xref: /titanic_52/usr/src/cmd/mdb/common/modules/genunix/genunix.c (revision c81d47afd05baeb768e2f032636019b717899efd)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <mdb/mdb_param.h>
29 #include <mdb/mdb_modapi.h>
30 #include <mdb/mdb_ks.h>
31 #include <mdb/mdb_ctf.h>
32 
33 #include <sys/types.h>
34 #include <sys/thread.h>
35 #include <sys/session.h>
36 #include <sys/user.h>
37 #include <sys/proc.h>
38 #include <sys/var.h>
39 #include <sys/t_lock.h>
40 #include <sys/callo.h>
41 #include <sys/priocntl.h>
42 #include <sys/class.h>
43 #include <sys/regset.h>
44 #include <sys/stack.h>
45 #include <sys/cpuvar.h>
46 #include <sys/vnode.h>
47 #include <sys/vfs.h>
48 #include <sys/flock_impl.h>
49 #include <sys/kmem_impl.h>
50 #include <sys/vmem_impl.h>
51 #include <sys/kstat.h>
52 #include <vm/seg_vn.h>
53 #include <vm/anon.h>
54 #include <vm/as.h>
55 #include <vm/seg_map.h>
56 #include <sys/dditypes.h>
57 #include <sys/ddi_impldefs.h>
58 #include <sys/sysmacros.h>
59 #include <sys/sysconf.h>
60 #include <sys/task.h>
61 #include <sys/project.h>
62 #include <sys/taskq.h>
63 #include <sys/taskq_impl.h>
64 #include <sys/errorq_impl.h>
65 #include <sys/cred_impl.h>
66 #include <sys/zone.h>
67 #include <sys/panic.h>
68 #include <regex.h>
69 #include <sys/port_impl.h>
70 
71 #include "avl.h"
72 #include "contract.h"
73 #include "cpupart_mdb.h"
74 #include "devinfo.h"
75 #include "leaky.h"
76 #include "lgrp.h"
77 #include "pg.h"
78 #include "group.h"
79 #include "list.h"
80 #include "log.h"
81 #include "kgrep.h"
82 #include "kmem.h"
83 #include "bio.h"
84 #include "streams.h"
85 #include "cyclic.h"
86 #include "findstack.h"
87 #include "ndievents.h"
88 #include "mmd.h"
89 #include "net.h"
90 #include "netstack.h"
91 #include "nvpair.h"
92 #include "ctxop.h"
93 #include "tsd.h"
94 #include "thread.h"
95 #include "memory.h"
96 #include "sobj.h"
97 #include "sysevent.h"
98 #include "rctl.h"
99 #include "tsol.h"
100 #include "typegraph.h"
101 #include "ldi.h"
102 #include "vfs.h"
103 #include "zone.h"
104 #include "modhash.h"
105 #include "mdi.h"
106 #include "fm.h"
107 
108 /*
109  * Surely this is defined somewhere...
110  */
111 #define	NINTR		16
112 
113 #ifndef STACK_BIAS
114 #define	STACK_BIAS	0
115 #endif
116 
117 static char
118 pstat2ch(uchar_t state)
119 {
120 	switch (state) {
121 		case SSLEEP: return ('S');
122 		case SRUN: return ('R');
123 		case SZOMB: return ('Z');
124 		case SIDL: return ('I');
125 		case SONPROC: return ('O');
126 		case SSTOP: return ('T');
127 		default: return ('?');
128 	}
129 }
130 
131 #define	PS_PRTTHREADS	0x1
132 #define	PS_PRTLWPS	0x2
133 #define	PS_PSARGS	0x4
134 #define	PS_TASKS	0x8
135 #define	PS_PROJECTS	0x10
136 #define	PS_ZONES	0x20
137 
138 static int
139 ps_threadprint(uintptr_t addr, const void *data, void *private)
140 {
141 	const kthread_t *t = (const kthread_t *)data;
142 	uint_t prt_flags = *((uint_t *)private);
143 
144 	static const mdb_bitmask_t t_state_bits[] = {
145 		{ "TS_FREE",	UINT_MAX,	TS_FREE		},
146 		{ "TS_SLEEP",	TS_SLEEP,	TS_SLEEP	},
147 		{ "TS_RUN",	TS_RUN,		TS_RUN		},
148 		{ "TS_ONPROC",	TS_ONPROC,	TS_ONPROC	},
149 		{ "TS_ZOMB",	TS_ZOMB,	TS_ZOMB		},
150 		{ "TS_STOPPED",	TS_STOPPED,	TS_STOPPED	},
151 		{ NULL,		0,		0		}
152 	};
153 
154 	if (prt_flags & PS_PRTTHREADS)
155 		mdb_printf("\tT  %?a <%b>\n", addr, t->t_state, t_state_bits);
156 
157 	if (prt_flags & PS_PRTLWPS)
158 		mdb_printf("\tL  %?a ID: %u\n", t->t_lwp, t->t_tid);
159 
160 	return (WALK_NEXT);
161 }
162 
163 int
164 ps(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
165 {
166 	uint_t prt_flags = 0;
167 	proc_t pr;
168 	struct pid pid, pgid, sid;
169 	sess_t session;
170 	cred_t cred;
171 	task_t tk;
172 	kproject_t pj;
173 	zone_t zn;
174 
175 	if (!(flags & DCMD_ADDRSPEC)) {
176 		if (mdb_walk_dcmd("proc", "ps", argc, argv) == -1) {
177 			mdb_warn("can't walk 'proc'");
178 			return (DCMD_ERR);
179 		}
180 		return (DCMD_OK);
181 	}
182 
183 	if (mdb_getopts(argc, argv,
184 	    'f', MDB_OPT_SETBITS, PS_PSARGS, &prt_flags,
185 	    'l', MDB_OPT_SETBITS, PS_PRTLWPS, &prt_flags,
186 	    'T', MDB_OPT_SETBITS, PS_TASKS, &prt_flags,
187 	    'P', MDB_OPT_SETBITS, PS_PROJECTS, &prt_flags,
188 	    'z', MDB_OPT_SETBITS, PS_ZONES, &prt_flags,
189 	    't', MDB_OPT_SETBITS, PS_PRTTHREADS, &prt_flags, NULL) != argc)
190 		return (DCMD_USAGE);
191 
192 	if (DCMD_HDRSPEC(flags)) {
193 		mdb_printf("%<u>%1s %6s %6s %6s %6s ",
194 		    "S", "PID", "PPID", "PGID", "SID");
195 		if (prt_flags & PS_TASKS)
196 			mdb_printf("%5s ", "TASK");
197 		if (prt_flags & PS_PROJECTS)
198 			mdb_printf("%5s ", "PROJ");
199 		if (prt_flags & PS_ZONES)
200 			mdb_printf("%5s ", "ZONE");
201 		mdb_printf("%6s %10s %?s %s%</u>\n",
202 		    "UID", "FLAGS", "ADDR", "NAME");
203 	}
204 
205 	mdb_vread(&pr, sizeof (pr), addr);
206 	mdb_vread(&pid, sizeof (pid), (uintptr_t)pr.p_pidp);
207 	mdb_vread(&pgid, sizeof (pgid), (uintptr_t)pr.p_pgidp);
208 	mdb_vread(&cred, sizeof (cred), (uintptr_t)pr.p_cred);
209 	mdb_vread(&session, sizeof (session), (uintptr_t)pr.p_sessp);
210 	mdb_vread(&sid, sizeof (sid), (uintptr_t)session.s_sidp);
211 	if (prt_flags & (PS_TASKS | PS_PROJECTS))
212 		mdb_vread(&tk, sizeof (tk), (uintptr_t)pr.p_task);
213 	if (prt_flags & PS_PROJECTS)
214 		mdb_vread(&pj, sizeof (pj), (uintptr_t)tk.tk_proj);
215 	if (prt_flags & PS_ZONES)
216 		mdb_vread(&zn, sizeof (zone_t), (uintptr_t)pr.p_zone);
217 
218 	mdb_printf("%c %6d %6d %6d %6d ",
219 	    pstat2ch(pr.p_stat), pid.pid_id, pr.p_ppid, pgid.pid_id,
220 	    sid.pid_id);
221 	if (prt_flags & PS_TASKS)
222 		mdb_printf("%5d ", tk.tk_tkid);
223 	if (prt_flags & PS_PROJECTS)
224 		mdb_printf("%5d ", pj.kpj_id);
225 	if (prt_flags & PS_ZONES)
226 		mdb_printf("%5d ", zn.zone_id);
227 	mdb_printf("%6d 0x%08x %0?p %s\n",
228 	    cred.cr_uid, pr.p_flag, addr,
229 	    (prt_flags & PS_PSARGS) ? pr.p_user.u_psargs : pr.p_user.u_comm);
230 
231 	if (prt_flags & ~PS_PSARGS)
232 		(void) mdb_pwalk("thread", ps_threadprint, &prt_flags, addr);
233 
234 	return (DCMD_OK);
235 }
236 
237 #define	PG_NEWEST	0x0001
238 #define	PG_OLDEST	0x0002
239 #define	PG_PIPE_OUT	0x0004
240 #define	PG_EXACT_MATCH	0x0008
241 
242 typedef struct pgrep_data {
243 	uint_t pg_flags;
244 	uint_t pg_psflags;
245 	uintptr_t pg_xaddr;
246 	hrtime_t pg_xstart;
247 	const char *pg_pat;
248 #ifndef _KMDB
249 	regex_t pg_reg;
250 #endif
251 } pgrep_data_t;
252 
253 /*ARGSUSED*/
254 static int
255 pgrep_cb(uintptr_t addr, const void *pdata, void *data)
256 {
257 	const proc_t *prp = pdata;
258 	pgrep_data_t *pgp = data;
259 #ifndef _KMDB
260 	regmatch_t pmatch;
261 #endif
262 
263 	/*
264 	 * kmdb doesn't have access to the reg* functions, so we fall back
265 	 * to strstr/strcmp.
266 	 */
267 #ifdef _KMDB
268 	if ((pgp->pg_flags & PG_EXACT_MATCH) ?
269 	    (strcmp(prp->p_user.u_comm, pgp->pg_pat) != 0) :
270 	    (strstr(prp->p_user.u_comm, pgp->pg_pat) == NULL))
271 		return (WALK_NEXT);
272 #else
273 	if (regexec(&pgp->pg_reg, prp->p_user.u_comm, 1, &pmatch, 0) != 0)
274 		return (WALK_NEXT);
275 
276 	if ((pgp->pg_flags & PG_EXACT_MATCH) &&
277 	    (pmatch.rm_so != 0 || prp->p_user.u_comm[pmatch.rm_eo] != '\0'))
278 		return (WALK_NEXT);
279 #endif
280 
281 	if (pgp->pg_flags & (PG_NEWEST | PG_OLDEST)) {
282 		hrtime_t start;
283 
284 		start = (hrtime_t)prp->p_user.u_start.tv_sec * NANOSEC +
285 		    prp->p_user.u_start.tv_nsec;
286 
287 		if (pgp->pg_flags & PG_NEWEST) {
288 			if (pgp->pg_xaddr == NULL || start > pgp->pg_xstart) {
289 				pgp->pg_xaddr = addr;
290 				pgp->pg_xstart = start;
291 			}
292 		} else {
293 			if (pgp->pg_xaddr == NULL || start < pgp->pg_xstart) {
294 				pgp->pg_xaddr = addr;
295 				pgp->pg_xstart = start;
296 			}
297 		}
298 
299 	} else if (pgp->pg_flags & PG_PIPE_OUT) {
300 		mdb_printf("%p\n", addr);
301 
302 	} else {
303 		if (mdb_call_dcmd("ps", addr, pgp->pg_psflags, 0, NULL) != 0) {
304 			mdb_warn("can't invoke 'ps'");
305 			return (WALK_DONE);
306 		}
307 		pgp->pg_psflags &= ~DCMD_LOOPFIRST;
308 	}
309 
310 	return (WALK_NEXT);
311 }
312 
313 /*ARGSUSED*/
314 int
315 pgrep(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
316 {
317 	pgrep_data_t pg;
318 	int i;
319 #ifndef _KMDB
320 	int err;
321 #endif
322 
323 	if (flags & DCMD_ADDRSPEC)
324 		return (DCMD_USAGE);
325 
326 	pg.pg_flags = 0;
327 	pg.pg_xaddr = 0;
328 
329 	i = mdb_getopts(argc, argv,
330 	    'n', MDB_OPT_SETBITS, PG_NEWEST, &pg.pg_flags,
331 	    'o', MDB_OPT_SETBITS, PG_OLDEST, &pg.pg_flags,
332 	    'x', MDB_OPT_SETBITS, PG_EXACT_MATCH, &pg.pg_flags,
333 	    NULL);
334 
335 	argc -= i;
336 	argv += i;
337 
338 	if (argc != 1)
339 		return (DCMD_USAGE);
340 
341 	/*
342 	 * -n and -o are mutually exclusive.
343 	 */
344 	if ((pg.pg_flags & PG_NEWEST) && (pg.pg_flags & PG_OLDEST))
345 		return (DCMD_USAGE);
346 
347 	if (argv->a_type != MDB_TYPE_STRING)
348 		return (DCMD_USAGE);
349 
350 	if (flags & DCMD_PIPE_OUT)
351 		pg.pg_flags |= PG_PIPE_OUT;
352 
353 	pg.pg_pat = argv->a_un.a_str;
354 	if (DCMD_HDRSPEC(flags))
355 		pg.pg_psflags = DCMD_ADDRSPEC | DCMD_LOOP | DCMD_LOOPFIRST;
356 	else
357 		pg.pg_psflags = DCMD_ADDRSPEC | DCMD_LOOP;
358 
359 #ifndef _KMDB
360 	if ((err = regcomp(&pg.pg_reg, pg.pg_pat, REG_EXTENDED)) != 0) {
361 		size_t nbytes;
362 		char *buf;
363 
364 		nbytes = regerror(err, &pg.pg_reg, NULL, 0);
365 		buf = mdb_alloc(nbytes + 1, UM_SLEEP | UM_GC);
366 		(void) regerror(err, &pg.pg_reg, buf, nbytes);
367 		mdb_warn("%s\n", buf);
368 
369 		return (DCMD_ERR);
370 	}
371 #endif
372 
373 	if (mdb_walk("proc", pgrep_cb, &pg) != 0) {
374 		mdb_warn("can't walk 'proc'");
375 		return (DCMD_ERR);
376 	}
377 
378 	if (pg.pg_xaddr != 0 && (pg.pg_flags & (PG_NEWEST | PG_OLDEST))) {
379 		if (pg.pg_flags & PG_PIPE_OUT) {
380 			mdb_printf("%p\n", pg.pg_xaddr);
381 		} else {
382 			if (mdb_call_dcmd("ps", pg.pg_xaddr, pg.pg_psflags,
383 			    0, NULL) != 0) {
384 				mdb_warn("can't invoke 'ps'");
385 				return (DCMD_ERR);
386 			}
387 		}
388 	}
389 
390 	return (DCMD_OK);
391 }
392 
393 int
394 task(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
395 {
396 	task_t tk;
397 	kproject_t pj;
398 
399 	if (!(flags & DCMD_ADDRSPEC)) {
400 		if (mdb_walk_dcmd("task_cache", "task", argc, argv) == -1) {
401 			mdb_warn("can't walk task_cache");
402 			return (DCMD_ERR);
403 		}
404 		return (DCMD_OK);
405 	}
406 	if (DCMD_HDRSPEC(flags)) {
407 		mdb_printf("%<u>%?s %6s %6s %6s %6s %10s%</u>\n",
408 		    "ADDR", "TASKID", "PROJID", "ZONEID", "REFCNT", "FLAGS");
409 	}
410 	if (mdb_vread(&tk, sizeof (task_t), addr) == -1) {
411 		mdb_warn("can't read task_t structure at %p", addr);
412 		return (DCMD_ERR);
413 	}
414 	if (mdb_vread(&pj, sizeof (kproject_t), (uintptr_t)tk.tk_proj) == -1) {
415 		mdb_warn("can't read project_t structure at %p", addr);
416 		return (DCMD_ERR);
417 	}
418 	mdb_printf("%0?p %6d %6d %6d %6u 0x%08x\n",
419 	    addr, tk.tk_tkid, pj.kpj_id, pj.kpj_zoneid, tk.tk_hold_count,
420 	    tk.tk_flags);
421 	return (DCMD_OK);
422 }
423 
424 int
425 project(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
426 {
427 	kproject_t pj;
428 
429 	if (!(flags & DCMD_ADDRSPEC)) {
430 		if (mdb_walk_dcmd("projects", "project", argc, argv) == -1) {
431 			mdb_warn("can't walk projects");
432 			return (DCMD_ERR);
433 		}
434 		return (DCMD_OK);
435 	}
436 	if (DCMD_HDRSPEC(flags)) {
437 		mdb_printf("%<u>%?s %6s %6s %6s%</u>\n",
438 		    "ADDR", "PROJID", "ZONEID", "REFCNT");
439 	}
440 	if (mdb_vread(&pj, sizeof (kproject_t), addr) == -1) {
441 		mdb_warn("can't read kproject_t structure at %p", addr);
442 		return (DCMD_ERR);
443 	}
444 	mdb_printf("%0?p %6d %6d %6u\n", addr, pj.kpj_id, pj.kpj_zoneid,
445 	    pj.kpj_count);
446 	return (DCMD_OK);
447 }
448 
449 /*ARGSUSED*/
450 int
451 callout(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
452 {
453 	callout_table_t	*co_ktable[CALLOUT_TABLES];
454 	int co_kfanout;
455 	callout_table_t co_table;
456 	callout_t co_callout;
457 	callout_t *co_ptr;
458 	int co_id;
459 	clock_t lbolt;
460 	int i, j, k;
461 	const char *lbolt_sym;
462 
463 	if ((flags & DCMD_ADDRSPEC) || argc != 0)
464 		return (DCMD_USAGE);
465 
466 	if (mdb_prop_postmortem)
467 		lbolt_sym = "panic_lbolt";
468 	else
469 		lbolt_sym = "lbolt";
470 
471 	if (mdb_readvar(&lbolt, lbolt_sym) == -1) {
472 		mdb_warn("failed to read '%s'", lbolt_sym);
473 		return (DCMD_ERR);
474 	}
475 
476 	if (mdb_readvar(&co_kfanout, "callout_fanout") == -1) {
477 		mdb_warn("failed to read callout_fanout");
478 		return (DCMD_ERR);
479 	}
480 
481 	if (mdb_readvar(&co_ktable, "callout_table") == -1) {
482 		mdb_warn("failed to read callout_table");
483 		return (DCMD_ERR);
484 	}
485 
486 	mdb_printf("%<u>%-24s %-?s %-?s %-?s%</u>\n",
487 	    "FUNCTION", "ARGUMENT", "ID", "TIME");
488 
489 	for (i = 0; i < CALLOUT_NTYPES; i++) {
490 		for (j = 0; j < co_kfanout; j++) {
491 
492 			co_id = CALLOUT_TABLE(i, j);
493 
494 			if (mdb_vread(&co_table, sizeof (co_table),
495 			    (uintptr_t)co_ktable[co_id]) == -1) {
496 				mdb_warn("failed to read table at %p",
497 				    (uintptr_t)co_ktable[co_id]);
498 				continue;
499 			}
500 
501 			for (k = 0; k < CALLOUT_BUCKETS; k++) {
502 				co_ptr = co_table.ct_idhash[k];
503 
504 				while (co_ptr != NULL) {
505 					mdb_vread(&co_callout,
506 					    sizeof (co_callout),
507 					    (uintptr_t)co_ptr);
508 
509 					mdb_printf("%-24a %0?p %0?lx %?lx "
510 					    "(T%+ld)\n", co_callout.c_func,
511 					    co_callout.c_arg, co_callout.c_xid,
512 					    co_callout.c_runtime,
513 					    co_callout.c_runtime - lbolt);
514 
515 					co_ptr = co_callout.c_idnext;
516 				}
517 			}
518 		}
519 	}
520 
521 	return (DCMD_OK);
522 }
523 
524 /*ARGSUSED*/
525 int
526 class(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
527 {
528 	long num_classes, i;
529 	sclass_t *class_tbl;
530 	GElf_Sym g_sclass;
531 	char class_name[PC_CLNMSZ];
532 	size_t tbl_size;
533 
534 	if (mdb_lookup_by_name("sclass", &g_sclass) == -1) {
535 		mdb_warn("failed to find symbol sclass\n");
536 		return (DCMD_ERR);
537 	}
538 
539 	tbl_size = (size_t)g_sclass.st_size;
540 	num_classes = tbl_size / (sizeof (sclass_t));
541 	class_tbl = mdb_alloc(tbl_size, UM_SLEEP | UM_GC);
542 
543 	if (mdb_readsym(class_tbl, tbl_size, "sclass") == -1) {
544 		mdb_warn("failed to read sclass");
545 		return (DCMD_ERR);
546 	}
547 
548 	mdb_printf("%<u>%4s %-10s %-24s %-24s%</u>\n", "SLOT", "NAME",
549 	    "INIT FCN", "CLASS FCN");
550 
551 	for (i = 0; i < num_classes; i++) {
552 		if (mdb_vread(class_name, sizeof (class_name),
553 		    (uintptr_t)class_tbl[i].cl_name) == -1)
554 			(void) strcpy(class_name, "???");
555 
556 		mdb_printf("%4ld %-10s %-24a %-24a\n", i, class_name,
557 		    class_tbl[i].cl_init, class_tbl[i].cl_funcs);
558 	}
559 
560 	return (DCMD_OK);
561 }
562 
563 #define	FSNAMELEN	32	/* Max len of FS name we read from vnodeops */
564 
565 int
566 vnode2path(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
567 {
568 	uintptr_t rootdir;
569 	vnode_t vn;
570 	char buf[MAXPATHLEN];
571 
572 	uint_t opt_F = FALSE;
573 
574 	if (mdb_getopts(argc, argv,
575 	    'F', MDB_OPT_SETBITS, TRUE, &opt_F, NULL) != argc)
576 		return (DCMD_USAGE);
577 
578 	if (!(flags & DCMD_ADDRSPEC)) {
579 		mdb_warn("expected explicit vnode_t address before ::\n");
580 		return (DCMD_USAGE);
581 	}
582 
583 	if (mdb_readvar(&rootdir, "rootdir") == -1) {
584 		mdb_warn("failed to read rootdir");
585 		return (DCMD_ERR);
586 	}
587 
588 	if (mdb_vnode2path(addr, buf, sizeof (buf)) == -1)
589 		return (DCMD_ERR);
590 
591 	if (*buf == '\0') {
592 		mdb_printf("??\n");
593 		return (DCMD_OK);
594 	}
595 
596 	mdb_printf("%s", buf);
597 	if (opt_F && buf[strlen(buf)-1] != '/' &&
598 	    mdb_vread(&vn, sizeof (vn), addr) == sizeof (vn))
599 		mdb_printf("%c", mdb_vtype2chr(vn.v_type, 0));
600 	mdb_printf("\n");
601 
602 	return (DCMD_OK);
603 }
604 
605 int
606 ld_walk_init(mdb_walk_state_t *wsp)
607 {
608 	wsp->walk_data = (void *)wsp->walk_addr;
609 	return (WALK_NEXT);
610 }
611 
612 int
613 ld_walk_step(mdb_walk_state_t *wsp)
614 {
615 	int status;
616 	lock_descriptor_t ld;
617 
618 	if (mdb_vread(&ld, sizeof (lock_descriptor_t), wsp->walk_addr) == -1) {
619 		mdb_warn("couldn't read lock_descriptor_t at %p\n",
620 		    wsp->walk_addr);
621 		return (WALK_ERR);
622 	}
623 
624 	status = wsp->walk_callback(wsp->walk_addr, &ld, wsp->walk_cbdata);
625 	if (status == WALK_ERR)
626 		return (WALK_ERR);
627 
628 	wsp->walk_addr = (uintptr_t)ld.l_next;
629 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data)
630 		return (WALK_DONE);
631 
632 	return (status);
633 }
634 
635 int
636 lg_walk_init(mdb_walk_state_t *wsp)
637 {
638 	GElf_Sym sym;
639 
640 	if (mdb_lookup_by_name("lock_graph", &sym) == -1) {
641 		mdb_warn("failed to find symbol 'lock_graph'\n");
642 		return (WALK_ERR);
643 	}
644 
645 	wsp->walk_addr = (uintptr_t)sym.st_value;
646 	wsp->walk_data = (void *)(uintptr_t)(sym.st_value + sym.st_size);
647 
648 	return (WALK_NEXT);
649 }
650 
651 typedef struct lg_walk_data {
652 	uintptr_t startaddr;
653 	mdb_walk_cb_t callback;
654 	void *data;
655 } lg_walk_data_t;
656 
657 /*
658  * We can't use ::walk lock_descriptor directly, because the head of each graph
659  * is really a dummy lock.  Rather than trying to dynamically determine if this
660  * is a dummy node or not, we just filter out the initial element of the
661  * list.
662  */
663 static int
664 lg_walk_cb(uintptr_t addr, const void *data, void *priv)
665 {
666 	lg_walk_data_t *lw = priv;
667 
668 	if (addr != lw->startaddr)
669 		return (lw->callback(addr, data, lw->data));
670 
671 	return (WALK_NEXT);
672 }
673 
674 int
675 lg_walk_step(mdb_walk_state_t *wsp)
676 {
677 	graph_t *graph;
678 	lg_walk_data_t lw;
679 
680 	if (wsp->walk_addr >= (uintptr_t)wsp->walk_data)
681 		return (WALK_DONE);
682 
683 	if (mdb_vread(&graph, sizeof (graph), wsp->walk_addr) == -1) {
684 		mdb_warn("failed to read graph_t at %p", wsp->walk_addr);
685 		return (WALK_ERR);
686 	}
687 
688 	wsp->walk_addr += sizeof (graph);
689 
690 	if (graph == NULL)
691 		return (WALK_NEXT);
692 
693 	lw.callback = wsp->walk_callback;
694 	lw.data = wsp->walk_cbdata;
695 
696 	lw.startaddr = (uintptr_t)&(graph->active_locks);
697 	if (mdb_pwalk("lock_descriptor", lg_walk_cb, &lw, lw.startaddr)) {
698 		mdb_warn("couldn't walk lock_descriptor at %p\n", lw.startaddr);
699 		return (WALK_ERR);
700 	}
701 
702 	lw.startaddr = (uintptr_t)&(graph->sleeping_locks);
703 	if (mdb_pwalk("lock_descriptor", lg_walk_cb, &lw, lw.startaddr)) {
704 		mdb_warn("couldn't walk lock_descriptor at %p\n", lw.startaddr);
705 		return (WALK_ERR);
706 	}
707 
708 	return (WALK_NEXT);
709 }
710 
711 /*
712  * The space available for the path corresponding to the locked vnode depends
713  * on whether we are printing 32- or 64-bit addresses.
714  */
715 #ifdef _LP64
716 #define	LM_VNPATHLEN	20
717 #else
718 #define	LM_VNPATHLEN	30
719 #endif
720 
721 /*ARGSUSED*/
722 static int
723 lminfo_cb(uintptr_t addr, const void *data, void *priv)
724 {
725 	const lock_descriptor_t *ld = data;
726 	char buf[LM_VNPATHLEN];
727 	proc_t p;
728 
729 	mdb_printf("%-?p %2s %04x %6d %-16s %-?p ",
730 	    addr, ld->l_type == F_RDLCK ? "RD" :
731 	    ld->l_type == F_WRLCK ? "WR" : "??",
732 	    ld->l_state, ld->l_flock.l_pid,
733 	    ld->l_flock.l_pid == 0 ? "<kernel>" :
734 	    mdb_pid2proc(ld->l_flock.l_pid, &p) == NULL ?
735 	    "<defunct>" : p.p_user.u_comm,
736 	    ld->l_vnode);
737 
738 	mdb_vnode2path((uintptr_t)ld->l_vnode, buf,
739 	    sizeof (buf));
740 	mdb_printf("%s\n", buf);
741 
742 	return (WALK_NEXT);
743 }
744 
745 /*ARGSUSED*/
746 int
747 lminfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
748 {
749 	if (DCMD_HDRSPEC(flags))
750 		mdb_printf("%<u>%-?s %2s %4s %6s %-16s %-?s %s%</u>\n",
751 		    "ADDR", "TP", "FLAG", "PID", "COMM", "VNODE", "PATH");
752 
753 	return (mdb_pwalk("lock_graph", lminfo_cb, NULL, NULL));
754 }
755 
756 /*ARGSUSED*/
757 int
758 seg(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
759 {
760 	struct seg s;
761 
762 	if (argc != 0)
763 		return (DCMD_USAGE);
764 
765 	if ((flags & DCMD_LOOPFIRST) || !(flags & DCMD_LOOP)) {
766 		mdb_printf("%<u>%?s %?s %?s %?s %s%</u>\n",
767 		    "SEG", "BASE", "SIZE", "DATA", "OPS");
768 	}
769 
770 	if (mdb_vread(&s, sizeof (s), addr) == -1) {
771 		mdb_warn("failed to read seg at %p", addr);
772 		return (DCMD_ERR);
773 	}
774 
775 	mdb_printf("%?p %?p %?lx %?p %a\n",
776 	    addr, s.s_base, s.s_size, s.s_data, s.s_ops);
777 
778 	return (DCMD_OK);
779 }
780 
781 /*ARGSUSED*/
782 static int
783 pmap_walk_anon(uintptr_t addr, const struct anon *anon, int *nres)
784 {
785 	uintptr_t pp =
786 	    mdb_vnode2page((uintptr_t)anon->an_vp, (uintptr_t)anon->an_off);
787 
788 	if (pp != NULL)
789 		(*nres)++;
790 
791 	return (WALK_NEXT);
792 }
793 
794 static int
795 pmap_walk_seg(uintptr_t addr, const struct seg *seg, uintptr_t segvn)
796 {
797 
798 	mdb_printf("%0?p %0?p %7dk", addr, seg->s_base, seg->s_size / 1024);
799 
800 	if (segvn == (uintptr_t)seg->s_ops) {
801 		struct segvn_data svn;
802 		int nres = 0;
803 
804 		(void) mdb_vread(&svn, sizeof (svn), (uintptr_t)seg->s_data);
805 
806 		if (svn.amp == NULL) {
807 			mdb_printf(" %8s", "");
808 			goto drive_on;
809 		}
810 
811 		/*
812 		 * We've got an amp for this segment; walk through
813 		 * the amp, and determine mappings.
814 		 */
815 		if (mdb_pwalk("anon", (mdb_walk_cb_t)pmap_walk_anon,
816 		    &nres, (uintptr_t)svn.amp) == -1)
817 			mdb_warn("failed to walk anon (amp=%p)", svn.amp);
818 
819 		mdb_printf(" %7dk", (nres * PAGESIZE) / 1024);
820 drive_on:
821 
822 		if (svn.vp != NULL) {
823 			char buf[29];
824 
825 			mdb_vnode2path((uintptr_t)svn.vp, buf, sizeof (buf));
826 			mdb_printf(" %s", buf);
827 		} else
828 			mdb_printf(" [ anon ]");
829 	}
830 
831 	mdb_printf("\n");
832 	return (WALK_NEXT);
833 }
834 
835 static int
836 pmap_walk_seg_quick(uintptr_t addr, const struct seg *seg, uintptr_t segvn)
837 {
838 	mdb_printf("%0?p %0?p %7dk", addr, seg->s_base, seg->s_size / 1024);
839 
840 	if (segvn == (uintptr_t)seg->s_ops) {
841 		struct segvn_data svn;
842 
843 		(void) mdb_vread(&svn, sizeof (svn), (uintptr_t)seg->s_data);
844 
845 		if (svn.vp != NULL) {
846 			mdb_printf(" %0?p", svn.vp);
847 		} else {
848 			mdb_printf(" [ anon ]");
849 		}
850 	}
851 
852 	mdb_printf("\n");
853 	return (WALK_NEXT);
854 }
855 
856 /*ARGSUSED*/
857 int
858 pmap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
859 {
860 	uintptr_t segvn;
861 	proc_t proc;
862 	uint_t quick = FALSE;
863 	mdb_walk_cb_t cb = (mdb_walk_cb_t)pmap_walk_seg;
864 
865 	GElf_Sym sym;
866 
867 	if (!(flags & DCMD_ADDRSPEC))
868 		return (DCMD_USAGE);
869 
870 	if (mdb_getopts(argc, argv,
871 	    'q', MDB_OPT_SETBITS, TRUE, &quick, NULL) != argc)
872 		return (DCMD_USAGE);
873 
874 	if (mdb_vread(&proc, sizeof (proc), addr) == -1) {
875 		mdb_warn("failed to read proc at %p", addr);
876 		return (DCMD_ERR);
877 	}
878 
879 	if (mdb_lookup_by_name("segvn_ops", &sym) == 0)
880 		segvn = (uintptr_t)sym.st_value;
881 	else
882 		segvn = NULL;
883 
884 	mdb_printf("%?s %?s %8s ", "SEG", "BASE", "SIZE");
885 
886 	if (quick) {
887 		mdb_printf("VNODE\n");
888 		cb = (mdb_walk_cb_t)pmap_walk_seg_quick;
889 	} else {
890 		mdb_printf("%8s %s\n", "RES", "PATH");
891 	}
892 
893 	if (mdb_pwalk("seg", cb, (void *)segvn, (uintptr_t)proc.p_as) == -1) {
894 		mdb_warn("failed to walk segments of as %p", proc.p_as);
895 		return (DCMD_ERR);
896 	}
897 
898 	return (DCMD_OK);
899 }
900 
901 typedef struct anon_walk_data {
902 	uintptr_t *aw_levone;
903 	uintptr_t *aw_levtwo;
904 	int aw_nlevone;
905 	int aw_levone_ndx;
906 	int aw_levtwo_ndx;
907 	struct anon_map aw_amp;
908 	struct anon_hdr aw_ahp;
909 } anon_walk_data_t;
910 
911 int
912 anon_walk_init(mdb_walk_state_t *wsp)
913 {
914 	anon_walk_data_t *aw;
915 
916 	if (wsp->walk_addr == NULL) {
917 		mdb_warn("anon walk doesn't support global walks\n");
918 		return (WALK_ERR);
919 	}
920 
921 	aw = mdb_alloc(sizeof (anon_walk_data_t), UM_SLEEP);
922 
923 	if (mdb_vread(&aw->aw_amp, sizeof (aw->aw_amp), wsp->walk_addr) == -1) {
924 		mdb_warn("failed to read anon map at %p", wsp->walk_addr);
925 		mdb_free(aw, sizeof (anon_walk_data_t));
926 		return (WALK_ERR);
927 	}
928 
929 	if (mdb_vread(&aw->aw_ahp, sizeof (aw->aw_ahp),
930 	    (uintptr_t)(aw->aw_amp.ahp)) == -1) {
931 		mdb_warn("failed to read anon hdr ptr at %p", aw->aw_amp.ahp);
932 		mdb_free(aw, sizeof (anon_walk_data_t));
933 		return (WALK_ERR);
934 	}
935 
936 	if (aw->aw_ahp.size <= ANON_CHUNK_SIZE ||
937 	    (aw->aw_ahp.flags & ANON_ALLOC_FORCE)) {
938 		aw->aw_nlevone = aw->aw_ahp.size;
939 		aw->aw_levtwo = NULL;
940 	} else {
941 		aw->aw_nlevone =
942 		    (aw->aw_ahp.size + ANON_CHUNK_OFF) >> ANON_CHUNK_SHIFT;
943 		aw->aw_levtwo =
944 		    mdb_zalloc(ANON_CHUNK_SIZE * sizeof (uintptr_t), UM_SLEEP);
945 	}
946 
947 	aw->aw_levone =
948 	    mdb_alloc(aw->aw_nlevone * sizeof (uintptr_t), UM_SLEEP);
949 
950 	aw->aw_levone_ndx = 0;
951 	aw->aw_levtwo_ndx = 0;
952 
953 	mdb_vread(aw->aw_levone, aw->aw_nlevone * sizeof (uintptr_t),
954 	    (uintptr_t)aw->aw_ahp.array_chunk);
955 
956 	if (aw->aw_levtwo != NULL) {
957 		while (aw->aw_levone[aw->aw_levone_ndx] == NULL) {
958 			aw->aw_levone_ndx++;
959 			if (aw->aw_levone_ndx == aw->aw_nlevone) {
960 				mdb_warn("corrupt anon; couldn't"
961 				    "find ptr to lev two map");
962 				goto out;
963 			}
964 		}
965 
966 		mdb_vread(aw->aw_levtwo, ANON_CHUNK_SIZE * sizeof (uintptr_t),
967 		    aw->aw_levone[aw->aw_levone_ndx]);
968 	}
969 
970 out:
971 	wsp->walk_data = aw;
972 	return (0);
973 }
974 
975 int
976 anon_walk_step(mdb_walk_state_t *wsp)
977 {
978 	int status;
979 	anon_walk_data_t *aw = (anon_walk_data_t *)wsp->walk_data;
980 	struct anon anon;
981 	uintptr_t anonptr;
982 
983 again:
984 	/*
985 	 * Once we've walked through level one, we're done.
986 	 */
987 	if (aw->aw_levone_ndx == aw->aw_nlevone)
988 		return (WALK_DONE);
989 
990 	if (aw->aw_levtwo == NULL) {
991 		anonptr = aw->aw_levone[aw->aw_levone_ndx];
992 		aw->aw_levone_ndx++;
993 	} else {
994 		anonptr = aw->aw_levtwo[aw->aw_levtwo_ndx];
995 		aw->aw_levtwo_ndx++;
996 
997 		if (aw->aw_levtwo_ndx == ANON_CHUNK_SIZE) {
998 			aw->aw_levtwo_ndx = 0;
999 
1000 			do {
1001 				aw->aw_levone_ndx++;
1002 
1003 				if (aw->aw_levone_ndx == aw->aw_nlevone)
1004 					return (WALK_DONE);
1005 			} while (aw->aw_levone[aw->aw_levone_ndx] == NULL);
1006 
1007 			mdb_vread(aw->aw_levtwo, ANON_CHUNK_SIZE *
1008 			    sizeof (uintptr_t),
1009 			    aw->aw_levone[aw->aw_levone_ndx]);
1010 		}
1011 	}
1012 
1013 	if (anonptr != NULL) {
1014 		mdb_vread(&anon, sizeof (anon), anonptr);
1015 		status = wsp->walk_callback(anonptr, &anon, wsp->walk_cbdata);
1016 	} else
1017 		goto again;
1018 
1019 	return (status);
1020 }
1021 
1022 void
1023 anon_walk_fini(mdb_walk_state_t *wsp)
1024 {
1025 	anon_walk_data_t *aw = (anon_walk_data_t *)wsp->walk_data;
1026 
1027 	if (aw->aw_levtwo != NULL)
1028 		mdb_free(aw->aw_levtwo, ANON_CHUNK_SIZE * sizeof (uintptr_t));
1029 
1030 	mdb_free(aw->aw_levone, aw->aw_nlevone * sizeof (uintptr_t));
1031 	mdb_free(aw, sizeof (anon_walk_data_t));
1032 }
1033 
1034 /*ARGSUSED*/
1035 int
1036 whereopen_fwalk(uintptr_t addr, struct file *f, uintptr_t *target)
1037 {
1038 	if ((uintptr_t)f->f_vnode == *target) {
1039 		mdb_printf("file %p\n", addr);
1040 		*target = NULL;
1041 	}
1042 
1043 	return (WALK_NEXT);
1044 }
1045 
1046 /*ARGSUSED*/
1047 int
1048 whereopen_pwalk(uintptr_t addr, void *ignored, uintptr_t *target)
1049 {
1050 	uintptr_t t = *target;
1051 
1052 	if (mdb_pwalk("file", (mdb_walk_cb_t)whereopen_fwalk, &t, addr) == -1) {
1053 		mdb_warn("couldn't file walk proc %p", addr);
1054 		return (WALK_ERR);
1055 	}
1056 
1057 	if (t == NULL)
1058 		mdb_printf("%p\n", addr);
1059 
1060 	return (WALK_NEXT);
1061 }
1062 
1063 /*ARGSUSED*/
1064 int
1065 whereopen(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1066 {
1067 	uintptr_t target = addr;
1068 
1069 	if (!(flags & DCMD_ADDRSPEC) || addr == NULL)
1070 		return (DCMD_USAGE);
1071 
1072 	if (mdb_walk("proc", (mdb_walk_cb_t)whereopen_pwalk, &target) == -1) {
1073 		mdb_warn("can't proc walk");
1074 		return (DCMD_ERR);
1075 	}
1076 
1077 	return (DCMD_OK);
1078 }
1079 
1080 typedef struct datafmt {
1081 	char	*hdr1;
1082 	char	*hdr2;
1083 	char	*dashes;
1084 	char	*fmt;
1085 } datafmt_t;
1086 
1087 static datafmt_t kmemfmt[] = {
1088 	{ "cache                    ", "name                     ",
1089 	"-------------------------", "%-25s "				},
1090 	{ "   buf",	"  size",	"------",	"%6u "		},
1091 	{ "   buf",	"in use",	"------",	"%6u "		},
1092 	{ "   buf",	" total",	"------",	"%6u "		},
1093 	{ "   memory",	"   in use",	"---------",	"%9u "		},
1094 	{ "    alloc",	"  succeed",	"---------",	"%9u "		},
1095 	{ "alloc",	" fail",	"-----",	"%5u "		},
1096 	{ NULL,		NULL,		NULL,		NULL		}
1097 };
1098 
1099 static datafmt_t vmemfmt[] = {
1100 	{ "vmem                     ", "name                     ",
1101 	"-------------------------", "%-*s "				},
1102 	{ "   memory",	"   in use",	"---------",	"%9llu "	},
1103 	{ "    memory",	"     total",	"----------",	"%10llu "	},
1104 	{ "   memory",	"   import",	"---------",	"%9llu "	},
1105 	{ "    alloc",	"  succeed",	"---------",	"%9llu "	},
1106 	{ "alloc",	" fail",	"-----",	"%5llu "	},
1107 	{ NULL,		NULL,		NULL,		NULL		}
1108 };
1109 
1110 /*ARGSUSED*/
1111 static int
1112 kmastat_cpu_avail(uintptr_t addr, const kmem_cpu_cache_t *ccp, int *avail)
1113 {
1114 	if (ccp->cc_rounds > 0)
1115 		*avail += ccp->cc_rounds;
1116 	if (ccp->cc_prounds > 0)
1117 		*avail += ccp->cc_prounds;
1118 
1119 	return (WALK_NEXT);
1120 }
1121 
1122 /*ARGSUSED*/
1123 static int
1124 kmastat_cpu_alloc(uintptr_t addr, const kmem_cpu_cache_t *ccp, int *alloc)
1125 {
1126 	*alloc += ccp->cc_alloc;
1127 
1128 	return (WALK_NEXT);
1129 }
1130 
1131 /*ARGSUSED*/
1132 static int
1133 kmastat_slab_avail(uintptr_t addr, const kmem_slab_t *sp, int *avail)
1134 {
1135 	*avail += sp->slab_chunks - sp->slab_refcnt;
1136 
1137 	return (WALK_NEXT);
1138 }
1139 
1140 typedef struct kmastat_vmem {
1141 	uintptr_t kv_addr;
1142 	struct kmastat_vmem *kv_next;
1143 	int kv_meminuse;
1144 	int kv_alloc;
1145 	int kv_fail;
1146 } kmastat_vmem_t;
1147 
1148 typedef struct kmastat_args {
1149 	kmastat_vmem_t **ka_kvpp;
1150 	uint_t ka_shift;
1151 } kmastat_args_t;
1152 
1153 static int
1154 kmastat_cache(uintptr_t addr, const kmem_cache_t *cp, kmastat_args_t *kap)
1155 {
1156 	kmastat_vmem_t **kvp = kap->ka_kvpp;
1157 	kmastat_vmem_t *kv;
1158 	datafmt_t *dfp = kmemfmt;
1159 	int magsize;
1160 
1161 	int avail, alloc, total;
1162 	size_t meminuse = (cp->cache_slab_create - cp->cache_slab_destroy) *
1163 	    cp->cache_slabsize;
1164 
1165 	mdb_walk_cb_t cpu_avail = (mdb_walk_cb_t)kmastat_cpu_avail;
1166 	mdb_walk_cb_t cpu_alloc = (mdb_walk_cb_t)kmastat_cpu_alloc;
1167 	mdb_walk_cb_t slab_avail = (mdb_walk_cb_t)kmastat_slab_avail;
1168 
1169 	magsize = kmem_get_magsize(cp);
1170 
1171 	alloc = cp->cache_slab_alloc + cp->cache_full.ml_alloc;
1172 	avail = cp->cache_full.ml_total * magsize;
1173 	total = cp->cache_buftotal;
1174 
1175 	(void) mdb_pwalk("kmem_cpu_cache", cpu_alloc, &alloc, addr);
1176 	(void) mdb_pwalk("kmem_cpu_cache", cpu_avail, &avail, addr);
1177 	(void) mdb_pwalk("kmem_slab_partial", slab_avail, &avail, addr);
1178 
1179 	for (kv = *kvp; kv != NULL; kv = kv->kv_next) {
1180 		if (kv->kv_addr == (uintptr_t)cp->cache_arena)
1181 			goto out;
1182 	}
1183 
1184 	kv = mdb_zalloc(sizeof (kmastat_vmem_t), UM_SLEEP | UM_GC);
1185 	kv->kv_next = *kvp;
1186 	kv->kv_addr = (uintptr_t)cp->cache_arena;
1187 	*kvp = kv;
1188 out:
1189 	kv->kv_meminuse += meminuse;
1190 	kv->kv_alloc += alloc;
1191 	kv->kv_fail += cp->cache_alloc_fail;
1192 
1193 	mdb_printf((dfp++)->fmt, cp->cache_name);
1194 	mdb_printf((dfp++)->fmt, cp->cache_bufsize);
1195 	mdb_printf((dfp++)->fmt, total - avail);
1196 	mdb_printf((dfp++)->fmt, total);
1197 	mdb_printf((dfp++)->fmt, meminuse >> kap->ka_shift);
1198 	mdb_printf((dfp++)->fmt, alloc);
1199 	mdb_printf((dfp++)->fmt, cp->cache_alloc_fail);
1200 	mdb_printf("\n");
1201 
1202 	return (WALK_NEXT);
1203 }
1204 
1205 static int
1206 kmastat_vmem_totals(uintptr_t addr, const vmem_t *v, kmastat_args_t *kap)
1207 {
1208 	kmastat_vmem_t *kv = *kap->ka_kvpp;
1209 	size_t len;
1210 
1211 	while (kv != NULL && kv->kv_addr != addr)
1212 		kv = kv->kv_next;
1213 
1214 	if (kv == NULL || kv->kv_alloc == 0)
1215 		return (WALK_NEXT);
1216 
1217 	len = MIN(17, strlen(v->vm_name));
1218 
1219 	mdb_printf("Total [%s]%*s %6s %6s %6s %9u %9u %5u\n", v->vm_name,
1220 	    17 - len, "", "", "", "",
1221 	    kv->kv_meminuse >> kap->ka_shift, kv->kv_alloc, kv->kv_fail);
1222 
1223 	return (WALK_NEXT);
1224 }
1225 
1226 /*ARGSUSED*/
1227 static int
1228 kmastat_vmem(uintptr_t addr, const vmem_t *v, const uint_t *shiftp)
1229 {
1230 	datafmt_t *dfp = vmemfmt;
1231 	const vmem_kstat_t *vkp = &v->vm_kstat;
1232 	uintptr_t paddr;
1233 	vmem_t parent;
1234 	int ident = 0;
1235 
1236 	for (paddr = (uintptr_t)v->vm_source; paddr != NULL; ident += 4) {
1237 		if (mdb_vread(&parent, sizeof (parent), paddr) == -1) {
1238 			mdb_warn("couldn't trace %p's ancestry", addr);
1239 			ident = 0;
1240 			break;
1241 		}
1242 		paddr = (uintptr_t)parent.vm_source;
1243 	}
1244 
1245 	mdb_printf("%*s", ident, "");
1246 	mdb_printf((dfp++)->fmt, 25 - ident, v->vm_name);
1247 	mdb_printf((dfp++)->fmt, vkp->vk_mem_inuse.value.ui64);
1248 	mdb_printf((dfp++)->fmt, vkp->vk_mem_total.value.ui64);
1249 	mdb_printf((dfp++)->fmt, vkp->vk_mem_import.value.ui64 >> *shiftp);
1250 	mdb_printf((dfp++)->fmt, vkp->vk_alloc.value.ui64);
1251 	mdb_printf((dfp++)->fmt, vkp->vk_fail.value.ui64);
1252 
1253 	mdb_printf("\n");
1254 
1255 	return (WALK_NEXT);
1256 }
1257 
1258 /*ARGSUSED*/
1259 int
1260 kmastat(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
1261 {
1262 	kmastat_vmem_t *kv = NULL;
1263 	datafmt_t *dfp;
1264 	kmastat_args_t ka;
1265 
1266 	ka.ka_shift = 0;
1267 	if (mdb_getopts(argc, argv,
1268 	    'k', MDB_OPT_SETBITS, 10, &ka.ka_shift,
1269 	    'm', MDB_OPT_SETBITS, 20, &ka.ka_shift,
1270 	    'g', MDB_OPT_SETBITS, 30, &ka.ka_shift, NULL) != argc)
1271 		return (DCMD_USAGE);
1272 
1273 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
1274 		mdb_printf("%s ", dfp->hdr1);
1275 	mdb_printf("\n");
1276 
1277 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
1278 		mdb_printf("%s ", dfp->hdr2);
1279 	mdb_printf("\n");
1280 
1281 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
1282 		mdb_printf("%s ", dfp->dashes);
1283 	mdb_printf("\n");
1284 
1285 	ka.ka_kvpp = &kv;
1286 	if (mdb_walk("kmem_cache", (mdb_walk_cb_t)kmastat_cache, &ka) == -1) {
1287 		mdb_warn("can't walk 'kmem_cache'");
1288 		return (DCMD_ERR);
1289 	}
1290 
1291 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
1292 		mdb_printf("%s ", dfp->dashes);
1293 	mdb_printf("\n");
1294 
1295 	if (mdb_walk("vmem", (mdb_walk_cb_t)kmastat_vmem_totals, &ka) == -1) {
1296 		mdb_warn("can't walk 'vmem'");
1297 		return (DCMD_ERR);
1298 	}
1299 
1300 	for (dfp = kmemfmt; dfp->hdr1 != NULL; dfp++)
1301 		mdb_printf("%s ", dfp->dashes);
1302 	mdb_printf("\n");
1303 
1304 	mdb_printf("\n");
1305 
1306 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
1307 		mdb_printf("%s ", dfp->hdr1);
1308 	mdb_printf("\n");
1309 
1310 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
1311 		mdb_printf("%s ", dfp->hdr2);
1312 	mdb_printf("\n");
1313 
1314 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
1315 		mdb_printf("%s ", dfp->dashes);
1316 	mdb_printf("\n");
1317 
1318 	if (mdb_walk("vmem", (mdb_walk_cb_t)kmastat_vmem, &ka.ka_shift) == -1) {
1319 		mdb_warn("can't walk 'vmem'");
1320 		return (DCMD_ERR);
1321 	}
1322 
1323 	for (dfp = vmemfmt; dfp->hdr1 != NULL; dfp++)
1324 		mdb_printf("%s ", dfp->dashes);
1325 	mdb_printf("\n");
1326 	return (DCMD_OK);
1327 }
1328 
1329 /*
1330  * Our ::kgrep callback scans the entire kernel VA space (kas).  kas is made
1331  * up of a set of 'struct seg's.  We could just scan each seg en masse, but
1332  * unfortunately, a few of the segs are both large and sparse, so we could
1333  * spend quite a bit of time scanning VAs which have no backing pages.
1334  *
1335  * So for the few very sparse segs, we skip the segment itself, and scan
1336  * the allocated vmem_segs in the vmem arena which manages that part of kas.
1337  * Currently, we do this for:
1338  *
1339  *	SEG		VMEM ARENA
1340  *	kvseg		heap_arena
1341  *	kvseg32		heap32_arena
1342  *	kvseg_core	heap_core_arena
1343  *
1344  * In addition, we skip the segkpm segment in its entirety, since it is very
1345  * sparse, and contains no new kernel data.
1346  */
1347 typedef struct kgrep_walk_data {
1348 	kgrep_cb_func *kg_cb;
1349 	void *kg_cbdata;
1350 	uintptr_t kg_kvseg;
1351 	uintptr_t kg_kvseg32;
1352 	uintptr_t kg_kvseg_core;
1353 	uintptr_t kg_segkpm;
1354 	uintptr_t kg_heap_lp_base;
1355 	uintptr_t kg_heap_lp_end;
1356 } kgrep_walk_data_t;
1357 
1358 static int
1359 kgrep_walk_seg(uintptr_t addr, const struct seg *seg, kgrep_walk_data_t *kg)
1360 {
1361 	uintptr_t base = (uintptr_t)seg->s_base;
1362 
1363 	if (addr == kg->kg_kvseg || addr == kg->kg_kvseg32 ||
1364 	    addr == kg->kg_kvseg_core)
1365 		return (WALK_NEXT);
1366 
1367 	if ((uintptr_t)seg->s_ops == kg->kg_segkpm)
1368 		return (WALK_NEXT);
1369 
1370 	return (kg->kg_cb(base, base + seg->s_size, kg->kg_cbdata));
1371 }
1372 
1373 /*ARGSUSED*/
1374 static int
1375 kgrep_walk_vseg(uintptr_t addr, const vmem_seg_t *seg, kgrep_walk_data_t *kg)
1376 {
1377 	/*
1378 	 * skip large page heap address range - it is scanned by walking
1379 	 * allocated vmem_segs in the heap_lp_arena
1380 	 */
1381 	if (seg->vs_start == kg->kg_heap_lp_base &&
1382 	    seg->vs_end == kg->kg_heap_lp_end)
1383 		return (WALK_NEXT);
1384 
1385 	return (kg->kg_cb(seg->vs_start, seg->vs_end, kg->kg_cbdata));
1386 }
1387 
1388 /*ARGSUSED*/
1389 static int
1390 kgrep_xwalk_vseg(uintptr_t addr, const vmem_seg_t *seg, kgrep_walk_data_t *kg)
1391 {
1392 	return (kg->kg_cb(seg->vs_start, seg->vs_end, kg->kg_cbdata));
1393 }
1394 
1395 static int
1396 kgrep_walk_vmem(uintptr_t addr, const vmem_t *vmem, kgrep_walk_data_t *kg)
1397 {
1398 	mdb_walk_cb_t walk_vseg = (mdb_walk_cb_t)kgrep_walk_vseg;
1399 
1400 	if (strcmp(vmem->vm_name, "heap") != 0 &&
1401 	    strcmp(vmem->vm_name, "heap32") != 0 &&
1402 	    strcmp(vmem->vm_name, "heap_core") != 0 &&
1403 	    strcmp(vmem->vm_name, "heap_lp") != 0)
1404 		return (WALK_NEXT);
1405 
1406 	if (strcmp(vmem->vm_name, "heap_lp") == 0)
1407 		walk_vseg = (mdb_walk_cb_t)kgrep_xwalk_vseg;
1408 
1409 	if (mdb_pwalk("vmem_alloc", walk_vseg, kg, addr) == -1) {
1410 		mdb_warn("couldn't walk vmem_alloc for vmem %p", addr);
1411 		return (WALK_ERR);
1412 	}
1413 
1414 	return (WALK_NEXT);
1415 }
1416 
1417 int
1418 kgrep_subr(kgrep_cb_func *cb, void *cbdata)
1419 {
1420 	GElf_Sym kas, kvseg, kvseg32, kvseg_core, segkpm;
1421 	kgrep_walk_data_t kg;
1422 
1423 	if (mdb_get_state() == MDB_STATE_RUNNING) {
1424 		mdb_warn("kgrep can only be run on a system "
1425 		    "dump or under kmdb; see dumpadm(1M)\n");
1426 		return (DCMD_ERR);
1427 	}
1428 
1429 	if (mdb_lookup_by_name("kas", &kas) == -1) {
1430 		mdb_warn("failed to locate 'kas' symbol\n");
1431 		return (DCMD_ERR);
1432 	}
1433 
1434 	if (mdb_lookup_by_name("kvseg", &kvseg) == -1) {
1435 		mdb_warn("failed to locate 'kvseg' symbol\n");
1436 		return (DCMD_ERR);
1437 	}
1438 
1439 	if (mdb_lookup_by_name("kvseg32", &kvseg32) == -1) {
1440 		mdb_warn("failed to locate 'kvseg32' symbol\n");
1441 		return (DCMD_ERR);
1442 	}
1443 
1444 	if (mdb_lookup_by_name("kvseg_core", &kvseg_core) == -1) {
1445 		mdb_warn("failed to locate 'kvseg_core' symbol\n");
1446 		return (DCMD_ERR);
1447 	}
1448 
1449 	if (mdb_lookup_by_name("segkpm_ops", &segkpm) == -1) {
1450 		mdb_warn("failed to locate 'segkpm_ops' symbol\n");
1451 		return (DCMD_ERR);
1452 	}
1453 
1454 	if (mdb_readvar(&kg.kg_heap_lp_base, "heap_lp_base") == -1) {
1455 		mdb_warn("failed to read 'heap_lp_base'\n");
1456 		return (DCMD_ERR);
1457 	}
1458 
1459 	if (mdb_readvar(&kg.kg_heap_lp_end, "heap_lp_end") == -1) {
1460 		mdb_warn("failed to read 'heap_lp_end'\n");
1461 		return (DCMD_ERR);
1462 	}
1463 
1464 	kg.kg_cb = cb;
1465 	kg.kg_cbdata = cbdata;
1466 	kg.kg_kvseg = (uintptr_t)kvseg.st_value;
1467 	kg.kg_kvseg32 = (uintptr_t)kvseg32.st_value;
1468 	kg.kg_kvseg_core = (uintptr_t)kvseg_core.st_value;
1469 	kg.kg_segkpm = (uintptr_t)segkpm.st_value;
1470 
1471 	if (mdb_pwalk("seg", (mdb_walk_cb_t)kgrep_walk_seg,
1472 	    &kg, kas.st_value) == -1) {
1473 		mdb_warn("failed to walk kas segments");
1474 		return (DCMD_ERR);
1475 	}
1476 
1477 	if (mdb_walk("vmem", (mdb_walk_cb_t)kgrep_walk_vmem, &kg) == -1) {
1478 		mdb_warn("failed to walk heap/heap32 vmem arenas");
1479 		return (DCMD_ERR);
1480 	}
1481 
1482 	return (DCMD_OK);
1483 }
1484 
1485 size_t
1486 kgrep_subr_pagesize(void)
1487 {
1488 	return (PAGESIZE);
1489 }
1490 
1491 typedef struct file_walk_data {
1492 	struct uf_entry *fw_flist;
1493 	int fw_flistsz;
1494 	int fw_ndx;
1495 	int fw_nofiles;
1496 } file_walk_data_t;
1497 
1498 int
1499 file_walk_init(mdb_walk_state_t *wsp)
1500 {
1501 	file_walk_data_t *fw;
1502 	proc_t p;
1503 
1504 	if (wsp->walk_addr == NULL) {
1505 		mdb_warn("file walk doesn't support global walks\n");
1506 		return (WALK_ERR);
1507 	}
1508 
1509 	fw = mdb_alloc(sizeof (file_walk_data_t), UM_SLEEP);
1510 
1511 	if (mdb_vread(&p, sizeof (p), wsp->walk_addr) == -1) {
1512 		mdb_free(fw, sizeof (file_walk_data_t));
1513 		mdb_warn("failed to read proc structure at %p", wsp->walk_addr);
1514 		return (WALK_ERR);
1515 	}
1516 
1517 	if (p.p_user.u_finfo.fi_nfiles == 0) {
1518 		mdb_free(fw, sizeof (file_walk_data_t));
1519 		return (WALK_DONE);
1520 	}
1521 
1522 	fw->fw_nofiles = p.p_user.u_finfo.fi_nfiles;
1523 	fw->fw_flistsz = sizeof (struct uf_entry) * fw->fw_nofiles;
1524 	fw->fw_flist = mdb_alloc(fw->fw_flistsz, UM_SLEEP);
1525 
1526 	if (mdb_vread(fw->fw_flist, fw->fw_flistsz,
1527 	    (uintptr_t)p.p_user.u_finfo.fi_list) == -1) {
1528 		mdb_warn("failed to read file array at %p",
1529 		    p.p_user.u_finfo.fi_list);
1530 		mdb_free(fw->fw_flist, fw->fw_flistsz);
1531 		mdb_free(fw, sizeof (file_walk_data_t));
1532 		return (WALK_ERR);
1533 	}
1534 
1535 	fw->fw_ndx = 0;
1536 	wsp->walk_data = fw;
1537 
1538 	return (WALK_NEXT);
1539 }
1540 
1541 int
1542 file_walk_step(mdb_walk_state_t *wsp)
1543 {
1544 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
1545 	struct file file;
1546 	uintptr_t fp;
1547 
1548 again:
1549 	if (fw->fw_ndx == fw->fw_nofiles)
1550 		return (WALK_DONE);
1551 
1552 	if ((fp = (uintptr_t)fw->fw_flist[fw->fw_ndx++].uf_file) == NULL)
1553 		goto again;
1554 
1555 	(void) mdb_vread(&file, sizeof (file), (uintptr_t)fp);
1556 	return (wsp->walk_callback(fp, &file, wsp->walk_cbdata));
1557 }
1558 
1559 int
1560 allfile_walk_step(mdb_walk_state_t *wsp)
1561 {
1562 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
1563 	struct file file;
1564 	uintptr_t fp;
1565 
1566 	if (fw->fw_ndx == fw->fw_nofiles)
1567 		return (WALK_DONE);
1568 
1569 	if ((fp = (uintptr_t)fw->fw_flist[fw->fw_ndx++].uf_file) != NULL)
1570 		(void) mdb_vread(&file, sizeof (file), (uintptr_t)fp);
1571 	else
1572 		bzero(&file, sizeof (file));
1573 
1574 	return (wsp->walk_callback(fp, &file, wsp->walk_cbdata));
1575 }
1576 
1577 void
1578 file_walk_fini(mdb_walk_state_t *wsp)
1579 {
1580 	file_walk_data_t *fw = (file_walk_data_t *)wsp->walk_data;
1581 
1582 	mdb_free(fw->fw_flist, fw->fw_flistsz);
1583 	mdb_free(fw, sizeof (file_walk_data_t));
1584 }
1585 
1586 int
1587 port_walk_init(mdb_walk_state_t *wsp)
1588 {
1589 	if (wsp->walk_addr == NULL) {
1590 		mdb_warn("port walk doesn't support global walks\n");
1591 		return (WALK_ERR);
1592 	}
1593 
1594 	if (mdb_layered_walk("file", wsp) == -1) {
1595 		mdb_warn("couldn't walk 'file'");
1596 		return (WALK_ERR);
1597 	}
1598 	return (WALK_NEXT);
1599 }
1600 
1601 int
1602 port_walk_step(mdb_walk_state_t *wsp)
1603 {
1604 	struct vnode	vn;
1605 	uintptr_t	vp;
1606 	uintptr_t	pp;
1607 	struct port	port;
1608 
1609 	vp = (uintptr_t)((struct file *)wsp->walk_layer)->f_vnode;
1610 	if (mdb_vread(&vn, sizeof (vn), vp) == -1) {
1611 		mdb_warn("failed to read vnode_t at %p", vp);
1612 		return (WALK_ERR);
1613 	}
1614 	if (vn.v_type != VPORT)
1615 		return (WALK_NEXT);
1616 
1617 	pp = (uintptr_t)vn.v_data;
1618 	if (mdb_vread(&port, sizeof (port), pp) == -1) {
1619 		mdb_warn("failed to read port_t at %p", pp);
1620 		return (WALK_ERR);
1621 	}
1622 	return (wsp->walk_callback(pp, &port, wsp->walk_cbdata));
1623 }
1624 
1625 typedef struct portev_walk_data {
1626 	list_node_t	*pev_node;
1627 	list_node_t	*pev_last;
1628 	size_t		pev_offset;
1629 } portev_walk_data_t;
1630 
1631 int
1632 portev_walk_init(mdb_walk_state_t *wsp)
1633 {
1634 	portev_walk_data_t *pevd;
1635 	struct port	port;
1636 	struct vnode	vn;
1637 	struct list	*list;
1638 	uintptr_t	vp;
1639 
1640 	if (wsp->walk_addr == NULL) {
1641 		mdb_warn("portev walk doesn't support global walks\n");
1642 		return (WALK_ERR);
1643 	}
1644 
1645 	pevd = mdb_alloc(sizeof (portev_walk_data_t), UM_SLEEP);
1646 
1647 	if (mdb_vread(&port, sizeof (port), wsp->walk_addr) == -1) {
1648 		mdb_free(pevd, sizeof (portev_walk_data_t));
1649 		mdb_warn("failed to read port structure at %p", wsp->walk_addr);
1650 		return (WALK_ERR);
1651 	}
1652 
1653 	vp = (uintptr_t)port.port_vnode;
1654 	if (mdb_vread(&vn, sizeof (vn), vp) == -1) {
1655 		mdb_free(pevd, sizeof (portev_walk_data_t));
1656 		mdb_warn("failed to read vnode_t at %p", vp);
1657 		return (WALK_ERR);
1658 	}
1659 
1660 	if (vn.v_type != VPORT) {
1661 		mdb_free(pevd, sizeof (portev_walk_data_t));
1662 		mdb_warn("input address (%p) does not point to an event port",
1663 		    wsp->walk_addr);
1664 		return (WALK_ERR);
1665 	}
1666 
1667 	if (port.port_queue.portq_nent == 0) {
1668 		mdb_free(pevd, sizeof (portev_walk_data_t));
1669 		return (WALK_DONE);
1670 	}
1671 	list = &port.port_queue.portq_list;
1672 	pevd->pev_offset = list->list_offset;
1673 	pevd->pev_last = list->list_head.list_prev;
1674 	pevd->pev_node = list->list_head.list_next;
1675 	wsp->walk_data = pevd;
1676 	return (WALK_NEXT);
1677 }
1678 
1679 int
1680 portev_walk_step(mdb_walk_state_t *wsp)
1681 {
1682 	portev_walk_data_t	*pevd;
1683 	struct port_kevent	ev;
1684 	uintptr_t		evp;
1685 
1686 	pevd = (portev_walk_data_t *)wsp->walk_data;
1687 
1688 	if (pevd->pev_last == NULL)
1689 		return (WALK_DONE);
1690 	if (pevd->pev_node == pevd->pev_last)
1691 		pevd->pev_last = NULL;		/* last round */
1692 
1693 	evp = ((uintptr_t)(((char *)pevd->pev_node) - pevd->pev_offset));
1694 	if (mdb_vread(&ev, sizeof (ev), evp) == -1) {
1695 		mdb_warn("failed to read port_kevent at %p", evp);
1696 		return (WALK_DONE);
1697 	}
1698 	pevd->pev_node = ev.portkev_node.list_next;
1699 	return (wsp->walk_callback(evp, &ev, wsp->walk_cbdata));
1700 }
1701 
1702 void
1703 portev_walk_fini(mdb_walk_state_t *wsp)
1704 {
1705 	portev_walk_data_t *pevd = (portev_walk_data_t *)wsp->walk_data;
1706 
1707 	if (pevd != NULL)
1708 		mdb_free(pevd, sizeof (portev_walk_data_t));
1709 }
1710 
1711 typedef struct proc_walk_data {
1712 	uintptr_t *pw_stack;
1713 	int pw_depth;
1714 	int pw_max;
1715 } proc_walk_data_t;
1716 
1717 int
1718 proc_walk_init(mdb_walk_state_t *wsp)
1719 {
1720 	GElf_Sym sym;
1721 	proc_walk_data_t *pw;
1722 
1723 	if (wsp->walk_addr == NULL) {
1724 		if (mdb_lookup_by_name("p0", &sym) == -1) {
1725 			mdb_warn("failed to read 'practive'");
1726 			return (WALK_ERR);
1727 		}
1728 		wsp->walk_addr = (uintptr_t)sym.st_value;
1729 	}
1730 
1731 	pw = mdb_zalloc(sizeof (proc_walk_data_t), UM_SLEEP);
1732 
1733 	if (mdb_readvar(&pw->pw_max, "nproc") == -1) {
1734 		mdb_warn("failed to read 'nproc'");
1735 		mdb_free(pw, sizeof (pw));
1736 		return (WALK_ERR);
1737 	}
1738 
1739 	pw->pw_stack = mdb_alloc(pw->pw_max * sizeof (uintptr_t), UM_SLEEP);
1740 	wsp->walk_data = pw;
1741 
1742 	return (WALK_NEXT);
1743 }
1744 
1745 int
1746 proc_walk_step(mdb_walk_state_t *wsp)
1747 {
1748 	proc_walk_data_t *pw = wsp->walk_data;
1749 	uintptr_t addr = wsp->walk_addr;
1750 	uintptr_t cld, sib;
1751 
1752 	int status;
1753 	proc_t pr;
1754 
1755 	if (mdb_vread(&pr, sizeof (proc_t), addr) == -1) {
1756 		mdb_warn("failed to read proc at %p", addr);
1757 		return (WALK_DONE);
1758 	}
1759 
1760 	cld = (uintptr_t)pr.p_child;
1761 	sib = (uintptr_t)pr.p_sibling;
1762 
1763 	if (pw->pw_depth > 0 && addr == pw->pw_stack[pw->pw_depth - 1]) {
1764 		pw->pw_depth--;
1765 		goto sib;
1766 	}
1767 
1768 	status = wsp->walk_callback(addr, &pr, wsp->walk_cbdata);
1769 
1770 	if (status != WALK_NEXT)
1771 		return (status);
1772 
1773 	if ((wsp->walk_addr = cld) != NULL) {
1774 		if (mdb_vread(&pr, sizeof (proc_t), cld) == -1) {
1775 			mdb_warn("proc %p has invalid p_child %p; skipping\n",
1776 			    addr, cld);
1777 			goto sib;
1778 		}
1779 
1780 		pw->pw_stack[pw->pw_depth++] = addr;
1781 
1782 		if (pw->pw_depth == pw->pw_max) {
1783 			mdb_warn("depth %d exceeds max depth; try again\n",
1784 			    pw->pw_depth);
1785 			return (WALK_DONE);
1786 		}
1787 		return (WALK_NEXT);
1788 	}
1789 
1790 sib:
1791 	/*
1792 	 * We know that p0 has no siblings, and if another starting proc
1793 	 * was given, we don't want to walk its siblings anyway.
1794 	 */
1795 	if (pw->pw_depth == 0)
1796 		return (WALK_DONE);
1797 
1798 	if (sib != NULL && mdb_vread(&pr, sizeof (proc_t), sib) == -1) {
1799 		mdb_warn("proc %p has invalid p_sibling %p; skipping\n",
1800 		    addr, sib);
1801 		sib = NULL;
1802 	}
1803 
1804 	if ((wsp->walk_addr = sib) == NULL) {
1805 		if (pw->pw_depth > 0) {
1806 			wsp->walk_addr = pw->pw_stack[pw->pw_depth - 1];
1807 			return (WALK_NEXT);
1808 		}
1809 		return (WALK_DONE);
1810 	}
1811 
1812 	return (WALK_NEXT);
1813 }
1814 
1815 void
1816 proc_walk_fini(mdb_walk_state_t *wsp)
1817 {
1818 	proc_walk_data_t *pw = wsp->walk_data;
1819 
1820 	mdb_free(pw->pw_stack, pw->pw_max * sizeof (uintptr_t));
1821 	mdb_free(pw, sizeof (proc_walk_data_t));
1822 }
1823 
1824 int
1825 task_walk_init(mdb_walk_state_t *wsp)
1826 {
1827 	task_t task;
1828 
1829 	if (mdb_vread(&task, sizeof (task_t), wsp->walk_addr) == -1) {
1830 		mdb_warn("failed to read task at %p", wsp->walk_addr);
1831 		return (WALK_ERR);
1832 	}
1833 	wsp->walk_addr = (uintptr_t)task.tk_memb_list;
1834 	wsp->walk_data = task.tk_memb_list;
1835 	return (WALK_NEXT);
1836 }
1837 
1838 int
1839 task_walk_step(mdb_walk_state_t *wsp)
1840 {
1841 	proc_t proc;
1842 	int status;
1843 
1844 	if (mdb_vread(&proc, sizeof (proc_t), wsp->walk_addr) == -1) {
1845 		mdb_warn("failed to read proc at %p", wsp->walk_addr);
1846 		return (WALK_DONE);
1847 	}
1848 
1849 	status = wsp->walk_callback(wsp->walk_addr, NULL, wsp->walk_cbdata);
1850 
1851 	if (proc.p_tasknext == wsp->walk_data)
1852 		return (WALK_DONE);
1853 
1854 	wsp->walk_addr = (uintptr_t)proc.p_tasknext;
1855 	return (status);
1856 }
1857 
1858 int
1859 project_walk_init(mdb_walk_state_t *wsp)
1860 {
1861 	if (wsp->walk_addr == NULL) {
1862 		if (mdb_readvar(&wsp->walk_addr, "proj0p") == -1) {
1863 			mdb_warn("failed to read 'proj0p'");
1864 			return (WALK_ERR);
1865 		}
1866 	}
1867 	wsp->walk_data = (void *)wsp->walk_addr;
1868 	return (WALK_NEXT);
1869 }
1870 
1871 int
1872 project_walk_step(mdb_walk_state_t *wsp)
1873 {
1874 	uintptr_t addr = wsp->walk_addr;
1875 	kproject_t pj;
1876 	int status;
1877 
1878 	if (mdb_vread(&pj, sizeof (kproject_t), addr) == -1) {
1879 		mdb_warn("failed to read project at %p", addr);
1880 		return (WALK_DONE);
1881 	}
1882 	status = wsp->walk_callback(addr, &pj, wsp->walk_cbdata);
1883 	if (status != WALK_NEXT)
1884 		return (status);
1885 	wsp->walk_addr = (uintptr_t)pj.kpj_next;
1886 	if ((void *)wsp->walk_addr == wsp->walk_data)
1887 		return (WALK_DONE);
1888 	return (WALK_NEXT);
1889 }
1890 
1891 static int
1892 generic_walk_step(mdb_walk_state_t *wsp)
1893 {
1894 	return (wsp->walk_callback(wsp->walk_addr, wsp->walk_layer,
1895 	    wsp->walk_cbdata));
1896 }
1897 
1898 int
1899 seg_walk_init(mdb_walk_state_t *wsp)
1900 {
1901 	if (wsp->walk_addr == NULL) {
1902 		mdb_warn("seg walk must begin at struct as *\n");
1903 		return (WALK_ERR);
1904 	}
1905 
1906 	/*
1907 	 * this is really just a wrapper to AVL tree walk
1908 	 */
1909 	wsp->walk_addr = (uintptr_t)&((struct as *)wsp->walk_addr)->a_segtree;
1910 	return (avl_walk_init(wsp));
1911 }
1912 
1913 static int
1914 cpu_walk_cmp(const void *l, const void *r)
1915 {
1916 	uintptr_t lhs = *((uintptr_t *)l);
1917 	uintptr_t rhs = *((uintptr_t *)r);
1918 	cpu_t lcpu, rcpu;
1919 
1920 	(void) mdb_vread(&lcpu, sizeof (lcpu), lhs);
1921 	(void) mdb_vread(&rcpu, sizeof (rcpu), rhs);
1922 
1923 	if (lcpu.cpu_id < rcpu.cpu_id)
1924 		return (-1);
1925 
1926 	if (lcpu.cpu_id > rcpu.cpu_id)
1927 		return (1);
1928 
1929 	return (0);
1930 }
1931 
1932 typedef struct cpu_walk {
1933 	uintptr_t *cw_array;
1934 	int cw_ndx;
1935 } cpu_walk_t;
1936 
1937 int
1938 cpu_walk_init(mdb_walk_state_t *wsp)
1939 {
1940 	cpu_walk_t *cw;
1941 	int max_ncpus, i = 0;
1942 	uintptr_t current, first;
1943 	cpu_t cpu, panic_cpu;
1944 	uintptr_t panicstr, addr;
1945 	GElf_Sym sym;
1946 
1947 	cw = mdb_zalloc(sizeof (cpu_walk_t), UM_SLEEP | UM_GC);
1948 
1949 	if (mdb_readvar(&max_ncpus, "max_ncpus") == -1) {
1950 		mdb_warn("failed to read 'max_ncpus'");
1951 		return (WALK_ERR);
1952 	}
1953 
1954 	if (mdb_readvar(&panicstr, "panicstr") == -1) {
1955 		mdb_warn("failed to read 'panicstr'");
1956 		return (WALK_ERR);
1957 	}
1958 
1959 	if (panicstr != NULL) {
1960 		if (mdb_lookup_by_name("panic_cpu", &sym) == -1) {
1961 			mdb_warn("failed to find 'panic_cpu'");
1962 			return (WALK_ERR);
1963 		}
1964 
1965 		addr = (uintptr_t)sym.st_value;
1966 
1967 		if (mdb_vread(&panic_cpu, sizeof (cpu_t), addr) == -1) {
1968 			mdb_warn("failed to read 'panic_cpu'");
1969 			return (WALK_ERR);
1970 		}
1971 	}
1972 
1973 	/*
1974 	 * Unfortunately, there is no platform-independent way to walk
1975 	 * CPUs in ID order.  We therefore loop through in cpu_next order,
1976 	 * building an array of CPU pointers which will subsequently be
1977 	 * sorted.
1978 	 */
1979 	cw->cw_array =
1980 	    mdb_zalloc((max_ncpus + 1) * sizeof (uintptr_t), UM_SLEEP | UM_GC);
1981 
1982 	if (mdb_readvar(&first, "cpu_list") == -1) {
1983 		mdb_warn("failed to read 'cpu_list'");
1984 		return (WALK_ERR);
1985 	}
1986 
1987 	current = first;
1988 	do {
1989 		if (mdb_vread(&cpu, sizeof (cpu), current) == -1) {
1990 			mdb_warn("failed to read cpu at %p", current);
1991 			return (WALK_ERR);
1992 		}
1993 
1994 		if (panicstr != NULL && panic_cpu.cpu_id == cpu.cpu_id) {
1995 			cw->cw_array[i++] = addr;
1996 		} else {
1997 			cw->cw_array[i++] = current;
1998 		}
1999 	} while ((current = (uintptr_t)cpu.cpu_next) != first);
2000 
2001 	qsort(cw->cw_array, i, sizeof (uintptr_t), cpu_walk_cmp);
2002 	wsp->walk_data = cw;
2003 
2004 	return (WALK_NEXT);
2005 }
2006 
2007 int
2008 cpu_walk_step(mdb_walk_state_t *wsp)
2009 {
2010 	cpu_walk_t *cw = wsp->walk_data;
2011 	cpu_t cpu;
2012 	uintptr_t addr = cw->cw_array[cw->cw_ndx++];
2013 
2014 	if (addr == NULL)
2015 		return (WALK_DONE);
2016 
2017 	if (mdb_vread(&cpu, sizeof (cpu), addr) == -1) {
2018 		mdb_warn("failed to read cpu at %p", addr);
2019 		return (WALK_DONE);
2020 	}
2021 
2022 	return (wsp->walk_callback(addr, &cpu, wsp->walk_cbdata));
2023 }
2024 
2025 typedef struct cpuinfo_data {
2026 	intptr_t cid_cpu;
2027 	uintptr_t cid_lbolt;
2028 	uintptr_t **cid_ithr;
2029 	char	cid_print_head;
2030 	char	cid_print_thr;
2031 	char	cid_print_ithr;
2032 	char	cid_print_flags;
2033 } cpuinfo_data_t;
2034 
2035 int
2036 cpuinfo_walk_ithread(uintptr_t addr, const kthread_t *thr, cpuinfo_data_t *cid)
2037 {
2038 	cpu_t c;
2039 	int id;
2040 	uint8_t pil;
2041 
2042 	if (!(thr->t_flag & T_INTR_THREAD) || thr->t_state == TS_FREE)
2043 		return (WALK_NEXT);
2044 
2045 	if (thr->t_bound_cpu == NULL) {
2046 		mdb_warn("thr %p is intr thread w/out a CPU\n", addr);
2047 		return (WALK_NEXT);
2048 	}
2049 
2050 	(void) mdb_vread(&c, sizeof (c), (uintptr_t)thr->t_bound_cpu);
2051 
2052 	if ((id = c.cpu_id) >= NCPU) {
2053 		mdb_warn("CPU %p has id (%d) greater than NCPU (%d)\n",
2054 		    thr->t_bound_cpu, id, NCPU);
2055 		return (WALK_NEXT);
2056 	}
2057 
2058 	if ((pil = thr->t_pil) >= NINTR) {
2059 		mdb_warn("thread %p has pil (%d) greater than %d\n",
2060 		    addr, pil, NINTR);
2061 		return (WALK_NEXT);
2062 	}
2063 
2064 	if (cid->cid_ithr[id][pil] != NULL) {
2065 		mdb_warn("CPU %d has multiple threads at pil %d (at least "
2066 		    "%p and %p)\n", id, pil, addr, cid->cid_ithr[id][pil]);
2067 		return (WALK_NEXT);
2068 	}
2069 
2070 	cid->cid_ithr[id][pil] = addr;
2071 
2072 	return (WALK_NEXT);
2073 }
2074 
2075 #define	CPUINFO_IDWIDTH		3
2076 #define	CPUINFO_FLAGWIDTH	9
2077 
2078 #ifdef _LP64
2079 #if defined(__amd64)
2080 #define	CPUINFO_TWIDTH		16
2081 #define	CPUINFO_CPUWIDTH	16
2082 #else
2083 #define	CPUINFO_CPUWIDTH	11
2084 #define	CPUINFO_TWIDTH		11
2085 #endif
2086 #else
2087 #define	CPUINFO_CPUWIDTH	8
2088 #define	CPUINFO_TWIDTH		8
2089 #endif
2090 
2091 #define	CPUINFO_THRDELT		(CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH + 9)
2092 #define	CPUINFO_FLAGDELT	(CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH + 4)
2093 #define	CPUINFO_ITHRDELT	4
2094 
2095 #define	CPUINFO_INDENT	mdb_printf("%*s", CPUINFO_THRDELT, \
2096     flagline < nflaglines ? flagbuf[flagline++] : "")
2097 
2098 int
2099 cpuinfo_walk_cpu(uintptr_t addr, const cpu_t *cpu, cpuinfo_data_t *cid)
2100 {
2101 	kthread_t t;
2102 	disp_t disp;
2103 	proc_t p;
2104 	uintptr_t pinned;
2105 	char **flagbuf;
2106 	int nflaglines = 0, flagline = 0, bspl, rval = WALK_NEXT;
2107 
2108 	const char *flags[] = {
2109 	    "RUNNING", "READY", "QUIESCED", "EXISTS",
2110 	    "ENABLE", "OFFLINE", "POWEROFF", "FROZEN",
2111 	    "SPARE", "FAULTED", NULL
2112 	};
2113 
2114 	if (cid->cid_cpu != -1) {
2115 		if (addr != cid->cid_cpu && cpu->cpu_id != cid->cid_cpu)
2116 			return (WALK_NEXT);
2117 
2118 		/*
2119 		 * Set cid_cpu to -1 to indicate that we found a matching CPU.
2120 		 */
2121 		cid->cid_cpu = -1;
2122 		rval = WALK_DONE;
2123 	}
2124 
2125 	if (cid->cid_print_head) {
2126 		mdb_printf("%3s %-*s %3s %4s %4s %3s %4s %5s %-6s %-*s %s\n",
2127 		    "ID", CPUINFO_CPUWIDTH, "ADDR", "FLG", "NRUN", "BSPL",
2128 		    "PRI", "RNRN", "KRNRN", "SWITCH", CPUINFO_TWIDTH, "THREAD",
2129 		    "PROC");
2130 		cid->cid_print_head = FALSE;
2131 	}
2132 
2133 	bspl = cpu->cpu_base_spl;
2134 
2135 	if (mdb_vread(&disp, sizeof (disp_t), (uintptr_t)cpu->cpu_disp) == -1) {
2136 		mdb_warn("failed to read disp_t at %p", cpu->cpu_disp);
2137 		return (WALK_ERR);
2138 	}
2139 
2140 	mdb_printf("%3d %0*p %3x %4d %4d ",
2141 	    cpu->cpu_id, CPUINFO_CPUWIDTH, addr, cpu->cpu_flags,
2142 	    disp.disp_nrunnable, bspl);
2143 
2144 	if (mdb_vread(&t, sizeof (t), (uintptr_t)cpu->cpu_thread) != -1) {
2145 		mdb_printf("%3d ", t.t_pri);
2146 	} else {
2147 		mdb_printf("%3s ", "-");
2148 	}
2149 
2150 	mdb_printf("%4s %5s ", cpu->cpu_runrun ? "yes" : "no",
2151 	    cpu->cpu_kprunrun ? "yes" : "no");
2152 
2153 	if (cpu->cpu_last_swtch) {
2154 		clock_t lbolt;
2155 
2156 		if (mdb_vread(&lbolt, sizeof (lbolt), cid->cid_lbolt) == -1) {
2157 			mdb_warn("failed to read lbolt at %p", cid->cid_lbolt);
2158 			return (WALK_ERR);
2159 		}
2160 		mdb_printf("t-%-4d ", lbolt - cpu->cpu_last_swtch);
2161 	} else {
2162 		mdb_printf("%-6s ", "-");
2163 	}
2164 
2165 	mdb_printf("%0*p", CPUINFO_TWIDTH, cpu->cpu_thread);
2166 
2167 	if (cpu->cpu_thread == cpu->cpu_idle_thread)
2168 		mdb_printf(" (idle)\n");
2169 	else if (cpu->cpu_thread == NULL)
2170 		mdb_printf(" -\n");
2171 	else {
2172 		if (mdb_vread(&p, sizeof (p), (uintptr_t)t.t_procp) != -1) {
2173 			mdb_printf(" %s\n", p.p_user.u_comm);
2174 		} else {
2175 			mdb_printf(" ?\n");
2176 		}
2177 	}
2178 
2179 	flagbuf = mdb_zalloc(sizeof (flags), UM_SLEEP | UM_GC);
2180 
2181 	if (cid->cid_print_flags) {
2182 		int first = 1, i, j, k;
2183 		char *s;
2184 
2185 		cid->cid_print_head = TRUE;
2186 
2187 		for (i = 1, j = 0; flags[j] != NULL; i <<= 1, j++) {
2188 			if (!(cpu->cpu_flags & i))
2189 				continue;
2190 
2191 			if (first) {
2192 				s = mdb_alloc(CPUINFO_THRDELT + 1,
2193 				    UM_GC | UM_SLEEP);
2194 
2195 				(void) mdb_snprintf(s, CPUINFO_THRDELT + 1,
2196 				    "%*s|%*s", CPUINFO_FLAGDELT, "",
2197 				    CPUINFO_THRDELT - 1 - CPUINFO_FLAGDELT, "");
2198 				flagbuf[nflaglines++] = s;
2199 			}
2200 
2201 			s = mdb_alloc(CPUINFO_THRDELT + 1, UM_GC | UM_SLEEP);
2202 			(void) mdb_snprintf(s, CPUINFO_THRDELT + 1, "%*s%*s %s",
2203 			    CPUINFO_IDWIDTH + CPUINFO_CPUWIDTH -
2204 			    CPUINFO_FLAGWIDTH, "", CPUINFO_FLAGWIDTH, flags[j],
2205 			    first ? "<--+" : "");
2206 
2207 			for (k = strlen(s); k < CPUINFO_THRDELT; k++)
2208 				s[k] = ' ';
2209 			s[k] = '\0';
2210 
2211 			flagbuf[nflaglines++] = s;
2212 			first = 0;
2213 		}
2214 	}
2215 
2216 	if (cid->cid_print_ithr) {
2217 		int i, found_one = FALSE;
2218 		int print_thr = disp.disp_nrunnable && cid->cid_print_thr;
2219 
2220 		for (i = NINTR - 1; i >= 0; i--) {
2221 			uintptr_t iaddr = cid->cid_ithr[cpu->cpu_id][i];
2222 
2223 			if (iaddr == NULL)
2224 				continue;
2225 
2226 			if (!found_one) {
2227 				found_one = TRUE;
2228 
2229 				CPUINFO_INDENT;
2230 				mdb_printf("%c%*s|\n", print_thr ? '|' : ' ',
2231 				    CPUINFO_ITHRDELT, "");
2232 
2233 				CPUINFO_INDENT;
2234 				mdb_printf("%c%*s+--> %3s %s\n",
2235 				    print_thr ? '|' : ' ', CPUINFO_ITHRDELT,
2236 				    "", "PIL", "THREAD");
2237 			}
2238 
2239 			if (mdb_vread(&t, sizeof (t), iaddr) == -1) {
2240 				mdb_warn("failed to read kthread_t at %p",
2241 				    iaddr);
2242 				return (WALK_ERR);
2243 			}
2244 
2245 			CPUINFO_INDENT;
2246 			mdb_printf("%c%*s     %3d %0*p\n",
2247 			    print_thr ? '|' : ' ', CPUINFO_ITHRDELT, "",
2248 			    t.t_pil, CPUINFO_TWIDTH, iaddr);
2249 
2250 			pinned = (uintptr_t)t.t_intr;
2251 		}
2252 
2253 		if (found_one && pinned != NULL) {
2254 			cid->cid_print_head = TRUE;
2255 			(void) strcpy(p.p_user.u_comm, "?");
2256 
2257 			if (mdb_vread(&t, sizeof (t),
2258 			    (uintptr_t)pinned) == -1) {
2259 				mdb_warn("failed to read kthread_t at %p",
2260 				    pinned);
2261 				return (WALK_ERR);
2262 			}
2263 			if (mdb_vread(&p, sizeof (p),
2264 			    (uintptr_t)t.t_procp) == -1) {
2265 				mdb_warn("failed to read proc_t at %p",
2266 				    t.t_procp);
2267 				return (WALK_ERR);
2268 			}
2269 
2270 			CPUINFO_INDENT;
2271 			mdb_printf("%c%*s     %3s %0*p %s\n",
2272 			    print_thr ? '|' : ' ', CPUINFO_ITHRDELT, "", "-",
2273 			    CPUINFO_TWIDTH, pinned,
2274 			    pinned == (uintptr_t)cpu->cpu_idle_thread ?
2275 			    "(idle)" : p.p_user.u_comm);
2276 		}
2277 	}
2278 
2279 	if (disp.disp_nrunnable && cid->cid_print_thr) {
2280 		dispq_t *dq;
2281 
2282 		int i, npri = disp.disp_npri;
2283 
2284 		dq = mdb_alloc(sizeof (dispq_t) * npri, UM_SLEEP | UM_GC);
2285 
2286 		if (mdb_vread(dq, sizeof (dispq_t) * npri,
2287 		    (uintptr_t)disp.disp_q) == -1) {
2288 			mdb_warn("failed to read dispq_t at %p", disp.disp_q);
2289 			return (WALK_ERR);
2290 		}
2291 
2292 		CPUINFO_INDENT;
2293 		mdb_printf("|\n");
2294 
2295 		CPUINFO_INDENT;
2296 		mdb_printf("+-->  %3s %-*s %s\n", "PRI",
2297 		    CPUINFO_TWIDTH, "THREAD", "PROC");
2298 
2299 		for (i = npri - 1; i >= 0; i--) {
2300 			uintptr_t taddr = (uintptr_t)dq[i].dq_first;
2301 
2302 			while (taddr != NULL) {
2303 				if (mdb_vread(&t, sizeof (t), taddr) == -1) {
2304 					mdb_warn("failed to read kthread_t "
2305 					    "at %p", taddr);
2306 					return (WALK_ERR);
2307 				}
2308 				if (mdb_vread(&p, sizeof (p),
2309 				    (uintptr_t)t.t_procp) == -1) {
2310 					mdb_warn("failed to read proc_t at %p",
2311 					    t.t_procp);
2312 					return (WALK_ERR);
2313 				}
2314 
2315 				CPUINFO_INDENT;
2316 				mdb_printf("      %3d %0*p %s\n", t.t_pri,
2317 				    CPUINFO_TWIDTH, taddr, p.p_user.u_comm);
2318 
2319 				taddr = (uintptr_t)t.t_link;
2320 			}
2321 		}
2322 		cid->cid_print_head = TRUE;
2323 	}
2324 
2325 	while (flagline < nflaglines)
2326 		mdb_printf("%s\n", flagbuf[flagline++]);
2327 
2328 	if (cid->cid_print_head)
2329 		mdb_printf("\n");
2330 
2331 	return (rval);
2332 }
2333 
2334 int
2335 cpuinfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2336 {
2337 	uint_t verbose = FALSE;
2338 	cpuinfo_data_t cid;
2339 	GElf_Sym sym;
2340 	clock_t lbolt;
2341 
2342 	cid.cid_print_ithr = FALSE;
2343 	cid.cid_print_thr = FALSE;
2344 	cid.cid_print_flags = FALSE;
2345 	cid.cid_print_head = DCMD_HDRSPEC(flags) ? TRUE : FALSE;
2346 	cid.cid_cpu = -1;
2347 
2348 	if (flags & DCMD_ADDRSPEC)
2349 		cid.cid_cpu = addr;
2350 
2351 	if (mdb_getopts(argc, argv,
2352 	    'v', MDB_OPT_SETBITS, TRUE, &verbose, NULL) != argc)
2353 		return (DCMD_USAGE);
2354 
2355 	if (verbose) {
2356 		cid.cid_print_ithr = TRUE;
2357 		cid.cid_print_thr = TRUE;
2358 		cid.cid_print_flags = TRUE;
2359 		cid.cid_print_head = TRUE;
2360 	}
2361 
2362 	if (cid.cid_print_ithr) {
2363 		int i;
2364 
2365 		cid.cid_ithr = mdb_alloc(sizeof (uintptr_t **)
2366 		    * NCPU, UM_SLEEP | UM_GC);
2367 
2368 		for (i = 0; i < NCPU; i++)
2369 			cid.cid_ithr[i] = mdb_zalloc(sizeof (uintptr_t *) *
2370 			    NINTR, UM_SLEEP | UM_GC);
2371 
2372 		if (mdb_walk("thread", (mdb_walk_cb_t)cpuinfo_walk_ithread,
2373 		    &cid) == -1) {
2374 			mdb_warn("couldn't walk thread");
2375 			return (DCMD_ERR);
2376 		}
2377 	}
2378 
2379 	if (mdb_lookup_by_name("panic_lbolt", &sym) == -1) {
2380 		mdb_warn("failed to find panic_lbolt");
2381 		return (DCMD_ERR);
2382 	}
2383 
2384 	cid.cid_lbolt = (uintptr_t)sym.st_value;
2385 
2386 	if (mdb_vread(&lbolt, sizeof (lbolt), cid.cid_lbolt) == -1) {
2387 		mdb_warn("failed to read panic_lbolt");
2388 		return (DCMD_ERR);
2389 	}
2390 
2391 	if (lbolt == 0) {
2392 		if (mdb_lookup_by_name("lbolt", &sym) == -1) {
2393 			mdb_warn("failed to find lbolt");
2394 			return (DCMD_ERR);
2395 		}
2396 		cid.cid_lbolt = (uintptr_t)sym.st_value;
2397 	}
2398 
2399 	if (mdb_walk("cpu", (mdb_walk_cb_t)cpuinfo_walk_cpu, &cid) == -1) {
2400 		mdb_warn("can't walk cpus");
2401 		return (DCMD_ERR);
2402 	}
2403 
2404 	if (cid.cid_cpu != -1) {
2405 		/*
2406 		 * We didn't find this CPU when we walked through the CPUs
2407 		 * (i.e. the address specified doesn't show up in the "cpu"
2408 		 * walk).  However, the specified address may still correspond
2409 		 * to a valid cpu_t (for example, if the specified address is
2410 		 * the actual panicking cpu_t and not the cached panic_cpu).
2411 		 * Point is:  even if we didn't find it, we still want to try
2412 		 * to print the specified address as a cpu_t.
2413 		 */
2414 		cpu_t cpu;
2415 
2416 		if (mdb_vread(&cpu, sizeof (cpu), cid.cid_cpu) == -1) {
2417 			mdb_warn("%p is neither a valid CPU ID nor a "
2418 			    "valid cpu_t address\n", cid.cid_cpu);
2419 			return (DCMD_ERR);
2420 		}
2421 
2422 		(void) cpuinfo_walk_cpu(cid.cid_cpu, &cpu, &cid);
2423 	}
2424 
2425 	return (DCMD_OK);
2426 }
2427 
2428 /*ARGSUSED*/
2429 int
2430 flipone(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2431 {
2432 	int i;
2433 
2434 	if (!(flags & DCMD_ADDRSPEC))
2435 		return (DCMD_USAGE);
2436 
2437 	for (i = 0; i < sizeof (addr) * NBBY; i++)
2438 		mdb_printf("%p\n", addr ^ (1UL << i));
2439 
2440 	return (DCMD_OK);
2441 }
2442 
2443 /*
2444  * Grumble, grumble.
2445  */
2446 #define	SMAP_HASHFUNC(vp, off)	\
2447 	((((uintptr_t)(vp) >> 6) + ((uintptr_t)(vp) >> 3) + \
2448 	((off) >> MAXBSHIFT)) & smd_hashmsk)
2449 
2450 int
2451 vnode2smap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2452 {
2453 	long smd_hashmsk;
2454 	int hash;
2455 	uintptr_t offset = 0;
2456 	struct smap smp;
2457 	uintptr_t saddr, kaddr;
2458 	uintptr_t smd_hash, smd_smap;
2459 	struct seg seg;
2460 
2461 	if (!(flags & DCMD_ADDRSPEC))
2462 		return (DCMD_USAGE);
2463 
2464 	if (mdb_readvar(&smd_hashmsk, "smd_hashmsk") == -1) {
2465 		mdb_warn("failed to read smd_hashmsk");
2466 		return (DCMD_ERR);
2467 	}
2468 
2469 	if (mdb_readvar(&smd_hash, "smd_hash") == -1) {
2470 		mdb_warn("failed to read smd_hash");
2471 		return (DCMD_ERR);
2472 	}
2473 
2474 	if (mdb_readvar(&smd_smap, "smd_smap") == -1) {
2475 		mdb_warn("failed to read smd_hash");
2476 		return (DCMD_ERR);
2477 	}
2478 
2479 	if (mdb_readvar(&kaddr, "segkmap") == -1) {
2480 		mdb_warn("failed to read segkmap");
2481 		return (DCMD_ERR);
2482 	}
2483 
2484 	if (mdb_vread(&seg, sizeof (seg), kaddr) == -1) {
2485 		mdb_warn("failed to read segkmap at %p", kaddr);
2486 		return (DCMD_ERR);
2487 	}
2488 
2489 	if (argc != 0) {
2490 		const mdb_arg_t *arg = &argv[0];
2491 
2492 		if (arg->a_type == MDB_TYPE_IMMEDIATE)
2493 			offset = arg->a_un.a_val;
2494 		else
2495 			offset = (uintptr_t)mdb_strtoull(arg->a_un.a_str);
2496 	}
2497 
2498 	hash = SMAP_HASHFUNC(addr, offset);
2499 
2500 	if (mdb_vread(&saddr, sizeof (saddr),
2501 	    smd_hash + hash * sizeof (uintptr_t)) == -1) {
2502 		mdb_warn("couldn't read smap at %p",
2503 		    smd_hash + hash * sizeof (uintptr_t));
2504 		return (DCMD_ERR);
2505 	}
2506 
2507 	do {
2508 		if (mdb_vread(&smp, sizeof (smp), saddr) == -1) {
2509 			mdb_warn("couldn't read smap at %p", saddr);
2510 			return (DCMD_ERR);
2511 		}
2512 
2513 		if ((uintptr_t)smp.sm_vp == addr && smp.sm_off == offset) {
2514 			mdb_printf("vnode %p, offs %p is smap %p, vaddr %p\n",
2515 			    addr, offset, saddr, ((saddr - smd_smap) /
2516 			    sizeof (smp)) * MAXBSIZE + seg.s_base);
2517 			return (DCMD_OK);
2518 		}
2519 
2520 		saddr = (uintptr_t)smp.sm_hash;
2521 	} while (saddr != NULL);
2522 
2523 	mdb_printf("no smap for vnode %p, offs %p\n", addr, offset);
2524 	return (DCMD_OK);
2525 }
2526 
2527 /*ARGSUSED*/
2528 int
2529 addr2smap(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2530 {
2531 	uintptr_t kaddr;
2532 	struct seg seg;
2533 	struct segmap_data sd;
2534 
2535 	if (!(flags & DCMD_ADDRSPEC))
2536 		return (DCMD_USAGE);
2537 
2538 	if (mdb_readvar(&kaddr, "segkmap") == -1) {
2539 		mdb_warn("failed to read segkmap");
2540 		return (DCMD_ERR);
2541 	}
2542 
2543 	if (mdb_vread(&seg, sizeof (seg), kaddr) == -1) {
2544 		mdb_warn("failed to read segkmap at %p", kaddr);
2545 		return (DCMD_ERR);
2546 	}
2547 
2548 	if (mdb_vread(&sd, sizeof (sd), (uintptr_t)seg.s_data) == -1) {
2549 		mdb_warn("failed to read segmap_data at %p", seg.s_data);
2550 		return (DCMD_ERR);
2551 	}
2552 
2553 	mdb_printf("%p is smap %p\n", addr,
2554 	    ((addr - (uintptr_t)seg.s_base) >> MAXBSHIFT) *
2555 	    sizeof (struct smap) + (uintptr_t)sd.smd_sm);
2556 
2557 	return (DCMD_OK);
2558 }
2559 
2560 int
2561 as2proc_walk(uintptr_t addr, const proc_t *p, struct as **asp)
2562 {
2563 	if (p->p_as == *asp)
2564 		mdb_printf("%p\n", addr);
2565 	return (WALK_NEXT);
2566 }
2567 
2568 /*ARGSUSED*/
2569 int
2570 as2proc(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2571 {
2572 	if (!(flags & DCMD_ADDRSPEC) || argc != 0)
2573 		return (DCMD_USAGE);
2574 
2575 	if (mdb_walk("proc", (mdb_walk_cb_t)as2proc_walk, &addr) == -1) {
2576 		mdb_warn("failed to walk proc");
2577 		return (DCMD_ERR);
2578 	}
2579 
2580 	return (DCMD_OK);
2581 }
2582 
2583 /*ARGSUSED*/
2584 int
2585 ptree_walk(uintptr_t addr, const proc_t *p, void *ignored)
2586 {
2587 	proc_t parent;
2588 	int ident = 0;
2589 	uintptr_t paddr;
2590 
2591 	for (paddr = (uintptr_t)p->p_parent; paddr != NULL; ident += 5) {
2592 		mdb_vread(&parent, sizeof (parent), paddr);
2593 		paddr = (uintptr_t)parent.p_parent;
2594 	}
2595 
2596 	mdb_inc_indent(ident);
2597 	mdb_printf("%0?p  %s\n", addr, p->p_user.u_comm);
2598 	mdb_dec_indent(ident);
2599 
2600 	return (WALK_NEXT);
2601 }
2602 
2603 void
2604 ptree_ancestors(uintptr_t addr, uintptr_t start)
2605 {
2606 	proc_t p;
2607 
2608 	if (mdb_vread(&p, sizeof (p), addr) == -1) {
2609 		mdb_warn("couldn't read ancestor at %p", addr);
2610 		return;
2611 	}
2612 
2613 	if (p.p_parent != NULL)
2614 		ptree_ancestors((uintptr_t)p.p_parent, start);
2615 
2616 	if (addr != start)
2617 		(void) ptree_walk(addr, &p, NULL);
2618 }
2619 
2620 /*ARGSUSED*/
2621 int
2622 ptree(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2623 {
2624 	if (!(flags & DCMD_ADDRSPEC))
2625 		addr = NULL;
2626 	else
2627 		ptree_ancestors(addr, addr);
2628 
2629 	if (mdb_pwalk("proc", (mdb_walk_cb_t)ptree_walk, NULL, addr) == -1) {
2630 		mdb_warn("couldn't walk 'proc'");
2631 		return (DCMD_ERR);
2632 	}
2633 
2634 	return (DCMD_OK);
2635 }
2636 
2637 /*ARGSUSED*/
2638 static int
2639 fd(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2640 {
2641 	int fdnum;
2642 	const mdb_arg_t *argp = &argv[0];
2643 	proc_t p;
2644 	uf_entry_t uf;
2645 
2646 	if ((flags & DCMD_ADDRSPEC) == 0) {
2647 		mdb_warn("fd doesn't give global information\n");
2648 		return (DCMD_ERR);
2649 	}
2650 	if (argc != 1)
2651 		return (DCMD_USAGE);
2652 
2653 	if (argp->a_type == MDB_TYPE_IMMEDIATE)
2654 		fdnum = argp->a_un.a_val;
2655 	else
2656 		fdnum = mdb_strtoull(argp->a_un.a_str);
2657 
2658 	if (mdb_vread(&p, sizeof (struct proc), addr) == -1) {
2659 		mdb_warn("couldn't read proc_t at %p", addr);
2660 		return (DCMD_ERR);
2661 	}
2662 	if (fdnum > p.p_user.u_finfo.fi_nfiles) {
2663 		mdb_warn("process %p only has %d files open.\n",
2664 		    addr, p.p_user.u_finfo.fi_nfiles);
2665 		return (DCMD_ERR);
2666 	}
2667 	if (mdb_vread(&uf, sizeof (uf_entry_t),
2668 	    (uintptr_t)&p.p_user.u_finfo.fi_list[fdnum]) == -1) {
2669 		mdb_warn("couldn't read uf_entry_t at %p",
2670 		    &p.p_user.u_finfo.fi_list[fdnum]);
2671 		return (DCMD_ERR);
2672 	}
2673 
2674 	mdb_printf("%p\n", uf.uf_file);
2675 	return (DCMD_OK);
2676 }
2677 
2678 /*ARGSUSED*/
2679 static int
2680 pid2proc(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2681 {
2682 	pid_t pid = (pid_t)addr;
2683 
2684 	if (argc != 0)
2685 		return (DCMD_USAGE);
2686 
2687 	if ((addr = mdb_pid2proc(pid, NULL)) == NULL) {
2688 		mdb_warn("PID 0t%d not found\n", pid);
2689 		return (DCMD_ERR);
2690 	}
2691 
2692 	mdb_printf("%p\n", addr);
2693 	return (DCMD_OK);
2694 }
2695 
2696 static char *sysfile_cmd[] = {
2697 	"exclude:",
2698 	"include:",
2699 	"forceload:",
2700 	"rootdev:",
2701 	"rootfs:",
2702 	"swapdev:",
2703 	"swapfs:",
2704 	"moddir:",
2705 	"set",
2706 	"unknown",
2707 };
2708 
2709 static char *sysfile_ops[] = { "", "=", "&", "|" };
2710 
2711 /*ARGSUSED*/
2712 static int
2713 sysfile_vmem_seg(uintptr_t addr, const vmem_seg_t *vsp, void **target)
2714 {
2715 	if (vsp->vs_type == VMEM_ALLOC && (void *)vsp->vs_start == *target) {
2716 		*target = NULL;
2717 		return (WALK_DONE);
2718 	}
2719 	return (WALK_NEXT);
2720 }
2721 
2722 /*ARGSUSED*/
2723 static int
2724 sysfile(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2725 {
2726 	struct sysparam *sysp, sys;
2727 	char var[256];
2728 	char modname[256];
2729 	char val[256];
2730 	char strval[256];
2731 	vmem_t *mod_sysfile_arena;
2732 	void *straddr;
2733 
2734 	if (mdb_readvar(&sysp, "sysparam_hd") == -1) {
2735 		mdb_warn("failed to read sysparam_hd");
2736 		return (DCMD_ERR);
2737 	}
2738 
2739 	if (mdb_readvar(&mod_sysfile_arena, "mod_sysfile_arena") == -1) {
2740 		mdb_warn("failed to read mod_sysfile_arena");
2741 		return (DCMD_ERR);
2742 	}
2743 
2744 	while (sysp != NULL) {
2745 		var[0] = '\0';
2746 		val[0] = '\0';
2747 		modname[0] = '\0';
2748 		if (mdb_vread(&sys, sizeof (sys), (uintptr_t)sysp) == -1) {
2749 			mdb_warn("couldn't read sysparam %p", sysp);
2750 			return (DCMD_ERR);
2751 		}
2752 		if (sys.sys_modnam != NULL &&
2753 		    mdb_readstr(modname, 256,
2754 		    (uintptr_t)sys.sys_modnam) == -1) {
2755 			mdb_warn("couldn't read modname in %p", sysp);
2756 			return (DCMD_ERR);
2757 		}
2758 		if (sys.sys_ptr != NULL &&
2759 		    mdb_readstr(var, 256, (uintptr_t)sys.sys_ptr) == -1) {
2760 			mdb_warn("couldn't read ptr in %p", sysp);
2761 			return (DCMD_ERR);
2762 		}
2763 		if (sys.sys_op != SETOP_NONE) {
2764 			/*
2765 			 * Is this an int or a string?  We determine this
2766 			 * by checking whether straddr is contained in
2767 			 * mod_sysfile_arena.  If so, the walker will set
2768 			 * straddr to NULL.
2769 			 */
2770 			straddr = (void *)(uintptr_t)sys.sys_info;
2771 			if (sys.sys_op == SETOP_ASSIGN &&
2772 			    sys.sys_info != 0 &&
2773 			    mdb_pwalk("vmem_seg",
2774 			    (mdb_walk_cb_t)sysfile_vmem_seg, &straddr,
2775 			    (uintptr_t)mod_sysfile_arena) == 0 &&
2776 			    straddr == NULL &&
2777 			    mdb_readstr(strval, 256,
2778 			    (uintptr_t)sys.sys_info) != -1) {
2779 				(void) mdb_snprintf(val, sizeof (val), "\"%s\"",
2780 				    strval);
2781 			} else {
2782 				(void) mdb_snprintf(val, sizeof (val),
2783 				    "0x%llx [0t%llu]", sys.sys_info,
2784 				    sys.sys_info);
2785 			}
2786 		}
2787 		mdb_printf("%s %s%s%s%s%s\n", sysfile_cmd[sys.sys_type],
2788 		    modname, modname[0] == '\0' ? "" : ":",
2789 		    var, sysfile_ops[sys.sys_op], val);
2790 
2791 		sysp = sys.sys_next;
2792 	}
2793 
2794 	return (DCMD_OK);
2795 }
2796 
2797 /*
2798  * Dump a taskq_ent_t given its address.
2799  */
2800 /*ARGSUSED*/
2801 int
2802 taskq_ent(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2803 {
2804 	taskq_ent_t	taskq_ent;
2805 	GElf_Sym	sym;
2806 	char		buf[MDB_SYM_NAMLEN+1];
2807 
2808 
2809 	if (!(flags & DCMD_ADDRSPEC)) {
2810 		mdb_warn("expected explicit taskq_ent_t address before ::\n");
2811 		return (DCMD_USAGE);
2812 	}
2813 
2814 	if (mdb_vread(&taskq_ent, sizeof (taskq_ent_t), addr) == -1) {
2815 		mdb_warn("failed to read taskq_ent_t at %p", addr);
2816 		return (DCMD_ERR);
2817 	}
2818 
2819 	if (DCMD_HDRSPEC(flags)) {
2820 		mdb_printf("%<u>%-?s    %-?s    %-s%</u>\n",
2821 		"ENTRY", "ARG", "FUNCTION");
2822 	}
2823 
2824 	if (mdb_lookup_by_addr((uintptr_t)taskq_ent.tqent_func, MDB_SYM_EXACT,
2825 	    buf, sizeof (buf), &sym) == -1) {
2826 		(void) strcpy(buf, "????");
2827 	}
2828 
2829 	mdb_printf("%-?p    %-?p    %s\n", addr, taskq_ent.tqent_arg, buf);
2830 
2831 	return (DCMD_OK);
2832 }
2833 
2834 /*
2835  * Given the address of the (taskq_t) task queue head, walk the queue listing
2836  * the address of every taskq_ent_t.
2837  */
2838 int
2839 taskq_walk_init(mdb_walk_state_t *wsp)
2840 {
2841 	taskq_t	tq_head;
2842 
2843 
2844 	if (wsp->walk_addr == NULL) {
2845 		mdb_warn("start address required\n");
2846 		return (WALK_ERR);
2847 	}
2848 
2849 
2850 	/*
2851 	 * Save the address of the list head entry.  This terminates the list.
2852 	 */
2853 	wsp->walk_data = (void *)
2854 	    ((size_t)wsp->walk_addr + offsetof(taskq_t, tq_task));
2855 
2856 
2857 	/*
2858 	 * Read in taskq head, set walk_addr to point to first taskq_ent_t.
2859 	 */
2860 	if (mdb_vread((void *)&tq_head, sizeof (taskq_t), wsp->walk_addr) ==
2861 	    -1) {
2862 		mdb_warn("failed to read taskq list head at %p",
2863 		    wsp->walk_addr);
2864 	}
2865 	wsp->walk_addr = (uintptr_t)tq_head.tq_task.tqent_next;
2866 
2867 
2868 	/*
2869 	 * Check for null list (next=head)
2870 	 */
2871 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data) {
2872 		return (WALK_DONE);
2873 	}
2874 
2875 	return (WALK_NEXT);
2876 }
2877 
2878 
2879 int
2880 taskq_walk_step(mdb_walk_state_t *wsp)
2881 {
2882 	taskq_ent_t	tq_ent;
2883 	int		status;
2884 
2885 
2886 	if (mdb_vread((void *)&tq_ent, sizeof (taskq_ent_t), wsp->walk_addr) ==
2887 	    -1) {
2888 		mdb_warn("failed to read taskq_ent_t at %p", wsp->walk_addr);
2889 		return (DCMD_ERR);
2890 	}
2891 
2892 	status = wsp->walk_callback(wsp->walk_addr, (void *)&tq_ent,
2893 	    wsp->walk_cbdata);
2894 
2895 	wsp->walk_addr = (uintptr_t)tq_ent.tqent_next;
2896 
2897 
2898 	/* Check if we're at the last element (next=head) */
2899 	if (wsp->walk_addr == (uintptr_t)wsp->walk_data) {
2900 		return (WALK_DONE);
2901 	}
2902 
2903 	return (status);
2904 }
2905 
2906 int
2907 didmatch(uintptr_t addr, const kthread_t *thr, kt_did_t *didp)
2908 {
2909 
2910 	if (*didp == thr->t_did) {
2911 		mdb_printf("%p\n", addr);
2912 		return (WALK_DONE);
2913 	} else
2914 		return (WALK_NEXT);
2915 }
2916 
2917 /*ARGSUSED*/
2918 int
2919 did2thread(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2920 {
2921 	const mdb_arg_t *argp = &argv[0];
2922 	kt_did_t	did;
2923 
2924 	if (argc != 1)
2925 		return (DCMD_USAGE);
2926 
2927 	did = (kt_did_t)mdb_strtoull(argp->a_un.a_str);
2928 
2929 	if (mdb_walk("thread", (mdb_walk_cb_t)didmatch, (void *)&did) == -1) {
2930 		mdb_warn("failed to walk thread");
2931 		return (DCMD_ERR);
2932 
2933 	}
2934 	return (DCMD_OK);
2935 
2936 }
2937 
2938 static int
2939 errorq_walk_init(mdb_walk_state_t *wsp)
2940 {
2941 	if (wsp->walk_addr == NULL &&
2942 	    mdb_readvar(&wsp->walk_addr, "errorq_list") == -1) {
2943 		mdb_warn("failed to read errorq_list");
2944 		return (WALK_ERR);
2945 	}
2946 
2947 	return (WALK_NEXT);
2948 }
2949 
2950 static int
2951 errorq_walk_step(mdb_walk_state_t *wsp)
2952 {
2953 	uintptr_t addr = wsp->walk_addr;
2954 	errorq_t eq;
2955 
2956 	if (addr == NULL)
2957 		return (WALK_DONE);
2958 
2959 	if (mdb_vread(&eq, sizeof (eq), addr) == -1) {
2960 		mdb_warn("failed to read errorq at %p", addr);
2961 		return (WALK_ERR);
2962 	}
2963 
2964 	wsp->walk_addr = (uintptr_t)eq.eq_next;
2965 	return (wsp->walk_callback(addr, &eq, wsp->walk_cbdata));
2966 }
2967 
2968 typedef struct eqd_walk_data {
2969 	uintptr_t *eqd_stack;
2970 	void *eqd_buf;
2971 	ulong_t eqd_qpos;
2972 	ulong_t eqd_qlen;
2973 	size_t eqd_size;
2974 } eqd_walk_data_t;
2975 
2976 /*
2977  * In order to walk the list of pending error queue elements, we push the
2978  * addresses of the corresponding data buffers in to the eqd_stack array.
2979  * The error lists are in reverse chronological order when iterating using
2980  * eqe_prev, so we then pop things off the top in eqd_walk_step so that the
2981  * walker client gets addresses in order from oldest error to newest error.
2982  */
2983 static void
2984 eqd_push_list(eqd_walk_data_t *eqdp, uintptr_t addr)
2985 {
2986 	errorq_elem_t eqe;
2987 
2988 	while (addr != NULL) {
2989 		if (mdb_vread(&eqe, sizeof (eqe), addr) != sizeof (eqe)) {
2990 			mdb_warn("failed to read errorq element at %p", addr);
2991 			break;
2992 		}
2993 
2994 		if (eqdp->eqd_qpos == eqdp->eqd_qlen) {
2995 			mdb_warn("errorq is overfull -- more than %lu "
2996 			    "elems found\n", eqdp->eqd_qlen);
2997 			break;
2998 		}
2999 
3000 		eqdp->eqd_stack[eqdp->eqd_qpos++] = (uintptr_t)eqe.eqe_data;
3001 		addr = (uintptr_t)eqe.eqe_prev;
3002 	}
3003 }
3004 
3005 static int
3006 eqd_walk_init(mdb_walk_state_t *wsp)
3007 {
3008 	eqd_walk_data_t *eqdp;
3009 	errorq_elem_t eqe, *addr;
3010 	errorq_t eq;
3011 	ulong_t i;
3012 
3013 	if (mdb_vread(&eq, sizeof (eq), wsp->walk_addr) == -1) {
3014 		mdb_warn("failed to read errorq at %p", wsp->walk_addr);
3015 		return (WALK_ERR);
3016 	}
3017 
3018 	if (eq.eq_ptail != NULL &&
3019 	    mdb_vread(&eqe, sizeof (eqe), (uintptr_t)eq.eq_ptail) == -1) {
3020 		mdb_warn("failed to read errorq element at %p", eq.eq_ptail);
3021 		return (WALK_ERR);
3022 	}
3023 
3024 	eqdp = mdb_alloc(sizeof (eqd_walk_data_t), UM_SLEEP);
3025 	wsp->walk_data = eqdp;
3026 
3027 	eqdp->eqd_stack = mdb_zalloc(sizeof (uintptr_t) * eq.eq_qlen, UM_SLEEP);
3028 	eqdp->eqd_buf = mdb_alloc(eq.eq_size, UM_SLEEP);
3029 	eqdp->eqd_qlen = eq.eq_qlen;
3030 	eqdp->eqd_qpos = 0;
3031 	eqdp->eqd_size = eq.eq_size;
3032 
3033 	/*
3034 	 * The newest elements in the queue are on the pending list, so we
3035 	 * push those on to our stack first.
3036 	 */
3037 	eqd_push_list(eqdp, (uintptr_t)eq.eq_pend);
3038 
3039 	/*
3040 	 * If eq_ptail is set, it may point to a subset of the errors on the
3041 	 * pending list in the event a casptr() failed; if ptail's data is
3042 	 * already in our stack, NULL out eq_ptail and ignore it.
3043 	 */
3044 	if (eq.eq_ptail != NULL) {
3045 		for (i = 0; i < eqdp->eqd_qpos; i++) {
3046 			if (eqdp->eqd_stack[i] == (uintptr_t)eqe.eqe_data) {
3047 				eq.eq_ptail = NULL;
3048 				break;
3049 			}
3050 		}
3051 	}
3052 
3053 	/*
3054 	 * If eq_phead is set, it has the processing list in order from oldest
3055 	 * to newest.  Use this to recompute eq_ptail as best we can and then
3056 	 * we nicely fall into eqd_push_list() of eq_ptail below.
3057 	 */
3058 	for (addr = eq.eq_phead; addr != NULL && mdb_vread(&eqe, sizeof (eqe),
3059 	    (uintptr_t)addr) == sizeof (eqe); addr = eqe.eqe_next)
3060 		eq.eq_ptail = addr;
3061 
3062 	/*
3063 	 * The oldest elements in the queue are on the processing list, subject
3064 	 * to machinations in the if-clauses above.  Push any such elements.
3065 	 */
3066 	eqd_push_list(eqdp, (uintptr_t)eq.eq_ptail);
3067 	return (WALK_NEXT);
3068 }
3069 
3070 static int
3071 eqd_walk_step(mdb_walk_state_t *wsp)
3072 {
3073 	eqd_walk_data_t *eqdp = wsp->walk_data;
3074 	uintptr_t addr;
3075 
3076 	if (eqdp->eqd_qpos == 0)
3077 		return (WALK_DONE);
3078 
3079 	addr = eqdp->eqd_stack[--eqdp->eqd_qpos];
3080 
3081 	if (mdb_vread(eqdp->eqd_buf, eqdp->eqd_size, addr) != eqdp->eqd_size) {
3082 		mdb_warn("failed to read errorq data at %p", addr);
3083 		return (WALK_ERR);
3084 	}
3085 
3086 	return (wsp->walk_callback(addr, eqdp->eqd_buf, wsp->walk_cbdata));
3087 }
3088 
3089 static void
3090 eqd_walk_fini(mdb_walk_state_t *wsp)
3091 {
3092 	eqd_walk_data_t *eqdp = wsp->walk_data;
3093 
3094 	mdb_free(eqdp->eqd_stack, sizeof (uintptr_t) * eqdp->eqd_qlen);
3095 	mdb_free(eqdp->eqd_buf, eqdp->eqd_size);
3096 	mdb_free(eqdp, sizeof (eqd_walk_data_t));
3097 }
3098 
3099 #define	EQKSVAL(eqv, what) (eqv.eq_kstat.what.value.ui64)
3100 
3101 static int
3102 errorq(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3103 {
3104 	int i;
3105 	errorq_t eq;
3106 	uint_t opt_v = FALSE;
3107 
3108 	if (!(flags & DCMD_ADDRSPEC)) {
3109 		if (mdb_walk_dcmd("errorq", "errorq", argc, argv) == -1) {
3110 			mdb_warn("can't walk 'errorq'");
3111 			return (DCMD_ERR);
3112 		}
3113 		return (DCMD_OK);
3114 	}
3115 
3116 	i = mdb_getopts(argc, argv, 'v', MDB_OPT_SETBITS, TRUE, &opt_v, NULL);
3117 	argc -= i;
3118 	argv += i;
3119 
3120 	if (argc != 0)
3121 		return (DCMD_USAGE);
3122 
3123 	if (opt_v || DCMD_HDRSPEC(flags)) {
3124 		mdb_printf("%<u>%-11s %-16s %1s %1s %1s ",
3125 		    "ADDR", "NAME", "S", "V", "N");
3126 		if (!opt_v) {
3127 			mdb_printf("%7s %7s %7s%</u>\n",
3128 			    "ACCEPT", "DROP", "LOG");
3129 		} else {
3130 			mdb_printf("%5s %6s %6s %3s %16s%</u>\n",
3131 			    "KSTAT", "QLEN", "SIZE", "IPL", "FUNC");
3132 		}
3133 	}
3134 
3135 	if (mdb_vread(&eq, sizeof (eq), addr) != sizeof (eq)) {
3136 		mdb_warn("failed to read errorq at %p", addr);
3137 		return (DCMD_ERR);
3138 	}
3139 
3140 	mdb_printf("%-11p %-16s %c %c %c ", addr, eq.eq_name,
3141 	    (eq.eq_flags & ERRORQ_ACTIVE) ? '+' : '-',
3142 	    (eq.eq_flags & ERRORQ_VITAL) ? '!' : ' ',
3143 	    (eq.eq_flags & ERRORQ_NVLIST) ? '*' : ' ');
3144 
3145 	if (!opt_v) {
3146 		mdb_printf("%7llu %7llu %7llu\n",
3147 		    EQKSVAL(eq, eqk_dispatched) + EQKSVAL(eq, eqk_committed),
3148 		    EQKSVAL(eq, eqk_dropped) + EQKSVAL(eq, eqk_reserve_fail) +
3149 		    EQKSVAL(eq, eqk_commit_fail), EQKSVAL(eq, eqk_logged));
3150 	} else {
3151 		mdb_printf("%5s %6lu %6lu %3u %a\n",
3152 		    "  |  ", eq.eq_qlen, eq.eq_size, eq.eq_ipl, eq.eq_func);
3153 		mdb_printf("%38s\n%41s"
3154 		    "%12s %llu\n"
3155 		    "%53s %llu\n"
3156 		    "%53s %llu\n"
3157 		    "%53s %llu\n"
3158 		    "%53s %llu\n"
3159 		    "%53s %llu\n"
3160 		    "%53s %llu\n"
3161 		    "%53s %llu\n\n",
3162 		    "|", "+-> ",
3163 		    "DISPATCHED",	EQKSVAL(eq, eqk_dispatched),
3164 		    "DROPPED",		EQKSVAL(eq, eqk_dropped),
3165 		    "LOGGED",		EQKSVAL(eq, eqk_logged),
3166 		    "RESERVED",		EQKSVAL(eq, eqk_reserved),
3167 		    "RESERVE FAIL",	EQKSVAL(eq, eqk_reserve_fail),
3168 		    "COMMITTED",	EQKSVAL(eq, eqk_committed),
3169 		    "COMMIT FAIL",	EQKSVAL(eq, eqk_commit_fail),
3170 		    "CANCELLED",	EQKSVAL(eq, eqk_cancelled));
3171 	}
3172 
3173 	return (DCMD_OK);
3174 }
3175 
3176 /*ARGSUSED*/
3177 static int
3178 panicinfo(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
3179 {
3180 	cpu_t panic_cpu;
3181 	kthread_t *panic_thread;
3182 	void *panicbuf;
3183 	panic_data_t *pd;
3184 	int i, n;
3185 
3186 	if (!mdb_prop_postmortem) {
3187 		mdb_warn("panicinfo can only be run on a system "
3188 		    "dump; see dumpadm(1M)\n");
3189 		return (DCMD_ERR);
3190 	}
3191 
3192 	if (flags & DCMD_ADDRSPEC || argc != 0)
3193 		return (DCMD_USAGE);
3194 
3195 	if (mdb_readsym(&panic_cpu, sizeof (cpu_t), "panic_cpu") == -1)
3196 		mdb_warn("failed to read 'panic_cpu'");
3197 	else
3198 		mdb_printf("%16s %?d\n", "cpu", panic_cpu.cpu_id);
3199 
3200 	if (mdb_readvar(&panic_thread, "panic_thread") == -1)
3201 		mdb_warn("failed to read 'panic_thread'");
3202 	else
3203 		mdb_printf("%16s %?p\n", "thread", panic_thread);
3204 
3205 	panicbuf = mdb_alloc(PANICBUFSIZE, UM_SLEEP);
3206 	pd = (panic_data_t *)panicbuf;
3207 
3208 	if (mdb_readsym(panicbuf, PANICBUFSIZE, "panicbuf") == -1 ||
3209 	    pd->pd_version != PANICBUFVERS) {
3210 		mdb_warn("failed to read 'panicbuf'");
3211 		mdb_free(panicbuf, PANICBUFSIZE);
3212 		return (DCMD_ERR);
3213 	}
3214 
3215 	mdb_printf("%16s %s\n", "message",  (char *)panicbuf + pd->pd_msgoff);
3216 
3217 	n = (pd->pd_msgoff - (sizeof (panic_data_t) -
3218 	    sizeof (panic_nv_t))) / sizeof (panic_nv_t);
3219 
3220 	for (i = 0; i < n; i++)
3221 		mdb_printf("%16s %?llx\n",
3222 		    pd->pd_nvdata[i].pnv_name, pd->pd_nvdata[i].pnv_value);
3223 
3224 	mdb_free(panicbuf, PANICBUFSIZE);
3225 	return (DCMD_OK);
3226 }
3227 
3228 static const mdb_dcmd_t dcmds[] = {
3229 
3230 	/* from genunix.c */
3231 	{ "addr2smap", ":[offset]", "translate address to smap", addr2smap },
3232 	{ "as2proc", ":", "convert as to proc_t address", as2proc },
3233 	{ "binding_hash_entry", ":", "print driver names hash table entry",
3234 		binding_hash_entry },
3235 	{ "callout", NULL, "print callout table", callout },
3236 	{ "class", NULL, "print process scheduler classes", class },
3237 	{ "cpuinfo", "?[-v]", "print CPUs and runnable threads", cpuinfo },
3238 	{ "did2thread", "? kt_did", "find kernel thread for this id",
3239 		did2thread },
3240 	{ "errorq", "?[-v]", "display kernel error queues", errorq },
3241 	{ "fd", ":[fd num]", "get a file pointer from an fd", fd },
3242 	{ "flipone", ":", "the vik_rev_level 2 special", flipone },
3243 	{ "lminfo", NULL, "print lock manager information", lminfo },
3244 	{ "ndi_event_hdl", "?", "print ndi_event_hdl", ndi_event_hdl },
3245 	{ "panicinfo", NULL, "print panic information", panicinfo },
3246 	{ "pid2proc", "?", "convert PID to proc_t address", pid2proc },
3247 	{ "pmap", ":[-q]", "print process memory map", pmap },
3248 	{ "project", NULL, "display kernel project(s)", project },
3249 	{ "ps", "[-fltzTP]", "list processes (and associated thr,lwp)", ps },
3250 	{ "pgrep", "[-x] [-n | -o] pattern",
3251 		"pattern match against all processes", pgrep },
3252 	{ "ptree", NULL, "print process tree", ptree },
3253 	{ "seg", ":", "print address space segment", seg },
3254 	{ "sysevent", "?[-sv]", "print sysevent pending or sent queue",
3255 		sysevent},
3256 	{ "sysevent_channel", "?", "print sysevent channel database",
3257 		sysevent_channel},
3258 	{ "sysevent_class_list", ":", "print sysevent class list",
3259 		sysevent_class_list},
3260 	{ "sysevent_subclass_list", ":",
3261 		"print sysevent subclass list", sysevent_subclass_list},
3262 	{ "system", NULL, "print contents of /etc/system file", sysfile },
3263 	{ "task", NULL, "display kernel task(s)", task },
3264 	{ "taskq_entry", ":", "display a taskq_ent_t", taskq_ent },
3265 	{ "vnode2path", ":[-F]", "vnode address to pathname", vnode2path },
3266 	{ "vnode2smap", ":[offset]", "translate vnode to smap", vnode2smap },
3267 	{ "whereopen", ":", "given a vnode, dumps procs which have it open",
3268 	    whereopen },
3269 
3270 	/* from zone.c */
3271 	{ "zone", "?", "display kernel zone(s)", zoneprt },
3272 	{ "zsd", ":[zsd key]", "lookup zsd value from a key", zsd },
3273 
3274 	/* from bio.c */
3275 	{ "bufpagefind", ":addr", "find page_t on buf_t list", bufpagefind },
3276 
3277 	/* from contract.c */
3278 	{ "contract", "?", "display a contract", cmd_contract },
3279 	{ "ctevent", ":", "display a contract event", cmd_ctevent },
3280 	{ "ctid", ":", "convert id to a contract pointer", cmd_ctid },
3281 
3282 	/* from cpupart.c */
3283 	{ "cpupart", "?[-v]", "print cpu partition info", cpupart },
3284 
3285 	/* from cyclic.c */
3286 	{ "cyccover", NULL, "dump cyclic coverage information", cyccover },
3287 	{ "cycid", "?", "dump a cyclic id", cycid },
3288 	{ "cycinfo", "?", "dump cyc_cpu info", cycinfo },
3289 	{ "cyclic", ":", "developer information", cyclic },
3290 	{ "cyctrace", "?", "dump cyclic trace buffer", cyctrace },
3291 
3292 	/* from devinfo.c */
3293 	{ "devbindings", "?[-qs] [device-name | major-num]",
3294 	    "print devinfo nodes bound to device-name or major-num",
3295 	    devbindings, devinfo_help },
3296 	{ "devinfo", ":[-qs]", "detailed devinfo of one node", devinfo,
3297 	    devinfo_help },
3298 	{ "devinfo_audit", ":[-v]", "devinfo configuration audit record",
3299 	    devinfo_audit },
3300 	{ "devinfo_audit_log", "?[-v]", "system wide devinfo configuration log",
3301 	    devinfo_audit_log },
3302 	{ "devinfo_audit_node", ":[-v]", "devinfo node configuration history",
3303 	    devinfo_audit_node },
3304 	{ "devinfo2driver", ":", "find driver name for this devinfo node",
3305 	    devinfo2driver },
3306 	{ "devnames", "?[-vm] [num]", "print devnames array", devnames },
3307 	{ "dev2major", "?<dev_t>", "convert dev_t to a major number",
3308 	    dev2major },
3309 	{ "dev2minor", "?<dev_t>", "convert dev_t to a minor number",
3310 	    dev2minor },
3311 	{ "devt", "?<dev_t>", "display a dev_t's major and minor numbers",
3312 	    devt },
3313 	{ "major2name", "?<major-num>", "convert major number to dev name",
3314 	    major2name },
3315 	{ "minornodes", ":", "given a devinfo node, print its minor nodes",
3316 	    minornodes },
3317 	{ "modctl2devinfo", ":", "given a modctl, list its devinfos",
3318 	    modctl2devinfo },
3319 	{ "name2major", "<dev-name>", "convert dev name to major number",
3320 	    name2major },
3321 	{ "prtconf", "?[-vpc]", "print devinfo tree", prtconf, prtconf_help },
3322 	{ "softstate", ":<instance>", "retrieve soft-state pointer",
3323 	    softstate },
3324 	{ "devinfo_fm", ":", "devinfo fault managment configuration",
3325 	    devinfo_fm },
3326 	{ "devinfo_fmce", ":", "devinfo fault managment cache entry",
3327 	    devinfo_fmce},
3328 
3329 	/* from fm.c */
3330 	{ "ereport", "[-v]", "print ereports logged in dump",
3331 	    ereport },
3332 
3333 	/* from findstack.c */
3334 	{ "findstack", ":[-v]", "find kernel thread stack", findstack },
3335 	{ "findstack_debug", NULL, "toggle findstack debugging",
3336 		findstack_debug },
3337 
3338 	/* from kgrep.c + genunix.c */
3339 	{ "kgrep", KGREP_USAGE, "search kernel as for a pointer", kgrep,
3340 		kgrep_help },
3341 
3342 	/* from kmem.c */
3343 	{ "allocdby", ":", "given a thread, print its allocated buffers",
3344 		allocdby },
3345 	{ "bufctl", ":[-vh] [-a addr] [-c caller] [-e earliest] [-l latest] "
3346 		"[-t thd]", "print or filter a bufctl", bufctl, bufctl_help },
3347 	{ "freedby", ":", "given a thread, print its freed buffers", freedby },
3348 	{ "kmalog", "?[ fail | slab ]",
3349 	    "display kmem transaction log and stack traces", kmalog },
3350 	{ "kmastat", "[-kmg]", "kernel memory allocator stats",
3351 	    kmastat },
3352 	{ "kmausers", "?[-ef] [cache ...]", "current medium and large users "
3353 		"of the kmem allocator", kmausers, kmausers_help },
3354 	{ "kmem_cache", "?", "print kernel memory caches", kmem_cache },
3355 	{ "kmem_debug", NULL, "toggle kmem dcmd/walk debugging", kmem_debug },
3356 	{ "kmem_log", "?[-b]", "dump kmem transaction log", kmem_log },
3357 	{ "kmem_verify", "?", "check integrity of kmem-managed memory",
3358 		kmem_verify },
3359 	{ "vmem", "?", "print a vmem_t", vmem },
3360 	{ "vmem_seg", ":[-sv] [-c caller] [-e earliest] [-l latest] "
3361 		"[-m minsize] [-M maxsize] [-t thread] [-T type]",
3362 		"print or filter a vmem_seg", vmem_seg, vmem_seg_help },
3363 	{ "whatis", ":[-abiv]", "given an address, return information", whatis,
3364 		whatis_help },
3365 	{ "whatthread", ":[-v]", "print threads whose stack contains the "
3366 		"given address", whatthread },
3367 
3368 	/* from ldi.c */
3369 	{ "ldi_handle", "?[-i]", "display a layered driver handle",
3370 	    ldi_handle, ldi_handle_help },
3371 	{ "ldi_ident", NULL, "display a layered driver identifier",
3372 	    ldi_ident, ldi_ident_help },
3373 
3374 	/* from leaky.c + leaky_subr.c */
3375 	{ "findleaks", FINDLEAKS_USAGE,
3376 	    "search for potential kernel memory leaks", findleaks,
3377 	    findleaks_help },
3378 
3379 	/* from lgrp.c */
3380 	{ "lgrp", "?[-q] [-p | -Pih]", "display an lgrp", lgrp},
3381 	{ "lgrp_set", "", "display bitmask of lgroups as a list", lgrp_set},
3382 
3383 	/* from log.c */
3384 	{ "msgbuf", "?[-v]", "print most recent console messages", msgbuf },
3385 
3386 	/* from memory.c */
3387 	{ "page", "?", "display a summarized page_t", page },
3388 	{ "memstat", NULL, "display memory usage summary", memstat },
3389 	{ "memlist", "?[-iav]", "display a struct memlist", memlist },
3390 	{ "swapinfo", "?", "display a struct swapinfo", swapinfof },
3391 
3392 	/* from mmd.c */
3393 	{ "multidata", ":[-sv]", "display a summarized multidata_t",
3394 		multidata },
3395 	{ "pattbl", ":", "display a summarized multidata attribute table",
3396 		pattbl },
3397 	{ "pattr2multidata", ":", "print multidata pointer from pattr_t",
3398 		pattr2multidata },
3399 	{ "pdesc2slab", ":", "print pdesc slab pointer from pdesc_t",
3400 		pdesc2slab },
3401 	{ "pdesc_verify", ":", "verify integrity of a pdesc_t", pdesc_verify },
3402 	{ "slab2multidata", ":", "print multidata pointer from pdesc_slab_t",
3403 		slab2multidata },
3404 
3405 	/* from modhash.c */
3406 	{ "modhash", "?[-ceht] [-k key] [-v val] [-i index]",
3407 		"display information about one or all mod_hash structures",
3408 		modhash, modhash_help },
3409 	{ "modent", ":[-k | -v | -t type]",
3410 		"display information about a mod_hash_entry", modent,
3411 		modent_help },
3412 
3413 	/* from net.c */
3414 	{ "mi", ":[-p] [-d | -m]", "filter and display MI object or payload",
3415 		mi },
3416 	{ "netstat", "[-arv] [-f inet | inet6 | unix] [-P tcp | udp]",
3417 		"show network statistics", netstat },
3418 	{ "sonode", "?[-f inet | inet6 | unix | #] "
3419 		"[-t stream | dgram | raw | #] [-p #]",
3420 		"filter and display sonode", sonode },
3421 
3422 	/* from netstack.c */
3423 	{ "netstack", "", "show stack instances", netstack },
3424 
3425 	/* from nvpair.c */
3426 	{ NVPAIR_DCMD_NAME, NVPAIR_DCMD_USAGE, NVPAIR_DCMD_DESCR,
3427 		nvpair_print },
3428 	{ NVLIST_DCMD_NAME, NVLIST_DCMD_USAGE, NVLIST_DCMD_DESCR,
3429 		print_nvlist },
3430 
3431 	/* from pg.c */
3432 	{ "pg", "?[-q]", "display a pg", pg},
3433 	/* from group.c */
3434 	{ "group", "?[-q]", "display a group", group},
3435 
3436 	/* from log.c */
3437 	/* from rctl.c */
3438 	{ "rctl_dict", "?", "print systemwide default rctl definitions",
3439 		rctl_dict },
3440 	{ "rctl_list", ":[handle]", "print rctls for the given proc",
3441 		rctl_list },
3442 	{ "rctl", ":[handle]", "print a rctl_t, only if it matches the handle",
3443 		rctl },
3444 	{ "rctl_validate", ":[-v] [-n #]", "test resource control value "
3445 		"sequence", rctl_validate },
3446 
3447 	/* from sobj.c */
3448 	{ "rwlock", ":", "dump out a readers/writer lock", rwlock },
3449 	{ "mutex", ":[-f]", "dump out an adaptive or spin mutex", mutex,
3450 		mutex_help },
3451 	{ "sobj2ts", ":", "perform turnstile lookup on synch object", sobj2ts },
3452 	{ "wchaninfo", "?[-v]", "dump condition variable", wchaninfo },
3453 	{ "turnstile", "?", "display a turnstile", turnstile },
3454 
3455 	/* from stream.c */
3456 	{ "mblk", ":[-q|v] [-f|F flag] [-t|T type] [-l|L|B len] [-d dbaddr]",
3457 		"print an mblk", mblk_prt, mblk_help },
3458 	{ "mblk_verify", "?", "verify integrity of an mblk", mblk_verify },
3459 	{ "mblk2dblk", ":", "convert mblk_t address to dblk_t address",
3460 		mblk2dblk },
3461 	{ "q2otherq", ":", "print peer queue for a given queue", q2otherq },
3462 	{ "q2rdq", ":", "print read queue for a given queue", q2rdq },
3463 	{ "q2syncq", ":", "print syncq for a given queue", q2syncq },
3464 	{ "q2stream", ":", "print stream pointer for a given queue", q2stream },
3465 	{ "q2wrq", ":", "print write queue for a given queue", q2wrq },
3466 	{ "queue", ":[-q|v] [-m mod] [-f flag] [-F flag] [-s syncq_addr]",
3467 		"filter and display STREAM queue", queue, queue_help },
3468 	{ "stdata", ":[-q|v] [-f flag] [-F flag]",
3469 		"filter and display STREAM head", stdata, stdata_help },
3470 	{ "str2mate", ":", "print mate of this stream", str2mate },
3471 	{ "str2wrq", ":", "print write queue of this stream", str2wrq },
3472 	{ "stream", ":", "display STREAM", stream },
3473 	{ "strftevent", ":", "print STREAMS flow trace event", strftevent },
3474 	{ "syncq", ":[-q|v] [-f flag] [-F flag] [-t type] [-T type]",
3475 		"filter and display STREAM sync queue", syncq, syncq_help },
3476 	{ "syncq2q", ":", "print queue for a given syncq", syncq2q },
3477 
3478 	/* from thread.c */
3479 	{ "thread", "?[-bdfimps]", "display a summarized kthread_t", thread,
3480 		thread_help },
3481 	{ "threadlist", "?[-v [count]]",
3482 		"display threads and associated C stack traces", threadlist,
3483 		threadlist_help },
3484 
3485 	/* from tsd.c */
3486 	{ "tsd", ":-k key", "print tsd[key-1] for this thread", ttotsd },
3487 	{ "tsdtot", ":", "find thread with this tsd", tsdtot },
3488 
3489 	/*
3490 	 * typegraph does not work under kmdb, as it requires too much memory
3491 	 * for its internal data structures.
3492 	 */
3493 #ifndef _KMDB
3494 	/* from typegraph.c */
3495 	{ "findlocks", ":", "find locks held by specified thread", findlocks },
3496 	{ "findfalse", "?[-v]", "find potentially falsely shared structures",
3497 		findfalse },
3498 	{ "typegraph", NULL, "build type graph", typegraph },
3499 	{ "istype", ":type", "manually set object type", istype },
3500 	{ "notype", ":", "manually clear object type", notype },
3501 	{ "whattype", ":", "determine object type", whattype },
3502 #endif
3503 
3504 	/* from vfs.c */
3505 	{ "fsinfo", "?[-v]", "print mounted filesystems", fsinfo },
3506 	{ "pfiles", ":[-fp]", "print process file information", pfiles,
3507 		pfiles_help },
3508 
3509 	/* from mdi.c */
3510 	{ "mdipi", NULL, "given a path, dump mdi_pathinfo "
3511 		"and detailed pi_prop list", mdipi },
3512 	{ "mdiprops", NULL, "given a pi_prop, dump the pi_prop list",
3513 		mdiprops },
3514 	{ "mdiphci", NULL, "given a phci, dump mdi_phci and "
3515 		"list all paths", mdiphci },
3516 	{ "mdivhci", NULL, "given a vhci, dump mdi_vhci and list "
3517 		"all phcis", mdivhci },
3518 	{ "mdiclient_paths", NULL, "given a path, walk mdi_pathinfo "
3519 		"client links", mdiclient_paths },
3520 	{ "mdiphci_paths", NULL, "given a path, walk through mdi_pathinfo "
3521 		"phci links", mdiphci_paths },
3522 	{ "mdiphcis", NULL, "given a phci, walk through mdi_phci ph_next links",
3523 		mdiphcis },
3524 
3525 	{ NULL }
3526 };
3527 
3528 static const mdb_walker_t walkers[] = {
3529 
3530 	/* from genunix.c */
3531 	{ "anon", "given an amp, list of anon structures",
3532 		anon_walk_init, anon_walk_step, anon_walk_fini },
3533 	{ "cpu", "walk cpu structures", cpu_walk_init, cpu_walk_step },
3534 	{ "ereportq_dump", "walk list of ereports in dump error queue",
3535 		ereportq_dump_walk_init, ereportq_dump_walk_step, NULL },
3536 	{ "ereportq_pend", "walk list of ereports in pending error queue",
3537 		ereportq_pend_walk_init, ereportq_pend_walk_step, NULL },
3538 	{ "errorq", "walk list of system error queues",
3539 		errorq_walk_init, errorq_walk_step, NULL },
3540 	{ "errorq_data", "walk pending error queue data buffers",
3541 		eqd_walk_init, eqd_walk_step, eqd_walk_fini },
3542 	{ "allfile", "given a proc pointer, list all file pointers",
3543 		file_walk_init, allfile_walk_step, file_walk_fini },
3544 	{ "file", "given a proc pointer, list of open file pointers",
3545 		file_walk_init, file_walk_step, file_walk_fini },
3546 	{ "lock_descriptor", "walk lock_descriptor_t structures",
3547 		ld_walk_init, ld_walk_step, NULL },
3548 	{ "lock_graph", "walk lock graph",
3549 		lg_walk_init, lg_walk_step, NULL },
3550 	{ "port", "given a proc pointer, list of created event ports",
3551 		port_walk_init, port_walk_step, NULL },
3552 	{ "portev", "given a port pointer, list of events in the queue",
3553 		portev_walk_init, portev_walk_step, portev_walk_fini },
3554 	{ "proc", "list of active proc_t structures",
3555 		proc_walk_init, proc_walk_step, proc_walk_fini },
3556 	{ "projects", "walk a list of kernel projects",
3557 		project_walk_init, project_walk_step, NULL },
3558 	{ "seg", "given an as, list of segments",
3559 		seg_walk_init, avl_walk_step, avl_walk_fini },
3560 	{ "sysevent_pend", "walk sysevent pending queue",
3561 		sysevent_pend_walk_init, sysevent_walk_step,
3562 		sysevent_walk_fini},
3563 	{ "sysevent_sent", "walk sysevent sent queue", sysevent_sent_walk_init,
3564 		sysevent_walk_step, sysevent_walk_fini},
3565 	{ "sysevent_channel", "walk sysevent channel subscriptions",
3566 		sysevent_channel_walk_init, sysevent_channel_walk_step,
3567 		sysevent_channel_walk_fini},
3568 	{ "sysevent_class_list", "walk sysevent subscription's class list",
3569 		sysevent_class_list_walk_init, sysevent_class_list_walk_step,
3570 		sysevent_class_list_walk_fini},
3571 	{ "sysevent_subclass_list",
3572 		"walk sysevent subscription's subclass list",
3573 		sysevent_subclass_list_walk_init,
3574 		sysevent_subclass_list_walk_step,
3575 		sysevent_subclass_list_walk_fini},
3576 	{ "task", "given a task pointer, walk its processes",
3577 		task_walk_init, task_walk_step, NULL },
3578 	{ "taskq_entry", "given a taskq_t*, list all taskq_ent_t in the list",
3579 		taskq_walk_init, taskq_walk_step, NULL, NULL },
3580 
3581 	/* from avl.c */
3582 	{ AVL_WALK_NAME, AVL_WALK_DESC,
3583 		avl_walk_init, avl_walk_step, avl_walk_fini },
3584 
3585 	/* from zone.c */
3586 	{ "zone", "walk a list of kernel zones",
3587 		zone_walk_init, zone_walk_step, NULL },
3588 	{ "zsd", "walk list of zsd entries for a zone",
3589 		zsd_walk_init, zsd_walk_step, NULL },
3590 
3591 	/* from bio.c */
3592 	{ "buf", "walk the bio buf hash",
3593 		buf_walk_init, buf_walk_step, buf_walk_fini },
3594 
3595 	/* from contract.c */
3596 	{ "contract", "walk all contracts, or those of the specified type",
3597 		ct_walk_init, generic_walk_step, NULL },
3598 	{ "ct_event", "walk events on a contract event queue",
3599 		ct_event_walk_init, generic_walk_step, NULL },
3600 	{ "ct_listener", "walk contract event queue listeners",
3601 		ct_listener_walk_init, generic_walk_step, NULL },
3602 
3603 	/* from cpupart.c */
3604 	{ "cpupart_cpulist", "given an cpupart_t, walk cpus in partition",
3605 		cpupart_cpulist_walk_init, cpupart_cpulist_walk_step,
3606 		NULL },
3607 	{ "cpupart_walk", "walk the set of cpu partitions",
3608 		cpupart_walk_init, cpupart_walk_step, NULL },
3609 
3610 	/* from ctxop.c */
3611 	{ "ctxop", "walk list of context ops on a thread",
3612 		ctxop_walk_init, ctxop_walk_step, ctxop_walk_fini },
3613 
3614 	/* from cyclic.c */
3615 	{ "cyccpu", "walk per-CPU cyc_cpu structures",
3616 		cyccpu_walk_init, cyccpu_walk_step, NULL },
3617 	{ "cycomni", "for an omnipresent cyclic, walk cyc_omni_cpu list",
3618 		cycomni_walk_init, cycomni_walk_step, NULL },
3619 	{ "cyctrace", "walk cyclic trace buffer",
3620 		cyctrace_walk_init, cyctrace_walk_step, cyctrace_walk_fini },
3621 
3622 	/* from devinfo.c */
3623 	{ "binding_hash", "walk all entries in binding hash table",
3624 		binding_hash_walk_init, binding_hash_walk_step, NULL },
3625 	{ "devinfo", "walk devinfo tree or subtree",
3626 		devinfo_walk_init, devinfo_walk_step, devinfo_walk_fini },
3627 	{ "devinfo_audit_log", "walk devinfo audit system-wide log",
3628 		devinfo_audit_log_walk_init, devinfo_audit_log_walk_step,
3629 		devinfo_audit_log_walk_fini},
3630 	{ "devinfo_audit_node", "walk per-devinfo audit history",
3631 		devinfo_audit_node_walk_init, devinfo_audit_node_walk_step,
3632 		devinfo_audit_node_walk_fini},
3633 	{ "devinfo_children", "walk children of devinfo node",
3634 		devinfo_children_walk_init, devinfo_children_walk_step,
3635 		devinfo_children_walk_fini },
3636 	{ "devinfo_parents", "walk ancestors of devinfo node",
3637 		devinfo_parents_walk_init, devinfo_parents_walk_step,
3638 		devinfo_parents_walk_fini },
3639 	{ "devinfo_siblings", "walk siblings of devinfo node",
3640 		devinfo_siblings_walk_init, devinfo_siblings_walk_step, NULL },
3641 	{ "devi_next", "walk devinfo list",
3642 		NULL, devi_next_walk_step, NULL },
3643 	{ "devnames", "walk devnames array",
3644 		devnames_walk_init, devnames_walk_step, devnames_walk_fini },
3645 	{ "minornode", "given a devinfo node, walk minor nodes",
3646 		minornode_walk_init, minornode_walk_step, NULL },
3647 	{ "softstate",
3648 		"given an i_ddi_soft_state*, list all in-use driver stateps",
3649 		soft_state_walk_init, soft_state_walk_step,
3650 		NULL, NULL },
3651 	{ "softstate_all",
3652 		"given an i_ddi_soft_state*, list all driver stateps",
3653 		soft_state_walk_init, soft_state_all_walk_step,
3654 		NULL, NULL },
3655 	{ "devinfo_fmc",
3656 		"walk a fault management handle cache active list",
3657 		devinfo_fmc_walk_init, devinfo_fmc_walk_step, NULL },
3658 
3659 	/* from kmem.c */
3660 	{ "allocdby", "given a thread, walk its allocated bufctls",
3661 		allocdby_walk_init, allocdby_walk_step, allocdby_walk_fini },
3662 	{ "bufctl", "walk a kmem cache's bufctls",
3663 		bufctl_walk_init, kmem_walk_step, kmem_walk_fini },
3664 	{ "bufctl_history", "walk the available history of a bufctl",
3665 		bufctl_history_walk_init, bufctl_history_walk_step,
3666 		bufctl_history_walk_fini },
3667 	{ "freedby", "given a thread, walk its freed bufctls",
3668 		freedby_walk_init, allocdby_walk_step, allocdby_walk_fini },
3669 	{ "freectl", "walk a kmem cache's free bufctls",
3670 		freectl_walk_init, kmem_walk_step, kmem_walk_fini },
3671 	{ "freectl_constructed", "walk a kmem cache's constructed free bufctls",
3672 		freectl_constructed_walk_init, kmem_walk_step, kmem_walk_fini },
3673 	{ "freemem", "walk a kmem cache's free memory",
3674 		freemem_walk_init, kmem_walk_step, kmem_walk_fini },
3675 	{ "freemem_constructed", "walk a kmem cache's constructed free memory",
3676 		freemem_constructed_walk_init, kmem_walk_step, kmem_walk_fini },
3677 	{ "kmem", "walk a kmem cache",
3678 		kmem_walk_init, kmem_walk_step, kmem_walk_fini },
3679 	{ "kmem_cpu_cache", "given a kmem cache, walk its per-CPU caches",
3680 		kmem_cpu_cache_walk_init, kmem_cpu_cache_walk_step, NULL },
3681 	{ "kmem_hash", "given a kmem cache, walk its allocated hash table",
3682 		kmem_hash_walk_init, kmem_hash_walk_step, kmem_hash_walk_fini },
3683 	{ "kmem_log", "walk the kmem transaction log",
3684 		kmem_log_walk_init, kmem_log_walk_step, kmem_log_walk_fini },
3685 	{ "kmem_slab", "given a kmem cache, walk its slabs",
3686 		kmem_slab_walk_init, kmem_slab_walk_step, NULL },
3687 	{ "kmem_slab_partial",
3688 	    "given a kmem cache, walk its partially allocated slabs (min 1)",
3689 		kmem_slab_walk_partial_init, kmem_slab_walk_step, NULL },
3690 	{ "vmem", "walk vmem structures in pre-fix, depth-first order",
3691 		vmem_walk_init, vmem_walk_step, vmem_walk_fini },
3692 	{ "vmem_alloc", "given a vmem_t, walk its allocated vmem_segs",
3693 		vmem_alloc_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
3694 	{ "vmem_free", "given a vmem_t, walk its free vmem_segs",
3695 		vmem_free_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
3696 	{ "vmem_postfix", "walk vmem structures in post-fix, depth-first order",
3697 		vmem_walk_init, vmem_postfix_walk_step, vmem_walk_fini },
3698 	{ "vmem_seg", "given a vmem_t, walk all of its vmem_segs",
3699 		vmem_seg_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
3700 	{ "vmem_span", "given a vmem_t, walk its spanning vmem_segs",
3701 		vmem_span_walk_init, vmem_seg_walk_step, vmem_seg_walk_fini },
3702 
3703 	/* from ldi.c */
3704 	{ "ldi_handle", "walk the layered driver handle hash",
3705 		ldi_handle_walk_init, ldi_handle_walk_step, NULL },
3706 	{ "ldi_ident", "walk the layered driver identifier hash",
3707 		ldi_ident_walk_init, ldi_ident_walk_step, NULL },
3708 
3709 	/* from leaky.c + leaky_subr.c */
3710 	{ "leak", "given a leaked bufctl or vmem_seg, find leaks w/ same "
3711 	    "stack trace",
3712 		leaky_walk_init, leaky_walk_step, leaky_walk_fini },
3713 	{ "leakbuf", "given a leaked bufctl or vmem_seg, walk buffers for "
3714 	    "leaks w/ same stack trace",
3715 		leaky_walk_init, leaky_buf_walk_step, leaky_walk_fini },
3716 
3717 	/* from lgrp.c */
3718 	{ "lgrp_cpulist", "walk CPUs in a given lgroup",
3719 		lgrp_cpulist_walk_init, lgrp_cpulist_walk_step, NULL },
3720 	{ "lgrptbl", "walk lgroup table",
3721 		lgrp_walk_init, lgrp_walk_step, NULL },
3722 	{ "lgrp_parents", "walk up lgroup lineage from given lgroup",
3723 		lgrp_parents_walk_init, lgrp_parents_walk_step, NULL },
3724 	{ "lgrp_rsrc_mem", "walk lgroup memory resources of given lgroup",
3725 		lgrp_rsrc_mem_walk_init, lgrp_set_walk_step, NULL },
3726 	{ "lgrp_rsrc_cpu", "walk lgroup CPU resources of given lgroup",
3727 		lgrp_rsrc_cpu_walk_init, lgrp_set_walk_step, NULL },
3728 
3729 	/* from group.c */
3730 	{ "group", "walk all elements of a group",
3731 		group_walk_init, group_walk_step, NULL },
3732 
3733 	/* from list.c */
3734 	{ LIST_WALK_NAME, LIST_WALK_DESC,
3735 		list_walk_init, list_walk_step, list_walk_fini },
3736 
3737 	/* from memory.c */
3738 	{ "page", "walk all pages, or those from the specified vnode",
3739 		page_walk_init, page_walk_step, page_walk_fini },
3740 	{ "memlist", "walk specified memlist",
3741 		NULL, memlist_walk_step, NULL },
3742 	{ "swapinfo", "walk swapinfo structures",
3743 		swap_walk_init, swap_walk_step, NULL },
3744 
3745 	/* from mmd.c */
3746 	{ "pattr", "walk pattr_t structures", pattr_walk_init,
3747 		mmdq_walk_step, mmdq_walk_fini },
3748 	{ "pdesc", "walk pdesc_t structures",
3749 		pdesc_walk_init, mmdq_walk_step, mmdq_walk_fini },
3750 	{ "pdesc_slab", "walk pdesc_slab_t structures",
3751 		pdesc_slab_walk_init, mmdq_walk_step, mmdq_walk_fini },
3752 
3753 	/* from modhash.c */
3754 	{ "modhash", "walk list of mod_hash structures", modhash_walk_init,
3755 		modhash_walk_step, NULL },
3756 	{ "modent", "walk list of entries in a given mod_hash",
3757 		modent_walk_init, modent_walk_step, modent_walk_fini },
3758 	{ "modchain", "walk list of entries in a given mod_hash_entry",
3759 		NULL, modchain_walk_step, NULL },
3760 
3761 	/* from net.c */
3762 	{ "ar", "walk ar_t structures using MI for all stacks",
3763 		mi_payload_walk_init, mi_payload_walk_step, NULL, &mi_ar_arg },
3764 	{ "icmp", "walk ICMP control structures using MI for all stacks",
3765 		mi_payload_walk_init, mi_payload_walk_step, NULL,
3766 		&mi_icmp_arg },
3767 	{ "ill", "walk ill_t structures using MI for all stacks",
3768 		mi_payload_walk_init, mi_payload_walk_step, NULL, &mi_ill_arg },
3769 
3770 	{ "mi", "given a MI_O, walk the MI",
3771 		mi_walk_init, mi_walk_step, mi_walk_fini, NULL },
3772 	{ "sonode", "given a sonode, walk its children",
3773 		sonode_walk_init, sonode_walk_step, sonode_walk_fini, NULL },
3774 
3775 	{ "ar_stacks", "walk all the ar_stack_t",
3776 		ar_stacks_walk_init, ar_stacks_walk_step, NULL },
3777 	{ "icmp_stacks", "walk all the icmp_stack_t",
3778 		icmp_stacks_walk_init, icmp_stacks_walk_step, NULL },
3779 	{ "tcp_stacks", "walk all the tcp_stack_t",
3780 		tcp_stacks_walk_init, tcp_stacks_walk_step, NULL },
3781 	{ "udp_stacks", "walk all the udp_stack_t",
3782 		udp_stacks_walk_init, udp_stacks_walk_step, NULL },
3783 
3784 	/* from nvpair.c */
3785 	{ NVPAIR_WALKER_NAME, NVPAIR_WALKER_DESCR,
3786 		nvpair_walk_init, nvpair_walk_step, NULL },
3787 
3788 	/* from rctl.c */
3789 	{ "rctl_dict_list", "walk all rctl_dict_entry_t's from rctl_lists",
3790 		rctl_dict_walk_init, rctl_dict_walk_step, NULL },
3791 	{ "rctl_set", "given a rctl_set, walk all rctls", rctl_set_walk_init,
3792 		rctl_set_walk_step, NULL },
3793 	{ "rctl_val", "given a rctl_t, walk all rctl_val entries associated",
3794 		rctl_val_walk_init, rctl_val_walk_step },
3795 
3796 	/* from sobj.c */
3797 	{ "blocked", "walk threads blocked on a given sobj",
3798 		blocked_walk_init, blocked_walk_step, NULL },
3799 	{ "wchan", "given a wchan, list of blocked threads",
3800 		wchan_walk_init, wchan_walk_step, wchan_walk_fini },
3801 
3802 	/* from stream.c */
3803 	{ "b_cont", "walk mblk_t list using b_cont",
3804 		mblk_walk_init, b_cont_step, mblk_walk_fini },
3805 	{ "b_next", "walk mblk_t list using b_next",
3806 		mblk_walk_init, b_next_step, mblk_walk_fini },
3807 	{ "qlink", "walk queue_t list using q_link",
3808 		queue_walk_init, queue_link_step, queue_walk_fini },
3809 	{ "qnext", "walk queue_t list using q_next",
3810 		queue_walk_init, queue_next_step, queue_walk_fini },
3811 	{ "strftblk", "given a dblk_t, walk STREAMS flow trace event list",
3812 		strftblk_walk_init, strftblk_step, strftblk_walk_fini },
3813 	{ "readq", "walk read queue side of stdata",
3814 		str_walk_init, strr_walk_step, str_walk_fini },
3815 	{ "writeq", "walk write queue side of stdata",
3816 		str_walk_init, strw_walk_step, str_walk_fini },
3817 
3818 	/* from thread.c */
3819 	{ "deathrow", "walk threads on both lwp_ and thread_deathrow",
3820 		deathrow_walk_init, deathrow_walk_step, NULL },
3821 	{ "cpu_dispq", "given a cpu_t, walk threads in dispatcher queues",
3822 		cpu_dispq_walk_init, dispq_walk_step, dispq_walk_fini },
3823 	{ "cpupart_dispq",
3824 		"given a cpupart_t, walk threads in dispatcher queues",
3825 		cpupart_dispq_walk_init, dispq_walk_step, dispq_walk_fini },
3826 	{ "lwp_deathrow", "walk lwp_deathrow",
3827 		lwp_deathrow_walk_init, deathrow_walk_step, NULL },
3828 	{ "thread", "global or per-process kthread_t structures",
3829 		thread_walk_init, thread_walk_step, thread_walk_fini },
3830 	{ "thread_deathrow", "walk threads on thread_deathrow",
3831 		thread_deathrow_walk_init, deathrow_walk_step, NULL },
3832 
3833 	/* from tsd.c */
3834 	{ "tsd", "walk list of thread-specific data",
3835 		tsd_walk_init, tsd_walk_step, tsd_walk_fini },
3836 
3837 	/* from tsol.c */
3838 	{ "tnrh", "walk remote host cache structures",
3839 	    tnrh_walk_init, tnrh_walk_step, tnrh_walk_fini },
3840 	{ "tnrhtp", "walk remote host template structures",
3841 	    tnrhtp_walk_init, tnrhtp_walk_step, tnrhtp_walk_fini },
3842 
3843 	/*
3844 	 * typegraph does not work under kmdb, as it requires too much memory
3845 	 * for its internal data structures.
3846 	 */
3847 #ifndef _KMDB
3848 	/* from typegraph.c */
3849 	{ "typeconflict", "walk buffers with conflicting type inferences",
3850 		typegraph_walk_init, typeconflict_walk_step },
3851 	{ "typeunknown", "walk buffers with unknown types",
3852 		typegraph_walk_init, typeunknown_walk_step },
3853 #endif
3854 
3855 	/* from vfs.c */
3856 	{ "vfs", "walk file system list",
3857 		vfs_walk_init, vfs_walk_step },
3858 
3859 	/* from mdi.c */
3860 	{ "mdipi_client_list", "Walker for mdi_pathinfo pi_client_link",
3861 		mdi_pi_client_link_walk_init,
3862 		mdi_pi_client_link_walk_step,
3863 		mdi_pi_client_link_walk_fini },
3864 
3865 	{ "mdipi_phci_list", "Walker for mdi_pathinfo pi_phci_link",
3866 		mdi_pi_phci_link_walk_init,
3867 		mdi_pi_phci_link_walk_step,
3868 		mdi_pi_phci_link_walk_fini },
3869 
3870 	{ "mdiphci_list", "Walker for mdi_phci ph_next link",
3871 		mdi_phci_ph_next_walk_init,
3872 		mdi_phci_ph_next_walk_step,
3873 		mdi_phci_ph_next_walk_fini },
3874 
3875 	/* from netstack.c */
3876 	{ "netstack", "walk a list of kernel netstacks",
3877 		netstack_walk_init, netstack_walk_step, NULL },
3878 
3879 	{ NULL }
3880 };
3881 
3882 static const mdb_modinfo_t modinfo = { MDB_API_VERSION, dcmds, walkers };
3883 
3884 const mdb_modinfo_t *
3885 _mdb_init(void)
3886 {
3887 	if (mdb_readvar(&devinfo_root, "top_devinfo") == -1) {
3888 		mdb_warn("failed to read 'top_devinfo'");
3889 		return (NULL);
3890 	}
3891 
3892 	if (findstack_init() != DCMD_OK)
3893 		return (NULL);
3894 
3895 	kmem_init();
3896 
3897 	return (&modinfo);
3898 }
3899 
3900 void
3901 _mdb_fini(void)
3902 {
3903 	/*
3904 	 * Force ::findleaks to let go any cached memory
3905 	 */
3906 	leaky_cleanup(1);
3907 }
3908