975 char *devpath;
976 size_t pathsz;
977 int retval;
978 char *constraints;
979 char **cons_array;
980
981 if (path == NULL)
982 return (EINVAL);
983
984 if ((uconstraints == NULL) ^ (ulen == 0))
985 return (EINVAL);
986
987 pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
988 retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
989 if (retval != 0) {
990 kmem_free(pathbuf, MAXPATHLEN);
991 return (retval);
992 }
993 devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
994 kmem_free(pathbuf, MAXPATHLEN);
995
996 /*
997 * First check if the device is already retired.
998 * If it is, then persist the retire anyway, just in case the retire
999 * store has got out of sync with the boot archive.
1000 */
1001 if (e_ddi_device_retired(devpath)) {
1002 cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
1003 (void) e_ddi_retire_persist(devpath);
1004 kmem_free(devpath, strlen(devpath) + 1);
1005 return (0);
1006 }
1007
1008 cons_array = NULL;
1009 if (uconstraints) {
1010 constraints = kmem_alloc(ulen, KM_SLEEP);
1011 if (copyin(uconstraints, constraints, ulen)) {
1012 kmem_free(constraints, ulen);
1013 kmem_free(devpath, strlen(devpath) + 1);
1014 return (EFAULT);
1015 }
1016 cons_array = convert_constraint_string(constraints, ulen);
1017 }
1018
1019 /*
1020 * Try to retire the device first. The following
1021 * routine will return an error only if the device
1022 * is not retireable i.e. retire constraints forbid
1023 * a retire. A return of success from this routine
1024 * indicates that device is retireable.
1025 */
1026 retval = e_ddi_retire_device(devpath, cons_array);
1027 if (retval != DDI_SUCCESS) {
1028 cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
1029 kmem_free(devpath, strlen(devpath) + 1);
1030 return (ENOTSUP);
1031 }
1032
1033 /*
1034 * Ok, the retire succeeded. Persist the retire.
1035 * If retiring a nexus, we need to only persist the
1036 * nexus retire. Any children of a retired nexus
1037 * are automatically covered by the retire store
1038 * code.
1039 */
1040 retval = e_ddi_retire_persist(devpath);
1041 if (retval != 0) {
1042 cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1043 "%s", retval, devpath);
1044 kmem_free(devpath, strlen(devpath) + 1);
1045 return (retval);
1046 }
1047 if (moddebug & MODDEBUG_RETIRE)
1048 cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1049
1050 kmem_free(devpath, strlen(devpath) + 1);
1051 return (0);
1052 }
1053
1054 static int
modctl_is_retired(char * path,int * statep)1055 modctl_is_retired(char *path, int *statep)
1056 {
1057 char *pathbuf;
1058 char *devpath;
1059 size_t pathsz;
1060 int error;
1061 int status;
1062
1063 if (path == NULL || statep == NULL)
1064 return (EINVAL);
1065
1066 pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1067 error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1068 if (error != 0) {
1069 kmem_free(pathbuf, MAXPATHLEN);
1070 return (error);
1071 }
1072 devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1073 kmem_free(pathbuf, MAXPATHLEN);
1074
1075 if (e_ddi_device_retired(devpath))
1076 status = 1;
1077 else
1078 status = 0;
1079 kmem_free(devpath, strlen(devpath) + 1);
1080
1081 return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1082 }
1083
1084 static int
modctl_unretire(char * path)1085 modctl_unretire(char *path)
1086 {
1087 char *pathbuf;
1088 char *devpath;
1089 size_t pathsz;
1090 int retired;
1091 int retval;
1092
1093 if (path == NULL)
1094 return (EINVAL);
1095
1096 pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1097 retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1098 if (retval != 0) {
1099 kmem_free(pathbuf, MAXPATHLEN);
1100 return (retval);
1101 }
1102 devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1103 kmem_free(pathbuf, MAXPATHLEN);
1104
1105 /*
1106 * We check if a device is retired (first) before
1107 * unpersisting the retire, because we use the
1108 * retire store to determine if a device is retired.
1109 * If we unpersist first, the device will always appear
1110 * to be unretired. For the rationale behind unpersisting
1111 * a device that is not retired, see the next comment.
1112 */
1113 retired = e_ddi_device_retired(devpath);
1114
1115 /*
1116 * We call unpersist unconditionally because the lookup
1117 * for retired devices (e_ddi_device_retired()), skips "bypassed"
1118 * devices. We still want to be able remove "bypassed" entries
1119 * from the persistent store, so we unpersist unconditionally
1120 * i.e. whether or not the entry is found on a lookup.
1121 *
1122 * e_ddi_retire_unpersist() returns 1 if it found and cleared
1123 * an entry from the retire store or 0 otherwise.
1124 */
1125 if (e_ddi_retire_unpersist(devpath))
1126 if (moddebug & MODDEBUG_RETIRE) {
1127 cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1128 devpath);
1129 }
1130
1131 /*
1132 * Check if the device is already unretired. If so,
1133 * the unretire becomes a NOP
1134 */
1135 if (!retired) {
1136 cmn_err(CE_NOTE, "Not retired: %s", devpath);
1137 kmem_free(devpath, strlen(devpath) + 1);
1138 return (0);
1139 }
1140
1141 retval = e_ddi_unretire_device(devpath);
1142 if (retval != 0) {
1143 cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1144 retval, devpath);
1145 }
1146
1147 kmem_free(devpath, strlen(devpath) + 1);
1148
1149 return (retval);
1150 }
1151
1152 static int
modctl_getname(char * uname,uint_t ulen,int * umajorp)1153 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1154 {
1155 char *name;
1156 major_t major;
1157
1158 if (copyin(umajorp, &major, sizeof (major)) != 0)
1159 return (EFAULT);
1160 if ((name = mod_major_to_name(major)) == NULL)
1161 return (ENODEV);
1162 if ((strlen(name) + 1) > ulen)
1163 return (ENOSPC);
1164 return (copyoutstr(name, uname, ulen, NULL));
1165 }
1166
1167 static int
modctl_devt2instance(dev_t dev,int * uinstancep)1168 modctl_devt2instance(dev_t dev, int *uinstancep)
1169 {
1170 int instance;
1171
1172 if ((instance = dev_to_instance(dev)) == -1)
1173 return (EINVAL);
1174
1175 return (copyout(&instance, uinstancep, sizeof (int)));
1176 }
1177
1178 /*
1179 * Return the sizeof of the device id.
1180 */
1181 static int
modctl_sizeof_devid(dev_t dev,uint_t * len)1182 modctl_sizeof_devid(dev_t dev, uint_t *len)
1183 {
1184 uint_t sz;
1185 ddi_devid_t devid;
1186
1187 /* get device id */
1188 if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1189 return (EINVAL);
1190
1191 sz = ddi_devid_sizeof(devid);
1192 ddi_devid_free(devid);
1193
1194 /* copyout device id size */
1195 if (copyout(&sz, len, sizeof (sz)) != 0)
1196 return (EFAULT);
1197
1198 return (0);
1199 }
1200
1201 /*
1202 * Return a copy of the device id.
1203 */
1204 static int
modctl_get_devid(dev_t dev,uint_t len,ddi_devid_t udevid)1205 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1206 {
1207 uint_t sz;
1208 ddi_devid_t devid;
1209 int err = 0;
1210
1211 /* get device id */
1212 if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1213 return (EINVAL);
1214
1215 sz = ddi_devid_sizeof(devid);
1216
1217 /* Error if device id is larger than space allocated */
1218 if (sz > len) {
1219 ddi_devid_free(devid);
1220 return (ENOSPC);
1221 }
1222
1223 /* copy out device id */
1224 if (copyout(devid, udevid, sz) != 0)
1225 err = EFAULT;
1226 ddi_devid_free(devid);
1227 return (err);
1228 }
1229
1230 /*
1231 * return the /devices paths associated with the specified devid and
1232 * minor name.
1233 */
1234 /*ARGSUSED*/
1235 static int
modctl_devid2paths(ddi_devid_t udevid,char * uminor_name,uint_t flag,size_t * ulensp,char * upaths)1236 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1237 size_t *ulensp, char *upaths)
1238 {
1239 ddi_devid_t devid = NULL;
1240 int devid_len;
1241 char *minor_name = NULL;
1242 dev_info_t *dip = NULL;
1243 int circ;
1244 struct ddi_minor_data *dmdp;
1245 char *path = NULL;
1246 int ulens;
1247 int lens;
1248 int len;
1249 dev_t *devlist = NULL;
1250 int ndevs;
1251 int i;
1252 int ret = 0;
1253
1254 /*
1255 * If upaths is NULL then we are only computing the amount of space
1256 * needed to hold the paths and returning the value in *ulensp. If we
1257 * are copying out paths then we get the amount of space allocated by
1258 * the caller. If the actual space needed for paths is larger, or
1259 * things are changing out from under us, then we return EAGAIN.
1260 */
1261 if (upaths) {
1262 if (ulensp == NULL)
1263 return (EINVAL);
1264 if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1265 return (EFAULT);
1266 }
1267
1268 /*
1269 * copyin enough of the devid to determine the length then
1270 * reallocate and copy in the entire devid.
1271 */
1272 devid_len = ddi_devid_sizeof(NULL);
1273 devid = kmem_alloc(devid_len, KM_SLEEP);
1274 if (copyin(udevid, devid, devid_len)) {
1275 ret = EFAULT;
1276 goto out;
1277 }
1278 len = devid_len;
1279 devid_len = ddi_devid_sizeof(devid);
1280 kmem_free(devid, len);
1281 devid = kmem_alloc(devid_len, KM_SLEEP);
1282 if (copyin(udevid, devid, devid_len)) {
1283 ret = EFAULT;
1284 goto out;
1285 }
1286
1287 /* copyin the minor name if specified. */
1288 minor_name = uminor_name;
1289 if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1290 (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1291 (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1292 minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1293 if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1294 ret = EFAULT;
1295 goto out;
1296 }
1297 }
1298
1299 /*
1300 * Use existing function to resolve the devid into a devlist.
1301 *
1302 * NOTE: there is a loss of spectype information in the current
1303 * ddi_lyr_devid_to_devlist implementation. We work around this by not
1304 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1305 * node forms in the loop processing the devlist below. It would be
1306 * best if at some point the use of this interface here was replaced
1307 * with a path oriented call.
1308 */
1309 if (ddi_lyr_devid_to_devlist(devid,
1310 (minor_name == DEVID_MINOR_NAME_ALL) ?
1311 DEVID_MINOR_NAME_ALL_CHR : minor_name,
1312 &ndevs, &devlist) != DDI_SUCCESS) {
1313 ret = EINVAL;
1314 goto out;
1315 }
1316
1317 /*
1318 * loop over the devlist, converting each devt to a path and doing
1319 * a copyout of the path and computation of the amount of space
1320 * needed to hold all the paths
1321 */
1322 path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1323 for (i = 0, lens = 0; i < ndevs; i++) {
1324
1325 /* find the dip associated with the dev_t */
1326 if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1327 continue;
1328
1329 /* loop over all the minor nodes, skipping ones we don't want */
1330 ndi_devi_enter(dip, &circ);
1331 for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1332 if ((dmdp->ddm_dev != devlist[i]) ||
1333 (dmdp->type != DDM_MINOR))
1334 continue;
1335
1336 if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1337 (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1338 (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1339 strcmp(minor_name, dmdp->ddm_name))
1340 continue;
1341 else {
1342 if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1343 (dmdp->ddm_spec_type != S_IFCHR))
1344 continue;
1345 if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1346 (dmdp->ddm_spec_type != S_IFBLK))
1347 continue;
1348 }
1349
1350 (void) ddi_pathname_minor(dmdp, path);
1351 len = strlen(path) + 1;
1352 *(path + len) = '\0'; /* set double termination */
1353 lens += len;
1354
1355 /* copyout the path with double terminations */
1356 if (upaths) {
1357 if (lens > ulens) {
1358 ret = EAGAIN;
1359 goto out;
1360 }
1361 if (copyout(path, upaths, len + 1)) {
1362 ret = EFAULT;
1363 goto out;
1364 }
1365 upaths += len;
1366 }
1367 }
1368 ndi_devi_exit(dip, circ);
1369 ddi_release_devi(dip);
1370 dip = NULL;
1371 }
1372 lens++; /* add one for double termination */
1373
1374 /* copy out the amount of space needed to hold the paths */
1375 if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1376 ret = EFAULT;
1377 goto out;
1378 }
1379 ret = 0;
1380
1381 out: if (dip) {
1382 ndi_devi_exit(dip, circ);
1383 ddi_release_devi(dip);
1384 }
1385 if (path)
1386 kmem_free(path, MAXPATHLEN);
1387 if (devlist)
1388 ddi_lyr_free_devlist(devlist, ndevs);
1389 if (minor_name &&
1390 (minor_name != DEVID_MINOR_NAME_ALL) &&
1391 (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1392 (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1393 kmem_free(minor_name, MAXPATHLEN);
1394 if (devid)
1395 kmem_free(devid, devid_len);
1396 return (ret);
1397 }
1398
1399 /*
1400 * Return the size of the minor name.
1401 */
1402 static int
modctl_sizeof_minorname(dev_t dev,int spectype,uint_t * len)1403 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1404 {
1405 uint_t sz;
1406 char *name;
1407
1408 /* get the minor name */
1409 if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1410 return (EINVAL);
1411
1412 sz = strlen(name) + 1;
1413 kmem_free(name, sz);
1414
1415 /* copy out the size of the minor name */
1416 if (copyout(&sz, len, sizeof (sz)) != 0)
1417 return (EFAULT);
1418
1419 return (0);
1420 }
1421
1422 /*
1423 * Return the minor name.
1424 */
1425 static int
modctl_get_minorname(dev_t dev,int spectype,uint_t len,char * uname)1426 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1427 {
1428 uint_t sz;
1429 char *name;
1430 int err = 0;
1431
1432 /* get the minor name */
1433 if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1434 return (EINVAL);
1435
1436 sz = strlen(name) + 1;
1437
1438 /* Error if the minor name is larger than the space allocated */
1439 if (sz > len) {
1440 kmem_free(name, sz);
1441 return (ENOSPC);
1442 }
1443
1444 /* copy out the minor name */
1445 if (copyout(name, uname, sz) != 0)
1446 err = EFAULT;
1447 kmem_free(name, sz);
1448 return (err);
1449 }
1450
1451 /*
1452 * Return the size of the (dev_t,spectype) devfspath name.
1453 */
1454 static int
modctl_devfspath_len(dev_t dev,int spectype,uint_t * len)1455 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1456 {
1457 uint_t sz;
1458 char *name;
1459
1460 /* get the path name */
1461 name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1462 if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1463 kmem_free(name, MAXPATHLEN);
1464 return (EINVAL);
1465 }
1466
1467 sz = strlen(name) + 1;
1468 kmem_free(name, MAXPATHLEN);
1469
1470 /* copy out the size of the path name */
1471 if (copyout(&sz, len, sizeof (sz)) != 0)
1472 return (EFAULT);
1473
1474 return (0);
1475 }
1476
1477 /*
1478 * Return the (dev_t,spectype) devfspath name.
1479 */
1480 static int
modctl_devfspath(dev_t dev,int spectype,uint_t len,char * uname)1481 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1482 {
1483 uint_t sz;
1484 char *name;
1485 int err = 0;
1486
1487 /* get the path name */
1488 name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1489 if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1490 kmem_free(name, MAXPATHLEN);
1491 return (EINVAL);
1492 }
1493
1494 sz = strlen(name) + 1;
1495
1496 /* Error if the path name is larger than the space allocated */
1497 if (sz > len) {
1498 kmem_free(name, MAXPATHLEN);
1499 return (ENOSPC);
1500 }
1501
1502 /* copy out the path name */
1503 if (copyout(name, uname, sz) != 0)
1504 err = EFAULT;
1505 kmem_free(name, MAXPATHLEN);
1506 return (err);
1507 }
1508
1509 /*
1510 * Return the size of the (major,instance) devfspath name.
1511 */
1512 static int
modctl_devfspath_mi_len(major_t major,int instance,uint_t * len)1513 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1514 {
1515 uint_t sz;
1516 char *name;
1517
1518 /* get the path name */
1519 name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1520 if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1521 kmem_free(name, MAXPATHLEN);
1522 return (EINVAL);
1523 }
1524
1525 sz = strlen(name) + 1;
1526 kmem_free(name, MAXPATHLEN);
1527
1528 /* copy out the size of the path name */
1529 if (copyout(&sz, len, sizeof (sz)) != 0)
1530 return (EFAULT);
1531
1532 return (0);
1533 }
1534
1535 /*
1536 * Return the (major_instance) devfspath name.
1537 * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1538 * return a path - it uses the instance tree.
1539 */
1540 static int
modctl_devfspath_mi(major_t major,int instance,uint_t len,char * uname)1541 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1542 {
1543 uint_t sz;
1544 char *name;
1545 int err = 0;
1546
1547 /* get the path name */
1548 name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1549 if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1550 kmem_free(name, MAXPATHLEN);
1551 return (EINVAL);
1552 }
1553
1554 sz = strlen(name) + 1;
1555
1556 /* Error if the path name is larger than the space allocated */
1557 if (sz > len) {
1558 kmem_free(name, MAXPATHLEN);
1559 return (ENOSPC);
1560 }
1561
1562 /* copy out the path name */
1563 if (copyout(name, uname, sz) != 0)
1564 err = EFAULT;
1565 kmem_free(name, MAXPATHLEN);
1566 return (err);
1567 }
1568
1569 static int
modctl_get_fbname(char * path)1570 modctl_get_fbname(char *path)
1571 {
1572 extern dev_t fbdev;
1573 char *pathname = NULL;
1574 int rval = 0;
1575
1576 /* make sure fbdev is set before we plunge in */
1577 if (fbdev == NODEV)
1578 return (ENODEV);
1579
1580 pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1581 if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1582 pathname)) == DDI_SUCCESS) {
1583 if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1584 rval = EFAULT;
1585 }
1586 }
1587 kmem_free(pathname, MAXPATHLEN);
1588 return (rval);
1589 }
1590
1591 /*
1592 * modctl_reread_dacf()
1593 * Reread the dacf rules database from the named binding file.
1594 * If NULL is specified, pass along the NULL, it means 'use the default'.
1595 */
1596 static int
modctl_reread_dacf(char * path)1597 modctl_reread_dacf(char *path)
1598 {
1599 int rval = 0;
1600 char *filename, *filenamep;
1601
1602 filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1603
1604 if (path == NULL) {
1605 filenamep = NULL;
1606 } else {
1607 if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1608 rval = EFAULT;
1609 goto out;
1610 }
1611 filenamep = filename;
1612 filenamep[MAXPATHLEN - 1] = '\0';
1613 }
1614
1615 rval = read_dacf_binding_file(filenamep);
1616 out:
1617 kmem_free(filename, MAXPATHLEN);
1618 return (rval);
1619 }
1620
1621 /*ARGSUSED*/
1622 static int
modctl_modevents(int subcmd,uintptr_t a2,uintptr_t a3,uintptr_t a4,uint_t flag)1623 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1624 uint_t flag)
1625 {
1626 int error = 0;
1627 char *filenamep;
1628
1629 switch (subcmd) {
1630
1631 case MODEVENTS_FLUSH:
1632 /* flush all currently queued events */
1633 log_sysevent_flushq(subcmd, flag);
1634 break;
1635
1636 case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1637 /*
1638 * bind door_upcall to filename
1639 * this should only be done once per invocation
1640 * of the event daemon.
1641 */
1642
1643 filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1644
1645 if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1646 error = EFAULT;
1647 } else {
1648 error = log_sysevent_filename(filenamep);
1649 }
1650 kmem_free(filenamep, MOD_MAXPATH);
1651 break;
1652
1653 case MODEVENTS_GETDATA:
1654 error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1655 (size_t)a3, (caddr_t)a4);
1656 break;
1657
1658 case MODEVENTS_FREEDATA:
1659 error = log_sysevent_free_data((sysevent_id_t *)a2);
1660 break;
1661 case MODEVENTS_POST_EVENT:
1662 error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1663 (sysevent_id_t *)a4);
1664 break;
1665 case MODEVENTS_REGISTER_EVENT:
1666 error = log_sysevent_register((char *)a2, (char *)a3,
1667 (se_pubsub_t *)a4);
1668 break;
1669 default:
1670 error = EINVAL;
1671 }
1672
1673 return (error);
1674 }
1675
1676 static void
free_mperm(mperm_t * mp)1677 free_mperm(mperm_t *mp)
1678 {
1679 int len;
1680
1681 if (mp->mp_minorname) {
1682 len = strlen(mp->mp_minorname) + 1;
1683 kmem_free(mp->mp_minorname, len);
1684 }
1685 kmem_free(mp, sizeof (mperm_t));
1686 }
1687
1688 #define MP_NO_DRV_ERR \
1689 "/etc/minor_perm: no driver for %s\n"
1690
1691 #define MP_EMPTY_MINOR \
1692 "/etc/minor_perm: empty minor name for driver %s\n"
1693
1694 #define MP_NO_MINOR \
1695 "/etc/minor_perm: no minor matching %s for driver %s\n"
1696
1697 /*
1698 * Remove mperm entry with matching minorname
1699 */
1700 static void
rem_minorperm(major_t major,char * drvname,mperm_t * mp,int is_clone)1701 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1702 {
1703 mperm_t **mp_head;
1704 mperm_t *freemp = NULL;
1705 struct devnames *dnp = &devnamesp[major];
1706 mperm_t **wildmp;
1707
1708 ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1709
1710 LOCK_DEV_OPS(&dnp->dn_lock);
1711 if (strcmp(mp->mp_minorname, "*") == 0) {
1712 wildmp = ((is_clone == 0) ?
1713 &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1714 if (*wildmp)
1715 freemp = *wildmp;
1716 *wildmp = NULL;
1717 } else {
1718 mp_head = &dnp->dn_mperm;
1719 while (*mp_head) {
1720 if (strcmp((*mp_head)->mp_minorname,
1721 mp->mp_minorname) != 0) {
1722 mp_head = &(*mp_head)->mp_next;
1723 continue;
1724 }
1725 /* remove the entry */
1726 freemp = *mp_head;
1727 *mp_head = freemp->mp_next;
1728 break;
1729 }
1730 }
1731 if (freemp) {
1732 if (moddebug & MODDEBUG_MINORPERM) {
1733 cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1734 drvname, freemp->mp_minorname,
1735 freemp->mp_mode & 0777,
1736 freemp->mp_uid, freemp->mp_gid);
1737 }
1738 free_mperm(freemp);
1739 } else {
1740 if (moddebug & MODDEBUG_MINORPERM) {
1741 cmn_err(CE_CONT, MP_NO_MINOR,
1742 drvname, mp->mp_minorname);
1743 }
1744 }
1745
1746 UNLOCK_DEV_OPS(&dnp->dn_lock);
1747 }
1748
1749 /*
1750 * Add minor perm entry
1751 */
1752 static void
add_minorperm(major_t major,char * drvname,mperm_t * mp,int is_clone)1753 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1754 {
1755 mperm_t **mp_head;
1756 mperm_t *freemp = NULL;
1757 struct devnames *dnp = &devnamesp[major];
1758 mperm_t **wildmp;
1759
1760 ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1761
1762 /*
1763 * Note that update_drv replace semantics require
1764 * replacing matching entries with the new permissions.
1765 */
1766 LOCK_DEV_OPS(&dnp->dn_lock);
1767 if (strcmp(mp->mp_minorname, "*") == 0) {
1768 wildmp = ((is_clone == 0) ?
1769 &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1770 if (*wildmp)
1771 freemp = *wildmp;
1772 *wildmp = mp;
1773 } else {
1774 mperm_t *p, *v = NULL;
1775 for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1776 if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1777 if (v == NULL)
1778 dnp->dn_mperm = mp;
1779 else
1780 v->mp_next = mp;
1781 mp->mp_next = p->mp_next;
1782 freemp = p;
1783 goto replaced;
1784 }
1785 }
1786 if (p == NULL) {
1787 mp_head = &dnp->dn_mperm;
1788 if (*mp_head == NULL) {
1789 *mp_head = mp;
1790 } else {
1791 mp->mp_next = *mp_head;
1792 *mp_head = mp;
1793 }
1794 }
1795 }
1796 replaced:
1797 if (freemp) {
1798 if (moddebug & MODDEBUG_MINORPERM) {
1799 cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1800 drvname, freemp->mp_minorname,
1801 freemp->mp_mode & 0777,
1802 freemp->mp_uid, freemp->mp_gid);
1803 }
1804 free_mperm(freemp);
1805 }
1806 if (moddebug & MODDEBUG_MINORPERM) {
1807 cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1808 drvname, mp->mp_minorname, mp->mp_mode & 0777,
1809 mp->mp_uid, mp->mp_gid);
1810 }
1811 UNLOCK_DEV_OPS(&dnp->dn_lock);
1812 }
1813
1814
1815 static int
process_minorperm(int cmd,nvlist_t * nvl)1816 process_minorperm(int cmd, nvlist_t *nvl)
1817 {
1818 char *minor;
1819 major_t major;
1820 mperm_t *mp;
1821 nvpair_t *nvp;
1822 char *name;
1823 int is_clone;
1824 major_t minmaj;
1825
1826 ASSERT(cmd == MODLOADMINORPERM ||
1827 cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1828
1829 nvp = NULL;
1830 while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1831 name = nvpair_name(nvp);
1832
1833 is_clone = 0;
1834 (void) nvpair_value_string(nvp, &minor);
1835 major = ddi_name_to_major(name);
1836 if (major != DDI_MAJOR_T_NONE) {
1837 mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1838 if (minor == NULL || strlen(minor) == 0) {
1839 if (moddebug & MODDEBUG_MINORPERM) {
1840 cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1841 }
1842 minor = "*";
1843 }
1844
1845 /*
1846 * The minor name of a node using the clone
1847 * driver must be the driver name. To avoid
1848 * multiple searches, we map entries in the form
1849 * clone:<driver> to <driver>:*. This also allows us
1850 * to filter out some of the litter in /etc/minor_perm.
1851 * Minor perm alias entries where the name is not
1852 * the driver kept on the clone list itself.
1853 * This all seems very fragile as a driver could
1854 * be introduced with an existing alias name.
1855 */
1856 if (strcmp(name, "clone") == 0) {
1857 minmaj = ddi_name_to_major(minor);
1858 if (minmaj != DDI_MAJOR_T_NONE) {
1859 if (moddebug & MODDEBUG_MINORPERM) {
1860 cmn_err(CE_CONT,
1861 "mapping %s:%s to %s:*\n",
1862 name, minor, minor);
1863 }
1864 major = minmaj;
1865 name = minor;
1866 minor = "*";
1867 is_clone = 1;
1868 }
1869 }
1870
1871 if (mp) {
1872 mp->mp_minorname =
1873 i_ddi_strdup(minor, KM_SLEEP);
1874 }
1875 } else {
1876 mp = NULL;
1877 if (moddebug & MODDEBUG_MINORPERM) {
1878 cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1879 }
1880 }
1881
1882 /* mode */
1883 nvp = nvlist_next_nvpair(nvl, nvp);
1884 ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1885 if (mp)
1886 (void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1887 /* uid */
1888 nvp = nvlist_next_nvpair(nvl, nvp);
1889 ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1890 if (mp)
1891 (void) nvpair_value_uint32(nvp, &mp->mp_uid);
1892 /* gid */
1893 nvp = nvlist_next_nvpair(nvl, nvp);
1894 ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1895 if (mp) {
1896 (void) nvpair_value_uint32(nvp, &mp->mp_gid);
1897
1898 if (cmd == MODREMMINORPERM) {
1899 rem_minorperm(major, name, mp, is_clone);
1900 free_mperm(mp);
1901 } else {
1902 add_minorperm(major, name, mp, is_clone);
1903 }
1904 }
1905 }
1906
1907 if (cmd == MODLOADMINORPERM)
1908 minorperm_loaded = 1;
1909
1910 /*
1911 * Reset permissions of cached dv_nodes
1912 */
1913 (void) devfs_reset_perm(DV_RESET_PERM);
1914
1915 return (0);
1916 }
1917
1918 static int
modctl_minorperm(int cmd,char * usrbuf,size_t buflen)1919 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1920 {
1921 int error;
1922 nvlist_t *nvl;
1923 char *buf = kmem_alloc(buflen, KM_SLEEP);
1924
1925 if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1926 kmem_free(buf, buflen);
1927 return (error);
1928 }
1929
1930 error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1931 kmem_free(buf, buflen);
1932 if (error)
1933 return (error);
1934
1935 error = process_minorperm(cmd, nvl);
1936 nvlist_free(nvl);
1937 return (error);
1938 }
1939
1940 struct walk_args {
1941 char *wa_drvname;
1942 list_t wa_pathlist;
1943 };
1944
1945 struct path_elem {
1946 char *pe_dir;
1947 char *pe_nodename;
1948 list_node_t pe_node;
1949 int pe_dirlen;
1950 };
1951
1952 /*ARGSUSED*/
1953 static int
modctl_inst_walker(const char * path,in_node_t * np,in_drv_t * dp,void * arg)1954 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1955 {
1956 struct walk_args *wargs = (struct walk_args *)arg;
1957 struct path_elem *pe;
1958 char *nodename;
1959
1960 /*
1961 * Search may be restricted to a single driver in the case of rem_drv
1962 */
1963 if (wargs->wa_drvname &&
1964 strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1965 return (INST_WALK_CONTINUE);
1966
1967 pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1968 pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1969 pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1970 ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1971 nodename = strrchr(pe->pe_dir, '/');
1972 *nodename++ = 0;
1973 pe->pe_nodename = nodename;
1974 list_insert_tail(&wargs->wa_pathlist, pe);
1975
1976 return (INST_WALK_CONTINUE);
1977 }
1978
1979 /*
1980 * /devices attribute nodes clean-up optionally performed
1981 * when removing a driver (rem_drv -C).
1982 *
1983 * Removing attribute nodes allows a machine to be reprovisioned
1984 * without the side-effect of inadvertently picking up stale
1985 * device node ownership or permissions.
1986 *
1987 * Preserving attributes (not performing cleanup) allows devices
1988 * attribute changes to be preserved across upgrades, as
1989 * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1990 */
1991 static int
modctl_remdrv_cleanup(const char * u_drvname)1992 modctl_remdrv_cleanup(const char *u_drvname)
1993 {
1994 struct walk_args *wargs;
1995 struct path_elem *pe;
1996 char *drvname;
1997 int err, rval = 0;
1998
1999 drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
2000 if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
2001 kmem_free(drvname, MAXMODCONFNAME);
2002 return (err);
2003 }
2004
2005 /*
2006 * First go through the instance database. For each
2007 * instance of a device bound to the driver being
2008 * removed, remove any underlying devfs attribute nodes.
2009 *
2010 * This is a two-step process. First we go through
2011 * the instance data itself, constructing a list of
2012 * the nodes discovered. The second step is then
2013 * to find and remove any devfs attribute nodes
2014 * for the instances discovered in the first step.
2015 * The two-step process avoids any difficulties
2016 * which could arise by holding the instance data
2017 * lock with simultaneous devfs operations.
2018 */
2019 wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2020
2021 wargs->wa_drvname = drvname;
2022 list_create(&wargs->wa_pathlist,
2023 sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2024
2025 (void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2026
2027 for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2028 pe = list_next(&wargs->wa_pathlist, pe)) {
2029 err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2030 (const char *)pe->pe_nodename);
2031 if (rval == 0)
2032 rval = err;
2033 }
2034
2035 while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2036 list_remove(&wargs->wa_pathlist, pe);
2037 kmem_free(pe->pe_dir, pe->pe_dirlen);
2038 kmem_free(pe, sizeof (*pe));
2039 }
2040 kmem_free(wargs, sizeof (*wargs));
2041
2042 /*
2043 * Pseudo nodes aren't recorded in the instance database
2044 * so any such nodes need to be handled separately.
2045 */
2046 err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2047 if (rval == 0)
2048 rval = err;
2049
2050 kmem_free(drvname, MAXMODCONFNAME);
2051 return (rval);
2052 }
2053
2054 /*
2055 * Perform a cleanup of non-existent /devices attribute nodes,
2056 * similar to rem_drv -C, but for all drivers/devices.
2057 * This is also optional, performed as part of devfsadm -C.
2058 */
2059 void
dev_devices_cleanup()2060 dev_devices_cleanup()
2061 {
2062 struct walk_args *wargs;
2063 struct path_elem *pe;
2064 dev_info_t *devi;
2065 char *path;
2066 int err;
2067
2068 /*
2069 * It's expected that all drivers have been loaded and
2070 * module unloading disabled while performing cleanup.
2071 */
2072 ASSERT(modunload_disable_count > 0);
2073
2074 wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2075 wargs->wa_drvname = NULL;
2076 list_create(&wargs->wa_pathlist,
2077 sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2078
2079 (void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2080
2081 path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2082
2083 for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2084 pe = list_next(&wargs->wa_pathlist, pe)) {
2085 (void) snprintf(path, MAXPATHLEN, "%s/%s",
2086 pe->pe_dir, pe->pe_nodename);
2087 devi = e_ddi_hold_devi_by_path(path, 0);
2088 if (devi != NULL) {
2089 ddi_release_devi(devi);
2090 } else {
2091 err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2092 (const char *)pe->pe_nodename);
2093 if (err) {
2094 cmn_err(CE_CONT,
2095 "devfs: %s: clean-up error %d\n",
2096 path, err);
2097 }
2098 }
2099 }
2100
2101 while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2102 list_remove(&wargs->wa_pathlist, pe);
2103 kmem_free(pe->pe_dir, pe->pe_dirlen);
2104 kmem_free(pe, sizeof (*pe));
2105 }
2106 kmem_free(wargs, sizeof (*wargs));
2107 kmem_free(path, MAXPATHLEN);
2108 }
2109
2110 static int
modctl_allocpriv(const char * name)2111 modctl_allocpriv(const char *name)
2112 {
2113 char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2114 int error;
2115
2116 if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2117 kmem_free(pstr, PRIVNAME_MAX);
2118 return (error);
2119 }
2120 error = priv_getbyname(pstr, PRIV_ALLOC);
2121 if (error < 0)
2122 error = -error;
2123 else
2124 error = 0;
2125 kmem_free(pstr, PRIVNAME_MAX);
2126 return (error);
2127 }
2128
2129 static int
modctl_devexists(const char * upath,int pathlen)2130 modctl_devexists(const char *upath, int pathlen)
2131 {
2132 char *path;
2133 int ret;
2134
2135 /*
2136 * copy in the path, including the terminating null
2137 */
2138 pathlen++;
2139 if (pathlen <= 1 || pathlen > MAXPATHLEN)
2140 return (EINVAL);
2141 path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2142 if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2143 ret = sdev_modctl_devexists(path);
2144 }
2145
2146 kmem_free(path, pathlen + 1);
2147 return (ret);
2148 }
2149
2150 static int
modctl_devreaddir(const char * udir,int udirlen,char * upaths,int64_t * ulensp)2151 modctl_devreaddir(const char *udir, int udirlen,
2152 char *upaths, int64_t *ulensp)
2153 {
2154 char *paths = NULL;
2155 char **dirlist = NULL;
2156 char *dir;
2157 int64_t ulens;
2158 int64_t lens;
2159 int i, n;
2160 int ret = 0;
2161 char *p;
2162 int npaths;
2163 int npaths_alloc;
2164
2165 /*
2166 * If upaths is NULL then we are only computing the amount of space
2167 * needed to return the paths, with the value returned in *ulensp. If we
2168 * are copying out paths then we get the amount of space allocated by
2169 * the caller. If the actual space needed for paths is larger, or
2170 * things are changing out from under us, then we return EAGAIN.
2171 */
2172 if (upaths) {
2173 if (ulensp == NULL)
2174 return (EINVAL);
2175 if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2176 return (EFAULT);
2177 }
2178
2179 /*
2180 * copyin the /dev path including terminating null
2181 */
2182 udirlen++;
2183 if (udirlen <= 1 || udirlen > MAXPATHLEN)
2184 return (EINVAL);
2185 dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2186 if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2187 goto err;
2188
2189 if ((ret = sdev_modctl_readdir(dir, &dirlist,
2190 &npaths, &npaths_alloc, 0)) != 0) {
2191 ASSERT(dirlist == NULL);
2192 goto err;
2193 }
2194
2195 lens = 0;
2196 for (i = 0; i < npaths; i++) {
2197 lens += strlen(dirlist[i]) + 1;
2198 }
2199 lens++; /* add one for double termination */
2200
2201 if (upaths) {
2202 if (lens > ulens) {
2203 ret = EAGAIN;
2204 goto out;
2205 }
2206
2207 paths = kmem_alloc(lens, KM_SLEEP);
2208
2209 p = paths;
2210 for (i = 0; i < npaths; i++) {
2211 n = strlen(dirlist[i]) + 1;
2212 bcopy(dirlist[i], p, n);
2213 p += n;
2214 }
2215 *p = 0;
2216
2217 if (copyout(paths, upaths, lens)) {
2218 ret = EFAULT;
2219 goto err;
2220 }
2221 }
2222
2223 out:
2224 /* copy out the amount of space needed to hold the paths */
2225 if (copyout(&lens, ulensp, sizeof (lens)))
2226 ret = EFAULT;
2227
2228 err:
2229 if (dirlist)
2230 sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2231 if (paths)
2232 kmem_free(paths, lens);
2233 kmem_free(dir, udirlen + 1);
2234 return (ret);
2235 }
2236
2237 static int
modctl_devemptydir(const char * udir,int udirlen,int * uempty)2238 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2239 {
2240 char *dir;
2241 int ret;
2242 char **dirlist = NULL;
2243 int npaths;
2244 int npaths_alloc;
2245 int empty;
2246
2247 /*
2248 * copyin the /dev path including terminating null
2249 */
2250 udirlen++;
2251 if (udirlen <= 1 || udirlen > MAXPATHLEN)
2252 return (EINVAL);
2253 dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2254 if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2255 goto err;
2256
2257 if ((ret = sdev_modctl_readdir(dir, &dirlist,
2258 &npaths, &npaths_alloc, 1)) != 0) {
2259 goto err;
2260 }
2261
2262 empty = npaths ? 0 : 1;
2263 if (copyout(&empty, uempty, sizeof (empty)))
2264 ret = EFAULT;
2265
2266 err:
2267 if (dirlist)
2268 sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2269 kmem_free(dir, udirlen + 1);
2270 return (ret);
2271 }
2272
2273 static int
modctl_hp(int subcmd,const char * path,char * cn_name,uintptr_t arg,uintptr_t rval)2274 modctl_hp(int subcmd, const char *path, char *cn_name, uintptr_t arg,
2275 uintptr_t rval)
2276 {
2277 int error = 0;
2278 size_t pathsz, namesz;
2279 char *devpath, *cn_name_str;
2280
2281 if (path == NULL)
2282 return (EINVAL);
2283
2284 devpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
2285 error = copyinstr(path, devpath, MAXPATHLEN, &pathsz);
2286 if (error != 0) {
2287 kmem_free(devpath, MAXPATHLEN);
2288 return (EFAULT);
2289 }
2290
2291 cn_name_str = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2292 error = copyinstr(cn_name, cn_name_str, MAXNAMELEN, &namesz);
2293 if (error != 0) {
2294 kmem_free(devpath, MAXPATHLEN);
2295 kmem_free(cn_name_str, MAXNAMELEN);
2296
2297 return (EFAULT);
2298 }
2299
2300 switch (subcmd) {
2301 case MODHPOPS_CHANGE_STATE:
2302 error = ddihp_modctl(DDI_HPOP_CN_CHANGE_STATE, devpath,
2303 cn_name_str, arg, NULL);
2304 break;
2305 case MODHPOPS_CREATE_PORT:
2306 /* Create an empty PORT */
2307 error = ddihp_modctl(DDI_HPOP_CN_CREATE_PORT, devpath,
2308 cn_name_str, NULL, NULL);
2309 break;
2310 case MODHPOPS_REMOVE_PORT:
2311 /* Remove an empty PORT */
2312 error = ddihp_modctl(DDI_HPOP_CN_REMOVE_PORT, devpath,
2313 cn_name_str, NULL, NULL);
2314 break;
2315 case MODHPOPS_BUS_GET:
2316 error = ddihp_modctl(DDI_HPOP_CN_GET_PROPERTY, devpath,
2317 cn_name_str, arg, rval);
2318 break;
2319 case MODHPOPS_BUS_SET:
2320 error = ddihp_modctl(DDI_HPOP_CN_SET_PROPERTY, devpath,
2321 cn_name_str, arg, rval);
2322 break;
2323 default:
2324 error = ENOTSUP;
2325 break;
2326 }
2327
2328 kmem_free(devpath, MAXPATHLEN);
2329 kmem_free(cn_name_str, MAXNAMELEN);
2330
2331 return (error);
2332 }
2333
2334 int
modctl_moddevname(int subcmd,uintptr_t a1,uintptr_t a2)2335 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2336 {
2337 int error = 0;
2338
2339 switch (subcmd) {
2340 case MODDEVNAME_LOOKUPDOOR:
2341 error = devname_filename_register((char *)a1);
2342 break;
2343 case MODDEVNAME_PROFILE:
2344 error = devname_profile_update((char *)a1, (size_t)a2);
2345 break;
2346 case MODDEVNAME_RECONFIG:
2347 i_ddi_set_reconfig();
2348 break;
2349 case MODDEVNAME_SYSAVAIL:
2350 i_ddi_set_sysavail();
2351 break;
2352 default:
2353 error = EINVAL;
2354 break;
2355 }
2356
2357 return (error);
2358 }
2359
2360 /*ARGSUSED5*/
2361 int
modctl(int cmd,uintptr_t a1,uintptr_t a2,uintptr_t a3,uintptr_t a4,uintptr_t a5)2362 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2363 uintptr_t a5)
2364 {
2365 int error = EINVAL;
2366 dev_t dev;
2367
2368 if (secpolicy_modctl(CRED(), cmd) != 0)
2369 return (set_errno(EPERM));
2370
2371 switch (cmd) {
2372 case MODLOAD: /* load a module */
2373 error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2374 break;
2375
2376 case MODUNLOAD: /* unload a module */
2377 error = modctl_modunload((modid_t)a1);
2378 break;
2379
2380 case MODINFO: /* get module status */
2381 error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2382 break;
2383
2384 case MODRESERVED: /* get last major number in range */
2385 error = modctl_modreserve((modid_t)a1, (int *)a2);
2386 break;
2387
2388 case MODSETMINIROOT: /* we are running in miniroot */
2389 isminiroot = 1;
2390 error = 0;
2391 break;
2392
2393 case MODADDMAJBIND: /* add major / driver alias bindings */
2394 error = modctl_add_driver_aliases((int *)a2);
2395 break;
2396
2397 case MODGETPATHLEN: /* get modpath length */
2398 error = modctl_getmodpathlen((int *)a2);
2399 break;
2400
2401 case MODGETPATH: /* get modpath */
2402 error = modctl_getmodpath((char *)a2);
2403 break;
2404
2405 case MODREADSYSBIND: /* read system call binding file */
2406 error = modctl_read_sysbinding_file();
2407 break;
2408
2409 case MODGETMAJBIND: /* get major number for named device */
2410 error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2411 break;
2412
2413 case MODGETNAME: /* get name of device given major number */
2414 error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2415 break;
2416
2417 case MODDEVT2INSTANCE:
2418 if (get_udatamodel() == DATAMODEL_NATIVE) {
2419 dev = (dev_t)a1;
2420 }
2421 #ifdef _SYSCALL32_IMPL
2422 else {
2423 dev = expldev(a1);
2424 }
2425 #endif
2426 error = modctl_devt2instance(dev, (int *)a2);
2427 break;
2428
2429 case MODSIZEOF_DEVID: /* sizeof device id of device given dev_t */
2430 if (get_udatamodel() == DATAMODEL_NATIVE) {
2431 dev = (dev_t)a1;
2432 }
2433 #ifdef _SYSCALL32_IMPL
2434 else {
2435 dev = expldev(a1);
2436 }
2437 #endif
2438 error = modctl_sizeof_devid(dev, (uint_t *)a2);
2439 break;
2440
2441 case MODGETDEVID: /* get device id of device given dev_t */
2442 if (get_udatamodel() == DATAMODEL_NATIVE) {
2443 dev = (dev_t)a1;
2444 }
2445 #ifdef _SYSCALL32_IMPL
2446 else {
2447 dev = expldev(a1);
2448 }
2449 #endif
2450 error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2451 break;
2452
2453 case MODSIZEOF_MINORNAME: /* sizeof minor nm (dev_t,spectype) */
2454 if (get_udatamodel() == DATAMODEL_NATIVE) {
2455 error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2456 (uint_t *)a3);
2457 }
2458 #ifdef _SYSCALL32_IMPL
2459 else {
2460 error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2461 (uint_t *)a3);
2462 }
2463
2464 #endif
2465 break;
2466
2467 case MODGETMINORNAME: /* get minor name of (dev_t,spectype) */
2468 if (get_udatamodel() == DATAMODEL_NATIVE) {
2469 error = modctl_get_minorname((dev_t)a1, (int)a2,
2470 (uint_t)a3, (char *)a4);
2471 }
2472 #ifdef _SYSCALL32_IMPL
2473 else {
2474 error = modctl_get_minorname(expldev(a1), (int)a2,
2475 (uint_t)a3, (char *)a4);
2476 }
2477 #endif
2478 break;
2479
2480 case MODGETDEVFSPATH_LEN: /* sizeof path nm of (dev_t,spectype) */
2481 if (get_udatamodel() == DATAMODEL_NATIVE) {
2482 error = modctl_devfspath_len((dev_t)a1, (int)a2,
2483 (uint_t *)a3);
2484 }
2485 #ifdef _SYSCALL32_IMPL
2486 else {
2487 error = modctl_devfspath_len(expldev(a1), (int)a2,
2488 (uint_t *)a3);
2489 }
2490
2491 #endif
2492 break;
2493
2494 case MODGETDEVFSPATH: /* get path name of (dev_t,spec) type */
2495 if (get_udatamodel() == DATAMODEL_NATIVE) {
2496 error = modctl_devfspath((dev_t)a1, (int)a2,
2497 (uint_t)a3, (char *)a4);
2498 }
2499 #ifdef _SYSCALL32_IMPL
2500 else {
2501 error = modctl_devfspath(expldev(a1), (int)a2,
2502 (uint_t)a3, (char *)a4);
2503 }
2504 #endif
2505 break;
2506
2507 case MODGETDEVFSPATH_MI_LEN: /* sizeof path nm of (major,instance) */
2508 error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2509 (uint_t *)a3);
2510 break;
2511
2512 case MODGETDEVFSPATH_MI: /* get path name of (major,instance) */
2513 error = modctl_devfspath_mi((major_t)a1, (int)a2,
2514 (uint_t)a3, (char *)a4);
2515 break;
2516
2517
2518 case MODEVENTS:
2519 error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2520 break;
2521
2522 case MODGETFBNAME: /* get the framebuffer name */
2523 error = modctl_get_fbname((char *)a1);
2524 break;
2525
2526 case MODREREADDACF: /* reread dacf rule database from given file */
2527 error = modctl_reread_dacf((char *)a1);
2528 break;
2529
2530 case MODLOADDRVCONF: /* load driver.conf file for major */
2531 error = modctl_load_drvconf((major_t)a1, (int)a2);
2532 break;
2533
2534 case MODUNLOADDRVCONF: /* unload driver.conf file for major */
2535 error = modctl_unload_drvconf((major_t)a1);
2536 break;
2537
2538 case MODREMMAJBIND: /* remove a major binding */
2539 error = modctl_rem_major((major_t)a1);
2540 break;
2541
2542 case MODREMDRVALIAS: /* remove a major/alias binding */
2543 error = modctl_remove_driver_aliases((int *)a2);
2544 break;
2545
2546 case MODDEVID2PATHS: /* get paths given devid */
2547 error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2548 (uint_t)a3, (size_t *)a4, (char *)a5);
2549 break;
2550
2551 case MODSETDEVPOLICY: /* establish device policy */
2552 error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2553 break;
2554
2555 case MODGETDEVPOLICY: /* get device policy */
2556 error = devpolicy_get((int *)a1, (size_t)a2,
2557 (devplcysys_t *)a3);
2558 break;
2559
2560 case MODALLOCPRIV:
2561 error = modctl_allocpriv((const char *)a1);
2562 break;
2563
2564 case MODGETDEVPOLICYBYNAME:
2565 error = devpolicy_getbyname((size_t)a1,
2566 (devplcysys_t *)a2, (char *)a3);
2567 break;
2568
2569 case MODLOADMINORPERM:
2570 case MODADDMINORPERM:
2571 case MODREMMINORPERM:
2572 error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2573 break;
2574
2575 case MODREMDRVCLEANUP:
2576 error = modctl_remdrv_cleanup((const char *)a1);
2577 break;
2578
2579 case MODDEVEXISTS: /* non-reconfiguring /dev lookup */
2580 error = modctl_devexists((const char *)a1, (size_t)a2);
2581 break;
2582
2583 case MODDEVREADDIR: /* non-reconfiguring /dev readdir */
2584 error = modctl_devreaddir((const char *)a1, (size_t)a2,
2585 (char *)a3, (int64_t *)a4);
2586 break;
2587
2588 case MODDEVEMPTYDIR: /* non-reconfiguring /dev emptydir */
2589 error = modctl_devemptydir((const char *)a1, (size_t)a2,
2590 (int *)a3);
2591 break;
2592
2593 case MODDEVNAME:
2594 error = modctl_moddevname((int)a1, a2, a3);
2595 break;
2596
2597 case MODRETIRE: /* retire device named by physpath a1 */
2598 error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2599 break;
2600
2601 case MODISRETIRED: /* check if a device is retired. */
2602 error = modctl_is_retired((char *)a1, (int *)a2);
2603 break;
2604
2605 case MODUNRETIRE: /* unretire device named by physpath a1 */
2606 error = modctl_unretire((char *)a1);
2607 break;
2608
2609 case MODHPOPS: /* hotplug operations */
2610 /* device named by physpath a2 and Connection name a3 */
2611 error = modctl_hp((int)a1, (char *)a2, (char *)a3, a4, a5);
2612 break;
2613
2614 default:
2615 error = EINVAL;
2616 break;
2617 }
2618
2619 return (error ? set_errno(error) : 0);
2620 }
2621
2622 /*
2623 * Calls to kobj_load_module()() are handled off to this routine in a
2624 * separate thread.
2625 */
2626 static void
modload_thread(struct loadmt * ltp)2627 modload_thread(struct loadmt *ltp)
2628 {
2629 /* load the module and signal the creator of this thread */
2630 kmutex_t cpr_lk;
2631 callb_cpr_t cpr_i;
2632
2633 mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2634 CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2635 /* borrow the devi lock from thread which invoked us */
2636 pm_borrow_lock(ltp->owner);
2637 ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2638 pm_return_lock();
2639 sema_v(<p->sema);
2640 mutex_enter(&cpr_lk);
2641 CALLB_CPR_EXIT(&cpr_i);
2642 mutex_destroy(&cpr_lk);
2643 thread_exit();
2644 }
2645
2646 /*
2647 * load a module, adding a reference if caller specifies rmodp. If rmodp
2648 * is specified then an errno is returned, otherwise a module index is
2649 * returned (-1 on error).
2650 */
2651 static int
modrload(const char * subdir,const char * filename,struct modctl ** rmodp)2652 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2653 {
2654 struct modctl *modp;
2655 size_t size;
2656 char *fullname;
2657 int retval = EINVAL;
2658 int id = -1;
2659
2660 if (rmodp)
2661 *rmodp = NULL; /* avoid garbage */
2662
2663 if (subdir != NULL) {
2664 /*
2665 * refuse / in filename to prevent "../" escapes.
2666 */
2667 if (strchr(filename, '/') != NULL)
2668 return (rmodp ? retval : id);
2669
2670 /*
2671 * allocate enough space for <subdir>/<filename><NULL>
2672 */
2673 size = strlen(subdir) + strlen(filename) + 2;
2674 fullname = kmem_zalloc(size, KM_SLEEP);
2675 (void) sprintf(fullname, "%s/%s", subdir, filename);
2676 } else {
2677 fullname = (char *)filename;
2678 }
2679
2680 modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2681 if (modp != NULL) {
2682 id = modp->mod_id;
2683 if (rmodp) {
2684 /* add mod_ref and return *rmodp */
2685 mutex_enter(&mod_lock);
2686 modp->mod_ref++;
2687 mutex_exit(&mod_lock);
2688 *rmodp = modp;
2689 }
2690 mod_release_mod(modp);
2691 CPU_STATS_ADDQ(CPU, sys, modload, 1);
2692 }
2693
2694 done: if (subdir != NULL)
2695 kmem_free(fullname, size);
2696 return (rmodp ? retval : id);
2697 }
2698
2699 /*
2700 * This is the primary kernel interface to load a module. It loads and
2701 * installs the named module. It does not hold mod_ref of the module, so
2702 * a module unload attempt can occur at any time - it is up to the
2703 * _fini/mod_remove implementation to determine if unload will succeed.
2704 */
2705 int
modload(const char * subdir,const char * filename)2706 modload(const char *subdir, const char *filename)
2707 {
2708 return (modrload(subdir, filename, NULL));
2709 }
2710
2711 /*
2712 * Load a module using a series of qualified names from most specific to least
2713 * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2714 * Value returned in *chosen
2715 * foo/bar.baz.1.2.3 3
2716 * foo/bar.baz.1.2 2
2717 * foo/bar.baz.1 1
2718 * foo/bar.baz 0
2719 *
2720 * Return the module ID on success; -1 if no module was loaded. On success
2721 * and if 'chosen' is not NULL we also return the number of suffices that
2722 * were in the module we chose to load.
2723 */
2724 int
modload_qualified(const char * subdir,const char * p1,const char * p2,const char * delim,uint_t suffv[],int suffc,int * chosen)2725 modload_qualified(const char *subdir, const char *p1,
2726 const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2727 {
2728 char path[MOD_MAXPATH];
2729 size_t n, resid = sizeof (path);
2730 char *p = path;
2731
2732 char **dotv;
2733 int i, rc, id;
2734 modctl_t *mp;
2735
2736 if (p2 != NULL)
2737 n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2738 else
2739 n = snprintf(p, resid, "%s/%s", subdir, p1);
2740
2741 if (n >= resid)
2742 return (-1);
2743
2744 p += n;
2745 resid -= n;
2746 dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2747
2748 for (i = 0; i < suffc; i++) {
2749 dotv[i] = p;
2750 n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2751
2752 if (n >= resid) {
2753 kmem_free(dotv, sizeof (char *) * (suffc + 1));
2754 return (-1);
2755 }
2756
2757 p += n;
2758 resid -= n;
2759 }
2760
2761 dotv[suffc] = p;
2762
2763 for (i = suffc; i >= 0; i--) {
2764 dotv[i][0] = '\0';
2765 mp = mod_hold_installed_mod(path, 1, 1, &rc);
2766
2767 if (mp != NULL) {
2768 kmem_free(dotv, sizeof (char *) * (suffc + 1));
2769 id = mp->mod_id;
2770 mod_release_mod(mp);
2771 if (chosen != NULL)
2772 *chosen = i;
2773 return (id);
2774 }
2775 }
2776
2777 kmem_free(dotv, sizeof (char *) * (suffc + 1));
2778 return (-1);
2779 }
2780
2781 /*
2782 * Load a module.
2783 */
2784 int
modloadonly(const char * subdir,const char * filename)2785 modloadonly(const char *subdir, const char *filename)
2786 {
2787 struct modctl *modp;
2788 char *fullname;
2789 size_t size;
2790 int id, retval;
2791
2792 if (subdir != NULL) {
2793 /*
2794 * allocate enough space for <subdir>/<filename><NULL>
2795 */
2796 size = strlen(subdir) + strlen(filename) + 2;
2797 fullname = kmem_zalloc(size, KM_SLEEP);
2798 (void) sprintf(fullname, "%s/%s", subdir, filename);
2799 } else {
2800 fullname = (char *)filename;
2801 }
2802
2803 modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2804 if (modp) {
2805 id = modp->mod_id;
2806 mod_release_mod(modp);
2807 }
2808
2809 if (subdir != NULL)
2810 kmem_free(fullname, size);
2811
2812 if (retval == 0)
2813 return (id);
2814 return (-1);
2815 }
2816
2817 /*
2818 * Try to uninstall and unload a module, removing a reference if caller
2819 * specifies rmodp.
2820 */
2821 static int
modunrload(modid_t id,struct modctl ** rmodp,int unload)2822 modunrload(modid_t id, struct modctl **rmodp, int unload)
2823 {
2824 struct modctl *modp;
2825 int retval;
2826
2827 if (rmodp)
2828 *rmodp = NULL; /* avoid garbage */
2829
2830 if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2831 return (EINVAL);
2832
2833 if (rmodp) {
2834 mutex_enter(&mod_lock);
2835 modp->mod_ref--;
2836 if (modp->mod_ref == 0)
2837 mod_uninstall_ref_zero++;
2838 mutex_exit(&mod_lock);
2839 *rmodp = modp;
2840 }
2841
2842 if (unload) {
2843 retval = moduninstall(modp);
2844 if (retval == 0) {
2845 mod_unload(modp);
2846 CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2847 } else if (retval == EALREADY)
2848 retval = 0; /* already unloaded, not an error */
2849 } else
2850 retval = 0;
2851
2852 mod_release_mod(modp);
2853 return (retval);
2854 }
2855
2856 /*
2857 * Uninstall and unload a module.
2858 */
2859 int
modunload(modid_t id)2860 modunload(modid_t id)
2861 {
2862 int retval;
2863
2864 /* synchronize with any active modunload_disable() */
2865 modunload_begin();
2866 if (ddi_root_node())
2867 (void) devfs_clean(ddi_root_node(), NULL, 0);
2868 retval = modunrload(id, NULL, 1);
2869 modunload_end();
2870 return (retval);
2871 }
2872
2873 /*
2874 * Return status of a loaded module.
2875 */
2876 static int
modinfo(modid_t id,struct modinfo * modinfop)2877 modinfo(modid_t id, struct modinfo *modinfop)
2878 {
2879 struct modctl *modp;
2880 modid_t mid;
2881 int i;
2882
2883 mid = modinfop->mi_id;
2884 if (modinfop->mi_info & MI_INFO_ALL) {
2885 while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2886 if ((modinfop->mi_info & MI_INFO_CNT) ||
2887 modp->mod_installed)
2888 break;
2889 mod_release_mod(modp);
2890 }
2891 if (modp == NULL)
2892 return (EINVAL);
2893 } else {
2894 modp = mod_hold_by_id(id);
2895 if (modp == NULL)
2896 return (EINVAL);
2897 if (!(modinfop->mi_info & MI_INFO_CNT) &&
2898 (modp->mod_installed == 0)) {
2899 mod_release_mod(modp);
2900 return (EINVAL);
2901 }
2902 }
2903
2904 modinfop->mi_rev = 0;
2905 modinfop->mi_state = 0;
2906 for (i = 0; i < MODMAXLINK; i++) {
2907 modinfop->mi_msinfo[i].msi_p0 = -1;
2908 modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2909 }
2910 if (modp->mod_loaded) {
2911 modinfop->mi_state = MI_LOADED;
2912 kobj_getmodinfo(modp->mod_mp, modinfop);
2913 }
2914 if (modp->mod_installed) {
2915 modinfop->mi_state |= MI_INSTALLED;
2916
2917 (void) mod_getinfo(modp, modinfop);
2918 }
2919
2920 modinfop->mi_id = modp->mod_id;
2921 modinfop->mi_loadcnt = modp->mod_loadcnt;
2922 (void) strcpy(modinfop->mi_name, modp->mod_modname);
2923
2924 mod_release_mod(modp);
2925 return (0);
2926 }
2927
2928 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2929 static char no_err[] = "No error function for weak stub %s";
2930
2931 /*
2932 * used by the stubs themselves to load and hold a module.
2933 * Returns 0 if the module is successfully held;
2934 * the stub needs to call mod_release_stub().
2935 * -1 if the stub should just call the err_fcn.
2936 * Note that this code is stretched out so that we avoid subroutine calls
2937 * and optimize for the most likely case. That is, the case where the
2938 * module is loaded and installed and not held. In that case we just inc
2939 * the mod_ref count and continue.
2940 */
2941 int
mod_hold_stub(struct mod_stub_info * stub)2942 mod_hold_stub(struct mod_stub_info *stub)
2943 {
2944 struct modctl *mp;
2945 struct mod_modinfo *mip;
2946
2947 mip = stub->mods_modinfo;
2948
2949 mutex_enter(&mod_lock);
2950
2951 /* we do mod_hold_by_modctl inline for speed */
2952
2953 mod_check_again:
2954 if ((mp = mip->mp) != NULL) {
2955 if (mp->mod_busy == 0) {
2956 if (mp->mod_installed) {
2957 /* increment the reference count */
2958 mp->mod_ref++;
2959 ASSERT(mp->mod_ref && mp->mod_installed);
2960 mutex_exit(&mod_lock);
2961 return (0);
2962 } else {
2963 mp->mod_busy = 1;
2964 mp->mod_inprogress_thread =
2965 (curthread == NULL ?
2966 (kthread_id_t)-1 : curthread);
2967 }
2968 } else {
2969 /*
2970 * wait one time and then go see if someone
2971 * else has resolved the stub (set mip->mp).
2972 */
2973 if (mod_hold_by_modctl(mp,
2974 MOD_WAIT_ONCE | MOD_LOCK_HELD))
2975 goto mod_check_again;
2976
2977 /*
2978 * what we have now may have been unloaded!, in
2979 * that case, mip->mp will be NULL, we'll hit this
2980 * module and load again..
2981 */
2982 cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2983 }
2984 mutex_exit(&mod_lock);
2985 } else {
2986 /* first time we've hit this module */
2987 mutex_exit(&mod_lock);
2988 mp = mod_hold_by_name(mip->modm_module_name);
2989 mip->mp = mp;
2990 }
2991
2992 /*
2993 * If we are here, it means that the following conditions
2994 * are satisfied.
2995 *
2996 * mip->mp != NULL
2997 * this thread has set the mp->mod_busy = 1
2998 * mp->mod_installed = 0
2999 *
3000 */
3001 ASSERT(mp != NULL);
3002 ASSERT(mp->mod_busy == 1);
3003
3004 if (mp->mod_installed == 0) {
3005 /* Module not loaded, if weak stub don't load it */
3006 if (stub->mods_flag & MODS_WEAK) {
3007 if (stub->mods_errfcn == NULL) {
3008 mod_release_mod(mp);
3009 cmn_err(CE_PANIC, no_err,
3010 mip->modm_module_name);
3011 }
3012 } else {
3013 /* Not a weak stub so load the module */
3014
3015 if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
3016 /*
3017 * If mod_load() was successful
3018 * and modinstall() failed, then
3019 * unload the module.
3020 */
3021 if (mp->mod_loaded)
3022 mod_unload(mp);
3023
3024 mod_release_mod(mp);
3025 if (stub->mods_errfcn == NULL) {
3026 cmn_err(CE_PANIC, mod_stub_err,
3027 mip->modm_module_name);
3028 } else {
3029 return (-1);
3030 }
3031 }
3032 }
3033 }
3034
3035 /*
3036 * At this point module is held and loaded. Release
3037 * the mod_busy and mod_inprogress_thread before
3038 * returning. We actually call mod_release() here so
3039 * that if another stub wants to access this module,
3040 * it can do so. mod_ref is incremented before mod_release()
3041 * is called to prevent someone else from snatching the
3042 * module from this thread.
3043 */
3044 mutex_enter(&mod_lock);
3045 mp->mod_ref++;
3046 ASSERT(mp->mod_ref &&
3047 (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3048 mod_release(mp);
3049 mutex_exit(&mod_lock);
3050 return (0);
3051 }
3052
3053 void
mod_release_stub(struct mod_stub_info * stub)3054 mod_release_stub(struct mod_stub_info *stub)
3055 {
3056 struct modctl *mp = stub->mods_modinfo->mp;
3057
3058 /* inline mod_release_mod */
3059 mutex_enter(&mod_lock);
3060 ASSERT(mp->mod_ref &&
3061 (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3062 mp->mod_ref--;
3063 if (mp->mod_ref == 0)
3064 mod_uninstall_ref_zero++;
3065 if (mp->mod_want) {
3066 mp->mod_want = 0;
3067 cv_broadcast(&mod_cv);
3068 }
3069 mutex_exit(&mod_lock);
3070 }
3071
3072 static struct modctl *
mod_hold_loaded_mod(struct modctl * dep,char * filename,int * status)3073 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
3074 {
3075 struct modctl *modp;
3076 int retval;
3077
3078 /*
3079 * Hold the module.
3080 */
3081 modp = mod_hold_by_name_requisite(dep, filename);
3082 if (modp) {
3083 retval = mod_load(modp, 1);
3084 if (retval != 0) {
3085 mod_release_mod(modp);
3086 modp = NULL;
3087 }
3088 *status = retval;
3089 } else {
3090 *status = ENOSPC;
3091 }
3092
3093 /*
3094 * if dep is not NULL, clear the module dependency information.
3095 * This information is set in mod_hold_by_name_common().
3096 */
3097 if (dep != NULL && dep->mod_requisite_loading != NULL) {
3098 ASSERT(dep->mod_busy);
3099 dep->mod_requisite_loading = NULL;
3100 }
3101
3102 return (modp);
3103 }
3104
3105 /*
3106 * hold, load, and install the named module
3107 */
3108 static struct modctl *
mod_hold_installed_mod(char * name,int usepath,int forcecheck,int * r)3109 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3110 {
3111 struct modctl *modp;
3112 int retval;
3113
3114 /*
3115 * Verify that that module in question actually exists on disk
3116 * before allocation of module structure by mod_hold_by_name.
3117 */
3118 if (modrootloaded && swaploaded || forcecheck) {
3119 if (!kobj_path_exists(name, usepath)) {
3120 *r = ENOENT;
3121 return (NULL);
3122 }
3123 }
3124
3125 /*
3126 * Hold the module.
3127 */
3128 modp = mod_hold_by_name(name);
3129 if (modp) {
3130 retval = mod_load(modp, usepath);
3131 if (retval != 0) {
3132 mod_release_mod(modp);
3133 modp = NULL;
3134 *r = retval;
3135 } else {
3136 if ((*r = modinstall(modp)) != 0) {
3137 /*
3138 * We loaded it, but failed to _init() it.
3139 * Be kind to developers -- force it
3140 * out of memory now so that the next
3141 * attempt to use the module will cause
3142 * a reload. See 1093793.
3143 */
3144 mod_unload(modp);
3145 mod_release_mod(modp);
3146 modp = NULL;
3147 }
3148 }
3149 } else {
3150 *r = ENOSPC;
3151 }
3152 return (modp);
3153 }
3154
3155 static char mod_excl_msg[] =
3156 "module %s(%s) is EXCLUDED and will not be loaded\n";
3157 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3158
3159 /*
3160 * This routine is needed for dependencies. Users specify dependencies
3161 * by declaring a character array initialized to filenames of dependents.
3162 * So the code that handles dependents deals with filenames (and not
3163 * module names) because that's all it has. We load by filename and once
3164 * we've loaded a file we can get the module name.
3165 * Unfortunately there isn't a single unified filename/modulename namespace.
3166 * C'est la vie.
3167 *
3168 * We allow the name being looked up to be prepended by an optional
3169 * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3170 */
3171 struct modctl *
mod_find_by_filename(char * subdir,char * filename)3172 mod_find_by_filename(char *subdir, char *filename)
3173 {
3174 struct modctl *mp;
3175 size_t sublen;
3176
3177 ASSERT(!MUTEX_HELD(&mod_lock));
3178 if (subdir != NULL)
3179 sublen = strlen(subdir);
3180 else
3181 sublen = 0;
3182
3183 mutex_enter(&mod_lock);
3184 mp = &modules;
3185 do {
3186 if (sublen) {
3187 char *mod_filename = mp->mod_filename;
3188
3189 if (strncmp(subdir, mod_filename, sublen) == 0 &&
3190 mod_filename[sublen] == '/' &&
3191 strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3192 mutex_exit(&mod_lock);
3193 return (mp);
3194 }
3195 } else if (strcmp(filename, mp->mod_filename) == 0) {
3196 mutex_exit(&mod_lock);
3197 return (mp);
3198 }
3199 } while ((mp = mp->mod_next) != &modules);
3200 mutex_exit(&mod_lock);
3201 return (NULL);
3202 }
3203
3204 /*
3205 * Check for circular dependencies. This is called from do_dependents()
3206 * in kobj.c. If we are the thread already loading this module, then
3207 * we're trying to load a dependent that we're already loading which
3208 * means the user specified circular dependencies.
3209 */
3210 static int
mod_circdep(struct modctl * modp)3211 mod_circdep(struct modctl *modp)
3212 {
3213 struct modctl *rmod;
3214
3215 ASSERT(MUTEX_HELD(&mod_lock));
3216
3217 /*
3218 * Check the mod_inprogress_thread first.
3219 * mod_inprogress_thread is used in mod_hold_stub()
3220 * directly to improve performance.
3221 */
3222 if (modp->mod_inprogress_thread == curthread)
3223 return (1);
3224
3225 /*
3226 * Check the module circular dependencies.
3227 */
3228 for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3229 /*
3230 * Check if there is a module circular dependency.
3231 */
3232 if (rmod->mod_requisite_loading == modp)
3233 return (1);
3234 }
3235 return (0);
3236 }
3237
3238 static int
mod_getinfo(struct modctl * modp,struct modinfo * modinfop)3239 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3240 {
3241 int (*func)(struct modinfo *);
3242 int retval;
3243
3244 ASSERT(modp->mod_busy);
3245
3246 /* primary modules don't do getinfo */
3247 if (modp->mod_prim)
3248 return (0);
3249
3250 func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3251
3252 if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3253 cmn_err(CE_WARN, "_info() not defined properly in %s",
3254 modp->mod_filename);
3255 /*
3256 * The semantics of mod_info(9F) are that 0 is failure
3257 * and non-zero is success.
3258 */
3259 retval = 0;
3260 } else
3261 retval = (*func)(modinfop); /* call _info() function */
3262
3263 if (moddebug & MODDEBUG_USERDEBUG)
3264 printf("Returned from _info, retval = %x\n", retval);
3265
3266 return (retval);
3267 }
3268
3269 static void
modadd(struct modctl * mp)3270 modadd(struct modctl *mp)
3271 {
3272 ASSERT(MUTEX_HELD(&mod_lock));
3273
3274 mp->mod_id = last_module_id++;
3275 mp->mod_next = &modules;
3276 mp->mod_prev = modules.mod_prev;
3277 modules.mod_prev->mod_next = mp;
3278 modules.mod_prev = mp;
3279 }
3280
3281 /*ARGSUSED*/
3282 static struct modctl *
allocate_modp(const char * filename,const char * modname)3283 allocate_modp(const char *filename, const char *modname)
3284 {
3285 struct modctl *mp;
3286
3287 mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3288 mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3289 (void) strcpy(mp->mod_modname, modname);
3290 return (mp);
3291 }
3292
3293 /*
3294 * Get the value of a symbol. This is a wrapper routine that
3295 * calls kobj_getsymvalue(). kobj_getsymvalue() may go away but this
3296 * wrapper will prevent callers from noticing.
3297 */
3298 uintptr_t
modgetsymvalue(char * name,int kernelonly)3299 modgetsymvalue(char *name, int kernelonly)
3300 {
3301 return (kobj_getsymvalue(name, kernelonly));
3302 }
3303
3304 /*
3305 * Get the symbol nearest an address. This is a wrapper routine that
3306 * calls kobj_getsymname(). kobj_getsymname() may go away but this
3307 * wrapper will prevent callers from noticing.
3308 */
3309 char *
modgetsymname(uintptr_t value,ulong_t * offset)3310 modgetsymname(uintptr_t value, ulong_t *offset)
3311 {
3312 return (kobj_getsymname(value, offset));
3313 }
3314
3315 /*
3316 * Lookup a symbol in a specified module. These are wrapper routines that
3317 * call kobj_lookup(). kobj_lookup() may go away but these wrappers will
3318 * prevent callers from noticing.
3319 */
3320 uintptr_t
modlookup(const char * modname,const char * symname)3321 modlookup(const char *modname, const char *symname)
3322 {
3323 struct modctl *modp;
3324 uintptr_t val;
3325
3326 if ((modp = mod_hold_by_name(modname)) == NULL)
3327 return (0);
3328 val = kobj_lookup(modp->mod_mp, symname);
3329 mod_release_mod(modp);
3330 return (val);
3331 }
3332
3333 uintptr_t
modlookup_by_modctl(modctl_t * modp,const char * symname)3334 modlookup_by_modctl(modctl_t *modp, const char *symname)
3335 {
3336 ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3337
3338 return (kobj_lookup(modp->mod_mp, symname));
3339 }
3340
3341 /*
3342 * Ask the user for the name of the system file and the default path
3343 * for modules.
3344 */
3345 void
mod_askparams()3346 mod_askparams()
3347 {
3348 static char s0[64];
3349 intptr_t fd;
3350
3351 if ((fd = kobj_open(systemfile)) != -1L)
3352 kobj_close(fd);
3353 else
3354 systemfile = NULL;
3355
3356 /*CONSTANTCONDITION*/
3357 while (1) {
3358 printf("Name of system file [%s]: ",
3359 systemfile ? systemfile : "/dev/null");
3360
3361 console_gets(s0, sizeof (s0));
3362
3363 if (s0[0] == '\0')
3364 break;
3365 else if (strcmp(s0, "/dev/null") == 0) {
3366 systemfile = NULL;
3367 break;
3368 } else {
3369 if ((fd = kobj_open(s0)) != -1L) {
3370 kobj_close(fd);
3371 systemfile = s0;
3372 break;
3373 }
3374 }
3375 printf("can't find file %s\n", s0);
3376 }
3377 }
3378
3379 static char loading_msg[] = "loading '%s' id %d\n";
3380 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3381
3382 /*
3383 * Common code for loading a module (but not installing it).
3384 * Handoff the task of module loading to a separate thread
3385 * with a large stack if possible, since this code may recurse a few times.
3386 * Return zero if there are no errors or an errno value.
3387 */
3388 static int
mod_load(struct modctl * mp,int usepath)3389 mod_load(struct modctl *mp, int usepath)
3390 {
3391 int retval;
3392 struct modinfo *modinfop = NULL;
3393 struct loadmt lt;
3394
3395 ASSERT(MUTEX_NOT_HELD(&mod_lock));
3396 ASSERT(mp->mod_busy);
3397
3398 if (mp->mod_loaded)
3399 return (0);
3400
3401 if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3402 mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3403 if (moddebug & MODDEBUG_LOADMSG) {
3404 printf(mod_excl_msg, mp->mod_filename,
3405 mp->mod_modname);
3406 }
3407 return (ENXIO);
3408 }
3409 if (moddebug & MODDEBUG_LOADMSG2)
3410 printf(loading_msg, mp->mod_filename, mp->mod_id);
3411
3412 if (curthread != &t0) {
3413 lt.mp = mp;
3414 lt.usepath = usepath;
3415 lt.owner = curthread;
3416 sema_init(<.sema, 0, NULL, SEMA_DEFAULT, NULL);
3417
3418 /* create thread to hand of call to */
3419 (void) thread_create(NULL, DEFAULTSTKSZ * 2,
3420 modload_thread, <, 0, &p0, TS_RUN, maxclsyspri);
3421
3422 /* wait for thread to complete kobj_load_module */
3423 sema_p(<.sema);
3424
3425 sema_destroy(<.sema);
3426 retval = lt.retval;
3427 } else
3428 retval = kobj_load_module(mp, usepath);
3429
3430 if (mp->mod_mp) {
3431 ASSERT(retval == 0);
3432 mp->mod_loaded = 1;
3433 mp->mod_loadcnt++;
3434 if (moddebug & MODDEBUG_LOADMSG) {
3435 printf(load_msg, mp->mod_filename, mp->mod_id,
3436 (void *)((struct module *)mp->mod_mp)->text,
3437 (void *)((struct module *)mp->mod_mp)->data,
3438 ((struct module *)mp->mod_mp)->text_size,
3439 ((struct module *)mp->mod_mp)->data_size);
3440 }
3441
3442 /*
3443 * XXX - There should be a better way to get this.
3444 */
3445 modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3446 modinfop->mi_info = MI_INFO_LINKAGE;
3447 if (mod_getinfo(mp, modinfop) == 0)
3448 mp->mod_linkage = NULL;
3449 else {
3450 mp->mod_linkage = (void *)modinfop->mi_base;
3451 ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3452 }
3453
3454 /*
3455 * DCS: bootstrapping code. If the driver is loaded
3456 * before root mount, it is assumed that the driver
3457 * may be used before mounting root. In order to
3458 * access mappings of global to local minor no.'s
3459 * during installation/open of the driver, we load
3460 * them into memory here while the BOP_interfaces
3461 * are still up.
3462 */
3463 if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3464 retval = clboot_modload(mp);
3465 }
3466
3467 kmem_free(modinfop, sizeof (struct modinfo));
3468 (void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3469 retval = install_stubs_by_name(mp, mp->mod_modname);
3470
3471 /*
3472 * Now that the module is loaded, we need to give DTrace
3473 * a chance to notify its providers. This is done via
3474 * the dtrace_modload function pointer.
3475 */
3476 if (strcmp(mp->mod_modname, "dtrace") != 0) {
3477 struct modctl *dmp = mod_hold_by_name("dtrace");
3478
3479 if (dmp != NULL && dtrace_modload != NULL)
3480 (*dtrace_modload)(mp);
3481
3482 mod_release_mod(dmp);
3483 }
3484
3485 } else {
3486 /*
3487 * If load failed then we need to release any requisites
3488 * that we had established.
3489 */
3490 ASSERT(retval);
3491 mod_release_requisites(mp);
3492
3493 if (moddebug & MODDEBUG_ERRMSG)
3494 printf("error loading '%s', error %d\n",
3495 mp->mod_filename, retval);
3496 }
3497 return (retval);
3498 }
3499
3500 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3501
3502 static void
mod_unload(struct modctl * mp)3503 mod_unload(struct modctl *mp)
3504 {
3505 ASSERT(MUTEX_NOT_HELD(&mod_lock));
3506 ASSERT(mp->mod_busy);
3507 ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3508 ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3509
3510 if (moddebug & MODDEBUG_LOADMSG)
3511 printf(unload_msg, mp->mod_modname,
3512 mp->mod_id, mp->mod_loadcnt);
3513
3514 /*
3515 * If mod_ref is not zero, it means some modules might still refer
3516 * to this module. Then you can't unload this module right now.
3517 * Instead, set 1 to mod_delay_unload to notify the system of
3518 * unloading this module later when it's not required any more.
3519 */
3520 if (mp->mod_ref > 0) {
3521 mp->mod_delay_unload = 1;
3522 if (moddebug & MODDEBUG_LOADMSG2) {
3523 printf("module %s not unloaded,"
3524 " non-zero reference count (%d)",
3525 mp->mod_modname, mp->mod_ref);
3526 }
3527 return;
3528 }
3529
3530 if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3531 (mp->mod_ref || mp->mod_prim)) {
3532 /*
3533 * A DEBUG kernel would ASSERT panic above, the code is broken
3534 * if we get this warning.
3535 */
3536 cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3537 mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3538 mp->mod_ref);
3539 return;
3540 }
3541
3542 /* reset stub functions to call the binder again */
3543 reset_stubs(mp);
3544
3545 /*
3546 * mark module as unloaded before the modctl structure is freed.
3547 * This is required not to reuse the modctl structure before
3548 * the module is marked as unloaded.
3549 */
3550 mp->mod_loaded = 0;
3551 mp->mod_linkage = NULL;
3552
3553 /* free the memory */
3554 kobj_unload_module(mp);
3555
3556 if (mp->mod_delay_unload) {
3557 mp->mod_delay_unload = 0;
3558 if (moddebug & MODDEBUG_LOADMSG2) {
3559 printf("deferred unload of module %s"
3560 " (id %d) successful",
3561 mp->mod_modname, mp->mod_id);
3562 }
3563 }
3564
3565 /* release hold on requisites */
3566 mod_release_requisites(mp);
3567
3568 /*
3569 * Now that the module is gone, we need to give DTrace a chance to
3570 * remove any probes that it may have had in the module. This is
3571 * done via the dtrace_modunload function pointer.
3572 */
3573 if (strcmp(mp->mod_modname, "dtrace") != 0) {
3574 struct modctl *dmp = mod_hold_by_name("dtrace");
3575
3576 if (dmp != NULL && dtrace_modunload != NULL)
3577 (*dtrace_modunload)(mp);
3578
3579 mod_release_mod(dmp);
3580 }
3581 }
3582
3583 static int
modinstall(struct modctl * mp)3584 modinstall(struct modctl *mp)
3585 {
3586 int val;
3587 int (*func)(void);
3588
3589 ASSERT(MUTEX_NOT_HELD(&mod_lock));
3590 ASSERT(mp->mod_busy && mp->mod_loaded);
3591
3592 if (mp->mod_installed)
3593 return (0);
3594 /*
3595 * If mod_delay_unload is on, it means the system chose the deferred
3596 * unload for this module. Then you can't install this module until
3597 * it's unloaded from the system.
3598 */
3599 if (mp->mod_delay_unload)
3600 return (ENXIO);
3601
3602 if (moddebug & MODDEBUG_LOADMSG)
3603 printf("installing %s, module id %d.\n",
3604 mp->mod_modname, mp->mod_id);
3605
3606 ASSERT(mp->mod_mp != NULL);
3607 if (mod_install_requisites(mp) != 0) {
3608 /*
3609 * Note that we can't call mod_unload(mp) here since
3610 * if modinstall() was called by mod_install_requisites(),
3611 * we won't be able to hold the dependent modules
3612 * (otherwise there would be a deadlock).
3613 */
3614 return (ENXIO);
3615 }
3616
3617 if (moddebug & MODDEBUG_ERRMSG) {
3618 printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3619 mp->mod_filename, mp->mod_id,
3620 (void *)((struct module *)mp->mod_mp)->text,
3621 (void *)((struct module *)mp->mod_mp)->data,
3622 ((struct module *)mp->mod_mp)->text_size,
3623 ((struct module *)mp->mod_mp)->data_size);
3624 }
3625
3626 func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3627
3628 if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3629 cmn_err(CE_WARN, "_init() not defined properly in %s",
3630 mp->mod_filename);
3631 return (EFAULT);
3632 }
3633
3634 if (moddebug & MODDEBUG_USERDEBUG) {
3635 printf("breakpoint before calling %s:_init()\n",
3636 mp->mod_modname);
3637 if (DEBUGGER_PRESENT)
3638 debug_enter("_init");
3639 }
3640
3641 ASSERT(MUTEX_NOT_HELD(&mod_lock));
3642 ASSERT(mp->mod_busy && mp->mod_loaded);
3643 val = (*func)(); /* call _init */
3644
3645 if (moddebug & MODDEBUG_USERDEBUG)
3646 printf("Returned from _init, val = %x\n", val);
3647
3648 if (val == 0) {
3649 /*
3650 * Set the MODS_INSTALLED flag to enable this module
3651 * being called now.
3652 */
3653 install_stubs(mp);
3654 mp->mod_installed = 1;
3655 } else if (moddebug & MODDEBUG_ERRMSG)
3656 printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3657
3658 return (val);
3659 }
3660
3661 int detach_driver_unconfig = 0;
3662
3663 static int
detach_driver(char * name)3664 detach_driver(char *name)
3665 {
3666 major_t major;
3667 int error;
3668
3669 /*
3670 * If being called from mod_uninstall_all() then the appropriate
3671 * driver detaches (leaf only) have already been done.
3672 */
3673 if (mod_in_autounload())
3674 return (0);
3675
3676 major = ddi_name_to_major(name);
3677 if (major == DDI_MAJOR_T_NONE)
3678 return (0);
3679
3680 error = ndi_devi_unconfig_driver(ddi_root_node(),
3681 NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3682 return (error == NDI_SUCCESS ? 0 : -1);
3683 }
3684
3685 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3686
3687 static int
moduninstall(struct modctl * mp)3688 moduninstall(struct modctl *mp)
3689 {
3690 int status = 0;
3691 int (*func)(void);
3692
3693 ASSERT(MUTEX_NOT_HELD(&mod_lock));
3694 ASSERT(mp->mod_busy);
3695
3696 /*
3697 * Verify that we need to do something and can uninstall the module.
3698 *
3699 * If we should not uninstall the module or if the module is not in
3700 * the correct state to start an uninstall we return EBUSY to prevent
3701 * us from progressing to mod_unload. If the module has already been
3702 * uninstalled and unloaded we return EALREADY.
3703 */
3704 if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3705 return (EBUSY);
3706 if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3707 return (EALREADY);
3708
3709 /*
3710 * To avoid devinfo / module deadlock we must release this module
3711 * prior to initiating the detach_driver, otherwise the detach_driver
3712 * might deadlock on a devinfo node held by another thread
3713 * coming top down and involving the module we have locked.
3714 *
3715 * When we regrab the module we must reverify that it is OK
3716 * to proceed with the uninstall operation.
3717 */
3718 mod_release_mod(mp);
3719 status = detach_driver(mp->mod_modname);
3720 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3721
3722 /* check detach status and reverify state with lock */
3723 mutex_enter(&mod_lock);
3724 if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3725 mutex_exit(&mod_lock);
3726 return (EBUSY);
3727 }
3728 if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3729 mutex_exit(&mod_lock);
3730 return (EALREADY);
3731 }
3732 mutex_exit(&mod_lock);
3733
3734 if (moddebug & MODDEBUG_LOADMSG2)
3735 printf("uninstalling %s\n", mp->mod_modname);
3736
3737 /*
3738 * lookup _fini, return EBUSY if not defined.
3739 *
3740 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3741 * detach(9E) - it allows bufctl addresses to be resolved.
3742 */
3743 func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3744 if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3745 (moddebug & MODDEBUG_FINI_EBUSY))
3746 return (EBUSY);
3747
3748 /* verify that _fini is in this module */
3749 if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3750 cmn_err(CE_WARN, "_fini() not defined properly in %s",
3751 mp->mod_filename);
3752 return (EFAULT);
3753 }
3754
3755 /* call _fini() */
3756 ASSERT(MUTEX_NOT_HELD(&mod_lock));
3757 ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3758
3759 status = (*func)();
3760
3761 if (status == 0) {
3762 /* _fini returned success, the module is no longer installed */
3763 if (moddebug & MODDEBUG_LOADMSG)
3764 printf("uninstalled %s\n", mp->mod_modname);
3765
3766 /*
3767 * Even though we only set mod_installed to zero here, a zero
3768 * return value means we are committed to a code path were
3769 * mod_loaded will also end up as zero - we have no other
3770 * way to get the module data and bss back to the pre _init
3771 * state except a reload. To ensure this, after return,
3772 * mod_busy must stay set until mod_loaded is cleared.
3773 */
3774 mp->mod_installed = 0;
3775
3776 /*
3777 * Clear the MODS_INSTALLED flag not to call functions
3778 * in the module directly from now on.
3779 */
3780 uninstall_stubs(mp);
3781 } else {
3782 if (moddebug & MODDEBUG_USERDEBUG)
3783 printf(finiret_msg, mp->mod_filename, status);
3784 /*
3785 * By definition _fini is only allowed to return EBUSY or the
3786 * result of mod_remove (EBUSY or EINVAL). In the off chance
3787 * that a driver returns EALREADY we convert this to EINVAL
3788 * since to our caller EALREADY means module was already
3789 * removed.
3790 */
3791 if (status == EALREADY)
3792 status = EINVAL;
3793 }
3794
3795 return (status);
3796 }
3797
3798 /*
3799 * Uninstall all modules.
3800 */
3801 static void
mod_uninstall_all(void)3802 mod_uninstall_all(void)
3803 {
3804 struct modctl *mp;
3805 int pass;
3806 modid_t modid;
3807
3808 /* synchronize with any active modunload_disable() */
3809 modunload_begin();
3810
3811 /* mark this thread as doing autounloading */
3812 (void) tsd_set(mod_autounload_key, (void *)1);
3813
3814 (void) devfs_clean(ddi_root_node(), NULL, 0);
3815 (void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3816
3817 /*
3818 * Loop up to max times if we keep producing unreferenced modules.
3819 * A new unreferenced module is an opportunity to unload.
3820 */
3821 for (pass = 0; pass < mod_uninstall_pass_max; pass++) {
3822
3823 /* zero count of modules that go unreferenced during pass */
3824 mod_uninstall_ref_zero = 0;
3825
3826 modid = 0;
3827 while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3828 modid = mp->mod_id;
3829
3830 /*
3831 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3832 */
3833 if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3834 mod_release_mod(mp);
3835 continue;
3836 }
3837
3838 if (moduninstall(mp) == 0) {
3839 mod_unload(mp);
3840 CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3841 }
3842 mod_release_mod(mp);
3843 }
3844
3845 /* break if no modules went unreferenced during pass */
3846 if (mod_uninstall_ref_zero == 0)
3847 break;
3848 }
3849 if (pass >= mod_uninstall_pass_max)
3850 mod_uninstall_pass_exc++;
3851
3852 (void) tsd_set(mod_autounload_key, NULL);
3853 modunload_end();
3854 }
3855
3856 /* wait for unloads that have begun before registering disable */
3857 void
modunload_disable(void)3858 modunload_disable(void)
3859 {
3860 mutex_enter(&modunload_wait_mutex);
3861 while (modunload_active_count) {
3862 modunload_wait++;
3863 cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3864 modunload_wait--;
3865 }
3866 modunload_disable_count++;
3867 mutex_exit(&modunload_wait_mutex);
3868 }
3869
3870 /* mark end of disable and signal waiters */
3871 void
modunload_enable(void)3872 modunload_enable(void)
3873 {
3874 mutex_enter(&modunload_wait_mutex);
3875 modunload_disable_count--;
3876 if ((modunload_disable_count == 0) && modunload_wait)
3877 cv_broadcast(&modunload_wait_cv);
3878 mutex_exit(&modunload_wait_mutex);
3879 }
3880
3881 /* wait for disables to complete before begining unload */
3882 void
modunload_begin()3883 modunload_begin()
3884 {
3885 mutex_enter(&modunload_wait_mutex);
3886 while (modunload_disable_count) {
3887 modunload_wait++;
3888 cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3889 modunload_wait--;
3890 }
3891 modunload_active_count++;
3892 mutex_exit(&modunload_wait_mutex);
3893 }
3894
3895 /* mark end of unload and signal waiters */
3896 void
modunload_end()3897 modunload_end()
3898 {
3899 mutex_enter(&modunload_wait_mutex);
3900 modunload_active_count--;
3901 if ((modunload_active_count == 0) && modunload_wait)
3902 cv_broadcast(&modunload_wait_cv);
3903 mutex_exit(&modunload_wait_mutex);
3904 }
3905
3906 void
mod_uninstall_daemon(void)3907 mod_uninstall_daemon(void)
3908 {
3909 callb_cpr_t cprinfo;
3910 clock_t ticks;
3911
3912 mod_aul_thread = curthread;
3913
3914 CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3915 for (;;) {
3916 mutex_enter(&mod_uninstall_lock);
3917 CALLB_CPR_SAFE_BEGIN(&cprinfo);
3918 /*
3919 * In DEBUG kernels, unheld drivers are uninstalled periodically
3920 * every mod_uninstall_interval seconds. Periodic uninstall can
3921 * be disabled by setting mod_uninstall_interval to 0 which is
3922 * the default for a non-DEBUG kernel.
3923 */
3924 if (mod_uninstall_interval) {
3925 ticks = drv_usectohz(mod_uninstall_interval * 1000000);
3926 (void) cv_reltimedwait(&mod_uninstall_cv,
3927 &mod_uninstall_lock, ticks, TR_CLOCK_TICK);
3928 } else {
3929 cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3930 }
3931 /*
3932 * The whole daemon is safe for CPR except we don't want
3933 * the daemon to run if FREEZE is issued and this daemon
3934 * wakes up from the cv_wait above. In this case, it'll be
3935 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3936 *
3937 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3938 * mod_uninstall_lock is used to protect cprinfo and
3939 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3940 * called.
3941 */
3942 CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3943 CALLB_CPR_SAFE_BEGIN(&cprinfo);
3944 mutex_exit(&mod_uninstall_lock);
3945 if ((modunload_disable_count == 0) &&
3946 ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3947 mod_uninstall_all();
3948 }
3949 }
3950 }
3951
3952 /*
3953 * Unload all uninstalled modules.
3954 */
3955 void
modreap(void)3956 modreap(void)
3957 {
3958 mutex_enter(&mod_uninstall_lock);
3959 cv_broadcast(&mod_uninstall_cv);
3960 mutex_exit(&mod_uninstall_lock);
3961 }
3962
3963 /*
3964 * Hold the specified module. This is the module holding primitive.
3965 *
3966 * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3967 *
3968 * Return values:
3969 * 0 ==> the module is held
3970 * 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3971 * to determine how to retry.
3972 */
3973 int
mod_hold_by_modctl(struct modctl * mp,int f)3974 mod_hold_by_modctl(struct modctl *mp, int f)
3975 {
3976 ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3977 ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3978 (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3979 ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3980 ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3981 (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3982 ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3983
3984 if (f & MOD_LOCK_NOT_HELD)
3985 mutex_enter(&mod_lock);
3986
3987 while (mp->mod_busy) {
3988 mp->mod_want = 1;
3989 cv_wait(&mod_cv, &mod_lock);
3990 /*
3991 * Module may be unloaded by daemon.
3992 * Nevertheless, modctl structure is still in linked list
3993 * (i.e., off &modules), not freed!
3994 * Caller is not supposed to assume "mp" is valid, but there
3995 * is no reasonable way to detect this but using
3996 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3997 * (or similar check depending on calling context)
3998 * DON'T free modctl structure, it will be very very
3999 * problematic.
4000 */
4001 if (f & MOD_WAIT_ONCE) {
4002 if (f & MOD_LOCK_NOT_HELD)
4003 mutex_exit(&mod_lock);
4004 return (1); /* caller decides how to retry */
4005 }
4006 }
4007
4008 mp->mod_busy = 1;
4009 mp->mod_inprogress_thread =
4010 (curthread == NULL ? (kthread_id_t)-1 : curthread);
4011
4012 if (f & MOD_LOCK_NOT_HELD)
4013 mutex_exit(&mod_lock);
4014 return (0);
4015 }
4016
4017 static struct modctl *
mod_hold_by_name_common(struct modctl * dep,const char * filename)4018 mod_hold_by_name_common(struct modctl *dep, const char *filename)
4019 {
4020 const char *modname;
4021 struct modctl *mp;
4022 char *curname, *newname;
4023 int found = 0;
4024
4025 mutex_enter(&mod_lock);
4026
4027 if ((modname = strrchr(filename, '/')) == NULL)
4028 modname = filename;
4029 else
4030 modname++;
4031
4032 mp = &modules;
4033 do {
4034 if (strcmp(modname, mp->mod_modname) == 0) {
4035 found = 1;
4036 break;
4037 }
4038 } while ((mp = mp->mod_next) != &modules);
4039
4040 if (found == 0) {
4041 mp = allocate_modp(filename, modname);
4042 modadd(mp);
4043 }
4044
4045 /*
4046 * if dep is not NULL, set the mp in mod_requisite_loading for
4047 * the module circular dependency check. This field is used in
4048 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
4049 */
4050 if (dep != NULL) {
4051 ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
4052 dep->mod_requisite_loading = mp;
4053 }
4054
4055 /*
4056 * If the module was held, then it must be us who has it held.
4057 */
4058 if (mod_circdep(mp))
4059 mp = NULL;
4060 else {
4061 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4062
4063 /*
4064 * If the name hadn't been set or has changed, allocate
4065 * space and set it. Free space used by previous name.
4066 *
4067 * Do not change the name of primary modules, for primary
4068 * modules the mod_filename was allocated in standalone mode:
4069 * it is illegal to kobj_alloc in standalone mode and kobj_free
4070 * in non-standalone mode.
4071 */
4072 curname = mp->mod_filename;
4073 if (curname == NULL ||
4074 ((mp->mod_prim == 0) &&
4075 (curname != filename) &&
4076 (modname != filename) &&
4077 (strcmp(curname, filename) != 0))) {
4078 newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
4079 (void) strcpy(newname, filename);
4080 mp->mod_filename = newname;
4081 if (curname != NULL)
4082 kobj_free(curname, strlen(curname) + 1);
4083 }
4084 }
4085
4086 mutex_exit(&mod_lock);
4087 if (mp && moddebug & MODDEBUG_LOADMSG2)
4088 printf("Holding %s\n", mp->mod_filename);
4089 if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
4090 printf("circular dependency loading %s\n", filename);
4091 return (mp);
4092 }
4093
4094 static struct modctl *
mod_hold_by_name_requisite(struct modctl * dep,char * filename)4095 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
4096 {
4097 return (mod_hold_by_name_common(dep, filename));
4098 }
4099
4100 struct modctl *
mod_hold_by_name(const char * filename)4101 mod_hold_by_name(const char *filename)
4102 {
4103 return (mod_hold_by_name_common(NULL, filename));
4104 }
4105
4106 struct modctl *
mod_hold_by_id(modid_t modid)4107 mod_hold_by_id(modid_t modid)
4108 {
4109 struct modctl *mp;
4110 int found = 0;
4111
4112 mutex_enter(&mod_lock);
4113 mp = &modules;
4114 do {
4115 if (mp->mod_id == modid) {
4116 found = 1;
4117 break;
4118 }
4119 } while ((mp = mp->mod_next) != &modules);
4120
4121 if ((found == 0) || mod_circdep(mp))
4122 mp = NULL;
4123 else
4124 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4125
4126 mutex_exit(&mod_lock);
4127 return (mp);
4128 }
4129
4130 static struct modctl *
mod_hold_next_by_id(modid_t modid)4131 mod_hold_next_by_id(modid_t modid)
4132 {
4133 struct modctl *mp;
4134 int found = 0;
4135
4136 if (modid < -1)
4137 return (NULL);
4138
4139 mutex_enter(&mod_lock);
4140
4141 mp = &modules;
4142 do {
4143 if (mp->mod_id > modid) {
4144 found = 1;
4145 break;
4146 }
4147 } while ((mp = mp->mod_next) != &modules);
4148
4149 if ((found == 0) || mod_circdep(mp))
4150 mp = NULL;
4151 else
4152 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4153
4154 mutex_exit(&mod_lock);
4155 return (mp);
4156 }
4157
4158 static void
mod_release(struct modctl * mp)4159 mod_release(struct modctl *mp)
4160 {
4161 ASSERT(MUTEX_HELD(&mod_lock));
4162 ASSERT(mp->mod_busy);
4163
4164 mp->mod_busy = 0;
4165 mp->mod_inprogress_thread = NULL;
4166 if (mp->mod_want) {
4167 mp->mod_want = 0;
4168 cv_broadcast(&mod_cv);
4169 }
4170 }
4171
4172 void
mod_release_mod(struct modctl * mp)4173 mod_release_mod(struct modctl *mp)
4174 {
4175 if (moddebug & MODDEBUG_LOADMSG2)
4176 printf("Releasing %s\n", mp->mod_filename);
4177 mutex_enter(&mod_lock);
4178 mod_release(mp);
4179 mutex_exit(&mod_lock);
4180 }
4181
4182 modid_t
mod_name_to_modid(char * filename)4183 mod_name_to_modid(char *filename)
4184 {
4185 char *modname;
4186 struct modctl *mp;
4187
4188 mutex_enter(&mod_lock);
4189
4190 if ((modname = strrchr(filename, '/')) == NULL)
4191 modname = filename;
4192 else
4193 modname++;
4194
4195 mp = &modules;
4196 do {
4197 if (strcmp(modname, mp->mod_modname) == 0) {
4198 mutex_exit(&mod_lock);
4199 return (mp->mod_id);
4200 }
4201 } while ((mp = mp->mod_next) != &modules);
4202
4203 mutex_exit(&mod_lock);
4204 return (-1);
4205 }
4206
4207
4208 int
mod_remove_by_name(char * name)4209 mod_remove_by_name(char *name)
4210 {
4211 struct modctl *mp;
4212 int retval;
4213
4214 mp = mod_hold_by_name(name);
4215
4216 if (mp == NULL)
4217 return (EINVAL);
4218
4219 if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4220 /*
4221 * Do not unload forceloaded modules
4222 */
4223 mod_release_mod(mp);
4224 return (0);
4225 }
4226
4227 if ((retval = moduninstall(mp)) == 0) {
4228 mod_unload(mp);
4229 CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4230 } else if (retval == EALREADY)
4231 retval = 0; /* already unloaded, not an error */
4232 mod_release_mod(mp);
4233 return (retval);
4234 }
4235
4236 /*
4237 * Record that module "dep" is dependent on module "on_mod."
4238 */
4239 static void
mod_make_requisite(struct modctl * dependent,struct modctl * on_mod)4240 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4241 {
4242 struct modctl_list **pmlnp; /* previous next pointer */
4243 struct modctl_list *mlp;
4244 struct modctl_list *new;
4245
4246 ASSERT(dependent->mod_busy && on_mod->mod_busy);
4247 mutex_enter(&mod_lock);
4248
4249 /*
4250 * Search dependent's requisite list to see if on_mod is recorded.
4251 * List is ordered by id.
4252 */
4253 for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4254 mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4255 if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4256 break;
4257
4258 /* Create and insert if not already recorded */
4259 if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4260 new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4261 new->modl_modp = on_mod;
4262 new->modl_next = mlp;
4263 *pmlnp = new;
4264
4265 /*
4266 * Increment the mod_ref count in our new requisite module.
4267 * This is what keeps a module that has other modules
4268 * which are dependent on it from being uninstalled and
4269 * unloaded. "on_mod"'s mod_ref count decremented in
4270 * mod_release_requisites when the "dependent" module
4271 * unload is complete. "on_mod" must be loaded, but may not
4272 * yet be installed.
4273 */
4274 on_mod->mod_ref++;
4275 ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4276 }
4277
4278 mutex_exit(&mod_lock);
4279 }
4280
4281 /*
4282 * release the hold associated with mod_make_requisite mod_ref++
4283 * as part of unload.
4284 */
4285 void
mod_release_requisites(struct modctl * modp)4286 mod_release_requisites(struct modctl *modp)
4287 {
4288 struct modctl_list *modl;
4289 struct modctl_list *next;
4290 struct modctl *req;
4291 struct modctl_list *start = NULL, *mod_garbage;
4292
4293 ASSERT(!quiesce_active);
4294 ASSERT(modp->mod_busy);
4295 ASSERT(MUTEX_NOT_HELD(&mod_lock));
4296
4297 mutex_enter(&mod_lock); /* needed for manipulation of req */
4298 for (modl = modp->mod_requisites; modl; modl = next) {
4299 next = modl->modl_next;
4300 req = modl->modl_modp;
4301 ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4302 req->mod_ref--;
4303 if (req->mod_ref == 0)
4304 mod_uninstall_ref_zero++;
4305
4306 /*
4307 * Check if the module has to be unloaded or not.
4308 */
4309 if (req->mod_ref == 0 && req->mod_delay_unload) {
4310 struct modctl_list *new;
4311 /*
4312 * Allocate the modclt_list holding the garbage
4313 * module which should be unloaded later.
4314 */
4315 new = kobj_zalloc(sizeof (struct modctl_list),
4316 KM_SLEEP);
4317 new->modl_modp = req;
4318
4319 if (start == NULL)
4320 mod_garbage = start = new;
4321 else {
4322 mod_garbage->modl_next = new;
4323 mod_garbage = new;
4324 }
4325 }
4326
4327 /* free the list as we go */
4328 kobj_free(modl, sizeof (*modl));
4329 }
4330 modp->mod_requisites = NULL;
4331 mutex_exit(&mod_lock);
4332
4333 /*
4334 * Unload the garbage modules.
4335 */
4336 for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4337 struct modctl_list *old = mod_garbage;
4338 struct modctl *mp = mod_garbage->modl_modp;
4339 ASSERT(mp != NULL);
4340
4341 /*
4342 * Hold this module until it's unloaded completely.
4343 */
4344 (void) mod_hold_by_modctl(mp,
4345 MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4346 /*
4347 * Check if the module is not unloaded yet and nobody requires
4348 * the module. If it's unloaded already or somebody still
4349 * requires the module, don't unload it now.
4350 */
4351 if (mp->mod_loaded && mp->mod_ref == 0)
4352 mod_unload(mp);
4353 ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4354 (mp->mod_ref > 0));
4355 mod_release_mod(mp);
4356
4357 mod_garbage = mod_garbage->modl_next;
4358 kobj_free(old, sizeof (struct modctl_list));
4359 }
4360 }
4361
4362 /*
4363 * Process dependency of the module represented by "dep" on the
4364 * module named by "on."
4365 *
4366 * Called from kobj_do_dependents() to load a module "on" on which
4367 * "dep" depends.
4368 */
4369 struct modctl *
mod_load_requisite(struct modctl * dep,char * on)4370 mod_load_requisite(struct modctl *dep, char *on)
4371 {
4372 struct modctl *on_mod;
4373 int retval;
4374
4375 if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4376 mod_make_requisite(dep, on_mod);
4377 } else if (moddebug & MODDEBUG_ERRMSG) {
4378 printf("error processing %s on which module %s depends\n",
4379 on, dep->mod_modname);
4380 }
4381 return (on_mod);
4382 }
4383
4384 static int
mod_install_requisites(struct modctl * modp)4385 mod_install_requisites(struct modctl *modp)
4386 {
4387 struct modctl_list *modl;
4388 struct modctl *req;
4389 int status = 0;
4390
4391 ASSERT(MUTEX_NOT_HELD(&mod_lock));
4392 ASSERT(modp->mod_busy);
4393
4394 for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4395 req = modl->modl_modp;
4396 (void) mod_hold_by_modctl(req,
4397 MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4398 status = modinstall(req);
4399 mod_release_mod(req);
4400
4401 if (status != 0)
4402 break;
4403 }
4404 return (status);
4405 }
4406
4407 /*
4408 * returns 1 if this thread is doing autounload, 0 otherwise.
4409 * see mod_uninstall_all.
4410 */
4411 int
mod_in_autounload()4412 mod_in_autounload()
4413 {
4414 return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4415 }
4416
4417 /*
4418 * gmatch adapted from libc, stripping the wchar stuff
4419 */
4420 #define popchar(p, c) { \
4421 c = *p++; \
4422 if (c == 0) { \
4423 return (0); \
4424 } \
4425 }
4426
4427 int
gmatch(const char * s,const char * p)4428 gmatch(const char *s, const char *p)
4429 {
4430 int c, sc;
4431 int ok, lc, notflag;
4432
4433 sc = *s++;
4434 c = *p++;
4435 if (c == 0)
4436 return (sc == c); /* nothing matches nothing */
4437
4438 switch (c) {
4439 case '\\':
4440 /* skip to quoted character */
4441 popchar(p, c);
4442 /*FALLTHRU*/
4443
4444 default:
4445 /* straight comparison */
4446 if (c != sc)
4447 return (0);
4448 /*FALLTHRU*/
4449
4450 case '?':
4451 /* first char matches, move to remainder */
4452 return (sc != '\0' ? gmatch(s, p) : 0);
4453
4454
4455 case '*':
4456 while (*p == '*')
4457 p++;
4458
4459 /* * matches everything */
4460 if (*p == 0)
4461 return (1);
4462
4463 /* undo skip at the beginning & iterate over substrings */
4464 --s;
4465 while (*s) {
4466 if (gmatch(s, p))
4467 return (1);
4468 s++;
4469 }
4470 return (0);
4471
4472 case '[':
4473 /* match any char within [] */
4474 if (sc == 0)
4475 return (0);
4476
4477 ok = lc = notflag = 0;
4478
4479 if (*p == '!') {
4480 notflag = 1;
4481 p++;
4482 }
4483 popchar(p, c);
4484
4485 do {
4486 if (c == '-' && lc && *p != ']') {
4487 /* test sc against range [c1-c2] */
4488 popchar(p, c);
4489 if (c == '\\') {
4490 popchar(p, c);
4491 }
4492
4493 if (notflag) {
4494 /* return 0 on mismatch */
4495 if (lc <= sc && sc <= c)
4496 return (0);
4497 ok++;
4498 } else if (lc <= sc && sc <= c) {
4499 ok++;
4500 }
4501 /* keep going, may get a match next */
4502 } else if (c == '\\') {
4503 /* skip to quoted character */
4504 popchar(p, c);
4505 }
4506 lc = c;
4507 if (notflag) {
4508 if (sc == lc)
4509 return (0);
4510 ok++;
4511 } else if (sc == lc) {
4512 ok++;
4513 }
4514 popchar(p, c);
4515 } while (c != ']');
4516
4517 /* recurse on remainder of string */
4518 return (ok ? gmatch(s, p) : 0);
4519 }
4520 /*NOTREACHED*/
4521 }
4522
4523
4524 /*
4525 * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4526 *
4527 * Pure wild-carded patterns are handled separately so the ordering of
4528 * these patterns doesn't matter. We're still dependent on ordering
4529 * however as the first matching entry is the one returned.
4530 * Not ideal but all existing examples and usage do imply this
4531 * ordering implicitly.
4532 *
4533 * Drivers using the clone driver are always good for some entertainment.
4534 * Clone nodes under pseudo have the form clone@0:<driver>. Some minor
4535 * perm entries have the form clone:<driver>, others use <driver>:*
4536 * Examples are clone:llc1 vs. llc2:*, for example.
4537 *
4538 * Minor perms in the clone:<driver> form are mapped to the drivers's
4539 * mperm list, not the clone driver, as wildcard entries for clone
4540 * reference only. In other words, a clone wildcard will match
4541 * references for clone@0:<driver> but never <driver>@<minor>.
4542 *
4543 * Additional minor perms in the standard form are also supported,
4544 * for mixed usage, ie a node with an entry clone:<driver> could
4545 * provide further entries <driver>:<minor>.
4546 *
4547 * Finally, some uses of clone use an alias as the minor name rather
4548 * than the driver name, with the alias as the minor perm entry.
4549 * This case is handled by attaching the driver to bring its
4550 * minor list into existence, then discover the alias via DDI_ALIAS.
4551 * The clone device's minor perm list can then be searched for
4552 * that alias.
4553 */
4554
4555 static int
dev_alias_minorperm(dev_info_t * dip,char * minor_name,mperm_t * rmp)4556 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4557 {
4558 major_t major;
4559 struct devnames *dnp;
4560 mperm_t *mp;
4561 char *alias = NULL;
4562 dev_info_t *cdevi;
4563 int circ;
4564 struct ddi_minor_data *dmd;
4565
4566 major = ddi_name_to_major(minor_name);
4567
4568 ASSERT(dip == clone_dip);
4569 ASSERT(major != DDI_MAJOR_T_NONE);
4570
4571 /*
4572 * Attach the driver named by the minor node, then
4573 * search its first instance's minor list for an
4574 * alias node.
4575 */
4576 if (ddi_hold_installed_driver(major) == NULL)
4577 return (1);
4578
4579 dnp = &devnamesp[major];
4580 LOCK_DEV_OPS(&dnp->dn_lock);
4581
4582 if ((cdevi = dnp->dn_head) != NULL) {
4583 ndi_devi_enter(cdevi, &circ);
4584 for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4585 if (dmd->type == DDM_ALIAS) {
4586 alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4587 break;
4588 }
4589 }
4590 ndi_devi_exit(cdevi, circ);
4591 }
4592
4593 UNLOCK_DEV_OPS(&dnp->dn_lock);
4594 ddi_rele_driver(major);
4595
4596 if (alias == NULL) {
4597 if (moddebug & MODDEBUG_MINORPERM)
4598 cmn_err(CE_CONT, "dev_minorperm: "
4599 "no alias for %s\n", minor_name);
4600 return (1);
4601 }
4602
4603 major = ddi_driver_major(clone_dip);
4604 dnp = &devnamesp[major];
4605 LOCK_DEV_OPS(&dnp->dn_lock);
4606
4607 /*
4608 * Go through the clone driver's mperm list looking
4609 * for a match for the specified alias.
4610 */
4611 for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4612 if (strcmp(alias, mp->mp_minorname) == 0) {
4613 break;
4614 }
4615 }
4616
4617 if (mp) {
4618 if (moddebug & MODDEBUG_MP_MATCH) {
4619 cmn_err(CE_CONT,
4620 "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4621 minor_name, alias, mp->mp_mode,
4622 mp->mp_uid, mp->mp_gid);
4623 }
4624 rmp->mp_uid = mp->mp_uid;
4625 rmp->mp_gid = mp->mp_gid;
4626 rmp->mp_mode = mp->mp_mode;
4627 }
4628 UNLOCK_DEV_OPS(&dnp->dn_lock);
4629
4630 kmem_free(alias, strlen(alias)+1);
4631
4632 return (mp == NULL);
4633 }
4634
4635 int
dev_minorperm(dev_info_t * dip,char * name,mperm_t * rmp)4636 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4637 {
4638 major_t major;
4639 char *minor_name;
4640 struct devnames *dnp;
4641 mperm_t *mp;
4642 int is_clone = 0;
4643
4644 if (!minorperm_loaded) {
4645 if (moddebug & MODDEBUG_MINORPERM)
4646 cmn_err(CE_CONT,
4647 "%s: minor perm not yet loaded\n", name);
4648 return (1);
4649 }
4650
4651 minor_name = strchr(name, ':');
4652 if (minor_name == NULL)
4653 return (1);
4654 minor_name++;
4655
4656 /*
4657 * If it's the clone driver, search the driver as named
4658 * by the minor. All clone minor perm entries other than
4659 * alias nodes are actually installed on the real driver's list.
4660 */
4661 if (dip == clone_dip) {
4662 major = ddi_name_to_major(minor_name);
4663 if (major == DDI_MAJOR_T_NONE) {
4664 if (moddebug & MODDEBUG_MINORPERM)
4665 cmn_err(CE_CONT, "dev_minorperm: "
4666 "%s: no such driver\n", minor_name);
4667 return (1);
4668 }
4669 is_clone = 1;
4670 } else {
4671 major = ddi_driver_major(dip);
4672 ASSERT(major != DDI_MAJOR_T_NONE);
4673 }
4674
4675 dnp = &devnamesp[major];
4676 LOCK_DEV_OPS(&dnp->dn_lock);
4677
4678 /*
4679 * Go through the driver's mperm list looking for
4680 * a match for the specified minor. If there's
4681 * no matching pattern, use the wild card.
4682 * Defer to the clone wild for clone if specified,
4683 * otherwise fall back to the normal form.
4684 */
4685 for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4686 if (gmatch(minor_name, mp->mp_minorname) != 0) {
4687 break;
4688 }
4689 }
4690 if (mp == NULL) {
4691 if (is_clone)
4692 mp = dnp->dn_mperm_clone;
4693 if (mp == NULL)
4694 mp = dnp->dn_mperm_wild;
4695 }
4696
4697 if (mp) {
4698 if (moddebug & MODDEBUG_MP_MATCH) {
4699 cmn_err(CE_CONT,
4700 "minor perm defaults: %s %s 0%o %d %d\n",
4701 name, mp->mp_minorname, mp->mp_mode,
4702 mp->mp_uid, mp->mp_gid);
4703 }
4704 rmp->mp_uid = mp->mp_uid;
4705 rmp->mp_gid = mp->mp_gid;
4706 rmp->mp_mode = mp->mp_mode;
4707 }
4708 UNLOCK_DEV_OPS(&dnp->dn_lock);
4709
4710 /*
4711 * If no match can be found for a clone node,
4712 * search for a possible match for an alias.
4713 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4714 * with minor perm entry clone:ptmx.
4715 */
4716 if (mp == NULL && is_clone) {
4717 return (dev_alias_minorperm(dip, minor_name, rmp));
4718 }
4719
4720 return (mp == NULL);
4721 }
4722
4723 /*
4724 * dynamicaly reference load a dl module/library, returning handle
4725 */
4726 /*ARGSUSED*/
4727 ddi_modhandle_t
ddi_modopen(const char * modname,int mode,int * errnop)4728 ddi_modopen(const char *modname, int mode, int *errnop)
4729 {
4730 char *subdir;
4731 char *mod;
4732 int subdirlen;
4733 struct modctl *hmodp = NULL;
4734 int retval = EINVAL;
4735
4736 ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4737 if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4738 goto out;
4739
4740 /* find last '/' in modname */
4741 mod = strrchr(modname, '/');
4742
4743 if (mod) {
4744 /* for subdir string without modification to argument */
4745 mod++;
4746 subdirlen = mod - modname;
4747 subdir = kmem_alloc(subdirlen, KM_SLEEP);
4748 (void) strlcpy(subdir, modname, subdirlen);
4749 } else {
4750 subdirlen = 0;
4751 subdir = "misc";
4752 mod = (char *)modname;
4753 }
4754
4755 /* reference load with errno return value */
4756 retval = modrload(subdir, mod, &hmodp);
4757
4758 if (subdirlen)
4759 kmem_free(subdir, subdirlen);
4760
4761 out: if (errnop)
4762 *errnop = retval;
4763
4764 if (moddebug & MODDEBUG_DDI_MOD)
4765 printf("ddi_modopen %s mode %x: %s %p %d\n",
4766 modname ? modname : "<unknown>", mode,
4767 hmodp ? hmodp->mod_filename : "<unknown>",
4768 (void *)hmodp, retval);
4769
4770 return ((ddi_modhandle_t)hmodp);
4771 }
4772
4773 /* lookup "name" in open dl module/library */
4774 void *
ddi_modsym(ddi_modhandle_t h,const char * name,int * errnop)4775 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4776 {
4777 struct modctl *hmodp = (struct modctl *)h;
4778 void *f;
4779 int retval;
4780
4781 ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4782 if ((hmodp == NULL) || (name == NULL) ||
4783 (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4784 f = NULL;
4785 retval = EINVAL;
4786 } else {
4787 f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4788 if (f)
4789 retval = 0;
4790 else
4791 retval = ENOTSUP;
4792 }
4793
4794 if (moddebug & MODDEBUG_DDI_MOD)
4795 printf("ddi_modsym in %s of %s: %d %p\n",
4796 hmodp ? hmodp->mod_modname : "<unknown>",
4797 name ? name : "<unknown>", retval, f);
4798
4799 if (errnop)
4800 *errnop = retval;
4801 return (f);
4802 }
4803
4804 /* dynamic (un)reference unload of an open dl module/library */
4805 int
ddi_modclose(ddi_modhandle_t h)4806 ddi_modclose(ddi_modhandle_t h)
4807 {
4808 struct modctl *hmodp = (struct modctl *)h;
4809 struct modctl *modp = NULL;
4810 int retval;
4811
4812 ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4813 if ((hmodp == NULL) ||
4814 (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4815 retval = EINVAL;
4816 goto out;
4817 }
4818
4819 retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4820 if (retval == EBUSY)
4821 retval = 0; /* EBUSY is not an error */
4822
4823 if (retval == 0) {
4824 ASSERT(hmodp == modp);
4825 if (hmodp != modp)
4826 retval = EINVAL;
4827 }
4828
4829 out: if (moddebug & MODDEBUG_DDI_MOD)
4830 printf("ddi_modclose %s: %d\n",
4831 hmodp ? hmodp->mod_modname : "<unknown>", retval);
4832
4833 return (retval);
4834 }
4835