xref: /titanic_41/usr/src/cmd/mdb/common/modules/genunix/genunix.c (revision 19ee0c13b3dc29990b3601d3e06aff01ab921c27)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <mdb/mdb_param.h>
27 #include <mdb/mdb_modapi.h>
28 #include <mdb/mdb_ks.h>
29 #include <mdb/mdb_ctf.h>
30 
31 #include <sys/types.h>
32 #include <sys/thread.h>
33 #include <sys/session.h>
34 #include <sys/user.h>
35 #include <sys/proc.h>
36 #include <sys/var.h>
37 #include <sys/t_lock.h>
38 #include <sys/systm.h>
39 #include <sys/callo.h>
40 #include <sys/priocntl.h>
41 #include <sys/class.h>
42 #include <sys/regset.h>
43 #include <sys/stack.h>
44 #include <sys/cpuvar.h>
45 #include <sys/vnode.h>
46 #include <sys/vfs.h>
47 #include <sys/flock_impl.h>
48 #include <sys/kmem_impl.h>
49 #include <sys/vmem_impl.h>
50 #include <sys/kstat.h>
51 #include <vm/seg_vn.h>
52 #include <vm/anon.h>
53 #include <vm/as.h>
54 #include <vm/seg_map.h>
55 #include <sys/dditypes.h>
56 #include <sys/ddi_impldefs.h>
57 #include <sys/sysmacros.h>
58 #include <sys/sysconf.h>
59 #include <sys/task.h>
60 #include <sys/project.h>
61 #include <sys/taskq.h>
62 #include <sys/taskq_impl.h>
63 #include <sys/errorq_impl.h>
64 #include <sys/cred_impl.h>
65 #include <sys/zone.h>
66 #include <sys/panic.h>
67 #include <regex.h>
68 #include <sys/port_impl.h>
69 
70 #include "avl.h"
71 #include "combined.h"
72 #include "contract.h"
73 #include "cpupart_mdb.h"
74 #include "devinfo.h"
75 #include "leaky.h"
76 #include "lgrp.h"
77 #include "pg.h"
78 #include "group.h"
79 #include "list.h"
80 #include "log.h"
81 #include "kgrep.h"
82 #include "kmem.h"
83 #include "bio.h"
84 #include "streams.h"
85 #include "cyclic.h"
86 #include "findstack.h"
87 #include "ndievents.h"
88 #include "mmd.h"
89 #include "net.h"
90 #include "netstack.h"
91 #include "nvpair.h"
92 #include "ctxop.h"
93 #include "tsd.h"
94 #include "thread.h"
95 #include "memory.h"
96 #include "sobj.h"
97 #include "sysevent.h"
98 #include "rctl.h"
99 #include "tsol.h"
100 #include "typegraph.h"
101 #include "ldi.h"
102 #include "vfs.h"
103 #include "zone.h"
104 #include "modhash.h"
105 #include "mdi.h"
106 #include "fm.h"
107 
108 /*
109  * Surely this is defined somewhere...
110  */
111 #define	NINTR		16
112 
113 #define	KILOS		10
114 #define	MEGS		20
115 #define	GIGS		30
116 
117 #ifndef STACK_BIAS
118 #define	STACK_BIAS	0
119 #endif
120 
121 static char
122 pstat2ch(uchar_t state)
123 {
124 	switch (state) {
125 		case SSLEEP: return ('S');
126 		case SRUN: return ('R');
127 		case SZOMB: return ('Z');
128 		case SIDL: return ('I');
129 		case SONPROC: return ('O');
130 		case SSTOP: return ('T');
131 		case SWAIT: return ('W');
132 		default: return ('?');
133 	}
134 }
135 
136 #define	PS_PRTTHREADS	0x1
137 #define	PS_PRTLWPS	0x2
138 #define	PS_PSARGS	0x4
139 #define	PS_TASKS	0x8
140 #define	PS_PROJECTS	0x10
141 #define	PS_ZONES	0x20
142 
143 static int
144 ps_threadprint(uintptr_t addr, const void *data, void *private)
145 {
146 	const kthread_t *t = (const kthread_t *)data;
147 	uint_t prt_flags = *((uint_t *)private);
148 
149 	static const mdb_bitmask_t t_state_bits[] = {
150 		{ "TS_FREE",	UINT_MAX,	TS_FREE		},
151 		{ "TS_SLEEP",	TS_SLEEP,	TS_SLEEP	},
152 		{ "TS_RUN",	TS_RUN,		TS_RUN		},
153 		{ "TS_ONPROC",	TS_ONPROC,	TS_ONPROC	},
154 		{ "TS_ZOMB",	TS_ZOMB,	TS_ZOMB		},
155 		{ "TS_STOPPED",	TS_STOPPED,	TS_STOPPED	},
156 		{ "TS_WAIT",	TS_WAIT,	TS_WAIT		},
157 		{ NULL,		0,		0		}
158 	};
159 
160 	if (prt_flags & PS_PRTTHREADS)
161 		mdb_printf("\tT  %?a <%b>\n", addr, t->t_state, t_state_bits);
162 
163 	if (prt_flags & PS_PRTLWPS)
164 		mdb_printf("\tL  %?a ID: %u\n", t->t_lwp, t->t_tid);
165 
166 	return (WALK_NEXT);
167 }
168 
169 int
170 ps(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
171 {
172 	uint_t prt_flags = 0;
173 	proc_t pr;
174 	struct pid pid, pgid, sid;
175 	sess_t session;
176 	cred_t cred;
177 	task_t tk;
178 	kproject_t pj;
179 	zone_t zn;
180 
181 	if (!(flags & DCMD_ADDRSPEC)) {
182 		if (mdb_walk_dcmd("proc", "ps", argc, argv) == -1) {
183 			mdb_warn("can't walk 'proc'");
184 			return (DCMD_ERR);
185 		}
186 		return (DCMD_OK);
187 	}
188 
189 	if (mdb_getopts(argc, argv,
190 	    'f', MDB_OPT_SETBITS, PS_PSARGS, &prt_flags,
191 	    'l', MDB_OPT_SETBITS, PS_PRTLWPS, &prt_flags,
192 	    'T', MDB_OPT_SETBITS, PS_TASKS, &prt_flags,
193 	    'P', MDB_OPT_SETBITS, PS_PROJECTS, &prt_flags,
194 	    'z', MDB_OPT_SETBITS, PS_ZONES, &prt_flags,
195 	    't', MDB_OPT_SETBITS, PS_PRTTHREADS, &prt_flags, NULL) != argc)
196 		return (DCMD_USAGE);
197 
198 	if (DCMD_HDRSPEC(flags)) {
199 		mdb_printf("%<u>%1s %6s %6s %6s %6s ",
200 		    "S", "PID", "PPID", "PGID", "SID");
201 		if (prt_flags & PS_TASKS)
202 			mdb_printf("%5s ", "TASK");
203 		if (prt_flags & PS_PROJECTS)
204 			mdb_printf("%5s ", "PROJ");
205 		if (prt_flags & PS_ZONES)
206 			mdb_printf("%5s ", "ZONE");
207 		mdb_printf("%6s %10s %?s %s%</u>\n",
208 		    "UID", "FLAGS", "ADDR", "NAME");
209 	}
210 
211 	mdb_vread(&pr, sizeof (pr), addr);
212 	mdb_vread(&pid, sizeof (pid), (uintptr_t)pr.p_pidp);
213 	mdb_vread(&pgid, sizeof (pgid), (uintptr_t)pr.p_pgidp);
214 	mdb_vread(&cred, sizeof (cred), (uintptr_t)pr.p_cred);
215 	mdb_vread(&session, sizeof (session), (uintptr_t)pr.p_sessp);
216 	mdb_vread(&sid, sizeof (sid), (uintptr_t)session.s_sidp);
217 	if (prt_flags & (PS_TASKS | PS_PROJECTS))
218 		mdb_vread(&tk, sizeof (tk), (uintptr_t)pr.p_task);
219 	if (prt_flags & PS_PROJECTS)
220 		mdb_vread(&pj, sizeof (pj), (uintptr_t)tk.tk_proj);
221 	if (prt_flags & PS_ZONES)
222 		mdb_vread(&zn, sizeof (zone_t), (uintptr_t)pr.p_zone);
223 
224 	mdb_printf("%c %6d %6d %6d %6d ",
225 	    pstat2ch(pr.p_stat), pid.pid_id, pr.p_ppid, pgid.pid_id,
226 	    sid.pid_id);
227 	if (prt_flags & PS_TASKS)
228 		mdb_printf("%5d ", tk.tk_tkid);
229 	if (prt_flags & PS_PROJECTS)
230 		mdb_printf("%5d ", pj.kpj_id);
231 	if (prt_flags & PS_ZONES)
232 		mdb_printf("%5d ", zn.zone_id);
233 	mdb_printf("%6d 0x%08x %0?p %s\n",
234 	    cred.cr_uid, pr.p_flag, addr,
235 	    (prt_flags & PS_PSARGS) ? pr.p_user.u_psargs : pr.p_user.u_comm);
236 
237 	if (prt_flags & ~PS_PSARGS)
238 		(void) mdb_pwalk("thread", ps_threadprint, &prt_flags, addr);
239 
240 	return (DCMD_OK);
241 }
242 
243 #define	PG_NEWEST	0x0001
244 #define	PG_OLDEST	0x0002
245 #define	PG_PIPE_OUT	0x0004
246 #define	PG_EXACT_MATCH	0x0008
247 
248 typedef struct pgrep_data {
249 	uint_t pg_flags;
250 	uint_t pg_psflags;
251 	uintptr_t pg_xaddr;
252 	hrtime_t pg_xstart;
253 	const char *pg_pat;
254 #ifndef _KMDB
255 	regex_t pg_reg;
256 #endif
257 } pgrep_data_t;
258 
259 /*ARGSUSED*/
260 static int
261 pgrep_cb(uintptr_t addr, const void *pdata, void *data)
262 {
263 	const proc_t *prp = pdata;
264 	pgrep_data_t *pgp = data;
265 #ifndef _KMDB
266 	regmatch_t pmatch;
267 #endif
268 
269 	/*
270 	 * kmdb doesn't have access to the reg* functions, so we fall back
271 	 * to strstr/strcmp.
272 	 */
273 #ifdef _KMDB
274 	if ((pgp->pg_flags & PG_EXACT_MATCH) ?
275 	    (strcmp(prp->p_user.u_comm, pgp->pg_pat) != 0) :
276 	    (strstr(prp->p_user.u_comm, pgp->pg_pat) == NULL))
277 		return (WALK_NEXT);
278 #else
279 	if (regexec(&pgp->pg_reg, prp->p_user.u_comm, 1, &pmatch, 0) != 0)
280 		return (WALK_NEXT);
281 
282 	if ((pgp->pg_flags & PG_EXACT_MATCH) &&
283 	    (pmatch.rm_so != 0 || prp->p_user.u_comm[pmatch.rm_eo] != '\0'))
284 		return (WALK_NEXT);
285 #endif
286 
287 	if (pgp->pg_flags & (PG_NEWEST | PG_OLDEST)) {
288 		hrtime_t start;
289 
290 		start = (hrtime_t)prp->p_user.u_start.tv_sec * NANOSEC +
291 		    prp->p_user.u_start.tv_nsec;
292 
293 		if (pgp->pg_flags & PG_NEWEST) {
294 			if (pgp->pg_xaddr == NULL || start > pgp->pg_xstart) {
295 				pgp->pg_xaddr = addr;
296 				pgp->pg_xstart = start;
297 			}
298 		} else {
299 			if (pgp->pg_xaddr == NULL || start < pgp->pg_xstart) {
300 				pgp->pg_xaddr = addr;
301 				pgp->pg_xstart = start;
302 			}
303 		}
304 
305 	} else if (pgp->pg_flags & PG_PIPE_OUT) {
306 		mdb_printf("%p\n", addr);
307 
308 	} else {
309 		if (mdb_call_dcmd("ps", addr, pgp->pg_psflags, 0, NULL) != 0) {
310 			mdb_warn("can't invoke 'ps'");
311 			return (WALK_DONE);
312 		}
313 		pgp->pg_psflags &= ~DCMD_LOOPFIRST;
314 	}
315 
316 	return (WALK_NEXT);
317 }
318 
319 /*ARGSUSED*/
320 int
321 pgrep(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
322 {
323 	pgrep_data_t pg;
324 	int i;
325 #ifndef _KMDB
326 	int err;
327 #endif
328 
329 	if (flags & DCMD_ADDRSPEC)
330 		return (DCMD_USAGE);
331 
332 	pg.pg_flags = 0;
333 	pg.pg_xaddr = 0;
334 
335 	i = mdb_getopts(argc, argv,
336 	    'n', MDB_OPT_SETBITS, PG_NEWEST, &pg.pg_flags,
337 	    'o', MDB_OPT_SETBITS, PG_OLDEST, &pg.pg_flags,
338 	    'x', MDB_OPT_SETBITS, PG_EXACT_MATCH, &pg.pg_flags,
339 	    NULL);
340 
341 	argc -= i;
342 	argv += i;
343 
344 	if (argc != 1)
345 		return (DCMD_USAGE);
346 
347 	/*
348 	 * -n and -o are mutually exclusive.
349 	 */
350 	if ((pg.pg_flags & PG_NEWEST) && (pg.pg_flags & PG_OLDEST))
351 		return (DCMD_USAGE);
352 
353 	if (argv->a_type != MDB_TYPE_STRING)
354 		return (DCMD_USAGE);
355 
356 	if (flags & DCMD_PIPE_OUT)
357 		pg.pg_flags |= PG_PIPE_OUT;
358 
359 	pg.pg_pat = argv->a_un.a_str;
360 	if (DCMD_HDRSPEC(flags))
361 		pg.pg_psflags = DCMD_ADDRSPEC | DCMD_LOOP | DCMD_LOOPFIRST;
362 	else
363 		pg.pg_psflags = DCMD_ADDRSPEC | DCMD_LOOP;
364 
365 #ifndef _KMDB
366 	if ((err = regcomp(&pg.pg_reg, pg.pg_pat, REG_EXTENDED)) != 0) {
367 		size_t nbytes;
368 		char *buf;
369 
370 		nbytes = regerror(err, &pg.pg_reg, NULL, 0);
371 		buf = mdb_alloc(nbytes + 1, UM_SLEEP | UM_GC);
372 		(void) regerror(err, &pg.pg_reg, buf, nbytes);
373 		mdb_warn("%s\n", buf);
374 
375 		return (DCMD_ERR);
376 	}
377 #endif
378 
379 	if (mdb_walk("proc", pgrep_cb, &pg) != 0) {
380 		mdb_warn("can't walk 'proc'");
381 		return (DCMD_ERR);
382 	}
383 
384 	if (pg.pg_xaddr != 0 && (pg.pg_flags & (PG_NEWEST | PG_OLDEST))) {
385 		if (pg.pg_flags & PG_PIPE_OUT) {
386 			mdb_printf("%p\n", pg.pg_xaddr);
387 		} else {
388 			if (mdb_call_dcmd("ps", pg.pg_xaddr, pg.pg_psflags,
389 			    0, NULL) != 0) {
390 				mdb_warn("can't invoke 'ps'");
391 				return (DCMD_ERR);
392 			}
393 		}
394 	}
395 
396 	return (DCMD_OK);
397 }
398 
399 int
400 task(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
401 {
402 	task_t tk;
403 	kproject_t pj;
404 
405 	if (!(flags & DCMD_ADDRSPEC)) {
406 		if (mdb_walk_dcmd("task_cache", "task", argc, argv) == -1) {
407 			mdb_warn("can't walk task_cache");
408 			return (DCMD_ERR);
409 		}
410 		return (DCMD_OK);
411 	}
412 	if (DCMD_HDRSPEC(flags)) {
413 		mdb_printf("%<u>%?s %6s %6s %6s %6s %10s%</u>\n",
414 		    "ADDR", "TASKID", "PROJID", "ZONEID", "REFCNT", "FLAGS");
415 	}
416 	if (mdb_vread(&tk, sizeof (task_t), addr) == -1) {
417 		mdb_warn("can't read task_t structure at %p", addr);
418 		return (DCMD_ERR);
419 	}
420 	if (mdb_vread(&pj, sizeof (kproject_t), (uintptr_t)tk.tk_proj) == -1) {
421 		mdb_warn("can't read project_t structure at %p", addr);
422 		return (DCMD_ERR);
423 	}
424 	mdb_printf("%0?p %6d %6d %6d %6u 0x%08x\n",
425 	    addr, tk.tk_tkid, pj.kpj_id, pj.kpj_zoneid, tk.tk_hold_count,
426 	    tk.tk_flags);
427 	return (DCMD_OK);
428 }
429 
430 int
431 project(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
432 {
433 	kproject_t pj;
434 
435 	if (!(flags & DCMD_ADDRSPEC)) {
436 		if (mdb_walk_dcmd("projects", "project", argc, argv) == -1) {
437 			mdb_warn("can't walk projects");
438 			return (DCMD_ERR);
439 		}
440 		return (DCMD_OK);
441 	}
442 	if (DCMD_HDRSPEC(flags)) {
443 		mdb_printf("%<u>%?s %6s %6s %6s%</u>\n",
444 		    "ADDR", "PROJID", "ZONEID", "REFCNT");
445 	}
446 	if (mdb_vread(&pj, sizeof (kproject_t), addr) == -1) {
447 		mdb_warn("can't read kproject_t structure at %p", addr);
448 		return (DCMD_ERR);
449 	}
450 	mdb_printf("%0?p %6d %6d %6u\n", addr, pj.kpj_id, pj.kpj_zoneid,
451 	    pj.kpj_count);
452 	return (DCMD_OK);
453 }
454 
455 /* walk callouts themselves, either by list or id hash. */
456 int
457 callout_walk_init(mdb_walk_state_t *wsp)
458 {
459 	if (wsp->walk_addr == NULL) {
460 		mdb_warn("callout doesn't support global walk");
461 		return (WALK_ERR);
462 	}
463 	wsp->walk_data = mdb_alloc(sizeof (callout_t), UM_SLEEP);
464 	return (WALK_NEXT);
465 }
466 
467 #define	CALLOUT_WALK_BYLIST	0
468 #define	CALLOUT_WALK_BYID	1
469 
470 /* the walker arg switches between walking by list (0) and walking by id (1). */
471 int
472 callout_walk_step(mdb_walk_state_t *wsp)
473 {
474 	int retval;
475 
476 	if (wsp->walk_addr == NULL) {
477 		return (WALK_DONE);
478 	}
479 	if (mdb_vread(wsp->walk_data, sizeof (callout_t),
480 	    wsp->walk_addr) == -1) {
481 		mdb_warn("failed to read callout at %p", wsp->walk_addr);
482 		return (WALK_DONE);
483 	}
484 	retval = wsp->walk_callback(wsp->walk_addr, wsp->walk_data,
485 	    wsp->walk_cbdata);
486 
487 	if ((ulong_t)wsp->walk_arg == CALLOUT_WALK_BYID) {
488 		wsp->walk_addr =
489 		    (uintptr_t)(((callout_t *)wsp->walk_data)->c_idnext);
490 	} else {
491 		wsp->walk_addr =
492 		    (uintptr_t)(((callout_t *)wsp->walk_data)->c_clnext);
493 	}
494 
495 	return (retval);
496 }
497 
498 void
499 callout_walk_fini(mdb_walk_state_t *wsp)
500 {
501 	mdb_free(wsp->walk_data, sizeof (callout_t));
502 }
503 
504 /*
505  * walker for callout lists. This is different from hashes and callouts.
506  * Thankfully, it's also simpler.
507  */
508 int
509 callout_list_walk_init(mdb_walk_state_t *wsp)
510 {
511 	if (wsp->walk_addr == NULL) {
512 		mdb_warn("callout list doesn't support global walk");
513 		return (WALK_ERR);
514 	}
515 	wsp->walk_data = mdb_alloc(sizeof (callout_list_t), UM_SLEEP);
516 	return (WALK_NEXT);
517 }
518 
519 int
520 callout_list_walk_step(mdb_walk_state_t *wsp)
521 {
522 	int retval;
523 
524 	if (wsp->walk_addr == NULL) {
525 		return (WALK_DONE);
526 	}
527 	if (mdb_vread(wsp->walk_data, sizeof (callout_list_t),
528 	    wsp->walk_addr) != sizeof (callout_list_t)) {
529 		mdb_warn("failed to read callout_list at %p", wsp->walk_addr);
530 		return (WALK_ERR);
531 	}
532 	retval = wsp->walk_callback(wsp->walk_addr, wsp->walk_data,
533 	    wsp->walk_cbdata);
534 
535 	wsp->walk_addr = (uintptr_t)
536 	    (((callout_list_t *)wsp->walk_data)->cl_next);
537 
538 	return (retval);
539 }
540 
541 void
542 callout_list_walk_fini(mdb_walk_state_t *wsp)
543 {
544 	mdb_free(wsp->walk_data, sizeof (callout_list_t));
545 }
546 
547 /* routines/structs to walk callout table(s) */
548 typedef struct cot_data {
549 	callout_table_t *ct0;
550 	callout_table_t ct;
551 	callout_hash_t cot_idhash[CALLOUT_BUCKETS];
552 	callout_hash_t cot_clhash[CALLOUT_BUCKETS];
553 	kstat_named_t ct_kstat_data[CALLOUT_NUM_STATS];
554 	int cotndx;
555 	int cotsize;
556 } cot_data_t;
557 
558 int
559 callout_table_walk_init(mdb_walk_state_t *wsp)
560 {
561 	int max_ncpus;
562 	cot_data_t *cot_walk_data;
563 
564 	cot_walk_data = mdb_alloc(sizeof (cot_data_t), UM_SLEEP);
565 
566 	if (wsp->walk_addr == NULL) {
567 		if (mdb_readvar(&cot_walk_data->ct0, "callout_table") == -1) {
568 			mdb_warn("failed to read 'callout_table'");
569 			return (WALK_ERR);
570 		}
571 		if (mdb_readvar(&max_ncpus, "max_ncpus") == -1) {
572 			mdb_warn("failed to get callout_table array size");
573 			return (WALK_ERR);
574 		}
575 		cot_walk_data->cotsize = CALLOUT_NTYPES * max_ncpus;
576 		wsp->walk_addr = (uintptr_t)cot_walk_data->ct0;
577 	} else {
578 		/* not a global walk */
579 		cot_walk_data->cotsize = 1;
580 	}
581 
582 	cot_walk_data->cotndx = 0;
583 	wsp->walk_data = cot_walk_data;
584 
585 	return (WALK_NEXT);
586 }
587 
588 int
589 callout_table_walk_step(mdb_walk_state_t *wsp)
590 {
591 	int retval;
592 	cot_data_t *cotwd = (cot_data_t *)wsp->walk_data;
593 	size_t size;
594 
595 	if (cotwd->cotndx >= cotwd->cotsize) {
596 		return (WALK_DONE);
597 	}
598 	if (mdb_vread(&(cotwd->ct), sizeof (callout_table_t),
599 	    wsp->walk_addr) != sizeof (callout_table_t)) {
600 		mdb_warn("failed to read callout_table at %p", wsp->walk_addr);
601 		return (WALK_ERR);
602 	}
603 
604 	size = sizeof (callout_hash_t) * CALLOUT_BUCKETS;
605 	if (cotwd->ct.ct_idhash != NULL) {
606 		if (mdb_vread(cotwd->cot_idhash, size,
607 		    (uintptr_t)(cotwd->ct.ct_idhash)) != size) {
608 			mdb_warn("failed to read id_hash at %p",
609 			    cotwd->ct.ct_idhash);
610 			return (WALK_ERR);
611 		}
612 	}
613 	if (cotwd->ct.ct_clhash != NULL) {
614 		if (mdb_vread(&(cotwd->cot_clhash), size,
615 		    (uintptr_t)cotwd->ct.ct_clhash) == -1) {
616 			mdb_warn("failed to read cl_hash at %p",
617 			    cotwd->ct.ct_clhash);
618 			return (WALK_ERR);
619 		}
620 	}
621 	size = sizeof (kstat_named_t) * CALLOUT_NUM_STATS;
622 	if (cotwd->ct.ct_kstat_data != NULL) {
623 		if (mdb_vread(&(cotwd->ct_kstat_data), size,
624 		    (uintptr_t)cotwd->ct.ct_kstat_data) == -1) {
625 			mdb_warn("failed to read kstats at %p",
626 			    cotwd->ct.ct_kstat_data);
627 			return (WALK_ERR);
628 		}
629 	}
630 	retval = wsp->walk_callback(wsp->walk_addr, (void *)cotwd,
631 	    wsp->walk_cbdata);
632 
633 	cotwd->cotndx++;
634 	if (cotwd->cotndx >= cotwd->cotsize) {
635 		return (WALK_DONE);
636 	}
637 	wsp->walk_addr = (uintptr_t)((char *)wsp->walk_addr +
638 	    sizeof (callout_table_t));
639 
640 	return (retval);
641 }
642 
643 void
644 callout_table_walk_fini(mdb_walk_state_t *wsp)
645 {
646 	mdb_free(wsp->walk_data, sizeof (cot_data_t));
647 }
648 
649 static const char *co_typenames[] = { "R", "N" };
650 
651 #define	CO_PLAIN_ID(xid)	 ((xid) & ~CALLOUT_EXECUTING)
652 
653 #define	TABLE_TO_SEQID(x)	((x) >> CALLOUT_TYPE_BITS)
654 
655 /* callout flags, in no particular order */
656 #define	COF_REAL	0x0000001
657 #define	COF_NORM	0x0000002
658 #define	COF_LONG	0x0000004
659 #define	COF_SHORT	0x0000008
660 #define	COF_EMPTY	0x0000010
661 #define	COF_TIME	0x0000020
662 #define	COF_BEFORE	0x0000040
663 #define	COF_AFTER	0x0000080
664 #define	COF_SEQID	0x0000100
665 #define	COF_FUNC	0x0000200
666 #define	COF_ADDR	0x0000400
667 #define	COF_EXEC	0x0000800
668 #define	COF_HIRES	0x0001000
669 /* 0x0002000 reserved for future flags */
670 #define	COF_TABLE	0x0004000
671 #define	COF_BYIDH	0x0008000
672 #define	COF_FREE	0x0010000
673 #define	COF_LIST	0x0020000
674 #define	COF_EXPREL	0x0040000
675 #define	COF_HDR		0x0080000
676 #define	COF_VERBOSE	0x0100000
677 #define	COF_LONGLIST	0x0200000
678 #define	COF_THDR	0x0400000
679 #define	COF_LHDR	0x0800000
680 #define	COF_CHDR	0x1000000
681 #define	COF_PARAM	0x2000000
682 #define	COF_DECODE	0x4000000
683 
684 /* show real and normal, short and long, expired and unexpired. */
685 #define	COF_DEFAULT	(COF_REAL | COF_NORM | COF_LONG | COF_SHORT)
686 
687 /* private callout data for callback functions */
688 typedef struct callout_data {
689 	uint_t flags;		/* COF_* */
690 	cpu_t *cpu;		/* cpu pointer if given */
691 	int seqid;		/* cpu seqid, or -1 */
692 	hrtime_t time;		/* expiration time value */
693 	hrtime_t atime;		/* expiration before value */
694 	hrtime_t btime;		/* expiration after value */
695 	uintptr_t funcaddr;	/* function address or NULL */
696 	uintptr_t param;	/* parameter to function or NULL */
697 	hrtime_t now;		/* current system time */
698 	int nsec_per_tick;	/* for conversions */
699 	ulong_t ctbits;		/* for decoding xid */
700 	callout_table_t *co_table;	/* top of callout table array */
701 	int ndx;		/* table index. */
702 	int bucket;		/* which list/id bucket are we in */
703 	hrtime_t exp;		/* expire time */
704 } callout_data_t;
705 
706 /* this callback does the actual callback itself (finally). */
707 /*ARGSUSED*/
708 static int
709 callouts_cb(uintptr_t addr, const void *data, void *priv)
710 {
711 	callout_data_t *coargs = (callout_data_t *)priv;
712 	callout_t *co = (callout_t *)data;
713 	int tableid;
714 	callout_id_t coid;
715 
716 	if ((coargs == NULL) || (co == NULL)) {
717 		return (WALK_ERR);
718 	}
719 
720 	if ((coargs->flags & COF_FUNC) &&
721 	    (coargs->funcaddr != (uintptr_t)co->c_func)) {
722 		return (WALK_NEXT);
723 	}
724 	if ((coargs->flags & COF_PARAM) &&
725 	    (coargs->param != (uintptr_t)co->c_arg)) {
726 		return (WALK_NEXT);
727 	}
728 
729 	if (!(coargs->flags & COF_LONG) && (co->c_xid & CALLOUT_LONGTERM)) {
730 		return (WALK_NEXT);
731 	}
732 	if (!(coargs->flags & COF_SHORT) && !(co->c_xid & CALLOUT_LONGTERM)) {
733 		return (WALK_NEXT);
734 	}
735 	if ((coargs->flags & COF_EXEC) && !(co->c_xid & CALLOUT_EXECUTING)) {
736 		return (WALK_NEXT);
737 	}
738 	if ((coargs->flags & COF_HIRES) && !(co->c_xid & CALLOUT_HRESTIME)) {
739 		return (WALK_NEXT);
740 	}
741 
742 	/* it is possible we don't have the exp time */
743 	if (coargs->flags & COF_BYIDH) {
744 		if (!(coargs->flags & COF_FREE)) {
745 			/* we have to fetch the expire time ourselves. */
746 			if (mdb_vread(&coargs->exp, sizeof (hrtime_t),
747 			    (uintptr_t)co->c_list + offsetof(callout_list_t,
748 			    cl_expiration)) == -1) {
749 				mdb_warn("failed to read expiration "
750 				    "time from %p", co->c_list);
751 				coargs->exp = 0;
752 			}
753 		} else {
754 			/* free callouts can't use list pointer. */
755 			coargs->exp = 0;
756 		}
757 	}
758 
759 #define	callout_table_mask	((1 << coargs->ctbits) - 1)
760 	tableid = CALLOUT_ID_TO_TABLE(co->c_xid);
761 #undef	callout_table_mask
762 	coid = CO_PLAIN_ID(co->c_xid);
763 
764 	if ((coargs->flags & COF_CHDR) && !(coargs->flags & COF_ADDR)) {
765 		/*
766 		 * We need to print the headers. If walking by id, then
767 		 * the list header isn't printed, so we must include
768 		 * that info here.
769 		 */
770 		if (!(coargs->flags & COF_VERBOSE)) {
771 			mdb_printf("%<u>%3s %-1s %-14s %</u>",
772 			    "SEQ", "T", "EXP");
773 		} else if (coargs->flags & COF_BYIDH) {
774 			mdb_printf("%<u>%-14s %</u>", "EXP");
775 		}
776 		mdb_printf("%<u>%-3s %-?s %-20s%</u>",
777 		    "XHL", "XID", "FUNC(ARG)");
778 		if (coargs->flags & COF_LONGLIST) {
779 			mdb_printf("%<u> %-?s %-?s %-?s %-?s%</u>",
780 			    "PREVID", "NEXTID", "PREVL", "NEXTL");
781 		}
782 		mdb_printf("\n");
783 		coargs->flags &= ~COF_CHDR;
784 		coargs->flags |= (COF_THDR | COF_LHDR);
785 	}
786 
787 	if (!(coargs->flags & COF_ADDR)) {
788 		if (!(coargs->flags & COF_VERBOSE)) {
789 			mdb_printf("%-3d %1s %-14llx ",
790 			    TABLE_TO_SEQID(tableid),
791 			    co_typenames[tableid & CALLOUT_TYPE_MASK],
792 			    (coargs->flags & COF_EXPREL) ?
793 			    coargs->exp - coargs->now : coargs->exp);
794 		} else if (coargs->flags & COF_BYIDH) {
795 			mdb_printf("%-14x ",
796 			    (coargs->flags & COF_EXPREL) ?
797 			    coargs->exp - coargs->now : coargs->exp);
798 		}
799 		mdb_printf("%1s%1s%1s %-?llx %a(%p)",
800 		    (co->c_xid & CALLOUT_EXECUTING) ? "X" : " ",
801 		    (co->c_xid & CALLOUT_HRESTIME) ? "H" : " ",
802 		    (co->c_xid & CALLOUT_LONGTERM) ? "L" : " ",
803 		    (long long)coid, co->c_func, co->c_arg);
804 		if (coargs->flags & COF_LONGLIST) {
805 			mdb_printf(" %-?p %-?p %-?p %-?p",
806 			    co->c_idprev, co->c_idnext, co->c_clprev,
807 			    co->c_clnext);
808 		}
809 	} else {
810 		/* address only */
811 		mdb_printf("%-0p", addr);
812 	}
813 	mdb_printf("\n");
814 	return (WALK_NEXT);
815 }
816 
817 /* this callback is for callout list handling. idhash is done by callout_t_cb */
818 /*ARGSUSED*/
819 static int
820 callout_list_cb(uintptr_t addr, const void *data, void *priv)
821 {
822 	callout_data_t *coargs = (callout_data_t *)priv;
823 	callout_list_t *cl = (callout_list_t *)data;
824 	callout_t *coptr;
825 
826 	if ((coargs == NULL) || (cl == NULL)) {
827 		return (WALK_ERR);
828 	}
829 
830 	coargs->exp = cl->cl_expiration;
831 	if ((coargs->flags & COF_TIME) &&
832 	    (cl->cl_expiration != coargs->time)) {
833 		return (WALK_NEXT);
834 	}
835 	if ((coargs->flags & COF_BEFORE) &&
836 	    (cl->cl_expiration > coargs->btime)) {
837 		return (WALK_NEXT);
838 	}
839 	if ((coargs->flags & COF_AFTER) &&
840 	    (cl->cl_expiration < coargs->atime)) {
841 		return (WALK_NEXT);
842 	}
843 	if (!(coargs->flags & COF_EMPTY) &&
844 	    (cl->cl_callouts.ch_head == NULL)) {
845 		return (WALK_NEXT);
846 	}
847 
848 	if ((coargs->flags & COF_LHDR) && !(coargs->flags & COF_ADDR) &&
849 	    (coargs->flags & (COF_LIST | COF_VERBOSE))) {
850 		if (!(coargs->flags & COF_VERBOSE)) {
851 			/* don't be redundant again */
852 			mdb_printf("%<u>SEQ T %</u>");
853 		}
854 		mdb_printf("%<u>EXP            BUCKET "
855 		    "CALLOUTS         UTOS THREAD         %</u>");
856 
857 		if (coargs->flags & COF_LONGLIST) {
858 			mdb_printf("%<u> %-?s %-?s %-?s%</u>",
859 			    "DONE", "PREV", "NEXT");
860 		}
861 		mdb_printf("\n");
862 		coargs->flags &= ~COF_LHDR;
863 		coargs->flags |= (COF_THDR | COF_CHDR);
864 	}
865 	if (coargs->flags & (COF_LIST | COF_VERBOSE)) {
866 		if (!(coargs->flags & COF_ADDR)) {
867 			if (!(coargs->flags & COF_VERBOSE)) {
868 				mdb_printf("%3d %1s ",
869 				    TABLE_TO_SEQID(coargs->ndx),
870 				    co_typenames[coargs->ndx &
871 				    CALLOUT_TYPE_MASK]);
872 			}
873 
874 			mdb_printf("%-14llx %-6d %-0?p %-4d %-0?p",
875 			    (coargs->flags & COF_EXPREL) ?
876 			    coargs->exp - coargs->now : coargs->exp,
877 			    coargs->bucket, cl->cl_callouts.ch_head,
878 			    cl->cl_waiting, cl->cl_executor);
879 
880 			if (coargs->flags & COF_LONGLIST) {
881 				mdb_printf(" %-?p %-?p %-?p",
882 				    cl->cl_done, cl->cl_prev, cl->cl_next);
883 			}
884 		} else {
885 			/* address only */
886 			mdb_printf("%-0p", addr);
887 		}
888 		mdb_printf("\n");
889 		if (coargs->flags & COF_LIST) {
890 			return (WALK_NEXT);
891 		}
892 	}
893 	/* yet another layer as we walk the actual callouts via list. */
894 	if (cl->cl_callouts.ch_head == NULL) {
895 		return (WALK_NEXT);
896 	}
897 	/* free list structures do not have valid callouts off of them. */
898 	if (coargs->flags & COF_FREE) {
899 		return (WALK_NEXT);
900 	}
901 	coptr = (callout_t *)cl->cl_callouts.ch_head;
902 
903 	if (coargs->flags & COF_VERBOSE) {
904 		mdb_inc_indent(4);
905 	}
906 	/*
907 	 * walk callouts using yet another callback routine.
908 	 * we use callouts_bytime because id hash is handled via
909 	 * the callout_t_cb callback.
910 	 */
911 	if (mdb_pwalk("callouts_bytime", callouts_cb, coargs,
912 	    (uintptr_t)coptr) == -1) {
913 		mdb_warn("cannot walk callouts at %p", coptr);
914 		return (WALK_ERR);
915 	}
916 	if (coargs->flags & COF_VERBOSE) {
917 		mdb_dec_indent(4);
918 	}
919 
920 	return (WALK_NEXT);
921 }
922 
923 /* this callback handles the details of callout table walking. */
924 static int
925 callout_t_cb(uintptr_t addr, const void *data, void *priv)
926 {
927 	callout_data_t *coargs = (callout_data_t *)priv;
928 	cot_data_t *cotwd = (cot_data_t *)data;
929 	callout_table_t *ct = &(cotwd->ct);
930 	int index, seqid, cotype;
931 	int i;
932 	callout_list_t *clptr;
933 	callout_t *coptr;
934 
935 	if ((coargs == NULL) || (ct == NULL) || (coargs->co_table == NULL)) {
936 		return (WALK_ERR);
937 	}
938 
939 	index =  ((char *)addr - (char *)coargs->co_table) /
940 	    sizeof (callout_table_t);
941 	cotype = index & CALLOUT_TYPE_MASK;
942 	seqid = TABLE_TO_SEQID(index);
943 
944 	if ((coargs->flags & COF_SEQID) && (coargs->seqid != seqid)) {
945 		return (WALK_NEXT);
946 	}
947 
948 	if (!(coargs->flags & COF_REAL) && (cotype == CALLOUT_REALTIME)) {
949 		return (WALK_NEXT);
950 	}
951 
952 	if (!(coargs->flags & COF_NORM) && (cotype == CALLOUT_NORMAL)) {
953 		return (WALK_NEXT);
954 	}
955 
956 	if (!(coargs->flags & COF_EMPTY) && (
957 	    (ct->ct_heap == NULL) || (ct->ct_cyclic == NULL))) {
958 		return (WALK_NEXT);
959 	}
960 
961 	if ((coargs->flags & COF_THDR) && !(coargs->flags & COF_ADDR) &&
962 	    (coargs->flags & (COF_TABLE | COF_VERBOSE))) {
963 		/* print table hdr */
964 		mdb_printf("%<u>%-3s %-1s %-?s %-?s %-?s %-?s%</u>",
965 		    "SEQ", "T", "FREE", "LFREE", "CYCLIC", "HEAP");
966 		coargs->flags &= ~COF_THDR;
967 		coargs->flags |= (COF_LHDR | COF_CHDR);
968 		if (coargs->flags & COF_LONGLIST) {
969 			/* more info! */
970 			mdb_printf("%<u> %-T%-7s %-7s %-?s %-?s"
971 			    " %-?s %-?s %-?s%</u>",
972 			    "HEAPNUM", "HEAPMAX", "TASKQ", "EXPQ",
973 			    "PEND", "FREE", "LOCK");
974 		}
975 		mdb_printf("\n");
976 	}
977 	if (coargs->flags & (COF_TABLE | COF_VERBOSE)) {
978 		if (!(coargs->flags & COF_ADDR)) {
979 			mdb_printf("%-3d %-1s %-0?p %-0?p %-0?p %-?p",
980 			    seqid, co_typenames[cotype],
981 			    ct->ct_free, ct->ct_lfree, ct->ct_cyclic,
982 			    ct->ct_heap);
983 			if (coargs->flags & COF_LONGLIST)  {
984 				/* more info! */
985 				mdb_printf(" %-7d %-7d %-?p %-?p"
986 				    " %-?lld %-?lld %-?p",
987 				    ct->ct_heap_num,  ct->ct_heap_max,
988 				    ct->ct_taskq, ct->ct_expired.ch_head,
989 				    cotwd->ct_timeouts_pending,
990 				    cotwd->ct_allocations -
991 				    cotwd->ct_timeouts_pending,
992 				    ct->ct_mutex);
993 			}
994 		} else {
995 			/* address only */
996 			mdb_printf("%-0?p", addr);
997 		}
998 		mdb_printf("\n");
999 		if (coargs->flags & COF_TABLE) {
1000 			return (WALK_NEXT);
1001 		}
1002 	}
1003 
1004 	coargs->ndx = index;
1005 	if (coargs->flags & COF_VERBOSE) {
1006 		mdb_inc_indent(4);
1007 	}
1008 	/* keep digging. */
1009 	if (!(coargs->flags & COF_BYIDH)) {
1010 		/* walk the list hash table */
1011 		if (coargs->flags & COF_FREE) {
1012 			clptr = ct->ct_lfree;
1013 			coargs->bucket = 0;
1014 			if (clptr == NULL) {
1015 				return (WALK_NEXT);
1016 			}
1017 			if (mdb_pwalk("callout_list", callout_list_cb, coargs,
1018 			    (uintptr_t)clptr) == -1) {
1019 				mdb_warn("cannot walk callout free list at %p",
1020 				    clptr);
1021 				return (WALK_ERR);
1022 			}
1023 		} else {
1024 			/* first print the expired list. */
1025 			clptr = (callout_list_t *)ct->ct_expired.ch_head;
1026 			if (clptr != NULL) {
1027 				coargs->bucket = -1;
1028 				if (mdb_pwalk("callout_list", callout_list_cb,
1029 				    coargs, (uintptr_t)clptr) == -1) {
1030 					mdb_warn("cannot walk callout_list"
1031 					    " at %p", clptr);
1032 					return (WALK_ERR);
1033 				}
1034 			}
1035 			for (i = 0; i < CALLOUT_BUCKETS; i++) {
1036 				if (ct->ct_clhash == NULL) {
1037 					/* nothing to do */
1038 					break;
1039 				}
1040 				if (cotwd->cot_clhash[i].ch_head == NULL) {
1041 					continue;
1042 				}
1043 				clptr = (callout_list_t *)
1044 				    cotwd->cot_clhash[i].ch_head;
1045 				coargs->bucket = i;
1046 				/* walk list with callback routine. */
1047 				if (mdb_pwalk("callout_list", callout_list_cb,
1048 				    coargs, (uintptr_t)clptr) == -1) {
1049 					mdb_warn("cannot walk callout_list"
1050 					    " at %p", clptr);
1051 					return (WALK_ERR);
1052 				}
1053 			}
1054 		}
1055 	} else {
1056 		/* walk the id hash table. */
1057 		if (coargs->flags & COF_FREE) {
1058 			coptr = ct->ct_free;
1059 			coargs->bucket = 0;
1060 			if (coptr == NULL) {
1061 				return (WALK_NEXT);
1062 			}
1063 			if (mdb_pwalk("callouts_byid", callouts_cb, coargs,
1064 			    (uintptr_t)coptr) == -1) {
1065 				mdb_warn("cannot walk callout id free list"
1066 				    " at %p", coptr);
1067 				return (WALK_ERR);
1068 			}
1069 		} else {
1070 			for (i = 0; i < CALLOUT_BUCKETS; i++) {
1071 				if (ct->ct_idhash == NULL) {
1072 					break;
1073 				}
1074 				coptr = (callout_t *)
1075 				    cotwd->cot_idhash[i].ch_head;
1076 				if (coptr == NULL) {
1077 					continue;
1078 				}
1079 				coargs->bucket = i;
1080 
1081 				/*
1082 				 * walk callouts directly by id. For id
1083 				 * chain, the callout list is just a header,
1084 				 * so there's no need to walk it.
1085 				 */
1086 				if (mdb_pwalk("callouts_byid", callouts_cb,
1087 				    coargs, (uintptr_t)coptr) == -1) {
1088 					mdb_warn("cannot walk callouts at %p",
1089 					    coptr);
1090 					return (WALK_ERR);
1091 				}
1092 			}
1093 		}
1094 	}
1095 	if (coargs->flags & COF_VERBOSE) {
1096 		mdb_dec_indent(4);
1097 	}
1098 	return (WALK_NEXT);
1099 }
1100 
1101 /*
1102  * initialize some common info for both callout dcmds.
1103  */
1104 int
1105 callout_common_init(callout_data_t *coargs)
1106 {
1107 	/* we need a couple of things */
1108 	if (mdb_readvar(&(coargs->co_table), "callout_table") == -1) {
1109 		mdb_warn("failed to read 'callout_table'");
1110 		return (DCMD_ERR);
1111 	}
1112 	/* need to get now in nsecs. Approximate with hrtime vars */
1113 	if (mdb_readsym(&(coargs->now), sizeof (hrtime_t), "hrtime_last") !=
1114 	    sizeof (hrtime_t)) {
1115 		if (mdb_readsym(&(coargs->now), sizeof (hrtime_t),
1116 		    "hrtime_base") != sizeof (hrtime_t)) {
1117 			mdb_warn("Could not determine current system time");
1118 			return (DCMD_ERR);
1119 		}
1120 	}
1121 
1122 	if (mdb_readvar(&(coargs->ctbits), "callout_table_bits") == -1) {
1123 		mdb_warn("failed to read 'callout_table_bits'");
1124 		return (DCMD_ERR);
1125 	}
1126 	if (mdb_readvar(&(coargs->nsec_per_tick), "nsec_per_tick") == -1) {
1127 		mdb_warn("failed to read 'nsec_per_tick'");
1128 		return (DCMD_ERR);
1129 	}
1130 	return (DCMD_OK);
1131 }
1132 
1133 /*
1134  * dcmd to print callouts.  Optional addr limits to specific table.
1135  * Parses lots of options that get passed to callbacks for walkers.
1136  * Has it's own help function.
1137  */
1138 /*ARGSUSED*/
1139 int
1140 callout(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1141 {
1142 	callout_data_t coargs;
1143 	/* getopts doesn't help much with stuff like this */
1144 	boolean_t Sflag, Cflag, tflag, aflag, bflag, dflag, kflag;
1145 	char *funcname = NULL;
1146 	char *paramstr = NULL;
1147 	uintptr_t Stmp, Ctmp;	/* for getopt. */
1148 	int retval;
1149 
1150 	coargs.flags = COF_DEFAULT;
1151 	Sflag = Cflag = tflag = bflag = aflag = dflag = kflag = FALSE;
1152 	coargs.seqid = -1;
1153 
1154 	if (mdb_getopts(argc, argv,
1155 	    'r', MDB_OPT_CLRBITS, COF_NORM, &coargs.flags,
1156 	    'n', MDB_OPT_CLRBITS, COF_REAL, &coargs.flags,
1157 	    'l', MDB_OPT_CLRBITS, COF_SHORT, &coargs.flags,
1158 	    's', MDB_OPT_CLRBITS, COF_LONG, &coargs.flags,
1159 	    'x', MDB_OPT_SETBITS, COF_EXEC, &coargs.flags,
1160 	    'h', MDB_OPT_SETBITS, COF_HIRES, &coargs.flags,
1161 	    'E', MDB_OPT_SETBITS, COF_EMPTY, &coargs.flags,
1162 	    'd', MDB_OPT_SETBITS, 1, &dflag,
1163 	    'C', MDB_OPT_UINTPTR_SET, &Cflag, &Ctmp,
1164 	    'S', MDB_OPT_UINTPTR_SET, &Sflag, &Stmp,
1165 	    't', MDB_OPT_UINTPTR_SET, &tflag, (uintptr_t *)&coargs.time,
1166 	    'a', MDB_OPT_UINTPTR_SET, &aflag, (uintptr_t *)&coargs.atime,
1167 	    'b', MDB_OPT_UINTPTR_SET, &bflag, (uintptr_t *)&coargs.btime,
1168 	    'k', MDB_OPT_SETBITS, 1, &kflag,
1169 	    'f', MDB_OPT_STR, &funcname,
1170 	    'p', MDB_OPT_STR, &paramstr,
1171 	    'T', MDB_OPT_SETBITS, COF_TABLE, &coargs.flags,
1172 	    'D', MDB_OPT_SETBITS, COF_EXPREL, &coargs.flags,
1173 	    'L', MDB_OPT_SETBITS, COF_LIST, &coargs.flags,
1174 	    'V', MDB_OPT_SETBITS, COF_VERBOSE, &coargs.flags,
1175 	    'v', MDB_OPT_SETBITS, COF_LONGLIST, &coargs.flags,
1176 	    'i', MDB_OPT_SETBITS, COF_BYIDH, &coargs.flags,
1177 	    'F', MDB_OPT_SETBITS, COF_FREE, &coargs.flags,
1178 	    'A', MDB_OPT_SETBITS, COF_ADDR, &coargs.flags,
1179 	    NULL) != argc) {
1180 		return (DCMD_USAGE);
1181 	}
1182 
1183 	/* initialize from kernel variables */
1184 	if ((retval = callout_common_init(&coargs)) != DCMD_OK) {
1185 		return (retval);
1186 	}
1187 
1188 	/* do some option post-processing */
1189 	if (kflag) {
1190 		coargs.time *= coargs.nsec_per_tick;
1191 		coargs.atime *= coargs.nsec_per_tick;
1192 		coargs.btime *= coargs.nsec_per_tick;
1193 	}
1194 
1195 	if (dflag) {
1196 		coargs.time += coargs.now;
1197 		coargs.atime += coargs.now;
1198 		coargs.btime += coargs.now;
1199 	}
1200 	if (Sflag) {
1201 		if (flags & DCMD_ADDRSPEC) {
1202 			mdb_printf("-S option conflicts with explicit"
1203 			    " address\n");
1204 			return (DCMD_USAGE);
1205 		}
1206 		coargs.flags |= COF_SEQID;
1207 		coargs.seqid = (int)Stmp;
1208 	}
1209 	if (Cflag) {
1210 		if (flags & DCMD_ADDRSPEC) {
1211 			mdb_printf("-C option conflicts with explicit"
1212 			    " address\n");
1213 			return (DCMD_USAGE);
1214 		}
1215 		if (coargs.flags & COF_SEQID) {
1216 			mdb_printf("-C and -S are mutually exclusive\n");
1217 			return (DCMD_USAGE);
1218 		}
1219 		coargs.cpu = (cpu_t *)Ctmp;
1220 		if (mdb_vread(&coargs.seqid, sizeof (processorid_t),
1221 		    (uintptr_t)&(coargs.cpu->cpu_seqid)) == -1) {
1222 			mdb_warn("failed to read cpu_t at %p", Ctmp);
1223 			return (DCMD_ERR);
1224 		}
1225 		coargs.flags |= COF_SEQID;
1226 	}
1227 	/* avoid null outputs. */
1228 	if (!(coargs.flags & (COF_REAL | COF_NORM))) {
1229 		coargs.flags |= COF_REAL | COF_NORM;
1230 	}
1231 	if (!(coargs.flags & (COF_LONG | COF_SHORT))) {
1232 		coargs.flags |= COF_LONG | COF_SHORT;
1233 	}
1234 	if (tflag) {
1235 		if (aflag || bflag) {
1236 			mdb_printf("-t and -a|b are mutually exclusive\n");
1237 			return (DCMD_USAGE);
1238 		}
1239 		coargs.flags |= COF_TIME;
1240 	}
1241 	if (aflag) {
1242 		coargs.flags |= COF_AFTER;
1243 	}
1244 	if (bflag) {
1245 		coargs.flags |= COF_BEFORE;
1246 	}
1247 	if ((aflag && bflag) && (coargs.btime <= coargs.atime)) {
1248 		mdb_printf("value for -a must be earlier than the value"
1249 		    " for -b.\n");
1250 		return (DCMD_USAGE);
1251 	}
1252 
1253 	if (funcname != NULL) {
1254 		GElf_Sym sym;
1255 
1256 		if (mdb_lookup_by_name(funcname, &sym) != 0) {
1257 			coargs.funcaddr = mdb_strtoull(funcname);
1258 		} else {
1259 			coargs.funcaddr = sym.st_value;
1260 		}
1261 		coargs.flags |= COF_FUNC;
1262 	}
1263 
1264 	if (paramstr != NULL) {
1265 		GElf_Sym sym;
1266 
1267 		if (mdb_lookup_by_name(paramstr, &sym) != 0) {
1268 			coargs.param = mdb_strtoull(paramstr);
1269 		} else {
1270 			coargs.param = sym.st_value;
1271 		}
1272 		coargs.flags |= COF_PARAM;
1273 	}
1274 
1275 	if (!(flags & DCMD_ADDRSPEC)) {
1276 		/* don't pass "dot" if no addr. */
1277 		addr = NULL;
1278 	}
1279 	if (addr != NULL) {
1280 		/*
1281 		 * a callout table was specified. Ignore -r|n option
1282 		 * to avoid null output.
1283 		 */
1284 		coargs.flags |= (COF_REAL | COF_NORM);
1285 	}
1286 
1287 	if (DCMD_HDRSPEC(flags) || (coargs.flags & COF_VERBOSE)) {
1288 		coargs.flags |= COF_THDR | COF_LHDR | COF_CHDR;
1289 	}
1290 	if (coargs.flags & COF_FREE) {
1291 		coargs.flags |= COF_EMPTY;
1292 		/* -F = free callouts, -FL = free lists */
1293 		if (!(coargs.flags & COF_LIST)) {
1294 			coargs.flags |= COF_BYIDH;
1295 		}
1296 	}
1297 
1298 	/* walk table, using specialized callback routine. */
1299 	if (mdb_pwalk("callout_table", callout_t_cb, &coargs, addr) == -1) {
1300 		mdb_warn("cannot walk callout_table");
1301 		return (DCMD_ERR);
1302 	}
1303 	return (DCMD_OK);
1304 }
1305 
1306 
1307 /*
1308  * Given an extended callout id, dump its information.
1309  */
1310 /*ARGSUSED*/
1311 int
1312 calloutid(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1313 {
1314 	callout_data_t coargs;
1315 	callout_table_t *ctptr;
1316 	callout_table_t ct;
1317 	callout_id_t coid;
1318 	callout_t *coptr;
1319 	int tableid;
1320 	callout_id_t xid;
1321 	ulong_t idhash;
1322 	int i, retval;
1323 	const mdb_arg_t *arg;
1324 	size_t size;
1325 	callout_hash_t cot_idhash[CALLOUT_BUCKETS];
1326 
1327 	coargs.flags = COF_DEFAULT | COF_BYIDH;
1328 	i = mdb_getopts(argc, argv,
1329 	    'd', MDB_OPT_SETBITS, COF_DECODE, &coargs.flags,
1330 	    'v', MDB_OPT_SETBITS, COF_LONGLIST, &coargs.flags,
1331 	    NULL);
1332 	argc -= i;
1333 	argv += i;
1334 
1335 	if (argc != 1) {
1336 		return (DCMD_USAGE);
1337 	}
1338 	arg = &argv[0];
1339 
1340 	if (arg->a_type == MDB_TYPE_IMMEDIATE) {
1341 		xid = arg->a_un.a_val;
1342 	} else {
1343 		xid = (callout_id_t)mdb_strtoull(arg->a_un.a_str);
1344 	}
1345 
1346 	if (DCMD_HDRSPEC(flags)) {
1347 		coargs.flags |= COF_CHDR;
1348 	}
1349 
1350 
1351 	/* initialize from kernel variables */
1352 	if ((retval = callout_common_init(&coargs)) != DCMD_OK) {
1353 		return (retval);
1354 	}
1355 
1356 	/* we must massage the environment so that the macros will play nice */
1357 #define	callout_table_mask	((1 << coargs.ctbits) - 1)
1358 #define	callout_table_bits	coargs.ctbits
1359 #define	nsec_per_tick		coargs.nsec_per_tick
1360 	tableid = CALLOUT_ID_TO_TABLE(xid);
1361 	idhash = CALLOUT_IDHASH(xid);
1362 #undef	callouts_table_bits
1363 #undef	callout_table_mask
1364 #undef	nsec_per_tick
1365 	coid = CO_PLAIN_ID(xid);
1366 
1367 	if (flags & DCMD_ADDRSPEC) {
1368 		mdb_printf("calloutid does not accept explicit address.\n");
1369 		return (DCMD_USAGE);
1370 	}
1371 
1372 	if (coargs.flags & COF_DECODE) {
1373 		if (DCMD_HDRSPEC(flags)) {
1374 			mdb_printf("%<u>%3s %1s %3s %-?s %-6s %</u>\n",
1375 			    "SEQ", "T", "XHL", "XID", "IDHASH");
1376 		}
1377 		mdb_printf("%-3d %1s %1s%1s%1s %-?llx %-6d\n",
1378 		    TABLE_TO_SEQID(tableid),
1379 		    co_typenames[tableid & CALLOUT_TYPE_MASK],
1380 		    (xid & CALLOUT_EXECUTING) ? "X" : " ",
1381 		    (xid & CALLOUT_HRESTIME) ? "H" : " ",
1382 		    (xid & CALLOUT_LONGTERM) ? "L" : " ",
1383 		    (long long)coid, idhash);
1384 		return (DCMD_OK);
1385 	}
1386 
1387 	/* get our table. Note this relies on the types being correct */
1388 	ctptr = coargs.co_table + tableid;
1389 	if (mdb_vread(&ct, sizeof (callout_table_t), (uintptr_t)ctptr) == -1) {
1390 		mdb_warn("failed to read callout_table at %p", ctptr);
1391 		return (DCMD_ERR);
1392 	}
1393 	size = sizeof (callout_hash_t) * CALLOUT_BUCKETS;
1394 	if (ct.ct_idhash != NULL) {
1395 		if (mdb_vread(&(cot_idhash), size,
1396 		    (uintptr_t)ct.ct_idhash) == -1) {
1397 			mdb_warn("failed to read id_hash at %p",
1398 			    ct.ct_idhash);
1399 			return (WALK_ERR);
1400 		}
1401 	}
1402 
1403 	/* callout at beginning of hash chain */
1404 	if (ct.ct_idhash == NULL) {
1405 		mdb_printf("id hash chain for this xid is empty\n");
1406 		return (DCMD_ERR);
1407 	}
1408 	coptr = (callout_t *)cot_idhash[idhash].ch_head;
1409 	if (coptr == NULL) {
1410 		mdb_printf("id hash chain for this xid is empty\n");
1411 		return (DCMD_ERR);
1412 	}
1413 
1414 	coargs.ndx = tableid;
1415 	coargs.bucket = idhash;
1416 
1417 	/* use the walker, luke */
1418 	if (mdb_pwalk("callouts_byid", callouts_cb, &coargs,
1419 	    (uintptr_t)coptr) == -1) {
1420 		mdb_warn("cannot walk callouts at %p", coptr);
1421 		return (WALK_ERR);
1422 	}
1423 
1424 	return (DCMD_OK);
1425 }
1426 
1427 void
1428 callout_help(void)
1429 {
1430 	mdb_printf("callout: display callouts.\n"
1431 	    "Given a callout table address, display callouts from table.\n"
1432 	    "Without an address, display callouts from all tables.\n"
1433 	    "options:\n"
1434 	    " -r|n : limit display to (r)ealtime or (n)ormal type callouts\n"
1435 	    " -s|l : limit display to (s)hort-term ids or (l)ong-term ids\n"
1436 	    " -x : limit display to callouts which are executing\n"
1437 	    " -h : limit display to callouts based on hrestime\n"
1438 	    " -t|a|b nsec: limit display to callouts that expire a(t) time,"
1439 	    " (a)fter time,\n     or (b)efore time. Use -a and -b together "
1440 	    " to specify a range.\n     For \"now\", use -d[t|a|b] 0.\n"
1441 	    " -d : interpret time option to -t|a|b as delta from current time\n"
1442 	    " -k : use ticks instead of nanoseconds as arguments to"
1443 	    " -t|a|b. Note that\n     ticks are less accurate and may not"
1444 	    " match other tick times (ie: lbolt).\n"
1445 	    " -D : display exiration time as delta from current time\n"
1446 	    " -S seqid : limit display to callouts for this cpu sequence id\n"
1447 	    " -C addr :  limit display to callouts for this cpu pointer\n"
1448 	    " -f name|addr : limit display to callouts with this function\n"
1449 	    " -p name|addr : limit display to callouts functions with this"
1450 	    " parameter\n"
1451 	    " -T : display the callout table itself, instead of callouts\n"
1452 	    " -L : display callout lists instead of callouts\n"
1453 	    " -E : with -T or L, display empty data structures.\n"
1454 	    " -i : traverse callouts by id hash instead of list hash\n"
1455 	    " -F : walk free callout list (free list with -i) instead\n"
1456 	    " -v : display more info for each item\n"
1457 	    " -V : show details of each level of info as it is traversed\n"
1458 	    " -A : show only addresses. Useful for pipelines.\n");
1459 }
1460 
1461 void
1462 calloutid_help(void)
1463 {
1464 	mdb_printf("calloutid: display callout by id.\n"
1465 	    "Given an extended callout id, display the callout infomation.\n"
1466 	    "options:\n"
1467 	    " -d : do not dereference callout, just decode the id.\n"
1468 	    " -v : verbose display more info about the callout\n");
1469 }
1470 
1471 /*ARGSUSED*/
1472 int
1473 class(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1474 {
1475 	long num_classes, i;
1476 	sclass_t *class_tbl;
1477 	GElf_Sym g_sclass;
1478 	char class_name[PC_CLNMSZ];
1479 	size_t tbl_size;
1480 
1481 	if (mdb_lookup_by_name("sclass", &g_sclass) == -1) {
1482 		mdb_warn("failed to find symbol sclass\n");
1483 		return (DCMD_ERR);
1484 	}
1485 
1486 	tbl_size = (size_t)g_sclass.st_size;
1487 	num_classes = tbl_size / (sizeof (sclass_t));
1488 	class_tbl = mdb_alloc(tbl_size, UM_SLEEP | UM_GC);
1489 
1490 	if (mdb_readsym(class_tbl, tbl_size, "sclass") == -1) {
1491 		mdb_warn("failed to read sclass");
1492 		return (DCMD_ERR);
1493 	}
1494 
1495 	mdb_printf("%<u>%4s %-10s %-24s %-24s%</u>\n", "SLOT", "NAME",
1496 	    "INIT FCN", "CLASS FCN");
1497 
1498 	for (i = 0; i < num_classes; i++) {
1499 		if (mdb_vread(class_name, sizeof (class_name),
1500 		    (uintptr_t)class_tbl[i].cl_name) == -1)
1501 			(void) strcpy(class_name, "???");
1502 
1503 		mdb_printf("%4ld %-10s %-24a %-24a\n", i, class_name,
1504 		    class_tbl[i].cl_init, class_tbl[i].cl_funcs);
1505 	}
1506 
1507 	return (DCMD_OK);
1508 }
1509 
1510 #define	FSNAMELEN	32	/* Max len of FS name we read from vnodeops */
1511 
1512 int
1513 vnode2path(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1514 {
1515 	uintptr_t rootdir;
1516 	vnode_t vn;
1517 	char buf[MAXPATHLEN];
1518 
1519 	uint_t opt_F = FALSE;
1520 
1521 	if (mdb_getopts(argc, argv,
1522 	    'F', MDB_OPT_SETBITS, TRUE, &opt_F, NULL) != argc)
1523 		return (DCMD_USAGE);
1524 
1525 	if (!(flags & DCMD_ADDRSPEC)) {
1526 		mdb_warn("expected explicit vnode_t address before ::\n");
1527 		return (DCMD_USAGE);
1528 	}
1529 
1530 	if (mdb_readvar(&rootdir, "rootdir") == -1) {
1531 		mdb_warn("failed to read rootdir");
1532 		return (DCMD_ERR);
1533 	}
1534 
1535 	if (mdb_vnode2path(addr, buf, sizeof (buf)) == -1)
1536 		return (DCMD_ERR);
1537 
1538 	if (*buf == '\0') {
1539 		mdb_printf("??\n");
1540 		return (DCMD_OK);
1541 	}
1542 
1543 	mdb_printf("%s", buf);
1544 	if (opt_F && buf[strlen(buf)-1] != '/' &&
1545 	    mdb_vread(&vn, sizeof (vn), addr) == sizeof (vn))
1546 		mdb_printf("%c", mdb_vtype2chr(vn.v_type, 0));
1547 	mdb_printf("\n");
1548 
1549 	return (DCMD_OK);
1550 }
1551 
1552 int
1553 ld_walk_init(mdb_walk_state_t *wsp)
1554 {
1555 	wsp->walk_data = (void *)wsp->walk_addr;
1556 	return (WALK_NEXT);
1557 }
1558 
1559 int
1560 ld_walk_step(mdb_walk_state_t *wsp)
1561 {
1562 	int status;
1563 	lock_descriptor_t ld;
1564 
1565 	if (mdb_vread(&ld, sizeof (lock_descriptor_t), wsp->walk_addr) == -1) {
1566 		mdb_warn("couldn't read lock_descriptor_t at %p\n",
1567 		    wsp->walk_addr);
1568 		return (WALK_ERR);
1569 	}
1570 
1571 	status = wsp->walk_callback(wsp->walk_addr, &ld, wsp->walk_cbdata);
1572 	if (status == WALK_ERR)
1573 		return (WALK_ERR);
1574 
1575 	wsp->walk_addr = (uintptr_t)ld.l_next;
1576 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data)
1577 		return (WALK_DONE);
1578 
1579 	return (status);
1580 }
1581 
1582 int
1583 lg_walk_init(mdb_walk_state_t *wsp)
1584 {
1585 	GElf_Sym sym;
1586 
1587 	if (mdb_lookup_by_name("lock_graph", &sym) == -1) {
1588 		mdb_warn("failed to find symbol 'lock_graph'\n");
1589 		return (WALK_ERR);
1590 	}
1591 
1592 	wsp->walk_addr = (uintptr_t)sym.st_value;
1593 	wsp->walk_data = (void *)(uintptr_t)(sym.st_value + sym.st_size);
1594 
1595 	return (WALK_NEXT);
1596 }
1597 
1598 typedef struct lg_walk_data {
1599 	uintptr_t startaddr;
1600 	mdb_walk_cb_t callback;
1601 	void *data;
1602 } lg_walk_data_t;
1603 
1604 /*
1605  * We can't use ::walk lock_descriptor directly, because the head of each graph
1606  * is really a dummy lock.  Rather than trying to dynamically determine if this
1607  * is a dummy node or not, we just filter out the initial element of the
1608  * list.
1609  */
1610 static int
1611 lg_walk_cb(uintptr_t addr, const void *data, void *priv)
1612 {
1613 	lg_walk_data_t *lw = priv;
1614 
1615 	if (addr != lw->startaddr)
1616 		return (lw->callback(addr, data, lw->data));
1617 
1618 	return (WALK_NEXT);
1619 }
1620 
1621 int
1622 lg_walk_step(mdb_walk_state_t *wsp)
1623 {
1624 	graph_t *graph;
1625 	lg_walk_data_t lw;
1626 
1627 	if (wsp->walk_addr >= (uintptr_t)wsp->walk_data)
1628 		return (WALK_DONE);
1629 
1630 	if (mdb_vread(&graph, sizeof (graph), wsp->walk_addr) == -1) {
1631 		mdb_warn("failed to read graph_t at %p", wsp->walk_addr);
1632 		return (WALK_ERR);
1633 	}
1634 
1635 	wsp->walk_addr += sizeof (graph);
1636 
1637 	if (graph == NULL)
1638 		return (WALK_NEXT);
1639 
1640 	lw.callback = wsp->walk_callback;
1641 	lw.data = wsp->walk_cbdata;
1642 
1643 	lw.startaddr = (uintptr_t)&(graph->active_locks);
1644 	if (mdb_pwalk("lock_descriptor", lg_walk_cb, &lw, lw.startaddr)) {
1645 		mdb_warn("couldn't walk lock_descriptor at %p\n", lw.startaddr);
1646 		return (WALK_ERR);
1647 	}
1648 
1649 	lw.startaddr = (uintptr_t)&(graph->sleeping_locks);
1650 	if (mdb_pwalk("lock_descriptor", lg_walk_cb, &lw, lw.startaddr)) {
1651 		mdb_warn("couldn't walk lock_descriptor at %p\n", lw.startaddr);
1652 		return (WALK_ERR);
1653 	}
1654 
1655 	return (WALK_NEXT);
1656 }
1657 
1658 /*
1659  * The space available for the path corresponding to the locked vnode depends
1660  * on whether we are printing 32- or 64-bit addresses.
1661  */
1662 #ifdef _LP64
1663 #define	LM_VNPATHLEN	20
1664 #else
1665 #define	LM_VNPATHLEN	30
1666 #endif
1667 
1668 /*ARGSUSED*/
1669 static int
1670 lminfo_cb(uintptr_t addr, const void *data, void *priv)
1671 {
1672 	const lock_descriptor_t *ld = data;
1673 	char buf[LM_VNPATHLEN];
1674 	proc_t p;
1675 
1676 	mdb_printf("%-?p %2s %04x %6d %-16s %-?p ",
1677 	    addr, ld->l_type == F_RDLCK ? "RD" :
1678 	    ld->l_type == F_WRLCK ? "WR" : "??",
1679 	    ld->l_state, ld->l_flock.l_pid,
1680 	    ld->l_flock.l_pid == 0 ? "<kernel>" :
1681 	    mdb_pid2proc(ld->l_flock.l_pid, &p) == NULL ?
1682 	    "<defunct>" : p.p_user.u_comm,
1683 	    ld->l_vnode);
1684 
1685 	mdb_vnode2path((uintptr_t)ld->l_vnode, buf,
1686 	    sizeof (buf));
1687 	mdb_printf("%s\n", buf);
1688 
1689 	return (WALK_NEXT);
1690 }
1691 
1692 /*ARGSUSED*/
1693 int
1694 lminfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1695 {
1696 	if (DCMD_HDRSPEC(flags))
1697 		mdb_printf("%<u>%-?s %2s %4s %6s %-16s %-?s %s%</u>\n",
1698 		    "ADDR", "TP", "FLAG", "PID", "COMM", "VNODE", "PATH");
1699 
1700 	return (mdb_pwalk("lock_graph", lminfo_cb, NULL, NULL));
1701 }
1702 
1703 /*ARGSUSED*/
1704 int
1705 seg(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1706 {
1707 	struct seg s;
1708 
1709 	if (argc != 0)
1710 		return (DCMD_USAGE);
1711 
1712 	if ((flags & DCMD_LOOPFIRST) || !(flags & DCMD_LOOP)) {
1713 		mdb_printf("%<u>%?s %?s %?s %?s %s%</u>\n",
1714 		    "SEG", "BASE", "SIZE", "DATA", "OPS");
1715 	}
1716 
1717 	if (mdb_vread(&s, sizeof (s), addr) == -1) {
1718 		mdb_warn("failed to read seg at %p", addr);
1719 		return (DCMD_ERR);
1720 	}
1721 
1722 	mdb_printf("%?p %?p %?lx %?p %a\n",
1723 	    addr, s.s_base, s.s_size, s.s_data, s.s_ops);
1724 
1725 	return (DCMD_OK);
1726 }
1727 
1728 /*ARGSUSED*/
1729 static int
1730 pmap_walk_anon(uintptr_t addr, const struct anon *anon, int *nres)
1731 {
1732 	uintptr_t pp =
1733 	    mdb_vnode2page((uintptr_t)anon->an_vp, (uintptr_t)anon->an_off);
1734 
1735 	if (pp != NULL)
1736 		(*nres)++;
1737 
1738 	return (WALK_NEXT);
1739 }
1740 
1741 static int
1742 pmap_walk_seg(uintptr_t addr, const struct seg *seg, uintptr_t segvn)
1743 {
1744 
1745 	mdb_printf("%0?p %0?p %7dk", addr, seg->s_base, seg->s_size / 1024);
1746 
1747 	if (segvn == (uintptr_t)seg->s_ops) {
1748 		struct segvn_data svn;
1749 		int nres = 0;
1750 
1751 		(void) mdb_vread(&svn, sizeof (svn), (uintptr_t)seg->s_data);
1752 
1753 		if (svn.amp == NULL) {
1754 			mdb_printf(" %8s", "");
1755 			goto drive_on;
1756 		}
1757 
1758 		/*
1759 		 * We've got an amp for this segment; walk through
1760 		 * the amp, and determine mappings.
1761 		 */
1762 		if (mdb_pwalk("anon", (mdb_walk_cb_t)pmap_walk_anon,
1763 		    &nres, (uintptr_t)svn.amp) == -1)
1764 			mdb_warn("failed to walk anon (amp=%p)", svn.amp);
1765 
1766 		mdb_printf(" %7dk", (nres * PAGESIZE) / 1024);
1767 drive_on:
1768 
1769 		if (svn.vp != NULL) {
1770 			char buf[29];
1771 
1772 			mdb_vnode2path((uintptr_t)svn.vp, buf, sizeof (buf));
1773 			mdb_printf(" %s", buf);
1774 		} else
1775 			mdb_printf(" [ anon ]");
1776 	}
1777 
1778 	mdb_printf("\n");
1779 	return (WALK_NEXT);
1780 }
1781 
1782 static int
1783 pmap_walk_seg_quick(uintptr_t addr, const struct seg *seg, uintptr_t segvn)
1784 {
1785 	mdb_printf("%0?p %0?p %7dk", addr, seg->s_base, seg->s_size / 1024);
1786 
1787 	if (segvn == (uintptr_t)seg->s_ops) {
1788 		struct segvn_data svn;
1789 
1790 		(void) mdb_vread(&svn, sizeof (svn), (uintptr_t)seg->s_data);
1791 
1792 		if (svn.vp != NULL) {
1793 			mdb_printf(" %0?p", svn.vp);
1794 		} else {
1795 			mdb_printf(" [ anon ]");
1796 		}
1797 	}
1798 
1799 	mdb_printf("\n");
1800 	return (WALK_NEXT);
1801 }
1802 
1803 /*ARGSUSED*/
1804 int
1805 pmap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1806 {
1807 	uintptr_t segvn;
1808 	proc_t proc;
1809 	uint_t quick = FALSE;
1810 	mdb_walk_cb_t cb = (mdb_walk_cb_t)pmap_walk_seg;
1811 
1812 	GElf_Sym sym;
1813 
1814 	if (!(flags & DCMD_ADDRSPEC))
1815 		return (DCMD_USAGE);
1816 
1817 	if (mdb_getopts(argc, argv,
1818 	    'q', MDB_OPT_SETBITS, TRUE, &quick, NULL) != argc)
1819 		return (DCMD_USAGE);
1820 
1821 	if (mdb_vread(&proc, sizeof (proc), addr) == -1) {
1822 		mdb_warn("failed to read proc at %p", addr);
1823 		return (DCMD_ERR);
1824 	}
1825 
1826 	if (mdb_lookup_by_name("segvn_ops", &sym) == 0)
1827 		segvn = (uintptr_t)sym.st_value;
1828 	else
1829 		segvn = NULL;
1830 
1831 	mdb_printf("%?s %?s %8s ", "SEG", "BASE", "SIZE");
1832 
1833 	if (quick) {
1834 		mdb_printf("VNODE\n");
1835 		cb = (mdb_walk_cb_t)pmap_walk_seg_quick;
1836 	} else {
1837 		mdb_printf("%8s %s\n", "RES", "PATH");
1838 	}
1839 
1840 	if (mdb_pwalk("seg", cb, (void *)segvn, (uintptr_t)proc.p_as) == -1) {
1841 		mdb_warn("failed to walk segments of as %p", proc.p_as);
1842 		return (DCMD_ERR);
1843 	}
1844 
1845 	return (DCMD_OK);
1846 }
1847 
1848 typedef struct anon_walk_data {
1849 	uintptr_t *aw_levone;
1850 	uintptr_t *aw_levtwo;
1851 	int aw_nlevone;
1852 	int aw_levone_ndx;
1853 	int aw_levtwo_ndx;
1854 	struct anon_map aw_amp;
1855 	struct anon_hdr aw_ahp;
1856 } anon_walk_data_t;
1857 
1858 int
1859 anon_walk_init(mdb_walk_state_t *wsp)
1860 {
1861 	anon_walk_data_t *aw;
1862 
1863 	if (wsp->walk_addr == NULL) {
1864 		mdb_warn("anon walk doesn't support global walks\n");
1865 		return (WALK_ERR);
1866 	}
1867 
1868 	aw = mdb_alloc(sizeof (anon_walk_data_t), UM_SLEEP);
1869 
1870 	if (mdb_vread(&aw->aw_amp, sizeof (aw->aw_amp), wsp->walk_addr) == -1) {
1871 		mdb_warn("failed to read anon map at %p", wsp->walk_addr);
1872 		mdb_free(aw, sizeof (anon_walk_data_t));
1873 		return (WALK_ERR);
1874 	}
1875 
1876 	if (mdb_vread(&aw->aw_ahp, sizeof (aw->aw_ahp),
1877 	    (uintptr_t)(aw->aw_amp.ahp)) == -1) {
1878 		mdb_warn("failed to read anon hdr ptr at %p", aw->aw_amp.ahp);
1879 		mdb_free(aw, sizeof (anon_walk_data_t));
1880 		return (WALK_ERR);
1881 	}
1882 
1883 	if (aw->aw_ahp.size <= ANON_CHUNK_SIZE ||
1884 	    (aw->aw_ahp.flags & ANON_ALLOC_FORCE)) {
1885 		aw->aw_nlevone = aw->aw_ahp.size;
1886 		aw->aw_levtwo = NULL;
1887 	} else {
1888 		aw->aw_nlevone =
1889 		    (aw->aw_ahp.size + ANON_CHUNK_OFF) >> ANON_CHUNK_SHIFT;
1890 		aw->aw_levtwo =
1891 		    mdb_zalloc(ANON_CHUNK_SIZE * sizeof (uintptr_t), UM_SLEEP);
1892 	}
1893 
1894 	aw->aw_levone =
1895 	    mdb_alloc(aw->aw_nlevone * sizeof (uintptr_t), UM_SLEEP);
1896 
1897 	aw->aw_levone_ndx = 0;
1898 	aw->aw_levtwo_ndx = 0;
1899 
1900 	mdb_vread(aw->aw_levone, aw->aw_nlevone * sizeof (uintptr_t),
1901 	    (uintptr_t)aw->aw_ahp.array_chunk);
1902 
1903 	if (aw->aw_levtwo != NULL) {
1904 		while (aw->aw_levone[aw->aw_levone_ndx] == NULL) {
1905 			aw->aw_levone_ndx++;
1906 			if (aw->aw_levone_ndx == aw->aw_nlevone) {
1907 				mdb_warn("corrupt anon; couldn't"
1908 				    "find ptr to lev two map");
1909 				goto out;
1910 			}
1911 		}
1912 
1913 		mdb_vread(aw->aw_levtwo, ANON_CHUNK_SIZE * sizeof (uintptr_t),
1914 		    aw->aw_levone[aw->aw_levone_ndx]);
1915 	}
1916 
1917 out:
1918 	wsp->walk_data = aw;
1919 	return (0);
1920 }
1921 
1922 int
1923 anon_walk_step(mdb_walk_state_t *wsp)
1924 {
1925 	int status;
1926 	anon_walk_data_t *aw = (anon_walk_data_t *)wsp->walk_data;
1927 	struct anon anon;
1928 	uintptr_t anonptr;
1929 
1930 again:
1931 	/*
1932 	 * Once we've walked through level one, we're done.
1933 	 */
1934 	if (aw->aw_levone_ndx == aw->aw_nlevone)
1935 		return (WALK_DONE);
1936 
1937 	if (aw->aw_levtwo == NULL) {
1938 		anonptr = aw->aw_levone[aw->aw_levone_ndx];
1939 		aw->aw_levone_ndx++;
1940 	} else {
1941 		anonptr = aw->aw_levtwo[aw->aw_levtwo_ndx];
1942 		aw->aw_levtwo_ndx++;
1943 
1944 		if (aw->aw_levtwo_ndx == ANON_CHUNK_SIZE) {
1945 			aw->aw_levtwo_ndx = 0;
1946 
1947 			do {
1948 				aw->aw_levone_ndx++;
1949 
1950 				if (aw->aw_levone_ndx == aw->aw_nlevone)
1951 					return (WALK_DONE);
1952 			} while (aw->aw_levone[aw->aw_levone_ndx] == NULL);
1953 
1954 			mdb_vread(aw->aw_levtwo, ANON_CHUNK_SIZE *
1955 			    sizeof (uintptr_t),
1956 			    aw->aw_levone[aw->aw_levone_ndx]);
1957 		}
1958 	}
1959 
1960 	if (anonptr != NULL) {
1961 		mdb_vread(&anon, sizeof (anon), anonptr);
1962 		status = wsp->walk_callback(anonptr, &anon, wsp->walk_cbdata);
1963 	} else
1964 		goto again;
1965 
1966 	return (status);
1967 }
1968 
1969 void
1970 anon_walk_fini(mdb_walk_state_t *wsp)
1971 {
1972 	anon_walk_data_t *aw = (anon_walk_data_t *)wsp->walk_data;
1973 
1974 	if (aw->aw_levtwo != NULL)
1975 		mdb_free(aw->aw_levtwo, ANON_CHUNK_SIZE * sizeof (uintptr_t));
1976 
1977 	mdb_free(aw->aw_levone, aw->aw_nlevone * sizeof (uintptr_t));
1978 	mdb_free(aw, sizeof (anon_walk_data_t));
1979 }
1980 
1981 /*ARGSUSED*/
1982 int
1983 whereopen_fwalk(uintptr_t addr, struct file *f, uintptr_t *target)
1984 {
1985 	if ((uintptr_t)f->f_vnode == *target) {
1986 		mdb_printf("file %p\n", addr);
1987 		*target = NULL;
1988 	}
1989 
1990 	return (WALK_NEXT);
1991 }
1992 
1993 /*ARGSUSED*/
1994 int
1995 whereopen_pwalk(uintptr_t addr, void *ignored, uintptr_t *target)
1996 {
1997 	uintptr_t t = *target;
1998 
1999 	if (mdb_pwalk("file", (mdb_walk_cb_t)whereopen_fwalk, &t, addr) == -1) {
2000 		mdb_warn("couldn't file walk proc %p", addr);
2001 		return (WALK_ERR);
2002 	}
2003 
2004 	if (t == NULL)
2005 		mdb_printf("%p\n", addr);
2006 
2007 	return (WALK_NEXT);
2008 }
2009 
2010 /*ARGSUSED*/
2011 int
2012 whereopen(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2013 {
2014 	uintptr_t target = addr;
2015 
2016 	if (!(flags & DCMD_ADDRSPEC) || addr == NULL)
2017 		return (DCMD_USAGE);
2018 
2019 	if (mdb_walk("proc", (mdb_walk_cb_t)whereopen_pwalk, &target) == -1) {
2020 		mdb_warn("can't proc walk");
2021 		return (DCMD_ERR);
2022 	}
2023 
2024 	return (DCMD_OK);
2025 }
2026 
2027 typedef struct datafmt {
2028 	char	*hdr1;
2029 	char	*hdr2;
2030 	char	*dashes;
2031 	char	*fmt;
2032 } datafmt_t;
2033 
2034 static datafmt_t kmemfmt[] = {
2035 	{ "cache                    ", "name                     ",
2036 	"-------------------------", "%-25s "				},
2037 	{ "   buf",	"  size",	"------",	"%6u "		},
2038 	{ "   buf",	"in use",	"------",	"%6u "		},
2039 	{ "   buf",	" total",	"------",	"%6u "		},
2040 	{ "   memory",	"   in use",	"----------",	"%9u%c "	},
2041 	{ "    alloc",	"  succeed",	"---------",	"%9u "		},
2042 	{ "alloc",	" fail",	"-----",	"%5u "		},
2043 	{ NULL,		NULL,		NULL,		NULL		}
2044 };
2045 
2046 static datafmt_t vmemfmt[] = {
2047 	{ "vmem                     ", "name                     ",
2048 	"-------------------------", "%-*s "				},
2049 	{ "   memory",	"   in use",	"----------",	"%9llu%c "	},
2050 	{ "    memory",	"     total",	"-----------",	"%10llu%c "	},
2051 	{ "   memory",	"   import",	"----------",	"%9llu%c "	},
2052 	{ "    alloc",	"  succeed",	"---------",	"%9llu "	},
2053 	{ "alloc",	" fail",	"-----",	"%5llu "	},
2054 	{ NULL,		NULL,		NULL,		NULL		}
2055 };
2056 
2057 /*ARGSUSED*/
2058 static int
2059 kmastat_cpu_avail(uintptr_t addr, const kmem_cpu_cache_t *ccp, int *avail)
2060 {
2061 	if (ccp->cc_rounds > 0)
2062 		*avail += ccp->cc_rounds;
2063 	if (ccp->cc_prounds > 0)
2064 		*avail += ccp->cc_prounds;
2065 
2066 	return (WALK_NEXT);
2067 }
2068 
2069 /*ARGSUSED*/
2070 static int
2071 kmastat_cpu_alloc(uintptr_t addr, const kmem_cpu_cache_t *ccp, int *alloc)
2072 {
2073 	*alloc += ccp->cc_alloc;
2074 
2075 	return (WALK_NEXT);
2076 }
2077 
2078 /*ARGSUSED*/
2079 static int
2080 kmastat_slab_avail(uintptr_t addr, const kmem_slab_t *sp, int *avail)
2081 {
2082 	*avail += sp->slab_chunks - sp->slab_refcnt;
2083 
2084 	return (WALK_NEXT);
2085 }
2086 
2087 typedef struct kmastat_vmem {
2088 	uintptr_t kv_addr;
2089 	struct kmastat_vmem *kv_next;
2090 	int kv_meminuse;
2091 	int kv_alloc;
2092 	int kv_fail;
2093 } kmastat_vmem_t;
2094 
2095 typedef struct kmastat_args {
2096 	kmastat_vmem_t **ka_kvpp;
2097 	uint_t ka_shift;
2098 } kmastat_args_t;
2099 
2100 static int
2101 kmastat_cache(uintptr_t addr, const kmem_cache_t *cp, kmastat_args_t *kap)
2102 {
2103 	kmastat_vmem_t **kvp = kap->ka_kvpp;
2104 	kmastat_vmem_t *kv;
2105 	datafmt_t *dfp = kmemfmt;
2106 	int magsize;
2107 
2108 	int avail, alloc, total;
2109 	size_t meminuse = (cp->cache_slab_create - cp->cache_slab_destroy) *
2110 	    cp->cache_slabsize;
2111 
2112 	mdb_walk_cb_t cpu_avail = (mdb_walk_cb_t)kmastat_cpu_avail;
2113 	mdb_walk_cb_t cpu_alloc = (mdb_walk_cb_t)kmastat_cpu_alloc;
2114 	mdb_walk_cb_t slab_avail = (mdb_walk_cb_t)kmastat_slab_avail;
2115 
2116 	magsize = kmem_get_magsize(cp);
2117 
2118 	alloc = cp->cache_slab_alloc + cp->cache_full.ml_alloc;
2119 	avail = cp->cache_full.ml_total * magsize;
2120 	total = cp->cache_buftotal;
2121 
2122 	(void) mdb_pwalk("kmem_cpu_cache", cpu_alloc, &alloc, addr);
2123 	(void) mdb_pwalk("kmem_cpu_cache", cpu_avail, &avail, addr);
2124 	(void) mdb_pwalk("kmem_slab_partial", slab_avail, &avail, addr);
2125 
2126 	for (kv = *kvp; kv != NULL; kv = kv->kv_next) {
2127 		if (kv->kv_addr == (uintptr_t)cp->cache_arena)
2128 			goto out;
2129 	}
2130 
2131 	kv = mdb_zalloc(sizeof (kmastat_vmem_t), UM_SLEEP | UM_GC);
2132 	kv->kv_next = *kvp;
2133 	kv->kv_addr = (uintptr_t)cp->cache_arena;
2134 	*kvp = kv;
2135 out:
2136 	kv->kv_meminuse += meminuse;
2137 	kv->kv_alloc += alloc;
2138 	kv->kv_fail += cp->cache_alloc_fail;
2139 
2140 	mdb_printf((dfp++)->fmt, cp->cache_name);
2141 	mdb_printf((dfp++)->fmt, cp->cache_bufsize);
2142 	mdb_printf((dfp++)->fmt, total - avail);
2143 	mdb_printf((dfp++)->fmt, total);
2144 	mdb_printf((dfp++)->fmt, meminuse >> kap->ka_shift,
2145 	    kap->ka_shift == GIGS ? 'G' : kap->ka_shift == MEGS ? 'M' :
2146 	    kap->ka_shift == KILOS ? 'K' : 'B');
2147 	mdb_printf((dfp++)->fmt, alloc);
2148 	mdb_printf((dfp++)->fmt, cp->cache_alloc_fail);
2149 	mdb_printf("\n");
2150 
2151 	return (WALK_NEXT);
2152 }
2153 
2154 static int
2155 kmastat_vmem_totals(uintptr_t addr, const vmem_t *v, kmastat_args_t *kap)
2156 {
2157 	kmastat_vmem_t *kv = *kap->ka_kvpp;
2158 	size_t len;
2159 
2160 	while (kv != NULL && kv->kv_addr != addr)
2161 		kv = kv->kv_next;
2162 
2163 	if (kv == NULL || kv->kv_alloc == 0)
2164 		return (WALK_NEXT);
2165 
2166 	len = MIN(17, strlen(v->vm_name));
2167 
2168 	mdb_printf("Total [%s]%*s %6s %6s %6s %9u%c %9u %5u\n", v->vm_name,
2169 	    17 - len, "", "", "", "",
2170 	    kv->kv_meminuse >> kap->ka_shift,
2171 	    kap->ka_shift == GIGS ? 'G' : kap->ka_shift == MEGS ? 'M' :
2172 	    kap->ka_shift == KILOS ? 'K' : 'B', kv->kv_alloc, kv->kv_fail);
2173 
2174 	return (WALK_NEXT);
2175 }
2176 
2177 /*ARGSUSED*/
2178 static int
2179 kmastat_vmem(uintptr_t addr, const vmem_t *v, const uint_t *shiftp)
2180 {
2181 	datafmt_t *dfp = vmemfmt;
2182 	const vmem_kstat_t *vkp = &v->vm_kstat;
2183 	uintptr_t paddr;
2184 	vmem_t parent;
2185 	int ident = 0;
2186 
2187 	for (paddr = (uintptr_t)v->vm_source; paddr != NULL; ident += 4) {
2188 		if (mdb_vread(&parent, sizeof (parent), paddr) == -1) {
2189 			mdb_warn("couldn't trace %p's ancestry", addr);
2190 			ident = 0;
2191 			break;
2192 		}
2193 		paddr = (uintptr_t)parent.vm_source;
2194 	}
2195 
2196 	mdb_printf("%*s", ident, "");
2197 	mdb_printf((dfp++)->fmt, 25 - ident, v->vm_name);
2198 	mdb_printf((dfp++)->fmt, vkp->vk_mem_inuse.value.ui64 >> *shiftp,
2199 	    *shiftp == GIGS ? 'G' : *shiftp == MEGS ? 'M' :
2200 	    *shiftp == KILOS ? 'K' : 'B');
2201 	mdb_printf((dfp++)->fmt, vkp->vk_mem_total.value.ui64 >> *shiftp,
2202 	    *shiftp == GIGS ? 'G' : *shiftp == MEGS ? 'M' :
2203 	    *shiftp == KILOS ? 'K' : 'B');
2204 	mdb_printf((dfp++)->fmt, vkp->vk_mem_import.value.ui64 >> *shiftp,
2205 	    *shiftp == GIGS ? 'G' : *shiftp == MEGS ? 'M' :
2206 	    *shiftp == KILOS ? 'K' : 'B');
2207 	mdb_printf((dfp++)->fmt, vkp->vk_alloc.value.ui64);
2208 	mdb_printf((dfp++)->fmt, vkp->vk_fail.value.ui64);
2209 
2210 	mdb_printf("\n");
2211 
2212 	return (WALK_NEXT);
2213 }
2214 
2215 /*ARGSUSED*/
2216 int
2217 kmastat(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2218 {
2219 	kmastat_vmem_t *kv = NULL;
2220 	datafmt_t *dfp;
2221 	kmastat_args_t ka;
2222 
2223 	ka.ka_shift = 0;
2224 	if (mdb_getopts(argc, argv,
2225 	    'k', MDB_OPT_SETBITS, KILOS, &ka.ka_shift,
2226 	    'm', MDB_OPT_SETBITS, MEGS, &ka.ka_shift,
2227 	    'g', MDB_OPT_SETBITS, GIGS, &ka.ka_shift, NULL) != argc)
2228 		return (DCMD_USAGE);
2229 
2230 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2231 		mdb_printf("%s ", dfp->hdr1);
2232 	mdb_printf("\n");
2233 
2234 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2235 		mdb_printf("%s ", dfp->hdr2);
2236 	mdb_printf("\n");
2237 
2238 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2239 		mdb_printf("%s ", dfp->dashes);
2240 	mdb_printf("\n");
2241 
2242 	ka.ka_kvpp = &kv;
2243 	if (mdb_walk("kmem_cache", (mdb_walk_cb_t)kmastat_cache, &ka) == -1) {
2244 		mdb_warn("can't walk 'kmem_cache'");
2245 		return (DCMD_ERR);
2246 	}
2247 
2248 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2249 		mdb_printf("%s ", dfp->dashes);
2250 	mdb_printf("\n");
2251 
2252 	if (mdb_walk("vmem", (mdb_walk_cb_t)kmastat_vmem_totals, &ka) == -1) {
2253 		mdb_warn("can't walk 'vmem'");
2254 		return (DCMD_ERR);
2255 	}
2256 
2257 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2258 		mdb_printf("%s ", dfp->dashes);
2259 	mdb_printf("\n");
2260 
2261 	mdb_printf("\n");
2262 
2263 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2264 		mdb_printf("%s ", dfp->hdr1);
2265 	mdb_printf("\n");
2266 
2267 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2268 		mdb_printf("%s ", dfp->hdr2);
2269 	mdb_printf("\n");
2270 
2271 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2272 		mdb_printf("%s ", dfp->dashes);
2273 	mdb_printf("\n");
2274 
2275 	if (mdb_walk("vmem", (mdb_walk_cb_t)kmastat_vmem, &ka.ka_shift) == -1) {
2276 		mdb_warn("can't walk 'vmem'");
2277 		return (DCMD_ERR);
2278 	}
2279 
2280 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2281 		mdb_printf("%s ", dfp->dashes);
2282 	mdb_printf("\n");
2283 	return (DCMD_OK);
2284 }
2285 
2286 /*
2287  * Our ::kgrep callback scans the entire kernel VA space (kas).  kas is made
2288  * up of a set of 'struct seg's.  We could just scan each seg en masse, but
2289  * unfortunately, a few of the segs are both large and sparse, so we could
2290  * spend quite a bit of time scanning VAs which have no backing pages.
2291  *
2292  * So for the few very sparse segs, we skip the segment itself, and scan
2293  * the allocated vmem_segs in the vmem arena which manages that part of kas.
2294  * Currently, we do this for:
2295  *
2296  *	SEG		VMEM ARENA
2297  *	kvseg		heap_arena
2298  *	kvseg32		heap32_arena
2299  *	kvseg_core	heap_core_arena
2300  *
2301  * In addition, we skip the segkpm segment in its entirety, since it is very
2302  * sparse, and contains no new kernel data.
2303  */
2304 typedef struct kgrep_walk_data {
2305 	kgrep_cb_func *kg_cb;
2306 	void *kg_cbdata;
2307 	uintptr_t kg_kvseg;
2308 	uintptr_t kg_kvseg32;
2309 	uintptr_t kg_kvseg_core;
2310 	uintptr_t kg_segkpm;
2311 	uintptr_t kg_heap_lp_base;
2312 	uintptr_t kg_heap_lp_end;
2313 } kgrep_walk_data_t;
2314 
2315 static int
2316 kgrep_walk_seg(uintptr_t addr, const struct seg *seg, kgrep_walk_data_t *kg)
2317 {
2318 	uintptr_t base = (uintptr_t)seg->s_base;
2319 
2320 	if (addr == kg->kg_kvseg || addr == kg->kg_kvseg32 ||
2321 	    addr == kg->kg_kvseg_core)
2322 		return (WALK_NEXT);
2323 
2324 	if ((uintptr_t)seg->s_ops == kg->kg_segkpm)
2325 		return (WALK_NEXT);
2326 
2327 	return (kg->kg_cb(base, base + seg->s_size, kg->kg_cbdata));
2328 }
2329 
2330 /*ARGSUSED*/
2331 static int
2332 kgrep_walk_vseg(uintptr_t addr, const vmem_seg_t *seg, kgrep_walk_data_t *kg)
2333 {
2334 	/*
2335 	 * skip large page heap address range - it is scanned by walking
2336 	 * allocated vmem_segs in the heap_lp_arena
2337 	 */
2338 	if (seg->vs_start == kg->kg_heap_lp_base &&
2339 	    seg->vs_end == kg->kg_heap_lp_end)
2340 		return (WALK_NEXT);
2341 
2342 	return (kg->kg_cb(seg->vs_start, seg->vs_end, kg->kg_cbdata));
2343 }
2344 
2345 /*ARGSUSED*/
2346 static int
2347 kgrep_xwalk_vseg(uintptr_t addr, const vmem_seg_t *seg, kgrep_walk_data_t *kg)
2348 {
2349 	return (kg->kg_cb(seg->vs_start, seg->vs_end, kg->kg_cbdata));
2350 }
2351 
2352 static int
2353 kgrep_walk_vmem(uintptr_t addr, const vmem_t *vmem, kgrep_walk_data_t *kg)
2354 {
2355 	mdb_walk_cb_t walk_vseg = (mdb_walk_cb_t)kgrep_walk_vseg;
2356 
2357 	if (strcmp(vmem->vm_name, "heap") != 0 &&
2358 	    strcmp(vmem->vm_name, "heap32") != 0 &&
2359 	    strcmp(vmem->vm_name, "heap_core") != 0 &&
2360 	    strcmp(vmem->vm_name, "heap_lp") != 0)
2361 		return (WALK_NEXT);
2362 
2363 	if (strcmp(vmem->vm_name, "heap_lp") == 0)
2364 		walk_vseg = (mdb_walk_cb_t)kgrep_xwalk_vseg;
2365 
2366 	if (mdb_pwalk("vmem_alloc", walk_vseg, kg, addr) == -1) {
2367 		mdb_warn("couldn't walk vmem_alloc for vmem %p", addr);
2368 		return (WALK_ERR);
2369 	}
2370 
2371 	return (WALK_NEXT);
2372 }
2373 
2374 int
2375 kgrep_subr(kgrep_cb_func *cb, void *cbdata)
2376 {
2377 	GElf_Sym kas, kvseg, kvseg32, kvseg_core, segkpm;
2378 	kgrep_walk_data_t kg;
2379 
2380 	if (mdb_get_state() == MDB_STATE_RUNNING) {
2381 		mdb_warn("kgrep can only be run on a system "
2382 		    "dump or under kmdb; see dumpadm(1M)\n");
2383 		return (DCMD_ERR);
2384 	}
2385 
2386 	if (mdb_lookup_by_name("kas", &kas) == -1) {
2387 		mdb_warn("failed to locate 'kas' symbol\n");
2388 		return (DCMD_ERR);
2389 	}
2390 
2391 	if (mdb_lookup_by_name("kvseg", &kvseg) == -1) {
2392 		mdb_warn("failed to locate 'kvseg' symbol\n");
2393 		return (DCMD_ERR);
2394 	}
2395 
2396 	if (mdb_lookup_by_name("kvseg32", &kvseg32) == -1) {
2397 		mdb_warn("failed to locate 'kvseg32' symbol\n");
2398 		return (DCMD_ERR);
2399 	}
2400 
2401 	if (mdb_lookup_by_name("kvseg_core", &kvseg_core) == -1) {
2402 		mdb_warn("failed to locate 'kvseg_core' symbol\n");
2403 		return (DCMD_ERR);
2404 	}
2405 
2406 	if (mdb_lookup_by_name("segkpm_ops", &segkpm) == -1) {
2407 		mdb_warn("failed to locate 'segkpm_ops' symbol\n");
2408 		return (DCMD_ERR);
2409 	}
2410 
2411 	if (mdb_readvar(&kg.kg_heap_lp_base, "heap_lp_base") == -1) {
2412 		mdb_warn("failed to read 'heap_lp_base'\n");
2413 		return (DCMD_ERR);
2414 	}
2415 
2416 	if (mdb_readvar(&kg.kg_heap_lp_end, "heap_lp_end") == -1) {
2417 		mdb_warn("failed to read 'heap_lp_end'\n");
2418 		return (DCMD_ERR);
2419 	}
2420 
2421 	kg.kg_cb = cb;
2422 	kg.kg_cbdata = cbdata;
2423 	kg.kg_kvseg = (uintptr_t)kvseg.st_value;
2424 	kg.kg_kvseg32 = (uintptr_t)kvseg32.st_value;
2425 	kg.kg_kvseg_core = (uintptr_t)kvseg_core.st_value;
2426 	kg.kg_segkpm = (uintptr_t)segkpm.st_value;
2427 
2428 	if (mdb_pwalk("seg", (mdb_walk_cb_t)kgrep_walk_seg,
2429 	    &kg, kas.st_value) == -1) {
2430 		mdb_warn("failed to walk kas segments");
2431 		return (DCMD_ERR);
2432 	}
2433 
2434 	if (mdb_walk("vmem", (mdb_walk_cb_t)kgrep_walk_vmem, &kg) == -1) {
2435 		mdb_warn("failed to walk heap/heap32 vmem arenas");
2436 		return (DCMD_ERR);
2437 	}
2438 
2439 	return (DCMD_OK);
2440 }
2441 
2442 size_t
2443 kgrep_subr_pagesize(void)
2444 {
2445 	return (PAGESIZE);
2446 }
2447 
2448 typedef struct file_walk_data {
2449 	struct uf_entry *fw_flist;
2450 	int fw_flistsz;
2451 	int fw_ndx;
2452 	int fw_nofiles;
2453 } file_walk_data_t;
2454 
2455 int
2456 file_walk_init(mdb_walk_state_t *wsp)
2457 {
2458 	file_walk_data_t *fw;
2459 	proc_t p;
2460 
2461 	if (wsp->walk_addr == NULL) {
2462 		mdb_warn("file walk doesn't support global walks\n");
2463 		return (WALK_ERR);
2464 	}
2465 
2466 	fw = mdb_alloc(sizeof (file_walk_data_t), UM_SLEEP);
2467 
2468 	if (mdb_vread(&p, sizeof (p), wsp->walk_addr) == -1) {
2469 		mdb_free(fw, sizeof (file_walk_data_t));
2470 		mdb_warn("failed to read proc structure at %p", wsp->walk_addr);
2471 		return (WALK_ERR);
2472 	}
2473 
2474 	if (p.p_user.u_finfo.fi_nfiles == 0) {
2475 		mdb_free(fw, sizeof (file_walk_data_t));
2476 		return (WALK_DONE);
2477 	}
2478 
2479 	fw->fw_nofiles = p.p_user.u_finfo.fi_nfiles;
2480 	fw->fw_flistsz = sizeof (struct uf_entry) * fw->fw_nofiles;
2481 	fw->fw_flist = mdb_alloc(fw->fw_flistsz, UM_SLEEP);
2482 
2483 	if (mdb_vread(fw->fw_flist, fw->fw_flistsz,
2484 	    (uintptr_t)p.p_user.u_finfo.fi_list) == -1) {
2485 		mdb_warn("failed to read file array at %p",
2486 		    p.p_user.u_finfo.fi_list);
2487 		mdb_free(fw->fw_flist, fw->fw_flistsz);
2488 		mdb_free(fw, sizeof (file_walk_data_t));
2489 		return (WALK_ERR);
2490 	}
2491 
2492 	fw->fw_ndx = 0;
2493 	wsp->walk_data = fw;
2494 
2495 	return (WALK_NEXT);
2496 }
2497 
2498 int
2499 file_walk_step(mdb_walk_state_t *wsp)
2500 {
2501 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
2502 	struct file file;
2503 	uintptr_t fp;
2504 
2505 again:
2506 	if (fw->fw_ndx == fw->fw_nofiles)
2507 		return (WALK_DONE);
2508 
2509 	if ((fp = (uintptr_t)fw->fw_flist[fw->fw_ndx++].uf_file) == NULL)
2510 		goto again;
2511 
2512 	(void) mdb_vread(&file, sizeof (file), (uintptr_t)fp);
2513 	return (wsp->walk_callback(fp, &file, wsp->walk_cbdata));
2514 }
2515 
2516 int
2517 allfile_walk_step(mdb_walk_state_t *wsp)
2518 {
2519 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
2520 	struct file file;
2521 	uintptr_t fp;
2522 
2523 	if (fw->fw_ndx == fw->fw_nofiles)
2524 		return (WALK_DONE);
2525 
2526 	if ((fp = (uintptr_t)fw->fw_flist[fw->fw_ndx++].uf_file) != NULL)
2527 		(void) mdb_vread(&file, sizeof (file), (uintptr_t)fp);
2528 	else
2529 		bzero(&file, sizeof (file));
2530 
2531 	return (wsp->walk_callback(fp, &file, wsp->walk_cbdata));
2532 }
2533 
2534 void
2535 file_walk_fini(mdb_walk_state_t *wsp)
2536 {
2537 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
2538 
2539 	mdb_free(fw->fw_flist, fw->fw_flistsz);
2540 	mdb_free(fw, sizeof (file_walk_data_t));
2541 }
2542 
2543 int
2544 port_walk_init(mdb_walk_state_t *wsp)
2545 {
2546 	if (wsp->walk_addr == NULL) {
2547 		mdb_warn("port walk doesn't support global walks\n");
2548 		return (WALK_ERR);
2549 	}
2550 
2551 	if (mdb_layered_walk("file", wsp) == -1) {
2552 		mdb_warn("couldn't walk 'file'");
2553 		return (WALK_ERR);
2554 	}
2555 	return (WALK_NEXT);
2556 }
2557 
2558 int
2559 port_walk_step(mdb_walk_state_t *wsp)
2560 {
2561 	struct vnode	vn;
2562 	uintptr_t	vp;
2563 	uintptr_t	pp;
2564 	struct port	port;
2565 
2566 	vp = (uintptr_t)((struct file *)wsp->walk_layer)->f_vnode;
2567 	if (mdb_vread(&vn, sizeof (vn), vp) == -1) {
2568 		mdb_warn("failed to read vnode_t at %p", vp);
2569 		return (WALK_ERR);
2570 	}
2571 	if (vn.v_type != VPORT)
2572 		return (WALK_NEXT);
2573 
2574 	pp = (uintptr_t)vn.v_data;
2575 	if (mdb_vread(&port, sizeof (port), pp) == -1) {
2576 		mdb_warn("failed to read port_t at %p", pp);
2577 		return (WALK_ERR);
2578 	}
2579 	return (wsp->walk_callback(pp, &port, wsp->walk_cbdata));
2580 }
2581 
2582 typedef struct portev_walk_data {
2583 	list_node_t	*pev_node;
2584 	list_node_t	*pev_last;
2585 	size_t		pev_offset;
2586 } portev_walk_data_t;
2587 
2588 int
2589 portev_walk_init(mdb_walk_state_t *wsp)
2590 {
2591 	portev_walk_data_t *pevd;
2592 	struct port	port;
2593 	struct vnode	vn;
2594 	struct list	*list;
2595 	uintptr_t	vp;
2596 
2597 	if (wsp->walk_addr == NULL) {
2598 		mdb_warn("portev walk doesn't support global walks\n");
2599 		return (WALK_ERR);
2600 	}
2601 
2602 	pevd = mdb_alloc(sizeof (portev_walk_data_t), UM_SLEEP);
2603 
2604 	if (mdb_vread(&port, sizeof (port), wsp->walk_addr) == -1) {
2605 		mdb_free(pevd, sizeof (portev_walk_data_t));
2606 		mdb_warn("failed to read port structure at %p", wsp->walk_addr);
2607 		return (WALK_ERR);
2608 	}
2609 
2610 	vp = (uintptr_t)port.port_vnode;
2611 	if (mdb_vread(&vn, sizeof (vn), vp) == -1) {
2612 		mdb_free(pevd, sizeof (portev_walk_data_t));
2613 		mdb_warn("failed to read vnode_t at %p", vp);
2614 		return (WALK_ERR);
2615 	}
2616 
2617 	if (vn.v_type != VPORT) {
2618 		mdb_free(pevd, sizeof (portev_walk_data_t));
2619 		mdb_warn("input address (%p) does not point to an event port",
2620 		    wsp->walk_addr);
2621 		return (WALK_ERR);
2622 	}
2623 
2624 	if (port.port_queue.portq_nent == 0) {
2625 		mdb_free(pevd, sizeof (portev_walk_data_t));
2626 		return (WALK_DONE);
2627 	}
2628 	list = &port.port_queue.portq_list;
2629 	pevd->pev_offset = list->list_offset;
2630 	pevd->pev_last = list->list_head.list_prev;
2631 	pevd->pev_node = list->list_head.list_next;
2632 	wsp->walk_data = pevd;
2633 	return (WALK_NEXT);
2634 }
2635 
2636 int
2637 portev_walk_step(mdb_walk_state_t *wsp)
2638 {
2639 	portev_walk_data_t	*pevd;
2640 	struct port_kevent	ev;
2641 	uintptr_t		evp;
2642 
2643 	pevd = (portev_walk_data_t *)wsp->walk_data;
2644 
2645 	if (pevd->pev_last == NULL)
2646 		return (WALK_DONE);
2647 	if (pevd->pev_node == pevd->pev_last)
2648 		pevd->pev_last = NULL;		/* last round */
2649 
2650 	evp = ((uintptr_t)(((char *)pevd->pev_node) - pevd->pev_offset));
2651 	if (mdb_vread(&ev, sizeof (ev), evp) == -1) {
2652 		mdb_warn("failed to read port_kevent at %p", evp);
2653 		return (WALK_DONE);
2654 	}
2655 	pevd->pev_node = ev.portkev_node.list_next;
2656 	return (wsp->walk_callback(evp, &ev, wsp->walk_cbdata));
2657 }
2658 
2659 void
2660 portev_walk_fini(mdb_walk_state_t *wsp)
2661 {
2662 	portev_walk_data_t *pevd = (portev_walk_data_t *)wsp->walk_data;
2663 
2664 	if (pevd != NULL)
2665 		mdb_free(pevd, sizeof (portev_walk_data_t));
2666 }
2667 
2668 typedef struct proc_walk_data {
2669 	uintptr_t *pw_stack;
2670 	int pw_depth;
2671 	int pw_max;
2672 } proc_walk_data_t;
2673 
2674 int
2675 proc_walk_init(mdb_walk_state_t *wsp)
2676 {
2677 	GElf_Sym sym;
2678 	proc_walk_data_t *pw;
2679 
2680 	if (wsp->walk_addr == NULL) {
2681 		if (mdb_lookup_by_name("p0", &sym) == -1) {
2682 			mdb_warn("failed to read 'practive'");
2683 			return (WALK_ERR);
2684 		}
2685 		wsp->walk_addr = (uintptr_t)sym.st_value;
2686 	}
2687 
2688 	pw = mdb_zalloc(sizeof (proc_walk_data_t), UM_SLEEP);
2689 
2690 	if (mdb_readvar(&pw->pw_max, "nproc") == -1) {
2691 		mdb_warn("failed to read 'nproc'");
2692 		mdb_free(pw, sizeof (pw));
2693 		return (WALK_ERR);
2694 	}
2695 
2696 	pw->pw_stack = mdb_alloc(pw->pw_max * sizeof (uintptr_t), UM_SLEEP);
2697 	wsp->walk_data = pw;
2698 
2699 	return (WALK_NEXT);
2700 }
2701 
2702 int
2703 proc_walk_step(mdb_walk_state_t *wsp)
2704 {
2705 	proc_walk_data_t *pw = wsp->walk_data;
2706 	uintptr_t addr = wsp->walk_addr;
2707 	uintptr_t cld, sib;
2708 
2709 	int status;
2710 	proc_t pr;
2711 
2712 	if (mdb_vread(&pr, sizeof (proc_t), addr) == -1) {
2713 		mdb_warn("failed to read proc at %p", addr);
2714 		return (WALK_DONE);
2715 	}
2716 
2717 	cld = (uintptr_t)pr.p_child;
2718 	sib = (uintptr_t)pr.p_sibling;
2719 
2720 	if (pw->pw_depth > 0 && addr == pw->pw_stack[pw->pw_depth - 1]) {
2721 		pw->pw_depth--;
2722 		goto sib;
2723 	}
2724 
2725 	status = wsp->walk_callback(addr, &pr, wsp->walk_cbdata);
2726 
2727 	if (status != WALK_NEXT)
2728 		return (status);
2729 
2730 	if ((wsp->walk_addr = cld) != NULL) {
2731 		if (mdb_vread(&pr, sizeof (proc_t), cld) == -1) {
2732 			mdb_warn("proc %p has invalid p_child %p; skipping\n",
2733 			    addr, cld);
2734 			goto sib;
2735 		}
2736 
2737 		pw->pw_stack[pw->pw_depth++] = addr;
2738 
2739 		if (pw->pw_depth == pw->pw_max) {
2740 			mdb_warn("depth %d exceeds max depth; try again\n",
2741 			    pw->pw_depth);
2742 			return (WALK_DONE);
2743 		}
2744 		return (WALK_NEXT);
2745 	}
2746 
2747 sib:
2748 	/*
2749 	 * We know that p0 has no siblings, and if another starting proc
2750 	 * was given, we don't want to walk its siblings anyway.
2751 	 */
2752 	if (pw->pw_depth == 0)
2753 		return (WALK_DONE);
2754 
2755 	if (sib != NULL && mdb_vread(&pr, sizeof (proc_t), sib) == -1) {
2756 		mdb_warn("proc %p has invalid p_sibling %p; skipping\n",
2757 		    addr, sib);
2758 		sib = NULL;
2759 	}
2760 
2761 	if ((wsp->walk_addr = sib) == NULL) {
2762 		if (pw->pw_depth > 0) {
2763 			wsp->walk_addr = pw->pw_stack[pw->pw_depth - 1];
2764 			return (WALK_NEXT);
2765 		}
2766 		return (WALK_DONE);
2767 	}
2768 
2769 	return (WALK_NEXT);
2770 }
2771 
2772 void
2773 proc_walk_fini(mdb_walk_state_t *wsp)
2774 {
2775 	proc_walk_data_t *pw = wsp->walk_data;
2776 
2777 	mdb_free(pw->pw_stack, pw->pw_max * sizeof (uintptr_t));
2778 	mdb_free(pw, sizeof (proc_walk_data_t));
2779 }
2780 
2781 int
2782 task_walk_init(mdb_walk_state_t *wsp)
2783 {
2784 	task_t task;
2785 
2786 	if (mdb_vread(&task, sizeof (task_t), wsp->walk_addr) == -1) {
2787 		mdb_warn("failed to read task at %p", wsp->walk_addr);
2788 		return (WALK_ERR);
2789 	}
2790 	wsp->walk_addr = (uintptr_t)task.tk_memb_list;
2791 	wsp->walk_data = task.tk_memb_list;
2792 	return (WALK_NEXT);
2793 }
2794 
2795 int
2796 task_walk_step(mdb_walk_state_t *wsp)
2797 {
2798 	proc_t proc;
2799 	int status;
2800 
2801 	if (mdb_vread(&proc, sizeof (proc_t), wsp->walk_addr) == -1) {
2802 		mdb_warn("failed to read proc at %p", wsp->walk_addr);
2803 		return (WALK_DONE);
2804 	}
2805 
2806 	status = wsp->walk_callback(wsp->walk_addr, NULL, wsp->walk_cbdata);
2807 
2808 	if (proc.p_tasknext == wsp->walk_data)
2809 		return (WALK_DONE);
2810 
2811 	wsp->walk_addr = (uintptr_t)proc.p_tasknext;
2812 	return (status);
2813 }
2814 
2815 int
2816 project_walk_init(mdb_walk_state_t *wsp)
2817 {
2818 	if (wsp->walk_addr == NULL) {
2819 		if (mdb_readvar(&wsp->walk_addr, "proj0p") == -1) {
2820 			mdb_warn("failed to read 'proj0p'");
2821 			return (WALK_ERR);
2822 		}
2823 	}
2824 	wsp->walk_data = (void *)wsp->walk_addr;
2825 	return (WALK_NEXT);
2826 }
2827 
2828 int
2829 project_walk_step(mdb_walk_state_t *wsp)
2830 {
2831 	uintptr_t addr = wsp->walk_addr;
2832 	kproject_t pj;
2833 	int status;
2834 
2835 	if (mdb_vread(&pj, sizeof (kproject_t), addr) == -1) {
2836 		mdb_warn("failed to read project at %p", addr);
2837 		return (WALK_DONE);
2838 	}
2839 	status = wsp->walk_callback(addr, &pj, wsp->walk_cbdata);
2840 	if (status != WALK_NEXT)
2841 		return (status);
2842 	wsp->walk_addr = (uintptr_t)pj.kpj_next;
2843 	if ((void *)wsp->walk_addr == wsp->walk_data)
2844 		return (WALK_DONE);
2845 	return (WALK_NEXT);
2846 }
2847 
2848 static int
2849 generic_walk_step(mdb_walk_state_t *wsp)
2850 {
2851 	return (wsp->walk_callback(wsp->walk_addr, wsp->walk_layer,
2852 	    wsp->walk_cbdata));
2853 }
2854 
2855 int
2856 seg_walk_init(mdb_walk_state_t *wsp)
2857 {
2858 	if (wsp->walk_addr == NULL) {
2859 		mdb_warn("seg walk must begin at struct as *\n");
2860 		return (WALK_ERR);
2861 	}
2862 
2863 	/*
2864 	 * this is really just a wrapper to AVL tree walk
2865 	 */
2866 	wsp->walk_addr = (uintptr_t)&((struct as *)wsp->walk_addr)->a_segtree;
2867 	return (avl_walk_init(wsp));
2868 }
2869 
2870 static int
2871 cpu_walk_cmp(const void *l, const void *r)
2872 {
2873 	uintptr_t lhs = *((uintptr_t *)l);
2874 	uintptr_t rhs = *((uintptr_t *)r);
2875 	cpu_t lcpu, rcpu;
2876 
2877 	(void) mdb_vread(&lcpu, sizeof (lcpu), lhs);
2878 	(void) mdb_vread(&rcpu, sizeof (rcpu), rhs);
2879 
2880 	if (lcpu.cpu_id < rcpu.cpu_id)
2881 		return (-1);
2882 
2883 	if (lcpu.cpu_id > rcpu.cpu_id)
2884 		return (1);
2885 
2886 	return (0);
2887 }
2888 
2889 typedef struct cpu_walk {
2890 	uintptr_t *cw_array;
2891 	int cw_ndx;
2892 } cpu_walk_t;
2893 
2894 int
2895 cpu_walk_init(mdb_walk_state_t *wsp)
2896 {
2897 	cpu_walk_t *cw;
2898 	int max_ncpus, i = 0;
2899 	uintptr_t current, first;
2900 	cpu_t cpu, panic_cpu;
2901 	uintptr_t panicstr, addr;
2902 	GElf_Sym sym;
2903 
2904 	cw = mdb_zalloc(sizeof (cpu_walk_t), UM_SLEEP | UM_GC);
2905 
2906 	if (mdb_readvar(&max_ncpus, "max_ncpus") == -1) {
2907 		mdb_warn("failed to read 'max_ncpus'");
2908 		return (WALK_ERR);
2909 	}
2910 
2911 	if (mdb_readvar(&panicstr, "panicstr") == -1) {
2912 		mdb_warn("failed to read 'panicstr'");
2913 		return (WALK_ERR);
2914 	}
2915 
2916 	if (panicstr != NULL) {
2917 		if (mdb_lookup_by_name("panic_cpu", &sym) == -1) {
2918 			mdb_warn("failed to find 'panic_cpu'");
2919 			return (WALK_ERR);
2920 		}
2921 
2922 		addr = (uintptr_t)sym.st_value;
2923 
2924 		if (mdb_vread(&panic_cpu, sizeof (cpu_t), addr) == -1) {
2925 			mdb_warn("failed to read 'panic_cpu'");
2926 			return (WALK_ERR);
2927 		}
2928 	}
2929 
2930 	/*
2931 	 * Unfortunately, there is no platform-independent way to walk
2932 	 * CPUs in ID order.  We therefore loop through in cpu_next order,
2933 	 * building an array of CPU pointers which will subsequently be
2934 	 * sorted.
2935 	 */
2936 	cw->cw_array =
2937 	    mdb_zalloc((max_ncpus + 1) * sizeof (uintptr_t), UM_SLEEP | UM_GC);
2938 
2939 	if (mdb_readvar(&first, "cpu_list") == -1) {
2940 		mdb_warn("failed to read 'cpu_list'");
2941 		return (WALK_ERR);
2942 	}
2943 
2944 	current = first;
2945 	do {
2946 		if (mdb_vread(&cpu, sizeof (cpu), current) == -1) {
2947 			mdb_warn("failed to read cpu at %p", current);
2948 			return (WALK_ERR);
2949 		}
2950 
2951 		if (panicstr != NULL && panic_cpu.cpu_id == cpu.cpu_id) {
2952 			cw->cw_array[i++] = addr;
2953 		} else {
2954 			cw->cw_array[i++] = current;
2955 		}
2956 	} while ((current = (uintptr_t)cpu.cpu_next) != first);
2957 
2958 	qsort(cw->cw_array, i, sizeof (uintptr_t), cpu_walk_cmp);
2959 	wsp->walk_data = cw;
2960 
2961 	return (WALK_NEXT);
2962 }
2963 
2964 int
2965 cpu_walk_step(mdb_walk_state_t *wsp)
2966 {
2967 	cpu_walk_t *cw = wsp->walk_data;
2968 	cpu_t cpu;
2969 	uintptr_t addr = cw->cw_array[cw->cw_ndx++];
2970 
2971 	if (addr == NULL)
2972 		return (WALK_DONE);
2973 
2974 	if (mdb_vread(&cpu, sizeof (cpu), addr) == -1) {
2975 		mdb_warn("failed to read cpu at %p", addr);
2976 		return (WALK_DONE);
2977 	}
2978 
2979 	return (wsp->walk_callback(addr, &cpu, wsp->walk_cbdata));
2980 }
2981 
2982 typedef struct cpuinfo_data {
2983 	intptr_t cid_cpu;
2984 	uintptr_t cid_lbolt;
2985 	uintptr_t **cid_ithr;
2986 	char	cid_print_head;
2987 	char	cid_print_thr;
2988 	char	cid_print_ithr;
2989 	char	cid_print_flags;
2990 } cpuinfo_data_t;
2991 
2992 int
2993 cpuinfo_walk_ithread(uintptr_t addr, const kthread_t *thr, cpuinfo_data_t *cid)
2994 {
2995 	cpu_t c;
2996 	int id;
2997 	uint8_t pil;
2998 
2999 	if (!(thr->t_flag & T_INTR_THREAD) || thr->t_state == TS_FREE)
3000 		return (WALK_NEXT);
3001 
3002 	if (thr->t_bound_cpu == NULL) {
3003 		mdb_warn("thr %p is intr thread w/out a CPU\n", addr);
3004 		return (WALK_NEXT);
3005 	}
3006 
3007 	(void) mdb_vread(&c, sizeof (c), (uintptr_t)thr->t_bound_cpu);
3008 
3009 	if ((id = c.cpu_id) >= NCPU) {
3010 		mdb_warn("CPU %p has id (%d) greater than NCPU (%d)\n",
3011 		    thr->t_bound_cpu, id, NCPU);
3012 		return (WALK_NEXT);
3013 	}
3014 
3015 	if ((pil = thr->t_pil) >= NINTR) {
3016 		mdb_warn("thread %p has pil (%d) greater than %d\n",
3017 		    addr, pil, NINTR);
3018 		return (WALK_NEXT);
3019 	}
3020 
3021 	if (cid->cid_ithr[id][pil] != NULL) {
3022 		mdb_warn("CPU %d has multiple threads at pil %d (at least "
3023 		    "%p and %p)\n", id, pil, addr, cid->cid_ithr[id][pil]);
3024 		return (WALK_NEXT);
3025 	}
3026 
3027 	cid->cid_ithr[id][pil] = addr;
3028 
3029 	return (WALK_NEXT);
3030 }
3031 
3032 #define	CPUINFO_IDWIDTH		3
3033 #define	CPUINFO_FLAGWIDTH	9
3034 
3035 #ifdef _LP64
3036 #if defined(__amd64)
3037 #define	CPUINFO_TWIDTH		16
3038 #define	CPUINFO_CPUWIDTH	16
3039 #else
3040 #define	CPUINFO_CPUWIDTH	11
3041 #define	CPUINFO_TWIDTH		11
3042 #endif
3043 #else
3044 #define	CPUINFO_CPUWIDTH	8
3045 #define	CPUINFO_TWIDTH		8
3046 #endif
3047 
3048 #define	CPUINFO_THRDELT		(CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH + 9)
3049 #define	CPUINFO_FLAGDELT	(CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH + 4)
3050 #define	CPUINFO_ITHRDELT	4
3051 
3052 #define	CPUINFO_INDENT	mdb_printf("%*s", CPUINFO_THRDELT, \
3053     flagline < nflaglines ? flagbuf[flagline++] : "")
3054 
3055 int
3056 cpuinfo_walk_cpu(uintptr_t addr, const cpu_t *cpu, cpuinfo_data_t *cid)
3057 {
3058 	kthread_t t;
3059 	disp_t disp;
3060 	proc_t p;
3061 	uintptr_t pinned;
3062 	char **flagbuf;
3063 	int nflaglines = 0, flagline = 0, bspl, rval = WALK_NEXT;
3064 
3065 	const char *flags[] = {
3066 	    "RUNNING", "READY", "QUIESCED", "EXISTS",
3067 	    "ENABLE", "OFFLINE", "POWEROFF", "FROZEN",
3068 	    "SPARE", "FAULTED", NULL
3069 	};
3070 
3071 	if (cid->cid_cpu != -1) {
3072 		if (addr != cid->cid_cpu && cpu->cpu_id != cid->cid_cpu)
3073 			return (WALK_NEXT);
3074 
3075 		/*
3076 		 * Set cid_cpu to -1 to indicate that we found a matching CPU.
3077 		 */
3078 		cid->cid_cpu = -1;
3079 		rval = WALK_DONE;
3080 	}
3081 
3082 	if (cid->cid_print_head) {
3083 		mdb_printf("%3s %-*s %3s %4s %4s %3s %4s %5s %-6s %-*s %s\n",
3084 		    "ID", CPUINFO_CPUWIDTH, "ADDR", "FLG", "NRUN", "BSPL",
3085 		    "PRI", "RNRN", "KRNRN", "SWITCH", CPUINFO_TWIDTH, "THREAD",
3086 		    "PROC");
3087 		cid->cid_print_head = FALSE;
3088 	}
3089 
3090 	bspl = cpu->cpu_base_spl;
3091 
3092 	if (mdb_vread(&disp, sizeof (disp_t), (uintptr_t)cpu->cpu_disp) == -1) {
3093 		mdb_warn("failed to read disp_t at %p", cpu->cpu_disp);
3094 		return (WALK_ERR);
3095 	}
3096 
3097 	mdb_printf("%3d %0*p %3x %4d %4d ",
3098 	    cpu->cpu_id, CPUINFO_CPUWIDTH, addr, cpu->cpu_flags,
3099 	    disp.disp_nrunnable, bspl);
3100 
3101 	if (mdb_vread(&t, sizeof (t), (uintptr_t)cpu->cpu_thread) != -1) {
3102 		mdb_printf("%3d ", t.t_pri);
3103 	} else {
3104 		mdb_printf("%3s ", "-");
3105 	}
3106 
3107 	mdb_printf("%4s %5s ", cpu->cpu_runrun ? "yes" : "no",
3108 	    cpu->cpu_kprunrun ? "yes" : "no");
3109 
3110 	if (cpu->cpu_last_swtch) {
3111 		clock_t lbolt;
3112 
3113 		if (mdb_vread(&lbolt, sizeof (lbolt), cid->cid_lbolt) == -1) {
3114 			mdb_warn("failed to read lbolt at %p", cid->cid_lbolt);
3115 			return (WALK_ERR);
3116 		}
3117 		mdb_printf("t-%-4d ", lbolt - cpu->cpu_last_swtch);
3118 	} else {
3119 		mdb_printf("%-6s ", "-");
3120 	}
3121 
3122 	mdb_printf("%0*p", CPUINFO_TWIDTH, cpu->cpu_thread);
3123 
3124 	if (cpu->cpu_thread == cpu->cpu_idle_thread)
3125 		mdb_printf(" (idle)\n");
3126 	else if (cpu->cpu_thread == NULL)
3127 		mdb_printf(" -\n");
3128 	else {
3129 		if (mdb_vread(&p, sizeof (p), (uintptr_t)t.t_procp) != -1) {
3130 			mdb_printf(" %s\n", p.p_user.u_comm);
3131 		} else {
3132 			mdb_printf(" ?\n");
3133 		}
3134 	}
3135 
3136 	flagbuf = mdb_zalloc(sizeof (flags), UM_SLEEP | UM_GC);
3137 
3138 	if (cid->cid_print_flags) {
3139 		int first = 1, i, j, k;
3140 		char *s;
3141 
3142 		cid->cid_print_head = TRUE;
3143 
3144 		for (i = 1, j = 0; flags[j] != NULL; i <<= 1, j++) {
3145 			if (!(cpu->cpu_flags & i))
3146 				continue;
3147 
3148 			if (first) {
3149 				s = mdb_alloc(CPUINFO_THRDELT + 1,
3150 				    UM_GC | UM_SLEEP);
3151 
3152 				(void) mdb_snprintf(s, CPUINFO_THRDELT + 1,
3153 				    "%*s|%*s", CPUINFO_FLAGDELT, "",
3154 				    CPUINFO_THRDELT - 1 - CPUINFO_FLAGDELT, "");
3155 				flagbuf[nflaglines++] = s;
3156 			}
3157 
3158 			s = mdb_alloc(CPUINFO_THRDELT + 1, UM_GC | UM_SLEEP);
3159 			(void) mdb_snprintf(s, CPUINFO_THRDELT + 1, "%*s%*s %s",
3160 			    CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH -
3161 			    CPUINFO_FLAGWIDTH, "", CPUINFO_FLAGWIDTH, flags[j],
3162 			    first ? "<--+" : "");
3163 
3164 			for (k = strlen(s); k < CPUINFO_THRDELT; k++)
3165 				s[k] = ' ';
3166 			s[k] = '\0';
3167 
3168 			flagbuf[nflaglines++] = s;
3169 			first = 0;
3170 		}
3171 	}
3172 
3173 	if (cid->cid_print_ithr) {
3174 		int i, found_one = FALSE;
3175 		int print_thr = disp.disp_nrunnable && cid->cid_print_thr;
3176 
3177 		for (i = NINTR - 1; i >= 0; i--) {
3178 			uintptr_t iaddr = cid->cid_ithr[cpu->cpu_id][i];
3179 
3180 			if (iaddr == NULL)
3181 				continue;
3182 
3183 			if (!found_one) {
3184 				found_one = TRUE;
3185 
3186 				CPUINFO_INDENT;
3187 				mdb_printf("%c%*s|\n", print_thr ? '|' : ' ',
3188 				    CPUINFO_ITHRDELT, "");
3189 
3190 				CPUINFO_INDENT;
3191 				mdb_printf("%c%*s+--> %3s %s\n",
3192 				    print_thr ? '|' : ' ', CPUINFO_ITHRDELT,
3193 				    "", "PIL", "THREAD");
3194 			}
3195 
3196 			if (mdb_vread(&t, sizeof (t), iaddr) == -1) {
3197 				mdb_warn("failed to read kthread_t at %p",
3198 				    iaddr);
3199 				return (WALK_ERR);
3200 			}
3201 
3202 			CPUINFO_INDENT;
3203 			mdb_printf("%c%*s     %3d %0*p\n",
3204 			    print_thr ? '|' : ' ', CPUINFO_ITHRDELT, "",
3205 			    t.t_pil, CPUINFO_TWIDTH, iaddr);
3206 
3207 			pinned = (uintptr_t)t.t_intr;
3208 		}
3209 
3210 		if (found_one && pinned != NULL) {
3211 			cid->cid_print_head = TRUE;
3212 			(void) strcpy(p.p_user.u_comm, "?");
3213 
3214 			if (mdb_vread(&t, sizeof (t),
3215 			    (uintptr_t)pinned) == -1) {
3216 				mdb_warn("failed to read kthread_t at %p",
3217 				    pinned);
3218 				return (WALK_ERR);
3219 			}
3220 			if (mdb_vread(&p, sizeof (p),
3221 			    (uintptr_t)t.t_procp) == -1) {
3222 				mdb_warn("failed to read proc_t at %p",
3223 				    t.t_procp);
3224 				return (WALK_ERR);
3225 			}
3226 
3227 			CPUINFO_INDENT;
3228 			mdb_printf("%c%*s     %3s %0*p %s\n",
3229 			    print_thr ? '|' : ' ', CPUINFO_ITHRDELT, "", "-",
3230 			    CPUINFO_TWIDTH, pinned,
3231 			    pinned == (uintptr_t)cpu->cpu_idle_thread ?
3232 			    "(idle)" : p.p_user.u_comm);
3233 		}
3234 	}
3235 
3236 	if (disp.disp_nrunnable && cid->cid_print_thr) {
3237 		dispq_t *dq;
3238 
3239 		int i, npri = disp.disp_npri;
3240 
3241 		dq = mdb_alloc(sizeof (dispq_t) * npri, UM_SLEEP | UM_GC);
3242 
3243 		if (mdb_vread(dq, sizeof (dispq_t) * npri,
3244 		    (uintptr_t)disp.disp_q) == -1) {
3245 			mdb_warn("failed to read dispq_t at %p", disp.disp_q);
3246 			return (WALK_ERR);
3247 		}
3248 
3249 		CPUINFO_INDENT;
3250 		mdb_printf("|\n");
3251 
3252 		CPUINFO_INDENT;
3253 		mdb_printf("+-->  %3s %-*s %s\n", "PRI",
3254 		    CPUINFO_TWIDTH, "THREAD", "PROC");
3255 
3256 		for (i = npri - 1; i >= 0; i--) {
3257 			uintptr_t taddr = (uintptr_t)dq[i].dq_first;
3258 
3259 			while (taddr != NULL) {
3260 				if (mdb_vread(&t, sizeof (t), taddr) == -1) {
3261 					mdb_warn("failed to read kthread_t "
3262 					    "at %p", taddr);
3263 					return (WALK_ERR);
3264 				}
3265 				if (mdb_vread(&p, sizeof (p),
3266 				    (uintptr_t)t.t_procp) == -1) {
3267 					mdb_warn("failed to read proc_t at %p",
3268 					    t.t_procp);
3269 					return (WALK_ERR);
3270 				}
3271 
3272 				CPUINFO_INDENT;
3273 				mdb_printf("      %3d %0*p %s\n", t.t_pri,
3274 				    CPUINFO_TWIDTH, taddr, p.p_user.u_comm);
3275 
3276 				taddr = (uintptr_t)t.t_link;
3277 			}
3278 		}
3279 		cid->cid_print_head = TRUE;
3280 	}
3281 
3282 	while (flagline < nflaglines)
3283 		mdb_printf("%s\n", flagbuf[flagline++]);
3284 
3285 	if (cid->cid_print_head)
3286 		mdb_printf("\n");
3287 
3288 	return (rval);
3289 }
3290 
3291 int
3292 cpuinfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3293 {
3294 	uint_t verbose = FALSE;
3295 	cpuinfo_data_t cid;
3296 	GElf_Sym sym;
3297 	clock_t lbolt;
3298 
3299 	cid.cid_print_ithr = FALSE;
3300 	cid.cid_print_thr = FALSE;
3301 	cid.cid_print_flags = FALSE;
3302 	cid.cid_print_head = DCMD_HDRSPEC(flags) ? TRUE : FALSE;
3303 	cid.cid_cpu = -1;
3304 
3305 	if (flags & DCMD_ADDRSPEC)
3306 		cid.cid_cpu = addr;
3307 
3308 	if (mdb_getopts(argc, argv,
3309 	    'v', MDB_OPT_SETBITS, TRUE, &verbose, NULL) != argc)
3310 		return (DCMD_USAGE);
3311 
3312 	if (verbose) {
3313 		cid.cid_print_ithr = TRUE;
3314 		cid.cid_print_thr = TRUE;
3315 		cid.cid_print_flags = TRUE;
3316 		cid.cid_print_head = TRUE;
3317 	}
3318 
3319 	if (cid.cid_print_ithr) {
3320 		int i;
3321 
3322 		cid.cid_ithr = mdb_alloc(sizeof (uintptr_t **)
3323 		    * NCPU, UM_SLEEP | UM_GC);
3324 
3325 		for (i = 0; i < NCPU; i++)
3326 			cid.cid_ithr[i] = mdb_zalloc(sizeof (uintptr_t *) *
3327 			    NINTR, UM_SLEEP | UM_GC);
3328 
3329 		if (mdb_walk("thread", (mdb_walk_cb_t)cpuinfo_walk_ithread,
3330 		    &cid) == -1) {
3331 			mdb_warn("couldn't walk thread");
3332 			return (DCMD_ERR);
3333 		}
3334 	}
3335 
3336 	if (mdb_lookup_by_name("panic_lbolt", &sym) == -1) {
3337 		mdb_warn("failed to find panic_lbolt");
3338 		return (DCMD_ERR);
3339 	}
3340 
3341 	cid.cid_lbolt = (uintptr_t)sym.st_value;
3342 
3343 	if (mdb_vread(&lbolt, sizeof (lbolt), cid.cid_lbolt) == -1) {
3344 		mdb_warn("failed to read panic_lbolt");
3345 		return (DCMD_ERR);
3346 	}
3347 
3348 	if (lbolt == 0) {
3349 		if (mdb_lookup_by_name("lbolt", &sym) == -1) {
3350 			mdb_warn("failed to find lbolt");
3351 			return (DCMD_ERR);
3352 		}
3353 		cid.cid_lbolt = (uintptr_t)sym.st_value;
3354 	}
3355 
3356 	if (mdb_walk("cpu", (mdb_walk_cb_t)cpuinfo_walk_cpu, &cid) == -1) {
3357 		mdb_warn("can't walk cpus");
3358 		return (DCMD_ERR);
3359 	}
3360 
3361 	if (cid.cid_cpu != -1) {
3362 		/*
3363 		 * We didn't find this CPU when we walked through the CPUs
3364 		 * (i.e. the address specified doesn't show up in the "cpu"
3365 		 * walk).  However, the specified address may still correspond
3366 		 * to a valid cpu_t (for example, if the specified address is
3367 		 * the actual panicking cpu_t and not the cached panic_cpu).
3368 		 * Point is:  even if we didn't find it, we still want to try
3369 		 * to print the specified address as a cpu_t.
3370 		 */
3371 		cpu_t cpu;
3372 
3373 		if (mdb_vread(&cpu, sizeof (cpu), cid.cid_cpu) == -1) {
3374 			mdb_warn("%p is neither a valid CPU ID nor a "
3375 			    "valid cpu_t address\n", cid.cid_cpu);
3376 			return (DCMD_ERR);
3377 		}
3378 
3379 		(void) cpuinfo_walk_cpu(cid.cid_cpu, &cpu, &cid);
3380 	}
3381 
3382 	return (DCMD_OK);
3383 }
3384 
3385 /*ARGSUSED*/
3386 int
3387 flipone(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3388 {
3389 	int i;
3390 
3391 	if (!(flags & DCMD_ADDRSPEC))
3392 		return (DCMD_USAGE);
3393 
3394 	for (i = 0; i < sizeof (addr) * NBBY; i++)
3395 		mdb_printf("%p\n", addr ^ (1UL << i));
3396 
3397 	return (DCMD_OK);
3398 }
3399 
3400 /*
3401  * Grumble, grumble.
3402  */
3403 #define	SMAP_HASHFUNC(vp, off)	\
3404 	((((uintptr_t)(vp) >> 6) + ((uintptr_t)(vp) >> 3) + \
3405 	((off) >> MAXBSHIFT)) & smd_hashmsk)
3406 
3407 int
3408 vnode2smap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3409 {
3410 	long smd_hashmsk;
3411 	int hash;
3412 	uintptr_t offset = 0;
3413 	struct smap smp;
3414 	uintptr_t saddr, kaddr;
3415 	uintptr_t smd_hash, smd_smap;
3416 	struct seg seg;
3417 
3418 	if (!(flags & DCMD_ADDRSPEC))
3419 		return (DCMD_USAGE);
3420 
3421 	if (mdb_readvar(&smd_hashmsk, "smd_hashmsk") == -1) {
3422 		mdb_warn("failed to read smd_hashmsk");
3423 		return (DCMD_ERR);
3424 	}
3425 
3426 	if (mdb_readvar(&smd_hash, "smd_hash") == -1) {
3427 		mdb_warn("failed to read smd_hash");
3428 		return (DCMD_ERR);
3429 	}
3430 
3431 	if (mdb_readvar(&smd_smap, "smd_smap") == -1) {
3432 		mdb_warn("failed to read smd_hash");
3433 		return (DCMD_ERR);
3434 	}
3435 
3436 	if (mdb_readvar(&kaddr, "segkmap") == -1) {
3437 		mdb_warn("failed to read segkmap");
3438 		return (DCMD_ERR);
3439 	}
3440 
3441 	if (mdb_vread(&seg, sizeof (seg), kaddr) == -1) {
3442 		mdb_warn("failed to read segkmap at %p", kaddr);
3443 		return (DCMD_ERR);
3444 	}
3445 
3446 	if (argc != 0) {
3447 		const mdb_arg_t *arg = &argv[0];
3448 
3449 		if (arg->a_type == MDB_TYPE_IMMEDIATE)
3450 			offset = arg->a_un.a_val;
3451 		else
3452 			offset = (uintptr_t)mdb_strtoull(arg->a_un.a_str);
3453 	}
3454 
3455 	hash = SMAP_HASHFUNC(addr, offset);
3456 
3457 	if (mdb_vread(&saddr, sizeof (saddr),
3458 	    smd_hash + hash * sizeof (uintptr_t)) == -1) {
3459 		mdb_warn("couldn't read smap at %p",
3460 		    smd_hash + hash * sizeof (uintptr_t));
3461 		return (DCMD_ERR);
3462 	}
3463 
3464 	do {
3465 		if (mdb_vread(&smp, sizeof (smp), saddr) == -1) {
3466 			mdb_warn("couldn't read smap at %p", saddr);
3467 			return (DCMD_ERR);
3468 		}
3469 
3470 		if ((uintptr_t)smp.sm_vp == addr && smp.sm_off == offset) {
3471 			mdb_printf("vnode %p, offs %p is smap %p, vaddr %p\n",
3472 			    addr, offset, saddr, ((saddr - smd_smap) /
3473 			    sizeof (smp)) * MAXBSIZE + seg.s_base);
3474 			return (DCMD_OK);
3475 		}
3476 
3477 		saddr = (uintptr_t)smp.sm_hash;
3478 	} while (saddr != NULL);
3479 
3480 	mdb_printf("no smap for vnode %p, offs %p\n", addr, offset);
3481 	return (DCMD_OK);
3482 }
3483 
3484 /*ARGSUSED*/
3485 int
3486 addr2smap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3487 {
3488 	uintptr_t kaddr;
3489 	struct seg seg;
3490 	struct segmap_data sd;
3491 
3492 	if (!(flags & DCMD_ADDRSPEC))
3493 		return (DCMD_USAGE);
3494 
3495 	if (mdb_readvar(&kaddr, "segkmap") == -1) {
3496 		mdb_warn("failed to read segkmap");
3497 		return (DCMD_ERR);
3498 	}
3499 
3500 	if (mdb_vread(&seg, sizeof (seg), kaddr) == -1) {
3501 		mdb_warn("failed to read segkmap at %p", kaddr);
3502 		return (DCMD_ERR);
3503 	}
3504 
3505 	if (mdb_vread(&sd, sizeof (sd), (uintptr_t)seg.s_data) == -1) {
3506 		mdb_warn("failed to read segmap_data at %p", seg.s_data);
3507 		return (DCMD_ERR);
3508 	}
3509 
3510 	mdb_printf("%p is smap %p\n", addr,
3511 	    ((addr - (uintptr_t)seg.s_base) >> MAXBSHIFT) *
3512 	    sizeof (struct smap) + (uintptr_t)sd.smd_sm);
3513 
3514 	return (DCMD_OK);
3515 }
3516 
3517 int
3518 as2proc_walk(uintptr_t addr, const proc_t *p, struct as **asp)
3519 {
3520 	if (p->p_as == *asp)
3521 		mdb_printf("%p\n", addr);
3522 	return (WALK_NEXT);
3523 }
3524 
3525 /*ARGSUSED*/
3526 int
3527 as2proc(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3528 {
3529 	if (!(flags & DCMD_ADDRSPEC) || argc != 0)
3530 		return (DCMD_USAGE);
3531 
3532 	if (mdb_walk("proc", (mdb_walk_cb_t)as2proc_walk, &addr) == -1) {
3533 		mdb_warn("failed to walk proc");
3534 		return (DCMD_ERR);
3535 	}
3536 
3537 	return (DCMD_OK);
3538 }
3539 
3540 /*ARGSUSED*/
3541 int
3542 ptree_walk(uintptr_t addr, const proc_t *p, void *ignored)
3543 {
3544 	proc_t parent;
3545 	int ident = 0;
3546 	uintptr_t paddr;
3547 
3548 	for (paddr = (uintptr_t)p->p_parent; paddr != NULL; ident += 5) {
3549 		mdb_vread(&parent, sizeof (parent), paddr);
3550 		paddr = (uintptr_t)parent.p_parent;
3551 	}
3552 
3553 	mdb_inc_indent(ident);
3554 	mdb_printf("%0?p  %s\n", addr, p->p_user.u_comm);
3555 	mdb_dec_indent(ident);
3556 
3557 	return (WALK_NEXT);
3558 }
3559 
3560 void
3561 ptree_ancestors(uintptr_t addr, uintptr_t start)
3562 {
3563 	proc_t p;
3564 
3565 	if (mdb_vread(&p, sizeof (p), addr) == -1) {
3566 		mdb_warn("couldn't read ancestor at %p", addr);
3567 		return;
3568 	}
3569 
3570 	if (p.p_parent != NULL)
3571 		ptree_ancestors((uintptr_t)p.p_parent, start);
3572 
3573 	if (addr != start)
3574 		(void) ptree_walk(addr, &p, NULL);
3575 }
3576 
3577 /*ARGSUSED*/
3578 int
3579 ptree(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3580 {
3581 	if (!(flags & DCMD_ADDRSPEC))
3582 		addr = NULL;
3583 	else
3584 		ptree_ancestors(addr, addr);
3585 
3586 	if (mdb_pwalk("proc", (mdb_walk_cb_t)ptree_walk, NULL, addr) == -1) {
3587 		mdb_warn("couldn't walk 'proc'");
3588 		return (DCMD_ERR);
3589 	}
3590 
3591 	return (DCMD_OK);
3592 }
3593 
3594 /*ARGSUSED*/
3595 static int
3596 fd(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3597 {
3598 	int fdnum;
3599 	const mdb_arg_t *argp = &argv[0];
3600 	proc_t p;
3601 	uf_entry_t uf;
3602 
3603 	if ((flags & DCMD_ADDRSPEC) == 0) {
3604 		mdb_warn("fd doesn't give global information\n");
3605 		return (DCMD_ERR);
3606 	}
3607 	if (argc != 1)
3608 		return (DCMD_USAGE);
3609 
3610 	if (argp->a_type == MDB_TYPE_IMMEDIATE)
3611 		fdnum = argp->a_un.a_val;
3612 	else
3613 		fdnum = mdb_strtoull(argp->a_un.a_str);
3614 
3615 	if (mdb_vread(&p, sizeof (struct proc), addr) == -1) {
3616 		mdb_warn("couldn't read proc_t at %p", addr);
3617 		return (DCMD_ERR);
3618 	}
3619 	if (fdnum > p.p_user.u_finfo.fi_nfiles) {
3620 		mdb_warn("process %p only has %d files open.\n",
3621 		    addr, p.p_user.u_finfo.fi_nfiles);
3622 		return (DCMD_ERR);
3623 	}
3624 	if (mdb_vread(&uf, sizeof (uf_entry_t),
3625 	    (uintptr_t)&p.p_user.u_finfo.fi_list[fdnum]) == -1) {
3626 		mdb_warn("couldn't read uf_entry_t at %p",
3627 		    &p.p_user.u_finfo.fi_list[fdnum]);
3628 		return (DCMD_ERR);
3629 	}
3630 
3631 	mdb_printf("%p\n", uf.uf_file);
3632 	return (DCMD_OK);
3633 }
3634 
3635 /*ARGSUSED*/
3636 static int
3637 pid2proc(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3638 {
3639 	pid_t pid = (pid_t)addr;
3640 
3641 	if (argc != 0)
3642 		return (DCMD_USAGE);
3643 
3644 	if ((addr = mdb_pid2proc(pid, NULL)) == NULL) {
3645 		mdb_warn("PID 0t%d not found\n", pid);
3646 		return (DCMD_ERR);
3647 	}
3648 
3649 	mdb_printf("%p\n", addr);
3650 	return (DCMD_OK);
3651 }
3652 
3653 static char *sysfile_cmd[] = {
3654 	"exclude:",
3655 	"include:",
3656 	"forceload:",
3657 	"rootdev:",
3658 	"rootfs:",
3659 	"swapdev:",
3660 	"swapfs:",
3661 	"moddir:",
3662 	"set",
3663 	"unknown",
3664 };
3665 
3666 static char *sysfile_ops[] = { "", "=", "&", "|" };
3667 
3668 /*ARGSUSED*/
3669 static int
3670 sysfile_vmem_seg(uintptr_t addr, const vmem_seg_t *vsp, void **target)
3671 {
3672 	if (vsp->vs_type == VMEM_ALLOC && (void *)vsp->vs_start == *target) {
3673 		*target = NULL;
3674 		return (WALK_DONE);
3675 	}
3676 	return (WALK_NEXT);
3677 }
3678 
3679 /*ARGSUSED*/
3680 static int
3681 sysfile(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3682 {
3683 	struct sysparam *sysp, sys;
3684 	char var[256];
3685 	char modname[256];
3686 	char val[256];
3687 	char strval[256];
3688 	vmem_t *mod_sysfile_arena;
3689 	void *straddr;
3690 
3691 	if (mdb_readvar(&sysp, "sysparam_hd") == -1) {
3692 		mdb_warn("failed to read sysparam_hd");
3693 		return (DCMD_ERR);
3694 	}
3695 
3696 	if (mdb_readvar(&mod_sysfile_arena, "mod_sysfile_arena") == -1) {
3697 		mdb_warn("failed to read mod_sysfile_arena");
3698 		return (DCMD_ERR);
3699 	}
3700 
3701 	while (sysp != NULL) {
3702 		var[0] = '\0';
3703 		val[0] = '\0';
3704 		modname[0] = '\0';
3705 		if (mdb_vread(&sys, sizeof (sys), (uintptr_t)sysp) == -1) {
3706 			mdb_warn("couldn't read sysparam %p", sysp);
3707 			return (DCMD_ERR);
3708 		}
3709 		if (sys.sys_modnam != NULL &&
3710 		    mdb_readstr(modname, 256,
3711 		    (uintptr_t)sys.sys_modnam) == -1) {
3712 			mdb_warn("couldn't read modname in %p", sysp);
3713 			return (DCMD_ERR);
3714 		}
3715 		if (sys.sys_ptr != NULL &&
3716 		    mdb_readstr(var, 256, (uintptr_t)sys.sys_ptr) == -1) {
3717 			mdb_warn("couldn't read ptr in %p", sysp);
3718 			return (DCMD_ERR);
3719 		}
3720 		if (sys.sys_op != SETOP_NONE) {
3721 			/*
3722 			 * Is this an int or a string?  We determine this
3723 			 * by checking whether straddr is contained in
3724 			 * mod_sysfile_arena.  If so, the walker will set
3725 			 * straddr to NULL.
3726 			 */
3727 			straddr = (void *)(uintptr_t)sys.sys_info;
3728 			if (sys.sys_op == SETOP_ASSIGN &&
3729 			    sys.sys_info != 0 &&
3730 			    mdb_pwalk("vmem_seg",
3731 			    (mdb_walk_cb_t)sysfile_vmem_seg, &straddr,
3732 			    (uintptr_t)mod_sysfile_arena) == 0 &&
3733 			    straddr == NULL &&
3734 			    mdb_readstr(strval, 256,
3735 			    (uintptr_t)sys.sys_info) != -1) {
3736 				(void) mdb_snprintf(val, sizeof (val), "\"%s\"",
3737 				    strval);
3738 			} else {
3739 				(void) mdb_snprintf(val, sizeof (val),
3740 				    "0x%llx [0t%llu]", sys.sys_info,
3741 				    sys.sys_info);
3742 			}
3743 		}
3744 		mdb_printf("%s %s%s%s%s%s\n", sysfile_cmd[sys.sys_type],
3745 		    modname, modname[0] == '\0' ? "" : ":",
3746 		    var, sysfile_ops[sys.sys_op], val);
3747 
3748 		sysp = sys.sys_next;
3749 	}
3750 
3751 	return (DCMD_OK);
3752 }
3753 
3754 /*
3755  * Dump a taskq_ent_t given its address.
3756  */
3757 /*ARGSUSED*/
3758 int
3759 taskq_ent(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3760 {
3761 	taskq_ent_t	taskq_ent;
3762 	GElf_Sym	sym;
3763 	char		buf[MDB_SYM_NAMLEN+1];
3764 
3765 
3766 	if (!(flags & DCMD_ADDRSPEC)) {
3767 		mdb_warn("expected explicit taskq_ent_t address before ::\n");
3768 		return (DCMD_USAGE);
3769 	}
3770 
3771 	if (mdb_vread(&taskq_ent, sizeof (taskq_ent_t), addr) == -1) {
3772 		mdb_warn("failed to read taskq_ent_t at %p", addr);
3773 		return (DCMD_ERR);
3774 	}
3775 
3776 	if (DCMD_HDRSPEC(flags)) {
3777 		mdb_printf("%<u>%-?s    %-?s    %-s%</u>\n",
3778 		"ENTRY", "ARG", "FUNCTION");
3779 	}
3780 
3781 	if (mdb_lookup_by_addr((uintptr_t)taskq_ent.tqent_func, MDB_SYM_EXACT,
3782 	    buf, sizeof (buf), &sym) == -1) {
3783 		(void) strcpy(buf, "????");
3784 	}
3785 
3786 	mdb_printf("%-?p    %-?p    %s\n", addr, taskq_ent.tqent_arg, buf);
3787 
3788 	return (DCMD_OK);
3789 }
3790 
3791 /*
3792  * Given the address of the (taskq_t) task queue head, walk the queue listing
3793  * the address of every taskq_ent_t.
3794  */
3795 int
3796 taskq_walk_init(mdb_walk_state_t *wsp)
3797 {
3798 	taskq_t	tq_head;
3799 
3800 
3801 	if (wsp->walk_addr == NULL) {
3802 		mdb_warn("start address required\n");
3803 		return (WALK_ERR);
3804 	}
3805 
3806 
3807 	/*
3808 	 * Save the address of the list head entry.  This terminates the list.
3809 	 */
3810 	wsp->walk_data = (void *)
3811 	    ((size_t)wsp->walk_addr + offsetof(taskq_t, tq_task));
3812 
3813 
3814 	/*
3815 	 * Read in taskq head, set walk_addr to point to first taskq_ent_t.
3816 	 */
3817 	if (mdb_vread((void *)&tq_head, sizeof (taskq_t), wsp->walk_addr) ==
3818 	    -1) {
3819 		mdb_warn("failed to read taskq list head at %p",
3820 		    wsp->walk_addr);
3821 	}
3822 	wsp->walk_addr = (uintptr_t)tq_head.tq_task.tqent_next;
3823 
3824 
3825 	/*
3826 	 * Check for null list (next=head)
3827 	 */
3828 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data) {
3829 		return (WALK_DONE);
3830 	}
3831 
3832 	return (WALK_NEXT);
3833 }
3834 
3835 
3836 int
3837 taskq_walk_step(mdb_walk_state_t *wsp)
3838 {
3839 	taskq_ent_t	tq_ent;
3840 	int		status;
3841 
3842 
3843 	if (mdb_vread((void *)&tq_ent, sizeof (taskq_ent_t), wsp->walk_addr) ==
3844 	    -1) {
3845 		mdb_warn("failed to read taskq_ent_t at %p", wsp->walk_addr);
3846 		return (DCMD_ERR);
3847 	}
3848 
3849 	status = wsp->walk_callback(wsp->walk_addr, (void *)&tq_ent,
3850 	    wsp->walk_cbdata);
3851 
3852 	wsp->walk_addr = (uintptr_t)tq_ent.tqent_next;
3853 
3854 
3855 	/* Check if we're at the last element (next=head) */
3856 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data) {
3857 		return (WALK_DONE);
3858 	}
3859 
3860 	return (status);
3861 }
3862 
3863 int
3864 didmatch(uintptr_t addr, const kthread_t *thr, kt_did_t *didp)
3865 {
3866 
3867 	if (*didp == thr->t_did) {
3868 		mdb_printf("%p\n", addr);
3869 		return (WALK_DONE);
3870 	} else
3871 		return (WALK_NEXT);
3872 }
3873 
3874 /*ARGSUSED*/
3875 int
3876 did2thread(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3877 {
3878 	const mdb_arg_t *argp = &argv[0];
3879 	kt_did_t	did;
3880 
3881 	if (argc != 1)
3882 		return (DCMD_USAGE);
3883 
3884 	did = (kt_did_t)mdb_strtoull(argp->a_un.a_str);
3885 
3886 	if (mdb_walk("thread", (mdb_walk_cb_t)didmatch, (void *)&did) == -1) {
3887 		mdb_warn("failed to walk thread");
3888 		return (DCMD_ERR);
3889 
3890 	}
3891 	return (DCMD_OK);
3892 
3893 }
3894 
3895 static int
3896 errorq_walk_init(mdb_walk_state_t *wsp)
3897 {
3898 	if (wsp->walk_addr == NULL &&
3899 	    mdb_readvar(&wsp->walk_addr, "errorq_list") == -1) {
3900 		mdb_warn("failed to read errorq_list");
3901 		return (WALK_ERR);
3902 	}
3903 
3904 	return (WALK_NEXT);
3905 }
3906 
3907 static int
3908 errorq_walk_step(mdb_walk_state_t *wsp)
3909 {
3910 	uintptr_t addr = wsp->walk_addr;
3911 	errorq_t eq;
3912 
3913 	if (addr == NULL)
3914 		return (WALK_DONE);
3915 
3916 	if (mdb_vread(&eq, sizeof (eq), addr) == -1) {
3917 		mdb_warn("failed to read errorq at %p", addr);
3918 		return (WALK_ERR);
3919 	}
3920 
3921 	wsp->walk_addr = (uintptr_t)eq.eq_next;
3922 	return (wsp->walk_callback(addr, &eq, wsp->walk_cbdata));
3923 }
3924 
3925 typedef struct eqd_walk_data {
3926 	uintptr_t *eqd_stack;
3927 	void *eqd_buf;
3928 	ulong_t eqd_qpos;
3929 	ulong_t eqd_qlen;
3930 	size_t eqd_size;
3931 } eqd_walk_data_t;
3932 
3933 /*
3934  * In order to walk the list of pending error queue elements, we push the
3935  * addresses of the corresponding data buffers in to the eqd_stack array.
3936  * The error lists are in reverse chronological order when iterating using
3937  * eqe_prev, so we then pop things off the top in eqd_walk_step so that the
3938  * walker client gets addresses in order from oldest error to newest error.
3939  */
3940 static void
3941 eqd_push_list(eqd_walk_data_t *eqdp, uintptr_t addr)
3942 {
3943 	errorq_elem_t eqe;
3944 
3945 	while (addr != NULL) {
3946 		if (mdb_vread(&eqe, sizeof (eqe), addr) != sizeof (eqe)) {
3947 			mdb_warn("failed to read errorq element at %p", addr);
3948 			break;
3949 		}
3950 
3951 		if (eqdp->eqd_qpos == eqdp->eqd_qlen) {
3952 			mdb_warn("errorq is overfull -- more than %lu "
3953 			    "elems found\n", eqdp->eqd_qlen);
3954 			break;
3955 		}
3956 
3957 		eqdp->eqd_stack[eqdp->eqd_qpos++] = (uintptr_t)eqe.eqe_data;
3958 		addr = (uintptr_t)eqe.eqe_prev;
3959 	}
3960 }
3961 
3962 static int
3963 eqd_walk_init(mdb_walk_state_t *wsp)
3964 {
3965 	eqd_walk_data_t *eqdp;
3966 	errorq_elem_t eqe, *addr;
3967 	errorq_t eq;
3968 	ulong_t i;
3969 
3970 	if (mdb_vread(&eq, sizeof (eq), wsp->walk_addr) == -1) {
3971 		mdb_warn("failed to read errorq at %p", wsp->walk_addr);
3972 		return (WALK_ERR);
3973 	}
3974 
3975 	if (eq.eq_ptail != NULL &&
3976 	    mdb_vread(&eqe, sizeof (eqe), (uintptr_t)eq.eq_ptail) == -1) {
3977 		mdb_warn("failed to read errorq element at %p", eq.eq_ptail);
3978 		return (WALK_ERR);
3979 	}
3980 
3981 	eqdp = mdb_alloc(sizeof (eqd_walk_data_t), UM_SLEEP);
3982 	wsp->walk_data = eqdp;
3983 
3984 	eqdp->eqd_stack = mdb_zalloc(sizeof (uintptr_t) * eq.eq_qlen, UM_SLEEP);
3985 	eqdp->eqd_buf = mdb_alloc(eq.eq_size, UM_SLEEP);
3986 	eqdp->eqd_qlen = eq.eq_qlen;
3987 	eqdp->eqd_qpos = 0;
3988 	eqdp->eqd_size = eq.eq_size;
3989 
3990 	/*
3991 	 * The newest elements in the queue are on the pending list, so we
3992 	 * push those on to our stack first.
3993 	 */
3994 	eqd_push_list(eqdp, (uintptr_t)eq.eq_pend);
3995 
3996 	/*
3997 	 * If eq_ptail is set, it may point to a subset of the errors on the
3998 	 * pending list in the event a casptr() failed; if ptail's data is
3999 	 * already in our stack, NULL out eq_ptail and ignore it.
4000 	 */
4001 	if (eq.eq_ptail != NULL) {
4002 		for (i = 0; i < eqdp->eqd_qpos; i++) {
4003 			if (eqdp->eqd_stack[i] == (uintptr_t)eqe.eqe_data) {
4004 				eq.eq_ptail = NULL;
4005 				break;
4006 			}
4007 		}
4008 	}
4009 
4010 	/*
4011 	 * If eq_phead is set, it has the processing list in order from oldest
4012 	 * to newest.  Use this to recompute eq_ptail as best we can and then
4013 	 * we nicely fall into eqd_push_list() of eq_ptail below.
4014 	 */
4015 	for (addr = eq.eq_phead; addr != NULL && mdb_vread(&eqe, sizeof (eqe),
4016 	    (uintptr_t)addr) == sizeof (eqe); addr = eqe.eqe_next)
4017 		eq.eq_ptail = addr;
4018 
4019 	/*
4020 	 * The oldest elements in the queue are on the processing list, subject
4021 	 * to machinations in the if-clauses above.  Push any such elements.
4022 	 */
4023 	eqd_push_list(eqdp, (uintptr_t)eq.eq_ptail);
4024 	return (WALK_NEXT);
4025 }
4026 
4027 static int
4028 eqd_walk_step(mdb_walk_state_t *wsp)
4029 {
4030 	eqd_walk_data_t *eqdp = wsp->walk_data;
4031 	uintptr_t addr;
4032 
4033 	if (eqdp->eqd_qpos == 0)
4034 		return (WALK_DONE);
4035 
4036 	addr = eqdp->eqd_stack[--eqdp->eqd_qpos];
4037 
4038 	if (mdb_vread(eqdp->eqd_buf, eqdp->eqd_size, addr) != eqdp->eqd_size) {
4039 		mdb_warn("failed to read errorq data at %p", addr);
4040 		return (WALK_ERR);
4041 	}
4042 
4043 	return (wsp->walk_callback(addr, eqdp->eqd_buf, wsp->walk_cbdata));
4044 }
4045 
4046 static void
4047 eqd_walk_fini(mdb_walk_state_t *wsp)
4048 {
4049 	eqd_walk_data_t *eqdp = wsp->walk_data;
4050 
4051 	mdb_free(eqdp->eqd_stack, sizeof (uintptr_t) * eqdp->eqd_qlen);
4052 	mdb_free(eqdp->eqd_buf, eqdp->eqd_size);
4053 	mdb_free(eqdp, sizeof (eqd_walk_data_t));
4054 }
4055 
4056 #define	EQKSVAL(eqv, what) (eqv.eq_kstat.what.value.ui64)
4057 
4058 static int
4059 errorq(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
4060 {
4061 	int i;
4062 	errorq_t eq;
4063 	uint_t opt_v = FALSE;
4064 
4065 	if (!(flags & DCMD_ADDRSPEC)) {
4066 		if (mdb_walk_dcmd("errorq", "errorq", argc, argv) == -1) {
4067 			mdb_warn("can't walk 'errorq'");
4068 			return (DCMD_ERR);
4069 		}
4070 		return (DCMD_OK);
4071 	}
4072 
4073 	i = mdb_getopts(argc, argv, 'v', MDB_OPT_SETBITS, TRUE, &opt_v, NULL);
4074 	argc -= i;
4075 	argv += i;
4076 
4077 	if (argc != 0)
4078 		return (DCMD_USAGE);
4079 
4080 	if (opt_v || DCMD_HDRSPEC(flags)) {
4081 		mdb_printf("%<u>%-11s %-16s %1s %1s %1s ",
4082 		    "ADDR", "NAME", "S", "V", "N");
4083 		if (!opt_v) {
4084 			mdb_printf("%7s %7s %7s%</u>\n",
4085 			    "ACCEPT", "DROP", "LOG");
4086 		} else {
4087 			mdb_printf("%5s %6s %6s %3s %16s%</u>\n",
4088 			    "KSTAT", "QLEN", "SIZE", "IPL", "FUNC");
4089 		}
4090 	}
4091 
4092 	if (mdb_vread(&eq, sizeof (eq), addr) != sizeof (eq)) {
4093 		mdb_warn("failed to read errorq at %p", addr);
4094 		return (DCMD_ERR);
4095 	}
4096 
4097 	mdb_printf("%-11p %-16s %c %c %c ", addr, eq.eq_name,
4098 	    (eq.eq_flags & ERRORQ_ACTIVE) ? '+' : '-',
4099 	    (eq.eq_flags & ERRORQ_VITAL) ? '!' : ' ',
4100 	    (eq.eq_flags & ERRORQ_NVLIST) ? '*' : ' ');
4101 
4102 	if (!opt_v) {
4103 		mdb_printf("%7llu %7llu %7llu\n",
4104 		    EQKSVAL(eq, eqk_dispatched) + EQKSVAL(eq, eqk_committed),
4105 		    EQKSVAL(eq, eqk_dropped) + EQKSVAL(eq, eqk_reserve_fail) +
4106 		    EQKSVAL(eq, eqk_commit_fail), EQKSVAL(eq, eqk_logged));
4107 	} else {
4108 		mdb_printf("%5s %6lu %6lu %3u %a\n",
4109 		    "  |  ", eq.eq_qlen, eq.eq_size, eq.eq_ipl, eq.eq_func);
4110 		mdb_printf("%38s\n%41s"
4111 		    "%12s %llu\n"
4112 		    "%53s %llu\n"
4113 		    "%53s %llu\n"
4114 		    "%53s %llu\n"
4115 		    "%53s %llu\n"
4116 		    "%53s %llu\n"
4117 		    "%53s %llu\n"
4118 		    "%53s %llu\n\n",
4119 		    "|", "+-> ",
4120 		    "DISPATCHED",	EQKSVAL(eq, eqk_dispatched),
4121 		    "DROPPED",		EQKSVAL(eq, eqk_dropped),
4122 		    "LOGGED",		EQKSVAL(eq, eqk_logged),
4123 		    "RESERVED",		EQKSVAL(eq, eqk_reserved),
4124 		    "RESERVE FAIL",	EQKSVAL(eq, eqk_reserve_fail),
4125 		    "COMMITTED",	EQKSVAL(eq, eqk_committed),
4126 		    "COMMIT FAIL",	EQKSVAL(eq, eqk_commit_fail),
4127 		    "CANCELLED",	EQKSVAL(eq, eqk_cancelled));
4128 	}
4129 
4130 	return (DCMD_OK);
4131 }
4132 
4133 /*ARGSUSED*/
4134 static int
4135 panicinfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
4136 {
4137 	cpu_t panic_cpu;
4138 	kthread_t *panic_thread;
4139 	void *buf;
4140 	panic_data_t *pd;
4141 	int i, n;
4142 
4143 	if (!mdb_prop_postmortem) {
4144 		mdb_warn("panicinfo can only be run on a system "
4145 		    "dump; see dumpadm(1M)\n");
4146 		return (DCMD_ERR);
4147 	}
4148 
4149 	if (flags & DCMD_ADDRSPEC || argc != 0)
4150 		return (DCMD_USAGE);
4151 
4152 	if (mdb_readsym(&panic_cpu, sizeof (cpu_t), "panic_cpu") == -1)
4153 		mdb_warn("failed to read 'panic_cpu'");
4154 	else
4155 		mdb_printf("%16s %?d\n", "cpu", panic_cpu.cpu_id);
4156 
4157 	if (mdb_readvar(&panic_thread, "panic_thread") == -1)
4158 		mdb_warn("failed to read 'panic_thread'");
4159 	else
4160 		mdb_printf("%16s %?p\n", "thread", panic_thread);
4161 
4162 	buf = mdb_alloc(PANICBUFSIZE, UM_SLEEP);
4163 	pd = (panic_data_t *)buf;
4164 
4165 	if (mdb_readsym(buf, PANICBUFSIZE, "panicbuf") == -1 ||
4166 	    pd->pd_version != PANICBUFVERS) {
4167 		mdb_warn("failed to read 'panicbuf'");
4168 		mdb_free(buf, PANICBUFSIZE);
4169 		return (DCMD_ERR);
4170 	}
4171 
4172 	mdb_printf("%16s %s\n", "message",  (char *)buf + pd->pd_msgoff);
4173 
4174 	n = (pd->pd_msgoff - (sizeof (panic_data_t) -
4175 	    sizeof (panic_nv_t))) / sizeof (panic_nv_t);
4176 
4177 	for (i = 0; i < n; i++)
4178 		mdb_printf("%16s %?llx\n",
4179 		    pd->pd_nvdata[i].pnv_name, pd->pd_nvdata[i].pnv_value);
4180 
4181 	mdb_free(buf, PANICBUFSIZE);
4182 	return (DCMD_OK);
4183 }
4184 
4185 static const mdb_dcmd_t dcmds[] = {
4186 
4187 	/* from genunix.c */
4188 	{ "addr2smap", ":[offset]", "translate address to smap", addr2smap },
4189 	{ "as2proc", ":", "convert as to proc_t address", as2proc },
4190 	{ "binding_hash_entry", ":", "print driver names hash table entry",
4191 		binding_hash_entry },
4192 	{ "callout", "?[-r|n] [-s|l] [-xh] [-t | -ab nsec [-dkD]]"
4193 	    " [-C addr | -S seqid] [-f name|addr] [-p name| addr] [-T|L [-E]]"
4194 	    " [-FivVA]",
4195 	    "display callouts", callout, callout_help },
4196 	{ "calloutid", "[-d|v] xid", "print callout by extended id",
4197 	    calloutid, calloutid_help },
4198 	{ "class", NULL, "print process scheduler classes", class },
4199 	{ "cpuinfo", "?[-v]", "print CPUs and runnable threads", cpuinfo },
4200 	{ "did2thread", "? kt_did", "find kernel thread for this id",
4201 		did2thread },
4202 	{ "errorq", "?[-v]", "display kernel error queues", errorq },
4203 	{ "fd", ":[fd num]", "get a file pointer from an fd", fd },
4204 	{ "flipone", ":", "the vik_rev_level 2 special", flipone },
4205 	{ "lminfo", NULL, "print lock manager information", lminfo },
4206 	{ "ndi_event_hdl", "?", "print ndi_event_hdl", ndi_event_hdl },
4207 	{ "panicinfo", NULL, "print panic information", panicinfo },
4208 	{ "pid2proc", "?", "convert PID to proc_t address", pid2proc },
4209 	{ "pmap", ":[-q]", "print process memory map", pmap },
4210 	{ "project", NULL, "display kernel project(s)", project },
4211 	{ "ps", "[-fltzTP]", "list processes (and associated thr,lwp)", ps },
4212 	{ "pgrep", "[-x] [-n | -o] pattern",
4213 		"pattern match against all processes", pgrep },
4214 	{ "ptree", NULL, "print process tree", ptree },
4215 	{ "seg", ":", "print address space segment", seg },
4216 	{ "sysevent", "?[-sv]", "print sysevent pending or sent queue",
4217 		sysevent},
4218 	{ "sysevent_channel", "?", "print sysevent channel database",
4219 		sysevent_channel},
4220 	{ "sysevent_class_list", ":", "print sysevent class list",
4221 		sysevent_class_list},
4222 	{ "sysevent_subclass_list", ":",
4223 		"print sysevent subclass list", sysevent_subclass_list},
4224 	{ "system", NULL, "print contents of /etc/system file", sysfile },
4225 	{ "task", NULL, "display kernel task(s)", task },
4226 	{ "taskq_entry", ":", "display a taskq_ent_t", taskq_ent },
4227 	{ "vnode2path", ":[-F]", "vnode address to pathname", vnode2path },
4228 	{ "vnode2smap", ":[offset]", "translate vnode to smap", vnode2smap },
4229 	{ "whereopen", ":", "given a vnode, dumps procs which have it open",
4230 	    whereopen },
4231 
4232 	/* from zone.c */
4233 	{ "zone", "?", "display kernel zone(s)", zoneprt },
4234 	{ "zsd", ":[zsd key]", "lookup zsd value from a key", zsd },
4235 
4236 	/* from bio.c */
4237 	{ "bufpagefind", ":addr", "find page_t on buf_t list", bufpagefind },
4238 
4239 	/* from contract.c */
4240 	{ "contract", "?", "display a contract", cmd_contract },
4241 	{ "ctevent", ":", "display a contract event", cmd_ctevent },
4242 	{ "ctid", ":", "convert id to a contract pointer", cmd_ctid },
4243 
4244 	/* from cpupart.c */
4245 	{ "cpupart", "?[-v]", "print cpu partition info", cpupart },
4246 
4247 	/* from cyclic.c */
4248 	{ "cyccover", NULL, "dump cyclic coverage information", cyccover },
4249 	{ "cycid", "?", "dump a cyclic id", cycid },
4250 	{ "cycinfo", "?", "dump cyc_cpu info", cycinfo },
4251 	{ "cyclic", ":", "developer information", cyclic },
4252 	{ "cyctrace", "?", "dump cyclic trace buffer", cyctrace },
4253 
4254 	/* from devinfo.c */
4255 	{ "devbindings", "?[-qs] [device-name | major-num]",
4256 	    "print devinfo nodes bound to device-name or major-num",
4257 	    devbindings, devinfo_help },
4258 	{ "devinfo", ":[-qs]", "detailed devinfo of one node", devinfo,
4259 	    devinfo_help },
4260 	{ "devinfo_audit", ":[-v]", "devinfo configuration audit record",
4261 	    devinfo_audit },
4262 	{ "devinfo_audit_log", "?[-v]", "system wide devinfo configuration log",
4263 	    devinfo_audit_log },
4264 	{ "devinfo_audit_node", ":[-v]", "devinfo node configuration history",
4265 	    devinfo_audit_node },
4266 	{ "devinfo2driver", ":", "find driver name for this devinfo node",
4267 	    devinfo2driver },
4268 	{ "devnames", "?[-vm] [num]", "print devnames array", devnames },
4269 	{ "dev2major", "?<dev_t>", "convert dev_t to a major number",
4270 	    dev2major },
4271 	{ "dev2minor", "?<dev_t>", "convert dev_t to a minor number",
4272 	    dev2minor },
4273 	{ "devt", "?<dev_t>", "display a dev_t's major and minor numbers",
4274 	    devt },
4275 	{ "major2name", "?<major-num>", "convert major number to dev name",
4276 	    major2name },
4277 	{ "minornodes", ":", "given a devinfo node, print its minor nodes",
4278 	    minornodes },
4279 	{ "modctl2devinfo", ":", "given a modctl, list its devinfos",
4280 	    modctl2devinfo },
4281 	{ "name2major", "<dev-name>", "convert dev name to major number",
4282 	    name2major },
4283 	{ "prtconf", "?[-vpc]", "print devinfo tree", prtconf, prtconf_help },
4284 	{ "softstate", ":<instance>", "retrieve soft-state pointer",
4285 	    softstate },
4286 	{ "devinfo_fm", ":", "devinfo fault managment configuration",
4287 	    devinfo_fm },
4288 	{ "devinfo_fmce", ":", "devinfo fault managment cache entry",
4289 	    devinfo_fmce},
4290 
4291 	/* from fm.c */
4292 	{ "ereport", "[-v]", "print ereports logged in dump",
4293 	    ereport },
4294 
4295 	/* from findstack.c */
4296 	{ "findstack", ":[-v]", "find kernel thread stack", findstack },
4297 	{ "findstack_debug", NULL, "toggle findstack debugging",
4298 		findstack_debug },
4299 
4300 	/* from kgrep.c + genunix.c */
4301 	{ "kgrep", KGREP_USAGE, "search kernel as for a pointer", kgrep,
4302 		kgrep_help },
4303 
4304 	/* from kmem.c */
4305 	{ "allocdby", ":", "given a thread, print its allocated buffers",
4306 		allocdby },
4307 	{ "bufctl", ":[-vh] [-a addr] [-c caller] [-e earliest] [-l latest] "
4308 		"[-t thd]", "print or filter a bufctl", bufctl, bufctl_help },
4309 	{ "freedby", ":", "given a thread, print its freed buffers", freedby },
4310 	{ "kmalog", "?[ fail | slab ]",
4311 	    "display kmem transaction log and stack traces", kmalog },
4312 	{ "kmastat", "[-kmg]", "kernel memory allocator stats",
4313 	    kmastat },
4314 	{ "kmausers", "?[-ef] [cache ...]", "current medium and large users "
4315 		"of the kmem allocator", kmausers, kmausers_help },
4316 	{ "kmem_cache", "?[-n name]",
4317 		"print kernel memory caches", kmem_cache, kmem_cache_help},
4318 	{ "kmem_slabs", "?[-v] [-n cache] [-N cache] [-b maxbins] "
4319 		"[-B minbinsize]", "display slab usage per kmem cache",
4320 		kmem_slabs, kmem_slabs_help },
4321 	{ "kmem_debug", NULL, "toggle kmem dcmd/walk debugging", kmem_debug },
4322 	{ "kmem_log", "?[-b]", "dump kmem transaction log", kmem_log },
4323 	{ "kmem_verify", "?", "check integrity of kmem-managed memory",
4324 		kmem_verify },
4325 	{ "vmem", "?", "print a vmem_t", vmem },
4326 	{ "vmem_seg", ":[-sv] [-c caller] [-e earliest] [-l latest] "
4327 		"[-m minsize] [-M maxsize] [-t thread] [-T type]",
4328 		"print or filter a vmem_seg", vmem_seg, vmem_seg_help },
4329 	{ "whatis", ":[-abiv]", "given an address, return information", whatis,
4330 		whatis_help },
4331 	{ "whatthread", ":[-v]", "print threads whose stack contains the "
4332 		"given address", whatthread },
4333 
4334 	/* from ldi.c */
4335 	{ "ldi_handle", "?[-i]", "display a layered driver handle",
4336 	    ldi_handle, ldi_handle_help },
4337 	{ "ldi_ident", NULL, "display a layered driver identifier",
4338 	    ldi_ident, ldi_ident_help },
4339 
4340 	/* from leaky.c + leaky_subr.c */
4341 	{ "findleaks", FINDLEAKS_USAGE,
4342 	    "search for potential kernel memory leaks", findleaks,
4343 	    findleaks_help },
4344 
4345 	/* from lgrp.c */
4346 	{ "lgrp", "?[-q] [-p | -Pih]", "display an lgrp", lgrp},
4347 	{ "lgrp_set", "", "display bitmask of lgroups as a list", lgrp_set},
4348 
4349 	/* from log.c */
4350 	{ "msgbuf", "?[-v]", "print most recent console messages", msgbuf },
4351 
4352 	/* from memory.c */
4353 	{ "page", "?", "display a summarized page_t", page },
4354 	{ "memstat", NULL, "display memory usage summary", memstat },
4355 	{ "memlist", "?[-iav]", "display a struct memlist", memlist },
4356 	{ "swapinfo", "?", "display a struct swapinfo", swapinfof },
4357 
4358 	/* from mmd.c */
4359 	{ "multidata", ":[-sv]", "display a summarized multidata_t",
4360 		multidata },
4361 	{ "pattbl", ":", "display a summarized multidata attribute table",
4362 		pattbl },
4363 	{ "pattr2multidata", ":", "print multidata pointer from pattr_t",
4364 		pattr2multidata },
4365 	{ "pdesc2slab", ":", "print pdesc slab pointer from pdesc_t",
4366 		pdesc2slab },
4367 	{ "pdesc_verify", ":", "verify integrity of a pdesc_t", pdesc_verify },
4368 	{ "slab2multidata", ":", "print multidata pointer from pdesc_slab_t",
4369 		slab2multidata },
4370 
4371 	/* from modhash.c */
4372 	{ "modhash", "?[-ceht] [-k key] [-v val] [-i index]",
4373 		"display information about one or all mod_hash structures",
4374 		modhash, modhash_help },
4375 	{ "modent", ":[-k | -v | -t type]",
4376 		"display information about a mod_hash_entry", modent,
4377 		modent_help },
4378 
4379 	/* from net.c */
4380 	{ "mi", ":[-p] [-d | -m]", "filter and display MI object or payload",
4381 		mi },
4382 	{ "netstat", "[-arv] [-f inet | inet6 | unix] [-P tcp | udp]",
4383 		"show network statistics", netstat },
4384 	{ "sonode", "?[-f inet | inet6 | unix | #] "
4385 		"[-t stream | dgram | raw | #] [-p #]",
4386 		"filter and display sonode", sonode },
4387 
4388 	/* from netstack.c */
4389 	{ "netstack", "", "show stack instances", netstack },
4390 
4391 	/* from nvpair.c */
4392 	{ NVPAIR_DCMD_NAME, NVPAIR_DCMD_USAGE, NVPAIR_DCMD_DESCR,
4393 		nvpair_print },
4394 	{ NVLIST_DCMD_NAME, NVLIST_DCMD_USAGE, NVLIST_DCMD_DESCR,
4395 		print_nvlist },
4396 
4397 	/* from pg.c */
4398 	{ "pg", "?[-q]", "display a pg", pg},
4399 	/* from group.c */
4400 	{ "group", "?[-q]", "display a group", group},
4401 
4402 	/* from log.c */
4403 	/* from rctl.c */
4404 	{ "rctl_dict", "?", "print systemwide default rctl definitions",
4405 		rctl_dict },
4406 	{ "rctl_list", ":[handle]", "print rctls for the given proc",
4407 		rctl_list },
4408 	{ "rctl", ":[handle]", "print a rctl_t, only if it matches the handle",
4409 		rctl },
4410 	{ "rctl_validate", ":[-v] [-n #]", "test resource control value "
4411 		"sequence", rctl_validate },
4412 
4413 	/* from sobj.c */
4414 	{ "rwlock", ":", "dump out a readers/writer lock", rwlock },
4415 	{ "mutex", ":[-f]", "dump out an adaptive or spin mutex", mutex,
4416 		mutex_help },
4417 	{ "sobj2ts", ":", "perform turnstile lookup on synch object", sobj2ts },
4418 	{ "wchaninfo", "?[-v]", "dump condition variable", wchaninfo },
4419 	{ "turnstile", "?", "display a turnstile", turnstile },
4420 
4421 	/* from stream.c */
4422 	{ "mblk", ":[-q|v] [-f|F flag] [-t|T type] [-l|L|B len] [-d dbaddr]",
4423 		"print an mblk", mblk_prt, mblk_help },
4424 	{ "mblk_verify", "?", "verify integrity of an mblk", mblk_verify },
4425 	{ "mblk2dblk", ":", "convert mblk_t address to dblk_t address",
4426 		mblk2dblk },
4427 	{ "q2otherq", ":", "print peer queue for a given queue", q2otherq },
4428 	{ "q2rdq", ":", "print read queue for a given queue", q2rdq },
4429 	{ "q2syncq", ":", "print syncq for a given queue", q2syncq },
4430 	{ "q2stream", ":", "print stream pointer for a given queue", q2stream },
4431 	{ "q2wrq", ":", "print write queue for a given queue", q2wrq },
4432 	{ "queue", ":[-q|v] [-m mod] [-f flag] [-F flag] [-s syncq_addr]",
4433 		"filter and display STREAM queue", queue, queue_help },
4434 	{ "stdata", ":[-q|v] [-f flag] [-F flag]",
4435 		"filter and display STREAM head", stdata, stdata_help },
4436 	{ "str2mate", ":", "print mate of this stream", str2mate },
4437 	{ "str2wrq", ":", "print write queue of this stream", str2wrq },
4438 	{ "stream", ":", "display STREAM", stream },
4439 	{ "strftevent", ":", "print STREAMS flow trace event", strftevent },
4440 	{ "syncq", ":[-q|v] [-f flag] [-F flag] [-t type] [-T type]",
4441 		"filter and display STREAM sync queue", syncq, syncq_help },
4442 	{ "syncq2q", ":", "print queue for a given syncq", syncq2q },
4443 
4444 	/* from thread.c */
4445 	{ "thread", "?[-bdfimps]", "display a summarized kthread_t", thread,
4446 		thread_help },
4447 	{ "threadlist", "?[-t] [-v [count]]",
4448 		"display threads and associated C stack traces", threadlist,
4449 		threadlist_help },
4450 	{ "stackinfo", "?[-h|-a]", "display kthread_t stack usage", stackinfo,
4451 		stackinfo_help },
4452 
4453 	/* from tsd.c */
4454 	{ "tsd", ":-k key", "print tsd[key-1] for this thread", ttotsd },
4455 	{ "tsdtot", ":", "find thread with this tsd", tsdtot },
4456 
4457 	/*
4458 	 * typegraph does not work under kmdb, as it requires too much memory
4459 	 * for its internal data structures.
4460 	 */
4461 #ifndef _KMDB
4462 	/* from typegraph.c */
4463 	{ "findlocks", ":", "find locks held by specified thread", findlocks },
4464 	{ "findfalse", "?[-v]", "find potentially falsely shared structures",
4465 		findfalse },
4466 	{ "typegraph", NULL, "build type graph", typegraph },
4467 	{ "istype", ":type", "manually set object type", istype },
4468 	{ "notype", ":", "manually clear object type", notype },
4469 	{ "whattype", ":", "determine object type", whattype },
4470 #endif
4471 
4472 	/* from vfs.c */
4473 	{ "fsinfo", "?[-v]", "print mounted filesystems", fsinfo },
4474 	{ "pfiles", ":[-fp]", "print process file information", pfiles,
4475 		pfiles_help },
4476 
4477 	/* from mdi.c */
4478 	{ "mdipi", NULL, "given a path, dump mdi_pathinfo "
4479 		"and detailed pi_prop list", mdipi },
4480 	{ "mdiprops", NULL, "given a pi_prop, dump the pi_prop list",
4481 		mdiprops },
4482 	{ "mdiphci", NULL, "given a phci, dump mdi_phci and "
4483 		"list all paths", mdiphci },
4484 	{ "mdivhci", NULL, "given a vhci, dump mdi_vhci and list "
4485 		"all phcis", mdivhci },
4486 	{ "mdiclient_paths", NULL, "given a path, walk mdi_pathinfo "
4487 		"client links", mdiclient_paths },
4488 	{ "mdiphci_paths", NULL, "given a path, walk through mdi_pathinfo "
4489 		"phci links", mdiphci_paths },
4490 	{ "mdiphcis", NULL, "given a phci, walk through mdi_phci ph_next links",
4491 		mdiphcis },
4492 
4493 	{ NULL }
4494 };
4495 
4496 static const mdb_walker_t walkers[] = {
4497 
4498 	/* from genunix.c */
4499 	{ "anon", "given an amp, list of anon structures",
4500 		anon_walk_init, anon_walk_step, anon_walk_fini },
4501 	{ "callouts_bytime", "walk callouts by list chain (expiration time)",
4502 		callout_walk_init, callout_walk_step, callout_walk_fini,
4503 		(void *)CALLOUT_WALK_BYLIST },
4504 	{ "callouts_byid", "walk callouts by id hash chain",
4505 		callout_walk_init, callout_walk_step, callout_walk_fini,
4506 		(void *)CALLOUT_WALK_BYID },
4507 	{ "callout_list", "walk a callout list", callout_list_walk_init,
4508 		callout_list_walk_step, callout_list_walk_fini },
4509 	{ "callout_table", "walk callout table array", callout_table_walk_init,
4510 		callout_table_walk_step, callout_table_walk_fini },
4511 	{ "cpu", "walk cpu structures", cpu_walk_init, cpu_walk_step },
4512 	{ "ereportq_dump", "walk list of ereports in dump error queue",
4513 		ereportq_dump_walk_init, ereportq_dump_walk_step, NULL },
4514 	{ "ereportq_pend", "walk list of ereports in pending error queue",
4515 		ereportq_pend_walk_init, ereportq_pend_walk_step, NULL },
4516 	{ "errorq", "walk list of system error queues",
4517 		errorq_walk_init, errorq_walk_step, NULL },
4518 	{ "errorq_data", "walk pending error queue data buffers",
4519 		eqd_walk_init, eqd_walk_step, eqd_walk_fini },
4520 	{ "allfile", "given a proc pointer, list all file pointers",
4521 		file_walk_init, allfile_walk_step, file_walk_fini },
4522 	{ "file", "given a proc pointer, list of open file pointers",
4523 		file_walk_init, file_walk_step, file_walk_fini },
4524 	{ "lock_descriptor", "walk lock_descriptor_t structures",
4525 		ld_walk_init, ld_walk_step, NULL },
4526 	{ "lock_graph", "walk lock graph",
4527 		lg_walk_init, lg_walk_step, NULL },
4528 	{ "port", "given a proc pointer, list of created event ports",
4529 		port_walk_init, port_walk_step, NULL },
4530 	{ "portev", "given a port pointer, list of events in the queue",
4531 		portev_walk_init, portev_walk_step, portev_walk_fini },
4532 	{ "proc", "list of active proc_t structures",
4533 		proc_walk_init, proc_walk_step, proc_walk_fini },
4534 	{ "projects", "walk a list of kernel projects",
4535 		project_walk_init, project_walk_step, NULL },
4536 	{ "seg", "given an as, list of segments",
4537 		seg_walk_init, avl_walk_step, avl_walk_fini },
4538 	{ "sysevent_pend", "walk sysevent pending queue",
4539 		sysevent_pend_walk_init, sysevent_walk_step,
4540 		sysevent_walk_fini},
4541 	{ "sysevent_sent", "walk sysevent sent queue", sysevent_sent_walk_init,
4542 		sysevent_walk_step, sysevent_walk_fini},
4543 	{ "sysevent_channel", "walk sysevent channel subscriptions",
4544 		sysevent_channel_walk_init, sysevent_channel_walk_step,
4545 		sysevent_channel_walk_fini},
4546 	{ "sysevent_class_list", "walk sysevent subscription's class list",
4547 		sysevent_class_list_walk_init, sysevent_class_list_walk_step,
4548 		sysevent_class_list_walk_fini},
4549 	{ "sysevent_subclass_list",
4550 		"walk sysevent subscription's subclass list",
4551 		sysevent_subclass_list_walk_init,
4552 		sysevent_subclass_list_walk_step,
4553 		sysevent_subclass_list_walk_fini},
4554 	{ "task", "given a task pointer, walk its processes",
4555 		task_walk_init, task_walk_step, NULL },
4556 	{ "taskq_entry", "given a taskq_t*, list all taskq_ent_t in the list",
4557 		taskq_walk_init, taskq_walk_step, NULL, NULL },
4558 
4559 	/* from avl.c */
4560 	{ AVL_WALK_NAME, AVL_WALK_DESC,
4561 		avl_walk_init, avl_walk_step, avl_walk_fini },
4562 
4563 	/* from zone.c */
4564 	{ "zone", "walk a list of kernel zones",
4565 		zone_walk_init, zone_walk_step, NULL },
4566 	{ "zsd", "walk list of zsd entries for a zone",
4567 		zsd_walk_init, zsd_walk_step, NULL },
4568 
4569 	/* from bio.c */
4570 	{ "buf", "walk the bio buf hash",
4571 		buf_walk_init, buf_walk_step, buf_walk_fini },
4572 
4573 	/* from contract.c */
4574 	{ "contract", "walk all contracts, or those of the specified type",
4575 		ct_walk_init, generic_walk_step, NULL },
4576 	{ "ct_event", "walk events on a contract event queue",
4577 		ct_event_walk_init, generic_walk_step, NULL },
4578 	{ "ct_listener", "walk contract event queue listeners",
4579 		ct_listener_walk_init, generic_walk_step, NULL },
4580 
4581 	/* from cpupart.c */
4582 	{ "cpupart_cpulist", "given an cpupart_t, walk cpus in partition",
4583 		cpupart_cpulist_walk_init, cpupart_cpulist_walk_step,
4584 		NULL },
4585 	{ "cpupart_walk", "walk the set of cpu partitions",
4586 		cpupart_walk_init, cpupart_walk_step, NULL },
4587 
4588 	/* from ctxop.c */
4589 	{ "ctxop", "walk list of context ops on a thread",
4590 		ctxop_walk_init, ctxop_walk_step, ctxop_walk_fini },
4591 
4592 	/* from cyclic.c */
4593 	{ "cyccpu", "walk per-CPU cyc_cpu structures",
4594 		cyccpu_walk_init, cyccpu_walk_step, NULL },
4595 	{ "cycomni", "for an omnipresent cyclic, walk cyc_omni_cpu list",
4596 		cycomni_walk_init, cycomni_walk_step, NULL },
4597 	{ "cyctrace", "walk cyclic trace buffer",
4598 		cyctrace_walk_init, cyctrace_walk_step, cyctrace_walk_fini },
4599 
4600 	/* from devinfo.c */
4601 	{ "binding_hash", "walk all entries in binding hash table",
4602 		binding_hash_walk_init, binding_hash_walk_step, NULL },
4603 	{ "devinfo", "walk devinfo tree or subtree",
4604 		devinfo_walk_init, devinfo_walk_step, devinfo_walk_fini },
4605 	{ "devinfo_audit_log", "walk devinfo audit system-wide log",
4606 		devinfo_audit_log_walk_init, devinfo_audit_log_walk_step,
4607 		devinfo_audit_log_walk_fini},
4608 	{ "devinfo_audit_node", "walk per-devinfo audit history",
4609 		devinfo_audit_node_walk_init, devinfo_audit_node_walk_step,
4610 		devinfo_audit_node_walk_fini},
4611 	{ "devinfo_children", "walk children of devinfo node",
4612 		devinfo_children_walk_init, devinfo_children_walk_step,
4613 		devinfo_children_walk_fini },
4614 	{ "devinfo_parents", "walk ancestors of devinfo node",
4615 		devinfo_parents_walk_init, devinfo_parents_walk_step,
4616 		devinfo_parents_walk_fini },
4617 	{ "devinfo_siblings", "walk siblings of devinfo node",
4618 		devinfo_siblings_walk_init, devinfo_siblings_walk_step, NULL },
4619 	{ "devi_next", "walk devinfo list",
4620 		NULL, devi_next_walk_step, NULL },
4621 	{ "devnames", "walk devnames array",
4622 		devnames_walk_init, devnames_walk_step, devnames_walk_fini },
4623 	{ "minornode", "given a devinfo node, walk minor nodes",
4624 		minornode_walk_init, minornode_walk_step, NULL },
4625 	{ "softstate",
4626 		"given an i_ddi_soft_state*, list all in-use driver stateps",
4627 		soft_state_walk_init, soft_state_walk_step,
4628 		NULL, NULL },
4629 	{ "softstate_all",
4630 		"given an i_ddi_soft_state*, list all driver stateps",
4631 		soft_state_walk_init, soft_state_all_walk_step,
4632 		NULL, NULL },
4633 	{ "devinfo_fmc",
4634 		"walk a fault management handle cache active list",
4635 		devinfo_fmc_walk_init, devinfo_fmc_walk_step, NULL },
4636 
4637 	/* from kmem.c */
4638 	{ "allocdby", "given a thread, walk its allocated bufctls",
4639 		allocdby_walk_init, allocdby_walk_step, allocdby_walk_fini },
4640 	{ "bufctl", "walk a kmem cache's bufctls",
4641 		bufctl_walk_init, kmem_walk_step, kmem_walk_fini },
4642 	{ "bufctl_history", "walk the available history of a bufctl",
4643 		bufctl_history_walk_init, bufctl_history_walk_step,
4644 		bufctl_history_walk_fini },
4645 	{ "freedby", "given a thread, walk its freed bufctls",
4646 		freedby_walk_init, allocdby_walk_step, allocdby_walk_fini },
4647 	{ "freectl", "walk a kmem cache's free bufctls",
4648 		freectl_walk_init, kmem_walk_step, kmem_walk_fini },
4649 	{ "freectl_constructed", "walk a kmem cache's constructed free bufctls",
4650 		freectl_constructed_walk_init, kmem_walk_step, kmem_walk_fini },
4651 	{ "freemem", "walk a kmem cache's free memory",
4652 		freemem_walk_init, kmem_walk_step, kmem_walk_fini },
4653 	{ "freemem_constructed", "walk a kmem cache's constructed free memory",
4654 		freemem_constructed_walk_init, kmem_walk_step, kmem_walk_fini },
4655 	{ "kmem", "walk a kmem cache",
4656 		kmem_walk_init, kmem_walk_step, kmem_walk_fini },
4657 	{ "kmem_cpu_cache", "given a kmem cache, walk its per-CPU caches",
4658 		kmem_cpu_cache_walk_init, kmem_cpu_cache_walk_step, NULL },
4659 	{ "kmem_hash", "given a kmem cache, walk its allocated hash table",
4660 		kmem_hash_walk_init, kmem_hash_walk_step, kmem_hash_walk_fini },
4661 	{ "kmem_log", "walk the kmem transaction log",
4662 		kmem_log_walk_init, kmem_log_walk_step, kmem_log_walk_fini },
4663 	{ "kmem_slab", "given a kmem cache, walk its slabs",
4664 		kmem_slab_walk_init, combined_walk_step, combined_walk_fini },
4665 	{ "kmem_slab_partial",
4666 	    "given a kmem cache, walk its partially allocated slabs (min 1)",
4667 		kmem_slab_walk_partial_init, combined_walk_step,
4668 		combined_walk_fini },
4669 	{ "vmem", "walk vmem structures in pre-fix, depth-first order",
4670 		vmem_walk_init, vmem_walk_step, vmem_walk_fini },
4671 	{ "vmem_alloc", "given a vmem_t, walk its allocated vmem_segs",
4672 		vmem_alloc_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4673 	{ "vmem_free", "given a vmem_t, walk its free vmem_segs",
4674 		vmem_free_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4675 	{ "vmem_postfix", "walk vmem structures in post-fix, depth-first order",
4676 		vmem_walk_init, vmem_postfix_walk_step, vmem_walk_fini },
4677 	{ "vmem_seg", "given a vmem_t, walk all of its vmem_segs",
4678 		vmem_seg_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4679 	{ "vmem_span", "given a vmem_t, walk its spanning vmem_segs",
4680 		vmem_span_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4681 
4682 	/* from ldi.c */
4683 	{ "ldi_handle", "walk the layered driver handle hash",
4684 		ldi_handle_walk_init, ldi_handle_walk_step, NULL },
4685 	{ "ldi_ident", "walk the layered driver identifier hash",
4686 		ldi_ident_walk_init, ldi_ident_walk_step, NULL },
4687 
4688 	/* from leaky.c + leaky_subr.c */
4689 	{ "leak", "given a leaked bufctl or vmem_seg, find leaks w/ same "
4690 	    "stack trace",
4691 		leaky_walk_init, leaky_walk_step, leaky_walk_fini },
4692 	{ "leakbuf", "given a leaked bufctl or vmem_seg, walk buffers for "
4693 	    "leaks w/ same stack trace",
4694 		leaky_walk_init, leaky_buf_walk_step, leaky_walk_fini },
4695 
4696 	/* from lgrp.c */
4697 	{ "lgrp_cpulist", "walk CPUs in a given lgroup",
4698 		lgrp_cpulist_walk_init, lgrp_cpulist_walk_step, NULL },
4699 	{ "lgrptbl", "walk lgroup table",
4700 		lgrp_walk_init, lgrp_walk_step, NULL },
4701 	{ "lgrp_parents", "walk up lgroup lineage from given lgroup",
4702 		lgrp_parents_walk_init, lgrp_parents_walk_step, NULL },
4703 	{ "lgrp_rsrc_mem", "walk lgroup memory resources of given lgroup",
4704 		lgrp_rsrc_mem_walk_init, lgrp_set_walk_step, NULL },
4705 	{ "lgrp_rsrc_cpu", "walk lgroup CPU resources of given lgroup",
4706 		lgrp_rsrc_cpu_walk_init, lgrp_set_walk_step, NULL },
4707 
4708 	/* from group.c */
4709 	{ "group", "walk all elements of a group",
4710 		group_walk_init, group_walk_step, NULL },
4711 
4712 	/* from list.c */
4713 	{ LIST_WALK_NAME, LIST_WALK_DESC,
4714 		list_walk_init, list_walk_step, list_walk_fini },
4715 
4716 	/* from memory.c */
4717 	{ "page", "walk all pages, or those from the specified vnode",
4718 		page_walk_init, page_walk_step, page_walk_fini },
4719 	{ "memlist", "walk specified memlist",
4720 		NULL, memlist_walk_step, NULL },
4721 	{ "swapinfo", "walk swapinfo structures",
4722 		swap_walk_init, swap_walk_step, NULL },
4723 
4724 	/* from mmd.c */
4725 	{ "pattr", "walk pattr_t structures", pattr_walk_init,
4726 		mmdq_walk_step, mmdq_walk_fini },
4727 	{ "pdesc", "walk pdesc_t structures",
4728 		pdesc_walk_init, mmdq_walk_step, mmdq_walk_fini },
4729 	{ "pdesc_slab", "walk pdesc_slab_t structures",
4730 		pdesc_slab_walk_init, mmdq_walk_step, mmdq_walk_fini },
4731 
4732 	/* from modhash.c */
4733 	{ "modhash", "walk list of mod_hash structures", modhash_walk_init,
4734 		modhash_walk_step, NULL },
4735 	{ "modent", "walk list of entries in a given mod_hash",
4736 		modent_walk_init, modent_walk_step, modent_walk_fini },
4737 	{ "modchain", "walk list of entries in a given mod_hash_entry",
4738 		NULL, modchain_walk_step, NULL },
4739 
4740 	/* from net.c */
4741 	{ "ar", "walk ar_t structures using MI for all stacks",
4742 		mi_payload_walk_init, mi_payload_walk_step, NULL, &mi_ar_arg },
4743 	{ "icmp", "walk ICMP control structures using MI for all stacks",
4744 		mi_payload_walk_init, mi_payload_walk_step, NULL,
4745 		&mi_icmp_arg },
4746 	{ "ill", "walk ill_t structures using MI for all stacks",
4747 		mi_payload_walk_init, mi_payload_walk_step, NULL, &mi_ill_arg },
4748 
4749 	{ "mi", "given a MI_O, walk the MI",
4750 		mi_walk_init, mi_walk_step, mi_walk_fini, NULL },
4751 	{ "sonode", "given a sonode, walk its children",
4752 		sonode_walk_init, sonode_walk_step, sonode_walk_fini, NULL },
4753 
4754 	{ "ar_stacks", "walk all the ar_stack_t",
4755 		ar_stacks_walk_init, ar_stacks_walk_step, NULL },
4756 	{ "icmp_stacks", "walk all the icmp_stack_t",
4757 		icmp_stacks_walk_init, icmp_stacks_walk_step, NULL },
4758 	{ "tcp_stacks", "walk all the tcp_stack_t",
4759 		tcp_stacks_walk_init, tcp_stacks_walk_step, NULL },
4760 	{ "udp_stacks", "walk all the udp_stack_t",
4761 		udp_stacks_walk_init, udp_stacks_walk_step, NULL },
4762 
4763 	/* from nvpair.c */
4764 	{ NVPAIR_WALKER_NAME, NVPAIR_WALKER_DESCR,
4765 		nvpair_walk_init, nvpair_walk_step, NULL },
4766 
4767 	/* from rctl.c */
4768 	{ "rctl_dict_list", "walk all rctl_dict_entry_t's from rctl_lists",
4769 		rctl_dict_walk_init, rctl_dict_walk_step, NULL },
4770 	{ "rctl_set", "given a rctl_set, walk all rctls", rctl_set_walk_init,
4771 		rctl_set_walk_step, NULL },
4772 	{ "rctl_val", "given a rctl_t, walk all rctl_val entries associated",
4773 		rctl_val_walk_init, rctl_val_walk_step },
4774 
4775 	/* from sobj.c */
4776 	{ "blocked", "walk threads blocked on a given sobj",
4777 		blocked_walk_init, blocked_walk_step, NULL },
4778 	{ "wchan", "given a wchan, list of blocked threads",
4779 		wchan_walk_init, wchan_walk_step, wchan_walk_fini },
4780 
4781 	/* from stream.c */
4782 	{ "b_cont", "walk mblk_t list using b_cont",
4783 		mblk_walk_init, b_cont_step, mblk_walk_fini },
4784 	{ "b_next", "walk mblk_t list using b_next",
4785 		mblk_walk_init, b_next_step, mblk_walk_fini },
4786 	{ "qlink", "walk queue_t list using q_link",
4787 		queue_walk_init, queue_link_step, queue_walk_fini },
4788 	{ "qnext", "walk queue_t list using q_next",
4789 		queue_walk_init, queue_next_step, queue_walk_fini },
4790 	{ "strftblk", "given a dblk_t, walk STREAMS flow trace event list",
4791 		strftblk_walk_init, strftblk_step, strftblk_walk_fini },
4792 	{ "readq", "walk read queue side of stdata",
4793 		str_walk_init, strr_walk_step, str_walk_fini },
4794 	{ "writeq", "walk write queue side of stdata",
4795 		str_walk_init, strw_walk_step, str_walk_fini },
4796 
4797 	/* from thread.c */
4798 	{ "deathrow", "walk threads on both lwp_ and thread_deathrow",
4799 		deathrow_walk_init, deathrow_walk_step, NULL },
4800 	{ "cpu_dispq", "given a cpu_t, walk threads in dispatcher queues",
4801 		cpu_dispq_walk_init, dispq_walk_step, dispq_walk_fini },
4802 	{ "cpupart_dispq",
4803 		"given a cpupart_t, walk threads in dispatcher queues",
4804 		cpupart_dispq_walk_init, dispq_walk_step, dispq_walk_fini },
4805 	{ "lwp_deathrow", "walk lwp_deathrow",
4806 		lwp_deathrow_walk_init, deathrow_walk_step, NULL },
4807 	{ "thread", "global or per-process kthread_t structures",
4808 		thread_walk_init, thread_walk_step, thread_walk_fini },
4809 	{ "thread_deathrow", "walk threads on thread_deathrow",
4810 		thread_deathrow_walk_init, deathrow_walk_step, NULL },
4811 
4812 	/* from tsd.c */
4813 	{ "tsd", "walk list of thread-specific data",
4814 		tsd_walk_init, tsd_walk_step, tsd_walk_fini },
4815 
4816 	/* from tsol.c */
4817 	{ "tnrh", "walk remote host cache structures",
4818 	    tnrh_walk_init, tnrh_walk_step, tnrh_walk_fini },
4819 	{ "tnrhtp", "walk remote host template structures",
4820 	    tnrhtp_walk_init, tnrhtp_walk_step, tnrhtp_walk_fini },
4821 
4822 	/*
4823 	 * typegraph does not work under kmdb, as it requires too much memory
4824 	 * for its internal data structures.
4825 	 */
4826 #ifndef _KMDB
4827 	/* from typegraph.c */
4828 	{ "typeconflict", "walk buffers with conflicting type inferences",
4829 		typegraph_walk_init, typeconflict_walk_step },
4830 	{ "typeunknown", "walk buffers with unknown types",
4831 		typegraph_walk_init, typeunknown_walk_step },
4832 #endif
4833 
4834 	/* from vfs.c */
4835 	{ "vfs", "walk file system list",
4836 		vfs_walk_init, vfs_walk_step },
4837 
4838 	/* from mdi.c */
4839 	{ "mdipi_client_list", "Walker for mdi_pathinfo pi_client_link",
4840 		mdi_pi_client_link_walk_init,
4841 		mdi_pi_client_link_walk_step,
4842 		mdi_pi_client_link_walk_fini },
4843 
4844 	{ "mdipi_phci_list", "Walker for mdi_pathinfo pi_phci_link",
4845 		mdi_pi_phci_link_walk_init,
4846 		mdi_pi_phci_link_walk_step,
4847 		mdi_pi_phci_link_walk_fini },
4848 
4849 	{ "mdiphci_list", "Walker for mdi_phci ph_next link",
4850 		mdi_phci_ph_next_walk_init,
4851 		mdi_phci_ph_next_walk_step,
4852 		mdi_phci_ph_next_walk_fini },
4853 
4854 	/* from netstack.c */
4855 	{ "netstack", "walk a list of kernel netstacks",
4856 		netstack_walk_init, netstack_walk_step, NULL },
4857 
4858 	{ NULL }
4859 };
4860 
4861 static const mdb_modinfo_t modinfo = { MDB_API_VERSION, dcmds, walkers };
4862 
4863 const mdb_modinfo_t *
4864 _mdb_init(void)
4865 {
4866 	if (findstack_init() != DCMD_OK)
4867 		return (NULL);
4868 
4869 	kmem_init();
4870 
4871 	return (&modinfo);
4872 }
4873 
4874 void
4875 _mdb_fini(void)
4876 {
4877 	/*
4878 	 * Force ::findleaks to let go any cached memory
4879 	 */
4880 	leaky_cleanup(1);
4881 }
4882