xref: /illumos-gate/usr/src/uts/common/os/modctl.c (revision fb1354ed4c9fee45e038d38a155ea6fb11ee17bb)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * modctl system call for loadable module support.
31  */
32 
33 #include <sys/param.h>
34 #include <sys/user.h>
35 #include <sys/systm.h>
36 #include <sys/exec.h>
37 #include <sys/file.h>
38 #include <sys/stat.h>
39 #include <sys/conf.h>
40 #include <sys/time.h>
41 #include <sys/reboot.h>
42 #include <sys/fs/ufs_fsdir.h>
43 #include <sys/kmem.h>
44 #include <sys/sysconf.h>
45 #include <sys/cmn_err.h>
46 #include <sys/ddi.h>
47 #include <sys/sunddi.h>
48 #include <sys/sunndi.h>
49 #include <sys/ndi_impldefs.h>
50 #include <sys/ddi_impldefs.h>
51 #include <sys/ddi_implfuncs.h>
52 #include <sys/bootconf.h>
53 #include <sys/dc_ki.h>
54 #include <sys/cladm.h>
55 #include <sys/dtrace.h>
56 #include <sys/kdi.h>
57 
58 #include <sys/devpolicy.h>
59 #include <sys/modctl.h>
60 #include <sys/kobj.h>
61 #include <sys/devops.h>
62 #include <sys/autoconf.h>
63 #include <sys/hwconf.h>
64 #include <sys/callb.h>
65 #include <sys/debug.h>
66 #include <sys/cpuvar.h>
67 #include <sys/sysmacros.h>
68 #include <sys/sysevent.h>
69 #include <sys/sysevent_impl.h>
70 #include <sys/instance.h>
71 #include <sys/modhash.h>
72 #include <sys/modhash_impl.h>
73 #include <sys/dacf_impl.h>
74 #include <sys/vfs.h>
75 #include <sys/pathname.h>
76 #include <sys/console.h>
77 #include <sys/policy.h>
78 #include <ipp/ipp_impl.h>
79 #include <sys/fs/dv_node.h>
80 #include <sys/strsubr.h>
81 
82 static int		mod_circdep(struct modctl *);
83 static int		modinfo(modid_t, struct modinfo *);
84 
85 static void		mod_uninstall_all(void);
86 static int		mod_getinfo(struct modctl *, struct modinfo *);
87 static struct modctl	*allocate_modp(char *, char *);
88 
89 static int		mod_load(struct modctl *, int);
90 static void		mod_unload(struct modctl *);
91 static int		modinstall(struct modctl *);
92 static int		moduninstall(struct modctl *);
93 
94 static struct modctl	*mod_hold_by_name_common(struct modctl *, char *);
95 static struct modctl	*mod_hold_by_id(modid_t);
96 static struct modctl	*mod_hold_next_by_id(modid_t);
97 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
98 static struct modctl	*mod_hold_installed_mod(char *, int, int *);
99 
100 static void		mod_release(struct modctl *);
101 static void		mod_make_requisite(struct modctl *, struct modctl *);
102 static int		mod_install_requisites(struct modctl *);
103 static void		check_esc_sequences(char *, char *);
104 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
105 
106 /*
107  * module loading thread control structure. Calls to kobj_load_module()() are
108  * handled off to a separate thead using this structure.
109  */
110 struct loadmt {
111 	ksema_t		sema;
112 	struct modctl	*mp;
113 	int		usepath;
114 	kthread_t	*owner;
115 	int		retval;
116 };
117 
118 static void	modload_thread(struct loadmt *);
119 
120 kcondvar_t	mod_cv;
121 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
122 					/* and the uninstall daemon. */
123 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
124 					/* mod_busy, mod_want, and mod_ref. */
125 					/* blocking operations while holding */
126 					/* mod_lock should be avoided */
127 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
128 kthread_id_t	mod_aul_thread;
129 
130 int	isminiroot;		/* set if running as miniroot */
131 int	modrootloaded;		/* set after root driver and fs are loaded */
132 int	moddebug = 0x0;		/* debug flags for module writers */
133 int	swaploaded;		/* set after swap driver and fs are loaded */
134 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
135 int	last_module_id;
136 clock_t	mod_uninstall_interval = 0;
137 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
138 
139 struct devnames *devnamesp;
140 struct devnames orphanlist;
141 
142 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
143 
144 #define	MAJBINDFILE "/etc/name_to_major"
145 #define	SYSBINDFILE "/etc/name_to_sysnum"
146 
147 static char	majbind[] = MAJBINDFILE;
148 static char	sysbind[] = SYSBINDFILE;
149 static uint_t	mod_autounload_key;	/* for module autounload detection */
150 
151 extern int obpdebug;
152 extern int make_mbind(char *, int, char *, struct bind **);
153 
154 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
155 
156 static int minorperm_loaded = 0;
157 
158 
159 
160 void
161 mod_setup(void)
162 {
163 	struct sysent *callp;
164 	int callnum, exectype;
165 	int	num_devs;
166 	int	i;
167 
168 	/*
169 	 * Initialize the list of loaded driver dev_ops.
170 	 * XXX - This must be done before reading the system file so that
171 	 * forceloads of drivers will work.
172 	 */
173 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
174 	/*
175 	 * Since read_binding_file is common code, it doesn't enforce that all
176 	 * of the binding file entries have major numbers <= MAXMAJ32.  Thus,
177 	 * ensure that we don't allocate some massive amount of space due to a
178 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
179 	 * until file system support for larger major numbers exists.
180 	 */
181 
182 	/*
183 	 * Leave space for expansion, but not more than L_MAXMAJ32
184 	 */
185 	devcnt = MIN(num_devs + 30, L_MAXMAJ32);
186 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
187 	for (i = 0; i < devcnt; i++)
188 		devopsp[i] = &mod_nodev_ops;
189 
190 	init_devnamesp(devcnt);
191 
192 	/*
193 	 * Sync up with the work that the stand-alone linker has already done.
194 	 */
195 	(void) kobj_sync();
196 
197 	if (boothowto & RB_DEBUG)
198 		kdi_dvec_modavail();
199 
200 	make_aliases(mb_hashtab);
201 
202 	/*
203 	 * Initialize streams device implementation structures.
204 	 */
205 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
206 
207 	/*
208 	 * If the cl_bootstrap module is present,
209 	 * we should be configured as a cluster. Loading this module
210 	 * will set "cluster_bootflags" to non-zero.
211 	 */
212 	(void) modload("misc", "cl_bootstrap");
213 
214 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
215 	init_syscallnames(NSYSCALL);
216 
217 	/*
218 	 * Start up dynamic autoconfiguration framework (dacf).
219 	 */
220 	mod_hash_init();
221 	dacf_init();
222 
223 	/*
224 	 * Start up IP policy framework (ipp).
225 	 */
226 	ipp_init();
227 
228 	/*
229 	 * Allocate loadable native system call locks.
230 	 */
231 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
232 	    callnum++, callp++) {
233 		if (LOADABLE_SYSCALL(callp)) {
234 			if (mod_getsysname(callnum) != NULL) {
235 				callp->sy_lock =
236 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
237 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
238 			} else {
239 				callp->sy_flags &= ~SE_LOADABLE;
240 				callp->sy_callc = nosys;
241 			}
242 #ifdef DEBUG
243 		} else {
244 			/*
245 			 * Do some sanity checks on the sysent table
246 			 */
247 			switch (callp->sy_flags & SE_RVAL_MASK) {
248 			case SE_32RVAL1:
249 				/* only r_val1 returned */
250 			case SE_32RVAL1 | SE_32RVAL2:
251 				/* r_val1 and r_val2 returned */
252 			case SE_64RVAL:
253 				/* 64-bit rval returned */
254 				break;
255 			default:
256 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
257 				    callnum, callp->sy_flags);
258 			}
259 #endif
260 		}
261 	}
262 
263 #ifdef _SYSCALL32_IMPL
264 	/*
265 	 * Allocate loadable system call locks for 32-bit compat syscalls
266 	 */
267 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
268 	    callnum++, callp++) {
269 		if (LOADABLE_SYSCALL(callp)) {
270 			if (mod_getsysname(callnum) != NULL) {
271 				callp->sy_lock =
272 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
273 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
274 			} else {
275 				callp->sy_flags &= ~SE_LOADABLE;
276 				callp->sy_callc = nosys;
277 			}
278 #ifdef DEBUG
279 		} else {
280 			/*
281 			 * Do some sanity checks on the sysent table
282 			 */
283 			switch (callp->sy_flags & SE_RVAL_MASK) {
284 			case SE_32RVAL1:
285 				/* only r_val1 returned */
286 			case SE_32RVAL1 | SE_32RVAL2:
287 				/* r_val1 and r_val2 returned */
288 			case SE_64RVAL:
289 				/* 64-bit rval returned */
290 				break;
291 			default:
292 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
293 				    callnum, callp->sy_flags);
294 				goto skip;
295 			}
296 
297 			/*
298 			 * Cross-check the native and compatibility tables.
299 			 */
300 			if (callp->sy_callc == nosys ||
301 			    sysent[callnum].sy_callc == nosys)
302 				continue;
303 			/*
304 			 * If only one or the other slot is loadable, then
305 			 * there's an error -- they should match!
306 			 */
307 			if ((callp->sy_callc == loadable_syscall) ^
308 			    (sysent[callnum].sy_callc == loadable_syscall)) {
309 				cmn_err(CE_WARN, "sysent[%d] loadable?",
310 				    callnum);
311 			}
312 			/*
313 			 * This is more of a heuristic test -- if the
314 			 * system call returns two values in the 32-bit
315 			 * world, it should probably return two 32-bit
316 			 * values in the 64-bit world too.
317 			 */
318 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
319 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
320 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
321 				    callnum);
322 			}
323 skip:;
324 #endif	/* DEBUG */
325 		}
326 	}
327 #endif	/* _SYSCALL32_IMPL */
328 
329 	/*
330 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
331 	 */
332 	for (exectype = 0; exectype < nexectype; exectype++) {
333 		execsw[exectype].exec_lock =
334 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
335 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
336 	}
337 
338 	read_class_file();
339 
340 	/* init thread specific structure for mod_uninstall_all */
341 	tsd_create(&mod_autounload_key, NULL);
342 }
343 
344 static int
345 modctl_modload(int use_path, char *filename, int *rvp)
346 {
347 	struct modctl *modp;
348 	int retval = 0;
349 	char *filenamep;
350 	int modid;
351 
352 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
353 
354 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
355 		retval = EFAULT;
356 		goto out;
357 	}
358 
359 	filenamep[MOD_MAXPATH - 1] = 0;
360 	modp = mod_hold_installed_mod(filenamep, use_path, &retval);
361 
362 	if (modp == NULL)
363 		goto out;
364 
365 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
366 	modid = modp->mod_id;
367 	mod_release_mod(modp);
368 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
369 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
370 		retval = EFAULT;
371 out:
372 	kmem_free(filenamep, MOD_MAXPATH);
373 
374 	return (retval);
375 }
376 
377 static int
378 modctl_modunload(modid_t id)
379 {
380 	int rval = 0;
381 
382 	if (id == 0) {
383 #ifdef DEBUG
384 		/*
385 		 * Turn on mod_uninstall_daemon
386 		 */
387 		if (mod_uninstall_interval == 0) {
388 			mod_uninstall_interval = 60;
389 			modreap();
390 			return (rval);
391 		}
392 #endif
393 		mod_uninstall_all();
394 	} else {
395 		(void) devfs_clean(ddi_root_node(), NULL, 0);
396 		rval = modunload(id);
397 	}
398 	return (rval);
399 }
400 
401 static int
402 modctl_modinfo(modid_t id, struct modinfo *umodi)
403 {
404 	int retval;
405 	struct modinfo modi;
406 #if defined(_SYSCALL32_IMPL)
407 	int nobase;
408 	struct modinfo32 modi32;
409 #endif
410 
411 	if (get_udatamodel() == DATAMODEL_NATIVE) {
412 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
413 			return (EFAULT);
414 	}
415 #ifdef _SYSCALL32_IMPL
416 	else {
417 		bzero(&modi, sizeof (modi));
418 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
419 			return (EFAULT);
420 		modi.mi_info = modi32.mi_info;
421 		modi.mi_id = modi32.mi_id;
422 		modi.mi_nextid = modi32.mi_nextid;
423 		nobase = modi.mi_info & MI_INFO_NOBASE;
424 	}
425 #endif
426 	/*
427 	 * This flag is -only- for the kernels use.
428 	 */
429 	modi.mi_info &= ~MI_INFO_LINKAGE;
430 
431 	retval = modinfo(id, &modi);
432 	if (retval)
433 		return (retval);
434 
435 	if (get_udatamodel() == DATAMODEL_NATIVE) {
436 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
437 			retval = EFAULT;
438 #ifdef _SYSCALL32_IMPL
439 	} else {
440 		int i;
441 
442 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
443 			return (EOVERFLOW);
444 
445 		modi32.mi_info = modi.mi_info;
446 		modi32.mi_state = modi.mi_state;
447 		modi32.mi_id = modi.mi_id;
448 		modi32.mi_nextid = modi.mi_nextid;
449 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
450 		modi32.mi_size = modi.mi_size;
451 		modi32.mi_rev = modi.mi_rev;
452 		modi32.mi_loadcnt = modi.mi_loadcnt;
453 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
454 		for (i = 0; i < MODMAXLINK32; i++) {
455 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
456 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
457 			    modi32.mi_msinfo[i].msi_linkinfo,
458 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
459 		}
460 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
461 			retval = EFAULT;
462 #endif
463 	}
464 
465 	return (retval);
466 }
467 
468 /*
469  * Return the last major number in the range of permissible major numbers.
470  */
471 /*ARGSUSED*/
472 static int
473 modctl_modreserve(modid_t id, int *data)
474 {
475 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
476 		return (EFAULT);
477 	return (0);
478 }
479 
480 static int
481 modctl_add_major(int *data)
482 {
483 	struct modconfig mc;
484 	int i, rv;
485 	struct aliases alias;
486 	struct aliases *ap;
487 	char name[MAXMODCONFNAME];
488 	char cname[MAXMODCONFNAME];
489 	char *drvname;
490 
491 	bzero(&mc, sizeof (struct modconfig));
492 	if (get_udatamodel() == DATAMODEL_NATIVE) {
493 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
494 			return (EFAULT);
495 	}
496 #ifdef _SYSCALL32_IMPL
497 	else {
498 		struct modconfig32 modc32;
499 
500 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
501 			return (EFAULT);
502 		else {
503 			bcopy(modc32.drvname, mc.drvname,
504 			    sizeof (modc32.drvname));
505 			bcopy(modc32.drvclass, mc.drvclass,
506 			    sizeof (modc32.drvclass));
507 			mc.major = modc32.major;
508 			mc.num_aliases = modc32.num_aliases;
509 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
510 		}
511 	}
512 #endif
513 
514 	/*
515 	 * If the driver is already in the mb_hashtab, and the name given
516 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
517 	 * we may be adding aliases.
518 	 */
519 	if ((drvname = mod_major_to_name(mc.major)) != NULL &&
520 	    strcmp(drvname, mc.drvname) != 0)
521 		return (EINVAL);
522 
523 	/*
524 	 * Add each supplied driver alias to mb_hashtab
525 	 */
526 	ap = mc.ap;
527 	for (i = 0; i < mc.num_aliases; i++) {
528 		bzero(&alias, sizeof (struct aliases));
529 
530 		if (get_udatamodel() == DATAMODEL_NATIVE) {
531 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0)
532 				return (EFAULT);
533 
534 			if (alias.a_len > MAXMODCONFNAME)
535 				return (EINVAL);
536 
537 			if (copyin(alias.a_name, name, alias.a_len) != 0)
538 				return (EFAULT);
539 
540 			if (name[alias.a_len - 1] != '\0')
541 				return (EINVAL);
542 		}
543 #ifdef _SYSCALL32_IMPL
544 		else {
545 			struct aliases32 al32;
546 
547 			bzero(&al32, sizeof (struct aliases32));
548 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0)
549 				return (EFAULT);
550 
551 			if (al32.a_len > MAXMODCONFNAME)
552 				return (EINVAL);
553 
554 			if (copyin((void *)(uintptr_t)al32.a_name,
555 			    name, al32.a_len) != 0)
556 				return (EFAULT);
557 
558 			if (name[al32.a_len - 1] != '\0')
559 				return (EINVAL);
560 
561 			alias.a_next = (void *)(uintptr_t)al32.a_next;
562 		}
563 #endif
564 		check_esc_sequences(name, cname);
565 		(void) make_mbind(cname, mc.major, NULL, mb_hashtab);
566 		ap = alias.a_next;
567 	}
568 
569 	/*
570 	 * Try to establish an mbinding for mc.drvname, and add it to devnames.
571 	 * Add class if any after establishing the major number
572 	 */
573 	(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
574 	rv = make_devname(mc.drvname, mc.major);
575 
576 	if (rv == 0) {
577 		if (mc.drvclass[0] != '\0')
578 			add_class(mc.drvname, mc.drvclass);
579 		(void) i_ddi_load_drvconf(mc.major);
580 		i_ddi_bind_devs();
581 		i_ddi_di_cache_invalidate(KM_SLEEP);
582 	}
583 	return (rv);
584 }
585 
586 static int
587 modctl_rem_major(major_t major)
588 {
589 	struct devnames *dnp;
590 
591 	if (major >= devcnt)
592 		return (EINVAL);
593 
594 	/* mark devnames as removed */
595 	dnp = &devnamesp[major];
596 	LOCK_DEV_OPS(&dnp->dn_lock);
597 	if (dnp->dn_name == NULL ||
598 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
599 		UNLOCK_DEV_OPS(&dnp->dn_lock);
600 		return (EINVAL);
601 	}
602 	dnp->dn_flags |= DN_DRIVER_REMOVED;
603 	pm_driver_removed(major);
604 	UNLOCK_DEV_OPS(&dnp->dn_lock);
605 
606 	(void) i_ddi_unload_drvconf(major);
607 	i_ddi_unbind_devs(major);
608 	i_ddi_di_cache_invalidate(KM_SLEEP);
609 	return (0);
610 }
611 
612 static struct vfs *
613 path_to_vfs(char *name)
614 {
615 	vnode_t *vp;
616 	struct vfs *vfsp;
617 
618 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
619 		return (NULL);
620 
621 	vfsp = vp->v_vfsp;
622 	VN_RELE(vp);
623 	return (vfsp);
624 }
625 
626 static int
627 new_vfs_in_modpath()
628 {
629 	static int n_modpath = 0;
630 	static char *modpath_copy;
631 	static struct pathvfs {
632 		char *path;
633 		struct vfs *vfsp;
634 	} *pathvfs;
635 
636 	int i, new_vfs = 0;
637 	char *tmp, *tmp1;
638 	struct vfs *vfsp;
639 
640 	if (n_modpath != 0) {
641 		for (i = 0; i < n_modpath; i++) {
642 			vfsp = path_to_vfs(pathvfs[i].path);
643 			if (vfsp != pathvfs[i].vfsp) {
644 				pathvfs[i].vfsp = vfsp;
645 				if (vfsp)
646 					new_vfs = 1;
647 			}
648 		}
649 		return (new_vfs);
650 	}
651 
652 	/*
653 	 * First call, initialize the pathvfs structure
654 	 */
655 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
656 	tmp = modpath_copy;
657 	n_modpath = 1;
658 	tmp1 = strchr(tmp, ' ');
659 	while (tmp1) {
660 		*tmp1 = '\0';
661 		n_modpath++;
662 		tmp = tmp1 + 1;
663 		tmp1 = strchr(tmp, ' ');
664 	}
665 
666 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
667 	tmp = modpath_copy;
668 	for (i = 0; i < n_modpath; i++) {
669 		pathvfs[i].path = tmp;
670 		vfsp = path_to_vfs(tmp);
671 		pathvfs[i].vfsp = vfsp;
672 		tmp += strlen(tmp) + 1;
673 	}
674 	return (1);	/* always reread driver.conf the first time */
675 }
676 
677 static int modctl_load_drvconf(major_t major)
678 {
679 	int ret;
680 
681 	if (major != (major_t)-1) {
682 		ret = i_ddi_load_drvconf(major);
683 		if (ret == 0)
684 			i_ddi_bind_devs();
685 		return (ret);
686 	}
687 
688 	/*
689 	 * We are invoked to rescan new driver.conf files. It is
690 	 * only necessary if a new file system was mounted in the
691 	 * module_path. Because rescanning driver.conf files can
692 	 * take some time on older platforms (sun4m), the following
693 	 * code skips unnecessary driver.conf rescans to optimize
694 	 * boot performance.
695 	 */
696 	if (new_vfs_in_modpath()) {
697 		(void) i_ddi_load_drvconf((major_t)-1);
698 		/*
699 		 * If we are still initializing io subsystem,
700 		 * load drivers with ddi-forceattach property
701 		 */
702 		if (!i_ddi_io_initialized())
703 			i_ddi_forceattach_drivers();
704 	}
705 	return (0);
706 }
707 
708 static int
709 modctl_unload_drvconf(major_t major)
710 {
711 	int ret;
712 
713 	if (major >= devcnt)
714 		return (EINVAL);
715 
716 	ret = i_ddi_unload_drvconf(major);
717 	if (ret != 0)
718 		return (ret);
719 	(void) i_ddi_unbind_devs(major);
720 
721 	return (0);
722 }
723 
724 static void
725 check_esc_sequences(char *str, char *cstr)
726 {
727 	int i;
728 	size_t len;
729 	char *p;
730 
731 	len = strlen(str);
732 	for (i = 0; i < len; i++, str++, cstr++) {
733 		if (*str != '\\') {
734 			*cstr = *str;
735 		} else {
736 			p = str + 1;
737 			/*
738 			 * we only handle octal escape sequences for SPACE
739 			 */
740 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
741 				*cstr = ' ';
742 				str += 3;
743 			} else {
744 				*cstr = *str;
745 			}
746 		}
747 	}
748 	*cstr = 0;
749 }
750 
751 static int
752 modctl_getmodpathlen(int *data)
753 {
754 	int len;
755 	len = strlen(default_path);
756 	if (copyout(&len, data, sizeof (len)) != 0)
757 		return (EFAULT);
758 	return (0);
759 }
760 
761 static int
762 modctl_getmodpath(char *data)
763 {
764 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
765 		return (EFAULT);
766 	return (0);
767 }
768 
769 static int
770 modctl_read_sysbinding_file(void)
771 {
772 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
773 	return (0);
774 }
775 
776 static int
777 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
778 {
779 	char name[256];
780 	int retval;
781 	major_t major;
782 
783 	if ((retval = copyinstr(uname, name,
784 	    (ulen < 256) ? ulen : 256, 0)) != 0)
785 		return (retval);
786 	if ((major = mod_name_to_major(name)) == (major_t)-1)
787 		return (ENODEV);
788 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
789 		return (EFAULT);
790 	return (0);
791 }
792 
793 static int
794 modctl_getname(char *uname, uint_t ulen, int *umajorp)
795 {
796 	char *name;
797 	major_t major;
798 
799 	if (copyin(umajorp, &major, sizeof (major)) != 0)
800 		return (EFAULT);
801 	if ((name = mod_major_to_name(major)) == NULL)
802 		return (ENODEV);
803 	if ((strlen(name) + 1) > ulen)
804 		return (ENOSPC);
805 	return (copyoutstr(name, uname, ulen, NULL));
806 }
807 
808 static int
809 modctl_devt2instance(dev_t dev, int *uinstancep)
810 {
811 	int	instance;
812 
813 	if ((instance = dev_to_instance(dev)) == -1)
814 		return (EINVAL);
815 
816 	return (copyout(&instance, uinstancep, sizeof (int)));
817 }
818 
819 /*
820  * Return the sizeof of the device id.
821  */
822 static int
823 modctl_sizeof_devid(dev_t dev, uint_t *len)
824 {
825 	uint_t		sz;
826 	ddi_devid_t	devid;
827 
828 	/* get device id */
829 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
830 		return (EINVAL);
831 
832 	sz = ddi_devid_sizeof(devid);
833 	ddi_devid_free(devid);
834 
835 	/* copyout device id size */
836 	if (copyout(&sz, len, sizeof (sz)) != 0)
837 		return (EFAULT);
838 
839 	return (0);
840 }
841 
842 /*
843  * Return a copy of the device id.
844  */
845 static int
846 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
847 {
848 	uint_t		sz;
849 	ddi_devid_t	devid;
850 	int		err = 0;
851 
852 	/* get device id */
853 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
854 		return (EINVAL);
855 
856 	sz = ddi_devid_sizeof(devid);
857 
858 	/* Error if device id is larger than space allocated */
859 	if (sz > len) {
860 		ddi_devid_free(devid);
861 		return (ENOSPC);
862 	}
863 
864 	/* copy out device id */
865 	if (copyout(devid, udevid, sz) != 0)
866 		err = EFAULT;
867 	ddi_devid_free(devid);
868 	return (err);
869 }
870 
871 /*
872  * return the /devices paths associated with the specified devid and
873  * minor name.
874  */
875 /*ARGSUSED*/
876 static int
877 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
878 	size_t *ulensp, char *upaths)
879 {
880 	ddi_devid_t	devid = NULL;
881 	int		devid_len;
882 	char		*minor_name = NULL;
883 	dev_info_t	*dip = NULL;
884 	struct ddi_minor_data   *dmdp;
885 	char		*path = NULL;
886 	int		ulens;
887 	int		lens;
888 	int		len;
889 	dev_t		*devlist = NULL;
890 	int		ndevs;
891 	int		i;
892 	int		ret = 0;
893 
894 	/*
895 	 * If upaths is NULL then we are only computing the amount of space
896 	 * needed to hold the paths and returning the value in *ulensp. If we
897 	 * are copying out paths then we get the amount of space allocated by
898 	 * the caller. If the actual space needed for paths is larger, or
899 	 * things are changing out from under us, then we return EAGAIN.
900 	 */
901 	if (upaths) {
902 		if (ulensp == NULL)
903 			return (EINVAL);
904 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
905 			return (EFAULT);
906 	}
907 
908 	/*
909 	 * copyin enough of the devid to determine the length then
910 	 * reallocate and copy in the entire devid.
911 	 */
912 	devid_len = ddi_devid_sizeof(NULL);
913 	devid = kmem_alloc(devid_len, KM_SLEEP);
914 	if (copyin(udevid, devid, devid_len)) {
915 		ret = EFAULT;
916 		goto out;
917 	}
918 	len = devid_len;
919 	devid_len = ddi_devid_sizeof(devid);
920 	kmem_free(devid, len);
921 	devid = kmem_alloc(devid_len, KM_SLEEP);
922 	if (copyin(udevid, devid, devid_len)) {
923 		ret = EFAULT;
924 		goto out;
925 	}
926 
927 	/* copyin the minor name if specified. */
928 	minor_name = uminor_name;
929 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
930 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
931 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
932 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
933 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
934 			ret = EFAULT;
935 			goto out;
936 		}
937 	}
938 
939 	/*
940 	 * Use existing function to resolve the devid into a devlist.
941 	 *
942 	 * NOTE: there is a loss of spectype information in the current
943 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
944 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
945 	 * node forms in the loop processing the devlist below. It would be
946 	 * best if at some point the use of this interface here was replaced
947 	 * with a path oriented call.
948 	 */
949 	if (ddi_lyr_devid_to_devlist(devid,
950 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
951 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
952 	    &ndevs, &devlist) != DDI_SUCCESS) {
953 		ret = EINVAL;
954 		goto out;
955 	}
956 
957 	/*
958 	 * loop over the devlist, converting each devt to a path and doing
959 	 * a copyout of the path and computation of the amount of space
960 	 * needed to hold all the paths
961 	 */
962 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
963 	for (i = 0, lens = 0; i < ndevs; i++) {
964 
965 		/* find the dip associated with the dev_t */
966 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
967 			continue;
968 
969 		/* loop over all the minor nodes, skipping ones we don't want */
970 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
971 			if ((dmdp->ddm_dev != devlist[i]) ||
972 			    (dmdp->type != DDM_MINOR))
973 				continue;
974 
975 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
976 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
977 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
978 			    strcmp(minor_name, dmdp->ddm_name))
979 				continue;
980 			else {
981 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
982 				    (dmdp->ddm_spec_type != S_IFCHR))
983 					continue;
984 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
985 				    (dmdp->ddm_spec_type != S_IFBLK))
986 					continue;
987 			}
988 
989 			/* XXX need ddi_pathname_minor(dmdp, path); interface */
990 			if (ddi_dev_pathname(dmdp->ddm_dev, dmdp->ddm_spec_type,
991 			    path) != DDI_SUCCESS) {
992 				ret = EAGAIN;
993 				goto out;
994 			}
995 			len = strlen(path) + 1;
996 			*(path + len) = '\0';	/* set double termination */
997 			lens += len;
998 
999 			/* copyout the path with double terminations */
1000 			if (upaths) {
1001 				if (lens > ulens) {
1002 					ret = EAGAIN;
1003 					goto out;
1004 				}
1005 				if (copyout(path, upaths, len + 1)) {
1006 					ret = EFAULT;
1007 					goto out;
1008 				}
1009 				upaths += len;
1010 			}
1011 		}
1012 		ddi_release_devi(dip);
1013 		dip = NULL;
1014 	}
1015 	lens++;		/* add one for double termination */
1016 
1017 	/* copy out the amount of space needed to hold the paths */
1018 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1019 		ret = EFAULT;
1020 		goto out;
1021 	}
1022 	ret = 0;
1023 
1024 out:	if (dip)
1025 		ddi_release_devi(dip);
1026 	if (path)
1027 		kmem_free(path, MAXPATHLEN);
1028 	if (devlist)
1029 		ddi_lyr_free_devlist(devlist, ndevs);
1030 	if (minor_name &&
1031 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1032 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1033 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1034 		kmem_free(minor_name, MAXPATHLEN);
1035 	if (devid)
1036 		kmem_free(devid, devid_len);
1037 	return (ret);
1038 }
1039 
1040 /*
1041  * Return the size of the minor name.
1042  */
1043 static int
1044 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1045 {
1046 	uint_t	sz;
1047 	char	*name;
1048 
1049 	/* get the minor name */
1050 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1051 		return (EINVAL);
1052 
1053 	sz = strlen(name) + 1;
1054 	kmem_free(name, sz);
1055 
1056 	/* copy out the size of the minor name */
1057 	if (copyout(&sz, len, sizeof (sz)) != 0)
1058 		return (EFAULT);
1059 
1060 	return (0);
1061 }
1062 
1063 /*
1064  * Return the minor name.
1065  */
1066 static int
1067 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1068 {
1069 	uint_t	sz;
1070 	char	*name;
1071 	int	err = 0;
1072 
1073 	/* get the minor name */
1074 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1075 		return (EINVAL);
1076 
1077 	sz = strlen(name) + 1;
1078 
1079 	/* Error if the minor name is larger than the space allocated */
1080 	if (sz > len) {
1081 		kmem_free(name, sz);
1082 		return (ENOSPC);
1083 	}
1084 
1085 	/* copy out the minor name */
1086 	if (copyout(name, uname, sz) != 0)
1087 		err = EFAULT;
1088 	kmem_free(name, sz);
1089 	return (err);
1090 }
1091 
1092 /*
1093  * Return the size of the devfspath name.
1094  */
1095 static int
1096 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1097 {
1098 	uint_t	sz;
1099 	char	*name;
1100 
1101 	/* get the path name */
1102 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1103 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1104 		kmem_free(name, MAXPATHLEN);
1105 		return (EINVAL);
1106 	}
1107 
1108 	sz = strlen(name) + 1;
1109 	kmem_free(name, MAXPATHLEN);
1110 
1111 	/* copy out the size of the path name */
1112 	if (copyout(&sz, len, sizeof (sz)) != 0)
1113 		return (EFAULT);
1114 
1115 	return (0);
1116 }
1117 
1118 /*
1119  * Return the devfspath name.
1120  */
1121 static int
1122 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1123 {
1124 	uint_t	sz;
1125 	char	*name;
1126 	int	err = 0;
1127 
1128 	/* get the path name */
1129 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1130 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1131 		kmem_free(name, MAXPATHLEN);
1132 		return (EINVAL);
1133 	}
1134 
1135 	sz = strlen(name) + 1;
1136 
1137 	/* Error if the path name is larger than the space allocated */
1138 	if (sz > len) {
1139 		kmem_free(name, MAXPATHLEN);
1140 		return (ENOSPC);
1141 	}
1142 
1143 	/* copy out the path name */
1144 	if (copyout(name, uname, sz) != 0)
1145 		err = EFAULT;
1146 	kmem_free(name, MAXPATHLEN);
1147 	return (err);
1148 }
1149 
1150 static int
1151 modctl_get_fbname(char *path)
1152 {
1153 	extern dev_t fbdev;
1154 	char *pathname = NULL;
1155 	int rval = 0;
1156 
1157 	/* make sure fbdev is set before we plunge in */
1158 	if (fbdev == NODEV)
1159 		return (ENODEV);
1160 
1161 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1162 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1163 	    pathname)) == DDI_SUCCESS) {
1164 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1165 			rval = EFAULT;
1166 		}
1167 	}
1168 	kmem_free(pathname, MAXPATHLEN);
1169 	return (rval);
1170 }
1171 
1172 /*
1173  * modctl_reread_dacf()
1174  *	Reread the dacf rules database from the named binding file.
1175  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1176  */
1177 static int
1178 modctl_reread_dacf(char *path)
1179 {
1180 	int rval = 0;
1181 	char *filename, *filenamep;
1182 
1183 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1184 
1185 	if (path == NULL) {
1186 		filenamep = NULL;
1187 	} else {
1188 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1189 			rval = EFAULT;
1190 			goto out;
1191 		}
1192 		filenamep = filename;
1193 		filenamep[MAXPATHLEN - 1] = '\0';
1194 	}
1195 
1196 	rval = read_dacf_binding_file(filenamep);
1197 out:
1198 	kmem_free(filename, MAXPATHLEN);
1199 	return (rval);
1200 }
1201 
1202 /*ARGSUSED*/
1203 static int
1204 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1205     uint_t flag)
1206 {
1207 	int error = 0;
1208 	char *filenamep;
1209 
1210 	switch (subcmd) {
1211 
1212 	case MODEVENTS_FLUSH:
1213 		/* flush all currently queued events */
1214 		log_sysevent_flushq(subcmd, flag);
1215 		break;
1216 
1217 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1218 		/*
1219 		 * bind door_upcall to filename
1220 		 * this should only be done once per invocation
1221 		 * of the event daemon.
1222 		 */
1223 
1224 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1225 
1226 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1227 			error = EFAULT;
1228 		} else {
1229 			error = log_sysevent_filename(filenamep);
1230 		}
1231 		kmem_free(filenamep, MOD_MAXPATH);
1232 		break;
1233 
1234 	case MODEVENTS_GETDATA:
1235 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1236 		    (size_t)a3, (caddr_t)a4);
1237 		break;
1238 
1239 	case MODEVENTS_FREEDATA:
1240 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1241 		break;
1242 	case MODEVENTS_POST_EVENT:
1243 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1244 			(sysevent_id_t *)a4);
1245 		break;
1246 	case MODEVENTS_REGISTER_EVENT:
1247 		error = log_sysevent_register((char *)a2, (char *)a3,
1248 		    (se_pubsub_t *)a4);
1249 		break;
1250 	default:
1251 		error = EINVAL;
1252 	}
1253 
1254 	return (error);
1255 }
1256 
1257 static void
1258 free_mperm(mperm_t *mp)
1259 {
1260 	int len;
1261 
1262 	if (mp->mp_minorname) {
1263 		len = strlen(mp->mp_minorname) + 1;
1264 		kmem_free(mp->mp_minorname, len);
1265 	}
1266 	kmem_free(mp, sizeof (mperm_t));
1267 }
1268 
1269 #define	MP_NO_DRV_ERR	\
1270 	"/etc/minor_perm: no driver for %s\n"
1271 
1272 #define	MP_EMPTY_MINOR	\
1273 	"/etc/minor_perm: empty minor name for driver %s\n"
1274 
1275 #define	MP_NO_MINOR	\
1276 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1277 
1278 /*
1279  * Remove mperm entry with matching minorname
1280  */
1281 static void
1282 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1283 {
1284 	mperm_t **mp_head;
1285 	mperm_t *freemp = NULL;
1286 	struct devnames *dnp = &devnamesp[major];
1287 	mperm_t **wildmp;
1288 
1289 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1290 
1291 	LOCK_DEV_OPS(&dnp->dn_lock);
1292 	if (strcmp(mp->mp_minorname, "*") == 0) {
1293 		wildmp = ((is_clone == 0) ?
1294 			&dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1295 		if (*wildmp)
1296 			freemp = *wildmp;
1297 		*wildmp = NULL;
1298 	} else {
1299 		mp_head = &dnp->dn_mperm;
1300 		while (*mp_head) {
1301 			if (strcmp((*mp_head)->mp_minorname,
1302 			    mp->mp_minorname) != 0) {
1303 				mp_head = &(*mp_head)->mp_next;
1304 				continue;
1305 			}
1306 			/* remove the entry */
1307 			freemp = *mp_head;
1308 			*mp_head = freemp->mp_next;
1309 			break;
1310 		}
1311 	}
1312 	if (freemp) {
1313 		if (moddebug & MODDEBUG_MINORPERM) {
1314 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1315 			    drvname, freemp->mp_minorname,
1316 			    freemp->mp_mode & 0777,
1317 			    freemp->mp_uid, freemp->mp_gid);
1318 		}
1319 		free_mperm(freemp);
1320 	} else {
1321 		if (moddebug & MODDEBUG_MINORPERM) {
1322 			cmn_err(CE_CONT, MP_NO_MINOR,
1323 				drvname, mp->mp_minorname);
1324 		}
1325 	}
1326 
1327 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1328 }
1329 
1330 /*
1331  * Add minor perm entry
1332  */
1333 static void
1334 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1335 {
1336 	mperm_t **mp_head;
1337 	mperm_t *freemp = NULL;
1338 	struct devnames *dnp = &devnamesp[major];
1339 	mperm_t **wildmp;
1340 
1341 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1342 
1343 	/*
1344 	 * Note that update_drv replace semantics require
1345 	 * replacing matching entries with the new permissions.
1346 	 */
1347 	LOCK_DEV_OPS(&dnp->dn_lock);
1348 	if (strcmp(mp->mp_minorname, "*") == 0) {
1349 		wildmp = ((is_clone == 0) ?
1350 			&dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1351 		if (*wildmp)
1352 			freemp = *wildmp;
1353 		*wildmp = mp;
1354 	} else {
1355 		mperm_t *p, *v = NULL;
1356 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1357 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1358 				if (v == NULL)
1359 					dnp->dn_mperm = mp;
1360 				else
1361 					v->mp_next = mp;
1362 				mp->mp_next = p->mp_next;
1363 				freemp = p;
1364 				goto replaced;
1365 			}
1366 		}
1367 		if (p == NULL) {
1368 			mp_head = &dnp->dn_mperm;
1369 			if (*mp_head == NULL) {
1370 				*mp_head = mp;
1371 			} else {
1372 				mp->mp_next = *mp_head;
1373 				*mp_head = mp;
1374 			}
1375 		}
1376 	}
1377 replaced:
1378 	if (freemp) {
1379 		if (moddebug & MODDEBUG_MINORPERM) {
1380 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1381 			    drvname, freemp->mp_minorname,
1382 			    freemp->mp_mode & 0777,
1383 			    freemp->mp_uid, freemp->mp_gid);
1384 		}
1385 		free_mperm(freemp);
1386 	}
1387 	if (moddebug & MODDEBUG_MINORPERM) {
1388 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1389 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1390 		    mp->mp_uid, mp->mp_gid);
1391 	}
1392 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1393 }
1394 
1395 
1396 static int
1397 process_minorperm(int cmd, nvlist_t *nvl)
1398 {
1399 	char *minor;
1400 	major_t major;
1401 	mperm_t *mp;
1402 	nvpair_t *nvp;
1403 	char *name;
1404 	int is_clone;
1405 	major_t minmaj;
1406 
1407 	ASSERT(cmd == MODLOADMINORPERM ||
1408 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1409 
1410 	nvp = NULL;
1411 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1412 		name = nvpair_name(nvp);
1413 
1414 		is_clone = 0;
1415 		(void) nvpair_value_string(nvp, &minor);
1416 		major = ddi_name_to_major(name);
1417 		if (major != (major_t)-1) {
1418 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1419 			if (minor == NULL || strlen(minor) == 0) {
1420 				if (moddebug & MODDEBUG_MINORPERM) {
1421 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1422 				}
1423 				minor = "*";
1424 			}
1425 
1426 			/*
1427 			 * The minor name of a node using the clone
1428 			 * driver must be the driver name.  To avoid
1429 			 * multiple searches, we map entries in the form
1430 			 * clone:<driver> to <driver>:*.  This also allows us
1431 			 * to filter out some of the litter in /etc/minor_perm.
1432 			 * Minor perm alias entries where the name is not
1433 			 * the driver kept on the clone list itself.
1434 			 * This all seems very fragile as a driver could
1435 			 * be introduced with an existing alias name.
1436 			 */
1437 			if (strcmp(name, "clone") == 0) {
1438 				minmaj = ddi_name_to_major(minor);
1439 				if (minmaj != (major_t)-1) {
1440 					if (moddebug & MODDEBUG_MINORPERM) {
1441 						cmn_err(CE_CONT,
1442 						    "mapping %s:%s to %s:*\n",
1443 						    name, minor, minor);
1444 					}
1445 					major = minmaj;
1446 					name = minor;
1447 					minor = "*";
1448 					is_clone = 1;
1449 				}
1450 			}
1451 
1452 			if (mp) {
1453 				mp->mp_minorname =
1454 				    i_ddi_strdup(minor, KM_SLEEP);
1455 			}
1456 		} else {
1457 			mp = NULL;
1458 			if (moddebug & MODDEBUG_MINORPERM) {
1459 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1460 			}
1461 		}
1462 
1463 		/* mode */
1464 		nvp = nvlist_next_nvpair(nvl, nvp);
1465 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1466 		if (mp)
1467 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1468 		/* uid */
1469 		nvp = nvlist_next_nvpair(nvl, nvp);
1470 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1471 		if (mp)
1472 			(void) nvpair_value_int32(nvp, &mp->mp_uid);
1473 		/* gid */
1474 		nvp = nvlist_next_nvpair(nvl, nvp);
1475 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1476 		if (mp) {
1477 			(void) nvpair_value_int32(nvp, &mp->mp_gid);
1478 
1479 			if (cmd == MODREMMINORPERM) {
1480 				rem_minorperm(major, name, mp, is_clone);
1481 				free_mperm(mp);
1482 			} else {
1483 				add_minorperm(major, name, mp, is_clone);
1484 			}
1485 		}
1486 	}
1487 
1488 	if (cmd == MODLOADMINORPERM)
1489 		minorperm_loaded = 1;
1490 
1491 	/*
1492 	 * Reset permissions of cached dv_nodes
1493 	 */
1494 	(void) devfs_reset_perm(DV_RESET_PERM);
1495 
1496 	return (0);
1497 }
1498 
1499 static int
1500 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1501 {
1502 	int error;
1503 	nvlist_t *nvl;
1504 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1505 
1506 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1507 		kmem_free(buf, buflen);
1508 		return (error);
1509 	}
1510 
1511 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1512 	kmem_free(buf, buflen);
1513 	if (error)
1514 		return (error);
1515 
1516 	error = process_minorperm(cmd, nvl);
1517 	nvlist_free(nvl);
1518 	return (error);
1519 }
1520 
1521 struct walk_args {
1522 	char		*wa_drvname;
1523 	list_t		wa_pathlist;
1524 };
1525 
1526 struct path_elem {
1527 	char		*pe_dir;
1528 	char		*pe_nodename;
1529 	list_node_t	pe_node;
1530 	int		pe_dirlen;
1531 };
1532 
1533 /*ARGSUSED*/
1534 static int
1535 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1536 {
1537 	struct walk_args *wargs = (struct walk_args *)arg;
1538 	struct path_elem *pe;
1539 	char *nodename;
1540 
1541 	if (strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1542 		return (INST_WALK_CONTINUE);
1543 
1544 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1545 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1546 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1547 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1548 	nodename = strrchr(pe->pe_dir, '/');
1549 	*nodename++ = 0;
1550 	pe->pe_nodename = nodename;
1551 	list_insert_tail(&wargs->wa_pathlist, pe);
1552 
1553 	return (INST_WALK_CONTINUE);
1554 }
1555 
1556 static int
1557 modctl_remdrv_cleanup(const char *u_drvname)
1558 {
1559 	struct walk_args *wargs;
1560 	struct path_elem *pe;
1561 	char *drvname;
1562 	int err, rval = 0;
1563 
1564 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
1565 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
1566 		kmem_free(drvname, MAXMODCONFNAME);
1567 		return (err);
1568 	}
1569 
1570 	/*
1571 	 * First go through the instance database.  For each
1572 	 * instance of a device bound to the driver being
1573 	 * removed, remove any underlying devfs attribute nodes.
1574 	 *
1575 	 * This is a two-step process.  First we go through
1576 	 * the instance data itself, constructing a list of
1577 	 * the nodes discovered.  The second step is then
1578 	 * to find and remove any devfs attribute nodes
1579 	 * for the instances discovered in the first step.
1580 	 * The two-step process avoids any difficulties
1581 	 * which could arise by holding the instance data
1582 	 * lock with simultaneous devfs operations.
1583 	 */
1584 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
1585 
1586 	wargs->wa_drvname = drvname;
1587 	list_create(&wargs->wa_pathlist,
1588 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
1589 
1590 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
1591 
1592 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
1593 	    pe = list_next(&wargs->wa_pathlist, pe)) {
1594 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
1595 			(const char *)pe->pe_nodename);
1596 		if (rval == 0)
1597 			rval = err;
1598 	}
1599 
1600 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
1601 		list_remove(&wargs->wa_pathlist, pe);
1602 		kmem_free(pe->pe_dir, pe->pe_dirlen);
1603 		kmem_free(pe, sizeof (*pe));
1604 	}
1605 	kmem_free(wargs, sizeof (*wargs));
1606 
1607 	/*
1608 	 * Pseudo nodes aren't recorded in the instance database
1609 	 * so any such nodes need to be handled separately.
1610 	 */
1611 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
1612 	if (rval == 0)
1613 		rval = err;
1614 
1615 	kmem_free(drvname, MAXMODCONFNAME);
1616 	return (rval);
1617 }
1618 
1619 static int
1620 modctl_allocpriv(const char *name)
1621 {
1622 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
1623 	int error;
1624 
1625 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
1626 		kmem_free(pstr, PRIVNAME_MAX);
1627 		return (error);
1628 	}
1629 	error = priv_getbyname(pstr, PRIV_ALLOC);
1630 	if (error < 0)
1631 		error = -error;
1632 	else
1633 		error = 0;
1634 	kmem_free(pstr, PRIVNAME_MAX);
1635 	return (error);
1636 }
1637 
1638 /*ARGSUSED5*/
1639 int
1640 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1641     uintptr_t a5)
1642 {
1643 	int	error = EINVAL;
1644 	dev_t	dev;
1645 
1646 	if (secpolicy_modctl(CRED(), cmd) != 0)
1647 		return (set_errno(EPERM));
1648 
1649 	switch (cmd) {
1650 	case MODLOAD:		/* load a module */
1651 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
1652 		break;
1653 
1654 	case MODUNLOAD:		/* unload a module */
1655 		error = modctl_modunload((modid_t)a1);
1656 		break;
1657 
1658 	case MODINFO:		/* get module status */
1659 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
1660 		break;
1661 
1662 	case MODRESERVED:	/* get last major number in range */
1663 		error = modctl_modreserve((modid_t)a1, (int *)a2);
1664 		break;
1665 
1666 	case MODSETMINIROOT:	/* we are running in miniroot */
1667 		isminiroot = 1;
1668 		error = 0;
1669 		break;
1670 
1671 	case MODADDMAJBIND:	/* read major binding file */
1672 		error = modctl_add_major((int *)a2);
1673 		break;
1674 
1675 	case MODGETPATHLEN:	/* get modpath length */
1676 		error = modctl_getmodpathlen((int *)a2);
1677 		break;
1678 
1679 	case MODGETPATH:	/* get modpath */
1680 		error = modctl_getmodpath((char *)a2);
1681 		break;
1682 
1683 	case MODREADSYSBIND:	/* read system call binding file */
1684 		error = modctl_read_sysbinding_file();
1685 		break;
1686 
1687 	case MODGETMAJBIND:	/* get major number for named device */
1688 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
1689 		break;
1690 
1691 	case MODGETNAME:	/* get name of device given major number */
1692 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
1693 		break;
1694 
1695 	case MODDEVT2INSTANCE:
1696 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1697 			dev = (dev_t)a1;
1698 		}
1699 #ifdef _SYSCALL32_IMPL
1700 		else {
1701 			dev = expldev(a1);
1702 		}
1703 #endif
1704 		error = modctl_devt2instance(dev, (int *)a2);
1705 		break;
1706 
1707 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
1708 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1709 			dev = (dev_t)a1;
1710 		}
1711 #ifdef _SYSCALL32_IMPL
1712 		else {
1713 			dev = expldev(a1);
1714 		}
1715 #endif
1716 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
1717 		break;
1718 
1719 	case MODGETDEVID:	/* get device id of device given dev_t */
1720 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1721 			dev = (dev_t)a1;
1722 		}
1723 #ifdef _SYSCALL32_IMPL
1724 		else {
1725 			dev = expldev(a1);
1726 		}
1727 #endif
1728 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
1729 		break;
1730 
1731 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm of dev_t/spectype */
1732 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1733 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
1734 			    (uint_t *)a3);
1735 		}
1736 #ifdef _SYSCALL32_IMPL
1737 		else {
1738 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
1739 			    (uint_t *)a3);
1740 		}
1741 
1742 #endif
1743 		break;
1744 
1745 	case MODGETMINORNAME:   /* get minor name of dev_t and spec type */
1746 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1747 			error = modctl_get_minorname((dev_t)a1, (int)a2,
1748 			    (uint_t)a3, (char *)a4);
1749 		}
1750 #ifdef _SYSCALL32_IMPL
1751 		else {
1752 			error = modctl_get_minorname(expldev(a1), (int)a2,
1753 			    (uint_t)a3, (char *)a4);
1754 		}
1755 #endif
1756 		break;
1757 
1758 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of dev_t/spectype */
1759 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1760 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
1761 			    (uint_t *)a3);
1762 		}
1763 #ifdef _SYSCALL32_IMPL
1764 		else {
1765 			error = modctl_devfspath_len(expldev(a1), (int)a2,
1766 			    (uint_t *)a3);
1767 		}
1768 
1769 #endif
1770 		break;
1771 
1772 	case MODGETDEVFSPATH:   /* get path name of dev_t and spec type */
1773 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1774 			error = modctl_devfspath((dev_t)a1, (int)a2,
1775 			    (uint_t)a3, (char *)a4);
1776 		}
1777 #ifdef _SYSCALL32_IMPL
1778 		else {
1779 			error = modctl_devfspath(expldev(a1), (int)a2,
1780 			    (uint_t)a3, (char *)a4);
1781 		}
1782 #endif
1783 		break;
1784 
1785 
1786 	case MODEVENTS:
1787 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
1788 		break;
1789 
1790 	case MODGETFBNAME:	/* get the framebuffer name */
1791 		error = modctl_get_fbname((char *)a1);
1792 		break;
1793 
1794 	case MODREREADDACF:	/* reread dacf rule database from given file */
1795 		error = modctl_reread_dacf((char *)a1);
1796 		break;
1797 
1798 	case MODLOADDRVCONF:	/* load driver.conf file for major */
1799 		error = modctl_load_drvconf((major_t)a1);
1800 		break;
1801 
1802 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
1803 		error = modctl_unload_drvconf((major_t)a1);
1804 		break;
1805 
1806 	case MODREMMAJBIND:	/* remove a major binding */
1807 		error = modctl_rem_major((major_t)a1);
1808 		break;
1809 
1810 	case MODDEVID2PATHS:	/* get paths given devid */
1811 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
1812 		    (uint_t)a3, (size_t *)a4, (char *)a5);
1813 		break;
1814 
1815 	case MODSETDEVPOLICY:	/* establish device policy */
1816 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
1817 		break;
1818 
1819 	case MODGETDEVPOLICY:	/* get device policy */
1820 		error = devpolicy_get((int *)a1, (size_t)a2,
1821 				(devplcysys_t *)a3);
1822 		break;
1823 
1824 	case MODALLOCPRIV:
1825 		error = modctl_allocpriv((const char *)a1);
1826 		break;
1827 
1828 	case MODGETDEVPOLICYBYNAME:
1829 		error = devpolicy_getbyname((size_t)a1,
1830 		    (devplcysys_t *)a2, (char *)a3);
1831 		break;
1832 
1833 	case MODLOADMINORPERM:
1834 	case MODADDMINORPERM:
1835 	case MODREMMINORPERM:
1836 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
1837 		break;
1838 
1839 	case MODREMDRVCLEANUP:
1840 		error = modctl_remdrv_cleanup((const char *)a1);
1841 		break;
1842 
1843 	default:
1844 		error = EINVAL;
1845 		break;
1846 	}
1847 
1848 	return (error ? set_errno(error) : 0);
1849 }
1850 
1851 /*
1852  * Calls to kobj_load_module()() are handled off to this routine in a
1853  * separate thread.
1854  */
1855 static void
1856 modload_thread(struct loadmt *ltp)
1857 {
1858 	/* load the module and signal the creator of this thread */
1859 	kmutex_t	cpr_lk;
1860 	callb_cpr_t	cpr_i;
1861 
1862 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
1863 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
1864 	/* borrow the devi lock from thread which invoked us */
1865 	pm_borrow_lock(ltp->owner);
1866 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
1867 	pm_return_lock();
1868 	sema_v(&ltp->sema);
1869 	mutex_enter(&cpr_lk);
1870 	CALLB_CPR_EXIT(&cpr_i);
1871 	mutex_destroy(&cpr_lk);
1872 	thread_exit();
1873 }
1874 
1875 /*
1876  * load a module, adding a reference if caller specifies rmodp.  If rmodp
1877  * is specified then an errno is returned, otherwise a module index is
1878  * returned (-1 on error).
1879  */
1880 static int
1881 modrload(char *subdir, char *filename, struct modctl **rmodp)
1882 {
1883 	struct modctl *modp;
1884 	size_t size;
1885 	char *fullname;
1886 	int retval = EINVAL;
1887 	int id = -1;
1888 
1889 	if (rmodp)
1890 		*rmodp = NULL;			/* avoid garbage */
1891 
1892 	if (subdir != NULL) {
1893 		/*
1894 		 * refuse / in filename to prevent "../" escapes.
1895 		 */
1896 		if (strchr(filename, '/') != NULL)
1897 			return (rmodp ? retval : id);
1898 
1899 		/*
1900 		 * allocate enough space for <subdir>/<filename><NULL>
1901 		 */
1902 		size = strlen(subdir) + strlen(filename) + 2;
1903 		fullname = kmem_zalloc(size, KM_SLEEP);
1904 		(void) sprintf(fullname, "%s/%s", subdir, filename);
1905 	} else {
1906 		fullname = filename;
1907 	}
1908 
1909 	modp = mod_hold_installed_mod(fullname, 1, &retval);
1910 	if (modp != NULL) {
1911 		id = modp->mod_id;
1912 		if (rmodp) {
1913 			/* add mod_ref and return *rmodp */
1914 			mutex_enter(&mod_lock);
1915 			modp->mod_ref++;
1916 			mutex_exit(&mod_lock);
1917 			*rmodp = modp;
1918 		}
1919 		mod_release_mod(modp);
1920 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
1921 	}
1922 
1923 done:	if (subdir != NULL)
1924 		kmem_free(fullname, size);
1925 	return (rmodp ? retval : id);
1926 }
1927 
1928 /*
1929  * This is the primary kernel interface to load a module. It loads and
1930  * installs the named module.  It does not hold mod_ref of the module, so
1931  * a module unload attempt can occur at any time - it is up to the
1932  * _fini/mod_remove implementation to determine if unload will succeed.
1933  */
1934 int
1935 modload(char *subdir, char *filename)
1936 {
1937 	return (modrload(subdir, filename, NULL));
1938 }
1939 
1940 /*
1941  * Load a module.
1942  */
1943 int
1944 modloadonly(char *subdir, char *filename)
1945 {
1946 	struct modctl *modp;
1947 	char *fullname;
1948 	size_t size;
1949 	int id, retval;
1950 
1951 	if (subdir != NULL) {
1952 		/*
1953 		 * allocate enough space for <subdir>/<filename><NULL>
1954 		 */
1955 		size = strlen(subdir) + strlen(filename) + 2;
1956 		fullname = kmem_zalloc(size, KM_SLEEP);
1957 		(void) sprintf(fullname, "%s/%s", subdir, filename);
1958 	} else {
1959 		fullname = filename;
1960 	}
1961 
1962 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
1963 	if (modp) {
1964 		id = modp->mod_id;
1965 		mod_release_mod(modp);
1966 	}
1967 
1968 	if (subdir != NULL)
1969 		kmem_free(fullname, size);
1970 
1971 	if (retval == 0)
1972 		return (id);
1973 	return (-1);
1974 }
1975 
1976 /*
1977  * Try to uninstall and unload a module, removing a reference if caller
1978  * specifies rmodp.
1979  */
1980 static int
1981 modunrload(modid_t id, struct modctl **rmodp, int unload)
1982 {
1983 	struct modctl	*modp;
1984 	int		retval;
1985 
1986 	if (rmodp)
1987 		*rmodp = NULL;			/* avoid garbage */
1988 
1989 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
1990 		return (EINVAL);
1991 
1992 	if (rmodp) {
1993 		mutex_enter(&mod_lock);
1994 		modp->mod_ref--;
1995 		mutex_exit(&mod_lock);
1996 		*rmodp = modp;
1997 	}
1998 
1999 	if (unload) {
2000 		retval = moduninstall(modp);
2001 		if (retval == 0) {
2002 			mod_unload(modp);
2003 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2004 		} else if (retval == EALREADY)
2005 			retval = 0;	/* already unloaded, not an error */
2006 	} else
2007 		retval = 0;
2008 
2009 	mod_release_mod(modp);
2010 	return (retval);
2011 }
2012 
2013 /*
2014  * Uninstall and unload a module.
2015  */
2016 int
2017 modunload(modid_t id)
2018 {
2019 	return (modunrload(id, NULL, 1));
2020 }
2021 
2022 /*
2023  * Return status of a loaded module.
2024  */
2025 static int
2026 modinfo(modid_t id, struct modinfo *modinfop)
2027 {
2028 	struct modctl	*modp;
2029 	modid_t		mid;
2030 	int		i;
2031 
2032 	mid = modinfop->mi_id;
2033 	if (modinfop->mi_info & MI_INFO_ALL) {
2034 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2035 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2036 			    modp->mod_installed)
2037 				break;
2038 			mod_release_mod(modp);
2039 		}
2040 		if (modp == NULL)
2041 			return (EINVAL);
2042 	} else {
2043 		modp = mod_hold_by_id(id);
2044 		if (modp == NULL)
2045 			return (EINVAL);
2046 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2047 		    (modp->mod_installed == 0)) {
2048 			mod_release_mod(modp);
2049 			return (EINVAL);
2050 		}
2051 	}
2052 
2053 	modinfop->mi_rev = 0;
2054 	modinfop->mi_state = 0;
2055 	for (i = 0; i < MODMAXLINK; i++) {
2056 		modinfop->mi_msinfo[i].msi_p0 = -1;
2057 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2058 	}
2059 	if (modp->mod_loaded) {
2060 		modinfop->mi_state = MI_LOADED;
2061 		kobj_getmodinfo(modp->mod_mp, modinfop);
2062 	}
2063 	if (modp->mod_installed) {
2064 		modinfop->mi_state |= MI_INSTALLED;
2065 
2066 		(void) mod_getinfo(modp, modinfop);
2067 	}
2068 
2069 	modinfop->mi_id = modp->mod_id;
2070 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2071 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2072 
2073 	mod_release_mod(modp);
2074 	return (0);
2075 }
2076 
2077 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2078 static char no_err[] = "No error function for weak stub %s";
2079 
2080 /*
2081  * used by the stubs themselves to load and hold a module.
2082  * Returns  0 if the module is successfully held;
2083  *	    the stub needs to call mod_release_stub().
2084  *	    -1 if the stub should just call the err_fcn.
2085  * Note that this code is stretched out so that we avoid subroutine calls
2086  * and optimize for the most likely case.  That is, the case where the
2087  * module is loaded and installed and not held.  In that case we just inc
2088  * the mod_ref count and continue.
2089  */
2090 int
2091 mod_hold_stub(struct mod_stub_info *stub)
2092 {
2093 	struct modctl *mp;
2094 	struct mod_modinfo *mip;
2095 
2096 	mip = stub->mods_modinfo;
2097 
2098 	mutex_enter(&mod_lock);
2099 
2100 	/* we do mod_hold_by_modctl inline for speed */
2101 
2102 mod_check_again:
2103 	if ((mp = mip->mp) != NULL) {
2104 		if (mp->mod_busy == 0) {
2105 			if (mp->mod_installed) {
2106 				/* increment the reference count */
2107 				mp->mod_ref++;
2108 				ASSERT(mp->mod_ref && mp->mod_installed);
2109 				mutex_exit(&mod_lock);
2110 				return (0);
2111 			} else {
2112 				mp->mod_busy = 1;
2113 				mp->mod_inprogress_thread =
2114 				    (curthread == NULL ?
2115 				    (kthread_id_t)-1 : curthread);
2116 			}
2117 		} else {
2118 			/*
2119 			 * wait one time and then go see if someone
2120 			 * else has resolved the stub (set mip->mp).
2121 			 */
2122 			if (mod_hold_by_modctl(mp,
2123 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2124 				goto mod_check_again;
2125 
2126 			/*
2127 			 * what we have now may have been unloaded!, in
2128 			 * that case, mip->mp will be NULL, we'll hit this
2129 			 * module and load again..
2130 			 */
2131 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2132 		}
2133 		mutex_exit(&mod_lock);
2134 	} else {
2135 		/* first time we've hit this module */
2136 		mutex_exit(&mod_lock);
2137 		mp = mod_hold_by_name(mip->modm_module_name);
2138 		mip->mp = mp;
2139 	}
2140 
2141 	/*
2142 	 * If we are here, it means that the following conditions
2143 	 * are satisfied.
2144 	 *
2145 	 * mip->mp != NULL
2146 	 * this thread has set the mp->mod_busy = 1
2147 	 * mp->mod_installed = 0
2148 	 *
2149 	 */
2150 	ASSERT(mp != NULL);
2151 	ASSERT(mp->mod_busy == 1);
2152 
2153 	if (mp->mod_installed == 0) {
2154 		/* Module not loaded, if weak stub don't load it */
2155 		if (stub->mods_flag & MODS_WEAK) {
2156 			if (stub->mods_errfcn == NULL) {
2157 				mod_release_mod(mp);
2158 				cmn_err(CE_PANIC, no_err,
2159 				    mip->modm_module_name);
2160 			}
2161 		} else {
2162 			/* Not a weak stub so load the module */
2163 
2164 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
2165 				/*
2166 				 * If mod_load() was successful
2167 				 * and modinstall() failed, then
2168 				 * unload the module.
2169 				 */
2170 				if (mp->mod_loaded)
2171 					mod_unload(mp);
2172 
2173 				mod_release_mod(mp);
2174 				if (stub->mods_errfcn == NULL) {
2175 					cmn_err(CE_PANIC, mod_stub_err,
2176 					    mip->modm_module_name);
2177 				} else {
2178 					return (-1);
2179 				}
2180 			}
2181 		}
2182 	}
2183 
2184 	/*
2185 	 * At this point module is held and loaded. Release
2186 	 * the mod_busy and mod_inprogress_thread before
2187 	 * returning. We actually call mod_release() here so
2188 	 * that if another stub wants to access this module,
2189 	 * it can do so. mod_ref is incremented before mod_release()
2190 	 * is called to prevent someone else from snatching the
2191 	 * module from this thread.
2192 	 */
2193 	mutex_enter(&mod_lock);
2194 	mp->mod_ref++;
2195 	ASSERT(mp->mod_ref &&
2196 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2197 	mod_release(mp);
2198 	mutex_exit(&mod_lock);
2199 	return (0);
2200 }
2201 
2202 void
2203 mod_release_stub(struct mod_stub_info *stub)
2204 {
2205 	struct modctl *mp = stub->mods_modinfo->mp;
2206 
2207 	/* inline mod_release_mod */
2208 	mutex_enter(&mod_lock);
2209 	ASSERT(mp->mod_ref &&
2210 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2211 	mp->mod_ref--;
2212 	if (mp->mod_want) {
2213 		mp->mod_want = 0;
2214 		cv_broadcast(&mod_cv);
2215 	}
2216 	mutex_exit(&mod_lock);
2217 }
2218 
2219 static struct modctl *
2220 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
2221 {
2222 	struct modctl *modp;
2223 	int retval;
2224 
2225 	/*
2226 	 * Hold the module.
2227 	 */
2228 	modp = mod_hold_by_name_requisite(dep, filename);
2229 	if (modp) {
2230 		retval = mod_load(modp, 1);
2231 		if (retval != 0) {
2232 			mod_release_mod(modp);
2233 			modp = NULL;
2234 		}
2235 		*status = retval;
2236 	} else {
2237 		*status = ENOSPC;
2238 	}
2239 
2240 	/*
2241 	 * if dep is not NULL, clear the module dependency information.
2242 	 * This information is set in mod_hold_by_name_common().
2243 	 */
2244 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
2245 		ASSERT(dep->mod_busy);
2246 		dep->mod_requisite_loading = NULL;
2247 	}
2248 
2249 	return (modp);
2250 }
2251 
2252 /*
2253  * hold, load, and install the named module
2254  */
2255 static struct modctl *
2256 mod_hold_installed_mod(char *name, int usepath, int *r)
2257 {
2258 	struct modctl *modp;
2259 	int retval;
2260 
2261 	/*
2262 	 * Verify that that module in question actually exists on disk
2263 	 * before allocation of module structure by mod_hold_by_name.
2264 	 */
2265 	if (modrootloaded && swaploaded) {
2266 		if (!kobj_path_exists(name, usepath)) {
2267 			*r = ENOENT;
2268 			return (NULL);
2269 		}
2270 	}
2271 
2272 	/*
2273 	 * Hold the module.
2274 	 */
2275 	modp = mod_hold_by_name(name);
2276 	if (modp) {
2277 		retval = mod_load(modp, usepath);
2278 		if (retval != 0) {
2279 			mod_release_mod(modp);
2280 			modp = NULL;
2281 			*r = retval;
2282 		} else {
2283 			if ((*r = modinstall(modp)) != 0) {
2284 				/*
2285 				 * We loaded it, but failed to _init() it.
2286 				 * Be kind to developers -- force it
2287 				 * out of memory now so that the next
2288 				 * attempt to use the module will cause
2289 				 * a reload.  See 1093793.
2290 				 */
2291 				mod_unload(modp);
2292 				mod_release_mod(modp);
2293 				modp = NULL;
2294 			}
2295 		}
2296 	} else {
2297 		*r = ENOSPC;
2298 	}
2299 	return (modp);
2300 }
2301 
2302 static char mod_excl_msg[] =
2303 	"module %s(%s) is EXCLUDED and will not be loaded\n";
2304 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
2305 
2306 /*
2307  * This routine is needed for dependencies.  Users specify dependencies
2308  * by declaring a character array initialized to filenames of dependents.
2309  * So the code that handles dependents deals with filenames (and not
2310  * module names) because that's all it has.  We load by filename and once
2311  * we've loaded a file we can get the module name.
2312  * Unfortunately there isn't a single unified filename/modulename namespace.
2313  * C'est la vie.
2314  *
2315  * We allow the name being looked up to be prepended by an optional
2316  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
2317  */
2318 struct modctl *
2319 mod_find_by_filename(char *subdir, char *filename)
2320 {
2321 	struct modctl	*mp;
2322 	size_t		sublen;
2323 
2324 	ASSERT(!MUTEX_HELD(&mod_lock));
2325 	if (subdir != NULL)
2326 		sublen = strlen(subdir);
2327 	else
2328 		sublen = 0;
2329 
2330 	mutex_enter(&mod_lock);
2331 	mp = &modules;
2332 	do {
2333 		if (sublen) {
2334 			char *mod_filename = mp->mod_filename;
2335 
2336 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
2337 			    mod_filename[sublen] == '/' &&
2338 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
2339 				mutex_exit(&mod_lock);
2340 				return (mp);
2341 			}
2342 		} else if (strcmp(filename, mp->mod_filename) == 0) {
2343 			mutex_exit(&mod_lock);
2344 			return (mp);
2345 		}
2346 	} while ((mp = mp->mod_next) != &modules);
2347 	mutex_exit(&mod_lock);
2348 	return (NULL);
2349 }
2350 
2351 /*
2352  * Check for circular dependencies.  This is called from do_dependents()
2353  * in kobj.c.  If we are the thread already loading this module, then
2354  * we're trying to load a dependent that we're already loading which
2355  * means the user specified circular dependencies.
2356  */
2357 static int
2358 mod_circdep(struct modctl *modp)
2359 {
2360 	struct modctl	*rmod;
2361 
2362 	ASSERT(MUTEX_HELD(&mod_lock));
2363 
2364 	/*
2365 	 * Check the mod_inprogress_thread first.
2366 	 * mod_inprogress_thread is used in mod_hold_stub()
2367 	 * directly to improve performance.
2368 	 */
2369 	if (modp->mod_inprogress_thread == curthread)
2370 		return (1);
2371 
2372 	/*
2373 	 * Check the module circular dependencies.
2374 	 */
2375 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
2376 		/*
2377 		 * Check if there is a module circular dependency.
2378 		 */
2379 		if (rmod->mod_requisite_loading == modp)
2380 			return (1);
2381 	}
2382 	return (0);
2383 }
2384 
2385 static int
2386 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
2387 {
2388 	int (*func)(struct modinfo *);
2389 	int retval;
2390 
2391 	ASSERT(modp->mod_busy);
2392 
2393 	/* primary modules don't do getinfo */
2394 	if (modp->mod_prim)
2395 		return (0);
2396 
2397 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
2398 
2399 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
2400 		cmn_err(CE_WARN, "_info() not defined properly in %s",
2401 		    modp->mod_filename);
2402 		/*
2403 		 * The semantics of mod_info(9F) are that 0 is failure
2404 		 * and non-zero is success.
2405 		 */
2406 		retval = 0;
2407 	} else
2408 		retval = (*func)(modinfop);	/* call _info() function */
2409 
2410 	if (moddebug & MODDEBUG_USERDEBUG)
2411 		printf("Returned from _info, retval = %x\n", retval);
2412 
2413 	return (retval);
2414 }
2415 
2416 static void
2417 modadd(struct modctl *mp)
2418 {
2419 	ASSERT(MUTEX_HELD(&mod_lock));
2420 
2421 	mp->mod_id = last_module_id++;
2422 	mp->mod_next = &modules;
2423 	mp->mod_prev = modules.mod_prev;
2424 	modules.mod_prev->mod_next = mp;
2425 	modules.mod_prev = mp;
2426 }
2427 
2428 /*ARGSUSED*/
2429 static struct modctl *
2430 allocate_modp(char *filename, char *modname)
2431 {
2432 	struct modctl *mp;
2433 
2434 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
2435 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
2436 	(void) strcpy(mp->mod_modname, modname);
2437 	return (mp);
2438 }
2439 
2440 /*
2441  * Get the value of a symbol.  This is a wrapper routine that
2442  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
2443  * wrapper will prevent callers from noticing.
2444  */
2445 uintptr_t
2446 modgetsymvalue(char *name, int kernelonly)
2447 {
2448 	return (kobj_getsymvalue(name, kernelonly));
2449 }
2450 
2451 /*
2452  * Get the symbol nearest an address.  This is a wrapper routine that
2453  * calls kobj_getsymname().  kobj_getsymname() may go away but this
2454  * wrapper will prevent callers from noticing.
2455  */
2456 char *
2457 modgetsymname(uintptr_t value, ulong_t *offset)
2458 {
2459 	return (kobj_getsymname(value, offset));
2460 }
2461 
2462 /*
2463  * Lookup a symbol in a specified module.  This is a wrapper routine that
2464  * calls kobj_lookup().  kobj_lookup() may go away but this
2465  * wrapper will prevent callers from noticing.
2466  */
2467 uintptr_t
2468 modlookup(char *modname, char *symname)
2469 {
2470 	struct modctl *modp;
2471 	uintptr_t val;
2472 
2473 	if ((modp = mod_hold_by_name(modname)) == NULL)
2474 		return (0);
2475 	val = kobj_lookup(modp->mod_mp, symname);
2476 	mod_release_mod(modp);
2477 	return (val);
2478 }
2479 
2480 /*
2481  * Ask the user for the name of the system file and the default path
2482  * for modules.
2483  */
2484 void
2485 mod_askparams()
2486 {
2487 	static char s0[64];
2488 	intptr_t fd;
2489 
2490 	if ((fd = kobj_open(systemfile)) != -1L)
2491 		kobj_close(fd);
2492 	else
2493 		systemfile = NULL;
2494 
2495 	/*CONSTANTCONDITION*/
2496 	while (1) {
2497 		printf("Name of system file [%s]:  ",
2498 			systemfile ? systemfile : "/dev/null");
2499 
2500 		console_gets(s0, sizeof (s0));
2501 
2502 		if (s0[0] == '\0')
2503 			break;
2504 		else if (strcmp(s0, "/dev/null") == 0) {
2505 			systemfile = NULL;
2506 			break;
2507 		} else {
2508 			if ((fd = kobj_open(s0)) != -1L) {
2509 				kobj_close(fd);
2510 				systemfile = s0;
2511 				break;
2512 			}
2513 		}
2514 		printf("can't find file %s\n", s0);
2515 	}
2516 }
2517 
2518 static char loading_msg[] = "loading '%s' id %d\n";
2519 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
2520 
2521 /*
2522  * Common code for loading a module (but not installing it).
2523  * Handoff the task of module loading to a seperate thread
2524  * with a large stack if possible, since this code may recurse a few times.
2525  * Return zero if there are no errors or an errno value.
2526  */
2527 static int
2528 mod_load(struct modctl *mp, int usepath)
2529 {
2530 	int		retval;
2531 	struct modinfo	*modinfop = NULL;
2532 	struct loadmt	lt;
2533 
2534 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2535 	ASSERT(mp->mod_busy);
2536 
2537 	if (mp->mod_loaded)
2538 		return (0);
2539 
2540 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
2541 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
2542 		if (moddebug & MODDEBUG_LOADMSG) {
2543 			printf(mod_excl_msg, mp->mod_filename,
2544 				mp->mod_modname);
2545 		}
2546 		return (ENXIO);
2547 	}
2548 	if (moddebug & MODDEBUG_LOADMSG2)
2549 		printf(loading_msg, mp->mod_filename, mp->mod_id);
2550 
2551 	if (curthread != &t0) {
2552 		lt.mp = mp;
2553 		lt.usepath = usepath;
2554 		lt.owner = curthread;
2555 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
2556 
2557 		/* create thread to hand of call to */
2558 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
2559 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
2560 
2561 		/* wait for thread to complete kobj_load_module */
2562 		sema_p(&lt.sema);
2563 
2564 		sema_destroy(&lt.sema);
2565 		retval = lt.retval;
2566 	} else
2567 		retval = kobj_load_module(mp, usepath);
2568 
2569 	if (mp->mod_mp) {
2570 		ASSERT(retval == 0);
2571 		mp->mod_loaded = 1;
2572 		mp->mod_loadcnt++;
2573 		if (moddebug & MODDEBUG_LOADMSG) {
2574 			printf(load_msg, mp->mod_filename, mp->mod_id,
2575 				(void *)((struct module *)mp->mod_mp)->text,
2576 				(void *)((struct module *)mp->mod_mp)->data,
2577 				((struct module *)mp->mod_mp)->text_size,
2578 				((struct module *)mp->mod_mp)->data_size);
2579 		}
2580 
2581 		/*
2582 		 * XXX - There should be a better way to get this.
2583 		 */
2584 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
2585 		modinfop->mi_info = MI_INFO_LINKAGE;
2586 		if (mod_getinfo(mp, modinfop) == 0)
2587 			mp->mod_linkage = NULL;
2588 		else {
2589 			mp->mod_linkage = (void *)modinfop->mi_base;
2590 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
2591 		}
2592 
2593 		/*
2594 		 * DCS: bootstrapping code. If the driver is loaded
2595 		 * before root mount, it is assumed that the driver
2596 		 * may be used before mounting root. In order to
2597 		 * access mappings of global to local minor no.'s
2598 		 * during installation/open of the driver, we load
2599 		 * them into memory here while the BOP_interfaces
2600 		 * are still up.
2601 		 */
2602 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
2603 			retval = clboot_modload(mp);
2604 		}
2605 
2606 		kmem_free(modinfop, sizeof (struct modinfo));
2607 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
2608 		retval = install_stubs_by_name(mp, mp->mod_modname);
2609 
2610 		/*
2611 		 * Now that the module is loaded, we need to give DTrace
2612 		 * a chance to notify its providers.  This is done via
2613 		 * the dtrace_modload function pointer.
2614 		 */
2615 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
2616 			struct modctl *dmp = mod_hold_by_name("dtrace");
2617 
2618 			if (dmp != NULL && dtrace_modload != NULL)
2619 				(*dtrace_modload)(mp);
2620 
2621 			mod_release_mod(dmp);
2622 		}
2623 
2624 	} else {
2625 		/*
2626 		 * If load failed then we need to release any requisites
2627 		 * that we had established.
2628 		 */
2629 		ASSERT(retval);
2630 		mod_release_requisites(mp);
2631 
2632 		if (moddebug & MODDEBUG_ERRMSG)
2633 			printf("error loading '%s', error %d\n",
2634 			    mp->mod_filename, retval);
2635 	}
2636 	return (retval);
2637 }
2638 
2639 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
2640 
2641 static void
2642 mod_unload(struct modctl *mp)
2643 {
2644 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2645 	ASSERT(mp->mod_busy);
2646 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
2647 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
2648 
2649 	if (moddebug & MODDEBUG_LOADMSG)
2650 		printf(unload_msg, mp->mod_modname,
2651 			mp->mod_id, mp->mod_loadcnt);
2652 
2653 	/*
2654 	 * If mod_ref is not zero, it means some modules might still refer
2655 	 * to this module. Then you can't unload this module right now.
2656 	 * Instead, set 1 to mod_delay_unload to notify the system of
2657 	 * unloading this module later when it's not required any more.
2658 	 */
2659 	if (mp->mod_ref > 0) {
2660 		mp->mod_delay_unload = 1;
2661 		if (moddebug & MODDEBUG_LOADMSG2) {
2662 			printf("module %s not unloaded,"
2663 			    " non-zero reference count (%d)",
2664 			    mp->mod_modname, mp->mod_ref);
2665 		}
2666 		return;
2667 	}
2668 
2669 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
2670 	    (mp->mod_ref || mp->mod_prim)) {
2671 		/*
2672 		 * A DEBUG kernel would ASSERT panic above, the code is broken
2673 		 * if we get this warning.
2674 		 */
2675 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
2676 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
2677 		    mp->mod_ref);
2678 		return;
2679 	}
2680 
2681 	/* reset stub functions to call the binder again */
2682 	reset_stubs(mp);
2683 
2684 	/*
2685 	 * mark module as unloaded before the modctl structure is freed.
2686 	 * This is required not to reuse the modctl structure before
2687 	 * the module is marked as unloaded.
2688 	 */
2689 	mp->mod_loaded = 0;
2690 	mp->mod_linkage = NULL;
2691 
2692 	/* free the memory */
2693 	kobj_unload_module(mp);
2694 
2695 	if (mp->mod_delay_unload) {
2696 		mp->mod_delay_unload = 0;
2697 		if (moddebug & MODDEBUG_LOADMSG2) {
2698 			printf("deferred unload of module %s"
2699 			    " (id %d) successful",
2700 			    mp->mod_modname, mp->mod_id);
2701 		}
2702 	}
2703 
2704 	/* release hold on requisites */
2705 	mod_release_requisites(mp);
2706 
2707 	/*
2708 	 * Now that the module is gone, we need to give DTrace a chance to
2709 	 * remove any probes that it may have had in the module.  This is
2710 	 * done via the dtrace_modunload function pointer.
2711 	 */
2712 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
2713 		struct modctl *dmp = mod_hold_by_name("dtrace");
2714 
2715 		if (dmp != NULL && dtrace_modunload != NULL)
2716 			(*dtrace_modunload)(mp);
2717 
2718 		mod_release_mod(dmp);
2719 	}
2720 }
2721 
2722 static int
2723 modinstall(struct modctl *mp)
2724 {
2725 	int val;
2726 	int (*func)(void);
2727 
2728 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2729 	ASSERT(mp->mod_busy && mp->mod_loaded);
2730 
2731 	if (mp->mod_installed)
2732 		return (0);
2733 	/*
2734 	 * If mod_delay_unload is on, it means the system chose the deferred
2735 	 * unload for this module. Then you can't install this module until
2736 	 * it's unloaded from the system.
2737 	 */
2738 	if (mp->mod_delay_unload)
2739 		return (ENXIO);
2740 
2741 	if (moddebug & MODDEBUG_LOADMSG)
2742 		printf("installing %s, module id %d.\n",
2743 			mp->mod_modname, mp->mod_id);
2744 
2745 	ASSERT(mp->mod_mp != NULL);
2746 	if (mod_install_requisites(mp) != 0) {
2747 		/*
2748 		 * Note that we can't call mod_unload(mp) here since
2749 		 * if modinstall() was called by mod_install_requisites(),
2750 		 * we won't be able to hold the dependent modules
2751 		 * (otherwise there would be a deadlock).
2752 		 */
2753 		return (ENXIO);
2754 	}
2755 
2756 	if (moddebug & MODDEBUG_ERRMSG) {
2757 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
2758 			mp->mod_filename, mp->mod_id,
2759 			(void *)((struct module *)mp->mod_mp)->text,
2760 			(void *)((struct module *)mp->mod_mp)->data,
2761 			((struct module *)mp->mod_mp)->text_size,
2762 			((struct module *)mp->mod_mp)->data_size);
2763 	}
2764 
2765 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
2766 
2767 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
2768 		cmn_err(CE_WARN, "_init() not defined properly in %s",
2769 		    mp->mod_filename);
2770 		return (EFAULT);
2771 	}
2772 
2773 	if (moddebug & MODDEBUG_USERDEBUG) {
2774 		printf("breakpoint before calling %s:_init()\n",
2775 		    mp->mod_modname);
2776 		if (DEBUGGER_PRESENT)
2777 			debug_enter("_init");
2778 	}
2779 
2780 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2781 	ASSERT(mp->mod_busy && mp->mod_loaded);
2782 	val = (*func)();		/* call _init */
2783 
2784 	if (moddebug & MODDEBUG_USERDEBUG)
2785 		printf("Returned from _init, val = %x\n", val);
2786 
2787 	if (val == 0) {
2788 		/*
2789 		 * Set the MODS_INSTALLED flag to enable this module
2790 		 * being called now.
2791 		 */
2792 		install_stubs(mp);
2793 		mp->mod_installed = 1;
2794 	} else if (moddebug & MODDEBUG_ERRMSG)
2795 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
2796 
2797 	return (val);
2798 }
2799 
2800 static int
2801 detach_driver(char *name)
2802 {
2803 	major_t major;
2804 	int error;
2805 
2806 	/*
2807 	 * If being called from mod_uninstall_all() then the appropriate
2808 	 * driver detaches (leaf only) have already been done.
2809 	 */
2810 	if (mod_in_autounload())
2811 		return (0);
2812 
2813 	major = ddi_name_to_major(name);
2814 	if (major == (major_t)-1)
2815 		return (0);
2816 
2817 	error = ndi_devi_unconfig_driver(ddi_root_node(),
2818 	    NDI_DETACH_DRIVER, major);
2819 	return (error == NDI_SUCCESS ? 0 : -1);
2820 }
2821 
2822 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
2823 
2824 static int
2825 moduninstall(struct modctl *mp)
2826 {
2827 	int status = 0;
2828 	int (*func)(void);
2829 
2830 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2831 	ASSERT(mp->mod_busy);
2832 
2833 	/*
2834 	 * Verify that we need to do something and can uninstall the module.
2835 	 *
2836 	 * If we should not uninstall the module or if the module is not in
2837 	 * the correct state to start an uninstall we return EBUSY to prevent
2838 	 * us from progressing to mod_unload.  If the module has already been
2839 	 * uninstalled and unloaded we return EALREADY.
2840 	 */
2841 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
2842 		return (EBUSY);
2843 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
2844 		return (EALREADY);
2845 
2846 	/*
2847 	 * To avoid devinfo / module deadlock we must release this module
2848 	 * prior to initiating the detach_driver, otherwise the detach_driver
2849 	 * might deadlock on a devinfo node held by another thread
2850 	 * coming top down and involving the module we have locked.
2851 	 *
2852 	 * When we regrab the module we must reverify that it is OK
2853 	 * to proceed with the uninstall operation.
2854 	 */
2855 	mod_release_mod(mp);
2856 	status = detach_driver(mp->mod_modname);
2857 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
2858 
2859 	/* check detach status and reverify state with lock */
2860 	mutex_enter(&mod_lock);
2861 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
2862 		mutex_exit(&mod_lock);
2863 		return (EBUSY);
2864 	}
2865 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
2866 		mutex_exit(&mod_lock);
2867 		return (EALREADY);
2868 	}
2869 	mutex_exit(&mod_lock);
2870 
2871 	if (moddebug & MODDEBUG_LOADMSG2)
2872 		printf("uninstalling %s\n", mp->mod_modname);
2873 
2874 	/*
2875 	 * lookup _fini, return EBUSY if not defined.
2876 	 *
2877 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
2878 	 * detach(9E) - it allows bufctl addresses to be resolved.
2879 	 */
2880 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
2881 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
2882 	    (moddebug & MODDEBUG_FINI_EBUSY))
2883 		return (EBUSY);
2884 
2885 	/* verify that _fini is in this module */
2886 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
2887 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
2888 		    mp->mod_filename);
2889 		return (EFAULT);
2890 	}
2891 
2892 	/* call _fini() */
2893 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2894 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
2895 
2896 	status = (*func)();
2897 
2898 	if (status == 0) {
2899 		/* _fini returned success, the module is no longer installed */
2900 		if (moddebug & MODDEBUG_LOADMSG)
2901 			printf("uninstalled %s\n", mp->mod_modname);
2902 
2903 		/*
2904 		 * Even though we only set mod_installed to zero here, a zero
2905 		 * return value means we are commited to a code path were
2906 		 * mod_loaded will also end up as zero - we have no other
2907 		 * way to get the module data and bss back to the pre _init
2908 		 * state except a reload. To ensure this, after return,
2909 		 * mod_busy must stay set until mod_loaded is cleared.
2910 		 */
2911 		mp->mod_installed = 0;
2912 
2913 		/*
2914 		 * Clear the MODS_INSTALLED flag not to call functions
2915 		 * in the module directly from now on.
2916 		 */
2917 		uninstall_stubs(mp);
2918 	} else {
2919 		if (moddebug & MODDEBUG_USERDEBUG)
2920 			printf(finiret_msg, mp->mod_filename, status);
2921 		/*
2922 		 * By definition _fini is only allowed to return EBUSY or the
2923 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
2924 		 * that a driver returns EALREADY we convert this to EINVAL
2925 		 * since to our caller EALREADY means module was already
2926 		 * removed.
2927 		 */
2928 		if (status == EALREADY)
2929 			status = EINVAL;
2930 	}
2931 
2932 	return (status);
2933 }
2934 
2935 /*
2936  * Uninstall all modules.
2937  */
2938 static void
2939 mod_uninstall_all(void)
2940 {
2941 	struct modctl	*mp;
2942 	modid_t		modid = 0;
2943 
2944 	/* mark this thread as doing autounloading */
2945 	(void) tsd_set(mod_autounload_key, (void *)1);
2946 
2947 	(void) devfs_clean(ddi_root_node(), NULL, 0);
2948 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
2949 
2950 	while ((mp = mod_hold_next_by_id(modid)) != NULL) {
2951 		modid = mp->mod_id;
2952 		/*
2953 		 * Skip modules with the MOD_NOAUTOUNLOAD flag set
2954 		 */
2955 		if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
2956 			mod_release_mod(mp);
2957 			continue;
2958 		}
2959 
2960 		if (moduninstall(mp) == 0) {
2961 			mod_unload(mp);
2962 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2963 		}
2964 		mod_release_mod(mp);
2965 	}
2966 
2967 	(void) tsd_set(mod_autounload_key, NULL);
2968 }
2969 
2970 static int modunload_disable_count;
2971 
2972 void
2973 modunload_disable(void)
2974 {
2975 	INCR_COUNT(&modunload_disable_count, &mod_uninstall_lock);
2976 }
2977 
2978 void
2979 modunload_enable(void)
2980 {
2981 	DECR_COUNT(&modunload_disable_count, &mod_uninstall_lock);
2982 }
2983 
2984 void
2985 mod_uninstall_daemon(void)
2986 {
2987 	callb_cpr_t	cprinfo;
2988 	clock_t		ticks = 0;
2989 
2990 	mod_aul_thread = curthread;
2991 
2992 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
2993 	for (;;) {
2994 		mutex_enter(&mod_uninstall_lock);
2995 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
2996 		/*
2997 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
2998 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
2999 		 * be disabled by setting mod_uninstall_interval to 0 which is
3000 		 * the default for a non-DEBUG kernel.
3001 		 */
3002 		if (mod_uninstall_interval) {
3003 			ticks = ddi_get_lbolt() +
3004 				drv_usectohz(mod_uninstall_interval * 1000000);
3005 			(void) cv_timedwait(&mod_uninstall_cv,
3006 				&mod_uninstall_lock, ticks);
3007 		} else {
3008 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3009 		}
3010 		/*
3011 		 * The whole daemon is safe for CPR except we don't want
3012 		 * the daemon to run if FREEZE is issued and this daemon
3013 		 * wakes up from the cv_wait above. In this case, it'll be
3014 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3015 		 *
3016 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3017 		 * mod_uninstall_lock is used to protect cprinfo and
3018 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3019 		 * called.
3020 		 */
3021 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3022 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3023 		mutex_exit(&mod_uninstall_lock);
3024 		if ((modunload_disable_count == 0) &&
3025 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3026 			mod_uninstall_all();
3027 		}
3028 	}
3029 }
3030 
3031 /*
3032  * Unload all uninstalled modules.
3033  */
3034 void
3035 modreap(void)
3036 {
3037 	mutex_enter(&mod_uninstall_lock);
3038 	cv_broadcast(&mod_uninstall_cv);
3039 	mutex_exit(&mod_uninstall_lock);
3040 }
3041 
3042 /*
3043  * Hold the specified module. This is the module holding primitive.
3044  *
3045  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3046  *
3047  * Return values:
3048  *	 0 ==> the module is held
3049  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3050  *		to determine how to retry.
3051  */
3052 int
3053 mod_hold_by_modctl(struct modctl *mp, int f)
3054 {
3055 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3056 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3057 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3058 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3059 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3060 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3061 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3062 
3063 	if (f & MOD_LOCK_NOT_HELD)
3064 		mutex_enter(&mod_lock);
3065 
3066 	while (mp->mod_busy) {
3067 		mp->mod_want = 1;
3068 		cv_wait(&mod_cv, &mod_lock);
3069 		/*
3070 		 * Module may be unloaded by daemon.
3071 		 * Nevertheless, modctl structure is still in linked list
3072 		 * (i.e., off &modules), not freed!
3073 		 * Caller is not supposed to assume "mp" is valid, but there
3074 		 * is no reasonable way to detect this but using
3075 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3076 		 *   (or similar check depending on calling context)
3077 		 * DON'T free modctl structure, it will be very very
3078 		 * problematic.
3079 		 */
3080 		if (f & MOD_WAIT_ONCE) {
3081 			if (f & MOD_LOCK_NOT_HELD)
3082 				mutex_exit(&mod_lock);
3083 			return (1);	/* caller decides how to retry */
3084 		}
3085 	}
3086 
3087 	mp->mod_busy = 1;
3088 	mp->mod_inprogress_thread =
3089 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
3090 
3091 	if (f & MOD_LOCK_NOT_HELD)
3092 		mutex_exit(&mod_lock);
3093 	return (0);
3094 }
3095 
3096 static struct modctl *
3097 mod_hold_by_name_common(struct modctl *dep, char *filename)
3098 {
3099 	char		*modname;
3100 	struct modctl	*mp;
3101 	char		*curname, *newname;
3102 	int		found = 0;
3103 
3104 	mutex_enter(&mod_lock);
3105 
3106 	if ((modname = strrchr(filename, '/')) == NULL)
3107 		modname = filename;
3108 	else
3109 		modname++;
3110 
3111 	mp = &modules;
3112 	do {
3113 		if (strcmp(modname, mp->mod_modname) == 0) {
3114 			found = 1;
3115 			break;
3116 		}
3117 	} while ((mp = mp->mod_next) != &modules);
3118 
3119 	if (found == 0) {
3120 		mp = allocate_modp(filename, modname);
3121 		modadd(mp);
3122 	}
3123 
3124 	/*
3125 	 * if dep is not NULL, set the mp in mod_requisite_loading for
3126 	 * the module circular dependency check. This field is used in
3127 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
3128 	 */
3129 	if (dep != NULL) {
3130 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
3131 		dep->mod_requisite_loading = mp;
3132 	}
3133 
3134 	/*
3135 	 * If the module was held, then it must be us who has it held.
3136 	 */
3137 	if (mod_circdep(mp))
3138 		mp = NULL;
3139 	else {
3140 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3141 
3142 		/*
3143 		 * If the name hadn't been set or has changed, allocate
3144 		 * space and set it.  Free space used by previous name.
3145 		 *
3146 		 * Do not change the name of primary modules, for primary
3147 		 * modules the mod_filename was allocated in standalone mode:
3148 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
3149 		 * in non-standalone mode.
3150 		 */
3151 		curname = mp->mod_filename;
3152 		if (curname == NULL ||
3153 		    ((mp->mod_prim == 0) &&
3154 		    (curname != filename) &&
3155 		    (modname != filename) &&
3156 		    (strcmp(curname, filename) != 0))) {
3157 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
3158 			(void) strcpy(newname, filename);
3159 			mp->mod_filename = newname;
3160 			if (curname != NULL)
3161 				kobj_free(curname, strlen(curname) + 1);
3162 		}
3163 	}
3164 
3165 	mutex_exit(&mod_lock);
3166 	if (mp && moddebug & MODDEBUG_LOADMSG2)
3167 		printf("Holding %s\n", mp->mod_filename);
3168 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
3169 		printf("circular dependency loading %s\n", filename);
3170 	return (mp);
3171 }
3172 
3173 static struct modctl *
3174 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
3175 {
3176 	return (mod_hold_by_name_common(dep, filename));
3177 }
3178 
3179 struct modctl *
3180 mod_hold_by_name(char *filename)
3181 {
3182 	return (mod_hold_by_name_common(NULL, filename));
3183 }
3184 
3185 static struct modctl *
3186 mod_hold_by_id(modid_t modid)
3187 {
3188 	struct modctl	*mp;
3189 	int		found = 0;
3190 
3191 	mutex_enter(&mod_lock);
3192 	mp = &modules;
3193 	do {
3194 		if (mp->mod_id == modid) {
3195 			found = 1;
3196 			break;
3197 		}
3198 	} while ((mp = mp->mod_next) != &modules);
3199 
3200 	if ((found == 0) || mod_circdep(mp))
3201 		mp = NULL;
3202 	else
3203 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3204 
3205 	mutex_exit(&mod_lock);
3206 	return (mp);
3207 }
3208 
3209 static struct modctl *
3210 mod_hold_next_by_id(modid_t modid)
3211 {
3212 	struct modctl	*mp;
3213 	int		found = 0;
3214 
3215 	if (modid < -1)
3216 		return (NULL);
3217 
3218 	mutex_enter(&mod_lock);
3219 
3220 	mp = &modules;
3221 	do {
3222 		if (mp->mod_id > modid) {
3223 			found = 1;
3224 			break;
3225 		}
3226 	} while ((mp = mp->mod_next) != &modules);
3227 
3228 	if ((found == 0) || mod_circdep(mp))
3229 		mp = NULL;
3230 	else
3231 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3232 
3233 	mutex_exit(&mod_lock);
3234 	return (mp);
3235 }
3236 
3237 static void
3238 mod_release(struct modctl *mp)
3239 {
3240 	ASSERT(MUTEX_HELD(&mod_lock));
3241 	ASSERT(mp->mod_busy);
3242 
3243 	mp->mod_busy = 0;
3244 	mp->mod_inprogress_thread = NULL;
3245 	if (mp->mod_want) {
3246 		mp->mod_want = 0;
3247 		cv_broadcast(&mod_cv);
3248 	}
3249 }
3250 
3251 void
3252 mod_release_mod(struct modctl *mp)
3253 {
3254 	if (moddebug & MODDEBUG_LOADMSG2)
3255 		printf("Releasing %s\n", mp->mod_filename);
3256 	mutex_enter(&mod_lock);
3257 	mod_release(mp);
3258 	mutex_exit(&mod_lock);
3259 }
3260 
3261 modid_t
3262 mod_name_to_modid(char *filename)
3263 {
3264 	char		*modname;
3265 	struct modctl	*mp;
3266 
3267 	mutex_enter(&mod_lock);
3268 
3269 	if ((modname = strrchr(filename, '/')) == NULL)
3270 		modname = filename;
3271 	else
3272 		modname++;
3273 
3274 	mp = &modules;
3275 	do {
3276 		if (strcmp(modname, mp->mod_modname) == 0) {
3277 			mutex_exit(&mod_lock);
3278 			return (mp->mod_id);
3279 		}
3280 	} while ((mp = mp->mod_next) != &modules);
3281 
3282 	mutex_exit(&mod_lock);
3283 	return (-1);
3284 }
3285 
3286 
3287 int
3288 mod_remove_by_name(char *name)
3289 {
3290 	struct modctl *mp;
3291 	int retval;
3292 
3293 	mp = mod_hold_by_name(name);
3294 
3295 	if (mp == NULL)
3296 		return (EINVAL);
3297 
3298 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3299 		/*
3300 		 * Do not unload forceloaded modules
3301 		 */
3302 		mod_release_mod(mp);
3303 		return (0);
3304 	}
3305 
3306 	if ((retval = moduninstall(mp)) == 0) {
3307 		mod_unload(mp);
3308 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3309 	} else if (retval == EALREADY)
3310 		retval = 0;		/* already unloaded, not an error */
3311 	mod_release_mod(mp);
3312 	return (retval);
3313 }
3314 
3315 /*
3316  * Record that module "dep" is dependent on module "on_mod."
3317  */
3318 static void
3319 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
3320 {
3321 	struct modctl_list **pmlnp;	/* previous next pointer */
3322 	struct modctl_list *mlp;
3323 	struct modctl_list *new;
3324 
3325 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
3326 	mutex_enter(&mod_lock);
3327 
3328 	/*
3329 	 * Search dependent's requisite list to see if on_mod is recorded.
3330 	 * List is ordered by id.
3331 	 */
3332 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
3333 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
3334 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
3335 			break;
3336 
3337 	/* Create and insert if not already recorded */
3338 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
3339 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
3340 		new->modl_modp = on_mod;
3341 		new->modl_next = mlp;
3342 		*pmlnp = new;
3343 
3344 		/*
3345 		 * Increment the mod_ref count in our new requisite module.
3346 		 * This is what keeps a module that has other modules
3347 		 * which are dependent on it from being uninstalled and
3348 		 * unloaded. "on_mod"'s mod_ref count decremented in
3349 		 * mod_release_requisites when the "dependent" module
3350 		 * unload is complete.  "on_mod" must be loaded, but may not
3351 		 * yet be installed.
3352 		 */
3353 		on_mod->mod_ref++;
3354 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
3355 	}
3356 
3357 	mutex_exit(&mod_lock);
3358 }
3359 
3360 /*
3361  * release the hold associated with mod_make_requisite mod_ref++
3362  * as part of unload.
3363  */
3364 void
3365 mod_release_requisites(struct modctl *modp)
3366 {
3367 	struct modctl_list *modl;
3368 	struct modctl_list *next;
3369 	struct modctl *req;
3370 	struct modctl_list *start = NULL, *mod_garbage;
3371 
3372 	ASSERT(modp->mod_busy);
3373 	ASSERT(!MUTEX_HELD(&mod_lock));
3374 
3375 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
3376 	for (modl = modp->mod_requisites; modl; modl = next) {
3377 		next = modl->modl_next;
3378 		req = modl->modl_modp;
3379 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
3380 		req->mod_ref--;
3381 
3382 		/*
3383 		 * Check if the module has to be unloaded or not.
3384 		 */
3385 		if (req->mod_ref == 0 && req->mod_delay_unload) {
3386 			struct modctl_list *new;
3387 			/*
3388 			 * Allocate the modclt_list holding the garbage
3389 			 * module which should be unloaded later.
3390 			 */
3391 			new = kobj_zalloc(sizeof (struct modctl_list),
3392 			    KM_SLEEP);
3393 			new->modl_modp = req;
3394 
3395 			if (start == NULL)
3396 				mod_garbage = start = new;
3397 			else {
3398 				mod_garbage->modl_next = new;
3399 				mod_garbage = new;
3400 			}
3401 		}
3402 
3403 		/* free the list as we go */
3404 		kobj_free(modl, sizeof (*modl));
3405 	}
3406 	modp->mod_requisites = NULL;
3407 	mutex_exit(&mod_lock);
3408 
3409 	/*
3410 	 * Unload the garbage modules.
3411 	 */
3412 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
3413 		struct modctl_list *old = mod_garbage;
3414 		struct modctl *mp = mod_garbage->modl_modp;
3415 		ASSERT(mp != NULL);
3416 
3417 		/*
3418 		 * Hold this module until it's unloaded completely.
3419 		 */
3420 		(void) mod_hold_by_modctl(mp,
3421 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3422 		/*
3423 		 * Check if the module is not unloaded yet and nobody requires
3424 		 * the module. If it's unloaded already or somebody still
3425 		 * requires the module, don't unload it now.
3426 		 */
3427 		if (mp->mod_loaded && mp->mod_ref == 0)
3428 			mod_unload(mp);
3429 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
3430 		    (mp->mod_ref > 0));
3431 		mod_release_mod(mp);
3432 
3433 		mod_garbage = mod_garbage->modl_next;
3434 		kobj_free(old, sizeof (struct modctl_list));
3435 	}
3436 }
3437 
3438 /*
3439  * Process dependency of the module represented by "dep" on the
3440  * module named by "on."
3441  *
3442  * Called from kobj_do_dependents() to load a module "on" on which
3443  * "dep" depends.
3444  */
3445 struct modctl *
3446 mod_load_requisite(struct modctl *dep, char *on)
3447 {
3448 	struct modctl *on_mod;
3449 	int retval;
3450 
3451 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
3452 		mod_make_requisite(dep, on_mod);
3453 	} else if (moddebug & MODDEBUG_ERRMSG) {
3454 		printf("error processing %s on which module %s depends\n",
3455 			on, dep->mod_modname);
3456 	}
3457 	return (on_mod);
3458 }
3459 
3460 static int
3461 mod_install_requisites(struct modctl *modp)
3462 {
3463 	struct modctl_list *modl;
3464 	struct modctl *req;
3465 	int status = 0;
3466 
3467 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3468 	ASSERT(modp->mod_busy);
3469 
3470 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
3471 		req = modl->modl_modp;
3472 		(void) mod_hold_by_modctl(req,
3473 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3474 		status = modinstall(req);
3475 		mod_release_mod(req);
3476 
3477 		if (status != 0)
3478 			break;
3479 	}
3480 	return (status);
3481 }
3482 
3483 /*
3484  * returns 1 if this thread is doing autounload, 0 otherwise.
3485  * see mod_uninstall_all.
3486  */
3487 int
3488 mod_in_autounload()
3489 {
3490 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
3491 }
3492 
3493 /*
3494  * gmatch adapted from libc, stripping the wchar stuff
3495  */
3496 #define	popchar(p, c) \
3497 	c = *p++; \
3498 	if (c == 0) \
3499 		return (0);
3500 
3501 static int
3502 gmatch(const char *s, const char *p)
3503 {
3504 	int c, sc;
3505 	int ok, lc, notflag;
3506 
3507 	sc = *s++;
3508 	c = *p++;
3509 	if (c == 0)
3510 		return (sc == c);	/* nothing matches nothing */
3511 
3512 	switch (c) {
3513 	case '\\':
3514 		/* skip to quoted character */
3515 		popchar(p, c)
3516 		/*FALLTHRU*/
3517 
3518 	default:
3519 		/* straight comparison */
3520 		if (c != sc)
3521 			return (0);
3522 		/*FALLTHRU*/
3523 
3524 	case '?':
3525 		/* first char matches, move to remainder */
3526 		return (sc != '\0' ? gmatch(s, p) : 0);
3527 
3528 
3529 	case '*':
3530 		while (*p == '*')
3531 			p++;
3532 
3533 		/* * matches everything */
3534 		if (*p == 0)
3535 			return (1);
3536 
3537 		/* undo skip at the beginning & iterate over substrings */
3538 		--s;
3539 		while (*s) {
3540 			if (gmatch(s, p))
3541 				return (1);
3542 			s++;
3543 		}
3544 		return (0);
3545 
3546 	case '[':
3547 		/* match any char within [] */
3548 		if (sc == 0)
3549 			return (0);
3550 
3551 		ok = lc = notflag = 0;
3552 
3553 		if (*p == '!') {
3554 			notflag = 1;
3555 			p++;
3556 		}
3557 		popchar(p, c)
3558 
3559 		do {
3560 			if (c == '-' && lc && *p != ']') {
3561 				/* test sc against range [c1-c2] */
3562 				popchar(p, c)
3563 				if (c == '\\') {
3564 					popchar(p, c)
3565 				}
3566 
3567 				if (notflag) {
3568 					/* return 0 on mismatch */
3569 					if (lc <= sc && sc <= c)
3570 						return (0);
3571 					ok++;
3572 				} else if (lc <= sc && sc <= c) {
3573 					ok++;
3574 				}
3575 				/* keep going, may get a match next */
3576 			} else if (c == '\\') {
3577 				/* skip to quoted character */
3578 				popchar(p, c)
3579 			}
3580 			lc = c;
3581 			if (notflag) {
3582 				if (sc == lc)
3583 					return (0);
3584 				ok++;
3585 			} else if (sc == lc) {
3586 				ok++;
3587 			}
3588 			popchar(p, c)
3589 		} while (c != ']');
3590 
3591 		/* recurse on remainder of string */
3592 		return (ok ? gmatch(s, p) : 0);
3593 	}
3594 	/*NOTREACHED*/
3595 }
3596 
3597 
3598 /*
3599  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
3600  *
3601  * Pure wild-carded patterns are handled separately so the ordering of
3602  * these patterns doesn't matter.  We're still dependent on ordering
3603  * however as the first matching entry is the one returned.
3604  * Not ideal but all existing examples and usage do imply this
3605  * ordering implicitly.
3606  *
3607  * Drivers using the clone driver are always good for some entertainment.
3608  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
3609  * perm entries have the form clone:<driver>, others use <driver>:*
3610  * Examples are clone:llc1 vs. llc2:*, for example.
3611  *
3612  * Minor perms in the clone:<driver> form are mapped to the drivers's
3613  * mperm list, not the clone driver, as wildcard entries for clone
3614  * reference only.  In other words, a clone wildcard will match
3615  * references for clone@0:<driver> but never <driver>@<minor>.
3616  *
3617  * Additional minor perms in the standard form are also supported,
3618  * for mixed usage, ie a node with an entry clone:<driver> could
3619  * provide further entries <driver>:<minor>.
3620  *
3621  * Finally, some uses of clone use an alias as the minor name rather
3622  * than the driver name, with the alias as the minor perm entry.
3623  * This case is handled by attaching the driver to bring its
3624  * minor list into existence, then discover the alias via DDI_ALIAS.
3625  * The clone device's minor perm list can then be searched for
3626  * that alias.
3627  */
3628 
3629 static int
3630 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
3631 {
3632 	major_t major;
3633 	struct devnames *dnp;
3634 	mperm_t *mp;
3635 	char *alias = NULL;
3636 	dev_info_t *cdevi;
3637 	struct ddi_minor_data *dmd;
3638 
3639 	major = ddi_name_to_major(minor_name);
3640 
3641 	ASSERT(dip == clone_dip);
3642 	ASSERT(major != (major_t)-1);
3643 
3644 	/*
3645 	 * Attach the driver named by the minor node, then
3646 	 * search its first instance's minor list for an
3647 	 * alias node.
3648 	 */
3649 	if (ddi_hold_installed_driver(major) == NULL)
3650 		return (1);
3651 
3652 	dnp = &devnamesp[major];
3653 	LOCK_DEV_OPS(&dnp->dn_lock);
3654 
3655 	if ((cdevi = dnp->dn_head) != NULL) {
3656 		mutex_enter(&DEVI(cdevi)->devi_lock);
3657 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
3658 			if (dmd->type == DDM_ALIAS) {
3659 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
3660 				break;
3661 			}
3662 		}
3663 		mutex_exit(&DEVI(cdevi)->devi_lock);
3664 	}
3665 
3666 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3667 	ddi_rele_driver(major);
3668 
3669 	if (alias == NULL) {
3670 		if (moddebug & MODDEBUG_MINORPERM)
3671 			cmn_err(CE_CONT, "dev_minorperm: "
3672 			    "no alias for %s\n", minor_name);
3673 		return (1);
3674 	}
3675 
3676 	major = ddi_driver_major(clone_dip);
3677 	dnp = &devnamesp[major];
3678 	LOCK_DEV_OPS(&dnp->dn_lock);
3679 
3680 	/*
3681 	 * Go through the clone driver's mperm list looking
3682 	 * for a match for the specified alias.
3683 	 */
3684 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
3685 		if (strcmp(alias, mp->mp_minorname) == 0) {
3686 			break;
3687 		}
3688 	}
3689 
3690 	if (mp) {
3691 		if (moddebug & MODDEBUG_MP_MATCH) {
3692 			cmn_err(CE_CONT,
3693 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
3694 			    minor_name, alias, mp->mp_mode,
3695 			    mp->mp_uid, mp->mp_gid);
3696 		}
3697 		rmp->mp_uid = mp->mp_uid;
3698 		rmp->mp_gid = mp->mp_gid;
3699 		rmp->mp_mode = mp->mp_mode;
3700 	}
3701 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3702 
3703 	kmem_free(alias, strlen(alias)+1);
3704 
3705 	return (mp == NULL);
3706 }
3707 
3708 int
3709 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
3710 {
3711 	major_t major;
3712 	char *minor_name;
3713 	struct devnames *dnp;
3714 	mperm_t *mp;
3715 	int is_clone = 0;
3716 
3717 	if (!minorperm_loaded) {
3718 		if (moddebug & MODDEBUG_MINORPERM)
3719 			cmn_err(CE_CONT,
3720 			    "%s: minor perm not yet loaded\n", name);
3721 		return (1);
3722 	}
3723 
3724 	minor_name = strchr(name, ':');
3725 	if (minor_name == NULL)
3726 		return (1);
3727 	minor_name++;
3728 
3729 	/*
3730 	 * If it's the clone driver, search the driver as named
3731 	 * by the minor.  All clone minor perm entries other than
3732 	 * alias nodes are actually installed on the real driver's list.
3733 	 */
3734 	if (dip == clone_dip) {
3735 		major = ddi_name_to_major(minor_name);
3736 		if (major == (major_t)-1) {
3737 			if (moddebug & MODDEBUG_MINORPERM)
3738 				cmn_err(CE_CONT, "dev_minorperm: "
3739 				    "%s: no such driver\n", minor_name);
3740 			return (1);
3741 		}
3742 		is_clone = 1;
3743 	} else {
3744 		major = ddi_driver_major(dip);
3745 		ASSERT(major != (major_t)-1);
3746 	}
3747 
3748 	dnp = &devnamesp[major];
3749 	LOCK_DEV_OPS(&dnp->dn_lock);
3750 
3751 	/*
3752 	 * Go through the driver's mperm list looking for
3753 	 * a match for the specified minor.  If there's
3754 	 * no matching pattern, use the wild card.
3755 	 * Defer to the clone wild for clone if specified,
3756 	 * otherwise fall back to the normal form.
3757 	 */
3758 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
3759 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
3760 			break;
3761 		}
3762 	}
3763 	if (mp == NULL) {
3764 		if (is_clone)
3765 			mp = dnp->dn_mperm_clone;
3766 		if (mp == NULL)
3767 			mp = dnp->dn_mperm_wild;
3768 	}
3769 
3770 	if (mp) {
3771 		if (moddebug & MODDEBUG_MP_MATCH) {
3772 			cmn_err(CE_CONT,
3773 			    "minor perm defaults: %s %s 0%o %d %d\n",
3774 			    name, mp->mp_minorname, mp->mp_mode,
3775 			    mp->mp_uid, mp->mp_gid);
3776 		}
3777 		rmp->mp_uid = mp->mp_uid;
3778 		rmp->mp_gid = mp->mp_gid;
3779 		rmp->mp_mode = mp->mp_mode;
3780 	}
3781 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3782 
3783 	/*
3784 	 * If no match can be found for a clone node,
3785 	 * search for a possible match for an alias.
3786 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
3787 	 * with minor perm entry clone:ptmx.
3788 	 */
3789 	if (mp == NULL && is_clone) {
3790 		return (dev_alias_minorperm(dip, minor_name, rmp));
3791 	}
3792 
3793 	return (mp == NULL);
3794 }
3795 
3796 /*
3797  * dynamicaly reference load a dl module/library, returning handle
3798  */
3799 /*ARGSUSED*/
3800 ddi_modhandle_t
3801 ddi_modopen(const char *modname, int mode, int *errnop)
3802 {
3803 	char		*subdir;
3804 	char		*mod;
3805 	int		subdirlen;
3806 	struct modctl	*hmodp = NULL;
3807 	int		retval = EINVAL;
3808 
3809 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
3810 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
3811 		goto out;
3812 
3813 	/* find optional first '/' in modname */
3814 	mod = strchr(modname, '/');
3815 	if (mod != strrchr(modname, '/'))
3816 		goto out;		/* only one '/' is legal */
3817 
3818 	if (mod) {
3819 		/* for subdir string without modification to argument */
3820 		mod++;
3821 		subdirlen = mod - modname;
3822 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
3823 		(void) strlcpy(subdir, modname, subdirlen);
3824 	} else {
3825 		subdirlen = 0;
3826 		subdir = "misc";
3827 		mod = (char *)modname;
3828 	}
3829 
3830 	/* reference load with errno return value */
3831 	retval = modrload(subdir, mod, &hmodp);
3832 
3833 	if (subdirlen)
3834 		kmem_free(subdir, subdirlen);
3835 
3836 out:	if (errnop)
3837 		*errnop = retval;
3838 
3839 	if (moddebug & MODDEBUG_DDI_MOD)
3840 		printf("ddi_modopen %s mode %x: %s %p %d\n",
3841 		    modname ? modname : "<unknown>", mode,
3842 		    hmodp ? hmodp->mod_filename : "<unknown>",
3843 		    (void *)hmodp, retval);
3844 
3845 	return ((ddi_modhandle_t)hmodp);
3846 }
3847 
3848 /* lookup "name" in open dl module/library */
3849 void *
3850 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
3851 {
3852 	struct modctl	*hmodp = (struct modctl *)h;
3853 	void		*f;
3854 	int		retval;
3855 
3856 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
3857 	if ((hmodp == NULL) || (name == NULL) ||
3858 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
3859 		f = NULL;
3860 		retval = EINVAL;
3861 	} else {
3862 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
3863 		if (f)
3864 			retval = 0;
3865 		else
3866 			retval = ENOTSUP;
3867 	}
3868 
3869 	if (moddebug & MODDEBUG_DDI_MOD)
3870 		printf("ddi_modsym in %s of %s: %d %p\n",
3871 		    hmodp ? hmodp->mod_modname : "<unknown>",
3872 		    name ? name : "<unknown>", retval, f);
3873 
3874 	if (errnop)
3875 		*errnop = retval;
3876 	return (f);
3877 }
3878 
3879 /* dynamic (un)reference unload of an open dl module/library */
3880 int
3881 ddi_modclose(ddi_modhandle_t h)
3882 {
3883 	struct modctl	*hmodp = (struct modctl *)h;
3884 	struct modctl	*modp = NULL;
3885 	int		retval;
3886 
3887 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
3888 	if ((hmodp == NULL) ||
3889 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
3890 		retval = EINVAL;
3891 		goto out;
3892 	}
3893 
3894 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
3895 	if (retval == EBUSY)
3896 		retval = 0;	/* EBUSY is not an error */
3897 
3898 	if (retval == 0) {
3899 		ASSERT(hmodp == modp);
3900 		if (hmodp != modp)
3901 			retval = EINVAL;
3902 	}
3903 
3904 out:	if (moddebug & MODDEBUG_DDI_MOD)
3905 		printf("ddi_modclose %s: %d\n",
3906 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
3907 
3908 	return (retval);
3909 }
3910