xref: /titanic_52/usr/src/uts/common/os/modctl.c (revision 34841cc2abc43146ada78560d5f179be666acbda)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * modctl system call for loadable module support.
29  */
30 
31 #include <sys/param.h>
32 #include <sys/user.h>
33 #include <sys/systm.h>
34 #include <sys/exec.h>
35 #include <sys/file.h>
36 #include <sys/stat.h>
37 #include <sys/conf.h>
38 #include <sys/time.h>
39 #include <sys/reboot.h>
40 #include <sys/fs/ufs_fsdir.h>
41 #include <sys/kmem.h>
42 #include <sys/sysconf.h>
43 #include <sys/cmn_err.h>
44 #include <sys/ddi.h>
45 #include <sys/sunddi.h>
46 #include <sys/sunndi.h>
47 #include <sys/ndi_impldefs.h>
48 #include <sys/ddi_impldefs.h>
49 #include <sys/ddi_implfuncs.h>
50 #include <sys/bootconf.h>
51 #include <sys/dc_ki.h>
52 #include <sys/cladm.h>
53 #include <sys/dtrace.h>
54 #include <sys/kdi.h>
55 
56 #include <sys/devpolicy.h>
57 #include <sys/modctl.h>
58 #include <sys/kobj.h>
59 #include <sys/devops.h>
60 #include <sys/autoconf.h>
61 #include <sys/hwconf.h>
62 #include <sys/callb.h>
63 #include <sys/debug.h>
64 #include <sys/cpuvar.h>
65 #include <sys/sysmacros.h>
66 #include <sys/sysevent.h>
67 #include <sys/sysevent_impl.h>
68 #include <sys/instance.h>
69 #include <sys/modhash.h>
70 #include <sys/modhash_impl.h>
71 #include <sys/dacf_impl.h>
72 #include <sys/vfs.h>
73 #include <sys/pathname.h>
74 #include <sys/console.h>
75 #include <sys/policy.h>
76 #include <ipp/ipp_impl.h>
77 #include <sys/fs/dv_node.h>
78 #include <sys/strsubr.h>
79 #include <sys/fs/sdev_node.h>
80 
81 static int		mod_circdep(struct modctl *);
82 static int		modinfo(modid_t, struct modinfo *);
83 
84 static void		mod_uninstall_all(void);
85 static int		mod_getinfo(struct modctl *, struct modinfo *);
86 static struct modctl	*allocate_modp(const char *, const char *);
87 
88 static int		mod_load(struct modctl *, int);
89 static void		mod_unload(struct modctl *);
90 static int		modinstall(struct modctl *);
91 static int		moduninstall(struct modctl *);
92 
93 static struct modctl	*mod_hold_by_name_common(struct modctl *, const char *);
94 static struct modctl	*mod_hold_next_by_id(modid_t);
95 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
96 static struct modctl	*mod_hold_installed_mod(char *, int, int, int *);
97 
98 static void		mod_release(struct modctl *);
99 static void		mod_make_requisite(struct modctl *, struct modctl *);
100 static int		mod_install_requisites(struct modctl *);
101 static void		check_esc_sequences(char *, char *);
102 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
103 
104 /*
105  * module loading thread control structure. Calls to kobj_load_module()() are
106  * handled off to a separate thead using this structure.
107  */
108 struct loadmt {
109 	ksema_t		sema;
110 	struct modctl	*mp;
111 	int		usepath;
112 	kthread_t	*owner;
113 	int		retval;
114 };
115 
116 static void	modload_thread(struct loadmt *);
117 
118 kcondvar_t	mod_cv;
119 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
120 					/* and the uninstall daemon. */
121 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
122 					/* mod_busy, mod_want, and mod_ref. */
123 					/* blocking operations while holding */
124 					/* mod_lock should be avoided */
125 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
126 kthread_id_t	mod_aul_thread;
127 
128 int		modunload_wait;
129 kmutex_t	modunload_wait_mutex;
130 kcondvar_t	modunload_wait_cv;
131 int		modunload_active_count;
132 int		modunload_disable_count;
133 
134 int	isminiroot;		/* set if running as miniroot */
135 int	modrootloaded;		/* set after root driver and fs are loaded */
136 int	moddebug = 0x0;		/* debug flags for module writers */
137 int	swaploaded;		/* set after swap driver and fs are loaded */
138 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
139 int	last_module_id;
140 clock_t	mod_uninstall_interval = 0;
141 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
142 
143 struct devnames *devnamesp;
144 struct devnames orphanlist;
145 
146 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
147 
148 #define	MAJBINDFILE "/etc/name_to_major"
149 #define	SYSBINDFILE "/etc/name_to_sysnum"
150 
151 static char	majbind[] = MAJBINDFILE;
152 static char	sysbind[] = SYSBINDFILE;
153 static uint_t	mod_autounload_key;	/* for module autounload detection */
154 
155 extern int obpdebug;
156 
157 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
158 
159 static int minorperm_loaded = 0;
160 
161 void
162 mod_setup(void)
163 {
164 	struct sysent *callp;
165 	int callnum, exectype;
166 	int	num_devs;
167 	int	i;
168 
169 	/*
170 	 * Initialize the list of loaded driver dev_ops.
171 	 * XXX - This must be done before reading the system file so that
172 	 * forceloads of drivers will work.
173 	 */
174 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
175 	/*
176 	 * Since read_binding_file is common code, it doesn't enforce that all
177 	 * of the binding file entries have major numbers <= MAXMAJ32.  Thus,
178 	 * ensure that we don't allocate some massive amount of space due to a
179 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
180 	 * until file system support for larger major numbers exists.
181 	 */
182 
183 	/*
184 	 * Leave space for expansion, but not more than L_MAXMAJ32
185 	 */
186 	devcnt = MIN(num_devs + 30, L_MAXMAJ32);
187 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
188 	for (i = 0; i < devcnt; i++)
189 		devopsp[i] = &mod_nodev_ops;
190 
191 	init_devnamesp(devcnt);
192 
193 	/*
194 	 * Sync up with the work that the stand-alone linker has already done.
195 	 */
196 	(void) kobj_sync();
197 
198 	if (boothowto & RB_DEBUG)
199 		kdi_dvec_modavail();
200 
201 	make_aliases(mb_hashtab);
202 
203 	/*
204 	 * Initialize streams device implementation structures.
205 	 */
206 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
207 
208 	/*
209 	 * If the cl_bootstrap module is present,
210 	 * we should be configured as a cluster. Loading this module
211 	 * will set "cluster_bootflags" to non-zero.
212 	 */
213 	(void) modload("misc", "cl_bootstrap");
214 
215 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
216 	init_syscallnames(NSYSCALL);
217 
218 	/*
219 	 * Start up dynamic autoconfiguration framework (dacf).
220 	 */
221 	mod_hash_init();
222 	dacf_init();
223 
224 	/*
225 	 * Start up IP policy framework (ipp).
226 	 */
227 	ipp_init();
228 
229 	/*
230 	 * Allocate loadable native system call locks.
231 	 */
232 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
233 	    callnum++, callp++) {
234 		if (LOADABLE_SYSCALL(callp)) {
235 			if (mod_getsysname(callnum) != NULL) {
236 				callp->sy_lock =
237 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
238 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
239 			} else {
240 				callp->sy_flags &= ~SE_LOADABLE;
241 				callp->sy_callc = nosys;
242 			}
243 #ifdef DEBUG
244 		} else {
245 			/*
246 			 * Do some sanity checks on the sysent table
247 			 */
248 			switch (callp->sy_flags & SE_RVAL_MASK) {
249 			case SE_32RVAL1:
250 				/* only r_val1 returned */
251 			case SE_32RVAL1 | SE_32RVAL2:
252 				/* r_val1 and r_val2 returned */
253 			case SE_64RVAL:
254 				/* 64-bit rval returned */
255 				break;
256 			default:
257 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
258 				    callnum, callp->sy_flags);
259 			}
260 #endif
261 		}
262 	}
263 
264 #ifdef _SYSCALL32_IMPL
265 	/*
266 	 * Allocate loadable system call locks for 32-bit compat syscalls
267 	 */
268 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
269 	    callnum++, callp++) {
270 		if (LOADABLE_SYSCALL(callp)) {
271 			if (mod_getsysname(callnum) != NULL) {
272 				callp->sy_lock =
273 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
274 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
275 			} else {
276 				callp->sy_flags &= ~SE_LOADABLE;
277 				callp->sy_callc = nosys;
278 			}
279 #ifdef DEBUG
280 		} else {
281 			/*
282 			 * Do some sanity checks on the sysent table
283 			 */
284 			switch (callp->sy_flags & SE_RVAL_MASK) {
285 			case SE_32RVAL1:
286 				/* only r_val1 returned */
287 			case SE_32RVAL1 | SE_32RVAL2:
288 				/* r_val1 and r_val2 returned */
289 			case SE_64RVAL:
290 				/* 64-bit rval returned */
291 				break;
292 			default:
293 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
294 				    callnum, callp->sy_flags);
295 				goto skip;
296 			}
297 
298 			/*
299 			 * Cross-check the native and compatibility tables.
300 			 */
301 			if (callp->sy_callc == nosys ||
302 			    sysent[callnum].sy_callc == nosys)
303 				continue;
304 			/*
305 			 * If only one or the other slot is loadable, then
306 			 * there's an error -- they should match!
307 			 */
308 			if ((callp->sy_callc == loadable_syscall) ^
309 			    (sysent[callnum].sy_callc == loadable_syscall)) {
310 				cmn_err(CE_WARN, "sysent[%d] loadable?",
311 				    callnum);
312 			}
313 			/*
314 			 * This is more of a heuristic test -- if the
315 			 * system call returns two values in the 32-bit
316 			 * world, it should probably return two 32-bit
317 			 * values in the 64-bit world too.
318 			 */
319 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
320 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
321 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
322 				    callnum);
323 			}
324 skip:;
325 #endif	/* DEBUG */
326 		}
327 	}
328 #endif	/* _SYSCALL32_IMPL */
329 
330 	/*
331 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
332 	 */
333 	for (exectype = 0; exectype < nexectype; exectype++) {
334 		execsw[exectype].exec_lock =
335 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
336 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
337 	}
338 
339 	read_class_file();
340 
341 	/* init thread specific structure for mod_uninstall_all */
342 	tsd_create(&mod_autounload_key, NULL);
343 }
344 
345 static int
346 modctl_modload(int use_path, char *filename, int *rvp)
347 {
348 	struct modctl *modp;
349 	int retval = 0;
350 	char *filenamep;
351 	int modid;
352 
353 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
354 
355 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
356 		retval = EFAULT;
357 		goto out;
358 	}
359 
360 	filenamep[MOD_MAXPATH - 1] = 0;
361 	modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
362 
363 	if (modp == NULL)
364 		goto out;
365 
366 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
367 	modid = modp->mod_id;
368 	mod_release_mod(modp);
369 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
370 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
371 		retval = EFAULT;
372 out:
373 	kmem_free(filenamep, MOD_MAXPATH);
374 
375 	return (retval);
376 }
377 
378 static int
379 modctl_modunload(modid_t id)
380 {
381 	int rval = 0;
382 
383 	if (id == 0) {
384 #ifdef DEBUG
385 		/*
386 		 * Turn on mod_uninstall_daemon
387 		 */
388 		if (mod_uninstall_interval == 0) {
389 			mod_uninstall_interval = 60;
390 			modreap();
391 			return (rval);
392 		}
393 #endif
394 		mod_uninstall_all();
395 	} else {
396 		rval = modunload(id);
397 	}
398 	return (rval);
399 }
400 
401 static int
402 modctl_modinfo(modid_t id, struct modinfo *umodi)
403 {
404 	int retval;
405 	struct modinfo modi;
406 #if defined(_SYSCALL32_IMPL)
407 	int nobase;
408 	struct modinfo32 modi32;
409 #endif
410 
411 	if (get_udatamodel() == DATAMODEL_NATIVE) {
412 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
413 			return (EFAULT);
414 	}
415 #ifdef _SYSCALL32_IMPL
416 	else {
417 		bzero(&modi, sizeof (modi));
418 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
419 			return (EFAULT);
420 		modi.mi_info = modi32.mi_info;
421 		modi.mi_id = modi32.mi_id;
422 		modi.mi_nextid = modi32.mi_nextid;
423 		nobase = modi.mi_info & MI_INFO_NOBASE;
424 	}
425 #endif
426 	/*
427 	 * This flag is -only- for the kernels use.
428 	 */
429 	modi.mi_info &= ~MI_INFO_LINKAGE;
430 
431 	retval = modinfo(id, &modi);
432 	if (retval)
433 		return (retval);
434 
435 	if (get_udatamodel() == DATAMODEL_NATIVE) {
436 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
437 			retval = EFAULT;
438 #ifdef _SYSCALL32_IMPL
439 	} else {
440 		int i;
441 
442 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
443 			return (EOVERFLOW);
444 
445 		modi32.mi_info = modi.mi_info;
446 		modi32.mi_state = modi.mi_state;
447 		modi32.mi_id = modi.mi_id;
448 		modi32.mi_nextid = modi.mi_nextid;
449 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
450 		modi32.mi_size = modi.mi_size;
451 		modi32.mi_rev = modi.mi_rev;
452 		modi32.mi_loadcnt = modi.mi_loadcnt;
453 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
454 		for (i = 0; i < MODMAXLINK32; i++) {
455 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
456 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
457 			    modi32.mi_msinfo[i].msi_linkinfo,
458 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
459 		}
460 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
461 			retval = EFAULT;
462 #endif
463 	}
464 
465 	return (retval);
466 }
467 
468 /*
469  * Return the last major number in the range of permissible major numbers.
470  */
471 /*ARGSUSED*/
472 static int
473 modctl_modreserve(modid_t id, int *data)
474 {
475 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
476 		return (EFAULT);
477 	return (0);
478 }
479 
480 /* Add/Remove driver and binding aliases */
481 static int
482 modctl_update_driver_aliases(int add, int *data)
483 {
484 	struct modconfig	mc;
485 	int			i, n, rv = 0;
486 	struct aliases		alias;
487 	struct aliases		*ap;
488 	char			name[MAXMODCONFNAME];
489 	char			cname[MAXMODCONFNAME];
490 	char			*drvname;
491 	int			resid;
492 	struct alias_info {
493 		char	*alias_name;
494 		int	alias_resid;
495 	} *aliases, *aip;
496 
497 	bzero(&mc, sizeof (struct modconfig));
498 	if (get_udatamodel() == DATAMODEL_NATIVE) {
499 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
500 			return (EFAULT);
501 	}
502 #ifdef _SYSCALL32_IMPL
503 	else {
504 		struct modconfig32 modc32;
505 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
506 			return (EFAULT);
507 		else {
508 			bcopy(modc32.drvname, mc.drvname,
509 			    sizeof (modc32.drvname));
510 			bcopy(modc32.drvclass, mc.drvclass,
511 			    sizeof (modc32.drvclass));
512 			mc.major = modc32.major;
513 			mc.flags = modc32.flags;
514 			mc.num_aliases = modc32.num_aliases;
515 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
516 		}
517 	}
518 #endif
519 
520 	/*
521 	 * If the driver is already in the mb_hashtab, and the name given
522 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
523 	 * we may be adding aliases.
524 	 */
525 	drvname = mod_major_to_name(mc.major);
526 	if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
527 		return (EINVAL);
528 
529 	/*
530 	 * Precede alias removal by unbinding as many devices as possible.
531 	 */
532 	if (add == 0) {
533 		(void) i_ddi_unload_drvconf(mc.major);
534 		i_ddi_unbind_devs(mc.major);
535 	}
536 
537 	/*
538 	 * Add/remove each supplied driver alias to/from mb_hashtab
539 	 */
540 	ap = mc.ap;
541 	if (mc.num_aliases > 0)
542 		aliases = kmem_zalloc(
543 		    mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
544 	aip = aliases;
545 	for (i = 0; i < mc.num_aliases; i++) {
546 		bzero(&alias, sizeof (struct aliases));
547 		if (get_udatamodel() == DATAMODEL_NATIVE) {
548 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
549 				rv = EFAULT;
550 				goto error;
551 			}
552 			if (alias.a_len > MAXMODCONFNAME) {
553 				rv = EINVAL;
554 				goto error;
555 			}
556 			if (copyin(alias.a_name, name, alias.a_len) != 0) {
557 				rv = EFAULT;
558 				goto error;
559 			}
560 			if (name[alias.a_len - 1] != '\0') {
561 				rv = EINVAL;
562 				goto error;
563 			}
564 		}
565 #ifdef _SYSCALL32_IMPL
566 		else {
567 			struct aliases32 al32;
568 			bzero(&al32, sizeof (struct aliases32));
569 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
570 				rv = EFAULT;
571 				goto error;
572 			}
573 			if (al32.a_len > MAXMODCONFNAME) {
574 				rv = EINVAL;
575 				goto error;
576 			}
577 			if (copyin((void *)(uintptr_t)al32.a_name,
578 			    name, al32.a_len) != 0) {
579 				rv = EFAULT;
580 				goto error;
581 			}
582 			if (name[al32.a_len - 1] != '\0') {
583 				rv = EINVAL;
584 				goto error;
585 			}
586 			alias.a_next = (void *)(uintptr_t)al32.a_next;
587 		}
588 #endif
589 		check_esc_sequences(name, cname);
590 		aip->alias_name = strdup(cname);
591 		ap = alias.a_next;
592 		aip++;
593 	}
594 
595 	if (add == 0) {
596 		ap = mc.ap;
597 		resid = 0;
598 		aip = aliases;
599 		/* attempt to unbind all devices bound to each alias */
600 		for (i = 0; i < mc.num_aliases; i++) {
601 			n = i_ddi_unbind_devs_by_alias(
602 			    mc.major, aip->alias_name);
603 			resid += n;
604 			aip->alias_resid = n;
605 		}
606 
607 		/*
608 		 * If some device bound to an alias remains in use,
609 		 * and override wasn't specified, no change is made to
610 		 * the binding state and we fail the operation.
611 		 */
612 		if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
613 			rv = EBUSY;
614 			goto error;
615 		}
616 
617 		/*
618 		 * No device remains bound of any of the aliases,
619 		 * or force was requested.  Mark each alias as
620 		 * inactive via delete_mbind so no future binds
621 		 * to this alias take place and that a new
622 		 * binding can be established.
623 		 */
624 		aip = aliases;
625 		for (i = 0; i < mc.num_aliases; i++) {
626 			if (moddebug & MODDEBUG_BINDING)
627 				cmn_err(CE_CONT, "Removing binding for %s "
628 				    "(%d active references)\n",
629 				    aip->alias_name, aip->alias_resid);
630 			delete_mbind(aip->alias_name, mb_hashtab);
631 			aip++;
632 		}
633 		rv = 0;
634 	} else {
635 		aip = aliases;
636 		for (i = 0; i < mc.num_aliases; i++) {
637 			if (moddebug & MODDEBUG_BINDING)
638 				cmn_err(CE_NOTE, "Adding binding for '%s'\n",
639 				    aip->alias_name);
640 			(void) make_mbind(aip->alias_name,
641 			    mc.major, NULL, mb_hashtab);
642 			aip++;
643 		}
644 		/*
645 		 * Try to establish an mbinding for mc.drvname, and add it to
646 		 * devnames. Add class if any after establishing the major
647 		 * number.
648 		 */
649 		(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
650 		if ((rv = make_devname(mc.drvname, mc.major)) != 0)
651 			goto error;
652 
653 		if (mc.drvclass[0] != '\0')
654 			add_class(mc.drvname, mc.drvclass);
655 		(void) i_ddi_load_drvconf(mc.major);
656 	}
657 
658 	/*
659 	 * Ensure that all nodes are bound to the most appropriate driver
660 	 * possible, attempting demotion and rebind when a more appropriate
661 	 * driver now exists.
662 	 */
663 	i_ddi_bind_devs();
664 	i_ddi_di_cache_invalidate(KM_SLEEP);
665 
666 error:
667 	if (mc.num_aliases > 0) {
668 		aip = aliases;
669 		for (i = 0; i < mc.num_aliases; i++) {
670 			if (aip->alias_name != NULL)
671 				strfree(aip->alias_name);
672 			aip++;
673 		}
674 		kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
675 	}
676 	return (rv);
677 }
678 
679 static int
680 modctl_add_driver_aliases(int *data)
681 {
682 	return (modctl_update_driver_aliases(1, data));
683 }
684 
685 static int
686 modctl_remove_driver_aliases(int *data)
687 {
688 	return (modctl_update_driver_aliases(0, data));
689 }
690 
691 static int
692 modctl_rem_major(major_t major)
693 {
694 	struct devnames *dnp;
695 
696 	if (major >= devcnt)
697 		return (EINVAL);
698 
699 	/* mark devnames as removed */
700 	dnp = &devnamesp[major];
701 	LOCK_DEV_OPS(&dnp->dn_lock);
702 	if (dnp->dn_name == NULL ||
703 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
704 		UNLOCK_DEV_OPS(&dnp->dn_lock);
705 		return (EINVAL);
706 	}
707 	dnp->dn_flags |= DN_DRIVER_REMOVED;
708 	pm_driver_removed(major);
709 	UNLOCK_DEV_OPS(&dnp->dn_lock);
710 
711 	(void) i_ddi_unload_drvconf(major);
712 	i_ddi_unbind_devs(major);
713 	i_ddi_bind_devs();
714 	i_ddi_di_cache_invalidate(KM_SLEEP);
715 
716 	/* purge all the bindings to this driver */
717 	purge_mbind(major, mb_hashtab);
718 	return (0);
719 }
720 
721 static struct vfs *
722 path_to_vfs(char *name)
723 {
724 	vnode_t *vp;
725 	struct vfs *vfsp;
726 
727 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
728 		return (NULL);
729 
730 	vfsp = vp->v_vfsp;
731 	VN_RELE(vp);
732 	return (vfsp);
733 }
734 
735 static int
736 new_vfs_in_modpath()
737 {
738 	static int n_modpath = 0;
739 	static char *modpath_copy;
740 	static struct pathvfs {
741 		char *path;
742 		struct vfs *vfsp;
743 	} *pathvfs;
744 
745 	int i, new_vfs = 0;
746 	char *tmp, *tmp1;
747 	struct vfs *vfsp;
748 
749 	if (n_modpath != 0) {
750 		for (i = 0; i < n_modpath; i++) {
751 			vfsp = path_to_vfs(pathvfs[i].path);
752 			if (vfsp != pathvfs[i].vfsp) {
753 				pathvfs[i].vfsp = vfsp;
754 				if (vfsp)
755 					new_vfs = 1;
756 			}
757 		}
758 		return (new_vfs);
759 	}
760 
761 	/*
762 	 * First call, initialize the pathvfs structure
763 	 */
764 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
765 	tmp = modpath_copy;
766 	n_modpath = 1;
767 	tmp1 = strchr(tmp, ' ');
768 	while (tmp1) {
769 		*tmp1 = '\0';
770 		n_modpath++;
771 		tmp = tmp1 + 1;
772 		tmp1 = strchr(tmp, ' ');
773 	}
774 
775 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
776 	tmp = modpath_copy;
777 	for (i = 0; i < n_modpath; i++) {
778 		pathvfs[i].path = tmp;
779 		vfsp = path_to_vfs(tmp);
780 		pathvfs[i].vfsp = vfsp;
781 		tmp += strlen(tmp) + 1;
782 	}
783 	return (1);	/* always reread driver.conf the first time */
784 }
785 
786 static int
787 modctl_load_drvconf(major_t major)
788 {
789 	int ret;
790 
791 	if (major != DDI_MAJOR_T_NONE) {
792 		ret = i_ddi_load_drvconf(major);
793 		if (ret == 0)
794 			i_ddi_bind_devs();
795 		return (ret);
796 	}
797 
798 	/*
799 	 * We are invoked to rescan new driver.conf files. It is
800 	 * only necessary if a new file system was mounted in the
801 	 * module_path. Because rescanning driver.conf files can
802 	 * take some time on older platforms (sun4m), the following
803 	 * code skips unnecessary driver.conf rescans to optimize
804 	 * boot performance.
805 	 */
806 	if (new_vfs_in_modpath()) {
807 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
808 		/*
809 		 * If we are still initializing io subsystem,
810 		 * load drivers with ddi-forceattach property
811 		 */
812 		if (!i_ddi_io_initialized())
813 			i_ddi_forceattach_drivers();
814 	}
815 	return (0);
816 }
817 
818 /*
819  * Unload driver.conf file and follow up by attempting
820  * to rebind devices to more appropriate driver.
821  */
822 static int
823 modctl_unload_drvconf(major_t major)
824 {
825 	int ret;
826 
827 	if (major >= devcnt)
828 		return (EINVAL);
829 
830 	ret = i_ddi_unload_drvconf(major);
831 	if (ret != 0)
832 		return (ret);
833 	(void) i_ddi_unbind_devs(major);
834 	i_ddi_bind_devs();
835 
836 	return (0);
837 }
838 
839 static void
840 check_esc_sequences(char *str, char *cstr)
841 {
842 	int i;
843 	size_t len;
844 	char *p;
845 
846 	len = strlen(str);
847 	for (i = 0; i < len; i++, str++, cstr++) {
848 		if (*str != '\\') {
849 			*cstr = *str;
850 		} else {
851 			p = str + 1;
852 			/*
853 			 * we only handle octal escape sequences for SPACE
854 			 */
855 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
856 				*cstr = ' ';
857 				str += 3;
858 			} else {
859 				*cstr = *str;
860 			}
861 		}
862 	}
863 	*cstr = 0;
864 }
865 
866 static int
867 modctl_getmodpathlen(int *data)
868 {
869 	int len;
870 	len = strlen(default_path);
871 	if (copyout(&len, data, sizeof (len)) != 0)
872 		return (EFAULT);
873 	return (0);
874 }
875 
876 static int
877 modctl_getmodpath(char *data)
878 {
879 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
880 		return (EFAULT);
881 	return (0);
882 }
883 
884 static int
885 modctl_read_sysbinding_file(void)
886 {
887 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
888 	return (0);
889 }
890 
891 static int
892 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
893 {
894 	char name[256];
895 	int retval;
896 	major_t major;
897 
898 	if (ulen == 0)
899 		return (EINVAL);
900 	if ((retval = copyinstr(uname, name,
901 	    (ulen < 256) ? ulen : 256, 0)) != 0)
902 		return (retval);
903 	if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
904 		return (ENODEV);
905 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
906 		return (EFAULT);
907 	return (0);
908 }
909 
910 static char **
911 convert_constraint_string(char *constraints, size_t len)
912 {
913 	int	i;
914 	int	n;
915 	char	*p;
916 	char	**array;
917 
918 	ASSERT(constraints != NULL);
919 	ASSERT(len > 0);
920 
921 	for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
922 		;
923 
924 	n = i;
925 
926 	if (n == 0) {
927 		kmem_free(constraints, len);
928 		return (NULL);
929 	}
930 
931 	array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
932 
933 	for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
934 		array[i] = i_ddi_strdup(p, KM_SLEEP);
935 	}
936 	array[n] = NULL;
937 
938 	kmem_free(constraints, len);
939 
940 	return (array);
941 }
942 /*ARGSUSED*/
943 static int
944 modctl_retire(char *path, char *uconstraints, size_t ulen)
945 {
946 	char	*pathbuf;
947 	char	*devpath;
948 	size_t	pathsz;
949 	int	retval;
950 	char	*constraints;
951 	char	**cons_array;
952 
953 	if (path == NULL)
954 		return (EINVAL);
955 
956 	if ((uconstraints == NULL) ^ (ulen == 0))
957 		return (EINVAL);
958 
959 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
960 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
961 	if (retval != 0) {
962 		kmem_free(pathbuf, MAXPATHLEN);
963 		return (retval);
964 	}
965 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
966 	kmem_free(pathbuf, MAXPATHLEN);
967 
968 	/*
969 	 * First check if the device is already retired.
970 	 * If it is, this becomes a NOP
971 	 */
972 	if (e_ddi_device_retired(devpath)) {
973 		cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
974 		kmem_free(devpath, strlen(devpath) + 1);
975 		return (0);
976 	}
977 
978 	cons_array = NULL;
979 	if (uconstraints) {
980 		constraints = kmem_alloc(ulen, KM_SLEEP);
981 		if (copyin(uconstraints, constraints, ulen)) {
982 			kmem_free(constraints, ulen);
983 			kmem_free(devpath, strlen(devpath) + 1);
984 			return (EFAULT);
985 		}
986 		cons_array = convert_constraint_string(constraints, ulen);
987 	}
988 
989 	/*
990 	 * Try to retire the device first. The following
991 	 * routine will return an error only if the device
992 	 * is not retireable i.e. retire constraints forbid
993 	 * a retire. A return of success from this routine
994 	 * indicates that device is retireable.
995 	 */
996 	retval = e_ddi_retire_device(devpath, cons_array);
997 	if (retval != DDI_SUCCESS) {
998 		cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
999 		kmem_free(devpath, strlen(devpath) + 1);
1000 		return (ENOTSUP);
1001 	}
1002 
1003 	/*
1004 	 * Ok, the retire succeeded. Persist the retire.
1005 	 * If retiring a nexus, we need to only persist the
1006 	 * nexus retire. Any children of a retired nexus
1007 	 * are automatically covered by the retire store
1008 	 * code.
1009 	 */
1010 	retval = e_ddi_retire_persist(devpath);
1011 	if (retval != 0) {
1012 		cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1013 		    "%s", retval, devpath);
1014 		kmem_free(devpath, strlen(devpath) + 1);
1015 		return (retval);
1016 	}
1017 	if (moddebug & MODDEBUG_RETIRE)
1018 		cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1019 
1020 	kmem_free(devpath, strlen(devpath) + 1);
1021 	return (0);
1022 }
1023 
1024 static int
1025 modctl_is_retired(char *path, int *statep)
1026 {
1027 	char	*pathbuf;
1028 	char	*devpath;
1029 	size_t	pathsz;
1030 	int	error;
1031 	int	status;
1032 
1033 	if (path == NULL || statep == NULL)
1034 		return (EINVAL);
1035 
1036 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1037 	error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1038 	if (error != 0) {
1039 		kmem_free(pathbuf, MAXPATHLEN);
1040 		return (error);
1041 	}
1042 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1043 	kmem_free(pathbuf, MAXPATHLEN);
1044 
1045 	if (e_ddi_device_retired(devpath))
1046 		status = 1;
1047 	else
1048 		status = 0;
1049 	kmem_free(devpath, strlen(devpath) + 1);
1050 
1051 	return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1052 }
1053 
1054 static int
1055 modctl_unretire(char *path)
1056 {
1057 	char	*pathbuf;
1058 	char	*devpath;
1059 	size_t	pathsz;
1060 	int	retired;
1061 	int	retval;
1062 
1063 	if (path == NULL)
1064 		return (EINVAL);
1065 
1066 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1067 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1068 	if (retval != 0) {
1069 		kmem_free(pathbuf, MAXPATHLEN);
1070 		return (retval);
1071 	}
1072 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1073 	kmem_free(pathbuf, MAXPATHLEN);
1074 
1075 	/*
1076 	 * We check if a device is retired (first) before
1077 	 * unpersisting the retire, because we use the
1078 	 * retire store to determine if a device is retired.
1079 	 * If we unpersist first, the device will always appear
1080 	 * to be unretired. For the rationale behind unpersisting
1081 	 * a device that is not retired, see the next comment.
1082 	 */
1083 	retired = e_ddi_device_retired(devpath);
1084 
1085 	/*
1086 	 * We call unpersist unconditionally because the lookup
1087 	 * for retired devices (e_ddi_device_retired()), skips "bypassed"
1088 	 * devices. We still want to be able remove "bypassed" entries
1089 	 * from the persistent store, so we unpersist unconditionally
1090 	 * i.e. whether or not the entry is found on a lookup.
1091 	 *
1092 	 * e_ddi_retire_unpersist() returns 1 if it found and cleared
1093 	 * an entry from the retire store or 0 otherwise.
1094 	 */
1095 	if (e_ddi_retire_unpersist(devpath))
1096 		if (moddebug & MODDEBUG_RETIRE) {
1097 			cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1098 			    devpath);
1099 		}
1100 
1101 	/*
1102 	 * Check if the device is already unretired. If so,
1103 	 * the unretire becomes a NOP
1104 	 */
1105 	if (!retired) {
1106 		cmn_err(CE_NOTE, "Not retired: %s", devpath);
1107 		kmem_free(devpath, strlen(devpath) + 1);
1108 		return (0);
1109 	}
1110 
1111 	retval = e_ddi_unretire_device(devpath);
1112 	if (retval != 0) {
1113 		cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1114 		    retval, devpath);
1115 	}
1116 
1117 	kmem_free(devpath, strlen(devpath) + 1);
1118 
1119 	return (retval);
1120 }
1121 
1122 static int
1123 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1124 {
1125 	char *name;
1126 	major_t major;
1127 
1128 	if (copyin(umajorp, &major, sizeof (major)) != 0)
1129 		return (EFAULT);
1130 	if ((name = mod_major_to_name(major)) == NULL)
1131 		return (ENODEV);
1132 	if ((strlen(name) + 1) > ulen)
1133 		return (ENOSPC);
1134 	return (copyoutstr(name, uname, ulen, NULL));
1135 }
1136 
1137 static int
1138 modctl_devt2instance(dev_t dev, int *uinstancep)
1139 {
1140 	int	instance;
1141 
1142 	if ((instance = dev_to_instance(dev)) == -1)
1143 		return (EINVAL);
1144 
1145 	return (copyout(&instance, uinstancep, sizeof (int)));
1146 }
1147 
1148 /*
1149  * Return the sizeof of the device id.
1150  */
1151 static int
1152 modctl_sizeof_devid(dev_t dev, uint_t *len)
1153 {
1154 	uint_t		sz;
1155 	ddi_devid_t	devid;
1156 
1157 	/* get device id */
1158 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1159 		return (EINVAL);
1160 
1161 	sz = ddi_devid_sizeof(devid);
1162 	ddi_devid_free(devid);
1163 
1164 	/* copyout device id size */
1165 	if (copyout(&sz, len, sizeof (sz)) != 0)
1166 		return (EFAULT);
1167 
1168 	return (0);
1169 }
1170 
1171 /*
1172  * Return a copy of the device id.
1173  */
1174 static int
1175 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1176 {
1177 	uint_t		sz;
1178 	ddi_devid_t	devid;
1179 	int		err = 0;
1180 
1181 	/* get device id */
1182 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1183 		return (EINVAL);
1184 
1185 	sz = ddi_devid_sizeof(devid);
1186 
1187 	/* Error if device id is larger than space allocated */
1188 	if (sz > len) {
1189 		ddi_devid_free(devid);
1190 		return (ENOSPC);
1191 	}
1192 
1193 	/* copy out device id */
1194 	if (copyout(devid, udevid, sz) != 0)
1195 		err = EFAULT;
1196 	ddi_devid_free(devid);
1197 	return (err);
1198 }
1199 
1200 /*
1201  * return the /devices paths associated with the specified devid and
1202  * minor name.
1203  */
1204 /*ARGSUSED*/
1205 static int
1206 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1207 	size_t *ulensp, char *upaths)
1208 {
1209 	ddi_devid_t	devid = NULL;
1210 	int		devid_len;
1211 	char		*minor_name = NULL;
1212 	dev_info_t	*dip = NULL;
1213 	int		circ;
1214 	struct ddi_minor_data   *dmdp;
1215 	char		*path = NULL;
1216 	int		ulens;
1217 	int		lens;
1218 	int		len;
1219 	dev_t		*devlist = NULL;
1220 	int		ndevs;
1221 	int		i;
1222 	int		ret = 0;
1223 
1224 	/*
1225 	 * If upaths is NULL then we are only computing the amount of space
1226 	 * needed to hold the paths and returning the value in *ulensp. If we
1227 	 * are copying out paths then we get the amount of space allocated by
1228 	 * the caller. If the actual space needed for paths is larger, or
1229 	 * things are changing out from under us, then we return EAGAIN.
1230 	 */
1231 	if (upaths) {
1232 		if (ulensp == NULL)
1233 			return (EINVAL);
1234 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1235 			return (EFAULT);
1236 	}
1237 
1238 	/*
1239 	 * copyin enough of the devid to determine the length then
1240 	 * reallocate and copy in the entire devid.
1241 	 */
1242 	devid_len = ddi_devid_sizeof(NULL);
1243 	devid = kmem_alloc(devid_len, KM_SLEEP);
1244 	if (copyin(udevid, devid, devid_len)) {
1245 		ret = EFAULT;
1246 		goto out;
1247 	}
1248 	len = devid_len;
1249 	devid_len = ddi_devid_sizeof(devid);
1250 	kmem_free(devid, len);
1251 	devid = kmem_alloc(devid_len, KM_SLEEP);
1252 	if (copyin(udevid, devid, devid_len)) {
1253 		ret = EFAULT;
1254 		goto out;
1255 	}
1256 
1257 	/* copyin the minor name if specified. */
1258 	minor_name = uminor_name;
1259 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1260 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1261 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1262 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1263 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1264 			ret = EFAULT;
1265 			goto out;
1266 		}
1267 	}
1268 
1269 	/*
1270 	 * Use existing function to resolve the devid into a devlist.
1271 	 *
1272 	 * NOTE: there is a loss of spectype information in the current
1273 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
1274 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1275 	 * node forms in the loop processing the devlist below. It would be
1276 	 * best if at some point the use of this interface here was replaced
1277 	 * with a path oriented call.
1278 	 */
1279 	if (ddi_lyr_devid_to_devlist(devid,
1280 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
1281 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
1282 	    &ndevs, &devlist) != DDI_SUCCESS) {
1283 		ret = EINVAL;
1284 		goto out;
1285 	}
1286 
1287 	/*
1288 	 * loop over the devlist, converting each devt to a path and doing
1289 	 * a copyout of the path and computation of the amount of space
1290 	 * needed to hold all the paths
1291 	 */
1292 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1293 	for (i = 0, lens = 0; i < ndevs; i++) {
1294 
1295 		/* find the dip associated with the dev_t */
1296 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1297 			continue;
1298 
1299 		/* loop over all the minor nodes, skipping ones we don't want */
1300 		ndi_devi_enter(dip, &circ);
1301 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1302 			if ((dmdp->ddm_dev != devlist[i]) ||
1303 			    (dmdp->type != DDM_MINOR))
1304 				continue;
1305 
1306 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1307 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1308 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1309 			    strcmp(minor_name, dmdp->ddm_name))
1310 				continue;
1311 			else {
1312 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1313 				    (dmdp->ddm_spec_type != S_IFCHR))
1314 					continue;
1315 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1316 				    (dmdp->ddm_spec_type != S_IFBLK))
1317 					continue;
1318 			}
1319 
1320 			(void) ddi_pathname_minor(dmdp, path);
1321 			len = strlen(path) + 1;
1322 			*(path + len) = '\0';	/* set double termination */
1323 			lens += len;
1324 
1325 			/* copyout the path with double terminations */
1326 			if (upaths) {
1327 				if (lens > ulens) {
1328 					ret = EAGAIN;
1329 					goto out;
1330 				}
1331 				if (copyout(path, upaths, len + 1)) {
1332 					ret = EFAULT;
1333 					goto out;
1334 				}
1335 				upaths += len;
1336 			}
1337 		}
1338 		ndi_devi_exit(dip, circ);
1339 		ddi_release_devi(dip);
1340 		dip = NULL;
1341 	}
1342 	lens++;		/* add one for double termination */
1343 
1344 	/* copy out the amount of space needed to hold the paths */
1345 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1346 		ret = EFAULT;
1347 		goto out;
1348 	}
1349 	ret = 0;
1350 
1351 out:	if (dip) {
1352 		ndi_devi_exit(dip, circ);
1353 		ddi_release_devi(dip);
1354 	}
1355 	if (path)
1356 		kmem_free(path, MAXPATHLEN);
1357 	if (devlist)
1358 		ddi_lyr_free_devlist(devlist, ndevs);
1359 	if (minor_name &&
1360 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1361 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1362 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1363 		kmem_free(minor_name, MAXPATHLEN);
1364 	if (devid)
1365 		kmem_free(devid, devid_len);
1366 	return (ret);
1367 }
1368 
1369 /*
1370  * Return the size of the minor name.
1371  */
1372 static int
1373 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1374 {
1375 	uint_t	sz;
1376 	char	*name;
1377 
1378 	/* get the minor name */
1379 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1380 		return (EINVAL);
1381 
1382 	sz = strlen(name) + 1;
1383 	kmem_free(name, sz);
1384 
1385 	/* copy out the size of the minor name */
1386 	if (copyout(&sz, len, sizeof (sz)) != 0)
1387 		return (EFAULT);
1388 
1389 	return (0);
1390 }
1391 
1392 /*
1393  * Return the minor name.
1394  */
1395 static int
1396 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1397 {
1398 	uint_t	sz;
1399 	char	*name;
1400 	int	err = 0;
1401 
1402 	/* get the minor name */
1403 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1404 		return (EINVAL);
1405 
1406 	sz = strlen(name) + 1;
1407 
1408 	/* Error if the minor name is larger than the space allocated */
1409 	if (sz > len) {
1410 		kmem_free(name, sz);
1411 		return (ENOSPC);
1412 	}
1413 
1414 	/* copy out the minor name */
1415 	if (copyout(name, uname, sz) != 0)
1416 		err = EFAULT;
1417 	kmem_free(name, sz);
1418 	return (err);
1419 }
1420 
1421 /*
1422  * Return the size of the (dev_t,spectype) devfspath name.
1423  */
1424 static int
1425 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1426 {
1427 	uint_t	sz;
1428 	char	*name;
1429 
1430 	/* get the path name */
1431 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1432 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1433 		kmem_free(name, MAXPATHLEN);
1434 		return (EINVAL);
1435 	}
1436 
1437 	sz = strlen(name) + 1;
1438 	kmem_free(name, MAXPATHLEN);
1439 
1440 	/* copy out the size of the path name */
1441 	if (copyout(&sz, len, sizeof (sz)) != 0)
1442 		return (EFAULT);
1443 
1444 	return (0);
1445 }
1446 
1447 /*
1448  * Return the (dev_t,spectype) devfspath name.
1449  */
1450 static int
1451 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1452 {
1453 	uint_t	sz;
1454 	char	*name;
1455 	int	err = 0;
1456 
1457 	/* get the path name */
1458 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1459 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1460 		kmem_free(name, MAXPATHLEN);
1461 		return (EINVAL);
1462 	}
1463 
1464 	sz = strlen(name) + 1;
1465 
1466 	/* Error if the path name is larger than the space allocated */
1467 	if (sz > len) {
1468 		kmem_free(name, MAXPATHLEN);
1469 		return (ENOSPC);
1470 	}
1471 
1472 	/* copy out the path name */
1473 	if (copyout(name, uname, sz) != 0)
1474 		err = EFAULT;
1475 	kmem_free(name, MAXPATHLEN);
1476 	return (err);
1477 }
1478 
1479 /*
1480  * Return the size of the (major,instance) devfspath name.
1481  */
1482 static int
1483 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1484 {
1485 	uint_t	sz;
1486 	char	*name;
1487 
1488 	/* get the path name */
1489 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1490 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1491 		kmem_free(name, MAXPATHLEN);
1492 		return (EINVAL);
1493 	}
1494 
1495 	sz = strlen(name) + 1;
1496 	kmem_free(name, MAXPATHLEN);
1497 
1498 	/* copy out the size of the path name */
1499 	if (copyout(&sz, len, sizeof (sz)) != 0)
1500 		return (EFAULT);
1501 
1502 	return (0);
1503 }
1504 
1505 /*
1506  * Return the (major_instance) devfspath name.
1507  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1508  * return a path - it uses the instance tree.
1509  */
1510 static int
1511 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1512 {
1513 	uint_t	sz;
1514 	char	*name;
1515 	int	err = 0;
1516 
1517 	/* get the path name */
1518 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1519 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1520 		kmem_free(name, MAXPATHLEN);
1521 		return (EINVAL);
1522 	}
1523 
1524 	sz = strlen(name) + 1;
1525 
1526 	/* Error if the path name is larger than the space allocated */
1527 	if (sz > len) {
1528 		kmem_free(name, MAXPATHLEN);
1529 		return (ENOSPC);
1530 	}
1531 
1532 	/* copy out the path name */
1533 	if (copyout(name, uname, sz) != 0)
1534 		err = EFAULT;
1535 	kmem_free(name, MAXPATHLEN);
1536 	return (err);
1537 }
1538 
1539 static int
1540 modctl_get_fbname(char *path)
1541 {
1542 	extern dev_t fbdev;
1543 	char *pathname = NULL;
1544 	int rval = 0;
1545 
1546 	/* make sure fbdev is set before we plunge in */
1547 	if (fbdev == NODEV)
1548 		return (ENODEV);
1549 
1550 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1551 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1552 	    pathname)) == DDI_SUCCESS) {
1553 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1554 			rval = EFAULT;
1555 		}
1556 	}
1557 	kmem_free(pathname, MAXPATHLEN);
1558 	return (rval);
1559 }
1560 
1561 /*
1562  * modctl_reread_dacf()
1563  *	Reread the dacf rules database from the named binding file.
1564  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1565  */
1566 static int
1567 modctl_reread_dacf(char *path)
1568 {
1569 	int rval = 0;
1570 	char *filename, *filenamep;
1571 
1572 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1573 
1574 	if (path == NULL) {
1575 		filenamep = NULL;
1576 	} else {
1577 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1578 			rval = EFAULT;
1579 			goto out;
1580 		}
1581 		filenamep = filename;
1582 		filenamep[MAXPATHLEN - 1] = '\0';
1583 	}
1584 
1585 	rval = read_dacf_binding_file(filenamep);
1586 out:
1587 	kmem_free(filename, MAXPATHLEN);
1588 	return (rval);
1589 }
1590 
1591 /*ARGSUSED*/
1592 static int
1593 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1594     uint_t flag)
1595 {
1596 	int error = 0;
1597 	char *filenamep;
1598 
1599 	switch (subcmd) {
1600 
1601 	case MODEVENTS_FLUSH:
1602 		/* flush all currently queued events */
1603 		log_sysevent_flushq(subcmd, flag);
1604 		break;
1605 
1606 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1607 		/*
1608 		 * bind door_upcall to filename
1609 		 * this should only be done once per invocation
1610 		 * of the event daemon.
1611 		 */
1612 
1613 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1614 
1615 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1616 			error = EFAULT;
1617 		} else {
1618 			error = log_sysevent_filename(filenamep);
1619 		}
1620 		kmem_free(filenamep, MOD_MAXPATH);
1621 		break;
1622 
1623 	case MODEVENTS_GETDATA:
1624 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1625 		    (size_t)a3, (caddr_t)a4);
1626 		break;
1627 
1628 	case MODEVENTS_FREEDATA:
1629 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1630 		break;
1631 	case MODEVENTS_POST_EVENT:
1632 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1633 		    (sysevent_id_t *)a4);
1634 		break;
1635 	case MODEVENTS_REGISTER_EVENT:
1636 		error = log_sysevent_register((char *)a2, (char *)a3,
1637 		    (se_pubsub_t *)a4);
1638 		break;
1639 	default:
1640 		error = EINVAL;
1641 	}
1642 
1643 	return (error);
1644 }
1645 
1646 static void
1647 free_mperm(mperm_t *mp)
1648 {
1649 	int len;
1650 
1651 	if (mp->mp_minorname) {
1652 		len = strlen(mp->mp_minorname) + 1;
1653 		kmem_free(mp->mp_minorname, len);
1654 	}
1655 	kmem_free(mp, sizeof (mperm_t));
1656 }
1657 
1658 #define	MP_NO_DRV_ERR	\
1659 	"/etc/minor_perm: no driver for %s\n"
1660 
1661 #define	MP_EMPTY_MINOR	\
1662 	"/etc/minor_perm: empty minor name for driver %s\n"
1663 
1664 #define	MP_NO_MINOR	\
1665 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1666 
1667 /*
1668  * Remove mperm entry with matching minorname
1669  */
1670 static void
1671 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1672 {
1673 	mperm_t **mp_head;
1674 	mperm_t *freemp = NULL;
1675 	struct devnames *dnp = &devnamesp[major];
1676 	mperm_t **wildmp;
1677 
1678 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1679 
1680 	LOCK_DEV_OPS(&dnp->dn_lock);
1681 	if (strcmp(mp->mp_minorname, "*") == 0) {
1682 		wildmp = ((is_clone == 0) ?
1683 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1684 		if (*wildmp)
1685 			freemp = *wildmp;
1686 		*wildmp = NULL;
1687 	} else {
1688 		mp_head = &dnp->dn_mperm;
1689 		while (*mp_head) {
1690 			if (strcmp((*mp_head)->mp_minorname,
1691 			    mp->mp_minorname) != 0) {
1692 				mp_head = &(*mp_head)->mp_next;
1693 				continue;
1694 			}
1695 			/* remove the entry */
1696 			freemp = *mp_head;
1697 			*mp_head = freemp->mp_next;
1698 			break;
1699 		}
1700 	}
1701 	if (freemp) {
1702 		if (moddebug & MODDEBUG_MINORPERM) {
1703 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1704 			    drvname, freemp->mp_minorname,
1705 			    freemp->mp_mode & 0777,
1706 			    freemp->mp_uid, freemp->mp_gid);
1707 		}
1708 		free_mperm(freemp);
1709 	} else {
1710 		if (moddebug & MODDEBUG_MINORPERM) {
1711 			cmn_err(CE_CONT, MP_NO_MINOR,
1712 			    drvname, mp->mp_minorname);
1713 		}
1714 	}
1715 
1716 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1717 }
1718 
1719 /*
1720  * Add minor perm entry
1721  */
1722 static void
1723 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1724 {
1725 	mperm_t **mp_head;
1726 	mperm_t *freemp = NULL;
1727 	struct devnames *dnp = &devnamesp[major];
1728 	mperm_t **wildmp;
1729 
1730 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1731 
1732 	/*
1733 	 * Note that update_drv replace semantics require
1734 	 * replacing matching entries with the new permissions.
1735 	 */
1736 	LOCK_DEV_OPS(&dnp->dn_lock);
1737 	if (strcmp(mp->mp_minorname, "*") == 0) {
1738 		wildmp = ((is_clone == 0) ?
1739 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1740 		if (*wildmp)
1741 			freemp = *wildmp;
1742 		*wildmp = mp;
1743 	} else {
1744 		mperm_t *p, *v = NULL;
1745 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1746 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1747 				if (v == NULL)
1748 					dnp->dn_mperm = mp;
1749 				else
1750 					v->mp_next = mp;
1751 				mp->mp_next = p->mp_next;
1752 				freemp = p;
1753 				goto replaced;
1754 			}
1755 		}
1756 		if (p == NULL) {
1757 			mp_head = &dnp->dn_mperm;
1758 			if (*mp_head == NULL) {
1759 				*mp_head = mp;
1760 			} else {
1761 				mp->mp_next = *mp_head;
1762 				*mp_head = mp;
1763 			}
1764 		}
1765 	}
1766 replaced:
1767 	if (freemp) {
1768 		if (moddebug & MODDEBUG_MINORPERM) {
1769 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1770 			    drvname, freemp->mp_minorname,
1771 			    freemp->mp_mode & 0777,
1772 			    freemp->mp_uid, freemp->mp_gid);
1773 		}
1774 		free_mperm(freemp);
1775 	}
1776 	if (moddebug & MODDEBUG_MINORPERM) {
1777 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1778 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1779 		    mp->mp_uid, mp->mp_gid);
1780 	}
1781 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1782 }
1783 
1784 
1785 static int
1786 process_minorperm(int cmd, nvlist_t *nvl)
1787 {
1788 	char *minor;
1789 	major_t major;
1790 	mperm_t *mp;
1791 	nvpair_t *nvp;
1792 	char *name;
1793 	int is_clone;
1794 	major_t minmaj;
1795 
1796 	ASSERT(cmd == MODLOADMINORPERM ||
1797 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1798 
1799 	nvp = NULL;
1800 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1801 		name = nvpair_name(nvp);
1802 
1803 		is_clone = 0;
1804 		(void) nvpair_value_string(nvp, &minor);
1805 		major = ddi_name_to_major(name);
1806 		if (major != DDI_MAJOR_T_NONE) {
1807 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1808 			if (minor == NULL || strlen(minor) == 0) {
1809 				if (moddebug & MODDEBUG_MINORPERM) {
1810 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1811 				}
1812 				minor = "*";
1813 			}
1814 
1815 			/*
1816 			 * The minor name of a node using the clone
1817 			 * driver must be the driver name.  To avoid
1818 			 * multiple searches, we map entries in the form
1819 			 * clone:<driver> to <driver>:*.  This also allows us
1820 			 * to filter out some of the litter in /etc/minor_perm.
1821 			 * Minor perm alias entries where the name is not
1822 			 * the driver kept on the clone list itself.
1823 			 * This all seems very fragile as a driver could
1824 			 * be introduced with an existing alias name.
1825 			 */
1826 			if (strcmp(name, "clone") == 0) {
1827 				minmaj = ddi_name_to_major(minor);
1828 				if (minmaj != DDI_MAJOR_T_NONE) {
1829 					if (moddebug & MODDEBUG_MINORPERM) {
1830 						cmn_err(CE_CONT,
1831 						    "mapping %s:%s to %s:*\n",
1832 						    name, minor, minor);
1833 					}
1834 					major = minmaj;
1835 					name = minor;
1836 					minor = "*";
1837 					is_clone = 1;
1838 				}
1839 			}
1840 
1841 			if (mp) {
1842 				mp->mp_minorname =
1843 				    i_ddi_strdup(minor, KM_SLEEP);
1844 			}
1845 		} else {
1846 			mp = NULL;
1847 			if (moddebug & MODDEBUG_MINORPERM) {
1848 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1849 			}
1850 		}
1851 
1852 		/* mode */
1853 		nvp = nvlist_next_nvpair(nvl, nvp);
1854 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1855 		if (mp)
1856 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1857 		/* uid */
1858 		nvp = nvlist_next_nvpair(nvl, nvp);
1859 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1860 		if (mp)
1861 			(void) nvpair_value_uint32(nvp, &mp->mp_uid);
1862 		/* gid */
1863 		nvp = nvlist_next_nvpair(nvl, nvp);
1864 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1865 		if (mp) {
1866 			(void) nvpair_value_uint32(nvp, &mp->mp_gid);
1867 
1868 			if (cmd == MODREMMINORPERM) {
1869 				rem_minorperm(major, name, mp, is_clone);
1870 				free_mperm(mp);
1871 			} else {
1872 				add_minorperm(major, name, mp, is_clone);
1873 			}
1874 		}
1875 	}
1876 
1877 	if (cmd == MODLOADMINORPERM)
1878 		minorperm_loaded = 1;
1879 
1880 	/*
1881 	 * Reset permissions of cached dv_nodes
1882 	 */
1883 	(void) devfs_reset_perm(DV_RESET_PERM);
1884 
1885 	return (0);
1886 }
1887 
1888 static int
1889 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1890 {
1891 	int error;
1892 	nvlist_t *nvl;
1893 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1894 
1895 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1896 		kmem_free(buf, buflen);
1897 		return (error);
1898 	}
1899 
1900 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1901 	kmem_free(buf, buflen);
1902 	if (error)
1903 		return (error);
1904 
1905 	error = process_minorperm(cmd, nvl);
1906 	nvlist_free(nvl);
1907 	return (error);
1908 }
1909 
1910 struct walk_args {
1911 	char		*wa_drvname;
1912 	list_t		wa_pathlist;
1913 };
1914 
1915 struct path_elem {
1916 	char		*pe_dir;
1917 	char		*pe_nodename;
1918 	list_node_t	pe_node;
1919 	int		pe_dirlen;
1920 };
1921 
1922 /*ARGSUSED*/
1923 static int
1924 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1925 {
1926 	struct walk_args *wargs = (struct walk_args *)arg;
1927 	struct path_elem *pe;
1928 	char *nodename;
1929 
1930 	/*
1931 	 * Search may be restricted to a single driver in the case of rem_drv
1932 	 */
1933 	if (wargs->wa_drvname &&
1934 	    strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1935 		return (INST_WALK_CONTINUE);
1936 
1937 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1938 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1939 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1940 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1941 	nodename = strrchr(pe->pe_dir, '/');
1942 	*nodename++ = 0;
1943 	pe->pe_nodename = nodename;
1944 	list_insert_tail(&wargs->wa_pathlist, pe);
1945 
1946 	return (INST_WALK_CONTINUE);
1947 }
1948 
1949 /*
1950  * /devices attribute nodes clean-up optionally performed
1951  * when removing a driver (rem_drv -C).
1952  *
1953  * Removing attribute nodes allows a machine to be reprovisioned
1954  * without the side-effect of inadvertently picking up stale
1955  * device node ownership or permissions.
1956  *
1957  * Preserving attributes (not performing cleanup) allows devices
1958  * attribute changes to be preserved across upgrades, as
1959  * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1960  */
1961 static int
1962 modctl_remdrv_cleanup(const char *u_drvname)
1963 {
1964 	struct walk_args *wargs;
1965 	struct path_elem *pe;
1966 	char *drvname;
1967 	int err, rval = 0;
1968 
1969 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
1970 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
1971 		kmem_free(drvname, MAXMODCONFNAME);
1972 		return (err);
1973 	}
1974 
1975 	/*
1976 	 * First go through the instance database.  For each
1977 	 * instance of a device bound to the driver being
1978 	 * removed, remove any underlying devfs attribute nodes.
1979 	 *
1980 	 * This is a two-step process.  First we go through
1981 	 * the instance data itself, constructing a list of
1982 	 * the nodes discovered.  The second step is then
1983 	 * to find and remove any devfs attribute nodes
1984 	 * for the instances discovered in the first step.
1985 	 * The two-step process avoids any difficulties
1986 	 * which could arise by holding the instance data
1987 	 * lock with simultaneous devfs operations.
1988 	 */
1989 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
1990 
1991 	wargs->wa_drvname = drvname;
1992 	list_create(&wargs->wa_pathlist,
1993 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
1994 
1995 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
1996 
1997 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
1998 	    pe = list_next(&wargs->wa_pathlist, pe)) {
1999 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2000 		    (const char *)pe->pe_nodename);
2001 		if (rval == 0)
2002 			rval = err;
2003 	}
2004 
2005 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2006 		list_remove(&wargs->wa_pathlist, pe);
2007 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2008 		kmem_free(pe, sizeof (*pe));
2009 	}
2010 	kmem_free(wargs, sizeof (*wargs));
2011 
2012 	/*
2013 	 * Pseudo nodes aren't recorded in the instance database
2014 	 * so any such nodes need to be handled separately.
2015 	 */
2016 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2017 	if (rval == 0)
2018 		rval = err;
2019 
2020 	kmem_free(drvname, MAXMODCONFNAME);
2021 	return (rval);
2022 }
2023 
2024 /*
2025  * Perform a cleanup of non-existent /devices attribute nodes,
2026  * similar to rem_drv -C, but for all drivers/devices.
2027  * This is also optional, performed as part of devfsadm -C.
2028  */
2029 void
2030 dev_devices_cleanup()
2031 {
2032 	struct walk_args *wargs;
2033 	struct path_elem *pe;
2034 	dev_info_t *devi;
2035 	char *path;
2036 	int err;
2037 
2038 	/*
2039 	 * It's expected that all drivers have been loaded and
2040 	 * module unloading disabled while performing cleanup.
2041 	 */
2042 	ASSERT(modunload_disable_count > 0);
2043 
2044 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2045 	wargs->wa_drvname = NULL;
2046 	list_create(&wargs->wa_pathlist,
2047 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2048 
2049 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2050 
2051 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2052 
2053 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2054 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2055 		(void) snprintf(path, MAXPATHLEN, "%s/%s",
2056 		    pe->pe_dir, pe->pe_nodename);
2057 		devi = e_ddi_hold_devi_by_path(path, 0);
2058 		if (devi != NULL) {
2059 			ddi_release_devi(devi);
2060 		} else {
2061 			err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2062 			    (const char *)pe->pe_nodename);
2063 			if (err) {
2064 				cmn_err(CE_CONT,
2065 				    "devfs: %s: clean-up error %d\n",
2066 				    path, err);
2067 			}
2068 		}
2069 	}
2070 
2071 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2072 		list_remove(&wargs->wa_pathlist, pe);
2073 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2074 		kmem_free(pe, sizeof (*pe));
2075 	}
2076 	kmem_free(wargs, sizeof (*wargs));
2077 	kmem_free(path, MAXPATHLEN);
2078 }
2079 
2080 static int
2081 modctl_allocpriv(const char *name)
2082 {
2083 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2084 	int error;
2085 
2086 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2087 		kmem_free(pstr, PRIVNAME_MAX);
2088 		return (error);
2089 	}
2090 	error = priv_getbyname(pstr, PRIV_ALLOC);
2091 	if (error < 0)
2092 		error = -error;
2093 	else
2094 		error = 0;
2095 	kmem_free(pstr, PRIVNAME_MAX);
2096 	return (error);
2097 }
2098 
2099 static int
2100 modctl_devexists(const char *upath, int pathlen)
2101 {
2102 	char	*path;
2103 	int	ret;
2104 
2105 	/*
2106 	 * copy in the path, including the terminating null
2107 	 */
2108 	pathlen++;
2109 	if (pathlen <= 1 || pathlen > MAXPATHLEN)
2110 		return (EINVAL);
2111 	path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2112 	if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2113 		ret = sdev_modctl_devexists(path);
2114 	}
2115 
2116 	kmem_free(path, pathlen + 1);
2117 	return (ret);
2118 }
2119 
2120 static int
2121 modctl_devreaddir(const char *udir, int udirlen,
2122     char *upaths, int64_t *ulensp)
2123 {
2124 	char	*paths = NULL;
2125 	char	**dirlist = NULL;
2126 	char	*dir;
2127 	int64_t	ulens;
2128 	int64_t	lens;
2129 	int	i, n;
2130 	int	ret = 0;
2131 	char	*p;
2132 	int	npaths;
2133 	int	npaths_alloc;
2134 
2135 	/*
2136 	 * If upaths is NULL then we are only computing the amount of space
2137 	 * needed to return the paths, with the value returned in *ulensp. If we
2138 	 * are copying out paths then we get the amount of space allocated by
2139 	 * the caller. If the actual space needed for paths is larger, or
2140 	 * things are changing out from under us, then we return EAGAIN.
2141 	 */
2142 	if (upaths) {
2143 		if (ulensp == NULL)
2144 			return (EINVAL);
2145 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2146 			return (EFAULT);
2147 	}
2148 
2149 	/*
2150 	 * copyin the /dev path including terminating null
2151 	 */
2152 	udirlen++;
2153 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2154 		return (EINVAL);
2155 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2156 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2157 		goto err;
2158 
2159 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2160 	    &npaths, &npaths_alloc, 0)) != 0) {
2161 		ASSERT(dirlist == NULL);
2162 		goto err;
2163 	}
2164 
2165 	lens = 0;
2166 	for (i = 0; i < npaths; i++) {
2167 		lens += strlen(dirlist[i]) + 1;
2168 	}
2169 	lens++;		/* add one for double termination */
2170 
2171 	if (upaths) {
2172 		if (lens > ulens) {
2173 			ret = EAGAIN;
2174 			goto out;
2175 		}
2176 
2177 		paths = kmem_alloc(lens, KM_SLEEP);
2178 
2179 		p = paths;
2180 		for (i = 0; i < npaths; i++) {
2181 			n = strlen(dirlist[i]) + 1;
2182 			bcopy(dirlist[i], p, n);
2183 			p += n;
2184 		}
2185 		*p = 0;
2186 
2187 		if (copyout(paths, upaths, lens)) {
2188 			ret = EFAULT;
2189 			goto err;
2190 		}
2191 	}
2192 
2193 out:
2194 	/* copy out the amount of space needed to hold the paths */
2195 	if (copyout(&lens, ulensp, sizeof (lens)))
2196 		ret = EFAULT;
2197 
2198 err:
2199 	if (dirlist)
2200 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2201 	if (paths)
2202 		kmem_free(paths, lens);
2203 	kmem_free(dir, udirlen + 1);
2204 	return (ret);
2205 }
2206 
2207 static int
2208 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2209 {
2210 	char	*dir;
2211 	int	ret;
2212 	char	**dirlist = NULL;
2213 	int	npaths;
2214 	int	npaths_alloc;
2215 	int	empty;
2216 
2217 	/*
2218 	 * copyin the /dev path including terminating null
2219 	 */
2220 	udirlen++;
2221 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2222 		return (EINVAL);
2223 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2224 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2225 		goto err;
2226 
2227 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2228 	    &npaths, &npaths_alloc, 1)) != 0) {
2229 		goto err;
2230 	}
2231 
2232 	empty = npaths ? 0 : 1;
2233 	if (copyout(&empty, uempty, sizeof (empty)))
2234 		ret = EFAULT;
2235 
2236 err:
2237 	if (dirlist)
2238 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2239 	kmem_free(dir, udirlen + 1);
2240 	return (ret);
2241 }
2242 
2243 int
2244 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2245 {
2246 	int error = 0;
2247 
2248 	switch (subcmd) {
2249 	case MODDEVNAME_LOOKUPDOOR:
2250 	case MODDEVNAME_DEVFSADMNODE:
2251 		error = devname_filename_register(subcmd, (char *)a1);
2252 		break;
2253 	case MODDEVNAME_NSMAPS:
2254 		error = devname_nsmaps_register((char *)a1, (size_t)a2);
2255 		break;
2256 	case MODDEVNAME_PROFILE:
2257 		error = devname_profile_update((char *)a1, (size_t)a2);
2258 		break;
2259 	case MODDEVNAME_RECONFIG:
2260 		i_ddi_set_reconfig();
2261 		break;
2262 	case MODDEVNAME_SYSAVAIL:
2263 		i_ddi_set_sysavail();
2264 		break;
2265 	default:
2266 		error = EINVAL;
2267 		break;
2268 	}
2269 
2270 	return (error);
2271 }
2272 
2273 /*ARGSUSED5*/
2274 int
2275 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2276     uintptr_t a5)
2277 {
2278 	int	error = EINVAL;
2279 	dev_t	dev;
2280 
2281 	if (secpolicy_modctl(CRED(), cmd) != 0)
2282 		return (set_errno(EPERM));
2283 
2284 	switch (cmd) {
2285 	case MODLOAD:		/* load a module */
2286 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2287 		break;
2288 
2289 	case MODUNLOAD:		/* unload a module */
2290 		error = modctl_modunload((modid_t)a1);
2291 		break;
2292 
2293 	case MODINFO:		/* get module status */
2294 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2295 		break;
2296 
2297 	case MODRESERVED:	/* get last major number in range */
2298 		error = modctl_modreserve((modid_t)a1, (int *)a2);
2299 		break;
2300 
2301 	case MODSETMINIROOT:	/* we are running in miniroot */
2302 		isminiroot = 1;
2303 		error = 0;
2304 		break;
2305 
2306 	case MODADDMAJBIND:	/* add major / driver alias bindings */
2307 		error = modctl_add_driver_aliases((int *)a2);
2308 		break;
2309 
2310 	case MODGETPATHLEN:	/* get modpath length */
2311 		error = modctl_getmodpathlen((int *)a2);
2312 		break;
2313 
2314 	case MODGETPATH:	/* get modpath */
2315 		error = modctl_getmodpath((char *)a2);
2316 		break;
2317 
2318 	case MODREADSYSBIND:	/* read system call binding file */
2319 		error = modctl_read_sysbinding_file();
2320 		break;
2321 
2322 	case MODGETMAJBIND:	/* get major number for named device */
2323 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2324 		break;
2325 
2326 	case MODGETNAME:	/* get name of device given major number */
2327 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2328 		break;
2329 
2330 	case MODDEVT2INSTANCE:
2331 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2332 			dev = (dev_t)a1;
2333 		}
2334 #ifdef _SYSCALL32_IMPL
2335 		else {
2336 			dev = expldev(a1);
2337 		}
2338 #endif
2339 		error = modctl_devt2instance(dev, (int *)a2);
2340 		break;
2341 
2342 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
2343 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2344 			dev = (dev_t)a1;
2345 		}
2346 #ifdef _SYSCALL32_IMPL
2347 		else {
2348 			dev = expldev(a1);
2349 		}
2350 #endif
2351 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
2352 		break;
2353 
2354 	case MODGETDEVID:	/* get device id of device given dev_t */
2355 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2356 			dev = (dev_t)a1;
2357 		}
2358 #ifdef _SYSCALL32_IMPL
2359 		else {
2360 			dev = expldev(a1);
2361 		}
2362 #endif
2363 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2364 		break;
2365 
2366 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm (dev_t,spectype) */
2367 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2368 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2369 			    (uint_t *)a3);
2370 		}
2371 #ifdef _SYSCALL32_IMPL
2372 		else {
2373 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2374 			    (uint_t *)a3);
2375 		}
2376 
2377 #endif
2378 		break;
2379 
2380 	case MODGETMINORNAME:		/* get minor name of (dev_t,spectype) */
2381 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2382 			error = modctl_get_minorname((dev_t)a1, (int)a2,
2383 			    (uint_t)a3, (char *)a4);
2384 		}
2385 #ifdef _SYSCALL32_IMPL
2386 		else {
2387 			error = modctl_get_minorname(expldev(a1), (int)a2,
2388 			    (uint_t)a3, (char *)a4);
2389 		}
2390 #endif
2391 		break;
2392 
2393 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of (dev_t,spectype) */
2394 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2395 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
2396 			    (uint_t *)a3);
2397 		}
2398 #ifdef _SYSCALL32_IMPL
2399 		else {
2400 			error = modctl_devfspath_len(expldev(a1), (int)a2,
2401 			    (uint_t *)a3);
2402 		}
2403 
2404 #endif
2405 		break;
2406 
2407 	case MODGETDEVFSPATH:   	/* get path name of (dev_t,spec) type */
2408 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2409 			error = modctl_devfspath((dev_t)a1, (int)a2,
2410 			    (uint_t)a3, (char *)a4);
2411 		}
2412 #ifdef _SYSCALL32_IMPL
2413 		else {
2414 			error = modctl_devfspath(expldev(a1), (int)a2,
2415 			    (uint_t)a3, (char *)a4);
2416 		}
2417 #endif
2418 		break;
2419 
2420 	case MODGETDEVFSPATH_MI_LEN:	/* sizeof path nm of (major,instance) */
2421 		error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2422 		    (uint_t *)a3);
2423 		break;
2424 
2425 	case MODGETDEVFSPATH_MI:   	/* get path name of (major,instance) */
2426 		error = modctl_devfspath_mi((major_t)a1, (int)a2,
2427 		    (uint_t)a3, (char *)a4);
2428 		break;
2429 
2430 
2431 	case MODEVENTS:
2432 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2433 		break;
2434 
2435 	case MODGETFBNAME:	/* get the framebuffer name */
2436 		error = modctl_get_fbname((char *)a1);
2437 		break;
2438 
2439 	case MODREREADDACF:	/* reread dacf rule database from given file */
2440 		error = modctl_reread_dacf((char *)a1);
2441 		break;
2442 
2443 	case MODLOADDRVCONF:	/* load driver.conf file for major */
2444 		error = modctl_load_drvconf((major_t)a1);
2445 		break;
2446 
2447 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
2448 		error = modctl_unload_drvconf((major_t)a1);
2449 		break;
2450 
2451 	case MODREMMAJBIND:	/* remove a major binding */
2452 		error = modctl_rem_major((major_t)a1);
2453 		break;
2454 
2455 	case MODREMDRVALIAS:	/* remove a major/alias binding */
2456 		error = modctl_remove_driver_aliases((int *)a2);
2457 		break;
2458 
2459 	case MODDEVID2PATHS:	/* get paths given devid */
2460 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2461 		    (uint_t)a3, (size_t *)a4, (char *)a5);
2462 		break;
2463 
2464 	case MODSETDEVPOLICY:	/* establish device policy */
2465 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2466 		break;
2467 
2468 	case MODGETDEVPOLICY:	/* get device policy */
2469 		error = devpolicy_get((int *)a1, (size_t)a2,
2470 		    (devplcysys_t *)a3);
2471 		break;
2472 
2473 	case MODALLOCPRIV:
2474 		error = modctl_allocpriv((const char *)a1);
2475 		break;
2476 
2477 	case MODGETDEVPOLICYBYNAME:
2478 		error = devpolicy_getbyname((size_t)a1,
2479 		    (devplcysys_t *)a2, (char *)a3);
2480 		break;
2481 
2482 	case MODLOADMINORPERM:
2483 	case MODADDMINORPERM:
2484 	case MODREMMINORPERM:
2485 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2486 		break;
2487 
2488 	case MODREMDRVCLEANUP:
2489 		error = modctl_remdrv_cleanup((const char *)a1);
2490 		break;
2491 
2492 	case MODDEVEXISTS:	/* non-reconfiguring /dev lookup */
2493 		error = modctl_devexists((const char *)a1, (size_t)a2);
2494 		break;
2495 
2496 	case MODDEVREADDIR:	/* non-reconfiguring /dev readdir */
2497 		error = modctl_devreaddir((const char *)a1, (size_t)a2,
2498 		    (char *)a3, (int64_t *)a4);
2499 		break;
2500 
2501 	case MODDEVEMPTYDIR:	/* non-reconfiguring /dev emptydir */
2502 		error = modctl_devemptydir((const char *)a1, (size_t)a2,
2503 		    (int *)a3);
2504 		break;
2505 
2506 	case MODDEVNAME:
2507 		error = modctl_moddevname((int)a1, a2, a3);
2508 		break;
2509 
2510 	case MODRETIRE:	/* retire device named by physpath a1 */
2511 		error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2512 		break;
2513 
2514 	case MODISRETIRED:  /* check if a device is retired. */
2515 		error = modctl_is_retired((char *)a1, (int *)a2);
2516 		break;
2517 
2518 	case MODUNRETIRE:	/* unretire device named by physpath a1 */
2519 		error = modctl_unretire((char *)a1);
2520 		break;
2521 
2522 	default:
2523 		error = EINVAL;
2524 		break;
2525 	}
2526 
2527 	return (error ? set_errno(error) : 0);
2528 }
2529 
2530 /*
2531  * Calls to kobj_load_module()() are handled off to this routine in a
2532  * separate thread.
2533  */
2534 static void
2535 modload_thread(struct loadmt *ltp)
2536 {
2537 	/* load the module and signal the creator of this thread */
2538 	kmutex_t	cpr_lk;
2539 	callb_cpr_t	cpr_i;
2540 
2541 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2542 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2543 	/* borrow the devi lock from thread which invoked us */
2544 	pm_borrow_lock(ltp->owner);
2545 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2546 	pm_return_lock();
2547 	sema_v(&ltp->sema);
2548 	mutex_enter(&cpr_lk);
2549 	CALLB_CPR_EXIT(&cpr_i);
2550 	mutex_destroy(&cpr_lk);
2551 	thread_exit();
2552 }
2553 
2554 /*
2555  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2556  * is specified then an errno is returned, otherwise a module index is
2557  * returned (-1 on error).
2558  */
2559 static int
2560 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2561 {
2562 	struct modctl *modp;
2563 	size_t size;
2564 	char *fullname;
2565 	int retval = EINVAL;
2566 	int id = -1;
2567 
2568 	if (rmodp)
2569 		*rmodp = NULL;			/* avoid garbage */
2570 
2571 	if (subdir != NULL) {
2572 		/*
2573 		 * refuse / in filename to prevent "../" escapes.
2574 		 */
2575 		if (strchr(filename, '/') != NULL)
2576 			return (rmodp ? retval : id);
2577 
2578 		/*
2579 		 * allocate enough space for <subdir>/<filename><NULL>
2580 		 */
2581 		size = strlen(subdir) + strlen(filename) + 2;
2582 		fullname = kmem_zalloc(size, KM_SLEEP);
2583 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2584 	} else {
2585 		fullname = (char *)filename;
2586 	}
2587 
2588 	modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2589 	if (modp != NULL) {
2590 		id = modp->mod_id;
2591 		if (rmodp) {
2592 			/* add mod_ref and return *rmodp */
2593 			mutex_enter(&mod_lock);
2594 			modp->mod_ref++;
2595 			mutex_exit(&mod_lock);
2596 			*rmodp = modp;
2597 		}
2598 		mod_release_mod(modp);
2599 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
2600 	}
2601 
2602 done:	if (subdir != NULL)
2603 		kmem_free(fullname, size);
2604 	return (rmodp ? retval : id);
2605 }
2606 
2607 /*
2608  * This is the primary kernel interface to load a module. It loads and
2609  * installs the named module.  It does not hold mod_ref of the module, so
2610  * a module unload attempt can occur at any time - it is up to the
2611  * _fini/mod_remove implementation to determine if unload will succeed.
2612  */
2613 int
2614 modload(const char *subdir, const char *filename)
2615 {
2616 	return (modrload(subdir, filename, NULL));
2617 }
2618 
2619 /*
2620  * Load a module using a series of qualified names from most specific to least
2621  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2622  *			Value returned in *chosen
2623  * foo/bar.baz.1.2.3	3
2624  * foo/bar.baz.1.2	2
2625  * foo/bar.baz.1	1
2626  * foo/bar.baz		0
2627  *
2628  * Return the module ID on success; -1 if no module was loaded.  On success
2629  * and if 'chosen' is not NULL we also return the number of suffices that
2630  * were in the module we chose to load.
2631  */
2632 int
2633 modload_qualified(const char *subdir, const char *p1,
2634     const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2635 {
2636 	char path[MOD_MAXPATH];
2637 	size_t n, resid = sizeof (path);
2638 	char *p = path;
2639 
2640 	char **dotv;
2641 	int i, rc, id;
2642 	modctl_t *mp;
2643 
2644 	if (p2 != NULL)
2645 		n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2646 	else
2647 		n = snprintf(p, resid, "%s/%s", subdir, p1);
2648 
2649 	if (n >= resid)
2650 		return (-1);
2651 
2652 	p += n;
2653 	resid -= n;
2654 	dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2655 
2656 	for (i = 0; i < suffc; i++) {
2657 		dotv[i] = p;
2658 		n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2659 
2660 		if (n >= resid) {
2661 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2662 			return (-1);
2663 		}
2664 
2665 		p += n;
2666 		resid -= n;
2667 	}
2668 
2669 	dotv[suffc] = p;
2670 
2671 	for (i = suffc; i >= 0; i--) {
2672 		dotv[i][0] = '\0';
2673 		mp = mod_hold_installed_mod(path, 1, 1, &rc);
2674 
2675 		if (mp != NULL) {
2676 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2677 			id = mp->mod_id;
2678 			mod_release_mod(mp);
2679 			if (chosen != NULL)
2680 				*chosen = i;
2681 			return (id);
2682 		}
2683 	}
2684 
2685 	kmem_free(dotv, sizeof (char *) * (suffc + 1));
2686 	return (-1);
2687 }
2688 
2689 /*
2690  * Load a module.
2691  */
2692 int
2693 modloadonly(const char *subdir, const char *filename)
2694 {
2695 	struct modctl *modp;
2696 	char *fullname;
2697 	size_t size;
2698 	int id, retval;
2699 
2700 	if (subdir != NULL) {
2701 		/*
2702 		 * allocate enough space for <subdir>/<filename><NULL>
2703 		 */
2704 		size = strlen(subdir) + strlen(filename) + 2;
2705 		fullname = kmem_zalloc(size, KM_SLEEP);
2706 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2707 	} else {
2708 		fullname = (char *)filename;
2709 	}
2710 
2711 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2712 	if (modp) {
2713 		id = modp->mod_id;
2714 		mod_release_mod(modp);
2715 	}
2716 
2717 	if (subdir != NULL)
2718 		kmem_free(fullname, size);
2719 
2720 	if (retval == 0)
2721 		return (id);
2722 	return (-1);
2723 }
2724 
2725 /*
2726  * Try to uninstall and unload a module, removing a reference if caller
2727  * specifies rmodp.
2728  */
2729 static int
2730 modunrload(modid_t id, struct modctl **rmodp, int unload)
2731 {
2732 	struct modctl	*modp;
2733 	int		retval;
2734 
2735 	if (rmodp)
2736 		*rmodp = NULL;			/* avoid garbage */
2737 
2738 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2739 		return (EINVAL);
2740 
2741 	if (rmodp) {
2742 		mutex_enter(&mod_lock);
2743 		modp->mod_ref--;
2744 		mutex_exit(&mod_lock);
2745 		*rmodp = modp;
2746 	}
2747 
2748 	if (unload) {
2749 		retval = moduninstall(modp);
2750 		if (retval == 0) {
2751 			mod_unload(modp);
2752 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2753 		} else if (retval == EALREADY)
2754 			retval = 0;	/* already unloaded, not an error */
2755 	} else
2756 		retval = 0;
2757 
2758 	mod_release_mod(modp);
2759 	return (retval);
2760 }
2761 
2762 /*
2763  * Uninstall and unload a module.
2764  */
2765 int
2766 modunload(modid_t id)
2767 {
2768 	int		retval;
2769 
2770 	/* synchronize with any active modunload_disable() */
2771 	modunload_begin();
2772 	if (ddi_root_node())
2773 		(void) devfs_clean(ddi_root_node(), NULL, 0);
2774 	retval = modunrload(id, NULL, 1);
2775 	modunload_end();
2776 	return (retval);
2777 }
2778 
2779 /*
2780  * Return status of a loaded module.
2781  */
2782 static int
2783 modinfo(modid_t id, struct modinfo *modinfop)
2784 {
2785 	struct modctl	*modp;
2786 	modid_t		mid;
2787 	int		i;
2788 
2789 	mid = modinfop->mi_id;
2790 	if (modinfop->mi_info & MI_INFO_ALL) {
2791 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2792 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2793 			    modp->mod_installed)
2794 				break;
2795 			mod_release_mod(modp);
2796 		}
2797 		if (modp == NULL)
2798 			return (EINVAL);
2799 	} else {
2800 		modp = mod_hold_by_id(id);
2801 		if (modp == NULL)
2802 			return (EINVAL);
2803 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2804 		    (modp->mod_installed == 0)) {
2805 			mod_release_mod(modp);
2806 			return (EINVAL);
2807 		}
2808 	}
2809 
2810 	modinfop->mi_rev = 0;
2811 	modinfop->mi_state = 0;
2812 	for (i = 0; i < MODMAXLINK; i++) {
2813 		modinfop->mi_msinfo[i].msi_p0 = -1;
2814 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2815 	}
2816 	if (modp->mod_loaded) {
2817 		modinfop->mi_state = MI_LOADED;
2818 		kobj_getmodinfo(modp->mod_mp, modinfop);
2819 	}
2820 	if (modp->mod_installed) {
2821 		modinfop->mi_state |= MI_INSTALLED;
2822 
2823 		(void) mod_getinfo(modp, modinfop);
2824 	}
2825 
2826 	modinfop->mi_id = modp->mod_id;
2827 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2828 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2829 
2830 	mod_release_mod(modp);
2831 	return (0);
2832 }
2833 
2834 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2835 static char no_err[] = "No error function for weak stub %s";
2836 
2837 /*
2838  * used by the stubs themselves to load and hold a module.
2839  * Returns  0 if the module is successfully held;
2840  *	    the stub needs to call mod_release_stub().
2841  *	    -1 if the stub should just call the err_fcn.
2842  * Note that this code is stretched out so that we avoid subroutine calls
2843  * and optimize for the most likely case.  That is, the case where the
2844  * module is loaded and installed and not held.  In that case we just inc
2845  * the mod_ref count and continue.
2846  */
2847 int
2848 mod_hold_stub(struct mod_stub_info *stub)
2849 {
2850 	struct modctl *mp;
2851 	struct mod_modinfo *mip;
2852 
2853 	mip = stub->mods_modinfo;
2854 
2855 	mutex_enter(&mod_lock);
2856 
2857 	/* we do mod_hold_by_modctl inline for speed */
2858 
2859 mod_check_again:
2860 	if ((mp = mip->mp) != NULL) {
2861 		if (mp->mod_busy == 0) {
2862 			if (mp->mod_installed) {
2863 				/* increment the reference count */
2864 				mp->mod_ref++;
2865 				ASSERT(mp->mod_ref && mp->mod_installed);
2866 				mutex_exit(&mod_lock);
2867 				return (0);
2868 			} else {
2869 				mp->mod_busy = 1;
2870 				mp->mod_inprogress_thread =
2871 				    (curthread == NULL ?
2872 				    (kthread_id_t)-1 : curthread);
2873 			}
2874 		} else {
2875 			/*
2876 			 * wait one time and then go see if someone
2877 			 * else has resolved the stub (set mip->mp).
2878 			 */
2879 			if (mod_hold_by_modctl(mp,
2880 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2881 				goto mod_check_again;
2882 
2883 			/*
2884 			 * what we have now may have been unloaded!, in
2885 			 * that case, mip->mp will be NULL, we'll hit this
2886 			 * module and load again..
2887 			 */
2888 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2889 		}
2890 		mutex_exit(&mod_lock);
2891 	} else {
2892 		/* first time we've hit this module */
2893 		mutex_exit(&mod_lock);
2894 		mp = mod_hold_by_name(mip->modm_module_name);
2895 		mip->mp = mp;
2896 	}
2897 
2898 	/*
2899 	 * If we are here, it means that the following conditions
2900 	 * are satisfied.
2901 	 *
2902 	 * mip->mp != NULL
2903 	 * this thread has set the mp->mod_busy = 1
2904 	 * mp->mod_installed = 0
2905 	 *
2906 	 */
2907 	ASSERT(mp != NULL);
2908 	ASSERT(mp->mod_busy == 1);
2909 
2910 	if (mp->mod_installed == 0) {
2911 		/* Module not loaded, if weak stub don't load it */
2912 		if (stub->mods_flag & MODS_WEAK) {
2913 			if (stub->mods_errfcn == NULL) {
2914 				mod_release_mod(mp);
2915 				cmn_err(CE_PANIC, no_err,
2916 				    mip->modm_module_name);
2917 			}
2918 		} else {
2919 			/* Not a weak stub so load the module */
2920 
2921 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
2922 				/*
2923 				 * If mod_load() was successful
2924 				 * and modinstall() failed, then
2925 				 * unload the module.
2926 				 */
2927 				if (mp->mod_loaded)
2928 					mod_unload(mp);
2929 
2930 				mod_release_mod(mp);
2931 				if (stub->mods_errfcn == NULL) {
2932 					cmn_err(CE_PANIC, mod_stub_err,
2933 					    mip->modm_module_name);
2934 				} else {
2935 					return (-1);
2936 				}
2937 			}
2938 		}
2939 	}
2940 
2941 	/*
2942 	 * At this point module is held and loaded. Release
2943 	 * the mod_busy and mod_inprogress_thread before
2944 	 * returning. We actually call mod_release() here so
2945 	 * that if another stub wants to access this module,
2946 	 * it can do so. mod_ref is incremented before mod_release()
2947 	 * is called to prevent someone else from snatching the
2948 	 * module from this thread.
2949 	 */
2950 	mutex_enter(&mod_lock);
2951 	mp->mod_ref++;
2952 	ASSERT(mp->mod_ref &&
2953 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2954 	mod_release(mp);
2955 	mutex_exit(&mod_lock);
2956 	return (0);
2957 }
2958 
2959 void
2960 mod_release_stub(struct mod_stub_info *stub)
2961 {
2962 	struct modctl *mp = stub->mods_modinfo->mp;
2963 
2964 	/* inline mod_release_mod */
2965 	mutex_enter(&mod_lock);
2966 	ASSERT(mp->mod_ref &&
2967 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2968 	mp->mod_ref--;
2969 	if (mp->mod_want) {
2970 		mp->mod_want = 0;
2971 		cv_broadcast(&mod_cv);
2972 	}
2973 	mutex_exit(&mod_lock);
2974 }
2975 
2976 static struct modctl *
2977 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
2978 {
2979 	struct modctl *modp;
2980 	int retval;
2981 
2982 	/*
2983 	 * Hold the module.
2984 	 */
2985 	modp = mod_hold_by_name_requisite(dep, filename);
2986 	if (modp) {
2987 		retval = mod_load(modp, 1);
2988 		if (retval != 0) {
2989 			mod_release_mod(modp);
2990 			modp = NULL;
2991 		}
2992 		*status = retval;
2993 	} else {
2994 		*status = ENOSPC;
2995 	}
2996 
2997 	/*
2998 	 * if dep is not NULL, clear the module dependency information.
2999 	 * This information is set in mod_hold_by_name_common().
3000 	 */
3001 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
3002 		ASSERT(dep->mod_busy);
3003 		dep->mod_requisite_loading = NULL;
3004 	}
3005 
3006 	return (modp);
3007 }
3008 
3009 /*
3010  * hold, load, and install the named module
3011  */
3012 static struct modctl *
3013 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3014 {
3015 	struct modctl *modp;
3016 	int retval;
3017 
3018 	/*
3019 	 * Verify that that module in question actually exists on disk
3020 	 * before allocation of module structure by mod_hold_by_name.
3021 	 */
3022 	if (modrootloaded && swaploaded || forcecheck) {
3023 		if (!kobj_path_exists(name, usepath)) {
3024 			*r = ENOENT;
3025 			return (NULL);
3026 		}
3027 	}
3028 
3029 	/*
3030 	 * Hold the module.
3031 	 */
3032 	modp = mod_hold_by_name(name);
3033 	if (modp) {
3034 		retval = mod_load(modp, usepath);
3035 		if (retval != 0) {
3036 			mod_release_mod(modp);
3037 			modp = NULL;
3038 			*r = retval;
3039 		} else {
3040 			if ((*r = modinstall(modp)) != 0) {
3041 				/*
3042 				 * We loaded it, but failed to _init() it.
3043 				 * Be kind to developers -- force it
3044 				 * out of memory now so that the next
3045 				 * attempt to use the module will cause
3046 				 * a reload.  See 1093793.
3047 				 */
3048 				mod_unload(modp);
3049 				mod_release_mod(modp);
3050 				modp = NULL;
3051 			}
3052 		}
3053 	} else {
3054 		*r = ENOSPC;
3055 	}
3056 	return (modp);
3057 }
3058 
3059 static char mod_excl_msg[] =
3060 	"module %s(%s) is EXCLUDED and will not be loaded\n";
3061 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3062 
3063 /*
3064  * This routine is needed for dependencies.  Users specify dependencies
3065  * by declaring a character array initialized to filenames of dependents.
3066  * So the code that handles dependents deals with filenames (and not
3067  * module names) because that's all it has.  We load by filename and once
3068  * we've loaded a file we can get the module name.
3069  * Unfortunately there isn't a single unified filename/modulename namespace.
3070  * C'est la vie.
3071  *
3072  * We allow the name being looked up to be prepended by an optional
3073  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3074  */
3075 struct modctl *
3076 mod_find_by_filename(char *subdir, char *filename)
3077 {
3078 	struct modctl	*mp;
3079 	size_t		sublen;
3080 
3081 	ASSERT(!MUTEX_HELD(&mod_lock));
3082 	if (subdir != NULL)
3083 		sublen = strlen(subdir);
3084 	else
3085 		sublen = 0;
3086 
3087 	mutex_enter(&mod_lock);
3088 	mp = &modules;
3089 	do {
3090 		if (sublen) {
3091 			char *mod_filename = mp->mod_filename;
3092 
3093 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
3094 			    mod_filename[sublen] == '/' &&
3095 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3096 				mutex_exit(&mod_lock);
3097 				return (mp);
3098 			}
3099 		} else if (strcmp(filename, mp->mod_filename) == 0) {
3100 			mutex_exit(&mod_lock);
3101 			return (mp);
3102 		}
3103 	} while ((mp = mp->mod_next) != &modules);
3104 	mutex_exit(&mod_lock);
3105 	return (NULL);
3106 }
3107 
3108 /*
3109  * Check for circular dependencies.  This is called from do_dependents()
3110  * in kobj.c.  If we are the thread already loading this module, then
3111  * we're trying to load a dependent that we're already loading which
3112  * means the user specified circular dependencies.
3113  */
3114 static int
3115 mod_circdep(struct modctl *modp)
3116 {
3117 	struct modctl	*rmod;
3118 
3119 	ASSERT(MUTEX_HELD(&mod_lock));
3120 
3121 	/*
3122 	 * Check the mod_inprogress_thread first.
3123 	 * mod_inprogress_thread is used in mod_hold_stub()
3124 	 * directly to improve performance.
3125 	 */
3126 	if (modp->mod_inprogress_thread == curthread)
3127 		return (1);
3128 
3129 	/*
3130 	 * Check the module circular dependencies.
3131 	 */
3132 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3133 		/*
3134 		 * Check if there is a module circular dependency.
3135 		 */
3136 		if (rmod->mod_requisite_loading == modp)
3137 			return (1);
3138 	}
3139 	return (0);
3140 }
3141 
3142 static int
3143 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3144 {
3145 	int (*func)(struct modinfo *);
3146 	int retval;
3147 
3148 	ASSERT(modp->mod_busy);
3149 
3150 	/* primary modules don't do getinfo */
3151 	if (modp->mod_prim)
3152 		return (0);
3153 
3154 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3155 
3156 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3157 		cmn_err(CE_WARN, "_info() not defined properly in %s",
3158 		    modp->mod_filename);
3159 		/*
3160 		 * The semantics of mod_info(9F) are that 0 is failure
3161 		 * and non-zero is success.
3162 		 */
3163 		retval = 0;
3164 	} else
3165 		retval = (*func)(modinfop);	/* call _info() function */
3166 
3167 	if (moddebug & MODDEBUG_USERDEBUG)
3168 		printf("Returned from _info, retval = %x\n", retval);
3169 
3170 	return (retval);
3171 }
3172 
3173 static void
3174 modadd(struct modctl *mp)
3175 {
3176 	ASSERT(MUTEX_HELD(&mod_lock));
3177 
3178 	mp->mod_id = last_module_id++;
3179 	mp->mod_next = &modules;
3180 	mp->mod_prev = modules.mod_prev;
3181 	modules.mod_prev->mod_next = mp;
3182 	modules.mod_prev = mp;
3183 }
3184 
3185 /*ARGSUSED*/
3186 static struct modctl *
3187 allocate_modp(const char *filename, const char *modname)
3188 {
3189 	struct modctl *mp;
3190 
3191 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3192 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3193 	(void) strcpy(mp->mod_modname, modname);
3194 	return (mp);
3195 }
3196 
3197 /*
3198  * Get the value of a symbol.  This is a wrapper routine that
3199  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3200  * wrapper will prevent callers from noticing.
3201  */
3202 uintptr_t
3203 modgetsymvalue(char *name, int kernelonly)
3204 {
3205 	return (kobj_getsymvalue(name, kernelonly));
3206 }
3207 
3208 /*
3209  * Get the symbol nearest an address.  This is a wrapper routine that
3210  * calls kobj_getsymname().  kobj_getsymname() may go away but this
3211  * wrapper will prevent callers from noticing.
3212  */
3213 char *
3214 modgetsymname(uintptr_t value, ulong_t *offset)
3215 {
3216 	return (kobj_getsymname(value, offset));
3217 }
3218 
3219 /*
3220  * Lookup a symbol in a specified module.  These are wrapper routines that
3221  * call kobj_lookup().  kobj_lookup() may go away but these wrappers will
3222  * prevent callers from noticing.
3223  */
3224 uintptr_t
3225 modlookup(const char *modname, const char *symname)
3226 {
3227 	struct modctl *modp;
3228 	uintptr_t val;
3229 
3230 	if ((modp = mod_hold_by_name(modname)) == NULL)
3231 		return (0);
3232 	val = kobj_lookup(modp->mod_mp, symname);
3233 	mod_release_mod(modp);
3234 	return (val);
3235 }
3236 
3237 uintptr_t
3238 modlookup_by_modctl(modctl_t *modp, const char *symname)
3239 {
3240 	ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3241 
3242 	return (kobj_lookup(modp->mod_mp, symname));
3243 }
3244 
3245 /*
3246  * Ask the user for the name of the system file and the default path
3247  * for modules.
3248  */
3249 void
3250 mod_askparams()
3251 {
3252 	static char s0[64];
3253 	intptr_t fd;
3254 
3255 	if ((fd = kobj_open(systemfile)) != -1L)
3256 		kobj_close(fd);
3257 	else
3258 		systemfile = NULL;
3259 
3260 	/*CONSTANTCONDITION*/
3261 	while (1) {
3262 		printf("Name of system file [%s]:  ",
3263 		    systemfile ? systemfile : "/dev/null");
3264 
3265 		console_gets(s0, sizeof (s0));
3266 
3267 		if (s0[0] == '\0')
3268 			break;
3269 		else if (strcmp(s0, "/dev/null") == 0) {
3270 			systemfile = NULL;
3271 			break;
3272 		} else {
3273 			if ((fd = kobj_open(s0)) != -1L) {
3274 				kobj_close(fd);
3275 				systemfile = s0;
3276 				break;
3277 			}
3278 		}
3279 		printf("can't find file %s\n", s0);
3280 	}
3281 }
3282 
3283 static char loading_msg[] = "loading '%s' id %d\n";
3284 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3285 
3286 /*
3287  * Common code for loading a module (but not installing it).
3288  * Handoff the task of module loading to a separate thread
3289  * with a large stack if possible, since this code may recurse a few times.
3290  * Return zero if there are no errors or an errno value.
3291  */
3292 static int
3293 mod_load(struct modctl *mp, int usepath)
3294 {
3295 	int		retval;
3296 	struct modinfo	*modinfop = NULL;
3297 	struct loadmt	lt;
3298 
3299 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3300 	ASSERT(mp->mod_busy);
3301 
3302 	if (mp->mod_loaded)
3303 		return (0);
3304 
3305 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3306 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3307 		if (moddebug & MODDEBUG_LOADMSG) {
3308 			printf(mod_excl_msg, mp->mod_filename,
3309 			    mp->mod_modname);
3310 		}
3311 		return (ENXIO);
3312 	}
3313 	if (moddebug & MODDEBUG_LOADMSG2)
3314 		printf(loading_msg, mp->mod_filename, mp->mod_id);
3315 
3316 	if (curthread != &t0) {
3317 		lt.mp = mp;
3318 		lt.usepath = usepath;
3319 		lt.owner = curthread;
3320 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3321 
3322 		/* create thread to hand of call to */
3323 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
3324 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3325 
3326 		/* wait for thread to complete kobj_load_module */
3327 		sema_p(&lt.sema);
3328 
3329 		sema_destroy(&lt.sema);
3330 		retval = lt.retval;
3331 	} else
3332 		retval = kobj_load_module(mp, usepath);
3333 
3334 	if (mp->mod_mp) {
3335 		ASSERT(retval == 0);
3336 		mp->mod_loaded = 1;
3337 		mp->mod_loadcnt++;
3338 		if (moddebug & MODDEBUG_LOADMSG) {
3339 			printf(load_msg, mp->mod_filename, mp->mod_id,
3340 			    (void *)((struct module *)mp->mod_mp)->text,
3341 			    (void *)((struct module *)mp->mod_mp)->data,
3342 			    ((struct module *)mp->mod_mp)->text_size,
3343 			    ((struct module *)mp->mod_mp)->data_size);
3344 		}
3345 
3346 		/*
3347 		 * XXX - There should be a better way to get this.
3348 		 */
3349 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3350 		modinfop->mi_info = MI_INFO_LINKAGE;
3351 		if (mod_getinfo(mp, modinfop) == 0)
3352 			mp->mod_linkage = NULL;
3353 		else {
3354 			mp->mod_linkage = (void *)modinfop->mi_base;
3355 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3356 		}
3357 
3358 		/*
3359 		 * DCS: bootstrapping code. If the driver is loaded
3360 		 * before root mount, it is assumed that the driver
3361 		 * may be used before mounting root. In order to
3362 		 * access mappings of global to local minor no.'s
3363 		 * during installation/open of the driver, we load
3364 		 * them into memory here while the BOP_interfaces
3365 		 * are still up.
3366 		 */
3367 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3368 			retval = clboot_modload(mp);
3369 		}
3370 
3371 		kmem_free(modinfop, sizeof (struct modinfo));
3372 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3373 		retval = install_stubs_by_name(mp, mp->mod_modname);
3374 
3375 		/*
3376 		 * Now that the module is loaded, we need to give DTrace
3377 		 * a chance to notify its providers.  This is done via
3378 		 * the dtrace_modload function pointer.
3379 		 */
3380 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
3381 			struct modctl *dmp = mod_hold_by_name("dtrace");
3382 
3383 			if (dmp != NULL && dtrace_modload != NULL)
3384 				(*dtrace_modload)(mp);
3385 
3386 			mod_release_mod(dmp);
3387 		}
3388 
3389 	} else {
3390 		/*
3391 		 * If load failed then we need to release any requisites
3392 		 * that we had established.
3393 		 */
3394 		ASSERT(retval);
3395 		mod_release_requisites(mp);
3396 
3397 		if (moddebug & MODDEBUG_ERRMSG)
3398 			printf("error loading '%s', error %d\n",
3399 			    mp->mod_filename, retval);
3400 	}
3401 	return (retval);
3402 }
3403 
3404 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3405 
3406 static void
3407 mod_unload(struct modctl *mp)
3408 {
3409 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3410 	ASSERT(mp->mod_busy);
3411 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3412 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3413 
3414 	if (moddebug & MODDEBUG_LOADMSG)
3415 		printf(unload_msg, mp->mod_modname,
3416 		    mp->mod_id, mp->mod_loadcnt);
3417 
3418 	/*
3419 	 * If mod_ref is not zero, it means some modules might still refer
3420 	 * to this module. Then you can't unload this module right now.
3421 	 * Instead, set 1 to mod_delay_unload to notify the system of
3422 	 * unloading this module later when it's not required any more.
3423 	 */
3424 	if (mp->mod_ref > 0) {
3425 		mp->mod_delay_unload = 1;
3426 		if (moddebug & MODDEBUG_LOADMSG2) {
3427 			printf("module %s not unloaded,"
3428 			    " non-zero reference count (%d)",
3429 			    mp->mod_modname, mp->mod_ref);
3430 		}
3431 		return;
3432 	}
3433 
3434 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3435 	    (mp->mod_ref || mp->mod_prim)) {
3436 		/*
3437 		 * A DEBUG kernel would ASSERT panic above, the code is broken
3438 		 * if we get this warning.
3439 		 */
3440 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3441 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3442 		    mp->mod_ref);
3443 		return;
3444 	}
3445 
3446 	/* reset stub functions to call the binder again */
3447 	reset_stubs(mp);
3448 
3449 	/*
3450 	 * mark module as unloaded before the modctl structure is freed.
3451 	 * This is required not to reuse the modctl structure before
3452 	 * the module is marked as unloaded.
3453 	 */
3454 	mp->mod_loaded = 0;
3455 	mp->mod_linkage = NULL;
3456 
3457 	/* free the memory */
3458 	kobj_unload_module(mp);
3459 
3460 	if (mp->mod_delay_unload) {
3461 		mp->mod_delay_unload = 0;
3462 		if (moddebug & MODDEBUG_LOADMSG2) {
3463 			printf("deferred unload of module %s"
3464 			    " (id %d) successful",
3465 			    mp->mod_modname, mp->mod_id);
3466 		}
3467 	}
3468 
3469 	/* release hold on requisites */
3470 	mod_release_requisites(mp);
3471 
3472 	/*
3473 	 * Now that the module is gone, we need to give DTrace a chance to
3474 	 * remove any probes that it may have had in the module.  This is
3475 	 * done via the dtrace_modunload function pointer.
3476 	 */
3477 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
3478 		struct modctl *dmp = mod_hold_by_name("dtrace");
3479 
3480 		if (dmp != NULL && dtrace_modunload != NULL)
3481 			(*dtrace_modunload)(mp);
3482 
3483 		mod_release_mod(dmp);
3484 	}
3485 }
3486 
3487 static int
3488 modinstall(struct modctl *mp)
3489 {
3490 	int val;
3491 	int (*func)(void);
3492 
3493 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3494 	ASSERT(mp->mod_busy && mp->mod_loaded);
3495 
3496 	if (mp->mod_installed)
3497 		return (0);
3498 	/*
3499 	 * If mod_delay_unload is on, it means the system chose the deferred
3500 	 * unload for this module. Then you can't install this module until
3501 	 * it's unloaded from the system.
3502 	 */
3503 	if (mp->mod_delay_unload)
3504 		return (ENXIO);
3505 
3506 	if (moddebug & MODDEBUG_LOADMSG)
3507 		printf("installing %s, module id %d.\n",
3508 		    mp->mod_modname, mp->mod_id);
3509 
3510 	ASSERT(mp->mod_mp != NULL);
3511 	if (mod_install_requisites(mp) != 0) {
3512 		/*
3513 		 * Note that we can't call mod_unload(mp) here since
3514 		 * if modinstall() was called by mod_install_requisites(),
3515 		 * we won't be able to hold the dependent modules
3516 		 * (otherwise there would be a deadlock).
3517 		 */
3518 		return (ENXIO);
3519 	}
3520 
3521 	if (moddebug & MODDEBUG_ERRMSG) {
3522 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3523 		    mp->mod_filename, mp->mod_id,
3524 		    (void *)((struct module *)mp->mod_mp)->text,
3525 		    (void *)((struct module *)mp->mod_mp)->data,
3526 		    ((struct module *)mp->mod_mp)->text_size,
3527 		    ((struct module *)mp->mod_mp)->data_size);
3528 	}
3529 
3530 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3531 
3532 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3533 		cmn_err(CE_WARN, "_init() not defined properly in %s",
3534 		    mp->mod_filename);
3535 		return (EFAULT);
3536 	}
3537 
3538 	if (moddebug & MODDEBUG_USERDEBUG) {
3539 		printf("breakpoint before calling %s:_init()\n",
3540 		    mp->mod_modname);
3541 		if (DEBUGGER_PRESENT)
3542 			debug_enter("_init");
3543 	}
3544 
3545 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3546 	ASSERT(mp->mod_busy && mp->mod_loaded);
3547 	val = (*func)();		/* call _init */
3548 
3549 	if (moddebug & MODDEBUG_USERDEBUG)
3550 		printf("Returned from _init, val = %x\n", val);
3551 
3552 	if (val == 0) {
3553 		/*
3554 		 * Set the MODS_INSTALLED flag to enable this module
3555 		 * being called now.
3556 		 */
3557 		install_stubs(mp);
3558 		mp->mod_installed = 1;
3559 	} else if (moddebug & MODDEBUG_ERRMSG)
3560 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3561 
3562 	return (val);
3563 }
3564 
3565 int	detach_driver_unconfig = 0;
3566 
3567 static int
3568 detach_driver(char *name)
3569 {
3570 	major_t major;
3571 	int error;
3572 
3573 	/*
3574 	 * If being called from mod_uninstall_all() then the appropriate
3575 	 * driver detaches (leaf only) have already been done.
3576 	 */
3577 	if (mod_in_autounload())
3578 		return (0);
3579 
3580 	major = ddi_name_to_major(name);
3581 	if (major == DDI_MAJOR_T_NONE)
3582 		return (0);
3583 
3584 	error = ndi_devi_unconfig_driver(ddi_root_node(),
3585 	    NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3586 	return (error == NDI_SUCCESS ? 0 : -1);
3587 }
3588 
3589 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3590 
3591 static int
3592 moduninstall(struct modctl *mp)
3593 {
3594 	int status = 0;
3595 	int (*func)(void);
3596 
3597 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3598 	ASSERT(mp->mod_busy);
3599 
3600 	/*
3601 	 * Verify that we need to do something and can uninstall the module.
3602 	 *
3603 	 * If we should not uninstall the module or if the module is not in
3604 	 * the correct state to start an uninstall we return EBUSY to prevent
3605 	 * us from progressing to mod_unload.  If the module has already been
3606 	 * uninstalled and unloaded we return EALREADY.
3607 	 */
3608 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3609 		return (EBUSY);
3610 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3611 		return (EALREADY);
3612 
3613 	/*
3614 	 * To avoid devinfo / module deadlock we must release this module
3615 	 * prior to initiating the detach_driver, otherwise the detach_driver
3616 	 * might deadlock on a devinfo node held by another thread
3617 	 * coming top down and involving the module we have locked.
3618 	 *
3619 	 * When we regrab the module we must reverify that it is OK
3620 	 * to proceed with the uninstall operation.
3621 	 */
3622 	mod_release_mod(mp);
3623 	status = detach_driver(mp->mod_modname);
3624 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3625 
3626 	/* check detach status and reverify state with lock */
3627 	mutex_enter(&mod_lock);
3628 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3629 		mutex_exit(&mod_lock);
3630 		return (EBUSY);
3631 	}
3632 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3633 		mutex_exit(&mod_lock);
3634 		return (EALREADY);
3635 	}
3636 	mutex_exit(&mod_lock);
3637 
3638 	if (moddebug & MODDEBUG_LOADMSG2)
3639 		printf("uninstalling %s\n", mp->mod_modname);
3640 
3641 	/*
3642 	 * lookup _fini, return EBUSY if not defined.
3643 	 *
3644 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3645 	 * detach(9E) - it allows bufctl addresses to be resolved.
3646 	 */
3647 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3648 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3649 	    (moddebug & MODDEBUG_FINI_EBUSY))
3650 		return (EBUSY);
3651 
3652 	/* verify that _fini is in this module */
3653 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3654 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
3655 		    mp->mod_filename);
3656 		return (EFAULT);
3657 	}
3658 
3659 	/* call _fini() */
3660 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3661 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3662 
3663 	status = (*func)();
3664 
3665 	if (status == 0) {
3666 		/* _fini returned success, the module is no longer installed */
3667 		if (moddebug & MODDEBUG_LOADMSG)
3668 			printf("uninstalled %s\n", mp->mod_modname);
3669 
3670 		/*
3671 		 * Even though we only set mod_installed to zero here, a zero
3672 		 * return value means we are committed to a code path were
3673 		 * mod_loaded will also end up as zero - we have no other
3674 		 * way to get the module data and bss back to the pre _init
3675 		 * state except a reload. To ensure this, after return,
3676 		 * mod_busy must stay set until mod_loaded is cleared.
3677 		 */
3678 		mp->mod_installed = 0;
3679 
3680 		/*
3681 		 * Clear the MODS_INSTALLED flag not to call functions
3682 		 * in the module directly from now on.
3683 		 */
3684 		uninstall_stubs(mp);
3685 	} else {
3686 		if (moddebug & MODDEBUG_USERDEBUG)
3687 			printf(finiret_msg, mp->mod_filename, status);
3688 		/*
3689 		 * By definition _fini is only allowed to return EBUSY or the
3690 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
3691 		 * that a driver returns EALREADY we convert this to EINVAL
3692 		 * since to our caller EALREADY means module was already
3693 		 * removed.
3694 		 */
3695 		if (status == EALREADY)
3696 			status = EINVAL;
3697 	}
3698 
3699 	return (status);
3700 }
3701 
3702 /*
3703  * Uninstall all modules.
3704  */
3705 static void
3706 mod_uninstall_all(void)
3707 {
3708 	struct modctl	*mp;
3709 	modid_t		modid = 0;
3710 
3711 	/* synchronize with any active modunload_disable() */
3712 	modunload_begin();
3713 
3714 	/* mark this thread as doing autounloading */
3715 	(void) tsd_set(mod_autounload_key, (void *)1);
3716 
3717 	(void) devfs_clean(ddi_root_node(), NULL, 0);
3718 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3719 
3720 	while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3721 		modid = mp->mod_id;
3722 		/*
3723 		 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3724 		 */
3725 		if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3726 			mod_release_mod(mp);
3727 			continue;
3728 		}
3729 
3730 		if (moduninstall(mp) == 0) {
3731 			mod_unload(mp);
3732 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3733 		}
3734 		mod_release_mod(mp);
3735 	}
3736 
3737 	(void) tsd_set(mod_autounload_key, NULL);
3738 	modunload_end();
3739 }
3740 
3741 /* wait for unloads that have begun before registering disable */
3742 void
3743 modunload_disable(void)
3744 {
3745 	mutex_enter(&modunload_wait_mutex);
3746 	while (modunload_active_count) {
3747 		modunload_wait++;
3748 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3749 		modunload_wait--;
3750 	}
3751 	modunload_disable_count++;
3752 	mutex_exit(&modunload_wait_mutex);
3753 }
3754 
3755 /* mark end of disable and signal waiters */
3756 void
3757 modunload_enable(void)
3758 {
3759 	mutex_enter(&modunload_wait_mutex);
3760 	modunload_disable_count--;
3761 	if ((modunload_disable_count == 0) && modunload_wait)
3762 		cv_broadcast(&modunload_wait_cv);
3763 	mutex_exit(&modunload_wait_mutex);
3764 }
3765 
3766 /* wait for disables to complete before begining unload */
3767 void
3768 modunload_begin()
3769 {
3770 	mutex_enter(&modunload_wait_mutex);
3771 	while (modunload_disable_count) {
3772 		modunload_wait++;
3773 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3774 		modunload_wait--;
3775 	}
3776 	modunload_active_count++;
3777 	mutex_exit(&modunload_wait_mutex);
3778 }
3779 
3780 /* mark end of unload and signal waiters */
3781 void
3782 modunload_end()
3783 {
3784 	mutex_enter(&modunload_wait_mutex);
3785 	modunload_active_count--;
3786 	if ((modunload_active_count == 0) && modunload_wait)
3787 		cv_broadcast(&modunload_wait_cv);
3788 	mutex_exit(&modunload_wait_mutex);
3789 }
3790 
3791 void
3792 mod_uninstall_daemon(void)
3793 {
3794 	callb_cpr_t	cprinfo;
3795 	clock_t		ticks = 0;
3796 
3797 	mod_aul_thread = curthread;
3798 
3799 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3800 	for (;;) {
3801 		mutex_enter(&mod_uninstall_lock);
3802 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3803 		/*
3804 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3805 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3806 		 * be disabled by setting mod_uninstall_interval to 0 which is
3807 		 * the default for a non-DEBUG kernel.
3808 		 */
3809 		if (mod_uninstall_interval) {
3810 			ticks = ddi_get_lbolt() +
3811 			    drv_usectohz(mod_uninstall_interval * 1000000);
3812 			(void) cv_timedwait(&mod_uninstall_cv,
3813 			    &mod_uninstall_lock, ticks);
3814 		} else {
3815 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3816 		}
3817 		/*
3818 		 * The whole daemon is safe for CPR except we don't want
3819 		 * the daemon to run if FREEZE is issued and this daemon
3820 		 * wakes up from the cv_wait above. In this case, it'll be
3821 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3822 		 *
3823 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3824 		 * mod_uninstall_lock is used to protect cprinfo and
3825 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3826 		 * called.
3827 		 */
3828 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3829 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3830 		mutex_exit(&mod_uninstall_lock);
3831 		if ((modunload_disable_count == 0) &&
3832 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3833 			mod_uninstall_all();
3834 		}
3835 	}
3836 }
3837 
3838 /*
3839  * Unload all uninstalled modules.
3840  */
3841 void
3842 modreap(void)
3843 {
3844 	mutex_enter(&mod_uninstall_lock);
3845 	cv_broadcast(&mod_uninstall_cv);
3846 	mutex_exit(&mod_uninstall_lock);
3847 }
3848 
3849 /*
3850  * Hold the specified module. This is the module holding primitive.
3851  *
3852  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3853  *
3854  * Return values:
3855  *	 0 ==> the module is held
3856  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3857  *		to determine how to retry.
3858  */
3859 int
3860 mod_hold_by_modctl(struct modctl *mp, int f)
3861 {
3862 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3863 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3864 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3865 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3866 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3867 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3868 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3869 
3870 	if (f & MOD_LOCK_NOT_HELD)
3871 		mutex_enter(&mod_lock);
3872 
3873 	while (mp->mod_busy) {
3874 		mp->mod_want = 1;
3875 		cv_wait(&mod_cv, &mod_lock);
3876 		/*
3877 		 * Module may be unloaded by daemon.
3878 		 * Nevertheless, modctl structure is still in linked list
3879 		 * (i.e., off &modules), not freed!
3880 		 * Caller is not supposed to assume "mp" is valid, but there
3881 		 * is no reasonable way to detect this but using
3882 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3883 		 *   (or similar check depending on calling context)
3884 		 * DON'T free modctl structure, it will be very very
3885 		 * problematic.
3886 		 */
3887 		if (f & MOD_WAIT_ONCE) {
3888 			if (f & MOD_LOCK_NOT_HELD)
3889 				mutex_exit(&mod_lock);
3890 			return (1);	/* caller decides how to retry */
3891 		}
3892 	}
3893 
3894 	mp->mod_busy = 1;
3895 	mp->mod_inprogress_thread =
3896 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
3897 
3898 	if (f & MOD_LOCK_NOT_HELD)
3899 		mutex_exit(&mod_lock);
3900 	return (0);
3901 }
3902 
3903 static struct modctl *
3904 mod_hold_by_name_common(struct modctl *dep, const char *filename)
3905 {
3906 	const char	*modname;
3907 	struct modctl	*mp;
3908 	char		*curname, *newname;
3909 	int		found = 0;
3910 
3911 	mutex_enter(&mod_lock);
3912 
3913 	if ((modname = strrchr(filename, '/')) == NULL)
3914 		modname = filename;
3915 	else
3916 		modname++;
3917 
3918 	mp = &modules;
3919 	do {
3920 		if (strcmp(modname, mp->mod_modname) == 0) {
3921 			found = 1;
3922 			break;
3923 		}
3924 	} while ((mp = mp->mod_next) != &modules);
3925 
3926 	if (found == 0) {
3927 		mp = allocate_modp(filename, modname);
3928 		modadd(mp);
3929 	}
3930 
3931 	/*
3932 	 * if dep is not NULL, set the mp in mod_requisite_loading for
3933 	 * the module circular dependency check. This field is used in
3934 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
3935 	 */
3936 	if (dep != NULL) {
3937 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
3938 		dep->mod_requisite_loading = mp;
3939 	}
3940 
3941 	/*
3942 	 * If the module was held, then it must be us who has it held.
3943 	 */
3944 	if (mod_circdep(mp))
3945 		mp = NULL;
3946 	else {
3947 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3948 
3949 		/*
3950 		 * If the name hadn't been set or has changed, allocate
3951 		 * space and set it.  Free space used by previous name.
3952 		 *
3953 		 * Do not change the name of primary modules, for primary
3954 		 * modules the mod_filename was allocated in standalone mode:
3955 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
3956 		 * in non-standalone mode.
3957 		 */
3958 		curname = mp->mod_filename;
3959 		if (curname == NULL ||
3960 		    ((mp->mod_prim == 0) &&
3961 		    (curname != filename) &&
3962 		    (modname != filename) &&
3963 		    (strcmp(curname, filename) != 0))) {
3964 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
3965 			(void) strcpy(newname, filename);
3966 			mp->mod_filename = newname;
3967 			if (curname != NULL)
3968 				kobj_free(curname, strlen(curname) + 1);
3969 		}
3970 	}
3971 
3972 	mutex_exit(&mod_lock);
3973 	if (mp && moddebug & MODDEBUG_LOADMSG2)
3974 		printf("Holding %s\n", mp->mod_filename);
3975 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
3976 		printf("circular dependency loading %s\n", filename);
3977 	return (mp);
3978 }
3979 
3980 static struct modctl *
3981 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
3982 {
3983 	return (mod_hold_by_name_common(dep, filename));
3984 }
3985 
3986 struct modctl *
3987 mod_hold_by_name(const char *filename)
3988 {
3989 	return (mod_hold_by_name_common(NULL, filename));
3990 }
3991 
3992 struct modctl *
3993 mod_hold_by_id(modid_t modid)
3994 {
3995 	struct modctl	*mp;
3996 	int		found = 0;
3997 
3998 	mutex_enter(&mod_lock);
3999 	mp = &modules;
4000 	do {
4001 		if (mp->mod_id == modid) {
4002 			found = 1;
4003 			break;
4004 		}
4005 	} while ((mp = mp->mod_next) != &modules);
4006 
4007 	if ((found == 0) || mod_circdep(mp))
4008 		mp = NULL;
4009 	else
4010 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4011 
4012 	mutex_exit(&mod_lock);
4013 	return (mp);
4014 }
4015 
4016 static struct modctl *
4017 mod_hold_next_by_id(modid_t modid)
4018 {
4019 	struct modctl	*mp;
4020 	int		found = 0;
4021 
4022 	if (modid < -1)
4023 		return (NULL);
4024 
4025 	mutex_enter(&mod_lock);
4026 
4027 	mp = &modules;
4028 	do {
4029 		if (mp->mod_id > modid) {
4030 			found = 1;
4031 			break;
4032 		}
4033 	} while ((mp = mp->mod_next) != &modules);
4034 
4035 	if ((found == 0) || mod_circdep(mp))
4036 		mp = NULL;
4037 	else
4038 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4039 
4040 	mutex_exit(&mod_lock);
4041 	return (mp);
4042 }
4043 
4044 static void
4045 mod_release(struct modctl *mp)
4046 {
4047 	ASSERT(MUTEX_HELD(&mod_lock));
4048 	ASSERT(mp->mod_busy);
4049 
4050 	mp->mod_busy = 0;
4051 	mp->mod_inprogress_thread = NULL;
4052 	if (mp->mod_want) {
4053 		mp->mod_want = 0;
4054 		cv_broadcast(&mod_cv);
4055 	}
4056 }
4057 
4058 void
4059 mod_release_mod(struct modctl *mp)
4060 {
4061 	if (moddebug & MODDEBUG_LOADMSG2)
4062 		printf("Releasing %s\n", mp->mod_filename);
4063 	mutex_enter(&mod_lock);
4064 	mod_release(mp);
4065 	mutex_exit(&mod_lock);
4066 }
4067 
4068 modid_t
4069 mod_name_to_modid(char *filename)
4070 {
4071 	char		*modname;
4072 	struct modctl	*mp;
4073 
4074 	mutex_enter(&mod_lock);
4075 
4076 	if ((modname = strrchr(filename, '/')) == NULL)
4077 		modname = filename;
4078 	else
4079 		modname++;
4080 
4081 	mp = &modules;
4082 	do {
4083 		if (strcmp(modname, mp->mod_modname) == 0) {
4084 			mutex_exit(&mod_lock);
4085 			return (mp->mod_id);
4086 		}
4087 	} while ((mp = mp->mod_next) != &modules);
4088 
4089 	mutex_exit(&mod_lock);
4090 	return (-1);
4091 }
4092 
4093 
4094 int
4095 mod_remove_by_name(char *name)
4096 {
4097 	struct modctl *mp;
4098 	int retval;
4099 
4100 	mp = mod_hold_by_name(name);
4101 
4102 	if (mp == NULL)
4103 		return (EINVAL);
4104 
4105 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4106 		/*
4107 		 * Do not unload forceloaded modules
4108 		 */
4109 		mod_release_mod(mp);
4110 		return (0);
4111 	}
4112 
4113 	if ((retval = moduninstall(mp)) == 0) {
4114 		mod_unload(mp);
4115 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4116 	} else if (retval == EALREADY)
4117 		retval = 0;		/* already unloaded, not an error */
4118 	mod_release_mod(mp);
4119 	return (retval);
4120 }
4121 
4122 /*
4123  * Record that module "dep" is dependent on module "on_mod."
4124  */
4125 static void
4126 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4127 {
4128 	struct modctl_list **pmlnp;	/* previous next pointer */
4129 	struct modctl_list *mlp;
4130 	struct modctl_list *new;
4131 
4132 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
4133 	mutex_enter(&mod_lock);
4134 
4135 	/*
4136 	 * Search dependent's requisite list to see if on_mod is recorded.
4137 	 * List is ordered by id.
4138 	 */
4139 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4140 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4141 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4142 			break;
4143 
4144 	/* Create and insert if not already recorded */
4145 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4146 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4147 		new->modl_modp = on_mod;
4148 		new->modl_next = mlp;
4149 		*pmlnp = new;
4150 
4151 		/*
4152 		 * Increment the mod_ref count in our new requisite module.
4153 		 * This is what keeps a module that has other modules
4154 		 * which are dependent on it from being uninstalled and
4155 		 * unloaded. "on_mod"'s mod_ref count decremented in
4156 		 * mod_release_requisites when the "dependent" module
4157 		 * unload is complete.  "on_mod" must be loaded, but may not
4158 		 * yet be installed.
4159 		 */
4160 		on_mod->mod_ref++;
4161 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4162 	}
4163 
4164 	mutex_exit(&mod_lock);
4165 }
4166 
4167 /*
4168  * release the hold associated with mod_make_requisite mod_ref++
4169  * as part of unload.
4170  */
4171 void
4172 mod_release_requisites(struct modctl *modp)
4173 {
4174 	struct modctl_list *modl;
4175 	struct modctl_list *next;
4176 	struct modctl *req;
4177 	struct modctl_list *start = NULL, *mod_garbage;
4178 
4179 	ASSERT(modp->mod_busy);
4180 	ASSERT(!MUTEX_HELD(&mod_lock));
4181 
4182 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
4183 	for (modl = modp->mod_requisites; modl; modl = next) {
4184 		next = modl->modl_next;
4185 		req = modl->modl_modp;
4186 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4187 		req->mod_ref--;
4188 
4189 		/*
4190 		 * Check if the module has to be unloaded or not.
4191 		 */
4192 		if (req->mod_ref == 0 && req->mod_delay_unload) {
4193 			struct modctl_list *new;
4194 			/*
4195 			 * Allocate the modclt_list holding the garbage
4196 			 * module which should be unloaded later.
4197 			 */
4198 			new = kobj_zalloc(sizeof (struct modctl_list),
4199 			    KM_SLEEP);
4200 			new->modl_modp = req;
4201 
4202 			if (start == NULL)
4203 				mod_garbage = start = new;
4204 			else {
4205 				mod_garbage->modl_next = new;
4206 				mod_garbage = new;
4207 			}
4208 		}
4209 
4210 		/* free the list as we go */
4211 		kobj_free(modl, sizeof (*modl));
4212 	}
4213 	modp->mod_requisites = NULL;
4214 	mutex_exit(&mod_lock);
4215 
4216 	/*
4217 	 * Unload the garbage modules.
4218 	 */
4219 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4220 		struct modctl_list *old = mod_garbage;
4221 		struct modctl *mp = mod_garbage->modl_modp;
4222 		ASSERT(mp != NULL);
4223 
4224 		/*
4225 		 * Hold this module until it's unloaded completely.
4226 		 */
4227 		(void) mod_hold_by_modctl(mp,
4228 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4229 		/*
4230 		 * Check if the module is not unloaded yet and nobody requires
4231 		 * the module. If it's unloaded already or somebody still
4232 		 * requires the module, don't unload it now.
4233 		 */
4234 		if (mp->mod_loaded && mp->mod_ref == 0)
4235 			mod_unload(mp);
4236 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4237 		    (mp->mod_ref > 0));
4238 		mod_release_mod(mp);
4239 
4240 		mod_garbage = mod_garbage->modl_next;
4241 		kobj_free(old, sizeof (struct modctl_list));
4242 	}
4243 }
4244 
4245 /*
4246  * Process dependency of the module represented by "dep" on the
4247  * module named by "on."
4248  *
4249  * Called from kobj_do_dependents() to load a module "on" on which
4250  * "dep" depends.
4251  */
4252 struct modctl *
4253 mod_load_requisite(struct modctl *dep, char *on)
4254 {
4255 	struct modctl *on_mod;
4256 	int retval;
4257 
4258 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4259 		mod_make_requisite(dep, on_mod);
4260 	} else if (moddebug & MODDEBUG_ERRMSG) {
4261 		printf("error processing %s on which module %s depends\n",
4262 		    on, dep->mod_modname);
4263 	}
4264 	return (on_mod);
4265 }
4266 
4267 static int
4268 mod_install_requisites(struct modctl *modp)
4269 {
4270 	struct modctl_list *modl;
4271 	struct modctl *req;
4272 	int status = 0;
4273 
4274 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4275 	ASSERT(modp->mod_busy);
4276 
4277 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4278 		req = modl->modl_modp;
4279 		(void) mod_hold_by_modctl(req,
4280 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4281 		status = modinstall(req);
4282 		mod_release_mod(req);
4283 
4284 		if (status != 0)
4285 			break;
4286 	}
4287 	return (status);
4288 }
4289 
4290 /*
4291  * returns 1 if this thread is doing autounload, 0 otherwise.
4292  * see mod_uninstall_all.
4293  */
4294 int
4295 mod_in_autounload()
4296 {
4297 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4298 }
4299 
4300 /*
4301  * gmatch adapted from libc, stripping the wchar stuff
4302  */
4303 #define	popchar(p, c)	{ \
4304 		c = *p++; \
4305 		if (c == 0) { \
4306 			return (0); \
4307 		} \
4308 	}
4309 
4310 int
4311 gmatch(const char *s, const char *p)
4312 {
4313 	int c, sc;
4314 	int ok, lc, notflag;
4315 
4316 	sc = *s++;
4317 	c = *p++;
4318 	if (c == 0)
4319 		return (sc == c);	/* nothing matches nothing */
4320 
4321 	switch (c) {
4322 	case '\\':
4323 		/* skip to quoted character */
4324 		popchar(p, c);
4325 		/*FALLTHRU*/
4326 
4327 	default:
4328 		/* straight comparison */
4329 		if (c != sc)
4330 			return (0);
4331 		/*FALLTHRU*/
4332 
4333 	case '?':
4334 		/* first char matches, move to remainder */
4335 		return (sc != '\0' ? gmatch(s, p) : 0);
4336 
4337 
4338 	case '*':
4339 		while (*p == '*')
4340 			p++;
4341 
4342 		/* * matches everything */
4343 		if (*p == 0)
4344 			return (1);
4345 
4346 		/* undo skip at the beginning & iterate over substrings */
4347 		--s;
4348 		while (*s) {
4349 			if (gmatch(s, p))
4350 				return (1);
4351 			s++;
4352 		}
4353 		return (0);
4354 
4355 	case '[':
4356 		/* match any char within [] */
4357 		if (sc == 0)
4358 			return (0);
4359 
4360 		ok = lc = notflag = 0;
4361 
4362 		if (*p == '!') {
4363 			notflag = 1;
4364 			p++;
4365 		}
4366 		popchar(p, c);
4367 
4368 		do {
4369 			if (c == '-' && lc && *p != ']') {
4370 				/* test sc against range [c1-c2] */
4371 				popchar(p, c);
4372 				if (c == '\\') {
4373 					popchar(p, c);
4374 				}
4375 
4376 				if (notflag) {
4377 					/* return 0 on mismatch */
4378 					if (lc <= sc && sc <= c)
4379 						return (0);
4380 					ok++;
4381 				} else if (lc <= sc && sc <= c) {
4382 					ok++;
4383 				}
4384 				/* keep going, may get a match next */
4385 			} else if (c == '\\') {
4386 				/* skip to quoted character */
4387 				popchar(p, c);
4388 			}
4389 			lc = c;
4390 			if (notflag) {
4391 				if (sc == lc)
4392 					return (0);
4393 				ok++;
4394 			} else if (sc == lc) {
4395 				ok++;
4396 			}
4397 			popchar(p, c);
4398 		} while (c != ']');
4399 
4400 		/* recurse on remainder of string */
4401 		return (ok ? gmatch(s, p) : 0);
4402 	}
4403 	/*NOTREACHED*/
4404 }
4405 
4406 
4407 /*
4408  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4409  *
4410  * Pure wild-carded patterns are handled separately so the ordering of
4411  * these patterns doesn't matter.  We're still dependent on ordering
4412  * however as the first matching entry is the one returned.
4413  * Not ideal but all existing examples and usage do imply this
4414  * ordering implicitly.
4415  *
4416  * Drivers using the clone driver are always good for some entertainment.
4417  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4418  * perm entries have the form clone:<driver>, others use <driver>:*
4419  * Examples are clone:llc1 vs. llc2:*, for example.
4420  *
4421  * Minor perms in the clone:<driver> form are mapped to the drivers's
4422  * mperm list, not the clone driver, as wildcard entries for clone
4423  * reference only.  In other words, a clone wildcard will match
4424  * references for clone@0:<driver> but never <driver>@<minor>.
4425  *
4426  * Additional minor perms in the standard form are also supported,
4427  * for mixed usage, ie a node with an entry clone:<driver> could
4428  * provide further entries <driver>:<minor>.
4429  *
4430  * Finally, some uses of clone use an alias as the minor name rather
4431  * than the driver name, with the alias as the minor perm entry.
4432  * This case is handled by attaching the driver to bring its
4433  * minor list into existence, then discover the alias via DDI_ALIAS.
4434  * The clone device's minor perm list can then be searched for
4435  * that alias.
4436  */
4437 
4438 static int
4439 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4440 {
4441 	major_t			major;
4442 	struct devnames		*dnp;
4443 	mperm_t			*mp;
4444 	char			*alias = NULL;
4445 	dev_info_t		*cdevi;
4446 	int			circ;
4447 	struct ddi_minor_data	*dmd;
4448 
4449 	major = ddi_name_to_major(minor_name);
4450 
4451 	ASSERT(dip == clone_dip);
4452 	ASSERT(major != DDI_MAJOR_T_NONE);
4453 
4454 	/*
4455 	 * Attach the driver named by the minor node, then
4456 	 * search its first instance's minor list for an
4457 	 * alias node.
4458 	 */
4459 	if (ddi_hold_installed_driver(major) == NULL)
4460 		return (1);
4461 
4462 	dnp = &devnamesp[major];
4463 	LOCK_DEV_OPS(&dnp->dn_lock);
4464 
4465 	if ((cdevi = dnp->dn_head) != NULL) {
4466 		ndi_devi_enter(cdevi, &circ);
4467 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4468 			if (dmd->type == DDM_ALIAS) {
4469 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4470 				break;
4471 			}
4472 		}
4473 		ndi_devi_exit(cdevi, circ);
4474 	}
4475 
4476 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4477 	ddi_rele_driver(major);
4478 
4479 	if (alias == NULL) {
4480 		if (moddebug & MODDEBUG_MINORPERM)
4481 			cmn_err(CE_CONT, "dev_minorperm: "
4482 			    "no alias for %s\n", minor_name);
4483 		return (1);
4484 	}
4485 
4486 	major = ddi_driver_major(clone_dip);
4487 	dnp = &devnamesp[major];
4488 	LOCK_DEV_OPS(&dnp->dn_lock);
4489 
4490 	/*
4491 	 * Go through the clone driver's mperm list looking
4492 	 * for a match for the specified alias.
4493 	 */
4494 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4495 		if (strcmp(alias, mp->mp_minorname) == 0) {
4496 			break;
4497 		}
4498 	}
4499 
4500 	if (mp) {
4501 		if (moddebug & MODDEBUG_MP_MATCH) {
4502 			cmn_err(CE_CONT,
4503 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4504 			    minor_name, alias, mp->mp_mode,
4505 			    mp->mp_uid, mp->mp_gid);
4506 		}
4507 		rmp->mp_uid = mp->mp_uid;
4508 		rmp->mp_gid = mp->mp_gid;
4509 		rmp->mp_mode = mp->mp_mode;
4510 	}
4511 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4512 
4513 	kmem_free(alias, strlen(alias)+1);
4514 
4515 	return (mp == NULL);
4516 }
4517 
4518 int
4519 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4520 {
4521 	major_t major;
4522 	char *minor_name;
4523 	struct devnames *dnp;
4524 	mperm_t *mp;
4525 	int is_clone = 0;
4526 
4527 	if (!minorperm_loaded) {
4528 		if (moddebug & MODDEBUG_MINORPERM)
4529 			cmn_err(CE_CONT,
4530 			    "%s: minor perm not yet loaded\n", name);
4531 		return (1);
4532 	}
4533 
4534 	minor_name = strchr(name, ':');
4535 	if (minor_name == NULL)
4536 		return (1);
4537 	minor_name++;
4538 
4539 	/*
4540 	 * If it's the clone driver, search the driver as named
4541 	 * by the minor.  All clone minor perm entries other than
4542 	 * alias nodes are actually installed on the real driver's list.
4543 	 */
4544 	if (dip == clone_dip) {
4545 		major = ddi_name_to_major(minor_name);
4546 		if (major == DDI_MAJOR_T_NONE) {
4547 			if (moddebug & MODDEBUG_MINORPERM)
4548 				cmn_err(CE_CONT, "dev_minorperm: "
4549 				    "%s: no such driver\n", minor_name);
4550 			return (1);
4551 		}
4552 		is_clone = 1;
4553 	} else {
4554 		major = ddi_driver_major(dip);
4555 		ASSERT(major != DDI_MAJOR_T_NONE);
4556 	}
4557 
4558 	dnp = &devnamesp[major];
4559 	LOCK_DEV_OPS(&dnp->dn_lock);
4560 
4561 	/*
4562 	 * Go through the driver's mperm list looking for
4563 	 * a match for the specified minor.  If there's
4564 	 * no matching pattern, use the wild card.
4565 	 * Defer to the clone wild for clone if specified,
4566 	 * otherwise fall back to the normal form.
4567 	 */
4568 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4569 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
4570 			break;
4571 		}
4572 	}
4573 	if (mp == NULL) {
4574 		if (is_clone)
4575 			mp = dnp->dn_mperm_clone;
4576 		if (mp == NULL)
4577 			mp = dnp->dn_mperm_wild;
4578 	}
4579 
4580 	if (mp) {
4581 		if (moddebug & MODDEBUG_MP_MATCH) {
4582 			cmn_err(CE_CONT,
4583 			    "minor perm defaults: %s %s 0%o %d %d\n",
4584 			    name, mp->mp_minorname, mp->mp_mode,
4585 			    mp->mp_uid, mp->mp_gid);
4586 		}
4587 		rmp->mp_uid = mp->mp_uid;
4588 		rmp->mp_gid = mp->mp_gid;
4589 		rmp->mp_mode = mp->mp_mode;
4590 	}
4591 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4592 
4593 	/*
4594 	 * If no match can be found for a clone node,
4595 	 * search for a possible match for an alias.
4596 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4597 	 * with minor perm entry clone:ptmx.
4598 	 */
4599 	if (mp == NULL && is_clone) {
4600 		return (dev_alias_minorperm(dip, minor_name, rmp));
4601 	}
4602 
4603 	return (mp == NULL);
4604 }
4605 
4606 /*
4607  * dynamicaly reference load a dl module/library, returning handle
4608  */
4609 /*ARGSUSED*/
4610 ddi_modhandle_t
4611 ddi_modopen(const char *modname, int mode, int *errnop)
4612 {
4613 	char		*subdir;
4614 	char		*mod;
4615 	int		subdirlen;
4616 	struct modctl	*hmodp = NULL;
4617 	int		retval = EINVAL;
4618 
4619 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4620 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4621 		goto out;
4622 
4623 	/* find last '/' in modname */
4624 	mod = strrchr(modname, '/');
4625 
4626 	if (mod) {
4627 		/* for subdir string without modification to argument */
4628 		mod++;
4629 		subdirlen = mod - modname;
4630 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
4631 		(void) strlcpy(subdir, modname, subdirlen);
4632 	} else {
4633 		subdirlen = 0;
4634 		subdir = "misc";
4635 		mod = (char *)modname;
4636 	}
4637 
4638 	/* reference load with errno return value */
4639 	retval = modrload(subdir, mod, &hmodp);
4640 
4641 	if (subdirlen)
4642 		kmem_free(subdir, subdirlen);
4643 
4644 out:	if (errnop)
4645 		*errnop = retval;
4646 
4647 	if (moddebug & MODDEBUG_DDI_MOD)
4648 		printf("ddi_modopen %s mode %x: %s %p %d\n",
4649 		    modname ? modname : "<unknown>", mode,
4650 		    hmodp ? hmodp->mod_filename : "<unknown>",
4651 		    (void *)hmodp, retval);
4652 
4653 	return ((ddi_modhandle_t)hmodp);
4654 }
4655 
4656 /* lookup "name" in open dl module/library */
4657 void *
4658 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4659 {
4660 	struct modctl	*hmodp = (struct modctl *)h;
4661 	void		*f;
4662 	int		retval;
4663 
4664 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4665 	if ((hmodp == NULL) || (name == NULL) ||
4666 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4667 		f = NULL;
4668 		retval = EINVAL;
4669 	} else {
4670 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4671 		if (f)
4672 			retval = 0;
4673 		else
4674 			retval = ENOTSUP;
4675 	}
4676 
4677 	if (moddebug & MODDEBUG_DDI_MOD)
4678 		printf("ddi_modsym in %s of %s: %d %p\n",
4679 		    hmodp ? hmodp->mod_modname : "<unknown>",
4680 		    name ? name : "<unknown>", retval, f);
4681 
4682 	if (errnop)
4683 		*errnop = retval;
4684 	return (f);
4685 }
4686 
4687 /* dynamic (un)reference unload of an open dl module/library */
4688 int
4689 ddi_modclose(ddi_modhandle_t h)
4690 {
4691 	struct modctl	*hmodp = (struct modctl *)h;
4692 	struct modctl	*modp = NULL;
4693 	int		retval;
4694 
4695 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4696 	if ((hmodp == NULL) ||
4697 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4698 		retval = EINVAL;
4699 		goto out;
4700 	}
4701 
4702 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4703 	if (retval == EBUSY)
4704 		retval = 0;	/* EBUSY is not an error */
4705 
4706 	if (retval == 0) {
4707 		ASSERT(hmodp == modp);
4708 		if (hmodp != modp)
4709 			retval = EINVAL;
4710 	}
4711 
4712 out:	if (moddebug & MODDEBUG_DDI_MOD)
4713 		printf("ddi_modclose %s: %d\n",
4714 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
4715 
4716 	return (retval);
4717 }
4718