xref: /titanic_44/usr/src/uts/common/os/modctl.c (revision 159eb9e1f62c284a23f12ecf781cdf352c9158f8)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * modctl system call for loadable module support.
31  */
32 
33 #include <sys/param.h>
34 #include <sys/user.h>
35 #include <sys/systm.h>
36 #include <sys/exec.h>
37 #include <sys/file.h>
38 #include <sys/stat.h>
39 #include <sys/conf.h>
40 #include <sys/time.h>
41 #include <sys/reboot.h>
42 #include <sys/fs/ufs_fsdir.h>
43 #include <sys/kmem.h>
44 #include <sys/sysconf.h>
45 #include <sys/cmn_err.h>
46 #include <sys/ddi.h>
47 #include <sys/sunddi.h>
48 #include <sys/sunndi.h>
49 #include <sys/ndi_impldefs.h>
50 #include <sys/ddi_impldefs.h>
51 #include <sys/ddi_implfuncs.h>
52 #include <sys/bootconf.h>
53 #include <sys/dc_ki.h>
54 #include <sys/cladm.h>
55 #include <sys/dtrace.h>
56 #include <sys/kdi.h>
57 
58 #include <sys/devpolicy.h>
59 #include <sys/modctl.h>
60 #include <sys/kobj.h>
61 #include <sys/devops.h>
62 #include <sys/autoconf.h>
63 #include <sys/hwconf.h>
64 #include <sys/callb.h>
65 #include <sys/debug.h>
66 #include <sys/cpuvar.h>
67 #include <sys/sysmacros.h>
68 #include <sys/sysevent.h>
69 #include <sys/sysevent_impl.h>
70 #include <sys/instance.h>
71 #include <sys/modhash.h>
72 #include <sys/modhash_impl.h>
73 #include <sys/dacf_impl.h>
74 #include <sys/vfs.h>
75 #include <sys/pathname.h>
76 #include <sys/console.h>
77 #include <sys/policy.h>
78 #include <ipp/ipp_impl.h>
79 #include <sys/fs/dv_node.h>
80 #include <sys/strsubr.h>
81 
82 static int		mod_circdep(struct modctl *);
83 static int		modinfo(modid_t, struct modinfo *);
84 
85 static void		mod_uninstall_all(void);
86 static int		mod_getinfo(struct modctl *, struct modinfo *);
87 static struct modctl	*allocate_modp(char *, char *);
88 
89 static int		mod_load(struct modctl *, int);
90 static void		mod_unload(struct modctl *);
91 static int		modinstall(struct modctl *);
92 static int		moduninstall(struct modctl *);
93 
94 static struct modctl	*mod_hold_by_name_common(struct modctl *, char *);
95 static struct modctl	*mod_hold_by_id(modid_t);
96 static struct modctl	*mod_hold_next_by_id(modid_t);
97 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
98 static struct modctl	*mod_hold_installed_mod(char *, int, int *);
99 
100 static void		mod_release(struct modctl *);
101 static void		mod_make_requisite(struct modctl *, struct modctl *);
102 static int		mod_install_requisites(struct modctl *);
103 static void		check_esc_sequences(char *, char *);
104 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
105 
106 /*
107  * module loading thread control structure. Calls to kobj_load_module()() are
108  * handled off to a separate thead using this structure.
109  */
110 struct loadmt {
111 	ksema_t		sema;
112 	struct modctl	*mp;
113 	int		usepath;
114 	kthread_t	*owner;
115 	int		retval;
116 };
117 
118 static void	modload_thread(struct loadmt *);
119 
120 kcondvar_t	mod_cv;
121 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
122 					/* and the uninstall daemon. */
123 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
124 					/* mod_busy, mod_want, and mod_ref. */
125 					/* blocking operations while holding */
126 					/* mod_lock should be avoided */
127 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
128 kthread_id_t	mod_aul_thread;
129 
130 int	isminiroot;		/* set if running as miniroot */
131 int	modrootloaded;		/* set after root driver and fs are loaded */
132 int	moddebug = 0x0;		/* debug flags for module writers */
133 int	swaploaded;		/* set after swap driver and fs are loaded */
134 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
135 int	last_module_id;
136 clock_t	mod_uninstall_interval = 0;
137 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
138 
139 struct devnames *devnamesp;
140 struct devnames orphanlist;
141 
142 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
143 
144 #define	MAJBINDFILE "/etc/name_to_major"
145 #define	SYSBINDFILE "/etc/name_to_sysnum"
146 
147 static char	majbind[] = MAJBINDFILE;
148 static char	sysbind[] = SYSBINDFILE;
149 static uint_t	mod_autounload_key;	/* for module autounload detection */
150 
151 extern int obpdebug;
152 extern int make_mbind(char *, int, char *, struct bind **);
153 
154 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
155 
156 static int minorperm_loaded = 0;
157 
158 
159 
160 void
161 mod_setup(void)
162 {
163 	struct sysent *callp;
164 	int callnum, exectype;
165 	int	num_devs;
166 	int	i;
167 
168 	/*
169 	 * Initialize the list of loaded driver dev_ops.
170 	 * XXX - This must be done before reading the system file so that
171 	 * forceloads of drivers will work.
172 	 */
173 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
174 	/*
175 	 * Since read_binding_file is common code, it doesn't enforce that all
176 	 * of the binding file entries have major numbers <= MAXMAJ32.  Thus,
177 	 * ensure that we don't allocate some massive amount of space due to a
178 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
179 	 * until file system support for larger major numbers exists.
180 	 */
181 
182 	/*
183 	 * Leave space for expansion, but not more than L_MAXMAJ32
184 	 */
185 	devcnt = MIN(num_devs + 30, L_MAXMAJ32);
186 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
187 	for (i = 0; i < devcnt; i++)
188 		devopsp[i] = &mod_nodev_ops;
189 
190 	init_devnamesp(devcnt);
191 
192 	/*
193 	 * Sync up with the work that the stand-alone linker has already done.
194 	 */
195 	(void) kobj_sync();
196 
197 	if (boothowto & RB_DEBUG)
198 		kdi_dvec_modavail();
199 
200 	make_aliases(mb_hashtab);
201 
202 	/*
203 	 * Initialize streams device implementation structures.
204 	 */
205 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
206 
207 	/*
208 	 * If the cl_bootstrap module is present,
209 	 * we should be configured as a cluster. Loading this module
210 	 * will set "cluster_bootflags" to non-zero.
211 	 */
212 	(void) modload("misc", "cl_bootstrap");
213 
214 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
215 	init_syscallnames(NSYSCALL);
216 
217 	/*
218 	 * Start up dynamic autoconfiguration framework (dacf).
219 	 */
220 	mod_hash_init();
221 	dacf_init();
222 
223 	/*
224 	 * Start up IP policy framework (ipp).
225 	 */
226 	ipp_init();
227 
228 	/*
229 	 * Allocate loadable native system call locks.
230 	 */
231 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
232 	    callnum++, callp++) {
233 		if (LOADABLE_SYSCALL(callp)) {
234 			if (mod_getsysname(callnum) != NULL) {
235 				callp->sy_lock =
236 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
237 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
238 			} else {
239 				callp->sy_flags &= ~SE_LOADABLE;
240 				callp->sy_callc = nosys;
241 			}
242 #ifdef DEBUG
243 		} else {
244 			/*
245 			 * Do some sanity checks on the sysent table
246 			 */
247 			switch (callp->sy_flags & SE_RVAL_MASK) {
248 			case SE_32RVAL1:
249 				/* only r_val1 returned */
250 			case SE_32RVAL1 | SE_32RVAL2:
251 				/* r_val1 and r_val2 returned */
252 			case SE_64RVAL:
253 				/* 64-bit rval returned */
254 				break;
255 			default:
256 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
257 				    callnum, callp->sy_flags);
258 			}
259 #endif
260 		}
261 	}
262 
263 #ifdef _SYSCALL32_IMPL
264 	/*
265 	 * Allocate loadable system call locks for 32-bit compat syscalls
266 	 */
267 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
268 	    callnum++, callp++) {
269 		if (LOADABLE_SYSCALL(callp)) {
270 			if (mod_getsysname(callnum) != NULL) {
271 				callp->sy_lock =
272 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
273 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
274 			} else {
275 				callp->sy_flags &= ~SE_LOADABLE;
276 				callp->sy_callc = nosys;
277 			}
278 #ifdef DEBUG
279 		} else {
280 			/*
281 			 * Do some sanity checks on the sysent table
282 			 */
283 			switch (callp->sy_flags & SE_RVAL_MASK) {
284 			case SE_32RVAL1:
285 				/* only r_val1 returned */
286 			case SE_32RVAL1 | SE_32RVAL2:
287 				/* r_val1 and r_val2 returned */
288 			case SE_64RVAL:
289 				/* 64-bit rval returned */
290 				break;
291 			default:
292 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
293 				    callnum, callp->sy_flags);
294 				goto skip;
295 			}
296 
297 			/*
298 			 * Cross-check the native and compatibility tables.
299 			 */
300 			if (callp->sy_callc == nosys ||
301 			    sysent[callnum].sy_callc == nosys)
302 				continue;
303 			/*
304 			 * If only one or the other slot is loadable, then
305 			 * there's an error -- they should match!
306 			 */
307 			if ((callp->sy_callc == loadable_syscall) ^
308 			    (sysent[callnum].sy_callc == loadable_syscall)) {
309 				cmn_err(CE_WARN, "sysent[%d] loadable?",
310 				    callnum);
311 			}
312 			/*
313 			 * This is more of a heuristic test -- if the
314 			 * system call returns two values in the 32-bit
315 			 * world, it should probably return two 32-bit
316 			 * values in the 64-bit world too.
317 			 */
318 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
319 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
320 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
321 				    callnum);
322 			}
323 skip:;
324 #endif	/* DEBUG */
325 		}
326 	}
327 #endif	/* _SYSCALL32_IMPL */
328 
329 	/*
330 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
331 	 */
332 	for (exectype = 0; exectype < nexectype; exectype++) {
333 		execsw[exectype].exec_lock =
334 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
335 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
336 	}
337 
338 	read_class_file();
339 
340 	/* init thread specific structure for mod_uninstall_all */
341 	tsd_create(&mod_autounload_key, NULL);
342 }
343 
344 static int
345 modctl_modload(int use_path, char *filename, int *rvp)
346 {
347 	struct modctl *modp;
348 	int retval = 0;
349 	char *filenamep;
350 	int modid;
351 
352 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
353 
354 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
355 		retval = EFAULT;
356 		goto out;
357 	}
358 
359 	filenamep[MOD_MAXPATH - 1] = 0;
360 	modp = mod_hold_installed_mod(filenamep, use_path, &retval);
361 
362 	if (modp == NULL)
363 		goto out;
364 
365 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
366 	modid = modp->mod_id;
367 	mod_release_mod(modp);
368 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
369 		retval = EFAULT;
370 out:
371 	kmem_free(filenamep, MOD_MAXPATH);
372 
373 	return (retval);
374 }
375 
376 static int
377 modctl_modunload(modid_t id)
378 {
379 	int rval = 0;
380 
381 	if (id == 0) {
382 #ifdef DEBUG
383 		/*
384 		 * Turn on mod_uninstall_daemon
385 		 */
386 		if (mod_uninstall_interval == 0) {
387 			mod_uninstall_interval = 60;
388 			modreap();
389 			return (rval);
390 		}
391 #endif
392 		mod_uninstall_all();
393 	} else {
394 		(void) devfs_clean(ddi_root_node(), NULL, 0);
395 		rval = modunload(id);
396 	}
397 	return (rval);
398 }
399 
400 static int
401 modctl_modinfo(modid_t id, struct modinfo *umodi)
402 {
403 	int retval;
404 	struct modinfo modi;
405 #if defined(_SYSCALL32_IMPL)
406 	int nobase;
407 	struct modinfo32 modi32;
408 #endif
409 
410 	if (get_udatamodel() == DATAMODEL_NATIVE) {
411 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
412 			return (EFAULT);
413 	}
414 #ifdef _SYSCALL32_IMPL
415 	else {
416 		bzero(&modi, sizeof (modi));
417 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
418 			return (EFAULT);
419 		modi.mi_info = modi32.mi_info;
420 		modi.mi_id = modi32.mi_id;
421 		modi.mi_nextid = modi32.mi_nextid;
422 		nobase = modi.mi_info & MI_INFO_NOBASE;
423 	}
424 #endif
425 	/*
426 	 * This flag is -only- for the kernels use.
427 	 */
428 	modi.mi_info &= ~MI_INFO_LINKAGE;
429 
430 	retval = modinfo(id, &modi);
431 	if (retval)
432 		return (retval);
433 
434 	if (get_udatamodel() == DATAMODEL_NATIVE) {
435 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
436 			retval = EFAULT;
437 #ifdef _SYSCALL32_IMPL
438 	} else {
439 		int i;
440 
441 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
442 			return (EOVERFLOW);
443 
444 		modi32.mi_info = modi.mi_info;
445 		modi32.mi_state = modi.mi_state;
446 		modi32.mi_id = modi.mi_id;
447 		modi32.mi_nextid = modi.mi_nextid;
448 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
449 		modi32.mi_size = modi.mi_size;
450 		modi32.mi_rev = modi.mi_rev;
451 		modi32.mi_loadcnt = modi.mi_loadcnt;
452 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
453 		for (i = 0; i < MODMAXLINK32; i++) {
454 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
455 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
456 			    modi32.mi_msinfo[i].msi_linkinfo,
457 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
458 		}
459 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
460 			retval = EFAULT;
461 #endif
462 	}
463 
464 	return (retval);
465 }
466 
467 /*
468  * Return the last major number in the range of permissible major numbers.
469  */
470 /*ARGSUSED*/
471 static int
472 modctl_modreserve(modid_t id, int *data)
473 {
474 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
475 		return (EFAULT);
476 	return (0);
477 }
478 
479 static int
480 modctl_add_major(int *data)
481 {
482 	struct modconfig mc;
483 	int i, rv;
484 	struct aliases alias;
485 	struct aliases *ap;
486 	char name[MAXMODCONFNAME];
487 	char cname[MAXMODCONFNAME];
488 	char *drvname;
489 
490 	bzero(&mc, sizeof (struct modconfig));
491 	if (get_udatamodel() == DATAMODEL_NATIVE) {
492 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
493 			return (EFAULT);
494 	}
495 #ifdef _SYSCALL32_IMPL
496 	else {
497 		struct modconfig32 modc32;
498 
499 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
500 			return (EFAULT);
501 		else {
502 			bcopy(modc32.drvname, mc.drvname,
503 			    sizeof (modc32.drvname));
504 			bcopy(modc32.drvclass, mc.drvclass,
505 			    sizeof (modc32.drvclass));
506 			mc.major = modc32.major;
507 			mc.num_aliases = modc32.num_aliases;
508 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
509 		}
510 	}
511 #endif
512 
513 	/*
514 	 * If the driver is already in the mb_hashtab, and the name given
515 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
516 	 * we may be adding aliases.
517 	 */
518 	if ((drvname = mod_major_to_name(mc.major)) != NULL &&
519 	    strcmp(drvname, mc.drvname) != 0)
520 		return (EINVAL);
521 
522 	/*
523 	 * Add each supplied driver alias to mb_hashtab
524 	 */
525 	ap = mc.ap;
526 	for (i = 0; i < mc.num_aliases; i++) {
527 		bzero(&alias, sizeof (struct aliases));
528 
529 		if (get_udatamodel() == DATAMODEL_NATIVE) {
530 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0)
531 				return (EFAULT);
532 
533 			if (alias.a_len > MAXMODCONFNAME)
534 				return (EINVAL);
535 
536 			if (copyin(alias.a_name, name, alias.a_len) != 0)
537 				return (EFAULT);
538 
539 			if (name[alias.a_len - 1] != '\0')
540 				return (EINVAL);
541 		}
542 #ifdef _SYSCALL32_IMPL
543 		else {
544 			struct aliases32 al32;
545 
546 			bzero(&al32, sizeof (struct aliases32));
547 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0)
548 				return (EFAULT);
549 
550 			if (al32.a_len > MAXMODCONFNAME)
551 				return (EINVAL);
552 
553 			if (copyin((void *)(uintptr_t)al32.a_name,
554 			    name, al32.a_len) != 0)
555 				return (EFAULT);
556 
557 			if (name[al32.a_len - 1] != '\0')
558 				return (EINVAL);
559 
560 			alias.a_next = (void *)(uintptr_t)al32.a_next;
561 		}
562 #endif
563 		check_esc_sequences(name, cname);
564 		(void) make_mbind(cname, mc.major, NULL, mb_hashtab);
565 		ap = alias.a_next;
566 	}
567 
568 	/*
569 	 * Try to establish an mbinding for mc.drvname, and add it to devnames.
570 	 * Add class if any after establishing the major number
571 	 */
572 	(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
573 	rv = make_devname(mc.drvname, mc.major);
574 
575 	if (rv == 0) {
576 		if (mc.drvclass[0] != '\0')
577 			add_class(mc.drvname, mc.drvclass);
578 		(void) i_ddi_load_drvconf(mc.major);
579 		i_ddi_bind_devs();
580 		i_ddi_di_cache_invalidate(KM_SLEEP);
581 	}
582 	return (rv);
583 }
584 
585 static int
586 modctl_rem_major(major_t major)
587 {
588 	struct devnames *dnp;
589 
590 	if (major >= devcnt)
591 		return (EINVAL);
592 
593 	/* mark devnames as removed */
594 	dnp = &devnamesp[major];
595 	LOCK_DEV_OPS(&dnp->dn_lock);
596 	if (dnp->dn_name == NULL ||
597 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
598 		UNLOCK_DEV_OPS(&dnp->dn_lock);
599 		return (EINVAL);
600 	}
601 	dnp->dn_flags |= DN_DRIVER_REMOVED;
602 	pm_driver_removed(major);
603 	UNLOCK_DEV_OPS(&dnp->dn_lock);
604 
605 	(void) i_ddi_unload_drvconf(major);
606 	i_ddi_unbind_devs(major);
607 	i_ddi_di_cache_invalidate(KM_SLEEP);
608 	return (0);
609 }
610 
611 static struct vfs *
612 path_to_vfs(char *name)
613 {
614 	vnode_t *vp;
615 	struct vfs *vfsp;
616 
617 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
618 		return (NULL);
619 
620 	vfsp = vp->v_vfsp;
621 	VN_RELE(vp);
622 	return (vfsp);
623 }
624 
625 static int
626 new_vfs_in_modpath()
627 {
628 	static int n_modpath = 0;
629 	static char *modpath_copy;
630 	static struct pathvfs {
631 		char *path;
632 		struct vfs *vfsp;
633 	} *pathvfs;
634 
635 	int i, new_vfs = 0;
636 	char *tmp, *tmp1;
637 	struct vfs *vfsp;
638 
639 	if (n_modpath != 0) {
640 		for (i = 0; i < n_modpath; i++) {
641 			vfsp = path_to_vfs(pathvfs[i].path);
642 			if (vfsp != pathvfs[i].vfsp) {
643 				pathvfs[i].vfsp = vfsp;
644 				if (vfsp)
645 					new_vfs = 1;
646 			}
647 		}
648 		return (new_vfs);
649 	}
650 
651 	/*
652 	 * First call, initialize the pathvfs structure
653 	 */
654 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
655 	tmp = modpath_copy;
656 	n_modpath = 1;
657 	tmp1 = strchr(tmp, ' ');
658 	while (tmp1) {
659 		*tmp1 = '\0';
660 		n_modpath++;
661 		tmp = tmp1 + 1;
662 		tmp1 = strchr(tmp, ' ');
663 	}
664 
665 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
666 	tmp = modpath_copy;
667 	for (i = 0; i < n_modpath; i++) {
668 		pathvfs[i].path = tmp;
669 		vfsp = path_to_vfs(tmp);
670 		pathvfs[i].vfsp = vfsp;
671 		tmp += strlen(tmp) + 1;
672 	}
673 	return (1);	/* always reread driver.conf the first time */
674 }
675 
676 static int modctl_load_drvconf(major_t major)
677 {
678 	int ret;
679 
680 	if (major != (major_t)-1) {
681 		ret = i_ddi_load_drvconf(major);
682 		if (ret == 0)
683 			i_ddi_bind_devs();
684 		return (ret);
685 	}
686 
687 	/*
688 	 * We are invoked to rescan new driver.conf files. It is
689 	 * only necessary if a new file system was mounted in the
690 	 * module_path. Because rescanning driver.conf files can
691 	 * take some time on older platforms (sun4m), the following
692 	 * code skips unnecessary driver.conf rescans to optimize
693 	 * boot performance.
694 	 */
695 	if (new_vfs_in_modpath()) {
696 		(void) i_ddi_load_drvconf((major_t)-1);
697 		/*
698 		 * If we are still initializing io subsystem,
699 		 * load drivers with ddi-forceattach property
700 		 */
701 		if (!i_ddi_io_initialized())
702 			i_ddi_forceattach_drivers();
703 	}
704 	return (0);
705 }
706 
707 static int
708 modctl_unload_drvconf(major_t major)
709 {
710 	int ret;
711 
712 	if (major >= devcnt)
713 		return (EINVAL);
714 
715 	ret = i_ddi_unload_drvconf(major);
716 	if (ret != 0)
717 		return (ret);
718 	(void) i_ddi_unbind_devs(major);
719 
720 	return (0);
721 }
722 
723 static void
724 check_esc_sequences(char *str, char *cstr)
725 {
726 	int i;
727 	size_t len;
728 	char *p;
729 
730 	len = strlen(str);
731 	for (i = 0; i < len; i++, str++, cstr++) {
732 		if (*str != '\\') {
733 			*cstr = *str;
734 		} else {
735 			p = str + 1;
736 			/*
737 			 * we only handle octal escape sequences for SPACE
738 			 */
739 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
740 				*cstr = ' ';
741 				str += 3;
742 			} else {
743 				*cstr = *str;
744 			}
745 		}
746 	}
747 	*cstr = 0;
748 }
749 
750 static int
751 modctl_getmodpathlen(int *data)
752 {
753 	int len;
754 	len = strlen(default_path);
755 	if (copyout(&len, data, sizeof (len)) != 0)
756 		return (EFAULT);
757 	return (0);
758 }
759 
760 static int
761 modctl_getmodpath(char *data)
762 {
763 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
764 		return (EFAULT);
765 	return (0);
766 }
767 
768 static int
769 modctl_read_sysbinding_file(void)
770 {
771 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
772 	return (0);
773 }
774 
775 static int
776 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
777 {
778 	char name[256];
779 	int retval;
780 	major_t major;
781 
782 	if ((retval = copyinstr(uname, name,
783 	    (ulen < 256) ? ulen : 256, 0)) != 0)
784 		return (retval);
785 	if ((major = mod_name_to_major(name)) == (major_t)-1)
786 		return (ENODEV);
787 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
788 		return (EFAULT);
789 	return (0);
790 }
791 
792 static int
793 modctl_getname(char *uname, uint_t ulen, int *umajorp)
794 {
795 	char *name;
796 	major_t major;
797 
798 	if (copyin(umajorp, &major, sizeof (major)) != 0)
799 		return (EFAULT);
800 	if ((name = mod_major_to_name(major)) == NULL)
801 		return (ENODEV);
802 	if ((strlen(name) + 1) > ulen)
803 		return (ENOSPC);
804 	return (copyoutstr(name, uname, ulen, NULL));
805 }
806 
807 static int
808 modctl_devt2instance(dev_t dev, int *uinstancep)
809 {
810 	int	instance;
811 
812 	if ((instance = dev_to_instance(dev)) == -1)
813 		return (EINVAL);
814 
815 	return (copyout(&instance, uinstancep, sizeof (int)));
816 }
817 
818 /*
819  * Return the sizeof of the device id.
820  */
821 static int
822 modctl_sizeof_devid(dev_t dev, uint_t *len)
823 {
824 	uint_t		sz;
825 	ddi_devid_t	devid;
826 
827 	/* get device id */
828 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
829 		return (EINVAL);
830 
831 	sz = ddi_devid_sizeof(devid);
832 	ddi_devid_free(devid);
833 
834 	/* copyout device id size */
835 	if (copyout(&sz, len, sizeof (sz)) != 0)
836 		return (EFAULT);
837 
838 	return (0);
839 }
840 
841 /*
842  * Return a copy of the device id.
843  */
844 static int
845 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
846 {
847 	uint_t		sz;
848 	ddi_devid_t	devid;
849 	int		err = 0;
850 
851 	/* get device id */
852 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
853 		return (EINVAL);
854 
855 	sz = ddi_devid_sizeof(devid);
856 
857 	/* Error if device id is larger than space allocated */
858 	if (sz > len) {
859 		ddi_devid_free(devid);
860 		return (ENOSPC);
861 	}
862 
863 	/* copy out device id */
864 	if (copyout(devid, udevid, sz) != 0)
865 		err = EFAULT;
866 	ddi_devid_free(devid);
867 	return (err);
868 }
869 
870 /*
871  * return the /devices paths associated with the specified devid and
872  * minor name.
873  */
874 /*ARGSUSED*/
875 static int
876 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
877 	size_t *ulensp, char *upaths)
878 {
879 	ddi_devid_t	devid = NULL;
880 	int		devid_len;
881 	char		*minor_name = NULL;
882 	dev_info_t	*dip = NULL;
883 	struct ddi_minor_data   *dmdp;
884 	char		*path = NULL;
885 	int		ulens;
886 	int		lens;
887 	int		len;
888 	dev_t		*devlist = NULL;
889 	int		ndevs;
890 	int		i;
891 	int		ret = 0;
892 
893 	/*
894 	 * If upaths is NULL then we are only computing the amount of space
895 	 * needed to hold the paths and returning the value in *ulensp. If we
896 	 * are copying out paths then we get the amount of space allocated by
897 	 * the caller. If the actual space needed for paths is larger, or
898 	 * things are changing out from under us, then we return EAGAIN.
899 	 */
900 	if (upaths) {
901 		if (ulensp == NULL)
902 			return (EINVAL);
903 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
904 			return (EFAULT);
905 	}
906 
907 	/*
908 	 * copyin enough of the devid to determine the length then
909 	 * reallocate and copy in the entire devid.
910 	 */
911 	devid_len = ddi_devid_sizeof(NULL);
912 	devid = kmem_alloc(devid_len, KM_SLEEP);
913 	if (copyin(udevid, devid, devid_len)) {
914 		ret = EFAULT;
915 		goto out;
916 	}
917 	len = devid_len;
918 	devid_len = ddi_devid_sizeof(devid);
919 	kmem_free(devid, len);
920 	devid = kmem_alloc(devid_len, KM_SLEEP);
921 	if (copyin(udevid, devid, devid_len)) {
922 		ret = EFAULT;
923 		goto out;
924 	}
925 
926 	/* copyin the minor name if specified. */
927 	minor_name = uminor_name;
928 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
929 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
930 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
931 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
932 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
933 			ret = EFAULT;
934 			goto out;
935 		}
936 	}
937 
938 	/*
939 	 * Use existing function to resolve the devid into a devlist.
940 	 *
941 	 * NOTE: there is a loss of spectype information in the current
942 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
943 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
944 	 * node forms in the loop processing the devlist below. It would be
945 	 * best if at some point the use of this interface here was replaced
946 	 * with a path oriented call.
947 	 */
948 	if (ddi_lyr_devid_to_devlist(devid,
949 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
950 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
951 	    &ndevs, &devlist) != DDI_SUCCESS) {
952 		ret = EINVAL;
953 		goto out;
954 	}
955 
956 	/*
957 	 * loop over the devlist, converting each devt to a path and doing
958 	 * a copyout of the path and computation of the amount of space
959 	 * needed to hold all the paths
960 	 */
961 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
962 	for (i = 0, lens = 0; i < ndevs; i++) {
963 
964 		/* find the dip associated with the dev_t */
965 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
966 			continue;
967 
968 		/* loop over all the minor nodes, skipping ones we don't want */
969 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
970 			if ((dmdp->ddm_dev != devlist[i]) ||
971 			    (dmdp->type != DDM_MINOR))
972 				continue;
973 
974 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
975 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
976 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
977 			    strcmp(minor_name, dmdp->ddm_name))
978 				continue;
979 			else {
980 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
981 				    (dmdp->ddm_spec_type != S_IFCHR))
982 					continue;
983 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
984 				    (dmdp->ddm_spec_type != S_IFBLK))
985 					continue;
986 			}
987 
988 			/* XXX need ddi_pathname_minor(dmdp, path); interface */
989 			if (ddi_dev_pathname(dmdp->ddm_dev, dmdp->ddm_spec_type,
990 			    path) != DDI_SUCCESS) {
991 				ret = EAGAIN;
992 				goto out;
993 			}
994 			len = strlen(path) + 1;
995 			*(path + len) = '\0';	/* set double termination */
996 			lens += len;
997 
998 			/* copyout the path with double terminations */
999 			if (upaths) {
1000 				if (lens > ulens) {
1001 					ret = EAGAIN;
1002 					goto out;
1003 				}
1004 				if (copyout(path, upaths, len + 1)) {
1005 					ret = EFAULT;
1006 					goto out;
1007 				}
1008 				upaths += len;
1009 			}
1010 		}
1011 		ddi_release_devi(dip);
1012 		dip = NULL;
1013 	}
1014 	lens++;		/* add one for double termination */
1015 
1016 	/* copy out the amount of space needed to hold the paths */
1017 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1018 		ret = EFAULT;
1019 		goto out;
1020 	}
1021 	ret = 0;
1022 
1023 out:	if (dip)
1024 		ddi_release_devi(dip);
1025 	if (path)
1026 		kmem_free(path, MAXPATHLEN);
1027 	if (devlist)
1028 		ddi_lyr_free_devlist(devlist, ndevs);
1029 	if (minor_name &&
1030 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1031 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1032 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1033 		kmem_free(minor_name, MAXPATHLEN);
1034 	if (devid)
1035 		kmem_free(devid, devid_len);
1036 	return (ret);
1037 }
1038 
1039 /*
1040  * Return the size of the minor name.
1041  */
1042 static int
1043 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1044 {
1045 	uint_t	sz;
1046 	char	*name;
1047 
1048 	/* get the minor name */
1049 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1050 		return (EINVAL);
1051 
1052 	sz = strlen(name) + 1;
1053 	kmem_free(name, sz);
1054 
1055 	/* copy out the size of the minor name */
1056 	if (copyout(&sz, len, sizeof (sz)) != 0)
1057 		return (EFAULT);
1058 
1059 	return (0);
1060 }
1061 
1062 /*
1063  * Return the minor name.
1064  */
1065 static int
1066 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1067 {
1068 	uint_t	sz;
1069 	char	*name;
1070 	int	err = 0;
1071 
1072 	/* get the minor name */
1073 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1074 		return (EINVAL);
1075 
1076 	sz = strlen(name) + 1;
1077 
1078 	/* Error if the minor name is larger than the space allocated */
1079 	if (sz > len) {
1080 		kmem_free(name, sz);
1081 		return (ENOSPC);
1082 	}
1083 
1084 	/* copy out the minor name */
1085 	if (copyout(name, uname, sz) != 0)
1086 		err = EFAULT;
1087 	kmem_free(name, sz);
1088 	return (err);
1089 }
1090 
1091 /*
1092  * Return the size of the devfspath name.
1093  */
1094 static int
1095 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1096 {
1097 	uint_t	sz;
1098 	char	*name;
1099 
1100 	/* get the path name */
1101 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1102 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1103 		kmem_free(name, MAXPATHLEN);
1104 		return (EINVAL);
1105 	}
1106 
1107 	sz = strlen(name) + 1;
1108 	kmem_free(name, MAXPATHLEN);
1109 
1110 	/* copy out the size of the path name */
1111 	if (copyout(&sz, len, sizeof (sz)) != 0)
1112 		return (EFAULT);
1113 
1114 	return (0);
1115 }
1116 
1117 /*
1118  * Return the devfspath name.
1119  */
1120 static int
1121 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1122 {
1123 	uint_t	sz;
1124 	char	*name;
1125 	int	err = 0;
1126 
1127 	/* get the path name */
1128 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1129 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1130 		kmem_free(name, MAXPATHLEN);
1131 		return (EINVAL);
1132 	}
1133 
1134 	sz = strlen(name) + 1;
1135 
1136 	/* Error if the path name is larger than the space allocated */
1137 	if (sz > len) {
1138 		kmem_free(name, MAXPATHLEN);
1139 		return (ENOSPC);
1140 	}
1141 
1142 	/* copy out the path name */
1143 	if (copyout(name, uname, sz) != 0)
1144 		err = EFAULT;
1145 	kmem_free(name, MAXPATHLEN);
1146 	return (err);
1147 }
1148 
1149 static int
1150 modctl_get_fbname(char *path)
1151 {
1152 	extern dev_t fbdev;
1153 	char *pathname = NULL;
1154 	int rval = 0;
1155 
1156 	/* make sure fbdev is set before we plunge in */
1157 	if (fbdev == NODEV)
1158 		return (ENODEV);
1159 
1160 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1161 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1162 	    pathname)) == DDI_SUCCESS) {
1163 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1164 			rval = EFAULT;
1165 		}
1166 	}
1167 	kmem_free(pathname, MAXPATHLEN);
1168 	return (rval);
1169 }
1170 
1171 /*
1172  * modctl_reread_dacf()
1173  *	Reread the dacf rules database from the named binding file.
1174  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1175  */
1176 static int
1177 modctl_reread_dacf(char *path)
1178 {
1179 	int rval = 0;
1180 	char *filename, *filenamep;
1181 
1182 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1183 
1184 	if (path == NULL) {
1185 		filenamep = NULL;
1186 	} else {
1187 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1188 			rval = EFAULT;
1189 			goto out;
1190 		}
1191 		filenamep = filename;
1192 		filenamep[MAXPATHLEN - 1] = '\0';
1193 	}
1194 
1195 	rval = read_dacf_binding_file(filenamep);
1196 out:
1197 	kmem_free(filename, MAXPATHLEN);
1198 	return (rval);
1199 }
1200 
1201 /*ARGSUSED*/
1202 static int
1203 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1204     uint_t flag)
1205 {
1206 	int error = 0;
1207 	char *filenamep;
1208 
1209 	switch (subcmd) {
1210 
1211 	case MODEVENTS_FLUSH:
1212 		/* flush all currently queued events */
1213 		log_sysevent_flushq(subcmd, flag);
1214 		break;
1215 
1216 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1217 		/*
1218 		 * bind door_upcall to filename
1219 		 * this should only be done once per invocation
1220 		 * of the event daemon.
1221 		 */
1222 
1223 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1224 
1225 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1226 			error = EFAULT;
1227 		} else {
1228 			error = log_sysevent_filename(filenamep);
1229 		}
1230 		kmem_free(filenamep, MOD_MAXPATH);
1231 		break;
1232 
1233 	case MODEVENTS_GETDATA:
1234 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1235 		    (size_t)a3, (caddr_t)a4);
1236 		break;
1237 
1238 	case MODEVENTS_FREEDATA:
1239 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1240 		break;
1241 	case MODEVENTS_POST_EVENT:
1242 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1243 			(sysevent_id_t *)a4);
1244 		break;
1245 	case MODEVENTS_REGISTER_EVENT:
1246 		error = log_sysevent_register((char *)a2, (char *)a3,
1247 		    (se_pubsub_t *)a4);
1248 		break;
1249 	default:
1250 		error = EINVAL;
1251 	}
1252 
1253 	return (error);
1254 }
1255 
1256 static void
1257 free_mperm(mperm_t *mp)
1258 {
1259 	int len;
1260 
1261 	if (mp->mp_minorname) {
1262 		len = strlen(mp->mp_minorname) + 1;
1263 		kmem_free(mp->mp_minorname, len);
1264 	}
1265 	kmem_free(mp, sizeof (mperm_t));
1266 }
1267 
1268 #define	MP_NO_DRV_ERR	\
1269 	"/etc/minor_perm: no driver for %s\n"
1270 
1271 #define	MP_EMPTY_MINOR	\
1272 	"/etc/minor_perm: empty minor name for driver %s\n"
1273 
1274 #define	MP_NO_MINOR	\
1275 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1276 
1277 /*
1278  * Remove mperm entry with matching minorname
1279  */
1280 static void
1281 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1282 {
1283 	mperm_t **mp_head;
1284 	mperm_t *freemp = NULL;
1285 	struct devnames *dnp = &devnamesp[major];
1286 	mperm_t **wildmp;
1287 
1288 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1289 
1290 	LOCK_DEV_OPS(&dnp->dn_lock);
1291 	if (strcmp(mp->mp_minorname, "*") == 0) {
1292 		wildmp = ((is_clone == 0) ?
1293 			&dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1294 		if (*wildmp)
1295 			freemp = *wildmp;
1296 		*wildmp = NULL;
1297 	} else {
1298 		mp_head = &dnp->dn_mperm;
1299 		while (*mp_head) {
1300 			if (strcmp((*mp_head)->mp_minorname,
1301 			    mp->mp_minorname) != 0) {
1302 				mp_head = &(*mp_head)->mp_next;
1303 				continue;
1304 			}
1305 			/* remove the entry */
1306 			freemp = *mp_head;
1307 			*mp_head = freemp->mp_next;
1308 			break;
1309 		}
1310 	}
1311 	if (freemp) {
1312 		if (moddebug & MODDEBUG_MINORPERM) {
1313 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1314 			    drvname, freemp->mp_minorname,
1315 			    freemp->mp_mode & 0777,
1316 			    freemp->mp_uid, freemp->mp_gid);
1317 		}
1318 		free_mperm(freemp);
1319 	} else {
1320 		if (moddebug & MODDEBUG_MINORPERM) {
1321 			cmn_err(CE_CONT, MP_NO_MINOR,
1322 				drvname, mp->mp_minorname);
1323 		}
1324 	}
1325 
1326 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1327 }
1328 
1329 /*
1330  * Add minor perm entry
1331  */
1332 static void
1333 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1334 {
1335 	mperm_t **mp_head;
1336 	mperm_t *freemp = NULL;
1337 	struct devnames *dnp = &devnamesp[major];
1338 	mperm_t **wildmp;
1339 
1340 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1341 
1342 	/*
1343 	 * Note that update_drv replace semantics require
1344 	 * replacing matching entries with the new permissions.
1345 	 */
1346 	LOCK_DEV_OPS(&dnp->dn_lock);
1347 	if (strcmp(mp->mp_minorname, "*") == 0) {
1348 		wildmp = ((is_clone == 0) ?
1349 			&dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1350 		if (*wildmp)
1351 			freemp = *wildmp;
1352 		*wildmp = mp;
1353 	} else {
1354 		mperm_t *p, *v = NULL;
1355 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1356 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1357 				if (v == NULL)
1358 					dnp->dn_mperm = mp;
1359 				else
1360 					v->mp_next = mp;
1361 				mp->mp_next = p->mp_next;
1362 				freemp = p;
1363 				goto replaced;
1364 			}
1365 		}
1366 		if (p == NULL) {
1367 			mp_head = &dnp->dn_mperm;
1368 			if (*mp_head == NULL) {
1369 				*mp_head = mp;
1370 			} else {
1371 				mp->mp_next = *mp_head;
1372 				*mp_head = mp;
1373 			}
1374 		}
1375 	}
1376 replaced:
1377 	if (freemp) {
1378 		if (moddebug & MODDEBUG_MINORPERM) {
1379 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1380 			    drvname, freemp->mp_minorname,
1381 			    freemp->mp_mode & 0777,
1382 			    freemp->mp_uid, freemp->mp_gid);
1383 		}
1384 		free_mperm(freemp);
1385 	}
1386 	if (moddebug & MODDEBUG_MINORPERM) {
1387 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1388 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1389 		    mp->mp_uid, mp->mp_gid);
1390 	}
1391 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1392 }
1393 
1394 
1395 static int
1396 process_minorperm(int cmd, nvlist_t *nvl)
1397 {
1398 	char *minor;
1399 	major_t major;
1400 	mperm_t *mp;
1401 	nvpair_t *nvp;
1402 	char *name;
1403 	int is_clone;
1404 	major_t minmaj;
1405 
1406 	ASSERT(cmd == MODLOADMINORPERM ||
1407 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1408 
1409 	nvp = NULL;
1410 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1411 		name = nvpair_name(nvp);
1412 
1413 		is_clone = 0;
1414 		(void) nvpair_value_string(nvp, &minor);
1415 		major = ddi_name_to_major(name);
1416 		if (major != (major_t)-1) {
1417 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1418 			if (minor == NULL || strlen(minor) == 0) {
1419 				if (moddebug & MODDEBUG_MINORPERM) {
1420 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1421 				}
1422 				minor = "*";
1423 			}
1424 
1425 			/*
1426 			 * The minor name of a node using the clone
1427 			 * driver must be the driver name.  To avoid
1428 			 * multiple searches, we map entries in the form
1429 			 * clone:<driver> to <driver>:*.  This also allows us
1430 			 * to filter out some of the litter in /etc/minor_perm.
1431 			 * Minor perm alias entries where the name is not
1432 			 * the driver kept on the clone list itself.
1433 			 * This all seems very fragile as a driver could
1434 			 * be introduced with an existing alias name.
1435 			 */
1436 			if (strcmp(name, "clone") == 0) {
1437 				minmaj = ddi_name_to_major(minor);
1438 				if (minmaj != (major_t)-1) {
1439 					if (moddebug & MODDEBUG_MINORPERM) {
1440 						cmn_err(CE_CONT,
1441 						    "mapping %s:%s to %s:*\n",
1442 						    name, minor, minor);
1443 					}
1444 					major = minmaj;
1445 					name = minor;
1446 					minor = "*";
1447 					is_clone = 1;
1448 				}
1449 			}
1450 
1451 			if (mp) {
1452 				mp->mp_minorname =
1453 				    i_ddi_strdup(minor, KM_SLEEP);
1454 			}
1455 		} else {
1456 			mp = NULL;
1457 			if (moddebug & MODDEBUG_MINORPERM) {
1458 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1459 			}
1460 		}
1461 
1462 		/* mode */
1463 		nvp = nvlist_next_nvpair(nvl, nvp);
1464 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1465 		if (mp)
1466 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1467 		/* uid */
1468 		nvp = nvlist_next_nvpair(nvl, nvp);
1469 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1470 		if (mp)
1471 			(void) nvpair_value_int32(nvp, &mp->mp_uid);
1472 		/* gid */
1473 		nvp = nvlist_next_nvpair(nvl, nvp);
1474 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1475 		if (mp) {
1476 			(void) nvpair_value_int32(nvp, &mp->mp_gid);
1477 
1478 			if (cmd == MODREMMINORPERM) {
1479 				rem_minorperm(major, name, mp, is_clone);
1480 				free_mperm(mp);
1481 			} else {
1482 				add_minorperm(major, name, mp, is_clone);
1483 			}
1484 		}
1485 	}
1486 
1487 	if (cmd == MODLOADMINORPERM)
1488 		minorperm_loaded = 1;
1489 
1490 	/*
1491 	 * Reset permissions of cached dv_nodes
1492 	 */
1493 	(void) devfs_reset_perm(DV_RESET_PERM);
1494 
1495 	return (0);
1496 }
1497 
1498 static int
1499 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1500 {
1501 	int error;
1502 	nvlist_t *nvl;
1503 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1504 
1505 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1506 		kmem_free(buf, buflen);
1507 		return (error);
1508 	}
1509 
1510 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1511 	kmem_free(buf, buflen);
1512 	if (error)
1513 		return (error);
1514 
1515 	error = process_minorperm(cmd, nvl);
1516 	nvlist_free(nvl);
1517 	return (error);
1518 }
1519 
1520 struct walk_args {
1521 	char		*wa_drvname;
1522 	list_t		wa_pathlist;
1523 };
1524 
1525 struct path_elem {
1526 	char		*pe_dir;
1527 	char		*pe_nodename;
1528 	list_node_t	pe_node;
1529 	int		pe_dirlen;
1530 };
1531 
1532 /*ARGSUSED*/
1533 static int
1534 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1535 {
1536 	struct walk_args *wargs = (struct walk_args *)arg;
1537 	struct path_elem *pe;
1538 	char *nodename;
1539 
1540 	if (strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1541 		return (INST_WALK_CONTINUE);
1542 
1543 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1544 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1545 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1546 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1547 	nodename = strrchr(pe->pe_dir, '/');
1548 	*nodename++ = 0;
1549 	pe->pe_nodename = nodename;
1550 	list_insert_tail(&wargs->wa_pathlist, pe);
1551 
1552 	return (INST_WALK_CONTINUE);
1553 }
1554 
1555 static int
1556 modctl_remdrv_cleanup(const char *u_drvname)
1557 {
1558 	struct walk_args *wargs;
1559 	struct path_elem *pe;
1560 	char *drvname;
1561 	int err, rval = 0;
1562 
1563 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
1564 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
1565 		kmem_free(drvname, MAXMODCONFNAME);
1566 		return (err);
1567 	}
1568 
1569 	/*
1570 	 * First go through the instance database.  For each
1571 	 * instance of a device bound to the driver being
1572 	 * removed, remove any underlying devfs attribute nodes.
1573 	 *
1574 	 * This is a two-step process.  First we go through
1575 	 * the instance data itself, constructing a list of
1576 	 * the nodes discovered.  The second step is then
1577 	 * to find and remove any devfs attribute nodes
1578 	 * for the instances discovered in the first step.
1579 	 * The two-step process avoids any difficulties
1580 	 * which could arise by holding the instance data
1581 	 * lock with simultaneous devfs operations.
1582 	 */
1583 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
1584 
1585 	wargs->wa_drvname = drvname;
1586 	list_create(&wargs->wa_pathlist,
1587 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
1588 
1589 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
1590 
1591 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
1592 	    pe = list_next(&wargs->wa_pathlist, pe)) {
1593 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
1594 			(const char *)pe->pe_nodename);
1595 		if (rval == 0)
1596 			rval = err;
1597 	}
1598 
1599 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
1600 		list_remove(&wargs->wa_pathlist, pe);
1601 		kmem_free(pe->pe_dir, pe->pe_dirlen);
1602 		kmem_free(pe, sizeof (*pe));
1603 	}
1604 	kmem_free(wargs, sizeof (*wargs));
1605 
1606 	/*
1607 	 * Pseudo nodes aren't recorded in the instance database
1608 	 * so any such nodes need to be handled separately.
1609 	 */
1610 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
1611 	if (rval == 0)
1612 		rval = err;
1613 
1614 	kmem_free(drvname, MAXMODCONFNAME);
1615 	return (rval);
1616 }
1617 
1618 static int
1619 modctl_allocpriv(const char *name)
1620 {
1621 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
1622 	int error;
1623 
1624 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
1625 		kmem_free(pstr, PRIVNAME_MAX);
1626 		return (error);
1627 	}
1628 	error = priv_getbyname(pstr, PRIV_ALLOC);
1629 	if (error < 0)
1630 		error = -error;
1631 	else
1632 		error = 0;
1633 	kmem_free(pstr, PRIVNAME_MAX);
1634 	return (error);
1635 }
1636 
1637 /*ARGSUSED5*/
1638 int
1639 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1640     uintptr_t a5)
1641 {
1642 	int	error = EINVAL;
1643 	dev_t	dev;
1644 
1645 	if (secpolicy_modctl(CRED(), cmd) != 0)
1646 		return (set_errno(EPERM));
1647 
1648 	switch (cmd) {
1649 	case MODLOAD:		/* load a module */
1650 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
1651 		break;
1652 
1653 	case MODUNLOAD:		/* unload a module */
1654 		error = modctl_modunload((modid_t)a1);
1655 		break;
1656 
1657 	case MODINFO:		/* get module status */
1658 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
1659 		break;
1660 
1661 	case MODRESERVED:	/* get last major number in range */
1662 		error = modctl_modreserve((modid_t)a1, (int *)a2);
1663 		break;
1664 
1665 	case MODSETMINIROOT:	/* we are running in miniroot */
1666 		isminiroot = 1;
1667 		error = 0;
1668 		break;
1669 
1670 	case MODADDMAJBIND:	/* read major binding file */
1671 		error = modctl_add_major((int *)a2);
1672 		break;
1673 
1674 	case MODGETPATHLEN:	/* get modpath length */
1675 		error = modctl_getmodpathlen((int *)a2);
1676 		break;
1677 
1678 	case MODGETPATH:	/* get modpath */
1679 		error = modctl_getmodpath((char *)a2);
1680 		break;
1681 
1682 	case MODREADSYSBIND:	/* read system call binding file */
1683 		error = modctl_read_sysbinding_file();
1684 		break;
1685 
1686 	case MODGETMAJBIND:	/* get major number for named device */
1687 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
1688 		break;
1689 
1690 	case MODGETNAME:	/* get name of device given major number */
1691 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
1692 		break;
1693 
1694 	case MODDEVT2INSTANCE:
1695 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1696 			dev = (dev_t)a1;
1697 		}
1698 #ifdef _SYSCALL32_IMPL
1699 		else {
1700 			dev = expldev(a1);
1701 		}
1702 #endif
1703 		error = modctl_devt2instance(dev, (int *)a2);
1704 		break;
1705 
1706 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
1707 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1708 			dev = (dev_t)a1;
1709 		}
1710 #ifdef _SYSCALL32_IMPL
1711 		else {
1712 			dev = expldev(a1);
1713 		}
1714 #endif
1715 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
1716 		break;
1717 
1718 	case MODGETDEVID:	/* get device id of device given dev_t */
1719 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1720 			dev = (dev_t)a1;
1721 		}
1722 #ifdef _SYSCALL32_IMPL
1723 		else {
1724 			dev = expldev(a1);
1725 		}
1726 #endif
1727 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
1728 		break;
1729 
1730 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm of dev_t/spectype */
1731 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1732 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
1733 			    (uint_t *)a3);
1734 		}
1735 #ifdef _SYSCALL32_IMPL
1736 		else {
1737 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
1738 			    (uint_t *)a3);
1739 		}
1740 
1741 #endif
1742 		break;
1743 
1744 	case MODGETMINORNAME:   /* get minor name of dev_t and spec type */
1745 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1746 			error = modctl_get_minorname((dev_t)a1, (int)a2,
1747 			    (uint_t)a3, (char *)a4);
1748 		}
1749 #ifdef _SYSCALL32_IMPL
1750 		else {
1751 			error = modctl_get_minorname(expldev(a1), (int)a2,
1752 			    (uint_t)a3, (char *)a4);
1753 		}
1754 #endif
1755 		break;
1756 
1757 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of dev_t/spectype */
1758 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1759 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
1760 			    (uint_t *)a3);
1761 		}
1762 #ifdef _SYSCALL32_IMPL
1763 		else {
1764 			error = modctl_devfspath_len(expldev(a1), (int)a2,
1765 			    (uint_t *)a3);
1766 		}
1767 
1768 #endif
1769 		break;
1770 
1771 	case MODGETDEVFSPATH:   /* get path name of dev_t and spec type */
1772 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1773 			error = modctl_devfspath((dev_t)a1, (int)a2,
1774 			    (uint_t)a3, (char *)a4);
1775 		}
1776 #ifdef _SYSCALL32_IMPL
1777 		else {
1778 			error = modctl_devfspath(expldev(a1), (int)a2,
1779 			    (uint_t)a3, (char *)a4);
1780 		}
1781 #endif
1782 		break;
1783 
1784 
1785 	case MODEVENTS:
1786 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
1787 		break;
1788 
1789 	case MODGETFBNAME:	/* get the framebuffer name */
1790 		error = modctl_get_fbname((char *)a1);
1791 		break;
1792 
1793 	case MODREREADDACF:	/* reread dacf rule database from given file */
1794 		error = modctl_reread_dacf((char *)a1);
1795 		break;
1796 
1797 	case MODLOADDRVCONF:	/* load driver.conf file for major */
1798 		error = modctl_load_drvconf((major_t)a1);
1799 		break;
1800 
1801 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
1802 		error = modctl_unload_drvconf((major_t)a1);
1803 		break;
1804 
1805 	case MODREMMAJBIND:	/* remove a major binding */
1806 		error = modctl_rem_major((major_t)a1);
1807 		break;
1808 
1809 	case MODDEVID2PATHS:	/* get paths given devid */
1810 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
1811 		    (uint_t)a3, (size_t *)a4, (char *)a5);
1812 		break;
1813 
1814 	case MODSETDEVPOLICY:	/* establish device policy */
1815 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
1816 		break;
1817 
1818 	case MODGETDEVPOLICY:	/* get device policy */
1819 		error = devpolicy_get((int *)a1, (size_t)a2,
1820 				(devplcysys_t *)a3);
1821 		break;
1822 
1823 	case MODALLOCPRIV:
1824 		error = modctl_allocpriv((const char *)a1);
1825 		break;
1826 
1827 	case MODGETDEVPOLICYBYNAME:
1828 		error = devpolicy_getbyname((size_t)a1,
1829 		    (devplcysys_t *)a2, (char *)a3);
1830 		break;
1831 
1832 	case MODCLEANUP:
1833 		e_devid_cache_cleanup();
1834 		error = 0;
1835 		break;
1836 
1837 	case MODLOADMINORPERM:
1838 	case MODADDMINORPERM:
1839 	case MODREMMINORPERM:
1840 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
1841 		break;
1842 
1843 	case MODREMDRVCLEANUP:
1844 		error = modctl_remdrv_cleanup((const char *)a1);
1845 		break;
1846 
1847 	default:
1848 		error = EINVAL;
1849 		break;
1850 	}
1851 
1852 	return (error ? set_errno(error) : 0);
1853 }
1854 
1855 /*
1856  * Calls to kobj_load_module()() are handled off to this routine in a
1857  * separate thread.
1858  */
1859 static void
1860 modload_thread(struct loadmt *ltp)
1861 {
1862 	/* load the module and signal the creator of this thread */
1863 	kmutex_t	cpr_lk;
1864 	callb_cpr_t	cpr_i;
1865 
1866 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
1867 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
1868 	/* borrow the devi lock from thread which invoked us */
1869 	pm_borrow_lock(ltp->owner);
1870 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
1871 	pm_return_lock();
1872 	sema_v(&ltp->sema);
1873 	mutex_enter(&cpr_lk);
1874 	CALLB_CPR_EXIT(&cpr_i);
1875 	mutex_destroy(&cpr_lk);
1876 	thread_exit();
1877 }
1878 
1879 /*
1880  * load a module, adding a reference if caller specifies rmodp.  If rmodp
1881  * is specified then an errno is returned, otherwise a module index is
1882  * returned (-1 on error).
1883  */
1884 static int
1885 modrload(char *subdir, char *filename, struct modctl **rmodp)
1886 {
1887 	struct modctl *modp;
1888 	size_t size;
1889 	char *fullname;
1890 	int retval = EINVAL;
1891 	int id = -1;
1892 
1893 	if (rmodp)
1894 		*rmodp = NULL;			/* avoid garbage */
1895 
1896 	if (subdir != NULL) {
1897 		/*
1898 		 * refuse / in filename to prevent "../" escapes.
1899 		 */
1900 		if (strchr(filename, '/') != NULL)
1901 			return (rmodp ? retval : id);
1902 
1903 		/*
1904 		 * allocate enough space for <subdir>/<filename><NULL>
1905 		 */
1906 		size = strlen(subdir) + strlen(filename) + 2;
1907 		fullname = kmem_zalloc(size, KM_SLEEP);
1908 		(void) sprintf(fullname, "%s/%s", subdir, filename);
1909 	} else {
1910 		fullname = filename;
1911 	}
1912 
1913 	modp = mod_hold_installed_mod(fullname, 1, &retval);
1914 	if (modp != NULL) {
1915 		id = modp->mod_id;
1916 		if (rmodp) {
1917 			/* add mod_ref and return *rmodp */
1918 			mutex_enter(&mod_lock);
1919 			modp->mod_ref++;
1920 			mutex_exit(&mod_lock);
1921 			*rmodp = modp;
1922 		}
1923 		mod_release_mod(modp);
1924 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
1925 	}
1926 
1927 done:	if (subdir != NULL)
1928 		kmem_free(fullname, size);
1929 	return (rmodp ? retval : id);
1930 }
1931 
1932 /*
1933  * This is the primary kernel interface to load a module. It loads and
1934  * installs the named module.  It does not hold mod_ref of the module, so
1935  * a module unload attempt can occur at any time - it is up to the
1936  * _fini/mod_remove implementation to determine if unload will succeed.
1937  */
1938 int
1939 modload(char *subdir, char *filename)
1940 {
1941 	return (modrload(subdir, filename, NULL));
1942 }
1943 
1944 /*
1945  * Load a module.
1946  */
1947 int
1948 modloadonly(char *subdir, char *filename)
1949 {
1950 	struct modctl *modp;
1951 	char *fullname;
1952 	size_t size;
1953 	int id, retval;
1954 
1955 	if (subdir != NULL) {
1956 		/*
1957 		 * allocate enough space for <subdir>/<filename><NULL>
1958 		 */
1959 		size = strlen(subdir) + strlen(filename) + 2;
1960 		fullname = kmem_zalloc(size, KM_SLEEP);
1961 		(void) sprintf(fullname, "%s/%s", subdir, filename);
1962 	} else {
1963 		fullname = filename;
1964 	}
1965 
1966 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
1967 	if (modp) {
1968 		id = modp->mod_id;
1969 		mod_release_mod(modp);
1970 	}
1971 
1972 	if (subdir != NULL)
1973 		kmem_free(fullname, size);
1974 
1975 	if (retval == 0)
1976 		return (id);
1977 	return (-1);
1978 }
1979 
1980 /*
1981  * Try to uninstall and unload a module, removing a reference if caller
1982  * specifies rmodp.
1983  */
1984 static int
1985 modunrload(modid_t id, struct modctl **rmodp, int unload)
1986 {
1987 	struct modctl	*modp;
1988 	int		retval;
1989 
1990 	if (rmodp)
1991 		*rmodp = NULL;			/* avoid garbage */
1992 
1993 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
1994 		return (EINVAL);
1995 
1996 	if (rmodp) {
1997 		mutex_enter(&mod_lock);
1998 		modp->mod_ref--;
1999 		mutex_exit(&mod_lock);
2000 		*rmodp = modp;
2001 	}
2002 
2003 	if (unload) {
2004 		retval = moduninstall(modp);
2005 		if (retval == 0) {
2006 			mod_unload(modp);
2007 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2008 		} else if (retval == EALREADY)
2009 			retval = 0;	/* already unloaded, not an error */
2010 	} else
2011 		retval = 0;
2012 
2013 	mod_release_mod(modp);
2014 	return (retval);
2015 }
2016 
2017 /*
2018  * Uninstall and unload a module.
2019  */
2020 int
2021 modunload(modid_t id)
2022 {
2023 	return (modunrload(id, NULL, 1));
2024 }
2025 
2026 /*
2027  * Return status of a loaded module.
2028  */
2029 static int
2030 modinfo(modid_t id, struct modinfo *modinfop)
2031 {
2032 	struct modctl	*modp;
2033 	modid_t		mid;
2034 	int		i;
2035 
2036 	mid = modinfop->mi_id;
2037 	if (modinfop->mi_info & MI_INFO_ALL) {
2038 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2039 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2040 			    modp->mod_installed)
2041 				break;
2042 			mod_release_mod(modp);
2043 		}
2044 		if (modp == NULL)
2045 			return (EINVAL);
2046 	} else {
2047 		modp = mod_hold_by_id(id);
2048 		if (modp == NULL)
2049 			return (EINVAL);
2050 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2051 		    (modp->mod_installed == 0)) {
2052 			mod_release_mod(modp);
2053 			return (EINVAL);
2054 		}
2055 	}
2056 
2057 	modinfop->mi_rev = 0;
2058 	modinfop->mi_state = 0;
2059 	for (i = 0; i < MODMAXLINK; i++) {
2060 		modinfop->mi_msinfo[i].msi_p0 = -1;
2061 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2062 	}
2063 	if (modp->mod_loaded) {
2064 		modinfop->mi_state = MI_LOADED;
2065 		kobj_getmodinfo(modp->mod_mp, modinfop);
2066 	}
2067 	if (modp->mod_installed) {
2068 		modinfop->mi_state |= MI_INSTALLED;
2069 
2070 		(void) mod_getinfo(modp, modinfop);
2071 	}
2072 
2073 	modinfop->mi_id = modp->mod_id;
2074 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2075 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2076 
2077 	mod_release_mod(modp);
2078 	return (0);
2079 }
2080 
2081 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2082 static char no_err[] = "No error function for weak stub %s";
2083 
2084 /*
2085  * used by the stubs themselves to load and hold a module.
2086  * Returns  0 if the module is successfully held;
2087  *	    the stub needs to call mod_release_stub().
2088  *	    -1 if the stub should just call the err_fcn.
2089  * Note that this code is stretched out so that we avoid subroutine calls
2090  * and optimize for the most likely case.  That is, the case where the
2091  * module is loaded and installed and not held.  In that case we just inc
2092  * the mod_ref count and continue.
2093  */
2094 int
2095 mod_hold_stub(struct mod_stub_info *stub)
2096 {
2097 	struct modctl *mp;
2098 	struct mod_modinfo *mip;
2099 
2100 	mip = stub->mods_modinfo;
2101 
2102 	mutex_enter(&mod_lock);
2103 
2104 	/* we do mod_hold_by_modctl inline for speed */
2105 
2106 mod_check_again:
2107 	if ((mp = mip->mp) != NULL) {
2108 		if (mp->mod_busy == 0) {
2109 			if (mp->mod_installed) {
2110 				/* increment the reference count */
2111 				mp->mod_ref++;
2112 				ASSERT(mp->mod_ref && mp->mod_installed);
2113 				mutex_exit(&mod_lock);
2114 				return (0);
2115 			} else {
2116 				mp->mod_busy = 1;
2117 				mp->mod_inprogress_thread =
2118 				    (curthread == NULL ?
2119 				    (kthread_id_t)-1 : curthread);
2120 			}
2121 		} else {
2122 			/*
2123 			 * wait one time and then go see if someone
2124 			 * else has resolved the stub (set mip->mp).
2125 			 */
2126 			if (mod_hold_by_modctl(mp,
2127 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2128 				goto mod_check_again;
2129 
2130 			/*
2131 			 * what we have now may have been unloaded!, in
2132 			 * that case, mip->mp will be NULL, we'll hit this
2133 			 * module and load again..
2134 			 */
2135 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2136 		}
2137 		mutex_exit(&mod_lock);
2138 	} else {
2139 		/* first time we've hit this module */
2140 		mutex_exit(&mod_lock);
2141 		mp = mod_hold_by_name(mip->modm_module_name);
2142 		mip->mp = mp;
2143 	}
2144 
2145 	/*
2146 	 * If we are here, it means that the following conditions
2147 	 * are satisfied.
2148 	 *
2149 	 * mip->mp != NULL
2150 	 * this thread has set the mp->mod_busy = 1
2151 	 * mp->mod_installed = 0
2152 	 *
2153 	 */
2154 	ASSERT(mp != NULL);
2155 	ASSERT(mp->mod_busy == 1);
2156 
2157 	if (mp->mod_installed == 0) {
2158 		/* Module not loaded, if weak stub don't load it */
2159 		if (stub->mods_flag & MODS_WEAK) {
2160 			if (stub->mods_errfcn == NULL) {
2161 				mod_release_mod(mp);
2162 				cmn_err(CE_PANIC, no_err,
2163 				    mip->modm_module_name);
2164 			}
2165 		} else {
2166 			/* Not a weak stub so load the module */
2167 
2168 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
2169 				/*
2170 				 * If mod_load() was successful
2171 				 * and modinstall() failed, then
2172 				 * unload the module.
2173 				 */
2174 				if (mp->mod_loaded)
2175 					mod_unload(mp);
2176 
2177 				mod_release_mod(mp);
2178 				if (stub->mods_errfcn == NULL) {
2179 					cmn_err(CE_PANIC, mod_stub_err,
2180 					    mip->modm_module_name);
2181 				} else {
2182 					return (-1);
2183 				}
2184 			}
2185 		}
2186 	}
2187 
2188 	/*
2189 	 * At this point module is held and loaded. Release
2190 	 * the mod_busy and mod_inprogress_thread before
2191 	 * returning. We actually call mod_release() here so
2192 	 * that if another stub wants to access this module,
2193 	 * it can do so. mod_ref is incremented before mod_release()
2194 	 * is called to prevent someone else from snatching the
2195 	 * module from this thread.
2196 	 */
2197 	mutex_enter(&mod_lock);
2198 	mp->mod_ref++;
2199 	ASSERT(mp->mod_ref &&
2200 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2201 	mod_release(mp);
2202 	mutex_exit(&mod_lock);
2203 	return (0);
2204 }
2205 
2206 void
2207 mod_release_stub(struct mod_stub_info *stub)
2208 {
2209 	struct modctl *mp = stub->mods_modinfo->mp;
2210 
2211 	/* inline mod_release_mod */
2212 	mutex_enter(&mod_lock);
2213 	ASSERT(mp->mod_ref &&
2214 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2215 	mp->mod_ref--;
2216 	if (mp->mod_want) {
2217 		mp->mod_want = 0;
2218 		cv_broadcast(&mod_cv);
2219 	}
2220 	mutex_exit(&mod_lock);
2221 }
2222 
2223 static struct modctl *
2224 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
2225 {
2226 	struct modctl *modp;
2227 	int retval;
2228 
2229 	/*
2230 	 * Hold the module.
2231 	 */
2232 	modp = mod_hold_by_name_requisite(dep, filename);
2233 	if (modp) {
2234 		retval = mod_load(modp, 1);
2235 		if (retval != 0) {
2236 			mod_release_mod(modp);
2237 			modp = NULL;
2238 		}
2239 		*status = retval;
2240 	} else {
2241 		*status = ENOSPC;
2242 	}
2243 
2244 	/*
2245 	 * if dep is not NULL, clear the module dependency information.
2246 	 * This information is set in mod_hold_by_name_common().
2247 	 */
2248 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
2249 		ASSERT(dep->mod_busy);
2250 		dep->mod_requisite_loading = NULL;
2251 	}
2252 
2253 	return (modp);
2254 }
2255 
2256 /*
2257  * hold, load, and install the named module
2258  */
2259 static struct modctl *
2260 mod_hold_installed_mod(char *name, int usepath, int *r)
2261 {
2262 	struct modctl *modp;
2263 	int retval;
2264 	struct _buf *file;
2265 
2266 	/*
2267 	 * Verify that that module in question actually exists on disk
2268 	 * before allocation of module structure by mod_hold_by_name.
2269 	 */
2270 	if (modrootloaded && swaploaded) {
2271 		file = kobj_open_path(name, usepath, 1);
2272 #ifdef	MODDIR_SUFFIX
2273 		if (file == (struct _buf *)-1)
2274 			file = kobj_open_path(name, usepath, 0);
2275 #endif	/* MODDIR_SUFFIX */
2276 		if (file == (struct _buf *)-1) {
2277 			*r = ENOENT;
2278 			return (NULL);
2279 		}
2280 		kobj_close_file(file);
2281 	}
2282 
2283 	/*
2284 	 * Hold the module.
2285 	 */
2286 	modp = mod_hold_by_name(name);
2287 	if (modp) {
2288 		retval = mod_load(modp, usepath);
2289 		if (retval != 0) {
2290 			mod_release_mod(modp);
2291 			modp = NULL;
2292 			*r = retval;
2293 		} else {
2294 			if ((*r = modinstall(modp)) != 0) {
2295 				/*
2296 				 * We loaded it, but failed to _init() it.
2297 				 * Be kind to developers -- force it
2298 				 * out of memory now so that the next
2299 				 * attempt to use the module will cause
2300 				 * a reload.  See 1093793.
2301 				 */
2302 				mod_unload(modp);
2303 				mod_release_mod(modp);
2304 				modp = NULL;
2305 			}
2306 		}
2307 	} else {
2308 		*r = ENOSPC;
2309 	}
2310 	return (modp);
2311 }
2312 
2313 static char mod_excl_msg[] =
2314 	"module %s(%s) is EXCLUDED and will not be loaded\n";
2315 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
2316 
2317 /*
2318  * This routine is needed for dependencies.  Users specify dependencies
2319  * by declaring a character array initialized to filenames of dependents.
2320  * So the code that handles dependents deals with filenames (and not
2321  * module names) because that's all it has.  We load by filename and once
2322  * we've loaded a file we can get the module name.
2323  * Unfortunately there isn't a single unified filename/modulename namespace.
2324  * C'est la vie.
2325  *
2326  * We allow the name being looked up to be prepended by an optional
2327  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
2328  */
2329 struct modctl *
2330 mod_find_by_filename(char *subdir, char *filename)
2331 {
2332 	struct modctl	*mp;
2333 	size_t		sublen;
2334 
2335 	ASSERT(!MUTEX_HELD(&mod_lock));
2336 	if (subdir != NULL)
2337 		sublen = strlen(subdir);
2338 	else
2339 		sublen = 0;
2340 
2341 	mutex_enter(&mod_lock);
2342 	mp = &modules;
2343 	do {
2344 		if (sublen) {
2345 			char *mod_filename = mp->mod_filename;
2346 
2347 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
2348 			    mod_filename[sublen] == '/' &&
2349 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
2350 				mutex_exit(&mod_lock);
2351 				return (mp);
2352 			}
2353 		} else if (strcmp(filename, mp->mod_filename) == 0) {
2354 			mutex_exit(&mod_lock);
2355 			return (mp);
2356 		}
2357 	} while ((mp = mp->mod_next) != &modules);
2358 	mutex_exit(&mod_lock);
2359 	return (NULL);
2360 }
2361 
2362 /*
2363  * Check for circular dependencies.  This is called from do_dependents()
2364  * in kobj.c.  If we are the thread already loading this module, then
2365  * we're trying to load a dependent that we're already loading which
2366  * means the user specified circular dependencies.
2367  */
2368 static int
2369 mod_circdep(struct modctl *modp)
2370 {
2371 	struct modctl	*rmod;
2372 
2373 	ASSERT(MUTEX_HELD(&mod_lock));
2374 
2375 	/*
2376 	 * Check the mod_inprogress_thread first.
2377 	 * mod_inprogress_thread is used in mod_hold_stub()
2378 	 * directly to improve performance.
2379 	 */
2380 	if (modp->mod_inprogress_thread == curthread)
2381 		return (1);
2382 
2383 	/*
2384 	 * Check the module circular dependencies.
2385 	 */
2386 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
2387 		/*
2388 		 * Check if there is a module circular dependency.
2389 		 */
2390 		if (rmod->mod_requisite_loading == modp)
2391 			return (1);
2392 	}
2393 	return (0);
2394 }
2395 
2396 static int
2397 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
2398 {
2399 	int (*func)(struct modinfo *);
2400 	int retval;
2401 
2402 	ASSERT(modp->mod_busy);
2403 
2404 	/* primary modules don't do getinfo */
2405 	if (modp->mod_prim)
2406 		return (0);
2407 
2408 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
2409 
2410 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
2411 		cmn_err(CE_WARN, "_info() not defined properly in %s",
2412 		    modp->mod_filename);
2413 		/*
2414 		 * The semantics of mod_info(9F) are that 0 is failure
2415 		 * and non-zero is success.
2416 		 */
2417 		retval = 0;
2418 	} else
2419 		retval = (*func)(modinfop);	/* call _info() function */
2420 
2421 	if (moddebug & MODDEBUG_USERDEBUG)
2422 		printf("Returned from _info, retval = %x\n", retval);
2423 
2424 	return (retval);
2425 }
2426 
2427 static void
2428 modadd(struct modctl *mp)
2429 {
2430 	ASSERT(MUTEX_HELD(&mod_lock));
2431 
2432 	mp->mod_id = last_module_id++;
2433 	mp->mod_next = &modules;
2434 	mp->mod_prev = modules.mod_prev;
2435 	modules.mod_prev->mod_next = mp;
2436 	modules.mod_prev = mp;
2437 }
2438 
2439 /*ARGSUSED*/
2440 static struct modctl *
2441 allocate_modp(char *filename, char *modname)
2442 {
2443 	struct modctl *mp;
2444 
2445 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
2446 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
2447 	(void) strcpy(mp->mod_modname, modname);
2448 	return (mp);
2449 }
2450 
2451 /*
2452  * Get the value of a symbol.  This is a wrapper routine that
2453  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
2454  * wrapper will prevent callers from noticing.
2455  */
2456 uintptr_t
2457 modgetsymvalue(char *name, int kernelonly)
2458 {
2459 	return (kobj_getsymvalue(name, kernelonly));
2460 }
2461 
2462 /*
2463  * Get the symbol nearest an address.  This is a wrapper routine that
2464  * calls kobj_getsymname().  kobj_getsymname() may go away but this
2465  * wrapper will prevent callers from noticing.
2466  */
2467 char *
2468 modgetsymname(uintptr_t value, ulong_t *offset)
2469 {
2470 	return (kobj_getsymname(value, offset));
2471 }
2472 
2473 /*
2474  * Lookup a symbol in a specified module.  This is a wrapper routine that
2475  * calls kobj_lookup().  kobj_lookup() may go away but this
2476  * wrapper will prevent callers from noticing.
2477  */
2478 uintptr_t
2479 modlookup(char *modname, char *symname)
2480 {
2481 	struct modctl *modp;
2482 	uintptr_t val;
2483 
2484 	if ((modp = mod_hold_by_name(modname)) == NULL)
2485 		return (0);
2486 	val = kobj_lookup(modp->mod_mp, symname);
2487 	mod_release_mod(modp);
2488 	return (val);
2489 }
2490 
2491 /*
2492  * Ask the user for the name of the system file and the default path
2493  * for modules.
2494  */
2495 void
2496 mod_askparams()
2497 {
2498 	static char s0[64];
2499 	intptr_t fd;
2500 
2501 	if ((fd = kobj_open(systemfile)) != -1L)
2502 		kobj_close(fd);
2503 	else
2504 		systemfile = NULL;
2505 
2506 	/*CONSTANTCONDITION*/
2507 	while (1) {
2508 		printf("Name of system file [%s]:  ",
2509 			systemfile ? systemfile : "/dev/null");
2510 
2511 		console_gets(s0, sizeof (s0));
2512 
2513 		if (s0[0] == '\0')
2514 			break;
2515 		else if (strcmp(s0, "/dev/null") == 0) {
2516 			systemfile = NULL;
2517 			break;
2518 		} else {
2519 			if ((fd = kobj_open(s0)) != -1L) {
2520 				kobj_close(fd);
2521 				systemfile = s0;
2522 				break;
2523 			}
2524 		}
2525 		printf("can't find file %s\n", s0);
2526 	}
2527 }
2528 
2529 static char loading_msg[] = "loading '%s' id %d\n";
2530 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
2531 
2532 /*
2533  * Common code for loading a module (but not installing it).
2534  * Handoff the task of module loading to a seperate thread
2535  * with a large stack if possible, since this code may recurse a few times.
2536  * Return zero if there are no errors or an errno value.
2537  */
2538 static int
2539 mod_load(struct modctl *mp, int usepath)
2540 {
2541 	int		retval;
2542 	struct modinfo	*modinfop = NULL;
2543 	struct loadmt	lt;
2544 
2545 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2546 	ASSERT(mp->mod_busy);
2547 
2548 	if (mp->mod_loaded)
2549 		return (0);
2550 
2551 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
2552 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
2553 		if (moddebug & MODDEBUG_LOADMSG) {
2554 			printf(mod_excl_msg, mp->mod_filename,
2555 				mp->mod_modname);
2556 		}
2557 		return (ENXIO);
2558 	}
2559 	if (moddebug & MODDEBUG_LOADMSG2)
2560 		printf(loading_msg, mp->mod_filename, mp->mod_id);
2561 
2562 	if (curthread != &t0) {
2563 		lt.mp = mp;
2564 		lt.usepath = usepath;
2565 		lt.owner = curthread;
2566 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
2567 
2568 		/* create thread to hand of call to */
2569 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
2570 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
2571 
2572 		/* wait for thread to complete kobj_load_module */
2573 		sema_p(&lt.sema);
2574 
2575 		sema_destroy(&lt.sema);
2576 		retval = lt.retval;
2577 	} else
2578 		retval = kobj_load_module(mp, usepath);
2579 
2580 	if (mp->mod_mp) {
2581 		ASSERT(retval == 0);
2582 		mp->mod_loaded = 1;
2583 		mp->mod_loadcnt++;
2584 		if (moddebug & MODDEBUG_LOADMSG) {
2585 			printf(load_msg, mp->mod_filename, mp->mod_id,
2586 				(void *)((struct module *)mp->mod_mp)->text,
2587 				(void *)((struct module *)mp->mod_mp)->data,
2588 				((struct module *)mp->mod_mp)->text_size,
2589 				((struct module *)mp->mod_mp)->data_size);
2590 		}
2591 
2592 		/*
2593 		 * XXX - There should be a better way to get this.
2594 		 */
2595 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
2596 		modinfop->mi_info = MI_INFO_LINKAGE;
2597 		if (mod_getinfo(mp, modinfop) == 0)
2598 			mp->mod_linkage = NULL;
2599 		else {
2600 			mp->mod_linkage = (void *)modinfop->mi_base;
2601 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
2602 		}
2603 
2604 		/*
2605 		 * DCS: bootstrapping code. If the driver is loaded
2606 		 * before root mount, it is assumed that the driver
2607 		 * may be used before mounting root. In order to
2608 		 * access mappings of global to local minor no.'s
2609 		 * during installation/open of the driver, we load
2610 		 * them into memory here while the BOP_interfaces
2611 		 * are still up.
2612 		 */
2613 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
2614 			retval = clboot_modload(mp);
2615 		}
2616 
2617 		kmem_free(modinfop, sizeof (struct modinfo));
2618 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
2619 		retval = install_stubs_by_name(mp, mp->mod_modname);
2620 
2621 		/*
2622 		 * Now that the module is loaded, we need to give DTrace
2623 		 * a chance to notify its providers.  This is done via
2624 		 * the dtrace_modload function pointer.
2625 		 */
2626 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
2627 			struct modctl *dmp = mod_hold_by_name("dtrace");
2628 
2629 			if (dmp != NULL && dtrace_modload != NULL)
2630 				(*dtrace_modload)(mp);
2631 
2632 			mod_release_mod(dmp);
2633 		}
2634 
2635 	} else {
2636 		/*
2637 		 * If load failed then we need to release any requisites
2638 		 * that we had established.
2639 		 */
2640 		ASSERT(retval);
2641 		mod_release_requisites(mp);
2642 
2643 		if (moddebug & MODDEBUG_ERRMSG)
2644 			printf("error loading '%s', error %d\n",
2645 			    mp->mod_filename, retval);
2646 	}
2647 	return (retval);
2648 }
2649 
2650 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
2651 
2652 static void
2653 mod_unload(struct modctl *mp)
2654 {
2655 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2656 	ASSERT(mp->mod_busy);
2657 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
2658 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
2659 
2660 	if (moddebug & MODDEBUG_LOADMSG)
2661 		printf(unload_msg, mp->mod_modname,
2662 			mp->mod_id, mp->mod_loadcnt);
2663 
2664 	/*
2665 	 * If mod_ref is not zero, it means some modules might still refer
2666 	 * to this module. Then you can't unload this module right now.
2667 	 * Instead, set 1 to mod_delay_unload to notify the system of
2668 	 * unloading this module later when it's not required any more.
2669 	 */
2670 	if (mp->mod_ref > 0) {
2671 		mp->mod_delay_unload = 1;
2672 		if (moddebug & MODDEBUG_LOADMSG2) {
2673 			printf("module %s not unloaded,"
2674 			    " non-zero reference count (%d)",
2675 			    mp->mod_modname, mp->mod_ref);
2676 		}
2677 		return;
2678 	}
2679 
2680 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
2681 	    (mp->mod_ref || mp->mod_prim)) {
2682 		/*
2683 		 * A DEBUG kernel would ASSERT panic above, the code is broken
2684 		 * if we get this warning.
2685 		 */
2686 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
2687 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
2688 		    mp->mod_ref);
2689 		return;
2690 	}
2691 
2692 	/* reset stub functions to call the binder again */
2693 	reset_stubs(mp);
2694 
2695 	/*
2696 	 * mark module as unloaded before the modctl structure is freed.
2697 	 * This is required not to reuse the modctl structure before
2698 	 * the module is marked as unloaded.
2699 	 */
2700 	mp->mod_loaded = 0;
2701 	mp->mod_linkage = NULL;
2702 
2703 	/* free the memory */
2704 	kobj_unload_module(mp);
2705 
2706 	if (mp->mod_delay_unload) {
2707 		mp->mod_delay_unload = 0;
2708 		if (moddebug & MODDEBUG_LOADMSG2) {
2709 			printf("deferred unload of module %s"
2710 			    " (id %d) successful",
2711 			    mp->mod_modname, mp->mod_id);
2712 		}
2713 	}
2714 
2715 	/* release hold on requisites */
2716 	mod_release_requisites(mp);
2717 
2718 	/*
2719 	 * Now that the module is gone, we need to give DTrace a chance to
2720 	 * remove any probes that it may have had in the module.  This is
2721 	 * done via the dtrace_modunload function pointer.
2722 	 */
2723 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
2724 		struct modctl *dmp = mod_hold_by_name("dtrace");
2725 
2726 		if (dmp != NULL && dtrace_modunload != NULL)
2727 			(*dtrace_modunload)(mp);
2728 
2729 		mod_release_mod(dmp);
2730 	}
2731 }
2732 
2733 static int
2734 modinstall(struct modctl *mp)
2735 {
2736 	int val;
2737 	int (*func)(void);
2738 
2739 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2740 	ASSERT(mp->mod_busy && mp->mod_loaded);
2741 
2742 	if (mp->mod_installed)
2743 		return (0);
2744 	/*
2745 	 * If mod_delay_unload is on, it means the system chose the deferred
2746 	 * unload for this module. Then you can't install this module until
2747 	 * it's unloaded from the system.
2748 	 */
2749 	if (mp->mod_delay_unload)
2750 		return (ENXIO);
2751 
2752 	if (moddebug & MODDEBUG_LOADMSG)
2753 		printf("installing %s, module id %d.\n",
2754 			mp->mod_modname, mp->mod_id);
2755 
2756 	ASSERT(mp->mod_mp != NULL);
2757 	if (mod_install_requisites(mp) != 0) {
2758 		/*
2759 		 * Note that we can't call mod_unload(mp) here since
2760 		 * if modinstall() was called by mod_install_requisites(),
2761 		 * we won't be able to hold the dependent modules
2762 		 * (otherwise there would be a deadlock).
2763 		 */
2764 		return (ENXIO);
2765 	}
2766 
2767 	if (moddebug & MODDEBUG_ERRMSG) {
2768 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
2769 			mp->mod_filename, mp->mod_id,
2770 			(void *)((struct module *)mp->mod_mp)->text,
2771 			(void *)((struct module *)mp->mod_mp)->data,
2772 			((struct module *)mp->mod_mp)->text_size,
2773 			((struct module *)mp->mod_mp)->data_size);
2774 	}
2775 
2776 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
2777 
2778 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
2779 		cmn_err(CE_WARN, "_init() not defined properly in %s",
2780 		    mp->mod_filename);
2781 		return (EFAULT);
2782 	}
2783 
2784 	if (moddebug & MODDEBUG_USERDEBUG) {
2785 		printf("breakpoint before calling %s:_init()\n",
2786 		    mp->mod_modname);
2787 		if (DEBUGGER_PRESENT)
2788 			debug_enter("_init");
2789 	}
2790 
2791 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2792 	ASSERT(mp->mod_busy && mp->mod_loaded);
2793 	val = (*func)();		/* call _init */
2794 
2795 	if (moddebug & MODDEBUG_USERDEBUG)
2796 		printf("Returned from _init, val = %x\n", val);
2797 
2798 	if (val == 0) {
2799 		/*
2800 		 * Set the MODS_INSTALLED flag to enable this module
2801 		 * being called now.
2802 		 */
2803 		install_stubs(mp);
2804 		mp->mod_installed = 1;
2805 	} else if (moddebug & MODDEBUG_ERRMSG)
2806 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
2807 
2808 	return (val);
2809 }
2810 
2811 static int
2812 detach_driver(char *name)
2813 {
2814 	major_t major;
2815 	int error;
2816 
2817 	/*
2818 	 * If being called from mod_uninstall_all() then the appropriate
2819 	 * driver detaches (leaf only) have already been done.
2820 	 */
2821 	if (mod_in_autounload())
2822 		return (0);
2823 
2824 	major = ddi_name_to_major(name);
2825 	if (major == (major_t)-1)
2826 		return (0);
2827 
2828 	error = ndi_devi_unconfig_driver(ddi_root_node(),
2829 	    NDI_DETACH_DRIVER, major);
2830 	return (error == NDI_SUCCESS ? 0 : -1);
2831 }
2832 
2833 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
2834 
2835 static int
2836 moduninstall(struct modctl *mp)
2837 {
2838 	int status = 0;
2839 	int (*func)(void);
2840 
2841 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2842 	ASSERT(mp->mod_busy);
2843 
2844 	/*
2845 	 * Verify that we need to do something and can uninstall the module.
2846 	 *
2847 	 * If we should not uninstall the module or if the module is not in
2848 	 * the correct state to start an uninstall we return EBUSY to prevent
2849 	 * us from progressing to mod_unload.  If the module has already been
2850 	 * uninstalled and unloaded we return EALREADY.
2851 	 */
2852 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
2853 		return (EBUSY);
2854 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
2855 		return (EALREADY);
2856 
2857 	/*
2858 	 * To avoid devinfo / module deadlock we must release this module
2859 	 * prior to initiating the detach_driver, otherwise the detach_driver
2860 	 * might deadlock on a devinfo node held by another thread
2861 	 * coming top down and involving the module we have locked.
2862 	 *
2863 	 * When we regrab the module we must reverify that it is OK
2864 	 * to proceed with the uninstall operation.
2865 	 */
2866 	mod_release_mod(mp);
2867 	status = detach_driver(mp->mod_modname);
2868 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
2869 
2870 	/* check detach status and reverify state with lock */
2871 	mutex_enter(&mod_lock);
2872 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
2873 		mutex_exit(&mod_lock);
2874 		return (EBUSY);
2875 	}
2876 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
2877 		mutex_exit(&mod_lock);
2878 		return (EALREADY);
2879 	}
2880 	mutex_exit(&mod_lock);
2881 
2882 	if (moddebug & MODDEBUG_LOADMSG2)
2883 		printf("uninstalling %s\n", mp->mod_modname);
2884 
2885 	/*
2886 	 * lookup _fini, return EBUSY if not defined.
2887 	 *
2888 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
2889 	 * detach(9E) - it allows bufctl addresses to be resolved.
2890 	 */
2891 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
2892 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
2893 	    (moddebug & MODDEBUG_FINI_EBUSY))
2894 		return (EBUSY);
2895 
2896 	/* verify that _fini is in this module */
2897 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
2898 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
2899 		    mp->mod_filename);
2900 		return (EFAULT);
2901 	}
2902 
2903 	/* call _fini() */
2904 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2905 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
2906 
2907 	status = (*func)();
2908 
2909 	if (status == 0) {
2910 		/* _fini returned success, the module is no longer installed */
2911 		if (moddebug & MODDEBUG_LOADMSG)
2912 			printf("uninstalled %s\n", mp->mod_modname);
2913 
2914 		/*
2915 		 * Even though we only set mod_installed to zero here, a zero
2916 		 * return value means we are commited to a code path were
2917 		 * mod_loaded will also end up as zero - we have no other
2918 		 * way to get the module data and bss back to the pre _init
2919 		 * state except a reload. To ensure this, after return,
2920 		 * mod_busy must stay set until mod_loaded is cleared.
2921 		 */
2922 		mp->mod_installed = 0;
2923 
2924 		/*
2925 		 * Clear the MODS_INSTALLED flag not to call functions
2926 		 * in the module directly from now on.
2927 		 */
2928 		uninstall_stubs(mp);
2929 	} else {
2930 		if (moddebug & MODDEBUG_USERDEBUG)
2931 			printf(finiret_msg, mp->mod_filename, status);
2932 		/*
2933 		 * By definition _fini is only allowed to return EBUSY or the
2934 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
2935 		 * that a driver returns EALREADY we convert this to EINVAL
2936 		 * since to our caller EALREADY means module was already
2937 		 * removed.
2938 		 */
2939 		if (status == EALREADY)
2940 			status = EINVAL;
2941 	}
2942 
2943 	return (status);
2944 }
2945 
2946 /*
2947  * Uninstall all modules.
2948  */
2949 static void
2950 mod_uninstall_all(void)
2951 {
2952 	struct modctl	*mp;
2953 	modid_t		modid = 0;
2954 
2955 	/* mark this thread as doing autounloading */
2956 	(void) tsd_set(mod_autounload_key, (void *)1);
2957 
2958 	(void) devfs_clean(ddi_root_node(), NULL, 0);
2959 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
2960 
2961 	while ((mp = mod_hold_next_by_id(modid)) != NULL) {
2962 		modid = mp->mod_id;
2963 		/*
2964 		 * Skip modules with the MOD_NOAUTOUNLOAD flag set
2965 		 */
2966 		if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
2967 			mod_release_mod(mp);
2968 			continue;
2969 		}
2970 
2971 		if (moduninstall(mp) == 0)
2972 			mod_unload(mp);
2973 		mod_release_mod(mp);
2974 	}
2975 
2976 	(void) tsd_set(mod_autounload_key, NULL);
2977 }
2978 
2979 static int modunload_disable_count;
2980 
2981 void
2982 modunload_disable(void)
2983 {
2984 	INCR_COUNT(&modunload_disable_count, &mod_uninstall_lock);
2985 }
2986 
2987 void
2988 modunload_enable(void)
2989 {
2990 	DECR_COUNT(&modunload_disable_count, &mod_uninstall_lock);
2991 }
2992 
2993 void
2994 mod_uninstall_daemon(void)
2995 {
2996 	callb_cpr_t	cprinfo;
2997 	clock_t		ticks = 0;
2998 
2999 	mod_aul_thread = curthread;
3000 
3001 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3002 	for (;;) {
3003 		mutex_enter(&mod_uninstall_lock);
3004 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3005 		/*
3006 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3007 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3008 		 * be disabled by setting mod_uninstall_interval to 0 which is
3009 		 * the default for a non-DEBUG kernel.
3010 		 */
3011 		if (mod_uninstall_interval) {
3012 			ticks = ddi_get_lbolt() +
3013 				drv_usectohz(mod_uninstall_interval * 1000000);
3014 			(void) cv_timedwait(&mod_uninstall_cv,
3015 				&mod_uninstall_lock, ticks);
3016 		} else {
3017 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3018 		}
3019 		/*
3020 		 * The whole daemon is safe for CPR except we don't want
3021 		 * the daemon to run if FREEZE is issued and this daemon
3022 		 * wakes up from the cv_wait above. In this case, it'll be
3023 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3024 		 *
3025 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3026 		 * mod_uninstall_lock is used to protect cprinfo and
3027 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3028 		 * called.
3029 		 */
3030 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3031 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3032 		mutex_exit(&mod_uninstall_lock);
3033 		if ((modunload_disable_count == 0) &&
3034 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3035 			mod_uninstall_all();
3036 		}
3037 	}
3038 }
3039 
3040 /*
3041  * Unload all uninstalled modules.
3042  */
3043 void
3044 modreap(void)
3045 {
3046 	mutex_enter(&mod_uninstall_lock);
3047 	cv_broadcast(&mod_uninstall_cv);
3048 	mutex_exit(&mod_uninstall_lock);
3049 }
3050 
3051 /*
3052  * Hold the specified module. This is the module holding primitive.
3053  *
3054  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3055  *
3056  * Return values:
3057  *	 0 ==> the module is held
3058  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3059  *		to determine how to retry.
3060  */
3061 int
3062 mod_hold_by_modctl(struct modctl *mp, int f)
3063 {
3064 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3065 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3066 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3067 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3068 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3069 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3070 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3071 
3072 	if (f & MOD_LOCK_NOT_HELD)
3073 		mutex_enter(&mod_lock);
3074 
3075 	while (mp->mod_busy) {
3076 		mp->mod_want = 1;
3077 		cv_wait(&mod_cv, &mod_lock);
3078 		/*
3079 		 * Module may be unloaded by daemon.
3080 		 * Nevertheless, modctl structure is still in linked list
3081 		 * (i.e., off &modules), not freed!
3082 		 * Caller is not supposed to assume "mp" is valid, but there
3083 		 * is no reasonable way to detect this but using
3084 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3085 		 *   (or similar check depending on calling context)
3086 		 * DON'T free modctl structure, it will be very very
3087 		 * problematic.
3088 		 */
3089 		if (f & MOD_WAIT_ONCE) {
3090 			if (f & MOD_LOCK_NOT_HELD)
3091 				mutex_exit(&mod_lock);
3092 			return (1);	/* caller decides how to retry */
3093 		}
3094 	}
3095 
3096 	mp->mod_busy = 1;
3097 	mp->mod_inprogress_thread =
3098 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
3099 
3100 	if (f & MOD_LOCK_NOT_HELD)
3101 		mutex_exit(&mod_lock);
3102 	return (0);
3103 }
3104 
3105 static struct modctl *
3106 mod_hold_by_name_common(struct modctl *dep, char *filename)
3107 {
3108 	char		*modname;
3109 	struct modctl	*mp;
3110 	char		*curname, *newname;
3111 	int		found = 0;
3112 
3113 	mutex_enter(&mod_lock);
3114 
3115 	if ((modname = strrchr(filename, '/')) == NULL)
3116 		modname = filename;
3117 	else
3118 		modname++;
3119 
3120 	mp = &modules;
3121 	do {
3122 		if (strcmp(modname, mp->mod_modname) == 0) {
3123 			found = 1;
3124 			break;
3125 		}
3126 	} while ((mp = mp->mod_next) != &modules);
3127 
3128 	if (found == 0) {
3129 		mp = allocate_modp(filename, modname);
3130 		modadd(mp);
3131 	}
3132 
3133 	/*
3134 	 * if dep is not NULL, set the mp in mod_requisite_loading for
3135 	 * the module circular dependency check. This field is used in
3136 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
3137 	 */
3138 	if (dep != NULL) {
3139 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
3140 		dep->mod_requisite_loading = mp;
3141 	}
3142 
3143 	/*
3144 	 * If the module was held, then it must be us who has it held.
3145 	 */
3146 	if (mod_circdep(mp))
3147 		mp = NULL;
3148 	else {
3149 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3150 
3151 		/*
3152 		 * If the name hadn't been set or has changed, allocate
3153 		 * space and set it.  Free space used by previous name.
3154 		 *
3155 		 * Do not change the name of primary modules, for primary
3156 		 * modules the mod_filename was allocated in standalone mode:
3157 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
3158 		 * in non-standalone mode.
3159 		 */
3160 		curname = mp->mod_filename;
3161 		if (curname == NULL ||
3162 		    ((mp->mod_prim == 0) &&
3163 		    (curname != filename) &&
3164 		    (modname != filename) &&
3165 		    (strcmp(curname, filename) != 0))) {
3166 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
3167 			(void) strcpy(newname, filename);
3168 			mp->mod_filename = newname;
3169 			if (curname != NULL)
3170 				kobj_free(curname, strlen(curname) + 1);
3171 		}
3172 	}
3173 
3174 	mutex_exit(&mod_lock);
3175 	if (mp && moddebug & MODDEBUG_LOADMSG2)
3176 		printf("Holding %s\n", mp->mod_filename);
3177 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
3178 		printf("circular dependency loading %s\n", filename);
3179 	return (mp);
3180 }
3181 
3182 static struct modctl *
3183 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
3184 {
3185 	return (mod_hold_by_name_common(dep, filename));
3186 }
3187 
3188 struct modctl *
3189 mod_hold_by_name(char *filename)
3190 {
3191 	return (mod_hold_by_name_common(NULL, filename));
3192 }
3193 
3194 static struct modctl *
3195 mod_hold_by_id(modid_t modid)
3196 {
3197 	struct modctl	*mp;
3198 	int		found = 0;
3199 
3200 	mutex_enter(&mod_lock);
3201 	mp = &modules;
3202 	do {
3203 		if (mp->mod_id == modid) {
3204 			found = 1;
3205 			break;
3206 		}
3207 	} while ((mp = mp->mod_next) != &modules);
3208 
3209 	if ((found == 0) || mod_circdep(mp))
3210 		mp = NULL;
3211 	else
3212 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3213 
3214 	mutex_exit(&mod_lock);
3215 	return (mp);
3216 }
3217 
3218 static struct modctl *
3219 mod_hold_next_by_id(modid_t modid)
3220 {
3221 	struct modctl	*mp;
3222 	int		found = 0;
3223 
3224 	if (modid < -1)
3225 		return (NULL);
3226 
3227 	mutex_enter(&mod_lock);
3228 
3229 	mp = &modules;
3230 	do {
3231 		if (mp->mod_id > modid) {
3232 			found = 1;
3233 			break;
3234 		}
3235 	} while ((mp = mp->mod_next) != &modules);
3236 
3237 	if ((found == 0) || mod_circdep(mp))
3238 		mp = NULL;
3239 	else
3240 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3241 
3242 	mutex_exit(&mod_lock);
3243 	return (mp);
3244 }
3245 
3246 static void
3247 mod_release(struct modctl *mp)
3248 {
3249 	ASSERT(MUTEX_HELD(&mod_lock));
3250 	ASSERT(mp->mod_busy);
3251 
3252 	mp->mod_busy = 0;
3253 	mp->mod_inprogress_thread = NULL;
3254 	if (mp->mod_want) {
3255 		mp->mod_want = 0;
3256 		cv_broadcast(&mod_cv);
3257 	}
3258 }
3259 
3260 void
3261 mod_release_mod(struct modctl *mp)
3262 {
3263 	if (moddebug & MODDEBUG_LOADMSG2)
3264 		printf("Releasing %s\n", mp->mod_filename);
3265 	mutex_enter(&mod_lock);
3266 	mod_release(mp);
3267 	mutex_exit(&mod_lock);
3268 }
3269 
3270 modid_t
3271 mod_name_to_modid(char *filename)
3272 {
3273 	char		*modname;
3274 	struct modctl	*mp;
3275 
3276 	mutex_enter(&mod_lock);
3277 
3278 	if ((modname = strrchr(filename, '/')) == NULL)
3279 		modname = filename;
3280 	else
3281 		modname++;
3282 
3283 	mp = &modules;
3284 	do {
3285 		if (strcmp(modname, mp->mod_modname) == 0) {
3286 			mutex_exit(&mod_lock);
3287 			return (mp->mod_id);
3288 		}
3289 	} while ((mp = mp->mod_next) != &modules);
3290 
3291 	mutex_exit(&mod_lock);
3292 	return (-1);
3293 }
3294 
3295 
3296 int
3297 mod_remove_by_name(char *name)
3298 {
3299 	struct modctl *mp;
3300 	int retval;
3301 
3302 	mp = mod_hold_by_name(name);
3303 
3304 	if (mp == NULL)
3305 		return (EINVAL);
3306 
3307 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3308 		/*
3309 		 * Do not unload forceloaded modules
3310 		 */
3311 		mod_release_mod(mp);
3312 		return (0);
3313 	}
3314 
3315 	if ((retval = moduninstall(mp)) == 0)
3316 		mod_unload(mp);
3317 	else if (retval == EALREADY)
3318 		retval = 0;		/* already unloaded, not an error */
3319 	mod_release_mod(mp);
3320 	return (retval);
3321 }
3322 
3323 /*
3324  * Record that module "dep" is dependent on module "on_mod."
3325  */
3326 static void
3327 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
3328 {
3329 	struct modctl_list **pmlnp;	/* previous next pointer */
3330 	struct modctl_list *mlp;
3331 	struct modctl_list *new;
3332 
3333 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
3334 	mutex_enter(&mod_lock);
3335 
3336 	/*
3337 	 * Search dependent's requisite list to see if on_mod is recorded.
3338 	 * List is ordered by id.
3339 	 */
3340 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
3341 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
3342 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
3343 			break;
3344 
3345 	/* Create and insert if not already recorded */
3346 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
3347 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
3348 		new->modl_modp = on_mod;
3349 		new->modl_next = mlp;
3350 		*pmlnp = new;
3351 
3352 		/*
3353 		 * Increment the mod_ref count in our new requisite module.
3354 		 * This is what keeps a module that has other modules
3355 		 * which are dependent on it from being uninstalled and
3356 		 * unloaded. "on_mod"'s mod_ref count decremented in
3357 		 * mod_release_requisites when the "dependent" module
3358 		 * unload is complete.  "on_mod" must be loaded, but may not
3359 		 * yet be installed.
3360 		 */
3361 		on_mod->mod_ref++;
3362 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
3363 	}
3364 
3365 	mutex_exit(&mod_lock);
3366 }
3367 
3368 /*
3369  * release the hold associated with mod_make_requisite mod_ref++
3370  * as part of unload.
3371  */
3372 void
3373 mod_release_requisites(struct modctl *modp)
3374 {
3375 	struct modctl_list *modl;
3376 	struct modctl_list *next;
3377 	struct modctl *req;
3378 	struct modctl_list *start = NULL, *mod_garbage;
3379 
3380 	ASSERT(modp->mod_busy);
3381 	ASSERT(!MUTEX_HELD(&mod_lock));
3382 
3383 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
3384 	for (modl = modp->mod_requisites; modl; modl = next) {
3385 		next = modl->modl_next;
3386 		req = modl->modl_modp;
3387 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
3388 		req->mod_ref--;
3389 
3390 		/*
3391 		 * Check if the module has to be unloaded or not.
3392 		 */
3393 		if (req->mod_ref == 0 && req->mod_delay_unload) {
3394 			struct modctl_list *new;
3395 			/*
3396 			 * Allocate the modclt_list holding the garbage
3397 			 * module which should be unloaded later.
3398 			 */
3399 			new = kobj_zalloc(sizeof (struct modctl_list),
3400 			    KM_SLEEP);
3401 			new->modl_modp = req;
3402 
3403 			if (start == NULL)
3404 				mod_garbage = start = new;
3405 			else {
3406 				mod_garbage->modl_next = new;
3407 				mod_garbage = new;
3408 			}
3409 		}
3410 
3411 		/* free the list as we go */
3412 		kobj_free(modl, sizeof (*modl));
3413 	}
3414 	modp->mod_requisites = NULL;
3415 	mutex_exit(&mod_lock);
3416 
3417 	/*
3418 	 * Unload the garbage modules.
3419 	 */
3420 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
3421 		struct modctl_list *old = mod_garbage;
3422 		struct modctl *mp = mod_garbage->modl_modp;
3423 		ASSERT(mp != NULL);
3424 
3425 		/*
3426 		 * Hold this module until it's unloaded completely.
3427 		 */
3428 		(void) mod_hold_by_modctl(mp,
3429 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3430 		/*
3431 		 * Check if the module is not unloaded yet and nobody requires
3432 		 * the module. If it's unloaded already or somebody still
3433 		 * requires the module, don't unload it now.
3434 		 */
3435 		if (mp->mod_loaded && mp->mod_ref == 0)
3436 			mod_unload(mp);
3437 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
3438 		    (mp->mod_ref > 0));
3439 		mod_release_mod(mp);
3440 
3441 		mod_garbage = mod_garbage->modl_next;
3442 		kobj_free(old, sizeof (struct modctl_list));
3443 	}
3444 }
3445 
3446 /*
3447  * Process dependency of the module represented by "dep" on the
3448  * module named by "on."
3449  *
3450  * Called from kobj_do_dependents() to load a module "on" on which
3451  * "dep" depends.
3452  */
3453 struct modctl *
3454 mod_load_requisite(struct modctl *dep, char *on)
3455 {
3456 	struct modctl *on_mod;
3457 	int retval;
3458 
3459 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
3460 		mod_make_requisite(dep, on_mod);
3461 	} else if (moddebug & MODDEBUG_ERRMSG) {
3462 		printf("error processing %s on which module %s depends\n",
3463 			on, dep->mod_modname);
3464 	}
3465 	return (on_mod);
3466 }
3467 
3468 static int
3469 mod_install_requisites(struct modctl *modp)
3470 {
3471 	struct modctl_list *modl;
3472 	struct modctl *req;
3473 	int status = 0;
3474 
3475 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3476 	ASSERT(modp->mod_busy);
3477 
3478 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
3479 		req = modl->modl_modp;
3480 		(void) mod_hold_by_modctl(req,
3481 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3482 		status = modinstall(req);
3483 		mod_release_mod(req);
3484 
3485 		if (status != 0)
3486 			break;
3487 	}
3488 	return (status);
3489 }
3490 
3491 /*
3492  * returns 1 if this thread is doing autounload, 0 otherwise.
3493  * see mod_uninstall_all.
3494  */
3495 int
3496 mod_in_autounload()
3497 {
3498 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
3499 }
3500 
3501 /*
3502  * gmatch adapted from libc, stripping the wchar stuff
3503  */
3504 #define	popchar(p, c) \
3505 	c = *p++; \
3506 	if (c == 0) \
3507 		return (0);
3508 
3509 static int
3510 gmatch(const char *s, const char *p)
3511 {
3512 	int c, sc;
3513 	int ok, lc, notflag;
3514 
3515 	sc = *s++;
3516 	c = *p++;
3517 	if (c == 0)
3518 		return (sc == c);	/* nothing matches nothing */
3519 
3520 	switch (c) {
3521 	case '\\':
3522 		/* skip to quoted character */
3523 		popchar(p, c)
3524 		/*FALLTHRU*/
3525 
3526 	default:
3527 		/* straight comparison */
3528 		if (c != sc)
3529 			return (0);
3530 		/*FALLTHRU*/
3531 
3532 	case '?':
3533 		/* first char matches, move to remainder */
3534 		return (sc != '\0' ? gmatch(s, p) : 0);
3535 
3536 
3537 	case '*':
3538 		while (*p == '*')
3539 			p++;
3540 
3541 		/* * matches everything */
3542 		if (*p == 0)
3543 			return (1);
3544 
3545 		/* undo skip at the beginning & iterate over substrings */
3546 		--s;
3547 		while (*s) {
3548 			if (gmatch(s, p))
3549 				return (1);
3550 			s++;
3551 		}
3552 		return (0);
3553 
3554 	case '[':
3555 		/* match any char within [] */
3556 		if (sc == 0)
3557 			return (0);
3558 
3559 		ok = lc = notflag = 0;
3560 
3561 		if (*p == '!') {
3562 			notflag = 1;
3563 			p++;
3564 		}
3565 		popchar(p, c)
3566 
3567 		do {
3568 			if (c == '-' && lc && *p != ']') {
3569 				/* test sc against range [c1-c2] */
3570 				popchar(p, c)
3571 				if (c == '\\') {
3572 					popchar(p, c)
3573 				}
3574 
3575 				if (notflag) {
3576 					/* return 0 on mismatch */
3577 					if (lc <= sc && sc <= c)
3578 						return (0);
3579 					ok++;
3580 				} else if (lc <= sc && sc <= c) {
3581 					ok++;
3582 				}
3583 				/* keep going, may get a match next */
3584 			} else if (c == '\\') {
3585 				/* skip to quoted character */
3586 				popchar(p, c)
3587 			}
3588 			lc = c;
3589 			if (notflag) {
3590 				if (sc == lc)
3591 					return (0);
3592 				ok++;
3593 			} else if (sc == lc) {
3594 				ok++;
3595 			}
3596 			popchar(p, c)
3597 		} while (c != ']');
3598 
3599 		/* recurse on remainder of string */
3600 		return (ok ? gmatch(s, p) : 0);
3601 	}
3602 	/*NOTREACHED*/
3603 }
3604 
3605 
3606 /*
3607  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
3608  *
3609  * Pure wild-carded patterns are handled separately so the ordering of
3610  * these patterns doesn't matter.  We're still dependent on ordering
3611  * however as the first matching entry is the one returned.
3612  * Not ideal but all existing examples and usage do imply this
3613  * ordering implicitly.
3614  *
3615  * Drivers using the clone driver are always good for some entertainment.
3616  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
3617  * perm entries have the form clone:<driver>, others use <driver>:*
3618  * Examples are clone:llc1 vs. llc2:*, for example.
3619  *
3620  * Minor perms in the clone:<driver> form are mapped to the drivers's
3621  * mperm list, not the clone driver, as wildcard entries for clone
3622  * reference only.  In other words, a clone wildcard will match
3623  * references for clone@0:<driver> but never <driver>@<minor>.
3624  *
3625  * Additional minor perms in the standard form are also supported,
3626  * for mixed usage, ie a node with an entry clone:<driver> could
3627  * provide further entries <driver>:<minor>.
3628  *
3629  * Finally, some uses of clone use an alias as the minor name rather
3630  * than the driver name, with the alias as the minor perm entry.
3631  * This case is handled by attaching the driver to bring its
3632  * minor list into existence, then discover the alias via DDI_ALIAS.
3633  * The clone device's minor perm list can then be searched for
3634  * that alias.
3635  */
3636 
3637 static int
3638 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
3639 {
3640 	major_t major;
3641 	struct devnames *dnp;
3642 	mperm_t *mp;
3643 	char *alias = NULL;
3644 	dev_info_t *cdevi;
3645 	struct ddi_minor_data *dmd;
3646 
3647 	major = ddi_name_to_major(minor_name);
3648 
3649 	ASSERT(dip == clone_dip);
3650 	ASSERT(major != (major_t)-1);
3651 
3652 	/*
3653 	 * Attach the driver named by the minor node, then
3654 	 * search its first instance's minor list for an
3655 	 * alias node.
3656 	 */
3657 	if (ddi_hold_installed_driver(major) == NULL)
3658 		return (1);
3659 
3660 	dnp = &devnamesp[major];
3661 	LOCK_DEV_OPS(&dnp->dn_lock);
3662 
3663 	if ((cdevi = dnp->dn_head) != NULL) {
3664 		mutex_enter(&DEVI(cdevi)->devi_lock);
3665 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
3666 			if (dmd->type == DDM_ALIAS) {
3667 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
3668 				break;
3669 			}
3670 		}
3671 		mutex_exit(&DEVI(cdevi)->devi_lock);
3672 	}
3673 
3674 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3675 	ddi_rele_driver(major);
3676 
3677 	if (alias == NULL) {
3678 		if (moddebug & MODDEBUG_MINORPERM)
3679 			cmn_err(CE_CONT, "dev_minorperm: "
3680 			    "no alias for %s\n", minor_name);
3681 		return (1);
3682 	}
3683 
3684 	major = ddi_driver_major(clone_dip);
3685 	dnp = &devnamesp[major];
3686 	LOCK_DEV_OPS(&dnp->dn_lock);
3687 
3688 	/*
3689 	 * Go through the clone driver's mperm list looking
3690 	 * for a match for the specified alias.
3691 	 */
3692 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
3693 		if (strcmp(alias, mp->mp_minorname) == 0) {
3694 			break;
3695 		}
3696 	}
3697 
3698 	if (mp) {
3699 		if (moddebug & MODDEBUG_MP_MATCH) {
3700 			cmn_err(CE_CONT,
3701 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
3702 			    minor_name, alias, mp->mp_mode,
3703 			    mp->mp_uid, mp->mp_gid);
3704 		}
3705 		rmp->mp_uid = mp->mp_uid;
3706 		rmp->mp_gid = mp->mp_gid;
3707 		rmp->mp_mode = mp->mp_mode;
3708 	}
3709 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3710 
3711 	kmem_free(alias, strlen(alias)+1);
3712 
3713 	return (mp == NULL);
3714 }
3715 
3716 int
3717 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
3718 {
3719 	major_t major;
3720 	char *minor_name;
3721 	struct devnames *dnp;
3722 	mperm_t *mp;
3723 	int is_clone = 0;
3724 
3725 	if (!minorperm_loaded) {
3726 		if (moddebug & MODDEBUG_MINORPERM)
3727 			cmn_err(CE_CONT,
3728 			    "%s: minor perm not yet loaded\n", name);
3729 		return (1);
3730 	}
3731 
3732 	minor_name = strchr(name, ':');
3733 	if (minor_name == NULL)
3734 		return (1);
3735 	minor_name++;
3736 
3737 	/*
3738 	 * If it's the clone driver, search the driver as named
3739 	 * by the minor.  All clone minor perm entries other than
3740 	 * alias nodes are actually installed on the real driver's list.
3741 	 */
3742 	if (dip == clone_dip) {
3743 		major = ddi_name_to_major(minor_name);
3744 		if (major == (major_t)-1) {
3745 			if (moddebug & MODDEBUG_MINORPERM)
3746 				cmn_err(CE_CONT, "dev_minorperm: "
3747 				    "%s: no such driver\n", minor_name);
3748 			return (1);
3749 		}
3750 		is_clone = 1;
3751 	} else {
3752 		major = ddi_driver_major(dip);
3753 		ASSERT(major != (major_t)-1);
3754 	}
3755 
3756 	dnp = &devnamesp[major];
3757 	LOCK_DEV_OPS(&dnp->dn_lock);
3758 
3759 	/*
3760 	 * Go through the driver's mperm list looking for
3761 	 * a match for the specified minor.  If there's
3762 	 * no matching pattern, use the wild card.
3763 	 * Defer to the clone wild for clone if specified,
3764 	 * otherwise fall back to the normal form.
3765 	 */
3766 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
3767 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
3768 			break;
3769 		}
3770 	}
3771 	if (mp == NULL) {
3772 		if (is_clone)
3773 			mp = dnp->dn_mperm_clone;
3774 		if (mp == NULL)
3775 			mp = dnp->dn_mperm_wild;
3776 	}
3777 
3778 	if (mp) {
3779 		if (moddebug & MODDEBUG_MP_MATCH) {
3780 			cmn_err(CE_CONT,
3781 			    "minor perm defaults: %s %s 0%o %d %d\n",
3782 			    name, mp->mp_minorname, mp->mp_mode,
3783 			    mp->mp_uid, mp->mp_gid);
3784 		}
3785 		rmp->mp_uid = mp->mp_uid;
3786 		rmp->mp_gid = mp->mp_gid;
3787 		rmp->mp_mode = mp->mp_mode;
3788 	}
3789 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3790 
3791 	/*
3792 	 * If no match can be found for a clone node,
3793 	 * search for a possible match for an alias.
3794 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
3795 	 * with minor perm entry clone:ptmx.
3796 	 */
3797 	if (mp == NULL && is_clone) {
3798 		return (dev_alias_minorperm(dip, minor_name, rmp));
3799 	}
3800 
3801 	return (mp == NULL);
3802 }
3803 
3804 /*
3805  * dynamicaly reference load a dl module/library, returning handle
3806  */
3807 /*ARGSUSED*/
3808 ddi_modhandle_t
3809 ddi_modopen(const char *modname, int mode, int *errnop)
3810 {
3811 	char		*subdir;
3812 	char		*mod;
3813 	int		subdirlen;
3814 	struct modctl	*hmodp = NULL;
3815 	int		retval = EINVAL;
3816 
3817 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
3818 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
3819 		goto out;
3820 
3821 	/* find optional first '/' in modname */
3822 	mod = strchr(modname, '/');
3823 	if (mod != strrchr(modname, '/'))
3824 		goto out;		/* only one '/' is legal */
3825 
3826 	if (mod) {
3827 		/* for subdir string without modification to argument */
3828 		mod++;
3829 		subdirlen = mod - modname;
3830 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
3831 		(void) strlcpy(subdir, modname, subdirlen);
3832 	} else {
3833 		subdirlen = 0;
3834 		subdir = "misc";
3835 		mod = (char *)modname;
3836 	}
3837 
3838 	/* reference load with errno return value */
3839 	retval = modrload(subdir, mod, &hmodp);
3840 
3841 	if (subdirlen)
3842 		kmem_free(subdir, subdirlen);
3843 
3844 out:	if (errnop)
3845 		*errnop = retval;
3846 
3847 	if (moddebug & MODDEBUG_DDI_MOD)
3848 		printf("ddi_modopen %s mode %x: %s %p %d\n",
3849 		    modname ? modname : "<unknown>", mode,
3850 		    hmodp ? hmodp->mod_filename : "<unknown>",
3851 		    (void *)hmodp, retval);
3852 
3853 	return ((ddi_modhandle_t)hmodp);
3854 }
3855 
3856 /* lookup "name" in open dl module/library */
3857 void *
3858 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
3859 {
3860 	struct modctl	*hmodp = (struct modctl *)h;
3861 	void		*f;
3862 	int		retval;
3863 
3864 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
3865 	if ((hmodp == NULL) || (name == NULL) ||
3866 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
3867 		f = NULL;
3868 		retval = EINVAL;
3869 	} else {
3870 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
3871 		if (f)
3872 			retval = 0;
3873 		else
3874 			retval = ENOTSUP;
3875 	}
3876 
3877 	if (moddebug & MODDEBUG_DDI_MOD)
3878 		printf("ddi_modsym in %s of %s: %d %p\n",
3879 		    hmodp ? hmodp->mod_modname : "<unknown>",
3880 		    name ? name : "<unknown>", retval, f);
3881 
3882 	if (errnop)
3883 		*errnop = retval;
3884 	return (f);
3885 }
3886 
3887 /* dynamic (un)reference unload of an open dl module/library */
3888 int
3889 ddi_modclose(ddi_modhandle_t h)
3890 {
3891 	struct modctl	*hmodp = (struct modctl *)h;
3892 	struct modctl	*modp = NULL;
3893 	int		retval;
3894 
3895 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
3896 	if ((hmodp == NULL) ||
3897 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
3898 		retval = EINVAL;
3899 		goto out;
3900 	}
3901 
3902 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
3903 	if (retval == EBUSY)
3904 		retval = 0;	/* EBUSY is not an error */
3905 
3906 	if (retval == 0) {
3907 		ASSERT(hmodp == modp);
3908 		if (hmodp != modp)
3909 			retval = EINVAL;
3910 	}
3911 
3912 out:	if (moddebug & MODDEBUG_DDI_MOD)
3913 		printf("ddi_modclose %s: %d\n",
3914 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
3915 
3916 	return (retval);
3917 }
3918