xref: /illumos-gate/usr/src/uts/common/os/modctl.c (revision a6d4d7d5d0e34964282f736f7bade0574645f1fd)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * modctl system call for loadable module support.
31  */
32 
33 #include <sys/param.h>
34 #include <sys/user.h>
35 #include <sys/systm.h>
36 #include <sys/exec.h>
37 #include <sys/file.h>
38 #include <sys/stat.h>
39 #include <sys/conf.h>
40 #include <sys/time.h>
41 #include <sys/reboot.h>
42 #include <sys/fs/ufs_fsdir.h>
43 #include <sys/kmem.h>
44 #include <sys/sysconf.h>
45 #include <sys/cmn_err.h>
46 #include <sys/ddi.h>
47 #include <sys/sunddi.h>
48 #include <sys/sunndi.h>
49 #include <sys/ndi_impldefs.h>
50 #include <sys/ddi_impldefs.h>
51 #include <sys/ddi_implfuncs.h>
52 #include <sys/bootconf.h>
53 #include <sys/dc_ki.h>
54 #include <sys/cladm.h>
55 #include <sys/dtrace.h>
56 #include <sys/kdi.h>
57 
58 #include <sys/devpolicy.h>
59 #include <sys/modctl.h>
60 #include <sys/kobj.h>
61 #include <sys/devops.h>
62 #include <sys/autoconf.h>
63 #include <sys/hwconf.h>
64 #include <sys/callb.h>
65 #include <sys/debug.h>
66 #include <sys/cpuvar.h>
67 #include <sys/sysmacros.h>
68 #include <sys/sysevent.h>
69 #include <sys/sysevent_impl.h>
70 #include <sys/instance.h>
71 #include <sys/modhash.h>
72 #include <sys/modhash_impl.h>
73 #include <sys/dacf_impl.h>
74 #include <sys/vfs.h>
75 #include <sys/pathname.h>
76 #include <sys/console.h>
77 #include <sys/policy.h>
78 #include <ipp/ipp_impl.h>
79 #include <sys/fs/dv_node.h>
80 #include <sys/strsubr.h>
81 #include <sys/fs/sdev_node.h>
82 
83 static int		mod_circdep(struct modctl *);
84 static int		modinfo(modid_t, struct modinfo *);
85 
86 static void		mod_uninstall_all(void);
87 static int		mod_getinfo(struct modctl *, struct modinfo *);
88 static struct modctl	*allocate_modp(const char *, const char *);
89 
90 static int		mod_load(struct modctl *, int);
91 static void		mod_unload(struct modctl *);
92 static int		modinstall(struct modctl *);
93 static int		moduninstall(struct modctl *);
94 
95 static struct modctl	*mod_hold_by_name_common(struct modctl *, const char *);
96 static struct modctl	*mod_hold_next_by_id(modid_t);
97 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
98 static struct modctl	*mod_hold_installed_mod(char *, int, int, int *);
99 
100 static void		mod_release(struct modctl *);
101 static void		mod_make_requisite(struct modctl *, struct modctl *);
102 static int		mod_install_requisites(struct modctl *);
103 static void		check_esc_sequences(char *, char *);
104 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
105 
106 /*
107  * module loading thread control structure. Calls to kobj_load_module()() are
108  * handled off to a separate thead using this structure.
109  */
110 struct loadmt {
111 	ksema_t		sema;
112 	struct modctl	*mp;
113 	int		usepath;
114 	kthread_t	*owner;
115 	int		retval;
116 };
117 
118 static void	modload_thread(struct loadmt *);
119 
120 kcondvar_t	mod_cv;
121 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
122 					/* and the uninstall daemon. */
123 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
124 					/* mod_busy, mod_want, and mod_ref. */
125 					/* blocking operations while holding */
126 					/* mod_lock should be avoided */
127 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
128 kthread_id_t	mod_aul_thread;
129 
130 int		modunload_wait;
131 kmutex_t	modunload_wait_mutex;
132 kcondvar_t	modunload_wait_cv;
133 int		modunload_active_count;
134 int		modunload_disable_count;
135 
136 int	isminiroot;		/* set if running as miniroot */
137 int	modrootloaded;		/* set after root driver and fs are loaded */
138 int	moddebug = 0x0;		/* debug flags for module writers */
139 int	swaploaded;		/* set after swap driver and fs are loaded */
140 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
141 int	last_module_id;
142 clock_t	mod_uninstall_interval = 0;
143 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
144 
145 struct devnames *devnamesp;
146 struct devnames orphanlist;
147 
148 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
149 
150 #define	MAJBINDFILE "/etc/name_to_major"
151 #define	SYSBINDFILE "/etc/name_to_sysnum"
152 
153 static char	majbind[] = MAJBINDFILE;
154 static char	sysbind[] = SYSBINDFILE;
155 static uint_t	mod_autounload_key;	/* for module autounload detection */
156 
157 extern int obpdebug;
158 extern int make_mbind(char *, int, char *, struct bind **);
159 
160 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
161 
162 static int minorperm_loaded = 0;
163 
164 void
165 mod_setup(void)
166 {
167 	struct sysent *callp;
168 	int callnum, exectype;
169 	int	num_devs;
170 	int	i;
171 
172 	/*
173 	 * Initialize the list of loaded driver dev_ops.
174 	 * XXX - This must be done before reading the system file so that
175 	 * forceloads of drivers will work.
176 	 */
177 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
178 	/*
179 	 * Since read_binding_file is common code, it doesn't enforce that all
180 	 * of the binding file entries have major numbers <= MAXMAJ32.  Thus,
181 	 * ensure that we don't allocate some massive amount of space due to a
182 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
183 	 * until file system support for larger major numbers exists.
184 	 */
185 
186 	/*
187 	 * Leave space for expansion, but not more than L_MAXMAJ32
188 	 */
189 	devcnt = MIN(num_devs + 30, L_MAXMAJ32);
190 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
191 	for (i = 0; i < devcnt; i++)
192 		devopsp[i] = &mod_nodev_ops;
193 
194 	init_devnamesp(devcnt);
195 
196 	/*
197 	 * Sync up with the work that the stand-alone linker has already done.
198 	 */
199 	(void) kobj_sync();
200 
201 	if (boothowto & RB_DEBUG)
202 		kdi_dvec_modavail();
203 
204 	make_aliases(mb_hashtab);
205 
206 	/*
207 	 * Initialize streams device implementation structures.
208 	 */
209 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
210 
211 	/*
212 	 * If the cl_bootstrap module is present,
213 	 * we should be configured as a cluster. Loading this module
214 	 * will set "cluster_bootflags" to non-zero.
215 	 */
216 	(void) modload("misc", "cl_bootstrap");
217 
218 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
219 	init_syscallnames(NSYSCALL);
220 
221 	/*
222 	 * Start up dynamic autoconfiguration framework (dacf).
223 	 */
224 	mod_hash_init();
225 	dacf_init();
226 
227 	/*
228 	 * Start up IP policy framework (ipp).
229 	 */
230 	ipp_init();
231 
232 	/*
233 	 * Allocate loadable native system call locks.
234 	 */
235 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
236 	    callnum++, callp++) {
237 		if (LOADABLE_SYSCALL(callp)) {
238 			if (mod_getsysname(callnum) != NULL) {
239 				callp->sy_lock =
240 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
241 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
242 			} else {
243 				callp->sy_flags &= ~SE_LOADABLE;
244 				callp->sy_callc = nosys;
245 			}
246 #ifdef DEBUG
247 		} else {
248 			/*
249 			 * Do some sanity checks on the sysent table
250 			 */
251 			switch (callp->sy_flags & SE_RVAL_MASK) {
252 			case SE_32RVAL1:
253 				/* only r_val1 returned */
254 			case SE_32RVAL1 | SE_32RVAL2:
255 				/* r_val1 and r_val2 returned */
256 			case SE_64RVAL:
257 				/* 64-bit rval returned */
258 				break;
259 			default:
260 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
261 				    callnum, callp->sy_flags);
262 			}
263 #endif
264 		}
265 	}
266 
267 #ifdef _SYSCALL32_IMPL
268 	/*
269 	 * Allocate loadable system call locks for 32-bit compat syscalls
270 	 */
271 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
272 	    callnum++, callp++) {
273 		if (LOADABLE_SYSCALL(callp)) {
274 			if (mod_getsysname(callnum) != NULL) {
275 				callp->sy_lock =
276 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
277 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
278 			} else {
279 				callp->sy_flags &= ~SE_LOADABLE;
280 				callp->sy_callc = nosys;
281 			}
282 #ifdef DEBUG
283 		} else {
284 			/*
285 			 * Do some sanity checks on the sysent table
286 			 */
287 			switch (callp->sy_flags & SE_RVAL_MASK) {
288 			case SE_32RVAL1:
289 				/* only r_val1 returned */
290 			case SE_32RVAL1 | SE_32RVAL2:
291 				/* r_val1 and r_val2 returned */
292 			case SE_64RVAL:
293 				/* 64-bit rval returned */
294 				break;
295 			default:
296 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
297 				    callnum, callp->sy_flags);
298 				goto skip;
299 			}
300 
301 			/*
302 			 * Cross-check the native and compatibility tables.
303 			 */
304 			if (callp->sy_callc == nosys ||
305 			    sysent[callnum].sy_callc == nosys)
306 				continue;
307 			/*
308 			 * If only one or the other slot is loadable, then
309 			 * there's an error -- they should match!
310 			 */
311 			if ((callp->sy_callc == loadable_syscall) ^
312 			    (sysent[callnum].sy_callc == loadable_syscall)) {
313 				cmn_err(CE_WARN, "sysent[%d] loadable?",
314 				    callnum);
315 			}
316 			/*
317 			 * This is more of a heuristic test -- if the
318 			 * system call returns two values in the 32-bit
319 			 * world, it should probably return two 32-bit
320 			 * values in the 64-bit world too.
321 			 */
322 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
323 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
324 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
325 				    callnum);
326 			}
327 skip:;
328 #endif	/* DEBUG */
329 		}
330 	}
331 #endif	/* _SYSCALL32_IMPL */
332 
333 	/*
334 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
335 	 */
336 	for (exectype = 0; exectype < nexectype; exectype++) {
337 		execsw[exectype].exec_lock =
338 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
339 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
340 	}
341 
342 	read_class_file();
343 
344 	/* init thread specific structure for mod_uninstall_all */
345 	tsd_create(&mod_autounload_key, NULL);
346 }
347 
348 static int
349 modctl_modload(int use_path, char *filename, int *rvp)
350 {
351 	struct modctl *modp;
352 	int retval = 0;
353 	char *filenamep;
354 	int modid;
355 
356 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
357 
358 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
359 		retval = EFAULT;
360 		goto out;
361 	}
362 
363 	filenamep[MOD_MAXPATH - 1] = 0;
364 	modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
365 
366 	if (modp == NULL)
367 		goto out;
368 
369 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
370 	modid = modp->mod_id;
371 	mod_release_mod(modp);
372 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
373 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
374 		retval = EFAULT;
375 out:
376 	kmem_free(filenamep, MOD_MAXPATH);
377 
378 	return (retval);
379 }
380 
381 static int
382 modctl_modunload(modid_t id)
383 {
384 	int rval = 0;
385 
386 	if (id == 0) {
387 #ifdef DEBUG
388 		/*
389 		 * Turn on mod_uninstall_daemon
390 		 */
391 		if (mod_uninstall_interval == 0) {
392 			mod_uninstall_interval = 60;
393 			modreap();
394 			return (rval);
395 		}
396 #endif
397 		mod_uninstall_all();
398 	} else {
399 		rval = modunload(id);
400 	}
401 	return (rval);
402 }
403 
404 static int
405 modctl_modinfo(modid_t id, struct modinfo *umodi)
406 {
407 	int retval;
408 	struct modinfo modi;
409 #if defined(_SYSCALL32_IMPL)
410 	int nobase;
411 	struct modinfo32 modi32;
412 #endif
413 
414 	if (get_udatamodel() == DATAMODEL_NATIVE) {
415 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
416 			return (EFAULT);
417 	}
418 #ifdef _SYSCALL32_IMPL
419 	else {
420 		bzero(&modi, sizeof (modi));
421 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
422 			return (EFAULT);
423 		modi.mi_info = modi32.mi_info;
424 		modi.mi_id = modi32.mi_id;
425 		modi.mi_nextid = modi32.mi_nextid;
426 		nobase = modi.mi_info & MI_INFO_NOBASE;
427 	}
428 #endif
429 	/*
430 	 * This flag is -only- for the kernels use.
431 	 */
432 	modi.mi_info &= ~MI_INFO_LINKAGE;
433 
434 	retval = modinfo(id, &modi);
435 	if (retval)
436 		return (retval);
437 
438 	if (get_udatamodel() == DATAMODEL_NATIVE) {
439 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
440 			retval = EFAULT;
441 #ifdef _SYSCALL32_IMPL
442 	} else {
443 		int i;
444 
445 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
446 			return (EOVERFLOW);
447 
448 		modi32.mi_info = modi.mi_info;
449 		modi32.mi_state = modi.mi_state;
450 		modi32.mi_id = modi.mi_id;
451 		modi32.mi_nextid = modi.mi_nextid;
452 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
453 		modi32.mi_size = modi.mi_size;
454 		modi32.mi_rev = modi.mi_rev;
455 		modi32.mi_loadcnt = modi.mi_loadcnt;
456 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
457 		for (i = 0; i < MODMAXLINK32; i++) {
458 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
459 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
460 			    modi32.mi_msinfo[i].msi_linkinfo,
461 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
462 		}
463 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
464 			retval = EFAULT;
465 #endif
466 	}
467 
468 	return (retval);
469 }
470 
471 /*
472  * Return the last major number in the range of permissible major numbers.
473  */
474 /*ARGSUSED*/
475 static int
476 modctl_modreserve(modid_t id, int *data)
477 {
478 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
479 		return (EFAULT);
480 	return (0);
481 }
482 
483 static int
484 modctl_add_major(int *data)
485 {
486 	struct modconfig mc;
487 	int i, rv;
488 	struct aliases alias;
489 	struct aliases *ap;
490 	char name[MAXMODCONFNAME];
491 	char cname[MAXMODCONFNAME];
492 	char *drvname;
493 
494 	bzero(&mc, sizeof (struct modconfig));
495 	if (get_udatamodel() == DATAMODEL_NATIVE) {
496 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
497 			return (EFAULT);
498 	}
499 #ifdef _SYSCALL32_IMPL
500 	else {
501 		struct modconfig32 modc32;
502 
503 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
504 			return (EFAULT);
505 		else {
506 			bcopy(modc32.drvname, mc.drvname,
507 			    sizeof (modc32.drvname));
508 			bcopy(modc32.drvclass, mc.drvclass,
509 			    sizeof (modc32.drvclass));
510 			mc.major = modc32.major;
511 			mc.num_aliases = modc32.num_aliases;
512 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
513 		}
514 	}
515 #endif
516 
517 	/*
518 	 * If the driver is already in the mb_hashtab, and the name given
519 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
520 	 * we may be adding aliases.
521 	 */
522 	if ((drvname = mod_major_to_name(mc.major)) != NULL &&
523 	    strcmp(drvname, mc.drvname) != 0)
524 		return (EINVAL);
525 
526 	/*
527 	 * Add each supplied driver alias to mb_hashtab
528 	 */
529 	ap = mc.ap;
530 	for (i = 0; i < mc.num_aliases; i++) {
531 		bzero(&alias, sizeof (struct aliases));
532 
533 		if (get_udatamodel() == DATAMODEL_NATIVE) {
534 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0)
535 				return (EFAULT);
536 
537 			if (alias.a_len > MAXMODCONFNAME)
538 				return (EINVAL);
539 
540 			if (copyin(alias.a_name, name, alias.a_len) != 0)
541 				return (EFAULT);
542 
543 			if (name[alias.a_len - 1] != '\0')
544 				return (EINVAL);
545 		}
546 #ifdef _SYSCALL32_IMPL
547 		else {
548 			struct aliases32 al32;
549 
550 			bzero(&al32, sizeof (struct aliases32));
551 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0)
552 				return (EFAULT);
553 
554 			if (al32.a_len > MAXMODCONFNAME)
555 				return (EINVAL);
556 
557 			if (copyin((void *)(uintptr_t)al32.a_name,
558 			    name, al32.a_len) != 0)
559 				return (EFAULT);
560 
561 			if (name[al32.a_len - 1] != '\0')
562 				return (EINVAL);
563 
564 			alias.a_next = (void *)(uintptr_t)al32.a_next;
565 		}
566 #endif
567 		check_esc_sequences(name, cname);
568 		(void) make_mbind(cname, mc.major, NULL, mb_hashtab);
569 		ap = alias.a_next;
570 	}
571 
572 	/*
573 	 * Try to establish an mbinding for mc.drvname, and add it to devnames.
574 	 * Add class if any after establishing the major number
575 	 */
576 	(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
577 	rv = make_devname(mc.drvname, mc.major);
578 
579 	if (rv == 0) {
580 		if (mc.drvclass[0] != '\0')
581 			add_class(mc.drvname, mc.drvclass);
582 		(void) i_ddi_load_drvconf(mc.major);
583 		i_ddi_bind_devs();
584 		i_ddi_di_cache_invalidate(KM_SLEEP);
585 	}
586 	return (rv);
587 }
588 
589 static int
590 modctl_rem_major(major_t major)
591 {
592 	struct devnames *dnp;
593 
594 	if (major >= devcnt)
595 		return (EINVAL);
596 
597 	/* mark devnames as removed */
598 	dnp = &devnamesp[major];
599 	LOCK_DEV_OPS(&dnp->dn_lock);
600 	if (dnp->dn_name == NULL ||
601 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
602 		UNLOCK_DEV_OPS(&dnp->dn_lock);
603 		return (EINVAL);
604 	}
605 	dnp->dn_flags |= DN_DRIVER_REMOVED;
606 	pm_driver_removed(major);
607 	UNLOCK_DEV_OPS(&dnp->dn_lock);
608 
609 	(void) i_ddi_unload_drvconf(major);
610 	i_ddi_unbind_devs(major);
611 	i_ddi_di_cache_invalidate(KM_SLEEP);
612 	return (0);
613 }
614 
615 static struct vfs *
616 path_to_vfs(char *name)
617 {
618 	vnode_t *vp;
619 	struct vfs *vfsp;
620 
621 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
622 		return (NULL);
623 
624 	vfsp = vp->v_vfsp;
625 	VN_RELE(vp);
626 	return (vfsp);
627 }
628 
629 static int
630 new_vfs_in_modpath()
631 {
632 	static int n_modpath = 0;
633 	static char *modpath_copy;
634 	static struct pathvfs {
635 		char *path;
636 		struct vfs *vfsp;
637 	} *pathvfs;
638 
639 	int i, new_vfs = 0;
640 	char *tmp, *tmp1;
641 	struct vfs *vfsp;
642 
643 	if (n_modpath != 0) {
644 		for (i = 0; i < n_modpath; i++) {
645 			vfsp = path_to_vfs(pathvfs[i].path);
646 			if (vfsp != pathvfs[i].vfsp) {
647 				pathvfs[i].vfsp = vfsp;
648 				if (vfsp)
649 					new_vfs = 1;
650 			}
651 		}
652 		return (new_vfs);
653 	}
654 
655 	/*
656 	 * First call, initialize the pathvfs structure
657 	 */
658 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
659 	tmp = modpath_copy;
660 	n_modpath = 1;
661 	tmp1 = strchr(tmp, ' ');
662 	while (tmp1) {
663 		*tmp1 = '\0';
664 		n_modpath++;
665 		tmp = tmp1 + 1;
666 		tmp1 = strchr(tmp, ' ');
667 	}
668 
669 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
670 	tmp = modpath_copy;
671 	for (i = 0; i < n_modpath; i++) {
672 		pathvfs[i].path = tmp;
673 		vfsp = path_to_vfs(tmp);
674 		pathvfs[i].vfsp = vfsp;
675 		tmp += strlen(tmp) + 1;
676 	}
677 	return (1);	/* always reread driver.conf the first time */
678 }
679 
680 static int
681 modctl_load_drvconf(major_t major)
682 {
683 	int ret;
684 
685 	if (major != DDI_MAJOR_T_NONE) {
686 		ret = i_ddi_load_drvconf(major);
687 		if (ret == 0)
688 			i_ddi_bind_devs();
689 		return (ret);
690 	}
691 
692 	/*
693 	 * We are invoked to rescan new driver.conf files. It is
694 	 * only necessary if a new file system was mounted in the
695 	 * module_path. Because rescanning driver.conf files can
696 	 * take some time on older platforms (sun4m), the following
697 	 * code skips unnecessary driver.conf rescans to optimize
698 	 * boot performance.
699 	 */
700 	if (new_vfs_in_modpath()) {
701 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
702 		/*
703 		 * If we are still initializing io subsystem,
704 		 * load drivers with ddi-forceattach property
705 		 */
706 		if (!i_ddi_io_initialized())
707 			i_ddi_forceattach_drivers();
708 	}
709 	return (0);
710 }
711 
712 static int
713 modctl_unload_drvconf(major_t major)
714 {
715 	int ret;
716 
717 	if (major >= devcnt)
718 		return (EINVAL);
719 
720 	ret = i_ddi_unload_drvconf(major);
721 	if (ret != 0)
722 		return (ret);
723 	(void) i_ddi_unbind_devs(major);
724 
725 	return (0);
726 }
727 
728 static void
729 check_esc_sequences(char *str, char *cstr)
730 {
731 	int i;
732 	size_t len;
733 	char *p;
734 
735 	len = strlen(str);
736 	for (i = 0; i < len; i++, str++, cstr++) {
737 		if (*str != '\\') {
738 			*cstr = *str;
739 		} else {
740 			p = str + 1;
741 			/*
742 			 * we only handle octal escape sequences for SPACE
743 			 */
744 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
745 				*cstr = ' ';
746 				str += 3;
747 			} else {
748 				*cstr = *str;
749 			}
750 		}
751 	}
752 	*cstr = 0;
753 }
754 
755 static int
756 modctl_getmodpathlen(int *data)
757 {
758 	int len;
759 	len = strlen(default_path);
760 	if (copyout(&len, data, sizeof (len)) != 0)
761 		return (EFAULT);
762 	return (0);
763 }
764 
765 static int
766 modctl_getmodpath(char *data)
767 {
768 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
769 		return (EFAULT);
770 	return (0);
771 }
772 
773 static int
774 modctl_read_sysbinding_file(void)
775 {
776 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
777 	return (0);
778 }
779 
780 static int
781 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
782 {
783 	char name[256];
784 	int retval;
785 	major_t major;
786 
787 	if (ulen == 0)
788 		return (EINVAL);
789 	if ((retval = copyinstr(uname, name,
790 	    (ulen < 256) ? ulen : 256, 0)) != 0)
791 		return (retval);
792 	if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
793 		return (ENODEV);
794 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
795 		return (EFAULT);
796 	return (0);
797 }
798 
799 static char **
800 convert_constraint_string(char *constraints, size_t len)
801 {
802 	int	i;
803 	int	n;
804 	char	*p;
805 	char	**array;
806 
807 	ASSERT(constraints != NULL);
808 	ASSERT(len > 0);
809 
810 	for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
811 		;
812 
813 	n = i;
814 
815 	if (n == 0) {
816 		kmem_free(constraints, len);
817 		return (NULL);
818 	}
819 
820 	array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
821 
822 	for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
823 		array[i] = i_ddi_strdup(p, KM_SLEEP);
824 	}
825 	array[n] = NULL;
826 
827 	kmem_free(constraints, len);
828 
829 	return (array);
830 }
831 /*ARGSUSED*/
832 static int
833 modctl_retire(char *path, char *uconstraints, size_t ulen)
834 {
835 	char	*pathbuf;
836 	char	*devpath;
837 	size_t	pathsz;
838 	int	retval;
839 	char	*constraints;
840 	char	**cons_array;
841 
842 	if (path == NULL)
843 		return (EINVAL);
844 
845 	if ((uconstraints == NULL) ^ (ulen == 0))
846 		return (EINVAL);
847 
848 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
849 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
850 	if (retval != 0) {
851 		kmem_free(pathbuf, MAXPATHLEN);
852 		return (retval);
853 	}
854 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
855 	kmem_free(pathbuf, MAXPATHLEN);
856 
857 	/*
858 	 * First check if the device is already retired.
859 	 * If it is, this becomes a NOP
860 	 */
861 	if (e_ddi_device_retired(devpath)) {
862 		cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
863 		kmem_free(devpath, strlen(devpath) + 1);
864 		return (0);
865 	}
866 
867 	cons_array = NULL;
868 	if (uconstraints) {
869 		constraints = kmem_alloc(ulen, KM_SLEEP);
870 		if (copyin(uconstraints, constraints, ulen)) {
871 			kmem_free(constraints, ulen);
872 			kmem_free(devpath, strlen(devpath) + 1);
873 			return (EFAULT);
874 		}
875 		cons_array = convert_constraint_string(constraints, ulen);
876 	}
877 
878 	/*
879 	 * Try to retire the device first. The following
880 	 * routine will return an error only if the device
881 	 * is not retireable i.e. retire constraints forbid
882 	 * a retire. A return of success from this routine
883 	 * indicates that device is retireable.
884 	 */
885 	retval = e_ddi_retire_device(devpath, cons_array);
886 	if (retval != DDI_SUCCESS) {
887 		cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
888 		kmem_free(devpath, strlen(devpath) + 1);
889 		return (ENOTSUP);
890 	}
891 
892 	/*
893 	 * Ok, the retire succeeded. Persist the retire.
894 	 * If retiring a nexus, we need to only persist the
895 	 * nexus retire. Any children of a retired nexus
896 	 * are automatically covered by the retire store
897 	 * code.
898 	 */
899 	retval = e_ddi_retire_persist(devpath);
900 	if (retval != 0) {
901 		cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
902 		    "%s", retval, devpath);
903 		kmem_free(devpath, strlen(devpath) + 1);
904 		return (retval);
905 	}
906 	if (moddebug & MODDEBUG_RETIRE)
907 		cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
908 
909 	kmem_free(devpath, strlen(devpath) + 1);
910 	return (0);
911 }
912 
913 static int
914 modctl_is_retired(char *path, int *statep)
915 {
916 	char	*pathbuf;
917 	char	*devpath;
918 	size_t	pathsz;
919 	int	error;
920 	int	status;
921 
922 	if (path == NULL || statep == NULL)
923 		return (EINVAL);
924 
925 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
926 	error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
927 	if (error != 0) {
928 		kmem_free(pathbuf, MAXPATHLEN);
929 		return (error);
930 	}
931 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
932 	kmem_free(pathbuf, MAXPATHLEN);
933 
934 	if (e_ddi_device_retired(devpath))
935 		status = 1;
936 	else
937 		status = 0;
938 	kmem_free(devpath, strlen(devpath) + 1);
939 
940 	return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
941 }
942 
943 static int
944 modctl_unretire(char *path)
945 {
946 	char	*pathbuf;
947 	char	*devpath;
948 	size_t	pathsz;
949 	int	retired;
950 	int	retval;
951 
952 	if (path == NULL)
953 		return (EINVAL);
954 
955 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
956 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
957 	if (retval != 0) {
958 		kmem_free(pathbuf, MAXPATHLEN);
959 		return (retval);
960 	}
961 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
962 	kmem_free(pathbuf, MAXPATHLEN);
963 
964 	/*
965 	 * We check if a device is retired (first) before
966 	 * unpersisting the retire, because we use the
967 	 * retire store to determine if a device is retired.
968 	 * If we unpersist first, the device will always appear
969 	 * to be unretired. For the rationale behind unpersisting
970 	 * a device that is not retired, see the next comment.
971 	 */
972 	retired = e_ddi_device_retired(devpath);
973 
974 	/*
975 	 * We call unpersist unconditionally because the lookup
976 	 * for retired devices (e_ddi_device_retired()), skips "bypassed"
977 	 * devices. We still want to be able remove "bypassed" entries
978 	 * from the persistent store, so we unpersist unconditionally
979 	 * i.e. whether or not the entry is found on a lookup.
980 	 *
981 	 * e_ddi_retire_unpersist() returns 1 if it found and cleared
982 	 * an entry from the retire store or 0 otherwise.
983 	 */
984 	if (e_ddi_retire_unpersist(devpath))
985 		if (moddebug & MODDEBUG_RETIRE) {
986 			cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
987 			    devpath);
988 		}
989 
990 	/*
991 	 * Check if the device is already unretired. If so,
992 	 * the unretire becomes a NOP
993 	 */
994 	if (!retired) {
995 		cmn_err(CE_NOTE, "Not retired: %s", devpath);
996 		kmem_free(devpath, strlen(devpath) + 1);
997 		return (0);
998 	}
999 
1000 	retval = e_ddi_unretire_device(devpath);
1001 	if (retval != 0) {
1002 		cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1003 		    retval, devpath);
1004 	}
1005 
1006 	kmem_free(devpath, strlen(devpath) + 1);
1007 
1008 	return (retval);
1009 }
1010 
1011 static int
1012 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1013 {
1014 	char *name;
1015 	major_t major;
1016 
1017 	if (copyin(umajorp, &major, sizeof (major)) != 0)
1018 		return (EFAULT);
1019 	if ((name = mod_major_to_name(major)) == NULL)
1020 		return (ENODEV);
1021 	if ((strlen(name) + 1) > ulen)
1022 		return (ENOSPC);
1023 	return (copyoutstr(name, uname, ulen, NULL));
1024 }
1025 
1026 static int
1027 modctl_devt2instance(dev_t dev, int *uinstancep)
1028 {
1029 	int	instance;
1030 
1031 	if ((instance = dev_to_instance(dev)) == -1)
1032 		return (EINVAL);
1033 
1034 	return (copyout(&instance, uinstancep, sizeof (int)));
1035 }
1036 
1037 /*
1038  * Return the sizeof of the device id.
1039  */
1040 static int
1041 modctl_sizeof_devid(dev_t dev, uint_t *len)
1042 {
1043 	uint_t		sz;
1044 	ddi_devid_t	devid;
1045 
1046 	/* get device id */
1047 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1048 		return (EINVAL);
1049 
1050 	sz = ddi_devid_sizeof(devid);
1051 	ddi_devid_free(devid);
1052 
1053 	/* copyout device id size */
1054 	if (copyout(&sz, len, sizeof (sz)) != 0)
1055 		return (EFAULT);
1056 
1057 	return (0);
1058 }
1059 
1060 /*
1061  * Return a copy of the device id.
1062  */
1063 static int
1064 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1065 {
1066 	uint_t		sz;
1067 	ddi_devid_t	devid;
1068 	int		err = 0;
1069 
1070 	/* get device id */
1071 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1072 		return (EINVAL);
1073 
1074 	sz = ddi_devid_sizeof(devid);
1075 
1076 	/* Error if device id is larger than space allocated */
1077 	if (sz > len) {
1078 		ddi_devid_free(devid);
1079 		return (ENOSPC);
1080 	}
1081 
1082 	/* copy out device id */
1083 	if (copyout(devid, udevid, sz) != 0)
1084 		err = EFAULT;
1085 	ddi_devid_free(devid);
1086 	return (err);
1087 }
1088 
1089 /*
1090  * return the /devices paths associated with the specified devid and
1091  * minor name.
1092  */
1093 /*ARGSUSED*/
1094 static int
1095 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1096 	size_t *ulensp, char *upaths)
1097 {
1098 	ddi_devid_t	devid = NULL;
1099 	int		devid_len;
1100 	char		*minor_name = NULL;
1101 	dev_info_t	*dip = NULL;
1102 	int		circ;
1103 	struct ddi_minor_data   *dmdp;
1104 	char		*path = NULL;
1105 	int		ulens;
1106 	int		lens;
1107 	int		len;
1108 	dev_t		*devlist = NULL;
1109 	int		ndevs;
1110 	int		i;
1111 	int		ret = 0;
1112 
1113 	/*
1114 	 * If upaths is NULL then we are only computing the amount of space
1115 	 * needed to hold the paths and returning the value in *ulensp. If we
1116 	 * are copying out paths then we get the amount of space allocated by
1117 	 * the caller. If the actual space needed for paths is larger, or
1118 	 * things are changing out from under us, then we return EAGAIN.
1119 	 */
1120 	if (upaths) {
1121 		if (ulensp == NULL)
1122 			return (EINVAL);
1123 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1124 			return (EFAULT);
1125 	}
1126 
1127 	/*
1128 	 * copyin enough of the devid to determine the length then
1129 	 * reallocate and copy in the entire devid.
1130 	 */
1131 	devid_len = ddi_devid_sizeof(NULL);
1132 	devid = kmem_alloc(devid_len, KM_SLEEP);
1133 	if (copyin(udevid, devid, devid_len)) {
1134 		ret = EFAULT;
1135 		goto out;
1136 	}
1137 	len = devid_len;
1138 	devid_len = ddi_devid_sizeof(devid);
1139 	kmem_free(devid, len);
1140 	devid = kmem_alloc(devid_len, KM_SLEEP);
1141 	if (copyin(udevid, devid, devid_len)) {
1142 		ret = EFAULT;
1143 		goto out;
1144 	}
1145 
1146 	/* copyin the minor name if specified. */
1147 	minor_name = uminor_name;
1148 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1149 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1150 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1151 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1152 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1153 			ret = EFAULT;
1154 			goto out;
1155 		}
1156 	}
1157 
1158 	/*
1159 	 * Use existing function to resolve the devid into a devlist.
1160 	 *
1161 	 * NOTE: there is a loss of spectype information in the current
1162 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
1163 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1164 	 * node forms in the loop processing the devlist below. It would be
1165 	 * best if at some point the use of this interface here was replaced
1166 	 * with a path oriented call.
1167 	 */
1168 	if (ddi_lyr_devid_to_devlist(devid,
1169 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
1170 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
1171 	    &ndevs, &devlist) != DDI_SUCCESS) {
1172 		ret = EINVAL;
1173 		goto out;
1174 	}
1175 
1176 	/*
1177 	 * loop over the devlist, converting each devt to a path and doing
1178 	 * a copyout of the path and computation of the amount of space
1179 	 * needed to hold all the paths
1180 	 */
1181 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1182 	for (i = 0, lens = 0; i < ndevs; i++) {
1183 
1184 		/* find the dip associated with the dev_t */
1185 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1186 			continue;
1187 
1188 		/* loop over all the minor nodes, skipping ones we don't want */
1189 		ndi_devi_enter(dip, &circ);
1190 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1191 			if ((dmdp->ddm_dev != devlist[i]) ||
1192 			    (dmdp->type != DDM_MINOR))
1193 				continue;
1194 
1195 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1196 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1197 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1198 			    strcmp(minor_name, dmdp->ddm_name))
1199 				continue;
1200 			else {
1201 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1202 				    (dmdp->ddm_spec_type != S_IFCHR))
1203 					continue;
1204 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1205 				    (dmdp->ddm_spec_type != S_IFBLK))
1206 					continue;
1207 			}
1208 
1209 			/* XXX need ddi_pathname_minor(dmdp, path); interface */
1210 			if (ddi_dev_pathname(dmdp->ddm_dev, dmdp->ddm_spec_type,
1211 			    path) != DDI_SUCCESS) {
1212 				ret = EAGAIN;
1213 				goto out;
1214 			}
1215 			len = strlen(path) + 1;
1216 			*(path + len) = '\0';	/* set double termination */
1217 			lens += len;
1218 
1219 			/* copyout the path with double terminations */
1220 			if (upaths) {
1221 				if (lens > ulens) {
1222 					ret = EAGAIN;
1223 					goto out;
1224 				}
1225 				if (copyout(path, upaths, len + 1)) {
1226 					ret = EFAULT;
1227 					goto out;
1228 				}
1229 				upaths += len;
1230 			}
1231 		}
1232 		ndi_devi_exit(dip, circ);
1233 		ddi_release_devi(dip);
1234 		dip = NULL;
1235 	}
1236 	lens++;		/* add one for double termination */
1237 
1238 	/* copy out the amount of space needed to hold the paths */
1239 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1240 		ret = EFAULT;
1241 		goto out;
1242 	}
1243 	ret = 0;
1244 
1245 out:	if (dip) {
1246 		ndi_devi_exit(dip, circ);
1247 		ddi_release_devi(dip);
1248 	}
1249 	if (path)
1250 		kmem_free(path, MAXPATHLEN);
1251 	if (devlist)
1252 		ddi_lyr_free_devlist(devlist, ndevs);
1253 	if (minor_name &&
1254 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1255 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1256 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1257 		kmem_free(minor_name, MAXPATHLEN);
1258 	if (devid)
1259 		kmem_free(devid, devid_len);
1260 	return (ret);
1261 }
1262 
1263 /*
1264  * Return the size of the minor name.
1265  */
1266 static int
1267 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1268 {
1269 	uint_t	sz;
1270 	char	*name;
1271 
1272 	/* get the minor name */
1273 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1274 		return (EINVAL);
1275 
1276 	sz = strlen(name) + 1;
1277 	kmem_free(name, sz);
1278 
1279 	/* copy out the size of the minor name */
1280 	if (copyout(&sz, len, sizeof (sz)) != 0)
1281 		return (EFAULT);
1282 
1283 	return (0);
1284 }
1285 
1286 /*
1287  * Return the minor name.
1288  */
1289 static int
1290 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1291 {
1292 	uint_t	sz;
1293 	char	*name;
1294 	int	err = 0;
1295 
1296 	/* get the minor name */
1297 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1298 		return (EINVAL);
1299 
1300 	sz = strlen(name) + 1;
1301 
1302 	/* Error if the minor name is larger than the space allocated */
1303 	if (sz > len) {
1304 		kmem_free(name, sz);
1305 		return (ENOSPC);
1306 	}
1307 
1308 	/* copy out the minor name */
1309 	if (copyout(name, uname, sz) != 0)
1310 		err = EFAULT;
1311 	kmem_free(name, sz);
1312 	return (err);
1313 }
1314 
1315 /*
1316  * Return the size of the (dev_t,spectype) devfspath name.
1317  */
1318 static int
1319 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1320 {
1321 	uint_t	sz;
1322 	char	*name;
1323 
1324 	/* get the path name */
1325 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1326 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1327 		kmem_free(name, MAXPATHLEN);
1328 		return (EINVAL);
1329 	}
1330 
1331 	sz = strlen(name) + 1;
1332 	kmem_free(name, MAXPATHLEN);
1333 
1334 	/* copy out the size of the path name */
1335 	if (copyout(&sz, len, sizeof (sz)) != 0)
1336 		return (EFAULT);
1337 
1338 	return (0);
1339 }
1340 
1341 /*
1342  * Return the (dev_t,spectype) devfspath name.
1343  */
1344 static int
1345 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1346 {
1347 	uint_t	sz;
1348 	char	*name;
1349 	int	err = 0;
1350 
1351 	/* get the path name */
1352 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1353 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1354 		kmem_free(name, MAXPATHLEN);
1355 		return (EINVAL);
1356 	}
1357 
1358 	sz = strlen(name) + 1;
1359 
1360 	/* Error if the path name is larger than the space allocated */
1361 	if (sz > len) {
1362 		kmem_free(name, MAXPATHLEN);
1363 		return (ENOSPC);
1364 	}
1365 
1366 	/* copy out the path name */
1367 	if (copyout(name, uname, sz) != 0)
1368 		err = EFAULT;
1369 	kmem_free(name, MAXPATHLEN);
1370 	return (err);
1371 }
1372 
1373 /*
1374  * Return the size of the (major,instance) devfspath name.
1375  */
1376 static int
1377 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1378 {
1379 	uint_t	sz;
1380 	char	*name;
1381 
1382 	/* get the path name */
1383 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1384 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1385 		kmem_free(name, MAXPATHLEN);
1386 		return (EINVAL);
1387 	}
1388 
1389 	sz = strlen(name) + 1;
1390 	kmem_free(name, MAXPATHLEN);
1391 
1392 	/* copy out the size of the path name */
1393 	if (copyout(&sz, len, sizeof (sz)) != 0)
1394 		return (EFAULT);
1395 
1396 	return (0);
1397 }
1398 
1399 /*
1400  * Return the (major_instance) devfspath name.
1401  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1402  * return a path - it uses the instance tree.
1403  */
1404 static int
1405 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1406 {
1407 	uint_t	sz;
1408 	char	*name;
1409 	int	err = 0;
1410 
1411 	/* get the path name */
1412 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1413 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1414 		kmem_free(name, MAXPATHLEN);
1415 		return (EINVAL);
1416 	}
1417 
1418 	sz = strlen(name) + 1;
1419 
1420 	/* Error if the path name is larger than the space allocated */
1421 	if (sz > len) {
1422 		kmem_free(name, MAXPATHLEN);
1423 		return (ENOSPC);
1424 	}
1425 
1426 	/* copy out the path name */
1427 	if (copyout(name, uname, sz) != 0)
1428 		err = EFAULT;
1429 	kmem_free(name, MAXPATHLEN);
1430 	return (err);
1431 }
1432 
1433 static int
1434 modctl_get_fbname(char *path)
1435 {
1436 	extern dev_t fbdev;
1437 	char *pathname = NULL;
1438 	int rval = 0;
1439 
1440 	/* make sure fbdev is set before we plunge in */
1441 	if (fbdev == NODEV)
1442 		return (ENODEV);
1443 
1444 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1445 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1446 	    pathname)) == DDI_SUCCESS) {
1447 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1448 			rval = EFAULT;
1449 		}
1450 	}
1451 	kmem_free(pathname, MAXPATHLEN);
1452 	return (rval);
1453 }
1454 
1455 /*
1456  * modctl_reread_dacf()
1457  *	Reread the dacf rules database from the named binding file.
1458  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1459  */
1460 static int
1461 modctl_reread_dacf(char *path)
1462 {
1463 	int rval = 0;
1464 	char *filename, *filenamep;
1465 
1466 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1467 
1468 	if (path == NULL) {
1469 		filenamep = NULL;
1470 	} else {
1471 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1472 			rval = EFAULT;
1473 			goto out;
1474 		}
1475 		filenamep = filename;
1476 		filenamep[MAXPATHLEN - 1] = '\0';
1477 	}
1478 
1479 	rval = read_dacf_binding_file(filenamep);
1480 out:
1481 	kmem_free(filename, MAXPATHLEN);
1482 	return (rval);
1483 }
1484 
1485 /*ARGSUSED*/
1486 static int
1487 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1488     uint_t flag)
1489 {
1490 	int error = 0;
1491 	char *filenamep;
1492 
1493 	switch (subcmd) {
1494 
1495 	case MODEVENTS_FLUSH:
1496 		/* flush all currently queued events */
1497 		log_sysevent_flushq(subcmd, flag);
1498 		break;
1499 
1500 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1501 		/*
1502 		 * bind door_upcall to filename
1503 		 * this should only be done once per invocation
1504 		 * of the event daemon.
1505 		 */
1506 
1507 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1508 
1509 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1510 			error = EFAULT;
1511 		} else {
1512 			error = log_sysevent_filename(filenamep);
1513 		}
1514 		kmem_free(filenamep, MOD_MAXPATH);
1515 		break;
1516 
1517 	case MODEVENTS_GETDATA:
1518 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1519 		    (size_t)a3, (caddr_t)a4);
1520 		break;
1521 
1522 	case MODEVENTS_FREEDATA:
1523 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1524 		break;
1525 	case MODEVENTS_POST_EVENT:
1526 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1527 		    (sysevent_id_t *)a4);
1528 		break;
1529 	case MODEVENTS_REGISTER_EVENT:
1530 		error = log_sysevent_register((char *)a2, (char *)a3,
1531 		    (se_pubsub_t *)a4);
1532 		break;
1533 	default:
1534 		error = EINVAL;
1535 	}
1536 
1537 	return (error);
1538 }
1539 
1540 static void
1541 free_mperm(mperm_t *mp)
1542 {
1543 	int len;
1544 
1545 	if (mp->mp_minorname) {
1546 		len = strlen(mp->mp_minorname) + 1;
1547 		kmem_free(mp->mp_minorname, len);
1548 	}
1549 	kmem_free(mp, sizeof (mperm_t));
1550 }
1551 
1552 #define	MP_NO_DRV_ERR	\
1553 	"/etc/minor_perm: no driver for %s\n"
1554 
1555 #define	MP_EMPTY_MINOR	\
1556 	"/etc/minor_perm: empty minor name for driver %s\n"
1557 
1558 #define	MP_NO_MINOR	\
1559 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1560 
1561 /*
1562  * Remove mperm entry with matching minorname
1563  */
1564 static void
1565 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1566 {
1567 	mperm_t **mp_head;
1568 	mperm_t *freemp = NULL;
1569 	struct devnames *dnp = &devnamesp[major];
1570 	mperm_t **wildmp;
1571 
1572 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1573 
1574 	LOCK_DEV_OPS(&dnp->dn_lock);
1575 	if (strcmp(mp->mp_minorname, "*") == 0) {
1576 		wildmp = ((is_clone == 0) ?
1577 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1578 		if (*wildmp)
1579 			freemp = *wildmp;
1580 		*wildmp = NULL;
1581 	} else {
1582 		mp_head = &dnp->dn_mperm;
1583 		while (*mp_head) {
1584 			if (strcmp((*mp_head)->mp_minorname,
1585 			    mp->mp_minorname) != 0) {
1586 				mp_head = &(*mp_head)->mp_next;
1587 				continue;
1588 			}
1589 			/* remove the entry */
1590 			freemp = *mp_head;
1591 			*mp_head = freemp->mp_next;
1592 			break;
1593 		}
1594 	}
1595 	if (freemp) {
1596 		if (moddebug & MODDEBUG_MINORPERM) {
1597 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1598 			    drvname, freemp->mp_minorname,
1599 			    freemp->mp_mode & 0777,
1600 			    freemp->mp_uid, freemp->mp_gid);
1601 		}
1602 		free_mperm(freemp);
1603 	} else {
1604 		if (moddebug & MODDEBUG_MINORPERM) {
1605 			cmn_err(CE_CONT, MP_NO_MINOR,
1606 			    drvname, mp->mp_minorname);
1607 		}
1608 	}
1609 
1610 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1611 }
1612 
1613 /*
1614  * Add minor perm entry
1615  */
1616 static void
1617 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1618 {
1619 	mperm_t **mp_head;
1620 	mperm_t *freemp = NULL;
1621 	struct devnames *dnp = &devnamesp[major];
1622 	mperm_t **wildmp;
1623 
1624 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1625 
1626 	/*
1627 	 * Note that update_drv replace semantics require
1628 	 * replacing matching entries with the new permissions.
1629 	 */
1630 	LOCK_DEV_OPS(&dnp->dn_lock);
1631 	if (strcmp(mp->mp_minorname, "*") == 0) {
1632 		wildmp = ((is_clone == 0) ?
1633 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1634 		if (*wildmp)
1635 			freemp = *wildmp;
1636 		*wildmp = mp;
1637 	} else {
1638 		mperm_t *p, *v = NULL;
1639 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1640 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1641 				if (v == NULL)
1642 					dnp->dn_mperm = mp;
1643 				else
1644 					v->mp_next = mp;
1645 				mp->mp_next = p->mp_next;
1646 				freemp = p;
1647 				goto replaced;
1648 			}
1649 		}
1650 		if (p == NULL) {
1651 			mp_head = &dnp->dn_mperm;
1652 			if (*mp_head == NULL) {
1653 				*mp_head = mp;
1654 			} else {
1655 				mp->mp_next = *mp_head;
1656 				*mp_head = mp;
1657 			}
1658 		}
1659 	}
1660 replaced:
1661 	if (freemp) {
1662 		if (moddebug & MODDEBUG_MINORPERM) {
1663 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1664 			    drvname, freemp->mp_minorname,
1665 			    freemp->mp_mode & 0777,
1666 			    freemp->mp_uid, freemp->mp_gid);
1667 		}
1668 		free_mperm(freemp);
1669 	}
1670 	if (moddebug & MODDEBUG_MINORPERM) {
1671 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1672 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1673 		    mp->mp_uid, mp->mp_gid);
1674 	}
1675 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1676 }
1677 
1678 
1679 static int
1680 process_minorperm(int cmd, nvlist_t *nvl)
1681 {
1682 	char *minor;
1683 	major_t major;
1684 	mperm_t *mp;
1685 	nvpair_t *nvp;
1686 	char *name;
1687 	int is_clone;
1688 	major_t minmaj;
1689 
1690 	ASSERT(cmd == MODLOADMINORPERM ||
1691 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1692 
1693 	nvp = NULL;
1694 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1695 		name = nvpair_name(nvp);
1696 
1697 		is_clone = 0;
1698 		(void) nvpair_value_string(nvp, &minor);
1699 		major = ddi_name_to_major(name);
1700 		if (major != DDI_MAJOR_T_NONE) {
1701 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1702 			if (minor == NULL || strlen(minor) == 0) {
1703 				if (moddebug & MODDEBUG_MINORPERM) {
1704 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1705 				}
1706 				minor = "*";
1707 			}
1708 
1709 			/*
1710 			 * The minor name of a node using the clone
1711 			 * driver must be the driver name.  To avoid
1712 			 * multiple searches, we map entries in the form
1713 			 * clone:<driver> to <driver>:*.  This also allows us
1714 			 * to filter out some of the litter in /etc/minor_perm.
1715 			 * Minor perm alias entries where the name is not
1716 			 * the driver kept on the clone list itself.
1717 			 * This all seems very fragile as a driver could
1718 			 * be introduced with an existing alias name.
1719 			 */
1720 			if (strcmp(name, "clone") == 0) {
1721 				minmaj = ddi_name_to_major(minor);
1722 				if (minmaj != DDI_MAJOR_T_NONE) {
1723 					if (moddebug & MODDEBUG_MINORPERM) {
1724 						cmn_err(CE_CONT,
1725 						    "mapping %s:%s to %s:*\n",
1726 						    name, minor, minor);
1727 					}
1728 					major = minmaj;
1729 					name = minor;
1730 					minor = "*";
1731 					is_clone = 1;
1732 				}
1733 			}
1734 
1735 			if (mp) {
1736 				mp->mp_minorname =
1737 				    i_ddi_strdup(minor, KM_SLEEP);
1738 			}
1739 		} else {
1740 			mp = NULL;
1741 			if (moddebug & MODDEBUG_MINORPERM) {
1742 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1743 			}
1744 		}
1745 
1746 		/* mode */
1747 		nvp = nvlist_next_nvpair(nvl, nvp);
1748 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1749 		if (mp)
1750 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1751 		/* uid */
1752 		nvp = nvlist_next_nvpair(nvl, nvp);
1753 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1754 		if (mp)
1755 			(void) nvpair_value_uint32(nvp, &mp->mp_uid);
1756 		/* gid */
1757 		nvp = nvlist_next_nvpair(nvl, nvp);
1758 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1759 		if (mp) {
1760 			(void) nvpair_value_uint32(nvp, &mp->mp_gid);
1761 
1762 			if (cmd == MODREMMINORPERM) {
1763 				rem_minorperm(major, name, mp, is_clone);
1764 				free_mperm(mp);
1765 			} else {
1766 				add_minorperm(major, name, mp, is_clone);
1767 			}
1768 		}
1769 	}
1770 
1771 	if (cmd == MODLOADMINORPERM)
1772 		minorperm_loaded = 1;
1773 
1774 	/*
1775 	 * Reset permissions of cached dv_nodes
1776 	 */
1777 	(void) devfs_reset_perm(DV_RESET_PERM);
1778 
1779 	return (0);
1780 }
1781 
1782 static int
1783 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1784 {
1785 	int error;
1786 	nvlist_t *nvl;
1787 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1788 
1789 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1790 		kmem_free(buf, buflen);
1791 		return (error);
1792 	}
1793 
1794 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1795 	kmem_free(buf, buflen);
1796 	if (error)
1797 		return (error);
1798 
1799 	error = process_minorperm(cmd, nvl);
1800 	nvlist_free(nvl);
1801 	return (error);
1802 }
1803 
1804 struct walk_args {
1805 	char		*wa_drvname;
1806 	list_t		wa_pathlist;
1807 };
1808 
1809 struct path_elem {
1810 	char		*pe_dir;
1811 	char		*pe_nodename;
1812 	list_node_t	pe_node;
1813 	int		pe_dirlen;
1814 };
1815 
1816 /*ARGSUSED*/
1817 static int
1818 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1819 {
1820 	struct walk_args *wargs = (struct walk_args *)arg;
1821 	struct path_elem *pe;
1822 	char *nodename;
1823 
1824 	/*
1825 	 * Search may be restricted to a single driver in the case of rem_drv
1826 	 */
1827 	if (wargs->wa_drvname &&
1828 	    strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1829 		return (INST_WALK_CONTINUE);
1830 
1831 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1832 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1833 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1834 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1835 	nodename = strrchr(pe->pe_dir, '/');
1836 	*nodename++ = 0;
1837 	pe->pe_nodename = nodename;
1838 	list_insert_tail(&wargs->wa_pathlist, pe);
1839 
1840 	return (INST_WALK_CONTINUE);
1841 }
1842 
1843 /*
1844  * /devices attribute nodes clean-up optionally performed
1845  * when removing a driver (rem_drv -C).
1846  *
1847  * Removing attribute nodes allows a machine to be reprovisioned
1848  * without the side-effect of inadvertently picking up stale
1849  * device node ownership or permissions.
1850  *
1851  * Preserving attributes (not performing cleanup) allows devices
1852  * attribute changes to be preserved across upgrades, as
1853  * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1854  */
1855 static int
1856 modctl_remdrv_cleanup(const char *u_drvname)
1857 {
1858 	struct walk_args *wargs;
1859 	struct path_elem *pe;
1860 	char *drvname;
1861 	int err, rval = 0;
1862 
1863 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
1864 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
1865 		kmem_free(drvname, MAXMODCONFNAME);
1866 		return (err);
1867 	}
1868 
1869 	/*
1870 	 * First go through the instance database.  For each
1871 	 * instance of a device bound to the driver being
1872 	 * removed, remove any underlying devfs attribute nodes.
1873 	 *
1874 	 * This is a two-step process.  First we go through
1875 	 * the instance data itself, constructing a list of
1876 	 * the nodes discovered.  The second step is then
1877 	 * to find and remove any devfs attribute nodes
1878 	 * for the instances discovered in the first step.
1879 	 * The two-step process avoids any difficulties
1880 	 * which could arise by holding the instance data
1881 	 * lock with simultaneous devfs operations.
1882 	 */
1883 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
1884 
1885 	wargs->wa_drvname = drvname;
1886 	list_create(&wargs->wa_pathlist,
1887 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
1888 
1889 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
1890 
1891 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
1892 	    pe = list_next(&wargs->wa_pathlist, pe)) {
1893 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
1894 		    (const char *)pe->pe_nodename);
1895 		if (rval == 0)
1896 			rval = err;
1897 	}
1898 
1899 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
1900 		list_remove(&wargs->wa_pathlist, pe);
1901 		kmem_free(pe->pe_dir, pe->pe_dirlen);
1902 		kmem_free(pe, sizeof (*pe));
1903 	}
1904 	kmem_free(wargs, sizeof (*wargs));
1905 
1906 	/*
1907 	 * Pseudo nodes aren't recorded in the instance database
1908 	 * so any such nodes need to be handled separately.
1909 	 */
1910 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
1911 	if (rval == 0)
1912 		rval = err;
1913 
1914 	kmem_free(drvname, MAXMODCONFNAME);
1915 	return (rval);
1916 }
1917 
1918 /*
1919  * Perform a cleanup of non-existent /devices attribute nodes,
1920  * similar to rem_drv -C, but for all drivers/devices.
1921  * This is also optional, performed as part of devfsadm -C.
1922  */
1923 void
1924 dev_devices_cleanup()
1925 {
1926 	struct walk_args *wargs;
1927 	struct path_elem *pe;
1928 	dev_info_t *devi;
1929 	char *path;
1930 	int err;
1931 
1932 	/*
1933 	 * It's expected that all drivers have been loaded and
1934 	 * module unloading disabled while performing cleanup.
1935 	 */
1936 	ASSERT(modunload_disable_count > 0);
1937 
1938 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
1939 	wargs->wa_drvname = NULL;
1940 	list_create(&wargs->wa_pathlist,
1941 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
1942 
1943 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
1944 
1945 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1946 
1947 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
1948 	    pe = list_next(&wargs->wa_pathlist, pe)) {
1949 		(void) snprintf(path, MAXPATHLEN, "%s/%s",
1950 		    pe->pe_dir, pe->pe_nodename);
1951 		devi = e_ddi_hold_devi_by_path(path, 0);
1952 		if (devi != NULL) {
1953 			ddi_release_devi(devi);
1954 		} else {
1955 			err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
1956 			    (const char *)pe->pe_nodename);
1957 			if (err) {
1958 				cmn_err(CE_CONT,
1959 				    "devfs: %s: clean-up error %d\n",
1960 				    path, err);
1961 			}
1962 		}
1963 	}
1964 
1965 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
1966 		list_remove(&wargs->wa_pathlist, pe);
1967 		kmem_free(pe->pe_dir, pe->pe_dirlen);
1968 		kmem_free(pe, sizeof (*pe));
1969 	}
1970 	kmem_free(wargs, sizeof (*wargs));
1971 	kmem_free(path, MAXPATHLEN);
1972 }
1973 
1974 static int
1975 modctl_allocpriv(const char *name)
1976 {
1977 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
1978 	int error;
1979 
1980 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
1981 		kmem_free(pstr, PRIVNAME_MAX);
1982 		return (error);
1983 	}
1984 	error = priv_getbyname(pstr, PRIV_ALLOC);
1985 	if (error < 0)
1986 		error = -error;
1987 	else
1988 		error = 0;
1989 	kmem_free(pstr, PRIVNAME_MAX);
1990 	return (error);
1991 }
1992 
1993 static int
1994 modctl_devexists(const char *upath, int pathlen)
1995 {
1996 	char	*path;
1997 	int	ret;
1998 
1999 	/*
2000 	 * copy in the path, including the terminating null
2001 	 */
2002 	pathlen++;
2003 	if (pathlen <= 1 || pathlen > MAXPATHLEN)
2004 		return (EINVAL);
2005 	path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2006 	if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2007 		ret = sdev_modctl_devexists(path);
2008 	}
2009 
2010 	kmem_free(path, pathlen + 1);
2011 	return (ret);
2012 }
2013 
2014 static int
2015 modctl_devreaddir(const char *udir, int udirlen,
2016     char *upaths, int64_t *ulensp)
2017 {
2018 	char	*paths = NULL;
2019 	char	**dirlist = NULL;
2020 	char	*dir;
2021 	int64_t	ulens;
2022 	int64_t	lens;
2023 	int	i, n;
2024 	int	ret = 0;
2025 	char	*p;
2026 	int	npaths;
2027 	int	npaths_alloc;
2028 
2029 	/*
2030 	 * If upaths is NULL then we are only computing the amount of space
2031 	 * needed to return the paths, with the value returned in *ulensp. If we
2032 	 * are copying out paths then we get the amount of space allocated by
2033 	 * the caller. If the actual space needed for paths is larger, or
2034 	 * things are changing out from under us, then we return EAGAIN.
2035 	 */
2036 	if (upaths) {
2037 		if (ulensp == NULL)
2038 			return (EINVAL);
2039 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2040 			return (EFAULT);
2041 	}
2042 
2043 	/*
2044 	 * copyin the /dev path including terminating null
2045 	 */
2046 	udirlen++;
2047 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2048 		return (EINVAL);
2049 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2050 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2051 		goto err;
2052 
2053 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2054 	    &npaths, &npaths_alloc, 0)) != 0) {
2055 		ASSERT(dirlist == NULL);
2056 		goto err;
2057 	}
2058 
2059 	lens = 0;
2060 	for (i = 0; i < npaths; i++) {
2061 		lens += strlen(dirlist[i]) + 1;
2062 	}
2063 	lens++;		/* add one for double termination */
2064 
2065 	if (upaths) {
2066 		if (lens > ulens) {
2067 			ret = EAGAIN;
2068 			goto out;
2069 		}
2070 
2071 		paths = kmem_alloc(lens, KM_SLEEP);
2072 
2073 		p = paths;
2074 		for (i = 0; i < npaths; i++) {
2075 			n = strlen(dirlist[i]) + 1;
2076 			bcopy(dirlist[i], p, n);
2077 			p += n;
2078 		}
2079 		*p = 0;
2080 
2081 		if (copyout(paths, upaths, lens)) {
2082 			ret = EFAULT;
2083 			goto err;
2084 		}
2085 	}
2086 
2087 out:
2088 	/* copy out the amount of space needed to hold the paths */
2089 	if (copyout(&lens, ulensp, sizeof (lens)))
2090 		ret = EFAULT;
2091 
2092 err:
2093 	if (dirlist)
2094 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2095 	if (paths)
2096 		kmem_free(paths, lens);
2097 	kmem_free(dir, udirlen + 1);
2098 	return (ret);
2099 }
2100 
2101 static int
2102 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2103 {
2104 	char	*dir;
2105 	int	ret;
2106 	char	**dirlist = NULL;
2107 	int	npaths;
2108 	int	npaths_alloc;
2109 	int	empty;
2110 
2111 	/*
2112 	 * copyin the /dev path including terminating null
2113 	 */
2114 	udirlen++;
2115 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2116 		return (EINVAL);
2117 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2118 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2119 		goto err;
2120 
2121 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2122 	    &npaths, &npaths_alloc, 1)) != 0) {
2123 		goto err;
2124 	}
2125 
2126 	empty = npaths ? 0 : 1;
2127 	if (copyout(&empty, uempty, sizeof (empty)))
2128 		ret = EFAULT;
2129 
2130 err:
2131 	if (dirlist)
2132 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2133 	kmem_free(dir, udirlen + 1);
2134 	return (ret);
2135 }
2136 
2137 int
2138 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2139 {
2140 	int error = 0;
2141 
2142 	switch (subcmd) {
2143 	case MODDEVNAME_LOOKUPDOOR:
2144 	case MODDEVNAME_DEVFSADMNODE:
2145 		error = devname_filename_register(subcmd, (char *)a1);
2146 		break;
2147 	case MODDEVNAME_NSMAPS:
2148 		error = devname_nsmaps_register((char *)a1, (size_t)a2);
2149 		break;
2150 	case MODDEVNAME_PROFILE:
2151 		error = devname_profile_update((char *)a1, (size_t)a2);
2152 		break;
2153 	case MODDEVNAME_RECONFIG:
2154 		i_ddi_set_reconfig();
2155 		break;
2156 	case MODDEVNAME_SYSAVAIL:
2157 		i_ddi_set_sysavail();
2158 		break;
2159 	default:
2160 		error = EINVAL;
2161 		break;
2162 	}
2163 
2164 	return (error);
2165 }
2166 
2167 /*ARGSUSED5*/
2168 int
2169 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2170     uintptr_t a5)
2171 {
2172 	int	error = EINVAL;
2173 	dev_t	dev;
2174 
2175 	if (secpolicy_modctl(CRED(), cmd) != 0)
2176 		return (set_errno(EPERM));
2177 
2178 	switch (cmd) {
2179 	case MODLOAD:		/* load a module */
2180 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2181 		break;
2182 
2183 	case MODUNLOAD:		/* unload a module */
2184 		error = modctl_modunload((modid_t)a1);
2185 		break;
2186 
2187 	case MODINFO:		/* get module status */
2188 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2189 		break;
2190 
2191 	case MODRESERVED:	/* get last major number in range */
2192 		error = modctl_modreserve((modid_t)a1, (int *)a2);
2193 		break;
2194 
2195 	case MODSETMINIROOT:	/* we are running in miniroot */
2196 		isminiroot = 1;
2197 		error = 0;
2198 		break;
2199 
2200 	case MODADDMAJBIND:	/* read major binding file */
2201 		error = modctl_add_major((int *)a2);
2202 		break;
2203 
2204 	case MODGETPATHLEN:	/* get modpath length */
2205 		error = modctl_getmodpathlen((int *)a2);
2206 		break;
2207 
2208 	case MODGETPATH:	/* get modpath */
2209 		error = modctl_getmodpath((char *)a2);
2210 		break;
2211 
2212 	case MODREADSYSBIND:	/* read system call binding file */
2213 		error = modctl_read_sysbinding_file();
2214 		break;
2215 
2216 	case MODGETMAJBIND:	/* get major number for named device */
2217 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2218 		break;
2219 
2220 	case MODGETNAME:	/* get name of device given major number */
2221 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2222 		break;
2223 
2224 	case MODDEVT2INSTANCE:
2225 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2226 			dev = (dev_t)a1;
2227 		}
2228 #ifdef _SYSCALL32_IMPL
2229 		else {
2230 			dev = expldev(a1);
2231 		}
2232 #endif
2233 		error = modctl_devt2instance(dev, (int *)a2);
2234 		break;
2235 
2236 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
2237 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2238 			dev = (dev_t)a1;
2239 		}
2240 #ifdef _SYSCALL32_IMPL
2241 		else {
2242 			dev = expldev(a1);
2243 		}
2244 #endif
2245 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
2246 		break;
2247 
2248 	case MODGETDEVID:	/* get device id of device given dev_t */
2249 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2250 			dev = (dev_t)a1;
2251 		}
2252 #ifdef _SYSCALL32_IMPL
2253 		else {
2254 			dev = expldev(a1);
2255 		}
2256 #endif
2257 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2258 		break;
2259 
2260 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm (dev_t,spectype) */
2261 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2262 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2263 			    (uint_t *)a3);
2264 		}
2265 #ifdef _SYSCALL32_IMPL
2266 		else {
2267 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2268 			    (uint_t *)a3);
2269 		}
2270 
2271 #endif
2272 		break;
2273 
2274 	case MODGETMINORNAME:		/* get minor name of (dev_t,spectype) */
2275 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2276 			error = modctl_get_minorname((dev_t)a1, (int)a2,
2277 			    (uint_t)a3, (char *)a4);
2278 		}
2279 #ifdef _SYSCALL32_IMPL
2280 		else {
2281 			error = modctl_get_minorname(expldev(a1), (int)a2,
2282 			    (uint_t)a3, (char *)a4);
2283 		}
2284 #endif
2285 		break;
2286 
2287 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of (dev_t,spectype) */
2288 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2289 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
2290 			    (uint_t *)a3);
2291 		}
2292 #ifdef _SYSCALL32_IMPL
2293 		else {
2294 			error = modctl_devfspath_len(expldev(a1), (int)a2,
2295 			    (uint_t *)a3);
2296 		}
2297 
2298 #endif
2299 		break;
2300 
2301 	case MODGETDEVFSPATH:   	/* get path name of (dev_t,spec) type */
2302 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2303 			error = modctl_devfspath((dev_t)a1, (int)a2,
2304 			    (uint_t)a3, (char *)a4);
2305 		}
2306 #ifdef _SYSCALL32_IMPL
2307 		else {
2308 			error = modctl_devfspath(expldev(a1), (int)a2,
2309 			    (uint_t)a3, (char *)a4);
2310 		}
2311 #endif
2312 		break;
2313 
2314 	case MODGETDEVFSPATH_MI_LEN:	/* sizeof path nm of (major,instance) */
2315 		error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2316 		    (uint_t *)a3);
2317 		break;
2318 
2319 	case MODGETDEVFSPATH_MI:   	/* get path name of (major,instance) */
2320 		error = modctl_devfspath_mi((major_t)a1, (int)a2,
2321 		    (uint_t)a3, (char *)a4);
2322 		break;
2323 
2324 
2325 	case MODEVENTS:
2326 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2327 		break;
2328 
2329 	case MODGETFBNAME:	/* get the framebuffer name */
2330 		error = modctl_get_fbname((char *)a1);
2331 		break;
2332 
2333 	case MODREREADDACF:	/* reread dacf rule database from given file */
2334 		error = modctl_reread_dacf((char *)a1);
2335 		break;
2336 
2337 	case MODLOADDRVCONF:	/* load driver.conf file for major */
2338 		error = modctl_load_drvconf((major_t)a1);
2339 		break;
2340 
2341 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
2342 		error = modctl_unload_drvconf((major_t)a1);
2343 		break;
2344 
2345 	case MODREMMAJBIND:	/* remove a major binding */
2346 		error = modctl_rem_major((major_t)a1);
2347 		break;
2348 
2349 	case MODDEVID2PATHS:	/* get paths given devid */
2350 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2351 		    (uint_t)a3, (size_t *)a4, (char *)a5);
2352 		break;
2353 
2354 	case MODSETDEVPOLICY:	/* establish device policy */
2355 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2356 		break;
2357 
2358 	case MODGETDEVPOLICY:	/* get device policy */
2359 		error = devpolicy_get((int *)a1, (size_t)a2,
2360 		    (devplcysys_t *)a3);
2361 		break;
2362 
2363 	case MODALLOCPRIV:
2364 		error = modctl_allocpriv((const char *)a1);
2365 		break;
2366 
2367 	case MODGETDEVPOLICYBYNAME:
2368 		error = devpolicy_getbyname((size_t)a1,
2369 		    (devplcysys_t *)a2, (char *)a3);
2370 		break;
2371 
2372 	case MODLOADMINORPERM:
2373 	case MODADDMINORPERM:
2374 	case MODREMMINORPERM:
2375 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2376 		break;
2377 
2378 	case MODREMDRVCLEANUP:
2379 		error = modctl_remdrv_cleanup((const char *)a1);
2380 		break;
2381 
2382 	case MODDEVEXISTS:	/* non-reconfiguring /dev lookup */
2383 		error = modctl_devexists((const char *)a1, (size_t)a2);
2384 		break;
2385 
2386 	case MODDEVREADDIR:	/* non-reconfiguring /dev readdir */
2387 		error = modctl_devreaddir((const char *)a1, (size_t)a2,
2388 		    (char *)a3, (int64_t *)a4);
2389 		break;
2390 
2391 	case MODDEVEMPTYDIR:	/* non-reconfiguring /dev emptydir */
2392 		error = modctl_devemptydir((const char *)a1, (size_t)a2,
2393 		    (int *)a3);
2394 		break;
2395 
2396 	case MODDEVNAME:
2397 		error = modctl_moddevname((int)a1, a2, a3);
2398 		break;
2399 
2400 	case MODRETIRE:	/* retire device named by physpath a1 */
2401 		error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2402 		break;
2403 
2404 	case MODISRETIRED:  /* check if a device is retired. */
2405 		error = modctl_is_retired((char *)a1, (int *)a2);
2406 		break;
2407 
2408 	case MODUNRETIRE:	/* unretire device named by physpath a1 */
2409 		error = modctl_unretire((char *)a1);
2410 		break;
2411 
2412 	default:
2413 		error = EINVAL;
2414 		break;
2415 	}
2416 
2417 	return (error ? set_errno(error) : 0);
2418 }
2419 
2420 /*
2421  * Calls to kobj_load_module()() are handled off to this routine in a
2422  * separate thread.
2423  */
2424 static void
2425 modload_thread(struct loadmt *ltp)
2426 {
2427 	/* load the module and signal the creator of this thread */
2428 	kmutex_t	cpr_lk;
2429 	callb_cpr_t	cpr_i;
2430 
2431 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2432 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2433 	/* borrow the devi lock from thread which invoked us */
2434 	pm_borrow_lock(ltp->owner);
2435 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2436 	pm_return_lock();
2437 	sema_v(&ltp->sema);
2438 	mutex_enter(&cpr_lk);
2439 	CALLB_CPR_EXIT(&cpr_i);
2440 	mutex_destroy(&cpr_lk);
2441 	thread_exit();
2442 }
2443 
2444 /*
2445  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2446  * is specified then an errno is returned, otherwise a module index is
2447  * returned (-1 on error).
2448  */
2449 static int
2450 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2451 {
2452 	struct modctl *modp;
2453 	size_t size;
2454 	char *fullname;
2455 	int retval = EINVAL;
2456 	int id = -1;
2457 
2458 	if (rmodp)
2459 		*rmodp = NULL;			/* avoid garbage */
2460 
2461 	if (subdir != NULL) {
2462 		/*
2463 		 * refuse / in filename to prevent "../" escapes.
2464 		 */
2465 		if (strchr(filename, '/') != NULL)
2466 			return (rmodp ? retval : id);
2467 
2468 		/*
2469 		 * allocate enough space for <subdir>/<filename><NULL>
2470 		 */
2471 		size = strlen(subdir) + strlen(filename) + 2;
2472 		fullname = kmem_zalloc(size, KM_SLEEP);
2473 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2474 	} else {
2475 		fullname = (char *)filename;
2476 	}
2477 
2478 	modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2479 	if (modp != NULL) {
2480 		id = modp->mod_id;
2481 		if (rmodp) {
2482 			/* add mod_ref and return *rmodp */
2483 			mutex_enter(&mod_lock);
2484 			modp->mod_ref++;
2485 			mutex_exit(&mod_lock);
2486 			*rmodp = modp;
2487 		}
2488 		mod_release_mod(modp);
2489 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
2490 	}
2491 
2492 done:	if (subdir != NULL)
2493 		kmem_free(fullname, size);
2494 	return (rmodp ? retval : id);
2495 }
2496 
2497 /*
2498  * This is the primary kernel interface to load a module. It loads and
2499  * installs the named module.  It does not hold mod_ref of the module, so
2500  * a module unload attempt can occur at any time - it is up to the
2501  * _fini/mod_remove implementation to determine if unload will succeed.
2502  */
2503 int
2504 modload(const char *subdir, const char *filename)
2505 {
2506 	return (modrload(subdir, filename, NULL));
2507 }
2508 
2509 /*
2510  * Load a module using a series of qualified names from most specific to least
2511  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2512  *			Value returned in *chosen
2513  * foo/bar.baz.1.2.3	3
2514  * foo/bar.baz.1.2	2
2515  * foo/bar.baz.1	1
2516  * foo/bar.baz		0
2517  *
2518  * Return the module ID on success; -1 if no module was loaded.  On success
2519  * and if 'chosen' is not NULL we also return the number of suffices that
2520  * were in the module we chose to load.
2521  */
2522 int
2523 modload_qualified(const char *subdir, const char *p1,
2524     const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2525 {
2526 	char path[MOD_MAXPATH];
2527 	size_t n, resid = sizeof (path);
2528 	char *p = path;
2529 
2530 	char **dotv;
2531 	int i, rc, id;
2532 	modctl_t *mp;
2533 
2534 	if (p2 != NULL)
2535 		n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2536 	else
2537 		n = snprintf(p, resid, "%s/%s", subdir, p1);
2538 
2539 	if (n >= resid)
2540 		return (-1);
2541 
2542 	p += n;
2543 	resid -= n;
2544 	dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2545 
2546 	for (i = 0; i < suffc; i++) {
2547 		dotv[i] = p;
2548 		n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2549 
2550 		if (n >= resid) {
2551 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2552 			return (-1);
2553 		}
2554 
2555 		p += n;
2556 		resid -= n;
2557 	}
2558 
2559 	dotv[suffc] = p;
2560 
2561 	for (i = suffc; i >= 0; i--) {
2562 		dotv[i][0] = '\0';
2563 		mp = mod_hold_installed_mod(path, 1, 1, &rc);
2564 
2565 		if (mp != NULL) {
2566 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2567 			id = mp->mod_id;
2568 			mod_release_mod(mp);
2569 			if (chosen != NULL)
2570 				*chosen = i;
2571 			return (id);
2572 		}
2573 	}
2574 
2575 	kmem_free(dotv, sizeof (char *) * (suffc + 1));
2576 	return (-1);
2577 }
2578 
2579 /*
2580  * Load a module.
2581  */
2582 int
2583 modloadonly(const char *subdir, const char *filename)
2584 {
2585 	struct modctl *modp;
2586 	char *fullname;
2587 	size_t size;
2588 	int id, retval;
2589 
2590 	if (subdir != NULL) {
2591 		/*
2592 		 * allocate enough space for <subdir>/<filename><NULL>
2593 		 */
2594 		size = strlen(subdir) + strlen(filename) + 2;
2595 		fullname = kmem_zalloc(size, KM_SLEEP);
2596 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2597 	} else {
2598 		fullname = (char *)filename;
2599 	}
2600 
2601 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2602 	if (modp) {
2603 		id = modp->mod_id;
2604 		mod_release_mod(modp);
2605 	}
2606 
2607 	if (subdir != NULL)
2608 		kmem_free(fullname, size);
2609 
2610 	if (retval == 0)
2611 		return (id);
2612 	return (-1);
2613 }
2614 
2615 /*
2616  * Try to uninstall and unload a module, removing a reference if caller
2617  * specifies rmodp.
2618  */
2619 static int
2620 modunrload(modid_t id, struct modctl **rmodp, int unload)
2621 {
2622 	struct modctl	*modp;
2623 	int		retval;
2624 
2625 	if (rmodp)
2626 		*rmodp = NULL;			/* avoid garbage */
2627 
2628 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2629 		return (EINVAL);
2630 
2631 	if (rmodp) {
2632 		mutex_enter(&mod_lock);
2633 		modp->mod_ref--;
2634 		mutex_exit(&mod_lock);
2635 		*rmodp = modp;
2636 	}
2637 
2638 	if (unload) {
2639 		retval = moduninstall(modp);
2640 		if (retval == 0) {
2641 			mod_unload(modp);
2642 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2643 		} else if (retval == EALREADY)
2644 			retval = 0;	/* already unloaded, not an error */
2645 	} else
2646 		retval = 0;
2647 
2648 	mod_release_mod(modp);
2649 	return (retval);
2650 }
2651 
2652 /*
2653  * Uninstall and unload a module.
2654  */
2655 int
2656 modunload(modid_t id)
2657 {
2658 	int		retval;
2659 
2660 	/* synchronize with any active modunload_disable() */
2661 	modunload_begin();
2662 	if (ddi_root_node())
2663 		(void) devfs_clean(ddi_root_node(), NULL, 0);
2664 	retval = modunrload(id, NULL, 1);
2665 	modunload_end();
2666 	return (retval);
2667 }
2668 
2669 /*
2670  * Return status of a loaded module.
2671  */
2672 static int
2673 modinfo(modid_t id, struct modinfo *modinfop)
2674 {
2675 	struct modctl	*modp;
2676 	modid_t		mid;
2677 	int		i;
2678 
2679 	mid = modinfop->mi_id;
2680 	if (modinfop->mi_info & MI_INFO_ALL) {
2681 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2682 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2683 			    modp->mod_installed)
2684 				break;
2685 			mod_release_mod(modp);
2686 		}
2687 		if (modp == NULL)
2688 			return (EINVAL);
2689 	} else {
2690 		modp = mod_hold_by_id(id);
2691 		if (modp == NULL)
2692 			return (EINVAL);
2693 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2694 		    (modp->mod_installed == 0)) {
2695 			mod_release_mod(modp);
2696 			return (EINVAL);
2697 		}
2698 	}
2699 
2700 	modinfop->mi_rev = 0;
2701 	modinfop->mi_state = 0;
2702 	for (i = 0; i < MODMAXLINK; i++) {
2703 		modinfop->mi_msinfo[i].msi_p0 = -1;
2704 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2705 	}
2706 	if (modp->mod_loaded) {
2707 		modinfop->mi_state = MI_LOADED;
2708 		kobj_getmodinfo(modp->mod_mp, modinfop);
2709 	}
2710 	if (modp->mod_installed) {
2711 		modinfop->mi_state |= MI_INSTALLED;
2712 
2713 		(void) mod_getinfo(modp, modinfop);
2714 	}
2715 
2716 	modinfop->mi_id = modp->mod_id;
2717 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2718 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2719 
2720 	mod_release_mod(modp);
2721 	return (0);
2722 }
2723 
2724 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2725 static char no_err[] = "No error function for weak stub %s";
2726 
2727 /*
2728  * used by the stubs themselves to load and hold a module.
2729  * Returns  0 if the module is successfully held;
2730  *	    the stub needs to call mod_release_stub().
2731  *	    -1 if the stub should just call the err_fcn.
2732  * Note that this code is stretched out so that we avoid subroutine calls
2733  * and optimize for the most likely case.  That is, the case where the
2734  * module is loaded and installed and not held.  In that case we just inc
2735  * the mod_ref count and continue.
2736  */
2737 int
2738 mod_hold_stub(struct mod_stub_info *stub)
2739 {
2740 	struct modctl *mp;
2741 	struct mod_modinfo *mip;
2742 
2743 	mip = stub->mods_modinfo;
2744 
2745 	mutex_enter(&mod_lock);
2746 
2747 	/* we do mod_hold_by_modctl inline for speed */
2748 
2749 mod_check_again:
2750 	if ((mp = mip->mp) != NULL) {
2751 		if (mp->mod_busy == 0) {
2752 			if (mp->mod_installed) {
2753 				/* increment the reference count */
2754 				mp->mod_ref++;
2755 				ASSERT(mp->mod_ref && mp->mod_installed);
2756 				mutex_exit(&mod_lock);
2757 				return (0);
2758 			} else {
2759 				mp->mod_busy = 1;
2760 				mp->mod_inprogress_thread =
2761 				    (curthread == NULL ?
2762 				    (kthread_id_t)-1 : curthread);
2763 			}
2764 		} else {
2765 			/*
2766 			 * wait one time and then go see if someone
2767 			 * else has resolved the stub (set mip->mp).
2768 			 */
2769 			if (mod_hold_by_modctl(mp,
2770 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2771 				goto mod_check_again;
2772 
2773 			/*
2774 			 * what we have now may have been unloaded!, in
2775 			 * that case, mip->mp will be NULL, we'll hit this
2776 			 * module and load again..
2777 			 */
2778 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2779 		}
2780 		mutex_exit(&mod_lock);
2781 	} else {
2782 		/* first time we've hit this module */
2783 		mutex_exit(&mod_lock);
2784 		mp = mod_hold_by_name(mip->modm_module_name);
2785 		mip->mp = mp;
2786 	}
2787 
2788 	/*
2789 	 * If we are here, it means that the following conditions
2790 	 * are satisfied.
2791 	 *
2792 	 * mip->mp != NULL
2793 	 * this thread has set the mp->mod_busy = 1
2794 	 * mp->mod_installed = 0
2795 	 *
2796 	 */
2797 	ASSERT(mp != NULL);
2798 	ASSERT(mp->mod_busy == 1);
2799 
2800 	if (mp->mod_installed == 0) {
2801 		/* Module not loaded, if weak stub don't load it */
2802 		if (stub->mods_flag & MODS_WEAK) {
2803 			if (stub->mods_errfcn == NULL) {
2804 				mod_release_mod(mp);
2805 				cmn_err(CE_PANIC, no_err,
2806 				    mip->modm_module_name);
2807 			}
2808 		} else {
2809 			/* Not a weak stub so load the module */
2810 
2811 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
2812 				/*
2813 				 * If mod_load() was successful
2814 				 * and modinstall() failed, then
2815 				 * unload the module.
2816 				 */
2817 				if (mp->mod_loaded)
2818 					mod_unload(mp);
2819 
2820 				mod_release_mod(mp);
2821 				if (stub->mods_errfcn == NULL) {
2822 					cmn_err(CE_PANIC, mod_stub_err,
2823 					    mip->modm_module_name);
2824 				} else {
2825 					return (-1);
2826 				}
2827 			}
2828 		}
2829 	}
2830 
2831 	/*
2832 	 * At this point module is held and loaded. Release
2833 	 * the mod_busy and mod_inprogress_thread before
2834 	 * returning. We actually call mod_release() here so
2835 	 * that if another stub wants to access this module,
2836 	 * it can do so. mod_ref is incremented before mod_release()
2837 	 * is called to prevent someone else from snatching the
2838 	 * module from this thread.
2839 	 */
2840 	mutex_enter(&mod_lock);
2841 	mp->mod_ref++;
2842 	ASSERT(mp->mod_ref &&
2843 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2844 	mod_release(mp);
2845 	mutex_exit(&mod_lock);
2846 	return (0);
2847 }
2848 
2849 void
2850 mod_release_stub(struct mod_stub_info *stub)
2851 {
2852 	struct modctl *mp = stub->mods_modinfo->mp;
2853 
2854 	/* inline mod_release_mod */
2855 	mutex_enter(&mod_lock);
2856 	ASSERT(mp->mod_ref &&
2857 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2858 	mp->mod_ref--;
2859 	if (mp->mod_want) {
2860 		mp->mod_want = 0;
2861 		cv_broadcast(&mod_cv);
2862 	}
2863 	mutex_exit(&mod_lock);
2864 }
2865 
2866 static struct modctl *
2867 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
2868 {
2869 	struct modctl *modp;
2870 	int retval;
2871 
2872 	/*
2873 	 * Hold the module.
2874 	 */
2875 	modp = mod_hold_by_name_requisite(dep, filename);
2876 	if (modp) {
2877 		retval = mod_load(modp, 1);
2878 		if (retval != 0) {
2879 			mod_release_mod(modp);
2880 			modp = NULL;
2881 		}
2882 		*status = retval;
2883 	} else {
2884 		*status = ENOSPC;
2885 	}
2886 
2887 	/*
2888 	 * if dep is not NULL, clear the module dependency information.
2889 	 * This information is set in mod_hold_by_name_common().
2890 	 */
2891 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
2892 		ASSERT(dep->mod_busy);
2893 		dep->mod_requisite_loading = NULL;
2894 	}
2895 
2896 	return (modp);
2897 }
2898 
2899 /*
2900  * hold, load, and install the named module
2901  */
2902 static struct modctl *
2903 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
2904 {
2905 	struct modctl *modp;
2906 	int retval;
2907 
2908 	/*
2909 	 * Verify that that module in question actually exists on disk
2910 	 * before allocation of module structure by mod_hold_by_name.
2911 	 */
2912 	if (modrootloaded && swaploaded || forcecheck) {
2913 		if (!kobj_path_exists(name, usepath)) {
2914 			*r = ENOENT;
2915 			return (NULL);
2916 		}
2917 	}
2918 
2919 	/*
2920 	 * Hold the module.
2921 	 */
2922 	modp = mod_hold_by_name(name);
2923 	if (modp) {
2924 		retval = mod_load(modp, usepath);
2925 		if (retval != 0) {
2926 			mod_release_mod(modp);
2927 			modp = NULL;
2928 			*r = retval;
2929 		} else {
2930 			if ((*r = modinstall(modp)) != 0) {
2931 				/*
2932 				 * We loaded it, but failed to _init() it.
2933 				 * Be kind to developers -- force it
2934 				 * out of memory now so that the next
2935 				 * attempt to use the module will cause
2936 				 * a reload.  See 1093793.
2937 				 */
2938 				mod_unload(modp);
2939 				mod_release_mod(modp);
2940 				modp = NULL;
2941 			}
2942 		}
2943 	} else {
2944 		*r = ENOSPC;
2945 	}
2946 	return (modp);
2947 }
2948 
2949 static char mod_excl_msg[] =
2950 	"module %s(%s) is EXCLUDED and will not be loaded\n";
2951 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
2952 
2953 /*
2954  * This routine is needed for dependencies.  Users specify dependencies
2955  * by declaring a character array initialized to filenames of dependents.
2956  * So the code that handles dependents deals with filenames (and not
2957  * module names) because that's all it has.  We load by filename and once
2958  * we've loaded a file we can get the module name.
2959  * Unfortunately there isn't a single unified filename/modulename namespace.
2960  * C'est la vie.
2961  *
2962  * We allow the name being looked up to be prepended by an optional
2963  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
2964  */
2965 struct modctl *
2966 mod_find_by_filename(char *subdir, char *filename)
2967 {
2968 	struct modctl	*mp;
2969 	size_t		sublen;
2970 
2971 	ASSERT(!MUTEX_HELD(&mod_lock));
2972 	if (subdir != NULL)
2973 		sublen = strlen(subdir);
2974 	else
2975 		sublen = 0;
2976 
2977 	mutex_enter(&mod_lock);
2978 	mp = &modules;
2979 	do {
2980 		if (sublen) {
2981 			char *mod_filename = mp->mod_filename;
2982 
2983 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
2984 			    mod_filename[sublen] == '/' &&
2985 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
2986 				mutex_exit(&mod_lock);
2987 				return (mp);
2988 			}
2989 		} else if (strcmp(filename, mp->mod_filename) == 0) {
2990 			mutex_exit(&mod_lock);
2991 			return (mp);
2992 		}
2993 	} while ((mp = mp->mod_next) != &modules);
2994 	mutex_exit(&mod_lock);
2995 	return (NULL);
2996 }
2997 
2998 /*
2999  * Check for circular dependencies.  This is called from do_dependents()
3000  * in kobj.c.  If we are the thread already loading this module, then
3001  * we're trying to load a dependent that we're already loading which
3002  * means the user specified circular dependencies.
3003  */
3004 static int
3005 mod_circdep(struct modctl *modp)
3006 {
3007 	struct modctl	*rmod;
3008 
3009 	ASSERT(MUTEX_HELD(&mod_lock));
3010 
3011 	/*
3012 	 * Check the mod_inprogress_thread first.
3013 	 * mod_inprogress_thread is used in mod_hold_stub()
3014 	 * directly to improve performance.
3015 	 */
3016 	if (modp->mod_inprogress_thread == curthread)
3017 		return (1);
3018 
3019 	/*
3020 	 * Check the module circular dependencies.
3021 	 */
3022 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3023 		/*
3024 		 * Check if there is a module circular dependency.
3025 		 */
3026 		if (rmod->mod_requisite_loading == modp)
3027 			return (1);
3028 	}
3029 	return (0);
3030 }
3031 
3032 static int
3033 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3034 {
3035 	int (*func)(struct modinfo *);
3036 	int retval;
3037 
3038 	ASSERT(modp->mod_busy);
3039 
3040 	/* primary modules don't do getinfo */
3041 	if (modp->mod_prim)
3042 		return (0);
3043 
3044 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3045 
3046 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3047 		cmn_err(CE_WARN, "_info() not defined properly in %s",
3048 		    modp->mod_filename);
3049 		/*
3050 		 * The semantics of mod_info(9F) are that 0 is failure
3051 		 * and non-zero is success.
3052 		 */
3053 		retval = 0;
3054 	} else
3055 		retval = (*func)(modinfop);	/* call _info() function */
3056 
3057 	if (moddebug & MODDEBUG_USERDEBUG)
3058 		printf("Returned from _info, retval = %x\n", retval);
3059 
3060 	return (retval);
3061 }
3062 
3063 static void
3064 modadd(struct modctl *mp)
3065 {
3066 	ASSERT(MUTEX_HELD(&mod_lock));
3067 
3068 	mp->mod_id = last_module_id++;
3069 	mp->mod_next = &modules;
3070 	mp->mod_prev = modules.mod_prev;
3071 	modules.mod_prev->mod_next = mp;
3072 	modules.mod_prev = mp;
3073 }
3074 
3075 /*ARGSUSED*/
3076 static struct modctl *
3077 allocate_modp(const char *filename, const char *modname)
3078 {
3079 	struct modctl *mp;
3080 
3081 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3082 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3083 	(void) strcpy(mp->mod_modname, modname);
3084 	return (mp);
3085 }
3086 
3087 /*
3088  * Get the value of a symbol.  This is a wrapper routine that
3089  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3090  * wrapper will prevent callers from noticing.
3091  */
3092 uintptr_t
3093 modgetsymvalue(char *name, int kernelonly)
3094 {
3095 	return (kobj_getsymvalue(name, kernelonly));
3096 }
3097 
3098 /*
3099  * Get the symbol nearest an address.  This is a wrapper routine that
3100  * calls kobj_getsymname().  kobj_getsymname() may go away but this
3101  * wrapper will prevent callers from noticing.
3102  */
3103 char *
3104 modgetsymname(uintptr_t value, ulong_t *offset)
3105 {
3106 	return (kobj_getsymname(value, offset));
3107 }
3108 
3109 /*
3110  * Lookup a symbol in a specified module.  These are wrapper routines that
3111  * call kobj_lookup().  kobj_lookup() may go away but these wrappers will
3112  * prevent callers from noticing.
3113  */
3114 uintptr_t
3115 modlookup(const char *modname, const char *symname)
3116 {
3117 	struct modctl *modp;
3118 	uintptr_t val;
3119 
3120 	if ((modp = mod_hold_by_name(modname)) == NULL)
3121 		return (0);
3122 	val = kobj_lookup(modp->mod_mp, symname);
3123 	mod_release_mod(modp);
3124 	return (val);
3125 }
3126 
3127 uintptr_t
3128 modlookup_by_modctl(modctl_t *modp, const char *symname)
3129 {
3130 	ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3131 
3132 	return (kobj_lookup(modp->mod_mp, symname));
3133 }
3134 
3135 /*
3136  * Ask the user for the name of the system file and the default path
3137  * for modules.
3138  */
3139 void
3140 mod_askparams()
3141 {
3142 	static char s0[64];
3143 	intptr_t fd;
3144 
3145 	if ((fd = kobj_open(systemfile)) != -1L)
3146 		kobj_close(fd);
3147 	else
3148 		systemfile = NULL;
3149 
3150 	/*CONSTANTCONDITION*/
3151 	while (1) {
3152 		printf("Name of system file [%s]:  ",
3153 		    systemfile ? systemfile : "/dev/null");
3154 
3155 		console_gets(s0, sizeof (s0));
3156 
3157 		if (s0[0] == '\0')
3158 			break;
3159 		else if (strcmp(s0, "/dev/null") == 0) {
3160 			systemfile = NULL;
3161 			break;
3162 		} else {
3163 			if ((fd = kobj_open(s0)) != -1L) {
3164 				kobj_close(fd);
3165 				systemfile = s0;
3166 				break;
3167 			}
3168 		}
3169 		printf("can't find file %s\n", s0);
3170 	}
3171 }
3172 
3173 static char loading_msg[] = "loading '%s' id %d\n";
3174 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3175 
3176 /*
3177  * Common code for loading a module (but not installing it).
3178  * Handoff the task of module loading to a separate thread
3179  * with a large stack if possible, since this code may recurse a few times.
3180  * Return zero if there are no errors or an errno value.
3181  */
3182 static int
3183 mod_load(struct modctl *mp, int usepath)
3184 {
3185 	int		retval;
3186 	struct modinfo	*modinfop = NULL;
3187 	struct loadmt	lt;
3188 
3189 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3190 	ASSERT(mp->mod_busy);
3191 
3192 	if (mp->mod_loaded)
3193 		return (0);
3194 
3195 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3196 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3197 		if (moddebug & MODDEBUG_LOADMSG) {
3198 			printf(mod_excl_msg, mp->mod_filename,
3199 			    mp->mod_modname);
3200 		}
3201 		return (ENXIO);
3202 	}
3203 	if (moddebug & MODDEBUG_LOADMSG2)
3204 		printf(loading_msg, mp->mod_filename, mp->mod_id);
3205 
3206 	if (curthread != &t0) {
3207 		lt.mp = mp;
3208 		lt.usepath = usepath;
3209 		lt.owner = curthread;
3210 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3211 
3212 		/* create thread to hand of call to */
3213 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
3214 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3215 
3216 		/* wait for thread to complete kobj_load_module */
3217 		sema_p(&lt.sema);
3218 
3219 		sema_destroy(&lt.sema);
3220 		retval = lt.retval;
3221 	} else
3222 		retval = kobj_load_module(mp, usepath);
3223 
3224 	if (mp->mod_mp) {
3225 		ASSERT(retval == 0);
3226 		mp->mod_loaded = 1;
3227 		mp->mod_loadcnt++;
3228 		if (moddebug & MODDEBUG_LOADMSG) {
3229 			printf(load_msg, mp->mod_filename, mp->mod_id,
3230 			    (void *)((struct module *)mp->mod_mp)->text,
3231 			    (void *)((struct module *)mp->mod_mp)->data,
3232 			    ((struct module *)mp->mod_mp)->text_size,
3233 			    ((struct module *)mp->mod_mp)->data_size);
3234 		}
3235 
3236 		/*
3237 		 * XXX - There should be a better way to get this.
3238 		 */
3239 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3240 		modinfop->mi_info = MI_INFO_LINKAGE;
3241 		if (mod_getinfo(mp, modinfop) == 0)
3242 			mp->mod_linkage = NULL;
3243 		else {
3244 			mp->mod_linkage = (void *)modinfop->mi_base;
3245 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3246 		}
3247 
3248 		/*
3249 		 * DCS: bootstrapping code. If the driver is loaded
3250 		 * before root mount, it is assumed that the driver
3251 		 * may be used before mounting root. In order to
3252 		 * access mappings of global to local minor no.'s
3253 		 * during installation/open of the driver, we load
3254 		 * them into memory here while the BOP_interfaces
3255 		 * are still up.
3256 		 */
3257 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3258 			retval = clboot_modload(mp);
3259 		}
3260 
3261 		kmem_free(modinfop, sizeof (struct modinfo));
3262 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3263 		retval = install_stubs_by_name(mp, mp->mod_modname);
3264 
3265 		/*
3266 		 * Now that the module is loaded, we need to give DTrace
3267 		 * a chance to notify its providers.  This is done via
3268 		 * the dtrace_modload function pointer.
3269 		 */
3270 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
3271 			struct modctl *dmp = mod_hold_by_name("dtrace");
3272 
3273 			if (dmp != NULL && dtrace_modload != NULL)
3274 				(*dtrace_modload)(mp);
3275 
3276 			mod_release_mod(dmp);
3277 		}
3278 
3279 	} else {
3280 		/*
3281 		 * If load failed then we need to release any requisites
3282 		 * that we had established.
3283 		 */
3284 		ASSERT(retval);
3285 		mod_release_requisites(mp);
3286 
3287 		if (moddebug & MODDEBUG_ERRMSG)
3288 			printf("error loading '%s', error %d\n",
3289 			    mp->mod_filename, retval);
3290 	}
3291 	return (retval);
3292 }
3293 
3294 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3295 
3296 static void
3297 mod_unload(struct modctl *mp)
3298 {
3299 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3300 	ASSERT(mp->mod_busy);
3301 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3302 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3303 
3304 	if (moddebug & MODDEBUG_LOADMSG)
3305 		printf(unload_msg, mp->mod_modname,
3306 		    mp->mod_id, mp->mod_loadcnt);
3307 
3308 	/*
3309 	 * If mod_ref is not zero, it means some modules might still refer
3310 	 * to this module. Then you can't unload this module right now.
3311 	 * Instead, set 1 to mod_delay_unload to notify the system of
3312 	 * unloading this module later when it's not required any more.
3313 	 */
3314 	if (mp->mod_ref > 0) {
3315 		mp->mod_delay_unload = 1;
3316 		if (moddebug & MODDEBUG_LOADMSG2) {
3317 			printf("module %s not unloaded,"
3318 			    " non-zero reference count (%d)",
3319 			    mp->mod_modname, mp->mod_ref);
3320 		}
3321 		return;
3322 	}
3323 
3324 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3325 	    (mp->mod_ref || mp->mod_prim)) {
3326 		/*
3327 		 * A DEBUG kernel would ASSERT panic above, the code is broken
3328 		 * if we get this warning.
3329 		 */
3330 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3331 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3332 		    mp->mod_ref);
3333 		return;
3334 	}
3335 
3336 	/* reset stub functions to call the binder again */
3337 	reset_stubs(mp);
3338 
3339 	/*
3340 	 * mark module as unloaded before the modctl structure is freed.
3341 	 * This is required not to reuse the modctl structure before
3342 	 * the module is marked as unloaded.
3343 	 */
3344 	mp->mod_loaded = 0;
3345 	mp->mod_linkage = NULL;
3346 
3347 	/* free the memory */
3348 	kobj_unload_module(mp);
3349 
3350 	if (mp->mod_delay_unload) {
3351 		mp->mod_delay_unload = 0;
3352 		if (moddebug & MODDEBUG_LOADMSG2) {
3353 			printf("deferred unload of module %s"
3354 			    " (id %d) successful",
3355 			    mp->mod_modname, mp->mod_id);
3356 		}
3357 	}
3358 
3359 	/* release hold on requisites */
3360 	mod_release_requisites(mp);
3361 
3362 	/*
3363 	 * Now that the module is gone, we need to give DTrace a chance to
3364 	 * remove any probes that it may have had in the module.  This is
3365 	 * done via the dtrace_modunload function pointer.
3366 	 */
3367 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
3368 		struct modctl *dmp = mod_hold_by_name("dtrace");
3369 
3370 		if (dmp != NULL && dtrace_modunload != NULL)
3371 			(*dtrace_modunload)(mp);
3372 
3373 		mod_release_mod(dmp);
3374 	}
3375 }
3376 
3377 static int
3378 modinstall(struct modctl *mp)
3379 {
3380 	int val;
3381 	int (*func)(void);
3382 
3383 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3384 	ASSERT(mp->mod_busy && mp->mod_loaded);
3385 
3386 	if (mp->mod_installed)
3387 		return (0);
3388 	/*
3389 	 * If mod_delay_unload is on, it means the system chose the deferred
3390 	 * unload for this module. Then you can't install this module until
3391 	 * it's unloaded from the system.
3392 	 */
3393 	if (mp->mod_delay_unload)
3394 		return (ENXIO);
3395 
3396 	if (moddebug & MODDEBUG_LOADMSG)
3397 		printf("installing %s, module id %d.\n",
3398 		    mp->mod_modname, mp->mod_id);
3399 
3400 	ASSERT(mp->mod_mp != NULL);
3401 	if (mod_install_requisites(mp) != 0) {
3402 		/*
3403 		 * Note that we can't call mod_unload(mp) here since
3404 		 * if modinstall() was called by mod_install_requisites(),
3405 		 * we won't be able to hold the dependent modules
3406 		 * (otherwise there would be a deadlock).
3407 		 */
3408 		return (ENXIO);
3409 	}
3410 
3411 	if (moddebug & MODDEBUG_ERRMSG) {
3412 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3413 		    mp->mod_filename, mp->mod_id,
3414 		    (void *)((struct module *)mp->mod_mp)->text,
3415 		    (void *)((struct module *)mp->mod_mp)->data,
3416 		    ((struct module *)mp->mod_mp)->text_size,
3417 		    ((struct module *)mp->mod_mp)->data_size);
3418 	}
3419 
3420 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3421 
3422 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3423 		cmn_err(CE_WARN, "_init() not defined properly in %s",
3424 		    mp->mod_filename);
3425 		return (EFAULT);
3426 	}
3427 
3428 	if (moddebug & MODDEBUG_USERDEBUG) {
3429 		printf("breakpoint before calling %s:_init()\n",
3430 		    mp->mod_modname);
3431 		if (DEBUGGER_PRESENT)
3432 			debug_enter("_init");
3433 	}
3434 
3435 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3436 	ASSERT(mp->mod_busy && mp->mod_loaded);
3437 	val = (*func)();		/* call _init */
3438 
3439 	if (moddebug & MODDEBUG_USERDEBUG)
3440 		printf("Returned from _init, val = %x\n", val);
3441 
3442 	if (val == 0) {
3443 		/*
3444 		 * Set the MODS_INSTALLED flag to enable this module
3445 		 * being called now.
3446 		 */
3447 		install_stubs(mp);
3448 		mp->mod_installed = 1;
3449 	} else if (moddebug & MODDEBUG_ERRMSG)
3450 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3451 
3452 	return (val);
3453 }
3454 
3455 int	detach_driver_unconfig = 0;
3456 
3457 static int
3458 detach_driver(char *name)
3459 {
3460 	major_t major;
3461 	int error;
3462 
3463 	/*
3464 	 * If being called from mod_uninstall_all() then the appropriate
3465 	 * driver detaches (leaf only) have already been done.
3466 	 */
3467 	if (mod_in_autounload())
3468 		return (0);
3469 
3470 	major = ddi_name_to_major(name);
3471 	if (major == DDI_MAJOR_T_NONE)
3472 		return (0);
3473 
3474 	error = ndi_devi_unconfig_driver(ddi_root_node(),
3475 	    NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3476 	return (error == NDI_SUCCESS ? 0 : -1);
3477 }
3478 
3479 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3480 
3481 static int
3482 moduninstall(struct modctl *mp)
3483 {
3484 	int status = 0;
3485 	int (*func)(void);
3486 
3487 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3488 	ASSERT(mp->mod_busy);
3489 
3490 	/*
3491 	 * Verify that we need to do something and can uninstall the module.
3492 	 *
3493 	 * If we should not uninstall the module or if the module is not in
3494 	 * the correct state to start an uninstall we return EBUSY to prevent
3495 	 * us from progressing to mod_unload.  If the module has already been
3496 	 * uninstalled and unloaded we return EALREADY.
3497 	 */
3498 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3499 		return (EBUSY);
3500 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3501 		return (EALREADY);
3502 
3503 	/*
3504 	 * To avoid devinfo / module deadlock we must release this module
3505 	 * prior to initiating the detach_driver, otherwise the detach_driver
3506 	 * might deadlock on a devinfo node held by another thread
3507 	 * coming top down and involving the module we have locked.
3508 	 *
3509 	 * When we regrab the module we must reverify that it is OK
3510 	 * to proceed with the uninstall operation.
3511 	 */
3512 	mod_release_mod(mp);
3513 	status = detach_driver(mp->mod_modname);
3514 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3515 
3516 	/* check detach status and reverify state with lock */
3517 	mutex_enter(&mod_lock);
3518 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3519 		mutex_exit(&mod_lock);
3520 		return (EBUSY);
3521 	}
3522 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3523 		mutex_exit(&mod_lock);
3524 		return (EALREADY);
3525 	}
3526 	mutex_exit(&mod_lock);
3527 
3528 	if (moddebug & MODDEBUG_LOADMSG2)
3529 		printf("uninstalling %s\n", mp->mod_modname);
3530 
3531 	/*
3532 	 * lookup _fini, return EBUSY if not defined.
3533 	 *
3534 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3535 	 * detach(9E) - it allows bufctl addresses to be resolved.
3536 	 */
3537 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3538 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3539 	    (moddebug & MODDEBUG_FINI_EBUSY))
3540 		return (EBUSY);
3541 
3542 	/* verify that _fini is in this module */
3543 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3544 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
3545 		    mp->mod_filename);
3546 		return (EFAULT);
3547 	}
3548 
3549 	/* call _fini() */
3550 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3551 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3552 
3553 	status = (*func)();
3554 
3555 	if (status == 0) {
3556 		/* _fini returned success, the module is no longer installed */
3557 		if (moddebug & MODDEBUG_LOADMSG)
3558 			printf("uninstalled %s\n", mp->mod_modname);
3559 
3560 		/*
3561 		 * Even though we only set mod_installed to zero here, a zero
3562 		 * return value means we are committed to a code path were
3563 		 * mod_loaded will also end up as zero - we have no other
3564 		 * way to get the module data and bss back to the pre _init
3565 		 * state except a reload. To ensure this, after return,
3566 		 * mod_busy must stay set until mod_loaded is cleared.
3567 		 */
3568 		mp->mod_installed = 0;
3569 
3570 		/*
3571 		 * Clear the MODS_INSTALLED flag not to call functions
3572 		 * in the module directly from now on.
3573 		 */
3574 		uninstall_stubs(mp);
3575 	} else {
3576 		if (moddebug & MODDEBUG_USERDEBUG)
3577 			printf(finiret_msg, mp->mod_filename, status);
3578 		/*
3579 		 * By definition _fini is only allowed to return EBUSY or the
3580 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
3581 		 * that a driver returns EALREADY we convert this to EINVAL
3582 		 * since to our caller EALREADY means module was already
3583 		 * removed.
3584 		 */
3585 		if (status == EALREADY)
3586 			status = EINVAL;
3587 	}
3588 
3589 	return (status);
3590 }
3591 
3592 /*
3593  * Uninstall all modules.
3594  */
3595 static void
3596 mod_uninstall_all(void)
3597 {
3598 	struct modctl	*mp;
3599 	modid_t		modid = 0;
3600 
3601 	/* synchronize with any active modunload_disable() */
3602 	modunload_begin();
3603 
3604 	/* mark this thread as doing autounloading */
3605 	(void) tsd_set(mod_autounload_key, (void *)1);
3606 
3607 	(void) devfs_clean(ddi_root_node(), NULL, 0);
3608 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3609 
3610 	while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3611 		modid = mp->mod_id;
3612 		/*
3613 		 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3614 		 */
3615 		if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3616 			mod_release_mod(mp);
3617 			continue;
3618 		}
3619 
3620 		if (moduninstall(mp) == 0) {
3621 			mod_unload(mp);
3622 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3623 		}
3624 		mod_release_mod(mp);
3625 	}
3626 
3627 	(void) tsd_set(mod_autounload_key, NULL);
3628 	modunload_end();
3629 }
3630 
3631 /* wait for unloads that have begun before registering disable */
3632 void
3633 modunload_disable(void)
3634 {
3635 	mutex_enter(&modunload_wait_mutex);
3636 	while (modunload_active_count) {
3637 		modunload_wait++;
3638 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3639 		modunload_wait--;
3640 	}
3641 	modunload_disable_count++;
3642 	mutex_exit(&modunload_wait_mutex);
3643 }
3644 
3645 /* mark end of disable and signal waiters */
3646 void
3647 modunload_enable(void)
3648 {
3649 	mutex_enter(&modunload_wait_mutex);
3650 	modunload_disable_count--;
3651 	if ((modunload_disable_count == 0) && modunload_wait)
3652 		cv_broadcast(&modunload_wait_cv);
3653 	mutex_exit(&modunload_wait_mutex);
3654 }
3655 
3656 /* wait for disables to complete before begining unload */
3657 void
3658 modunload_begin()
3659 {
3660 	mutex_enter(&modunload_wait_mutex);
3661 	while (modunload_disable_count) {
3662 		modunload_wait++;
3663 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3664 		modunload_wait--;
3665 	}
3666 	modunload_active_count++;
3667 	mutex_exit(&modunload_wait_mutex);
3668 }
3669 
3670 /* mark end of unload and signal waiters */
3671 void
3672 modunload_end()
3673 {
3674 	mutex_enter(&modunload_wait_mutex);
3675 	modunload_active_count--;
3676 	if ((modunload_active_count == 0) && modunload_wait)
3677 		cv_broadcast(&modunload_wait_cv);
3678 	mutex_exit(&modunload_wait_mutex);
3679 }
3680 
3681 void
3682 mod_uninstall_daemon(void)
3683 {
3684 	callb_cpr_t	cprinfo;
3685 	clock_t		ticks = 0;
3686 
3687 	mod_aul_thread = curthread;
3688 
3689 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3690 	for (;;) {
3691 		mutex_enter(&mod_uninstall_lock);
3692 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3693 		/*
3694 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3695 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3696 		 * be disabled by setting mod_uninstall_interval to 0 which is
3697 		 * the default for a non-DEBUG kernel.
3698 		 */
3699 		if (mod_uninstall_interval) {
3700 			ticks = ddi_get_lbolt() +
3701 			    drv_usectohz(mod_uninstall_interval * 1000000);
3702 			(void) cv_timedwait(&mod_uninstall_cv,
3703 			    &mod_uninstall_lock, ticks);
3704 		} else {
3705 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3706 		}
3707 		/*
3708 		 * The whole daemon is safe for CPR except we don't want
3709 		 * the daemon to run if FREEZE is issued and this daemon
3710 		 * wakes up from the cv_wait above. In this case, it'll be
3711 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3712 		 *
3713 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3714 		 * mod_uninstall_lock is used to protect cprinfo and
3715 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3716 		 * called.
3717 		 */
3718 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3719 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3720 		mutex_exit(&mod_uninstall_lock);
3721 		if ((modunload_disable_count == 0) &&
3722 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3723 			mod_uninstall_all();
3724 		}
3725 	}
3726 }
3727 
3728 /*
3729  * Unload all uninstalled modules.
3730  */
3731 void
3732 modreap(void)
3733 {
3734 	mutex_enter(&mod_uninstall_lock);
3735 	cv_broadcast(&mod_uninstall_cv);
3736 	mutex_exit(&mod_uninstall_lock);
3737 }
3738 
3739 /*
3740  * Hold the specified module. This is the module holding primitive.
3741  *
3742  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3743  *
3744  * Return values:
3745  *	 0 ==> the module is held
3746  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3747  *		to determine how to retry.
3748  */
3749 int
3750 mod_hold_by_modctl(struct modctl *mp, int f)
3751 {
3752 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3753 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3754 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3755 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3756 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3757 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3758 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3759 
3760 	if (f & MOD_LOCK_NOT_HELD)
3761 		mutex_enter(&mod_lock);
3762 
3763 	while (mp->mod_busy) {
3764 		mp->mod_want = 1;
3765 		cv_wait(&mod_cv, &mod_lock);
3766 		/*
3767 		 * Module may be unloaded by daemon.
3768 		 * Nevertheless, modctl structure is still in linked list
3769 		 * (i.e., off &modules), not freed!
3770 		 * Caller is not supposed to assume "mp" is valid, but there
3771 		 * is no reasonable way to detect this but using
3772 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3773 		 *   (or similar check depending on calling context)
3774 		 * DON'T free modctl structure, it will be very very
3775 		 * problematic.
3776 		 */
3777 		if (f & MOD_WAIT_ONCE) {
3778 			if (f & MOD_LOCK_NOT_HELD)
3779 				mutex_exit(&mod_lock);
3780 			return (1);	/* caller decides how to retry */
3781 		}
3782 	}
3783 
3784 	mp->mod_busy = 1;
3785 	mp->mod_inprogress_thread =
3786 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
3787 
3788 	if (f & MOD_LOCK_NOT_HELD)
3789 		mutex_exit(&mod_lock);
3790 	return (0);
3791 }
3792 
3793 static struct modctl *
3794 mod_hold_by_name_common(struct modctl *dep, const char *filename)
3795 {
3796 	const char	*modname;
3797 	struct modctl	*mp;
3798 	char		*curname, *newname;
3799 	int		found = 0;
3800 
3801 	mutex_enter(&mod_lock);
3802 
3803 	if ((modname = strrchr(filename, '/')) == NULL)
3804 		modname = filename;
3805 	else
3806 		modname++;
3807 
3808 	mp = &modules;
3809 	do {
3810 		if (strcmp(modname, mp->mod_modname) == 0) {
3811 			found = 1;
3812 			break;
3813 		}
3814 	} while ((mp = mp->mod_next) != &modules);
3815 
3816 	if (found == 0) {
3817 		mp = allocate_modp(filename, modname);
3818 		modadd(mp);
3819 	}
3820 
3821 	/*
3822 	 * if dep is not NULL, set the mp in mod_requisite_loading for
3823 	 * the module circular dependency check. This field is used in
3824 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
3825 	 */
3826 	if (dep != NULL) {
3827 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
3828 		dep->mod_requisite_loading = mp;
3829 	}
3830 
3831 	/*
3832 	 * If the module was held, then it must be us who has it held.
3833 	 */
3834 	if (mod_circdep(mp))
3835 		mp = NULL;
3836 	else {
3837 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3838 
3839 		/*
3840 		 * If the name hadn't been set or has changed, allocate
3841 		 * space and set it.  Free space used by previous name.
3842 		 *
3843 		 * Do not change the name of primary modules, for primary
3844 		 * modules the mod_filename was allocated in standalone mode:
3845 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
3846 		 * in non-standalone mode.
3847 		 */
3848 		curname = mp->mod_filename;
3849 		if (curname == NULL ||
3850 		    ((mp->mod_prim == 0) &&
3851 		    (curname != filename) &&
3852 		    (modname != filename) &&
3853 		    (strcmp(curname, filename) != 0))) {
3854 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
3855 			(void) strcpy(newname, filename);
3856 			mp->mod_filename = newname;
3857 			if (curname != NULL)
3858 				kobj_free(curname, strlen(curname) + 1);
3859 		}
3860 	}
3861 
3862 	mutex_exit(&mod_lock);
3863 	if (mp && moddebug & MODDEBUG_LOADMSG2)
3864 		printf("Holding %s\n", mp->mod_filename);
3865 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
3866 		printf("circular dependency loading %s\n", filename);
3867 	return (mp);
3868 }
3869 
3870 static struct modctl *
3871 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
3872 {
3873 	return (mod_hold_by_name_common(dep, filename));
3874 }
3875 
3876 struct modctl *
3877 mod_hold_by_name(const char *filename)
3878 {
3879 	return (mod_hold_by_name_common(NULL, filename));
3880 }
3881 
3882 struct modctl *
3883 mod_hold_by_id(modid_t modid)
3884 {
3885 	struct modctl	*mp;
3886 	int		found = 0;
3887 
3888 	mutex_enter(&mod_lock);
3889 	mp = &modules;
3890 	do {
3891 		if (mp->mod_id == modid) {
3892 			found = 1;
3893 			break;
3894 		}
3895 	} while ((mp = mp->mod_next) != &modules);
3896 
3897 	if ((found == 0) || mod_circdep(mp))
3898 		mp = NULL;
3899 	else
3900 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3901 
3902 	mutex_exit(&mod_lock);
3903 	return (mp);
3904 }
3905 
3906 static struct modctl *
3907 mod_hold_next_by_id(modid_t modid)
3908 {
3909 	struct modctl	*mp;
3910 	int		found = 0;
3911 
3912 	if (modid < -1)
3913 		return (NULL);
3914 
3915 	mutex_enter(&mod_lock);
3916 
3917 	mp = &modules;
3918 	do {
3919 		if (mp->mod_id > modid) {
3920 			found = 1;
3921 			break;
3922 		}
3923 	} while ((mp = mp->mod_next) != &modules);
3924 
3925 	if ((found == 0) || mod_circdep(mp))
3926 		mp = NULL;
3927 	else
3928 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3929 
3930 	mutex_exit(&mod_lock);
3931 	return (mp);
3932 }
3933 
3934 static void
3935 mod_release(struct modctl *mp)
3936 {
3937 	ASSERT(MUTEX_HELD(&mod_lock));
3938 	ASSERT(mp->mod_busy);
3939 
3940 	mp->mod_busy = 0;
3941 	mp->mod_inprogress_thread = NULL;
3942 	if (mp->mod_want) {
3943 		mp->mod_want = 0;
3944 		cv_broadcast(&mod_cv);
3945 	}
3946 }
3947 
3948 void
3949 mod_release_mod(struct modctl *mp)
3950 {
3951 	if (moddebug & MODDEBUG_LOADMSG2)
3952 		printf("Releasing %s\n", mp->mod_filename);
3953 	mutex_enter(&mod_lock);
3954 	mod_release(mp);
3955 	mutex_exit(&mod_lock);
3956 }
3957 
3958 modid_t
3959 mod_name_to_modid(char *filename)
3960 {
3961 	char		*modname;
3962 	struct modctl	*mp;
3963 
3964 	mutex_enter(&mod_lock);
3965 
3966 	if ((modname = strrchr(filename, '/')) == NULL)
3967 		modname = filename;
3968 	else
3969 		modname++;
3970 
3971 	mp = &modules;
3972 	do {
3973 		if (strcmp(modname, mp->mod_modname) == 0) {
3974 			mutex_exit(&mod_lock);
3975 			return (mp->mod_id);
3976 		}
3977 	} while ((mp = mp->mod_next) != &modules);
3978 
3979 	mutex_exit(&mod_lock);
3980 	return (-1);
3981 }
3982 
3983 
3984 int
3985 mod_remove_by_name(char *name)
3986 {
3987 	struct modctl *mp;
3988 	int retval;
3989 
3990 	mp = mod_hold_by_name(name);
3991 
3992 	if (mp == NULL)
3993 		return (EINVAL);
3994 
3995 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3996 		/*
3997 		 * Do not unload forceloaded modules
3998 		 */
3999 		mod_release_mod(mp);
4000 		return (0);
4001 	}
4002 
4003 	if ((retval = moduninstall(mp)) == 0) {
4004 		mod_unload(mp);
4005 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4006 	} else if (retval == EALREADY)
4007 		retval = 0;		/* already unloaded, not an error */
4008 	mod_release_mod(mp);
4009 	return (retval);
4010 }
4011 
4012 /*
4013  * Record that module "dep" is dependent on module "on_mod."
4014  */
4015 static void
4016 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4017 {
4018 	struct modctl_list **pmlnp;	/* previous next pointer */
4019 	struct modctl_list *mlp;
4020 	struct modctl_list *new;
4021 
4022 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
4023 	mutex_enter(&mod_lock);
4024 
4025 	/*
4026 	 * Search dependent's requisite list to see if on_mod is recorded.
4027 	 * List is ordered by id.
4028 	 */
4029 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4030 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4031 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4032 			break;
4033 
4034 	/* Create and insert if not already recorded */
4035 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4036 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4037 		new->modl_modp = on_mod;
4038 		new->modl_next = mlp;
4039 		*pmlnp = new;
4040 
4041 		/*
4042 		 * Increment the mod_ref count in our new requisite module.
4043 		 * This is what keeps a module that has other modules
4044 		 * which are dependent on it from being uninstalled and
4045 		 * unloaded. "on_mod"'s mod_ref count decremented in
4046 		 * mod_release_requisites when the "dependent" module
4047 		 * unload is complete.  "on_mod" must be loaded, but may not
4048 		 * yet be installed.
4049 		 */
4050 		on_mod->mod_ref++;
4051 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4052 	}
4053 
4054 	mutex_exit(&mod_lock);
4055 }
4056 
4057 /*
4058  * release the hold associated with mod_make_requisite mod_ref++
4059  * as part of unload.
4060  */
4061 void
4062 mod_release_requisites(struct modctl *modp)
4063 {
4064 	struct modctl_list *modl;
4065 	struct modctl_list *next;
4066 	struct modctl *req;
4067 	struct modctl_list *start = NULL, *mod_garbage;
4068 
4069 	ASSERT(modp->mod_busy);
4070 	ASSERT(!MUTEX_HELD(&mod_lock));
4071 
4072 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
4073 	for (modl = modp->mod_requisites; modl; modl = next) {
4074 		next = modl->modl_next;
4075 		req = modl->modl_modp;
4076 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4077 		req->mod_ref--;
4078 
4079 		/*
4080 		 * Check if the module has to be unloaded or not.
4081 		 */
4082 		if (req->mod_ref == 0 && req->mod_delay_unload) {
4083 			struct modctl_list *new;
4084 			/*
4085 			 * Allocate the modclt_list holding the garbage
4086 			 * module which should be unloaded later.
4087 			 */
4088 			new = kobj_zalloc(sizeof (struct modctl_list),
4089 			    KM_SLEEP);
4090 			new->modl_modp = req;
4091 
4092 			if (start == NULL)
4093 				mod_garbage = start = new;
4094 			else {
4095 				mod_garbage->modl_next = new;
4096 				mod_garbage = new;
4097 			}
4098 		}
4099 
4100 		/* free the list as we go */
4101 		kobj_free(modl, sizeof (*modl));
4102 	}
4103 	modp->mod_requisites = NULL;
4104 	mutex_exit(&mod_lock);
4105 
4106 	/*
4107 	 * Unload the garbage modules.
4108 	 */
4109 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4110 		struct modctl_list *old = mod_garbage;
4111 		struct modctl *mp = mod_garbage->modl_modp;
4112 		ASSERT(mp != NULL);
4113 
4114 		/*
4115 		 * Hold this module until it's unloaded completely.
4116 		 */
4117 		(void) mod_hold_by_modctl(mp,
4118 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4119 		/*
4120 		 * Check if the module is not unloaded yet and nobody requires
4121 		 * the module. If it's unloaded already or somebody still
4122 		 * requires the module, don't unload it now.
4123 		 */
4124 		if (mp->mod_loaded && mp->mod_ref == 0)
4125 			mod_unload(mp);
4126 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4127 		    (mp->mod_ref > 0));
4128 		mod_release_mod(mp);
4129 
4130 		mod_garbage = mod_garbage->modl_next;
4131 		kobj_free(old, sizeof (struct modctl_list));
4132 	}
4133 }
4134 
4135 /*
4136  * Process dependency of the module represented by "dep" on the
4137  * module named by "on."
4138  *
4139  * Called from kobj_do_dependents() to load a module "on" on which
4140  * "dep" depends.
4141  */
4142 struct modctl *
4143 mod_load_requisite(struct modctl *dep, char *on)
4144 {
4145 	struct modctl *on_mod;
4146 	int retval;
4147 
4148 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4149 		mod_make_requisite(dep, on_mod);
4150 	} else if (moddebug & MODDEBUG_ERRMSG) {
4151 		printf("error processing %s on which module %s depends\n",
4152 		    on, dep->mod_modname);
4153 	}
4154 	return (on_mod);
4155 }
4156 
4157 static int
4158 mod_install_requisites(struct modctl *modp)
4159 {
4160 	struct modctl_list *modl;
4161 	struct modctl *req;
4162 	int status = 0;
4163 
4164 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4165 	ASSERT(modp->mod_busy);
4166 
4167 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4168 		req = modl->modl_modp;
4169 		(void) mod_hold_by_modctl(req,
4170 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4171 		status = modinstall(req);
4172 		mod_release_mod(req);
4173 
4174 		if (status != 0)
4175 			break;
4176 	}
4177 	return (status);
4178 }
4179 
4180 /*
4181  * returns 1 if this thread is doing autounload, 0 otherwise.
4182  * see mod_uninstall_all.
4183  */
4184 int
4185 mod_in_autounload()
4186 {
4187 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4188 }
4189 
4190 /*
4191  * gmatch adapted from libc, stripping the wchar stuff
4192  */
4193 #define	popchar(p, c)	{ \
4194 		c = *p++; \
4195 		if (c == 0) { \
4196 			return (0); \
4197 		} \
4198 	}
4199 
4200 int
4201 gmatch(const char *s, const char *p)
4202 {
4203 	int c, sc;
4204 	int ok, lc, notflag;
4205 
4206 	sc = *s++;
4207 	c = *p++;
4208 	if (c == 0)
4209 		return (sc == c);	/* nothing matches nothing */
4210 
4211 	switch (c) {
4212 	case '\\':
4213 		/* skip to quoted character */
4214 		popchar(p, c);
4215 		/*FALLTHRU*/
4216 
4217 	default:
4218 		/* straight comparison */
4219 		if (c != sc)
4220 			return (0);
4221 		/*FALLTHRU*/
4222 
4223 	case '?':
4224 		/* first char matches, move to remainder */
4225 		return (sc != '\0' ? gmatch(s, p) : 0);
4226 
4227 
4228 	case '*':
4229 		while (*p == '*')
4230 			p++;
4231 
4232 		/* * matches everything */
4233 		if (*p == 0)
4234 			return (1);
4235 
4236 		/* undo skip at the beginning & iterate over substrings */
4237 		--s;
4238 		while (*s) {
4239 			if (gmatch(s, p))
4240 				return (1);
4241 			s++;
4242 		}
4243 		return (0);
4244 
4245 	case '[':
4246 		/* match any char within [] */
4247 		if (sc == 0)
4248 			return (0);
4249 
4250 		ok = lc = notflag = 0;
4251 
4252 		if (*p == '!') {
4253 			notflag = 1;
4254 			p++;
4255 		}
4256 		popchar(p, c);
4257 
4258 		do {
4259 			if (c == '-' && lc && *p != ']') {
4260 				/* test sc against range [c1-c2] */
4261 				popchar(p, c);
4262 				if (c == '\\') {
4263 					popchar(p, c);
4264 				}
4265 
4266 				if (notflag) {
4267 					/* return 0 on mismatch */
4268 					if (lc <= sc && sc <= c)
4269 						return (0);
4270 					ok++;
4271 				} else if (lc <= sc && sc <= c) {
4272 					ok++;
4273 				}
4274 				/* keep going, may get a match next */
4275 			} else if (c == '\\') {
4276 				/* skip to quoted character */
4277 				popchar(p, c);
4278 			}
4279 			lc = c;
4280 			if (notflag) {
4281 				if (sc == lc)
4282 					return (0);
4283 				ok++;
4284 			} else if (sc == lc) {
4285 				ok++;
4286 			}
4287 			popchar(p, c);
4288 		} while (c != ']');
4289 
4290 		/* recurse on remainder of string */
4291 		return (ok ? gmatch(s, p) : 0);
4292 	}
4293 	/*NOTREACHED*/
4294 }
4295 
4296 
4297 /*
4298  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4299  *
4300  * Pure wild-carded patterns are handled separately so the ordering of
4301  * these patterns doesn't matter.  We're still dependent on ordering
4302  * however as the first matching entry is the one returned.
4303  * Not ideal but all existing examples and usage do imply this
4304  * ordering implicitly.
4305  *
4306  * Drivers using the clone driver are always good for some entertainment.
4307  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4308  * perm entries have the form clone:<driver>, others use <driver>:*
4309  * Examples are clone:llc1 vs. llc2:*, for example.
4310  *
4311  * Minor perms in the clone:<driver> form are mapped to the drivers's
4312  * mperm list, not the clone driver, as wildcard entries for clone
4313  * reference only.  In other words, a clone wildcard will match
4314  * references for clone@0:<driver> but never <driver>@<minor>.
4315  *
4316  * Additional minor perms in the standard form are also supported,
4317  * for mixed usage, ie a node with an entry clone:<driver> could
4318  * provide further entries <driver>:<minor>.
4319  *
4320  * Finally, some uses of clone use an alias as the minor name rather
4321  * than the driver name, with the alias as the minor perm entry.
4322  * This case is handled by attaching the driver to bring its
4323  * minor list into existence, then discover the alias via DDI_ALIAS.
4324  * The clone device's minor perm list can then be searched for
4325  * that alias.
4326  */
4327 
4328 static int
4329 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4330 {
4331 	major_t			major;
4332 	struct devnames		*dnp;
4333 	mperm_t			*mp;
4334 	char			*alias = NULL;
4335 	dev_info_t		*cdevi;
4336 	int			circ;
4337 	struct ddi_minor_data	*dmd;
4338 
4339 	major = ddi_name_to_major(minor_name);
4340 
4341 	ASSERT(dip == clone_dip);
4342 	ASSERT(major != DDI_MAJOR_T_NONE);
4343 
4344 	/*
4345 	 * Attach the driver named by the minor node, then
4346 	 * search its first instance's minor list for an
4347 	 * alias node.
4348 	 */
4349 	if (ddi_hold_installed_driver(major) == NULL)
4350 		return (1);
4351 
4352 	dnp = &devnamesp[major];
4353 	LOCK_DEV_OPS(&dnp->dn_lock);
4354 
4355 	if ((cdevi = dnp->dn_head) != NULL) {
4356 		ndi_devi_enter(cdevi, &circ);
4357 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4358 			if (dmd->type == DDM_ALIAS) {
4359 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4360 				break;
4361 			}
4362 		}
4363 		ndi_devi_exit(cdevi, circ);
4364 	}
4365 
4366 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4367 	ddi_rele_driver(major);
4368 
4369 	if (alias == NULL) {
4370 		if (moddebug & MODDEBUG_MINORPERM)
4371 			cmn_err(CE_CONT, "dev_minorperm: "
4372 			    "no alias for %s\n", minor_name);
4373 		return (1);
4374 	}
4375 
4376 	major = ddi_driver_major(clone_dip);
4377 	dnp = &devnamesp[major];
4378 	LOCK_DEV_OPS(&dnp->dn_lock);
4379 
4380 	/*
4381 	 * Go through the clone driver's mperm list looking
4382 	 * for a match for the specified alias.
4383 	 */
4384 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4385 		if (strcmp(alias, mp->mp_minorname) == 0) {
4386 			break;
4387 		}
4388 	}
4389 
4390 	if (mp) {
4391 		if (moddebug & MODDEBUG_MP_MATCH) {
4392 			cmn_err(CE_CONT,
4393 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4394 			    minor_name, alias, mp->mp_mode,
4395 			    mp->mp_uid, mp->mp_gid);
4396 		}
4397 		rmp->mp_uid = mp->mp_uid;
4398 		rmp->mp_gid = mp->mp_gid;
4399 		rmp->mp_mode = mp->mp_mode;
4400 	}
4401 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4402 
4403 	kmem_free(alias, strlen(alias)+1);
4404 
4405 	return (mp == NULL);
4406 }
4407 
4408 int
4409 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4410 {
4411 	major_t major;
4412 	char *minor_name;
4413 	struct devnames *dnp;
4414 	mperm_t *mp;
4415 	int is_clone = 0;
4416 
4417 	if (!minorperm_loaded) {
4418 		if (moddebug & MODDEBUG_MINORPERM)
4419 			cmn_err(CE_CONT,
4420 			    "%s: minor perm not yet loaded\n", name);
4421 		return (1);
4422 	}
4423 
4424 	minor_name = strchr(name, ':');
4425 	if (minor_name == NULL)
4426 		return (1);
4427 	minor_name++;
4428 
4429 	/*
4430 	 * If it's the clone driver, search the driver as named
4431 	 * by the minor.  All clone minor perm entries other than
4432 	 * alias nodes are actually installed on the real driver's list.
4433 	 */
4434 	if (dip == clone_dip) {
4435 		major = ddi_name_to_major(minor_name);
4436 		if (major == DDI_MAJOR_T_NONE) {
4437 			if (moddebug & MODDEBUG_MINORPERM)
4438 				cmn_err(CE_CONT, "dev_minorperm: "
4439 				    "%s: no such driver\n", minor_name);
4440 			return (1);
4441 		}
4442 		is_clone = 1;
4443 	} else {
4444 		major = ddi_driver_major(dip);
4445 		ASSERT(major != DDI_MAJOR_T_NONE);
4446 	}
4447 
4448 	dnp = &devnamesp[major];
4449 	LOCK_DEV_OPS(&dnp->dn_lock);
4450 
4451 	/*
4452 	 * Go through the driver's mperm list looking for
4453 	 * a match for the specified minor.  If there's
4454 	 * no matching pattern, use the wild card.
4455 	 * Defer to the clone wild for clone if specified,
4456 	 * otherwise fall back to the normal form.
4457 	 */
4458 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4459 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
4460 			break;
4461 		}
4462 	}
4463 	if (mp == NULL) {
4464 		if (is_clone)
4465 			mp = dnp->dn_mperm_clone;
4466 		if (mp == NULL)
4467 			mp = dnp->dn_mperm_wild;
4468 	}
4469 
4470 	if (mp) {
4471 		if (moddebug & MODDEBUG_MP_MATCH) {
4472 			cmn_err(CE_CONT,
4473 			    "minor perm defaults: %s %s 0%o %d %d\n",
4474 			    name, mp->mp_minorname, mp->mp_mode,
4475 			    mp->mp_uid, mp->mp_gid);
4476 		}
4477 		rmp->mp_uid = mp->mp_uid;
4478 		rmp->mp_gid = mp->mp_gid;
4479 		rmp->mp_mode = mp->mp_mode;
4480 	}
4481 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4482 
4483 	/*
4484 	 * If no match can be found for a clone node,
4485 	 * search for a possible match for an alias.
4486 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4487 	 * with minor perm entry clone:ptmx.
4488 	 */
4489 	if (mp == NULL && is_clone) {
4490 		return (dev_alias_minorperm(dip, minor_name, rmp));
4491 	}
4492 
4493 	return (mp == NULL);
4494 }
4495 
4496 /*
4497  * dynamicaly reference load a dl module/library, returning handle
4498  */
4499 /*ARGSUSED*/
4500 ddi_modhandle_t
4501 ddi_modopen(const char *modname, int mode, int *errnop)
4502 {
4503 	char		*subdir;
4504 	char		*mod;
4505 	int		subdirlen;
4506 	struct modctl	*hmodp = NULL;
4507 	int		retval = EINVAL;
4508 
4509 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4510 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4511 		goto out;
4512 
4513 	/* find last '/' in modname */
4514 	mod = strrchr(modname, '/');
4515 
4516 	if (mod) {
4517 		/* for subdir string without modification to argument */
4518 		mod++;
4519 		subdirlen = mod - modname;
4520 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
4521 		(void) strlcpy(subdir, modname, subdirlen);
4522 	} else {
4523 		subdirlen = 0;
4524 		subdir = "misc";
4525 		mod = (char *)modname;
4526 	}
4527 
4528 	/* reference load with errno return value */
4529 	retval = modrload(subdir, mod, &hmodp);
4530 
4531 	if (subdirlen)
4532 		kmem_free(subdir, subdirlen);
4533 
4534 out:	if (errnop)
4535 		*errnop = retval;
4536 
4537 	if (moddebug & MODDEBUG_DDI_MOD)
4538 		printf("ddi_modopen %s mode %x: %s %p %d\n",
4539 		    modname ? modname : "<unknown>", mode,
4540 		    hmodp ? hmodp->mod_filename : "<unknown>",
4541 		    (void *)hmodp, retval);
4542 
4543 	return ((ddi_modhandle_t)hmodp);
4544 }
4545 
4546 /* lookup "name" in open dl module/library */
4547 void *
4548 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4549 {
4550 	struct modctl	*hmodp = (struct modctl *)h;
4551 	void		*f;
4552 	int		retval;
4553 
4554 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4555 	if ((hmodp == NULL) || (name == NULL) ||
4556 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4557 		f = NULL;
4558 		retval = EINVAL;
4559 	} else {
4560 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4561 		if (f)
4562 			retval = 0;
4563 		else
4564 			retval = ENOTSUP;
4565 	}
4566 
4567 	if (moddebug & MODDEBUG_DDI_MOD)
4568 		printf("ddi_modsym in %s of %s: %d %p\n",
4569 		    hmodp ? hmodp->mod_modname : "<unknown>",
4570 		    name ? name : "<unknown>", retval, f);
4571 
4572 	if (errnop)
4573 		*errnop = retval;
4574 	return (f);
4575 }
4576 
4577 /* dynamic (un)reference unload of an open dl module/library */
4578 int
4579 ddi_modclose(ddi_modhandle_t h)
4580 {
4581 	struct modctl	*hmodp = (struct modctl *)h;
4582 	struct modctl	*modp = NULL;
4583 	int		retval;
4584 
4585 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4586 	if ((hmodp == NULL) ||
4587 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4588 		retval = EINVAL;
4589 		goto out;
4590 	}
4591 
4592 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4593 	if (retval == EBUSY)
4594 		retval = 0;	/* EBUSY is not an error */
4595 
4596 	if (retval == 0) {
4597 		ASSERT(hmodp == modp);
4598 		if (hmodp != modp)
4599 			retval = EINVAL;
4600 	}
4601 
4602 out:	if (moddebug & MODDEBUG_DDI_MOD)
4603 		printf("ddi_modclose %s: %d\n",
4604 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
4605 
4606 	return (retval);
4607 }
4608