xref: /titanic_41/usr/src/uts/common/os/modctl.c (revision 60aabb4ce92352f01733c518d6b6bb69e60b9113)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 /*
27  * modctl system call for loadable module support.
28  */
29 
30 #include <sys/param.h>
31 #include <sys/user.h>
32 #include <sys/systm.h>
33 #include <sys/exec.h>
34 #include <sys/file.h>
35 #include <sys/stat.h>
36 #include <sys/conf.h>
37 #include <sys/time.h>
38 #include <sys/reboot.h>
39 #include <sys/fs/ufs_fsdir.h>
40 #include <sys/kmem.h>
41 #include <sys/sysconf.h>
42 #include <sys/cmn_err.h>
43 #include <sys/ddi.h>
44 #include <sys/sunddi.h>
45 #include <sys/sunndi.h>
46 #include <sys/ndi_impldefs.h>
47 #include <sys/ddi_impldefs.h>
48 #include <sys/ddi_implfuncs.h>
49 #include <sys/bootconf.h>
50 #include <sys/dc_ki.h>
51 #include <sys/cladm.h>
52 #include <sys/dtrace.h>
53 #include <sys/kdi.h>
54 
55 #include <sys/devpolicy.h>
56 #include <sys/modctl.h>
57 #include <sys/kobj.h>
58 #include <sys/devops.h>
59 #include <sys/autoconf.h>
60 #include <sys/hwconf.h>
61 #include <sys/callb.h>
62 #include <sys/debug.h>
63 #include <sys/cpuvar.h>
64 #include <sys/sysmacros.h>
65 #include <sys/sysevent.h>
66 #include <sys/sysevent_impl.h>
67 #include <sys/instance.h>
68 #include <sys/modhash.h>
69 #include <sys/modhash_impl.h>
70 #include <sys/dacf_impl.h>
71 #include <sys/vfs.h>
72 #include <sys/pathname.h>
73 #include <sys/console.h>
74 #include <sys/policy.h>
75 #include <ipp/ipp_impl.h>
76 #include <sys/fs/dv_node.h>
77 #include <sys/strsubr.h>
78 #include <sys/fs/sdev_impl.h>
79 
80 static int		mod_circdep(struct modctl *);
81 static int		modinfo(modid_t, struct modinfo *);
82 
83 static void		mod_uninstall_all(void);
84 static int		mod_getinfo(struct modctl *, struct modinfo *);
85 static struct modctl	*allocate_modp(const char *, const char *);
86 
87 static int		mod_load(struct modctl *, int);
88 static void		mod_unload(struct modctl *);
89 static int		modinstall(struct modctl *);
90 static int		moduninstall(struct modctl *);
91 
92 static struct modctl	*mod_hold_by_name_common(struct modctl *, const char *);
93 static struct modctl	*mod_hold_next_by_id(modid_t);
94 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
95 static struct modctl	*mod_hold_installed_mod(char *, int, int, int *);
96 
97 static void		mod_release(struct modctl *);
98 static void		mod_make_requisite(struct modctl *, struct modctl *);
99 static int		mod_install_requisites(struct modctl *);
100 static void		check_esc_sequences(char *, char *);
101 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
102 
103 /*
104  * module loading thread control structure. Calls to kobj_load_module()() are
105  * handled off to a separate thead using this structure.
106  */
107 struct loadmt {
108 	ksema_t		sema;
109 	struct modctl	*mp;
110 	int		usepath;
111 	kthread_t	*owner;
112 	int		retval;
113 };
114 
115 static void	modload_thread(struct loadmt *);
116 
117 kcondvar_t	mod_cv;
118 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
119 					/* and the uninstall daemon. */
120 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
121 					/* mod_busy, mod_want, and mod_ref. */
122 					/* blocking operations while holding */
123 					/* mod_lock should be avoided */
124 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
125 kthread_id_t	mod_aul_thread;
126 
127 int		modunload_wait;
128 kmutex_t	modunload_wait_mutex;
129 kcondvar_t	modunload_wait_cv;
130 int		modunload_active_count;
131 int		modunload_disable_count;
132 
133 int	isminiroot;		/* set if running as miniroot */
134 int	modrootloaded;		/* set after root driver and fs are loaded */
135 int	moddebug = 0x0;		/* debug flags for module writers */
136 int	swaploaded;		/* set after swap driver and fs are loaded */
137 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
138 int	last_module_id;
139 clock_t	mod_uninstall_interval = 0;
140 int	mod_uninstall_pass_max = 6;
141 int	mod_uninstall_ref_zero;	/* # modules that went mod_ref == 0 */
142 int	mod_uninstall_pass_exc;	/* mod_uninstall_all left new stuff */
143 
144 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
145 
146 int	devcnt_incr	= 256;		/* allow for additional drivers */
147 int	devcnt_min	= 512;		/* and always at least this number */
148 
149 struct devnames *devnamesp;
150 struct devnames orphanlist;
151 
152 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
153 
154 #define	MAJBINDFILE "/etc/name_to_major"
155 #define	SYSBINDFILE "/etc/name_to_sysnum"
156 
157 static char	majbind[] = MAJBINDFILE;
158 static char	sysbind[] = SYSBINDFILE;
159 static uint_t	mod_autounload_key;	/* for module autounload detection */
160 
161 extern int obpdebug;
162 
163 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
164 
165 static int minorperm_loaded = 0;
166 
167 void
mod_setup(void)168 mod_setup(void)
169 {
170 	struct sysent *callp;
171 	int callnum, exectype;
172 	int	num_devs;
173 	int	i;
174 
175 	/*
176 	 * Initialize the list of loaded driver dev_ops.
177 	 * XXX - This must be done before reading the system file so that
178 	 * forceloads of drivers will work.
179 	 */
180 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
181 	/*
182 	 * Since read_binding_file is common code, it doesn't enforce that all
183 	 * of the binding file entries have major numbers <= MAXMAJ32.	Thus,
184 	 * ensure that we don't allocate some massive amount of space due to a
185 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
186 	 * until file system support for larger major numbers exists.
187 	 */
188 
189 	/*
190 	 * Leave space for expansion, but not more than L_MAXMAJ32
191 	 */
192 	devcnt = MIN(num_devs + devcnt_incr, L_MAXMAJ32);
193 	devcnt = MAX(devcnt, devcnt_min);
194 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
195 	for (i = 0; i < devcnt; i++)
196 		devopsp[i] = &mod_nodev_ops;
197 
198 	init_devnamesp(devcnt);
199 
200 	/*
201 	 * Sync up with the work that the stand-alone linker has already done.
202 	 */
203 	(void) kobj_sync();
204 
205 	if (boothowto & RB_DEBUG)
206 		kdi_dvec_modavail();
207 
208 	make_aliases(mb_hashtab);
209 
210 	/*
211 	 * Initialize streams device implementation structures.
212 	 */
213 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
214 
215 	/*
216 	 * If the cl_bootstrap module is present,
217 	 * we should be configured as a cluster. Loading this module
218 	 * will set "cluster_bootflags" to non-zero.
219 	 */
220 	(void) modload("misc", "cl_bootstrap");
221 
222 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
223 	init_syscallnames(NSYSCALL);
224 
225 	/*
226 	 * Start up dynamic autoconfiguration framework (dacf).
227 	 */
228 	mod_hash_init();
229 	dacf_init();
230 
231 	/*
232 	 * Start up IP policy framework (ipp).
233 	 */
234 	ipp_init();
235 
236 	/*
237 	 * Allocate loadable native system call locks.
238 	 */
239 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
240 	    callnum++, callp++) {
241 		if (LOADABLE_SYSCALL(callp)) {
242 			if (mod_getsysname(callnum) != NULL) {
243 				callp->sy_lock =
244 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
245 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
246 			} else {
247 				callp->sy_flags &= ~SE_LOADABLE;
248 				callp->sy_callc = nosys;
249 			}
250 #ifdef DEBUG
251 		} else {
252 			/*
253 			 * Do some sanity checks on the sysent table
254 			 */
255 			switch (callp->sy_flags & SE_RVAL_MASK) {
256 			case SE_32RVAL1:
257 				/* only r_val1 returned */
258 			case SE_32RVAL1 | SE_32RVAL2:
259 				/* r_val1 and r_val2 returned */
260 			case SE_64RVAL:
261 				/* 64-bit rval returned */
262 				break;
263 			default:
264 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
265 				    callnum, callp->sy_flags);
266 			}
267 #endif
268 		}
269 	}
270 
271 #ifdef _SYSCALL32_IMPL
272 	/*
273 	 * Allocate loadable system call locks for 32-bit compat syscalls
274 	 */
275 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
276 	    callnum++, callp++) {
277 		if (LOADABLE_SYSCALL(callp)) {
278 			if (mod_getsysname(callnum) != NULL) {
279 				callp->sy_lock =
280 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
281 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
282 			} else {
283 				callp->sy_flags &= ~SE_LOADABLE;
284 				callp->sy_callc = nosys;
285 			}
286 #ifdef DEBUG
287 		} else {
288 			/*
289 			 * Do some sanity checks on the sysent table
290 			 */
291 			switch (callp->sy_flags & SE_RVAL_MASK) {
292 			case SE_32RVAL1:
293 				/* only r_val1 returned */
294 			case SE_32RVAL1 | SE_32RVAL2:
295 				/* r_val1 and r_val2 returned */
296 			case SE_64RVAL:
297 				/* 64-bit rval returned */
298 				break;
299 			default:
300 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
301 				    callnum, callp->sy_flags);
302 				goto skip;
303 			}
304 
305 			/*
306 			 * Cross-check the native and compatibility tables.
307 			 */
308 			if (callp->sy_callc == nosys ||
309 			    sysent[callnum].sy_callc == nosys)
310 				continue;
311 			/*
312 			 * If only one or the other slot is loadable, then
313 			 * there's an error -- they should match!
314 			 */
315 			if ((callp->sy_callc == loadable_syscall) ^
316 			    (sysent[callnum].sy_callc == loadable_syscall)) {
317 				cmn_err(CE_WARN, "sysent[%d] loadable?",
318 				    callnum);
319 			}
320 			/*
321 			 * This is more of a heuristic test -- if the
322 			 * system call returns two values in the 32-bit
323 			 * world, it should probably return two 32-bit
324 			 * values in the 64-bit world too.
325 			 */
326 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
327 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
328 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
329 				    callnum);
330 			}
331 skip:;
332 #endif	/* DEBUG */
333 		}
334 	}
335 #endif	/* _SYSCALL32_IMPL */
336 
337 	/*
338 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
339 	 */
340 	for (exectype = 0; exectype < nexectype; exectype++) {
341 		execsw[exectype].exec_lock =
342 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
343 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
344 	}
345 
346 	read_class_file();
347 
348 	/* init thread specific structure for mod_uninstall_all */
349 	tsd_create(&mod_autounload_key, NULL);
350 }
351 
352 static int
modctl_modload(int use_path,char * filename,int * rvp)353 modctl_modload(int use_path, char *filename, int *rvp)
354 {
355 	struct modctl *modp;
356 	int retval = 0;
357 	char *filenamep;
358 	int modid;
359 
360 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
361 
362 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
363 		retval = EFAULT;
364 		goto out;
365 	}
366 
367 	filenamep[MOD_MAXPATH - 1] = 0;
368 	modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
369 
370 	if (modp == NULL)
371 		goto out;
372 
373 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
374 	modid = modp->mod_id;
375 	mod_release_mod(modp);
376 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
377 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
378 		retval = EFAULT;
379 out:
380 	kmem_free(filenamep, MOD_MAXPATH);
381 
382 	return (retval);
383 }
384 
385 static int
modctl_modunload(modid_t id)386 modctl_modunload(modid_t id)
387 {
388 	int rval = 0;
389 
390 	if (id == 0) {
391 #ifdef DEBUG
392 		/*
393 		 * Turn on mod_uninstall_daemon
394 		 */
395 		if (mod_uninstall_interval == 0) {
396 			mod_uninstall_interval = 60;
397 			modreap();
398 			return (rval);
399 		}
400 #endif
401 		mod_uninstall_all();
402 	} else {
403 		rval = modunload(id);
404 	}
405 	return (rval);
406 }
407 
408 static int
modctl_modinfo(modid_t id,struct modinfo * umodi)409 modctl_modinfo(modid_t id, struct modinfo *umodi)
410 {
411 	int retval;
412 	struct modinfo modi;
413 #if defined(_SYSCALL32_IMPL)
414 	int nobase;
415 	struct modinfo32 modi32;
416 #endif
417 
418 	if (get_udatamodel() == DATAMODEL_NATIVE) {
419 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
420 			return (EFAULT);
421 	}
422 #ifdef _SYSCALL32_IMPL
423 	else {
424 		bzero(&modi, sizeof (modi));
425 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
426 			return (EFAULT);
427 		modi.mi_info = modi32.mi_info;
428 		modi.mi_id = modi32.mi_id;
429 		modi.mi_nextid = modi32.mi_nextid;
430 		nobase = modi.mi_info & MI_INFO_NOBASE;
431 	}
432 #endif
433 	/*
434 	 * This flag is -only- for the kernels use.
435 	 */
436 	modi.mi_info &= ~MI_INFO_LINKAGE;
437 
438 	retval = modinfo(id, &modi);
439 	if (retval)
440 		return (retval);
441 
442 	if (get_udatamodel() == DATAMODEL_NATIVE) {
443 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
444 			retval = EFAULT;
445 #ifdef _SYSCALL32_IMPL
446 	} else {
447 		int i;
448 
449 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
450 			return (EOVERFLOW);
451 
452 		modi32.mi_info = modi.mi_info;
453 		modi32.mi_state = modi.mi_state;
454 		modi32.mi_id = modi.mi_id;
455 		modi32.mi_nextid = modi.mi_nextid;
456 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
457 		modi32.mi_size = modi.mi_size;
458 		modi32.mi_rev = modi.mi_rev;
459 		modi32.mi_loadcnt = modi.mi_loadcnt;
460 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
461 		for (i = 0; i < MODMAXLINK32; i++) {
462 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
463 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
464 			    modi32.mi_msinfo[i].msi_linkinfo,
465 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
466 		}
467 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
468 			retval = EFAULT;
469 #endif
470 	}
471 
472 	return (retval);
473 }
474 
475 /*
476  * Return the last major number in the range of permissible major numbers.
477  */
478 /*ARGSUSED*/
479 static int
modctl_modreserve(modid_t id,int * data)480 modctl_modreserve(modid_t id, int *data)
481 {
482 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
483 		return (EFAULT);
484 	return (0);
485 }
486 
487 /* Add/Remove driver and binding aliases */
488 static int
modctl_update_driver_aliases(int add,int * data)489 modctl_update_driver_aliases(int add, int *data)
490 {
491 	struct modconfig	mc;
492 	int			i, n, rv = 0;
493 	struct aliases		alias;
494 	struct aliases		*ap;
495 	char			name[MAXMODCONFNAME];
496 	char			cname[MAXMODCONFNAME];
497 	char			*drvname;
498 	int			resid;
499 	struct alias_info {
500 		char	*alias_name;
501 		int	alias_resid;
502 	} *aliases, *aip;
503 
504 	bzero(&mc, sizeof (struct modconfig));
505 	if (get_udatamodel() == DATAMODEL_NATIVE) {
506 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
507 			return (EFAULT);
508 	}
509 #ifdef _SYSCALL32_IMPL
510 	else {
511 		struct modconfig32 modc32;
512 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
513 			return (EFAULT);
514 		else {
515 			bcopy(modc32.drvname, mc.drvname,
516 			    sizeof (modc32.drvname));
517 			bcopy(modc32.drvclass, mc.drvclass,
518 			    sizeof (modc32.drvclass));
519 			mc.major = modc32.major;
520 			mc.flags = modc32.flags;
521 			mc.num_aliases = modc32.num_aliases;
522 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
523 		}
524 	}
525 #endif
526 
527 	/*
528 	 * If the driver is already in the mb_hashtab, and the name given
529 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
530 	 * we may be adding aliases.
531 	 */
532 	drvname = mod_major_to_name(mc.major);
533 	if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
534 		return (EINVAL);
535 
536 	/*
537 	 * Precede alias removal by unbinding as many devices as possible.
538 	 */
539 	if (add == 0) {
540 		(void) i_ddi_unload_drvconf(mc.major);
541 		i_ddi_unbind_devs(mc.major);
542 	}
543 
544 	/*
545 	 * Add/remove each supplied driver alias to/from mb_hashtab
546 	 */
547 	ap = mc.ap;
548 	if (mc.num_aliases > 0)
549 		aliases = kmem_zalloc(
550 		    mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
551 	aip = aliases;
552 	for (i = 0; i < mc.num_aliases; i++) {
553 		bzero(&alias, sizeof (struct aliases));
554 		if (get_udatamodel() == DATAMODEL_NATIVE) {
555 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
556 				rv = EFAULT;
557 				goto error;
558 			}
559 			if (alias.a_len > MAXMODCONFNAME) {
560 				rv = EINVAL;
561 				goto error;
562 			}
563 			if (copyin(alias.a_name, name, alias.a_len) != 0) {
564 				rv = EFAULT;
565 				goto error;
566 			}
567 			if (name[alias.a_len - 1] != '\0') {
568 				rv = EINVAL;
569 				goto error;
570 			}
571 		}
572 #ifdef _SYSCALL32_IMPL
573 		else {
574 			struct aliases32 al32;
575 			bzero(&al32, sizeof (struct aliases32));
576 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
577 				rv = EFAULT;
578 				goto error;
579 			}
580 			if (al32.a_len > MAXMODCONFNAME) {
581 				rv = EINVAL;
582 				goto error;
583 			}
584 			if (copyin((void *)(uintptr_t)al32.a_name,
585 			    name, al32.a_len) != 0) {
586 				rv = EFAULT;
587 				goto error;
588 			}
589 			if (name[al32.a_len - 1] != '\0') {
590 				rv = EINVAL;
591 				goto error;
592 			}
593 			alias.a_next = (void *)(uintptr_t)al32.a_next;
594 		}
595 #endif
596 		check_esc_sequences(name, cname);
597 		aip->alias_name = strdup(cname);
598 		ap = alias.a_next;
599 		aip++;
600 	}
601 
602 	if (add == 0) {
603 		ap = mc.ap;
604 		resid = 0;
605 		aip = aliases;
606 		/* attempt to unbind all devices bound to each alias */
607 		for (i = 0; i < mc.num_aliases; i++) {
608 			n = i_ddi_unbind_devs_by_alias(
609 			    mc.major, aip->alias_name);
610 			resid += n;
611 			aip->alias_resid = n;
612 		}
613 
614 		/*
615 		 * If some device bound to an alias remains in use,
616 		 * and override wasn't specified, no change is made to
617 		 * the binding state and we fail the operation.
618 		 */
619 		if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
620 			rv = EBUSY;
621 			goto error;
622 		}
623 
624 		/*
625 		 * No device remains bound of any of the aliases,
626 		 * or force was requested.  Mark each alias as
627 		 * inactive via delete_mbind so no future binds
628 		 * to this alias take place and that a new
629 		 * binding can be established.
630 		 */
631 		aip = aliases;
632 		for (i = 0; i < mc.num_aliases; i++) {
633 			if (moddebug & MODDEBUG_BINDING)
634 				cmn_err(CE_CONT, "Removing binding for %s "
635 				    "(%d active references)\n",
636 				    aip->alias_name, aip->alias_resid);
637 			delete_mbind(aip->alias_name, mb_hashtab);
638 			aip++;
639 		}
640 		rv = 0;
641 	} else {
642 		aip = aliases;
643 		for (i = 0; i < mc.num_aliases; i++) {
644 			if (moddebug & MODDEBUG_BINDING)
645 				cmn_err(CE_NOTE, "Adding binding for '%s'\n",
646 				    aip->alias_name);
647 			(void) make_mbind(aip->alias_name,
648 			    mc.major, NULL, mb_hashtab);
649 			aip++;
650 		}
651 		/*
652 		 * Try to establish an mbinding for mc.drvname, and add it to
653 		 * devnames. Add class if any after establishing the major
654 		 * number.
655 		 */
656 		(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
657 		if ((rv = make_devname(mc.drvname, mc.major,
658 		    (mc.flags & MOD_ADDMAJBIND_UPDATE) ?
659 		    DN_DRIVER_INACTIVE : 0)) != 0) {
660 			goto error;
661 		}
662 
663 		if (mc.drvclass[0] != '\0')
664 			add_class(mc.drvname, mc.drvclass);
665 		if ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0) {
666 			(void) i_ddi_load_drvconf(mc.major);
667 		}
668 	}
669 
670 	/*
671 	 * Ensure that all nodes are bound to the most appropriate driver
672 	 * possible, attempting demotion and rebind when a more appropriate
673 	 * driver now exists.  But not when adding a driver update-only.
674 	 */
675 	if ((add == 0) || ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0)) {
676 		i_ddi_bind_devs();
677 		i_ddi_di_cache_invalidate();
678 	}
679 
680 error:
681 	if (mc.num_aliases > 0) {
682 		aip = aliases;
683 		for (i = 0; i < mc.num_aliases; i++) {
684 			if (aip->alias_name != NULL)
685 				strfree(aip->alias_name);
686 			aip++;
687 		}
688 		kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
689 	}
690 	return (rv);
691 }
692 
693 static int
modctl_add_driver_aliases(int * data)694 modctl_add_driver_aliases(int *data)
695 {
696 	return (modctl_update_driver_aliases(1, data));
697 }
698 
699 static int
modctl_remove_driver_aliases(int * data)700 modctl_remove_driver_aliases(int *data)
701 {
702 	return (modctl_update_driver_aliases(0, data));
703 }
704 
705 static int
modctl_rem_major(major_t major)706 modctl_rem_major(major_t major)
707 {
708 	struct devnames *dnp;
709 
710 	if (major >= devcnt)
711 		return (EINVAL);
712 
713 	/* mark devnames as removed */
714 	dnp = &devnamesp[major];
715 	LOCK_DEV_OPS(&dnp->dn_lock);
716 	if (dnp->dn_name == NULL ||
717 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
718 		UNLOCK_DEV_OPS(&dnp->dn_lock);
719 		return (EINVAL);
720 	}
721 	dnp->dn_flags |= DN_DRIVER_REMOVED;
722 	pm_driver_removed(major);
723 	UNLOCK_DEV_OPS(&dnp->dn_lock);
724 
725 	(void) i_ddi_unload_drvconf(major);
726 	i_ddi_unbind_devs(major);
727 	i_ddi_bind_devs();
728 	i_ddi_di_cache_invalidate();
729 
730 	/* purge all the bindings to this driver */
731 	purge_mbind(major, mb_hashtab);
732 	return (0);
733 }
734 
735 static struct vfs *
path_to_vfs(char * name)736 path_to_vfs(char *name)
737 {
738 	vnode_t *vp;
739 	struct vfs *vfsp;
740 
741 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
742 		return (NULL);
743 
744 	vfsp = vp->v_vfsp;
745 	VN_RELE(vp);
746 	return (vfsp);
747 }
748 
749 static int
new_vfs_in_modpath()750 new_vfs_in_modpath()
751 {
752 	static int n_modpath = 0;
753 	static char *modpath_copy;
754 	static struct pathvfs {
755 		char *path;
756 		struct vfs *vfsp;
757 	} *pathvfs;
758 
759 	int i, new_vfs = 0;
760 	char *tmp, *tmp1;
761 	struct vfs *vfsp;
762 
763 	if (n_modpath != 0) {
764 		for (i = 0; i < n_modpath; i++) {
765 			vfsp = path_to_vfs(pathvfs[i].path);
766 			if (vfsp != pathvfs[i].vfsp) {
767 				pathvfs[i].vfsp = vfsp;
768 				if (vfsp)
769 					new_vfs = 1;
770 			}
771 		}
772 		return (new_vfs);
773 	}
774 
775 	/*
776 	 * First call, initialize the pathvfs structure
777 	 */
778 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
779 	tmp = modpath_copy;
780 	n_modpath = 1;
781 	tmp1 = strchr(tmp, ' ');
782 	while (tmp1) {
783 		*tmp1 = '\0';
784 		n_modpath++;
785 		tmp = tmp1 + 1;
786 		tmp1 = strchr(tmp, ' ');
787 	}
788 
789 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
790 	tmp = modpath_copy;
791 	for (i = 0; i < n_modpath; i++) {
792 		pathvfs[i].path = tmp;
793 		vfsp = path_to_vfs(tmp);
794 		pathvfs[i].vfsp = vfsp;
795 		tmp += strlen(tmp) + 1;
796 	}
797 	return (1);	/* always reread driver.conf the first time */
798 }
799 
800 static int
modctl_load_drvconf(major_t major,int flags)801 modctl_load_drvconf(major_t major, int flags)
802 {
803 	int ret;
804 
805 	/*
806 	 * devfsadm -u - read all new driver.conf files
807 	 * and bind and configure devices for new drivers.
808 	 */
809 	if (flags & MOD_LOADDRVCONF_RECONF) {
810 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
811 		i_ddi_bind_devs();
812 		i_ddi_di_cache_invalidate();
813 		return (0);
814 	}
815 
816 	/*
817 	 * update_drv <drv> - reload driver.conf for the specified driver
818 	 */
819 	if (major != DDI_MAJOR_T_NONE) {
820 		ret = i_ddi_load_drvconf(major);
821 		if (ret == 0)
822 			i_ddi_bind_devs();
823 		return (ret);
824 	}
825 
826 	/*
827 	 * We are invoked to rescan new driver.conf files. It is
828 	 * only necessary if a new file system was mounted in the
829 	 * module_path. Because rescanning driver.conf files can
830 	 * take some time on older platforms (sun4m), the following
831 	 * code skips unnecessary driver.conf rescans to optimize
832 	 * boot performance.
833 	 */
834 	if (new_vfs_in_modpath()) {
835 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
836 		/*
837 		 * If we are still initializing io subsystem,
838 		 * load drivers with ddi-forceattach property
839 		 */
840 		if (!i_ddi_io_initialized())
841 			i_ddi_forceattach_drivers();
842 	}
843 	return (0);
844 }
845 
846 /*
847  * Unload driver.conf file and follow up by attempting
848  * to rebind devices to more appropriate driver.
849  */
850 static int
modctl_unload_drvconf(major_t major)851 modctl_unload_drvconf(major_t major)
852 {
853 	int ret;
854 
855 	if (major >= devcnt)
856 		return (EINVAL);
857 
858 	ret = i_ddi_unload_drvconf(major);
859 	if (ret != 0)
860 		return (ret);
861 	(void) i_ddi_unbind_devs(major);
862 	i_ddi_bind_devs();
863 
864 	return (0);
865 }
866 
867 static void
check_esc_sequences(char * str,char * cstr)868 check_esc_sequences(char *str, char *cstr)
869 {
870 	int i;
871 	size_t len;
872 	char *p;
873 
874 	len = strlen(str);
875 	for (i = 0; i < len; i++, str++, cstr++) {
876 		if (*str != '\\') {
877 			*cstr = *str;
878 		} else {
879 			p = str + 1;
880 			/*
881 			 * we only handle octal escape sequences for SPACE
882 			 */
883 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
884 				*cstr = ' ';
885 				str += 3;
886 			} else {
887 				*cstr = *str;
888 			}
889 		}
890 	}
891 	*cstr = 0;
892 }
893 
894 static int
modctl_getmodpathlen(int * data)895 modctl_getmodpathlen(int *data)
896 {
897 	int len;
898 	len = strlen(default_path);
899 	if (copyout(&len, data, sizeof (len)) != 0)
900 		return (EFAULT);
901 	return (0);
902 }
903 
904 static int
modctl_getmodpath(char * data)905 modctl_getmodpath(char *data)
906 {
907 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
908 		return (EFAULT);
909 	return (0);
910 }
911 
912 static int
modctl_read_sysbinding_file(void)913 modctl_read_sysbinding_file(void)
914 {
915 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
916 	return (0);
917 }
918 
919 static int
modctl_getmaj(char * uname,uint_t ulen,int * umajorp)920 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
921 {
922 	char name[256];
923 	int retval;
924 	major_t major;
925 
926 	if (ulen == 0)
927 		return (EINVAL);
928 	if ((retval = copyinstr(uname, name,
929 	    (ulen < 256) ? ulen : 256, 0)) != 0)
930 		return (retval);
931 	if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
932 		return (ENODEV);
933 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
934 		return (EFAULT);
935 	return (0);
936 }
937 
938 static char **
convert_constraint_string(char * constraints,size_t len)939 convert_constraint_string(char *constraints, size_t len)
940 {
941 	int	i;
942 	int	n;
943 	char	*p;
944 	char	**array;
945 
946 	ASSERT(constraints != NULL);
947 	ASSERT(len > 0);
948 
949 	for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
950 		;
951 
952 	n = i;
953 
954 	if (n == 0) {
955 		kmem_free(constraints, len);
956 		return (NULL);
957 	}
958 
959 	array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
960 
961 	for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
962 		array[i] = i_ddi_strdup(p, KM_SLEEP);
963 	}
964 	array[n] = NULL;
965 
966 	kmem_free(constraints, len);
967 
968 	return (array);
969 }
970 /*ARGSUSED*/
971 static int
modctl_retire(char * path,char * uconstraints,size_t ulen)972 modctl_retire(char *path, char *uconstraints, size_t ulen)
973 {
974 	char	*pathbuf;
975 	char	*devpath;
976 	size_t	pathsz;
977 	int	retval;
978 	char	*constraints;
979 	char	**cons_array;
980 
981 	if (path == NULL)
982 		return (EINVAL);
983 
984 	if ((uconstraints == NULL) ^ (ulen == 0))
985 		return (EINVAL);
986 
987 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
988 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
989 	if (retval != 0) {
990 		kmem_free(pathbuf, MAXPATHLEN);
991 		return (retval);
992 	}
993 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
994 	kmem_free(pathbuf, MAXPATHLEN);
995 
996 	/*
997 	 * First check if the device is already retired.
998 	 * If it is, then persist the retire anyway, just in case the retire
999 	 * store has got out of sync with the boot archive.
1000 	 */
1001 	if (e_ddi_device_retired(devpath)) {
1002 		cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
1003 		(void) e_ddi_retire_persist(devpath);
1004 		kmem_free(devpath, strlen(devpath) + 1);
1005 		return (0);
1006 	}
1007 
1008 	cons_array = NULL;
1009 	if (uconstraints) {
1010 		constraints = kmem_alloc(ulen, KM_SLEEP);
1011 		if (copyin(uconstraints, constraints, ulen)) {
1012 			kmem_free(constraints, ulen);
1013 			kmem_free(devpath, strlen(devpath) + 1);
1014 			return (EFAULT);
1015 		}
1016 		cons_array = convert_constraint_string(constraints, ulen);
1017 	}
1018 
1019 	/*
1020 	 * Try to retire the device first. The following
1021 	 * routine will return an error only if the device
1022 	 * is not retireable i.e. retire constraints forbid
1023 	 * a retire. A return of success from this routine
1024 	 * indicates that device is retireable.
1025 	 */
1026 	retval = e_ddi_retire_device(devpath, cons_array);
1027 	if (retval != DDI_SUCCESS) {
1028 		cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
1029 		kmem_free(devpath, strlen(devpath) + 1);
1030 		return (ENOTSUP);
1031 	}
1032 
1033 	/*
1034 	 * Ok, the retire succeeded. Persist the retire.
1035 	 * If retiring a nexus, we need to only persist the
1036 	 * nexus retire. Any children of a retired nexus
1037 	 * are automatically covered by the retire store
1038 	 * code.
1039 	 */
1040 	retval = e_ddi_retire_persist(devpath);
1041 	if (retval != 0) {
1042 		cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1043 		    "%s", retval, devpath);
1044 		kmem_free(devpath, strlen(devpath) + 1);
1045 		return (retval);
1046 	}
1047 	if (moddebug & MODDEBUG_RETIRE)
1048 		cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1049 
1050 	kmem_free(devpath, strlen(devpath) + 1);
1051 	return (0);
1052 }
1053 
1054 static int
modctl_is_retired(char * path,int * statep)1055 modctl_is_retired(char *path, int *statep)
1056 {
1057 	char	*pathbuf;
1058 	char	*devpath;
1059 	size_t	pathsz;
1060 	int	error;
1061 	int	status;
1062 
1063 	if (path == NULL || statep == NULL)
1064 		return (EINVAL);
1065 
1066 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1067 	error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1068 	if (error != 0) {
1069 		kmem_free(pathbuf, MAXPATHLEN);
1070 		return (error);
1071 	}
1072 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1073 	kmem_free(pathbuf, MAXPATHLEN);
1074 
1075 	if (e_ddi_device_retired(devpath))
1076 		status = 1;
1077 	else
1078 		status = 0;
1079 	kmem_free(devpath, strlen(devpath) + 1);
1080 
1081 	return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1082 }
1083 
1084 static int
modctl_unretire(char * path)1085 modctl_unretire(char *path)
1086 {
1087 	char	*pathbuf;
1088 	char	*devpath;
1089 	size_t	pathsz;
1090 	int	retired;
1091 	int	retval;
1092 
1093 	if (path == NULL)
1094 		return (EINVAL);
1095 
1096 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1097 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1098 	if (retval != 0) {
1099 		kmem_free(pathbuf, MAXPATHLEN);
1100 		return (retval);
1101 	}
1102 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1103 	kmem_free(pathbuf, MAXPATHLEN);
1104 
1105 	/*
1106 	 * We check if a device is retired (first) before
1107 	 * unpersisting the retire, because we use the
1108 	 * retire store to determine if a device is retired.
1109 	 * If we unpersist first, the device will always appear
1110 	 * to be unretired. For the rationale behind unpersisting
1111 	 * a device that is not retired, see the next comment.
1112 	 */
1113 	retired = e_ddi_device_retired(devpath);
1114 
1115 	/*
1116 	 * We call unpersist unconditionally because the lookup
1117 	 * for retired devices (e_ddi_device_retired()), skips "bypassed"
1118 	 * devices. We still want to be able remove "bypassed" entries
1119 	 * from the persistent store, so we unpersist unconditionally
1120 	 * i.e. whether or not the entry is found on a lookup.
1121 	 *
1122 	 * e_ddi_retire_unpersist() returns 1 if it found and cleared
1123 	 * an entry from the retire store or 0 otherwise.
1124 	 */
1125 	if (e_ddi_retire_unpersist(devpath))
1126 		if (moddebug & MODDEBUG_RETIRE) {
1127 			cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1128 			    devpath);
1129 		}
1130 
1131 	/*
1132 	 * Check if the device is already unretired. If so,
1133 	 * the unretire becomes a NOP
1134 	 */
1135 	if (!retired) {
1136 		cmn_err(CE_NOTE, "Not retired: %s", devpath);
1137 		kmem_free(devpath, strlen(devpath) + 1);
1138 		return (0);
1139 	}
1140 
1141 	retval = e_ddi_unretire_device(devpath);
1142 	if (retval != 0) {
1143 		cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1144 		    retval, devpath);
1145 	}
1146 
1147 	kmem_free(devpath, strlen(devpath) + 1);
1148 
1149 	return (retval);
1150 }
1151 
1152 static int
modctl_getname(char * uname,uint_t ulen,int * umajorp)1153 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1154 {
1155 	char *name;
1156 	major_t major;
1157 
1158 	if (copyin(umajorp, &major, sizeof (major)) != 0)
1159 		return (EFAULT);
1160 	if ((name = mod_major_to_name(major)) == NULL)
1161 		return (ENODEV);
1162 	if ((strlen(name) + 1) > ulen)
1163 		return (ENOSPC);
1164 	return (copyoutstr(name, uname, ulen, NULL));
1165 }
1166 
1167 static int
modctl_devt2instance(dev_t dev,int * uinstancep)1168 modctl_devt2instance(dev_t dev, int *uinstancep)
1169 {
1170 	int	instance;
1171 
1172 	if ((instance = dev_to_instance(dev)) == -1)
1173 		return (EINVAL);
1174 
1175 	return (copyout(&instance, uinstancep, sizeof (int)));
1176 }
1177 
1178 /*
1179  * Return the sizeof of the device id.
1180  */
1181 static int
modctl_sizeof_devid(dev_t dev,uint_t * len)1182 modctl_sizeof_devid(dev_t dev, uint_t *len)
1183 {
1184 	uint_t		sz;
1185 	ddi_devid_t	devid;
1186 
1187 	/* get device id */
1188 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1189 		return (EINVAL);
1190 
1191 	sz = ddi_devid_sizeof(devid);
1192 	ddi_devid_free(devid);
1193 
1194 	/* copyout device id size */
1195 	if (copyout(&sz, len, sizeof (sz)) != 0)
1196 		return (EFAULT);
1197 
1198 	return (0);
1199 }
1200 
1201 /*
1202  * Return a copy of the device id.
1203  */
1204 static int
modctl_get_devid(dev_t dev,uint_t len,ddi_devid_t udevid)1205 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1206 {
1207 	uint_t		sz;
1208 	ddi_devid_t	devid;
1209 	int		err = 0;
1210 
1211 	/* get device id */
1212 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1213 		return (EINVAL);
1214 
1215 	sz = ddi_devid_sizeof(devid);
1216 
1217 	/* Error if device id is larger than space allocated */
1218 	if (sz > len) {
1219 		ddi_devid_free(devid);
1220 		return (ENOSPC);
1221 	}
1222 
1223 	/* copy out device id */
1224 	if (copyout(devid, udevid, sz) != 0)
1225 		err = EFAULT;
1226 	ddi_devid_free(devid);
1227 	return (err);
1228 }
1229 
1230 /*
1231  * return the /devices paths associated with the specified devid and
1232  * minor name.
1233  */
1234 /*ARGSUSED*/
1235 static int
modctl_devid2paths(ddi_devid_t udevid,char * uminor_name,uint_t flag,size_t * ulensp,char * upaths)1236 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1237 	size_t *ulensp, char *upaths)
1238 {
1239 	ddi_devid_t	devid = NULL;
1240 	int		devid_len;
1241 	char		*minor_name = NULL;
1242 	dev_info_t	*dip = NULL;
1243 	int		circ;
1244 	struct ddi_minor_data	*dmdp;
1245 	char		*path = NULL;
1246 	int		ulens;
1247 	int		lens;
1248 	int		len;
1249 	dev_t		*devlist = NULL;
1250 	int		ndevs;
1251 	int		i;
1252 	int		ret = 0;
1253 
1254 	/*
1255 	 * If upaths is NULL then we are only computing the amount of space
1256 	 * needed to hold the paths and returning the value in *ulensp. If we
1257 	 * are copying out paths then we get the amount of space allocated by
1258 	 * the caller. If the actual space needed for paths is larger, or
1259 	 * things are changing out from under us, then we return EAGAIN.
1260 	 */
1261 	if (upaths) {
1262 		if (ulensp == NULL)
1263 			return (EINVAL);
1264 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1265 			return (EFAULT);
1266 	}
1267 
1268 	/*
1269 	 * copyin enough of the devid to determine the length then
1270 	 * reallocate and copy in the entire devid.
1271 	 */
1272 	devid_len = ddi_devid_sizeof(NULL);
1273 	devid = kmem_alloc(devid_len, KM_SLEEP);
1274 	if (copyin(udevid, devid, devid_len)) {
1275 		ret = EFAULT;
1276 		goto out;
1277 	}
1278 	len = devid_len;
1279 	devid_len = ddi_devid_sizeof(devid);
1280 	kmem_free(devid, len);
1281 	devid = kmem_alloc(devid_len, KM_SLEEP);
1282 	if (copyin(udevid, devid, devid_len)) {
1283 		ret = EFAULT;
1284 		goto out;
1285 	}
1286 
1287 	/* copyin the minor name if specified. */
1288 	minor_name = uminor_name;
1289 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1290 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1291 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1292 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1293 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1294 			ret = EFAULT;
1295 			goto out;
1296 		}
1297 	}
1298 
1299 	/*
1300 	 * Use existing function to resolve the devid into a devlist.
1301 	 *
1302 	 * NOTE: there is a loss of spectype information in the current
1303 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
1304 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1305 	 * node forms in the loop processing the devlist below. It would be
1306 	 * best if at some point the use of this interface here was replaced
1307 	 * with a path oriented call.
1308 	 */
1309 	if (ddi_lyr_devid_to_devlist(devid,
1310 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
1311 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
1312 	    &ndevs, &devlist) != DDI_SUCCESS) {
1313 		ret = EINVAL;
1314 		goto out;
1315 	}
1316 
1317 	/*
1318 	 * loop over the devlist, converting each devt to a path and doing
1319 	 * a copyout of the path and computation of the amount of space
1320 	 * needed to hold all the paths
1321 	 */
1322 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1323 	for (i = 0, lens = 0; i < ndevs; i++) {
1324 
1325 		/* find the dip associated with the dev_t */
1326 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1327 			continue;
1328 
1329 		/* loop over all the minor nodes, skipping ones we don't want */
1330 		ndi_devi_enter(dip, &circ);
1331 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1332 			if ((dmdp->ddm_dev != devlist[i]) ||
1333 			    (dmdp->type != DDM_MINOR))
1334 				continue;
1335 
1336 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1337 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1338 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1339 			    strcmp(minor_name, dmdp->ddm_name))
1340 				continue;
1341 			else {
1342 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1343 				    (dmdp->ddm_spec_type != S_IFCHR))
1344 					continue;
1345 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1346 				    (dmdp->ddm_spec_type != S_IFBLK))
1347 					continue;
1348 			}
1349 
1350 			(void) ddi_pathname_minor(dmdp, path);
1351 			len = strlen(path) + 1;
1352 			*(path + len) = '\0';	/* set double termination */
1353 			lens += len;
1354 
1355 			/* copyout the path with double terminations */
1356 			if (upaths) {
1357 				if (lens > ulens) {
1358 					ret = EAGAIN;
1359 					goto out;
1360 				}
1361 				if (copyout(path, upaths, len + 1)) {
1362 					ret = EFAULT;
1363 					goto out;
1364 				}
1365 				upaths += len;
1366 			}
1367 		}
1368 		ndi_devi_exit(dip, circ);
1369 		ddi_release_devi(dip);
1370 		dip = NULL;
1371 	}
1372 	lens++;		/* add one for double termination */
1373 
1374 	/* copy out the amount of space needed to hold the paths */
1375 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1376 		ret = EFAULT;
1377 		goto out;
1378 	}
1379 	ret = 0;
1380 
1381 out:	if (dip) {
1382 		ndi_devi_exit(dip, circ);
1383 		ddi_release_devi(dip);
1384 	}
1385 	if (path)
1386 		kmem_free(path, MAXPATHLEN);
1387 	if (devlist)
1388 		ddi_lyr_free_devlist(devlist, ndevs);
1389 	if (minor_name &&
1390 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1391 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1392 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1393 		kmem_free(minor_name, MAXPATHLEN);
1394 	if (devid)
1395 		kmem_free(devid, devid_len);
1396 	return (ret);
1397 }
1398 
1399 /*
1400  * Return the size of the minor name.
1401  */
1402 static int
modctl_sizeof_minorname(dev_t dev,int spectype,uint_t * len)1403 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1404 {
1405 	uint_t	sz;
1406 	char	*name;
1407 
1408 	/* get the minor name */
1409 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1410 		return (EINVAL);
1411 
1412 	sz = strlen(name) + 1;
1413 	kmem_free(name, sz);
1414 
1415 	/* copy out the size of the minor name */
1416 	if (copyout(&sz, len, sizeof (sz)) != 0)
1417 		return (EFAULT);
1418 
1419 	return (0);
1420 }
1421 
1422 /*
1423  * Return the minor name.
1424  */
1425 static int
modctl_get_minorname(dev_t dev,int spectype,uint_t len,char * uname)1426 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1427 {
1428 	uint_t	sz;
1429 	char	*name;
1430 	int	err = 0;
1431 
1432 	/* get the minor name */
1433 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1434 		return (EINVAL);
1435 
1436 	sz = strlen(name) + 1;
1437 
1438 	/* Error if the minor name is larger than the space allocated */
1439 	if (sz > len) {
1440 		kmem_free(name, sz);
1441 		return (ENOSPC);
1442 	}
1443 
1444 	/* copy out the minor name */
1445 	if (copyout(name, uname, sz) != 0)
1446 		err = EFAULT;
1447 	kmem_free(name, sz);
1448 	return (err);
1449 }
1450 
1451 /*
1452  * Return the size of the (dev_t,spectype) devfspath name.
1453  */
1454 static int
modctl_devfspath_len(dev_t dev,int spectype,uint_t * len)1455 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1456 {
1457 	uint_t	sz;
1458 	char	*name;
1459 
1460 	/* get the path name */
1461 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1462 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1463 		kmem_free(name, MAXPATHLEN);
1464 		return (EINVAL);
1465 	}
1466 
1467 	sz = strlen(name) + 1;
1468 	kmem_free(name, MAXPATHLEN);
1469 
1470 	/* copy out the size of the path name */
1471 	if (copyout(&sz, len, sizeof (sz)) != 0)
1472 		return (EFAULT);
1473 
1474 	return (0);
1475 }
1476 
1477 /*
1478  * Return the (dev_t,spectype) devfspath name.
1479  */
1480 static int
modctl_devfspath(dev_t dev,int spectype,uint_t len,char * uname)1481 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1482 {
1483 	uint_t	sz;
1484 	char	*name;
1485 	int	err = 0;
1486 
1487 	/* get the path name */
1488 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1489 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1490 		kmem_free(name, MAXPATHLEN);
1491 		return (EINVAL);
1492 	}
1493 
1494 	sz = strlen(name) + 1;
1495 
1496 	/* Error if the path name is larger than the space allocated */
1497 	if (sz > len) {
1498 		kmem_free(name, MAXPATHLEN);
1499 		return (ENOSPC);
1500 	}
1501 
1502 	/* copy out the path name */
1503 	if (copyout(name, uname, sz) != 0)
1504 		err = EFAULT;
1505 	kmem_free(name, MAXPATHLEN);
1506 	return (err);
1507 }
1508 
1509 /*
1510  * Return the size of the (major,instance) devfspath name.
1511  */
1512 static int
modctl_devfspath_mi_len(major_t major,int instance,uint_t * len)1513 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1514 {
1515 	uint_t	sz;
1516 	char	*name;
1517 
1518 	/* get the path name */
1519 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1520 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1521 		kmem_free(name, MAXPATHLEN);
1522 		return (EINVAL);
1523 	}
1524 
1525 	sz = strlen(name) + 1;
1526 	kmem_free(name, MAXPATHLEN);
1527 
1528 	/* copy out the size of the path name */
1529 	if (copyout(&sz, len, sizeof (sz)) != 0)
1530 		return (EFAULT);
1531 
1532 	return (0);
1533 }
1534 
1535 /*
1536  * Return the (major_instance) devfspath name.
1537  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1538  * return a path - it uses the instance tree.
1539  */
1540 static int
modctl_devfspath_mi(major_t major,int instance,uint_t len,char * uname)1541 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1542 {
1543 	uint_t	sz;
1544 	char	*name;
1545 	int	err = 0;
1546 
1547 	/* get the path name */
1548 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1549 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1550 		kmem_free(name, MAXPATHLEN);
1551 		return (EINVAL);
1552 	}
1553 
1554 	sz = strlen(name) + 1;
1555 
1556 	/* Error if the path name is larger than the space allocated */
1557 	if (sz > len) {
1558 		kmem_free(name, MAXPATHLEN);
1559 		return (ENOSPC);
1560 	}
1561 
1562 	/* copy out the path name */
1563 	if (copyout(name, uname, sz) != 0)
1564 		err = EFAULT;
1565 	kmem_free(name, MAXPATHLEN);
1566 	return (err);
1567 }
1568 
1569 static int
modctl_get_fbname(char * path)1570 modctl_get_fbname(char *path)
1571 {
1572 	extern dev_t fbdev;
1573 	char *pathname = NULL;
1574 	int rval = 0;
1575 
1576 	/* make sure fbdev is set before we plunge in */
1577 	if (fbdev == NODEV)
1578 		return (ENODEV);
1579 
1580 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1581 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1582 	    pathname)) == DDI_SUCCESS) {
1583 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1584 			rval = EFAULT;
1585 		}
1586 	}
1587 	kmem_free(pathname, MAXPATHLEN);
1588 	return (rval);
1589 }
1590 
1591 /*
1592  * modctl_reread_dacf()
1593  *	Reread the dacf rules database from the named binding file.
1594  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1595  */
1596 static int
modctl_reread_dacf(char * path)1597 modctl_reread_dacf(char *path)
1598 {
1599 	int rval = 0;
1600 	char *filename, *filenamep;
1601 
1602 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1603 
1604 	if (path == NULL) {
1605 		filenamep = NULL;
1606 	} else {
1607 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1608 			rval = EFAULT;
1609 			goto out;
1610 		}
1611 		filenamep = filename;
1612 		filenamep[MAXPATHLEN - 1] = '\0';
1613 	}
1614 
1615 	rval = read_dacf_binding_file(filenamep);
1616 out:
1617 	kmem_free(filename, MAXPATHLEN);
1618 	return (rval);
1619 }
1620 
1621 /*ARGSUSED*/
1622 static int
modctl_modevents(int subcmd,uintptr_t a2,uintptr_t a3,uintptr_t a4,uint_t flag)1623 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1624     uint_t flag)
1625 {
1626 	int error = 0;
1627 	char *filenamep;
1628 
1629 	switch (subcmd) {
1630 
1631 	case MODEVENTS_FLUSH:
1632 		/* flush all currently queued events */
1633 		log_sysevent_flushq(subcmd, flag);
1634 		break;
1635 
1636 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1637 		/*
1638 		 * bind door_upcall to filename
1639 		 * this should only be done once per invocation
1640 		 * of the event daemon.
1641 		 */
1642 
1643 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1644 
1645 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1646 			error = EFAULT;
1647 		} else {
1648 			error = log_sysevent_filename(filenamep);
1649 		}
1650 		kmem_free(filenamep, MOD_MAXPATH);
1651 		break;
1652 
1653 	case MODEVENTS_GETDATA:
1654 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1655 		    (size_t)a3, (caddr_t)a4);
1656 		break;
1657 
1658 	case MODEVENTS_FREEDATA:
1659 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1660 		break;
1661 	case MODEVENTS_POST_EVENT:
1662 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1663 		    (sysevent_id_t *)a4);
1664 		break;
1665 	case MODEVENTS_REGISTER_EVENT:
1666 		error = log_sysevent_register((char *)a2, (char *)a3,
1667 		    (se_pubsub_t *)a4);
1668 		break;
1669 	default:
1670 		error = EINVAL;
1671 	}
1672 
1673 	return (error);
1674 }
1675 
1676 static void
free_mperm(mperm_t * mp)1677 free_mperm(mperm_t *mp)
1678 {
1679 	int len;
1680 
1681 	if (mp->mp_minorname) {
1682 		len = strlen(mp->mp_minorname) + 1;
1683 		kmem_free(mp->mp_minorname, len);
1684 	}
1685 	kmem_free(mp, sizeof (mperm_t));
1686 }
1687 
1688 #define	MP_NO_DRV_ERR	\
1689 	"/etc/minor_perm: no driver for %s\n"
1690 
1691 #define	MP_EMPTY_MINOR	\
1692 	"/etc/minor_perm: empty minor name for driver %s\n"
1693 
1694 #define	MP_NO_MINOR	\
1695 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1696 
1697 /*
1698  * Remove mperm entry with matching minorname
1699  */
1700 static void
rem_minorperm(major_t major,char * drvname,mperm_t * mp,int is_clone)1701 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1702 {
1703 	mperm_t **mp_head;
1704 	mperm_t *freemp = NULL;
1705 	struct devnames *dnp = &devnamesp[major];
1706 	mperm_t **wildmp;
1707 
1708 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1709 
1710 	LOCK_DEV_OPS(&dnp->dn_lock);
1711 	if (strcmp(mp->mp_minorname, "*") == 0) {
1712 		wildmp = ((is_clone == 0) ?
1713 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1714 		if (*wildmp)
1715 			freemp = *wildmp;
1716 		*wildmp = NULL;
1717 	} else {
1718 		mp_head = &dnp->dn_mperm;
1719 		while (*mp_head) {
1720 			if (strcmp((*mp_head)->mp_minorname,
1721 			    mp->mp_minorname) != 0) {
1722 				mp_head = &(*mp_head)->mp_next;
1723 				continue;
1724 			}
1725 			/* remove the entry */
1726 			freemp = *mp_head;
1727 			*mp_head = freemp->mp_next;
1728 			break;
1729 		}
1730 	}
1731 	if (freemp) {
1732 		if (moddebug & MODDEBUG_MINORPERM) {
1733 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1734 			    drvname, freemp->mp_minorname,
1735 			    freemp->mp_mode & 0777,
1736 			    freemp->mp_uid, freemp->mp_gid);
1737 		}
1738 		free_mperm(freemp);
1739 	} else {
1740 		if (moddebug & MODDEBUG_MINORPERM) {
1741 			cmn_err(CE_CONT, MP_NO_MINOR,
1742 			    drvname, mp->mp_minorname);
1743 		}
1744 	}
1745 
1746 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1747 }
1748 
1749 /*
1750  * Add minor perm entry
1751  */
1752 static void
add_minorperm(major_t major,char * drvname,mperm_t * mp,int is_clone)1753 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1754 {
1755 	mperm_t **mp_head;
1756 	mperm_t *freemp = NULL;
1757 	struct devnames *dnp = &devnamesp[major];
1758 	mperm_t **wildmp;
1759 
1760 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1761 
1762 	/*
1763 	 * Note that update_drv replace semantics require
1764 	 * replacing matching entries with the new permissions.
1765 	 */
1766 	LOCK_DEV_OPS(&dnp->dn_lock);
1767 	if (strcmp(mp->mp_minorname, "*") == 0) {
1768 		wildmp = ((is_clone == 0) ?
1769 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1770 		if (*wildmp)
1771 			freemp = *wildmp;
1772 		*wildmp = mp;
1773 	} else {
1774 		mperm_t *p, *v = NULL;
1775 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1776 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1777 				if (v == NULL)
1778 					dnp->dn_mperm = mp;
1779 				else
1780 					v->mp_next = mp;
1781 				mp->mp_next = p->mp_next;
1782 				freemp = p;
1783 				goto replaced;
1784 			}
1785 		}
1786 		if (p == NULL) {
1787 			mp_head = &dnp->dn_mperm;
1788 			if (*mp_head == NULL) {
1789 				*mp_head = mp;
1790 			} else {
1791 				mp->mp_next = *mp_head;
1792 				*mp_head = mp;
1793 			}
1794 		}
1795 	}
1796 replaced:
1797 	if (freemp) {
1798 		if (moddebug & MODDEBUG_MINORPERM) {
1799 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1800 			    drvname, freemp->mp_minorname,
1801 			    freemp->mp_mode & 0777,
1802 			    freemp->mp_uid, freemp->mp_gid);
1803 		}
1804 		free_mperm(freemp);
1805 	}
1806 	if (moddebug & MODDEBUG_MINORPERM) {
1807 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1808 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1809 		    mp->mp_uid, mp->mp_gid);
1810 	}
1811 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1812 }
1813 
1814 
1815 static int
process_minorperm(int cmd,nvlist_t * nvl)1816 process_minorperm(int cmd, nvlist_t *nvl)
1817 {
1818 	char *minor;
1819 	major_t major;
1820 	mperm_t *mp;
1821 	nvpair_t *nvp;
1822 	char *name;
1823 	int is_clone;
1824 	major_t minmaj;
1825 
1826 	ASSERT(cmd == MODLOADMINORPERM ||
1827 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1828 
1829 	nvp = NULL;
1830 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1831 		name = nvpair_name(nvp);
1832 
1833 		is_clone = 0;
1834 		(void) nvpair_value_string(nvp, &minor);
1835 		major = ddi_name_to_major(name);
1836 		if (major != DDI_MAJOR_T_NONE) {
1837 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1838 			if (minor == NULL || strlen(minor) == 0) {
1839 				if (moddebug & MODDEBUG_MINORPERM) {
1840 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1841 				}
1842 				minor = "*";
1843 			}
1844 
1845 			/*
1846 			 * The minor name of a node using the clone
1847 			 * driver must be the driver name.  To avoid
1848 			 * multiple searches, we map entries in the form
1849 			 * clone:<driver> to <driver>:*.  This also allows us
1850 			 * to filter out some of the litter in /etc/minor_perm.
1851 			 * Minor perm alias entries where the name is not
1852 			 * the driver kept on the clone list itself.
1853 			 * This all seems very fragile as a driver could
1854 			 * be introduced with an existing alias name.
1855 			 */
1856 			if (strcmp(name, "clone") == 0) {
1857 				minmaj = ddi_name_to_major(minor);
1858 				if (minmaj != DDI_MAJOR_T_NONE) {
1859 					if (moddebug & MODDEBUG_MINORPERM) {
1860 						cmn_err(CE_CONT,
1861 						    "mapping %s:%s to %s:*\n",
1862 						    name, minor, minor);
1863 					}
1864 					major = minmaj;
1865 					name = minor;
1866 					minor = "*";
1867 					is_clone = 1;
1868 				}
1869 			}
1870 
1871 			if (mp) {
1872 				mp->mp_minorname =
1873 				    i_ddi_strdup(minor, KM_SLEEP);
1874 			}
1875 		} else {
1876 			mp = NULL;
1877 			if (moddebug & MODDEBUG_MINORPERM) {
1878 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1879 			}
1880 		}
1881 
1882 		/* mode */
1883 		nvp = nvlist_next_nvpair(nvl, nvp);
1884 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1885 		if (mp)
1886 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1887 		/* uid */
1888 		nvp = nvlist_next_nvpair(nvl, nvp);
1889 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1890 		if (mp)
1891 			(void) nvpair_value_uint32(nvp, &mp->mp_uid);
1892 		/* gid */
1893 		nvp = nvlist_next_nvpair(nvl, nvp);
1894 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1895 		if (mp) {
1896 			(void) nvpair_value_uint32(nvp, &mp->mp_gid);
1897 
1898 			if (cmd == MODREMMINORPERM) {
1899 				rem_minorperm(major, name, mp, is_clone);
1900 				free_mperm(mp);
1901 			} else {
1902 				add_minorperm(major, name, mp, is_clone);
1903 			}
1904 		}
1905 	}
1906 
1907 	if (cmd == MODLOADMINORPERM)
1908 		minorperm_loaded = 1;
1909 
1910 	/*
1911 	 * Reset permissions of cached dv_nodes
1912 	 */
1913 	(void) devfs_reset_perm(DV_RESET_PERM);
1914 
1915 	return (0);
1916 }
1917 
1918 static int
modctl_minorperm(int cmd,char * usrbuf,size_t buflen)1919 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1920 {
1921 	int error;
1922 	nvlist_t *nvl;
1923 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1924 
1925 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1926 		kmem_free(buf, buflen);
1927 		return (error);
1928 	}
1929 
1930 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1931 	kmem_free(buf, buflen);
1932 	if (error)
1933 		return (error);
1934 
1935 	error = process_minorperm(cmd, nvl);
1936 	nvlist_free(nvl);
1937 	return (error);
1938 }
1939 
1940 struct walk_args {
1941 	char		*wa_drvname;
1942 	list_t		wa_pathlist;
1943 };
1944 
1945 struct path_elem {
1946 	char		*pe_dir;
1947 	char		*pe_nodename;
1948 	list_node_t	pe_node;
1949 	int		pe_dirlen;
1950 };
1951 
1952 /*ARGSUSED*/
1953 static int
modctl_inst_walker(const char * path,in_node_t * np,in_drv_t * dp,void * arg)1954 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1955 {
1956 	struct walk_args *wargs = (struct walk_args *)arg;
1957 	struct path_elem *pe;
1958 	char *nodename;
1959 
1960 	/*
1961 	 * Search may be restricted to a single driver in the case of rem_drv
1962 	 */
1963 	if (wargs->wa_drvname &&
1964 	    strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1965 		return (INST_WALK_CONTINUE);
1966 
1967 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1968 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1969 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1970 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1971 	nodename = strrchr(pe->pe_dir, '/');
1972 	*nodename++ = 0;
1973 	pe->pe_nodename = nodename;
1974 	list_insert_tail(&wargs->wa_pathlist, pe);
1975 
1976 	return (INST_WALK_CONTINUE);
1977 }
1978 
1979 /*
1980  * /devices attribute nodes clean-up optionally performed
1981  * when removing a driver (rem_drv -C).
1982  *
1983  * Removing attribute nodes allows a machine to be reprovisioned
1984  * without the side-effect of inadvertently picking up stale
1985  * device node ownership or permissions.
1986  *
1987  * Preserving attributes (not performing cleanup) allows devices
1988  * attribute changes to be preserved across upgrades, as
1989  * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1990  */
1991 static int
modctl_remdrv_cleanup(const char * u_drvname)1992 modctl_remdrv_cleanup(const char *u_drvname)
1993 {
1994 	struct walk_args *wargs;
1995 	struct path_elem *pe;
1996 	char *drvname;
1997 	int err, rval = 0;
1998 
1999 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
2000 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
2001 		kmem_free(drvname, MAXMODCONFNAME);
2002 		return (err);
2003 	}
2004 
2005 	/*
2006 	 * First go through the instance database.  For each
2007 	 * instance of a device bound to the driver being
2008 	 * removed, remove any underlying devfs attribute nodes.
2009 	 *
2010 	 * This is a two-step process.	First we go through
2011 	 * the instance data itself, constructing a list of
2012 	 * the nodes discovered.  The second step is then
2013 	 * to find and remove any devfs attribute nodes
2014 	 * for the instances discovered in the first step.
2015 	 * The two-step process avoids any difficulties
2016 	 * which could arise by holding the instance data
2017 	 * lock with simultaneous devfs operations.
2018 	 */
2019 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2020 
2021 	wargs->wa_drvname = drvname;
2022 	list_create(&wargs->wa_pathlist,
2023 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2024 
2025 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2026 
2027 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2028 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2029 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2030 		    (const char *)pe->pe_nodename);
2031 		if (rval == 0)
2032 			rval = err;
2033 	}
2034 
2035 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2036 		list_remove(&wargs->wa_pathlist, pe);
2037 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2038 		kmem_free(pe, sizeof (*pe));
2039 	}
2040 	kmem_free(wargs, sizeof (*wargs));
2041 
2042 	/*
2043 	 * Pseudo nodes aren't recorded in the instance database
2044 	 * so any such nodes need to be handled separately.
2045 	 */
2046 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2047 	if (rval == 0)
2048 		rval = err;
2049 
2050 	kmem_free(drvname, MAXMODCONFNAME);
2051 	return (rval);
2052 }
2053 
2054 /*
2055  * Perform a cleanup of non-existent /devices attribute nodes,
2056  * similar to rem_drv -C, but for all drivers/devices.
2057  * This is also optional, performed as part of devfsadm -C.
2058  */
2059 void
dev_devices_cleanup()2060 dev_devices_cleanup()
2061 {
2062 	struct walk_args *wargs;
2063 	struct path_elem *pe;
2064 	dev_info_t *devi;
2065 	char *path;
2066 	int err;
2067 
2068 	/*
2069 	 * It's expected that all drivers have been loaded and
2070 	 * module unloading disabled while performing cleanup.
2071 	 */
2072 	ASSERT(modunload_disable_count > 0);
2073 
2074 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2075 	wargs->wa_drvname = NULL;
2076 	list_create(&wargs->wa_pathlist,
2077 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2078 
2079 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2080 
2081 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2082 
2083 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2084 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2085 		(void) snprintf(path, MAXPATHLEN, "%s/%s",
2086 		    pe->pe_dir, pe->pe_nodename);
2087 		devi = e_ddi_hold_devi_by_path(path, 0);
2088 		if (devi != NULL) {
2089 			ddi_release_devi(devi);
2090 		} else {
2091 			err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2092 			    (const char *)pe->pe_nodename);
2093 			if (err) {
2094 				cmn_err(CE_CONT,
2095 				    "devfs: %s: clean-up error %d\n",
2096 				    path, err);
2097 			}
2098 		}
2099 	}
2100 
2101 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2102 		list_remove(&wargs->wa_pathlist, pe);
2103 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2104 		kmem_free(pe, sizeof (*pe));
2105 	}
2106 	kmem_free(wargs, sizeof (*wargs));
2107 	kmem_free(path, MAXPATHLEN);
2108 }
2109 
2110 static int
modctl_allocpriv(const char * name)2111 modctl_allocpriv(const char *name)
2112 {
2113 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2114 	int error;
2115 
2116 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2117 		kmem_free(pstr, PRIVNAME_MAX);
2118 		return (error);
2119 	}
2120 	error = priv_getbyname(pstr, PRIV_ALLOC);
2121 	if (error < 0)
2122 		error = -error;
2123 	else
2124 		error = 0;
2125 	kmem_free(pstr, PRIVNAME_MAX);
2126 	return (error);
2127 }
2128 
2129 static int
modctl_devexists(const char * upath,int pathlen)2130 modctl_devexists(const char *upath, int pathlen)
2131 {
2132 	char	*path;
2133 	int	ret;
2134 
2135 	/*
2136 	 * copy in the path, including the terminating null
2137 	 */
2138 	pathlen++;
2139 	if (pathlen <= 1 || pathlen > MAXPATHLEN)
2140 		return (EINVAL);
2141 	path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2142 	if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2143 		ret = sdev_modctl_devexists(path);
2144 	}
2145 
2146 	kmem_free(path, pathlen + 1);
2147 	return (ret);
2148 }
2149 
2150 static int
modctl_devreaddir(const char * udir,int udirlen,char * upaths,int64_t * ulensp)2151 modctl_devreaddir(const char *udir, int udirlen,
2152     char *upaths, int64_t *ulensp)
2153 {
2154 	char	*paths = NULL;
2155 	char	**dirlist = NULL;
2156 	char	*dir;
2157 	int64_t	ulens;
2158 	int64_t	lens;
2159 	int	i, n;
2160 	int	ret = 0;
2161 	char	*p;
2162 	int	npaths;
2163 	int	npaths_alloc;
2164 
2165 	/*
2166 	 * If upaths is NULL then we are only computing the amount of space
2167 	 * needed to return the paths, with the value returned in *ulensp. If we
2168 	 * are copying out paths then we get the amount of space allocated by
2169 	 * the caller. If the actual space needed for paths is larger, or
2170 	 * things are changing out from under us, then we return EAGAIN.
2171 	 */
2172 	if (upaths) {
2173 		if (ulensp == NULL)
2174 			return (EINVAL);
2175 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2176 			return (EFAULT);
2177 	}
2178 
2179 	/*
2180 	 * copyin the /dev path including terminating null
2181 	 */
2182 	udirlen++;
2183 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2184 		return (EINVAL);
2185 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2186 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2187 		goto err;
2188 
2189 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2190 	    &npaths, &npaths_alloc, 0)) != 0) {
2191 		ASSERT(dirlist == NULL);
2192 		goto err;
2193 	}
2194 
2195 	lens = 0;
2196 	for (i = 0; i < npaths; i++) {
2197 		lens += strlen(dirlist[i]) + 1;
2198 	}
2199 	lens++;		/* add one for double termination */
2200 
2201 	if (upaths) {
2202 		if (lens > ulens) {
2203 			ret = EAGAIN;
2204 			goto out;
2205 		}
2206 
2207 		paths = kmem_alloc(lens, KM_SLEEP);
2208 
2209 		p = paths;
2210 		for (i = 0; i < npaths; i++) {
2211 			n = strlen(dirlist[i]) + 1;
2212 			bcopy(dirlist[i], p, n);
2213 			p += n;
2214 		}
2215 		*p = 0;
2216 
2217 		if (copyout(paths, upaths, lens)) {
2218 			ret = EFAULT;
2219 			goto err;
2220 		}
2221 	}
2222 
2223 out:
2224 	/* copy out the amount of space needed to hold the paths */
2225 	if (copyout(&lens, ulensp, sizeof (lens)))
2226 		ret = EFAULT;
2227 
2228 err:
2229 	if (dirlist)
2230 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2231 	if (paths)
2232 		kmem_free(paths, lens);
2233 	kmem_free(dir, udirlen + 1);
2234 	return (ret);
2235 }
2236 
2237 static int
modctl_devemptydir(const char * udir,int udirlen,int * uempty)2238 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2239 {
2240 	char	*dir;
2241 	int	ret;
2242 	char	**dirlist = NULL;
2243 	int	npaths;
2244 	int	npaths_alloc;
2245 	int	empty;
2246 
2247 	/*
2248 	 * copyin the /dev path including terminating null
2249 	 */
2250 	udirlen++;
2251 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2252 		return (EINVAL);
2253 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2254 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2255 		goto err;
2256 
2257 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2258 	    &npaths, &npaths_alloc, 1)) != 0) {
2259 		goto err;
2260 	}
2261 
2262 	empty = npaths ? 0 : 1;
2263 	if (copyout(&empty, uempty, sizeof (empty)))
2264 		ret = EFAULT;
2265 
2266 err:
2267 	if (dirlist)
2268 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2269 	kmem_free(dir, udirlen + 1);
2270 	return (ret);
2271 }
2272 
2273 static int
modctl_hp(int subcmd,const char * path,char * cn_name,uintptr_t arg,uintptr_t rval)2274 modctl_hp(int subcmd, const char *path, char *cn_name, uintptr_t arg,
2275     uintptr_t rval)
2276 {
2277 	int error = 0;
2278 	size_t pathsz, namesz;
2279 	char *devpath, *cn_name_str;
2280 
2281 	if (path == NULL)
2282 		return (EINVAL);
2283 
2284 	devpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
2285 	error = copyinstr(path, devpath, MAXPATHLEN, &pathsz);
2286 	if (error != 0) {
2287 		kmem_free(devpath, MAXPATHLEN);
2288 		return (EFAULT);
2289 	}
2290 
2291 	cn_name_str = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2292 	error = copyinstr(cn_name, cn_name_str, MAXNAMELEN, &namesz);
2293 	if (error != 0) {
2294 		kmem_free(devpath, MAXPATHLEN);
2295 		kmem_free(cn_name_str, MAXNAMELEN);
2296 
2297 		return (EFAULT);
2298 	}
2299 
2300 	switch (subcmd) {
2301 	case MODHPOPS_CHANGE_STATE:
2302 		error = ddihp_modctl(DDI_HPOP_CN_CHANGE_STATE, devpath,
2303 		    cn_name_str, arg, NULL);
2304 		break;
2305 	case MODHPOPS_CREATE_PORT:
2306 		/* Create an empty PORT */
2307 		error = ddihp_modctl(DDI_HPOP_CN_CREATE_PORT, devpath,
2308 		    cn_name_str, NULL, NULL);
2309 		break;
2310 	case MODHPOPS_REMOVE_PORT:
2311 		/* Remove an empty PORT */
2312 		error = ddihp_modctl(DDI_HPOP_CN_REMOVE_PORT, devpath,
2313 		    cn_name_str, NULL, NULL);
2314 		break;
2315 	case MODHPOPS_BUS_GET:
2316 		error = ddihp_modctl(DDI_HPOP_CN_GET_PROPERTY, devpath,
2317 		    cn_name_str, arg, rval);
2318 		break;
2319 	case MODHPOPS_BUS_SET:
2320 		error = ddihp_modctl(DDI_HPOP_CN_SET_PROPERTY, devpath,
2321 		    cn_name_str, arg, rval);
2322 		break;
2323 	default:
2324 		error = ENOTSUP;
2325 		break;
2326 	}
2327 
2328 	kmem_free(devpath, MAXPATHLEN);
2329 	kmem_free(cn_name_str, MAXNAMELEN);
2330 
2331 	return (error);
2332 }
2333 
2334 int
modctl_moddevname(int subcmd,uintptr_t a1,uintptr_t a2)2335 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2336 {
2337 	int error = 0;
2338 
2339 	switch (subcmd) {
2340 	case MODDEVNAME_LOOKUPDOOR:
2341 		error = devname_filename_register((char *)a1);
2342 		break;
2343 	case MODDEVNAME_PROFILE:
2344 		error = devname_profile_update((char *)a1, (size_t)a2);
2345 		break;
2346 	case MODDEVNAME_RECONFIG:
2347 		i_ddi_set_reconfig();
2348 		break;
2349 	case MODDEVNAME_SYSAVAIL:
2350 		i_ddi_set_sysavail();
2351 		break;
2352 	default:
2353 		error = EINVAL;
2354 		break;
2355 	}
2356 
2357 	return (error);
2358 }
2359 
2360 /*ARGSUSED5*/
2361 int
modctl(int cmd,uintptr_t a1,uintptr_t a2,uintptr_t a3,uintptr_t a4,uintptr_t a5)2362 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2363     uintptr_t a5)
2364 {
2365 	int	error = EINVAL;
2366 	dev_t	dev;
2367 
2368 	if (secpolicy_modctl(CRED(), cmd) != 0)
2369 		return (set_errno(EPERM));
2370 
2371 	switch (cmd) {
2372 	case MODLOAD:		/* load a module */
2373 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2374 		break;
2375 
2376 	case MODUNLOAD:		/* unload a module */
2377 		error = modctl_modunload((modid_t)a1);
2378 		break;
2379 
2380 	case MODINFO:		/* get module status */
2381 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2382 		break;
2383 
2384 	case MODRESERVED:	/* get last major number in range */
2385 		error = modctl_modreserve((modid_t)a1, (int *)a2);
2386 		break;
2387 
2388 	case MODSETMINIROOT:	/* we are running in miniroot */
2389 		isminiroot = 1;
2390 		error = 0;
2391 		break;
2392 
2393 	case MODADDMAJBIND:	/* add major / driver alias bindings */
2394 		error = modctl_add_driver_aliases((int *)a2);
2395 		break;
2396 
2397 	case MODGETPATHLEN:	/* get modpath length */
2398 		error = modctl_getmodpathlen((int *)a2);
2399 		break;
2400 
2401 	case MODGETPATH:	/* get modpath */
2402 		error = modctl_getmodpath((char *)a2);
2403 		break;
2404 
2405 	case MODREADSYSBIND:	/* read system call binding file */
2406 		error = modctl_read_sysbinding_file();
2407 		break;
2408 
2409 	case MODGETMAJBIND:	/* get major number for named device */
2410 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2411 		break;
2412 
2413 	case MODGETNAME:	/* get name of device given major number */
2414 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2415 		break;
2416 
2417 	case MODDEVT2INSTANCE:
2418 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2419 			dev = (dev_t)a1;
2420 		}
2421 #ifdef _SYSCALL32_IMPL
2422 		else {
2423 			dev = expldev(a1);
2424 		}
2425 #endif
2426 		error = modctl_devt2instance(dev, (int *)a2);
2427 		break;
2428 
2429 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
2430 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2431 			dev = (dev_t)a1;
2432 		}
2433 #ifdef _SYSCALL32_IMPL
2434 		else {
2435 			dev = expldev(a1);
2436 		}
2437 #endif
2438 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
2439 		break;
2440 
2441 	case MODGETDEVID:	/* get device id of device given dev_t */
2442 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2443 			dev = (dev_t)a1;
2444 		}
2445 #ifdef _SYSCALL32_IMPL
2446 		else {
2447 			dev = expldev(a1);
2448 		}
2449 #endif
2450 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2451 		break;
2452 
2453 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm (dev_t,spectype) */
2454 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2455 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2456 			    (uint_t *)a3);
2457 		}
2458 #ifdef _SYSCALL32_IMPL
2459 		else {
2460 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2461 			    (uint_t *)a3);
2462 		}
2463 
2464 #endif
2465 		break;
2466 
2467 	case MODGETMINORNAME:		/* get minor name of (dev_t,spectype) */
2468 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2469 			error = modctl_get_minorname((dev_t)a1, (int)a2,
2470 			    (uint_t)a3, (char *)a4);
2471 		}
2472 #ifdef _SYSCALL32_IMPL
2473 		else {
2474 			error = modctl_get_minorname(expldev(a1), (int)a2,
2475 			    (uint_t)a3, (char *)a4);
2476 		}
2477 #endif
2478 		break;
2479 
2480 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of (dev_t,spectype) */
2481 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2482 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
2483 			    (uint_t *)a3);
2484 		}
2485 #ifdef _SYSCALL32_IMPL
2486 		else {
2487 			error = modctl_devfspath_len(expldev(a1), (int)a2,
2488 			    (uint_t *)a3);
2489 		}
2490 
2491 #endif
2492 		break;
2493 
2494 	case MODGETDEVFSPATH:		/* get path name of (dev_t,spec) type */
2495 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2496 			error = modctl_devfspath((dev_t)a1, (int)a2,
2497 			    (uint_t)a3, (char *)a4);
2498 		}
2499 #ifdef _SYSCALL32_IMPL
2500 		else {
2501 			error = modctl_devfspath(expldev(a1), (int)a2,
2502 			    (uint_t)a3, (char *)a4);
2503 		}
2504 #endif
2505 		break;
2506 
2507 	case MODGETDEVFSPATH_MI_LEN:	/* sizeof path nm of (major,instance) */
2508 		error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2509 		    (uint_t *)a3);
2510 		break;
2511 
2512 	case MODGETDEVFSPATH_MI:	/* get path name of (major,instance) */
2513 		error = modctl_devfspath_mi((major_t)a1, (int)a2,
2514 		    (uint_t)a3, (char *)a4);
2515 		break;
2516 
2517 
2518 	case MODEVENTS:
2519 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2520 		break;
2521 
2522 	case MODGETFBNAME:	/* get the framebuffer name */
2523 		error = modctl_get_fbname((char *)a1);
2524 		break;
2525 
2526 	case MODREREADDACF:	/* reread dacf rule database from given file */
2527 		error = modctl_reread_dacf((char *)a1);
2528 		break;
2529 
2530 	case MODLOADDRVCONF:	/* load driver.conf file for major */
2531 		error = modctl_load_drvconf((major_t)a1, (int)a2);
2532 		break;
2533 
2534 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
2535 		error = modctl_unload_drvconf((major_t)a1);
2536 		break;
2537 
2538 	case MODREMMAJBIND:	/* remove a major binding */
2539 		error = modctl_rem_major((major_t)a1);
2540 		break;
2541 
2542 	case MODREMDRVALIAS:	/* remove a major/alias binding */
2543 		error = modctl_remove_driver_aliases((int *)a2);
2544 		break;
2545 
2546 	case MODDEVID2PATHS:	/* get paths given devid */
2547 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2548 		    (uint_t)a3, (size_t *)a4, (char *)a5);
2549 		break;
2550 
2551 	case MODSETDEVPOLICY:	/* establish device policy */
2552 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2553 		break;
2554 
2555 	case MODGETDEVPOLICY:	/* get device policy */
2556 		error = devpolicy_get((int *)a1, (size_t)a2,
2557 		    (devplcysys_t *)a3);
2558 		break;
2559 
2560 	case MODALLOCPRIV:
2561 		error = modctl_allocpriv((const char *)a1);
2562 		break;
2563 
2564 	case MODGETDEVPOLICYBYNAME:
2565 		error = devpolicy_getbyname((size_t)a1,
2566 		    (devplcysys_t *)a2, (char *)a3);
2567 		break;
2568 
2569 	case MODLOADMINORPERM:
2570 	case MODADDMINORPERM:
2571 	case MODREMMINORPERM:
2572 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2573 		break;
2574 
2575 	case MODREMDRVCLEANUP:
2576 		error = modctl_remdrv_cleanup((const char *)a1);
2577 		break;
2578 
2579 	case MODDEVEXISTS:	/* non-reconfiguring /dev lookup */
2580 		error = modctl_devexists((const char *)a1, (size_t)a2);
2581 		break;
2582 
2583 	case MODDEVREADDIR:	/* non-reconfiguring /dev readdir */
2584 		error = modctl_devreaddir((const char *)a1, (size_t)a2,
2585 		    (char *)a3, (int64_t *)a4);
2586 		break;
2587 
2588 	case MODDEVEMPTYDIR:	/* non-reconfiguring /dev emptydir */
2589 		error = modctl_devemptydir((const char *)a1, (size_t)a2,
2590 		    (int *)a3);
2591 		break;
2592 
2593 	case MODDEVNAME:
2594 		error = modctl_moddevname((int)a1, a2, a3);
2595 		break;
2596 
2597 	case MODRETIRE:	/* retire device named by physpath a1 */
2598 		error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2599 		break;
2600 
2601 	case MODISRETIRED:  /* check if a device is retired. */
2602 		error = modctl_is_retired((char *)a1, (int *)a2);
2603 		break;
2604 
2605 	case MODUNRETIRE:	/* unretire device named by physpath a1 */
2606 		error = modctl_unretire((char *)a1);
2607 		break;
2608 
2609 	case MODHPOPS:	/* hotplug operations */
2610 		/* device named by physpath a2 and Connection name a3 */
2611 		error = modctl_hp((int)a1, (char *)a2, (char *)a3, a4, a5);
2612 		break;
2613 
2614 	default:
2615 		error = EINVAL;
2616 		break;
2617 	}
2618 
2619 	return (error ? set_errno(error) : 0);
2620 }
2621 
2622 /*
2623  * Calls to kobj_load_module()() are handled off to this routine in a
2624  * separate thread.
2625  */
2626 static void
modload_thread(struct loadmt * ltp)2627 modload_thread(struct loadmt *ltp)
2628 {
2629 	/* load the module and signal the creator of this thread */
2630 	kmutex_t	cpr_lk;
2631 	callb_cpr_t	cpr_i;
2632 
2633 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2634 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2635 	/* borrow the devi lock from thread which invoked us */
2636 	pm_borrow_lock(ltp->owner);
2637 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2638 	pm_return_lock();
2639 	sema_v(&ltp->sema);
2640 	mutex_enter(&cpr_lk);
2641 	CALLB_CPR_EXIT(&cpr_i);
2642 	mutex_destroy(&cpr_lk);
2643 	thread_exit();
2644 }
2645 
2646 /*
2647  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2648  * is specified then an errno is returned, otherwise a module index is
2649  * returned (-1 on error).
2650  */
2651 static int
modrload(const char * subdir,const char * filename,struct modctl ** rmodp)2652 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2653 {
2654 	struct modctl *modp;
2655 	size_t size;
2656 	char *fullname;
2657 	int retval = EINVAL;
2658 	int id = -1;
2659 
2660 	if (rmodp)
2661 		*rmodp = NULL;			/* avoid garbage */
2662 
2663 	if (subdir != NULL) {
2664 		/*
2665 		 * refuse / in filename to prevent "../" escapes.
2666 		 */
2667 		if (strchr(filename, '/') != NULL)
2668 			return (rmodp ? retval : id);
2669 
2670 		/*
2671 		 * allocate enough space for <subdir>/<filename><NULL>
2672 		 */
2673 		size = strlen(subdir) + strlen(filename) + 2;
2674 		fullname = kmem_zalloc(size, KM_SLEEP);
2675 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2676 	} else {
2677 		fullname = (char *)filename;
2678 	}
2679 
2680 	modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2681 	if (modp != NULL) {
2682 		id = modp->mod_id;
2683 		if (rmodp) {
2684 			/* add mod_ref and return *rmodp */
2685 			mutex_enter(&mod_lock);
2686 			modp->mod_ref++;
2687 			mutex_exit(&mod_lock);
2688 			*rmodp = modp;
2689 		}
2690 		mod_release_mod(modp);
2691 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
2692 	}
2693 
2694 done:	if (subdir != NULL)
2695 		kmem_free(fullname, size);
2696 	return (rmodp ? retval : id);
2697 }
2698 
2699 /*
2700  * This is the primary kernel interface to load a module. It loads and
2701  * installs the named module.  It does not hold mod_ref of the module, so
2702  * a module unload attempt can occur at any time - it is up to the
2703  * _fini/mod_remove implementation to determine if unload will succeed.
2704  */
2705 int
modload(const char * subdir,const char * filename)2706 modload(const char *subdir, const char *filename)
2707 {
2708 	return (modrload(subdir, filename, NULL));
2709 }
2710 
2711 /*
2712  * Load a module using a series of qualified names from most specific to least
2713  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2714  *			Value returned in *chosen
2715  * foo/bar.baz.1.2.3	3
2716  * foo/bar.baz.1.2	2
2717  * foo/bar.baz.1	1
2718  * foo/bar.baz		0
2719  *
2720  * Return the module ID on success; -1 if no module was loaded.  On success
2721  * and if 'chosen' is not NULL we also return the number of suffices that
2722  * were in the module we chose to load.
2723  */
2724 int
modload_qualified(const char * subdir,const char * p1,const char * p2,const char * delim,uint_t suffv[],int suffc,int * chosen)2725 modload_qualified(const char *subdir, const char *p1,
2726     const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2727 {
2728 	char path[MOD_MAXPATH];
2729 	size_t n, resid = sizeof (path);
2730 	char *p = path;
2731 
2732 	char **dotv;
2733 	int i, rc, id;
2734 	modctl_t *mp;
2735 
2736 	if (p2 != NULL)
2737 		n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2738 	else
2739 		n = snprintf(p, resid, "%s/%s", subdir, p1);
2740 
2741 	if (n >= resid)
2742 		return (-1);
2743 
2744 	p += n;
2745 	resid -= n;
2746 	dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2747 
2748 	for (i = 0; i < suffc; i++) {
2749 		dotv[i] = p;
2750 		n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2751 
2752 		if (n >= resid) {
2753 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2754 			return (-1);
2755 		}
2756 
2757 		p += n;
2758 		resid -= n;
2759 	}
2760 
2761 	dotv[suffc] = p;
2762 
2763 	for (i = suffc; i >= 0; i--) {
2764 		dotv[i][0] = '\0';
2765 		mp = mod_hold_installed_mod(path, 1, 1, &rc);
2766 
2767 		if (mp != NULL) {
2768 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2769 			id = mp->mod_id;
2770 			mod_release_mod(mp);
2771 			if (chosen != NULL)
2772 				*chosen = i;
2773 			return (id);
2774 		}
2775 	}
2776 
2777 	kmem_free(dotv, sizeof (char *) * (suffc + 1));
2778 	return (-1);
2779 }
2780 
2781 /*
2782  * Load a module.
2783  */
2784 int
modloadonly(const char * subdir,const char * filename)2785 modloadonly(const char *subdir, const char *filename)
2786 {
2787 	struct modctl *modp;
2788 	char *fullname;
2789 	size_t size;
2790 	int id, retval;
2791 
2792 	if (subdir != NULL) {
2793 		/*
2794 		 * allocate enough space for <subdir>/<filename><NULL>
2795 		 */
2796 		size = strlen(subdir) + strlen(filename) + 2;
2797 		fullname = kmem_zalloc(size, KM_SLEEP);
2798 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2799 	} else {
2800 		fullname = (char *)filename;
2801 	}
2802 
2803 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2804 	if (modp) {
2805 		id = modp->mod_id;
2806 		mod_release_mod(modp);
2807 	}
2808 
2809 	if (subdir != NULL)
2810 		kmem_free(fullname, size);
2811 
2812 	if (retval == 0)
2813 		return (id);
2814 	return (-1);
2815 }
2816 
2817 /*
2818  * Try to uninstall and unload a module, removing a reference if caller
2819  * specifies rmodp.
2820  */
2821 static int
modunrload(modid_t id,struct modctl ** rmodp,int unload)2822 modunrload(modid_t id, struct modctl **rmodp, int unload)
2823 {
2824 	struct modctl	*modp;
2825 	int		retval;
2826 
2827 	if (rmodp)
2828 		*rmodp = NULL;			/* avoid garbage */
2829 
2830 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2831 		return (EINVAL);
2832 
2833 	if (rmodp) {
2834 		mutex_enter(&mod_lock);
2835 		modp->mod_ref--;
2836 		if (modp->mod_ref == 0)
2837 			mod_uninstall_ref_zero++;
2838 		mutex_exit(&mod_lock);
2839 		*rmodp = modp;
2840 	}
2841 
2842 	if (unload) {
2843 		retval = moduninstall(modp);
2844 		if (retval == 0) {
2845 			mod_unload(modp);
2846 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2847 		} else if (retval == EALREADY)
2848 			retval = 0;	/* already unloaded, not an error */
2849 	} else
2850 		retval = 0;
2851 
2852 	mod_release_mod(modp);
2853 	return (retval);
2854 }
2855 
2856 /*
2857  * Uninstall and unload a module.
2858  */
2859 int
modunload(modid_t id)2860 modunload(modid_t id)
2861 {
2862 	int		retval;
2863 
2864 	/* synchronize with any active modunload_disable() */
2865 	modunload_begin();
2866 	if (ddi_root_node())
2867 		(void) devfs_clean(ddi_root_node(), NULL, 0);
2868 	retval = modunrload(id, NULL, 1);
2869 	modunload_end();
2870 	return (retval);
2871 }
2872 
2873 /*
2874  * Return status of a loaded module.
2875  */
2876 static int
modinfo(modid_t id,struct modinfo * modinfop)2877 modinfo(modid_t id, struct modinfo *modinfop)
2878 {
2879 	struct modctl	*modp;
2880 	modid_t		mid;
2881 	int		i;
2882 
2883 	mid = modinfop->mi_id;
2884 	if (modinfop->mi_info & MI_INFO_ALL) {
2885 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2886 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2887 			    modp->mod_installed)
2888 				break;
2889 			mod_release_mod(modp);
2890 		}
2891 		if (modp == NULL)
2892 			return (EINVAL);
2893 	} else {
2894 		modp = mod_hold_by_id(id);
2895 		if (modp == NULL)
2896 			return (EINVAL);
2897 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2898 		    (modp->mod_installed == 0)) {
2899 			mod_release_mod(modp);
2900 			return (EINVAL);
2901 		}
2902 	}
2903 
2904 	modinfop->mi_rev = 0;
2905 	modinfop->mi_state = 0;
2906 	for (i = 0; i < MODMAXLINK; i++) {
2907 		modinfop->mi_msinfo[i].msi_p0 = -1;
2908 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2909 	}
2910 	if (modp->mod_loaded) {
2911 		modinfop->mi_state = MI_LOADED;
2912 		kobj_getmodinfo(modp->mod_mp, modinfop);
2913 	}
2914 	if (modp->mod_installed) {
2915 		modinfop->mi_state |= MI_INSTALLED;
2916 
2917 		(void) mod_getinfo(modp, modinfop);
2918 	}
2919 
2920 	modinfop->mi_id = modp->mod_id;
2921 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2922 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2923 
2924 	mod_release_mod(modp);
2925 	return (0);
2926 }
2927 
2928 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2929 static char no_err[] = "No error function for weak stub %s";
2930 
2931 /*
2932  * used by the stubs themselves to load and hold a module.
2933  * Returns  0 if the module is successfully held;
2934  *	    the stub needs to call mod_release_stub().
2935  *	    -1 if the stub should just call the err_fcn.
2936  * Note that this code is stretched out so that we avoid subroutine calls
2937  * and optimize for the most likely case.  That is, the case where the
2938  * module is loaded and installed and not held.  In that case we just inc
2939  * the mod_ref count and continue.
2940  */
2941 int
mod_hold_stub(struct mod_stub_info * stub)2942 mod_hold_stub(struct mod_stub_info *stub)
2943 {
2944 	struct modctl *mp;
2945 	struct mod_modinfo *mip;
2946 
2947 	mip = stub->mods_modinfo;
2948 
2949 	mutex_enter(&mod_lock);
2950 
2951 	/* we do mod_hold_by_modctl inline for speed */
2952 
2953 mod_check_again:
2954 	if ((mp = mip->mp) != NULL) {
2955 		if (mp->mod_busy == 0) {
2956 			if (mp->mod_installed) {
2957 				/* increment the reference count */
2958 				mp->mod_ref++;
2959 				ASSERT(mp->mod_ref && mp->mod_installed);
2960 				mutex_exit(&mod_lock);
2961 				return (0);
2962 			} else {
2963 				mp->mod_busy = 1;
2964 				mp->mod_inprogress_thread =
2965 				    (curthread == NULL ?
2966 				    (kthread_id_t)-1 : curthread);
2967 			}
2968 		} else {
2969 			/*
2970 			 * wait one time and then go see if someone
2971 			 * else has resolved the stub (set mip->mp).
2972 			 */
2973 			if (mod_hold_by_modctl(mp,
2974 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2975 				goto mod_check_again;
2976 
2977 			/*
2978 			 * what we have now may have been unloaded!, in
2979 			 * that case, mip->mp will be NULL, we'll hit this
2980 			 * module and load again..
2981 			 */
2982 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2983 		}
2984 		mutex_exit(&mod_lock);
2985 	} else {
2986 		/* first time we've hit this module */
2987 		mutex_exit(&mod_lock);
2988 		mp = mod_hold_by_name(mip->modm_module_name);
2989 		mip->mp = mp;
2990 	}
2991 
2992 	/*
2993 	 * If we are here, it means that the following conditions
2994 	 * are satisfied.
2995 	 *
2996 	 * mip->mp != NULL
2997 	 * this thread has set the mp->mod_busy = 1
2998 	 * mp->mod_installed = 0
2999 	 *
3000 	 */
3001 	ASSERT(mp != NULL);
3002 	ASSERT(mp->mod_busy == 1);
3003 
3004 	if (mp->mod_installed == 0) {
3005 		/* Module not loaded, if weak stub don't load it */
3006 		if (stub->mods_flag & MODS_WEAK) {
3007 			if (stub->mods_errfcn == NULL) {
3008 				mod_release_mod(mp);
3009 				cmn_err(CE_PANIC, no_err,
3010 				    mip->modm_module_name);
3011 			}
3012 		} else {
3013 			/* Not a weak stub so load the module */
3014 
3015 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
3016 				/*
3017 				 * If mod_load() was successful
3018 				 * and modinstall() failed, then
3019 				 * unload the module.
3020 				 */
3021 				if (mp->mod_loaded)
3022 					mod_unload(mp);
3023 
3024 				mod_release_mod(mp);
3025 				if (stub->mods_errfcn == NULL) {
3026 					cmn_err(CE_PANIC, mod_stub_err,
3027 					    mip->modm_module_name);
3028 				} else {
3029 					return (-1);
3030 				}
3031 			}
3032 		}
3033 	}
3034 
3035 	/*
3036 	 * At this point module is held and loaded. Release
3037 	 * the mod_busy and mod_inprogress_thread before
3038 	 * returning. We actually call mod_release() here so
3039 	 * that if another stub wants to access this module,
3040 	 * it can do so. mod_ref is incremented before mod_release()
3041 	 * is called to prevent someone else from snatching the
3042 	 * module from this thread.
3043 	 */
3044 	mutex_enter(&mod_lock);
3045 	mp->mod_ref++;
3046 	ASSERT(mp->mod_ref &&
3047 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3048 	mod_release(mp);
3049 	mutex_exit(&mod_lock);
3050 	return (0);
3051 }
3052 
3053 void
mod_release_stub(struct mod_stub_info * stub)3054 mod_release_stub(struct mod_stub_info *stub)
3055 {
3056 	struct modctl *mp = stub->mods_modinfo->mp;
3057 
3058 	/* inline mod_release_mod */
3059 	mutex_enter(&mod_lock);
3060 	ASSERT(mp->mod_ref &&
3061 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3062 	mp->mod_ref--;
3063 	if (mp->mod_ref == 0)
3064 		mod_uninstall_ref_zero++;
3065 	if (mp->mod_want) {
3066 		mp->mod_want = 0;
3067 		cv_broadcast(&mod_cv);
3068 	}
3069 	mutex_exit(&mod_lock);
3070 }
3071 
3072 static struct modctl *
mod_hold_loaded_mod(struct modctl * dep,char * filename,int * status)3073 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
3074 {
3075 	struct modctl *modp;
3076 	int retval;
3077 
3078 	/*
3079 	 * Hold the module.
3080 	 */
3081 	modp = mod_hold_by_name_requisite(dep, filename);
3082 	if (modp) {
3083 		retval = mod_load(modp, 1);
3084 		if (retval != 0) {
3085 			mod_release_mod(modp);
3086 			modp = NULL;
3087 		}
3088 		*status = retval;
3089 	} else {
3090 		*status = ENOSPC;
3091 	}
3092 
3093 	/*
3094 	 * if dep is not NULL, clear the module dependency information.
3095 	 * This information is set in mod_hold_by_name_common().
3096 	 */
3097 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
3098 		ASSERT(dep->mod_busy);
3099 		dep->mod_requisite_loading = NULL;
3100 	}
3101 
3102 	return (modp);
3103 }
3104 
3105 /*
3106  * hold, load, and install the named module
3107  */
3108 static struct modctl *
mod_hold_installed_mod(char * name,int usepath,int forcecheck,int * r)3109 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3110 {
3111 	struct modctl *modp;
3112 	int retval;
3113 
3114 	/*
3115 	 * Verify that that module in question actually exists on disk
3116 	 * before allocation of module structure by mod_hold_by_name.
3117 	 */
3118 	if (modrootloaded && swaploaded || forcecheck) {
3119 		if (!kobj_path_exists(name, usepath)) {
3120 			*r = ENOENT;
3121 			return (NULL);
3122 		}
3123 	}
3124 
3125 	/*
3126 	 * Hold the module.
3127 	 */
3128 	modp = mod_hold_by_name(name);
3129 	if (modp) {
3130 		retval = mod_load(modp, usepath);
3131 		if (retval != 0) {
3132 			mod_release_mod(modp);
3133 			modp = NULL;
3134 			*r = retval;
3135 		} else {
3136 			if ((*r = modinstall(modp)) != 0) {
3137 				/*
3138 				 * We loaded it, but failed to _init() it.
3139 				 * Be kind to developers -- force it
3140 				 * out of memory now so that the next
3141 				 * attempt to use the module will cause
3142 				 * a reload.  See 1093793.
3143 				 */
3144 				mod_unload(modp);
3145 				mod_release_mod(modp);
3146 				modp = NULL;
3147 			}
3148 		}
3149 	} else {
3150 		*r = ENOSPC;
3151 	}
3152 	return (modp);
3153 }
3154 
3155 static char mod_excl_msg[] =
3156 	"module %s(%s) is EXCLUDED and will not be loaded\n";
3157 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3158 
3159 /*
3160  * This routine is needed for dependencies.  Users specify dependencies
3161  * by declaring a character array initialized to filenames of dependents.
3162  * So the code that handles dependents deals with filenames (and not
3163  * module names) because that's all it has.  We load by filename and once
3164  * we've loaded a file we can get the module name.
3165  * Unfortunately there isn't a single unified filename/modulename namespace.
3166  * C'est la vie.
3167  *
3168  * We allow the name being looked up to be prepended by an optional
3169  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3170  */
3171 struct modctl *
mod_find_by_filename(char * subdir,char * filename)3172 mod_find_by_filename(char *subdir, char *filename)
3173 {
3174 	struct modctl	*mp;
3175 	size_t		sublen;
3176 
3177 	ASSERT(!MUTEX_HELD(&mod_lock));
3178 	if (subdir != NULL)
3179 		sublen = strlen(subdir);
3180 	else
3181 		sublen = 0;
3182 
3183 	mutex_enter(&mod_lock);
3184 	mp = &modules;
3185 	do {
3186 		if (sublen) {
3187 			char *mod_filename = mp->mod_filename;
3188 
3189 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
3190 			    mod_filename[sublen] == '/' &&
3191 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3192 				mutex_exit(&mod_lock);
3193 				return (mp);
3194 			}
3195 		} else if (strcmp(filename, mp->mod_filename) == 0) {
3196 			mutex_exit(&mod_lock);
3197 			return (mp);
3198 		}
3199 	} while ((mp = mp->mod_next) != &modules);
3200 	mutex_exit(&mod_lock);
3201 	return (NULL);
3202 }
3203 
3204 /*
3205  * Check for circular dependencies.  This is called from do_dependents()
3206  * in kobj.c.  If we are the thread already loading this module, then
3207  * we're trying to load a dependent that we're already loading which
3208  * means the user specified circular dependencies.
3209  */
3210 static int
mod_circdep(struct modctl * modp)3211 mod_circdep(struct modctl *modp)
3212 {
3213 	struct modctl	*rmod;
3214 
3215 	ASSERT(MUTEX_HELD(&mod_lock));
3216 
3217 	/*
3218 	 * Check the mod_inprogress_thread first.
3219 	 * mod_inprogress_thread is used in mod_hold_stub()
3220 	 * directly to improve performance.
3221 	 */
3222 	if (modp->mod_inprogress_thread == curthread)
3223 		return (1);
3224 
3225 	/*
3226 	 * Check the module circular dependencies.
3227 	 */
3228 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3229 		/*
3230 		 * Check if there is a module circular dependency.
3231 		 */
3232 		if (rmod->mod_requisite_loading == modp)
3233 			return (1);
3234 	}
3235 	return (0);
3236 }
3237 
3238 static int
mod_getinfo(struct modctl * modp,struct modinfo * modinfop)3239 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3240 {
3241 	int (*func)(struct modinfo *);
3242 	int retval;
3243 
3244 	ASSERT(modp->mod_busy);
3245 
3246 	/* primary modules don't do getinfo */
3247 	if (modp->mod_prim)
3248 		return (0);
3249 
3250 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3251 
3252 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3253 		cmn_err(CE_WARN, "_info() not defined properly in %s",
3254 		    modp->mod_filename);
3255 		/*
3256 		 * The semantics of mod_info(9F) are that 0 is failure
3257 		 * and non-zero is success.
3258 		 */
3259 		retval = 0;
3260 	} else
3261 		retval = (*func)(modinfop);	/* call _info() function */
3262 
3263 	if (moddebug & MODDEBUG_USERDEBUG)
3264 		printf("Returned from _info, retval = %x\n", retval);
3265 
3266 	return (retval);
3267 }
3268 
3269 static void
modadd(struct modctl * mp)3270 modadd(struct modctl *mp)
3271 {
3272 	ASSERT(MUTEX_HELD(&mod_lock));
3273 
3274 	mp->mod_id = last_module_id++;
3275 	mp->mod_next = &modules;
3276 	mp->mod_prev = modules.mod_prev;
3277 	modules.mod_prev->mod_next = mp;
3278 	modules.mod_prev = mp;
3279 }
3280 
3281 /*ARGSUSED*/
3282 static struct modctl *
allocate_modp(const char * filename,const char * modname)3283 allocate_modp(const char *filename, const char *modname)
3284 {
3285 	struct modctl *mp;
3286 
3287 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3288 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3289 	(void) strcpy(mp->mod_modname, modname);
3290 	return (mp);
3291 }
3292 
3293 /*
3294  * Get the value of a symbol.  This is a wrapper routine that
3295  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3296  * wrapper will prevent callers from noticing.
3297  */
3298 uintptr_t
modgetsymvalue(char * name,int kernelonly)3299 modgetsymvalue(char *name, int kernelonly)
3300 {
3301 	return (kobj_getsymvalue(name, kernelonly));
3302 }
3303 
3304 /*
3305  * Get the symbol nearest an address.  This is a wrapper routine that
3306  * calls kobj_getsymname().  kobj_getsymname() may go away but this
3307  * wrapper will prevent callers from noticing.
3308  */
3309 char *
modgetsymname(uintptr_t value,ulong_t * offset)3310 modgetsymname(uintptr_t value, ulong_t *offset)
3311 {
3312 	return (kobj_getsymname(value, offset));
3313 }
3314 
3315 /*
3316  * Lookup a symbol in a specified module.  These are wrapper routines that
3317  * call kobj_lookup().	kobj_lookup() may go away but these wrappers will
3318  * prevent callers from noticing.
3319  */
3320 uintptr_t
modlookup(const char * modname,const char * symname)3321 modlookup(const char *modname, const char *symname)
3322 {
3323 	struct modctl *modp;
3324 	uintptr_t val;
3325 
3326 	if ((modp = mod_hold_by_name(modname)) == NULL)
3327 		return (0);
3328 	val = kobj_lookup(modp->mod_mp, symname);
3329 	mod_release_mod(modp);
3330 	return (val);
3331 }
3332 
3333 uintptr_t
modlookup_by_modctl(modctl_t * modp,const char * symname)3334 modlookup_by_modctl(modctl_t *modp, const char *symname)
3335 {
3336 	ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3337 
3338 	return (kobj_lookup(modp->mod_mp, symname));
3339 }
3340 
3341 /*
3342  * Ask the user for the name of the system file and the default path
3343  * for modules.
3344  */
3345 void
mod_askparams()3346 mod_askparams()
3347 {
3348 	static char s0[64];
3349 	intptr_t fd;
3350 
3351 	if ((fd = kobj_open(systemfile)) != -1L)
3352 		kobj_close(fd);
3353 	else
3354 		systemfile = NULL;
3355 
3356 	/*CONSTANTCONDITION*/
3357 	while (1) {
3358 		printf("Name of system file [%s]:  ",
3359 		    systemfile ? systemfile : "/dev/null");
3360 
3361 		console_gets(s0, sizeof (s0));
3362 
3363 		if (s0[0] == '\0')
3364 			break;
3365 		else if (strcmp(s0, "/dev/null") == 0) {
3366 			systemfile = NULL;
3367 			break;
3368 		} else {
3369 			if ((fd = kobj_open(s0)) != -1L) {
3370 				kobj_close(fd);
3371 				systemfile = s0;
3372 				break;
3373 			}
3374 		}
3375 		printf("can't find file %s\n", s0);
3376 	}
3377 }
3378 
3379 static char loading_msg[] = "loading '%s' id %d\n";
3380 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3381 
3382 /*
3383  * Common code for loading a module (but not installing it).
3384  * Handoff the task of module loading to a separate thread
3385  * with a large stack if possible, since this code may recurse a few times.
3386  * Return zero if there are no errors or an errno value.
3387  */
3388 static int
mod_load(struct modctl * mp,int usepath)3389 mod_load(struct modctl *mp, int usepath)
3390 {
3391 	int		retval;
3392 	struct modinfo	*modinfop = NULL;
3393 	struct loadmt	lt;
3394 
3395 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3396 	ASSERT(mp->mod_busy);
3397 
3398 	if (mp->mod_loaded)
3399 		return (0);
3400 
3401 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3402 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3403 		if (moddebug & MODDEBUG_LOADMSG) {
3404 			printf(mod_excl_msg, mp->mod_filename,
3405 			    mp->mod_modname);
3406 		}
3407 		return (ENXIO);
3408 	}
3409 	if (moddebug & MODDEBUG_LOADMSG2)
3410 		printf(loading_msg, mp->mod_filename, mp->mod_id);
3411 
3412 	if (curthread != &t0) {
3413 		lt.mp = mp;
3414 		lt.usepath = usepath;
3415 		lt.owner = curthread;
3416 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3417 
3418 		/* create thread to hand of call to */
3419 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
3420 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3421 
3422 		/* wait for thread to complete kobj_load_module */
3423 		sema_p(&lt.sema);
3424 
3425 		sema_destroy(&lt.sema);
3426 		retval = lt.retval;
3427 	} else
3428 		retval = kobj_load_module(mp, usepath);
3429 
3430 	if (mp->mod_mp) {
3431 		ASSERT(retval == 0);
3432 		mp->mod_loaded = 1;
3433 		mp->mod_loadcnt++;
3434 		if (moddebug & MODDEBUG_LOADMSG) {
3435 			printf(load_msg, mp->mod_filename, mp->mod_id,
3436 			    (void *)((struct module *)mp->mod_mp)->text,
3437 			    (void *)((struct module *)mp->mod_mp)->data,
3438 			    ((struct module *)mp->mod_mp)->text_size,
3439 			    ((struct module *)mp->mod_mp)->data_size);
3440 		}
3441 
3442 		/*
3443 		 * XXX - There should be a better way to get this.
3444 		 */
3445 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3446 		modinfop->mi_info = MI_INFO_LINKAGE;
3447 		if (mod_getinfo(mp, modinfop) == 0)
3448 			mp->mod_linkage = NULL;
3449 		else {
3450 			mp->mod_linkage = (void *)modinfop->mi_base;
3451 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3452 		}
3453 
3454 		/*
3455 		 * DCS: bootstrapping code. If the driver is loaded
3456 		 * before root mount, it is assumed that the driver
3457 		 * may be used before mounting root. In order to
3458 		 * access mappings of global to local minor no.'s
3459 		 * during installation/open of the driver, we load
3460 		 * them into memory here while the BOP_interfaces
3461 		 * are still up.
3462 		 */
3463 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3464 			retval = clboot_modload(mp);
3465 		}
3466 
3467 		kmem_free(modinfop, sizeof (struct modinfo));
3468 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3469 		retval = install_stubs_by_name(mp, mp->mod_modname);
3470 
3471 		/*
3472 		 * Now that the module is loaded, we need to give DTrace
3473 		 * a chance to notify its providers.  This is done via
3474 		 * the dtrace_modload function pointer.
3475 		 */
3476 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
3477 			struct modctl *dmp = mod_hold_by_name("dtrace");
3478 
3479 			if (dmp != NULL && dtrace_modload != NULL)
3480 				(*dtrace_modload)(mp);
3481 
3482 			mod_release_mod(dmp);
3483 		}
3484 
3485 	} else {
3486 		/*
3487 		 * If load failed then we need to release any requisites
3488 		 * that we had established.
3489 		 */
3490 		ASSERT(retval);
3491 		mod_release_requisites(mp);
3492 
3493 		if (moddebug & MODDEBUG_ERRMSG)
3494 			printf("error loading '%s', error %d\n",
3495 			    mp->mod_filename, retval);
3496 	}
3497 	return (retval);
3498 }
3499 
3500 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3501 
3502 static void
mod_unload(struct modctl * mp)3503 mod_unload(struct modctl *mp)
3504 {
3505 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3506 	ASSERT(mp->mod_busy);
3507 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3508 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3509 
3510 	if (moddebug & MODDEBUG_LOADMSG)
3511 		printf(unload_msg, mp->mod_modname,
3512 		    mp->mod_id, mp->mod_loadcnt);
3513 
3514 	/*
3515 	 * If mod_ref is not zero, it means some modules might still refer
3516 	 * to this module. Then you can't unload this module right now.
3517 	 * Instead, set 1 to mod_delay_unload to notify the system of
3518 	 * unloading this module later when it's not required any more.
3519 	 */
3520 	if (mp->mod_ref > 0) {
3521 		mp->mod_delay_unload = 1;
3522 		if (moddebug & MODDEBUG_LOADMSG2) {
3523 			printf("module %s not unloaded,"
3524 			    " non-zero reference count (%d)",
3525 			    mp->mod_modname, mp->mod_ref);
3526 		}
3527 		return;
3528 	}
3529 
3530 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3531 	    (mp->mod_ref || mp->mod_prim)) {
3532 		/*
3533 		 * A DEBUG kernel would ASSERT panic above, the code is broken
3534 		 * if we get this warning.
3535 		 */
3536 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3537 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3538 		    mp->mod_ref);
3539 		return;
3540 	}
3541 
3542 	/* reset stub functions to call the binder again */
3543 	reset_stubs(mp);
3544 
3545 	/*
3546 	 * mark module as unloaded before the modctl structure is freed.
3547 	 * This is required not to reuse the modctl structure before
3548 	 * the module is marked as unloaded.
3549 	 */
3550 	mp->mod_loaded = 0;
3551 	mp->mod_linkage = NULL;
3552 
3553 	/* free the memory */
3554 	kobj_unload_module(mp);
3555 
3556 	if (mp->mod_delay_unload) {
3557 		mp->mod_delay_unload = 0;
3558 		if (moddebug & MODDEBUG_LOADMSG2) {
3559 			printf("deferred unload of module %s"
3560 			    " (id %d) successful",
3561 			    mp->mod_modname, mp->mod_id);
3562 		}
3563 	}
3564 
3565 	/* release hold on requisites */
3566 	mod_release_requisites(mp);
3567 
3568 	/*
3569 	 * Now that the module is gone, we need to give DTrace a chance to
3570 	 * remove any probes that it may have had in the module.  This is
3571 	 * done via the dtrace_modunload function pointer.
3572 	 */
3573 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
3574 		struct modctl *dmp = mod_hold_by_name("dtrace");
3575 
3576 		if (dmp != NULL && dtrace_modunload != NULL)
3577 			(*dtrace_modunload)(mp);
3578 
3579 		mod_release_mod(dmp);
3580 	}
3581 }
3582 
3583 static int
modinstall(struct modctl * mp)3584 modinstall(struct modctl *mp)
3585 {
3586 	int val;
3587 	int (*func)(void);
3588 
3589 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3590 	ASSERT(mp->mod_busy && mp->mod_loaded);
3591 
3592 	if (mp->mod_installed)
3593 		return (0);
3594 	/*
3595 	 * If mod_delay_unload is on, it means the system chose the deferred
3596 	 * unload for this module. Then you can't install this module until
3597 	 * it's unloaded from the system.
3598 	 */
3599 	if (mp->mod_delay_unload)
3600 		return (ENXIO);
3601 
3602 	if (moddebug & MODDEBUG_LOADMSG)
3603 		printf("installing %s, module id %d.\n",
3604 		    mp->mod_modname, mp->mod_id);
3605 
3606 	ASSERT(mp->mod_mp != NULL);
3607 	if (mod_install_requisites(mp) != 0) {
3608 		/*
3609 		 * Note that we can't call mod_unload(mp) here since
3610 		 * if modinstall() was called by mod_install_requisites(),
3611 		 * we won't be able to hold the dependent modules
3612 		 * (otherwise there would be a deadlock).
3613 		 */
3614 		return (ENXIO);
3615 	}
3616 
3617 	if (moddebug & MODDEBUG_ERRMSG) {
3618 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3619 		    mp->mod_filename, mp->mod_id,
3620 		    (void *)((struct module *)mp->mod_mp)->text,
3621 		    (void *)((struct module *)mp->mod_mp)->data,
3622 		    ((struct module *)mp->mod_mp)->text_size,
3623 		    ((struct module *)mp->mod_mp)->data_size);
3624 	}
3625 
3626 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3627 
3628 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3629 		cmn_err(CE_WARN, "_init() not defined properly in %s",
3630 		    mp->mod_filename);
3631 		return (EFAULT);
3632 	}
3633 
3634 	if (moddebug & MODDEBUG_USERDEBUG) {
3635 		printf("breakpoint before calling %s:_init()\n",
3636 		    mp->mod_modname);
3637 		if (DEBUGGER_PRESENT)
3638 			debug_enter("_init");
3639 	}
3640 
3641 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3642 	ASSERT(mp->mod_busy && mp->mod_loaded);
3643 	val = (*func)();		/* call _init */
3644 
3645 	if (moddebug & MODDEBUG_USERDEBUG)
3646 		printf("Returned from _init, val = %x\n", val);
3647 
3648 	if (val == 0) {
3649 		/*
3650 		 * Set the MODS_INSTALLED flag to enable this module
3651 		 * being called now.
3652 		 */
3653 		install_stubs(mp);
3654 		mp->mod_installed = 1;
3655 	} else if (moddebug & MODDEBUG_ERRMSG)
3656 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3657 
3658 	return (val);
3659 }
3660 
3661 int	detach_driver_unconfig = 0;
3662 
3663 static int
detach_driver(char * name)3664 detach_driver(char *name)
3665 {
3666 	major_t major;
3667 	int error;
3668 
3669 	/*
3670 	 * If being called from mod_uninstall_all() then the appropriate
3671 	 * driver detaches (leaf only) have already been done.
3672 	 */
3673 	if (mod_in_autounload())
3674 		return (0);
3675 
3676 	major = ddi_name_to_major(name);
3677 	if (major == DDI_MAJOR_T_NONE)
3678 		return (0);
3679 
3680 	error = ndi_devi_unconfig_driver(ddi_root_node(),
3681 	    NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3682 	return (error == NDI_SUCCESS ? 0 : -1);
3683 }
3684 
3685 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3686 
3687 static int
moduninstall(struct modctl * mp)3688 moduninstall(struct modctl *mp)
3689 {
3690 	int status = 0;
3691 	int (*func)(void);
3692 
3693 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3694 	ASSERT(mp->mod_busy);
3695 
3696 	/*
3697 	 * Verify that we need to do something and can uninstall the module.
3698 	 *
3699 	 * If we should not uninstall the module or if the module is not in
3700 	 * the correct state to start an uninstall we return EBUSY to prevent
3701 	 * us from progressing to mod_unload.  If the module has already been
3702 	 * uninstalled and unloaded we return EALREADY.
3703 	 */
3704 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3705 		return (EBUSY);
3706 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3707 		return (EALREADY);
3708 
3709 	/*
3710 	 * To avoid devinfo / module deadlock we must release this module
3711 	 * prior to initiating the detach_driver, otherwise the detach_driver
3712 	 * might deadlock on a devinfo node held by another thread
3713 	 * coming top down and involving the module we have locked.
3714 	 *
3715 	 * When we regrab the module we must reverify that it is OK
3716 	 * to proceed with the uninstall operation.
3717 	 */
3718 	mod_release_mod(mp);
3719 	status = detach_driver(mp->mod_modname);
3720 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3721 
3722 	/* check detach status and reverify state with lock */
3723 	mutex_enter(&mod_lock);
3724 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3725 		mutex_exit(&mod_lock);
3726 		return (EBUSY);
3727 	}
3728 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3729 		mutex_exit(&mod_lock);
3730 		return (EALREADY);
3731 	}
3732 	mutex_exit(&mod_lock);
3733 
3734 	if (moddebug & MODDEBUG_LOADMSG2)
3735 		printf("uninstalling %s\n", mp->mod_modname);
3736 
3737 	/*
3738 	 * lookup _fini, return EBUSY if not defined.
3739 	 *
3740 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3741 	 * detach(9E) - it allows bufctl addresses to be resolved.
3742 	 */
3743 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3744 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3745 	    (moddebug & MODDEBUG_FINI_EBUSY))
3746 		return (EBUSY);
3747 
3748 	/* verify that _fini is in this module */
3749 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3750 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
3751 		    mp->mod_filename);
3752 		return (EFAULT);
3753 	}
3754 
3755 	/* call _fini() */
3756 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3757 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3758 
3759 	status = (*func)();
3760 
3761 	if (status == 0) {
3762 		/* _fini returned success, the module is no longer installed */
3763 		if (moddebug & MODDEBUG_LOADMSG)
3764 			printf("uninstalled %s\n", mp->mod_modname);
3765 
3766 		/*
3767 		 * Even though we only set mod_installed to zero here, a zero
3768 		 * return value means we are committed to a code path were
3769 		 * mod_loaded will also end up as zero - we have no other
3770 		 * way to get the module data and bss back to the pre _init
3771 		 * state except a reload. To ensure this, after return,
3772 		 * mod_busy must stay set until mod_loaded is cleared.
3773 		 */
3774 		mp->mod_installed = 0;
3775 
3776 		/*
3777 		 * Clear the MODS_INSTALLED flag not to call functions
3778 		 * in the module directly from now on.
3779 		 */
3780 		uninstall_stubs(mp);
3781 	} else {
3782 		if (moddebug & MODDEBUG_USERDEBUG)
3783 			printf(finiret_msg, mp->mod_filename, status);
3784 		/*
3785 		 * By definition _fini is only allowed to return EBUSY or the
3786 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
3787 		 * that a driver returns EALREADY we convert this to EINVAL
3788 		 * since to our caller EALREADY means module was already
3789 		 * removed.
3790 		 */
3791 		if (status == EALREADY)
3792 			status = EINVAL;
3793 	}
3794 
3795 	return (status);
3796 }
3797 
3798 /*
3799  * Uninstall all modules.
3800  */
3801 static void
mod_uninstall_all(void)3802 mod_uninstall_all(void)
3803 {
3804 	struct modctl	*mp;
3805 	int		pass;
3806 	modid_t		modid;
3807 
3808 	/* synchronize with any active modunload_disable() */
3809 	modunload_begin();
3810 
3811 	/* mark this thread as doing autounloading */
3812 	(void) tsd_set(mod_autounload_key, (void *)1);
3813 
3814 	(void) devfs_clean(ddi_root_node(), NULL, 0);
3815 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3816 
3817 	/*
3818 	 * Loop up to max times if we keep producing unreferenced modules.
3819 	 * A new unreferenced module is an opportunity to unload.
3820 	 */
3821 	for (pass = 0; pass < mod_uninstall_pass_max; pass++) {
3822 
3823 		/* zero count of modules that go unreferenced during pass */
3824 		mod_uninstall_ref_zero = 0;
3825 
3826 		modid = 0;
3827 		while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3828 			modid = mp->mod_id;
3829 
3830 			/*
3831 			 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3832 			 */
3833 			if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3834 				mod_release_mod(mp);
3835 				continue;
3836 			}
3837 
3838 			if (moduninstall(mp) == 0) {
3839 				mod_unload(mp);
3840 				CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3841 			}
3842 			mod_release_mod(mp);
3843 		}
3844 
3845 		/* break if no modules went unreferenced during pass */
3846 		if (mod_uninstall_ref_zero == 0)
3847 			break;
3848 	}
3849 	if (pass >= mod_uninstall_pass_max)
3850 		mod_uninstall_pass_exc++;
3851 
3852 	(void) tsd_set(mod_autounload_key, NULL);
3853 	modunload_end();
3854 }
3855 
3856 /* wait for unloads that have begun before registering disable */
3857 void
modunload_disable(void)3858 modunload_disable(void)
3859 {
3860 	mutex_enter(&modunload_wait_mutex);
3861 	while (modunload_active_count) {
3862 		modunload_wait++;
3863 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3864 		modunload_wait--;
3865 	}
3866 	modunload_disable_count++;
3867 	mutex_exit(&modunload_wait_mutex);
3868 }
3869 
3870 /* mark end of disable and signal waiters */
3871 void
modunload_enable(void)3872 modunload_enable(void)
3873 {
3874 	mutex_enter(&modunload_wait_mutex);
3875 	modunload_disable_count--;
3876 	if ((modunload_disable_count == 0) && modunload_wait)
3877 		cv_broadcast(&modunload_wait_cv);
3878 	mutex_exit(&modunload_wait_mutex);
3879 }
3880 
3881 /* wait for disables to complete before begining unload */
3882 void
modunload_begin()3883 modunload_begin()
3884 {
3885 	mutex_enter(&modunload_wait_mutex);
3886 	while (modunload_disable_count) {
3887 		modunload_wait++;
3888 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3889 		modunload_wait--;
3890 	}
3891 	modunload_active_count++;
3892 	mutex_exit(&modunload_wait_mutex);
3893 }
3894 
3895 /* mark end of unload and signal waiters */
3896 void
modunload_end()3897 modunload_end()
3898 {
3899 	mutex_enter(&modunload_wait_mutex);
3900 	modunload_active_count--;
3901 	if ((modunload_active_count == 0) && modunload_wait)
3902 		cv_broadcast(&modunload_wait_cv);
3903 	mutex_exit(&modunload_wait_mutex);
3904 }
3905 
3906 void
mod_uninstall_daemon(void)3907 mod_uninstall_daemon(void)
3908 {
3909 	callb_cpr_t	cprinfo;
3910 	clock_t		ticks;
3911 
3912 	mod_aul_thread = curthread;
3913 
3914 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3915 	for (;;) {
3916 		mutex_enter(&mod_uninstall_lock);
3917 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3918 		/*
3919 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3920 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3921 		 * be disabled by setting mod_uninstall_interval to 0 which is
3922 		 * the default for a non-DEBUG kernel.
3923 		 */
3924 		if (mod_uninstall_interval) {
3925 			ticks = drv_usectohz(mod_uninstall_interval * 1000000);
3926 			(void) cv_reltimedwait(&mod_uninstall_cv,
3927 			    &mod_uninstall_lock, ticks, TR_CLOCK_TICK);
3928 		} else {
3929 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3930 		}
3931 		/*
3932 		 * The whole daemon is safe for CPR except we don't want
3933 		 * the daemon to run if FREEZE is issued and this daemon
3934 		 * wakes up from the cv_wait above. In this case, it'll be
3935 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3936 		 *
3937 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3938 		 * mod_uninstall_lock is used to protect cprinfo and
3939 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3940 		 * called.
3941 		 */
3942 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3943 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3944 		mutex_exit(&mod_uninstall_lock);
3945 		if ((modunload_disable_count == 0) &&
3946 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3947 			mod_uninstall_all();
3948 		}
3949 	}
3950 }
3951 
3952 /*
3953  * Unload all uninstalled modules.
3954  */
3955 void
modreap(void)3956 modreap(void)
3957 {
3958 	mutex_enter(&mod_uninstall_lock);
3959 	cv_broadcast(&mod_uninstall_cv);
3960 	mutex_exit(&mod_uninstall_lock);
3961 }
3962 
3963 /*
3964  * Hold the specified module. This is the module holding primitive.
3965  *
3966  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3967  *
3968  * Return values:
3969  *	 0 ==> the module is held
3970  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3971  *		to determine how to retry.
3972  */
3973 int
mod_hold_by_modctl(struct modctl * mp,int f)3974 mod_hold_by_modctl(struct modctl *mp, int f)
3975 {
3976 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3977 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3978 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3979 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3980 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3981 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3982 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3983 
3984 	if (f & MOD_LOCK_NOT_HELD)
3985 		mutex_enter(&mod_lock);
3986 
3987 	while (mp->mod_busy) {
3988 		mp->mod_want = 1;
3989 		cv_wait(&mod_cv, &mod_lock);
3990 		/*
3991 		 * Module may be unloaded by daemon.
3992 		 * Nevertheless, modctl structure is still in linked list
3993 		 * (i.e., off &modules), not freed!
3994 		 * Caller is not supposed to assume "mp" is valid, but there
3995 		 * is no reasonable way to detect this but using
3996 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3997 		 *   (or similar check depending on calling context)
3998 		 * DON'T free modctl structure, it will be very very
3999 		 * problematic.
4000 		 */
4001 		if (f & MOD_WAIT_ONCE) {
4002 			if (f & MOD_LOCK_NOT_HELD)
4003 				mutex_exit(&mod_lock);
4004 			return (1);	/* caller decides how to retry */
4005 		}
4006 	}
4007 
4008 	mp->mod_busy = 1;
4009 	mp->mod_inprogress_thread =
4010 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
4011 
4012 	if (f & MOD_LOCK_NOT_HELD)
4013 		mutex_exit(&mod_lock);
4014 	return (0);
4015 }
4016 
4017 static struct modctl *
mod_hold_by_name_common(struct modctl * dep,const char * filename)4018 mod_hold_by_name_common(struct modctl *dep, const char *filename)
4019 {
4020 	const char	*modname;
4021 	struct modctl	*mp;
4022 	char		*curname, *newname;
4023 	int		found = 0;
4024 
4025 	mutex_enter(&mod_lock);
4026 
4027 	if ((modname = strrchr(filename, '/')) == NULL)
4028 		modname = filename;
4029 	else
4030 		modname++;
4031 
4032 	mp = &modules;
4033 	do {
4034 		if (strcmp(modname, mp->mod_modname) == 0) {
4035 			found = 1;
4036 			break;
4037 		}
4038 	} while ((mp = mp->mod_next) != &modules);
4039 
4040 	if (found == 0) {
4041 		mp = allocate_modp(filename, modname);
4042 		modadd(mp);
4043 	}
4044 
4045 	/*
4046 	 * if dep is not NULL, set the mp in mod_requisite_loading for
4047 	 * the module circular dependency check. This field is used in
4048 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
4049 	 */
4050 	if (dep != NULL) {
4051 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
4052 		dep->mod_requisite_loading = mp;
4053 	}
4054 
4055 	/*
4056 	 * If the module was held, then it must be us who has it held.
4057 	 */
4058 	if (mod_circdep(mp))
4059 		mp = NULL;
4060 	else {
4061 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4062 
4063 		/*
4064 		 * If the name hadn't been set or has changed, allocate
4065 		 * space and set it.  Free space used by previous name.
4066 		 *
4067 		 * Do not change the name of primary modules, for primary
4068 		 * modules the mod_filename was allocated in standalone mode:
4069 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
4070 		 * in non-standalone mode.
4071 		 */
4072 		curname = mp->mod_filename;
4073 		if (curname == NULL ||
4074 		    ((mp->mod_prim == 0) &&
4075 		    (curname != filename) &&
4076 		    (modname != filename) &&
4077 		    (strcmp(curname, filename) != 0))) {
4078 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
4079 			(void) strcpy(newname, filename);
4080 			mp->mod_filename = newname;
4081 			if (curname != NULL)
4082 				kobj_free(curname, strlen(curname) + 1);
4083 		}
4084 	}
4085 
4086 	mutex_exit(&mod_lock);
4087 	if (mp && moddebug & MODDEBUG_LOADMSG2)
4088 		printf("Holding %s\n", mp->mod_filename);
4089 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
4090 		printf("circular dependency loading %s\n", filename);
4091 	return (mp);
4092 }
4093 
4094 static struct modctl *
mod_hold_by_name_requisite(struct modctl * dep,char * filename)4095 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
4096 {
4097 	return (mod_hold_by_name_common(dep, filename));
4098 }
4099 
4100 struct modctl *
mod_hold_by_name(const char * filename)4101 mod_hold_by_name(const char *filename)
4102 {
4103 	return (mod_hold_by_name_common(NULL, filename));
4104 }
4105 
4106 struct modctl *
mod_hold_by_id(modid_t modid)4107 mod_hold_by_id(modid_t modid)
4108 {
4109 	struct modctl	*mp;
4110 	int		found = 0;
4111 
4112 	mutex_enter(&mod_lock);
4113 	mp = &modules;
4114 	do {
4115 		if (mp->mod_id == modid) {
4116 			found = 1;
4117 			break;
4118 		}
4119 	} while ((mp = mp->mod_next) != &modules);
4120 
4121 	if ((found == 0) || mod_circdep(mp))
4122 		mp = NULL;
4123 	else
4124 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4125 
4126 	mutex_exit(&mod_lock);
4127 	return (mp);
4128 }
4129 
4130 static struct modctl *
mod_hold_next_by_id(modid_t modid)4131 mod_hold_next_by_id(modid_t modid)
4132 {
4133 	struct modctl	*mp;
4134 	int		found = 0;
4135 
4136 	if (modid < -1)
4137 		return (NULL);
4138 
4139 	mutex_enter(&mod_lock);
4140 
4141 	mp = &modules;
4142 	do {
4143 		if (mp->mod_id > modid) {
4144 			found = 1;
4145 			break;
4146 		}
4147 	} while ((mp = mp->mod_next) != &modules);
4148 
4149 	if ((found == 0) || mod_circdep(mp))
4150 		mp = NULL;
4151 	else
4152 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4153 
4154 	mutex_exit(&mod_lock);
4155 	return (mp);
4156 }
4157 
4158 static void
mod_release(struct modctl * mp)4159 mod_release(struct modctl *mp)
4160 {
4161 	ASSERT(MUTEX_HELD(&mod_lock));
4162 	ASSERT(mp->mod_busy);
4163 
4164 	mp->mod_busy = 0;
4165 	mp->mod_inprogress_thread = NULL;
4166 	if (mp->mod_want) {
4167 		mp->mod_want = 0;
4168 		cv_broadcast(&mod_cv);
4169 	}
4170 }
4171 
4172 void
mod_release_mod(struct modctl * mp)4173 mod_release_mod(struct modctl *mp)
4174 {
4175 	if (moddebug & MODDEBUG_LOADMSG2)
4176 		printf("Releasing %s\n", mp->mod_filename);
4177 	mutex_enter(&mod_lock);
4178 	mod_release(mp);
4179 	mutex_exit(&mod_lock);
4180 }
4181 
4182 modid_t
mod_name_to_modid(char * filename)4183 mod_name_to_modid(char *filename)
4184 {
4185 	char		*modname;
4186 	struct modctl	*mp;
4187 
4188 	mutex_enter(&mod_lock);
4189 
4190 	if ((modname = strrchr(filename, '/')) == NULL)
4191 		modname = filename;
4192 	else
4193 		modname++;
4194 
4195 	mp = &modules;
4196 	do {
4197 		if (strcmp(modname, mp->mod_modname) == 0) {
4198 			mutex_exit(&mod_lock);
4199 			return (mp->mod_id);
4200 		}
4201 	} while ((mp = mp->mod_next) != &modules);
4202 
4203 	mutex_exit(&mod_lock);
4204 	return (-1);
4205 }
4206 
4207 
4208 int
mod_remove_by_name(char * name)4209 mod_remove_by_name(char *name)
4210 {
4211 	struct modctl *mp;
4212 	int retval;
4213 
4214 	mp = mod_hold_by_name(name);
4215 
4216 	if (mp == NULL)
4217 		return (EINVAL);
4218 
4219 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4220 		/*
4221 		 * Do not unload forceloaded modules
4222 		 */
4223 		mod_release_mod(mp);
4224 		return (0);
4225 	}
4226 
4227 	if ((retval = moduninstall(mp)) == 0) {
4228 		mod_unload(mp);
4229 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4230 	} else if (retval == EALREADY)
4231 		retval = 0;		/* already unloaded, not an error */
4232 	mod_release_mod(mp);
4233 	return (retval);
4234 }
4235 
4236 /*
4237  * Record that module "dep" is dependent on module "on_mod."
4238  */
4239 static void
mod_make_requisite(struct modctl * dependent,struct modctl * on_mod)4240 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4241 {
4242 	struct modctl_list **pmlnp;	/* previous next pointer */
4243 	struct modctl_list *mlp;
4244 	struct modctl_list *new;
4245 
4246 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
4247 	mutex_enter(&mod_lock);
4248 
4249 	/*
4250 	 * Search dependent's requisite list to see if on_mod is recorded.
4251 	 * List is ordered by id.
4252 	 */
4253 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4254 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4255 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4256 			break;
4257 
4258 	/* Create and insert if not already recorded */
4259 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4260 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4261 		new->modl_modp = on_mod;
4262 		new->modl_next = mlp;
4263 		*pmlnp = new;
4264 
4265 		/*
4266 		 * Increment the mod_ref count in our new requisite module.
4267 		 * This is what keeps a module that has other modules
4268 		 * which are dependent on it from being uninstalled and
4269 		 * unloaded. "on_mod"'s mod_ref count decremented in
4270 		 * mod_release_requisites when the "dependent" module
4271 		 * unload is complete.	"on_mod" must be loaded, but may not
4272 		 * yet be installed.
4273 		 */
4274 		on_mod->mod_ref++;
4275 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4276 	}
4277 
4278 	mutex_exit(&mod_lock);
4279 }
4280 
4281 /*
4282  * release the hold associated with mod_make_requisite mod_ref++
4283  * as part of unload.
4284  */
4285 void
mod_release_requisites(struct modctl * modp)4286 mod_release_requisites(struct modctl *modp)
4287 {
4288 	struct modctl_list *modl;
4289 	struct modctl_list *next;
4290 	struct modctl *req;
4291 	struct modctl_list *start = NULL, *mod_garbage;
4292 
4293 	ASSERT(!quiesce_active);
4294 	ASSERT(modp->mod_busy);
4295 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4296 
4297 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
4298 	for (modl = modp->mod_requisites; modl; modl = next) {
4299 		next = modl->modl_next;
4300 		req = modl->modl_modp;
4301 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4302 		req->mod_ref--;
4303 		if (req->mod_ref == 0)
4304 			mod_uninstall_ref_zero++;
4305 
4306 		/*
4307 		 * Check if the module has to be unloaded or not.
4308 		 */
4309 		if (req->mod_ref == 0 && req->mod_delay_unload) {
4310 			struct modctl_list *new;
4311 			/*
4312 			 * Allocate the modclt_list holding the garbage
4313 			 * module which should be unloaded later.
4314 			 */
4315 			new = kobj_zalloc(sizeof (struct modctl_list),
4316 			    KM_SLEEP);
4317 			new->modl_modp = req;
4318 
4319 			if (start == NULL)
4320 				mod_garbage = start = new;
4321 			else {
4322 				mod_garbage->modl_next = new;
4323 				mod_garbage = new;
4324 			}
4325 		}
4326 
4327 		/* free the list as we go */
4328 		kobj_free(modl, sizeof (*modl));
4329 	}
4330 	modp->mod_requisites = NULL;
4331 	mutex_exit(&mod_lock);
4332 
4333 	/*
4334 	 * Unload the garbage modules.
4335 	 */
4336 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4337 		struct modctl_list *old = mod_garbage;
4338 		struct modctl *mp = mod_garbage->modl_modp;
4339 		ASSERT(mp != NULL);
4340 
4341 		/*
4342 		 * Hold this module until it's unloaded completely.
4343 		 */
4344 		(void) mod_hold_by_modctl(mp,
4345 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4346 		/*
4347 		 * Check if the module is not unloaded yet and nobody requires
4348 		 * the module. If it's unloaded already or somebody still
4349 		 * requires the module, don't unload it now.
4350 		 */
4351 		if (mp->mod_loaded && mp->mod_ref == 0)
4352 			mod_unload(mp);
4353 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4354 		    (mp->mod_ref > 0));
4355 		mod_release_mod(mp);
4356 
4357 		mod_garbage = mod_garbage->modl_next;
4358 		kobj_free(old, sizeof (struct modctl_list));
4359 	}
4360 }
4361 
4362 /*
4363  * Process dependency of the module represented by "dep" on the
4364  * module named by "on."
4365  *
4366  * Called from kobj_do_dependents() to load a module "on" on which
4367  * "dep" depends.
4368  */
4369 struct modctl *
mod_load_requisite(struct modctl * dep,char * on)4370 mod_load_requisite(struct modctl *dep, char *on)
4371 {
4372 	struct modctl *on_mod;
4373 	int retval;
4374 
4375 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4376 		mod_make_requisite(dep, on_mod);
4377 	} else if (moddebug & MODDEBUG_ERRMSG) {
4378 		printf("error processing %s on which module %s depends\n",
4379 		    on, dep->mod_modname);
4380 	}
4381 	return (on_mod);
4382 }
4383 
4384 static int
mod_install_requisites(struct modctl * modp)4385 mod_install_requisites(struct modctl *modp)
4386 {
4387 	struct modctl_list *modl;
4388 	struct modctl *req;
4389 	int status = 0;
4390 
4391 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4392 	ASSERT(modp->mod_busy);
4393 
4394 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4395 		req = modl->modl_modp;
4396 		(void) mod_hold_by_modctl(req,
4397 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4398 		status = modinstall(req);
4399 		mod_release_mod(req);
4400 
4401 		if (status != 0)
4402 			break;
4403 	}
4404 	return (status);
4405 }
4406 
4407 /*
4408  * returns 1 if this thread is doing autounload, 0 otherwise.
4409  * see mod_uninstall_all.
4410  */
4411 int
mod_in_autounload()4412 mod_in_autounload()
4413 {
4414 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4415 }
4416 
4417 /*
4418  * gmatch adapted from libc, stripping the wchar stuff
4419  */
4420 #define	popchar(p, c)	{ \
4421 		c = *p++; \
4422 		if (c == 0) { \
4423 			return (0); \
4424 		} \
4425 	}
4426 
4427 int
gmatch(const char * s,const char * p)4428 gmatch(const char *s, const char *p)
4429 {
4430 	int c, sc;
4431 	int ok, lc, notflag;
4432 
4433 	sc = *s++;
4434 	c = *p++;
4435 	if (c == 0)
4436 		return (sc == c);	/* nothing matches nothing */
4437 
4438 	switch (c) {
4439 	case '\\':
4440 		/* skip to quoted character */
4441 		popchar(p, c);
4442 		/*FALLTHRU*/
4443 
4444 	default:
4445 		/* straight comparison */
4446 		if (c != sc)
4447 			return (0);
4448 		/*FALLTHRU*/
4449 
4450 	case '?':
4451 		/* first char matches, move to remainder */
4452 		return (sc != '\0' ? gmatch(s, p) : 0);
4453 
4454 
4455 	case '*':
4456 		while (*p == '*')
4457 			p++;
4458 
4459 		/* * matches everything */
4460 		if (*p == 0)
4461 			return (1);
4462 
4463 		/* undo skip at the beginning & iterate over substrings */
4464 		--s;
4465 		while (*s) {
4466 			if (gmatch(s, p))
4467 				return (1);
4468 			s++;
4469 		}
4470 		return (0);
4471 
4472 	case '[':
4473 		/* match any char within [] */
4474 		if (sc == 0)
4475 			return (0);
4476 
4477 		ok = lc = notflag = 0;
4478 
4479 		if (*p == '!') {
4480 			notflag = 1;
4481 			p++;
4482 		}
4483 		popchar(p, c);
4484 
4485 		do {
4486 			if (c == '-' && lc && *p != ']') {
4487 				/* test sc against range [c1-c2] */
4488 				popchar(p, c);
4489 				if (c == '\\') {
4490 					popchar(p, c);
4491 				}
4492 
4493 				if (notflag) {
4494 					/* return 0 on mismatch */
4495 					if (lc <= sc && sc <= c)
4496 						return (0);
4497 					ok++;
4498 				} else if (lc <= sc && sc <= c) {
4499 					ok++;
4500 				}
4501 				/* keep going, may get a match next */
4502 			} else if (c == '\\') {
4503 				/* skip to quoted character */
4504 				popchar(p, c);
4505 			}
4506 			lc = c;
4507 			if (notflag) {
4508 				if (sc == lc)
4509 					return (0);
4510 				ok++;
4511 			} else if (sc == lc) {
4512 				ok++;
4513 			}
4514 			popchar(p, c);
4515 		} while (c != ']');
4516 
4517 		/* recurse on remainder of string */
4518 		return (ok ? gmatch(s, p) : 0);
4519 	}
4520 	/*NOTREACHED*/
4521 }
4522 
4523 
4524 /*
4525  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4526  *
4527  * Pure wild-carded patterns are handled separately so the ordering of
4528  * these patterns doesn't matter.  We're still dependent on ordering
4529  * however as the first matching entry is the one returned.
4530  * Not ideal but all existing examples and usage do imply this
4531  * ordering implicitly.
4532  *
4533  * Drivers using the clone driver are always good for some entertainment.
4534  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4535  * perm entries have the form clone:<driver>, others use <driver>:*
4536  * Examples are clone:llc1 vs. llc2:*, for example.
4537  *
4538  * Minor perms in the clone:<driver> form are mapped to the drivers's
4539  * mperm list, not the clone driver, as wildcard entries for clone
4540  * reference only.  In other words, a clone wildcard will match
4541  * references for clone@0:<driver> but never <driver>@<minor>.
4542  *
4543  * Additional minor perms in the standard form are also supported,
4544  * for mixed usage, ie a node with an entry clone:<driver> could
4545  * provide further entries <driver>:<minor>.
4546  *
4547  * Finally, some uses of clone use an alias as the minor name rather
4548  * than the driver name, with the alias as the minor perm entry.
4549  * This case is handled by attaching the driver to bring its
4550  * minor list into existence, then discover the alias via DDI_ALIAS.
4551  * The clone device's minor perm list can then be searched for
4552  * that alias.
4553  */
4554 
4555 static int
dev_alias_minorperm(dev_info_t * dip,char * minor_name,mperm_t * rmp)4556 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4557 {
4558 	major_t			major;
4559 	struct devnames		*dnp;
4560 	mperm_t			*mp;
4561 	char			*alias = NULL;
4562 	dev_info_t		*cdevi;
4563 	int			circ;
4564 	struct ddi_minor_data	*dmd;
4565 
4566 	major = ddi_name_to_major(minor_name);
4567 
4568 	ASSERT(dip == clone_dip);
4569 	ASSERT(major != DDI_MAJOR_T_NONE);
4570 
4571 	/*
4572 	 * Attach the driver named by the minor node, then
4573 	 * search its first instance's minor list for an
4574 	 * alias node.
4575 	 */
4576 	if (ddi_hold_installed_driver(major) == NULL)
4577 		return (1);
4578 
4579 	dnp = &devnamesp[major];
4580 	LOCK_DEV_OPS(&dnp->dn_lock);
4581 
4582 	if ((cdevi = dnp->dn_head) != NULL) {
4583 		ndi_devi_enter(cdevi, &circ);
4584 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4585 			if (dmd->type == DDM_ALIAS) {
4586 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4587 				break;
4588 			}
4589 		}
4590 		ndi_devi_exit(cdevi, circ);
4591 	}
4592 
4593 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4594 	ddi_rele_driver(major);
4595 
4596 	if (alias == NULL) {
4597 		if (moddebug & MODDEBUG_MINORPERM)
4598 			cmn_err(CE_CONT, "dev_minorperm: "
4599 			    "no alias for %s\n", minor_name);
4600 		return (1);
4601 	}
4602 
4603 	major = ddi_driver_major(clone_dip);
4604 	dnp = &devnamesp[major];
4605 	LOCK_DEV_OPS(&dnp->dn_lock);
4606 
4607 	/*
4608 	 * Go through the clone driver's mperm list looking
4609 	 * for a match for the specified alias.
4610 	 */
4611 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4612 		if (strcmp(alias, mp->mp_minorname) == 0) {
4613 			break;
4614 		}
4615 	}
4616 
4617 	if (mp) {
4618 		if (moddebug & MODDEBUG_MP_MATCH) {
4619 			cmn_err(CE_CONT,
4620 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4621 			    minor_name, alias, mp->mp_mode,
4622 			    mp->mp_uid, mp->mp_gid);
4623 		}
4624 		rmp->mp_uid = mp->mp_uid;
4625 		rmp->mp_gid = mp->mp_gid;
4626 		rmp->mp_mode = mp->mp_mode;
4627 	}
4628 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4629 
4630 	kmem_free(alias, strlen(alias)+1);
4631 
4632 	return (mp == NULL);
4633 }
4634 
4635 int
dev_minorperm(dev_info_t * dip,char * name,mperm_t * rmp)4636 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4637 {
4638 	major_t major;
4639 	char *minor_name;
4640 	struct devnames *dnp;
4641 	mperm_t *mp;
4642 	int is_clone = 0;
4643 
4644 	if (!minorperm_loaded) {
4645 		if (moddebug & MODDEBUG_MINORPERM)
4646 			cmn_err(CE_CONT,
4647 			    "%s: minor perm not yet loaded\n", name);
4648 		return (1);
4649 	}
4650 
4651 	minor_name = strchr(name, ':');
4652 	if (minor_name == NULL)
4653 		return (1);
4654 	minor_name++;
4655 
4656 	/*
4657 	 * If it's the clone driver, search the driver as named
4658 	 * by the minor.  All clone minor perm entries other than
4659 	 * alias nodes are actually installed on the real driver's list.
4660 	 */
4661 	if (dip == clone_dip) {
4662 		major = ddi_name_to_major(minor_name);
4663 		if (major == DDI_MAJOR_T_NONE) {
4664 			if (moddebug & MODDEBUG_MINORPERM)
4665 				cmn_err(CE_CONT, "dev_minorperm: "
4666 				    "%s: no such driver\n", minor_name);
4667 			return (1);
4668 		}
4669 		is_clone = 1;
4670 	} else {
4671 		major = ddi_driver_major(dip);
4672 		ASSERT(major != DDI_MAJOR_T_NONE);
4673 	}
4674 
4675 	dnp = &devnamesp[major];
4676 	LOCK_DEV_OPS(&dnp->dn_lock);
4677 
4678 	/*
4679 	 * Go through the driver's mperm list looking for
4680 	 * a match for the specified minor.  If there's
4681 	 * no matching pattern, use the wild card.
4682 	 * Defer to the clone wild for clone if specified,
4683 	 * otherwise fall back to the normal form.
4684 	 */
4685 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4686 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
4687 			break;
4688 		}
4689 	}
4690 	if (mp == NULL) {
4691 		if (is_clone)
4692 			mp = dnp->dn_mperm_clone;
4693 		if (mp == NULL)
4694 			mp = dnp->dn_mperm_wild;
4695 	}
4696 
4697 	if (mp) {
4698 		if (moddebug & MODDEBUG_MP_MATCH) {
4699 			cmn_err(CE_CONT,
4700 			    "minor perm defaults: %s %s 0%o %d %d\n",
4701 			    name, mp->mp_minorname, mp->mp_mode,
4702 			    mp->mp_uid, mp->mp_gid);
4703 		}
4704 		rmp->mp_uid = mp->mp_uid;
4705 		rmp->mp_gid = mp->mp_gid;
4706 		rmp->mp_mode = mp->mp_mode;
4707 	}
4708 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4709 
4710 	/*
4711 	 * If no match can be found for a clone node,
4712 	 * search for a possible match for an alias.
4713 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4714 	 * with minor perm entry clone:ptmx.
4715 	 */
4716 	if (mp == NULL && is_clone) {
4717 		return (dev_alias_minorperm(dip, minor_name, rmp));
4718 	}
4719 
4720 	return (mp == NULL);
4721 }
4722 
4723 /*
4724  * dynamicaly reference load a dl module/library, returning handle
4725  */
4726 /*ARGSUSED*/
4727 ddi_modhandle_t
ddi_modopen(const char * modname,int mode,int * errnop)4728 ddi_modopen(const char *modname, int mode, int *errnop)
4729 {
4730 	char		*subdir;
4731 	char		*mod;
4732 	int		subdirlen;
4733 	struct modctl	*hmodp = NULL;
4734 	int		retval = EINVAL;
4735 
4736 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4737 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4738 		goto out;
4739 
4740 	/* find last '/' in modname */
4741 	mod = strrchr(modname, '/');
4742 
4743 	if (mod) {
4744 		/* for subdir string without modification to argument */
4745 		mod++;
4746 		subdirlen = mod - modname;
4747 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
4748 		(void) strlcpy(subdir, modname, subdirlen);
4749 	} else {
4750 		subdirlen = 0;
4751 		subdir = "misc";
4752 		mod = (char *)modname;
4753 	}
4754 
4755 	/* reference load with errno return value */
4756 	retval = modrload(subdir, mod, &hmodp);
4757 
4758 	if (subdirlen)
4759 		kmem_free(subdir, subdirlen);
4760 
4761 out:	if (errnop)
4762 		*errnop = retval;
4763 
4764 	if (moddebug & MODDEBUG_DDI_MOD)
4765 		printf("ddi_modopen %s mode %x: %s %p %d\n",
4766 		    modname ? modname : "<unknown>", mode,
4767 		    hmodp ? hmodp->mod_filename : "<unknown>",
4768 		    (void *)hmodp, retval);
4769 
4770 	return ((ddi_modhandle_t)hmodp);
4771 }
4772 
4773 /* lookup "name" in open dl module/library */
4774 void *
ddi_modsym(ddi_modhandle_t h,const char * name,int * errnop)4775 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4776 {
4777 	struct modctl	*hmodp = (struct modctl *)h;
4778 	void		*f;
4779 	int		retval;
4780 
4781 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4782 	if ((hmodp == NULL) || (name == NULL) ||
4783 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4784 		f = NULL;
4785 		retval = EINVAL;
4786 	} else {
4787 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4788 		if (f)
4789 			retval = 0;
4790 		else
4791 			retval = ENOTSUP;
4792 	}
4793 
4794 	if (moddebug & MODDEBUG_DDI_MOD)
4795 		printf("ddi_modsym in %s of %s: %d %p\n",
4796 		    hmodp ? hmodp->mod_modname : "<unknown>",
4797 		    name ? name : "<unknown>", retval, f);
4798 
4799 	if (errnop)
4800 		*errnop = retval;
4801 	return (f);
4802 }
4803 
4804 /* dynamic (un)reference unload of an open dl module/library */
4805 int
ddi_modclose(ddi_modhandle_t h)4806 ddi_modclose(ddi_modhandle_t h)
4807 {
4808 	struct modctl	*hmodp = (struct modctl *)h;
4809 	struct modctl	*modp = NULL;
4810 	int		retval;
4811 
4812 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4813 	if ((hmodp == NULL) ||
4814 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4815 		retval = EINVAL;
4816 		goto out;
4817 	}
4818 
4819 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4820 	if (retval == EBUSY)
4821 		retval = 0;	/* EBUSY is not an error */
4822 
4823 	if (retval == 0) {
4824 		ASSERT(hmodp == modp);
4825 		if (hmodp != modp)
4826 			retval = EINVAL;
4827 	}
4828 
4829 out:	if (moddebug & MODDEBUG_DDI_MOD)
4830 		printf("ddi_modclose %s: %d\n",
4831 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
4832 
4833 	return (retval);
4834 }
4835