xref: /titanic_44/usr/src/cmd/mdb/common/modules/genunix/genunix.c (revision ace1a5f11236a072fca1b5e0ea1416a083a9f2aa)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <mdb/mdb_param.h>
30 #include <mdb/mdb_modapi.h>
31 #include <mdb/mdb_ks.h>
32 #include <mdb/mdb_ctf.h>
33 
34 #include <sys/types.h>
35 #include <sys/thread.h>
36 #include <sys/session.h>
37 #include <sys/user.h>
38 #include <sys/proc.h>
39 #include <sys/var.h>
40 #include <sys/t_lock.h>
41 #include <sys/callo.h>
42 #include <sys/priocntl.h>
43 #include <sys/class.h>
44 #include <sys/regset.h>
45 #include <sys/stack.h>
46 #include <sys/cpuvar.h>
47 #include <sys/vnode.h>
48 #include <sys/vfs.h>
49 #include <sys/flock_impl.h>
50 #include <sys/kmem_impl.h>
51 #include <sys/vmem_impl.h>
52 #include <sys/kstat.h>
53 #include <vm/seg_vn.h>
54 #include <vm/anon.h>
55 #include <vm/as.h>
56 #include <vm/seg_map.h>
57 #include <sys/dditypes.h>
58 #include <sys/ddi_impldefs.h>
59 #include <sys/sysmacros.h>
60 #include <sys/sysconf.h>
61 #include <sys/task.h>
62 #include <sys/project.h>
63 #include <sys/taskq.h>
64 #include <sys/taskq_impl.h>
65 #include <sys/errorq_impl.h>
66 #include <sys/cred_impl.h>
67 #include <sys/zone.h>
68 #include <sys/panic.h>
69 #include <regex.h>
70 #include <sys/port_impl.h>
71 
72 #include "contract.h"
73 #include "cpupart_mdb.h"
74 #include "devinfo.h"
75 #include "leaky.h"
76 #include "lgrp.h"
77 #include "list.h"
78 #include "log.h"
79 #include "kgrep.h"
80 #include "kmem.h"
81 #include "bio.h"
82 #include "streams.h"
83 #include "cyclic.h"
84 #include "findstack.h"
85 #include "ndievents.h"
86 #include "mmd.h"
87 #include "net.h"
88 #include "nvpair.h"
89 #include "ctxop.h"
90 #include "tsd.h"
91 #include "thread.h"
92 #include "memory.h"
93 #include "sobj.h"
94 #include "sysevent.h"
95 #include "rctl.h"
96 #include "typegraph.h"
97 #include "ldi.h"
98 #include "vfs.h"
99 #include "zone.h"
100 #include "modhash.h"
101 
102 /*
103  * Surely this is defined somewhere...
104  */
105 #define	NINTR		16
106 
107 #ifndef STACK_BIAS
108 #define	STACK_BIAS	0
109 #endif
110 
111 static char
112 pstat2ch(uchar_t state)
113 {
114 	switch (state) {
115 		case SSLEEP: return ('S');
116 		case SRUN: return ('R');
117 		case SZOMB: return ('Z');
118 		case SIDL: return ('I');
119 		case SONPROC: return ('O');
120 		case SSTOP: return ('T');
121 		default: return ('?');
122 	}
123 }
124 
125 #define	PS_PRTTHREADS	0x1
126 #define	PS_PRTLWPS	0x2
127 #define	PS_PSARGS	0x4
128 #define	PS_TASKS	0x8
129 #define	PS_PROJECTS	0x10
130 #define	PS_ZONES	0x20
131 
132 static int
133 ps_threadprint(uintptr_t addr, const void *data, void *private)
134 {
135 	const kthread_t *t = (const kthread_t *)data;
136 	uint_t prt_flags = *((uint_t *)private);
137 
138 	static const mdb_bitmask_t t_state_bits[] = {
139 		{ "TS_FREE",	UINT_MAX,	TS_FREE		},
140 		{ "TS_SLEEP",	TS_SLEEP,	TS_SLEEP	},
141 		{ "TS_RUN",	TS_RUN,		TS_RUN		},
142 		{ "TS_ONPROC",	TS_ONPROC,	TS_ONPROC	},
143 		{ "TS_ZOMB",	TS_ZOMB,	TS_ZOMB		},
144 		{ "TS_STOPPED",	TS_STOPPED,	TS_STOPPED	},
145 		{ NULL,		0,		0		}
146 	};
147 
148 	if (prt_flags & PS_PRTTHREADS)
149 		mdb_printf("\tT  %?a <%b>\n", addr, t->t_state, t_state_bits);
150 
151 	if (prt_flags & PS_PRTLWPS)
152 		mdb_printf("\tL  %?a ID: %u\n", t->t_lwp, t->t_tid);
153 
154 	return (WALK_NEXT);
155 }
156 
157 int
158 ps(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
159 {
160 	uint_t prt_flags = 0;
161 	proc_t pr;
162 	struct pid pid, pgid, sid;
163 	sess_t session;
164 	cred_t cred;
165 	task_t tk;
166 	kproject_t pj;
167 	zone_t zn;
168 
169 	if (!(flags & DCMD_ADDRSPEC)) {
170 		if (mdb_walk_dcmd("proc", "ps", argc, argv) == -1) {
171 			mdb_warn("can't walk 'proc'");
172 			return (DCMD_ERR);
173 		}
174 		return (DCMD_OK);
175 	}
176 
177 	if (mdb_getopts(argc, argv,
178 	    'f', MDB_OPT_SETBITS, PS_PSARGS, &prt_flags,
179 	    'l', MDB_OPT_SETBITS, PS_PRTLWPS, &prt_flags,
180 	    'T', MDB_OPT_SETBITS, PS_TASKS, &prt_flags,
181 	    'P', MDB_OPT_SETBITS, PS_PROJECTS, &prt_flags,
182 	    'z', MDB_OPT_SETBITS, PS_ZONES, &prt_flags,
183 	    't', MDB_OPT_SETBITS, PS_PRTTHREADS, &prt_flags, NULL) != argc)
184 		return (DCMD_USAGE);
185 
186 	if (DCMD_HDRSPEC(flags)) {
187 		mdb_printf("%<u>%1s %6s %6s %6s %6s ",
188 		    "S", "PID", "PPID", "PGID", "SID");
189 		if (prt_flags & PS_TASKS)
190 			mdb_printf("%5s ", "TASK");
191 		if (prt_flags & PS_PROJECTS)
192 			mdb_printf("%5s ", "PROJ");
193 		if (prt_flags & PS_ZONES)
194 			mdb_printf("%5s ", "ZONE");
195 		mdb_printf("%6s %10s %?s %s%</u>\n",
196 		    "UID", "FLAGS", "ADDR", "NAME");
197 	}
198 
199 	mdb_vread(&pr, sizeof (pr), addr);
200 	mdb_vread(&pid, sizeof (pid), (uintptr_t)pr.p_pidp);
201 	mdb_vread(&pgid, sizeof (pgid), (uintptr_t)pr.p_pgidp);
202 	mdb_vread(&cred, sizeof (cred), (uintptr_t)pr.p_cred);
203 	mdb_vread(&session, sizeof (session), (uintptr_t)pr.p_sessp);
204 	mdb_vread(&sid, sizeof (sid), (uintptr_t)session.s_sidp);
205 	if (prt_flags & (PS_TASKS | PS_PROJECTS))
206 		mdb_vread(&tk, sizeof (tk), (uintptr_t)pr.p_task);
207 	if (prt_flags & PS_PROJECTS)
208 		mdb_vread(&pj, sizeof (pj), (uintptr_t)tk.tk_proj);
209 	if (prt_flags & PS_ZONES)
210 		mdb_vread(&zn, sizeof (zone_t), (uintptr_t)pr.p_zone);
211 
212 	mdb_printf("%c %6d %6d %6d %6d ",
213 	    pstat2ch(pr.p_stat), pid.pid_id, pr.p_ppid, pgid.pid_id,
214 	    sid.pid_id);
215 	if (prt_flags & PS_TASKS)
216 		mdb_printf("%5d ", tk.tk_tkid);
217 	if (prt_flags & PS_PROJECTS)
218 		mdb_printf("%5d ", pj.kpj_id);
219 	if (prt_flags & PS_ZONES)
220 		mdb_printf("%5d ", zn.zone_id);
221 	mdb_printf("%6d 0x%08x %0?p %s\n",
222 	    cred.cr_uid, pr.p_flag, addr,
223 	    (prt_flags & PS_PSARGS) ? pr.p_user.u_psargs : pr.p_user.u_comm);
224 
225 	if (prt_flags & ~PS_PSARGS)
226 		(void) mdb_pwalk("thread", ps_threadprint, &prt_flags, addr);
227 
228 	return (DCMD_OK);
229 }
230 
231 #define	PG_NEWEST	0x0001
232 #define	PG_OLDEST	0x0002
233 #define	PG_PIPE_OUT	0x0004
234 
235 typedef struct pgrep_data {
236 	uint_t pg_flags;
237 	uint_t pg_psflags;
238 	uintptr_t pg_xaddr;
239 	hrtime_t pg_xstart;
240 	const char *pg_pat;
241 #ifndef _KMDB
242 	regex_t pg_reg;
243 #endif
244 } pgrep_data_t;
245 
246 /*ARGSUSED*/
247 static int
248 pgrep_cb(uintptr_t addr, const void *pdata, void *data)
249 {
250 	const proc_t *prp = pdata;
251 	pgrep_data_t *pgp = data;
252 #ifndef _KMDB
253 	regmatch_t pmatch;
254 #endif
255 
256 	/*
257 	 * kmdb doesn't have access to the reg* functions, so we fall back
258 	 * to strstr.
259 	 */
260 #ifdef _KMDB
261 	if (strstr(prp->p_user.u_comm, pgp->pg_pat) == NULL)
262 		return (WALK_NEXT);
263 #else
264 	if (regexec(&pgp->pg_reg, prp->p_user.u_comm, 1, &pmatch, 0) != 0)
265 		return (WALK_NEXT);
266 #endif
267 
268 	if (pgp->pg_flags & (PG_NEWEST | PG_OLDEST)) {
269 		hrtime_t start;
270 
271 		start = (hrtime_t)prp->p_user.u_start.tv_sec * NANOSEC +
272 		    prp->p_user.u_start.tv_nsec;
273 
274 		if (pgp->pg_flags & PG_NEWEST) {
275 			if (pgp->pg_xaddr == NULL || start > pgp->pg_xstart) {
276 				pgp->pg_xaddr = addr;
277 				pgp->pg_xstart = start;
278 			}
279 		} else {
280 			if (pgp->pg_xaddr == NULL || start < pgp->pg_xstart) {
281 				pgp->pg_xaddr = addr;
282 				pgp->pg_xstart = start;
283 			}
284 		}
285 
286 	} else if (pgp->pg_flags & PG_PIPE_OUT) {
287 		mdb_printf("%p\n", addr);
288 
289 	} else {
290 		if (mdb_call_dcmd("ps", addr, pgp->pg_psflags, 0, NULL) != 0) {
291 			mdb_warn("can't invoke 'ps'");
292 			return (WALK_DONE);
293 		}
294 		pgp->pg_psflags &= ~DCMD_LOOPFIRST;
295 	}
296 
297 	return (WALK_NEXT);
298 }
299 
300 /*ARGSUSED*/
301 int
302 pgrep(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
303 {
304 	pgrep_data_t pg;
305 	int i;
306 #ifndef _KMDB
307 	int err;
308 #endif
309 
310 	if (flags & DCMD_ADDRSPEC)
311 		return (DCMD_USAGE);
312 
313 	pg.pg_flags = 0;
314 	pg.pg_xaddr = 0;
315 
316 	i = mdb_getopts(argc, argv,
317 	    'n', MDB_OPT_SETBITS, PG_NEWEST, &pg.pg_flags,
318 	    'o', MDB_OPT_SETBITS, PG_OLDEST, &pg.pg_flags,
319 	    NULL);
320 
321 	argc -= i;
322 	argv += i;
323 
324 	if (argc != 1)
325 		return (DCMD_USAGE);
326 
327 	/*
328 	 * -n and -o are mutually exclusive.
329 	 */
330 	if ((pg.pg_flags & PG_NEWEST) && (pg.pg_flags & PG_OLDEST))
331 		return (DCMD_USAGE);
332 
333 	if (argv->a_type != MDB_TYPE_STRING)
334 		return (DCMD_USAGE);
335 
336 	if (flags & DCMD_PIPE_OUT)
337 		pg.pg_flags |= PG_PIPE_OUT;
338 
339 	pg.pg_pat = argv->a_un.a_str;
340 	if (DCMD_HDRSPEC(flags))
341 		pg.pg_psflags = DCMD_ADDRSPEC | DCMD_LOOP | DCMD_LOOPFIRST;
342 	else
343 		pg.pg_psflags = DCMD_ADDRSPEC | DCMD_LOOP;
344 
345 #ifndef _KMDB
346 	if ((err = regcomp(&pg.pg_reg, pg.pg_pat, REG_EXTENDED)) != 0) {
347 		size_t nbytes;
348 		char *buf;
349 
350 		nbytes = regerror(err, &pg.pg_reg, NULL, 0);
351 		buf = mdb_alloc(nbytes + 1, UM_SLEEP | UM_GC);
352 		(void) regerror(err, &pg.pg_reg, buf, nbytes);
353 		mdb_warn("%s\n", buf);
354 
355 		return (DCMD_ERR);
356 	}
357 #endif
358 
359 	if (mdb_walk("proc", pgrep_cb, &pg) != 0) {
360 		mdb_warn("can't walk 'proc'");
361 		return (DCMD_ERR);
362 	}
363 
364 	if (pg.pg_xaddr != 0 && (pg.pg_flags & (PG_NEWEST | PG_OLDEST))) {
365 		if (pg.pg_flags & PG_PIPE_OUT) {
366 			mdb_printf("%p\n", pg.pg_xaddr);
367 		} else {
368 			if (mdb_call_dcmd("ps", pg.pg_xaddr, pg.pg_psflags,
369 			    0, NULL) != 0) {
370 				mdb_warn("can't invoke 'ps'");
371 				return (DCMD_ERR);
372 			}
373 		}
374 	}
375 
376 	return (DCMD_OK);
377 }
378 
379 int
380 task(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
381 {
382 	task_t tk;
383 	kproject_t pj;
384 
385 	if (!(flags & DCMD_ADDRSPEC)) {
386 		if (mdb_walk_dcmd("task_cache", "task", argc, argv) == -1) {
387 			mdb_warn("can't walk task_cache");
388 			return (DCMD_ERR);
389 		}
390 		return (DCMD_OK);
391 	}
392 	if (DCMD_HDRSPEC(flags)) {
393 		mdb_printf("%<u>%?s %6s %6s %6s %6s %10s%</u>\n",
394 		    "ADDR", "TASKID", "PROJID", "ZONEID", "REFCNT", "FLAGS");
395 	}
396 	if (mdb_vread(&tk, sizeof (task_t), addr) == -1) {
397 		mdb_warn("can't read task_t structure at %p", addr);
398 		return (DCMD_ERR);
399 	}
400 	if (mdb_vread(&pj, sizeof (kproject_t), (uintptr_t)tk.tk_proj) == -1) {
401 		mdb_warn("can't read project_t structure at %p", addr);
402 		return (DCMD_ERR);
403 	}
404 	mdb_printf("%0?p %6d %6d %6d %6u 0x%08x\n",
405 	    addr, tk.tk_tkid, pj.kpj_id, pj.kpj_zoneid, tk.tk_hold_count,
406 	    tk.tk_flags);
407 	return (DCMD_OK);
408 }
409 
410 int
411 project(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
412 {
413 	kproject_t pj;
414 
415 	if (!(flags & DCMD_ADDRSPEC)) {
416 		if (mdb_walk_dcmd("projects", "project", argc, argv) == -1) {
417 			mdb_warn("can't walk projects");
418 			return (DCMD_ERR);
419 		}
420 		return (DCMD_OK);
421 	}
422 	if (DCMD_HDRSPEC(flags)) {
423 		mdb_printf("%<u>%?s %6s %6s %6s%</u>\n",
424 		    "ADDR", "PROJID", "ZONEID", "REFCNT");
425 	}
426 	if (mdb_vread(&pj, sizeof (kproject_t), addr) == -1) {
427 		mdb_warn("can't read kproject_t structure at %p", addr);
428 		return (DCMD_ERR);
429 	}
430 	mdb_printf("%0?p %6d %6d %6u\n", addr, pj.kpj_id, pj.kpj_zoneid,
431 	    pj.kpj_count);
432 	return (DCMD_OK);
433 }
434 
435 /*ARGSUSED*/
436 int
437 callout(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
438 {
439 	callout_table_t	*co_ktable[CALLOUT_TABLES];
440 	int co_kfanout;
441 	callout_table_t co_table;
442 	callout_t co_callout;
443 	callout_t *co_ptr;
444 	int co_id;
445 	clock_t lbolt;
446 	int i, j, k;
447 	const char *lbolt_sym;
448 
449 	if ((flags & DCMD_ADDRSPEC) || argc != 0)
450 		return (DCMD_USAGE);
451 
452 	if (mdb_prop_postmortem)
453 		lbolt_sym = "panic_lbolt";
454 	else
455 		lbolt_sym = "lbolt";
456 
457 	if (mdb_readvar(&lbolt, lbolt_sym) == -1) {
458 		mdb_warn("failed to read '%s'", lbolt_sym);
459 		return (DCMD_ERR);
460 	}
461 
462 	if (mdb_readvar(&co_kfanout, "callout_fanout") == -1) {
463 		mdb_warn("failed to read callout_fanout");
464 		return (DCMD_ERR);
465 	}
466 
467 	if (mdb_readvar(&co_ktable, "callout_table") == -1) {
468 		mdb_warn("failed to read callout_table");
469 		return (DCMD_ERR);
470 	}
471 
472 	mdb_printf("%<u>%-24s %-?s %-?s %-?s%</u>\n",
473 	    "FUNCTION", "ARGUMENT", "ID", "TIME");
474 
475 	for (i = 0; i < CALLOUT_NTYPES; i++) {
476 		for (j = 0; j < co_kfanout; j++) {
477 
478 			co_id = CALLOUT_TABLE(i, j);
479 
480 			if (mdb_vread(&co_table, sizeof (co_table),
481 			    (uintptr_t)co_ktable[co_id]) == -1) {
482 				mdb_warn("failed to read table at %p",
483 				    (uintptr_t)co_ktable[co_id]);
484 				continue;
485 			}
486 
487 			for (k = 0; k < CALLOUT_BUCKETS; k++) {
488 				co_ptr = co_table.ct_idhash[k];
489 
490 				while (co_ptr != NULL) {
491 					mdb_vread(&co_callout,
492 					    sizeof (co_callout),
493 					    (uintptr_t)co_ptr);
494 
495 					mdb_printf("%-24a %0?p %0?lx %?lx "
496 					    "(T%+ld)\n", co_callout.c_func,
497 					    co_callout.c_arg, co_callout.c_xid,
498 					    co_callout.c_runtime,
499 					    co_callout.c_runtime - lbolt);
500 
501 					co_ptr = co_callout.c_idnext;
502 				}
503 			}
504 		}
505 	}
506 
507 	return (DCMD_OK);
508 }
509 
510 /*ARGSUSED*/
511 int
512 class(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
513 {
514 	long num_classes, i;
515 	sclass_t *class_tbl;
516 	GElf_Sym g_sclass;
517 	char class_name[PC_CLNMSZ];
518 	size_t tbl_size;
519 
520 	if (mdb_lookup_by_name("sclass", &g_sclass) == -1) {
521 		mdb_warn("failed to find symbol sclass\n");
522 		return (DCMD_ERR);
523 	}
524 
525 	tbl_size = (size_t)g_sclass.st_size;
526 	num_classes = tbl_size / (sizeof (sclass_t));
527 	class_tbl = mdb_alloc(tbl_size, UM_SLEEP | UM_GC);
528 
529 	if (mdb_readsym(class_tbl, tbl_size, "sclass") == -1) {
530 		mdb_warn("failed to read sclass");
531 		return (DCMD_ERR);
532 	}
533 
534 	mdb_printf("%<u>%4s %-10s %-24s %-24s%</u>\n", "SLOT", "NAME",
535 	    "INIT FCN", "CLASS FCN");
536 
537 	for (i = 0; i < num_classes; i++) {
538 		if (mdb_vread(class_name, sizeof (class_name),
539 		    (uintptr_t)class_tbl[i].cl_name) == -1)
540 			(void) strcpy(class_name, "???");
541 
542 		mdb_printf("%4ld %-10s %-24a %-24a\n", i, class_name,
543 		    class_tbl[i].cl_init, class_tbl[i].cl_funcs);
544 	}
545 
546 	return (DCMD_OK);
547 }
548 
549 #define	FSNAMELEN	32	/* Max len of FS name we read from vnodeops */
550 
551 int
552 vnode2path(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
553 {
554 	uintptr_t rootdir;
555 	vnode_t vn;
556 	char buf[MAXPATHLEN];
557 
558 	uint_t opt_F = FALSE;
559 
560 	if (mdb_getopts(argc, argv,
561 	    'F', MDB_OPT_SETBITS, TRUE, &opt_F, NULL) != argc)
562 		return (DCMD_USAGE);
563 
564 	if (!(flags & DCMD_ADDRSPEC)) {
565 		mdb_warn("expected explicit vnode_t address before ::\n");
566 		return (DCMD_USAGE);
567 	}
568 
569 	if (mdb_readvar(&rootdir, "rootdir") == -1) {
570 		mdb_warn("failed to read rootdir");
571 		return (DCMD_ERR);
572 	}
573 
574 	if (mdb_vnode2path(addr, buf, sizeof (buf)) == -1)
575 		return (DCMD_ERR);
576 
577 	if (*buf == '\0') {
578 		mdb_printf("??\n");
579 		return (DCMD_OK);
580 	}
581 
582 	mdb_printf("%s", buf);
583 	if (opt_F && buf[strlen(buf)-1] != '/' &&
584 	    mdb_vread(&vn, sizeof (vn), addr) == sizeof (vn))
585 		mdb_printf("%c", mdb_vtype2chr(vn.v_type, 0));
586 	mdb_printf("\n");
587 
588 	return (DCMD_OK);
589 }
590 
591 int
592 ld_walk_init(mdb_walk_state_t *wsp)
593 {
594 	wsp->walk_data = (void *)wsp->walk_addr;
595 	return (WALK_NEXT);
596 }
597 
598 int
599 ld_walk_step(mdb_walk_state_t *wsp)
600 {
601 	int status;
602 	lock_descriptor_t ld;
603 
604 	if (mdb_vread(&ld, sizeof (lock_descriptor_t), wsp->walk_addr) == -1) {
605 		mdb_warn("couldn't read lock_descriptor_t at %p\n",
606 		    wsp->walk_addr);
607 		return (WALK_ERR);
608 	}
609 
610 	status = wsp->walk_callback(wsp->walk_addr, &ld, wsp->walk_cbdata);
611 	if (status == WALK_ERR)
612 		return (WALK_ERR);
613 
614 	wsp->walk_addr = (uintptr_t)ld.l_next;
615 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data)
616 		return (WALK_DONE);
617 
618 	return (status);
619 }
620 
621 int
622 lg_walk_init(mdb_walk_state_t *wsp)
623 {
624 	GElf_Sym sym;
625 
626 	if (mdb_lookup_by_name("lock_graph", &sym) == -1) {
627 		mdb_warn("failed to find symbol 'lock_graph'\n");
628 		return (WALK_ERR);
629 	}
630 
631 	wsp->walk_addr = (uintptr_t)sym.st_value;
632 	wsp->walk_data = (void *)(uintptr_t)(sym.st_value + sym.st_size);
633 
634 	return (WALK_NEXT);
635 }
636 
637 typedef struct lg_walk_data {
638 	uintptr_t startaddr;
639 	mdb_walk_cb_t callback;
640 	void *data;
641 } lg_walk_data_t;
642 
643 /*
644  * We can't use ::walk lock_descriptor directly, because the head of each graph
645  * is really a dummy lock.  Rather than trying to dynamically determine if this
646  * is a dummy node or not, we just filter out the initial element of the
647  * list.
648  */
649 static int
650 lg_walk_cb(uintptr_t addr, const void *data, void *priv)
651 {
652 	lg_walk_data_t *lw = priv;
653 
654 	if (addr != lw->startaddr)
655 		return (lw->callback(addr, data, lw->data));
656 
657 	return (WALK_NEXT);
658 }
659 
660 int
661 lg_walk_step(mdb_walk_state_t *wsp)
662 {
663 	graph_t *graph;
664 	lg_walk_data_t lw;
665 
666 	if (wsp->walk_addr >= (uintptr_t)wsp->walk_data)
667 		return (WALK_DONE);
668 
669 	if (mdb_vread(&graph, sizeof (graph), wsp->walk_addr) == -1) {
670 		mdb_warn("failed to read graph_t at %p", wsp->walk_addr);
671 		return (WALK_ERR);
672 	}
673 
674 	wsp->walk_addr += sizeof (graph);
675 
676 	if (graph == NULL)
677 		return (WALK_NEXT);
678 
679 	lw.callback = wsp->walk_callback;
680 	lw.data = wsp->walk_cbdata;
681 
682 	lw.startaddr = (uintptr_t)&(graph->active_locks);
683 	if (mdb_pwalk("lock_descriptor", lg_walk_cb, &lw, lw.startaddr)) {
684 		mdb_warn("couldn't walk lock_descriptor at %p\n", lw.startaddr);
685 		return (WALK_ERR);
686 	}
687 
688 	lw.startaddr = (uintptr_t)&(graph->sleeping_locks);
689 	if (mdb_pwalk("lock_descriptor", lg_walk_cb, &lw, lw.startaddr)) {
690 		mdb_warn("couldn't walk lock_descriptor at %p\n", lw.startaddr);
691 		return (WALK_ERR);
692 	}
693 
694 	return (WALK_NEXT);
695 }
696 
697 /*
698  * The space available for the path corresponding to the locked vnode depends
699  * on whether we are printing 32- or 64-bit addresses.
700  */
701 #ifdef _LP64
702 #define	LM_VNPATHLEN	20
703 #else
704 #define	LM_VNPATHLEN	30
705 #endif
706 
707 /*ARGSUSED*/
708 static int
709 lminfo_cb(uintptr_t addr, const void *data, void *priv)
710 {
711 	const lock_descriptor_t *ld = data;
712 	char buf[LM_VNPATHLEN];
713 	proc_t p;
714 
715 	mdb_printf("%-?p %2s %04x %6d %-16s %-?p ",
716 	    addr, ld->l_type == F_RDLCK ? "RD" :
717 	    ld->l_type == F_WRLCK ? "WR" : "??",
718 	    ld->l_state, ld->l_flock.l_pid,
719 	    ld->l_flock.l_pid == 0 ? "<kernel>" :
720 	    mdb_pid2proc(ld->l_flock.l_pid, &p) == NULL ?
721 	    "<defunct>" : p.p_user.u_comm,
722 	    ld->l_vnode);
723 
724 	mdb_vnode2path((uintptr_t)ld->l_vnode, buf,
725 	    sizeof (buf));
726 	mdb_printf("%s\n", buf);
727 
728 	return (WALK_NEXT);
729 }
730 
731 /*ARGSUSED*/
732 int
733 lminfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
734 {
735 	if (DCMD_HDRSPEC(flags))
736 		mdb_printf("%<u>%-?s %2s %4s %6s %-16s %-?s %s%</u>\n",
737 		    "ADDR", "TP", "FLAG", "PID", "COMM", "VNODE", "PATH");
738 
739 	return (mdb_pwalk("lock_graph", lminfo_cb, NULL, NULL));
740 }
741 
742 /*ARGSUSED*/
743 int
744 seg(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
745 {
746 	struct seg s;
747 
748 	if (argc != 0)
749 		return (DCMD_USAGE);
750 
751 	if ((flags & DCMD_LOOPFIRST) || !(flags & DCMD_LOOP)) {
752 		mdb_printf("%<u>%?s %?s %?s %?s %s%</u>\n",
753 		    "SEG", "BASE", "SIZE", "DATA", "OPS");
754 	}
755 
756 	if (mdb_vread(&s, sizeof (s), addr) == -1) {
757 		mdb_warn("failed to read seg at %p", addr);
758 		return (DCMD_ERR);
759 	}
760 
761 	mdb_printf("%?p %?p %?lx %?p %a\n",
762 	    addr, s.s_base, s.s_size, s.s_data, s.s_ops);
763 
764 	return (DCMD_OK);
765 }
766 
767 /*ARGSUSED*/
768 static int
769 pmap_walk_anon(uintptr_t addr, const struct anon *anon, int *nres)
770 {
771 	uintptr_t pp =
772 	    mdb_vnode2page((uintptr_t)anon->an_vp, (uintptr_t)anon->an_off);
773 
774 	if (pp != NULL)
775 		(*nres)++;
776 
777 	return (WALK_NEXT);
778 }
779 
780 static int
781 pmap_walk_seg(uintptr_t addr, const struct seg *seg, uintptr_t segvn)
782 {
783 
784 	mdb_printf("%0?p %0?p %7dk", addr, seg->s_base, seg->s_size / 1024);
785 
786 	if (segvn == (uintptr_t)seg->s_ops) {
787 		struct segvn_data svn;
788 		int nres = 0;
789 
790 		(void) mdb_vread(&svn, sizeof (svn), (uintptr_t)seg->s_data);
791 
792 		if (svn.amp == NULL) {
793 			mdb_printf(" %8s", "");
794 			goto drive_on;
795 		}
796 
797 		/*
798 		 * We've got an amp for this segment; walk through
799 		 * the amp, and determine mappings.
800 		 */
801 		if (mdb_pwalk("anon", (mdb_walk_cb_t)pmap_walk_anon,
802 		    &nres, (uintptr_t)svn.amp) == -1)
803 			mdb_warn("failed to walk anon (amp=%p)", svn.amp);
804 
805 		mdb_printf(" %7dk", (nres * PAGESIZE) / 1024);
806 drive_on:
807 
808 		if (svn.vp != NULL) {
809 			char buf[29];
810 
811 			mdb_vnode2path((uintptr_t)svn.vp, buf, sizeof (buf));
812 			mdb_printf(" %s", buf);
813 		} else
814 			mdb_printf(" [ anon ]");
815 	}
816 
817 	mdb_printf("\n");
818 	return (WALK_NEXT);
819 }
820 
821 static int
822 pmap_walk_seg_quick(uintptr_t addr, const struct seg *seg, uintptr_t segvn)
823 {
824 	mdb_printf("%0?p %0?p %7dk", addr, seg->s_base, seg->s_size / 1024);
825 
826 	if (segvn == (uintptr_t)seg->s_ops) {
827 		struct segvn_data svn;
828 
829 		(void) mdb_vread(&svn, sizeof (svn), (uintptr_t)seg->s_data);
830 
831 		if (svn.vp != NULL) {
832 			mdb_printf(" %0?p", svn.vp);
833 		} else {
834 			mdb_printf(" [ anon ]");
835 		}
836 	}
837 
838 	mdb_printf("\n");
839 	return (WALK_NEXT);
840 }
841 
842 /*ARGSUSED*/
843 int
844 pmap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
845 {
846 	uintptr_t segvn;
847 	proc_t proc;
848 	uint_t quick = FALSE;
849 	mdb_walk_cb_t cb = (mdb_walk_cb_t)pmap_walk_seg;
850 
851 	GElf_Sym sym;
852 
853 	if (!(flags & DCMD_ADDRSPEC))
854 		return (DCMD_USAGE);
855 
856 	if (mdb_getopts(argc, argv,
857 	    'q', MDB_OPT_SETBITS, TRUE, &quick, NULL) != argc)
858 		return (DCMD_USAGE);
859 
860 	if (mdb_vread(&proc, sizeof (proc), addr) == -1) {
861 		mdb_warn("failed to read proc at %p", addr);
862 		return (DCMD_ERR);
863 	}
864 
865 	if (mdb_lookup_by_name("segvn_ops", &sym) == 0)
866 		segvn = (uintptr_t)sym.st_value;
867 	else
868 		segvn = NULL;
869 
870 	mdb_printf("%?s %?s %8s ", "SEG", "BASE", "SIZE");
871 
872 	if (quick) {
873 		mdb_printf("VNODE\n");
874 		cb = (mdb_walk_cb_t)pmap_walk_seg_quick;
875 	} else {
876 		mdb_printf("%8s %s\n", "RES", "PATH");
877 	}
878 
879 	if (mdb_pwalk("seg", cb, (void *)segvn, (uintptr_t)proc.p_as) == -1) {
880 		mdb_warn("failed to walk segments of as %p", proc.p_as);
881 		return (DCMD_ERR);
882 	}
883 
884 	return (DCMD_OK);
885 }
886 
887 typedef struct anon_walk_data {
888 	uintptr_t *aw_levone;
889 	uintptr_t *aw_levtwo;
890 	int aw_nlevone;
891 	int aw_levone_ndx;
892 	int aw_levtwo_ndx;
893 	struct anon_map aw_amp;
894 	struct anon_hdr aw_ahp;
895 } anon_walk_data_t;
896 
897 int
898 anon_walk_init(mdb_walk_state_t *wsp)
899 {
900 	anon_walk_data_t *aw;
901 
902 	if (wsp->walk_addr == NULL) {
903 		mdb_warn("anon walk doesn't support global walks\n");
904 		return (WALK_ERR);
905 	}
906 
907 	aw = mdb_alloc(sizeof (anon_walk_data_t), UM_SLEEP);
908 
909 	if (mdb_vread(&aw->aw_amp, sizeof (aw->aw_amp), wsp->walk_addr) == -1) {
910 		mdb_warn("failed to read anon map at %p", wsp->walk_addr);
911 		mdb_free(aw, sizeof (anon_walk_data_t));
912 		return (WALK_ERR);
913 	}
914 
915 	if (mdb_vread(&aw->aw_ahp, sizeof (aw->aw_ahp),
916 	    (uintptr_t)(aw->aw_amp.ahp)) == -1) {
917 		mdb_warn("failed to read anon hdr ptr at %p", aw->aw_amp.ahp);
918 		mdb_free(aw, sizeof (anon_walk_data_t));
919 		return (WALK_ERR);
920 	}
921 
922 	if (aw->aw_ahp.size <= ANON_CHUNK_SIZE ||
923 	    (aw->aw_ahp.flags & ANON_ALLOC_FORCE)) {
924 		aw->aw_nlevone = aw->aw_ahp.size;
925 		aw->aw_levtwo = NULL;
926 	} else {
927 		aw->aw_nlevone =
928 		    (aw->aw_ahp.size + ANON_CHUNK_OFF) >> ANON_CHUNK_SHIFT;
929 		aw->aw_levtwo =
930 		    mdb_zalloc(ANON_CHUNK_SIZE * sizeof (uintptr_t), UM_SLEEP);
931 	}
932 
933 	aw->aw_levone =
934 	    mdb_alloc(aw->aw_nlevone * sizeof (uintptr_t), UM_SLEEP);
935 
936 	aw->aw_levone_ndx = 0;
937 	aw->aw_levtwo_ndx = 0;
938 
939 	mdb_vread(aw->aw_levone, aw->aw_nlevone * sizeof (uintptr_t),
940 	    (uintptr_t)aw->aw_ahp.array_chunk);
941 
942 	if (aw->aw_levtwo != NULL) {
943 		while (aw->aw_levone[aw->aw_levone_ndx] == NULL) {
944 			aw->aw_levone_ndx++;
945 			if (aw->aw_levone_ndx == aw->aw_nlevone) {
946 				mdb_warn("corrupt anon; couldn't"
947 				    "find ptr to lev two map");
948 				goto out;
949 			}
950 		}
951 
952 		mdb_vread(aw->aw_levtwo, ANON_CHUNK_SIZE * sizeof (uintptr_t),
953 		    aw->aw_levone[aw->aw_levone_ndx]);
954 	}
955 
956 out:
957 	wsp->walk_data = aw;
958 	return (0);
959 }
960 
961 int
962 anon_walk_step(mdb_walk_state_t *wsp)
963 {
964 	int status;
965 	anon_walk_data_t *aw = (anon_walk_data_t *)wsp->walk_data;
966 	struct anon anon;
967 	uintptr_t anonptr;
968 
969 again:
970 	/*
971 	 * Once we've walked through level one, we're done.
972 	 */
973 	if (aw->aw_levone_ndx == aw->aw_nlevone)
974 		return (WALK_DONE);
975 
976 	if (aw->aw_levtwo == NULL) {
977 		anonptr = aw->aw_levone[aw->aw_levone_ndx];
978 		aw->aw_levone_ndx++;
979 	} else {
980 		anonptr = aw->aw_levtwo[aw->aw_levtwo_ndx];
981 		aw->aw_levtwo_ndx++;
982 
983 		if (aw->aw_levtwo_ndx == ANON_CHUNK_SIZE) {
984 			aw->aw_levtwo_ndx = 0;
985 
986 			do {
987 				aw->aw_levone_ndx++;
988 
989 				if (aw->aw_levone_ndx == aw->aw_nlevone)
990 					return (WALK_DONE);
991 			} while (aw->aw_levone[aw->aw_levone_ndx] == NULL);
992 
993 			mdb_vread(aw->aw_levtwo, ANON_CHUNK_SIZE *
994 			    sizeof (uintptr_t),
995 			    aw->aw_levone[aw->aw_levone_ndx]);
996 		}
997 	}
998 
999 	if (anonptr != NULL) {
1000 		mdb_vread(&anon, sizeof (anon), anonptr);
1001 		status = wsp->walk_callback(anonptr, &anon, wsp->walk_cbdata);
1002 	} else
1003 		goto again;
1004 
1005 	return (status);
1006 }
1007 
1008 void
1009 anon_walk_fini(mdb_walk_state_t *wsp)
1010 {
1011 	anon_walk_data_t *aw = (anon_walk_data_t *)wsp->walk_data;
1012 
1013 	if (aw->aw_levtwo != NULL)
1014 		mdb_free(aw->aw_levtwo, ANON_CHUNK_SIZE * sizeof (uintptr_t));
1015 
1016 	mdb_free(aw->aw_levone, aw->aw_nlevone * sizeof (uintptr_t));
1017 	mdb_free(aw, sizeof (anon_walk_data_t));
1018 }
1019 
1020 /*ARGSUSED*/
1021 int
1022 whereopen_fwalk(uintptr_t addr, struct file *f, uintptr_t *target)
1023 {
1024 	if ((uintptr_t)f->f_vnode == *target) {
1025 		mdb_printf("file %p\n", addr);
1026 		*target = NULL;
1027 	}
1028 
1029 	return (WALK_NEXT);
1030 }
1031 
1032 /*ARGSUSED*/
1033 int
1034 whereopen_pwalk(uintptr_t addr, void *ignored, uintptr_t *target)
1035 {
1036 	uintptr_t t = *target;
1037 
1038 	if (mdb_pwalk("file", (mdb_walk_cb_t)whereopen_fwalk, &t, addr) == -1) {
1039 		mdb_warn("couldn't file walk proc %p", addr);
1040 		return (WALK_ERR);
1041 	}
1042 
1043 	if (t == NULL)
1044 		mdb_printf("%p\n", addr);
1045 
1046 	return (WALK_NEXT);
1047 }
1048 
1049 /*ARGSUSED*/
1050 int
1051 whereopen(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1052 {
1053 	uintptr_t target = addr;
1054 
1055 	if (!(flags & DCMD_ADDRSPEC) || addr == NULL)
1056 		return (DCMD_USAGE);
1057 
1058 	if (mdb_walk("proc", (mdb_walk_cb_t)whereopen_pwalk, &target) == -1) {
1059 		mdb_warn("can't proc walk");
1060 		return (DCMD_ERR);
1061 	}
1062 
1063 	return (DCMD_OK);
1064 }
1065 
1066 typedef struct datafmt {
1067 	char	*hdr1;
1068 	char	*hdr2;
1069 	char	*dashes;
1070 	char	*fmt;
1071 } datafmt_t;
1072 
1073 static datafmt_t kmemfmt[] = {
1074 	{ "cache                    ", "name                     ",
1075 	"-------------------------", "%-25s "				},
1076 	{ "   buf",	"  size",	"------",	"%6u "		},
1077 	{ "   buf",	"in use",	"------",	"%6u "		},
1078 	{ "   buf",	" total",	"------",	"%6u "		},
1079 	{ "   memory",	"   in use",	"---------",	"%9u "		},
1080 	{ "    alloc",	"  succeed",	"---------",	"%9u "		},
1081 	{ "alloc",	" fail",	"-----",	"%5u "		},
1082 	{ NULL,		NULL,		NULL,		NULL		}
1083 };
1084 
1085 static datafmt_t vmemfmt[] = {
1086 	{ "vmem                     ", "name                     ",
1087 	"-------------------------", "%-*s "				},
1088 	{ "   memory",	"   in use",	"---------",	"%9llu "	},
1089 	{ "    memory",	"     total",	"----------",	"%10llu "	},
1090 	{ "   memory",	"   import",	"---------",	"%9llu "	},
1091 	{ "    alloc",	"  succeed",	"---------",	"%9llu "	},
1092 	{ "alloc",	" fail",	"-----",	"%5llu "	},
1093 	{ NULL,		NULL,		NULL,		NULL		}
1094 };
1095 
1096 /*ARGSUSED*/
1097 static int
1098 kmastat_cpu_avail(uintptr_t addr, const kmem_cpu_cache_t *ccp, int *avail)
1099 {
1100 	if (ccp->cc_rounds > 0)
1101 		*avail += ccp->cc_rounds;
1102 	if (ccp->cc_prounds > 0)
1103 		*avail += ccp->cc_prounds;
1104 
1105 	return (WALK_NEXT);
1106 }
1107 
1108 /*ARGSUSED*/
1109 static int
1110 kmastat_cpu_alloc(uintptr_t addr, const kmem_cpu_cache_t *ccp, int *alloc)
1111 {
1112 	*alloc += ccp->cc_alloc;
1113 
1114 	return (WALK_NEXT);
1115 }
1116 
1117 /*ARGSUSED*/
1118 static int
1119 kmastat_slab_avail(uintptr_t addr, const kmem_slab_t *sp, int *avail)
1120 {
1121 	*avail += sp->slab_chunks - sp->slab_refcnt;
1122 
1123 	return (WALK_NEXT);
1124 }
1125 
1126 typedef struct kmastat_vmem {
1127 	uintptr_t kv_addr;
1128 	struct kmastat_vmem *kv_next;
1129 	int kv_meminuse;
1130 	int kv_alloc;
1131 	int kv_fail;
1132 } kmastat_vmem_t;
1133 
1134 static int
1135 kmastat_cache(uintptr_t addr, const kmem_cache_t *cp, kmastat_vmem_t **kvp)
1136 {
1137 	kmastat_vmem_t *kv;
1138 	datafmt_t *dfp = kmemfmt;
1139 	int magsize;
1140 
1141 	int avail, alloc, total;
1142 	size_t meminuse = (cp->cache_slab_create - cp->cache_slab_destroy) *
1143 	    cp->cache_slabsize;
1144 
1145 	mdb_walk_cb_t cpu_avail = (mdb_walk_cb_t)kmastat_cpu_avail;
1146 	mdb_walk_cb_t cpu_alloc = (mdb_walk_cb_t)kmastat_cpu_alloc;
1147 	mdb_walk_cb_t slab_avail = (mdb_walk_cb_t)kmastat_slab_avail;
1148 
1149 	magsize = kmem_get_magsize(cp);
1150 
1151 	alloc = cp->cache_slab_alloc + cp->cache_full.ml_alloc;
1152 	avail = cp->cache_full.ml_total * magsize;
1153 	total = cp->cache_buftotal;
1154 
1155 	(void) mdb_pwalk("kmem_cpu_cache", cpu_alloc, &alloc, addr);
1156 	(void) mdb_pwalk("kmem_cpu_cache", cpu_avail, &avail, addr);
1157 	(void) mdb_pwalk("kmem_slab_partial", slab_avail, &avail, addr);
1158 
1159 	for (kv = *kvp; kv != NULL; kv = kv->kv_next) {
1160 		if (kv->kv_addr == (uintptr_t)cp->cache_arena)
1161 			goto out;
1162 	}
1163 
1164 	kv = mdb_zalloc(sizeof (kmastat_vmem_t), UM_SLEEP | UM_GC);
1165 	kv->kv_next = *kvp;
1166 	kv->kv_addr = (uintptr_t)cp->cache_arena;
1167 	*kvp = kv;
1168 out:
1169 	kv->kv_meminuse += meminuse;
1170 	kv->kv_alloc += alloc;
1171 	kv->kv_fail += cp->cache_alloc_fail;
1172 
1173 	mdb_printf((dfp++)->fmt, cp->cache_name);
1174 	mdb_printf((dfp++)->fmt, cp->cache_bufsize);
1175 	mdb_printf((dfp++)->fmt, total - avail);
1176 	mdb_printf((dfp++)->fmt, total);
1177 	mdb_printf((dfp++)->fmt, meminuse);
1178 	mdb_printf((dfp++)->fmt, alloc);
1179 	mdb_printf((dfp++)->fmt, cp->cache_alloc_fail);
1180 	mdb_printf("\n");
1181 
1182 	return (WALK_NEXT);
1183 }
1184 
1185 static int
1186 kmastat_vmem_totals(uintptr_t addr, const vmem_t *v, kmastat_vmem_t *kv)
1187 {
1188 	size_t len;
1189 
1190 	while (kv != NULL && kv->kv_addr != addr)
1191 		kv = kv->kv_next;
1192 
1193 	if (kv == NULL || kv->kv_alloc == 0)
1194 		return (WALK_NEXT);
1195 
1196 	len = MIN(17, strlen(v->vm_name));
1197 
1198 	mdb_printf("Total [%s]%*s %6s %6s %6s %9u %9u %5u\n", v->vm_name,
1199 	    17 - len, "", "", "", "",
1200 	    kv->kv_meminuse, kv->kv_alloc, kv->kv_fail);
1201 
1202 	return (WALK_NEXT);
1203 }
1204 
1205 /*ARGSUSED*/
1206 static int
1207 kmastat_vmem(uintptr_t addr, const vmem_t *v, void *ignored)
1208 {
1209 	datafmt_t *dfp = vmemfmt;
1210 	const vmem_kstat_t *vkp = &v->vm_kstat;
1211 	uintptr_t paddr;
1212 	vmem_t parent;
1213 	int ident = 0;
1214 
1215 	for (paddr = (uintptr_t)v->vm_source; paddr != NULL; ident += 4) {
1216 		if (mdb_vread(&parent, sizeof (parent), paddr) == -1) {
1217 			mdb_warn("couldn't trace %p's ancestry", addr);
1218 			ident = 0;
1219 			break;
1220 		}
1221 		paddr = (uintptr_t)parent.vm_source;
1222 	}
1223 
1224 	mdb_printf("%*s", ident, "");
1225 	mdb_printf((dfp++)->fmt, 25 - ident, v->vm_name);
1226 	mdb_printf((dfp++)->fmt, vkp->vk_mem_inuse.value.ui64);
1227 	mdb_printf((dfp++)->fmt, vkp->vk_mem_total.value.ui64);
1228 	mdb_printf((dfp++)->fmt, vkp->vk_mem_import.value.ui64);
1229 	mdb_printf((dfp++)->fmt, vkp->vk_alloc.value.ui64);
1230 	mdb_printf((dfp++)->fmt, vkp->vk_fail.value.ui64);
1231 
1232 	mdb_printf("\n");
1233 
1234 	return (WALK_NEXT);
1235 }
1236 
1237 /*ARGSUSED*/
1238 int
1239 kmastat(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1240 {
1241 	kmastat_vmem_t *kv = NULL;
1242 	datafmt_t *dfp;
1243 
1244 	if (argc != 0)
1245 		return (DCMD_USAGE);
1246 
1247 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
1248 		mdb_printf("%s ", dfp->hdr1);
1249 	mdb_printf("\n");
1250 
1251 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
1252 		mdb_printf("%s ", dfp->hdr2);
1253 	mdb_printf("\n");
1254 
1255 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
1256 		mdb_printf("%s ", dfp->dashes);
1257 	mdb_printf("\n");
1258 
1259 	if (mdb_walk("kmem_cache", (mdb_walk_cb_t)kmastat_cache, &kv) == -1) {
1260 		mdb_warn("can't walk 'kmem_cache'");
1261 		return (DCMD_ERR);
1262 	}
1263 
1264 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
1265 		mdb_printf("%s ", dfp->dashes);
1266 	mdb_printf("\n");
1267 
1268 	if (mdb_walk("vmem", (mdb_walk_cb_t)kmastat_vmem_totals, kv) == -1) {
1269 		mdb_warn("can't walk 'vmem'");
1270 		return (DCMD_ERR);
1271 	}
1272 
1273 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
1274 		mdb_printf("%s ", dfp->dashes);
1275 	mdb_printf("\n");
1276 
1277 	mdb_printf("\n");
1278 
1279 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
1280 		mdb_printf("%s ", dfp->hdr1);
1281 	mdb_printf("\n");
1282 
1283 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
1284 		mdb_printf("%s ", dfp->hdr2);
1285 	mdb_printf("\n");
1286 
1287 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
1288 		mdb_printf("%s ", dfp->dashes);
1289 	mdb_printf("\n");
1290 
1291 	if (mdb_walk("vmem", (mdb_walk_cb_t)kmastat_vmem, NULL) == -1) {
1292 		mdb_warn("can't walk 'vmem'");
1293 		return (DCMD_ERR);
1294 	}
1295 
1296 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
1297 		mdb_printf("%s ", dfp->dashes);
1298 	mdb_printf("\n");
1299 	return (DCMD_OK);
1300 }
1301 
1302 /*
1303  * Our ::kgrep callback scans the entire kernel VA space (kas).  kas is made
1304  * up of a set of 'struct seg's.  We could just scan each seg en masse, but
1305  * unfortunately, a few of the segs are both large and sparse, so we could
1306  * spend quite a bit of time scanning VAs which have no backing pages.
1307  *
1308  * So for the few very sparse segs, we skip the segment itself, and scan
1309  * the allocated vmem_segs in the vmem arena which manages that part of kas.
1310  * Currently, we do this for:
1311  *
1312  *	SEG		VMEM ARENA
1313  *	kvseg		heap_arena
1314  *	kvseg32		heap32_arena
1315  *	kvseg_core	heap_core_arena
1316  *
1317  * In addition, we skip the segkpm segment in its entirety, since it is very
1318  * sparse, and contains no new kernel data.
1319  */
1320 typedef struct kgrep_walk_data {
1321 	kgrep_cb_func *kg_cb;
1322 	void *kg_cbdata;
1323 	uintptr_t kg_kvseg;
1324 	uintptr_t kg_kvseg32;
1325 	uintptr_t kg_kvseg_core;
1326 	uintptr_t kg_segkpm;
1327 	uintptr_t kg_heap_lp_base;
1328 	uintptr_t kg_heap_lp_end;
1329 } kgrep_walk_data_t;
1330 
1331 static int
1332 kgrep_walk_seg(uintptr_t addr, const struct seg *seg, kgrep_walk_data_t *kg)
1333 {
1334 	uintptr_t base = (uintptr_t)seg->s_base;
1335 
1336 	if (addr == kg->kg_kvseg || addr == kg->kg_kvseg32 ||
1337 	    addr == kg->kg_kvseg_core)
1338 		return (WALK_NEXT);
1339 
1340 	if ((uintptr_t)seg->s_ops == kg->kg_segkpm)
1341 		return (WALK_NEXT);
1342 
1343 	return (kg->kg_cb(base, base + seg->s_size, kg->kg_cbdata));
1344 }
1345 
1346 /*ARGSUSED*/
1347 static int
1348 kgrep_walk_vseg(uintptr_t addr, const vmem_seg_t *seg, kgrep_walk_data_t *kg)
1349 {
1350 	/*
1351 	 * skip large page heap address range - it is scanned by walking
1352 	 * allocated vmem_segs in the heap_lp_arena
1353 	 */
1354 	if (seg->vs_start == kg->kg_heap_lp_base &&
1355 	    seg->vs_end == kg->kg_heap_lp_end)
1356 		return (WALK_NEXT);
1357 
1358 	return (kg->kg_cb(seg->vs_start, seg->vs_end, kg->kg_cbdata));
1359 }
1360 
1361 /*ARGSUSED*/
1362 static int
1363 kgrep_xwalk_vseg(uintptr_t addr, const vmem_seg_t *seg, kgrep_walk_data_t *kg)
1364 {
1365 	return (kg->kg_cb(seg->vs_start, seg->vs_end, kg->kg_cbdata));
1366 }
1367 
1368 static int
1369 kgrep_walk_vmem(uintptr_t addr, const vmem_t *vmem, kgrep_walk_data_t *kg)
1370 {
1371 	mdb_walk_cb_t walk_vseg = (mdb_walk_cb_t)kgrep_walk_vseg;
1372 
1373 	if (strcmp(vmem->vm_name, "heap") != 0 &&
1374 	    strcmp(vmem->vm_name, "heap32") != 0 &&
1375 	    strcmp(vmem->vm_name, "heap_core") != 0 &&
1376 	    strcmp(vmem->vm_name, "heap_lp") != 0)
1377 		return (WALK_NEXT);
1378 
1379 	if (strcmp(vmem->vm_name, "heap_lp") == 0)
1380 		walk_vseg = (mdb_walk_cb_t)kgrep_xwalk_vseg;
1381 
1382 	if (mdb_pwalk("vmem_alloc", walk_vseg, kg, addr) == -1) {
1383 		mdb_warn("couldn't walk vmem_alloc for vmem %p", addr);
1384 		return (WALK_ERR);
1385 	}
1386 
1387 	return (WALK_NEXT);
1388 }
1389 
1390 int
1391 kgrep_subr(kgrep_cb_func *cb, void *cbdata)
1392 {
1393 	GElf_Sym kas, kvseg, kvseg32, kvseg_core, segkpm;
1394 	kgrep_walk_data_t kg;
1395 
1396 	if (mdb_get_state() == MDB_STATE_RUNNING) {
1397 		mdb_warn("kgrep can only be run on a system "
1398 		    "dump or under kmdb; see dumpadm(1M)\n");
1399 		return (DCMD_ERR);
1400 	}
1401 
1402 	if (mdb_lookup_by_name("kas", &kas) == -1) {
1403 		mdb_warn("failed to locate 'kas' symbol\n");
1404 		return (DCMD_ERR);
1405 	}
1406 
1407 	if (mdb_lookup_by_name("kvseg", &kvseg) == -1) {
1408 		mdb_warn("failed to locate 'kvseg' symbol\n");
1409 		return (DCMD_ERR);
1410 	}
1411 
1412 	if (mdb_lookup_by_name("kvseg32", &kvseg32) == -1) {
1413 		mdb_warn("failed to locate 'kvseg32' symbol\n");
1414 		return (DCMD_ERR);
1415 	}
1416 
1417 	if (mdb_lookup_by_name("kvseg_core", &kvseg_core) == -1) {
1418 		mdb_warn("failed to locate 'kvseg_core' symbol\n");
1419 		return (DCMD_ERR);
1420 	}
1421 
1422 	if (mdb_lookup_by_name("segkpm_ops", &segkpm) == -1) {
1423 		mdb_warn("failed to locate 'segkpm_ops' symbol\n");
1424 		return (DCMD_ERR);
1425 	}
1426 
1427 	if (mdb_readvar(&kg.kg_heap_lp_base, "heap_lp_base") == -1) {
1428 		mdb_warn("failed to read 'heap_lp_base'\n");
1429 		return (DCMD_ERR);
1430 	}
1431 
1432 	if (mdb_readvar(&kg.kg_heap_lp_end, "heap_lp_end") == -1) {
1433 		mdb_warn("failed to read 'heap_lp_end'\n");
1434 		return (DCMD_ERR);
1435 	}
1436 
1437 	kg.kg_cb = cb;
1438 	kg.kg_cbdata = cbdata;
1439 	kg.kg_kvseg = (uintptr_t)kvseg.st_value;
1440 	kg.kg_kvseg32 = (uintptr_t)kvseg32.st_value;
1441 	kg.kg_kvseg_core = (uintptr_t)kvseg_core.st_value;
1442 	kg.kg_segkpm = (uintptr_t)segkpm.st_value;
1443 
1444 	if (mdb_pwalk("seg", (mdb_walk_cb_t)kgrep_walk_seg,
1445 	    &kg, kas.st_value) == -1) {
1446 		mdb_warn("failed to walk kas segments");
1447 		return (DCMD_ERR);
1448 	}
1449 
1450 	if (mdb_walk("vmem", (mdb_walk_cb_t)kgrep_walk_vmem, &kg) == -1) {
1451 		mdb_warn("failed to walk heap/heap32 vmem arenas");
1452 		return (DCMD_ERR);
1453 	}
1454 
1455 	return (DCMD_OK);
1456 }
1457 
1458 size_t
1459 kgrep_subr_pagesize(void)
1460 {
1461 	return (PAGESIZE);
1462 }
1463 
1464 typedef struct file_walk_data {
1465 	struct uf_entry *fw_flist;
1466 	int fw_flistsz;
1467 	int fw_ndx;
1468 	int fw_nofiles;
1469 } file_walk_data_t;
1470 
1471 int
1472 file_walk_init(mdb_walk_state_t *wsp)
1473 {
1474 	file_walk_data_t *fw;
1475 	proc_t p;
1476 
1477 	if (wsp->walk_addr == NULL) {
1478 		mdb_warn("file walk doesn't support global walks\n");
1479 		return (WALK_ERR);
1480 	}
1481 
1482 	fw = mdb_alloc(sizeof (file_walk_data_t), UM_SLEEP);
1483 
1484 	if (mdb_vread(&p, sizeof (p), wsp->walk_addr) == -1) {
1485 		mdb_free(fw, sizeof (file_walk_data_t));
1486 		mdb_warn("failed to read proc structure at %p", wsp->walk_addr);
1487 		return (WALK_ERR);
1488 	}
1489 
1490 	if (p.p_user.u_finfo.fi_nfiles == 0) {
1491 		mdb_free(fw, sizeof (file_walk_data_t));
1492 		return (WALK_DONE);
1493 	}
1494 
1495 	fw->fw_nofiles = p.p_user.u_finfo.fi_nfiles;
1496 	fw->fw_flistsz = sizeof (struct uf_entry) * fw->fw_nofiles;
1497 	fw->fw_flist = mdb_alloc(fw->fw_flistsz, UM_SLEEP);
1498 
1499 	if (mdb_vread(fw->fw_flist, fw->fw_flistsz,
1500 	    (uintptr_t)p.p_user.u_finfo.fi_list) == -1) {
1501 		mdb_warn("failed to read file array at %p",
1502 		    p.p_user.u_finfo.fi_list);
1503 		mdb_free(fw->fw_flist, fw->fw_flistsz);
1504 		mdb_free(fw, sizeof (file_walk_data_t));
1505 		return (WALK_ERR);
1506 	}
1507 
1508 	fw->fw_ndx = 0;
1509 	wsp->walk_data = fw;
1510 
1511 	return (WALK_NEXT);
1512 }
1513 
1514 int
1515 file_walk_step(mdb_walk_state_t *wsp)
1516 {
1517 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
1518 	struct file file;
1519 	uintptr_t fp;
1520 
1521 again:
1522 	if (fw->fw_ndx == fw->fw_nofiles)
1523 		return (WALK_DONE);
1524 
1525 	if ((fp = (uintptr_t)fw->fw_flist[fw->fw_ndx++].uf_file) == NULL)
1526 		goto again;
1527 
1528 	(void) mdb_vread(&file, sizeof (file), (uintptr_t)fp);
1529 	return (wsp->walk_callback(fp, &file, wsp->walk_cbdata));
1530 }
1531 
1532 int
1533 allfile_walk_step(mdb_walk_state_t *wsp)
1534 {
1535 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
1536 	struct file file;
1537 	uintptr_t fp;
1538 
1539 	if (fw->fw_ndx == fw->fw_nofiles)
1540 		return (WALK_DONE);
1541 
1542 	if ((fp = (uintptr_t)fw->fw_flist[fw->fw_ndx++].uf_file) != NULL)
1543 		(void) mdb_vread(&file, sizeof (file), (uintptr_t)fp);
1544 	else
1545 		bzero(&file, sizeof (file));
1546 
1547 	return (wsp->walk_callback(fp, &file, wsp->walk_cbdata));
1548 }
1549 
1550 void
1551 file_walk_fini(mdb_walk_state_t *wsp)
1552 {
1553 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
1554 
1555 	mdb_free(fw->fw_flist, fw->fw_flistsz);
1556 	mdb_free(fw, sizeof (file_walk_data_t));
1557 }
1558 
1559 int
1560 port_walk_init(mdb_walk_state_t *wsp)
1561 {
1562 	if (wsp->walk_addr == NULL) {
1563 		mdb_warn("port walk doesn't support global walks\n");
1564 		return (WALK_ERR);
1565 	}
1566 
1567 	if (mdb_layered_walk("file", wsp) == -1) {
1568 		mdb_warn("couldn't walk 'file'");
1569 		return (WALK_ERR);
1570 	}
1571 	return (WALK_NEXT);
1572 }
1573 
1574 int
1575 port_walk_step(mdb_walk_state_t *wsp)
1576 {
1577 	struct vnode	vn;
1578 	uintptr_t	vp;
1579 	uintptr_t	pp;
1580 	struct port	port;
1581 
1582 	vp = (uintptr_t)((struct file *)wsp->walk_layer)->f_vnode;
1583 	if (mdb_vread(&vn, sizeof (vn), vp) == -1) {
1584 		mdb_warn("failed to read vnode_t at %p", vp);
1585 		return (WALK_ERR);
1586 	}
1587 	if (vn.v_type != VPORT)
1588 		return (WALK_NEXT);
1589 
1590 	pp = (uintptr_t)vn.v_data;
1591 	if (mdb_vread(&port, sizeof (port), pp) == -1) {
1592 		mdb_warn("failed to read port_t at %p", pp);
1593 		return (WALK_ERR);
1594 	}
1595 	return (wsp->walk_callback(pp, &port, wsp->walk_cbdata));
1596 }
1597 
1598 typedef struct portev_walk_data {
1599 	list_node_t	*pev_node;
1600 	list_node_t	*pev_last;
1601 	size_t		pev_offset;
1602 } portev_walk_data_t;
1603 
1604 int
1605 portev_walk_init(mdb_walk_state_t *wsp)
1606 {
1607 	portev_walk_data_t *pevd;
1608 	struct port	port;
1609 	struct vnode	vn;
1610 	struct list	*list;
1611 	uintptr_t	vp;
1612 
1613 	if (wsp->walk_addr == NULL) {
1614 		mdb_warn("portev walk doesn't support global walks\n");
1615 		return (WALK_ERR);
1616 	}
1617 
1618 	pevd = mdb_alloc(sizeof (portev_walk_data_t), UM_SLEEP);
1619 
1620 	if (mdb_vread(&port, sizeof (port), wsp->walk_addr) == -1) {
1621 		mdb_free(pevd, sizeof (portev_walk_data_t));
1622 		mdb_warn("failed to read port structure at %p", wsp->walk_addr);
1623 		return (WALK_ERR);
1624 	}
1625 
1626 	vp = (uintptr_t)port.port_vnode;
1627 	if (mdb_vread(&vn, sizeof (vn), vp) == -1) {
1628 		mdb_free(pevd, sizeof (portev_walk_data_t));
1629 		mdb_warn("failed to read vnode_t at %p", vp);
1630 		return (WALK_ERR);
1631 	}
1632 
1633 	if (vn.v_type != VPORT) {
1634 		mdb_free(pevd, sizeof (portev_walk_data_t));
1635 		mdb_warn("input address (%p) does not point to an event port",
1636 		    wsp->walk_addr);
1637 		return (WALK_ERR);
1638 	}
1639 
1640 	if (port.port_queue.portq_nent == 0) {
1641 		mdb_free(pevd, sizeof (portev_walk_data_t));
1642 		return (WALK_DONE);
1643 	}
1644 	list = &port.port_queue.portq_list;
1645 	pevd->pev_offset = list->list_offset;
1646 	pevd->pev_last = list->list_head.list_prev;
1647 	pevd->pev_node = list->list_head.list_next;
1648 	wsp->walk_data = pevd;
1649 	return (WALK_NEXT);
1650 }
1651 
1652 int
1653 portev_walk_step(mdb_walk_state_t *wsp)
1654 {
1655 	portev_walk_data_t	*pevd;
1656 	struct port_kevent	ev;
1657 	uintptr_t		evp;
1658 
1659 	pevd = (portev_walk_data_t *)wsp->walk_data;
1660 
1661 	if (pevd->pev_last == NULL)
1662 		return (WALK_DONE);
1663 	if (pevd->pev_node == pevd->pev_last)
1664 		pevd->pev_last = NULL;		/* last round */
1665 
1666 	evp = ((uintptr_t)(((char *)pevd->pev_node) - pevd->pev_offset));
1667 	if (mdb_vread(&ev, sizeof (ev), evp) == -1) {
1668 		mdb_warn("failed to read port_kevent at %p", evp);
1669 		return (WALK_DONE);
1670 	}
1671 	pevd->pev_node = ev.portkev_node.list_next;
1672 	return (wsp->walk_callback(evp, &ev, wsp->walk_cbdata));
1673 }
1674 
1675 void
1676 portev_walk_fini(mdb_walk_state_t *wsp)
1677 {
1678 	portev_walk_data_t *pevd = (portev_walk_data_t *)wsp->walk_data;
1679 
1680 	if (pevd != NULL)
1681 		mdb_free(pevd, sizeof (portev_walk_data_t));
1682 }
1683 
1684 typedef struct proc_walk_data {
1685 	uintptr_t *pw_stack;
1686 	int pw_depth;
1687 	int pw_max;
1688 } proc_walk_data_t;
1689 
1690 int
1691 proc_walk_init(mdb_walk_state_t *wsp)
1692 {
1693 	GElf_Sym sym;
1694 	proc_walk_data_t *pw;
1695 
1696 	if (wsp->walk_addr == NULL) {
1697 		if (mdb_lookup_by_name("p0", &sym) == -1) {
1698 			mdb_warn("failed to read 'practive'");
1699 			return (WALK_ERR);
1700 		}
1701 		wsp->walk_addr = (uintptr_t)sym.st_value;
1702 	}
1703 
1704 	pw = mdb_zalloc(sizeof (proc_walk_data_t), UM_SLEEP);
1705 
1706 	if (mdb_readvar(&pw->pw_max, "nproc") == -1) {
1707 		mdb_warn("failed to read 'nproc'");
1708 		mdb_free(pw, sizeof (pw));
1709 		return (WALK_ERR);
1710 	}
1711 
1712 	pw->pw_stack = mdb_alloc(pw->pw_max * sizeof (uintptr_t), UM_SLEEP);
1713 	wsp->walk_data = pw;
1714 
1715 	return (WALK_NEXT);
1716 }
1717 
1718 int
1719 proc_walk_step(mdb_walk_state_t *wsp)
1720 {
1721 	proc_walk_data_t *pw = wsp->walk_data;
1722 	uintptr_t addr = wsp->walk_addr;
1723 	uintptr_t cld, sib;
1724 
1725 	int status;
1726 	proc_t pr;
1727 
1728 	if (mdb_vread(&pr, sizeof (proc_t), addr) == -1) {
1729 		mdb_warn("failed to read proc at %p", addr);
1730 		return (WALK_DONE);
1731 	}
1732 
1733 	cld = (uintptr_t)pr.p_child;
1734 	sib = (uintptr_t)pr.p_sibling;
1735 
1736 	if (pw->pw_depth > 0 && addr == pw->pw_stack[pw->pw_depth - 1]) {
1737 		pw->pw_depth--;
1738 		goto sib;
1739 	}
1740 
1741 	status = wsp->walk_callback(addr, &pr, wsp->walk_cbdata);
1742 
1743 	if (status != WALK_NEXT)
1744 		return (status);
1745 
1746 	if ((wsp->walk_addr = cld) != NULL) {
1747 		if (mdb_vread(&pr, sizeof (proc_t), cld) == -1) {
1748 			mdb_warn("proc %p has invalid p_child %p; skipping\n",
1749 			    addr, cld);
1750 			goto sib;
1751 		}
1752 
1753 		pw->pw_stack[pw->pw_depth++] = addr;
1754 
1755 		if (pw->pw_depth == pw->pw_max) {
1756 			mdb_warn("depth %d exceeds max depth; try again\n",
1757 			    pw->pw_depth);
1758 			return (WALK_DONE);
1759 		}
1760 		return (WALK_NEXT);
1761 	}
1762 
1763 sib:
1764 	/*
1765 	 * We know that p0 has no siblings, and if another starting proc
1766 	 * was given, we don't want to walk its siblings anyway.
1767 	 */
1768 	if (pw->pw_depth == 0)
1769 		return (WALK_DONE);
1770 
1771 	if (sib != NULL && mdb_vread(&pr, sizeof (proc_t), sib) == -1) {
1772 		mdb_warn("proc %p has invalid p_sibling %p; skipping\n",
1773 		    addr, sib);
1774 		sib = NULL;
1775 	}
1776 
1777 	if ((wsp->walk_addr = sib) == NULL) {
1778 		if (pw->pw_depth > 0) {
1779 			wsp->walk_addr = pw->pw_stack[pw->pw_depth - 1];
1780 			return (WALK_NEXT);
1781 		}
1782 		return (WALK_DONE);
1783 	}
1784 
1785 	return (WALK_NEXT);
1786 }
1787 
1788 void
1789 proc_walk_fini(mdb_walk_state_t *wsp)
1790 {
1791 	proc_walk_data_t *pw = wsp->walk_data;
1792 
1793 	mdb_free(pw->pw_stack, pw->pw_max * sizeof (uintptr_t));
1794 	mdb_free(pw, sizeof (proc_walk_data_t));
1795 }
1796 
1797 int
1798 task_walk_init(mdb_walk_state_t *wsp)
1799 {
1800 	task_t task;
1801 
1802 	if (mdb_vread(&task, sizeof (task_t), wsp->walk_addr) == -1) {
1803 		mdb_warn("failed to read task at %p", wsp->walk_addr);
1804 		return (WALK_ERR);
1805 	}
1806 	wsp->walk_addr = (uintptr_t)task.tk_memb_list;
1807 	wsp->walk_data = task.tk_memb_list;
1808 	return (WALK_NEXT);
1809 }
1810 
1811 int
1812 task_walk_step(mdb_walk_state_t *wsp)
1813 {
1814 	proc_t proc;
1815 	int status;
1816 
1817 	if (mdb_vread(&proc, sizeof (proc_t), wsp->walk_addr) == -1) {
1818 		mdb_warn("failed to read proc at %p", wsp->walk_addr);
1819 		return (WALK_DONE);
1820 	}
1821 
1822 	status = wsp->walk_callback(wsp->walk_addr, NULL, wsp->walk_cbdata);
1823 
1824 	if (proc.p_tasknext == wsp->walk_data)
1825 		return (WALK_DONE);
1826 
1827 	wsp->walk_addr = (uintptr_t)proc.p_tasknext;
1828 	return (status);
1829 }
1830 
1831 int
1832 project_walk_init(mdb_walk_state_t *wsp)
1833 {
1834 	if (wsp->walk_addr == NULL) {
1835 		if (mdb_readvar(&wsp->walk_addr, "proj0p") == -1) {
1836 			mdb_warn("failed to read 'proj0p'");
1837 			return (WALK_ERR);
1838 		}
1839 	}
1840 	wsp->walk_data = (void *)wsp->walk_addr;
1841 	return (WALK_NEXT);
1842 }
1843 
1844 int
1845 project_walk_step(mdb_walk_state_t *wsp)
1846 {
1847 	uintptr_t addr = wsp->walk_addr;
1848 	kproject_t pj;
1849 	int status;
1850 
1851 	if (mdb_vread(&pj, sizeof (kproject_t), addr) == -1) {
1852 		mdb_warn("failed to read project at %p", addr);
1853 		return (WALK_DONE);
1854 	}
1855 	status = wsp->walk_callback(addr, &pj, wsp->walk_cbdata);
1856 	if (status != WALK_NEXT)
1857 		return (status);
1858 	wsp->walk_addr = (uintptr_t)pj.kpj_next;
1859 	if ((void *)wsp->walk_addr == wsp->walk_data)
1860 		return (WALK_DONE);
1861 	return (WALK_NEXT);
1862 }
1863 
1864 static int
1865 generic_walk_step(mdb_walk_state_t *wsp)
1866 {
1867 	return (wsp->walk_callback(wsp->walk_addr, wsp->walk_layer,
1868 	    wsp->walk_cbdata));
1869 }
1870 
1871 struct aw_info {
1872 	void *aw_buff;		/* buffer to hold the tree's data structure */
1873 	avl_tree_t aw_tree;	/* copy of avl_tree_t being walked */
1874 };
1875 
1876 /*
1877  * common code used to find the addr of the the leftmost child below
1878  * an AVL node
1879  */
1880 static uintptr_t
1881 avl_leftmostchild(uintptr_t addr, void * buff, size_t offset, size_t size)
1882 {
1883 	avl_node_t *node = (avl_node_t *)((uintptr_t)buff + offset);
1884 
1885 	for (;;) {
1886 		addr -= offset;
1887 		if (mdb_vread(buff, size, addr) == -1) {
1888 			mdb_warn("read of avl_node_t failed: %p", addr);
1889 			return ((uintptr_t)-1L);
1890 		}
1891 		if (node->avl_child[0] == NULL)
1892 			break;
1893 		addr = (uintptr_t)node->avl_child[0];
1894 	}
1895 	return (addr);
1896 }
1897 
1898 /*
1899  * initialize a forward walk thru an avl tree.
1900  */
1901 int
1902 avl_walk_init(mdb_walk_state_t *wsp)
1903 {
1904 	struct aw_info *aw;
1905 	avl_tree_t *tree;
1906 	uintptr_t addr;
1907 
1908 	/*
1909 	 * allocate the AVL walk data
1910 	 */
1911 	wsp->walk_data = aw = mdb_zalloc(sizeof (struct aw_info), UM_SLEEP);
1912 
1913 	/*
1914 	 * get an mdb copy of the avl_tree_t being walked
1915 	 */
1916 	tree = &aw->aw_tree;
1917 	if (mdb_vread(tree, sizeof (avl_tree_t), wsp->walk_addr) == -1) {
1918 		mdb_warn("read of avl_tree_t failed: %p", wsp->walk_addr);
1919 		goto error;
1920 	}
1921 	if (tree->avl_size < tree->avl_offset + sizeof (avl_node_t)) {
1922 		mdb_warn("invalid avl_tree_t at %p, avl_size:%d, avl_offset:%d",
1923 		    wsp->walk_addr, tree->avl_size, tree->avl_offset);
1924 		goto error;
1925 	}
1926 
1927 	/*
1928 	 * allocate a buffer to hold the mdb copy of tree's structs
1929 	 * "node" always points at the avl_node_t field inside the struct
1930 	 */
1931 	aw->aw_buff = mdb_zalloc(tree->avl_size, UM_SLEEP);
1932 
1933 	/*
1934 	 * get the first avl_node_t address, use same algorithm
1935 	 * as avl_start() -- leftmost child in tree from root
1936 	 */
1937 	addr = (uintptr_t)tree->avl_root;
1938 	if (addr == NULL) {
1939 		wsp->walk_addr = NULL;
1940 		return (WALK_NEXT);
1941 	}
1942 	addr = avl_leftmostchild(addr, aw->aw_buff, tree->avl_offset,
1943 	    tree->avl_size);
1944 	if (addr == (uintptr_t)-1L)
1945 		goto error;
1946 
1947 	wsp->walk_addr = addr;
1948 	return (WALK_NEXT);
1949 
1950 error:
1951 	if (aw->aw_buff != NULL)
1952 		mdb_free(aw->aw_buff, sizeof (tree->avl_size));
1953 	mdb_free(aw, sizeof (struct aw_info));
1954 	return (WALK_ERR);
1955 }
1956 
1957 /*
1958  * At each step, visit (callback) the current node, then move to the next
1959  * in the AVL tree.  Uses the same algorithm as avl_walk().
1960  */
1961 int
1962 avl_walk_step(mdb_walk_state_t *wsp)
1963 {
1964 	struct aw_info *aw;
1965 	size_t offset;
1966 	size_t size;
1967 	uintptr_t addr;
1968 	avl_node_t *node;
1969 	int status;
1970 	int was_child;
1971 
1972 	/*
1973 	 * don't walk past the end of the tree!
1974 	 */
1975 	addr = wsp->walk_addr;
1976 	if (addr == NULL)
1977 		return (WALK_DONE);
1978 
1979 	aw = (struct aw_info *)wsp->walk_data;
1980 	size = aw->aw_tree.avl_size;
1981 	offset = aw->aw_tree.avl_offset;
1982 	node = (avl_node_t *)((uintptr_t)aw->aw_buff + offset);
1983 
1984 	/*
1985 	 * must read the current node for the call back to use
1986 	 */
1987 	if (mdb_vread(aw->aw_buff, size, addr) == -1) {
1988 		mdb_warn("read of avl_node_t failed: %p", addr);
1989 		return (WALK_ERR);
1990 	}
1991 
1992 	/*
1993 	 * do the call back
1994 	 */
1995 	status = wsp->walk_callback(addr, aw->aw_buff, wsp->walk_cbdata);
1996 	if (status != WALK_NEXT)
1997 		return (status);
1998 
1999 	/*
2000 	 * move to the next node....
2001 	 * note we read in new nodes, so the pointer to the buffer is fixed
2002 	 */
2003 
2004 	/*
2005 	 * if the node has a right child then go to it and then all the way
2006 	 * thru as many left children as possible
2007 	 */
2008 	addr = (uintptr_t)node->avl_child[1];
2009 	if (addr != NULL) {
2010 		addr = avl_leftmostchild(addr, aw->aw_buff, offset, size);
2011 		if (addr == (uintptr_t)-1L)
2012 			return (WALK_ERR);
2013 
2014 	/*
2015 	 * othewise return to parent nodes, stopping if we ever return from
2016 	 * a left child
2017 	 */
2018 	} else {
2019 		for (;;) {
2020 			was_child = AVL_XCHILD(node);
2021 			addr = (uintptr_t)AVL_XPARENT(node);
2022 			if (addr == NULL)
2023 				break;
2024 			addr -= offset;
2025 			if (was_child == 0) /* stop on return from left child */
2026 				break;
2027 			if (mdb_vread(aw->aw_buff, size, addr) == -1) {
2028 				mdb_warn("read of avl_node_t failed: %p", addr);
2029 				return (WALK_ERR);
2030 			}
2031 		}
2032 	}
2033 
2034 	wsp->walk_addr = addr;
2035 	return (WALK_NEXT);
2036 }
2037 
2038 /*
2039  * Release the memory allocated for the walk
2040  */
2041 void
2042 avl_walk_fini(mdb_walk_state_t *wsp)
2043 {
2044 	struct aw_info *aw;
2045 
2046 	aw = (struct aw_info *)wsp->walk_data;
2047 
2048 	if (aw == NULL)
2049 		return;
2050 
2051 	if (aw->aw_buff != NULL)
2052 		mdb_free(aw->aw_buff, aw->aw_tree.avl_size);
2053 
2054 	mdb_free(aw, sizeof (struct aw_info));
2055 }
2056 
2057 
2058 int
2059 seg_walk_init(mdb_walk_state_t *wsp)
2060 {
2061 	if (wsp->walk_addr == NULL) {
2062 		mdb_warn("seg walk must begin at struct as *\n");
2063 		return (WALK_ERR);
2064 	}
2065 
2066 	/*
2067 	 * this is really just a wrapper to AVL tree walk
2068 	 */
2069 	wsp->walk_addr = (uintptr_t)&((struct as *)wsp->walk_addr)->a_segtree;
2070 	return (avl_walk_init(wsp));
2071 }
2072 
2073 static int
2074 cpu_walk_cmp(const void *l, const void *r)
2075 {
2076 	uintptr_t lhs = *((uintptr_t *)l);
2077 	uintptr_t rhs = *((uintptr_t *)r);
2078 	cpu_t lcpu, rcpu;
2079 
2080 	(void) mdb_vread(&lcpu, sizeof (lcpu), lhs);
2081 	(void) mdb_vread(&rcpu, sizeof (rcpu), rhs);
2082 
2083 	if (lcpu.cpu_id < rcpu.cpu_id)
2084 		return (-1);
2085 
2086 	if (lcpu.cpu_id > rcpu.cpu_id)
2087 		return (1);
2088 
2089 	return (0);
2090 }
2091 
2092 typedef struct cpu_walk {
2093 	uintptr_t *cw_array;
2094 	int cw_ndx;
2095 } cpu_walk_t;
2096 
2097 int
2098 cpu_walk_init(mdb_walk_state_t *wsp)
2099 {
2100 	cpu_walk_t *cw;
2101 	int max_ncpus, i = 0;
2102 	uintptr_t current, first;
2103 	cpu_t cpu, panic_cpu;
2104 	uintptr_t panicstr, addr;
2105 	GElf_Sym sym;
2106 
2107 	cw = mdb_zalloc(sizeof (cpu_walk_t), UM_SLEEP | UM_GC);
2108 
2109 	if (mdb_readvar(&max_ncpus, "max_ncpus") == -1) {
2110 		mdb_warn("failed to read 'max_ncpus'");
2111 		return (WALK_ERR);
2112 	}
2113 
2114 	if (mdb_readvar(&panicstr, "panicstr") == -1) {
2115 		mdb_warn("failed to read 'panicstr'");
2116 		return (WALK_ERR);
2117 	}
2118 
2119 	if (panicstr != NULL) {
2120 		if (mdb_lookup_by_name("panic_cpu", &sym) == -1) {
2121 			mdb_warn("failed to find 'panic_cpu'");
2122 			return (WALK_ERR);
2123 		}
2124 
2125 		addr = (uintptr_t)sym.st_value;
2126 
2127 		if (mdb_vread(&panic_cpu, sizeof (cpu_t), addr) == -1) {
2128 			mdb_warn("failed to read 'panic_cpu'");
2129 			return (WALK_ERR);
2130 		}
2131 	}
2132 
2133 	/*
2134 	 * Unfortunately, there is no platform-independent way to walk
2135 	 * CPUs in ID order.  We therefore loop through in cpu_next order,
2136 	 * building an array of CPU pointers which will subsequently be
2137 	 * sorted.
2138 	 */
2139 	cw->cw_array =
2140 	    mdb_zalloc((max_ncpus + 1) * sizeof (uintptr_t), UM_SLEEP | UM_GC);
2141 
2142 	if (mdb_readvar(&first, "cpu_list") == -1) {
2143 		mdb_warn("failed to read 'cpu_list'");
2144 		return (WALK_ERR);
2145 	}
2146 
2147 	current = first;
2148 	do {
2149 		if (mdb_vread(&cpu, sizeof (cpu), current) == -1) {
2150 			mdb_warn("failed to read cpu at %p", current);
2151 			return (WALK_ERR);
2152 		}
2153 
2154 		if (panicstr != NULL && panic_cpu.cpu_id == cpu.cpu_id) {
2155 			cw->cw_array[i++] = addr;
2156 		} else {
2157 			cw->cw_array[i++] = current;
2158 		}
2159 	} while ((current = (uintptr_t)cpu.cpu_next) != first);
2160 
2161 	qsort(cw->cw_array, i, sizeof (uintptr_t), cpu_walk_cmp);
2162 	wsp->walk_data = cw;
2163 
2164 	return (WALK_NEXT);
2165 }
2166 
2167 int
2168 cpu_walk_step(mdb_walk_state_t *wsp)
2169 {
2170 	cpu_walk_t *cw = wsp->walk_data;
2171 	cpu_t cpu;
2172 	uintptr_t addr = cw->cw_array[cw->cw_ndx++];
2173 
2174 	if (addr == NULL)
2175 		return (WALK_DONE);
2176 
2177 	if (mdb_vread(&cpu, sizeof (cpu), addr) == -1) {
2178 		mdb_warn("failed to read cpu at %p", addr);
2179 		return (WALK_DONE);
2180 	}
2181 
2182 	return (wsp->walk_callback(addr, &cpu, wsp->walk_cbdata));
2183 }
2184 
2185 typedef struct cpuinfo_data {
2186 	intptr_t cid_cpu;
2187 	uintptr_t cid_lbolt;
2188 	uintptr_t **cid_ithr;
2189 	char	cid_print_head;
2190 	char	cid_print_thr;
2191 	char	cid_print_ithr;
2192 	char	cid_print_flags;
2193 } cpuinfo_data_t;
2194 
2195 int
2196 cpuinfo_walk_ithread(uintptr_t addr, const kthread_t *thr, cpuinfo_data_t *cid)
2197 {
2198 	cpu_t c;
2199 	int id;
2200 	uint8_t pil;
2201 
2202 	if (!(thr->t_flag & T_INTR_THREAD) || thr->t_state == TS_FREE)
2203 		return (WALK_NEXT);
2204 
2205 	if (thr->t_bound_cpu == NULL) {
2206 		mdb_warn("thr %p is intr thread w/out a CPU\n", addr);
2207 		return (WALK_NEXT);
2208 	}
2209 
2210 	(void) mdb_vread(&c, sizeof (c), (uintptr_t)thr->t_bound_cpu);
2211 
2212 	if ((id = c.cpu_id) >= NCPU) {
2213 		mdb_warn("CPU %p has id (%d) greater than NCPU (%d)\n",
2214 		    thr->t_bound_cpu, id, NCPU);
2215 		return (WALK_NEXT);
2216 	}
2217 
2218 	if ((pil = thr->t_pil) >= NINTR) {
2219 		mdb_warn("thread %p has pil (%d) greater than %d\n",
2220 		    addr, pil, NINTR);
2221 		return (WALK_NEXT);
2222 	}
2223 
2224 	if (cid->cid_ithr[id][pil] != NULL) {
2225 		mdb_warn("CPU %d has multiple threads at pil %d (at least "
2226 		    "%p and %p)\n", id, pil, addr, cid->cid_ithr[id][pil]);
2227 		return (WALK_NEXT);
2228 	}
2229 
2230 	cid->cid_ithr[id][pil] = addr;
2231 
2232 	return (WALK_NEXT);
2233 }
2234 
2235 #define	CPUINFO_IDWIDTH		3
2236 #define	CPUINFO_FLAGWIDTH	9
2237 
2238 #ifdef _LP64
2239 #if defined(__amd64)
2240 #define	CPUINFO_TWIDTH		16
2241 #define	CPUINFO_CPUWIDTH	16
2242 #else
2243 #define	CPUINFO_CPUWIDTH	11
2244 #define	CPUINFO_TWIDTH		11
2245 #endif
2246 #else
2247 #define	CPUINFO_CPUWIDTH	8
2248 #define	CPUINFO_TWIDTH		8
2249 #endif
2250 
2251 #define	CPUINFO_THRDELT		(CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH + 9)
2252 #define	CPUINFO_FLAGDELT	(CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH + 4)
2253 #define	CPUINFO_ITHRDELT	4
2254 
2255 #define	CPUINFO_INDENT	mdb_printf("%*s", CPUINFO_THRDELT, \
2256     flagline < nflaglines ? flagbuf[flagline++] : "")
2257 
2258 int
2259 cpuinfo_walk_cpu(uintptr_t addr, const cpu_t *cpu, cpuinfo_data_t *cid)
2260 {
2261 	kthread_t t;
2262 	disp_t disp;
2263 	proc_t p;
2264 	uintptr_t pinned;
2265 	char **flagbuf;
2266 	int nflaglines = 0, flagline = 0, bspl, rval = WALK_NEXT;
2267 
2268 	const char *flags[] = {
2269 	    "RUNNING", "READY", "QUIESCED", "EXISTS",
2270 	    "ENABLE", "OFFLINE", "POWEROFF", "FROZEN",
2271 	    "SPARE", "FAULTED", NULL
2272 	};
2273 
2274 	if (cid->cid_cpu != -1) {
2275 		if (addr != cid->cid_cpu && cpu->cpu_id != cid->cid_cpu)
2276 			return (WALK_NEXT);
2277 
2278 		/*
2279 		 * Set cid_cpu to -1 to indicate that we found a matching CPU.
2280 		 */
2281 		cid->cid_cpu = -1;
2282 		rval = WALK_DONE;
2283 	}
2284 
2285 	if (cid->cid_print_head) {
2286 		mdb_printf("%3s %-*s %3s %4s %4s %3s %4s %5s %-6s %-*s %s\n",
2287 		    "ID", CPUINFO_CPUWIDTH, "ADDR", "FLG", "NRUN", "BSPL",
2288 		    "PRI", "RNRN", "KRNRN", "SWITCH", CPUINFO_TWIDTH, "THREAD",
2289 		    "PROC");
2290 		cid->cid_print_head = FALSE;
2291 	}
2292 
2293 	bspl = cpu->cpu_base_spl;
2294 
2295 	if (mdb_vread(&disp, sizeof (disp_t), (uintptr_t)cpu->cpu_disp) == -1) {
2296 		mdb_warn("failed to read disp_t at %p", cpu->cpu_disp);
2297 		return (WALK_ERR);
2298 	}
2299 
2300 	mdb_printf("%3d %0*p %3x %4d %4d ",
2301 	    cpu->cpu_id, CPUINFO_CPUWIDTH, addr, cpu->cpu_flags,
2302 	    disp.disp_nrunnable, bspl);
2303 
2304 	if (mdb_vread(&t, sizeof (t), (uintptr_t)cpu->cpu_thread) != -1) {
2305 		mdb_printf("%3d ", t.t_pri);
2306 	} else {
2307 		mdb_printf("%3s ", "-");
2308 	}
2309 
2310 	mdb_printf("%4s %5s ", cpu->cpu_runrun ? "yes" : "no",
2311 	    cpu->cpu_kprunrun ? "yes" : "no");
2312 
2313 	if (cpu->cpu_last_swtch) {
2314 		clock_t lbolt;
2315 
2316 		if (mdb_vread(&lbolt, sizeof (lbolt), cid->cid_lbolt) == -1) {
2317 			mdb_warn("failed to read lbolt at %p", cid->cid_lbolt);
2318 			return (WALK_ERR);
2319 		}
2320 		mdb_printf("t-%-4d ", lbolt - cpu->cpu_last_swtch);
2321 	} else {
2322 		mdb_printf("%-6s ", "-");
2323 	}
2324 
2325 	mdb_printf("%0*p", CPUINFO_TWIDTH, cpu->cpu_thread);
2326 
2327 	if (cpu->cpu_thread == cpu->cpu_idle_thread)
2328 		mdb_printf(" (idle)\n");
2329 	else if (cpu->cpu_thread == NULL)
2330 		mdb_printf(" -\n");
2331 	else {
2332 		if (mdb_vread(&p, sizeof (p), (uintptr_t)t.t_procp) != -1) {
2333 			mdb_printf(" %s\n", p.p_user.u_comm);
2334 		} else {
2335 			mdb_printf(" ?\n");
2336 		}
2337 	}
2338 
2339 	flagbuf = mdb_zalloc(sizeof (flags), UM_SLEEP | UM_GC);
2340 
2341 	if (cid->cid_print_flags) {
2342 		int first = 1, i, j, k;
2343 		char *s;
2344 
2345 		cid->cid_print_head = TRUE;
2346 
2347 		for (i = 1, j = 0; flags[j] != NULL; i <<= 1, j++) {
2348 			if (!(cpu->cpu_flags & i))
2349 				continue;
2350 
2351 			if (first) {
2352 				s = mdb_alloc(CPUINFO_THRDELT + 1,
2353 				    UM_GC | UM_SLEEP);
2354 
2355 				(void) mdb_snprintf(s, CPUINFO_THRDELT + 1,
2356 				    "%*s|%*s", CPUINFO_FLAGDELT, "",
2357 				    CPUINFO_THRDELT - 1 - CPUINFO_FLAGDELT, "");
2358 				flagbuf[nflaglines++] = s;
2359 			}
2360 
2361 			s = mdb_alloc(CPUINFO_THRDELT + 1, UM_GC | UM_SLEEP);
2362 			(void) mdb_snprintf(s, CPUINFO_THRDELT + 1, "%*s%*s %s",
2363 			    CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH -
2364 			    CPUINFO_FLAGWIDTH, "", CPUINFO_FLAGWIDTH, flags[j],
2365 			    first ? "<--+" : "");
2366 
2367 			for (k = strlen(s); k < CPUINFO_THRDELT; k++)
2368 				s[k] = ' ';
2369 			s[k] = '\0';
2370 
2371 			flagbuf[nflaglines++] = s;
2372 			first = 0;
2373 		}
2374 	}
2375 
2376 	if (cid->cid_print_ithr) {
2377 		int i, found_one = FALSE;
2378 		int print_thr = disp.disp_nrunnable && cid->cid_print_thr;
2379 
2380 		for (i = NINTR - 1; i >= 0; i--) {
2381 			uintptr_t iaddr = cid->cid_ithr[cpu->cpu_id][i];
2382 
2383 			if (iaddr == NULL)
2384 				continue;
2385 
2386 			if (!found_one) {
2387 				found_one = TRUE;
2388 
2389 				CPUINFO_INDENT;
2390 				mdb_printf("%c%*s|\n", print_thr ? '|' : ' ',
2391 				    CPUINFO_ITHRDELT, "");
2392 
2393 				CPUINFO_INDENT;
2394 				mdb_printf("%c%*s+--> %3s %s\n",
2395 				    print_thr ? '|' : ' ', CPUINFO_ITHRDELT,
2396 				    "", "PIL", "THREAD");
2397 			}
2398 
2399 			if (mdb_vread(&t, sizeof (t), iaddr) == -1) {
2400 				mdb_warn("failed to read kthread_t at %p",
2401 				    iaddr);
2402 				return (WALK_ERR);
2403 			}
2404 
2405 			CPUINFO_INDENT;
2406 			mdb_printf("%c%*s     %3d %0*p\n",
2407 			    print_thr ? '|' : ' ', CPUINFO_ITHRDELT, "",
2408 			    t.t_pil, CPUINFO_TWIDTH, iaddr);
2409 
2410 			pinned = (uintptr_t)t.t_intr;
2411 		}
2412 
2413 		if (found_one && pinned != NULL) {
2414 			cid->cid_print_head = TRUE;
2415 			(void) strcpy(p.p_user.u_comm, "?");
2416 
2417 			if (mdb_vread(&t, sizeof (t),
2418 			    (uintptr_t)pinned) == -1) {
2419 				mdb_warn("failed to read kthread_t at %p",
2420 				    pinned);
2421 				return (WALK_ERR);
2422 			}
2423 			if (mdb_vread(&p, sizeof (p),
2424 			    (uintptr_t)t.t_procp) == -1) {
2425 				mdb_warn("failed to read proc_t at %p",
2426 				    t.t_procp);
2427 				return (WALK_ERR);
2428 			}
2429 
2430 			CPUINFO_INDENT;
2431 			mdb_printf("%c%*s     %3s %0*p %s\n",
2432 			    print_thr ? '|' : ' ', CPUINFO_ITHRDELT, "", "-",
2433 			    CPUINFO_TWIDTH, pinned,
2434 			    pinned == (uintptr_t)cpu->cpu_idle_thread ?
2435 			    "(idle)" : p.p_user.u_comm);
2436 		}
2437 	}
2438 
2439 	if (disp.disp_nrunnable && cid->cid_print_thr) {
2440 		dispq_t *dq;
2441 
2442 		int i, npri = disp.disp_npri;
2443 
2444 		dq = mdb_alloc(sizeof (dispq_t) * npri, UM_SLEEP | UM_GC);
2445 
2446 		if (mdb_vread(dq, sizeof (dispq_t) * npri,
2447 		    (uintptr_t)disp.disp_q) == -1) {
2448 			mdb_warn("failed to read dispq_t at %p", disp.disp_q);
2449 			return (WALK_ERR);
2450 		}
2451 
2452 		CPUINFO_INDENT;
2453 		mdb_printf("|\n");
2454 
2455 		CPUINFO_INDENT;
2456 		mdb_printf("+-->  %3s %-*s %s\n", "PRI",
2457 		    CPUINFO_TWIDTH, "THREAD", "PROC");
2458 
2459 		for (i = npri - 1; i >= 0; i--) {
2460 			uintptr_t taddr = (uintptr_t)dq[i].dq_first;
2461 
2462 			while (taddr != NULL) {
2463 				if (mdb_vread(&t, sizeof (t), taddr) == -1) {
2464 					mdb_warn("failed to read kthread_t "
2465 					    "at %p", taddr);
2466 					return (WALK_ERR);
2467 				}
2468 				if (mdb_vread(&p, sizeof (p),
2469 				    (uintptr_t)t.t_procp) == -1) {
2470 					mdb_warn("failed to read proc_t at %p",
2471 					    t.t_procp);
2472 					return (WALK_ERR);
2473 				}
2474 
2475 				CPUINFO_INDENT;
2476 				mdb_printf("      %3d %0*p %s\n", t.t_pri,
2477 				    CPUINFO_TWIDTH, taddr, p.p_user.u_comm);
2478 
2479 				taddr = (uintptr_t)t.t_link;
2480 			}
2481 		}
2482 		cid->cid_print_head = TRUE;
2483 	}
2484 
2485 	while (flagline < nflaglines)
2486 		mdb_printf("%s\n", flagbuf[flagline++]);
2487 
2488 	if (cid->cid_print_head)
2489 		mdb_printf("\n");
2490 
2491 	return (rval);
2492 }
2493 
2494 int
2495 cpuinfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2496 {
2497 	uint_t verbose = FALSE;
2498 	cpuinfo_data_t cid;
2499 	GElf_Sym sym;
2500 	clock_t lbolt;
2501 
2502 	cid.cid_print_ithr = FALSE;
2503 	cid.cid_print_thr = FALSE;
2504 	cid.cid_print_flags = FALSE;
2505 	cid.cid_print_head = DCMD_HDRSPEC(flags) ? TRUE : FALSE;
2506 	cid.cid_cpu = -1;
2507 
2508 	if (flags & DCMD_ADDRSPEC)
2509 		cid.cid_cpu = addr;
2510 
2511 	if (mdb_getopts(argc, argv,
2512 	    'v', MDB_OPT_SETBITS, TRUE, &verbose, NULL) != argc)
2513 		return (DCMD_USAGE);
2514 
2515 	if (verbose) {
2516 		cid.cid_print_ithr = TRUE;
2517 		cid.cid_print_thr = TRUE;
2518 		cid.cid_print_flags = TRUE;
2519 		cid.cid_print_head = TRUE;
2520 	}
2521 
2522 	if (cid.cid_print_ithr) {
2523 		int i;
2524 
2525 		cid.cid_ithr = mdb_alloc(sizeof (uintptr_t **)
2526 		    * NCPU, UM_SLEEP | UM_GC);
2527 
2528 		for (i = 0; i < NCPU; i++)
2529 			cid.cid_ithr[i] = mdb_zalloc(sizeof (uintptr_t *) *
2530 			    NINTR, UM_SLEEP | UM_GC);
2531 
2532 		if (mdb_walk("thread", (mdb_walk_cb_t)cpuinfo_walk_ithread,
2533 		    &cid) == -1) {
2534 			mdb_warn("couldn't walk thread");
2535 			return (DCMD_ERR);
2536 		}
2537 	}
2538 
2539 	if (mdb_lookup_by_name("panic_lbolt", &sym) == -1) {
2540 		mdb_warn("failed to find panic_lbolt");
2541 		return (DCMD_ERR);
2542 	}
2543 
2544 	cid.cid_lbolt = (uintptr_t)sym.st_value;
2545 
2546 	if (mdb_vread(&lbolt, sizeof (lbolt), cid.cid_lbolt) == -1) {
2547 		mdb_warn("failed to read panic_lbolt");
2548 		return (DCMD_ERR);
2549 	}
2550 
2551 	if (lbolt == 0) {
2552 		if (mdb_lookup_by_name("lbolt", &sym) == -1) {
2553 			mdb_warn("failed to find lbolt");
2554 			return (DCMD_ERR);
2555 		}
2556 		cid.cid_lbolt = (uintptr_t)sym.st_value;
2557 	}
2558 
2559 	if (mdb_walk("cpu", (mdb_walk_cb_t)cpuinfo_walk_cpu, &cid) == -1) {
2560 		mdb_warn("can't walk cpus");
2561 		return (DCMD_ERR);
2562 	}
2563 
2564 	if (cid.cid_cpu != -1) {
2565 		/*
2566 		 * We didn't find this CPU when we walked through the CPUs
2567 		 * (i.e. the address specified doesn't show up in the "cpu"
2568 		 * walk).  However, the specified address may still correspond
2569 		 * to a valid cpu_t (for example, if the specified address is
2570 		 * the actual panicking cpu_t and not the cached panic_cpu).
2571 		 * Point is:  even if we didn't find it, we still want to try
2572 		 * to print the specified address as a cpu_t.
2573 		 */
2574 		cpu_t cpu;
2575 
2576 		if (mdb_vread(&cpu, sizeof (cpu), cid.cid_cpu) == -1) {
2577 			mdb_warn("%p is neither a valid CPU ID nor a "
2578 			    "valid cpu_t address\n", cid.cid_cpu);
2579 			return (DCMD_ERR);
2580 		}
2581 
2582 		(void) cpuinfo_walk_cpu(cid.cid_cpu, &cpu, &cid);
2583 	}
2584 
2585 	return (DCMD_OK);
2586 }
2587 
2588 /*ARGSUSED*/
2589 int
2590 flipone(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2591 {
2592 	int i;
2593 
2594 	if (!(flags & DCMD_ADDRSPEC))
2595 		return (DCMD_USAGE);
2596 
2597 	for (i = 0; i < sizeof (addr) * NBBY; i++)
2598 		mdb_printf("%p\n", addr ^ (1UL << i));
2599 
2600 	return (DCMD_OK);
2601 }
2602 
2603 /*
2604  * Grumble, grumble.
2605  */
2606 #define	SMAP_HASHFUNC(vp, off)	\
2607 	((((uintptr_t)(vp) >> 6) + ((uintptr_t)(vp) >> 3) + \
2608 	((off) >> MAXBSHIFT)) & smd_hashmsk)
2609 
2610 int
2611 vnode2smap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2612 {
2613 	long smd_hashmsk;
2614 	int hash;
2615 	uintptr_t offset = 0;
2616 	struct smap smp;
2617 	uintptr_t saddr, kaddr;
2618 	uintptr_t smd_hash, smd_smap;
2619 	struct seg seg;
2620 
2621 	if (!(flags & DCMD_ADDRSPEC))
2622 		return (DCMD_USAGE);
2623 
2624 	if (mdb_readvar(&smd_hashmsk, "smd_hashmsk") == -1) {
2625 		mdb_warn("failed to read smd_hashmsk");
2626 		return (DCMD_ERR);
2627 	}
2628 
2629 	if (mdb_readvar(&smd_hash, "smd_hash") == -1) {
2630 		mdb_warn("failed to read smd_hash");
2631 		return (DCMD_ERR);
2632 	}
2633 
2634 	if (mdb_readvar(&smd_smap, "smd_smap") == -1) {
2635 		mdb_warn("failed to read smd_hash");
2636 		return (DCMD_ERR);
2637 	}
2638 
2639 	if (mdb_readvar(&kaddr, "segkmap") == -1) {
2640 		mdb_warn("failed to read segkmap");
2641 		return (DCMD_ERR);
2642 	}
2643 
2644 	if (mdb_vread(&seg, sizeof (seg), kaddr) == -1) {
2645 		mdb_warn("failed to read segkmap at %p", kaddr);
2646 		return (DCMD_ERR);
2647 	}
2648 
2649 	if (argc != 0) {
2650 		const mdb_arg_t *arg = &argv[0];
2651 
2652 		if (arg->a_type == MDB_TYPE_IMMEDIATE)
2653 			offset = arg->a_un.a_val;
2654 		else
2655 			offset = (uintptr_t)mdb_strtoull(arg->a_un.a_str);
2656 	}
2657 
2658 	hash = SMAP_HASHFUNC(addr, offset);
2659 
2660 	if (mdb_vread(&saddr, sizeof (saddr),
2661 	    smd_hash + hash * sizeof (uintptr_t)) == -1) {
2662 		mdb_warn("couldn't read smap at %p",
2663 		    smd_hash + hash * sizeof (uintptr_t));
2664 		return (DCMD_ERR);
2665 	}
2666 
2667 	do {
2668 		if (mdb_vread(&smp, sizeof (smp), saddr) == -1) {
2669 			mdb_warn("couldn't read smap at %p", saddr);
2670 			return (DCMD_ERR);
2671 		}
2672 
2673 		if ((uintptr_t)smp.sm_vp == addr && smp.sm_off == offset) {
2674 			mdb_printf("vnode %p, offs %p is smap %p, vaddr %p\n",
2675 			    addr, offset, saddr, ((saddr - smd_smap) /
2676 			    sizeof (smp)) * MAXBSIZE + seg.s_base);
2677 			return (DCMD_OK);
2678 		}
2679 
2680 		saddr = (uintptr_t)smp.sm_hash;
2681 	} while (saddr != NULL);
2682 
2683 	mdb_printf("no smap for vnode %p, offs %p\n", addr, offset);
2684 	return (DCMD_OK);
2685 }
2686 
2687 /*ARGSUSED*/
2688 int
2689 addr2smap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2690 {
2691 	uintptr_t kaddr;
2692 	struct seg seg;
2693 	struct segmap_data sd;
2694 
2695 	if (!(flags & DCMD_ADDRSPEC))
2696 		return (DCMD_USAGE);
2697 
2698 	if (mdb_readvar(&kaddr, "segkmap") == -1) {
2699 		mdb_warn("failed to read segkmap");
2700 		return (DCMD_ERR);
2701 	}
2702 
2703 	if (mdb_vread(&seg, sizeof (seg), kaddr) == -1) {
2704 		mdb_warn("failed to read segkmap at %p", kaddr);
2705 		return (DCMD_ERR);
2706 	}
2707 
2708 	if (mdb_vread(&sd, sizeof (sd), (uintptr_t)seg.s_data) == -1) {
2709 		mdb_warn("failed to read segmap_data at %p", seg.s_data);
2710 		return (DCMD_ERR);
2711 	}
2712 
2713 	mdb_printf("%p is smap %p\n", addr,
2714 	    ((addr - (uintptr_t)seg.s_base) >> MAXBSHIFT) *
2715 	    sizeof (struct smap) + (uintptr_t)sd.smd_sm);
2716 
2717 	return (DCMD_OK);
2718 }
2719 
2720 int
2721 as2proc_walk(uintptr_t addr, const proc_t *p, struct as **asp)
2722 {
2723 	if (p->p_as == *asp)
2724 		mdb_printf("%p\n", addr);
2725 	return (WALK_NEXT);
2726 }
2727 
2728 /*ARGSUSED*/
2729 int
2730 as2proc(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2731 {
2732 	if (!(flags & DCMD_ADDRSPEC) || argc != 0)
2733 		return (DCMD_USAGE);
2734 
2735 	if (mdb_walk("proc", (mdb_walk_cb_t)as2proc_walk, &addr) == -1) {
2736 		mdb_warn("failed to walk proc");
2737 		return (DCMD_ERR);
2738 	}
2739 
2740 	return (DCMD_OK);
2741 }
2742 
2743 /*ARGSUSED*/
2744 int
2745 ptree_walk(uintptr_t addr, const proc_t *p, void *ignored)
2746 {
2747 	proc_t parent;
2748 	int ident = 0;
2749 	uintptr_t paddr;
2750 
2751 	for (paddr = (uintptr_t)p->p_parent; paddr != NULL; ident += 5) {
2752 		mdb_vread(&parent, sizeof (parent), paddr);
2753 		paddr = (uintptr_t)parent.p_parent;
2754 	}
2755 
2756 	mdb_inc_indent(ident);
2757 	mdb_printf("%0?p  %s\n", addr, p->p_user.u_comm);
2758 	mdb_dec_indent(ident);
2759 
2760 	return (WALK_NEXT);
2761 }
2762 
2763 void
2764 ptree_ancestors(uintptr_t addr, uintptr_t start)
2765 {
2766 	proc_t p;
2767 
2768 	if (mdb_vread(&p, sizeof (p), addr) == -1) {
2769 		mdb_warn("couldn't read ancestor at %p", addr);
2770 		return;
2771 	}
2772 
2773 	if (p.p_parent != NULL)
2774 		ptree_ancestors((uintptr_t)p.p_parent, start);
2775 
2776 	if (addr != start)
2777 		(void) ptree_walk(addr, &p, NULL);
2778 }
2779 
2780 /*ARGSUSED*/
2781 int
2782 ptree(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2783 {
2784 	if (!(flags & DCMD_ADDRSPEC))
2785 		addr = NULL;
2786 	else
2787 		ptree_ancestors(addr, addr);
2788 
2789 	if (mdb_pwalk("proc", (mdb_walk_cb_t)ptree_walk, NULL, addr) == -1) {
2790 		mdb_warn("couldn't walk 'proc'");
2791 		return (DCMD_ERR);
2792 	}
2793 
2794 	return (DCMD_OK);
2795 }
2796 
2797 /*ARGSUSED*/
2798 static int
2799 fd(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2800 {
2801 	int fdnum;
2802 	const mdb_arg_t *argp = &argv[0];
2803 	proc_t p;
2804 	uf_entry_t uf;
2805 
2806 	if ((flags & DCMD_ADDRSPEC) == 0) {
2807 		mdb_warn("fd doesn't give global information\n");
2808 		return (DCMD_ERR);
2809 	}
2810 	if (argc != 1)
2811 		return (DCMD_USAGE);
2812 
2813 	if (argp->a_type == MDB_TYPE_IMMEDIATE)
2814 		fdnum = argp->a_un.a_val;
2815 	else
2816 		fdnum = mdb_strtoull(argp->a_un.a_str);
2817 
2818 	if (mdb_vread(&p, sizeof (struct proc), addr) == -1) {
2819 		mdb_warn("couldn't read proc_t at %p", addr);
2820 		return (DCMD_ERR);
2821 	}
2822 	if (fdnum > p.p_user.u_finfo.fi_nfiles) {
2823 		mdb_warn("process %p only has %d files open.\n",
2824 		    addr, p.p_user.u_finfo.fi_nfiles);
2825 		return (DCMD_ERR);
2826 	}
2827 	if (mdb_vread(&uf, sizeof (uf_entry_t),
2828 	    (uintptr_t)&p.p_user.u_finfo.fi_list[fdnum]) == -1) {
2829 		mdb_warn("couldn't read uf_entry_t at %p",
2830 		    &p.p_user.u_finfo.fi_list[fdnum]);
2831 		return (DCMD_ERR);
2832 	}
2833 
2834 	mdb_printf("%p\n", uf.uf_file);
2835 	return (DCMD_OK);
2836 }
2837 
2838 /*ARGSUSED*/
2839 static int
2840 pid2proc(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2841 {
2842 	pid_t pid = (pid_t)addr;
2843 
2844 	if (argc != 0)
2845 		return (DCMD_USAGE);
2846 
2847 	if ((addr = mdb_pid2proc(pid, NULL)) == NULL) {
2848 		mdb_warn("PID 0t%d not found\n", pid);
2849 		return (DCMD_ERR);
2850 	}
2851 
2852 	mdb_printf("%p\n", addr);
2853 	return (DCMD_OK);
2854 }
2855 
2856 static char *sysfile_cmd[] = {
2857 	"exclude:",
2858 	"include:",
2859 	"forceload:",
2860 	"rootdev:",
2861 	"rootfs:",
2862 	"swapdev:",
2863 	"swapfs:",
2864 	"moddir:",
2865 	"set",
2866 	"unknown",
2867 };
2868 
2869 static char *sysfile_ops[] = { "", "=", "&", "|" };
2870 
2871 /*ARGSUSED*/
2872 static int
2873 sysfile_vmem_seg(uintptr_t addr, const vmem_seg_t *vsp, void **target)
2874 {
2875 	if (vsp->vs_type == VMEM_ALLOC && (void *)vsp->vs_start == *target) {
2876 		*target = NULL;
2877 		return (WALK_DONE);
2878 	}
2879 	return (WALK_NEXT);
2880 }
2881 
2882 /*ARGSUSED*/
2883 static int
2884 sysfile(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2885 {
2886 	struct sysparam *sysp, sys;
2887 	char var[256];
2888 	char modname[256];
2889 	char val[256];
2890 	char strval[256];
2891 	vmem_t *mod_sysfile_arena;
2892 	void *straddr;
2893 
2894 	if (mdb_readvar(&sysp, "sysparam_hd") == -1) {
2895 		mdb_warn("failed to read sysparam_hd");
2896 		return (DCMD_ERR);
2897 	}
2898 
2899 	if (mdb_readvar(&mod_sysfile_arena, "mod_sysfile_arena") == -1) {
2900 		mdb_warn("failed to read mod_sysfile_arena");
2901 		return (DCMD_ERR);
2902 	}
2903 
2904 	while (sysp != NULL) {
2905 		var[0] = '\0';
2906 		val[0] = '\0';
2907 		modname[0] = '\0';
2908 		if (mdb_vread(&sys, sizeof (sys), (uintptr_t)sysp) == -1) {
2909 			mdb_warn("couldn't read sysparam %p", sysp);
2910 			return (DCMD_ERR);
2911 		}
2912 		if (sys.sys_modnam != NULL &&
2913 		    mdb_readstr(modname, 256,
2914 		    (uintptr_t)sys.sys_modnam) == -1) {
2915 			mdb_warn("couldn't read modname in %p", sysp);
2916 			return (DCMD_ERR);
2917 		}
2918 		if (sys.sys_ptr != NULL &&
2919 		    mdb_readstr(var, 256, (uintptr_t)sys.sys_ptr) == -1) {
2920 			mdb_warn("couldn't read ptr in %p", sysp);
2921 			return (DCMD_ERR);
2922 		}
2923 		if (sys.sys_op != SETOP_NONE) {
2924 			/*
2925 			 * Is this an int or a string?  We determine this
2926 			 * by checking whether straddr is contained in
2927 			 * mod_sysfile_arena.  If so, the walker will set
2928 			 * straddr to NULL.
2929 			 */
2930 			straddr = (void *)(uintptr_t)sys.sys_info;
2931 			if (sys.sys_op == SETOP_ASSIGN &&
2932 			    sys.sys_info != 0 &&
2933 			    mdb_pwalk("vmem_seg",
2934 			    (mdb_walk_cb_t)sysfile_vmem_seg, &straddr,
2935 			    (uintptr_t)mod_sysfile_arena) == 0 &&
2936 			    straddr == NULL &&
2937 			    mdb_readstr(strval, 256,
2938 			    (uintptr_t)sys.sys_info) != -1) {
2939 				(void) mdb_snprintf(val, sizeof (val), "\"%s\"",
2940 				    strval);
2941 			} else {
2942 				(void) mdb_snprintf(val, sizeof (val),
2943 				    "0x%llx [0t%llu]", sys.sys_info,
2944 				    sys.sys_info);
2945 			}
2946 		}
2947 		mdb_printf("%s %s%s%s%s%s\n", sysfile_cmd[sys.sys_type],
2948 		    modname, modname[0] == '\0' ? "" : ":",
2949 		    var, sysfile_ops[sys.sys_op], val);
2950 
2951 		sysp = sys.sys_next;
2952 	}
2953 
2954 	return (DCMD_OK);
2955 }
2956 
2957 /*
2958  * Dump a taskq_ent_t given its address.
2959  */
2960 /*ARGSUSED*/
2961 int
2962 taskq_ent(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2963 {
2964 	taskq_ent_t	taskq_ent;
2965 	GElf_Sym	sym;
2966 	char		buf[MDB_SYM_NAMLEN+1];
2967 
2968 
2969 	if (!(flags & DCMD_ADDRSPEC)) {
2970 		mdb_warn("expected explicit taskq_ent_t address before ::\n");
2971 		return (DCMD_USAGE);
2972 	}
2973 
2974 	if (mdb_vread(&taskq_ent, sizeof (taskq_ent_t), addr) == -1) {
2975 		mdb_warn("failed to read taskq_ent_t at %p", addr);
2976 		return (DCMD_ERR);
2977 	}
2978 
2979 	if (DCMD_HDRSPEC(flags)) {
2980 		mdb_printf("%<u>%-?s    %-?s    %-s%</u>\n",
2981 		"ENTRY", "ARG", "FUNCTION");
2982 	}
2983 
2984 	if (mdb_lookup_by_addr((uintptr_t)taskq_ent.tqent_func, MDB_SYM_EXACT,
2985 	    buf, sizeof (buf), &sym) == -1) {
2986 		(void) strcpy(buf, "????");
2987 	}
2988 
2989 	mdb_printf("%-?p    %-?p    %s\n", addr, taskq_ent.tqent_arg, buf);
2990 
2991 	return (DCMD_OK);
2992 }
2993 
2994 /*
2995  * Given the address of the (taskq_t) task queue head, walk the queue listing
2996  * the address of every taskq_ent_t.
2997  */
2998 int
2999 taskq_walk_init(mdb_walk_state_t *wsp)
3000 {
3001 	taskq_t	tq_head;
3002 
3003 
3004 	if (wsp->walk_addr == NULL) {
3005 		mdb_warn("start address required\n");
3006 		return (WALK_ERR);
3007 	}
3008 
3009 
3010 	/*
3011 	 * Save the address of the list head entry.  This terminates the list.
3012 	 */
3013 	wsp->walk_data = (void *)
3014 	    ((size_t)wsp->walk_addr + offsetof(taskq_t, tq_task));
3015 
3016 
3017 	/*
3018 	 * Read in taskq head, set walk_addr to point to first taskq_ent_t.
3019 	 */
3020 	if (mdb_vread((void *)&tq_head, sizeof (taskq_t), wsp->walk_addr) ==
3021 	    -1) {
3022 		mdb_warn("failed to read taskq list head at %p",
3023 		    wsp->walk_addr);
3024 	}
3025 	wsp->walk_addr = (uintptr_t)tq_head.tq_task.tqent_next;
3026 
3027 
3028 	/*
3029 	 * Check for null list (next=head)
3030 	 */
3031 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data) {
3032 		return (WALK_DONE);
3033 	}
3034 
3035 	return (WALK_NEXT);
3036 }
3037 
3038 
3039 int
3040 taskq_walk_step(mdb_walk_state_t *wsp)
3041 {
3042 	taskq_ent_t	tq_ent;
3043 	int		status;
3044 
3045 
3046 	if (mdb_vread((void *)&tq_ent, sizeof (taskq_ent_t), wsp->walk_addr) ==
3047 	    -1) {
3048 		mdb_warn("failed to read taskq_ent_t at %p", wsp->walk_addr);
3049 		return (DCMD_ERR);
3050 	}
3051 
3052 	status = wsp->walk_callback(wsp->walk_addr, (void *)&tq_ent,
3053 	    wsp->walk_cbdata);
3054 
3055 	wsp->walk_addr = (uintptr_t)tq_ent.tqent_next;
3056 
3057 
3058 	/* Check if we're at the last element (next=head) */
3059 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data) {
3060 		return (WALK_DONE);
3061 	}
3062 
3063 	return (status);
3064 }
3065 
3066 int
3067 didmatch(uintptr_t addr, const kthread_t *thr, kt_did_t *didp)
3068 {
3069 
3070 	if (*didp == thr->t_did) {
3071 		mdb_printf("%p\n", addr);
3072 		return (WALK_DONE);
3073 	} else
3074 		return (WALK_NEXT);
3075 }
3076 
3077 /*ARGSUSED*/
3078 int
3079 did2thread(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3080 {
3081 	const mdb_arg_t *argp = &argv[0];
3082 	kt_did_t	did;
3083 
3084 	if (argc != 1)
3085 		return (DCMD_USAGE);
3086 
3087 	did = (kt_did_t)mdb_strtoull(argp->a_un.a_str);
3088 
3089 	if (mdb_walk("thread", (mdb_walk_cb_t)didmatch, (void *)&did) == -1) {
3090 		mdb_warn("failed to walk thread");
3091 		return (DCMD_ERR);
3092 
3093 	}
3094 	return (DCMD_OK);
3095 
3096 }
3097 
3098 static int
3099 errorq_walk_init(mdb_walk_state_t *wsp)
3100 {
3101 	if (wsp->walk_addr == NULL &&
3102 	    mdb_readvar(&wsp->walk_addr, "errorq_list") == -1) {
3103 		mdb_warn("failed to read errorq_list");
3104 		return (WALK_ERR);
3105 	}
3106 
3107 	return (WALK_NEXT);
3108 }
3109 
3110 static int
3111 errorq_walk_step(mdb_walk_state_t *wsp)
3112 {
3113 	uintptr_t addr = wsp->walk_addr;
3114 	errorq_t eq;
3115 
3116 	if (addr == NULL)
3117 		return (WALK_DONE);
3118 
3119 	if (mdb_vread(&eq, sizeof (eq), addr) == -1) {
3120 		mdb_warn("failed to read errorq at %p", addr);
3121 		return (WALK_ERR);
3122 	}
3123 
3124 	wsp->walk_addr = (uintptr_t)eq.eq_next;
3125 	return (wsp->walk_callback(addr, &eq, wsp->walk_cbdata));
3126 }
3127 
3128 typedef struct eqd_walk_data {
3129 	uintptr_t *eqd_stack;
3130 	void *eqd_buf;
3131 	ulong_t eqd_qpos;
3132 	ulong_t eqd_qlen;
3133 	size_t eqd_size;
3134 } eqd_walk_data_t;
3135 
3136 /*
3137  * In order to walk the list of pending error queue elements, we push the
3138  * addresses of the corresponding data buffers in to the eqd_stack array.
3139  * The error lists are in reverse chronological order when iterating using
3140  * eqe_prev, so we then pop things off the top in eqd_walk_step so that the
3141  * walker client gets addresses in order from oldest error to newest error.
3142  */
3143 static void
3144 eqd_push_list(eqd_walk_data_t *eqdp, uintptr_t addr)
3145 {
3146 	errorq_elem_t eqe;
3147 
3148 	while (addr != NULL) {
3149 		if (mdb_vread(&eqe, sizeof (eqe), addr) != sizeof (eqe)) {
3150 			mdb_warn("failed to read errorq element at %p", addr);
3151 			break;
3152 		}
3153 
3154 		if (eqdp->eqd_qpos == eqdp->eqd_qlen) {
3155 			mdb_warn("errorq is overfull -- more than %lu "
3156 			    "elems found\n", eqdp->eqd_qlen);
3157 			break;
3158 		}
3159 
3160 		eqdp->eqd_stack[eqdp->eqd_qpos++] = (uintptr_t)eqe.eqe_data;
3161 		addr = (uintptr_t)eqe.eqe_prev;
3162 	}
3163 }
3164 
3165 static int
3166 eqd_walk_init(mdb_walk_state_t *wsp)
3167 {
3168 	eqd_walk_data_t *eqdp;
3169 	errorq_elem_t eqe, *addr;
3170 	errorq_t eq;
3171 	ulong_t i;
3172 
3173 	if (mdb_vread(&eq, sizeof (eq), wsp->walk_addr) == -1) {
3174 		mdb_warn("failed to read errorq at %p", wsp->walk_addr);
3175 		return (WALK_ERR);
3176 	}
3177 
3178 	if (eq.eq_ptail != NULL &&
3179 	    mdb_vread(&eqe, sizeof (eqe), (uintptr_t)eq.eq_ptail) == -1) {
3180 		mdb_warn("failed to read errorq element at %p", eq.eq_ptail);
3181 		return (WALK_ERR);
3182 	}
3183 
3184 	eqdp = mdb_alloc(sizeof (eqd_walk_data_t), UM_SLEEP);
3185 	wsp->walk_data = eqdp;
3186 
3187 	eqdp->eqd_stack = mdb_zalloc(sizeof (uintptr_t) * eq.eq_qlen, UM_SLEEP);
3188 	eqdp->eqd_buf = mdb_alloc(eq.eq_size, UM_SLEEP);
3189 	eqdp->eqd_qlen = eq.eq_qlen;
3190 	eqdp->eqd_qpos = 0;
3191 	eqdp->eqd_size = eq.eq_size;
3192 
3193 	/*
3194 	 * The newest elements in the queue are on the pending list, so we
3195 	 * push those on to our stack first.
3196 	 */
3197 	eqd_push_list(eqdp, (uintptr_t)eq.eq_pend);
3198 
3199 	/*
3200 	 * If eq_ptail is set, it may point to a subset of the errors on the
3201 	 * pending list in the event a casptr() failed; if ptail's data is
3202 	 * already in our stack, NULL out eq_ptail and ignore it.
3203 	 */
3204 	if (eq.eq_ptail != NULL) {
3205 		for (i = 0; i < eqdp->eqd_qpos; i++) {
3206 			if (eqdp->eqd_stack[i] == (uintptr_t)eqe.eqe_data) {
3207 				eq.eq_ptail = NULL;
3208 				break;
3209 			}
3210 		}
3211 	}
3212 
3213 	/*
3214 	 * If eq_phead is set, it has the processing list in order from oldest
3215 	 * to newest.  Use this to recompute eq_ptail as best we can and then
3216 	 * we nicely fall into eqd_push_list() of eq_ptail below.
3217 	 */
3218 	for (addr = eq.eq_phead; addr != NULL && mdb_vread(&eqe, sizeof (eqe),
3219 	    (uintptr_t)addr) == sizeof (eqe); addr = eqe.eqe_next)
3220 		eq.eq_ptail = addr;
3221 
3222 	/*
3223 	 * The oldest elements in the queue are on the processing list, subject
3224 	 * to machinations in the if-clauses above.  Push any such elements.
3225 	 */
3226 	eqd_push_list(eqdp, (uintptr_t)eq.eq_ptail);
3227 	return (WALK_NEXT);
3228 }
3229 
3230 static int
3231 eqd_walk_step(mdb_walk_state_t *wsp)
3232 {
3233 	eqd_walk_data_t *eqdp = wsp->walk_data;
3234 	uintptr_t addr;
3235 
3236 	if (eqdp->eqd_qpos == 0)
3237 		return (WALK_DONE);
3238 
3239 	addr = eqdp->eqd_stack[--eqdp->eqd_qpos];
3240 
3241 	if (mdb_vread(eqdp->eqd_buf, eqdp->eqd_size, addr) != eqdp->eqd_size) {
3242 		mdb_warn("failed to read errorq data at %p", addr);
3243 		return (WALK_ERR);
3244 	}
3245 
3246 	return (wsp->walk_callback(addr, eqdp->eqd_buf, wsp->walk_cbdata));
3247 }
3248 
3249 static void
3250 eqd_walk_fini(mdb_walk_state_t *wsp)
3251 {
3252 	eqd_walk_data_t *eqdp = wsp->walk_data;
3253 
3254 	mdb_free(eqdp->eqd_stack, sizeof (uintptr_t) * eqdp->eqd_qlen);
3255 	mdb_free(eqdp->eqd_buf, eqdp->eqd_size);
3256 	mdb_free(eqdp, sizeof (eqd_walk_data_t));
3257 }
3258 
3259 #define	EQKSVAL(eqv, what) (eqv.eq_kstat.what.value.ui64)
3260 
3261 static int
3262 errorq(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3263 {
3264 	int i;
3265 	errorq_t eq;
3266 	uint_t opt_v = FALSE;
3267 
3268 	if (!(flags & DCMD_ADDRSPEC)) {
3269 		if (mdb_walk_dcmd("errorq", "errorq", argc, argv) == -1) {
3270 			mdb_warn("can't walk 'errorq'");
3271 			return (DCMD_ERR);
3272 		}
3273 		return (DCMD_OK);
3274 	}
3275 
3276 	i = mdb_getopts(argc, argv, 'v', MDB_OPT_SETBITS, TRUE, &opt_v, NULL);
3277 	argc -= i;
3278 	argv += i;
3279 
3280 	if (argc != 0)
3281 		return (DCMD_USAGE);
3282 
3283 	if (opt_v || DCMD_HDRSPEC(flags)) {
3284 		mdb_printf("%<u>%-11s %-16s %1s %1s %1s ",
3285 		    "ADDR", "NAME", "S", "V", "N");
3286 		if (!opt_v) {
3287 			mdb_printf("%7s %7s %7s%</u>\n",
3288 			    "ACCEPT", "DROP", "LOG");
3289 		} else {
3290 			mdb_printf("%5s %6s %6s %3s %16s%</u>\n",
3291 			    "KSTAT", "QLEN", "SIZE", "IPL", "FUNC");
3292 		}
3293 	}
3294 
3295 	if (mdb_vread(&eq, sizeof (eq), addr) != sizeof (eq)) {
3296 		mdb_warn("failed to read errorq at %p", addr);
3297 		return (DCMD_ERR);
3298 	}
3299 
3300 	mdb_printf("%-11p %-16s %c %c %c ", addr, eq.eq_name,
3301 	    (eq.eq_flags & ERRORQ_ACTIVE) ? '+' : '-',
3302 	    (eq.eq_flags & ERRORQ_VITAL) ? '!' : ' ',
3303 	    (eq.eq_flags & ERRORQ_NVLIST) ? '*' : ' ');
3304 
3305 	if (!opt_v) {
3306 		mdb_printf("%7llu %7llu %7llu\n",
3307 		    EQKSVAL(eq, eqk_dispatched) + EQKSVAL(eq, eqk_committed),
3308 		    EQKSVAL(eq, eqk_dropped) + EQKSVAL(eq, eqk_reserve_fail) +
3309 		    EQKSVAL(eq, eqk_commit_fail), EQKSVAL(eq, eqk_logged));
3310 	} else {
3311 		mdb_printf("%5s %6lu %6lu %3u %a\n",
3312 		    "  |  ", eq.eq_qlen, eq.eq_size, eq.eq_ipl, eq.eq_func);
3313 		mdb_printf("%38s\n%41s"
3314 		    "%12s %llu\n"
3315 		    "%53s %llu\n"
3316 		    "%53s %llu\n"
3317 		    "%53s %llu\n"
3318 		    "%53s %llu\n"
3319 		    "%53s %llu\n"
3320 		    "%53s %llu\n"
3321 		    "%53s %llu\n\n",
3322 		    "|", "+-> ",
3323 		    "DISPATCHED",	EQKSVAL(eq, eqk_dispatched),
3324 		    "DROPPED",		EQKSVAL(eq, eqk_dropped),
3325 		    "LOGGED",		EQKSVAL(eq, eqk_logged),
3326 		    "RESERVED",		EQKSVAL(eq, eqk_reserved),
3327 		    "RESERVE FAIL",	EQKSVAL(eq, eqk_reserve_fail),
3328 		    "COMMITTED",	EQKSVAL(eq, eqk_committed),
3329 		    "COMMIT FAIL",	EQKSVAL(eq, eqk_commit_fail),
3330 		    "CANCELLED",	EQKSVAL(eq, eqk_cancelled));
3331 	}
3332 
3333 	return (DCMD_OK);
3334 }
3335 
3336 /*ARGSUSED*/
3337 static int
3338 panicinfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3339 {
3340 	cpu_t panic_cpu;
3341 	kthread_t *panic_thread;
3342 	void *panicbuf;
3343 	panic_data_t *pd;
3344 	int i, n;
3345 
3346 	if (!mdb_prop_postmortem) {
3347 		mdb_warn("panicinfo can only be run on a system "
3348 		    "dump; see dumpadm(1M)\n");
3349 		return (DCMD_ERR);
3350 	}
3351 
3352 	if (flags & DCMD_ADDRSPEC || argc != 0)
3353 		return (DCMD_USAGE);
3354 
3355 	if (mdb_readsym(&panic_cpu, sizeof (cpu_t), "panic_cpu") == -1)
3356 		mdb_warn("failed to read 'panic_cpu'");
3357 	else
3358 		mdb_printf("%16s %?d\n", "cpu", panic_cpu.cpu_id);
3359 
3360 	if (mdb_readvar(&panic_thread, "panic_thread") == -1)
3361 		mdb_warn("failed to read 'panic_thread'");
3362 	else
3363 		mdb_printf("%16s %?p\n", "thread", panic_thread);
3364 
3365 	panicbuf = mdb_alloc(PANICBUFSIZE, UM_SLEEP);
3366 	pd = (panic_data_t *)panicbuf;
3367 
3368 	if (mdb_readsym(panicbuf, PANICBUFSIZE, "panicbuf") == -1 ||
3369 	    pd->pd_version != PANICBUFVERS) {
3370 		mdb_warn("failed to read 'panicbuf'");
3371 		mdb_free(panicbuf, PANICBUFSIZE);
3372 		return (DCMD_ERR);
3373 	}
3374 
3375 	mdb_printf("%16s %s\n", "message",  (char *)panicbuf + pd->pd_msgoff);
3376 
3377 	n = (pd->pd_msgoff - (sizeof (panic_data_t) -
3378 	    sizeof (panic_nv_t))) / sizeof (panic_nv_t);
3379 
3380 	for (i = 0; i < n; i++)
3381 		mdb_printf("%16s %?llx\n",
3382 		    pd->pd_nvdata[i].pnv_name, pd->pd_nvdata[i].pnv_value);
3383 
3384 	mdb_free(panicbuf, PANICBUFSIZE);
3385 	return (DCMD_OK);
3386 }
3387 
3388 static const mdb_dcmd_t dcmds[] = {
3389 
3390 	/* from genunix.c */
3391 	{ "addr2smap", ":[offset]", "translate address to smap", addr2smap },
3392 	{ "as2proc", ":", "convert as to proc_t address", as2proc },
3393 	{ "binding_hash_entry", ":", "print driver names hash table entry",
3394 		binding_hash_entry },
3395 	{ "callout", NULL, "print callout table", callout },
3396 	{ "class", NULL, "print process scheduler classes", class },
3397 	{ "cpuinfo", "?[-v]", "print CPUs and runnable threads", cpuinfo },
3398 	{ "did2thread", "? kt_did", "find kernel thread for this id",
3399 		did2thread },
3400 	{ "errorq", "?[-v]", "display kernel error queues", errorq },
3401 	{ "fd", ":[fd num]", "get a file pointer from an fd", fd },
3402 	{ "flipone", ":", "the vik_rev_level 2 special", flipone },
3403 	{ "lminfo", NULL, "print lock manager information", lminfo },
3404 	{ "ndi_event_hdl", "?", "print ndi_event_hdl", ndi_event_hdl },
3405 	{ "panicinfo", NULL, "print panic information", panicinfo },
3406 	{ "pid2proc", "?", "convert PID to proc_t address", pid2proc },
3407 	{ "pmap", ":[-q]", "print process memory map", pmap },
3408 	{ "project", NULL, "display kernel project(s)", project },
3409 	{ "ps", "[-fltzTP]", "list processes (and associated thr,lwp)", ps },
3410 	{ "pgrep", "[-n | -o] pattern", "pattern match against all processes",
3411 		pgrep },
3412 	{ "ptree", NULL, "print process tree", ptree },
3413 	{ "seg", ":", "print address space segment", seg },
3414 	{ "sysevent", "?[-sv]", "print sysevent pending or sent queue",
3415 		sysevent},
3416 	{ "sysevent_channel", "?", "print sysevent channel database",
3417 		sysevent_channel},
3418 	{ "sysevent_class_list", ":", "print sysevent class list",
3419 		sysevent_class_list},
3420 	{ "sysevent_subclass_list", ":",
3421 		"print sysevent subclass list", sysevent_subclass_list},
3422 	{ "system", NULL, "print contents of /etc/system file", sysfile },
3423 	{ "task", NULL, "display kernel task(s)", task },
3424 	{ "taskq_entry", ":", "display a taskq_ent_t", taskq_ent },
3425 	{ "vnode2path", ":[-F]", "vnode address to pathname", vnode2path },
3426 	{ "vnode2smap", ":[offset]", "translate vnode to smap", vnode2smap },
3427 	{ "whereopen", ":", "given a vnode, dumps procs which have it open",
3428 	    whereopen },
3429 
3430 	/* from zone.c */
3431 	{ "zone", "?", "display kernel zone(s)", zoneprt },
3432 	{ "zsd", ":[zsd key]", "lookup zsd value from a key", zsd },
3433 
3434 	/* from bio.c */
3435 	{ "bufpagefind", ":addr", "find page_t on buf_t list", bufpagefind },
3436 
3437 	/* from contract.c */
3438 	{ "contract", "?", "display a contract", cmd_contract },
3439 	{ "ctevent", ":", "display a contract event", cmd_ctevent },
3440 	{ "ctid", ":", "convert id to a contract pointer", cmd_ctid },
3441 
3442 	/* from cpupart.c */
3443 	{ "cpupart", "?[-v]", "print cpu partition info", cpupart },
3444 
3445 	/* from cyclic.c */
3446 	{ "cyccover", NULL, "dump cyclic coverage information", cyccover },
3447 	{ "cycid", "?", "dump a cyclic id", cycid },
3448 	{ "cycinfo", "?", "dump cyc_cpu info", cycinfo },
3449 	{ "cyclic", ":", "developer information", cyclic },
3450 	{ "cyctrace", "?", "dump cyclic trace buffer", cyctrace },
3451 
3452 	/* from devinfo.c */
3453 	{ "devbindings", "?[-qs] [device-name | major-num]",
3454 	    "print devinfo nodes bound to device-name or major-num",
3455 	    devbindings, devinfo_help },
3456 	{ "devinfo", ":[-qs]", "detailed devinfo of one node", devinfo,
3457 	    devinfo_help },
3458 	{ "devinfo_audit", ":[-v]", "devinfo configuration audit record",
3459 	    devinfo_audit },
3460 	{ "devinfo_audit_log", "?[-v]", "system wide devinfo configuration log",
3461 	    devinfo_audit_log },
3462 	{ "devinfo_audit_node", ":[-v]", "devinfo node configuration history",
3463 	    devinfo_audit_node },
3464 	{ "devinfo2driver", ":", "find driver name for this devinfo node",
3465 	    devinfo2driver },
3466 	{ "devnames", "?[-vm] [num]", "print devnames array", devnames },
3467 	{ "dev2major", "?<dev_t>", "convert dev_t to a major number",
3468 	    dev2major },
3469 	{ "dev2minor", "?<dev_t>", "convert dev_t to a minor number",
3470 	    dev2minor },
3471 	{ "devt", "?<dev_t>", "display a dev_t's major and minor numbers",
3472 	    devt },
3473 	{ "major2name", "?<major-num>", "convert major number to dev name",
3474 	    major2name },
3475 	{ "minornodes", ":", "given a devinfo node, print its minor nodes",
3476 	    minornodes },
3477 	{ "modctl2devinfo", ":", "given a modctl, list its devinfos",
3478 	    modctl2devinfo },
3479 	{ "name2major", "<dev-name>", "convert dev name to major number",
3480 	    name2major },
3481 	{ "prtconf", "?[-vpc]", "print devinfo tree", prtconf, prtconf_help },
3482 	{ "softstate", ":<instance>", "retrieve soft-state pointer",
3483 	    softstate },
3484 	{ "devinfo_fm", ":", "devinfo fault managment configuration",
3485 	    devinfo_fm },
3486 	{ "devinfo_fmce", ":", "devinfo fault managment cache entry",
3487 	    devinfo_fmce},
3488 
3489 	/* from findstack.c */
3490 	{ "findstack", ":[-v]", "find kernel thread stack", findstack },
3491 	{ "findstack_debug", NULL, "toggle findstack debugging",
3492 		findstack_debug },
3493 
3494 	/* from kgrep.c + genunix.c */
3495 	{ "kgrep", KGREP_USAGE, "search kernel as for a pointer", kgrep },
3496 
3497 	/* from kmem.c */
3498 	{ "allocdby", ":", "given a thread, print its allocated buffers",
3499 		allocdby },
3500 	{ "bufctl", ":[-vh] [-a addr] [-c caller] [-e earliest] [-l latest] "
3501 		"[-t thd]", "print or filter a bufctl", bufctl, bufctl_help },
3502 	{ "freedby", ":", "given a thread, print its freed buffers", freedby },
3503 	{ "kmalog", "?[ fail | slab ]",
3504 	    "display kmem transaction log and stack traces", kmalog },
3505 	{ "kmastat", NULL, "kernel memory allocator stats", kmastat },
3506 	{ "kmausers", "?[-ef] [cache ...]", "current medium and large users "
3507 		"of the kmem allocator", kmausers, kmausers_help },
3508 	{ "kmem_cache", "?", "print kernel memory caches", kmem_cache },
3509 	{ "kmem_debug", NULL, "toggle kmem dcmd/walk debugging", kmem_debug },
3510 	{ "kmem_log", "?[-b]", "dump kmem transaction log", kmem_log },
3511 	{ "kmem_verify", "?", "check integrity of kmem-managed memory",
3512 		kmem_verify },
3513 	{ "vmem", "?", "print a vmem_t", vmem },
3514 	{ "vmem_seg", ":[-sv] [-c caller] [-e earliest] [-l latest] "
3515 		"[-m minsize] [-M maxsize] [-t thread] [-T type]",
3516 		"print or filter a vmem_seg", vmem_seg, vmem_seg_help },
3517 	{ "whatis", ":[-abiv]", "given an address, return information", whatis,
3518 		whatis_help },
3519 	{ "whatthread", ":[-v]", "print threads whose stack contains the "
3520 		"given address", whatthread },
3521 
3522 	/* from ldi.c */
3523 	{ "ldi_handle", "?[-i]", "display a layered driver handle",
3524 	    ldi_handle, ldi_handle_help },
3525 	{ "ldi_ident", NULL, "display a layered driver identifier",
3526 	    ldi_ident, ldi_ident_help },
3527 
3528 	/* from leaky.c + leaky_subr.c */
3529 	{ "findleaks", FINDLEAKS_USAGE,
3530 	    "search for potential kernel memory leaks", findleaks,
3531 	    findleaks_help },
3532 
3533 	/* from lgrp.c */
3534 	{ "lgrp", "?[-q] [-p | -Pih]", "display an lgrp", lgrp},
3535 
3536 	/* from log.c */
3537 	{ "msgbuf", "?[-v]", "print most recent console messages", msgbuf },
3538 
3539 	/* from memory.c */
3540 	{ "page", "?", "display a summarized page_t", page },
3541 	{ "memstat", NULL, "display memory usage summary", memstat },
3542 	{ "memlist", "?[-iav]", "display a struct memlist", memlist },
3543 	{ "swapinfo", "?", "display a struct swapinfo", swapinfof },
3544 
3545 	/* from mmd.c */
3546 	{ "multidata", ":[-sv]", "display a summarized multidata_t",
3547 		multidata },
3548 	{ "pattbl", ":", "display a summarized multidata attribute table",
3549 		pattbl },
3550 	{ "pattr2multidata", ":", "print multidata pointer from pattr_t",
3551 		pattr2multidata },
3552 	{ "pdesc2slab", ":", "print pdesc slab pointer from pdesc_t",
3553 		pdesc2slab },
3554 	{ "pdesc_verify", ":", "verify integrity of a pdesc_t", pdesc_verify },
3555 	{ "slab2multidata", ":", "print multidata pointer from pdesc_slab_t",
3556 		slab2multidata },
3557 
3558 	/* from modhash.c */
3559 	{ "modhash", "?[-ceht] [-k key] [-v val] [-i index]",
3560 		"display information about one or all mod_hash structures",
3561 		modhash, modhash_help },
3562 	{ "modent", ":[-k | -v | -t type]",
3563 		"display information about a mod_hash_entry", modent,
3564 		modent_help },
3565 
3566 	/* from net.c */
3567 	{ "mi", ":[-p] [-d | -m]", "filter and display MI object or payload",
3568 		mi },
3569 	{ "netstat", "[-av] [-f inet | inet6 | unix] [-P tcp | udp]",
3570 		"show network statistics", netstat },
3571 	{ "sonode", "?[-f inet | inet6 | unix | #] "
3572 		"[-t stream | dgram | raw | #] [-p #]",
3573 		"filter and display sonode", sonode },
3574 
3575 	/* from nvpair.c */
3576 	{ NVPAIR_DCMD_NAME, NVPAIR_DCMD_USAGE, NVPAIR_DCMD_DESCR,
3577 		nvpair_print },
3578 
3579 	/* from rctl.c */
3580 	{ "rctl_dict", "?", "print systemwide default rctl definitions",
3581 		rctl_dict },
3582 	{ "rctl_list", ":[handle]", "print rctls for the given proc",
3583 		rctl_list },
3584 	{ "rctl", ":[handle]", "print a rctl_t, only if it matches the handle",
3585 		rctl },
3586 	{ "rctl_validate", ":[-v] [-n #]", "test resource control value "
3587 		"sequence", rctl_validate },
3588 
3589 	/* from sobj.c */
3590 	{ "rwlock", ":", "dump out a readers/writer lock", rwlock },
3591 	{ "mutex", ":[-f]", "dump out an adaptive or spin mutex", mutex,
3592 		mutex_help },
3593 	{ "sobj2ts", ":", "perform turnstile lookup on synch object", sobj2ts },
3594 	{ "wchaninfo", "?[-v]", "dump condition variable", wchaninfo },
3595 	{ "turnstile", "?", "display a turnstile", turnstile },
3596 
3597 	/* from stream.c */
3598 	{ "mblk", ":[-q|v] [-f|F flag] [-t|T type] [-l|L|B len] [-d dbaddr]",
3599 		"print an mblk", mblk_prt, mblk_help },
3600 	{ "mblk_verify", "?", "verify integrity of an mblk", mblk_verify },
3601 	{ "mblk2dblk", ":", "convert mblk_t address to dblk_t address",
3602 		mblk2dblk },
3603 	{ "q2otherq", ":", "print peer queue for a given queue", q2otherq },
3604 	{ "q2rdq", ":", "print read queue for a given queue", q2rdq },
3605 	{ "q2syncq", ":", "print syncq for a given queue", q2syncq },
3606 	{ "q2stream", ":", "print stream pointer for a given queue", q2stream },
3607 	{ "q2wrq", ":", "print write queue for a given queue", q2wrq },
3608 	{ "queue", ":[-q|v] [-m mod] [-f flag] [-F flag] [-s syncq_addr]",
3609 		"filter and display STREAM queue", queue, queue_help },
3610 	{ "stdata", ":[-q|v] [-f flag] [-F flag]",
3611 		"filter and display STREAM head", stdata, stdata_help },
3612 	{ "str2mate", ":", "print mate of this stream", str2mate },
3613 	{ "str2wrq", ":", "print write queue of this stream", str2wrq },
3614 	{ "stream", ":", "display STREAM", stream },
3615 	{ "strftevent", ":", "print STREAMS flow trace event", strftevent },
3616 	{ "syncq", ":[-q|v] [-f flag] [-F flag] [-t type] [-T type]",
3617 		"filter and display STREAM sync queue", syncq, syncq_help },
3618 	{ "syncq2q", ":", "print queue for a given syncq", syncq2q },
3619 
3620 	/* from thread.c */
3621 	{ "thread", "?[-bdfimps]", "display a summarized kthread_t", thread,
3622 		thread_help },
3623 	{ "threadlist", "?[-v [count]]",
3624 		"display threads and associated C stack traces", threadlist,
3625 		threadlist_help },
3626 
3627 	/* from tsd.c */
3628 	{ "tsd", ":-k key", "print tsd[key-1] for this thread", ttotsd },
3629 	{ "tsdtot", ":", "find thread with this tsd", tsdtot },
3630 
3631 	/*
3632 	 * typegraph does not work under kmdb, as it requires too much memory
3633 	 * for its internal data structures.
3634 	 */
3635 #ifndef _KMDB
3636 	/* from typegraph.c */
3637 	{ "findlocks", ":", "find locks held by specified thread", findlocks },
3638 	{ "findfalse", "?[-v]", "find potentially falsely shared structures",
3639 		findfalse },
3640 	{ "typegraph", NULL, "build type graph", typegraph },
3641 	{ "istype", ":type", "manually set object type", istype },
3642 	{ "notype", ":", "manually clear object type", notype },
3643 	{ "whattype", ":", "determine object type", whattype },
3644 #endif
3645 
3646 	/* from vfs.c */
3647 	{ "fsinfo", "?[-v]", "print mounted filesystems", fsinfo },
3648 	{ "pfiles", ":[-fp]", "print process file information", pfiles,
3649 		pfiles_help },
3650 
3651 	{ NULL }
3652 };
3653 
3654 static const mdb_walker_t walkers[] = {
3655 
3656 	/* from genunix.c */
3657 	{ "avl", "given any avl_tree_t *, forward walk all entries in tree",
3658 		avl_walk_init, avl_walk_step, avl_walk_fini },
3659 	{ "anon", "given an amp, list of anon structures",
3660 		anon_walk_init, anon_walk_step, anon_walk_fini },
3661 	{ "cpu", "walk cpu structures", cpu_walk_init, cpu_walk_step },
3662 	{ "errorq", "walk list of system error queues",
3663 		errorq_walk_init, errorq_walk_step, NULL },
3664 	{ "errorq_data", "walk pending error queue data buffers",
3665 		eqd_walk_init, eqd_walk_step, eqd_walk_fini },
3666 	{ "allfile", "given a proc pointer, list all file pointers",
3667 		file_walk_init, allfile_walk_step, file_walk_fini },
3668 	{ "file", "given a proc pointer, list of open file pointers",
3669 		file_walk_init, file_walk_step, file_walk_fini },
3670 	{ "lock_descriptor", "walk lock_descriptor_t structures",
3671 		ld_walk_init, ld_walk_step, NULL },
3672 	{ "lock_graph", "walk lock graph",
3673 		lg_walk_init, lg_walk_step, NULL },
3674 	{ "port", "given a proc pointer, list of created event ports",
3675 		port_walk_init, port_walk_step, NULL },
3676 	{ "portev", "given a port pointer, list of events in the queue",
3677 		portev_walk_init, portev_walk_step, portev_walk_fini },
3678 	{ "proc", "list of active proc_t structures",
3679 		proc_walk_init, proc_walk_step, proc_walk_fini },
3680 	{ "projects", "walk a list of kernel projects",
3681 		project_walk_init, project_walk_step, NULL },
3682 	{ "seg", "given an as, list of segments",
3683 		seg_walk_init, avl_walk_step, avl_walk_fini },
3684 	{ "sysevent_pend", "walk sysevent pending queue",
3685 		sysevent_pend_walk_init, sysevent_walk_step,
3686 		sysevent_walk_fini},
3687 	{ "sysevent_sent", "walk sysevent sent queue", sysevent_sent_walk_init,
3688 		sysevent_walk_step, sysevent_walk_fini},
3689 	{ "sysevent_channel", "walk sysevent channel subscriptions",
3690 		sysevent_channel_walk_init, sysevent_channel_walk_step,
3691 		sysevent_channel_walk_fini},
3692 	{ "sysevent_class_list", "walk sysevent subscription's class list",
3693 		sysevent_class_list_walk_init, sysevent_class_list_walk_step,
3694 		sysevent_class_list_walk_fini},
3695 	{ "sysevent_subclass_list",
3696 		"walk sysevent subscription's subclass list",
3697 		sysevent_subclass_list_walk_init,
3698 		sysevent_subclass_list_walk_step,
3699 		sysevent_subclass_list_walk_fini},
3700 	{ "task", "given a task pointer, walk its processes",
3701 		task_walk_init, task_walk_step, NULL },
3702 	{ "taskq_entry", "given a taskq_t*, list all taskq_ent_t in the list",
3703 		taskq_walk_init, taskq_walk_step, NULL, NULL },
3704 
3705 	/* from zone.c */
3706 	{ "zone", "walk a list of kernel zones",
3707 		zone_walk_init, zone_walk_step, NULL },
3708 	{ "zsd", "walk list of zsd entries for a zone",
3709 		zsd_walk_init, zsd_walk_step, NULL },
3710 
3711 	/* from bio.c */
3712 	{ "buf", "walk the bio buf hash",
3713 		buf_walk_init, buf_walk_step, buf_walk_fini },
3714 
3715 	/* from contract.c */
3716 	{ "contract", "walk all contracts, or those of the specified type",
3717 		ct_walk_init, generic_walk_step, NULL },
3718 	{ "ct_event", "walk events on a contract event queue",
3719 		ct_event_walk_init, generic_walk_step, NULL },
3720 	{ "ct_listener", "walk contract event queue listeners",
3721 		ct_listener_walk_init, generic_walk_step, NULL },
3722 
3723 	/* from cpupart.c */
3724 	{ "cpupart_cpulist", "given an cpupart_t, walk cpus in partition",
3725 		cpupart_cpulist_walk_init, cpupart_cpulist_walk_step,
3726 		NULL },
3727 	{ "cpupart_walk", "walk the set of cpu partitions",
3728 		cpupart_walk_init, cpupart_walk_step, NULL },
3729 
3730 	/* from ctxop.c */
3731 	{ "ctxop", "walk list of context ops on a thread",
3732 		ctxop_walk_init, ctxop_walk_step, ctxop_walk_fini },
3733 
3734 	/* from cyclic.c */
3735 	{ "cyccpu", "walk per-CPU cyc_cpu structures",
3736 		cyccpu_walk_init, cyccpu_walk_step, NULL },
3737 	{ "cycomni", "for an omnipresent cyclic, walk cyc_omni_cpu list",
3738 		cycomni_walk_init, cycomni_walk_step, NULL },
3739 	{ "cyctrace", "walk cyclic trace buffer",
3740 		cyctrace_walk_init, cyctrace_walk_step, cyctrace_walk_fini },
3741 
3742 	/* from devinfo.c */
3743 	{ "binding_hash", "walk all entries in binding hash table",
3744 		binding_hash_walk_init, binding_hash_walk_step, NULL },
3745 	{ "devinfo", "walk devinfo tree or subtree",
3746 		devinfo_walk_init, devinfo_walk_step, devinfo_walk_fini },
3747 	{ "devinfo_audit_log", "walk devinfo audit system-wide log",
3748 		devinfo_audit_log_walk_init, devinfo_audit_log_walk_step,
3749 		devinfo_audit_log_walk_fini},
3750 	{ "devinfo_audit_node", "walk per-devinfo audit history",
3751 		devinfo_audit_node_walk_init, devinfo_audit_node_walk_step,
3752 		devinfo_audit_node_walk_fini},
3753 	{ "devinfo_children", "walk children of devinfo node",
3754 		devinfo_children_walk_init, devinfo_children_walk_step,
3755 		devinfo_children_walk_fini },
3756 	{ "devinfo_parents", "walk ancestors of devinfo node",
3757 		devinfo_parents_walk_init, devinfo_parents_walk_step,
3758 		devinfo_parents_walk_fini },
3759 	{ "devinfo_siblings", "walk siblings of devinfo node",
3760 		devinfo_siblings_walk_init, devinfo_siblings_walk_step, NULL },
3761 	{ "devi_next", "walk devinfo list",
3762 		NULL, devi_next_walk_step, NULL },
3763 	{ "devnames", "walk devnames array",
3764 		devnames_walk_init, devnames_walk_step, devnames_walk_fini },
3765 	{ "minornode", "given a devinfo node, walk minor nodes",
3766 		minornode_walk_init, minornode_walk_step, NULL },
3767 	{ "softstate",
3768 		"given an i_ddi_soft_state*, list all in-use driver stateps",
3769 		soft_state_walk_init, soft_state_walk_step,
3770 		NULL, NULL },
3771 	{ "softstate_all",
3772 		"given an i_ddi_soft_state*, list all driver stateps",
3773 		soft_state_walk_init, soft_state_all_walk_step,
3774 		NULL, NULL },
3775 	{ "devinfo_fmc",
3776 		"walk a fault management handle cache active list",
3777 		devinfo_fmc_walk_init, devinfo_fmc_walk_step, NULL },
3778 
3779 	/* from kmem.c */
3780 	{ "allocdby", "given a thread, walk its allocated bufctls",
3781 		allocdby_walk_init, allocdby_walk_step, allocdby_walk_fini },
3782 	{ "bufctl", "walk a kmem cache's bufctls",
3783 		bufctl_walk_init, kmem_walk_step, kmem_walk_fini },
3784 	{ "bufctl_history", "walk the available history of a bufctl",
3785 		bufctl_history_walk_init, bufctl_history_walk_step,
3786 		bufctl_history_walk_fini },
3787 	{ "freedby", "given a thread, walk its freed bufctls",
3788 		freedby_walk_init, allocdby_walk_step, allocdby_walk_fini },
3789 	{ "freectl", "walk a kmem cache's free bufctls",
3790 		freectl_walk_init, kmem_walk_step, kmem_walk_fini },
3791 	{ "freectl_constructed", "walk a kmem cache's constructed free bufctls",
3792 		freectl_constructed_walk_init, kmem_walk_step, kmem_walk_fini },
3793 	{ "freemem", "walk a kmem cache's free memory",
3794 		freemem_walk_init, kmem_walk_step, kmem_walk_fini },
3795 	{ "freemem_constructed", "walk a kmem cache's constructed free memory",
3796 		freemem_constructed_walk_init, kmem_walk_step, kmem_walk_fini },
3797 	{ "kmem", "walk a kmem cache",
3798 		kmem_walk_init, kmem_walk_step, kmem_walk_fini },
3799 	{ "kmem_cpu_cache", "given a kmem cache, walk its per-CPU caches",
3800 		kmem_cpu_cache_walk_init, kmem_cpu_cache_walk_step, NULL },
3801 	{ "kmem_hash", "given a kmem cache, walk its allocated hash table",
3802 		kmem_hash_walk_init, kmem_hash_walk_step, kmem_hash_walk_fini },
3803 	{ "kmem_log", "walk the kmem transaction log",
3804 		kmem_log_walk_init, kmem_log_walk_step, kmem_log_walk_fini },
3805 	{ "kmem_slab", "given a kmem cache, walk its slabs",
3806 		kmem_slab_walk_init, kmem_slab_walk_step, NULL },
3807 	{ "kmem_slab_partial",
3808 	    "given a kmem cache, walk its partially allocated slabs (min 1)",
3809 		kmem_slab_walk_partial_init, kmem_slab_walk_step, NULL },
3810 	{ "vmem", "walk vmem structures in pre-fix, depth-first order",
3811 		vmem_walk_init, vmem_walk_step, vmem_walk_fini },
3812 	{ "vmem_alloc", "given a vmem_t, walk its allocated vmem_segs",
3813 		vmem_alloc_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
3814 	{ "vmem_free", "given a vmem_t, walk its free vmem_segs",
3815 		vmem_free_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
3816 	{ "vmem_postfix", "walk vmem structures in post-fix, depth-first order",
3817 		vmem_walk_init, vmem_postfix_walk_step, vmem_walk_fini },
3818 	{ "vmem_seg", "given a vmem_t, walk all of its vmem_segs",
3819 		vmem_seg_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
3820 	{ "vmem_span", "given a vmem_t, walk its spanning vmem_segs",
3821 		vmem_span_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
3822 
3823 	/* from ldi.c */
3824 	{ "ldi_handle", "walk the layered driver handle hash",
3825 		ldi_handle_walk_init, ldi_handle_walk_step, NULL },
3826 	{ "ldi_ident", "walk the layered driver identifier hash",
3827 		ldi_ident_walk_init, ldi_ident_walk_step, NULL },
3828 
3829 	/* from leaky.c + leaky_subr.c */
3830 	{ "leak", "given a leaked bufctl or vmem_seg, find leaks w/ same "
3831 	    "stack trace",
3832 		leaky_walk_init, leaky_walk_step, leaky_walk_fini },
3833 	{ "leakbuf", "given a leaked bufctl or vmem_seg, walk buffers for "
3834 	    "leaks w/ same stack trace",
3835 		leaky_walk_init, leaky_buf_walk_step, leaky_walk_fini },
3836 
3837 	/* from lgrp.c */
3838 	{ "lgrp_cpulist", "given an lgrp, walk cpus",
3839 		lgrp_cpulist_walk_init, lgrp_cpulist_walk_step,
3840 		NULL },
3841 	{ "lgrptbl", "walk the lgrp table",
3842 		lgrp_walk_init, lgrp_walk_step, NULL },
3843 
3844 	/* from list.c */
3845 	{ "list", "walk a linked list",
3846 		list_walk_init, list_walk_step, list_walk_fini },
3847 
3848 	/* from memory.c */
3849 	{ "page", "walk all pages, or those from the specified vnode",
3850 		page_walk_init, page_walk_step, page_walk_fini },
3851 	{ "memlist", "walk specified memlist",
3852 		NULL, memlist_walk_step, NULL },
3853 	{ "swapinfo", "walk swapinfo structures",
3854 		swap_walk_init, swap_walk_step, NULL },
3855 
3856 	/* from mmd.c */
3857 	{ "pattr", "walk pattr_t structures", pattr_walk_init,
3858 		mmdq_walk_step, mmdq_walk_fini },
3859 	{ "pdesc", "walk pdesc_t structures",
3860 		pdesc_walk_init, mmdq_walk_step, mmdq_walk_fini },
3861 	{ "pdesc_slab", "walk pdesc_slab_t structures",
3862 		pdesc_slab_walk_init, mmdq_walk_step, mmdq_walk_fini },
3863 
3864 	/* from modhash.c */
3865 	{ "modhash", "walk list of mod_hash structures", modhash_walk_init,
3866 		modhash_walk_step, NULL },
3867 	{ "modent", "walk list of entries in a given mod_hash",
3868 		modent_walk_init, modent_walk_step, modent_walk_fini },
3869 	{ "modchain", "walk list of entries in a given mod_hash_entry",
3870 		NULL, modchain_walk_step, NULL },
3871 
3872 	/* from net.c */
3873 	{ "ar", "walk ar_t structures using MI",
3874 		mi_payload_walk_init, mi_payload_walk_step,
3875 		mi_payload_walk_fini, &mi_ar_arg },
3876 	{ "icmp", "walk ICMP control structures using MI",
3877 		mi_payload_walk_init, mi_payload_walk_step,
3878 		mi_payload_walk_fini, &mi_icmp_arg },
3879 	{ "ill", "walk ill_t structures using MI",
3880 		mi_payload_walk_init, mi_payload_walk_step,
3881 		mi_payload_walk_fini, &mi_ill_arg },
3882 	{ "mi", "given a MI_O, walk the MI",
3883 		mi_walk_init, mi_walk_step, mi_walk_fini, NULL },
3884 	{ "sonode", "given a sonode, walk its children",
3885 		sonode_walk_init, sonode_walk_step, sonode_walk_fini, NULL },
3886 	{ "udp", "walk UDP connections using MI",
3887 		mi_payload_walk_init, mi_payload_walk_step,
3888 		mi_payload_walk_fini, &mi_udp_arg },
3889 
3890 	/* from nvpair.c */
3891 	{ NVPAIR_WALKER_NAME, NVPAIR_WALKER_DESCR,
3892 		nvpair_walk_init, nvpair_walk_step, NULL },
3893 
3894 	/* from rctl.c */
3895 	{ "rctl_dict_list", "walk all rctl_dict_entry_t's from rctl_lists",
3896 		rctl_dict_walk_init, rctl_dict_walk_step, NULL },
3897 	{ "rctl_set", "given a rctl_set, walk all rctls", rctl_set_walk_init,
3898 		rctl_set_walk_step, NULL },
3899 	{ "rctl_val", "given a rctl_t, walk all rctl_val entries associated",
3900 		rctl_val_walk_init, rctl_val_walk_step },
3901 
3902 	/* from sobj.c */
3903 	{ "blocked", "walk threads blocked on a given sobj",
3904 		blocked_walk_init, blocked_walk_step, NULL },
3905 	{ "wchan", "given a wchan, list of blocked threads",
3906 		wchan_walk_init, wchan_walk_step, wchan_walk_fini },
3907 
3908 	/* from stream.c */
3909 	{ "b_cont", "walk mblk_t list using b_cont",
3910 		mblk_walk_init, b_cont_step, mblk_walk_fini },
3911 	{ "b_next", "walk mblk_t list using b_next",
3912 		mblk_walk_init, b_next_step, mblk_walk_fini },
3913 	{ "qlink", "walk queue_t list using q_link",
3914 		queue_walk_init, queue_link_step, queue_walk_fini },
3915 	{ "qnext", "walk queue_t list using q_next",
3916 		queue_walk_init, queue_next_step, queue_walk_fini },
3917 	{ "strftblk", "given a dblk_t, walk STREAMS flow trace event list",
3918 		strftblk_walk_init, strftblk_step, strftblk_walk_fini },
3919 	{ "readq", "walk read queue side of stdata",
3920 		str_walk_init, strr_walk_step, str_walk_fini },
3921 	{ "writeq", "walk write queue side of stdata",
3922 		str_walk_init, strw_walk_step, str_walk_fini },
3923 
3924 	/* from thread.c */
3925 	{ "deathrow", "walk threads on both lwp_ and thread_deathrow",
3926 		deathrow_walk_init, deathrow_walk_step, NULL },
3927 	{ "cpu_dispq", "given a cpu_t, walk threads in dispatcher queues",
3928 		cpu_dispq_walk_init, dispq_walk_step, dispq_walk_fini },
3929 	{ "cpupart_dispq",
3930 		"given a cpupart_t, walk threads in dispatcher queues",
3931 		cpupart_dispq_walk_init, dispq_walk_step, dispq_walk_fini },
3932 	{ "lwp_deathrow", "walk lwp_deathrow",
3933 		lwp_deathrow_walk_init, deathrow_walk_step, NULL },
3934 	{ "thread", "global or per-process kthread_t structures",
3935 		thread_walk_init, thread_walk_step, thread_walk_fini },
3936 	{ "thread_deathrow", "walk threads on thread_deathrow",
3937 		thread_deathrow_walk_init, deathrow_walk_step, NULL },
3938 
3939 	/* from tsd.c */
3940 	{ "tsd", "walk list of thread-specific data",
3941 		tsd_walk_init, tsd_walk_step, tsd_walk_fini },
3942 
3943 	/*
3944 	 * typegraph does not work under kmdb, as it requires too much memory
3945 	 * for its internal data structures.
3946 	 */
3947 #ifndef _KMDB
3948 	/* from typegraph.c */
3949 	{ "typeconflict", "walk buffers with conflicting type inferences",
3950 		typegraph_walk_init, typeconflict_walk_step },
3951 	{ "typeunknown", "walk buffers with unknown types",
3952 		typegraph_walk_init, typeunknown_walk_step },
3953 #endif
3954 
3955 	/* from vfs.c */
3956 	{ "vfs", "walk file system list",
3957 		vfs_walk_init, vfs_walk_step },
3958 	{ NULL }
3959 };
3960 
3961 static const mdb_modinfo_t modinfo = { MDB_API_VERSION, dcmds, walkers };
3962 
3963 const mdb_modinfo_t *
3964 _mdb_init(void)
3965 {
3966 	if (mdb_readvar(&devinfo_root, "top_devinfo") == -1) {
3967 		mdb_warn("failed to read 'top_devinfo'");
3968 		return (NULL);
3969 	}
3970 
3971 	if (findstack_init() != DCMD_OK)
3972 		return (NULL);
3973 
3974 	kmem_init();
3975 
3976 	return (&modinfo);
3977 }
3978 
3979 void
3980 _mdb_fini(void)
3981 {
3982 	/*
3983 	 * Force ::findleaks to let go any cached memory
3984 	 */
3985 	leaky_cleanup(1);
3986 }
3987