xref: /illumos-gate/usr/src/cmd/mdb/common/modules/genunix/genunix.c (revision 56e2cc86321ec889bf83a888d902c60d6fb2ef8d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <mdb/mdb_param.h>
27 #include <mdb/mdb_modapi.h>
28 #include <mdb/mdb_ks.h>
29 #include <mdb/mdb_ctf.h>
30 
31 #include <sys/types.h>
32 #include <sys/thread.h>
33 #include <sys/session.h>
34 #include <sys/user.h>
35 #include <sys/proc.h>
36 #include <sys/var.h>
37 #include <sys/t_lock.h>
38 #include <sys/systm.h>
39 #include <sys/callo.h>
40 #include <sys/priocntl.h>
41 #include <sys/class.h>
42 #include <sys/regset.h>
43 #include <sys/stack.h>
44 #include <sys/cpuvar.h>
45 #include <sys/vnode.h>
46 #include <sys/vfs.h>
47 #include <sys/flock_impl.h>
48 #include <sys/kmem_impl.h>
49 #include <sys/vmem_impl.h>
50 #include <sys/kstat.h>
51 #include <vm/seg_vn.h>
52 #include <vm/anon.h>
53 #include <vm/as.h>
54 #include <vm/seg_map.h>
55 #include <sys/dditypes.h>
56 #include <sys/ddi_impldefs.h>
57 #include <sys/sysmacros.h>
58 #include <sys/sysconf.h>
59 #include <sys/task.h>
60 #include <sys/project.h>
61 #include <sys/taskq.h>
62 #include <sys/taskq_impl.h>
63 #include <sys/errorq_impl.h>
64 #include <sys/cred_impl.h>
65 #include <sys/zone.h>
66 #include <sys/panic.h>
67 #include <regex.h>
68 #include <sys/port_impl.h>
69 
70 #include "avl.h"
71 #include "combined.h"
72 #include "contract.h"
73 #include "cpupart_mdb.h"
74 #include "devinfo.h"
75 #include "irm.h"
76 #include "leaky.h"
77 #include "lgrp.h"
78 #include "pg.h"
79 #include "group.h"
80 #include "list.h"
81 #include "log.h"
82 #include "kgrep.h"
83 #include "kmem.h"
84 #include "bio.h"
85 #include "streams.h"
86 #include "cyclic.h"
87 #include "findstack.h"
88 #include "ndievents.h"
89 #include "mmd.h"
90 #include "net.h"
91 #include "netstack.h"
92 #include "nvpair.h"
93 #include "ctxop.h"
94 #include "tsd.h"
95 #include "thread.h"
96 #include "memory.h"
97 #include "sobj.h"
98 #include "sysevent.h"
99 #include "rctl.h"
100 #include "tsol.h"
101 #include "typegraph.h"
102 #include "ldi.h"
103 #include "vfs.h"
104 #include "zone.h"
105 #include "modhash.h"
106 #include "mdi.h"
107 #include "fm.h"
108 
109 /*
110  * Surely this is defined somewhere...
111  */
112 #define	NINTR		16
113 
114 #define	KILOS		10
115 #define	MEGS		20
116 #define	GIGS		30
117 
118 #ifndef STACK_BIAS
119 #define	STACK_BIAS	0
120 #endif
121 
122 static char
123 pstat2ch(uchar_t state)
124 {
125 	switch (state) {
126 		case SSLEEP: return ('S');
127 		case SRUN: return ('R');
128 		case SZOMB: return ('Z');
129 		case SIDL: return ('I');
130 		case SONPROC: return ('O');
131 		case SSTOP: return ('T');
132 		case SWAIT: return ('W');
133 		default: return ('?');
134 	}
135 }
136 
137 #define	PS_PRTTHREADS	0x1
138 #define	PS_PRTLWPS	0x2
139 #define	PS_PSARGS	0x4
140 #define	PS_TASKS	0x8
141 #define	PS_PROJECTS	0x10
142 #define	PS_ZONES	0x20
143 
144 static int
145 ps_threadprint(uintptr_t addr, const void *data, void *private)
146 {
147 	const kthread_t *t = (const kthread_t *)data;
148 	uint_t prt_flags = *((uint_t *)private);
149 
150 	static const mdb_bitmask_t t_state_bits[] = {
151 		{ "TS_FREE",	UINT_MAX,	TS_FREE		},
152 		{ "TS_SLEEP",	TS_SLEEP,	TS_SLEEP	},
153 		{ "TS_RUN",	TS_RUN,		TS_RUN		},
154 		{ "TS_ONPROC",	TS_ONPROC,	TS_ONPROC	},
155 		{ "TS_ZOMB",	TS_ZOMB,	TS_ZOMB		},
156 		{ "TS_STOPPED",	TS_STOPPED,	TS_STOPPED	},
157 		{ "TS_WAIT",	TS_WAIT,	TS_WAIT		},
158 		{ NULL,		0,		0		}
159 	};
160 
161 	if (prt_flags & PS_PRTTHREADS)
162 		mdb_printf("\tT  %?a <%b>\n", addr, t->t_state, t_state_bits);
163 
164 	if (prt_flags & PS_PRTLWPS)
165 		mdb_printf("\tL  %?a ID: %u\n", t->t_lwp, t->t_tid);
166 
167 	return (WALK_NEXT);
168 }
169 
170 int
171 ps(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
172 {
173 	uint_t prt_flags = 0;
174 	proc_t pr;
175 	struct pid pid, pgid, sid;
176 	sess_t session;
177 	cred_t cred;
178 	task_t tk;
179 	kproject_t pj;
180 	zone_t zn;
181 
182 	if (!(flags & DCMD_ADDRSPEC)) {
183 		if (mdb_walk_dcmd("proc", "ps", argc, argv) == -1) {
184 			mdb_warn("can't walk 'proc'");
185 			return (DCMD_ERR);
186 		}
187 		return (DCMD_OK);
188 	}
189 
190 	if (mdb_getopts(argc, argv,
191 	    'f', MDB_OPT_SETBITS, PS_PSARGS, &prt_flags,
192 	    'l', MDB_OPT_SETBITS, PS_PRTLWPS, &prt_flags,
193 	    'T', MDB_OPT_SETBITS, PS_TASKS, &prt_flags,
194 	    'P', MDB_OPT_SETBITS, PS_PROJECTS, &prt_flags,
195 	    'z', MDB_OPT_SETBITS, PS_ZONES, &prt_flags,
196 	    't', MDB_OPT_SETBITS, PS_PRTTHREADS, &prt_flags, NULL) != argc)
197 		return (DCMD_USAGE);
198 
199 	if (DCMD_HDRSPEC(flags)) {
200 		mdb_printf("%<u>%1s %6s %6s %6s %6s ",
201 		    "S", "PID", "PPID", "PGID", "SID");
202 		if (prt_flags & PS_TASKS)
203 			mdb_printf("%5s ", "TASK");
204 		if (prt_flags & PS_PROJECTS)
205 			mdb_printf("%5s ", "PROJ");
206 		if (prt_flags & PS_ZONES)
207 			mdb_printf("%5s ", "ZONE");
208 		mdb_printf("%6s %10s %?s %s%</u>\n",
209 		    "UID", "FLAGS", "ADDR", "NAME");
210 	}
211 
212 	mdb_vread(&pr, sizeof (pr), addr);
213 	mdb_vread(&pid, sizeof (pid), (uintptr_t)pr.p_pidp);
214 	mdb_vread(&pgid, sizeof (pgid), (uintptr_t)pr.p_pgidp);
215 	mdb_vread(&cred, sizeof (cred), (uintptr_t)pr.p_cred);
216 	mdb_vread(&session, sizeof (session), (uintptr_t)pr.p_sessp);
217 	mdb_vread(&sid, sizeof (sid), (uintptr_t)session.s_sidp);
218 	if (prt_flags & (PS_TASKS | PS_PROJECTS))
219 		mdb_vread(&tk, sizeof (tk), (uintptr_t)pr.p_task);
220 	if (prt_flags & PS_PROJECTS)
221 		mdb_vread(&pj, sizeof (pj), (uintptr_t)tk.tk_proj);
222 	if (prt_flags & PS_ZONES)
223 		mdb_vread(&zn, sizeof (zone_t), (uintptr_t)pr.p_zone);
224 
225 	mdb_printf("%c %6d %6d %6d %6d ",
226 	    pstat2ch(pr.p_stat), pid.pid_id, pr.p_ppid, pgid.pid_id,
227 	    sid.pid_id);
228 	if (prt_flags & PS_TASKS)
229 		mdb_printf("%5d ", tk.tk_tkid);
230 	if (prt_flags & PS_PROJECTS)
231 		mdb_printf("%5d ", pj.kpj_id);
232 	if (prt_flags & PS_ZONES)
233 		mdb_printf("%5d ", zn.zone_id);
234 	mdb_printf("%6d 0x%08x %0?p %s\n",
235 	    cred.cr_uid, pr.p_flag, addr,
236 	    (prt_flags & PS_PSARGS) ? pr.p_user.u_psargs : pr.p_user.u_comm);
237 
238 	if (prt_flags & ~PS_PSARGS)
239 		(void) mdb_pwalk("thread", ps_threadprint, &prt_flags, addr);
240 
241 	return (DCMD_OK);
242 }
243 
244 #define	PG_NEWEST	0x0001
245 #define	PG_OLDEST	0x0002
246 #define	PG_PIPE_OUT	0x0004
247 #define	PG_EXACT_MATCH	0x0008
248 
249 typedef struct pgrep_data {
250 	uint_t pg_flags;
251 	uint_t pg_psflags;
252 	uintptr_t pg_xaddr;
253 	hrtime_t pg_xstart;
254 	const char *pg_pat;
255 #ifndef _KMDB
256 	regex_t pg_reg;
257 #endif
258 } pgrep_data_t;
259 
260 /*ARGSUSED*/
261 static int
262 pgrep_cb(uintptr_t addr, const void *pdata, void *data)
263 {
264 	const proc_t *prp = pdata;
265 	pgrep_data_t *pgp = data;
266 #ifndef _KMDB
267 	regmatch_t pmatch;
268 #endif
269 
270 	/*
271 	 * kmdb doesn't have access to the reg* functions, so we fall back
272 	 * to strstr/strcmp.
273 	 */
274 #ifdef _KMDB
275 	if ((pgp->pg_flags & PG_EXACT_MATCH) ?
276 	    (strcmp(prp->p_user.u_comm, pgp->pg_pat) != 0) :
277 	    (strstr(prp->p_user.u_comm, pgp->pg_pat) == NULL))
278 		return (WALK_NEXT);
279 #else
280 	if (regexec(&pgp->pg_reg, prp->p_user.u_comm, 1, &pmatch, 0) != 0)
281 		return (WALK_NEXT);
282 
283 	if ((pgp->pg_flags & PG_EXACT_MATCH) &&
284 	    (pmatch.rm_so != 0 || prp->p_user.u_comm[pmatch.rm_eo] != '\0'))
285 		return (WALK_NEXT);
286 #endif
287 
288 	if (pgp->pg_flags & (PG_NEWEST | PG_OLDEST)) {
289 		hrtime_t start;
290 
291 		start = (hrtime_t)prp->p_user.u_start.tv_sec * NANOSEC +
292 		    prp->p_user.u_start.tv_nsec;
293 
294 		if (pgp->pg_flags & PG_NEWEST) {
295 			if (pgp->pg_xaddr == NULL || start > pgp->pg_xstart) {
296 				pgp->pg_xaddr = addr;
297 				pgp->pg_xstart = start;
298 			}
299 		} else {
300 			if (pgp->pg_xaddr == NULL || start < pgp->pg_xstart) {
301 				pgp->pg_xaddr = addr;
302 				pgp->pg_xstart = start;
303 			}
304 		}
305 
306 	} else if (pgp->pg_flags & PG_PIPE_OUT) {
307 		mdb_printf("%p\n", addr);
308 
309 	} else {
310 		if (mdb_call_dcmd("ps", addr, pgp->pg_psflags, 0, NULL) != 0) {
311 			mdb_warn("can't invoke 'ps'");
312 			return (WALK_DONE);
313 		}
314 		pgp->pg_psflags &= ~DCMD_LOOPFIRST;
315 	}
316 
317 	return (WALK_NEXT);
318 }
319 
320 /*ARGSUSED*/
321 int
322 pgrep(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
323 {
324 	pgrep_data_t pg;
325 	int i;
326 #ifndef _KMDB
327 	int err;
328 #endif
329 
330 	if (flags & DCMD_ADDRSPEC)
331 		return (DCMD_USAGE);
332 
333 	pg.pg_flags = 0;
334 	pg.pg_xaddr = 0;
335 
336 	i = mdb_getopts(argc, argv,
337 	    'n', MDB_OPT_SETBITS, PG_NEWEST, &pg.pg_flags,
338 	    'o', MDB_OPT_SETBITS, PG_OLDEST, &pg.pg_flags,
339 	    'x', MDB_OPT_SETBITS, PG_EXACT_MATCH, &pg.pg_flags,
340 	    NULL);
341 
342 	argc -= i;
343 	argv += i;
344 
345 	if (argc != 1)
346 		return (DCMD_USAGE);
347 
348 	/*
349 	 * -n and -o are mutually exclusive.
350 	 */
351 	if ((pg.pg_flags & PG_NEWEST) && (pg.pg_flags & PG_OLDEST))
352 		return (DCMD_USAGE);
353 
354 	if (argv->a_type != MDB_TYPE_STRING)
355 		return (DCMD_USAGE);
356 
357 	if (flags & DCMD_PIPE_OUT)
358 		pg.pg_flags |= PG_PIPE_OUT;
359 
360 	pg.pg_pat = argv->a_un.a_str;
361 	if (DCMD_HDRSPEC(flags))
362 		pg.pg_psflags = DCMD_ADDRSPEC | DCMD_LOOP | DCMD_LOOPFIRST;
363 	else
364 		pg.pg_psflags = DCMD_ADDRSPEC | DCMD_LOOP;
365 
366 #ifndef _KMDB
367 	if ((err = regcomp(&pg.pg_reg, pg.pg_pat, REG_EXTENDED)) != 0) {
368 		size_t nbytes;
369 		char *buf;
370 
371 		nbytes = regerror(err, &pg.pg_reg, NULL, 0);
372 		buf = mdb_alloc(nbytes + 1, UM_SLEEP | UM_GC);
373 		(void) regerror(err, &pg.pg_reg, buf, nbytes);
374 		mdb_warn("%s\n", buf);
375 
376 		return (DCMD_ERR);
377 	}
378 #endif
379 
380 	if (mdb_walk("proc", pgrep_cb, &pg) != 0) {
381 		mdb_warn("can't walk 'proc'");
382 		return (DCMD_ERR);
383 	}
384 
385 	if (pg.pg_xaddr != 0 && (pg.pg_flags & (PG_NEWEST | PG_OLDEST))) {
386 		if (pg.pg_flags & PG_PIPE_OUT) {
387 			mdb_printf("%p\n", pg.pg_xaddr);
388 		} else {
389 			if (mdb_call_dcmd("ps", pg.pg_xaddr, pg.pg_psflags,
390 			    0, NULL) != 0) {
391 				mdb_warn("can't invoke 'ps'");
392 				return (DCMD_ERR);
393 			}
394 		}
395 	}
396 
397 	return (DCMD_OK);
398 }
399 
400 int
401 task(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
402 {
403 	task_t tk;
404 	kproject_t pj;
405 
406 	if (!(flags & DCMD_ADDRSPEC)) {
407 		if (mdb_walk_dcmd("task_cache", "task", argc, argv) == -1) {
408 			mdb_warn("can't walk task_cache");
409 			return (DCMD_ERR);
410 		}
411 		return (DCMD_OK);
412 	}
413 	if (DCMD_HDRSPEC(flags)) {
414 		mdb_printf("%<u>%?s %6s %6s %6s %6s %10s%</u>\n",
415 		    "ADDR", "TASKID", "PROJID", "ZONEID", "REFCNT", "FLAGS");
416 	}
417 	if (mdb_vread(&tk, sizeof (task_t), addr) == -1) {
418 		mdb_warn("can't read task_t structure at %p", addr);
419 		return (DCMD_ERR);
420 	}
421 	if (mdb_vread(&pj, sizeof (kproject_t), (uintptr_t)tk.tk_proj) == -1) {
422 		mdb_warn("can't read project_t structure at %p", addr);
423 		return (DCMD_ERR);
424 	}
425 	mdb_printf("%0?p %6d %6d %6d %6u 0x%08x\n",
426 	    addr, tk.tk_tkid, pj.kpj_id, pj.kpj_zoneid, tk.tk_hold_count,
427 	    tk.tk_flags);
428 	return (DCMD_OK);
429 }
430 
431 int
432 project(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
433 {
434 	kproject_t pj;
435 
436 	if (!(flags & DCMD_ADDRSPEC)) {
437 		if (mdb_walk_dcmd("projects", "project", argc, argv) == -1) {
438 			mdb_warn("can't walk projects");
439 			return (DCMD_ERR);
440 		}
441 		return (DCMD_OK);
442 	}
443 	if (DCMD_HDRSPEC(flags)) {
444 		mdb_printf("%<u>%?s %6s %6s %6s%</u>\n",
445 		    "ADDR", "PROJID", "ZONEID", "REFCNT");
446 	}
447 	if (mdb_vread(&pj, sizeof (kproject_t), addr) == -1) {
448 		mdb_warn("can't read kproject_t structure at %p", addr);
449 		return (DCMD_ERR);
450 	}
451 	mdb_printf("%0?p %6d %6d %6u\n", addr, pj.kpj_id, pj.kpj_zoneid,
452 	    pj.kpj_count);
453 	return (DCMD_OK);
454 }
455 
456 /* walk callouts themselves, either by list or id hash. */
457 int
458 callout_walk_init(mdb_walk_state_t *wsp)
459 {
460 	if (wsp->walk_addr == NULL) {
461 		mdb_warn("callout doesn't support global walk");
462 		return (WALK_ERR);
463 	}
464 	wsp->walk_data = mdb_alloc(sizeof (callout_t), UM_SLEEP);
465 	return (WALK_NEXT);
466 }
467 
468 #define	CALLOUT_WALK_BYLIST	0
469 #define	CALLOUT_WALK_BYID	1
470 
471 /* the walker arg switches between walking by list (0) and walking by id (1). */
472 int
473 callout_walk_step(mdb_walk_state_t *wsp)
474 {
475 	int retval;
476 
477 	if (wsp->walk_addr == NULL) {
478 		return (WALK_DONE);
479 	}
480 	if (mdb_vread(wsp->walk_data, sizeof (callout_t),
481 	    wsp->walk_addr) == -1) {
482 		mdb_warn("failed to read callout at %p", wsp->walk_addr);
483 		return (WALK_DONE);
484 	}
485 	retval = wsp->walk_callback(wsp->walk_addr, wsp->walk_data,
486 	    wsp->walk_cbdata);
487 
488 	if ((ulong_t)wsp->walk_arg == CALLOUT_WALK_BYID) {
489 		wsp->walk_addr =
490 		    (uintptr_t)(((callout_t *)wsp->walk_data)->c_idnext);
491 	} else {
492 		wsp->walk_addr =
493 		    (uintptr_t)(((callout_t *)wsp->walk_data)->c_clnext);
494 	}
495 
496 	return (retval);
497 }
498 
499 void
500 callout_walk_fini(mdb_walk_state_t *wsp)
501 {
502 	mdb_free(wsp->walk_data, sizeof (callout_t));
503 }
504 
505 /*
506  * walker for callout lists. This is different from hashes and callouts.
507  * Thankfully, it's also simpler.
508  */
509 int
510 callout_list_walk_init(mdb_walk_state_t *wsp)
511 {
512 	if (wsp->walk_addr == NULL) {
513 		mdb_warn("callout list doesn't support global walk");
514 		return (WALK_ERR);
515 	}
516 	wsp->walk_data = mdb_alloc(sizeof (callout_list_t), UM_SLEEP);
517 	return (WALK_NEXT);
518 }
519 
520 int
521 callout_list_walk_step(mdb_walk_state_t *wsp)
522 {
523 	int retval;
524 
525 	if (wsp->walk_addr == NULL) {
526 		return (WALK_DONE);
527 	}
528 	if (mdb_vread(wsp->walk_data, sizeof (callout_list_t),
529 	    wsp->walk_addr) != sizeof (callout_list_t)) {
530 		mdb_warn("failed to read callout_list at %p", wsp->walk_addr);
531 		return (WALK_ERR);
532 	}
533 	retval = wsp->walk_callback(wsp->walk_addr, wsp->walk_data,
534 	    wsp->walk_cbdata);
535 
536 	wsp->walk_addr = (uintptr_t)
537 	    (((callout_list_t *)wsp->walk_data)->cl_next);
538 
539 	return (retval);
540 }
541 
542 void
543 callout_list_walk_fini(mdb_walk_state_t *wsp)
544 {
545 	mdb_free(wsp->walk_data, sizeof (callout_list_t));
546 }
547 
548 /* routines/structs to walk callout table(s) */
549 typedef struct cot_data {
550 	callout_table_t *ct0;
551 	callout_table_t ct;
552 	callout_hash_t cot_idhash[CALLOUT_BUCKETS];
553 	callout_hash_t cot_clhash[CALLOUT_BUCKETS];
554 	kstat_named_t ct_kstat_data[CALLOUT_NUM_STATS];
555 	int cotndx;
556 	int cotsize;
557 } cot_data_t;
558 
559 int
560 callout_table_walk_init(mdb_walk_state_t *wsp)
561 {
562 	int max_ncpus;
563 	cot_data_t *cot_walk_data;
564 
565 	cot_walk_data = mdb_alloc(sizeof (cot_data_t), UM_SLEEP);
566 
567 	if (wsp->walk_addr == NULL) {
568 		if (mdb_readvar(&cot_walk_data->ct0, "callout_table") == -1) {
569 			mdb_warn("failed to read 'callout_table'");
570 			return (WALK_ERR);
571 		}
572 		if (mdb_readvar(&max_ncpus, "max_ncpus") == -1) {
573 			mdb_warn("failed to get callout_table array size");
574 			return (WALK_ERR);
575 		}
576 		cot_walk_data->cotsize = CALLOUT_NTYPES * max_ncpus;
577 		wsp->walk_addr = (uintptr_t)cot_walk_data->ct0;
578 	} else {
579 		/* not a global walk */
580 		cot_walk_data->cotsize = 1;
581 	}
582 
583 	cot_walk_data->cotndx = 0;
584 	wsp->walk_data = cot_walk_data;
585 
586 	return (WALK_NEXT);
587 }
588 
589 int
590 callout_table_walk_step(mdb_walk_state_t *wsp)
591 {
592 	int retval;
593 	cot_data_t *cotwd = (cot_data_t *)wsp->walk_data;
594 	size_t size;
595 
596 	if (cotwd->cotndx >= cotwd->cotsize) {
597 		return (WALK_DONE);
598 	}
599 	if (mdb_vread(&(cotwd->ct), sizeof (callout_table_t),
600 	    wsp->walk_addr) != sizeof (callout_table_t)) {
601 		mdb_warn("failed to read callout_table at %p", wsp->walk_addr);
602 		return (WALK_ERR);
603 	}
604 
605 	size = sizeof (callout_hash_t) * CALLOUT_BUCKETS;
606 	if (cotwd->ct.ct_idhash != NULL) {
607 		if (mdb_vread(cotwd->cot_idhash, size,
608 		    (uintptr_t)(cotwd->ct.ct_idhash)) != size) {
609 			mdb_warn("failed to read id_hash at %p",
610 			    cotwd->ct.ct_idhash);
611 			return (WALK_ERR);
612 		}
613 	}
614 	if (cotwd->ct.ct_clhash != NULL) {
615 		if (mdb_vread(&(cotwd->cot_clhash), size,
616 		    (uintptr_t)cotwd->ct.ct_clhash) == -1) {
617 			mdb_warn("failed to read cl_hash at %p",
618 			    cotwd->ct.ct_clhash);
619 			return (WALK_ERR);
620 		}
621 	}
622 	size = sizeof (kstat_named_t) * CALLOUT_NUM_STATS;
623 	if (cotwd->ct.ct_kstat_data != NULL) {
624 		if (mdb_vread(&(cotwd->ct_kstat_data), size,
625 		    (uintptr_t)cotwd->ct.ct_kstat_data) == -1) {
626 			mdb_warn("failed to read kstats at %p",
627 			    cotwd->ct.ct_kstat_data);
628 			return (WALK_ERR);
629 		}
630 	}
631 	retval = wsp->walk_callback(wsp->walk_addr, (void *)cotwd,
632 	    wsp->walk_cbdata);
633 
634 	cotwd->cotndx++;
635 	if (cotwd->cotndx >= cotwd->cotsize) {
636 		return (WALK_DONE);
637 	}
638 	wsp->walk_addr = (uintptr_t)((char *)wsp->walk_addr +
639 	    sizeof (callout_table_t));
640 
641 	return (retval);
642 }
643 
644 void
645 callout_table_walk_fini(mdb_walk_state_t *wsp)
646 {
647 	mdb_free(wsp->walk_data, sizeof (cot_data_t));
648 }
649 
650 static const char *co_typenames[] = { "R", "N" };
651 
652 #define	CO_PLAIN_ID(xid)	((xid) & CALLOUT_ID_MASK)
653 
654 #define	TABLE_TO_SEQID(x)	((x) >> CALLOUT_TYPE_BITS)
655 
656 /* callout flags, in no particular order */
657 #define	COF_REAL	0x0000001
658 #define	COF_NORM	0x0000002
659 #define	COF_LONG	0x0000004
660 #define	COF_SHORT	0x0000008
661 #define	COF_EMPTY	0x0000010
662 #define	COF_TIME	0x0000020
663 #define	COF_BEFORE	0x0000040
664 #define	COF_AFTER	0x0000080
665 #define	COF_SEQID	0x0000100
666 #define	COF_FUNC	0x0000200
667 #define	COF_ADDR	0x0000400
668 #define	COF_EXEC	0x0000800
669 #define	COF_HIRES	0x0001000
670 #define	COF_ABS		0x0002000
671 #define	COF_TABLE	0x0004000
672 #define	COF_BYIDH	0x0008000
673 #define	COF_FREE	0x0010000
674 #define	COF_LIST	0x0020000
675 #define	COF_EXPREL	0x0040000
676 #define	COF_HDR		0x0080000
677 #define	COF_VERBOSE	0x0100000
678 #define	COF_LONGLIST	0x0200000
679 #define	COF_THDR	0x0400000
680 #define	COF_LHDR	0x0800000
681 #define	COF_CHDR	0x1000000
682 #define	COF_PARAM	0x2000000
683 #define	COF_DECODE	0x4000000
684 
685 /* show real and normal, short and long, expired and unexpired. */
686 #define	COF_DEFAULT	(COF_REAL | COF_NORM | COF_LONG | COF_SHORT)
687 
688 #define	COF_LIST_FLAGS	\
689 	(CALLOUT_LIST_FLAG_HRESTIME | CALLOUT_LIST_FLAG_ABSOLUTE)
690 
691 /* private callout data for callback functions */
692 typedef struct callout_data {
693 	uint_t flags;		/* COF_* */
694 	cpu_t *cpu;		/* cpu pointer if given */
695 	int seqid;		/* cpu seqid, or -1 */
696 	hrtime_t time;		/* expiration time value */
697 	hrtime_t atime;		/* expiration before value */
698 	hrtime_t btime;		/* expiration after value */
699 	uintptr_t funcaddr;	/* function address or NULL */
700 	uintptr_t param;	/* parameter to function or NULL */
701 	hrtime_t now;		/* current system time */
702 	int nsec_per_tick;	/* for conversions */
703 	ulong_t ctbits;		/* for decoding xid */
704 	callout_table_t *co_table;	/* top of callout table array */
705 	int ndx;		/* table index. */
706 	int bucket;		/* which list/id bucket are we in */
707 	hrtime_t exp;		/* expire time */
708 	int list_flags;		/* copy of cl_flags */
709 } callout_data_t;
710 
711 /* this callback does the actual callback itself (finally). */
712 /*ARGSUSED*/
713 static int
714 callouts_cb(uintptr_t addr, const void *data, void *priv)
715 {
716 	callout_data_t *coargs = (callout_data_t *)priv;
717 	callout_t *co = (callout_t *)data;
718 	int tableid, list_flags;
719 	callout_id_t coid;
720 
721 	if ((coargs == NULL) || (co == NULL)) {
722 		return (WALK_ERR);
723 	}
724 
725 	if ((coargs->flags & COF_FREE) && !(co->c_xid & CALLOUT_FREE)) {
726 		/*
727 		 * The callout must have been reallocated. No point in
728 		 * walking any more.
729 		 */
730 		return (WALK_DONE);
731 	}
732 	if (!(coargs->flags & COF_FREE) && (co->c_xid & CALLOUT_FREE)) {
733 		/*
734 		 * The callout must have been freed. No point in
735 		 * walking any more.
736 		 */
737 		return (WALK_DONE);
738 	}
739 	if ((coargs->flags & COF_FUNC) &&
740 	    (coargs->funcaddr != (uintptr_t)co->c_func)) {
741 		return (WALK_NEXT);
742 	}
743 	if ((coargs->flags & COF_PARAM) &&
744 	    (coargs->param != (uintptr_t)co->c_arg)) {
745 		return (WALK_NEXT);
746 	}
747 	if (!(coargs->flags & COF_LONG) && (co->c_xid & CALLOUT_LONGTERM)) {
748 		return (WALK_NEXT);
749 	}
750 	if (!(coargs->flags & COF_SHORT) && !(co->c_xid & CALLOUT_LONGTERM)) {
751 		return (WALK_NEXT);
752 	}
753 	if ((coargs->flags & COF_EXEC) && !(co->c_xid & CALLOUT_EXECUTING)) {
754 		return (WALK_NEXT);
755 	}
756 	/* it is possible we don't have the exp time or flags */
757 	if (coargs->flags & COF_BYIDH) {
758 		if (!(coargs->flags & COF_FREE)) {
759 			/* we have to fetch the expire time ourselves. */
760 			if (mdb_vread(&coargs->exp, sizeof (hrtime_t),
761 			    (uintptr_t)co->c_list + offsetof(callout_list_t,
762 			    cl_expiration)) == -1) {
763 				mdb_warn("failed to read expiration "
764 				    "time from %p", co->c_list);
765 				coargs->exp = 0;
766 			}
767 			/* and flags. */
768 			if (mdb_vread(&coargs->list_flags, sizeof (int),
769 			    (uintptr_t)co->c_list + offsetof(callout_list_t,
770 			    cl_flags)) == -1) {
771 				mdb_warn("failed to read list flags"
772 				    "from %p", co->c_list);
773 				coargs->list_flags = 0;
774 			}
775 		} else {
776 			/* free callouts can't use list pointer. */
777 			coargs->exp = 0;
778 			coargs->list_flags = 0;
779 		}
780 		if (coargs->exp != 0) {
781 			if ((coargs->flags & COF_TIME) &&
782 			    (coargs->exp != coargs->time)) {
783 				return (WALK_NEXT);
784 			}
785 			if ((coargs->flags & COF_BEFORE) &&
786 			    (coargs->exp > coargs->btime)) {
787 				return (WALK_NEXT);
788 			}
789 			if ((coargs->flags & COF_AFTER) &&
790 			    (coargs->exp < coargs->atime)) {
791 				return (WALK_NEXT);
792 			}
793 		}
794 		/* tricky part, since both HIRES and ABS can be set */
795 		list_flags = coargs->list_flags;
796 		if ((coargs->flags & COF_HIRES) && (coargs->flags & COF_ABS)) {
797 			/* both flags are set, only skip "regular" ones */
798 			if (! (list_flags & COF_LIST_FLAGS)) {
799 				return (WALK_NEXT);
800 			}
801 		} else {
802 			/* individual flags, or no flags */
803 			if ((coargs->flags & COF_HIRES) &&
804 			    !(list_flags & CALLOUT_LIST_FLAG_HRESTIME)) {
805 				return (WALK_NEXT);
806 			}
807 			if ((coargs->flags & COF_ABS) &&
808 			    !(list_flags & CALLOUT_LIST_FLAG_ABSOLUTE)) {
809 				return (WALK_NEXT);
810 			}
811 		}
812 	}
813 
814 #define	callout_table_mask	((1 << coargs->ctbits) - 1)
815 	tableid = CALLOUT_ID_TO_TABLE(co->c_xid);
816 #undef	callout_table_mask
817 	coid = CO_PLAIN_ID(co->c_xid);
818 
819 	if ((coargs->flags & COF_CHDR) && !(coargs->flags & COF_ADDR)) {
820 		/*
821 		 * We need to print the headers. If walking by id, then
822 		 * the list header isn't printed, so we must include
823 		 * that info here.
824 		 */
825 		if (!(coargs->flags & COF_VERBOSE)) {
826 			mdb_printf("%<u>%3s %-1s %-14s %</u>",
827 			    "SEQ", "T", "EXP");
828 		} else if (coargs->flags & COF_BYIDH) {
829 			mdb_printf("%<u>%-14s %</u>", "EXP");
830 		}
831 		mdb_printf("%<u>%-4s %-?s %-20s%</u>",
832 		    "XHAL", "XID", "FUNC(ARG)");
833 		if (coargs->flags & COF_LONGLIST) {
834 			mdb_printf("%<u> %-?s %-?s %-?s %-?s%</u>",
835 			    "PREVID", "NEXTID", "PREVL", "NEXTL");
836 			mdb_printf("%<u> %-?s %-4s %-?s%</u>",
837 			    "DONE", "UTOS", "THREAD");
838 		}
839 		mdb_printf("\n");
840 		coargs->flags &= ~COF_CHDR;
841 		coargs->flags |= (COF_THDR | COF_LHDR);
842 	}
843 
844 	if (!(coargs->flags & COF_ADDR)) {
845 		if (!(coargs->flags & COF_VERBOSE)) {
846 			mdb_printf("%-3d %1s %-14llx ",
847 			    TABLE_TO_SEQID(tableid),
848 			    co_typenames[tableid & CALLOUT_TYPE_MASK],
849 			    (coargs->flags & COF_EXPREL) ?
850 			    coargs->exp - coargs->now : coargs->exp);
851 		} else if (coargs->flags & COF_BYIDH) {
852 			mdb_printf("%-14x ",
853 			    (coargs->flags & COF_EXPREL) ?
854 			    coargs->exp - coargs->now : coargs->exp);
855 		}
856 		list_flags = coargs->list_flags;
857 		mdb_printf("%1s%1s%1s%1s %-?llx %a(%p)",
858 		    (co->c_xid & CALLOUT_EXECUTING) ? "X" : " ",
859 		    (list_flags & CALLOUT_LIST_FLAG_HRESTIME) ? "H" : " ",
860 		    (list_flags & CALLOUT_LIST_FLAG_ABSOLUTE) ? "A" : " ",
861 		    (co->c_xid & CALLOUT_LONGTERM) ? "L" : " ",
862 		    (long long)coid, co->c_func, co->c_arg);
863 		if (coargs->flags & COF_LONGLIST) {
864 			mdb_printf(" %-?p %-?p %-?p %-?p",
865 			    co->c_idprev, co->c_idnext, co->c_clprev,
866 			    co->c_clnext);
867 			mdb_printf(" %-?p %-4d %-0?p",
868 			    co->c_done, co->c_waiting, co->c_executor);
869 		}
870 	} else {
871 		/* address only */
872 		mdb_printf("%-0p", addr);
873 	}
874 	mdb_printf("\n");
875 	return (WALK_NEXT);
876 }
877 
878 /* this callback is for callout list handling. idhash is done by callout_t_cb */
879 /*ARGSUSED*/
880 static int
881 callout_list_cb(uintptr_t addr, const void *data, void *priv)
882 {
883 	callout_data_t *coargs = (callout_data_t *)priv;
884 	callout_list_t *cl = (callout_list_t *)data;
885 	callout_t *coptr;
886 	int list_flags;
887 
888 	if ((coargs == NULL) || (cl == NULL)) {
889 		return (WALK_ERR);
890 	}
891 
892 	coargs->exp = cl->cl_expiration;
893 	coargs->list_flags = cl->cl_flags;
894 	if ((coargs->flags & COF_FREE) &&
895 	    !(cl->cl_flags & CALLOUT_LIST_FLAG_FREE)) {
896 		/*
897 		 * The callout list must have been reallocated. No point in
898 		 * walking any more.
899 		 */
900 		return (WALK_DONE);
901 	}
902 	if (!(coargs->flags & COF_FREE) &&
903 	    (cl->cl_flags & CALLOUT_LIST_FLAG_FREE)) {
904 		/*
905 		 * The callout list must have been freed. No point in
906 		 * walking any more.
907 		 */
908 		return (WALK_DONE);
909 	}
910 	if ((coargs->flags & COF_TIME) &&
911 	    (cl->cl_expiration != coargs->time)) {
912 		return (WALK_NEXT);
913 	}
914 	if ((coargs->flags & COF_BEFORE) &&
915 	    (cl->cl_expiration > coargs->btime)) {
916 		return (WALK_NEXT);
917 	}
918 	if ((coargs->flags & COF_AFTER) &&
919 	    (cl->cl_expiration < coargs->atime)) {
920 		return (WALK_NEXT);
921 	}
922 	if (!(coargs->flags & COF_EMPTY) &&
923 	    (cl->cl_callouts.ch_head == NULL)) {
924 		return (WALK_NEXT);
925 	}
926 	/* FOUR cases, each different, !A!B, !AB, A!B, AB */
927 	if ((coargs->flags & COF_HIRES) && (coargs->flags & COF_ABS)) {
928 		/* both flags are set, only skip "regular" ones */
929 		if (! (cl->cl_flags & COF_LIST_FLAGS)) {
930 			return (WALK_NEXT);
931 		}
932 	} else {
933 		if ((coargs->flags & COF_HIRES) &&
934 		    !(cl->cl_flags & CALLOUT_LIST_FLAG_HRESTIME)) {
935 			return (WALK_NEXT);
936 		}
937 		if ((coargs->flags & COF_ABS) &&
938 		    !(cl->cl_flags & CALLOUT_LIST_FLAG_ABSOLUTE)) {
939 			return (WALK_NEXT);
940 		}
941 	}
942 
943 	if ((coargs->flags & COF_LHDR) && !(coargs->flags & COF_ADDR) &&
944 	    (coargs->flags & (COF_LIST | COF_VERBOSE))) {
945 		if (!(coargs->flags & COF_VERBOSE)) {
946 			/* don't be redundant again */
947 			mdb_printf("%<u>SEQ T %</u>");
948 		}
949 		mdb_printf("%<u>EXP            HA BUCKET "
950 		    "CALLOUTS         %</u>");
951 
952 		if (coargs->flags & COF_LONGLIST) {
953 			mdb_printf("%<u> %-?s %-?s%</u>",
954 			    "PREV", "NEXT");
955 		}
956 		mdb_printf("\n");
957 		coargs->flags &= ~COF_LHDR;
958 		coargs->flags |= (COF_THDR | COF_CHDR);
959 	}
960 	if (coargs->flags & (COF_LIST | COF_VERBOSE)) {
961 		if (!(coargs->flags & COF_ADDR)) {
962 			if (!(coargs->flags & COF_VERBOSE)) {
963 				mdb_printf("%3d %1s ",
964 				    TABLE_TO_SEQID(coargs->ndx),
965 				    co_typenames[coargs->ndx &
966 				    CALLOUT_TYPE_MASK]);
967 			}
968 
969 			list_flags = coargs->list_flags;
970 			mdb_printf("%-14llx %1s%1s %-6d %-0?p ",
971 			    (coargs->flags & COF_EXPREL) ?
972 			    coargs->exp - coargs->now : coargs->exp,
973 			    (list_flags & CALLOUT_LIST_FLAG_HRESTIME) ?
974 			    "H" : " ",
975 			    (list_flags & CALLOUT_LIST_FLAG_ABSOLUTE) ?
976 			    "A" : " ",
977 			    coargs->bucket, cl->cl_callouts.ch_head);
978 
979 			if (coargs->flags & COF_LONGLIST) {
980 				mdb_printf(" %-?p %-?p",
981 				    cl->cl_prev, cl->cl_next);
982 			}
983 		} else {
984 			/* address only */
985 			mdb_printf("%-0p", addr);
986 		}
987 		mdb_printf("\n");
988 		if (coargs->flags & COF_LIST) {
989 			return (WALK_NEXT);
990 		}
991 	}
992 	/* yet another layer as we walk the actual callouts via list. */
993 	if (cl->cl_callouts.ch_head == NULL) {
994 		return (WALK_NEXT);
995 	}
996 	/* free list structures do not have valid callouts off of them. */
997 	if (coargs->flags & COF_FREE) {
998 		return (WALK_NEXT);
999 	}
1000 	coptr = (callout_t *)cl->cl_callouts.ch_head;
1001 
1002 	if (coargs->flags & COF_VERBOSE) {
1003 		mdb_inc_indent(4);
1004 	}
1005 	/*
1006 	 * walk callouts using yet another callback routine.
1007 	 * we use callouts_bytime because id hash is handled via
1008 	 * the callout_t_cb callback.
1009 	 */
1010 	if (mdb_pwalk("callouts_bytime", callouts_cb, coargs,
1011 	    (uintptr_t)coptr) == -1) {
1012 		mdb_warn("cannot walk callouts at %p", coptr);
1013 		return (WALK_ERR);
1014 	}
1015 	if (coargs->flags & COF_VERBOSE) {
1016 		mdb_dec_indent(4);
1017 	}
1018 
1019 	return (WALK_NEXT);
1020 }
1021 
1022 /* this callback handles the details of callout table walking. */
1023 static int
1024 callout_t_cb(uintptr_t addr, const void *data, void *priv)
1025 {
1026 	callout_data_t *coargs = (callout_data_t *)priv;
1027 	cot_data_t *cotwd = (cot_data_t *)data;
1028 	callout_table_t *ct = &(cotwd->ct);
1029 	int index, seqid, cotype;
1030 	int i;
1031 	callout_list_t *clptr;
1032 	callout_t *coptr;
1033 
1034 	if ((coargs == NULL) || (ct == NULL) || (coargs->co_table == NULL)) {
1035 		return (WALK_ERR);
1036 	}
1037 
1038 	index =  ((char *)addr - (char *)coargs->co_table) /
1039 	    sizeof (callout_table_t);
1040 	cotype = index & CALLOUT_TYPE_MASK;
1041 	seqid = TABLE_TO_SEQID(index);
1042 
1043 	if ((coargs->flags & COF_SEQID) && (coargs->seqid != seqid)) {
1044 		return (WALK_NEXT);
1045 	}
1046 
1047 	if (!(coargs->flags & COF_REAL) && (cotype == CALLOUT_REALTIME)) {
1048 		return (WALK_NEXT);
1049 	}
1050 
1051 	if (!(coargs->flags & COF_NORM) && (cotype == CALLOUT_NORMAL)) {
1052 		return (WALK_NEXT);
1053 	}
1054 
1055 	if (!(coargs->flags & COF_EMPTY) && (
1056 	    (ct->ct_heap == NULL) || (ct->ct_cyclic == NULL))) {
1057 		return (WALK_NEXT);
1058 	}
1059 
1060 	if ((coargs->flags & COF_THDR) && !(coargs->flags & COF_ADDR) &&
1061 	    (coargs->flags & (COF_TABLE | COF_VERBOSE))) {
1062 		/* print table hdr */
1063 		mdb_printf("%<u>%-3s %-1s %-?s %-?s %-?s %-?s%</u>",
1064 		    "SEQ", "T", "FREE", "LFREE", "CYCLIC", "HEAP");
1065 		coargs->flags &= ~COF_THDR;
1066 		coargs->flags |= (COF_LHDR | COF_CHDR);
1067 		if (coargs->flags & COF_LONGLIST) {
1068 			/* more info! */
1069 			mdb_printf("%<u> %-T%-7s %-7s %-?s %-?s"
1070 			    " %-?s %-?s %-?s%</u>",
1071 			    "HEAPNUM", "HEAPMAX", "TASKQ", "EXPQ",
1072 			    "PEND", "FREE", "LOCK");
1073 		}
1074 		mdb_printf("\n");
1075 	}
1076 	if (coargs->flags & (COF_TABLE | COF_VERBOSE)) {
1077 		if (!(coargs->flags & COF_ADDR)) {
1078 			mdb_printf("%-3d %-1s %-0?p %-0?p %-0?p %-?p",
1079 			    seqid, co_typenames[cotype],
1080 			    ct->ct_free, ct->ct_lfree, ct->ct_cyclic,
1081 			    ct->ct_heap);
1082 			if (coargs->flags & COF_LONGLIST)  {
1083 				/* more info! */
1084 				mdb_printf(" %-7d %-7d %-?p %-?p"
1085 				    " %-?lld %-?lld %-?p",
1086 				    ct->ct_heap_num,  ct->ct_heap_max,
1087 				    ct->ct_taskq, ct->ct_expired.ch_head,
1088 				    cotwd->ct_timeouts_pending,
1089 				    cotwd->ct_allocations -
1090 				    cotwd->ct_timeouts_pending,
1091 				    ct->ct_mutex);
1092 			}
1093 		} else {
1094 			/* address only */
1095 			mdb_printf("%-0?p", addr);
1096 		}
1097 		mdb_printf("\n");
1098 		if (coargs->flags & COF_TABLE) {
1099 			return (WALK_NEXT);
1100 		}
1101 	}
1102 
1103 	coargs->ndx = index;
1104 	if (coargs->flags & COF_VERBOSE) {
1105 		mdb_inc_indent(4);
1106 	}
1107 	/* keep digging. */
1108 	if (!(coargs->flags & COF_BYIDH)) {
1109 		/* walk the list hash table */
1110 		if (coargs->flags & COF_FREE) {
1111 			clptr = ct->ct_lfree;
1112 			coargs->bucket = 0;
1113 			if (clptr == NULL) {
1114 				return (WALK_NEXT);
1115 			}
1116 			if (mdb_pwalk("callout_list", callout_list_cb, coargs,
1117 			    (uintptr_t)clptr) == -1) {
1118 				mdb_warn("cannot walk callout free list at %p",
1119 				    clptr);
1120 				return (WALK_ERR);
1121 			}
1122 		} else {
1123 			/* first print the expired list. */
1124 			clptr = (callout_list_t *)ct->ct_expired.ch_head;
1125 			if (clptr != NULL) {
1126 				coargs->bucket = -1;
1127 				if (mdb_pwalk("callout_list", callout_list_cb,
1128 				    coargs, (uintptr_t)clptr) == -1) {
1129 					mdb_warn("cannot walk callout_list"
1130 					    " at %p", clptr);
1131 					return (WALK_ERR);
1132 				}
1133 			}
1134 			for (i = 0; i < CALLOUT_BUCKETS; i++) {
1135 				if (ct->ct_clhash == NULL) {
1136 					/* nothing to do */
1137 					break;
1138 				}
1139 				if (cotwd->cot_clhash[i].ch_head == NULL) {
1140 					continue;
1141 				}
1142 				clptr = (callout_list_t *)
1143 				    cotwd->cot_clhash[i].ch_head;
1144 				coargs->bucket = i;
1145 				/* walk list with callback routine. */
1146 				if (mdb_pwalk("callout_list", callout_list_cb,
1147 				    coargs, (uintptr_t)clptr) == -1) {
1148 					mdb_warn("cannot walk callout_list"
1149 					    " at %p", clptr);
1150 					return (WALK_ERR);
1151 				}
1152 			}
1153 		}
1154 	} else {
1155 		/* walk the id hash table. */
1156 		if (coargs->flags & COF_FREE) {
1157 			coptr = ct->ct_free;
1158 			coargs->bucket = 0;
1159 			if (coptr == NULL) {
1160 				return (WALK_NEXT);
1161 			}
1162 			if (mdb_pwalk("callouts_byid", callouts_cb, coargs,
1163 			    (uintptr_t)coptr) == -1) {
1164 				mdb_warn("cannot walk callout id free list"
1165 				    " at %p", coptr);
1166 				return (WALK_ERR);
1167 			}
1168 		} else {
1169 			for (i = 0; i < CALLOUT_BUCKETS; i++) {
1170 				if (ct->ct_idhash == NULL) {
1171 					break;
1172 				}
1173 				coptr = (callout_t *)
1174 				    cotwd->cot_idhash[i].ch_head;
1175 				if (coptr == NULL) {
1176 					continue;
1177 				}
1178 				coargs->bucket = i;
1179 
1180 				/*
1181 				 * walk callouts directly by id. For id
1182 				 * chain, the callout list is just a header,
1183 				 * so there's no need to walk it.
1184 				 */
1185 				if (mdb_pwalk("callouts_byid", callouts_cb,
1186 				    coargs, (uintptr_t)coptr) == -1) {
1187 					mdb_warn("cannot walk callouts at %p",
1188 					    coptr);
1189 					return (WALK_ERR);
1190 				}
1191 			}
1192 		}
1193 	}
1194 	if (coargs->flags & COF_VERBOSE) {
1195 		mdb_dec_indent(4);
1196 	}
1197 	return (WALK_NEXT);
1198 }
1199 
1200 /*
1201  * initialize some common info for both callout dcmds.
1202  */
1203 int
1204 callout_common_init(callout_data_t *coargs)
1205 {
1206 	/* we need a couple of things */
1207 	if (mdb_readvar(&(coargs->co_table), "callout_table") == -1) {
1208 		mdb_warn("failed to read 'callout_table'");
1209 		return (DCMD_ERR);
1210 	}
1211 	/* need to get now in nsecs. Approximate with hrtime vars */
1212 	if (mdb_readsym(&(coargs->now), sizeof (hrtime_t), "hrtime_last") !=
1213 	    sizeof (hrtime_t)) {
1214 		if (mdb_readsym(&(coargs->now), sizeof (hrtime_t),
1215 		    "hrtime_base") != sizeof (hrtime_t)) {
1216 			mdb_warn("Could not determine current system time");
1217 			return (DCMD_ERR);
1218 		}
1219 	}
1220 
1221 	if (mdb_readvar(&(coargs->ctbits), "callout_table_bits") == -1) {
1222 		mdb_warn("failed to read 'callout_table_bits'");
1223 		return (DCMD_ERR);
1224 	}
1225 	if (mdb_readvar(&(coargs->nsec_per_tick), "nsec_per_tick") == -1) {
1226 		mdb_warn("failed to read 'nsec_per_tick'");
1227 		return (DCMD_ERR);
1228 	}
1229 	return (DCMD_OK);
1230 }
1231 
1232 /*
1233  * dcmd to print callouts.  Optional addr limits to specific table.
1234  * Parses lots of options that get passed to callbacks for walkers.
1235  * Has it's own help function.
1236  */
1237 /*ARGSUSED*/
1238 int
1239 callout(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1240 {
1241 	callout_data_t coargs;
1242 	/* getopts doesn't help much with stuff like this */
1243 	boolean_t Sflag, Cflag, tflag, aflag, bflag, dflag, kflag;
1244 	char *funcname = NULL;
1245 	char *paramstr = NULL;
1246 	uintptr_t Stmp, Ctmp;	/* for getopt. */
1247 	int retval;
1248 
1249 	coargs.flags = COF_DEFAULT;
1250 	Sflag = Cflag = tflag = bflag = aflag = dflag = kflag = FALSE;
1251 	coargs.seqid = -1;
1252 
1253 	if (mdb_getopts(argc, argv,
1254 	    'r', MDB_OPT_CLRBITS, COF_NORM, &coargs.flags,
1255 	    'n', MDB_OPT_CLRBITS, COF_REAL, &coargs.flags,
1256 	    'l', MDB_OPT_CLRBITS, COF_SHORT, &coargs.flags,
1257 	    's', MDB_OPT_CLRBITS, COF_LONG, &coargs.flags,
1258 	    'x', MDB_OPT_SETBITS, COF_EXEC, &coargs.flags,
1259 	    'h', MDB_OPT_SETBITS, COF_HIRES, &coargs.flags,
1260 	    'B', MDB_OPT_SETBITS, COF_ABS, &coargs.flags,
1261 	    'E', MDB_OPT_SETBITS, COF_EMPTY, &coargs.flags,
1262 	    'd', MDB_OPT_SETBITS, 1, &dflag,
1263 	    'C', MDB_OPT_UINTPTR_SET, &Cflag, &Ctmp,
1264 	    'S', MDB_OPT_UINTPTR_SET, &Sflag, &Stmp,
1265 	    't', MDB_OPT_UINTPTR_SET, &tflag, (uintptr_t *)&coargs.time,
1266 	    'a', MDB_OPT_UINTPTR_SET, &aflag, (uintptr_t *)&coargs.atime,
1267 	    'b', MDB_OPT_UINTPTR_SET, &bflag, (uintptr_t *)&coargs.btime,
1268 	    'k', MDB_OPT_SETBITS, 1, &kflag,
1269 	    'f', MDB_OPT_STR, &funcname,
1270 	    'p', MDB_OPT_STR, &paramstr,
1271 	    'T', MDB_OPT_SETBITS, COF_TABLE, &coargs.flags,
1272 	    'D', MDB_OPT_SETBITS, COF_EXPREL, &coargs.flags,
1273 	    'L', MDB_OPT_SETBITS, COF_LIST, &coargs.flags,
1274 	    'V', MDB_OPT_SETBITS, COF_VERBOSE, &coargs.flags,
1275 	    'v', MDB_OPT_SETBITS, COF_LONGLIST, &coargs.flags,
1276 	    'i', MDB_OPT_SETBITS, COF_BYIDH, &coargs.flags,
1277 	    'F', MDB_OPT_SETBITS, COF_FREE, &coargs.flags,
1278 	    'A', MDB_OPT_SETBITS, COF_ADDR, &coargs.flags,
1279 	    NULL) != argc) {
1280 		return (DCMD_USAGE);
1281 	}
1282 
1283 	/* initialize from kernel variables */
1284 	if ((retval = callout_common_init(&coargs)) != DCMD_OK) {
1285 		return (retval);
1286 	}
1287 
1288 	/* do some option post-processing */
1289 	if (kflag) {
1290 		coargs.time *= coargs.nsec_per_tick;
1291 		coargs.atime *= coargs.nsec_per_tick;
1292 		coargs.btime *= coargs.nsec_per_tick;
1293 	}
1294 
1295 	if (dflag) {
1296 		coargs.time += coargs.now;
1297 		coargs.atime += coargs.now;
1298 		coargs.btime += coargs.now;
1299 	}
1300 	if (Sflag) {
1301 		if (flags & DCMD_ADDRSPEC) {
1302 			mdb_printf("-S option conflicts with explicit"
1303 			    " address\n");
1304 			return (DCMD_USAGE);
1305 		}
1306 		coargs.flags |= COF_SEQID;
1307 		coargs.seqid = (int)Stmp;
1308 	}
1309 	if (Cflag) {
1310 		if (flags & DCMD_ADDRSPEC) {
1311 			mdb_printf("-C option conflicts with explicit"
1312 			    " address\n");
1313 			return (DCMD_USAGE);
1314 		}
1315 		if (coargs.flags & COF_SEQID) {
1316 			mdb_printf("-C and -S are mutually exclusive\n");
1317 			return (DCMD_USAGE);
1318 		}
1319 		coargs.cpu = (cpu_t *)Ctmp;
1320 		if (mdb_vread(&coargs.seqid, sizeof (processorid_t),
1321 		    (uintptr_t)&(coargs.cpu->cpu_seqid)) == -1) {
1322 			mdb_warn("failed to read cpu_t at %p", Ctmp);
1323 			return (DCMD_ERR);
1324 		}
1325 		coargs.flags |= COF_SEQID;
1326 	}
1327 	/* avoid null outputs. */
1328 	if (!(coargs.flags & (COF_REAL | COF_NORM))) {
1329 		coargs.flags |= COF_REAL | COF_NORM;
1330 	}
1331 	if (!(coargs.flags & (COF_LONG | COF_SHORT))) {
1332 		coargs.flags |= COF_LONG | COF_SHORT;
1333 	}
1334 	if (tflag) {
1335 		if (aflag || bflag) {
1336 			mdb_printf("-t and -a|b are mutually exclusive\n");
1337 			return (DCMD_USAGE);
1338 		}
1339 		coargs.flags |= COF_TIME;
1340 	}
1341 	if (aflag) {
1342 		coargs.flags |= COF_AFTER;
1343 	}
1344 	if (bflag) {
1345 		coargs.flags |= COF_BEFORE;
1346 	}
1347 	if ((aflag && bflag) && (coargs.btime <= coargs.atime)) {
1348 		mdb_printf("value for -a must be earlier than the value"
1349 		    " for -b.\n");
1350 		return (DCMD_USAGE);
1351 	}
1352 
1353 	if (funcname != NULL) {
1354 		GElf_Sym sym;
1355 
1356 		if (mdb_lookup_by_name(funcname, &sym) != 0) {
1357 			coargs.funcaddr = mdb_strtoull(funcname);
1358 		} else {
1359 			coargs.funcaddr = sym.st_value;
1360 		}
1361 		coargs.flags |= COF_FUNC;
1362 	}
1363 
1364 	if (paramstr != NULL) {
1365 		GElf_Sym sym;
1366 
1367 		if (mdb_lookup_by_name(paramstr, &sym) != 0) {
1368 			coargs.param = mdb_strtoull(paramstr);
1369 		} else {
1370 			coargs.param = sym.st_value;
1371 		}
1372 		coargs.flags |= COF_PARAM;
1373 	}
1374 
1375 	if (!(flags & DCMD_ADDRSPEC)) {
1376 		/* don't pass "dot" if no addr. */
1377 		addr = NULL;
1378 	}
1379 	if (addr != NULL) {
1380 		/*
1381 		 * a callout table was specified. Ignore -r|n option
1382 		 * to avoid null output.
1383 		 */
1384 		coargs.flags |= (COF_REAL | COF_NORM);
1385 	}
1386 
1387 	if (DCMD_HDRSPEC(flags) || (coargs.flags & COF_VERBOSE)) {
1388 		coargs.flags |= COF_THDR | COF_LHDR | COF_CHDR;
1389 	}
1390 	if (coargs.flags & COF_FREE) {
1391 		coargs.flags |= COF_EMPTY;
1392 		/* -F = free callouts, -FL = free lists */
1393 		if (!(coargs.flags & COF_LIST)) {
1394 			coargs.flags |= COF_BYIDH;
1395 		}
1396 	}
1397 
1398 	/* walk table, using specialized callback routine. */
1399 	if (mdb_pwalk("callout_table", callout_t_cb, &coargs, addr) == -1) {
1400 		mdb_warn("cannot walk callout_table");
1401 		return (DCMD_ERR);
1402 	}
1403 	return (DCMD_OK);
1404 }
1405 
1406 
1407 /*
1408  * Given an extended callout id, dump its information.
1409  */
1410 /*ARGSUSED*/
1411 int
1412 calloutid(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1413 {
1414 	callout_data_t coargs;
1415 	callout_table_t *ctptr;
1416 	callout_table_t ct;
1417 	callout_id_t coid;
1418 	callout_t *coptr;
1419 	int tableid;
1420 	callout_id_t xid;
1421 	ulong_t idhash;
1422 	int i, retval;
1423 	const mdb_arg_t *arg;
1424 	size_t size;
1425 	callout_hash_t cot_idhash[CALLOUT_BUCKETS];
1426 
1427 	coargs.flags = COF_DEFAULT | COF_BYIDH;
1428 	i = mdb_getopts(argc, argv,
1429 	    'd', MDB_OPT_SETBITS, COF_DECODE, &coargs.flags,
1430 	    'v', MDB_OPT_SETBITS, COF_LONGLIST, &coargs.flags,
1431 	    NULL);
1432 	argc -= i;
1433 	argv += i;
1434 
1435 	if (argc != 1) {
1436 		return (DCMD_USAGE);
1437 	}
1438 	arg = &argv[0];
1439 
1440 	if (arg->a_type == MDB_TYPE_IMMEDIATE) {
1441 		xid = arg->a_un.a_val;
1442 	} else {
1443 		xid = (callout_id_t)mdb_strtoull(arg->a_un.a_str);
1444 	}
1445 
1446 	if (DCMD_HDRSPEC(flags)) {
1447 		coargs.flags |= COF_CHDR;
1448 	}
1449 
1450 
1451 	/* initialize from kernel variables */
1452 	if ((retval = callout_common_init(&coargs)) != DCMD_OK) {
1453 		return (retval);
1454 	}
1455 
1456 	/* we must massage the environment so that the macros will play nice */
1457 #define	callout_table_mask	((1 << coargs.ctbits) - 1)
1458 #define	callout_table_bits	coargs.ctbits
1459 #define	nsec_per_tick		coargs.nsec_per_tick
1460 	tableid = CALLOUT_ID_TO_TABLE(xid);
1461 	idhash = CALLOUT_IDHASH(xid);
1462 #undef	callouts_table_bits
1463 #undef	callout_table_mask
1464 #undef	nsec_per_tick
1465 	coid = CO_PLAIN_ID(xid);
1466 
1467 	if (flags & DCMD_ADDRSPEC) {
1468 		mdb_printf("calloutid does not accept explicit address.\n");
1469 		return (DCMD_USAGE);
1470 	}
1471 
1472 	if (coargs.flags & COF_DECODE) {
1473 		if (DCMD_HDRSPEC(flags)) {
1474 			mdb_printf("%<u>%3s %1s %2s %-?s %-6s %</u>\n",
1475 			    "SEQ", "T", "XL", "XID", "IDHASH");
1476 		}
1477 		mdb_printf("%-3d %1s %1s%1s %-?llx %-6d\n",
1478 		    TABLE_TO_SEQID(tableid),
1479 		    co_typenames[tableid & CALLOUT_TYPE_MASK],
1480 		    (xid & CALLOUT_EXECUTING) ? "X" : " ",
1481 		    (xid & CALLOUT_LONGTERM) ? "L" : " ",
1482 		    (long long)coid, idhash);
1483 		return (DCMD_OK);
1484 	}
1485 
1486 	/* get our table. Note this relies on the types being correct */
1487 	ctptr = coargs.co_table + tableid;
1488 	if (mdb_vread(&ct, sizeof (callout_table_t), (uintptr_t)ctptr) == -1) {
1489 		mdb_warn("failed to read callout_table at %p", ctptr);
1490 		return (DCMD_ERR);
1491 	}
1492 	size = sizeof (callout_hash_t) * CALLOUT_BUCKETS;
1493 	if (ct.ct_idhash != NULL) {
1494 		if (mdb_vread(&(cot_idhash), size,
1495 		    (uintptr_t)ct.ct_idhash) == -1) {
1496 			mdb_warn("failed to read id_hash at %p",
1497 			    ct.ct_idhash);
1498 			return (WALK_ERR);
1499 		}
1500 	}
1501 
1502 	/* callout at beginning of hash chain */
1503 	if (ct.ct_idhash == NULL) {
1504 		mdb_printf("id hash chain for this xid is empty\n");
1505 		return (DCMD_ERR);
1506 	}
1507 	coptr = (callout_t *)cot_idhash[idhash].ch_head;
1508 	if (coptr == NULL) {
1509 		mdb_printf("id hash chain for this xid is empty\n");
1510 		return (DCMD_ERR);
1511 	}
1512 
1513 	coargs.ndx = tableid;
1514 	coargs.bucket = idhash;
1515 
1516 	/* use the walker, luke */
1517 	if (mdb_pwalk("callouts_byid", callouts_cb, &coargs,
1518 	    (uintptr_t)coptr) == -1) {
1519 		mdb_warn("cannot walk callouts at %p", coptr);
1520 		return (WALK_ERR);
1521 	}
1522 
1523 	return (DCMD_OK);
1524 }
1525 
1526 void
1527 callout_help(void)
1528 {
1529 	mdb_printf("callout: display callouts.\n"
1530 	    "Given a callout table address, display callouts from table.\n"
1531 	    "Without an address, display callouts from all tables.\n"
1532 	    "options:\n"
1533 	    " -r|n : limit display to (r)ealtime or (n)ormal type callouts\n"
1534 	    " -s|l : limit display to (s)hort-term ids or (l)ong-term ids\n"
1535 	    " -x : limit display to callouts which are executing\n"
1536 	    " -h : limit display to callouts based on hrestime\n"
1537 	    " -B : limit display to callouts based on absolute time\n"
1538 	    " -t|a|b nsec: limit display to callouts that expire a(t) time,"
1539 	    " (a)fter time,\n     or (b)efore time. Use -a and -b together "
1540 	    " to specify a range.\n     For \"now\", use -d[t|a|b] 0.\n"
1541 	    " -d : interpret time option to -t|a|b as delta from current time\n"
1542 	    " -k : use ticks instead of nanoseconds as arguments to"
1543 	    " -t|a|b. Note that\n     ticks are less accurate and may not"
1544 	    " match other tick times (ie: lbolt).\n"
1545 	    " -D : display exiration time as delta from current time\n"
1546 	    " -S seqid : limit display to callouts for this cpu sequence id\n"
1547 	    " -C addr :  limit display to callouts for this cpu pointer\n"
1548 	    " -f name|addr : limit display to callouts with this function\n"
1549 	    " -p name|addr : limit display to callouts functions with this"
1550 	    " parameter\n"
1551 	    " -T : display the callout table itself, instead of callouts\n"
1552 	    " -L : display callout lists instead of callouts\n"
1553 	    " -E : with -T or L, display empty data structures.\n"
1554 	    " -i : traverse callouts by id hash instead of list hash\n"
1555 	    " -F : walk free callout list (free list with -i) instead\n"
1556 	    " -v : display more info for each item\n"
1557 	    " -V : show details of each level of info as it is traversed\n"
1558 	    " -A : show only addresses. Useful for pipelines.\n");
1559 }
1560 
1561 void
1562 calloutid_help(void)
1563 {
1564 	mdb_printf("calloutid: display callout by id.\n"
1565 	    "Given an extended callout id, display the callout infomation.\n"
1566 	    "options:\n"
1567 	    " -d : do not dereference callout, just decode the id.\n"
1568 	    " -v : verbose display more info about the callout\n");
1569 }
1570 
1571 /*ARGSUSED*/
1572 int
1573 class(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1574 {
1575 	long num_classes, i;
1576 	sclass_t *class_tbl;
1577 	GElf_Sym g_sclass;
1578 	char class_name[PC_CLNMSZ];
1579 	size_t tbl_size;
1580 
1581 	if (mdb_lookup_by_name("sclass", &g_sclass) == -1) {
1582 		mdb_warn("failed to find symbol sclass\n");
1583 		return (DCMD_ERR);
1584 	}
1585 
1586 	tbl_size = (size_t)g_sclass.st_size;
1587 	num_classes = tbl_size / (sizeof (sclass_t));
1588 	class_tbl = mdb_alloc(tbl_size, UM_SLEEP | UM_GC);
1589 
1590 	if (mdb_readsym(class_tbl, tbl_size, "sclass") == -1) {
1591 		mdb_warn("failed to read sclass");
1592 		return (DCMD_ERR);
1593 	}
1594 
1595 	mdb_printf("%<u>%4s %-10s %-24s %-24s%</u>\n", "SLOT", "NAME",
1596 	    "INIT FCN", "CLASS FCN");
1597 
1598 	for (i = 0; i < num_classes; i++) {
1599 		if (mdb_vread(class_name, sizeof (class_name),
1600 		    (uintptr_t)class_tbl[i].cl_name) == -1)
1601 			(void) strcpy(class_name, "???");
1602 
1603 		mdb_printf("%4ld %-10s %-24a %-24a\n", i, class_name,
1604 		    class_tbl[i].cl_init, class_tbl[i].cl_funcs);
1605 	}
1606 
1607 	return (DCMD_OK);
1608 }
1609 
1610 #define	FSNAMELEN	32	/* Max len of FS name we read from vnodeops */
1611 
1612 int
1613 vnode2path(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1614 {
1615 	uintptr_t rootdir;
1616 	vnode_t vn;
1617 	char buf[MAXPATHLEN];
1618 
1619 	uint_t opt_F = FALSE;
1620 
1621 	if (mdb_getopts(argc, argv,
1622 	    'F', MDB_OPT_SETBITS, TRUE, &opt_F, NULL) != argc)
1623 		return (DCMD_USAGE);
1624 
1625 	if (!(flags & DCMD_ADDRSPEC)) {
1626 		mdb_warn("expected explicit vnode_t address before ::\n");
1627 		return (DCMD_USAGE);
1628 	}
1629 
1630 	if (mdb_readvar(&rootdir, "rootdir") == -1) {
1631 		mdb_warn("failed to read rootdir");
1632 		return (DCMD_ERR);
1633 	}
1634 
1635 	if (mdb_vnode2path(addr, buf, sizeof (buf)) == -1)
1636 		return (DCMD_ERR);
1637 
1638 	if (*buf == '\0') {
1639 		mdb_printf("??\n");
1640 		return (DCMD_OK);
1641 	}
1642 
1643 	mdb_printf("%s", buf);
1644 	if (opt_F && buf[strlen(buf)-1] != '/' &&
1645 	    mdb_vread(&vn, sizeof (vn), addr) == sizeof (vn))
1646 		mdb_printf("%c", mdb_vtype2chr(vn.v_type, 0));
1647 	mdb_printf("\n");
1648 
1649 	return (DCMD_OK);
1650 }
1651 
1652 int
1653 ld_walk_init(mdb_walk_state_t *wsp)
1654 {
1655 	wsp->walk_data = (void *)wsp->walk_addr;
1656 	return (WALK_NEXT);
1657 }
1658 
1659 int
1660 ld_walk_step(mdb_walk_state_t *wsp)
1661 {
1662 	int status;
1663 	lock_descriptor_t ld;
1664 
1665 	if (mdb_vread(&ld, sizeof (lock_descriptor_t), wsp->walk_addr) == -1) {
1666 		mdb_warn("couldn't read lock_descriptor_t at %p\n",
1667 		    wsp->walk_addr);
1668 		return (WALK_ERR);
1669 	}
1670 
1671 	status = wsp->walk_callback(wsp->walk_addr, &ld, wsp->walk_cbdata);
1672 	if (status == WALK_ERR)
1673 		return (WALK_ERR);
1674 
1675 	wsp->walk_addr = (uintptr_t)ld.l_next;
1676 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data)
1677 		return (WALK_DONE);
1678 
1679 	return (status);
1680 }
1681 
1682 int
1683 lg_walk_init(mdb_walk_state_t *wsp)
1684 {
1685 	GElf_Sym sym;
1686 
1687 	if (mdb_lookup_by_name("lock_graph", &sym) == -1) {
1688 		mdb_warn("failed to find symbol 'lock_graph'\n");
1689 		return (WALK_ERR);
1690 	}
1691 
1692 	wsp->walk_addr = (uintptr_t)sym.st_value;
1693 	wsp->walk_data = (void *)(uintptr_t)(sym.st_value + sym.st_size);
1694 
1695 	return (WALK_NEXT);
1696 }
1697 
1698 typedef struct lg_walk_data {
1699 	uintptr_t startaddr;
1700 	mdb_walk_cb_t callback;
1701 	void *data;
1702 } lg_walk_data_t;
1703 
1704 /*
1705  * We can't use ::walk lock_descriptor directly, because the head of each graph
1706  * is really a dummy lock.  Rather than trying to dynamically determine if this
1707  * is a dummy node or not, we just filter out the initial element of the
1708  * list.
1709  */
1710 static int
1711 lg_walk_cb(uintptr_t addr, const void *data, void *priv)
1712 {
1713 	lg_walk_data_t *lw = priv;
1714 
1715 	if (addr != lw->startaddr)
1716 		return (lw->callback(addr, data, lw->data));
1717 
1718 	return (WALK_NEXT);
1719 }
1720 
1721 int
1722 lg_walk_step(mdb_walk_state_t *wsp)
1723 {
1724 	graph_t *graph;
1725 	lg_walk_data_t lw;
1726 
1727 	if (wsp->walk_addr >= (uintptr_t)wsp->walk_data)
1728 		return (WALK_DONE);
1729 
1730 	if (mdb_vread(&graph, sizeof (graph), wsp->walk_addr) == -1) {
1731 		mdb_warn("failed to read graph_t at %p", wsp->walk_addr);
1732 		return (WALK_ERR);
1733 	}
1734 
1735 	wsp->walk_addr += sizeof (graph);
1736 
1737 	if (graph == NULL)
1738 		return (WALK_NEXT);
1739 
1740 	lw.callback = wsp->walk_callback;
1741 	lw.data = wsp->walk_cbdata;
1742 
1743 	lw.startaddr = (uintptr_t)&(graph->active_locks);
1744 	if (mdb_pwalk("lock_descriptor", lg_walk_cb, &lw, lw.startaddr)) {
1745 		mdb_warn("couldn't walk lock_descriptor at %p\n", lw.startaddr);
1746 		return (WALK_ERR);
1747 	}
1748 
1749 	lw.startaddr = (uintptr_t)&(graph->sleeping_locks);
1750 	if (mdb_pwalk("lock_descriptor", lg_walk_cb, &lw, lw.startaddr)) {
1751 		mdb_warn("couldn't walk lock_descriptor at %p\n", lw.startaddr);
1752 		return (WALK_ERR);
1753 	}
1754 
1755 	return (WALK_NEXT);
1756 }
1757 
1758 /*
1759  * The space available for the path corresponding to the locked vnode depends
1760  * on whether we are printing 32- or 64-bit addresses.
1761  */
1762 #ifdef _LP64
1763 #define	LM_VNPATHLEN	20
1764 #else
1765 #define	LM_VNPATHLEN	30
1766 #endif
1767 
1768 /*ARGSUSED*/
1769 static int
1770 lminfo_cb(uintptr_t addr, const void *data, void *priv)
1771 {
1772 	const lock_descriptor_t *ld = data;
1773 	char buf[LM_VNPATHLEN];
1774 	proc_t p;
1775 
1776 	mdb_printf("%-?p %2s %04x %6d %-16s %-?p ",
1777 	    addr, ld->l_type == F_RDLCK ? "RD" :
1778 	    ld->l_type == F_WRLCK ? "WR" : "??",
1779 	    ld->l_state, ld->l_flock.l_pid,
1780 	    ld->l_flock.l_pid == 0 ? "<kernel>" :
1781 	    mdb_pid2proc(ld->l_flock.l_pid, &p) == NULL ?
1782 	    "<defunct>" : p.p_user.u_comm,
1783 	    ld->l_vnode);
1784 
1785 	mdb_vnode2path((uintptr_t)ld->l_vnode, buf,
1786 	    sizeof (buf));
1787 	mdb_printf("%s\n", buf);
1788 
1789 	return (WALK_NEXT);
1790 }
1791 
1792 /*ARGSUSED*/
1793 int
1794 lminfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1795 {
1796 	if (DCMD_HDRSPEC(flags))
1797 		mdb_printf("%<u>%-?s %2s %4s %6s %-16s %-?s %s%</u>\n",
1798 		    "ADDR", "TP", "FLAG", "PID", "COMM", "VNODE", "PATH");
1799 
1800 	return (mdb_pwalk("lock_graph", lminfo_cb, NULL, NULL));
1801 }
1802 
1803 /*ARGSUSED*/
1804 int
1805 seg(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1806 {
1807 	struct seg s;
1808 
1809 	if (argc != 0)
1810 		return (DCMD_USAGE);
1811 
1812 	if ((flags & DCMD_LOOPFIRST) || !(flags & DCMD_LOOP)) {
1813 		mdb_printf("%<u>%?s %?s %?s %?s %s%</u>\n",
1814 		    "SEG", "BASE", "SIZE", "DATA", "OPS");
1815 	}
1816 
1817 	if (mdb_vread(&s, sizeof (s), addr) == -1) {
1818 		mdb_warn("failed to read seg at %p", addr);
1819 		return (DCMD_ERR);
1820 	}
1821 
1822 	mdb_printf("%?p %?p %?lx %?p %a\n",
1823 	    addr, s.s_base, s.s_size, s.s_data, s.s_ops);
1824 
1825 	return (DCMD_OK);
1826 }
1827 
1828 /*ARGSUSED*/
1829 static int
1830 pmap_walk_anon(uintptr_t addr, const struct anon *anon, int *nres)
1831 {
1832 	uintptr_t pp =
1833 	    mdb_vnode2page((uintptr_t)anon->an_vp, (uintptr_t)anon->an_off);
1834 
1835 	if (pp != NULL)
1836 		(*nres)++;
1837 
1838 	return (WALK_NEXT);
1839 }
1840 
1841 static int
1842 pmap_walk_seg(uintptr_t addr, const struct seg *seg, uintptr_t segvn)
1843 {
1844 
1845 	mdb_printf("%0?p %0?p %7dk", addr, seg->s_base, seg->s_size / 1024);
1846 
1847 	if (segvn == (uintptr_t)seg->s_ops) {
1848 		struct segvn_data svn;
1849 		int nres = 0;
1850 
1851 		(void) mdb_vread(&svn, sizeof (svn), (uintptr_t)seg->s_data);
1852 
1853 		if (svn.amp == NULL) {
1854 			mdb_printf(" %8s", "");
1855 			goto drive_on;
1856 		}
1857 
1858 		/*
1859 		 * We've got an amp for this segment; walk through
1860 		 * the amp, and determine mappings.
1861 		 */
1862 		if (mdb_pwalk("anon", (mdb_walk_cb_t)pmap_walk_anon,
1863 		    &nres, (uintptr_t)svn.amp) == -1)
1864 			mdb_warn("failed to walk anon (amp=%p)", svn.amp);
1865 
1866 		mdb_printf(" %7dk", (nres * PAGESIZE) / 1024);
1867 drive_on:
1868 
1869 		if (svn.vp != NULL) {
1870 			char buf[29];
1871 
1872 			mdb_vnode2path((uintptr_t)svn.vp, buf, sizeof (buf));
1873 			mdb_printf(" %s", buf);
1874 		} else
1875 			mdb_printf(" [ anon ]");
1876 	}
1877 
1878 	mdb_printf("\n");
1879 	return (WALK_NEXT);
1880 }
1881 
1882 static int
1883 pmap_walk_seg_quick(uintptr_t addr, const struct seg *seg, uintptr_t segvn)
1884 {
1885 	mdb_printf("%0?p %0?p %7dk", addr, seg->s_base, seg->s_size / 1024);
1886 
1887 	if (segvn == (uintptr_t)seg->s_ops) {
1888 		struct segvn_data svn;
1889 
1890 		(void) mdb_vread(&svn, sizeof (svn), (uintptr_t)seg->s_data);
1891 
1892 		if (svn.vp != NULL) {
1893 			mdb_printf(" %0?p", svn.vp);
1894 		} else {
1895 			mdb_printf(" [ anon ]");
1896 		}
1897 	}
1898 
1899 	mdb_printf("\n");
1900 	return (WALK_NEXT);
1901 }
1902 
1903 /*ARGSUSED*/
1904 int
1905 pmap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1906 {
1907 	uintptr_t segvn;
1908 	proc_t proc;
1909 	uint_t quick = FALSE;
1910 	mdb_walk_cb_t cb = (mdb_walk_cb_t)pmap_walk_seg;
1911 
1912 	GElf_Sym sym;
1913 
1914 	if (!(flags & DCMD_ADDRSPEC))
1915 		return (DCMD_USAGE);
1916 
1917 	if (mdb_getopts(argc, argv,
1918 	    'q', MDB_OPT_SETBITS, TRUE, &quick, NULL) != argc)
1919 		return (DCMD_USAGE);
1920 
1921 	if (mdb_vread(&proc, sizeof (proc), addr) == -1) {
1922 		mdb_warn("failed to read proc at %p", addr);
1923 		return (DCMD_ERR);
1924 	}
1925 
1926 	if (mdb_lookup_by_name("segvn_ops", &sym) == 0)
1927 		segvn = (uintptr_t)sym.st_value;
1928 	else
1929 		segvn = NULL;
1930 
1931 	mdb_printf("%?s %?s %8s ", "SEG", "BASE", "SIZE");
1932 
1933 	if (quick) {
1934 		mdb_printf("VNODE\n");
1935 		cb = (mdb_walk_cb_t)pmap_walk_seg_quick;
1936 	} else {
1937 		mdb_printf("%8s %s\n", "RES", "PATH");
1938 	}
1939 
1940 	if (mdb_pwalk("seg", cb, (void *)segvn, (uintptr_t)proc.p_as) == -1) {
1941 		mdb_warn("failed to walk segments of as %p", proc.p_as);
1942 		return (DCMD_ERR);
1943 	}
1944 
1945 	return (DCMD_OK);
1946 }
1947 
1948 typedef struct anon_walk_data {
1949 	uintptr_t *aw_levone;
1950 	uintptr_t *aw_levtwo;
1951 	int aw_nlevone;
1952 	int aw_levone_ndx;
1953 	int aw_levtwo_ndx;
1954 	struct anon_map aw_amp;
1955 	struct anon_hdr aw_ahp;
1956 } anon_walk_data_t;
1957 
1958 int
1959 anon_walk_init(mdb_walk_state_t *wsp)
1960 {
1961 	anon_walk_data_t *aw;
1962 
1963 	if (wsp->walk_addr == NULL) {
1964 		mdb_warn("anon walk doesn't support global walks\n");
1965 		return (WALK_ERR);
1966 	}
1967 
1968 	aw = mdb_alloc(sizeof (anon_walk_data_t), UM_SLEEP);
1969 
1970 	if (mdb_vread(&aw->aw_amp, sizeof (aw->aw_amp), wsp->walk_addr) == -1) {
1971 		mdb_warn("failed to read anon map at %p", wsp->walk_addr);
1972 		mdb_free(aw, sizeof (anon_walk_data_t));
1973 		return (WALK_ERR);
1974 	}
1975 
1976 	if (mdb_vread(&aw->aw_ahp, sizeof (aw->aw_ahp),
1977 	    (uintptr_t)(aw->aw_amp.ahp)) == -1) {
1978 		mdb_warn("failed to read anon hdr ptr at %p", aw->aw_amp.ahp);
1979 		mdb_free(aw, sizeof (anon_walk_data_t));
1980 		return (WALK_ERR);
1981 	}
1982 
1983 	if (aw->aw_ahp.size <= ANON_CHUNK_SIZE ||
1984 	    (aw->aw_ahp.flags & ANON_ALLOC_FORCE)) {
1985 		aw->aw_nlevone = aw->aw_ahp.size;
1986 		aw->aw_levtwo = NULL;
1987 	} else {
1988 		aw->aw_nlevone =
1989 		    (aw->aw_ahp.size + ANON_CHUNK_OFF) >> ANON_CHUNK_SHIFT;
1990 		aw->aw_levtwo =
1991 		    mdb_zalloc(ANON_CHUNK_SIZE * sizeof (uintptr_t), UM_SLEEP);
1992 	}
1993 
1994 	aw->aw_levone =
1995 	    mdb_alloc(aw->aw_nlevone * sizeof (uintptr_t), UM_SLEEP);
1996 
1997 	aw->aw_levone_ndx = 0;
1998 	aw->aw_levtwo_ndx = 0;
1999 
2000 	mdb_vread(aw->aw_levone, aw->aw_nlevone * sizeof (uintptr_t),
2001 	    (uintptr_t)aw->aw_ahp.array_chunk);
2002 
2003 	if (aw->aw_levtwo != NULL) {
2004 		while (aw->aw_levone[aw->aw_levone_ndx] == NULL) {
2005 			aw->aw_levone_ndx++;
2006 			if (aw->aw_levone_ndx == aw->aw_nlevone) {
2007 				mdb_warn("corrupt anon; couldn't"
2008 				    "find ptr to lev two map");
2009 				goto out;
2010 			}
2011 		}
2012 
2013 		mdb_vread(aw->aw_levtwo, ANON_CHUNK_SIZE * sizeof (uintptr_t),
2014 		    aw->aw_levone[aw->aw_levone_ndx]);
2015 	}
2016 
2017 out:
2018 	wsp->walk_data = aw;
2019 	return (0);
2020 }
2021 
2022 int
2023 anon_walk_step(mdb_walk_state_t *wsp)
2024 {
2025 	int status;
2026 	anon_walk_data_t *aw = (anon_walk_data_t *)wsp->walk_data;
2027 	struct anon anon;
2028 	uintptr_t anonptr;
2029 
2030 again:
2031 	/*
2032 	 * Once we've walked through level one, we're done.
2033 	 */
2034 	if (aw->aw_levone_ndx == aw->aw_nlevone)
2035 		return (WALK_DONE);
2036 
2037 	if (aw->aw_levtwo == NULL) {
2038 		anonptr = aw->aw_levone[aw->aw_levone_ndx];
2039 		aw->aw_levone_ndx++;
2040 	} else {
2041 		anonptr = aw->aw_levtwo[aw->aw_levtwo_ndx];
2042 		aw->aw_levtwo_ndx++;
2043 
2044 		if (aw->aw_levtwo_ndx == ANON_CHUNK_SIZE) {
2045 			aw->aw_levtwo_ndx = 0;
2046 
2047 			do {
2048 				aw->aw_levone_ndx++;
2049 
2050 				if (aw->aw_levone_ndx == aw->aw_nlevone)
2051 					return (WALK_DONE);
2052 			} while (aw->aw_levone[aw->aw_levone_ndx] == NULL);
2053 
2054 			mdb_vread(aw->aw_levtwo, ANON_CHUNK_SIZE *
2055 			    sizeof (uintptr_t),
2056 			    aw->aw_levone[aw->aw_levone_ndx]);
2057 		}
2058 	}
2059 
2060 	if (anonptr != NULL) {
2061 		mdb_vread(&anon, sizeof (anon), anonptr);
2062 		status = wsp->walk_callback(anonptr, &anon, wsp->walk_cbdata);
2063 	} else
2064 		goto again;
2065 
2066 	return (status);
2067 }
2068 
2069 void
2070 anon_walk_fini(mdb_walk_state_t *wsp)
2071 {
2072 	anon_walk_data_t *aw = (anon_walk_data_t *)wsp->walk_data;
2073 
2074 	if (aw->aw_levtwo != NULL)
2075 		mdb_free(aw->aw_levtwo, ANON_CHUNK_SIZE * sizeof (uintptr_t));
2076 
2077 	mdb_free(aw->aw_levone, aw->aw_nlevone * sizeof (uintptr_t));
2078 	mdb_free(aw, sizeof (anon_walk_data_t));
2079 }
2080 
2081 /*ARGSUSED*/
2082 int
2083 whereopen_fwalk(uintptr_t addr, struct file *f, uintptr_t *target)
2084 {
2085 	if ((uintptr_t)f->f_vnode == *target) {
2086 		mdb_printf("file %p\n", addr);
2087 		*target = NULL;
2088 	}
2089 
2090 	return (WALK_NEXT);
2091 }
2092 
2093 /*ARGSUSED*/
2094 int
2095 whereopen_pwalk(uintptr_t addr, void *ignored, uintptr_t *target)
2096 {
2097 	uintptr_t t = *target;
2098 
2099 	if (mdb_pwalk("file", (mdb_walk_cb_t)whereopen_fwalk, &t, addr) == -1) {
2100 		mdb_warn("couldn't file walk proc %p", addr);
2101 		return (WALK_ERR);
2102 	}
2103 
2104 	if (t == NULL)
2105 		mdb_printf("%p\n", addr);
2106 
2107 	return (WALK_NEXT);
2108 }
2109 
2110 /*ARGSUSED*/
2111 int
2112 whereopen(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2113 {
2114 	uintptr_t target = addr;
2115 
2116 	if (!(flags & DCMD_ADDRSPEC) || addr == NULL)
2117 		return (DCMD_USAGE);
2118 
2119 	if (mdb_walk("proc", (mdb_walk_cb_t)whereopen_pwalk, &target) == -1) {
2120 		mdb_warn("can't proc walk");
2121 		return (DCMD_ERR);
2122 	}
2123 
2124 	return (DCMD_OK);
2125 }
2126 
2127 typedef struct datafmt {
2128 	char	*hdr1;
2129 	char	*hdr2;
2130 	char	*dashes;
2131 	char	*fmt;
2132 } datafmt_t;
2133 
2134 static datafmt_t kmemfmt[] = {
2135 	{ "cache                    ", "name                     ",
2136 	"-------------------------", "%-25s "				},
2137 	{ "   buf",	"  size",	"------",	"%6u "		},
2138 	{ "   buf",	"in use",	"------",	"%6u "		},
2139 	{ "   buf",	" total",	"------",	"%6u "		},
2140 	{ "   memory",	"   in use",	"----------",	"%9u%c "	},
2141 	{ "    alloc",	"  succeed",	"---------",	"%9u "		},
2142 	{ "alloc",	" fail",	"-----",	"%5u "		},
2143 	{ NULL,		NULL,		NULL,		NULL		}
2144 };
2145 
2146 static datafmt_t vmemfmt[] = {
2147 	{ "vmem                     ", "name                     ",
2148 	"-------------------------", "%-*s "				},
2149 	{ "   memory",	"   in use",	"----------",	"%9llu%c "	},
2150 	{ "    memory",	"     total",	"-----------",	"%10llu%c "	},
2151 	{ "   memory",	"   import",	"----------",	"%9llu%c "	},
2152 	{ "    alloc",	"  succeed",	"---------",	"%9llu "	},
2153 	{ "alloc",	" fail",	"-----",	"%5llu "	},
2154 	{ NULL,		NULL,		NULL,		NULL		}
2155 };
2156 
2157 /*ARGSUSED*/
2158 static int
2159 kmastat_cpu_avail(uintptr_t addr, const kmem_cpu_cache_t *ccp, int *avail)
2160 {
2161 	if (ccp->cc_rounds > 0)
2162 		*avail += ccp->cc_rounds;
2163 	if (ccp->cc_prounds > 0)
2164 		*avail += ccp->cc_prounds;
2165 
2166 	return (WALK_NEXT);
2167 }
2168 
2169 /*ARGSUSED*/
2170 static int
2171 kmastat_cpu_alloc(uintptr_t addr, const kmem_cpu_cache_t *ccp, int *alloc)
2172 {
2173 	*alloc += ccp->cc_alloc;
2174 
2175 	return (WALK_NEXT);
2176 }
2177 
2178 /*ARGSUSED*/
2179 static int
2180 kmastat_slab_avail(uintptr_t addr, const kmem_slab_t *sp, int *avail)
2181 {
2182 	*avail += sp->slab_chunks - sp->slab_refcnt;
2183 
2184 	return (WALK_NEXT);
2185 }
2186 
2187 typedef struct kmastat_vmem {
2188 	uintptr_t kv_addr;
2189 	struct kmastat_vmem *kv_next;
2190 	int kv_meminuse;
2191 	int kv_alloc;
2192 	int kv_fail;
2193 } kmastat_vmem_t;
2194 
2195 typedef struct kmastat_args {
2196 	kmastat_vmem_t **ka_kvpp;
2197 	uint_t ka_shift;
2198 } kmastat_args_t;
2199 
2200 static int
2201 kmastat_cache(uintptr_t addr, const kmem_cache_t *cp, kmastat_args_t *kap)
2202 {
2203 	kmastat_vmem_t **kvp = kap->ka_kvpp;
2204 	kmastat_vmem_t *kv;
2205 	datafmt_t *dfp = kmemfmt;
2206 	int magsize;
2207 
2208 	int avail, alloc, total;
2209 	size_t meminuse = (cp->cache_slab_create - cp->cache_slab_destroy) *
2210 	    cp->cache_slabsize;
2211 
2212 	mdb_walk_cb_t cpu_avail = (mdb_walk_cb_t)kmastat_cpu_avail;
2213 	mdb_walk_cb_t cpu_alloc = (mdb_walk_cb_t)kmastat_cpu_alloc;
2214 	mdb_walk_cb_t slab_avail = (mdb_walk_cb_t)kmastat_slab_avail;
2215 
2216 	magsize = kmem_get_magsize(cp);
2217 
2218 	alloc = cp->cache_slab_alloc + cp->cache_full.ml_alloc;
2219 	avail = cp->cache_full.ml_total * magsize;
2220 	total = cp->cache_buftotal;
2221 
2222 	(void) mdb_pwalk("kmem_cpu_cache", cpu_alloc, &alloc, addr);
2223 	(void) mdb_pwalk("kmem_cpu_cache", cpu_avail, &avail, addr);
2224 	(void) mdb_pwalk("kmem_slab_partial", slab_avail, &avail, addr);
2225 
2226 	for (kv = *kvp; kv != NULL; kv = kv->kv_next) {
2227 		if (kv->kv_addr == (uintptr_t)cp->cache_arena)
2228 			goto out;
2229 	}
2230 
2231 	kv = mdb_zalloc(sizeof (kmastat_vmem_t), UM_SLEEP | UM_GC);
2232 	kv->kv_next = *kvp;
2233 	kv->kv_addr = (uintptr_t)cp->cache_arena;
2234 	*kvp = kv;
2235 out:
2236 	kv->kv_meminuse += meminuse;
2237 	kv->kv_alloc += alloc;
2238 	kv->kv_fail += cp->cache_alloc_fail;
2239 
2240 	mdb_printf((dfp++)->fmt, cp->cache_name);
2241 	mdb_printf((dfp++)->fmt, cp->cache_bufsize);
2242 	mdb_printf((dfp++)->fmt, total - avail);
2243 	mdb_printf((dfp++)->fmt, total);
2244 	mdb_printf((dfp++)->fmt, meminuse >> kap->ka_shift,
2245 	    kap->ka_shift == GIGS ? 'G' : kap->ka_shift == MEGS ? 'M' :
2246 	    kap->ka_shift == KILOS ? 'K' : 'B');
2247 	mdb_printf((dfp++)->fmt, alloc);
2248 	mdb_printf((dfp++)->fmt, cp->cache_alloc_fail);
2249 	mdb_printf("\n");
2250 
2251 	return (WALK_NEXT);
2252 }
2253 
2254 static int
2255 kmastat_vmem_totals(uintptr_t addr, const vmem_t *v, kmastat_args_t *kap)
2256 {
2257 	kmastat_vmem_t *kv = *kap->ka_kvpp;
2258 	size_t len;
2259 
2260 	while (kv != NULL && kv->kv_addr != addr)
2261 		kv = kv->kv_next;
2262 
2263 	if (kv == NULL || kv->kv_alloc == 0)
2264 		return (WALK_NEXT);
2265 
2266 	len = MIN(17, strlen(v->vm_name));
2267 
2268 	mdb_printf("Total [%s]%*s %6s %6s %6s %9u%c %9u %5u\n", v->vm_name,
2269 	    17 - len, "", "", "", "",
2270 	    kv->kv_meminuse >> kap->ka_shift,
2271 	    kap->ka_shift == GIGS ? 'G' : kap->ka_shift == MEGS ? 'M' :
2272 	    kap->ka_shift == KILOS ? 'K' : 'B', kv->kv_alloc, kv->kv_fail);
2273 
2274 	return (WALK_NEXT);
2275 }
2276 
2277 /*ARGSUSED*/
2278 static int
2279 kmastat_vmem(uintptr_t addr, const vmem_t *v, const uint_t *shiftp)
2280 {
2281 	datafmt_t *dfp = vmemfmt;
2282 	const vmem_kstat_t *vkp = &v->vm_kstat;
2283 	uintptr_t paddr;
2284 	vmem_t parent;
2285 	int ident = 0;
2286 
2287 	for (paddr = (uintptr_t)v->vm_source; paddr != NULL; ident += 4) {
2288 		if (mdb_vread(&parent, sizeof (parent), paddr) == -1) {
2289 			mdb_warn("couldn't trace %p's ancestry", addr);
2290 			ident = 0;
2291 			break;
2292 		}
2293 		paddr = (uintptr_t)parent.vm_source;
2294 	}
2295 
2296 	mdb_printf("%*s", ident, "");
2297 	mdb_printf((dfp++)->fmt, 25 - ident, v->vm_name);
2298 	mdb_printf((dfp++)->fmt, vkp->vk_mem_inuse.value.ui64 >> *shiftp,
2299 	    *shiftp == GIGS ? 'G' : *shiftp == MEGS ? 'M' :
2300 	    *shiftp == KILOS ? 'K' : 'B');
2301 	mdb_printf((dfp++)->fmt, vkp->vk_mem_total.value.ui64 >> *shiftp,
2302 	    *shiftp == GIGS ? 'G' : *shiftp == MEGS ? 'M' :
2303 	    *shiftp == KILOS ? 'K' : 'B');
2304 	mdb_printf((dfp++)->fmt, vkp->vk_mem_import.value.ui64 >> *shiftp,
2305 	    *shiftp == GIGS ? 'G' : *shiftp == MEGS ? 'M' :
2306 	    *shiftp == KILOS ? 'K' : 'B');
2307 	mdb_printf((dfp++)->fmt, vkp->vk_alloc.value.ui64);
2308 	mdb_printf((dfp++)->fmt, vkp->vk_fail.value.ui64);
2309 
2310 	mdb_printf("\n");
2311 
2312 	return (WALK_NEXT);
2313 }
2314 
2315 /*ARGSUSED*/
2316 int
2317 kmastat(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2318 {
2319 	kmastat_vmem_t *kv = NULL;
2320 	datafmt_t *dfp;
2321 	kmastat_args_t ka;
2322 
2323 	ka.ka_shift = 0;
2324 	if (mdb_getopts(argc, argv,
2325 	    'k', MDB_OPT_SETBITS, KILOS, &ka.ka_shift,
2326 	    'm', MDB_OPT_SETBITS, MEGS, &ka.ka_shift,
2327 	    'g', MDB_OPT_SETBITS, GIGS, &ka.ka_shift, NULL) != argc)
2328 		return (DCMD_USAGE);
2329 
2330 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2331 		mdb_printf("%s ", dfp->hdr1);
2332 	mdb_printf("\n");
2333 
2334 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2335 		mdb_printf("%s ", dfp->hdr2);
2336 	mdb_printf("\n");
2337 
2338 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2339 		mdb_printf("%s ", dfp->dashes);
2340 	mdb_printf("\n");
2341 
2342 	ka.ka_kvpp = &kv;
2343 	if (mdb_walk("kmem_cache", (mdb_walk_cb_t)kmastat_cache, &ka) == -1) {
2344 		mdb_warn("can't walk 'kmem_cache'");
2345 		return (DCMD_ERR);
2346 	}
2347 
2348 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2349 		mdb_printf("%s ", dfp->dashes);
2350 	mdb_printf("\n");
2351 
2352 	if (mdb_walk("vmem", (mdb_walk_cb_t)kmastat_vmem_totals, &ka) == -1) {
2353 		mdb_warn("can't walk 'vmem'");
2354 		return (DCMD_ERR);
2355 	}
2356 
2357 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2358 		mdb_printf("%s ", dfp->dashes);
2359 	mdb_printf("\n");
2360 
2361 	mdb_printf("\n");
2362 
2363 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2364 		mdb_printf("%s ", dfp->hdr1);
2365 	mdb_printf("\n");
2366 
2367 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2368 		mdb_printf("%s ", dfp->hdr2);
2369 	mdb_printf("\n");
2370 
2371 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2372 		mdb_printf("%s ", dfp->dashes);
2373 	mdb_printf("\n");
2374 
2375 	if (mdb_walk("vmem", (mdb_walk_cb_t)kmastat_vmem, &ka.ka_shift) == -1) {
2376 		mdb_warn("can't walk 'vmem'");
2377 		return (DCMD_ERR);
2378 	}
2379 
2380 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2381 		mdb_printf("%s ", dfp->dashes);
2382 	mdb_printf("\n");
2383 	return (DCMD_OK);
2384 }
2385 
2386 /*
2387  * Our ::kgrep callback scans the entire kernel VA space (kas).  kas is made
2388  * up of a set of 'struct seg's.  We could just scan each seg en masse, but
2389  * unfortunately, a few of the segs are both large and sparse, so we could
2390  * spend quite a bit of time scanning VAs which have no backing pages.
2391  *
2392  * So for the few very sparse segs, we skip the segment itself, and scan
2393  * the allocated vmem_segs in the vmem arena which manages that part of kas.
2394  * Currently, we do this for:
2395  *
2396  *	SEG		VMEM ARENA
2397  *	kvseg		heap_arena
2398  *	kvseg32		heap32_arena
2399  *	kvseg_core	heap_core_arena
2400  *
2401  * In addition, we skip the segkpm segment in its entirety, since it is very
2402  * sparse, and contains no new kernel data.
2403  */
2404 typedef struct kgrep_walk_data {
2405 	kgrep_cb_func *kg_cb;
2406 	void *kg_cbdata;
2407 	uintptr_t kg_kvseg;
2408 	uintptr_t kg_kvseg32;
2409 	uintptr_t kg_kvseg_core;
2410 	uintptr_t kg_segkpm;
2411 	uintptr_t kg_heap_lp_base;
2412 	uintptr_t kg_heap_lp_end;
2413 } kgrep_walk_data_t;
2414 
2415 static int
2416 kgrep_walk_seg(uintptr_t addr, const struct seg *seg, kgrep_walk_data_t *kg)
2417 {
2418 	uintptr_t base = (uintptr_t)seg->s_base;
2419 
2420 	if (addr == kg->kg_kvseg || addr == kg->kg_kvseg32 ||
2421 	    addr == kg->kg_kvseg_core)
2422 		return (WALK_NEXT);
2423 
2424 	if ((uintptr_t)seg->s_ops == kg->kg_segkpm)
2425 		return (WALK_NEXT);
2426 
2427 	return (kg->kg_cb(base, base + seg->s_size, kg->kg_cbdata));
2428 }
2429 
2430 /*ARGSUSED*/
2431 static int
2432 kgrep_walk_vseg(uintptr_t addr, const vmem_seg_t *seg, kgrep_walk_data_t *kg)
2433 {
2434 	/*
2435 	 * skip large page heap address range - it is scanned by walking
2436 	 * allocated vmem_segs in the heap_lp_arena
2437 	 */
2438 	if (seg->vs_start == kg->kg_heap_lp_base &&
2439 	    seg->vs_end == kg->kg_heap_lp_end)
2440 		return (WALK_NEXT);
2441 
2442 	return (kg->kg_cb(seg->vs_start, seg->vs_end, kg->kg_cbdata));
2443 }
2444 
2445 /*ARGSUSED*/
2446 static int
2447 kgrep_xwalk_vseg(uintptr_t addr, const vmem_seg_t *seg, kgrep_walk_data_t *kg)
2448 {
2449 	return (kg->kg_cb(seg->vs_start, seg->vs_end, kg->kg_cbdata));
2450 }
2451 
2452 static int
2453 kgrep_walk_vmem(uintptr_t addr, const vmem_t *vmem, kgrep_walk_data_t *kg)
2454 {
2455 	mdb_walk_cb_t walk_vseg = (mdb_walk_cb_t)kgrep_walk_vseg;
2456 
2457 	if (strcmp(vmem->vm_name, "heap") != 0 &&
2458 	    strcmp(vmem->vm_name, "heap32") != 0 &&
2459 	    strcmp(vmem->vm_name, "heap_core") != 0 &&
2460 	    strcmp(vmem->vm_name, "heap_lp") != 0)
2461 		return (WALK_NEXT);
2462 
2463 	if (strcmp(vmem->vm_name, "heap_lp") == 0)
2464 		walk_vseg = (mdb_walk_cb_t)kgrep_xwalk_vseg;
2465 
2466 	if (mdb_pwalk("vmem_alloc", walk_vseg, kg, addr) == -1) {
2467 		mdb_warn("couldn't walk vmem_alloc for vmem %p", addr);
2468 		return (WALK_ERR);
2469 	}
2470 
2471 	return (WALK_NEXT);
2472 }
2473 
2474 int
2475 kgrep_subr(kgrep_cb_func *cb, void *cbdata)
2476 {
2477 	GElf_Sym kas, kvseg, kvseg32, kvseg_core, segkpm;
2478 	kgrep_walk_data_t kg;
2479 
2480 	if (mdb_get_state() == MDB_STATE_RUNNING) {
2481 		mdb_warn("kgrep can only be run on a system "
2482 		    "dump or under kmdb; see dumpadm(1M)\n");
2483 		return (DCMD_ERR);
2484 	}
2485 
2486 	if (mdb_lookup_by_name("kas", &kas) == -1) {
2487 		mdb_warn("failed to locate 'kas' symbol\n");
2488 		return (DCMD_ERR);
2489 	}
2490 
2491 	if (mdb_lookup_by_name("kvseg", &kvseg) == -1) {
2492 		mdb_warn("failed to locate 'kvseg' symbol\n");
2493 		return (DCMD_ERR);
2494 	}
2495 
2496 	if (mdb_lookup_by_name("kvseg32", &kvseg32) == -1) {
2497 		mdb_warn("failed to locate 'kvseg32' symbol\n");
2498 		return (DCMD_ERR);
2499 	}
2500 
2501 	if (mdb_lookup_by_name("kvseg_core", &kvseg_core) == -1) {
2502 		mdb_warn("failed to locate 'kvseg_core' symbol\n");
2503 		return (DCMD_ERR);
2504 	}
2505 
2506 	if (mdb_lookup_by_name("segkpm_ops", &segkpm) == -1) {
2507 		mdb_warn("failed to locate 'segkpm_ops' symbol\n");
2508 		return (DCMD_ERR);
2509 	}
2510 
2511 	if (mdb_readvar(&kg.kg_heap_lp_base, "heap_lp_base") == -1) {
2512 		mdb_warn("failed to read 'heap_lp_base'\n");
2513 		return (DCMD_ERR);
2514 	}
2515 
2516 	if (mdb_readvar(&kg.kg_heap_lp_end, "heap_lp_end") == -1) {
2517 		mdb_warn("failed to read 'heap_lp_end'\n");
2518 		return (DCMD_ERR);
2519 	}
2520 
2521 	kg.kg_cb = cb;
2522 	kg.kg_cbdata = cbdata;
2523 	kg.kg_kvseg = (uintptr_t)kvseg.st_value;
2524 	kg.kg_kvseg32 = (uintptr_t)kvseg32.st_value;
2525 	kg.kg_kvseg_core = (uintptr_t)kvseg_core.st_value;
2526 	kg.kg_segkpm = (uintptr_t)segkpm.st_value;
2527 
2528 	if (mdb_pwalk("seg", (mdb_walk_cb_t)kgrep_walk_seg,
2529 	    &kg, kas.st_value) == -1) {
2530 		mdb_warn("failed to walk kas segments");
2531 		return (DCMD_ERR);
2532 	}
2533 
2534 	if (mdb_walk("vmem", (mdb_walk_cb_t)kgrep_walk_vmem, &kg) == -1) {
2535 		mdb_warn("failed to walk heap/heap32 vmem arenas");
2536 		return (DCMD_ERR);
2537 	}
2538 
2539 	return (DCMD_OK);
2540 }
2541 
2542 size_t
2543 kgrep_subr_pagesize(void)
2544 {
2545 	return (PAGESIZE);
2546 }
2547 
2548 typedef struct file_walk_data {
2549 	struct uf_entry *fw_flist;
2550 	int fw_flistsz;
2551 	int fw_ndx;
2552 	int fw_nofiles;
2553 } file_walk_data_t;
2554 
2555 int
2556 file_walk_init(mdb_walk_state_t *wsp)
2557 {
2558 	file_walk_data_t *fw;
2559 	proc_t p;
2560 
2561 	if (wsp->walk_addr == NULL) {
2562 		mdb_warn("file walk doesn't support global walks\n");
2563 		return (WALK_ERR);
2564 	}
2565 
2566 	fw = mdb_alloc(sizeof (file_walk_data_t), UM_SLEEP);
2567 
2568 	if (mdb_vread(&p, sizeof (p), wsp->walk_addr) == -1) {
2569 		mdb_free(fw, sizeof (file_walk_data_t));
2570 		mdb_warn("failed to read proc structure at %p", wsp->walk_addr);
2571 		return (WALK_ERR);
2572 	}
2573 
2574 	if (p.p_user.u_finfo.fi_nfiles == 0) {
2575 		mdb_free(fw, sizeof (file_walk_data_t));
2576 		return (WALK_DONE);
2577 	}
2578 
2579 	fw->fw_nofiles = p.p_user.u_finfo.fi_nfiles;
2580 	fw->fw_flistsz = sizeof (struct uf_entry) * fw->fw_nofiles;
2581 	fw->fw_flist = mdb_alloc(fw->fw_flistsz, UM_SLEEP);
2582 
2583 	if (mdb_vread(fw->fw_flist, fw->fw_flistsz,
2584 	    (uintptr_t)p.p_user.u_finfo.fi_list) == -1) {
2585 		mdb_warn("failed to read file array at %p",
2586 		    p.p_user.u_finfo.fi_list);
2587 		mdb_free(fw->fw_flist, fw->fw_flistsz);
2588 		mdb_free(fw, sizeof (file_walk_data_t));
2589 		return (WALK_ERR);
2590 	}
2591 
2592 	fw->fw_ndx = 0;
2593 	wsp->walk_data = fw;
2594 
2595 	return (WALK_NEXT);
2596 }
2597 
2598 int
2599 file_walk_step(mdb_walk_state_t *wsp)
2600 {
2601 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
2602 	struct file file;
2603 	uintptr_t fp;
2604 
2605 again:
2606 	if (fw->fw_ndx == fw->fw_nofiles)
2607 		return (WALK_DONE);
2608 
2609 	if ((fp = (uintptr_t)fw->fw_flist[fw->fw_ndx++].uf_file) == NULL)
2610 		goto again;
2611 
2612 	(void) mdb_vread(&file, sizeof (file), (uintptr_t)fp);
2613 	return (wsp->walk_callback(fp, &file, wsp->walk_cbdata));
2614 }
2615 
2616 int
2617 allfile_walk_step(mdb_walk_state_t *wsp)
2618 {
2619 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
2620 	struct file file;
2621 	uintptr_t fp;
2622 
2623 	if (fw->fw_ndx == fw->fw_nofiles)
2624 		return (WALK_DONE);
2625 
2626 	if ((fp = (uintptr_t)fw->fw_flist[fw->fw_ndx++].uf_file) != NULL)
2627 		(void) mdb_vread(&file, sizeof (file), (uintptr_t)fp);
2628 	else
2629 		bzero(&file, sizeof (file));
2630 
2631 	return (wsp->walk_callback(fp, &file, wsp->walk_cbdata));
2632 }
2633 
2634 void
2635 file_walk_fini(mdb_walk_state_t *wsp)
2636 {
2637 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
2638 
2639 	mdb_free(fw->fw_flist, fw->fw_flistsz);
2640 	mdb_free(fw, sizeof (file_walk_data_t));
2641 }
2642 
2643 int
2644 port_walk_init(mdb_walk_state_t *wsp)
2645 {
2646 	if (wsp->walk_addr == NULL) {
2647 		mdb_warn("port walk doesn't support global walks\n");
2648 		return (WALK_ERR);
2649 	}
2650 
2651 	if (mdb_layered_walk("file", wsp) == -1) {
2652 		mdb_warn("couldn't walk 'file'");
2653 		return (WALK_ERR);
2654 	}
2655 	return (WALK_NEXT);
2656 }
2657 
2658 int
2659 port_walk_step(mdb_walk_state_t *wsp)
2660 {
2661 	struct vnode	vn;
2662 	uintptr_t	vp;
2663 	uintptr_t	pp;
2664 	struct port	port;
2665 
2666 	vp = (uintptr_t)((struct file *)wsp->walk_layer)->f_vnode;
2667 	if (mdb_vread(&vn, sizeof (vn), vp) == -1) {
2668 		mdb_warn("failed to read vnode_t at %p", vp);
2669 		return (WALK_ERR);
2670 	}
2671 	if (vn.v_type != VPORT)
2672 		return (WALK_NEXT);
2673 
2674 	pp = (uintptr_t)vn.v_data;
2675 	if (mdb_vread(&port, sizeof (port), pp) == -1) {
2676 		mdb_warn("failed to read port_t at %p", pp);
2677 		return (WALK_ERR);
2678 	}
2679 	return (wsp->walk_callback(pp, &port, wsp->walk_cbdata));
2680 }
2681 
2682 typedef struct portev_walk_data {
2683 	list_node_t	*pev_node;
2684 	list_node_t	*pev_last;
2685 	size_t		pev_offset;
2686 } portev_walk_data_t;
2687 
2688 int
2689 portev_walk_init(mdb_walk_state_t *wsp)
2690 {
2691 	portev_walk_data_t *pevd;
2692 	struct port	port;
2693 	struct vnode	vn;
2694 	struct list	*list;
2695 	uintptr_t	vp;
2696 
2697 	if (wsp->walk_addr == NULL) {
2698 		mdb_warn("portev walk doesn't support global walks\n");
2699 		return (WALK_ERR);
2700 	}
2701 
2702 	pevd = mdb_alloc(sizeof (portev_walk_data_t), UM_SLEEP);
2703 
2704 	if (mdb_vread(&port, sizeof (port), wsp->walk_addr) == -1) {
2705 		mdb_free(pevd, sizeof (portev_walk_data_t));
2706 		mdb_warn("failed to read port structure at %p", wsp->walk_addr);
2707 		return (WALK_ERR);
2708 	}
2709 
2710 	vp = (uintptr_t)port.port_vnode;
2711 	if (mdb_vread(&vn, sizeof (vn), vp) == -1) {
2712 		mdb_free(pevd, sizeof (portev_walk_data_t));
2713 		mdb_warn("failed to read vnode_t at %p", vp);
2714 		return (WALK_ERR);
2715 	}
2716 
2717 	if (vn.v_type != VPORT) {
2718 		mdb_free(pevd, sizeof (portev_walk_data_t));
2719 		mdb_warn("input address (%p) does not point to an event port",
2720 		    wsp->walk_addr);
2721 		return (WALK_ERR);
2722 	}
2723 
2724 	if (port.port_queue.portq_nent == 0) {
2725 		mdb_free(pevd, sizeof (portev_walk_data_t));
2726 		return (WALK_DONE);
2727 	}
2728 	list = &port.port_queue.portq_list;
2729 	pevd->pev_offset = list->list_offset;
2730 	pevd->pev_last = list->list_head.list_prev;
2731 	pevd->pev_node = list->list_head.list_next;
2732 	wsp->walk_data = pevd;
2733 	return (WALK_NEXT);
2734 }
2735 
2736 int
2737 portev_walk_step(mdb_walk_state_t *wsp)
2738 {
2739 	portev_walk_data_t	*pevd;
2740 	struct port_kevent	ev;
2741 	uintptr_t		evp;
2742 
2743 	pevd = (portev_walk_data_t *)wsp->walk_data;
2744 
2745 	if (pevd->pev_last == NULL)
2746 		return (WALK_DONE);
2747 	if (pevd->pev_node == pevd->pev_last)
2748 		pevd->pev_last = NULL;		/* last round */
2749 
2750 	evp = ((uintptr_t)(((char *)pevd->pev_node) - pevd->pev_offset));
2751 	if (mdb_vread(&ev, sizeof (ev), evp) == -1) {
2752 		mdb_warn("failed to read port_kevent at %p", evp);
2753 		return (WALK_DONE);
2754 	}
2755 	pevd->pev_node = ev.portkev_node.list_next;
2756 	return (wsp->walk_callback(evp, &ev, wsp->walk_cbdata));
2757 }
2758 
2759 void
2760 portev_walk_fini(mdb_walk_state_t *wsp)
2761 {
2762 	portev_walk_data_t *pevd = (portev_walk_data_t *)wsp->walk_data;
2763 
2764 	if (pevd != NULL)
2765 		mdb_free(pevd, sizeof (portev_walk_data_t));
2766 }
2767 
2768 typedef struct proc_walk_data {
2769 	uintptr_t *pw_stack;
2770 	int pw_depth;
2771 	int pw_max;
2772 } proc_walk_data_t;
2773 
2774 int
2775 proc_walk_init(mdb_walk_state_t *wsp)
2776 {
2777 	GElf_Sym sym;
2778 	proc_walk_data_t *pw;
2779 
2780 	if (wsp->walk_addr == NULL) {
2781 		if (mdb_lookup_by_name("p0", &sym) == -1) {
2782 			mdb_warn("failed to read 'practive'");
2783 			return (WALK_ERR);
2784 		}
2785 		wsp->walk_addr = (uintptr_t)sym.st_value;
2786 	}
2787 
2788 	pw = mdb_zalloc(sizeof (proc_walk_data_t), UM_SLEEP);
2789 
2790 	if (mdb_readvar(&pw->pw_max, "nproc") == -1) {
2791 		mdb_warn("failed to read 'nproc'");
2792 		mdb_free(pw, sizeof (pw));
2793 		return (WALK_ERR);
2794 	}
2795 
2796 	pw->pw_stack = mdb_alloc(pw->pw_max * sizeof (uintptr_t), UM_SLEEP);
2797 	wsp->walk_data = pw;
2798 
2799 	return (WALK_NEXT);
2800 }
2801 
2802 int
2803 proc_walk_step(mdb_walk_state_t *wsp)
2804 {
2805 	proc_walk_data_t *pw = wsp->walk_data;
2806 	uintptr_t addr = wsp->walk_addr;
2807 	uintptr_t cld, sib;
2808 
2809 	int status;
2810 	proc_t pr;
2811 
2812 	if (mdb_vread(&pr, sizeof (proc_t), addr) == -1) {
2813 		mdb_warn("failed to read proc at %p", addr);
2814 		return (WALK_DONE);
2815 	}
2816 
2817 	cld = (uintptr_t)pr.p_child;
2818 	sib = (uintptr_t)pr.p_sibling;
2819 
2820 	if (pw->pw_depth > 0 && addr == pw->pw_stack[pw->pw_depth - 1]) {
2821 		pw->pw_depth--;
2822 		goto sib;
2823 	}
2824 
2825 	status = wsp->walk_callback(addr, &pr, wsp->walk_cbdata);
2826 
2827 	if (status != WALK_NEXT)
2828 		return (status);
2829 
2830 	if ((wsp->walk_addr = cld) != NULL) {
2831 		if (mdb_vread(&pr, sizeof (proc_t), cld) == -1) {
2832 			mdb_warn("proc %p has invalid p_child %p; skipping\n",
2833 			    addr, cld);
2834 			goto sib;
2835 		}
2836 
2837 		pw->pw_stack[pw->pw_depth++] = addr;
2838 
2839 		if (pw->pw_depth == pw->pw_max) {
2840 			mdb_warn("depth %d exceeds max depth; try again\n",
2841 			    pw->pw_depth);
2842 			return (WALK_DONE);
2843 		}
2844 		return (WALK_NEXT);
2845 	}
2846 
2847 sib:
2848 	/*
2849 	 * We know that p0 has no siblings, and if another starting proc
2850 	 * was given, we don't want to walk its siblings anyway.
2851 	 */
2852 	if (pw->pw_depth == 0)
2853 		return (WALK_DONE);
2854 
2855 	if (sib != NULL && mdb_vread(&pr, sizeof (proc_t), sib) == -1) {
2856 		mdb_warn("proc %p has invalid p_sibling %p; skipping\n",
2857 		    addr, sib);
2858 		sib = NULL;
2859 	}
2860 
2861 	if ((wsp->walk_addr = sib) == NULL) {
2862 		if (pw->pw_depth > 0) {
2863 			wsp->walk_addr = pw->pw_stack[pw->pw_depth - 1];
2864 			return (WALK_NEXT);
2865 		}
2866 		return (WALK_DONE);
2867 	}
2868 
2869 	return (WALK_NEXT);
2870 }
2871 
2872 void
2873 proc_walk_fini(mdb_walk_state_t *wsp)
2874 {
2875 	proc_walk_data_t *pw = wsp->walk_data;
2876 
2877 	mdb_free(pw->pw_stack, pw->pw_max * sizeof (uintptr_t));
2878 	mdb_free(pw, sizeof (proc_walk_data_t));
2879 }
2880 
2881 int
2882 task_walk_init(mdb_walk_state_t *wsp)
2883 {
2884 	task_t task;
2885 
2886 	if (mdb_vread(&task, sizeof (task_t), wsp->walk_addr) == -1) {
2887 		mdb_warn("failed to read task at %p", wsp->walk_addr);
2888 		return (WALK_ERR);
2889 	}
2890 	wsp->walk_addr = (uintptr_t)task.tk_memb_list;
2891 	wsp->walk_data = task.tk_memb_list;
2892 	return (WALK_NEXT);
2893 }
2894 
2895 int
2896 task_walk_step(mdb_walk_state_t *wsp)
2897 {
2898 	proc_t proc;
2899 	int status;
2900 
2901 	if (mdb_vread(&proc, sizeof (proc_t), wsp->walk_addr) == -1) {
2902 		mdb_warn("failed to read proc at %p", wsp->walk_addr);
2903 		return (WALK_DONE);
2904 	}
2905 
2906 	status = wsp->walk_callback(wsp->walk_addr, NULL, wsp->walk_cbdata);
2907 
2908 	if (proc.p_tasknext == wsp->walk_data)
2909 		return (WALK_DONE);
2910 
2911 	wsp->walk_addr = (uintptr_t)proc.p_tasknext;
2912 	return (status);
2913 }
2914 
2915 int
2916 project_walk_init(mdb_walk_state_t *wsp)
2917 {
2918 	if (wsp->walk_addr == NULL) {
2919 		if (mdb_readvar(&wsp->walk_addr, "proj0p") == -1) {
2920 			mdb_warn("failed to read 'proj0p'");
2921 			return (WALK_ERR);
2922 		}
2923 	}
2924 	wsp->walk_data = (void *)wsp->walk_addr;
2925 	return (WALK_NEXT);
2926 }
2927 
2928 int
2929 project_walk_step(mdb_walk_state_t *wsp)
2930 {
2931 	uintptr_t addr = wsp->walk_addr;
2932 	kproject_t pj;
2933 	int status;
2934 
2935 	if (mdb_vread(&pj, sizeof (kproject_t), addr) == -1) {
2936 		mdb_warn("failed to read project at %p", addr);
2937 		return (WALK_DONE);
2938 	}
2939 	status = wsp->walk_callback(addr, &pj, wsp->walk_cbdata);
2940 	if (status != WALK_NEXT)
2941 		return (status);
2942 	wsp->walk_addr = (uintptr_t)pj.kpj_next;
2943 	if ((void *)wsp->walk_addr == wsp->walk_data)
2944 		return (WALK_DONE);
2945 	return (WALK_NEXT);
2946 }
2947 
2948 static int
2949 generic_walk_step(mdb_walk_state_t *wsp)
2950 {
2951 	return (wsp->walk_callback(wsp->walk_addr, wsp->walk_layer,
2952 	    wsp->walk_cbdata));
2953 }
2954 
2955 int
2956 seg_walk_init(mdb_walk_state_t *wsp)
2957 {
2958 	if (wsp->walk_addr == NULL) {
2959 		mdb_warn("seg walk must begin at struct as *\n");
2960 		return (WALK_ERR);
2961 	}
2962 
2963 	/*
2964 	 * this is really just a wrapper to AVL tree walk
2965 	 */
2966 	wsp->walk_addr = (uintptr_t)&((struct as *)wsp->walk_addr)->a_segtree;
2967 	return (avl_walk_init(wsp));
2968 }
2969 
2970 static int
2971 cpu_walk_cmp(const void *l, const void *r)
2972 {
2973 	uintptr_t lhs = *((uintptr_t *)l);
2974 	uintptr_t rhs = *((uintptr_t *)r);
2975 	cpu_t lcpu, rcpu;
2976 
2977 	(void) mdb_vread(&lcpu, sizeof (lcpu), lhs);
2978 	(void) mdb_vread(&rcpu, sizeof (rcpu), rhs);
2979 
2980 	if (lcpu.cpu_id < rcpu.cpu_id)
2981 		return (-1);
2982 
2983 	if (lcpu.cpu_id > rcpu.cpu_id)
2984 		return (1);
2985 
2986 	return (0);
2987 }
2988 
2989 typedef struct cpu_walk {
2990 	uintptr_t *cw_array;
2991 	int cw_ndx;
2992 } cpu_walk_t;
2993 
2994 int
2995 cpu_walk_init(mdb_walk_state_t *wsp)
2996 {
2997 	cpu_walk_t *cw;
2998 	int max_ncpus, i = 0;
2999 	uintptr_t current, first;
3000 	cpu_t cpu, panic_cpu;
3001 	uintptr_t panicstr, addr;
3002 	GElf_Sym sym;
3003 
3004 	cw = mdb_zalloc(sizeof (cpu_walk_t), UM_SLEEP | UM_GC);
3005 
3006 	if (mdb_readvar(&max_ncpus, "max_ncpus") == -1) {
3007 		mdb_warn("failed to read 'max_ncpus'");
3008 		return (WALK_ERR);
3009 	}
3010 
3011 	if (mdb_readvar(&panicstr, "panicstr") == -1) {
3012 		mdb_warn("failed to read 'panicstr'");
3013 		return (WALK_ERR);
3014 	}
3015 
3016 	if (panicstr != NULL) {
3017 		if (mdb_lookup_by_name("panic_cpu", &sym) == -1) {
3018 			mdb_warn("failed to find 'panic_cpu'");
3019 			return (WALK_ERR);
3020 		}
3021 
3022 		addr = (uintptr_t)sym.st_value;
3023 
3024 		if (mdb_vread(&panic_cpu, sizeof (cpu_t), addr) == -1) {
3025 			mdb_warn("failed to read 'panic_cpu'");
3026 			return (WALK_ERR);
3027 		}
3028 	}
3029 
3030 	/*
3031 	 * Unfortunately, there is no platform-independent way to walk
3032 	 * CPUs in ID order.  We therefore loop through in cpu_next order,
3033 	 * building an array of CPU pointers which will subsequently be
3034 	 * sorted.
3035 	 */
3036 	cw->cw_array =
3037 	    mdb_zalloc((max_ncpus + 1) * sizeof (uintptr_t), UM_SLEEP | UM_GC);
3038 
3039 	if (mdb_readvar(&first, "cpu_list") == -1) {
3040 		mdb_warn("failed to read 'cpu_list'");
3041 		return (WALK_ERR);
3042 	}
3043 
3044 	current = first;
3045 	do {
3046 		if (mdb_vread(&cpu, sizeof (cpu), current) == -1) {
3047 			mdb_warn("failed to read cpu at %p", current);
3048 			return (WALK_ERR);
3049 		}
3050 
3051 		if (panicstr != NULL && panic_cpu.cpu_id == cpu.cpu_id) {
3052 			cw->cw_array[i++] = addr;
3053 		} else {
3054 			cw->cw_array[i++] = current;
3055 		}
3056 	} while ((current = (uintptr_t)cpu.cpu_next) != first);
3057 
3058 	qsort(cw->cw_array, i, sizeof (uintptr_t), cpu_walk_cmp);
3059 	wsp->walk_data = cw;
3060 
3061 	return (WALK_NEXT);
3062 }
3063 
3064 int
3065 cpu_walk_step(mdb_walk_state_t *wsp)
3066 {
3067 	cpu_walk_t *cw = wsp->walk_data;
3068 	cpu_t cpu;
3069 	uintptr_t addr = cw->cw_array[cw->cw_ndx++];
3070 
3071 	if (addr == NULL)
3072 		return (WALK_DONE);
3073 
3074 	if (mdb_vread(&cpu, sizeof (cpu), addr) == -1) {
3075 		mdb_warn("failed to read cpu at %p", addr);
3076 		return (WALK_DONE);
3077 	}
3078 
3079 	return (wsp->walk_callback(addr, &cpu, wsp->walk_cbdata));
3080 }
3081 
3082 typedef struct cpuinfo_data {
3083 	intptr_t cid_cpu;
3084 	uintptr_t cid_lbolt;
3085 	uintptr_t **cid_ithr;
3086 	char	cid_print_head;
3087 	char	cid_print_thr;
3088 	char	cid_print_ithr;
3089 	char	cid_print_flags;
3090 } cpuinfo_data_t;
3091 
3092 int
3093 cpuinfo_walk_ithread(uintptr_t addr, const kthread_t *thr, cpuinfo_data_t *cid)
3094 {
3095 	cpu_t c;
3096 	int id;
3097 	uint8_t pil;
3098 
3099 	if (!(thr->t_flag & T_INTR_THREAD) || thr->t_state == TS_FREE)
3100 		return (WALK_NEXT);
3101 
3102 	if (thr->t_bound_cpu == NULL) {
3103 		mdb_warn("thr %p is intr thread w/out a CPU\n", addr);
3104 		return (WALK_NEXT);
3105 	}
3106 
3107 	(void) mdb_vread(&c, sizeof (c), (uintptr_t)thr->t_bound_cpu);
3108 
3109 	if ((id = c.cpu_id) >= NCPU) {
3110 		mdb_warn("CPU %p has id (%d) greater than NCPU (%d)\n",
3111 		    thr->t_bound_cpu, id, NCPU);
3112 		return (WALK_NEXT);
3113 	}
3114 
3115 	if ((pil = thr->t_pil) >= NINTR) {
3116 		mdb_warn("thread %p has pil (%d) greater than %d\n",
3117 		    addr, pil, NINTR);
3118 		return (WALK_NEXT);
3119 	}
3120 
3121 	if (cid->cid_ithr[id][pil] != NULL) {
3122 		mdb_warn("CPU %d has multiple threads at pil %d (at least "
3123 		    "%p and %p)\n", id, pil, addr, cid->cid_ithr[id][pil]);
3124 		return (WALK_NEXT);
3125 	}
3126 
3127 	cid->cid_ithr[id][pil] = addr;
3128 
3129 	return (WALK_NEXT);
3130 }
3131 
3132 #define	CPUINFO_IDWIDTH		3
3133 #define	CPUINFO_FLAGWIDTH	9
3134 
3135 #ifdef _LP64
3136 #if defined(__amd64)
3137 #define	CPUINFO_TWIDTH		16
3138 #define	CPUINFO_CPUWIDTH	16
3139 #else
3140 #define	CPUINFO_CPUWIDTH	11
3141 #define	CPUINFO_TWIDTH		11
3142 #endif
3143 #else
3144 #define	CPUINFO_CPUWIDTH	8
3145 #define	CPUINFO_TWIDTH		8
3146 #endif
3147 
3148 #define	CPUINFO_THRDELT		(CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH + 9)
3149 #define	CPUINFO_FLAGDELT	(CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH + 4)
3150 #define	CPUINFO_ITHRDELT	4
3151 
3152 #define	CPUINFO_INDENT	mdb_printf("%*s", CPUINFO_THRDELT, \
3153     flagline < nflaglines ? flagbuf[flagline++] : "")
3154 
3155 int
3156 cpuinfo_walk_cpu(uintptr_t addr, const cpu_t *cpu, cpuinfo_data_t *cid)
3157 {
3158 	kthread_t t;
3159 	disp_t disp;
3160 	proc_t p;
3161 	uintptr_t pinned;
3162 	char **flagbuf;
3163 	int nflaglines = 0, flagline = 0, bspl, rval = WALK_NEXT;
3164 
3165 	const char *flags[] = {
3166 	    "RUNNING", "READY", "QUIESCED", "EXISTS",
3167 	    "ENABLE", "OFFLINE", "POWEROFF", "FROZEN",
3168 	    "SPARE", "FAULTED", NULL
3169 	};
3170 
3171 	if (cid->cid_cpu != -1) {
3172 		if (addr != cid->cid_cpu && cpu->cpu_id != cid->cid_cpu)
3173 			return (WALK_NEXT);
3174 
3175 		/*
3176 		 * Set cid_cpu to -1 to indicate that we found a matching CPU.
3177 		 */
3178 		cid->cid_cpu = -1;
3179 		rval = WALK_DONE;
3180 	}
3181 
3182 	if (cid->cid_print_head) {
3183 		mdb_printf("%3s %-*s %3s %4s %4s %3s %4s %5s %-6s %-*s %s\n",
3184 		    "ID", CPUINFO_CPUWIDTH, "ADDR", "FLG", "NRUN", "BSPL",
3185 		    "PRI", "RNRN", "KRNRN", "SWITCH", CPUINFO_TWIDTH, "THREAD",
3186 		    "PROC");
3187 		cid->cid_print_head = FALSE;
3188 	}
3189 
3190 	bspl = cpu->cpu_base_spl;
3191 
3192 	if (mdb_vread(&disp, sizeof (disp_t), (uintptr_t)cpu->cpu_disp) == -1) {
3193 		mdb_warn("failed to read disp_t at %p", cpu->cpu_disp);
3194 		return (WALK_ERR);
3195 	}
3196 
3197 	mdb_printf("%3d %0*p %3x %4d %4d ",
3198 	    cpu->cpu_id, CPUINFO_CPUWIDTH, addr, cpu->cpu_flags,
3199 	    disp.disp_nrunnable, bspl);
3200 
3201 	if (mdb_vread(&t, sizeof (t), (uintptr_t)cpu->cpu_thread) != -1) {
3202 		mdb_printf("%3d ", t.t_pri);
3203 	} else {
3204 		mdb_printf("%3s ", "-");
3205 	}
3206 
3207 	mdb_printf("%4s %5s ", cpu->cpu_runrun ? "yes" : "no",
3208 	    cpu->cpu_kprunrun ? "yes" : "no");
3209 
3210 	if (cpu->cpu_last_swtch) {
3211 		clock_t lbolt;
3212 
3213 		if (mdb_vread(&lbolt, sizeof (lbolt), cid->cid_lbolt) == -1) {
3214 			mdb_warn("failed to read lbolt at %p", cid->cid_lbolt);
3215 			return (WALK_ERR);
3216 		}
3217 		mdb_printf("t-%-4d ", lbolt - cpu->cpu_last_swtch);
3218 	} else {
3219 		mdb_printf("%-6s ", "-");
3220 	}
3221 
3222 	mdb_printf("%0*p", CPUINFO_TWIDTH, cpu->cpu_thread);
3223 
3224 	if (cpu->cpu_thread == cpu->cpu_idle_thread)
3225 		mdb_printf(" (idle)\n");
3226 	else if (cpu->cpu_thread == NULL)
3227 		mdb_printf(" -\n");
3228 	else {
3229 		if (mdb_vread(&p, sizeof (p), (uintptr_t)t.t_procp) != -1) {
3230 			mdb_printf(" %s\n", p.p_user.u_comm);
3231 		} else {
3232 			mdb_printf(" ?\n");
3233 		}
3234 	}
3235 
3236 	flagbuf = mdb_zalloc(sizeof (flags), UM_SLEEP | UM_GC);
3237 
3238 	if (cid->cid_print_flags) {
3239 		int first = 1, i, j, k;
3240 		char *s;
3241 
3242 		cid->cid_print_head = TRUE;
3243 
3244 		for (i = 1, j = 0; flags[j] != NULL; i <<= 1, j++) {
3245 			if (!(cpu->cpu_flags & i))
3246 				continue;
3247 
3248 			if (first) {
3249 				s = mdb_alloc(CPUINFO_THRDELT + 1,
3250 				    UM_GC | UM_SLEEP);
3251 
3252 				(void) mdb_snprintf(s, CPUINFO_THRDELT + 1,
3253 				    "%*s|%*s", CPUINFO_FLAGDELT, "",
3254 				    CPUINFO_THRDELT - 1 - CPUINFO_FLAGDELT, "");
3255 				flagbuf[nflaglines++] = s;
3256 			}
3257 
3258 			s = mdb_alloc(CPUINFO_THRDELT + 1, UM_GC | UM_SLEEP);
3259 			(void) mdb_snprintf(s, CPUINFO_THRDELT + 1, "%*s%*s %s",
3260 			    CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH -
3261 			    CPUINFO_FLAGWIDTH, "", CPUINFO_FLAGWIDTH, flags[j],
3262 			    first ? "<--+" : "");
3263 
3264 			for (k = strlen(s); k < CPUINFO_THRDELT; k++)
3265 				s[k] = ' ';
3266 			s[k] = '\0';
3267 
3268 			flagbuf[nflaglines++] = s;
3269 			first = 0;
3270 		}
3271 	}
3272 
3273 	if (cid->cid_print_ithr) {
3274 		int i, found_one = FALSE;
3275 		int print_thr = disp.disp_nrunnable && cid->cid_print_thr;
3276 
3277 		for (i = NINTR - 1; i >= 0; i--) {
3278 			uintptr_t iaddr = cid->cid_ithr[cpu->cpu_id][i];
3279 
3280 			if (iaddr == NULL)
3281 				continue;
3282 
3283 			if (!found_one) {
3284 				found_one = TRUE;
3285 
3286 				CPUINFO_INDENT;
3287 				mdb_printf("%c%*s|\n", print_thr ? '|' : ' ',
3288 				    CPUINFO_ITHRDELT, "");
3289 
3290 				CPUINFO_INDENT;
3291 				mdb_printf("%c%*s+--> %3s %s\n",
3292 				    print_thr ? '|' : ' ', CPUINFO_ITHRDELT,
3293 				    "", "PIL", "THREAD");
3294 			}
3295 
3296 			if (mdb_vread(&t, sizeof (t), iaddr) == -1) {
3297 				mdb_warn("failed to read kthread_t at %p",
3298 				    iaddr);
3299 				return (WALK_ERR);
3300 			}
3301 
3302 			CPUINFO_INDENT;
3303 			mdb_printf("%c%*s     %3d %0*p\n",
3304 			    print_thr ? '|' : ' ', CPUINFO_ITHRDELT, "",
3305 			    t.t_pil, CPUINFO_TWIDTH, iaddr);
3306 
3307 			pinned = (uintptr_t)t.t_intr;
3308 		}
3309 
3310 		if (found_one && pinned != NULL) {
3311 			cid->cid_print_head = TRUE;
3312 			(void) strcpy(p.p_user.u_comm, "?");
3313 
3314 			if (mdb_vread(&t, sizeof (t),
3315 			    (uintptr_t)pinned) == -1) {
3316 				mdb_warn("failed to read kthread_t at %p",
3317 				    pinned);
3318 				return (WALK_ERR);
3319 			}
3320 			if (mdb_vread(&p, sizeof (p),
3321 			    (uintptr_t)t.t_procp) == -1) {
3322 				mdb_warn("failed to read proc_t at %p",
3323 				    t.t_procp);
3324 				return (WALK_ERR);
3325 			}
3326 
3327 			CPUINFO_INDENT;
3328 			mdb_printf("%c%*s     %3s %0*p %s\n",
3329 			    print_thr ? '|' : ' ', CPUINFO_ITHRDELT, "", "-",
3330 			    CPUINFO_TWIDTH, pinned,
3331 			    pinned == (uintptr_t)cpu->cpu_idle_thread ?
3332 			    "(idle)" : p.p_user.u_comm);
3333 		}
3334 	}
3335 
3336 	if (disp.disp_nrunnable && cid->cid_print_thr) {
3337 		dispq_t *dq;
3338 
3339 		int i, npri = disp.disp_npri;
3340 
3341 		dq = mdb_alloc(sizeof (dispq_t) * npri, UM_SLEEP | UM_GC);
3342 
3343 		if (mdb_vread(dq, sizeof (dispq_t) * npri,
3344 		    (uintptr_t)disp.disp_q) == -1) {
3345 			mdb_warn("failed to read dispq_t at %p", disp.disp_q);
3346 			return (WALK_ERR);
3347 		}
3348 
3349 		CPUINFO_INDENT;
3350 		mdb_printf("|\n");
3351 
3352 		CPUINFO_INDENT;
3353 		mdb_printf("+-->  %3s %-*s %s\n", "PRI",
3354 		    CPUINFO_TWIDTH, "THREAD", "PROC");
3355 
3356 		for (i = npri - 1; i >= 0; i--) {
3357 			uintptr_t taddr = (uintptr_t)dq[i].dq_first;
3358 
3359 			while (taddr != NULL) {
3360 				if (mdb_vread(&t, sizeof (t), taddr) == -1) {
3361 					mdb_warn("failed to read kthread_t "
3362 					    "at %p", taddr);
3363 					return (WALK_ERR);
3364 				}
3365 				if (mdb_vread(&p, sizeof (p),
3366 				    (uintptr_t)t.t_procp) == -1) {
3367 					mdb_warn("failed to read proc_t at %p",
3368 					    t.t_procp);
3369 					return (WALK_ERR);
3370 				}
3371 
3372 				CPUINFO_INDENT;
3373 				mdb_printf("      %3d %0*p %s\n", t.t_pri,
3374 				    CPUINFO_TWIDTH, taddr, p.p_user.u_comm);
3375 
3376 				taddr = (uintptr_t)t.t_link;
3377 			}
3378 		}
3379 		cid->cid_print_head = TRUE;
3380 	}
3381 
3382 	while (flagline < nflaglines)
3383 		mdb_printf("%s\n", flagbuf[flagline++]);
3384 
3385 	if (cid->cid_print_head)
3386 		mdb_printf("\n");
3387 
3388 	return (rval);
3389 }
3390 
3391 int
3392 cpuinfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3393 {
3394 	uint_t verbose = FALSE;
3395 	cpuinfo_data_t cid;
3396 	GElf_Sym sym;
3397 	clock_t lbolt;
3398 
3399 	cid.cid_print_ithr = FALSE;
3400 	cid.cid_print_thr = FALSE;
3401 	cid.cid_print_flags = FALSE;
3402 	cid.cid_print_head = DCMD_HDRSPEC(flags) ? TRUE : FALSE;
3403 	cid.cid_cpu = -1;
3404 
3405 	if (flags & DCMD_ADDRSPEC)
3406 		cid.cid_cpu = addr;
3407 
3408 	if (mdb_getopts(argc, argv,
3409 	    'v', MDB_OPT_SETBITS, TRUE, &verbose, NULL) != argc)
3410 		return (DCMD_USAGE);
3411 
3412 	if (verbose) {
3413 		cid.cid_print_ithr = TRUE;
3414 		cid.cid_print_thr = TRUE;
3415 		cid.cid_print_flags = TRUE;
3416 		cid.cid_print_head = TRUE;
3417 	}
3418 
3419 	if (cid.cid_print_ithr) {
3420 		int i;
3421 
3422 		cid.cid_ithr = mdb_alloc(sizeof (uintptr_t **)
3423 		    * NCPU, UM_SLEEP | UM_GC);
3424 
3425 		for (i = 0; i < NCPU; i++)
3426 			cid.cid_ithr[i] = mdb_zalloc(sizeof (uintptr_t *) *
3427 			    NINTR, UM_SLEEP | UM_GC);
3428 
3429 		if (mdb_walk("thread", (mdb_walk_cb_t)cpuinfo_walk_ithread,
3430 		    &cid) == -1) {
3431 			mdb_warn("couldn't walk thread");
3432 			return (DCMD_ERR);
3433 		}
3434 	}
3435 
3436 	if (mdb_lookup_by_name("panic_lbolt", &sym) == -1) {
3437 		mdb_warn("failed to find panic_lbolt");
3438 		return (DCMD_ERR);
3439 	}
3440 
3441 	cid.cid_lbolt = (uintptr_t)sym.st_value;
3442 
3443 	if (mdb_vread(&lbolt, sizeof (lbolt), cid.cid_lbolt) == -1) {
3444 		mdb_warn("failed to read panic_lbolt");
3445 		return (DCMD_ERR);
3446 	}
3447 
3448 	if (lbolt == 0) {
3449 		if (mdb_lookup_by_name("lbolt", &sym) == -1) {
3450 			mdb_warn("failed to find lbolt");
3451 			return (DCMD_ERR);
3452 		}
3453 		cid.cid_lbolt = (uintptr_t)sym.st_value;
3454 	}
3455 
3456 	if (mdb_walk("cpu", (mdb_walk_cb_t)cpuinfo_walk_cpu, &cid) == -1) {
3457 		mdb_warn("can't walk cpus");
3458 		return (DCMD_ERR);
3459 	}
3460 
3461 	if (cid.cid_cpu != -1) {
3462 		/*
3463 		 * We didn't find this CPU when we walked through the CPUs
3464 		 * (i.e. the address specified doesn't show up in the "cpu"
3465 		 * walk).  However, the specified address may still correspond
3466 		 * to a valid cpu_t (for example, if the specified address is
3467 		 * the actual panicking cpu_t and not the cached panic_cpu).
3468 		 * Point is:  even if we didn't find it, we still want to try
3469 		 * to print the specified address as a cpu_t.
3470 		 */
3471 		cpu_t cpu;
3472 
3473 		if (mdb_vread(&cpu, sizeof (cpu), cid.cid_cpu) == -1) {
3474 			mdb_warn("%p is neither a valid CPU ID nor a "
3475 			    "valid cpu_t address\n", cid.cid_cpu);
3476 			return (DCMD_ERR);
3477 		}
3478 
3479 		(void) cpuinfo_walk_cpu(cid.cid_cpu, &cpu, &cid);
3480 	}
3481 
3482 	return (DCMD_OK);
3483 }
3484 
3485 /*ARGSUSED*/
3486 int
3487 flipone(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3488 {
3489 	int i;
3490 
3491 	if (!(flags & DCMD_ADDRSPEC))
3492 		return (DCMD_USAGE);
3493 
3494 	for (i = 0; i < sizeof (addr) * NBBY; i++)
3495 		mdb_printf("%p\n", addr ^ (1UL << i));
3496 
3497 	return (DCMD_OK);
3498 }
3499 
3500 /*
3501  * Grumble, grumble.
3502  */
3503 #define	SMAP_HASHFUNC(vp, off)	\
3504 	((((uintptr_t)(vp) >> 6) + ((uintptr_t)(vp) >> 3) + \
3505 	((off) >> MAXBSHIFT)) & smd_hashmsk)
3506 
3507 int
3508 vnode2smap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3509 {
3510 	long smd_hashmsk;
3511 	int hash;
3512 	uintptr_t offset = 0;
3513 	struct smap smp;
3514 	uintptr_t saddr, kaddr;
3515 	uintptr_t smd_hash, smd_smap;
3516 	struct seg seg;
3517 
3518 	if (!(flags & DCMD_ADDRSPEC))
3519 		return (DCMD_USAGE);
3520 
3521 	if (mdb_readvar(&smd_hashmsk, "smd_hashmsk") == -1) {
3522 		mdb_warn("failed to read smd_hashmsk");
3523 		return (DCMD_ERR);
3524 	}
3525 
3526 	if (mdb_readvar(&smd_hash, "smd_hash") == -1) {
3527 		mdb_warn("failed to read smd_hash");
3528 		return (DCMD_ERR);
3529 	}
3530 
3531 	if (mdb_readvar(&smd_smap, "smd_smap") == -1) {
3532 		mdb_warn("failed to read smd_hash");
3533 		return (DCMD_ERR);
3534 	}
3535 
3536 	if (mdb_readvar(&kaddr, "segkmap") == -1) {
3537 		mdb_warn("failed to read segkmap");
3538 		return (DCMD_ERR);
3539 	}
3540 
3541 	if (mdb_vread(&seg, sizeof (seg), kaddr) == -1) {
3542 		mdb_warn("failed to read segkmap at %p", kaddr);
3543 		return (DCMD_ERR);
3544 	}
3545 
3546 	if (argc != 0) {
3547 		const mdb_arg_t *arg = &argv[0];
3548 
3549 		if (arg->a_type == MDB_TYPE_IMMEDIATE)
3550 			offset = arg->a_un.a_val;
3551 		else
3552 			offset = (uintptr_t)mdb_strtoull(arg->a_un.a_str);
3553 	}
3554 
3555 	hash = SMAP_HASHFUNC(addr, offset);
3556 
3557 	if (mdb_vread(&saddr, sizeof (saddr),
3558 	    smd_hash + hash * sizeof (uintptr_t)) == -1) {
3559 		mdb_warn("couldn't read smap at %p",
3560 		    smd_hash + hash * sizeof (uintptr_t));
3561 		return (DCMD_ERR);
3562 	}
3563 
3564 	do {
3565 		if (mdb_vread(&smp, sizeof (smp), saddr) == -1) {
3566 			mdb_warn("couldn't read smap at %p", saddr);
3567 			return (DCMD_ERR);
3568 		}
3569 
3570 		if ((uintptr_t)smp.sm_vp == addr && smp.sm_off == offset) {
3571 			mdb_printf("vnode %p, offs %p is smap %p, vaddr %p\n",
3572 			    addr, offset, saddr, ((saddr - smd_smap) /
3573 			    sizeof (smp)) * MAXBSIZE + seg.s_base);
3574 			return (DCMD_OK);
3575 		}
3576 
3577 		saddr = (uintptr_t)smp.sm_hash;
3578 	} while (saddr != NULL);
3579 
3580 	mdb_printf("no smap for vnode %p, offs %p\n", addr, offset);
3581 	return (DCMD_OK);
3582 }
3583 
3584 /*ARGSUSED*/
3585 int
3586 addr2smap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3587 {
3588 	uintptr_t kaddr;
3589 	struct seg seg;
3590 	struct segmap_data sd;
3591 
3592 	if (!(flags & DCMD_ADDRSPEC))
3593 		return (DCMD_USAGE);
3594 
3595 	if (mdb_readvar(&kaddr, "segkmap") == -1) {
3596 		mdb_warn("failed to read segkmap");
3597 		return (DCMD_ERR);
3598 	}
3599 
3600 	if (mdb_vread(&seg, sizeof (seg), kaddr) == -1) {
3601 		mdb_warn("failed to read segkmap at %p", kaddr);
3602 		return (DCMD_ERR);
3603 	}
3604 
3605 	if (mdb_vread(&sd, sizeof (sd), (uintptr_t)seg.s_data) == -1) {
3606 		mdb_warn("failed to read segmap_data at %p", seg.s_data);
3607 		return (DCMD_ERR);
3608 	}
3609 
3610 	mdb_printf("%p is smap %p\n", addr,
3611 	    ((addr - (uintptr_t)seg.s_base) >> MAXBSHIFT) *
3612 	    sizeof (struct smap) + (uintptr_t)sd.smd_sm);
3613 
3614 	return (DCMD_OK);
3615 }
3616 
3617 int
3618 as2proc_walk(uintptr_t addr, const proc_t *p, struct as **asp)
3619 {
3620 	if (p->p_as == *asp)
3621 		mdb_printf("%p\n", addr);
3622 	return (WALK_NEXT);
3623 }
3624 
3625 /*ARGSUSED*/
3626 int
3627 as2proc(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3628 {
3629 	if (!(flags & DCMD_ADDRSPEC) || argc != 0)
3630 		return (DCMD_USAGE);
3631 
3632 	if (mdb_walk("proc", (mdb_walk_cb_t)as2proc_walk, &addr) == -1) {
3633 		mdb_warn("failed to walk proc");
3634 		return (DCMD_ERR);
3635 	}
3636 
3637 	return (DCMD_OK);
3638 }
3639 
3640 /*ARGSUSED*/
3641 int
3642 ptree_walk(uintptr_t addr, const proc_t *p, void *ignored)
3643 {
3644 	proc_t parent;
3645 	int ident = 0;
3646 	uintptr_t paddr;
3647 
3648 	for (paddr = (uintptr_t)p->p_parent; paddr != NULL; ident += 5) {
3649 		mdb_vread(&parent, sizeof (parent), paddr);
3650 		paddr = (uintptr_t)parent.p_parent;
3651 	}
3652 
3653 	mdb_inc_indent(ident);
3654 	mdb_printf("%0?p  %s\n", addr, p->p_user.u_comm);
3655 	mdb_dec_indent(ident);
3656 
3657 	return (WALK_NEXT);
3658 }
3659 
3660 void
3661 ptree_ancestors(uintptr_t addr, uintptr_t start)
3662 {
3663 	proc_t p;
3664 
3665 	if (mdb_vread(&p, sizeof (p), addr) == -1) {
3666 		mdb_warn("couldn't read ancestor at %p", addr);
3667 		return;
3668 	}
3669 
3670 	if (p.p_parent != NULL)
3671 		ptree_ancestors((uintptr_t)p.p_parent, start);
3672 
3673 	if (addr != start)
3674 		(void) ptree_walk(addr, &p, NULL);
3675 }
3676 
3677 /*ARGSUSED*/
3678 int
3679 ptree(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3680 {
3681 	if (!(flags & DCMD_ADDRSPEC))
3682 		addr = NULL;
3683 	else
3684 		ptree_ancestors(addr, addr);
3685 
3686 	if (mdb_pwalk("proc", (mdb_walk_cb_t)ptree_walk, NULL, addr) == -1) {
3687 		mdb_warn("couldn't walk 'proc'");
3688 		return (DCMD_ERR);
3689 	}
3690 
3691 	return (DCMD_OK);
3692 }
3693 
3694 /*ARGSUSED*/
3695 static int
3696 fd(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3697 {
3698 	int fdnum;
3699 	const mdb_arg_t *argp = &argv[0];
3700 	proc_t p;
3701 	uf_entry_t uf;
3702 
3703 	if ((flags & DCMD_ADDRSPEC) == 0) {
3704 		mdb_warn("fd doesn't give global information\n");
3705 		return (DCMD_ERR);
3706 	}
3707 	if (argc != 1)
3708 		return (DCMD_USAGE);
3709 
3710 	if (argp->a_type == MDB_TYPE_IMMEDIATE)
3711 		fdnum = argp->a_un.a_val;
3712 	else
3713 		fdnum = mdb_strtoull(argp->a_un.a_str);
3714 
3715 	if (mdb_vread(&p, sizeof (struct proc), addr) == -1) {
3716 		mdb_warn("couldn't read proc_t at %p", addr);
3717 		return (DCMD_ERR);
3718 	}
3719 	if (fdnum > p.p_user.u_finfo.fi_nfiles) {
3720 		mdb_warn("process %p only has %d files open.\n",
3721 		    addr, p.p_user.u_finfo.fi_nfiles);
3722 		return (DCMD_ERR);
3723 	}
3724 	if (mdb_vread(&uf, sizeof (uf_entry_t),
3725 	    (uintptr_t)&p.p_user.u_finfo.fi_list[fdnum]) == -1) {
3726 		mdb_warn("couldn't read uf_entry_t at %p",
3727 		    &p.p_user.u_finfo.fi_list[fdnum]);
3728 		return (DCMD_ERR);
3729 	}
3730 
3731 	mdb_printf("%p\n", uf.uf_file);
3732 	return (DCMD_OK);
3733 }
3734 
3735 /*ARGSUSED*/
3736 static int
3737 pid2proc(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3738 {
3739 	pid_t pid = (pid_t)addr;
3740 
3741 	if (argc != 0)
3742 		return (DCMD_USAGE);
3743 
3744 	if ((addr = mdb_pid2proc(pid, NULL)) == NULL) {
3745 		mdb_warn("PID 0t%d not found\n", pid);
3746 		return (DCMD_ERR);
3747 	}
3748 
3749 	mdb_printf("%p\n", addr);
3750 	return (DCMD_OK);
3751 }
3752 
3753 static char *sysfile_cmd[] = {
3754 	"exclude:",
3755 	"include:",
3756 	"forceload:",
3757 	"rootdev:",
3758 	"rootfs:",
3759 	"swapdev:",
3760 	"swapfs:",
3761 	"moddir:",
3762 	"set",
3763 	"unknown",
3764 };
3765 
3766 static char *sysfile_ops[] = { "", "=", "&", "|" };
3767 
3768 /*ARGSUSED*/
3769 static int
3770 sysfile_vmem_seg(uintptr_t addr, const vmem_seg_t *vsp, void **target)
3771 {
3772 	if (vsp->vs_type == VMEM_ALLOC && (void *)vsp->vs_start == *target) {
3773 		*target = NULL;
3774 		return (WALK_DONE);
3775 	}
3776 	return (WALK_NEXT);
3777 }
3778 
3779 /*ARGSUSED*/
3780 static int
3781 sysfile(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3782 {
3783 	struct sysparam *sysp, sys;
3784 	char var[256];
3785 	char modname[256];
3786 	char val[256];
3787 	char strval[256];
3788 	vmem_t *mod_sysfile_arena;
3789 	void *straddr;
3790 
3791 	if (mdb_readvar(&sysp, "sysparam_hd") == -1) {
3792 		mdb_warn("failed to read sysparam_hd");
3793 		return (DCMD_ERR);
3794 	}
3795 
3796 	if (mdb_readvar(&mod_sysfile_arena, "mod_sysfile_arena") == -1) {
3797 		mdb_warn("failed to read mod_sysfile_arena");
3798 		return (DCMD_ERR);
3799 	}
3800 
3801 	while (sysp != NULL) {
3802 		var[0] = '\0';
3803 		val[0] = '\0';
3804 		modname[0] = '\0';
3805 		if (mdb_vread(&sys, sizeof (sys), (uintptr_t)sysp) == -1) {
3806 			mdb_warn("couldn't read sysparam %p", sysp);
3807 			return (DCMD_ERR);
3808 		}
3809 		if (sys.sys_modnam != NULL &&
3810 		    mdb_readstr(modname, 256,
3811 		    (uintptr_t)sys.sys_modnam) == -1) {
3812 			mdb_warn("couldn't read modname in %p", sysp);
3813 			return (DCMD_ERR);
3814 		}
3815 		if (sys.sys_ptr != NULL &&
3816 		    mdb_readstr(var, 256, (uintptr_t)sys.sys_ptr) == -1) {
3817 			mdb_warn("couldn't read ptr in %p", sysp);
3818 			return (DCMD_ERR);
3819 		}
3820 		if (sys.sys_op != SETOP_NONE) {
3821 			/*
3822 			 * Is this an int or a string?  We determine this
3823 			 * by checking whether straddr is contained in
3824 			 * mod_sysfile_arena.  If so, the walker will set
3825 			 * straddr to NULL.
3826 			 */
3827 			straddr = (void *)(uintptr_t)sys.sys_info;
3828 			if (sys.sys_op == SETOP_ASSIGN &&
3829 			    sys.sys_info != 0 &&
3830 			    mdb_pwalk("vmem_seg",
3831 			    (mdb_walk_cb_t)sysfile_vmem_seg, &straddr,
3832 			    (uintptr_t)mod_sysfile_arena) == 0 &&
3833 			    straddr == NULL &&
3834 			    mdb_readstr(strval, 256,
3835 			    (uintptr_t)sys.sys_info) != -1) {
3836 				(void) mdb_snprintf(val, sizeof (val), "\"%s\"",
3837 				    strval);
3838 			} else {
3839 				(void) mdb_snprintf(val, sizeof (val),
3840 				    "0x%llx [0t%llu]", sys.sys_info,
3841 				    sys.sys_info);
3842 			}
3843 		}
3844 		mdb_printf("%s %s%s%s%s%s\n", sysfile_cmd[sys.sys_type],
3845 		    modname, modname[0] == '\0' ? "" : ":",
3846 		    var, sysfile_ops[sys.sys_op], val);
3847 
3848 		sysp = sys.sys_next;
3849 	}
3850 
3851 	return (DCMD_OK);
3852 }
3853 
3854 /*
3855  * Dump a taskq_ent_t given its address.
3856  */
3857 /*ARGSUSED*/
3858 int
3859 taskq_ent(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3860 {
3861 	taskq_ent_t	taskq_ent;
3862 	GElf_Sym	sym;
3863 	char		buf[MDB_SYM_NAMLEN+1];
3864 
3865 
3866 	if (!(flags & DCMD_ADDRSPEC)) {
3867 		mdb_warn("expected explicit taskq_ent_t address before ::\n");
3868 		return (DCMD_USAGE);
3869 	}
3870 
3871 	if (mdb_vread(&taskq_ent, sizeof (taskq_ent_t), addr) == -1) {
3872 		mdb_warn("failed to read taskq_ent_t at %p", addr);
3873 		return (DCMD_ERR);
3874 	}
3875 
3876 	if (DCMD_HDRSPEC(flags)) {
3877 		mdb_printf("%<u>%-?s    %-?s    %-s%</u>\n",
3878 		"ENTRY", "ARG", "FUNCTION");
3879 	}
3880 
3881 	if (mdb_lookup_by_addr((uintptr_t)taskq_ent.tqent_func, MDB_SYM_EXACT,
3882 	    buf, sizeof (buf), &sym) == -1) {
3883 		(void) strcpy(buf, "????");
3884 	}
3885 
3886 	mdb_printf("%-?p    %-?p    %s\n", addr, taskq_ent.tqent_arg, buf);
3887 
3888 	return (DCMD_OK);
3889 }
3890 
3891 /*
3892  * Given the address of the (taskq_t) task queue head, walk the queue listing
3893  * the address of every taskq_ent_t.
3894  */
3895 int
3896 taskq_walk_init(mdb_walk_state_t *wsp)
3897 {
3898 	taskq_t	tq_head;
3899 
3900 
3901 	if (wsp->walk_addr == NULL) {
3902 		mdb_warn("start address required\n");
3903 		return (WALK_ERR);
3904 	}
3905 
3906 
3907 	/*
3908 	 * Save the address of the list head entry.  This terminates the list.
3909 	 */
3910 	wsp->walk_data = (void *)
3911 	    ((size_t)wsp->walk_addr + offsetof(taskq_t, tq_task));
3912 
3913 
3914 	/*
3915 	 * Read in taskq head, set walk_addr to point to first taskq_ent_t.
3916 	 */
3917 	if (mdb_vread((void *)&tq_head, sizeof (taskq_t), wsp->walk_addr) ==
3918 	    -1) {
3919 		mdb_warn("failed to read taskq list head at %p",
3920 		    wsp->walk_addr);
3921 	}
3922 	wsp->walk_addr = (uintptr_t)tq_head.tq_task.tqent_next;
3923 
3924 
3925 	/*
3926 	 * Check for null list (next=head)
3927 	 */
3928 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data) {
3929 		return (WALK_DONE);
3930 	}
3931 
3932 	return (WALK_NEXT);
3933 }
3934 
3935 
3936 int
3937 taskq_walk_step(mdb_walk_state_t *wsp)
3938 {
3939 	taskq_ent_t	tq_ent;
3940 	int		status;
3941 
3942 
3943 	if (mdb_vread((void *)&tq_ent, sizeof (taskq_ent_t), wsp->walk_addr) ==
3944 	    -1) {
3945 		mdb_warn("failed to read taskq_ent_t at %p", wsp->walk_addr);
3946 		return (DCMD_ERR);
3947 	}
3948 
3949 	status = wsp->walk_callback(wsp->walk_addr, (void *)&tq_ent,
3950 	    wsp->walk_cbdata);
3951 
3952 	wsp->walk_addr = (uintptr_t)tq_ent.tqent_next;
3953 
3954 
3955 	/* Check if we're at the last element (next=head) */
3956 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data) {
3957 		return (WALK_DONE);
3958 	}
3959 
3960 	return (status);
3961 }
3962 
3963 int
3964 didmatch(uintptr_t addr, const kthread_t *thr, kt_did_t *didp)
3965 {
3966 
3967 	if (*didp == thr->t_did) {
3968 		mdb_printf("%p\n", addr);
3969 		return (WALK_DONE);
3970 	} else
3971 		return (WALK_NEXT);
3972 }
3973 
3974 /*ARGSUSED*/
3975 int
3976 did2thread(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3977 {
3978 	const mdb_arg_t *argp = &argv[0];
3979 	kt_did_t	did;
3980 
3981 	if (argc != 1)
3982 		return (DCMD_USAGE);
3983 
3984 	did = (kt_did_t)mdb_strtoull(argp->a_un.a_str);
3985 
3986 	if (mdb_walk("thread", (mdb_walk_cb_t)didmatch, (void *)&did) == -1) {
3987 		mdb_warn("failed to walk thread");
3988 		return (DCMD_ERR);
3989 
3990 	}
3991 	return (DCMD_OK);
3992 
3993 }
3994 
3995 static int
3996 errorq_walk_init(mdb_walk_state_t *wsp)
3997 {
3998 	if (wsp->walk_addr == NULL &&
3999 	    mdb_readvar(&wsp->walk_addr, "errorq_list") == -1) {
4000 		mdb_warn("failed to read errorq_list");
4001 		return (WALK_ERR);
4002 	}
4003 
4004 	return (WALK_NEXT);
4005 }
4006 
4007 static int
4008 errorq_walk_step(mdb_walk_state_t *wsp)
4009 {
4010 	uintptr_t addr = wsp->walk_addr;
4011 	errorq_t eq;
4012 
4013 	if (addr == NULL)
4014 		return (WALK_DONE);
4015 
4016 	if (mdb_vread(&eq, sizeof (eq), addr) == -1) {
4017 		mdb_warn("failed to read errorq at %p", addr);
4018 		return (WALK_ERR);
4019 	}
4020 
4021 	wsp->walk_addr = (uintptr_t)eq.eq_next;
4022 	return (wsp->walk_callback(addr, &eq, wsp->walk_cbdata));
4023 }
4024 
4025 typedef struct eqd_walk_data {
4026 	uintptr_t *eqd_stack;
4027 	void *eqd_buf;
4028 	ulong_t eqd_qpos;
4029 	ulong_t eqd_qlen;
4030 	size_t eqd_size;
4031 } eqd_walk_data_t;
4032 
4033 /*
4034  * In order to walk the list of pending error queue elements, we push the
4035  * addresses of the corresponding data buffers in to the eqd_stack array.
4036  * The error lists are in reverse chronological order when iterating using
4037  * eqe_prev, so we then pop things off the top in eqd_walk_step so that the
4038  * walker client gets addresses in order from oldest error to newest error.
4039  */
4040 static void
4041 eqd_push_list(eqd_walk_data_t *eqdp, uintptr_t addr)
4042 {
4043 	errorq_elem_t eqe;
4044 
4045 	while (addr != NULL) {
4046 		if (mdb_vread(&eqe, sizeof (eqe), addr) != sizeof (eqe)) {
4047 			mdb_warn("failed to read errorq element at %p", addr);
4048 			break;
4049 		}
4050 
4051 		if (eqdp->eqd_qpos == eqdp->eqd_qlen) {
4052 			mdb_warn("errorq is overfull -- more than %lu "
4053 			    "elems found\n", eqdp->eqd_qlen);
4054 			break;
4055 		}
4056 
4057 		eqdp->eqd_stack[eqdp->eqd_qpos++] = (uintptr_t)eqe.eqe_data;
4058 		addr = (uintptr_t)eqe.eqe_prev;
4059 	}
4060 }
4061 
4062 static int
4063 eqd_walk_init(mdb_walk_state_t *wsp)
4064 {
4065 	eqd_walk_data_t *eqdp;
4066 	errorq_elem_t eqe, *addr;
4067 	errorq_t eq;
4068 	ulong_t i;
4069 
4070 	if (mdb_vread(&eq, sizeof (eq), wsp->walk_addr) == -1) {
4071 		mdb_warn("failed to read errorq at %p", wsp->walk_addr);
4072 		return (WALK_ERR);
4073 	}
4074 
4075 	if (eq.eq_ptail != NULL &&
4076 	    mdb_vread(&eqe, sizeof (eqe), (uintptr_t)eq.eq_ptail) == -1) {
4077 		mdb_warn("failed to read errorq element at %p", eq.eq_ptail);
4078 		return (WALK_ERR);
4079 	}
4080 
4081 	eqdp = mdb_alloc(sizeof (eqd_walk_data_t), UM_SLEEP);
4082 	wsp->walk_data = eqdp;
4083 
4084 	eqdp->eqd_stack = mdb_zalloc(sizeof (uintptr_t) * eq.eq_qlen, UM_SLEEP);
4085 	eqdp->eqd_buf = mdb_alloc(eq.eq_size, UM_SLEEP);
4086 	eqdp->eqd_qlen = eq.eq_qlen;
4087 	eqdp->eqd_qpos = 0;
4088 	eqdp->eqd_size = eq.eq_size;
4089 
4090 	/*
4091 	 * The newest elements in the queue are on the pending list, so we
4092 	 * push those on to our stack first.
4093 	 */
4094 	eqd_push_list(eqdp, (uintptr_t)eq.eq_pend);
4095 
4096 	/*
4097 	 * If eq_ptail is set, it may point to a subset of the errors on the
4098 	 * pending list in the event a casptr() failed; if ptail's data is
4099 	 * already in our stack, NULL out eq_ptail and ignore it.
4100 	 */
4101 	if (eq.eq_ptail != NULL) {
4102 		for (i = 0; i < eqdp->eqd_qpos; i++) {
4103 			if (eqdp->eqd_stack[i] == (uintptr_t)eqe.eqe_data) {
4104 				eq.eq_ptail = NULL;
4105 				break;
4106 			}
4107 		}
4108 	}
4109 
4110 	/*
4111 	 * If eq_phead is set, it has the processing list in order from oldest
4112 	 * to newest.  Use this to recompute eq_ptail as best we can and then
4113 	 * we nicely fall into eqd_push_list() of eq_ptail below.
4114 	 */
4115 	for (addr = eq.eq_phead; addr != NULL && mdb_vread(&eqe, sizeof (eqe),
4116 	    (uintptr_t)addr) == sizeof (eqe); addr = eqe.eqe_next)
4117 		eq.eq_ptail = addr;
4118 
4119 	/*
4120 	 * The oldest elements in the queue are on the processing list, subject
4121 	 * to machinations in the if-clauses above.  Push any such elements.
4122 	 */
4123 	eqd_push_list(eqdp, (uintptr_t)eq.eq_ptail);
4124 	return (WALK_NEXT);
4125 }
4126 
4127 static int
4128 eqd_walk_step(mdb_walk_state_t *wsp)
4129 {
4130 	eqd_walk_data_t *eqdp = wsp->walk_data;
4131 	uintptr_t addr;
4132 
4133 	if (eqdp->eqd_qpos == 0)
4134 		return (WALK_DONE);
4135 
4136 	addr = eqdp->eqd_stack[--eqdp->eqd_qpos];
4137 
4138 	if (mdb_vread(eqdp->eqd_buf, eqdp->eqd_size, addr) != eqdp->eqd_size) {
4139 		mdb_warn("failed to read errorq data at %p", addr);
4140 		return (WALK_ERR);
4141 	}
4142 
4143 	return (wsp->walk_callback(addr, eqdp->eqd_buf, wsp->walk_cbdata));
4144 }
4145 
4146 static void
4147 eqd_walk_fini(mdb_walk_state_t *wsp)
4148 {
4149 	eqd_walk_data_t *eqdp = wsp->walk_data;
4150 
4151 	mdb_free(eqdp->eqd_stack, sizeof (uintptr_t) * eqdp->eqd_qlen);
4152 	mdb_free(eqdp->eqd_buf, eqdp->eqd_size);
4153 	mdb_free(eqdp, sizeof (eqd_walk_data_t));
4154 }
4155 
4156 #define	EQKSVAL(eqv, what) (eqv.eq_kstat.what.value.ui64)
4157 
4158 static int
4159 errorq(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
4160 {
4161 	int i;
4162 	errorq_t eq;
4163 	uint_t opt_v = FALSE;
4164 
4165 	if (!(flags & DCMD_ADDRSPEC)) {
4166 		if (mdb_walk_dcmd("errorq", "errorq", argc, argv) == -1) {
4167 			mdb_warn("can't walk 'errorq'");
4168 			return (DCMD_ERR);
4169 		}
4170 		return (DCMD_OK);
4171 	}
4172 
4173 	i = mdb_getopts(argc, argv, 'v', MDB_OPT_SETBITS, TRUE, &opt_v, NULL);
4174 	argc -= i;
4175 	argv += i;
4176 
4177 	if (argc != 0)
4178 		return (DCMD_USAGE);
4179 
4180 	if (opt_v || DCMD_HDRSPEC(flags)) {
4181 		mdb_printf("%<u>%-11s %-16s %1s %1s %1s ",
4182 		    "ADDR", "NAME", "S", "V", "N");
4183 		if (!opt_v) {
4184 			mdb_printf("%7s %7s %7s%</u>\n",
4185 			    "ACCEPT", "DROP", "LOG");
4186 		} else {
4187 			mdb_printf("%5s %6s %6s %3s %16s%</u>\n",
4188 			    "KSTAT", "QLEN", "SIZE", "IPL", "FUNC");
4189 		}
4190 	}
4191 
4192 	if (mdb_vread(&eq, sizeof (eq), addr) != sizeof (eq)) {
4193 		mdb_warn("failed to read errorq at %p", addr);
4194 		return (DCMD_ERR);
4195 	}
4196 
4197 	mdb_printf("%-11p %-16s %c %c %c ", addr, eq.eq_name,
4198 	    (eq.eq_flags & ERRORQ_ACTIVE) ? '+' : '-',
4199 	    (eq.eq_flags & ERRORQ_VITAL) ? '!' : ' ',
4200 	    (eq.eq_flags & ERRORQ_NVLIST) ? '*' : ' ');
4201 
4202 	if (!opt_v) {
4203 		mdb_printf("%7llu %7llu %7llu\n",
4204 		    EQKSVAL(eq, eqk_dispatched) + EQKSVAL(eq, eqk_committed),
4205 		    EQKSVAL(eq, eqk_dropped) + EQKSVAL(eq, eqk_reserve_fail) +
4206 		    EQKSVAL(eq, eqk_commit_fail), EQKSVAL(eq, eqk_logged));
4207 	} else {
4208 		mdb_printf("%5s %6lu %6lu %3u %a\n",
4209 		    "  |  ", eq.eq_qlen, eq.eq_size, eq.eq_ipl, eq.eq_func);
4210 		mdb_printf("%38s\n%41s"
4211 		    "%12s %llu\n"
4212 		    "%53s %llu\n"
4213 		    "%53s %llu\n"
4214 		    "%53s %llu\n"
4215 		    "%53s %llu\n"
4216 		    "%53s %llu\n"
4217 		    "%53s %llu\n"
4218 		    "%53s %llu\n\n",
4219 		    "|", "+-> ",
4220 		    "DISPATCHED",	EQKSVAL(eq, eqk_dispatched),
4221 		    "DROPPED",		EQKSVAL(eq, eqk_dropped),
4222 		    "LOGGED",		EQKSVAL(eq, eqk_logged),
4223 		    "RESERVED",		EQKSVAL(eq, eqk_reserved),
4224 		    "RESERVE FAIL",	EQKSVAL(eq, eqk_reserve_fail),
4225 		    "COMMITTED",	EQKSVAL(eq, eqk_committed),
4226 		    "COMMIT FAIL",	EQKSVAL(eq, eqk_commit_fail),
4227 		    "CANCELLED",	EQKSVAL(eq, eqk_cancelled));
4228 	}
4229 
4230 	return (DCMD_OK);
4231 }
4232 
4233 /*ARGSUSED*/
4234 static int
4235 panicinfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
4236 {
4237 	cpu_t panic_cpu;
4238 	kthread_t *panic_thread;
4239 	void *buf;
4240 	panic_data_t *pd;
4241 	int i, n;
4242 
4243 	if (!mdb_prop_postmortem) {
4244 		mdb_warn("panicinfo can only be run on a system "
4245 		    "dump; see dumpadm(1M)\n");
4246 		return (DCMD_ERR);
4247 	}
4248 
4249 	if (flags & DCMD_ADDRSPEC || argc != 0)
4250 		return (DCMD_USAGE);
4251 
4252 	if (mdb_readsym(&panic_cpu, sizeof (cpu_t), "panic_cpu") == -1)
4253 		mdb_warn("failed to read 'panic_cpu'");
4254 	else
4255 		mdb_printf("%16s %?d\n", "cpu", panic_cpu.cpu_id);
4256 
4257 	if (mdb_readvar(&panic_thread, "panic_thread") == -1)
4258 		mdb_warn("failed to read 'panic_thread'");
4259 	else
4260 		mdb_printf("%16s %?p\n", "thread", panic_thread);
4261 
4262 	buf = mdb_alloc(PANICBUFSIZE, UM_SLEEP);
4263 	pd = (panic_data_t *)buf;
4264 
4265 	if (mdb_readsym(buf, PANICBUFSIZE, "panicbuf") == -1 ||
4266 	    pd->pd_version != PANICBUFVERS) {
4267 		mdb_warn("failed to read 'panicbuf'");
4268 		mdb_free(buf, PANICBUFSIZE);
4269 		return (DCMD_ERR);
4270 	}
4271 
4272 	mdb_printf("%16s %s\n", "message",  (char *)buf + pd->pd_msgoff);
4273 
4274 	n = (pd->pd_msgoff - (sizeof (panic_data_t) -
4275 	    sizeof (panic_nv_t))) / sizeof (panic_nv_t);
4276 
4277 	for (i = 0; i < n; i++)
4278 		mdb_printf("%16s %?llx\n",
4279 		    pd->pd_nvdata[i].pnv_name, pd->pd_nvdata[i].pnv_value);
4280 
4281 	mdb_free(buf, PANICBUFSIZE);
4282 	return (DCMD_OK);
4283 }
4284 
4285 static const mdb_dcmd_t dcmds[] = {
4286 
4287 	/* from genunix.c */
4288 	{ "addr2smap", ":[offset]", "translate address to smap", addr2smap },
4289 	{ "as2proc", ":", "convert as to proc_t address", as2proc },
4290 	{ "binding_hash_entry", ":", "print driver names hash table entry",
4291 		binding_hash_entry },
4292 	{ "callout", "?[-r|n] [-s|l] [-xhB] [-t | -ab nsec [-dkD]]"
4293 	    " [-C addr | -S seqid] [-f name|addr] [-p name| addr] [-T|L [-E]]"
4294 	    " [-FivVA]",
4295 	    "display callouts", callout, callout_help },
4296 	{ "calloutid", "[-d|v] xid", "print callout by extended id",
4297 	    calloutid, calloutid_help },
4298 	{ "class", NULL, "print process scheduler classes", class },
4299 	{ "cpuinfo", "?[-v]", "print CPUs and runnable threads", cpuinfo },
4300 	{ "did2thread", "? kt_did", "find kernel thread for this id",
4301 		did2thread },
4302 	{ "errorq", "?[-v]", "display kernel error queues", errorq },
4303 	{ "fd", ":[fd num]", "get a file pointer from an fd", fd },
4304 	{ "flipone", ":", "the vik_rev_level 2 special", flipone },
4305 	{ "lminfo", NULL, "print lock manager information", lminfo },
4306 	{ "ndi_event_hdl", "?", "print ndi_event_hdl", ndi_event_hdl },
4307 	{ "panicinfo", NULL, "print panic information", panicinfo },
4308 	{ "pid2proc", "?", "convert PID to proc_t address", pid2proc },
4309 	{ "pmap", ":[-q]", "print process memory map", pmap },
4310 	{ "project", NULL, "display kernel project(s)", project },
4311 	{ "ps", "[-fltzTP]", "list processes (and associated thr,lwp)", ps },
4312 	{ "pgrep", "[-x] [-n | -o] pattern",
4313 		"pattern match against all processes", pgrep },
4314 	{ "ptree", NULL, "print process tree", ptree },
4315 	{ "seg", ":", "print address space segment", seg },
4316 	{ "sysevent", "?[-sv]", "print sysevent pending or sent queue",
4317 		sysevent},
4318 	{ "sysevent_channel", "?", "print sysevent channel database",
4319 		sysevent_channel},
4320 	{ "sysevent_class_list", ":", "print sysevent class list",
4321 		sysevent_class_list},
4322 	{ "sysevent_subclass_list", ":",
4323 		"print sysevent subclass list", sysevent_subclass_list},
4324 	{ "system", NULL, "print contents of /etc/system file", sysfile },
4325 	{ "task", NULL, "display kernel task(s)", task },
4326 	{ "taskq_entry", ":", "display a taskq_ent_t", taskq_ent },
4327 	{ "vnode2path", ":[-F]", "vnode address to pathname", vnode2path },
4328 	{ "vnode2smap", ":[offset]", "translate vnode to smap", vnode2smap },
4329 	{ "whereopen", ":", "given a vnode, dumps procs which have it open",
4330 	    whereopen },
4331 
4332 	/* from zone.c */
4333 	{ "zone", "?", "display kernel zone(s)", zoneprt },
4334 	{ "zsd", ":[-v] [zsd_key]", "display zone-specific-data entries for "
4335 	    "selected zones", zsd },
4336 
4337 	/* from bio.c */
4338 	{ "bufpagefind", ":addr", "find page_t on buf_t list", bufpagefind },
4339 
4340 	/* from contract.c */
4341 	{ "contract", "?", "display a contract", cmd_contract },
4342 	{ "ctevent", ":", "display a contract event", cmd_ctevent },
4343 	{ "ctid", ":", "convert id to a contract pointer", cmd_ctid },
4344 
4345 	/* from cpupart.c */
4346 	{ "cpupart", "?[-v]", "print cpu partition info", cpupart },
4347 
4348 	/* from cyclic.c */
4349 	{ "cyccover", NULL, "dump cyclic coverage information", cyccover },
4350 	{ "cycid", "?", "dump a cyclic id", cycid },
4351 	{ "cycinfo", "?", "dump cyc_cpu info", cycinfo },
4352 	{ "cyclic", ":", "developer information", cyclic },
4353 	{ "cyctrace", "?", "dump cyclic trace buffer", cyctrace },
4354 
4355 	/* from devinfo.c */
4356 	{ "devbindings", "?[-qs] [device-name | major-num]",
4357 	    "print devinfo nodes bound to device-name or major-num",
4358 	    devbindings, devinfo_help },
4359 	{ "devinfo", ":[-qs]", "detailed devinfo of one node", devinfo,
4360 	    devinfo_help },
4361 	{ "devinfo_audit", ":[-v]", "devinfo configuration audit record",
4362 	    devinfo_audit },
4363 	{ "devinfo_audit_log", "?[-v]", "system wide devinfo configuration log",
4364 	    devinfo_audit_log },
4365 	{ "devinfo_audit_node", ":[-v]", "devinfo node configuration history",
4366 	    devinfo_audit_node },
4367 	{ "devinfo2driver", ":", "find driver name for this devinfo node",
4368 	    devinfo2driver },
4369 	{ "devnames", "?[-vm] [num]", "print devnames array", devnames },
4370 	{ "dev2major", "?<dev_t>", "convert dev_t to a major number",
4371 	    dev2major },
4372 	{ "dev2minor", "?<dev_t>", "convert dev_t to a minor number",
4373 	    dev2minor },
4374 	{ "devt", "?<dev_t>", "display a dev_t's major and minor numbers",
4375 	    devt },
4376 	{ "major2name", "?<major-num>", "convert major number to dev name",
4377 	    major2name },
4378 	{ "minornodes", ":", "given a devinfo node, print its minor nodes",
4379 	    minornodes },
4380 	{ "modctl2devinfo", ":", "given a modctl, list its devinfos",
4381 	    modctl2devinfo },
4382 	{ "name2major", "<dev-name>", "convert dev name to major number",
4383 	    name2major },
4384 	{ "prtconf", "?[-vpc]", "print devinfo tree", prtconf, prtconf_help },
4385 	{ "softstate", ":<instance>", "retrieve soft-state pointer",
4386 	    softstate },
4387 	{ "devinfo_fm", ":", "devinfo fault managment configuration",
4388 	    devinfo_fm },
4389 	{ "devinfo_fmce", ":", "devinfo fault managment cache entry",
4390 	    devinfo_fmce},
4391 
4392 	/* from fm.c */
4393 	{ "ereport", "[-v]", "print ereports logged in dump",
4394 	    ereport },
4395 
4396 	/* from findstack.c */
4397 	{ "findstack", ":[-v]", "find kernel thread stack", findstack },
4398 	{ "findstack_debug", NULL, "toggle findstack debugging",
4399 		findstack_debug },
4400 	{ "stacks", "?[-afiv] [-c func] [-C func] [-m module] [-M module] "
4401 		"[-s sobj | -S sobj] [-t tstate | -T tstate]",
4402 		"print unique kernel thread stacks",
4403 		stacks, stacks_help },
4404 
4405 	/* from irm.c */
4406 	{ "irmpools", NULL, "display interrupt pools", irmpools_dcmd },
4407 	{ "irmreqs", NULL, "display interrupt requests in an interrupt pool",
4408 	    irmreqs_dcmd },
4409 	{ "irmreq", NULL, "display an interrupt request", irmreq_dcmd },
4410 
4411 	/* from kgrep.c + genunix.c */
4412 	{ "kgrep", KGREP_USAGE, "search kernel as for a pointer", kgrep,
4413 		kgrep_help },
4414 
4415 	/* from kmem.c */
4416 	{ "allocdby", ":", "given a thread, print its allocated buffers",
4417 		allocdby },
4418 	{ "bufctl", ":[-vh] [-a addr] [-c caller] [-e earliest] [-l latest] "
4419 		"[-t thd]", "print or filter a bufctl", bufctl, bufctl_help },
4420 	{ "freedby", ":", "given a thread, print its freed buffers", freedby },
4421 	{ "kmalog", "?[ fail | slab ]",
4422 	    "display kmem transaction log and stack traces", kmalog },
4423 	{ "kmastat", "[-kmg]", "kernel memory allocator stats",
4424 	    kmastat },
4425 	{ "kmausers", "?[-ef] [cache ...]", "current medium and large users "
4426 		"of the kmem allocator", kmausers, kmausers_help },
4427 	{ "kmem_cache", "?[-n name]",
4428 		"print kernel memory caches", kmem_cache, kmem_cache_help},
4429 	{ "kmem_slabs", "?[-v] [-n cache] [-N cache] [-b maxbins] "
4430 		"[-B minbinsize]", "display slab usage per kmem cache",
4431 		kmem_slabs, kmem_slabs_help },
4432 	{ "kmem_debug", NULL, "toggle kmem dcmd/walk debugging", kmem_debug },
4433 	{ "kmem_log", "?[-b]", "dump kmem transaction log", kmem_log },
4434 	{ "kmem_verify", "?", "check integrity of kmem-managed memory",
4435 		kmem_verify },
4436 	{ "vmem", "?", "print a vmem_t", vmem },
4437 	{ "vmem_seg", ":[-sv] [-c caller] [-e earliest] [-l latest] "
4438 		"[-m minsize] [-M maxsize] [-t thread] [-T type]",
4439 		"print or filter a vmem_seg", vmem_seg, vmem_seg_help },
4440 	{ "whatis", ":[-abiv]", "given an address, return information", whatis,
4441 		whatis_help },
4442 	{ "whatthread", ":[-v]", "print threads whose stack contains the "
4443 		"given address", whatthread },
4444 
4445 	/* from ldi.c */
4446 	{ "ldi_handle", "?[-i]", "display a layered driver handle",
4447 	    ldi_handle, ldi_handle_help },
4448 	{ "ldi_ident", NULL, "display a layered driver identifier",
4449 	    ldi_ident, ldi_ident_help },
4450 
4451 	/* from leaky.c + leaky_subr.c */
4452 	{ "findleaks", FINDLEAKS_USAGE,
4453 	    "search for potential kernel memory leaks", findleaks,
4454 	    findleaks_help },
4455 
4456 	/* from lgrp.c */
4457 	{ "lgrp", "?[-q] [-p | -Pih]", "display an lgrp", lgrp},
4458 	{ "lgrp_set", "", "display bitmask of lgroups as a list", lgrp_set},
4459 
4460 	/* from log.c */
4461 	{ "msgbuf", "?[-v]", "print most recent console messages", msgbuf },
4462 
4463 	/* from memory.c */
4464 	{ "page", "?", "display a summarized page_t", page },
4465 	{ "memstat", NULL, "display memory usage summary", memstat },
4466 	{ "memlist", "?[-iav]", "display a struct memlist", memlist },
4467 	{ "swapinfo", "?", "display a struct swapinfo", swapinfof },
4468 
4469 	/* from mmd.c */
4470 	{ "multidata", ":[-sv]", "display a summarized multidata_t",
4471 		multidata },
4472 	{ "pattbl", ":", "display a summarized multidata attribute table",
4473 		pattbl },
4474 	{ "pattr2multidata", ":", "print multidata pointer from pattr_t",
4475 		pattr2multidata },
4476 	{ "pdesc2slab", ":", "print pdesc slab pointer from pdesc_t",
4477 		pdesc2slab },
4478 	{ "pdesc_verify", ":", "verify integrity of a pdesc_t", pdesc_verify },
4479 	{ "slab2multidata", ":", "print multidata pointer from pdesc_slab_t",
4480 		slab2multidata },
4481 
4482 	/* from modhash.c */
4483 	{ "modhash", "?[-ceht] [-k key] [-v val] [-i index]",
4484 		"display information about one or all mod_hash structures",
4485 		modhash, modhash_help },
4486 	{ "modent", ":[-k | -v | -t type]",
4487 		"display information about a mod_hash_entry", modent,
4488 		modent_help },
4489 
4490 	/* from net.c */
4491 	{ "mi", ":[-p] [-d | -m]", "filter and display MI object or payload",
4492 		mi },
4493 	{ "netstat", "[-arv] [-f inet | inet6 | unix] [-P tcp | udp | icmp]",
4494 		"show network statistics", netstat },
4495 	{ "sonode", "?[-f inet | inet6 | unix | #] "
4496 		"[-t stream | dgram | raw | #] [-p #]",
4497 		"filter and display sonode", sonode },
4498 
4499 	/* from netstack.c */
4500 	{ "netstack", "", "show stack instances", netstack },
4501 
4502 	/* from nvpair.c */
4503 	{ NVPAIR_DCMD_NAME, NVPAIR_DCMD_USAGE, NVPAIR_DCMD_DESCR,
4504 		nvpair_print },
4505 	{ NVLIST_DCMD_NAME, NVLIST_DCMD_USAGE, NVLIST_DCMD_DESCR,
4506 		print_nvlist },
4507 
4508 	/* from pg.c */
4509 	{ "pg", "?[-q]", "display a pg", pg},
4510 	/* from group.c */
4511 	{ "group", "?[-q]", "display a group", group},
4512 
4513 	/* from log.c */
4514 	/* from rctl.c */
4515 	{ "rctl_dict", "?", "print systemwide default rctl definitions",
4516 		rctl_dict },
4517 	{ "rctl_list", ":[handle]", "print rctls for the given proc",
4518 		rctl_list },
4519 	{ "rctl", ":[handle]", "print a rctl_t, only if it matches the handle",
4520 		rctl },
4521 	{ "rctl_validate", ":[-v] [-n #]", "test resource control value "
4522 		"sequence", rctl_validate },
4523 
4524 	/* from sobj.c */
4525 	{ "rwlock", ":", "dump out a readers/writer lock", rwlock },
4526 	{ "mutex", ":[-f]", "dump out an adaptive or spin mutex", mutex,
4527 		mutex_help },
4528 	{ "sobj2ts", ":", "perform turnstile lookup on synch object", sobj2ts },
4529 	{ "wchaninfo", "?[-v]", "dump condition variable", wchaninfo },
4530 	{ "turnstile", "?", "display a turnstile", turnstile },
4531 
4532 	/* from stream.c */
4533 	{ "mblk", ":[-q|v] [-f|F flag] [-t|T type] [-l|L|B len] [-d dbaddr]",
4534 		"print an mblk", mblk_prt, mblk_help },
4535 	{ "mblk_verify", "?", "verify integrity of an mblk", mblk_verify },
4536 	{ "mblk2dblk", ":", "convert mblk_t address to dblk_t address",
4537 		mblk2dblk },
4538 	{ "q2otherq", ":", "print peer queue for a given queue", q2otherq },
4539 	{ "q2rdq", ":", "print read queue for a given queue", q2rdq },
4540 	{ "q2syncq", ":", "print syncq for a given queue", q2syncq },
4541 	{ "q2stream", ":", "print stream pointer for a given queue", q2stream },
4542 	{ "q2wrq", ":", "print write queue for a given queue", q2wrq },
4543 	{ "queue", ":[-q|v] [-m mod] [-f flag] [-F flag] [-s syncq_addr]",
4544 		"filter and display STREAM queue", queue, queue_help },
4545 	{ "stdata", ":[-q|v] [-f flag] [-F flag]",
4546 		"filter and display STREAM head", stdata, stdata_help },
4547 	{ "str2mate", ":", "print mate of this stream", str2mate },
4548 	{ "str2wrq", ":", "print write queue of this stream", str2wrq },
4549 	{ "stream", ":", "display STREAM", stream },
4550 	{ "strftevent", ":", "print STREAMS flow trace event", strftevent },
4551 	{ "syncq", ":[-q|v] [-f flag] [-F flag] [-t type] [-T type]",
4552 		"filter and display STREAM sync queue", syncq, syncq_help },
4553 	{ "syncq2q", ":", "print queue for a given syncq", syncq2q },
4554 
4555 	/* from thread.c */
4556 	{ "thread", "?[-bdfimps]", "display a summarized kthread_t", thread,
4557 		thread_help },
4558 	{ "threadlist", "?[-t] [-v [count]]",
4559 		"display threads and associated C stack traces", threadlist,
4560 		threadlist_help },
4561 	{ "stackinfo", "?[-h|-a]", "display kthread_t stack usage", stackinfo,
4562 		stackinfo_help },
4563 
4564 	/* from tsd.c */
4565 	{ "tsd", ":-k key", "print tsd[key-1] for this thread", ttotsd },
4566 	{ "tsdtot", ":", "find thread with this tsd", tsdtot },
4567 
4568 	/*
4569 	 * typegraph does not work under kmdb, as it requires too much memory
4570 	 * for its internal data structures.
4571 	 */
4572 #ifndef _KMDB
4573 	/* from typegraph.c */
4574 	{ "findlocks", ":", "find locks held by specified thread", findlocks },
4575 	{ "findfalse", "?[-v]", "find potentially falsely shared structures",
4576 		findfalse },
4577 	{ "typegraph", NULL, "build type graph", typegraph },
4578 	{ "istype", ":type", "manually set object type", istype },
4579 	{ "notype", ":", "manually clear object type", notype },
4580 	{ "whattype", ":", "determine object type", whattype },
4581 #endif
4582 
4583 	/* from vfs.c */
4584 	{ "fsinfo", "?[-v]", "print mounted filesystems", fsinfo },
4585 	{ "pfiles", ":[-fp]", "print process file information", pfiles,
4586 		pfiles_help },
4587 
4588 	/* from mdi.c */
4589 	{ "mdipi", NULL, "given a path, dump mdi_pathinfo "
4590 		"and detailed pi_prop list", mdipi },
4591 	{ "mdiprops", NULL, "given a pi_prop, dump the pi_prop list",
4592 		mdiprops },
4593 	{ "mdiphci", NULL, "given a phci, dump mdi_phci and "
4594 		"list all paths", mdiphci },
4595 	{ "mdivhci", NULL, "given a vhci, dump mdi_vhci and list "
4596 		"all phcis", mdivhci },
4597 	{ "mdiclient_paths", NULL, "given a path, walk mdi_pathinfo "
4598 		"client links", mdiclient_paths },
4599 	{ "mdiphci_paths", NULL, "given a path, walk through mdi_pathinfo "
4600 		"phci links", mdiphci_paths },
4601 	{ "mdiphcis", NULL, "given a phci, walk through mdi_phci ph_next links",
4602 		mdiphcis },
4603 
4604 	{ NULL }
4605 };
4606 
4607 static const mdb_walker_t walkers[] = {
4608 
4609 	/* from genunix.c */
4610 	{ "anon", "given an amp, list of anon structures",
4611 		anon_walk_init, anon_walk_step, anon_walk_fini },
4612 	{ "callouts_bytime", "walk callouts by list chain (expiration time)",
4613 		callout_walk_init, callout_walk_step, callout_walk_fini,
4614 		(void *)CALLOUT_WALK_BYLIST },
4615 	{ "callouts_byid", "walk callouts by id hash chain",
4616 		callout_walk_init, callout_walk_step, callout_walk_fini,
4617 		(void *)CALLOUT_WALK_BYID },
4618 	{ "callout_list", "walk a callout list", callout_list_walk_init,
4619 		callout_list_walk_step, callout_list_walk_fini },
4620 	{ "callout_table", "walk callout table array", callout_table_walk_init,
4621 		callout_table_walk_step, callout_table_walk_fini },
4622 	{ "cpu", "walk cpu structures", cpu_walk_init, cpu_walk_step },
4623 	{ "ereportq_dump", "walk list of ereports in dump error queue",
4624 		ereportq_dump_walk_init, ereportq_dump_walk_step, NULL },
4625 	{ "ereportq_pend", "walk list of ereports in pending error queue",
4626 		ereportq_pend_walk_init, ereportq_pend_walk_step, NULL },
4627 	{ "errorq", "walk list of system error queues",
4628 		errorq_walk_init, errorq_walk_step, NULL },
4629 	{ "errorq_data", "walk pending error queue data buffers",
4630 		eqd_walk_init, eqd_walk_step, eqd_walk_fini },
4631 	{ "allfile", "given a proc pointer, list all file pointers",
4632 		file_walk_init, allfile_walk_step, file_walk_fini },
4633 	{ "file", "given a proc pointer, list of open file pointers",
4634 		file_walk_init, file_walk_step, file_walk_fini },
4635 	{ "lock_descriptor", "walk lock_descriptor_t structures",
4636 		ld_walk_init, ld_walk_step, NULL },
4637 	{ "lock_graph", "walk lock graph",
4638 		lg_walk_init, lg_walk_step, NULL },
4639 	{ "port", "given a proc pointer, list of created event ports",
4640 		port_walk_init, port_walk_step, NULL },
4641 	{ "portev", "given a port pointer, list of events in the queue",
4642 		portev_walk_init, portev_walk_step, portev_walk_fini },
4643 	{ "proc", "list of active proc_t structures",
4644 		proc_walk_init, proc_walk_step, proc_walk_fini },
4645 	{ "projects", "walk a list of kernel projects",
4646 		project_walk_init, project_walk_step, NULL },
4647 	{ "seg", "given an as, list of segments",
4648 		seg_walk_init, avl_walk_step, avl_walk_fini },
4649 	{ "sysevent_pend", "walk sysevent pending queue",
4650 		sysevent_pend_walk_init, sysevent_walk_step,
4651 		sysevent_walk_fini},
4652 	{ "sysevent_sent", "walk sysevent sent queue", sysevent_sent_walk_init,
4653 		sysevent_walk_step, sysevent_walk_fini},
4654 	{ "sysevent_channel", "walk sysevent channel subscriptions",
4655 		sysevent_channel_walk_init, sysevent_channel_walk_step,
4656 		sysevent_channel_walk_fini},
4657 	{ "sysevent_class_list", "walk sysevent subscription's class list",
4658 		sysevent_class_list_walk_init, sysevent_class_list_walk_step,
4659 		sysevent_class_list_walk_fini},
4660 	{ "sysevent_subclass_list",
4661 		"walk sysevent subscription's subclass list",
4662 		sysevent_subclass_list_walk_init,
4663 		sysevent_subclass_list_walk_step,
4664 		sysevent_subclass_list_walk_fini},
4665 	{ "task", "given a task pointer, walk its processes",
4666 		task_walk_init, task_walk_step, NULL },
4667 	{ "taskq_entry", "given a taskq_t*, list all taskq_ent_t in the list",
4668 		taskq_walk_init, taskq_walk_step, NULL, NULL },
4669 
4670 	/* from avl.c */
4671 	{ AVL_WALK_NAME, AVL_WALK_DESC,
4672 		avl_walk_init, avl_walk_step, avl_walk_fini },
4673 
4674 	/* from zone.c */
4675 	{ "zone", "walk a list of kernel zones",
4676 		zone_walk_init, zone_walk_step, NULL },
4677 	{ "zsd", "walk list of zsd entries for a zone",
4678 		zsd_walk_init, zsd_walk_step, NULL },
4679 
4680 	/* from bio.c */
4681 	{ "buf", "walk the bio buf hash",
4682 		buf_walk_init, buf_walk_step, buf_walk_fini },
4683 
4684 	/* from contract.c */
4685 	{ "contract", "walk all contracts, or those of the specified type",
4686 		ct_walk_init, generic_walk_step, NULL },
4687 	{ "ct_event", "walk events on a contract event queue",
4688 		ct_event_walk_init, generic_walk_step, NULL },
4689 	{ "ct_listener", "walk contract event queue listeners",
4690 		ct_listener_walk_init, generic_walk_step, NULL },
4691 
4692 	/* from cpupart.c */
4693 	{ "cpupart_cpulist", "given an cpupart_t, walk cpus in partition",
4694 		cpupart_cpulist_walk_init, cpupart_cpulist_walk_step,
4695 		NULL },
4696 	{ "cpupart_walk", "walk the set of cpu partitions",
4697 		cpupart_walk_init, cpupart_walk_step, NULL },
4698 
4699 	/* from ctxop.c */
4700 	{ "ctxop", "walk list of context ops on a thread",
4701 		ctxop_walk_init, ctxop_walk_step, ctxop_walk_fini },
4702 
4703 	/* from cyclic.c */
4704 	{ "cyccpu", "walk per-CPU cyc_cpu structures",
4705 		cyccpu_walk_init, cyccpu_walk_step, NULL },
4706 	{ "cycomni", "for an omnipresent cyclic, walk cyc_omni_cpu list",
4707 		cycomni_walk_init, cycomni_walk_step, NULL },
4708 	{ "cyctrace", "walk cyclic trace buffer",
4709 		cyctrace_walk_init, cyctrace_walk_step, cyctrace_walk_fini },
4710 
4711 	/* from devinfo.c */
4712 	{ "binding_hash", "walk all entries in binding hash table",
4713 		binding_hash_walk_init, binding_hash_walk_step, NULL },
4714 	{ "devinfo", "walk devinfo tree or subtree",
4715 		devinfo_walk_init, devinfo_walk_step, devinfo_walk_fini },
4716 	{ "devinfo_audit_log", "walk devinfo audit system-wide log",
4717 		devinfo_audit_log_walk_init, devinfo_audit_log_walk_step,
4718 		devinfo_audit_log_walk_fini},
4719 	{ "devinfo_audit_node", "walk per-devinfo audit history",
4720 		devinfo_audit_node_walk_init, devinfo_audit_node_walk_step,
4721 		devinfo_audit_node_walk_fini},
4722 	{ "devinfo_children", "walk children of devinfo node",
4723 		devinfo_children_walk_init, devinfo_children_walk_step,
4724 		devinfo_children_walk_fini },
4725 	{ "devinfo_parents", "walk ancestors of devinfo node",
4726 		devinfo_parents_walk_init, devinfo_parents_walk_step,
4727 		devinfo_parents_walk_fini },
4728 	{ "devinfo_siblings", "walk siblings of devinfo node",
4729 		devinfo_siblings_walk_init, devinfo_siblings_walk_step, NULL },
4730 	{ "devi_next", "walk devinfo list",
4731 		NULL, devi_next_walk_step, NULL },
4732 	{ "devnames", "walk devnames array",
4733 		devnames_walk_init, devnames_walk_step, devnames_walk_fini },
4734 	{ "minornode", "given a devinfo node, walk minor nodes",
4735 		minornode_walk_init, minornode_walk_step, NULL },
4736 	{ "softstate",
4737 		"given an i_ddi_soft_state*, list all in-use driver stateps",
4738 		soft_state_walk_init, soft_state_walk_step,
4739 		NULL, NULL },
4740 	{ "softstate_all",
4741 		"given an i_ddi_soft_state*, list all driver stateps",
4742 		soft_state_walk_init, soft_state_all_walk_step,
4743 		NULL, NULL },
4744 	{ "devinfo_fmc",
4745 		"walk a fault management handle cache active list",
4746 		devinfo_fmc_walk_init, devinfo_fmc_walk_step, NULL },
4747 
4748 	/* from irm.c */
4749 	{ "irmpools", "walk global list of interrupt pools",
4750 	    irmpools_walk_init, list_walk_step, list_walk_fini },
4751 	{ "irmreqs", "walk list of interrupt requests in an interrupt pool",
4752 	    irmreqs_walk_init, list_walk_step, list_walk_fini },
4753 
4754 	/* from kmem.c */
4755 	{ "allocdby", "given a thread, walk its allocated bufctls",
4756 		allocdby_walk_init, allocdby_walk_step, allocdby_walk_fini },
4757 	{ "bufctl", "walk a kmem cache's bufctls",
4758 		bufctl_walk_init, kmem_walk_step, kmem_walk_fini },
4759 	{ "bufctl_history", "walk the available history of a bufctl",
4760 		bufctl_history_walk_init, bufctl_history_walk_step,
4761 		bufctl_history_walk_fini },
4762 	{ "freedby", "given a thread, walk its freed bufctls",
4763 		freedby_walk_init, allocdby_walk_step, allocdby_walk_fini },
4764 	{ "freectl", "walk a kmem cache's free bufctls",
4765 		freectl_walk_init, kmem_walk_step, kmem_walk_fini },
4766 	{ "freectl_constructed", "walk a kmem cache's constructed free bufctls",
4767 		freectl_constructed_walk_init, kmem_walk_step, kmem_walk_fini },
4768 	{ "freemem", "walk a kmem cache's free memory",
4769 		freemem_walk_init, kmem_walk_step, kmem_walk_fini },
4770 	{ "freemem_constructed", "walk a kmem cache's constructed free memory",
4771 		freemem_constructed_walk_init, kmem_walk_step, kmem_walk_fini },
4772 	{ "kmem", "walk a kmem cache",
4773 		kmem_walk_init, kmem_walk_step, kmem_walk_fini },
4774 	{ "kmem_cpu_cache", "given a kmem cache, walk its per-CPU caches",
4775 		kmem_cpu_cache_walk_init, kmem_cpu_cache_walk_step, NULL },
4776 	{ "kmem_hash", "given a kmem cache, walk its allocated hash table",
4777 		kmem_hash_walk_init, kmem_hash_walk_step, kmem_hash_walk_fini },
4778 	{ "kmem_log", "walk the kmem transaction log",
4779 		kmem_log_walk_init, kmem_log_walk_step, kmem_log_walk_fini },
4780 	{ "kmem_slab", "given a kmem cache, walk its slabs",
4781 		kmem_slab_walk_init, combined_walk_step, combined_walk_fini },
4782 	{ "kmem_slab_partial",
4783 	    "given a kmem cache, walk its partially allocated slabs (min 1)",
4784 		kmem_slab_walk_partial_init, combined_walk_step,
4785 		combined_walk_fini },
4786 	{ "vmem", "walk vmem structures in pre-fix, depth-first order",
4787 		vmem_walk_init, vmem_walk_step, vmem_walk_fini },
4788 	{ "vmem_alloc", "given a vmem_t, walk its allocated vmem_segs",
4789 		vmem_alloc_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4790 	{ "vmem_free", "given a vmem_t, walk its free vmem_segs",
4791 		vmem_free_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4792 	{ "vmem_postfix", "walk vmem structures in post-fix, depth-first order",
4793 		vmem_walk_init, vmem_postfix_walk_step, vmem_walk_fini },
4794 	{ "vmem_seg", "given a vmem_t, walk all of its vmem_segs",
4795 		vmem_seg_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4796 	{ "vmem_span", "given a vmem_t, walk its spanning vmem_segs",
4797 		vmem_span_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4798 
4799 	/* from ldi.c */
4800 	{ "ldi_handle", "walk the layered driver handle hash",
4801 		ldi_handle_walk_init, ldi_handle_walk_step, NULL },
4802 	{ "ldi_ident", "walk the layered driver identifier hash",
4803 		ldi_ident_walk_init, ldi_ident_walk_step, NULL },
4804 
4805 	/* from leaky.c + leaky_subr.c */
4806 	{ "leak", "given a leaked bufctl or vmem_seg, find leaks w/ same "
4807 	    "stack trace",
4808 		leaky_walk_init, leaky_walk_step, leaky_walk_fini },
4809 	{ "leakbuf", "given a leaked bufctl or vmem_seg, walk buffers for "
4810 	    "leaks w/ same stack trace",
4811 		leaky_walk_init, leaky_buf_walk_step, leaky_walk_fini },
4812 
4813 	/* from lgrp.c */
4814 	{ "lgrp_cpulist", "walk CPUs in a given lgroup",
4815 		lgrp_cpulist_walk_init, lgrp_cpulist_walk_step, NULL },
4816 	{ "lgrptbl", "walk lgroup table",
4817 		lgrp_walk_init, lgrp_walk_step, NULL },
4818 	{ "lgrp_parents", "walk up lgroup lineage from given lgroup",
4819 		lgrp_parents_walk_init, lgrp_parents_walk_step, NULL },
4820 	{ "lgrp_rsrc_mem", "walk lgroup memory resources of given lgroup",
4821 		lgrp_rsrc_mem_walk_init, lgrp_set_walk_step, NULL },
4822 	{ "lgrp_rsrc_cpu", "walk lgroup CPU resources of given lgroup",
4823 		lgrp_rsrc_cpu_walk_init, lgrp_set_walk_step, NULL },
4824 
4825 	/* from group.c */
4826 	{ "group", "walk all elements of a group",
4827 		group_walk_init, group_walk_step, NULL },
4828 
4829 	/* from list.c */
4830 	{ LIST_WALK_NAME, LIST_WALK_DESC,
4831 		list_walk_init, list_walk_step, list_walk_fini },
4832 
4833 	/* from memory.c */
4834 	{ "page", "walk all pages, or those from the specified vnode",
4835 		page_walk_init, page_walk_step, page_walk_fini },
4836 	{ "memlist", "walk specified memlist",
4837 		NULL, memlist_walk_step, NULL },
4838 	{ "swapinfo", "walk swapinfo structures",
4839 		swap_walk_init, swap_walk_step, NULL },
4840 
4841 	/* from mmd.c */
4842 	{ "pattr", "walk pattr_t structures", pattr_walk_init,
4843 		mmdq_walk_step, mmdq_walk_fini },
4844 	{ "pdesc", "walk pdesc_t structures",
4845 		pdesc_walk_init, mmdq_walk_step, mmdq_walk_fini },
4846 	{ "pdesc_slab", "walk pdesc_slab_t structures",
4847 		pdesc_slab_walk_init, mmdq_walk_step, mmdq_walk_fini },
4848 
4849 	/* from modhash.c */
4850 	{ "modhash", "walk list of mod_hash structures", modhash_walk_init,
4851 		modhash_walk_step, NULL },
4852 	{ "modent", "walk list of entries in a given mod_hash",
4853 		modent_walk_init, modent_walk_step, modent_walk_fini },
4854 	{ "modchain", "walk list of entries in a given mod_hash_entry",
4855 		NULL, modchain_walk_step, NULL },
4856 
4857 	/* from net.c */
4858 	{ "ar", "walk ar_t structures using MI for all stacks",
4859 		mi_payload_walk_init, mi_payload_walk_step, NULL, &mi_ar_arg },
4860 	{ "icmp", "walk ICMP control structures using MI for all stacks",
4861 		mi_payload_walk_init, mi_payload_walk_step, NULL,
4862 		&mi_icmp_arg },
4863 	{ "mi", "given a MI_O, walk the MI",
4864 		mi_walk_init, mi_walk_step, mi_walk_fini, NULL },
4865 	{ "sonode", "given a sonode, walk its children",
4866 		sonode_walk_init, sonode_walk_step, sonode_walk_fini, NULL },
4867 	{ "ar_stacks", "walk all the ar_stack_t",
4868 		ar_stacks_walk_init, ar_stacks_walk_step, NULL },
4869 	{ "icmp_stacks", "walk all the icmp_stack_t",
4870 		icmp_stacks_walk_init, icmp_stacks_walk_step, NULL },
4871 	{ "tcp_stacks", "walk all the tcp_stack_t",
4872 		tcp_stacks_walk_init, tcp_stacks_walk_step, NULL },
4873 	{ "udp_stacks", "walk all the udp_stack_t",
4874 		udp_stacks_walk_init, udp_stacks_walk_step, NULL },
4875 
4876 	/* from nvpair.c */
4877 	{ NVPAIR_WALKER_NAME, NVPAIR_WALKER_DESCR,
4878 		nvpair_walk_init, nvpair_walk_step, NULL },
4879 
4880 	/* from rctl.c */
4881 	{ "rctl_dict_list", "walk all rctl_dict_entry_t's from rctl_lists",
4882 		rctl_dict_walk_init, rctl_dict_walk_step, NULL },
4883 	{ "rctl_set", "given a rctl_set, walk all rctls", rctl_set_walk_init,
4884 		rctl_set_walk_step, NULL },
4885 	{ "rctl_val", "given a rctl_t, walk all rctl_val entries associated",
4886 		rctl_val_walk_init, rctl_val_walk_step },
4887 
4888 	/* from sobj.c */
4889 	{ "blocked", "walk threads blocked on a given sobj",
4890 		blocked_walk_init, blocked_walk_step, NULL },
4891 	{ "wchan", "given a wchan, list of blocked threads",
4892 		wchan_walk_init, wchan_walk_step, wchan_walk_fini },
4893 
4894 	/* from stream.c */
4895 	{ "b_cont", "walk mblk_t list using b_cont",
4896 		mblk_walk_init, b_cont_step, mblk_walk_fini },
4897 	{ "b_next", "walk mblk_t list using b_next",
4898 		mblk_walk_init, b_next_step, mblk_walk_fini },
4899 	{ "qlink", "walk queue_t list using q_link",
4900 		queue_walk_init, queue_link_step, queue_walk_fini },
4901 	{ "qnext", "walk queue_t list using q_next",
4902 		queue_walk_init, queue_next_step, queue_walk_fini },
4903 	{ "strftblk", "given a dblk_t, walk STREAMS flow trace event list",
4904 		strftblk_walk_init, strftblk_step, strftblk_walk_fini },
4905 	{ "readq", "walk read queue side of stdata",
4906 		str_walk_init, strr_walk_step, str_walk_fini },
4907 	{ "writeq", "walk write queue side of stdata",
4908 		str_walk_init, strw_walk_step, str_walk_fini },
4909 
4910 	/* from thread.c */
4911 	{ "deathrow", "walk threads on both lwp_ and thread_deathrow",
4912 		deathrow_walk_init, deathrow_walk_step, NULL },
4913 	{ "cpu_dispq", "given a cpu_t, walk threads in dispatcher queues",
4914 		cpu_dispq_walk_init, dispq_walk_step, dispq_walk_fini },
4915 	{ "cpupart_dispq",
4916 		"given a cpupart_t, walk threads in dispatcher queues",
4917 		cpupart_dispq_walk_init, dispq_walk_step, dispq_walk_fini },
4918 	{ "lwp_deathrow", "walk lwp_deathrow",
4919 		lwp_deathrow_walk_init, deathrow_walk_step, NULL },
4920 	{ "thread", "global or per-process kthread_t structures",
4921 		thread_walk_init, thread_walk_step, thread_walk_fini },
4922 	{ "thread_deathrow", "walk threads on thread_deathrow",
4923 		thread_deathrow_walk_init, deathrow_walk_step, NULL },
4924 
4925 	/* from tsd.c */
4926 	{ "tsd", "walk list of thread-specific data",
4927 		tsd_walk_init, tsd_walk_step, tsd_walk_fini },
4928 
4929 	/* from tsol.c */
4930 	{ "tnrh", "walk remote host cache structures",
4931 	    tnrh_walk_init, tnrh_walk_step, tnrh_walk_fini },
4932 	{ "tnrhtp", "walk remote host template structures",
4933 	    tnrhtp_walk_init, tnrhtp_walk_step, tnrhtp_walk_fini },
4934 
4935 	/*
4936 	 * typegraph does not work under kmdb, as it requires too much memory
4937 	 * for its internal data structures.
4938 	 */
4939 #ifndef _KMDB
4940 	/* from typegraph.c */
4941 	{ "typeconflict", "walk buffers with conflicting type inferences",
4942 		typegraph_walk_init, typeconflict_walk_step },
4943 	{ "typeunknown", "walk buffers with unknown types",
4944 		typegraph_walk_init, typeunknown_walk_step },
4945 #endif
4946 
4947 	/* from vfs.c */
4948 	{ "vfs", "walk file system list",
4949 		vfs_walk_init, vfs_walk_step },
4950 
4951 	/* from mdi.c */
4952 	{ "mdipi_client_list", "Walker for mdi_pathinfo pi_client_link",
4953 		mdi_pi_client_link_walk_init,
4954 		mdi_pi_client_link_walk_step,
4955 		mdi_pi_client_link_walk_fini },
4956 
4957 	{ "mdipi_phci_list", "Walker for mdi_pathinfo pi_phci_link",
4958 		mdi_pi_phci_link_walk_init,
4959 		mdi_pi_phci_link_walk_step,
4960 		mdi_pi_phci_link_walk_fini },
4961 
4962 	{ "mdiphci_list", "Walker for mdi_phci ph_next link",
4963 		mdi_phci_ph_next_walk_init,
4964 		mdi_phci_ph_next_walk_step,
4965 		mdi_phci_ph_next_walk_fini },
4966 
4967 	/* from netstack.c */
4968 	{ "netstack", "walk a list of kernel netstacks",
4969 		netstack_walk_init, netstack_walk_step, NULL },
4970 
4971 	{ NULL }
4972 };
4973 
4974 static const mdb_modinfo_t modinfo = { MDB_API_VERSION, dcmds, walkers };
4975 
4976 /*ARGSUSED*/
4977 static void
4978 genunix_statechange_cb(void *ignored)
4979 {
4980 	/*
4981 	 * Force ::findleaks and ::stacks to let go any cached state.
4982 	 */
4983 	leaky_cleanup(1);
4984 	stacks_cleanup(1);
4985 
4986 	kmem_statechange();	/* notify kmem */
4987 }
4988 
4989 const mdb_modinfo_t *
4990 _mdb_init(void)
4991 {
4992 	kmem_init();
4993 
4994 	(void) mdb_callback_add(MDB_CALLBACK_STCHG,
4995 	    genunix_statechange_cb, NULL);
4996 
4997 	return (&modinfo);
4998 }
4999 
5000 void
5001 _mdb_fini(void)
5002 {
5003 	leaky_cleanup(1);
5004 	stacks_cleanup(1);
5005 }
5006