1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
  24  */
  25 
  26 /*
  27  * modctl system call for loadable module support.
  28  */
  29 
  30 #include <sys/param.h>
  31 #include <sys/user.h>
  32 #include <sys/systm.h>
  33 #include <sys/exec.h>
  34 #include <sys/file.h>
  35 #include <sys/stat.h>
  36 #include <sys/conf.h>
  37 #include <sys/time.h>
  38 #include <sys/reboot.h>
  39 #include <sys/fs/ufs_fsdir.h>
  40 #include <sys/kmem.h>
  41 #include <sys/sysconf.h>
  42 #include <sys/cmn_err.h>
  43 #include <sys/ddi.h>
  44 #include <sys/sunddi.h>
  45 #include <sys/sunndi.h>
  46 #include <sys/ndi_impldefs.h>
  47 #include <sys/ddi_impldefs.h>
  48 #include <sys/ddi_implfuncs.h>
  49 #include <sys/bootconf.h>
  50 #include <sys/dc_ki.h>
  51 #include <sys/cladm.h>
  52 #include <sys/dtrace.h>
  53 #include <sys/kdi.h>
  54 
  55 #include <sys/devpolicy.h>
  56 #include <sys/modctl.h>
  57 #include <sys/kobj.h>
  58 #include <sys/devops.h>
  59 #include <sys/autoconf.h>
  60 #include <sys/hwconf.h>
  61 #include <sys/callb.h>
  62 #include <sys/debug.h>
  63 #include <sys/cpuvar.h>
  64 #include <sys/sysmacros.h>
  65 #include <sys/sysevent.h>
  66 #include <sys/sysevent_impl.h>
  67 #include <sys/instance.h>
  68 #include <sys/modhash.h>
  69 #include <sys/modhash_impl.h>
  70 #include <sys/dacf_impl.h>
  71 #include <sys/vfs.h>
  72 #include <sys/pathname.h>
  73 #include <sys/console.h>
  74 #include <sys/policy.h>
  75 #include <ipp/ipp_impl.h>
  76 #include <sys/fs/dv_node.h>
  77 #include <sys/strsubr.h>
  78 #include <sys/fs/sdev_impl.h>
  79 
  80 static int              mod_circdep(struct modctl *);
  81 static int              modinfo(modid_t, struct modinfo *);
  82 
  83 static void             mod_uninstall_all(void);
  84 static int              mod_getinfo(struct modctl *, struct modinfo *);
  85 static struct modctl    *allocate_modp(const char *, const char *);
  86 
  87 static int              mod_load(struct modctl *, int);
  88 static void             mod_unload(struct modctl *);
  89 static int              modinstall(struct modctl *);
  90 static int              moduninstall(struct modctl *);
  91 
  92 static struct modctl    *mod_hold_by_name_common(struct modctl *, const char *);
  93 static struct modctl    *mod_hold_next_by_id(modid_t);
  94 static struct modctl    *mod_hold_loaded_mod(struct modctl *, char *, int *);
  95 static struct modctl    *mod_hold_installed_mod(char *, int, int, int *);
  96 
  97 static void             mod_release(struct modctl *);
  98 static void             mod_make_requisite(struct modctl *, struct modctl *);
  99 static int              mod_install_requisites(struct modctl *);
 100 static void             check_esc_sequences(char *, char *);
 101 static struct modctl    *mod_hold_by_name_requisite(struct modctl *, char *);
 102 
 103 /*
 104  * module loading thread control structure. Calls to kobj_load_module()() are
 105  * handled off to a separate thead using this structure.
 106  */
 107 struct loadmt {
 108         ksema_t         sema;
 109         struct modctl   *mp;
 110         int             usepath;
 111         kthread_t       *owner;
 112         int             retval;
 113 };
 114 
 115 static void     modload_thread(struct loadmt *);
 116 
 117 kcondvar_t      mod_cv;
 118 kcondvar_t      mod_uninstall_cv;       /* Communication between swapper */
 119                                         /* and the uninstall daemon. */
 120 kmutex_t        mod_lock;               /* protects &modules insert linkage, */
 121                                         /* mod_busy, mod_want, and mod_ref. */
 122                                         /* blocking operations while holding */
 123                                         /* mod_lock should be avoided */
 124 kmutex_t        mod_uninstall_lock;     /* protects mod_uninstall_cv */
 125 kthread_id_t    mod_aul_thread;
 126 
 127 int             modunload_wait;
 128 kmutex_t        modunload_wait_mutex;
 129 kcondvar_t      modunload_wait_cv;
 130 int             modunload_active_count;
 131 int             modunload_disable_count;
 132 
 133 int     isminiroot;             /* set if running as miniroot */
 134 int     modrootloaded;          /* set after root driver and fs are loaded */
 135 int     moddebug = 0x0;         /* debug flags for module writers */
 136 int     swaploaded;             /* set after swap driver and fs are loaded */
 137 int     bop_io_quiesced = 0;    /* set when BOP I/O can no longer be used */
 138 int     last_module_id;
 139 clock_t mod_uninstall_interval = 0;
 140 int     mod_uninstall_pass_max = 6;
 141 int     mod_uninstall_ref_zero; /* # modules that went mod_ref == 0 */
 142 int     mod_uninstall_pass_exc; /* mod_uninstall_all left new stuff */
 143 
 144 int     ddi_modclose_unload = 1;        /* 0 -> just decrement reference */
 145 
 146 int     devcnt_incr     = 256;          /* allow for additional drivers */
 147 int     devcnt_min      = 512;          /* and always at least this number */
 148 
 149 struct devnames *devnamesp;
 150 struct devnames orphanlist;
 151 
 152 krwlock_t       devinfo_tree_lock;      /* obsolete, to be removed */
 153 
 154 #define MAJBINDFILE "/etc/name_to_major"
 155 #define SYSBINDFILE "/etc/name_to_sysnum"
 156 
 157 static char     majbind[] = MAJBINDFILE;
 158 static char     sysbind[] = SYSBINDFILE;
 159 static uint_t   mod_autounload_key;     /* for module autounload detection */
 160 
 161 extern int obpdebug;
 162 
 163 #define DEBUGGER_PRESENT        ((boothowto & RB_DEBUG) || (obpdebug != 0))
 164 
 165 static int minorperm_loaded = 0;
 166 
 167 void
 168 mod_setup(void)
 169 {
 170         struct sysent *callp;
 171         int callnum, exectype;
 172         int     num_devs;
 173         int     i;
 174 
 175         /*
 176          * Initialize the list of loaded driver dev_ops.
 177          * XXX - This must be done before reading the system file so that
 178          * forceloads of drivers will work.
 179          */
 180         num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
 181         /*
 182          * Since read_binding_file is common code, it doesn't enforce that all
 183          * of the binding file entries have major numbers <= MAXMAJ32.       Thus,
 184          * ensure that we don't allocate some massive amount of space due to a
 185          * bad entry.  We can't have major numbers bigger than MAXMAJ32
 186          * until file system support for larger major numbers exists.
 187          */
 188 
 189         /*
 190          * Leave space for expansion, but not more than L_MAXMAJ32
 191          */
 192         devcnt = MIN(num_devs + devcnt_incr, L_MAXMAJ32);
 193         devcnt = MAX(devcnt, devcnt_min);
 194         devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
 195         for (i = 0; i < devcnt; i++)
 196                 devopsp[i] = &mod_nodev_ops;
 197 
 198         init_devnamesp(devcnt);
 199 
 200         /*
 201          * Sync up with the work that the stand-alone linker has already done.
 202          */
 203         (void) kobj_sync();
 204 
 205         if (boothowto & RB_DEBUG)
 206                 kdi_dvec_modavail();
 207 
 208         make_aliases(mb_hashtab);
 209 
 210         /*
 211          * Initialize streams device implementation structures.
 212          */
 213         devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
 214 
 215         /*
 216          * If the cl_bootstrap module is present,
 217          * we should be configured as a cluster. Loading this module
 218          * will set "cluster_bootflags" to non-zero.
 219          */
 220         (void) modload("misc", "cl_bootstrap");
 221 
 222         (void) read_binding_file(sysbind, sb_hashtab, make_mbind);
 223         init_syscallnames(NSYSCALL);
 224 
 225         /*
 226          * Start up dynamic autoconfiguration framework (dacf).
 227          */
 228         mod_hash_init();
 229         dacf_init();
 230 
 231         /*
 232          * Start up IP policy framework (ipp).
 233          */
 234         ipp_init();
 235 
 236         /*
 237          * Allocate loadable native system call locks.
 238          */
 239         for (callnum = 0, callp = sysent; callnum < NSYSCALL;
 240             callnum++, callp++) {
 241                 if (LOADABLE_SYSCALL(callp)) {
 242                         if (mod_getsysname(callnum) != NULL) {
 243                                 callp->sy_lock =
 244                                     kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
 245                                 rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
 246                         } else {
 247                                 callp->sy_flags &= ~SE_LOADABLE;
 248                                 callp->sy_callc = nosys;
 249                         }
 250 #ifdef DEBUG
 251                 } else {
 252                         /*
 253                          * Do some sanity checks on the sysent table
 254                          */
 255                         switch (callp->sy_flags & SE_RVAL_MASK) {
 256                         case SE_32RVAL1:
 257                                 /* only r_val1 returned */
 258                         case SE_32RVAL1 | SE_32RVAL2:
 259                                 /* r_val1 and r_val2 returned */
 260                         case SE_64RVAL:
 261                                 /* 64-bit rval returned */
 262                                 break;
 263                         default:
 264                                 cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
 265                                     callnum, callp->sy_flags);
 266                         }
 267 #endif
 268                 }
 269         }
 270 
 271 #ifdef _SYSCALL32_IMPL
 272         /*
 273          * Allocate loadable system call locks for 32-bit compat syscalls
 274          */
 275         for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
 276             callnum++, callp++) {
 277                 if (LOADABLE_SYSCALL(callp)) {
 278                         if (mod_getsysname(callnum) != NULL) {
 279                                 callp->sy_lock =
 280                                     kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
 281                                 rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
 282                         } else {
 283                                 callp->sy_flags &= ~SE_LOADABLE;
 284                                 callp->sy_callc = nosys;
 285                         }
 286 #ifdef DEBUG
 287                 } else {
 288                         /*
 289                          * Do some sanity checks on the sysent table
 290                          */
 291                         switch (callp->sy_flags & SE_RVAL_MASK) {
 292                         case SE_32RVAL1:
 293                                 /* only r_val1 returned */
 294                         case SE_32RVAL1 | SE_32RVAL2:
 295                                 /* r_val1 and r_val2 returned */
 296                         case SE_64RVAL:
 297                                 /* 64-bit rval returned */
 298                                 break;
 299                         default:
 300                                 cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
 301                                     callnum, callp->sy_flags);
 302                                 goto skip;
 303                         }
 304 
 305                         /*
 306                          * Cross-check the native and compatibility tables.
 307                          */
 308                         if (callp->sy_callc == nosys ||
 309                             sysent[callnum].sy_callc == nosys)
 310                                 continue;
 311                         /*
 312                          * If only one or the other slot is loadable, then
 313                          * there's an error -- they should match!
 314                          */
 315                         if ((callp->sy_callc == loadable_syscall) ^
 316                             (sysent[callnum].sy_callc == loadable_syscall)) {
 317                                 cmn_err(CE_WARN, "sysent[%d] loadable?",
 318                                     callnum);
 319                         }
 320                         /*
 321                          * This is more of a heuristic test -- if the
 322                          * system call returns two values in the 32-bit
 323                          * world, it should probably return two 32-bit
 324                          * values in the 64-bit world too.
 325                          */
 326                         if (((callp->sy_flags & SE_32RVAL2) == 0) ^
 327                             ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
 328                                 cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
 329                                     callnum);
 330                         }
 331 skip:;
 332 #endif  /* DEBUG */
 333                 }
 334         }
 335 #endif  /* _SYSCALL32_IMPL */
 336 
 337         /*
 338          * Allocate loadable exec locks.  (Assumes all execs are loadable)
 339          */
 340         for (exectype = 0; exectype < nexectype; exectype++) {
 341                 execsw[exectype].exec_lock =
 342                     kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
 343                 rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
 344         }
 345 
 346         read_class_file();
 347 
 348         /* init thread specific structure for mod_uninstall_all */
 349         tsd_create(&mod_autounload_key, NULL);
 350 }
 351 
 352 static int
 353 modctl_modload(int use_path, char *filename, int *rvp)
 354 {
 355         struct modctl *modp;
 356         int retval = 0;
 357         char *filenamep;
 358         int modid;
 359 
 360         filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
 361 
 362         if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
 363                 retval = EFAULT;
 364                 goto out;
 365         }
 366 
 367         filenamep[MOD_MAXPATH - 1] = 0;
 368         modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
 369 
 370         if (modp == NULL)
 371                 goto out;
 372 
 373         modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
 374         modid = modp->mod_id;
 375         mod_release_mod(modp);
 376         CPU_STATS_ADDQ(CPU, sys, modload, 1);
 377         if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
 378                 retval = EFAULT;
 379 out:
 380         kmem_free(filenamep, MOD_MAXPATH);
 381 
 382         return (retval);
 383 }
 384 
 385 static int
 386 modctl_modunload(modid_t id)
 387 {
 388         int rval = 0;
 389 
 390         if (id == 0) {
 391 #ifdef DEBUG
 392                 /*
 393                  * Turn on mod_uninstall_daemon
 394                  */
 395                 if (mod_uninstall_interval == 0) {
 396                         mod_uninstall_interval = 60;
 397                         modreap();
 398                         return (rval);
 399                 }
 400 #endif
 401                 mod_uninstall_all();
 402         } else {
 403                 rval = modunload(id);
 404         }
 405         return (rval);
 406 }
 407 
 408 static int
 409 modctl_modinfo(modid_t id, struct modinfo *umodi)
 410 {
 411         int retval;
 412         struct modinfo modi;
 413 #if defined(_SYSCALL32_IMPL)
 414         int nobase;
 415         struct modinfo32 modi32;
 416 #endif
 417 
 418         if (get_udatamodel() == DATAMODEL_NATIVE) {
 419                 if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
 420                         return (EFAULT);
 421         }
 422 #ifdef _SYSCALL32_IMPL
 423         else {
 424                 bzero(&modi, sizeof (modi));
 425                 if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
 426                         return (EFAULT);
 427                 modi.mi_info = modi32.mi_info;
 428                 modi.mi_id = modi32.mi_id;
 429                 modi.mi_nextid = modi32.mi_nextid;
 430                 nobase = modi.mi_info & MI_INFO_NOBASE;
 431         }
 432 #endif
 433         /*
 434          * This flag is -only- for the kernels use.
 435          */
 436         modi.mi_info &= ~MI_INFO_LINKAGE;
 437 
 438         retval = modinfo(id, &modi);
 439         if (retval)
 440                 return (retval);
 441 
 442         if (get_udatamodel() == DATAMODEL_NATIVE) {
 443                 if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
 444                         retval = EFAULT;
 445 #ifdef _SYSCALL32_IMPL
 446         } else {
 447                 int i;
 448 
 449                 if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
 450                         return (EOVERFLOW);
 451 
 452                 modi32.mi_info = modi.mi_info;
 453                 modi32.mi_state = modi.mi_state;
 454                 modi32.mi_id = modi.mi_id;
 455                 modi32.mi_nextid = modi.mi_nextid;
 456                 modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
 457                 modi32.mi_size = modi.mi_size;
 458                 modi32.mi_rev = modi.mi_rev;
 459                 modi32.mi_loadcnt = modi.mi_loadcnt;
 460                 bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
 461                 for (i = 0; i < MODMAXLINK32; i++) {
 462                         modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
 463                         bcopy(modi.mi_msinfo[i].msi_linkinfo,
 464                             modi32.mi_msinfo[i].msi_linkinfo,
 465                             sizeof (modi32.mi_msinfo[0].msi_linkinfo));
 466                 }
 467                 if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
 468                         retval = EFAULT;
 469 #endif
 470         }
 471 
 472         return (retval);
 473 }
 474 
 475 /*
 476  * Return the last major number in the range of permissible major numbers.
 477  */
 478 /*ARGSUSED*/
 479 static int
 480 modctl_modreserve(modid_t id, int *data)
 481 {
 482         if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
 483                 return (EFAULT);
 484         return (0);
 485 }
 486 
 487 /* Add/Remove driver and binding aliases */
 488 static int
 489 modctl_update_driver_aliases(int add, int *data)
 490 {
 491         struct modconfig        mc;
 492         int                     i, n, rv = 0;
 493         struct aliases          alias;
 494         struct aliases          *ap;
 495         char                    name[MAXMODCONFNAME];
 496         char                    cname[MAXMODCONFNAME];
 497         char                    *drvname;
 498         int                     resid;
 499         struct alias_info {
 500                 char    *alias_name;
 501                 int     alias_resid;
 502         } *aliases, *aip;
 503 
 504         bzero(&mc, sizeof (struct modconfig));
 505         if (get_udatamodel() == DATAMODEL_NATIVE) {
 506                 if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
 507                         return (EFAULT);
 508         }
 509 #ifdef _SYSCALL32_IMPL
 510         else {
 511                 struct modconfig32 modc32;
 512                 if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
 513                         return (EFAULT);
 514                 else {
 515                         bcopy(modc32.drvname, mc.drvname,
 516                             sizeof (modc32.drvname));
 517                         bcopy(modc32.drvclass, mc.drvclass,
 518                             sizeof (modc32.drvclass));
 519                         mc.major = modc32.major;
 520                         mc.flags = modc32.flags;
 521                         mc.num_aliases = modc32.num_aliases;
 522                         mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
 523                 }
 524         }
 525 #endif
 526 
 527         /*
 528          * If the driver is already in the mb_hashtab, and the name given
 529          * doesn't match that driver's name, fail.  Otherwise, pass, since
 530          * we may be adding aliases.
 531          */
 532         drvname = mod_major_to_name(mc.major);
 533         if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
 534                 return (EINVAL);
 535 
 536         /*
 537          * Precede alias removal by unbinding as many devices as possible.
 538          */
 539         if (add == 0) {
 540                 (void) i_ddi_unload_drvconf(mc.major);
 541                 i_ddi_unbind_devs(mc.major);
 542         }
 543 
 544         /*
 545          * Add/remove each supplied driver alias to/from mb_hashtab
 546          */
 547         ap = mc.ap;
 548         if (mc.num_aliases > 0)
 549                 aliases = kmem_zalloc(
 550                     mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
 551         aip = aliases;
 552         for (i = 0; i < mc.num_aliases; i++) {
 553                 bzero(&alias, sizeof (struct aliases));
 554                 if (get_udatamodel() == DATAMODEL_NATIVE) {
 555                         if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
 556                                 rv = EFAULT;
 557                                 goto error;
 558                         }
 559                         if (alias.a_len > MAXMODCONFNAME) {
 560                                 rv = EINVAL;
 561                                 goto error;
 562                         }
 563                         if (copyin(alias.a_name, name, alias.a_len) != 0) {
 564                                 rv = EFAULT;
 565                                 goto error;
 566                         }
 567                         if (name[alias.a_len - 1] != '\0') {
 568                                 rv = EINVAL;
 569                                 goto error;
 570                         }
 571                 }
 572 #ifdef _SYSCALL32_IMPL
 573                 else {
 574                         struct aliases32 al32;
 575                         bzero(&al32, sizeof (struct aliases32));
 576                         if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
 577                                 rv = EFAULT;
 578                                 goto error;
 579                         }
 580                         if (al32.a_len > MAXMODCONFNAME) {
 581                                 rv = EINVAL;
 582                                 goto error;
 583                         }
 584                         if (copyin((void *)(uintptr_t)al32.a_name,
 585                             name, al32.a_len) != 0) {
 586                                 rv = EFAULT;
 587                                 goto error;
 588                         }
 589                         if (name[al32.a_len - 1] != '\0') {
 590                                 rv = EINVAL;
 591                                 goto error;
 592                         }
 593                         alias.a_next = (void *)(uintptr_t)al32.a_next;
 594                 }
 595 #endif
 596                 check_esc_sequences(name, cname);
 597                 aip->alias_name = strdup(cname);
 598                 ap = alias.a_next;
 599                 aip++;
 600         }
 601 
 602         if (add == 0) {
 603                 ap = mc.ap;
 604                 resid = 0;
 605                 aip = aliases;
 606                 /* attempt to unbind all devices bound to each alias */
 607                 for (i = 0; i < mc.num_aliases; i++) {
 608                         n = i_ddi_unbind_devs_by_alias(
 609                             mc.major, aip->alias_name);
 610                         resid += n;
 611                         aip->alias_resid = n;
 612                 }
 613 
 614                 /*
 615                  * If some device bound to an alias remains in use,
 616                  * and override wasn't specified, no change is made to
 617                  * the binding state and we fail the operation.
 618                  */
 619                 if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
 620                         rv = EBUSY;
 621                         goto error;
 622                 }
 623 
 624                 /*
 625                  * No device remains bound of any of the aliases,
 626                  * or force was requested.  Mark each alias as
 627                  * inactive via delete_mbind so no future binds
 628                  * to this alias take place and that a new
 629                  * binding can be established.
 630                  */
 631                 aip = aliases;
 632                 for (i = 0; i < mc.num_aliases; i++) {
 633                         if (moddebug & MODDEBUG_BINDING)
 634                                 cmn_err(CE_CONT, "Removing binding for %s "
 635                                     "(%d active references)\n",
 636                                     aip->alias_name, aip->alias_resid);
 637                         delete_mbind(aip->alias_name, mb_hashtab);
 638                         aip++;
 639                 }
 640                 rv = 0;
 641         } else {
 642                 aip = aliases;
 643                 for (i = 0; i < mc.num_aliases; i++) {
 644                         if (moddebug & MODDEBUG_BINDING)
 645                                 cmn_err(CE_NOTE, "Adding binding for '%s'\n",
 646                                     aip->alias_name);
 647                         (void) make_mbind(aip->alias_name,
 648                             mc.major, NULL, mb_hashtab);
 649                         aip++;
 650                 }
 651                 /*
 652                  * Try to establish an mbinding for mc.drvname, and add it to
 653                  * devnames. Add class if any after establishing the major
 654                  * number.
 655                  */
 656                 (void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
 657                 if ((rv = make_devname(mc.drvname, mc.major,
 658                     (mc.flags & MOD_ADDMAJBIND_UPDATE) ?
 659                     DN_DRIVER_INACTIVE : 0)) != 0) {
 660                         goto error;
 661                 }
 662 
 663                 if (mc.drvclass[0] != '\0')
 664                         add_class(mc.drvname, mc.drvclass);
 665                 if ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0) {
 666                         (void) i_ddi_load_drvconf(mc.major);
 667                 }
 668         }
 669 
 670         /*
 671          * Ensure that all nodes are bound to the most appropriate driver
 672          * possible, attempting demotion and rebind when a more appropriate
 673          * driver now exists.  But not when adding a driver update-only.
 674          */
 675         if ((add == 0) || ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0)) {
 676                 i_ddi_bind_devs();
 677                 i_ddi_di_cache_invalidate();
 678         }
 679 
 680 error:
 681         if (mc.num_aliases > 0) {
 682                 aip = aliases;
 683                 for (i = 0; i < mc.num_aliases; i++) {
 684                         if (aip->alias_name != NULL)
 685                                 strfree(aip->alias_name);
 686                         aip++;
 687                 }
 688                 kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
 689         }
 690         return (rv);
 691 }
 692 
 693 static int
 694 modctl_add_driver_aliases(int *data)
 695 {
 696         return (modctl_update_driver_aliases(1, data));
 697 }
 698 
 699 static int
 700 modctl_remove_driver_aliases(int *data)
 701 {
 702         return (modctl_update_driver_aliases(0, data));
 703 }
 704 
 705 static int
 706 modctl_rem_major(major_t major)
 707 {
 708         struct devnames *dnp;
 709 
 710         if (major >= devcnt)
 711                 return (EINVAL);
 712 
 713         /* mark devnames as removed */
 714         dnp = &devnamesp[major];
 715         LOCK_DEV_OPS(&dnp->dn_lock);
 716         if (dnp->dn_name == NULL ||
 717             (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
 718                 UNLOCK_DEV_OPS(&dnp->dn_lock);
 719                 return (EINVAL);
 720         }
 721         dnp->dn_flags |= DN_DRIVER_REMOVED;
 722         pm_driver_removed(major);
 723         UNLOCK_DEV_OPS(&dnp->dn_lock);
 724 
 725         (void) i_ddi_unload_drvconf(major);
 726         i_ddi_unbind_devs(major);
 727         i_ddi_bind_devs();
 728         i_ddi_di_cache_invalidate();
 729 
 730         /* purge all the bindings to this driver */
 731         purge_mbind(major, mb_hashtab);
 732         return (0);
 733 }
 734 
 735 static struct vfs *
 736 path_to_vfs(char *name)
 737 {
 738         vnode_t *vp;
 739         struct vfs *vfsp;
 740 
 741         if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
 742                 return (NULL);
 743 
 744         vfsp = vp->v_vfsp;
 745         VN_RELE(vp);
 746         return (vfsp);
 747 }
 748 
 749 static int
 750 new_vfs_in_modpath()
 751 {
 752         static int n_modpath = 0;
 753         static char *modpath_copy;
 754         static struct pathvfs {
 755                 char *path;
 756                 struct vfs *vfsp;
 757         } *pathvfs;
 758 
 759         int i, new_vfs = 0;
 760         char *tmp, *tmp1;
 761         struct vfs *vfsp;
 762 
 763         if (n_modpath != 0) {
 764                 for (i = 0; i < n_modpath; i++) {
 765                         vfsp = path_to_vfs(pathvfs[i].path);
 766                         if (vfsp != pathvfs[i].vfsp) {
 767                                 pathvfs[i].vfsp = vfsp;
 768                                 if (vfsp)
 769                                         new_vfs = 1;
 770                         }
 771                 }
 772                 return (new_vfs);
 773         }
 774 
 775         /*
 776          * First call, initialize the pathvfs structure
 777          */
 778         modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
 779         tmp = modpath_copy;
 780         n_modpath = 1;
 781         tmp1 = strchr(tmp, ' ');
 782         while (tmp1) {
 783                 *tmp1 = '\0';
 784                 n_modpath++;
 785                 tmp = tmp1 + 1;
 786                 tmp1 = strchr(tmp, ' ');
 787         }
 788 
 789         pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
 790         tmp = modpath_copy;
 791         for (i = 0; i < n_modpath; i++) {
 792                 pathvfs[i].path = tmp;
 793                 vfsp = path_to_vfs(tmp);
 794                 pathvfs[i].vfsp = vfsp;
 795                 tmp += strlen(tmp) + 1;
 796         }
 797         return (1);     /* always reread driver.conf the first time */
 798 }
 799 
 800 static int
 801 modctl_load_drvconf(major_t major, int flags)
 802 {
 803         int ret;
 804 
 805         /*
 806          * devfsadm -u - read all new driver.conf files
 807          * and bind and configure devices for new drivers.
 808          */
 809         if (flags & MOD_LOADDRVCONF_RECONF) {
 810                 (void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
 811                 i_ddi_bind_devs();
 812                 i_ddi_di_cache_invalidate();
 813                 return (0);
 814         }
 815 
 816         /*
 817          * update_drv <drv> - reload driver.conf for the specified driver
 818          */
 819         if (major != DDI_MAJOR_T_NONE) {
 820                 ret = i_ddi_load_drvconf(major);
 821                 if (ret == 0)
 822                         i_ddi_bind_devs();
 823                 return (ret);
 824         }
 825 
 826         /*
 827          * We are invoked to rescan new driver.conf files. It is
 828          * only necessary if a new file system was mounted in the
 829          * module_path. Because rescanning driver.conf files can
 830          * take some time on older platforms (sun4m), the following
 831          * code skips unnecessary driver.conf rescans to optimize
 832          * boot performance.
 833          */
 834         if (new_vfs_in_modpath()) {
 835                 (void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
 836                 /*
 837                  * If we are still initializing io subsystem,
 838                  * load drivers with ddi-forceattach property
 839                  */
 840                 if (!i_ddi_io_initialized())
 841                         i_ddi_forceattach_drivers();
 842         }
 843         return (0);
 844 }
 845 
 846 /*
 847  * Unload driver.conf file and follow up by attempting
 848  * to rebind devices to more appropriate driver.
 849  */
 850 static int
 851 modctl_unload_drvconf(major_t major)
 852 {
 853         int ret;
 854 
 855         if (major >= devcnt)
 856                 return (EINVAL);
 857 
 858         ret = i_ddi_unload_drvconf(major);
 859         if (ret != 0)
 860                 return (ret);
 861         (void) i_ddi_unbind_devs(major);
 862         i_ddi_bind_devs();
 863 
 864         return (0);
 865 }
 866 
 867 static void
 868 check_esc_sequences(char *str, char *cstr)
 869 {
 870         int i;
 871         size_t len;
 872         char *p;
 873 
 874         len = strlen(str);
 875         for (i = 0; i < len; i++, str++, cstr++) {
 876                 if (*str != '\\') {
 877                         *cstr = *str;
 878                 } else {
 879                         p = str + 1;
 880                         /*
 881                          * we only handle octal escape sequences for SPACE
 882                          */
 883                         if (*p++ == '0' && *p++ == '4' && *p == '0') {
 884                                 *cstr = ' ';
 885                                 str += 3;
 886                         } else {
 887                                 *cstr = *str;
 888                         }
 889                 }
 890         }
 891         *cstr = 0;
 892 }
 893 
 894 static int
 895 modctl_getmodpathlen(int *data)
 896 {
 897         int len;
 898         len = strlen(default_path);
 899         if (copyout(&len, data, sizeof (len)) != 0)
 900                 return (EFAULT);
 901         return (0);
 902 }
 903 
 904 static int
 905 modctl_getmodpath(char *data)
 906 {
 907         if (copyout(default_path, data, strlen(default_path) + 1) != 0)
 908                 return (EFAULT);
 909         return (0);
 910 }
 911 
 912 static int
 913 modctl_read_sysbinding_file(void)
 914 {
 915         (void) read_binding_file(sysbind, sb_hashtab, make_mbind);
 916         return (0);
 917 }
 918 
 919 static int
 920 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
 921 {
 922         char name[256];
 923         int retval;
 924         major_t major;
 925 
 926         if (ulen == 0)
 927                 return (EINVAL);
 928         if ((retval = copyinstr(uname, name,
 929             (ulen < 256) ? ulen : 256, 0)) != 0)
 930                 return (retval);
 931         if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
 932                 return (ENODEV);
 933         if (copyout(&major, umajorp, sizeof (major_t)) != 0)
 934                 return (EFAULT);
 935         return (0);
 936 }
 937 
 938 static char **
 939 convert_constraint_string(char *constraints, size_t len)
 940 {
 941         int     i;
 942         int     n;
 943         char    *p;
 944         char    **array;
 945 
 946         ASSERT(constraints != NULL);
 947         ASSERT(len > 0);
 948 
 949         for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
 950                 ;
 951 
 952         n = i;
 953 
 954         if (n == 0) {
 955                 kmem_free(constraints, len);
 956                 return (NULL);
 957         }
 958 
 959         array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
 960 
 961         for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
 962                 array[i] = i_ddi_strdup(p, KM_SLEEP);
 963         }
 964         array[n] = NULL;
 965 
 966         kmem_free(constraints, len);
 967 
 968         return (array);
 969 }
 970 /*ARGSUSED*/
 971 static int
 972 modctl_retire(char *path, char *uconstraints, size_t ulen)
 973 {
 974         char    *pathbuf;
 975         char    *devpath;
 976         size_t  pathsz;
 977         int     retval;
 978         char    *constraints;
 979         char    **cons_array;
 980 
 981         if (path == NULL)
 982                 return (EINVAL);
 983 
 984         if ((uconstraints == NULL) ^ (ulen == 0))
 985                 return (EINVAL);
 986 
 987         pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
 988         retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
 989         if (retval != 0) {
 990                 kmem_free(pathbuf, MAXPATHLEN);
 991                 return (retval);
 992         }
 993         devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
 994         kmem_free(pathbuf, MAXPATHLEN);
 995 
 996         /*
 997          * First check if the device is already retired.
 998          * If it is, then persist the retire anyway, just in case the retire
 999          * store has got out of sync with the boot archive.
1000          */
1001         if (e_ddi_device_retired(devpath)) {
1002                 cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
1003                 (void) e_ddi_retire_persist(devpath);
1004                 kmem_free(devpath, strlen(devpath) + 1);
1005                 return (0);
1006         }
1007 
1008         cons_array = NULL;
1009         if (uconstraints) {
1010                 constraints = kmem_alloc(ulen, KM_SLEEP);
1011                 if (copyin(uconstraints, constraints, ulen)) {
1012                         kmem_free(constraints, ulen);
1013                         kmem_free(devpath, strlen(devpath) + 1);
1014                         return (EFAULT);
1015                 }
1016                 cons_array = convert_constraint_string(constraints, ulen);
1017         }
1018 
1019         /*
1020          * Try to retire the device first. The following
1021          * routine will return an error only if the device
1022          * is not retireable i.e. retire constraints forbid
1023          * a retire. A return of success from this routine
1024          * indicates that device is retireable.
1025          */
1026         retval = e_ddi_retire_device(devpath, cons_array);
1027         if (retval != DDI_SUCCESS) {
1028                 cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
1029                 kmem_free(devpath, strlen(devpath) + 1);
1030                 return (ENOTSUP);
1031         }
1032 
1033         /*
1034          * Ok, the retire succeeded. Persist the retire.
1035          * If retiring a nexus, we need to only persist the
1036          * nexus retire. Any children of a retired nexus
1037          * are automatically covered by the retire store
1038          * code.
1039          */
1040         retval = e_ddi_retire_persist(devpath);
1041         if (retval != 0) {
1042                 cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1043                     "%s", retval, devpath);
1044                 kmem_free(devpath, strlen(devpath) + 1);
1045                 return (retval);
1046         }
1047         if (moddebug & MODDEBUG_RETIRE)
1048                 cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1049 
1050         kmem_free(devpath, strlen(devpath) + 1);
1051         return (0);
1052 }
1053 
1054 static int
1055 modctl_is_retired(char *path, int *statep)
1056 {
1057         char    *pathbuf;
1058         char    *devpath;
1059         size_t  pathsz;
1060         int     error;
1061         int     status;
1062 
1063         if (path == NULL || statep == NULL)
1064                 return (EINVAL);
1065 
1066         pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1067         error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1068         if (error != 0) {
1069                 kmem_free(pathbuf, MAXPATHLEN);
1070                 return (error);
1071         }
1072         devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1073         kmem_free(pathbuf, MAXPATHLEN);
1074 
1075         if (e_ddi_device_retired(devpath))
1076                 status = 1;
1077         else
1078                 status = 0;
1079         kmem_free(devpath, strlen(devpath) + 1);
1080 
1081         return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1082 }
1083 
1084 static int
1085 modctl_unretire(char *path)
1086 {
1087         char    *pathbuf;
1088         char    *devpath;
1089         size_t  pathsz;
1090         int     retired;
1091         int     retval;
1092 
1093         if (path == NULL)
1094                 return (EINVAL);
1095 
1096         pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1097         retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1098         if (retval != 0) {
1099                 kmem_free(pathbuf, MAXPATHLEN);
1100                 return (retval);
1101         }
1102         devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1103         kmem_free(pathbuf, MAXPATHLEN);
1104 
1105         /*
1106          * We check if a device is retired (first) before
1107          * unpersisting the retire, because we use the
1108          * retire store to determine if a device is retired.
1109          * If we unpersist first, the device will always appear
1110          * to be unretired. For the rationale behind unpersisting
1111          * a device that is not retired, see the next comment.
1112          */
1113         retired = e_ddi_device_retired(devpath);
1114 
1115         /*
1116          * We call unpersist unconditionally because the lookup
1117          * for retired devices (e_ddi_device_retired()), skips "bypassed"
1118          * devices. We still want to be able remove "bypassed" entries
1119          * from the persistent store, so we unpersist unconditionally
1120          * i.e. whether or not the entry is found on a lookup.
1121          *
1122          * e_ddi_retire_unpersist() returns 1 if it found and cleared
1123          * an entry from the retire store or 0 otherwise.
1124          */
1125         if (e_ddi_retire_unpersist(devpath))
1126                 if (moddebug & MODDEBUG_RETIRE) {
1127                         cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1128                             devpath);
1129                 }
1130 
1131         /*
1132          * Check if the device is already unretired. If so,
1133          * the unretire becomes a NOP
1134          */
1135         if (!retired) {
1136                 cmn_err(CE_NOTE, "Not retired: %s", devpath);
1137                 kmem_free(devpath, strlen(devpath) + 1);
1138                 return (0);
1139         }
1140 
1141         retval = e_ddi_unretire_device(devpath);
1142         if (retval != 0) {
1143                 cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1144                     retval, devpath);
1145         }
1146 
1147         kmem_free(devpath, strlen(devpath) + 1);
1148 
1149         return (retval);
1150 }
1151 
1152 static int
1153 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1154 {
1155         char *name;
1156         major_t major;
1157 
1158         if (copyin(umajorp, &major, sizeof (major)) != 0)
1159                 return (EFAULT);
1160         if ((name = mod_major_to_name(major)) == NULL)
1161                 return (ENODEV);
1162         if ((strlen(name) + 1) > ulen)
1163                 return (ENOSPC);
1164         return (copyoutstr(name, uname, ulen, NULL));
1165 }
1166 
1167 static int
1168 modctl_devt2instance(dev_t dev, int *uinstancep)
1169 {
1170         int     instance;
1171 
1172         if ((instance = dev_to_instance(dev)) == -1)
1173                 return (EINVAL);
1174 
1175         return (copyout(&instance, uinstancep, sizeof (int)));
1176 }
1177 
1178 /*
1179  * Return the sizeof of the device id.
1180  */
1181 static int
1182 modctl_sizeof_devid(dev_t dev, uint_t *len)
1183 {
1184         uint_t          sz;
1185         ddi_devid_t     devid;
1186 
1187         /* get device id */
1188         if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1189                 return (EINVAL);
1190 
1191         sz = ddi_devid_sizeof(devid);
1192         ddi_devid_free(devid);
1193 
1194         /* copyout device id size */
1195         if (copyout(&sz, len, sizeof (sz)) != 0)
1196                 return (EFAULT);
1197 
1198         return (0);
1199 }
1200 
1201 /*
1202  * Return a copy of the device id.
1203  */
1204 static int
1205 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1206 {
1207         uint_t          sz;
1208         ddi_devid_t     devid;
1209         int             err = 0;
1210 
1211         /* get device id */
1212         if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1213                 return (EINVAL);
1214 
1215         sz = ddi_devid_sizeof(devid);
1216 
1217         /* Error if device id is larger than space allocated */
1218         if (sz > len) {
1219                 ddi_devid_free(devid);
1220                 return (ENOSPC);
1221         }
1222 
1223         /* copy out device id */
1224         if (copyout(devid, udevid, sz) != 0)
1225                 err = EFAULT;
1226         ddi_devid_free(devid);
1227         return (err);
1228 }
1229 
1230 /*
1231  * return the /devices paths associated with the specified devid and
1232  * minor name.
1233  */
1234 /*ARGSUSED*/
1235 static int
1236 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1237         size_t *ulensp, char *upaths)
1238 {
1239         ddi_devid_t     devid = NULL;
1240         int             devid_len;
1241         char            *minor_name = NULL;
1242         dev_info_t      *dip = NULL;
1243         int             circ;
1244         struct ddi_minor_data   *dmdp;
1245         char            *path = NULL;
1246         int             ulens;
1247         int             lens;
1248         int             len;
1249         dev_t           *devlist = NULL;
1250         int             ndevs;
1251         int             i;
1252         int             ret = 0;
1253 
1254         /*
1255          * If upaths is NULL then we are only computing the amount of space
1256          * needed to hold the paths and returning the value in *ulensp. If we
1257          * are copying out paths then we get the amount of space allocated by
1258          * the caller. If the actual space needed for paths is larger, or
1259          * things are changing out from under us, then we return EAGAIN.
1260          */
1261         if (upaths) {
1262                 if (ulensp == NULL)
1263                         return (EINVAL);
1264                 if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1265                         return (EFAULT);
1266         }
1267 
1268         /*
1269          * copyin enough of the devid to determine the length then
1270          * reallocate and copy in the entire devid.
1271          */
1272         devid_len = ddi_devid_sizeof(NULL);
1273         devid = kmem_alloc(devid_len, KM_SLEEP);
1274         if (copyin(udevid, devid, devid_len)) {
1275                 ret = EFAULT;
1276                 goto out;
1277         }
1278         len = devid_len;
1279         devid_len = ddi_devid_sizeof(devid);
1280         kmem_free(devid, len);
1281         devid = kmem_alloc(devid_len, KM_SLEEP);
1282         if (copyin(udevid, devid, devid_len)) {
1283                 ret = EFAULT;
1284                 goto out;
1285         }
1286 
1287         /* copyin the minor name if specified. */
1288         minor_name = uminor_name;
1289         if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1290             (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1291             (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1292                 minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1293                 if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1294                         ret = EFAULT;
1295                         goto out;
1296                 }
1297         }
1298 
1299         /*
1300          * Use existing function to resolve the devid into a devlist.
1301          *
1302          * NOTE: there is a loss of spectype information in the current
1303          * ddi_lyr_devid_to_devlist implementation. We work around this by not
1304          * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1305          * node forms in the loop processing the devlist below. It would be
1306          * best if at some point the use of this interface here was replaced
1307          * with a path oriented call.
1308          */
1309         if (ddi_lyr_devid_to_devlist(devid,
1310             (minor_name == DEVID_MINOR_NAME_ALL) ?
1311             DEVID_MINOR_NAME_ALL_CHR : minor_name,
1312             &ndevs, &devlist) != DDI_SUCCESS) {
1313                 ret = EINVAL;
1314                 goto out;
1315         }
1316 
1317         /*
1318          * loop over the devlist, converting each devt to a path and doing
1319          * a copyout of the path and computation of the amount of space
1320          * needed to hold all the paths
1321          */
1322         path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1323         for (i = 0, lens = 0; i < ndevs; i++) {
1324 
1325                 /* find the dip associated with the dev_t */
1326                 if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1327                         continue;
1328 
1329                 /* loop over all the minor nodes, skipping ones we don't want */
1330                 ndi_devi_enter(dip, &circ);
1331                 for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1332                         if ((dmdp->ddm_dev != devlist[i]) ||
1333                             (dmdp->type != DDM_MINOR))
1334                                 continue;
1335 
1336                         if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1337                             (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1338                             (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1339                             strcmp(minor_name, dmdp->ddm_name))
1340                                 continue;
1341                         else {
1342                                 if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1343                                     (dmdp->ddm_spec_type != S_IFCHR))
1344                                         continue;
1345                                 if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1346                                     (dmdp->ddm_spec_type != S_IFBLK))
1347                                         continue;
1348                         }
1349 
1350                         (void) ddi_pathname_minor(dmdp, path);
1351                         len = strlen(path) + 1;
1352                         *(path + len) = '\0';   /* set double termination */
1353                         lens += len;
1354 
1355                         /* copyout the path with double terminations */
1356                         if (upaths) {
1357                                 if (lens > ulens) {
1358                                         ret = EAGAIN;
1359                                         goto out;
1360                                 }
1361                                 if (copyout(path, upaths, len + 1)) {
1362                                         ret = EFAULT;
1363                                         goto out;
1364                                 }
1365                                 upaths += len;
1366                         }
1367                 }
1368                 ndi_devi_exit(dip, circ);
1369                 ddi_release_devi(dip);
1370                 dip = NULL;
1371         }
1372         lens++;         /* add one for double termination */
1373 
1374         /* copy out the amount of space needed to hold the paths */
1375         if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1376                 ret = EFAULT;
1377                 goto out;
1378         }
1379         ret = 0;
1380 
1381 out:    if (dip) {
1382                 ndi_devi_exit(dip, circ);
1383                 ddi_release_devi(dip);
1384         }
1385         if (path)
1386                 kmem_free(path, MAXPATHLEN);
1387         if (devlist)
1388                 ddi_lyr_free_devlist(devlist, ndevs);
1389         if (minor_name &&
1390             (minor_name != DEVID_MINOR_NAME_ALL) &&
1391             (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1392             (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1393                 kmem_free(minor_name, MAXPATHLEN);
1394         if (devid)
1395                 kmem_free(devid, devid_len);
1396         return (ret);
1397 }
1398 
1399 /*
1400  * Return the size of the minor name.
1401  */
1402 static int
1403 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1404 {
1405         uint_t  sz;
1406         char    *name;
1407 
1408         /* get the minor name */
1409         if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1410                 return (EINVAL);
1411 
1412         sz = strlen(name) + 1;
1413         kmem_free(name, sz);
1414 
1415         /* copy out the size of the minor name */
1416         if (copyout(&sz, len, sizeof (sz)) != 0)
1417                 return (EFAULT);
1418 
1419         return (0);
1420 }
1421 
1422 /*
1423  * Return the minor name.
1424  */
1425 static int
1426 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1427 {
1428         uint_t  sz;
1429         char    *name;
1430         int     err = 0;
1431 
1432         /* get the minor name */
1433         if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1434                 return (EINVAL);
1435 
1436         sz = strlen(name) + 1;
1437 
1438         /* Error if the minor name is larger than the space allocated */
1439         if (sz > len) {
1440                 kmem_free(name, sz);
1441                 return (ENOSPC);
1442         }
1443 
1444         /* copy out the minor name */
1445         if (copyout(name, uname, sz) != 0)
1446                 err = EFAULT;
1447         kmem_free(name, sz);
1448         return (err);
1449 }
1450 
1451 /*
1452  * Return the size of the (dev_t,spectype) devfspath name.
1453  */
1454 static int
1455 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1456 {
1457         uint_t  sz;
1458         char    *name;
1459 
1460         /* get the path name */
1461         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1462         if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1463                 kmem_free(name, MAXPATHLEN);
1464                 return (EINVAL);
1465         }
1466 
1467         sz = strlen(name) + 1;
1468         kmem_free(name, MAXPATHLEN);
1469 
1470         /* copy out the size of the path name */
1471         if (copyout(&sz, len, sizeof (sz)) != 0)
1472                 return (EFAULT);
1473 
1474         return (0);
1475 }
1476 
1477 /*
1478  * Return the (dev_t,spectype) devfspath name.
1479  */
1480 static int
1481 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1482 {
1483         uint_t  sz;
1484         char    *name;
1485         int     err = 0;
1486 
1487         /* get the path name */
1488         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1489         if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1490                 kmem_free(name, MAXPATHLEN);
1491                 return (EINVAL);
1492         }
1493 
1494         sz = strlen(name) + 1;
1495 
1496         /* Error if the path name is larger than the space allocated */
1497         if (sz > len) {
1498                 kmem_free(name, MAXPATHLEN);
1499                 return (ENOSPC);
1500         }
1501 
1502         /* copy out the path name */
1503         if (copyout(name, uname, sz) != 0)
1504                 err = EFAULT;
1505         kmem_free(name, MAXPATHLEN);
1506         return (err);
1507 }
1508 
1509 /*
1510  * Return the size of the (major,instance) devfspath name.
1511  */
1512 static int
1513 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1514 {
1515         uint_t  sz;
1516         char    *name;
1517 
1518         /* get the path name */
1519         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1520         if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1521                 kmem_free(name, MAXPATHLEN);
1522                 return (EINVAL);
1523         }
1524 
1525         sz = strlen(name) + 1;
1526         kmem_free(name, MAXPATHLEN);
1527 
1528         /* copy out the size of the path name */
1529         if (copyout(&sz, len, sizeof (sz)) != 0)
1530                 return (EFAULT);
1531 
1532         return (0);
1533 }
1534 
1535 /*
1536  * Return the (major_instance) devfspath name.
1537  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1538  * return a path - it uses the instance tree.
1539  */
1540 static int
1541 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1542 {
1543         uint_t  sz;
1544         char    *name;
1545         int     err = 0;
1546 
1547         /* get the path name */
1548         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1549         if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1550                 kmem_free(name, MAXPATHLEN);
1551                 return (EINVAL);
1552         }
1553 
1554         sz = strlen(name) + 1;
1555 
1556         /* Error if the path name is larger than the space allocated */
1557         if (sz > len) {
1558                 kmem_free(name, MAXPATHLEN);
1559                 return (ENOSPC);
1560         }
1561 
1562         /* copy out the path name */
1563         if (copyout(name, uname, sz) != 0)
1564                 err = EFAULT;
1565         kmem_free(name, MAXPATHLEN);
1566         return (err);
1567 }
1568 
1569 static int
1570 modctl_get_fbname(char *path)
1571 {
1572         extern dev_t fbdev;
1573         char *pathname = NULL;
1574         int rval = 0;
1575 
1576         /* make sure fbdev is set before we plunge in */
1577         if (fbdev == NODEV)
1578                 return (ENODEV);
1579 
1580         pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1581         if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1582             pathname)) == DDI_SUCCESS) {
1583                 if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1584                         rval = EFAULT;
1585                 }
1586         }
1587         kmem_free(pathname, MAXPATHLEN);
1588         return (rval);
1589 }
1590 
1591 /*
1592  * modctl_reread_dacf()
1593  *      Reread the dacf rules database from the named binding file.
1594  *      If NULL is specified, pass along the NULL, it means 'use the default'.
1595  */
1596 static int
1597 modctl_reread_dacf(char *path)
1598 {
1599         int rval = 0;
1600         char *filename, *filenamep;
1601 
1602         filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1603 
1604         if (path == NULL) {
1605                 filenamep = NULL;
1606         } else {
1607                 if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1608                         rval = EFAULT;
1609                         goto out;
1610                 }
1611                 filenamep = filename;
1612                 filenamep[MAXPATHLEN - 1] = '\0';
1613         }
1614 
1615         rval = read_dacf_binding_file(filenamep);
1616 out:
1617         kmem_free(filename, MAXPATHLEN);
1618         return (rval);
1619 }
1620 
1621 /*ARGSUSED*/
1622 static int
1623 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1624     uint_t flag)
1625 {
1626         int error = 0;
1627         char *filenamep;
1628 
1629         switch (subcmd) {
1630 
1631         case MODEVENTS_FLUSH:
1632                 /* flush all currently queued events */
1633                 log_sysevent_flushq(subcmd, flag);
1634                 break;
1635 
1636         case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1637                 /*
1638                  * bind door_upcall to filename
1639                  * this should only be done once per invocation
1640                  * of the event daemon.
1641                  */
1642 
1643                 filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1644 
1645                 if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1646                         error = EFAULT;
1647                 } else {
1648                         error = log_sysevent_filename(filenamep);
1649                 }
1650                 kmem_free(filenamep, MOD_MAXPATH);
1651                 break;
1652 
1653         case MODEVENTS_GETDATA:
1654                 error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1655                     (size_t)a3, (caddr_t)a4);
1656                 break;
1657 
1658         case MODEVENTS_FREEDATA:
1659                 error = log_sysevent_free_data((sysevent_id_t *)a2);
1660                 break;
1661         case MODEVENTS_POST_EVENT:
1662                 error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1663                     (sysevent_id_t *)a4);
1664                 break;
1665         case MODEVENTS_REGISTER_EVENT:
1666                 error = log_sysevent_register((char *)a2, (char *)a3,
1667                     (se_pubsub_t *)a4);
1668                 break;
1669         default:
1670                 error = EINVAL;
1671         }
1672 
1673         return (error);
1674 }
1675 
1676 static void
1677 free_mperm(mperm_t *mp)
1678 {
1679         int len;
1680 
1681         if (mp->mp_minorname) {
1682                 len = strlen(mp->mp_minorname) + 1;
1683                 kmem_free(mp->mp_minorname, len);
1684         }
1685         kmem_free(mp, sizeof (mperm_t));
1686 }
1687 
1688 #define MP_NO_DRV_ERR   \
1689         "/etc/minor_perm: no driver for %s\n"
1690 
1691 #define MP_EMPTY_MINOR  \
1692         "/etc/minor_perm: empty minor name for driver %s\n"
1693 
1694 #define MP_NO_MINOR     \
1695         "/etc/minor_perm: no minor matching %s for driver %s\n"
1696 
1697 /*
1698  * Remove mperm entry with matching minorname
1699  */
1700 static void
1701 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1702 {
1703         mperm_t **mp_head;
1704         mperm_t *freemp = NULL;
1705         struct devnames *dnp = &devnamesp[major];
1706         mperm_t **wildmp;
1707 
1708         ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1709 
1710         LOCK_DEV_OPS(&dnp->dn_lock);
1711         if (strcmp(mp->mp_minorname, "*") == 0) {
1712                 wildmp = ((is_clone == 0) ?
1713                     &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1714                 if (*wildmp)
1715                         freemp = *wildmp;
1716                 *wildmp = NULL;
1717         } else {
1718                 mp_head = &dnp->dn_mperm;
1719                 while (*mp_head) {
1720                         if (strcmp((*mp_head)->mp_minorname,
1721                             mp->mp_minorname) != 0) {
1722                                 mp_head = &(*mp_head)->mp_next;
1723                                 continue;
1724                         }
1725                         /* remove the entry */
1726                         freemp = *mp_head;
1727                         *mp_head = freemp->mp_next;
1728                         break;
1729                 }
1730         }
1731         if (freemp) {
1732                 if (moddebug & MODDEBUG_MINORPERM) {
1733                         cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1734                             drvname, freemp->mp_minorname,
1735                             freemp->mp_mode & 0777,
1736                             freemp->mp_uid, freemp->mp_gid);
1737                 }
1738                 free_mperm(freemp);
1739         } else {
1740                 if (moddebug & MODDEBUG_MINORPERM) {
1741                         cmn_err(CE_CONT, MP_NO_MINOR,
1742                             drvname, mp->mp_minorname);
1743                 }
1744         }
1745 
1746         UNLOCK_DEV_OPS(&dnp->dn_lock);
1747 }
1748 
1749 /*
1750  * Add minor perm entry
1751  */
1752 static void
1753 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1754 {
1755         mperm_t **mp_head;
1756         mperm_t *freemp = NULL;
1757         struct devnames *dnp = &devnamesp[major];
1758         mperm_t **wildmp;
1759 
1760         ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1761 
1762         /*
1763          * Note that update_drv replace semantics require
1764          * replacing matching entries with the new permissions.
1765          */
1766         LOCK_DEV_OPS(&dnp->dn_lock);
1767         if (strcmp(mp->mp_minorname, "*") == 0) {
1768                 wildmp = ((is_clone == 0) ?
1769                     &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1770                 if (*wildmp)
1771                         freemp = *wildmp;
1772                 *wildmp = mp;
1773         } else {
1774                 mperm_t *p, *v = NULL;
1775                 for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1776                         if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1777                                 if (v == NULL)
1778                                         dnp->dn_mperm = mp;
1779                                 else
1780                                         v->mp_next = mp;
1781                                 mp->mp_next = p->mp_next;
1782                                 freemp = p;
1783                                 goto replaced;
1784                         }
1785                 }
1786                 if (p == NULL) {
1787                         mp_head = &dnp->dn_mperm;
1788                         if (*mp_head == NULL) {
1789                                 *mp_head = mp;
1790                         } else {
1791                                 mp->mp_next = *mp_head;
1792                                 *mp_head = mp;
1793                         }
1794                 }
1795         }
1796 replaced:
1797         if (freemp) {
1798                 if (moddebug & MODDEBUG_MINORPERM) {
1799                         cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1800                             drvname, freemp->mp_minorname,
1801                             freemp->mp_mode & 0777,
1802                             freemp->mp_uid, freemp->mp_gid);
1803                 }
1804                 free_mperm(freemp);
1805         }
1806         if (moddebug & MODDEBUG_MINORPERM) {
1807                 cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1808                     drvname, mp->mp_minorname, mp->mp_mode & 0777,
1809                     mp->mp_uid, mp->mp_gid);
1810         }
1811         UNLOCK_DEV_OPS(&dnp->dn_lock);
1812 }
1813 
1814 
1815 static int
1816 process_minorperm(int cmd, nvlist_t *nvl)
1817 {
1818         char *minor;
1819         major_t major;
1820         mperm_t *mp;
1821         nvpair_t *nvp;
1822         char *name;
1823         int is_clone;
1824         major_t minmaj;
1825 
1826         ASSERT(cmd == MODLOADMINORPERM ||
1827             cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1828 
1829         nvp = NULL;
1830         while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1831                 name = nvpair_name(nvp);
1832 
1833                 is_clone = 0;
1834                 (void) nvpair_value_string(nvp, &minor);
1835                 major = ddi_name_to_major(name);
1836                 if (major != DDI_MAJOR_T_NONE) {
1837                         mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1838                         if (minor == NULL || strlen(minor) == 0) {
1839                                 if (moddebug & MODDEBUG_MINORPERM) {
1840                                         cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1841                                 }
1842                                 minor = "*";
1843                         }
1844 
1845                         /*
1846                          * The minor name of a node using the clone
1847                          * driver must be the driver name.  To avoid
1848                          * multiple searches, we map entries in the form
1849                          * clone:<driver> to <driver>:*.  This also allows us
1850                          * to filter out some of the litter in /etc/minor_perm.
1851                          * Minor perm alias entries where the name is not
1852                          * the driver kept on the clone list itself.
1853                          * This all seems very fragile as a driver could
1854                          * be introduced with an existing alias name.
1855                          */
1856                         if (strcmp(name, "clone") == 0) {
1857                                 minmaj = ddi_name_to_major(minor);
1858                                 if (minmaj != DDI_MAJOR_T_NONE) {
1859                                         if (moddebug & MODDEBUG_MINORPERM) {
1860                                                 cmn_err(CE_CONT,
1861                                                     "mapping %s:%s to %s:*\n",
1862                                                     name, minor, minor);
1863                                         }
1864                                         major = minmaj;
1865                                         name = minor;
1866                                         minor = "*";
1867                                         is_clone = 1;
1868                                 }
1869                         }
1870 
1871                         if (mp) {
1872                                 mp->mp_minorname =
1873                                     i_ddi_strdup(minor, KM_SLEEP);
1874                         }
1875                 } else {
1876                         mp = NULL;
1877                         if (moddebug & MODDEBUG_MINORPERM) {
1878                                 cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1879                         }
1880                 }
1881 
1882                 /* mode */
1883                 nvp = nvlist_next_nvpair(nvl, nvp);
1884                 ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1885                 if (mp)
1886                         (void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1887                 /* uid */
1888                 nvp = nvlist_next_nvpair(nvl, nvp);
1889                 ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1890                 if (mp)
1891                         (void) nvpair_value_uint32(nvp, &mp->mp_uid);
1892                 /* gid */
1893                 nvp = nvlist_next_nvpair(nvl, nvp);
1894                 ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1895                 if (mp) {
1896                         (void) nvpair_value_uint32(nvp, &mp->mp_gid);
1897 
1898                         if (cmd == MODREMMINORPERM) {
1899                                 rem_minorperm(major, name, mp, is_clone);
1900                                 free_mperm(mp);
1901                         } else {
1902                                 add_minorperm(major, name, mp, is_clone);
1903                         }
1904                 }
1905         }
1906 
1907         if (cmd == MODLOADMINORPERM)
1908                 minorperm_loaded = 1;
1909 
1910         /*
1911          * Reset permissions of cached dv_nodes
1912          */
1913         (void) devfs_reset_perm(DV_RESET_PERM);
1914 
1915         return (0);
1916 }
1917 
1918 static int
1919 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1920 {
1921         int error;
1922         nvlist_t *nvl;
1923         char *buf = kmem_alloc(buflen, KM_SLEEP);
1924 
1925         if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1926                 kmem_free(buf, buflen);
1927                 return (error);
1928         }
1929 
1930         error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1931         kmem_free(buf, buflen);
1932         if (error)
1933                 return (error);
1934 
1935         error = process_minorperm(cmd, nvl);
1936         nvlist_free(nvl);
1937         return (error);
1938 }
1939 
1940 struct walk_args {
1941         char            *wa_drvname;
1942         list_t          wa_pathlist;
1943 };
1944 
1945 struct path_elem {
1946         char            *pe_dir;
1947         char            *pe_nodename;
1948         list_node_t     pe_node;
1949         int             pe_dirlen;
1950 };
1951 
1952 /*ARGSUSED*/
1953 static int
1954 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1955 {
1956         struct walk_args *wargs = (struct walk_args *)arg;
1957         struct path_elem *pe;
1958         char *nodename;
1959 
1960         /*
1961          * Search may be restricted to a single driver in the case of rem_drv
1962          */
1963         if (wargs->wa_drvname &&
1964             strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1965                 return (INST_WALK_CONTINUE);
1966 
1967         pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1968         pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1969         pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1970         ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1971         nodename = strrchr(pe->pe_dir, '/');
1972         *nodename++ = 0;
1973         pe->pe_nodename = nodename;
1974         list_insert_tail(&wargs->wa_pathlist, pe);
1975 
1976         return (INST_WALK_CONTINUE);
1977 }
1978 
1979 /*
1980  * /devices attribute nodes clean-up optionally performed
1981  * when removing a driver (rem_drv -C).
1982  *
1983  * Removing attribute nodes allows a machine to be reprovisioned
1984  * without the side-effect of inadvertently picking up stale
1985  * device node ownership or permissions.
1986  *
1987  * Preserving attributes (not performing cleanup) allows devices
1988  * attribute changes to be preserved across upgrades, as
1989  * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1990  */
1991 static int
1992 modctl_remdrv_cleanup(const char *u_drvname)
1993 {
1994         struct walk_args *wargs;
1995         struct path_elem *pe;
1996         char *drvname;
1997         int err, rval = 0;
1998 
1999         drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
2000         if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
2001                 kmem_free(drvname, MAXMODCONFNAME);
2002                 return (err);
2003         }
2004 
2005         /*
2006          * First go through the instance database.  For each
2007          * instance of a device bound to the driver being
2008          * removed, remove any underlying devfs attribute nodes.
2009          *
2010          * This is a two-step process.  First we go through
2011          * the instance data itself, constructing a list of
2012          * the nodes discovered.  The second step is then
2013          * to find and remove any devfs attribute nodes
2014          * for the instances discovered in the first step.
2015          * The two-step process avoids any difficulties
2016          * which could arise by holding the instance data
2017          * lock with simultaneous devfs operations.
2018          */
2019         wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2020 
2021         wargs->wa_drvname = drvname;
2022         list_create(&wargs->wa_pathlist,
2023             sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2024 
2025         (void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2026 
2027         for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2028             pe = list_next(&wargs->wa_pathlist, pe)) {
2029                 err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2030                     (const char *)pe->pe_nodename);
2031                 if (rval == 0)
2032                         rval = err;
2033         }
2034 
2035         while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2036                 list_remove(&wargs->wa_pathlist, pe);
2037                 kmem_free(pe->pe_dir, pe->pe_dirlen);
2038                 kmem_free(pe, sizeof (*pe));
2039         }
2040         kmem_free(wargs, sizeof (*wargs));
2041 
2042         /*
2043          * Pseudo nodes aren't recorded in the instance database
2044          * so any such nodes need to be handled separately.
2045          */
2046         err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2047         if (rval == 0)
2048                 rval = err;
2049 
2050         kmem_free(drvname, MAXMODCONFNAME);
2051         return (rval);
2052 }
2053 
2054 /*
2055  * Perform a cleanup of non-existent /devices attribute nodes,
2056  * similar to rem_drv -C, but for all drivers/devices.
2057  * This is also optional, performed as part of devfsadm -C.
2058  */
2059 void
2060 dev_devices_cleanup()
2061 {
2062         struct walk_args *wargs;
2063         struct path_elem *pe;
2064         dev_info_t *devi;
2065         char *path;
2066         int err;
2067 
2068         /*
2069          * It's expected that all drivers have been loaded and
2070          * module unloading disabled while performing cleanup.
2071          */
2072         ASSERT(modunload_disable_count > 0);
2073 
2074         wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2075         wargs->wa_drvname = NULL;
2076         list_create(&wargs->wa_pathlist,
2077             sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2078 
2079         (void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2080 
2081         path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2082 
2083         for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2084             pe = list_next(&wargs->wa_pathlist, pe)) {
2085                 (void) snprintf(path, MAXPATHLEN, "%s/%s",
2086                     pe->pe_dir, pe->pe_nodename);
2087                 devi = e_ddi_hold_devi_by_path(path, 0);
2088                 if (devi != NULL) {
2089                         ddi_release_devi(devi);
2090                 } else {
2091                         err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2092                             (const char *)pe->pe_nodename);
2093                         if (err) {
2094                                 cmn_err(CE_CONT,
2095                                     "devfs: %s: clean-up error %d\n",
2096                                     path, err);
2097                         }
2098                 }
2099         }
2100 
2101         while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2102                 list_remove(&wargs->wa_pathlist, pe);
2103                 kmem_free(pe->pe_dir, pe->pe_dirlen);
2104                 kmem_free(pe, sizeof (*pe));
2105         }
2106         kmem_free(wargs, sizeof (*wargs));
2107         kmem_free(path, MAXPATHLEN);
2108 }
2109 
2110 static int
2111 modctl_allocpriv(const char *name)
2112 {
2113         char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2114         int error;
2115 
2116         if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2117                 kmem_free(pstr, PRIVNAME_MAX);
2118                 return (error);
2119         }
2120         error = priv_getbyname(pstr, PRIV_ALLOC);
2121         if (error < 0)
2122                 error = -error;
2123         else
2124                 error = 0;
2125         kmem_free(pstr, PRIVNAME_MAX);
2126         return (error);
2127 }
2128 
2129 static int
2130 modctl_devexists(const char *upath, int pathlen)
2131 {
2132         char    *path;
2133         int     ret;
2134 
2135         /*
2136          * copy in the path, including the terminating null
2137          */
2138         pathlen++;
2139         if (pathlen <= 1 || pathlen > MAXPATHLEN)
2140                 return (EINVAL);
2141         path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2142         if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2143                 ret = sdev_modctl_devexists(path);
2144         }
2145 
2146         kmem_free(path, pathlen + 1);
2147         return (ret);
2148 }
2149 
2150 static int
2151 modctl_devreaddir(const char *udir, int udirlen,
2152     char *upaths, int64_t *ulensp)
2153 {
2154         char    *paths = NULL;
2155         char    **dirlist = NULL;
2156         char    *dir;
2157         int64_t ulens;
2158         int64_t lens;
2159         int     i, n;
2160         int     ret = 0;
2161         char    *p;
2162         int     npaths;
2163         int     npaths_alloc;
2164 
2165         /*
2166          * If upaths is NULL then we are only computing the amount of space
2167          * needed to return the paths, with the value returned in *ulensp. If we
2168          * are copying out paths then we get the amount of space allocated by
2169          * the caller. If the actual space needed for paths is larger, or
2170          * things are changing out from under us, then we return EAGAIN.
2171          */
2172         if (upaths) {
2173                 if (ulensp == NULL)
2174                         return (EINVAL);
2175                 if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2176                         return (EFAULT);
2177         }
2178 
2179         /*
2180          * copyin the /dev path including terminating null
2181          */
2182         udirlen++;
2183         if (udirlen <= 1 || udirlen > MAXPATHLEN)
2184                 return (EINVAL);
2185         dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2186         if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2187                 goto err;
2188 
2189         if ((ret = sdev_modctl_readdir(dir, &dirlist,
2190             &npaths, &npaths_alloc, 0)) != 0) {
2191                 ASSERT(dirlist == NULL);
2192                 goto err;
2193         }
2194 
2195         lens = 0;
2196         for (i = 0; i < npaths; i++) {
2197                 lens += strlen(dirlist[i]) + 1;
2198         }
2199         lens++;         /* add one for double termination */
2200 
2201         if (upaths) {
2202                 if (lens > ulens) {
2203                         ret = EAGAIN;
2204                         goto out;
2205                 }
2206 
2207                 paths = kmem_alloc(lens, KM_SLEEP);
2208 
2209                 p = paths;
2210                 for (i = 0; i < npaths; i++) {
2211                         n = strlen(dirlist[i]) + 1;
2212                         bcopy(dirlist[i], p, n);
2213                         p += n;
2214                 }
2215                 *p = 0;
2216 
2217                 if (copyout(paths, upaths, lens)) {
2218                         ret = EFAULT;
2219                         goto err;
2220                 }
2221         }
2222 
2223 out:
2224         /* copy out the amount of space needed to hold the paths */
2225         if (copyout(&lens, ulensp, sizeof (lens)))
2226                 ret = EFAULT;
2227 
2228 err:
2229         if (dirlist)
2230                 sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2231         if (paths)
2232                 kmem_free(paths, lens);
2233         kmem_free(dir, udirlen + 1);
2234         return (ret);
2235 }
2236 
2237 static int
2238 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2239 {
2240         char    *dir;
2241         int     ret;
2242         char    **dirlist = NULL;
2243         int     npaths;
2244         int     npaths_alloc;
2245         int     empty;
2246 
2247         /*
2248          * copyin the /dev path including terminating null
2249          */
2250         udirlen++;
2251         if (udirlen <= 1 || udirlen > MAXPATHLEN)
2252                 return (EINVAL);
2253         dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2254         if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2255                 goto err;
2256 
2257         if ((ret = sdev_modctl_readdir(dir, &dirlist,
2258             &npaths, &npaths_alloc, 1)) != 0) {
2259                 goto err;
2260         }
2261 
2262         empty = npaths ? 0 : 1;
2263         if (copyout(&empty, uempty, sizeof (empty)))
2264                 ret = EFAULT;
2265 
2266 err:
2267         if (dirlist)
2268                 sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2269         kmem_free(dir, udirlen + 1);
2270         return (ret);
2271 }
2272 
2273 static int
2274 modctl_hp(int subcmd, const char *path, char *cn_name, uintptr_t arg,
2275     uintptr_t rval)
2276 {
2277         int error = 0;
2278         size_t pathsz, namesz;
2279         char *devpath, *cn_name_str;
2280 
2281         if (path == NULL)
2282                 return (EINVAL);
2283 
2284         devpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
2285         error = copyinstr(path, devpath, MAXPATHLEN, &pathsz);
2286         if (error != 0) {
2287                 kmem_free(devpath, MAXPATHLEN);
2288                 return (EFAULT);
2289         }
2290 
2291         cn_name_str = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2292         error = copyinstr(cn_name, cn_name_str, MAXNAMELEN, &namesz);
2293         if (error != 0) {
2294                 kmem_free(devpath, MAXPATHLEN);
2295                 kmem_free(cn_name_str, MAXNAMELEN);
2296 
2297                 return (EFAULT);
2298         }
2299 
2300         switch (subcmd) {
2301         case MODHPOPS_CHANGE_STATE:
2302                 error = ddihp_modctl(DDI_HPOP_CN_CHANGE_STATE, devpath,
2303                     cn_name_str, arg, NULL);
2304                 break;
2305         case MODHPOPS_CREATE_PORT:
2306                 /* Create an empty PORT */
2307                 error = ddihp_modctl(DDI_HPOP_CN_CREATE_PORT, devpath,
2308                     cn_name_str, NULL, NULL);
2309                 break;
2310         case MODHPOPS_REMOVE_PORT:
2311                 /* Remove an empty PORT */
2312                 error = ddihp_modctl(DDI_HPOP_CN_REMOVE_PORT, devpath,
2313                     cn_name_str, NULL, NULL);
2314                 break;
2315         case MODHPOPS_BUS_GET:
2316                 error = ddihp_modctl(DDI_HPOP_CN_GET_PROPERTY, devpath,
2317                     cn_name_str, arg, rval);
2318                 break;
2319         case MODHPOPS_BUS_SET:
2320                 error = ddihp_modctl(DDI_HPOP_CN_SET_PROPERTY, devpath,
2321                     cn_name_str, arg, rval);
2322                 break;
2323         default:
2324                 error = ENOTSUP;
2325                 break;
2326         }
2327 
2328         kmem_free(devpath, MAXPATHLEN);
2329         kmem_free(cn_name_str, MAXNAMELEN);
2330 
2331         return (error);
2332 }
2333 
2334 int
2335 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2336 {
2337         int error = 0;
2338 
2339         switch (subcmd) {
2340         case MODDEVNAME_LOOKUPDOOR:
2341                 error = devname_filename_register((char *)a1);
2342                 break;
2343         case MODDEVNAME_PROFILE:
2344                 error = devname_profile_update((char *)a1, (size_t)a2);
2345                 break;
2346         case MODDEVNAME_RECONFIG:
2347                 i_ddi_set_reconfig();
2348                 break;
2349         case MODDEVNAME_SYSAVAIL:
2350                 i_ddi_set_sysavail();
2351                 break;
2352         default:
2353                 error = EINVAL;
2354                 break;
2355         }
2356 
2357         return (error);
2358 }
2359 
2360 /*ARGSUSED5*/
2361 int
2362 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2363     uintptr_t a5)
2364 {
2365         int     error = EINVAL;
2366         dev_t   dev;
2367 
2368         if (secpolicy_modctl(CRED(), cmd) != 0)
2369                 return (set_errno(EPERM));
2370 
2371         switch (cmd) {
2372         case MODLOAD:           /* load a module */
2373                 error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2374                 break;
2375 
2376         case MODUNLOAD:         /* unload a module */
2377                 error = modctl_modunload((modid_t)a1);
2378                 break;
2379 
2380         case MODINFO:           /* get module status */
2381                 error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2382                 break;
2383 
2384         case MODRESERVED:       /* get last major number in range */
2385                 error = modctl_modreserve((modid_t)a1, (int *)a2);
2386                 break;
2387 
2388         case MODSETMINIROOT:    /* we are running in miniroot */
2389                 isminiroot = 1;
2390                 error = 0;
2391                 break;
2392 
2393         case MODADDMAJBIND:     /* add major / driver alias bindings */
2394                 error = modctl_add_driver_aliases((int *)a2);
2395                 break;
2396 
2397         case MODGETPATHLEN:     /* get modpath length */
2398                 error = modctl_getmodpathlen((int *)a2);
2399                 break;
2400 
2401         case MODGETPATH:        /* get modpath */
2402                 error = modctl_getmodpath((char *)a2);
2403                 break;
2404 
2405         case MODREADSYSBIND:    /* read system call binding file */
2406                 error = modctl_read_sysbinding_file();
2407                 break;
2408 
2409         case MODGETMAJBIND:     /* get major number for named device */
2410                 error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2411                 break;
2412 
2413         case MODGETNAME:        /* get name of device given major number */
2414                 error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2415                 break;
2416 
2417         case MODDEVT2INSTANCE:
2418                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2419                         dev = (dev_t)a1;
2420                 }
2421 #ifdef _SYSCALL32_IMPL
2422                 else {
2423                         dev = expldev(a1);
2424                 }
2425 #endif
2426                 error = modctl_devt2instance(dev, (int *)a2);
2427                 break;
2428 
2429         case MODSIZEOF_DEVID:   /* sizeof device id of device given dev_t */
2430                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2431                         dev = (dev_t)a1;
2432                 }
2433 #ifdef _SYSCALL32_IMPL
2434                 else {
2435                         dev = expldev(a1);
2436                 }
2437 #endif
2438                 error = modctl_sizeof_devid(dev, (uint_t *)a2);
2439                 break;
2440 
2441         case MODGETDEVID:       /* get device id of device given dev_t */
2442                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2443                         dev = (dev_t)a1;
2444                 }
2445 #ifdef _SYSCALL32_IMPL
2446                 else {
2447                         dev = expldev(a1);
2448                 }
2449 #endif
2450                 error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2451                 break;
2452 
2453         case MODSIZEOF_MINORNAME:       /* sizeof minor nm (dev_t,spectype) */
2454                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2455                         error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2456                             (uint_t *)a3);
2457                 }
2458 #ifdef _SYSCALL32_IMPL
2459                 else {
2460                         error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2461                             (uint_t *)a3);
2462                 }
2463 
2464 #endif
2465                 break;
2466 
2467         case MODGETMINORNAME:           /* get minor name of (dev_t,spectype) */
2468                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2469                         error = modctl_get_minorname((dev_t)a1, (int)a2,
2470                             (uint_t)a3, (char *)a4);
2471                 }
2472 #ifdef _SYSCALL32_IMPL
2473                 else {
2474                         error = modctl_get_minorname(expldev(a1), (int)a2,
2475                             (uint_t)a3, (char *)a4);
2476                 }
2477 #endif
2478                 break;
2479 
2480         case MODGETDEVFSPATH_LEN:       /* sizeof path nm of (dev_t,spectype) */
2481                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2482                         error = modctl_devfspath_len((dev_t)a1, (int)a2,
2483                             (uint_t *)a3);
2484                 }
2485 #ifdef _SYSCALL32_IMPL
2486                 else {
2487                         error = modctl_devfspath_len(expldev(a1), (int)a2,
2488                             (uint_t *)a3);
2489                 }
2490 
2491 #endif
2492                 break;
2493 
2494         case MODGETDEVFSPATH:           /* get path name of (dev_t,spec) type */
2495                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2496                         error = modctl_devfspath((dev_t)a1, (int)a2,
2497                             (uint_t)a3, (char *)a4);
2498                 }
2499 #ifdef _SYSCALL32_IMPL
2500                 else {
2501                         error = modctl_devfspath(expldev(a1), (int)a2,
2502                             (uint_t)a3, (char *)a4);
2503                 }
2504 #endif
2505                 break;
2506 
2507         case MODGETDEVFSPATH_MI_LEN:    /* sizeof path nm of (major,instance) */
2508                 error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2509                     (uint_t *)a3);
2510                 break;
2511 
2512         case MODGETDEVFSPATH_MI:        /* get path name of (major,instance) */
2513                 error = modctl_devfspath_mi((major_t)a1, (int)a2,
2514                     (uint_t)a3, (char *)a4);
2515                 break;
2516 
2517 
2518         case MODEVENTS:
2519                 error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2520                 break;
2521 
2522         case MODGETFBNAME:      /* get the framebuffer name */
2523                 error = modctl_get_fbname((char *)a1);
2524                 break;
2525 
2526         case MODREREADDACF:     /* reread dacf rule database from given file */
2527                 error = modctl_reread_dacf((char *)a1);
2528                 break;
2529 
2530         case MODLOADDRVCONF:    /* load driver.conf file for major */
2531                 error = modctl_load_drvconf((major_t)a1, (int)a2);
2532                 break;
2533 
2534         case MODUNLOADDRVCONF:  /* unload driver.conf file for major */
2535                 error = modctl_unload_drvconf((major_t)a1);
2536                 break;
2537 
2538         case MODREMMAJBIND:     /* remove a major binding */
2539                 error = modctl_rem_major((major_t)a1);
2540                 break;
2541 
2542         case MODREMDRVALIAS:    /* remove a major/alias binding */
2543                 error = modctl_remove_driver_aliases((int *)a2);
2544                 break;
2545 
2546         case MODDEVID2PATHS:    /* get paths given devid */
2547                 error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2548                     (uint_t)a3, (size_t *)a4, (char *)a5);
2549                 break;
2550 
2551         case MODSETDEVPOLICY:   /* establish device policy */
2552                 error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2553                 break;
2554 
2555         case MODGETDEVPOLICY:   /* get device policy */
2556                 error = devpolicy_get((int *)a1, (size_t)a2,
2557                     (devplcysys_t *)a3);
2558                 break;
2559 
2560         case MODALLOCPRIV:
2561                 error = modctl_allocpriv((const char *)a1);
2562                 break;
2563 
2564         case MODGETDEVPOLICYBYNAME:
2565                 error = devpolicy_getbyname((size_t)a1,
2566                     (devplcysys_t *)a2, (char *)a3);
2567                 break;
2568 
2569         case MODLOADMINORPERM:
2570         case MODADDMINORPERM:
2571         case MODREMMINORPERM:
2572                 error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2573                 break;
2574 
2575         case MODREMDRVCLEANUP:
2576                 error = modctl_remdrv_cleanup((const char *)a1);
2577                 break;
2578 
2579         case MODDEVEXISTS:      /* non-reconfiguring /dev lookup */
2580                 error = modctl_devexists((const char *)a1, (size_t)a2);
2581                 break;
2582 
2583         case MODDEVREADDIR:     /* non-reconfiguring /dev readdir */
2584                 error = modctl_devreaddir((const char *)a1, (size_t)a2,
2585                     (char *)a3, (int64_t *)a4);
2586                 break;
2587 
2588         case MODDEVEMPTYDIR:    /* non-reconfiguring /dev emptydir */
2589                 error = modctl_devemptydir((const char *)a1, (size_t)a2,
2590                     (int *)a3);
2591                 break;
2592 
2593         case MODDEVNAME:
2594                 error = modctl_moddevname((int)a1, a2, a3);
2595                 break;
2596 
2597         case MODRETIRE: /* retire device named by physpath a1 */
2598                 error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2599                 break;
2600 
2601         case MODISRETIRED:  /* check if a device is retired. */
2602                 error = modctl_is_retired((char *)a1, (int *)a2);
2603                 break;
2604 
2605         case MODUNRETIRE:       /* unretire device named by physpath a1 */
2606                 error = modctl_unretire((char *)a1);
2607                 break;
2608 
2609         case MODHPOPS:  /* hotplug operations */
2610                 /* device named by physpath a2 and Connection name a3 */
2611                 error = modctl_hp((int)a1, (char *)a2, (char *)a3, a4, a5);
2612                 break;
2613 
2614         default:
2615                 error = EINVAL;
2616                 break;
2617         }
2618 
2619         return (error ? set_errno(error) : 0);
2620 }
2621 
2622 /*
2623  * Calls to kobj_load_module()() are handled off to this routine in a
2624  * separate thread.
2625  */
2626 static void
2627 modload_thread(struct loadmt *ltp)
2628 {
2629         /* load the module and signal the creator of this thread */
2630         kmutex_t        cpr_lk;
2631         callb_cpr_t     cpr_i;
2632 
2633         mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2634         CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2635         /* borrow the devi lock from thread which invoked us */
2636         pm_borrow_lock(ltp->owner);
2637         ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2638         pm_return_lock();
2639         sema_v(&ltp->sema);
2640         mutex_enter(&cpr_lk);
2641         CALLB_CPR_EXIT(&cpr_i);
2642         mutex_destroy(&cpr_lk);
2643         thread_exit();
2644 }
2645 
2646 /*
2647  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2648  * is specified then an errno is returned, otherwise a module index is
2649  * returned (-1 on error).
2650  */
2651 static int
2652 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2653 {
2654         struct modctl *modp;
2655         size_t size;
2656         char *fullname;
2657         int retval = EINVAL;
2658         int id = -1;
2659 
2660         if (rmodp)
2661                 *rmodp = NULL;                  /* avoid garbage */
2662 
2663         if (subdir != NULL) {
2664                 /*
2665                  * refuse / in filename to prevent "../" escapes.
2666                  */
2667                 if (strchr(filename, '/') != NULL)
2668                         return (rmodp ? retval : id);
2669 
2670                 /*
2671                  * allocate enough space for <subdir>/<filename><NULL>
2672                  */
2673                 size = strlen(subdir) + strlen(filename) + 2;
2674                 fullname = kmem_zalloc(size, KM_SLEEP);
2675                 (void) sprintf(fullname, "%s/%s", subdir, filename);
2676         } else {
2677                 fullname = (char *)filename;
2678         }
2679 
2680         modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2681         if (modp != NULL) {
2682                 id = modp->mod_id;
2683                 if (rmodp) {
2684                         /* add mod_ref and return *rmodp */
2685                         mutex_enter(&mod_lock);
2686                         modp->mod_ref++;
2687                         mutex_exit(&mod_lock);
2688                         *rmodp = modp;
2689                 }
2690                 mod_release_mod(modp);
2691                 CPU_STATS_ADDQ(CPU, sys, modload, 1);
2692         }
2693 
2694 done:   if (subdir != NULL)
2695                 kmem_free(fullname, size);
2696         return (rmodp ? retval : id);
2697 }
2698 
2699 /*
2700  * This is the primary kernel interface to load a module. It loads and
2701  * installs the named module.  It does not hold mod_ref of the module, so
2702  * a module unload attempt can occur at any time - it is up to the
2703  * _fini/mod_remove implementation to determine if unload will succeed.
2704  */
2705 int
2706 modload(const char *subdir, const char *filename)
2707 {
2708         return (modrload(subdir, filename, NULL));
2709 }
2710 
2711 /*
2712  * Load a module using a series of qualified names from most specific to least
2713  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2714  *                      Value returned in *chosen
2715  * foo/bar.baz.1.2.3    3
2716  * foo/bar.baz.1.2      2
2717  * foo/bar.baz.1        1
2718  * foo/bar.baz          0
2719  *
2720  * Return the module ID on success; -1 if no module was loaded.  On success
2721  * and if 'chosen' is not NULL we also return the number of suffices that
2722  * were in the module we chose to load.
2723  */
2724 int
2725 modload_qualified(const char *subdir, const char *p1,
2726     const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2727 {
2728         char path[MOD_MAXPATH];
2729         size_t n, resid = sizeof (path);
2730         char *p = path;
2731 
2732         char **dotv;
2733         int i, rc, id;
2734         modctl_t *mp;
2735 
2736         if (p2 != NULL)
2737                 n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2738         else
2739                 n = snprintf(p, resid, "%s/%s", subdir, p1);
2740 
2741         if (n >= resid)
2742                 return (-1);
2743 
2744         p += n;
2745         resid -= n;
2746         dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2747 
2748         for (i = 0; i < suffc; i++) {
2749                 dotv[i] = p;
2750                 n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2751 
2752                 if (n >= resid) {
2753                         kmem_free(dotv, sizeof (char *) * (suffc + 1));
2754                         return (-1);
2755                 }
2756 
2757                 p += n;
2758                 resid -= n;
2759         }
2760 
2761         dotv[suffc] = p;
2762 
2763         for (i = suffc; i >= 0; i--) {
2764                 dotv[i][0] = '\0';
2765                 mp = mod_hold_installed_mod(path, 1, 1, &rc);
2766 
2767                 if (mp != NULL) {
2768                         kmem_free(dotv, sizeof (char *) * (suffc + 1));
2769                         id = mp->mod_id;
2770                         mod_release_mod(mp);
2771                         if (chosen != NULL)
2772                                 *chosen = i;
2773                         return (id);
2774                 }
2775         }
2776 
2777         kmem_free(dotv, sizeof (char *) * (suffc + 1));
2778         return (-1);
2779 }
2780 
2781 /*
2782  * Load a module.
2783  */
2784 int
2785 modloadonly(const char *subdir, const char *filename)
2786 {
2787         struct modctl *modp;
2788         char *fullname;
2789         size_t size;
2790         int id, retval;
2791 
2792         if (subdir != NULL) {
2793                 /*
2794                  * allocate enough space for <subdir>/<filename><NULL>
2795                  */
2796                 size = strlen(subdir) + strlen(filename) + 2;
2797                 fullname = kmem_zalloc(size, KM_SLEEP);
2798                 (void) sprintf(fullname, "%s/%s", subdir, filename);
2799         } else {
2800                 fullname = (char *)filename;
2801         }
2802 
2803         modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2804         if (modp) {
2805                 id = modp->mod_id;
2806                 mod_release_mod(modp);
2807         }
2808 
2809         if (subdir != NULL)
2810                 kmem_free(fullname, size);
2811 
2812         if (retval == 0)
2813                 return (id);
2814         return (-1);
2815 }
2816 
2817 /*
2818  * Try to uninstall and unload a module, removing a reference if caller
2819  * specifies rmodp.
2820  */
2821 static int
2822 modunrload(modid_t id, struct modctl **rmodp, int unload)
2823 {
2824         struct modctl   *modp;
2825         int             retval;
2826 
2827         if (rmodp)
2828                 *rmodp = NULL;                  /* avoid garbage */
2829 
2830         if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2831                 return (EINVAL);
2832 
2833         if (rmodp) {
2834                 mutex_enter(&mod_lock);
2835                 modp->mod_ref--;
2836                 if (modp->mod_ref == 0)
2837                         mod_uninstall_ref_zero++;
2838                 mutex_exit(&mod_lock);
2839                 *rmodp = modp;
2840         }
2841 
2842         if (unload) {
2843                 retval = moduninstall(modp);
2844                 if (retval == 0) {
2845                         mod_unload(modp);
2846                         CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2847                 } else if (retval == EALREADY)
2848                         retval = 0;     /* already unloaded, not an error */
2849         } else
2850                 retval = 0;
2851 
2852         mod_release_mod(modp);
2853         return (retval);
2854 }
2855 
2856 /*
2857  * Uninstall and unload a module.
2858  */
2859 int
2860 modunload(modid_t id)
2861 {
2862         int             retval;
2863 
2864         /* synchronize with any active modunload_disable() */
2865         modunload_begin();
2866         if (ddi_root_node())
2867                 (void) devfs_clean(ddi_root_node(), NULL, 0);
2868         retval = modunrload(id, NULL, 1);
2869         modunload_end();
2870         return (retval);
2871 }
2872 
2873 /*
2874  * Return status of a loaded module.
2875  */
2876 static int
2877 modinfo(modid_t id, struct modinfo *modinfop)
2878 {
2879         struct modctl   *modp;
2880         modid_t         mid;
2881         int             i;
2882 
2883         mid = modinfop->mi_id;
2884         if (modinfop->mi_info & MI_INFO_ALL) {
2885                 while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2886                         if ((modinfop->mi_info & MI_INFO_CNT) ||
2887                             modp->mod_installed)
2888                                 break;
2889                         mod_release_mod(modp);
2890                 }
2891                 if (modp == NULL)
2892                         return (EINVAL);
2893         } else {
2894                 modp = mod_hold_by_id(id);
2895                 if (modp == NULL)
2896                         return (EINVAL);
2897                 if (!(modinfop->mi_info & MI_INFO_CNT) &&
2898                     (modp->mod_installed == 0)) {
2899                         mod_release_mod(modp);
2900                         return (EINVAL);
2901                 }
2902         }
2903 
2904         modinfop->mi_rev = 0;
2905         modinfop->mi_state = 0;
2906         for (i = 0; i < MODMAXLINK; i++) {
2907                 modinfop->mi_msinfo[i].msi_p0 = -1;
2908                 modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2909         }
2910         if (modp->mod_loaded) {
2911                 modinfop->mi_state = MI_LOADED;
2912                 kobj_getmodinfo(modp->mod_mp, modinfop);
2913         }
2914         if (modp->mod_installed) {
2915                 modinfop->mi_state |= MI_INSTALLED;
2916 
2917                 (void) mod_getinfo(modp, modinfop);
2918         }
2919 
2920         modinfop->mi_id = modp->mod_id;
2921         modinfop->mi_loadcnt = modp->mod_loadcnt;
2922         (void) strcpy(modinfop->mi_name, modp->mod_modname);
2923 
2924         mod_release_mod(modp);
2925         return (0);
2926 }
2927 
2928 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2929 static char no_err[] = "No error function for weak stub %s";
2930 
2931 /*
2932  * used by the stubs themselves to load and hold a module.
2933  * Returns  0 if the module is successfully held;
2934  *          the stub needs to call mod_release_stub().
2935  *          -1 if the stub should just call the err_fcn.
2936  * Note that this code is stretched out so that we avoid subroutine calls
2937  * and optimize for the most likely case.  That is, the case where the
2938  * module is loaded and installed and not held.  In that case we just inc
2939  * the mod_ref count and continue.
2940  */
2941 int
2942 mod_hold_stub(struct mod_stub_info *stub)
2943 {
2944         struct modctl *mp;
2945         struct mod_modinfo *mip;
2946 
2947         mip = stub->mods_modinfo;
2948 
2949         mutex_enter(&mod_lock);
2950 
2951         /* we do mod_hold_by_modctl inline for speed */
2952 
2953 mod_check_again:
2954         if ((mp = mip->mp) != NULL) {
2955                 if (mp->mod_busy == 0) {
2956                         if (mp->mod_installed) {
2957                                 /* increment the reference count */
2958                                 mp->mod_ref++;
2959                                 ASSERT(mp->mod_ref && mp->mod_installed);
2960                                 mutex_exit(&mod_lock);
2961                                 return (0);
2962                         } else {
2963                                 mp->mod_busy = 1;
2964                                 mp->mod_inprogress_thread =
2965                                     (curthread == NULL ?
2966                                     (kthread_id_t)-1 : curthread);
2967                         }
2968                 } else {
2969                         /*
2970                          * wait one time and then go see if someone
2971                          * else has resolved the stub (set mip->mp).
2972                          */
2973                         if (mod_hold_by_modctl(mp,
2974                             MOD_WAIT_ONCE | MOD_LOCK_HELD))
2975                                 goto mod_check_again;
2976 
2977                         /*
2978                          * what we have now may have been unloaded!, in
2979                          * that case, mip->mp will be NULL, we'll hit this
2980                          * module and load again..
2981                          */
2982                         cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2983                 }
2984                 mutex_exit(&mod_lock);
2985         } else {
2986                 /* first time we've hit this module */
2987                 mutex_exit(&mod_lock);
2988                 mp = mod_hold_by_name(mip->modm_module_name);
2989                 mip->mp = mp;
2990         }
2991 
2992         /*
2993          * If we are here, it means that the following conditions
2994          * are satisfied.
2995          *
2996          * mip->mp != NULL
2997          * this thread has set the mp->mod_busy = 1
2998          * mp->mod_installed = 0
2999          *
3000          */
3001         ASSERT(mp != NULL);
3002         ASSERT(mp->mod_busy == 1);
3003 
3004         if (mp->mod_installed == 0) {
3005                 /* Module not loaded, if weak stub don't load it */
3006                 if (stub->mods_flag & MODS_WEAK) {
3007                         if (stub->mods_errfcn == NULL) {
3008                                 mod_release_mod(mp);
3009                                 cmn_err(CE_PANIC, no_err,
3010                                     mip->modm_module_name);
3011                         }
3012                 } else {
3013                         /* Not a weak stub so load the module */
3014 
3015                         if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
3016                                 /*
3017                                  * If mod_load() was successful
3018                                  * and modinstall() failed, then
3019                                  * unload the module.
3020                                  */
3021                                 if (mp->mod_loaded)
3022                                         mod_unload(mp);
3023 
3024                                 mod_release_mod(mp);
3025                                 if (stub->mods_errfcn == NULL) {
3026                                         cmn_err(CE_PANIC, mod_stub_err,
3027                                             mip->modm_module_name);
3028                                 } else {
3029                                         return (-1);
3030                                 }
3031                         }
3032                 }
3033         }
3034 
3035         /*
3036          * At this point module is held and loaded. Release
3037          * the mod_busy and mod_inprogress_thread before
3038          * returning. We actually call mod_release() here so
3039          * that if another stub wants to access this module,
3040          * it can do so. mod_ref is incremented before mod_release()
3041          * is called to prevent someone else from snatching the
3042          * module from this thread.
3043          */
3044         mutex_enter(&mod_lock);
3045         mp->mod_ref++;
3046         ASSERT(mp->mod_ref &&
3047             (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3048         mod_release(mp);
3049         mutex_exit(&mod_lock);
3050         return (0);
3051 }
3052 
3053 void
3054 mod_release_stub(struct mod_stub_info *stub)
3055 {
3056         struct modctl *mp = stub->mods_modinfo->mp;
3057 
3058         /* inline mod_release_mod */
3059         mutex_enter(&mod_lock);
3060         ASSERT(mp->mod_ref &&
3061             (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3062         mp->mod_ref--;
3063         if (mp->mod_ref == 0)
3064                 mod_uninstall_ref_zero++;
3065         if (mp->mod_want) {
3066                 mp->mod_want = 0;
3067                 cv_broadcast(&mod_cv);
3068         }
3069         mutex_exit(&mod_lock);
3070 }
3071 
3072 static struct modctl *
3073 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
3074 {
3075         struct modctl *modp;
3076         int retval;
3077 
3078         /*
3079          * Hold the module.
3080          */
3081         modp = mod_hold_by_name_requisite(dep, filename);
3082         if (modp) {
3083                 retval = mod_load(modp, 1);
3084                 if (retval != 0) {
3085                         mod_release_mod(modp);
3086                         modp = NULL;
3087                 }
3088                 *status = retval;
3089         } else {
3090                 *status = ENOSPC;
3091         }
3092 
3093         /*
3094          * if dep is not NULL, clear the module dependency information.
3095          * This information is set in mod_hold_by_name_common().
3096          */
3097         if (dep != NULL && dep->mod_requisite_loading != NULL) {
3098                 ASSERT(dep->mod_busy);
3099                 dep->mod_requisite_loading = NULL;
3100         }
3101 
3102         return (modp);
3103 }
3104 
3105 /*
3106  * hold, load, and install the named module
3107  */
3108 static struct modctl *
3109 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3110 {
3111         struct modctl *modp;
3112         int retval;
3113 
3114         /*
3115          * Verify that that module in question actually exists on disk
3116          * before allocation of module structure by mod_hold_by_name.
3117          */
3118         if (modrootloaded && swaploaded || forcecheck) {
3119                 if (!kobj_path_exists(name, usepath)) {
3120                         *r = ENOENT;
3121                         return (NULL);
3122                 }
3123         }
3124 
3125         /*
3126          * Hold the module.
3127          */
3128         modp = mod_hold_by_name(name);
3129         if (modp) {
3130                 retval = mod_load(modp, usepath);
3131                 if (retval != 0) {
3132                         mod_release_mod(modp);
3133                         modp = NULL;
3134                         *r = retval;
3135                 } else {
3136                         if ((*r = modinstall(modp)) != 0) {
3137                                 /*
3138                                  * We loaded it, but failed to _init() it.
3139                                  * Be kind to developers -- force it
3140                                  * out of memory now so that the next
3141                                  * attempt to use the module will cause
3142                                  * a reload.  See 1093793.
3143                                  */
3144                                 mod_unload(modp);
3145                                 mod_release_mod(modp);
3146                                 modp = NULL;
3147                         }
3148                 }
3149         } else {
3150                 *r = ENOSPC;
3151         }
3152         return (modp);
3153 }
3154 
3155 static char mod_excl_msg[] =
3156         "module %s(%s) is EXCLUDED and will not be loaded\n";
3157 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3158 
3159 /*
3160  * This routine is needed for dependencies.  Users specify dependencies
3161  * by declaring a character array initialized to filenames of dependents.
3162  * So the code that handles dependents deals with filenames (and not
3163  * module names) because that's all it has.  We load by filename and once
3164  * we've loaded a file we can get the module name.
3165  * Unfortunately there isn't a single unified filename/modulename namespace.
3166  * C'est la vie.
3167  *
3168  * We allow the name being looked up to be prepended by an optional
3169  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3170  */
3171 struct modctl *
3172 mod_find_by_filename(char *subdir, char *filename)
3173 {
3174         struct modctl   *mp;
3175         size_t          sublen;
3176 
3177         ASSERT(!MUTEX_HELD(&mod_lock));
3178         if (subdir != NULL)
3179                 sublen = strlen(subdir);
3180         else
3181                 sublen = 0;
3182 
3183         mutex_enter(&mod_lock);
3184         mp = &modules;
3185         do {
3186                 if (sublen) {
3187                         char *mod_filename = mp->mod_filename;
3188 
3189                         if (strncmp(subdir, mod_filename, sublen) == 0 &&
3190                             mod_filename[sublen] == '/' &&
3191                             strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3192                                 mutex_exit(&mod_lock);
3193                                 return (mp);
3194                         }
3195                 } else if (strcmp(filename, mp->mod_filename) == 0) {
3196                         mutex_exit(&mod_lock);
3197                         return (mp);
3198                 }
3199         } while ((mp = mp->mod_next) != &modules);
3200         mutex_exit(&mod_lock);
3201         return (NULL);
3202 }
3203 
3204 /*
3205  * Check for circular dependencies.  This is called from do_dependents()
3206  * in kobj.c.  If we are the thread already loading this module, then
3207  * we're trying to load a dependent that we're already loading which
3208  * means the user specified circular dependencies.
3209  */
3210 static int
3211 mod_circdep(struct modctl *modp)
3212 {
3213         struct modctl   *rmod;
3214 
3215         ASSERT(MUTEX_HELD(&mod_lock));
3216 
3217         /*
3218          * Check the mod_inprogress_thread first.
3219          * mod_inprogress_thread is used in mod_hold_stub()
3220          * directly to improve performance.
3221          */
3222         if (modp->mod_inprogress_thread == curthread)
3223                 return (1);
3224 
3225         /*
3226          * Check the module circular dependencies.
3227          */
3228         for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3229                 /*
3230                  * Check if there is a module circular dependency.
3231                  */
3232                 if (rmod->mod_requisite_loading == modp)
3233                         return (1);
3234         }
3235         return (0);
3236 }
3237 
3238 static int
3239 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3240 {
3241         int (*func)(struct modinfo *);
3242         int retval;
3243 
3244         ASSERT(modp->mod_busy);
3245 
3246         /* primary modules don't do getinfo */
3247         if (modp->mod_prim)
3248                 return (0);
3249 
3250         func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3251 
3252         if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3253                 cmn_err(CE_WARN, "_info() not defined properly in %s",
3254                     modp->mod_filename);
3255                 /*
3256                  * The semantics of mod_info(9F) are that 0 is failure
3257                  * and non-zero is success.
3258                  */
3259                 retval = 0;
3260         } else
3261                 retval = (*func)(modinfop);     /* call _info() function */
3262 
3263         if (moddebug & MODDEBUG_USERDEBUG)
3264                 printf("Returned from _info, retval = %x\n", retval);
3265 
3266         return (retval);
3267 }
3268 
3269 static void
3270 modadd(struct modctl *mp)
3271 {
3272         ASSERT(MUTEX_HELD(&mod_lock));
3273 
3274         mp->mod_id = last_module_id++;
3275         mp->mod_next = &modules;
3276         mp->mod_prev = modules.mod_prev;
3277         modules.mod_prev->mod_next = mp;
3278         modules.mod_prev = mp;
3279 }
3280 
3281 /*ARGSUSED*/
3282 static struct modctl *
3283 allocate_modp(const char *filename, const char *modname)
3284 {
3285         struct modctl *mp;
3286 
3287         mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3288         mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3289         (void) strcpy(mp->mod_modname, modname);
3290         return (mp);
3291 }
3292 
3293 /*
3294  * Get the value of a symbol.  This is a wrapper routine that
3295  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3296  * wrapper will prevent callers from noticing.
3297  */
3298 uintptr_t
3299 modgetsymvalue(char *name, int kernelonly)
3300 {
3301         return (kobj_getsymvalue(name, kernelonly));
3302 }
3303 
3304 /*
3305  * Get the symbol nearest an address.  This is a wrapper routine that
3306  * calls kobj_getsymname().  kobj_getsymname() may go away but this
3307  * wrapper will prevent callers from noticing.
3308  */
3309 char *
3310 modgetsymname(uintptr_t value, ulong_t *offset)
3311 {
3312         return (kobj_getsymname(value, offset));
3313 }
3314 
3315 /*
3316  * Lookup a symbol in a specified module.  These are wrapper routines that
3317  * call kobj_lookup().  kobj_lookup() may go away but these wrappers will
3318  * prevent callers from noticing.
3319  */
3320 uintptr_t
3321 modlookup(const char *modname, const char *symname)
3322 {
3323         struct modctl *modp;
3324         uintptr_t val;
3325 
3326         if ((modp = mod_hold_by_name(modname)) == NULL)
3327                 return (0);
3328         val = kobj_lookup(modp->mod_mp, symname);
3329         mod_release_mod(modp);
3330         return (val);
3331 }
3332 
3333 uintptr_t
3334 modlookup_by_modctl(modctl_t *modp, const char *symname)
3335 {
3336         ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3337 
3338         return (kobj_lookup(modp->mod_mp, symname));
3339 }
3340 
3341 /*
3342  * Ask the user for the name of the system file and the default path
3343  * for modules.
3344  */
3345 void
3346 mod_askparams()
3347 {
3348         static char s0[64];
3349         intptr_t fd;
3350 
3351         if ((fd = kobj_open(systemfile)) != -1L)
3352                 kobj_close(fd);
3353         else
3354                 systemfile = NULL;
3355 
3356         /*CONSTANTCONDITION*/
3357         while (1) {
3358                 printf("Name of system file [%s]:  ",
3359                     systemfile ? systemfile : "/dev/null");
3360 
3361                 console_gets(s0, sizeof (s0));
3362 
3363                 if (s0[0] == '\0')
3364                         break;
3365                 else if (strcmp(s0, "/dev/null") == 0) {
3366                         systemfile = NULL;
3367                         break;
3368                 } else {
3369                         if ((fd = kobj_open(s0)) != -1L) {
3370                                 kobj_close(fd);
3371                                 systemfile = s0;
3372                                 break;
3373                         }
3374                 }
3375                 printf("can't find file %s\n", s0);
3376         }
3377 }
3378 
3379 static char loading_msg[] = "loading '%s' id %d\n";
3380 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3381 
3382 /*
3383  * Common code for loading a module (but not installing it).
3384  * Handoff the task of module loading to a separate thread
3385  * with a large stack if possible, since this code may recurse a few times.
3386  * Return zero if there are no errors or an errno value.
3387  */
3388 static int
3389 mod_load(struct modctl *mp, int usepath)
3390 {
3391         int             retval;
3392         struct modinfo  *modinfop = NULL;
3393         struct loadmt   lt;
3394 
3395         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3396         ASSERT(mp->mod_busy);
3397 
3398         if (mp->mod_loaded)
3399                 return (0);
3400 
3401         if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3402             mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3403                 if (moddebug & MODDEBUG_LOADMSG) {
3404                         printf(mod_excl_msg, mp->mod_filename,
3405                             mp->mod_modname);
3406                 }
3407                 return (ENXIO);
3408         }
3409         if (moddebug & MODDEBUG_LOADMSG2)
3410                 printf(loading_msg, mp->mod_filename, mp->mod_id);
3411 
3412         if (curthread != &t0) {
3413                 lt.mp = mp;
3414                 lt.usepath = usepath;
3415                 lt.owner = curthread;
3416                 sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3417 
3418                 /* create thread to hand of call to */
3419                 (void) thread_create(NULL, DEFAULTSTKSZ * 2,
3420                     modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3421 
3422                 /* wait for thread to complete kobj_load_module */
3423                 sema_p(&lt.sema);
3424 
3425                 sema_destroy(&lt.sema);
3426                 retval = lt.retval;
3427         } else
3428                 retval = kobj_load_module(mp, usepath);
3429 
3430         if (mp->mod_mp) {
3431                 ASSERT(retval == 0);
3432                 mp->mod_loaded = 1;
3433                 mp->mod_loadcnt++;
3434                 if (moddebug & MODDEBUG_LOADMSG) {
3435                         printf(load_msg, mp->mod_filename, mp->mod_id,
3436                             (void *)((struct module *)mp->mod_mp)->text,
3437                             (void *)((struct module *)mp->mod_mp)->data,
3438                             ((struct module *)mp->mod_mp)->text_size,
3439                             ((struct module *)mp->mod_mp)->data_size);
3440                 }
3441 
3442                 /*
3443                  * XXX - There should be a better way to get this.
3444                  */
3445                 modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3446                 modinfop->mi_info = MI_INFO_LINKAGE;
3447                 if (mod_getinfo(mp, modinfop) == 0)
3448                         mp->mod_linkage = NULL;
3449                 else {
3450                         mp->mod_linkage = (void *)modinfop->mi_base;
3451                         ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3452                 }
3453 
3454                 /*
3455                  * DCS: bootstrapping code. If the driver is loaded
3456                  * before root mount, it is assumed that the driver
3457                  * may be used before mounting root. In order to
3458                  * access mappings of global to local minor no.'s
3459                  * during installation/open of the driver, we load
3460                  * them into memory here while the BOP_interfaces
3461                  * are still up.
3462                  */
3463                 if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3464                         retval = clboot_modload(mp);
3465                 }
3466 
3467                 kmem_free(modinfop, sizeof (struct modinfo));
3468                 (void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3469                 retval = install_stubs_by_name(mp, mp->mod_modname);
3470 
3471                 /*
3472                  * Now that the module is loaded, we need to give DTrace
3473                  * a chance to notify its providers.  This is done via
3474                  * the dtrace_modload function pointer.
3475                  */
3476                 if (strcmp(mp->mod_modname, "dtrace") != 0) {
3477                         struct modctl *dmp = mod_hold_by_name("dtrace");
3478 
3479                         if (dmp != NULL && dtrace_modload != NULL)
3480                                 (*dtrace_modload)(mp);
3481 
3482                         mod_release_mod(dmp);
3483                 }
3484 
3485         } else {
3486                 /*
3487                  * If load failed then we need to release any requisites
3488                  * that we had established.
3489                  */
3490                 ASSERT(retval);
3491                 mod_release_requisites(mp);
3492 
3493                 if (moddebug & MODDEBUG_ERRMSG)
3494                         printf("error loading '%s', error %d\n",
3495                             mp->mod_filename, retval);
3496         }
3497         return (retval);
3498 }
3499 
3500 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3501 
3502 static void
3503 mod_unload(struct modctl *mp)
3504 {
3505         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3506         ASSERT(mp->mod_busy);
3507         ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3508             ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3509 
3510         if (moddebug & MODDEBUG_LOADMSG)
3511                 printf(unload_msg, mp->mod_modname,
3512                     mp->mod_id, mp->mod_loadcnt);
3513 
3514         /*
3515          * If mod_ref is not zero, it means some modules might still refer
3516          * to this module. Then you can't unload this module right now.
3517          * Instead, set 1 to mod_delay_unload to notify the system of
3518          * unloading this module later when it's not required any more.
3519          */
3520         if (mp->mod_ref > 0) {
3521                 mp->mod_delay_unload = 1;
3522                 if (moddebug & MODDEBUG_LOADMSG2) {
3523                         printf("module %s not unloaded,"
3524                             " non-zero reference count (%d)",
3525                             mp->mod_modname, mp->mod_ref);
3526                 }
3527                 return;
3528         }
3529 
3530         if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3531             (mp->mod_ref || mp->mod_prim)) {
3532                 /*
3533                  * A DEBUG kernel would ASSERT panic above, the code is broken
3534                  * if we get this warning.
3535                  */
3536                 cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3537                     mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3538                     mp->mod_ref);
3539                 return;
3540         }
3541 
3542         /* reset stub functions to call the binder again */
3543         reset_stubs(mp);
3544 
3545         /*
3546          * mark module as unloaded before the modctl structure is freed.
3547          * This is required not to reuse the modctl structure before
3548          * the module is marked as unloaded.
3549          */
3550         mp->mod_loaded = 0;
3551         mp->mod_linkage = NULL;
3552 
3553         /* free the memory */
3554         kobj_unload_module(mp);
3555 
3556         if (mp->mod_delay_unload) {
3557                 mp->mod_delay_unload = 0;
3558                 if (moddebug & MODDEBUG_LOADMSG2) {
3559                         printf("deferred unload of module %s"
3560                             " (id %d) successful",
3561                             mp->mod_modname, mp->mod_id);
3562                 }
3563         }
3564 
3565         /* release hold on requisites */
3566         mod_release_requisites(mp);
3567 
3568         /*
3569          * Now that the module is gone, we need to give DTrace a chance to
3570          * remove any probes that it may have had in the module.  This is
3571          * done via the dtrace_modunload function pointer.
3572          */
3573         if (strcmp(mp->mod_modname, "dtrace") != 0) {
3574                 struct modctl *dmp = mod_hold_by_name("dtrace");
3575 
3576                 if (dmp != NULL && dtrace_modunload != NULL)
3577                         (*dtrace_modunload)(mp);
3578 
3579                 mod_release_mod(dmp);
3580         }
3581 }
3582 
3583 static int
3584 modinstall(struct modctl *mp)
3585 {
3586         int val;
3587         int (*func)(void);
3588 
3589         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3590         ASSERT(mp->mod_busy && mp->mod_loaded);
3591 
3592         if (mp->mod_installed)
3593                 return (0);
3594         /*
3595          * If mod_delay_unload is on, it means the system chose the deferred
3596          * unload for this module. Then you can't install this module until
3597          * it's unloaded from the system.
3598          */
3599         if (mp->mod_delay_unload)
3600                 return (ENXIO);
3601 
3602         if (moddebug & MODDEBUG_LOADMSG)
3603                 printf("installing %s, module id %d.\n",
3604                     mp->mod_modname, mp->mod_id);
3605 
3606         ASSERT(mp->mod_mp != NULL);
3607         if (mod_install_requisites(mp) != 0) {
3608                 /*
3609                  * Note that we can't call mod_unload(mp) here since
3610                  * if modinstall() was called by mod_install_requisites(),
3611                  * we won't be able to hold the dependent modules
3612                  * (otherwise there would be a deadlock).
3613                  */
3614                 return (ENXIO);
3615         }
3616 
3617         if (moddebug & MODDEBUG_ERRMSG) {
3618                 printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3619                     mp->mod_filename, mp->mod_id,
3620                     (void *)((struct module *)mp->mod_mp)->text,
3621                     (void *)((struct module *)mp->mod_mp)->data,
3622                     ((struct module *)mp->mod_mp)->text_size,
3623                     ((struct module *)mp->mod_mp)->data_size);
3624         }
3625 
3626         func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3627 
3628         if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3629                 cmn_err(CE_WARN, "_init() not defined properly in %s",
3630                     mp->mod_filename);
3631                 return (EFAULT);
3632         }
3633 
3634         if (moddebug & MODDEBUG_USERDEBUG) {
3635                 printf("breakpoint before calling %s:_init()\n",
3636                     mp->mod_modname);
3637                 if (DEBUGGER_PRESENT)
3638                         debug_enter("_init");
3639         }
3640 
3641         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3642         ASSERT(mp->mod_busy && mp->mod_loaded);
3643         val = (*func)();                /* call _init */
3644 
3645         if (moddebug & MODDEBUG_USERDEBUG)
3646                 printf("Returned from _init, val = %x\n", val);
3647 
3648         if (val == 0) {
3649                 /*
3650                  * Set the MODS_INSTALLED flag to enable this module
3651                  * being called now.
3652                  */
3653                 install_stubs(mp);
3654                 mp->mod_installed = 1;
3655         } else if (moddebug & MODDEBUG_ERRMSG)
3656                 printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3657 
3658         return (val);
3659 }
3660 
3661 int     detach_driver_unconfig = 0;
3662 
3663 static int
3664 detach_driver(char *name)
3665 {
3666         major_t major;
3667         int error;
3668 
3669         /*
3670          * If being called from mod_uninstall_all() then the appropriate
3671          * driver detaches (leaf only) have already been done.
3672          */
3673         if (mod_in_autounload())
3674                 return (0);
3675 
3676         major = ddi_name_to_major(name);
3677         if (major == DDI_MAJOR_T_NONE)
3678                 return (0);
3679 
3680         error = ndi_devi_unconfig_driver(ddi_root_node(),
3681             NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3682         return (error == NDI_SUCCESS ? 0 : -1);
3683 }
3684 
3685 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3686 
3687 static int
3688 moduninstall(struct modctl *mp)
3689 {
3690         int status = 0;
3691         int (*func)(void);
3692 
3693         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3694         ASSERT(mp->mod_busy);
3695 
3696         /*
3697          * Verify that we need to do something and can uninstall the module.
3698          *
3699          * If we should not uninstall the module or if the module is not in
3700          * the correct state to start an uninstall we return EBUSY to prevent
3701          * us from progressing to mod_unload.  If the module has already been
3702          * uninstalled and unloaded we return EALREADY.
3703          */
3704         if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3705                 return (EBUSY);
3706         if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3707                 return (EALREADY);
3708 
3709         /*
3710          * To avoid devinfo / module deadlock we must release this module
3711          * prior to initiating the detach_driver, otherwise the detach_driver
3712          * might deadlock on a devinfo node held by another thread
3713          * coming top down and involving the module we have locked.
3714          *
3715          * When we regrab the module we must reverify that it is OK
3716          * to proceed with the uninstall operation.
3717          */
3718         mod_release_mod(mp);
3719         status = detach_driver(mp->mod_modname);
3720         (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3721 
3722         /* check detach status and reverify state with lock */
3723         mutex_enter(&mod_lock);
3724         if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3725                 mutex_exit(&mod_lock);
3726                 return (EBUSY);
3727         }
3728         if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3729                 mutex_exit(&mod_lock);
3730                 return (EALREADY);
3731         }
3732         mutex_exit(&mod_lock);
3733 
3734         if (moddebug & MODDEBUG_LOADMSG2)
3735                 printf("uninstalling %s\n", mp->mod_modname);
3736 
3737         /*
3738          * lookup _fini, return EBUSY if not defined.
3739          *
3740          * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3741          * detach(9E) - it allows bufctl addresses to be resolved.
3742          */
3743         func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3744         if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3745             (moddebug & MODDEBUG_FINI_EBUSY))
3746                 return (EBUSY);
3747 
3748         /* verify that _fini is in this module */
3749         if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3750                 cmn_err(CE_WARN, "_fini() not defined properly in %s",
3751                     mp->mod_filename);
3752                 return (EFAULT);
3753         }
3754 
3755         /* call _fini() */
3756         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3757         ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3758 
3759         status = (*func)();
3760 
3761         if (status == 0) {
3762                 /* _fini returned success, the module is no longer installed */
3763                 if (moddebug & MODDEBUG_LOADMSG)
3764                         printf("uninstalled %s\n", mp->mod_modname);
3765 
3766                 /*
3767                  * Even though we only set mod_installed to zero here, a zero
3768                  * return value means we are committed to a code path were
3769                  * mod_loaded will also end up as zero - we have no other
3770                  * way to get the module data and bss back to the pre _init
3771                  * state except a reload. To ensure this, after return,
3772                  * mod_busy must stay set until mod_loaded is cleared.
3773                  */
3774                 mp->mod_installed = 0;
3775 
3776                 /*
3777                  * Clear the MODS_INSTALLED flag not to call functions
3778                  * in the module directly from now on.
3779                  */
3780                 uninstall_stubs(mp);
3781         } else {
3782                 if (moddebug & MODDEBUG_USERDEBUG)
3783                         printf(finiret_msg, mp->mod_filename, status);
3784                 /*
3785                  * By definition _fini is only allowed to return EBUSY or the
3786                  * result of mod_remove (EBUSY or EINVAL).  In the off chance
3787                  * that a driver returns EALREADY we convert this to EINVAL
3788                  * since to our caller EALREADY means module was already
3789                  * removed.
3790                  */
3791                 if (status == EALREADY)
3792                         status = EINVAL;
3793         }
3794 
3795         return (status);
3796 }
3797 
3798 /*
3799  * Uninstall all modules.
3800  */
3801 static void
3802 mod_uninstall_all(void)
3803 {
3804         struct modctl   *mp;
3805         int             pass;
3806         modid_t         modid;
3807 
3808         /* synchronize with any active modunload_disable() */
3809         modunload_begin();
3810 
3811         /* mark this thread as doing autounloading */
3812         (void) tsd_set(mod_autounload_key, (void *)1);
3813 
3814         (void) devfs_clean(ddi_root_node(), NULL, 0);
3815         (void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3816 
3817         /*
3818          * Loop up to max times if we keep producing unreferenced modules.
3819          * A new unreferenced module is an opportunity to unload.
3820          */
3821         for (pass = 0; pass < mod_uninstall_pass_max; pass++) {
3822 
3823                 /* zero count of modules that go unreferenced during pass */
3824                 mod_uninstall_ref_zero = 0;
3825 
3826                 modid = 0;
3827                 while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3828                         modid = mp->mod_id;
3829 
3830                         /*
3831                          * Skip modules with the MOD_NOAUTOUNLOAD flag set
3832                          */
3833                         if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3834                                 mod_release_mod(mp);
3835                                 continue;
3836                         }
3837 
3838                         if (moduninstall(mp) == 0) {
3839                                 mod_unload(mp);
3840                                 CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3841                         }
3842                         mod_release_mod(mp);
3843                 }
3844 
3845                 /* break if no modules went unreferenced during pass */
3846                 if (mod_uninstall_ref_zero == 0)
3847                         break;
3848         }
3849         if (pass >= mod_uninstall_pass_max)
3850                 mod_uninstall_pass_exc++;
3851 
3852         (void) tsd_set(mod_autounload_key, NULL);
3853         modunload_end();
3854 }
3855 
3856 /* wait for unloads that have begun before registering disable */
3857 void
3858 modunload_disable(void)
3859 {
3860         mutex_enter(&modunload_wait_mutex);
3861         while (modunload_active_count) {
3862                 modunload_wait++;
3863                 cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3864                 modunload_wait--;
3865         }
3866         modunload_disable_count++;
3867         mutex_exit(&modunload_wait_mutex);
3868 }
3869 
3870 /* mark end of disable and signal waiters */
3871 void
3872 modunload_enable(void)
3873 {
3874         mutex_enter(&modunload_wait_mutex);
3875         modunload_disable_count--;
3876         if ((modunload_disable_count == 0) && modunload_wait)
3877                 cv_broadcast(&modunload_wait_cv);
3878         mutex_exit(&modunload_wait_mutex);
3879 }
3880 
3881 /* wait for disables to complete before begining unload */
3882 void
3883 modunload_begin()
3884 {
3885         mutex_enter(&modunload_wait_mutex);
3886         while (modunload_disable_count) {
3887                 modunload_wait++;
3888                 cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3889                 modunload_wait--;
3890         }
3891         modunload_active_count++;
3892         mutex_exit(&modunload_wait_mutex);
3893 }
3894 
3895 /* mark end of unload and signal waiters */
3896 void
3897 modunload_end()
3898 {
3899         mutex_enter(&modunload_wait_mutex);
3900         modunload_active_count--;
3901         if ((modunload_active_count == 0) && modunload_wait)
3902                 cv_broadcast(&modunload_wait_cv);
3903         mutex_exit(&modunload_wait_mutex);
3904 }
3905 
3906 void
3907 mod_uninstall_daemon(void)
3908 {
3909         callb_cpr_t     cprinfo;
3910         clock_t         ticks;
3911 
3912         mod_aul_thread = curthread;
3913 
3914         CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3915         for (;;) {
3916                 mutex_enter(&mod_uninstall_lock);
3917                 CALLB_CPR_SAFE_BEGIN(&cprinfo);
3918                 /*
3919                  * In DEBUG kernels, unheld drivers are uninstalled periodically
3920                  * every mod_uninstall_interval seconds.  Periodic uninstall can
3921                  * be disabled by setting mod_uninstall_interval to 0 which is
3922                  * the default for a non-DEBUG kernel.
3923                  */
3924                 if (mod_uninstall_interval) {
3925                         ticks = drv_usectohz(mod_uninstall_interval * 1000000);
3926                         (void) cv_reltimedwait(&mod_uninstall_cv,
3927                             &mod_uninstall_lock, ticks, TR_CLOCK_TICK);
3928                 } else {
3929                         cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3930                 }
3931                 /*
3932                  * The whole daemon is safe for CPR except we don't want
3933                  * the daemon to run if FREEZE is issued and this daemon
3934                  * wakes up from the cv_wait above. In this case, it'll be
3935                  * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3936                  *
3937                  * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3938                  * mod_uninstall_lock is used to protect cprinfo and
3939                  * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3940                  * called.
3941                  */
3942                 CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3943                 CALLB_CPR_SAFE_BEGIN(&cprinfo);
3944                 mutex_exit(&mod_uninstall_lock);
3945                 if ((modunload_disable_count == 0) &&
3946                     ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3947                         mod_uninstall_all();
3948                 }
3949         }
3950 }
3951 
3952 /*
3953  * Unload all uninstalled modules.
3954  */
3955 void
3956 modreap(void)
3957 {
3958         mutex_enter(&mod_uninstall_lock);
3959         cv_broadcast(&mod_uninstall_cv);
3960         mutex_exit(&mod_uninstall_lock);
3961 }
3962 
3963 /*
3964  * Hold the specified module. This is the module holding primitive.
3965  *
3966  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3967  *
3968  * Return values:
3969  *       0 ==> the module is held
3970  *       1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3971  *              to determine how to retry.
3972  */
3973 int
3974 mod_hold_by_modctl(struct modctl *mp, int f)
3975 {
3976         ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3977             ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3978             (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3979         ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3980             ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3981             (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3982         ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3983 
3984         if (f & MOD_LOCK_NOT_HELD)
3985                 mutex_enter(&mod_lock);
3986 
3987         while (mp->mod_busy) {
3988                 mp->mod_want = 1;
3989                 cv_wait(&mod_cv, &mod_lock);
3990                 /*
3991                  * Module may be unloaded by daemon.
3992                  * Nevertheless, modctl structure is still in linked list
3993                  * (i.e., off &modules), not freed!
3994                  * Caller is not supposed to assume "mp" is valid, but there
3995                  * is no reasonable way to detect this but using
3996                  * mp->mod_modinfo->mp == NULL check (follow the back pointer)
3997                  *   (or similar check depending on calling context)
3998                  * DON'T free modctl structure, it will be very very
3999                  * problematic.
4000                  */
4001                 if (f & MOD_WAIT_ONCE) {
4002                         if (f & MOD_LOCK_NOT_HELD)
4003                                 mutex_exit(&mod_lock);
4004                         return (1);     /* caller decides how to retry */
4005                 }
4006         }
4007 
4008         mp->mod_busy = 1;
4009         mp->mod_inprogress_thread =
4010             (curthread == NULL ? (kthread_id_t)-1 : curthread);
4011 
4012         if (f & MOD_LOCK_NOT_HELD)
4013                 mutex_exit(&mod_lock);
4014         return (0);
4015 }
4016 
4017 static struct modctl *
4018 mod_hold_by_name_common(struct modctl *dep, const char *filename)
4019 {
4020         const char      *modname;
4021         struct modctl   *mp;
4022         char            *curname, *newname;
4023         int             found = 0;
4024 
4025         mutex_enter(&mod_lock);
4026 
4027         if ((modname = strrchr(filename, '/')) == NULL)
4028                 modname = filename;
4029         else
4030                 modname++;
4031 
4032         mp = &modules;
4033         do {
4034                 if (strcmp(modname, mp->mod_modname) == 0) {
4035                         found = 1;
4036                         break;
4037                 }
4038         } while ((mp = mp->mod_next) != &modules);
4039 
4040         if (found == 0) {
4041                 mp = allocate_modp(filename, modname);
4042                 modadd(mp);
4043         }
4044 
4045         /*
4046          * if dep is not NULL, set the mp in mod_requisite_loading for
4047          * the module circular dependency check. This field is used in
4048          * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
4049          */
4050         if (dep != NULL) {
4051                 ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
4052                 dep->mod_requisite_loading = mp;
4053         }
4054 
4055         /*
4056          * If the module was held, then it must be us who has it held.
4057          */
4058         if (mod_circdep(mp))
4059                 mp = NULL;
4060         else {
4061                 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4062 
4063                 /*
4064                  * If the name hadn't been set or has changed, allocate
4065                  * space and set it.  Free space used by previous name.
4066                  *
4067                  * Do not change the name of primary modules, for primary
4068                  * modules the mod_filename was allocated in standalone mode:
4069                  * it is illegal to kobj_alloc in standalone mode and kobj_free
4070                  * in non-standalone mode.
4071                  */
4072                 curname = mp->mod_filename;
4073                 if (curname == NULL ||
4074                     ((mp->mod_prim == 0) &&
4075                     (curname != filename) &&
4076                     (modname != filename) &&
4077                     (strcmp(curname, filename) != 0))) {
4078                         newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
4079                         (void) strcpy(newname, filename);
4080                         mp->mod_filename = newname;
4081                         if (curname != NULL)
4082                                 kobj_free(curname, strlen(curname) + 1);
4083                 }
4084         }
4085 
4086         mutex_exit(&mod_lock);
4087         if (mp && moddebug & MODDEBUG_LOADMSG2)
4088                 printf("Holding %s\n", mp->mod_filename);
4089         if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
4090                 printf("circular dependency loading %s\n", filename);
4091         return (mp);
4092 }
4093 
4094 static struct modctl *
4095 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
4096 {
4097         return (mod_hold_by_name_common(dep, filename));
4098 }
4099 
4100 struct modctl *
4101 mod_hold_by_name(const char *filename)
4102 {
4103         return (mod_hold_by_name_common(NULL, filename));
4104 }
4105 
4106 struct modctl *
4107 mod_hold_by_id(modid_t modid)
4108 {
4109         struct modctl   *mp;
4110         int             found = 0;
4111 
4112         mutex_enter(&mod_lock);
4113         mp = &modules;
4114         do {
4115                 if (mp->mod_id == modid) {
4116                         found = 1;
4117                         break;
4118                 }
4119         } while ((mp = mp->mod_next) != &modules);
4120 
4121         if ((found == 0) || mod_circdep(mp))
4122                 mp = NULL;
4123         else
4124                 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4125 
4126         mutex_exit(&mod_lock);
4127         return (mp);
4128 }
4129 
4130 static struct modctl *
4131 mod_hold_next_by_id(modid_t modid)
4132 {
4133         struct modctl   *mp;
4134         int             found = 0;
4135 
4136         if (modid < -1)
4137                 return (NULL);
4138 
4139         mutex_enter(&mod_lock);
4140 
4141         mp = &modules;
4142         do {
4143                 if (mp->mod_id > modid) {
4144                         found = 1;
4145                         break;
4146                 }
4147         } while ((mp = mp->mod_next) != &modules);
4148 
4149         if ((found == 0) || mod_circdep(mp))
4150                 mp = NULL;
4151         else
4152                 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4153 
4154         mutex_exit(&mod_lock);
4155         return (mp);
4156 }
4157 
4158 static void
4159 mod_release(struct modctl *mp)
4160 {
4161         ASSERT(MUTEX_HELD(&mod_lock));
4162         ASSERT(mp->mod_busy);
4163 
4164         mp->mod_busy = 0;
4165         mp->mod_inprogress_thread = NULL;
4166         if (mp->mod_want) {
4167                 mp->mod_want = 0;
4168                 cv_broadcast(&mod_cv);
4169         }
4170 }
4171 
4172 void
4173 mod_release_mod(struct modctl *mp)
4174 {
4175         if (moddebug & MODDEBUG_LOADMSG2)
4176                 printf("Releasing %s\n", mp->mod_filename);
4177         mutex_enter(&mod_lock);
4178         mod_release(mp);
4179         mutex_exit(&mod_lock);
4180 }
4181 
4182 modid_t
4183 mod_name_to_modid(char *filename)
4184 {
4185         char            *modname;
4186         struct modctl   *mp;
4187 
4188         mutex_enter(&mod_lock);
4189 
4190         if ((modname = strrchr(filename, '/')) == NULL)
4191                 modname = filename;
4192         else
4193                 modname++;
4194 
4195         mp = &modules;
4196         do {
4197                 if (strcmp(modname, mp->mod_modname) == 0) {
4198                         mutex_exit(&mod_lock);
4199                         return (mp->mod_id);
4200                 }
4201         } while ((mp = mp->mod_next) != &modules);
4202 
4203         mutex_exit(&mod_lock);
4204         return (-1);
4205 }
4206 
4207 
4208 int
4209 mod_remove_by_name(char *name)
4210 {
4211         struct modctl *mp;
4212         int retval;
4213 
4214         mp = mod_hold_by_name(name);
4215 
4216         if (mp == NULL)
4217                 return (EINVAL);
4218 
4219         if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4220                 /*
4221                  * Do not unload forceloaded modules
4222                  */
4223                 mod_release_mod(mp);
4224                 return (0);
4225         }
4226 
4227         if ((retval = moduninstall(mp)) == 0) {
4228                 mod_unload(mp);
4229                 CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4230         } else if (retval == EALREADY)
4231                 retval = 0;             /* already unloaded, not an error */
4232         mod_release_mod(mp);
4233         return (retval);
4234 }
4235 
4236 /*
4237  * Record that module "dep" is dependent on module "on_mod."
4238  */
4239 static void
4240 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4241 {
4242         struct modctl_list **pmlnp;     /* previous next pointer */
4243         struct modctl_list *mlp;
4244         struct modctl_list *new;
4245 
4246         ASSERT(dependent->mod_busy && on_mod->mod_busy);
4247         mutex_enter(&mod_lock);
4248 
4249         /*
4250          * Search dependent's requisite list to see if on_mod is recorded.
4251          * List is ordered by id.
4252          */
4253         for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4254             mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4255                 if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4256                         break;
4257 
4258         /* Create and insert if not already recorded */
4259         if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4260                 new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4261                 new->modl_modp = on_mod;
4262                 new->modl_next = mlp;
4263                 *pmlnp = new;
4264 
4265                 /*
4266                  * Increment the mod_ref count in our new requisite module.
4267                  * This is what keeps a module that has other modules
4268                  * which are dependent on it from being uninstalled and
4269                  * unloaded. "on_mod"'s mod_ref count decremented in
4270                  * mod_release_requisites when the "dependent" module
4271                  * unload is complete.  "on_mod" must be loaded, but may not
4272                  * yet be installed.
4273                  */
4274                 on_mod->mod_ref++;
4275                 ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4276         }
4277 
4278         mutex_exit(&mod_lock);
4279 }
4280 
4281 /*
4282  * release the hold associated with mod_make_requisite mod_ref++
4283  * as part of unload.
4284  */
4285 void
4286 mod_release_requisites(struct modctl *modp)
4287 {
4288         struct modctl_list *modl;
4289         struct modctl_list *next;
4290         struct modctl *req;
4291         struct modctl_list *start = NULL, *mod_garbage;
4292 
4293         ASSERT(!quiesce_active);
4294         ASSERT(modp->mod_busy);
4295         ASSERT(MUTEX_NOT_HELD(&mod_lock));
4296 
4297         mutex_enter(&mod_lock);             /* needed for manipulation of req */
4298         for (modl = modp->mod_requisites; modl; modl = next) {
4299                 next = modl->modl_next;
4300                 req = modl->modl_modp;
4301                 ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4302                 req->mod_ref--;
4303                 if (req->mod_ref == 0)
4304                         mod_uninstall_ref_zero++;
4305 
4306                 /*
4307                  * Check if the module has to be unloaded or not.
4308                  */
4309                 if (req->mod_ref == 0 && req->mod_delay_unload) {
4310                         struct modctl_list *new;
4311                         /*
4312                          * Allocate the modclt_list holding the garbage
4313                          * module which should be unloaded later.
4314                          */
4315                         new = kobj_zalloc(sizeof (struct modctl_list),
4316                             KM_SLEEP);
4317                         new->modl_modp = req;
4318 
4319                         if (start == NULL)
4320                                 mod_garbage = start = new;
4321                         else {
4322                                 mod_garbage->modl_next = new;
4323                                 mod_garbage = new;
4324                         }
4325                 }
4326 
4327                 /* free the list as we go */
4328                 kobj_free(modl, sizeof (*modl));
4329         }
4330         modp->mod_requisites = NULL;
4331         mutex_exit(&mod_lock);
4332 
4333         /*
4334          * Unload the garbage modules.
4335          */
4336         for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4337                 struct modctl_list *old = mod_garbage;
4338                 struct modctl *mp = mod_garbage->modl_modp;
4339                 ASSERT(mp != NULL);
4340 
4341                 /*
4342                  * Hold this module until it's unloaded completely.
4343                  */
4344                 (void) mod_hold_by_modctl(mp,
4345                     MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4346                 /*
4347                  * Check if the module is not unloaded yet and nobody requires
4348                  * the module. If it's unloaded already or somebody still
4349                  * requires the module, don't unload it now.
4350                  */
4351                 if (mp->mod_loaded && mp->mod_ref == 0)
4352                         mod_unload(mp);
4353                 ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4354                     (mp->mod_ref > 0));
4355                 mod_release_mod(mp);
4356 
4357                 mod_garbage = mod_garbage->modl_next;
4358                 kobj_free(old, sizeof (struct modctl_list));
4359         }
4360 }
4361 
4362 /*
4363  * Process dependency of the module represented by "dep" on the
4364  * module named by "on."
4365  *
4366  * Called from kobj_do_dependents() to load a module "on" on which
4367  * "dep" depends.
4368  */
4369 struct modctl *
4370 mod_load_requisite(struct modctl *dep, char *on)
4371 {
4372         struct modctl *on_mod;
4373         int retval;
4374 
4375         if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4376                 mod_make_requisite(dep, on_mod);
4377         } else if (moddebug & MODDEBUG_ERRMSG) {
4378                 printf("error processing %s on which module %s depends\n",
4379                     on, dep->mod_modname);
4380         }
4381         return (on_mod);
4382 }
4383 
4384 static int
4385 mod_install_requisites(struct modctl *modp)
4386 {
4387         struct modctl_list *modl;
4388         struct modctl *req;
4389         int status = 0;
4390 
4391         ASSERT(MUTEX_NOT_HELD(&mod_lock));
4392         ASSERT(modp->mod_busy);
4393 
4394         for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4395                 req = modl->modl_modp;
4396                 (void) mod_hold_by_modctl(req,
4397                     MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4398                 status = modinstall(req);
4399                 mod_release_mod(req);
4400 
4401                 if (status != 0)
4402                         break;
4403         }
4404         return (status);
4405 }
4406 
4407 /*
4408  * returns 1 if this thread is doing autounload, 0 otherwise.
4409  * see mod_uninstall_all.
4410  */
4411 int
4412 mod_in_autounload()
4413 {
4414         return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4415 }
4416 
4417 /*
4418  * gmatch adapted from libc, stripping the wchar stuff
4419  */
4420 #define popchar(p, c)   { \
4421                 c = *p++; \
4422                 if (c == 0) { \
4423                         return (0); \
4424                 } \
4425         }
4426 
4427 int
4428 gmatch(const char *s, const char *p)
4429 {
4430         int c, sc;
4431         int ok, lc, notflag;
4432 
4433         sc = *s++;
4434         c = *p++;
4435         if (c == 0)
4436                 return (sc == c);       /* nothing matches nothing */
4437 
4438         switch (c) {
4439         case '\\':
4440                 /* skip to quoted character */
4441                 popchar(p, c);
4442                 /*FALLTHRU*/
4443 
4444         default:
4445                 /* straight comparison */
4446                 if (c != sc)
4447                         return (0);
4448                 /*FALLTHRU*/
4449 
4450         case '?':
4451                 /* first char matches, move to remainder */
4452                 return (sc != '\0' ? gmatch(s, p) : 0);
4453 
4454 
4455         case '*':
4456                 while (*p == '*')
4457                         p++;
4458 
4459                 /* * matches everything */
4460                 if (*p == 0)
4461                         return (1);
4462 
4463                 /* undo skip at the beginning & iterate over substrings */
4464                 --s;
4465                 while (*s) {
4466                         if (gmatch(s, p))
4467                                 return (1);
4468                         s++;
4469                 }
4470                 return (0);
4471 
4472         case '[':
4473                 /* match any char within [] */
4474                 if (sc == 0)
4475                         return (0);
4476 
4477                 ok = lc = notflag = 0;
4478 
4479                 if (*p == '!') {
4480                         notflag = 1;
4481                         p++;
4482                 }
4483                 popchar(p, c);
4484 
4485                 do {
4486                         if (c == '-' && lc && *p != ']') {
4487                                 /* test sc against range [c1-c2] */
4488                                 popchar(p, c);
4489                                 if (c == '\\') {
4490                                         popchar(p, c);
4491                                 }
4492 
4493                                 if (notflag) {
4494                                         /* return 0 on mismatch */
4495                                         if (lc <= sc && sc <= c)
4496                                                 return (0);
4497                                         ok++;
4498                                 } else if (lc <= sc && sc <= c) {
4499                                         ok++;
4500                                 }
4501                                 /* keep going, may get a match next */
4502                         } else if (c == '\\') {
4503                                 /* skip to quoted character */
4504                                 popchar(p, c);
4505                         }
4506                         lc = c;
4507                         if (notflag) {
4508                                 if (sc == lc)
4509                                         return (0);
4510                                 ok++;
4511                         } else if (sc == lc) {
4512                                 ok++;
4513                         }
4514                         popchar(p, c);
4515                 } while (c != ']');
4516 
4517                 /* recurse on remainder of string */
4518                 return (ok ? gmatch(s, p) : 0);
4519         }
4520         /*NOTREACHED*/
4521 }
4522 
4523 
4524 /*
4525  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4526  *
4527  * Pure wild-carded patterns are handled separately so the ordering of
4528  * these patterns doesn't matter.  We're still dependent on ordering
4529  * however as the first matching entry is the one returned.
4530  * Not ideal but all existing examples and usage do imply this
4531  * ordering implicitly.
4532  *
4533  * Drivers using the clone driver are always good for some entertainment.
4534  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4535  * perm entries have the form clone:<driver>, others use <driver>:*
4536  * Examples are clone:llc1 vs. llc2:*, for example.
4537  *
4538  * Minor perms in the clone:<driver> form are mapped to the drivers's
4539  * mperm list, not the clone driver, as wildcard entries for clone
4540  * reference only.  In other words, a clone wildcard will match
4541  * references for clone@0:<driver> but never <driver>@<minor>.
4542  *
4543  * Additional minor perms in the standard form are also supported,
4544  * for mixed usage, ie a node with an entry clone:<driver> could
4545  * provide further entries <driver>:<minor>.
4546  *
4547  * Finally, some uses of clone use an alias as the minor name rather
4548  * than the driver name, with the alias as the minor perm entry.
4549  * This case is handled by attaching the driver to bring its
4550  * minor list into existence, then discover the alias via DDI_ALIAS.
4551  * The clone device's minor perm list can then be searched for
4552  * that alias.
4553  */
4554 
4555 static int
4556 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4557 {
4558         major_t                 major;
4559         struct devnames         *dnp;
4560         mperm_t                 *mp;
4561         char                    *alias = NULL;
4562         dev_info_t              *cdevi;
4563         int                     circ;
4564         struct ddi_minor_data   *dmd;
4565 
4566         major = ddi_name_to_major(minor_name);
4567 
4568         ASSERT(dip == clone_dip);
4569         ASSERT(major != DDI_MAJOR_T_NONE);
4570 
4571         /*
4572          * Attach the driver named by the minor node, then
4573          * search its first instance's minor list for an
4574          * alias node.
4575          */
4576         if (ddi_hold_installed_driver(major) == NULL)
4577                 return (1);
4578 
4579         dnp = &devnamesp[major];
4580         LOCK_DEV_OPS(&dnp->dn_lock);
4581 
4582         if ((cdevi = dnp->dn_head) != NULL) {
4583                 ndi_devi_enter(cdevi, &circ);
4584                 for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4585                         if (dmd->type == DDM_ALIAS) {
4586                                 alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4587                                 break;
4588                         }
4589                 }
4590                 ndi_devi_exit(cdevi, circ);
4591         }
4592 
4593         UNLOCK_DEV_OPS(&dnp->dn_lock);
4594         ddi_rele_driver(major);
4595 
4596         if (alias == NULL) {
4597                 if (moddebug & MODDEBUG_MINORPERM)
4598                         cmn_err(CE_CONT, "dev_minorperm: "
4599                             "no alias for %s\n", minor_name);
4600                 return (1);
4601         }
4602 
4603         major = ddi_driver_major(clone_dip);
4604         dnp = &devnamesp[major];
4605         LOCK_DEV_OPS(&dnp->dn_lock);
4606 
4607         /*
4608          * Go through the clone driver's mperm list looking
4609          * for a match for the specified alias.
4610          */
4611         for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4612                 if (strcmp(alias, mp->mp_minorname) == 0) {
4613                         break;
4614                 }
4615         }
4616 
4617         if (mp) {
4618                 if (moddebug & MODDEBUG_MP_MATCH) {
4619                         cmn_err(CE_CONT,
4620                             "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4621                             minor_name, alias, mp->mp_mode,
4622                             mp->mp_uid, mp->mp_gid);
4623                 }
4624                 rmp->mp_uid = mp->mp_uid;
4625                 rmp->mp_gid = mp->mp_gid;
4626                 rmp->mp_mode = mp->mp_mode;
4627         }
4628         UNLOCK_DEV_OPS(&dnp->dn_lock);
4629 
4630         kmem_free(alias, strlen(alias)+1);
4631 
4632         return (mp == NULL);
4633 }
4634 
4635 int
4636 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4637 {
4638         major_t major;
4639         char *minor_name;
4640         struct devnames *dnp;
4641         mperm_t *mp;
4642         int is_clone = 0;
4643 
4644         if (!minorperm_loaded) {
4645                 if (moddebug & MODDEBUG_MINORPERM)
4646                         cmn_err(CE_CONT,
4647                             "%s: minor perm not yet loaded\n", name);
4648                 return (1);
4649         }
4650 
4651         minor_name = strchr(name, ':');
4652         if (minor_name == NULL)
4653                 return (1);
4654         minor_name++;
4655 
4656         /*
4657          * If it's the clone driver, search the driver as named
4658          * by the minor.  All clone minor perm entries other than
4659          * alias nodes are actually installed on the real driver's list.
4660          */
4661         if (dip == clone_dip) {
4662                 major = ddi_name_to_major(minor_name);
4663                 if (major == DDI_MAJOR_T_NONE) {
4664                         if (moddebug & MODDEBUG_MINORPERM)
4665                                 cmn_err(CE_CONT, "dev_minorperm: "
4666                                     "%s: no such driver\n", minor_name);
4667                         return (1);
4668                 }
4669                 is_clone = 1;
4670         } else {
4671                 major = ddi_driver_major(dip);
4672                 ASSERT(major != DDI_MAJOR_T_NONE);
4673         }
4674 
4675         dnp = &devnamesp[major];
4676         LOCK_DEV_OPS(&dnp->dn_lock);
4677 
4678         /*
4679          * Go through the driver's mperm list looking for
4680          * a match for the specified minor.  If there's
4681          * no matching pattern, use the wild card.
4682          * Defer to the clone wild for clone if specified,
4683          * otherwise fall back to the normal form.
4684          */
4685         for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4686                 if (gmatch(minor_name, mp->mp_minorname) != 0) {
4687                         break;
4688                 }
4689         }
4690         if (mp == NULL) {
4691                 if (is_clone)
4692                         mp = dnp->dn_mperm_clone;
4693                 if (mp == NULL)
4694                         mp = dnp->dn_mperm_wild;
4695         }
4696 
4697         if (mp) {
4698                 if (moddebug & MODDEBUG_MP_MATCH) {
4699                         cmn_err(CE_CONT,
4700                             "minor perm defaults: %s %s 0%o %d %d\n",
4701                             name, mp->mp_minorname, mp->mp_mode,
4702                             mp->mp_uid, mp->mp_gid);
4703                 }
4704                 rmp->mp_uid = mp->mp_uid;
4705                 rmp->mp_gid = mp->mp_gid;
4706                 rmp->mp_mode = mp->mp_mode;
4707         }
4708         UNLOCK_DEV_OPS(&dnp->dn_lock);
4709 
4710         /*
4711          * If no match can be found for a clone node,
4712          * search for a possible match for an alias.
4713          * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4714          * with minor perm entry clone:ptmx.
4715          */
4716         if (mp == NULL && is_clone) {
4717                 return (dev_alias_minorperm(dip, minor_name, rmp));
4718         }
4719 
4720         return (mp == NULL);
4721 }
4722 
4723 /*
4724  * dynamicaly reference load a dl module/library, returning handle
4725  */
4726 /*ARGSUSED*/
4727 ddi_modhandle_t
4728 ddi_modopen(const char *modname, int mode, int *errnop)
4729 {
4730         char            *subdir;
4731         char            *mod;
4732         int             subdirlen;
4733         struct modctl   *hmodp = NULL;
4734         int             retval = EINVAL;
4735 
4736         ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4737         if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4738                 goto out;
4739 
4740         /* find last '/' in modname */
4741         mod = strrchr(modname, '/');
4742 
4743         if (mod) {
4744                 /* for subdir string without modification to argument */
4745                 mod++;
4746                 subdirlen = mod - modname;
4747                 subdir = kmem_alloc(subdirlen, KM_SLEEP);
4748                 (void) strlcpy(subdir, modname, subdirlen);
4749         } else {
4750                 subdirlen = 0;
4751                 subdir = "misc";
4752                 mod = (char *)modname;
4753         }
4754 
4755         /* reference load with errno return value */
4756         retval = modrload(subdir, mod, &hmodp);
4757 
4758         if (subdirlen)
4759                 kmem_free(subdir, subdirlen);
4760 
4761 out:    if (errnop)
4762                 *errnop = retval;
4763 
4764         if (moddebug & MODDEBUG_DDI_MOD)
4765                 printf("ddi_modopen %s mode %x: %s %p %d\n",
4766                     modname ? modname : "<unknown>", mode,
4767                     hmodp ? hmodp->mod_filename : "<unknown>",
4768                     (void *)hmodp, retval);
4769 
4770         return ((ddi_modhandle_t)hmodp);
4771 }
4772 
4773 /* lookup "name" in open dl module/library */
4774 void *
4775 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4776 {
4777         struct modctl   *hmodp = (struct modctl *)h;
4778         void            *f;
4779         int             retval;
4780 
4781         ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4782         if ((hmodp == NULL) || (name == NULL) ||
4783             (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4784                 f = NULL;
4785                 retval = EINVAL;
4786         } else {
4787                 f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4788                 if (f)
4789                         retval = 0;
4790                 else
4791                         retval = ENOTSUP;
4792         }
4793 
4794         if (moddebug & MODDEBUG_DDI_MOD)
4795                 printf("ddi_modsym in %s of %s: %d %p\n",
4796                     hmodp ? hmodp->mod_modname : "<unknown>",
4797                     name ? name : "<unknown>", retval, f);
4798 
4799         if (errnop)
4800                 *errnop = retval;
4801         return (f);
4802 }
4803 
4804 /* dynamic (un)reference unload of an open dl module/library */
4805 int
4806 ddi_modclose(ddi_modhandle_t h)
4807 {
4808         struct modctl   *hmodp = (struct modctl *)h;
4809         struct modctl   *modp = NULL;
4810         int             retval;
4811 
4812         ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4813         if ((hmodp == NULL) ||
4814             (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4815                 retval = EINVAL;
4816                 goto out;
4817         }
4818 
4819         retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4820         if (retval == EBUSY)
4821                 retval = 0;     /* EBUSY is not an error */
4822 
4823         if (retval == 0) {
4824                 ASSERT(hmodp == modp);
4825                 if (hmodp != modp)
4826                         retval = EINVAL;
4827         }
4828 
4829 out:    if (moddebug & MODDEBUG_DDI_MOD)
4830                 printf("ddi_modclose %s: %d\n",
4831                     hmodp ? hmodp->mod_modname : "<unknown>", retval);
4832 
4833         return (retval);
4834 }