xref: /titanic_52/usr/src/uts/common/os/modctl.c (revision 1d53067866b073ea6710000ba4dd448441361988)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * modctl system call for loadable module support.
31  */
32 
33 #include <sys/param.h>
34 #include <sys/user.h>
35 #include <sys/systm.h>
36 #include <sys/exec.h>
37 #include <sys/file.h>
38 #include <sys/stat.h>
39 #include <sys/conf.h>
40 #include <sys/time.h>
41 #include <sys/reboot.h>
42 #include <sys/fs/ufs_fsdir.h>
43 #include <sys/kmem.h>
44 #include <sys/sysconf.h>
45 #include <sys/cmn_err.h>
46 #include <sys/ddi.h>
47 #include <sys/sunddi.h>
48 #include <sys/sunndi.h>
49 #include <sys/ndi_impldefs.h>
50 #include <sys/ddi_impldefs.h>
51 #include <sys/ddi_implfuncs.h>
52 #include <sys/bootconf.h>
53 #include <sys/dc_ki.h>
54 #include <sys/cladm.h>
55 #include <sys/dtrace.h>
56 #include <sys/kdi.h>
57 
58 #include <sys/devpolicy.h>
59 #include <sys/modctl.h>
60 #include <sys/kobj.h>
61 #include <sys/devops.h>
62 #include <sys/autoconf.h>
63 #include <sys/hwconf.h>
64 #include <sys/callb.h>
65 #include <sys/debug.h>
66 #include <sys/cpuvar.h>
67 #include <sys/sysmacros.h>
68 #include <sys/sysevent.h>
69 #include <sys/sysevent_impl.h>
70 #include <sys/instance.h>
71 #include <sys/modhash.h>
72 #include <sys/modhash_impl.h>
73 #include <sys/dacf_impl.h>
74 #include <sys/vfs.h>
75 #include <sys/pathname.h>
76 #include <sys/console.h>
77 #include <sys/policy.h>
78 #include <ipp/ipp_impl.h>
79 #include <sys/fs/dv_node.h>
80 #include <sys/strsubr.h>
81 #include <sys/fs/sdev_node.h>
82 
83 static int		mod_circdep(struct modctl *);
84 static int		modinfo(modid_t, struct modinfo *);
85 
86 static void		mod_uninstall_all(void);
87 static int		mod_getinfo(struct modctl *, struct modinfo *);
88 static struct modctl	*allocate_modp(const char *, const char *);
89 
90 static int		mod_load(struct modctl *, int);
91 static void		mod_unload(struct modctl *);
92 static int		modinstall(struct modctl *);
93 static int		moduninstall(struct modctl *);
94 
95 static struct modctl	*mod_hold_by_name_common(struct modctl *, const char *);
96 static struct modctl	*mod_hold_next_by_id(modid_t);
97 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
98 static struct modctl	*mod_hold_installed_mod(char *, int, int *);
99 
100 static void		mod_release(struct modctl *);
101 static void		mod_make_requisite(struct modctl *, struct modctl *);
102 static int		mod_install_requisites(struct modctl *);
103 static void		check_esc_sequences(char *, char *);
104 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
105 
106 /*
107  * module loading thread control structure. Calls to kobj_load_module()() are
108  * handled off to a separate thead using this structure.
109  */
110 struct loadmt {
111 	ksema_t		sema;
112 	struct modctl	*mp;
113 	int		usepath;
114 	kthread_t	*owner;
115 	int		retval;
116 };
117 
118 static void	modload_thread(struct loadmt *);
119 
120 kcondvar_t	mod_cv;
121 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
122 					/* and the uninstall daemon. */
123 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
124 					/* mod_busy, mod_want, and mod_ref. */
125 					/* blocking operations while holding */
126 					/* mod_lock should be avoided */
127 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
128 kthread_id_t	mod_aul_thread;
129 
130 int		modunload_wait;
131 kmutex_t	modunload_wait_mutex;
132 kcondvar_t	modunload_wait_cv;
133 int		modunload_active_count;
134 int		modunload_disable_count;
135 
136 int	isminiroot;		/* set if running as miniroot */
137 int	modrootloaded;		/* set after root driver and fs are loaded */
138 int	moddebug = 0x0;		/* debug flags for module writers */
139 int	swaploaded;		/* set after swap driver and fs are loaded */
140 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
141 int	last_module_id;
142 clock_t	mod_uninstall_interval = 0;
143 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
144 
145 struct devnames *devnamesp;
146 struct devnames orphanlist;
147 
148 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
149 
150 #define	MAJBINDFILE "/etc/name_to_major"
151 #define	SYSBINDFILE "/etc/name_to_sysnum"
152 
153 static char	majbind[] = MAJBINDFILE;
154 static char	sysbind[] = SYSBINDFILE;
155 static uint_t	mod_autounload_key;	/* for module autounload detection */
156 
157 extern int obpdebug;
158 extern int make_mbind(char *, int, char *, struct bind **);
159 
160 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
161 
162 static int minorperm_loaded = 0;
163 
164 
165 
166 void
167 mod_setup(void)
168 {
169 	struct sysent *callp;
170 	int callnum, exectype;
171 	int	num_devs;
172 	int	i;
173 
174 	/*
175 	 * Initialize the list of loaded driver dev_ops.
176 	 * XXX - This must be done before reading the system file so that
177 	 * forceloads of drivers will work.
178 	 */
179 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
180 	/*
181 	 * Since read_binding_file is common code, it doesn't enforce that all
182 	 * of the binding file entries have major numbers <= MAXMAJ32.  Thus,
183 	 * ensure that we don't allocate some massive amount of space due to a
184 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
185 	 * until file system support for larger major numbers exists.
186 	 */
187 
188 	/*
189 	 * Leave space for expansion, but not more than L_MAXMAJ32
190 	 */
191 	devcnt = MIN(num_devs + 30, L_MAXMAJ32);
192 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
193 	for (i = 0; i < devcnt; i++)
194 		devopsp[i] = &mod_nodev_ops;
195 
196 	init_devnamesp(devcnt);
197 
198 	/*
199 	 * Sync up with the work that the stand-alone linker has already done.
200 	 */
201 	(void) kobj_sync();
202 
203 	if (boothowto & RB_DEBUG)
204 		kdi_dvec_modavail();
205 
206 	make_aliases(mb_hashtab);
207 
208 	/*
209 	 * Initialize streams device implementation structures.
210 	 */
211 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
212 
213 	/*
214 	 * If the cl_bootstrap module is present,
215 	 * we should be configured as a cluster. Loading this module
216 	 * will set "cluster_bootflags" to non-zero.
217 	 */
218 	(void) modload("misc", "cl_bootstrap");
219 
220 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
221 	init_syscallnames(NSYSCALL);
222 
223 	/*
224 	 * Start up dynamic autoconfiguration framework (dacf).
225 	 */
226 	mod_hash_init();
227 	dacf_init();
228 
229 	/*
230 	 * Start up IP policy framework (ipp).
231 	 */
232 	ipp_init();
233 
234 	/*
235 	 * Allocate loadable native system call locks.
236 	 */
237 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
238 	    callnum++, callp++) {
239 		if (LOADABLE_SYSCALL(callp)) {
240 			if (mod_getsysname(callnum) != NULL) {
241 				callp->sy_lock =
242 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
243 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
244 			} else {
245 				callp->sy_flags &= ~SE_LOADABLE;
246 				callp->sy_callc = nosys;
247 			}
248 #ifdef DEBUG
249 		} else {
250 			/*
251 			 * Do some sanity checks on the sysent table
252 			 */
253 			switch (callp->sy_flags & SE_RVAL_MASK) {
254 			case SE_32RVAL1:
255 				/* only r_val1 returned */
256 			case SE_32RVAL1 | SE_32RVAL2:
257 				/* r_val1 and r_val2 returned */
258 			case SE_64RVAL:
259 				/* 64-bit rval returned */
260 				break;
261 			default:
262 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
263 				    callnum, callp->sy_flags);
264 			}
265 #endif
266 		}
267 	}
268 
269 #ifdef _SYSCALL32_IMPL
270 	/*
271 	 * Allocate loadable system call locks for 32-bit compat syscalls
272 	 */
273 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
274 	    callnum++, callp++) {
275 		if (LOADABLE_SYSCALL(callp)) {
276 			if (mod_getsysname(callnum) != NULL) {
277 				callp->sy_lock =
278 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
279 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
280 			} else {
281 				callp->sy_flags &= ~SE_LOADABLE;
282 				callp->sy_callc = nosys;
283 			}
284 #ifdef DEBUG
285 		} else {
286 			/*
287 			 * Do some sanity checks on the sysent table
288 			 */
289 			switch (callp->sy_flags & SE_RVAL_MASK) {
290 			case SE_32RVAL1:
291 				/* only r_val1 returned */
292 			case SE_32RVAL1 | SE_32RVAL2:
293 				/* r_val1 and r_val2 returned */
294 			case SE_64RVAL:
295 				/* 64-bit rval returned */
296 				break;
297 			default:
298 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
299 				    callnum, callp->sy_flags);
300 				goto skip;
301 			}
302 
303 			/*
304 			 * Cross-check the native and compatibility tables.
305 			 */
306 			if (callp->sy_callc == nosys ||
307 			    sysent[callnum].sy_callc == nosys)
308 				continue;
309 			/*
310 			 * If only one or the other slot is loadable, then
311 			 * there's an error -- they should match!
312 			 */
313 			if ((callp->sy_callc == loadable_syscall) ^
314 			    (sysent[callnum].sy_callc == loadable_syscall)) {
315 				cmn_err(CE_WARN, "sysent[%d] loadable?",
316 				    callnum);
317 			}
318 			/*
319 			 * This is more of a heuristic test -- if the
320 			 * system call returns two values in the 32-bit
321 			 * world, it should probably return two 32-bit
322 			 * values in the 64-bit world too.
323 			 */
324 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
325 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
326 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
327 				    callnum);
328 			}
329 skip:;
330 #endif	/* DEBUG */
331 		}
332 	}
333 #endif	/* _SYSCALL32_IMPL */
334 
335 	/*
336 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
337 	 */
338 	for (exectype = 0; exectype < nexectype; exectype++) {
339 		execsw[exectype].exec_lock =
340 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
341 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
342 	}
343 
344 	read_class_file();
345 
346 	/* init thread specific structure for mod_uninstall_all */
347 	tsd_create(&mod_autounload_key, NULL);
348 }
349 
350 static int
351 modctl_modload(int use_path, char *filename, int *rvp)
352 {
353 	struct modctl *modp;
354 	int retval = 0;
355 	char *filenamep;
356 	int modid;
357 
358 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
359 
360 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
361 		retval = EFAULT;
362 		goto out;
363 	}
364 
365 	filenamep[MOD_MAXPATH - 1] = 0;
366 	modp = mod_hold_installed_mod(filenamep, use_path, &retval);
367 
368 	if (modp == NULL)
369 		goto out;
370 
371 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
372 	modid = modp->mod_id;
373 	mod_release_mod(modp);
374 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
375 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
376 		retval = EFAULT;
377 out:
378 	kmem_free(filenamep, MOD_MAXPATH);
379 
380 	return (retval);
381 }
382 
383 static int
384 modctl_modunload(modid_t id)
385 {
386 	int rval = 0;
387 
388 	if (id == 0) {
389 #ifdef DEBUG
390 		/*
391 		 * Turn on mod_uninstall_daemon
392 		 */
393 		if (mod_uninstall_interval == 0) {
394 			mod_uninstall_interval = 60;
395 			modreap();
396 			return (rval);
397 		}
398 #endif
399 		mod_uninstall_all();
400 	} else {
401 		rval = modunload(id);
402 	}
403 	return (rval);
404 }
405 
406 static int
407 modctl_modinfo(modid_t id, struct modinfo *umodi)
408 {
409 	int retval;
410 	struct modinfo modi;
411 #if defined(_SYSCALL32_IMPL)
412 	int nobase;
413 	struct modinfo32 modi32;
414 #endif
415 
416 	if (get_udatamodel() == DATAMODEL_NATIVE) {
417 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
418 			return (EFAULT);
419 	}
420 #ifdef _SYSCALL32_IMPL
421 	else {
422 		bzero(&modi, sizeof (modi));
423 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
424 			return (EFAULT);
425 		modi.mi_info = modi32.mi_info;
426 		modi.mi_id = modi32.mi_id;
427 		modi.mi_nextid = modi32.mi_nextid;
428 		nobase = modi.mi_info & MI_INFO_NOBASE;
429 	}
430 #endif
431 	/*
432 	 * This flag is -only- for the kernels use.
433 	 */
434 	modi.mi_info &= ~MI_INFO_LINKAGE;
435 
436 	retval = modinfo(id, &modi);
437 	if (retval)
438 		return (retval);
439 
440 	if (get_udatamodel() == DATAMODEL_NATIVE) {
441 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
442 			retval = EFAULT;
443 #ifdef _SYSCALL32_IMPL
444 	} else {
445 		int i;
446 
447 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
448 			return (EOVERFLOW);
449 
450 		modi32.mi_info = modi.mi_info;
451 		modi32.mi_state = modi.mi_state;
452 		modi32.mi_id = modi.mi_id;
453 		modi32.mi_nextid = modi.mi_nextid;
454 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
455 		modi32.mi_size = modi.mi_size;
456 		modi32.mi_rev = modi.mi_rev;
457 		modi32.mi_loadcnt = modi.mi_loadcnt;
458 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
459 		for (i = 0; i < MODMAXLINK32; i++) {
460 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
461 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
462 			    modi32.mi_msinfo[i].msi_linkinfo,
463 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
464 		}
465 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
466 			retval = EFAULT;
467 #endif
468 	}
469 
470 	return (retval);
471 }
472 
473 /*
474  * Return the last major number in the range of permissible major numbers.
475  */
476 /*ARGSUSED*/
477 static int
478 modctl_modreserve(modid_t id, int *data)
479 {
480 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
481 		return (EFAULT);
482 	return (0);
483 }
484 
485 static int
486 modctl_add_major(int *data)
487 {
488 	struct modconfig mc;
489 	int i, rv;
490 	struct aliases alias;
491 	struct aliases *ap;
492 	char name[MAXMODCONFNAME];
493 	char cname[MAXMODCONFNAME];
494 	char *drvname;
495 
496 	bzero(&mc, sizeof (struct modconfig));
497 	if (get_udatamodel() == DATAMODEL_NATIVE) {
498 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
499 			return (EFAULT);
500 	}
501 #ifdef _SYSCALL32_IMPL
502 	else {
503 		struct modconfig32 modc32;
504 
505 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
506 			return (EFAULT);
507 		else {
508 			bcopy(modc32.drvname, mc.drvname,
509 			    sizeof (modc32.drvname));
510 			bcopy(modc32.drvclass, mc.drvclass,
511 			    sizeof (modc32.drvclass));
512 			mc.major = modc32.major;
513 			mc.num_aliases = modc32.num_aliases;
514 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
515 		}
516 	}
517 #endif
518 
519 	/*
520 	 * If the driver is already in the mb_hashtab, and the name given
521 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
522 	 * we may be adding aliases.
523 	 */
524 	if ((drvname = mod_major_to_name(mc.major)) != NULL &&
525 	    strcmp(drvname, mc.drvname) != 0)
526 		return (EINVAL);
527 
528 	/*
529 	 * Add each supplied driver alias to mb_hashtab
530 	 */
531 	ap = mc.ap;
532 	for (i = 0; i < mc.num_aliases; i++) {
533 		bzero(&alias, sizeof (struct aliases));
534 
535 		if (get_udatamodel() == DATAMODEL_NATIVE) {
536 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0)
537 				return (EFAULT);
538 
539 			if (alias.a_len > MAXMODCONFNAME)
540 				return (EINVAL);
541 
542 			if (copyin(alias.a_name, name, alias.a_len) != 0)
543 				return (EFAULT);
544 
545 			if (name[alias.a_len - 1] != '\0')
546 				return (EINVAL);
547 		}
548 #ifdef _SYSCALL32_IMPL
549 		else {
550 			struct aliases32 al32;
551 
552 			bzero(&al32, sizeof (struct aliases32));
553 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0)
554 				return (EFAULT);
555 
556 			if (al32.a_len > MAXMODCONFNAME)
557 				return (EINVAL);
558 
559 			if (copyin((void *)(uintptr_t)al32.a_name,
560 			    name, al32.a_len) != 0)
561 				return (EFAULT);
562 
563 			if (name[al32.a_len - 1] != '\0')
564 				return (EINVAL);
565 
566 			alias.a_next = (void *)(uintptr_t)al32.a_next;
567 		}
568 #endif
569 		check_esc_sequences(name, cname);
570 		(void) make_mbind(cname, mc.major, NULL, mb_hashtab);
571 		ap = alias.a_next;
572 	}
573 
574 	/*
575 	 * Try to establish an mbinding for mc.drvname, and add it to devnames.
576 	 * Add class if any after establishing the major number
577 	 */
578 	(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
579 	rv = make_devname(mc.drvname, mc.major);
580 
581 	if (rv == 0) {
582 		if (mc.drvclass[0] != '\0')
583 			add_class(mc.drvname, mc.drvclass);
584 		(void) i_ddi_load_drvconf(mc.major);
585 		i_ddi_bind_devs();
586 		i_ddi_di_cache_invalidate(KM_SLEEP);
587 	}
588 	return (rv);
589 }
590 
591 static int
592 modctl_rem_major(major_t major)
593 {
594 	struct devnames *dnp;
595 
596 	if (major >= devcnt)
597 		return (EINVAL);
598 
599 	/* mark devnames as removed */
600 	dnp = &devnamesp[major];
601 	LOCK_DEV_OPS(&dnp->dn_lock);
602 	if (dnp->dn_name == NULL ||
603 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
604 		UNLOCK_DEV_OPS(&dnp->dn_lock);
605 		return (EINVAL);
606 	}
607 	dnp->dn_flags |= DN_DRIVER_REMOVED;
608 	pm_driver_removed(major);
609 	UNLOCK_DEV_OPS(&dnp->dn_lock);
610 
611 	(void) i_ddi_unload_drvconf(major);
612 	i_ddi_unbind_devs(major);
613 	i_ddi_di_cache_invalidate(KM_SLEEP);
614 	return (0);
615 }
616 
617 static struct vfs *
618 path_to_vfs(char *name)
619 {
620 	vnode_t *vp;
621 	struct vfs *vfsp;
622 
623 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
624 		return (NULL);
625 
626 	vfsp = vp->v_vfsp;
627 	VN_RELE(vp);
628 	return (vfsp);
629 }
630 
631 static int
632 new_vfs_in_modpath()
633 {
634 	static int n_modpath = 0;
635 	static char *modpath_copy;
636 	static struct pathvfs {
637 		char *path;
638 		struct vfs *vfsp;
639 	} *pathvfs;
640 
641 	int i, new_vfs = 0;
642 	char *tmp, *tmp1;
643 	struct vfs *vfsp;
644 
645 	if (n_modpath != 0) {
646 		for (i = 0; i < n_modpath; i++) {
647 			vfsp = path_to_vfs(pathvfs[i].path);
648 			if (vfsp != pathvfs[i].vfsp) {
649 				pathvfs[i].vfsp = vfsp;
650 				if (vfsp)
651 					new_vfs = 1;
652 			}
653 		}
654 		return (new_vfs);
655 	}
656 
657 	/*
658 	 * First call, initialize the pathvfs structure
659 	 */
660 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
661 	tmp = modpath_copy;
662 	n_modpath = 1;
663 	tmp1 = strchr(tmp, ' ');
664 	while (tmp1) {
665 		*tmp1 = '\0';
666 		n_modpath++;
667 		tmp = tmp1 + 1;
668 		tmp1 = strchr(tmp, ' ');
669 	}
670 
671 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
672 	tmp = modpath_copy;
673 	for (i = 0; i < n_modpath; i++) {
674 		pathvfs[i].path = tmp;
675 		vfsp = path_to_vfs(tmp);
676 		pathvfs[i].vfsp = vfsp;
677 		tmp += strlen(tmp) + 1;
678 	}
679 	return (1);	/* always reread driver.conf the first time */
680 }
681 
682 static int
683 modctl_load_drvconf(major_t major)
684 {
685 	int ret;
686 
687 	if (major != (major_t)-1) {
688 		ret = i_ddi_load_drvconf(major);
689 		if (ret == 0)
690 			i_ddi_bind_devs();
691 		return (ret);
692 	}
693 
694 	/*
695 	 * We are invoked to rescan new driver.conf files. It is
696 	 * only necessary if a new file system was mounted in the
697 	 * module_path. Because rescanning driver.conf files can
698 	 * take some time on older platforms (sun4m), the following
699 	 * code skips unnecessary driver.conf rescans to optimize
700 	 * boot performance.
701 	 */
702 	if (new_vfs_in_modpath()) {
703 		(void) i_ddi_load_drvconf((major_t)-1);
704 		/*
705 		 * If we are still initializing io subsystem,
706 		 * load drivers with ddi-forceattach property
707 		 */
708 		if (!i_ddi_io_initialized())
709 			i_ddi_forceattach_drivers();
710 	}
711 	return (0);
712 }
713 
714 static int
715 modctl_unload_drvconf(major_t major)
716 {
717 	int ret;
718 
719 	if (major >= devcnt)
720 		return (EINVAL);
721 
722 	ret = i_ddi_unload_drvconf(major);
723 	if (ret != 0)
724 		return (ret);
725 	(void) i_ddi_unbind_devs(major);
726 
727 	return (0);
728 }
729 
730 static void
731 check_esc_sequences(char *str, char *cstr)
732 {
733 	int i;
734 	size_t len;
735 	char *p;
736 
737 	len = strlen(str);
738 	for (i = 0; i < len; i++, str++, cstr++) {
739 		if (*str != '\\') {
740 			*cstr = *str;
741 		} else {
742 			p = str + 1;
743 			/*
744 			 * we only handle octal escape sequences for SPACE
745 			 */
746 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
747 				*cstr = ' ';
748 				str += 3;
749 			} else {
750 				*cstr = *str;
751 			}
752 		}
753 	}
754 	*cstr = 0;
755 }
756 
757 static int
758 modctl_getmodpathlen(int *data)
759 {
760 	int len;
761 	len = strlen(default_path);
762 	if (copyout(&len, data, sizeof (len)) != 0)
763 		return (EFAULT);
764 	return (0);
765 }
766 
767 static int
768 modctl_getmodpath(char *data)
769 {
770 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
771 		return (EFAULT);
772 	return (0);
773 }
774 
775 static int
776 modctl_read_sysbinding_file(void)
777 {
778 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
779 	return (0);
780 }
781 
782 static int
783 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
784 {
785 	char name[256];
786 	int retval;
787 	major_t major;
788 
789 	if (ulen == 0)
790 		return (EINVAL);
791 	if ((retval = copyinstr(uname, name,
792 	    (ulen < 256) ? ulen : 256, 0)) != 0)
793 		return (retval);
794 	if ((major = mod_name_to_major(name)) == (major_t)-1)
795 		return (ENODEV);
796 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
797 		return (EFAULT);
798 	return (0);
799 }
800 
801 static int
802 modctl_getname(char *uname, uint_t ulen, int *umajorp)
803 {
804 	char *name;
805 	major_t major;
806 
807 	if (copyin(umajorp, &major, sizeof (major)) != 0)
808 		return (EFAULT);
809 	if ((name = mod_major_to_name(major)) == NULL)
810 		return (ENODEV);
811 	if ((strlen(name) + 1) > ulen)
812 		return (ENOSPC);
813 	return (copyoutstr(name, uname, ulen, NULL));
814 }
815 
816 static int
817 modctl_devt2instance(dev_t dev, int *uinstancep)
818 {
819 	int	instance;
820 
821 	if ((instance = dev_to_instance(dev)) == -1)
822 		return (EINVAL);
823 
824 	return (copyout(&instance, uinstancep, sizeof (int)));
825 }
826 
827 /*
828  * Return the sizeof of the device id.
829  */
830 static int
831 modctl_sizeof_devid(dev_t dev, uint_t *len)
832 {
833 	uint_t		sz;
834 	ddi_devid_t	devid;
835 
836 	/* get device id */
837 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
838 		return (EINVAL);
839 
840 	sz = ddi_devid_sizeof(devid);
841 	ddi_devid_free(devid);
842 
843 	/* copyout device id size */
844 	if (copyout(&sz, len, sizeof (sz)) != 0)
845 		return (EFAULT);
846 
847 	return (0);
848 }
849 
850 /*
851  * Return a copy of the device id.
852  */
853 static int
854 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
855 {
856 	uint_t		sz;
857 	ddi_devid_t	devid;
858 	int		err = 0;
859 
860 	/* get device id */
861 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
862 		return (EINVAL);
863 
864 	sz = ddi_devid_sizeof(devid);
865 
866 	/* Error if device id is larger than space allocated */
867 	if (sz > len) {
868 		ddi_devid_free(devid);
869 		return (ENOSPC);
870 	}
871 
872 	/* copy out device id */
873 	if (copyout(devid, udevid, sz) != 0)
874 		err = EFAULT;
875 	ddi_devid_free(devid);
876 	return (err);
877 }
878 
879 /*
880  * return the /devices paths associated with the specified devid and
881  * minor name.
882  */
883 /*ARGSUSED*/
884 static int
885 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
886 	size_t *ulensp, char *upaths)
887 {
888 	ddi_devid_t	devid = NULL;
889 	int		devid_len;
890 	char		*minor_name = NULL;
891 	dev_info_t	*dip = NULL;
892 	struct ddi_minor_data   *dmdp;
893 	char		*path = NULL;
894 	int		ulens;
895 	int		lens;
896 	int		len;
897 	dev_t		*devlist = NULL;
898 	int		ndevs;
899 	int		i;
900 	int		ret = 0;
901 
902 	/*
903 	 * If upaths is NULL then we are only computing the amount of space
904 	 * needed to hold the paths and returning the value in *ulensp. If we
905 	 * are copying out paths then we get the amount of space allocated by
906 	 * the caller. If the actual space needed for paths is larger, or
907 	 * things are changing out from under us, then we return EAGAIN.
908 	 */
909 	if (upaths) {
910 		if (ulensp == NULL)
911 			return (EINVAL);
912 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
913 			return (EFAULT);
914 	}
915 
916 	/*
917 	 * copyin enough of the devid to determine the length then
918 	 * reallocate and copy in the entire devid.
919 	 */
920 	devid_len = ddi_devid_sizeof(NULL);
921 	devid = kmem_alloc(devid_len, KM_SLEEP);
922 	if (copyin(udevid, devid, devid_len)) {
923 		ret = EFAULT;
924 		goto out;
925 	}
926 	len = devid_len;
927 	devid_len = ddi_devid_sizeof(devid);
928 	kmem_free(devid, len);
929 	devid = kmem_alloc(devid_len, KM_SLEEP);
930 	if (copyin(udevid, devid, devid_len)) {
931 		ret = EFAULT;
932 		goto out;
933 	}
934 
935 	/* copyin the minor name if specified. */
936 	minor_name = uminor_name;
937 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
938 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
939 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
940 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
941 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
942 			ret = EFAULT;
943 			goto out;
944 		}
945 	}
946 
947 	/*
948 	 * Use existing function to resolve the devid into a devlist.
949 	 *
950 	 * NOTE: there is a loss of spectype information in the current
951 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
952 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
953 	 * node forms in the loop processing the devlist below. It would be
954 	 * best if at some point the use of this interface here was replaced
955 	 * with a path oriented call.
956 	 */
957 	if (ddi_lyr_devid_to_devlist(devid,
958 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
959 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
960 	    &ndevs, &devlist) != DDI_SUCCESS) {
961 		ret = EINVAL;
962 		goto out;
963 	}
964 
965 	/*
966 	 * loop over the devlist, converting each devt to a path and doing
967 	 * a copyout of the path and computation of the amount of space
968 	 * needed to hold all the paths
969 	 */
970 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
971 	for (i = 0, lens = 0; i < ndevs; i++) {
972 
973 		/* find the dip associated with the dev_t */
974 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
975 			continue;
976 
977 		/* loop over all the minor nodes, skipping ones we don't want */
978 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
979 			if ((dmdp->ddm_dev != devlist[i]) ||
980 			    (dmdp->type != DDM_MINOR))
981 				continue;
982 
983 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
984 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
985 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
986 			    strcmp(minor_name, dmdp->ddm_name))
987 				continue;
988 			else {
989 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
990 				    (dmdp->ddm_spec_type != S_IFCHR))
991 					continue;
992 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
993 				    (dmdp->ddm_spec_type != S_IFBLK))
994 					continue;
995 			}
996 
997 			/* XXX need ddi_pathname_minor(dmdp, path); interface */
998 			if (ddi_dev_pathname(dmdp->ddm_dev, dmdp->ddm_spec_type,
999 			    path) != DDI_SUCCESS) {
1000 				ret = EAGAIN;
1001 				goto out;
1002 			}
1003 			len = strlen(path) + 1;
1004 			*(path + len) = '\0';	/* set double termination */
1005 			lens += len;
1006 
1007 			/* copyout the path with double terminations */
1008 			if (upaths) {
1009 				if (lens > ulens) {
1010 					ret = EAGAIN;
1011 					goto out;
1012 				}
1013 				if (copyout(path, upaths, len + 1)) {
1014 					ret = EFAULT;
1015 					goto out;
1016 				}
1017 				upaths += len;
1018 			}
1019 		}
1020 		ddi_release_devi(dip);
1021 		dip = NULL;
1022 	}
1023 	lens++;		/* add one for double termination */
1024 
1025 	/* copy out the amount of space needed to hold the paths */
1026 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1027 		ret = EFAULT;
1028 		goto out;
1029 	}
1030 	ret = 0;
1031 
1032 out:	if (dip)
1033 		ddi_release_devi(dip);
1034 	if (path)
1035 		kmem_free(path, MAXPATHLEN);
1036 	if (devlist)
1037 		ddi_lyr_free_devlist(devlist, ndevs);
1038 	if (minor_name &&
1039 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1040 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1041 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1042 		kmem_free(minor_name, MAXPATHLEN);
1043 	if (devid)
1044 		kmem_free(devid, devid_len);
1045 	return (ret);
1046 }
1047 
1048 /*
1049  * Return the size of the minor name.
1050  */
1051 static int
1052 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1053 {
1054 	uint_t	sz;
1055 	char	*name;
1056 
1057 	/* get the minor name */
1058 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1059 		return (EINVAL);
1060 
1061 	sz = strlen(name) + 1;
1062 	kmem_free(name, sz);
1063 
1064 	/* copy out the size of the minor name */
1065 	if (copyout(&sz, len, sizeof (sz)) != 0)
1066 		return (EFAULT);
1067 
1068 	return (0);
1069 }
1070 
1071 /*
1072  * Return the minor name.
1073  */
1074 static int
1075 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1076 {
1077 	uint_t	sz;
1078 	char	*name;
1079 	int	err = 0;
1080 
1081 	/* get the minor name */
1082 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1083 		return (EINVAL);
1084 
1085 	sz = strlen(name) + 1;
1086 
1087 	/* Error if the minor name is larger than the space allocated */
1088 	if (sz > len) {
1089 		kmem_free(name, sz);
1090 		return (ENOSPC);
1091 	}
1092 
1093 	/* copy out the minor name */
1094 	if (copyout(name, uname, sz) != 0)
1095 		err = EFAULT;
1096 	kmem_free(name, sz);
1097 	return (err);
1098 }
1099 
1100 /*
1101  * Return the size of the (dev_t,spectype) devfspath name.
1102  */
1103 static int
1104 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1105 {
1106 	uint_t	sz;
1107 	char	*name;
1108 
1109 	/* get the path name */
1110 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1111 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1112 		kmem_free(name, MAXPATHLEN);
1113 		return (EINVAL);
1114 	}
1115 
1116 	sz = strlen(name) + 1;
1117 	kmem_free(name, MAXPATHLEN);
1118 
1119 	/* copy out the size of the path name */
1120 	if (copyout(&sz, len, sizeof (sz)) != 0)
1121 		return (EFAULT);
1122 
1123 	return (0);
1124 }
1125 
1126 /*
1127  * Return the (dev_t,spectype) devfspath name.
1128  */
1129 static int
1130 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1131 {
1132 	uint_t	sz;
1133 	char	*name;
1134 	int	err = 0;
1135 
1136 	/* get the path name */
1137 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1138 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1139 		kmem_free(name, MAXPATHLEN);
1140 		return (EINVAL);
1141 	}
1142 
1143 	sz = strlen(name) + 1;
1144 
1145 	/* Error if the path name is larger than the space allocated */
1146 	if (sz > len) {
1147 		kmem_free(name, MAXPATHLEN);
1148 		return (ENOSPC);
1149 	}
1150 
1151 	/* copy out the path name */
1152 	if (copyout(name, uname, sz) != 0)
1153 		err = EFAULT;
1154 	kmem_free(name, MAXPATHLEN);
1155 	return (err);
1156 }
1157 
1158 /*
1159  * Return the size of the (major,instance) devfspath name.
1160  */
1161 static int
1162 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1163 {
1164 	uint_t	sz;
1165 	char	*name;
1166 
1167 	/* get the path name */
1168 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1169 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1170 		kmem_free(name, MAXPATHLEN);
1171 		return (EINVAL);
1172 	}
1173 
1174 	sz = strlen(name) + 1;
1175 	kmem_free(name, MAXPATHLEN);
1176 
1177 	/* copy out the size of the path name */
1178 	if (copyout(&sz, len, sizeof (sz)) != 0)
1179 		return (EFAULT);
1180 
1181 	return (0);
1182 }
1183 
1184 /*
1185  * Return the (major_instance) devfspath name.
1186  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1187  * return a path - it uses the instance tree.
1188  */
1189 static int
1190 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1191 {
1192 	uint_t	sz;
1193 	char	*name;
1194 	int	err = 0;
1195 
1196 	/* get the path name */
1197 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1198 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1199 		kmem_free(name, MAXPATHLEN);
1200 		return (EINVAL);
1201 	}
1202 
1203 	sz = strlen(name) + 1;
1204 
1205 	/* Error if the path name is larger than the space allocated */
1206 	if (sz > len) {
1207 		kmem_free(name, MAXPATHLEN);
1208 		return (ENOSPC);
1209 	}
1210 
1211 	/* copy out the path name */
1212 	if (copyout(name, uname, sz) != 0)
1213 		err = EFAULT;
1214 	kmem_free(name, MAXPATHLEN);
1215 	return (err);
1216 }
1217 
1218 static int
1219 modctl_get_fbname(char *path)
1220 {
1221 	extern dev_t fbdev;
1222 	char *pathname = NULL;
1223 	int rval = 0;
1224 
1225 	/* make sure fbdev is set before we plunge in */
1226 	if (fbdev == NODEV)
1227 		return (ENODEV);
1228 
1229 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1230 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1231 	    pathname)) == DDI_SUCCESS) {
1232 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1233 			rval = EFAULT;
1234 		}
1235 	}
1236 	kmem_free(pathname, MAXPATHLEN);
1237 	return (rval);
1238 }
1239 
1240 /*
1241  * modctl_reread_dacf()
1242  *	Reread the dacf rules database from the named binding file.
1243  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1244  */
1245 static int
1246 modctl_reread_dacf(char *path)
1247 {
1248 	int rval = 0;
1249 	char *filename, *filenamep;
1250 
1251 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1252 
1253 	if (path == NULL) {
1254 		filenamep = NULL;
1255 	} else {
1256 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1257 			rval = EFAULT;
1258 			goto out;
1259 		}
1260 		filenamep = filename;
1261 		filenamep[MAXPATHLEN - 1] = '\0';
1262 	}
1263 
1264 	rval = read_dacf_binding_file(filenamep);
1265 out:
1266 	kmem_free(filename, MAXPATHLEN);
1267 	return (rval);
1268 }
1269 
1270 /*ARGSUSED*/
1271 static int
1272 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1273     uint_t flag)
1274 {
1275 	int error = 0;
1276 	char *filenamep;
1277 
1278 	switch (subcmd) {
1279 
1280 	case MODEVENTS_FLUSH:
1281 		/* flush all currently queued events */
1282 		log_sysevent_flushq(subcmd, flag);
1283 		break;
1284 
1285 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1286 		/*
1287 		 * bind door_upcall to filename
1288 		 * this should only be done once per invocation
1289 		 * of the event daemon.
1290 		 */
1291 
1292 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1293 
1294 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1295 			error = EFAULT;
1296 		} else {
1297 			error = log_sysevent_filename(filenamep);
1298 		}
1299 		kmem_free(filenamep, MOD_MAXPATH);
1300 		break;
1301 
1302 	case MODEVENTS_GETDATA:
1303 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1304 		    (size_t)a3, (caddr_t)a4);
1305 		break;
1306 
1307 	case MODEVENTS_FREEDATA:
1308 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1309 		break;
1310 	case MODEVENTS_POST_EVENT:
1311 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1312 			(sysevent_id_t *)a4);
1313 		break;
1314 	case MODEVENTS_REGISTER_EVENT:
1315 		error = log_sysevent_register((char *)a2, (char *)a3,
1316 		    (se_pubsub_t *)a4);
1317 		break;
1318 	default:
1319 		error = EINVAL;
1320 	}
1321 
1322 	return (error);
1323 }
1324 
1325 static void
1326 free_mperm(mperm_t *mp)
1327 {
1328 	int len;
1329 
1330 	if (mp->mp_minorname) {
1331 		len = strlen(mp->mp_minorname) + 1;
1332 		kmem_free(mp->mp_minorname, len);
1333 	}
1334 	kmem_free(mp, sizeof (mperm_t));
1335 }
1336 
1337 #define	MP_NO_DRV_ERR	\
1338 	"/etc/minor_perm: no driver for %s\n"
1339 
1340 #define	MP_EMPTY_MINOR	\
1341 	"/etc/minor_perm: empty minor name for driver %s\n"
1342 
1343 #define	MP_NO_MINOR	\
1344 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1345 
1346 /*
1347  * Remove mperm entry with matching minorname
1348  */
1349 static void
1350 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1351 {
1352 	mperm_t **mp_head;
1353 	mperm_t *freemp = NULL;
1354 	struct devnames *dnp = &devnamesp[major];
1355 	mperm_t **wildmp;
1356 
1357 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1358 
1359 	LOCK_DEV_OPS(&dnp->dn_lock);
1360 	if (strcmp(mp->mp_minorname, "*") == 0) {
1361 		wildmp = ((is_clone == 0) ?
1362 			&dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1363 		if (*wildmp)
1364 			freemp = *wildmp;
1365 		*wildmp = NULL;
1366 	} else {
1367 		mp_head = &dnp->dn_mperm;
1368 		while (*mp_head) {
1369 			if (strcmp((*mp_head)->mp_minorname,
1370 			    mp->mp_minorname) != 0) {
1371 				mp_head = &(*mp_head)->mp_next;
1372 				continue;
1373 			}
1374 			/* remove the entry */
1375 			freemp = *mp_head;
1376 			*mp_head = freemp->mp_next;
1377 			break;
1378 		}
1379 	}
1380 	if (freemp) {
1381 		if (moddebug & MODDEBUG_MINORPERM) {
1382 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1383 			    drvname, freemp->mp_minorname,
1384 			    freemp->mp_mode & 0777,
1385 			    freemp->mp_uid, freemp->mp_gid);
1386 		}
1387 		free_mperm(freemp);
1388 	} else {
1389 		if (moddebug & MODDEBUG_MINORPERM) {
1390 			cmn_err(CE_CONT, MP_NO_MINOR,
1391 				drvname, mp->mp_minorname);
1392 		}
1393 	}
1394 
1395 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1396 }
1397 
1398 /*
1399  * Add minor perm entry
1400  */
1401 static void
1402 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1403 {
1404 	mperm_t **mp_head;
1405 	mperm_t *freemp = NULL;
1406 	struct devnames *dnp = &devnamesp[major];
1407 	mperm_t **wildmp;
1408 
1409 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1410 
1411 	/*
1412 	 * Note that update_drv replace semantics require
1413 	 * replacing matching entries with the new permissions.
1414 	 */
1415 	LOCK_DEV_OPS(&dnp->dn_lock);
1416 	if (strcmp(mp->mp_minorname, "*") == 0) {
1417 		wildmp = ((is_clone == 0) ?
1418 			&dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1419 		if (*wildmp)
1420 			freemp = *wildmp;
1421 		*wildmp = mp;
1422 	} else {
1423 		mperm_t *p, *v = NULL;
1424 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1425 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1426 				if (v == NULL)
1427 					dnp->dn_mperm = mp;
1428 				else
1429 					v->mp_next = mp;
1430 				mp->mp_next = p->mp_next;
1431 				freemp = p;
1432 				goto replaced;
1433 			}
1434 		}
1435 		if (p == NULL) {
1436 			mp_head = &dnp->dn_mperm;
1437 			if (*mp_head == NULL) {
1438 				*mp_head = mp;
1439 			} else {
1440 				mp->mp_next = *mp_head;
1441 				*mp_head = mp;
1442 			}
1443 		}
1444 	}
1445 replaced:
1446 	if (freemp) {
1447 		if (moddebug & MODDEBUG_MINORPERM) {
1448 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1449 			    drvname, freemp->mp_minorname,
1450 			    freemp->mp_mode & 0777,
1451 			    freemp->mp_uid, freemp->mp_gid);
1452 		}
1453 		free_mperm(freemp);
1454 	}
1455 	if (moddebug & MODDEBUG_MINORPERM) {
1456 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1457 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1458 		    mp->mp_uid, mp->mp_gid);
1459 	}
1460 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1461 }
1462 
1463 
1464 static int
1465 process_minorperm(int cmd, nvlist_t *nvl)
1466 {
1467 	char *minor;
1468 	major_t major;
1469 	mperm_t *mp;
1470 	nvpair_t *nvp;
1471 	char *name;
1472 	int is_clone;
1473 	major_t minmaj;
1474 
1475 	ASSERT(cmd == MODLOADMINORPERM ||
1476 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1477 
1478 	nvp = NULL;
1479 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1480 		name = nvpair_name(nvp);
1481 
1482 		is_clone = 0;
1483 		(void) nvpair_value_string(nvp, &minor);
1484 		major = ddi_name_to_major(name);
1485 		if (major != (major_t)-1) {
1486 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1487 			if (minor == NULL || strlen(minor) == 0) {
1488 				if (moddebug & MODDEBUG_MINORPERM) {
1489 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1490 				}
1491 				minor = "*";
1492 			}
1493 
1494 			/*
1495 			 * The minor name of a node using the clone
1496 			 * driver must be the driver name.  To avoid
1497 			 * multiple searches, we map entries in the form
1498 			 * clone:<driver> to <driver>:*.  This also allows us
1499 			 * to filter out some of the litter in /etc/minor_perm.
1500 			 * Minor perm alias entries where the name is not
1501 			 * the driver kept on the clone list itself.
1502 			 * This all seems very fragile as a driver could
1503 			 * be introduced with an existing alias name.
1504 			 */
1505 			if (strcmp(name, "clone") == 0) {
1506 				minmaj = ddi_name_to_major(minor);
1507 				if (minmaj != (major_t)-1) {
1508 					if (moddebug & MODDEBUG_MINORPERM) {
1509 						cmn_err(CE_CONT,
1510 						    "mapping %s:%s to %s:*\n",
1511 						    name, minor, minor);
1512 					}
1513 					major = minmaj;
1514 					name = minor;
1515 					minor = "*";
1516 					is_clone = 1;
1517 				}
1518 			}
1519 
1520 			if (mp) {
1521 				mp->mp_minorname =
1522 				    i_ddi_strdup(minor, KM_SLEEP);
1523 			}
1524 		} else {
1525 			mp = NULL;
1526 			if (moddebug & MODDEBUG_MINORPERM) {
1527 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1528 			}
1529 		}
1530 
1531 		/* mode */
1532 		nvp = nvlist_next_nvpair(nvl, nvp);
1533 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1534 		if (mp)
1535 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1536 		/* uid */
1537 		nvp = nvlist_next_nvpair(nvl, nvp);
1538 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1539 		if (mp)
1540 			(void) nvpair_value_int32(nvp, &mp->mp_uid);
1541 		/* gid */
1542 		nvp = nvlist_next_nvpair(nvl, nvp);
1543 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1544 		if (mp) {
1545 			(void) nvpair_value_int32(nvp, &mp->mp_gid);
1546 
1547 			if (cmd == MODREMMINORPERM) {
1548 				rem_minorperm(major, name, mp, is_clone);
1549 				free_mperm(mp);
1550 			} else {
1551 				add_minorperm(major, name, mp, is_clone);
1552 			}
1553 		}
1554 	}
1555 
1556 	if (cmd == MODLOADMINORPERM)
1557 		minorperm_loaded = 1;
1558 
1559 	/*
1560 	 * Reset permissions of cached dv_nodes
1561 	 */
1562 	(void) devfs_reset_perm(DV_RESET_PERM);
1563 
1564 	return (0);
1565 }
1566 
1567 static int
1568 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1569 {
1570 	int error;
1571 	nvlist_t *nvl;
1572 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1573 
1574 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1575 		kmem_free(buf, buflen);
1576 		return (error);
1577 	}
1578 
1579 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1580 	kmem_free(buf, buflen);
1581 	if (error)
1582 		return (error);
1583 
1584 	error = process_minorperm(cmd, nvl);
1585 	nvlist_free(nvl);
1586 	return (error);
1587 }
1588 
1589 struct walk_args {
1590 	char		*wa_drvname;
1591 	list_t		wa_pathlist;
1592 };
1593 
1594 struct path_elem {
1595 	char		*pe_dir;
1596 	char		*pe_nodename;
1597 	list_node_t	pe_node;
1598 	int		pe_dirlen;
1599 };
1600 
1601 /*ARGSUSED*/
1602 static int
1603 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1604 {
1605 	struct walk_args *wargs = (struct walk_args *)arg;
1606 	struct path_elem *pe;
1607 	char *nodename;
1608 
1609 	if (strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1610 		return (INST_WALK_CONTINUE);
1611 
1612 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1613 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1614 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1615 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1616 	nodename = strrchr(pe->pe_dir, '/');
1617 	*nodename++ = 0;
1618 	pe->pe_nodename = nodename;
1619 	list_insert_tail(&wargs->wa_pathlist, pe);
1620 
1621 	return (INST_WALK_CONTINUE);
1622 }
1623 
1624 static int
1625 modctl_remdrv_cleanup(const char *u_drvname)
1626 {
1627 	struct walk_args *wargs;
1628 	struct path_elem *pe;
1629 	char *drvname;
1630 	int err, rval = 0;
1631 
1632 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
1633 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
1634 		kmem_free(drvname, MAXMODCONFNAME);
1635 		return (err);
1636 	}
1637 
1638 	/*
1639 	 * First go through the instance database.  For each
1640 	 * instance of a device bound to the driver being
1641 	 * removed, remove any underlying devfs attribute nodes.
1642 	 *
1643 	 * This is a two-step process.  First we go through
1644 	 * the instance data itself, constructing a list of
1645 	 * the nodes discovered.  The second step is then
1646 	 * to find and remove any devfs attribute nodes
1647 	 * for the instances discovered in the first step.
1648 	 * The two-step process avoids any difficulties
1649 	 * which could arise by holding the instance data
1650 	 * lock with simultaneous devfs operations.
1651 	 */
1652 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
1653 
1654 	wargs->wa_drvname = drvname;
1655 	list_create(&wargs->wa_pathlist,
1656 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
1657 
1658 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
1659 
1660 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
1661 	    pe = list_next(&wargs->wa_pathlist, pe)) {
1662 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
1663 			(const char *)pe->pe_nodename);
1664 		if (rval == 0)
1665 			rval = err;
1666 	}
1667 
1668 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
1669 		list_remove(&wargs->wa_pathlist, pe);
1670 		kmem_free(pe->pe_dir, pe->pe_dirlen);
1671 		kmem_free(pe, sizeof (*pe));
1672 	}
1673 	kmem_free(wargs, sizeof (*wargs));
1674 
1675 	/*
1676 	 * Pseudo nodes aren't recorded in the instance database
1677 	 * so any such nodes need to be handled separately.
1678 	 */
1679 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
1680 	if (rval == 0)
1681 		rval = err;
1682 
1683 	kmem_free(drvname, MAXMODCONFNAME);
1684 	return (rval);
1685 }
1686 
1687 static int
1688 modctl_allocpriv(const char *name)
1689 {
1690 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
1691 	int error;
1692 
1693 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
1694 		kmem_free(pstr, PRIVNAME_MAX);
1695 		return (error);
1696 	}
1697 	error = priv_getbyname(pstr, PRIV_ALLOC);
1698 	if (error < 0)
1699 		error = -error;
1700 	else
1701 		error = 0;
1702 	kmem_free(pstr, PRIVNAME_MAX);
1703 	return (error);
1704 }
1705 
1706 static int
1707 modctl_devexists(const char *upath, int pathlen)
1708 {
1709 	char	*path;
1710 	int	ret;
1711 
1712 	/*
1713 	 * copy in the path, including the terminating null
1714 	 */
1715 	pathlen++;
1716 	if (pathlen <= 1 || pathlen > MAXPATHLEN)
1717 		return (EINVAL);
1718 	path = kmem_zalloc(pathlen + 1, KM_SLEEP);
1719 	if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
1720 		ret = sdev_modctl_devexists(path);
1721 	}
1722 
1723 	kmem_free(path, pathlen + 1);
1724 	return (ret);
1725 }
1726 
1727 static int
1728 modctl_devreaddir(const char *udir, int udirlen,
1729     char *upaths, int64_t *ulensp)
1730 {
1731 	char	*paths = NULL;
1732 	char	**dirlist = NULL;
1733 	char	*dir;
1734 	int64_t	ulens;
1735 	int64_t	lens;
1736 	int	i, n;
1737 	int	ret = 0;
1738 	char	*p;
1739 	int	npaths;
1740 	int	npaths_alloc;
1741 
1742 	/*
1743 	 * If upaths is NULL then we are only computing the amount of space
1744 	 * needed to return the paths, with the value returned in *ulensp. If we
1745 	 * are copying out paths then we get the amount of space allocated by
1746 	 * the caller. If the actual space needed for paths is larger, or
1747 	 * things are changing out from under us, then we return EAGAIN.
1748 	 */
1749 	if (upaths) {
1750 		if (ulensp == NULL)
1751 			return (EINVAL);
1752 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1753 			return (EFAULT);
1754 	}
1755 
1756 	/*
1757 	 * copyin the /dev path including terminating null
1758 	 */
1759 	udirlen++;
1760 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
1761 		return (EINVAL);
1762 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
1763 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
1764 		goto err;
1765 
1766 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
1767 	    &npaths, &npaths_alloc)) != 0) {
1768 		ASSERT(dirlist == NULL);
1769 		goto err;
1770 	}
1771 
1772 	lens = 0;
1773 	for (i = 0; i < npaths; i++) {
1774 		lens += strlen(dirlist[i]) + 1;
1775 	}
1776 	lens++;		/* add one for double termination */
1777 
1778 	if (upaths) {
1779 		if (lens > ulens) {
1780 			ret = EAGAIN;
1781 			goto out;
1782 		}
1783 
1784 		paths = kmem_alloc(lens, KM_SLEEP);
1785 
1786 		p = paths;
1787 		for (i = 0; i < npaths; i++) {
1788 			n = strlen(dirlist[i]) + 1;
1789 			bcopy(dirlist[i], p, n);
1790 			p += n;
1791 		}
1792 		*p = 0;
1793 
1794 		if (copyout(paths, upaths, lens)) {
1795 			ret = EFAULT;
1796 			goto err;
1797 		}
1798 	}
1799 
1800 out:
1801 	/* copy out the amount of space needed to hold the paths */
1802 	if (copyout(&lens, ulensp, sizeof (lens)))
1803 		ret = EFAULT;
1804 
1805 err:
1806 	if (dirlist)
1807 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
1808 	if (paths)
1809 		kmem_free(paths, lens);
1810 	kmem_free(dir, udirlen + 1);
1811 	return (ret);
1812 }
1813 
1814 int
1815 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
1816 {
1817 	int error = 0;
1818 
1819 	switch (subcmd) {
1820 	case MODDEVNAME_LOOKUPDOOR:
1821 	case MODDEVNAME_DEVFSADMNODE:
1822 		error = devname_filename_register(subcmd, (char *)a1);
1823 		break;
1824 	case MODDEVNAME_NSMAPS:
1825 		error = devname_nsmaps_register((char *)a1, (size_t)a2);
1826 		break;
1827 	case MODDEVNAME_PROFILE:
1828 		error = devname_profile_update((char *)a1, (size_t)a2);
1829 		break;
1830 	case MODDEVNAME_RECONFIG:
1831 		i_ddi_set_reconfig();
1832 		break;
1833 	case MODDEVNAME_SYSAVAIL:
1834 		i_ddi_set_sysavail();
1835 		break;
1836 	default:
1837 		error = EINVAL;
1838 		break;
1839 	}
1840 
1841 	return (error);
1842 }
1843 
1844 /*ARGSUSED5*/
1845 int
1846 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1847     uintptr_t a5)
1848 {
1849 	int	error = EINVAL;
1850 	dev_t	dev;
1851 
1852 	if (secpolicy_modctl(CRED(), cmd) != 0)
1853 		return (set_errno(EPERM));
1854 
1855 	switch (cmd) {
1856 	case MODLOAD:		/* load a module */
1857 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
1858 		break;
1859 
1860 	case MODUNLOAD:		/* unload a module */
1861 		error = modctl_modunload((modid_t)a1);
1862 		break;
1863 
1864 	case MODINFO:		/* get module status */
1865 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
1866 		break;
1867 
1868 	case MODRESERVED:	/* get last major number in range */
1869 		error = modctl_modreserve((modid_t)a1, (int *)a2);
1870 		break;
1871 
1872 	case MODSETMINIROOT:	/* we are running in miniroot */
1873 		isminiroot = 1;
1874 		error = 0;
1875 		break;
1876 
1877 	case MODADDMAJBIND:	/* read major binding file */
1878 		error = modctl_add_major((int *)a2);
1879 		break;
1880 
1881 	case MODGETPATHLEN:	/* get modpath length */
1882 		error = modctl_getmodpathlen((int *)a2);
1883 		break;
1884 
1885 	case MODGETPATH:	/* get modpath */
1886 		error = modctl_getmodpath((char *)a2);
1887 		break;
1888 
1889 	case MODREADSYSBIND:	/* read system call binding file */
1890 		error = modctl_read_sysbinding_file();
1891 		break;
1892 
1893 	case MODGETMAJBIND:	/* get major number for named device */
1894 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
1895 		break;
1896 
1897 	case MODGETNAME:	/* get name of device given major number */
1898 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
1899 		break;
1900 
1901 	case MODDEVT2INSTANCE:
1902 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1903 			dev = (dev_t)a1;
1904 		}
1905 #ifdef _SYSCALL32_IMPL
1906 		else {
1907 			dev = expldev(a1);
1908 		}
1909 #endif
1910 		error = modctl_devt2instance(dev, (int *)a2);
1911 		break;
1912 
1913 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
1914 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1915 			dev = (dev_t)a1;
1916 		}
1917 #ifdef _SYSCALL32_IMPL
1918 		else {
1919 			dev = expldev(a1);
1920 		}
1921 #endif
1922 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
1923 		break;
1924 
1925 	case MODGETDEVID:	/* get device id of device given dev_t */
1926 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1927 			dev = (dev_t)a1;
1928 		}
1929 #ifdef _SYSCALL32_IMPL
1930 		else {
1931 			dev = expldev(a1);
1932 		}
1933 #endif
1934 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
1935 		break;
1936 
1937 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm (dev_t,spectype) */
1938 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1939 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
1940 			    (uint_t *)a3);
1941 		}
1942 #ifdef _SYSCALL32_IMPL
1943 		else {
1944 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
1945 			    (uint_t *)a3);
1946 		}
1947 
1948 #endif
1949 		break;
1950 
1951 	case MODGETMINORNAME:		/* get minor name of (dev_t,spectype) */
1952 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1953 			error = modctl_get_minorname((dev_t)a1, (int)a2,
1954 			    (uint_t)a3, (char *)a4);
1955 		}
1956 #ifdef _SYSCALL32_IMPL
1957 		else {
1958 			error = modctl_get_minorname(expldev(a1), (int)a2,
1959 			    (uint_t)a3, (char *)a4);
1960 		}
1961 #endif
1962 		break;
1963 
1964 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of (dev_t,spectype) */
1965 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1966 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
1967 			    (uint_t *)a3);
1968 		}
1969 #ifdef _SYSCALL32_IMPL
1970 		else {
1971 			error = modctl_devfspath_len(expldev(a1), (int)a2,
1972 			    (uint_t *)a3);
1973 		}
1974 
1975 #endif
1976 		break;
1977 
1978 	case MODGETDEVFSPATH:   	/* get path name of (dev_t,spec) type */
1979 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1980 			error = modctl_devfspath((dev_t)a1, (int)a2,
1981 			    (uint_t)a3, (char *)a4);
1982 		}
1983 #ifdef _SYSCALL32_IMPL
1984 		else {
1985 			error = modctl_devfspath(expldev(a1), (int)a2,
1986 			    (uint_t)a3, (char *)a4);
1987 		}
1988 #endif
1989 		break;
1990 
1991 	case MODGETDEVFSPATH_MI_LEN:	/* sizeof path nm of (major,instance) */
1992 		error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
1993 			    (uint_t *)a3);
1994 		break;
1995 
1996 	case MODGETDEVFSPATH_MI:   	/* get path name of (major,instance) */
1997 		error = modctl_devfspath_mi((major_t)a1, (int)a2,
1998 			    (uint_t)a3, (char *)a4);
1999 		break;
2000 
2001 
2002 	case MODEVENTS:
2003 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2004 		break;
2005 
2006 	case MODGETFBNAME:	/* get the framebuffer name */
2007 		error = modctl_get_fbname((char *)a1);
2008 		break;
2009 
2010 	case MODREREADDACF:	/* reread dacf rule database from given file */
2011 		error = modctl_reread_dacf((char *)a1);
2012 		break;
2013 
2014 	case MODLOADDRVCONF:	/* load driver.conf file for major */
2015 		error = modctl_load_drvconf((major_t)a1);
2016 		break;
2017 
2018 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
2019 		error = modctl_unload_drvconf((major_t)a1);
2020 		break;
2021 
2022 	case MODREMMAJBIND:	/* remove a major binding */
2023 		error = modctl_rem_major((major_t)a1);
2024 		break;
2025 
2026 	case MODDEVID2PATHS:	/* get paths given devid */
2027 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2028 		    (uint_t)a3, (size_t *)a4, (char *)a5);
2029 		break;
2030 
2031 	case MODSETDEVPOLICY:	/* establish device policy */
2032 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2033 		break;
2034 
2035 	case MODGETDEVPOLICY:	/* get device policy */
2036 		error = devpolicy_get((int *)a1, (size_t)a2,
2037 				(devplcysys_t *)a3);
2038 		break;
2039 
2040 	case MODALLOCPRIV:
2041 		error = modctl_allocpriv((const char *)a1);
2042 		break;
2043 
2044 	case MODGETDEVPOLICYBYNAME:
2045 		error = devpolicy_getbyname((size_t)a1,
2046 		    (devplcysys_t *)a2, (char *)a3);
2047 		break;
2048 
2049 	case MODLOADMINORPERM:
2050 	case MODADDMINORPERM:
2051 	case MODREMMINORPERM:
2052 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2053 		break;
2054 
2055 	case MODREMDRVCLEANUP:
2056 		error = modctl_remdrv_cleanup((const char *)a1);
2057 		break;
2058 
2059 	case MODDEVEXISTS:	/* non-reconfiguring /dev lookup */
2060 		error = modctl_devexists((const char *)a1, (size_t)a2);
2061 		break;
2062 
2063 	case MODDEVREADDIR:	/* non-reconfiguring /dev readdir */
2064 		error = modctl_devreaddir((const char *)a1, (size_t)a2,
2065 		    (char *)a3, (int64_t *)a4);
2066 		break;
2067 
2068 	case MODDEVNAME:
2069 		error = modctl_moddevname((int)a1, a2, a3);
2070 		break;
2071 
2072 	default:
2073 		error = EINVAL;
2074 		break;
2075 	}
2076 
2077 	return (error ? set_errno(error) : 0);
2078 }
2079 
2080 /*
2081  * Calls to kobj_load_module()() are handled off to this routine in a
2082  * separate thread.
2083  */
2084 static void
2085 modload_thread(struct loadmt *ltp)
2086 {
2087 	/* load the module and signal the creator of this thread */
2088 	kmutex_t	cpr_lk;
2089 	callb_cpr_t	cpr_i;
2090 
2091 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2092 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2093 	/* borrow the devi lock from thread which invoked us */
2094 	pm_borrow_lock(ltp->owner);
2095 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2096 	pm_return_lock();
2097 	sema_v(&ltp->sema);
2098 	mutex_enter(&cpr_lk);
2099 	CALLB_CPR_EXIT(&cpr_i);
2100 	mutex_destroy(&cpr_lk);
2101 	thread_exit();
2102 }
2103 
2104 /*
2105  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2106  * is specified then an errno is returned, otherwise a module index is
2107  * returned (-1 on error).
2108  */
2109 static int
2110 modrload(char *subdir, char *filename, struct modctl **rmodp)
2111 {
2112 	struct modctl *modp;
2113 	size_t size;
2114 	char *fullname;
2115 	int retval = EINVAL;
2116 	int id = -1;
2117 
2118 	if (rmodp)
2119 		*rmodp = NULL;			/* avoid garbage */
2120 
2121 	if (subdir != NULL) {
2122 		/*
2123 		 * refuse / in filename to prevent "../" escapes.
2124 		 */
2125 		if (strchr(filename, '/') != NULL)
2126 			return (rmodp ? retval : id);
2127 
2128 		/*
2129 		 * allocate enough space for <subdir>/<filename><NULL>
2130 		 */
2131 		size = strlen(subdir) + strlen(filename) + 2;
2132 		fullname = kmem_zalloc(size, KM_SLEEP);
2133 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2134 	} else {
2135 		fullname = filename;
2136 	}
2137 
2138 	modp = mod_hold_installed_mod(fullname, 1, &retval);
2139 	if (modp != NULL) {
2140 		id = modp->mod_id;
2141 		if (rmodp) {
2142 			/* add mod_ref and return *rmodp */
2143 			mutex_enter(&mod_lock);
2144 			modp->mod_ref++;
2145 			mutex_exit(&mod_lock);
2146 			*rmodp = modp;
2147 		}
2148 		mod_release_mod(modp);
2149 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
2150 	}
2151 
2152 done:	if (subdir != NULL)
2153 		kmem_free(fullname, size);
2154 	return (rmodp ? retval : id);
2155 }
2156 
2157 /*
2158  * This is the primary kernel interface to load a module. It loads and
2159  * installs the named module.  It does not hold mod_ref of the module, so
2160  * a module unload attempt can occur at any time - it is up to the
2161  * _fini/mod_remove implementation to determine if unload will succeed.
2162  */
2163 int
2164 modload(char *subdir, char *filename)
2165 {
2166 	return (modrload(subdir, filename, NULL));
2167 }
2168 
2169 /*
2170  * Load a module using a series of qualified names from most specific to least
2171  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2172  *
2173  * foo/bar.baz.1.2.3
2174  * foo/bar.baz.1.2
2175  * foo/bar.baz.1
2176  *
2177  * Return the module ID on success; -1 if no module was loaded.
2178  */
2179 int
2180 modload_qualified(const char *subdir, const char *p1,
2181     const char *p2, const char *delim, uint_t suffv[], int suffc)
2182 {
2183 	char path[MOD_MAXPATH];
2184 	size_t n, resid = sizeof (path);
2185 	char *p = path;
2186 
2187 	char **dotv;
2188 	int i, rc, id;
2189 	modctl_t *mp;
2190 
2191 	if (p2 != NULL)
2192 		n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2193 	else
2194 		n = snprintf(p, resid, "%s/%s", subdir, p1);
2195 
2196 	if (n >= resid)
2197 		return (-1);
2198 
2199 	p += n;
2200 	resid -= n;
2201 	dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2202 
2203 	for (i = 0; i < suffc; i++) {
2204 		dotv[i] = p;
2205 		n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2206 
2207 		if (n >= resid) {
2208 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2209 			return (-1);
2210 		}
2211 
2212 		p += n;
2213 		resid -= n;
2214 	}
2215 
2216 	dotv[suffc] = p;
2217 
2218 	for (i = suffc; i >= 0; i--) {
2219 		dotv[i][0] = '\0';
2220 		mp = mod_hold_installed_mod(path, 1, &rc);
2221 
2222 		if (mp != NULL) {
2223 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2224 			id = mp->mod_id;
2225 			mod_release_mod(mp);
2226 			return (id);
2227 		}
2228 	}
2229 
2230 	kmem_free(dotv, sizeof (char *) * (suffc + 1));
2231 	return (-1);
2232 }
2233 
2234 /*
2235  * Load a module.
2236  */
2237 int
2238 modloadonly(char *subdir, char *filename)
2239 {
2240 	struct modctl *modp;
2241 	char *fullname;
2242 	size_t size;
2243 	int id, retval;
2244 
2245 	if (subdir != NULL) {
2246 		/*
2247 		 * allocate enough space for <subdir>/<filename><NULL>
2248 		 */
2249 		size = strlen(subdir) + strlen(filename) + 2;
2250 		fullname = kmem_zalloc(size, KM_SLEEP);
2251 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2252 	} else {
2253 		fullname = filename;
2254 	}
2255 
2256 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2257 	if (modp) {
2258 		id = modp->mod_id;
2259 		mod_release_mod(modp);
2260 	}
2261 
2262 	if (subdir != NULL)
2263 		kmem_free(fullname, size);
2264 
2265 	if (retval == 0)
2266 		return (id);
2267 	return (-1);
2268 }
2269 
2270 /*
2271  * Try to uninstall and unload a module, removing a reference if caller
2272  * specifies rmodp.
2273  */
2274 static int
2275 modunrload(modid_t id, struct modctl **rmodp, int unload)
2276 {
2277 	struct modctl	*modp;
2278 	int		retval;
2279 
2280 	if (rmodp)
2281 		*rmodp = NULL;			/* avoid garbage */
2282 
2283 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2284 		return (EINVAL);
2285 
2286 	if (rmodp) {
2287 		mutex_enter(&mod_lock);
2288 		modp->mod_ref--;
2289 		mutex_exit(&mod_lock);
2290 		*rmodp = modp;
2291 	}
2292 
2293 	if (unload) {
2294 		retval = moduninstall(modp);
2295 		if (retval == 0) {
2296 			mod_unload(modp);
2297 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2298 		} else if (retval == EALREADY)
2299 			retval = 0;	/* already unloaded, not an error */
2300 	} else
2301 		retval = 0;
2302 
2303 	mod_release_mod(modp);
2304 	return (retval);
2305 }
2306 
2307 /*
2308  * Uninstall and unload a module.
2309  */
2310 int
2311 modunload(modid_t id)
2312 {
2313 	int		retval;
2314 
2315 	/* synchronize with any active modunload_disable() */
2316 	modunload_begin();
2317 	if (ddi_root_node())
2318 		(void) devfs_clean(ddi_root_node(), NULL, 0);
2319 	retval = modunrload(id, NULL, 1);
2320 	modunload_end();
2321 	return (retval);
2322 }
2323 
2324 /*
2325  * Return status of a loaded module.
2326  */
2327 static int
2328 modinfo(modid_t id, struct modinfo *modinfop)
2329 {
2330 	struct modctl	*modp;
2331 	modid_t		mid;
2332 	int		i;
2333 
2334 	mid = modinfop->mi_id;
2335 	if (modinfop->mi_info & MI_INFO_ALL) {
2336 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2337 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2338 			    modp->mod_installed)
2339 				break;
2340 			mod_release_mod(modp);
2341 		}
2342 		if (modp == NULL)
2343 			return (EINVAL);
2344 	} else {
2345 		modp = mod_hold_by_id(id);
2346 		if (modp == NULL)
2347 			return (EINVAL);
2348 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2349 		    (modp->mod_installed == 0)) {
2350 			mod_release_mod(modp);
2351 			return (EINVAL);
2352 		}
2353 	}
2354 
2355 	modinfop->mi_rev = 0;
2356 	modinfop->mi_state = 0;
2357 	for (i = 0; i < MODMAXLINK; i++) {
2358 		modinfop->mi_msinfo[i].msi_p0 = -1;
2359 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2360 	}
2361 	if (modp->mod_loaded) {
2362 		modinfop->mi_state = MI_LOADED;
2363 		kobj_getmodinfo(modp->mod_mp, modinfop);
2364 	}
2365 	if (modp->mod_installed) {
2366 		modinfop->mi_state |= MI_INSTALLED;
2367 
2368 		(void) mod_getinfo(modp, modinfop);
2369 	}
2370 
2371 	modinfop->mi_id = modp->mod_id;
2372 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2373 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2374 
2375 	mod_release_mod(modp);
2376 	return (0);
2377 }
2378 
2379 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2380 static char no_err[] = "No error function for weak stub %s";
2381 
2382 /*
2383  * used by the stubs themselves to load and hold a module.
2384  * Returns  0 if the module is successfully held;
2385  *	    the stub needs to call mod_release_stub().
2386  *	    -1 if the stub should just call the err_fcn.
2387  * Note that this code is stretched out so that we avoid subroutine calls
2388  * and optimize for the most likely case.  That is, the case where the
2389  * module is loaded and installed and not held.  In that case we just inc
2390  * the mod_ref count and continue.
2391  */
2392 int
2393 mod_hold_stub(struct mod_stub_info *stub)
2394 {
2395 	struct modctl *mp;
2396 	struct mod_modinfo *mip;
2397 
2398 	mip = stub->mods_modinfo;
2399 
2400 	mutex_enter(&mod_lock);
2401 
2402 	/* we do mod_hold_by_modctl inline for speed */
2403 
2404 mod_check_again:
2405 	if ((mp = mip->mp) != NULL) {
2406 		if (mp->mod_busy == 0) {
2407 			if (mp->mod_installed) {
2408 				/* increment the reference count */
2409 				mp->mod_ref++;
2410 				ASSERT(mp->mod_ref && mp->mod_installed);
2411 				mutex_exit(&mod_lock);
2412 				return (0);
2413 			} else {
2414 				mp->mod_busy = 1;
2415 				mp->mod_inprogress_thread =
2416 				    (curthread == NULL ?
2417 				    (kthread_id_t)-1 : curthread);
2418 			}
2419 		} else {
2420 			/*
2421 			 * wait one time and then go see if someone
2422 			 * else has resolved the stub (set mip->mp).
2423 			 */
2424 			if (mod_hold_by_modctl(mp,
2425 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2426 				goto mod_check_again;
2427 
2428 			/*
2429 			 * what we have now may have been unloaded!, in
2430 			 * that case, mip->mp will be NULL, we'll hit this
2431 			 * module and load again..
2432 			 */
2433 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2434 		}
2435 		mutex_exit(&mod_lock);
2436 	} else {
2437 		/* first time we've hit this module */
2438 		mutex_exit(&mod_lock);
2439 		mp = mod_hold_by_name(mip->modm_module_name);
2440 		mip->mp = mp;
2441 	}
2442 
2443 	/*
2444 	 * If we are here, it means that the following conditions
2445 	 * are satisfied.
2446 	 *
2447 	 * mip->mp != NULL
2448 	 * this thread has set the mp->mod_busy = 1
2449 	 * mp->mod_installed = 0
2450 	 *
2451 	 */
2452 	ASSERT(mp != NULL);
2453 	ASSERT(mp->mod_busy == 1);
2454 
2455 	if (mp->mod_installed == 0) {
2456 		/* Module not loaded, if weak stub don't load it */
2457 		if (stub->mods_flag & MODS_WEAK) {
2458 			if (stub->mods_errfcn == NULL) {
2459 				mod_release_mod(mp);
2460 				cmn_err(CE_PANIC, no_err,
2461 				    mip->modm_module_name);
2462 			}
2463 		} else {
2464 			/* Not a weak stub so load the module */
2465 
2466 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
2467 				/*
2468 				 * If mod_load() was successful
2469 				 * and modinstall() failed, then
2470 				 * unload the module.
2471 				 */
2472 				if (mp->mod_loaded)
2473 					mod_unload(mp);
2474 
2475 				mod_release_mod(mp);
2476 				if (stub->mods_errfcn == NULL) {
2477 					cmn_err(CE_PANIC, mod_stub_err,
2478 					    mip->modm_module_name);
2479 				} else {
2480 					return (-1);
2481 				}
2482 			}
2483 		}
2484 	}
2485 
2486 	/*
2487 	 * At this point module is held and loaded. Release
2488 	 * the mod_busy and mod_inprogress_thread before
2489 	 * returning. We actually call mod_release() here so
2490 	 * that if another stub wants to access this module,
2491 	 * it can do so. mod_ref is incremented before mod_release()
2492 	 * is called to prevent someone else from snatching the
2493 	 * module from this thread.
2494 	 */
2495 	mutex_enter(&mod_lock);
2496 	mp->mod_ref++;
2497 	ASSERT(mp->mod_ref &&
2498 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2499 	mod_release(mp);
2500 	mutex_exit(&mod_lock);
2501 	return (0);
2502 }
2503 
2504 void
2505 mod_release_stub(struct mod_stub_info *stub)
2506 {
2507 	struct modctl *mp = stub->mods_modinfo->mp;
2508 
2509 	/* inline mod_release_mod */
2510 	mutex_enter(&mod_lock);
2511 	ASSERT(mp->mod_ref &&
2512 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2513 	mp->mod_ref--;
2514 	if (mp->mod_want) {
2515 		mp->mod_want = 0;
2516 		cv_broadcast(&mod_cv);
2517 	}
2518 	mutex_exit(&mod_lock);
2519 }
2520 
2521 static struct modctl *
2522 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
2523 {
2524 	struct modctl *modp;
2525 	int retval;
2526 
2527 	/*
2528 	 * Hold the module.
2529 	 */
2530 	modp = mod_hold_by_name_requisite(dep, filename);
2531 	if (modp) {
2532 		retval = mod_load(modp, 1);
2533 		if (retval != 0) {
2534 			mod_release_mod(modp);
2535 			modp = NULL;
2536 		}
2537 		*status = retval;
2538 	} else {
2539 		*status = ENOSPC;
2540 	}
2541 
2542 	/*
2543 	 * if dep is not NULL, clear the module dependency information.
2544 	 * This information is set in mod_hold_by_name_common().
2545 	 */
2546 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
2547 		ASSERT(dep->mod_busy);
2548 		dep->mod_requisite_loading = NULL;
2549 	}
2550 
2551 	return (modp);
2552 }
2553 
2554 /*
2555  * hold, load, and install the named module
2556  */
2557 static struct modctl *
2558 mod_hold_installed_mod(char *name, int usepath, int *r)
2559 {
2560 	struct modctl *modp;
2561 	int retval;
2562 
2563 	/*
2564 	 * Verify that that module in question actually exists on disk
2565 	 * before allocation of module structure by mod_hold_by_name.
2566 	 */
2567 	if (modrootloaded && swaploaded) {
2568 		if (!kobj_path_exists(name, usepath)) {
2569 			*r = ENOENT;
2570 			return (NULL);
2571 		}
2572 	}
2573 
2574 	/*
2575 	 * Hold the module.
2576 	 */
2577 	modp = mod_hold_by_name(name);
2578 	if (modp) {
2579 		retval = mod_load(modp, usepath);
2580 		if (retval != 0) {
2581 			mod_release_mod(modp);
2582 			modp = NULL;
2583 			*r = retval;
2584 		} else {
2585 			if ((*r = modinstall(modp)) != 0) {
2586 				/*
2587 				 * We loaded it, but failed to _init() it.
2588 				 * Be kind to developers -- force it
2589 				 * out of memory now so that the next
2590 				 * attempt to use the module will cause
2591 				 * a reload.  See 1093793.
2592 				 */
2593 				mod_unload(modp);
2594 				mod_release_mod(modp);
2595 				modp = NULL;
2596 			}
2597 		}
2598 	} else {
2599 		*r = ENOSPC;
2600 	}
2601 	return (modp);
2602 }
2603 
2604 static char mod_excl_msg[] =
2605 	"module %s(%s) is EXCLUDED and will not be loaded\n";
2606 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
2607 
2608 /*
2609  * This routine is needed for dependencies.  Users specify dependencies
2610  * by declaring a character array initialized to filenames of dependents.
2611  * So the code that handles dependents deals with filenames (and not
2612  * module names) because that's all it has.  We load by filename and once
2613  * we've loaded a file we can get the module name.
2614  * Unfortunately there isn't a single unified filename/modulename namespace.
2615  * C'est la vie.
2616  *
2617  * We allow the name being looked up to be prepended by an optional
2618  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
2619  */
2620 struct modctl *
2621 mod_find_by_filename(char *subdir, char *filename)
2622 {
2623 	struct modctl	*mp;
2624 	size_t		sublen;
2625 
2626 	ASSERT(!MUTEX_HELD(&mod_lock));
2627 	if (subdir != NULL)
2628 		sublen = strlen(subdir);
2629 	else
2630 		sublen = 0;
2631 
2632 	mutex_enter(&mod_lock);
2633 	mp = &modules;
2634 	do {
2635 		if (sublen) {
2636 			char *mod_filename = mp->mod_filename;
2637 
2638 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
2639 			    mod_filename[sublen] == '/' &&
2640 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
2641 				mutex_exit(&mod_lock);
2642 				return (mp);
2643 			}
2644 		} else if (strcmp(filename, mp->mod_filename) == 0) {
2645 			mutex_exit(&mod_lock);
2646 			return (mp);
2647 		}
2648 	} while ((mp = mp->mod_next) != &modules);
2649 	mutex_exit(&mod_lock);
2650 	return (NULL);
2651 }
2652 
2653 /*
2654  * Check for circular dependencies.  This is called from do_dependents()
2655  * in kobj.c.  If we are the thread already loading this module, then
2656  * we're trying to load a dependent that we're already loading which
2657  * means the user specified circular dependencies.
2658  */
2659 static int
2660 mod_circdep(struct modctl *modp)
2661 {
2662 	struct modctl	*rmod;
2663 
2664 	ASSERT(MUTEX_HELD(&mod_lock));
2665 
2666 	/*
2667 	 * Check the mod_inprogress_thread first.
2668 	 * mod_inprogress_thread is used in mod_hold_stub()
2669 	 * directly to improve performance.
2670 	 */
2671 	if (modp->mod_inprogress_thread == curthread)
2672 		return (1);
2673 
2674 	/*
2675 	 * Check the module circular dependencies.
2676 	 */
2677 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
2678 		/*
2679 		 * Check if there is a module circular dependency.
2680 		 */
2681 		if (rmod->mod_requisite_loading == modp)
2682 			return (1);
2683 	}
2684 	return (0);
2685 }
2686 
2687 static int
2688 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
2689 {
2690 	int (*func)(struct modinfo *);
2691 	int retval;
2692 
2693 	ASSERT(modp->mod_busy);
2694 
2695 	/* primary modules don't do getinfo */
2696 	if (modp->mod_prim)
2697 		return (0);
2698 
2699 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
2700 
2701 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
2702 		cmn_err(CE_WARN, "_info() not defined properly in %s",
2703 		    modp->mod_filename);
2704 		/*
2705 		 * The semantics of mod_info(9F) are that 0 is failure
2706 		 * and non-zero is success.
2707 		 */
2708 		retval = 0;
2709 	} else
2710 		retval = (*func)(modinfop);	/* call _info() function */
2711 
2712 	if (moddebug & MODDEBUG_USERDEBUG)
2713 		printf("Returned from _info, retval = %x\n", retval);
2714 
2715 	return (retval);
2716 }
2717 
2718 static void
2719 modadd(struct modctl *mp)
2720 {
2721 	ASSERT(MUTEX_HELD(&mod_lock));
2722 
2723 	mp->mod_id = last_module_id++;
2724 	mp->mod_next = &modules;
2725 	mp->mod_prev = modules.mod_prev;
2726 	modules.mod_prev->mod_next = mp;
2727 	modules.mod_prev = mp;
2728 }
2729 
2730 /*ARGSUSED*/
2731 static struct modctl *
2732 allocate_modp(const char *filename, const char *modname)
2733 {
2734 	struct modctl *mp;
2735 
2736 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
2737 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
2738 	(void) strcpy(mp->mod_modname, modname);
2739 	return (mp);
2740 }
2741 
2742 /*
2743  * Get the value of a symbol.  This is a wrapper routine that
2744  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
2745  * wrapper will prevent callers from noticing.
2746  */
2747 uintptr_t
2748 modgetsymvalue(char *name, int kernelonly)
2749 {
2750 	return (kobj_getsymvalue(name, kernelonly));
2751 }
2752 
2753 /*
2754  * Get the symbol nearest an address.  This is a wrapper routine that
2755  * calls kobj_getsymname().  kobj_getsymname() may go away but this
2756  * wrapper will prevent callers from noticing.
2757  */
2758 char *
2759 modgetsymname(uintptr_t value, ulong_t *offset)
2760 {
2761 	return (kobj_getsymname(value, offset));
2762 }
2763 
2764 /*
2765  * Lookup a symbol in a specified module.  These are wrapper routines that
2766  * call kobj_lookup().  kobj_lookup() may go away but these wrappers will
2767  * prevent callers from noticing.
2768  */
2769 uintptr_t
2770 modlookup(const char *modname, const char *symname)
2771 {
2772 	struct modctl *modp;
2773 	uintptr_t val;
2774 
2775 	if ((modp = mod_hold_by_name(modname)) == NULL)
2776 		return (0);
2777 	val = kobj_lookup(modp->mod_mp, symname);
2778 	mod_release_mod(modp);
2779 	return (val);
2780 }
2781 
2782 uintptr_t
2783 modlookup_by_modctl(modctl_t *modp, const char *symname)
2784 {
2785 	ASSERT(modp->mod_ref > 0 || modp->mod_busy);
2786 
2787 	return (kobj_lookup(modp->mod_mp, symname));
2788 }
2789 
2790 /*
2791  * Ask the user for the name of the system file and the default path
2792  * for modules.
2793  */
2794 void
2795 mod_askparams()
2796 {
2797 	static char s0[64];
2798 	intptr_t fd;
2799 
2800 	if ((fd = kobj_open(systemfile)) != -1L)
2801 		kobj_close(fd);
2802 	else
2803 		systemfile = NULL;
2804 
2805 	/*CONSTANTCONDITION*/
2806 	while (1) {
2807 		printf("Name of system file [%s]:  ",
2808 			systemfile ? systemfile : "/dev/null");
2809 
2810 		console_gets(s0, sizeof (s0));
2811 
2812 		if (s0[0] == '\0')
2813 			break;
2814 		else if (strcmp(s0, "/dev/null") == 0) {
2815 			systemfile = NULL;
2816 			break;
2817 		} else {
2818 			if ((fd = kobj_open(s0)) != -1L) {
2819 				kobj_close(fd);
2820 				systemfile = s0;
2821 				break;
2822 			}
2823 		}
2824 		printf("can't find file %s\n", s0);
2825 	}
2826 }
2827 
2828 static char loading_msg[] = "loading '%s' id %d\n";
2829 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
2830 
2831 /*
2832  * Common code for loading a module (but not installing it).
2833  * Handoff the task of module loading to a seperate thread
2834  * with a large stack if possible, since this code may recurse a few times.
2835  * Return zero if there are no errors or an errno value.
2836  */
2837 static int
2838 mod_load(struct modctl *mp, int usepath)
2839 {
2840 	int		retval;
2841 	struct modinfo	*modinfop = NULL;
2842 	struct loadmt	lt;
2843 
2844 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2845 	ASSERT(mp->mod_busy);
2846 
2847 	if (mp->mod_loaded)
2848 		return (0);
2849 
2850 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
2851 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
2852 		if (moddebug & MODDEBUG_LOADMSG) {
2853 			printf(mod_excl_msg, mp->mod_filename,
2854 				mp->mod_modname);
2855 		}
2856 		return (ENXIO);
2857 	}
2858 	if (moddebug & MODDEBUG_LOADMSG2)
2859 		printf(loading_msg, mp->mod_filename, mp->mod_id);
2860 
2861 	if (curthread != &t0) {
2862 		lt.mp = mp;
2863 		lt.usepath = usepath;
2864 		lt.owner = curthread;
2865 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
2866 
2867 		/* create thread to hand of call to */
2868 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
2869 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
2870 
2871 		/* wait for thread to complete kobj_load_module */
2872 		sema_p(&lt.sema);
2873 
2874 		sema_destroy(&lt.sema);
2875 		retval = lt.retval;
2876 	} else
2877 		retval = kobj_load_module(mp, usepath);
2878 
2879 	if (mp->mod_mp) {
2880 		ASSERT(retval == 0);
2881 		mp->mod_loaded = 1;
2882 		mp->mod_loadcnt++;
2883 		if (moddebug & MODDEBUG_LOADMSG) {
2884 			printf(load_msg, mp->mod_filename, mp->mod_id,
2885 				(void *)((struct module *)mp->mod_mp)->text,
2886 				(void *)((struct module *)mp->mod_mp)->data,
2887 				((struct module *)mp->mod_mp)->text_size,
2888 				((struct module *)mp->mod_mp)->data_size);
2889 		}
2890 
2891 		/*
2892 		 * XXX - There should be a better way to get this.
2893 		 */
2894 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
2895 		modinfop->mi_info = MI_INFO_LINKAGE;
2896 		if (mod_getinfo(mp, modinfop) == 0)
2897 			mp->mod_linkage = NULL;
2898 		else {
2899 			mp->mod_linkage = (void *)modinfop->mi_base;
2900 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
2901 		}
2902 
2903 		/*
2904 		 * DCS: bootstrapping code. If the driver is loaded
2905 		 * before root mount, it is assumed that the driver
2906 		 * may be used before mounting root. In order to
2907 		 * access mappings of global to local minor no.'s
2908 		 * during installation/open of the driver, we load
2909 		 * them into memory here while the BOP_interfaces
2910 		 * are still up.
2911 		 */
2912 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
2913 			retval = clboot_modload(mp);
2914 		}
2915 
2916 		kmem_free(modinfop, sizeof (struct modinfo));
2917 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
2918 		retval = install_stubs_by_name(mp, mp->mod_modname);
2919 
2920 		/*
2921 		 * Now that the module is loaded, we need to give DTrace
2922 		 * a chance to notify its providers.  This is done via
2923 		 * the dtrace_modload function pointer.
2924 		 */
2925 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
2926 			struct modctl *dmp = mod_hold_by_name("dtrace");
2927 
2928 			if (dmp != NULL && dtrace_modload != NULL)
2929 				(*dtrace_modload)(mp);
2930 
2931 			mod_release_mod(dmp);
2932 		}
2933 
2934 	} else {
2935 		/*
2936 		 * If load failed then we need to release any requisites
2937 		 * that we had established.
2938 		 */
2939 		ASSERT(retval);
2940 		mod_release_requisites(mp);
2941 
2942 		if (moddebug & MODDEBUG_ERRMSG)
2943 			printf("error loading '%s', error %d\n",
2944 			    mp->mod_filename, retval);
2945 	}
2946 	return (retval);
2947 }
2948 
2949 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
2950 
2951 static void
2952 mod_unload(struct modctl *mp)
2953 {
2954 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2955 	ASSERT(mp->mod_busy);
2956 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
2957 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
2958 
2959 	if (moddebug & MODDEBUG_LOADMSG)
2960 		printf(unload_msg, mp->mod_modname,
2961 			mp->mod_id, mp->mod_loadcnt);
2962 
2963 	/*
2964 	 * If mod_ref is not zero, it means some modules might still refer
2965 	 * to this module. Then you can't unload this module right now.
2966 	 * Instead, set 1 to mod_delay_unload to notify the system of
2967 	 * unloading this module later when it's not required any more.
2968 	 */
2969 	if (mp->mod_ref > 0) {
2970 		mp->mod_delay_unload = 1;
2971 		if (moddebug & MODDEBUG_LOADMSG2) {
2972 			printf("module %s not unloaded,"
2973 			    " non-zero reference count (%d)",
2974 			    mp->mod_modname, mp->mod_ref);
2975 		}
2976 		return;
2977 	}
2978 
2979 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
2980 	    (mp->mod_ref || mp->mod_prim)) {
2981 		/*
2982 		 * A DEBUG kernel would ASSERT panic above, the code is broken
2983 		 * if we get this warning.
2984 		 */
2985 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
2986 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
2987 		    mp->mod_ref);
2988 		return;
2989 	}
2990 
2991 	/* reset stub functions to call the binder again */
2992 	reset_stubs(mp);
2993 
2994 	/*
2995 	 * mark module as unloaded before the modctl structure is freed.
2996 	 * This is required not to reuse the modctl structure before
2997 	 * the module is marked as unloaded.
2998 	 */
2999 	mp->mod_loaded = 0;
3000 	mp->mod_linkage = NULL;
3001 
3002 	/* free the memory */
3003 	kobj_unload_module(mp);
3004 
3005 	if (mp->mod_delay_unload) {
3006 		mp->mod_delay_unload = 0;
3007 		if (moddebug & MODDEBUG_LOADMSG2) {
3008 			printf("deferred unload of module %s"
3009 			    " (id %d) successful",
3010 			    mp->mod_modname, mp->mod_id);
3011 		}
3012 	}
3013 
3014 	/* release hold on requisites */
3015 	mod_release_requisites(mp);
3016 
3017 	/*
3018 	 * Now that the module is gone, we need to give DTrace a chance to
3019 	 * remove any probes that it may have had in the module.  This is
3020 	 * done via the dtrace_modunload function pointer.
3021 	 */
3022 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
3023 		struct modctl *dmp = mod_hold_by_name("dtrace");
3024 
3025 		if (dmp != NULL && dtrace_modunload != NULL)
3026 			(*dtrace_modunload)(mp);
3027 
3028 		mod_release_mod(dmp);
3029 	}
3030 }
3031 
3032 static int
3033 modinstall(struct modctl *mp)
3034 {
3035 	int val;
3036 	int (*func)(void);
3037 
3038 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3039 	ASSERT(mp->mod_busy && mp->mod_loaded);
3040 
3041 	if (mp->mod_installed)
3042 		return (0);
3043 	/*
3044 	 * If mod_delay_unload is on, it means the system chose the deferred
3045 	 * unload for this module. Then you can't install this module until
3046 	 * it's unloaded from the system.
3047 	 */
3048 	if (mp->mod_delay_unload)
3049 		return (ENXIO);
3050 
3051 	if (moddebug & MODDEBUG_LOADMSG)
3052 		printf("installing %s, module id %d.\n",
3053 			mp->mod_modname, mp->mod_id);
3054 
3055 	ASSERT(mp->mod_mp != NULL);
3056 	if (mod_install_requisites(mp) != 0) {
3057 		/*
3058 		 * Note that we can't call mod_unload(mp) here since
3059 		 * if modinstall() was called by mod_install_requisites(),
3060 		 * we won't be able to hold the dependent modules
3061 		 * (otherwise there would be a deadlock).
3062 		 */
3063 		return (ENXIO);
3064 	}
3065 
3066 	if (moddebug & MODDEBUG_ERRMSG) {
3067 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3068 			mp->mod_filename, mp->mod_id,
3069 			(void *)((struct module *)mp->mod_mp)->text,
3070 			(void *)((struct module *)mp->mod_mp)->data,
3071 			((struct module *)mp->mod_mp)->text_size,
3072 			((struct module *)mp->mod_mp)->data_size);
3073 	}
3074 
3075 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3076 
3077 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3078 		cmn_err(CE_WARN, "_init() not defined properly in %s",
3079 		    mp->mod_filename);
3080 		return (EFAULT);
3081 	}
3082 
3083 	if (moddebug & MODDEBUG_USERDEBUG) {
3084 		printf("breakpoint before calling %s:_init()\n",
3085 		    mp->mod_modname);
3086 		if (DEBUGGER_PRESENT)
3087 			debug_enter("_init");
3088 	}
3089 
3090 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3091 	ASSERT(mp->mod_busy && mp->mod_loaded);
3092 	val = (*func)();		/* call _init */
3093 
3094 	if (moddebug & MODDEBUG_USERDEBUG)
3095 		printf("Returned from _init, val = %x\n", val);
3096 
3097 	if (val == 0) {
3098 		/*
3099 		 * Set the MODS_INSTALLED flag to enable this module
3100 		 * being called now.
3101 		 */
3102 		install_stubs(mp);
3103 		mp->mod_installed = 1;
3104 	} else if (moddebug & MODDEBUG_ERRMSG)
3105 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3106 
3107 	return (val);
3108 }
3109 
3110 int	detach_driver_unconfig = 0;
3111 
3112 static int
3113 detach_driver(char *name)
3114 {
3115 	major_t major;
3116 	int error;
3117 
3118 	/*
3119 	 * If being called from mod_uninstall_all() then the appropriate
3120 	 * driver detaches (leaf only) have already been done.
3121 	 */
3122 	if (mod_in_autounload())
3123 		return (0);
3124 
3125 	major = ddi_name_to_major(name);
3126 	if (major == (major_t)-1)
3127 		return (0);
3128 
3129 	error = ndi_devi_unconfig_driver(ddi_root_node(),
3130 	    NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3131 	return (error == NDI_SUCCESS ? 0 : -1);
3132 }
3133 
3134 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3135 
3136 static int
3137 moduninstall(struct modctl *mp)
3138 {
3139 	int status = 0;
3140 	int (*func)(void);
3141 
3142 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3143 	ASSERT(mp->mod_busy);
3144 
3145 	/*
3146 	 * Verify that we need to do something and can uninstall the module.
3147 	 *
3148 	 * If we should not uninstall the module or if the module is not in
3149 	 * the correct state to start an uninstall we return EBUSY to prevent
3150 	 * us from progressing to mod_unload.  If the module has already been
3151 	 * uninstalled and unloaded we return EALREADY.
3152 	 */
3153 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3154 		return (EBUSY);
3155 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3156 		return (EALREADY);
3157 
3158 	/*
3159 	 * To avoid devinfo / module deadlock we must release this module
3160 	 * prior to initiating the detach_driver, otherwise the detach_driver
3161 	 * might deadlock on a devinfo node held by another thread
3162 	 * coming top down and involving the module we have locked.
3163 	 *
3164 	 * When we regrab the module we must reverify that it is OK
3165 	 * to proceed with the uninstall operation.
3166 	 */
3167 	mod_release_mod(mp);
3168 	status = detach_driver(mp->mod_modname);
3169 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3170 
3171 	/* check detach status and reverify state with lock */
3172 	mutex_enter(&mod_lock);
3173 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3174 		mutex_exit(&mod_lock);
3175 		return (EBUSY);
3176 	}
3177 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3178 		mutex_exit(&mod_lock);
3179 		return (EALREADY);
3180 	}
3181 	mutex_exit(&mod_lock);
3182 
3183 	if (moddebug & MODDEBUG_LOADMSG2)
3184 		printf("uninstalling %s\n", mp->mod_modname);
3185 
3186 	/*
3187 	 * lookup _fini, return EBUSY if not defined.
3188 	 *
3189 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3190 	 * detach(9E) - it allows bufctl addresses to be resolved.
3191 	 */
3192 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3193 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3194 	    (moddebug & MODDEBUG_FINI_EBUSY))
3195 		return (EBUSY);
3196 
3197 	/* verify that _fini is in this module */
3198 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3199 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
3200 		    mp->mod_filename);
3201 		return (EFAULT);
3202 	}
3203 
3204 	/* call _fini() */
3205 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3206 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3207 
3208 	status = (*func)();
3209 
3210 	if (status == 0) {
3211 		/* _fini returned success, the module is no longer installed */
3212 		if (moddebug & MODDEBUG_LOADMSG)
3213 			printf("uninstalled %s\n", mp->mod_modname);
3214 
3215 		/*
3216 		 * Even though we only set mod_installed to zero here, a zero
3217 		 * return value means we are commited to a code path were
3218 		 * mod_loaded will also end up as zero - we have no other
3219 		 * way to get the module data and bss back to the pre _init
3220 		 * state except a reload. To ensure this, after return,
3221 		 * mod_busy must stay set until mod_loaded is cleared.
3222 		 */
3223 		mp->mod_installed = 0;
3224 
3225 		/*
3226 		 * Clear the MODS_INSTALLED flag not to call functions
3227 		 * in the module directly from now on.
3228 		 */
3229 		uninstall_stubs(mp);
3230 	} else {
3231 		if (moddebug & MODDEBUG_USERDEBUG)
3232 			printf(finiret_msg, mp->mod_filename, status);
3233 		/*
3234 		 * By definition _fini is only allowed to return EBUSY or the
3235 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
3236 		 * that a driver returns EALREADY we convert this to EINVAL
3237 		 * since to our caller EALREADY means module was already
3238 		 * removed.
3239 		 */
3240 		if (status == EALREADY)
3241 			status = EINVAL;
3242 	}
3243 
3244 	return (status);
3245 }
3246 
3247 /*
3248  * Uninstall all modules.
3249  */
3250 static void
3251 mod_uninstall_all(void)
3252 {
3253 	struct modctl	*mp;
3254 	modid_t		modid = 0;
3255 
3256 	/* synchronize with any active modunload_disable() */
3257 	modunload_begin();
3258 
3259 	/* mark this thread as doing autounloading */
3260 	(void) tsd_set(mod_autounload_key, (void *)1);
3261 
3262 	(void) devfs_clean(ddi_root_node(), NULL, 0);
3263 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3264 
3265 	while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3266 		modid = mp->mod_id;
3267 		/*
3268 		 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3269 		 */
3270 		if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3271 			mod_release_mod(mp);
3272 			continue;
3273 		}
3274 
3275 		if (moduninstall(mp) == 0) {
3276 			mod_unload(mp);
3277 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3278 		}
3279 		mod_release_mod(mp);
3280 	}
3281 
3282 	(void) tsd_set(mod_autounload_key, NULL);
3283 	modunload_end();
3284 }
3285 
3286 /* wait for unloads that have begun before registering disable */
3287 void
3288 modunload_disable(void)
3289 {
3290 	mutex_enter(&modunload_wait_mutex);
3291 	while (modunload_active_count) {
3292 		modunload_wait++;
3293 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3294 		modunload_wait--;
3295 	}
3296 	modunload_disable_count++;
3297 	mutex_exit(&modunload_wait_mutex);
3298 }
3299 
3300 /* mark end of disable and signal waiters */
3301 void
3302 modunload_enable(void)
3303 {
3304 	mutex_enter(&modunload_wait_mutex);
3305 	modunload_disable_count--;
3306 	if ((modunload_disable_count == 0) && modunload_wait)
3307 		cv_broadcast(&modunload_wait_cv);
3308 	mutex_exit(&modunload_wait_mutex);
3309 }
3310 
3311 /* wait for disables to complete before begining unload */
3312 void
3313 modunload_begin()
3314 {
3315 	mutex_enter(&modunload_wait_mutex);
3316 	while (modunload_disable_count) {
3317 		modunload_wait++;
3318 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3319 		modunload_wait--;
3320 	}
3321 	modunload_active_count++;
3322 	mutex_exit(&modunload_wait_mutex);
3323 }
3324 
3325 /* mark end of unload and signal waiters */
3326 void
3327 modunload_end()
3328 {
3329 	mutex_enter(&modunload_wait_mutex);
3330 	modunload_active_count--;
3331 	if ((modunload_active_count == 0) && modunload_wait)
3332 		cv_broadcast(&modunload_wait_cv);
3333 	mutex_exit(&modunload_wait_mutex);
3334 }
3335 
3336 void
3337 mod_uninstall_daemon(void)
3338 {
3339 	callb_cpr_t	cprinfo;
3340 	clock_t		ticks = 0;
3341 
3342 	mod_aul_thread = curthread;
3343 
3344 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3345 	for (;;) {
3346 		mutex_enter(&mod_uninstall_lock);
3347 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3348 		/*
3349 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3350 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3351 		 * be disabled by setting mod_uninstall_interval to 0 which is
3352 		 * the default for a non-DEBUG kernel.
3353 		 */
3354 		if (mod_uninstall_interval) {
3355 			ticks = ddi_get_lbolt() +
3356 				drv_usectohz(mod_uninstall_interval * 1000000);
3357 			(void) cv_timedwait(&mod_uninstall_cv,
3358 				&mod_uninstall_lock, ticks);
3359 		} else {
3360 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3361 		}
3362 		/*
3363 		 * The whole daemon is safe for CPR except we don't want
3364 		 * the daemon to run if FREEZE is issued and this daemon
3365 		 * wakes up from the cv_wait above. In this case, it'll be
3366 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3367 		 *
3368 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3369 		 * mod_uninstall_lock is used to protect cprinfo and
3370 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3371 		 * called.
3372 		 */
3373 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3374 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3375 		mutex_exit(&mod_uninstall_lock);
3376 		if ((modunload_disable_count == 0) &&
3377 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3378 			mod_uninstall_all();
3379 		}
3380 	}
3381 }
3382 
3383 /*
3384  * Unload all uninstalled modules.
3385  */
3386 void
3387 modreap(void)
3388 {
3389 	mutex_enter(&mod_uninstall_lock);
3390 	cv_broadcast(&mod_uninstall_cv);
3391 	mutex_exit(&mod_uninstall_lock);
3392 }
3393 
3394 /*
3395  * Hold the specified module. This is the module holding primitive.
3396  *
3397  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3398  *
3399  * Return values:
3400  *	 0 ==> the module is held
3401  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3402  *		to determine how to retry.
3403  */
3404 int
3405 mod_hold_by_modctl(struct modctl *mp, int f)
3406 {
3407 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3408 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3409 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3410 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3411 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3412 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3413 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3414 
3415 	if (f & MOD_LOCK_NOT_HELD)
3416 		mutex_enter(&mod_lock);
3417 
3418 	while (mp->mod_busy) {
3419 		mp->mod_want = 1;
3420 		cv_wait(&mod_cv, &mod_lock);
3421 		/*
3422 		 * Module may be unloaded by daemon.
3423 		 * Nevertheless, modctl structure is still in linked list
3424 		 * (i.e., off &modules), not freed!
3425 		 * Caller is not supposed to assume "mp" is valid, but there
3426 		 * is no reasonable way to detect this but using
3427 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3428 		 *   (or similar check depending on calling context)
3429 		 * DON'T free modctl structure, it will be very very
3430 		 * problematic.
3431 		 */
3432 		if (f & MOD_WAIT_ONCE) {
3433 			if (f & MOD_LOCK_NOT_HELD)
3434 				mutex_exit(&mod_lock);
3435 			return (1);	/* caller decides how to retry */
3436 		}
3437 	}
3438 
3439 	mp->mod_busy = 1;
3440 	mp->mod_inprogress_thread =
3441 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
3442 
3443 	if (f & MOD_LOCK_NOT_HELD)
3444 		mutex_exit(&mod_lock);
3445 	return (0);
3446 }
3447 
3448 static struct modctl *
3449 mod_hold_by_name_common(struct modctl *dep, const char *filename)
3450 {
3451 	const char	*modname;
3452 	struct modctl	*mp;
3453 	char		*curname, *newname;
3454 	int		found = 0;
3455 
3456 	mutex_enter(&mod_lock);
3457 
3458 	if ((modname = strrchr(filename, '/')) == NULL)
3459 		modname = filename;
3460 	else
3461 		modname++;
3462 
3463 	mp = &modules;
3464 	do {
3465 		if (strcmp(modname, mp->mod_modname) == 0) {
3466 			found = 1;
3467 			break;
3468 		}
3469 	} while ((mp = mp->mod_next) != &modules);
3470 
3471 	if (found == 0) {
3472 		mp = allocate_modp(filename, modname);
3473 		modadd(mp);
3474 	}
3475 
3476 	/*
3477 	 * if dep is not NULL, set the mp in mod_requisite_loading for
3478 	 * the module circular dependency check. This field is used in
3479 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
3480 	 */
3481 	if (dep != NULL) {
3482 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
3483 		dep->mod_requisite_loading = mp;
3484 	}
3485 
3486 	/*
3487 	 * If the module was held, then it must be us who has it held.
3488 	 */
3489 	if (mod_circdep(mp))
3490 		mp = NULL;
3491 	else {
3492 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3493 
3494 		/*
3495 		 * If the name hadn't been set or has changed, allocate
3496 		 * space and set it.  Free space used by previous name.
3497 		 *
3498 		 * Do not change the name of primary modules, for primary
3499 		 * modules the mod_filename was allocated in standalone mode:
3500 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
3501 		 * in non-standalone mode.
3502 		 */
3503 		curname = mp->mod_filename;
3504 		if (curname == NULL ||
3505 		    ((mp->mod_prim == 0) &&
3506 		    (curname != filename) &&
3507 		    (modname != filename) &&
3508 		    (strcmp(curname, filename) != 0))) {
3509 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
3510 			(void) strcpy(newname, filename);
3511 			mp->mod_filename = newname;
3512 			if (curname != NULL)
3513 				kobj_free(curname, strlen(curname) + 1);
3514 		}
3515 	}
3516 
3517 	mutex_exit(&mod_lock);
3518 	if (mp && moddebug & MODDEBUG_LOADMSG2)
3519 		printf("Holding %s\n", mp->mod_filename);
3520 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
3521 		printf("circular dependency loading %s\n", filename);
3522 	return (mp);
3523 }
3524 
3525 static struct modctl *
3526 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
3527 {
3528 	return (mod_hold_by_name_common(dep, filename));
3529 }
3530 
3531 struct modctl *
3532 mod_hold_by_name(const char *filename)
3533 {
3534 	return (mod_hold_by_name_common(NULL, filename));
3535 }
3536 
3537 struct modctl *
3538 mod_hold_by_id(modid_t modid)
3539 {
3540 	struct modctl	*mp;
3541 	int		found = 0;
3542 
3543 	mutex_enter(&mod_lock);
3544 	mp = &modules;
3545 	do {
3546 		if (mp->mod_id == modid) {
3547 			found = 1;
3548 			break;
3549 		}
3550 	} while ((mp = mp->mod_next) != &modules);
3551 
3552 	if ((found == 0) || mod_circdep(mp))
3553 		mp = NULL;
3554 	else
3555 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3556 
3557 	mutex_exit(&mod_lock);
3558 	return (mp);
3559 }
3560 
3561 static struct modctl *
3562 mod_hold_next_by_id(modid_t modid)
3563 {
3564 	struct modctl	*mp;
3565 	int		found = 0;
3566 
3567 	if (modid < -1)
3568 		return (NULL);
3569 
3570 	mutex_enter(&mod_lock);
3571 
3572 	mp = &modules;
3573 	do {
3574 		if (mp->mod_id > modid) {
3575 			found = 1;
3576 			break;
3577 		}
3578 	} while ((mp = mp->mod_next) != &modules);
3579 
3580 	if ((found == 0) || mod_circdep(mp))
3581 		mp = NULL;
3582 	else
3583 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3584 
3585 	mutex_exit(&mod_lock);
3586 	return (mp);
3587 }
3588 
3589 static void
3590 mod_release(struct modctl *mp)
3591 {
3592 	ASSERT(MUTEX_HELD(&mod_lock));
3593 	ASSERT(mp->mod_busy);
3594 
3595 	mp->mod_busy = 0;
3596 	mp->mod_inprogress_thread = NULL;
3597 	if (mp->mod_want) {
3598 		mp->mod_want = 0;
3599 		cv_broadcast(&mod_cv);
3600 	}
3601 }
3602 
3603 void
3604 mod_release_mod(struct modctl *mp)
3605 {
3606 	if (moddebug & MODDEBUG_LOADMSG2)
3607 		printf("Releasing %s\n", mp->mod_filename);
3608 	mutex_enter(&mod_lock);
3609 	mod_release(mp);
3610 	mutex_exit(&mod_lock);
3611 }
3612 
3613 modid_t
3614 mod_name_to_modid(char *filename)
3615 {
3616 	char		*modname;
3617 	struct modctl	*mp;
3618 
3619 	mutex_enter(&mod_lock);
3620 
3621 	if ((modname = strrchr(filename, '/')) == NULL)
3622 		modname = filename;
3623 	else
3624 		modname++;
3625 
3626 	mp = &modules;
3627 	do {
3628 		if (strcmp(modname, mp->mod_modname) == 0) {
3629 			mutex_exit(&mod_lock);
3630 			return (mp->mod_id);
3631 		}
3632 	} while ((mp = mp->mod_next) != &modules);
3633 
3634 	mutex_exit(&mod_lock);
3635 	return (-1);
3636 }
3637 
3638 
3639 int
3640 mod_remove_by_name(char *name)
3641 {
3642 	struct modctl *mp;
3643 	int retval;
3644 
3645 	mp = mod_hold_by_name(name);
3646 
3647 	if (mp == NULL)
3648 		return (EINVAL);
3649 
3650 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3651 		/*
3652 		 * Do not unload forceloaded modules
3653 		 */
3654 		mod_release_mod(mp);
3655 		return (0);
3656 	}
3657 
3658 	if ((retval = moduninstall(mp)) == 0) {
3659 		mod_unload(mp);
3660 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3661 	} else if (retval == EALREADY)
3662 		retval = 0;		/* already unloaded, not an error */
3663 	mod_release_mod(mp);
3664 	return (retval);
3665 }
3666 
3667 /*
3668  * Record that module "dep" is dependent on module "on_mod."
3669  */
3670 static void
3671 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
3672 {
3673 	struct modctl_list **pmlnp;	/* previous next pointer */
3674 	struct modctl_list *mlp;
3675 	struct modctl_list *new;
3676 
3677 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
3678 	mutex_enter(&mod_lock);
3679 
3680 	/*
3681 	 * Search dependent's requisite list to see if on_mod is recorded.
3682 	 * List is ordered by id.
3683 	 */
3684 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
3685 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
3686 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
3687 			break;
3688 
3689 	/* Create and insert if not already recorded */
3690 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
3691 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
3692 		new->modl_modp = on_mod;
3693 		new->modl_next = mlp;
3694 		*pmlnp = new;
3695 
3696 		/*
3697 		 * Increment the mod_ref count in our new requisite module.
3698 		 * This is what keeps a module that has other modules
3699 		 * which are dependent on it from being uninstalled and
3700 		 * unloaded. "on_mod"'s mod_ref count decremented in
3701 		 * mod_release_requisites when the "dependent" module
3702 		 * unload is complete.  "on_mod" must be loaded, but may not
3703 		 * yet be installed.
3704 		 */
3705 		on_mod->mod_ref++;
3706 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
3707 	}
3708 
3709 	mutex_exit(&mod_lock);
3710 }
3711 
3712 /*
3713  * release the hold associated with mod_make_requisite mod_ref++
3714  * as part of unload.
3715  */
3716 void
3717 mod_release_requisites(struct modctl *modp)
3718 {
3719 	struct modctl_list *modl;
3720 	struct modctl_list *next;
3721 	struct modctl *req;
3722 	struct modctl_list *start = NULL, *mod_garbage;
3723 
3724 	ASSERT(modp->mod_busy);
3725 	ASSERT(!MUTEX_HELD(&mod_lock));
3726 
3727 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
3728 	for (modl = modp->mod_requisites; modl; modl = next) {
3729 		next = modl->modl_next;
3730 		req = modl->modl_modp;
3731 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
3732 		req->mod_ref--;
3733 
3734 		/*
3735 		 * Check if the module has to be unloaded or not.
3736 		 */
3737 		if (req->mod_ref == 0 && req->mod_delay_unload) {
3738 			struct modctl_list *new;
3739 			/*
3740 			 * Allocate the modclt_list holding the garbage
3741 			 * module which should be unloaded later.
3742 			 */
3743 			new = kobj_zalloc(sizeof (struct modctl_list),
3744 			    KM_SLEEP);
3745 			new->modl_modp = req;
3746 
3747 			if (start == NULL)
3748 				mod_garbage = start = new;
3749 			else {
3750 				mod_garbage->modl_next = new;
3751 				mod_garbage = new;
3752 			}
3753 		}
3754 
3755 		/* free the list as we go */
3756 		kobj_free(modl, sizeof (*modl));
3757 	}
3758 	modp->mod_requisites = NULL;
3759 	mutex_exit(&mod_lock);
3760 
3761 	/*
3762 	 * Unload the garbage modules.
3763 	 */
3764 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
3765 		struct modctl_list *old = mod_garbage;
3766 		struct modctl *mp = mod_garbage->modl_modp;
3767 		ASSERT(mp != NULL);
3768 
3769 		/*
3770 		 * Hold this module until it's unloaded completely.
3771 		 */
3772 		(void) mod_hold_by_modctl(mp,
3773 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3774 		/*
3775 		 * Check if the module is not unloaded yet and nobody requires
3776 		 * the module. If it's unloaded already or somebody still
3777 		 * requires the module, don't unload it now.
3778 		 */
3779 		if (mp->mod_loaded && mp->mod_ref == 0)
3780 			mod_unload(mp);
3781 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
3782 		    (mp->mod_ref > 0));
3783 		mod_release_mod(mp);
3784 
3785 		mod_garbage = mod_garbage->modl_next;
3786 		kobj_free(old, sizeof (struct modctl_list));
3787 	}
3788 }
3789 
3790 /*
3791  * Process dependency of the module represented by "dep" on the
3792  * module named by "on."
3793  *
3794  * Called from kobj_do_dependents() to load a module "on" on which
3795  * "dep" depends.
3796  */
3797 struct modctl *
3798 mod_load_requisite(struct modctl *dep, char *on)
3799 {
3800 	struct modctl *on_mod;
3801 	int retval;
3802 
3803 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
3804 		mod_make_requisite(dep, on_mod);
3805 	} else if (moddebug & MODDEBUG_ERRMSG) {
3806 		printf("error processing %s on which module %s depends\n",
3807 			on, dep->mod_modname);
3808 	}
3809 	return (on_mod);
3810 }
3811 
3812 static int
3813 mod_install_requisites(struct modctl *modp)
3814 {
3815 	struct modctl_list *modl;
3816 	struct modctl *req;
3817 	int status = 0;
3818 
3819 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3820 	ASSERT(modp->mod_busy);
3821 
3822 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
3823 		req = modl->modl_modp;
3824 		(void) mod_hold_by_modctl(req,
3825 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3826 		status = modinstall(req);
3827 		mod_release_mod(req);
3828 
3829 		if (status != 0)
3830 			break;
3831 	}
3832 	return (status);
3833 }
3834 
3835 /*
3836  * returns 1 if this thread is doing autounload, 0 otherwise.
3837  * see mod_uninstall_all.
3838  */
3839 int
3840 mod_in_autounload()
3841 {
3842 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
3843 }
3844 
3845 /*
3846  * gmatch adapted from libc, stripping the wchar stuff
3847  */
3848 #define	popchar(p, c) \
3849 	c = *p++; \
3850 	if (c == 0) \
3851 		return (0);
3852 
3853 int
3854 gmatch(const char *s, const char *p)
3855 {
3856 	int c, sc;
3857 	int ok, lc, notflag;
3858 
3859 	sc = *s++;
3860 	c = *p++;
3861 	if (c == 0)
3862 		return (sc == c);	/* nothing matches nothing */
3863 
3864 	switch (c) {
3865 	case '\\':
3866 		/* skip to quoted character */
3867 		popchar(p, c)
3868 		/*FALLTHRU*/
3869 
3870 	default:
3871 		/* straight comparison */
3872 		if (c != sc)
3873 			return (0);
3874 		/*FALLTHRU*/
3875 
3876 	case '?':
3877 		/* first char matches, move to remainder */
3878 		return (sc != '\0' ? gmatch(s, p) : 0);
3879 
3880 
3881 	case '*':
3882 		while (*p == '*')
3883 			p++;
3884 
3885 		/* * matches everything */
3886 		if (*p == 0)
3887 			return (1);
3888 
3889 		/* undo skip at the beginning & iterate over substrings */
3890 		--s;
3891 		while (*s) {
3892 			if (gmatch(s, p))
3893 				return (1);
3894 			s++;
3895 		}
3896 		return (0);
3897 
3898 	case '[':
3899 		/* match any char within [] */
3900 		if (sc == 0)
3901 			return (0);
3902 
3903 		ok = lc = notflag = 0;
3904 
3905 		if (*p == '!') {
3906 			notflag = 1;
3907 			p++;
3908 		}
3909 		popchar(p, c)
3910 
3911 		do {
3912 			if (c == '-' && lc && *p != ']') {
3913 				/* test sc against range [c1-c2] */
3914 				popchar(p, c)
3915 				if (c == '\\') {
3916 					popchar(p, c)
3917 				}
3918 
3919 				if (notflag) {
3920 					/* return 0 on mismatch */
3921 					if (lc <= sc && sc <= c)
3922 						return (0);
3923 					ok++;
3924 				} else if (lc <= sc && sc <= c) {
3925 					ok++;
3926 				}
3927 				/* keep going, may get a match next */
3928 			} else if (c == '\\') {
3929 				/* skip to quoted character */
3930 				popchar(p, c)
3931 			}
3932 			lc = c;
3933 			if (notflag) {
3934 				if (sc == lc)
3935 					return (0);
3936 				ok++;
3937 			} else if (sc == lc) {
3938 				ok++;
3939 			}
3940 			popchar(p, c)
3941 		} while (c != ']');
3942 
3943 		/* recurse on remainder of string */
3944 		return (ok ? gmatch(s, p) : 0);
3945 	}
3946 	/*NOTREACHED*/
3947 }
3948 
3949 
3950 /*
3951  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
3952  *
3953  * Pure wild-carded patterns are handled separately so the ordering of
3954  * these patterns doesn't matter.  We're still dependent on ordering
3955  * however as the first matching entry is the one returned.
3956  * Not ideal but all existing examples and usage do imply this
3957  * ordering implicitly.
3958  *
3959  * Drivers using the clone driver are always good for some entertainment.
3960  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
3961  * perm entries have the form clone:<driver>, others use <driver>:*
3962  * Examples are clone:llc1 vs. llc2:*, for example.
3963  *
3964  * Minor perms in the clone:<driver> form are mapped to the drivers's
3965  * mperm list, not the clone driver, as wildcard entries for clone
3966  * reference only.  In other words, a clone wildcard will match
3967  * references for clone@0:<driver> but never <driver>@<minor>.
3968  *
3969  * Additional minor perms in the standard form are also supported,
3970  * for mixed usage, ie a node with an entry clone:<driver> could
3971  * provide further entries <driver>:<minor>.
3972  *
3973  * Finally, some uses of clone use an alias as the minor name rather
3974  * than the driver name, with the alias as the minor perm entry.
3975  * This case is handled by attaching the driver to bring its
3976  * minor list into existence, then discover the alias via DDI_ALIAS.
3977  * The clone device's minor perm list can then be searched for
3978  * that alias.
3979  */
3980 
3981 static int
3982 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
3983 {
3984 	major_t major;
3985 	struct devnames *dnp;
3986 	mperm_t *mp;
3987 	char *alias = NULL;
3988 	dev_info_t *cdevi;
3989 	struct ddi_minor_data *dmd;
3990 
3991 	major = ddi_name_to_major(minor_name);
3992 
3993 	ASSERT(dip == clone_dip);
3994 	ASSERT(major != (major_t)-1);
3995 
3996 	/*
3997 	 * Attach the driver named by the minor node, then
3998 	 * search its first instance's minor list for an
3999 	 * alias node.
4000 	 */
4001 	if (ddi_hold_installed_driver(major) == NULL)
4002 		return (1);
4003 
4004 	dnp = &devnamesp[major];
4005 	LOCK_DEV_OPS(&dnp->dn_lock);
4006 
4007 	if ((cdevi = dnp->dn_head) != NULL) {
4008 		mutex_enter(&DEVI(cdevi)->devi_lock);
4009 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4010 			if (dmd->type == DDM_ALIAS) {
4011 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4012 				break;
4013 			}
4014 		}
4015 		mutex_exit(&DEVI(cdevi)->devi_lock);
4016 	}
4017 
4018 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4019 	ddi_rele_driver(major);
4020 
4021 	if (alias == NULL) {
4022 		if (moddebug & MODDEBUG_MINORPERM)
4023 			cmn_err(CE_CONT, "dev_minorperm: "
4024 			    "no alias for %s\n", minor_name);
4025 		return (1);
4026 	}
4027 
4028 	major = ddi_driver_major(clone_dip);
4029 	dnp = &devnamesp[major];
4030 	LOCK_DEV_OPS(&dnp->dn_lock);
4031 
4032 	/*
4033 	 * Go through the clone driver's mperm list looking
4034 	 * for a match for the specified alias.
4035 	 */
4036 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4037 		if (strcmp(alias, mp->mp_minorname) == 0) {
4038 			break;
4039 		}
4040 	}
4041 
4042 	if (mp) {
4043 		if (moddebug & MODDEBUG_MP_MATCH) {
4044 			cmn_err(CE_CONT,
4045 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4046 			    minor_name, alias, mp->mp_mode,
4047 			    mp->mp_uid, mp->mp_gid);
4048 		}
4049 		rmp->mp_uid = mp->mp_uid;
4050 		rmp->mp_gid = mp->mp_gid;
4051 		rmp->mp_mode = mp->mp_mode;
4052 	}
4053 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4054 
4055 	kmem_free(alias, strlen(alias)+1);
4056 
4057 	return (mp == NULL);
4058 }
4059 
4060 int
4061 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4062 {
4063 	major_t major;
4064 	char *minor_name;
4065 	struct devnames *dnp;
4066 	mperm_t *mp;
4067 	int is_clone = 0;
4068 
4069 	if (!minorperm_loaded) {
4070 		if (moddebug & MODDEBUG_MINORPERM)
4071 			cmn_err(CE_CONT,
4072 			    "%s: minor perm not yet loaded\n", name);
4073 		return (1);
4074 	}
4075 
4076 	minor_name = strchr(name, ':');
4077 	if (minor_name == NULL)
4078 		return (1);
4079 	minor_name++;
4080 
4081 	/*
4082 	 * If it's the clone driver, search the driver as named
4083 	 * by the minor.  All clone minor perm entries other than
4084 	 * alias nodes are actually installed on the real driver's list.
4085 	 */
4086 	if (dip == clone_dip) {
4087 		major = ddi_name_to_major(minor_name);
4088 		if (major == (major_t)-1) {
4089 			if (moddebug & MODDEBUG_MINORPERM)
4090 				cmn_err(CE_CONT, "dev_minorperm: "
4091 				    "%s: no such driver\n", minor_name);
4092 			return (1);
4093 		}
4094 		is_clone = 1;
4095 	} else {
4096 		major = ddi_driver_major(dip);
4097 		ASSERT(major != (major_t)-1);
4098 	}
4099 
4100 	dnp = &devnamesp[major];
4101 	LOCK_DEV_OPS(&dnp->dn_lock);
4102 
4103 	/*
4104 	 * Go through the driver's mperm list looking for
4105 	 * a match for the specified minor.  If there's
4106 	 * no matching pattern, use the wild card.
4107 	 * Defer to the clone wild for clone if specified,
4108 	 * otherwise fall back to the normal form.
4109 	 */
4110 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4111 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
4112 			break;
4113 		}
4114 	}
4115 	if (mp == NULL) {
4116 		if (is_clone)
4117 			mp = dnp->dn_mperm_clone;
4118 		if (mp == NULL)
4119 			mp = dnp->dn_mperm_wild;
4120 	}
4121 
4122 	if (mp) {
4123 		if (moddebug & MODDEBUG_MP_MATCH) {
4124 			cmn_err(CE_CONT,
4125 			    "minor perm defaults: %s %s 0%o %d %d\n",
4126 			    name, mp->mp_minorname, mp->mp_mode,
4127 			    mp->mp_uid, mp->mp_gid);
4128 		}
4129 		rmp->mp_uid = mp->mp_uid;
4130 		rmp->mp_gid = mp->mp_gid;
4131 		rmp->mp_mode = mp->mp_mode;
4132 	}
4133 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4134 
4135 	/*
4136 	 * If no match can be found for a clone node,
4137 	 * search for a possible match for an alias.
4138 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4139 	 * with minor perm entry clone:ptmx.
4140 	 */
4141 	if (mp == NULL && is_clone) {
4142 		return (dev_alias_minorperm(dip, minor_name, rmp));
4143 	}
4144 
4145 	return (mp == NULL);
4146 }
4147 
4148 /*
4149  * dynamicaly reference load a dl module/library, returning handle
4150  */
4151 /*ARGSUSED*/
4152 ddi_modhandle_t
4153 ddi_modopen(const char *modname, int mode, int *errnop)
4154 {
4155 	char		*subdir;
4156 	char		*mod;
4157 	int		subdirlen;
4158 	struct modctl	*hmodp = NULL;
4159 	int		retval = EINVAL;
4160 
4161 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4162 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4163 		goto out;
4164 
4165 	/* find optional first '/' in modname */
4166 	mod = strchr(modname, '/');
4167 	if (mod != strrchr(modname, '/'))
4168 		goto out;		/* only one '/' is legal */
4169 
4170 	if (mod) {
4171 		/* for subdir string without modification to argument */
4172 		mod++;
4173 		subdirlen = mod - modname;
4174 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
4175 		(void) strlcpy(subdir, modname, subdirlen);
4176 	} else {
4177 		subdirlen = 0;
4178 		subdir = "misc";
4179 		mod = (char *)modname;
4180 	}
4181 
4182 	/* reference load with errno return value */
4183 	retval = modrload(subdir, mod, &hmodp);
4184 
4185 	if (subdirlen)
4186 		kmem_free(subdir, subdirlen);
4187 
4188 out:	if (errnop)
4189 		*errnop = retval;
4190 
4191 	if (moddebug & MODDEBUG_DDI_MOD)
4192 		printf("ddi_modopen %s mode %x: %s %p %d\n",
4193 		    modname ? modname : "<unknown>", mode,
4194 		    hmodp ? hmodp->mod_filename : "<unknown>",
4195 		    (void *)hmodp, retval);
4196 
4197 	return ((ddi_modhandle_t)hmodp);
4198 }
4199 
4200 /* lookup "name" in open dl module/library */
4201 void *
4202 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4203 {
4204 	struct modctl	*hmodp = (struct modctl *)h;
4205 	void		*f;
4206 	int		retval;
4207 
4208 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4209 	if ((hmodp == NULL) || (name == NULL) ||
4210 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4211 		f = NULL;
4212 		retval = EINVAL;
4213 	} else {
4214 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4215 		if (f)
4216 			retval = 0;
4217 		else
4218 			retval = ENOTSUP;
4219 	}
4220 
4221 	if (moddebug & MODDEBUG_DDI_MOD)
4222 		printf("ddi_modsym in %s of %s: %d %p\n",
4223 		    hmodp ? hmodp->mod_modname : "<unknown>",
4224 		    name ? name : "<unknown>", retval, f);
4225 
4226 	if (errnop)
4227 		*errnop = retval;
4228 	return (f);
4229 }
4230 
4231 /* dynamic (un)reference unload of an open dl module/library */
4232 int
4233 ddi_modclose(ddi_modhandle_t h)
4234 {
4235 	struct modctl	*hmodp = (struct modctl *)h;
4236 	struct modctl	*modp = NULL;
4237 	int		retval;
4238 
4239 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4240 	if ((hmodp == NULL) ||
4241 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4242 		retval = EINVAL;
4243 		goto out;
4244 	}
4245 
4246 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4247 	if (retval == EBUSY)
4248 		retval = 0;	/* EBUSY is not an error */
4249 
4250 	if (retval == 0) {
4251 		ASSERT(hmodp == modp);
4252 		if (hmodp != modp)
4253 			retval = EINVAL;
4254 	}
4255 
4256 out:	if (moddebug & MODDEBUG_DDI_MOD)
4257 		printf("ddi_modclose %s: %d\n",
4258 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
4259 
4260 	return (retval);
4261 }
4262