xref: /titanic_50/usr/src/cmd/mdb/common/modules/genunix/genunix.c (revision b51e13bf985efd1ff98249cad2824f2952f13ecb)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <mdb/mdb_param.h>
27 #include <mdb/mdb_modapi.h>
28 #include <mdb/mdb_ks.h>
29 #include <mdb/mdb_ctf.h>
30 
31 #include <sys/types.h>
32 #include <sys/thread.h>
33 #include <sys/session.h>
34 #include <sys/user.h>
35 #include <sys/proc.h>
36 #include <sys/var.h>
37 #include <sys/t_lock.h>
38 #include <sys/systm.h>
39 #include <sys/callo.h>
40 #include <sys/priocntl.h>
41 #include <sys/class.h>
42 #include <sys/regset.h>
43 #include <sys/stack.h>
44 #include <sys/cpuvar.h>
45 #include <sys/vnode.h>
46 #include <sys/vfs.h>
47 #include <sys/flock_impl.h>
48 #include <sys/kmem_impl.h>
49 #include <sys/vmem_impl.h>
50 #include <sys/kstat.h>
51 #include <vm/seg_vn.h>
52 #include <vm/anon.h>
53 #include <vm/as.h>
54 #include <vm/seg_map.h>
55 #include <sys/dditypes.h>
56 #include <sys/ddi_impldefs.h>
57 #include <sys/sysmacros.h>
58 #include <sys/sysconf.h>
59 #include <sys/task.h>
60 #include <sys/project.h>
61 #include <sys/errorq_impl.h>
62 #include <sys/cred_impl.h>
63 #include <sys/zone.h>
64 #include <sys/panic.h>
65 #include <regex.h>
66 #include <sys/port_impl.h>
67 
68 #include "avl.h"
69 #include "bio.h"
70 #include "bitset.h"
71 #include "combined.h"
72 #include "contract.h"
73 #include "cpupart_mdb.h"
74 #include "ctxop.h"
75 #include "cyclic.h"
76 #include "damap.h"
77 #include "devinfo.h"
78 #include "findstack.h"
79 #include "fm.h"
80 #include "group.h"
81 #include "irm.h"
82 #include "kgrep.h"
83 #include "kmem.h"
84 #include "ldi.h"
85 #include "leaky.h"
86 #include "lgrp.h"
87 #include "list.h"
88 #include "log.h"
89 #include "mdi.h"
90 #include "memory.h"
91 #include "mmd.h"
92 #include "modhash.h"
93 #include "ndievents.h"
94 #include "net.h"
95 #include "netstack.h"
96 #include "nvpair.h"
97 #include "pg.h"
98 #include "rctl.h"
99 #include "sobj.h"
100 #include "streams.h"
101 #include "sysevent.h"
102 #include "taskq.h"
103 #include "thread.h"
104 #include "tsd.h"
105 #include "tsol.h"
106 #include "typegraph.h"
107 #include "vfs.h"
108 #include "zone.h"
109 
110 /*
111  * Surely this is defined somewhere...
112  */
113 #define	NINTR		16
114 
115 #define	KILOS		10
116 #define	MEGS		20
117 #define	GIGS		30
118 
119 #ifndef STACK_BIAS
120 #define	STACK_BIAS	0
121 #endif
122 
123 static char
124 pstat2ch(uchar_t state)
125 {
126 	switch (state) {
127 		case SSLEEP: return ('S');
128 		case SRUN: return ('R');
129 		case SZOMB: return ('Z');
130 		case SIDL: return ('I');
131 		case SONPROC: return ('O');
132 		case SSTOP: return ('T');
133 		case SWAIT: return ('W');
134 		default: return ('?');
135 	}
136 }
137 
138 #define	PS_PRTTHREADS	0x1
139 #define	PS_PRTLWPS	0x2
140 #define	PS_PSARGS	0x4
141 #define	PS_TASKS	0x8
142 #define	PS_PROJECTS	0x10
143 #define	PS_ZONES	0x20
144 
145 static int
146 ps_threadprint(uintptr_t addr, const void *data, void *private)
147 {
148 	const kthread_t *t = (const kthread_t *)data;
149 	uint_t prt_flags = *((uint_t *)private);
150 
151 	static const mdb_bitmask_t t_state_bits[] = {
152 		{ "TS_FREE",	UINT_MAX,	TS_FREE		},
153 		{ "TS_SLEEP",	TS_SLEEP,	TS_SLEEP	},
154 		{ "TS_RUN",	TS_RUN,		TS_RUN		},
155 		{ "TS_ONPROC",	TS_ONPROC,	TS_ONPROC	},
156 		{ "TS_ZOMB",	TS_ZOMB,	TS_ZOMB		},
157 		{ "TS_STOPPED",	TS_STOPPED,	TS_STOPPED	},
158 		{ "TS_WAIT",	TS_WAIT,	TS_WAIT		},
159 		{ NULL,		0,		0		}
160 	};
161 
162 	if (prt_flags & PS_PRTTHREADS)
163 		mdb_printf("\tT  %?a <%b>\n", addr, t->t_state, t_state_bits);
164 
165 	if (prt_flags & PS_PRTLWPS)
166 		mdb_printf("\tL  %?a ID: %u\n", t->t_lwp, t->t_tid);
167 
168 	return (WALK_NEXT);
169 }
170 
171 int
172 ps(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
173 {
174 	uint_t prt_flags = 0;
175 	proc_t pr;
176 	struct pid pid, pgid, sid;
177 	sess_t session;
178 	cred_t cred;
179 	task_t tk;
180 	kproject_t pj;
181 	zone_t zn;
182 
183 	if (!(flags & DCMD_ADDRSPEC)) {
184 		if (mdb_walk_dcmd("proc", "ps", argc, argv) == -1) {
185 			mdb_warn("can't walk 'proc'");
186 			return (DCMD_ERR);
187 		}
188 		return (DCMD_OK);
189 	}
190 
191 	if (mdb_getopts(argc, argv,
192 	    'f', MDB_OPT_SETBITS, PS_PSARGS, &prt_flags,
193 	    'l', MDB_OPT_SETBITS, PS_PRTLWPS, &prt_flags,
194 	    'T', MDB_OPT_SETBITS, PS_TASKS, &prt_flags,
195 	    'P', MDB_OPT_SETBITS, PS_PROJECTS, &prt_flags,
196 	    'z', MDB_OPT_SETBITS, PS_ZONES, &prt_flags,
197 	    't', MDB_OPT_SETBITS, PS_PRTTHREADS, &prt_flags, NULL) != argc)
198 		return (DCMD_USAGE);
199 
200 	if (DCMD_HDRSPEC(flags)) {
201 		mdb_printf("%<u>%1s %6s %6s %6s %6s ",
202 		    "S", "PID", "PPID", "PGID", "SID");
203 		if (prt_flags & PS_TASKS)
204 			mdb_printf("%5s ", "TASK");
205 		if (prt_flags & PS_PROJECTS)
206 			mdb_printf("%5s ", "PROJ");
207 		if (prt_flags & PS_ZONES)
208 			mdb_printf("%5s ", "ZONE");
209 		mdb_printf("%6s %10s %?s %s%</u>\n",
210 		    "UID", "FLAGS", "ADDR", "NAME");
211 	}
212 
213 	mdb_vread(&pr, sizeof (pr), addr);
214 	mdb_vread(&pid, sizeof (pid), (uintptr_t)pr.p_pidp);
215 	mdb_vread(&pgid, sizeof (pgid), (uintptr_t)pr.p_pgidp);
216 	mdb_vread(&cred, sizeof (cred), (uintptr_t)pr.p_cred);
217 	mdb_vread(&session, sizeof (session), (uintptr_t)pr.p_sessp);
218 	mdb_vread(&sid, sizeof (sid), (uintptr_t)session.s_sidp);
219 	if (prt_flags & (PS_TASKS | PS_PROJECTS))
220 		mdb_vread(&tk, sizeof (tk), (uintptr_t)pr.p_task);
221 	if (prt_flags & PS_PROJECTS)
222 		mdb_vread(&pj, sizeof (pj), (uintptr_t)tk.tk_proj);
223 	if (prt_flags & PS_ZONES)
224 		mdb_vread(&zn, sizeof (zone_t), (uintptr_t)pr.p_zone);
225 
226 	mdb_printf("%c %6d %6d %6d %6d ",
227 	    pstat2ch(pr.p_stat), pid.pid_id, pr.p_ppid, pgid.pid_id,
228 	    sid.pid_id);
229 	if (prt_flags & PS_TASKS)
230 		mdb_printf("%5d ", tk.tk_tkid);
231 	if (prt_flags & PS_PROJECTS)
232 		mdb_printf("%5d ", pj.kpj_id);
233 	if (prt_flags & PS_ZONES)
234 		mdb_printf("%5d ", zn.zone_id);
235 	mdb_printf("%6d 0x%08x %0?p %s\n",
236 	    cred.cr_uid, pr.p_flag, addr,
237 	    (prt_flags & PS_PSARGS) ? pr.p_user.u_psargs : pr.p_user.u_comm);
238 
239 	if (prt_flags & ~PS_PSARGS)
240 		(void) mdb_pwalk("thread", ps_threadprint, &prt_flags, addr);
241 
242 	return (DCMD_OK);
243 }
244 
245 #define	PG_NEWEST	0x0001
246 #define	PG_OLDEST	0x0002
247 #define	PG_PIPE_OUT	0x0004
248 #define	PG_EXACT_MATCH	0x0008
249 
250 typedef struct pgrep_data {
251 	uint_t pg_flags;
252 	uint_t pg_psflags;
253 	uintptr_t pg_xaddr;
254 	hrtime_t pg_xstart;
255 	const char *pg_pat;
256 #ifndef _KMDB
257 	regex_t pg_reg;
258 #endif
259 } pgrep_data_t;
260 
261 /*ARGSUSED*/
262 static int
263 pgrep_cb(uintptr_t addr, const void *pdata, void *data)
264 {
265 	const proc_t *prp = pdata;
266 	pgrep_data_t *pgp = data;
267 #ifndef _KMDB
268 	regmatch_t pmatch;
269 #endif
270 
271 	/*
272 	 * kmdb doesn't have access to the reg* functions, so we fall back
273 	 * to strstr/strcmp.
274 	 */
275 #ifdef _KMDB
276 	if ((pgp->pg_flags & PG_EXACT_MATCH) ?
277 	    (strcmp(prp->p_user.u_comm, pgp->pg_pat) != 0) :
278 	    (strstr(prp->p_user.u_comm, pgp->pg_pat) == NULL))
279 		return (WALK_NEXT);
280 #else
281 	if (regexec(&pgp->pg_reg, prp->p_user.u_comm, 1, &pmatch, 0) != 0)
282 		return (WALK_NEXT);
283 
284 	if ((pgp->pg_flags & PG_EXACT_MATCH) &&
285 	    (pmatch.rm_so != 0 || prp->p_user.u_comm[pmatch.rm_eo] != '\0'))
286 		return (WALK_NEXT);
287 #endif
288 
289 	if (pgp->pg_flags & (PG_NEWEST | PG_OLDEST)) {
290 		hrtime_t start;
291 
292 		start = (hrtime_t)prp->p_user.u_start.tv_sec * NANOSEC +
293 		    prp->p_user.u_start.tv_nsec;
294 
295 		if (pgp->pg_flags & PG_NEWEST) {
296 			if (pgp->pg_xaddr == NULL || start > pgp->pg_xstart) {
297 				pgp->pg_xaddr = addr;
298 				pgp->pg_xstart = start;
299 			}
300 		} else {
301 			if (pgp->pg_xaddr == NULL || start < pgp->pg_xstart) {
302 				pgp->pg_xaddr = addr;
303 				pgp->pg_xstart = start;
304 			}
305 		}
306 
307 	} else if (pgp->pg_flags & PG_PIPE_OUT) {
308 		mdb_printf("%p\n", addr);
309 
310 	} else {
311 		if (mdb_call_dcmd("ps", addr, pgp->pg_psflags, 0, NULL) != 0) {
312 			mdb_warn("can't invoke 'ps'");
313 			return (WALK_DONE);
314 		}
315 		pgp->pg_psflags &= ~DCMD_LOOPFIRST;
316 	}
317 
318 	return (WALK_NEXT);
319 }
320 
321 /*ARGSUSED*/
322 int
323 pgrep(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
324 {
325 	pgrep_data_t pg;
326 	int i;
327 #ifndef _KMDB
328 	int err;
329 #endif
330 
331 	if (flags & DCMD_ADDRSPEC)
332 		return (DCMD_USAGE);
333 
334 	pg.pg_flags = 0;
335 	pg.pg_xaddr = 0;
336 
337 	i = mdb_getopts(argc, argv,
338 	    'n', MDB_OPT_SETBITS, PG_NEWEST, &pg.pg_flags,
339 	    'o', MDB_OPT_SETBITS, PG_OLDEST, &pg.pg_flags,
340 	    'x', MDB_OPT_SETBITS, PG_EXACT_MATCH, &pg.pg_flags,
341 	    NULL);
342 
343 	argc -= i;
344 	argv += i;
345 
346 	if (argc != 1)
347 		return (DCMD_USAGE);
348 
349 	/*
350 	 * -n and -o are mutually exclusive.
351 	 */
352 	if ((pg.pg_flags & PG_NEWEST) && (pg.pg_flags & PG_OLDEST))
353 		return (DCMD_USAGE);
354 
355 	if (argv->a_type != MDB_TYPE_STRING)
356 		return (DCMD_USAGE);
357 
358 	if (flags & DCMD_PIPE_OUT)
359 		pg.pg_flags |= PG_PIPE_OUT;
360 
361 	pg.pg_pat = argv->a_un.a_str;
362 	if (DCMD_HDRSPEC(flags))
363 		pg.pg_psflags = DCMD_ADDRSPEC | DCMD_LOOP | DCMD_LOOPFIRST;
364 	else
365 		pg.pg_psflags = DCMD_ADDRSPEC | DCMD_LOOP;
366 
367 #ifndef _KMDB
368 	if ((err = regcomp(&pg.pg_reg, pg.pg_pat, REG_EXTENDED)) != 0) {
369 		size_t nbytes;
370 		char *buf;
371 
372 		nbytes = regerror(err, &pg.pg_reg, NULL, 0);
373 		buf = mdb_alloc(nbytes + 1, UM_SLEEP | UM_GC);
374 		(void) regerror(err, &pg.pg_reg, buf, nbytes);
375 		mdb_warn("%s\n", buf);
376 
377 		return (DCMD_ERR);
378 	}
379 #endif
380 
381 	if (mdb_walk("proc", pgrep_cb, &pg) != 0) {
382 		mdb_warn("can't walk 'proc'");
383 		return (DCMD_ERR);
384 	}
385 
386 	if (pg.pg_xaddr != 0 && (pg.pg_flags & (PG_NEWEST | PG_OLDEST))) {
387 		if (pg.pg_flags & PG_PIPE_OUT) {
388 			mdb_printf("%p\n", pg.pg_xaddr);
389 		} else {
390 			if (mdb_call_dcmd("ps", pg.pg_xaddr, pg.pg_psflags,
391 			    0, NULL) != 0) {
392 				mdb_warn("can't invoke 'ps'");
393 				return (DCMD_ERR);
394 			}
395 		}
396 	}
397 
398 	return (DCMD_OK);
399 }
400 
401 int
402 task(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
403 {
404 	task_t tk;
405 	kproject_t pj;
406 
407 	if (!(flags & DCMD_ADDRSPEC)) {
408 		if (mdb_walk_dcmd("task_cache", "task", argc, argv) == -1) {
409 			mdb_warn("can't walk task_cache");
410 			return (DCMD_ERR);
411 		}
412 		return (DCMD_OK);
413 	}
414 	if (DCMD_HDRSPEC(flags)) {
415 		mdb_printf("%<u>%?s %6s %6s %6s %6s %10s%</u>\n",
416 		    "ADDR", "TASKID", "PROJID", "ZONEID", "REFCNT", "FLAGS");
417 	}
418 	if (mdb_vread(&tk, sizeof (task_t), addr) == -1) {
419 		mdb_warn("can't read task_t structure at %p", addr);
420 		return (DCMD_ERR);
421 	}
422 	if (mdb_vread(&pj, sizeof (kproject_t), (uintptr_t)tk.tk_proj) == -1) {
423 		mdb_warn("can't read project_t structure at %p", addr);
424 		return (DCMD_ERR);
425 	}
426 	mdb_printf("%0?p %6d %6d %6d %6u 0x%08x\n",
427 	    addr, tk.tk_tkid, pj.kpj_id, pj.kpj_zoneid, tk.tk_hold_count,
428 	    tk.tk_flags);
429 	return (DCMD_OK);
430 }
431 
432 int
433 project(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
434 {
435 	kproject_t pj;
436 
437 	if (!(flags & DCMD_ADDRSPEC)) {
438 		if (mdb_walk_dcmd("projects", "project", argc, argv) == -1) {
439 			mdb_warn("can't walk projects");
440 			return (DCMD_ERR);
441 		}
442 		return (DCMD_OK);
443 	}
444 	if (DCMD_HDRSPEC(flags)) {
445 		mdb_printf("%<u>%?s %6s %6s %6s%</u>\n",
446 		    "ADDR", "PROJID", "ZONEID", "REFCNT");
447 	}
448 	if (mdb_vread(&pj, sizeof (kproject_t), addr) == -1) {
449 		mdb_warn("can't read kproject_t structure at %p", addr);
450 		return (DCMD_ERR);
451 	}
452 	mdb_printf("%0?p %6d %6d %6u\n", addr, pj.kpj_id, pj.kpj_zoneid,
453 	    pj.kpj_count);
454 	return (DCMD_OK);
455 }
456 
457 /* walk callouts themselves, either by list or id hash. */
458 int
459 callout_walk_init(mdb_walk_state_t *wsp)
460 {
461 	if (wsp->walk_addr == NULL) {
462 		mdb_warn("callout doesn't support global walk");
463 		return (WALK_ERR);
464 	}
465 	wsp->walk_data = mdb_alloc(sizeof (callout_t), UM_SLEEP);
466 	return (WALK_NEXT);
467 }
468 
469 #define	CALLOUT_WALK_BYLIST	0
470 #define	CALLOUT_WALK_BYID	1
471 
472 /* the walker arg switches between walking by list (0) and walking by id (1). */
473 int
474 callout_walk_step(mdb_walk_state_t *wsp)
475 {
476 	int retval;
477 
478 	if (wsp->walk_addr == NULL) {
479 		return (WALK_DONE);
480 	}
481 	if (mdb_vread(wsp->walk_data, sizeof (callout_t),
482 	    wsp->walk_addr) == -1) {
483 		mdb_warn("failed to read callout at %p", wsp->walk_addr);
484 		return (WALK_DONE);
485 	}
486 	retval = wsp->walk_callback(wsp->walk_addr, wsp->walk_data,
487 	    wsp->walk_cbdata);
488 
489 	if ((ulong_t)wsp->walk_arg == CALLOUT_WALK_BYID) {
490 		wsp->walk_addr =
491 		    (uintptr_t)(((callout_t *)wsp->walk_data)->c_idnext);
492 	} else {
493 		wsp->walk_addr =
494 		    (uintptr_t)(((callout_t *)wsp->walk_data)->c_clnext);
495 	}
496 
497 	return (retval);
498 }
499 
500 void
501 callout_walk_fini(mdb_walk_state_t *wsp)
502 {
503 	mdb_free(wsp->walk_data, sizeof (callout_t));
504 }
505 
506 /*
507  * walker for callout lists. This is different from hashes and callouts.
508  * Thankfully, it's also simpler.
509  */
510 int
511 callout_list_walk_init(mdb_walk_state_t *wsp)
512 {
513 	if (wsp->walk_addr == NULL) {
514 		mdb_warn("callout list doesn't support global walk");
515 		return (WALK_ERR);
516 	}
517 	wsp->walk_data = mdb_alloc(sizeof (callout_list_t), UM_SLEEP);
518 	return (WALK_NEXT);
519 }
520 
521 int
522 callout_list_walk_step(mdb_walk_state_t *wsp)
523 {
524 	int retval;
525 
526 	if (wsp->walk_addr == NULL) {
527 		return (WALK_DONE);
528 	}
529 	if (mdb_vread(wsp->walk_data, sizeof (callout_list_t),
530 	    wsp->walk_addr) != sizeof (callout_list_t)) {
531 		mdb_warn("failed to read callout_list at %p", wsp->walk_addr);
532 		return (WALK_ERR);
533 	}
534 	retval = wsp->walk_callback(wsp->walk_addr, wsp->walk_data,
535 	    wsp->walk_cbdata);
536 
537 	wsp->walk_addr = (uintptr_t)
538 	    (((callout_list_t *)wsp->walk_data)->cl_next);
539 
540 	return (retval);
541 }
542 
543 void
544 callout_list_walk_fini(mdb_walk_state_t *wsp)
545 {
546 	mdb_free(wsp->walk_data, sizeof (callout_list_t));
547 }
548 
549 /* routines/structs to walk callout table(s) */
550 typedef struct cot_data {
551 	callout_table_t *ct0;
552 	callout_table_t ct;
553 	callout_hash_t cot_idhash[CALLOUT_BUCKETS];
554 	callout_hash_t cot_clhash[CALLOUT_BUCKETS];
555 	kstat_named_t ct_kstat_data[CALLOUT_NUM_STATS];
556 	int cotndx;
557 	int cotsize;
558 } cot_data_t;
559 
560 int
561 callout_table_walk_init(mdb_walk_state_t *wsp)
562 {
563 	int max_ncpus;
564 	cot_data_t *cot_walk_data;
565 
566 	cot_walk_data = mdb_alloc(sizeof (cot_data_t), UM_SLEEP);
567 
568 	if (wsp->walk_addr == NULL) {
569 		if (mdb_readvar(&cot_walk_data->ct0, "callout_table") == -1) {
570 			mdb_warn("failed to read 'callout_table'");
571 			return (WALK_ERR);
572 		}
573 		if (mdb_readvar(&max_ncpus, "max_ncpus") == -1) {
574 			mdb_warn("failed to get callout_table array size");
575 			return (WALK_ERR);
576 		}
577 		cot_walk_data->cotsize = CALLOUT_NTYPES * max_ncpus;
578 		wsp->walk_addr = (uintptr_t)cot_walk_data->ct0;
579 	} else {
580 		/* not a global walk */
581 		cot_walk_data->cotsize = 1;
582 	}
583 
584 	cot_walk_data->cotndx = 0;
585 	wsp->walk_data = cot_walk_data;
586 
587 	return (WALK_NEXT);
588 }
589 
590 int
591 callout_table_walk_step(mdb_walk_state_t *wsp)
592 {
593 	int retval;
594 	cot_data_t *cotwd = (cot_data_t *)wsp->walk_data;
595 	size_t size;
596 
597 	if (cotwd->cotndx >= cotwd->cotsize) {
598 		return (WALK_DONE);
599 	}
600 	if (mdb_vread(&(cotwd->ct), sizeof (callout_table_t),
601 	    wsp->walk_addr) != sizeof (callout_table_t)) {
602 		mdb_warn("failed to read callout_table at %p", wsp->walk_addr);
603 		return (WALK_ERR);
604 	}
605 
606 	size = sizeof (callout_hash_t) * CALLOUT_BUCKETS;
607 	if (cotwd->ct.ct_idhash != NULL) {
608 		if (mdb_vread(cotwd->cot_idhash, size,
609 		    (uintptr_t)(cotwd->ct.ct_idhash)) != size) {
610 			mdb_warn("failed to read id_hash at %p",
611 			    cotwd->ct.ct_idhash);
612 			return (WALK_ERR);
613 		}
614 	}
615 	if (cotwd->ct.ct_clhash != NULL) {
616 		if (mdb_vread(&(cotwd->cot_clhash), size,
617 		    (uintptr_t)cotwd->ct.ct_clhash) == -1) {
618 			mdb_warn("failed to read cl_hash at %p",
619 			    cotwd->ct.ct_clhash);
620 			return (WALK_ERR);
621 		}
622 	}
623 	size = sizeof (kstat_named_t) * CALLOUT_NUM_STATS;
624 	if (cotwd->ct.ct_kstat_data != NULL) {
625 		if (mdb_vread(&(cotwd->ct_kstat_data), size,
626 		    (uintptr_t)cotwd->ct.ct_kstat_data) == -1) {
627 			mdb_warn("failed to read kstats at %p",
628 			    cotwd->ct.ct_kstat_data);
629 			return (WALK_ERR);
630 		}
631 	}
632 	retval = wsp->walk_callback(wsp->walk_addr, (void *)cotwd,
633 	    wsp->walk_cbdata);
634 
635 	cotwd->cotndx++;
636 	if (cotwd->cotndx >= cotwd->cotsize) {
637 		return (WALK_DONE);
638 	}
639 	wsp->walk_addr = (uintptr_t)((char *)wsp->walk_addr +
640 	    sizeof (callout_table_t));
641 
642 	return (retval);
643 }
644 
645 void
646 callout_table_walk_fini(mdb_walk_state_t *wsp)
647 {
648 	mdb_free(wsp->walk_data, sizeof (cot_data_t));
649 }
650 
651 static const char *co_typenames[] = { "R", "N" };
652 
653 #define	CO_PLAIN_ID(xid)	((xid) & CALLOUT_ID_MASK)
654 
655 #define	TABLE_TO_SEQID(x)	((x) >> CALLOUT_TYPE_BITS)
656 
657 /* callout flags, in no particular order */
658 #define	COF_REAL	0x0000001
659 #define	COF_NORM	0x0000002
660 #define	COF_LONG	0x0000004
661 #define	COF_SHORT	0x0000008
662 #define	COF_EMPTY	0x0000010
663 #define	COF_TIME	0x0000020
664 #define	COF_BEFORE	0x0000040
665 #define	COF_AFTER	0x0000080
666 #define	COF_SEQID	0x0000100
667 #define	COF_FUNC	0x0000200
668 #define	COF_ADDR	0x0000400
669 #define	COF_EXEC	0x0000800
670 #define	COF_HIRES	0x0001000
671 #define	COF_ABS		0x0002000
672 #define	COF_TABLE	0x0004000
673 #define	COF_BYIDH	0x0008000
674 #define	COF_FREE	0x0010000
675 #define	COF_LIST	0x0020000
676 #define	COF_EXPREL	0x0040000
677 #define	COF_HDR		0x0080000
678 #define	COF_VERBOSE	0x0100000
679 #define	COF_LONGLIST	0x0200000
680 #define	COF_THDR	0x0400000
681 #define	COF_LHDR	0x0800000
682 #define	COF_CHDR	0x1000000
683 #define	COF_PARAM	0x2000000
684 #define	COF_DECODE	0x4000000
685 
686 /* show real and normal, short and long, expired and unexpired. */
687 #define	COF_DEFAULT	(COF_REAL | COF_NORM | COF_LONG | COF_SHORT)
688 
689 #define	COF_LIST_FLAGS	\
690 	(CALLOUT_LIST_FLAG_HRESTIME | CALLOUT_LIST_FLAG_ABSOLUTE)
691 
692 /* private callout data for callback functions */
693 typedef struct callout_data {
694 	uint_t flags;		/* COF_* */
695 	cpu_t *cpu;		/* cpu pointer if given */
696 	int seqid;		/* cpu seqid, or -1 */
697 	hrtime_t time;		/* expiration time value */
698 	hrtime_t atime;		/* expiration before value */
699 	hrtime_t btime;		/* expiration after value */
700 	uintptr_t funcaddr;	/* function address or NULL */
701 	uintptr_t param;	/* parameter to function or NULL */
702 	hrtime_t now;		/* current system time */
703 	int nsec_per_tick;	/* for conversions */
704 	ulong_t ctbits;		/* for decoding xid */
705 	callout_table_t *co_table;	/* top of callout table array */
706 	int ndx;		/* table index. */
707 	int bucket;		/* which list/id bucket are we in */
708 	hrtime_t exp;		/* expire time */
709 	int list_flags;		/* copy of cl_flags */
710 } callout_data_t;
711 
712 /* this callback does the actual callback itself (finally). */
713 /*ARGSUSED*/
714 static int
715 callouts_cb(uintptr_t addr, const void *data, void *priv)
716 {
717 	callout_data_t *coargs = (callout_data_t *)priv;
718 	callout_t *co = (callout_t *)data;
719 	int tableid, list_flags;
720 	callout_id_t coid;
721 
722 	if ((coargs == NULL) || (co == NULL)) {
723 		return (WALK_ERR);
724 	}
725 
726 	if ((coargs->flags & COF_FREE) && !(co->c_xid & CALLOUT_FREE)) {
727 		/*
728 		 * The callout must have been reallocated. No point in
729 		 * walking any more.
730 		 */
731 		return (WALK_DONE);
732 	}
733 	if (!(coargs->flags & COF_FREE) && (co->c_xid & CALLOUT_FREE)) {
734 		/*
735 		 * The callout must have been freed. No point in
736 		 * walking any more.
737 		 */
738 		return (WALK_DONE);
739 	}
740 	if ((coargs->flags & COF_FUNC) &&
741 	    (coargs->funcaddr != (uintptr_t)co->c_func)) {
742 		return (WALK_NEXT);
743 	}
744 	if ((coargs->flags & COF_PARAM) &&
745 	    (coargs->param != (uintptr_t)co->c_arg)) {
746 		return (WALK_NEXT);
747 	}
748 	if (!(coargs->flags & COF_LONG) && (co->c_xid & CALLOUT_LONGTERM)) {
749 		return (WALK_NEXT);
750 	}
751 	if (!(coargs->flags & COF_SHORT) && !(co->c_xid & CALLOUT_LONGTERM)) {
752 		return (WALK_NEXT);
753 	}
754 	if ((coargs->flags & COF_EXEC) && !(co->c_xid & CALLOUT_EXECUTING)) {
755 		return (WALK_NEXT);
756 	}
757 	/* it is possible we don't have the exp time or flags */
758 	if (coargs->flags & COF_BYIDH) {
759 		if (!(coargs->flags & COF_FREE)) {
760 			/* we have to fetch the expire time ourselves. */
761 			if (mdb_vread(&coargs->exp, sizeof (hrtime_t),
762 			    (uintptr_t)co->c_list + offsetof(callout_list_t,
763 			    cl_expiration)) == -1) {
764 				mdb_warn("failed to read expiration "
765 				    "time from %p", co->c_list);
766 				coargs->exp = 0;
767 			}
768 			/* and flags. */
769 			if (mdb_vread(&coargs->list_flags, sizeof (int),
770 			    (uintptr_t)co->c_list + offsetof(callout_list_t,
771 			    cl_flags)) == -1) {
772 				mdb_warn("failed to read list flags"
773 				    "from %p", co->c_list);
774 				coargs->list_flags = 0;
775 			}
776 		} else {
777 			/* free callouts can't use list pointer. */
778 			coargs->exp = 0;
779 			coargs->list_flags = 0;
780 		}
781 		if (coargs->exp != 0) {
782 			if ((coargs->flags & COF_TIME) &&
783 			    (coargs->exp != coargs->time)) {
784 				return (WALK_NEXT);
785 			}
786 			if ((coargs->flags & COF_BEFORE) &&
787 			    (coargs->exp > coargs->btime)) {
788 				return (WALK_NEXT);
789 			}
790 			if ((coargs->flags & COF_AFTER) &&
791 			    (coargs->exp < coargs->atime)) {
792 				return (WALK_NEXT);
793 			}
794 		}
795 		/* tricky part, since both HIRES and ABS can be set */
796 		list_flags = coargs->list_flags;
797 		if ((coargs->flags & COF_HIRES) && (coargs->flags & COF_ABS)) {
798 			/* both flags are set, only skip "regular" ones */
799 			if (! (list_flags & COF_LIST_FLAGS)) {
800 				return (WALK_NEXT);
801 			}
802 		} else {
803 			/* individual flags, or no flags */
804 			if ((coargs->flags & COF_HIRES) &&
805 			    !(list_flags & CALLOUT_LIST_FLAG_HRESTIME)) {
806 				return (WALK_NEXT);
807 			}
808 			if ((coargs->flags & COF_ABS) &&
809 			    !(list_flags & CALLOUT_LIST_FLAG_ABSOLUTE)) {
810 				return (WALK_NEXT);
811 			}
812 		}
813 	}
814 
815 #define	callout_table_mask	((1 << coargs->ctbits) - 1)
816 	tableid = CALLOUT_ID_TO_TABLE(co->c_xid);
817 #undef	callout_table_mask
818 	coid = CO_PLAIN_ID(co->c_xid);
819 
820 	if ((coargs->flags & COF_CHDR) && !(coargs->flags & COF_ADDR)) {
821 		/*
822 		 * We need to print the headers. If walking by id, then
823 		 * the list header isn't printed, so we must include
824 		 * that info here.
825 		 */
826 		if (!(coargs->flags & COF_VERBOSE)) {
827 			mdb_printf("%<u>%3s %-1s %-14s %</u>",
828 			    "SEQ", "T", "EXP");
829 		} else if (coargs->flags & COF_BYIDH) {
830 			mdb_printf("%<u>%-14s %</u>", "EXP");
831 		}
832 		mdb_printf("%<u>%-4s %-?s %-20s%</u>",
833 		    "XHAL", "XID", "FUNC(ARG)");
834 		if (coargs->flags & COF_LONGLIST) {
835 			mdb_printf("%<u> %-?s %-?s %-?s %-?s%</u>",
836 			    "PREVID", "NEXTID", "PREVL", "NEXTL");
837 			mdb_printf("%<u> %-?s %-4s %-?s%</u>",
838 			    "DONE", "UTOS", "THREAD");
839 		}
840 		mdb_printf("\n");
841 		coargs->flags &= ~COF_CHDR;
842 		coargs->flags |= (COF_THDR | COF_LHDR);
843 	}
844 
845 	if (!(coargs->flags & COF_ADDR)) {
846 		if (!(coargs->flags & COF_VERBOSE)) {
847 			mdb_printf("%-3d %1s %-14llx ",
848 			    TABLE_TO_SEQID(tableid),
849 			    co_typenames[tableid & CALLOUT_TYPE_MASK],
850 			    (coargs->flags & COF_EXPREL) ?
851 			    coargs->exp - coargs->now : coargs->exp);
852 		} else if (coargs->flags & COF_BYIDH) {
853 			mdb_printf("%-14x ",
854 			    (coargs->flags & COF_EXPREL) ?
855 			    coargs->exp - coargs->now : coargs->exp);
856 		}
857 		list_flags = coargs->list_flags;
858 		mdb_printf("%1s%1s%1s%1s %-?llx %a(%p)",
859 		    (co->c_xid & CALLOUT_EXECUTING) ? "X" : " ",
860 		    (list_flags & CALLOUT_LIST_FLAG_HRESTIME) ? "H" : " ",
861 		    (list_flags & CALLOUT_LIST_FLAG_ABSOLUTE) ? "A" : " ",
862 		    (co->c_xid & CALLOUT_LONGTERM) ? "L" : " ",
863 		    (long long)coid, co->c_func, co->c_arg);
864 		if (coargs->flags & COF_LONGLIST) {
865 			mdb_printf(" %-?p %-?p %-?p %-?p",
866 			    co->c_idprev, co->c_idnext, co->c_clprev,
867 			    co->c_clnext);
868 			mdb_printf(" %-?p %-4d %-0?p",
869 			    co->c_done, co->c_waiting, co->c_executor);
870 		}
871 	} else {
872 		/* address only */
873 		mdb_printf("%-0p", addr);
874 	}
875 	mdb_printf("\n");
876 	return (WALK_NEXT);
877 }
878 
879 /* this callback is for callout list handling. idhash is done by callout_t_cb */
880 /*ARGSUSED*/
881 static int
882 callout_list_cb(uintptr_t addr, const void *data, void *priv)
883 {
884 	callout_data_t *coargs = (callout_data_t *)priv;
885 	callout_list_t *cl = (callout_list_t *)data;
886 	callout_t *coptr;
887 	int list_flags;
888 
889 	if ((coargs == NULL) || (cl == NULL)) {
890 		return (WALK_ERR);
891 	}
892 
893 	coargs->exp = cl->cl_expiration;
894 	coargs->list_flags = cl->cl_flags;
895 	if ((coargs->flags & COF_FREE) &&
896 	    !(cl->cl_flags & CALLOUT_LIST_FLAG_FREE)) {
897 		/*
898 		 * The callout list must have been reallocated. No point in
899 		 * walking any more.
900 		 */
901 		return (WALK_DONE);
902 	}
903 	if (!(coargs->flags & COF_FREE) &&
904 	    (cl->cl_flags & CALLOUT_LIST_FLAG_FREE)) {
905 		/*
906 		 * The callout list must have been freed. No point in
907 		 * walking any more.
908 		 */
909 		return (WALK_DONE);
910 	}
911 	if ((coargs->flags & COF_TIME) &&
912 	    (cl->cl_expiration != coargs->time)) {
913 		return (WALK_NEXT);
914 	}
915 	if ((coargs->flags & COF_BEFORE) &&
916 	    (cl->cl_expiration > coargs->btime)) {
917 		return (WALK_NEXT);
918 	}
919 	if ((coargs->flags & COF_AFTER) &&
920 	    (cl->cl_expiration < coargs->atime)) {
921 		return (WALK_NEXT);
922 	}
923 	if (!(coargs->flags & COF_EMPTY) &&
924 	    (cl->cl_callouts.ch_head == NULL)) {
925 		return (WALK_NEXT);
926 	}
927 	/* FOUR cases, each different, !A!B, !AB, A!B, AB */
928 	if ((coargs->flags & COF_HIRES) && (coargs->flags & COF_ABS)) {
929 		/* both flags are set, only skip "regular" ones */
930 		if (! (cl->cl_flags & COF_LIST_FLAGS)) {
931 			return (WALK_NEXT);
932 		}
933 	} else {
934 		if ((coargs->flags & COF_HIRES) &&
935 		    !(cl->cl_flags & CALLOUT_LIST_FLAG_HRESTIME)) {
936 			return (WALK_NEXT);
937 		}
938 		if ((coargs->flags & COF_ABS) &&
939 		    !(cl->cl_flags & CALLOUT_LIST_FLAG_ABSOLUTE)) {
940 			return (WALK_NEXT);
941 		}
942 	}
943 
944 	if ((coargs->flags & COF_LHDR) && !(coargs->flags & COF_ADDR) &&
945 	    (coargs->flags & (COF_LIST | COF_VERBOSE))) {
946 		if (!(coargs->flags & COF_VERBOSE)) {
947 			/* don't be redundant again */
948 			mdb_printf("%<u>SEQ T %</u>");
949 		}
950 		mdb_printf("%<u>EXP            HA BUCKET "
951 		    "CALLOUTS         %</u>");
952 
953 		if (coargs->flags & COF_LONGLIST) {
954 			mdb_printf("%<u> %-?s %-?s%</u>",
955 			    "PREV", "NEXT");
956 		}
957 		mdb_printf("\n");
958 		coargs->flags &= ~COF_LHDR;
959 		coargs->flags |= (COF_THDR | COF_CHDR);
960 	}
961 	if (coargs->flags & (COF_LIST | COF_VERBOSE)) {
962 		if (!(coargs->flags & COF_ADDR)) {
963 			if (!(coargs->flags & COF_VERBOSE)) {
964 				mdb_printf("%3d %1s ",
965 				    TABLE_TO_SEQID(coargs->ndx),
966 				    co_typenames[coargs->ndx &
967 				    CALLOUT_TYPE_MASK]);
968 			}
969 
970 			list_flags = coargs->list_flags;
971 			mdb_printf("%-14llx %1s%1s %-6d %-0?p ",
972 			    (coargs->flags & COF_EXPREL) ?
973 			    coargs->exp - coargs->now : coargs->exp,
974 			    (list_flags & CALLOUT_LIST_FLAG_HRESTIME) ?
975 			    "H" : " ",
976 			    (list_flags & CALLOUT_LIST_FLAG_ABSOLUTE) ?
977 			    "A" : " ",
978 			    coargs->bucket, cl->cl_callouts.ch_head);
979 
980 			if (coargs->flags & COF_LONGLIST) {
981 				mdb_printf(" %-?p %-?p",
982 				    cl->cl_prev, cl->cl_next);
983 			}
984 		} else {
985 			/* address only */
986 			mdb_printf("%-0p", addr);
987 		}
988 		mdb_printf("\n");
989 		if (coargs->flags & COF_LIST) {
990 			return (WALK_NEXT);
991 		}
992 	}
993 	/* yet another layer as we walk the actual callouts via list. */
994 	if (cl->cl_callouts.ch_head == NULL) {
995 		return (WALK_NEXT);
996 	}
997 	/* free list structures do not have valid callouts off of them. */
998 	if (coargs->flags & COF_FREE) {
999 		return (WALK_NEXT);
1000 	}
1001 	coptr = (callout_t *)cl->cl_callouts.ch_head;
1002 
1003 	if (coargs->flags & COF_VERBOSE) {
1004 		mdb_inc_indent(4);
1005 	}
1006 	/*
1007 	 * walk callouts using yet another callback routine.
1008 	 * we use callouts_bytime because id hash is handled via
1009 	 * the callout_t_cb callback.
1010 	 */
1011 	if (mdb_pwalk("callouts_bytime", callouts_cb, coargs,
1012 	    (uintptr_t)coptr) == -1) {
1013 		mdb_warn("cannot walk callouts at %p", coptr);
1014 		return (WALK_ERR);
1015 	}
1016 	if (coargs->flags & COF_VERBOSE) {
1017 		mdb_dec_indent(4);
1018 	}
1019 
1020 	return (WALK_NEXT);
1021 }
1022 
1023 /* this callback handles the details of callout table walking. */
1024 static int
1025 callout_t_cb(uintptr_t addr, const void *data, void *priv)
1026 {
1027 	callout_data_t *coargs = (callout_data_t *)priv;
1028 	cot_data_t *cotwd = (cot_data_t *)data;
1029 	callout_table_t *ct = &(cotwd->ct);
1030 	int index, seqid, cotype;
1031 	int i;
1032 	callout_list_t *clptr;
1033 	callout_t *coptr;
1034 
1035 	if ((coargs == NULL) || (ct == NULL) || (coargs->co_table == NULL)) {
1036 		return (WALK_ERR);
1037 	}
1038 
1039 	index =  ((char *)addr - (char *)coargs->co_table) /
1040 	    sizeof (callout_table_t);
1041 	cotype = index & CALLOUT_TYPE_MASK;
1042 	seqid = TABLE_TO_SEQID(index);
1043 
1044 	if ((coargs->flags & COF_SEQID) && (coargs->seqid != seqid)) {
1045 		return (WALK_NEXT);
1046 	}
1047 
1048 	if (!(coargs->flags & COF_REAL) && (cotype == CALLOUT_REALTIME)) {
1049 		return (WALK_NEXT);
1050 	}
1051 
1052 	if (!(coargs->flags & COF_NORM) && (cotype == CALLOUT_NORMAL)) {
1053 		return (WALK_NEXT);
1054 	}
1055 
1056 	if (!(coargs->flags & COF_EMPTY) && (
1057 	    (ct->ct_heap == NULL) || (ct->ct_cyclic == NULL))) {
1058 		return (WALK_NEXT);
1059 	}
1060 
1061 	if ((coargs->flags & COF_THDR) && !(coargs->flags & COF_ADDR) &&
1062 	    (coargs->flags & (COF_TABLE | COF_VERBOSE))) {
1063 		/* print table hdr */
1064 		mdb_printf("%<u>%-3s %-1s %-?s %-?s %-?s %-?s%</u>",
1065 		    "SEQ", "T", "FREE", "LFREE", "CYCLIC", "HEAP");
1066 		coargs->flags &= ~COF_THDR;
1067 		coargs->flags |= (COF_LHDR | COF_CHDR);
1068 		if (coargs->flags & COF_LONGLIST) {
1069 			/* more info! */
1070 			mdb_printf("%<u> %-T%-7s %-7s %-?s %-?s"
1071 			    " %-?s %-?s %-?s%</u>",
1072 			    "HEAPNUM", "HEAPMAX", "TASKQ", "EXPQ",
1073 			    "PEND", "FREE", "LOCK");
1074 		}
1075 		mdb_printf("\n");
1076 	}
1077 	if (coargs->flags & (COF_TABLE | COF_VERBOSE)) {
1078 		if (!(coargs->flags & COF_ADDR)) {
1079 			mdb_printf("%-3d %-1s %-0?p %-0?p %-0?p %-?p",
1080 			    seqid, co_typenames[cotype],
1081 			    ct->ct_free, ct->ct_lfree, ct->ct_cyclic,
1082 			    ct->ct_heap);
1083 			if (coargs->flags & COF_LONGLIST)  {
1084 				/* more info! */
1085 				mdb_printf(" %-7d %-7d %-?p %-?p"
1086 				    " %-?lld %-?lld %-?p",
1087 				    ct->ct_heap_num,  ct->ct_heap_max,
1088 				    ct->ct_taskq, ct->ct_expired.ch_head,
1089 				    cotwd->ct_timeouts_pending,
1090 				    cotwd->ct_allocations -
1091 				    cotwd->ct_timeouts_pending,
1092 				    ct->ct_mutex);
1093 			}
1094 		} else {
1095 			/* address only */
1096 			mdb_printf("%-0?p", addr);
1097 		}
1098 		mdb_printf("\n");
1099 		if (coargs->flags & COF_TABLE) {
1100 			return (WALK_NEXT);
1101 		}
1102 	}
1103 
1104 	coargs->ndx = index;
1105 	if (coargs->flags & COF_VERBOSE) {
1106 		mdb_inc_indent(4);
1107 	}
1108 	/* keep digging. */
1109 	if (!(coargs->flags & COF_BYIDH)) {
1110 		/* walk the list hash table */
1111 		if (coargs->flags & COF_FREE) {
1112 			clptr = ct->ct_lfree;
1113 			coargs->bucket = 0;
1114 			if (clptr == NULL) {
1115 				return (WALK_NEXT);
1116 			}
1117 			if (mdb_pwalk("callout_list", callout_list_cb, coargs,
1118 			    (uintptr_t)clptr) == -1) {
1119 				mdb_warn("cannot walk callout free list at %p",
1120 				    clptr);
1121 				return (WALK_ERR);
1122 			}
1123 		} else {
1124 			/* first print the expired list. */
1125 			clptr = (callout_list_t *)ct->ct_expired.ch_head;
1126 			if (clptr != NULL) {
1127 				coargs->bucket = -1;
1128 				if (mdb_pwalk("callout_list", callout_list_cb,
1129 				    coargs, (uintptr_t)clptr) == -1) {
1130 					mdb_warn("cannot walk callout_list"
1131 					    " at %p", clptr);
1132 					return (WALK_ERR);
1133 				}
1134 			}
1135 			for (i = 0; i < CALLOUT_BUCKETS; i++) {
1136 				if (ct->ct_clhash == NULL) {
1137 					/* nothing to do */
1138 					break;
1139 				}
1140 				if (cotwd->cot_clhash[i].ch_head == NULL) {
1141 					continue;
1142 				}
1143 				clptr = (callout_list_t *)
1144 				    cotwd->cot_clhash[i].ch_head;
1145 				coargs->bucket = i;
1146 				/* walk list with callback routine. */
1147 				if (mdb_pwalk("callout_list", callout_list_cb,
1148 				    coargs, (uintptr_t)clptr) == -1) {
1149 					mdb_warn("cannot walk callout_list"
1150 					    " at %p", clptr);
1151 					return (WALK_ERR);
1152 				}
1153 			}
1154 		}
1155 	} else {
1156 		/* walk the id hash table. */
1157 		if (coargs->flags & COF_FREE) {
1158 			coptr = ct->ct_free;
1159 			coargs->bucket = 0;
1160 			if (coptr == NULL) {
1161 				return (WALK_NEXT);
1162 			}
1163 			if (mdb_pwalk("callouts_byid", callouts_cb, coargs,
1164 			    (uintptr_t)coptr) == -1) {
1165 				mdb_warn("cannot walk callout id free list"
1166 				    " at %p", coptr);
1167 				return (WALK_ERR);
1168 			}
1169 		} else {
1170 			for (i = 0; i < CALLOUT_BUCKETS; i++) {
1171 				if (ct->ct_idhash == NULL) {
1172 					break;
1173 				}
1174 				coptr = (callout_t *)
1175 				    cotwd->cot_idhash[i].ch_head;
1176 				if (coptr == NULL) {
1177 					continue;
1178 				}
1179 				coargs->bucket = i;
1180 
1181 				/*
1182 				 * walk callouts directly by id. For id
1183 				 * chain, the callout list is just a header,
1184 				 * so there's no need to walk it.
1185 				 */
1186 				if (mdb_pwalk("callouts_byid", callouts_cb,
1187 				    coargs, (uintptr_t)coptr) == -1) {
1188 					mdb_warn("cannot walk callouts at %p",
1189 					    coptr);
1190 					return (WALK_ERR);
1191 				}
1192 			}
1193 		}
1194 	}
1195 	if (coargs->flags & COF_VERBOSE) {
1196 		mdb_dec_indent(4);
1197 	}
1198 	return (WALK_NEXT);
1199 }
1200 
1201 /*
1202  * initialize some common info for both callout dcmds.
1203  */
1204 int
1205 callout_common_init(callout_data_t *coargs)
1206 {
1207 	/* we need a couple of things */
1208 	if (mdb_readvar(&(coargs->co_table), "callout_table") == -1) {
1209 		mdb_warn("failed to read 'callout_table'");
1210 		return (DCMD_ERR);
1211 	}
1212 	/* need to get now in nsecs. Approximate with hrtime vars */
1213 	if (mdb_readsym(&(coargs->now), sizeof (hrtime_t), "hrtime_last") !=
1214 	    sizeof (hrtime_t)) {
1215 		if (mdb_readsym(&(coargs->now), sizeof (hrtime_t),
1216 		    "hrtime_base") != sizeof (hrtime_t)) {
1217 			mdb_warn("Could not determine current system time");
1218 			return (DCMD_ERR);
1219 		}
1220 	}
1221 
1222 	if (mdb_readvar(&(coargs->ctbits), "callout_table_bits") == -1) {
1223 		mdb_warn("failed to read 'callout_table_bits'");
1224 		return (DCMD_ERR);
1225 	}
1226 	if (mdb_readvar(&(coargs->nsec_per_tick), "nsec_per_tick") == -1) {
1227 		mdb_warn("failed to read 'nsec_per_tick'");
1228 		return (DCMD_ERR);
1229 	}
1230 	return (DCMD_OK);
1231 }
1232 
1233 /*
1234  * dcmd to print callouts.  Optional addr limits to specific table.
1235  * Parses lots of options that get passed to callbacks for walkers.
1236  * Has it's own help function.
1237  */
1238 /*ARGSUSED*/
1239 int
1240 callout(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1241 {
1242 	callout_data_t coargs;
1243 	/* getopts doesn't help much with stuff like this */
1244 	boolean_t Sflag, Cflag, tflag, aflag, bflag, dflag, kflag;
1245 	char *funcname = NULL;
1246 	char *paramstr = NULL;
1247 	uintptr_t Stmp, Ctmp;	/* for getopt. */
1248 	int retval;
1249 
1250 	coargs.flags = COF_DEFAULT;
1251 	Sflag = Cflag = tflag = bflag = aflag = dflag = kflag = FALSE;
1252 	coargs.seqid = -1;
1253 
1254 	if (mdb_getopts(argc, argv,
1255 	    'r', MDB_OPT_CLRBITS, COF_NORM, &coargs.flags,
1256 	    'n', MDB_OPT_CLRBITS, COF_REAL, &coargs.flags,
1257 	    'l', MDB_OPT_CLRBITS, COF_SHORT, &coargs.flags,
1258 	    's', MDB_OPT_CLRBITS, COF_LONG, &coargs.flags,
1259 	    'x', MDB_OPT_SETBITS, COF_EXEC, &coargs.flags,
1260 	    'h', MDB_OPT_SETBITS, COF_HIRES, &coargs.flags,
1261 	    'B', MDB_OPT_SETBITS, COF_ABS, &coargs.flags,
1262 	    'E', MDB_OPT_SETBITS, COF_EMPTY, &coargs.flags,
1263 	    'd', MDB_OPT_SETBITS, 1, &dflag,
1264 	    'C', MDB_OPT_UINTPTR_SET, &Cflag, &Ctmp,
1265 	    'S', MDB_OPT_UINTPTR_SET, &Sflag, &Stmp,
1266 	    't', MDB_OPT_UINTPTR_SET, &tflag, (uintptr_t *)&coargs.time,
1267 	    'a', MDB_OPT_UINTPTR_SET, &aflag, (uintptr_t *)&coargs.atime,
1268 	    'b', MDB_OPT_UINTPTR_SET, &bflag, (uintptr_t *)&coargs.btime,
1269 	    'k', MDB_OPT_SETBITS, 1, &kflag,
1270 	    'f', MDB_OPT_STR, &funcname,
1271 	    'p', MDB_OPT_STR, &paramstr,
1272 	    'T', MDB_OPT_SETBITS, COF_TABLE, &coargs.flags,
1273 	    'D', MDB_OPT_SETBITS, COF_EXPREL, &coargs.flags,
1274 	    'L', MDB_OPT_SETBITS, COF_LIST, &coargs.flags,
1275 	    'V', MDB_OPT_SETBITS, COF_VERBOSE, &coargs.flags,
1276 	    'v', MDB_OPT_SETBITS, COF_LONGLIST, &coargs.flags,
1277 	    'i', MDB_OPT_SETBITS, COF_BYIDH, &coargs.flags,
1278 	    'F', MDB_OPT_SETBITS, COF_FREE, &coargs.flags,
1279 	    'A', MDB_OPT_SETBITS, COF_ADDR, &coargs.flags,
1280 	    NULL) != argc) {
1281 		return (DCMD_USAGE);
1282 	}
1283 
1284 	/* initialize from kernel variables */
1285 	if ((retval = callout_common_init(&coargs)) != DCMD_OK) {
1286 		return (retval);
1287 	}
1288 
1289 	/* do some option post-processing */
1290 	if (kflag) {
1291 		coargs.time *= coargs.nsec_per_tick;
1292 		coargs.atime *= coargs.nsec_per_tick;
1293 		coargs.btime *= coargs.nsec_per_tick;
1294 	}
1295 
1296 	if (dflag) {
1297 		coargs.time += coargs.now;
1298 		coargs.atime += coargs.now;
1299 		coargs.btime += coargs.now;
1300 	}
1301 	if (Sflag) {
1302 		if (flags & DCMD_ADDRSPEC) {
1303 			mdb_printf("-S option conflicts with explicit"
1304 			    " address\n");
1305 			return (DCMD_USAGE);
1306 		}
1307 		coargs.flags |= COF_SEQID;
1308 		coargs.seqid = (int)Stmp;
1309 	}
1310 	if (Cflag) {
1311 		if (flags & DCMD_ADDRSPEC) {
1312 			mdb_printf("-C option conflicts with explicit"
1313 			    " address\n");
1314 			return (DCMD_USAGE);
1315 		}
1316 		if (coargs.flags & COF_SEQID) {
1317 			mdb_printf("-C and -S are mutually exclusive\n");
1318 			return (DCMD_USAGE);
1319 		}
1320 		coargs.cpu = (cpu_t *)Ctmp;
1321 		if (mdb_vread(&coargs.seqid, sizeof (processorid_t),
1322 		    (uintptr_t)&(coargs.cpu->cpu_seqid)) == -1) {
1323 			mdb_warn("failed to read cpu_t at %p", Ctmp);
1324 			return (DCMD_ERR);
1325 		}
1326 		coargs.flags |= COF_SEQID;
1327 	}
1328 	/* avoid null outputs. */
1329 	if (!(coargs.flags & (COF_REAL | COF_NORM))) {
1330 		coargs.flags |= COF_REAL | COF_NORM;
1331 	}
1332 	if (!(coargs.flags & (COF_LONG | COF_SHORT))) {
1333 		coargs.flags |= COF_LONG | COF_SHORT;
1334 	}
1335 	if (tflag) {
1336 		if (aflag || bflag) {
1337 			mdb_printf("-t and -a|b are mutually exclusive\n");
1338 			return (DCMD_USAGE);
1339 		}
1340 		coargs.flags |= COF_TIME;
1341 	}
1342 	if (aflag) {
1343 		coargs.flags |= COF_AFTER;
1344 	}
1345 	if (bflag) {
1346 		coargs.flags |= COF_BEFORE;
1347 	}
1348 	if ((aflag && bflag) && (coargs.btime <= coargs.atime)) {
1349 		mdb_printf("value for -a must be earlier than the value"
1350 		    " for -b.\n");
1351 		return (DCMD_USAGE);
1352 	}
1353 
1354 	if (funcname != NULL) {
1355 		GElf_Sym sym;
1356 
1357 		if (mdb_lookup_by_name(funcname, &sym) != 0) {
1358 			coargs.funcaddr = mdb_strtoull(funcname);
1359 		} else {
1360 			coargs.funcaddr = sym.st_value;
1361 		}
1362 		coargs.flags |= COF_FUNC;
1363 	}
1364 
1365 	if (paramstr != NULL) {
1366 		GElf_Sym sym;
1367 
1368 		if (mdb_lookup_by_name(paramstr, &sym) != 0) {
1369 			coargs.param = mdb_strtoull(paramstr);
1370 		} else {
1371 			coargs.param = sym.st_value;
1372 		}
1373 		coargs.flags |= COF_PARAM;
1374 	}
1375 
1376 	if (!(flags & DCMD_ADDRSPEC)) {
1377 		/* don't pass "dot" if no addr. */
1378 		addr = NULL;
1379 	}
1380 	if (addr != NULL) {
1381 		/*
1382 		 * a callout table was specified. Ignore -r|n option
1383 		 * to avoid null output.
1384 		 */
1385 		coargs.flags |= (COF_REAL | COF_NORM);
1386 	}
1387 
1388 	if (DCMD_HDRSPEC(flags) || (coargs.flags & COF_VERBOSE)) {
1389 		coargs.flags |= COF_THDR | COF_LHDR | COF_CHDR;
1390 	}
1391 	if (coargs.flags & COF_FREE) {
1392 		coargs.flags |= COF_EMPTY;
1393 		/* -F = free callouts, -FL = free lists */
1394 		if (!(coargs.flags & COF_LIST)) {
1395 			coargs.flags |= COF_BYIDH;
1396 		}
1397 	}
1398 
1399 	/* walk table, using specialized callback routine. */
1400 	if (mdb_pwalk("callout_table", callout_t_cb, &coargs, addr) == -1) {
1401 		mdb_warn("cannot walk callout_table");
1402 		return (DCMD_ERR);
1403 	}
1404 	return (DCMD_OK);
1405 }
1406 
1407 
1408 /*
1409  * Given an extended callout id, dump its information.
1410  */
1411 /*ARGSUSED*/
1412 int
1413 calloutid(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1414 {
1415 	callout_data_t coargs;
1416 	callout_table_t *ctptr;
1417 	callout_table_t ct;
1418 	callout_id_t coid;
1419 	callout_t *coptr;
1420 	int tableid;
1421 	callout_id_t xid;
1422 	ulong_t idhash;
1423 	int i, retval;
1424 	const mdb_arg_t *arg;
1425 	size_t size;
1426 	callout_hash_t cot_idhash[CALLOUT_BUCKETS];
1427 
1428 	coargs.flags = COF_DEFAULT | COF_BYIDH;
1429 	i = mdb_getopts(argc, argv,
1430 	    'd', MDB_OPT_SETBITS, COF_DECODE, &coargs.flags,
1431 	    'v', MDB_OPT_SETBITS, COF_LONGLIST, &coargs.flags,
1432 	    NULL);
1433 	argc -= i;
1434 	argv += i;
1435 
1436 	if (argc != 1) {
1437 		return (DCMD_USAGE);
1438 	}
1439 	arg = &argv[0];
1440 
1441 	if (arg->a_type == MDB_TYPE_IMMEDIATE) {
1442 		xid = arg->a_un.a_val;
1443 	} else {
1444 		xid = (callout_id_t)mdb_strtoull(arg->a_un.a_str);
1445 	}
1446 
1447 	if (DCMD_HDRSPEC(flags)) {
1448 		coargs.flags |= COF_CHDR;
1449 	}
1450 
1451 
1452 	/* initialize from kernel variables */
1453 	if ((retval = callout_common_init(&coargs)) != DCMD_OK) {
1454 		return (retval);
1455 	}
1456 
1457 	/* we must massage the environment so that the macros will play nice */
1458 #define	callout_table_mask	((1 << coargs.ctbits) - 1)
1459 #define	callout_table_bits	coargs.ctbits
1460 #define	nsec_per_tick		coargs.nsec_per_tick
1461 	tableid = CALLOUT_ID_TO_TABLE(xid);
1462 	idhash = CALLOUT_IDHASH(xid);
1463 #undef	callouts_table_bits
1464 #undef	callout_table_mask
1465 #undef	nsec_per_tick
1466 	coid = CO_PLAIN_ID(xid);
1467 
1468 	if (flags & DCMD_ADDRSPEC) {
1469 		mdb_printf("calloutid does not accept explicit address.\n");
1470 		return (DCMD_USAGE);
1471 	}
1472 
1473 	if (coargs.flags & COF_DECODE) {
1474 		if (DCMD_HDRSPEC(flags)) {
1475 			mdb_printf("%<u>%3s %1s %2s %-?s %-6s %</u>\n",
1476 			    "SEQ", "T", "XL", "XID", "IDHASH");
1477 		}
1478 		mdb_printf("%-3d %1s %1s%1s %-?llx %-6d\n",
1479 		    TABLE_TO_SEQID(tableid),
1480 		    co_typenames[tableid & CALLOUT_TYPE_MASK],
1481 		    (xid & CALLOUT_EXECUTING) ? "X" : " ",
1482 		    (xid & CALLOUT_LONGTERM) ? "L" : " ",
1483 		    (long long)coid, idhash);
1484 		return (DCMD_OK);
1485 	}
1486 
1487 	/* get our table. Note this relies on the types being correct */
1488 	ctptr = coargs.co_table + tableid;
1489 	if (mdb_vread(&ct, sizeof (callout_table_t), (uintptr_t)ctptr) == -1) {
1490 		mdb_warn("failed to read callout_table at %p", ctptr);
1491 		return (DCMD_ERR);
1492 	}
1493 	size = sizeof (callout_hash_t) * CALLOUT_BUCKETS;
1494 	if (ct.ct_idhash != NULL) {
1495 		if (mdb_vread(&(cot_idhash), size,
1496 		    (uintptr_t)ct.ct_idhash) == -1) {
1497 			mdb_warn("failed to read id_hash at %p",
1498 			    ct.ct_idhash);
1499 			return (WALK_ERR);
1500 		}
1501 	}
1502 
1503 	/* callout at beginning of hash chain */
1504 	if (ct.ct_idhash == NULL) {
1505 		mdb_printf("id hash chain for this xid is empty\n");
1506 		return (DCMD_ERR);
1507 	}
1508 	coptr = (callout_t *)cot_idhash[idhash].ch_head;
1509 	if (coptr == NULL) {
1510 		mdb_printf("id hash chain for this xid is empty\n");
1511 		return (DCMD_ERR);
1512 	}
1513 
1514 	coargs.ndx = tableid;
1515 	coargs.bucket = idhash;
1516 
1517 	/* use the walker, luke */
1518 	if (mdb_pwalk("callouts_byid", callouts_cb, &coargs,
1519 	    (uintptr_t)coptr) == -1) {
1520 		mdb_warn("cannot walk callouts at %p", coptr);
1521 		return (WALK_ERR);
1522 	}
1523 
1524 	return (DCMD_OK);
1525 }
1526 
1527 void
1528 callout_help(void)
1529 {
1530 	mdb_printf("callout: display callouts.\n"
1531 	    "Given a callout table address, display callouts from table.\n"
1532 	    "Without an address, display callouts from all tables.\n"
1533 	    "options:\n"
1534 	    " -r|n : limit display to (r)ealtime or (n)ormal type callouts\n"
1535 	    " -s|l : limit display to (s)hort-term ids or (l)ong-term ids\n"
1536 	    " -x : limit display to callouts which are executing\n"
1537 	    " -h : limit display to callouts based on hrestime\n"
1538 	    " -B : limit display to callouts based on absolute time\n"
1539 	    " -t|a|b nsec: limit display to callouts that expire a(t) time,"
1540 	    " (a)fter time,\n     or (b)efore time. Use -a and -b together "
1541 	    " to specify a range.\n     For \"now\", use -d[t|a|b] 0.\n"
1542 	    " -d : interpret time option to -t|a|b as delta from current time\n"
1543 	    " -k : use ticks instead of nanoseconds as arguments to"
1544 	    " -t|a|b. Note that\n     ticks are less accurate and may not"
1545 	    " match other tick times (ie: lbolt).\n"
1546 	    " -D : display exiration time as delta from current time\n"
1547 	    " -S seqid : limit display to callouts for this cpu sequence id\n"
1548 	    " -C addr :  limit display to callouts for this cpu pointer\n"
1549 	    " -f name|addr : limit display to callouts with this function\n"
1550 	    " -p name|addr : limit display to callouts functions with this"
1551 	    " parameter\n"
1552 	    " -T : display the callout table itself, instead of callouts\n"
1553 	    " -L : display callout lists instead of callouts\n"
1554 	    " -E : with -T or L, display empty data structures.\n"
1555 	    " -i : traverse callouts by id hash instead of list hash\n"
1556 	    " -F : walk free callout list (free list with -i) instead\n"
1557 	    " -v : display more info for each item\n"
1558 	    " -V : show details of each level of info as it is traversed\n"
1559 	    " -A : show only addresses. Useful for pipelines.\n");
1560 }
1561 
1562 void
1563 calloutid_help(void)
1564 {
1565 	mdb_printf("calloutid: display callout by id.\n"
1566 	    "Given an extended callout id, display the callout infomation.\n"
1567 	    "options:\n"
1568 	    " -d : do not dereference callout, just decode the id.\n"
1569 	    " -v : verbose display more info about the callout\n");
1570 }
1571 
1572 /*ARGSUSED*/
1573 int
1574 class(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1575 {
1576 	long num_classes, i;
1577 	sclass_t *class_tbl;
1578 	GElf_Sym g_sclass;
1579 	char class_name[PC_CLNMSZ];
1580 	size_t tbl_size;
1581 
1582 	if (mdb_lookup_by_name("sclass", &g_sclass) == -1) {
1583 		mdb_warn("failed to find symbol sclass\n");
1584 		return (DCMD_ERR);
1585 	}
1586 
1587 	tbl_size = (size_t)g_sclass.st_size;
1588 	num_classes = tbl_size / (sizeof (sclass_t));
1589 	class_tbl = mdb_alloc(tbl_size, UM_SLEEP | UM_GC);
1590 
1591 	if (mdb_readsym(class_tbl, tbl_size, "sclass") == -1) {
1592 		mdb_warn("failed to read sclass");
1593 		return (DCMD_ERR);
1594 	}
1595 
1596 	mdb_printf("%<u>%4s %-10s %-24s %-24s%</u>\n", "SLOT", "NAME",
1597 	    "INIT FCN", "CLASS FCN");
1598 
1599 	for (i = 0; i < num_classes; i++) {
1600 		if (mdb_vread(class_name, sizeof (class_name),
1601 		    (uintptr_t)class_tbl[i].cl_name) == -1)
1602 			(void) strcpy(class_name, "???");
1603 
1604 		mdb_printf("%4ld %-10s %-24a %-24a\n", i, class_name,
1605 		    class_tbl[i].cl_init, class_tbl[i].cl_funcs);
1606 	}
1607 
1608 	return (DCMD_OK);
1609 }
1610 
1611 #define	FSNAMELEN	32	/* Max len of FS name we read from vnodeops */
1612 
1613 int
1614 vnode2path(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1615 {
1616 	uintptr_t rootdir;
1617 	vnode_t vn;
1618 	char buf[MAXPATHLEN];
1619 
1620 	uint_t opt_F = FALSE;
1621 
1622 	if (mdb_getopts(argc, argv,
1623 	    'F', MDB_OPT_SETBITS, TRUE, &opt_F, NULL) != argc)
1624 		return (DCMD_USAGE);
1625 
1626 	if (!(flags & DCMD_ADDRSPEC)) {
1627 		mdb_warn("expected explicit vnode_t address before ::\n");
1628 		return (DCMD_USAGE);
1629 	}
1630 
1631 	if (mdb_readvar(&rootdir, "rootdir") == -1) {
1632 		mdb_warn("failed to read rootdir");
1633 		return (DCMD_ERR);
1634 	}
1635 
1636 	if (mdb_vnode2path(addr, buf, sizeof (buf)) == -1)
1637 		return (DCMD_ERR);
1638 
1639 	if (*buf == '\0') {
1640 		mdb_printf("??\n");
1641 		return (DCMD_OK);
1642 	}
1643 
1644 	mdb_printf("%s", buf);
1645 	if (opt_F && buf[strlen(buf)-1] != '/' &&
1646 	    mdb_vread(&vn, sizeof (vn), addr) == sizeof (vn))
1647 		mdb_printf("%c", mdb_vtype2chr(vn.v_type, 0));
1648 	mdb_printf("\n");
1649 
1650 	return (DCMD_OK);
1651 }
1652 
1653 int
1654 ld_walk_init(mdb_walk_state_t *wsp)
1655 {
1656 	wsp->walk_data = (void *)wsp->walk_addr;
1657 	return (WALK_NEXT);
1658 }
1659 
1660 int
1661 ld_walk_step(mdb_walk_state_t *wsp)
1662 {
1663 	int status;
1664 	lock_descriptor_t ld;
1665 
1666 	if (mdb_vread(&ld, sizeof (lock_descriptor_t), wsp->walk_addr) == -1) {
1667 		mdb_warn("couldn't read lock_descriptor_t at %p\n",
1668 		    wsp->walk_addr);
1669 		return (WALK_ERR);
1670 	}
1671 
1672 	status = wsp->walk_callback(wsp->walk_addr, &ld, wsp->walk_cbdata);
1673 	if (status == WALK_ERR)
1674 		return (WALK_ERR);
1675 
1676 	wsp->walk_addr = (uintptr_t)ld.l_next;
1677 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data)
1678 		return (WALK_DONE);
1679 
1680 	return (status);
1681 }
1682 
1683 int
1684 lg_walk_init(mdb_walk_state_t *wsp)
1685 {
1686 	GElf_Sym sym;
1687 
1688 	if (mdb_lookup_by_name("lock_graph", &sym) == -1) {
1689 		mdb_warn("failed to find symbol 'lock_graph'\n");
1690 		return (WALK_ERR);
1691 	}
1692 
1693 	wsp->walk_addr = (uintptr_t)sym.st_value;
1694 	wsp->walk_data = (void *)(uintptr_t)(sym.st_value + sym.st_size);
1695 
1696 	return (WALK_NEXT);
1697 }
1698 
1699 typedef struct lg_walk_data {
1700 	uintptr_t startaddr;
1701 	mdb_walk_cb_t callback;
1702 	void *data;
1703 } lg_walk_data_t;
1704 
1705 /*
1706  * We can't use ::walk lock_descriptor directly, because the head of each graph
1707  * is really a dummy lock.  Rather than trying to dynamically determine if this
1708  * is a dummy node or not, we just filter out the initial element of the
1709  * list.
1710  */
1711 static int
1712 lg_walk_cb(uintptr_t addr, const void *data, void *priv)
1713 {
1714 	lg_walk_data_t *lw = priv;
1715 
1716 	if (addr != lw->startaddr)
1717 		return (lw->callback(addr, data, lw->data));
1718 
1719 	return (WALK_NEXT);
1720 }
1721 
1722 int
1723 lg_walk_step(mdb_walk_state_t *wsp)
1724 {
1725 	graph_t *graph;
1726 	lg_walk_data_t lw;
1727 
1728 	if (wsp->walk_addr >= (uintptr_t)wsp->walk_data)
1729 		return (WALK_DONE);
1730 
1731 	if (mdb_vread(&graph, sizeof (graph), wsp->walk_addr) == -1) {
1732 		mdb_warn("failed to read graph_t at %p", wsp->walk_addr);
1733 		return (WALK_ERR);
1734 	}
1735 
1736 	wsp->walk_addr += sizeof (graph);
1737 
1738 	if (graph == NULL)
1739 		return (WALK_NEXT);
1740 
1741 	lw.callback = wsp->walk_callback;
1742 	lw.data = wsp->walk_cbdata;
1743 
1744 	lw.startaddr = (uintptr_t)&(graph->active_locks);
1745 	if (mdb_pwalk("lock_descriptor", lg_walk_cb, &lw, lw.startaddr)) {
1746 		mdb_warn("couldn't walk lock_descriptor at %p\n", lw.startaddr);
1747 		return (WALK_ERR);
1748 	}
1749 
1750 	lw.startaddr = (uintptr_t)&(graph->sleeping_locks);
1751 	if (mdb_pwalk("lock_descriptor", lg_walk_cb, &lw, lw.startaddr)) {
1752 		mdb_warn("couldn't walk lock_descriptor at %p\n", lw.startaddr);
1753 		return (WALK_ERR);
1754 	}
1755 
1756 	return (WALK_NEXT);
1757 }
1758 
1759 /*
1760  * The space available for the path corresponding to the locked vnode depends
1761  * on whether we are printing 32- or 64-bit addresses.
1762  */
1763 #ifdef _LP64
1764 #define	LM_VNPATHLEN	20
1765 #else
1766 #define	LM_VNPATHLEN	30
1767 #endif
1768 
1769 /*ARGSUSED*/
1770 static int
1771 lminfo_cb(uintptr_t addr, const void *data, void *priv)
1772 {
1773 	const lock_descriptor_t *ld = data;
1774 	char buf[LM_VNPATHLEN];
1775 	proc_t p;
1776 
1777 	mdb_printf("%-?p %2s %04x %6d %-16s %-?p ",
1778 	    addr, ld->l_type == F_RDLCK ? "RD" :
1779 	    ld->l_type == F_WRLCK ? "WR" : "??",
1780 	    ld->l_state, ld->l_flock.l_pid,
1781 	    ld->l_flock.l_pid == 0 ? "<kernel>" :
1782 	    mdb_pid2proc(ld->l_flock.l_pid, &p) == NULL ?
1783 	    "<defunct>" : p.p_user.u_comm,
1784 	    ld->l_vnode);
1785 
1786 	mdb_vnode2path((uintptr_t)ld->l_vnode, buf,
1787 	    sizeof (buf));
1788 	mdb_printf("%s\n", buf);
1789 
1790 	return (WALK_NEXT);
1791 }
1792 
1793 /*ARGSUSED*/
1794 int
1795 lminfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1796 {
1797 	if (DCMD_HDRSPEC(flags))
1798 		mdb_printf("%<u>%-?s %2s %4s %6s %-16s %-?s %s%</u>\n",
1799 		    "ADDR", "TP", "FLAG", "PID", "COMM", "VNODE", "PATH");
1800 
1801 	return (mdb_pwalk("lock_graph", lminfo_cb, NULL, NULL));
1802 }
1803 
1804 /*ARGSUSED*/
1805 int
1806 seg(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1807 {
1808 	struct seg s;
1809 
1810 	if (argc != 0)
1811 		return (DCMD_USAGE);
1812 
1813 	if ((flags & DCMD_LOOPFIRST) || !(flags & DCMD_LOOP)) {
1814 		mdb_printf("%<u>%?s %?s %?s %?s %s%</u>\n",
1815 		    "SEG", "BASE", "SIZE", "DATA", "OPS");
1816 	}
1817 
1818 	if (mdb_vread(&s, sizeof (s), addr) == -1) {
1819 		mdb_warn("failed to read seg at %p", addr);
1820 		return (DCMD_ERR);
1821 	}
1822 
1823 	mdb_printf("%?p %?p %?lx %?p %a\n",
1824 	    addr, s.s_base, s.s_size, s.s_data, s.s_ops);
1825 
1826 	return (DCMD_OK);
1827 }
1828 
1829 /*ARGSUSED*/
1830 static int
1831 pmap_walk_anon(uintptr_t addr, const struct anon *anon, int *nres)
1832 {
1833 	uintptr_t pp =
1834 	    mdb_vnode2page((uintptr_t)anon->an_vp, (uintptr_t)anon->an_off);
1835 
1836 	if (pp != NULL)
1837 		(*nres)++;
1838 
1839 	return (WALK_NEXT);
1840 }
1841 
1842 static int
1843 pmap_walk_seg(uintptr_t addr, const struct seg *seg, uintptr_t segvn)
1844 {
1845 
1846 	mdb_printf("%0?p %0?p %7dk", addr, seg->s_base, seg->s_size / 1024);
1847 
1848 	if (segvn == (uintptr_t)seg->s_ops) {
1849 		struct segvn_data svn;
1850 		int nres = 0;
1851 
1852 		(void) mdb_vread(&svn, sizeof (svn), (uintptr_t)seg->s_data);
1853 
1854 		if (svn.amp == NULL) {
1855 			mdb_printf(" %8s", "");
1856 			goto drive_on;
1857 		}
1858 
1859 		/*
1860 		 * We've got an amp for this segment; walk through
1861 		 * the amp, and determine mappings.
1862 		 */
1863 		if (mdb_pwalk("anon", (mdb_walk_cb_t)pmap_walk_anon,
1864 		    &nres, (uintptr_t)svn.amp) == -1)
1865 			mdb_warn("failed to walk anon (amp=%p)", svn.amp);
1866 
1867 		mdb_printf(" %7dk", (nres * PAGESIZE) / 1024);
1868 drive_on:
1869 
1870 		if (svn.vp != NULL) {
1871 			char buf[29];
1872 
1873 			mdb_vnode2path((uintptr_t)svn.vp, buf, sizeof (buf));
1874 			mdb_printf(" %s", buf);
1875 		} else
1876 			mdb_printf(" [ anon ]");
1877 	}
1878 
1879 	mdb_printf("\n");
1880 	return (WALK_NEXT);
1881 }
1882 
1883 static int
1884 pmap_walk_seg_quick(uintptr_t addr, const struct seg *seg, uintptr_t segvn)
1885 {
1886 	mdb_printf("%0?p %0?p %7dk", addr, seg->s_base, seg->s_size / 1024);
1887 
1888 	if (segvn == (uintptr_t)seg->s_ops) {
1889 		struct segvn_data svn;
1890 
1891 		(void) mdb_vread(&svn, sizeof (svn), (uintptr_t)seg->s_data);
1892 
1893 		if (svn.vp != NULL) {
1894 			mdb_printf(" %0?p", svn.vp);
1895 		} else {
1896 			mdb_printf(" [ anon ]");
1897 		}
1898 	}
1899 
1900 	mdb_printf("\n");
1901 	return (WALK_NEXT);
1902 }
1903 
1904 /*ARGSUSED*/
1905 int
1906 pmap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1907 {
1908 	uintptr_t segvn;
1909 	proc_t proc;
1910 	uint_t quick = FALSE;
1911 	mdb_walk_cb_t cb = (mdb_walk_cb_t)pmap_walk_seg;
1912 
1913 	GElf_Sym sym;
1914 
1915 	if (!(flags & DCMD_ADDRSPEC))
1916 		return (DCMD_USAGE);
1917 
1918 	if (mdb_getopts(argc, argv,
1919 	    'q', MDB_OPT_SETBITS, TRUE, &quick, NULL) != argc)
1920 		return (DCMD_USAGE);
1921 
1922 	if (mdb_vread(&proc, sizeof (proc), addr) == -1) {
1923 		mdb_warn("failed to read proc at %p", addr);
1924 		return (DCMD_ERR);
1925 	}
1926 
1927 	if (mdb_lookup_by_name("segvn_ops", &sym) == 0)
1928 		segvn = (uintptr_t)sym.st_value;
1929 	else
1930 		segvn = NULL;
1931 
1932 	mdb_printf("%?s %?s %8s ", "SEG", "BASE", "SIZE");
1933 
1934 	if (quick) {
1935 		mdb_printf("VNODE\n");
1936 		cb = (mdb_walk_cb_t)pmap_walk_seg_quick;
1937 	} else {
1938 		mdb_printf("%8s %s\n", "RES", "PATH");
1939 	}
1940 
1941 	if (mdb_pwalk("seg", cb, (void *)segvn, (uintptr_t)proc.p_as) == -1) {
1942 		mdb_warn("failed to walk segments of as %p", proc.p_as);
1943 		return (DCMD_ERR);
1944 	}
1945 
1946 	return (DCMD_OK);
1947 }
1948 
1949 typedef struct anon_walk_data {
1950 	uintptr_t *aw_levone;
1951 	uintptr_t *aw_levtwo;
1952 	int aw_nlevone;
1953 	int aw_levone_ndx;
1954 	int aw_levtwo_ndx;
1955 	struct anon_map aw_amp;
1956 	struct anon_hdr aw_ahp;
1957 } anon_walk_data_t;
1958 
1959 int
1960 anon_walk_init(mdb_walk_state_t *wsp)
1961 {
1962 	anon_walk_data_t *aw;
1963 
1964 	if (wsp->walk_addr == NULL) {
1965 		mdb_warn("anon walk doesn't support global walks\n");
1966 		return (WALK_ERR);
1967 	}
1968 
1969 	aw = mdb_alloc(sizeof (anon_walk_data_t), UM_SLEEP);
1970 
1971 	if (mdb_vread(&aw->aw_amp, sizeof (aw->aw_amp), wsp->walk_addr) == -1) {
1972 		mdb_warn("failed to read anon map at %p", wsp->walk_addr);
1973 		mdb_free(aw, sizeof (anon_walk_data_t));
1974 		return (WALK_ERR);
1975 	}
1976 
1977 	if (mdb_vread(&aw->aw_ahp, sizeof (aw->aw_ahp),
1978 	    (uintptr_t)(aw->aw_amp.ahp)) == -1) {
1979 		mdb_warn("failed to read anon hdr ptr at %p", aw->aw_amp.ahp);
1980 		mdb_free(aw, sizeof (anon_walk_data_t));
1981 		return (WALK_ERR);
1982 	}
1983 
1984 	if (aw->aw_ahp.size <= ANON_CHUNK_SIZE ||
1985 	    (aw->aw_ahp.flags & ANON_ALLOC_FORCE)) {
1986 		aw->aw_nlevone = aw->aw_ahp.size;
1987 		aw->aw_levtwo = NULL;
1988 	} else {
1989 		aw->aw_nlevone =
1990 		    (aw->aw_ahp.size + ANON_CHUNK_OFF) >> ANON_CHUNK_SHIFT;
1991 		aw->aw_levtwo =
1992 		    mdb_zalloc(ANON_CHUNK_SIZE * sizeof (uintptr_t), UM_SLEEP);
1993 	}
1994 
1995 	aw->aw_levone =
1996 	    mdb_alloc(aw->aw_nlevone * sizeof (uintptr_t), UM_SLEEP);
1997 
1998 	aw->aw_levone_ndx = 0;
1999 	aw->aw_levtwo_ndx = 0;
2000 
2001 	mdb_vread(aw->aw_levone, aw->aw_nlevone * sizeof (uintptr_t),
2002 	    (uintptr_t)aw->aw_ahp.array_chunk);
2003 
2004 	if (aw->aw_levtwo != NULL) {
2005 		while (aw->aw_levone[aw->aw_levone_ndx] == NULL) {
2006 			aw->aw_levone_ndx++;
2007 			if (aw->aw_levone_ndx == aw->aw_nlevone) {
2008 				mdb_warn("corrupt anon; couldn't"
2009 				    "find ptr to lev two map");
2010 				goto out;
2011 			}
2012 		}
2013 
2014 		mdb_vread(aw->aw_levtwo, ANON_CHUNK_SIZE * sizeof (uintptr_t),
2015 		    aw->aw_levone[aw->aw_levone_ndx]);
2016 	}
2017 
2018 out:
2019 	wsp->walk_data = aw;
2020 	return (0);
2021 }
2022 
2023 int
2024 anon_walk_step(mdb_walk_state_t *wsp)
2025 {
2026 	int status;
2027 	anon_walk_data_t *aw = (anon_walk_data_t *)wsp->walk_data;
2028 	struct anon anon;
2029 	uintptr_t anonptr;
2030 
2031 again:
2032 	/*
2033 	 * Once we've walked through level one, we're done.
2034 	 */
2035 	if (aw->aw_levone_ndx == aw->aw_nlevone)
2036 		return (WALK_DONE);
2037 
2038 	if (aw->aw_levtwo == NULL) {
2039 		anonptr = aw->aw_levone[aw->aw_levone_ndx];
2040 		aw->aw_levone_ndx++;
2041 	} else {
2042 		anonptr = aw->aw_levtwo[aw->aw_levtwo_ndx];
2043 		aw->aw_levtwo_ndx++;
2044 
2045 		if (aw->aw_levtwo_ndx == ANON_CHUNK_SIZE) {
2046 			aw->aw_levtwo_ndx = 0;
2047 
2048 			do {
2049 				aw->aw_levone_ndx++;
2050 
2051 				if (aw->aw_levone_ndx == aw->aw_nlevone)
2052 					return (WALK_DONE);
2053 			} while (aw->aw_levone[aw->aw_levone_ndx] == NULL);
2054 
2055 			mdb_vread(aw->aw_levtwo, ANON_CHUNK_SIZE *
2056 			    sizeof (uintptr_t),
2057 			    aw->aw_levone[aw->aw_levone_ndx]);
2058 		}
2059 	}
2060 
2061 	if (anonptr != NULL) {
2062 		mdb_vread(&anon, sizeof (anon), anonptr);
2063 		status = wsp->walk_callback(anonptr, &anon, wsp->walk_cbdata);
2064 	} else
2065 		goto again;
2066 
2067 	return (status);
2068 }
2069 
2070 void
2071 anon_walk_fini(mdb_walk_state_t *wsp)
2072 {
2073 	anon_walk_data_t *aw = (anon_walk_data_t *)wsp->walk_data;
2074 
2075 	if (aw->aw_levtwo != NULL)
2076 		mdb_free(aw->aw_levtwo, ANON_CHUNK_SIZE * sizeof (uintptr_t));
2077 
2078 	mdb_free(aw->aw_levone, aw->aw_nlevone * sizeof (uintptr_t));
2079 	mdb_free(aw, sizeof (anon_walk_data_t));
2080 }
2081 
2082 /*ARGSUSED*/
2083 int
2084 whereopen_fwalk(uintptr_t addr, struct file *f, uintptr_t *target)
2085 {
2086 	if ((uintptr_t)f->f_vnode == *target) {
2087 		mdb_printf("file %p\n", addr);
2088 		*target = NULL;
2089 	}
2090 
2091 	return (WALK_NEXT);
2092 }
2093 
2094 /*ARGSUSED*/
2095 int
2096 whereopen_pwalk(uintptr_t addr, void *ignored, uintptr_t *target)
2097 {
2098 	uintptr_t t = *target;
2099 
2100 	if (mdb_pwalk("file", (mdb_walk_cb_t)whereopen_fwalk, &t, addr) == -1) {
2101 		mdb_warn("couldn't file walk proc %p", addr);
2102 		return (WALK_ERR);
2103 	}
2104 
2105 	if (t == NULL)
2106 		mdb_printf("%p\n", addr);
2107 
2108 	return (WALK_NEXT);
2109 }
2110 
2111 /*ARGSUSED*/
2112 int
2113 whereopen(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2114 {
2115 	uintptr_t target = addr;
2116 
2117 	if (!(flags & DCMD_ADDRSPEC) || addr == NULL)
2118 		return (DCMD_USAGE);
2119 
2120 	if (mdb_walk("proc", (mdb_walk_cb_t)whereopen_pwalk, &target) == -1) {
2121 		mdb_warn("can't proc walk");
2122 		return (DCMD_ERR);
2123 	}
2124 
2125 	return (DCMD_OK);
2126 }
2127 
2128 typedef struct datafmt {
2129 	char	*hdr1;
2130 	char	*hdr2;
2131 	char	*dashes;
2132 	char	*fmt;
2133 } datafmt_t;
2134 
2135 static datafmt_t kmemfmt[] = {
2136 	{ "cache                    ", "name                     ",
2137 	"-------------------------", "%-25s "				},
2138 	{ "   buf",	"  size",	"------",	"%6u "		},
2139 	{ "   buf",	"in use",	"------",	"%6u "		},
2140 	{ "   buf",	" total",	"------",	"%6u "		},
2141 	{ "   memory",	"   in use",	"----------",	"%9u%c "	},
2142 	{ "    alloc",	"  succeed",	"---------",	"%9u "		},
2143 	{ "alloc",	" fail",	"-----",	"%5u "		},
2144 	{ NULL,		NULL,		NULL,		NULL		}
2145 };
2146 
2147 static datafmt_t vmemfmt[] = {
2148 	{ "vmem                     ", "name                     ",
2149 	"-------------------------", "%-*s "				},
2150 	{ "   memory",	"   in use",	"----------",	"%9llu%c "	},
2151 	{ "    memory",	"     total",	"-----------",	"%10llu%c "	},
2152 	{ "   memory",	"   import",	"----------",	"%9llu%c "	},
2153 	{ "    alloc",	"  succeed",	"---------",	"%9llu "	},
2154 	{ "alloc",	" fail",	"-----",	"%5llu "	},
2155 	{ NULL,		NULL,		NULL,		NULL		}
2156 };
2157 
2158 /*ARGSUSED*/
2159 static int
2160 kmastat_cpu_avail(uintptr_t addr, const kmem_cpu_cache_t *ccp, int *avail)
2161 {
2162 	if (ccp->cc_rounds > 0)
2163 		*avail += ccp->cc_rounds;
2164 	if (ccp->cc_prounds > 0)
2165 		*avail += ccp->cc_prounds;
2166 
2167 	return (WALK_NEXT);
2168 }
2169 
2170 /*ARGSUSED*/
2171 static int
2172 kmastat_cpu_alloc(uintptr_t addr, const kmem_cpu_cache_t *ccp, int *alloc)
2173 {
2174 	*alloc += ccp->cc_alloc;
2175 
2176 	return (WALK_NEXT);
2177 }
2178 
2179 /*ARGSUSED*/
2180 static int
2181 kmastat_slab_avail(uintptr_t addr, const kmem_slab_t *sp, int *avail)
2182 {
2183 	*avail += sp->slab_chunks - sp->slab_refcnt;
2184 
2185 	return (WALK_NEXT);
2186 }
2187 
2188 typedef struct kmastat_vmem {
2189 	uintptr_t kv_addr;
2190 	struct kmastat_vmem *kv_next;
2191 	int kv_meminuse;
2192 	int kv_alloc;
2193 	int kv_fail;
2194 } kmastat_vmem_t;
2195 
2196 typedef struct kmastat_args {
2197 	kmastat_vmem_t **ka_kvpp;
2198 	uint_t ka_shift;
2199 } kmastat_args_t;
2200 
2201 static int
2202 kmastat_cache(uintptr_t addr, const kmem_cache_t *cp, kmastat_args_t *kap)
2203 {
2204 	kmastat_vmem_t **kvp = kap->ka_kvpp;
2205 	kmastat_vmem_t *kv;
2206 	datafmt_t *dfp = kmemfmt;
2207 	int magsize;
2208 
2209 	int avail, alloc, total;
2210 	size_t meminuse = (cp->cache_slab_create - cp->cache_slab_destroy) *
2211 	    cp->cache_slabsize;
2212 
2213 	mdb_walk_cb_t cpu_avail = (mdb_walk_cb_t)kmastat_cpu_avail;
2214 	mdb_walk_cb_t cpu_alloc = (mdb_walk_cb_t)kmastat_cpu_alloc;
2215 	mdb_walk_cb_t slab_avail = (mdb_walk_cb_t)kmastat_slab_avail;
2216 
2217 	magsize = kmem_get_magsize(cp);
2218 
2219 	alloc = cp->cache_slab_alloc + cp->cache_full.ml_alloc;
2220 	avail = cp->cache_full.ml_total * magsize;
2221 	total = cp->cache_buftotal;
2222 
2223 	(void) mdb_pwalk("kmem_cpu_cache", cpu_alloc, &alloc, addr);
2224 	(void) mdb_pwalk("kmem_cpu_cache", cpu_avail, &avail, addr);
2225 	(void) mdb_pwalk("kmem_slab_partial", slab_avail, &avail, addr);
2226 
2227 	for (kv = *kvp; kv != NULL; kv = kv->kv_next) {
2228 		if (kv->kv_addr == (uintptr_t)cp->cache_arena)
2229 			goto out;
2230 	}
2231 
2232 	kv = mdb_zalloc(sizeof (kmastat_vmem_t), UM_SLEEP | UM_GC);
2233 	kv->kv_next = *kvp;
2234 	kv->kv_addr = (uintptr_t)cp->cache_arena;
2235 	*kvp = kv;
2236 out:
2237 	kv->kv_meminuse += meminuse;
2238 	kv->kv_alloc += alloc;
2239 	kv->kv_fail += cp->cache_alloc_fail;
2240 
2241 	mdb_printf((dfp++)->fmt, cp->cache_name);
2242 	mdb_printf((dfp++)->fmt, cp->cache_bufsize);
2243 	mdb_printf((dfp++)->fmt, total - avail);
2244 	mdb_printf((dfp++)->fmt, total);
2245 	mdb_printf((dfp++)->fmt, meminuse >> kap->ka_shift,
2246 	    kap->ka_shift == GIGS ? 'G' : kap->ka_shift == MEGS ? 'M' :
2247 	    kap->ka_shift == KILOS ? 'K' : 'B');
2248 	mdb_printf((dfp++)->fmt, alloc);
2249 	mdb_printf((dfp++)->fmt, cp->cache_alloc_fail);
2250 	mdb_printf("\n");
2251 
2252 	return (WALK_NEXT);
2253 }
2254 
2255 static int
2256 kmastat_vmem_totals(uintptr_t addr, const vmem_t *v, kmastat_args_t *kap)
2257 {
2258 	kmastat_vmem_t *kv = *kap->ka_kvpp;
2259 	size_t len;
2260 
2261 	while (kv != NULL && kv->kv_addr != addr)
2262 		kv = kv->kv_next;
2263 
2264 	if (kv == NULL || kv->kv_alloc == 0)
2265 		return (WALK_NEXT);
2266 
2267 	len = MIN(17, strlen(v->vm_name));
2268 
2269 	mdb_printf("Total [%s]%*s %6s %6s %6s %9u%c %9u %5u\n", v->vm_name,
2270 	    17 - len, "", "", "", "",
2271 	    kv->kv_meminuse >> kap->ka_shift,
2272 	    kap->ka_shift == GIGS ? 'G' : kap->ka_shift == MEGS ? 'M' :
2273 	    kap->ka_shift == KILOS ? 'K' : 'B', kv->kv_alloc, kv->kv_fail);
2274 
2275 	return (WALK_NEXT);
2276 }
2277 
2278 /*ARGSUSED*/
2279 static int
2280 kmastat_vmem(uintptr_t addr, const vmem_t *v, const uint_t *shiftp)
2281 {
2282 	datafmt_t *dfp = vmemfmt;
2283 	const vmem_kstat_t *vkp = &v->vm_kstat;
2284 	uintptr_t paddr;
2285 	vmem_t parent;
2286 	int ident = 0;
2287 
2288 	for (paddr = (uintptr_t)v->vm_source; paddr != NULL; ident += 4) {
2289 		if (mdb_vread(&parent, sizeof (parent), paddr) == -1) {
2290 			mdb_warn("couldn't trace %p's ancestry", addr);
2291 			ident = 0;
2292 			break;
2293 		}
2294 		paddr = (uintptr_t)parent.vm_source;
2295 	}
2296 
2297 	mdb_printf("%*s", ident, "");
2298 	mdb_printf((dfp++)->fmt, 25 - ident, v->vm_name);
2299 	mdb_printf((dfp++)->fmt, vkp->vk_mem_inuse.value.ui64 >> *shiftp,
2300 	    *shiftp == GIGS ? 'G' : *shiftp == MEGS ? 'M' :
2301 	    *shiftp == KILOS ? 'K' : 'B');
2302 	mdb_printf((dfp++)->fmt, vkp->vk_mem_total.value.ui64 >> *shiftp,
2303 	    *shiftp == GIGS ? 'G' : *shiftp == MEGS ? 'M' :
2304 	    *shiftp == KILOS ? 'K' : 'B');
2305 	mdb_printf((dfp++)->fmt, vkp->vk_mem_import.value.ui64 >> *shiftp,
2306 	    *shiftp == GIGS ? 'G' : *shiftp == MEGS ? 'M' :
2307 	    *shiftp == KILOS ? 'K' : 'B');
2308 	mdb_printf((dfp++)->fmt, vkp->vk_alloc.value.ui64);
2309 	mdb_printf((dfp++)->fmt, vkp->vk_fail.value.ui64);
2310 
2311 	mdb_printf("\n");
2312 
2313 	return (WALK_NEXT);
2314 }
2315 
2316 /*ARGSUSED*/
2317 int
2318 kmastat(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2319 {
2320 	kmastat_vmem_t *kv = NULL;
2321 	datafmt_t *dfp;
2322 	kmastat_args_t ka;
2323 
2324 	ka.ka_shift = 0;
2325 	if (mdb_getopts(argc, argv,
2326 	    'k', MDB_OPT_SETBITS, KILOS, &ka.ka_shift,
2327 	    'm', MDB_OPT_SETBITS, MEGS, &ka.ka_shift,
2328 	    'g', MDB_OPT_SETBITS, GIGS, &ka.ka_shift, NULL) != argc)
2329 		return (DCMD_USAGE);
2330 
2331 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2332 		mdb_printf("%s ", dfp->hdr1);
2333 	mdb_printf("\n");
2334 
2335 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2336 		mdb_printf("%s ", dfp->hdr2);
2337 	mdb_printf("\n");
2338 
2339 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2340 		mdb_printf("%s ", dfp->dashes);
2341 	mdb_printf("\n");
2342 
2343 	ka.ka_kvpp = &kv;
2344 	if (mdb_walk("kmem_cache", (mdb_walk_cb_t)kmastat_cache, &ka) == -1) {
2345 		mdb_warn("can't walk 'kmem_cache'");
2346 		return (DCMD_ERR);
2347 	}
2348 
2349 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2350 		mdb_printf("%s ", dfp->dashes);
2351 	mdb_printf("\n");
2352 
2353 	if (mdb_walk("vmem", (mdb_walk_cb_t)kmastat_vmem_totals, &ka) == -1) {
2354 		mdb_warn("can't walk 'vmem'");
2355 		return (DCMD_ERR);
2356 	}
2357 
2358 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
2359 		mdb_printf("%s ", dfp->dashes);
2360 	mdb_printf("\n");
2361 
2362 	mdb_printf("\n");
2363 
2364 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2365 		mdb_printf("%s ", dfp->hdr1);
2366 	mdb_printf("\n");
2367 
2368 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2369 		mdb_printf("%s ", dfp->hdr2);
2370 	mdb_printf("\n");
2371 
2372 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2373 		mdb_printf("%s ", dfp->dashes);
2374 	mdb_printf("\n");
2375 
2376 	if (mdb_walk("vmem", (mdb_walk_cb_t)kmastat_vmem, &ka.ka_shift) == -1) {
2377 		mdb_warn("can't walk 'vmem'");
2378 		return (DCMD_ERR);
2379 	}
2380 
2381 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
2382 		mdb_printf("%s ", dfp->dashes);
2383 	mdb_printf("\n");
2384 	return (DCMD_OK);
2385 }
2386 
2387 /*
2388  * Our ::kgrep callback scans the entire kernel VA space (kas).  kas is made
2389  * up of a set of 'struct seg's.  We could just scan each seg en masse, but
2390  * unfortunately, a few of the segs are both large and sparse, so we could
2391  * spend quite a bit of time scanning VAs which have no backing pages.
2392  *
2393  * So for the few very sparse segs, we skip the segment itself, and scan
2394  * the allocated vmem_segs in the vmem arena which manages that part of kas.
2395  * Currently, we do this for:
2396  *
2397  *	SEG		VMEM ARENA
2398  *	kvseg		heap_arena
2399  *	kvseg32		heap32_arena
2400  *	kvseg_core	heap_core_arena
2401  *
2402  * In addition, we skip the segkpm segment in its entirety, since it is very
2403  * sparse, and contains no new kernel data.
2404  */
2405 typedef struct kgrep_walk_data {
2406 	kgrep_cb_func *kg_cb;
2407 	void *kg_cbdata;
2408 	uintptr_t kg_kvseg;
2409 	uintptr_t kg_kvseg32;
2410 	uintptr_t kg_kvseg_core;
2411 	uintptr_t kg_segkpm;
2412 	uintptr_t kg_heap_lp_base;
2413 	uintptr_t kg_heap_lp_end;
2414 } kgrep_walk_data_t;
2415 
2416 static int
2417 kgrep_walk_seg(uintptr_t addr, const struct seg *seg, kgrep_walk_data_t *kg)
2418 {
2419 	uintptr_t base = (uintptr_t)seg->s_base;
2420 
2421 	if (addr == kg->kg_kvseg || addr == kg->kg_kvseg32 ||
2422 	    addr == kg->kg_kvseg_core)
2423 		return (WALK_NEXT);
2424 
2425 	if ((uintptr_t)seg->s_ops == kg->kg_segkpm)
2426 		return (WALK_NEXT);
2427 
2428 	return (kg->kg_cb(base, base + seg->s_size, kg->kg_cbdata));
2429 }
2430 
2431 /*ARGSUSED*/
2432 static int
2433 kgrep_walk_vseg(uintptr_t addr, const vmem_seg_t *seg, kgrep_walk_data_t *kg)
2434 {
2435 	/*
2436 	 * skip large page heap address range - it is scanned by walking
2437 	 * allocated vmem_segs in the heap_lp_arena
2438 	 */
2439 	if (seg->vs_start == kg->kg_heap_lp_base &&
2440 	    seg->vs_end == kg->kg_heap_lp_end)
2441 		return (WALK_NEXT);
2442 
2443 	return (kg->kg_cb(seg->vs_start, seg->vs_end, kg->kg_cbdata));
2444 }
2445 
2446 /*ARGSUSED*/
2447 static int
2448 kgrep_xwalk_vseg(uintptr_t addr, const vmem_seg_t *seg, kgrep_walk_data_t *kg)
2449 {
2450 	return (kg->kg_cb(seg->vs_start, seg->vs_end, kg->kg_cbdata));
2451 }
2452 
2453 static int
2454 kgrep_walk_vmem(uintptr_t addr, const vmem_t *vmem, kgrep_walk_data_t *kg)
2455 {
2456 	mdb_walk_cb_t walk_vseg = (mdb_walk_cb_t)kgrep_walk_vseg;
2457 
2458 	if (strcmp(vmem->vm_name, "heap") != 0 &&
2459 	    strcmp(vmem->vm_name, "heap32") != 0 &&
2460 	    strcmp(vmem->vm_name, "heap_core") != 0 &&
2461 	    strcmp(vmem->vm_name, "heap_lp") != 0)
2462 		return (WALK_NEXT);
2463 
2464 	if (strcmp(vmem->vm_name, "heap_lp") == 0)
2465 		walk_vseg = (mdb_walk_cb_t)kgrep_xwalk_vseg;
2466 
2467 	if (mdb_pwalk("vmem_alloc", walk_vseg, kg, addr) == -1) {
2468 		mdb_warn("couldn't walk vmem_alloc for vmem %p", addr);
2469 		return (WALK_ERR);
2470 	}
2471 
2472 	return (WALK_NEXT);
2473 }
2474 
2475 int
2476 kgrep_subr(kgrep_cb_func *cb, void *cbdata)
2477 {
2478 	GElf_Sym kas, kvseg, kvseg32, kvseg_core, segkpm;
2479 	kgrep_walk_data_t kg;
2480 
2481 	if (mdb_get_state() == MDB_STATE_RUNNING) {
2482 		mdb_warn("kgrep can only be run on a system "
2483 		    "dump or under kmdb; see dumpadm(1M)\n");
2484 		return (DCMD_ERR);
2485 	}
2486 
2487 	if (mdb_lookup_by_name("kas", &kas) == -1) {
2488 		mdb_warn("failed to locate 'kas' symbol\n");
2489 		return (DCMD_ERR);
2490 	}
2491 
2492 	if (mdb_lookup_by_name("kvseg", &kvseg) == -1) {
2493 		mdb_warn("failed to locate 'kvseg' symbol\n");
2494 		return (DCMD_ERR);
2495 	}
2496 
2497 	if (mdb_lookup_by_name("kvseg32", &kvseg32) == -1) {
2498 		mdb_warn("failed to locate 'kvseg32' symbol\n");
2499 		return (DCMD_ERR);
2500 	}
2501 
2502 	if (mdb_lookup_by_name("kvseg_core", &kvseg_core) == -1) {
2503 		mdb_warn("failed to locate 'kvseg_core' symbol\n");
2504 		return (DCMD_ERR);
2505 	}
2506 
2507 	if (mdb_lookup_by_name("segkpm_ops", &segkpm) == -1) {
2508 		mdb_warn("failed to locate 'segkpm_ops' symbol\n");
2509 		return (DCMD_ERR);
2510 	}
2511 
2512 	if (mdb_readvar(&kg.kg_heap_lp_base, "heap_lp_base") == -1) {
2513 		mdb_warn("failed to read 'heap_lp_base'\n");
2514 		return (DCMD_ERR);
2515 	}
2516 
2517 	if (mdb_readvar(&kg.kg_heap_lp_end, "heap_lp_end") == -1) {
2518 		mdb_warn("failed to read 'heap_lp_end'\n");
2519 		return (DCMD_ERR);
2520 	}
2521 
2522 	kg.kg_cb = cb;
2523 	kg.kg_cbdata = cbdata;
2524 	kg.kg_kvseg = (uintptr_t)kvseg.st_value;
2525 	kg.kg_kvseg32 = (uintptr_t)kvseg32.st_value;
2526 	kg.kg_kvseg_core = (uintptr_t)kvseg_core.st_value;
2527 	kg.kg_segkpm = (uintptr_t)segkpm.st_value;
2528 
2529 	if (mdb_pwalk("seg", (mdb_walk_cb_t)kgrep_walk_seg,
2530 	    &kg, kas.st_value) == -1) {
2531 		mdb_warn("failed to walk kas segments");
2532 		return (DCMD_ERR);
2533 	}
2534 
2535 	if (mdb_walk("vmem", (mdb_walk_cb_t)kgrep_walk_vmem, &kg) == -1) {
2536 		mdb_warn("failed to walk heap/heap32 vmem arenas");
2537 		return (DCMD_ERR);
2538 	}
2539 
2540 	return (DCMD_OK);
2541 }
2542 
2543 size_t
2544 kgrep_subr_pagesize(void)
2545 {
2546 	return (PAGESIZE);
2547 }
2548 
2549 typedef struct file_walk_data {
2550 	struct uf_entry *fw_flist;
2551 	int fw_flistsz;
2552 	int fw_ndx;
2553 	int fw_nofiles;
2554 } file_walk_data_t;
2555 
2556 int
2557 file_walk_init(mdb_walk_state_t *wsp)
2558 {
2559 	file_walk_data_t *fw;
2560 	proc_t p;
2561 
2562 	if (wsp->walk_addr == NULL) {
2563 		mdb_warn("file walk doesn't support global walks\n");
2564 		return (WALK_ERR);
2565 	}
2566 
2567 	fw = mdb_alloc(sizeof (file_walk_data_t), UM_SLEEP);
2568 
2569 	if (mdb_vread(&p, sizeof (p), wsp->walk_addr) == -1) {
2570 		mdb_free(fw, sizeof (file_walk_data_t));
2571 		mdb_warn("failed to read proc structure at %p", wsp->walk_addr);
2572 		return (WALK_ERR);
2573 	}
2574 
2575 	if (p.p_user.u_finfo.fi_nfiles == 0) {
2576 		mdb_free(fw, sizeof (file_walk_data_t));
2577 		return (WALK_DONE);
2578 	}
2579 
2580 	fw->fw_nofiles = p.p_user.u_finfo.fi_nfiles;
2581 	fw->fw_flistsz = sizeof (struct uf_entry) * fw->fw_nofiles;
2582 	fw->fw_flist = mdb_alloc(fw->fw_flistsz, UM_SLEEP);
2583 
2584 	if (mdb_vread(fw->fw_flist, fw->fw_flistsz,
2585 	    (uintptr_t)p.p_user.u_finfo.fi_list) == -1) {
2586 		mdb_warn("failed to read file array at %p",
2587 		    p.p_user.u_finfo.fi_list);
2588 		mdb_free(fw->fw_flist, fw->fw_flistsz);
2589 		mdb_free(fw, sizeof (file_walk_data_t));
2590 		return (WALK_ERR);
2591 	}
2592 
2593 	fw->fw_ndx = 0;
2594 	wsp->walk_data = fw;
2595 
2596 	return (WALK_NEXT);
2597 }
2598 
2599 int
2600 file_walk_step(mdb_walk_state_t *wsp)
2601 {
2602 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
2603 	struct file file;
2604 	uintptr_t fp;
2605 
2606 again:
2607 	if (fw->fw_ndx == fw->fw_nofiles)
2608 		return (WALK_DONE);
2609 
2610 	if ((fp = (uintptr_t)fw->fw_flist[fw->fw_ndx++].uf_file) == NULL)
2611 		goto again;
2612 
2613 	(void) mdb_vread(&file, sizeof (file), (uintptr_t)fp);
2614 	return (wsp->walk_callback(fp, &file, wsp->walk_cbdata));
2615 }
2616 
2617 int
2618 allfile_walk_step(mdb_walk_state_t *wsp)
2619 {
2620 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
2621 	struct file file;
2622 	uintptr_t fp;
2623 
2624 	if (fw->fw_ndx == fw->fw_nofiles)
2625 		return (WALK_DONE);
2626 
2627 	if ((fp = (uintptr_t)fw->fw_flist[fw->fw_ndx++].uf_file) != NULL)
2628 		(void) mdb_vread(&file, sizeof (file), (uintptr_t)fp);
2629 	else
2630 		bzero(&file, sizeof (file));
2631 
2632 	return (wsp->walk_callback(fp, &file, wsp->walk_cbdata));
2633 }
2634 
2635 void
2636 file_walk_fini(mdb_walk_state_t *wsp)
2637 {
2638 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
2639 
2640 	mdb_free(fw->fw_flist, fw->fw_flistsz);
2641 	mdb_free(fw, sizeof (file_walk_data_t));
2642 }
2643 
2644 int
2645 port_walk_init(mdb_walk_state_t *wsp)
2646 {
2647 	if (wsp->walk_addr == NULL) {
2648 		mdb_warn("port walk doesn't support global walks\n");
2649 		return (WALK_ERR);
2650 	}
2651 
2652 	if (mdb_layered_walk("file", wsp) == -1) {
2653 		mdb_warn("couldn't walk 'file'");
2654 		return (WALK_ERR);
2655 	}
2656 	return (WALK_NEXT);
2657 }
2658 
2659 int
2660 port_walk_step(mdb_walk_state_t *wsp)
2661 {
2662 	struct vnode	vn;
2663 	uintptr_t	vp;
2664 	uintptr_t	pp;
2665 	struct port	port;
2666 
2667 	vp = (uintptr_t)((struct file *)wsp->walk_layer)->f_vnode;
2668 	if (mdb_vread(&vn, sizeof (vn), vp) == -1) {
2669 		mdb_warn("failed to read vnode_t at %p", vp);
2670 		return (WALK_ERR);
2671 	}
2672 	if (vn.v_type != VPORT)
2673 		return (WALK_NEXT);
2674 
2675 	pp = (uintptr_t)vn.v_data;
2676 	if (mdb_vread(&port, sizeof (port), pp) == -1) {
2677 		mdb_warn("failed to read port_t at %p", pp);
2678 		return (WALK_ERR);
2679 	}
2680 	return (wsp->walk_callback(pp, &port, wsp->walk_cbdata));
2681 }
2682 
2683 typedef struct portev_walk_data {
2684 	list_node_t	*pev_node;
2685 	list_node_t	*pev_last;
2686 	size_t		pev_offset;
2687 } portev_walk_data_t;
2688 
2689 int
2690 portev_walk_init(mdb_walk_state_t *wsp)
2691 {
2692 	portev_walk_data_t *pevd;
2693 	struct port	port;
2694 	struct vnode	vn;
2695 	struct list	*list;
2696 	uintptr_t	vp;
2697 
2698 	if (wsp->walk_addr == NULL) {
2699 		mdb_warn("portev walk doesn't support global walks\n");
2700 		return (WALK_ERR);
2701 	}
2702 
2703 	pevd = mdb_alloc(sizeof (portev_walk_data_t), UM_SLEEP);
2704 
2705 	if (mdb_vread(&port, sizeof (port), wsp->walk_addr) == -1) {
2706 		mdb_free(pevd, sizeof (portev_walk_data_t));
2707 		mdb_warn("failed to read port structure at %p", wsp->walk_addr);
2708 		return (WALK_ERR);
2709 	}
2710 
2711 	vp = (uintptr_t)port.port_vnode;
2712 	if (mdb_vread(&vn, sizeof (vn), vp) == -1) {
2713 		mdb_free(pevd, sizeof (portev_walk_data_t));
2714 		mdb_warn("failed to read vnode_t at %p", vp);
2715 		return (WALK_ERR);
2716 	}
2717 
2718 	if (vn.v_type != VPORT) {
2719 		mdb_free(pevd, sizeof (portev_walk_data_t));
2720 		mdb_warn("input address (%p) does not point to an event port",
2721 		    wsp->walk_addr);
2722 		return (WALK_ERR);
2723 	}
2724 
2725 	if (port.port_queue.portq_nent == 0) {
2726 		mdb_free(pevd, sizeof (portev_walk_data_t));
2727 		return (WALK_DONE);
2728 	}
2729 	list = &port.port_queue.portq_list;
2730 	pevd->pev_offset = list->list_offset;
2731 	pevd->pev_last = list->list_head.list_prev;
2732 	pevd->pev_node = list->list_head.list_next;
2733 	wsp->walk_data = pevd;
2734 	return (WALK_NEXT);
2735 }
2736 
2737 int
2738 portev_walk_step(mdb_walk_state_t *wsp)
2739 {
2740 	portev_walk_data_t	*pevd;
2741 	struct port_kevent	ev;
2742 	uintptr_t		evp;
2743 
2744 	pevd = (portev_walk_data_t *)wsp->walk_data;
2745 
2746 	if (pevd->pev_last == NULL)
2747 		return (WALK_DONE);
2748 	if (pevd->pev_node == pevd->pev_last)
2749 		pevd->pev_last = NULL;		/* last round */
2750 
2751 	evp = ((uintptr_t)(((char *)pevd->pev_node) - pevd->pev_offset));
2752 	if (mdb_vread(&ev, sizeof (ev), evp) == -1) {
2753 		mdb_warn("failed to read port_kevent at %p", evp);
2754 		return (WALK_DONE);
2755 	}
2756 	pevd->pev_node = ev.portkev_node.list_next;
2757 	return (wsp->walk_callback(evp, &ev, wsp->walk_cbdata));
2758 }
2759 
2760 void
2761 portev_walk_fini(mdb_walk_state_t *wsp)
2762 {
2763 	portev_walk_data_t *pevd = (portev_walk_data_t *)wsp->walk_data;
2764 
2765 	if (pevd != NULL)
2766 		mdb_free(pevd, sizeof (portev_walk_data_t));
2767 }
2768 
2769 typedef struct proc_walk_data {
2770 	uintptr_t *pw_stack;
2771 	int pw_depth;
2772 	int pw_max;
2773 } proc_walk_data_t;
2774 
2775 int
2776 proc_walk_init(mdb_walk_state_t *wsp)
2777 {
2778 	GElf_Sym sym;
2779 	proc_walk_data_t *pw;
2780 
2781 	if (wsp->walk_addr == NULL) {
2782 		if (mdb_lookup_by_name("p0", &sym) == -1) {
2783 			mdb_warn("failed to read 'practive'");
2784 			return (WALK_ERR);
2785 		}
2786 		wsp->walk_addr = (uintptr_t)sym.st_value;
2787 	}
2788 
2789 	pw = mdb_zalloc(sizeof (proc_walk_data_t), UM_SLEEP);
2790 
2791 	if (mdb_readvar(&pw->pw_max, "nproc") == -1) {
2792 		mdb_warn("failed to read 'nproc'");
2793 		mdb_free(pw, sizeof (pw));
2794 		return (WALK_ERR);
2795 	}
2796 
2797 	pw->pw_stack = mdb_alloc(pw->pw_max * sizeof (uintptr_t), UM_SLEEP);
2798 	wsp->walk_data = pw;
2799 
2800 	return (WALK_NEXT);
2801 }
2802 
2803 int
2804 proc_walk_step(mdb_walk_state_t *wsp)
2805 {
2806 	proc_walk_data_t *pw = wsp->walk_data;
2807 	uintptr_t addr = wsp->walk_addr;
2808 	uintptr_t cld, sib;
2809 
2810 	int status;
2811 	proc_t pr;
2812 
2813 	if (mdb_vread(&pr, sizeof (proc_t), addr) == -1) {
2814 		mdb_warn("failed to read proc at %p", addr);
2815 		return (WALK_DONE);
2816 	}
2817 
2818 	cld = (uintptr_t)pr.p_child;
2819 	sib = (uintptr_t)pr.p_sibling;
2820 
2821 	if (pw->pw_depth > 0 && addr == pw->pw_stack[pw->pw_depth - 1]) {
2822 		pw->pw_depth--;
2823 		goto sib;
2824 	}
2825 
2826 	status = wsp->walk_callback(addr, &pr, wsp->walk_cbdata);
2827 
2828 	if (status != WALK_NEXT)
2829 		return (status);
2830 
2831 	if ((wsp->walk_addr = cld) != NULL) {
2832 		if (mdb_vread(&pr, sizeof (proc_t), cld) == -1) {
2833 			mdb_warn("proc %p has invalid p_child %p; skipping\n",
2834 			    addr, cld);
2835 			goto sib;
2836 		}
2837 
2838 		pw->pw_stack[pw->pw_depth++] = addr;
2839 
2840 		if (pw->pw_depth == pw->pw_max) {
2841 			mdb_warn("depth %d exceeds max depth; try again\n",
2842 			    pw->pw_depth);
2843 			return (WALK_DONE);
2844 		}
2845 		return (WALK_NEXT);
2846 	}
2847 
2848 sib:
2849 	/*
2850 	 * We know that p0 has no siblings, and if another starting proc
2851 	 * was given, we don't want to walk its siblings anyway.
2852 	 */
2853 	if (pw->pw_depth == 0)
2854 		return (WALK_DONE);
2855 
2856 	if (sib != NULL && mdb_vread(&pr, sizeof (proc_t), sib) == -1) {
2857 		mdb_warn("proc %p has invalid p_sibling %p; skipping\n",
2858 		    addr, sib);
2859 		sib = NULL;
2860 	}
2861 
2862 	if ((wsp->walk_addr = sib) == NULL) {
2863 		if (pw->pw_depth > 0) {
2864 			wsp->walk_addr = pw->pw_stack[pw->pw_depth - 1];
2865 			return (WALK_NEXT);
2866 		}
2867 		return (WALK_DONE);
2868 	}
2869 
2870 	return (WALK_NEXT);
2871 }
2872 
2873 void
2874 proc_walk_fini(mdb_walk_state_t *wsp)
2875 {
2876 	proc_walk_data_t *pw = wsp->walk_data;
2877 
2878 	mdb_free(pw->pw_stack, pw->pw_max * sizeof (uintptr_t));
2879 	mdb_free(pw, sizeof (proc_walk_data_t));
2880 }
2881 
2882 int
2883 task_walk_init(mdb_walk_state_t *wsp)
2884 {
2885 	task_t task;
2886 
2887 	if (mdb_vread(&task, sizeof (task_t), wsp->walk_addr) == -1) {
2888 		mdb_warn("failed to read task at %p", wsp->walk_addr);
2889 		return (WALK_ERR);
2890 	}
2891 	wsp->walk_addr = (uintptr_t)task.tk_memb_list;
2892 	wsp->walk_data = task.tk_memb_list;
2893 	return (WALK_NEXT);
2894 }
2895 
2896 int
2897 task_walk_step(mdb_walk_state_t *wsp)
2898 {
2899 	proc_t proc;
2900 	int status;
2901 
2902 	if (mdb_vread(&proc, sizeof (proc_t), wsp->walk_addr) == -1) {
2903 		mdb_warn("failed to read proc at %p", wsp->walk_addr);
2904 		return (WALK_DONE);
2905 	}
2906 
2907 	status = wsp->walk_callback(wsp->walk_addr, NULL, wsp->walk_cbdata);
2908 
2909 	if (proc.p_tasknext == wsp->walk_data)
2910 		return (WALK_DONE);
2911 
2912 	wsp->walk_addr = (uintptr_t)proc.p_tasknext;
2913 	return (status);
2914 }
2915 
2916 int
2917 project_walk_init(mdb_walk_state_t *wsp)
2918 {
2919 	if (wsp->walk_addr == NULL) {
2920 		if (mdb_readvar(&wsp->walk_addr, "proj0p") == -1) {
2921 			mdb_warn("failed to read 'proj0p'");
2922 			return (WALK_ERR);
2923 		}
2924 	}
2925 	wsp->walk_data = (void *)wsp->walk_addr;
2926 	return (WALK_NEXT);
2927 }
2928 
2929 int
2930 project_walk_step(mdb_walk_state_t *wsp)
2931 {
2932 	uintptr_t addr = wsp->walk_addr;
2933 	kproject_t pj;
2934 	int status;
2935 
2936 	if (mdb_vread(&pj, sizeof (kproject_t), addr) == -1) {
2937 		mdb_warn("failed to read project at %p", addr);
2938 		return (WALK_DONE);
2939 	}
2940 	status = wsp->walk_callback(addr, &pj, wsp->walk_cbdata);
2941 	if (status != WALK_NEXT)
2942 		return (status);
2943 	wsp->walk_addr = (uintptr_t)pj.kpj_next;
2944 	if ((void *)wsp->walk_addr == wsp->walk_data)
2945 		return (WALK_DONE);
2946 	return (WALK_NEXT);
2947 }
2948 
2949 static int
2950 generic_walk_step(mdb_walk_state_t *wsp)
2951 {
2952 	return (wsp->walk_callback(wsp->walk_addr, wsp->walk_layer,
2953 	    wsp->walk_cbdata));
2954 }
2955 
2956 int
2957 seg_walk_init(mdb_walk_state_t *wsp)
2958 {
2959 	if (wsp->walk_addr == NULL) {
2960 		mdb_warn("seg walk must begin at struct as *\n");
2961 		return (WALK_ERR);
2962 	}
2963 
2964 	/*
2965 	 * this is really just a wrapper to AVL tree walk
2966 	 */
2967 	wsp->walk_addr = (uintptr_t)&((struct as *)wsp->walk_addr)->a_segtree;
2968 	return (avl_walk_init(wsp));
2969 }
2970 
2971 static int
2972 cpu_walk_cmp(const void *l, const void *r)
2973 {
2974 	uintptr_t lhs = *((uintptr_t *)l);
2975 	uintptr_t rhs = *((uintptr_t *)r);
2976 	cpu_t lcpu, rcpu;
2977 
2978 	(void) mdb_vread(&lcpu, sizeof (lcpu), lhs);
2979 	(void) mdb_vread(&rcpu, sizeof (rcpu), rhs);
2980 
2981 	if (lcpu.cpu_id < rcpu.cpu_id)
2982 		return (-1);
2983 
2984 	if (lcpu.cpu_id > rcpu.cpu_id)
2985 		return (1);
2986 
2987 	return (0);
2988 }
2989 
2990 typedef struct cpu_walk {
2991 	uintptr_t *cw_array;
2992 	int cw_ndx;
2993 } cpu_walk_t;
2994 
2995 int
2996 cpu_walk_init(mdb_walk_state_t *wsp)
2997 {
2998 	cpu_walk_t *cw;
2999 	int max_ncpus, i = 0;
3000 	uintptr_t current, first;
3001 	cpu_t cpu, panic_cpu;
3002 	uintptr_t panicstr, addr;
3003 	GElf_Sym sym;
3004 
3005 	cw = mdb_zalloc(sizeof (cpu_walk_t), UM_SLEEP | UM_GC);
3006 
3007 	if (mdb_readvar(&max_ncpus, "max_ncpus") == -1) {
3008 		mdb_warn("failed to read 'max_ncpus'");
3009 		return (WALK_ERR);
3010 	}
3011 
3012 	if (mdb_readvar(&panicstr, "panicstr") == -1) {
3013 		mdb_warn("failed to read 'panicstr'");
3014 		return (WALK_ERR);
3015 	}
3016 
3017 	if (panicstr != NULL) {
3018 		if (mdb_lookup_by_name("panic_cpu", &sym) == -1) {
3019 			mdb_warn("failed to find 'panic_cpu'");
3020 			return (WALK_ERR);
3021 		}
3022 
3023 		addr = (uintptr_t)sym.st_value;
3024 
3025 		if (mdb_vread(&panic_cpu, sizeof (cpu_t), addr) == -1) {
3026 			mdb_warn("failed to read 'panic_cpu'");
3027 			return (WALK_ERR);
3028 		}
3029 	}
3030 
3031 	/*
3032 	 * Unfortunately, there is no platform-independent way to walk
3033 	 * CPUs in ID order.  We therefore loop through in cpu_next order,
3034 	 * building an array of CPU pointers which will subsequently be
3035 	 * sorted.
3036 	 */
3037 	cw->cw_array =
3038 	    mdb_zalloc((max_ncpus + 1) * sizeof (uintptr_t), UM_SLEEP | UM_GC);
3039 
3040 	if (mdb_readvar(&first, "cpu_list") == -1) {
3041 		mdb_warn("failed to read 'cpu_list'");
3042 		return (WALK_ERR);
3043 	}
3044 
3045 	current = first;
3046 	do {
3047 		if (mdb_vread(&cpu, sizeof (cpu), current) == -1) {
3048 			mdb_warn("failed to read cpu at %p", current);
3049 			return (WALK_ERR);
3050 		}
3051 
3052 		if (panicstr != NULL && panic_cpu.cpu_id == cpu.cpu_id) {
3053 			cw->cw_array[i++] = addr;
3054 		} else {
3055 			cw->cw_array[i++] = current;
3056 		}
3057 	} while ((current = (uintptr_t)cpu.cpu_next) != first);
3058 
3059 	qsort(cw->cw_array, i, sizeof (uintptr_t), cpu_walk_cmp);
3060 	wsp->walk_data = cw;
3061 
3062 	return (WALK_NEXT);
3063 }
3064 
3065 int
3066 cpu_walk_step(mdb_walk_state_t *wsp)
3067 {
3068 	cpu_walk_t *cw = wsp->walk_data;
3069 	cpu_t cpu;
3070 	uintptr_t addr = cw->cw_array[cw->cw_ndx++];
3071 
3072 	if (addr == NULL)
3073 		return (WALK_DONE);
3074 
3075 	if (mdb_vread(&cpu, sizeof (cpu), addr) == -1) {
3076 		mdb_warn("failed to read cpu at %p", addr);
3077 		return (WALK_DONE);
3078 	}
3079 
3080 	return (wsp->walk_callback(addr, &cpu, wsp->walk_cbdata));
3081 }
3082 
3083 typedef struct cpuinfo_data {
3084 	intptr_t cid_cpu;
3085 	uintptr_t cid_lbolt;
3086 	uintptr_t **cid_ithr;
3087 	char	cid_print_head;
3088 	char	cid_print_thr;
3089 	char	cid_print_ithr;
3090 	char	cid_print_flags;
3091 } cpuinfo_data_t;
3092 
3093 int
3094 cpuinfo_walk_ithread(uintptr_t addr, const kthread_t *thr, cpuinfo_data_t *cid)
3095 {
3096 	cpu_t c;
3097 	int id;
3098 	uint8_t pil;
3099 
3100 	if (!(thr->t_flag & T_INTR_THREAD) || thr->t_state == TS_FREE)
3101 		return (WALK_NEXT);
3102 
3103 	if (thr->t_bound_cpu == NULL) {
3104 		mdb_warn("thr %p is intr thread w/out a CPU\n", addr);
3105 		return (WALK_NEXT);
3106 	}
3107 
3108 	(void) mdb_vread(&c, sizeof (c), (uintptr_t)thr->t_bound_cpu);
3109 
3110 	if ((id = c.cpu_id) >= NCPU) {
3111 		mdb_warn("CPU %p has id (%d) greater than NCPU (%d)\n",
3112 		    thr->t_bound_cpu, id, NCPU);
3113 		return (WALK_NEXT);
3114 	}
3115 
3116 	if ((pil = thr->t_pil) >= NINTR) {
3117 		mdb_warn("thread %p has pil (%d) greater than %d\n",
3118 		    addr, pil, NINTR);
3119 		return (WALK_NEXT);
3120 	}
3121 
3122 	if (cid->cid_ithr[id][pil] != NULL) {
3123 		mdb_warn("CPU %d has multiple threads at pil %d (at least "
3124 		    "%p and %p)\n", id, pil, addr, cid->cid_ithr[id][pil]);
3125 		return (WALK_NEXT);
3126 	}
3127 
3128 	cid->cid_ithr[id][pil] = addr;
3129 
3130 	return (WALK_NEXT);
3131 }
3132 
3133 #define	CPUINFO_IDWIDTH		3
3134 #define	CPUINFO_FLAGWIDTH	9
3135 
3136 #ifdef _LP64
3137 #if defined(__amd64)
3138 #define	CPUINFO_TWIDTH		16
3139 #define	CPUINFO_CPUWIDTH	16
3140 #else
3141 #define	CPUINFO_CPUWIDTH	11
3142 #define	CPUINFO_TWIDTH		11
3143 #endif
3144 #else
3145 #define	CPUINFO_CPUWIDTH	8
3146 #define	CPUINFO_TWIDTH		8
3147 #endif
3148 
3149 #define	CPUINFO_THRDELT		(CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH + 9)
3150 #define	CPUINFO_FLAGDELT	(CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH + 4)
3151 #define	CPUINFO_ITHRDELT	4
3152 
3153 #define	CPUINFO_INDENT	mdb_printf("%*s", CPUINFO_THRDELT, \
3154     flagline < nflaglines ? flagbuf[flagline++] : "")
3155 
3156 int
3157 cpuinfo_walk_cpu(uintptr_t addr, const cpu_t *cpu, cpuinfo_data_t *cid)
3158 {
3159 	kthread_t t;
3160 	disp_t disp;
3161 	proc_t p;
3162 	uintptr_t pinned;
3163 	char **flagbuf;
3164 	int nflaglines = 0, flagline = 0, bspl, rval = WALK_NEXT;
3165 
3166 	const char *flags[] = {
3167 	    "RUNNING", "READY", "QUIESCED", "EXISTS",
3168 	    "ENABLE", "OFFLINE", "POWEROFF", "FROZEN",
3169 	    "SPARE", "FAULTED", NULL
3170 	};
3171 
3172 	if (cid->cid_cpu != -1) {
3173 		if (addr != cid->cid_cpu && cpu->cpu_id != cid->cid_cpu)
3174 			return (WALK_NEXT);
3175 
3176 		/*
3177 		 * Set cid_cpu to -1 to indicate that we found a matching CPU.
3178 		 */
3179 		cid->cid_cpu = -1;
3180 		rval = WALK_DONE;
3181 	}
3182 
3183 	if (cid->cid_print_head) {
3184 		mdb_printf("%3s %-*s %3s %4s %4s %3s %4s %5s %-6s %-*s %s\n",
3185 		    "ID", CPUINFO_CPUWIDTH, "ADDR", "FLG", "NRUN", "BSPL",
3186 		    "PRI", "RNRN", "KRNRN", "SWITCH", CPUINFO_TWIDTH, "THREAD",
3187 		    "PROC");
3188 		cid->cid_print_head = FALSE;
3189 	}
3190 
3191 	bspl = cpu->cpu_base_spl;
3192 
3193 	if (mdb_vread(&disp, sizeof (disp_t), (uintptr_t)cpu->cpu_disp) == -1) {
3194 		mdb_warn("failed to read disp_t at %p", cpu->cpu_disp);
3195 		return (WALK_ERR);
3196 	}
3197 
3198 	mdb_printf("%3d %0*p %3x %4d %4d ",
3199 	    cpu->cpu_id, CPUINFO_CPUWIDTH, addr, cpu->cpu_flags,
3200 	    disp.disp_nrunnable, bspl);
3201 
3202 	if (mdb_vread(&t, sizeof (t), (uintptr_t)cpu->cpu_thread) != -1) {
3203 		mdb_printf("%3d ", t.t_pri);
3204 	} else {
3205 		mdb_printf("%3s ", "-");
3206 	}
3207 
3208 	mdb_printf("%4s %5s ", cpu->cpu_runrun ? "yes" : "no",
3209 	    cpu->cpu_kprunrun ? "yes" : "no");
3210 
3211 	if (cpu->cpu_last_swtch) {
3212 		clock_t lbolt;
3213 
3214 		if (mdb_vread(&lbolt, sizeof (lbolt), cid->cid_lbolt) == -1) {
3215 			mdb_warn("failed to read lbolt at %p", cid->cid_lbolt);
3216 			return (WALK_ERR);
3217 		}
3218 		mdb_printf("t-%-4d ", lbolt - cpu->cpu_last_swtch);
3219 	} else {
3220 		mdb_printf("%-6s ", "-");
3221 	}
3222 
3223 	mdb_printf("%0*p", CPUINFO_TWIDTH, cpu->cpu_thread);
3224 
3225 	if (cpu->cpu_thread == cpu->cpu_idle_thread)
3226 		mdb_printf(" (idle)\n");
3227 	else if (cpu->cpu_thread == NULL)
3228 		mdb_printf(" -\n");
3229 	else {
3230 		if (mdb_vread(&p, sizeof (p), (uintptr_t)t.t_procp) != -1) {
3231 			mdb_printf(" %s\n", p.p_user.u_comm);
3232 		} else {
3233 			mdb_printf(" ?\n");
3234 		}
3235 	}
3236 
3237 	flagbuf = mdb_zalloc(sizeof (flags), UM_SLEEP | UM_GC);
3238 
3239 	if (cid->cid_print_flags) {
3240 		int first = 1, i, j, k;
3241 		char *s;
3242 
3243 		cid->cid_print_head = TRUE;
3244 
3245 		for (i = 1, j = 0; flags[j] != NULL; i <<= 1, j++) {
3246 			if (!(cpu->cpu_flags & i))
3247 				continue;
3248 
3249 			if (first) {
3250 				s = mdb_alloc(CPUINFO_THRDELT + 1,
3251 				    UM_GC | UM_SLEEP);
3252 
3253 				(void) mdb_snprintf(s, CPUINFO_THRDELT + 1,
3254 				    "%*s|%*s", CPUINFO_FLAGDELT, "",
3255 				    CPUINFO_THRDELT - 1 - CPUINFO_FLAGDELT, "");
3256 				flagbuf[nflaglines++] = s;
3257 			}
3258 
3259 			s = mdb_alloc(CPUINFO_THRDELT + 1, UM_GC | UM_SLEEP);
3260 			(void) mdb_snprintf(s, CPUINFO_THRDELT + 1, "%*s%*s %s",
3261 			    CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH -
3262 			    CPUINFO_FLAGWIDTH, "", CPUINFO_FLAGWIDTH, flags[j],
3263 			    first ? "<--+" : "");
3264 
3265 			for (k = strlen(s); k < CPUINFO_THRDELT; k++)
3266 				s[k] = ' ';
3267 			s[k] = '\0';
3268 
3269 			flagbuf[nflaglines++] = s;
3270 			first = 0;
3271 		}
3272 	}
3273 
3274 	if (cid->cid_print_ithr) {
3275 		int i, found_one = FALSE;
3276 		int print_thr = disp.disp_nrunnable && cid->cid_print_thr;
3277 
3278 		for (i = NINTR - 1; i >= 0; i--) {
3279 			uintptr_t iaddr = cid->cid_ithr[cpu->cpu_id][i];
3280 
3281 			if (iaddr == NULL)
3282 				continue;
3283 
3284 			if (!found_one) {
3285 				found_one = TRUE;
3286 
3287 				CPUINFO_INDENT;
3288 				mdb_printf("%c%*s|\n", print_thr ? '|' : ' ',
3289 				    CPUINFO_ITHRDELT, "");
3290 
3291 				CPUINFO_INDENT;
3292 				mdb_printf("%c%*s+--> %3s %s\n",
3293 				    print_thr ? '|' : ' ', CPUINFO_ITHRDELT,
3294 				    "", "PIL", "THREAD");
3295 			}
3296 
3297 			if (mdb_vread(&t, sizeof (t), iaddr) == -1) {
3298 				mdb_warn("failed to read kthread_t at %p",
3299 				    iaddr);
3300 				return (WALK_ERR);
3301 			}
3302 
3303 			CPUINFO_INDENT;
3304 			mdb_printf("%c%*s     %3d %0*p\n",
3305 			    print_thr ? '|' : ' ', CPUINFO_ITHRDELT, "",
3306 			    t.t_pil, CPUINFO_TWIDTH, iaddr);
3307 
3308 			pinned = (uintptr_t)t.t_intr;
3309 		}
3310 
3311 		if (found_one && pinned != NULL) {
3312 			cid->cid_print_head = TRUE;
3313 			(void) strcpy(p.p_user.u_comm, "?");
3314 
3315 			if (mdb_vread(&t, sizeof (t),
3316 			    (uintptr_t)pinned) == -1) {
3317 				mdb_warn("failed to read kthread_t at %p",
3318 				    pinned);
3319 				return (WALK_ERR);
3320 			}
3321 			if (mdb_vread(&p, sizeof (p),
3322 			    (uintptr_t)t.t_procp) == -1) {
3323 				mdb_warn("failed to read proc_t at %p",
3324 				    t.t_procp);
3325 				return (WALK_ERR);
3326 			}
3327 
3328 			CPUINFO_INDENT;
3329 			mdb_printf("%c%*s     %3s %0*p %s\n",
3330 			    print_thr ? '|' : ' ', CPUINFO_ITHRDELT, "", "-",
3331 			    CPUINFO_TWIDTH, pinned,
3332 			    pinned == (uintptr_t)cpu->cpu_idle_thread ?
3333 			    "(idle)" : p.p_user.u_comm);
3334 		}
3335 	}
3336 
3337 	if (disp.disp_nrunnable && cid->cid_print_thr) {
3338 		dispq_t *dq;
3339 
3340 		int i, npri = disp.disp_npri;
3341 
3342 		dq = mdb_alloc(sizeof (dispq_t) * npri, UM_SLEEP | UM_GC);
3343 
3344 		if (mdb_vread(dq, sizeof (dispq_t) * npri,
3345 		    (uintptr_t)disp.disp_q) == -1) {
3346 			mdb_warn("failed to read dispq_t at %p", disp.disp_q);
3347 			return (WALK_ERR);
3348 		}
3349 
3350 		CPUINFO_INDENT;
3351 		mdb_printf("|\n");
3352 
3353 		CPUINFO_INDENT;
3354 		mdb_printf("+-->  %3s %-*s %s\n", "PRI",
3355 		    CPUINFO_TWIDTH, "THREAD", "PROC");
3356 
3357 		for (i = npri - 1; i >= 0; i--) {
3358 			uintptr_t taddr = (uintptr_t)dq[i].dq_first;
3359 
3360 			while (taddr != NULL) {
3361 				if (mdb_vread(&t, sizeof (t), taddr) == -1) {
3362 					mdb_warn("failed to read kthread_t "
3363 					    "at %p", taddr);
3364 					return (WALK_ERR);
3365 				}
3366 				if (mdb_vread(&p, sizeof (p),
3367 				    (uintptr_t)t.t_procp) == -1) {
3368 					mdb_warn("failed to read proc_t at %p",
3369 					    t.t_procp);
3370 					return (WALK_ERR);
3371 				}
3372 
3373 				CPUINFO_INDENT;
3374 				mdb_printf("      %3d %0*p %s\n", t.t_pri,
3375 				    CPUINFO_TWIDTH, taddr, p.p_user.u_comm);
3376 
3377 				taddr = (uintptr_t)t.t_link;
3378 			}
3379 		}
3380 		cid->cid_print_head = TRUE;
3381 	}
3382 
3383 	while (flagline < nflaglines)
3384 		mdb_printf("%s\n", flagbuf[flagline++]);
3385 
3386 	if (cid->cid_print_head)
3387 		mdb_printf("\n");
3388 
3389 	return (rval);
3390 }
3391 
3392 int
3393 cpuinfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3394 {
3395 	uint_t verbose = FALSE;
3396 	cpuinfo_data_t cid;
3397 	GElf_Sym sym;
3398 	clock_t lbolt;
3399 
3400 	cid.cid_print_ithr = FALSE;
3401 	cid.cid_print_thr = FALSE;
3402 	cid.cid_print_flags = FALSE;
3403 	cid.cid_print_head = DCMD_HDRSPEC(flags) ? TRUE : FALSE;
3404 	cid.cid_cpu = -1;
3405 
3406 	if (flags & DCMD_ADDRSPEC)
3407 		cid.cid_cpu = addr;
3408 
3409 	if (mdb_getopts(argc, argv,
3410 	    'v', MDB_OPT_SETBITS, TRUE, &verbose, NULL) != argc)
3411 		return (DCMD_USAGE);
3412 
3413 	if (verbose) {
3414 		cid.cid_print_ithr = TRUE;
3415 		cid.cid_print_thr = TRUE;
3416 		cid.cid_print_flags = TRUE;
3417 		cid.cid_print_head = TRUE;
3418 	}
3419 
3420 	if (cid.cid_print_ithr) {
3421 		int i;
3422 
3423 		cid.cid_ithr = mdb_alloc(sizeof (uintptr_t **)
3424 		    * NCPU, UM_SLEEP | UM_GC);
3425 
3426 		for (i = 0; i < NCPU; i++)
3427 			cid.cid_ithr[i] = mdb_zalloc(sizeof (uintptr_t *) *
3428 			    NINTR, UM_SLEEP | UM_GC);
3429 
3430 		if (mdb_walk("thread", (mdb_walk_cb_t)cpuinfo_walk_ithread,
3431 		    &cid) == -1) {
3432 			mdb_warn("couldn't walk thread");
3433 			return (DCMD_ERR);
3434 		}
3435 	}
3436 
3437 	if (mdb_lookup_by_name("panic_lbolt", &sym) == -1) {
3438 		mdb_warn("failed to find panic_lbolt");
3439 		return (DCMD_ERR);
3440 	}
3441 
3442 	cid.cid_lbolt = (uintptr_t)sym.st_value;
3443 
3444 	if (mdb_vread(&lbolt, sizeof (lbolt), cid.cid_lbolt) == -1) {
3445 		mdb_warn("failed to read panic_lbolt");
3446 		return (DCMD_ERR);
3447 	}
3448 
3449 	if (lbolt == 0) {
3450 		if (mdb_lookup_by_name("lbolt", &sym) == -1) {
3451 			mdb_warn("failed to find lbolt");
3452 			return (DCMD_ERR);
3453 		}
3454 		cid.cid_lbolt = (uintptr_t)sym.st_value;
3455 	}
3456 
3457 	if (mdb_walk("cpu", (mdb_walk_cb_t)cpuinfo_walk_cpu, &cid) == -1) {
3458 		mdb_warn("can't walk cpus");
3459 		return (DCMD_ERR);
3460 	}
3461 
3462 	if (cid.cid_cpu != -1) {
3463 		/*
3464 		 * We didn't find this CPU when we walked through the CPUs
3465 		 * (i.e. the address specified doesn't show up in the "cpu"
3466 		 * walk).  However, the specified address may still correspond
3467 		 * to a valid cpu_t (for example, if the specified address is
3468 		 * the actual panicking cpu_t and not the cached panic_cpu).
3469 		 * Point is:  even if we didn't find it, we still want to try
3470 		 * to print the specified address as a cpu_t.
3471 		 */
3472 		cpu_t cpu;
3473 
3474 		if (mdb_vread(&cpu, sizeof (cpu), cid.cid_cpu) == -1) {
3475 			mdb_warn("%p is neither a valid CPU ID nor a "
3476 			    "valid cpu_t address\n", cid.cid_cpu);
3477 			return (DCMD_ERR);
3478 		}
3479 
3480 		(void) cpuinfo_walk_cpu(cid.cid_cpu, &cpu, &cid);
3481 	}
3482 
3483 	return (DCMD_OK);
3484 }
3485 
3486 /*ARGSUSED*/
3487 int
3488 flipone(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3489 {
3490 	int i;
3491 
3492 	if (!(flags & DCMD_ADDRSPEC))
3493 		return (DCMD_USAGE);
3494 
3495 	for (i = 0; i < sizeof (addr) * NBBY; i++)
3496 		mdb_printf("%p\n", addr ^ (1UL << i));
3497 
3498 	return (DCMD_OK);
3499 }
3500 
3501 /*
3502  * Grumble, grumble.
3503  */
3504 #define	SMAP_HASHFUNC(vp, off)	\
3505 	((((uintptr_t)(vp) >> 6) + ((uintptr_t)(vp) >> 3) + \
3506 	((off) >> MAXBSHIFT)) & smd_hashmsk)
3507 
3508 int
3509 vnode2smap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3510 {
3511 	long smd_hashmsk;
3512 	int hash;
3513 	uintptr_t offset = 0;
3514 	struct smap smp;
3515 	uintptr_t saddr, kaddr;
3516 	uintptr_t smd_hash, smd_smap;
3517 	struct seg seg;
3518 
3519 	if (!(flags & DCMD_ADDRSPEC))
3520 		return (DCMD_USAGE);
3521 
3522 	if (mdb_readvar(&smd_hashmsk, "smd_hashmsk") == -1) {
3523 		mdb_warn("failed to read smd_hashmsk");
3524 		return (DCMD_ERR);
3525 	}
3526 
3527 	if (mdb_readvar(&smd_hash, "smd_hash") == -1) {
3528 		mdb_warn("failed to read smd_hash");
3529 		return (DCMD_ERR);
3530 	}
3531 
3532 	if (mdb_readvar(&smd_smap, "smd_smap") == -1) {
3533 		mdb_warn("failed to read smd_hash");
3534 		return (DCMD_ERR);
3535 	}
3536 
3537 	if (mdb_readvar(&kaddr, "segkmap") == -1) {
3538 		mdb_warn("failed to read segkmap");
3539 		return (DCMD_ERR);
3540 	}
3541 
3542 	if (mdb_vread(&seg, sizeof (seg), kaddr) == -1) {
3543 		mdb_warn("failed to read segkmap at %p", kaddr);
3544 		return (DCMD_ERR);
3545 	}
3546 
3547 	if (argc != 0) {
3548 		const mdb_arg_t *arg = &argv[0];
3549 
3550 		if (arg->a_type == MDB_TYPE_IMMEDIATE)
3551 			offset = arg->a_un.a_val;
3552 		else
3553 			offset = (uintptr_t)mdb_strtoull(arg->a_un.a_str);
3554 	}
3555 
3556 	hash = SMAP_HASHFUNC(addr, offset);
3557 
3558 	if (mdb_vread(&saddr, sizeof (saddr),
3559 	    smd_hash + hash * sizeof (uintptr_t)) == -1) {
3560 		mdb_warn("couldn't read smap at %p",
3561 		    smd_hash + hash * sizeof (uintptr_t));
3562 		return (DCMD_ERR);
3563 	}
3564 
3565 	do {
3566 		if (mdb_vread(&smp, sizeof (smp), saddr) == -1) {
3567 			mdb_warn("couldn't read smap at %p", saddr);
3568 			return (DCMD_ERR);
3569 		}
3570 
3571 		if ((uintptr_t)smp.sm_vp == addr && smp.sm_off == offset) {
3572 			mdb_printf("vnode %p, offs %p is smap %p, vaddr %p\n",
3573 			    addr, offset, saddr, ((saddr - smd_smap) /
3574 			    sizeof (smp)) * MAXBSIZE + seg.s_base);
3575 			return (DCMD_OK);
3576 		}
3577 
3578 		saddr = (uintptr_t)smp.sm_hash;
3579 	} while (saddr != NULL);
3580 
3581 	mdb_printf("no smap for vnode %p, offs %p\n", addr, offset);
3582 	return (DCMD_OK);
3583 }
3584 
3585 /*ARGSUSED*/
3586 int
3587 addr2smap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3588 {
3589 	uintptr_t kaddr;
3590 	struct seg seg;
3591 	struct segmap_data sd;
3592 
3593 	if (!(flags & DCMD_ADDRSPEC))
3594 		return (DCMD_USAGE);
3595 
3596 	if (mdb_readvar(&kaddr, "segkmap") == -1) {
3597 		mdb_warn("failed to read segkmap");
3598 		return (DCMD_ERR);
3599 	}
3600 
3601 	if (mdb_vread(&seg, sizeof (seg), kaddr) == -1) {
3602 		mdb_warn("failed to read segkmap at %p", kaddr);
3603 		return (DCMD_ERR);
3604 	}
3605 
3606 	if (mdb_vread(&sd, sizeof (sd), (uintptr_t)seg.s_data) == -1) {
3607 		mdb_warn("failed to read segmap_data at %p", seg.s_data);
3608 		return (DCMD_ERR);
3609 	}
3610 
3611 	mdb_printf("%p is smap %p\n", addr,
3612 	    ((addr - (uintptr_t)seg.s_base) >> MAXBSHIFT) *
3613 	    sizeof (struct smap) + (uintptr_t)sd.smd_sm);
3614 
3615 	return (DCMD_OK);
3616 }
3617 
3618 int
3619 as2proc_walk(uintptr_t addr, const proc_t *p, struct as **asp)
3620 {
3621 	if (p->p_as == *asp)
3622 		mdb_printf("%p\n", addr);
3623 	return (WALK_NEXT);
3624 }
3625 
3626 /*ARGSUSED*/
3627 int
3628 as2proc(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3629 {
3630 	if (!(flags & DCMD_ADDRSPEC) || argc != 0)
3631 		return (DCMD_USAGE);
3632 
3633 	if (mdb_walk("proc", (mdb_walk_cb_t)as2proc_walk, &addr) == -1) {
3634 		mdb_warn("failed to walk proc");
3635 		return (DCMD_ERR);
3636 	}
3637 
3638 	return (DCMD_OK);
3639 }
3640 
3641 /*ARGSUSED*/
3642 int
3643 ptree_walk(uintptr_t addr, const proc_t *p, void *ignored)
3644 {
3645 	proc_t parent;
3646 	int ident = 0;
3647 	uintptr_t paddr;
3648 
3649 	for (paddr = (uintptr_t)p->p_parent; paddr != NULL; ident += 5) {
3650 		mdb_vread(&parent, sizeof (parent), paddr);
3651 		paddr = (uintptr_t)parent.p_parent;
3652 	}
3653 
3654 	mdb_inc_indent(ident);
3655 	mdb_printf("%0?p  %s\n", addr, p->p_user.u_comm);
3656 	mdb_dec_indent(ident);
3657 
3658 	return (WALK_NEXT);
3659 }
3660 
3661 void
3662 ptree_ancestors(uintptr_t addr, uintptr_t start)
3663 {
3664 	proc_t p;
3665 
3666 	if (mdb_vread(&p, sizeof (p), addr) == -1) {
3667 		mdb_warn("couldn't read ancestor at %p", addr);
3668 		return;
3669 	}
3670 
3671 	if (p.p_parent != NULL)
3672 		ptree_ancestors((uintptr_t)p.p_parent, start);
3673 
3674 	if (addr != start)
3675 		(void) ptree_walk(addr, &p, NULL);
3676 }
3677 
3678 /*ARGSUSED*/
3679 int
3680 ptree(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3681 {
3682 	if (!(flags & DCMD_ADDRSPEC))
3683 		addr = NULL;
3684 	else
3685 		ptree_ancestors(addr, addr);
3686 
3687 	if (mdb_pwalk("proc", (mdb_walk_cb_t)ptree_walk, NULL, addr) == -1) {
3688 		mdb_warn("couldn't walk 'proc'");
3689 		return (DCMD_ERR);
3690 	}
3691 
3692 	return (DCMD_OK);
3693 }
3694 
3695 /*ARGSUSED*/
3696 static int
3697 fd(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3698 {
3699 	int fdnum;
3700 	const mdb_arg_t *argp = &argv[0];
3701 	proc_t p;
3702 	uf_entry_t uf;
3703 
3704 	if ((flags & DCMD_ADDRSPEC) == 0) {
3705 		mdb_warn("fd doesn't give global information\n");
3706 		return (DCMD_ERR);
3707 	}
3708 	if (argc != 1)
3709 		return (DCMD_USAGE);
3710 
3711 	if (argp->a_type == MDB_TYPE_IMMEDIATE)
3712 		fdnum = argp->a_un.a_val;
3713 	else
3714 		fdnum = mdb_strtoull(argp->a_un.a_str);
3715 
3716 	if (mdb_vread(&p, sizeof (struct proc), addr) == -1) {
3717 		mdb_warn("couldn't read proc_t at %p", addr);
3718 		return (DCMD_ERR);
3719 	}
3720 	if (fdnum > p.p_user.u_finfo.fi_nfiles) {
3721 		mdb_warn("process %p only has %d files open.\n",
3722 		    addr, p.p_user.u_finfo.fi_nfiles);
3723 		return (DCMD_ERR);
3724 	}
3725 	if (mdb_vread(&uf, sizeof (uf_entry_t),
3726 	    (uintptr_t)&p.p_user.u_finfo.fi_list[fdnum]) == -1) {
3727 		mdb_warn("couldn't read uf_entry_t at %p",
3728 		    &p.p_user.u_finfo.fi_list[fdnum]);
3729 		return (DCMD_ERR);
3730 	}
3731 
3732 	mdb_printf("%p\n", uf.uf_file);
3733 	return (DCMD_OK);
3734 }
3735 
3736 /*ARGSUSED*/
3737 static int
3738 pid2proc(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3739 {
3740 	pid_t pid = (pid_t)addr;
3741 
3742 	if (argc != 0)
3743 		return (DCMD_USAGE);
3744 
3745 	if ((addr = mdb_pid2proc(pid, NULL)) == NULL) {
3746 		mdb_warn("PID 0t%d not found\n", pid);
3747 		return (DCMD_ERR);
3748 	}
3749 
3750 	mdb_printf("%p\n", addr);
3751 	return (DCMD_OK);
3752 }
3753 
3754 static char *sysfile_cmd[] = {
3755 	"exclude:",
3756 	"include:",
3757 	"forceload:",
3758 	"rootdev:",
3759 	"rootfs:",
3760 	"swapdev:",
3761 	"swapfs:",
3762 	"moddir:",
3763 	"set",
3764 	"unknown",
3765 };
3766 
3767 static char *sysfile_ops[] = { "", "=", "&", "|" };
3768 
3769 /*ARGSUSED*/
3770 static int
3771 sysfile_vmem_seg(uintptr_t addr, const vmem_seg_t *vsp, void **target)
3772 {
3773 	if (vsp->vs_type == VMEM_ALLOC && (void *)vsp->vs_start == *target) {
3774 		*target = NULL;
3775 		return (WALK_DONE);
3776 	}
3777 	return (WALK_NEXT);
3778 }
3779 
3780 /*ARGSUSED*/
3781 static int
3782 sysfile(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3783 {
3784 	struct sysparam *sysp, sys;
3785 	char var[256];
3786 	char modname[256];
3787 	char val[256];
3788 	char strval[256];
3789 	vmem_t *mod_sysfile_arena;
3790 	void *straddr;
3791 
3792 	if (mdb_readvar(&sysp, "sysparam_hd") == -1) {
3793 		mdb_warn("failed to read sysparam_hd");
3794 		return (DCMD_ERR);
3795 	}
3796 
3797 	if (mdb_readvar(&mod_sysfile_arena, "mod_sysfile_arena") == -1) {
3798 		mdb_warn("failed to read mod_sysfile_arena");
3799 		return (DCMD_ERR);
3800 	}
3801 
3802 	while (sysp != NULL) {
3803 		var[0] = '\0';
3804 		val[0] = '\0';
3805 		modname[0] = '\0';
3806 		if (mdb_vread(&sys, sizeof (sys), (uintptr_t)sysp) == -1) {
3807 			mdb_warn("couldn't read sysparam %p", sysp);
3808 			return (DCMD_ERR);
3809 		}
3810 		if (sys.sys_modnam != NULL &&
3811 		    mdb_readstr(modname, 256,
3812 		    (uintptr_t)sys.sys_modnam) == -1) {
3813 			mdb_warn("couldn't read modname in %p", sysp);
3814 			return (DCMD_ERR);
3815 		}
3816 		if (sys.sys_ptr != NULL &&
3817 		    mdb_readstr(var, 256, (uintptr_t)sys.sys_ptr) == -1) {
3818 			mdb_warn("couldn't read ptr in %p", sysp);
3819 			return (DCMD_ERR);
3820 		}
3821 		if (sys.sys_op != SETOP_NONE) {
3822 			/*
3823 			 * Is this an int or a string?  We determine this
3824 			 * by checking whether straddr is contained in
3825 			 * mod_sysfile_arena.  If so, the walker will set
3826 			 * straddr to NULL.
3827 			 */
3828 			straddr = (void *)(uintptr_t)sys.sys_info;
3829 			if (sys.sys_op == SETOP_ASSIGN &&
3830 			    sys.sys_info != 0 &&
3831 			    mdb_pwalk("vmem_seg",
3832 			    (mdb_walk_cb_t)sysfile_vmem_seg, &straddr,
3833 			    (uintptr_t)mod_sysfile_arena) == 0 &&
3834 			    straddr == NULL &&
3835 			    mdb_readstr(strval, 256,
3836 			    (uintptr_t)sys.sys_info) != -1) {
3837 				(void) mdb_snprintf(val, sizeof (val), "\"%s\"",
3838 				    strval);
3839 			} else {
3840 				(void) mdb_snprintf(val, sizeof (val),
3841 				    "0x%llx [0t%llu]", sys.sys_info,
3842 				    sys.sys_info);
3843 			}
3844 		}
3845 		mdb_printf("%s %s%s%s%s%s\n", sysfile_cmd[sys.sys_type],
3846 		    modname, modname[0] == '\0' ? "" : ":",
3847 		    var, sysfile_ops[sys.sys_op], val);
3848 
3849 		sysp = sys.sys_next;
3850 	}
3851 
3852 	return (DCMD_OK);
3853 }
3854 
3855 int
3856 didmatch(uintptr_t addr, const kthread_t *thr, kt_did_t *didp)
3857 {
3858 
3859 	if (*didp == thr->t_did) {
3860 		mdb_printf("%p\n", addr);
3861 		return (WALK_DONE);
3862 	} else
3863 		return (WALK_NEXT);
3864 }
3865 
3866 /*ARGSUSED*/
3867 int
3868 did2thread(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3869 {
3870 	const mdb_arg_t *argp = &argv[0];
3871 	kt_did_t	did;
3872 
3873 	if (argc != 1)
3874 		return (DCMD_USAGE);
3875 
3876 	did = (kt_did_t)mdb_strtoull(argp->a_un.a_str);
3877 
3878 	if (mdb_walk("thread", (mdb_walk_cb_t)didmatch, (void *)&did) == -1) {
3879 		mdb_warn("failed to walk thread");
3880 		return (DCMD_ERR);
3881 
3882 	}
3883 	return (DCMD_OK);
3884 
3885 }
3886 
3887 static int
3888 errorq_walk_init(mdb_walk_state_t *wsp)
3889 {
3890 	if (wsp->walk_addr == NULL &&
3891 	    mdb_readvar(&wsp->walk_addr, "errorq_list") == -1) {
3892 		mdb_warn("failed to read errorq_list");
3893 		return (WALK_ERR);
3894 	}
3895 
3896 	return (WALK_NEXT);
3897 }
3898 
3899 static int
3900 errorq_walk_step(mdb_walk_state_t *wsp)
3901 {
3902 	uintptr_t addr = wsp->walk_addr;
3903 	errorq_t eq;
3904 
3905 	if (addr == NULL)
3906 		return (WALK_DONE);
3907 
3908 	if (mdb_vread(&eq, sizeof (eq), addr) == -1) {
3909 		mdb_warn("failed to read errorq at %p", addr);
3910 		return (WALK_ERR);
3911 	}
3912 
3913 	wsp->walk_addr = (uintptr_t)eq.eq_next;
3914 	return (wsp->walk_callback(addr, &eq, wsp->walk_cbdata));
3915 }
3916 
3917 typedef struct eqd_walk_data {
3918 	uintptr_t *eqd_stack;
3919 	void *eqd_buf;
3920 	ulong_t eqd_qpos;
3921 	ulong_t eqd_qlen;
3922 	size_t eqd_size;
3923 } eqd_walk_data_t;
3924 
3925 /*
3926  * In order to walk the list of pending error queue elements, we push the
3927  * addresses of the corresponding data buffers in to the eqd_stack array.
3928  * The error lists are in reverse chronological order when iterating using
3929  * eqe_prev, so we then pop things off the top in eqd_walk_step so that the
3930  * walker client gets addresses in order from oldest error to newest error.
3931  */
3932 static void
3933 eqd_push_list(eqd_walk_data_t *eqdp, uintptr_t addr)
3934 {
3935 	errorq_elem_t eqe;
3936 
3937 	while (addr != NULL) {
3938 		if (mdb_vread(&eqe, sizeof (eqe), addr) != sizeof (eqe)) {
3939 			mdb_warn("failed to read errorq element at %p", addr);
3940 			break;
3941 		}
3942 
3943 		if (eqdp->eqd_qpos == eqdp->eqd_qlen) {
3944 			mdb_warn("errorq is overfull -- more than %lu "
3945 			    "elems found\n", eqdp->eqd_qlen);
3946 			break;
3947 		}
3948 
3949 		eqdp->eqd_stack[eqdp->eqd_qpos++] = (uintptr_t)eqe.eqe_data;
3950 		addr = (uintptr_t)eqe.eqe_prev;
3951 	}
3952 }
3953 
3954 static int
3955 eqd_walk_init(mdb_walk_state_t *wsp)
3956 {
3957 	eqd_walk_data_t *eqdp;
3958 	errorq_elem_t eqe, *addr;
3959 	errorq_t eq;
3960 	ulong_t i;
3961 
3962 	if (mdb_vread(&eq, sizeof (eq), wsp->walk_addr) == -1) {
3963 		mdb_warn("failed to read errorq at %p", wsp->walk_addr);
3964 		return (WALK_ERR);
3965 	}
3966 
3967 	if (eq.eq_ptail != NULL &&
3968 	    mdb_vread(&eqe, sizeof (eqe), (uintptr_t)eq.eq_ptail) == -1) {
3969 		mdb_warn("failed to read errorq element at %p", eq.eq_ptail);
3970 		return (WALK_ERR);
3971 	}
3972 
3973 	eqdp = mdb_alloc(sizeof (eqd_walk_data_t), UM_SLEEP);
3974 	wsp->walk_data = eqdp;
3975 
3976 	eqdp->eqd_stack = mdb_zalloc(sizeof (uintptr_t) * eq.eq_qlen, UM_SLEEP);
3977 	eqdp->eqd_buf = mdb_alloc(eq.eq_size, UM_SLEEP);
3978 	eqdp->eqd_qlen = eq.eq_qlen;
3979 	eqdp->eqd_qpos = 0;
3980 	eqdp->eqd_size = eq.eq_size;
3981 
3982 	/*
3983 	 * The newest elements in the queue are on the pending list, so we
3984 	 * push those on to our stack first.
3985 	 */
3986 	eqd_push_list(eqdp, (uintptr_t)eq.eq_pend);
3987 
3988 	/*
3989 	 * If eq_ptail is set, it may point to a subset of the errors on the
3990 	 * pending list in the event a casptr() failed; if ptail's data is
3991 	 * already in our stack, NULL out eq_ptail and ignore it.
3992 	 */
3993 	if (eq.eq_ptail != NULL) {
3994 		for (i = 0; i < eqdp->eqd_qpos; i++) {
3995 			if (eqdp->eqd_stack[i] == (uintptr_t)eqe.eqe_data) {
3996 				eq.eq_ptail = NULL;
3997 				break;
3998 			}
3999 		}
4000 	}
4001 
4002 	/*
4003 	 * If eq_phead is set, it has the processing list in order from oldest
4004 	 * to newest.  Use this to recompute eq_ptail as best we can and then
4005 	 * we nicely fall into eqd_push_list() of eq_ptail below.
4006 	 */
4007 	for (addr = eq.eq_phead; addr != NULL && mdb_vread(&eqe, sizeof (eqe),
4008 	    (uintptr_t)addr) == sizeof (eqe); addr = eqe.eqe_next)
4009 		eq.eq_ptail = addr;
4010 
4011 	/*
4012 	 * The oldest elements in the queue are on the processing list, subject
4013 	 * to machinations in the if-clauses above.  Push any such elements.
4014 	 */
4015 	eqd_push_list(eqdp, (uintptr_t)eq.eq_ptail);
4016 	return (WALK_NEXT);
4017 }
4018 
4019 static int
4020 eqd_walk_step(mdb_walk_state_t *wsp)
4021 {
4022 	eqd_walk_data_t *eqdp = wsp->walk_data;
4023 	uintptr_t addr;
4024 
4025 	if (eqdp->eqd_qpos == 0)
4026 		return (WALK_DONE);
4027 
4028 	addr = eqdp->eqd_stack[--eqdp->eqd_qpos];
4029 
4030 	if (mdb_vread(eqdp->eqd_buf, eqdp->eqd_size, addr) != eqdp->eqd_size) {
4031 		mdb_warn("failed to read errorq data at %p", addr);
4032 		return (WALK_ERR);
4033 	}
4034 
4035 	return (wsp->walk_callback(addr, eqdp->eqd_buf, wsp->walk_cbdata));
4036 }
4037 
4038 static void
4039 eqd_walk_fini(mdb_walk_state_t *wsp)
4040 {
4041 	eqd_walk_data_t *eqdp = wsp->walk_data;
4042 
4043 	mdb_free(eqdp->eqd_stack, sizeof (uintptr_t) * eqdp->eqd_qlen);
4044 	mdb_free(eqdp->eqd_buf, eqdp->eqd_size);
4045 	mdb_free(eqdp, sizeof (eqd_walk_data_t));
4046 }
4047 
4048 #define	EQKSVAL(eqv, what) (eqv.eq_kstat.what.value.ui64)
4049 
4050 static int
4051 errorq(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
4052 {
4053 	int i;
4054 	errorq_t eq;
4055 	uint_t opt_v = FALSE;
4056 
4057 	if (!(flags & DCMD_ADDRSPEC)) {
4058 		if (mdb_walk_dcmd("errorq", "errorq", argc, argv) == -1) {
4059 			mdb_warn("can't walk 'errorq'");
4060 			return (DCMD_ERR);
4061 		}
4062 		return (DCMD_OK);
4063 	}
4064 
4065 	i = mdb_getopts(argc, argv, 'v', MDB_OPT_SETBITS, TRUE, &opt_v, NULL);
4066 	argc -= i;
4067 	argv += i;
4068 
4069 	if (argc != 0)
4070 		return (DCMD_USAGE);
4071 
4072 	if (opt_v || DCMD_HDRSPEC(flags)) {
4073 		mdb_printf("%<u>%-11s %-16s %1s %1s %1s ",
4074 		    "ADDR", "NAME", "S", "V", "N");
4075 		if (!opt_v) {
4076 			mdb_printf("%7s %7s %7s%</u>\n",
4077 			    "ACCEPT", "DROP", "LOG");
4078 		} else {
4079 			mdb_printf("%5s %6s %6s %3s %16s%</u>\n",
4080 			    "KSTAT", "QLEN", "SIZE", "IPL", "FUNC");
4081 		}
4082 	}
4083 
4084 	if (mdb_vread(&eq, sizeof (eq), addr) != sizeof (eq)) {
4085 		mdb_warn("failed to read errorq at %p", addr);
4086 		return (DCMD_ERR);
4087 	}
4088 
4089 	mdb_printf("%-11p %-16s %c %c %c ", addr, eq.eq_name,
4090 	    (eq.eq_flags & ERRORQ_ACTIVE) ? '+' : '-',
4091 	    (eq.eq_flags & ERRORQ_VITAL) ? '!' : ' ',
4092 	    (eq.eq_flags & ERRORQ_NVLIST) ? '*' : ' ');
4093 
4094 	if (!opt_v) {
4095 		mdb_printf("%7llu %7llu %7llu\n",
4096 		    EQKSVAL(eq, eqk_dispatched) + EQKSVAL(eq, eqk_committed),
4097 		    EQKSVAL(eq, eqk_dropped) + EQKSVAL(eq, eqk_reserve_fail) +
4098 		    EQKSVAL(eq, eqk_commit_fail), EQKSVAL(eq, eqk_logged));
4099 	} else {
4100 		mdb_printf("%5s %6lu %6lu %3u %a\n",
4101 		    "  |  ", eq.eq_qlen, eq.eq_size, eq.eq_ipl, eq.eq_func);
4102 		mdb_printf("%38s\n%41s"
4103 		    "%12s %llu\n"
4104 		    "%53s %llu\n"
4105 		    "%53s %llu\n"
4106 		    "%53s %llu\n"
4107 		    "%53s %llu\n"
4108 		    "%53s %llu\n"
4109 		    "%53s %llu\n"
4110 		    "%53s %llu\n\n",
4111 		    "|", "+-> ",
4112 		    "DISPATCHED",	EQKSVAL(eq, eqk_dispatched),
4113 		    "DROPPED",		EQKSVAL(eq, eqk_dropped),
4114 		    "LOGGED",		EQKSVAL(eq, eqk_logged),
4115 		    "RESERVED",		EQKSVAL(eq, eqk_reserved),
4116 		    "RESERVE FAIL",	EQKSVAL(eq, eqk_reserve_fail),
4117 		    "COMMITTED",	EQKSVAL(eq, eqk_committed),
4118 		    "COMMIT FAIL",	EQKSVAL(eq, eqk_commit_fail),
4119 		    "CANCELLED",	EQKSVAL(eq, eqk_cancelled));
4120 	}
4121 
4122 	return (DCMD_OK);
4123 }
4124 
4125 /*ARGSUSED*/
4126 static int
4127 panicinfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
4128 {
4129 	cpu_t panic_cpu;
4130 	kthread_t *panic_thread;
4131 	void *buf;
4132 	panic_data_t *pd;
4133 	int i, n;
4134 
4135 	if (!mdb_prop_postmortem) {
4136 		mdb_warn("panicinfo can only be run on a system "
4137 		    "dump; see dumpadm(1M)\n");
4138 		return (DCMD_ERR);
4139 	}
4140 
4141 	if (flags & DCMD_ADDRSPEC || argc != 0)
4142 		return (DCMD_USAGE);
4143 
4144 	if (mdb_readsym(&panic_cpu, sizeof (cpu_t), "panic_cpu") == -1)
4145 		mdb_warn("failed to read 'panic_cpu'");
4146 	else
4147 		mdb_printf("%16s %?d\n", "cpu", panic_cpu.cpu_id);
4148 
4149 	if (mdb_readvar(&panic_thread, "panic_thread") == -1)
4150 		mdb_warn("failed to read 'panic_thread'");
4151 	else
4152 		mdb_printf("%16s %?p\n", "thread", panic_thread);
4153 
4154 	buf = mdb_alloc(PANICBUFSIZE, UM_SLEEP);
4155 	pd = (panic_data_t *)buf;
4156 
4157 	if (mdb_readsym(buf, PANICBUFSIZE, "panicbuf") == -1 ||
4158 	    pd->pd_version != PANICBUFVERS) {
4159 		mdb_warn("failed to read 'panicbuf'");
4160 		mdb_free(buf, PANICBUFSIZE);
4161 		return (DCMD_ERR);
4162 	}
4163 
4164 	mdb_printf("%16s %s\n", "message",  (char *)buf + pd->pd_msgoff);
4165 
4166 	n = (pd->pd_msgoff - (sizeof (panic_data_t) -
4167 	    sizeof (panic_nv_t))) / sizeof (panic_nv_t);
4168 
4169 	for (i = 0; i < n; i++)
4170 		mdb_printf("%16s %?llx\n",
4171 		    pd->pd_nvdata[i].pnv_name, pd->pd_nvdata[i].pnv_value);
4172 
4173 	mdb_free(buf, PANICBUFSIZE);
4174 	return (DCMD_OK);
4175 }
4176 
4177 static const mdb_dcmd_t dcmds[] = {
4178 
4179 	/* from genunix.c */
4180 	{ "addr2smap", ":[offset]", "translate address to smap", addr2smap },
4181 	{ "as2proc", ":", "convert as to proc_t address", as2proc },
4182 	{ "binding_hash_entry", ":", "print driver names hash table entry",
4183 		binding_hash_entry },
4184 	{ "callout", "?[-r|n] [-s|l] [-xhB] [-t | -ab nsec [-dkD]]"
4185 	    " [-C addr | -S seqid] [-f name|addr] [-p name| addr] [-T|L [-E]]"
4186 	    " [-FivVA]",
4187 	    "display callouts", callout, callout_help },
4188 	{ "calloutid", "[-d|v] xid", "print callout by extended id",
4189 	    calloutid, calloutid_help },
4190 	{ "class", NULL, "print process scheduler classes", class },
4191 	{ "cpuinfo", "?[-v]", "print CPUs and runnable threads", cpuinfo },
4192 	{ "did2thread", "? kt_did", "find kernel thread for this id",
4193 		did2thread },
4194 	{ "errorq", "?[-v]", "display kernel error queues", errorq },
4195 	{ "fd", ":[fd num]", "get a file pointer from an fd", fd },
4196 	{ "flipone", ":", "the vik_rev_level 2 special", flipone },
4197 	{ "lminfo", NULL, "print lock manager information", lminfo },
4198 	{ "ndi_event_hdl", "?", "print ndi_event_hdl", ndi_event_hdl },
4199 	{ "panicinfo", NULL, "print panic information", panicinfo },
4200 	{ "pid2proc", "?", "convert PID to proc_t address", pid2proc },
4201 	{ "pmap", ":[-q]", "print process memory map", pmap },
4202 	{ "project", NULL, "display kernel project(s)", project },
4203 	{ "ps", "[-fltzTP]", "list processes (and associated thr,lwp)", ps },
4204 	{ "pgrep", "[-x] [-n | -o] pattern",
4205 		"pattern match against all processes", pgrep },
4206 	{ "ptree", NULL, "print process tree", ptree },
4207 	{ "seg", ":", "print address space segment", seg },
4208 	{ "sysevent", "?[-sv]", "print sysevent pending or sent queue",
4209 		sysevent},
4210 	{ "sysevent_channel", "?", "print sysevent channel database",
4211 		sysevent_channel},
4212 	{ "sysevent_class_list", ":", "print sysevent class list",
4213 		sysevent_class_list},
4214 	{ "sysevent_subclass_list", ":",
4215 		"print sysevent subclass list", sysevent_subclass_list},
4216 	{ "system", NULL, "print contents of /etc/system file", sysfile },
4217 	{ "task", NULL, "display kernel task(s)", task },
4218 	{ "vnode2path", ":[-F]", "vnode address to pathname", vnode2path },
4219 	{ "vnode2smap", ":[offset]", "translate vnode to smap", vnode2smap },
4220 	{ "whereopen", ":", "given a vnode, dumps procs which have it open",
4221 	    whereopen },
4222 
4223 	/* from bio.c */
4224 	{ "bufpagefind", ":addr", "find page_t on buf_t list", bufpagefind },
4225 
4226 	/* from bitset.c */
4227 	{ "bitset", ":", "display a bitset", bitset, bitset_help },
4228 
4229 	/* from contract.c */
4230 	{ "contract", "?", "display a contract", cmd_contract },
4231 	{ "ctevent", ":", "display a contract event", cmd_ctevent },
4232 	{ "ctid", ":", "convert id to a contract pointer", cmd_ctid },
4233 
4234 	/* from cpupart.c */
4235 	{ "cpupart", "?[-v]", "print cpu partition info", cpupart },
4236 
4237 	/* from cyclic.c */
4238 	{ "cyccover", NULL, "dump cyclic coverage information", cyccover },
4239 	{ "cycid", "?", "dump a cyclic id", cycid },
4240 	{ "cycinfo", "?", "dump cyc_cpu info", cycinfo },
4241 	{ "cyclic", ":", "developer information", cyclic },
4242 	{ "cyctrace", "?", "dump cyclic trace buffer", cyctrace },
4243 
4244 	/* from damap.c */
4245 	{ "damap", ":", "display a damap_t", damap, damap_help },
4246 
4247 	/* from devinfo.c */
4248 	{ "devbindings", "?[-qs] [device-name | major-num]",
4249 	    "print devinfo nodes bound to device-name or major-num",
4250 	    devbindings, devinfo_help },
4251 	{ "devinfo", ":[-qs]", "detailed devinfo of one node", devinfo,
4252 	    devinfo_help },
4253 	{ "devinfo_audit", ":[-v]", "devinfo configuration audit record",
4254 	    devinfo_audit },
4255 	{ "devinfo_audit_log", "?[-v]", "system wide devinfo configuration log",
4256 	    devinfo_audit_log },
4257 	{ "devinfo_audit_node", ":[-v]", "devinfo node configuration history",
4258 	    devinfo_audit_node },
4259 	{ "devinfo2driver", ":", "find driver name for this devinfo node",
4260 	    devinfo2driver },
4261 	{ "devnames", "?[-vm] [num]", "print devnames array", devnames },
4262 	{ "dev2major", "?<dev_t>", "convert dev_t to a major number",
4263 	    dev2major },
4264 	{ "dev2minor", "?<dev_t>", "convert dev_t to a minor number",
4265 	    dev2minor },
4266 	{ "devt", "?<dev_t>", "display a dev_t's major and minor numbers",
4267 	    devt },
4268 	{ "major2name", "?<major-num>", "convert major number to dev name",
4269 	    major2name },
4270 	{ "minornodes", ":", "given a devinfo node, print its minor nodes",
4271 	    minornodes },
4272 	{ "modctl2devinfo", ":", "given a modctl, list its devinfos",
4273 	    modctl2devinfo },
4274 	{ "name2major", "<dev-name>", "convert dev name to major number",
4275 	    name2major },
4276 	{ "prtconf", "?[-vpc]", "print devinfo tree", prtconf, prtconf_help },
4277 	{ "softstate", ":<instance>", "retrieve soft-state pointer",
4278 	    softstate },
4279 	{ "devinfo_fm", ":", "devinfo fault managment configuration",
4280 	    devinfo_fm },
4281 	{ "devinfo_fmce", ":", "devinfo fault managment cache entry",
4282 	    devinfo_fmce},
4283 
4284 	/* from fm.c */
4285 	{ "ereport", "[-v]", "print ereports logged in dump",
4286 	    ereport },
4287 
4288 	/* from findstack.c */
4289 	{ "findstack", ":[-v]", "find kernel thread stack", findstack },
4290 	{ "findstack_debug", NULL, "toggle findstack debugging",
4291 		findstack_debug },
4292 	{ "stacks", "?[-afiv] [-c func] [-C func] [-m module] [-M module] "
4293 		"[-s sobj | -S sobj] [-t tstate | -T tstate]",
4294 		"print unique kernel thread stacks",
4295 		stacks, stacks_help },
4296 
4297 	/* from group.c */
4298 	{ "group", "?[-q]", "display a group", group},
4299 
4300 	/* from irm.c */
4301 	{ "irmpools", NULL, "display interrupt pools", irmpools_dcmd },
4302 	{ "irmreqs", NULL, "display interrupt requests in an interrupt pool",
4303 	    irmreqs_dcmd },
4304 	{ "irmreq", NULL, "display an interrupt request", irmreq_dcmd },
4305 
4306 	/* from kgrep.c + genunix.c */
4307 	{ "kgrep", KGREP_USAGE, "search kernel as for a pointer", kgrep,
4308 		kgrep_help },
4309 
4310 	/* from kmem.c */
4311 	{ "allocdby", ":", "given a thread, print its allocated buffers",
4312 		allocdby },
4313 	{ "bufctl", ":[-vh] [-a addr] [-c caller] [-e earliest] [-l latest] "
4314 		"[-t thd]", "print or filter a bufctl", bufctl, bufctl_help },
4315 	{ "freedby", ":", "given a thread, print its freed buffers", freedby },
4316 	{ "kmalog", "?[ fail | slab ]",
4317 	    "display kmem transaction log and stack traces", kmalog },
4318 	{ "kmastat", "[-kmg]", "kernel memory allocator stats",
4319 	    kmastat },
4320 	{ "kmausers", "?[-ef] [cache ...]", "current medium and large users "
4321 		"of the kmem allocator", kmausers, kmausers_help },
4322 	{ "kmem_cache", "?[-n name]",
4323 		"print kernel memory caches", kmem_cache, kmem_cache_help},
4324 	{ "kmem_slabs", "?[-v] [-n cache] [-N cache] [-b maxbins] "
4325 		"[-B minbinsize]", "display slab usage per kmem cache",
4326 		kmem_slabs, kmem_slabs_help },
4327 	{ "kmem_debug", NULL, "toggle kmem dcmd/walk debugging", kmem_debug },
4328 	{ "kmem_log", "?[-b]", "dump kmem transaction log", kmem_log },
4329 	{ "kmem_verify", "?", "check integrity of kmem-managed memory",
4330 		kmem_verify },
4331 	{ "vmem", "?", "print a vmem_t", vmem },
4332 	{ "vmem_seg", ":[-sv] [-c caller] [-e earliest] [-l latest] "
4333 		"[-m minsize] [-M maxsize] [-t thread] [-T type]",
4334 		"print or filter a vmem_seg", vmem_seg, vmem_seg_help },
4335 	{ "whatthread", ":[-v]", "print threads whose stack contains the "
4336 		"given address", whatthread },
4337 
4338 	/* from ldi.c */
4339 	{ "ldi_handle", "?[-i]", "display a layered driver handle",
4340 	    ldi_handle, ldi_handle_help },
4341 	{ "ldi_ident", NULL, "display a layered driver identifier",
4342 	    ldi_ident, ldi_ident_help },
4343 
4344 	/* from leaky.c + leaky_subr.c */
4345 	{ "findleaks", FINDLEAKS_USAGE,
4346 	    "search for potential kernel memory leaks", findleaks,
4347 	    findleaks_help },
4348 
4349 	/* from lgrp.c */
4350 	{ "lgrp", "?[-q] [-p | -Pih]", "display an lgrp", lgrp},
4351 	{ "lgrp_set", "", "display bitmask of lgroups as a list", lgrp_set},
4352 
4353 	/* from log.c */
4354 	{ "msgbuf", "?[-v]", "print most recent console messages", msgbuf },
4355 
4356 	/* from mdi.c */
4357 	{ "mdipi", NULL, "given a path, dump mdi_pathinfo "
4358 		"and detailed pi_prop list", mdipi },
4359 	{ "mdiprops", NULL, "given a pi_prop, dump the pi_prop list",
4360 		mdiprops },
4361 	{ "mdiphci", NULL, "given a phci, dump mdi_phci and "
4362 		"list all paths", mdiphci },
4363 	{ "mdivhci", NULL, "given a vhci, dump mdi_vhci and list "
4364 		"all phcis", mdivhci },
4365 	{ "mdiclient_paths", NULL, "given a path, walk mdi_pathinfo "
4366 		"client links", mdiclient_paths },
4367 	{ "mdiphci_paths", NULL, "given a path, walk through mdi_pathinfo "
4368 		"phci links", mdiphci_paths },
4369 	{ "mdiphcis", NULL, "given a phci, walk through mdi_phci ph_next links",
4370 		mdiphcis },
4371 
4372 	/* from memory.c */
4373 	{ "page", "?", "display a summarized page_t", page },
4374 	{ "memstat", NULL, "display memory usage summary", memstat },
4375 	{ "memlist", "?[-iav]", "display a struct memlist", memlist },
4376 	{ "swapinfo", "?", "display a struct swapinfo", swapinfof },
4377 
4378 	/* from mmd.c */
4379 	{ "multidata", ":[-sv]", "display a summarized multidata_t",
4380 		multidata },
4381 	{ "pattbl", ":", "display a summarized multidata attribute table",
4382 		pattbl },
4383 	{ "pattr2multidata", ":", "print multidata pointer from pattr_t",
4384 		pattr2multidata },
4385 	{ "pdesc2slab", ":", "print pdesc slab pointer from pdesc_t",
4386 		pdesc2slab },
4387 	{ "pdesc_verify", ":", "verify integrity of a pdesc_t", pdesc_verify },
4388 	{ "slab2multidata", ":", "print multidata pointer from pdesc_slab_t",
4389 		slab2multidata },
4390 
4391 	/* from modhash.c */
4392 	{ "modhash", "?[-ceht] [-k key] [-v val] [-i index]",
4393 		"display information about one or all mod_hash structures",
4394 		modhash, modhash_help },
4395 	{ "modent", ":[-k | -v | -t type]",
4396 		"display information about a mod_hash_entry", modent,
4397 		modent_help },
4398 
4399 	/* from net.c */
4400 	{ "dladm", "?<sub-command> [flags]", "show data link information",
4401 		dladm, dladm_help },
4402 	{ "mi", ":[-p] [-d | -m]", "filter and display MI object or payload",
4403 		mi },
4404 	{ "netstat", "[-arv] [-f inet | inet6 | unix] [-P tcp | udp | icmp]",
4405 		"show network statistics", netstat },
4406 	{ "sonode", "?[-f inet | inet6 | unix | #] "
4407 		"[-t stream | dgram | raw | #] [-p #]",
4408 		"filter and display sonode", sonode },
4409 
4410 	/* from netstack.c */
4411 	{ "netstack", "", "show stack instances", netstack },
4412 
4413 	/* from nvpair.c */
4414 	{ NVPAIR_DCMD_NAME, NVPAIR_DCMD_USAGE, NVPAIR_DCMD_DESCR,
4415 		nvpair_print },
4416 	{ NVLIST_DCMD_NAME, NVLIST_DCMD_USAGE, NVLIST_DCMD_DESCR,
4417 		print_nvlist },
4418 
4419 	/* from pg.c */
4420 	{ "pg", "?[-q]", "display a pg", pg},
4421 
4422 	/* from rctl.c */
4423 	{ "rctl_dict", "?", "print systemwide default rctl definitions",
4424 		rctl_dict },
4425 	{ "rctl_list", ":[handle]", "print rctls for the given proc",
4426 		rctl_list },
4427 	{ "rctl", ":[handle]", "print a rctl_t, only if it matches the handle",
4428 		rctl },
4429 	{ "rctl_validate", ":[-v] [-n #]", "test resource control value "
4430 		"sequence", rctl_validate },
4431 
4432 	/* from sobj.c */
4433 	{ "rwlock", ":", "dump out a readers/writer lock", rwlock },
4434 	{ "mutex", ":[-f]", "dump out an adaptive or spin mutex", mutex,
4435 		mutex_help },
4436 	{ "sobj2ts", ":", "perform turnstile lookup on synch object", sobj2ts },
4437 	{ "wchaninfo", "?[-v]", "dump condition variable", wchaninfo },
4438 	{ "turnstile", "?", "display a turnstile", turnstile },
4439 
4440 	/* from stream.c */
4441 	{ "mblk", ":[-q|v] [-f|F flag] [-t|T type] [-l|L|B len] [-d dbaddr]",
4442 		"print an mblk", mblk_prt, mblk_help },
4443 	{ "mblk_verify", "?", "verify integrity of an mblk", mblk_verify },
4444 	{ "mblk2dblk", ":", "convert mblk_t address to dblk_t address",
4445 		mblk2dblk },
4446 	{ "q2otherq", ":", "print peer queue for a given queue", q2otherq },
4447 	{ "q2rdq", ":", "print read queue for a given queue", q2rdq },
4448 	{ "q2syncq", ":", "print syncq for a given queue", q2syncq },
4449 	{ "q2stream", ":", "print stream pointer for a given queue", q2stream },
4450 	{ "q2wrq", ":", "print write queue for a given queue", q2wrq },
4451 	{ "queue", ":[-q|v] [-m mod] [-f flag] [-F flag] [-s syncq_addr]",
4452 		"filter and display STREAM queue", queue, queue_help },
4453 	{ "stdata", ":[-q|v] [-f flag] [-F flag]",
4454 		"filter and display STREAM head", stdata, stdata_help },
4455 	{ "str2mate", ":", "print mate of this stream", str2mate },
4456 	{ "str2wrq", ":", "print write queue of this stream", str2wrq },
4457 	{ "stream", ":", "display STREAM", stream },
4458 	{ "strftevent", ":", "print STREAMS flow trace event", strftevent },
4459 	{ "syncq", ":[-q|v] [-f flag] [-F flag] [-t type] [-T type]",
4460 		"filter and display STREAM sync queue", syncq, syncq_help },
4461 	{ "syncq2q", ":", "print queue for a given syncq", syncq2q },
4462 
4463 	/* from taskq.c */
4464 	{ "taskq", ":[-atT] [-m min_maxq] [-n name]",
4465 	    "display a taskq", taskq, taskq_help },
4466 	{ "taskq_entry", ":", "display a taskq_ent_t", taskq_ent },
4467 
4468 	/* from thread.c */
4469 	{ "thread", "?[-bdfimps]", "display a summarized kthread_t", thread,
4470 		thread_help },
4471 	{ "threadlist", "?[-t] [-v [count]]",
4472 		"display threads and associated C stack traces", threadlist,
4473 		threadlist_help },
4474 	{ "stackinfo", "?[-h|-a]", "display kthread_t stack usage", stackinfo,
4475 		stackinfo_help },
4476 
4477 	/* from tsd.c */
4478 	{ "tsd", ":-k key", "print tsd[key-1] for this thread", ttotsd },
4479 	{ "tsdtot", ":", "find thread with this tsd", tsdtot },
4480 
4481 	/*
4482 	 * typegraph does not work under kmdb, as it requires too much memory
4483 	 * for its internal data structures.
4484 	 */
4485 #ifndef _KMDB
4486 	/* from typegraph.c */
4487 	{ "findlocks", ":", "find locks held by specified thread", findlocks },
4488 	{ "findfalse", "?[-v]", "find potentially falsely shared structures",
4489 		findfalse },
4490 	{ "typegraph", NULL, "build type graph", typegraph },
4491 	{ "istype", ":type", "manually set object type", istype },
4492 	{ "notype", ":", "manually clear object type", notype },
4493 	{ "whattype", ":", "determine object type", whattype },
4494 #endif
4495 
4496 	/* from vfs.c */
4497 	{ "fsinfo", "?[-v]", "print mounted filesystems", fsinfo },
4498 	{ "pfiles", ":[-fp]", "print process file information", pfiles,
4499 		pfiles_help },
4500 
4501 	/* from zone.c */
4502 	{ "zone", "?", "display kernel zone(s)", zoneprt },
4503 	{ "zsd", ":[-v] [zsd_key]", "display zone-specific-data entries for "
4504 	    "selected zones", zsd },
4505 
4506 	{ NULL }
4507 };
4508 
4509 static const mdb_walker_t walkers[] = {
4510 
4511 	/* from genunix.c */
4512 	{ "anon", "given an amp, list of anon structures",
4513 		anon_walk_init, anon_walk_step, anon_walk_fini },
4514 	{ "callouts_bytime", "walk callouts by list chain (expiration time)",
4515 		callout_walk_init, callout_walk_step, callout_walk_fini,
4516 		(void *)CALLOUT_WALK_BYLIST },
4517 	{ "callouts_byid", "walk callouts by id hash chain",
4518 		callout_walk_init, callout_walk_step, callout_walk_fini,
4519 		(void *)CALLOUT_WALK_BYID },
4520 	{ "callout_list", "walk a callout list", callout_list_walk_init,
4521 		callout_list_walk_step, callout_list_walk_fini },
4522 	{ "callout_table", "walk callout table array", callout_table_walk_init,
4523 		callout_table_walk_step, callout_table_walk_fini },
4524 	{ "cpu", "walk cpu structures", cpu_walk_init, cpu_walk_step },
4525 	{ "ereportq_dump", "walk list of ereports in dump error queue",
4526 		ereportq_dump_walk_init, ereportq_dump_walk_step, NULL },
4527 	{ "ereportq_pend", "walk list of ereports in pending error queue",
4528 		ereportq_pend_walk_init, ereportq_pend_walk_step, NULL },
4529 	{ "errorq", "walk list of system error queues",
4530 		errorq_walk_init, errorq_walk_step, NULL },
4531 	{ "errorq_data", "walk pending error queue data buffers",
4532 		eqd_walk_init, eqd_walk_step, eqd_walk_fini },
4533 	{ "allfile", "given a proc pointer, list all file pointers",
4534 		file_walk_init, allfile_walk_step, file_walk_fini },
4535 	{ "file", "given a proc pointer, list of open file pointers",
4536 		file_walk_init, file_walk_step, file_walk_fini },
4537 	{ "lock_descriptor", "walk lock_descriptor_t structures",
4538 		ld_walk_init, ld_walk_step, NULL },
4539 	{ "lock_graph", "walk lock graph",
4540 		lg_walk_init, lg_walk_step, NULL },
4541 	{ "port", "given a proc pointer, list of created event ports",
4542 		port_walk_init, port_walk_step, NULL },
4543 	{ "portev", "given a port pointer, list of events in the queue",
4544 		portev_walk_init, portev_walk_step, portev_walk_fini },
4545 	{ "proc", "list of active proc_t structures",
4546 		proc_walk_init, proc_walk_step, proc_walk_fini },
4547 	{ "projects", "walk a list of kernel projects",
4548 		project_walk_init, project_walk_step, NULL },
4549 	{ "seg", "given an as, list of segments",
4550 		seg_walk_init, avl_walk_step, avl_walk_fini },
4551 	{ "sysevent_pend", "walk sysevent pending queue",
4552 		sysevent_pend_walk_init, sysevent_walk_step,
4553 		sysevent_walk_fini},
4554 	{ "sysevent_sent", "walk sysevent sent queue", sysevent_sent_walk_init,
4555 		sysevent_walk_step, sysevent_walk_fini},
4556 	{ "sysevent_channel", "walk sysevent channel subscriptions",
4557 		sysevent_channel_walk_init, sysevent_channel_walk_step,
4558 		sysevent_channel_walk_fini},
4559 	{ "sysevent_class_list", "walk sysevent subscription's class list",
4560 		sysevent_class_list_walk_init, sysevent_class_list_walk_step,
4561 		sysevent_class_list_walk_fini},
4562 	{ "sysevent_subclass_list",
4563 		"walk sysevent subscription's subclass list",
4564 		sysevent_subclass_list_walk_init,
4565 		sysevent_subclass_list_walk_step,
4566 		sysevent_subclass_list_walk_fini},
4567 	{ "task", "given a task pointer, walk its processes",
4568 		task_walk_init, task_walk_step, NULL },
4569 
4570 	/* from avl.c */
4571 	{ AVL_WALK_NAME, AVL_WALK_DESC,
4572 		avl_walk_init, avl_walk_step, avl_walk_fini },
4573 
4574 	/* from bio.c */
4575 	{ "buf", "walk the bio buf hash",
4576 		buf_walk_init, buf_walk_step, buf_walk_fini },
4577 
4578 	/* from contract.c */
4579 	{ "contract", "walk all contracts, or those of the specified type",
4580 		ct_walk_init, generic_walk_step, NULL },
4581 	{ "ct_event", "walk events on a contract event queue",
4582 		ct_event_walk_init, generic_walk_step, NULL },
4583 	{ "ct_listener", "walk contract event queue listeners",
4584 		ct_listener_walk_init, generic_walk_step, NULL },
4585 
4586 	/* from cpupart.c */
4587 	{ "cpupart_cpulist", "given an cpupart_t, walk cpus in partition",
4588 		cpupart_cpulist_walk_init, cpupart_cpulist_walk_step,
4589 		NULL },
4590 	{ "cpupart_walk", "walk the set of cpu partitions",
4591 		cpupart_walk_init, cpupart_walk_step, NULL },
4592 
4593 	/* from ctxop.c */
4594 	{ "ctxop", "walk list of context ops on a thread",
4595 		ctxop_walk_init, ctxop_walk_step, ctxop_walk_fini },
4596 
4597 	/* from cyclic.c */
4598 	{ "cyccpu", "walk per-CPU cyc_cpu structures",
4599 		cyccpu_walk_init, cyccpu_walk_step, NULL },
4600 	{ "cycomni", "for an omnipresent cyclic, walk cyc_omni_cpu list",
4601 		cycomni_walk_init, cycomni_walk_step, NULL },
4602 	{ "cyctrace", "walk cyclic trace buffer",
4603 		cyctrace_walk_init, cyctrace_walk_step, cyctrace_walk_fini },
4604 
4605 	/* from devinfo.c */
4606 	{ "binding_hash", "walk all entries in binding hash table",
4607 		binding_hash_walk_init, binding_hash_walk_step, NULL },
4608 	{ "devinfo", "walk devinfo tree or subtree",
4609 		devinfo_walk_init, devinfo_walk_step, devinfo_walk_fini },
4610 	{ "devinfo_audit_log", "walk devinfo audit system-wide log",
4611 		devinfo_audit_log_walk_init, devinfo_audit_log_walk_step,
4612 		devinfo_audit_log_walk_fini},
4613 	{ "devinfo_audit_node", "walk per-devinfo audit history",
4614 		devinfo_audit_node_walk_init, devinfo_audit_node_walk_step,
4615 		devinfo_audit_node_walk_fini},
4616 	{ "devinfo_children", "walk children of devinfo node",
4617 		devinfo_children_walk_init, devinfo_children_walk_step,
4618 		devinfo_children_walk_fini },
4619 	{ "devinfo_parents", "walk ancestors of devinfo node",
4620 		devinfo_parents_walk_init, devinfo_parents_walk_step,
4621 		devinfo_parents_walk_fini },
4622 	{ "devinfo_siblings", "walk siblings of devinfo node",
4623 		devinfo_siblings_walk_init, devinfo_siblings_walk_step, NULL },
4624 	{ "devi_next", "walk devinfo list",
4625 		NULL, devi_next_walk_step, NULL },
4626 	{ "devnames", "walk devnames array",
4627 		devnames_walk_init, devnames_walk_step, devnames_walk_fini },
4628 	{ "minornode", "given a devinfo node, walk minor nodes",
4629 		minornode_walk_init, minornode_walk_step, NULL },
4630 	{ "softstate",
4631 		"given an i_ddi_soft_state*, list all in-use driver stateps",
4632 		soft_state_walk_init, soft_state_walk_step,
4633 		NULL, NULL },
4634 	{ "softstate_all",
4635 		"given an i_ddi_soft_state*, list all driver stateps",
4636 		soft_state_walk_init, soft_state_all_walk_step,
4637 		NULL, NULL },
4638 	{ "devinfo_fmc",
4639 		"walk a fault management handle cache active list",
4640 		devinfo_fmc_walk_init, devinfo_fmc_walk_step, NULL },
4641 
4642 	/* from group.c */
4643 	{ "group", "walk all elements of a group",
4644 		group_walk_init, group_walk_step, NULL },
4645 
4646 	/* from irm.c */
4647 	{ "irmpools", "walk global list of interrupt pools",
4648 	    irmpools_walk_init, list_walk_step, list_walk_fini },
4649 	{ "irmreqs", "walk list of interrupt requests in an interrupt pool",
4650 	    irmreqs_walk_init, list_walk_step, list_walk_fini },
4651 
4652 	/* from kmem.c */
4653 	{ "allocdby", "given a thread, walk its allocated bufctls",
4654 		allocdby_walk_init, allocdby_walk_step, allocdby_walk_fini },
4655 	{ "bufctl", "walk a kmem cache's bufctls",
4656 		bufctl_walk_init, kmem_walk_step, kmem_walk_fini },
4657 	{ "bufctl_history", "walk the available history of a bufctl",
4658 		bufctl_history_walk_init, bufctl_history_walk_step,
4659 		bufctl_history_walk_fini },
4660 	{ "freedby", "given a thread, walk its freed bufctls",
4661 		freedby_walk_init, allocdby_walk_step, allocdby_walk_fini },
4662 	{ "freectl", "walk a kmem cache's free bufctls",
4663 		freectl_walk_init, kmem_walk_step, kmem_walk_fini },
4664 	{ "freectl_constructed", "walk a kmem cache's constructed free bufctls",
4665 		freectl_constructed_walk_init, kmem_walk_step, kmem_walk_fini },
4666 	{ "freemem", "walk a kmem cache's free memory",
4667 		freemem_walk_init, kmem_walk_step, kmem_walk_fini },
4668 	{ "freemem_constructed", "walk a kmem cache's constructed free memory",
4669 		freemem_constructed_walk_init, kmem_walk_step, kmem_walk_fini },
4670 	{ "kmem", "walk a kmem cache",
4671 		kmem_walk_init, kmem_walk_step, kmem_walk_fini },
4672 	{ "kmem_cpu_cache", "given a kmem cache, walk its per-CPU caches",
4673 		kmem_cpu_cache_walk_init, kmem_cpu_cache_walk_step, NULL },
4674 	{ "kmem_hash", "given a kmem cache, walk its allocated hash table",
4675 		kmem_hash_walk_init, kmem_hash_walk_step, kmem_hash_walk_fini },
4676 	{ "kmem_log", "walk the kmem transaction log",
4677 		kmem_log_walk_init, kmem_log_walk_step, kmem_log_walk_fini },
4678 	{ "kmem_slab", "given a kmem cache, walk its slabs",
4679 		kmem_slab_walk_init, combined_walk_step, combined_walk_fini },
4680 	{ "kmem_slab_partial",
4681 	    "given a kmem cache, walk its partially allocated slabs (min 1)",
4682 		kmem_slab_walk_partial_init, combined_walk_step,
4683 		combined_walk_fini },
4684 	{ "vmem", "walk vmem structures in pre-fix, depth-first order",
4685 		vmem_walk_init, vmem_walk_step, vmem_walk_fini },
4686 	{ "vmem_alloc", "given a vmem_t, walk its allocated vmem_segs",
4687 		vmem_alloc_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4688 	{ "vmem_free", "given a vmem_t, walk its free vmem_segs",
4689 		vmem_free_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4690 	{ "vmem_postfix", "walk vmem structures in post-fix, depth-first order",
4691 		vmem_walk_init, vmem_postfix_walk_step, vmem_walk_fini },
4692 	{ "vmem_seg", "given a vmem_t, walk all of its vmem_segs",
4693 		vmem_seg_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4694 	{ "vmem_span", "given a vmem_t, walk its spanning vmem_segs",
4695 		vmem_span_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
4696 
4697 	/* from ldi.c */
4698 	{ "ldi_handle", "walk the layered driver handle hash",
4699 		ldi_handle_walk_init, ldi_handle_walk_step, NULL },
4700 	{ "ldi_ident", "walk the layered driver identifier hash",
4701 		ldi_ident_walk_init, ldi_ident_walk_step, NULL },
4702 
4703 	/* from leaky.c + leaky_subr.c */
4704 	{ "leak", "given a leaked bufctl or vmem_seg, find leaks w/ same "
4705 	    "stack trace",
4706 		leaky_walk_init, leaky_walk_step, leaky_walk_fini },
4707 	{ "leakbuf", "given a leaked bufctl or vmem_seg, walk buffers for "
4708 	    "leaks w/ same stack trace",
4709 		leaky_walk_init, leaky_buf_walk_step, leaky_walk_fini },
4710 
4711 	/* from lgrp.c */
4712 	{ "lgrp_cpulist", "walk CPUs in a given lgroup",
4713 		lgrp_cpulist_walk_init, lgrp_cpulist_walk_step, NULL },
4714 	{ "lgrptbl", "walk lgroup table",
4715 		lgrp_walk_init, lgrp_walk_step, NULL },
4716 	{ "lgrp_parents", "walk up lgroup lineage from given lgroup",
4717 		lgrp_parents_walk_init, lgrp_parents_walk_step, NULL },
4718 	{ "lgrp_rsrc_mem", "walk lgroup memory resources of given lgroup",
4719 		lgrp_rsrc_mem_walk_init, lgrp_set_walk_step, NULL },
4720 	{ "lgrp_rsrc_cpu", "walk lgroup CPU resources of given lgroup",
4721 		lgrp_rsrc_cpu_walk_init, lgrp_set_walk_step, NULL },
4722 
4723 	/* from list.c */
4724 	{ LIST_WALK_NAME, LIST_WALK_DESC,
4725 		list_walk_init, list_walk_step, list_walk_fini },
4726 
4727 	/* from mdi.c */
4728 	{ "mdipi_client_list", "Walker for mdi_pathinfo pi_client_link",
4729 		mdi_pi_client_link_walk_init,
4730 		mdi_pi_client_link_walk_step,
4731 		mdi_pi_client_link_walk_fini },
4732 	{ "mdipi_phci_list", "Walker for mdi_pathinfo pi_phci_link",
4733 		mdi_pi_phci_link_walk_init,
4734 		mdi_pi_phci_link_walk_step,
4735 		mdi_pi_phci_link_walk_fini },
4736 	{ "mdiphci_list", "Walker for mdi_phci ph_next link",
4737 		mdi_phci_ph_next_walk_init,
4738 		mdi_phci_ph_next_walk_step,
4739 		mdi_phci_ph_next_walk_fini },
4740 
4741 	/* from memory.c */
4742 	{ "page", "walk all pages, or those from the specified vnode",
4743 		page_walk_init, page_walk_step, page_walk_fini },
4744 	{ "allpages", "walk all pages, including free pages",
4745 		allpages_walk_init, allpages_walk_step, allpages_walk_fini },
4746 	{ "memlist", "walk specified memlist",
4747 		NULL, memlist_walk_step, NULL },
4748 	{ "swapinfo", "walk swapinfo structures",
4749 		swap_walk_init, swap_walk_step, NULL },
4750 
4751 	/* from mmd.c */
4752 	{ "pattr", "walk pattr_t structures", pattr_walk_init,
4753 		mmdq_walk_step, mmdq_walk_fini },
4754 	{ "pdesc", "walk pdesc_t structures",
4755 		pdesc_walk_init, mmdq_walk_step, mmdq_walk_fini },
4756 	{ "pdesc_slab", "walk pdesc_slab_t structures",
4757 		pdesc_slab_walk_init, mmdq_walk_step, mmdq_walk_fini },
4758 
4759 	/* from modhash.c */
4760 	{ "modhash", "walk list of mod_hash structures", modhash_walk_init,
4761 		modhash_walk_step, NULL },
4762 	{ "modent", "walk list of entries in a given mod_hash",
4763 		modent_walk_init, modent_walk_step, modent_walk_fini },
4764 	{ "modchain", "walk list of entries in a given mod_hash_entry",
4765 		NULL, modchain_walk_step, NULL },
4766 
4767 	/* from net.c */
4768 	{ "ar", "walk ar_t structures using MI for all stacks",
4769 		mi_payload_walk_init, mi_payload_walk_step, NULL, &mi_ar_arg },
4770 	{ "icmp", "walk ICMP control structures using MI for all stacks",
4771 		mi_payload_walk_init, mi_payload_walk_step, NULL,
4772 		&mi_icmp_arg },
4773 	{ "mi", "given a MI_O, walk the MI",
4774 		mi_walk_init, mi_walk_step, mi_walk_fini, NULL },
4775 	{ "sonode", "given a sonode, walk its children",
4776 		sonode_walk_init, sonode_walk_step, sonode_walk_fini, NULL },
4777 	{ "ar_stacks", "walk all the ar_stack_t",
4778 		ar_stacks_walk_init, ar_stacks_walk_step, NULL },
4779 	{ "icmp_stacks", "walk all the icmp_stack_t",
4780 		icmp_stacks_walk_init, icmp_stacks_walk_step, NULL },
4781 	{ "tcp_stacks", "walk all the tcp_stack_t",
4782 		tcp_stacks_walk_init, tcp_stacks_walk_step, NULL },
4783 	{ "udp_stacks", "walk all the udp_stack_t",
4784 		udp_stacks_walk_init, udp_stacks_walk_step, NULL },
4785 
4786 	/* from netstack.c */
4787 	{ "netstack", "walk a list of kernel netstacks",
4788 		netstack_walk_init, netstack_walk_step, NULL },
4789 
4790 	/* from nvpair.c */
4791 	{ NVPAIR_WALKER_NAME, NVPAIR_WALKER_DESCR,
4792 		nvpair_walk_init, nvpair_walk_step, NULL },
4793 
4794 	/* from rctl.c */
4795 	{ "rctl_dict_list", "walk all rctl_dict_entry_t's from rctl_lists",
4796 		rctl_dict_walk_init, rctl_dict_walk_step, NULL },
4797 	{ "rctl_set", "given a rctl_set, walk all rctls", rctl_set_walk_init,
4798 		rctl_set_walk_step, NULL },
4799 	{ "rctl_val", "given a rctl_t, walk all rctl_val entries associated",
4800 		rctl_val_walk_init, rctl_val_walk_step },
4801 
4802 	/* from sobj.c */
4803 	{ "blocked", "walk threads blocked on a given sobj",
4804 		blocked_walk_init, blocked_walk_step, NULL },
4805 	{ "wchan", "given a wchan, list of blocked threads",
4806 		wchan_walk_init, wchan_walk_step, wchan_walk_fini },
4807 
4808 	/* from stream.c */
4809 	{ "b_cont", "walk mblk_t list using b_cont",
4810 		mblk_walk_init, b_cont_step, mblk_walk_fini },
4811 	{ "b_next", "walk mblk_t list using b_next",
4812 		mblk_walk_init, b_next_step, mblk_walk_fini },
4813 	{ "qlink", "walk queue_t list using q_link",
4814 		queue_walk_init, queue_link_step, queue_walk_fini },
4815 	{ "qnext", "walk queue_t list using q_next",
4816 		queue_walk_init, queue_next_step, queue_walk_fini },
4817 	{ "strftblk", "given a dblk_t, walk STREAMS flow trace event list",
4818 		strftblk_walk_init, strftblk_step, strftblk_walk_fini },
4819 	{ "readq", "walk read queue side of stdata",
4820 		str_walk_init, strr_walk_step, str_walk_fini },
4821 	{ "writeq", "walk write queue side of stdata",
4822 		str_walk_init, strw_walk_step, str_walk_fini },
4823 
4824 	/* from taskq.c */
4825 	{ "taskq_thread", "given a taskq_t, list all of its threads",
4826 		taskq_thread_walk_init,
4827 		taskq_thread_walk_step,
4828 		taskq_thread_walk_fini },
4829 	{ "taskq_entry", "given a taskq_t*, list all taskq_ent_t in the list",
4830 		taskq_ent_walk_init, taskq_ent_walk_step, NULL },
4831 
4832 	/* from thread.c */
4833 	{ "deathrow", "walk threads on both lwp_ and thread_deathrow",
4834 		deathrow_walk_init, deathrow_walk_step, NULL },
4835 	{ "cpu_dispq", "given a cpu_t, walk threads in dispatcher queues",
4836 		cpu_dispq_walk_init, dispq_walk_step, dispq_walk_fini },
4837 	{ "cpupart_dispq",
4838 		"given a cpupart_t, walk threads in dispatcher queues",
4839 		cpupart_dispq_walk_init, dispq_walk_step, dispq_walk_fini },
4840 	{ "lwp_deathrow", "walk lwp_deathrow",
4841 		lwp_deathrow_walk_init, deathrow_walk_step, NULL },
4842 	{ "thread", "global or per-process kthread_t structures",
4843 		thread_walk_init, thread_walk_step, thread_walk_fini },
4844 	{ "thread_deathrow", "walk threads on thread_deathrow",
4845 		thread_deathrow_walk_init, deathrow_walk_step, NULL },
4846 
4847 	/* from tsd.c */
4848 	{ "tsd", "walk list of thread-specific data",
4849 		tsd_walk_init, tsd_walk_step, tsd_walk_fini },
4850 
4851 	/* from tsol.c */
4852 	{ "tnrh", "walk remote host cache structures",
4853 	    tnrh_walk_init, tnrh_walk_step, tnrh_walk_fini },
4854 	{ "tnrhtp", "walk remote host template structures",
4855 	    tnrhtp_walk_init, tnrhtp_walk_step, tnrhtp_walk_fini },
4856 
4857 	/*
4858 	 * typegraph does not work under kmdb, as it requires too much memory
4859 	 * for its internal data structures.
4860 	 */
4861 #ifndef _KMDB
4862 	/* from typegraph.c */
4863 	{ "typeconflict", "walk buffers with conflicting type inferences",
4864 		typegraph_walk_init, typeconflict_walk_step },
4865 	{ "typeunknown", "walk buffers with unknown types",
4866 		typegraph_walk_init, typeunknown_walk_step },
4867 #endif
4868 
4869 	/* from vfs.c */
4870 	{ "vfs", "walk file system list",
4871 		vfs_walk_init, vfs_walk_step },
4872 
4873 	/* from zone.c */
4874 	{ "zone", "walk a list of kernel zones",
4875 		zone_walk_init, zone_walk_step, NULL },
4876 	{ "zsd", "walk list of zsd entries for a zone",
4877 		zsd_walk_init, zsd_walk_step, NULL },
4878 
4879 	{ NULL }
4880 };
4881 
4882 static const mdb_modinfo_t modinfo = { MDB_API_VERSION, dcmds, walkers };
4883 
4884 /*ARGSUSED*/
4885 static void
4886 genunix_statechange_cb(void *ignored)
4887 {
4888 	/*
4889 	 * Force ::findleaks and ::stacks to let go any cached state.
4890 	 */
4891 	leaky_cleanup(1);
4892 	stacks_cleanup(1);
4893 
4894 	kmem_statechange();	/* notify kmem */
4895 }
4896 
4897 const mdb_modinfo_t *
4898 _mdb_init(void)
4899 {
4900 	kmem_init();
4901 
4902 	(void) mdb_callback_add(MDB_CALLBACK_STCHG,
4903 	    genunix_statechange_cb, NULL);
4904 
4905 	return (&modinfo);
4906 }
4907 
4908 void
4909 _mdb_fini(void)
4910 {
4911 	leaky_cleanup(1);
4912 	stacks_cleanup(1);
4913 }
4914