1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
  24  */
  25 
  26 /*
  27  * modctl system call for loadable module support.
  28  */
  29 
  30 #include <sys/param.h>
  31 #include <sys/user.h>
  32 #include <sys/systm.h>
  33 #include <sys/exec.h>
  34 #include <sys/file.h>
  35 #include <sys/stat.h>
  36 #include <sys/conf.h>
  37 #include <sys/time.h>
  38 #include <sys/reboot.h>
  39 #include <sys/fs/ufs_fsdir.h>
  40 #include <sys/kmem.h>
  41 #include <sys/sysconf.h>
  42 #include <sys/cmn_err.h>
  43 #include <sys/ddi.h>
  44 #include <sys/sunddi.h>
  45 #include <sys/sunndi.h>
  46 #include <sys/ndi_impldefs.h>
  47 #include <sys/ddi_impldefs.h>
  48 #include <sys/ddi_implfuncs.h>
  49 #include <sys/bootconf.h>
  50 #include <sys/dc_ki.h>
  51 #include <sys/cladm.h>
  52 #include <sys/dtrace.h>
  53 #include <sys/kdi.h>
  54 
  55 #include <sys/devpolicy.h>
  56 #include <sys/modctl.h>
  57 #include <sys/kobj.h>
  58 #include <sys/devops.h>
  59 #include <sys/autoconf.h>
  60 #include <sys/hwconf.h>
  61 #include <sys/callb.h>
  62 #include <sys/debug.h>
  63 #include <sys/cpuvar.h>
  64 #include <sys/sysmacros.h>
  65 #include <sys/sysevent.h>
  66 #include <sys/sysevent_impl.h>
  67 #include <sys/instance.h>
  68 #include <sys/modhash.h>
  69 #include <sys/modhash_impl.h>
  70 #include <sys/dacf_impl.h>
  71 #include <sys/vfs.h>
  72 #include <sys/pathname.h>
  73 #include <sys/console.h>
  74 #include <sys/policy.h>
  75 #include <ipp/ipp_impl.h>
  76 #include <sys/fs/dv_node.h>
  77 #include <sys/strsubr.h>
  78 #include <sys/fs/sdev_impl.h>
  79 
  80 static int              mod_circdep(struct modctl *);
  81 static int              modinfo(modid_t, struct modinfo *);
  82 
  83 static void             mod_uninstall_all(void);
  84 static int              mod_getinfo(struct modctl *, struct modinfo *);
  85 static struct modctl    *allocate_modp(const char *, const char *);
  86 
  87 static int              mod_load(struct modctl *, int);
  88 static void             mod_unload(struct modctl *);
  89 static int              modinstall(struct modctl *);
  90 static int              moduninstall(struct modctl *);
  91 
  92 static struct modctl    *mod_hold_by_name_common(struct modctl *, const char *);
  93 static struct modctl    *mod_hold_next_by_id(modid_t);
  94 static struct modctl    *mod_hold_loaded_mod(struct modctl *, char *, int *);
  95 static struct modctl    *mod_hold_installed_mod(char *, int, int, int *);
  96 
  97 static void             mod_release(struct modctl *);
  98 static void             mod_make_requisite(struct modctl *, struct modctl *);
  99 static int              mod_install_requisites(struct modctl *);
 100 static void             check_esc_sequences(char *, char *);
 101 static struct modctl    *mod_hold_by_name_requisite(struct modctl *, char *);
 102 
 103 /*
 104  * module loading thread control structure. Calls to kobj_load_module()() are
 105  * handled off to a separate thead using this structure.
 106  */
 107 struct loadmt {
 108         ksema_t         sema;
 109         struct modctl   *mp;
 110         int             usepath;
 111         kthread_t       *owner;
 112         int             retval;
 113 };
 114 
 115 static void     modload_thread(struct loadmt *);
 116 
 117 kcondvar_t      mod_cv;
 118 kcondvar_t      mod_uninstall_cv;       /* Communication between swapper */
 119                                         /* and the uninstall daemon. */
 120 kmutex_t        mod_lock;               /* protects &modules insert linkage, */
 121                                         /* mod_busy, mod_want, and mod_ref. */
 122                                         /* blocking operations while holding */
 123                                         /* mod_lock should be avoided */
 124 kmutex_t        mod_uninstall_lock;     /* protects mod_uninstall_cv */
 125 kthread_id_t    mod_aul_thread;
 126 
 127 int             modunload_wait;
 128 kmutex_t        modunload_wait_mutex;
 129 kcondvar_t      modunload_wait_cv;
 130 int             modunload_active_count;
 131 int             modunload_disable_count;
 132 
 133 int     isminiroot;             /* set if running as miniroot */
 134 int     modrootloaded;          /* set after root driver and fs are loaded */
 135 int     moddebug = 0x0;         /* debug flags for module writers */
 136 int     swaploaded;             /* set after swap driver and fs are loaded */
 137 int     bop_io_quiesced = 0;    /* set when BOP I/O can no longer be used */
 138 int     last_module_id;
 139 clock_t mod_uninstall_interval = 0;
 140 int     mod_uninstall_pass_max = 6;
 141 int     mod_uninstall_ref_zero; /* # modules that went mod_ref == 0 */
 142 int     mod_uninstall_pass_exc; /* mod_uninstall_all left new stuff */
 143 
 144 int     ddi_modclose_unload = 1;        /* 0 -> just decrement reference */
 145 
 146 int     devcnt_incr     = 256;          /* allow for additional drivers */
 147 int     devcnt_min      = 512;          /* and always at least this number */
 148 
 149 struct devnames *devnamesp;
 150 struct devnames orphanlist;
 151 
 152 krwlock_t       devinfo_tree_lock;      /* obsolete, to be removed */
 153 
 154 #define MAJBINDFILE "/etc/name_to_major"
 155 #define SYSBINDFILE "/etc/name_to_sysnum"
 156 
 157 static char     majbind[] = MAJBINDFILE;
 158 static char     sysbind[] = SYSBINDFILE;
 159 static uint_t   mod_autounload_key;     /* for module autounload detection */
 160 
 161 extern int obpdebug;
 162 
 163 #define DEBUGGER_PRESENT        ((boothowto & RB_DEBUG) || (obpdebug != 0))
 164 
 165 static int minorperm_loaded = 0;
 166 
 167 void
 168 mod_setup(void)
 169 {
 170         struct sysent *callp;
 171         int callnum, exectype;
 172         int     num_devs;
 173         int     i;
 174 
 175         /*
 176          * Initialize the list of loaded driver dev_ops.
 177          * XXX - This must be done before reading the system file so that
 178          * forceloads of drivers will work.
 179          */
 180         num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
 181         /*
 182          * Since read_binding_file is common code, it doesn't enforce that all
 183          * of the binding file entries have major numbers <= MAXMAJ32.       Thus,
 184          * ensure that we don't allocate some massive amount of space due to a
 185          * bad entry.  We can't have major numbers bigger than MAXMAJ32
 186          * until file system support for larger major numbers exists.
 187          */
 188 
 189         /*
 190          * Leave space for expansion, but not more than L_MAXMAJ32
 191          */
 192         devcnt = MIN(num_devs + devcnt_incr, L_MAXMAJ32);
 193         devcnt = MAX(devcnt, devcnt_min);
 194         devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
 195         for (i = 0; i < devcnt; i++)
 196                 devopsp[i] = &mod_nodev_ops;
 197 
 198         init_devnamesp(devcnt);
 199 
 200         /*
 201          * Sync up with the work that the stand-alone linker has already done.
 202          */
 203         (void) kobj_sync();
 204 
 205         if (boothowto & RB_DEBUG)
 206                 kdi_dvec_modavail();
 207 
 208         make_aliases(mb_hashtab);
 209 
 210         /*
 211          * Initialize streams device implementation structures.
 212          */
 213         devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
 214 
 215         /*
 216          * If the cl_bootstrap module is present,
 217          * we should be configured as a cluster. Loading this module
 218          * will set "cluster_bootflags" to non-zero.
 219          */
 220         (void) modload("misc", "cl_bootstrap");
 221 
 222         (void) read_binding_file(sysbind, sb_hashtab, make_mbind);
 223         init_syscallnames(NSYSCALL);
 224 
 225         /*
 226          * Start up dynamic autoconfiguration framework (dacf).
 227          */
 228         mod_hash_init();
 229         dacf_init();
 230 
 231         /*
 232          * Start up IP policy framework (ipp).
 233          */
 234         ipp_init();
 235 
 236         /*
 237          * Allocate loadable native system call locks.
 238          */
 239         for (callnum = 0, callp = sysent; callnum < NSYSCALL;
 240             callnum++, callp++) {
 241                 if (LOADABLE_SYSCALL(callp)) {
 242                         if (mod_getsysname(callnum) != NULL) {
 243                                 callp->sy_lock =
 244                                     kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
 245                                 rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
 246                         } else {
 247                                 callp->sy_flags &= ~SE_LOADABLE;
 248                                 callp->sy_callc = nosys;
 249                         }
 250 #ifdef DEBUG
 251                 } else {
 252                         /*
 253                          * Do some sanity checks on the sysent table
 254                          */
 255                         switch (callp->sy_flags & SE_RVAL_MASK) {
 256                         case SE_32RVAL1:
 257                                 /* only r_val1 returned */
 258                         case SE_32RVAL1 | SE_32RVAL2:
 259                                 /* r_val1 and r_val2 returned */
 260                         case SE_64RVAL:
 261                                 /* 64-bit rval returned */
 262                                 break;
 263                         default:
 264                                 cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
 265                                     callnum, callp->sy_flags);
 266                         }
 267 #endif
 268                 }
 269         }
 270 
 271 #ifdef _SYSCALL32_IMPL
 272         /*
 273          * Allocate loadable system call locks for 32-bit compat syscalls
 274          */
 275         for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
 276             callnum++, callp++) {
 277                 if (LOADABLE_SYSCALL(callp)) {
 278                         if (mod_getsysname(callnum) != NULL) {
 279                                 callp->sy_lock =
 280                                     kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
 281                                 rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
 282                         } else {
 283                                 callp->sy_flags &= ~SE_LOADABLE;
 284                                 callp->sy_callc = nosys;
 285                         }
 286 #ifdef DEBUG
 287                 } else {
 288                         /*
 289                          * Do some sanity checks on the sysent table
 290                          */
 291                         switch (callp->sy_flags & SE_RVAL_MASK) {
 292                         case SE_32RVAL1:
 293                                 /* only r_val1 returned */
 294                         case SE_32RVAL1 | SE_32RVAL2:
 295                                 /* r_val1 and r_val2 returned */
 296                         case SE_64RVAL:
 297                                 /* 64-bit rval returned */
 298                                 break;
 299                         default:
 300                                 cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
 301                                     callnum, callp->sy_flags);
 302                                 goto skip;
 303                         }
 304 
 305                         /*
 306                          * Cross-check the native and compatibility tables.
 307                          */
 308                         if (callp->sy_callc == nosys ||
 309                             sysent[callnum].sy_callc == nosys)
 310                                 continue;
 311                         /*
 312                          * If only one or the other slot is loadable, then
 313                          * there's an error -- they should match!
 314                          */
 315                         if ((callp->sy_callc == loadable_syscall) ^
 316                             (sysent[callnum].sy_callc == loadable_syscall)) {
 317                                 cmn_err(CE_WARN, "sysent[%d] loadable?",
 318                                     callnum);
 319                         }
 320                         /*
 321                          * This is more of a heuristic test -- if the
 322                          * system call returns two values in the 32-bit
 323                          * world, it should probably return two 32-bit
 324                          * values in the 64-bit world too.
 325                          */
 326                         if (((callp->sy_flags & SE_32RVAL2) == 0) ^
 327                             ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
 328                                 cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
 329                                     callnum);
 330                         }
 331 skip:;
 332 #endif  /* DEBUG */
 333                 }
 334         }
 335 #endif  /* _SYSCALL32_IMPL */
 336 
 337         /*
 338          * Allocate loadable exec locks.  (Assumes all execs are loadable)
 339          */
 340         for (exectype = 0; exectype < nexectype; exectype++) {
 341                 execsw[exectype].exec_lock =
 342                     kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
 343                 rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
 344         }
 345 
 346         read_class_file();
 347 
 348         /* init thread specific structure for mod_uninstall_all */
 349         tsd_create(&mod_autounload_key, NULL);
 350 }
 351 
 352 static int
 353 modctl_modload(int use_path, char *filename, int *rvp)
 354 {
 355         struct modctl *modp;
 356         int retval = 0;
 357         char *filenamep;
 358         int modid;
 359 
 360         filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
 361 
 362         if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
 363                 retval = EFAULT;
 364                 goto out;
 365         }
 366 
 367         filenamep[MOD_MAXPATH - 1] = 0;
 368         modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
 369 
 370         if (modp == NULL)
 371                 goto out;
 372 
 373         modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
 374         modid = modp->mod_id;
 375         mod_release_mod(modp);
 376         CPU_STATS_ADDQ(CPU, sys, modload, 1);
 377         if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
 378                 retval = EFAULT;
 379 out:
 380         kmem_free(filenamep, MOD_MAXPATH);
 381 
 382         return (retval);
 383 }
 384 
 385 static int
 386 modctl_modunload(modid_t id)
 387 {
 388         int rval = 0;
 389 
 390         if (id == 0) {
 391 #ifdef DEBUG
 392                 /*
 393                  * Turn on mod_uninstall_daemon
 394                  */
 395                 if (mod_uninstall_interval == 0) {
 396                         mod_uninstall_interval = 60;
 397                         modreap();
 398                         return (rval);
 399                 }
 400 #endif
 401                 mod_uninstall_all();
 402         } else {
 403                 rval = modunload(id);
 404         }
 405         return (rval);
 406 }
 407 
 408 static int
 409 modctl_modinfo(modid_t id, struct modinfo *umodi)
 410 {
 411         int retval;
 412         struct modinfo modi;
 413 #if defined(_SYSCALL32_IMPL)
 414         int nobase;
 415         struct modinfo32 modi32;
 416 #endif
 417 
 418         nobase = 0;
 419         if (get_udatamodel() == DATAMODEL_NATIVE) {
 420                 if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
 421                         return (EFAULT);
 422         }
 423 #ifdef _SYSCALL32_IMPL
 424         else {
 425                 bzero(&modi, sizeof (modi));
 426                 if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
 427                         return (EFAULT);
 428                 modi.mi_info = modi32.mi_info;
 429                 modi.mi_id = modi32.mi_id;
 430                 modi.mi_nextid = modi32.mi_nextid;
 431                 nobase = modi.mi_info & MI_INFO_NOBASE;
 432         }
 433 #endif
 434         /*
 435          * This flag is -only- for the kernels use.
 436          */
 437         modi.mi_info &= ~MI_INFO_LINKAGE;
 438 
 439         retval = modinfo(id, &modi);
 440         if (retval)
 441                 return (retval);
 442 
 443         if (get_udatamodel() == DATAMODEL_NATIVE) {
 444                 if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
 445                         retval = EFAULT;
 446 #ifdef _SYSCALL32_IMPL
 447         } else {
 448                 int i;
 449 
 450                 if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
 451                         return (EOVERFLOW);
 452 
 453                 modi32.mi_info = modi.mi_info;
 454                 modi32.mi_state = modi.mi_state;
 455                 modi32.mi_id = modi.mi_id;
 456                 modi32.mi_nextid = modi.mi_nextid;
 457                 modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
 458                 modi32.mi_size = modi.mi_size;
 459                 modi32.mi_rev = modi.mi_rev;
 460                 modi32.mi_loadcnt = modi.mi_loadcnt;
 461                 bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
 462                 for (i = 0; i < MODMAXLINK32; i++) {
 463                         modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
 464                         bcopy(modi.mi_msinfo[i].msi_linkinfo,
 465                             modi32.mi_msinfo[i].msi_linkinfo,
 466                             sizeof (modi32.mi_msinfo[0].msi_linkinfo));
 467                 }
 468                 if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
 469                         retval = EFAULT;
 470 #endif
 471         }
 472 
 473         return (retval);
 474 }
 475 
 476 /*
 477  * Return the last major number in the range of permissible major numbers.
 478  */
 479 /*ARGSUSED*/
 480 static int
 481 modctl_modreserve(modid_t id, int *data)
 482 {
 483         if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
 484                 return (EFAULT);
 485         return (0);
 486 }
 487 
 488 /* Add/Remove driver and binding aliases */
 489 static int
 490 modctl_update_driver_aliases(int add, int *data)
 491 {
 492         struct modconfig        mc;
 493         int                     i, n, rv = 0;
 494         struct aliases          alias;
 495         struct aliases          *ap;
 496         char                    name[MAXMODCONFNAME];
 497         char                    cname[MAXMODCONFNAME];
 498         char                    *drvname;
 499         int                     resid;
 500         struct alias_info {
 501                 char    *alias_name;
 502                 int     alias_resid;
 503         } *aliases, *aip;
 504 
 505         aliases = NULL;
 506         bzero(&mc, sizeof (struct modconfig));
 507         if (get_udatamodel() == DATAMODEL_NATIVE) {
 508                 if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
 509                         return (EFAULT);
 510         }
 511 #ifdef _SYSCALL32_IMPL
 512         else {
 513                 struct modconfig32 modc32;
 514                 if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
 515                         return (EFAULT);
 516                 else {
 517                         bcopy(modc32.drvname, mc.drvname,
 518                             sizeof (modc32.drvname));
 519                         bcopy(modc32.drvclass, mc.drvclass,
 520                             sizeof (modc32.drvclass));
 521                         mc.major = modc32.major;
 522                         mc.flags = modc32.flags;
 523                         mc.num_aliases = modc32.num_aliases;
 524                         mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
 525                 }
 526         }
 527 #endif
 528 
 529         /*
 530          * If the driver is already in the mb_hashtab, and the name given
 531          * doesn't match that driver's name, fail.  Otherwise, pass, since
 532          * we may be adding aliases.
 533          */
 534         drvname = mod_major_to_name(mc.major);
 535         if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
 536                 return (EINVAL);
 537 
 538         /*
 539          * Precede alias removal by unbinding as many devices as possible.
 540          */
 541         if (add == 0) {
 542                 (void) i_ddi_unload_drvconf(mc.major);
 543                 i_ddi_unbind_devs(mc.major);
 544         }
 545 
 546         /*
 547          * Add/remove each supplied driver alias to/from mb_hashtab
 548          */
 549         ap = mc.ap;
 550         if (mc.num_aliases > 0)
 551                 aliases = kmem_zalloc(
 552                     mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
 553         aip = aliases;
 554         for (i = 0; i < mc.num_aliases; i++) {
 555                 bzero(&alias, sizeof (struct aliases));
 556                 if (get_udatamodel() == DATAMODEL_NATIVE) {
 557                         if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
 558                                 rv = EFAULT;
 559                                 goto error;
 560                         }
 561                         if (alias.a_len > MAXMODCONFNAME) {
 562                                 rv = EINVAL;
 563                                 goto error;
 564                         }
 565                         if (copyin(alias.a_name, name, alias.a_len) != 0) {
 566                                 rv = EFAULT;
 567                                 goto error;
 568                         }
 569                         if (name[alias.a_len - 1] != '\0') {
 570                                 rv = EINVAL;
 571                                 goto error;
 572                         }
 573                 }
 574 #ifdef _SYSCALL32_IMPL
 575                 else {
 576                         struct aliases32 al32;
 577                         bzero(&al32, sizeof (struct aliases32));
 578                         if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
 579                                 rv = EFAULT;
 580                                 goto error;
 581                         }
 582                         if (al32.a_len > MAXMODCONFNAME) {
 583                                 rv = EINVAL;
 584                                 goto error;
 585                         }
 586                         if (copyin((void *)(uintptr_t)al32.a_name,
 587                             name, al32.a_len) != 0) {
 588                                 rv = EFAULT;
 589                                 goto error;
 590                         }
 591                         if (name[al32.a_len - 1] != '\0') {
 592                                 rv = EINVAL;
 593                                 goto error;
 594                         }
 595                         alias.a_next = (void *)(uintptr_t)al32.a_next;
 596                 }
 597 #endif
 598                 check_esc_sequences(name, cname);
 599                 aip->alias_name = strdup(cname);
 600                 ap = alias.a_next;
 601                 aip++;
 602         }
 603 
 604         if (add == 0) {
 605                 ap = mc.ap;
 606                 resid = 0;
 607                 aip = aliases;
 608                 /* attempt to unbind all devices bound to each alias */
 609                 for (i = 0; i < mc.num_aliases; i++) {
 610                         n = i_ddi_unbind_devs_by_alias(
 611                             mc.major, aip->alias_name);
 612                         resid += n;
 613                         aip->alias_resid = n;
 614                 }
 615 
 616                 /*
 617                  * If some device bound to an alias remains in use,
 618                  * and override wasn't specified, no change is made to
 619                  * the binding state and we fail the operation.
 620                  */
 621                 if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
 622                         rv = EBUSY;
 623                         goto error;
 624                 }
 625 
 626                 /*
 627                  * No device remains bound of any of the aliases,
 628                  * or force was requested.  Mark each alias as
 629                  * inactive via delete_mbind so no future binds
 630                  * to this alias take place and that a new
 631                  * binding can be established.
 632                  */
 633                 aip = aliases;
 634                 for (i = 0; i < mc.num_aliases; i++) {
 635                         if (moddebug & MODDEBUG_BINDING)
 636                                 cmn_err(CE_CONT, "Removing binding for %s "
 637                                     "(%d active references)\n",
 638                                     aip->alias_name, aip->alias_resid);
 639                         delete_mbind(aip->alias_name, mb_hashtab);
 640                         aip++;
 641                 }
 642                 rv = 0;
 643         } else {
 644                 aip = aliases;
 645                 for (i = 0; i < mc.num_aliases; i++) {
 646                         if (moddebug & MODDEBUG_BINDING)
 647                                 cmn_err(CE_NOTE, "Adding binding for '%s'\n",
 648                                     aip->alias_name);
 649                         (void) make_mbind(aip->alias_name,
 650                             mc.major, NULL, mb_hashtab);
 651                         aip++;
 652                 }
 653                 /*
 654                  * Try to establish an mbinding for mc.drvname, and add it to
 655                  * devnames. Add class if any after establishing the major
 656                  * number.
 657                  */
 658                 (void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
 659                 if ((rv = make_devname(mc.drvname, mc.major,
 660                     (mc.flags & MOD_ADDMAJBIND_UPDATE) ?
 661                     DN_DRIVER_INACTIVE : 0)) != 0) {
 662                         goto error;
 663                 }
 664 
 665                 if (mc.drvclass[0] != '\0')
 666                         add_class(mc.drvname, mc.drvclass);
 667                 if ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0) {
 668                         (void) i_ddi_load_drvconf(mc.major);
 669                 }
 670         }
 671 
 672         /*
 673          * Ensure that all nodes are bound to the most appropriate driver
 674          * possible, attempting demotion and rebind when a more appropriate
 675          * driver now exists.  But not when adding a driver update-only.
 676          */
 677         if ((add == 0) || ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0)) {
 678                 i_ddi_bind_devs();
 679                 i_ddi_di_cache_invalidate();
 680         }
 681 
 682 error:
 683         if (mc.num_aliases > 0) {
 684                 aip = aliases;
 685                 for (i = 0; i < mc.num_aliases; i++) {
 686                         if (aip->alias_name != NULL)
 687                                 strfree(aip->alias_name);
 688                         aip++;
 689                 }
 690                 kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
 691         }
 692         return (rv);
 693 }
 694 
 695 static int
 696 modctl_add_driver_aliases(int *data)
 697 {
 698         return (modctl_update_driver_aliases(1, data));
 699 }
 700 
 701 static int
 702 modctl_remove_driver_aliases(int *data)
 703 {
 704         return (modctl_update_driver_aliases(0, data));
 705 }
 706 
 707 static int
 708 modctl_rem_major(major_t major)
 709 {
 710         struct devnames *dnp;
 711 
 712         if (major >= devcnt)
 713                 return (EINVAL);
 714 
 715         /* mark devnames as removed */
 716         dnp = &devnamesp[major];
 717         LOCK_DEV_OPS(&dnp->dn_lock);
 718         if (dnp->dn_name == NULL ||
 719             (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
 720                 UNLOCK_DEV_OPS(&dnp->dn_lock);
 721                 return (EINVAL);
 722         }
 723         dnp->dn_flags |= DN_DRIVER_REMOVED;
 724         pm_driver_removed(major);
 725         UNLOCK_DEV_OPS(&dnp->dn_lock);
 726 
 727         (void) i_ddi_unload_drvconf(major);
 728         i_ddi_unbind_devs(major);
 729         i_ddi_bind_devs();
 730         i_ddi_di_cache_invalidate();
 731 
 732         /* purge all the bindings to this driver */
 733         purge_mbind(major, mb_hashtab);
 734         return (0);
 735 }
 736 
 737 static struct vfs *
 738 path_to_vfs(char *name)
 739 {
 740         vnode_t *vp;
 741         struct vfs *vfsp;
 742 
 743         if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
 744                 return (NULL);
 745 
 746         vfsp = vp->v_vfsp;
 747         VN_RELE(vp);
 748         return (vfsp);
 749 }
 750 
 751 static int
 752 new_vfs_in_modpath()
 753 {
 754         static int n_modpath = 0;
 755         static char *modpath_copy;
 756         static struct pathvfs {
 757                 char *path;
 758                 struct vfs *vfsp;
 759         } *pathvfs;
 760 
 761         int i, new_vfs = 0;
 762         char *tmp, *tmp1;
 763         struct vfs *vfsp;
 764 
 765         if (n_modpath != 0) {
 766                 for (i = 0; i < n_modpath; i++) {
 767                         vfsp = path_to_vfs(pathvfs[i].path);
 768                         if (vfsp != pathvfs[i].vfsp) {
 769                                 pathvfs[i].vfsp = vfsp;
 770                                 if (vfsp)
 771                                         new_vfs = 1;
 772                         }
 773                 }
 774                 return (new_vfs);
 775         }
 776 
 777         /*
 778          * First call, initialize the pathvfs structure
 779          */
 780         modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
 781         tmp = modpath_copy;
 782         n_modpath = 1;
 783         tmp1 = strchr(tmp, ' ');
 784         while (tmp1) {
 785                 *tmp1 = '\0';
 786                 n_modpath++;
 787                 tmp = tmp1 + 1;
 788                 tmp1 = strchr(tmp, ' ');
 789         }
 790 
 791         pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
 792         tmp = modpath_copy;
 793         for (i = 0; i < n_modpath; i++) {
 794                 pathvfs[i].path = tmp;
 795                 vfsp = path_to_vfs(tmp);
 796                 pathvfs[i].vfsp = vfsp;
 797                 tmp += strlen(tmp) + 1;
 798         }
 799         return (1);     /* always reread driver.conf the first time */
 800 }
 801 
 802 static int
 803 modctl_load_drvconf(major_t major, int flags)
 804 {
 805         int ret;
 806 
 807         /*
 808          * devfsadm -u - read all new driver.conf files
 809          * and bind and configure devices for new drivers.
 810          */
 811         if (flags & MOD_LOADDRVCONF_RECONF) {
 812                 (void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
 813                 i_ddi_bind_devs();
 814                 i_ddi_di_cache_invalidate();
 815                 return (0);
 816         }
 817 
 818         /*
 819          * update_drv <drv> - reload driver.conf for the specified driver
 820          */
 821         if (major != DDI_MAJOR_T_NONE) {
 822                 ret = i_ddi_load_drvconf(major);
 823                 if (ret == 0)
 824                         i_ddi_bind_devs();
 825                 return (ret);
 826         }
 827 
 828         /*
 829          * We are invoked to rescan new driver.conf files. It is
 830          * only necessary if a new file system was mounted in the
 831          * module_path. Because rescanning driver.conf files can
 832          * take some time on older platforms (sun4m), the following
 833          * code skips unnecessary driver.conf rescans to optimize
 834          * boot performance.
 835          */
 836         if (new_vfs_in_modpath()) {
 837                 (void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
 838                 /*
 839                  * If we are still initializing io subsystem,
 840                  * load drivers with ddi-forceattach property
 841                  */
 842                 if (!i_ddi_io_initialized())
 843                         i_ddi_forceattach_drivers();
 844         }
 845         return (0);
 846 }
 847 
 848 /*
 849  * Unload driver.conf file and follow up by attempting
 850  * to rebind devices to more appropriate driver.
 851  */
 852 static int
 853 modctl_unload_drvconf(major_t major)
 854 {
 855         int ret;
 856 
 857         if (major >= devcnt)
 858                 return (EINVAL);
 859 
 860         ret = i_ddi_unload_drvconf(major);
 861         if (ret != 0)
 862                 return (ret);
 863         (void) i_ddi_unbind_devs(major);
 864         i_ddi_bind_devs();
 865 
 866         return (0);
 867 }
 868 
 869 static void
 870 check_esc_sequences(char *str, char *cstr)
 871 {
 872         int i;
 873         size_t len;
 874         char *p;
 875 
 876         len = strlen(str);
 877         for (i = 0; i < len; i++, str++, cstr++) {
 878                 if (*str != '\\') {
 879                         *cstr = *str;
 880                 } else {
 881                         p = str + 1;
 882                         /*
 883                          * we only handle octal escape sequences for SPACE
 884                          */
 885                         if (*p++ == '0' && *p++ == '4' && *p == '0') {
 886                                 *cstr = ' ';
 887                                 str += 3;
 888                         } else {
 889                                 *cstr = *str;
 890                         }
 891                 }
 892         }
 893         *cstr = 0;
 894 }
 895 
 896 static int
 897 modctl_getmodpathlen(int *data)
 898 {
 899         int len;
 900         len = strlen(default_path);
 901         if (copyout(&len, data, sizeof (len)) != 0)
 902                 return (EFAULT);
 903         return (0);
 904 }
 905 
 906 static int
 907 modctl_getmodpath(char *data)
 908 {
 909         if (copyout(default_path, data, strlen(default_path) + 1) != 0)
 910                 return (EFAULT);
 911         return (0);
 912 }
 913 
 914 static int
 915 modctl_read_sysbinding_file(void)
 916 {
 917         (void) read_binding_file(sysbind, sb_hashtab, make_mbind);
 918         return (0);
 919 }
 920 
 921 static int
 922 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
 923 {
 924         char name[256];
 925         int retval;
 926         major_t major;
 927 
 928         if (ulen == 0)
 929                 return (EINVAL);
 930         if ((retval = copyinstr(uname, name,
 931             (ulen < 256) ? ulen : 256, 0)) != 0)
 932                 return (retval);
 933         if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
 934                 return (ENODEV);
 935         if (copyout(&major, umajorp, sizeof (major_t)) != 0)
 936                 return (EFAULT);
 937         return (0);
 938 }
 939 
 940 static char **
 941 convert_constraint_string(char *constraints, size_t len)
 942 {
 943         int     i;
 944         int     n;
 945         char    *p;
 946         char    **array;
 947 
 948         ASSERT(constraints != NULL);
 949         ASSERT(len > 0);
 950 
 951         for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
 952                 ;
 953 
 954         n = i;
 955 
 956         if (n == 0) {
 957                 kmem_free(constraints, len);
 958                 return (NULL);
 959         }
 960 
 961         array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
 962 
 963         for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
 964                 array[i] = i_ddi_strdup(p, KM_SLEEP);
 965         }
 966         array[n] = NULL;
 967 
 968         kmem_free(constraints, len);
 969 
 970         return (array);
 971 }
 972 /*ARGSUSED*/
 973 static int
 974 modctl_retire(char *path, char *uconstraints, size_t ulen)
 975 {
 976         char    *pathbuf;
 977         char    *devpath;
 978         size_t  pathsz;
 979         int     retval;
 980         char    *constraints;
 981         char    **cons_array;
 982 
 983         if (path == NULL)
 984                 return (EINVAL);
 985 
 986         if ((uconstraints == NULL) ^ (ulen == 0))
 987                 return (EINVAL);
 988 
 989         pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
 990         retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
 991         if (retval != 0) {
 992                 kmem_free(pathbuf, MAXPATHLEN);
 993                 return (retval);
 994         }
 995         devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
 996         kmem_free(pathbuf, MAXPATHLEN);
 997 
 998         /*
 999          * First check if the device is already retired.
1000          * If it is, then persist the retire anyway, just in case the retire
1001          * store has got out of sync with the boot archive.
1002          */
1003         if (e_ddi_device_retired(devpath)) {
1004                 cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
1005                 (void) e_ddi_retire_persist(devpath);
1006                 kmem_free(devpath, strlen(devpath) + 1);
1007                 return (0);
1008         }
1009 
1010         cons_array = NULL;
1011         if (uconstraints) {
1012                 constraints = kmem_alloc(ulen, KM_SLEEP);
1013                 if (copyin(uconstraints, constraints, ulen)) {
1014                         kmem_free(constraints, ulen);
1015                         kmem_free(devpath, strlen(devpath) + 1);
1016                         return (EFAULT);
1017                 }
1018                 cons_array = convert_constraint_string(constraints, ulen);
1019         }
1020 
1021         /*
1022          * Try to retire the device first. The following
1023          * routine will return an error only if the device
1024          * is not retireable i.e. retire constraints forbid
1025          * a retire. A return of success from this routine
1026          * indicates that device is retireable.
1027          */
1028         retval = e_ddi_retire_device(devpath, cons_array);
1029         if (retval != DDI_SUCCESS) {
1030                 cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
1031                 kmem_free(devpath, strlen(devpath) + 1);
1032                 return (ENOTSUP);
1033         }
1034 
1035         /*
1036          * Ok, the retire succeeded. Persist the retire.
1037          * If retiring a nexus, we need to only persist the
1038          * nexus retire. Any children of a retired nexus
1039          * are automatically covered by the retire store
1040          * code.
1041          */
1042         retval = e_ddi_retire_persist(devpath);
1043         if (retval != 0) {
1044                 cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1045                     "%s", retval, devpath);
1046                 kmem_free(devpath, strlen(devpath) + 1);
1047                 return (retval);
1048         }
1049         if (moddebug & MODDEBUG_RETIRE)
1050                 cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1051 
1052         kmem_free(devpath, strlen(devpath) + 1);
1053         return (0);
1054 }
1055 
1056 static int
1057 modctl_is_retired(char *path, int *statep)
1058 {
1059         char    *pathbuf;
1060         char    *devpath;
1061         size_t  pathsz;
1062         int     error;
1063         int     status;
1064 
1065         if (path == NULL || statep == NULL)
1066                 return (EINVAL);
1067 
1068         pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1069         error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1070         if (error != 0) {
1071                 kmem_free(pathbuf, MAXPATHLEN);
1072                 return (error);
1073         }
1074         devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1075         kmem_free(pathbuf, MAXPATHLEN);
1076 
1077         if (e_ddi_device_retired(devpath))
1078                 status = 1;
1079         else
1080                 status = 0;
1081         kmem_free(devpath, strlen(devpath) + 1);
1082 
1083         return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1084 }
1085 
1086 static int
1087 modctl_unretire(char *path)
1088 {
1089         char    *pathbuf;
1090         char    *devpath;
1091         size_t  pathsz;
1092         int     retired;
1093         int     retval;
1094 
1095         if (path == NULL)
1096                 return (EINVAL);
1097 
1098         pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1099         retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1100         if (retval != 0) {
1101                 kmem_free(pathbuf, MAXPATHLEN);
1102                 return (retval);
1103         }
1104         devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1105         kmem_free(pathbuf, MAXPATHLEN);
1106 
1107         /*
1108          * We check if a device is retired (first) before
1109          * unpersisting the retire, because we use the
1110          * retire store to determine if a device is retired.
1111          * If we unpersist first, the device will always appear
1112          * to be unretired. For the rationale behind unpersisting
1113          * a device that is not retired, see the next comment.
1114          */
1115         retired = e_ddi_device_retired(devpath);
1116 
1117         /*
1118          * We call unpersist unconditionally because the lookup
1119          * for retired devices (e_ddi_device_retired()), skips "bypassed"
1120          * devices. We still want to be able remove "bypassed" entries
1121          * from the persistent store, so we unpersist unconditionally
1122          * i.e. whether or not the entry is found on a lookup.
1123          *
1124          * e_ddi_retire_unpersist() returns 1 if it found and cleared
1125          * an entry from the retire store or 0 otherwise.
1126          */
1127         if (e_ddi_retire_unpersist(devpath))
1128                 if (moddebug & MODDEBUG_RETIRE) {
1129                         cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1130                             devpath);
1131                 }
1132 
1133         /*
1134          * Check if the device is already unretired. If so,
1135          * the unretire becomes a NOP
1136          */
1137         if (!retired) {
1138                 cmn_err(CE_NOTE, "Not retired: %s", devpath);
1139                 kmem_free(devpath, strlen(devpath) + 1);
1140                 return (0);
1141         }
1142 
1143         retval = e_ddi_unretire_device(devpath);
1144         if (retval != 0) {
1145                 cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1146                     retval, devpath);
1147         }
1148 
1149         kmem_free(devpath, strlen(devpath) + 1);
1150 
1151         return (retval);
1152 }
1153 
1154 static int
1155 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1156 {
1157         char *name;
1158         major_t major;
1159 
1160         if (copyin(umajorp, &major, sizeof (major)) != 0)
1161                 return (EFAULT);
1162         if ((name = mod_major_to_name(major)) == NULL)
1163                 return (ENODEV);
1164         if ((strlen(name) + 1) > ulen)
1165                 return (ENOSPC);
1166         return (copyoutstr(name, uname, ulen, NULL));
1167 }
1168 
1169 static int
1170 modctl_devt2instance(dev_t dev, int *uinstancep)
1171 {
1172         int     instance;
1173 
1174         if ((instance = dev_to_instance(dev)) == -1)
1175                 return (EINVAL);
1176 
1177         return (copyout(&instance, uinstancep, sizeof (int)));
1178 }
1179 
1180 /*
1181  * Return the sizeof of the device id.
1182  */
1183 static int
1184 modctl_sizeof_devid(dev_t dev, uint_t *len)
1185 {
1186         uint_t          sz;
1187         ddi_devid_t     devid;
1188 
1189         /* get device id */
1190         if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1191                 return (EINVAL);
1192 
1193         sz = ddi_devid_sizeof(devid);
1194         ddi_devid_free(devid);
1195 
1196         /* copyout device id size */
1197         if (copyout(&sz, len, sizeof (sz)) != 0)
1198                 return (EFAULT);
1199 
1200         return (0);
1201 }
1202 
1203 /*
1204  * Return a copy of the device id.
1205  */
1206 static int
1207 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1208 {
1209         uint_t          sz;
1210         ddi_devid_t     devid;
1211         int             err = 0;
1212 
1213         /* get device id */
1214         if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1215                 return (EINVAL);
1216 
1217         sz = ddi_devid_sizeof(devid);
1218 
1219         /* Error if device id is larger than space allocated */
1220         if (sz > len) {
1221                 ddi_devid_free(devid);
1222                 return (ENOSPC);
1223         }
1224 
1225         /* copy out device id */
1226         if (copyout(devid, udevid, sz) != 0)
1227                 err = EFAULT;
1228         ddi_devid_free(devid);
1229         return (err);
1230 }
1231 
1232 /*
1233  * return the /devices paths associated with the specified devid and
1234  * minor name.
1235  */
1236 /*ARGSUSED*/
1237 static int
1238 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1239     size_t *ulensp, char *upaths)
1240 {
1241         ddi_devid_t     devid = NULL;
1242         int             devid_len;
1243         char            *minor_name = NULL;
1244         dev_info_t      *dip = NULL;
1245         int             circ;
1246         struct ddi_minor_data   *dmdp;
1247         char            *path = NULL;
1248         int             ulens;
1249         int             lens;
1250         int             len;
1251         dev_t           *devlist = NULL;
1252         int             ndevs;
1253         int             i;
1254         int             ret = 0;
1255 
1256         /*
1257          * If upaths is NULL then we are only computing the amount of space
1258          * needed to hold the paths and returning the value in *ulensp. If we
1259          * are copying out paths then we get the amount of space allocated by
1260          * the caller. If the actual space needed for paths is larger, or
1261          * things are changing out from under us, then we return EAGAIN.
1262          */
1263         if (upaths) {
1264                 if (ulensp == NULL)
1265                         return (EINVAL);
1266                 if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1267                         return (EFAULT);
1268         }
1269 
1270         /*
1271          * copyin enough of the devid to determine the length then
1272          * reallocate and copy in the entire devid.
1273          */
1274         devid_len = ddi_devid_sizeof(NULL);
1275         devid = kmem_alloc(devid_len, KM_SLEEP);
1276         if (copyin(udevid, devid, devid_len)) {
1277                 ret = EFAULT;
1278                 goto out;
1279         }
1280         len = devid_len;
1281         devid_len = ddi_devid_sizeof(devid);
1282         kmem_free(devid, len);
1283         devid = kmem_alloc(devid_len, KM_SLEEP);
1284         if (copyin(udevid, devid, devid_len)) {
1285                 ret = EFAULT;
1286                 goto out;
1287         }
1288 
1289         /* copyin the minor name if specified. */
1290         minor_name = uminor_name;
1291         if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1292             (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1293             (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1294                 minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1295                 if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1296                         ret = EFAULT;
1297                         goto out;
1298                 }
1299         }
1300 
1301         /*
1302          * Use existing function to resolve the devid into a devlist.
1303          *
1304          * NOTE: there is a loss of spectype information in the current
1305          * ddi_lyr_devid_to_devlist implementation. We work around this by not
1306          * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1307          * node forms in the loop processing the devlist below. It would be
1308          * best if at some point the use of this interface here was replaced
1309          * with a path oriented call.
1310          */
1311         if (ddi_lyr_devid_to_devlist(devid,
1312             (minor_name == DEVID_MINOR_NAME_ALL) ?
1313             DEVID_MINOR_NAME_ALL_CHR : minor_name,
1314             &ndevs, &devlist) != DDI_SUCCESS) {
1315                 ret = EINVAL;
1316                 goto out;
1317         }
1318 
1319         /*
1320          * loop over the devlist, converting each devt to a path and doing
1321          * a copyout of the path and computation of the amount of space
1322          * needed to hold all the paths
1323          */
1324         path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1325         for (i = 0, lens = 0; i < ndevs; i++) {
1326 
1327                 /* find the dip associated with the dev_t */
1328                 if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1329                         continue;
1330 
1331                 /* loop over all the minor nodes, skipping ones we don't want */
1332                 ndi_devi_enter(dip, &circ);
1333                 for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1334                         if ((dmdp->ddm_dev != devlist[i]) ||
1335                             (dmdp->type != DDM_MINOR))
1336                                 continue;
1337 
1338                         if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1339                             (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1340                             (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1341                             strcmp(minor_name, dmdp->ddm_name))
1342                                 continue;
1343                         else {
1344                                 if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1345                                     (dmdp->ddm_spec_type != S_IFCHR))
1346                                         continue;
1347                                 if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1348                                     (dmdp->ddm_spec_type != S_IFBLK))
1349                                         continue;
1350                         }
1351 
1352                         (void) ddi_pathname_minor(dmdp, path);
1353                         len = strlen(path) + 1;
1354                         *(path + len) = '\0';   /* set double termination */
1355                         lens += len;
1356 
1357                         /* copyout the path with double terminations */
1358                         if (upaths) {
1359                                 if (lens > ulens) {
1360                                         ret = EAGAIN;
1361                                         goto out;
1362                                 }
1363                                 if (copyout(path, upaths, len + 1)) {
1364                                         ret = EFAULT;
1365                                         goto out;
1366                                 }
1367                                 upaths += len;
1368                         }
1369                 }
1370                 ndi_devi_exit(dip, circ);
1371                 ddi_release_devi(dip);
1372                 dip = NULL;
1373         }
1374         lens++;         /* add one for double termination */
1375 
1376         /* copy out the amount of space needed to hold the paths */
1377         if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1378                 ret = EFAULT;
1379                 goto out;
1380         }
1381         ret = 0;
1382 
1383 out:    if (dip) {
1384                 ndi_devi_exit(dip, circ);
1385                 ddi_release_devi(dip);
1386         }
1387         if (path)
1388                 kmem_free(path, MAXPATHLEN);
1389         if (devlist)
1390                 ddi_lyr_free_devlist(devlist, ndevs);
1391         if (minor_name &&
1392             (minor_name != DEVID_MINOR_NAME_ALL) &&
1393             (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1394             (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1395                 kmem_free(minor_name, MAXPATHLEN);
1396         if (devid)
1397                 kmem_free(devid, devid_len);
1398         return (ret);
1399 }
1400 
1401 /*
1402  * Return the size of the minor name.
1403  */
1404 static int
1405 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1406 {
1407         uint_t  sz;
1408         char    *name;
1409 
1410         /* get the minor name */
1411         if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1412                 return (EINVAL);
1413 
1414         sz = strlen(name) + 1;
1415         kmem_free(name, sz);
1416 
1417         /* copy out the size of the minor name */
1418         if (copyout(&sz, len, sizeof (sz)) != 0)
1419                 return (EFAULT);
1420 
1421         return (0);
1422 }
1423 
1424 /*
1425  * Return the minor name.
1426  */
1427 static int
1428 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1429 {
1430         uint_t  sz;
1431         char    *name;
1432         int     err = 0;
1433 
1434         /* get the minor name */
1435         if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1436                 return (EINVAL);
1437 
1438         sz = strlen(name) + 1;
1439 
1440         /* Error if the minor name is larger than the space allocated */
1441         if (sz > len) {
1442                 kmem_free(name, sz);
1443                 return (ENOSPC);
1444         }
1445 
1446         /* copy out the minor name */
1447         if (copyout(name, uname, sz) != 0)
1448                 err = EFAULT;
1449         kmem_free(name, sz);
1450         return (err);
1451 }
1452 
1453 /*
1454  * Return the size of the (dev_t,spectype) devfspath name.
1455  */
1456 static int
1457 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1458 {
1459         uint_t  sz;
1460         char    *name;
1461 
1462         /* get the path name */
1463         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1464         if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1465                 kmem_free(name, MAXPATHLEN);
1466                 return (EINVAL);
1467         }
1468 
1469         sz = strlen(name) + 1;
1470         kmem_free(name, MAXPATHLEN);
1471 
1472         /* copy out the size of the path name */
1473         if (copyout(&sz, len, sizeof (sz)) != 0)
1474                 return (EFAULT);
1475 
1476         return (0);
1477 }
1478 
1479 /*
1480  * Return the (dev_t,spectype) devfspath name.
1481  */
1482 static int
1483 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1484 {
1485         uint_t  sz;
1486         char    *name;
1487         int     err = 0;
1488 
1489         /* get the path name */
1490         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1491         if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1492                 kmem_free(name, MAXPATHLEN);
1493                 return (EINVAL);
1494         }
1495 
1496         sz = strlen(name) + 1;
1497 
1498         /* Error if the path name is larger than the space allocated */
1499         if (sz > len) {
1500                 kmem_free(name, MAXPATHLEN);
1501                 return (ENOSPC);
1502         }
1503 
1504         /* copy out the path name */
1505         if (copyout(name, uname, sz) != 0)
1506                 err = EFAULT;
1507         kmem_free(name, MAXPATHLEN);
1508         return (err);
1509 }
1510 
1511 /*
1512  * Return the size of the (major,instance) devfspath name.
1513  */
1514 static int
1515 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1516 {
1517         uint_t  sz;
1518         char    *name;
1519 
1520         /* get the path name */
1521         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1522         if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1523                 kmem_free(name, MAXPATHLEN);
1524                 return (EINVAL);
1525         }
1526 
1527         sz = strlen(name) + 1;
1528         kmem_free(name, MAXPATHLEN);
1529 
1530         /* copy out the size of the path name */
1531         if (copyout(&sz, len, sizeof (sz)) != 0)
1532                 return (EFAULT);
1533 
1534         return (0);
1535 }
1536 
1537 /*
1538  * Return the (major_instance) devfspath name.
1539  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1540  * return a path - it uses the instance tree.
1541  */
1542 static int
1543 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1544 {
1545         uint_t  sz;
1546         char    *name;
1547         int     err = 0;
1548 
1549         /* get the path name */
1550         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1551         if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1552                 kmem_free(name, MAXPATHLEN);
1553                 return (EINVAL);
1554         }
1555 
1556         sz = strlen(name) + 1;
1557 
1558         /* Error if the path name is larger than the space allocated */
1559         if (sz > len) {
1560                 kmem_free(name, MAXPATHLEN);
1561                 return (ENOSPC);
1562         }
1563 
1564         /* copy out the path name */
1565         if (copyout(name, uname, sz) != 0)
1566                 err = EFAULT;
1567         kmem_free(name, MAXPATHLEN);
1568         return (err);
1569 }
1570 
1571 static int
1572 modctl_get_fbname(char *path)
1573 {
1574         extern dev_t fbdev;
1575         char *pathname = NULL;
1576         int rval = 0;
1577 
1578         /* make sure fbdev is set before we plunge in */
1579         if (fbdev == NODEV)
1580                 return (ENODEV);
1581 
1582         pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1583         if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1584             pathname)) == DDI_SUCCESS) {
1585                 if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1586                         rval = EFAULT;
1587                 }
1588         }
1589         kmem_free(pathname, MAXPATHLEN);
1590         return (rval);
1591 }
1592 
1593 /*
1594  * modctl_reread_dacf()
1595  *      Reread the dacf rules database from the named binding file.
1596  *      If NULL is specified, pass along the NULL, it means 'use the default'.
1597  */
1598 static int
1599 modctl_reread_dacf(char *path)
1600 {
1601         int rval = 0;
1602         char *filename, *filenamep;
1603 
1604         filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1605 
1606         if (path == NULL) {
1607                 filenamep = NULL;
1608         } else {
1609                 if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1610                         rval = EFAULT;
1611                         goto out;
1612                 }
1613                 filenamep = filename;
1614                 filenamep[MAXPATHLEN - 1] = '\0';
1615         }
1616 
1617         rval = read_dacf_binding_file(filenamep);
1618 out:
1619         kmem_free(filename, MAXPATHLEN);
1620         return (rval);
1621 }
1622 
1623 /*ARGSUSED*/
1624 static int
1625 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1626     uint_t flag)
1627 {
1628         int error = 0;
1629         char *filenamep;
1630 
1631         switch (subcmd) {
1632 
1633         case MODEVENTS_FLUSH:
1634                 /* flush all currently queued events */
1635                 log_sysevent_flushq(subcmd, flag);
1636                 break;
1637 
1638         case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1639                 /*
1640                  * bind door_upcall to filename
1641                  * this should only be done once per invocation
1642                  * of the event daemon.
1643                  */
1644 
1645                 filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1646 
1647                 if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1648                         error = EFAULT;
1649                 } else {
1650                         error = log_sysevent_filename(filenamep);
1651                 }
1652                 kmem_free(filenamep, MOD_MAXPATH);
1653                 break;
1654 
1655         case MODEVENTS_GETDATA:
1656                 error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1657                     (size_t)a3, (caddr_t)a4);
1658                 break;
1659 
1660         case MODEVENTS_FREEDATA:
1661                 error = log_sysevent_free_data((sysevent_id_t *)a2);
1662                 break;
1663         case MODEVENTS_POST_EVENT:
1664                 error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1665                     (sysevent_id_t *)a4);
1666                 break;
1667         case MODEVENTS_REGISTER_EVENT:
1668                 error = log_sysevent_register((char *)a2, (char *)a3,
1669                     (se_pubsub_t *)a4);
1670                 break;
1671         default:
1672                 error = EINVAL;
1673         }
1674 
1675         return (error);
1676 }
1677 
1678 static void
1679 free_mperm(mperm_t *mp)
1680 {
1681         int len;
1682 
1683         if (mp->mp_minorname) {
1684                 len = strlen(mp->mp_minorname) + 1;
1685                 kmem_free(mp->mp_minorname, len);
1686         }
1687         kmem_free(mp, sizeof (mperm_t));
1688 }
1689 
1690 #define MP_NO_DRV_ERR   \
1691         "/etc/minor_perm: no driver for %s\n"
1692 
1693 #define MP_EMPTY_MINOR  \
1694         "/etc/minor_perm: empty minor name for driver %s\n"
1695 
1696 #define MP_NO_MINOR     \
1697         "/etc/minor_perm: no minor matching %s for driver %s\n"
1698 
1699 /*
1700  * Remove mperm entry with matching minorname
1701  */
1702 static void
1703 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1704 {
1705         mperm_t **mp_head;
1706         mperm_t *freemp = NULL;
1707         struct devnames *dnp = &devnamesp[major];
1708         mperm_t **wildmp;
1709 
1710         ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1711 
1712         LOCK_DEV_OPS(&dnp->dn_lock);
1713         if (strcmp(mp->mp_minorname, "*") == 0) {
1714                 wildmp = ((is_clone == 0) ?
1715                     &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1716                 if (*wildmp)
1717                         freemp = *wildmp;
1718                 *wildmp = NULL;
1719         } else {
1720                 mp_head = &dnp->dn_mperm;
1721                 while (*mp_head) {
1722                         if (strcmp((*mp_head)->mp_minorname,
1723                             mp->mp_minorname) != 0) {
1724                                 mp_head = &(*mp_head)->mp_next;
1725                                 continue;
1726                         }
1727                         /* remove the entry */
1728                         freemp = *mp_head;
1729                         *mp_head = freemp->mp_next;
1730                         break;
1731                 }
1732         }
1733         if (freemp) {
1734                 if (moddebug & MODDEBUG_MINORPERM) {
1735                         cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1736                             drvname, freemp->mp_minorname,
1737                             freemp->mp_mode & 0777,
1738                             freemp->mp_uid, freemp->mp_gid);
1739                 }
1740                 free_mperm(freemp);
1741         } else {
1742                 if (moddebug & MODDEBUG_MINORPERM) {
1743                         cmn_err(CE_CONT, MP_NO_MINOR,
1744                             drvname, mp->mp_minorname);
1745                 }
1746         }
1747 
1748         UNLOCK_DEV_OPS(&dnp->dn_lock);
1749 }
1750 
1751 /*
1752  * Add minor perm entry
1753  */
1754 static void
1755 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1756 {
1757         mperm_t **mp_head;
1758         mperm_t *freemp = NULL;
1759         struct devnames *dnp = &devnamesp[major];
1760         mperm_t **wildmp;
1761 
1762         ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1763 
1764         /*
1765          * Note that update_drv replace semantics require
1766          * replacing matching entries with the new permissions.
1767          */
1768         LOCK_DEV_OPS(&dnp->dn_lock);
1769         if (strcmp(mp->mp_minorname, "*") == 0) {
1770                 wildmp = ((is_clone == 0) ?
1771                     &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1772                 if (*wildmp)
1773                         freemp = *wildmp;
1774                 *wildmp = mp;
1775         } else {
1776                 mperm_t *p, *v = NULL;
1777                 for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1778                         if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1779                                 if (v == NULL)
1780                                         dnp->dn_mperm = mp;
1781                                 else
1782                                         v->mp_next = mp;
1783                                 mp->mp_next = p->mp_next;
1784                                 freemp = p;
1785                                 goto replaced;
1786                         }
1787                 }
1788                 if (p == NULL) {
1789                         mp_head = &dnp->dn_mperm;
1790                         if (*mp_head == NULL) {
1791                                 *mp_head = mp;
1792                         } else {
1793                                 mp->mp_next = *mp_head;
1794                                 *mp_head = mp;
1795                         }
1796                 }
1797         }
1798 replaced:
1799         if (freemp) {
1800                 if (moddebug & MODDEBUG_MINORPERM) {
1801                         cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1802                             drvname, freemp->mp_minorname,
1803                             freemp->mp_mode & 0777,
1804                             freemp->mp_uid, freemp->mp_gid);
1805                 }
1806                 free_mperm(freemp);
1807         }
1808         if (moddebug & MODDEBUG_MINORPERM) {
1809                 cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1810                     drvname, mp->mp_minorname, mp->mp_mode & 0777,
1811                     mp->mp_uid, mp->mp_gid);
1812         }
1813         UNLOCK_DEV_OPS(&dnp->dn_lock);
1814 }
1815 
1816 
1817 static int
1818 process_minorperm(int cmd, nvlist_t *nvl)
1819 {
1820         char *minor;
1821         major_t major;
1822         mperm_t *mp;
1823         nvpair_t *nvp;
1824         char *name;
1825         int is_clone;
1826         major_t minmaj;
1827 
1828         ASSERT(cmd == MODLOADMINORPERM ||
1829             cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1830 
1831         nvp = NULL;
1832         while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1833                 name = nvpair_name(nvp);
1834 
1835                 is_clone = 0;
1836                 (void) nvpair_value_string(nvp, &minor);
1837                 major = ddi_name_to_major(name);
1838                 if (major != DDI_MAJOR_T_NONE) {
1839                         mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1840                         if (minor == NULL || strlen(minor) == 0) {
1841                                 if (moddebug & MODDEBUG_MINORPERM) {
1842                                         cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1843                                 }
1844                                 minor = "*";
1845                         }
1846 
1847                         /*
1848                          * The minor name of a node using the clone
1849                          * driver must be the driver name.  To avoid
1850                          * multiple searches, we map entries in the form
1851                          * clone:<driver> to <driver>:*.  This also allows us
1852                          * to filter out some of the litter in /etc/minor_perm.
1853                          * Minor perm alias entries where the name is not
1854                          * the driver kept on the clone list itself.
1855                          * This all seems very fragile as a driver could
1856                          * be introduced with an existing alias name.
1857                          */
1858                         if (strcmp(name, "clone") == 0) {
1859                                 minmaj = ddi_name_to_major(minor);
1860                                 if (minmaj != DDI_MAJOR_T_NONE) {
1861                                         if (moddebug & MODDEBUG_MINORPERM) {
1862                                                 cmn_err(CE_CONT,
1863                                                     "mapping %s:%s to %s:*\n",
1864                                                     name, minor, minor);
1865                                         }
1866                                         major = minmaj;
1867                                         name = minor;
1868                                         minor = "*";
1869                                         is_clone = 1;
1870                                 }
1871                         }
1872 
1873                         if (mp) {
1874                                 mp->mp_minorname =
1875                                     i_ddi_strdup(minor, KM_SLEEP);
1876                         }
1877                 } else {
1878                         mp = NULL;
1879                         if (moddebug & MODDEBUG_MINORPERM) {
1880                                 cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1881                         }
1882                 }
1883 
1884                 /* mode */
1885                 nvp = nvlist_next_nvpair(nvl, nvp);
1886                 ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1887                 if (mp)
1888                         (void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1889                 /* uid */
1890                 nvp = nvlist_next_nvpair(nvl, nvp);
1891                 ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1892                 if (mp)
1893                         (void) nvpair_value_uint32(nvp, &mp->mp_uid);
1894                 /* gid */
1895                 nvp = nvlist_next_nvpair(nvl, nvp);
1896                 ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1897                 if (mp) {
1898                         (void) nvpair_value_uint32(nvp, &mp->mp_gid);
1899 
1900                         if (cmd == MODREMMINORPERM) {
1901                                 rem_minorperm(major, name, mp, is_clone);
1902                                 free_mperm(mp);
1903                         } else {
1904                                 add_minorperm(major, name, mp, is_clone);
1905                         }
1906                 }
1907         }
1908 
1909         if (cmd == MODLOADMINORPERM)
1910                 minorperm_loaded = 1;
1911 
1912         /*
1913          * Reset permissions of cached dv_nodes
1914          */
1915         (void) devfs_reset_perm(DV_RESET_PERM);
1916 
1917         return (0);
1918 }
1919 
1920 static int
1921 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1922 {
1923         int error;
1924         nvlist_t *nvl;
1925         char *buf = kmem_alloc(buflen, KM_SLEEP);
1926 
1927         if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1928                 kmem_free(buf, buflen);
1929                 return (error);
1930         }
1931 
1932         error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1933         kmem_free(buf, buflen);
1934         if (error)
1935                 return (error);
1936 
1937         error = process_minorperm(cmd, nvl);
1938         nvlist_free(nvl);
1939         return (error);
1940 }
1941 
1942 struct walk_args {
1943         char            *wa_drvname;
1944         list_t          wa_pathlist;
1945 };
1946 
1947 struct path_elem {
1948         char            *pe_dir;
1949         char            *pe_nodename;
1950         list_node_t     pe_node;
1951         int             pe_dirlen;
1952 };
1953 
1954 /*ARGSUSED*/
1955 static int
1956 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1957 {
1958         struct walk_args *wargs = (struct walk_args *)arg;
1959         struct path_elem *pe;
1960         char *nodename;
1961 
1962         /*
1963          * Search may be restricted to a single driver in the case of rem_drv
1964          */
1965         if (wargs->wa_drvname &&
1966             strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1967                 return (INST_WALK_CONTINUE);
1968 
1969         pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1970         pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1971         pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1972         ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1973         nodename = strrchr(pe->pe_dir, '/');
1974         *nodename++ = 0;
1975         pe->pe_nodename = nodename;
1976         list_insert_tail(&wargs->wa_pathlist, pe);
1977 
1978         return (INST_WALK_CONTINUE);
1979 }
1980 
1981 /*
1982  * /devices attribute nodes clean-up optionally performed
1983  * when removing a driver (rem_drv -C).
1984  *
1985  * Removing attribute nodes allows a machine to be reprovisioned
1986  * without the side-effect of inadvertently picking up stale
1987  * device node ownership or permissions.
1988  *
1989  * Preserving attributes (not performing cleanup) allows devices
1990  * attribute changes to be preserved across upgrades, as
1991  * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1992  */
1993 static int
1994 modctl_remdrv_cleanup(const char *u_drvname)
1995 {
1996         struct walk_args *wargs;
1997         struct path_elem *pe;
1998         char *drvname;
1999         int err, rval = 0;
2000 
2001         drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
2002         if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
2003                 kmem_free(drvname, MAXMODCONFNAME);
2004                 return (err);
2005         }
2006 
2007         /*
2008          * First go through the instance database.  For each
2009          * instance of a device bound to the driver being
2010          * removed, remove any underlying devfs attribute nodes.
2011          *
2012          * This is a two-step process.  First we go through
2013          * the instance data itself, constructing a list of
2014          * the nodes discovered.  The second step is then
2015          * to find and remove any devfs attribute nodes
2016          * for the instances discovered in the first step.
2017          * The two-step process avoids any difficulties
2018          * which could arise by holding the instance data
2019          * lock with simultaneous devfs operations.
2020          */
2021         wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2022 
2023         wargs->wa_drvname = drvname;
2024         list_create(&wargs->wa_pathlist,
2025             sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2026 
2027         (void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2028 
2029         for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2030             pe = list_next(&wargs->wa_pathlist, pe)) {
2031                 err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2032                     (const char *)pe->pe_nodename);
2033                 if (rval == 0)
2034                         rval = err;
2035         }
2036 
2037         while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2038                 list_remove(&wargs->wa_pathlist, pe);
2039                 kmem_free(pe->pe_dir, pe->pe_dirlen);
2040                 kmem_free(pe, sizeof (*pe));
2041         }
2042         kmem_free(wargs, sizeof (*wargs));
2043 
2044         /*
2045          * Pseudo nodes aren't recorded in the instance database
2046          * so any such nodes need to be handled separately.
2047          */
2048         err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2049         if (rval == 0)
2050                 rval = err;
2051 
2052         kmem_free(drvname, MAXMODCONFNAME);
2053         return (rval);
2054 }
2055 
2056 /*
2057  * Perform a cleanup of non-existent /devices attribute nodes,
2058  * similar to rem_drv -C, but for all drivers/devices.
2059  * This is also optional, performed as part of devfsadm -C.
2060  */
2061 void
2062 dev_devices_cleanup()
2063 {
2064         struct walk_args *wargs;
2065         struct path_elem *pe;
2066         dev_info_t *devi;
2067         char *path;
2068         int err;
2069 
2070         /*
2071          * It's expected that all drivers have been loaded and
2072          * module unloading disabled while performing cleanup.
2073          */
2074         ASSERT(modunload_disable_count > 0);
2075 
2076         wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2077         wargs->wa_drvname = NULL;
2078         list_create(&wargs->wa_pathlist,
2079             sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2080 
2081         (void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2082 
2083         path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2084 
2085         for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2086             pe = list_next(&wargs->wa_pathlist, pe)) {
2087                 (void) snprintf(path, MAXPATHLEN, "%s/%s",
2088                     pe->pe_dir, pe->pe_nodename);
2089                 devi = e_ddi_hold_devi_by_path(path, 0);
2090                 if (devi != NULL) {
2091                         ddi_release_devi(devi);
2092                 } else {
2093                         err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2094                             (const char *)pe->pe_nodename);
2095                         if (err) {
2096                                 cmn_err(CE_CONT,
2097                                     "devfs: %s: clean-up error %d\n",
2098                                     path, err);
2099                         }
2100                 }
2101         }
2102 
2103         while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2104                 list_remove(&wargs->wa_pathlist, pe);
2105                 kmem_free(pe->pe_dir, pe->pe_dirlen);
2106                 kmem_free(pe, sizeof (*pe));
2107         }
2108         kmem_free(wargs, sizeof (*wargs));
2109         kmem_free(path, MAXPATHLEN);
2110 }
2111 
2112 static int
2113 modctl_allocpriv(const char *name)
2114 {
2115         char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2116         int error;
2117 
2118         if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2119                 kmem_free(pstr, PRIVNAME_MAX);
2120                 return (error);
2121         }
2122         error = priv_getbyname(pstr, PRIV_ALLOC);
2123         if (error < 0)
2124                 error = -error;
2125         else
2126                 error = 0;
2127         kmem_free(pstr, PRIVNAME_MAX);
2128         return (error);
2129 }
2130 
2131 static int
2132 modctl_devexists(const char *upath, int pathlen)
2133 {
2134         char    *path;
2135         int     ret;
2136 
2137         /*
2138          * copy in the path, including the terminating null
2139          */
2140         pathlen++;
2141         if (pathlen <= 1 || pathlen > MAXPATHLEN)
2142                 return (EINVAL);
2143         path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2144         if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2145                 ret = sdev_modctl_devexists(path);
2146         }
2147 
2148         kmem_free(path, pathlen + 1);
2149         return (ret);
2150 }
2151 
2152 static int
2153 modctl_devreaddir(const char *udir, int udirlen,
2154     char *upaths, int64_t *ulensp)
2155 {
2156         char    *paths = NULL;
2157         char    **dirlist = NULL;
2158         char    *dir;
2159         int64_t ulens;
2160         int64_t lens;
2161         int     i, n;
2162         int     ret = 0;
2163         char    *p;
2164         int     npaths;
2165         int     npaths_alloc;
2166 
2167         /*
2168          * If upaths is NULL then we are only computing the amount of space
2169          * needed to return the paths, with the value returned in *ulensp. If we
2170          * are copying out paths then we get the amount of space allocated by
2171          * the caller. If the actual space needed for paths is larger, or
2172          * things are changing out from under us, then we return EAGAIN.
2173          */
2174         if (upaths) {
2175                 if (ulensp == NULL)
2176                         return (EINVAL);
2177                 if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2178                         return (EFAULT);
2179         }
2180 
2181         /*
2182          * copyin the /dev path including terminating null
2183          */
2184         udirlen++;
2185         if (udirlen <= 1 || udirlen > MAXPATHLEN)
2186                 return (EINVAL);
2187         dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2188         if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2189                 goto err;
2190 
2191         if ((ret = sdev_modctl_readdir(dir, &dirlist,
2192             &npaths, &npaths_alloc, 0)) != 0) {
2193                 ASSERT(dirlist == NULL);
2194                 goto err;
2195         }
2196 
2197         lens = 0;
2198         for (i = 0; i < npaths; i++) {
2199                 lens += strlen(dirlist[i]) + 1;
2200         }
2201         lens++;         /* add one for double termination */
2202 
2203         if (upaths) {
2204                 if (lens > ulens) {
2205                         ret = EAGAIN;
2206                         goto out;
2207                 }
2208 
2209                 paths = kmem_alloc(lens, KM_SLEEP);
2210 
2211                 p = paths;
2212                 for (i = 0; i < npaths; i++) {
2213                         n = strlen(dirlist[i]) + 1;
2214                         bcopy(dirlist[i], p, n);
2215                         p += n;
2216                 }
2217                 *p = 0;
2218 
2219                 if (copyout(paths, upaths, lens)) {
2220                         ret = EFAULT;
2221                         goto err;
2222                 }
2223         }
2224 
2225 out:
2226         /* copy out the amount of space needed to hold the paths */
2227         if (copyout(&lens, ulensp, sizeof (lens)))
2228                 ret = EFAULT;
2229 
2230 err:
2231         if (dirlist)
2232                 sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2233         if (paths)
2234                 kmem_free(paths, lens);
2235         kmem_free(dir, udirlen + 1);
2236         return (ret);
2237 }
2238 
2239 static int
2240 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2241 {
2242         char    *dir;
2243         int     ret;
2244         char    **dirlist = NULL;
2245         int     npaths;
2246         int     npaths_alloc;
2247         int     empty;
2248 
2249         /*
2250          * copyin the /dev path including terminating null
2251          */
2252         udirlen++;
2253         if (udirlen <= 1 || udirlen > MAXPATHLEN)
2254                 return (EINVAL);
2255         dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2256         if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2257                 goto err;
2258 
2259         if ((ret = sdev_modctl_readdir(dir, &dirlist,
2260             &npaths, &npaths_alloc, 1)) != 0) {
2261                 goto err;
2262         }
2263 
2264         empty = npaths ? 0 : 1;
2265         if (copyout(&empty, uempty, sizeof (empty)))
2266                 ret = EFAULT;
2267 
2268 err:
2269         if (dirlist)
2270                 sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2271         kmem_free(dir, udirlen + 1);
2272         return (ret);
2273 }
2274 
2275 static int
2276 modctl_hp(int subcmd, const char *path, char *cn_name, uintptr_t arg,
2277     uintptr_t rval)
2278 {
2279         int error = 0;
2280         size_t pathsz, namesz;
2281         char *devpath, *cn_name_str;
2282 
2283         if (path == NULL)
2284                 return (EINVAL);
2285 
2286         devpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
2287         error = copyinstr(path, devpath, MAXPATHLEN, &pathsz);
2288         if (error != 0) {
2289                 kmem_free(devpath, MAXPATHLEN);
2290                 return (EFAULT);
2291         }
2292 
2293         cn_name_str = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2294         error = copyinstr(cn_name, cn_name_str, MAXNAMELEN, &namesz);
2295         if (error != 0) {
2296                 kmem_free(devpath, MAXPATHLEN);
2297                 kmem_free(cn_name_str, MAXNAMELEN);
2298 
2299                 return (EFAULT);
2300         }
2301 
2302         switch (subcmd) {
2303         case MODHPOPS_CHANGE_STATE:
2304                 error = ddihp_modctl(DDI_HPOP_CN_CHANGE_STATE, devpath,
2305                     cn_name_str, arg, 0);
2306                 break;
2307         case MODHPOPS_CREATE_PORT:
2308                 /* Create an empty PORT */
2309                 error = ddihp_modctl(DDI_HPOP_CN_CREATE_PORT, devpath,
2310                     cn_name_str, 0, 0);
2311                 break;
2312         case MODHPOPS_REMOVE_PORT:
2313                 /* Remove an empty PORT */
2314                 error = ddihp_modctl(DDI_HPOP_CN_REMOVE_PORT, devpath,
2315                     cn_name_str, 0, 0);
2316                 break;
2317         case MODHPOPS_BUS_GET:
2318                 error = ddihp_modctl(DDI_HPOP_CN_GET_PROPERTY, devpath,
2319                     cn_name_str, arg, rval);
2320                 break;
2321         case MODHPOPS_BUS_SET:
2322                 error = ddihp_modctl(DDI_HPOP_CN_SET_PROPERTY, devpath,
2323                     cn_name_str, arg, rval);
2324                 break;
2325         default:
2326                 error = ENOTSUP;
2327                 break;
2328         }
2329 
2330         kmem_free(devpath, MAXPATHLEN);
2331         kmem_free(cn_name_str, MAXNAMELEN);
2332 
2333         return (error);
2334 }
2335 
2336 int
2337 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2338 {
2339         int error = 0;
2340 
2341         switch (subcmd) {
2342         case MODDEVNAME_LOOKUPDOOR:
2343                 error = devname_filename_register((char *)a1);
2344                 break;
2345         case MODDEVNAME_PROFILE:
2346                 error = devname_profile_update((char *)a1, (size_t)a2);
2347                 break;
2348         case MODDEVNAME_RECONFIG:
2349                 i_ddi_set_reconfig();
2350                 break;
2351         case MODDEVNAME_SYSAVAIL:
2352                 i_ddi_set_sysavail();
2353                 break;
2354         default:
2355                 error = EINVAL;
2356                 break;
2357         }
2358 
2359         return (error);
2360 }
2361 
2362 /*ARGSUSED5*/
2363 int
2364 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2365     uintptr_t a5)
2366 {
2367         int     error = EINVAL;
2368         dev_t   dev;
2369 
2370         if (secpolicy_modctl(CRED(), cmd) != 0)
2371                 return (set_errno(EPERM));
2372 
2373         switch (cmd) {
2374         case MODLOAD:           /* load a module */
2375                 error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2376                 break;
2377 
2378         case MODUNLOAD:         /* unload a module */
2379                 error = modctl_modunload((modid_t)a1);
2380                 break;
2381 
2382         case MODINFO:           /* get module status */
2383                 error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2384                 break;
2385 
2386         case MODRESERVED:       /* get last major number in range */
2387                 error = modctl_modreserve((modid_t)a1, (int *)a2);
2388                 break;
2389 
2390         case MODSETMINIROOT:    /* we are running in miniroot */
2391                 isminiroot = 1;
2392                 error = 0;
2393                 break;
2394 
2395         case MODADDMAJBIND:     /* add major / driver alias bindings */
2396                 error = modctl_add_driver_aliases((int *)a2);
2397                 break;
2398 
2399         case MODGETPATHLEN:     /* get modpath length */
2400                 error = modctl_getmodpathlen((int *)a2);
2401                 break;
2402 
2403         case MODGETPATH:        /* get modpath */
2404                 error = modctl_getmodpath((char *)a2);
2405                 break;
2406 
2407         case MODREADSYSBIND:    /* read system call binding file */
2408                 error = modctl_read_sysbinding_file();
2409                 break;
2410 
2411         case MODGETMAJBIND:     /* get major number for named device */
2412                 error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2413                 break;
2414 
2415         case MODGETNAME:        /* get name of device given major number */
2416                 error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2417                 break;
2418 
2419         case MODDEVT2INSTANCE:
2420                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2421                         dev = (dev_t)a1;
2422                 }
2423 #ifdef _SYSCALL32_IMPL
2424                 else {
2425                         dev = expldev(a1);
2426                 }
2427 #endif
2428                 error = modctl_devt2instance(dev, (int *)a2);
2429                 break;
2430 
2431         case MODSIZEOF_DEVID:   /* sizeof device id of device given dev_t */
2432                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2433                         dev = (dev_t)a1;
2434                 }
2435 #ifdef _SYSCALL32_IMPL
2436                 else {
2437                         dev = expldev(a1);
2438                 }
2439 #endif
2440                 error = modctl_sizeof_devid(dev, (uint_t *)a2);
2441                 break;
2442 
2443         case MODGETDEVID:       /* get device id of device given dev_t */
2444                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2445                         dev = (dev_t)a1;
2446                 }
2447 #ifdef _SYSCALL32_IMPL
2448                 else {
2449                         dev = expldev(a1);
2450                 }
2451 #endif
2452                 error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2453                 break;
2454 
2455         case MODSIZEOF_MINORNAME:       /* sizeof minor nm (dev_t,spectype) */
2456                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2457                         error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2458                             (uint_t *)a3);
2459                 }
2460 #ifdef _SYSCALL32_IMPL
2461                 else {
2462                         error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2463                             (uint_t *)a3);
2464                 }
2465 
2466 #endif
2467                 break;
2468 
2469         case MODGETMINORNAME:           /* get minor name of (dev_t,spectype) */
2470                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2471                         error = modctl_get_minorname((dev_t)a1, (int)a2,
2472                             (uint_t)a3, (char *)a4);
2473                 }
2474 #ifdef _SYSCALL32_IMPL
2475                 else {
2476                         error = modctl_get_minorname(expldev(a1), (int)a2,
2477                             (uint_t)a3, (char *)a4);
2478                 }
2479 #endif
2480                 break;
2481 
2482         case MODGETDEVFSPATH_LEN:       /* sizeof path nm of (dev_t,spectype) */
2483                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2484                         error = modctl_devfspath_len((dev_t)a1, (int)a2,
2485                             (uint_t *)a3);
2486                 }
2487 #ifdef _SYSCALL32_IMPL
2488                 else {
2489                         error = modctl_devfspath_len(expldev(a1), (int)a2,
2490                             (uint_t *)a3);
2491                 }
2492 
2493 #endif
2494                 break;
2495 
2496         case MODGETDEVFSPATH:           /* get path name of (dev_t,spec) type */
2497                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2498                         error = modctl_devfspath((dev_t)a1, (int)a2,
2499                             (uint_t)a3, (char *)a4);
2500                 }
2501 #ifdef _SYSCALL32_IMPL
2502                 else {
2503                         error = modctl_devfspath(expldev(a1), (int)a2,
2504                             (uint_t)a3, (char *)a4);
2505                 }
2506 #endif
2507                 break;
2508 
2509         case MODGETDEVFSPATH_MI_LEN:    /* sizeof path nm of (major,instance) */
2510                 error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2511                     (uint_t *)a3);
2512                 break;
2513 
2514         case MODGETDEVFSPATH_MI:        /* get path name of (major,instance) */
2515                 error = modctl_devfspath_mi((major_t)a1, (int)a2,
2516                     (uint_t)a3, (char *)a4);
2517                 break;
2518 
2519 
2520         case MODEVENTS:
2521                 error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2522                 break;
2523 
2524         case MODGETFBNAME:      /* get the framebuffer name */
2525                 error = modctl_get_fbname((char *)a1);
2526                 break;
2527 
2528         case MODREREADDACF:     /* reread dacf rule database from given file */
2529                 error = modctl_reread_dacf((char *)a1);
2530                 break;
2531 
2532         case MODLOADDRVCONF:    /* load driver.conf file for major */
2533                 error = modctl_load_drvconf((major_t)a1, (int)a2);
2534                 break;
2535 
2536         case MODUNLOADDRVCONF:  /* unload driver.conf file for major */
2537                 error = modctl_unload_drvconf((major_t)a1);
2538                 break;
2539 
2540         case MODREMMAJBIND:     /* remove a major binding */
2541                 error = modctl_rem_major((major_t)a1);
2542                 break;
2543 
2544         case MODREMDRVALIAS:    /* remove a major/alias binding */
2545                 error = modctl_remove_driver_aliases((int *)a2);
2546                 break;
2547 
2548         case MODDEVID2PATHS:    /* get paths given devid */
2549                 error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2550                     (uint_t)a3, (size_t *)a4, (char *)a5);
2551                 break;
2552 
2553         case MODSETDEVPOLICY:   /* establish device policy */
2554                 error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2555                 break;
2556 
2557         case MODGETDEVPOLICY:   /* get device policy */
2558                 error = devpolicy_get((int *)a1, (size_t)a2,
2559                     (devplcysys_t *)a3);
2560                 break;
2561 
2562         case MODALLOCPRIV:
2563                 error = modctl_allocpriv((const char *)a1);
2564                 break;
2565 
2566         case MODGETDEVPOLICYBYNAME:
2567                 error = devpolicy_getbyname((size_t)a1,
2568                     (devplcysys_t *)a2, (char *)a3);
2569                 break;
2570 
2571         case MODLOADMINORPERM:
2572         case MODADDMINORPERM:
2573         case MODREMMINORPERM:
2574                 error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2575                 break;
2576 
2577         case MODREMDRVCLEANUP:
2578                 error = modctl_remdrv_cleanup((const char *)a1);
2579                 break;
2580 
2581         case MODDEVEXISTS:      /* non-reconfiguring /dev lookup */
2582                 error = modctl_devexists((const char *)a1, (size_t)a2);
2583                 break;
2584 
2585         case MODDEVREADDIR:     /* non-reconfiguring /dev readdir */
2586                 error = modctl_devreaddir((const char *)a1, (size_t)a2,
2587                     (char *)a3, (int64_t *)a4);
2588                 break;
2589 
2590         case MODDEVEMPTYDIR:    /* non-reconfiguring /dev emptydir */
2591                 error = modctl_devemptydir((const char *)a1, (size_t)a2,
2592                     (int *)a3);
2593                 break;
2594 
2595         case MODDEVNAME:
2596                 error = modctl_moddevname((int)a1, a2, a3);
2597                 break;
2598 
2599         case MODRETIRE: /* retire device named by physpath a1 */
2600                 error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2601                 break;
2602 
2603         case MODISRETIRED:  /* check if a device is retired. */
2604                 error = modctl_is_retired((char *)a1, (int *)a2);
2605                 break;
2606 
2607         case MODUNRETIRE:       /* unretire device named by physpath a1 */
2608                 error = modctl_unretire((char *)a1);
2609                 break;
2610 
2611         case MODHPOPS:  /* hotplug operations */
2612                 /* device named by physpath a2 and Connection name a3 */
2613                 error = modctl_hp((int)a1, (char *)a2, (char *)a3, a4, a5);
2614                 break;
2615 
2616         default:
2617                 error = EINVAL;
2618                 break;
2619         }
2620 
2621         return (error ? set_errno(error) : 0);
2622 }
2623 
2624 /*
2625  * Calls to kobj_load_module()() are handled off to this routine in a
2626  * separate thread.
2627  */
2628 static void
2629 modload_thread(struct loadmt *ltp)
2630 {
2631         /* load the module and signal the creator of this thread */
2632         kmutex_t        cpr_lk;
2633         callb_cpr_t     cpr_i;
2634 
2635         mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2636         CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2637         /* borrow the devi lock from thread which invoked us */
2638         pm_borrow_lock(ltp->owner);
2639         ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2640         pm_return_lock();
2641         sema_v(&ltp->sema);
2642         mutex_enter(&cpr_lk);
2643         CALLB_CPR_EXIT(&cpr_i);
2644         mutex_destroy(&cpr_lk);
2645         thread_exit();
2646 }
2647 
2648 /*
2649  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2650  * is specified then an errno is returned, otherwise a module index is
2651  * returned (-1 on error).
2652  */
2653 static int
2654 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2655 {
2656         struct modctl *modp;
2657         size_t size;
2658         char *fullname;
2659         int retval = EINVAL;
2660         int id = -1;
2661 
2662         if (rmodp)
2663                 *rmodp = NULL;                  /* avoid garbage */
2664 
2665         if (subdir != NULL) {
2666                 /*
2667                  * refuse / in filename to prevent "../" escapes.
2668                  */
2669                 if (strchr(filename, '/') != NULL)
2670                         return (rmodp ? retval : id);
2671 
2672                 /*
2673                  * allocate enough space for <subdir>/<filename><NULL>
2674                  */
2675                 size = strlen(subdir) + strlen(filename) + 2;
2676                 fullname = kmem_zalloc(size, KM_SLEEP);
2677                 (void) sprintf(fullname, "%s/%s", subdir, filename);
2678         } else {
2679                 fullname = (char *)filename;
2680         }
2681 
2682         modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2683         if (modp != NULL) {
2684                 id = modp->mod_id;
2685                 if (rmodp) {
2686                         /* add mod_ref and return *rmodp */
2687                         mutex_enter(&mod_lock);
2688                         modp->mod_ref++;
2689                         mutex_exit(&mod_lock);
2690                         *rmodp = modp;
2691                 }
2692                 mod_release_mod(modp);
2693                 CPU_STATS_ADDQ(CPU, sys, modload, 1);
2694         }
2695 
2696 done:   if (subdir != NULL)
2697                 kmem_free(fullname, size);
2698         return (rmodp ? retval : id);
2699 }
2700 
2701 /*
2702  * This is the primary kernel interface to load a module. It loads and
2703  * installs the named module.  It does not hold mod_ref of the module, so
2704  * a module unload attempt can occur at any time - it is up to the
2705  * _fini/mod_remove implementation to determine if unload will succeed.
2706  */
2707 int
2708 modload(const char *subdir, const char *filename)
2709 {
2710         return (modrload(subdir, filename, NULL));
2711 }
2712 
2713 /*
2714  * Load a module using a series of qualified names from most specific to least
2715  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2716  *                      Value returned in *chosen
2717  * foo/bar.baz.1.2.3    3
2718  * foo/bar.baz.1.2      2
2719  * foo/bar.baz.1        1
2720  * foo/bar.baz          0
2721  *
2722  * Return the module ID on success; -1 if no module was loaded.  On success
2723  * and if 'chosen' is not NULL we also return the number of suffices that
2724  * were in the module we chose to load.
2725  */
2726 int
2727 modload_qualified(const char *subdir, const char *p1,
2728     const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2729 {
2730         char path[MOD_MAXPATH];
2731         size_t n, resid = sizeof (path);
2732         char *p = path;
2733 
2734         char **dotv;
2735         int i, rc, id;
2736         modctl_t *mp;
2737 
2738         if (p2 != NULL)
2739                 n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2740         else
2741                 n = snprintf(p, resid, "%s/%s", subdir, p1);
2742 
2743         if (n >= resid)
2744                 return (-1);
2745 
2746         p += n;
2747         resid -= n;
2748         dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2749 
2750         for (i = 0; i < suffc; i++) {
2751                 dotv[i] = p;
2752                 n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2753 
2754                 if (n >= resid) {
2755                         kmem_free(dotv, sizeof (char *) * (suffc + 1));
2756                         return (-1);
2757                 }
2758 
2759                 p += n;
2760                 resid -= n;
2761         }
2762 
2763         dotv[suffc] = p;
2764 
2765         for (i = suffc; i >= 0; i--) {
2766                 dotv[i][0] = '\0';
2767                 mp = mod_hold_installed_mod(path, 1, 1, &rc);
2768 
2769                 if (mp != NULL) {
2770                         kmem_free(dotv, sizeof (char *) * (suffc + 1));
2771                         id = mp->mod_id;
2772                         mod_release_mod(mp);
2773                         if (chosen != NULL)
2774                                 *chosen = i;
2775                         return (id);
2776                 }
2777         }
2778 
2779         kmem_free(dotv, sizeof (char *) * (suffc + 1));
2780         return (-1);
2781 }
2782 
2783 /*
2784  * Load a module.
2785  */
2786 int
2787 modloadonly(const char *subdir, const char *filename)
2788 {
2789         struct modctl *modp;
2790         char *fullname;
2791         size_t size;
2792         int id, retval;
2793 
2794         if (subdir != NULL) {
2795                 /*
2796                  * allocate enough space for <subdir>/<filename><NULL>
2797                  */
2798                 size = strlen(subdir) + strlen(filename) + 2;
2799                 fullname = kmem_zalloc(size, KM_SLEEP);
2800                 (void) sprintf(fullname, "%s/%s", subdir, filename);
2801         } else {
2802                 fullname = (char *)filename;
2803         }
2804 
2805         id = -1;
2806         modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2807         if (modp) {
2808                 id = modp->mod_id;
2809                 mod_release_mod(modp);
2810         }
2811 
2812         if (subdir != NULL)
2813                 kmem_free(fullname, size);
2814 
2815         if (retval == 0)
2816                 return (id);
2817         return (-1);
2818 }
2819 
2820 /*
2821  * Try to uninstall and unload a module, removing a reference if caller
2822  * specifies rmodp.
2823  */
2824 static int
2825 modunrload(modid_t id, struct modctl **rmodp, int unload)
2826 {
2827         struct modctl   *modp;
2828         int             retval;
2829 
2830         if (rmodp)
2831                 *rmodp = NULL;                  /* avoid garbage */
2832 
2833         if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2834                 return (EINVAL);
2835 
2836         if (rmodp) {
2837                 mutex_enter(&mod_lock);
2838                 modp->mod_ref--;
2839                 if (modp->mod_ref == 0)
2840                         mod_uninstall_ref_zero++;
2841                 mutex_exit(&mod_lock);
2842                 *rmodp = modp;
2843         }
2844 
2845         if (unload) {
2846                 retval = moduninstall(modp);
2847                 if (retval == 0) {
2848                         mod_unload(modp);
2849                         CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2850                 } else if (retval == EALREADY)
2851                         retval = 0;     /* already unloaded, not an error */
2852         } else
2853                 retval = 0;
2854 
2855         mod_release_mod(modp);
2856         return (retval);
2857 }
2858 
2859 /*
2860  * Uninstall and unload a module.
2861  */
2862 int
2863 modunload(modid_t id)
2864 {
2865         int             retval;
2866 
2867         /* synchronize with any active modunload_disable() */
2868         modunload_begin();
2869         if (ddi_root_node())
2870                 (void) devfs_clean(ddi_root_node(), NULL, 0);
2871         retval = modunrload(id, NULL, 1);
2872         modunload_end();
2873         return (retval);
2874 }
2875 
2876 /*
2877  * Return status of a loaded module.
2878  */
2879 static int
2880 modinfo(modid_t id, struct modinfo *modinfop)
2881 {
2882         struct modctl   *modp;
2883         modid_t         mid;
2884         int             i;
2885 
2886         mid = modinfop->mi_id;
2887         if (modinfop->mi_info & MI_INFO_ALL) {
2888                 while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2889                         if ((modinfop->mi_info & MI_INFO_CNT) ||
2890                             modp->mod_installed)
2891                                 break;
2892                         mod_release_mod(modp);
2893                 }
2894                 if (modp == NULL)
2895                         return (EINVAL);
2896         } else {
2897                 modp = mod_hold_by_id(id);
2898                 if (modp == NULL)
2899                         return (EINVAL);
2900                 if (!(modinfop->mi_info & MI_INFO_CNT) &&
2901                     (modp->mod_installed == 0)) {
2902                         mod_release_mod(modp);
2903                         return (EINVAL);
2904                 }
2905         }
2906 
2907         modinfop->mi_rev = 0;
2908         modinfop->mi_state = 0;
2909         for (i = 0; i < MODMAXLINK; i++) {
2910                 modinfop->mi_msinfo[i].msi_p0 = -1;
2911                 modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2912         }
2913         if (modp->mod_loaded) {
2914                 modinfop->mi_state = MI_LOADED;
2915                 kobj_getmodinfo(modp->mod_mp, modinfop);
2916         }
2917         if (modp->mod_installed) {
2918                 modinfop->mi_state |= MI_INSTALLED;
2919 
2920                 (void) mod_getinfo(modp, modinfop);
2921         }
2922 
2923         modinfop->mi_id = modp->mod_id;
2924         modinfop->mi_loadcnt = modp->mod_loadcnt;
2925         (void) strcpy(modinfop->mi_name, modp->mod_modname);
2926 
2927         mod_release_mod(modp);
2928         return (0);
2929 }
2930 
2931 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2932 static char no_err[] = "No error function for weak stub %s";
2933 
2934 /*
2935  * used by the stubs themselves to load and hold a module.
2936  * Returns  0 if the module is successfully held;
2937  *          the stub needs to call mod_release_stub().
2938  *          -1 if the stub should just call the err_fcn.
2939  * Note that this code is stretched out so that we avoid subroutine calls
2940  * and optimize for the most likely case.  That is, the case where the
2941  * module is loaded and installed and not held.  In that case we just inc
2942  * the mod_ref count and continue.
2943  */
2944 int
2945 mod_hold_stub(struct mod_stub_info *stub)
2946 {
2947         struct modctl *mp;
2948         struct mod_modinfo *mip;
2949 
2950         mip = stub->mods_modinfo;
2951 
2952         mutex_enter(&mod_lock);
2953 
2954         /* we do mod_hold_by_modctl inline for speed */
2955 
2956 mod_check_again:
2957         if ((mp = mip->mp) != NULL) {
2958                 if (mp->mod_busy == 0) {
2959                         if (mp->mod_installed) {
2960                                 /* increment the reference count */
2961                                 mp->mod_ref++;
2962                                 ASSERT(mp->mod_ref && mp->mod_installed);
2963                                 mutex_exit(&mod_lock);
2964                                 return (0);
2965                         } else {
2966                                 mp->mod_busy = 1;
2967                                 mp->mod_inprogress_thread =
2968                                     (curthread == NULL ?
2969                                     (kthread_id_t)-1 : curthread);
2970                         }
2971                 } else {
2972                         /*
2973                          * wait one time and then go see if someone
2974                          * else has resolved the stub (set mip->mp).
2975                          */
2976                         if (mod_hold_by_modctl(mp,
2977                             MOD_WAIT_ONCE | MOD_LOCK_HELD))
2978                                 goto mod_check_again;
2979 
2980                         /*
2981                          * what we have now may have been unloaded!, in
2982                          * that case, mip->mp will be NULL, we'll hit this
2983                          * module and load again..
2984                          */
2985                         cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2986                 }
2987                 mutex_exit(&mod_lock);
2988         } else {
2989                 /* first time we've hit this module */
2990                 mutex_exit(&mod_lock);
2991                 mp = mod_hold_by_name(mip->modm_module_name);
2992                 mip->mp = mp;
2993         }
2994 
2995         /*
2996          * If we are here, it means that the following conditions
2997          * are satisfied.
2998          *
2999          * mip->mp != NULL
3000          * this thread has set the mp->mod_busy = 1
3001          * mp->mod_installed = 0
3002          *
3003          */
3004         ASSERT(mp != NULL);
3005         ASSERT(mp->mod_busy == 1);
3006 
3007         if (mp->mod_installed == 0) {
3008                 /* Module not loaded, if weak stub don't load it */
3009                 if (stub->mods_flag & MODS_WEAK) {
3010                         if (stub->mods_errfcn == NULL) {
3011                                 mod_release_mod(mp);
3012                                 cmn_err(CE_PANIC, no_err,
3013                                     mip->modm_module_name);
3014                         }
3015                 } else {
3016                         /* Not a weak stub so load the module */
3017 
3018                         if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
3019                                 /*
3020                                  * If mod_load() was successful
3021                                  * and modinstall() failed, then
3022                                  * unload the module.
3023                                  */
3024                                 if (mp->mod_loaded)
3025                                         mod_unload(mp);
3026 
3027                                 mod_release_mod(mp);
3028                                 if (stub->mods_errfcn == NULL) {
3029                                         cmn_err(CE_PANIC, mod_stub_err,
3030                                             mip->modm_module_name);
3031                                 } else {
3032                                         return (-1);
3033                                 }
3034                         }
3035                 }
3036         }
3037 
3038         /*
3039          * At this point module is held and loaded. Release
3040          * the mod_busy and mod_inprogress_thread before
3041          * returning. We actually call mod_release() here so
3042          * that if another stub wants to access this module,
3043          * it can do so. mod_ref is incremented before mod_release()
3044          * is called to prevent someone else from snatching the
3045          * module from this thread.
3046          */
3047         mutex_enter(&mod_lock);
3048         mp->mod_ref++;
3049         ASSERT(mp->mod_ref &&
3050             (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3051         mod_release(mp);
3052         mutex_exit(&mod_lock);
3053         return (0);
3054 }
3055 
3056 void
3057 mod_release_stub(struct mod_stub_info *stub)
3058 {
3059         struct modctl *mp = stub->mods_modinfo->mp;
3060 
3061         /* inline mod_release_mod */
3062         mutex_enter(&mod_lock);
3063         ASSERT(mp->mod_ref &&
3064             (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3065         mp->mod_ref--;
3066         if (mp->mod_ref == 0)
3067                 mod_uninstall_ref_zero++;
3068         if (mp->mod_want) {
3069                 mp->mod_want = 0;
3070                 cv_broadcast(&mod_cv);
3071         }
3072         mutex_exit(&mod_lock);
3073 }
3074 
3075 static struct modctl *
3076 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
3077 {
3078         struct modctl *modp;
3079         int retval;
3080 
3081         /*
3082          * Hold the module.
3083          */
3084         modp = mod_hold_by_name_requisite(dep, filename);
3085         if (modp) {
3086                 retval = mod_load(modp, 1);
3087                 if (retval != 0) {
3088                         mod_release_mod(modp);
3089                         modp = NULL;
3090                 }
3091                 *status = retval;
3092         } else {
3093                 *status = ENOSPC;
3094         }
3095 
3096         /*
3097          * if dep is not NULL, clear the module dependency information.
3098          * This information is set in mod_hold_by_name_common().
3099          */
3100         if (dep != NULL && dep->mod_requisite_loading != NULL) {
3101                 ASSERT(dep->mod_busy);
3102                 dep->mod_requisite_loading = NULL;
3103         }
3104 
3105         return (modp);
3106 }
3107 
3108 /*
3109  * hold, load, and install the named module
3110  */
3111 static struct modctl *
3112 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3113 {
3114         struct modctl *modp;
3115         int retval;
3116 
3117         /*
3118          * Verify that that module in question actually exists on disk
3119          * before allocation of module structure by mod_hold_by_name.
3120          */
3121         if (modrootloaded && swaploaded || forcecheck) {
3122                 if (!kobj_path_exists(name, usepath)) {
3123                         *r = ENOENT;
3124                         return (NULL);
3125                 }
3126         }
3127 
3128         /*
3129          * Hold the module.
3130          */
3131         modp = mod_hold_by_name(name);
3132         if (modp) {
3133                 retval = mod_load(modp, usepath);
3134                 if (retval != 0) {
3135                         mod_release_mod(modp);
3136                         modp = NULL;
3137                         *r = retval;
3138                 } else {
3139                         if ((*r = modinstall(modp)) != 0) {
3140                                 /*
3141                                  * We loaded it, but failed to _init() it.
3142                                  * Be kind to developers -- force it
3143                                  * out of memory now so that the next
3144                                  * attempt to use the module will cause
3145                                  * a reload.  See 1093793.
3146                                  */
3147                                 mod_unload(modp);
3148                                 mod_release_mod(modp);
3149                                 modp = NULL;
3150                         }
3151                 }
3152         } else {
3153                 *r = ENOSPC;
3154         }
3155         return (modp);
3156 }
3157 
3158 static char mod_excl_msg[] =
3159         "module %s(%s) is EXCLUDED and will not be loaded\n";
3160 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3161 
3162 /*
3163  * This routine is needed for dependencies.  Users specify dependencies
3164  * by declaring a character array initialized to filenames of dependents.
3165  * So the code that handles dependents deals with filenames (and not
3166  * module names) because that's all it has.  We load by filename and once
3167  * we've loaded a file we can get the module name.
3168  * Unfortunately there isn't a single unified filename/modulename namespace.
3169  * C'est la vie.
3170  *
3171  * We allow the name being looked up to be prepended by an optional
3172  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3173  */
3174 struct modctl *
3175 mod_find_by_filename(char *subdir, char *filename)
3176 {
3177         struct modctl   *mp;
3178         size_t          sublen;
3179 
3180         ASSERT(!MUTEX_HELD(&mod_lock));
3181         if (subdir != NULL)
3182                 sublen = strlen(subdir);
3183         else
3184                 sublen = 0;
3185 
3186         mutex_enter(&mod_lock);
3187         mp = &modules;
3188         do {
3189                 if (sublen) {
3190                         char *mod_filename = mp->mod_filename;
3191 
3192                         if (strncmp(subdir, mod_filename, sublen) == 0 &&
3193                             mod_filename[sublen] == '/' &&
3194                             strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3195                                 mutex_exit(&mod_lock);
3196                                 return (mp);
3197                         }
3198                 } else if (strcmp(filename, mp->mod_filename) == 0) {
3199                         mutex_exit(&mod_lock);
3200                         return (mp);
3201                 }
3202         } while ((mp = mp->mod_next) != &modules);
3203         mutex_exit(&mod_lock);
3204         return (NULL);
3205 }
3206 
3207 /*
3208  * Check for circular dependencies.  This is called from do_dependents()
3209  * in kobj.c.  If we are the thread already loading this module, then
3210  * we're trying to load a dependent that we're already loading which
3211  * means the user specified circular dependencies.
3212  */
3213 static int
3214 mod_circdep(struct modctl *modp)
3215 {
3216         struct modctl   *rmod;
3217 
3218         ASSERT(MUTEX_HELD(&mod_lock));
3219 
3220         /*
3221          * Check the mod_inprogress_thread first.
3222          * mod_inprogress_thread is used in mod_hold_stub()
3223          * directly to improve performance.
3224          */
3225         if (modp->mod_inprogress_thread == curthread)
3226                 return (1);
3227 
3228         /*
3229          * Check the module circular dependencies.
3230          */
3231         for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3232                 /*
3233                  * Check if there is a module circular dependency.
3234                  */
3235                 if (rmod->mod_requisite_loading == modp)
3236                         return (1);
3237         }
3238         return (0);
3239 }
3240 
3241 static int
3242 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3243 {
3244         int (*func)(struct modinfo *);
3245         int retval;
3246 
3247         ASSERT(modp->mod_busy);
3248 
3249         /* primary modules don't do getinfo */
3250         if (modp->mod_prim)
3251                 return (0);
3252 
3253         func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3254 
3255         if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3256                 cmn_err(CE_WARN, "_info() not defined properly in %s",
3257                     modp->mod_filename);
3258                 /*
3259                  * The semantics of mod_info(9F) are that 0 is failure
3260                  * and non-zero is success.
3261                  */
3262                 retval = 0;
3263         } else
3264                 retval = (*func)(modinfop);     /* call _info() function */
3265 
3266         if (moddebug & MODDEBUG_USERDEBUG)
3267                 printf("Returned from _info, retval = %x\n", retval);
3268 
3269         return (retval);
3270 }
3271 
3272 static void
3273 modadd(struct modctl *mp)
3274 {
3275         ASSERT(MUTEX_HELD(&mod_lock));
3276 
3277         mp->mod_id = last_module_id++;
3278         mp->mod_next = &modules;
3279         mp->mod_prev = modules.mod_prev;
3280         modules.mod_prev->mod_next = mp;
3281         modules.mod_prev = mp;
3282 }
3283 
3284 /*ARGSUSED*/
3285 static struct modctl *
3286 allocate_modp(const char *filename, const char *modname)
3287 {
3288         struct modctl *mp;
3289 
3290         mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3291         mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3292         (void) strcpy(mp->mod_modname, modname);
3293         return (mp);
3294 }
3295 
3296 /*
3297  * Get the value of a symbol.  This is a wrapper routine that
3298  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3299  * wrapper will prevent callers from noticing.
3300  */
3301 uintptr_t
3302 modgetsymvalue(char *name, int kernelonly)
3303 {
3304         return (kobj_getsymvalue(name, kernelonly));
3305 }
3306 
3307 /*
3308  * Get the symbol nearest an address.  This is a wrapper routine that
3309  * calls kobj_getsymname().  kobj_getsymname() may go away but this
3310  * wrapper will prevent callers from noticing.
3311  */
3312 char *
3313 modgetsymname(uintptr_t value, ulong_t *offset)
3314 {
3315         return (kobj_getsymname(value, offset));
3316 }
3317 
3318 /*
3319  * Lookup a symbol in a specified module.  These are wrapper routines that
3320  * call kobj_lookup().  kobj_lookup() may go away but these wrappers will
3321  * prevent callers from noticing.
3322  */
3323 uintptr_t
3324 modlookup(const char *modname, const char *symname)
3325 {
3326         struct modctl *modp;
3327         uintptr_t val;
3328 
3329         if ((modp = mod_hold_by_name(modname)) == NULL)
3330                 return (0);
3331         val = kobj_lookup(modp->mod_mp, symname);
3332         mod_release_mod(modp);
3333         return (val);
3334 }
3335 
3336 uintptr_t
3337 modlookup_by_modctl(modctl_t *modp, const char *symname)
3338 {
3339         ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3340 
3341         return (kobj_lookup(modp->mod_mp, symname));
3342 }
3343 
3344 /*
3345  * Ask the user for the name of the system file and the default path
3346  * for modules.
3347  */
3348 void
3349 mod_askparams()
3350 {
3351         static char s0[64];
3352         intptr_t fd;
3353 
3354         if ((fd = kobj_open(systemfile)) != -1L)
3355                 kobj_close(fd);
3356         else
3357                 systemfile = self_assembly = NULL;
3358 
3359         /*CONSTANTCONDITION*/
3360         while (1) {
3361                 printf("Name of system file [%s]:  ",
3362                     systemfile ? systemfile : "/dev/null");
3363 
3364                 console_gets(s0, sizeof (s0));
3365 
3366                 if (s0[0] == '\0')
3367                         break;
3368                 else if (strcmp(s0, "/dev/null") == 0) {
3369                         systemfile = self_assembly = NULL;
3370                         break;
3371                 } else {
3372                         if ((fd = kobj_open(s0)) != -1L) {
3373                                 kobj_close(fd);
3374                                 systemfile = s0;
3375                                 self_assembly = NULL;
3376                                 break;
3377                         }
3378                 }
3379                 printf("can't find file %s\n", s0);
3380         }
3381 }
3382 
3383 static char loading_msg[] = "loading '%s' id %d\n";
3384 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3385 
3386 /*
3387  * Common code for loading a module (but not installing it).
3388  * Handoff the task of module loading to a separate thread
3389  * with a large stack if possible, since this code may recurse a few times.
3390  * Return zero if there are no errors or an errno value.
3391  */
3392 static int
3393 mod_load(struct modctl *mp, int usepath)
3394 {
3395         int             retval;
3396         struct modinfo  *modinfop = NULL;
3397         struct loadmt   lt;
3398 
3399         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3400         ASSERT(mp->mod_busy);
3401 
3402         if (mp->mod_loaded)
3403                 return (0);
3404 
3405         if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3406             mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3407                 if (moddebug & MODDEBUG_LOADMSG) {
3408                         printf(mod_excl_msg, mp->mod_filename,
3409                             mp->mod_modname);
3410                 }
3411                 return (ENXIO);
3412         }
3413         if (moddebug & MODDEBUG_LOADMSG2)
3414                 printf(loading_msg, mp->mod_filename, mp->mod_id);
3415 
3416         if (curthread != &t0) {
3417                 lt.mp = mp;
3418                 lt.usepath = usepath;
3419                 lt.owner = curthread;
3420                 sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3421 
3422                 /* create thread to hand of call to */
3423                 (void) thread_create(NULL, DEFAULTSTKSZ * 2,
3424                     modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3425 
3426                 /* wait for thread to complete kobj_load_module */
3427                 sema_p(&lt.sema);
3428 
3429                 sema_destroy(&lt.sema);
3430                 retval = lt.retval;
3431         } else
3432                 retval = kobj_load_module(mp, usepath);
3433 
3434         if (mp->mod_mp) {
3435                 ASSERT(retval == 0);
3436                 mp->mod_loaded = 1;
3437                 mp->mod_loadcnt++;
3438                 if (moddebug & MODDEBUG_LOADMSG) {
3439                         printf(load_msg, mp->mod_filename, mp->mod_id,
3440                             (void *)((struct module *)mp->mod_mp)->text,
3441                             (void *)((struct module *)mp->mod_mp)->data,
3442                             ((struct module *)mp->mod_mp)->text_size,
3443                             ((struct module *)mp->mod_mp)->data_size);
3444                 }
3445 
3446                 /*
3447                  * XXX - There should be a better way to get this.
3448                  */
3449                 modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3450                 modinfop->mi_info = MI_INFO_LINKAGE;
3451                 if (mod_getinfo(mp, modinfop) == 0)
3452                         mp->mod_linkage = NULL;
3453                 else {
3454                         mp->mod_linkage = (void *)modinfop->mi_base;
3455                         ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3456                 }
3457 
3458                 /*
3459                  * DCS: bootstrapping code. If the driver is loaded
3460                  * before root mount, it is assumed that the driver
3461                  * may be used before mounting root. In order to
3462                  * access mappings of global to local minor no.'s
3463                  * during installation/open of the driver, we load
3464                  * them into memory here while the BOP_interfaces
3465                  * are still up.
3466                  */
3467                 if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3468                         retval = clboot_modload(mp);
3469                 }
3470 
3471                 kmem_free(modinfop, sizeof (struct modinfo));
3472                 (void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3473                 retval = install_stubs_by_name(mp, mp->mod_modname);
3474 
3475                 /*
3476                  * Now that the module is loaded, we need to give DTrace
3477                  * a chance to notify its providers.  This is done via
3478                  * the dtrace_modload function pointer.
3479                  */
3480                 if (strcmp(mp->mod_modname, "dtrace") != 0) {
3481                         struct modctl *dmp = mod_hold_by_name("dtrace");
3482 
3483                         if (dmp != NULL && dtrace_modload != NULL)
3484                                 (*dtrace_modload)(mp);
3485 
3486                         mod_release_mod(dmp);
3487                 }
3488 
3489         } else {
3490                 /*
3491                  * If load failed then we need to release any requisites
3492                  * that we had established.
3493                  */
3494                 ASSERT(retval);
3495                 mod_release_requisites(mp);
3496 
3497                 if (moddebug & MODDEBUG_ERRMSG)
3498                         printf("error loading '%s', error %d\n",
3499                             mp->mod_filename, retval);
3500         }
3501         return (retval);
3502 }
3503 
3504 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3505 
3506 static void
3507 mod_unload(struct modctl *mp)
3508 {
3509         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3510         ASSERT(mp->mod_busy);
3511         ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3512             ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3513 
3514         if (moddebug & MODDEBUG_LOADMSG)
3515                 printf(unload_msg, mp->mod_modname,
3516                     mp->mod_id, mp->mod_loadcnt);
3517 
3518         /*
3519          * If mod_ref is not zero, it means some modules might still refer
3520          * to this module. Then you can't unload this module right now.
3521          * Instead, set 1 to mod_delay_unload to notify the system of
3522          * unloading this module later when it's not required any more.
3523          */
3524         if (mp->mod_ref > 0) {
3525                 mp->mod_delay_unload = 1;
3526                 if (moddebug & MODDEBUG_LOADMSG2) {
3527                         printf("module %s not unloaded,"
3528                             " non-zero reference count (%d)",
3529                             mp->mod_modname, mp->mod_ref);
3530                 }
3531                 return;
3532         }
3533 
3534         if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3535             (mp->mod_ref || mp->mod_prim)) {
3536                 /*
3537                  * A DEBUG kernel would ASSERT panic above, the code is broken
3538                  * if we get this warning.
3539                  */
3540                 cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3541                     mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3542                     mp->mod_ref);
3543                 return;
3544         }
3545 
3546         /* reset stub functions to call the binder again */
3547         reset_stubs(mp);
3548 
3549         /*
3550          * mark module as unloaded before the modctl structure is freed.
3551          * This is required not to reuse the modctl structure before
3552          * the module is marked as unloaded.
3553          */
3554         mp->mod_loaded = 0;
3555         mp->mod_linkage = NULL;
3556 
3557         /* free the memory */
3558         kobj_unload_module(mp);
3559 
3560         if (mp->mod_delay_unload) {
3561                 mp->mod_delay_unload = 0;
3562                 if (moddebug & MODDEBUG_LOADMSG2) {
3563                         printf("deferred unload of module %s"
3564                             " (id %d) successful",
3565                             mp->mod_modname, mp->mod_id);
3566                 }
3567         }
3568 
3569         /* release hold on requisites */
3570         mod_release_requisites(mp);
3571 
3572         /*
3573          * Now that the module is gone, we need to give DTrace a chance to
3574          * remove any probes that it may have had in the module.  This is
3575          * done via the dtrace_modunload function pointer.
3576          */
3577         if (strcmp(mp->mod_modname, "dtrace") != 0) {
3578                 struct modctl *dmp = mod_hold_by_name("dtrace");
3579 
3580                 if (dmp != NULL && dtrace_modunload != NULL)
3581                         (*dtrace_modunload)(mp);
3582 
3583                 mod_release_mod(dmp);
3584         }
3585 }
3586 
3587 static int
3588 modinstall(struct modctl *mp)
3589 {
3590         int val;
3591         int (*func)(void);
3592 
3593         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3594         ASSERT(mp->mod_busy && mp->mod_loaded);
3595 
3596         if (mp->mod_installed)
3597                 return (0);
3598         /*
3599          * If mod_delay_unload is on, it means the system chose the deferred
3600          * unload for this module. Then you can't install this module until
3601          * it's unloaded from the system.
3602          */
3603         if (mp->mod_delay_unload)
3604                 return (ENXIO);
3605 
3606         if (moddebug & MODDEBUG_LOADMSG)
3607                 printf("installing %s, module id %d.\n",
3608                     mp->mod_modname, mp->mod_id);
3609 
3610         ASSERT(mp->mod_mp != NULL);
3611         if (mod_install_requisites(mp) != 0) {
3612                 /*
3613                  * Note that we can't call mod_unload(mp) here since
3614                  * if modinstall() was called by mod_install_requisites(),
3615                  * we won't be able to hold the dependent modules
3616                  * (otherwise there would be a deadlock).
3617                  */
3618                 return (ENXIO);
3619         }
3620 
3621         if (moddebug & MODDEBUG_ERRMSG) {
3622                 printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3623                     mp->mod_filename, mp->mod_id,
3624                     (void *)((struct module *)mp->mod_mp)->text,
3625                     (void *)((struct module *)mp->mod_mp)->data,
3626                     ((struct module *)mp->mod_mp)->text_size,
3627                     ((struct module *)mp->mod_mp)->data_size);
3628         }
3629 
3630         func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3631 
3632         if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3633                 cmn_err(CE_WARN, "_init() not defined properly in %s",
3634                     mp->mod_filename);
3635                 return (EFAULT);
3636         }
3637 
3638         if (moddebug & MODDEBUG_USERDEBUG) {
3639                 printf("breakpoint before calling %s:_init()\n",
3640                     mp->mod_modname);
3641                 if (DEBUGGER_PRESENT)
3642                         debug_enter("_init");
3643         }
3644 
3645         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3646         ASSERT(mp->mod_busy && mp->mod_loaded);
3647         val = (*func)();                /* call _init */
3648 
3649         if (moddebug & MODDEBUG_USERDEBUG)
3650                 printf("Returned from _init, val = %x\n", val);
3651 
3652         if (val == 0) {
3653                 /*
3654                  * Set the MODS_INSTALLED flag to enable this module
3655                  * being called now.
3656                  */
3657                 install_stubs(mp);
3658                 mp->mod_installed = 1;
3659         } else if (moddebug & MODDEBUG_ERRMSG)
3660                 printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3661 
3662         return (val);
3663 }
3664 
3665 int     detach_driver_unconfig = 0;
3666 
3667 static int
3668 detach_driver(char *name)
3669 {
3670         major_t major;
3671         int error;
3672 
3673         /*
3674          * If being called from mod_uninstall_all() then the appropriate
3675          * driver detaches (leaf only) have already been done.
3676          */
3677         if (mod_in_autounload())
3678                 return (0);
3679 
3680         major = ddi_name_to_major(name);
3681         if (major == DDI_MAJOR_T_NONE)
3682                 return (0);
3683 
3684         error = ndi_devi_unconfig_driver(ddi_root_node(),
3685             NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3686         return (error == NDI_SUCCESS ? 0 : -1);
3687 }
3688 
3689 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3690 
3691 static int
3692 moduninstall(struct modctl *mp)
3693 {
3694         int status = 0;
3695         int (*func)(void);
3696 
3697         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3698         ASSERT(mp->mod_busy);
3699 
3700         /*
3701          * Verify that we need to do something and can uninstall the module.
3702          *
3703          * If we should not uninstall the module or if the module is not in
3704          * the correct state to start an uninstall we return EBUSY to prevent
3705          * us from progressing to mod_unload.  If the module has already been
3706          * uninstalled and unloaded we return EALREADY.
3707          */
3708         if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3709                 return (EBUSY);
3710         if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3711                 return (EALREADY);
3712 
3713         /*
3714          * To avoid devinfo / module deadlock we must release this module
3715          * prior to initiating the detach_driver, otherwise the detach_driver
3716          * might deadlock on a devinfo node held by another thread
3717          * coming top down and involving the module we have locked.
3718          *
3719          * When we regrab the module we must reverify that it is OK
3720          * to proceed with the uninstall operation.
3721          */
3722         mod_release_mod(mp);
3723         status = detach_driver(mp->mod_modname);
3724         (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3725 
3726         /* check detach status and reverify state with lock */
3727         mutex_enter(&mod_lock);
3728         if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3729                 mutex_exit(&mod_lock);
3730                 return (EBUSY);
3731         }
3732         if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3733                 mutex_exit(&mod_lock);
3734                 return (EALREADY);
3735         }
3736         mutex_exit(&mod_lock);
3737 
3738         if (moddebug & MODDEBUG_LOADMSG2)
3739                 printf("uninstalling %s\n", mp->mod_modname);
3740 
3741         /*
3742          * lookup _fini, return EBUSY if not defined.
3743          *
3744          * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3745          * detach(9E) - it allows bufctl addresses to be resolved.
3746          */
3747         func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3748         if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3749             (moddebug & MODDEBUG_FINI_EBUSY))
3750                 return (EBUSY);
3751 
3752         /* verify that _fini is in this module */
3753         if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3754                 cmn_err(CE_WARN, "_fini() not defined properly in %s",
3755                     mp->mod_filename);
3756                 return (EFAULT);
3757         }
3758 
3759         /* call _fini() */
3760         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3761         ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3762 
3763         status = (*func)();
3764 
3765         if (status == 0) {
3766                 /* _fini returned success, the module is no longer installed */
3767                 if (moddebug & MODDEBUG_LOADMSG)
3768                         printf("uninstalled %s\n", mp->mod_modname);
3769 
3770                 /*
3771                  * Even though we only set mod_installed to zero here, a zero
3772                  * return value means we are committed to a code path were
3773                  * mod_loaded will also end up as zero - we have no other
3774                  * way to get the module data and bss back to the pre _init
3775                  * state except a reload. To ensure this, after return,
3776                  * mod_busy must stay set until mod_loaded is cleared.
3777                  */
3778                 mp->mod_installed = 0;
3779 
3780                 /*
3781                  * Clear the MODS_INSTALLED flag not to call functions
3782                  * in the module directly from now on.
3783                  */
3784                 uninstall_stubs(mp);
3785         } else {
3786                 if (moddebug & MODDEBUG_USERDEBUG)
3787                         printf(finiret_msg, mp->mod_filename, status);
3788                 /*
3789                  * By definition _fini is only allowed to return EBUSY or the
3790                  * result of mod_remove (EBUSY or EINVAL).  In the off chance
3791                  * that a driver returns EALREADY we convert this to EINVAL
3792                  * since to our caller EALREADY means module was already
3793                  * removed.
3794                  */
3795                 if (status == EALREADY)
3796                         status = EINVAL;
3797         }
3798 
3799         return (status);
3800 }
3801 
3802 /*
3803  * Uninstall all modules.
3804  */
3805 static void
3806 mod_uninstall_all(void)
3807 {
3808         struct modctl   *mp;
3809         int             pass;
3810         modid_t         modid;
3811 
3812         /* synchronize with any active modunload_disable() */
3813         modunload_begin();
3814 
3815         /* mark this thread as doing autounloading */
3816         (void) tsd_set(mod_autounload_key, (void *)1);
3817 
3818         (void) devfs_clean(ddi_root_node(), NULL, 0);
3819         (void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3820 
3821         /*
3822          * Loop up to max times if we keep producing unreferenced modules.
3823          * A new unreferenced module is an opportunity to unload.
3824          */
3825         for (pass = 0; pass < mod_uninstall_pass_max; pass++) {
3826 
3827                 /* zero count of modules that go unreferenced during pass */
3828                 mod_uninstall_ref_zero = 0;
3829 
3830                 modid = 0;
3831                 while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3832                         modid = mp->mod_id;
3833 
3834                         /*
3835                          * Skip modules with the MOD_NOAUTOUNLOAD flag set
3836                          */
3837                         if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3838                                 mod_release_mod(mp);
3839                                 continue;
3840                         }
3841 
3842                         if (moduninstall(mp) == 0) {
3843                                 mod_unload(mp);
3844                                 CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3845                         }
3846                         mod_release_mod(mp);
3847                 }
3848 
3849                 /* break if no modules went unreferenced during pass */
3850                 if (mod_uninstall_ref_zero == 0)
3851                         break;
3852         }
3853         if (pass >= mod_uninstall_pass_max)
3854                 mod_uninstall_pass_exc++;
3855 
3856         (void) tsd_set(mod_autounload_key, NULL);
3857         modunload_end();
3858 }
3859 
3860 /* wait for unloads that have begun before registering disable */
3861 void
3862 modunload_disable(void)
3863 {
3864         mutex_enter(&modunload_wait_mutex);
3865         while (modunload_active_count) {
3866                 modunload_wait++;
3867                 cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3868                 modunload_wait--;
3869         }
3870         modunload_disable_count++;
3871         mutex_exit(&modunload_wait_mutex);
3872 }
3873 
3874 /* mark end of disable and signal waiters */
3875 void
3876 modunload_enable(void)
3877 {
3878         mutex_enter(&modunload_wait_mutex);
3879         modunload_disable_count--;
3880         if ((modunload_disable_count == 0) && modunload_wait)
3881                 cv_broadcast(&modunload_wait_cv);
3882         mutex_exit(&modunload_wait_mutex);
3883 }
3884 
3885 /* wait for disables to complete before begining unload */
3886 void
3887 modunload_begin()
3888 {
3889         mutex_enter(&modunload_wait_mutex);
3890         while (modunload_disable_count) {
3891                 modunload_wait++;
3892                 cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3893                 modunload_wait--;
3894         }
3895         modunload_active_count++;
3896         mutex_exit(&modunload_wait_mutex);
3897 }
3898 
3899 /* mark end of unload and signal waiters */
3900 void
3901 modunload_end()
3902 {
3903         mutex_enter(&modunload_wait_mutex);
3904         modunload_active_count--;
3905         if ((modunload_active_count == 0) && modunload_wait)
3906                 cv_broadcast(&modunload_wait_cv);
3907         mutex_exit(&modunload_wait_mutex);
3908 }
3909 
3910 void
3911 mod_uninstall_daemon(void)
3912 {
3913         callb_cpr_t     cprinfo;
3914         clock_t         ticks;
3915 
3916         mod_aul_thread = curthread;
3917 
3918         CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3919         for (;;) {
3920                 mutex_enter(&mod_uninstall_lock);
3921                 CALLB_CPR_SAFE_BEGIN(&cprinfo);
3922                 /*
3923                  * In DEBUG kernels, unheld drivers are uninstalled periodically
3924                  * every mod_uninstall_interval seconds.  Periodic uninstall can
3925                  * be disabled by setting mod_uninstall_interval to 0 which is
3926                  * the default for a non-DEBUG kernel.
3927                  */
3928                 if (mod_uninstall_interval) {
3929                         ticks = drv_usectohz(mod_uninstall_interval * 1000000);
3930                         (void) cv_reltimedwait(&mod_uninstall_cv,
3931                             &mod_uninstall_lock, ticks, TR_CLOCK_TICK);
3932                 } else {
3933                         cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3934                 }
3935                 /*
3936                  * The whole daemon is safe for CPR except we don't want
3937                  * the daemon to run if FREEZE is issued and this daemon
3938                  * wakes up from the cv_wait above. In this case, it'll be
3939                  * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3940                  *
3941                  * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3942                  * mod_uninstall_lock is used to protect cprinfo and
3943                  * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3944                  * called.
3945                  */
3946                 CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3947                 CALLB_CPR_SAFE_BEGIN(&cprinfo);
3948                 mutex_exit(&mod_uninstall_lock);
3949                 if ((modunload_disable_count == 0) &&
3950                     ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3951                         mod_uninstall_all();
3952                 }
3953         }
3954 }
3955 
3956 /*
3957  * Unload all uninstalled modules.
3958  */
3959 void
3960 modreap(void)
3961 {
3962         mutex_enter(&mod_uninstall_lock);
3963         cv_broadcast(&mod_uninstall_cv);
3964         mutex_exit(&mod_uninstall_lock);
3965 }
3966 
3967 /*
3968  * Hold the specified module. This is the module holding primitive.
3969  *
3970  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3971  *
3972  * Return values:
3973  *       0 ==> the module is held
3974  *       1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3975  *              to determine how to retry.
3976  */
3977 int
3978 mod_hold_by_modctl(struct modctl *mp, int f)
3979 {
3980         ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3981             ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3982             (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3983         ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3984             ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3985             (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3986         ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3987 
3988         if (f & MOD_LOCK_NOT_HELD)
3989                 mutex_enter(&mod_lock);
3990 
3991         while (mp->mod_busy) {
3992                 mp->mod_want = 1;
3993                 cv_wait(&mod_cv, &mod_lock);
3994                 /*
3995                  * Module may be unloaded by daemon.
3996                  * Nevertheless, modctl structure is still in linked list
3997                  * (i.e., off &modules), not freed!
3998                  * Caller is not supposed to assume "mp" is valid, but there
3999                  * is no reasonable way to detect this but using
4000                  * mp->mod_modinfo->mp == NULL check (follow the back pointer)
4001                  *   (or similar check depending on calling context)
4002                  * DON'T free modctl structure, it will be very very
4003                  * problematic.
4004                  */
4005                 if (f & MOD_WAIT_ONCE) {
4006                         if (f & MOD_LOCK_NOT_HELD)
4007                                 mutex_exit(&mod_lock);
4008                         return (1);     /* caller decides how to retry */
4009                 }
4010         }
4011 
4012         mp->mod_busy = 1;
4013         mp->mod_inprogress_thread =
4014             (curthread == NULL ? (kthread_id_t)-1 : curthread);
4015 
4016         if (f & MOD_LOCK_NOT_HELD)
4017                 mutex_exit(&mod_lock);
4018         return (0);
4019 }
4020 
4021 static struct modctl *
4022 mod_hold_by_name_common(struct modctl *dep, const char *filename)
4023 {
4024         const char      *modname;
4025         struct modctl   *mp;
4026         char            *curname, *newname;
4027         int             found = 0;
4028 
4029         mutex_enter(&mod_lock);
4030 
4031         if ((modname = strrchr(filename, '/')) == NULL)
4032                 modname = filename;
4033         else
4034                 modname++;
4035 
4036         mp = &modules;
4037         do {
4038                 if (strcmp(modname, mp->mod_modname) == 0) {
4039                         found = 1;
4040                         break;
4041                 }
4042         } while ((mp = mp->mod_next) != &modules);
4043 
4044         if (found == 0) {
4045                 mp = allocate_modp(filename, modname);
4046                 modadd(mp);
4047         }
4048 
4049         /*
4050          * if dep is not NULL, set the mp in mod_requisite_loading for
4051          * the module circular dependency check. This field is used in
4052          * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
4053          */
4054         if (dep != NULL) {
4055                 ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
4056                 dep->mod_requisite_loading = mp;
4057         }
4058 
4059         /*
4060          * If the module was held, then it must be us who has it held.
4061          */
4062         if (mod_circdep(mp))
4063                 mp = NULL;
4064         else {
4065                 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4066 
4067                 /*
4068                  * If the name hadn't been set or has changed, allocate
4069                  * space and set it.  Free space used by previous name.
4070                  *
4071                  * Do not change the name of primary modules, for primary
4072                  * modules the mod_filename was allocated in standalone mode:
4073                  * it is illegal to kobj_alloc in standalone mode and kobj_free
4074                  * in non-standalone mode.
4075                  */
4076                 curname = mp->mod_filename;
4077                 if (curname == NULL ||
4078                     ((mp->mod_prim == 0) &&
4079                     (curname != filename) &&
4080                     (modname != filename) &&
4081                     (strcmp(curname, filename) != 0))) {
4082                         newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
4083                         (void) strcpy(newname, filename);
4084                         mp->mod_filename = newname;
4085                         if (curname != NULL)
4086                                 kobj_free(curname, strlen(curname) + 1);
4087                 }
4088         }
4089 
4090         mutex_exit(&mod_lock);
4091         if (mp && moddebug & MODDEBUG_LOADMSG2)
4092                 printf("Holding %s\n", mp->mod_filename);
4093         if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
4094                 printf("circular dependency loading %s\n", filename);
4095         return (mp);
4096 }
4097 
4098 static struct modctl *
4099 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
4100 {
4101         return (mod_hold_by_name_common(dep, filename));
4102 }
4103 
4104 struct modctl *
4105 mod_hold_by_name(const char *filename)
4106 {
4107         return (mod_hold_by_name_common(NULL, filename));
4108 }
4109 
4110 struct modctl *
4111 mod_hold_by_id(modid_t modid)
4112 {
4113         struct modctl   *mp;
4114         int             found = 0;
4115 
4116         mutex_enter(&mod_lock);
4117         mp = &modules;
4118         do {
4119                 if (mp->mod_id == modid) {
4120                         found = 1;
4121                         break;
4122                 }
4123         } while ((mp = mp->mod_next) != &modules);
4124 
4125         if ((found == 0) || mod_circdep(mp))
4126                 mp = NULL;
4127         else
4128                 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4129 
4130         mutex_exit(&mod_lock);
4131         return (mp);
4132 }
4133 
4134 static struct modctl *
4135 mod_hold_next_by_id(modid_t modid)
4136 {
4137         struct modctl   *mp;
4138         int             found = 0;
4139 
4140         if (modid < -1)
4141                 return (NULL);
4142 
4143         mutex_enter(&mod_lock);
4144 
4145         mp = &modules;
4146         do {
4147                 if (mp->mod_id > modid) {
4148                         found = 1;
4149                         break;
4150                 }
4151         } while ((mp = mp->mod_next) != &modules);
4152 
4153         if ((found == 0) || mod_circdep(mp))
4154                 mp = NULL;
4155         else
4156                 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4157 
4158         mutex_exit(&mod_lock);
4159         return (mp);
4160 }
4161 
4162 static void
4163 mod_release(struct modctl *mp)
4164 {
4165         ASSERT(MUTEX_HELD(&mod_lock));
4166         ASSERT(mp->mod_busy);
4167 
4168         mp->mod_busy = 0;
4169         mp->mod_inprogress_thread = NULL;
4170         if (mp->mod_want) {
4171                 mp->mod_want = 0;
4172                 cv_broadcast(&mod_cv);
4173         }
4174 }
4175 
4176 void
4177 mod_release_mod(struct modctl *mp)
4178 {
4179         if (moddebug & MODDEBUG_LOADMSG2)
4180                 printf("Releasing %s\n", mp->mod_filename);
4181         mutex_enter(&mod_lock);
4182         mod_release(mp);
4183         mutex_exit(&mod_lock);
4184 }
4185 
4186 modid_t
4187 mod_name_to_modid(char *filename)
4188 {
4189         char            *modname;
4190         struct modctl   *mp;
4191 
4192         mutex_enter(&mod_lock);
4193 
4194         if ((modname = strrchr(filename, '/')) == NULL)
4195                 modname = filename;
4196         else
4197                 modname++;
4198 
4199         mp = &modules;
4200         do {
4201                 if (strcmp(modname, mp->mod_modname) == 0) {
4202                         mutex_exit(&mod_lock);
4203                         return (mp->mod_id);
4204                 }
4205         } while ((mp = mp->mod_next) != &modules);
4206 
4207         mutex_exit(&mod_lock);
4208         return (-1);
4209 }
4210 
4211 
4212 int
4213 mod_remove_by_name(char *name)
4214 {
4215         struct modctl *mp;
4216         int retval;
4217 
4218         mp = mod_hold_by_name(name);
4219 
4220         if (mp == NULL)
4221                 return (EINVAL);
4222 
4223         if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4224                 /*
4225                  * Do not unload forceloaded modules
4226                  */
4227                 mod_release_mod(mp);
4228                 return (0);
4229         }
4230 
4231         if ((retval = moduninstall(mp)) == 0) {
4232                 mod_unload(mp);
4233                 CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4234         } else if (retval == EALREADY)
4235                 retval = 0;             /* already unloaded, not an error */
4236         mod_release_mod(mp);
4237         return (retval);
4238 }
4239 
4240 /*
4241  * Record that module "dep" is dependent on module "on_mod."
4242  */
4243 static void
4244 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4245 {
4246         struct modctl_list **pmlnp;     /* previous next pointer */
4247         struct modctl_list *mlp;
4248         struct modctl_list *new;
4249 
4250         ASSERT(dependent->mod_busy && on_mod->mod_busy);
4251         mutex_enter(&mod_lock);
4252 
4253         /*
4254          * Search dependent's requisite list to see if on_mod is recorded.
4255          * List is ordered by id.
4256          */
4257         for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4258             mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4259                 if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4260                         break;
4261 
4262         /* Create and insert if not already recorded */
4263         if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4264                 new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4265                 new->modl_modp = on_mod;
4266                 new->modl_next = mlp;
4267                 *pmlnp = new;
4268 
4269                 /*
4270                  * Increment the mod_ref count in our new requisite module.
4271                  * This is what keeps a module that has other modules
4272                  * which are dependent on it from being uninstalled and
4273                  * unloaded. "on_mod"'s mod_ref count decremented in
4274                  * mod_release_requisites when the "dependent" module
4275                  * unload is complete.  "on_mod" must be loaded, but may not
4276                  * yet be installed.
4277                  */
4278                 on_mod->mod_ref++;
4279                 ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4280         }
4281 
4282         mutex_exit(&mod_lock);
4283 }
4284 
4285 /*
4286  * release the hold associated with mod_make_requisite mod_ref++
4287  * as part of unload.
4288  */
4289 void
4290 mod_release_requisites(struct modctl *modp)
4291 {
4292         struct modctl_list *modl;
4293         struct modctl_list *next;
4294         struct modctl *req;
4295         struct modctl_list *start = NULL, *mod_garbage;
4296 
4297         ASSERT(!quiesce_active);
4298         ASSERT(modp->mod_busy);
4299         ASSERT(MUTEX_NOT_HELD(&mod_lock));
4300 
4301         mutex_enter(&mod_lock);             /* needed for manipulation of req */
4302         for (modl = modp->mod_requisites; modl; modl = next) {
4303                 next = modl->modl_next;
4304                 req = modl->modl_modp;
4305                 ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4306                 req->mod_ref--;
4307                 if (req->mod_ref == 0)
4308                         mod_uninstall_ref_zero++;
4309 
4310                 /*
4311                  * Check if the module has to be unloaded or not.
4312                  */
4313                 if (req->mod_ref == 0 && req->mod_delay_unload) {
4314                         struct modctl_list *new;
4315                         /*
4316                          * Allocate the modclt_list holding the garbage
4317                          * module which should be unloaded later.
4318                          */
4319                         new = kobj_zalloc(sizeof (struct modctl_list),
4320                             KM_SLEEP);
4321                         new->modl_modp = req;
4322 
4323                         if (start == NULL)
4324                                 mod_garbage = start = new;
4325                         else {
4326                                 mod_garbage->modl_next = new;
4327                                 mod_garbage = new;
4328                         }
4329                 }
4330 
4331                 /* free the list as we go */
4332                 kobj_free(modl, sizeof (*modl));
4333         }
4334         modp->mod_requisites = NULL;
4335         mutex_exit(&mod_lock);
4336 
4337         /*
4338          * Unload the garbage modules.
4339          */
4340         for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4341                 struct modctl_list *old = mod_garbage;
4342                 struct modctl *mp = mod_garbage->modl_modp;
4343                 ASSERT(mp != NULL);
4344 
4345                 /*
4346                  * Hold this module until it's unloaded completely.
4347                  */
4348                 (void) mod_hold_by_modctl(mp,
4349                     MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4350                 /*
4351                  * Check if the module is not unloaded yet and nobody requires
4352                  * the module. If it's unloaded already or somebody still
4353                  * requires the module, don't unload it now.
4354                  */
4355                 if (mp->mod_loaded && mp->mod_ref == 0)
4356                         mod_unload(mp);
4357                 ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4358                     (mp->mod_ref > 0));
4359                 mod_release_mod(mp);
4360 
4361                 mod_garbage = mod_garbage->modl_next;
4362                 kobj_free(old, sizeof (struct modctl_list));
4363         }
4364 }
4365 
4366 /*
4367  * Process dependency of the module represented by "dep" on the
4368  * module named by "on."
4369  *
4370  * Called from kobj_do_dependents() to load a module "on" on which
4371  * "dep" depends.
4372  */
4373 struct modctl *
4374 mod_load_requisite(struct modctl *dep, char *on)
4375 {
4376         struct modctl *on_mod;
4377         int retval;
4378 
4379         if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4380                 mod_make_requisite(dep, on_mod);
4381         } else if (moddebug & MODDEBUG_ERRMSG) {
4382                 printf("error processing %s on which module %s depends\n",
4383                     on, dep->mod_modname);
4384         }
4385         return (on_mod);
4386 }
4387 
4388 static int
4389 mod_install_requisites(struct modctl *modp)
4390 {
4391         struct modctl_list *modl;
4392         struct modctl *req;
4393         int status = 0;
4394 
4395         ASSERT(MUTEX_NOT_HELD(&mod_lock));
4396         ASSERT(modp->mod_busy);
4397 
4398         for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4399                 req = modl->modl_modp;
4400                 (void) mod_hold_by_modctl(req,
4401                     MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4402                 status = modinstall(req);
4403                 mod_release_mod(req);
4404 
4405                 if (status != 0)
4406                         break;
4407         }
4408         return (status);
4409 }
4410 
4411 /*
4412  * returns 1 if this thread is doing autounload, 0 otherwise.
4413  * see mod_uninstall_all.
4414  */
4415 int
4416 mod_in_autounload()
4417 {
4418         return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4419 }
4420 
4421 /*
4422  * gmatch adapted from libc, stripping the wchar stuff
4423  */
4424 #define popchar(p, c)   { \
4425                 c = *p++; \
4426                 if (c == 0) { \
4427                         return (0); \
4428                 } \
4429         }
4430 
4431 int
4432 gmatch(const char *s, const char *p)
4433 {
4434         int c, sc;
4435         int ok, lc, notflag;
4436 
4437         sc = *s++;
4438         c = *p++;
4439         if (c == 0)
4440                 return (sc == c);       /* nothing matches nothing */
4441 
4442         switch (c) {
4443         case '\\':
4444                 /* skip to quoted character */
4445                 popchar(p, c);
4446                 /*FALLTHRU*/
4447 
4448         default:
4449                 /* straight comparison */
4450                 if (c != sc)
4451                         return (0);
4452                 /*FALLTHRU*/
4453 
4454         case '?':
4455                 /* first char matches, move to remainder */
4456                 return (sc != '\0' ? gmatch(s, p) : 0);
4457 
4458 
4459         case '*':
4460                 while (*p == '*')
4461                         p++;
4462 
4463                 /* * matches everything */
4464                 if (*p == 0)
4465                         return (1);
4466 
4467                 /* undo skip at the beginning & iterate over substrings */
4468                 --s;
4469                 while (*s) {
4470                         if (gmatch(s, p))
4471                                 return (1);
4472                         s++;
4473                 }
4474                 return (0);
4475 
4476         case '[':
4477                 /* match any char within [] */
4478                 if (sc == 0)
4479                         return (0);
4480 
4481                 ok = lc = notflag = 0;
4482 
4483                 if (*p == '!') {
4484                         notflag = 1;
4485                         p++;
4486                 }
4487                 popchar(p, c);
4488 
4489                 do {
4490                         if (c == '-' && lc && *p != ']') {
4491                                 /* test sc against range [c1-c2] */
4492                                 popchar(p, c);
4493                                 if (c == '\\') {
4494                                         popchar(p, c);
4495                                 }
4496 
4497                                 if (notflag) {
4498                                         /* return 0 on mismatch */
4499                                         if (lc <= sc && sc <= c)
4500                                                 return (0);
4501                                         ok++;
4502                                 } else if (lc <= sc && sc <= c) {
4503                                         ok++;
4504                                 }
4505                                 /* keep going, may get a match next */
4506                         } else if (c == '\\') {
4507                                 /* skip to quoted character */
4508                                 popchar(p, c);
4509                         }
4510                         lc = c;
4511                         if (notflag) {
4512                                 if (sc == lc)
4513                                         return (0);
4514                                 ok++;
4515                         } else if (sc == lc) {
4516                                 ok++;
4517                         }
4518                         popchar(p, c);
4519                 } while (c != ']');
4520 
4521                 /* recurse on remainder of string */
4522                 return (ok ? gmatch(s, p) : 0);
4523         }
4524         /*NOTREACHED*/
4525 }
4526 
4527 
4528 /*
4529  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4530  *
4531  * Pure wild-carded patterns are handled separately so the ordering of
4532  * these patterns doesn't matter.  We're still dependent on ordering
4533  * however as the first matching entry is the one returned.
4534  * Not ideal but all existing examples and usage do imply this
4535  * ordering implicitly.
4536  *
4537  * Drivers using the clone driver are always good for some entertainment.
4538  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4539  * perm entries have the form clone:<driver>, others use <driver>:*
4540  * Examples are clone:llc1 vs. llc2:*, for example.
4541  *
4542  * Minor perms in the clone:<driver> form are mapped to the drivers's
4543  * mperm list, not the clone driver, as wildcard entries for clone
4544  * reference only.  In other words, a clone wildcard will match
4545  * references for clone@0:<driver> but never <driver>@<minor>.
4546  *
4547  * Additional minor perms in the standard form are also supported,
4548  * for mixed usage, ie a node with an entry clone:<driver> could
4549  * provide further entries <driver>:<minor>.
4550  *
4551  * Finally, some uses of clone use an alias as the minor name rather
4552  * than the driver name, with the alias as the minor perm entry.
4553  * This case is handled by attaching the driver to bring its
4554  * minor list into existence, then discover the alias via DDI_ALIAS.
4555  * The clone device's minor perm list can then be searched for
4556  * that alias.
4557  */
4558 
4559 static int
4560 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4561 {
4562         major_t                 major;
4563         struct devnames         *dnp;
4564         mperm_t                 *mp;
4565         char                    *alias = NULL;
4566         dev_info_t              *cdevi;
4567         int                     circ;
4568         struct ddi_minor_data   *dmd;
4569 
4570         major = ddi_name_to_major(minor_name);
4571 
4572         ASSERT(dip == clone_dip);
4573         ASSERT(major != DDI_MAJOR_T_NONE);
4574 
4575         /*
4576          * Attach the driver named by the minor node, then
4577          * search its first instance's minor list for an
4578          * alias node.
4579          */
4580         if (ddi_hold_installed_driver(major) == NULL)
4581                 return (1);
4582 
4583         dnp = &devnamesp[major];
4584         LOCK_DEV_OPS(&dnp->dn_lock);
4585 
4586         if ((cdevi = dnp->dn_head) != NULL) {
4587                 ndi_devi_enter(cdevi, &circ);
4588                 for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4589                         if (dmd->type == DDM_ALIAS) {
4590                                 alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4591                                 break;
4592                         }
4593                 }
4594                 ndi_devi_exit(cdevi, circ);
4595         }
4596 
4597         UNLOCK_DEV_OPS(&dnp->dn_lock);
4598         ddi_rele_driver(major);
4599 
4600         if (alias == NULL) {
4601                 if (moddebug & MODDEBUG_MINORPERM)
4602                         cmn_err(CE_CONT, "dev_minorperm: "
4603                             "no alias for %s\n", minor_name);
4604                 return (1);
4605         }
4606 
4607         major = ddi_driver_major(clone_dip);
4608         dnp = &devnamesp[major];
4609         LOCK_DEV_OPS(&dnp->dn_lock);
4610 
4611         /*
4612          * Go through the clone driver's mperm list looking
4613          * for a match for the specified alias.
4614          */
4615         for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4616                 if (strcmp(alias, mp->mp_minorname) == 0) {
4617                         break;
4618                 }
4619         }
4620 
4621         if (mp) {
4622                 if (moddebug & MODDEBUG_MP_MATCH) {
4623                         cmn_err(CE_CONT,
4624                             "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4625                             minor_name, alias, mp->mp_mode,
4626                             mp->mp_uid, mp->mp_gid);
4627                 }
4628                 rmp->mp_uid = mp->mp_uid;
4629                 rmp->mp_gid = mp->mp_gid;
4630                 rmp->mp_mode = mp->mp_mode;
4631         }
4632         UNLOCK_DEV_OPS(&dnp->dn_lock);
4633 
4634         kmem_free(alias, strlen(alias)+1);
4635 
4636         return (mp == NULL);
4637 }
4638 
4639 int
4640 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4641 {
4642         major_t major;
4643         char *minor_name;
4644         struct devnames *dnp;
4645         mperm_t *mp;
4646         int is_clone = 0;
4647 
4648         if (!minorperm_loaded) {
4649                 if (moddebug & MODDEBUG_MINORPERM)
4650                         cmn_err(CE_CONT,
4651                             "%s: minor perm not yet loaded\n", name);
4652                 return (1);
4653         }
4654 
4655         minor_name = strchr(name, ':');
4656         if (minor_name == NULL)
4657                 return (1);
4658         minor_name++;
4659 
4660         /*
4661          * If it's the clone driver, search the driver as named
4662          * by the minor.  All clone minor perm entries other than
4663          * alias nodes are actually installed on the real driver's list.
4664          */
4665         if (dip == clone_dip) {
4666                 major = ddi_name_to_major(minor_name);
4667                 if (major == DDI_MAJOR_T_NONE) {
4668                         if (moddebug & MODDEBUG_MINORPERM)
4669                                 cmn_err(CE_CONT, "dev_minorperm: "
4670                                     "%s: no such driver\n", minor_name);
4671                         return (1);
4672                 }
4673                 is_clone = 1;
4674         } else {
4675                 major = ddi_driver_major(dip);
4676                 ASSERT(major != DDI_MAJOR_T_NONE);
4677         }
4678 
4679         dnp = &devnamesp[major];
4680         LOCK_DEV_OPS(&dnp->dn_lock);
4681 
4682         /*
4683          * Go through the driver's mperm list looking for
4684          * a match for the specified minor.  If there's
4685          * no matching pattern, use the wild card.
4686          * Defer to the clone wild for clone if specified,
4687          * otherwise fall back to the normal form.
4688          */
4689         for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4690                 if (gmatch(minor_name, mp->mp_minorname) != 0) {
4691                         break;
4692                 }
4693         }
4694         if (mp == NULL) {
4695                 if (is_clone)
4696                         mp = dnp->dn_mperm_clone;
4697                 if (mp == NULL)
4698                         mp = dnp->dn_mperm_wild;
4699         }
4700 
4701         if (mp) {
4702                 if (moddebug & MODDEBUG_MP_MATCH) {
4703                         cmn_err(CE_CONT,
4704                             "minor perm defaults: %s %s 0%o %d %d\n",
4705                             name, mp->mp_minorname, mp->mp_mode,
4706                             mp->mp_uid, mp->mp_gid);
4707                 }
4708                 rmp->mp_uid = mp->mp_uid;
4709                 rmp->mp_gid = mp->mp_gid;
4710                 rmp->mp_mode = mp->mp_mode;
4711         }
4712         UNLOCK_DEV_OPS(&dnp->dn_lock);
4713 
4714         /*
4715          * If no match can be found for a clone node,
4716          * search for a possible match for an alias.
4717          * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4718          * with minor perm entry clone:ptmx.
4719          */
4720         if (mp == NULL && is_clone) {
4721                 return (dev_alias_minorperm(dip, minor_name, rmp));
4722         }
4723 
4724         return (mp == NULL);
4725 }
4726 
4727 /*
4728  * dynamicaly reference load a dl module/library, returning handle
4729  */
4730 /*ARGSUSED*/
4731 ddi_modhandle_t
4732 ddi_modopen(const char *modname, int mode, int *errnop)
4733 {
4734         char            *subdir;
4735         char            *mod;
4736         int             subdirlen;
4737         struct modctl   *hmodp = NULL;
4738         int             retval = EINVAL;
4739 
4740         ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4741         if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4742                 goto out;
4743 
4744         /* find last '/' in modname */
4745         mod = strrchr(modname, '/');
4746 
4747         if (mod) {
4748                 /* for subdir string without modification to argument */
4749                 mod++;
4750                 subdirlen = mod - modname;
4751                 subdir = kmem_alloc(subdirlen, KM_SLEEP);
4752                 (void) strlcpy(subdir, modname, subdirlen);
4753         } else {
4754                 subdirlen = 0;
4755                 subdir = "misc";
4756                 mod = (char *)modname;
4757         }
4758 
4759         /* reference load with errno return value */
4760         retval = modrload(subdir, mod, &hmodp);
4761 
4762         if (subdirlen)
4763                 kmem_free(subdir, subdirlen);
4764 
4765 out:    if (errnop)
4766                 *errnop = retval;
4767 
4768         if (moddebug & MODDEBUG_DDI_MOD)
4769                 printf("ddi_modopen %s mode %x: %s %p %d\n",
4770                     modname ? modname : "<unknown>", mode,
4771                     hmodp ? hmodp->mod_filename : "<unknown>",
4772                     (void *)hmodp, retval);
4773 
4774         return ((ddi_modhandle_t)hmodp);
4775 }
4776 
4777 /* lookup "name" in open dl module/library */
4778 void *
4779 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4780 {
4781         struct modctl   *hmodp = (struct modctl *)h;
4782         void            *f;
4783         int             retval;
4784 
4785         ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4786         if ((hmodp == NULL) || (name == NULL) ||
4787             (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4788                 f = NULL;
4789                 retval = EINVAL;
4790         } else {
4791                 f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4792                 if (f)
4793                         retval = 0;
4794                 else
4795                         retval = ENOTSUP;
4796         }
4797 
4798         if (moddebug & MODDEBUG_DDI_MOD)
4799                 printf("ddi_modsym in %s of %s: %d %p\n",
4800                     hmodp ? hmodp->mod_modname : "<unknown>",
4801                     name ? name : "<unknown>", retval, f);
4802 
4803         if (errnop)
4804                 *errnop = retval;
4805         return (f);
4806 }
4807 
4808 /* dynamic (un)reference unload of an open dl module/library */
4809 int
4810 ddi_modclose(ddi_modhandle_t h)
4811 {
4812         struct modctl   *hmodp = (struct modctl *)h;
4813         struct modctl   *modp = NULL;
4814         int             retval;
4815 
4816         ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4817         if ((hmodp == NULL) ||
4818             (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4819                 retval = EINVAL;
4820                 goto out;
4821         }
4822 
4823         retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4824         if (retval == EBUSY)
4825                 retval = 0;     /* EBUSY is not an error */
4826 
4827         if (retval == 0) {
4828                 ASSERT(hmodp == modp);
4829                 if (hmodp != modp)
4830                         retval = EINVAL;
4831         }
4832 
4833 out:    if (moddebug & MODDEBUG_DDI_MOD)
4834                 printf("ddi_modclose %s: %d\n",
4835                     hmodp ? hmodp->mod_modname : "<unknown>", retval);
4836 
4837         return (retval);
4838 }