xref: /titanic_52/usr/src/uts/common/os/modctl.c (revision 554ff184129088135ad2643c1c9832174a17be88)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * modctl system call for loadable module support.
31  */
32 
33 #include <sys/param.h>
34 #include <sys/user.h>
35 #include <sys/systm.h>
36 #include <sys/exec.h>
37 #include <sys/file.h>
38 #include <sys/stat.h>
39 #include <sys/conf.h>
40 #include <sys/time.h>
41 #include <sys/reboot.h>
42 #include <sys/fs/ufs_fsdir.h>
43 #include <sys/kmem.h>
44 #include <sys/sysconf.h>
45 #include <sys/cmn_err.h>
46 #include <sys/ddi.h>
47 #include <sys/sunddi.h>
48 #include <sys/sunndi.h>
49 #include <sys/ndi_impldefs.h>
50 #include <sys/ddi_impldefs.h>
51 #include <sys/ddi_implfuncs.h>
52 #include <sys/bootconf.h>
53 #include <sys/dc_ki.h>
54 #include <sys/cladm.h>
55 #include <sys/dtrace.h>
56 #include <sys/kdi.h>
57 
58 #include <sys/devpolicy.h>
59 #include <sys/modctl.h>
60 #include <sys/kobj.h>
61 #include <sys/devops.h>
62 #include <sys/autoconf.h>
63 #include <sys/hwconf.h>
64 #include <sys/callb.h>
65 #include <sys/debug.h>
66 #include <sys/cpuvar.h>
67 #include <sys/sysmacros.h>
68 #include <sys/sysevent.h>
69 #include <sys/sysevent_impl.h>
70 #include <sys/instance.h>
71 #include <sys/modhash.h>
72 #include <sys/modhash_impl.h>
73 #include <sys/dacf_impl.h>
74 #include <sys/vfs.h>
75 #include <sys/pathname.h>
76 #include <sys/console.h>
77 #include <sys/policy.h>
78 #include <ipp/ipp_impl.h>
79 #include <sys/fs/dv_node.h>
80 #include <sys/strsubr.h>
81 
82 static int		mod_circdep(struct modctl *);
83 static int		modinfo(modid_t, struct modinfo *);
84 
85 static void		mod_uninstall_all(void);
86 static int		mod_getinfo(struct modctl *, struct modinfo *);
87 static struct modctl	*allocate_modp(char *, char *);
88 
89 static int		mod_load(struct modctl *, int);
90 static void		mod_unload(struct modctl *);
91 static int		modinstall(struct modctl *);
92 static int		moduninstall(struct modctl *);
93 
94 static struct modctl	*mod_hold_by_name_common(struct modctl *, char *);
95 static struct modctl	*mod_hold_by_id(modid_t);
96 static struct modctl	*mod_hold_next_by_id(modid_t);
97 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
98 static struct modctl	*mod_hold_installed_mod(char *, int, int *);
99 
100 static void		mod_release(struct modctl *);
101 static void		mod_make_requisite(struct modctl *, struct modctl *);
102 static int		mod_install_requisites(struct modctl *);
103 static void		check_esc_sequences(char *, char *);
104 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
105 
106 /*
107  * module loading thread control structure. Calls to kobj_load_module()() are
108  * handled off to a separate thead using this structure.
109  */
110 struct loadmt {
111 	ksema_t		sema;
112 	struct modctl	*mp;
113 	int		usepath;
114 	kthread_t	*owner;
115 	int		retval;
116 };
117 
118 static void	modload_thread(struct loadmt *);
119 
120 kcondvar_t	mod_cv;
121 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
122 					/* and the uninstall daemon. */
123 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
124 					/* mod_busy, mod_want, and mod_ref. */
125 					/* blocking operations while holding */
126 					/* mod_lock should be avoided */
127 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
128 kthread_id_t	mod_aul_thread;
129 
130 int	isminiroot;		/* set if running as miniroot */
131 int	modrootloaded;		/* set after root driver and fs are loaded */
132 int	moddebug = 0x0;		/* debug flags for module writers */
133 int	swaploaded;		/* set after swap driver and fs are loaded */
134 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
135 int	last_module_id;
136 clock_t	mod_uninstall_interval = 0;
137 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
138 
139 struct devnames *devnamesp;
140 struct devnames orphanlist;
141 
142 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
143 
144 #define	MAJBINDFILE "/etc/name_to_major"
145 #define	SYSBINDFILE "/etc/name_to_sysnum"
146 
147 static char	majbind[] = MAJBINDFILE;
148 static char	sysbind[] = SYSBINDFILE;
149 static uint_t	mod_autounload_key;	/* for module autounload detection */
150 
151 extern int obpdebug;
152 extern int make_mbind(char *, int, char *, struct bind **);
153 
154 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
155 
156 static int minorperm_loaded = 0;
157 
158 
159 
160 void
161 mod_setup(void)
162 {
163 	struct sysent *callp;
164 	int callnum, exectype;
165 	int	num_devs;
166 	int	i;
167 
168 	/*
169 	 * Initialize the list of loaded driver dev_ops.
170 	 * XXX - This must be done before reading the system file so that
171 	 * forceloads of drivers will work.
172 	 */
173 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
174 	/*
175 	 * Since read_binding_file is common code, it doesn't enforce that all
176 	 * of the binding file entries have major numbers <= MAXMAJ32.  Thus,
177 	 * ensure that we don't allocate some massive amount of space due to a
178 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
179 	 * until file system support for larger major numbers exists.
180 	 */
181 
182 	/*
183 	 * Leave space for expansion, but not more than L_MAXMAJ32
184 	 */
185 	devcnt = MIN(num_devs + 30, L_MAXMAJ32);
186 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
187 	for (i = 0; i < devcnt; i++)
188 		devopsp[i] = &mod_nodev_ops;
189 
190 	init_devnamesp(devcnt);
191 
192 	/*
193 	 * Sync up with the work that the stand-alone linker has already done.
194 	 */
195 	(void) kobj_sync();
196 
197 	if (boothowto & RB_DEBUG)
198 		kdi_dvec_modavail();
199 
200 	make_aliases(mb_hashtab);
201 
202 	/*
203 	 * Initialize streams device implementation structures.
204 	 */
205 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
206 
207 	/*
208 	 * If the cl_bootstrap module is present,
209 	 * we should be configured as a cluster. Loading this module
210 	 * will set "cluster_bootflags" to non-zero.
211 	 */
212 	(void) modload("misc", "cl_bootstrap");
213 
214 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
215 	init_syscallnames(NSYSCALL);
216 
217 	/*
218 	 * Start up dynamic autoconfiguration framework (dacf).
219 	 */
220 	mod_hash_init();
221 	dacf_init();
222 
223 	/*
224 	 * Start up IP policy framework (ipp).
225 	 */
226 	ipp_init();
227 
228 	/*
229 	 * Allocate loadable native system call locks.
230 	 */
231 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
232 	    callnum++, callp++) {
233 		if (LOADABLE_SYSCALL(callp)) {
234 			if (mod_getsysname(callnum) != NULL) {
235 				callp->sy_lock =
236 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
237 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
238 			} else {
239 				callp->sy_flags &= ~SE_LOADABLE;
240 				callp->sy_callc = nosys;
241 			}
242 #ifdef DEBUG
243 		} else {
244 			/*
245 			 * Do some sanity checks on the sysent table
246 			 */
247 			switch (callp->sy_flags & SE_RVAL_MASK) {
248 			case SE_32RVAL1:
249 				/* only r_val1 returned */
250 			case SE_32RVAL1 | SE_32RVAL2:
251 				/* r_val1 and r_val2 returned */
252 			case SE_64RVAL:
253 				/* 64-bit rval returned */
254 				break;
255 			default:
256 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
257 				    callnum, callp->sy_flags);
258 			}
259 #endif
260 		}
261 	}
262 
263 #ifdef _SYSCALL32_IMPL
264 	/*
265 	 * Allocate loadable system call locks for 32-bit compat syscalls
266 	 */
267 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
268 	    callnum++, callp++) {
269 		if (LOADABLE_SYSCALL(callp)) {
270 			if (mod_getsysname(callnum) != NULL) {
271 				callp->sy_lock =
272 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
273 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
274 			} else {
275 				callp->sy_flags &= ~SE_LOADABLE;
276 				callp->sy_callc = nosys;
277 			}
278 #ifdef DEBUG
279 		} else {
280 			/*
281 			 * Do some sanity checks on the sysent table
282 			 */
283 			switch (callp->sy_flags & SE_RVAL_MASK) {
284 			case SE_32RVAL1:
285 				/* only r_val1 returned */
286 			case SE_32RVAL1 | SE_32RVAL2:
287 				/* r_val1 and r_val2 returned */
288 			case SE_64RVAL:
289 				/* 64-bit rval returned */
290 				break;
291 			default:
292 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
293 				    callnum, callp->sy_flags);
294 				goto skip;
295 			}
296 
297 			/*
298 			 * Cross-check the native and compatibility tables.
299 			 */
300 			if (callp->sy_callc == nosys ||
301 			    sysent[callnum].sy_callc == nosys)
302 				continue;
303 			/*
304 			 * If only one or the other slot is loadable, then
305 			 * there's an error -- they should match!
306 			 */
307 			if ((callp->sy_callc == loadable_syscall) ^
308 			    (sysent[callnum].sy_callc == loadable_syscall)) {
309 				cmn_err(CE_WARN, "sysent[%d] loadable?",
310 				    callnum);
311 			}
312 			/*
313 			 * This is more of a heuristic test -- if the
314 			 * system call returns two values in the 32-bit
315 			 * world, it should probably return two 32-bit
316 			 * values in the 64-bit world too.
317 			 */
318 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
319 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
320 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
321 				    callnum);
322 			}
323 skip:;
324 #endif	/* DEBUG */
325 		}
326 	}
327 #endif	/* _SYSCALL32_IMPL */
328 
329 	/*
330 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
331 	 */
332 	for (exectype = 0; exectype < nexectype; exectype++) {
333 		execsw[exectype].exec_lock =
334 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
335 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
336 	}
337 
338 	read_class_file();
339 
340 	/* init thread specific structure for mod_uninstall_all */
341 	tsd_create(&mod_autounload_key, NULL);
342 }
343 
344 static int
345 modctl_modload(int use_path, char *filename, int *rvp)
346 {
347 	struct modctl *modp;
348 	int retval = 0;
349 	char *filenamep;
350 	int modid;
351 
352 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
353 
354 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
355 		retval = EFAULT;
356 		goto out;
357 	}
358 
359 	filenamep[MOD_MAXPATH - 1] = 0;
360 	modp = mod_hold_installed_mod(filenamep, use_path, &retval);
361 
362 	if (modp == NULL)
363 		goto out;
364 
365 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
366 	modid = modp->mod_id;
367 	mod_release_mod(modp);
368 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
369 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
370 		retval = EFAULT;
371 out:
372 	kmem_free(filenamep, MOD_MAXPATH);
373 
374 	return (retval);
375 }
376 
377 static int
378 modctl_modunload(modid_t id)
379 {
380 	int rval = 0;
381 
382 	if (id == 0) {
383 #ifdef DEBUG
384 		/*
385 		 * Turn on mod_uninstall_daemon
386 		 */
387 		if (mod_uninstall_interval == 0) {
388 			mod_uninstall_interval = 60;
389 			modreap();
390 			return (rval);
391 		}
392 #endif
393 		mod_uninstall_all();
394 	} else {
395 		(void) devfs_clean(ddi_root_node(), NULL, 0);
396 		rval = modunload(id);
397 	}
398 	return (rval);
399 }
400 
401 static int
402 modctl_modinfo(modid_t id, struct modinfo *umodi)
403 {
404 	int retval;
405 	struct modinfo modi;
406 #if defined(_SYSCALL32_IMPL)
407 	int nobase;
408 	struct modinfo32 modi32;
409 #endif
410 
411 	if (get_udatamodel() == DATAMODEL_NATIVE) {
412 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
413 			return (EFAULT);
414 	}
415 #ifdef _SYSCALL32_IMPL
416 	else {
417 		bzero(&modi, sizeof (modi));
418 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
419 			return (EFAULT);
420 		modi.mi_info = modi32.mi_info;
421 		modi.mi_id = modi32.mi_id;
422 		modi.mi_nextid = modi32.mi_nextid;
423 		nobase = modi.mi_info & MI_INFO_NOBASE;
424 	}
425 #endif
426 	/*
427 	 * This flag is -only- for the kernels use.
428 	 */
429 	modi.mi_info &= ~MI_INFO_LINKAGE;
430 
431 	retval = modinfo(id, &modi);
432 	if (retval)
433 		return (retval);
434 
435 	if (get_udatamodel() == DATAMODEL_NATIVE) {
436 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
437 			retval = EFAULT;
438 #ifdef _SYSCALL32_IMPL
439 	} else {
440 		int i;
441 
442 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
443 			return (EOVERFLOW);
444 
445 		modi32.mi_info = modi.mi_info;
446 		modi32.mi_state = modi.mi_state;
447 		modi32.mi_id = modi.mi_id;
448 		modi32.mi_nextid = modi.mi_nextid;
449 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
450 		modi32.mi_size = modi.mi_size;
451 		modi32.mi_rev = modi.mi_rev;
452 		modi32.mi_loadcnt = modi.mi_loadcnt;
453 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
454 		for (i = 0; i < MODMAXLINK32; i++) {
455 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
456 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
457 			    modi32.mi_msinfo[i].msi_linkinfo,
458 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
459 		}
460 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
461 			retval = EFAULT;
462 #endif
463 	}
464 
465 	return (retval);
466 }
467 
468 /*
469  * Return the last major number in the range of permissible major numbers.
470  */
471 /*ARGSUSED*/
472 static int
473 modctl_modreserve(modid_t id, int *data)
474 {
475 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
476 		return (EFAULT);
477 	return (0);
478 }
479 
480 static int
481 modctl_add_major(int *data)
482 {
483 	struct modconfig mc;
484 	int i, rv;
485 	struct aliases alias;
486 	struct aliases *ap;
487 	char name[MAXMODCONFNAME];
488 	char cname[MAXMODCONFNAME];
489 	char *drvname;
490 
491 	bzero(&mc, sizeof (struct modconfig));
492 	if (get_udatamodel() == DATAMODEL_NATIVE) {
493 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
494 			return (EFAULT);
495 	}
496 #ifdef _SYSCALL32_IMPL
497 	else {
498 		struct modconfig32 modc32;
499 
500 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
501 			return (EFAULT);
502 		else {
503 			bcopy(modc32.drvname, mc.drvname,
504 			    sizeof (modc32.drvname));
505 			bcopy(modc32.drvclass, mc.drvclass,
506 			    sizeof (modc32.drvclass));
507 			mc.major = modc32.major;
508 			mc.num_aliases = modc32.num_aliases;
509 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
510 		}
511 	}
512 #endif
513 
514 	/*
515 	 * If the driver is already in the mb_hashtab, and the name given
516 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
517 	 * we may be adding aliases.
518 	 */
519 	if ((drvname = mod_major_to_name(mc.major)) != NULL &&
520 	    strcmp(drvname, mc.drvname) != 0)
521 		return (EINVAL);
522 
523 	/*
524 	 * Add each supplied driver alias to mb_hashtab
525 	 */
526 	ap = mc.ap;
527 	for (i = 0; i < mc.num_aliases; i++) {
528 		bzero(&alias, sizeof (struct aliases));
529 
530 		if (get_udatamodel() == DATAMODEL_NATIVE) {
531 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0)
532 				return (EFAULT);
533 
534 			if (alias.a_len > MAXMODCONFNAME)
535 				return (EINVAL);
536 
537 			if (copyin(alias.a_name, name, alias.a_len) != 0)
538 				return (EFAULT);
539 
540 			if (name[alias.a_len - 1] != '\0')
541 				return (EINVAL);
542 		}
543 #ifdef _SYSCALL32_IMPL
544 		else {
545 			struct aliases32 al32;
546 
547 			bzero(&al32, sizeof (struct aliases32));
548 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0)
549 				return (EFAULT);
550 
551 			if (al32.a_len > MAXMODCONFNAME)
552 				return (EINVAL);
553 
554 			if (copyin((void *)(uintptr_t)al32.a_name,
555 			    name, al32.a_len) != 0)
556 				return (EFAULT);
557 
558 			if (name[al32.a_len - 1] != '\0')
559 				return (EINVAL);
560 
561 			alias.a_next = (void *)(uintptr_t)al32.a_next;
562 		}
563 #endif
564 		check_esc_sequences(name, cname);
565 		(void) make_mbind(cname, mc.major, NULL, mb_hashtab);
566 		ap = alias.a_next;
567 	}
568 
569 	/*
570 	 * Try to establish an mbinding for mc.drvname, and add it to devnames.
571 	 * Add class if any after establishing the major number
572 	 */
573 	(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
574 	rv = make_devname(mc.drvname, mc.major);
575 
576 	if (rv == 0) {
577 		if (mc.drvclass[0] != '\0')
578 			add_class(mc.drvname, mc.drvclass);
579 		(void) i_ddi_load_drvconf(mc.major);
580 		i_ddi_bind_devs();
581 		i_ddi_di_cache_invalidate(KM_SLEEP);
582 	}
583 	return (rv);
584 }
585 
586 static int
587 modctl_rem_major(major_t major)
588 {
589 	struct devnames *dnp;
590 
591 	if (major >= devcnt)
592 		return (EINVAL);
593 
594 	/* mark devnames as removed */
595 	dnp = &devnamesp[major];
596 	LOCK_DEV_OPS(&dnp->dn_lock);
597 	if (dnp->dn_name == NULL ||
598 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
599 		UNLOCK_DEV_OPS(&dnp->dn_lock);
600 		return (EINVAL);
601 	}
602 	dnp->dn_flags |= DN_DRIVER_REMOVED;
603 	pm_driver_removed(major);
604 	UNLOCK_DEV_OPS(&dnp->dn_lock);
605 
606 	(void) i_ddi_unload_drvconf(major);
607 	i_ddi_unbind_devs(major);
608 	i_ddi_di_cache_invalidate(KM_SLEEP);
609 	return (0);
610 }
611 
612 static struct vfs *
613 path_to_vfs(char *name)
614 {
615 	vnode_t *vp;
616 	struct vfs *vfsp;
617 
618 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
619 		return (NULL);
620 
621 	vfsp = vp->v_vfsp;
622 	VN_RELE(vp);
623 	return (vfsp);
624 }
625 
626 static int
627 new_vfs_in_modpath()
628 {
629 	static int n_modpath = 0;
630 	static char *modpath_copy;
631 	static struct pathvfs {
632 		char *path;
633 		struct vfs *vfsp;
634 	} *pathvfs;
635 
636 	int i, new_vfs = 0;
637 	char *tmp, *tmp1;
638 	struct vfs *vfsp;
639 
640 	if (n_modpath != 0) {
641 		for (i = 0; i < n_modpath; i++) {
642 			vfsp = path_to_vfs(pathvfs[i].path);
643 			if (vfsp != pathvfs[i].vfsp) {
644 				pathvfs[i].vfsp = vfsp;
645 				if (vfsp)
646 					new_vfs = 1;
647 			}
648 		}
649 		return (new_vfs);
650 	}
651 
652 	/*
653 	 * First call, initialize the pathvfs structure
654 	 */
655 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
656 	tmp = modpath_copy;
657 	n_modpath = 1;
658 	tmp1 = strchr(tmp, ' ');
659 	while (tmp1) {
660 		*tmp1 = '\0';
661 		n_modpath++;
662 		tmp = tmp1 + 1;
663 		tmp1 = strchr(tmp, ' ');
664 	}
665 
666 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
667 	tmp = modpath_copy;
668 	for (i = 0; i < n_modpath; i++) {
669 		pathvfs[i].path = tmp;
670 		vfsp = path_to_vfs(tmp);
671 		pathvfs[i].vfsp = vfsp;
672 		tmp += strlen(tmp) + 1;
673 	}
674 	return (1);	/* always reread driver.conf the first time */
675 }
676 
677 static int modctl_load_drvconf(major_t major)
678 {
679 	int ret;
680 
681 	if (major != (major_t)-1) {
682 		ret = i_ddi_load_drvconf(major);
683 		if (ret == 0)
684 			i_ddi_bind_devs();
685 		return (ret);
686 	}
687 
688 	/*
689 	 * We are invoked to rescan new driver.conf files. It is
690 	 * only necessary if a new file system was mounted in the
691 	 * module_path. Because rescanning driver.conf files can
692 	 * take some time on older platforms (sun4m), the following
693 	 * code skips unnecessary driver.conf rescans to optimize
694 	 * boot performance.
695 	 */
696 	if (new_vfs_in_modpath()) {
697 		(void) i_ddi_load_drvconf((major_t)-1);
698 		/*
699 		 * If we are still initializing io subsystem,
700 		 * load drivers with ddi-forceattach property
701 		 */
702 		if (!i_ddi_io_initialized())
703 			i_ddi_forceattach_drivers();
704 	}
705 	return (0);
706 }
707 
708 static int
709 modctl_unload_drvconf(major_t major)
710 {
711 	int ret;
712 
713 	if (major >= devcnt)
714 		return (EINVAL);
715 
716 	ret = i_ddi_unload_drvconf(major);
717 	if (ret != 0)
718 		return (ret);
719 	(void) i_ddi_unbind_devs(major);
720 
721 	return (0);
722 }
723 
724 static void
725 check_esc_sequences(char *str, char *cstr)
726 {
727 	int i;
728 	size_t len;
729 	char *p;
730 
731 	len = strlen(str);
732 	for (i = 0; i < len; i++, str++, cstr++) {
733 		if (*str != '\\') {
734 			*cstr = *str;
735 		} else {
736 			p = str + 1;
737 			/*
738 			 * we only handle octal escape sequences for SPACE
739 			 */
740 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
741 				*cstr = ' ';
742 				str += 3;
743 			} else {
744 				*cstr = *str;
745 			}
746 		}
747 	}
748 	*cstr = 0;
749 }
750 
751 static int
752 modctl_getmodpathlen(int *data)
753 {
754 	int len;
755 	len = strlen(default_path);
756 	if (copyout(&len, data, sizeof (len)) != 0)
757 		return (EFAULT);
758 	return (0);
759 }
760 
761 static int
762 modctl_getmodpath(char *data)
763 {
764 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
765 		return (EFAULT);
766 	return (0);
767 }
768 
769 static int
770 modctl_read_sysbinding_file(void)
771 {
772 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
773 	return (0);
774 }
775 
776 static int
777 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
778 {
779 	char name[256];
780 	int retval;
781 	major_t major;
782 
783 	if ((retval = copyinstr(uname, name,
784 	    (ulen < 256) ? ulen : 256, 0)) != 0)
785 		return (retval);
786 	if ((major = mod_name_to_major(name)) == (major_t)-1)
787 		return (ENODEV);
788 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
789 		return (EFAULT);
790 	return (0);
791 }
792 
793 static int
794 modctl_getname(char *uname, uint_t ulen, int *umajorp)
795 {
796 	char *name;
797 	major_t major;
798 
799 	if (copyin(umajorp, &major, sizeof (major)) != 0)
800 		return (EFAULT);
801 	if ((name = mod_major_to_name(major)) == NULL)
802 		return (ENODEV);
803 	if ((strlen(name) + 1) > ulen)
804 		return (ENOSPC);
805 	return (copyoutstr(name, uname, ulen, NULL));
806 }
807 
808 static int
809 modctl_devt2instance(dev_t dev, int *uinstancep)
810 {
811 	int	instance;
812 
813 	if ((instance = dev_to_instance(dev)) == -1)
814 		return (EINVAL);
815 
816 	return (copyout(&instance, uinstancep, sizeof (int)));
817 }
818 
819 /*
820  * Return the sizeof of the device id.
821  */
822 static int
823 modctl_sizeof_devid(dev_t dev, uint_t *len)
824 {
825 	uint_t		sz;
826 	ddi_devid_t	devid;
827 
828 	/* get device id */
829 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
830 		return (EINVAL);
831 
832 	sz = ddi_devid_sizeof(devid);
833 	ddi_devid_free(devid);
834 
835 	/* copyout device id size */
836 	if (copyout(&sz, len, sizeof (sz)) != 0)
837 		return (EFAULT);
838 
839 	return (0);
840 }
841 
842 /*
843  * Return a copy of the device id.
844  */
845 static int
846 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
847 {
848 	uint_t		sz;
849 	ddi_devid_t	devid;
850 	int		err = 0;
851 
852 	/* get device id */
853 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
854 		return (EINVAL);
855 
856 	sz = ddi_devid_sizeof(devid);
857 
858 	/* Error if device id is larger than space allocated */
859 	if (sz > len) {
860 		ddi_devid_free(devid);
861 		return (ENOSPC);
862 	}
863 
864 	/* copy out device id */
865 	if (copyout(devid, udevid, sz) != 0)
866 		err = EFAULT;
867 	ddi_devid_free(devid);
868 	return (err);
869 }
870 
871 /*
872  * return the /devices paths associated with the specified devid and
873  * minor name.
874  */
875 /*ARGSUSED*/
876 static int
877 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
878 	size_t *ulensp, char *upaths)
879 {
880 	ddi_devid_t	devid = NULL;
881 	int		devid_len;
882 	char		*minor_name = NULL;
883 	dev_info_t	*dip = NULL;
884 	struct ddi_minor_data   *dmdp;
885 	char		*path = NULL;
886 	int		ulens;
887 	int		lens;
888 	int		len;
889 	dev_t		*devlist = NULL;
890 	int		ndevs;
891 	int		i;
892 	int		ret = 0;
893 
894 	/*
895 	 * If upaths is NULL then we are only computing the amount of space
896 	 * needed to hold the paths and returning the value in *ulensp. If we
897 	 * are copying out paths then we get the amount of space allocated by
898 	 * the caller. If the actual space needed for paths is larger, or
899 	 * things are changing out from under us, then we return EAGAIN.
900 	 */
901 	if (upaths) {
902 		if (ulensp == NULL)
903 			return (EINVAL);
904 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
905 			return (EFAULT);
906 	}
907 
908 	/*
909 	 * copyin enough of the devid to determine the length then
910 	 * reallocate and copy in the entire devid.
911 	 */
912 	devid_len = ddi_devid_sizeof(NULL);
913 	devid = kmem_alloc(devid_len, KM_SLEEP);
914 	if (copyin(udevid, devid, devid_len)) {
915 		ret = EFAULT;
916 		goto out;
917 	}
918 	len = devid_len;
919 	devid_len = ddi_devid_sizeof(devid);
920 	kmem_free(devid, len);
921 	devid = kmem_alloc(devid_len, KM_SLEEP);
922 	if (copyin(udevid, devid, devid_len)) {
923 		ret = EFAULT;
924 		goto out;
925 	}
926 
927 	/* copyin the minor name if specified. */
928 	minor_name = uminor_name;
929 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
930 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
931 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
932 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
933 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
934 			ret = EFAULT;
935 			goto out;
936 		}
937 	}
938 
939 	/*
940 	 * Use existing function to resolve the devid into a devlist.
941 	 *
942 	 * NOTE: there is a loss of spectype information in the current
943 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
944 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
945 	 * node forms in the loop processing the devlist below. It would be
946 	 * best if at some point the use of this interface here was replaced
947 	 * with a path oriented call.
948 	 */
949 	if (ddi_lyr_devid_to_devlist(devid,
950 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
951 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
952 	    &ndevs, &devlist) != DDI_SUCCESS) {
953 		ret = EINVAL;
954 		goto out;
955 	}
956 
957 	/*
958 	 * loop over the devlist, converting each devt to a path and doing
959 	 * a copyout of the path and computation of the amount of space
960 	 * needed to hold all the paths
961 	 */
962 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
963 	for (i = 0, lens = 0; i < ndevs; i++) {
964 
965 		/* find the dip associated with the dev_t */
966 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
967 			continue;
968 
969 		/* loop over all the minor nodes, skipping ones we don't want */
970 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
971 			if ((dmdp->ddm_dev != devlist[i]) ||
972 			    (dmdp->type != DDM_MINOR))
973 				continue;
974 
975 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
976 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
977 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
978 			    strcmp(minor_name, dmdp->ddm_name))
979 				continue;
980 			else {
981 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
982 				    (dmdp->ddm_spec_type != S_IFCHR))
983 					continue;
984 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
985 				    (dmdp->ddm_spec_type != S_IFBLK))
986 					continue;
987 			}
988 
989 			/* XXX need ddi_pathname_minor(dmdp, path); interface */
990 			if (ddi_dev_pathname(dmdp->ddm_dev, dmdp->ddm_spec_type,
991 			    path) != DDI_SUCCESS) {
992 				ret = EAGAIN;
993 				goto out;
994 			}
995 			len = strlen(path) + 1;
996 			*(path + len) = '\0';	/* set double termination */
997 			lens += len;
998 
999 			/* copyout the path with double terminations */
1000 			if (upaths) {
1001 				if (lens > ulens) {
1002 					ret = EAGAIN;
1003 					goto out;
1004 				}
1005 				if (copyout(path, upaths, len + 1)) {
1006 					ret = EFAULT;
1007 					goto out;
1008 				}
1009 				upaths += len;
1010 			}
1011 		}
1012 		ddi_release_devi(dip);
1013 		dip = NULL;
1014 	}
1015 	lens++;		/* add one for double termination */
1016 
1017 	/* copy out the amount of space needed to hold the paths */
1018 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1019 		ret = EFAULT;
1020 		goto out;
1021 	}
1022 	ret = 0;
1023 
1024 out:	if (dip)
1025 		ddi_release_devi(dip);
1026 	if (path)
1027 		kmem_free(path, MAXPATHLEN);
1028 	if (devlist)
1029 		ddi_lyr_free_devlist(devlist, ndevs);
1030 	if (minor_name &&
1031 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1032 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1033 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1034 		kmem_free(minor_name, MAXPATHLEN);
1035 	if (devid)
1036 		kmem_free(devid, devid_len);
1037 	return (ret);
1038 }
1039 
1040 /*
1041  * Return the size of the minor name.
1042  */
1043 static int
1044 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1045 {
1046 	uint_t	sz;
1047 	char	*name;
1048 
1049 	/* get the minor name */
1050 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1051 		return (EINVAL);
1052 
1053 	sz = strlen(name) + 1;
1054 	kmem_free(name, sz);
1055 
1056 	/* copy out the size of the minor name */
1057 	if (copyout(&sz, len, sizeof (sz)) != 0)
1058 		return (EFAULT);
1059 
1060 	return (0);
1061 }
1062 
1063 /*
1064  * Return the minor name.
1065  */
1066 static int
1067 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1068 {
1069 	uint_t	sz;
1070 	char	*name;
1071 	int	err = 0;
1072 
1073 	/* get the minor name */
1074 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1075 		return (EINVAL);
1076 
1077 	sz = strlen(name) + 1;
1078 
1079 	/* Error if the minor name is larger than the space allocated */
1080 	if (sz > len) {
1081 		kmem_free(name, sz);
1082 		return (ENOSPC);
1083 	}
1084 
1085 	/* copy out the minor name */
1086 	if (copyout(name, uname, sz) != 0)
1087 		err = EFAULT;
1088 	kmem_free(name, sz);
1089 	return (err);
1090 }
1091 
1092 /*
1093  * Return the size of the devfspath name.
1094  */
1095 static int
1096 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1097 {
1098 	uint_t	sz;
1099 	char	*name;
1100 
1101 	/* get the path name */
1102 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1103 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1104 		kmem_free(name, MAXPATHLEN);
1105 		return (EINVAL);
1106 	}
1107 
1108 	sz = strlen(name) + 1;
1109 	kmem_free(name, MAXPATHLEN);
1110 
1111 	/* copy out the size of the path name */
1112 	if (copyout(&sz, len, sizeof (sz)) != 0)
1113 		return (EFAULT);
1114 
1115 	return (0);
1116 }
1117 
1118 /*
1119  * Return the devfspath name.
1120  */
1121 static int
1122 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1123 {
1124 	uint_t	sz;
1125 	char	*name;
1126 	int	err = 0;
1127 
1128 	/* get the path name */
1129 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1130 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1131 		kmem_free(name, MAXPATHLEN);
1132 		return (EINVAL);
1133 	}
1134 
1135 	sz = strlen(name) + 1;
1136 
1137 	/* Error if the path name is larger than the space allocated */
1138 	if (sz > len) {
1139 		kmem_free(name, MAXPATHLEN);
1140 		return (ENOSPC);
1141 	}
1142 
1143 	/* copy out the path name */
1144 	if (copyout(name, uname, sz) != 0)
1145 		err = EFAULT;
1146 	kmem_free(name, MAXPATHLEN);
1147 	return (err);
1148 }
1149 
1150 static int
1151 modctl_get_fbname(char *path)
1152 {
1153 	extern dev_t fbdev;
1154 	char *pathname = NULL;
1155 	int rval = 0;
1156 
1157 	/* make sure fbdev is set before we plunge in */
1158 	if (fbdev == NODEV)
1159 		return (ENODEV);
1160 
1161 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1162 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1163 	    pathname)) == DDI_SUCCESS) {
1164 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1165 			rval = EFAULT;
1166 		}
1167 	}
1168 	kmem_free(pathname, MAXPATHLEN);
1169 	return (rval);
1170 }
1171 
1172 /*
1173  * modctl_reread_dacf()
1174  *	Reread the dacf rules database from the named binding file.
1175  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1176  */
1177 static int
1178 modctl_reread_dacf(char *path)
1179 {
1180 	int rval = 0;
1181 	char *filename, *filenamep;
1182 
1183 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1184 
1185 	if (path == NULL) {
1186 		filenamep = NULL;
1187 	} else {
1188 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1189 			rval = EFAULT;
1190 			goto out;
1191 		}
1192 		filenamep = filename;
1193 		filenamep[MAXPATHLEN - 1] = '\0';
1194 	}
1195 
1196 	rval = read_dacf_binding_file(filenamep);
1197 out:
1198 	kmem_free(filename, MAXPATHLEN);
1199 	return (rval);
1200 }
1201 
1202 /*ARGSUSED*/
1203 static int
1204 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1205     uint_t flag)
1206 {
1207 	int error = 0;
1208 	char *filenamep;
1209 
1210 	switch (subcmd) {
1211 
1212 	case MODEVENTS_FLUSH:
1213 		/* flush all currently queued events */
1214 		log_sysevent_flushq(subcmd, flag);
1215 		break;
1216 
1217 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1218 		/*
1219 		 * bind door_upcall to filename
1220 		 * this should only be done once per invocation
1221 		 * of the event daemon.
1222 		 */
1223 
1224 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1225 
1226 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1227 			error = EFAULT;
1228 		} else {
1229 			error = log_sysevent_filename(filenamep);
1230 		}
1231 		kmem_free(filenamep, MOD_MAXPATH);
1232 		break;
1233 
1234 	case MODEVENTS_GETDATA:
1235 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1236 		    (size_t)a3, (caddr_t)a4);
1237 		break;
1238 
1239 	case MODEVENTS_FREEDATA:
1240 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1241 		break;
1242 	case MODEVENTS_POST_EVENT:
1243 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1244 			(sysevent_id_t *)a4);
1245 		break;
1246 	case MODEVENTS_REGISTER_EVENT:
1247 		error = log_sysevent_register((char *)a2, (char *)a3,
1248 		    (se_pubsub_t *)a4);
1249 		break;
1250 	default:
1251 		error = EINVAL;
1252 	}
1253 
1254 	return (error);
1255 }
1256 
1257 static void
1258 free_mperm(mperm_t *mp)
1259 {
1260 	int len;
1261 
1262 	if (mp->mp_minorname) {
1263 		len = strlen(mp->mp_minorname) + 1;
1264 		kmem_free(mp->mp_minorname, len);
1265 	}
1266 	kmem_free(mp, sizeof (mperm_t));
1267 }
1268 
1269 #define	MP_NO_DRV_ERR	\
1270 	"/etc/minor_perm: no driver for %s\n"
1271 
1272 #define	MP_EMPTY_MINOR	\
1273 	"/etc/minor_perm: empty minor name for driver %s\n"
1274 
1275 #define	MP_NO_MINOR	\
1276 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1277 
1278 /*
1279  * Remove mperm entry with matching minorname
1280  */
1281 static void
1282 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1283 {
1284 	mperm_t **mp_head;
1285 	mperm_t *freemp = NULL;
1286 	struct devnames *dnp = &devnamesp[major];
1287 	mperm_t **wildmp;
1288 
1289 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1290 
1291 	LOCK_DEV_OPS(&dnp->dn_lock);
1292 	if (strcmp(mp->mp_minorname, "*") == 0) {
1293 		wildmp = ((is_clone == 0) ?
1294 			&dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1295 		if (*wildmp)
1296 			freemp = *wildmp;
1297 		*wildmp = NULL;
1298 	} else {
1299 		mp_head = &dnp->dn_mperm;
1300 		while (*mp_head) {
1301 			if (strcmp((*mp_head)->mp_minorname,
1302 			    mp->mp_minorname) != 0) {
1303 				mp_head = &(*mp_head)->mp_next;
1304 				continue;
1305 			}
1306 			/* remove the entry */
1307 			freemp = *mp_head;
1308 			*mp_head = freemp->mp_next;
1309 			break;
1310 		}
1311 	}
1312 	if (freemp) {
1313 		if (moddebug & MODDEBUG_MINORPERM) {
1314 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1315 			    drvname, freemp->mp_minorname,
1316 			    freemp->mp_mode & 0777,
1317 			    freemp->mp_uid, freemp->mp_gid);
1318 		}
1319 		free_mperm(freemp);
1320 	} else {
1321 		if (moddebug & MODDEBUG_MINORPERM) {
1322 			cmn_err(CE_CONT, MP_NO_MINOR,
1323 				drvname, mp->mp_minorname);
1324 		}
1325 	}
1326 
1327 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1328 }
1329 
1330 /*
1331  * Add minor perm entry
1332  */
1333 static void
1334 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1335 {
1336 	mperm_t **mp_head;
1337 	mperm_t *freemp = NULL;
1338 	struct devnames *dnp = &devnamesp[major];
1339 	mperm_t **wildmp;
1340 
1341 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1342 
1343 	/*
1344 	 * Note that update_drv replace semantics require
1345 	 * replacing matching entries with the new permissions.
1346 	 */
1347 	LOCK_DEV_OPS(&dnp->dn_lock);
1348 	if (strcmp(mp->mp_minorname, "*") == 0) {
1349 		wildmp = ((is_clone == 0) ?
1350 			&dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1351 		if (*wildmp)
1352 			freemp = *wildmp;
1353 		*wildmp = mp;
1354 	} else {
1355 		mperm_t *p, *v = NULL;
1356 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1357 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1358 				if (v == NULL)
1359 					dnp->dn_mperm = mp;
1360 				else
1361 					v->mp_next = mp;
1362 				mp->mp_next = p->mp_next;
1363 				freemp = p;
1364 				goto replaced;
1365 			}
1366 		}
1367 		if (p == NULL) {
1368 			mp_head = &dnp->dn_mperm;
1369 			if (*mp_head == NULL) {
1370 				*mp_head = mp;
1371 			} else {
1372 				mp->mp_next = *mp_head;
1373 				*mp_head = mp;
1374 			}
1375 		}
1376 	}
1377 replaced:
1378 	if (freemp) {
1379 		if (moddebug & MODDEBUG_MINORPERM) {
1380 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1381 			    drvname, freemp->mp_minorname,
1382 			    freemp->mp_mode & 0777,
1383 			    freemp->mp_uid, freemp->mp_gid);
1384 		}
1385 		free_mperm(freemp);
1386 	}
1387 	if (moddebug & MODDEBUG_MINORPERM) {
1388 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1389 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1390 		    mp->mp_uid, mp->mp_gid);
1391 	}
1392 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1393 }
1394 
1395 
1396 static int
1397 process_minorperm(int cmd, nvlist_t *nvl)
1398 {
1399 	char *minor;
1400 	major_t major;
1401 	mperm_t *mp;
1402 	nvpair_t *nvp;
1403 	char *name;
1404 	int is_clone;
1405 	major_t minmaj;
1406 
1407 	ASSERT(cmd == MODLOADMINORPERM ||
1408 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1409 
1410 	nvp = NULL;
1411 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1412 		name = nvpair_name(nvp);
1413 
1414 		is_clone = 0;
1415 		(void) nvpair_value_string(nvp, &minor);
1416 		major = ddi_name_to_major(name);
1417 		if (major != (major_t)-1) {
1418 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1419 			if (minor == NULL || strlen(minor) == 0) {
1420 				if (moddebug & MODDEBUG_MINORPERM) {
1421 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1422 				}
1423 				minor = "*";
1424 			}
1425 
1426 			/*
1427 			 * The minor name of a node using the clone
1428 			 * driver must be the driver name.  To avoid
1429 			 * multiple searches, we map entries in the form
1430 			 * clone:<driver> to <driver>:*.  This also allows us
1431 			 * to filter out some of the litter in /etc/minor_perm.
1432 			 * Minor perm alias entries where the name is not
1433 			 * the driver kept on the clone list itself.
1434 			 * This all seems very fragile as a driver could
1435 			 * be introduced with an existing alias name.
1436 			 */
1437 			if (strcmp(name, "clone") == 0) {
1438 				minmaj = ddi_name_to_major(minor);
1439 				if (minmaj != (major_t)-1) {
1440 					if (moddebug & MODDEBUG_MINORPERM) {
1441 						cmn_err(CE_CONT,
1442 						    "mapping %s:%s to %s:*\n",
1443 						    name, minor, minor);
1444 					}
1445 					major = minmaj;
1446 					name = minor;
1447 					minor = "*";
1448 					is_clone = 1;
1449 				}
1450 			}
1451 
1452 			if (mp) {
1453 				mp->mp_minorname =
1454 				    i_ddi_strdup(minor, KM_SLEEP);
1455 			}
1456 		} else {
1457 			mp = NULL;
1458 			if (moddebug & MODDEBUG_MINORPERM) {
1459 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1460 			}
1461 		}
1462 
1463 		/* mode */
1464 		nvp = nvlist_next_nvpair(nvl, nvp);
1465 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1466 		if (mp)
1467 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1468 		/* uid */
1469 		nvp = nvlist_next_nvpair(nvl, nvp);
1470 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1471 		if (mp)
1472 			(void) nvpair_value_int32(nvp, &mp->mp_uid);
1473 		/* gid */
1474 		nvp = nvlist_next_nvpair(nvl, nvp);
1475 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1476 		if (mp) {
1477 			(void) nvpair_value_int32(nvp, &mp->mp_gid);
1478 
1479 			if (cmd == MODREMMINORPERM) {
1480 				rem_minorperm(major, name, mp, is_clone);
1481 				free_mperm(mp);
1482 			} else {
1483 				add_minorperm(major, name, mp, is_clone);
1484 			}
1485 		}
1486 	}
1487 
1488 	if (cmd == MODLOADMINORPERM)
1489 		minorperm_loaded = 1;
1490 
1491 	/*
1492 	 * Reset permissions of cached dv_nodes
1493 	 */
1494 	(void) devfs_reset_perm(DV_RESET_PERM);
1495 
1496 	return (0);
1497 }
1498 
1499 static int
1500 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1501 {
1502 	int error;
1503 	nvlist_t *nvl;
1504 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1505 
1506 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1507 		kmem_free(buf, buflen);
1508 		return (error);
1509 	}
1510 
1511 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1512 	kmem_free(buf, buflen);
1513 	if (error)
1514 		return (error);
1515 
1516 	error = process_minorperm(cmd, nvl);
1517 	nvlist_free(nvl);
1518 	return (error);
1519 }
1520 
1521 struct walk_args {
1522 	char		*wa_drvname;
1523 	list_t		wa_pathlist;
1524 };
1525 
1526 struct path_elem {
1527 	char		*pe_dir;
1528 	char		*pe_nodename;
1529 	list_node_t	pe_node;
1530 	int		pe_dirlen;
1531 };
1532 
1533 /*ARGSUSED*/
1534 static int
1535 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1536 {
1537 	struct walk_args *wargs = (struct walk_args *)arg;
1538 	struct path_elem *pe;
1539 	char *nodename;
1540 
1541 	if (strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1542 		return (INST_WALK_CONTINUE);
1543 
1544 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1545 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1546 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1547 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1548 	nodename = strrchr(pe->pe_dir, '/');
1549 	*nodename++ = 0;
1550 	pe->pe_nodename = nodename;
1551 	list_insert_tail(&wargs->wa_pathlist, pe);
1552 
1553 	return (INST_WALK_CONTINUE);
1554 }
1555 
1556 static int
1557 modctl_remdrv_cleanup(const char *u_drvname)
1558 {
1559 	struct walk_args *wargs;
1560 	struct path_elem *pe;
1561 	char *drvname;
1562 	int err, rval = 0;
1563 
1564 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
1565 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
1566 		kmem_free(drvname, MAXMODCONFNAME);
1567 		return (err);
1568 	}
1569 
1570 	/*
1571 	 * First go through the instance database.  For each
1572 	 * instance of a device bound to the driver being
1573 	 * removed, remove any underlying devfs attribute nodes.
1574 	 *
1575 	 * This is a two-step process.  First we go through
1576 	 * the instance data itself, constructing a list of
1577 	 * the nodes discovered.  The second step is then
1578 	 * to find and remove any devfs attribute nodes
1579 	 * for the instances discovered in the first step.
1580 	 * The two-step process avoids any difficulties
1581 	 * which could arise by holding the instance data
1582 	 * lock with simultaneous devfs operations.
1583 	 */
1584 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
1585 
1586 	wargs->wa_drvname = drvname;
1587 	list_create(&wargs->wa_pathlist,
1588 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
1589 
1590 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
1591 
1592 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
1593 	    pe = list_next(&wargs->wa_pathlist, pe)) {
1594 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
1595 			(const char *)pe->pe_nodename);
1596 		if (rval == 0)
1597 			rval = err;
1598 	}
1599 
1600 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
1601 		list_remove(&wargs->wa_pathlist, pe);
1602 		kmem_free(pe->pe_dir, pe->pe_dirlen);
1603 		kmem_free(pe, sizeof (*pe));
1604 	}
1605 	kmem_free(wargs, sizeof (*wargs));
1606 
1607 	/*
1608 	 * Pseudo nodes aren't recorded in the instance database
1609 	 * so any such nodes need to be handled separately.
1610 	 */
1611 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
1612 	if (rval == 0)
1613 		rval = err;
1614 
1615 	kmem_free(drvname, MAXMODCONFNAME);
1616 	return (rval);
1617 }
1618 
1619 static int
1620 modctl_allocpriv(const char *name)
1621 {
1622 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
1623 	int error;
1624 
1625 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
1626 		kmem_free(pstr, PRIVNAME_MAX);
1627 		return (error);
1628 	}
1629 	error = priv_getbyname(pstr, PRIV_ALLOC);
1630 	if (error < 0)
1631 		error = -error;
1632 	else
1633 		error = 0;
1634 	kmem_free(pstr, PRIVNAME_MAX);
1635 	return (error);
1636 }
1637 
1638 /*ARGSUSED5*/
1639 int
1640 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1641     uintptr_t a5)
1642 {
1643 	int	error = EINVAL;
1644 	dev_t	dev;
1645 
1646 	if (secpolicy_modctl(CRED(), cmd) != 0)
1647 		return (set_errno(EPERM));
1648 
1649 	switch (cmd) {
1650 	case MODLOAD:		/* load a module */
1651 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
1652 		break;
1653 
1654 	case MODUNLOAD:		/* unload a module */
1655 		error = modctl_modunload((modid_t)a1);
1656 		break;
1657 
1658 	case MODINFO:		/* get module status */
1659 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
1660 		break;
1661 
1662 	case MODRESERVED:	/* get last major number in range */
1663 		error = modctl_modreserve((modid_t)a1, (int *)a2);
1664 		break;
1665 
1666 	case MODSETMINIROOT:	/* we are running in miniroot */
1667 		isminiroot = 1;
1668 		error = 0;
1669 		break;
1670 
1671 	case MODADDMAJBIND:	/* read major binding file */
1672 		error = modctl_add_major((int *)a2);
1673 		break;
1674 
1675 	case MODGETPATHLEN:	/* get modpath length */
1676 		error = modctl_getmodpathlen((int *)a2);
1677 		break;
1678 
1679 	case MODGETPATH:	/* get modpath */
1680 		error = modctl_getmodpath((char *)a2);
1681 		break;
1682 
1683 	case MODREADSYSBIND:	/* read system call binding file */
1684 		error = modctl_read_sysbinding_file();
1685 		break;
1686 
1687 	case MODGETMAJBIND:	/* get major number for named device */
1688 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
1689 		break;
1690 
1691 	case MODGETNAME:	/* get name of device given major number */
1692 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
1693 		break;
1694 
1695 	case MODDEVT2INSTANCE:
1696 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1697 			dev = (dev_t)a1;
1698 		}
1699 #ifdef _SYSCALL32_IMPL
1700 		else {
1701 			dev = expldev(a1);
1702 		}
1703 #endif
1704 		error = modctl_devt2instance(dev, (int *)a2);
1705 		break;
1706 
1707 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
1708 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1709 			dev = (dev_t)a1;
1710 		}
1711 #ifdef _SYSCALL32_IMPL
1712 		else {
1713 			dev = expldev(a1);
1714 		}
1715 #endif
1716 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
1717 		break;
1718 
1719 	case MODGETDEVID:	/* get device id of device given dev_t */
1720 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1721 			dev = (dev_t)a1;
1722 		}
1723 #ifdef _SYSCALL32_IMPL
1724 		else {
1725 			dev = expldev(a1);
1726 		}
1727 #endif
1728 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
1729 		break;
1730 
1731 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm of dev_t/spectype */
1732 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1733 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
1734 			    (uint_t *)a3);
1735 		}
1736 #ifdef _SYSCALL32_IMPL
1737 		else {
1738 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
1739 			    (uint_t *)a3);
1740 		}
1741 
1742 #endif
1743 		break;
1744 
1745 	case MODGETMINORNAME:   /* get minor name of dev_t and spec type */
1746 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1747 			error = modctl_get_minorname((dev_t)a1, (int)a2,
1748 			    (uint_t)a3, (char *)a4);
1749 		}
1750 #ifdef _SYSCALL32_IMPL
1751 		else {
1752 			error = modctl_get_minorname(expldev(a1), (int)a2,
1753 			    (uint_t)a3, (char *)a4);
1754 		}
1755 #endif
1756 		break;
1757 
1758 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of dev_t/spectype */
1759 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1760 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
1761 			    (uint_t *)a3);
1762 		}
1763 #ifdef _SYSCALL32_IMPL
1764 		else {
1765 			error = modctl_devfspath_len(expldev(a1), (int)a2,
1766 			    (uint_t *)a3);
1767 		}
1768 
1769 #endif
1770 		break;
1771 
1772 	case MODGETDEVFSPATH:   /* get path name of dev_t and spec type */
1773 		if (get_udatamodel() == DATAMODEL_NATIVE) {
1774 			error = modctl_devfspath((dev_t)a1, (int)a2,
1775 			    (uint_t)a3, (char *)a4);
1776 		}
1777 #ifdef _SYSCALL32_IMPL
1778 		else {
1779 			error = modctl_devfspath(expldev(a1), (int)a2,
1780 			    (uint_t)a3, (char *)a4);
1781 		}
1782 #endif
1783 		break;
1784 
1785 
1786 	case MODEVENTS:
1787 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
1788 		break;
1789 
1790 	case MODGETFBNAME:	/* get the framebuffer name */
1791 		error = modctl_get_fbname((char *)a1);
1792 		break;
1793 
1794 	case MODREREADDACF:	/* reread dacf rule database from given file */
1795 		error = modctl_reread_dacf((char *)a1);
1796 		break;
1797 
1798 	case MODLOADDRVCONF:	/* load driver.conf file for major */
1799 		error = modctl_load_drvconf((major_t)a1);
1800 		break;
1801 
1802 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
1803 		error = modctl_unload_drvconf((major_t)a1);
1804 		break;
1805 
1806 	case MODREMMAJBIND:	/* remove a major binding */
1807 		error = modctl_rem_major((major_t)a1);
1808 		break;
1809 
1810 	case MODDEVID2PATHS:	/* get paths given devid */
1811 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
1812 		    (uint_t)a3, (size_t *)a4, (char *)a5);
1813 		break;
1814 
1815 	case MODSETDEVPOLICY:	/* establish device policy */
1816 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
1817 		break;
1818 
1819 	case MODGETDEVPOLICY:	/* get device policy */
1820 		error = devpolicy_get((int *)a1, (size_t)a2,
1821 				(devplcysys_t *)a3);
1822 		break;
1823 
1824 	case MODALLOCPRIV:
1825 		error = modctl_allocpriv((const char *)a1);
1826 		break;
1827 
1828 	case MODGETDEVPOLICYBYNAME:
1829 		error = devpolicy_getbyname((size_t)a1,
1830 		    (devplcysys_t *)a2, (char *)a3);
1831 		break;
1832 
1833 	case MODCLEANUP:
1834 		e_devid_cache_cleanup();
1835 		error = 0;
1836 		break;
1837 
1838 	case MODLOADMINORPERM:
1839 	case MODADDMINORPERM:
1840 	case MODREMMINORPERM:
1841 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
1842 		break;
1843 
1844 	case MODREMDRVCLEANUP:
1845 		error = modctl_remdrv_cleanup((const char *)a1);
1846 		break;
1847 
1848 	default:
1849 		error = EINVAL;
1850 		break;
1851 	}
1852 
1853 	return (error ? set_errno(error) : 0);
1854 }
1855 
1856 /*
1857  * Calls to kobj_load_module()() are handled off to this routine in a
1858  * separate thread.
1859  */
1860 static void
1861 modload_thread(struct loadmt *ltp)
1862 {
1863 	/* load the module and signal the creator of this thread */
1864 	kmutex_t	cpr_lk;
1865 	callb_cpr_t	cpr_i;
1866 
1867 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
1868 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
1869 	/* borrow the devi lock from thread which invoked us */
1870 	pm_borrow_lock(ltp->owner);
1871 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
1872 	pm_return_lock();
1873 	sema_v(&ltp->sema);
1874 	mutex_enter(&cpr_lk);
1875 	CALLB_CPR_EXIT(&cpr_i);
1876 	mutex_destroy(&cpr_lk);
1877 	thread_exit();
1878 }
1879 
1880 /*
1881  * load a module, adding a reference if caller specifies rmodp.  If rmodp
1882  * is specified then an errno is returned, otherwise a module index is
1883  * returned (-1 on error).
1884  */
1885 static int
1886 modrload(char *subdir, char *filename, struct modctl **rmodp)
1887 {
1888 	struct modctl *modp;
1889 	size_t size;
1890 	char *fullname;
1891 	int retval = EINVAL;
1892 	int id = -1;
1893 
1894 	if (rmodp)
1895 		*rmodp = NULL;			/* avoid garbage */
1896 
1897 	if (subdir != NULL) {
1898 		/*
1899 		 * refuse / in filename to prevent "../" escapes.
1900 		 */
1901 		if (strchr(filename, '/') != NULL)
1902 			return (rmodp ? retval : id);
1903 
1904 		/*
1905 		 * allocate enough space for <subdir>/<filename><NULL>
1906 		 */
1907 		size = strlen(subdir) + strlen(filename) + 2;
1908 		fullname = kmem_zalloc(size, KM_SLEEP);
1909 		(void) sprintf(fullname, "%s/%s", subdir, filename);
1910 	} else {
1911 		fullname = filename;
1912 	}
1913 
1914 	modp = mod_hold_installed_mod(fullname, 1, &retval);
1915 	if (modp != NULL) {
1916 		id = modp->mod_id;
1917 		if (rmodp) {
1918 			/* add mod_ref and return *rmodp */
1919 			mutex_enter(&mod_lock);
1920 			modp->mod_ref++;
1921 			mutex_exit(&mod_lock);
1922 			*rmodp = modp;
1923 		}
1924 		mod_release_mod(modp);
1925 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
1926 	}
1927 
1928 done:	if (subdir != NULL)
1929 		kmem_free(fullname, size);
1930 	return (rmodp ? retval : id);
1931 }
1932 
1933 /*
1934  * This is the primary kernel interface to load a module. It loads and
1935  * installs the named module.  It does not hold mod_ref of the module, so
1936  * a module unload attempt can occur at any time - it is up to the
1937  * _fini/mod_remove implementation to determine if unload will succeed.
1938  */
1939 int
1940 modload(char *subdir, char *filename)
1941 {
1942 	return (modrload(subdir, filename, NULL));
1943 }
1944 
1945 /*
1946  * Load a module.
1947  */
1948 int
1949 modloadonly(char *subdir, char *filename)
1950 {
1951 	struct modctl *modp;
1952 	char *fullname;
1953 	size_t size;
1954 	int id, retval;
1955 
1956 	if (subdir != NULL) {
1957 		/*
1958 		 * allocate enough space for <subdir>/<filename><NULL>
1959 		 */
1960 		size = strlen(subdir) + strlen(filename) + 2;
1961 		fullname = kmem_zalloc(size, KM_SLEEP);
1962 		(void) sprintf(fullname, "%s/%s", subdir, filename);
1963 	} else {
1964 		fullname = filename;
1965 	}
1966 
1967 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
1968 	if (modp) {
1969 		id = modp->mod_id;
1970 		mod_release_mod(modp);
1971 	}
1972 
1973 	if (subdir != NULL)
1974 		kmem_free(fullname, size);
1975 
1976 	if (retval == 0)
1977 		return (id);
1978 	return (-1);
1979 }
1980 
1981 /*
1982  * Try to uninstall and unload a module, removing a reference if caller
1983  * specifies rmodp.
1984  */
1985 static int
1986 modunrload(modid_t id, struct modctl **rmodp, int unload)
1987 {
1988 	struct modctl	*modp;
1989 	int		retval;
1990 
1991 	if (rmodp)
1992 		*rmodp = NULL;			/* avoid garbage */
1993 
1994 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
1995 		return (EINVAL);
1996 
1997 	if (rmodp) {
1998 		mutex_enter(&mod_lock);
1999 		modp->mod_ref--;
2000 		mutex_exit(&mod_lock);
2001 		*rmodp = modp;
2002 	}
2003 
2004 	if (unload) {
2005 		retval = moduninstall(modp);
2006 		if (retval == 0) {
2007 			mod_unload(modp);
2008 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2009 		} else if (retval == EALREADY)
2010 			retval = 0;	/* already unloaded, not an error */
2011 	} else
2012 		retval = 0;
2013 
2014 	mod_release_mod(modp);
2015 	return (retval);
2016 }
2017 
2018 /*
2019  * Uninstall and unload a module.
2020  */
2021 int
2022 modunload(modid_t id)
2023 {
2024 	return (modunrload(id, NULL, 1));
2025 }
2026 
2027 /*
2028  * Return status of a loaded module.
2029  */
2030 static int
2031 modinfo(modid_t id, struct modinfo *modinfop)
2032 {
2033 	struct modctl	*modp;
2034 	modid_t		mid;
2035 	int		i;
2036 
2037 	mid = modinfop->mi_id;
2038 	if (modinfop->mi_info & MI_INFO_ALL) {
2039 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2040 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2041 			    modp->mod_installed)
2042 				break;
2043 			mod_release_mod(modp);
2044 		}
2045 		if (modp == NULL)
2046 			return (EINVAL);
2047 	} else {
2048 		modp = mod_hold_by_id(id);
2049 		if (modp == NULL)
2050 			return (EINVAL);
2051 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2052 		    (modp->mod_installed == 0)) {
2053 			mod_release_mod(modp);
2054 			return (EINVAL);
2055 		}
2056 	}
2057 
2058 	modinfop->mi_rev = 0;
2059 	modinfop->mi_state = 0;
2060 	for (i = 0; i < MODMAXLINK; i++) {
2061 		modinfop->mi_msinfo[i].msi_p0 = -1;
2062 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2063 	}
2064 	if (modp->mod_loaded) {
2065 		modinfop->mi_state = MI_LOADED;
2066 		kobj_getmodinfo(modp->mod_mp, modinfop);
2067 	}
2068 	if (modp->mod_installed) {
2069 		modinfop->mi_state |= MI_INSTALLED;
2070 
2071 		(void) mod_getinfo(modp, modinfop);
2072 	}
2073 
2074 	modinfop->mi_id = modp->mod_id;
2075 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2076 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2077 
2078 	mod_release_mod(modp);
2079 	return (0);
2080 }
2081 
2082 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2083 static char no_err[] = "No error function for weak stub %s";
2084 
2085 /*
2086  * used by the stubs themselves to load and hold a module.
2087  * Returns  0 if the module is successfully held;
2088  *	    the stub needs to call mod_release_stub().
2089  *	    -1 if the stub should just call the err_fcn.
2090  * Note that this code is stretched out so that we avoid subroutine calls
2091  * and optimize for the most likely case.  That is, the case where the
2092  * module is loaded and installed and not held.  In that case we just inc
2093  * the mod_ref count and continue.
2094  */
2095 int
2096 mod_hold_stub(struct mod_stub_info *stub)
2097 {
2098 	struct modctl *mp;
2099 	struct mod_modinfo *mip;
2100 
2101 	mip = stub->mods_modinfo;
2102 
2103 	mutex_enter(&mod_lock);
2104 
2105 	/* we do mod_hold_by_modctl inline for speed */
2106 
2107 mod_check_again:
2108 	if ((mp = mip->mp) != NULL) {
2109 		if (mp->mod_busy == 0) {
2110 			if (mp->mod_installed) {
2111 				/* increment the reference count */
2112 				mp->mod_ref++;
2113 				ASSERT(mp->mod_ref && mp->mod_installed);
2114 				mutex_exit(&mod_lock);
2115 				return (0);
2116 			} else {
2117 				mp->mod_busy = 1;
2118 				mp->mod_inprogress_thread =
2119 				    (curthread == NULL ?
2120 				    (kthread_id_t)-1 : curthread);
2121 			}
2122 		} else {
2123 			/*
2124 			 * wait one time and then go see if someone
2125 			 * else has resolved the stub (set mip->mp).
2126 			 */
2127 			if (mod_hold_by_modctl(mp,
2128 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2129 				goto mod_check_again;
2130 
2131 			/*
2132 			 * what we have now may have been unloaded!, in
2133 			 * that case, mip->mp will be NULL, we'll hit this
2134 			 * module and load again..
2135 			 */
2136 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2137 		}
2138 		mutex_exit(&mod_lock);
2139 	} else {
2140 		/* first time we've hit this module */
2141 		mutex_exit(&mod_lock);
2142 		mp = mod_hold_by_name(mip->modm_module_name);
2143 		mip->mp = mp;
2144 	}
2145 
2146 	/*
2147 	 * If we are here, it means that the following conditions
2148 	 * are satisfied.
2149 	 *
2150 	 * mip->mp != NULL
2151 	 * this thread has set the mp->mod_busy = 1
2152 	 * mp->mod_installed = 0
2153 	 *
2154 	 */
2155 	ASSERT(mp != NULL);
2156 	ASSERT(mp->mod_busy == 1);
2157 
2158 	if (mp->mod_installed == 0) {
2159 		/* Module not loaded, if weak stub don't load it */
2160 		if (stub->mods_flag & MODS_WEAK) {
2161 			if (stub->mods_errfcn == NULL) {
2162 				mod_release_mod(mp);
2163 				cmn_err(CE_PANIC, no_err,
2164 				    mip->modm_module_name);
2165 			}
2166 		} else {
2167 			/* Not a weak stub so load the module */
2168 
2169 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
2170 				/*
2171 				 * If mod_load() was successful
2172 				 * and modinstall() failed, then
2173 				 * unload the module.
2174 				 */
2175 				if (mp->mod_loaded)
2176 					mod_unload(mp);
2177 
2178 				mod_release_mod(mp);
2179 				if (stub->mods_errfcn == NULL) {
2180 					cmn_err(CE_PANIC, mod_stub_err,
2181 					    mip->modm_module_name);
2182 				} else {
2183 					return (-1);
2184 				}
2185 			}
2186 		}
2187 	}
2188 
2189 	/*
2190 	 * At this point module is held and loaded. Release
2191 	 * the mod_busy and mod_inprogress_thread before
2192 	 * returning. We actually call mod_release() here so
2193 	 * that if another stub wants to access this module,
2194 	 * it can do so. mod_ref is incremented before mod_release()
2195 	 * is called to prevent someone else from snatching the
2196 	 * module from this thread.
2197 	 */
2198 	mutex_enter(&mod_lock);
2199 	mp->mod_ref++;
2200 	ASSERT(mp->mod_ref &&
2201 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2202 	mod_release(mp);
2203 	mutex_exit(&mod_lock);
2204 	return (0);
2205 }
2206 
2207 void
2208 mod_release_stub(struct mod_stub_info *stub)
2209 {
2210 	struct modctl *mp = stub->mods_modinfo->mp;
2211 
2212 	/* inline mod_release_mod */
2213 	mutex_enter(&mod_lock);
2214 	ASSERT(mp->mod_ref &&
2215 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
2216 	mp->mod_ref--;
2217 	if (mp->mod_want) {
2218 		mp->mod_want = 0;
2219 		cv_broadcast(&mod_cv);
2220 	}
2221 	mutex_exit(&mod_lock);
2222 }
2223 
2224 static struct modctl *
2225 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
2226 {
2227 	struct modctl *modp;
2228 	int retval;
2229 
2230 	/*
2231 	 * Hold the module.
2232 	 */
2233 	modp = mod_hold_by_name_requisite(dep, filename);
2234 	if (modp) {
2235 		retval = mod_load(modp, 1);
2236 		if (retval != 0) {
2237 			mod_release_mod(modp);
2238 			modp = NULL;
2239 		}
2240 		*status = retval;
2241 	} else {
2242 		*status = ENOSPC;
2243 	}
2244 
2245 	/*
2246 	 * if dep is not NULL, clear the module dependency information.
2247 	 * This information is set in mod_hold_by_name_common().
2248 	 */
2249 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
2250 		ASSERT(dep->mod_busy);
2251 		dep->mod_requisite_loading = NULL;
2252 	}
2253 
2254 	return (modp);
2255 }
2256 
2257 /*
2258  * hold, load, and install the named module
2259  */
2260 static struct modctl *
2261 mod_hold_installed_mod(char *name, int usepath, int *r)
2262 {
2263 	struct modctl *modp;
2264 	int retval;
2265 	struct _buf *file;
2266 
2267 	/*
2268 	 * Verify that that module in question actually exists on disk
2269 	 * before allocation of module structure by mod_hold_by_name.
2270 	 */
2271 	if (modrootloaded && swaploaded) {
2272 		file = kobj_open_path(name, usepath, 1);
2273 #ifdef	MODDIR_SUFFIX
2274 		if (file == (struct _buf *)-1)
2275 			file = kobj_open_path(name, usepath, 0);
2276 #endif	/* MODDIR_SUFFIX */
2277 		if (file == (struct _buf *)-1) {
2278 			*r = ENOENT;
2279 			return (NULL);
2280 		}
2281 		kobj_close_file(file);
2282 	}
2283 
2284 	/*
2285 	 * Hold the module.
2286 	 */
2287 	modp = mod_hold_by_name(name);
2288 	if (modp) {
2289 		retval = mod_load(modp, usepath);
2290 		if (retval != 0) {
2291 			mod_release_mod(modp);
2292 			modp = NULL;
2293 			*r = retval;
2294 		} else {
2295 			if ((*r = modinstall(modp)) != 0) {
2296 				/*
2297 				 * We loaded it, but failed to _init() it.
2298 				 * Be kind to developers -- force it
2299 				 * out of memory now so that the next
2300 				 * attempt to use the module will cause
2301 				 * a reload.  See 1093793.
2302 				 */
2303 				mod_unload(modp);
2304 				mod_release_mod(modp);
2305 				modp = NULL;
2306 			}
2307 		}
2308 	} else {
2309 		*r = ENOSPC;
2310 	}
2311 	return (modp);
2312 }
2313 
2314 static char mod_excl_msg[] =
2315 	"module %s(%s) is EXCLUDED and will not be loaded\n";
2316 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
2317 
2318 /*
2319  * This routine is needed for dependencies.  Users specify dependencies
2320  * by declaring a character array initialized to filenames of dependents.
2321  * So the code that handles dependents deals with filenames (and not
2322  * module names) because that's all it has.  We load by filename and once
2323  * we've loaded a file we can get the module name.
2324  * Unfortunately there isn't a single unified filename/modulename namespace.
2325  * C'est la vie.
2326  *
2327  * We allow the name being looked up to be prepended by an optional
2328  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
2329  */
2330 struct modctl *
2331 mod_find_by_filename(char *subdir, char *filename)
2332 {
2333 	struct modctl	*mp;
2334 	size_t		sublen;
2335 
2336 	ASSERT(!MUTEX_HELD(&mod_lock));
2337 	if (subdir != NULL)
2338 		sublen = strlen(subdir);
2339 	else
2340 		sublen = 0;
2341 
2342 	mutex_enter(&mod_lock);
2343 	mp = &modules;
2344 	do {
2345 		if (sublen) {
2346 			char *mod_filename = mp->mod_filename;
2347 
2348 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
2349 			    mod_filename[sublen] == '/' &&
2350 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
2351 				mutex_exit(&mod_lock);
2352 				return (mp);
2353 			}
2354 		} else if (strcmp(filename, mp->mod_filename) == 0) {
2355 			mutex_exit(&mod_lock);
2356 			return (mp);
2357 		}
2358 	} while ((mp = mp->mod_next) != &modules);
2359 	mutex_exit(&mod_lock);
2360 	return (NULL);
2361 }
2362 
2363 /*
2364  * Check for circular dependencies.  This is called from do_dependents()
2365  * in kobj.c.  If we are the thread already loading this module, then
2366  * we're trying to load a dependent that we're already loading which
2367  * means the user specified circular dependencies.
2368  */
2369 static int
2370 mod_circdep(struct modctl *modp)
2371 {
2372 	struct modctl	*rmod;
2373 
2374 	ASSERT(MUTEX_HELD(&mod_lock));
2375 
2376 	/*
2377 	 * Check the mod_inprogress_thread first.
2378 	 * mod_inprogress_thread is used in mod_hold_stub()
2379 	 * directly to improve performance.
2380 	 */
2381 	if (modp->mod_inprogress_thread == curthread)
2382 		return (1);
2383 
2384 	/*
2385 	 * Check the module circular dependencies.
2386 	 */
2387 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
2388 		/*
2389 		 * Check if there is a module circular dependency.
2390 		 */
2391 		if (rmod->mod_requisite_loading == modp)
2392 			return (1);
2393 	}
2394 	return (0);
2395 }
2396 
2397 static int
2398 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
2399 {
2400 	int (*func)(struct modinfo *);
2401 	int retval;
2402 
2403 	ASSERT(modp->mod_busy);
2404 
2405 	/* primary modules don't do getinfo */
2406 	if (modp->mod_prim)
2407 		return (0);
2408 
2409 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
2410 
2411 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
2412 		cmn_err(CE_WARN, "_info() not defined properly in %s",
2413 		    modp->mod_filename);
2414 		/*
2415 		 * The semantics of mod_info(9F) are that 0 is failure
2416 		 * and non-zero is success.
2417 		 */
2418 		retval = 0;
2419 	} else
2420 		retval = (*func)(modinfop);	/* call _info() function */
2421 
2422 	if (moddebug & MODDEBUG_USERDEBUG)
2423 		printf("Returned from _info, retval = %x\n", retval);
2424 
2425 	return (retval);
2426 }
2427 
2428 static void
2429 modadd(struct modctl *mp)
2430 {
2431 	ASSERT(MUTEX_HELD(&mod_lock));
2432 
2433 	mp->mod_id = last_module_id++;
2434 	mp->mod_next = &modules;
2435 	mp->mod_prev = modules.mod_prev;
2436 	modules.mod_prev->mod_next = mp;
2437 	modules.mod_prev = mp;
2438 }
2439 
2440 /*ARGSUSED*/
2441 static struct modctl *
2442 allocate_modp(char *filename, char *modname)
2443 {
2444 	struct modctl *mp;
2445 
2446 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
2447 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
2448 	(void) strcpy(mp->mod_modname, modname);
2449 	return (mp);
2450 }
2451 
2452 /*
2453  * Get the value of a symbol.  This is a wrapper routine that
2454  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
2455  * wrapper will prevent callers from noticing.
2456  */
2457 uintptr_t
2458 modgetsymvalue(char *name, int kernelonly)
2459 {
2460 	return (kobj_getsymvalue(name, kernelonly));
2461 }
2462 
2463 /*
2464  * Get the symbol nearest an address.  This is a wrapper routine that
2465  * calls kobj_getsymname().  kobj_getsymname() may go away but this
2466  * wrapper will prevent callers from noticing.
2467  */
2468 char *
2469 modgetsymname(uintptr_t value, ulong_t *offset)
2470 {
2471 	return (kobj_getsymname(value, offset));
2472 }
2473 
2474 /*
2475  * Lookup a symbol in a specified module.  This is a wrapper routine that
2476  * calls kobj_lookup().  kobj_lookup() may go away but this
2477  * wrapper will prevent callers from noticing.
2478  */
2479 uintptr_t
2480 modlookup(char *modname, char *symname)
2481 {
2482 	struct modctl *modp;
2483 	uintptr_t val;
2484 
2485 	if ((modp = mod_hold_by_name(modname)) == NULL)
2486 		return (0);
2487 	val = kobj_lookup(modp->mod_mp, symname);
2488 	mod_release_mod(modp);
2489 	return (val);
2490 }
2491 
2492 /*
2493  * Ask the user for the name of the system file and the default path
2494  * for modules.
2495  */
2496 void
2497 mod_askparams()
2498 {
2499 	static char s0[64];
2500 	intptr_t fd;
2501 
2502 	if ((fd = kobj_open(systemfile)) != -1L)
2503 		kobj_close(fd);
2504 	else
2505 		systemfile = NULL;
2506 
2507 	/*CONSTANTCONDITION*/
2508 	while (1) {
2509 		printf("Name of system file [%s]:  ",
2510 			systemfile ? systemfile : "/dev/null");
2511 
2512 		console_gets(s0, sizeof (s0));
2513 
2514 		if (s0[0] == '\0')
2515 			break;
2516 		else if (strcmp(s0, "/dev/null") == 0) {
2517 			systemfile = NULL;
2518 			break;
2519 		} else {
2520 			if ((fd = kobj_open(s0)) != -1L) {
2521 				kobj_close(fd);
2522 				systemfile = s0;
2523 				break;
2524 			}
2525 		}
2526 		printf("can't find file %s\n", s0);
2527 	}
2528 }
2529 
2530 static char loading_msg[] = "loading '%s' id %d\n";
2531 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
2532 
2533 /*
2534  * Common code for loading a module (but not installing it).
2535  * Handoff the task of module loading to a seperate thread
2536  * with a large stack if possible, since this code may recurse a few times.
2537  * Return zero if there are no errors or an errno value.
2538  */
2539 static int
2540 mod_load(struct modctl *mp, int usepath)
2541 {
2542 	int		retval;
2543 	struct modinfo	*modinfop = NULL;
2544 	struct loadmt	lt;
2545 
2546 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2547 	ASSERT(mp->mod_busy);
2548 
2549 	if (mp->mod_loaded)
2550 		return (0);
2551 
2552 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
2553 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
2554 		if (moddebug & MODDEBUG_LOADMSG) {
2555 			printf(mod_excl_msg, mp->mod_filename,
2556 				mp->mod_modname);
2557 		}
2558 		return (ENXIO);
2559 	}
2560 	if (moddebug & MODDEBUG_LOADMSG2)
2561 		printf(loading_msg, mp->mod_filename, mp->mod_id);
2562 
2563 	if (curthread != &t0) {
2564 		lt.mp = mp;
2565 		lt.usepath = usepath;
2566 		lt.owner = curthread;
2567 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
2568 
2569 		/* create thread to hand of call to */
2570 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
2571 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
2572 
2573 		/* wait for thread to complete kobj_load_module */
2574 		sema_p(&lt.sema);
2575 
2576 		sema_destroy(&lt.sema);
2577 		retval = lt.retval;
2578 	} else
2579 		retval = kobj_load_module(mp, usepath);
2580 
2581 	if (mp->mod_mp) {
2582 		ASSERT(retval == 0);
2583 		mp->mod_loaded = 1;
2584 		mp->mod_loadcnt++;
2585 		if (moddebug & MODDEBUG_LOADMSG) {
2586 			printf(load_msg, mp->mod_filename, mp->mod_id,
2587 				(void *)((struct module *)mp->mod_mp)->text,
2588 				(void *)((struct module *)mp->mod_mp)->data,
2589 				((struct module *)mp->mod_mp)->text_size,
2590 				((struct module *)mp->mod_mp)->data_size);
2591 		}
2592 
2593 		/*
2594 		 * XXX - There should be a better way to get this.
2595 		 */
2596 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
2597 		modinfop->mi_info = MI_INFO_LINKAGE;
2598 		if (mod_getinfo(mp, modinfop) == 0)
2599 			mp->mod_linkage = NULL;
2600 		else {
2601 			mp->mod_linkage = (void *)modinfop->mi_base;
2602 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
2603 		}
2604 
2605 		/*
2606 		 * DCS: bootstrapping code. If the driver is loaded
2607 		 * before root mount, it is assumed that the driver
2608 		 * may be used before mounting root. In order to
2609 		 * access mappings of global to local minor no.'s
2610 		 * during installation/open of the driver, we load
2611 		 * them into memory here while the BOP_interfaces
2612 		 * are still up.
2613 		 */
2614 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
2615 			retval = clboot_modload(mp);
2616 		}
2617 
2618 		kmem_free(modinfop, sizeof (struct modinfo));
2619 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
2620 		retval = install_stubs_by_name(mp, mp->mod_modname);
2621 
2622 		/*
2623 		 * Now that the module is loaded, we need to give DTrace
2624 		 * a chance to notify its providers.  This is done via
2625 		 * the dtrace_modload function pointer.
2626 		 */
2627 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
2628 			struct modctl *dmp = mod_hold_by_name("dtrace");
2629 
2630 			if (dmp != NULL && dtrace_modload != NULL)
2631 				(*dtrace_modload)(mp);
2632 
2633 			mod_release_mod(dmp);
2634 		}
2635 
2636 	} else {
2637 		/*
2638 		 * If load failed then we need to release any requisites
2639 		 * that we had established.
2640 		 */
2641 		ASSERT(retval);
2642 		mod_release_requisites(mp);
2643 
2644 		if (moddebug & MODDEBUG_ERRMSG)
2645 			printf("error loading '%s', error %d\n",
2646 			    mp->mod_filename, retval);
2647 	}
2648 	return (retval);
2649 }
2650 
2651 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
2652 
2653 static void
2654 mod_unload(struct modctl *mp)
2655 {
2656 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2657 	ASSERT(mp->mod_busy);
2658 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
2659 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
2660 
2661 	if (moddebug & MODDEBUG_LOADMSG)
2662 		printf(unload_msg, mp->mod_modname,
2663 			mp->mod_id, mp->mod_loadcnt);
2664 
2665 	/*
2666 	 * If mod_ref is not zero, it means some modules might still refer
2667 	 * to this module. Then you can't unload this module right now.
2668 	 * Instead, set 1 to mod_delay_unload to notify the system of
2669 	 * unloading this module later when it's not required any more.
2670 	 */
2671 	if (mp->mod_ref > 0) {
2672 		mp->mod_delay_unload = 1;
2673 		if (moddebug & MODDEBUG_LOADMSG2) {
2674 			printf("module %s not unloaded,"
2675 			    " non-zero reference count (%d)",
2676 			    mp->mod_modname, mp->mod_ref);
2677 		}
2678 		return;
2679 	}
2680 
2681 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
2682 	    (mp->mod_ref || mp->mod_prim)) {
2683 		/*
2684 		 * A DEBUG kernel would ASSERT panic above, the code is broken
2685 		 * if we get this warning.
2686 		 */
2687 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
2688 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
2689 		    mp->mod_ref);
2690 		return;
2691 	}
2692 
2693 	/* reset stub functions to call the binder again */
2694 	reset_stubs(mp);
2695 
2696 	/*
2697 	 * mark module as unloaded before the modctl structure is freed.
2698 	 * This is required not to reuse the modctl structure before
2699 	 * the module is marked as unloaded.
2700 	 */
2701 	mp->mod_loaded = 0;
2702 	mp->mod_linkage = NULL;
2703 
2704 	/* free the memory */
2705 	kobj_unload_module(mp);
2706 
2707 	if (mp->mod_delay_unload) {
2708 		mp->mod_delay_unload = 0;
2709 		if (moddebug & MODDEBUG_LOADMSG2) {
2710 			printf("deferred unload of module %s"
2711 			    " (id %d) successful",
2712 			    mp->mod_modname, mp->mod_id);
2713 		}
2714 	}
2715 
2716 	/* release hold on requisites */
2717 	mod_release_requisites(mp);
2718 
2719 	/*
2720 	 * Now that the module is gone, we need to give DTrace a chance to
2721 	 * remove any probes that it may have had in the module.  This is
2722 	 * done via the dtrace_modunload function pointer.
2723 	 */
2724 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
2725 		struct modctl *dmp = mod_hold_by_name("dtrace");
2726 
2727 		if (dmp != NULL && dtrace_modunload != NULL)
2728 			(*dtrace_modunload)(mp);
2729 
2730 		mod_release_mod(dmp);
2731 	}
2732 }
2733 
2734 static int
2735 modinstall(struct modctl *mp)
2736 {
2737 	int val;
2738 	int (*func)(void);
2739 
2740 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2741 	ASSERT(mp->mod_busy && mp->mod_loaded);
2742 
2743 	if (mp->mod_installed)
2744 		return (0);
2745 	/*
2746 	 * If mod_delay_unload is on, it means the system chose the deferred
2747 	 * unload for this module. Then you can't install this module until
2748 	 * it's unloaded from the system.
2749 	 */
2750 	if (mp->mod_delay_unload)
2751 		return (ENXIO);
2752 
2753 	if (moddebug & MODDEBUG_LOADMSG)
2754 		printf("installing %s, module id %d.\n",
2755 			mp->mod_modname, mp->mod_id);
2756 
2757 	ASSERT(mp->mod_mp != NULL);
2758 	if (mod_install_requisites(mp) != 0) {
2759 		/*
2760 		 * Note that we can't call mod_unload(mp) here since
2761 		 * if modinstall() was called by mod_install_requisites(),
2762 		 * we won't be able to hold the dependent modules
2763 		 * (otherwise there would be a deadlock).
2764 		 */
2765 		return (ENXIO);
2766 	}
2767 
2768 	if (moddebug & MODDEBUG_ERRMSG) {
2769 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
2770 			mp->mod_filename, mp->mod_id,
2771 			(void *)((struct module *)mp->mod_mp)->text,
2772 			(void *)((struct module *)mp->mod_mp)->data,
2773 			((struct module *)mp->mod_mp)->text_size,
2774 			((struct module *)mp->mod_mp)->data_size);
2775 	}
2776 
2777 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
2778 
2779 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
2780 		cmn_err(CE_WARN, "_init() not defined properly in %s",
2781 		    mp->mod_filename);
2782 		return (EFAULT);
2783 	}
2784 
2785 	if (moddebug & MODDEBUG_USERDEBUG) {
2786 		printf("breakpoint before calling %s:_init()\n",
2787 		    mp->mod_modname);
2788 		if (DEBUGGER_PRESENT)
2789 			debug_enter("_init");
2790 	}
2791 
2792 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2793 	ASSERT(mp->mod_busy && mp->mod_loaded);
2794 	val = (*func)();		/* call _init */
2795 
2796 	if (moddebug & MODDEBUG_USERDEBUG)
2797 		printf("Returned from _init, val = %x\n", val);
2798 
2799 	if (val == 0) {
2800 		/*
2801 		 * Set the MODS_INSTALLED flag to enable this module
2802 		 * being called now.
2803 		 */
2804 		install_stubs(mp);
2805 		mp->mod_installed = 1;
2806 	} else if (moddebug & MODDEBUG_ERRMSG)
2807 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
2808 
2809 	return (val);
2810 }
2811 
2812 static int
2813 detach_driver(char *name)
2814 {
2815 	major_t major;
2816 	int error;
2817 
2818 	/*
2819 	 * If being called from mod_uninstall_all() then the appropriate
2820 	 * driver detaches (leaf only) have already been done.
2821 	 */
2822 	if (mod_in_autounload())
2823 		return (0);
2824 
2825 	major = ddi_name_to_major(name);
2826 	if (major == (major_t)-1)
2827 		return (0);
2828 
2829 	error = ndi_devi_unconfig_driver(ddi_root_node(),
2830 	    NDI_DETACH_DRIVER, major);
2831 	return (error == NDI_SUCCESS ? 0 : -1);
2832 }
2833 
2834 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
2835 
2836 static int
2837 moduninstall(struct modctl *mp)
2838 {
2839 	int status = 0;
2840 	int (*func)(void);
2841 
2842 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2843 	ASSERT(mp->mod_busy);
2844 
2845 	/*
2846 	 * Verify that we need to do something and can uninstall the module.
2847 	 *
2848 	 * If we should not uninstall the module or if the module is not in
2849 	 * the correct state to start an uninstall we return EBUSY to prevent
2850 	 * us from progressing to mod_unload.  If the module has already been
2851 	 * uninstalled and unloaded we return EALREADY.
2852 	 */
2853 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
2854 		return (EBUSY);
2855 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
2856 		return (EALREADY);
2857 
2858 	/*
2859 	 * To avoid devinfo / module deadlock we must release this module
2860 	 * prior to initiating the detach_driver, otherwise the detach_driver
2861 	 * might deadlock on a devinfo node held by another thread
2862 	 * coming top down and involving the module we have locked.
2863 	 *
2864 	 * When we regrab the module we must reverify that it is OK
2865 	 * to proceed with the uninstall operation.
2866 	 */
2867 	mod_release_mod(mp);
2868 	status = detach_driver(mp->mod_modname);
2869 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
2870 
2871 	/* check detach status and reverify state with lock */
2872 	mutex_enter(&mod_lock);
2873 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
2874 		mutex_exit(&mod_lock);
2875 		return (EBUSY);
2876 	}
2877 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
2878 		mutex_exit(&mod_lock);
2879 		return (EALREADY);
2880 	}
2881 	mutex_exit(&mod_lock);
2882 
2883 	if (moddebug & MODDEBUG_LOADMSG2)
2884 		printf("uninstalling %s\n", mp->mod_modname);
2885 
2886 	/*
2887 	 * lookup _fini, return EBUSY if not defined.
2888 	 *
2889 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
2890 	 * detach(9E) - it allows bufctl addresses to be resolved.
2891 	 */
2892 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
2893 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
2894 	    (moddebug & MODDEBUG_FINI_EBUSY))
2895 		return (EBUSY);
2896 
2897 	/* verify that _fini is in this module */
2898 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
2899 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
2900 		    mp->mod_filename);
2901 		return (EFAULT);
2902 	}
2903 
2904 	/* call _fini() */
2905 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
2906 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
2907 
2908 	status = (*func)();
2909 
2910 	if (status == 0) {
2911 		/* _fini returned success, the module is no longer installed */
2912 		if (moddebug & MODDEBUG_LOADMSG)
2913 			printf("uninstalled %s\n", mp->mod_modname);
2914 
2915 		/*
2916 		 * Even though we only set mod_installed to zero here, a zero
2917 		 * return value means we are commited to a code path were
2918 		 * mod_loaded will also end up as zero - we have no other
2919 		 * way to get the module data and bss back to the pre _init
2920 		 * state except a reload. To ensure this, after return,
2921 		 * mod_busy must stay set until mod_loaded is cleared.
2922 		 */
2923 		mp->mod_installed = 0;
2924 
2925 		/*
2926 		 * Clear the MODS_INSTALLED flag not to call functions
2927 		 * in the module directly from now on.
2928 		 */
2929 		uninstall_stubs(mp);
2930 	} else {
2931 		if (moddebug & MODDEBUG_USERDEBUG)
2932 			printf(finiret_msg, mp->mod_filename, status);
2933 		/*
2934 		 * By definition _fini is only allowed to return EBUSY or the
2935 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
2936 		 * that a driver returns EALREADY we convert this to EINVAL
2937 		 * since to our caller EALREADY means module was already
2938 		 * removed.
2939 		 */
2940 		if (status == EALREADY)
2941 			status = EINVAL;
2942 	}
2943 
2944 	return (status);
2945 }
2946 
2947 /*
2948  * Uninstall all modules.
2949  */
2950 static void
2951 mod_uninstall_all(void)
2952 {
2953 	struct modctl	*mp;
2954 	modid_t		modid = 0;
2955 
2956 	/* mark this thread as doing autounloading */
2957 	(void) tsd_set(mod_autounload_key, (void *)1);
2958 
2959 	(void) devfs_clean(ddi_root_node(), NULL, 0);
2960 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
2961 
2962 	while ((mp = mod_hold_next_by_id(modid)) != NULL) {
2963 		modid = mp->mod_id;
2964 		/*
2965 		 * Skip modules with the MOD_NOAUTOUNLOAD flag set
2966 		 */
2967 		if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
2968 			mod_release_mod(mp);
2969 			continue;
2970 		}
2971 
2972 		if (moduninstall(mp) == 0) {
2973 			mod_unload(mp);
2974 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2975 		}
2976 		mod_release_mod(mp);
2977 	}
2978 
2979 	(void) tsd_set(mod_autounload_key, NULL);
2980 }
2981 
2982 static int modunload_disable_count;
2983 
2984 void
2985 modunload_disable(void)
2986 {
2987 	INCR_COUNT(&modunload_disable_count, &mod_uninstall_lock);
2988 }
2989 
2990 void
2991 modunload_enable(void)
2992 {
2993 	DECR_COUNT(&modunload_disable_count, &mod_uninstall_lock);
2994 }
2995 
2996 void
2997 mod_uninstall_daemon(void)
2998 {
2999 	callb_cpr_t	cprinfo;
3000 	clock_t		ticks = 0;
3001 
3002 	mod_aul_thread = curthread;
3003 
3004 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3005 	for (;;) {
3006 		mutex_enter(&mod_uninstall_lock);
3007 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3008 		/*
3009 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3010 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3011 		 * be disabled by setting mod_uninstall_interval to 0 which is
3012 		 * the default for a non-DEBUG kernel.
3013 		 */
3014 		if (mod_uninstall_interval) {
3015 			ticks = ddi_get_lbolt() +
3016 				drv_usectohz(mod_uninstall_interval * 1000000);
3017 			(void) cv_timedwait(&mod_uninstall_cv,
3018 				&mod_uninstall_lock, ticks);
3019 		} else {
3020 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3021 		}
3022 		/*
3023 		 * The whole daemon is safe for CPR except we don't want
3024 		 * the daemon to run if FREEZE is issued and this daemon
3025 		 * wakes up from the cv_wait above. In this case, it'll be
3026 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3027 		 *
3028 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3029 		 * mod_uninstall_lock is used to protect cprinfo and
3030 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3031 		 * called.
3032 		 */
3033 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3034 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3035 		mutex_exit(&mod_uninstall_lock);
3036 		if ((modunload_disable_count == 0) &&
3037 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3038 			mod_uninstall_all();
3039 		}
3040 	}
3041 }
3042 
3043 /*
3044  * Unload all uninstalled modules.
3045  */
3046 void
3047 modreap(void)
3048 {
3049 	mutex_enter(&mod_uninstall_lock);
3050 	cv_broadcast(&mod_uninstall_cv);
3051 	mutex_exit(&mod_uninstall_lock);
3052 }
3053 
3054 /*
3055  * Hold the specified module. This is the module holding primitive.
3056  *
3057  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3058  *
3059  * Return values:
3060  *	 0 ==> the module is held
3061  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3062  *		to determine how to retry.
3063  */
3064 int
3065 mod_hold_by_modctl(struct modctl *mp, int f)
3066 {
3067 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3068 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3069 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3070 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3071 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3072 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3073 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3074 
3075 	if (f & MOD_LOCK_NOT_HELD)
3076 		mutex_enter(&mod_lock);
3077 
3078 	while (mp->mod_busy) {
3079 		mp->mod_want = 1;
3080 		cv_wait(&mod_cv, &mod_lock);
3081 		/*
3082 		 * Module may be unloaded by daemon.
3083 		 * Nevertheless, modctl structure is still in linked list
3084 		 * (i.e., off &modules), not freed!
3085 		 * Caller is not supposed to assume "mp" is valid, but there
3086 		 * is no reasonable way to detect this but using
3087 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3088 		 *   (or similar check depending on calling context)
3089 		 * DON'T free modctl structure, it will be very very
3090 		 * problematic.
3091 		 */
3092 		if (f & MOD_WAIT_ONCE) {
3093 			if (f & MOD_LOCK_NOT_HELD)
3094 				mutex_exit(&mod_lock);
3095 			return (1);	/* caller decides how to retry */
3096 		}
3097 	}
3098 
3099 	mp->mod_busy = 1;
3100 	mp->mod_inprogress_thread =
3101 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
3102 
3103 	if (f & MOD_LOCK_NOT_HELD)
3104 		mutex_exit(&mod_lock);
3105 	return (0);
3106 }
3107 
3108 static struct modctl *
3109 mod_hold_by_name_common(struct modctl *dep, char *filename)
3110 {
3111 	char		*modname;
3112 	struct modctl	*mp;
3113 	char		*curname, *newname;
3114 	int		found = 0;
3115 
3116 	mutex_enter(&mod_lock);
3117 
3118 	if ((modname = strrchr(filename, '/')) == NULL)
3119 		modname = filename;
3120 	else
3121 		modname++;
3122 
3123 	mp = &modules;
3124 	do {
3125 		if (strcmp(modname, mp->mod_modname) == 0) {
3126 			found = 1;
3127 			break;
3128 		}
3129 	} while ((mp = mp->mod_next) != &modules);
3130 
3131 	if (found == 0) {
3132 		mp = allocate_modp(filename, modname);
3133 		modadd(mp);
3134 	}
3135 
3136 	/*
3137 	 * if dep is not NULL, set the mp in mod_requisite_loading for
3138 	 * the module circular dependency check. This field is used in
3139 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
3140 	 */
3141 	if (dep != NULL) {
3142 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
3143 		dep->mod_requisite_loading = mp;
3144 	}
3145 
3146 	/*
3147 	 * If the module was held, then it must be us who has it held.
3148 	 */
3149 	if (mod_circdep(mp))
3150 		mp = NULL;
3151 	else {
3152 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3153 
3154 		/*
3155 		 * If the name hadn't been set or has changed, allocate
3156 		 * space and set it.  Free space used by previous name.
3157 		 *
3158 		 * Do not change the name of primary modules, for primary
3159 		 * modules the mod_filename was allocated in standalone mode:
3160 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
3161 		 * in non-standalone mode.
3162 		 */
3163 		curname = mp->mod_filename;
3164 		if (curname == NULL ||
3165 		    ((mp->mod_prim == 0) &&
3166 		    (curname != filename) &&
3167 		    (modname != filename) &&
3168 		    (strcmp(curname, filename) != 0))) {
3169 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
3170 			(void) strcpy(newname, filename);
3171 			mp->mod_filename = newname;
3172 			if (curname != NULL)
3173 				kobj_free(curname, strlen(curname) + 1);
3174 		}
3175 	}
3176 
3177 	mutex_exit(&mod_lock);
3178 	if (mp && moddebug & MODDEBUG_LOADMSG2)
3179 		printf("Holding %s\n", mp->mod_filename);
3180 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
3181 		printf("circular dependency loading %s\n", filename);
3182 	return (mp);
3183 }
3184 
3185 static struct modctl *
3186 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
3187 {
3188 	return (mod_hold_by_name_common(dep, filename));
3189 }
3190 
3191 struct modctl *
3192 mod_hold_by_name(char *filename)
3193 {
3194 	return (mod_hold_by_name_common(NULL, filename));
3195 }
3196 
3197 static struct modctl *
3198 mod_hold_by_id(modid_t modid)
3199 {
3200 	struct modctl	*mp;
3201 	int		found = 0;
3202 
3203 	mutex_enter(&mod_lock);
3204 	mp = &modules;
3205 	do {
3206 		if (mp->mod_id == modid) {
3207 			found = 1;
3208 			break;
3209 		}
3210 	} while ((mp = mp->mod_next) != &modules);
3211 
3212 	if ((found == 0) || mod_circdep(mp))
3213 		mp = NULL;
3214 	else
3215 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3216 
3217 	mutex_exit(&mod_lock);
3218 	return (mp);
3219 }
3220 
3221 static struct modctl *
3222 mod_hold_next_by_id(modid_t modid)
3223 {
3224 	struct modctl	*mp;
3225 	int		found = 0;
3226 
3227 	if (modid < -1)
3228 		return (NULL);
3229 
3230 	mutex_enter(&mod_lock);
3231 
3232 	mp = &modules;
3233 	do {
3234 		if (mp->mod_id > modid) {
3235 			found = 1;
3236 			break;
3237 		}
3238 	} while ((mp = mp->mod_next) != &modules);
3239 
3240 	if ((found == 0) || mod_circdep(mp))
3241 		mp = NULL;
3242 	else
3243 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
3244 
3245 	mutex_exit(&mod_lock);
3246 	return (mp);
3247 }
3248 
3249 static void
3250 mod_release(struct modctl *mp)
3251 {
3252 	ASSERT(MUTEX_HELD(&mod_lock));
3253 	ASSERT(mp->mod_busy);
3254 
3255 	mp->mod_busy = 0;
3256 	mp->mod_inprogress_thread = NULL;
3257 	if (mp->mod_want) {
3258 		mp->mod_want = 0;
3259 		cv_broadcast(&mod_cv);
3260 	}
3261 }
3262 
3263 void
3264 mod_release_mod(struct modctl *mp)
3265 {
3266 	if (moddebug & MODDEBUG_LOADMSG2)
3267 		printf("Releasing %s\n", mp->mod_filename);
3268 	mutex_enter(&mod_lock);
3269 	mod_release(mp);
3270 	mutex_exit(&mod_lock);
3271 }
3272 
3273 modid_t
3274 mod_name_to_modid(char *filename)
3275 {
3276 	char		*modname;
3277 	struct modctl	*mp;
3278 
3279 	mutex_enter(&mod_lock);
3280 
3281 	if ((modname = strrchr(filename, '/')) == NULL)
3282 		modname = filename;
3283 	else
3284 		modname++;
3285 
3286 	mp = &modules;
3287 	do {
3288 		if (strcmp(modname, mp->mod_modname) == 0) {
3289 			mutex_exit(&mod_lock);
3290 			return (mp->mod_id);
3291 		}
3292 	} while ((mp = mp->mod_next) != &modules);
3293 
3294 	mutex_exit(&mod_lock);
3295 	return (-1);
3296 }
3297 
3298 
3299 int
3300 mod_remove_by_name(char *name)
3301 {
3302 	struct modctl *mp;
3303 	int retval;
3304 
3305 	mp = mod_hold_by_name(name);
3306 
3307 	if (mp == NULL)
3308 		return (EINVAL);
3309 
3310 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3311 		/*
3312 		 * Do not unload forceloaded modules
3313 		 */
3314 		mod_release_mod(mp);
3315 		return (0);
3316 	}
3317 
3318 	if ((retval = moduninstall(mp)) == 0) {
3319 		mod_unload(mp);
3320 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3321 	} else if (retval == EALREADY)
3322 		retval = 0;		/* already unloaded, not an error */
3323 	mod_release_mod(mp);
3324 	return (retval);
3325 }
3326 
3327 /*
3328  * Record that module "dep" is dependent on module "on_mod."
3329  */
3330 static void
3331 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
3332 {
3333 	struct modctl_list **pmlnp;	/* previous next pointer */
3334 	struct modctl_list *mlp;
3335 	struct modctl_list *new;
3336 
3337 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
3338 	mutex_enter(&mod_lock);
3339 
3340 	/*
3341 	 * Search dependent's requisite list to see if on_mod is recorded.
3342 	 * List is ordered by id.
3343 	 */
3344 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
3345 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
3346 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
3347 			break;
3348 
3349 	/* Create and insert if not already recorded */
3350 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
3351 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
3352 		new->modl_modp = on_mod;
3353 		new->modl_next = mlp;
3354 		*pmlnp = new;
3355 
3356 		/*
3357 		 * Increment the mod_ref count in our new requisite module.
3358 		 * This is what keeps a module that has other modules
3359 		 * which are dependent on it from being uninstalled and
3360 		 * unloaded. "on_mod"'s mod_ref count decremented in
3361 		 * mod_release_requisites when the "dependent" module
3362 		 * unload is complete.  "on_mod" must be loaded, but may not
3363 		 * yet be installed.
3364 		 */
3365 		on_mod->mod_ref++;
3366 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
3367 	}
3368 
3369 	mutex_exit(&mod_lock);
3370 }
3371 
3372 /*
3373  * release the hold associated with mod_make_requisite mod_ref++
3374  * as part of unload.
3375  */
3376 void
3377 mod_release_requisites(struct modctl *modp)
3378 {
3379 	struct modctl_list *modl;
3380 	struct modctl_list *next;
3381 	struct modctl *req;
3382 	struct modctl_list *start = NULL, *mod_garbage;
3383 
3384 	ASSERT(modp->mod_busy);
3385 	ASSERT(!MUTEX_HELD(&mod_lock));
3386 
3387 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
3388 	for (modl = modp->mod_requisites; modl; modl = next) {
3389 		next = modl->modl_next;
3390 		req = modl->modl_modp;
3391 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
3392 		req->mod_ref--;
3393 
3394 		/*
3395 		 * Check if the module has to be unloaded or not.
3396 		 */
3397 		if (req->mod_ref == 0 && req->mod_delay_unload) {
3398 			struct modctl_list *new;
3399 			/*
3400 			 * Allocate the modclt_list holding the garbage
3401 			 * module which should be unloaded later.
3402 			 */
3403 			new = kobj_zalloc(sizeof (struct modctl_list),
3404 			    KM_SLEEP);
3405 			new->modl_modp = req;
3406 
3407 			if (start == NULL)
3408 				mod_garbage = start = new;
3409 			else {
3410 				mod_garbage->modl_next = new;
3411 				mod_garbage = new;
3412 			}
3413 		}
3414 
3415 		/* free the list as we go */
3416 		kobj_free(modl, sizeof (*modl));
3417 	}
3418 	modp->mod_requisites = NULL;
3419 	mutex_exit(&mod_lock);
3420 
3421 	/*
3422 	 * Unload the garbage modules.
3423 	 */
3424 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
3425 		struct modctl_list *old = mod_garbage;
3426 		struct modctl *mp = mod_garbage->modl_modp;
3427 		ASSERT(mp != NULL);
3428 
3429 		/*
3430 		 * Hold this module until it's unloaded completely.
3431 		 */
3432 		(void) mod_hold_by_modctl(mp,
3433 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3434 		/*
3435 		 * Check if the module is not unloaded yet and nobody requires
3436 		 * the module. If it's unloaded already or somebody still
3437 		 * requires the module, don't unload it now.
3438 		 */
3439 		if (mp->mod_loaded && mp->mod_ref == 0)
3440 			mod_unload(mp);
3441 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
3442 		    (mp->mod_ref > 0));
3443 		mod_release_mod(mp);
3444 
3445 		mod_garbage = mod_garbage->modl_next;
3446 		kobj_free(old, sizeof (struct modctl_list));
3447 	}
3448 }
3449 
3450 /*
3451  * Process dependency of the module represented by "dep" on the
3452  * module named by "on."
3453  *
3454  * Called from kobj_do_dependents() to load a module "on" on which
3455  * "dep" depends.
3456  */
3457 struct modctl *
3458 mod_load_requisite(struct modctl *dep, char *on)
3459 {
3460 	struct modctl *on_mod;
3461 	int retval;
3462 
3463 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
3464 		mod_make_requisite(dep, on_mod);
3465 	} else if (moddebug & MODDEBUG_ERRMSG) {
3466 		printf("error processing %s on which module %s depends\n",
3467 			on, dep->mod_modname);
3468 	}
3469 	return (on_mod);
3470 }
3471 
3472 static int
3473 mod_install_requisites(struct modctl *modp)
3474 {
3475 	struct modctl_list *modl;
3476 	struct modctl *req;
3477 	int status = 0;
3478 
3479 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3480 	ASSERT(modp->mod_busy);
3481 
3482 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
3483 		req = modl->modl_modp;
3484 		(void) mod_hold_by_modctl(req,
3485 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3486 		status = modinstall(req);
3487 		mod_release_mod(req);
3488 
3489 		if (status != 0)
3490 			break;
3491 	}
3492 	return (status);
3493 }
3494 
3495 /*
3496  * returns 1 if this thread is doing autounload, 0 otherwise.
3497  * see mod_uninstall_all.
3498  */
3499 int
3500 mod_in_autounload()
3501 {
3502 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
3503 }
3504 
3505 /*
3506  * gmatch adapted from libc, stripping the wchar stuff
3507  */
3508 #define	popchar(p, c) \
3509 	c = *p++; \
3510 	if (c == 0) \
3511 		return (0);
3512 
3513 static int
3514 gmatch(const char *s, const char *p)
3515 {
3516 	int c, sc;
3517 	int ok, lc, notflag;
3518 
3519 	sc = *s++;
3520 	c = *p++;
3521 	if (c == 0)
3522 		return (sc == c);	/* nothing matches nothing */
3523 
3524 	switch (c) {
3525 	case '\\':
3526 		/* skip to quoted character */
3527 		popchar(p, c)
3528 		/*FALLTHRU*/
3529 
3530 	default:
3531 		/* straight comparison */
3532 		if (c != sc)
3533 			return (0);
3534 		/*FALLTHRU*/
3535 
3536 	case '?':
3537 		/* first char matches, move to remainder */
3538 		return (sc != '\0' ? gmatch(s, p) : 0);
3539 
3540 
3541 	case '*':
3542 		while (*p == '*')
3543 			p++;
3544 
3545 		/* * matches everything */
3546 		if (*p == 0)
3547 			return (1);
3548 
3549 		/* undo skip at the beginning & iterate over substrings */
3550 		--s;
3551 		while (*s) {
3552 			if (gmatch(s, p))
3553 				return (1);
3554 			s++;
3555 		}
3556 		return (0);
3557 
3558 	case '[':
3559 		/* match any char within [] */
3560 		if (sc == 0)
3561 			return (0);
3562 
3563 		ok = lc = notflag = 0;
3564 
3565 		if (*p == '!') {
3566 			notflag = 1;
3567 			p++;
3568 		}
3569 		popchar(p, c)
3570 
3571 		do {
3572 			if (c == '-' && lc && *p != ']') {
3573 				/* test sc against range [c1-c2] */
3574 				popchar(p, c)
3575 				if (c == '\\') {
3576 					popchar(p, c)
3577 				}
3578 
3579 				if (notflag) {
3580 					/* return 0 on mismatch */
3581 					if (lc <= sc && sc <= c)
3582 						return (0);
3583 					ok++;
3584 				} else if (lc <= sc && sc <= c) {
3585 					ok++;
3586 				}
3587 				/* keep going, may get a match next */
3588 			} else if (c == '\\') {
3589 				/* skip to quoted character */
3590 				popchar(p, c)
3591 			}
3592 			lc = c;
3593 			if (notflag) {
3594 				if (sc == lc)
3595 					return (0);
3596 				ok++;
3597 			} else if (sc == lc) {
3598 				ok++;
3599 			}
3600 			popchar(p, c)
3601 		} while (c != ']');
3602 
3603 		/* recurse on remainder of string */
3604 		return (ok ? gmatch(s, p) : 0);
3605 	}
3606 	/*NOTREACHED*/
3607 }
3608 
3609 
3610 /*
3611  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
3612  *
3613  * Pure wild-carded patterns are handled separately so the ordering of
3614  * these patterns doesn't matter.  We're still dependent on ordering
3615  * however as the first matching entry is the one returned.
3616  * Not ideal but all existing examples and usage do imply this
3617  * ordering implicitly.
3618  *
3619  * Drivers using the clone driver are always good for some entertainment.
3620  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
3621  * perm entries have the form clone:<driver>, others use <driver>:*
3622  * Examples are clone:llc1 vs. llc2:*, for example.
3623  *
3624  * Minor perms in the clone:<driver> form are mapped to the drivers's
3625  * mperm list, not the clone driver, as wildcard entries for clone
3626  * reference only.  In other words, a clone wildcard will match
3627  * references for clone@0:<driver> but never <driver>@<minor>.
3628  *
3629  * Additional minor perms in the standard form are also supported,
3630  * for mixed usage, ie a node with an entry clone:<driver> could
3631  * provide further entries <driver>:<minor>.
3632  *
3633  * Finally, some uses of clone use an alias as the minor name rather
3634  * than the driver name, with the alias as the minor perm entry.
3635  * This case is handled by attaching the driver to bring its
3636  * minor list into existence, then discover the alias via DDI_ALIAS.
3637  * The clone device's minor perm list can then be searched for
3638  * that alias.
3639  */
3640 
3641 static int
3642 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
3643 {
3644 	major_t major;
3645 	struct devnames *dnp;
3646 	mperm_t *mp;
3647 	char *alias = NULL;
3648 	dev_info_t *cdevi;
3649 	struct ddi_minor_data *dmd;
3650 
3651 	major = ddi_name_to_major(minor_name);
3652 
3653 	ASSERT(dip == clone_dip);
3654 	ASSERT(major != (major_t)-1);
3655 
3656 	/*
3657 	 * Attach the driver named by the minor node, then
3658 	 * search its first instance's minor list for an
3659 	 * alias node.
3660 	 */
3661 	if (ddi_hold_installed_driver(major) == NULL)
3662 		return (1);
3663 
3664 	dnp = &devnamesp[major];
3665 	LOCK_DEV_OPS(&dnp->dn_lock);
3666 
3667 	if ((cdevi = dnp->dn_head) != NULL) {
3668 		mutex_enter(&DEVI(cdevi)->devi_lock);
3669 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
3670 			if (dmd->type == DDM_ALIAS) {
3671 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
3672 				break;
3673 			}
3674 		}
3675 		mutex_exit(&DEVI(cdevi)->devi_lock);
3676 	}
3677 
3678 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3679 	ddi_rele_driver(major);
3680 
3681 	if (alias == NULL) {
3682 		if (moddebug & MODDEBUG_MINORPERM)
3683 			cmn_err(CE_CONT, "dev_minorperm: "
3684 			    "no alias for %s\n", minor_name);
3685 		return (1);
3686 	}
3687 
3688 	major = ddi_driver_major(clone_dip);
3689 	dnp = &devnamesp[major];
3690 	LOCK_DEV_OPS(&dnp->dn_lock);
3691 
3692 	/*
3693 	 * Go through the clone driver's mperm list looking
3694 	 * for a match for the specified alias.
3695 	 */
3696 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
3697 		if (strcmp(alias, mp->mp_minorname) == 0) {
3698 			break;
3699 		}
3700 	}
3701 
3702 	if (mp) {
3703 		if (moddebug & MODDEBUG_MP_MATCH) {
3704 			cmn_err(CE_CONT,
3705 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
3706 			    minor_name, alias, mp->mp_mode,
3707 			    mp->mp_uid, mp->mp_gid);
3708 		}
3709 		rmp->mp_uid = mp->mp_uid;
3710 		rmp->mp_gid = mp->mp_gid;
3711 		rmp->mp_mode = mp->mp_mode;
3712 	}
3713 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3714 
3715 	kmem_free(alias, strlen(alias)+1);
3716 
3717 	return (mp == NULL);
3718 }
3719 
3720 int
3721 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
3722 {
3723 	major_t major;
3724 	char *minor_name;
3725 	struct devnames *dnp;
3726 	mperm_t *mp;
3727 	int is_clone = 0;
3728 
3729 	if (!minorperm_loaded) {
3730 		if (moddebug & MODDEBUG_MINORPERM)
3731 			cmn_err(CE_CONT,
3732 			    "%s: minor perm not yet loaded\n", name);
3733 		return (1);
3734 	}
3735 
3736 	minor_name = strchr(name, ':');
3737 	if (minor_name == NULL)
3738 		return (1);
3739 	minor_name++;
3740 
3741 	/*
3742 	 * If it's the clone driver, search the driver as named
3743 	 * by the minor.  All clone minor perm entries other than
3744 	 * alias nodes are actually installed on the real driver's list.
3745 	 */
3746 	if (dip == clone_dip) {
3747 		major = ddi_name_to_major(minor_name);
3748 		if (major == (major_t)-1) {
3749 			if (moddebug & MODDEBUG_MINORPERM)
3750 				cmn_err(CE_CONT, "dev_minorperm: "
3751 				    "%s: no such driver\n", minor_name);
3752 			return (1);
3753 		}
3754 		is_clone = 1;
3755 	} else {
3756 		major = ddi_driver_major(dip);
3757 		ASSERT(major != (major_t)-1);
3758 	}
3759 
3760 	dnp = &devnamesp[major];
3761 	LOCK_DEV_OPS(&dnp->dn_lock);
3762 
3763 	/*
3764 	 * Go through the driver's mperm list looking for
3765 	 * a match for the specified minor.  If there's
3766 	 * no matching pattern, use the wild card.
3767 	 * Defer to the clone wild for clone if specified,
3768 	 * otherwise fall back to the normal form.
3769 	 */
3770 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
3771 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
3772 			break;
3773 		}
3774 	}
3775 	if (mp == NULL) {
3776 		if (is_clone)
3777 			mp = dnp->dn_mperm_clone;
3778 		if (mp == NULL)
3779 			mp = dnp->dn_mperm_wild;
3780 	}
3781 
3782 	if (mp) {
3783 		if (moddebug & MODDEBUG_MP_MATCH) {
3784 			cmn_err(CE_CONT,
3785 			    "minor perm defaults: %s %s 0%o %d %d\n",
3786 			    name, mp->mp_minorname, mp->mp_mode,
3787 			    mp->mp_uid, mp->mp_gid);
3788 		}
3789 		rmp->mp_uid = mp->mp_uid;
3790 		rmp->mp_gid = mp->mp_gid;
3791 		rmp->mp_mode = mp->mp_mode;
3792 	}
3793 	UNLOCK_DEV_OPS(&dnp->dn_lock);
3794 
3795 	/*
3796 	 * If no match can be found for a clone node,
3797 	 * search for a possible match for an alias.
3798 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
3799 	 * with minor perm entry clone:ptmx.
3800 	 */
3801 	if (mp == NULL && is_clone) {
3802 		return (dev_alias_minorperm(dip, minor_name, rmp));
3803 	}
3804 
3805 	return (mp == NULL);
3806 }
3807 
3808 /*
3809  * dynamicaly reference load a dl module/library, returning handle
3810  */
3811 /*ARGSUSED*/
3812 ddi_modhandle_t
3813 ddi_modopen(const char *modname, int mode, int *errnop)
3814 {
3815 	char		*subdir;
3816 	char		*mod;
3817 	int		subdirlen;
3818 	struct modctl	*hmodp = NULL;
3819 	int		retval = EINVAL;
3820 
3821 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
3822 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
3823 		goto out;
3824 
3825 	/* find optional first '/' in modname */
3826 	mod = strchr(modname, '/');
3827 	if (mod != strrchr(modname, '/'))
3828 		goto out;		/* only one '/' is legal */
3829 
3830 	if (mod) {
3831 		/* for subdir string without modification to argument */
3832 		mod++;
3833 		subdirlen = mod - modname;
3834 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
3835 		(void) strlcpy(subdir, modname, subdirlen);
3836 	} else {
3837 		subdirlen = 0;
3838 		subdir = "misc";
3839 		mod = (char *)modname;
3840 	}
3841 
3842 	/* reference load with errno return value */
3843 	retval = modrload(subdir, mod, &hmodp);
3844 
3845 	if (subdirlen)
3846 		kmem_free(subdir, subdirlen);
3847 
3848 out:	if (errnop)
3849 		*errnop = retval;
3850 
3851 	if (moddebug & MODDEBUG_DDI_MOD)
3852 		printf("ddi_modopen %s mode %x: %s %p %d\n",
3853 		    modname ? modname : "<unknown>", mode,
3854 		    hmodp ? hmodp->mod_filename : "<unknown>",
3855 		    (void *)hmodp, retval);
3856 
3857 	return ((ddi_modhandle_t)hmodp);
3858 }
3859 
3860 /* lookup "name" in open dl module/library */
3861 void *
3862 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
3863 {
3864 	struct modctl	*hmodp = (struct modctl *)h;
3865 	void		*f;
3866 	int		retval;
3867 
3868 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
3869 	if ((hmodp == NULL) || (name == NULL) ||
3870 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
3871 		f = NULL;
3872 		retval = EINVAL;
3873 	} else {
3874 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
3875 		if (f)
3876 			retval = 0;
3877 		else
3878 			retval = ENOTSUP;
3879 	}
3880 
3881 	if (moddebug & MODDEBUG_DDI_MOD)
3882 		printf("ddi_modsym in %s of %s: %d %p\n",
3883 		    hmodp ? hmodp->mod_modname : "<unknown>",
3884 		    name ? name : "<unknown>", retval, f);
3885 
3886 	if (errnop)
3887 		*errnop = retval;
3888 	return (f);
3889 }
3890 
3891 /* dynamic (un)reference unload of an open dl module/library */
3892 int
3893 ddi_modclose(ddi_modhandle_t h)
3894 {
3895 	struct modctl	*hmodp = (struct modctl *)h;
3896 	struct modctl	*modp = NULL;
3897 	int		retval;
3898 
3899 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
3900 	if ((hmodp == NULL) ||
3901 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
3902 		retval = EINVAL;
3903 		goto out;
3904 	}
3905 
3906 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
3907 	if (retval == EBUSY)
3908 		retval = 0;	/* EBUSY is not an error */
3909 
3910 	if (retval == 0) {
3911 		ASSERT(hmodp == modp);
3912 		if (hmodp != modp)
3913 			retval = EINVAL;
3914 	}
3915 
3916 out:	if (moddebug & MODDEBUG_DDI_MOD)
3917 		printf("ddi_modclose %s: %d\n",
3918 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
3919 
3920 	return (retval);
3921 }
3922