xref: /illumos-gate/usr/src/uts/common/os/modctl.c (revision b3403853e80914bd0aade9b5b605da4878078173)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright (c) 2017 Joyent, Inc.
25  */
26 
27 /*
28  * modctl system call for loadable module support.
29  */
30 
31 #include <sys/param.h>
32 #include <sys/user.h>
33 #include <sys/systm.h>
34 #include <sys/exec.h>
35 #include <sys/file.h>
36 #include <sys/stat.h>
37 #include <sys/conf.h>
38 #include <sys/time.h>
39 #include <sys/reboot.h>
40 #include <sys/fs/ufs_fsdir.h>
41 #include <sys/kmem.h>
42 #include <sys/sysconf.h>
43 #include <sys/cmn_err.h>
44 #include <sys/ddi.h>
45 #include <sys/sunddi.h>
46 #include <sys/sunndi.h>
47 #include <sys/ndi_impldefs.h>
48 #include <sys/ddi_impldefs.h>
49 #include <sys/ddi_implfuncs.h>
50 #include <sys/bootconf.h>
51 #include <sys/dc_ki.h>
52 #include <sys/cladm.h>
53 #include <sys/dtrace.h>
54 #include <sys/kdi.h>
55 
56 #include <sys/devpolicy.h>
57 #include <sys/modctl.h>
58 #include <sys/kobj.h>
59 #include <sys/devops.h>
60 #include <sys/autoconf.h>
61 #include <sys/hwconf.h>
62 #include <sys/callb.h>
63 #include <sys/debug.h>
64 #include <sys/cpuvar.h>
65 #include <sys/sysmacros.h>
66 #include <sys/sysevent.h>
67 #include <sys/sysevent_impl.h>
68 #include <sys/instance.h>
69 #include <sys/modhash.h>
70 #include <sys/modhash_impl.h>
71 #include <sys/dacf_impl.h>
72 #include <sys/vfs.h>
73 #include <sys/pathname.h>
74 #include <sys/console.h>
75 #include <sys/policy.h>
76 #include <ipp/ipp_impl.h>
77 #include <sys/fs/dv_node.h>
78 #include <sys/strsubr.h>
79 #include <sys/fs/sdev_impl.h>
80 
81 static int		mod_circdep(struct modctl *);
82 static int		modinfo(modid_t, struct modinfo *);
83 
84 static void		mod_uninstall_all(void);
85 static int		mod_getinfo(struct modctl *, struct modinfo *);
86 static struct modctl	*allocate_modp(const char *, const char *);
87 
88 static int		mod_load(struct modctl *, int);
89 static void		mod_unload(struct modctl *);
90 static int		modinstall(struct modctl *);
91 static int		moduninstall(struct modctl *);
92 
93 static struct modctl	*mod_hold_by_name_common(struct modctl *, const char *);
94 static struct modctl	*mod_hold_next_by_id(modid_t);
95 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
96 static struct modctl	*mod_hold_installed_mod(char *, int, int, int *);
97 
98 static void		mod_release(struct modctl *);
99 static void		mod_make_requisite(struct modctl *, struct modctl *);
100 static int		mod_install_requisites(struct modctl *);
101 static void		check_esc_sequences(char *, char *);
102 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
103 
104 /*
105  * module loading thread control structure. Calls to kobj_load_module()() are
106  * handled off to a separate thead using this structure.
107  */
108 struct loadmt {
109 	ksema_t		sema;
110 	struct modctl	*mp;
111 	int		usepath;
112 	kthread_t	*owner;
113 	int		retval;
114 };
115 
116 static void	modload_thread(struct loadmt *);
117 
118 kcondvar_t	mod_cv;
119 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
120 					/* and the uninstall daemon. */
121 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
122 					/* mod_busy, mod_want, and mod_ref. */
123 					/* blocking operations while holding */
124 					/* mod_lock should be avoided */
125 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
126 kthread_id_t	mod_aul_thread;
127 
128 int		modunload_wait;
129 kmutex_t	modunload_wait_mutex;
130 kcondvar_t	modunload_wait_cv;
131 int		modunload_active_count;
132 int		modunload_disable_count;
133 
134 int	isminiroot;		/* set if running as miniroot */
135 int	modrootloaded;		/* set after root driver and fs are loaded */
136 int	moddebug = 0x0;		/* debug flags for module writers */
137 int	swaploaded;		/* set after swap driver and fs are loaded */
138 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
139 int	last_module_id;
140 clock_t	mod_uninstall_interval = 0;
141 int	mod_uninstall_pass_max = 6;
142 int	mod_uninstall_ref_zero;	/* # modules that went mod_ref == 0 */
143 int	mod_uninstall_pass_exc;	/* mod_uninstall_all left new stuff */
144 
145 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
146 
147 int	devcnt_incr	= 256;		/* allow for additional drivers */
148 int	devcnt_min	= 512;		/* and always at least this number */
149 
150 struct devnames *devnamesp;
151 struct devnames orphanlist;
152 
153 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
154 
155 #define	MAJBINDFILE "/etc/name_to_major"
156 #define	SYSBINDFILE "/etc/name_to_sysnum"
157 
158 static char	majbind[] = MAJBINDFILE;
159 static char	sysbind[] = SYSBINDFILE;
160 static uint_t	mod_autounload_key;	/* for module autounload detection */
161 
162 extern int obpdebug;
163 
164 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
165 
166 static int minorperm_loaded = 0;
167 
168 void
169 mod_setup(void)
170 {
171 	struct sysent *callp;
172 	int callnum, exectype;
173 	int	num_devs;
174 	int	i;
175 
176 	/*
177 	 * Initialize the list of loaded driver dev_ops.
178 	 * XXX - This must be done before reading the system file so that
179 	 * forceloads of drivers will work.
180 	 */
181 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
182 	/*
183 	 * Since read_binding_file is common code, it doesn't enforce that all
184 	 * of the binding file entries have major numbers <= MAXMAJ32.	Thus,
185 	 * ensure that we don't allocate some massive amount of space due to a
186 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
187 	 * until file system support for larger major numbers exists.
188 	 */
189 
190 	/*
191 	 * Leave space for expansion, but not more than L_MAXMAJ32
192 	 */
193 	devcnt = MIN(num_devs + devcnt_incr, L_MAXMAJ32);
194 	devcnt = MAX(devcnt, devcnt_min);
195 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
196 	for (i = 0; i < devcnt; i++)
197 		devopsp[i] = &mod_nodev_ops;
198 
199 	init_devnamesp(devcnt);
200 
201 	/*
202 	 * Sync up with the work that the stand-alone linker has already done.
203 	 */
204 	(void) kobj_sync();
205 
206 	if (boothowto & RB_DEBUG)
207 		kdi_dvec_modavail();
208 
209 	make_aliases(mb_hashtab);
210 
211 	/*
212 	 * Initialize streams device implementation structures.
213 	 */
214 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
215 
216 	/*
217 	 * If the cl_bootstrap module is present,
218 	 * we should be configured as a cluster. Loading this module
219 	 * will set "cluster_bootflags" to non-zero.
220 	 */
221 	(void) modload("misc", "cl_bootstrap");
222 
223 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
224 	init_syscallnames(NSYSCALL);
225 
226 	/*
227 	 * Start up dynamic autoconfiguration framework (dacf).
228 	 */
229 	mod_hash_init();
230 	dacf_init();
231 
232 	/*
233 	 * Start up IP policy framework (ipp).
234 	 */
235 	ipp_init();
236 
237 	/*
238 	 * Allocate loadable native system call locks.
239 	 */
240 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
241 	    callnum++, callp++) {
242 		if (LOADABLE_SYSCALL(callp)) {
243 			if (mod_getsysname(callnum) != NULL) {
244 				callp->sy_lock =
245 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
246 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
247 			} else {
248 				callp->sy_flags &= ~SE_LOADABLE;
249 				callp->sy_callc = nosys;
250 			}
251 #ifdef DEBUG
252 		} else {
253 			/*
254 			 * Do some sanity checks on the sysent table
255 			 */
256 			switch (callp->sy_flags & SE_RVAL_MASK) {
257 			case SE_32RVAL1:
258 				/* only r_val1 returned */
259 			case SE_32RVAL1 | SE_32RVAL2:
260 				/* r_val1 and r_val2 returned */
261 			case SE_64RVAL:
262 				/* 64-bit rval returned */
263 				break;
264 			default:
265 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
266 				    callnum, callp->sy_flags);
267 			}
268 #endif
269 		}
270 	}
271 
272 #ifdef _SYSCALL32_IMPL
273 	/*
274 	 * Allocate loadable system call locks for 32-bit compat syscalls
275 	 */
276 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
277 	    callnum++, callp++) {
278 		if (LOADABLE_SYSCALL(callp)) {
279 			if (mod_getsysname(callnum) != NULL) {
280 				callp->sy_lock =
281 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
282 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
283 			} else {
284 				callp->sy_flags &= ~SE_LOADABLE;
285 				callp->sy_callc = nosys;
286 			}
287 #ifdef DEBUG
288 		} else {
289 			/*
290 			 * Do some sanity checks on the sysent table
291 			 */
292 			switch (callp->sy_flags & SE_RVAL_MASK) {
293 			case SE_32RVAL1:
294 				/* only r_val1 returned */
295 			case SE_32RVAL1 | SE_32RVAL2:
296 				/* r_val1 and r_val2 returned */
297 			case SE_64RVAL:
298 				/* 64-bit rval returned */
299 				break;
300 			default:
301 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
302 				    callnum, callp->sy_flags);
303 				goto skip;
304 			}
305 
306 			/*
307 			 * Cross-check the native and compatibility tables.
308 			 */
309 			if (callp->sy_callc == nosys ||
310 			    sysent[callnum].sy_callc == nosys)
311 				continue;
312 			/*
313 			 * If only one or the other slot is loadable, then
314 			 * there's an error -- they should match!
315 			 */
316 			if ((callp->sy_callc == loadable_syscall) ^
317 			    (sysent[callnum].sy_callc == loadable_syscall)) {
318 				cmn_err(CE_WARN, "sysent[%d] loadable?",
319 				    callnum);
320 			}
321 			/*
322 			 * This is more of a heuristic test -- if the
323 			 * system call returns two values in the 32-bit
324 			 * world, it should probably return two 32-bit
325 			 * values in the 64-bit world too.
326 			 */
327 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
328 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
329 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
330 				    callnum);
331 			}
332 skip:;
333 #endif	/* DEBUG */
334 		}
335 	}
336 #endif	/* _SYSCALL32_IMPL */
337 
338 	/*
339 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
340 	 */
341 	for (exectype = 0; exectype < nexectype; exectype++) {
342 		execsw[exectype].exec_lock =
343 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
344 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
345 	}
346 
347 	read_class_file();
348 
349 	/* init thread specific structure for mod_uninstall_all */
350 	tsd_create(&mod_autounload_key, NULL);
351 }
352 
353 static int
354 modctl_modload(int use_path, char *filename, int *rvp)
355 {
356 	struct modctl *modp;
357 	int retval = 0;
358 	char *filenamep;
359 	int modid;
360 
361 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
362 
363 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
364 		retval = EFAULT;
365 		goto out;
366 	}
367 
368 	filenamep[MOD_MAXPATH - 1] = 0;
369 	modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
370 
371 	if (modp == NULL)
372 		goto out;
373 
374 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
375 	modid = modp->mod_id;
376 	mod_release_mod(modp);
377 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
378 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
379 		retval = EFAULT;
380 out:
381 	kmem_free(filenamep, MOD_MAXPATH);
382 
383 	return (retval);
384 }
385 
386 static int
387 modctl_modunload(modid_t id)
388 {
389 	int rval = 0;
390 
391 	if (id == 0) {
392 #ifdef DEBUG
393 		/*
394 		 * Turn on mod_uninstall_daemon
395 		 */
396 		if (mod_uninstall_interval == 0) {
397 			mod_uninstall_interval = 60;
398 			modreap();
399 			return (rval);
400 		}
401 #endif
402 		mod_uninstall_all();
403 	} else {
404 		rval = modunload(id);
405 	}
406 	return (rval);
407 }
408 
409 static int
410 modctl_modinfo(modid_t id, struct modinfo *umodi)
411 {
412 	int retval;
413 	struct modinfo modi;
414 #if defined(_SYSCALL32_IMPL)
415 	int nobase;
416 	struct modinfo32 modi32;
417 #endif
418 
419 	nobase = 0;
420 	if (get_udatamodel() == DATAMODEL_NATIVE) {
421 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
422 			return (EFAULT);
423 	}
424 #ifdef _SYSCALL32_IMPL
425 	else {
426 		bzero(&modi, sizeof (modi));
427 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
428 			return (EFAULT);
429 		modi.mi_info = modi32.mi_info;
430 		modi.mi_id = modi32.mi_id;
431 		modi.mi_nextid = modi32.mi_nextid;
432 		nobase = modi.mi_info & MI_INFO_NOBASE;
433 	}
434 #endif
435 	/*
436 	 * This flag is -only- for the kernels use.
437 	 */
438 	modi.mi_info &= ~MI_INFO_LINKAGE;
439 
440 	retval = modinfo(id, &modi);
441 	if (retval)
442 		return (retval);
443 
444 	if (get_udatamodel() == DATAMODEL_NATIVE) {
445 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
446 			retval = EFAULT;
447 #ifdef _SYSCALL32_IMPL
448 	} else {
449 		int i;
450 
451 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
452 			return (EOVERFLOW);
453 
454 		modi32.mi_info = modi.mi_info;
455 		modi32.mi_state = modi.mi_state;
456 		modi32.mi_id = modi.mi_id;
457 		modi32.mi_nextid = modi.mi_nextid;
458 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
459 		modi32.mi_size = modi.mi_size;
460 		modi32.mi_rev = modi.mi_rev;
461 		modi32.mi_loadcnt = modi.mi_loadcnt;
462 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
463 		for (i = 0; i < MODMAXLINK32; i++) {
464 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
465 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
466 			    modi32.mi_msinfo[i].msi_linkinfo,
467 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
468 		}
469 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
470 			retval = EFAULT;
471 #endif
472 	}
473 
474 	return (retval);
475 }
476 
477 /*
478  * Return the last major number in the range of permissible major numbers.
479  */
480 /*ARGSUSED*/
481 static int
482 modctl_modreserve(modid_t id, int *data)
483 {
484 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
485 		return (EFAULT);
486 	return (0);
487 }
488 
489 /* Add/Remove driver and binding aliases */
490 static int
491 modctl_update_driver_aliases(int add, int *data)
492 {
493 	struct modconfig	mc;
494 	int			i, n, rv = 0;
495 	struct aliases		alias;
496 	struct aliases		*ap;
497 	char			name[MAXMODCONFNAME];
498 	char			cname[MAXMODCONFNAME];
499 	char			*drvname;
500 	int			resid;
501 	struct alias_info {
502 		char	*alias_name;
503 		int	alias_resid;
504 	} *aliases, *aip;
505 
506 	aliases = NULL;
507 	bzero(&mc, sizeof (struct modconfig));
508 	if (get_udatamodel() == DATAMODEL_NATIVE) {
509 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
510 			return (EFAULT);
511 	}
512 #ifdef _SYSCALL32_IMPL
513 	else {
514 		struct modconfig32 modc32;
515 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
516 			return (EFAULT);
517 		else {
518 			bcopy(modc32.drvname, mc.drvname,
519 			    sizeof (modc32.drvname));
520 			bcopy(modc32.drvclass, mc.drvclass,
521 			    sizeof (modc32.drvclass));
522 			mc.major = modc32.major;
523 			mc.flags = modc32.flags;
524 			mc.num_aliases = modc32.num_aliases;
525 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
526 		}
527 	}
528 #endif
529 
530 	/*
531 	 * If the driver is already in the mb_hashtab, and the name given
532 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
533 	 * we may be adding aliases.
534 	 */
535 	drvname = mod_major_to_name(mc.major);
536 	if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
537 		return (EINVAL);
538 
539 	/*
540 	 * Precede alias removal by unbinding as many devices as possible.
541 	 */
542 	if (add == 0) {
543 		(void) i_ddi_unload_drvconf(mc.major);
544 		i_ddi_unbind_devs(mc.major);
545 	}
546 
547 	/*
548 	 * Add/remove each supplied driver alias to/from mb_hashtab
549 	 */
550 	ap = mc.ap;
551 	if (mc.num_aliases > 0)
552 		aliases = kmem_zalloc(
553 		    mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
554 	aip = aliases;
555 	for (i = 0; i < mc.num_aliases; i++) {
556 		bzero(&alias, sizeof (struct aliases));
557 		if (get_udatamodel() == DATAMODEL_NATIVE) {
558 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
559 				rv = EFAULT;
560 				goto error;
561 			}
562 			if (alias.a_len > MAXMODCONFNAME) {
563 				rv = EINVAL;
564 				goto error;
565 			}
566 			if (copyin(alias.a_name, name, alias.a_len) != 0) {
567 				rv = EFAULT;
568 				goto error;
569 			}
570 			if (name[alias.a_len - 1] != '\0') {
571 				rv = EINVAL;
572 				goto error;
573 			}
574 		}
575 #ifdef _SYSCALL32_IMPL
576 		else {
577 			struct aliases32 al32;
578 			bzero(&al32, sizeof (struct aliases32));
579 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
580 				rv = EFAULT;
581 				goto error;
582 			}
583 			if (al32.a_len > MAXMODCONFNAME) {
584 				rv = EINVAL;
585 				goto error;
586 			}
587 			if (copyin((void *)(uintptr_t)al32.a_name,
588 			    name, al32.a_len) != 0) {
589 				rv = EFAULT;
590 				goto error;
591 			}
592 			if (name[al32.a_len - 1] != '\0') {
593 				rv = EINVAL;
594 				goto error;
595 			}
596 			alias.a_next = (void *)(uintptr_t)al32.a_next;
597 		}
598 #endif
599 		check_esc_sequences(name, cname);
600 		aip->alias_name = strdup(cname);
601 		ap = alias.a_next;
602 		aip++;
603 	}
604 
605 	if (add == 0) {
606 		ap = mc.ap;
607 		resid = 0;
608 		aip = aliases;
609 		/* attempt to unbind all devices bound to each alias */
610 		for (i = 0; i < mc.num_aliases; i++) {
611 			n = i_ddi_unbind_devs_by_alias(
612 			    mc.major, aip->alias_name);
613 			resid += n;
614 			aip->alias_resid = n;
615 		}
616 
617 		/*
618 		 * If some device bound to an alias remains in use,
619 		 * and override wasn't specified, no change is made to
620 		 * the binding state and we fail the operation.
621 		 */
622 		if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
623 			rv = EBUSY;
624 			goto error;
625 		}
626 
627 		/*
628 		 * No device remains bound of any of the aliases,
629 		 * or force was requested.  Mark each alias as
630 		 * inactive via delete_mbind so no future binds
631 		 * to this alias take place and that a new
632 		 * binding can be established.
633 		 */
634 		aip = aliases;
635 		for (i = 0; i < mc.num_aliases; i++) {
636 			if (moddebug & MODDEBUG_BINDING)
637 				cmn_err(CE_CONT, "Removing binding for %s "
638 				    "(%d active references)\n",
639 				    aip->alias_name, aip->alias_resid);
640 			delete_mbind(aip->alias_name, mb_hashtab);
641 			aip++;
642 		}
643 		rv = 0;
644 	} else {
645 		aip = aliases;
646 		for (i = 0; i < mc.num_aliases; i++) {
647 			if (moddebug & MODDEBUG_BINDING)
648 				cmn_err(CE_NOTE, "Adding binding for '%s'\n",
649 				    aip->alias_name);
650 			(void) make_mbind(aip->alias_name,
651 			    mc.major, NULL, mb_hashtab);
652 			aip++;
653 		}
654 		/*
655 		 * Try to establish an mbinding for mc.drvname, and add it to
656 		 * devnames. Add class if any after establishing the major
657 		 * number.
658 		 */
659 		(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
660 		if ((rv = make_devname(mc.drvname, mc.major,
661 		    (mc.flags & MOD_ADDMAJBIND_UPDATE) ?
662 		    DN_DRIVER_INACTIVE : 0)) != 0) {
663 			goto error;
664 		}
665 
666 		if (mc.drvclass[0] != '\0')
667 			add_class(mc.drvname, mc.drvclass);
668 		if ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0) {
669 			(void) i_ddi_load_drvconf(mc.major);
670 		}
671 	}
672 
673 	/*
674 	 * Ensure that all nodes are bound to the most appropriate driver
675 	 * possible, attempting demotion and rebind when a more appropriate
676 	 * driver now exists.  But not when adding a driver update-only.
677 	 */
678 	if ((add == 0) || ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0)) {
679 		i_ddi_bind_devs();
680 		i_ddi_di_cache_invalidate();
681 	}
682 
683 error:
684 	if (mc.num_aliases > 0) {
685 		aip = aliases;
686 		for (i = 0; i < mc.num_aliases; i++) {
687 			if (aip->alias_name != NULL)
688 				strfree(aip->alias_name);
689 			aip++;
690 		}
691 		kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
692 	}
693 	return (rv);
694 }
695 
696 static int
697 modctl_add_driver_aliases(int *data)
698 {
699 	return (modctl_update_driver_aliases(1, data));
700 }
701 
702 static int
703 modctl_remove_driver_aliases(int *data)
704 {
705 	return (modctl_update_driver_aliases(0, data));
706 }
707 
708 static int
709 modctl_rem_major(major_t major)
710 {
711 	struct devnames *dnp;
712 
713 	if (major >= devcnt)
714 		return (EINVAL);
715 
716 	/* mark devnames as removed */
717 	dnp = &devnamesp[major];
718 	LOCK_DEV_OPS(&dnp->dn_lock);
719 	if (dnp->dn_name == NULL ||
720 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
721 		UNLOCK_DEV_OPS(&dnp->dn_lock);
722 		return (EINVAL);
723 	}
724 	dnp->dn_flags |= DN_DRIVER_REMOVED;
725 	pm_driver_removed(major);
726 	UNLOCK_DEV_OPS(&dnp->dn_lock);
727 
728 	(void) i_ddi_unload_drvconf(major);
729 	i_ddi_unbind_devs(major);
730 	i_ddi_bind_devs();
731 	i_ddi_di_cache_invalidate();
732 
733 	/* purge all the bindings to this driver */
734 	purge_mbind(major, mb_hashtab);
735 	return (0);
736 }
737 
738 static struct vfs *
739 path_to_vfs(char *name)
740 {
741 	vnode_t *vp;
742 	struct vfs *vfsp;
743 
744 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
745 		return (NULL);
746 
747 	vfsp = vp->v_vfsp;
748 	VN_RELE(vp);
749 	return (vfsp);
750 }
751 
752 static int
753 new_vfs_in_modpath()
754 {
755 	static int n_modpath = 0;
756 	static char *modpath_copy;
757 	static struct pathvfs {
758 		char *path;
759 		struct vfs *vfsp;
760 	} *pathvfs;
761 
762 	int i, new_vfs = 0;
763 	char *tmp, *tmp1;
764 	struct vfs *vfsp;
765 
766 	if (n_modpath != 0) {
767 		for (i = 0; i < n_modpath; i++) {
768 			vfsp = path_to_vfs(pathvfs[i].path);
769 			if (vfsp != pathvfs[i].vfsp) {
770 				pathvfs[i].vfsp = vfsp;
771 				if (vfsp)
772 					new_vfs = 1;
773 			}
774 		}
775 		return (new_vfs);
776 	}
777 
778 	/*
779 	 * First call, initialize the pathvfs structure
780 	 */
781 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
782 	tmp = modpath_copy;
783 	n_modpath = 1;
784 	tmp1 = strchr(tmp, ' ');
785 	while (tmp1) {
786 		*tmp1 = '\0';
787 		n_modpath++;
788 		tmp = tmp1 + 1;
789 		tmp1 = strchr(tmp, ' ');
790 	}
791 
792 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
793 	tmp = modpath_copy;
794 	for (i = 0; i < n_modpath; i++) {
795 		pathvfs[i].path = tmp;
796 		vfsp = path_to_vfs(tmp);
797 		pathvfs[i].vfsp = vfsp;
798 		tmp += strlen(tmp) + 1;
799 	}
800 	return (1);	/* always reread driver.conf the first time */
801 }
802 
803 static int
804 modctl_load_drvconf(major_t major, int flags)
805 {
806 	int ret;
807 
808 	/*
809 	 * devfsadm -u - read all new driver.conf files
810 	 * and bind and configure devices for new drivers.
811 	 */
812 	if (flags & MOD_LOADDRVCONF_RECONF) {
813 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
814 		i_ddi_bind_devs();
815 		i_ddi_di_cache_invalidate();
816 		return (0);
817 	}
818 
819 	/*
820 	 * update_drv <drv> - reload driver.conf for the specified driver
821 	 */
822 	if (major != DDI_MAJOR_T_NONE) {
823 		ret = i_ddi_load_drvconf(major);
824 		if (ret == 0)
825 			i_ddi_bind_devs();
826 		return (ret);
827 	}
828 
829 	/*
830 	 * We are invoked to rescan new driver.conf files. It is
831 	 * only necessary if a new file system was mounted in the
832 	 * module_path. Because rescanning driver.conf files can
833 	 * take some time on older platforms (sun4m), the following
834 	 * code skips unnecessary driver.conf rescans to optimize
835 	 * boot performance.
836 	 */
837 	if (new_vfs_in_modpath()) {
838 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
839 		/*
840 		 * If we are still initializing io subsystem,
841 		 * load drivers with ddi-forceattach property
842 		 */
843 		if (!i_ddi_io_initialized())
844 			i_ddi_forceattach_drivers();
845 	}
846 	return (0);
847 }
848 
849 /*
850  * Unload driver.conf file and follow up by attempting
851  * to rebind devices to more appropriate driver.
852  */
853 static int
854 modctl_unload_drvconf(major_t major)
855 {
856 	int ret;
857 
858 	if (major >= devcnt)
859 		return (EINVAL);
860 
861 	ret = i_ddi_unload_drvconf(major);
862 	if (ret != 0)
863 		return (ret);
864 	(void) i_ddi_unbind_devs(major);
865 	i_ddi_bind_devs();
866 
867 	return (0);
868 }
869 
870 static void
871 check_esc_sequences(char *str, char *cstr)
872 {
873 	int i;
874 	size_t len;
875 	char *p;
876 
877 	len = strlen(str);
878 	for (i = 0; i < len; i++, str++, cstr++) {
879 		if (*str != '\\') {
880 			*cstr = *str;
881 		} else {
882 			p = str + 1;
883 			/*
884 			 * we only handle octal escape sequences for SPACE
885 			 */
886 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
887 				*cstr = ' ';
888 				str += 3;
889 			} else {
890 				*cstr = *str;
891 			}
892 		}
893 	}
894 	*cstr = 0;
895 }
896 
897 static int
898 modctl_getmodpathlen(int *data)
899 {
900 	int len;
901 	len = strlen(default_path);
902 	if (copyout(&len, data, sizeof (len)) != 0)
903 		return (EFAULT);
904 	return (0);
905 }
906 
907 static int
908 modctl_getmodpath(char *data)
909 {
910 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
911 		return (EFAULT);
912 	return (0);
913 }
914 
915 static int
916 modctl_read_sysbinding_file(void)
917 {
918 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
919 	return (0);
920 }
921 
922 static int
923 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
924 {
925 	char name[256];
926 	int retval;
927 	major_t major;
928 
929 	if (ulen == 0)
930 		return (EINVAL);
931 	if ((retval = copyinstr(uname, name,
932 	    (ulen < 256) ? ulen : 256, 0)) != 0)
933 		return (retval);
934 	if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
935 		return (ENODEV);
936 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
937 		return (EFAULT);
938 	return (0);
939 }
940 
941 static char **
942 convert_constraint_string(char *constraints, size_t len)
943 {
944 	int	i;
945 	int	n;
946 	char	*p;
947 	char	**array;
948 
949 	ASSERT(constraints != NULL);
950 	ASSERT(len > 0);
951 
952 	for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
953 		;
954 
955 	n = i;
956 
957 	if (n == 0) {
958 		kmem_free(constraints, len);
959 		return (NULL);
960 	}
961 
962 	array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
963 
964 	for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
965 		array[i] = i_ddi_strdup(p, KM_SLEEP);
966 	}
967 	array[n] = NULL;
968 
969 	kmem_free(constraints, len);
970 
971 	return (array);
972 }
973 /*ARGSUSED*/
974 static int
975 modctl_retire(char *path, char *uconstraints, size_t ulen)
976 {
977 	char	*pathbuf;
978 	char	*devpath;
979 	size_t	pathsz;
980 	int	retval;
981 	char	*constraints;
982 	char	**cons_array;
983 
984 	if (path == NULL)
985 		return (EINVAL);
986 
987 	if ((uconstraints == NULL) ^ (ulen == 0))
988 		return (EINVAL);
989 
990 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
991 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
992 	if (retval != 0) {
993 		kmem_free(pathbuf, MAXPATHLEN);
994 		return (retval);
995 	}
996 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
997 	kmem_free(pathbuf, MAXPATHLEN);
998 
999 	/*
1000 	 * First check if the device is already retired.
1001 	 * If it is, then persist the retire anyway, just in case the retire
1002 	 * store has got out of sync with the boot archive.
1003 	 */
1004 	if (e_ddi_device_retired(devpath)) {
1005 		cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
1006 		(void) e_ddi_retire_persist(devpath);
1007 		kmem_free(devpath, strlen(devpath) + 1);
1008 		return (0);
1009 	}
1010 
1011 	cons_array = NULL;
1012 	if (uconstraints) {
1013 		constraints = kmem_alloc(ulen, KM_SLEEP);
1014 		if (copyin(uconstraints, constraints, ulen)) {
1015 			kmem_free(constraints, ulen);
1016 			kmem_free(devpath, strlen(devpath) + 1);
1017 			return (EFAULT);
1018 		}
1019 		cons_array = convert_constraint_string(constraints, ulen);
1020 	}
1021 
1022 	/*
1023 	 * Try to retire the device first. The following
1024 	 * routine will return an error only if the device
1025 	 * is not retireable i.e. retire constraints forbid
1026 	 * a retire. A return of success from this routine
1027 	 * indicates that device is retireable.
1028 	 */
1029 	retval = e_ddi_retire_device(devpath, cons_array);
1030 	if (retval != DDI_SUCCESS) {
1031 		cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
1032 		kmem_free(devpath, strlen(devpath) + 1);
1033 		return (ENOTSUP);
1034 	}
1035 
1036 	/*
1037 	 * Ok, the retire succeeded. Persist the retire.
1038 	 * If retiring a nexus, we need to only persist the
1039 	 * nexus retire. Any children of a retired nexus
1040 	 * are automatically covered by the retire store
1041 	 * code.
1042 	 */
1043 	retval = e_ddi_retire_persist(devpath);
1044 	if (retval != 0) {
1045 		cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1046 		    "%s", retval, devpath);
1047 		kmem_free(devpath, strlen(devpath) + 1);
1048 		return (retval);
1049 	}
1050 	if (moddebug & MODDEBUG_RETIRE)
1051 		cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1052 
1053 	kmem_free(devpath, strlen(devpath) + 1);
1054 	return (0);
1055 }
1056 
1057 static int
1058 modctl_is_retired(char *path, int *statep)
1059 {
1060 	char	*pathbuf;
1061 	char	*devpath;
1062 	size_t	pathsz;
1063 	int	error;
1064 	int	status;
1065 
1066 	if (path == NULL || statep == NULL)
1067 		return (EINVAL);
1068 
1069 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1070 	error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1071 	if (error != 0) {
1072 		kmem_free(pathbuf, MAXPATHLEN);
1073 		return (error);
1074 	}
1075 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1076 	kmem_free(pathbuf, MAXPATHLEN);
1077 
1078 	if (e_ddi_device_retired(devpath))
1079 		status = 1;
1080 	else
1081 		status = 0;
1082 	kmem_free(devpath, strlen(devpath) + 1);
1083 
1084 	return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1085 }
1086 
1087 static int
1088 modctl_unretire(char *path)
1089 {
1090 	char	*pathbuf;
1091 	char	*devpath;
1092 	size_t	pathsz;
1093 	int	retired;
1094 	int	retval;
1095 
1096 	if (path == NULL)
1097 		return (EINVAL);
1098 
1099 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1100 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1101 	if (retval != 0) {
1102 		kmem_free(pathbuf, MAXPATHLEN);
1103 		return (retval);
1104 	}
1105 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1106 	kmem_free(pathbuf, MAXPATHLEN);
1107 
1108 	/*
1109 	 * We check if a device is retired (first) before
1110 	 * unpersisting the retire, because we use the
1111 	 * retire store to determine if a device is retired.
1112 	 * If we unpersist first, the device will always appear
1113 	 * to be unretired. For the rationale behind unpersisting
1114 	 * a device that is not retired, see the next comment.
1115 	 */
1116 	retired = e_ddi_device_retired(devpath);
1117 
1118 	/*
1119 	 * We call unpersist unconditionally because the lookup
1120 	 * for retired devices (e_ddi_device_retired()), skips "bypassed"
1121 	 * devices. We still want to be able remove "bypassed" entries
1122 	 * from the persistent store, so we unpersist unconditionally
1123 	 * i.e. whether or not the entry is found on a lookup.
1124 	 *
1125 	 * e_ddi_retire_unpersist() returns 1 if it found and cleared
1126 	 * an entry from the retire store or 0 otherwise.
1127 	 */
1128 	if (e_ddi_retire_unpersist(devpath))
1129 		if (moddebug & MODDEBUG_RETIRE) {
1130 			cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1131 			    devpath);
1132 		}
1133 
1134 	/*
1135 	 * Check if the device is already unretired. If so,
1136 	 * the unretire becomes a NOP
1137 	 */
1138 	if (!retired) {
1139 		cmn_err(CE_NOTE, "Not retired: %s", devpath);
1140 		kmem_free(devpath, strlen(devpath) + 1);
1141 		return (0);
1142 	}
1143 
1144 	retval = e_ddi_unretire_device(devpath);
1145 	if (retval != 0) {
1146 		cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1147 		    retval, devpath);
1148 	}
1149 
1150 	kmem_free(devpath, strlen(devpath) + 1);
1151 
1152 	return (retval);
1153 }
1154 
1155 static int
1156 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1157 {
1158 	char *name;
1159 	major_t major;
1160 
1161 	if (copyin(umajorp, &major, sizeof (major)) != 0)
1162 		return (EFAULT);
1163 	if ((name = mod_major_to_name(major)) == NULL)
1164 		return (ENODEV);
1165 	if ((strlen(name) + 1) > ulen)
1166 		return (ENOSPC);
1167 	return (copyoutstr(name, uname, ulen, NULL));
1168 }
1169 
1170 static int
1171 modctl_devt2instance(dev_t dev, int *uinstancep)
1172 {
1173 	int	instance;
1174 
1175 	if ((instance = dev_to_instance(dev)) == -1)
1176 		return (EINVAL);
1177 
1178 	return (copyout(&instance, uinstancep, sizeof (int)));
1179 }
1180 
1181 /*
1182  * Return the sizeof of the device id.
1183  */
1184 static int
1185 modctl_sizeof_devid(dev_t dev, uint_t *len)
1186 {
1187 	uint_t		sz;
1188 	ddi_devid_t	devid;
1189 
1190 	/* get device id */
1191 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1192 		return (EINVAL);
1193 
1194 	sz = ddi_devid_sizeof(devid);
1195 	ddi_devid_free(devid);
1196 
1197 	/* copyout device id size */
1198 	if (copyout(&sz, len, sizeof (sz)) != 0)
1199 		return (EFAULT);
1200 
1201 	return (0);
1202 }
1203 
1204 /*
1205  * Return a copy of the device id.
1206  */
1207 static int
1208 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1209 {
1210 	uint_t		sz;
1211 	ddi_devid_t	devid;
1212 	int		err = 0;
1213 
1214 	/* get device id */
1215 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1216 		return (EINVAL);
1217 
1218 	sz = ddi_devid_sizeof(devid);
1219 
1220 	/* Error if device id is larger than space allocated */
1221 	if (sz > len) {
1222 		ddi_devid_free(devid);
1223 		return (ENOSPC);
1224 	}
1225 
1226 	/* copy out device id */
1227 	if (copyout(devid, udevid, sz) != 0)
1228 		err = EFAULT;
1229 	ddi_devid_free(devid);
1230 	return (err);
1231 }
1232 
1233 /*
1234  * return the /devices paths associated with the specified devid and
1235  * minor name.
1236  */
1237 /*ARGSUSED*/
1238 static int
1239 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1240     size_t *ulensp, char *upaths)
1241 {
1242 	ddi_devid_t	devid = NULL;
1243 	int		devid_len;
1244 	char		*minor_name = NULL;
1245 	dev_info_t	*dip = NULL;
1246 	int		circ;
1247 	struct ddi_minor_data	*dmdp;
1248 	char		*path = NULL;
1249 	int		ulens;
1250 	int		lens;
1251 	int		len;
1252 	dev_t		*devlist = NULL;
1253 	int		ndevs;
1254 	int		i;
1255 	int		ret = 0;
1256 
1257 	/*
1258 	 * If upaths is NULL then we are only computing the amount of space
1259 	 * needed to hold the paths and returning the value in *ulensp. If we
1260 	 * are copying out paths then we get the amount of space allocated by
1261 	 * the caller. If the actual space needed for paths is larger, or
1262 	 * things are changing out from under us, then we return EAGAIN.
1263 	 */
1264 	if (upaths) {
1265 		if (ulensp == NULL)
1266 			return (EINVAL);
1267 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1268 			return (EFAULT);
1269 	}
1270 
1271 	/*
1272 	 * copyin enough of the devid to determine the length then
1273 	 * reallocate and copy in the entire devid.
1274 	 */
1275 	devid_len = ddi_devid_sizeof(NULL);
1276 	devid = kmem_alloc(devid_len, KM_SLEEP);
1277 	if (copyin(udevid, devid, devid_len)) {
1278 		ret = EFAULT;
1279 		goto out;
1280 	}
1281 	len = devid_len;
1282 	devid_len = ddi_devid_sizeof(devid);
1283 	kmem_free(devid, len);
1284 	devid = kmem_alloc(devid_len, KM_SLEEP);
1285 	if (copyin(udevid, devid, devid_len)) {
1286 		ret = EFAULT;
1287 		goto out;
1288 	}
1289 
1290 	/* copyin the minor name if specified. */
1291 	minor_name = uminor_name;
1292 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1293 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1294 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1295 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1296 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1297 			ret = EFAULT;
1298 			goto out;
1299 		}
1300 	}
1301 
1302 	/*
1303 	 * Use existing function to resolve the devid into a devlist.
1304 	 *
1305 	 * NOTE: there is a loss of spectype information in the current
1306 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
1307 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1308 	 * node forms in the loop processing the devlist below. It would be
1309 	 * best if at some point the use of this interface here was replaced
1310 	 * with a path oriented call.
1311 	 */
1312 	if (ddi_lyr_devid_to_devlist(devid,
1313 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
1314 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
1315 	    &ndevs, &devlist) != DDI_SUCCESS) {
1316 		ret = EINVAL;
1317 		goto out;
1318 	}
1319 
1320 	/*
1321 	 * loop over the devlist, converting each devt to a path and doing
1322 	 * a copyout of the path and computation of the amount of space
1323 	 * needed to hold all the paths
1324 	 */
1325 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1326 	for (i = 0, lens = 0; i < ndevs; i++) {
1327 
1328 		/* find the dip associated with the dev_t */
1329 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1330 			continue;
1331 
1332 		/* loop over all the minor nodes, skipping ones we don't want */
1333 		ndi_devi_enter(dip, &circ);
1334 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1335 			if ((dmdp->ddm_dev != devlist[i]) ||
1336 			    (dmdp->type != DDM_MINOR))
1337 				continue;
1338 
1339 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1340 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1341 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1342 			    strcmp(minor_name, dmdp->ddm_name))
1343 				continue;
1344 			else {
1345 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1346 				    (dmdp->ddm_spec_type != S_IFCHR))
1347 					continue;
1348 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1349 				    (dmdp->ddm_spec_type != S_IFBLK))
1350 					continue;
1351 			}
1352 
1353 			(void) ddi_pathname_minor(dmdp, path);
1354 			len = strlen(path) + 1;
1355 			*(path + len) = '\0';	/* set double termination */
1356 			lens += len;
1357 
1358 			/* copyout the path with double terminations */
1359 			if (upaths) {
1360 				if (lens > ulens) {
1361 					ret = EAGAIN;
1362 					goto out;
1363 				}
1364 				if (copyout(path, upaths, len + 1)) {
1365 					ret = EFAULT;
1366 					goto out;
1367 				}
1368 				upaths += len;
1369 			}
1370 		}
1371 		ndi_devi_exit(dip, circ);
1372 		ddi_release_devi(dip);
1373 		dip = NULL;
1374 	}
1375 	lens++;		/* add one for double termination */
1376 
1377 	/* copy out the amount of space needed to hold the paths */
1378 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1379 		ret = EFAULT;
1380 		goto out;
1381 	}
1382 	ret = 0;
1383 
1384 out:	if (dip) {
1385 		ndi_devi_exit(dip, circ);
1386 		ddi_release_devi(dip);
1387 	}
1388 	if (path)
1389 		kmem_free(path, MAXPATHLEN);
1390 	if (devlist)
1391 		ddi_lyr_free_devlist(devlist, ndevs);
1392 	if (minor_name &&
1393 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1394 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1395 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1396 		kmem_free(minor_name, MAXPATHLEN);
1397 	if (devid)
1398 		kmem_free(devid, devid_len);
1399 	return (ret);
1400 }
1401 
1402 /*
1403  * Return the size of the minor name.
1404  */
1405 static int
1406 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1407 {
1408 	uint_t	sz;
1409 	char	*name;
1410 
1411 	/* get the minor name */
1412 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1413 		return (EINVAL);
1414 
1415 	sz = strlen(name) + 1;
1416 	kmem_free(name, sz);
1417 
1418 	/* copy out the size of the minor name */
1419 	if (copyout(&sz, len, sizeof (sz)) != 0)
1420 		return (EFAULT);
1421 
1422 	return (0);
1423 }
1424 
1425 /*
1426  * Return the minor name.
1427  */
1428 static int
1429 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1430 {
1431 	uint_t	sz;
1432 	char	*name;
1433 	int	err = 0;
1434 
1435 	/* get the minor name */
1436 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1437 		return (EINVAL);
1438 
1439 	sz = strlen(name) + 1;
1440 
1441 	/* Error if the minor name is larger than the space allocated */
1442 	if (sz > len) {
1443 		kmem_free(name, sz);
1444 		return (ENOSPC);
1445 	}
1446 
1447 	/* copy out the minor name */
1448 	if (copyout(name, uname, sz) != 0)
1449 		err = EFAULT;
1450 	kmem_free(name, sz);
1451 	return (err);
1452 }
1453 
1454 /*
1455  * Return the size of the (dev_t,spectype) devfspath name.
1456  */
1457 static int
1458 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1459 {
1460 	uint_t	sz;
1461 	char	*name;
1462 
1463 	/* get the path name */
1464 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1465 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1466 		kmem_free(name, MAXPATHLEN);
1467 		return (EINVAL);
1468 	}
1469 
1470 	sz = strlen(name) + 1;
1471 	kmem_free(name, MAXPATHLEN);
1472 
1473 	/* copy out the size of the path name */
1474 	if (copyout(&sz, len, sizeof (sz)) != 0)
1475 		return (EFAULT);
1476 
1477 	return (0);
1478 }
1479 
1480 /*
1481  * Return the (dev_t,spectype) devfspath name.
1482  */
1483 static int
1484 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1485 {
1486 	uint_t	sz;
1487 	char	*name;
1488 	int	err = 0;
1489 
1490 	/* get the path name */
1491 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1492 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1493 		kmem_free(name, MAXPATHLEN);
1494 		return (EINVAL);
1495 	}
1496 
1497 	sz = strlen(name) + 1;
1498 
1499 	/* Error if the path name is larger than the space allocated */
1500 	if (sz > len) {
1501 		kmem_free(name, MAXPATHLEN);
1502 		return (ENOSPC);
1503 	}
1504 
1505 	/* copy out the path name */
1506 	if (copyout(name, uname, sz) != 0)
1507 		err = EFAULT;
1508 	kmem_free(name, MAXPATHLEN);
1509 	return (err);
1510 }
1511 
1512 /*
1513  * Return the size of the (major,instance) devfspath name.
1514  */
1515 static int
1516 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1517 {
1518 	uint_t	sz;
1519 	char	*name;
1520 
1521 	/* get the path name */
1522 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1523 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1524 		kmem_free(name, MAXPATHLEN);
1525 		return (EINVAL);
1526 	}
1527 
1528 	sz = strlen(name) + 1;
1529 	kmem_free(name, MAXPATHLEN);
1530 
1531 	/* copy out the size of the path name */
1532 	if (copyout(&sz, len, sizeof (sz)) != 0)
1533 		return (EFAULT);
1534 
1535 	return (0);
1536 }
1537 
1538 /*
1539  * Return the (major_instance) devfspath name.
1540  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1541  * return a path - it uses the instance tree.
1542  */
1543 static int
1544 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1545 {
1546 	uint_t	sz;
1547 	char	*name;
1548 	int	err = 0;
1549 
1550 	/* get the path name */
1551 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1552 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1553 		kmem_free(name, MAXPATHLEN);
1554 		return (EINVAL);
1555 	}
1556 
1557 	sz = strlen(name) + 1;
1558 
1559 	/* Error if the path name is larger than the space allocated */
1560 	if (sz > len) {
1561 		kmem_free(name, MAXPATHLEN);
1562 		return (ENOSPC);
1563 	}
1564 
1565 	/* copy out the path name */
1566 	if (copyout(name, uname, sz) != 0)
1567 		err = EFAULT;
1568 	kmem_free(name, MAXPATHLEN);
1569 	return (err);
1570 }
1571 
1572 static int
1573 modctl_get_fbname(char *path)
1574 {
1575 	extern dev_t fbdev;
1576 	char *pathname = NULL;
1577 	int rval = 0;
1578 
1579 	/* make sure fbdev is set before we plunge in */
1580 	if (fbdev == NODEV)
1581 		return (ENODEV);
1582 
1583 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1584 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1585 	    pathname)) == DDI_SUCCESS) {
1586 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1587 			rval = EFAULT;
1588 		}
1589 	}
1590 	kmem_free(pathname, MAXPATHLEN);
1591 	return (rval);
1592 }
1593 
1594 /*
1595  * modctl_reread_dacf()
1596  *	Reread the dacf rules database from the named binding file.
1597  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1598  */
1599 static int
1600 modctl_reread_dacf(char *path)
1601 {
1602 	int rval = 0;
1603 	char *filename, *filenamep;
1604 
1605 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1606 
1607 	if (path == NULL) {
1608 		filenamep = NULL;
1609 	} else {
1610 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1611 			rval = EFAULT;
1612 			goto out;
1613 		}
1614 		filenamep = filename;
1615 		filenamep[MAXPATHLEN - 1] = '\0';
1616 	}
1617 
1618 	rval = read_dacf_binding_file(filenamep);
1619 out:
1620 	kmem_free(filename, MAXPATHLEN);
1621 	return (rval);
1622 }
1623 
1624 /*ARGSUSED*/
1625 static int
1626 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1627     uint_t flag)
1628 {
1629 	int error = 0;
1630 	char *filenamep;
1631 
1632 	switch (subcmd) {
1633 
1634 	case MODEVENTS_FLUSH:
1635 		/* flush all currently queued events */
1636 		log_sysevent_flushq(subcmd, flag);
1637 		break;
1638 
1639 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1640 		/*
1641 		 * bind door_upcall to filename
1642 		 * this should only be done once per invocation
1643 		 * of the event daemon.
1644 		 */
1645 
1646 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1647 
1648 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1649 			error = EFAULT;
1650 		} else {
1651 			error = log_sysevent_filename(filenamep);
1652 		}
1653 		kmem_free(filenamep, MOD_MAXPATH);
1654 		break;
1655 
1656 	case MODEVENTS_GETDATA:
1657 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1658 		    (size_t)a3, (caddr_t)a4);
1659 		break;
1660 
1661 	case MODEVENTS_FREEDATA:
1662 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1663 		break;
1664 	case MODEVENTS_POST_EVENT:
1665 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1666 		    (sysevent_id_t *)a4);
1667 		break;
1668 	case MODEVENTS_REGISTER_EVENT:
1669 		error = log_sysevent_register((char *)a2, (char *)a3,
1670 		    (se_pubsub_t *)a4);
1671 		break;
1672 	default:
1673 		error = EINVAL;
1674 	}
1675 
1676 	return (error);
1677 }
1678 
1679 static void
1680 free_mperm(mperm_t *mp)
1681 {
1682 	int len;
1683 
1684 	if (mp->mp_minorname) {
1685 		len = strlen(mp->mp_minorname) + 1;
1686 		kmem_free(mp->mp_minorname, len);
1687 	}
1688 	kmem_free(mp, sizeof (mperm_t));
1689 }
1690 
1691 #define	MP_NO_DRV_ERR	\
1692 	"/etc/minor_perm: no driver for %s\n"
1693 
1694 #define	MP_EMPTY_MINOR	\
1695 	"/etc/minor_perm: empty minor name for driver %s\n"
1696 
1697 #define	MP_NO_MINOR	\
1698 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1699 
1700 /*
1701  * Remove mperm entry with matching minorname
1702  */
1703 static void
1704 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1705 {
1706 	mperm_t **mp_head;
1707 	mperm_t *freemp = NULL;
1708 	struct devnames *dnp = &devnamesp[major];
1709 	mperm_t **wildmp;
1710 
1711 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1712 
1713 	LOCK_DEV_OPS(&dnp->dn_lock);
1714 	if (strcmp(mp->mp_minorname, "*") == 0) {
1715 		wildmp = ((is_clone == 0) ?
1716 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1717 		if (*wildmp)
1718 			freemp = *wildmp;
1719 		*wildmp = NULL;
1720 	} else {
1721 		mp_head = &dnp->dn_mperm;
1722 		while (*mp_head) {
1723 			if (strcmp((*mp_head)->mp_minorname,
1724 			    mp->mp_minorname) != 0) {
1725 				mp_head = &(*mp_head)->mp_next;
1726 				continue;
1727 			}
1728 			/* remove the entry */
1729 			freemp = *mp_head;
1730 			*mp_head = freemp->mp_next;
1731 			break;
1732 		}
1733 	}
1734 	if (freemp) {
1735 		if (moddebug & MODDEBUG_MINORPERM) {
1736 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1737 			    drvname, freemp->mp_minorname,
1738 			    freemp->mp_mode & 0777,
1739 			    freemp->mp_uid, freemp->mp_gid);
1740 		}
1741 		free_mperm(freemp);
1742 	} else {
1743 		if (moddebug & MODDEBUG_MINORPERM) {
1744 			cmn_err(CE_CONT, MP_NO_MINOR,
1745 			    drvname, mp->mp_minorname);
1746 		}
1747 	}
1748 
1749 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1750 }
1751 
1752 /*
1753  * Add minor perm entry
1754  */
1755 static void
1756 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1757 {
1758 	mperm_t **mp_head;
1759 	mperm_t *freemp = NULL;
1760 	struct devnames *dnp = &devnamesp[major];
1761 	mperm_t **wildmp;
1762 
1763 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1764 
1765 	/*
1766 	 * Note that update_drv replace semantics require
1767 	 * replacing matching entries with the new permissions.
1768 	 */
1769 	LOCK_DEV_OPS(&dnp->dn_lock);
1770 	if (strcmp(mp->mp_minorname, "*") == 0) {
1771 		wildmp = ((is_clone == 0) ?
1772 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1773 		if (*wildmp)
1774 			freemp = *wildmp;
1775 		*wildmp = mp;
1776 	} else {
1777 		mperm_t *p, *v = NULL;
1778 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1779 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1780 				if (v == NULL)
1781 					dnp->dn_mperm = mp;
1782 				else
1783 					v->mp_next = mp;
1784 				mp->mp_next = p->mp_next;
1785 				freemp = p;
1786 				goto replaced;
1787 			}
1788 		}
1789 		if (p == NULL) {
1790 			mp_head = &dnp->dn_mperm;
1791 			if (*mp_head == NULL) {
1792 				*mp_head = mp;
1793 			} else {
1794 				mp->mp_next = *mp_head;
1795 				*mp_head = mp;
1796 			}
1797 		}
1798 	}
1799 replaced:
1800 	if (freemp) {
1801 		if (moddebug & MODDEBUG_MINORPERM) {
1802 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1803 			    drvname, freemp->mp_minorname,
1804 			    freemp->mp_mode & 0777,
1805 			    freemp->mp_uid, freemp->mp_gid);
1806 		}
1807 		free_mperm(freemp);
1808 	}
1809 	if (moddebug & MODDEBUG_MINORPERM) {
1810 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1811 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1812 		    mp->mp_uid, mp->mp_gid);
1813 	}
1814 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1815 }
1816 
1817 
1818 static int
1819 process_minorperm(int cmd, nvlist_t *nvl)
1820 {
1821 	char *minor;
1822 	major_t major;
1823 	mperm_t *mp;
1824 	nvpair_t *nvp;
1825 	char *name;
1826 	int is_clone;
1827 	major_t minmaj;
1828 
1829 	ASSERT(cmd == MODLOADMINORPERM ||
1830 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1831 
1832 	nvp = NULL;
1833 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1834 		name = nvpair_name(nvp);
1835 
1836 		is_clone = 0;
1837 		(void) nvpair_value_string(nvp, &minor);
1838 		major = ddi_name_to_major(name);
1839 		if (major != DDI_MAJOR_T_NONE) {
1840 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1841 			if (minor == NULL || strlen(minor) == 0) {
1842 				if (moddebug & MODDEBUG_MINORPERM) {
1843 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1844 				}
1845 				minor = "*";
1846 			}
1847 
1848 			/*
1849 			 * The minor name of a node using the clone
1850 			 * driver must be the driver name.  To avoid
1851 			 * multiple searches, we map entries in the form
1852 			 * clone:<driver> to <driver>:*.  This also allows us
1853 			 * to filter out some of the litter in /etc/minor_perm.
1854 			 * Minor perm alias entries where the name is not
1855 			 * the driver kept on the clone list itself.
1856 			 * This all seems very fragile as a driver could
1857 			 * be introduced with an existing alias name.
1858 			 */
1859 			if (strcmp(name, "clone") == 0) {
1860 				minmaj = ddi_name_to_major(minor);
1861 				if (minmaj != DDI_MAJOR_T_NONE) {
1862 					if (moddebug & MODDEBUG_MINORPERM) {
1863 						cmn_err(CE_CONT,
1864 						    "mapping %s:%s to %s:*\n",
1865 						    name, minor, minor);
1866 					}
1867 					major = minmaj;
1868 					name = minor;
1869 					minor = "*";
1870 					is_clone = 1;
1871 				}
1872 			}
1873 
1874 			if (mp) {
1875 				mp->mp_minorname =
1876 				    i_ddi_strdup(minor, KM_SLEEP);
1877 			}
1878 		} else {
1879 			mp = NULL;
1880 			if (moddebug & MODDEBUG_MINORPERM) {
1881 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1882 			}
1883 		}
1884 
1885 		/* mode */
1886 		nvp = nvlist_next_nvpair(nvl, nvp);
1887 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1888 		if (mp)
1889 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1890 		/* uid */
1891 		nvp = nvlist_next_nvpair(nvl, nvp);
1892 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1893 		if (mp)
1894 			(void) nvpair_value_uint32(nvp, &mp->mp_uid);
1895 		/* gid */
1896 		nvp = nvlist_next_nvpair(nvl, nvp);
1897 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1898 		if (mp) {
1899 			(void) nvpair_value_uint32(nvp, &mp->mp_gid);
1900 
1901 			if (cmd == MODREMMINORPERM) {
1902 				rem_minorperm(major, name, mp, is_clone);
1903 				free_mperm(mp);
1904 			} else {
1905 				add_minorperm(major, name, mp, is_clone);
1906 			}
1907 		}
1908 	}
1909 
1910 	if (cmd == MODLOADMINORPERM)
1911 		minorperm_loaded = 1;
1912 
1913 	/*
1914 	 * Reset permissions of cached dv_nodes
1915 	 */
1916 	(void) devfs_reset_perm(DV_RESET_PERM);
1917 
1918 	return (0);
1919 }
1920 
1921 static int
1922 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1923 {
1924 	int error;
1925 	nvlist_t *nvl;
1926 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1927 
1928 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1929 		kmem_free(buf, buflen);
1930 		return (error);
1931 	}
1932 
1933 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1934 	kmem_free(buf, buflen);
1935 	if (error)
1936 		return (error);
1937 
1938 	error = process_minorperm(cmd, nvl);
1939 	nvlist_free(nvl);
1940 	return (error);
1941 }
1942 
1943 struct walk_args {
1944 	char		*wa_drvname;
1945 	list_t		wa_pathlist;
1946 };
1947 
1948 struct path_elem {
1949 	char		*pe_dir;
1950 	char		*pe_nodename;
1951 	list_node_t	pe_node;
1952 	int		pe_dirlen;
1953 };
1954 
1955 /*ARGSUSED*/
1956 static int
1957 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1958 {
1959 	struct walk_args *wargs = (struct walk_args *)arg;
1960 	struct path_elem *pe;
1961 	char *nodename;
1962 
1963 	/*
1964 	 * Search may be restricted to a single driver in the case of rem_drv
1965 	 */
1966 	if (wargs->wa_drvname &&
1967 	    strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1968 		return (INST_WALK_CONTINUE);
1969 
1970 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1971 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1972 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1973 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1974 	nodename = strrchr(pe->pe_dir, '/');
1975 	*nodename++ = 0;
1976 	pe->pe_nodename = nodename;
1977 	list_insert_tail(&wargs->wa_pathlist, pe);
1978 
1979 	return (INST_WALK_CONTINUE);
1980 }
1981 
1982 /*
1983  * /devices attribute nodes clean-up optionally performed
1984  * when removing a driver (rem_drv -C).
1985  *
1986  * Removing attribute nodes allows a machine to be reprovisioned
1987  * without the side-effect of inadvertently picking up stale
1988  * device node ownership or permissions.
1989  *
1990  * Preserving attributes (not performing cleanup) allows devices
1991  * attribute changes to be preserved across upgrades, as
1992  * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1993  */
1994 static int
1995 modctl_remdrv_cleanup(const char *u_drvname)
1996 {
1997 	struct walk_args *wargs;
1998 	struct path_elem *pe;
1999 	char *drvname;
2000 	int err, rval = 0;
2001 
2002 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
2003 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
2004 		kmem_free(drvname, MAXMODCONFNAME);
2005 		return (err);
2006 	}
2007 
2008 	/*
2009 	 * First go through the instance database.  For each
2010 	 * instance of a device bound to the driver being
2011 	 * removed, remove any underlying devfs attribute nodes.
2012 	 *
2013 	 * This is a two-step process.	First we go through
2014 	 * the instance data itself, constructing a list of
2015 	 * the nodes discovered.  The second step is then
2016 	 * to find and remove any devfs attribute nodes
2017 	 * for the instances discovered in the first step.
2018 	 * The two-step process avoids any difficulties
2019 	 * which could arise by holding the instance data
2020 	 * lock with simultaneous devfs operations.
2021 	 */
2022 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2023 
2024 	wargs->wa_drvname = drvname;
2025 	list_create(&wargs->wa_pathlist,
2026 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2027 
2028 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2029 
2030 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2031 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2032 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2033 		    (const char *)pe->pe_nodename);
2034 		if (rval == 0)
2035 			rval = err;
2036 	}
2037 
2038 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2039 		list_remove(&wargs->wa_pathlist, pe);
2040 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2041 		kmem_free(pe, sizeof (*pe));
2042 	}
2043 	kmem_free(wargs, sizeof (*wargs));
2044 
2045 	/*
2046 	 * Pseudo nodes aren't recorded in the instance database
2047 	 * so any such nodes need to be handled separately.
2048 	 */
2049 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2050 	if (rval == 0)
2051 		rval = err;
2052 
2053 	kmem_free(drvname, MAXMODCONFNAME);
2054 	return (rval);
2055 }
2056 
2057 /*
2058  * Perform a cleanup of non-existent /devices attribute nodes,
2059  * similar to rem_drv -C, but for all drivers/devices.
2060  * This is also optional, performed as part of devfsadm -C.
2061  */
2062 void
2063 dev_devices_cleanup()
2064 {
2065 	struct walk_args *wargs;
2066 	struct path_elem *pe;
2067 	dev_info_t *devi;
2068 	char *path;
2069 	int err;
2070 
2071 	/*
2072 	 * It's expected that all drivers have been loaded and
2073 	 * module unloading disabled while performing cleanup.
2074 	 */
2075 	ASSERT(modunload_disable_count > 0);
2076 
2077 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2078 	wargs->wa_drvname = NULL;
2079 	list_create(&wargs->wa_pathlist,
2080 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2081 
2082 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2083 
2084 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2085 
2086 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2087 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2088 		(void) snprintf(path, MAXPATHLEN, "%s/%s",
2089 		    pe->pe_dir, pe->pe_nodename);
2090 		devi = e_ddi_hold_devi_by_path(path, 0);
2091 		if (devi != NULL) {
2092 			ddi_release_devi(devi);
2093 		} else {
2094 			err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2095 			    (const char *)pe->pe_nodename);
2096 			if (err) {
2097 				cmn_err(CE_CONT,
2098 				    "devfs: %s: clean-up error %d\n",
2099 				    path, err);
2100 			}
2101 		}
2102 	}
2103 
2104 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2105 		list_remove(&wargs->wa_pathlist, pe);
2106 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2107 		kmem_free(pe, sizeof (*pe));
2108 	}
2109 	kmem_free(wargs, sizeof (*wargs));
2110 	kmem_free(path, MAXPATHLEN);
2111 }
2112 
2113 static int
2114 modctl_allocpriv(const char *name)
2115 {
2116 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2117 	int error;
2118 
2119 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2120 		kmem_free(pstr, PRIVNAME_MAX);
2121 		return (error);
2122 	}
2123 	error = priv_getbyname(pstr, PRIV_ALLOC);
2124 	if (error < 0)
2125 		error = -error;
2126 	else
2127 		error = 0;
2128 	kmem_free(pstr, PRIVNAME_MAX);
2129 	return (error);
2130 }
2131 
2132 static int
2133 modctl_devexists(const char *upath, int pathlen)
2134 {
2135 	char	*path;
2136 	int	ret;
2137 
2138 	/*
2139 	 * copy in the path, including the terminating null
2140 	 */
2141 	pathlen++;
2142 	if (pathlen <= 1 || pathlen > MAXPATHLEN)
2143 		return (EINVAL);
2144 	path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2145 	if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2146 		ret = sdev_modctl_devexists(path);
2147 	}
2148 
2149 	kmem_free(path, pathlen + 1);
2150 	return (ret);
2151 }
2152 
2153 static int
2154 modctl_devreaddir(const char *udir, int udirlen,
2155     char *upaths, int64_t *ulensp)
2156 {
2157 	char	*paths = NULL;
2158 	char	**dirlist = NULL;
2159 	char	*dir;
2160 	int64_t	ulens;
2161 	int64_t	lens;
2162 	int	i, n;
2163 	int	ret = 0;
2164 	char	*p;
2165 	int	npaths;
2166 	int	npaths_alloc;
2167 
2168 	/*
2169 	 * If upaths is NULL then we are only computing the amount of space
2170 	 * needed to return the paths, with the value returned in *ulensp. If we
2171 	 * are copying out paths then we get the amount of space allocated by
2172 	 * the caller. If the actual space needed for paths is larger, or
2173 	 * things are changing out from under us, then we return EAGAIN.
2174 	 */
2175 	if (upaths) {
2176 		if (ulensp == NULL)
2177 			return (EINVAL);
2178 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2179 			return (EFAULT);
2180 	}
2181 
2182 	/*
2183 	 * copyin the /dev path including terminating null
2184 	 */
2185 	udirlen++;
2186 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2187 		return (EINVAL);
2188 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2189 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2190 		goto err;
2191 
2192 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2193 	    &npaths, &npaths_alloc, 0)) != 0) {
2194 		ASSERT(dirlist == NULL);
2195 		goto err;
2196 	}
2197 
2198 	lens = 0;
2199 	for (i = 0; i < npaths; i++) {
2200 		lens += strlen(dirlist[i]) + 1;
2201 	}
2202 	lens++;		/* add one for double termination */
2203 
2204 	if (upaths) {
2205 		if (lens > ulens) {
2206 			ret = EAGAIN;
2207 			goto out;
2208 		}
2209 
2210 		paths = kmem_alloc(lens, KM_SLEEP);
2211 
2212 		p = paths;
2213 		for (i = 0; i < npaths; i++) {
2214 			n = strlen(dirlist[i]) + 1;
2215 			bcopy(dirlist[i], p, n);
2216 			p += n;
2217 		}
2218 		*p = 0;
2219 
2220 		if (copyout(paths, upaths, lens)) {
2221 			ret = EFAULT;
2222 			goto err;
2223 		}
2224 	}
2225 
2226 out:
2227 	/* copy out the amount of space needed to hold the paths */
2228 	if (copyout(&lens, ulensp, sizeof (lens)))
2229 		ret = EFAULT;
2230 
2231 err:
2232 	if (dirlist)
2233 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2234 	if (paths)
2235 		kmem_free(paths, lens);
2236 	kmem_free(dir, udirlen + 1);
2237 	return (ret);
2238 }
2239 
2240 static int
2241 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2242 {
2243 	char	*dir;
2244 	int	ret;
2245 	char	**dirlist = NULL;
2246 	int	npaths;
2247 	int	npaths_alloc;
2248 	int	empty;
2249 
2250 	/*
2251 	 * copyin the /dev path including terminating null
2252 	 */
2253 	udirlen++;
2254 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2255 		return (EINVAL);
2256 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2257 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2258 		goto err;
2259 
2260 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2261 	    &npaths, &npaths_alloc, 1)) != 0) {
2262 		goto err;
2263 	}
2264 
2265 	empty = npaths ? 0 : 1;
2266 	if (copyout(&empty, uempty, sizeof (empty)))
2267 		ret = EFAULT;
2268 
2269 err:
2270 	if (dirlist)
2271 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2272 	kmem_free(dir, udirlen + 1);
2273 	return (ret);
2274 }
2275 
2276 static int
2277 modctl_hp(int subcmd, const char *path, char *cn_name, uintptr_t arg,
2278     uintptr_t rval)
2279 {
2280 	int error = 0;
2281 	size_t pathsz, namesz;
2282 	char *devpath, *cn_name_str;
2283 
2284 	if (path == NULL)
2285 		return (EINVAL);
2286 
2287 	devpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
2288 	error = copyinstr(path, devpath, MAXPATHLEN, &pathsz);
2289 	if (error != 0) {
2290 		kmem_free(devpath, MAXPATHLEN);
2291 		return (EFAULT);
2292 	}
2293 
2294 	cn_name_str = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2295 	error = copyinstr(cn_name, cn_name_str, MAXNAMELEN, &namesz);
2296 	if (error != 0) {
2297 		kmem_free(devpath, MAXPATHLEN);
2298 		kmem_free(cn_name_str, MAXNAMELEN);
2299 
2300 		return (EFAULT);
2301 	}
2302 
2303 	switch (subcmd) {
2304 	case MODHPOPS_CHANGE_STATE:
2305 		error = ddihp_modctl(DDI_HPOP_CN_CHANGE_STATE, devpath,
2306 		    cn_name_str, arg, 0);
2307 		break;
2308 	case MODHPOPS_CREATE_PORT:
2309 		/* Create an empty PORT */
2310 		error = ddihp_modctl(DDI_HPOP_CN_CREATE_PORT, devpath,
2311 		    cn_name_str, 0, 0);
2312 		break;
2313 	case MODHPOPS_REMOVE_PORT:
2314 		/* Remove an empty PORT */
2315 		error = ddihp_modctl(DDI_HPOP_CN_REMOVE_PORT, devpath,
2316 		    cn_name_str, 0, 0);
2317 		break;
2318 	case MODHPOPS_BUS_GET:
2319 		error = ddihp_modctl(DDI_HPOP_CN_GET_PROPERTY, devpath,
2320 		    cn_name_str, arg, rval);
2321 		break;
2322 	case MODHPOPS_BUS_SET:
2323 		error = ddihp_modctl(DDI_HPOP_CN_SET_PROPERTY, devpath,
2324 		    cn_name_str, arg, rval);
2325 		break;
2326 	default:
2327 		error = ENOTSUP;
2328 		break;
2329 	}
2330 
2331 	kmem_free(devpath, MAXPATHLEN);
2332 	kmem_free(cn_name_str, MAXNAMELEN);
2333 
2334 	return (error);
2335 }
2336 
2337 int
2338 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2339 {
2340 	int error = 0;
2341 
2342 	switch (subcmd) {
2343 	case MODDEVNAME_LOOKUPDOOR:
2344 		error = devname_filename_register((char *)a1);
2345 		break;
2346 	case MODDEVNAME_PROFILE:
2347 		error = devname_profile_update((char *)a1, (size_t)a2);
2348 		break;
2349 	case MODDEVNAME_RECONFIG:
2350 		i_ddi_set_reconfig();
2351 		break;
2352 	case MODDEVNAME_SYSAVAIL:
2353 		i_ddi_set_sysavail();
2354 		break;
2355 	default:
2356 		error = EINVAL;
2357 		break;
2358 	}
2359 
2360 	return (error);
2361 }
2362 
2363 /*ARGSUSED5*/
2364 int
2365 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2366     uintptr_t a5)
2367 {
2368 	int	error = EINVAL;
2369 	dev_t	dev;
2370 
2371 	if (secpolicy_modctl(CRED(), cmd) != 0)
2372 		return (set_errno(EPERM));
2373 
2374 	switch (cmd) {
2375 	case MODLOAD:		/* load a module */
2376 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2377 		break;
2378 
2379 	case MODUNLOAD:		/* unload a module */
2380 		error = modctl_modunload((modid_t)a1);
2381 		break;
2382 
2383 	case MODINFO:		/* get module status */
2384 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2385 		break;
2386 
2387 	case MODRESERVED:	/* get last major number in range */
2388 		error = modctl_modreserve((modid_t)a1, (int *)a2);
2389 		break;
2390 
2391 	case MODSETMINIROOT:	/* we are running in miniroot */
2392 		isminiroot = 1;
2393 		error = 0;
2394 		break;
2395 
2396 	case MODADDMAJBIND:	/* add major / driver alias bindings */
2397 		error = modctl_add_driver_aliases((int *)a2);
2398 		break;
2399 
2400 	case MODGETPATHLEN:	/* get modpath length */
2401 		error = modctl_getmodpathlen((int *)a2);
2402 		break;
2403 
2404 	case MODGETPATH:	/* get modpath */
2405 		error = modctl_getmodpath((char *)a2);
2406 		break;
2407 
2408 	case MODREADSYSBIND:	/* read system call binding file */
2409 		error = modctl_read_sysbinding_file();
2410 		break;
2411 
2412 	case MODGETMAJBIND:	/* get major number for named device */
2413 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2414 		break;
2415 
2416 	case MODGETNAME:	/* get name of device given major number */
2417 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2418 		break;
2419 
2420 	case MODDEVT2INSTANCE:
2421 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2422 			dev = (dev_t)a1;
2423 		}
2424 #ifdef _SYSCALL32_IMPL
2425 		else {
2426 			dev = expldev(a1);
2427 		}
2428 #endif
2429 		error = modctl_devt2instance(dev, (int *)a2);
2430 		break;
2431 
2432 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
2433 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2434 			dev = (dev_t)a1;
2435 		}
2436 #ifdef _SYSCALL32_IMPL
2437 		else {
2438 			dev = expldev(a1);
2439 		}
2440 #endif
2441 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
2442 		break;
2443 
2444 	case MODGETDEVID:	/* get device id of device given dev_t */
2445 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2446 			dev = (dev_t)a1;
2447 		}
2448 #ifdef _SYSCALL32_IMPL
2449 		else {
2450 			dev = expldev(a1);
2451 		}
2452 #endif
2453 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2454 		break;
2455 
2456 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm (dev_t,spectype) */
2457 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2458 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2459 			    (uint_t *)a3);
2460 		}
2461 #ifdef _SYSCALL32_IMPL
2462 		else {
2463 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2464 			    (uint_t *)a3);
2465 		}
2466 
2467 #endif
2468 		break;
2469 
2470 	case MODGETMINORNAME:		/* get minor name of (dev_t,spectype) */
2471 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2472 			error = modctl_get_minorname((dev_t)a1, (int)a2,
2473 			    (uint_t)a3, (char *)a4);
2474 		}
2475 #ifdef _SYSCALL32_IMPL
2476 		else {
2477 			error = modctl_get_minorname(expldev(a1), (int)a2,
2478 			    (uint_t)a3, (char *)a4);
2479 		}
2480 #endif
2481 		break;
2482 
2483 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of (dev_t,spectype) */
2484 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2485 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
2486 			    (uint_t *)a3);
2487 		}
2488 #ifdef _SYSCALL32_IMPL
2489 		else {
2490 			error = modctl_devfspath_len(expldev(a1), (int)a2,
2491 			    (uint_t *)a3);
2492 		}
2493 
2494 #endif
2495 		break;
2496 
2497 	case MODGETDEVFSPATH:		/* get path name of (dev_t,spec) type */
2498 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2499 			error = modctl_devfspath((dev_t)a1, (int)a2,
2500 			    (uint_t)a3, (char *)a4);
2501 		}
2502 #ifdef _SYSCALL32_IMPL
2503 		else {
2504 			error = modctl_devfspath(expldev(a1), (int)a2,
2505 			    (uint_t)a3, (char *)a4);
2506 		}
2507 #endif
2508 		break;
2509 
2510 	case MODGETDEVFSPATH_MI_LEN:	/* sizeof path nm of (major,instance) */
2511 		error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2512 		    (uint_t *)a3);
2513 		break;
2514 
2515 	case MODGETDEVFSPATH_MI:	/* get path name of (major,instance) */
2516 		error = modctl_devfspath_mi((major_t)a1, (int)a2,
2517 		    (uint_t)a3, (char *)a4);
2518 		break;
2519 
2520 
2521 	case MODEVENTS:
2522 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2523 		break;
2524 
2525 	case MODGETFBNAME:	/* get the framebuffer name */
2526 		error = modctl_get_fbname((char *)a1);
2527 		break;
2528 
2529 	case MODREREADDACF:	/* reread dacf rule database from given file */
2530 		error = modctl_reread_dacf((char *)a1);
2531 		break;
2532 
2533 	case MODLOADDRVCONF:	/* load driver.conf file for major */
2534 		error = modctl_load_drvconf((major_t)a1, (int)a2);
2535 		break;
2536 
2537 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
2538 		error = modctl_unload_drvconf((major_t)a1);
2539 		break;
2540 
2541 	case MODREMMAJBIND:	/* remove a major binding */
2542 		error = modctl_rem_major((major_t)a1);
2543 		break;
2544 
2545 	case MODREMDRVALIAS:	/* remove a major/alias binding */
2546 		error = modctl_remove_driver_aliases((int *)a2);
2547 		break;
2548 
2549 	case MODDEVID2PATHS:	/* get paths given devid */
2550 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2551 		    (uint_t)a3, (size_t *)a4, (char *)a5);
2552 		break;
2553 
2554 	case MODSETDEVPOLICY:	/* establish device policy */
2555 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2556 		break;
2557 
2558 	case MODGETDEVPOLICY:	/* get device policy */
2559 		error = devpolicy_get((int *)a1, (size_t)a2,
2560 		    (devplcysys_t *)a3);
2561 		break;
2562 
2563 	case MODALLOCPRIV:
2564 		error = modctl_allocpriv((const char *)a1);
2565 		break;
2566 
2567 	case MODGETDEVPOLICYBYNAME:
2568 		error = devpolicy_getbyname((size_t)a1,
2569 		    (devplcysys_t *)a2, (char *)a3);
2570 		break;
2571 
2572 	case MODLOADMINORPERM:
2573 	case MODADDMINORPERM:
2574 	case MODREMMINORPERM:
2575 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2576 		break;
2577 
2578 	case MODREMDRVCLEANUP:
2579 		error = modctl_remdrv_cleanup((const char *)a1);
2580 		break;
2581 
2582 	case MODDEVEXISTS:	/* non-reconfiguring /dev lookup */
2583 		error = modctl_devexists((const char *)a1, (size_t)a2);
2584 		break;
2585 
2586 	case MODDEVREADDIR:	/* non-reconfiguring /dev readdir */
2587 		error = modctl_devreaddir((const char *)a1, (size_t)a2,
2588 		    (char *)a3, (int64_t *)a4);
2589 		break;
2590 
2591 	case MODDEVEMPTYDIR:	/* non-reconfiguring /dev emptydir */
2592 		error = modctl_devemptydir((const char *)a1, (size_t)a2,
2593 		    (int *)a3);
2594 		break;
2595 
2596 	case MODDEVNAME:
2597 		error = modctl_moddevname((int)a1, a2, a3);
2598 		break;
2599 
2600 	case MODRETIRE:	/* retire device named by physpath a1 */
2601 		error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2602 		break;
2603 
2604 	case MODISRETIRED:  /* check if a device is retired. */
2605 		error = modctl_is_retired((char *)a1, (int *)a2);
2606 		break;
2607 
2608 	case MODUNRETIRE:	/* unretire device named by physpath a1 */
2609 		error = modctl_unretire((char *)a1);
2610 		break;
2611 
2612 	case MODHPOPS:	/* hotplug operations */
2613 		/* device named by physpath a2 and Connection name a3 */
2614 		error = modctl_hp((int)a1, (char *)a2, (char *)a3, a4, a5);
2615 		break;
2616 
2617 	default:
2618 		error = EINVAL;
2619 		break;
2620 	}
2621 
2622 	return (error ? set_errno(error) : 0);
2623 }
2624 
2625 /*
2626  * Calls to kobj_load_module()() are handled off to this routine in a
2627  * separate thread.
2628  */
2629 static void
2630 modload_thread(struct loadmt *ltp)
2631 {
2632 	/* load the module and signal the creator of this thread */
2633 	kmutex_t	cpr_lk;
2634 	callb_cpr_t	cpr_i;
2635 
2636 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2637 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2638 	/* borrow the devi lock from thread which invoked us */
2639 	pm_borrow_lock(ltp->owner);
2640 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2641 	pm_return_lock();
2642 	sema_v(&ltp->sema);
2643 	mutex_enter(&cpr_lk);
2644 	CALLB_CPR_EXIT(&cpr_i);
2645 	mutex_destroy(&cpr_lk);
2646 	thread_exit();
2647 }
2648 
2649 /*
2650  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2651  * is specified then an errno is returned, otherwise a module index is
2652  * returned (-1 on error).
2653  */
2654 static int
2655 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2656 {
2657 	struct modctl *modp;
2658 	size_t size;
2659 	char *fullname;
2660 	int retval = EINVAL;
2661 	int id = -1;
2662 
2663 	if (rmodp)
2664 		*rmodp = NULL;			/* avoid garbage */
2665 
2666 	if (subdir != NULL) {
2667 		/*
2668 		 * refuse / in filename to prevent "../" escapes.
2669 		 */
2670 		if (strchr(filename, '/') != NULL)
2671 			return (rmodp ? retval : id);
2672 
2673 		/*
2674 		 * allocate enough space for <subdir>/<filename><NULL>
2675 		 */
2676 		size = strlen(subdir) + strlen(filename) + 2;
2677 		fullname = kmem_zalloc(size, KM_SLEEP);
2678 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2679 	} else {
2680 		fullname = (char *)filename;
2681 	}
2682 
2683 	modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2684 	if (modp != NULL) {
2685 		id = modp->mod_id;
2686 		if (rmodp) {
2687 			/* add mod_ref and return *rmodp */
2688 			mutex_enter(&mod_lock);
2689 			modp->mod_ref++;
2690 			mutex_exit(&mod_lock);
2691 			*rmodp = modp;
2692 		}
2693 		mod_release_mod(modp);
2694 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
2695 	}
2696 
2697 done:	if (subdir != NULL)
2698 		kmem_free(fullname, size);
2699 	return (rmodp ? retval : id);
2700 }
2701 
2702 /*
2703  * This is the primary kernel interface to load a module. It loads and
2704  * installs the named module.  It does not hold mod_ref of the module, so
2705  * a module unload attempt can occur at any time - it is up to the
2706  * _fini/mod_remove implementation to determine if unload will succeed.
2707  */
2708 int
2709 modload(const char *subdir, const char *filename)
2710 {
2711 	return (modrload(subdir, filename, NULL));
2712 }
2713 
2714 /*
2715  * Load a module using a series of qualified names from most specific to least
2716  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2717  *			Value returned in *chosen
2718  * foo/bar.baz.1.2.3	3
2719  * foo/bar.baz.1.2	2
2720  * foo/bar.baz.1	1
2721  * foo/bar.baz		0
2722  *
2723  * Return the module ID on success; -1 if no module was loaded.  On success
2724  * and if 'chosen' is not NULL we also return the number of suffices that
2725  * were in the module we chose to load.
2726  */
2727 int
2728 modload_qualified(const char *subdir, const char *p1,
2729     const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2730 {
2731 	char path[MOD_MAXPATH];
2732 	size_t n, resid = sizeof (path);
2733 	char *p = path;
2734 
2735 	char **dotv;
2736 	int i, rc, id;
2737 	modctl_t *mp;
2738 
2739 	if (p2 != NULL)
2740 		n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2741 	else
2742 		n = snprintf(p, resid, "%s/%s", subdir, p1);
2743 
2744 	if (n >= resid)
2745 		return (-1);
2746 
2747 	p += n;
2748 	resid -= n;
2749 	dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2750 
2751 	for (i = 0; i < suffc; i++) {
2752 		dotv[i] = p;
2753 		n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2754 
2755 		if (n >= resid) {
2756 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2757 			return (-1);
2758 		}
2759 
2760 		p += n;
2761 		resid -= n;
2762 	}
2763 
2764 	dotv[suffc] = p;
2765 
2766 	for (i = suffc; i >= 0; i--) {
2767 		dotv[i][0] = '\0';
2768 		mp = mod_hold_installed_mod(path, 1, 1, &rc);
2769 
2770 		if (mp != NULL) {
2771 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2772 			id = mp->mod_id;
2773 			mod_release_mod(mp);
2774 			if (chosen != NULL)
2775 				*chosen = i;
2776 			return (id);
2777 		}
2778 	}
2779 
2780 	kmem_free(dotv, sizeof (char *) * (suffc + 1));
2781 	return (-1);
2782 }
2783 
2784 /*
2785  * Load a module.
2786  */
2787 int
2788 modloadonly(const char *subdir, const char *filename)
2789 {
2790 	struct modctl *modp;
2791 	char *fullname;
2792 	size_t size;
2793 	int id, retval;
2794 
2795 	if (subdir != NULL) {
2796 		/*
2797 		 * allocate enough space for <subdir>/<filename><NULL>
2798 		 */
2799 		size = strlen(subdir) + strlen(filename) + 2;
2800 		fullname = kmem_zalloc(size, KM_SLEEP);
2801 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2802 	} else {
2803 		fullname = (char *)filename;
2804 	}
2805 
2806 	id = -1;
2807 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2808 	if (modp) {
2809 		id = modp->mod_id;
2810 		mod_release_mod(modp);
2811 	}
2812 
2813 	if (subdir != NULL)
2814 		kmem_free(fullname, size);
2815 
2816 	if (retval == 0)
2817 		return (id);
2818 	return (-1);
2819 }
2820 
2821 /*
2822  * Try to uninstall and unload a module, removing a reference if caller
2823  * specifies rmodp.
2824  */
2825 static int
2826 modunrload(modid_t id, struct modctl **rmodp, int unload)
2827 {
2828 	struct modctl	*modp;
2829 	int		retval;
2830 
2831 	if (rmodp)
2832 		*rmodp = NULL;			/* avoid garbage */
2833 
2834 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2835 		return (EINVAL);
2836 
2837 	if (rmodp) {
2838 		mutex_enter(&mod_lock);
2839 		modp->mod_ref--;
2840 		if (modp->mod_ref == 0)
2841 			mod_uninstall_ref_zero++;
2842 		mutex_exit(&mod_lock);
2843 		*rmodp = modp;
2844 	}
2845 
2846 	if (unload) {
2847 		retval = moduninstall(modp);
2848 		if (retval == 0) {
2849 			mod_unload(modp);
2850 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2851 		} else if (retval == EALREADY)
2852 			retval = 0;	/* already unloaded, not an error */
2853 	} else
2854 		retval = 0;
2855 
2856 	mod_release_mod(modp);
2857 	return (retval);
2858 }
2859 
2860 /*
2861  * Uninstall and unload a module.
2862  */
2863 int
2864 modunload(modid_t id)
2865 {
2866 	int		retval;
2867 
2868 	/* synchronize with any active modunload_disable() */
2869 	modunload_begin();
2870 	if (ddi_root_node())
2871 		(void) devfs_clean(ddi_root_node(), NULL, 0);
2872 	retval = modunrload(id, NULL, 1);
2873 	modunload_end();
2874 	return (retval);
2875 }
2876 
2877 /*
2878  * Return status of a loaded module.
2879  */
2880 static int
2881 modinfo(modid_t id, struct modinfo *modinfop)
2882 {
2883 	struct modctl	*modp;
2884 	modid_t		mid;
2885 	int		i;
2886 
2887 	mid = modinfop->mi_id;
2888 	if (modinfop->mi_info & MI_INFO_ALL) {
2889 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2890 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2891 			    modp->mod_installed)
2892 				break;
2893 			mod_release_mod(modp);
2894 		}
2895 		if (modp == NULL)
2896 			return (EINVAL);
2897 	} else {
2898 		modp = mod_hold_by_id(id);
2899 		if (modp == NULL)
2900 			return (EINVAL);
2901 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2902 		    (modp->mod_installed == 0)) {
2903 			mod_release_mod(modp);
2904 			return (EINVAL);
2905 		}
2906 	}
2907 
2908 	modinfop->mi_rev = 0;
2909 	modinfop->mi_state = 0;
2910 	for (i = 0; i < MODMAXLINK; i++) {
2911 		modinfop->mi_msinfo[i].msi_p0 = -1;
2912 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2913 	}
2914 	if (modp->mod_loaded) {
2915 		modinfop->mi_state = MI_LOADED;
2916 		kobj_getmodinfo(modp->mod_mp, modinfop);
2917 	}
2918 	if (modp->mod_installed) {
2919 		modinfop->mi_state |= MI_INSTALLED;
2920 
2921 		(void) mod_getinfo(modp, modinfop);
2922 	}
2923 
2924 	modinfop->mi_id = modp->mod_id;
2925 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2926 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2927 
2928 	mod_release_mod(modp);
2929 	return (0);
2930 }
2931 
2932 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2933 static char no_err[] = "No error function for weak stub %s";
2934 
2935 /*
2936  * used by the stubs themselves to load and hold a module.
2937  * Returns  0 if the module is successfully held;
2938  *	    the stub needs to call mod_release_stub().
2939  *	    -1 if the stub should just call the err_fcn.
2940  * Note that this code is stretched out so that we avoid subroutine calls
2941  * and optimize for the most likely case.  That is, the case where the
2942  * module is loaded and installed and not held.  In that case we just inc
2943  * the mod_ref count and continue.
2944  */
2945 int
2946 mod_hold_stub(struct mod_stub_info *stub)
2947 {
2948 	struct modctl *mp;
2949 	struct mod_modinfo *mip;
2950 
2951 	mip = stub->mods_modinfo;
2952 
2953 	mutex_enter(&mod_lock);
2954 
2955 	/* we do mod_hold_by_modctl inline for speed */
2956 
2957 mod_check_again:
2958 	if ((mp = mip->mp) != NULL) {
2959 		if (mp->mod_busy == 0) {
2960 			if (mp->mod_installed) {
2961 				/* increment the reference count */
2962 				mp->mod_ref++;
2963 				ASSERT(mp->mod_ref && mp->mod_installed);
2964 				mutex_exit(&mod_lock);
2965 				return (0);
2966 			} else {
2967 				mp->mod_busy = 1;
2968 				mp->mod_inprogress_thread =
2969 				    (curthread == NULL ?
2970 				    (kthread_id_t)-1 : curthread);
2971 			}
2972 		} else {
2973 			/*
2974 			 * wait one time and then go see if someone
2975 			 * else has resolved the stub (set mip->mp).
2976 			 */
2977 			if (mod_hold_by_modctl(mp,
2978 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2979 				goto mod_check_again;
2980 
2981 			/*
2982 			 * what we have now may have been unloaded!, in
2983 			 * that case, mip->mp will be NULL, we'll hit this
2984 			 * module and load again..
2985 			 */
2986 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2987 		}
2988 		mutex_exit(&mod_lock);
2989 	} else {
2990 		/* first time we've hit this module */
2991 		mutex_exit(&mod_lock);
2992 		mp = mod_hold_by_name(mip->modm_module_name);
2993 		mip->mp = mp;
2994 	}
2995 
2996 	/*
2997 	 * If we are here, it means that the following conditions
2998 	 * are satisfied.
2999 	 *
3000 	 * mip->mp != NULL
3001 	 * this thread has set the mp->mod_busy = 1
3002 	 * mp->mod_installed = 0
3003 	 *
3004 	 */
3005 	ASSERT(mp != NULL);
3006 	ASSERT(mp->mod_busy == 1);
3007 
3008 	if (mp->mod_installed == 0) {
3009 		/* Module not loaded, if weak stub don't load it */
3010 		if (stub->mods_flag & MODS_WEAK) {
3011 			if (stub->mods_errfcn == NULL) {
3012 				mod_release_mod(mp);
3013 				cmn_err(CE_PANIC, no_err,
3014 				    mip->modm_module_name);
3015 			}
3016 		} else {
3017 			/* Not a weak stub so load the module */
3018 
3019 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
3020 				/*
3021 				 * If mod_load() was successful
3022 				 * and modinstall() failed, then
3023 				 * unload the module.
3024 				 */
3025 				if (mp->mod_loaded)
3026 					mod_unload(mp);
3027 
3028 				mod_release_mod(mp);
3029 				if (stub->mods_errfcn == NULL) {
3030 					cmn_err(CE_PANIC, mod_stub_err,
3031 					    mip->modm_module_name);
3032 				} else {
3033 					return (-1);
3034 				}
3035 			}
3036 		}
3037 	}
3038 
3039 	/*
3040 	 * At this point module is held and loaded. Release
3041 	 * the mod_busy and mod_inprogress_thread before
3042 	 * returning. We actually call mod_release() here so
3043 	 * that if another stub wants to access this module,
3044 	 * it can do so. mod_ref is incremented before mod_release()
3045 	 * is called to prevent someone else from snatching the
3046 	 * module from this thread.
3047 	 */
3048 	mutex_enter(&mod_lock);
3049 	mp->mod_ref++;
3050 	ASSERT(mp->mod_ref &&
3051 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3052 	mod_release(mp);
3053 	mutex_exit(&mod_lock);
3054 	return (0);
3055 }
3056 
3057 void
3058 mod_release_stub(struct mod_stub_info *stub)
3059 {
3060 	struct modctl *mp = stub->mods_modinfo->mp;
3061 
3062 	/* inline mod_release_mod */
3063 	mutex_enter(&mod_lock);
3064 	ASSERT(mp->mod_ref &&
3065 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3066 	mp->mod_ref--;
3067 	if (mp->mod_ref == 0)
3068 		mod_uninstall_ref_zero++;
3069 	if (mp->mod_want) {
3070 		mp->mod_want = 0;
3071 		cv_broadcast(&mod_cv);
3072 	}
3073 	mutex_exit(&mod_lock);
3074 }
3075 
3076 static struct modctl *
3077 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
3078 {
3079 	struct modctl *modp;
3080 	int retval;
3081 
3082 	/*
3083 	 * Hold the module.
3084 	 */
3085 	modp = mod_hold_by_name_requisite(dep, filename);
3086 	if (modp) {
3087 		retval = mod_load(modp, 1);
3088 		if (retval != 0) {
3089 			mod_release_mod(modp);
3090 			modp = NULL;
3091 		}
3092 		*status = retval;
3093 	} else {
3094 		*status = ENOSPC;
3095 	}
3096 
3097 	/*
3098 	 * if dep is not NULL, clear the module dependency information.
3099 	 * This information is set in mod_hold_by_name_common().
3100 	 */
3101 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
3102 		ASSERT(dep->mod_busy);
3103 		dep->mod_requisite_loading = NULL;
3104 	}
3105 
3106 	return (modp);
3107 }
3108 
3109 /*
3110  * hold, load, and install the named module
3111  */
3112 static struct modctl *
3113 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3114 {
3115 	struct modctl *modp;
3116 	int retval;
3117 
3118 	/*
3119 	 * Verify that that module in question actually exists on disk
3120 	 * before allocation of module structure by mod_hold_by_name.
3121 	 */
3122 	if (modrootloaded && swaploaded || forcecheck) {
3123 		if (!kobj_path_exists(name, usepath)) {
3124 			*r = ENOENT;
3125 			return (NULL);
3126 		}
3127 	}
3128 
3129 	/*
3130 	 * Hold the module.
3131 	 */
3132 	modp = mod_hold_by_name(name);
3133 	if (modp) {
3134 		retval = mod_load(modp, usepath);
3135 		if (retval != 0) {
3136 			mod_release_mod(modp);
3137 			modp = NULL;
3138 			*r = retval;
3139 		} else {
3140 			if ((*r = modinstall(modp)) != 0) {
3141 				/*
3142 				 * We loaded it, but failed to _init() it.
3143 				 * Be kind to developers -- force it
3144 				 * out of memory now so that the next
3145 				 * attempt to use the module will cause
3146 				 * a reload.  See 1093793.
3147 				 */
3148 				mod_unload(modp);
3149 				mod_release_mod(modp);
3150 				modp = NULL;
3151 			}
3152 		}
3153 	} else {
3154 		*r = ENOSPC;
3155 	}
3156 	return (modp);
3157 }
3158 
3159 static char mod_excl_msg[] =
3160 	"module %s(%s) is EXCLUDED and will not be loaded\n";
3161 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3162 
3163 /*
3164  * This routine is needed for dependencies.  Users specify dependencies
3165  * by declaring a character array initialized to filenames of dependents.
3166  * So the code that handles dependents deals with filenames (and not
3167  * module names) because that's all it has.  We load by filename and once
3168  * we've loaded a file we can get the module name.
3169  * Unfortunately there isn't a single unified filename/modulename namespace.
3170  * C'est la vie.
3171  *
3172  * We allow the name being looked up to be prepended by an optional
3173  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3174  */
3175 struct modctl *
3176 mod_find_by_filename(char *subdir, char *filename)
3177 {
3178 	struct modctl	*mp;
3179 	size_t		sublen;
3180 
3181 	ASSERT(!MUTEX_HELD(&mod_lock));
3182 	if (subdir != NULL)
3183 		sublen = strlen(subdir);
3184 	else
3185 		sublen = 0;
3186 
3187 	mutex_enter(&mod_lock);
3188 	mp = &modules;
3189 	do {
3190 		if (sublen) {
3191 			char *mod_filename = mp->mod_filename;
3192 
3193 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
3194 			    mod_filename[sublen] == '/' &&
3195 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3196 				mutex_exit(&mod_lock);
3197 				return (mp);
3198 			}
3199 		} else if (strcmp(filename, mp->mod_filename) == 0) {
3200 			mutex_exit(&mod_lock);
3201 			return (mp);
3202 		}
3203 	} while ((mp = mp->mod_next) != &modules);
3204 	mutex_exit(&mod_lock);
3205 	return (NULL);
3206 }
3207 
3208 /*
3209  * Check for circular dependencies.  This is called from do_dependents()
3210  * in kobj.c.  If we are the thread already loading this module, then
3211  * we're trying to load a dependent that we're already loading which
3212  * means the user specified circular dependencies.
3213  */
3214 static int
3215 mod_circdep(struct modctl *modp)
3216 {
3217 	struct modctl	*rmod;
3218 
3219 	ASSERT(MUTEX_HELD(&mod_lock));
3220 
3221 	/*
3222 	 * Check the mod_inprogress_thread first.
3223 	 * mod_inprogress_thread is used in mod_hold_stub()
3224 	 * directly to improve performance.
3225 	 */
3226 	if (modp->mod_inprogress_thread == curthread)
3227 		return (1);
3228 
3229 	/*
3230 	 * Check the module circular dependencies.
3231 	 */
3232 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3233 		/*
3234 		 * Check if there is a module circular dependency.
3235 		 */
3236 		if (rmod->mod_requisite_loading == modp)
3237 			return (1);
3238 	}
3239 	return (0);
3240 }
3241 
3242 static int
3243 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3244 {
3245 	int (*func)(struct modinfo *);
3246 	int retval;
3247 
3248 	ASSERT(modp->mod_busy);
3249 
3250 	/* primary modules don't do getinfo */
3251 	if (modp->mod_prim)
3252 		return (0);
3253 
3254 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3255 
3256 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3257 		cmn_err(CE_WARN, "_info() not defined properly in %s",
3258 		    modp->mod_filename);
3259 		/*
3260 		 * The semantics of mod_info(9F) are that 0 is failure
3261 		 * and non-zero is success.
3262 		 */
3263 		retval = 0;
3264 	} else
3265 		retval = (*func)(modinfop);	/* call _info() function */
3266 
3267 	if (moddebug & MODDEBUG_USERDEBUG)
3268 		printf("Returned from _info, retval = %x\n", retval);
3269 
3270 	return (retval);
3271 }
3272 
3273 static void
3274 modadd(struct modctl *mp)
3275 {
3276 	ASSERT(MUTEX_HELD(&mod_lock));
3277 
3278 	mp->mod_id = last_module_id++;
3279 	mp->mod_next = &modules;
3280 	mp->mod_prev = modules.mod_prev;
3281 	modules.mod_prev->mod_next = mp;
3282 	modules.mod_prev = mp;
3283 }
3284 
3285 /*ARGSUSED*/
3286 static struct modctl *
3287 allocate_modp(const char *filename, const char *modname)
3288 {
3289 	struct modctl *mp;
3290 
3291 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3292 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3293 	(void) strcpy(mp->mod_modname, modname);
3294 	return (mp);
3295 }
3296 
3297 /*
3298  * Get the value of a symbol.  This is a wrapper routine that
3299  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3300  * wrapper will prevent callers from noticing.
3301  */
3302 uintptr_t
3303 modgetsymvalue(char *name, int kernelonly)
3304 {
3305 	return (kobj_getsymvalue(name, kernelonly));
3306 }
3307 
3308 /*
3309  * Get the symbol nearest an address.  This is a wrapper routine that
3310  * calls kobj_getsymname().  kobj_getsymname() may go away but this
3311  * wrapper will prevent callers from noticing.
3312  */
3313 char *
3314 modgetsymname(uintptr_t value, ulong_t *offset)
3315 {
3316 	return (kobj_getsymname(value, offset));
3317 }
3318 
3319 /*
3320  * Lookup a symbol in a specified module.  These are wrapper routines that
3321  * call kobj_lookup().	kobj_lookup() may go away but these wrappers will
3322  * prevent callers from noticing.
3323  */
3324 uintptr_t
3325 modlookup(const char *modname, const char *symname)
3326 {
3327 	struct modctl *modp;
3328 	uintptr_t val;
3329 
3330 	if ((modp = mod_hold_by_name(modname)) == NULL)
3331 		return (0);
3332 	val = kobj_lookup(modp->mod_mp, symname);
3333 	mod_release_mod(modp);
3334 	return (val);
3335 }
3336 
3337 uintptr_t
3338 modlookup_by_modctl(modctl_t *modp, const char *symname)
3339 {
3340 	ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3341 
3342 	return (kobj_lookup(modp->mod_mp, symname));
3343 }
3344 
3345 /*
3346  * Ask the user for the name of the system file and the default path
3347  * for modules.
3348  */
3349 void
3350 mod_askparams()
3351 {
3352 	static char s0[64];
3353 	intptr_t fd;
3354 
3355 	if ((fd = kobj_open(systemfile)) != -1L)
3356 		kobj_close(fd);
3357 	else
3358 		systemfile = self_assembly = NULL;
3359 
3360 	/*CONSTANTCONDITION*/
3361 	while (1) {
3362 		printf("Name of system file [%s]:  ",
3363 		    systemfile ? systemfile : "/dev/null");
3364 
3365 		console_gets(s0, sizeof (s0));
3366 
3367 		if (s0[0] == '\0')
3368 			break;
3369 		else if (strcmp(s0, "/dev/null") == 0) {
3370 			systemfile = self_assembly = NULL;
3371 			break;
3372 		} else {
3373 			if ((fd = kobj_open(s0)) != -1L) {
3374 				kobj_close(fd);
3375 				systemfile = s0;
3376 				self_assembly = NULL;
3377 				break;
3378 			}
3379 		}
3380 		printf("can't find file %s\n", s0);
3381 	}
3382 }
3383 
3384 static char loading_msg[] = "loading '%s' id %d\n";
3385 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3386 
3387 /*
3388  * Common code for loading a module (but not installing it).
3389  * Handoff the task of module loading to a separate thread
3390  * with a large stack if possible, since this code may recurse a few times.
3391  * Return zero if there are no errors or an errno value.
3392  */
3393 static int
3394 mod_load(struct modctl *mp, int usepath)
3395 {
3396 	int		retval;
3397 	struct modinfo	*modinfop = NULL;
3398 	struct loadmt	lt;
3399 
3400 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3401 	ASSERT(mp->mod_busy);
3402 
3403 	if (mp->mod_loaded)
3404 		return (0);
3405 
3406 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3407 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3408 		if (moddebug & MODDEBUG_LOADMSG) {
3409 			printf(mod_excl_msg, mp->mod_filename,
3410 			    mp->mod_modname);
3411 		}
3412 		return (ENXIO);
3413 	}
3414 	if (moddebug & MODDEBUG_LOADMSG2)
3415 		printf(loading_msg, mp->mod_filename, mp->mod_id);
3416 
3417 	if (curthread != &t0) {
3418 		lt.mp = mp;
3419 		lt.usepath = usepath;
3420 		lt.owner = curthread;
3421 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3422 
3423 		/* create thread to hand of call to */
3424 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
3425 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3426 
3427 		/* wait for thread to complete kobj_load_module */
3428 		sema_p(&lt.sema);
3429 
3430 		sema_destroy(&lt.sema);
3431 		retval = lt.retval;
3432 	} else
3433 		retval = kobj_load_module(mp, usepath);
3434 
3435 	if (mp->mod_mp) {
3436 		ASSERT(retval == 0);
3437 		mp->mod_loaded = 1;
3438 		mp->mod_loadcnt++;
3439 		if (moddebug & MODDEBUG_LOADMSG) {
3440 			printf(load_msg, mp->mod_filename, mp->mod_id,
3441 			    (void *)((struct module *)mp->mod_mp)->text,
3442 			    (void *)((struct module *)mp->mod_mp)->data,
3443 			    ((struct module *)mp->mod_mp)->text_size,
3444 			    ((struct module *)mp->mod_mp)->data_size);
3445 		}
3446 
3447 		/*
3448 		 * XXX - There should be a better way to get this.
3449 		 */
3450 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3451 		modinfop->mi_info = MI_INFO_LINKAGE;
3452 		if (mod_getinfo(mp, modinfop) == 0)
3453 			mp->mod_linkage = NULL;
3454 		else {
3455 			mp->mod_linkage = (void *)modinfop->mi_base;
3456 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3457 		}
3458 
3459 		/*
3460 		 * DCS: bootstrapping code. If the driver is loaded
3461 		 * before root mount, it is assumed that the driver
3462 		 * may be used before mounting root. In order to
3463 		 * access mappings of global to local minor no.'s
3464 		 * during installation/open of the driver, we load
3465 		 * them into memory here while the BOP_interfaces
3466 		 * are still up.
3467 		 */
3468 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3469 			retval = clboot_modload(mp);
3470 		}
3471 
3472 		kmem_free(modinfop, sizeof (struct modinfo));
3473 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3474 		retval = install_stubs_by_name(mp, mp->mod_modname);
3475 
3476 		/*
3477 		 * Perform hotinlines before module is started.
3478 		 */
3479 		do_hotinlines(mp->mod_mp);
3480 
3481 		/*
3482 		 * Now that the module is loaded, we need to give DTrace
3483 		 * a chance to notify its providers.  This is done via
3484 		 * the dtrace_modload function pointer.
3485 		 */
3486 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
3487 			struct modctl *dmp = mod_hold_by_name("dtrace");
3488 
3489 			if (dmp != NULL && dtrace_modload != NULL)
3490 				(*dtrace_modload)(mp);
3491 
3492 			mod_release_mod(dmp);
3493 		}
3494 
3495 	} else {
3496 		/*
3497 		 * If load failed then we need to release any requisites
3498 		 * that we had established.
3499 		 */
3500 		ASSERT(retval);
3501 		mod_release_requisites(mp);
3502 
3503 		if (moddebug & MODDEBUG_ERRMSG)
3504 			printf("error loading '%s', error %d\n",
3505 			    mp->mod_filename, retval);
3506 	}
3507 	return (retval);
3508 }
3509 
3510 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3511 
3512 static void
3513 mod_unload(struct modctl *mp)
3514 {
3515 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3516 	ASSERT(mp->mod_busy);
3517 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3518 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3519 
3520 	if (moddebug & MODDEBUG_LOADMSG)
3521 		printf(unload_msg, mp->mod_modname,
3522 		    mp->mod_id, mp->mod_loadcnt);
3523 
3524 	/*
3525 	 * If mod_ref is not zero, it means some modules might still refer
3526 	 * to this module. Then you can't unload this module right now.
3527 	 * Instead, set 1 to mod_delay_unload to notify the system of
3528 	 * unloading this module later when it's not required any more.
3529 	 */
3530 	if (mp->mod_ref > 0) {
3531 		mp->mod_delay_unload = 1;
3532 		if (moddebug & MODDEBUG_LOADMSG2) {
3533 			printf("module %s not unloaded,"
3534 			    " non-zero reference count (%d)",
3535 			    mp->mod_modname, mp->mod_ref);
3536 		}
3537 		return;
3538 	}
3539 
3540 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3541 	    (mp->mod_ref || mp->mod_prim)) {
3542 		/*
3543 		 * A DEBUG kernel would ASSERT panic above, the code is broken
3544 		 * if we get this warning.
3545 		 */
3546 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3547 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3548 		    mp->mod_ref);
3549 		return;
3550 	}
3551 
3552 	/* reset stub functions to call the binder again */
3553 	reset_stubs(mp);
3554 
3555 	/*
3556 	 * mark module as unloaded before the modctl structure is freed.
3557 	 * This is required not to reuse the modctl structure before
3558 	 * the module is marked as unloaded.
3559 	 */
3560 	mp->mod_loaded = 0;
3561 	mp->mod_linkage = NULL;
3562 
3563 	/* free the memory */
3564 	kobj_unload_module(mp);
3565 
3566 	if (mp->mod_delay_unload) {
3567 		mp->mod_delay_unload = 0;
3568 		if (moddebug & MODDEBUG_LOADMSG2) {
3569 			printf("deferred unload of module %s"
3570 			    " (id %d) successful",
3571 			    mp->mod_modname, mp->mod_id);
3572 		}
3573 	}
3574 
3575 	/* release hold on requisites */
3576 	mod_release_requisites(mp);
3577 
3578 	/*
3579 	 * Now that the module is gone, we need to give DTrace a chance to
3580 	 * remove any probes that it may have had in the module.  This is
3581 	 * done via the dtrace_modunload function pointer.
3582 	 */
3583 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
3584 		struct modctl *dmp = mod_hold_by_name("dtrace");
3585 
3586 		if (dmp != NULL && dtrace_modunload != NULL)
3587 			(*dtrace_modunload)(mp);
3588 
3589 		mod_release_mod(dmp);
3590 	}
3591 }
3592 
3593 static int
3594 modinstall(struct modctl *mp)
3595 {
3596 	int val;
3597 	int (*func)(void);
3598 
3599 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3600 	ASSERT(mp->mod_busy && mp->mod_loaded);
3601 
3602 	if (mp->mod_installed)
3603 		return (0);
3604 	/*
3605 	 * If mod_delay_unload is on, it means the system chose the deferred
3606 	 * unload for this module. Then you can't install this module until
3607 	 * it's unloaded from the system.
3608 	 */
3609 	if (mp->mod_delay_unload)
3610 		return (ENXIO);
3611 
3612 	if (moddebug & MODDEBUG_LOADMSG)
3613 		printf("installing %s, module id %d.\n",
3614 		    mp->mod_modname, mp->mod_id);
3615 
3616 	ASSERT(mp->mod_mp != NULL);
3617 	if (mod_install_requisites(mp) != 0) {
3618 		/*
3619 		 * Note that we can't call mod_unload(mp) here since
3620 		 * if modinstall() was called by mod_install_requisites(),
3621 		 * we won't be able to hold the dependent modules
3622 		 * (otherwise there would be a deadlock).
3623 		 */
3624 		return (ENXIO);
3625 	}
3626 
3627 	if (moddebug & MODDEBUG_ERRMSG) {
3628 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3629 		    mp->mod_filename, mp->mod_id,
3630 		    (void *)((struct module *)mp->mod_mp)->text,
3631 		    (void *)((struct module *)mp->mod_mp)->data,
3632 		    ((struct module *)mp->mod_mp)->text_size,
3633 		    ((struct module *)mp->mod_mp)->data_size);
3634 	}
3635 
3636 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3637 
3638 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3639 		cmn_err(CE_WARN, "_init() not defined properly in %s",
3640 		    mp->mod_filename);
3641 		return (EFAULT);
3642 	}
3643 
3644 	if (moddebug & MODDEBUG_USERDEBUG) {
3645 		printf("breakpoint before calling %s:_init()\n",
3646 		    mp->mod_modname);
3647 		if (DEBUGGER_PRESENT)
3648 			debug_enter("_init");
3649 	}
3650 
3651 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3652 	ASSERT(mp->mod_busy && mp->mod_loaded);
3653 	val = (*func)();		/* call _init */
3654 
3655 	if (moddebug & MODDEBUG_USERDEBUG)
3656 		printf("Returned from _init, val = %x\n", val);
3657 
3658 	if (val == 0) {
3659 		/*
3660 		 * Set the MODS_INSTALLED flag to enable this module
3661 		 * being called now.
3662 		 */
3663 		install_stubs(mp);
3664 		mp->mod_installed = 1;
3665 	} else if (moddebug & MODDEBUG_ERRMSG)
3666 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3667 
3668 	return (val);
3669 }
3670 
3671 int	detach_driver_unconfig = 0;
3672 
3673 static int
3674 detach_driver(char *name)
3675 {
3676 	major_t major;
3677 	int error;
3678 
3679 	/*
3680 	 * If being called from mod_uninstall_all() then the appropriate
3681 	 * driver detaches (leaf only) have already been done.
3682 	 */
3683 	if (mod_in_autounload())
3684 		return (0);
3685 
3686 	major = ddi_name_to_major(name);
3687 	if (major == DDI_MAJOR_T_NONE)
3688 		return (0);
3689 
3690 	error = ndi_devi_unconfig_driver(ddi_root_node(),
3691 	    NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3692 	return (error == NDI_SUCCESS ? 0 : -1);
3693 }
3694 
3695 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3696 
3697 static int
3698 moduninstall(struct modctl *mp)
3699 {
3700 	int status = 0;
3701 	int (*func)(void);
3702 
3703 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3704 	ASSERT(mp->mod_busy);
3705 
3706 	/*
3707 	 * Verify that we need to do something and can uninstall the module.
3708 	 *
3709 	 * If we should not uninstall the module or if the module is not in
3710 	 * the correct state to start an uninstall we return EBUSY to prevent
3711 	 * us from progressing to mod_unload.  If the module has already been
3712 	 * uninstalled and unloaded we return EALREADY.
3713 	 */
3714 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3715 		return (EBUSY);
3716 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3717 		return (EALREADY);
3718 
3719 	/*
3720 	 * To avoid devinfo / module deadlock we must release this module
3721 	 * prior to initiating the detach_driver, otherwise the detach_driver
3722 	 * might deadlock on a devinfo node held by another thread
3723 	 * coming top down and involving the module we have locked.
3724 	 *
3725 	 * When we regrab the module we must reverify that it is OK
3726 	 * to proceed with the uninstall operation.
3727 	 */
3728 	mod_release_mod(mp);
3729 	status = detach_driver(mp->mod_modname);
3730 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3731 
3732 	/* check detach status and reverify state with lock */
3733 	mutex_enter(&mod_lock);
3734 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3735 		mutex_exit(&mod_lock);
3736 		return (EBUSY);
3737 	}
3738 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3739 		mutex_exit(&mod_lock);
3740 		return (EALREADY);
3741 	}
3742 	mutex_exit(&mod_lock);
3743 
3744 	if (moddebug & MODDEBUG_LOADMSG2)
3745 		printf("uninstalling %s\n", mp->mod_modname);
3746 
3747 	/*
3748 	 * lookup _fini, return EBUSY if not defined.
3749 	 *
3750 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3751 	 * detach(9E) - it allows bufctl addresses to be resolved.
3752 	 */
3753 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3754 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3755 	    (moddebug & MODDEBUG_FINI_EBUSY))
3756 		return (EBUSY);
3757 
3758 	/* verify that _fini is in this module */
3759 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3760 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
3761 		    mp->mod_filename);
3762 		return (EFAULT);
3763 	}
3764 
3765 	/* call _fini() */
3766 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3767 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3768 
3769 	status = (*func)();
3770 
3771 	if (status == 0) {
3772 		/* _fini returned success, the module is no longer installed */
3773 		if (moddebug & MODDEBUG_LOADMSG)
3774 			printf("uninstalled %s\n", mp->mod_modname);
3775 
3776 		/*
3777 		 * Even though we only set mod_installed to zero here, a zero
3778 		 * return value means we are committed to a code path were
3779 		 * mod_loaded will also end up as zero - we have no other
3780 		 * way to get the module data and bss back to the pre _init
3781 		 * state except a reload. To ensure this, after return,
3782 		 * mod_busy must stay set until mod_loaded is cleared.
3783 		 */
3784 		mp->mod_installed = 0;
3785 
3786 		/*
3787 		 * Clear the MODS_INSTALLED flag not to call functions
3788 		 * in the module directly from now on.
3789 		 */
3790 		uninstall_stubs(mp);
3791 	} else {
3792 		if (moddebug & MODDEBUG_USERDEBUG)
3793 			printf(finiret_msg, mp->mod_filename, status);
3794 		/*
3795 		 * By definition _fini is only allowed to return EBUSY or the
3796 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
3797 		 * that a driver returns EALREADY we convert this to EINVAL
3798 		 * since to our caller EALREADY means module was already
3799 		 * removed.
3800 		 */
3801 		if (status == EALREADY)
3802 			status = EINVAL;
3803 	}
3804 
3805 	return (status);
3806 }
3807 
3808 /*
3809  * Uninstall all modules.
3810  */
3811 static void
3812 mod_uninstall_all(void)
3813 {
3814 	struct modctl	*mp;
3815 	int		pass;
3816 	modid_t		modid;
3817 
3818 	/* synchronize with any active modunload_disable() */
3819 	modunload_begin();
3820 
3821 	/* mark this thread as doing autounloading */
3822 	(void) tsd_set(mod_autounload_key, (void *)1);
3823 
3824 	(void) devfs_clean(ddi_root_node(), NULL, 0);
3825 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3826 
3827 	/*
3828 	 * Loop up to max times if we keep producing unreferenced modules.
3829 	 * A new unreferenced module is an opportunity to unload.
3830 	 */
3831 	for (pass = 0; pass < mod_uninstall_pass_max; pass++) {
3832 
3833 		/* zero count of modules that go unreferenced during pass */
3834 		mod_uninstall_ref_zero = 0;
3835 
3836 		modid = 0;
3837 		while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3838 			modid = mp->mod_id;
3839 
3840 			/*
3841 			 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3842 			 */
3843 			if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3844 				mod_release_mod(mp);
3845 				continue;
3846 			}
3847 
3848 			if (moduninstall(mp) == 0) {
3849 				mod_unload(mp);
3850 				CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3851 			}
3852 			mod_release_mod(mp);
3853 		}
3854 
3855 		/* break if no modules went unreferenced during pass */
3856 		if (mod_uninstall_ref_zero == 0)
3857 			break;
3858 	}
3859 	if (pass >= mod_uninstall_pass_max)
3860 		mod_uninstall_pass_exc++;
3861 
3862 	(void) tsd_set(mod_autounload_key, NULL);
3863 	modunload_end();
3864 }
3865 
3866 /* wait for unloads that have begun before registering disable */
3867 void
3868 modunload_disable(void)
3869 {
3870 	mutex_enter(&modunload_wait_mutex);
3871 	while (modunload_active_count) {
3872 		modunload_wait++;
3873 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3874 		modunload_wait--;
3875 	}
3876 	modunload_disable_count++;
3877 	mutex_exit(&modunload_wait_mutex);
3878 }
3879 
3880 /* mark end of disable and signal waiters */
3881 void
3882 modunload_enable(void)
3883 {
3884 	mutex_enter(&modunload_wait_mutex);
3885 	modunload_disable_count--;
3886 	if ((modunload_disable_count == 0) && modunload_wait)
3887 		cv_broadcast(&modunload_wait_cv);
3888 	mutex_exit(&modunload_wait_mutex);
3889 }
3890 
3891 /* wait for disables to complete before begining unload */
3892 void
3893 modunload_begin()
3894 {
3895 	mutex_enter(&modunload_wait_mutex);
3896 	while (modunload_disable_count) {
3897 		modunload_wait++;
3898 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3899 		modunload_wait--;
3900 	}
3901 	modunload_active_count++;
3902 	mutex_exit(&modunload_wait_mutex);
3903 }
3904 
3905 /* mark end of unload and signal waiters */
3906 void
3907 modunload_end()
3908 {
3909 	mutex_enter(&modunload_wait_mutex);
3910 	modunload_active_count--;
3911 	if ((modunload_active_count == 0) && modunload_wait)
3912 		cv_broadcast(&modunload_wait_cv);
3913 	mutex_exit(&modunload_wait_mutex);
3914 }
3915 
3916 void
3917 mod_uninstall_daemon(void)
3918 {
3919 	callb_cpr_t	cprinfo;
3920 	clock_t		ticks;
3921 
3922 	mod_aul_thread = curthread;
3923 
3924 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3925 	for (;;) {
3926 		mutex_enter(&mod_uninstall_lock);
3927 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3928 		/*
3929 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3930 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3931 		 * be disabled by setting mod_uninstall_interval to 0 which is
3932 		 * the default for a non-DEBUG kernel.
3933 		 */
3934 		if (mod_uninstall_interval) {
3935 			ticks = drv_usectohz(mod_uninstall_interval * 1000000);
3936 			(void) cv_reltimedwait(&mod_uninstall_cv,
3937 			    &mod_uninstall_lock, ticks, TR_CLOCK_TICK);
3938 		} else {
3939 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3940 		}
3941 		/*
3942 		 * The whole daemon is safe for CPR except we don't want
3943 		 * the daemon to run if FREEZE is issued and this daemon
3944 		 * wakes up from the cv_wait above. In this case, it'll be
3945 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3946 		 *
3947 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3948 		 * mod_uninstall_lock is used to protect cprinfo and
3949 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3950 		 * called.
3951 		 */
3952 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3953 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3954 		mutex_exit(&mod_uninstall_lock);
3955 		if ((modunload_disable_count == 0) &&
3956 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3957 			mod_uninstall_all();
3958 		}
3959 	}
3960 }
3961 
3962 /*
3963  * Unload all uninstalled modules.
3964  */
3965 void
3966 modreap(void)
3967 {
3968 	mutex_enter(&mod_uninstall_lock);
3969 	cv_broadcast(&mod_uninstall_cv);
3970 	mutex_exit(&mod_uninstall_lock);
3971 }
3972 
3973 /*
3974  * Hold the specified module. This is the module holding primitive.
3975  *
3976  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3977  *
3978  * Return values:
3979  *	 0 ==> the module is held
3980  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3981  *		to determine how to retry.
3982  */
3983 int
3984 mod_hold_by_modctl(struct modctl *mp, int f)
3985 {
3986 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3987 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3988 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3989 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3990 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3991 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3992 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3993 
3994 	if (f & MOD_LOCK_NOT_HELD)
3995 		mutex_enter(&mod_lock);
3996 
3997 	while (mp->mod_busy) {
3998 		mp->mod_want = 1;
3999 		cv_wait(&mod_cv, &mod_lock);
4000 		/*
4001 		 * Module may be unloaded by daemon.
4002 		 * Nevertheless, modctl structure is still in linked list
4003 		 * (i.e., off &modules), not freed!
4004 		 * Caller is not supposed to assume "mp" is valid, but there
4005 		 * is no reasonable way to detect this but using
4006 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
4007 		 *   (or similar check depending on calling context)
4008 		 * DON'T free modctl structure, it will be very very
4009 		 * problematic.
4010 		 */
4011 		if (f & MOD_WAIT_ONCE) {
4012 			if (f & MOD_LOCK_NOT_HELD)
4013 				mutex_exit(&mod_lock);
4014 			return (1);	/* caller decides how to retry */
4015 		}
4016 	}
4017 
4018 	mp->mod_busy = 1;
4019 	mp->mod_inprogress_thread =
4020 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
4021 
4022 	if (f & MOD_LOCK_NOT_HELD)
4023 		mutex_exit(&mod_lock);
4024 	return (0);
4025 }
4026 
4027 static struct modctl *
4028 mod_hold_by_name_common(struct modctl *dep, const char *filename)
4029 {
4030 	const char	*modname;
4031 	struct modctl	*mp;
4032 	char		*curname, *newname;
4033 	int		found = 0;
4034 
4035 	mutex_enter(&mod_lock);
4036 
4037 	if ((modname = strrchr(filename, '/')) == NULL)
4038 		modname = filename;
4039 	else
4040 		modname++;
4041 
4042 	mp = &modules;
4043 	do {
4044 		if (strcmp(modname, mp->mod_modname) == 0) {
4045 			found = 1;
4046 			break;
4047 		}
4048 	} while ((mp = mp->mod_next) != &modules);
4049 
4050 	if (found == 0) {
4051 		mp = allocate_modp(filename, modname);
4052 		modadd(mp);
4053 	}
4054 
4055 	/*
4056 	 * if dep is not NULL, set the mp in mod_requisite_loading for
4057 	 * the module circular dependency check. This field is used in
4058 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
4059 	 */
4060 	if (dep != NULL) {
4061 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
4062 		dep->mod_requisite_loading = mp;
4063 	}
4064 
4065 	/*
4066 	 * If the module was held, then it must be us who has it held.
4067 	 */
4068 	if (mod_circdep(mp))
4069 		mp = NULL;
4070 	else {
4071 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4072 
4073 		/*
4074 		 * If the name hadn't been set or has changed, allocate
4075 		 * space and set it.  Free space used by previous name.
4076 		 *
4077 		 * Do not change the name of primary modules, for primary
4078 		 * modules the mod_filename was allocated in standalone mode:
4079 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
4080 		 * in non-standalone mode.
4081 		 */
4082 		curname = mp->mod_filename;
4083 		if (curname == NULL ||
4084 		    ((mp->mod_prim == 0) &&
4085 		    (curname != filename) &&
4086 		    (modname != filename) &&
4087 		    (strcmp(curname, filename) != 0))) {
4088 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
4089 			(void) strcpy(newname, filename);
4090 			mp->mod_filename = newname;
4091 			if (curname != NULL)
4092 				kobj_free(curname, strlen(curname) + 1);
4093 		}
4094 	}
4095 
4096 	mutex_exit(&mod_lock);
4097 	if (mp && moddebug & MODDEBUG_LOADMSG2)
4098 		printf("Holding %s\n", mp->mod_filename);
4099 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
4100 		printf("circular dependency loading %s\n", filename);
4101 	return (mp);
4102 }
4103 
4104 static struct modctl *
4105 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
4106 {
4107 	return (mod_hold_by_name_common(dep, filename));
4108 }
4109 
4110 struct modctl *
4111 mod_hold_by_name(const char *filename)
4112 {
4113 	return (mod_hold_by_name_common(NULL, filename));
4114 }
4115 
4116 struct modctl *
4117 mod_hold_by_id(modid_t modid)
4118 {
4119 	struct modctl	*mp;
4120 	int		found = 0;
4121 
4122 	mutex_enter(&mod_lock);
4123 	mp = &modules;
4124 	do {
4125 		if (mp->mod_id == modid) {
4126 			found = 1;
4127 			break;
4128 		}
4129 	} while ((mp = mp->mod_next) != &modules);
4130 
4131 	if ((found == 0) || mod_circdep(mp))
4132 		mp = NULL;
4133 	else
4134 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4135 
4136 	mutex_exit(&mod_lock);
4137 	return (mp);
4138 }
4139 
4140 static struct modctl *
4141 mod_hold_next_by_id(modid_t modid)
4142 {
4143 	struct modctl	*mp;
4144 	int		found = 0;
4145 
4146 	if (modid < -1)
4147 		return (NULL);
4148 
4149 	mutex_enter(&mod_lock);
4150 
4151 	mp = &modules;
4152 	do {
4153 		if (mp->mod_id > modid) {
4154 			found = 1;
4155 			break;
4156 		}
4157 	} while ((mp = mp->mod_next) != &modules);
4158 
4159 	if ((found == 0) || mod_circdep(mp))
4160 		mp = NULL;
4161 	else
4162 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4163 
4164 	mutex_exit(&mod_lock);
4165 	return (mp);
4166 }
4167 
4168 static void
4169 mod_release(struct modctl *mp)
4170 {
4171 	ASSERT(MUTEX_HELD(&mod_lock));
4172 	ASSERT(mp->mod_busy);
4173 
4174 	mp->mod_busy = 0;
4175 	mp->mod_inprogress_thread = NULL;
4176 	if (mp->mod_want) {
4177 		mp->mod_want = 0;
4178 		cv_broadcast(&mod_cv);
4179 	}
4180 }
4181 
4182 void
4183 mod_release_mod(struct modctl *mp)
4184 {
4185 	if (moddebug & MODDEBUG_LOADMSG2)
4186 		printf("Releasing %s\n", mp->mod_filename);
4187 	mutex_enter(&mod_lock);
4188 	mod_release(mp);
4189 	mutex_exit(&mod_lock);
4190 }
4191 
4192 modid_t
4193 mod_name_to_modid(char *filename)
4194 {
4195 	char		*modname;
4196 	struct modctl	*mp;
4197 
4198 	mutex_enter(&mod_lock);
4199 
4200 	if ((modname = strrchr(filename, '/')) == NULL)
4201 		modname = filename;
4202 	else
4203 		modname++;
4204 
4205 	mp = &modules;
4206 	do {
4207 		if (strcmp(modname, mp->mod_modname) == 0) {
4208 			mutex_exit(&mod_lock);
4209 			return (mp->mod_id);
4210 		}
4211 	} while ((mp = mp->mod_next) != &modules);
4212 
4213 	mutex_exit(&mod_lock);
4214 	return (-1);
4215 }
4216 
4217 
4218 int
4219 mod_remove_by_name(char *name)
4220 {
4221 	struct modctl *mp;
4222 	int retval;
4223 
4224 	mp = mod_hold_by_name(name);
4225 
4226 	if (mp == NULL)
4227 		return (EINVAL);
4228 
4229 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4230 		/*
4231 		 * Do not unload forceloaded modules
4232 		 */
4233 		mod_release_mod(mp);
4234 		return (0);
4235 	}
4236 
4237 	if ((retval = moduninstall(mp)) == 0) {
4238 		mod_unload(mp);
4239 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4240 	} else if (retval == EALREADY)
4241 		retval = 0;		/* already unloaded, not an error */
4242 	mod_release_mod(mp);
4243 	return (retval);
4244 }
4245 
4246 /*
4247  * Record that module "dep" is dependent on module "on_mod."
4248  */
4249 static void
4250 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4251 {
4252 	struct modctl_list **pmlnp;	/* previous next pointer */
4253 	struct modctl_list *mlp;
4254 	struct modctl_list *new;
4255 
4256 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
4257 	mutex_enter(&mod_lock);
4258 
4259 	/*
4260 	 * Search dependent's requisite list to see if on_mod is recorded.
4261 	 * List is ordered by id.
4262 	 */
4263 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4264 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4265 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4266 			break;
4267 
4268 	/* Create and insert if not already recorded */
4269 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4270 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4271 		new->modl_modp = on_mod;
4272 		new->modl_next = mlp;
4273 		*pmlnp = new;
4274 
4275 		/*
4276 		 * Increment the mod_ref count in our new requisite module.
4277 		 * This is what keeps a module that has other modules
4278 		 * which are dependent on it from being uninstalled and
4279 		 * unloaded. "on_mod"'s mod_ref count decremented in
4280 		 * mod_release_requisites when the "dependent" module
4281 		 * unload is complete.	"on_mod" must be loaded, but may not
4282 		 * yet be installed.
4283 		 */
4284 		on_mod->mod_ref++;
4285 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4286 	}
4287 
4288 	mutex_exit(&mod_lock);
4289 }
4290 
4291 /*
4292  * release the hold associated with mod_make_requisite mod_ref++
4293  * as part of unload.
4294  */
4295 void
4296 mod_release_requisites(struct modctl *modp)
4297 {
4298 	struct modctl_list *modl;
4299 	struct modctl_list *next;
4300 	struct modctl *req;
4301 	struct modctl_list *start = NULL, *mod_garbage;
4302 
4303 	ASSERT(!quiesce_active);
4304 	ASSERT(modp->mod_busy);
4305 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4306 
4307 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
4308 	for (modl = modp->mod_requisites; modl; modl = next) {
4309 		next = modl->modl_next;
4310 		req = modl->modl_modp;
4311 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4312 		req->mod_ref--;
4313 		if (req->mod_ref == 0)
4314 			mod_uninstall_ref_zero++;
4315 
4316 		/*
4317 		 * Check if the module has to be unloaded or not.
4318 		 */
4319 		if (req->mod_ref == 0 && req->mod_delay_unload) {
4320 			struct modctl_list *new;
4321 			/*
4322 			 * Allocate the modclt_list holding the garbage
4323 			 * module which should be unloaded later.
4324 			 */
4325 			new = kobj_zalloc(sizeof (struct modctl_list),
4326 			    KM_SLEEP);
4327 			new->modl_modp = req;
4328 
4329 			if (start == NULL)
4330 				mod_garbage = start = new;
4331 			else {
4332 				mod_garbage->modl_next = new;
4333 				mod_garbage = new;
4334 			}
4335 		}
4336 
4337 		/* free the list as we go */
4338 		kobj_free(modl, sizeof (*modl));
4339 	}
4340 	modp->mod_requisites = NULL;
4341 	mutex_exit(&mod_lock);
4342 
4343 	/*
4344 	 * Unload the garbage modules.
4345 	 */
4346 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4347 		struct modctl_list *old = mod_garbage;
4348 		struct modctl *mp = mod_garbage->modl_modp;
4349 		ASSERT(mp != NULL);
4350 
4351 		/*
4352 		 * Hold this module until it's unloaded completely.
4353 		 */
4354 		(void) mod_hold_by_modctl(mp,
4355 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4356 		/*
4357 		 * Check if the module is not unloaded yet and nobody requires
4358 		 * the module. If it's unloaded already or somebody still
4359 		 * requires the module, don't unload it now.
4360 		 */
4361 		if (mp->mod_loaded && mp->mod_ref == 0)
4362 			mod_unload(mp);
4363 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4364 		    (mp->mod_ref > 0));
4365 		mod_release_mod(mp);
4366 
4367 		mod_garbage = mod_garbage->modl_next;
4368 		kobj_free(old, sizeof (struct modctl_list));
4369 	}
4370 }
4371 
4372 /*
4373  * Process dependency of the module represented by "dep" on the
4374  * module named by "on."
4375  *
4376  * Called from kobj_do_dependents() to load a module "on" on which
4377  * "dep" depends.
4378  */
4379 struct modctl *
4380 mod_load_requisite(struct modctl *dep, char *on)
4381 {
4382 	struct modctl *on_mod;
4383 	int retval;
4384 
4385 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4386 		mod_make_requisite(dep, on_mod);
4387 	} else if (moddebug & MODDEBUG_ERRMSG) {
4388 		printf("error processing %s on which module %s depends\n",
4389 		    on, dep->mod_modname);
4390 	}
4391 	return (on_mod);
4392 }
4393 
4394 static int
4395 mod_install_requisites(struct modctl *modp)
4396 {
4397 	struct modctl_list *modl;
4398 	struct modctl *req;
4399 	int status = 0;
4400 
4401 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4402 	ASSERT(modp->mod_busy);
4403 
4404 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4405 		req = modl->modl_modp;
4406 		(void) mod_hold_by_modctl(req,
4407 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4408 		status = modinstall(req);
4409 		mod_release_mod(req);
4410 
4411 		if (status != 0)
4412 			break;
4413 	}
4414 	return (status);
4415 }
4416 
4417 /*
4418  * returns 1 if this thread is doing autounload, 0 otherwise.
4419  * see mod_uninstall_all.
4420  */
4421 int
4422 mod_in_autounload()
4423 {
4424 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4425 }
4426 
4427 /*
4428  * gmatch adapted from libc, stripping the wchar stuff
4429  */
4430 #define	popchar(p, c)	{ \
4431 		c = *p++; \
4432 		if (c == 0) { \
4433 			return (0); \
4434 		} \
4435 	}
4436 
4437 int
4438 gmatch(const char *s, const char *p)
4439 {
4440 	int c, sc;
4441 	int ok, lc, notflag;
4442 
4443 	sc = *s++;
4444 	c = *p++;
4445 	if (c == 0)
4446 		return (sc == c);	/* nothing matches nothing */
4447 
4448 	switch (c) {
4449 	case '\\':
4450 		/* skip to quoted character */
4451 		popchar(p, c);
4452 		/*FALLTHRU*/
4453 
4454 	default:
4455 		/* straight comparison */
4456 		if (c != sc)
4457 			return (0);
4458 		/*FALLTHRU*/
4459 
4460 	case '?':
4461 		/* first char matches, move to remainder */
4462 		return (sc != '\0' ? gmatch(s, p) : 0);
4463 
4464 
4465 	case '*':
4466 		while (*p == '*')
4467 			p++;
4468 
4469 		/* * matches everything */
4470 		if (*p == 0)
4471 			return (1);
4472 
4473 		/* undo skip at the beginning & iterate over substrings */
4474 		--s;
4475 		while (*s) {
4476 			if (gmatch(s, p))
4477 				return (1);
4478 			s++;
4479 		}
4480 		return (0);
4481 
4482 	case '[':
4483 		/* match any char within [] */
4484 		if (sc == 0)
4485 			return (0);
4486 
4487 		ok = lc = notflag = 0;
4488 
4489 		if (*p == '!') {
4490 			notflag = 1;
4491 			p++;
4492 		}
4493 		popchar(p, c);
4494 
4495 		do {
4496 			if (c == '-' && lc && *p != ']') {
4497 				/* test sc against range [c1-c2] */
4498 				popchar(p, c);
4499 				if (c == '\\') {
4500 					popchar(p, c);
4501 				}
4502 
4503 				if (notflag) {
4504 					/* return 0 on mismatch */
4505 					if (lc <= sc && sc <= c)
4506 						return (0);
4507 					ok++;
4508 				} else if (lc <= sc && sc <= c) {
4509 					ok++;
4510 				}
4511 				/* keep going, may get a match next */
4512 			} else if (c == '\\') {
4513 				/* skip to quoted character */
4514 				popchar(p, c);
4515 			}
4516 			lc = c;
4517 			if (notflag) {
4518 				if (sc == lc)
4519 					return (0);
4520 				ok++;
4521 			} else if (sc == lc) {
4522 				ok++;
4523 			}
4524 			popchar(p, c);
4525 		} while (c != ']');
4526 
4527 		/* recurse on remainder of string */
4528 		return (ok ? gmatch(s, p) : 0);
4529 	}
4530 	/*NOTREACHED*/
4531 }
4532 
4533 
4534 /*
4535  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4536  *
4537  * Pure wild-carded patterns are handled separately so the ordering of
4538  * these patterns doesn't matter.  We're still dependent on ordering
4539  * however as the first matching entry is the one returned.
4540  * Not ideal but all existing examples and usage do imply this
4541  * ordering implicitly.
4542  *
4543  * Drivers using the clone driver are always good for some entertainment.
4544  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4545  * perm entries have the form clone:<driver>, others use <driver>:*
4546  * Examples are clone:llc1 vs. llc2:*, for example.
4547  *
4548  * Minor perms in the clone:<driver> form are mapped to the drivers's
4549  * mperm list, not the clone driver, as wildcard entries for clone
4550  * reference only.  In other words, a clone wildcard will match
4551  * references for clone@0:<driver> but never <driver>@<minor>.
4552  *
4553  * Additional minor perms in the standard form are also supported,
4554  * for mixed usage, ie a node with an entry clone:<driver> could
4555  * provide further entries <driver>:<minor>.
4556  *
4557  * Finally, some uses of clone use an alias as the minor name rather
4558  * than the driver name, with the alias as the minor perm entry.
4559  * This case is handled by attaching the driver to bring its
4560  * minor list into existence, then discover the alias via DDI_ALIAS.
4561  * The clone device's minor perm list can then be searched for
4562  * that alias.
4563  */
4564 
4565 static int
4566 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4567 {
4568 	major_t			major;
4569 	struct devnames		*dnp;
4570 	mperm_t			*mp;
4571 	char			*alias = NULL;
4572 	dev_info_t		*cdevi;
4573 	int			circ;
4574 	struct ddi_minor_data	*dmd;
4575 
4576 	major = ddi_name_to_major(minor_name);
4577 
4578 	ASSERT(dip == clone_dip);
4579 	ASSERT(major != DDI_MAJOR_T_NONE);
4580 
4581 	/*
4582 	 * Attach the driver named by the minor node, then
4583 	 * search its first instance's minor list for an
4584 	 * alias node.
4585 	 */
4586 	if (ddi_hold_installed_driver(major) == NULL)
4587 		return (1);
4588 
4589 	dnp = &devnamesp[major];
4590 	LOCK_DEV_OPS(&dnp->dn_lock);
4591 
4592 	if ((cdevi = dnp->dn_head) != NULL) {
4593 		ndi_devi_enter(cdevi, &circ);
4594 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4595 			if (dmd->type == DDM_ALIAS) {
4596 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4597 				break;
4598 			}
4599 		}
4600 		ndi_devi_exit(cdevi, circ);
4601 	}
4602 
4603 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4604 	ddi_rele_driver(major);
4605 
4606 	if (alias == NULL) {
4607 		if (moddebug & MODDEBUG_MINORPERM)
4608 			cmn_err(CE_CONT, "dev_minorperm: "
4609 			    "no alias for %s\n", minor_name);
4610 		return (1);
4611 	}
4612 
4613 	major = ddi_driver_major(clone_dip);
4614 	dnp = &devnamesp[major];
4615 	LOCK_DEV_OPS(&dnp->dn_lock);
4616 
4617 	/*
4618 	 * Go through the clone driver's mperm list looking
4619 	 * for a match for the specified alias.
4620 	 */
4621 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4622 		if (strcmp(alias, mp->mp_minorname) == 0) {
4623 			break;
4624 		}
4625 	}
4626 
4627 	if (mp) {
4628 		if (moddebug & MODDEBUG_MP_MATCH) {
4629 			cmn_err(CE_CONT,
4630 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4631 			    minor_name, alias, mp->mp_mode,
4632 			    mp->mp_uid, mp->mp_gid);
4633 		}
4634 		rmp->mp_uid = mp->mp_uid;
4635 		rmp->mp_gid = mp->mp_gid;
4636 		rmp->mp_mode = mp->mp_mode;
4637 	}
4638 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4639 
4640 	kmem_free(alias, strlen(alias)+1);
4641 
4642 	return (mp == NULL);
4643 }
4644 
4645 int
4646 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4647 {
4648 	major_t major;
4649 	char *minor_name;
4650 	struct devnames *dnp;
4651 	mperm_t *mp;
4652 	int is_clone = 0;
4653 
4654 	if (!minorperm_loaded) {
4655 		if (moddebug & MODDEBUG_MINORPERM)
4656 			cmn_err(CE_CONT,
4657 			    "%s: minor perm not yet loaded\n", name);
4658 		return (1);
4659 	}
4660 
4661 	minor_name = strchr(name, ':');
4662 	if (minor_name == NULL)
4663 		return (1);
4664 	minor_name++;
4665 
4666 	/*
4667 	 * If it's the clone driver, search the driver as named
4668 	 * by the minor.  All clone minor perm entries other than
4669 	 * alias nodes are actually installed on the real driver's list.
4670 	 */
4671 	if (dip == clone_dip) {
4672 		major = ddi_name_to_major(minor_name);
4673 		if (major == DDI_MAJOR_T_NONE) {
4674 			if (moddebug & MODDEBUG_MINORPERM)
4675 				cmn_err(CE_CONT, "dev_minorperm: "
4676 				    "%s: no such driver\n", minor_name);
4677 			return (1);
4678 		}
4679 		is_clone = 1;
4680 	} else {
4681 		major = ddi_driver_major(dip);
4682 		ASSERT(major != DDI_MAJOR_T_NONE);
4683 	}
4684 
4685 	dnp = &devnamesp[major];
4686 	LOCK_DEV_OPS(&dnp->dn_lock);
4687 
4688 	/*
4689 	 * Go through the driver's mperm list looking for
4690 	 * a match for the specified minor.  If there's
4691 	 * no matching pattern, use the wild card.
4692 	 * Defer to the clone wild for clone if specified,
4693 	 * otherwise fall back to the normal form.
4694 	 */
4695 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4696 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
4697 			break;
4698 		}
4699 	}
4700 	if (mp == NULL) {
4701 		if (is_clone)
4702 			mp = dnp->dn_mperm_clone;
4703 		if (mp == NULL)
4704 			mp = dnp->dn_mperm_wild;
4705 	}
4706 
4707 	if (mp) {
4708 		if (moddebug & MODDEBUG_MP_MATCH) {
4709 			cmn_err(CE_CONT,
4710 			    "minor perm defaults: %s %s 0%o %d %d\n",
4711 			    name, mp->mp_minorname, mp->mp_mode,
4712 			    mp->mp_uid, mp->mp_gid);
4713 		}
4714 		rmp->mp_uid = mp->mp_uid;
4715 		rmp->mp_gid = mp->mp_gid;
4716 		rmp->mp_mode = mp->mp_mode;
4717 	}
4718 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4719 
4720 	/*
4721 	 * If no match can be found for a clone node,
4722 	 * search for a possible match for an alias.
4723 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4724 	 * with minor perm entry clone:ptmx.
4725 	 */
4726 	if (mp == NULL && is_clone) {
4727 		return (dev_alias_minorperm(dip, minor_name, rmp));
4728 	}
4729 
4730 	return (mp == NULL);
4731 }
4732 
4733 /*
4734  * dynamicaly reference load a dl module/library, returning handle
4735  */
4736 /*ARGSUSED*/
4737 ddi_modhandle_t
4738 ddi_modopen(const char *modname, int mode, int *errnop)
4739 {
4740 	char		*subdir;
4741 	char		*mod;
4742 	int		subdirlen;
4743 	struct modctl	*hmodp = NULL;
4744 	int		retval = EINVAL;
4745 
4746 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4747 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4748 		goto out;
4749 
4750 	/* find last '/' in modname */
4751 	mod = strrchr(modname, '/');
4752 
4753 	if (mod) {
4754 		/* for subdir string without modification to argument */
4755 		mod++;
4756 		subdirlen = mod - modname;
4757 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
4758 		(void) strlcpy(subdir, modname, subdirlen);
4759 	} else {
4760 		subdirlen = 0;
4761 		subdir = "misc";
4762 		mod = (char *)modname;
4763 	}
4764 
4765 	/* reference load with errno return value */
4766 	retval = modrload(subdir, mod, &hmodp);
4767 
4768 	if (subdirlen)
4769 		kmem_free(subdir, subdirlen);
4770 
4771 out:	if (errnop)
4772 		*errnop = retval;
4773 
4774 	if (moddebug & MODDEBUG_DDI_MOD)
4775 		printf("ddi_modopen %s mode %x: %s %p %d\n",
4776 		    modname ? modname : "<unknown>", mode,
4777 		    hmodp ? hmodp->mod_filename : "<unknown>",
4778 		    (void *)hmodp, retval);
4779 
4780 	return ((ddi_modhandle_t)hmodp);
4781 }
4782 
4783 /* lookup "name" in open dl module/library */
4784 void *
4785 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4786 {
4787 	struct modctl	*hmodp = (struct modctl *)h;
4788 	void		*f;
4789 	int		retval;
4790 
4791 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4792 	if ((hmodp == NULL) || (name == NULL) ||
4793 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4794 		f = NULL;
4795 		retval = EINVAL;
4796 	} else {
4797 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4798 		if (f)
4799 			retval = 0;
4800 		else
4801 			retval = ENOTSUP;
4802 	}
4803 
4804 	if (moddebug & MODDEBUG_DDI_MOD)
4805 		printf("ddi_modsym in %s of %s: %d %p\n",
4806 		    hmodp ? hmodp->mod_modname : "<unknown>",
4807 		    name ? name : "<unknown>", retval, f);
4808 
4809 	if (errnop)
4810 		*errnop = retval;
4811 	return (f);
4812 }
4813 
4814 /* dynamic (un)reference unload of an open dl module/library */
4815 int
4816 ddi_modclose(ddi_modhandle_t h)
4817 {
4818 	struct modctl	*hmodp = (struct modctl *)h;
4819 	struct modctl	*modp = NULL;
4820 	int		retval;
4821 
4822 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4823 	if ((hmodp == NULL) ||
4824 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4825 		retval = EINVAL;
4826 		goto out;
4827 	}
4828 
4829 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4830 	if (retval == EBUSY)
4831 		retval = 0;	/* EBUSY is not an error */
4832 
4833 	if (retval == 0) {
4834 		ASSERT(hmodp == modp);
4835 		if (hmodp != modp)
4836 			retval = EINVAL;
4837 	}
4838 
4839 out:	if (moddebug & MODDEBUG_DDI_MOD)
4840 		printf("ddi_modclose %s: %d\n",
4841 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
4842 
4843 	return (retval);
4844 }
4845