xref: /illumos-gate/usr/src/uts/common/os/modctl.c (revision cb4658fbb85e4290093c4fea0eb396a7d98de1fb)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * modctl system call for loadable module support.
31  */
32 
33 #include <sys/param.h>
34 #include <sys/user.h>
35 #include <sys/systm.h>
36 #include <sys/exec.h>
37 #include <sys/file.h>
38 #include <sys/stat.h>
39 #include <sys/conf.h>
40 #include <sys/time.h>
41 #include <sys/reboot.h>
42 #include <sys/fs/ufs_fsdir.h>
43 #include <sys/kmem.h>
44 #include <sys/sysconf.h>
45 #include <sys/cmn_err.h>
46 #include <sys/ddi.h>
47 #include <sys/sunddi.h>
48 #include <sys/sunndi.h>
49 #include <sys/ndi_impldefs.h>
50 #include <sys/ddi_impldefs.h>
51 #include <sys/ddi_implfuncs.h>
52 #include <sys/bootconf.h>
53 #include <sys/dc_ki.h>
54 #include <sys/cladm.h>
55 #include <sys/dtrace.h>
56 #include <sys/kdi.h>
57 
58 #include <sys/devpolicy.h>
59 #include <sys/modctl.h>
60 #include <sys/kobj.h>
61 #include <sys/devops.h>
62 #include <sys/autoconf.h>
63 #include <sys/hwconf.h>
64 #include <sys/callb.h>
65 #include <sys/debug.h>
66 #include <sys/cpuvar.h>
67 #include <sys/sysmacros.h>
68 #include <sys/sysevent.h>
69 #include <sys/sysevent_impl.h>
70 #include <sys/instance.h>
71 #include <sys/modhash.h>
72 #include <sys/modhash_impl.h>
73 #include <sys/dacf_impl.h>
74 #include <sys/vfs.h>
75 #include <sys/pathname.h>
76 #include <sys/console.h>
77 #include <sys/policy.h>
78 #include <ipp/ipp_impl.h>
79 #include <sys/fs/dv_node.h>
80 #include <sys/strsubr.h>
81 
82 static int		mod_circdep(struct modctl *);
83 static int		modinfo(modid_t, struct modinfo *);
84 
85 static void		mod_uninstall_all(void);
86 static int		mod_getinfo(struct modctl *, struct modinfo *);
87 static struct modctl	*allocate_modp(char *, char *);
88 
89 static int		mod_load(struct modctl *, int);
90 static void		mod_unload(struct modctl *);
91 static int		modinstall(struct modctl *);
92 static int		moduninstall(struct modctl *);
93 
94 static struct modctl	*mod_hold_by_name_common(struct modctl *, char *);
95 static struct modctl	*mod_hold_by_id(modid_t);
96 static struct modctl	*mod_hold_next_by_id(modid_t);
97 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
98 static struct modctl	*mod_hold_installed_mod(char *, int, int *);
99 
100 static void		mod_release(struct modctl *);
101 static void		mod_make_requisite(struct modctl *, struct modctl *);
102 static int		mod_install_requisites(struct modctl *);
103 static void		check_esc_sequences(char *, char *);
104 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
105 
106 /*
107  * module loading thread control structure. Calls to kobj_load_module()() are
108  * handled off to a separate thead using this structure.
109  */
110 struct loadmt {
111 	ksema_t		sema;
112 	struct modctl	*mp;
113 	int		usepath;
114 	kthread_t	*owner;
115 	int		retval;
116 };
117 
118 static void	modload_thread(struct loadmt *);
119 
120 kcondvar_t	mod_cv;
121 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
122 					/* and the uninstall daemon. */
123 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
124 					/* mod_busy, mod_want, and mod_ref. */
125 					/* blocking operations while holding */
126 					/* mod_lock should be avoided */
127 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
128 kthread_id_t	mod_aul_thread;
129 
130 int	isminiroot;		/* set if running as miniroot */
131 int	modrootloaded;		/* set after root driver and fs are loaded */
132 int	moddebug = 0x0;		/* debug flags for module writers */
133 int	swaploaded;		/* set after swap driver and fs are loaded */
134 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
135 int	last_module_id;
136 clock_t	mod_uninstall_interval = 0;
137 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
138 
139 struct devnames *devnamesp;
140 struct devnames orphanlist;
141 
142 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
143 
144 #define	MAJBINDFILE "/etc/name_to_major"
145 #define	SYSBINDFILE "/etc/name_to_sysnum"
146 
147 static char	majbind[] = MAJBINDFILE;
148 static char	sysbind[] = SYSBINDFILE;
149 static uint_t	mod_autounload_key;	/* for module autounload detection */
150 
151 extern int obpdebug;
152 extern int make_mbind(char *, int, char *, struct bind **);
153 
154 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
155 
156 static int minorperm_loaded = 0;
157 
158 
159 
160 void
161 mod_setup(void)
162 {
163 	struct sysent *callp;
164 	int callnum, exectype;
165 	int	num_devs;
166 	int	i;
167 
168 	/*
169 	 * Initialize the list of loaded driver dev_ops.
170 	 * XXX - This must be done before reading the system file so that
171 	 * forceloads of drivers will work.
172 	 */
173 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
174 	/*
175 	 * Since read_binding_file is common code, it doesn't enforce that all
176 	 * of the binding file entries have major numbers <= MAXMAJ32.  Thus,
177 	 * ensure that we don't allocate some massive amount of space due to a
178 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
179 	 * until file system support for larger major numbers exists.
180 	 */
181 
182 	/*
183 	 * Leave space for expansion, but not more than L_MAXMAJ32
184 	 */
185 	devcnt = MIN(num_devs + 30, L_MAXMAJ32);
186 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
187 	for (i = 0; i < devcnt; i++)
188 		devopsp[i] = &mod_nodev_ops;
189 
190 	init_devnamesp(devcnt);
191 
192 	/*
193 	 * Sync up with the work that the stand-alone linker has already done.
194 	 */
195 	(void) kobj_sync();
196 
197 	if (boothowto & RB_DEBUG)
198 		kdi_dvec_modavail();
199 
200 	make_aliases(mb_hashtab);
201 
202 	/*
203 	 * Initialize streams device implementation structures.
204 	 */
205 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
206 
207 	/*
208 	 * If the cl_bootstrap module is present,
209 	 * we should be configured as a cluster. Loading this module
210 	 * will set "cluster_bootflags" to non-zero.
211 	 */
212 	(void) modload("misc", "cl_bootstrap");
213 
214 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
215 	init_syscallnames(NSYSCALL);
216 
217 	/*
218 	 * Start up dynamic autoconfiguration framework (dacf).
219 	 */
220 	mod_hash_init();
221 	dacf_init();
222 
223 	/*
224 	 * Start up IP policy framework (ipp).
225 	 */
226 	ipp_init();
227 
228 	/*
229 	 * Allocate loadable native system call locks.
230 	 */
231 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
232 	    callnum++, callp++) {
233 		if (LOADABLE_SYSCALL(callp)) {
234 			if (mod_getsysname(callnum) != NULL) {
235 				callp->sy_lock =
236 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
237 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
238 			} else {
239 				callp->sy_flags &= ~SE_LOADABLE;
240 				callp->sy_callc = nosys;
241 			}
242 #ifdef DEBUG
243 		} else {
244 			/*
245 			 * Do some sanity checks on the sysent table
246 			 */
247 			switch (callp->sy_flags & SE_RVAL_MASK) {
248 			case SE_32RVAL1:
249 				/* only r_val1 returned */
250 			case SE_32RVAL1 | SE_32RVAL2:
251 				/* r_val1 and r_val2 returned */
252 			case SE_64RVAL:
253 				/* 64-bit rval returned */
254 				break;
255 			default:
256 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
257 				    callnum, callp->sy_flags);
258 			}
259 #endif
260 		}
261 	}
262 
263 #ifdef _SYSCALL32_IMPL
264 	/*
265 	 * Allocate loadable system call locks for 32-bit compat syscalls
266 	 */
267 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
268 	    callnum++, callp++) {
269 		if (LOADABLE_SYSCALL(callp)) {
270 			if (mod_getsysname(callnum) != NULL) {
271 				callp->sy_lock =
272 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
273 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
274 			} else {
275 				callp->sy_flags &= ~SE_LOADABLE;
276 				callp->sy_callc = nosys;
277 			}
278 #ifdef DEBUG
279 		} else {
280 			/*
281 			 * Do some sanity checks on the sysent table
282 			 */
283 			switch (callp->sy_flags & SE_RVAL_MASK) {
284 			case SE_32RVAL1:
285 				/* only r_val1 returned */
286 			case SE_32RVAL1 | SE_32RVAL2:
287 				/* r_val1 and r_val2 returned */
288 			case SE_64RVAL:
289 				/* 64-bit rval returned */
290 				break;
291 			default:
292 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
293 				    callnum, callp->sy_flags);
294 				goto skip;
295 			}
296 
297 			/*
298 			 * Cross-check the native and compatibility tables.
299 			 */
300 			if (callp->sy_callc == nosys ||
301 			    sysent[callnum].sy_callc == nosys)
302 				continue;
303 			/*
304 			 * If only one or the other slot is loadable, then
305 			 * there's an error -- they should match!
306 			 */
307 			if ((callp->sy_callc == loadable_syscall) ^
308 			    (sysent[callnum].sy_callc == loadable_syscall)) {
309 				cmn_err(CE_WARN, "sysent[%d] loadable?",
310 				    callnum);
311 			}
312 			/*
313 			 * This is more of a heuristic test -- if the
314 			 * system call returns two values in the 32-bit
315 			 * world, it should probably return two 32-bit
316 			 * values in the 64-bit world too.
317 			 */
318 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
319 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
320 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
321 				    callnum);
322 			}
323 skip:;
324 #endif	/* DEBUG */
325 		}
326 	}
327 #endif	/* _SYSCALL32_IMPL */
328 
329 	/*
330 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
331 	 */
332 	for (exectype = 0; exectype < nexectype; exectype++) {
333 		execsw[exectype].exec_lock =
334 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
335 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
336 	}
337 
338 	read_class_file();
339 
340 	/* init thread specific structure for mod_uninstall_all */
341 	tsd_create(&mod_autounload_key, NULL);
342 }
343 
344 static int
345 modctl_modload(int use_path, char *filename, int *rvp)
346 {
347 	struct modctl *modp;
348 	int retval = 0;
349 	char *filenamep;
350 	int modid;
351 
352 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
353 
354 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
355 		retval = EFAULT;
356 		goto out;
357 	}
358 
359 	filenamep[MOD_MAXPATH - 1] = 0;
360 	modp = mod_hold_installed_mod(filenamep, use_path, &retval);
361 
362 	if (modp == NULL)
363 		goto out;
364 
365 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
366 	modid = modp->mod_id;
367 	mod_release_mod(modp);
368 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
369 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
370 		retval = EFAULT;
371 out:
372 	kmem_free(filenamep, MOD_MAXPATH);
373 
374 	return (retval);
375 }
376 
377 static int
378 modctl_modunload(modid_t id)
379 {
380 	int rval = 0;
381 
382 	if (id == 0) {
383 #ifdef DEBUG
384 		/*
385 		 * Turn on mod_uninstall_daemon
386 		 */
387 		if (mod_uninstall_interval == 0) {
388 			mod_uninstall_interval = 60;
389 			modreap();
390 			return (rval);
391 		}
392 #endif
393 		mod_uninstall_all();
394 	} else {
395 		(void) devfs_clean(ddi_root_node(), NULL, 0);
396 		rval = modunload(id);
397 	}
398 	return (rval);
399 }
400 
401 static int
402 modctl_modinfo(modid_t id, struct modinfo *umodi)
403 {
404 	int retval;
405 	struct modinfo modi;
406 #if defined(_SYSCALL32_IMPL)
407 	int nobase;
408 	struct modinfo32 modi32;
409 #endif
410 
411 	if (get_udatamodel() == DATAMODEL_NATIVE) {
412 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
413 			return (EFAULT);
414 	}
415 #ifdef _SYSCALL32_IMPL
416 	else {
417 		bzero(&modi, sizeof (modi));
418 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
419 			return (EFAULT);
420 		modi.mi_info = modi32.mi_info;
421 		modi.mi_id = modi32.mi_id;
422 		modi.mi_nextid = modi32.mi_nextid;
423 		nobase = modi.mi_info & MI_INFO_NOBASE;
424 	}
425 #endif
426 	/*
427 	 * This flag is -only- for the kernels use.
428 	 */
429 	modi.mi_info &= ~MI_INFO_LINKAGE;
430 
431 	retval = modinfo(id, &modi);
432 	if (retval)
433 		return (retval);
434 
435 	if (get_udatamodel() == DATAMODEL_NATIVE) {
436 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
437 			retval = EFAULT;
438 #ifdef _SYSCALL32_IMPL
439 	} else {
440 		int i;
441 
442 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
443 			return (EOVERFLOW);
444 
445 		modi32.mi_info = modi.mi_info;
446 		modi32.mi_state = modi.mi_state;
447 		modi32.mi_id = modi.mi_id;
448 		modi32.mi_nextid = modi.mi_nextid;
449 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
450 		modi32.mi_size = modi.mi_size;
451 		modi32.mi_rev = modi.mi_rev;
452 		modi32.mi_loadcnt = modi.mi_loadcnt;
453 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
454 		for (i = 0; i < MODMAXLINK32; i++) {
455 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
456 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
457 			    modi32.mi_msinfo[i].msi_linkinfo,
458 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
459 		}
460 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
461 			retval = EFAULT;
462 #endif
463 	}
464 
465 	return (retval);
466 }
467 
468 /*
469  * Return the last major number in the range of permissible major numbers.
470  */
471 /*ARGSUSED*/
472 static int
473 modctl_modreserve(modid_t id, int *data)
474 {
475 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
476 		return (EFAULT);
477 	return (0);
478 }
479 
480 static int
481 modctl_add_major(int *data)
482 {
483 	struct modconfig mc;
484 	int i, rv;
485 	struct aliases alias;
486 	struct aliases *ap;
487 	char name[MAXMODCONFNAME];
488 	char cname[MAXMODCONFNAME];
489 	char *drvname;
490 
491 	bzero(&mc, sizeof (struct modconfig));
492 	if (get_udatamodel() == DATAMODEL_NATIVE) {
493 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
494 			return (EFAULT);
495 	}
496 #ifdef _SYSCALL32_IMPL
497 	else {
498 		struct modconfig32 modc32;
499 
500 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
501 			return (EFAULT);
502 		else {
503 			bcopy(modc32.drvname, mc.drvname,
504 			    sizeof (modc32.drvname));
505 			bcopy(modc32.drvclass, mc.drvclass,
506 			    sizeof (modc32.drvclass));
507 			mc.major = modc32.major;
508 			mc.num_aliases = modc32.num_aliases;
509 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
510 		}
511 	}
512 #endif
513 
514 	/*
515 	 * If the driver is already in the mb_hashtab, and the name given
516 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
517 	 * we may be adding aliases.
518 	 */
519 	if ((drvname = mod_major_to_name(mc.major)) != NULL &&
520 	    strcmp(drvname, mc.drvname) != 0)
521 		return (EINVAL);
522 
523 	/*
524 	 * Add each supplied driver alias to mb_hashtab
525 	 */
526 	ap = mc.ap;
527 	for (i = 0; i < mc.num_aliases; i++) {
528 		bzero(&alias, sizeof (struct aliases));
529 
530 		if (get_udatamodel() == DATAMODEL_NATIVE) {
531 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0)
532 				return (EFAULT);
533 
534 			if (alias.a_len > MAXMODCONFNAME)
535 				return (EINVAL);
536 
537 			if (copyin(alias.a_name, name, alias.a_len) != 0)
538 				return (EFAULT);
539 
540 			if (name[alias.a_len - 1] != '\0')
541 				return (EINVAL);
542 		}
543 #ifdef _SYSCALL32_IMPL
544 		else {
545 			struct aliases32 al32;
546 
547 			bzero(&al32, sizeof (struct aliases32));
548 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0)
549 				return (EFAULT);
550 
551 			if (al32.a_len > MAXMODCONFNAME)
552 				return (EINVAL);
553 
554 			if (copyin((void *)(uintptr_t)al32.a_name,
555 			    name, al32.a_len) != 0)
556 				return (EFAULT);
557 
558 			if (name[al32.a_len - 1] != '\0')
559 				return (EINVAL);
560 
561 			alias.a_next = (void *)(uintptr_t)al32.a_next;
562 		}
563 #endif
564 		check_esc_sequences(name, cname);
565 		(void) make_mbind(cname, mc.major, NULL, mb_hashtab);
566 		ap = alias.a_next;
567 	}
568 
569 	/*
570 	 * Try to establish an mbinding for mc.drvname, and add it to devnames.
571 	 * Add class if any after establishing the major number
572 	 */
573 	(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
574 	rv = make_devname(mc.drvname, mc.major);
575 
576 	if (rv == 0) {
577 		if (mc.drvclass[0] != '\0')
578 			add_class(mc.drvname, mc.drvclass);
579 		(void) i_ddi_load_drvconf(mc.major);
580 		i_ddi_bind_devs();
581 		i_ddi_di_cache_invalidate(KM_SLEEP);
582 	}
583 	return (rv);
584 }
585 
586 static int
587 modctl_rem_major(major_t major)
588 {
589 	struct devnames *dnp;
590 
591 	if (major >= devcnt)
592 		return (EINVAL);
593 
594 	/* mark devnames as removed */
595 	dnp = &devnamesp[major];
596 	LOCK_DEV_OPS(&dnp->dn_lock);
597 	if (dnp->dn_name == NULL ||
598 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
599 		UNLOCK_DEV_OPS(&dnp->dn_lock);
600 		return (EINVAL);
601 	}
602 	dnp->dn_flags |= DN_DRIVER_REMOVED;
603 	pm_driver_removed(major);
604 	UNLOCK_DEV_OPS(&dnp->dn_lock);
605 
606 	(void) i_ddi_unload_drvconf(major);
607 	i_ddi_unbind_devs(major);
608 	i_ddi_di_cache_invalidate(KM_SLEEP);
609 	return (0);
610 }
611 
612 static struct vfs *
613 path_to_vfs(char *name)
614 {
615 	vnode_t *vp;
616 	struct vfs *vfsp;
617 
618 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
619 		return (NULL);
620 
621 	vfsp = vp->v_vfsp;
622 	VN_RELE(vp);
623 	return (vfsp);
624 }
625 
626 static int
627 new_vfs_in_modpath()
628 {
629 	static int n_modpath = 0;
630 	static char *modpath_copy;
631 	static struct pathvfs {
632 		char *path;
633 		struct vfs *vfsp;
634 	} *pathvfs;
635 
636 	int i, new_vfs = 0;
637 	char *tmp, *tmp1;
638 	struct vfs *vfsp;
639 
640 	if (n_modpath != 0) {
641 		for (i = 0; i < n_modpath; i++) {
642 			vfsp = path_to_vfs(pathvfs[i].path);
643 			if (vfsp != pathvfs[i].vfsp) {
644 				pathvfs[i].vfsp = vfsp;
645 				if (vfsp)
646 					new_vfs = 1;
647 			}
648 		}
649 		return (new_vfs);
650 	}
651 
652 	/*
653 	 * First call, initialize the pathvfs structure
654 	 */
655 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
656 	tmp = modpath_copy;
657 	n_modpath = 1;
658 	tmp1 = strchr(tmp, ' ');
659 	while (tmp1) {
660 		*tmp1 = '\0';
661 		n_modpath++;
662 		tmp = tmp1 + 1;
663 		tmp1 = strchr(tmp, ' ');
664 	}
665 
666 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
667 	tmp = modpath_copy;
668 	for (i = 0; i < n_modpath; i++) {
669 		pathvfs[i].path = tmp;
670 		vfsp = path_to_vfs(tmp);
671 		pathvfs[i].vfsp = vfsp;
672 		tmp += strlen(tmp) + 1;
673 	}
674 	return (1);	/* always reread driver.conf the first time */
675 }
676 
677 static int modctl_load_drvconf(major_t major)
678 {
679 	int ret;
680 
681 	if (major != (major_t)-1) {
682 		ret = i_ddi_load_drvconf(major);
683 		if (ret == 0)
684 			i_ddi_bind_devs();
685 		return (ret);
686 	}
687 
688 	/*
689 	 * We are invoked to rescan new driver.conf files. It is
690 	 * only necessary if a new file system was mounted in the
691 	 * module_path. Because rescanning driver.conf files can
692 	 * take some time on older platforms (sun4m), the following
693 	 * code skips unnecessary driver.conf rescans to optimize
694 	 * boot performance.
695 	 */
696 	if (new_vfs_in_modpath()) {
697 		(void) i_ddi_load_drvconf((major_t)-1);
698 		/*
699 		 * If we are still initializing io subsystem,
700 		 * load drivers with ddi-forceattach property
701 		 */
702 		if (!i_ddi_io_initialized())
703 			i_ddi_forceattach_drivers();
704 	}
705 	return (0);
706 }
707 
708 static int
709 modctl_unload_drvconf(major_t major)
710 {
711 	int ret;
712 
713 	if (major >= devcnt)
714 		return (EINVAL);
715 
716 	ret = i_ddi_unload_drvconf(major);
717 	if (ret != 0)
718 		return (ret);
719 	(void) i_ddi_unbind_devs(major);
720 
721 	return (0);
722 }
723 
724 static void
725 check_esc_sequences(char *str, char *cstr)
726 {
727 	int i;
728 	size_t len;
729 	char *p;
730 
731 	len = strlen(str);
732 	for (i = 0; i < len; i++, str++, cstr++) {
733 		if (*str != '\\') {
734 			*cstr = *str;
735 		} else {
736 			p = str + 1;
737 			/*
738 			 * we only handle octal escape sequences for SPACE
739 			 */
740 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
741 				*cstr = ' ';
742 				str += 3;
743 			} else {
744 				*cstr = *str;
745 			}
746 		}
747 	}
748 	*cstr = 0;
749 }
750 
751 static int
752 modctl_getmodpathlen(int *data)
753 {
754 	int len;
755 	len = strlen(default_path);
756 	if (copyout(&len, data, sizeof (len)) != 0)
757 		return (EFAULT);
758 	return (0);
759 }
760 
761 static int
762 modctl_getmodpath(char *data)
763 {
764 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
765 		return (EFAULT);
766 	return (0);
767 }
768 
769 static int
770 modctl_read_sysbinding_file(void)
771 {
772 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
773 	return (0);
774 }
775 
776 static int
777 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
778 {
779 	char name[256];
780 	int retval;
781 	major_t major;
782 
783 	if ((retval = copyinstr(uname, name,
784 	    (ulen < 256) ? ulen : 256, 0)) != 0)
785 		return (retval);
786 	if ((major = mod_name_to_major(name)) == (major_t)-1)
787 		return (ENODEV);
788 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
789 		return (EFAULT);
790 	return (0);
791 }
792 
793 static int
794 modctl_getname(char *uname, uint_t ulen, int *umajorp)
795 {
796 	char *name;
797 	major_t major;
798 
799 	if (copyin(umajorp, &major, sizeof (major)) != 0)
800 		return (EFAULT);
801 	if ((name = mod_major_to_name(major)) == NULL)
802 		return (ENODEV);
803 	if ((strlen(name) + 1) > ulen)
804 		return (ENOSPC);
805 	return (copyoutstr(name, uname, ulen, NULL));
806 }
807 
808 static int
809 modctl_devt2instance(dev_t dev, int *uinstancep)
810 {
811 	int	instance;
812 
813 	if ((instance = dev_to_instance(dev)) == -1)
814 		return (EINVAL);
815 
816 	return (copyout(&instance, uinstancep, sizeof (int)));
817 }
818 
819 /*
820  * Return the sizeof of the device id.
821  */
822 static int
823 modctl_sizeof_devid(dev_t dev, uint_t *len)
824 {
825 	uint_t		sz;
826 	ddi_devid_t	devid;
827 
828 	/* get device id */
829 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
830 		return (EINVAL);
831 
832 	sz = ddi_devid_sizeof(devid);
833 	ddi_devid_free(devid);
834 
835 	/* copyout device id size */
836 	if (copyout(&sz, len, sizeof (sz)) != 0)
837 		return (EFAULT);
838 
839 	return (0);
840 }
841 
842 /*
843  * Return a copy of the device id.
844  */
845 static int
846 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
847 {
848 	uint_t		sz;
849 	ddi_devid_t	devid;
850 	int		err = 0;
851 
852 	/* get device id */
853 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
854 		return (EINVAL);
855 
856 	sz = ddi_devid_sizeof(devid);
857 
858 	/* Error if device id is larger than space allocated */
859 	if (sz > len) {
860 		ddi_devid_free(devid);
861 		return (ENOSPC);
862 	}
863 
864 	/* copy out device id */
865 	if (copyout(devid, udevid, sz) != 0)
866 		err = EFAULT;
867 	ddi_devid_free(devid);
868 	return (err);
869 }
870 
871 /*
872  * return the /devices paths associated with the specified devid and
873  * minor name.
874  */
875 /*ARGSUSED*/
876 static int
877 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
878 	size_t *ulensp, char *upaths)
879 {
880 	ddi_devid_t	devid = NULL;
881 	int		devid_len;
882 	char		*minor_name = NULL;
883 	dev_info_t	*dip = NULL;
884 	struct ddi_minor_data   *dmdp;
885 	char		*path = NULL;
886 	int		ulens;
887 	int		lens;
888 	int		len;
889 	dev_t		*devlist = NULL;
890 	int		ndevs;
891 	int		i;
892 	int		ret = 0;
893 
894 	/*
895 	 * If upaths is NULL then we are only computing the amount of space
896 	 * needed to hold the paths and returning the value in *ulensp. If we
897 	 * are copying out paths then we get the amount of space allocated by
898 	 * the caller. If the actual space needed for paths is larger, or
899 	 * things are changing out from under us, then we return EAGAIN.
900 	 */
901 	if (upaths) {
902 		if (ulensp == NULL)
903 			return (EINVAL);
904 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
905 			return (EFAULT);
906 	}
907 
908 	/*
909 	 * copyin enough of the devid to determine the length then
910 	 * reallocate and copy in the entire devid.
911 	 */
912 	devid_len = ddi_devid_sizeof(NULL);
913 	devid = kmem_alloc(devid_len, KM_SLEEP);
914 	if (copyin(udevid, devid, devid_len)) {
915 		ret = EFAULT;
916 		goto out;
917 	}
918 	len = devid_len;
919 	devid_len = ddi_devid_sizeof(devid);
920 	kmem_free(devid, len);
921 	devid = kmem_alloc(devid_len, KM_SLEEP);
922 	if (copyin(udevid, devid, devid_len)) {
923 		ret = EFAULT;
924 		goto out;
925 	}
926 
927 	/* copyin the minor name if specified. */
928 	minor_name = uminor_name;
929 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
930 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
931 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
932 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
933 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
934 			ret = EFAULT;
935 			goto out;
936 		}
937 	}
938 
939 	/*
940 	 * Use existing function to resolve the devid into a devlist.
941 	 *
942 	 * NOTE: there is a loss of spectype information in the current
943 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
944 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
945 	 * node forms in the loop processing the devlist below. It would be
946 	 * best if at some point the use of this interface here was replaced
947 	 * with a path oriented call.
948 	 */
949 	if (ddi_lyr_devid_to_devlist(devid,
950 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
951 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
952 	    &ndevs, &devlist) != DDI_SUCCESS) {
953 		ret = EINVAL;
954 		goto out;
955 	}
956 
957 	/*
958 	 * loop over the devlist, converting each devt to a path and doing
959 	 * a copyout of the path and computation of the amount of space
960 	 * needed to hold all the paths
961 	 */
962 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
963 	for (i = 0, lens = 0; i < ndevs; i++) {
964 
965 		/* find the dip associated with the dev_t */
966 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
967 			continue;
968 
969 		/* loop over all the minor nodes, skipping ones we don't want */
970 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
971 			if ((dmdp->ddm_dev != devlist[i]) ||
972 			    (dmdp->type != DDM_MINOR))
973 				continue;
974 
975 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
976 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
977 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
978 			    strcmp(minor_name, dmdp->ddm_name))
979 				continue;
980 			else {
981 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
982 				    (dmdp->ddm_spec_type != S_IFCHR))
983 					continue;
984 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
985 				    (dmdp->ddm_spec_type != S_IFBLK))
986 					continue;
987 			}
988 
989 			/* XXX need ddi_pathname_minor(dmdp, path); interface */
990 			if (ddi_dev_pathname(dmdp->ddm_dev, dmdp->ddm_spec_type,
991 			    path) != DDI_SUCCESS) {
992 				ret = EAGAIN;
993 				goto out;
994 			}
995 			len = strlen(path) + 1;
996 			*(path + len) = '\0';	/* set double termination */
997 			lens += len;
998 
999 			/* copyout the path with double terminations */
1000 			if (upaths) {
1001 				if (lens > ulens) {
1002 					ret = EAGAIN;
1003 					goto out;
1004 				}
1005 				if (copyout(path, upaths, len + 1)) {
1006 					ret = EFAULT;
1007 					goto out;
1008 				}
1009 				upaths += len;
1010 			}
1011 		}
1012 		ddi_release_devi(dip);
1013 		dip = NULL;
1014 	}
1015 	lens++;		/* add one for double termination */
1016 
1017 	/* copy out the amount of space needed to hold the paths */
1018 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1019 		ret = EFAULT;
1020 		goto out;
1021 	}
1022 	ret = 0;
1023 
1024 out:	if (dip)
1025 		ddi_release_devi(dip);
1026 	if (path)
1027 		kmem_free(path, MAXPATHLEN);
1028 	if (devlist)
1029 		ddi_lyr_free_devlist(devlist, ndevs);
1030 	if (minor_name &&
1031 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1032 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1033 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1034 		kmem_free(minor_name, MAXPATHLEN);
1035 	if (devid)
1036 		kmem_free(devid, devid_len);
1037 	return (ret);
1038 }
1039 
1040 /*
1041  * Return the size of the minor name.
1042  */
1043 static int
1044 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1045 {
1046 	uint_t	sz;
1047 	char	*name;
1048 
1049 	/* get the minor name */
1050 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1051 		return (EINVAL);
1052 
1053 	sz = strlen(name) + 1;
1054 	kmem_free(name, sz);
1055 
1056 	/* copy out the size of the minor name */
1057 	if (copyout(&sz, len, sizeof (sz)) != 0)
1058 		return (EFAULT);
1059 
1060 	return (0);
1061 }
1062 
1063 /*
1064  * Return the minor name.
1065  */
1066 static int
1067 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1068 {
1069 	uint_t	sz;
1070 	char	*name;
1071 	int	err = 0;
1072 
1073 	/* get the minor name */
1074 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1075 		return (EINVAL);
1076 
1077 	sz = strlen(name) + 1;
1078 
1079 	/* Error if the minor name is larger than the space allocated */
1080 	if (sz > len) {
1081 		kmem_free(name, sz);
1082 		return (ENOSPC);
1083 	}
1084 
1085 	/* copy out the minor name */
1086 	if (copyout(name, uname, sz) != 0)
1087 		err = EFAULT;
1088 	kmem_free(name, sz);
1089 	return (err);
1090 }
1091 
1092 /*
1093  * Return the size of the devfspath name.
1094  */
1095 static int
1096 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1097 {
1098 	uint_t	sz;
1099 	char	*name;
1100 
1101 	/* get the path name */
1102 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1103 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1104 		kmem_free(name, MAXPATHLEN);
1105 		return (EINVAL);
1106 	}
1107 
1108 	sz = strlen(name) + 1;
1109 	kmem_free(name, MAXPATHLEN);
1110 
1111 	/* copy out the size of the path name */
1112 	if (copyout(&sz, len, sizeof (sz)) != 0)
1113 		return (EFAULT);
1114 
1115 	return (0);
1116 }
1117 
1118 /*
1119  * Return the devfspath name.
1120  */
1121 static int
1122 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1123 {
1124 	uint_t	sz;
1125 	char	*name;
1126 	int	err = 0;
1127 
1128 	/* get the path name */
1129 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1130 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1131 		kmem_free(name, MAXPATHLEN);
1132 		return (EINVAL);
1133 	}
1134 
1135 	sz = strlen(name) + 1;
1136 
1137 	/* Error if the path name is larger than the space allocated */
1138 	if (sz > len) {
1139 		kmem_free(name, MAXPATHLEN);
1140 		return (ENOSPC);
1141 	}
1142 
1143 	/* copy out the path name */
1144 	if (copyout(name, uname, sz) != 0)
1145 		err = EFAULT;
1146 	kmem_free(name, MAXPATHLEN);
1147 	return (err);
1148 }
1149 
1150 static int
1151 modctl_get_fbname(char *path)
1152 {
1153 	extern dev_t fbdev;
1154 	char *pathname = NULL;
1155 	int rval = 0;
1156 
1157 	/* make sure fbdev is set before we plunge in */
1158 	if (fbdev == NODEV)
1159 		return (ENODEV);
1160 
1161 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1162 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1163 	    pathname)) == DDI_SUCCESS) {
1164 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1165 			rval = EFAULT;
1166 		}
1167 	}
1168 	kmem_free(pathname, MAXPATHLEN);
1169 	return (rval);
1170 }
1171 
1172 /*
1173  * modctl_reread_dacf()
1174  *	Reread the dacf rules database from the named binding file.
1175  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1176  */
1177 static int
1178 modctl_reread_dacf(char *path)
1179 {
1180 	int rval = 0;
1181 	char *filename, *filenamep;
1182 
1183 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1184 
1185 	if (path == NULL) {
1186 		filenamep = NULL;
1187 	} else {
1188 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1189 			rval = EFAULT;
1190 			goto out;
1191 		}
1192 		filenamep = filename;
1193 		filenamep[MAXPATHLEN - 1] = '\0';
1194 	}
1195 
1196 	rval = read_dacf_binding_file(filenamep);
1197 out:
1198 	kmem_free(filename, MAXPATHLEN);
1199 	return (rval);
1200 }
1201 
1202 /*ARGSUSED*/
1203 static int
1204 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1205     uint_t flag)
1206 {
1207 	int error = 0;
1208 	char *filenamep;
1209 
1210 	switch (subcmd) {
1211 
1212 	case MODEVENTS_FLUSH:
1213 		/* flush all currently queued events */
1214 		log_sysevent_flushq(subcmd, flag);
1215 		break;
1216 
1217 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1218 		/*
1219 		 * bind door_upcall to filename
1220 		 * this should only be done once per invocation
1221 		 * of the event daemon.
1222 		 */
1223 
1224 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1225 
1226 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1227 			error = EFAULT;
1228 		} else {
1229 			error = log_sysevent_filename(filenamep);
1230 		}
1231 		kmem_free(filenamep, MOD_MAXPATH);
1232 		break;
1233 
1234 	case MODEVENTS_GETDATA:
1235 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1236 		    (size_t)a3, (caddr_t)a4);
1237 		break;
1238 
1239 	case MODEVENTS_FREEDATA:
1240 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1241 		break;
1242 	case MODEVENTS_POST_EVENT:
1243 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1244 			(sysevent_id_t *)a4);
1245 		break;
1246 	case MODEVENTS_REGISTER_EVENT:
1247 		error = log_sysevent_register((char *)a2, (char *)a3,
1248 		    (se_pubsub_t *)a4);
1249 		break;
1250 	default:
1251 		error = EINVAL;
1252 	}
1253 
1254 	return (error);
1255 }
1256 
1257 static void
1258 free_mperm(mperm_t *mp)
1259 {
1260 	int len;
1261 
1262 	if (mp->mp_minorname) {
1263 		len = strlen(mp->mp_minorname) + 1;
1264 		kmem_free(mp->mp_minorname, len);
1265 	}
1266 	kmem_free(mp, sizeof (mperm_t));
1267 }
1268 
1269 #define	MP_NO_DRV_ERR	\
1270 	"/etc/minor_perm: no driver for %s\n"
1271 
1272 #define	MP_EMPTY_MINOR	\
1273 	"/etc/minor_perm: empty minor name for driver %s\n"
1274 
1275 #define	MP_NO_MINOR	\
1276 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1277 
1278 /*
1279  * Remove mperm entry with matching minorname
1280  */
1281 static void
1282 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1283 {
1284 	mperm_t **mp_head;
1285 	mperm_t *freemp = NULL;
1286 	struct devnames *dnp = &devnamesp[major];
1287 	mperm_t **wildmp;
1288 
1289 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1290 
1291 	LOCK_DEV_OPS(&dnp->dn_lock);
1292 	if (strcmp(mp->mp_minorname, "*") == 0) {
1293 		wildmp = ((is_clone == 0) ?
1294 			&dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1295 		if (*wildmp)
1296 			freemp = *wildmp;
1297 		*wildmp = NULL;
1298 	} else {
1299 		mp_head = &dnp->dn_mperm;
1300 		while (*mp_head) {
1301 			if (strcmp((*mp_head)->mp_minorname,
1302 			    mp->mp_minorname) != 0) {
1303 				mp_head = &(*mp_head)->mp_next;
1304 				continue;
1305 			}
1306 			/* remove the entry */
1307 			freemp = *mp_head;
1308 			*mp_head = freemp->mp_next;
1309 			break;
1310 		}
1311 	}
1312 	if (freemp) {
1313 		if (moddebug & MODDEBUG_MINORPERM) {
1314 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1315 			    drvname, freemp->mp_minorname,
1316 			    freemp->mp_mode & 0777,
1317 			    freemp->mp_uid, freemp->mp_gid);
1318 		}
1319 		free_mperm(freemp);
1320 	} else {
1321 		if (moddebug & MODDEBUG_MINORPERM) {
1322 			cmn_err(CE_CONT, MP_NO_MINOR,
1323 				drvname, mp->mp_minorname);
1324 		}
1325 	}
1326 
1327 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1328 }
1329 
1330 /*
1331  * Add minor perm entry
1332  */
1333 static void
1334 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1335 {
1336 	mperm_t **mp_head;
1337 	mperm_t *freemp = NULL;
1338 	struct devnames *dnp = &devnamesp[major];
1339 	mperm_t **wildmp;
1340 
1341 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1342 
1343 	/*
1344 	 * Note that update_drv replace semantics require
1345 	 * replacing matching entries with the new permissions.
1346 	 */
1347 	LOCK_DEV_OPS(&dnp->dn_lock);
1348 	if (strcmp(mp->mp_minorname, "*") == 0) {
1349 		wildmp = ((is_clone == 0) ?
1350 			&dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1351 		if (*wildmp)
1352 			freemp = *wildmp;
1353 		*wildmp = mp;
1354 	} else {
1355 		mperm_t *p, *v = NULL;
1356 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1357 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1358 				if (v == NULL)
1359 					dnp->dn_mperm = mp;
1360 				else
1361 					v->mp_next = mp;
1362 				mp->mp_next = p->mp_next;
1363 				freemp = p;
1364 				goto replaced;
1365 			}
1366 		}
1367 		if (p == NULL) {
1368 			mp_head = &dnp->dn_mperm;
1369 			if (*mp_head == NULL) {
1370 				*mp_head = mp;
1371 			} else {
1372 				mp->mp_next = *mp_head;
1373 				*mp_head = mp;
1374 			}
1375 		}
1376 	}
1377 replaced:
1378 	if (freemp) {
1379 		if (moddebug & MODDEBUG_MINORPERM) {
1380 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1381 			    drvname, freemp->mp_minorname,
1382 			    freemp->mp_mode & 0777,
1383 			    freemp->mp_uid, freemp->mp_gid);
1384 		}
1385 		free_mperm(freemp);
1386 	}
1387 	if (moddebug & MODDEBUG_MINORPERM) {
1388 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1389 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1390 		    mp->mp_uid, mp->mp_gid);
1391 	}
1392 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1393 }
1394 
1395 
1396 static int
1397 process_minorperm(int cmd, nvlist_t *nvl)
1398 {
1399 	char *minor;
1400 	major_t major;
1401 	mperm_t *mp;
1402 	nvpair_t *nvp;
1403 	char *name;
1404 	int is_clone;
1405 	major_t minmaj;
1406 
1407 	ASSERT(cmd == MODLOADMINORPERM ||
1408 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1409 
1410 	nvp = NULL;
1411 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1412 		name = nvpair_name(nvp);
1413 
1414 		is_clone = 0;
1415 		(void) nvpair_value_string(nvp, &minor);
1416 		major = ddi_name_to_major(name);
1417 		if (major != (major_t)-1) {
1418 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1419 			if (minor == NULL || strlen(minor) == 0) {
1420 				if (moddebug & MODDEBUG_MINORPERM) {
1421 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1422 				}
1423 				minor = "*";
1424 			}
1425 
1426 			/*
1427 			 * The minor name of a node using the clone
1428 			 * driver must be the driver name.  To avoid
1429 			 * multiple searches, we map entries in the form
1430 			 * clone:<driver> to <driver>:*.  This also allows us
1431 			 * to filter out some of the litter in /etc/minor_perm.
1432 			 * Minor perm alias entries where the name is not
1433 			 * the driver kept on the clone list itself.
1434 			 * This all seems very fragile as a driver could
1435 			 * be introduced with an existing alias name.
1436 			 */
1437 			if (strcmp(name, "clone") == 0) {
1438 				minmaj = ddi_name_to_major(minor);
1439 				if (minmaj != (major_t)-1) {
1440 					if (moddebug & MODDEBUG_MINORPERM) {
1441 						cmn_err(CE_CONT,
1442 						    "mapping %s:%s to %s:*\n",
1443 						    name, minor, minor);
1444 					}
1445 					major = minmaj;
1446 					name = minor;
1447 					minor = "*";
1448 					is_clone = 1;
1449 				}
1450 			}
1451 
1452 			if (mp) {
1453 				mp->mp_minorname =
1454 				    i_ddi_strdup(minor, KM_SLEEP);
1455 			}
1456 		} else {
1457 			mp = NULL;
1458 			if (moddebug & MODDEBUG_MINORPERM) {
1459 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1460 			}
1461 		}
1462 
1463 		/* mode */
1464 		nvp = nvlist_next_nvpair(nvl, nvp);
1465 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1466 		if (mp)
1467 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1468 		/* uid */
1469 		nvp = nvlist_next_nvpair(nvl, nvp);
1470 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1471 		if (mp)
1472 			(void) nvpair_value_int32(nvp, &mp->mp_uid);
1473 		/* gid */
1474 		nvp = nvlist_next_nvpair(nvl, nvp);
1475 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1476 		if (mp) {
1477 			(void) nvpair_value_int32(nvp, &mp->mp_gid);
1478 
1479 			if (cmd == MODREMMINORPERM) {
1480 				rem_minorperm(major, name, mp, is_clone);
1481 				free_mperm(mp);
1482 			} else {
1483 				add_minorperm(major, name, mp, is_clone);
1484 			}
1485 		}
1486 	}
1487 
1488 	if (cmd == MODLOADMINORPERM)
1489 		minorperm_loaded = 1;
1490 
1491 	/*
1492 	 * Reset permissions of cached dv_nodes
1493 	 */
1494 	(void) devfs_reset_perm(DV_RESET_PERM);
1495 
1496 	return (0);
1497 }
1498 
1499 static int
1500 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1501 {
1502 	int error;
1503 	nvlist_t *nvl;
1504 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1505 
1506 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1507 		kmem_free(buf, buflen);
1508 		return (error);
1509 	}
1510 
1511 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1512 	kmem_free(buf, buflen);
1513 	if (error)
1514 		return (error);
1515 
1516 	error = process_minorperm(cmd, nvl);
1517 	nvlist_free(nvl);
1518 	return (error);
1519 }
1520 
1521 struct walk_args {
1522 	char		*wa_drvname;
1523 	list_t		wa_pathlist;
1524 };
1525 
1526 struct path_elem {
1527 	char		*pe_dir;
1528 	char		*pe_nodename;
1529 	list_node_t	pe_node;
1530 	int		pe_dirlen;
1531 };
1532 
1533 /*ARGSUSED*/
1534 static int
1535 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1536 {
1537 	struct walk_args *wargs = (struct walk_args *)arg;
1538 	struct path_elem *pe;
1539 	char *nodename;
1540 
1541 	if (strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1542 		return (INST_WALK_CONTINUE);
1543 
1544 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1545 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1546 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1547 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1548 	nodename = strrchr(pe->pe_dir, '/');
1549 	*nodename++ = 0;
1550 	pe->pe_nodename = nodename;
1551 	list_insert_tail(&wargs->wa_pathlist, pe);
1552 
1553 	return (INST_WALK_CONTINUE);
1554 }
1555 
1556 static int
1557 modctl_remdrv_cleanup(const char *u_drvname)
1558 {
1559 	struct walk_args *wargs;
1560 	struct path_elem *pe;
1561 	char *drvname;
1562 	int err, rval = 0;
1563 
1564 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
1565 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
1566 		kmem_free(drvname, MAXMODCONFNAME);
1567 		return (err);
1568 	}
1569 
1570 	/*
1571 	 * First go through the instance database.  For each
1572 	 * instance of a device bound to the driver being
1573 	 * removed, remove any underlying devfs attribute nodes.
1574 	 *
1575 	 * This is a two-step process.  First we go through
1576 	 * the instance data itself, constructing a list of
1577 	 * the nodes discovered.  The second step is then
1578 	 * to find and remove any devfs attribute nodes
1579 	 * for the instances discovered in the first step.
1580 	 * The two-step process avoids any difficulties
1581 	 * which could arise by holding the instance data
1582 	 * lock with simultaneous devfs operations.
1583 	 */
1584 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
1585 
1586 	wargs->wa_drvname = drvname;
1587 	list_create(&wargs->wa_pathlist,
1588 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
1589 
1590 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
1591 
1592 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
1593 	    pe = list_next(&wargs->wa_pathlist, pe)) {
1594 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
1595 			(const char *)pe->pe_nodename);
1596 		if (rval == 0)
1597 			rval = err;
1598 	}
1599 
1600 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
1601 		list_remove(&wargs->wa_pathlist, pe);
1602 		kmem_free(pe->pe_dir, pe->pe_dirlen);
1603 		kmem_free(pe, sizeof (*pe));
1604 	}
1605 	kmem_free(wargs, sizeof (*wargs));
1606 
1607 	/*
1608 	 * Pseudo nodes aren't recorded in the instance database
1609 	 * so any such nodes need to be handled separately.
1610 	 */
1611 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
1612 	if (rval == 0)
1613 		rval = err;
1614 
1615 	kmem_free(drvname, MAXMODCONFNAME);
1616 	return (rval);
1617 }
1618 
1619 static int
1620 modctl_allocpriv(const char *name)
1621 {
1622 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
1623 	int error;
1624 
1625 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
1626 		kmem_free(pstr, PRIVNAME_MAX);
1627 		return (error);
1628 	}
1629 	error = priv_getbyname(pstr, PRIV_ALLOC);
1630 	if (error < 0)
1631 		error = -error;
1632 	else
1633 		error = 0;
1634 	kmem_free(pstr, PRIVNAME_MAX);
1635 	return (error);
1636 }
1637 
1638 /*ARGSUSED5*/
1639 int
1640 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1641     uintptr_t a5)
1642 {
1643 	int	error = EINVAL;
1644 	dev_t	dev;
1645 
1646 	if (secpolicy_modctl(CRED(), cmd) != 0)
1647 		return (set_errno(EPERM));
1648 
1649 	switch (cmd) {
1650 	case MODLOAD:		/* load a module */
1651 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
1652 		break;
1653 
1654 	case MODUNLOAD:		/* unload a module */
1655 		error = modctl_modunload((modid_t)a1);
1656 		break;
1657 
1658 	case MODINFO:		/* get module status */
1659 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
1660 		break;
1661 
1662 	case MODRESERVED:	/* get last major number in range */
1663 		error = modctl_modreserve((modid_t)a1, (int *)a2);
1664 		break;
1665 
1666 	case MODSETMINIROOT:	/* we are running in miniroot */
1667 		isminiroot = 1;
1668 		error = 0;
1669 		break;
1670 
1671 	case MODADDMAJBIND:	/* read major binding file */
1672 		error = modctl_add_major((int *)a2);
1673 		break;
1674 
1675 	case MODGETPATHLEN:	/* get modpath length */
1676 		error = modctl_getmodpathlen((int *)a2);
1677 		break;
1678 
1679 	case MODGETPATH:	/* get modpath */
1680 		error = modctl_getmodpath((char *)a2);
1681 		break;
1682 
1683 	case MODREADSYSBIND:	/* read system call binding file */
1684 		error = modctl_read_sysbinding_file();
1685 		break;
1686 
1687 	case MODGETMAJBIND:	/* get major number for named device */
1688 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
1689 		break;
1690 
1691 	case MODGETNAME:	/* get name of device given major number */
1692 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
1693 		break;
1694 
1695 	case MODDEVT2INSTANCE:
1696 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1697 			dev = (dev_t)a1;
1698 		}
1699 #ifdef _SYSCALL32_IMPL
1700 		else {
1701 			dev = expldev(a1);
1702 		}
1703 #endif
1704 		error = modctl_devt2instance(dev, (int *)a2);
1705 		break;
1706 
1707 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
1708 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1709 			dev = (dev_t)a1;
1710 		}
1711 #ifdef _SYSCALL32_IMPL
1712 		else {
1713 			dev = expldev(a1);
1714 		}
1715 #endif
1716 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
1717 		break;
1718 
1719 	case MODGETDEVID:	/* get device id of device given dev_t */
1720 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1721 			dev = (dev_t)a1;
1722 		}
1723 #ifdef _SYSCALL32_IMPL
1724 		else {
1725 			dev = expldev(a1);
1726 		}
1727 #endif
1728 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
1729 		break;
1730 
1731 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm of dev_t/spectype */
1732 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1733 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
1734 			    (uint_t *)a3);
1735 		}
1736 #ifdef _SYSCALL32_IMPL
1737 		else {
1738 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
1739 			    (uint_t *)a3);
1740 		}
1741 
1742 #endif
1743 		break;
1744 
1745 	case MODGETMINORNAME:   /* get minor name of dev_t and spec type */
1746 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1747 			error = modctl_get_minorname((dev_t)a1, (int)a2,
1748 			    (uint_t)a3, (char *)a4);
1749 		}
1750 #ifdef _SYSCALL32_IMPL
1751 		else {
1752 			error = modctl_get_minorname(expldev(a1), (int)a2,
1753 			    (uint_t)a3, (char *)a4);
1754 		}
1755 #endif
1756 		break;
1757 
1758 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of dev_t/spectype */
1759 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1760 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
1761 			    (uint_t *)a3);
1762 		}
1763 #ifdef _SYSCALL32_IMPL
1764 		else {
1765 			error = modctl_devfspath_len(expldev(a1), (int)a2,
1766 			    (uint_t *)a3);
1767 		}
1768 
1769 #endif
1770 		break;
1771 
1772 	case MODGETDEVFSPATH:   /* get path name of dev_t and spec type */
1773 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1774 			error = modctl_devfspath((dev_t)a1, (int)a2,
1775 			    (uint_t)a3, (char *)a4);
1776 		}
1777 #ifdef _SYSCALL32_IMPL
1778 		else {
1779 			error = modctl_devfspath(expldev(a1), (int)a2,
1780 			    (uint_t)a3, (char *)a4);
1781 		}
1782 #endif
1783 		break;
1784 
1785 
1786 	case MODEVENTS:
1787 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
1788 		break;
1789 
1790 	case MODGETFBNAME:	/* get the framebuffer name */
1791 		error = modctl_get_fbname((char *)a1);
1792 		break;
1793 
1794 	case MODREREADDACF:	/* reread dacf rule database from given file */
1795 		error = modctl_reread_dacf((char *)a1);
1796 		break;
1797 
1798 	case MODLOADDRVCONF:	/* load driver.conf file for major */
1799 		error = modctl_load_drvconf((major_t)a1);
1800 		break;
1801 
1802 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
1803 		error = modctl_unload_drvconf((major_t)a1);
1804 		break;
1805 
1806 	case MODREMMAJBIND:	/* remove a major binding */
1807 		error = modctl_rem_major((major_t)a1);
1808 		break;
1809 
1810 	case MODDEVID2PATHS:	/* get paths given devid */
1811 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
1812 		    (uint_t)a3, (size_t *)a4, (char *)a5);
1813 		break;
1814 
1815 	case MODSETDEVPOLICY:	/* establish device policy */
1816 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
1817 		break;
1818 
1819 	case MODGETDEVPOLICY:	/* get device policy */
1820 		error = devpolicy_get((int *)a1, (size_t)a2,
1821 				(devplcysys_t *)a3);
1822 		break;
1823 
1824 	case MODALLOCPRIV:
1825 		error = modctl_allocpriv((const char *)a1);
1826 		break;
1827 
1828 	case MODGETDEVPOLICYBYNAME:
1829 		error = devpolicy_getbyname((size_t)a1,
1830 		    (devplcysys_t *)a2, (char *)a3);
1831 		break;
1832 
1833 	case MODCLEANUP:
1834 		e_devid_cache_cleanup();
1835 		error = 0;
1836 		break;
1837 
1838 	case MODLOADMINORPERM:
1839 	case MODADDMINORPERM:
1840 	case MODREMMINORPERM:
1841 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
1842 		break;
1843 
1844 	case MODREMDRVCLEANUP:
1845 		error = modctl_remdrv_cleanup((const char *)a1);
1846 		break;
1847 
1848 	default:
1849 		error = EINVAL;
1850 		break;
1851 	}
1852 
1853 	return (error ? set_errno(error) : 0);
1854 }
1855 
1856 /*
1857  * Calls to kobj_load_module()() are handled off to this routine in a
1858  * separate thread.
1859  */
1860 static void
1861 modload_thread(struct loadmt *ltp)
1862 {
1863 	/* load the module and signal the creator of this thread */
1864 	kmutex_t	cpr_lk;
1865 	callb_cpr_t	cpr_i;
1866 
1867 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
1868 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
1869 	/* borrow the devi lock from thread which invoked us */
1870 	pm_borrow_lock(ltp->owner);
1871 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
1872 	pm_return_lock();
1873 	sema_v(&ltp->sema);
1874 	mutex_enter(&cpr_lk);
1875 	CALLB_CPR_EXIT(&cpr_i);
1876 	mutex_destroy(&cpr_lk);
1877 	thread_exit();
1878 }
1879 
1880 /*
1881  * load a module, adding a reference if caller specifies rmodp.  If rmodp
1882  * is specified then an errno is returned, otherwise a module index is
1883  * returned (-1 on error).
1884  */
1885 static int
1886 modrload(char *subdir, char *filename, struct modctl **rmodp)
1887 {
1888 	struct modctl *modp;
1889 	size_t size;
1890 	char *fullname;
1891 	int retval = EINVAL;
1892 	int id = -1;
1893 
1894 	if (rmodp)
1895 		*rmodp = NULL;			/* avoid garbage */
1896 
1897 	if (subdir != NULL) {
1898 		/*
1899 		 * refuse / in filename to prevent "../" escapes.
1900 		 */
1901 		if (strchr(filename, '/') != NULL)
1902 			return (rmodp ? retval : id);
1903 
1904 		/*
1905 		 * allocate enough space for <subdir>/<filename><NULL>
1906 		 */
1907 		size = strlen(subdir) + strlen(filename) + 2;
1908 		fullname = kmem_zalloc(size, KM_SLEEP);
1909 		(void) sprintf(fullname, "%s/%s", subdir, filename);
1910 	} else {
1911 		fullname = filename;
1912 	}
1913 
1914 	modp = mod_hold_installed_mod(fullname, 1, &retval);
1915 	if (modp != NULL) {
1916 		id = modp->mod_id;
1917 		if (rmodp) {
1918 			/* add mod_ref and return *rmodp */
1919 			mutex_enter(&mod_lock);
1920 			modp->mod_ref++;
1921 			mutex_exit(&mod_lock);
1922 			*rmodp = modp;
1923 		}
1924 		mod_release_mod(modp);
1925 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
1926 	}
1927 
1928 done:	if (subdir != NULL)
1929 		kmem_free(fullname, size);
1930 	return (rmodp ? retval : id);
1931 }
1932 
1933 /*
1934  * This is the primary kernel interface to load a module. It loads and
1935  * installs the named module.  It does not hold mod_ref of the module, so
1936  * a module unload attempt can occur at any time - it is up to the
1937  * _fini/mod_remove implementation to determine if unload will succeed.
1938  */
1939 int
1940 modload(char *subdir, char *filename)
1941 {
1942 	return (modrload(subdir, filename, NULL));
1943 }
1944 
1945 /*
1946  * Load a module.
1947  */
1948 int
1949 modloadonly(char *subdir, char *filename)
1950 {
1951 	struct modctl *modp;
1952 	char *fullname;
1953 	size_t size;
1954 	int id, retval;
1955 
1956 	if (subdir != NULL) {
1957 		/*
1958 		 * allocate enough space for <subdir>/<filename><NULL>
1959 		 */
1960 		size = strlen(subdir) + strlen(filename) + 2;
1961 		fullname = kmem_zalloc(size, KM_SLEEP);
1962 		(void) sprintf(fullname, "%s/%s", subdir, filename);
1963 	} else {
1964 		fullname = filename;
1965 	}
1966 
1967 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
1968 	if (modp) {
1969 		id = modp->mod_id;
1970 		mod_release_mod(modp);
1971 	}
1972 
1973 	if (subdir != NULL)
1974 		kmem_free(fullname, size);
1975 
1976 	if (retval == 0)
1977 		return (id);
1978 	return (-1);
1979 }
1980 
1981 /*
1982  * Try to uninstall and unload a module, removing a reference if caller
1983  * specifies rmodp.
1984  */
1985 static int
1986 modunrload(modid_t id, struct modctl **rmodp, int unload)
1987 {
1988 	struct modctl	*modp;
1989 	int		retval;
1990 
1991 	if (rmodp)
1992 		*rmodp = NULL;			/* avoid garbage */
1993 
1994 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
1995 		return (EINVAL);
1996 
1997 	if (rmodp) {
1998 		mutex_enter(&mod_lock);
1999 		modp->mod_ref--;
2000 		mutex_exit(&mod_lock);
2001 		*rmodp = modp;
2002 	}
2003 
2004 	if (unload) {
2005 		retval = moduninstall(modp);
2006 		if (retval == 0) {
2007 			mod_unload(modp);
2008 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2009 		} else if (retval == EALREADY)
2010 			retval = 0;	/* already unloaded, not an error */
2011 	} else
2012 		retval = 0;
2013 
2014 	mod_release_mod(modp);
2015 	return (retval);
2016 }
2017 
2018 /*
2019  * Uninstall and unload a module.
2020  */
2021 int
2022 modunload(modid_t id)
2023 {
2024 	return (modunrload(id, NULL, 1));
2025 }
2026 
2027 /*
2028  * Return status of a loaded module.
2029  */
2030 static int
2031 modinfo(modid_t id, struct modinfo *modinfop)
2032 {
2033 	struct modctl	*modp;
2034 	modid_t		mid;
2035 	int		i;
2036 
2037 	mid = modinfop->mi_id;
2038 	if (modinfop->mi_info & MI_INFO_ALL) {
2039 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2040 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2041 			    modp->mod_installed)
2042 				break;
2043 			mod_release_mod(modp);
2044 		}
2045 		if (modp == NULL)
2046 			return (EINVAL);
2047 	} else {
2048 		modp = mod_hold_by_id(id);
2049 		if (modp == NULL)
2050 			return (EINVAL);
2051 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2052 		    (modp->mod_installed == 0)) {
2053 			mod_release_mod(modp);
2054 			return (EINVAL);
2055 		}
2056 	}
2057 
2058 	modinfop->mi_rev = 0;
2059 	modinfop->mi_state = 0;
2060 	for (i = 0; i < MODMAXLINK; i++) {
2061 		modinfop->mi_msinfo[i].msi_p0 = -1;
2062 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2063 	}
2064 	if (modp->mod_loaded) {
2065 		modinfop->mi_state = MI_LOADED;
2066 		kobj_getmodinfo(modp->mod_mp, modinfop);
2067 	}
2068 	if (modp->mod_installed) {
2069 		modinfop->mi_state |= MI_INSTALLED;
2070 
2071 		(void) mod_getinfo(modp, modinfop);
2072 	}
2073 
2074 	modinfop->mi_id = modp->mod_id;
2075 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2076 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2077 
2078 	mod_release_mod(modp);
2079 	return (0);
2080 }
2081 
2082 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2083 static char no_err[] = "No error function for weak stub %s";
2084 
2085 /*
2086  * used by the stubs themselves to load and hold a module.
2087  * Returns  0 if the module is successfully held;
2088  *	    the stub needs to call mod_release_stub().
2089  *	    -1 if the stub should just call the err_fcn.
2090  * Note that this code is stretched out so that we avoid subroutine calls
2091  * and optimize for the most likely case.  That is, the case where the
2092  * module is loaded and installed and not held.  In that case we just inc
2093  * the mod_ref count and continue.
2094  */
2095 int
2096 mod_hold_stub(struct mod_stub_info *stub)
2097 {
2098 	struct modctl *mp;
2099 	struct mod_modinfo *mip;
2100 
2101 	mip = stub->mods_modinfo;
2102 
2103 	mutex_enter(&mod_lock);
2104 
2105 	/* we do mod_hold_by_modctl inline for speed */
2106 
2107 mod_check_again:
2108 	if ((mp = mip->mp) != NULL) {
2109 		if (mp->mod_busy == 0) {
2110 			if (mp->mod_installed) {
2111 				/* increment the reference count */
2112 				mp->mod_ref++;
2113 				ASSERT(mp->mod_ref && mp->mod_installed);
2114 				mutex_exit(&mod_lock);
2115 				return (0);
2116 			} else {
2117 				mp->mod_busy = 1;
2118 				mp->mod_inprogress_thread =
2119 				    (curthread == NULL ?
2120 				    (kthread_id_t)-1 : curthread);
2121 			}
2122 		} else {
2123 			/*
2124 			 * wait one time and then go see if someone
2125 			 * else has resolved the stub (set mip->mp).
2126 			 */
2127 			if (mod_hold_by_modctl(mp,
2128 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2129 				goto mod_check_again;
2130 
2131 			/*
2132 			 * what we have now may have been unloaded!, in
2133 			 * that case, mip->mp will be NULL, we'll hit this
2134 			 * module and load again..
2135 			 */
2136 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2137 		}
2138 		mutex_exit(&mod_lock);
2139 	} else {
2140 		/* first time we've hit this module */
2141 		mutex_exit(&mod_lock);
2142 		mp = mod_hold_by_name(mip->modm_module_name);
2143 		mip->mp = mp;
2144 	}
2145 
2146 	/*
2147 	 * If we are here, it means that the following conditions
2148 	 * are satisfied.
2149 	 *
2150 	 * mip->mp != NULL
2151 	 * this thread has set the mp->mod_busy = 1
2152 	 * mp->mod_installed = 0
2153 	 *
2154 	 */
2155 	ASSERT(mp != NULL);
2156 	ASSERT(mp->mod_busy == 1);
2157 
2158 	if (mp->mod_installed == 0) {
2159 		/* Module not loaded, if weak stub don't load it */
2160 		if (stub->mods_flag & MODS_WEAK) {
2161 			if (stub->mods_errfcn == NULL) {
2162 				mod_release_mod(mp);
2163 				cmn_err(CE_PANIC, no_err,
2164 				    mip->modm_module_name);
2165 			}
2166 		} else {
2167 			/* Not a weak stub so load the module */
2168 
2169 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
2170 				/*
2171 				 * If mod_load() was successful
2172 				 * and modinstall() failed, then
2173 				 * unload the module.
2174 				 */
2175 				if (mp->mod_loaded)
2176 					mod_unload(mp);
2177 
2178 				mod_release_mod(mp);
2179 				if (stub->mods_errfcn == NULL) {
2180 					cmn_err(CE_PANIC, mod_stub_err,
2181 					    mip->modm_module_name);
2182 				} else {
2183 					return (-1);
2184 				}
2185 			}
2186 		}
2187 	}
2188 
2189 	/*
2190 	 * At this point module is held and loaded. Release
2191 	 * the mod_busy and mod_inprogress_thread before
2192 	 * returning. We actually call mod_release() here so
2193 	 * that if another stub wants to access this module,
2194 	 * it can do so. mod_ref is incremented before mod_release()
2195 	 * is called to prevent someone else from snatching the
2196 	 * module from this thread.
2197 	 */
2198 	mutex_enter(&mod_lock);
2199 	mp->mod_ref++;
2200 	ASSERT(mp->mod_ref &&
2201 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2202 	mod_release(mp);
2203 	mutex_exit(&mod_lock);
2204 	return (0);
2205 }
2206 
2207 void
2208 mod_release_stub(struct mod_stub_info *stub)
2209 {
2210 	struct modctl *mp = stub->mods_modinfo->mp;
2211 
2212 	/* inline mod_release_mod */
2213 	mutex_enter(&mod_lock);
2214 	ASSERT(mp->mod_ref &&
2215 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2216 	mp->mod_ref--;
2217 	if (mp->mod_want) {
2218 		mp->mod_want = 0;
2219 		cv_broadcast(&mod_cv);
2220 	}
2221 	mutex_exit(&mod_lock);
2222 }
2223 
2224 static struct modctl *
2225 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
2226 {
2227 	struct modctl *modp;
2228 	int retval;
2229 
2230 	/*
2231 	 * Hold the module.
2232 	 */
2233 	modp = mod_hold_by_name_requisite(dep, filename);
2234 	if (modp) {
2235 		retval = mod_load(modp, 1);
2236 		if (retval != 0) {
2237 			mod_release_mod(modp);
2238 			modp = NULL;
2239 		}
2240 		*status = retval;
2241 	} else {
2242 		*status = ENOSPC;
2243 	}
2244 
2245 	/*
2246 	 * if dep is not NULL, clear the module dependency information.
2247 	 * This information is set in mod_hold_by_name_common().
2248 	 */
2249 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
2250 		ASSERT(dep->mod_busy);
2251 		dep->mod_requisite_loading = NULL;
2252 	}
2253 
2254 	return (modp);
2255 }
2256 
2257 /*
2258  * hold, load, and install the named module
2259  */
2260 static struct modctl *
2261 mod_hold_installed_mod(char *name, int usepath, int *r)
2262 {
2263 	struct modctl *modp;
2264 	int retval;
2265 
2266 	/*
2267 	 * Verify that that module in question actually exists on disk
2268 	 * before allocation of module structure by mod_hold_by_name.
2269 	 */
2270 	if (modrootloaded && swaploaded) {
2271 		if (!kobj_path_exists(name, usepath)) {
2272 			*r = ENOENT;
2273 			return (NULL);
2274 		}
2275 	}
2276 
2277 	/*
2278 	 * Hold the module.
2279 	 */
2280 	modp = mod_hold_by_name(name);
2281 	if (modp) {
2282 		retval = mod_load(modp, usepath);
2283 		if (retval != 0) {
2284 			mod_release_mod(modp);
2285 			modp = NULL;
2286 			*r = retval;
2287 		} else {
2288 			if ((*r = modinstall(modp)) != 0) {
2289 				/*
2290 				 * We loaded it, but failed to _init() it.
2291 				 * Be kind to developers -- force it
2292 				 * out of memory now so that the next
2293 				 * attempt to use the module will cause
2294 				 * a reload.  See 1093793.
2295 				 */
2296 				mod_unload(modp);
2297 				mod_release_mod(modp);
2298 				modp = NULL;
2299 			}
2300 		}
2301 	} else {
2302 		*r = ENOSPC;
2303 	}
2304 	return (modp);
2305 }
2306 
2307 static char mod_excl_msg[] =
2308 	"module %s(%s) is EXCLUDED and will not be loaded\n";
2309 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
2310 
2311 /*
2312  * This routine is needed for dependencies.  Users specify dependencies
2313  * by declaring a character array initialized to filenames of dependents.
2314  * So the code that handles dependents deals with filenames (and not
2315  * module names) because that's all it has.  We load by filename and once
2316  * we've loaded a file we can get the module name.
2317  * Unfortunately there isn't a single unified filename/modulename namespace.
2318  * C'est la vie.
2319  *
2320  * We allow the name being looked up to be prepended by an optional
2321  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
2322  */
2323 struct modctl *
2324 mod_find_by_filename(char *subdir, char *filename)
2325 {
2326 	struct modctl	*mp;
2327 	size_t		sublen;
2328 
2329 	ASSERT(!MUTEX_HELD(&mod_lock));
2330 	if (subdir != NULL)
2331 		sublen = strlen(subdir);
2332 	else
2333 		sublen = 0;
2334 
2335 	mutex_enter(&mod_lock);
2336 	mp = &modules;
2337 	do {
2338 		if (sublen) {
2339 			char *mod_filename = mp->mod_filename;
2340 
2341 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
2342 			    mod_filename[sublen] == '/' &&
2343 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
2344 				mutex_exit(&mod_lock);
2345 				return (mp);
2346 			}
2347 		} else if (strcmp(filename, mp->mod_filename) == 0) {
2348 			mutex_exit(&mod_lock);
2349 			return (mp);
2350 		}
2351 	} while ((mp = mp->mod_next) != &modules);
2352 	mutex_exit(&mod_lock);
2353 	return (NULL);
2354 }
2355 
2356 /*
2357  * Check for circular dependencies.  This is called from do_dependents()
2358  * in kobj.c.  If we are the thread already loading this module, then
2359  * we're trying to load a dependent that we're already loading which
2360  * means the user specified circular dependencies.
2361  */
2362 static int
2363 mod_circdep(struct modctl *modp)
2364 {
2365 	struct modctl	*rmod;
2366 
2367 	ASSERT(MUTEX_HELD(&mod_lock));
2368 
2369 	/*
2370 	 * Check the mod_inprogress_thread first.
2371 	 * mod_inprogress_thread is used in mod_hold_stub()
2372 	 * directly to improve performance.
2373 	 */
2374 	if (modp->mod_inprogress_thread == curthread)
2375 		return (1);
2376 
2377 	/*
2378 	 * Check the module circular dependencies.
2379 	 */
2380 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
2381 		/*
2382 		 * Check if there is a module circular dependency.
2383 		 */
2384 		if (rmod->mod_requisite_loading == modp)
2385 			return (1);
2386 	}
2387 	return (0);
2388 }
2389 
2390 static int
2391 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
2392 {
2393 	int (*func)(struct modinfo *);
2394 	int retval;
2395 
2396 	ASSERT(modp->mod_busy);
2397 
2398 	/* primary modules don't do getinfo */
2399 	if (modp->mod_prim)
2400 		return (0);
2401 
2402 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
2403 
2404 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
2405 		cmn_err(CE_WARN, "_info() not defined properly in %s",
2406 		    modp->mod_filename);
2407 		/*
2408 		 * The semantics of mod_info(9F) are that 0 is failure
2409 		 * and non-zero is success.
2410 		 */
2411 		retval = 0;
2412 	} else
2413 		retval = (*func)(modinfop);	/* call _info() function */
2414 
2415 	if (moddebug & MODDEBUG_USERDEBUG)
2416 		printf("Returned from _info, retval = %x\n", retval);
2417 
2418 	return (retval);
2419 }
2420 
2421 static void
2422 modadd(struct modctl *mp)
2423 {
2424 	ASSERT(MUTEX_HELD(&mod_lock));
2425 
2426 	mp->mod_id = last_module_id++;
2427 	mp->mod_next = &modules;
2428 	mp->mod_prev = modules.mod_prev;
2429 	modules.mod_prev->mod_next = mp;
2430 	modules.mod_prev = mp;
2431 }
2432 
2433 /*ARGSUSED*/
2434 static struct modctl *
2435 allocate_modp(char *filename, char *modname)
2436 {
2437 	struct modctl *mp;
2438 
2439 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
2440 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
2441 	(void) strcpy(mp->mod_modname, modname);
2442 	return (mp);
2443 }
2444 
2445 /*
2446  * Get the value of a symbol.  This is a wrapper routine that
2447  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
2448  * wrapper will prevent callers from noticing.
2449  */
2450 uintptr_t
2451 modgetsymvalue(char *name, int kernelonly)
2452 {
2453 	return (kobj_getsymvalue(name, kernelonly));
2454 }
2455 
2456 /*
2457  * Get the symbol nearest an address.  This is a wrapper routine that
2458  * calls kobj_getsymname().  kobj_getsymname() may go away but this
2459  * wrapper will prevent callers from noticing.
2460  */
2461 char *
2462 modgetsymname(uintptr_t value, ulong_t *offset)
2463 {
2464 	return (kobj_getsymname(value, offset));
2465 }
2466 
2467 /*
2468  * Lookup a symbol in a specified module.  This is a wrapper routine that
2469  * calls kobj_lookup().  kobj_lookup() may go away but this
2470  * wrapper will prevent callers from noticing.
2471  */
2472 uintptr_t
2473 modlookup(char *modname, char *symname)
2474 {
2475 	struct modctl *modp;
2476 	uintptr_t val;
2477 
2478 	if ((modp = mod_hold_by_name(modname)) == NULL)
2479 		return (0);
2480 	val = kobj_lookup(modp->mod_mp, symname);
2481 	mod_release_mod(modp);
2482 	return (val);
2483 }
2484 
2485 /*
2486  * Ask the user for the name of the system file and the default path
2487  * for modules.
2488  */
2489 void
2490 mod_askparams()
2491 {
2492 	static char s0[64];
2493 	intptr_t fd;
2494 
2495 	if ((fd = kobj_open(systemfile)) != -1L)
2496 		kobj_close(fd);
2497 	else
2498 		systemfile = NULL;
2499 
2500 	/*CONSTANTCONDITION*/
2501 	while (1) {
2502 		printf("Name of system file [%s]:  ",
2503 			systemfile ? systemfile : "/dev/null");
2504 
2505 		console_gets(s0, sizeof (s0));
2506 
2507 		if (s0[0] == '\0')
2508 			break;
2509 		else if (strcmp(s0, "/dev/null") == 0) {
2510 			systemfile = NULL;
2511 			break;
2512 		} else {
2513 			if ((fd = kobj_open(s0)) != -1L) {
2514 				kobj_close(fd);
2515 				systemfile = s0;
2516 				break;
2517 			}
2518 		}
2519 		printf("can't find file %s\n", s0);
2520 	}
2521 }
2522 
2523 static char loading_msg[] = "loading '%s' id %d\n";
2524 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
2525 
2526 /*
2527  * Common code for loading a module (but not installing it).
2528  * Handoff the task of module loading to a seperate thread
2529  * with a large stack if possible, since this code may recurse a few times.
2530  * Return zero if there are no errors or an errno value.
2531  */
2532 static int
2533 mod_load(struct modctl *mp, int usepath)
2534 {
2535 	int		retval;
2536 	struct modinfo	*modinfop = NULL;
2537 	struct loadmt	lt;
2538 
2539 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2540 	ASSERT(mp->mod_busy);
2541 
2542 	if (mp->mod_loaded)
2543 		return (0);
2544 
2545 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
2546 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
2547 		if (moddebug & MODDEBUG_LOADMSG) {
2548 			printf(mod_excl_msg, mp->mod_filename,
2549 				mp->mod_modname);
2550 		}
2551 		return (ENXIO);
2552 	}
2553 	if (moddebug & MODDEBUG_LOADMSG2)
2554 		printf(loading_msg, mp->mod_filename, mp->mod_id);
2555 
2556 	if (curthread != &t0) {
2557 		lt.mp = mp;
2558 		lt.usepath = usepath;
2559 		lt.owner = curthread;
2560 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
2561 
2562 		/* create thread to hand of call to */
2563 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
2564 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
2565 
2566 		/* wait for thread to complete kobj_load_module */
2567 		sema_p(&lt.sema);
2568 
2569 		sema_destroy(&lt.sema);
2570 		retval = lt.retval;
2571 	} else
2572 		retval = kobj_load_module(mp, usepath);
2573 
2574 	if (mp->mod_mp) {
2575 		ASSERT(retval == 0);
2576 		mp->mod_loaded = 1;
2577 		mp->mod_loadcnt++;
2578 		if (moddebug & MODDEBUG_LOADMSG) {
2579 			printf(load_msg, mp->mod_filename, mp->mod_id,
2580 				(void *)((struct module *)mp->mod_mp)->text,
2581 				(void *)((struct module *)mp->mod_mp)->data,
2582 				((struct module *)mp->mod_mp)->text_size,
2583 				((struct module *)mp->mod_mp)->data_size);
2584 		}
2585 
2586 		/*
2587 		 * XXX - There should be a better way to get this.
2588 		 */
2589 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
2590 		modinfop->mi_info = MI_INFO_LINKAGE;
2591 		if (mod_getinfo(mp, modinfop) == 0)
2592 			mp->mod_linkage = NULL;
2593 		else {
2594 			mp->mod_linkage = (void *)modinfop->mi_base;
2595 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
2596 		}
2597 
2598 		/*
2599 		 * DCS: bootstrapping code. If the driver is loaded
2600 		 * before root mount, it is assumed that the driver
2601 		 * may be used before mounting root. In order to
2602 		 * access mappings of global to local minor no.'s
2603 		 * during installation/open of the driver, we load
2604 		 * them into memory here while the BOP_interfaces
2605 		 * are still up.
2606 		 */
2607 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
2608 			retval = clboot_modload(mp);
2609 		}
2610 
2611 		kmem_free(modinfop, sizeof (struct modinfo));
2612 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
2613 		retval = install_stubs_by_name(mp, mp->mod_modname);
2614 
2615 		/*
2616 		 * Now that the module is loaded, we need to give DTrace
2617 		 * a chance to notify its providers.  This is done via
2618 		 * the dtrace_modload function pointer.
2619 		 */
2620 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
2621 			struct modctl *dmp = mod_hold_by_name("dtrace");
2622 
2623 			if (dmp != NULL && dtrace_modload != NULL)
2624 				(*dtrace_modload)(mp);
2625 
2626 			mod_release_mod(dmp);
2627 		}
2628 
2629 	} else {
2630 		/*
2631 		 * If load failed then we need to release any requisites
2632 		 * that we had established.
2633 		 */
2634 		ASSERT(retval);
2635 		mod_release_requisites(mp);
2636 
2637 		if (moddebug & MODDEBUG_ERRMSG)
2638 			printf("error loading '%s', error %d\n",
2639 			    mp->mod_filename, retval);
2640 	}
2641 	return (retval);
2642 }
2643 
2644 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
2645 
2646 static void
2647 mod_unload(struct modctl *mp)
2648 {
2649 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2650 	ASSERT(mp->mod_busy);
2651 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
2652 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
2653 
2654 	if (moddebug & MODDEBUG_LOADMSG)
2655 		printf(unload_msg, mp->mod_modname,
2656 			mp->mod_id, mp->mod_loadcnt);
2657 
2658 	/*
2659 	 * If mod_ref is not zero, it means some modules might still refer
2660 	 * to this module. Then you can't unload this module right now.
2661 	 * Instead, set 1 to mod_delay_unload to notify the system of
2662 	 * unloading this module later when it's not required any more.
2663 	 */
2664 	if (mp->mod_ref > 0) {
2665 		mp->mod_delay_unload = 1;
2666 		if (moddebug & MODDEBUG_LOADMSG2) {
2667 			printf("module %s not unloaded,"
2668 			    " non-zero reference count (%d)",
2669 			    mp->mod_modname, mp->mod_ref);
2670 		}
2671 		return;
2672 	}
2673 
2674 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
2675 	    (mp->mod_ref || mp->mod_prim)) {
2676 		/*
2677 		 * A DEBUG kernel would ASSERT panic above, the code is broken
2678 		 * if we get this warning.
2679 		 */
2680 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
2681 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
2682 		    mp->mod_ref);
2683 		return;
2684 	}
2685 
2686 	/* reset stub functions to call the binder again */
2687 	reset_stubs(mp);
2688 
2689 	/*
2690 	 * mark module as unloaded before the modctl structure is freed.
2691 	 * This is required not to reuse the modctl structure before
2692 	 * the module is marked as unloaded.
2693 	 */
2694 	mp->mod_loaded = 0;
2695 	mp->mod_linkage = NULL;
2696 
2697 	/* free the memory */
2698 	kobj_unload_module(mp);
2699 
2700 	if (mp->mod_delay_unload) {
2701 		mp->mod_delay_unload = 0;
2702 		if (moddebug & MODDEBUG_LOADMSG2) {
2703 			printf("deferred unload of module %s"
2704 			    " (id %d) successful",
2705 			    mp->mod_modname, mp->mod_id);
2706 		}
2707 	}
2708 
2709 	/* release hold on requisites */
2710 	mod_release_requisites(mp);
2711 
2712 	/*
2713 	 * Now that the module is gone, we need to give DTrace a chance to
2714 	 * remove any probes that it may have had in the module.  This is
2715 	 * done via the dtrace_modunload function pointer.
2716 	 */
2717 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
2718 		struct modctl *dmp = mod_hold_by_name("dtrace");
2719 
2720 		if (dmp != NULL && dtrace_modunload != NULL)
2721 			(*dtrace_modunload)(mp);
2722 
2723 		mod_release_mod(dmp);
2724 	}
2725 }
2726 
2727 static int
2728 modinstall(struct modctl *mp)
2729 {
2730 	int val;
2731 	int (*func)(void);
2732 
2733 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2734 	ASSERT(mp->mod_busy && mp->mod_loaded);
2735 
2736 	if (mp->mod_installed)
2737 		return (0);
2738 	/*
2739 	 * If mod_delay_unload is on, it means the system chose the deferred
2740 	 * unload for this module. Then you can't install this module until
2741 	 * it's unloaded from the system.
2742 	 */
2743 	if (mp->mod_delay_unload)
2744 		return (ENXIO);
2745 
2746 	if (moddebug & MODDEBUG_LOADMSG)
2747 		printf("installing %s, module id %d.\n",
2748 			mp->mod_modname, mp->mod_id);
2749 
2750 	ASSERT(mp->mod_mp != NULL);
2751 	if (mod_install_requisites(mp) != 0) {
2752 		/*
2753 		 * Note that we can't call mod_unload(mp) here since
2754 		 * if modinstall() was called by mod_install_requisites(),
2755 		 * we won't be able to hold the dependent modules
2756 		 * (otherwise there would be a deadlock).
2757 		 */
2758 		return (ENXIO);
2759 	}
2760 
2761 	if (moddebug & MODDEBUG_ERRMSG) {
2762 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
2763 			mp->mod_filename, mp->mod_id,
2764 			(void *)((struct module *)mp->mod_mp)->text,
2765 			(void *)((struct module *)mp->mod_mp)->data,
2766 			((struct module *)mp->mod_mp)->text_size,
2767 			((struct module *)mp->mod_mp)->data_size);
2768 	}
2769 
2770 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
2771 
2772 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
2773 		cmn_err(CE_WARN, "_init() not defined properly in %s",
2774 		    mp->mod_filename);
2775 		return (EFAULT);
2776 	}
2777 
2778 	if (moddebug & MODDEBUG_USERDEBUG) {
2779 		printf("breakpoint before calling %s:_init()\n",
2780 		    mp->mod_modname);
2781 		if (DEBUGGER_PRESENT)
2782 			debug_enter("_init");
2783 	}
2784 
2785 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2786 	ASSERT(mp->mod_busy && mp->mod_loaded);
2787 	val = (*func)();		/* call _init */
2788 
2789 	if (moddebug & MODDEBUG_USERDEBUG)
2790 		printf("Returned from _init, val = %x\n", val);
2791 
2792 	if (val == 0) {
2793 		/*
2794 		 * Set the MODS_INSTALLED flag to enable this module
2795 		 * being called now.
2796 		 */
2797 		install_stubs(mp);
2798 		mp->mod_installed = 1;
2799 	} else if (moddebug & MODDEBUG_ERRMSG)
2800 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
2801 
2802 	return (val);
2803 }
2804 
2805 static int
2806 detach_driver(char *name)
2807 {
2808 	major_t major;
2809 	int error;
2810 
2811 	/*
2812 	 * If being called from mod_uninstall_all() then the appropriate
2813 	 * driver detaches (leaf only) have already been done.
2814 	 */
2815 	if (mod_in_autounload())
2816 		return (0);
2817 
2818 	major = ddi_name_to_major(name);
2819 	if (major == (major_t)-1)
2820 		return (0);
2821 
2822 	error = ndi_devi_unconfig_driver(ddi_root_node(),
2823 	    NDI_DETACH_DRIVER, major);
2824 	return (error == NDI_SUCCESS ? 0 : -1);
2825 }
2826 
2827 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
2828 
2829 static int
2830 moduninstall(struct modctl *mp)
2831 {
2832 	int status = 0;
2833 	int (*func)(void);
2834 
2835 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2836 	ASSERT(mp->mod_busy);
2837 
2838 	/*
2839 	 * Verify that we need to do something and can uninstall the module.
2840 	 *
2841 	 * If we should not uninstall the module or if the module is not in
2842 	 * the correct state to start an uninstall we return EBUSY to prevent
2843 	 * us from progressing to mod_unload.  If the module has already been
2844 	 * uninstalled and unloaded we return EALREADY.
2845 	 */
2846 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
2847 		return (EBUSY);
2848 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
2849 		return (EALREADY);
2850 
2851 	/*
2852 	 * To avoid devinfo / module deadlock we must release this module
2853 	 * prior to initiating the detach_driver, otherwise the detach_driver
2854 	 * might deadlock on a devinfo node held by another thread
2855 	 * coming top down and involving the module we have locked.
2856 	 *
2857 	 * When we regrab the module we must reverify that it is OK
2858 	 * to proceed with the uninstall operation.
2859 	 */
2860 	mod_release_mod(mp);
2861 	status = detach_driver(mp->mod_modname);
2862 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
2863 
2864 	/* check detach status and reverify state with lock */
2865 	mutex_enter(&mod_lock);
2866 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
2867 		mutex_exit(&mod_lock);
2868 		return (EBUSY);
2869 	}
2870 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
2871 		mutex_exit(&mod_lock);
2872 		return (EALREADY);
2873 	}
2874 	mutex_exit(&mod_lock);
2875 
2876 	if (moddebug & MODDEBUG_LOADMSG2)
2877 		printf("uninstalling %s\n", mp->mod_modname);
2878 
2879 	/*
2880 	 * lookup _fini, return EBUSY if not defined.
2881 	 *
2882 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
2883 	 * detach(9E) - it allows bufctl addresses to be resolved.
2884 	 */
2885 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
2886 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
2887 	    (moddebug & MODDEBUG_FINI_EBUSY))
2888 		return (EBUSY);
2889 
2890 	/* verify that _fini is in this module */
2891 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
2892 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
2893 		    mp->mod_filename);
2894 		return (EFAULT);
2895 	}
2896 
2897 	/* call _fini() */
2898 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2899 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
2900 
2901 	status = (*func)();
2902 
2903 	if (status == 0) {
2904 		/* _fini returned success, the module is no longer installed */
2905 		if (moddebug & MODDEBUG_LOADMSG)
2906 			printf("uninstalled %s\n", mp->mod_modname);
2907 
2908 		/*
2909 		 * Even though we only set mod_installed to zero here, a zero
2910 		 * return value means we are commited to a code path were
2911 		 * mod_loaded will also end up as zero - we have no other
2912 		 * way to get the module data and bss back to the pre _init
2913 		 * state except a reload. To ensure this, after return,
2914 		 * mod_busy must stay set until mod_loaded is cleared.
2915 		 */
2916 		mp->mod_installed = 0;
2917 
2918 		/*
2919 		 * Clear the MODS_INSTALLED flag not to call functions
2920 		 * in the module directly from now on.
2921 		 */
2922 		uninstall_stubs(mp);
2923 	} else {
2924 		if (moddebug & MODDEBUG_USERDEBUG)
2925 			printf(finiret_msg, mp->mod_filename, status);
2926 		/*
2927 		 * By definition _fini is only allowed to return EBUSY or the
2928 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
2929 		 * that a driver returns EALREADY we convert this to EINVAL
2930 		 * since to our caller EALREADY means module was already
2931 		 * removed.
2932 		 */
2933 		if (status == EALREADY)
2934 			status = EINVAL;
2935 	}
2936 
2937 	return (status);
2938 }
2939 
2940 /*
2941  * Uninstall all modules.
2942  */
2943 static void
2944 mod_uninstall_all(void)
2945 {
2946 	struct modctl	*mp;
2947 	modid_t		modid = 0;
2948 
2949 	/* mark this thread as doing autounloading */
2950 	(void) tsd_set(mod_autounload_key, (void *)1);
2951 
2952 	(void) devfs_clean(ddi_root_node(), NULL, 0);
2953 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
2954 
2955 	while ((mp = mod_hold_next_by_id(modid)) != NULL) {
2956 		modid = mp->mod_id;
2957 		/*
2958 		 * Skip modules with the MOD_NOAUTOUNLOAD flag set
2959 		 */
2960 		if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
2961 			mod_release_mod(mp);
2962 			continue;
2963 		}
2964 
2965 		if (moduninstall(mp) == 0) {
2966 			mod_unload(mp);
2967 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2968 		}
2969 		mod_release_mod(mp);
2970 	}
2971 
2972 	(void) tsd_set(mod_autounload_key, NULL);
2973 }
2974 
2975 static int modunload_disable_count;
2976 
2977 void
2978 modunload_disable(void)
2979 {
2980 	INCR_COUNT(&modunload_disable_count, &mod_uninstall_lock);
2981 }
2982 
2983 void
2984 modunload_enable(void)
2985 {
2986 	DECR_COUNT(&modunload_disable_count, &mod_uninstall_lock);
2987 }
2988 
2989 void
2990 mod_uninstall_daemon(void)
2991 {
2992 	callb_cpr_t	cprinfo;
2993 	clock_t		ticks = 0;
2994 
2995 	mod_aul_thread = curthread;
2996 
2997 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
2998 	for (;;) {
2999 		mutex_enter(&mod_uninstall_lock);
3000 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3001 		/*
3002 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3003 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3004 		 * be disabled by setting mod_uninstall_interval to 0 which is
3005 		 * the default for a non-DEBUG kernel.
3006 		 */
3007 		if (mod_uninstall_interval) {
3008 			ticks = ddi_get_lbolt() +
3009 				drv_usectohz(mod_uninstall_interval * 1000000);
3010 			(void) cv_timedwait(&mod_uninstall_cv,
3011 				&mod_uninstall_lock, ticks);
3012 		} else {
3013 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3014 		}
3015 		/*
3016 		 * The whole daemon is safe for CPR except we don't want
3017 		 * the daemon to run if FREEZE is issued and this daemon
3018 		 * wakes up from the cv_wait above. In this case, it'll be
3019 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3020 		 *
3021 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3022 		 * mod_uninstall_lock is used to protect cprinfo and
3023 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3024 		 * called.
3025 		 */
3026 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3027 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3028 		mutex_exit(&mod_uninstall_lock);
3029 		if ((modunload_disable_count == 0) &&
3030 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3031 			mod_uninstall_all();
3032 		}
3033 	}
3034 }
3035 
3036 /*
3037  * Unload all uninstalled modules.
3038  */
3039 void
3040 modreap(void)
3041 {
3042 	mutex_enter(&mod_uninstall_lock);
3043 	cv_broadcast(&mod_uninstall_cv);
3044 	mutex_exit(&mod_uninstall_lock);
3045 }
3046 
3047 /*
3048  * Hold the specified module. This is the module holding primitive.
3049  *
3050  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3051  *
3052  * Return values:
3053  *	 0 ==> the module is held
3054  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3055  *		to determine how to retry.
3056  */
3057 int
3058 mod_hold_by_modctl(struct modctl *mp, int f)
3059 {
3060 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3061 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3062 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3063 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3064 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3065 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3066 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3067 
3068 	if (f & MOD_LOCK_NOT_HELD)
3069 		mutex_enter(&mod_lock);
3070 
3071 	while (mp->mod_busy) {
3072 		mp->mod_want = 1;
3073 		cv_wait(&mod_cv, &mod_lock);
3074 		/*
3075 		 * Module may be unloaded by daemon.
3076 		 * Nevertheless, modctl structure is still in linked list
3077 		 * (i.e., off &modules), not freed!
3078 		 * Caller is not supposed to assume "mp" is valid, but there
3079 		 * is no reasonable way to detect this but using
3080 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3081 		 *   (or similar check depending on calling context)
3082 		 * DON'T free modctl structure, it will be very very
3083 		 * problematic.
3084 		 */
3085 		if (f & MOD_WAIT_ONCE) {
3086 			if (f & MOD_LOCK_NOT_HELD)
3087 				mutex_exit(&mod_lock);
3088 			return (1);	/* caller decides how to retry */
3089 		}
3090 	}
3091 
3092 	mp->mod_busy = 1;
3093 	mp->mod_inprogress_thread =
3094 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
3095 
3096 	if (f & MOD_LOCK_NOT_HELD)
3097 		mutex_exit(&mod_lock);
3098 	return (0);
3099 }
3100 
3101 static struct modctl *
3102 mod_hold_by_name_common(struct modctl *dep, char *filename)
3103 {
3104 	char		*modname;
3105 	struct modctl	*mp;
3106 	char		*curname, *newname;
3107 	int		found = 0;
3108 
3109 	mutex_enter(&mod_lock);
3110 
3111 	if ((modname = strrchr(filename, '/')) == NULL)
3112 		modname = filename;
3113 	else
3114 		modname++;
3115 
3116 	mp = &modules;
3117 	do {
3118 		if (strcmp(modname, mp->mod_modname) == 0) {
3119 			found = 1;
3120 			break;
3121 		}
3122 	} while ((mp = mp->mod_next) != &modules);
3123 
3124 	if (found == 0) {
3125 		mp = allocate_modp(filename, modname);
3126 		modadd(mp);
3127 	}
3128 
3129 	/*
3130 	 * if dep is not NULL, set the mp in mod_requisite_loading for
3131 	 * the module circular dependency check. This field is used in
3132 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
3133 	 */
3134 	if (dep != NULL) {
3135 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
3136 		dep->mod_requisite_loading = mp;
3137 	}
3138 
3139 	/*
3140 	 * If the module was held, then it must be us who has it held.
3141 	 */
3142 	if (mod_circdep(mp))
3143 		mp = NULL;
3144 	else {
3145 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3146 
3147 		/*
3148 		 * If the name hadn't been set or has changed, allocate
3149 		 * space and set it.  Free space used by previous name.
3150 		 *
3151 		 * Do not change the name of primary modules, for primary
3152 		 * modules the mod_filename was allocated in standalone mode:
3153 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
3154 		 * in non-standalone mode.
3155 		 */
3156 		curname = mp->mod_filename;
3157 		if (curname == NULL ||
3158 		    ((mp->mod_prim == 0) &&
3159 		    (curname != filename) &&
3160 		    (modname != filename) &&
3161 		    (strcmp(curname, filename) != 0))) {
3162 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
3163 			(void) strcpy(newname, filename);
3164 			mp->mod_filename = newname;
3165 			if (curname != NULL)
3166 				kobj_free(curname, strlen(curname) + 1);
3167 		}
3168 	}
3169 
3170 	mutex_exit(&mod_lock);
3171 	if (mp && moddebug & MODDEBUG_LOADMSG2)
3172 		printf("Holding %s\n", mp->mod_filename);
3173 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
3174 		printf("circular dependency loading %s\n", filename);
3175 	return (mp);
3176 }
3177 
3178 static struct modctl *
3179 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
3180 {
3181 	return (mod_hold_by_name_common(dep, filename));
3182 }
3183 
3184 struct modctl *
3185 mod_hold_by_name(char *filename)
3186 {
3187 	return (mod_hold_by_name_common(NULL, filename));
3188 }
3189 
3190 static struct modctl *
3191 mod_hold_by_id(modid_t modid)
3192 {
3193 	struct modctl	*mp;
3194 	int		found = 0;
3195 
3196 	mutex_enter(&mod_lock);
3197 	mp = &modules;
3198 	do {
3199 		if (mp->mod_id == modid) {
3200 			found = 1;
3201 			break;
3202 		}
3203 	} while ((mp = mp->mod_next) != &modules);
3204 
3205 	if ((found == 0) || mod_circdep(mp))
3206 		mp = NULL;
3207 	else
3208 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3209 
3210 	mutex_exit(&mod_lock);
3211 	return (mp);
3212 }
3213 
3214 static struct modctl *
3215 mod_hold_next_by_id(modid_t modid)
3216 {
3217 	struct modctl	*mp;
3218 	int		found = 0;
3219 
3220 	if (modid < -1)
3221 		return (NULL);
3222 
3223 	mutex_enter(&mod_lock);
3224 
3225 	mp = &modules;
3226 	do {
3227 		if (mp->mod_id > modid) {
3228 			found = 1;
3229 			break;
3230 		}
3231 	} while ((mp = mp->mod_next) != &modules);
3232 
3233 	if ((found == 0) || mod_circdep(mp))
3234 		mp = NULL;
3235 	else
3236 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3237 
3238 	mutex_exit(&mod_lock);
3239 	return (mp);
3240 }
3241 
3242 static void
3243 mod_release(struct modctl *mp)
3244 {
3245 	ASSERT(MUTEX_HELD(&mod_lock));
3246 	ASSERT(mp->mod_busy);
3247 
3248 	mp->mod_busy = 0;
3249 	mp->mod_inprogress_thread = NULL;
3250 	if (mp->mod_want) {
3251 		mp->mod_want = 0;
3252 		cv_broadcast(&mod_cv);
3253 	}
3254 }
3255 
3256 void
3257 mod_release_mod(struct modctl *mp)
3258 {
3259 	if (moddebug & MODDEBUG_LOADMSG2)
3260 		printf("Releasing %s\n", mp->mod_filename);
3261 	mutex_enter(&mod_lock);
3262 	mod_release(mp);
3263 	mutex_exit(&mod_lock);
3264 }
3265 
3266 modid_t
3267 mod_name_to_modid(char *filename)
3268 {
3269 	char		*modname;
3270 	struct modctl	*mp;
3271 
3272 	mutex_enter(&mod_lock);
3273 
3274 	if ((modname = strrchr(filename, '/')) == NULL)
3275 		modname = filename;
3276 	else
3277 		modname++;
3278 
3279 	mp = &modules;
3280 	do {
3281 		if (strcmp(modname, mp->mod_modname) == 0) {
3282 			mutex_exit(&mod_lock);
3283 			return (mp->mod_id);
3284 		}
3285 	} while ((mp = mp->mod_next) != &modules);
3286 
3287 	mutex_exit(&mod_lock);
3288 	return (-1);
3289 }
3290 
3291 
3292 int
3293 mod_remove_by_name(char *name)
3294 {
3295 	struct modctl *mp;
3296 	int retval;
3297 
3298 	mp = mod_hold_by_name(name);
3299 
3300 	if (mp == NULL)
3301 		return (EINVAL);
3302 
3303 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3304 		/*
3305 		 * Do not unload forceloaded modules
3306 		 */
3307 		mod_release_mod(mp);
3308 		return (0);
3309 	}
3310 
3311 	if ((retval = moduninstall(mp)) == 0) {
3312 		mod_unload(mp);
3313 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3314 	} else if (retval == EALREADY)
3315 		retval = 0;		/* already unloaded, not an error */
3316 	mod_release_mod(mp);
3317 	return (retval);
3318 }
3319 
3320 /*
3321  * Record that module "dep" is dependent on module "on_mod."
3322  */
3323 static void
3324 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
3325 {
3326 	struct modctl_list **pmlnp;	/* previous next pointer */
3327 	struct modctl_list *mlp;
3328 	struct modctl_list *new;
3329 
3330 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
3331 	mutex_enter(&mod_lock);
3332 
3333 	/*
3334 	 * Search dependent's requisite list to see if on_mod is recorded.
3335 	 * List is ordered by id.
3336 	 */
3337 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
3338 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
3339 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
3340 			break;
3341 
3342 	/* Create and insert if not already recorded */
3343 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
3344 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
3345 		new->modl_modp = on_mod;
3346 		new->modl_next = mlp;
3347 		*pmlnp = new;
3348 
3349 		/*
3350 		 * Increment the mod_ref count in our new requisite module.
3351 		 * This is what keeps a module that has other modules
3352 		 * which are dependent on it from being uninstalled and
3353 		 * unloaded. "on_mod"'s mod_ref count decremented in
3354 		 * mod_release_requisites when the "dependent" module
3355 		 * unload is complete.  "on_mod" must be loaded, but may not
3356 		 * yet be installed.
3357 		 */
3358 		on_mod->mod_ref++;
3359 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
3360 	}
3361 
3362 	mutex_exit(&mod_lock);
3363 }
3364 
3365 /*
3366  * release the hold associated with mod_make_requisite mod_ref++
3367  * as part of unload.
3368  */
3369 void
3370 mod_release_requisites(struct modctl *modp)
3371 {
3372 	struct modctl_list *modl;
3373 	struct modctl_list *next;
3374 	struct modctl *req;
3375 	struct modctl_list *start = NULL, *mod_garbage;
3376 
3377 	ASSERT(modp->mod_busy);
3378 	ASSERT(!MUTEX_HELD(&mod_lock));
3379 
3380 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
3381 	for (modl = modp->mod_requisites; modl; modl = next) {
3382 		next = modl->modl_next;
3383 		req = modl->modl_modp;
3384 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
3385 		req->mod_ref--;
3386 
3387 		/*
3388 		 * Check if the module has to be unloaded or not.
3389 		 */
3390 		if (req->mod_ref == 0 && req->mod_delay_unload) {
3391 			struct modctl_list *new;
3392 			/*
3393 			 * Allocate the modclt_list holding the garbage
3394 			 * module which should be unloaded later.
3395 			 */
3396 			new = kobj_zalloc(sizeof (struct modctl_list),
3397 			    KM_SLEEP);
3398 			new->modl_modp = req;
3399 
3400 			if (start == NULL)
3401 				mod_garbage = start = new;
3402 			else {
3403 				mod_garbage->modl_next = new;
3404 				mod_garbage = new;
3405 			}
3406 		}
3407 
3408 		/* free the list as we go */
3409 		kobj_free(modl, sizeof (*modl));
3410 	}
3411 	modp->mod_requisites = NULL;
3412 	mutex_exit(&mod_lock);
3413 
3414 	/*
3415 	 * Unload the garbage modules.
3416 	 */
3417 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
3418 		struct modctl_list *old = mod_garbage;
3419 		struct modctl *mp = mod_garbage->modl_modp;
3420 		ASSERT(mp != NULL);
3421 
3422 		/*
3423 		 * Hold this module until it's unloaded completely.
3424 		 */
3425 		(void) mod_hold_by_modctl(mp,
3426 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3427 		/*
3428 		 * Check if the module is not unloaded yet and nobody requires
3429 		 * the module. If it's unloaded already or somebody still
3430 		 * requires the module, don't unload it now.
3431 		 */
3432 		if (mp->mod_loaded && mp->mod_ref == 0)
3433 			mod_unload(mp);
3434 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
3435 		    (mp->mod_ref > 0));
3436 		mod_release_mod(mp);
3437 
3438 		mod_garbage = mod_garbage->modl_next;
3439 		kobj_free(old, sizeof (struct modctl_list));
3440 	}
3441 }
3442 
3443 /*
3444  * Process dependency of the module represented by "dep" on the
3445  * module named by "on."
3446  *
3447  * Called from kobj_do_dependents() to load a module "on" on which
3448  * "dep" depends.
3449  */
3450 struct modctl *
3451 mod_load_requisite(struct modctl *dep, char *on)
3452 {
3453 	struct modctl *on_mod;
3454 	int retval;
3455 
3456 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
3457 		mod_make_requisite(dep, on_mod);
3458 	} else if (moddebug & MODDEBUG_ERRMSG) {
3459 		printf("error processing %s on which module %s depends\n",
3460 			on, dep->mod_modname);
3461 	}
3462 	return (on_mod);
3463 }
3464 
3465 static int
3466 mod_install_requisites(struct modctl *modp)
3467 {
3468 	struct modctl_list *modl;
3469 	struct modctl *req;
3470 	int status = 0;
3471 
3472 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3473 	ASSERT(modp->mod_busy);
3474 
3475 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
3476 		req = modl->modl_modp;
3477 		(void) mod_hold_by_modctl(req,
3478 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3479 		status = modinstall(req);
3480 		mod_release_mod(req);
3481 
3482 		if (status != 0)
3483 			break;
3484 	}
3485 	return (status);
3486 }
3487 
3488 /*
3489  * returns 1 if this thread is doing autounload, 0 otherwise.
3490  * see mod_uninstall_all.
3491  */
3492 int
3493 mod_in_autounload()
3494 {
3495 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
3496 }
3497 
3498 /*
3499  * gmatch adapted from libc, stripping the wchar stuff
3500  */
3501 #define	popchar(p, c) \
3502 	c = *p++; \
3503 	if (c == 0) \
3504 		return (0);
3505 
3506 static int
3507 gmatch(const char *s, const char *p)
3508 {
3509 	int c, sc;
3510 	int ok, lc, notflag;
3511 
3512 	sc = *s++;
3513 	c = *p++;
3514 	if (c == 0)
3515 		return (sc == c);	/* nothing matches nothing */
3516 
3517 	switch (c) {
3518 	case '\\':
3519 		/* skip to quoted character */
3520 		popchar(p, c)
3521 		/*FALLTHRU*/
3522 
3523 	default:
3524 		/* straight comparison */
3525 		if (c != sc)
3526 			return (0);
3527 		/*FALLTHRU*/
3528 
3529 	case '?':
3530 		/* first char matches, move to remainder */
3531 		return (sc != '\0' ? gmatch(s, p) : 0);
3532 
3533 
3534 	case '*':
3535 		while (*p == '*')
3536 			p++;
3537 
3538 		/* * matches everything */
3539 		if (*p == 0)
3540 			return (1);
3541 
3542 		/* undo skip at the beginning & iterate over substrings */
3543 		--s;
3544 		while (*s) {
3545 			if (gmatch(s, p))
3546 				return (1);
3547 			s++;
3548 		}
3549 		return (0);
3550 
3551 	case '[':
3552 		/* match any char within [] */
3553 		if (sc == 0)
3554 			return (0);
3555 
3556 		ok = lc = notflag = 0;
3557 
3558 		if (*p == '!') {
3559 			notflag = 1;
3560 			p++;
3561 		}
3562 		popchar(p, c)
3563 
3564 		do {
3565 			if (c == '-' && lc && *p != ']') {
3566 				/* test sc against range [c1-c2] */
3567 				popchar(p, c)
3568 				if (c == '\\') {
3569 					popchar(p, c)
3570 				}
3571 
3572 				if (notflag) {
3573 					/* return 0 on mismatch */
3574 					if (lc <= sc && sc <= c)
3575 						return (0);
3576 					ok++;
3577 				} else if (lc <= sc && sc <= c) {
3578 					ok++;
3579 				}
3580 				/* keep going, may get a match next */
3581 			} else if (c == '\\') {
3582 				/* skip to quoted character */
3583 				popchar(p, c)
3584 			}
3585 			lc = c;
3586 			if (notflag) {
3587 				if (sc == lc)
3588 					return (0);
3589 				ok++;
3590 			} else if (sc == lc) {
3591 				ok++;
3592 			}
3593 			popchar(p, c)
3594 		} while (c != ']');
3595 
3596 		/* recurse on remainder of string */
3597 		return (ok ? gmatch(s, p) : 0);
3598 	}
3599 	/*NOTREACHED*/
3600 }
3601 
3602 
3603 /*
3604  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
3605  *
3606  * Pure wild-carded patterns are handled separately so the ordering of
3607  * these patterns doesn't matter.  We're still dependent on ordering
3608  * however as the first matching entry is the one returned.
3609  * Not ideal but all existing examples and usage do imply this
3610  * ordering implicitly.
3611  *
3612  * Drivers using the clone driver are always good for some entertainment.
3613  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
3614  * perm entries have the form clone:<driver>, others use <driver>:*
3615  * Examples are clone:llc1 vs. llc2:*, for example.
3616  *
3617  * Minor perms in the clone:<driver> form are mapped to the drivers's
3618  * mperm list, not the clone driver, as wildcard entries for clone
3619  * reference only.  In other words, a clone wildcard will match
3620  * references for clone@0:<driver> but never <driver>@<minor>.
3621  *
3622  * Additional minor perms in the standard form are also supported,
3623  * for mixed usage, ie a node with an entry clone:<driver> could
3624  * provide further entries <driver>:<minor>.
3625  *
3626  * Finally, some uses of clone use an alias as the minor name rather
3627  * than the driver name, with the alias as the minor perm entry.
3628  * This case is handled by attaching the driver to bring its
3629  * minor list into existence, then discover the alias via DDI_ALIAS.
3630  * The clone device's minor perm list can then be searched for
3631  * that alias.
3632  */
3633 
3634 static int
3635 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
3636 {
3637 	major_t major;
3638 	struct devnames *dnp;
3639 	mperm_t *mp;
3640 	char *alias = NULL;
3641 	dev_info_t *cdevi;
3642 	struct ddi_minor_data *dmd;
3643 
3644 	major = ddi_name_to_major(minor_name);
3645 
3646 	ASSERT(dip == clone_dip);
3647 	ASSERT(major != (major_t)-1);
3648 
3649 	/*
3650 	 * Attach the driver named by the minor node, then
3651 	 * search its first instance's minor list for an
3652 	 * alias node.
3653 	 */
3654 	if (ddi_hold_installed_driver(major) == NULL)
3655 		return (1);
3656 
3657 	dnp = &devnamesp[major];
3658 	LOCK_DEV_OPS(&dnp->dn_lock);
3659 
3660 	if ((cdevi = dnp->dn_head) != NULL) {
3661 		mutex_enter(&DEVI(cdevi)->devi_lock);
3662 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
3663 			if (dmd->type == DDM_ALIAS) {
3664 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
3665 				break;
3666 			}
3667 		}
3668 		mutex_exit(&DEVI(cdevi)->devi_lock);
3669 	}
3670 
3671 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3672 	ddi_rele_driver(major);
3673 
3674 	if (alias == NULL) {
3675 		if (moddebug & MODDEBUG_MINORPERM)
3676 			cmn_err(CE_CONT, "dev_minorperm: "
3677 			    "no alias for %s\n", minor_name);
3678 		return (1);
3679 	}
3680 
3681 	major = ddi_driver_major(clone_dip);
3682 	dnp = &devnamesp[major];
3683 	LOCK_DEV_OPS(&dnp->dn_lock);
3684 
3685 	/*
3686 	 * Go through the clone driver's mperm list looking
3687 	 * for a match for the specified alias.
3688 	 */
3689 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
3690 		if (strcmp(alias, mp->mp_minorname) == 0) {
3691 			break;
3692 		}
3693 	}
3694 
3695 	if (mp) {
3696 		if (moddebug & MODDEBUG_MP_MATCH) {
3697 			cmn_err(CE_CONT,
3698 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
3699 			    minor_name, alias, mp->mp_mode,
3700 			    mp->mp_uid, mp->mp_gid);
3701 		}
3702 		rmp->mp_uid = mp->mp_uid;
3703 		rmp->mp_gid = mp->mp_gid;
3704 		rmp->mp_mode = mp->mp_mode;
3705 	}
3706 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3707 
3708 	kmem_free(alias, strlen(alias)+1);
3709 
3710 	return (mp == NULL);
3711 }
3712 
3713 int
3714 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
3715 {
3716 	major_t major;
3717 	char *minor_name;
3718 	struct devnames *dnp;
3719 	mperm_t *mp;
3720 	int is_clone = 0;
3721 
3722 	if (!minorperm_loaded) {
3723 		if (moddebug & MODDEBUG_MINORPERM)
3724 			cmn_err(CE_CONT,
3725 			    "%s: minor perm not yet loaded\n", name);
3726 		return (1);
3727 	}
3728 
3729 	minor_name = strchr(name, ':');
3730 	if (minor_name == NULL)
3731 		return (1);
3732 	minor_name++;
3733 
3734 	/*
3735 	 * If it's the clone driver, search the driver as named
3736 	 * by the minor.  All clone minor perm entries other than
3737 	 * alias nodes are actually installed on the real driver's list.
3738 	 */
3739 	if (dip == clone_dip) {
3740 		major = ddi_name_to_major(minor_name);
3741 		if (major == (major_t)-1) {
3742 			if (moddebug & MODDEBUG_MINORPERM)
3743 				cmn_err(CE_CONT, "dev_minorperm: "
3744 				    "%s: no such driver\n", minor_name);
3745 			return (1);
3746 		}
3747 		is_clone = 1;
3748 	} else {
3749 		major = ddi_driver_major(dip);
3750 		ASSERT(major != (major_t)-1);
3751 	}
3752 
3753 	dnp = &devnamesp[major];
3754 	LOCK_DEV_OPS(&dnp->dn_lock);
3755 
3756 	/*
3757 	 * Go through the driver's mperm list looking for
3758 	 * a match for the specified minor.  If there's
3759 	 * no matching pattern, use the wild card.
3760 	 * Defer to the clone wild for clone if specified,
3761 	 * otherwise fall back to the normal form.
3762 	 */
3763 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
3764 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
3765 			break;
3766 		}
3767 	}
3768 	if (mp == NULL) {
3769 		if (is_clone)
3770 			mp = dnp->dn_mperm_clone;
3771 		if (mp == NULL)
3772 			mp = dnp->dn_mperm_wild;
3773 	}
3774 
3775 	if (mp) {
3776 		if (moddebug & MODDEBUG_MP_MATCH) {
3777 			cmn_err(CE_CONT,
3778 			    "minor perm defaults: %s %s 0%o %d %d\n",
3779 			    name, mp->mp_minorname, mp->mp_mode,
3780 			    mp->mp_uid, mp->mp_gid);
3781 		}
3782 		rmp->mp_uid = mp->mp_uid;
3783 		rmp->mp_gid = mp->mp_gid;
3784 		rmp->mp_mode = mp->mp_mode;
3785 	}
3786 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3787 
3788 	/*
3789 	 * If no match can be found for a clone node,
3790 	 * search for a possible match for an alias.
3791 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
3792 	 * with minor perm entry clone:ptmx.
3793 	 */
3794 	if (mp == NULL && is_clone) {
3795 		return (dev_alias_minorperm(dip, minor_name, rmp));
3796 	}
3797 
3798 	return (mp == NULL);
3799 }
3800 
3801 /*
3802  * dynamicaly reference load a dl module/library, returning handle
3803  */
3804 /*ARGSUSED*/
3805 ddi_modhandle_t
3806 ddi_modopen(const char *modname, int mode, int *errnop)
3807 {
3808 	char		*subdir;
3809 	char		*mod;
3810 	int		subdirlen;
3811 	struct modctl	*hmodp = NULL;
3812 	int		retval = EINVAL;
3813 
3814 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
3815 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
3816 		goto out;
3817 
3818 	/* find optional first '/' in modname */
3819 	mod = strchr(modname, '/');
3820 	if (mod != strrchr(modname, '/'))
3821 		goto out;		/* only one '/' is legal */
3822 
3823 	if (mod) {
3824 		/* for subdir string without modification to argument */
3825 		mod++;
3826 		subdirlen = mod - modname;
3827 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
3828 		(void) strlcpy(subdir, modname, subdirlen);
3829 	} else {
3830 		subdirlen = 0;
3831 		subdir = "misc";
3832 		mod = (char *)modname;
3833 	}
3834 
3835 	/* reference load with errno return value */
3836 	retval = modrload(subdir, mod, &hmodp);
3837 
3838 	if (subdirlen)
3839 		kmem_free(subdir, subdirlen);
3840 
3841 out:	if (errnop)
3842 		*errnop = retval;
3843 
3844 	if (moddebug & MODDEBUG_DDI_MOD)
3845 		printf("ddi_modopen %s mode %x: %s %p %d\n",
3846 		    modname ? modname : "<unknown>", mode,
3847 		    hmodp ? hmodp->mod_filename : "<unknown>",
3848 		    (void *)hmodp, retval);
3849 
3850 	return ((ddi_modhandle_t)hmodp);
3851 }
3852 
3853 /* lookup "name" in open dl module/library */
3854 void *
3855 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
3856 {
3857 	struct modctl	*hmodp = (struct modctl *)h;
3858 	void		*f;
3859 	int		retval;
3860 
3861 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
3862 	if ((hmodp == NULL) || (name == NULL) ||
3863 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
3864 		f = NULL;
3865 		retval = EINVAL;
3866 	} else {
3867 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
3868 		if (f)
3869 			retval = 0;
3870 		else
3871 			retval = ENOTSUP;
3872 	}
3873 
3874 	if (moddebug & MODDEBUG_DDI_MOD)
3875 		printf("ddi_modsym in %s of %s: %d %p\n",
3876 		    hmodp ? hmodp->mod_modname : "<unknown>",
3877 		    name ? name : "<unknown>", retval, f);
3878 
3879 	if (errnop)
3880 		*errnop = retval;
3881 	return (f);
3882 }
3883 
3884 /* dynamic (un)reference unload of an open dl module/library */
3885 int
3886 ddi_modclose(ddi_modhandle_t h)
3887 {
3888 	struct modctl	*hmodp = (struct modctl *)h;
3889 	struct modctl	*modp = NULL;
3890 	int		retval;
3891 
3892 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
3893 	if ((hmodp == NULL) ||
3894 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
3895 		retval = EINVAL;
3896 		goto out;
3897 	}
3898 
3899 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
3900 	if (retval == EBUSY)
3901 		retval = 0;	/* EBUSY is not an error */
3902 
3903 	if (retval == 0) {
3904 		ASSERT(hmodp == modp);
3905 		if (hmodp != modp)
3906 			retval = EINVAL;
3907 	}
3908 
3909 out:	if (moddebug & MODDEBUG_DDI_MOD)
3910 		printf("ddi_modclose %s: %d\n",
3911 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
3912 
3913 	return (retval);
3914 }
3915