xref: /illumos-gate/usr/src/uts/common/os/modctl.c (revision fb2a9bae0030340ad72b9c26ba1ffee2ee3cafec)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * modctl system call for loadable module support.
29  */
30 
31 #include <sys/param.h>
32 #include <sys/user.h>
33 #include <sys/systm.h>
34 #include <sys/exec.h>
35 #include <sys/file.h>
36 #include <sys/stat.h>
37 #include <sys/conf.h>
38 #include <sys/time.h>
39 #include <sys/reboot.h>
40 #include <sys/fs/ufs_fsdir.h>
41 #include <sys/kmem.h>
42 #include <sys/sysconf.h>
43 #include <sys/cmn_err.h>
44 #include <sys/ddi.h>
45 #include <sys/sunddi.h>
46 #include <sys/sunndi.h>
47 #include <sys/ndi_impldefs.h>
48 #include <sys/ddi_impldefs.h>
49 #include <sys/ddi_implfuncs.h>
50 #include <sys/bootconf.h>
51 #include <sys/dc_ki.h>
52 #include <sys/cladm.h>
53 #include <sys/dtrace.h>
54 #include <sys/kdi.h>
55 
56 #include <sys/devpolicy.h>
57 #include <sys/modctl.h>
58 #include <sys/kobj.h>
59 #include <sys/devops.h>
60 #include <sys/autoconf.h>
61 #include <sys/hwconf.h>
62 #include <sys/callb.h>
63 #include <sys/debug.h>
64 #include <sys/cpuvar.h>
65 #include <sys/sysmacros.h>
66 #include <sys/sysevent.h>
67 #include <sys/sysevent_impl.h>
68 #include <sys/instance.h>
69 #include <sys/modhash.h>
70 #include <sys/modhash_impl.h>
71 #include <sys/dacf_impl.h>
72 #include <sys/vfs.h>
73 #include <sys/pathname.h>
74 #include <sys/console.h>
75 #include <sys/policy.h>
76 #include <ipp/ipp_impl.h>
77 #include <sys/fs/dv_node.h>
78 #include <sys/strsubr.h>
79 #include <sys/fs/sdev_impl.h>
80 
81 static int		mod_circdep(struct modctl *);
82 static int		modinfo(modid_t, struct modinfo *);
83 
84 static void		mod_uninstall_all(void);
85 static int		mod_getinfo(struct modctl *, struct modinfo *);
86 static struct modctl	*allocate_modp(const char *, const char *);
87 
88 static int		mod_load(struct modctl *, int);
89 static void		mod_unload(struct modctl *);
90 static int		modinstall(struct modctl *);
91 static int		moduninstall(struct modctl *);
92 
93 static struct modctl	*mod_hold_by_name_common(struct modctl *, const char *);
94 static struct modctl	*mod_hold_next_by_id(modid_t);
95 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
96 static struct modctl	*mod_hold_installed_mod(char *, int, int, int *);
97 
98 static void		mod_release(struct modctl *);
99 static void		mod_make_requisite(struct modctl *, struct modctl *);
100 static int		mod_install_requisites(struct modctl *);
101 static void		check_esc_sequences(char *, char *);
102 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
103 
104 /*
105  * module loading thread control structure. Calls to kobj_load_module()() are
106  * handled off to a separate thead using this structure.
107  */
108 struct loadmt {
109 	ksema_t		sema;
110 	struct modctl	*mp;
111 	int		usepath;
112 	kthread_t	*owner;
113 	int		retval;
114 };
115 
116 static void	modload_thread(struct loadmt *);
117 
118 kcondvar_t	mod_cv;
119 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
120 					/* and the uninstall daemon. */
121 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
122 					/* mod_busy, mod_want, and mod_ref. */
123 					/* blocking operations while holding */
124 					/* mod_lock should be avoided */
125 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
126 kthread_id_t	mod_aul_thread;
127 
128 int		modunload_wait;
129 kmutex_t	modunload_wait_mutex;
130 kcondvar_t	modunload_wait_cv;
131 int		modunload_active_count;
132 int		modunload_disable_count;
133 
134 int	isminiroot;		/* set if running as miniroot */
135 int	modrootloaded;		/* set after root driver and fs are loaded */
136 int	moddebug = 0x0;		/* debug flags for module writers */
137 int	swaploaded;		/* set after swap driver and fs are loaded */
138 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
139 int	last_module_id;
140 clock_t	mod_uninstall_interval = 0;
141 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
142 
143 int	devcnt_incr	= 256;		/* allow for additional drivers */
144 int	devcnt_min	= 512;		/* and always at least this number */
145 
146 struct devnames *devnamesp;
147 struct devnames orphanlist;
148 
149 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
150 
151 #define	MAJBINDFILE "/etc/name_to_major"
152 #define	SYSBINDFILE "/etc/name_to_sysnum"
153 
154 static char	majbind[] = MAJBINDFILE;
155 static char	sysbind[] = SYSBINDFILE;
156 static uint_t	mod_autounload_key;	/* for module autounload detection */
157 
158 extern int obpdebug;
159 
160 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
161 
162 static int minorperm_loaded = 0;
163 
164 void
165 mod_setup(void)
166 {
167 	struct sysent *callp;
168 	int callnum, exectype;
169 	int	num_devs;
170 	int	i;
171 
172 	/*
173 	 * Initialize the list of loaded driver dev_ops.
174 	 * XXX - This must be done before reading the system file so that
175 	 * forceloads of drivers will work.
176 	 */
177 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
178 	/*
179 	 * Since read_binding_file is common code, it doesn't enforce that all
180 	 * of the binding file entries have major numbers <= MAXMAJ32.	Thus,
181 	 * ensure that we don't allocate some massive amount of space due to a
182 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
183 	 * until file system support for larger major numbers exists.
184 	 */
185 
186 	/*
187 	 * Leave space for expansion, but not more than L_MAXMAJ32
188 	 */
189 	devcnt = MIN(num_devs + devcnt_incr, L_MAXMAJ32);
190 	devcnt = MAX(devcnt, devcnt_min);
191 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
192 	for (i = 0; i < devcnt; i++)
193 		devopsp[i] = &mod_nodev_ops;
194 
195 	init_devnamesp(devcnt);
196 
197 	/*
198 	 * Sync up with the work that the stand-alone linker has already done.
199 	 */
200 	(void) kobj_sync();
201 
202 	if (boothowto & RB_DEBUG)
203 		kdi_dvec_modavail();
204 
205 	make_aliases(mb_hashtab);
206 
207 	/*
208 	 * Initialize streams device implementation structures.
209 	 */
210 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
211 
212 	/*
213 	 * If the cl_bootstrap module is present,
214 	 * we should be configured as a cluster. Loading this module
215 	 * will set "cluster_bootflags" to non-zero.
216 	 */
217 	(void) modload("misc", "cl_bootstrap");
218 
219 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
220 	init_syscallnames(NSYSCALL);
221 
222 	/*
223 	 * Start up dynamic autoconfiguration framework (dacf).
224 	 */
225 	mod_hash_init();
226 	dacf_init();
227 
228 	/*
229 	 * Start up IP policy framework (ipp).
230 	 */
231 	ipp_init();
232 
233 	/*
234 	 * Allocate loadable native system call locks.
235 	 */
236 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
237 	    callnum++, callp++) {
238 		if (LOADABLE_SYSCALL(callp)) {
239 			if (mod_getsysname(callnum) != NULL) {
240 				callp->sy_lock =
241 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
242 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
243 			} else {
244 				callp->sy_flags &= ~SE_LOADABLE;
245 				callp->sy_callc = nosys;
246 			}
247 #ifdef DEBUG
248 		} else {
249 			/*
250 			 * Do some sanity checks on the sysent table
251 			 */
252 			switch (callp->sy_flags & SE_RVAL_MASK) {
253 			case SE_32RVAL1:
254 				/* only r_val1 returned */
255 			case SE_32RVAL1 | SE_32RVAL2:
256 				/* r_val1 and r_val2 returned */
257 			case SE_64RVAL:
258 				/* 64-bit rval returned */
259 				break;
260 			default:
261 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
262 				    callnum, callp->sy_flags);
263 			}
264 #endif
265 		}
266 	}
267 
268 #ifdef _SYSCALL32_IMPL
269 	/*
270 	 * Allocate loadable system call locks for 32-bit compat syscalls
271 	 */
272 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
273 	    callnum++, callp++) {
274 		if (LOADABLE_SYSCALL(callp)) {
275 			if (mod_getsysname(callnum) != NULL) {
276 				callp->sy_lock =
277 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
278 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
279 			} else {
280 				callp->sy_flags &= ~SE_LOADABLE;
281 				callp->sy_callc = nosys;
282 			}
283 #ifdef DEBUG
284 		} else {
285 			/*
286 			 * Do some sanity checks on the sysent table
287 			 */
288 			switch (callp->sy_flags & SE_RVAL_MASK) {
289 			case SE_32RVAL1:
290 				/* only r_val1 returned */
291 			case SE_32RVAL1 | SE_32RVAL2:
292 				/* r_val1 and r_val2 returned */
293 			case SE_64RVAL:
294 				/* 64-bit rval returned */
295 				break;
296 			default:
297 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
298 				    callnum, callp->sy_flags);
299 				goto skip;
300 			}
301 
302 			/*
303 			 * Cross-check the native and compatibility tables.
304 			 */
305 			if (callp->sy_callc == nosys ||
306 			    sysent[callnum].sy_callc == nosys)
307 				continue;
308 			/*
309 			 * If only one or the other slot is loadable, then
310 			 * there's an error -- they should match!
311 			 */
312 			if ((callp->sy_callc == loadable_syscall) ^
313 			    (sysent[callnum].sy_callc == loadable_syscall)) {
314 				cmn_err(CE_WARN, "sysent[%d] loadable?",
315 				    callnum);
316 			}
317 			/*
318 			 * This is more of a heuristic test -- if the
319 			 * system call returns two values in the 32-bit
320 			 * world, it should probably return two 32-bit
321 			 * values in the 64-bit world too.
322 			 */
323 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
324 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
325 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
326 				    callnum);
327 			}
328 skip:;
329 #endif	/* DEBUG */
330 		}
331 	}
332 #endif	/* _SYSCALL32_IMPL */
333 
334 	/*
335 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
336 	 */
337 	for (exectype = 0; exectype < nexectype; exectype++) {
338 		execsw[exectype].exec_lock =
339 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
340 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
341 	}
342 
343 	read_class_file();
344 
345 	/* init thread specific structure for mod_uninstall_all */
346 	tsd_create(&mod_autounload_key, NULL);
347 }
348 
349 static int
350 modctl_modload(int use_path, char *filename, int *rvp)
351 {
352 	struct modctl *modp;
353 	int retval = 0;
354 	char *filenamep;
355 	int modid;
356 
357 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
358 
359 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
360 		retval = EFAULT;
361 		goto out;
362 	}
363 
364 	filenamep[MOD_MAXPATH - 1] = 0;
365 	modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
366 
367 	if (modp == NULL)
368 		goto out;
369 
370 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
371 	modid = modp->mod_id;
372 	mod_release_mod(modp);
373 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
374 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
375 		retval = EFAULT;
376 out:
377 	kmem_free(filenamep, MOD_MAXPATH);
378 
379 	return (retval);
380 }
381 
382 static int
383 modctl_modunload(modid_t id)
384 {
385 	int rval = 0;
386 
387 	if (id == 0) {
388 #ifdef DEBUG
389 		/*
390 		 * Turn on mod_uninstall_daemon
391 		 */
392 		if (mod_uninstall_interval == 0) {
393 			mod_uninstall_interval = 60;
394 			modreap();
395 			return (rval);
396 		}
397 #endif
398 		mod_uninstall_all();
399 	} else {
400 		rval = modunload(id);
401 	}
402 	return (rval);
403 }
404 
405 static int
406 modctl_modinfo(modid_t id, struct modinfo *umodi)
407 {
408 	int retval;
409 	struct modinfo modi;
410 #if defined(_SYSCALL32_IMPL)
411 	int nobase;
412 	struct modinfo32 modi32;
413 #endif
414 
415 	if (get_udatamodel() == DATAMODEL_NATIVE) {
416 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
417 			return (EFAULT);
418 	}
419 #ifdef _SYSCALL32_IMPL
420 	else {
421 		bzero(&modi, sizeof (modi));
422 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
423 			return (EFAULT);
424 		modi.mi_info = modi32.mi_info;
425 		modi.mi_id = modi32.mi_id;
426 		modi.mi_nextid = modi32.mi_nextid;
427 		nobase = modi.mi_info & MI_INFO_NOBASE;
428 	}
429 #endif
430 	/*
431 	 * This flag is -only- for the kernels use.
432 	 */
433 	modi.mi_info &= ~MI_INFO_LINKAGE;
434 
435 	retval = modinfo(id, &modi);
436 	if (retval)
437 		return (retval);
438 
439 	if (get_udatamodel() == DATAMODEL_NATIVE) {
440 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
441 			retval = EFAULT;
442 #ifdef _SYSCALL32_IMPL
443 	} else {
444 		int i;
445 
446 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
447 			return (EOVERFLOW);
448 
449 		modi32.mi_info = modi.mi_info;
450 		modi32.mi_state = modi.mi_state;
451 		modi32.mi_id = modi.mi_id;
452 		modi32.mi_nextid = modi.mi_nextid;
453 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
454 		modi32.mi_size = modi.mi_size;
455 		modi32.mi_rev = modi.mi_rev;
456 		modi32.mi_loadcnt = modi.mi_loadcnt;
457 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
458 		for (i = 0; i < MODMAXLINK32; i++) {
459 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
460 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
461 			    modi32.mi_msinfo[i].msi_linkinfo,
462 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
463 		}
464 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
465 			retval = EFAULT;
466 #endif
467 	}
468 
469 	return (retval);
470 }
471 
472 /*
473  * Return the last major number in the range of permissible major numbers.
474  */
475 /*ARGSUSED*/
476 static int
477 modctl_modreserve(modid_t id, int *data)
478 {
479 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
480 		return (EFAULT);
481 	return (0);
482 }
483 
484 /* Add/Remove driver and binding aliases */
485 static int
486 modctl_update_driver_aliases(int add, int *data)
487 {
488 	struct modconfig	mc;
489 	int			i, n, rv = 0;
490 	struct aliases		alias;
491 	struct aliases		*ap;
492 	char			name[MAXMODCONFNAME];
493 	char			cname[MAXMODCONFNAME];
494 	char			*drvname;
495 	int			resid;
496 	struct alias_info {
497 		char	*alias_name;
498 		int	alias_resid;
499 	} *aliases, *aip;
500 
501 	bzero(&mc, sizeof (struct modconfig));
502 	if (get_udatamodel() == DATAMODEL_NATIVE) {
503 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
504 			return (EFAULT);
505 	}
506 #ifdef _SYSCALL32_IMPL
507 	else {
508 		struct modconfig32 modc32;
509 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
510 			return (EFAULT);
511 		else {
512 			bcopy(modc32.drvname, mc.drvname,
513 			    sizeof (modc32.drvname));
514 			bcopy(modc32.drvclass, mc.drvclass,
515 			    sizeof (modc32.drvclass));
516 			mc.major = modc32.major;
517 			mc.flags = modc32.flags;
518 			mc.num_aliases = modc32.num_aliases;
519 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
520 		}
521 	}
522 #endif
523 
524 	/*
525 	 * If the driver is already in the mb_hashtab, and the name given
526 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
527 	 * we may be adding aliases.
528 	 */
529 	drvname = mod_major_to_name(mc.major);
530 	if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
531 		return (EINVAL);
532 
533 	/*
534 	 * Precede alias removal by unbinding as many devices as possible.
535 	 */
536 	if (add == 0) {
537 		(void) i_ddi_unload_drvconf(mc.major);
538 		i_ddi_unbind_devs(mc.major);
539 	}
540 
541 	/*
542 	 * Add/remove each supplied driver alias to/from mb_hashtab
543 	 */
544 	ap = mc.ap;
545 	if (mc.num_aliases > 0)
546 		aliases = kmem_zalloc(
547 		    mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
548 	aip = aliases;
549 	for (i = 0; i < mc.num_aliases; i++) {
550 		bzero(&alias, sizeof (struct aliases));
551 		if (get_udatamodel() == DATAMODEL_NATIVE) {
552 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
553 				rv = EFAULT;
554 				goto error;
555 			}
556 			if (alias.a_len > MAXMODCONFNAME) {
557 				rv = EINVAL;
558 				goto error;
559 			}
560 			if (copyin(alias.a_name, name, alias.a_len) != 0) {
561 				rv = EFAULT;
562 				goto error;
563 			}
564 			if (name[alias.a_len - 1] != '\0') {
565 				rv = EINVAL;
566 				goto error;
567 			}
568 		}
569 #ifdef _SYSCALL32_IMPL
570 		else {
571 			struct aliases32 al32;
572 			bzero(&al32, sizeof (struct aliases32));
573 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
574 				rv = EFAULT;
575 				goto error;
576 			}
577 			if (al32.a_len > MAXMODCONFNAME) {
578 				rv = EINVAL;
579 				goto error;
580 			}
581 			if (copyin((void *)(uintptr_t)al32.a_name,
582 			    name, al32.a_len) != 0) {
583 				rv = EFAULT;
584 				goto error;
585 			}
586 			if (name[al32.a_len - 1] != '\0') {
587 				rv = EINVAL;
588 				goto error;
589 			}
590 			alias.a_next = (void *)(uintptr_t)al32.a_next;
591 		}
592 #endif
593 		check_esc_sequences(name, cname);
594 		aip->alias_name = strdup(cname);
595 		ap = alias.a_next;
596 		aip++;
597 	}
598 
599 	if (add == 0) {
600 		ap = mc.ap;
601 		resid = 0;
602 		aip = aliases;
603 		/* attempt to unbind all devices bound to each alias */
604 		for (i = 0; i < mc.num_aliases; i++) {
605 			n = i_ddi_unbind_devs_by_alias(
606 			    mc.major, aip->alias_name);
607 			resid += n;
608 			aip->alias_resid = n;
609 		}
610 
611 		/*
612 		 * If some device bound to an alias remains in use,
613 		 * and override wasn't specified, no change is made to
614 		 * the binding state and we fail the operation.
615 		 */
616 		if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
617 			rv = EBUSY;
618 			goto error;
619 		}
620 
621 		/*
622 		 * No device remains bound of any of the aliases,
623 		 * or force was requested.  Mark each alias as
624 		 * inactive via delete_mbind so no future binds
625 		 * to this alias take place and that a new
626 		 * binding can be established.
627 		 */
628 		aip = aliases;
629 		for (i = 0; i < mc.num_aliases; i++) {
630 			if (moddebug & MODDEBUG_BINDING)
631 				cmn_err(CE_CONT, "Removing binding for %s "
632 				    "(%d active references)\n",
633 				    aip->alias_name, aip->alias_resid);
634 			delete_mbind(aip->alias_name, mb_hashtab);
635 			aip++;
636 		}
637 		rv = 0;
638 	} else {
639 		aip = aliases;
640 		for (i = 0; i < mc.num_aliases; i++) {
641 			if (moddebug & MODDEBUG_BINDING)
642 				cmn_err(CE_NOTE, "Adding binding for '%s'\n",
643 				    aip->alias_name);
644 			(void) make_mbind(aip->alias_name,
645 			    mc.major, NULL, mb_hashtab);
646 			aip++;
647 		}
648 		/*
649 		 * Try to establish an mbinding for mc.drvname, and add it to
650 		 * devnames. Add class if any after establishing the major
651 		 * number.
652 		 */
653 		(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
654 		if ((rv = make_devname(mc.drvname, mc.major,
655 		    (mc.flags & MOD_ADDMAJBIND_UPDATE) ?
656 		    DN_DRIVER_INACTIVE : 0)) != 0) {
657 			goto error;
658 		}
659 
660 		if (mc.drvclass[0] != '\0')
661 			add_class(mc.drvname, mc.drvclass);
662 		if ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0) {
663 			(void) i_ddi_load_drvconf(mc.major);
664 		}
665 	}
666 
667 	/*
668 	 * Ensure that all nodes are bound to the most appropriate driver
669 	 * possible, attempting demotion and rebind when a more appropriate
670 	 * driver now exists.  But not when adding a driver update-only.
671 	 */
672 	if ((add == 0) || ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0)) {
673 		i_ddi_bind_devs();
674 		i_ddi_di_cache_invalidate();
675 	}
676 
677 error:
678 	if (mc.num_aliases > 0) {
679 		aip = aliases;
680 		for (i = 0; i < mc.num_aliases; i++) {
681 			if (aip->alias_name != NULL)
682 				strfree(aip->alias_name);
683 			aip++;
684 		}
685 		kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
686 	}
687 	return (rv);
688 }
689 
690 static int
691 modctl_add_driver_aliases(int *data)
692 {
693 	return (modctl_update_driver_aliases(1, data));
694 }
695 
696 static int
697 modctl_remove_driver_aliases(int *data)
698 {
699 	return (modctl_update_driver_aliases(0, data));
700 }
701 
702 static int
703 modctl_rem_major(major_t major)
704 {
705 	struct devnames *dnp;
706 
707 	if (major >= devcnt)
708 		return (EINVAL);
709 
710 	/* mark devnames as removed */
711 	dnp = &devnamesp[major];
712 	LOCK_DEV_OPS(&dnp->dn_lock);
713 	if (dnp->dn_name == NULL ||
714 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
715 		UNLOCK_DEV_OPS(&dnp->dn_lock);
716 		return (EINVAL);
717 	}
718 	dnp->dn_flags |= DN_DRIVER_REMOVED;
719 	pm_driver_removed(major);
720 	UNLOCK_DEV_OPS(&dnp->dn_lock);
721 
722 	(void) i_ddi_unload_drvconf(major);
723 	i_ddi_unbind_devs(major);
724 	i_ddi_bind_devs();
725 	i_ddi_di_cache_invalidate();
726 
727 	/* purge all the bindings to this driver */
728 	purge_mbind(major, mb_hashtab);
729 	return (0);
730 }
731 
732 static struct vfs *
733 path_to_vfs(char *name)
734 {
735 	vnode_t *vp;
736 	struct vfs *vfsp;
737 
738 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
739 		return (NULL);
740 
741 	vfsp = vp->v_vfsp;
742 	VN_RELE(vp);
743 	return (vfsp);
744 }
745 
746 static int
747 new_vfs_in_modpath()
748 {
749 	static int n_modpath = 0;
750 	static char *modpath_copy;
751 	static struct pathvfs {
752 		char *path;
753 		struct vfs *vfsp;
754 	} *pathvfs;
755 
756 	int i, new_vfs = 0;
757 	char *tmp, *tmp1;
758 	struct vfs *vfsp;
759 
760 	if (n_modpath != 0) {
761 		for (i = 0; i < n_modpath; i++) {
762 			vfsp = path_to_vfs(pathvfs[i].path);
763 			if (vfsp != pathvfs[i].vfsp) {
764 				pathvfs[i].vfsp = vfsp;
765 				if (vfsp)
766 					new_vfs = 1;
767 			}
768 		}
769 		return (new_vfs);
770 	}
771 
772 	/*
773 	 * First call, initialize the pathvfs structure
774 	 */
775 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
776 	tmp = modpath_copy;
777 	n_modpath = 1;
778 	tmp1 = strchr(tmp, ' ');
779 	while (tmp1) {
780 		*tmp1 = '\0';
781 		n_modpath++;
782 		tmp = tmp1 + 1;
783 		tmp1 = strchr(tmp, ' ');
784 	}
785 
786 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
787 	tmp = modpath_copy;
788 	for (i = 0; i < n_modpath; i++) {
789 		pathvfs[i].path = tmp;
790 		vfsp = path_to_vfs(tmp);
791 		pathvfs[i].vfsp = vfsp;
792 		tmp += strlen(tmp) + 1;
793 	}
794 	return (1);	/* always reread driver.conf the first time */
795 }
796 
797 static int
798 modctl_load_drvconf(major_t major, int flags)
799 {
800 	int ret;
801 
802 	/*
803 	 * devfsadm -u - read all new driver.conf files
804 	 * and bind and configure devices for new drivers.
805 	 */
806 	if (flags & MOD_LOADDRVCONF_RECONF) {
807 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
808 		i_ddi_bind_devs();
809 		i_ddi_di_cache_invalidate();
810 		return (0);
811 	}
812 
813 	/*
814 	 * update_drv <drv> - reload driver.conf for the specified driver
815 	 */
816 	if (major != DDI_MAJOR_T_NONE) {
817 		ret = i_ddi_load_drvconf(major);
818 		if (ret == 0)
819 			i_ddi_bind_devs();
820 		return (ret);
821 	}
822 
823 	/*
824 	 * We are invoked to rescan new driver.conf files. It is
825 	 * only necessary if a new file system was mounted in the
826 	 * module_path. Because rescanning driver.conf files can
827 	 * take some time on older platforms (sun4m), the following
828 	 * code skips unnecessary driver.conf rescans to optimize
829 	 * boot performance.
830 	 */
831 	if (new_vfs_in_modpath()) {
832 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
833 		/*
834 		 * If we are still initializing io subsystem,
835 		 * load drivers with ddi-forceattach property
836 		 */
837 		if (!i_ddi_io_initialized())
838 			i_ddi_forceattach_drivers();
839 	}
840 	return (0);
841 }
842 
843 /*
844  * Unload driver.conf file and follow up by attempting
845  * to rebind devices to more appropriate driver.
846  */
847 static int
848 modctl_unload_drvconf(major_t major)
849 {
850 	int ret;
851 
852 	if (major >= devcnt)
853 		return (EINVAL);
854 
855 	ret = i_ddi_unload_drvconf(major);
856 	if (ret != 0)
857 		return (ret);
858 	(void) i_ddi_unbind_devs(major);
859 	i_ddi_bind_devs();
860 
861 	return (0);
862 }
863 
864 static void
865 check_esc_sequences(char *str, char *cstr)
866 {
867 	int i;
868 	size_t len;
869 	char *p;
870 
871 	len = strlen(str);
872 	for (i = 0; i < len; i++, str++, cstr++) {
873 		if (*str != '\\') {
874 			*cstr = *str;
875 		} else {
876 			p = str + 1;
877 			/*
878 			 * we only handle octal escape sequences for SPACE
879 			 */
880 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
881 				*cstr = ' ';
882 				str += 3;
883 			} else {
884 				*cstr = *str;
885 			}
886 		}
887 	}
888 	*cstr = 0;
889 }
890 
891 static int
892 modctl_getmodpathlen(int *data)
893 {
894 	int len;
895 	len = strlen(default_path);
896 	if (copyout(&len, data, sizeof (len)) != 0)
897 		return (EFAULT);
898 	return (0);
899 }
900 
901 static int
902 modctl_getmodpath(char *data)
903 {
904 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
905 		return (EFAULT);
906 	return (0);
907 }
908 
909 static int
910 modctl_read_sysbinding_file(void)
911 {
912 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
913 	return (0);
914 }
915 
916 static int
917 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
918 {
919 	char name[256];
920 	int retval;
921 	major_t major;
922 
923 	if (ulen == 0)
924 		return (EINVAL);
925 	if ((retval = copyinstr(uname, name,
926 	    (ulen < 256) ? ulen : 256, 0)) != 0)
927 		return (retval);
928 	if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
929 		return (ENODEV);
930 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
931 		return (EFAULT);
932 	return (0);
933 }
934 
935 static char **
936 convert_constraint_string(char *constraints, size_t len)
937 {
938 	int	i;
939 	int	n;
940 	char	*p;
941 	char	**array;
942 
943 	ASSERT(constraints != NULL);
944 	ASSERT(len > 0);
945 
946 	for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
947 		;
948 
949 	n = i;
950 
951 	if (n == 0) {
952 		kmem_free(constraints, len);
953 		return (NULL);
954 	}
955 
956 	array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
957 
958 	for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
959 		array[i] = i_ddi_strdup(p, KM_SLEEP);
960 	}
961 	array[n] = NULL;
962 
963 	kmem_free(constraints, len);
964 
965 	return (array);
966 }
967 /*ARGSUSED*/
968 static int
969 modctl_retire(char *path, char *uconstraints, size_t ulen)
970 {
971 	char	*pathbuf;
972 	char	*devpath;
973 	size_t	pathsz;
974 	int	retval;
975 	char	*constraints;
976 	char	**cons_array;
977 
978 	if (path == NULL)
979 		return (EINVAL);
980 
981 	if ((uconstraints == NULL) ^ (ulen == 0))
982 		return (EINVAL);
983 
984 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
985 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
986 	if (retval != 0) {
987 		kmem_free(pathbuf, MAXPATHLEN);
988 		return (retval);
989 	}
990 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
991 	kmem_free(pathbuf, MAXPATHLEN);
992 
993 	/*
994 	 * First check if the device is already retired.
995 	 * If it is, this becomes a NOP
996 	 */
997 	if (e_ddi_device_retired(devpath)) {
998 		cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
999 		kmem_free(devpath, strlen(devpath) + 1);
1000 		return (0);
1001 	}
1002 
1003 	cons_array = NULL;
1004 	if (uconstraints) {
1005 		constraints = kmem_alloc(ulen, KM_SLEEP);
1006 		if (copyin(uconstraints, constraints, ulen)) {
1007 			kmem_free(constraints, ulen);
1008 			kmem_free(devpath, strlen(devpath) + 1);
1009 			return (EFAULT);
1010 		}
1011 		cons_array = convert_constraint_string(constraints, ulen);
1012 	}
1013 
1014 	/*
1015 	 * Try to retire the device first. The following
1016 	 * routine will return an error only if the device
1017 	 * is not retireable i.e. retire constraints forbid
1018 	 * a retire. A return of success from this routine
1019 	 * indicates that device is retireable.
1020 	 */
1021 	retval = e_ddi_retire_device(devpath, cons_array);
1022 	if (retval != DDI_SUCCESS) {
1023 		cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
1024 		kmem_free(devpath, strlen(devpath) + 1);
1025 		return (ENOTSUP);
1026 	}
1027 
1028 	/*
1029 	 * Ok, the retire succeeded. Persist the retire.
1030 	 * If retiring a nexus, we need to only persist the
1031 	 * nexus retire. Any children of a retired nexus
1032 	 * are automatically covered by the retire store
1033 	 * code.
1034 	 */
1035 	retval = e_ddi_retire_persist(devpath);
1036 	if (retval != 0) {
1037 		cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1038 		    "%s", retval, devpath);
1039 		kmem_free(devpath, strlen(devpath) + 1);
1040 		return (retval);
1041 	}
1042 	if (moddebug & MODDEBUG_RETIRE)
1043 		cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1044 
1045 	kmem_free(devpath, strlen(devpath) + 1);
1046 	return (0);
1047 }
1048 
1049 static int
1050 modctl_is_retired(char *path, int *statep)
1051 {
1052 	char	*pathbuf;
1053 	char	*devpath;
1054 	size_t	pathsz;
1055 	int	error;
1056 	int	status;
1057 
1058 	if (path == NULL || statep == NULL)
1059 		return (EINVAL);
1060 
1061 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1062 	error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1063 	if (error != 0) {
1064 		kmem_free(pathbuf, MAXPATHLEN);
1065 		return (error);
1066 	}
1067 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1068 	kmem_free(pathbuf, MAXPATHLEN);
1069 
1070 	if (e_ddi_device_retired(devpath))
1071 		status = 1;
1072 	else
1073 		status = 0;
1074 	kmem_free(devpath, strlen(devpath) + 1);
1075 
1076 	return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1077 }
1078 
1079 static int
1080 modctl_unretire(char *path)
1081 {
1082 	char	*pathbuf;
1083 	char	*devpath;
1084 	size_t	pathsz;
1085 	int	retired;
1086 	int	retval;
1087 
1088 	if (path == NULL)
1089 		return (EINVAL);
1090 
1091 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1092 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1093 	if (retval != 0) {
1094 		kmem_free(pathbuf, MAXPATHLEN);
1095 		return (retval);
1096 	}
1097 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1098 	kmem_free(pathbuf, MAXPATHLEN);
1099 
1100 	/*
1101 	 * We check if a device is retired (first) before
1102 	 * unpersisting the retire, because we use the
1103 	 * retire store to determine if a device is retired.
1104 	 * If we unpersist first, the device will always appear
1105 	 * to be unretired. For the rationale behind unpersisting
1106 	 * a device that is not retired, see the next comment.
1107 	 */
1108 	retired = e_ddi_device_retired(devpath);
1109 
1110 	/*
1111 	 * We call unpersist unconditionally because the lookup
1112 	 * for retired devices (e_ddi_device_retired()), skips "bypassed"
1113 	 * devices. We still want to be able remove "bypassed" entries
1114 	 * from the persistent store, so we unpersist unconditionally
1115 	 * i.e. whether or not the entry is found on a lookup.
1116 	 *
1117 	 * e_ddi_retire_unpersist() returns 1 if it found and cleared
1118 	 * an entry from the retire store or 0 otherwise.
1119 	 */
1120 	if (e_ddi_retire_unpersist(devpath))
1121 		if (moddebug & MODDEBUG_RETIRE) {
1122 			cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1123 			    devpath);
1124 		}
1125 
1126 	/*
1127 	 * Check if the device is already unretired. If so,
1128 	 * the unretire becomes a NOP
1129 	 */
1130 	if (!retired) {
1131 		cmn_err(CE_NOTE, "Not retired: %s", devpath);
1132 		kmem_free(devpath, strlen(devpath) + 1);
1133 		return (0);
1134 	}
1135 
1136 	retval = e_ddi_unretire_device(devpath);
1137 	if (retval != 0) {
1138 		cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1139 		    retval, devpath);
1140 	}
1141 
1142 	kmem_free(devpath, strlen(devpath) + 1);
1143 
1144 	return (retval);
1145 }
1146 
1147 static int
1148 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1149 {
1150 	char *name;
1151 	major_t major;
1152 
1153 	if (copyin(umajorp, &major, sizeof (major)) != 0)
1154 		return (EFAULT);
1155 	if ((name = mod_major_to_name(major)) == NULL)
1156 		return (ENODEV);
1157 	if ((strlen(name) + 1) > ulen)
1158 		return (ENOSPC);
1159 	return (copyoutstr(name, uname, ulen, NULL));
1160 }
1161 
1162 static int
1163 modctl_devt2instance(dev_t dev, int *uinstancep)
1164 {
1165 	int	instance;
1166 
1167 	if ((instance = dev_to_instance(dev)) == -1)
1168 		return (EINVAL);
1169 
1170 	return (copyout(&instance, uinstancep, sizeof (int)));
1171 }
1172 
1173 /*
1174  * Return the sizeof of the device id.
1175  */
1176 static int
1177 modctl_sizeof_devid(dev_t dev, uint_t *len)
1178 {
1179 	uint_t		sz;
1180 	ddi_devid_t	devid;
1181 
1182 	/* get device id */
1183 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1184 		return (EINVAL);
1185 
1186 	sz = ddi_devid_sizeof(devid);
1187 	ddi_devid_free(devid);
1188 
1189 	/* copyout device id size */
1190 	if (copyout(&sz, len, sizeof (sz)) != 0)
1191 		return (EFAULT);
1192 
1193 	return (0);
1194 }
1195 
1196 /*
1197  * Return a copy of the device id.
1198  */
1199 static int
1200 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1201 {
1202 	uint_t		sz;
1203 	ddi_devid_t	devid;
1204 	int		err = 0;
1205 
1206 	/* get device id */
1207 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1208 		return (EINVAL);
1209 
1210 	sz = ddi_devid_sizeof(devid);
1211 
1212 	/* Error if device id is larger than space allocated */
1213 	if (sz > len) {
1214 		ddi_devid_free(devid);
1215 		return (ENOSPC);
1216 	}
1217 
1218 	/* copy out device id */
1219 	if (copyout(devid, udevid, sz) != 0)
1220 		err = EFAULT;
1221 	ddi_devid_free(devid);
1222 	return (err);
1223 }
1224 
1225 /*
1226  * return the /devices paths associated with the specified devid and
1227  * minor name.
1228  */
1229 /*ARGSUSED*/
1230 static int
1231 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1232 	size_t *ulensp, char *upaths)
1233 {
1234 	ddi_devid_t	devid = NULL;
1235 	int		devid_len;
1236 	char		*minor_name = NULL;
1237 	dev_info_t	*dip = NULL;
1238 	int		circ;
1239 	struct ddi_minor_data	*dmdp;
1240 	char		*path = NULL;
1241 	int		ulens;
1242 	int		lens;
1243 	int		len;
1244 	dev_t		*devlist = NULL;
1245 	int		ndevs;
1246 	int		i;
1247 	int		ret = 0;
1248 
1249 	/*
1250 	 * If upaths is NULL then we are only computing the amount of space
1251 	 * needed to hold the paths and returning the value in *ulensp. If we
1252 	 * are copying out paths then we get the amount of space allocated by
1253 	 * the caller. If the actual space needed for paths is larger, or
1254 	 * things are changing out from under us, then we return EAGAIN.
1255 	 */
1256 	if (upaths) {
1257 		if (ulensp == NULL)
1258 			return (EINVAL);
1259 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1260 			return (EFAULT);
1261 	}
1262 
1263 	/*
1264 	 * copyin enough of the devid to determine the length then
1265 	 * reallocate and copy in the entire devid.
1266 	 */
1267 	devid_len = ddi_devid_sizeof(NULL);
1268 	devid = kmem_alloc(devid_len, KM_SLEEP);
1269 	if (copyin(udevid, devid, devid_len)) {
1270 		ret = EFAULT;
1271 		goto out;
1272 	}
1273 	len = devid_len;
1274 	devid_len = ddi_devid_sizeof(devid);
1275 	kmem_free(devid, len);
1276 	devid = kmem_alloc(devid_len, KM_SLEEP);
1277 	if (copyin(udevid, devid, devid_len)) {
1278 		ret = EFAULT;
1279 		goto out;
1280 	}
1281 
1282 	/* copyin the minor name if specified. */
1283 	minor_name = uminor_name;
1284 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1285 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1286 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1287 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1288 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1289 			ret = EFAULT;
1290 			goto out;
1291 		}
1292 	}
1293 
1294 	/*
1295 	 * Use existing function to resolve the devid into a devlist.
1296 	 *
1297 	 * NOTE: there is a loss of spectype information in the current
1298 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
1299 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1300 	 * node forms in the loop processing the devlist below. It would be
1301 	 * best if at some point the use of this interface here was replaced
1302 	 * with a path oriented call.
1303 	 */
1304 	if (ddi_lyr_devid_to_devlist(devid,
1305 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
1306 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
1307 	    &ndevs, &devlist) != DDI_SUCCESS) {
1308 		ret = EINVAL;
1309 		goto out;
1310 	}
1311 
1312 	/*
1313 	 * loop over the devlist, converting each devt to a path and doing
1314 	 * a copyout of the path and computation of the amount of space
1315 	 * needed to hold all the paths
1316 	 */
1317 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1318 	for (i = 0, lens = 0; i < ndevs; i++) {
1319 
1320 		/* find the dip associated with the dev_t */
1321 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1322 			continue;
1323 
1324 		/* loop over all the minor nodes, skipping ones we don't want */
1325 		ndi_devi_enter(dip, &circ);
1326 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1327 			if ((dmdp->ddm_dev != devlist[i]) ||
1328 			    (dmdp->type != DDM_MINOR))
1329 				continue;
1330 
1331 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1332 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1333 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1334 			    strcmp(minor_name, dmdp->ddm_name))
1335 				continue;
1336 			else {
1337 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1338 				    (dmdp->ddm_spec_type != S_IFCHR))
1339 					continue;
1340 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1341 				    (dmdp->ddm_spec_type != S_IFBLK))
1342 					continue;
1343 			}
1344 
1345 			(void) ddi_pathname_minor(dmdp, path);
1346 			len = strlen(path) + 1;
1347 			*(path + len) = '\0';	/* set double termination */
1348 			lens += len;
1349 
1350 			/* copyout the path with double terminations */
1351 			if (upaths) {
1352 				if (lens > ulens) {
1353 					ret = EAGAIN;
1354 					goto out;
1355 				}
1356 				if (copyout(path, upaths, len + 1)) {
1357 					ret = EFAULT;
1358 					goto out;
1359 				}
1360 				upaths += len;
1361 			}
1362 		}
1363 		ndi_devi_exit(dip, circ);
1364 		ddi_release_devi(dip);
1365 		dip = NULL;
1366 	}
1367 	lens++;		/* add one for double termination */
1368 
1369 	/* copy out the amount of space needed to hold the paths */
1370 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1371 		ret = EFAULT;
1372 		goto out;
1373 	}
1374 	ret = 0;
1375 
1376 out:	if (dip) {
1377 		ndi_devi_exit(dip, circ);
1378 		ddi_release_devi(dip);
1379 	}
1380 	if (path)
1381 		kmem_free(path, MAXPATHLEN);
1382 	if (devlist)
1383 		ddi_lyr_free_devlist(devlist, ndevs);
1384 	if (minor_name &&
1385 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1386 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1387 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1388 		kmem_free(minor_name, MAXPATHLEN);
1389 	if (devid)
1390 		kmem_free(devid, devid_len);
1391 	return (ret);
1392 }
1393 
1394 /*
1395  * Return the size of the minor name.
1396  */
1397 static int
1398 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1399 {
1400 	uint_t	sz;
1401 	char	*name;
1402 
1403 	/* get the minor name */
1404 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1405 		return (EINVAL);
1406 
1407 	sz = strlen(name) + 1;
1408 	kmem_free(name, sz);
1409 
1410 	/* copy out the size of the minor name */
1411 	if (copyout(&sz, len, sizeof (sz)) != 0)
1412 		return (EFAULT);
1413 
1414 	return (0);
1415 }
1416 
1417 /*
1418  * Return the minor name.
1419  */
1420 static int
1421 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1422 {
1423 	uint_t	sz;
1424 	char	*name;
1425 	int	err = 0;
1426 
1427 	/* get the minor name */
1428 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1429 		return (EINVAL);
1430 
1431 	sz = strlen(name) + 1;
1432 
1433 	/* Error if the minor name is larger than the space allocated */
1434 	if (sz > len) {
1435 		kmem_free(name, sz);
1436 		return (ENOSPC);
1437 	}
1438 
1439 	/* copy out the minor name */
1440 	if (copyout(name, uname, sz) != 0)
1441 		err = EFAULT;
1442 	kmem_free(name, sz);
1443 	return (err);
1444 }
1445 
1446 /*
1447  * Return the size of the (dev_t,spectype) devfspath name.
1448  */
1449 static int
1450 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1451 {
1452 	uint_t	sz;
1453 	char	*name;
1454 
1455 	/* get the path name */
1456 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1457 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1458 		kmem_free(name, MAXPATHLEN);
1459 		return (EINVAL);
1460 	}
1461 
1462 	sz = strlen(name) + 1;
1463 	kmem_free(name, MAXPATHLEN);
1464 
1465 	/* copy out the size of the path name */
1466 	if (copyout(&sz, len, sizeof (sz)) != 0)
1467 		return (EFAULT);
1468 
1469 	return (0);
1470 }
1471 
1472 /*
1473  * Return the (dev_t,spectype) devfspath name.
1474  */
1475 static int
1476 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1477 {
1478 	uint_t	sz;
1479 	char	*name;
1480 	int	err = 0;
1481 
1482 	/* get the path name */
1483 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1484 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1485 		kmem_free(name, MAXPATHLEN);
1486 		return (EINVAL);
1487 	}
1488 
1489 	sz = strlen(name) + 1;
1490 
1491 	/* Error if the path name is larger than the space allocated */
1492 	if (sz > len) {
1493 		kmem_free(name, MAXPATHLEN);
1494 		return (ENOSPC);
1495 	}
1496 
1497 	/* copy out the path name */
1498 	if (copyout(name, uname, sz) != 0)
1499 		err = EFAULT;
1500 	kmem_free(name, MAXPATHLEN);
1501 	return (err);
1502 }
1503 
1504 /*
1505  * Return the size of the (major,instance) devfspath name.
1506  */
1507 static int
1508 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1509 {
1510 	uint_t	sz;
1511 	char	*name;
1512 
1513 	/* get the path name */
1514 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1515 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1516 		kmem_free(name, MAXPATHLEN);
1517 		return (EINVAL);
1518 	}
1519 
1520 	sz = strlen(name) + 1;
1521 	kmem_free(name, MAXPATHLEN);
1522 
1523 	/* copy out the size of the path name */
1524 	if (copyout(&sz, len, sizeof (sz)) != 0)
1525 		return (EFAULT);
1526 
1527 	return (0);
1528 }
1529 
1530 /*
1531  * Return the (major_instance) devfspath name.
1532  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1533  * return a path - it uses the instance tree.
1534  */
1535 static int
1536 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1537 {
1538 	uint_t	sz;
1539 	char	*name;
1540 	int	err = 0;
1541 
1542 	/* get the path name */
1543 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1544 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1545 		kmem_free(name, MAXPATHLEN);
1546 		return (EINVAL);
1547 	}
1548 
1549 	sz = strlen(name) + 1;
1550 
1551 	/* Error if the path name is larger than the space allocated */
1552 	if (sz > len) {
1553 		kmem_free(name, MAXPATHLEN);
1554 		return (ENOSPC);
1555 	}
1556 
1557 	/* copy out the path name */
1558 	if (copyout(name, uname, sz) != 0)
1559 		err = EFAULT;
1560 	kmem_free(name, MAXPATHLEN);
1561 	return (err);
1562 }
1563 
1564 static int
1565 modctl_get_fbname(char *path)
1566 {
1567 	extern dev_t fbdev;
1568 	char *pathname = NULL;
1569 	int rval = 0;
1570 
1571 	/* make sure fbdev is set before we plunge in */
1572 	if (fbdev == NODEV)
1573 		return (ENODEV);
1574 
1575 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1576 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1577 	    pathname)) == DDI_SUCCESS) {
1578 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1579 			rval = EFAULT;
1580 		}
1581 	}
1582 	kmem_free(pathname, MAXPATHLEN);
1583 	return (rval);
1584 }
1585 
1586 /*
1587  * modctl_reread_dacf()
1588  *	Reread the dacf rules database from the named binding file.
1589  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1590  */
1591 static int
1592 modctl_reread_dacf(char *path)
1593 {
1594 	int rval = 0;
1595 	char *filename, *filenamep;
1596 
1597 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1598 
1599 	if (path == NULL) {
1600 		filenamep = NULL;
1601 	} else {
1602 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1603 			rval = EFAULT;
1604 			goto out;
1605 		}
1606 		filenamep = filename;
1607 		filenamep[MAXPATHLEN - 1] = '\0';
1608 	}
1609 
1610 	rval = read_dacf_binding_file(filenamep);
1611 out:
1612 	kmem_free(filename, MAXPATHLEN);
1613 	return (rval);
1614 }
1615 
1616 /*ARGSUSED*/
1617 static int
1618 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1619     uint_t flag)
1620 {
1621 	int error = 0;
1622 	char *filenamep;
1623 
1624 	switch (subcmd) {
1625 
1626 	case MODEVENTS_FLUSH:
1627 		/* flush all currently queued events */
1628 		log_sysevent_flushq(subcmd, flag);
1629 		break;
1630 
1631 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1632 		/*
1633 		 * bind door_upcall to filename
1634 		 * this should only be done once per invocation
1635 		 * of the event daemon.
1636 		 */
1637 
1638 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1639 
1640 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1641 			error = EFAULT;
1642 		} else {
1643 			error = log_sysevent_filename(filenamep);
1644 		}
1645 		kmem_free(filenamep, MOD_MAXPATH);
1646 		break;
1647 
1648 	case MODEVENTS_GETDATA:
1649 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1650 		    (size_t)a3, (caddr_t)a4);
1651 		break;
1652 
1653 	case MODEVENTS_FREEDATA:
1654 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1655 		break;
1656 	case MODEVENTS_POST_EVENT:
1657 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1658 		    (sysevent_id_t *)a4);
1659 		break;
1660 	case MODEVENTS_REGISTER_EVENT:
1661 		error = log_sysevent_register((char *)a2, (char *)a3,
1662 		    (se_pubsub_t *)a4);
1663 		break;
1664 	default:
1665 		error = EINVAL;
1666 	}
1667 
1668 	return (error);
1669 }
1670 
1671 static void
1672 free_mperm(mperm_t *mp)
1673 {
1674 	int len;
1675 
1676 	if (mp->mp_minorname) {
1677 		len = strlen(mp->mp_minorname) + 1;
1678 		kmem_free(mp->mp_minorname, len);
1679 	}
1680 	kmem_free(mp, sizeof (mperm_t));
1681 }
1682 
1683 #define	MP_NO_DRV_ERR	\
1684 	"/etc/minor_perm: no driver for %s\n"
1685 
1686 #define	MP_EMPTY_MINOR	\
1687 	"/etc/minor_perm: empty minor name for driver %s\n"
1688 
1689 #define	MP_NO_MINOR	\
1690 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1691 
1692 /*
1693  * Remove mperm entry with matching minorname
1694  */
1695 static void
1696 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1697 {
1698 	mperm_t **mp_head;
1699 	mperm_t *freemp = NULL;
1700 	struct devnames *dnp = &devnamesp[major];
1701 	mperm_t **wildmp;
1702 
1703 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1704 
1705 	LOCK_DEV_OPS(&dnp->dn_lock);
1706 	if (strcmp(mp->mp_minorname, "*") == 0) {
1707 		wildmp = ((is_clone == 0) ?
1708 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1709 		if (*wildmp)
1710 			freemp = *wildmp;
1711 		*wildmp = NULL;
1712 	} else {
1713 		mp_head = &dnp->dn_mperm;
1714 		while (*mp_head) {
1715 			if (strcmp((*mp_head)->mp_minorname,
1716 			    mp->mp_minorname) != 0) {
1717 				mp_head = &(*mp_head)->mp_next;
1718 				continue;
1719 			}
1720 			/* remove the entry */
1721 			freemp = *mp_head;
1722 			*mp_head = freemp->mp_next;
1723 			break;
1724 		}
1725 	}
1726 	if (freemp) {
1727 		if (moddebug & MODDEBUG_MINORPERM) {
1728 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1729 			    drvname, freemp->mp_minorname,
1730 			    freemp->mp_mode & 0777,
1731 			    freemp->mp_uid, freemp->mp_gid);
1732 		}
1733 		free_mperm(freemp);
1734 	} else {
1735 		if (moddebug & MODDEBUG_MINORPERM) {
1736 			cmn_err(CE_CONT, MP_NO_MINOR,
1737 			    drvname, mp->mp_minorname);
1738 		}
1739 	}
1740 
1741 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1742 }
1743 
1744 /*
1745  * Add minor perm entry
1746  */
1747 static void
1748 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1749 {
1750 	mperm_t **mp_head;
1751 	mperm_t *freemp = NULL;
1752 	struct devnames *dnp = &devnamesp[major];
1753 	mperm_t **wildmp;
1754 
1755 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1756 
1757 	/*
1758 	 * Note that update_drv replace semantics require
1759 	 * replacing matching entries with the new permissions.
1760 	 */
1761 	LOCK_DEV_OPS(&dnp->dn_lock);
1762 	if (strcmp(mp->mp_minorname, "*") == 0) {
1763 		wildmp = ((is_clone == 0) ?
1764 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1765 		if (*wildmp)
1766 			freemp = *wildmp;
1767 		*wildmp = mp;
1768 	} else {
1769 		mperm_t *p, *v = NULL;
1770 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1771 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1772 				if (v == NULL)
1773 					dnp->dn_mperm = mp;
1774 				else
1775 					v->mp_next = mp;
1776 				mp->mp_next = p->mp_next;
1777 				freemp = p;
1778 				goto replaced;
1779 			}
1780 		}
1781 		if (p == NULL) {
1782 			mp_head = &dnp->dn_mperm;
1783 			if (*mp_head == NULL) {
1784 				*mp_head = mp;
1785 			} else {
1786 				mp->mp_next = *mp_head;
1787 				*mp_head = mp;
1788 			}
1789 		}
1790 	}
1791 replaced:
1792 	if (freemp) {
1793 		if (moddebug & MODDEBUG_MINORPERM) {
1794 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1795 			    drvname, freemp->mp_minorname,
1796 			    freemp->mp_mode & 0777,
1797 			    freemp->mp_uid, freemp->mp_gid);
1798 		}
1799 		free_mperm(freemp);
1800 	}
1801 	if (moddebug & MODDEBUG_MINORPERM) {
1802 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1803 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1804 		    mp->mp_uid, mp->mp_gid);
1805 	}
1806 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1807 }
1808 
1809 
1810 static int
1811 process_minorperm(int cmd, nvlist_t *nvl)
1812 {
1813 	char *minor;
1814 	major_t major;
1815 	mperm_t *mp;
1816 	nvpair_t *nvp;
1817 	char *name;
1818 	int is_clone;
1819 	major_t minmaj;
1820 
1821 	ASSERT(cmd == MODLOADMINORPERM ||
1822 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1823 
1824 	nvp = NULL;
1825 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1826 		name = nvpair_name(nvp);
1827 
1828 		is_clone = 0;
1829 		(void) nvpair_value_string(nvp, &minor);
1830 		major = ddi_name_to_major(name);
1831 		if (major != DDI_MAJOR_T_NONE) {
1832 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1833 			if (minor == NULL || strlen(minor) == 0) {
1834 				if (moddebug & MODDEBUG_MINORPERM) {
1835 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1836 				}
1837 				minor = "*";
1838 			}
1839 
1840 			/*
1841 			 * The minor name of a node using the clone
1842 			 * driver must be the driver name.  To avoid
1843 			 * multiple searches, we map entries in the form
1844 			 * clone:<driver> to <driver>:*.  This also allows us
1845 			 * to filter out some of the litter in /etc/minor_perm.
1846 			 * Minor perm alias entries where the name is not
1847 			 * the driver kept on the clone list itself.
1848 			 * This all seems very fragile as a driver could
1849 			 * be introduced with an existing alias name.
1850 			 */
1851 			if (strcmp(name, "clone") == 0) {
1852 				minmaj = ddi_name_to_major(minor);
1853 				if (minmaj != DDI_MAJOR_T_NONE) {
1854 					if (moddebug & MODDEBUG_MINORPERM) {
1855 						cmn_err(CE_CONT,
1856 						    "mapping %s:%s to %s:*\n",
1857 						    name, minor, minor);
1858 					}
1859 					major = minmaj;
1860 					name = minor;
1861 					minor = "*";
1862 					is_clone = 1;
1863 				}
1864 			}
1865 
1866 			if (mp) {
1867 				mp->mp_minorname =
1868 				    i_ddi_strdup(minor, KM_SLEEP);
1869 			}
1870 		} else {
1871 			mp = NULL;
1872 			if (moddebug & MODDEBUG_MINORPERM) {
1873 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1874 			}
1875 		}
1876 
1877 		/* mode */
1878 		nvp = nvlist_next_nvpair(nvl, nvp);
1879 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1880 		if (mp)
1881 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1882 		/* uid */
1883 		nvp = nvlist_next_nvpair(nvl, nvp);
1884 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1885 		if (mp)
1886 			(void) nvpair_value_uint32(nvp, &mp->mp_uid);
1887 		/* gid */
1888 		nvp = nvlist_next_nvpair(nvl, nvp);
1889 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1890 		if (mp) {
1891 			(void) nvpair_value_uint32(nvp, &mp->mp_gid);
1892 
1893 			if (cmd == MODREMMINORPERM) {
1894 				rem_minorperm(major, name, mp, is_clone);
1895 				free_mperm(mp);
1896 			} else {
1897 				add_minorperm(major, name, mp, is_clone);
1898 			}
1899 		}
1900 	}
1901 
1902 	if (cmd == MODLOADMINORPERM)
1903 		minorperm_loaded = 1;
1904 
1905 	/*
1906 	 * Reset permissions of cached dv_nodes
1907 	 */
1908 	(void) devfs_reset_perm(DV_RESET_PERM);
1909 
1910 	return (0);
1911 }
1912 
1913 static int
1914 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1915 {
1916 	int error;
1917 	nvlist_t *nvl;
1918 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1919 
1920 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1921 		kmem_free(buf, buflen);
1922 		return (error);
1923 	}
1924 
1925 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1926 	kmem_free(buf, buflen);
1927 	if (error)
1928 		return (error);
1929 
1930 	error = process_minorperm(cmd, nvl);
1931 	nvlist_free(nvl);
1932 	return (error);
1933 }
1934 
1935 struct walk_args {
1936 	char		*wa_drvname;
1937 	list_t		wa_pathlist;
1938 };
1939 
1940 struct path_elem {
1941 	char		*pe_dir;
1942 	char		*pe_nodename;
1943 	list_node_t	pe_node;
1944 	int		pe_dirlen;
1945 };
1946 
1947 /*ARGSUSED*/
1948 static int
1949 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1950 {
1951 	struct walk_args *wargs = (struct walk_args *)arg;
1952 	struct path_elem *pe;
1953 	char *nodename;
1954 
1955 	/*
1956 	 * Search may be restricted to a single driver in the case of rem_drv
1957 	 */
1958 	if (wargs->wa_drvname &&
1959 	    strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1960 		return (INST_WALK_CONTINUE);
1961 
1962 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1963 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1964 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1965 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1966 	nodename = strrchr(pe->pe_dir, '/');
1967 	*nodename++ = 0;
1968 	pe->pe_nodename = nodename;
1969 	list_insert_tail(&wargs->wa_pathlist, pe);
1970 
1971 	return (INST_WALK_CONTINUE);
1972 }
1973 
1974 /*
1975  * /devices attribute nodes clean-up optionally performed
1976  * when removing a driver (rem_drv -C).
1977  *
1978  * Removing attribute nodes allows a machine to be reprovisioned
1979  * without the side-effect of inadvertently picking up stale
1980  * device node ownership or permissions.
1981  *
1982  * Preserving attributes (not performing cleanup) allows devices
1983  * attribute changes to be preserved across upgrades, as
1984  * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1985  */
1986 static int
1987 modctl_remdrv_cleanup(const char *u_drvname)
1988 {
1989 	struct walk_args *wargs;
1990 	struct path_elem *pe;
1991 	char *drvname;
1992 	int err, rval = 0;
1993 
1994 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
1995 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
1996 		kmem_free(drvname, MAXMODCONFNAME);
1997 		return (err);
1998 	}
1999 
2000 	/*
2001 	 * First go through the instance database.  For each
2002 	 * instance of a device bound to the driver being
2003 	 * removed, remove any underlying devfs attribute nodes.
2004 	 *
2005 	 * This is a two-step process.	First we go through
2006 	 * the instance data itself, constructing a list of
2007 	 * the nodes discovered.  The second step is then
2008 	 * to find and remove any devfs attribute nodes
2009 	 * for the instances discovered in the first step.
2010 	 * The two-step process avoids any difficulties
2011 	 * which could arise by holding the instance data
2012 	 * lock with simultaneous devfs operations.
2013 	 */
2014 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2015 
2016 	wargs->wa_drvname = drvname;
2017 	list_create(&wargs->wa_pathlist,
2018 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2019 
2020 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2021 
2022 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2023 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2024 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2025 		    (const char *)pe->pe_nodename);
2026 		if (rval == 0)
2027 			rval = err;
2028 	}
2029 
2030 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2031 		list_remove(&wargs->wa_pathlist, pe);
2032 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2033 		kmem_free(pe, sizeof (*pe));
2034 	}
2035 	kmem_free(wargs, sizeof (*wargs));
2036 
2037 	/*
2038 	 * Pseudo nodes aren't recorded in the instance database
2039 	 * so any such nodes need to be handled separately.
2040 	 */
2041 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2042 	if (rval == 0)
2043 		rval = err;
2044 
2045 	kmem_free(drvname, MAXMODCONFNAME);
2046 	return (rval);
2047 }
2048 
2049 /*
2050  * Perform a cleanup of non-existent /devices attribute nodes,
2051  * similar to rem_drv -C, but for all drivers/devices.
2052  * This is also optional, performed as part of devfsadm -C.
2053  */
2054 void
2055 dev_devices_cleanup()
2056 {
2057 	struct walk_args *wargs;
2058 	struct path_elem *pe;
2059 	dev_info_t *devi;
2060 	char *path;
2061 	int err;
2062 
2063 	/*
2064 	 * It's expected that all drivers have been loaded and
2065 	 * module unloading disabled while performing cleanup.
2066 	 */
2067 	ASSERT(modunload_disable_count > 0);
2068 
2069 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2070 	wargs->wa_drvname = NULL;
2071 	list_create(&wargs->wa_pathlist,
2072 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2073 
2074 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2075 
2076 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2077 
2078 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2079 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2080 		(void) snprintf(path, MAXPATHLEN, "%s/%s",
2081 		    pe->pe_dir, pe->pe_nodename);
2082 		devi = e_ddi_hold_devi_by_path(path, 0);
2083 		if (devi != NULL) {
2084 			ddi_release_devi(devi);
2085 		} else {
2086 			err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2087 			    (const char *)pe->pe_nodename);
2088 			if (err) {
2089 				cmn_err(CE_CONT,
2090 				    "devfs: %s: clean-up error %d\n",
2091 				    path, err);
2092 			}
2093 		}
2094 	}
2095 
2096 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2097 		list_remove(&wargs->wa_pathlist, pe);
2098 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2099 		kmem_free(pe, sizeof (*pe));
2100 	}
2101 	kmem_free(wargs, sizeof (*wargs));
2102 	kmem_free(path, MAXPATHLEN);
2103 }
2104 
2105 static int
2106 modctl_allocpriv(const char *name)
2107 {
2108 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2109 	int error;
2110 
2111 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2112 		kmem_free(pstr, PRIVNAME_MAX);
2113 		return (error);
2114 	}
2115 	error = priv_getbyname(pstr, PRIV_ALLOC);
2116 	if (error < 0)
2117 		error = -error;
2118 	else
2119 		error = 0;
2120 	kmem_free(pstr, PRIVNAME_MAX);
2121 	return (error);
2122 }
2123 
2124 static int
2125 modctl_devexists(const char *upath, int pathlen)
2126 {
2127 	char	*path;
2128 	int	ret;
2129 
2130 	/*
2131 	 * copy in the path, including the terminating null
2132 	 */
2133 	pathlen++;
2134 	if (pathlen <= 1 || pathlen > MAXPATHLEN)
2135 		return (EINVAL);
2136 	path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2137 	if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2138 		ret = sdev_modctl_devexists(path);
2139 	}
2140 
2141 	kmem_free(path, pathlen + 1);
2142 	return (ret);
2143 }
2144 
2145 static int
2146 modctl_devreaddir(const char *udir, int udirlen,
2147     char *upaths, int64_t *ulensp)
2148 {
2149 	char	*paths = NULL;
2150 	char	**dirlist = NULL;
2151 	char	*dir;
2152 	int64_t	ulens;
2153 	int64_t	lens;
2154 	int	i, n;
2155 	int	ret = 0;
2156 	char	*p;
2157 	int	npaths;
2158 	int	npaths_alloc;
2159 
2160 	/*
2161 	 * If upaths is NULL then we are only computing the amount of space
2162 	 * needed to return the paths, with the value returned in *ulensp. If we
2163 	 * are copying out paths then we get the amount of space allocated by
2164 	 * the caller. If the actual space needed for paths is larger, or
2165 	 * things are changing out from under us, then we return EAGAIN.
2166 	 */
2167 	if (upaths) {
2168 		if (ulensp == NULL)
2169 			return (EINVAL);
2170 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2171 			return (EFAULT);
2172 	}
2173 
2174 	/*
2175 	 * copyin the /dev path including terminating null
2176 	 */
2177 	udirlen++;
2178 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2179 		return (EINVAL);
2180 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2181 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2182 		goto err;
2183 
2184 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2185 	    &npaths, &npaths_alloc, 0)) != 0) {
2186 		ASSERT(dirlist == NULL);
2187 		goto err;
2188 	}
2189 
2190 	lens = 0;
2191 	for (i = 0; i < npaths; i++) {
2192 		lens += strlen(dirlist[i]) + 1;
2193 	}
2194 	lens++;		/* add one for double termination */
2195 
2196 	if (upaths) {
2197 		if (lens > ulens) {
2198 			ret = EAGAIN;
2199 			goto out;
2200 		}
2201 
2202 		paths = kmem_alloc(lens, KM_SLEEP);
2203 
2204 		p = paths;
2205 		for (i = 0; i < npaths; i++) {
2206 			n = strlen(dirlist[i]) + 1;
2207 			bcopy(dirlist[i], p, n);
2208 			p += n;
2209 		}
2210 		*p = 0;
2211 
2212 		if (copyout(paths, upaths, lens)) {
2213 			ret = EFAULT;
2214 			goto err;
2215 		}
2216 	}
2217 
2218 out:
2219 	/* copy out the amount of space needed to hold the paths */
2220 	if (copyout(&lens, ulensp, sizeof (lens)))
2221 		ret = EFAULT;
2222 
2223 err:
2224 	if (dirlist)
2225 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2226 	if (paths)
2227 		kmem_free(paths, lens);
2228 	kmem_free(dir, udirlen + 1);
2229 	return (ret);
2230 }
2231 
2232 static int
2233 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2234 {
2235 	char	*dir;
2236 	int	ret;
2237 	char	**dirlist = NULL;
2238 	int	npaths;
2239 	int	npaths_alloc;
2240 	int	empty;
2241 
2242 	/*
2243 	 * copyin the /dev path including terminating null
2244 	 */
2245 	udirlen++;
2246 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2247 		return (EINVAL);
2248 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2249 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2250 		goto err;
2251 
2252 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2253 	    &npaths, &npaths_alloc, 1)) != 0) {
2254 		goto err;
2255 	}
2256 
2257 	empty = npaths ? 0 : 1;
2258 	if (copyout(&empty, uempty, sizeof (empty)))
2259 		ret = EFAULT;
2260 
2261 err:
2262 	if (dirlist)
2263 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2264 	kmem_free(dir, udirlen + 1);
2265 	return (ret);
2266 }
2267 
2268 static int
2269 modctl_hp(int subcmd, const char *path, char *cn_name, uintptr_t arg,
2270     uintptr_t rval)
2271 {
2272 	int error = 0;
2273 	size_t pathsz, namesz;
2274 	char *devpath, *cn_name_str;
2275 
2276 	if (path == NULL)
2277 		return (EINVAL);
2278 
2279 	devpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
2280 	error = copyinstr(path, devpath, MAXPATHLEN, &pathsz);
2281 	if (error != 0) {
2282 		kmem_free(devpath, MAXPATHLEN);
2283 		return (EFAULT);
2284 	}
2285 
2286 	cn_name_str = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2287 	error = copyinstr(cn_name, cn_name_str, MAXNAMELEN, &namesz);
2288 	if (error != 0) {
2289 		kmem_free(devpath, MAXPATHLEN);
2290 		kmem_free(cn_name_str, MAXNAMELEN);
2291 
2292 		return (EFAULT);
2293 	}
2294 
2295 	switch (subcmd) {
2296 	case MODHPOPS_CHANGE_STATE:
2297 		error = ddihp_modctl(DDI_HPOP_CN_CHANGE_STATE, devpath,
2298 		    cn_name_str, arg, NULL);
2299 		break;
2300 	case MODHPOPS_CREATE_PORT:
2301 		/* Create an empty PORT */
2302 		error = ddihp_modctl(DDI_HPOP_CN_CREATE_PORT, devpath,
2303 		    cn_name_str, NULL, NULL);
2304 		break;
2305 	case MODHPOPS_REMOVE_PORT:
2306 		/* Remove an empty PORT */
2307 		error = ddihp_modctl(DDI_HPOP_CN_REMOVE_PORT, devpath,
2308 		    cn_name_str, NULL, NULL);
2309 		break;
2310 	case MODHPOPS_BUS_GET:
2311 		error = ddihp_modctl(DDI_HPOP_CN_GET_PROPERTY, devpath,
2312 		    cn_name_str, arg, rval);
2313 		break;
2314 	case MODHPOPS_BUS_SET:
2315 		error = ddihp_modctl(DDI_HPOP_CN_SET_PROPERTY, devpath,
2316 		    cn_name_str, arg, rval);
2317 		break;
2318 	default:
2319 		error = ENOTSUP;
2320 		break;
2321 	}
2322 
2323 	kmem_free(devpath, MAXPATHLEN);
2324 	kmem_free(cn_name_str, MAXNAMELEN);
2325 
2326 	return (error);
2327 }
2328 
2329 int
2330 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2331 {
2332 	int error = 0;
2333 
2334 	switch (subcmd) {
2335 	case MODDEVNAME_LOOKUPDOOR:
2336 		error = devname_filename_register((char *)a1);
2337 		break;
2338 	case MODDEVNAME_PROFILE:
2339 		error = devname_profile_update((char *)a1, (size_t)a2);
2340 		break;
2341 	case MODDEVNAME_RECONFIG:
2342 		i_ddi_set_reconfig();
2343 		break;
2344 	case MODDEVNAME_SYSAVAIL:
2345 		i_ddi_set_sysavail();
2346 		break;
2347 	default:
2348 		error = EINVAL;
2349 		break;
2350 	}
2351 
2352 	return (error);
2353 }
2354 
2355 /*ARGSUSED5*/
2356 int
2357 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2358     uintptr_t a5)
2359 {
2360 	int	error = EINVAL;
2361 	dev_t	dev;
2362 
2363 	if (secpolicy_modctl(CRED(), cmd) != 0)
2364 		return (set_errno(EPERM));
2365 
2366 	switch (cmd) {
2367 	case MODLOAD:		/* load a module */
2368 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2369 		break;
2370 
2371 	case MODUNLOAD:		/* unload a module */
2372 		error = modctl_modunload((modid_t)a1);
2373 		break;
2374 
2375 	case MODINFO:		/* get module status */
2376 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2377 		break;
2378 
2379 	case MODRESERVED:	/* get last major number in range */
2380 		error = modctl_modreserve((modid_t)a1, (int *)a2);
2381 		break;
2382 
2383 	case MODSETMINIROOT:	/* we are running in miniroot */
2384 		isminiroot = 1;
2385 		error = 0;
2386 		break;
2387 
2388 	case MODADDMAJBIND:	/* add major / driver alias bindings */
2389 		error = modctl_add_driver_aliases((int *)a2);
2390 		break;
2391 
2392 	case MODGETPATHLEN:	/* get modpath length */
2393 		error = modctl_getmodpathlen((int *)a2);
2394 		break;
2395 
2396 	case MODGETPATH:	/* get modpath */
2397 		error = modctl_getmodpath((char *)a2);
2398 		break;
2399 
2400 	case MODREADSYSBIND:	/* read system call binding file */
2401 		error = modctl_read_sysbinding_file();
2402 		break;
2403 
2404 	case MODGETMAJBIND:	/* get major number for named device */
2405 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2406 		break;
2407 
2408 	case MODGETNAME:	/* get name of device given major number */
2409 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2410 		break;
2411 
2412 	case MODDEVT2INSTANCE:
2413 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2414 			dev = (dev_t)a1;
2415 		}
2416 #ifdef _SYSCALL32_IMPL
2417 		else {
2418 			dev = expldev(a1);
2419 		}
2420 #endif
2421 		error = modctl_devt2instance(dev, (int *)a2);
2422 		break;
2423 
2424 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
2425 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2426 			dev = (dev_t)a1;
2427 		}
2428 #ifdef _SYSCALL32_IMPL
2429 		else {
2430 			dev = expldev(a1);
2431 		}
2432 #endif
2433 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
2434 		break;
2435 
2436 	case MODGETDEVID:	/* get device id of device given dev_t */
2437 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2438 			dev = (dev_t)a1;
2439 		}
2440 #ifdef _SYSCALL32_IMPL
2441 		else {
2442 			dev = expldev(a1);
2443 		}
2444 #endif
2445 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2446 		break;
2447 
2448 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm (dev_t,spectype) */
2449 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2450 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2451 			    (uint_t *)a3);
2452 		}
2453 #ifdef _SYSCALL32_IMPL
2454 		else {
2455 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2456 			    (uint_t *)a3);
2457 		}
2458 
2459 #endif
2460 		break;
2461 
2462 	case MODGETMINORNAME:		/* get minor name of (dev_t,spectype) */
2463 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2464 			error = modctl_get_minorname((dev_t)a1, (int)a2,
2465 			    (uint_t)a3, (char *)a4);
2466 		}
2467 #ifdef _SYSCALL32_IMPL
2468 		else {
2469 			error = modctl_get_minorname(expldev(a1), (int)a2,
2470 			    (uint_t)a3, (char *)a4);
2471 		}
2472 #endif
2473 		break;
2474 
2475 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of (dev_t,spectype) */
2476 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2477 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
2478 			    (uint_t *)a3);
2479 		}
2480 #ifdef _SYSCALL32_IMPL
2481 		else {
2482 			error = modctl_devfspath_len(expldev(a1), (int)a2,
2483 			    (uint_t *)a3);
2484 		}
2485 
2486 #endif
2487 		break;
2488 
2489 	case MODGETDEVFSPATH:		/* get path name of (dev_t,spec) type */
2490 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2491 			error = modctl_devfspath((dev_t)a1, (int)a2,
2492 			    (uint_t)a3, (char *)a4);
2493 		}
2494 #ifdef _SYSCALL32_IMPL
2495 		else {
2496 			error = modctl_devfspath(expldev(a1), (int)a2,
2497 			    (uint_t)a3, (char *)a4);
2498 		}
2499 #endif
2500 		break;
2501 
2502 	case MODGETDEVFSPATH_MI_LEN:	/* sizeof path nm of (major,instance) */
2503 		error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2504 		    (uint_t *)a3);
2505 		break;
2506 
2507 	case MODGETDEVFSPATH_MI:	/* get path name of (major,instance) */
2508 		error = modctl_devfspath_mi((major_t)a1, (int)a2,
2509 		    (uint_t)a3, (char *)a4);
2510 		break;
2511 
2512 
2513 	case MODEVENTS:
2514 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2515 		break;
2516 
2517 	case MODGETFBNAME:	/* get the framebuffer name */
2518 		error = modctl_get_fbname((char *)a1);
2519 		break;
2520 
2521 	case MODREREADDACF:	/* reread dacf rule database from given file */
2522 		error = modctl_reread_dacf((char *)a1);
2523 		break;
2524 
2525 	case MODLOADDRVCONF:	/* load driver.conf file for major */
2526 		error = modctl_load_drvconf((major_t)a1, (int)a2);
2527 		break;
2528 
2529 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
2530 		error = modctl_unload_drvconf((major_t)a1);
2531 		break;
2532 
2533 	case MODREMMAJBIND:	/* remove a major binding */
2534 		error = modctl_rem_major((major_t)a1);
2535 		break;
2536 
2537 	case MODREMDRVALIAS:	/* remove a major/alias binding */
2538 		error = modctl_remove_driver_aliases((int *)a2);
2539 		break;
2540 
2541 	case MODDEVID2PATHS:	/* get paths given devid */
2542 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2543 		    (uint_t)a3, (size_t *)a4, (char *)a5);
2544 		break;
2545 
2546 	case MODSETDEVPOLICY:	/* establish device policy */
2547 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2548 		break;
2549 
2550 	case MODGETDEVPOLICY:	/* get device policy */
2551 		error = devpolicy_get((int *)a1, (size_t)a2,
2552 		    (devplcysys_t *)a3);
2553 		break;
2554 
2555 	case MODALLOCPRIV:
2556 		error = modctl_allocpriv((const char *)a1);
2557 		break;
2558 
2559 	case MODGETDEVPOLICYBYNAME:
2560 		error = devpolicy_getbyname((size_t)a1,
2561 		    (devplcysys_t *)a2, (char *)a3);
2562 		break;
2563 
2564 	case MODLOADMINORPERM:
2565 	case MODADDMINORPERM:
2566 	case MODREMMINORPERM:
2567 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2568 		break;
2569 
2570 	case MODREMDRVCLEANUP:
2571 		error = modctl_remdrv_cleanup((const char *)a1);
2572 		break;
2573 
2574 	case MODDEVEXISTS:	/* non-reconfiguring /dev lookup */
2575 		error = modctl_devexists((const char *)a1, (size_t)a2);
2576 		break;
2577 
2578 	case MODDEVREADDIR:	/* non-reconfiguring /dev readdir */
2579 		error = modctl_devreaddir((const char *)a1, (size_t)a2,
2580 		    (char *)a3, (int64_t *)a4);
2581 		break;
2582 
2583 	case MODDEVEMPTYDIR:	/* non-reconfiguring /dev emptydir */
2584 		error = modctl_devemptydir((const char *)a1, (size_t)a2,
2585 		    (int *)a3);
2586 		break;
2587 
2588 	case MODDEVNAME:
2589 		error = modctl_moddevname((int)a1, a2, a3);
2590 		break;
2591 
2592 	case MODRETIRE:	/* retire device named by physpath a1 */
2593 		error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2594 		break;
2595 
2596 	case MODISRETIRED:  /* check if a device is retired. */
2597 		error = modctl_is_retired((char *)a1, (int *)a2);
2598 		break;
2599 
2600 	case MODUNRETIRE:	/* unretire device named by physpath a1 */
2601 		error = modctl_unretire((char *)a1);
2602 		break;
2603 
2604 	case MODHPOPS:	/* hotplug operations */
2605 		/* device named by physpath a2 and Connection name a3 */
2606 		error = modctl_hp((int)a1, (char *)a2, (char *)a3, a4, a5);
2607 		break;
2608 
2609 	default:
2610 		error = EINVAL;
2611 		break;
2612 	}
2613 
2614 	return (error ? set_errno(error) : 0);
2615 }
2616 
2617 /*
2618  * Calls to kobj_load_module()() are handled off to this routine in a
2619  * separate thread.
2620  */
2621 static void
2622 modload_thread(struct loadmt *ltp)
2623 {
2624 	/* load the module and signal the creator of this thread */
2625 	kmutex_t	cpr_lk;
2626 	callb_cpr_t	cpr_i;
2627 
2628 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2629 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2630 	/* borrow the devi lock from thread which invoked us */
2631 	pm_borrow_lock(ltp->owner);
2632 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2633 	pm_return_lock();
2634 	sema_v(&ltp->sema);
2635 	mutex_enter(&cpr_lk);
2636 	CALLB_CPR_EXIT(&cpr_i);
2637 	mutex_destroy(&cpr_lk);
2638 	thread_exit();
2639 }
2640 
2641 /*
2642  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2643  * is specified then an errno is returned, otherwise a module index is
2644  * returned (-1 on error).
2645  */
2646 static int
2647 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2648 {
2649 	struct modctl *modp;
2650 	size_t size;
2651 	char *fullname;
2652 	int retval = EINVAL;
2653 	int id = -1;
2654 
2655 	if (rmodp)
2656 		*rmodp = NULL;			/* avoid garbage */
2657 
2658 	if (subdir != NULL) {
2659 		/*
2660 		 * refuse / in filename to prevent "../" escapes.
2661 		 */
2662 		if (strchr(filename, '/') != NULL)
2663 			return (rmodp ? retval : id);
2664 
2665 		/*
2666 		 * allocate enough space for <subdir>/<filename><NULL>
2667 		 */
2668 		size = strlen(subdir) + strlen(filename) + 2;
2669 		fullname = kmem_zalloc(size, KM_SLEEP);
2670 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2671 	} else {
2672 		fullname = (char *)filename;
2673 	}
2674 
2675 	modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2676 	if (modp != NULL) {
2677 		id = modp->mod_id;
2678 		if (rmodp) {
2679 			/* add mod_ref and return *rmodp */
2680 			mutex_enter(&mod_lock);
2681 			modp->mod_ref++;
2682 			mutex_exit(&mod_lock);
2683 			*rmodp = modp;
2684 		}
2685 		mod_release_mod(modp);
2686 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
2687 	}
2688 
2689 done:	if (subdir != NULL)
2690 		kmem_free(fullname, size);
2691 	return (rmodp ? retval : id);
2692 }
2693 
2694 /*
2695  * This is the primary kernel interface to load a module. It loads and
2696  * installs the named module.  It does not hold mod_ref of the module, so
2697  * a module unload attempt can occur at any time - it is up to the
2698  * _fini/mod_remove implementation to determine if unload will succeed.
2699  */
2700 int
2701 modload(const char *subdir, const char *filename)
2702 {
2703 	return (modrload(subdir, filename, NULL));
2704 }
2705 
2706 /*
2707  * Load a module using a series of qualified names from most specific to least
2708  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2709  *			Value returned in *chosen
2710  * foo/bar.baz.1.2.3	3
2711  * foo/bar.baz.1.2	2
2712  * foo/bar.baz.1	1
2713  * foo/bar.baz		0
2714  *
2715  * Return the module ID on success; -1 if no module was loaded.  On success
2716  * and if 'chosen' is not NULL we also return the number of suffices that
2717  * were in the module we chose to load.
2718  */
2719 int
2720 modload_qualified(const char *subdir, const char *p1,
2721     const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2722 {
2723 	char path[MOD_MAXPATH];
2724 	size_t n, resid = sizeof (path);
2725 	char *p = path;
2726 
2727 	char **dotv;
2728 	int i, rc, id;
2729 	modctl_t *mp;
2730 
2731 	if (p2 != NULL)
2732 		n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2733 	else
2734 		n = snprintf(p, resid, "%s/%s", subdir, p1);
2735 
2736 	if (n >= resid)
2737 		return (-1);
2738 
2739 	p += n;
2740 	resid -= n;
2741 	dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2742 
2743 	for (i = 0; i < suffc; i++) {
2744 		dotv[i] = p;
2745 		n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2746 
2747 		if (n >= resid) {
2748 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2749 			return (-1);
2750 		}
2751 
2752 		p += n;
2753 		resid -= n;
2754 	}
2755 
2756 	dotv[suffc] = p;
2757 
2758 	for (i = suffc; i >= 0; i--) {
2759 		dotv[i][0] = '\0';
2760 		mp = mod_hold_installed_mod(path, 1, 1, &rc);
2761 
2762 		if (mp != NULL) {
2763 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2764 			id = mp->mod_id;
2765 			mod_release_mod(mp);
2766 			if (chosen != NULL)
2767 				*chosen = i;
2768 			return (id);
2769 		}
2770 	}
2771 
2772 	kmem_free(dotv, sizeof (char *) * (suffc + 1));
2773 	return (-1);
2774 }
2775 
2776 /*
2777  * Load a module.
2778  */
2779 int
2780 modloadonly(const char *subdir, const char *filename)
2781 {
2782 	struct modctl *modp;
2783 	char *fullname;
2784 	size_t size;
2785 	int id, retval;
2786 
2787 	if (subdir != NULL) {
2788 		/*
2789 		 * allocate enough space for <subdir>/<filename><NULL>
2790 		 */
2791 		size = strlen(subdir) + strlen(filename) + 2;
2792 		fullname = kmem_zalloc(size, KM_SLEEP);
2793 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2794 	} else {
2795 		fullname = (char *)filename;
2796 	}
2797 
2798 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2799 	if (modp) {
2800 		id = modp->mod_id;
2801 		mod_release_mod(modp);
2802 	}
2803 
2804 	if (subdir != NULL)
2805 		kmem_free(fullname, size);
2806 
2807 	if (retval == 0)
2808 		return (id);
2809 	return (-1);
2810 }
2811 
2812 /*
2813  * Try to uninstall and unload a module, removing a reference if caller
2814  * specifies rmodp.
2815  */
2816 static int
2817 modunrload(modid_t id, struct modctl **rmodp, int unload)
2818 {
2819 	struct modctl	*modp;
2820 	int		retval;
2821 
2822 	if (rmodp)
2823 		*rmodp = NULL;			/* avoid garbage */
2824 
2825 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2826 		return (EINVAL);
2827 
2828 	if (rmodp) {
2829 		mutex_enter(&mod_lock);
2830 		modp->mod_ref--;
2831 		mutex_exit(&mod_lock);
2832 		*rmodp = modp;
2833 	}
2834 
2835 	if (unload) {
2836 		retval = moduninstall(modp);
2837 		if (retval == 0) {
2838 			mod_unload(modp);
2839 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2840 		} else if (retval == EALREADY)
2841 			retval = 0;	/* already unloaded, not an error */
2842 	} else
2843 		retval = 0;
2844 
2845 	mod_release_mod(modp);
2846 	return (retval);
2847 }
2848 
2849 /*
2850  * Uninstall and unload a module.
2851  */
2852 int
2853 modunload(modid_t id)
2854 {
2855 	int		retval;
2856 
2857 	/* synchronize with any active modunload_disable() */
2858 	modunload_begin();
2859 	if (ddi_root_node())
2860 		(void) devfs_clean(ddi_root_node(), NULL, 0);
2861 	retval = modunrload(id, NULL, 1);
2862 	modunload_end();
2863 	return (retval);
2864 }
2865 
2866 /*
2867  * Return status of a loaded module.
2868  */
2869 static int
2870 modinfo(modid_t id, struct modinfo *modinfop)
2871 {
2872 	struct modctl	*modp;
2873 	modid_t		mid;
2874 	int		i;
2875 
2876 	mid = modinfop->mi_id;
2877 	if (modinfop->mi_info & MI_INFO_ALL) {
2878 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2879 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2880 			    modp->mod_installed)
2881 				break;
2882 			mod_release_mod(modp);
2883 		}
2884 		if (modp == NULL)
2885 			return (EINVAL);
2886 	} else {
2887 		modp = mod_hold_by_id(id);
2888 		if (modp == NULL)
2889 			return (EINVAL);
2890 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2891 		    (modp->mod_installed == 0)) {
2892 			mod_release_mod(modp);
2893 			return (EINVAL);
2894 		}
2895 	}
2896 
2897 	modinfop->mi_rev = 0;
2898 	modinfop->mi_state = 0;
2899 	for (i = 0; i < MODMAXLINK; i++) {
2900 		modinfop->mi_msinfo[i].msi_p0 = -1;
2901 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2902 	}
2903 	if (modp->mod_loaded) {
2904 		modinfop->mi_state = MI_LOADED;
2905 		kobj_getmodinfo(modp->mod_mp, modinfop);
2906 	}
2907 	if (modp->mod_installed) {
2908 		modinfop->mi_state |= MI_INSTALLED;
2909 
2910 		(void) mod_getinfo(modp, modinfop);
2911 	}
2912 
2913 	modinfop->mi_id = modp->mod_id;
2914 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2915 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2916 
2917 	mod_release_mod(modp);
2918 	return (0);
2919 }
2920 
2921 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2922 static char no_err[] = "No error function for weak stub %s";
2923 
2924 /*
2925  * used by the stubs themselves to load and hold a module.
2926  * Returns  0 if the module is successfully held;
2927  *	    the stub needs to call mod_release_stub().
2928  *	    -1 if the stub should just call the err_fcn.
2929  * Note that this code is stretched out so that we avoid subroutine calls
2930  * and optimize for the most likely case.  That is, the case where the
2931  * module is loaded and installed and not held.  In that case we just inc
2932  * the mod_ref count and continue.
2933  */
2934 int
2935 mod_hold_stub(struct mod_stub_info *stub)
2936 {
2937 	struct modctl *mp;
2938 	struct mod_modinfo *mip;
2939 
2940 	mip = stub->mods_modinfo;
2941 
2942 	mutex_enter(&mod_lock);
2943 
2944 	/* we do mod_hold_by_modctl inline for speed */
2945 
2946 mod_check_again:
2947 	if ((mp = mip->mp) != NULL) {
2948 		if (mp->mod_busy == 0) {
2949 			if (mp->mod_installed) {
2950 				/* increment the reference count */
2951 				mp->mod_ref++;
2952 				ASSERT(mp->mod_ref && mp->mod_installed);
2953 				mutex_exit(&mod_lock);
2954 				return (0);
2955 			} else {
2956 				mp->mod_busy = 1;
2957 				mp->mod_inprogress_thread =
2958 				    (curthread == NULL ?
2959 				    (kthread_id_t)-1 : curthread);
2960 			}
2961 		} else {
2962 			/*
2963 			 * wait one time and then go see if someone
2964 			 * else has resolved the stub (set mip->mp).
2965 			 */
2966 			if (mod_hold_by_modctl(mp,
2967 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2968 				goto mod_check_again;
2969 
2970 			/*
2971 			 * what we have now may have been unloaded!, in
2972 			 * that case, mip->mp will be NULL, we'll hit this
2973 			 * module and load again..
2974 			 */
2975 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2976 		}
2977 		mutex_exit(&mod_lock);
2978 	} else {
2979 		/* first time we've hit this module */
2980 		mutex_exit(&mod_lock);
2981 		mp = mod_hold_by_name(mip->modm_module_name);
2982 		mip->mp = mp;
2983 	}
2984 
2985 	/*
2986 	 * If we are here, it means that the following conditions
2987 	 * are satisfied.
2988 	 *
2989 	 * mip->mp != NULL
2990 	 * this thread has set the mp->mod_busy = 1
2991 	 * mp->mod_installed = 0
2992 	 *
2993 	 */
2994 	ASSERT(mp != NULL);
2995 	ASSERT(mp->mod_busy == 1);
2996 
2997 	if (mp->mod_installed == 0) {
2998 		/* Module not loaded, if weak stub don't load it */
2999 		if (stub->mods_flag & MODS_WEAK) {
3000 			if (stub->mods_errfcn == NULL) {
3001 				mod_release_mod(mp);
3002 				cmn_err(CE_PANIC, no_err,
3003 				    mip->modm_module_name);
3004 			}
3005 		} else {
3006 			/* Not a weak stub so load the module */
3007 
3008 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
3009 				/*
3010 				 * If mod_load() was successful
3011 				 * and modinstall() failed, then
3012 				 * unload the module.
3013 				 */
3014 				if (mp->mod_loaded)
3015 					mod_unload(mp);
3016 
3017 				mod_release_mod(mp);
3018 				if (stub->mods_errfcn == NULL) {
3019 					cmn_err(CE_PANIC, mod_stub_err,
3020 					    mip->modm_module_name);
3021 				} else {
3022 					return (-1);
3023 				}
3024 			}
3025 		}
3026 	}
3027 
3028 	/*
3029 	 * At this point module is held and loaded. Release
3030 	 * the mod_busy and mod_inprogress_thread before
3031 	 * returning. We actually call mod_release() here so
3032 	 * that if another stub wants to access this module,
3033 	 * it can do so. mod_ref is incremented before mod_release()
3034 	 * is called to prevent someone else from snatching the
3035 	 * module from this thread.
3036 	 */
3037 	mutex_enter(&mod_lock);
3038 	mp->mod_ref++;
3039 	ASSERT(mp->mod_ref &&
3040 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3041 	mod_release(mp);
3042 	mutex_exit(&mod_lock);
3043 	return (0);
3044 }
3045 
3046 void
3047 mod_release_stub(struct mod_stub_info *stub)
3048 {
3049 	struct modctl *mp = stub->mods_modinfo->mp;
3050 
3051 	/* inline mod_release_mod */
3052 	mutex_enter(&mod_lock);
3053 	ASSERT(mp->mod_ref &&
3054 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3055 	mp->mod_ref--;
3056 	if (mp->mod_want) {
3057 		mp->mod_want = 0;
3058 		cv_broadcast(&mod_cv);
3059 	}
3060 	mutex_exit(&mod_lock);
3061 }
3062 
3063 static struct modctl *
3064 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
3065 {
3066 	struct modctl *modp;
3067 	int retval;
3068 
3069 	/*
3070 	 * Hold the module.
3071 	 */
3072 	modp = mod_hold_by_name_requisite(dep, filename);
3073 	if (modp) {
3074 		retval = mod_load(modp, 1);
3075 		if (retval != 0) {
3076 			mod_release_mod(modp);
3077 			modp = NULL;
3078 		}
3079 		*status = retval;
3080 	} else {
3081 		*status = ENOSPC;
3082 	}
3083 
3084 	/*
3085 	 * if dep is not NULL, clear the module dependency information.
3086 	 * This information is set in mod_hold_by_name_common().
3087 	 */
3088 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
3089 		ASSERT(dep->mod_busy);
3090 		dep->mod_requisite_loading = NULL;
3091 	}
3092 
3093 	return (modp);
3094 }
3095 
3096 /*
3097  * hold, load, and install the named module
3098  */
3099 static struct modctl *
3100 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3101 {
3102 	struct modctl *modp;
3103 	int retval;
3104 
3105 	/*
3106 	 * Verify that that module in question actually exists on disk
3107 	 * before allocation of module structure by mod_hold_by_name.
3108 	 */
3109 	if (modrootloaded && swaploaded || forcecheck) {
3110 		if (!kobj_path_exists(name, usepath)) {
3111 			*r = ENOENT;
3112 			return (NULL);
3113 		}
3114 	}
3115 
3116 	/*
3117 	 * Hold the module.
3118 	 */
3119 	modp = mod_hold_by_name(name);
3120 	if (modp) {
3121 		retval = mod_load(modp, usepath);
3122 		if (retval != 0) {
3123 			mod_release_mod(modp);
3124 			modp = NULL;
3125 			*r = retval;
3126 		} else {
3127 			if ((*r = modinstall(modp)) != 0) {
3128 				/*
3129 				 * We loaded it, but failed to _init() it.
3130 				 * Be kind to developers -- force it
3131 				 * out of memory now so that the next
3132 				 * attempt to use the module will cause
3133 				 * a reload.  See 1093793.
3134 				 */
3135 				mod_unload(modp);
3136 				mod_release_mod(modp);
3137 				modp = NULL;
3138 			}
3139 		}
3140 	} else {
3141 		*r = ENOSPC;
3142 	}
3143 	return (modp);
3144 }
3145 
3146 static char mod_excl_msg[] =
3147 	"module %s(%s) is EXCLUDED and will not be loaded\n";
3148 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3149 
3150 /*
3151  * This routine is needed for dependencies.  Users specify dependencies
3152  * by declaring a character array initialized to filenames of dependents.
3153  * So the code that handles dependents deals with filenames (and not
3154  * module names) because that's all it has.  We load by filename and once
3155  * we've loaded a file we can get the module name.
3156  * Unfortunately there isn't a single unified filename/modulename namespace.
3157  * C'est la vie.
3158  *
3159  * We allow the name being looked up to be prepended by an optional
3160  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3161  */
3162 struct modctl *
3163 mod_find_by_filename(char *subdir, char *filename)
3164 {
3165 	struct modctl	*mp;
3166 	size_t		sublen;
3167 
3168 	ASSERT(!MUTEX_HELD(&mod_lock));
3169 	if (subdir != NULL)
3170 		sublen = strlen(subdir);
3171 	else
3172 		sublen = 0;
3173 
3174 	mutex_enter(&mod_lock);
3175 	mp = &modules;
3176 	do {
3177 		if (sublen) {
3178 			char *mod_filename = mp->mod_filename;
3179 
3180 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
3181 			    mod_filename[sublen] == '/' &&
3182 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3183 				mutex_exit(&mod_lock);
3184 				return (mp);
3185 			}
3186 		} else if (strcmp(filename, mp->mod_filename) == 0) {
3187 			mutex_exit(&mod_lock);
3188 			return (mp);
3189 		}
3190 	} while ((mp = mp->mod_next) != &modules);
3191 	mutex_exit(&mod_lock);
3192 	return (NULL);
3193 }
3194 
3195 /*
3196  * Check for circular dependencies.  This is called from do_dependents()
3197  * in kobj.c.  If we are the thread already loading this module, then
3198  * we're trying to load a dependent that we're already loading which
3199  * means the user specified circular dependencies.
3200  */
3201 static int
3202 mod_circdep(struct modctl *modp)
3203 {
3204 	struct modctl	*rmod;
3205 
3206 	ASSERT(MUTEX_HELD(&mod_lock));
3207 
3208 	/*
3209 	 * Check the mod_inprogress_thread first.
3210 	 * mod_inprogress_thread is used in mod_hold_stub()
3211 	 * directly to improve performance.
3212 	 */
3213 	if (modp->mod_inprogress_thread == curthread)
3214 		return (1);
3215 
3216 	/*
3217 	 * Check the module circular dependencies.
3218 	 */
3219 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3220 		/*
3221 		 * Check if there is a module circular dependency.
3222 		 */
3223 		if (rmod->mod_requisite_loading == modp)
3224 			return (1);
3225 	}
3226 	return (0);
3227 }
3228 
3229 static int
3230 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3231 {
3232 	int (*func)(struct modinfo *);
3233 	int retval;
3234 
3235 	ASSERT(modp->mod_busy);
3236 
3237 	/* primary modules don't do getinfo */
3238 	if (modp->mod_prim)
3239 		return (0);
3240 
3241 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3242 
3243 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3244 		cmn_err(CE_WARN, "_info() not defined properly in %s",
3245 		    modp->mod_filename);
3246 		/*
3247 		 * The semantics of mod_info(9F) are that 0 is failure
3248 		 * and non-zero is success.
3249 		 */
3250 		retval = 0;
3251 	} else
3252 		retval = (*func)(modinfop);	/* call _info() function */
3253 
3254 	if (moddebug & MODDEBUG_USERDEBUG)
3255 		printf("Returned from _info, retval = %x\n", retval);
3256 
3257 	return (retval);
3258 }
3259 
3260 static void
3261 modadd(struct modctl *mp)
3262 {
3263 	ASSERT(MUTEX_HELD(&mod_lock));
3264 
3265 	mp->mod_id = last_module_id++;
3266 	mp->mod_next = &modules;
3267 	mp->mod_prev = modules.mod_prev;
3268 	modules.mod_prev->mod_next = mp;
3269 	modules.mod_prev = mp;
3270 }
3271 
3272 /*ARGSUSED*/
3273 static struct modctl *
3274 allocate_modp(const char *filename, const char *modname)
3275 {
3276 	struct modctl *mp;
3277 
3278 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3279 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3280 	(void) strcpy(mp->mod_modname, modname);
3281 	return (mp);
3282 }
3283 
3284 /*
3285  * Get the value of a symbol.  This is a wrapper routine that
3286  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3287  * wrapper will prevent callers from noticing.
3288  */
3289 uintptr_t
3290 modgetsymvalue(char *name, int kernelonly)
3291 {
3292 	return (kobj_getsymvalue(name, kernelonly));
3293 }
3294 
3295 /*
3296  * Get the symbol nearest an address.  This is a wrapper routine that
3297  * calls kobj_getsymname().  kobj_getsymname() may go away but this
3298  * wrapper will prevent callers from noticing.
3299  */
3300 char *
3301 modgetsymname(uintptr_t value, ulong_t *offset)
3302 {
3303 	return (kobj_getsymname(value, offset));
3304 }
3305 
3306 /*
3307  * Lookup a symbol in a specified module.  These are wrapper routines that
3308  * call kobj_lookup().	kobj_lookup() may go away but these wrappers will
3309  * prevent callers from noticing.
3310  */
3311 uintptr_t
3312 modlookup(const char *modname, const char *symname)
3313 {
3314 	struct modctl *modp;
3315 	uintptr_t val;
3316 
3317 	if ((modp = mod_hold_by_name(modname)) == NULL)
3318 		return (0);
3319 	val = kobj_lookup(modp->mod_mp, symname);
3320 	mod_release_mod(modp);
3321 	return (val);
3322 }
3323 
3324 uintptr_t
3325 modlookup_by_modctl(modctl_t *modp, const char *symname)
3326 {
3327 	ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3328 
3329 	return (kobj_lookup(modp->mod_mp, symname));
3330 }
3331 
3332 /*
3333  * Ask the user for the name of the system file and the default path
3334  * for modules.
3335  */
3336 void
3337 mod_askparams()
3338 {
3339 	static char s0[64];
3340 	intptr_t fd;
3341 
3342 	if ((fd = kobj_open(systemfile)) != -1L)
3343 		kobj_close(fd);
3344 	else
3345 		systemfile = NULL;
3346 
3347 	/*CONSTANTCONDITION*/
3348 	while (1) {
3349 		printf("Name of system file [%s]:  ",
3350 		    systemfile ? systemfile : "/dev/null");
3351 
3352 		console_gets(s0, sizeof (s0));
3353 
3354 		if (s0[0] == '\0')
3355 			break;
3356 		else if (strcmp(s0, "/dev/null") == 0) {
3357 			systemfile = NULL;
3358 			break;
3359 		} else {
3360 			if ((fd = kobj_open(s0)) != -1L) {
3361 				kobj_close(fd);
3362 				systemfile = s0;
3363 				break;
3364 			}
3365 		}
3366 		printf("can't find file %s\n", s0);
3367 	}
3368 }
3369 
3370 static char loading_msg[] = "loading '%s' id %d\n";
3371 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3372 
3373 /*
3374  * Common code for loading a module (but not installing it).
3375  * Handoff the task of module loading to a separate thread
3376  * with a large stack if possible, since this code may recurse a few times.
3377  * Return zero if there are no errors or an errno value.
3378  */
3379 static int
3380 mod_load(struct modctl *mp, int usepath)
3381 {
3382 	int		retval;
3383 	struct modinfo	*modinfop = NULL;
3384 	struct loadmt	lt;
3385 
3386 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3387 	ASSERT(mp->mod_busy);
3388 
3389 	if (mp->mod_loaded)
3390 		return (0);
3391 
3392 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3393 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3394 		if (moddebug & MODDEBUG_LOADMSG) {
3395 			printf(mod_excl_msg, mp->mod_filename,
3396 			    mp->mod_modname);
3397 		}
3398 		return (ENXIO);
3399 	}
3400 	if (moddebug & MODDEBUG_LOADMSG2)
3401 		printf(loading_msg, mp->mod_filename, mp->mod_id);
3402 
3403 	if (curthread != &t0) {
3404 		lt.mp = mp;
3405 		lt.usepath = usepath;
3406 		lt.owner = curthread;
3407 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3408 
3409 		/* create thread to hand of call to */
3410 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
3411 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3412 
3413 		/* wait for thread to complete kobj_load_module */
3414 		sema_p(&lt.sema);
3415 
3416 		sema_destroy(&lt.sema);
3417 		retval = lt.retval;
3418 	} else
3419 		retval = kobj_load_module(mp, usepath);
3420 
3421 	if (mp->mod_mp) {
3422 		ASSERT(retval == 0);
3423 		mp->mod_loaded = 1;
3424 		mp->mod_loadcnt++;
3425 		if (moddebug & MODDEBUG_LOADMSG) {
3426 			printf(load_msg, mp->mod_filename, mp->mod_id,
3427 			    (void *)((struct module *)mp->mod_mp)->text,
3428 			    (void *)((struct module *)mp->mod_mp)->data,
3429 			    ((struct module *)mp->mod_mp)->text_size,
3430 			    ((struct module *)mp->mod_mp)->data_size);
3431 		}
3432 
3433 		/*
3434 		 * XXX - There should be a better way to get this.
3435 		 */
3436 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3437 		modinfop->mi_info = MI_INFO_LINKAGE;
3438 		if (mod_getinfo(mp, modinfop) == 0)
3439 			mp->mod_linkage = NULL;
3440 		else {
3441 			mp->mod_linkage = (void *)modinfop->mi_base;
3442 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3443 		}
3444 
3445 		/*
3446 		 * DCS: bootstrapping code. If the driver is loaded
3447 		 * before root mount, it is assumed that the driver
3448 		 * may be used before mounting root. In order to
3449 		 * access mappings of global to local minor no.'s
3450 		 * during installation/open of the driver, we load
3451 		 * them into memory here while the BOP_interfaces
3452 		 * are still up.
3453 		 */
3454 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3455 			retval = clboot_modload(mp);
3456 		}
3457 
3458 		kmem_free(modinfop, sizeof (struct modinfo));
3459 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3460 		retval = install_stubs_by_name(mp, mp->mod_modname);
3461 
3462 		/*
3463 		 * Now that the module is loaded, we need to give DTrace
3464 		 * a chance to notify its providers.  This is done via
3465 		 * the dtrace_modload function pointer.
3466 		 */
3467 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
3468 			struct modctl *dmp = mod_hold_by_name("dtrace");
3469 
3470 			if (dmp != NULL && dtrace_modload != NULL)
3471 				(*dtrace_modload)(mp);
3472 
3473 			mod_release_mod(dmp);
3474 		}
3475 
3476 	} else {
3477 		/*
3478 		 * If load failed then we need to release any requisites
3479 		 * that we had established.
3480 		 */
3481 		ASSERT(retval);
3482 		mod_release_requisites(mp);
3483 
3484 		if (moddebug & MODDEBUG_ERRMSG)
3485 			printf("error loading '%s', error %d\n",
3486 			    mp->mod_filename, retval);
3487 	}
3488 	return (retval);
3489 }
3490 
3491 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3492 
3493 static void
3494 mod_unload(struct modctl *mp)
3495 {
3496 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3497 	ASSERT(mp->mod_busy);
3498 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3499 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3500 
3501 	if (moddebug & MODDEBUG_LOADMSG)
3502 		printf(unload_msg, mp->mod_modname,
3503 		    mp->mod_id, mp->mod_loadcnt);
3504 
3505 	/*
3506 	 * If mod_ref is not zero, it means some modules might still refer
3507 	 * to this module. Then you can't unload this module right now.
3508 	 * Instead, set 1 to mod_delay_unload to notify the system of
3509 	 * unloading this module later when it's not required any more.
3510 	 */
3511 	if (mp->mod_ref > 0) {
3512 		mp->mod_delay_unload = 1;
3513 		if (moddebug & MODDEBUG_LOADMSG2) {
3514 			printf("module %s not unloaded,"
3515 			    " non-zero reference count (%d)",
3516 			    mp->mod_modname, mp->mod_ref);
3517 		}
3518 		return;
3519 	}
3520 
3521 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3522 	    (mp->mod_ref || mp->mod_prim)) {
3523 		/*
3524 		 * A DEBUG kernel would ASSERT panic above, the code is broken
3525 		 * if we get this warning.
3526 		 */
3527 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3528 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3529 		    mp->mod_ref);
3530 		return;
3531 	}
3532 
3533 	/* reset stub functions to call the binder again */
3534 	reset_stubs(mp);
3535 
3536 	/*
3537 	 * mark module as unloaded before the modctl structure is freed.
3538 	 * This is required not to reuse the modctl structure before
3539 	 * the module is marked as unloaded.
3540 	 */
3541 	mp->mod_loaded = 0;
3542 	mp->mod_linkage = NULL;
3543 
3544 	/* free the memory */
3545 	kobj_unload_module(mp);
3546 
3547 	if (mp->mod_delay_unload) {
3548 		mp->mod_delay_unload = 0;
3549 		if (moddebug & MODDEBUG_LOADMSG2) {
3550 			printf("deferred unload of module %s"
3551 			    " (id %d) successful",
3552 			    mp->mod_modname, mp->mod_id);
3553 		}
3554 	}
3555 
3556 	/* release hold on requisites */
3557 	mod_release_requisites(mp);
3558 
3559 	/*
3560 	 * Now that the module is gone, we need to give DTrace a chance to
3561 	 * remove any probes that it may have had in the module.  This is
3562 	 * done via the dtrace_modunload function pointer.
3563 	 */
3564 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
3565 		struct modctl *dmp = mod_hold_by_name("dtrace");
3566 
3567 		if (dmp != NULL && dtrace_modunload != NULL)
3568 			(*dtrace_modunload)(mp);
3569 
3570 		mod_release_mod(dmp);
3571 	}
3572 }
3573 
3574 static int
3575 modinstall(struct modctl *mp)
3576 {
3577 	int val;
3578 	int (*func)(void);
3579 
3580 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3581 	ASSERT(mp->mod_busy && mp->mod_loaded);
3582 
3583 	if (mp->mod_installed)
3584 		return (0);
3585 	/*
3586 	 * If mod_delay_unload is on, it means the system chose the deferred
3587 	 * unload for this module. Then you can't install this module until
3588 	 * it's unloaded from the system.
3589 	 */
3590 	if (mp->mod_delay_unload)
3591 		return (ENXIO);
3592 
3593 	if (moddebug & MODDEBUG_LOADMSG)
3594 		printf("installing %s, module id %d.\n",
3595 		    mp->mod_modname, mp->mod_id);
3596 
3597 	ASSERT(mp->mod_mp != NULL);
3598 	if (mod_install_requisites(mp) != 0) {
3599 		/*
3600 		 * Note that we can't call mod_unload(mp) here since
3601 		 * if modinstall() was called by mod_install_requisites(),
3602 		 * we won't be able to hold the dependent modules
3603 		 * (otherwise there would be a deadlock).
3604 		 */
3605 		return (ENXIO);
3606 	}
3607 
3608 	if (moddebug & MODDEBUG_ERRMSG) {
3609 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3610 		    mp->mod_filename, mp->mod_id,
3611 		    (void *)((struct module *)mp->mod_mp)->text,
3612 		    (void *)((struct module *)mp->mod_mp)->data,
3613 		    ((struct module *)mp->mod_mp)->text_size,
3614 		    ((struct module *)mp->mod_mp)->data_size);
3615 	}
3616 
3617 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3618 
3619 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3620 		cmn_err(CE_WARN, "_init() not defined properly in %s",
3621 		    mp->mod_filename);
3622 		return (EFAULT);
3623 	}
3624 
3625 	if (moddebug & MODDEBUG_USERDEBUG) {
3626 		printf("breakpoint before calling %s:_init()\n",
3627 		    mp->mod_modname);
3628 		if (DEBUGGER_PRESENT)
3629 			debug_enter("_init");
3630 	}
3631 
3632 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3633 	ASSERT(mp->mod_busy && mp->mod_loaded);
3634 	val = (*func)();		/* call _init */
3635 
3636 	if (moddebug & MODDEBUG_USERDEBUG)
3637 		printf("Returned from _init, val = %x\n", val);
3638 
3639 	if (val == 0) {
3640 		/*
3641 		 * Set the MODS_INSTALLED flag to enable this module
3642 		 * being called now.
3643 		 */
3644 		install_stubs(mp);
3645 		mp->mod_installed = 1;
3646 	} else if (moddebug & MODDEBUG_ERRMSG)
3647 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3648 
3649 	return (val);
3650 }
3651 
3652 int	detach_driver_unconfig = 0;
3653 
3654 static int
3655 detach_driver(char *name)
3656 {
3657 	major_t major;
3658 	int error;
3659 
3660 	/*
3661 	 * If being called from mod_uninstall_all() then the appropriate
3662 	 * driver detaches (leaf only) have already been done.
3663 	 */
3664 	if (mod_in_autounload())
3665 		return (0);
3666 
3667 	major = ddi_name_to_major(name);
3668 	if (major == DDI_MAJOR_T_NONE)
3669 		return (0);
3670 
3671 	error = ndi_devi_unconfig_driver(ddi_root_node(),
3672 	    NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3673 	return (error == NDI_SUCCESS ? 0 : -1);
3674 }
3675 
3676 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3677 
3678 static int
3679 moduninstall(struct modctl *mp)
3680 {
3681 	int status = 0;
3682 	int (*func)(void);
3683 
3684 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3685 	ASSERT(mp->mod_busy);
3686 
3687 	/*
3688 	 * Verify that we need to do something and can uninstall the module.
3689 	 *
3690 	 * If we should not uninstall the module or if the module is not in
3691 	 * the correct state to start an uninstall we return EBUSY to prevent
3692 	 * us from progressing to mod_unload.  If the module has already been
3693 	 * uninstalled and unloaded we return EALREADY.
3694 	 */
3695 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3696 		return (EBUSY);
3697 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3698 		return (EALREADY);
3699 
3700 	/*
3701 	 * To avoid devinfo / module deadlock we must release this module
3702 	 * prior to initiating the detach_driver, otherwise the detach_driver
3703 	 * might deadlock on a devinfo node held by another thread
3704 	 * coming top down and involving the module we have locked.
3705 	 *
3706 	 * When we regrab the module we must reverify that it is OK
3707 	 * to proceed with the uninstall operation.
3708 	 */
3709 	mod_release_mod(mp);
3710 	status = detach_driver(mp->mod_modname);
3711 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3712 
3713 	/* check detach status and reverify state with lock */
3714 	mutex_enter(&mod_lock);
3715 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3716 		mutex_exit(&mod_lock);
3717 		return (EBUSY);
3718 	}
3719 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3720 		mutex_exit(&mod_lock);
3721 		return (EALREADY);
3722 	}
3723 	mutex_exit(&mod_lock);
3724 
3725 	if (moddebug & MODDEBUG_LOADMSG2)
3726 		printf("uninstalling %s\n", mp->mod_modname);
3727 
3728 	/*
3729 	 * lookup _fini, return EBUSY if not defined.
3730 	 *
3731 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3732 	 * detach(9E) - it allows bufctl addresses to be resolved.
3733 	 */
3734 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3735 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3736 	    (moddebug & MODDEBUG_FINI_EBUSY))
3737 		return (EBUSY);
3738 
3739 	/* verify that _fini is in this module */
3740 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3741 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
3742 		    mp->mod_filename);
3743 		return (EFAULT);
3744 	}
3745 
3746 	/* call _fini() */
3747 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3748 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3749 
3750 	status = (*func)();
3751 
3752 	if (status == 0) {
3753 		/* _fini returned success, the module is no longer installed */
3754 		if (moddebug & MODDEBUG_LOADMSG)
3755 			printf("uninstalled %s\n", mp->mod_modname);
3756 
3757 		/*
3758 		 * Even though we only set mod_installed to zero here, a zero
3759 		 * return value means we are committed to a code path were
3760 		 * mod_loaded will also end up as zero - we have no other
3761 		 * way to get the module data and bss back to the pre _init
3762 		 * state except a reload. To ensure this, after return,
3763 		 * mod_busy must stay set until mod_loaded is cleared.
3764 		 */
3765 		mp->mod_installed = 0;
3766 
3767 		/*
3768 		 * Clear the MODS_INSTALLED flag not to call functions
3769 		 * in the module directly from now on.
3770 		 */
3771 		uninstall_stubs(mp);
3772 	} else {
3773 		if (moddebug & MODDEBUG_USERDEBUG)
3774 			printf(finiret_msg, mp->mod_filename, status);
3775 		/*
3776 		 * By definition _fini is only allowed to return EBUSY or the
3777 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
3778 		 * that a driver returns EALREADY we convert this to EINVAL
3779 		 * since to our caller EALREADY means module was already
3780 		 * removed.
3781 		 */
3782 		if (status == EALREADY)
3783 			status = EINVAL;
3784 	}
3785 
3786 	return (status);
3787 }
3788 
3789 /*
3790  * Uninstall all modules.
3791  */
3792 static void
3793 mod_uninstall_all(void)
3794 {
3795 	struct modctl	*mp;
3796 	modid_t		modid = 0;
3797 
3798 	/* synchronize with any active modunload_disable() */
3799 	modunload_begin();
3800 
3801 	/* mark this thread as doing autounloading */
3802 	(void) tsd_set(mod_autounload_key, (void *)1);
3803 
3804 	(void) devfs_clean(ddi_root_node(), NULL, 0);
3805 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3806 
3807 	while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3808 		modid = mp->mod_id;
3809 		/*
3810 		 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3811 		 */
3812 		if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3813 			mod_release_mod(mp);
3814 			continue;
3815 		}
3816 
3817 		if (moduninstall(mp) == 0) {
3818 			mod_unload(mp);
3819 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3820 		}
3821 		mod_release_mod(mp);
3822 	}
3823 
3824 	(void) tsd_set(mod_autounload_key, NULL);
3825 	modunload_end();
3826 }
3827 
3828 /* wait for unloads that have begun before registering disable */
3829 void
3830 modunload_disable(void)
3831 {
3832 	mutex_enter(&modunload_wait_mutex);
3833 	while (modunload_active_count) {
3834 		modunload_wait++;
3835 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3836 		modunload_wait--;
3837 	}
3838 	modunload_disable_count++;
3839 	mutex_exit(&modunload_wait_mutex);
3840 }
3841 
3842 /* mark end of disable and signal waiters */
3843 void
3844 modunload_enable(void)
3845 {
3846 	mutex_enter(&modunload_wait_mutex);
3847 	modunload_disable_count--;
3848 	if ((modunload_disable_count == 0) && modunload_wait)
3849 		cv_broadcast(&modunload_wait_cv);
3850 	mutex_exit(&modunload_wait_mutex);
3851 }
3852 
3853 /* wait for disables to complete before begining unload */
3854 void
3855 modunload_begin()
3856 {
3857 	mutex_enter(&modunload_wait_mutex);
3858 	while (modunload_disable_count) {
3859 		modunload_wait++;
3860 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3861 		modunload_wait--;
3862 	}
3863 	modunload_active_count++;
3864 	mutex_exit(&modunload_wait_mutex);
3865 }
3866 
3867 /* mark end of unload and signal waiters */
3868 void
3869 modunload_end()
3870 {
3871 	mutex_enter(&modunload_wait_mutex);
3872 	modunload_active_count--;
3873 	if ((modunload_active_count == 0) && modunload_wait)
3874 		cv_broadcast(&modunload_wait_cv);
3875 	mutex_exit(&modunload_wait_mutex);
3876 }
3877 
3878 void
3879 mod_uninstall_daemon(void)
3880 {
3881 	callb_cpr_t	cprinfo;
3882 	clock_t		ticks;
3883 
3884 	mod_aul_thread = curthread;
3885 
3886 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3887 	for (;;) {
3888 		mutex_enter(&mod_uninstall_lock);
3889 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3890 		/*
3891 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3892 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3893 		 * be disabled by setting mod_uninstall_interval to 0 which is
3894 		 * the default for a non-DEBUG kernel.
3895 		 */
3896 		if (mod_uninstall_interval) {
3897 			ticks = drv_usectohz(mod_uninstall_interval * 1000000);
3898 			(void) cv_reltimedwait(&mod_uninstall_cv,
3899 			    &mod_uninstall_lock, ticks, TR_CLOCK_TICK);
3900 		} else {
3901 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3902 		}
3903 		/*
3904 		 * The whole daemon is safe for CPR except we don't want
3905 		 * the daemon to run if FREEZE is issued and this daemon
3906 		 * wakes up from the cv_wait above. In this case, it'll be
3907 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3908 		 *
3909 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3910 		 * mod_uninstall_lock is used to protect cprinfo and
3911 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3912 		 * called.
3913 		 */
3914 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3915 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3916 		mutex_exit(&mod_uninstall_lock);
3917 		if ((modunload_disable_count == 0) &&
3918 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3919 			mod_uninstall_all();
3920 		}
3921 	}
3922 }
3923 
3924 /*
3925  * Unload all uninstalled modules.
3926  */
3927 void
3928 modreap(void)
3929 {
3930 	mutex_enter(&mod_uninstall_lock);
3931 	cv_broadcast(&mod_uninstall_cv);
3932 	mutex_exit(&mod_uninstall_lock);
3933 }
3934 
3935 /*
3936  * Hold the specified module. This is the module holding primitive.
3937  *
3938  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3939  *
3940  * Return values:
3941  *	 0 ==> the module is held
3942  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3943  *		to determine how to retry.
3944  */
3945 int
3946 mod_hold_by_modctl(struct modctl *mp, int f)
3947 {
3948 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3949 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3950 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3951 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3952 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3953 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3954 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3955 
3956 	if (f & MOD_LOCK_NOT_HELD)
3957 		mutex_enter(&mod_lock);
3958 
3959 	while (mp->mod_busy) {
3960 		mp->mod_want = 1;
3961 		cv_wait(&mod_cv, &mod_lock);
3962 		/*
3963 		 * Module may be unloaded by daemon.
3964 		 * Nevertheless, modctl structure is still in linked list
3965 		 * (i.e., off &modules), not freed!
3966 		 * Caller is not supposed to assume "mp" is valid, but there
3967 		 * is no reasonable way to detect this but using
3968 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3969 		 *   (or similar check depending on calling context)
3970 		 * DON'T free modctl structure, it will be very very
3971 		 * problematic.
3972 		 */
3973 		if (f & MOD_WAIT_ONCE) {
3974 			if (f & MOD_LOCK_NOT_HELD)
3975 				mutex_exit(&mod_lock);
3976 			return (1);	/* caller decides how to retry */
3977 		}
3978 	}
3979 
3980 	mp->mod_busy = 1;
3981 	mp->mod_inprogress_thread =
3982 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
3983 
3984 	if (f & MOD_LOCK_NOT_HELD)
3985 		mutex_exit(&mod_lock);
3986 	return (0);
3987 }
3988 
3989 static struct modctl *
3990 mod_hold_by_name_common(struct modctl *dep, const char *filename)
3991 {
3992 	const char	*modname;
3993 	struct modctl	*mp;
3994 	char		*curname, *newname;
3995 	int		found = 0;
3996 
3997 	mutex_enter(&mod_lock);
3998 
3999 	if ((modname = strrchr(filename, '/')) == NULL)
4000 		modname = filename;
4001 	else
4002 		modname++;
4003 
4004 	mp = &modules;
4005 	do {
4006 		if (strcmp(modname, mp->mod_modname) == 0) {
4007 			found = 1;
4008 			break;
4009 		}
4010 	} while ((mp = mp->mod_next) != &modules);
4011 
4012 	if (found == 0) {
4013 		mp = allocate_modp(filename, modname);
4014 		modadd(mp);
4015 	}
4016 
4017 	/*
4018 	 * if dep is not NULL, set the mp in mod_requisite_loading for
4019 	 * the module circular dependency check. This field is used in
4020 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
4021 	 */
4022 	if (dep != NULL) {
4023 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
4024 		dep->mod_requisite_loading = mp;
4025 	}
4026 
4027 	/*
4028 	 * If the module was held, then it must be us who has it held.
4029 	 */
4030 	if (mod_circdep(mp))
4031 		mp = NULL;
4032 	else {
4033 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4034 
4035 		/*
4036 		 * If the name hadn't been set or has changed, allocate
4037 		 * space and set it.  Free space used by previous name.
4038 		 *
4039 		 * Do not change the name of primary modules, for primary
4040 		 * modules the mod_filename was allocated in standalone mode:
4041 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
4042 		 * in non-standalone mode.
4043 		 */
4044 		curname = mp->mod_filename;
4045 		if (curname == NULL ||
4046 		    ((mp->mod_prim == 0) &&
4047 		    (curname != filename) &&
4048 		    (modname != filename) &&
4049 		    (strcmp(curname, filename) != 0))) {
4050 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
4051 			(void) strcpy(newname, filename);
4052 			mp->mod_filename = newname;
4053 			if (curname != NULL)
4054 				kobj_free(curname, strlen(curname) + 1);
4055 		}
4056 	}
4057 
4058 	mutex_exit(&mod_lock);
4059 	if (mp && moddebug & MODDEBUG_LOADMSG2)
4060 		printf("Holding %s\n", mp->mod_filename);
4061 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
4062 		printf("circular dependency loading %s\n", filename);
4063 	return (mp);
4064 }
4065 
4066 static struct modctl *
4067 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
4068 {
4069 	return (mod_hold_by_name_common(dep, filename));
4070 }
4071 
4072 struct modctl *
4073 mod_hold_by_name(const char *filename)
4074 {
4075 	return (mod_hold_by_name_common(NULL, filename));
4076 }
4077 
4078 struct modctl *
4079 mod_hold_by_id(modid_t modid)
4080 {
4081 	struct modctl	*mp;
4082 	int		found = 0;
4083 
4084 	mutex_enter(&mod_lock);
4085 	mp = &modules;
4086 	do {
4087 		if (mp->mod_id == modid) {
4088 			found = 1;
4089 			break;
4090 		}
4091 	} while ((mp = mp->mod_next) != &modules);
4092 
4093 	if ((found == 0) || mod_circdep(mp))
4094 		mp = NULL;
4095 	else
4096 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4097 
4098 	mutex_exit(&mod_lock);
4099 	return (mp);
4100 }
4101 
4102 static struct modctl *
4103 mod_hold_next_by_id(modid_t modid)
4104 {
4105 	struct modctl	*mp;
4106 	int		found = 0;
4107 
4108 	if (modid < -1)
4109 		return (NULL);
4110 
4111 	mutex_enter(&mod_lock);
4112 
4113 	mp = &modules;
4114 	do {
4115 		if (mp->mod_id > modid) {
4116 			found = 1;
4117 			break;
4118 		}
4119 	} while ((mp = mp->mod_next) != &modules);
4120 
4121 	if ((found == 0) || mod_circdep(mp))
4122 		mp = NULL;
4123 	else
4124 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4125 
4126 	mutex_exit(&mod_lock);
4127 	return (mp);
4128 }
4129 
4130 static void
4131 mod_release(struct modctl *mp)
4132 {
4133 	ASSERT(MUTEX_HELD(&mod_lock));
4134 	ASSERT(mp->mod_busy);
4135 
4136 	mp->mod_busy = 0;
4137 	mp->mod_inprogress_thread = NULL;
4138 	if (mp->mod_want) {
4139 		mp->mod_want = 0;
4140 		cv_broadcast(&mod_cv);
4141 	}
4142 }
4143 
4144 void
4145 mod_release_mod(struct modctl *mp)
4146 {
4147 	if (moddebug & MODDEBUG_LOADMSG2)
4148 		printf("Releasing %s\n", mp->mod_filename);
4149 	mutex_enter(&mod_lock);
4150 	mod_release(mp);
4151 	mutex_exit(&mod_lock);
4152 }
4153 
4154 modid_t
4155 mod_name_to_modid(char *filename)
4156 {
4157 	char		*modname;
4158 	struct modctl	*mp;
4159 
4160 	mutex_enter(&mod_lock);
4161 
4162 	if ((modname = strrchr(filename, '/')) == NULL)
4163 		modname = filename;
4164 	else
4165 		modname++;
4166 
4167 	mp = &modules;
4168 	do {
4169 		if (strcmp(modname, mp->mod_modname) == 0) {
4170 			mutex_exit(&mod_lock);
4171 			return (mp->mod_id);
4172 		}
4173 	} while ((mp = mp->mod_next) != &modules);
4174 
4175 	mutex_exit(&mod_lock);
4176 	return (-1);
4177 }
4178 
4179 
4180 int
4181 mod_remove_by_name(char *name)
4182 {
4183 	struct modctl *mp;
4184 	int retval;
4185 
4186 	mp = mod_hold_by_name(name);
4187 
4188 	if (mp == NULL)
4189 		return (EINVAL);
4190 
4191 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4192 		/*
4193 		 * Do not unload forceloaded modules
4194 		 */
4195 		mod_release_mod(mp);
4196 		return (0);
4197 	}
4198 
4199 	if ((retval = moduninstall(mp)) == 0) {
4200 		mod_unload(mp);
4201 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4202 	} else if (retval == EALREADY)
4203 		retval = 0;		/* already unloaded, not an error */
4204 	mod_release_mod(mp);
4205 	return (retval);
4206 }
4207 
4208 /*
4209  * Record that module "dep" is dependent on module "on_mod."
4210  */
4211 static void
4212 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4213 {
4214 	struct modctl_list **pmlnp;	/* previous next pointer */
4215 	struct modctl_list *mlp;
4216 	struct modctl_list *new;
4217 
4218 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
4219 	mutex_enter(&mod_lock);
4220 
4221 	/*
4222 	 * Search dependent's requisite list to see if on_mod is recorded.
4223 	 * List is ordered by id.
4224 	 */
4225 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4226 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4227 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4228 			break;
4229 
4230 	/* Create and insert if not already recorded */
4231 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4232 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4233 		new->modl_modp = on_mod;
4234 		new->modl_next = mlp;
4235 		*pmlnp = new;
4236 
4237 		/*
4238 		 * Increment the mod_ref count in our new requisite module.
4239 		 * This is what keeps a module that has other modules
4240 		 * which are dependent on it from being uninstalled and
4241 		 * unloaded. "on_mod"'s mod_ref count decremented in
4242 		 * mod_release_requisites when the "dependent" module
4243 		 * unload is complete.	"on_mod" must be loaded, but may not
4244 		 * yet be installed.
4245 		 */
4246 		on_mod->mod_ref++;
4247 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4248 	}
4249 
4250 	mutex_exit(&mod_lock);
4251 }
4252 
4253 /*
4254  * release the hold associated with mod_make_requisite mod_ref++
4255  * as part of unload.
4256  */
4257 void
4258 mod_release_requisites(struct modctl *modp)
4259 {
4260 	struct modctl_list *modl;
4261 	struct modctl_list *next;
4262 	struct modctl *req;
4263 	struct modctl_list *start = NULL, *mod_garbage;
4264 
4265 	ASSERT(!quiesce_active);
4266 	ASSERT(modp->mod_busy);
4267 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4268 
4269 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
4270 	for (modl = modp->mod_requisites; modl; modl = next) {
4271 		next = modl->modl_next;
4272 		req = modl->modl_modp;
4273 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4274 		req->mod_ref--;
4275 
4276 		/*
4277 		 * Check if the module has to be unloaded or not.
4278 		 */
4279 		if (req->mod_ref == 0 && req->mod_delay_unload) {
4280 			struct modctl_list *new;
4281 			/*
4282 			 * Allocate the modclt_list holding the garbage
4283 			 * module which should be unloaded later.
4284 			 */
4285 			new = kobj_zalloc(sizeof (struct modctl_list),
4286 			    KM_SLEEP);
4287 			new->modl_modp = req;
4288 
4289 			if (start == NULL)
4290 				mod_garbage = start = new;
4291 			else {
4292 				mod_garbage->modl_next = new;
4293 				mod_garbage = new;
4294 			}
4295 		}
4296 
4297 		/* free the list as we go */
4298 		kobj_free(modl, sizeof (*modl));
4299 	}
4300 	modp->mod_requisites = NULL;
4301 	mutex_exit(&mod_lock);
4302 
4303 	/*
4304 	 * Unload the garbage modules.
4305 	 */
4306 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4307 		struct modctl_list *old = mod_garbage;
4308 		struct modctl *mp = mod_garbage->modl_modp;
4309 		ASSERT(mp != NULL);
4310 
4311 		/*
4312 		 * Hold this module until it's unloaded completely.
4313 		 */
4314 		(void) mod_hold_by_modctl(mp,
4315 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4316 		/*
4317 		 * Check if the module is not unloaded yet and nobody requires
4318 		 * the module. If it's unloaded already or somebody still
4319 		 * requires the module, don't unload it now.
4320 		 */
4321 		if (mp->mod_loaded && mp->mod_ref == 0)
4322 			mod_unload(mp);
4323 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4324 		    (mp->mod_ref > 0));
4325 		mod_release_mod(mp);
4326 
4327 		mod_garbage = mod_garbage->modl_next;
4328 		kobj_free(old, sizeof (struct modctl_list));
4329 	}
4330 }
4331 
4332 /*
4333  * Process dependency of the module represented by "dep" on the
4334  * module named by "on."
4335  *
4336  * Called from kobj_do_dependents() to load a module "on" on which
4337  * "dep" depends.
4338  */
4339 struct modctl *
4340 mod_load_requisite(struct modctl *dep, char *on)
4341 {
4342 	struct modctl *on_mod;
4343 	int retval;
4344 
4345 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4346 		mod_make_requisite(dep, on_mod);
4347 	} else if (moddebug & MODDEBUG_ERRMSG) {
4348 		printf("error processing %s on which module %s depends\n",
4349 		    on, dep->mod_modname);
4350 	}
4351 	return (on_mod);
4352 }
4353 
4354 static int
4355 mod_install_requisites(struct modctl *modp)
4356 {
4357 	struct modctl_list *modl;
4358 	struct modctl *req;
4359 	int status = 0;
4360 
4361 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4362 	ASSERT(modp->mod_busy);
4363 
4364 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4365 		req = modl->modl_modp;
4366 		(void) mod_hold_by_modctl(req,
4367 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4368 		status = modinstall(req);
4369 		mod_release_mod(req);
4370 
4371 		if (status != 0)
4372 			break;
4373 	}
4374 	return (status);
4375 }
4376 
4377 /*
4378  * returns 1 if this thread is doing autounload, 0 otherwise.
4379  * see mod_uninstall_all.
4380  */
4381 int
4382 mod_in_autounload()
4383 {
4384 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4385 }
4386 
4387 /*
4388  * gmatch adapted from libc, stripping the wchar stuff
4389  */
4390 #define	popchar(p, c)	{ \
4391 		c = *p++; \
4392 		if (c == 0) { \
4393 			return (0); \
4394 		} \
4395 	}
4396 
4397 int
4398 gmatch(const char *s, const char *p)
4399 {
4400 	int c, sc;
4401 	int ok, lc, notflag;
4402 
4403 	sc = *s++;
4404 	c = *p++;
4405 	if (c == 0)
4406 		return (sc == c);	/* nothing matches nothing */
4407 
4408 	switch (c) {
4409 	case '\\':
4410 		/* skip to quoted character */
4411 		popchar(p, c);
4412 		/*FALLTHRU*/
4413 
4414 	default:
4415 		/* straight comparison */
4416 		if (c != sc)
4417 			return (0);
4418 		/*FALLTHRU*/
4419 
4420 	case '?':
4421 		/* first char matches, move to remainder */
4422 		return (sc != '\0' ? gmatch(s, p) : 0);
4423 
4424 
4425 	case '*':
4426 		while (*p == '*')
4427 			p++;
4428 
4429 		/* * matches everything */
4430 		if (*p == 0)
4431 			return (1);
4432 
4433 		/* undo skip at the beginning & iterate over substrings */
4434 		--s;
4435 		while (*s) {
4436 			if (gmatch(s, p))
4437 				return (1);
4438 			s++;
4439 		}
4440 		return (0);
4441 
4442 	case '[':
4443 		/* match any char within [] */
4444 		if (sc == 0)
4445 			return (0);
4446 
4447 		ok = lc = notflag = 0;
4448 
4449 		if (*p == '!') {
4450 			notflag = 1;
4451 			p++;
4452 		}
4453 		popchar(p, c);
4454 
4455 		do {
4456 			if (c == '-' && lc && *p != ']') {
4457 				/* test sc against range [c1-c2] */
4458 				popchar(p, c);
4459 				if (c == '\\') {
4460 					popchar(p, c);
4461 				}
4462 
4463 				if (notflag) {
4464 					/* return 0 on mismatch */
4465 					if (lc <= sc && sc <= c)
4466 						return (0);
4467 					ok++;
4468 				} else if (lc <= sc && sc <= c) {
4469 					ok++;
4470 				}
4471 				/* keep going, may get a match next */
4472 			} else if (c == '\\') {
4473 				/* skip to quoted character */
4474 				popchar(p, c);
4475 			}
4476 			lc = c;
4477 			if (notflag) {
4478 				if (sc == lc)
4479 					return (0);
4480 				ok++;
4481 			} else if (sc == lc) {
4482 				ok++;
4483 			}
4484 			popchar(p, c);
4485 		} while (c != ']');
4486 
4487 		/* recurse on remainder of string */
4488 		return (ok ? gmatch(s, p) : 0);
4489 	}
4490 	/*NOTREACHED*/
4491 }
4492 
4493 
4494 /*
4495  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4496  *
4497  * Pure wild-carded patterns are handled separately so the ordering of
4498  * these patterns doesn't matter.  We're still dependent on ordering
4499  * however as the first matching entry is the one returned.
4500  * Not ideal but all existing examples and usage do imply this
4501  * ordering implicitly.
4502  *
4503  * Drivers using the clone driver are always good for some entertainment.
4504  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4505  * perm entries have the form clone:<driver>, others use <driver>:*
4506  * Examples are clone:llc1 vs. llc2:*, for example.
4507  *
4508  * Minor perms in the clone:<driver> form are mapped to the drivers's
4509  * mperm list, not the clone driver, as wildcard entries for clone
4510  * reference only.  In other words, a clone wildcard will match
4511  * references for clone@0:<driver> but never <driver>@<minor>.
4512  *
4513  * Additional minor perms in the standard form are also supported,
4514  * for mixed usage, ie a node with an entry clone:<driver> could
4515  * provide further entries <driver>:<minor>.
4516  *
4517  * Finally, some uses of clone use an alias as the minor name rather
4518  * than the driver name, with the alias as the minor perm entry.
4519  * This case is handled by attaching the driver to bring its
4520  * minor list into existence, then discover the alias via DDI_ALIAS.
4521  * The clone device's minor perm list can then be searched for
4522  * that alias.
4523  */
4524 
4525 static int
4526 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4527 {
4528 	major_t			major;
4529 	struct devnames		*dnp;
4530 	mperm_t			*mp;
4531 	char			*alias = NULL;
4532 	dev_info_t		*cdevi;
4533 	int			circ;
4534 	struct ddi_minor_data	*dmd;
4535 
4536 	major = ddi_name_to_major(minor_name);
4537 
4538 	ASSERT(dip == clone_dip);
4539 	ASSERT(major != DDI_MAJOR_T_NONE);
4540 
4541 	/*
4542 	 * Attach the driver named by the minor node, then
4543 	 * search its first instance's minor list for an
4544 	 * alias node.
4545 	 */
4546 	if (ddi_hold_installed_driver(major) == NULL)
4547 		return (1);
4548 
4549 	dnp = &devnamesp[major];
4550 	LOCK_DEV_OPS(&dnp->dn_lock);
4551 
4552 	if ((cdevi = dnp->dn_head) != NULL) {
4553 		ndi_devi_enter(cdevi, &circ);
4554 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4555 			if (dmd->type == DDM_ALIAS) {
4556 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4557 				break;
4558 			}
4559 		}
4560 		ndi_devi_exit(cdevi, circ);
4561 	}
4562 
4563 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4564 	ddi_rele_driver(major);
4565 
4566 	if (alias == NULL) {
4567 		if (moddebug & MODDEBUG_MINORPERM)
4568 			cmn_err(CE_CONT, "dev_minorperm: "
4569 			    "no alias for %s\n", minor_name);
4570 		return (1);
4571 	}
4572 
4573 	major = ddi_driver_major(clone_dip);
4574 	dnp = &devnamesp[major];
4575 	LOCK_DEV_OPS(&dnp->dn_lock);
4576 
4577 	/*
4578 	 * Go through the clone driver's mperm list looking
4579 	 * for a match for the specified alias.
4580 	 */
4581 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4582 		if (strcmp(alias, mp->mp_minorname) == 0) {
4583 			break;
4584 		}
4585 	}
4586 
4587 	if (mp) {
4588 		if (moddebug & MODDEBUG_MP_MATCH) {
4589 			cmn_err(CE_CONT,
4590 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4591 			    minor_name, alias, mp->mp_mode,
4592 			    mp->mp_uid, mp->mp_gid);
4593 		}
4594 		rmp->mp_uid = mp->mp_uid;
4595 		rmp->mp_gid = mp->mp_gid;
4596 		rmp->mp_mode = mp->mp_mode;
4597 	}
4598 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4599 
4600 	kmem_free(alias, strlen(alias)+1);
4601 
4602 	return (mp == NULL);
4603 }
4604 
4605 int
4606 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4607 {
4608 	major_t major;
4609 	char *minor_name;
4610 	struct devnames *dnp;
4611 	mperm_t *mp;
4612 	int is_clone = 0;
4613 
4614 	if (!minorperm_loaded) {
4615 		if (moddebug & MODDEBUG_MINORPERM)
4616 			cmn_err(CE_CONT,
4617 			    "%s: minor perm not yet loaded\n", name);
4618 		return (1);
4619 	}
4620 
4621 	minor_name = strchr(name, ':');
4622 	if (minor_name == NULL)
4623 		return (1);
4624 	minor_name++;
4625 
4626 	/*
4627 	 * If it's the clone driver, search the driver as named
4628 	 * by the minor.  All clone minor perm entries other than
4629 	 * alias nodes are actually installed on the real driver's list.
4630 	 */
4631 	if (dip == clone_dip) {
4632 		major = ddi_name_to_major(minor_name);
4633 		if (major == DDI_MAJOR_T_NONE) {
4634 			if (moddebug & MODDEBUG_MINORPERM)
4635 				cmn_err(CE_CONT, "dev_minorperm: "
4636 				    "%s: no such driver\n", minor_name);
4637 			return (1);
4638 		}
4639 		is_clone = 1;
4640 	} else {
4641 		major = ddi_driver_major(dip);
4642 		ASSERT(major != DDI_MAJOR_T_NONE);
4643 	}
4644 
4645 	dnp = &devnamesp[major];
4646 	LOCK_DEV_OPS(&dnp->dn_lock);
4647 
4648 	/*
4649 	 * Go through the driver's mperm list looking for
4650 	 * a match for the specified minor.  If there's
4651 	 * no matching pattern, use the wild card.
4652 	 * Defer to the clone wild for clone if specified,
4653 	 * otherwise fall back to the normal form.
4654 	 */
4655 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4656 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
4657 			break;
4658 		}
4659 	}
4660 	if (mp == NULL) {
4661 		if (is_clone)
4662 			mp = dnp->dn_mperm_clone;
4663 		if (mp == NULL)
4664 			mp = dnp->dn_mperm_wild;
4665 	}
4666 
4667 	if (mp) {
4668 		if (moddebug & MODDEBUG_MP_MATCH) {
4669 			cmn_err(CE_CONT,
4670 			    "minor perm defaults: %s %s 0%o %d %d\n",
4671 			    name, mp->mp_minorname, mp->mp_mode,
4672 			    mp->mp_uid, mp->mp_gid);
4673 		}
4674 		rmp->mp_uid = mp->mp_uid;
4675 		rmp->mp_gid = mp->mp_gid;
4676 		rmp->mp_mode = mp->mp_mode;
4677 	}
4678 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4679 
4680 	/*
4681 	 * If no match can be found for a clone node,
4682 	 * search for a possible match for an alias.
4683 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4684 	 * with minor perm entry clone:ptmx.
4685 	 */
4686 	if (mp == NULL && is_clone) {
4687 		return (dev_alias_minorperm(dip, minor_name, rmp));
4688 	}
4689 
4690 	return (mp == NULL);
4691 }
4692 
4693 /*
4694  * dynamicaly reference load a dl module/library, returning handle
4695  */
4696 /*ARGSUSED*/
4697 ddi_modhandle_t
4698 ddi_modopen(const char *modname, int mode, int *errnop)
4699 {
4700 	char		*subdir;
4701 	char		*mod;
4702 	int		subdirlen;
4703 	struct modctl	*hmodp = NULL;
4704 	int		retval = EINVAL;
4705 
4706 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4707 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4708 		goto out;
4709 
4710 	/* find last '/' in modname */
4711 	mod = strrchr(modname, '/');
4712 
4713 	if (mod) {
4714 		/* for subdir string without modification to argument */
4715 		mod++;
4716 		subdirlen = mod - modname;
4717 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
4718 		(void) strlcpy(subdir, modname, subdirlen);
4719 	} else {
4720 		subdirlen = 0;
4721 		subdir = "misc";
4722 		mod = (char *)modname;
4723 	}
4724 
4725 	/* reference load with errno return value */
4726 	retval = modrload(subdir, mod, &hmodp);
4727 
4728 	if (subdirlen)
4729 		kmem_free(subdir, subdirlen);
4730 
4731 out:	if (errnop)
4732 		*errnop = retval;
4733 
4734 	if (moddebug & MODDEBUG_DDI_MOD)
4735 		printf("ddi_modopen %s mode %x: %s %p %d\n",
4736 		    modname ? modname : "<unknown>", mode,
4737 		    hmodp ? hmodp->mod_filename : "<unknown>",
4738 		    (void *)hmodp, retval);
4739 
4740 	return ((ddi_modhandle_t)hmodp);
4741 }
4742 
4743 /* lookup "name" in open dl module/library */
4744 void *
4745 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4746 {
4747 	struct modctl	*hmodp = (struct modctl *)h;
4748 	void		*f;
4749 	int		retval;
4750 
4751 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4752 	if ((hmodp == NULL) || (name == NULL) ||
4753 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4754 		f = NULL;
4755 		retval = EINVAL;
4756 	} else {
4757 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4758 		if (f)
4759 			retval = 0;
4760 		else
4761 			retval = ENOTSUP;
4762 	}
4763 
4764 	if (moddebug & MODDEBUG_DDI_MOD)
4765 		printf("ddi_modsym in %s of %s: %d %p\n",
4766 		    hmodp ? hmodp->mod_modname : "<unknown>",
4767 		    name ? name : "<unknown>", retval, f);
4768 
4769 	if (errnop)
4770 		*errnop = retval;
4771 	return (f);
4772 }
4773 
4774 /* dynamic (un)reference unload of an open dl module/library */
4775 int
4776 ddi_modclose(ddi_modhandle_t h)
4777 {
4778 	struct modctl	*hmodp = (struct modctl *)h;
4779 	struct modctl	*modp = NULL;
4780 	int		retval;
4781 
4782 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4783 	if ((hmodp == NULL) ||
4784 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4785 		retval = EINVAL;
4786 		goto out;
4787 	}
4788 
4789 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4790 	if (retval == EBUSY)
4791 		retval = 0;	/* EBUSY is not an error */
4792 
4793 	if (retval == 0) {
4794 		ASSERT(hmodp == modp);
4795 		if (hmodp != modp)
4796 			retval = EINVAL;
4797 	}
4798 
4799 out:	if (moddebug & MODDEBUG_DDI_MOD)
4800 		printf("ddi_modclose %s: %d\n",
4801 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
4802 
4803 	return (retval);
4804 }
4805