xref: /titanic_44/usr/src/uts/common/os/modctl.c (revision f94275ce205810a201404c5f35f4cc96057022b1)
1  /*
2   * CDDL HEADER START
3   *
4   * The contents of this file are subject to the terms of the
5   * Common Development and Distribution License (the "License").
6   * You may not use this file except in compliance with the License.
7   *
8   * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9   * or http://www.opensolaris.org/os/licensing.
10   * See the License for the specific language governing permissions
11   * and limitations under the License.
12   *
13   * When distributing Covered Code, include this CDDL HEADER in each
14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15   * If applicable, add the following below this CDDL HEADER, with the
16   * fields enclosed by brackets "[]" replaced with your own identifying
17   * information: Portions Copyright [yyyy] [name of copyright owner]
18   *
19   * CDDL HEADER END
20   */
21  
22  /*
23   * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24   * Use is subject to license terms.
25   */
26  
27  /*
28   * modctl system call for loadable module support.
29   */
30  
31  #include <sys/param.h>
32  #include <sys/user.h>
33  #include <sys/systm.h>
34  #include <sys/exec.h>
35  #include <sys/file.h>
36  #include <sys/stat.h>
37  #include <sys/conf.h>
38  #include <sys/time.h>
39  #include <sys/reboot.h>
40  #include <sys/fs/ufs_fsdir.h>
41  #include <sys/kmem.h>
42  #include <sys/sysconf.h>
43  #include <sys/cmn_err.h>
44  #include <sys/ddi.h>
45  #include <sys/sunddi.h>
46  #include <sys/sunndi.h>
47  #include <sys/ndi_impldefs.h>
48  #include <sys/ddi_impldefs.h>
49  #include <sys/ddi_implfuncs.h>
50  #include <sys/bootconf.h>
51  #include <sys/dc_ki.h>
52  #include <sys/cladm.h>
53  #include <sys/dtrace.h>
54  #include <sys/kdi.h>
55  
56  #include <sys/devpolicy.h>
57  #include <sys/modctl.h>
58  #include <sys/kobj.h>
59  #include <sys/devops.h>
60  #include <sys/autoconf.h>
61  #include <sys/hwconf.h>
62  #include <sys/callb.h>
63  #include <sys/debug.h>
64  #include <sys/cpuvar.h>
65  #include <sys/sysmacros.h>
66  #include <sys/sysevent.h>
67  #include <sys/sysevent_impl.h>
68  #include <sys/instance.h>
69  #include <sys/modhash.h>
70  #include <sys/modhash_impl.h>
71  #include <sys/dacf_impl.h>
72  #include <sys/vfs.h>
73  #include <sys/pathname.h>
74  #include <sys/console.h>
75  #include <sys/policy.h>
76  #include <ipp/ipp_impl.h>
77  #include <sys/fs/dv_node.h>
78  #include <sys/strsubr.h>
79  #include <sys/fs/sdev_impl.h>
80  
81  static int		mod_circdep(struct modctl *);
82  static int		modinfo(modid_t, struct modinfo *);
83  
84  static void		mod_uninstall_all(void);
85  static int		mod_getinfo(struct modctl *, struct modinfo *);
86  static struct modctl	*allocate_modp(const char *, const char *);
87  
88  static int		mod_load(struct modctl *, int);
89  static void		mod_unload(struct modctl *);
90  static int		modinstall(struct modctl *);
91  static int		moduninstall(struct modctl *);
92  
93  static struct modctl	*mod_hold_by_name_common(struct modctl *, const char *);
94  static struct modctl	*mod_hold_next_by_id(modid_t);
95  static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
96  static struct modctl	*mod_hold_installed_mod(char *, int, int, int *);
97  
98  static void		mod_release(struct modctl *);
99  static void		mod_make_requisite(struct modctl *, struct modctl *);
100  static int		mod_install_requisites(struct modctl *);
101  static void		check_esc_sequences(char *, char *);
102  static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
103  
104  /*
105   * module loading thread control structure. Calls to kobj_load_module()() are
106   * handled off to a separate thead using this structure.
107   */
108  struct loadmt {
109  	ksema_t		sema;
110  	struct modctl	*mp;
111  	int		usepath;
112  	kthread_t	*owner;
113  	int		retval;
114  };
115  
116  static void	modload_thread(struct loadmt *);
117  
118  kcondvar_t	mod_cv;
119  kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
120  					/* and the uninstall daemon. */
121  kmutex_t	mod_lock;		/* protects &modules insert linkage, */
122  					/* mod_busy, mod_want, and mod_ref. */
123  					/* blocking operations while holding */
124  					/* mod_lock should be avoided */
125  kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
126  kthread_id_t	mod_aul_thread;
127  
128  int		modunload_wait;
129  kmutex_t	modunload_wait_mutex;
130  kcondvar_t	modunload_wait_cv;
131  int		modunload_active_count;
132  int		modunload_disable_count;
133  
134  int	isminiroot;		/* set if running as miniroot */
135  int	modrootloaded;		/* set after root driver and fs are loaded */
136  int	moddebug = 0x0;		/* debug flags for module writers */
137  int	swaploaded;		/* set after swap driver and fs are loaded */
138  int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
139  int	last_module_id;
140  clock_t	mod_uninstall_interval = 0;
141  int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
142  
143  struct devnames *devnamesp;
144  struct devnames orphanlist;
145  
146  krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
147  
148  #define	MAJBINDFILE "/etc/name_to_major"
149  #define	SYSBINDFILE "/etc/name_to_sysnum"
150  
151  static char	majbind[] = MAJBINDFILE;
152  static char	sysbind[] = SYSBINDFILE;
153  static uint_t	mod_autounload_key;	/* for module autounload detection */
154  
155  extern int obpdebug;
156  
157  #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
158  
159  static int minorperm_loaded = 0;
160  
161  void
162  mod_setup(void)
163  {
164  	struct sysent *callp;
165  	int callnum, exectype;
166  	int	num_devs;
167  	int	i;
168  
169  	/*
170  	 * Initialize the list of loaded driver dev_ops.
171  	 * XXX - This must be done before reading the system file so that
172  	 * forceloads of drivers will work.
173  	 */
174  	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
175  	/*
176  	 * Since read_binding_file is common code, it doesn't enforce that all
177  	 * of the binding file entries have major numbers <= MAXMAJ32.  Thus,
178  	 * ensure that we don't allocate some massive amount of space due to a
179  	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
180  	 * until file system support for larger major numbers exists.
181  	 */
182  
183  	/*
184  	 * Leave space for expansion, but not more than L_MAXMAJ32
185  	 */
186  	devcnt = MIN(num_devs + 30, L_MAXMAJ32);
187  	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
188  	for (i = 0; i < devcnt; i++)
189  		devopsp[i] = &mod_nodev_ops;
190  
191  	init_devnamesp(devcnt);
192  
193  	/*
194  	 * Sync up with the work that the stand-alone linker has already done.
195  	 */
196  	(void) kobj_sync();
197  
198  	if (boothowto & RB_DEBUG)
199  		kdi_dvec_modavail();
200  
201  	make_aliases(mb_hashtab);
202  
203  	/*
204  	 * Initialize streams device implementation structures.
205  	 */
206  	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
207  
208  	/*
209  	 * If the cl_bootstrap module is present,
210  	 * we should be configured as a cluster. Loading this module
211  	 * will set "cluster_bootflags" to non-zero.
212  	 */
213  	(void) modload("misc", "cl_bootstrap");
214  
215  	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
216  	init_syscallnames(NSYSCALL);
217  
218  	/*
219  	 * Start up dynamic autoconfiguration framework (dacf).
220  	 */
221  	mod_hash_init();
222  	dacf_init();
223  
224  	/*
225  	 * Start up IP policy framework (ipp).
226  	 */
227  	ipp_init();
228  
229  	/*
230  	 * Allocate loadable native system call locks.
231  	 */
232  	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
233  	    callnum++, callp++) {
234  		if (LOADABLE_SYSCALL(callp)) {
235  			if (mod_getsysname(callnum) != NULL) {
236  				callp->sy_lock =
237  				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
238  				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
239  			} else {
240  				callp->sy_flags &= ~SE_LOADABLE;
241  				callp->sy_callc = nosys;
242  			}
243  #ifdef DEBUG
244  		} else {
245  			/*
246  			 * Do some sanity checks on the sysent table
247  			 */
248  			switch (callp->sy_flags & SE_RVAL_MASK) {
249  			case SE_32RVAL1:
250  				/* only r_val1 returned */
251  			case SE_32RVAL1 | SE_32RVAL2:
252  				/* r_val1 and r_val2 returned */
253  			case SE_64RVAL:
254  				/* 64-bit rval returned */
255  				break;
256  			default:
257  				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
258  				    callnum, callp->sy_flags);
259  			}
260  #endif
261  		}
262  	}
263  
264  #ifdef _SYSCALL32_IMPL
265  	/*
266  	 * Allocate loadable system call locks for 32-bit compat syscalls
267  	 */
268  	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
269  	    callnum++, callp++) {
270  		if (LOADABLE_SYSCALL(callp)) {
271  			if (mod_getsysname(callnum) != NULL) {
272  				callp->sy_lock =
273  				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
274  				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
275  			} else {
276  				callp->sy_flags &= ~SE_LOADABLE;
277  				callp->sy_callc = nosys;
278  			}
279  #ifdef DEBUG
280  		} else {
281  			/*
282  			 * Do some sanity checks on the sysent table
283  			 */
284  			switch (callp->sy_flags & SE_RVAL_MASK) {
285  			case SE_32RVAL1:
286  				/* only r_val1 returned */
287  			case SE_32RVAL1 | SE_32RVAL2:
288  				/* r_val1 and r_val2 returned */
289  			case SE_64RVAL:
290  				/* 64-bit rval returned */
291  				break;
292  			default:
293  				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
294  				    callnum, callp->sy_flags);
295  				goto skip;
296  			}
297  
298  			/*
299  			 * Cross-check the native and compatibility tables.
300  			 */
301  			if (callp->sy_callc == nosys ||
302  			    sysent[callnum].sy_callc == nosys)
303  				continue;
304  			/*
305  			 * If only one or the other slot is loadable, then
306  			 * there's an error -- they should match!
307  			 */
308  			if ((callp->sy_callc == loadable_syscall) ^
309  			    (sysent[callnum].sy_callc == loadable_syscall)) {
310  				cmn_err(CE_WARN, "sysent[%d] loadable?",
311  				    callnum);
312  			}
313  			/*
314  			 * This is more of a heuristic test -- if the
315  			 * system call returns two values in the 32-bit
316  			 * world, it should probably return two 32-bit
317  			 * values in the 64-bit world too.
318  			 */
319  			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
320  			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
321  				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
322  				    callnum);
323  			}
324  skip:;
325  #endif	/* DEBUG */
326  		}
327  	}
328  #endif	/* _SYSCALL32_IMPL */
329  
330  	/*
331  	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
332  	 */
333  	for (exectype = 0; exectype < nexectype; exectype++) {
334  		execsw[exectype].exec_lock =
335  		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
336  		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
337  	}
338  
339  	read_class_file();
340  
341  	/* init thread specific structure for mod_uninstall_all */
342  	tsd_create(&mod_autounload_key, NULL);
343  }
344  
345  static int
346  modctl_modload(int use_path, char *filename, int *rvp)
347  {
348  	struct modctl *modp;
349  	int retval = 0;
350  	char *filenamep;
351  	int modid;
352  
353  	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
354  
355  	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
356  		retval = EFAULT;
357  		goto out;
358  	}
359  
360  	filenamep[MOD_MAXPATH - 1] = 0;
361  	modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
362  
363  	if (modp == NULL)
364  		goto out;
365  
366  	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
367  	modid = modp->mod_id;
368  	mod_release_mod(modp);
369  	CPU_STATS_ADDQ(CPU, sys, modload, 1);
370  	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
371  		retval = EFAULT;
372  out:
373  	kmem_free(filenamep, MOD_MAXPATH);
374  
375  	return (retval);
376  }
377  
378  static int
379  modctl_modunload(modid_t id)
380  {
381  	int rval = 0;
382  
383  	if (id == 0) {
384  #ifdef DEBUG
385  		/*
386  		 * Turn on mod_uninstall_daemon
387  		 */
388  		if (mod_uninstall_interval == 0) {
389  			mod_uninstall_interval = 60;
390  			modreap();
391  			return (rval);
392  		}
393  #endif
394  		mod_uninstall_all();
395  	} else {
396  		rval = modunload(id);
397  	}
398  	return (rval);
399  }
400  
401  static int
402  modctl_modinfo(modid_t id, struct modinfo *umodi)
403  {
404  	int retval;
405  	struct modinfo modi;
406  #if defined(_SYSCALL32_IMPL)
407  	int nobase;
408  	struct modinfo32 modi32;
409  #endif
410  
411  	if (get_udatamodel() == DATAMODEL_NATIVE) {
412  		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
413  			return (EFAULT);
414  	}
415  #ifdef _SYSCALL32_IMPL
416  	else {
417  		bzero(&modi, sizeof (modi));
418  		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
419  			return (EFAULT);
420  		modi.mi_info = modi32.mi_info;
421  		modi.mi_id = modi32.mi_id;
422  		modi.mi_nextid = modi32.mi_nextid;
423  		nobase = modi.mi_info & MI_INFO_NOBASE;
424  	}
425  #endif
426  	/*
427  	 * This flag is -only- for the kernels use.
428  	 */
429  	modi.mi_info &= ~MI_INFO_LINKAGE;
430  
431  	retval = modinfo(id, &modi);
432  	if (retval)
433  		return (retval);
434  
435  	if (get_udatamodel() == DATAMODEL_NATIVE) {
436  		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
437  			retval = EFAULT;
438  #ifdef _SYSCALL32_IMPL
439  	} else {
440  		int i;
441  
442  		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
443  			return (EOVERFLOW);
444  
445  		modi32.mi_info = modi.mi_info;
446  		modi32.mi_state = modi.mi_state;
447  		modi32.mi_id = modi.mi_id;
448  		modi32.mi_nextid = modi.mi_nextid;
449  		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
450  		modi32.mi_size = modi.mi_size;
451  		modi32.mi_rev = modi.mi_rev;
452  		modi32.mi_loadcnt = modi.mi_loadcnt;
453  		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
454  		for (i = 0; i < MODMAXLINK32; i++) {
455  			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
456  			bcopy(modi.mi_msinfo[i].msi_linkinfo,
457  			    modi32.mi_msinfo[i].msi_linkinfo,
458  			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
459  		}
460  		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
461  			retval = EFAULT;
462  #endif
463  	}
464  
465  	return (retval);
466  }
467  
468  /*
469   * Return the last major number in the range of permissible major numbers.
470   */
471  /*ARGSUSED*/
472  static int
473  modctl_modreserve(modid_t id, int *data)
474  {
475  	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
476  		return (EFAULT);
477  	return (0);
478  }
479  
480  /* Add/Remove driver and binding aliases */
481  static int
482  modctl_update_driver_aliases(int add, int *data)
483  {
484  	struct modconfig	mc;
485  	int			i, n, rv = 0;
486  	struct aliases		alias;
487  	struct aliases		*ap;
488  	char			name[MAXMODCONFNAME];
489  	char			cname[MAXMODCONFNAME];
490  	char			*drvname;
491  	int			resid;
492  	struct alias_info {
493  		char	*alias_name;
494  		int	alias_resid;
495  	} *aliases, *aip;
496  
497  	bzero(&mc, sizeof (struct modconfig));
498  	if (get_udatamodel() == DATAMODEL_NATIVE) {
499  		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
500  			return (EFAULT);
501  	}
502  #ifdef _SYSCALL32_IMPL
503  	else {
504  		struct modconfig32 modc32;
505  		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
506  			return (EFAULT);
507  		else {
508  			bcopy(modc32.drvname, mc.drvname,
509  			    sizeof (modc32.drvname));
510  			bcopy(modc32.drvclass, mc.drvclass,
511  			    sizeof (modc32.drvclass));
512  			mc.major = modc32.major;
513  			mc.flags = modc32.flags;
514  			mc.num_aliases = modc32.num_aliases;
515  			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
516  		}
517  	}
518  #endif
519  
520  	/*
521  	 * If the driver is already in the mb_hashtab, and the name given
522  	 * doesn't match that driver's name, fail.  Otherwise, pass, since
523  	 * we may be adding aliases.
524  	 */
525  	drvname = mod_major_to_name(mc.major);
526  	if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
527  		return (EINVAL);
528  
529  	/*
530  	 * Precede alias removal by unbinding as many devices as possible.
531  	 */
532  	if (add == 0) {
533  		(void) i_ddi_unload_drvconf(mc.major);
534  		i_ddi_unbind_devs(mc.major);
535  	}
536  
537  	/*
538  	 * Add/remove each supplied driver alias to/from mb_hashtab
539  	 */
540  	ap = mc.ap;
541  	if (mc.num_aliases > 0)
542  		aliases = kmem_zalloc(
543  		    mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
544  	aip = aliases;
545  	for (i = 0; i < mc.num_aliases; i++) {
546  		bzero(&alias, sizeof (struct aliases));
547  		if (get_udatamodel() == DATAMODEL_NATIVE) {
548  			if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
549  				rv = EFAULT;
550  				goto error;
551  			}
552  			if (alias.a_len > MAXMODCONFNAME) {
553  				rv = EINVAL;
554  				goto error;
555  			}
556  			if (copyin(alias.a_name, name, alias.a_len) != 0) {
557  				rv = EFAULT;
558  				goto error;
559  			}
560  			if (name[alias.a_len - 1] != '\0') {
561  				rv = EINVAL;
562  				goto error;
563  			}
564  		}
565  #ifdef _SYSCALL32_IMPL
566  		else {
567  			struct aliases32 al32;
568  			bzero(&al32, sizeof (struct aliases32));
569  			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
570  				rv = EFAULT;
571  				goto error;
572  			}
573  			if (al32.a_len > MAXMODCONFNAME) {
574  				rv = EINVAL;
575  				goto error;
576  			}
577  			if (copyin((void *)(uintptr_t)al32.a_name,
578  			    name, al32.a_len) != 0) {
579  				rv = EFAULT;
580  				goto error;
581  			}
582  			if (name[al32.a_len - 1] != '\0') {
583  				rv = EINVAL;
584  				goto error;
585  			}
586  			alias.a_next = (void *)(uintptr_t)al32.a_next;
587  		}
588  #endif
589  		check_esc_sequences(name, cname);
590  		aip->alias_name = strdup(cname);
591  		ap = alias.a_next;
592  		aip++;
593  	}
594  
595  	if (add == 0) {
596  		ap = mc.ap;
597  		resid = 0;
598  		aip = aliases;
599  		/* attempt to unbind all devices bound to each alias */
600  		for (i = 0; i < mc.num_aliases; i++) {
601  			n = i_ddi_unbind_devs_by_alias(
602  			    mc.major, aip->alias_name);
603  			resid += n;
604  			aip->alias_resid = n;
605  		}
606  
607  		/*
608  		 * If some device bound to an alias remains in use,
609  		 * and override wasn't specified, no change is made to
610  		 * the binding state and we fail the operation.
611  		 */
612  		if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
613  			rv = EBUSY;
614  			goto error;
615  		}
616  
617  		/*
618  		 * No device remains bound of any of the aliases,
619  		 * or force was requested.  Mark each alias as
620  		 * inactive via delete_mbind so no future binds
621  		 * to this alias take place and that a new
622  		 * binding can be established.
623  		 */
624  		aip = aliases;
625  		for (i = 0; i < mc.num_aliases; i++) {
626  			if (moddebug & MODDEBUG_BINDING)
627  				cmn_err(CE_CONT, "Removing binding for %s "
628  				    "(%d active references)\n",
629  				    aip->alias_name, aip->alias_resid);
630  			delete_mbind(aip->alias_name, mb_hashtab);
631  			aip++;
632  		}
633  		rv = 0;
634  	} else {
635  		aip = aliases;
636  		for (i = 0; i < mc.num_aliases; i++) {
637  			if (moddebug & MODDEBUG_BINDING)
638  				cmn_err(CE_NOTE, "Adding binding for '%s'\n",
639  				    aip->alias_name);
640  			(void) make_mbind(aip->alias_name,
641  			    mc.major, NULL, mb_hashtab);
642  			aip++;
643  		}
644  		/*
645  		 * Try to establish an mbinding for mc.drvname, and add it to
646  		 * devnames. Add class if any after establishing the major
647  		 * number.
648  		 */
649  		(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
650  		if ((rv = make_devname(mc.drvname, mc.major)) != 0)
651  			goto error;
652  
653  		if (mc.drvclass[0] != '\0')
654  			add_class(mc.drvname, mc.drvclass);
655  		(void) i_ddi_load_drvconf(mc.major);
656  	}
657  
658  	/*
659  	 * Ensure that all nodes are bound to the most appropriate driver
660  	 * possible, attempting demotion and rebind when a more appropriate
661  	 * driver now exists.
662  	 */
663  	i_ddi_bind_devs();
664  	i_ddi_di_cache_invalidate(KM_SLEEP);
665  
666  error:
667  	if (mc.num_aliases > 0) {
668  		aip = aliases;
669  		for (i = 0; i < mc.num_aliases; i++) {
670  			if (aip->alias_name != NULL)
671  				strfree(aip->alias_name);
672  			aip++;
673  		}
674  		kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
675  	}
676  	return (rv);
677  }
678  
679  static int
680  modctl_add_driver_aliases(int *data)
681  {
682  	return (modctl_update_driver_aliases(1, data));
683  }
684  
685  static int
686  modctl_remove_driver_aliases(int *data)
687  {
688  	return (modctl_update_driver_aliases(0, data));
689  }
690  
691  static int
692  modctl_rem_major(major_t major)
693  {
694  	struct devnames *dnp;
695  
696  	if (major >= devcnt)
697  		return (EINVAL);
698  
699  	/* mark devnames as removed */
700  	dnp = &devnamesp[major];
701  	LOCK_DEV_OPS(&dnp->dn_lock);
702  	if (dnp->dn_name == NULL ||
703  	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
704  		UNLOCK_DEV_OPS(&dnp->dn_lock);
705  		return (EINVAL);
706  	}
707  	dnp->dn_flags |= DN_DRIVER_REMOVED;
708  	pm_driver_removed(major);
709  	UNLOCK_DEV_OPS(&dnp->dn_lock);
710  
711  	(void) i_ddi_unload_drvconf(major);
712  	i_ddi_unbind_devs(major);
713  	i_ddi_bind_devs();
714  	i_ddi_di_cache_invalidate(KM_SLEEP);
715  
716  	/* purge all the bindings to this driver */
717  	purge_mbind(major, mb_hashtab);
718  	return (0);
719  }
720  
721  static struct vfs *
722  path_to_vfs(char *name)
723  {
724  	vnode_t *vp;
725  	struct vfs *vfsp;
726  
727  	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
728  		return (NULL);
729  
730  	vfsp = vp->v_vfsp;
731  	VN_RELE(vp);
732  	return (vfsp);
733  }
734  
735  static int
736  new_vfs_in_modpath()
737  {
738  	static int n_modpath = 0;
739  	static char *modpath_copy;
740  	static struct pathvfs {
741  		char *path;
742  		struct vfs *vfsp;
743  	} *pathvfs;
744  
745  	int i, new_vfs = 0;
746  	char *tmp, *tmp1;
747  	struct vfs *vfsp;
748  
749  	if (n_modpath != 0) {
750  		for (i = 0; i < n_modpath; i++) {
751  			vfsp = path_to_vfs(pathvfs[i].path);
752  			if (vfsp != pathvfs[i].vfsp) {
753  				pathvfs[i].vfsp = vfsp;
754  				if (vfsp)
755  					new_vfs = 1;
756  			}
757  		}
758  		return (new_vfs);
759  	}
760  
761  	/*
762  	 * First call, initialize the pathvfs structure
763  	 */
764  	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
765  	tmp = modpath_copy;
766  	n_modpath = 1;
767  	tmp1 = strchr(tmp, ' ');
768  	while (tmp1) {
769  		*tmp1 = '\0';
770  		n_modpath++;
771  		tmp = tmp1 + 1;
772  		tmp1 = strchr(tmp, ' ');
773  	}
774  
775  	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
776  	tmp = modpath_copy;
777  	for (i = 0; i < n_modpath; i++) {
778  		pathvfs[i].path = tmp;
779  		vfsp = path_to_vfs(tmp);
780  		pathvfs[i].vfsp = vfsp;
781  		tmp += strlen(tmp) + 1;
782  	}
783  	return (1);	/* always reread driver.conf the first time */
784  }
785  
786  static int
787  modctl_load_drvconf(major_t major)
788  {
789  	int ret;
790  
791  	if (major != DDI_MAJOR_T_NONE) {
792  		ret = i_ddi_load_drvconf(major);
793  		if (ret == 0)
794  			i_ddi_bind_devs();
795  		return (ret);
796  	}
797  
798  	/*
799  	 * We are invoked to rescan new driver.conf files. It is
800  	 * only necessary if a new file system was mounted in the
801  	 * module_path. Because rescanning driver.conf files can
802  	 * take some time on older platforms (sun4m), the following
803  	 * code skips unnecessary driver.conf rescans to optimize
804  	 * boot performance.
805  	 */
806  	if (new_vfs_in_modpath()) {
807  		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
808  		/*
809  		 * If we are still initializing io subsystem,
810  		 * load drivers with ddi-forceattach property
811  		 */
812  		if (!i_ddi_io_initialized())
813  			i_ddi_forceattach_drivers();
814  	}
815  	return (0);
816  }
817  
818  /*
819   * Unload driver.conf file and follow up by attempting
820   * to rebind devices to more appropriate driver.
821   */
822  static int
823  modctl_unload_drvconf(major_t major)
824  {
825  	int ret;
826  
827  	if (major >= devcnt)
828  		return (EINVAL);
829  
830  	ret = i_ddi_unload_drvconf(major);
831  	if (ret != 0)
832  		return (ret);
833  	(void) i_ddi_unbind_devs(major);
834  	i_ddi_bind_devs();
835  
836  	return (0);
837  }
838  
839  static void
840  check_esc_sequences(char *str, char *cstr)
841  {
842  	int i;
843  	size_t len;
844  	char *p;
845  
846  	len = strlen(str);
847  	for (i = 0; i < len; i++, str++, cstr++) {
848  		if (*str != '\\') {
849  			*cstr = *str;
850  		} else {
851  			p = str + 1;
852  			/*
853  			 * we only handle octal escape sequences for SPACE
854  			 */
855  			if (*p++ == '0' && *p++ == '4' && *p == '0') {
856  				*cstr = ' ';
857  				str += 3;
858  			} else {
859  				*cstr = *str;
860  			}
861  		}
862  	}
863  	*cstr = 0;
864  }
865  
866  static int
867  modctl_getmodpathlen(int *data)
868  {
869  	int len;
870  	len = strlen(default_path);
871  	if (copyout(&len, data, sizeof (len)) != 0)
872  		return (EFAULT);
873  	return (0);
874  }
875  
876  static int
877  modctl_getmodpath(char *data)
878  {
879  	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
880  		return (EFAULT);
881  	return (0);
882  }
883  
884  static int
885  modctl_read_sysbinding_file(void)
886  {
887  	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
888  	return (0);
889  }
890  
891  static int
892  modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
893  {
894  	char name[256];
895  	int retval;
896  	major_t major;
897  
898  	if (ulen == 0)
899  		return (EINVAL);
900  	if ((retval = copyinstr(uname, name,
901  	    (ulen < 256) ? ulen : 256, 0)) != 0)
902  		return (retval);
903  	if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
904  		return (ENODEV);
905  	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
906  		return (EFAULT);
907  	return (0);
908  }
909  
910  static char **
911  convert_constraint_string(char *constraints, size_t len)
912  {
913  	int	i;
914  	int	n;
915  	char	*p;
916  	char	**array;
917  
918  	ASSERT(constraints != NULL);
919  	ASSERT(len > 0);
920  
921  	for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
922  		;
923  
924  	n = i;
925  
926  	if (n == 0) {
927  		kmem_free(constraints, len);
928  		return (NULL);
929  	}
930  
931  	array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
932  
933  	for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
934  		array[i] = i_ddi_strdup(p, KM_SLEEP);
935  	}
936  	array[n] = NULL;
937  
938  	kmem_free(constraints, len);
939  
940  	return (array);
941  }
942  /*ARGSUSED*/
943  static int
944  modctl_retire(char *path, char *uconstraints, size_t ulen)
945  {
946  	char	*pathbuf;
947  	char	*devpath;
948  	size_t	pathsz;
949  	int	retval;
950  	char	*constraints;
951  	char	**cons_array;
952  
953  	if (path == NULL)
954  		return (EINVAL);
955  
956  	if ((uconstraints == NULL) ^ (ulen == 0))
957  		return (EINVAL);
958  
959  	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
960  	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
961  	if (retval != 0) {
962  		kmem_free(pathbuf, MAXPATHLEN);
963  		return (retval);
964  	}
965  	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
966  	kmem_free(pathbuf, MAXPATHLEN);
967  
968  	/*
969  	 * First check if the device is already retired.
970  	 * If it is, this becomes a NOP
971  	 */
972  	if (e_ddi_device_retired(devpath)) {
973  		cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
974  		kmem_free(devpath, strlen(devpath) + 1);
975  		return (0);
976  	}
977  
978  	cons_array = NULL;
979  	if (uconstraints) {
980  		constraints = kmem_alloc(ulen, KM_SLEEP);
981  		if (copyin(uconstraints, constraints, ulen)) {
982  			kmem_free(constraints, ulen);
983  			kmem_free(devpath, strlen(devpath) + 1);
984  			return (EFAULT);
985  		}
986  		cons_array = convert_constraint_string(constraints, ulen);
987  	}
988  
989  	/*
990  	 * Try to retire the device first. The following
991  	 * routine will return an error only if the device
992  	 * is not retireable i.e. retire constraints forbid
993  	 * a retire. A return of success from this routine
994  	 * indicates that device is retireable.
995  	 */
996  	retval = e_ddi_retire_device(devpath, cons_array);
997  	if (retval != DDI_SUCCESS) {
998  		cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
999  		kmem_free(devpath, strlen(devpath) + 1);
1000  		return (ENOTSUP);
1001  	}
1002  
1003  	/*
1004  	 * Ok, the retire succeeded. Persist the retire.
1005  	 * If retiring a nexus, we need to only persist the
1006  	 * nexus retire. Any children of a retired nexus
1007  	 * are automatically covered by the retire store
1008  	 * code.
1009  	 */
1010  	retval = e_ddi_retire_persist(devpath);
1011  	if (retval != 0) {
1012  		cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1013  		    "%s", retval, devpath);
1014  		kmem_free(devpath, strlen(devpath) + 1);
1015  		return (retval);
1016  	}
1017  	if (moddebug & MODDEBUG_RETIRE)
1018  		cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1019  
1020  	kmem_free(devpath, strlen(devpath) + 1);
1021  	return (0);
1022  }
1023  
1024  static int
1025  modctl_is_retired(char *path, int *statep)
1026  {
1027  	char	*pathbuf;
1028  	char	*devpath;
1029  	size_t	pathsz;
1030  	int	error;
1031  	int	status;
1032  
1033  	if (path == NULL || statep == NULL)
1034  		return (EINVAL);
1035  
1036  	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1037  	error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1038  	if (error != 0) {
1039  		kmem_free(pathbuf, MAXPATHLEN);
1040  		return (error);
1041  	}
1042  	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1043  	kmem_free(pathbuf, MAXPATHLEN);
1044  
1045  	if (e_ddi_device_retired(devpath))
1046  		status = 1;
1047  	else
1048  		status = 0;
1049  	kmem_free(devpath, strlen(devpath) + 1);
1050  
1051  	return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1052  }
1053  
1054  static int
1055  modctl_unretire(char *path)
1056  {
1057  	char	*pathbuf;
1058  	char	*devpath;
1059  	size_t	pathsz;
1060  	int	retired;
1061  	int	retval;
1062  
1063  	if (path == NULL)
1064  		return (EINVAL);
1065  
1066  	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1067  	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1068  	if (retval != 0) {
1069  		kmem_free(pathbuf, MAXPATHLEN);
1070  		return (retval);
1071  	}
1072  	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1073  	kmem_free(pathbuf, MAXPATHLEN);
1074  
1075  	/*
1076  	 * We check if a device is retired (first) before
1077  	 * unpersisting the retire, because we use the
1078  	 * retire store to determine if a device is retired.
1079  	 * If we unpersist first, the device will always appear
1080  	 * to be unretired. For the rationale behind unpersisting
1081  	 * a device that is not retired, see the next comment.
1082  	 */
1083  	retired = e_ddi_device_retired(devpath);
1084  
1085  	/*
1086  	 * We call unpersist unconditionally because the lookup
1087  	 * for retired devices (e_ddi_device_retired()), skips "bypassed"
1088  	 * devices. We still want to be able remove "bypassed" entries
1089  	 * from the persistent store, so we unpersist unconditionally
1090  	 * i.e. whether or not the entry is found on a lookup.
1091  	 *
1092  	 * e_ddi_retire_unpersist() returns 1 if it found and cleared
1093  	 * an entry from the retire store or 0 otherwise.
1094  	 */
1095  	if (e_ddi_retire_unpersist(devpath))
1096  		if (moddebug & MODDEBUG_RETIRE) {
1097  			cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1098  			    devpath);
1099  		}
1100  
1101  	/*
1102  	 * Check if the device is already unretired. If so,
1103  	 * the unretire becomes a NOP
1104  	 */
1105  	if (!retired) {
1106  		cmn_err(CE_NOTE, "Not retired: %s", devpath);
1107  		kmem_free(devpath, strlen(devpath) + 1);
1108  		return (0);
1109  	}
1110  
1111  	retval = e_ddi_unretire_device(devpath);
1112  	if (retval != 0) {
1113  		cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1114  		    retval, devpath);
1115  	}
1116  
1117  	kmem_free(devpath, strlen(devpath) + 1);
1118  
1119  	return (retval);
1120  }
1121  
1122  static int
1123  modctl_getname(char *uname, uint_t ulen, int *umajorp)
1124  {
1125  	char *name;
1126  	major_t major;
1127  
1128  	if (copyin(umajorp, &major, sizeof (major)) != 0)
1129  		return (EFAULT);
1130  	if ((name = mod_major_to_name(major)) == NULL)
1131  		return (ENODEV);
1132  	if ((strlen(name) + 1) > ulen)
1133  		return (ENOSPC);
1134  	return (copyoutstr(name, uname, ulen, NULL));
1135  }
1136  
1137  static int
1138  modctl_devt2instance(dev_t dev, int *uinstancep)
1139  {
1140  	int	instance;
1141  
1142  	if ((instance = dev_to_instance(dev)) == -1)
1143  		return (EINVAL);
1144  
1145  	return (copyout(&instance, uinstancep, sizeof (int)));
1146  }
1147  
1148  /*
1149   * Return the sizeof of the device id.
1150   */
1151  static int
1152  modctl_sizeof_devid(dev_t dev, uint_t *len)
1153  {
1154  	uint_t		sz;
1155  	ddi_devid_t	devid;
1156  
1157  	/* get device id */
1158  	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1159  		return (EINVAL);
1160  
1161  	sz = ddi_devid_sizeof(devid);
1162  	ddi_devid_free(devid);
1163  
1164  	/* copyout device id size */
1165  	if (copyout(&sz, len, sizeof (sz)) != 0)
1166  		return (EFAULT);
1167  
1168  	return (0);
1169  }
1170  
1171  /*
1172   * Return a copy of the device id.
1173   */
1174  static int
1175  modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1176  {
1177  	uint_t		sz;
1178  	ddi_devid_t	devid;
1179  	int		err = 0;
1180  
1181  	/* get device id */
1182  	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1183  		return (EINVAL);
1184  
1185  	sz = ddi_devid_sizeof(devid);
1186  
1187  	/* Error if device id is larger than space allocated */
1188  	if (sz > len) {
1189  		ddi_devid_free(devid);
1190  		return (ENOSPC);
1191  	}
1192  
1193  	/* copy out device id */
1194  	if (copyout(devid, udevid, sz) != 0)
1195  		err = EFAULT;
1196  	ddi_devid_free(devid);
1197  	return (err);
1198  }
1199  
1200  /*
1201   * return the /devices paths associated with the specified devid and
1202   * minor name.
1203   */
1204  /*ARGSUSED*/
1205  static int
1206  modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1207  	size_t *ulensp, char *upaths)
1208  {
1209  	ddi_devid_t	devid = NULL;
1210  	int		devid_len;
1211  	char		*minor_name = NULL;
1212  	dev_info_t	*dip = NULL;
1213  	int		circ;
1214  	struct ddi_minor_data   *dmdp;
1215  	char		*path = NULL;
1216  	int		ulens;
1217  	int		lens;
1218  	int		len;
1219  	dev_t		*devlist = NULL;
1220  	int		ndevs;
1221  	int		i;
1222  	int		ret = 0;
1223  
1224  	/*
1225  	 * If upaths is NULL then we are only computing the amount of space
1226  	 * needed to hold the paths and returning the value in *ulensp. If we
1227  	 * are copying out paths then we get the amount of space allocated by
1228  	 * the caller. If the actual space needed for paths is larger, or
1229  	 * things are changing out from under us, then we return EAGAIN.
1230  	 */
1231  	if (upaths) {
1232  		if (ulensp == NULL)
1233  			return (EINVAL);
1234  		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1235  			return (EFAULT);
1236  	}
1237  
1238  	/*
1239  	 * copyin enough of the devid to determine the length then
1240  	 * reallocate and copy in the entire devid.
1241  	 */
1242  	devid_len = ddi_devid_sizeof(NULL);
1243  	devid = kmem_alloc(devid_len, KM_SLEEP);
1244  	if (copyin(udevid, devid, devid_len)) {
1245  		ret = EFAULT;
1246  		goto out;
1247  	}
1248  	len = devid_len;
1249  	devid_len = ddi_devid_sizeof(devid);
1250  	kmem_free(devid, len);
1251  	devid = kmem_alloc(devid_len, KM_SLEEP);
1252  	if (copyin(udevid, devid, devid_len)) {
1253  		ret = EFAULT;
1254  		goto out;
1255  	}
1256  
1257  	/* copyin the minor name if specified. */
1258  	minor_name = uminor_name;
1259  	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1260  	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1261  	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1262  		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1263  		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1264  			ret = EFAULT;
1265  			goto out;
1266  		}
1267  	}
1268  
1269  	/*
1270  	 * Use existing function to resolve the devid into a devlist.
1271  	 *
1272  	 * NOTE: there is a loss of spectype information in the current
1273  	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
1274  	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1275  	 * node forms in the loop processing the devlist below. It would be
1276  	 * best if at some point the use of this interface here was replaced
1277  	 * with a path oriented call.
1278  	 */
1279  	if (ddi_lyr_devid_to_devlist(devid,
1280  	    (minor_name == DEVID_MINOR_NAME_ALL) ?
1281  	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
1282  	    &ndevs, &devlist) != DDI_SUCCESS) {
1283  		ret = EINVAL;
1284  		goto out;
1285  	}
1286  
1287  	/*
1288  	 * loop over the devlist, converting each devt to a path and doing
1289  	 * a copyout of the path and computation of the amount of space
1290  	 * needed to hold all the paths
1291  	 */
1292  	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1293  	for (i = 0, lens = 0; i < ndevs; i++) {
1294  
1295  		/* find the dip associated with the dev_t */
1296  		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1297  			continue;
1298  
1299  		/* loop over all the minor nodes, skipping ones we don't want */
1300  		ndi_devi_enter(dip, &circ);
1301  		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1302  			if ((dmdp->ddm_dev != devlist[i]) ||
1303  			    (dmdp->type != DDM_MINOR))
1304  				continue;
1305  
1306  			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1307  			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1308  			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1309  			    strcmp(minor_name, dmdp->ddm_name))
1310  				continue;
1311  			else {
1312  				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1313  				    (dmdp->ddm_spec_type != S_IFCHR))
1314  					continue;
1315  				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1316  				    (dmdp->ddm_spec_type != S_IFBLK))
1317  					continue;
1318  			}
1319  
1320  			(void) ddi_pathname_minor(dmdp, path);
1321  			len = strlen(path) + 1;
1322  			*(path + len) = '\0';	/* set double termination */
1323  			lens += len;
1324  
1325  			/* copyout the path with double terminations */
1326  			if (upaths) {
1327  				if (lens > ulens) {
1328  					ret = EAGAIN;
1329  					goto out;
1330  				}
1331  				if (copyout(path, upaths, len + 1)) {
1332  					ret = EFAULT;
1333  					goto out;
1334  				}
1335  				upaths += len;
1336  			}
1337  		}
1338  		ndi_devi_exit(dip, circ);
1339  		ddi_release_devi(dip);
1340  		dip = NULL;
1341  	}
1342  	lens++;		/* add one for double termination */
1343  
1344  	/* copy out the amount of space needed to hold the paths */
1345  	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1346  		ret = EFAULT;
1347  		goto out;
1348  	}
1349  	ret = 0;
1350  
1351  out:	if (dip) {
1352  		ndi_devi_exit(dip, circ);
1353  		ddi_release_devi(dip);
1354  	}
1355  	if (path)
1356  		kmem_free(path, MAXPATHLEN);
1357  	if (devlist)
1358  		ddi_lyr_free_devlist(devlist, ndevs);
1359  	if (minor_name &&
1360  	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1361  	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1362  	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1363  		kmem_free(minor_name, MAXPATHLEN);
1364  	if (devid)
1365  		kmem_free(devid, devid_len);
1366  	return (ret);
1367  }
1368  
1369  /*
1370   * Return the size of the minor name.
1371   */
1372  static int
1373  modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1374  {
1375  	uint_t	sz;
1376  	char	*name;
1377  
1378  	/* get the minor name */
1379  	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1380  		return (EINVAL);
1381  
1382  	sz = strlen(name) + 1;
1383  	kmem_free(name, sz);
1384  
1385  	/* copy out the size of the minor name */
1386  	if (copyout(&sz, len, sizeof (sz)) != 0)
1387  		return (EFAULT);
1388  
1389  	return (0);
1390  }
1391  
1392  /*
1393   * Return the minor name.
1394   */
1395  static int
1396  modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1397  {
1398  	uint_t	sz;
1399  	char	*name;
1400  	int	err = 0;
1401  
1402  	/* get the minor name */
1403  	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1404  		return (EINVAL);
1405  
1406  	sz = strlen(name) + 1;
1407  
1408  	/* Error if the minor name is larger than the space allocated */
1409  	if (sz > len) {
1410  		kmem_free(name, sz);
1411  		return (ENOSPC);
1412  	}
1413  
1414  	/* copy out the minor name */
1415  	if (copyout(name, uname, sz) != 0)
1416  		err = EFAULT;
1417  	kmem_free(name, sz);
1418  	return (err);
1419  }
1420  
1421  /*
1422   * Return the size of the (dev_t,spectype) devfspath name.
1423   */
1424  static int
1425  modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1426  {
1427  	uint_t	sz;
1428  	char	*name;
1429  
1430  	/* get the path name */
1431  	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1432  	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1433  		kmem_free(name, MAXPATHLEN);
1434  		return (EINVAL);
1435  	}
1436  
1437  	sz = strlen(name) + 1;
1438  	kmem_free(name, MAXPATHLEN);
1439  
1440  	/* copy out the size of the path name */
1441  	if (copyout(&sz, len, sizeof (sz)) != 0)
1442  		return (EFAULT);
1443  
1444  	return (0);
1445  }
1446  
1447  /*
1448   * Return the (dev_t,spectype) devfspath name.
1449   */
1450  static int
1451  modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1452  {
1453  	uint_t	sz;
1454  	char	*name;
1455  	int	err = 0;
1456  
1457  	/* get the path name */
1458  	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1459  	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1460  		kmem_free(name, MAXPATHLEN);
1461  		return (EINVAL);
1462  	}
1463  
1464  	sz = strlen(name) + 1;
1465  
1466  	/* Error if the path name is larger than the space allocated */
1467  	if (sz > len) {
1468  		kmem_free(name, MAXPATHLEN);
1469  		return (ENOSPC);
1470  	}
1471  
1472  	/* copy out the path name */
1473  	if (copyout(name, uname, sz) != 0)
1474  		err = EFAULT;
1475  	kmem_free(name, MAXPATHLEN);
1476  	return (err);
1477  }
1478  
1479  /*
1480   * Return the size of the (major,instance) devfspath name.
1481   */
1482  static int
1483  modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1484  {
1485  	uint_t	sz;
1486  	char	*name;
1487  
1488  	/* get the path name */
1489  	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1490  	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1491  		kmem_free(name, MAXPATHLEN);
1492  		return (EINVAL);
1493  	}
1494  
1495  	sz = strlen(name) + 1;
1496  	kmem_free(name, MAXPATHLEN);
1497  
1498  	/* copy out the size of the path name */
1499  	if (copyout(&sz, len, sizeof (sz)) != 0)
1500  		return (EFAULT);
1501  
1502  	return (0);
1503  }
1504  
1505  /*
1506   * Return the (major_instance) devfspath name.
1507   * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1508   * return a path - it uses the instance tree.
1509   */
1510  static int
1511  modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1512  {
1513  	uint_t	sz;
1514  	char	*name;
1515  	int	err = 0;
1516  
1517  	/* get the path name */
1518  	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1519  	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1520  		kmem_free(name, MAXPATHLEN);
1521  		return (EINVAL);
1522  	}
1523  
1524  	sz = strlen(name) + 1;
1525  
1526  	/* Error if the path name is larger than the space allocated */
1527  	if (sz > len) {
1528  		kmem_free(name, MAXPATHLEN);
1529  		return (ENOSPC);
1530  	}
1531  
1532  	/* copy out the path name */
1533  	if (copyout(name, uname, sz) != 0)
1534  		err = EFAULT;
1535  	kmem_free(name, MAXPATHLEN);
1536  	return (err);
1537  }
1538  
1539  static int
1540  modctl_get_fbname(char *path)
1541  {
1542  	extern dev_t fbdev;
1543  	char *pathname = NULL;
1544  	int rval = 0;
1545  
1546  	/* make sure fbdev is set before we plunge in */
1547  	if (fbdev == NODEV)
1548  		return (ENODEV);
1549  
1550  	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1551  	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1552  	    pathname)) == DDI_SUCCESS) {
1553  		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1554  			rval = EFAULT;
1555  		}
1556  	}
1557  	kmem_free(pathname, MAXPATHLEN);
1558  	return (rval);
1559  }
1560  
1561  /*
1562   * modctl_reread_dacf()
1563   *	Reread the dacf rules database from the named binding file.
1564   *	If NULL is specified, pass along the NULL, it means 'use the default'.
1565   */
1566  static int
1567  modctl_reread_dacf(char *path)
1568  {
1569  	int rval = 0;
1570  	char *filename, *filenamep;
1571  
1572  	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1573  
1574  	if (path == NULL) {
1575  		filenamep = NULL;
1576  	} else {
1577  		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1578  			rval = EFAULT;
1579  			goto out;
1580  		}
1581  		filenamep = filename;
1582  		filenamep[MAXPATHLEN - 1] = '\0';
1583  	}
1584  
1585  	rval = read_dacf_binding_file(filenamep);
1586  out:
1587  	kmem_free(filename, MAXPATHLEN);
1588  	return (rval);
1589  }
1590  
1591  /*ARGSUSED*/
1592  static int
1593  modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1594      uint_t flag)
1595  {
1596  	int error = 0;
1597  	char *filenamep;
1598  
1599  	switch (subcmd) {
1600  
1601  	case MODEVENTS_FLUSH:
1602  		/* flush all currently queued events */
1603  		log_sysevent_flushq(subcmd, flag);
1604  		break;
1605  
1606  	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1607  		/*
1608  		 * bind door_upcall to filename
1609  		 * this should only be done once per invocation
1610  		 * of the event daemon.
1611  		 */
1612  
1613  		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1614  
1615  		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1616  			error = EFAULT;
1617  		} else {
1618  			error = log_sysevent_filename(filenamep);
1619  		}
1620  		kmem_free(filenamep, MOD_MAXPATH);
1621  		break;
1622  
1623  	case MODEVENTS_GETDATA:
1624  		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1625  		    (size_t)a3, (caddr_t)a4);
1626  		break;
1627  
1628  	case MODEVENTS_FREEDATA:
1629  		error = log_sysevent_free_data((sysevent_id_t *)a2);
1630  		break;
1631  	case MODEVENTS_POST_EVENT:
1632  		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1633  		    (sysevent_id_t *)a4);
1634  		break;
1635  	case MODEVENTS_REGISTER_EVENT:
1636  		error = log_sysevent_register((char *)a2, (char *)a3,
1637  		    (se_pubsub_t *)a4);
1638  		break;
1639  	default:
1640  		error = EINVAL;
1641  	}
1642  
1643  	return (error);
1644  }
1645  
1646  static void
1647  free_mperm(mperm_t *mp)
1648  {
1649  	int len;
1650  
1651  	if (mp->mp_minorname) {
1652  		len = strlen(mp->mp_minorname) + 1;
1653  		kmem_free(mp->mp_minorname, len);
1654  	}
1655  	kmem_free(mp, sizeof (mperm_t));
1656  }
1657  
1658  #define	MP_NO_DRV_ERR	\
1659  	"/etc/minor_perm: no driver for %s\n"
1660  
1661  #define	MP_EMPTY_MINOR	\
1662  	"/etc/minor_perm: empty minor name for driver %s\n"
1663  
1664  #define	MP_NO_MINOR	\
1665  	"/etc/minor_perm: no minor matching %s for driver %s\n"
1666  
1667  /*
1668   * Remove mperm entry with matching minorname
1669   */
1670  static void
1671  rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1672  {
1673  	mperm_t **mp_head;
1674  	mperm_t *freemp = NULL;
1675  	struct devnames *dnp = &devnamesp[major];
1676  	mperm_t **wildmp;
1677  
1678  	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1679  
1680  	LOCK_DEV_OPS(&dnp->dn_lock);
1681  	if (strcmp(mp->mp_minorname, "*") == 0) {
1682  		wildmp = ((is_clone == 0) ?
1683  		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1684  		if (*wildmp)
1685  			freemp = *wildmp;
1686  		*wildmp = NULL;
1687  	} else {
1688  		mp_head = &dnp->dn_mperm;
1689  		while (*mp_head) {
1690  			if (strcmp((*mp_head)->mp_minorname,
1691  			    mp->mp_minorname) != 0) {
1692  				mp_head = &(*mp_head)->mp_next;
1693  				continue;
1694  			}
1695  			/* remove the entry */
1696  			freemp = *mp_head;
1697  			*mp_head = freemp->mp_next;
1698  			break;
1699  		}
1700  	}
1701  	if (freemp) {
1702  		if (moddebug & MODDEBUG_MINORPERM) {
1703  			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1704  			    drvname, freemp->mp_minorname,
1705  			    freemp->mp_mode & 0777,
1706  			    freemp->mp_uid, freemp->mp_gid);
1707  		}
1708  		free_mperm(freemp);
1709  	} else {
1710  		if (moddebug & MODDEBUG_MINORPERM) {
1711  			cmn_err(CE_CONT, MP_NO_MINOR,
1712  			    drvname, mp->mp_minorname);
1713  		}
1714  	}
1715  
1716  	UNLOCK_DEV_OPS(&dnp->dn_lock);
1717  }
1718  
1719  /*
1720   * Add minor perm entry
1721   */
1722  static void
1723  add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1724  {
1725  	mperm_t **mp_head;
1726  	mperm_t *freemp = NULL;
1727  	struct devnames *dnp = &devnamesp[major];
1728  	mperm_t **wildmp;
1729  
1730  	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1731  
1732  	/*
1733  	 * Note that update_drv replace semantics require
1734  	 * replacing matching entries with the new permissions.
1735  	 */
1736  	LOCK_DEV_OPS(&dnp->dn_lock);
1737  	if (strcmp(mp->mp_minorname, "*") == 0) {
1738  		wildmp = ((is_clone == 0) ?
1739  		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1740  		if (*wildmp)
1741  			freemp = *wildmp;
1742  		*wildmp = mp;
1743  	} else {
1744  		mperm_t *p, *v = NULL;
1745  		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1746  			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1747  				if (v == NULL)
1748  					dnp->dn_mperm = mp;
1749  				else
1750  					v->mp_next = mp;
1751  				mp->mp_next = p->mp_next;
1752  				freemp = p;
1753  				goto replaced;
1754  			}
1755  		}
1756  		if (p == NULL) {
1757  			mp_head = &dnp->dn_mperm;
1758  			if (*mp_head == NULL) {
1759  				*mp_head = mp;
1760  			} else {
1761  				mp->mp_next = *mp_head;
1762  				*mp_head = mp;
1763  			}
1764  		}
1765  	}
1766  replaced:
1767  	if (freemp) {
1768  		if (moddebug & MODDEBUG_MINORPERM) {
1769  			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1770  			    drvname, freemp->mp_minorname,
1771  			    freemp->mp_mode & 0777,
1772  			    freemp->mp_uid, freemp->mp_gid);
1773  		}
1774  		free_mperm(freemp);
1775  	}
1776  	if (moddebug & MODDEBUG_MINORPERM) {
1777  		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1778  		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1779  		    mp->mp_uid, mp->mp_gid);
1780  	}
1781  	UNLOCK_DEV_OPS(&dnp->dn_lock);
1782  }
1783  
1784  
1785  static int
1786  process_minorperm(int cmd, nvlist_t *nvl)
1787  {
1788  	char *minor;
1789  	major_t major;
1790  	mperm_t *mp;
1791  	nvpair_t *nvp;
1792  	char *name;
1793  	int is_clone;
1794  	major_t minmaj;
1795  
1796  	ASSERT(cmd == MODLOADMINORPERM ||
1797  	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1798  
1799  	nvp = NULL;
1800  	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1801  		name = nvpair_name(nvp);
1802  
1803  		is_clone = 0;
1804  		(void) nvpair_value_string(nvp, &minor);
1805  		major = ddi_name_to_major(name);
1806  		if (major != DDI_MAJOR_T_NONE) {
1807  			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1808  			if (minor == NULL || strlen(minor) == 0) {
1809  				if (moddebug & MODDEBUG_MINORPERM) {
1810  					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1811  				}
1812  				minor = "*";
1813  			}
1814  
1815  			/*
1816  			 * The minor name of a node using the clone
1817  			 * driver must be the driver name.  To avoid
1818  			 * multiple searches, we map entries in the form
1819  			 * clone:<driver> to <driver>:*.  This also allows us
1820  			 * to filter out some of the litter in /etc/minor_perm.
1821  			 * Minor perm alias entries where the name is not
1822  			 * the driver kept on the clone list itself.
1823  			 * This all seems very fragile as a driver could
1824  			 * be introduced with an existing alias name.
1825  			 */
1826  			if (strcmp(name, "clone") == 0) {
1827  				minmaj = ddi_name_to_major(minor);
1828  				if (minmaj != DDI_MAJOR_T_NONE) {
1829  					if (moddebug & MODDEBUG_MINORPERM) {
1830  						cmn_err(CE_CONT,
1831  						    "mapping %s:%s to %s:*\n",
1832  						    name, minor, minor);
1833  					}
1834  					major = minmaj;
1835  					name = minor;
1836  					minor = "*";
1837  					is_clone = 1;
1838  				}
1839  			}
1840  
1841  			if (mp) {
1842  				mp->mp_minorname =
1843  				    i_ddi_strdup(minor, KM_SLEEP);
1844  			}
1845  		} else {
1846  			mp = NULL;
1847  			if (moddebug & MODDEBUG_MINORPERM) {
1848  				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1849  			}
1850  		}
1851  
1852  		/* mode */
1853  		nvp = nvlist_next_nvpair(nvl, nvp);
1854  		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1855  		if (mp)
1856  			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1857  		/* uid */
1858  		nvp = nvlist_next_nvpair(nvl, nvp);
1859  		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1860  		if (mp)
1861  			(void) nvpair_value_uint32(nvp, &mp->mp_uid);
1862  		/* gid */
1863  		nvp = nvlist_next_nvpair(nvl, nvp);
1864  		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1865  		if (mp) {
1866  			(void) nvpair_value_uint32(nvp, &mp->mp_gid);
1867  
1868  			if (cmd == MODREMMINORPERM) {
1869  				rem_minorperm(major, name, mp, is_clone);
1870  				free_mperm(mp);
1871  			} else {
1872  				add_minorperm(major, name, mp, is_clone);
1873  			}
1874  		}
1875  	}
1876  
1877  	if (cmd == MODLOADMINORPERM)
1878  		minorperm_loaded = 1;
1879  
1880  	/*
1881  	 * Reset permissions of cached dv_nodes
1882  	 */
1883  	(void) devfs_reset_perm(DV_RESET_PERM);
1884  
1885  	return (0);
1886  }
1887  
1888  static int
1889  modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1890  {
1891  	int error;
1892  	nvlist_t *nvl;
1893  	char *buf = kmem_alloc(buflen, KM_SLEEP);
1894  
1895  	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1896  		kmem_free(buf, buflen);
1897  		return (error);
1898  	}
1899  
1900  	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1901  	kmem_free(buf, buflen);
1902  	if (error)
1903  		return (error);
1904  
1905  	error = process_minorperm(cmd, nvl);
1906  	nvlist_free(nvl);
1907  	return (error);
1908  }
1909  
1910  struct walk_args {
1911  	char		*wa_drvname;
1912  	list_t		wa_pathlist;
1913  };
1914  
1915  struct path_elem {
1916  	char		*pe_dir;
1917  	char		*pe_nodename;
1918  	list_node_t	pe_node;
1919  	int		pe_dirlen;
1920  };
1921  
1922  /*ARGSUSED*/
1923  static int
1924  modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1925  {
1926  	struct walk_args *wargs = (struct walk_args *)arg;
1927  	struct path_elem *pe;
1928  	char *nodename;
1929  
1930  	/*
1931  	 * Search may be restricted to a single driver in the case of rem_drv
1932  	 */
1933  	if (wargs->wa_drvname &&
1934  	    strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1935  		return (INST_WALK_CONTINUE);
1936  
1937  	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1938  	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1939  	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1940  	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1941  	nodename = strrchr(pe->pe_dir, '/');
1942  	*nodename++ = 0;
1943  	pe->pe_nodename = nodename;
1944  	list_insert_tail(&wargs->wa_pathlist, pe);
1945  
1946  	return (INST_WALK_CONTINUE);
1947  }
1948  
1949  /*
1950   * /devices attribute nodes clean-up optionally performed
1951   * when removing a driver (rem_drv -C).
1952   *
1953   * Removing attribute nodes allows a machine to be reprovisioned
1954   * without the side-effect of inadvertently picking up stale
1955   * device node ownership or permissions.
1956   *
1957   * Preserving attributes (not performing cleanup) allows devices
1958   * attribute changes to be preserved across upgrades, as
1959   * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1960   */
1961  static int
1962  modctl_remdrv_cleanup(const char *u_drvname)
1963  {
1964  	struct walk_args *wargs;
1965  	struct path_elem *pe;
1966  	char *drvname;
1967  	int err, rval = 0;
1968  
1969  	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
1970  	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
1971  		kmem_free(drvname, MAXMODCONFNAME);
1972  		return (err);
1973  	}
1974  
1975  	/*
1976  	 * First go through the instance database.  For each
1977  	 * instance of a device bound to the driver being
1978  	 * removed, remove any underlying devfs attribute nodes.
1979  	 *
1980  	 * This is a two-step process.  First we go through
1981  	 * the instance data itself, constructing a list of
1982  	 * the nodes discovered.  The second step is then
1983  	 * to find and remove any devfs attribute nodes
1984  	 * for the instances discovered in the first step.
1985  	 * The two-step process avoids any difficulties
1986  	 * which could arise by holding the instance data
1987  	 * lock with simultaneous devfs operations.
1988  	 */
1989  	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
1990  
1991  	wargs->wa_drvname = drvname;
1992  	list_create(&wargs->wa_pathlist,
1993  	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
1994  
1995  	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
1996  
1997  	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
1998  	    pe = list_next(&wargs->wa_pathlist, pe)) {
1999  		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2000  		    (const char *)pe->pe_nodename);
2001  		if (rval == 0)
2002  			rval = err;
2003  	}
2004  
2005  	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2006  		list_remove(&wargs->wa_pathlist, pe);
2007  		kmem_free(pe->pe_dir, pe->pe_dirlen);
2008  		kmem_free(pe, sizeof (*pe));
2009  	}
2010  	kmem_free(wargs, sizeof (*wargs));
2011  
2012  	/*
2013  	 * Pseudo nodes aren't recorded in the instance database
2014  	 * so any such nodes need to be handled separately.
2015  	 */
2016  	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2017  	if (rval == 0)
2018  		rval = err;
2019  
2020  	kmem_free(drvname, MAXMODCONFNAME);
2021  	return (rval);
2022  }
2023  
2024  /*
2025   * Perform a cleanup of non-existent /devices attribute nodes,
2026   * similar to rem_drv -C, but for all drivers/devices.
2027   * This is also optional, performed as part of devfsadm -C.
2028   */
2029  void
2030  dev_devices_cleanup()
2031  {
2032  	struct walk_args *wargs;
2033  	struct path_elem *pe;
2034  	dev_info_t *devi;
2035  	char *path;
2036  	int err;
2037  
2038  	/*
2039  	 * It's expected that all drivers have been loaded and
2040  	 * module unloading disabled while performing cleanup.
2041  	 */
2042  	ASSERT(modunload_disable_count > 0);
2043  
2044  	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2045  	wargs->wa_drvname = NULL;
2046  	list_create(&wargs->wa_pathlist,
2047  	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2048  
2049  	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2050  
2051  	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2052  
2053  	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2054  	    pe = list_next(&wargs->wa_pathlist, pe)) {
2055  		(void) snprintf(path, MAXPATHLEN, "%s/%s",
2056  		    pe->pe_dir, pe->pe_nodename);
2057  		devi = e_ddi_hold_devi_by_path(path, 0);
2058  		if (devi != NULL) {
2059  			ddi_release_devi(devi);
2060  		} else {
2061  			err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2062  			    (const char *)pe->pe_nodename);
2063  			if (err) {
2064  				cmn_err(CE_CONT,
2065  				    "devfs: %s: clean-up error %d\n",
2066  				    path, err);
2067  			}
2068  		}
2069  	}
2070  
2071  	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2072  		list_remove(&wargs->wa_pathlist, pe);
2073  		kmem_free(pe->pe_dir, pe->pe_dirlen);
2074  		kmem_free(pe, sizeof (*pe));
2075  	}
2076  	kmem_free(wargs, sizeof (*wargs));
2077  	kmem_free(path, MAXPATHLEN);
2078  }
2079  
2080  static int
2081  modctl_allocpriv(const char *name)
2082  {
2083  	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2084  	int error;
2085  
2086  	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2087  		kmem_free(pstr, PRIVNAME_MAX);
2088  		return (error);
2089  	}
2090  	error = priv_getbyname(pstr, PRIV_ALLOC);
2091  	if (error < 0)
2092  		error = -error;
2093  	else
2094  		error = 0;
2095  	kmem_free(pstr, PRIVNAME_MAX);
2096  	return (error);
2097  }
2098  
2099  static int
2100  modctl_devexists(const char *upath, int pathlen)
2101  {
2102  	char	*path;
2103  	int	ret;
2104  
2105  	/*
2106  	 * copy in the path, including the terminating null
2107  	 */
2108  	pathlen++;
2109  	if (pathlen <= 1 || pathlen > MAXPATHLEN)
2110  		return (EINVAL);
2111  	path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2112  	if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2113  		ret = sdev_modctl_devexists(path);
2114  	}
2115  
2116  	kmem_free(path, pathlen + 1);
2117  	return (ret);
2118  }
2119  
2120  static int
2121  modctl_devreaddir(const char *udir, int udirlen,
2122      char *upaths, int64_t *ulensp)
2123  {
2124  	char	*paths = NULL;
2125  	char	**dirlist = NULL;
2126  	char	*dir;
2127  	int64_t	ulens;
2128  	int64_t	lens;
2129  	int	i, n;
2130  	int	ret = 0;
2131  	char	*p;
2132  	int	npaths;
2133  	int	npaths_alloc;
2134  
2135  	/*
2136  	 * If upaths is NULL then we are only computing the amount of space
2137  	 * needed to return the paths, with the value returned in *ulensp. If we
2138  	 * are copying out paths then we get the amount of space allocated by
2139  	 * the caller. If the actual space needed for paths is larger, or
2140  	 * things are changing out from under us, then we return EAGAIN.
2141  	 */
2142  	if (upaths) {
2143  		if (ulensp == NULL)
2144  			return (EINVAL);
2145  		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2146  			return (EFAULT);
2147  	}
2148  
2149  	/*
2150  	 * copyin the /dev path including terminating null
2151  	 */
2152  	udirlen++;
2153  	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2154  		return (EINVAL);
2155  	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2156  	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2157  		goto err;
2158  
2159  	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2160  	    &npaths, &npaths_alloc, 0)) != 0) {
2161  		ASSERT(dirlist == NULL);
2162  		goto err;
2163  	}
2164  
2165  	lens = 0;
2166  	for (i = 0; i < npaths; i++) {
2167  		lens += strlen(dirlist[i]) + 1;
2168  	}
2169  	lens++;		/* add one for double termination */
2170  
2171  	if (upaths) {
2172  		if (lens > ulens) {
2173  			ret = EAGAIN;
2174  			goto out;
2175  		}
2176  
2177  		paths = kmem_alloc(lens, KM_SLEEP);
2178  
2179  		p = paths;
2180  		for (i = 0; i < npaths; i++) {
2181  			n = strlen(dirlist[i]) + 1;
2182  			bcopy(dirlist[i], p, n);
2183  			p += n;
2184  		}
2185  		*p = 0;
2186  
2187  		if (copyout(paths, upaths, lens)) {
2188  			ret = EFAULT;
2189  			goto err;
2190  		}
2191  	}
2192  
2193  out:
2194  	/* copy out the amount of space needed to hold the paths */
2195  	if (copyout(&lens, ulensp, sizeof (lens)))
2196  		ret = EFAULT;
2197  
2198  err:
2199  	if (dirlist)
2200  		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2201  	if (paths)
2202  		kmem_free(paths, lens);
2203  	kmem_free(dir, udirlen + 1);
2204  	return (ret);
2205  }
2206  
2207  static int
2208  modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2209  {
2210  	char	*dir;
2211  	int	ret;
2212  	char	**dirlist = NULL;
2213  	int	npaths;
2214  	int	npaths_alloc;
2215  	int	empty;
2216  
2217  	/*
2218  	 * copyin the /dev path including terminating null
2219  	 */
2220  	udirlen++;
2221  	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2222  		return (EINVAL);
2223  	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2224  	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2225  		goto err;
2226  
2227  	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2228  	    &npaths, &npaths_alloc, 1)) != 0) {
2229  		goto err;
2230  	}
2231  
2232  	empty = npaths ? 0 : 1;
2233  	if (copyout(&empty, uempty, sizeof (empty)))
2234  		ret = EFAULT;
2235  
2236  err:
2237  	if (dirlist)
2238  		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2239  	kmem_free(dir, udirlen + 1);
2240  	return (ret);
2241  }
2242  
2243  int
2244  modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2245  {
2246  	int error = 0;
2247  
2248  	switch (subcmd) {
2249  	case MODDEVNAME_LOOKUPDOOR:
2250  		error = devname_filename_register((char *)a1);
2251  		break;
2252  	case MODDEVNAME_PROFILE:
2253  		error = devname_profile_update((char *)a1, (size_t)a2);
2254  		break;
2255  	case MODDEVNAME_RECONFIG:
2256  		i_ddi_set_reconfig();
2257  		break;
2258  	case MODDEVNAME_SYSAVAIL:
2259  		i_ddi_set_sysavail();
2260  		break;
2261  	default:
2262  		error = EINVAL;
2263  		break;
2264  	}
2265  
2266  	return (error);
2267  }
2268  
2269  /*ARGSUSED5*/
2270  int
2271  modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2272      uintptr_t a5)
2273  {
2274  	int	error = EINVAL;
2275  	dev_t	dev;
2276  
2277  	if (secpolicy_modctl(CRED(), cmd) != 0)
2278  		return (set_errno(EPERM));
2279  
2280  	switch (cmd) {
2281  	case MODLOAD:		/* load a module */
2282  		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2283  		break;
2284  
2285  	case MODUNLOAD:		/* unload a module */
2286  		error = modctl_modunload((modid_t)a1);
2287  		break;
2288  
2289  	case MODINFO:		/* get module status */
2290  		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2291  		break;
2292  
2293  	case MODRESERVED:	/* get last major number in range */
2294  		error = modctl_modreserve((modid_t)a1, (int *)a2);
2295  		break;
2296  
2297  	case MODSETMINIROOT:	/* we are running in miniroot */
2298  		isminiroot = 1;
2299  		error = 0;
2300  		break;
2301  
2302  	case MODADDMAJBIND:	/* add major / driver alias bindings */
2303  		error = modctl_add_driver_aliases((int *)a2);
2304  		break;
2305  
2306  	case MODGETPATHLEN:	/* get modpath length */
2307  		error = modctl_getmodpathlen((int *)a2);
2308  		break;
2309  
2310  	case MODGETPATH:	/* get modpath */
2311  		error = modctl_getmodpath((char *)a2);
2312  		break;
2313  
2314  	case MODREADSYSBIND:	/* read system call binding file */
2315  		error = modctl_read_sysbinding_file();
2316  		break;
2317  
2318  	case MODGETMAJBIND:	/* get major number for named device */
2319  		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2320  		break;
2321  
2322  	case MODGETNAME:	/* get name of device given major number */
2323  		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2324  		break;
2325  
2326  	case MODDEVT2INSTANCE:
2327  		if (get_udatamodel() == DATAMODEL_NATIVE) {
2328  			dev = (dev_t)a1;
2329  		}
2330  #ifdef _SYSCALL32_IMPL
2331  		else {
2332  			dev = expldev(a1);
2333  		}
2334  #endif
2335  		error = modctl_devt2instance(dev, (int *)a2);
2336  		break;
2337  
2338  	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
2339  		if (get_udatamodel() == DATAMODEL_NATIVE) {
2340  			dev = (dev_t)a1;
2341  		}
2342  #ifdef _SYSCALL32_IMPL
2343  		else {
2344  			dev = expldev(a1);
2345  		}
2346  #endif
2347  		error = modctl_sizeof_devid(dev, (uint_t *)a2);
2348  		break;
2349  
2350  	case MODGETDEVID:	/* get device id of device given dev_t */
2351  		if (get_udatamodel() == DATAMODEL_NATIVE) {
2352  			dev = (dev_t)a1;
2353  		}
2354  #ifdef _SYSCALL32_IMPL
2355  		else {
2356  			dev = expldev(a1);
2357  		}
2358  #endif
2359  		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2360  		break;
2361  
2362  	case MODSIZEOF_MINORNAME:	/* sizeof minor nm (dev_t,spectype) */
2363  		if (get_udatamodel() == DATAMODEL_NATIVE) {
2364  			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2365  			    (uint_t *)a3);
2366  		}
2367  #ifdef _SYSCALL32_IMPL
2368  		else {
2369  			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2370  			    (uint_t *)a3);
2371  		}
2372  
2373  #endif
2374  		break;
2375  
2376  	case MODGETMINORNAME:		/* get minor name of (dev_t,spectype) */
2377  		if (get_udatamodel() == DATAMODEL_NATIVE) {
2378  			error = modctl_get_minorname((dev_t)a1, (int)a2,
2379  			    (uint_t)a3, (char *)a4);
2380  		}
2381  #ifdef _SYSCALL32_IMPL
2382  		else {
2383  			error = modctl_get_minorname(expldev(a1), (int)a2,
2384  			    (uint_t)a3, (char *)a4);
2385  		}
2386  #endif
2387  		break;
2388  
2389  	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of (dev_t,spectype) */
2390  		if (get_udatamodel() == DATAMODEL_NATIVE) {
2391  			error = modctl_devfspath_len((dev_t)a1, (int)a2,
2392  			    (uint_t *)a3);
2393  		}
2394  #ifdef _SYSCALL32_IMPL
2395  		else {
2396  			error = modctl_devfspath_len(expldev(a1), (int)a2,
2397  			    (uint_t *)a3);
2398  		}
2399  
2400  #endif
2401  		break;
2402  
2403  	case MODGETDEVFSPATH:   	/* get path name of (dev_t,spec) type */
2404  		if (get_udatamodel() == DATAMODEL_NATIVE) {
2405  			error = modctl_devfspath((dev_t)a1, (int)a2,
2406  			    (uint_t)a3, (char *)a4);
2407  		}
2408  #ifdef _SYSCALL32_IMPL
2409  		else {
2410  			error = modctl_devfspath(expldev(a1), (int)a2,
2411  			    (uint_t)a3, (char *)a4);
2412  		}
2413  #endif
2414  		break;
2415  
2416  	case MODGETDEVFSPATH_MI_LEN:	/* sizeof path nm of (major,instance) */
2417  		error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2418  		    (uint_t *)a3);
2419  		break;
2420  
2421  	case MODGETDEVFSPATH_MI:   	/* get path name of (major,instance) */
2422  		error = modctl_devfspath_mi((major_t)a1, (int)a2,
2423  		    (uint_t)a3, (char *)a4);
2424  		break;
2425  
2426  
2427  	case MODEVENTS:
2428  		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2429  		break;
2430  
2431  	case MODGETFBNAME:	/* get the framebuffer name */
2432  		error = modctl_get_fbname((char *)a1);
2433  		break;
2434  
2435  	case MODREREADDACF:	/* reread dacf rule database from given file */
2436  		error = modctl_reread_dacf((char *)a1);
2437  		break;
2438  
2439  	case MODLOADDRVCONF:	/* load driver.conf file for major */
2440  		error = modctl_load_drvconf((major_t)a1);
2441  		break;
2442  
2443  	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
2444  		error = modctl_unload_drvconf((major_t)a1);
2445  		break;
2446  
2447  	case MODREMMAJBIND:	/* remove a major binding */
2448  		error = modctl_rem_major((major_t)a1);
2449  		break;
2450  
2451  	case MODREMDRVALIAS:	/* remove a major/alias binding */
2452  		error = modctl_remove_driver_aliases((int *)a2);
2453  		break;
2454  
2455  	case MODDEVID2PATHS:	/* get paths given devid */
2456  		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2457  		    (uint_t)a3, (size_t *)a4, (char *)a5);
2458  		break;
2459  
2460  	case MODSETDEVPOLICY:	/* establish device policy */
2461  		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2462  		break;
2463  
2464  	case MODGETDEVPOLICY:	/* get device policy */
2465  		error = devpolicy_get((int *)a1, (size_t)a2,
2466  		    (devplcysys_t *)a3);
2467  		break;
2468  
2469  	case MODALLOCPRIV:
2470  		error = modctl_allocpriv((const char *)a1);
2471  		break;
2472  
2473  	case MODGETDEVPOLICYBYNAME:
2474  		error = devpolicy_getbyname((size_t)a1,
2475  		    (devplcysys_t *)a2, (char *)a3);
2476  		break;
2477  
2478  	case MODLOADMINORPERM:
2479  	case MODADDMINORPERM:
2480  	case MODREMMINORPERM:
2481  		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2482  		break;
2483  
2484  	case MODREMDRVCLEANUP:
2485  		error = modctl_remdrv_cleanup((const char *)a1);
2486  		break;
2487  
2488  	case MODDEVEXISTS:	/* non-reconfiguring /dev lookup */
2489  		error = modctl_devexists((const char *)a1, (size_t)a2);
2490  		break;
2491  
2492  	case MODDEVREADDIR:	/* non-reconfiguring /dev readdir */
2493  		error = modctl_devreaddir((const char *)a1, (size_t)a2,
2494  		    (char *)a3, (int64_t *)a4);
2495  		break;
2496  
2497  	case MODDEVEMPTYDIR:	/* non-reconfiguring /dev emptydir */
2498  		error = modctl_devemptydir((const char *)a1, (size_t)a2,
2499  		    (int *)a3);
2500  		break;
2501  
2502  	case MODDEVNAME:
2503  		error = modctl_moddevname((int)a1, a2, a3);
2504  		break;
2505  
2506  	case MODRETIRE:	/* retire device named by physpath a1 */
2507  		error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2508  		break;
2509  
2510  	case MODISRETIRED:  /* check if a device is retired. */
2511  		error = modctl_is_retired((char *)a1, (int *)a2);
2512  		break;
2513  
2514  	case MODUNRETIRE:	/* unretire device named by physpath a1 */
2515  		error = modctl_unretire((char *)a1);
2516  		break;
2517  
2518  	default:
2519  		error = EINVAL;
2520  		break;
2521  	}
2522  
2523  	return (error ? set_errno(error) : 0);
2524  }
2525  
2526  /*
2527   * Calls to kobj_load_module()() are handled off to this routine in a
2528   * separate thread.
2529   */
2530  static void
2531  modload_thread(struct loadmt *ltp)
2532  {
2533  	/* load the module and signal the creator of this thread */
2534  	kmutex_t	cpr_lk;
2535  	callb_cpr_t	cpr_i;
2536  
2537  	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2538  	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2539  	/* borrow the devi lock from thread which invoked us */
2540  	pm_borrow_lock(ltp->owner);
2541  	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2542  	pm_return_lock();
2543  	sema_v(&ltp->sema);
2544  	mutex_enter(&cpr_lk);
2545  	CALLB_CPR_EXIT(&cpr_i);
2546  	mutex_destroy(&cpr_lk);
2547  	thread_exit();
2548  }
2549  
2550  /*
2551   * load a module, adding a reference if caller specifies rmodp.  If rmodp
2552   * is specified then an errno is returned, otherwise a module index is
2553   * returned (-1 on error).
2554   */
2555  static int
2556  modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2557  {
2558  	struct modctl *modp;
2559  	size_t size;
2560  	char *fullname;
2561  	int retval = EINVAL;
2562  	int id = -1;
2563  
2564  	if (rmodp)
2565  		*rmodp = NULL;			/* avoid garbage */
2566  
2567  	if (subdir != NULL) {
2568  		/*
2569  		 * refuse / in filename to prevent "../" escapes.
2570  		 */
2571  		if (strchr(filename, '/') != NULL)
2572  			return (rmodp ? retval : id);
2573  
2574  		/*
2575  		 * allocate enough space for <subdir>/<filename><NULL>
2576  		 */
2577  		size = strlen(subdir) + strlen(filename) + 2;
2578  		fullname = kmem_zalloc(size, KM_SLEEP);
2579  		(void) sprintf(fullname, "%s/%s", subdir, filename);
2580  	} else {
2581  		fullname = (char *)filename;
2582  	}
2583  
2584  	modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2585  	if (modp != NULL) {
2586  		id = modp->mod_id;
2587  		if (rmodp) {
2588  			/* add mod_ref and return *rmodp */
2589  			mutex_enter(&mod_lock);
2590  			modp->mod_ref++;
2591  			mutex_exit(&mod_lock);
2592  			*rmodp = modp;
2593  		}
2594  		mod_release_mod(modp);
2595  		CPU_STATS_ADDQ(CPU, sys, modload, 1);
2596  	}
2597  
2598  done:	if (subdir != NULL)
2599  		kmem_free(fullname, size);
2600  	return (rmodp ? retval : id);
2601  }
2602  
2603  /*
2604   * This is the primary kernel interface to load a module. It loads and
2605   * installs the named module.  It does not hold mod_ref of the module, so
2606   * a module unload attempt can occur at any time - it is up to the
2607   * _fini/mod_remove implementation to determine if unload will succeed.
2608   */
2609  int
2610  modload(const char *subdir, const char *filename)
2611  {
2612  	return (modrload(subdir, filename, NULL));
2613  }
2614  
2615  /*
2616   * Load a module using a series of qualified names from most specific to least
2617   * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2618   *			Value returned in *chosen
2619   * foo/bar.baz.1.2.3	3
2620   * foo/bar.baz.1.2	2
2621   * foo/bar.baz.1	1
2622   * foo/bar.baz		0
2623   *
2624   * Return the module ID on success; -1 if no module was loaded.  On success
2625   * and if 'chosen' is not NULL we also return the number of suffices that
2626   * were in the module we chose to load.
2627   */
2628  int
2629  modload_qualified(const char *subdir, const char *p1,
2630      const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2631  {
2632  	char path[MOD_MAXPATH];
2633  	size_t n, resid = sizeof (path);
2634  	char *p = path;
2635  
2636  	char **dotv;
2637  	int i, rc, id;
2638  	modctl_t *mp;
2639  
2640  	if (p2 != NULL)
2641  		n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2642  	else
2643  		n = snprintf(p, resid, "%s/%s", subdir, p1);
2644  
2645  	if (n >= resid)
2646  		return (-1);
2647  
2648  	p += n;
2649  	resid -= n;
2650  	dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2651  
2652  	for (i = 0; i < suffc; i++) {
2653  		dotv[i] = p;
2654  		n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2655  
2656  		if (n >= resid) {
2657  			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2658  			return (-1);
2659  		}
2660  
2661  		p += n;
2662  		resid -= n;
2663  	}
2664  
2665  	dotv[suffc] = p;
2666  
2667  	for (i = suffc; i >= 0; i--) {
2668  		dotv[i][0] = '\0';
2669  		mp = mod_hold_installed_mod(path, 1, 1, &rc);
2670  
2671  		if (mp != NULL) {
2672  			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2673  			id = mp->mod_id;
2674  			mod_release_mod(mp);
2675  			if (chosen != NULL)
2676  				*chosen = i;
2677  			return (id);
2678  		}
2679  	}
2680  
2681  	kmem_free(dotv, sizeof (char *) * (suffc + 1));
2682  	return (-1);
2683  }
2684  
2685  /*
2686   * Load a module.
2687   */
2688  int
2689  modloadonly(const char *subdir, const char *filename)
2690  {
2691  	struct modctl *modp;
2692  	char *fullname;
2693  	size_t size;
2694  	int id, retval;
2695  
2696  	if (subdir != NULL) {
2697  		/*
2698  		 * allocate enough space for <subdir>/<filename><NULL>
2699  		 */
2700  		size = strlen(subdir) + strlen(filename) + 2;
2701  		fullname = kmem_zalloc(size, KM_SLEEP);
2702  		(void) sprintf(fullname, "%s/%s", subdir, filename);
2703  	} else {
2704  		fullname = (char *)filename;
2705  	}
2706  
2707  	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2708  	if (modp) {
2709  		id = modp->mod_id;
2710  		mod_release_mod(modp);
2711  	}
2712  
2713  	if (subdir != NULL)
2714  		kmem_free(fullname, size);
2715  
2716  	if (retval == 0)
2717  		return (id);
2718  	return (-1);
2719  }
2720  
2721  /*
2722   * Try to uninstall and unload a module, removing a reference if caller
2723   * specifies rmodp.
2724   */
2725  static int
2726  modunrload(modid_t id, struct modctl **rmodp, int unload)
2727  {
2728  	struct modctl	*modp;
2729  	int		retval;
2730  
2731  	if (rmodp)
2732  		*rmodp = NULL;			/* avoid garbage */
2733  
2734  	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2735  		return (EINVAL);
2736  
2737  	if (rmodp) {
2738  		mutex_enter(&mod_lock);
2739  		modp->mod_ref--;
2740  		mutex_exit(&mod_lock);
2741  		*rmodp = modp;
2742  	}
2743  
2744  	if (unload) {
2745  		retval = moduninstall(modp);
2746  		if (retval == 0) {
2747  			mod_unload(modp);
2748  			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2749  		} else if (retval == EALREADY)
2750  			retval = 0;	/* already unloaded, not an error */
2751  	} else
2752  		retval = 0;
2753  
2754  	mod_release_mod(modp);
2755  	return (retval);
2756  }
2757  
2758  /*
2759   * Uninstall and unload a module.
2760   */
2761  int
2762  modunload(modid_t id)
2763  {
2764  	int		retval;
2765  
2766  	/* synchronize with any active modunload_disable() */
2767  	modunload_begin();
2768  	if (ddi_root_node())
2769  		(void) devfs_clean(ddi_root_node(), NULL, 0);
2770  	retval = modunrload(id, NULL, 1);
2771  	modunload_end();
2772  	return (retval);
2773  }
2774  
2775  /*
2776   * Return status of a loaded module.
2777   */
2778  static int
2779  modinfo(modid_t id, struct modinfo *modinfop)
2780  {
2781  	struct modctl	*modp;
2782  	modid_t		mid;
2783  	int		i;
2784  
2785  	mid = modinfop->mi_id;
2786  	if (modinfop->mi_info & MI_INFO_ALL) {
2787  		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2788  			if ((modinfop->mi_info & MI_INFO_CNT) ||
2789  			    modp->mod_installed)
2790  				break;
2791  			mod_release_mod(modp);
2792  		}
2793  		if (modp == NULL)
2794  			return (EINVAL);
2795  	} else {
2796  		modp = mod_hold_by_id(id);
2797  		if (modp == NULL)
2798  			return (EINVAL);
2799  		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2800  		    (modp->mod_installed == 0)) {
2801  			mod_release_mod(modp);
2802  			return (EINVAL);
2803  		}
2804  	}
2805  
2806  	modinfop->mi_rev = 0;
2807  	modinfop->mi_state = 0;
2808  	for (i = 0; i < MODMAXLINK; i++) {
2809  		modinfop->mi_msinfo[i].msi_p0 = -1;
2810  		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2811  	}
2812  	if (modp->mod_loaded) {
2813  		modinfop->mi_state = MI_LOADED;
2814  		kobj_getmodinfo(modp->mod_mp, modinfop);
2815  	}
2816  	if (modp->mod_installed) {
2817  		modinfop->mi_state |= MI_INSTALLED;
2818  
2819  		(void) mod_getinfo(modp, modinfop);
2820  	}
2821  
2822  	modinfop->mi_id = modp->mod_id;
2823  	modinfop->mi_loadcnt = modp->mod_loadcnt;
2824  	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2825  
2826  	mod_release_mod(modp);
2827  	return (0);
2828  }
2829  
2830  static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2831  static char no_err[] = "No error function for weak stub %s";
2832  
2833  /*
2834   * used by the stubs themselves to load and hold a module.
2835   * Returns  0 if the module is successfully held;
2836   *	    the stub needs to call mod_release_stub().
2837   *	    -1 if the stub should just call the err_fcn.
2838   * Note that this code is stretched out so that we avoid subroutine calls
2839   * and optimize for the most likely case.  That is, the case where the
2840   * module is loaded and installed and not held.  In that case we just inc
2841   * the mod_ref count and continue.
2842   */
2843  int
2844  mod_hold_stub(struct mod_stub_info *stub)
2845  {
2846  	struct modctl *mp;
2847  	struct mod_modinfo *mip;
2848  
2849  	mip = stub->mods_modinfo;
2850  
2851  	mutex_enter(&mod_lock);
2852  
2853  	/* we do mod_hold_by_modctl inline for speed */
2854  
2855  mod_check_again:
2856  	if ((mp = mip->mp) != NULL) {
2857  		if (mp->mod_busy == 0) {
2858  			if (mp->mod_installed) {
2859  				/* increment the reference count */
2860  				mp->mod_ref++;
2861  				ASSERT(mp->mod_ref && mp->mod_installed);
2862  				mutex_exit(&mod_lock);
2863  				return (0);
2864  			} else {
2865  				mp->mod_busy = 1;
2866  				mp->mod_inprogress_thread =
2867  				    (curthread == NULL ?
2868  				    (kthread_id_t)-1 : curthread);
2869  			}
2870  		} else {
2871  			/*
2872  			 * wait one time and then go see if someone
2873  			 * else has resolved the stub (set mip->mp).
2874  			 */
2875  			if (mod_hold_by_modctl(mp,
2876  			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2877  				goto mod_check_again;
2878  
2879  			/*
2880  			 * what we have now may have been unloaded!, in
2881  			 * that case, mip->mp will be NULL, we'll hit this
2882  			 * module and load again..
2883  			 */
2884  			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2885  		}
2886  		mutex_exit(&mod_lock);
2887  	} else {
2888  		/* first time we've hit this module */
2889  		mutex_exit(&mod_lock);
2890  		mp = mod_hold_by_name(mip->modm_module_name);
2891  		mip->mp = mp;
2892  	}
2893  
2894  	/*
2895  	 * If we are here, it means that the following conditions
2896  	 * are satisfied.
2897  	 *
2898  	 * mip->mp != NULL
2899  	 * this thread has set the mp->mod_busy = 1
2900  	 * mp->mod_installed = 0
2901  	 *
2902  	 */
2903  	ASSERT(mp != NULL);
2904  	ASSERT(mp->mod_busy == 1);
2905  
2906  	if (mp->mod_installed == 0) {
2907  		/* Module not loaded, if weak stub don't load it */
2908  		if (stub->mods_flag & MODS_WEAK) {
2909  			if (stub->mods_errfcn == NULL) {
2910  				mod_release_mod(mp);
2911  				cmn_err(CE_PANIC, no_err,
2912  				    mip->modm_module_name);
2913  			}
2914  		} else {
2915  			/* Not a weak stub so load the module */
2916  
2917  			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
2918  				/*
2919  				 * If mod_load() was successful
2920  				 * and modinstall() failed, then
2921  				 * unload the module.
2922  				 */
2923  				if (mp->mod_loaded)
2924  					mod_unload(mp);
2925  
2926  				mod_release_mod(mp);
2927  				if (stub->mods_errfcn == NULL) {
2928  					cmn_err(CE_PANIC, mod_stub_err,
2929  					    mip->modm_module_name);
2930  				} else {
2931  					return (-1);
2932  				}
2933  			}
2934  		}
2935  	}
2936  
2937  	/*
2938  	 * At this point module is held and loaded. Release
2939  	 * the mod_busy and mod_inprogress_thread before
2940  	 * returning. We actually call mod_release() here so
2941  	 * that if another stub wants to access this module,
2942  	 * it can do so. mod_ref is incremented before mod_release()
2943  	 * is called to prevent someone else from snatching the
2944  	 * module from this thread.
2945  	 */
2946  	mutex_enter(&mod_lock);
2947  	mp->mod_ref++;
2948  	ASSERT(mp->mod_ref &&
2949  	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2950  	mod_release(mp);
2951  	mutex_exit(&mod_lock);
2952  	return (0);
2953  }
2954  
2955  void
2956  mod_release_stub(struct mod_stub_info *stub)
2957  {
2958  	struct modctl *mp = stub->mods_modinfo->mp;
2959  
2960  	/* inline mod_release_mod */
2961  	mutex_enter(&mod_lock);
2962  	ASSERT(mp->mod_ref &&
2963  	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2964  	mp->mod_ref--;
2965  	if (mp->mod_want) {
2966  		mp->mod_want = 0;
2967  		cv_broadcast(&mod_cv);
2968  	}
2969  	mutex_exit(&mod_lock);
2970  }
2971  
2972  static struct modctl *
2973  mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
2974  {
2975  	struct modctl *modp;
2976  	int retval;
2977  
2978  	/*
2979  	 * Hold the module.
2980  	 */
2981  	modp = mod_hold_by_name_requisite(dep, filename);
2982  	if (modp) {
2983  		retval = mod_load(modp, 1);
2984  		if (retval != 0) {
2985  			mod_release_mod(modp);
2986  			modp = NULL;
2987  		}
2988  		*status = retval;
2989  	} else {
2990  		*status = ENOSPC;
2991  	}
2992  
2993  	/*
2994  	 * if dep is not NULL, clear the module dependency information.
2995  	 * This information is set in mod_hold_by_name_common().
2996  	 */
2997  	if (dep != NULL && dep->mod_requisite_loading != NULL) {
2998  		ASSERT(dep->mod_busy);
2999  		dep->mod_requisite_loading = NULL;
3000  	}
3001  
3002  	return (modp);
3003  }
3004  
3005  /*
3006   * hold, load, and install the named module
3007   */
3008  static struct modctl *
3009  mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3010  {
3011  	struct modctl *modp;
3012  	int retval;
3013  
3014  	/*
3015  	 * Verify that that module in question actually exists on disk
3016  	 * before allocation of module structure by mod_hold_by_name.
3017  	 */
3018  	if (modrootloaded && swaploaded || forcecheck) {
3019  		if (!kobj_path_exists(name, usepath)) {
3020  			*r = ENOENT;
3021  			return (NULL);
3022  		}
3023  	}
3024  
3025  	/*
3026  	 * Hold the module.
3027  	 */
3028  	modp = mod_hold_by_name(name);
3029  	if (modp) {
3030  		retval = mod_load(modp, usepath);
3031  		if (retval != 0) {
3032  			mod_release_mod(modp);
3033  			modp = NULL;
3034  			*r = retval;
3035  		} else {
3036  			if ((*r = modinstall(modp)) != 0) {
3037  				/*
3038  				 * We loaded it, but failed to _init() it.
3039  				 * Be kind to developers -- force it
3040  				 * out of memory now so that the next
3041  				 * attempt to use the module will cause
3042  				 * a reload.  See 1093793.
3043  				 */
3044  				mod_unload(modp);
3045  				mod_release_mod(modp);
3046  				modp = NULL;
3047  			}
3048  		}
3049  	} else {
3050  		*r = ENOSPC;
3051  	}
3052  	return (modp);
3053  }
3054  
3055  static char mod_excl_msg[] =
3056  	"module %s(%s) is EXCLUDED and will not be loaded\n";
3057  static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3058  
3059  /*
3060   * This routine is needed for dependencies.  Users specify dependencies
3061   * by declaring a character array initialized to filenames of dependents.
3062   * So the code that handles dependents deals with filenames (and not
3063   * module names) because that's all it has.  We load by filename and once
3064   * we've loaded a file we can get the module name.
3065   * Unfortunately there isn't a single unified filename/modulename namespace.
3066   * C'est la vie.
3067   *
3068   * We allow the name being looked up to be prepended by an optional
3069   * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3070   */
3071  struct modctl *
3072  mod_find_by_filename(char *subdir, char *filename)
3073  {
3074  	struct modctl	*mp;
3075  	size_t		sublen;
3076  
3077  	ASSERT(!MUTEX_HELD(&mod_lock));
3078  	if (subdir != NULL)
3079  		sublen = strlen(subdir);
3080  	else
3081  		sublen = 0;
3082  
3083  	mutex_enter(&mod_lock);
3084  	mp = &modules;
3085  	do {
3086  		if (sublen) {
3087  			char *mod_filename = mp->mod_filename;
3088  
3089  			if (strncmp(subdir, mod_filename, sublen) == 0 &&
3090  			    mod_filename[sublen] == '/' &&
3091  			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3092  				mutex_exit(&mod_lock);
3093  				return (mp);
3094  			}
3095  		} else if (strcmp(filename, mp->mod_filename) == 0) {
3096  			mutex_exit(&mod_lock);
3097  			return (mp);
3098  		}
3099  	} while ((mp = mp->mod_next) != &modules);
3100  	mutex_exit(&mod_lock);
3101  	return (NULL);
3102  }
3103  
3104  /*
3105   * Check for circular dependencies.  This is called from do_dependents()
3106   * in kobj.c.  If we are the thread already loading this module, then
3107   * we're trying to load a dependent that we're already loading which
3108   * means the user specified circular dependencies.
3109   */
3110  static int
3111  mod_circdep(struct modctl *modp)
3112  {
3113  	struct modctl	*rmod;
3114  
3115  	ASSERT(MUTEX_HELD(&mod_lock));
3116  
3117  	/*
3118  	 * Check the mod_inprogress_thread first.
3119  	 * mod_inprogress_thread is used in mod_hold_stub()
3120  	 * directly to improve performance.
3121  	 */
3122  	if (modp->mod_inprogress_thread == curthread)
3123  		return (1);
3124  
3125  	/*
3126  	 * Check the module circular dependencies.
3127  	 */
3128  	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3129  		/*
3130  		 * Check if there is a module circular dependency.
3131  		 */
3132  		if (rmod->mod_requisite_loading == modp)
3133  			return (1);
3134  	}
3135  	return (0);
3136  }
3137  
3138  static int
3139  mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3140  {
3141  	int (*func)(struct modinfo *);
3142  	int retval;
3143  
3144  	ASSERT(modp->mod_busy);
3145  
3146  	/* primary modules don't do getinfo */
3147  	if (modp->mod_prim)
3148  		return (0);
3149  
3150  	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3151  
3152  	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3153  		cmn_err(CE_WARN, "_info() not defined properly in %s",
3154  		    modp->mod_filename);
3155  		/*
3156  		 * The semantics of mod_info(9F) are that 0 is failure
3157  		 * and non-zero is success.
3158  		 */
3159  		retval = 0;
3160  	} else
3161  		retval = (*func)(modinfop);	/* call _info() function */
3162  
3163  	if (moddebug & MODDEBUG_USERDEBUG)
3164  		printf("Returned from _info, retval = %x\n", retval);
3165  
3166  	return (retval);
3167  }
3168  
3169  static void
3170  modadd(struct modctl *mp)
3171  {
3172  	ASSERT(MUTEX_HELD(&mod_lock));
3173  
3174  	mp->mod_id = last_module_id++;
3175  	mp->mod_next = &modules;
3176  	mp->mod_prev = modules.mod_prev;
3177  	modules.mod_prev->mod_next = mp;
3178  	modules.mod_prev = mp;
3179  }
3180  
3181  /*ARGSUSED*/
3182  static struct modctl *
3183  allocate_modp(const char *filename, const char *modname)
3184  {
3185  	struct modctl *mp;
3186  
3187  	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3188  	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3189  	(void) strcpy(mp->mod_modname, modname);
3190  	return (mp);
3191  }
3192  
3193  /*
3194   * Get the value of a symbol.  This is a wrapper routine that
3195   * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3196   * wrapper will prevent callers from noticing.
3197   */
3198  uintptr_t
3199  modgetsymvalue(char *name, int kernelonly)
3200  {
3201  	return (kobj_getsymvalue(name, kernelonly));
3202  }
3203  
3204  /*
3205   * Get the symbol nearest an address.  This is a wrapper routine that
3206   * calls kobj_getsymname().  kobj_getsymname() may go away but this
3207   * wrapper will prevent callers from noticing.
3208   */
3209  char *
3210  modgetsymname(uintptr_t value, ulong_t *offset)
3211  {
3212  	return (kobj_getsymname(value, offset));
3213  }
3214  
3215  /*
3216   * Lookup a symbol in a specified module.  These are wrapper routines that
3217   * call kobj_lookup().  kobj_lookup() may go away but these wrappers will
3218   * prevent callers from noticing.
3219   */
3220  uintptr_t
3221  modlookup(const char *modname, const char *symname)
3222  {
3223  	struct modctl *modp;
3224  	uintptr_t val;
3225  
3226  	if ((modp = mod_hold_by_name(modname)) == NULL)
3227  		return (0);
3228  	val = kobj_lookup(modp->mod_mp, symname);
3229  	mod_release_mod(modp);
3230  	return (val);
3231  }
3232  
3233  uintptr_t
3234  modlookup_by_modctl(modctl_t *modp, const char *symname)
3235  {
3236  	ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3237  
3238  	return (kobj_lookup(modp->mod_mp, symname));
3239  }
3240  
3241  /*
3242   * Ask the user for the name of the system file and the default path
3243   * for modules.
3244   */
3245  void
3246  mod_askparams()
3247  {
3248  	static char s0[64];
3249  	intptr_t fd;
3250  
3251  	if ((fd = kobj_open(systemfile)) != -1L)
3252  		kobj_close(fd);
3253  	else
3254  		systemfile = NULL;
3255  
3256  	/*CONSTANTCONDITION*/
3257  	while (1) {
3258  		printf("Name of system file [%s]:  ",
3259  		    systemfile ? systemfile : "/dev/null");
3260  
3261  		console_gets(s0, sizeof (s0));
3262  
3263  		if (s0[0] == '\0')
3264  			break;
3265  		else if (strcmp(s0, "/dev/null") == 0) {
3266  			systemfile = NULL;
3267  			break;
3268  		} else {
3269  			if ((fd = kobj_open(s0)) != -1L) {
3270  				kobj_close(fd);
3271  				systemfile = s0;
3272  				break;
3273  			}
3274  		}
3275  		printf("can't find file %s\n", s0);
3276  	}
3277  }
3278  
3279  static char loading_msg[] = "loading '%s' id %d\n";
3280  static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3281  
3282  /*
3283   * Common code for loading a module (but not installing it).
3284   * Handoff the task of module loading to a separate thread
3285   * with a large stack if possible, since this code may recurse a few times.
3286   * Return zero if there are no errors or an errno value.
3287   */
3288  static int
3289  mod_load(struct modctl *mp, int usepath)
3290  {
3291  	int		retval;
3292  	struct modinfo	*modinfop = NULL;
3293  	struct loadmt	lt;
3294  
3295  	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3296  	ASSERT(mp->mod_busy);
3297  
3298  	if (mp->mod_loaded)
3299  		return (0);
3300  
3301  	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3302  	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3303  		if (moddebug & MODDEBUG_LOADMSG) {
3304  			printf(mod_excl_msg, mp->mod_filename,
3305  			    mp->mod_modname);
3306  		}
3307  		return (ENXIO);
3308  	}
3309  	if (moddebug & MODDEBUG_LOADMSG2)
3310  		printf(loading_msg, mp->mod_filename, mp->mod_id);
3311  
3312  	if (curthread != &t0) {
3313  		lt.mp = mp;
3314  		lt.usepath = usepath;
3315  		lt.owner = curthread;
3316  		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3317  
3318  		/* create thread to hand of call to */
3319  		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
3320  		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3321  
3322  		/* wait for thread to complete kobj_load_module */
3323  		sema_p(&lt.sema);
3324  
3325  		sema_destroy(&lt.sema);
3326  		retval = lt.retval;
3327  	} else
3328  		retval = kobj_load_module(mp, usepath);
3329  
3330  	if (mp->mod_mp) {
3331  		ASSERT(retval == 0);
3332  		mp->mod_loaded = 1;
3333  		mp->mod_loadcnt++;
3334  		if (moddebug & MODDEBUG_LOADMSG) {
3335  			printf(load_msg, mp->mod_filename, mp->mod_id,
3336  			    (void *)((struct module *)mp->mod_mp)->text,
3337  			    (void *)((struct module *)mp->mod_mp)->data,
3338  			    ((struct module *)mp->mod_mp)->text_size,
3339  			    ((struct module *)mp->mod_mp)->data_size);
3340  		}
3341  
3342  		/*
3343  		 * XXX - There should be a better way to get this.
3344  		 */
3345  		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3346  		modinfop->mi_info = MI_INFO_LINKAGE;
3347  		if (mod_getinfo(mp, modinfop) == 0)
3348  			mp->mod_linkage = NULL;
3349  		else {
3350  			mp->mod_linkage = (void *)modinfop->mi_base;
3351  			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3352  		}
3353  
3354  		/*
3355  		 * DCS: bootstrapping code. If the driver is loaded
3356  		 * before root mount, it is assumed that the driver
3357  		 * may be used before mounting root. In order to
3358  		 * access mappings of global to local minor no.'s
3359  		 * during installation/open of the driver, we load
3360  		 * them into memory here while the BOP_interfaces
3361  		 * are still up.
3362  		 */
3363  		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3364  			retval = clboot_modload(mp);
3365  		}
3366  
3367  		kmem_free(modinfop, sizeof (struct modinfo));
3368  		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3369  		retval = install_stubs_by_name(mp, mp->mod_modname);
3370  
3371  		/*
3372  		 * Now that the module is loaded, we need to give DTrace
3373  		 * a chance to notify its providers.  This is done via
3374  		 * the dtrace_modload function pointer.
3375  		 */
3376  		if (strcmp(mp->mod_modname, "dtrace") != 0) {
3377  			struct modctl *dmp = mod_hold_by_name("dtrace");
3378  
3379  			if (dmp != NULL && dtrace_modload != NULL)
3380  				(*dtrace_modload)(mp);
3381  
3382  			mod_release_mod(dmp);
3383  		}
3384  
3385  	} else {
3386  		/*
3387  		 * If load failed then we need to release any requisites
3388  		 * that we had established.
3389  		 */
3390  		ASSERT(retval);
3391  		mod_release_requisites(mp);
3392  
3393  		if (moddebug & MODDEBUG_ERRMSG)
3394  			printf("error loading '%s', error %d\n",
3395  			    mp->mod_filename, retval);
3396  	}
3397  	return (retval);
3398  }
3399  
3400  static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3401  
3402  static void
3403  mod_unload(struct modctl *mp)
3404  {
3405  	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3406  	ASSERT(mp->mod_busy);
3407  	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3408  	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3409  
3410  	if (moddebug & MODDEBUG_LOADMSG)
3411  		printf(unload_msg, mp->mod_modname,
3412  		    mp->mod_id, mp->mod_loadcnt);
3413  
3414  	/*
3415  	 * If mod_ref is not zero, it means some modules might still refer
3416  	 * to this module. Then you can't unload this module right now.
3417  	 * Instead, set 1 to mod_delay_unload to notify the system of
3418  	 * unloading this module later when it's not required any more.
3419  	 */
3420  	if (mp->mod_ref > 0) {
3421  		mp->mod_delay_unload = 1;
3422  		if (moddebug & MODDEBUG_LOADMSG2) {
3423  			printf("module %s not unloaded,"
3424  			    " non-zero reference count (%d)",
3425  			    mp->mod_modname, mp->mod_ref);
3426  		}
3427  		return;
3428  	}
3429  
3430  	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3431  	    (mp->mod_ref || mp->mod_prim)) {
3432  		/*
3433  		 * A DEBUG kernel would ASSERT panic above, the code is broken
3434  		 * if we get this warning.
3435  		 */
3436  		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3437  		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3438  		    mp->mod_ref);
3439  		return;
3440  	}
3441  
3442  	/* reset stub functions to call the binder again */
3443  	reset_stubs(mp);
3444  
3445  	/*
3446  	 * mark module as unloaded before the modctl structure is freed.
3447  	 * This is required not to reuse the modctl structure before
3448  	 * the module is marked as unloaded.
3449  	 */
3450  	mp->mod_loaded = 0;
3451  	mp->mod_linkage = NULL;
3452  
3453  	/* free the memory */
3454  	kobj_unload_module(mp);
3455  
3456  	if (mp->mod_delay_unload) {
3457  		mp->mod_delay_unload = 0;
3458  		if (moddebug & MODDEBUG_LOADMSG2) {
3459  			printf("deferred unload of module %s"
3460  			    " (id %d) successful",
3461  			    mp->mod_modname, mp->mod_id);
3462  		}
3463  	}
3464  
3465  	/* release hold on requisites */
3466  	mod_release_requisites(mp);
3467  
3468  	/*
3469  	 * Now that the module is gone, we need to give DTrace a chance to
3470  	 * remove any probes that it may have had in the module.  This is
3471  	 * done via the dtrace_modunload function pointer.
3472  	 */
3473  	if (strcmp(mp->mod_modname, "dtrace") != 0) {
3474  		struct modctl *dmp = mod_hold_by_name("dtrace");
3475  
3476  		if (dmp != NULL && dtrace_modunload != NULL)
3477  			(*dtrace_modunload)(mp);
3478  
3479  		mod_release_mod(dmp);
3480  	}
3481  }
3482  
3483  static int
3484  modinstall(struct modctl *mp)
3485  {
3486  	int val;
3487  	int (*func)(void);
3488  
3489  	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3490  	ASSERT(mp->mod_busy && mp->mod_loaded);
3491  
3492  	if (mp->mod_installed)
3493  		return (0);
3494  	/*
3495  	 * If mod_delay_unload is on, it means the system chose the deferred
3496  	 * unload for this module. Then you can't install this module until
3497  	 * it's unloaded from the system.
3498  	 */
3499  	if (mp->mod_delay_unload)
3500  		return (ENXIO);
3501  
3502  	if (moddebug & MODDEBUG_LOADMSG)
3503  		printf("installing %s, module id %d.\n",
3504  		    mp->mod_modname, mp->mod_id);
3505  
3506  	ASSERT(mp->mod_mp != NULL);
3507  	if (mod_install_requisites(mp) != 0) {
3508  		/*
3509  		 * Note that we can't call mod_unload(mp) here since
3510  		 * if modinstall() was called by mod_install_requisites(),
3511  		 * we won't be able to hold the dependent modules
3512  		 * (otherwise there would be a deadlock).
3513  		 */
3514  		return (ENXIO);
3515  	}
3516  
3517  	if (moddebug & MODDEBUG_ERRMSG) {
3518  		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3519  		    mp->mod_filename, mp->mod_id,
3520  		    (void *)((struct module *)mp->mod_mp)->text,
3521  		    (void *)((struct module *)mp->mod_mp)->data,
3522  		    ((struct module *)mp->mod_mp)->text_size,
3523  		    ((struct module *)mp->mod_mp)->data_size);
3524  	}
3525  
3526  	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3527  
3528  	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3529  		cmn_err(CE_WARN, "_init() not defined properly in %s",
3530  		    mp->mod_filename);
3531  		return (EFAULT);
3532  	}
3533  
3534  	if (moddebug & MODDEBUG_USERDEBUG) {
3535  		printf("breakpoint before calling %s:_init()\n",
3536  		    mp->mod_modname);
3537  		if (DEBUGGER_PRESENT)
3538  			debug_enter("_init");
3539  	}
3540  
3541  	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3542  	ASSERT(mp->mod_busy && mp->mod_loaded);
3543  	val = (*func)();		/* call _init */
3544  
3545  	if (moddebug & MODDEBUG_USERDEBUG)
3546  		printf("Returned from _init, val = %x\n", val);
3547  
3548  	if (val == 0) {
3549  		/*
3550  		 * Set the MODS_INSTALLED flag to enable this module
3551  		 * being called now.
3552  		 */
3553  		install_stubs(mp);
3554  		mp->mod_installed = 1;
3555  	} else if (moddebug & MODDEBUG_ERRMSG)
3556  		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3557  
3558  	return (val);
3559  }
3560  
3561  int	detach_driver_unconfig = 0;
3562  
3563  static int
3564  detach_driver(char *name)
3565  {
3566  	major_t major;
3567  	int error;
3568  
3569  	/*
3570  	 * If being called from mod_uninstall_all() then the appropriate
3571  	 * driver detaches (leaf only) have already been done.
3572  	 */
3573  	if (mod_in_autounload())
3574  		return (0);
3575  
3576  	major = ddi_name_to_major(name);
3577  	if (major == DDI_MAJOR_T_NONE)
3578  		return (0);
3579  
3580  	error = ndi_devi_unconfig_driver(ddi_root_node(),
3581  	    NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3582  	return (error == NDI_SUCCESS ? 0 : -1);
3583  }
3584  
3585  static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3586  
3587  static int
3588  moduninstall(struct modctl *mp)
3589  {
3590  	int status = 0;
3591  	int (*func)(void);
3592  
3593  	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3594  	ASSERT(mp->mod_busy);
3595  
3596  	/*
3597  	 * Verify that we need to do something and can uninstall the module.
3598  	 *
3599  	 * If we should not uninstall the module or if the module is not in
3600  	 * the correct state to start an uninstall we return EBUSY to prevent
3601  	 * us from progressing to mod_unload.  If the module has already been
3602  	 * uninstalled and unloaded we return EALREADY.
3603  	 */
3604  	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3605  		return (EBUSY);
3606  	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3607  		return (EALREADY);
3608  
3609  	/*
3610  	 * To avoid devinfo / module deadlock we must release this module
3611  	 * prior to initiating the detach_driver, otherwise the detach_driver
3612  	 * might deadlock on a devinfo node held by another thread
3613  	 * coming top down and involving the module we have locked.
3614  	 *
3615  	 * When we regrab the module we must reverify that it is OK
3616  	 * to proceed with the uninstall operation.
3617  	 */
3618  	mod_release_mod(mp);
3619  	status = detach_driver(mp->mod_modname);
3620  	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3621  
3622  	/* check detach status and reverify state with lock */
3623  	mutex_enter(&mod_lock);
3624  	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3625  		mutex_exit(&mod_lock);
3626  		return (EBUSY);
3627  	}
3628  	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3629  		mutex_exit(&mod_lock);
3630  		return (EALREADY);
3631  	}
3632  	mutex_exit(&mod_lock);
3633  
3634  	if (moddebug & MODDEBUG_LOADMSG2)
3635  		printf("uninstalling %s\n", mp->mod_modname);
3636  
3637  	/*
3638  	 * lookup _fini, return EBUSY if not defined.
3639  	 *
3640  	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3641  	 * detach(9E) - it allows bufctl addresses to be resolved.
3642  	 */
3643  	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3644  	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3645  	    (moddebug & MODDEBUG_FINI_EBUSY))
3646  		return (EBUSY);
3647  
3648  	/* verify that _fini is in this module */
3649  	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3650  		cmn_err(CE_WARN, "_fini() not defined properly in %s",
3651  		    mp->mod_filename);
3652  		return (EFAULT);
3653  	}
3654  
3655  	/* call _fini() */
3656  	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3657  	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3658  
3659  	status = (*func)();
3660  
3661  	if (status == 0) {
3662  		/* _fini returned success, the module is no longer installed */
3663  		if (moddebug & MODDEBUG_LOADMSG)
3664  			printf("uninstalled %s\n", mp->mod_modname);
3665  
3666  		/*
3667  		 * Even though we only set mod_installed to zero here, a zero
3668  		 * return value means we are committed to a code path were
3669  		 * mod_loaded will also end up as zero - we have no other
3670  		 * way to get the module data and bss back to the pre _init
3671  		 * state except a reload. To ensure this, after return,
3672  		 * mod_busy must stay set until mod_loaded is cleared.
3673  		 */
3674  		mp->mod_installed = 0;
3675  
3676  		/*
3677  		 * Clear the MODS_INSTALLED flag not to call functions
3678  		 * in the module directly from now on.
3679  		 */
3680  		uninstall_stubs(mp);
3681  	} else {
3682  		if (moddebug & MODDEBUG_USERDEBUG)
3683  			printf(finiret_msg, mp->mod_filename, status);
3684  		/*
3685  		 * By definition _fini is only allowed to return EBUSY or the
3686  		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
3687  		 * that a driver returns EALREADY we convert this to EINVAL
3688  		 * since to our caller EALREADY means module was already
3689  		 * removed.
3690  		 */
3691  		if (status == EALREADY)
3692  			status = EINVAL;
3693  	}
3694  
3695  	return (status);
3696  }
3697  
3698  /*
3699   * Uninstall all modules.
3700   */
3701  static void
3702  mod_uninstall_all(void)
3703  {
3704  	struct modctl	*mp;
3705  	modid_t		modid = 0;
3706  
3707  	/* synchronize with any active modunload_disable() */
3708  	modunload_begin();
3709  
3710  	/* mark this thread as doing autounloading */
3711  	(void) tsd_set(mod_autounload_key, (void *)1);
3712  
3713  	(void) devfs_clean(ddi_root_node(), NULL, 0);
3714  	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3715  
3716  	while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3717  		modid = mp->mod_id;
3718  		/*
3719  		 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3720  		 */
3721  		if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3722  			mod_release_mod(mp);
3723  			continue;
3724  		}
3725  
3726  		if (moduninstall(mp) == 0) {
3727  			mod_unload(mp);
3728  			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3729  		}
3730  		mod_release_mod(mp);
3731  	}
3732  
3733  	(void) tsd_set(mod_autounload_key, NULL);
3734  	modunload_end();
3735  }
3736  
3737  /* wait for unloads that have begun before registering disable */
3738  void
3739  modunload_disable(void)
3740  {
3741  	mutex_enter(&modunload_wait_mutex);
3742  	while (modunload_active_count) {
3743  		modunload_wait++;
3744  		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3745  		modunload_wait--;
3746  	}
3747  	modunload_disable_count++;
3748  	mutex_exit(&modunload_wait_mutex);
3749  }
3750  
3751  /* mark end of disable and signal waiters */
3752  void
3753  modunload_enable(void)
3754  {
3755  	mutex_enter(&modunload_wait_mutex);
3756  	modunload_disable_count--;
3757  	if ((modunload_disable_count == 0) && modunload_wait)
3758  		cv_broadcast(&modunload_wait_cv);
3759  	mutex_exit(&modunload_wait_mutex);
3760  }
3761  
3762  /* wait for disables to complete before begining unload */
3763  void
3764  modunload_begin()
3765  {
3766  	mutex_enter(&modunload_wait_mutex);
3767  	while (modunload_disable_count) {
3768  		modunload_wait++;
3769  		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3770  		modunload_wait--;
3771  	}
3772  	modunload_active_count++;
3773  	mutex_exit(&modunload_wait_mutex);
3774  }
3775  
3776  /* mark end of unload and signal waiters */
3777  void
3778  modunload_end()
3779  {
3780  	mutex_enter(&modunload_wait_mutex);
3781  	modunload_active_count--;
3782  	if ((modunload_active_count == 0) && modunload_wait)
3783  		cv_broadcast(&modunload_wait_cv);
3784  	mutex_exit(&modunload_wait_mutex);
3785  }
3786  
3787  void
3788  mod_uninstall_daemon(void)
3789  {
3790  	callb_cpr_t	cprinfo;
3791  	clock_t		ticks = 0;
3792  
3793  	mod_aul_thread = curthread;
3794  
3795  	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3796  	for (;;) {
3797  		mutex_enter(&mod_uninstall_lock);
3798  		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3799  		/*
3800  		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3801  		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3802  		 * be disabled by setting mod_uninstall_interval to 0 which is
3803  		 * the default for a non-DEBUG kernel.
3804  		 */
3805  		if (mod_uninstall_interval) {
3806  			ticks = ddi_get_lbolt() +
3807  			    drv_usectohz(mod_uninstall_interval * 1000000);
3808  			(void) cv_timedwait(&mod_uninstall_cv,
3809  			    &mod_uninstall_lock, ticks);
3810  		} else {
3811  			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3812  		}
3813  		/*
3814  		 * The whole daemon is safe for CPR except we don't want
3815  		 * the daemon to run if FREEZE is issued and this daemon
3816  		 * wakes up from the cv_wait above. In this case, it'll be
3817  		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3818  		 *
3819  		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3820  		 * mod_uninstall_lock is used to protect cprinfo and
3821  		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3822  		 * called.
3823  		 */
3824  		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3825  		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3826  		mutex_exit(&mod_uninstall_lock);
3827  		if ((modunload_disable_count == 0) &&
3828  		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3829  			mod_uninstall_all();
3830  		}
3831  	}
3832  }
3833  
3834  /*
3835   * Unload all uninstalled modules.
3836   */
3837  void
3838  modreap(void)
3839  {
3840  	mutex_enter(&mod_uninstall_lock);
3841  	cv_broadcast(&mod_uninstall_cv);
3842  	mutex_exit(&mod_uninstall_lock);
3843  }
3844  
3845  /*
3846   * Hold the specified module. This is the module holding primitive.
3847   *
3848   * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3849   *
3850   * Return values:
3851   *	 0 ==> the module is held
3852   *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3853   *		to determine how to retry.
3854   */
3855  int
3856  mod_hold_by_modctl(struct modctl *mp, int f)
3857  {
3858  	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3859  	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3860  	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3861  	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3862  	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3863  	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3864  	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3865  
3866  	if (f & MOD_LOCK_NOT_HELD)
3867  		mutex_enter(&mod_lock);
3868  
3869  	while (mp->mod_busy) {
3870  		mp->mod_want = 1;
3871  		cv_wait(&mod_cv, &mod_lock);
3872  		/*
3873  		 * Module may be unloaded by daemon.
3874  		 * Nevertheless, modctl structure is still in linked list
3875  		 * (i.e., off &modules), not freed!
3876  		 * Caller is not supposed to assume "mp" is valid, but there
3877  		 * is no reasonable way to detect this but using
3878  		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3879  		 *   (or similar check depending on calling context)
3880  		 * DON'T free modctl structure, it will be very very
3881  		 * problematic.
3882  		 */
3883  		if (f & MOD_WAIT_ONCE) {
3884  			if (f & MOD_LOCK_NOT_HELD)
3885  				mutex_exit(&mod_lock);
3886  			return (1);	/* caller decides how to retry */
3887  		}
3888  	}
3889  
3890  	mp->mod_busy = 1;
3891  	mp->mod_inprogress_thread =
3892  	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
3893  
3894  	if (f & MOD_LOCK_NOT_HELD)
3895  		mutex_exit(&mod_lock);
3896  	return (0);
3897  }
3898  
3899  static struct modctl *
3900  mod_hold_by_name_common(struct modctl *dep, const char *filename)
3901  {
3902  	const char	*modname;
3903  	struct modctl	*mp;
3904  	char		*curname, *newname;
3905  	int		found = 0;
3906  
3907  	mutex_enter(&mod_lock);
3908  
3909  	if ((modname = strrchr(filename, '/')) == NULL)
3910  		modname = filename;
3911  	else
3912  		modname++;
3913  
3914  	mp = &modules;
3915  	do {
3916  		if (strcmp(modname, mp->mod_modname) == 0) {
3917  			found = 1;
3918  			break;
3919  		}
3920  	} while ((mp = mp->mod_next) != &modules);
3921  
3922  	if (found == 0) {
3923  		mp = allocate_modp(filename, modname);
3924  		modadd(mp);
3925  	}
3926  
3927  	/*
3928  	 * if dep is not NULL, set the mp in mod_requisite_loading for
3929  	 * the module circular dependency check. This field is used in
3930  	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
3931  	 */
3932  	if (dep != NULL) {
3933  		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
3934  		dep->mod_requisite_loading = mp;
3935  	}
3936  
3937  	/*
3938  	 * If the module was held, then it must be us who has it held.
3939  	 */
3940  	if (mod_circdep(mp))
3941  		mp = NULL;
3942  	else {
3943  		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3944  
3945  		/*
3946  		 * If the name hadn't been set or has changed, allocate
3947  		 * space and set it.  Free space used by previous name.
3948  		 *
3949  		 * Do not change the name of primary modules, for primary
3950  		 * modules the mod_filename was allocated in standalone mode:
3951  		 * it is illegal to kobj_alloc in standalone mode and kobj_free
3952  		 * in non-standalone mode.
3953  		 */
3954  		curname = mp->mod_filename;
3955  		if (curname == NULL ||
3956  		    ((mp->mod_prim == 0) &&
3957  		    (curname != filename) &&
3958  		    (modname != filename) &&
3959  		    (strcmp(curname, filename) != 0))) {
3960  			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
3961  			(void) strcpy(newname, filename);
3962  			mp->mod_filename = newname;
3963  			if (curname != NULL)
3964  				kobj_free(curname, strlen(curname) + 1);
3965  		}
3966  	}
3967  
3968  	mutex_exit(&mod_lock);
3969  	if (mp && moddebug & MODDEBUG_LOADMSG2)
3970  		printf("Holding %s\n", mp->mod_filename);
3971  	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
3972  		printf("circular dependency loading %s\n", filename);
3973  	return (mp);
3974  }
3975  
3976  static struct modctl *
3977  mod_hold_by_name_requisite(struct modctl *dep, char *filename)
3978  {
3979  	return (mod_hold_by_name_common(dep, filename));
3980  }
3981  
3982  struct modctl *
3983  mod_hold_by_name(const char *filename)
3984  {
3985  	return (mod_hold_by_name_common(NULL, filename));
3986  }
3987  
3988  struct modctl *
3989  mod_hold_by_id(modid_t modid)
3990  {
3991  	struct modctl	*mp;
3992  	int		found = 0;
3993  
3994  	mutex_enter(&mod_lock);
3995  	mp = &modules;
3996  	do {
3997  		if (mp->mod_id == modid) {
3998  			found = 1;
3999  			break;
4000  		}
4001  	} while ((mp = mp->mod_next) != &modules);
4002  
4003  	if ((found == 0) || mod_circdep(mp))
4004  		mp = NULL;
4005  	else
4006  		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4007  
4008  	mutex_exit(&mod_lock);
4009  	return (mp);
4010  }
4011  
4012  static struct modctl *
4013  mod_hold_next_by_id(modid_t modid)
4014  {
4015  	struct modctl	*mp;
4016  	int		found = 0;
4017  
4018  	if (modid < -1)
4019  		return (NULL);
4020  
4021  	mutex_enter(&mod_lock);
4022  
4023  	mp = &modules;
4024  	do {
4025  		if (mp->mod_id > modid) {
4026  			found = 1;
4027  			break;
4028  		}
4029  	} while ((mp = mp->mod_next) != &modules);
4030  
4031  	if ((found == 0) || mod_circdep(mp))
4032  		mp = NULL;
4033  	else
4034  		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4035  
4036  	mutex_exit(&mod_lock);
4037  	return (mp);
4038  }
4039  
4040  static void
4041  mod_release(struct modctl *mp)
4042  {
4043  	ASSERT(MUTEX_HELD(&mod_lock));
4044  	ASSERT(mp->mod_busy);
4045  
4046  	mp->mod_busy = 0;
4047  	mp->mod_inprogress_thread = NULL;
4048  	if (mp->mod_want) {
4049  		mp->mod_want = 0;
4050  		cv_broadcast(&mod_cv);
4051  	}
4052  }
4053  
4054  void
4055  mod_release_mod(struct modctl *mp)
4056  {
4057  	if (moddebug & MODDEBUG_LOADMSG2)
4058  		printf("Releasing %s\n", mp->mod_filename);
4059  	mutex_enter(&mod_lock);
4060  	mod_release(mp);
4061  	mutex_exit(&mod_lock);
4062  }
4063  
4064  modid_t
4065  mod_name_to_modid(char *filename)
4066  {
4067  	char		*modname;
4068  	struct modctl	*mp;
4069  
4070  	mutex_enter(&mod_lock);
4071  
4072  	if ((modname = strrchr(filename, '/')) == NULL)
4073  		modname = filename;
4074  	else
4075  		modname++;
4076  
4077  	mp = &modules;
4078  	do {
4079  		if (strcmp(modname, mp->mod_modname) == 0) {
4080  			mutex_exit(&mod_lock);
4081  			return (mp->mod_id);
4082  		}
4083  	} while ((mp = mp->mod_next) != &modules);
4084  
4085  	mutex_exit(&mod_lock);
4086  	return (-1);
4087  }
4088  
4089  
4090  int
4091  mod_remove_by_name(char *name)
4092  {
4093  	struct modctl *mp;
4094  	int retval;
4095  
4096  	mp = mod_hold_by_name(name);
4097  
4098  	if (mp == NULL)
4099  		return (EINVAL);
4100  
4101  	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4102  		/*
4103  		 * Do not unload forceloaded modules
4104  		 */
4105  		mod_release_mod(mp);
4106  		return (0);
4107  	}
4108  
4109  	if ((retval = moduninstall(mp)) == 0) {
4110  		mod_unload(mp);
4111  		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4112  	} else if (retval == EALREADY)
4113  		retval = 0;		/* already unloaded, not an error */
4114  	mod_release_mod(mp);
4115  	return (retval);
4116  }
4117  
4118  /*
4119   * Record that module "dep" is dependent on module "on_mod."
4120   */
4121  static void
4122  mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4123  {
4124  	struct modctl_list **pmlnp;	/* previous next pointer */
4125  	struct modctl_list *mlp;
4126  	struct modctl_list *new;
4127  
4128  	ASSERT(dependent->mod_busy && on_mod->mod_busy);
4129  	mutex_enter(&mod_lock);
4130  
4131  	/*
4132  	 * Search dependent's requisite list to see if on_mod is recorded.
4133  	 * List is ordered by id.
4134  	 */
4135  	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4136  	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4137  		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4138  			break;
4139  
4140  	/* Create and insert if not already recorded */
4141  	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4142  		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4143  		new->modl_modp = on_mod;
4144  		new->modl_next = mlp;
4145  		*pmlnp = new;
4146  
4147  		/*
4148  		 * Increment the mod_ref count in our new requisite module.
4149  		 * This is what keeps a module that has other modules
4150  		 * which are dependent on it from being uninstalled and
4151  		 * unloaded. "on_mod"'s mod_ref count decremented in
4152  		 * mod_release_requisites when the "dependent" module
4153  		 * unload is complete.  "on_mod" must be loaded, but may not
4154  		 * yet be installed.
4155  		 */
4156  		on_mod->mod_ref++;
4157  		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4158  	}
4159  
4160  	mutex_exit(&mod_lock);
4161  }
4162  
4163  /*
4164   * release the hold associated with mod_make_requisite mod_ref++
4165   * as part of unload.
4166   */
4167  void
4168  mod_release_requisites(struct modctl *modp)
4169  {
4170  	struct modctl_list *modl;
4171  	struct modctl_list *next;
4172  	struct modctl *req;
4173  	struct modctl_list *start = NULL, *mod_garbage;
4174  
4175  	ASSERT(modp->mod_busy);
4176  	ASSERT(!MUTEX_HELD(&mod_lock));
4177  
4178  	mutex_enter(&mod_lock);		/* needed for manipulation of req */
4179  	for (modl = modp->mod_requisites; modl; modl = next) {
4180  		next = modl->modl_next;
4181  		req = modl->modl_modp;
4182  		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4183  		req->mod_ref--;
4184  
4185  		/*
4186  		 * Check if the module has to be unloaded or not.
4187  		 */
4188  		if (req->mod_ref == 0 && req->mod_delay_unload) {
4189  			struct modctl_list *new;
4190  			/*
4191  			 * Allocate the modclt_list holding the garbage
4192  			 * module which should be unloaded later.
4193  			 */
4194  			new = kobj_zalloc(sizeof (struct modctl_list),
4195  			    KM_SLEEP);
4196  			new->modl_modp = req;
4197  
4198  			if (start == NULL)
4199  				mod_garbage = start = new;
4200  			else {
4201  				mod_garbage->modl_next = new;
4202  				mod_garbage = new;
4203  			}
4204  		}
4205  
4206  		/* free the list as we go */
4207  		kobj_free(modl, sizeof (*modl));
4208  	}
4209  	modp->mod_requisites = NULL;
4210  	mutex_exit(&mod_lock);
4211  
4212  	/*
4213  	 * Unload the garbage modules.
4214  	 */
4215  	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4216  		struct modctl_list *old = mod_garbage;
4217  		struct modctl *mp = mod_garbage->modl_modp;
4218  		ASSERT(mp != NULL);
4219  
4220  		/*
4221  		 * Hold this module until it's unloaded completely.
4222  		 */
4223  		(void) mod_hold_by_modctl(mp,
4224  		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4225  		/*
4226  		 * Check if the module is not unloaded yet and nobody requires
4227  		 * the module. If it's unloaded already or somebody still
4228  		 * requires the module, don't unload it now.
4229  		 */
4230  		if (mp->mod_loaded && mp->mod_ref == 0)
4231  			mod_unload(mp);
4232  		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4233  		    (mp->mod_ref > 0));
4234  		mod_release_mod(mp);
4235  
4236  		mod_garbage = mod_garbage->modl_next;
4237  		kobj_free(old, sizeof (struct modctl_list));
4238  	}
4239  }
4240  
4241  /*
4242   * Process dependency of the module represented by "dep" on the
4243   * module named by "on."
4244   *
4245   * Called from kobj_do_dependents() to load a module "on" on which
4246   * "dep" depends.
4247   */
4248  struct modctl *
4249  mod_load_requisite(struct modctl *dep, char *on)
4250  {
4251  	struct modctl *on_mod;
4252  	int retval;
4253  
4254  	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4255  		mod_make_requisite(dep, on_mod);
4256  	} else if (moddebug & MODDEBUG_ERRMSG) {
4257  		printf("error processing %s on which module %s depends\n",
4258  		    on, dep->mod_modname);
4259  	}
4260  	return (on_mod);
4261  }
4262  
4263  static int
4264  mod_install_requisites(struct modctl *modp)
4265  {
4266  	struct modctl_list *modl;
4267  	struct modctl *req;
4268  	int status = 0;
4269  
4270  	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4271  	ASSERT(modp->mod_busy);
4272  
4273  	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4274  		req = modl->modl_modp;
4275  		(void) mod_hold_by_modctl(req,
4276  		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4277  		status = modinstall(req);
4278  		mod_release_mod(req);
4279  
4280  		if (status != 0)
4281  			break;
4282  	}
4283  	return (status);
4284  }
4285  
4286  /*
4287   * returns 1 if this thread is doing autounload, 0 otherwise.
4288   * see mod_uninstall_all.
4289   */
4290  int
4291  mod_in_autounload()
4292  {
4293  	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4294  }
4295  
4296  /*
4297   * gmatch adapted from libc, stripping the wchar stuff
4298   */
4299  #define	popchar(p, c)	{ \
4300  		c = *p++; \
4301  		if (c == 0) { \
4302  			return (0); \
4303  		} \
4304  	}
4305  
4306  int
4307  gmatch(const char *s, const char *p)
4308  {
4309  	int c, sc;
4310  	int ok, lc, notflag;
4311  
4312  	sc = *s++;
4313  	c = *p++;
4314  	if (c == 0)
4315  		return (sc == c);	/* nothing matches nothing */
4316  
4317  	switch (c) {
4318  	case '\\':
4319  		/* skip to quoted character */
4320  		popchar(p, c);
4321  		/*FALLTHRU*/
4322  
4323  	default:
4324  		/* straight comparison */
4325  		if (c != sc)
4326  			return (0);
4327  		/*FALLTHRU*/
4328  
4329  	case '?':
4330  		/* first char matches, move to remainder */
4331  		return (sc != '\0' ? gmatch(s, p) : 0);
4332  
4333  
4334  	case '*':
4335  		while (*p == '*')
4336  			p++;
4337  
4338  		/* * matches everything */
4339  		if (*p == 0)
4340  			return (1);
4341  
4342  		/* undo skip at the beginning & iterate over substrings */
4343  		--s;
4344  		while (*s) {
4345  			if (gmatch(s, p))
4346  				return (1);
4347  			s++;
4348  		}
4349  		return (0);
4350  
4351  	case '[':
4352  		/* match any char within [] */
4353  		if (sc == 0)
4354  			return (0);
4355  
4356  		ok = lc = notflag = 0;
4357  
4358  		if (*p == '!') {
4359  			notflag = 1;
4360  			p++;
4361  		}
4362  		popchar(p, c);
4363  
4364  		do {
4365  			if (c == '-' && lc && *p != ']') {
4366  				/* test sc against range [c1-c2] */
4367  				popchar(p, c);
4368  				if (c == '\\') {
4369  					popchar(p, c);
4370  				}
4371  
4372  				if (notflag) {
4373  					/* return 0 on mismatch */
4374  					if (lc <= sc && sc <= c)
4375  						return (0);
4376  					ok++;
4377  				} else if (lc <= sc && sc <= c) {
4378  					ok++;
4379  				}
4380  				/* keep going, may get a match next */
4381  			} else if (c == '\\') {
4382  				/* skip to quoted character */
4383  				popchar(p, c);
4384  			}
4385  			lc = c;
4386  			if (notflag) {
4387  				if (sc == lc)
4388  					return (0);
4389  				ok++;
4390  			} else if (sc == lc) {
4391  				ok++;
4392  			}
4393  			popchar(p, c);
4394  		} while (c != ']');
4395  
4396  		/* recurse on remainder of string */
4397  		return (ok ? gmatch(s, p) : 0);
4398  	}
4399  	/*NOTREACHED*/
4400  }
4401  
4402  
4403  /*
4404   * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4405   *
4406   * Pure wild-carded patterns are handled separately so the ordering of
4407   * these patterns doesn't matter.  We're still dependent on ordering
4408   * however as the first matching entry is the one returned.
4409   * Not ideal but all existing examples and usage do imply this
4410   * ordering implicitly.
4411   *
4412   * Drivers using the clone driver are always good for some entertainment.
4413   * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4414   * perm entries have the form clone:<driver>, others use <driver>:*
4415   * Examples are clone:llc1 vs. llc2:*, for example.
4416   *
4417   * Minor perms in the clone:<driver> form are mapped to the drivers's
4418   * mperm list, not the clone driver, as wildcard entries for clone
4419   * reference only.  In other words, a clone wildcard will match
4420   * references for clone@0:<driver> but never <driver>@<minor>.
4421   *
4422   * Additional minor perms in the standard form are also supported,
4423   * for mixed usage, ie a node with an entry clone:<driver> could
4424   * provide further entries <driver>:<minor>.
4425   *
4426   * Finally, some uses of clone use an alias as the minor name rather
4427   * than the driver name, with the alias as the minor perm entry.
4428   * This case is handled by attaching the driver to bring its
4429   * minor list into existence, then discover the alias via DDI_ALIAS.
4430   * The clone device's minor perm list can then be searched for
4431   * that alias.
4432   */
4433  
4434  static int
4435  dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4436  {
4437  	major_t			major;
4438  	struct devnames		*dnp;
4439  	mperm_t			*mp;
4440  	char			*alias = NULL;
4441  	dev_info_t		*cdevi;
4442  	int			circ;
4443  	struct ddi_minor_data	*dmd;
4444  
4445  	major = ddi_name_to_major(minor_name);
4446  
4447  	ASSERT(dip == clone_dip);
4448  	ASSERT(major != DDI_MAJOR_T_NONE);
4449  
4450  	/*
4451  	 * Attach the driver named by the minor node, then
4452  	 * search its first instance's minor list for an
4453  	 * alias node.
4454  	 */
4455  	if (ddi_hold_installed_driver(major) == NULL)
4456  		return (1);
4457  
4458  	dnp = &devnamesp[major];
4459  	LOCK_DEV_OPS(&dnp->dn_lock);
4460  
4461  	if ((cdevi = dnp->dn_head) != NULL) {
4462  		ndi_devi_enter(cdevi, &circ);
4463  		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4464  			if (dmd->type == DDM_ALIAS) {
4465  				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4466  				break;
4467  			}
4468  		}
4469  		ndi_devi_exit(cdevi, circ);
4470  	}
4471  
4472  	UNLOCK_DEV_OPS(&dnp->dn_lock);
4473  	ddi_rele_driver(major);
4474  
4475  	if (alias == NULL) {
4476  		if (moddebug & MODDEBUG_MINORPERM)
4477  			cmn_err(CE_CONT, "dev_minorperm: "
4478  			    "no alias for %s\n", minor_name);
4479  		return (1);
4480  	}
4481  
4482  	major = ddi_driver_major(clone_dip);
4483  	dnp = &devnamesp[major];
4484  	LOCK_DEV_OPS(&dnp->dn_lock);
4485  
4486  	/*
4487  	 * Go through the clone driver's mperm list looking
4488  	 * for a match for the specified alias.
4489  	 */
4490  	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4491  		if (strcmp(alias, mp->mp_minorname) == 0) {
4492  			break;
4493  		}
4494  	}
4495  
4496  	if (mp) {
4497  		if (moddebug & MODDEBUG_MP_MATCH) {
4498  			cmn_err(CE_CONT,
4499  			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4500  			    minor_name, alias, mp->mp_mode,
4501  			    mp->mp_uid, mp->mp_gid);
4502  		}
4503  		rmp->mp_uid = mp->mp_uid;
4504  		rmp->mp_gid = mp->mp_gid;
4505  		rmp->mp_mode = mp->mp_mode;
4506  	}
4507  	UNLOCK_DEV_OPS(&dnp->dn_lock);
4508  
4509  	kmem_free(alias, strlen(alias)+1);
4510  
4511  	return (mp == NULL);
4512  }
4513  
4514  int
4515  dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4516  {
4517  	major_t major;
4518  	char *minor_name;
4519  	struct devnames *dnp;
4520  	mperm_t *mp;
4521  	int is_clone = 0;
4522  
4523  	if (!minorperm_loaded) {
4524  		if (moddebug & MODDEBUG_MINORPERM)
4525  			cmn_err(CE_CONT,
4526  			    "%s: minor perm not yet loaded\n", name);
4527  		return (1);
4528  	}
4529  
4530  	minor_name = strchr(name, ':');
4531  	if (minor_name == NULL)
4532  		return (1);
4533  	minor_name++;
4534  
4535  	/*
4536  	 * If it's the clone driver, search the driver as named
4537  	 * by the minor.  All clone minor perm entries other than
4538  	 * alias nodes are actually installed on the real driver's list.
4539  	 */
4540  	if (dip == clone_dip) {
4541  		major = ddi_name_to_major(minor_name);
4542  		if (major == DDI_MAJOR_T_NONE) {
4543  			if (moddebug & MODDEBUG_MINORPERM)
4544  				cmn_err(CE_CONT, "dev_minorperm: "
4545  				    "%s: no such driver\n", minor_name);
4546  			return (1);
4547  		}
4548  		is_clone = 1;
4549  	} else {
4550  		major = ddi_driver_major(dip);
4551  		ASSERT(major != DDI_MAJOR_T_NONE);
4552  	}
4553  
4554  	dnp = &devnamesp[major];
4555  	LOCK_DEV_OPS(&dnp->dn_lock);
4556  
4557  	/*
4558  	 * Go through the driver's mperm list looking for
4559  	 * a match for the specified minor.  If there's
4560  	 * no matching pattern, use the wild card.
4561  	 * Defer to the clone wild for clone if specified,
4562  	 * otherwise fall back to the normal form.
4563  	 */
4564  	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4565  		if (gmatch(minor_name, mp->mp_minorname) != 0) {
4566  			break;
4567  		}
4568  	}
4569  	if (mp == NULL) {
4570  		if (is_clone)
4571  			mp = dnp->dn_mperm_clone;
4572  		if (mp == NULL)
4573  			mp = dnp->dn_mperm_wild;
4574  	}
4575  
4576  	if (mp) {
4577  		if (moddebug & MODDEBUG_MP_MATCH) {
4578  			cmn_err(CE_CONT,
4579  			    "minor perm defaults: %s %s 0%o %d %d\n",
4580  			    name, mp->mp_minorname, mp->mp_mode,
4581  			    mp->mp_uid, mp->mp_gid);
4582  		}
4583  		rmp->mp_uid = mp->mp_uid;
4584  		rmp->mp_gid = mp->mp_gid;
4585  		rmp->mp_mode = mp->mp_mode;
4586  	}
4587  	UNLOCK_DEV_OPS(&dnp->dn_lock);
4588  
4589  	/*
4590  	 * If no match can be found for a clone node,
4591  	 * search for a possible match for an alias.
4592  	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4593  	 * with minor perm entry clone:ptmx.
4594  	 */
4595  	if (mp == NULL && is_clone) {
4596  		return (dev_alias_minorperm(dip, minor_name, rmp));
4597  	}
4598  
4599  	return (mp == NULL);
4600  }
4601  
4602  /*
4603   * dynamicaly reference load a dl module/library, returning handle
4604   */
4605  /*ARGSUSED*/
4606  ddi_modhandle_t
4607  ddi_modopen(const char *modname, int mode, int *errnop)
4608  {
4609  	char		*subdir;
4610  	char		*mod;
4611  	int		subdirlen;
4612  	struct modctl	*hmodp = NULL;
4613  	int		retval = EINVAL;
4614  
4615  	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4616  	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4617  		goto out;
4618  
4619  	/* find last '/' in modname */
4620  	mod = strrchr(modname, '/');
4621  
4622  	if (mod) {
4623  		/* for subdir string without modification to argument */
4624  		mod++;
4625  		subdirlen = mod - modname;
4626  		subdir = kmem_alloc(subdirlen, KM_SLEEP);
4627  		(void) strlcpy(subdir, modname, subdirlen);
4628  	} else {
4629  		subdirlen = 0;
4630  		subdir = "misc";
4631  		mod = (char *)modname;
4632  	}
4633  
4634  	/* reference load with errno return value */
4635  	retval = modrload(subdir, mod, &hmodp);
4636  
4637  	if (subdirlen)
4638  		kmem_free(subdir, subdirlen);
4639  
4640  out:	if (errnop)
4641  		*errnop = retval;
4642  
4643  	if (moddebug & MODDEBUG_DDI_MOD)
4644  		printf("ddi_modopen %s mode %x: %s %p %d\n",
4645  		    modname ? modname : "<unknown>", mode,
4646  		    hmodp ? hmodp->mod_filename : "<unknown>",
4647  		    (void *)hmodp, retval);
4648  
4649  	return ((ddi_modhandle_t)hmodp);
4650  }
4651  
4652  /* lookup "name" in open dl module/library */
4653  void *
4654  ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4655  {
4656  	struct modctl	*hmodp = (struct modctl *)h;
4657  	void		*f;
4658  	int		retval;
4659  
4660  	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4661  	if ((hmodp == NULL) || (name == NULL) ||
4662  	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4663  		f = NULL;
4664  		retval = EINVAL;
4665  	} else {
4666  		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4667  		if (f)
4668  			retval = 0;
4669  		else
4670  			retval = ENOTSUP;
4671  	}
4672  
4673  	if (moddebug & MODDEBUG_DDI_MOD)
4674  		printf("ddi_modsym in %s of %s: %d %p\n",
4675  		    hmodp ? hmodp->mod_modname : "<unknown>",
4676  		    name ? name : "<unknown>", retval, f);
4677  
4678  	if (errnop)
4679  		*errnop = retval;
4680  	return (f);
4681  }
4682  
4683  /* dynamic (un)reference unload of an open dl module/library */
4684  int
4685  ddi_modclose(ddi_modhandle_t h)
4686  {
4687  	struct modctl	*hmodp = (struct modctl *)h;
4688  	struct modctl	*modp = NULL;
4689  	int		retval;
4690  
4691  	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4692  	if ((hmodp == NULL) ||
4693  	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4694  		retval = EINVAL;
4695  		goto out;
4696  	}
4697  
4698  	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4699  	if (retval == EBUSY)
4700  		retval = 0;	/* EBUSY is not an error */
4701  
4702  	if (retval == 0) {
4703  		ASSERT(hmodp == modp);
4704  		if (hmodp != modp)
4705  			retval = EINVAL;
4706  	}
4707  
4708  out:	if (moddebug & MODDEBUG_DDI_MOD)
4709  		printf("ddi_modclose %s: %d\n",
4710  		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
4711  
4712  	return (retval);
4713  }
4714