xref: /titanic_51/usr/src/uts/common/os/modctl.c (revision 989b958f0775a93d93a9201fa6466f30af70e908)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 /*
27  * modctl system call for loadable module support.
28  */
29 
30 #include <sys/param.h>
31 #include <sys/user.h>
32 #include <sys/systm.h>
33 #include <sys/exec.h>
34 #include <sys/file.h>
35 #include <sys/stat.h>
36 #include <sys/conf.h>
37 #include <sys/time.h>
38 #include <sys/reboot.h>
39 #include <sys/fs/ufs_fsdir.h>
40 #include <sys/kmem.h>
41 #include <sys/sysconf.h>
42 #include <sys/cmn_err.h>
43 #include <sys/ddi.h>
44 #include <sys/sunddi.h>
45 #include <sys/sunndi.h>
46 #include <sys/ndi_impldefs.h>
47 #include <sys/ddi_impldefs.h>
48 #include <sys/ddi_implfuncs.h>
49 #include <sys/bootconf.h>
50 #include <sys/dc_ki.h>
51 #include <sys/cladm.h>
52 #include <sys/dtrace.h>
53 #include <sys/kdi.h>
54 
55 #include <sys/devpolicy.h>
56 #include <sys/modctl.h>
57 #include <sys/kobj.h>
58 #include <sys/devops.h>
59 #include <sys/autoconf.h>
60 #include <sys/hwconf.h>
61 #include <sys/callb.h>
62 #include <sys/debug.h>
63 #include <sys/cpuvar.h>
64 #include <sys/sysmacros.h>
65 #include <sys/sysevent.h>
66 #include <sys/sysevent_impl.h>
67 #include <sys/instance.h>
68 #include <sys/modhash.h>
69 #include <sys/modhash_impl.h>
70 #include <sys/dacf_impl.h>
71 #include <sys/vfs.h>
72 #include <sys/pathname.h>
73 #include <sys/console.h>
74 #include <sys/policy.h>
75 #include <ipp/ipp_impl.h>
76 #include <sys/fs/dv_node.h>
77 #include <sys/strsubr.h>
78 #include <sys/fs/sdev_impl.h>
79 
80 static int		mod_circdep(struct modctl *);
81 static int		modinfo(modid_t, struct modinfo *);
82 
83 static void		mod_uninstall_all(void);
84 static int		mod_getinfo(struct modctl *, struct modinfo *);
85 static struct modctl	*allocate_modp(const char *, const char *);
86 
87 static int		mod_load(struct modctl *, int);
88 static void		mod_unload(struct modctl *);
89 static int		modinstall(struct modctl *);
90 static int		moduninstall(struct modctl *);
91 
92 static struct modctl	*mod_hold_by_name_common(struct modctl *, const char *);
93 static struct modctl	*mod_hold_next_by_id(modid_t);
94 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
95 static struct modctl	*mod_hold_installed_mod(char *, int, int, int *);
96 
97 static void		mod_release(struct modctl *);
98 static void		mod_make_requisite(struct modctl *, struct modctl *);
99 static int		mod_install_requisites(struct modctl *);
100 static void		check_esc_sequences(char *, char *);
101 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
102 
103 /*
104  * module loading thread control structure. Calls to kobj_load_module()() are
105  * handled off to a separate thead using this structure.
106  */
107 struct loadmt {
108 	ksema_t		sema;
109 	struct modctl	*mp;
110 	int		usepath;
111 	kthread_t	*owner;
112 	int		retval;
113 };
114 
115 static void	modload_thread(struct loadmt *);
116 
117 kcondvar_t	mod_cv;
118 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
119 					/* and the uninstall daemon. */
120 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
121 					/* mod_busy, mod_want, and mod_ref. */
122 					/* blocking operations while holding */
123 					/* mod_lock should be avoided */
124 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
125 kthread_id_t	mod_aul_thread;
126 
127 int		modunload_wait;
128 kmutex_t	modunload_wait_mutex;
129 kcondvar_t	modunload_wait_cv;
130 int		modunload_active_count;
131 int		modunload_disable_count;
132 
133 int	isminiroot;		/* set if running as miniroot */
134 int	modrootloaded;		/* set after root driver and fs are loaded */
135 int	moddebug = 0x0;		/* debug flags for module writers */
136 int	swaploaded;		/* set after swap driver and fs are loaded */
137 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
138 int	last_module_id;
139 clock_t	mod_uninstall_interval = 0;
140 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
141 
142 int	devcnt_incr	= 256;		/* allow for additional drivers */
143 int	devcnt_min	= 512;		/* and always at least this number */
144 
145 struct devnames *devnamesp;
146 struct devnames orphanlist;
147 
148 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
149 
150 #define	MAJBINDFILE "/etc/name_to_major"
151 #define	SYSBINDFILE "/etc/name_to_sysnum"
152 
153 static char	majbind[] = MAJBINDFILE;
154 static char	sysbind[] = SYSBINDFILE;
155 static uint_t	mod_autounload_key;	/* for module autounload detection */
156 
157 extern int obpdebug;
158 
159 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
160 
161 static int minorperm_loaded = 0;
162 
163 void
164 mod_setup(void)
165 {
166 	struct sysent *callp;
167 	int callnum, exectype;
168 	int	num_devs;
169 	int	i;
170 
171 	/*
172 	 * Initialize the list of loaded driver dev_ops.
173 	 * XXX - This must be done before reading the system file so that
174 	 * forceloads of drivers will work.
175 	 */
176 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
177 	/*
178 	 * Since read_binding_file is common code, it doesn't enforce that all
179 	 * of the binding file entries have major numbers <= MAXMAJ32.	Thus,
180 	 * ensure that we don't allocate some massive amount of space due to a
181 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
182 	 * until file system support for larger major numbers exists.
183 	 */
184 
185 	/*
186 	 * Leave space for expansion, but not more than L_MAXMAJ32
187 	 */
188 	devcnt = MIN(num_devs + devcnt_incr, L_MAXMAJ32);
189 	devcnt = MAX(devcnt, devcnt_min);
190 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
191 	for (i = 0; i < devcnt; i++)
192 		devopsp[i] = &mod_nodev_ops;
193 
194 	init_devnamesp(devcnt);
195 
196 	/*
197 	 * Sync up with the work that the stand-alone linker has already done.
198 	 */
199 	(void) kobj_sync();
200 
201 	if (boothowto & RB_DEBUG)
202 		kdi_dvec_modavail();
203 
204 	make_aliases(mb_hashtab);
205 
206 	/*
207 	 * Initialize streams device implementation structures.
208 	 */
209 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
210 
211 	/*
212 	 * If the cl_bootstrap module is present,
213 	 * we should be configured as a cluster. Loading this module
214 	 * will set "cluster_bootflags" to non-zero.
215 	 */
216 	(void) modload("misc", "cl_bootstrap");
217 
218 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
219 	init_syscallnames(NSYSCALL);
220 
221 	/*
222 	 * Start up dynamic autoconfiguration framework (dacf).
223 	 */
224 	mod_hash_init();
225 	dacf_init();
226 
227 	/*
228 	 * Start up IP policy framework (ipp).
229 	 */
230 	ipp_init();
231 
232 	/*
233 	 * Allocate loadable native system call locks.
234 	 */
235 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
236 	    callnum++, callp++) {
237 		if (LOADABLE_SYSCALL(callp)) {
238 			if (mod_getsysname(callnum) != NULL) {
239 				callp->sy_lock =
240 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
241 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
242 			} else {
243 				callp->sy_flags &= ~SE_LOADABLE;
244 				callp->sy_callc = nosys;
245 			}
246 #ifdef DEBUG
247 		} else {
248 			/*
249 			 * Do some sanity checks on the sysent table
250 			 */
251 			switch (callp->sy_flags & SE_RVAL_MASK) {
252 			case SE_32RVAL1:
253 				/* only r_val1 returned */
254 			case SE_32RVAL1 | SE_32RVAL2:
255 				/* r_val1 and r_val2 returned */
256 			case SE_64RVAL:
257 				/* 64-bit rval returned */
258 				break;
259 			default:
260 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
261 				    callnum, callp->sy_flags);
262 			}
263 #endif
264 		}
265 	}
266 
267 #ifdef _SYSCALL32_IMPL
268 	/*
269 	 * Allocate loadable system call locks for 32-bit compat syscalls
270 	 */
271 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
272 	    callnum++, callp++) {
273 		if (LOADABLE_SYSCALL(callp)) {
274 			if (mod_getsysname(callnum) != NULL) {
275 				callp->sy_lock =
276 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
277 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
278 			} else {
279 				callp->sy_flags &= ~SE_LOADABLE;
280 				callp->sy_callc = nosys;
281 			}
282 #ifdef DEBUG
283 		} else {
284 			/*
285 			 * Do some sanity checks on the sysent table
286 			 */
287 			switch (callp->sy_flags & SE_RVAL_MASK) {
288 			case SE_32RVAL1:
289 				/* only r_val1 returned */
290 			case SE_32RVAL1 | SE_32RVAL2:
291 				/* r_val1 and r_val2 returned */
292 			case SE_64RVAL:
293 				/* 64-bit rval returned */
294 				break;
295 			default:
296 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
297 				    callnum, callp->sy_flags);
298 				goto skip;
299 			}
300 
301 			/*
302 			 * Cross-check the native and compatibility tables.
303 			 */
304 			if (callp->sy_callc == nosys ||
305 			    sysent[callnum].sy_callc == nosys)
306 				continue;
307 			/*
308 			 * If only one or the other slot is loadable, then
309 			 * there's an error -- they should match!
310 			 */
311 			if ((callp->sy_callc == loadable_syscall) ^
312 			    (sysent[callnum].sy_callc == loadable_syscall)) {
313 				cmn_err(CE_WARN, "sysent[%d] loadable?",
314 				    callnum);
315 			}
316 			/*
317 			 * This is more of a heuristic test -- if the
318 			 * system call returns two values in the 32-bit
319 			 * world, it should probably return two 32-bit
320 			 * values in the 64-bit world too.
321 			 */
322 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
323 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
324 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
325 				    callnum);
326 			}
327 skip:;
328 #endif	/* DEBUG */
329 		}
330 	}
331 #endif	/* _SYSCALL32_IMPL */
332 
333 	/*
334 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
335 	 */
336 	for (exectype = 0; exectype < nexectype; exectype++) {
337 		execsw[exectype].exec_lock =
338 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
339 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
340 	}
341 
342 	read_class_file();
343 
344 	/* init thread specific structure for mod_uninstall_all */
345 	tsd_create(&mod_autounload_key, NULL);
346 }
347 
348 static int
349 modctl_modload(int use_path, char *filename, int *rvp)
350 {
351 	struct modctl *modp;
352 	int retval = 0;
353 	char *filenamep;
354 	int modid;
355 
356 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
357 
358 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
359 		retval = EFAULT;
360 		goto out;
361 	}
362 
363 	filenamep[MOD_MAXPATH - 1] = 0;
364 	modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
365 
366 	if (modp == NULL)
367 		goto out;
368 
369 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
370 	modid = modp->mod_id;
371 	mod_release_mod(modp);
372 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
373 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
374 		retval = EFAULT;
375 out:
376 	kmem_free(filenamep, MOD_MAXPATH);
377 
378 	return (retval);
379 }
380 
381 static int
382 modctl_modunload(modid_t id)
383 {
384 	int rval = 0;
385 
386 	if (id == 0) {
387 #ifdef DEBUG
388 		/*
389 		 * Turn on mod_uninstall_daemon
390 		 */
391 		if (mod_uninstall_interval == 0) {
392 			mod_uninstall_interval = 60;
393 			modreap();
394 			return (rval);
395 		}
396 #endif
397 		mod_uninstall_all();
398 	} else {
399 		rval = modunload(id);
400 	}
401 	return (rval);
402 }
403 
404 static int
405 modctl_modinfo(modid_t id, struct modinfo *umodi)
406 {
407 	int retval;
408 	struct modinfo modi;
409 #if defined(_SYSCALL32_IMPL)
410 	int nobase;
411 	struct modinfo32 modi32;
412 #endif
413 
414 	if (get_udatamodel() == DATAMODEL_NATIVE) {
415 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
416 			return (EFAULT);
417 	}
418 #ifdef _SYSCALL32_IMPL
419 	else {
420 		bzero(&modi, sizeof (modi));
421 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
422 			return (EFAULT);
423 		modi.mi_info = modi32.mi_info;
424 		modi.mi_id = modi32.mi_id;
425 		modi.mi_nextid = modi32.mi_nextid;
426 		nobase = modi.mi_info & MI_INFO_NOBASE;
427 	}
428 #endif
429 	/*
430 	 * This flag is -only- for the kernels use.
431 	 */
432 	modi.mi_info &= ~MI_INFO_LINKAGE;
433 
434 	retval = modinfo(id, &modi);
435 	if (retval)
436 		return (retval);
437 
438 	if (get_udatamodel() == DATAMODEL_NATIVE) {
439 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
440 			retval = EFAULT;
441 #ifdef _SYSCALL32_IMPL
442 	} else {
443 		int i;
444 
445 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
446 			return (EOVERFLOW);
447 
448 		modi32.mi_info = modi.mi_info;
449 		modi32.mi_state = modi.mi_state;
450 		modi32.mi_id = modi.mi_id;
451 		modi32.mi_nextid = modi.mi_nextid;
452 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
453 		modi32.mi_size = modi.mi_size;
454 		modi32.mi_rev = modi.mi_rev;
455 		modi32.mi_loadcnt = modi.mi_loadcnt;
456 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
457 		for (i = 0; i < MODMAXLINK32; i++) {
458 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
459 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
460 			    modi32.mi_msinfo[i].msi_linkinfo,
461 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
462 		}
463 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
464 			retval = EFAULT;
465 #endif
466 	}
467 
468 	return (retval);
469 }
470 
471 /*
472  * Return the last major number in the range of permissible major numbers.
473  */
474 /*ARGSUSED*/
475 static int
476 modctl_modreserve(modid_t id, int *data)
477 {
478 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
479 		return (EFAULT);
480 	return (0);
481 }
482 
483 /* Add/Remove driver and binding aliases */
484 static int
485 modctl_update_driver_aliases(int add, int *data)
486 {
487 	struct modconfig	mc;
488 	int			i, n, rv = 0;
489 	struct aliases		alias;
490 	struct aliases		*ap;
491 	char			name[MAXMODCONFNAME];
492 	char			cname[MAXMODCONFNAME];
493 	char			*drvname;
494 	int			resid;
495 	struct alias_info {
496 		char	*alias_name;
497 		int	alias_resid;
498 	} *aliases, *aip;
499 
500 	bzero(&mc, sizeof (struct modconfig));
501 	if (get_udatamodel() == DATAMODEL_NATIVE) {
502 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
503 			return (EFAULT);
504 	}
505 #ifdef _SYSCALL32_IMPL
506 	else {
507 		struct modconfig32 modc32;
508 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
509 			return (EFAULT);
510 		else {
511 			bcopy(modc32.drvname, mc.drvname,
512 			    sizeof (modc32.drvname));
513 			bcopy(modc32.drvclass, mc.drvclass,
514 			    sizeof (modc32.drvclass));
515 			mc.major = modc32.major;
516 			mc.flags = modc32.flags;
517 			mc.num_aliases = modc32.num_aliases;
518 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
519 		}
520 	}
521 #endif
522 
523 	/*
524 	 * If the driver is already in the mb_hashtab, and the name given
525 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
526 	 * we may be adding aliases.
527 	 */
528 	drvname = mod_major_to_name(mc.major);
529 	if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
530 		return (EINVAL);
531 
532 	/*
533 	 * Precede alias removal by unbinding as many devices as possible.
534 	 */
535 	if (add == 0) {
536 		(void) i_ddi_unload_drvconf(mc.major);
537 		i_ddi_unbind_devs(mc.major);
538 	}
539 
540 	/*
541 	 * Add/remove each supplied driver alias to/from mb_hashtab
542 	 */
543 	ap = mc.ap;
544 	if (mc.num_aliases > 0)
545 		aliases = kmem_zalloc(
546 		    mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
547 	aip = aliases;
548 	for (i = 0; i < mc.num_aliases; i++) {
549 		bzero(&alias, sizeof (struct aliases));
550 		if (get_udatamodel() == DATAMODEL_NATIVE) {
551 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
552 				rv = EFAULT;
553 				goto error;
554 			}
555 			if (alias.a_len > MAXMODCONFNAME) {
556 				rv = EINVAL;
557 				goto error;
558 			}
559 			if (copyin(alias.a_name, name, alias.a_len) != 0) {
560 				rv = EFAULT;
561 				goto error;
562 			}
563 			if (name[alias.a_len - 1] != '\0') {
564 				rv = EINVAL;
565 				goto error;
566 			}
567 		}
568 #ifdef _SYSCALL32_IMPL
569 		else {
570 			struct aliases32 al32;
571 			bzero(&al32, sizeof (struct aliases32));
572 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
573 				rv = EFAULT;
574 				goto error;
575 			}
576 			if (al32.a_len > MAXMODCONFNAME) {
577 				rv = EINVAL;
578 				goto error;
579 			}
580 			if (copyin((void *)(uintptr_t)al32.a_name,
581 			    name, al32.a_len) != 0) {
582 				rv = EFAULT;
583 				goto error;
584 			}
585 			if (name[al32.a_len - 1] != '\0') {
586 				rv = EINVAL;
587 				goto error;
588 			}
589 			alias.a_next = (void *)(uintptr_t)al32.a_next;
590 		}
591 #endif
592 		check_esc_sequences(name, cname);
593 		aip->alias_name = strdup(cname);
594 		ap = alias.a_next;
595 		aip++;
596 	}
597 
598 	if (add == 0) {
599 		ap = mc.ap;
600 		resid = 0;
601 		aip = aliases;
602 		/* attempt to unbind all devices bound to each alias */
603 		for (i = 0; i < mc.num_aliases; i++) {
604 			n = i_ddi_unbind_devs_by_alias(
605 			    mc.major, aip->alias_name);
606 			resid += n;
607 			aip->alias_resid = n;
608 		}
609 
610 		/*
611 		 * If some device bound to an alias remains in use,
612 		 * and override wasn't specified, no change is made to
613 		 * the binding state and we fail the operation.
614 		 */
615 		if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
616 			rv = EBUSY;
617 			goto error;
618 		}
619 
620 		/*
621 		 * No device remains bound of any of the aliases,
622 		 * or force was requested.  Mark each alias as
623 		 * inactive via delete_mbind so no future binds
624 		 * to this alias take place and that a new
625 		 * binding can be established.
626 		 */
627 		aip = aliases;
628 		for (i = 0; i < mc.num_aliases; i++) {
629 			if (moddebug & MODDEBUG_BINDING)
630 				cmn_err(CE_CONT, "Removing binding for %s "
631 				    "(%d active references)\n",
632 				    aip->alias_name, aip->alias_resid);
633 			delete_mbind(aip->alias_name, mb_hashtab);
634 			aip++;
635 		}
636 		rv = 0;
637 	} else {
638 		aip = aliases;
639 		for (i = 0; i < mc.num_aliases; i++) {
640 			if (moddebug & MODDEBUG_BINDING)
641 				cmn_err(CE_NOTE, "Adding binding for '%s'\n",
642 				    aip->alias_name);
643 			(void) make_mbind(aip->alias_name,
644 			    mc.major, NULL, mb_hashtab);
645 			aip++;
646 		}
647 		/*
648 		 * Try to establish an mbinding for mc.drvname, and add it to
649 		 * devnames. Add class if any after establishing the major
650 		 * number.
651 		 */
652 		(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
653 		if ((rv = make_devname(mc.drvname, mc.major,
654 		    (mc.flags & MOD_ADDMAJBIND_UPDATE) ?
655 		    DN_DRIVER_INACTIVE : 0)) != 0) {
656 			goto error;
657 		}
658 
659 		if (mc.drvclass[0] != '\0')
660 			add_class(mc.drvname, mc.drvclass);
661 		if ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0) {
662 			(void) i_ddi_load_drvconf(mc.major);
663 		}
664 	}
665 
666 	/*
667 	 * Ensure that all nodes are bound to the most appropriate driver
668 	 * possible, attempting demotion and rebind when a more appropriate
669 	 * driver now exists.  But not when adding a driver update-only.
670 	 */
671 	if ((add == 0) || ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0)) {
672 		i_ddi_bind_devs();
673 		i_ddi_di_cache_invalidate();
674 	}
675 
676 error:
677 	if (mc.num_aliases > 0) {
678 		aip = aliases;
679 		for (i = 0; i < mc.num_aliases; i++) {
680 			if (aip->alias_name != NULL)
681 				strfree(aip->alias_name);
682 			aip++;
683 		}
684 		kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
685 	}
686 	return (rv);
687 }
688 
689 static int
690 modctl_add_driver_aliases(int *data)
691 {
692 	return (modctl_update_driver_aliases(1, data));
693 }
694 
695 static int
696 modctl_remove_driver_aliases(int *data)
697 {
698 	return (modctl_update_driver_aliases(0, data));
699 }
700 
701 static int
702 modctl_rem_major(major_t major)
703 {
704 	struct devnames *dnp;
705 
706 	if (major >= devcnt)
707 		return (EINVAL);
708 
709 	/* mark devnames as removed */
710 	dnp = &devnamesp[major];
711 	LOCK_DEV_OPS(&dnp->dn_lock);
712 	if (dnp->dn_name == NULL ||
713 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
714 		UNLOCK_DEV_OPS(&dnp->dn_lock);
715 		return (EINVAL);
716 	}
717 	dnp->dn_flags |= DN_DRIVER_REMOVED;
718 	pm_driver_removed(major);
719 	UNLOCK_DEV_OPS(&dnp->dn_lock);
720 
721 	(void) i_ddi_unload_drvconf(major);
722 	i_ddi_unbind_devs(major);
723 	i_ddi_bind_devs();
724 	i_ddi_di_cache_invalidate();
725 
726 	/* purge all the bindings to this driver */
727 	purge_mbind(major, mb_hashtab);
728 	return (0);
729 }
730 
731 static struct vfs *
732 path_to_vfs(char *name)
733 {
734 	vnode_t *vp;
735 	struct vfs *vfsp;
736 
737 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
738 		return (NULL);
739 
740 	vfsp = vp->v_vfsp;
741 	VN_RELE(vp);
742 	return (vfsp);
743 }
744 
745 static int
746 new_vfs_in_modpath()
747 {
748 	static int n_modpath = 0;
749 	static char *modpath_copy;
750 	static struct pathvfs {
751 		char *path;
752 		struct vfs *vfsp;
753 	} *pathvfs;
754 
755 	int i, new_vfs = 0;
756 	char *tmp, *tmp1;
757 	struct vfs *vfsp;
758 
759 	if (n_modpath != 0) {
760 		for (i = 0; i < n_modpath; i++) {
761 			vfsp = path_to_vfs(pathvfs[i].path);
762 			if (vfsp != pathvfs[i].vfsp) {
763 				pathvfs[i].vfsp = vfsp;
764 				if (vfsp)
765 					new_vfs = 1;
766 			}
767 		}
768 		return (new_vfs);
769 	}
770 
771 	/*
772 	 * First call, initialize the pathvfs structure
773 	 */
774 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
775 	tmp = modpath_copy;
776 	n_modpath = 1;
777 	tmp1 = strchr(tmp, ' ');
778 	while (tmp1) {
779 		*tmp1 = '\0';
780 		n_modpath++;
781 		tmp = tmp1 + 1;
782 		tmp1 = strchr(tmp, ' ');
783 	}
784 
785 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
786 	tmp = modpath_copy;
787 	for (i = 0; i < n_modpath; i++) {
788 		pathvfs[i].path = tmp;
789 		vfsp = path_to_vfs(tmp);
790 		pathvfs[i].vfsp = vfsp;
791 		tmp += strlen(tmp) + 1;
792 	}
793 	return (1);	/* always reread driver.conf the first time */
794 }
795 
796 static int
797 modctl_load_drvconf(major_t major, int flags)
798 {
799 	int ret;
800 
801 	/*
802 	 * devfsadm -u - read all new driver.conf files
803 	 * and bind and configure devices for new drivers.
804 	 */
805 	if (flags & MOD_LOADDRVCONF_RECONF) {
806 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
807 		i_ddi_bind_devs();
808 		i_ddi_di_cache_invalidate();
809 		return (0);
810 	}
811 
812 	/*
813 	 * update_drv <drv> - reload driver.conf for the specified driver
814 	 */
815 	if (major != DDI_MAJOR_T_NONE) {
816 		ret = i_ddi_load_drvconf(major);
817 		if (ret == 0)
818 			i_ddi_bind_devs();
819 		return (ret);
820 	}
821 
822 	/*
823 	 * We are invoked to rescan new driver.conf files. It is
824 	 * only necessary if a new file system was mounted in the
825 	 * module_path. Because rescanning driver.conf files can
826 	 * take some time on older platforms (sun4m), the following
827 	 * code skips unnecessary driver.conf rescans to optimize
828 	 * boot performance.
829 	 */
830 	if (new_vfs_in_modpath()) {
831 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
832 		/*
833 		 * If we are still initializing io subsystem,
834 		 * load drivers with ddi-forceattach property
835 		 */
836 		if (!i_ddi_io_initialized())
837 			i_ddi_forceattach_drivers();
838 	}
839 	return (0);
840 }
841 
842 /*
843  * Unload driver.conf file and follow up by attempting
844  * to rebind devices to more appropriate driver.
845  */
846 static int
847 modctl_unload_drvconf(major_t major)
848 {
849 	int ret;
850 
851 	if (major >= devcnt)
852 		return (EINVAL);
853 
854 	ret = i_ddi_unload_drvconf(major);
855 	if (ret != 0)
856 		return (ret);
857 	(void) i_ddi_unbind_devs(major);
858 	i_ddi_bind_devs();
859 
860 	return (0);
861 }
862 
863 static void
864 check_esc_sequences(char *str, char *cstr)
865 {
866 	int i;
867 	size_t len;
868 	char *p;
869 
870 	len = strlen(str);
871 	for (i = 0; i < len; i++, str++, cstr++) {
872 		if (*str != '\\') {
873 			*cstr = *str;
874 		} else {
875 			p = str + 1;
876 			/*
877 			 * we only handle octal escape sequences for SPACE
878 			 */
879 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
880 				*cstr = ' ';
881 				str += 3;
882 			} else {
883 				*cstr = *str;
884 			}
885 		}
886 	}
887 	*cstr = 0;
888 }
889 
890 static int
891 modctl_getmodpathlen(int *data)
892 {
893 	int len;
894 	len = strlen(default_path);
895 	if (copyout(&len, data, sizeof (len)) != 0)
896 		return (EFAULT);
897 	return (0);
898 }
899 
900 static int
901 modctl_getmodpath(char *data)
902 {
903 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
904 		return (EFAULT);
905 	return (0);
906 }
907 
908 static int
909 modctl_read_sysbinding_file(void)
910 {
911 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
912 	return (0);
913 }
914 
915 static int
916 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
917 {
918 	char name[256];
919 	int retval;
920 	major_t major;
921 
922 	if (ulen == 0)
923 		return (EINVAL);
924 	if ((retval = copyinstr(uname, name,
925 	    (ulen < 256) ? ulen : 256, 0)) != 0)
926 		return (retval);
927 	if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
928 		return (ENODEV);
929 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
930 		return (EFAULT);
931 	return (0);
932 }
933 
934 static char **
935 convert_constraint_string(char *constraints, size_t len)
936 {
937 	int	i;
938 	int	n;
939 	char	*p;
940 	char	**array;
941 
942 	ASSERT(constraints != NULL);
943 	ASSERT(len > 0);
944 
945 	for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
946 		;
947 
948 	n = i;
949 
950 	if (n == 0) {
951 		kmem_free(constraints, len);
952 		return (NULL);
953 	}
954 
955 	array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
956 
957 	for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
958 		array[i] = i_ddi_strdup(p, KM_SLEEP);
959 	}
960 	array[n] = NULL;
961 
962 	kmem_free(constraints, len);
963 
964 	return (array);
965 }
966 /*ARGSUSED*/
967 static int
968 modctl_retire(char *path, char *uconstraints, size_t ulen)
969 {
970 	char	*pathbuf;
971 	char	*devpath;
972 	size_t	pathsz;
973 	int	retval;
974 	char	*constraints;
975 	char	**cons_array;
976 
977 	if (path == NULL)
978 		return (EINVAL);
979 
980 	if ((uconstraints == NULL) ^ (ulen == 0))
981 		return (EINVAL);
982 
983 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
984 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
985 	if (retval != 0) {
986 		kmem_free(pathbuf, MAXPATHLEN);
987 		return (retval);
988 	}
989 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
990 	kmem_free(pathbuf, MAXPATHLEN);
991 
992 	/*
993 	 * First check if the device is already retired.
994 	 * If it is, then persist the retire anyway, just in case the retire
995 	 * store has got out of sync with the boot archive.
996 	 */
997 	if (e_ddi_device_retired(devpath)) {
998 		cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
999 		(void) e_ddi_retire_persist(devpath);
1000 		kmem_free(devpath, strlen(devpath) + 1);
1001 		return (0);
1002 	}
1003 
1004 	cons_array = NULL;
1005 	if (uconstraints) {
1006 		constraints = kmem_alloc(ulen, KM_SLEEP);
1007 		if (copyin(uconstraints, constraints, ulen)) {
1008 			kmem_free(constraints, ulen);
1009 			kmem_free(devpath, strlen(devpath) + 1);
1010 			return (EFAULT);
1011 		}
1012 		cons_array = convert_constraint_string(constraints, ulen);
1013 	}
1014 
1015 	/*
1016 	 * Try to retire the device first. The following
1017 	 * routine will return an error only if the device
1018 	 * is not retireable i.e. retire constraints forbid
1019 	 * a retire. A return of success from this routine
1020 	 * indicates that device is retireable.
1021 	 */
1022 	retval = e_ddi_retire_device(devpath, cons_array);
1023 	if (retval != DDI_SUCCESS) {
1024 		cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
1025 		kmem_free(devpath, strlen(devpath) + 1);
1026 		return (ENOTSUP);
1027 	}
1028 
1029 	/*
1030 	 * Ok, the retire succeeded. Persist the retire.
1031 	 * If retiring a nexus, we need to only persist the
1032 	 * nexus retire. Any children of a retired nexus
1033 	 * are automatically covered by the retire store
1034 	 * code.
1035 	 */
1036 	retval = e_ddi_retire_persist(devpath);
1037 	if (retval != 0) {
1038 		cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1039 		    "%s", retval, devpath);
1040 		kmem_free(devpath, strlen(devpath) + 1);
1041 		return (retval);
1042 	}
1043 	if (moddebug & MODDEBUG_RETIRE)
1044 		cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1045 
1046 	kmem_free(devpath, strlen(devpath) + 1);
1047 	return (0);
1048 }
1049 
1050 static int
1051 modctl_is_retired(char *path, int *statep)
1052 {
1053 	char	*pathbuf;
1054 	char	*devpath;
1055 	size_t	pathsz;
1056 	int	error;
1057 	int	status;
1058 
1059 	if (path == NULL || statep == NULL)
1060 		return (EINVAL);
1061 
1062 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1063 	error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1064 	if (error != 0) {
1065 		kmem_free(pathbuf, MAXPATHLEN);
1066 		return (error);
1067 	}
1068 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1069 	kmem_free(pathbuf, MAXPATHLEN);
1070 
1071 	if (e_ddi_device_retired(devpath))
1072 		status = 1;
1073 	else
1074 		status = 0;
1075 	kmem_free(devpath, strlen(devpath) + 1);
1076 
1077 	return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1078 }
1079 
1080 static int
1081 modctl_unretire(char *path)
1082 {
1083 	char	*pathbuf;
1084 	char	*devpath;
1085 	size_t	pathsz;
1086 	int	retired;
1087 	int	retval;
1088 
1089 	if (path == NULL)
1090 		return (EINVAL);
1091 
1092 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1093 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1094 	if (retval != 0) {
1095 		kmem_free(pathbuf, MAXPATHLEN);
1096 		return (retval);
1097 	}
1098 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1099 	kmem_free(pathbuf, MAXPATHLEN);
1100 
1101 	/*
1102 	 * We check if a device is retired (first) before
1103 	 * unpersisting the retire, because we use the
1104 	 * retire store to determine if a device is retired.
1105 	 * If we unpersist first, the device will always appear
1106 	 * to be unretired. For the rationale behind unpersisting
1107 	 * a device that is not retired, see the next comment.
1108 	 */
1109 	retired = e_ddi_device_retired(devpath);
1110 
1111 	/*
1112 	 * We call unpersist unconditionally because the lookup
1113 	 * for retired devices (e_ddi_device_retired()), skips "bypassed"
1114 	 * devices. We still want to be able remove "bypassed" entries
1115 	 * from the persistent store, so we unpersist unconditionally
1116 	 * i.e. whether or not the entry is found on a lookup.
1117 	 *
1118 	 * e_ddi_retire_unpersist() returns 1 if it found and cleared
1119 	 * an entry from the retire store or 0 otherwise.
1120 	 */
1121 	if (e_ddi_retire_unpersist(devpath))
1122 		if (moddebug & MODDEBUG_RETIRE) {
1123 			cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1124 			    devpath);
1125 		}
1126 
1127 	/*
1128 	 * Check if the device is already unretired. If so,
1129 	 * the unretire becomes a NOP
1130 	 */
1131 	if (!retired) {
1132 		cmn_err(CE_NOTE, "Not retired: %s", devpath);
1133 		kmem_free(devpath, strlen(devpath) + 1);
1134 		return (0);
1135 	}
1136 
1137 	retval = e_ddi_unretire_device(devpath);
1138 	if (retval != 0) {
1139 		cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1140 		    retval, devpath);
1141 	}
1142 
1143 	kmem_free(devpath, strlen(devpath) + 1);
1144 
1145 	return (retval);
1146 }
1147 
1148 static int
1149 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1150 {
1151 	char *name;
1152 	major_t major;
1153 
1154 	if (copyin(umajorp, &major, sizeof (major)) != 0)
1155 		return (EFAULT);
1156 	if ((name = mod_major_to_name(major)) == NULL)
1157 		return (ENODEV);
1158 	if ((strlen(name) + 1) > ulen)
1159 		return (ENOSPC);
1160 	return (copyoutstr(name, uname, ulen, NULL));
1161 }
1162 
1163 static int
1164 modctl_devt2instance(dev_t dev, int *uinstancep)
1165 {
1166 	int	instance;
1167 
1168 	if ((instance = dev_to_instance(dev)) == -1)
1169 		return (EINVAL);
1170 
1171 	return (copyout(&instance, uinstancep, sizeof (int)));
1172 }
1173 
1174 /*
1175  * Return the sizeof of the device id.
1176  */
1177 static int
1178 modctl_sizeof_devid(dev_t dev, uint_t *len)
1179 {
1180 	uint_t		sz;
1181 	ddi_devid_t	devid;
1182 
1183 	/* get device id */
1184 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1185 		return (EINVAL);
1186 
1187 	sz = ddi_devid_sizeof(devid);
1188 	ddi_devid_free(devid);
1189 
1190 	/* copyout device id size */
1191 	if (copyout(&sz, len, sizeof (sz)) != 0)
1192 		return (EFAULT);
1193 
1194 	return (0);
1195 }
1196 
1197 /*
1198  * Return a copy of the device id.
1199  */
1200 static int
1201 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1202 {
1203 	uint_t		sz;
1204 	ddi_devid_t	devid;
1205 	int		err = 0;
1206 
1207 	/* get device id */
1208 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1209 		return (EINVAL);
1210 
1211 	sz = ddi_devid_sizeof(devid);
1212 
1213 	/* Error if device id is larger than space allocated */
1214 	if (sz > len) {
1215 		ddi_devid_free(devid);
1216 		return (ENOSPC);
1217 	}
1218 
1219 	/* copy out device id */
1220 	if (copyout(devid, udevid, sz) != 0)
1221 		err = EFAULT;
1222 	ddi_devid_free(devid);
1223 	return (err);
1224 }
1225 
1226 /*
1227  * return the /devices paths associated with the specified devid and
1228  * minor name.
1229  */
1230 /*ARGSUSED*/
1231 static int
1232 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1233 	size_t *ulensp, char *upaths)
1234 {
1235 	ddi_devid_t	devid = NULL;
1236 	int		devid_len;
1237 	char		*minor_name = NULL;
1238 	dev_info_t	*dip = NULL;
1239 	int		circ;
1240 	struct ddi_minor_data	*dmdp;
1241 	char		*path = NULL;
1242 	int		ulens;
1243 	int		lens;
1244 	int		len;
1245 	dev_t		*devlist = NULL;
1246 	int		ndevs;
1247 	int		i;
1248 	int		ret = 0;
1249 
1250 	/*
1251 	 * If upaths is NULL then we are only computing the amount of space
1252 	 * needed to hold the paths and returning the value in *ulensp. If we
1253 	 * are copying out paths then we get the amount of space allocated by
1254 	 * the caller. If the actual space needed for paths is larger, or
1255 	 * things are changing out from under us, then we return EAGAIN.
1256 	 */
1257 	if (upaths) {
1258 		if (ulensp == NULL)
1259 			return (EINVAL);
1260 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1261 			return (EFAULT);
1262 	}
1263 
1264 	/*
1265 	 * copyin enough of the devid to determine the length then
1266 	 * reallocate and copy in the entire devid.
1267 	 */
1268 	devid_len = ddi_devid_sizeof(NULL);
1269 	devid = kmem_alloc(devid_len, KM_SLEEP);
1270 	if (copyin(udevid, devid, devid_len)) {
1271 		ret = EFAULT;
1272 		goto out;
1273 	}
1274 	len = devid_len;
1275 	devid_len = ddi_devid_sizeof(devid);
1276 	kmem_free(devid, len);
1277 	devid = kmem_alloc(devid_len, KM_SLEEP);
1278 	if (copyin(udevid, devid, devid_len)) {
1279 		ret = EFAULT;
1280 		goto out;
1281 	}
1282 
1283 	/* copyin the minor name if specified. */
1284 	minor_name = uminor_name;
1285 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1286 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1287 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1288 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1289 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1290 			ret = EFAULT;
1291 			goto out;
1292 		}
1293 	}
1294 
1295 	/*
1296 	 * Use existing function to resolve the devid into a devlist.
1297 	 *
1298 	 * NOTE: there is a loss of spectype information in the current
1299 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
1300 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1301 	 * node forms in the loop processing the devlist below. It would be
1302 	 * best if at some point the use of this interface here was replaced
1303 	 * with a path oriented call.
1304 	 */
1305 	if (ddi_lyr_devid_to_devlist(devid,
1306 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
1307 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
1308 	    &ndevs, &devlist) != DDI_SUCCESS) {
1309 		ret = EINVAL;
1310 		goto out;
1311 	}
1312 
1313 	/*
1314 	 * loop over the devlist, converting each devt to a path and doing
1315 	 * a copyout of the path and computation of the amount of space
1316 	 * needed to hold all the paths
1317 	 */
1318 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1319 	for (i = 0, lens = 0; i < ndevs; i++) {
1320 
1321 		/* find the dip associated with the dev_t */
1322 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1323 			continue;
1324 
1325 		/* loop over all the minor nodes, skipping ones we don't want */
1326 		ndi_devi_enter(dip, &circ);
1327 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1328 			if ((dmdp->ddm_dev != devlist[i]) ||
1329 			    (dmdp->type != DDM_MINOR))
1330 				continue;
1331 
1332 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1333 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1334 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1335 			    strcmp(minor_name, dmdp->ddm_name))
1336 				continue;
1337 			else {
1338 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1339 				    (dmdp->ddm_spec_type != S_IFCHR))
1340 					continue;
1341 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1342 				    (dmdp->ddm_spec_type != S_IFBLK))
1343 					continue;
1344 			}
1345 
1346 			(void) ddi_pathname_minor(dmdp, path);
1347 			len = strlen(path) + 1;
1348 			*(path + len) = '\0';	/* set double termination */
1349 			lens += len;
1350 
1351 			/* copyout the path with double terminations */
1352 			if (upaths) {
1353 				if (lens > ulens) {
1354 					ret = EAGAIN;
1355 					goto out;
1356 				}
1357 				if (copyout(path, upaths, len + 1)) {
1358 					ret = EFAULT;
1359 					goto out;
1360 				}
1361 				upaths += len;
1362 			}
1363 		}
1364 		ndi_devi_exit(dip, circ);
1365 		ddi_release_devi(dip);
1366 		dip = NULL;
1367 	}
1368 	lens++;		/* add one for double termination */
1369 
1370 	/* copy out the amount of space needed to hold the paths */
1371 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1372 		ret = EFAULT;
1373 		goto out;
1374 	}
1375 	ret = 0;
1376 
1377 out:	if (dip) {
1378 		ndi_devi_exit(dip, circ);
1379 		ddi_release_devi(dip);
1380 	}
1381 	if (path)
1382 		kmem_free(path, MAXPATHLEN);
1383 	if (devlist)
1384 		ddi_lyr_free_devlist(devlist, ndevs);
1385 	if (minor_name &&
1386 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1387 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1388 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1389 		kmem_free(minor_name, MAXPATHLEN);
1390 	if (devid)
1391 		kmem_free(devid, devid_len);
1392 	return (ret);
1393 }
1394 
1395 /*
1396  * Return the size of the minor name.
1397  */
1398 static int
1399 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1400 {
1401 	uint_t	sz;
1402 	char	*name;
1403 
1404 	/* get the minor name */
1405 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1406 		return (EINVAL);
1407 
1408 	sz = strlen(name) + 1;
1409 	kmem_free(name, sz);
1410 
1411 	/* copy out the size of the minor name */
1412 	if (copyout(&sz, len, sizeof (sz)) != 0)
1413 		return (EFAULT);
1414 
1415 	return (0);
1416 }
1417 
1418 /*
1419  * Return the minor name.
1420  */
1421 static int
1422 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1423 {
1424 	uint_t	sz;
1425 	char	*name;
1426 	int	err = 0;
1427 
1428 	/* get the minor name */
1429 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1430 		return (EINVAL);
1431 
1432 	sz = strlen(name) + 1;
1433 
1434 	/* Error if the minor name is larger than the space allocated */
1435 	if (sz > len) {
1436 		kmem_free(name, sz);
1437 		return (ENOSPC);
1438 	}
1439 
1440 	/* copy out the minor name */
1441 	if (copyout(name, uname, sz) != 0)
1442 		err = EFAULT;
1443 	kmem_free(name, sz);
1444 	return (err);
1445 }
1446 
1447 /*
1448  * Return the size of the (dev_t,spectype) devfspath name.
1449  */
1450 static int
1451 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1452 {
1453 	uint_t	sz;
1454 	char	*name;
1455 
1456 	/* get the path name */
1457 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1458 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1459 		kmem_free(name, MAXPATHLEN);
1460 		return (EINVAL);
1461 	}
1462 
1463 	sz = strlen(name) + 1;
1464 	kmem_free(name, MAXPATHLEN);
1465 
1466 	/* copy out the size of the path name */
1467 	if (copyout(&sz, len, sizeof (sz)) != 0)
1468 		return (EFAULT);
1469 
1470 	return (0);
1471 }
1472 
1473 /*
1474  * Return the (dev_t,spectype) devfspath name.
1475  */
1476 static int
1477 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1478 {
1479 	uint_t	sz;
1480 	char	*name;
1481 	int	err = 0;
1482 
1483 	/* get the path name */
1484 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1485 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1486 		kmem_free(name, MAXPATHLEN);
1487 		return (EINVAL);
1488 	}
1489 
1490 	sz = strlen(name) + 1;
1491 
1492 	/* Error if the path name is larger than the space allocated */
1493 	if (sz > len) {
1494 		kmem_free(name, MAXPATHLEN);
1495 		return (ENOSPC);
1496 	}
1497 
1498 	/* copy out the path name */
1499 	if (copyout(name, uname, sz) != 0)
1500 		err = EFAULT;
1501 	kmem_free(name, MAXPATHLEN);
1502 	return (err);
1503 }
1504 
1505 /*
1506  * Return the size of the (major,instance) devfspath name.
1507  */
1508 static int
1509 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1510 {
1511 	uint_t	sz;
1512 	char	*name;
1513 
1514 	/* get the path name */
1515 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1516 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1517 		kmem_free(name, MAXPATHLEN);
1518 		return (EINVAL);
1519 	}
1520 
1521 	sz = strlen(name) + 1;
1522 	kmem_free(name, MAXPATHLEN);
1523 
1524 	/* copy out the size of the path name */
1525 	if (copyout(&sz, len, sizeof (sz)) != 0)
1526 		return (EFAULT);
1527 
1528 	return (0);
1529 }
1530 
1531 /*
1532  * Return the (major_instance) devfspath name.
1533  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1534  * return a path - it uses the instance tree.
1535  */
1536 static int
1537 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1538 {
1539 	uint_t	sz;
1540 	char	*name;
1541 	int	err = 0;
1542 
1543 	/* get the path name */
1544 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1545 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1546 		kmem_free(name, MAXPATHLEN);
1547 		return (EINVAL);
1548 	}
1549 
1550 	sz = strlen(name) + 1;
1551 
1552 	/* Error if the path name is larger than the space allocated */
1553 	if (sz > len) {
1554 		kmem_free(name, MAXPATHLEN);
1555 		return (ENOSPC);
1556 	}
1557 
1558 	/* copy out the path name */
1559 	if (copyout(name, uname, sz) != 0)
1560 		err = EFAULT;
1561 	kmem_free(name, MAXPATHLEN);
1562 	return (err);
1563 }
1564 
1565 static int
1566 modctl_get_fbname(char *path)
1567 {
1568 	extern dev_t fbdev;
1569 	char *pathname = NULL;
1570 	int rval = 0;
1571 
1572 	/* make sure fbdev is set before we plunge in */
1573 	if (fbdev == NODEV)
1574 		return (ENODEV);
1575 
1576 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1577 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1578 	    pathname)) == DDI_SUCCESS) {
1579 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1580 			rval = EFAULT;
1581 		}
1582 	}
1583 	kmem_free(pathname, MAXPATHLEN);
1584 	return (rval);
1585 }
1586 
1587 /*
1588  * modctl_reread_dacf()
1589  *	Reread the dacf rules database from the named binding file.
1590  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1591  */
1592 static int
1593 modctl_reread_dacf(char *path)
1594 {
1595 	int rval = 0;
1596 	char *filename, *filenamep;
1597 
1598 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1599 
1600 	if (path == NULL) {
1601 		filenamep = NULL;
1602 	} else {
1603 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1604 			rval = EFAULT;
1605 			goto out;
1606 		}
1607 		filenamep = filename;
1608 		filenamep[MAXPATHLEN - 1] = '\0';
1609 	}
1610 
1611 	rval = read_dacf_binding_file(filenamep);
1612 out:
1613 	kmem_free(filename, MAXPATHLEN);
1614 	return (rval);
1615 }
1616 
1617 /*ARGSUSED*/
1618 static int
1619 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1620     uint_t flag)
1621 {
1622 	int error = 0;
1623 	char *filenamep;
1624 
1625 	switch (subcmd) {
1626 
1627 	case MODEVENTS_FLUSH:
1628 		/* flush all currently queued events */
1629 		log_sysevent_flushq(subcmd, flag);
1630 		break;
1631 
1632 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1633 		/*
1634 		 * bind door_upcall to filename
1635 		 * this should only be done once per invocation
1636 		 * of the event daemon.
1637 		 */
1638 
1639 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1640 
1641 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1642 			error = EFAULT;
1643 		} else {
1644 			error = log_sysevent_filename(filenamep);
1645 		}
1646 		kmem_free(filenamep, MOD_MAXPATH);
1647 		break;
1648 
1649 	case MODEVENTS_GETDATA:
1650 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1651 		    (size_t)a3, (caddr_t)a4);
1652 		break;
1653 
1654 	case MODEVENTS_FREEDATA:
1655 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1656 		break;
1657 	case MODEVENTS_POST_EVENT:
1658 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1659 		    (sysevent_id_t *)a4);
1660 		break;
1661 	case MODEVENTS_REGISTER_EVENT:
1662 		error = log_sysevent_register((char *)a2, (char *)a3,
1663 		    (se_pubsub_t *)a4);
1664 		break;
1665 	default:
1666 		error = EINVAL;
1667 	}
1668 
1669 	return (error);
1670 }
1671 
1672 static void
1673 free_mperm(mperm_t *mp)
1674 {
1675 	int len;
1676 
1677 	if (mp->mp_minorname) {
1678 		len = strlen(mp->mp_minorname) + 1;
1679 		kmem_free(mp->mp_minorname, len);
1680 	}
1681 	kmem_free(mp, sizeof (mperm_t));
1682 }
1683 
1684 #define	MP_NO_DRV_ERR	\
1685 	"/etc/minor_perm: no driver for %s\n"
1686 
1687 #define	MP_EMPTY_MINOR	\
1688 	"/etc/minor_perm: empty minor name for driver %s\n"
1689 
1690 #define	MP_NO_MINOR	\
1691 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1692 
1693 /*
1694  * Remove mperm entry with matching minorname
1695  */
1696 static void
1697 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1698 {
1699 	mperm_t **mp_head;
1700 	mperm_t *freemp = NULL;
1701 	struct devnames *dnp = &devnamesp[major];
1702 	mperm_t **wildmp;
1703 
1704 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1705 
1706 	LOCK_DEV_OPS(&dnp->dn_lock);
1707 	if (strcmp(mp->mp_minorname, "*") == 0) {
1708 		wildmp = ((is_clone == 0) ?
1709 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1710 		if (*wildmp)
1711 			freemp = *wildmp;
1712 		*wildmp = NULL;
1713 	} else {
1714 		mp_head = &dnp->dn_mperm;
1715 		while (*mp_head) {
1716 			if (strcmp((*mp_head)->mp_minorname,
1717 			    mp->mp_minorname) != 0) {
1718 				mp_head = &(*mp_head)->mp_next;
1719 				continue;
1720 			}
1721 			/* remove the entry */
1722 			freemp = *mp_head;
1723 			*mp_head = freemp->mp_next;
1724 			break;
1725 		}
1726 	}
1727 	if (freemp) {
1728 		if (moddebug & MODDEBUG_MINORPERM) {
1729 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1730 			    drvname, freemp->mp_minorname,
1731 			    freemp->mp_mode & 0777,
1732 			    freemp->mp_uid, freemp->mp_gid);
1733 		}
1734 		free_mperm(freemp);
1735 	} else {
1736 		if (moddebug & MODDEBUG_MINORPERM) {
1737 			cmn_err(CE_CONT, MP_NO_MINOR,
1738 			    drvname, mp->mp_minorname);
1739 		}
1740 	}
1741 
1742 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1743 }
1744 
1745 /*
1746  * Add minor perm entry
1747  */
1748 static void
1749 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1750 {
1751 	mperm_t **mp_head;
1752 	mperm_t *freemp = NULL;
1753 	struct devnames *dnp = &devnamesp[major];
1754 	mperm_t **wildmp;
1755 
1756 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1757 
1758 	/*
1759 	 * Note that update_drv replace semantics require
1760 	 * replacing matching entries with the new permissions.
1761 	 */
1762 	LOCK_DEV_OPS(&dnp->dn_lock);
1763 	if (strcmp(mp->mp_minorname, "*") == 0) {
1764 		wildmp = ((is_clone == 0) ?
1765 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1766 		if (*wildmp)
1767 			freemp = *wildmp;
1768 		*wildmp = mp;
1769 	} else {
1770 		mperm_t *p, *v = NULL;
1771 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1772 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1773 				if (v == NULL)
1774 					dnp->dn_mperm = mp;
1775 				else
1776 					v->mp_next = mp;
1777 				mp->mp_next = p->mp_next;
1778 				freemp = p;
1779 				goto replaced;
1780 			}
1781 		}
1782 		if (p == NULL) {
1783 			mp_head = &dnp->dn_mperm;
1784 			if (*mp_head == NULL) {
1785 				*mp_head = mp;
1786 			} else {
1787 				mp->mp_next = *mp_head;
1788 				*mp_head = mp;
1789 			}
1790 		}
1791 	}
1792 replaced:
1793 	if (freemp) {
1794 		if (moddebug & MODDEBUG_MINORPERM) {
1795 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1796 			    drvname, freemp->mp_minorname,
1797 			    freemp->mp_mode & 0777,
1798 			    freemp->mp_uid, freemp->mp_gid);
1799 		}
1800 		free_mperm(freemp);
1801 	}
1802 	if (moddebug & MODDEBUG_MINORPERM) {
1803 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1804 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1805 		    mp->mp_uid, mp->mp_gid);
1806 	}
1807 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1808 }
1809 
1810 
1811 static int
1812 process_minorperm(int cmd, nvlist_t *nvl)
1813 {
1814 	char *minor;
1815 	major_t major;
1816 	mperm_t *mp;
1817 	nvpair_t *nvp;
1818 	char *name;
1819 	int is_clone;
1820 	major_t minmaj;
1821 
1822 	ASSERT(cmd == MODLOADMINORPERM ||
1823 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1824 
1825 	nvp = NULL;
1826 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1827 		name = nvpair_name(nvp);
1828 
1829 		is_clone = 0;
1830 		(void) nvpair_value_string(nvp, &minor);
1831 		major = ddi_name_to_major(name);
1832 		if (major != DDI_MAJOR_T_NONE) {
1833 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1834 			if (minor == NULL || strlen(minor) == 0) {
1835 				if (moddebug & MODDEBUG_MINORPERM) {
1836 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1837 				}
1838 				minor = "*";
1839 			}
1840 
1841 			/*
1842 			 * The minor name of a node using the clone
1843 			 * driver must be the driver name.  To avoid
1844 			 * multiple searches, we map entries in the form
1845 			 * clone:<driver> to <driver>:*.  This also allows us
1846 			 * to filter out some of the litter in /etc/minor_perm.
1847 			 * Minor perm alias entries where the name is not
1848 			 * the driver kept on the clone list itself.
1849 			 * This all seems very fragile as a driver could
1850 			 * be introduced with an existing alias name.
1851 			 */
1852 			if (strcmp(name, "clone") == 0) {
1853 				minmaj = ddi_name_to_major(minor);
1854 				if (minmaj != DDI_MAJOR_T_NONE) {
1855 					if (moddebug & MODDEBUG_MINORPERM) {
1856 						cmn_err(CE_CONT,
1857 						    "mapping %s:%s to %s:*\n",
1858 						    name, minor, minor);
1859 					}
1860 					major = minmaj;
1861 					name = minor;
1862 					minor = "*";
1863 					is_clone = 1;
1864 				}
1865 			}
1866 
1867 			if (mp) {
1868 				mp->mp_minorname =
1869 				    i_ddi_strdup(minor, KM_SLEEP);
1870 			}
1871 		} else {
1872 			mp = NULL;
1873 			if (moddebug & MODDEBUG_MINORPERM) {
1874 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1875 			}
1876 		}
1877 
1878 		/* mode */
1879 		nvp = nvlist_next_nvpair(nvl, nvp);
1880 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1881 		if (mp)
1882 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1883 		/* uid */
1884 		nvp = nvlist_next_nvpair(nvl, nvp);
1885 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1886 		if (mp)
1887 			(void) nvpair_value_uint32(nvp, &mp->mp_uid);
1888 		/* gid */
1889 		nvp = nvlist_next_nvpair(nvl, nvp);
1890 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1891 		if (mp) {
1892 			(void) nvpair_value_uint32(nvp, &mp->mp_gid);
1893 
1894 			if (cmd == MODREMMINORPERM) {
1895 				rem_minorperm(major, name, mp, is_clone);
1896 				free_mperm(mp);
1897 			} else {
1898 				add_minorperm(major, name, mp, is_clone);
1899 			}
1900 		}
1901 	}
1902 
1903 	if (cmd == MODLOADMINORPERM)
1904 		minorperm_loaded = 1;
1905 
1906 	/*
1907 	 * Reset permissions of cached dv_nodes
1908 	 */
1909 	(void) devfs_reset_perm(DV_RESET_PERM);
1910 
1911 	return (0);
1912 }
1913 
1914 static int
1915 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1916 {
1917 	int error;
1918 	nvlist_t *nvl;
1919 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1920 
1921 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1922 		kmem_free(buf, buflen);
1923 		return (error);
1924 	}
1925 
1926 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1927 	kmem_free(buf, buflen);
1928 	if (error)
1929 		return (error);
1930 
1931 	error = process_minorperm(cmd, nvl);
1932 	nvlist_free(nvl);
1933 	return (error);
1934 }
1935 
1936 struct walk_args {
1937 	char		*wa_drvname;
1938 	list_t		wa_pathlist;
1939 };
1940 
1941 struct path_elem {
1942 	char		*pe_dir;
1943 	char		*pe_nodename;
1944 	list_node_t	pe_node;
1945 	int		pe_dirlen;
1946 };
1947 
1948 /*ARGSUSED*/
1949 static int
1950 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1951 {
1952 	struct walk_args *wargs = (struct walk_args *)arg;
1953 	struct path_elem *pe;
1954 	char *nodename;
1955 
1956 	/*
1957 	 * Search may be restricted to a single driver in the case of rem_drv
1958 	 */
1959 	if (wargs->wa_drvname &&
1960 	    strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1961 		return (INST_WALK_CONTINUE);
1962 
1963 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1964 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1965 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1966 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1967 	nodename = strrchr(pe->pe_dir, '/');
1968 	*nodename++ = 0;
1969 	pe->pe_nodename = nodename;
1970 	list_insert_tail(&wargs->wa_pathlist, pe);
1971 
1972 	return (INST_WALK_CONTINUE);
1973 }
1974 
1975 /*
1976  * /devices attribute nodes clean-up optionally performed
1977  * when removing a driver (rem_drv -C).
1978  *
1979  * Removing attribute nodes allows a machine to be reprovisioned
1980  * without the side-effect of inadvertently picking up stale
1981  * device node ownership or permissions.
1982  *
1983  * Preserving attributes (not performing cleanup) allows devices
1984  * attribute changes to be preserved across upgrades, as
1985  * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1986  */
1987 static int
1988 modctl_remdrv_cleanup(const char *u_drvname)
1989 {
1990 	struct walk_args *wargs;
1991 	struct path_elem *pe;
1992 	char *drvname;
1993 	int err, rval = 0;
1994 
1995 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
1996 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
1997 		kmem_free(drvname, MAXMODCONFNAME);
1998 		return (err);
1999 	}
2000 
2001 	/*
2002 	 * First go through the instance database.  For each
2003 	 * instance of a device bound to the driver being
2004 	 * removed, remove any underlying devfs attribute nodes.
2005 	 *
2006 	 * This is a two-step process.	First we go through
2007 	 * the instance data itself, constructing a list of
2008 	 * the nodes discovered.  The second step is then
2009 	 * to find and remove any devfs attribute nodes
2010 	 * for the instances discovered in the first step.
2011 	 * The two-step process avoids any difficulties
2012 	 * which could arise by holding the instance data
2013 	 * lock with simultaneous devfs operations.
2014 	 */
2015 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2016 
2017 	wargs->wa_drvname = drvname;
2018 	list_create(&wargs->wa_pathlist,
2019 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2020 
2021 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2022 
2023 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2024 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2025 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2026 		    (const char *)pe->pe_nodename);
2027 		if (rval == 0)
2028 			rval = err;
2029 	}
2030 
2031 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2032 		list_remove(&wargs->wa_pathlist, pe);
2033 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2034 		kmem_free(pe, sizeof (*pe));
2035 	}
2036 	kmem_free(wargs, sizeof (*wargs));
2037 
2038 	/*
2039 	 * Pseudo nodes aren't recorded in the instance database
2040 	 * so any such nodes need to be handled separately.
2041 	 */
2042 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2043 	if (rval == 0)
2044 		rval = err;
2045 
2046 	kmem_free(drvname, MAXMODCONFNAME);
2047 	return (rval);
2048 }
2049 
2050 /*
2051  * Perform a cleanup of non-existent /devices attribute nodes,
2052  * similar to rem_drv -C, but for all drivers/devices.
2053  * This is also optional, performed as part of devfsadm -C.
2054  */
2055 void
2056 dev_devices_cleanup()
2057 {
2058 	struct walk_args *wargs;
2059 	struct path_elem *pe;
2060 	dev_info_t *devi;
2061 	char *path;
2062 	int err;
2063 
2064 	/*
2065 	 * It's expected that all drivers have been loaded and
2066 	 * module unloading disabled while performing cleanup.
2067 	 */
2068 	ASSERT(modunload_disable_count > 0);
2069 
2070 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2071 	wargs->wa_drvname = NULL;
2072 	list_create(&wargs->wa_pathlist,
2073 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2074 
2075 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2076 
2077 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2078 
2079 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2080 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2081 		(void) snprintf(path, MAXPATHLEN, "%s/%s",
2082 		    pe->pe_dir, pe->pe_nodename);
2083 		devi = e_ddi_hold_devi_by_path(path, 0);
2084 		if (devi != NULL) {
2085 			ddi_release_devi(devi);
2086 		} else {
2087 			err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2088 			    (const char *)pe->pe_nodename);
2089 			if (err) {
2090 				cmn_err(CE_CONT,
2091 				    "devfs: %s: clean-up error %d\n",
2092 				    path, err);
2093 			}
2094 		}
2095 	}
2096 
2097 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2098 		list_remove(&wargs->wa_pathlist, pe);
2099 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2100 		kmem_free(pe, sizeof (*pe));
2101 	}
2102 	kmem_free(wargs, sizeof (*wargs));
2103 	kmem_free(path, MAXPATHLEN);
2104 }
2105 
2106 static int
2107 modctl_allocpriv(const char *name)
2108 {
2109 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2110 	int error;
2111 
2112 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2113 		kmem_free(pstr, PRIVNAME_MAX);
2114 		return (error);
2115 	}
2116 	error = priv_getbyname(pstr, PRIV_ALLOC);
2117 	if (error < 0)
2118 		error = -error;
2119 	else
2120 		error = 0;
2121 	kmem_free(pstr, PRIVNAME_MAX);
2122 	return (error);
2123 }
2124 
2125 static int
2126 modctl_devexists(const char *upath, int pathlen)
2127 {
2128 	char	*path;
2129 	int	ret;
2130 
2131 	/*
2132 	 * copy in the path, including the terminating null
2133 	 */
2134 	pathlen++;
2135 	if (pathlen <= 1 || pathlen > MAXPATHLEN)
2136 		return (EINVAL);
2137 	path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2138 	if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2139 		ret = sdev_modctl_devexists(path);
2140 	}
2141 
2142 	kmem_free(path, pathlen + 1);
2143 	return (ret);
2144 }
2145 
2146 static int
2147 modctl_devreaddir(const char *udir, int udirlen,
2148     char *upaths, int64_t *ulensp)
2149 {
2150 	char	*paths = NULL;
2151 	char	**dirlist = NULL;
2152 	char	*dir;
2153 	int64_t	ulens;
2154 	int64_t	lens;
2155 	int	i, n;
2156 	int	ret = 0;
2157 	char	*p;
2158 	int	npaths;
2159 	int	npaths_alloc;
2160 
2161 	/*
2162 	 * If upaths is NULL then we are only computing the amount of space
2163 	 * needed to return the paths, with the value returned in *ulensp. If we
2164 	 * are copying out paths then we get the amount of space allocated by
2165 	 * the caller. If the actual space needed for paths is larger, or
2166 	 * things are changing out from under us, then we return EAGAIN.
2167 	 */
2168 	if (upaths) {
2169 		if (ulensp == NULL)
2170 			return (EINVAL);
2171 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2172 			return (EFAULT);
2173 	}
2174 
2175 	/*
2176 	 * copyin the /dev path including terminating null
2177 	 */
2178 	udirlen++;
2179 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2180 		return (EINVAL);
2181 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2182 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2183 		goto err;
2184 
2185 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2186 	    &npaths, &npaths_alloc, 0)) != 0) {
2187 		ASSERT(dirlist == NULL);
2188 		goto err;
2189 	}
2190 
2191 	lens = 0;
2192 	for (i = 0; i < npaths; i++) {
2193 		lens += strlen(dirlist[i]) + 1;
2194 	}
2195 	lens++;		/* add one for double termination */
2196 
2197 	if (upaths) {
2198 		if (lens > ulens) {
2199 			ret = EAGAIN;
2200 			goto out;
2201 		}
2202 
2203 		paths = kmem_alloc(lens, KM_SLEEP);
2204 
2205 		p = paths;
2206 		for (i = 0; i < npaths; i++) {
2207 			n = strlen(dirlist[i]) + 1;
2208 			bcopy(dirlist[i], p, n);
2209 			p += n;
2210 		}
2211 		*p = 0;
2212 
2213 		if (copyout(paths, upaths, lens)) {
2214 			ret = EFAULT;
2215 			goto err;
2216 		}
2217 	}
2218 
2219 out:
2220 	/* copy out the amount of space needed to hold the paths */
2221 	if (copyout(&lens, ulensp, sizeof (lens)))
2222 		ret = EFAULT;
2223 
2224 err:
2225 	if (dirlist)
2226 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2227 	if (paths)
2228 		kmem_free(paths, lens);
2229 	kmem_free(dir, udirlen + 1);
2230 	return (ret);
2231 }
2232 
2233 static int
2234 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2235 {
2236 	char	*dir;
2237 	int	ret;
2238 	char	**dirlist = NULL;
2239 	int	npaths;
2240 	int	npaths_alloc;
2241 	int	empty;
2242 
2243 	/*
2244 	 * copyin the /dev path including terminating null
2245 	 */
2246 	udirlen++;
2247 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2248 		return (EINVAL);
2249 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2250 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2251 		goto err;
2252 
2253 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2254 	    &npaths, &npaths_alloc, 1)) != 0) {
2255 		goto err;
2256 	}
2257 
2258 	empty = npaths ? 0 : 1;
2259 	if (copyout(&empty, uempty, sizeof (empty)))
2260 		ret = EFAULT;
2261 
2262 err:
2263 	if (dirlist)
2264 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2265 	kmem_free(dir, udirlen + 1);
2266 	return (ret);
2267 }
2268 
2269 static int
2270 modctl_hp(int subcmd, const char *path, char *cn_name, uintptr_t arg,
2271     uintptr_t rval)
2272 {
2273 	int error = 0;
2274 	size_t pathsz, namesz;
2275 	char *devpath, *cn_name_str;
2276 
2277 	if (path == NULL)
2278 		return (EINVAL);
2279 
2280 	devpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
2281 	error = copyinstr(path, devpath, MAXPATHLEN, &pathsz);
2282 	if (error != 0) {
2283 		kmem_free(devpath, MAXPATHLEN);
2284 		return (EFAULT);
2285 	}
2286 
2287 	cn_name_str = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2288 	error = copyinstr(cn_name, cn_name_str, MAXNAMELEN, &namesz);
2289 	if (error != 0) {
2290 		kmem_free(devpath, MAXPATHLEN);
2291 		kmem_free(cn_name_str, MAXNAMELEN);
2292 
2293 		return (EFAULT);
2294 	}
2295 
2296 	switch (subcmd) {
2297 	case MODHPOPS_CHANGE_STATE:
2298 		error = ddihp_modctl(DDI_HPOP_CN_CHANGE_STATE, devpath,
2299 		    cn_name_str, arg, NULL);
2300 		break;
2301 	case MODHPOPS_CREATE_PORT:
2302 		/* Create an empty PORT */
2303 		error = ddihp_modctl(DDI_HPOP_CN_CREATE_PORT, devpath,
2304 		    cn_name_str, NULL, NULL);
2305 		break;
2306 	case MODHPOPS_REMOVE_PORT:
2307 		/* Remove an empty PORT */
2308 		error = ddihp_modctl(DDI_HPOP_CN_REMOVE_PORT, devpath,
2309 		    cn_name_str, NULL, NULL);
2310 		break;
2311 	case MODHPOPS_BUS_GET:
2312 		error = ddihp_modctl(DDI_HPOP_CN_GET_PROPERTY, devpath,
2313 		    cn_name_str, arg, rval);
2314 		break;
2315 	case MODHPOPS_BUS_SET:
2316 		error = ddihp_modctl(DDI_HPOP_CN_SET_PROPERTY, devpath,
2317 		    cn_name_str, arg, rval);
2318 		break;
2319 	default:
2320 		error = ENOTSUP;
2321 		break;
2322 	}
2323 
2324 	kmem_free(devpath, MAXPATHLEN);
2325 	kmem_free(cn_name_str, MAXNAMELEN);
2326 
2327 	return (error);
2328 }
2329 
2330 int
2331 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2332 {
2333 	int error = 0;
2334 
2335 	switch (subcmd) {
2336 	case MODDEVNAME_LOOKUPDOOR:
2337 		error = devname_filename_register((char *)a1);
2338 		break;
2339 	case MODDEVNAME_PROFILE:
2340 		error = devname_profile_update((char *)a1, (size_t)a2);
2341 		break;
2342 	case MODDEVNAME_RECONFIG:
2343 		i_ddi_set_reconfig();
2344 		break;
2345 	case MODDEVNAME_SYSAVAIL:
2346 		i_ddi_set_sysavail();
2347 		break;
2348 	default:
2349 		error = EINVAL;
2350 		break;
2351 	}
2352 
2353 	return (error);
2354 }
2355 
2356 /*ARGSUSED5*/
2357 int
2358 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2359     uintptr_t a5)
2360 {
2361 	int	error = EINVAL;
2362 	dev_t	dev;
2363 
2364 	if (secpolicy_modctl(CRED(), cmd) != 0)
2365 		return (set_errno(EPERM));
2366 
2367 	switch (cmd) {
2368 	case MODLOAD:		/* load a module */
2369 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2370 		break;
2371 
2372 	case MODUNLOAD:		/* unload a module */
2373 		error = modctl_modunload((modid_t)a1);
2374 		break;
2375 
2376 	case MODINFO:		/* get module status */
2377 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2378 		break;
2379 
2380 	case MODRESERVED:	/* get last major number in range */
2381 		error = modctl_modreserve((modid_t)a1, (int *)a2);
2382 		break;
2383 
2384 	case MODSETMINIROOT:	/* we are running in miniroot */
2385 		isminiroot = 1;
2386 		error = 0;
2387 		break;
2388 
2389 	case MODADDMAJBIND:	/* add major / driver alias bindings */
2390 		error = modctl_add_driver_aliases((int *)a2);
2391 		break;
2392 
2393 	case MODGETPATHLEN:	/* get modpath length */
2394 		error = modctl_getmodpathlen((int *)a2);
2395 		break;
2396 
2397 	case MODGETPATH:	/* get modpath */
2398 		error = modctl_getmodpath((char *)a2);
2399 		break;
2400 
2401 	case MODREADSYSBIND:	/* read system call binding file */
2402 		error = modctl_read_sysbinding_file();
2403 		break;
2404 
2405 	case MODGETMAJBIND:	/* get major number for named device */
2406 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2407 		break;
2408 
2409 	case MODGETNAME:	/* get name of device given major number */
2410 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2411 		break;
2412 
2413 	case MODDEVT2INSTANCE:
2414 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2415 			dev = (dev_t)a1;
2416 		}
2417 #ifdef _SYSCALL32_IMPL
2418 		else {
2419 			dev = expldev(a1);
2420 		}
2421 #endif
2422 		error = modctl_devt2instance(dev, (int *)a2);
2423 		break;
2424 
2425 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
2426 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2427 			dev = (dev_t)a1;
2428 		}
2429 #ifdef _SYSCALL32_IMPL
2430 		else {
2431 			dev = expldev(a1);
2432 		}
2433 #endif
2434 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
2435 		break;
2436 
2437 	case MODGETDEVID:	/* get device id of device given dev_t */
2438 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2439 			dev = (dev_t)a1;
2440 		}
2441 #ifdef _SYSCALL32_IMPL
2442 		else {
2443 			dev = expldev(a1);
2444 		}
2445 #endif
2446 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2447 		break;
2448 
2449 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm (dev_t,spectype) */
2450 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2451 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2452 			    (uint_t *)a3);
2453 		}
2454 #ifdef _SYSCALL32_IMPL
2455 		else {
2456 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2457 			    (uint_t *)a3);
2458 		}
2459 
2460 #endif
2461 		break;
2462 
2463 	case MODGETMINORNAME:		/* get minor name of (dev_t,spectype) */
2464 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2465 			error = modctl_get_minorname((dev_t)a1, (int)a2,
2466 			    (uint_t)a3, (char *)a4);
2467 		}
2468 #ifdef _SYSCALL32_IMPL
2469 		else {
2470 			error = modctl_get_minorname(expldev(a1), (int)a2,
2471 			    (uint_t)a3, (char *)a4);
2472 		}
2473 #endif
2474 		break;
2475 
2476 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of (dev_t,spectype) */
2477 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2478 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
2479 			    (uint_t *)a3);
2480 		}
2481 #ifdef _SYSCALL32_IMPL
2482 		else {
2483 			error = modctl_devfspath_len(expldev(a1), (int)a2,
2484 			    (uint_t *)a3);
2485 		}
2486 
2487 #endif
2488 		break;
2489 
2490 	case MODGETDEVFSPATH:		/* get path name of (dev_t,spec) type */
2491 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2492 			error = modctl_devfspath((dev_t)a1, (int)a2,
2493 			    (uint_t)a3, (char *)a4);
2494 		}
2495 #ifdef _SYSCALL32_IMPL
2496 		else {
2497 			error = modctl_devfspath(expldev(a1), (int)a2,
2498 			    (uint_t)a3, (char *)a4);
2499 		}
2500 #endif
2501 		break;
2502 
2503 	case MODGETDEVFSPATH_MI_LEN:	/* sizeof path nm of (major,instance) */
2504 		error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2505 		    (uint_t *)a3);
2506 		break;
2507 
2508 	case MODGETDEVFSPATH_MI:	/* get path name of (major,instance) */
2509 		error = modctl_devfspath_mi((major_t)a1, (int)a2,
2510 		    (uint_t)a3, (char *)a4);
2511 		break;
2512 
2513 
2514 	case MODEVENTS:
2515 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2516 		break;
2517 
2518 	case MODGETFBNAME:	/* get the framebuffer name */
2519 		error = modctl_get_fbname((char *)a1);
2520 		break;
2521 
2522 	case MODREREADDACF:	/* reread dacf rule database from given file */
2523 		error = modctl_reread_dacf((char *)a1);
2524 		break;
2525 
2526 	case MODLOADDRVCONF:	/* load driver.conf file for major */
2527 		error = modctl_load_drvconf((major_t)a1, (int)a2);
2528 		break;
2529 
2530 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
2531 		error = modctl_unload_drvconf((major_t)a1);
2532 		break;
2533 
2534 	case MODREMMAJBIND:	/* remove a major binding */
2535 		error = modctl_rem_major((major_t)a1);
2536 		break;
2537 
2538 	case MODREMDRVALIAS:	/* remove a major/alias binding */
2539 		error = modctl_remove_driver_aliases((int *)a2);
2540 		break;
2541 
2542 	case MODDEVID2PATHS:	/* get paths given devid */
2543 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2544 		    (uint_t)a3, (size_t *)a4, (char *)a5);
2545 		break;
2546 
2547 	case MODSETDEVPOLICY:	/* establish device policy */
2548 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2549 		break;
2550 
2551 	case MODGETDEVPOLICY:	/* get device policy */
2552 		error = devpolicy_get((int *)a1, (size_t)a2,
2553 		    (devplcysys_t *)a3);
2554 		break;
2555 
2556 	case MODALLOCPRIV:
2557 		error = modctl_allocpriv((const char *)a1);
2558 		break;
2559 
2560 	case MODGETDEVPOLICYBYNAME:
2561 		error = devpolicy_getbyname((size_t)a1,
2562 		    (devplcysys_t *)a2, (char *)a3);
2563 		break;
2564 
2565 	case MODLOADMINORPERM:
2566 	case MODADDMINORPERM:
2567 	case MODREMMINORPERM:
2568 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2569 		break;
2570 
2571 	case MODREMDRVCLEANUP:
2572 		error = modctl_remdrv_cleanup((const char *)a1);
2573 		break;
2574 
2575 	case MODDEVEXISTS:	/* non-reconfiguring /dev lookup */
2576 		error = modctl_devexists((const char *)a1, (size_t)a2);
2577 		break;
2578 
2579 	case MODDEVREADDIR:	/* non-reconfiguring /dev readdir */
2580 		error = modctl_devreaddir((const char *)a1, (size_t)a2,
2581 		    (char *)a3, (int64_t *)a4);
2582 		break;
2583 
2584 	case MODDEVEMPTYDIR:	/* non-reconfiguring /dev emptydir */
2585 		error = modctl_devemptydir((const char *)a1, (size_t)a2,
2586 		    (int *)a3);
2587 		break;
2588 
2589 	case MODDEVNAME:
2590 		error = modctl_moddevname((int)a1, a2, a3);
2591 		break;
2592 
2593 	case MODRETIRE:	/* retire device named by physpath a1 */
2594 		error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2595 		break;
2596 
2597 	case MODISRETIRED:  /* check if a device is retired. */
2598 		error = modctl_is_retired((char *)a1, (int *)a2);
2599 		break;
2600 
2601 	case MODUNRETIRE:	/* unretire device named by physpath a1 */
2602 		error = modctl_unretire((char *)a1);
2603 		break;
2604 
2605 	case MODHPOPS:	/* hotplug operations */
2606 		/* device named by physpath a2 and Connection name a3 */
2607 		error = modctl_hp((int)a1, (char *)a2, (char *)a3, a4, a5);
2608 		break;
2609 
2610 	default:
2611 		error = EINVAL;
2612 		break;
2613 	}
2614 
2615 	return (error ? set_errno(error) : 0);
2616 }
2617 
2618 /*
2619  * Calls to kobj_load_module()() are handled off to this routine in a
2620  * separate thread.
2621  */
2622 static void
2623 modload_thread(struct loadmt *ltp)
2624 {
2625 	/* load the module and signal the creator of this thread */
2626 	kmutex_t	cpr_lk;
2627 	callb_cpr_t	cpr_i;
2628 
2629 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2630 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2631 	/* borrow the devi lock from thread which invoked us */
2632 	pm_borrow_lock(ltp->owner);
2633 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2634 	pm_return_lock();
2635 	sema_v(&ltp->sema);
2636 	mutex_enter(&cpr_lk);
2637 	CALLB_CPR_EXIT(&cpr_i);
2638 	mutex_destroy(&cpr_lk);
2639 	thread_exit();
2640 }
2641 
2642 /*
2643  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2644  * is specified then an errno is returned, otherwise a module index is
2645  * returned (-1 on error).
2646  */
2647 static int
2648 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2649 {
2650 	struct modctl *modp;
2651 	size_t size;
2652 	char *fullname;
2653 	int retval = EINVAL;
2654 	int id = -1;
2655 
2656 	if (rmodp)
2657 		*rmodp = NULL;			/* avoid garbage */
2658 
2659 	if (subdir != NULL) {
2660 		/*
2661 		 * refuse / in filename to prevent "../" escapes.
2662 		 */
2663 		if (strchr(filename, '/') != NULL)
2664 			return (rmodp ? retval : id);
2665 
2666 		/*
2667 		 * allocate enough space for <subdir>/<filename><NULL>
2668 		 */
2669 		size = strlen(subdir) + strlen(filename) + 2;
2670 		fullname = kmem_zalloc(size, KM_SLEEP);
2671 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2672 	} else {
2673 		fullname = (char *)filename;
2674 	}
2675 
2676 	modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2677 	if (modp != NULL) {
2678 		id = modp->mod_id;
2679 		if (rmodp) {
2680 			/* add mod_ref and return *rmodp */
2681 			mutex_enter(&mod_lock);
2682 			modp->mod_ref++;
2683 			mutex_exit(&mod_lock);
2684 			*rmodp = modp;
2685 		}
2686 		mod_release_mod(modp);
2687 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
2688 	}
2689 
2690 done:	if (subdir != NULL)
2691 		kmem_free(fullname, size);
2692 	return (rmodp ? retval : id);
2693 }
2694 
2695 /*
2696  * This is the primary kernel interface to load a module. It loads and
2697  * installs the named module.  It does not hold mod_ref of the module, so
2698  * a module unload attempt can occur at any time - it is up to the
2699  * _fini/mod_remove implementation to determine if unload will succeed.
2700  */
2701 int
2702 modload(const char *subdir, const char *filename)
2703 {
2704 	return (modrload(subdir, filename, NULL));
2705 }
2706 
2707 /*
2708  * Load a module using a series of qualified names from most specific to least
2709  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2710  *			Value returned in *chosen
2711  * foo/bar.baz.1.2.3	3
2712  * foo/bar.baz.1.2	2
2713  * foo/bar.baz.1	1
2714  * foo/bar.baz		0
2715  *
2716  * Return the module ID on success; -1 if no module was loaded.  On success
2717  * and if 'chosen' is not NULL we also return the number of suffices that
2718  * were in the module we chose to load.
2719  */
2720 int
2721 modload_qualified(const char *subdir, const char *p1,
2722     const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2723 {
2724 	char path[MOD_MAXPATH];
2725 	size_t n, resid = sizeof (path);
2726 	char *p = path;
2727 
2728 	char **dotv;
2729 	int i, rc, id;
2730 	modctl_t *mp;
2731 
2732 	if (p2 != NULL)
2733 		n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2734 	else
2735 		n = snprintf(p, resid, "%s/%s", subdir, p1);
2736 
2737 	if (n >= resid)
2738 		return (-1);
2739 
2740 	p += n;
2741 	resid -= n;
2742 	dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2743 
2744 	for (i = 0; i < suffc; i++) {
2745 		dotv[i] = p;
2746 		n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2747 
2748 		if (n >= resid) {
2749 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2750 			return (-1);
2751 		}
2752 
2753 		p += n;
2754 		resid -= n;
2755 	}
2756 
2757 	dotv[suffc] = p;
2758 
2759 	for (i = suffc; i >= 0; i--) {
2760 		dotv[i][0] = '\0';
2761 		mp = mod_hold_installed_mod(path, 1, 1, &rc);
2762 
2763 		if (mp != NULL) {
2764 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2765 			id = mp->mod_id;
2766 			mod_release_mod(mp);
2767 			if (chosen != NULL)
2768 				*chosen = i;
2769 			return (id);
2770 		}
2771 	}
2772 
2773 	kmem_free(dotv, sizeof (char *) * (suffc + 1));
2774 	return (-1);
2775 }
2776 
2777 /*
2778  * Load a module.
2779  */
2780 int
2781 modloadonly(const char *subdir, const char *filename)
2782 {
2783 	struct modctl *modp;
2784 	char *fullname;
2785 	size_t size;
2786 	int id, retval;
2787 
2788 	if (subdir != NULL) {
2789 		/*
2790 		 * allocate enough space for <subdir>/<filename><NULL>
2791 		 */
2792 		size = strlen(subdir) + strlen(filename) + 2;
2793 		fullname = kmem_zalloc(size, KM_SLEEP);
2794 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2795 	} else {
2796 		fullname = (char *)filename;
2797 	}
2798 
2799 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2800 	if (modp) {
2801 		id = modp->mod_id;
2802 		mod_release_mod(modp);
2803 	}
2804 
2805 	if (subdir != NULL)
2806 		kmem_free(fullname, size);
2807 
2808 	if (retval == 0)
2809 		return (id);
2810 	return (-1);
2811 }
2812 
2813 /*
2814  * Try to uninstall and unload a module, removing a reference if caller
2815  * specifies rmodp.
2816  */
2817 static int
2818 modunrload(modid_t id, struct modctl **rmodp, int unload)
2819 {
2820 	struct modctl	*modp;
2821 	int		retval;
2822 
2823 	if (rmodp)
2824 		*rmodp = NULL;			/* avoid garbage */
2825 
2826 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2827 		return (EINVAL);
2828 
2829 	if (rmodp) {
2830 		mutex_enter(&mod_lock);
2831 		modp->mod_ref--;
2832 		mutex_exit(&mod_lock);
2833 		*rmodp = modp;
2834 	}
2835 
2836 	if (unload) {
2837 		retval = moduninstall(modp);
2838 		if (retval == 0) {
2839 			mod_unload(modp);
2840 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2841 		} else if (retval == EALREADY)
2842 			retval = 0;	/* already unloaded, not an error */
2843 	} else
2844 		retval = 0;
2845 
2846 	mod_release_mod(modp);
2847 	return (retval);
2848 }
2849 
2850 /*
2851  * Uninstall and unload a module.
2852  */
2853 int
2854 modunload(modid_t id)
2855 {
2856 	int		retval;
2857 
2858 	/* synchronize with any active modunload_disable() */
2859 	modunload_begin();
2860 	if (ddi_root_node())
2861 		(void) devfs_clean(ddi_root_node(), NULL, 0);
2862 	retval = modunrload(id, NULL, 1);
2863 	modunload_end();
2864 	return (retval);
2865 }
2866 
2867 /*
2868  * Return status of a loaded module.
2869  */
2870 static int
2871 modinfo(modid_t id, struct modinfo *modinfop)
2872 {
2873 	struct modctl	*modp;
2874 	modid_t		mid;
2875 	int		i;
2876 
2877 	mid = modinfop->mi_id;
2878 	if (modinfop->mi_info & MI_INFO_ALL) {
2879 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2880 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2881 			    modp->mod_installed)
2882 				break;
2883 			mod_release_mod(modp);
2884 		}
2885 		if (modp == NULL)
2886 			return (EINVAL);
2887 	} else {
2888 		modp = mod_hold_by_id(id);
2889 		if (modp == NULL)
2890 			return (EINVAL);
2891 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2892 		    (modp->mod_installed == 0)) {
2893 			mod_release_mod(modp);
2894 			return (EINVAL);
2895 		}
2896 	}
2897 
2898 	modinfop->mi_rev = 0;
2899 	modinfop->mi_state = 0;
2900 	for (i = 0; i < MODMAXLINK; i++) {
2901 		modinfop->mi_msinfo[i].msi_p0 = -1;
2902 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2903 	}
2904 	if (modp->mod_loaded) {
2905 		modinfop->mi_state = MI_LOADED;
2906 		kobj_getmodinfo(modp->mod_mp, modinfop);
2907 	}
2908 	if (modp->mod_installed) {
2909 		modinfop->mi_state |= MI_INSTALLED;
2910 
2911 		(void) mod_getinfo(modp, modinfop);
2912 	}
2913 
2914 	modinfop->mi_id = modp->mod_id;
2915 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2916 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2917 
2918 	mod_release_mod(modp);
2919 	return (0);
2920 }
2921 
2922 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2923 static char no_err[] = "No error function for weak stub %s";
2924 
2925 /*
2926  * used by the stubs themselves to load and hold a module.
2927  * Returns  0 if the module is successfully held;
2928  *	    the stub needs to call mod_release_stub().
2929  *	    -1 if the stub should just call the err_fcn.
2930  * Note that this code is stretched out so that we avoid subroutine calls
2931  * and optimize for the most likely case.  That is, the case where the
2932  * module is loaded and installed and not held.  In that case we just inc
2933  * the mod_ref count and continue.
2934  */
2935 int
2936 mod_hold_stub(struct mod_stub_info *stub)
2937 {
2938 	struct modctl *mp;
2939 	struct mod_modinfo *mip;
2940 
2941 	mip = stub->mods_modinfo;
2942 
2943 	mutex_enter(&mod_lock);
2944 
2945 	/* we do mod_hold_by_modctl inline for speed */
2946 
2947 mod_check_again:
2948 	if ((mp = mip->mp) != NULL) {
2949 		if (mp->mod_busy == 0) {
2950 			if (mp->mod_installed) {
2951 				/* increment the reference count */
2952 				mp->mod_ref++;
2953 				ASSERT(mp->mod_ref && mp->mod_installed);
2954 				mutex_exit(&mod_lock);
2955 				return (0);
2956 			} else {
2957 				mp->mod_busy = 1;
2958 				mp->mod_inprogress_thread =
2959 				    (curthread == NULL ?
2960 				    (kthread_id_t)-1 : curthread);
2961 			}
2962 		} else {
2963 			/*
2964 			 * wait one time and then go see if someone
2965 			 * else has resolved the stub (set mip->mp).
2966 			 */
2967 			if (mod_hold_by_modctl(mp,
2968 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2969 				goto mod_check_again;
2970 
2971 			/*
2972 			 * what we have now may have been unloaded!, in
2973 			 * that case, mip->mp will be NULL, we'll hit this
2974 			 * module and load again..
2975 			 */
2976 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2977 		}
2978 		mutex_exit(&mod_lock);
2979 	} else {
2980 		/* first time we've hit this module */
2981 		mutex_exit(&mod_lock);
2982 		mp = mod_hold_by_name(mip->modm_module_name);
2983 		mip->mp = mp;
2984 	}
2985 
2986 	/*
2987 	 * If we are here, it means that the following conditions
2988 	 * are satisfied.
2989 	 *
2990 	 * mip->mp != NULL
2991 	 * this thread has set the mp->mod_busy = 1
2992 	 * mp->mod_installed = 0
2993 	 *
2994 	 */
2995 	ASSERT(mp != NULL);
2996 	ASSERT(mp->mod_busy == 1);
2997 
2998 	if (mp->mod_installed == 0) {
2999 		/* Module not loaded, if weak stub don't load it */
3000 		if (stub->mods_flag & MODS_WEAK) {
3001 			if (stub->mods_errfcn == NULL) {
3002 				mod_release_mod(mp);
3003 				cmn_err(CE_PANIC, no_err,
3004 				    mip->modm_module_name);
3005 			}
3006 		} else {
3007 			/* Not a weak stub so load the module */
3008 
3009 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
3010 				/*
3011 				 * If mod_load() was successful
3012 				 * and modinstall() failed, then
3013 				 * unload the module.
3014 				 */
3015 				if (mp->mod_loaded)
3016 					mod_unload(mp);
3017 
3018 				mod_release_mod(mp);
3019 				if (stub->mods_errfcn == NULL) {
3020 					cmn_err(CE_PANIC, mod_stub_err,
3021 					    mip->modm_module_name);
3022 				} else {
3023 					return (-1);
3024 				}
3025 			}
3026 		}
3027 	}
3028 
3029 	/*
3030 	 * At this point module is held and loaded. Release
3031 	 * the mod_busy and mod_inprogress_thread before
3032 	 * returning. We actually call mod_release() here so
3033 	 * that if another stub wants to access this module,
3034 	 * it can do so. mod_ref is incremented before mod_release()
3035 	 * is called to prevent someone else from snatching the
3036 	 * module from this thread.
3037 	 */
3038 	mutex_enter(&mod_lock);
3039 	mp->mod_ref++;
3040 	ASSERT(mp->mod_ref &&
3041 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3042 	mod_release(mp);
3043 	mutex_exit(&mod_lock);
3044 	return (0);
3045 }
3046 
3047 void
3048 mod_release_stub(struct mod_stub_info *stub)
3049 {
3050 	struct modctl *mp = stub->mods_modinfo->mp;
3051 
3052 	/* inline mod_release_mod */
3053 	mutex_enter(&mod_lock);
3054 	ASSERT(mp->mod_ref &&
3055 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3056 	mp->mod_ref--;
3057 	if (mp->mod_want) {
3058 		mp->mod_want = 0;
3059 		cv_broadcast(&mod_cv);
3060 	}
3061 	mutex_exit(&mod_lock);
3062 }
3063 
3064 static struct modctl *
3065 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
3066 {
3067 	struct modctl *modp;
3068 	int retval;
3069 
3070 	/*
3071 	 * Hold the module.
3072 	 */
3073 	modp = mod_hold_by_name_requisite(dep, filename);
3074 	if (modp) {
3075 		retval = mod_load(modp, 1);
3076 		if (retval != 0) {
3077 			mod_release_mod(modp);
3078 			modp = NULL;
3079 		}
3080 		*status = retval;
3081 	} else {
3082 		*status = ENOSPC;
3083 	}
3084 
3085 	/*
3086 	 * if dep is not NULL, clear the module dependency information.
3087 	 * This information is set in mod_hold_by_name_common().
3088 	 */
3089 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
3090 		ASSERT(dep->mod_busy);
3091 		dep->mod_requisite_loading = NULL;
3092 	}
3093 
3094 	return (modp);
3095 }
3096 
3097 /*
3098  * hold, load, and install the named module
3099  */
3100 static struct modctl *
3101 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3102 {
3103 	struct modctl *modp;
3104 	int retval;
3105 
3106 	/*
3107 	 * Verify that that module in question actually exists on disk
3108 	 * before allocation of module structure by mod_hold_by_name.
3109 	 */
3110 	if (modrootloaded && swaploaded || forcecheck) {
3111 		if (!kobj_path_exists(name, usepath)) {
3112 			*r = ENOENT;
3113 			return (NULL);
3114 		}
3115 	}
3116 
3117 	/*
3118 	 * Hold the module.
3119 	 */
3120 	modp = mod_hold_by_name(name);
3121 	if (modp) {
3122 		retval = mod_load(modp, usepath);
3123 		if (retval != 0) {
3124 			mod_release_mod(modp);
3125 			modp = NULL;
3126 			*r = retval;
3127 		} else {
3128 			if ((*r = modinstall(modp)) != 0) {
3129 				/*
3130 				 * We loaded it, but failed to _init() it.
3131 				 * Be kind to developers -- force it
3132 				 * out of memory now so that the next
3133 				 * attempt to use the module will cause
3134 				 * a reload.  See 1093793.
3135 				 */
3136 				mod_unload(modp);
3137 				mod_release_mod(modp);
3138 				modp = NULL;
3139 			}
3140 		}
3141 	} else {
3142 		*r = ENOSPC;
3143 	}
3144 	return (modp);
3145 }
3146 
3147 static char mod_excl_msg[] =
3148 	"module %s(%s) is EXCLUDED and will not be loaded\n";
3149 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3150 
3151 /*
3152  * This routine is needed for dependencies.  Users specify dependencies
3153  * by declaring a character array initialized to filenames of dependents.
3154  * So the code that handles dependents deals with filenames (and not
3155  * module names) because that's all it has.  We load by filename and once
3156  * we've loaded a file we can get the module name.
3157  * Unfortunately there isn't a single unified filename/modulename namespace.
3158  * C'est la vie.
3159  *
3160  * We allow the name being looked up to be prepended by an optional
3161  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3162  */
3163 struct modctl *
3164 mod_find_by_filename(char *subdir, char *filename)
3165 {
3166 	struct modctl	*mp;
3167 	size_t		sublen;
3168 
3169 	ASSERT(!MUTEX_HELD(&mod_lock));
3170 	if (subdir != NULL)
3171 		sublen = strlen(subdir);
3172 	else
3173 		sublen = 0;
3174 
3175 	mutex_enter(&mod_lock);
3176 	mp = &modules;
3177 	do {
3178 		if (sublen) {
3179 			char *mod_filename = mp->mod_filename;
3180 
3181 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
3182 			    mod_filename[sublen] == '/' &&
3183 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3184 				mutex_exit(&mod_lock);
3185 				return (mp);
3186 			}
3187 		} else if (strcmp(filename, mp->mod_filename) == 0) {
3188 			mutex_exit(&mod_lock);
3189 			return (mp);
3190 		}
3191 	} while ((mp = mp->mod_next) != &modules);
3192 	mutex_exit(&mod_lock);
3193 	return (NULL);
3194 }
3195 
3196 /*
3197  * Check for circular dependencies.  This is called from do_dependents()
3198  * in kobj.c.  If we are the thread already loading this module, then
3199  * we're trying to load a dependent that we're already loading which
3200  * means the user specified circular dependencies.
3201  */
3202 static int
3203 mod_circdep(struct modctl *modp)
3204 {
3205 	struct modctl	*rmod;
3206 
3207 	ASSERT(MUTEX_HELD(&mod_lock));
3208 
3209 	/*
3210 	 * Check the mod_inprogress_thread first.
3211 	 * mod_inprogress_thread is used in mod_hold_stub()
3212 	 * directly to improve performance.
3213 	 */
3214 	if (modp->mod_inprogress_thread == curthread)
3215 		return (1);
3216 
3217 	/*
3218 	 * Check the module circular dependencies.
3219 	 */
3220 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3221 		/*
3222 		 * Check if there is a module circular dependency.
3223 		 */
3224 		if (rmod->mod_requisite_loading == modp)
3225 			return (1);
3226 	}
3227 	return (0);
3228 }
3229 
3230 static int
3231 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3232 {
3233 	int (*func)(struct modinfo *);
3234 	int retval;
3235 
3236 	ASSERT(modp->mod_busy);
3237 
3238 	/* primary modules don't do getinfo */
3239 	if (modp->mod_prim)
3240 		return (0);
3241 
3242 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3243 
3244 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3245 		cmn_err(CE_WARN, "_info() not defined properly in %s",
3246 		    modp->mod_filename);
3247 		/*
3248 		 * The semantics of mod_info(9F) are that 0 is failure
3249 		 * and non-zero is success.
3250 		 */
3251 		retval = 0;
3252 	} else
3253 		retval = (*func)(modinfop);	/* call _info() function */
3254 
3255 	if (moddebug & MODDEBUG_USERDEBUG)
3256 		printf("Returned from _info, retval = %x\n", retval);
3257 
3258 	return (retval);
3259 }
3260 
3261 static void
3262 modadd(struct modctl *mp)
3263 {
3264 	ASSERT(MUTEX_HELD(&mod_lock));
3265 
3266 	mp->mod_id = last_module_id++;
3267 	mp->mod_next = &modules;
3268 	mp->mod_prev = modules.mod_prev;
3269 	modules.mod_prev->mod_next = mp;
3270 	modules.mod_prev = mp;
3271 }
3272 
3273 /*ARGSUSED*/
3274 static struct modctl *
3275 allocate_modp(const char *filename, const char *modname)
3276 {
3277 	struct modctl *mp;
3278 
3279 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3280 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3281 	(void) strcpy(mp->mod_modname, modname);
3282 	return (mp);
3283 }
3284 
3285 /*
3286  * Get the value of a symbol.  This is a wrapper routine that
3287  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3288  * wrapper will prevent callers from noticing.
3289  */
3290 uintptr_t
3291 modgetsymvalue(char *name, int kernelonly)
3292 {
3293 	return (kobj_getsymvalue(name, kernelonly));
3294 }
3295 
3296 /*
3297  * Get the symbol nearest an address.  This is a wrapper routine that
3298  * calls kobj_getsymname().  kobj_getsymname() may go away but this
3299  * wrapper will prevent callers from noticing.
3300  */
3301 char *
3302 modgetsymname(uintptr_t value, ulong_t *offset)
3303 {
3304 	return (kobj_getsymname(value, offset));
3305 }
3306 
3307 /*
3308  * Lookup a symbol in a specified module.  These are wrapper routines that
3309  * call kobj_lookup().	kobj_lookup() may go away but these wrappers will
3310  * prevent callers from noticing.
3311  */
3312 uintptr_t
3313 modlookup(const char *modname, const char *symname)
3314 {
3315 	struct modctl *modp;
3316 	uintptr_t val;
3317 
3318 	if ((modp = mod_hold_by_name(modname)) == NULL)
3319 		return (0);
3320 	val = kobj_lookup(modp->mod_mp, symname);
3321 	mod_release_mod(modp);
3322 	return (val);
3323 }
3324 
3325 uintptr_t
3326 modlookup_by_modctl(modctl_t *modp, const char *symname)
3327 {
3328 	ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3329 
3330 	return (kobj_lookup(modp->mod_mp, symname));
3331 }
3332 
3333 /*
3334  * Ask the user for the name of the system file and the default path
3335  * for modules.
3336  */
3337 void
3338 mod_askparams()
3339 {
3340 	static char s0[64];
3341 	intptr_t fd;
3342 
3343 	if ((fd = kobj_open(systemfile)) != -1L)
3344 		kobj_close(fd);
3345 	else
3346 		systemfile = NULL;
3347 
3348 	/*CONSTANTCONDITION*/
3349 	while (1) {
3350 		printf("Name of system file [%s]:  ",
3351 		    systemfile ? systemfile : "/dev/null");
3352 
3353 		console_gets(s0, sizeof (s0));
3354 
3355 		if (s0[0] == '\0')
3356 			break;
3357 		else if (strcmp(s0, "/dev/null") == 0) {
3358 			systemfile = NULL;
3359 			break;
3360 		} else {
3361 			if ((fd = kobj_open(s0)) != -1L) {
3362 				kobj_close(fd);
3363 				systemfile = s0;
3364 				break;
3365 			}
3366 		}
3367 		printf("can't find file %s\n", s0);
3368 	}
3369 }
3370 
3371 static char loading_msg[] = "loading '%s' id %d\n";
3372 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3373 
3374 /*
3375  * Common code for loading a module (but not installing it).
3376  * Handoff the task of module loading to a separate thread
3377  * with a large stack if possible, since this code may recurse a few times.
3378  * Return zero if there are no errors or an errno value.
3379  */
3380 static int
3381 mod_load(struct modctl *mp, int usepath)
3382 {
3383 	int		retval;
3384 	struct modinfo	*modinfop = NULL;
3385 	struct loadmt	lt;
3386 
3387 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3388 	ASSERT(mp->mod_busy);
3389 
3390 	if (mp->mod_loaded)
3391 		return (0);
3392 
3393 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3394 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3395 		if (moddebug & MODDEBUG_LOADMSG) {
3396 			printf(mod_excl_msg, mp->mod_filename,
3397 			    mp->mod_modname);
3398 		}
3399 		return (ENXIO);
3400 	}
3401 	if (moddebug & MODDEBUG_LOADMSG2)
3402 		printf(loading_msg, mp->mod_filename, mp->mod_id);
3403 
3404 	if (curthread != &t0) {
3405 		lt.mp = mp;
3406 		lt.usepath = usepath;
3407 		lt.owner = curthread;
3408 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3409 
3410 		/* create thread to hand of call to */
3411 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
3412 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3413 
3414 		/* wait for thread to complete kobj_load_module */
3415 		sema_p(&lt.sema);
3416 
3417 		sema_destroy(&lt.sema);
3418 		retval = lt.retval;
3419 	} else
3420 		retval = kobj_load_module(mp, usepath);
3421 
3422 	if (mp->mod_mp) {
3423 		ASSERT(retval == 0);
3424 		mp->mod_loaded = 1;
3425 		mp->mod_loadcnt++;
3426 		if (moddebug & MODDEBUG_LOADMSG) {
3427 			printf(load_msg, mp->mod_filename, mp->mod_id,
3428 			    (void *)((struct module *)mp->mod_mp)->text,
3429 			    (void *)((struct module *)mp->mod_mp)->data,
3430 			    ((struct module *)mp->mod_mp)->text_size,
3431 			    ((struct module *)mp->mod_mp)->data_size);
3432 		}
3433 
3434 		/*
3435 		 * XXX - There should be a better way to get this.
3436 		 */
3437 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3438 		modinfop->mi_info = MI_INFO_LINKAGE;
3439 		if (mod_getinfo(mp, modinfop) == 0)
3440 			mp->mod_linkage = NULL;
3441 		else {
3442 			mp->mod_linkage = (void *)modinfop->mi_base;
3443 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3444 		}
3445 
3446 		/*
3447 		 * DCS: bootstrapping code. If the driver is loaded
3448 		 * before root mount, it is assumed that the driver
3449 		 * may be used before mounting root. In order to
3450 		 * access mappings of global to local minor no.'s
3451 		 * during installation/open of the driver, we load
3452 		 * them into memory here while the BOP_interfaces
3453 		 * are still up.
3454 		 */
3455 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3456 			retval = clboot_modload(mp);
3457 		}
3458 
3459 		kmem_free(modinfop, sizeof (struct modinfo));
3460 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3461 		retval = install_stubs_by_name(mp, mp->mod_modname);
3462 
3463 		/*
3464 		 * Now that the module is loaded, we need to give DTrace
3465 		 * a chance to notify its providers.  This is done via
3466 		 * the dtrace_modload function pointer.
3467 		 */
3468 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
3469 			struct modctl *dmp = mod_hold_by_name("dtrace");
3470 
3471 			if (dmp != NULL && dtrace_modload != NULL)
3472 				(*dtrace_modload)(mp);
3473 
3474 			mod_release_mod(dmp);
3475 		}
3476 
3477 	} else {
3478 		/*
3479 		 * If load failed then we need to release any requisites
3480 		 * that we had established.
3481 		 */
3482 		ASSERT(retval);
3483 		mod_release_requisites(mp);
3484 
3485 		if (moddebug & MODDEBUG_ERRMSG)
3486 			printf("error loading '%s', error %d\n",
3487 			    mp->mod_filename, retval);
3488 	}
3489 	return (retval);
3490 }
3491 
3492 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3493 
3494 static void
3495 mod_unload(struct modctl *mp)
3496 {
3497 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3498 	ASSERT(mp->mod_busy);
3499 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3500 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3501 
3502 	if (moddebug & MODDEBUG_LOADMSG)
3503 		printf(unload_msg, mp->mod_modname,
3504 		    mp->mod_id, mp->mod_loadcnt);
3505 
3506 	/*
3507 	 * If mod_ref is not zero, it means some modules might still refer
3508 	 * to this module. Then you can't unload this module right now.
3509 	 * Instead, set 1 to mod_delay_unload to notify the system of
3510 	 * unloading this module later when it's not required any more.
3511 	 */
3512 	if (mp->mod_ref > 0) {
3513 		mp->mod_delay_unload = 1;
3514 		if (moddebug & MODDEBUG_LOADMSG2) {
3515 			printf("module %s not unloaded,"
3516 			    " non-zero reference count (%d)",
3517 			    mp->mod_modname, mp->mod_ref);
3518 		}
3519 		return;
3520 	}
3521 
3522 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3523 	    (mp->mod_ref || mp->mod_prim)) {
3524 		/*
3525 		 * A DEBUG kernel would ASSERT panic above, the code is broken
3526 		 * if we get this warning.
3527 		 */
3528 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3529 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3530 		    mp->mod_ref);
3531 		return;
3532 	}
3533 
3534 	/* reset stub functions to call the binder again */
3535 	reset_stubs(mp);
3536 
3537 	/*
3538 	 * mark module as unloaded before the modctl structure is freed.
3539 	 * This is required not to reuse the modctl structure before
3540 	 * the module is marked as unloaded.
3541 	 */
3542 	mp->mod_loaded = 0;
3543 	mp->mod_linkage = NULL;
3544 
3545 	/* free the memory */
3546 	kobj_unload_module(mp);
3547 
3548 	if (mp->mod_delay_unload) {
3549 		mp->mod_delay_unload = 0;
3550 		if (moddebug & MODDEBUG_LOADMSG2) {
3551 			printf("deferred unload of module %s"
3552 			    " (id %d) successful",
3553 			    mp->mod_modname, mp->mod_id);
3554 		}
3555 	}
3556 
3557 	/* release hold on requisites */
3558 	mod_release_requisites(mp);
3559 
3560 	/*
3561 	 * Now that the module is gone, we need to give DTrace a chance to
3562 	 * remove any probes that it may have had in the module.  This is
3563 	 * done via the dtrace_modunload function pointer.
3564 	 */
3565 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
3566 		struct modctl *dmp = mod_hold_by_name("dtrace");
3567 
3568 		if (dmp != NULL && dtrace_modunload != NULL)
3569 			(*dtrace_modunload)(mp);
3570 
3571 		mod_release_mod(dmp);
3572 	}
3573 }
3574 
3575 static int
3576 modinstall(struct modctl *mp)
3577 {
3578 	int val;
3579 	int (*func)(void);
3580 
3581 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3582 	ASSERT(mp->mod_busy && mp->mod_loaded);
3583 
3584 	if (mp->mod_installed)
3585 		return (0);
3586 	/*
3587 	 * If mod_delay_unload is on, it means the system chose the deferred
3588 	 * unload for this module. Then you can't install this module until
3589 	 * it's unloaded from the system.
3590 	 */
3591 	if (mp->mod_delay_unload)
3592 		return (ENXIO);
3593 
3594 	if (moddebug & MODDEBUG_LOADMSG)
3595 		printf("installing %s, module id %d.\n",
3596 		    mp->mod_modname, mp->mod_id);
3597 
3598 	ASSERT(mp->mod_mp != NULL);
3599 	if (mod_install_requisites(mp) != 0) {
3600 		/*
3601 		 * Note that we can't call mod_unload(mp) here since
3602 		 * if modinstall() was called by mod_install_requisites(),
3603 		 * we won't be able to hold the dependent modules
3604 		 * (otherwise there would be a deadlock).
3605 		 */
3606 		return (ENXIO);
3607 	}
3608 
3609 	if (moddebug & MODDEBUG_ERRMSG) {
3610 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3611 		    mp->mod_filename, mp->mod_id,
3612 		    (void *)((struct module *)mp->mod_mp)->text,
3613 		    (void *)((struct module *)mp->mod_mp)->data,
3614 		    ((struct module *)mp->mod_mp)->text_size,
3615 		    ((struct module *)mp->mod_mp)->data_size);
3616 	}
3617 
3618 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3619 
3620 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3621 		cmn_err(CE_WARN, "_init() not defined properly in %s",
3622 		    mp->mod_filename);
3623 		return (EFAULT);
3624 	}
3625 
3626 	if (moddebug & MODDEBUG_USERDEBUG) {
3627 		printf("breakpoint before calling %s:_init()\n",
3628 		    mp->mod_modname);
3629 		if (DEBUGGER_PRESENT)
3630 			debug_enter("_init");
3631 	}
3632 
3633 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3634 	ASSERT(mp->mod_busy && mp->mod_loaded);
3635 	val = (*func)();		/* call _init */
3636 
3637 	if (moddebug & MODDEBUG_USERDEBUG)
3638 		printf("Returned from _init, val = %x\n", val);
3639 
3640 	if (val == 0) {
3641 		/*
3642 		 * Set the MODS_INSTALLED flag to enable this module
3643 		 * being called now.
3644 		 */
3645 		install_stubs(mp);
3646 		mp->mod_installed = 1;
3647 	} else if (moddebug & MODDEBUG_ERRMSG)
3648 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3649 
3650 	return (val);
3651 }
3652 
3653 int	detach_driver_unconfig = 0;
3654 
3655 static int
3656 detach_driver(char *name)
3657 {
3658 	major_t major;
3659 	int error;
3660 
3661 	/*
3662 	 * If being called from mod_uninstall_all() then the appropriate
3663 	 * driver detaches (leaf only) have already been done.
3664 	 */
3665 	if (mod_in_autounload())
3666 		return (0);
3667 
3668 	major = ddi_name_to_major(name);
3669 	if (major == DDI_MAJOR_T_NONE)
3670 		return (0);
3671 
3672 	error = ndi_devi_unconfig_driver(ddi_root_node(),
3673 	    NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3674 	return (error == NDI_SUCCESS ? 0 : -1);
3675 }
3676 
3677 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3678 
3679 static int
3680 moduninstall(struct modctl *mp)
3681 {
3682 	int status = 0;
3683 	int (*func)(void);
3684 
3685 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3686 	ASSERT(mp->mod_busy);
3687 
3688 	/*
3689 	 * Verify that we need to do something and can uninstall the module.
3690 	 *
3691 	 * If we should not uninstall the module or if the module is not in
3692 	 * the correct state to start an uninstall we return EBUSY to prevent
3693 	 * us from progressing to mod_unload.  If the module has already been
3694 	 * uninstalled and unloaded we return EALREADY.
3695 	 */
3696 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3697 		return (EBUSY);
3698 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3699 		return (EALREADY);
3700 
3701 	/*
3702 	 * To avoid devinfo / module deadlock we must release this module
3703 	 * prior to initiating the detach_driver, otherwise the detach_driver
3704 	 * might deadlock on a devinfo node held by another thread
3705 	 * coming top down and involving the module we have locked.
3706 	 *
3707 	 * When we regrab the module we must reverify that it is OK
3708 	 * to proceed with the uninstall operation.
3709 	 */
3710 	mod_release_mod(mp);
3711 	status = detach_driver(mp->mod_modname);
3712 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3713 
3714 	/* check detach status and reverify state with lock */
3715 	mutex_enter(&mod_lock);
3716 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3717 		mutex_exit(&mod_lock);
3718 		return (EBUSY);
3719 	}
3720 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3721 		mutex_exit(&mod_lock);
3722 		return (EALREADY);
3723 	}
3724 	mutex_exit(&mod_lock);
3725 
3726 	if (moddebug & MODDEBUG_LOADMSG2)
3727 		printf("uninstalling %s\n", mp->mod_modname);
3728 
3729 	/*
3730 	 * lookup _fini, return EBUSY if not defined.
3731 	 *
3732 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3733 	 * detach(9E) - it allows bufctl addresses to be resolved.
3734 	 */
3735 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3736 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3737 	    (moddebug & MODDEBUG_FINI_EBUSY))
3738 		return (EBUSY);
3739 
3740 	/* verify that _fini is in this module */
3741 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3742 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
3743 		    mp->mod_filename);
3744 		return (EFAULT);
3745 	}
3746 
3747 	/* call _fini() */
3748 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3749 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3750 
3751 	status = (*func)();
3752 
3753 	if (status == 0) {
3754 		/* _fini returned success, the module is no longer installed */
3755 		if (moddebug & MODDEBUG_LOADMSG)
3756 			printf("uninstalled %s\n", mp->mod_modname);
3757 
3758 		/*
3759 		 * Even though we only set mod_installed to zero here, a zero
3760 		 * return value means we are committed to a code path were
3761 		 * mod_loaded will also end up as zero - we have no other
3762 		 * way to get the module data and bss back to the pre _init
3763 		 * state except a reload. To ensure this, after return,
3764 		 * mod_busy must stay set until mod_loaded is cleared.
3765 		 */
3766 		mp->mod_installed = 0;
3767 
3768 		/*
3769 		 * Clear the MODS_INSTALLED flag not to call functions
3770 		 * in the module directly from now on.
3771 		 */
3772 		uninstall_stubs(mp);
3773 	} else {
3774 		if (moddebug & MODDEBUG_USERDEBUG)
3775 			printf(finiret_msg, mp->mod_filename, status);
3776 		/*
3777 		 * By definition _fini is only allowed to return EBUSY or the
3778 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
3779 		 * that a driver returns EALREADY we convert this to EINVAL
3780 		 * since to our caller EALREADY means module was already
3781 		 * removed.
3782 		 */
3783 		if (status == EALREADY)
3784 			status = EINVAL;
3785 	}
3786 
3787 	return (status);
3788 }
3789 
3790 /*
3791  * Uninstall all modules.
3792  */
3793 static void
3794 mod_uninstall_all(void)
3795 {
3796 	struct modctl	*mp;
3797 	modid_t		modid = 0;
3798 
3799 	/* synchronize with any active modunload_disable() */
3800 	modunload_begin();
3801 
3802 	/* mark this thread as doing autounloading */
3803 	(void) tsd_set(mod_autounload_key, (void *)1);
3804 
3805 	(void) devfs_clean(ddi_root_node(), NULL, 0);
3806 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3807 
3808 	while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3809 		modid = mp->mod_id;
3810 		/*
3811 		 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3812 		 */
3813 		if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3814 			mod_release_mod(mp);
3815 			continue;
3816 		}
3817 
3818 		if (moduninstall(mp) == 0) {
3819 			mod_unload(mp);
3820 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3821 		}
3822 		mod_release_mod(mp);
3823 	}
3824 
3825 	(void) tsd_set(mod_autounload_key, NULL);
3826 	modunload_end();
3827 }
3828 
3829 /* wait for unloads that have begun before registering disable */
3830 void
3831 modunload_disable(void)
3832 {
3833 	mutex_enter(&modunload_wait_mutex);
3834 	while (modunload_active_count) {
3835 		modunload_wait++;
3836 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3837 		modunload_wait--;
3838 	}
3839 	modunload_disable_count++;
3840 	mutex_exit(&modunload_wait_mutex);
3841 }
3842 
3843 /* mark end of disable and signal waiters */
3844 void
3845 modunload_enable(void)
3846 {
3847 	mutex_enter(&modunload_wait_mutex);
3848 	modunload_disable_count--;
3849 	if ((modunload_disable_count == 0) && modunload_wait)
3850 		cv_broadcast(&modunload_wait_cv);
3851 	mutex_exit(&modunload_wait_mutex);
3852 }
3853 
3854 /* wait for disables to complete before begining unload */
3855 void
3856 modunload_begin()
3857 {
3858 	mutex_enter(&modunload_wait_mutex);
3859 	while (modunload_disable_count) {
3860 		modunload_wait++;
3861 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3862 		modunload_wait--;
3863 	}
3864 	modunload_active_count++;
3865 	mutex_exit(&modunload_wait_mutex);
3866 }
3867 
3868 /* mark end of unload and signal waiters */
3869 void
3870 modunload_end()
3871 {
3872 	mutex_enter(&modunload_wait_mutex);
3873 	modunload_active_count--;
3874 	if ((modunload_active_count == 0) && modunload_wait)
3875 		cv_broadcast(&modunload_wait_cv);
3876 	mutex_exit(&modunload_wait_mutex);
3877 }
3878 
3879 void
3880 mod_uninstall_daemon(void)
3881 {
3882 	callb_cpr_t	cprinfo;
3883 	clock_t		ticks;
3884 
3885 	mod_aul_thread = curthread;
3886 
3887 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3888 	for (;;) {
3889 		mutex_enter(&mod_uninstall_lock);
3890 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3891 		/*
3892 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3893 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3894 		 * be disabled by setting mod_uninstall_interval to 0 which is
3895 		 * the default for a non-DEBUG kernel.
3896 		 */
3897 		if (mod_uninstall_interval) {
3898 			ticks = drv_usectohz(mod_uninstall_interval * 1000000);
3899 			(void) cv_reltimedwait(&mod_uninstall_cv,
3900 			    &mod_uninstall_lock, ticks, TR_CLOCK_TICK);
3901 		} else {
3902 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3903 		}
3904 		/*
3905 		 * The whole daemon is safe for CPR except we don't want
3906 		 * the daemon to run if FREEZE is issued and this daemon
3907 		 * wakes up from the cv_wait above. In this case, it'll be
3908 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3909 		 *
3910 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3911 		 * mod_uninstall_lock is used to protect cprinfo and
3912 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3913 		 * called.
3914 		 */
3915 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3916 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3917 		mutex_exit(&mod_uninstall_lock);
3918 		if ((modunload_disable_count == 0) &&
3919 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3920 			mod_uninstall_all();
3921 		}
3922 	}
3923 }
3924 
3925 /*
3926  * Unload all uninstalled modules.
3927  */
3928 void
3929 modreap(void)
3930 {
3931 	mutex_enter(&mod_uninstall_lock);
3932 	cv_broadcast(&mod_uninstall_cv);
3933 	mutex_exit(&mod_uninstall_lock);
3934 }
3935 
3936 /*
3937  * Hold the specified module. This is the module holding primitive.
3938  *
3939  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3940  *
3941  * Return values:
3942  *	 0 ==> the module is held
3943  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3944  *		to determine how to retry.
3945  */
3946 int
3947 mod_hold_by_modctl(struct modctl *mp, int f)
3948 {
3949 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3950 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3951 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3952 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3953 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3954 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3955 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3956 
3957 	if (f & MOD_LOCK_NOT_HELD)
3958 		mutex_enter(&mod_lock);
3959 
3960 	while (mp->mod_busy) {
3961 		mp->mod_want = 1;
3962 		cv_wait(&mod_cv, &mod_lock);
3963 		/*
3964 		 * Module may be unloaded by daemon.
3965 		 * Nevertheless, modctl structure is still in linked list
3966 		 * (i.e., off &modules), not freed!
3967 		 * Caller is not supposed to assume "mp" is valid, but there
3968 		 * is no reasonable way to detect this but using
3969 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3970 		 *   (or similar check depending on calling context)
3971 		 * DON'T free modctl structure, it will be very very
3972 		 * problematic.
3973 		 */
3974 		if (f & MOD_WAIT_ONCE) {
3975 			if (f & MOD_LOCK_NOT_HELD)
3976 				mutex_exit(&mod_lock);
3977 			return (1);	/* caller decides how to retry */
3978 		}
3979 	}
3980 
3981 	mp->mod_busy = 1;
3982 	mp->mod_inprogress_thread =
3983 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
3984 
3985 	if (f & MOD_LOCK_NOT_HELD)
3986 		mutex_exit(&mod_lock);
3987 	return (0);
3988 }
3989 
3990 static struct modctl *
3991 mod_hold_by_name_common(struct modctl *dep, const char *filename)
3992 {
3993 	const char	*modname;
3994 	struct modctl	*mp;
3995 	char		*curname, *newname;
3996 	int		found = 0;
3997 
3998 	mutex_enter(&mod_lock);
3999 
4000 	if ((modname = strrchr(filename, '/')) == NULL)
4001 		modname = filename;
4002 	else
4003 		modname++;
4004 
4005 	mp = &modules;
4006 	do {
4007 		if (strcmp(modname, mp->mod_modname) == 0) {
4008 			found = 1;
4009 			break;
4010 		}
4011 	} while ((mp = mp->mod_next) != &modules);
4012 
4013 	if (found == 0) {
4014 		mp = allocate_modp(filename, modname);
4015 		modadd(mp);
4016 	}
4017 
4018 	/*
4019 	 * if dep is not NULL, set the mp in mod_requisite_loading for
4020 	 * the module circular dependency check. This field is used in
4021 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
4022 	 */
4023 	if (dep != NULL) {
4024 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
4025 		dep->mod_requisite_loading = mp;
4026 	}
4027 
4028 	/*
4029 	 * If the module was held, then it must be us who has it held.
4030 	 */
4031 	if (mod_circdep(mp))
4032 		mp = NULL;
4033 	else {
4034 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4035 
4036 		/*
4037 		 * If the name hadn't been set or has changed, allocate
4038 		 * space and set it.  Free space used by previous name.
4039 		 *
4040 		 * Do not change the name of primary modules, for primary
4041 		 * modules the mod_filename was allocated in standalone mode:
4042 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
4043 		 * in non-standalone mode.
4044 		 */
4045 		curname = mp->mod_filename;
4046 		if (curname == NULL ||
4047 		    ((mp->mod_prim == 0) &&
4048 		    (curname != filename) &&
4049 		    (modname != filename) &&
4050 		    (strcmp(curname, filename) != 0))) {
4051 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
4052 			(void) strcpy(newname, filename);
4053 			mp->mod_filename = newname;
4054 			if (curname != NULL)
4055 				kobj_free(curname, strlen(curname) + 1);
4056 		}
4057 	}
4058 
4059 	mutex_exit(&mod_lock);
4060 	if (mp && moddebug & MODDEBUG_LOADMSG2)
4061 		printf("Holding %s\n", mp->mod_filename);
4062 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
4063 		printf("circular dependency loading %s\n", filename);
4064 	return (mp);
4065 }
4066 
4067 static struct modctl *
4068 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
4069 {
4070 	return (mod_hold_by_name_common(dep, filename));
4071 }
4072 
4073 struct modctl *
4074 mod_hold_by_name(const char *filename)
4075 {
4076 	return (mod_hold_by_name_common(NULL, filename));
4077 }
4078 
4079 struct modctl *
4080 mod_hold_by_id(modid_t modid)
4081 {
4082 	struct modctl	*mp;
4083 	int		found = 0;
4084 
4085 	mutex_enter(&mod_lock);
4086 	mp = &modules;
4087 	do {
4088 		if (mp->mod_id == modid) {
4089 			found = 1;
4090 			break;
4091 		}
4092 	} while ((mp = mp->mod_next) != &modules);
4093 
4094 	if ((found == 0) || mod_circdep(mp))
4095 		mp = NULL;
4096 	else
4097 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4098 
4099 	mutex_exit(&mod_lock);
4100 	return (mp);
4101 }
4102 
4103 static struct modctl *
4104 mod_hold_next_by_id(modid_t modid)
4105 {
4106 	struct modctl	*mp;
4107 	int		found = 0;
4108 
4109 	if (modid < -1)
4110 		return (NULL);
4111 
4112 	mutex_enter(&mod_lock);
4113 
4114 	mp = &modules;
4115 	do {
4116 		if (mp->mod_id > modid) {
4117 			found = 1;
4118 			break;
4119 		}
4120 	} while ((mp = mp->mod_next) != &modules);
4121 
4122 	if ((found == 0) || mod_circdep(mp))
4123 		mp = NULL;
4124 	else
4125 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4126 
4127 	mutex_exit(&mod_lock);
4128 	return (mp);
4129 }
4130 
4131 static void
4132 mod_release(struct modctl *mp)
4133 {
4134 	ASSERT(MUTEX_HELD(&mod_lock));
4135 	ASSERT(mp->mod_busy);
4136 
4137 	mp->mod_busy = 0;
4138 	mp->mod_inprogress_thread = NULL;
4139 	if (mp->mod_want) {
4140 		mp->mod_want = 0;
4141 		cv_broadcast(&mod_cv);
4142 	}
4143 }
4144 
4145 void
4146 mod_release_mod(struct modctl *mp)
4147 {
4148 	if (moddebug & MODDEBUG_LOADMSG2)
4149 		printf("Releasing %s\n", mp->mod_filename);
4150 	mutex_enter(&mod_lock);
4151 	mod_release(mp);
4152 	mutex_exit(&mod_lock);
4153 }
4154 
4155 modid_t
4156 mod_name_to_modid(char *filename)
4157 {
4158 	char		*modname;
4159 	struct modctl	*mp;
4160 
4161 	mutex_enter(&mod_lock);
4162 
4163 	if ((modname = strrchr(filename, '/')) == NULL)
4164 		modname = filename;
4165 	else
4166 		modname++;
4167 
4168 	mp = &modules;
4169 	do {
4170 		if (strcmp(modname, mp->mod_modname) == 0) {
4171 			mutex_exit(&mod_lock);
4172 			return (mp->mod_id);
4173 		}
4174 	} while ((mp = mp->mod_next) != &modules);
4175 
4176 	mutex_exit(&mod_lock);
4177 	return (-1);
4178 }
4179 
4180 
4181 int
4182 mod_remove_by_name(char *name)
4183 {
4184 	struct modctl *mp;
4185 	int retval;
4186 
4187 	mp = mod_hold_by_name(name);
4188 
4189 	if (mp == NULL)
4190 		return (EINVAL);
4191 
4192 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4193 		/*
4194 		 * Do not unload forceloaded modules
4195 		 */
4196 		mod_release_mod(mp);
4197 		return (0);
4198 	}
4199 
4200 	if ((retval = moduninstall(mp)) == 0) {
4201 		mod_unload(mp);
4202 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4203 	} else if (retval == EALREADY)
4204 		retval = 0;		/* already unloaded, not an error */
4205 	mod_release_mod(mp);
4206 	return (retval);
4207 }
4208 
4209 /*
4210  * Record that module "dep" is dependent on module "on_mod."
4211  */
4212 static void
4213 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4214 {
4215 	struct modctl_list **pmlnp;	/* previous next pointer */
4216 	struct modctl_list *mlp;
4217 	struct modctl_list *new;
4218 
4219 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
4220 	mutex_enter(&mod_lock);
4221 
4222 	/*
4223 	 * Search dependent's requisite list to see if on_mod is recorded.
4224 	 * List is ordered by id.
4225 	 */
4226 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4227 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4228 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4229 			break;
4230 
4231 	/* Create and insert if not already recorded */
4232 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4233 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4234 		new->modl_modp = on_mod;
4235 		new->modl_next = mlp;
4236 		*pmlnp = new;
4237 
4238 		/*
4239 		 * Increment the mod_ref count in our new requisite module.
4240 		 * This is what keeps a module that has other modules
4241 		 * which are dependent on it from being uninstalled and
4242 		 * unloaded. "on_mod"'s mod_ref count decremented in
4243 		 * mod_release_requisites when the "dependent" module
4244 		 * unload is complete.	"on_mod" must be loaded, but may not
4245 		 * yet be installed.
4246 		 */
4247 		on_mod->mod_ref++;
4248 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4249 	}
4250 
4251 	mutex_exit(&mod_lock);
4252 }
4253 
4254 /*
4255  * release the hold associated with mod_make_requisite mod_ref++
4256  * as part of unload.
4257  */
4258 void
4259 mod_release_requisites(struct modctl *modp)
4260 {
4261 	struct modctl_list *modl;
4262 	struct modctl_list *next;
4263 	struct modctl *req;
4264 	struct modctl_list *start = NULL, *mod_garbage;
4265 
4266 	ASSERT(!quiesce_active);
4267 	ASSERT(modp->mod_busy);
4268 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4269 
4270 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
4271 	for (modl = modp->mod_requisites; modl; modl = next) {
4272 		next = modl->modl_next;
4273 		req = modl->modl_modp;
4274 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4275 		req->mod_ref--;
4276 
4277 		/*
4278 		 * Check if the module has to be unloaded or not.
4279 		 */
4280 		if (req->mod_ref == 0 && req->mod_delay_unload) {
4281 			struct modctl_list *new;
4282 			/*
4283 			 * Allocate the modclt_list holding the garbage
4284 			 * module which should be unloaded later.
4285 			 */
4286 			new = kobj_zalloc(sizeof (struct modctl_list),
4287 			    KM_SLEEP);
4288 			new->modl_modp = req;
4289 
4290 			if (start == NULL)
4291 				mod_garbage = start = new;
4292 			else {
4293 				mod_garbage->modl_next = new;
4294 				mod_garbage = new;
4295 			}
4296 		}
4297 
4298 		/* free the list as we go */
4299 		kobj_free(modl, sizeof (*modl));
4300 	}
4301 	modp->mod_requisites = NULL;
4302 	mutex_exit(&mod_lock);
4303 
4304 	/*
4305 	 * Unload the garbage modules.
4306 	 */
4307 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4308 		struct modctl_list *old = mod_garbage;
4309 		struct modctl *mp = mod_garbage->modl_modp;
4310 		ASSERT(mp != NULL);
4311 
4312 		/*
4313 		 * Hold this module until it's unloaded completely.
4314 		 */
4315 		(void) mod_hold_by_modctl(mp,
4316 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4317 		/*
4318 		 * Check if the module is not unloaded yet and nobody requires
4319 		 * the module. If it's unloaded already or somebody still
4320 		 * requires the module, don't unload it now.
4321 		 */
4322 		if (mp->mod_loaded && mp->mod_ref == 0)
4323 			mod_unload(mp);
4324 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4325 		    (mp->mod_ref > 0));
4326 		mod_release_mod(mp);
4327 
4328 		mod_garbage = mod_garbage->modl_next;
4329 		kobj_free(old, sizeof (struct modctl_list));
4330 	}
4331 }
4332 
4333 /*
4334  * Process dependency of the module represented by "dep" on the
4335  * module named by "on."
4336  *
4337  * Called from kobj_do_dependents() to load a module "on" on which
4338  * "dep" depends.
4339  */
4340 struct modctl *
4341 mod_load_requisite(struct modctl *dep, char *on)
4342 {
4343 	struct modctl *on_mod;
4344 	int retval;
4345 
4346 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4347 		mod_make_requisite(dep, on_mod);
4348 	} else if (moddebug & MODDEBUG_ERRMSG) {
4349 		printf("error processing %s on which module %s depends\n",
4350 		    on, dep->mod_modname);
4351 	}
4352 	return (on_mod);
4353 }
4354 
4355 static int
4356 mod_install_requisites(struct modctl *modp)
4357 {
4358 	struct modctl_list *modl;
4359 	struct modctl *req;
4360 	int status = 0;
4361 
4362 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4363 	ASSERT(modp->mod_busy);
4364 
4365 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4366 		req = modl->modl_modp;
4367 		(void) mod_hold_by_modctl(req,
4368 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4369 		status = modinstall(req);
4370 		mod_release_mod(req);
4371 
4372 		if (status != 0)
4373 			break;
4374 	}
4375 	return (status);
4376 }
4377 
4378 /*
4379  * returns 1 if this thread is doing autounload, 0 otherwise.
4380  * see mod_uninstall_all.
4381  */
4382 int
4383 mod_in_autounload()
4384 {
4385 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4386 }
4387 
4388 /*
4389  * gmatch adapted from libc, stripping the wchar stuff
4390  */
4391 #define	popchar(p, c)	{ \
4392 		c = *p++; \
4393 		if (c == 0) { \
4394 			return (0); \
4395 		} \
4396 	}
4397 
4398 int
4399 gmatch(const char *s, const char *p)
4400 {
4401 	int c, sc;
4402 	int ok, lc, notflag;
4403 
4404 	sc = *s++;
4405 	c = *p++;
4406 	if (c == 0)
4407 		return (sc == c);	/* nothing matches nothing */
4408 
4409 	switch (c) {
4410 	case '\\':
4411 		/* skip to quoted character */
4412 		popchar(p, c);
4413 		/*FALLTHRU*/
4414 
4415 	default:
4416 		/* straight comparison */
4417 		if (c != sc)
4418 			return (0);
4419 		/*FALLTHRU*/
4420 
4421 	case '?':
4422 		/* first char matches, move to remainder */
4423 		return (sc != '\0' ? gmatch(s, p) : 0);
4424 
4425 
4426 	case '*':
4427 		while (*p == '*')
4428 			p++;
4429 
4430 		/* * matches everything */
4431 		if (*p == 0)
4432 			return (1);
4433 
4434 		/* undo skip at the beginning & iterate over substrings */
4435 		--s;
4436 		while (*s) {
4437 			if (gmatch(s, p))
4438 				return (1);
4439 			s++;
4440 		}
4441 		return (0);
4442 
4443 	case '[':
4444 		/* match any char within [] */
4445 		if (sc == 0)
4446 			return (0);
4447 
4448 		ok = lc = notflag = 0;
4449 
4450 		if (*p == '!') {
4451 			notflag = 1;
4452 			p++;
4453 		}
4454 		popchar(p, c);
4455 
4456 		do {
4457 			if (c == '-' && lc && *p != ']') {
4458 				/* test sc against range [c1-c2] */
4459 				popchar(p, c);
4460 				if (c == '\\') {
4461 					popchar(p, c);
4462 				}
4463 
4464 				if (notflag) {
4465 					/* return 0 on mismatch */
4466 					if (lc <= sc && sc <= c)
4467 						return (0);
4468 					ok++;
4469 				} else if (lc <= sc && sc <= c) {
4470 					ok++;
4471 				}
4472 				/* keep going, may get a match next */
4473 			} else if (c == '\\') {
4474 				/* skip to quoted character */
4475 				popchar(p, c);
4476 			}
4477 			lc = c;
4478 			if (notflag) {
4479 				if (sc == lc)
4480 					return (0);
4481 				ok++;
4482 			} else if (sc == lc) {
4483 				ok++;
4484 			}
4485 			popchar(p, c);
4486 		} while (c != ']');
4487 
4488 		/* recurse on remainder of string */
4489 		return (ok ? gmatch(s, p) : 0);
4490 	}
4491 	/*NOTREACHED*/
4492 }
4493 
4494 
4495 /*
4496  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4497  *
4498  * Pure wild-carded patterns are handled separately so the ordering of
4499  * these patterns doesn't matter.  We're still dependent on ordering
4500  * however as the first matching entry is the one returned.
4501  * Not ideal but all existing examples and usage do imply this
4502  * ordering implicitly.
4503  *
4504  * Drivers using the clone driver are always good for some entertainment.
4505  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4506  * perm entries have the form clone:<driver>, others use <driver>:*
4507  * Examples are clone:llc1 vs. llc2:*, for example.
4508  *
4509  * Minor perms in the clone:<driver> form are mapped to the drivers's
4510  * mperm list, not the clone driver, as wildcard entries for clone
4511  * reference only.  In other words, a clone wildcard will match
4512  * references for clone@0:<driver> but never <driver>@<minor>.
4513  *
4514  * Additional minor perms in the standard form are also supported,
4515  * for mixed usage, ie a node with an entry clone:<driver> could
4516  * provide further entries <driver>:<minor>.
4517  *
4518  * Finally, some uses of clone use an alias as the minor name rather
4519  * than the driver name, with the alias as the minor perm entry.
4520  * This case is handled by attaching the driver to bring its
4521  * minor list into existence, then discover the alias via DDI_ALIAS.
4522  * The clone device's minor perm list can then be searched for
4523  * that alias.
4524  */
4525 
4526 static int
4527 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4528 {
4529 	major_t			major;
4530 	struct devnames		*dnp;
4531 	mperm_t			*mp;
4532 	char			*alias = NULL;
4533 	dev_info_t		*cdevi;
4534 	int			circ;
4535 	struct ddi_minor_data	*dmd;
4536 
4537 	major = ddi_name_to_major(minor_name);
4538 
4539 	ASSERT(dip == clone_dip);
4540 	ASSERT(major != DDI_MAJOR_T_NONE);
4541 
4542 	/*
4543 	 * Attach the driver named by the minor node, then
4544 	 * search its first instance's minor list for an
4545 	 * alias node.
4546 	 */
4547 	if (ddi_hold_installed_driver(major) == NULL)
4548 		return (1);
4549 
4550 	dnp = &devnamesp[major];
4551 	LOCK_DEV_OPS(&dnp->dn_lock);
4552 
4553 	if ((cdevi = dnp->dn_head) != NULL) {
4554 		ndi_devi_enter(cdevi, &circ);
4555 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4556 			if (dmd->type == DDM_ALIAS) {
4557 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4558 				break;
4559 			}
4560 		}
4561 		ndi_devi_exit(cdevi, circ);
4562 	}
4563 
4564 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4565 	ddi_rele_driver(major);
4566 
4567 	if (alias == NULL) {
4568 		if (moddebug & MODDEBUG_MINORPERM)
4569 			cmn_err(CE_CONT, "dev_minorperm: "
4570 			    "no alias for %s\n", minor_name);
4571 		return (1);
4572 	}
4573 
4574 	major = ddi_driver_major(clone_dip);
4575 	dnp = &devnamesp[major];
4576 	LOCK_DEV_OPS(&dnp->dn_lock);
4577 
4578 	/*
4579 	 * Go through the clone driver's mperm list looking
4580 	 * for a match for the specified alias.
4581 	 */
4582 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4583 		if (strcmp(alias, mp->mp_minorname) == 0) {
4584 			break;
4585 		}
4586 	}
4587 
4588 	if (mp) {
4589 		if (moddebug & MODDEBUG_MP_MATCH) {
4590 			cmn_err(CE_CONT,
4591 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4592 			    minor_name, alias, mp->mp_mode,
4593 			    mp->mp_uid, mp->mp_gid);
4594 		}
4595 		rmp->mp_uid = mp->mp_uid;
4596 		rmp->mp_gid = mp->mp_gid;
4597 		rmp->mp_mode = mp->mp_mode;
4598 	}
4599 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4600 
4601 	kmem_free(alias, strlen(alias)+1);
4602 
4603 	return (mp == NULL);
4604 }
4605 
4606 int
4607 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4608 {
4609 	major_t major;
4610 	char *minor_name;
4611 	struct devnames *dnp;
4612 	mperm_t *mp;
4613 	int is_clone = 0;
4614 
4615 	if (!minorperm_loaded) {
4616 		if (moddebug & MODDEBUG_MINORPERM)
4617 			cmn_err(CE_CONT,
4618 			    "%s: minor perm not yet loaded\n", name);
4619 		return (1);
4620 	}
4621 
4622 	minor_name = strchr(name, ':');
4623 	if (minor_name == NULL)
4624 		return (1);
4625 	minor_name++;
4626 
4627 	/*
4628 	 * If it's the clone driver, search the driver as named
4629 	 * by the minor.  All clone minor perm entries other than
4630 	 * alias nodes are actually installed on the real driver's list.
4631 	 */
4632 	if (dip == clone_dip) {
4633 		major = ddi_name_to_major(minor_name);
4634 		if (major == DDI_MAJOR_T_NONE) {
4635 			if (moddebug & MODDEBUG_MINORPERM)
4636 				cmn_err(CE_CONT, "dev_minorperm: "
4637 				    "%s: no such driver\n", minor_name);
4638 			return (1);
4639 		}
4640 		is_clone = 1;
4641 	} else {
4642 		major = ddi_driver_major(dip);
4643 		ASSERT(major != DDI_MAJOR_T_NONE);
4644 	}
4645 
4646 	dnp = &devnamesp[major];
4647 	LOCK_DEV_OPS(&dnp->dn_lock);
4648 
4649 	/*
4650 	 * Go through the driver's mperm list looking for
4651 	 * a match for the specified minor.  If there's
4652 	 * no matching pattern, use the wild card.
4653 	 * Defer to the clone wild for clone if specified,
4654 	 * otherwise fall back to the normal form.
4655 	 */
4656 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4657 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
4658 			break;
4659 		}
4660 	}
4661 	if (mp == NULL) {
4662 		if (is_clone)
4663 			mp = dnp->dn_mperm_clone;
4664 		if (mp == NULL)
4665 			mp = dnp->dn_mperm_wild;
4666 	}
4667 
4668 	if (mp) {
4669 		if (moddebug & MODDEBUG_MP_MATCH) {
4670 			cmn_err(CE_CONT,
4671 			    "minor perm defaults: %s %s 0%o %d %d\n",
4672 			    name, mp->mp_minorname, mp->mp_mode,
4673 			    mp->mp_uid, mp->mp_gid);
4674 		}
4675 		rmp->mp_uid = mp->mp_uid;
4676 		rmp->mp_gid = mp->mp_gid;
4677 		rmp->mp_mode = mp->mp_mode;
4678 	}
4679 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4680 
4681 	/*
4682 	 * If no match can be found for a clone node,
4683 	 * search for a possible match for an alias.
4684 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4685 	 * with minor perm entry clone:ptmx.
4686 	 */
4687 	if (mp == NULL && is_clone) {
4688 		return (dev_alias_minorperm(dip, minor_name, rmp));
4689 	}
4690 
4691 	return (mp == NULL);
4692 }
4693 
4694 /*
4695  * dynamicaly reference load a dl module/library, returning handle
4696  */
4697 /*ARGSUSED*/
4698 ddi_modhandle_t
4699 ddi_modopen(const char *modname, int mode, int *errnop)
4700 {
4701 	char		*subdir;
4702 	char		*mod;
4703 	int		subdirlen;
4704 	struct modctl	*hmodp = NULL;
4705 	int		retval = EINVAL;
4706 
4707 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4708 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4709 		goto out;
4710 
4711 	/* find last '/' in modname */
4712 	mod = strrchr(modname, '/');
4713 
4714 	if (mod) {
4715 		/* for subdir string without modification to argument */
4716 		mod++;
4717 		subdirlen = mod - modname;
4718 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
4719 		(void) strlcpy(subdir, modname, subdirlen);
4720 	} else {
4721 		subdirlen = 0;
4722 		subdir = "misc";
4723 		mod = (char *)modname;
4724 	}
4725 
4726 	/* reference load with errno return value */
4727 	retval = modrload(subdir, mod, &hmodp);
4728 
4729 	if (subdirlen)
4730 		kmem_free(subdir, subdirlen);
4731 
4732 out:	if (errnop)
4733 		*errnop = retval;
4734 
4735 	if (moddebug & MODDEBUG_DDI_MOD)
4736 		printf("ddi_modopen %s mode %x: %s %p %d\n",
4737 		    modname ? modname : "<unknown>", mode,
4738 		    hmodp ? hmodp->mod_filename : "<unknown>",
4739 		    (void *)hmodp, retval);
4740 
4741 	return ((ddi_modhandle_t)hmodp);
4742 }
4743 
4744 /* lookup "name" in open dl module/library */
4745 void *
4746 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4747 {
4748 	struct modctl	*hmodp = (struct modctl *)h;
4749 	void		*f;
4750 	int		retval;
4751 
4752 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4753 	if ((hmodp == NULL) || (name == NULL) ||
4754 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4755 		f = NULL;
4756 		retval = EINVAL;
4757 	} else {
4758 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4759 		if (f)
4760 			retval = 0;
4761 		else
4762 			retval = ENOTSUP;
4763 	}
4764 
4765 	if (moddebug & MODDEBUG_DDI_MOD)
4766 		printf("ddi_modsym in %s of %s: %d %p\n",
4767 		    hmodp ? hmodp->mod_modname : "<unknown>",
4768 		    name ? name : "<unknown>", retval, f);
4769 
4770 	if (errnop)
4771 		*errnop = retval;
4772 	return (f);
4773 }
4774 
4775 /* dynamic (un)reference unload of an open dl module/library */
4776 int
4777 ddi_modclose(ddi_modhandle_t h)
4778 {
4779 	struct modctl	*hmodp = (struct modctl *)h;
4780 	struct modctl	*modp = NULL;
4781 	int		retval;
4782 
4783 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4784 	if ((hmodp == NULL) ||
4785 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4786 		retval = EINVAL;
4787 		goto out;
4788 	}
4789 
4790 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4791 	if (retval == EBUSY)
4792 		retval = 0;	/* EBUSY is not an error */
4793 
4794 	if (retval == 0) {
4795 		ASSERT(hmodp == modp);
4796 		if (hmodp != modp)
4797 			retval = EINVAL;
4798 	}
4799 
4800 out:	if (moddebug & MODDEBUG_DDI_MOD)
4801 		printf("ddi_modclose %s: %d\n",
4802 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
4803 
4804 	return (retval);
4805 }
4806