1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Copyright (c) 2017 Joyent, Inc.
  25  */
  26 
  27 /*
  28  * modctl system call for loadable module support.
  29  */
  30 
  31 #include <sys/param.h>
  32 #include <sys/user.h>
  33 #include <sys/systm.h>
  34 #include <sys/exec.h>
  35 #include <sys/file.h>
  36 #include <sys/stat.h>
  37 #include <sys/conf.h>
  38 #include <sys/time.h>
  39 #include <sys/reboot.h>
  40 #include <sys/fs/ufs_fsdir.h>
  41 #include <sys/kmem.h>
  42 #include <sys/sysconf.h>
  43 #include <sys/cmn_err.h>
  44 #include <sys/ddi.h>
  45 #include <sys/sunddi.h>
  46 #include <sys/sunndi.h>
  47 #include <sys/ndi_impldefs.h>
  48 #include <sys/ddi_impldefs.h>
  49 #include <sys/ddi_implfuncs.h>
  50 #include <sys/bootconf.h>
  51 #include <sys/dc_ki.h>
  52 #include <sys/cladm.h>
  53 #include <sys/dtrace.h>
  54 #include <sys/kdi.h>
  55 
  56 #include <sys/devpolicy.h>
  57 #include <sys/modctl.h>
  58 #include <sys/kobj.h>
  59 #include <sys/devops.h>
  60 #include <sys/autoconf.h>
  61 #include <sys/hwconf.h>
  62 #include <sys/callb.h>
  63 #include <sys/debug.h>
  64 #include <sys/cpuvar.h>
  65 #include <sys/sysmacros.h>
  66 #include <sys/sysevent.h>
  67 #include <sys/sysevent_impl.h>
  68 #include <sys/instance.h>
  69 #include <sys/modhash.h>
  70 #include <sys/modhash_impl.h>
  71 #include <sys/dacf_impl.h>
  72 #include <sys/vfs.h>
  73 #include <sys/pathname.h>
  74 #include <sys/console.h>
  75 #include <sys/policy.h>
  76 #include <ipp/ipp_impl.h>
  77 #include <sys/fs/dv_node.h>
  78 #include <sys/strsubr.h>
  79 #include <sys/fs/sdev_impl.h>
  80 
  81 static int              mod_circdep(struct modctl *);
  82 static int              modinfo(modid_t, struct modinfo *);
  83 
  84 static void             mod_uninstall_all(void);
  85 static int              mod_getinfo(struct modctl *, struct modinfo *);
  86 static struct modctl    *allocate_modp(const char *, const char *);
  87 
  88 static int              mod_load(struct modctl *, int);
  89 static void             mod_unload(struct modctl *);
  90 static int              modinstall(struct modctl *);
  91 static int              moduninstall(struct modctl *);
  92 
  93 static struct modctl    *mod_hold_by_name_common(struct modctl *, const char *);
  94 static struct modctl    *mod_hold_next_by_id(modid_t);
  95 static struct modctl    *mod_hold_loaded_mod(struct modctl *, char *, int *);
  96 static struct modctl    *mod_hold_installed_mod(char *, int, int, int *);
  97 
  98 static void             mod_release(struct modctl *);
  99 static void             mod_make_requisite(struct modctl *, struct modctl *);
 100 static int              mod_install_requisites(struct modctl *);
 101 static void             check_esc_sequences(char *, char *);
 102 static struct modctl    *mod_hold_by_name_requisite(struct modctl *, char *);
 103 
 104 /*
 105  * module loading thread control structure. Calls to kobj_load_module()() are
 106  * handled off to a separate thead using this structure.
 107  */
 108 struct loadmt {
 109         ksema_t         sema;
 110         struct modctl   *mp;
 111         int             usepath;
 112         kthread_t       *owner;
 113         int             retval;
 114 };
 115 
 116 static void     modload_thread(struct loadmt *);
 117 
 118 kcondvar_t      mod_cv;
 119 kcondvar_t      mod_uninstall_cv;       /* Communication between swapper */
 120                                         /* and the uninstall daemon. */
 121 kmutex_t        mod_lock;               /* protects &modules insert linkage, */
 122                                         /* mod_busy, mod_want, and mod_ref. */
 123                                         /* blocking operations while holding */
 124                                         /* mod_lock should be avoided */
 125 kmutex_t        mod_uninstall_lock;     /* protects mod_uninstall_cv */
 126 kthread_id_t    mod_aul_thread;
 127 
 128 int             modunload_wait;
 129 kmutex_t        modunload_wait_mutex;
 130 kcondvar_t      modunload_wait_cv;
 131 int             modunload_active_count;
 132 int             modunload_disable_count;
 133 
 134 int     isminiroot;             /* set if running as miniroot */
 135 int     modrootloaded;          /* set after root driver and fs are loaded */
 136 int     moddebug = 0x0;         /* debug flags for module writers */
 137 int     swaploaded;             /* set after swap driver and fs are loaded */
 138 int     bop_io_quiesced = 0;    /* set when BOP I/O can no longer be used */
 139 int     last_module_id;
 140 clock_t mod_uninstall_interval = 0;
 141 int     mod_uninstall_pass_max = 6;
 142 int     mod_uninstall_ref_zero; /* # modules that went mod_ref == 0 */
 143 int     mod_uninstall_pass_exc; /* mod_uninstall_all left new stuff */
 144 
 145 int     ddi_modclose_unload = 1;        /* 0 -> just decrement reference */
 146 
 147 int     devcnt_incr     = 256;          /* allow for additional drivers */
 148 int     devcnt_min      = 512;          /* and always at least this number */
 149 
 150 struct devnames *devnamesp;
 151 struct devnames orphanlist;
 152 
 153 krwlock_t       devinfo_tree_lock;      /* obsolete, to be removed */
 154 
 155 #define MAJBINDFILE "/etc/name_to_major"
 156 #define SYSBINDFILE "/etc/name_to_sysnum"
 157 
 158 static char     majbind[] = MAJBINDFILE;
 159 static char     sysbind[] = SYSBINDFILE;
 160 static uint_t   mod_autounload_key;     /* for module autounload detection */
 161 
 162 extern int obpdebug;
 163 
 164 #define DEBUGGER_PRESENT        ((boothowto & RB_DEBUG) || (obpdebug != 0))
 165 
 166 static int minorperm_loaded = 0;
 167 
 168 void
 169 mod_setup(void)
 170 {
 171         struct sysent *callp;
 172         int callnum, exectype;
 173         int     num_devs;
 174         int     i;
 175 
 176         /*
 177          * Initialize the list of loaded driver dev_ops.
 178          * XXX - This must be done before reading the system file so that
 179          * forceloads of drivers will work.
 180          */
 181         num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
 182         /*
 183          * Since read_binding_file is common code, it doesn't enforce that all
 184          * of the binding file entries have major numbers <= MAXMAJ32.       Thus,
 185          * ensure that we don't allocate some massive amount of space due to a
 186          * bad entry.  We can't have major numbers bigger than MAXMAJ32
 187          * until file system support for larger major numbers exists.
 188          */
 189 
 190         /*
 191          * Leave space for expansion, but not more than L_MAXMAJ32
 192          */
 193         devcnt = MIN(num_devs + devcnt_incr, L_MAXMAJ32);
 194         devcnt = MAX(devcnt, devcnt_min);
 195         devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
 196         for (i = 0; i < devcnt; i++)
 197                 devopsp[i] = &mod_nodev_ops;
 198 
 199         init_devnamesp(devcnt);
 200 
 201         /*
 202          * Sync up with the work that the stand-alone linker has already done.
 203          */
 204         (void) kobj_sync();
 205 
 206         if (boothowto & RB_DEBUG)
 207                 kdi_dvec_modavail();
 208 
 209         make_aliases(mb_hashtab);
 210 
 211         /*
 212          * Initialize streams device implementation structures.
 213          */
 214         devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
 215 
 216         /*
 217          * If the cl_bootstrap module is present,
 218          * we should be configured as a cluster. Loading this module
 219          * will set "cluster_bootflags" to non-zero.
 220          */
 221         (void) modload("misc", "cl_bootstrap");
 222 
 223         (void) read_binding_file(sysbind, sb_hashtab, make_mbind);
 224         init_syscallnames(NSYSCALL);
 225 
 226         /*
 227          * Start up dynamic autoconfiguration framework (dacf).
 228          */
 229         mod_hash_init();
 230         dacf_init();
 231 
 232         /*
 233          * Start up IP policy framework (ipp).
 234          */
 235         ipp_init();
 236 
 237         /*
 238          * Allocate loadable native system call locks.
 239          */
 240         for (callnum = 0, callp = sysent; callnum < NSYSCALL;
 241             callnum++, callp++) {
 242                 if (LOADABLE_SYSCALL(callp)) {
 243                         if (mod_getsysname(callnum) != NULL) {
 244                                 callp->sy_lock =
 245                                     kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
 246                                 rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
 247                         } else {
 248                                 callp->sy_flags &= ~SE_LOADABLE;
 249                                 callp->sy_callc = nosys;
 250                         }
 251 #ifdef DEBUG
 252                 } else {
 253                         /*
 254                          * Do some sanity checks on the sysent table
 255                          */
 256                         switch (callp->sy_flags & SE_RVAL_MASK) {
 257                         case SE_32RVAL1:
 258                                 /* only r_val1 returned */
 259                         case SE_32RVAL1 | SE_32RVAL2:
 260                                 /* r_val1 and r_val2 returned */
 261                         case SE_64RVAL:
 262                                 /* 64-bit rval returned */
 263                                 break;
 264                         default:
 265                                 cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
 266                                     callnum, callp->sy_flags);
 267                         }
 268 #endif
 269                 }
 270         }
 271 
 272 #ifdef _SYSCALL32_IMPL
 273         /*
 274          * Allocate loadable system call locks for 32-bit compat syscalls
 275          */
 276         for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
 277             callnum++, callp++) {
 278                 if (LOADABLE_SYSCALL(callp)) {
 279                         if (mod_getsysname(callnum) != NULL) {
 280                                 callp->sy_lock =
 281                                     kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
 282                                 rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
 283                         } else {
 284                                 callp->sy_flags &= ~SE_LOADABLE;
 285                                 callp->sy_callc = nosys;
 286                         }
 287 #ifdef DEBUG
 288                 } else {
 289                         /*
 290                          * Do some sanity checks on the sysent table
 291                          */
 292                         switch (callp->sy_flags & SE_RVAL_MASK) {
 293                         case SE_32RVAL1:
 294                                 /* only r_val1 returned */
 295                         case SE_32RVAL1 | SE_32RVAL2:
 296                                 /* r_val1 and r_val2 returned */
 297                         case SE_64RVAL:
 298                                 /* 64-bit rval returned */
 299                                 break;
 300                         default:
 301                                 cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
 302                                     callnum, callp->sy_flags);
 303                                 goto skip;
 304                         }
 305 
 306                         /*
 307                          * Cross-check the native and compatibility tables.
 308                          */
 309                         if (callp->sy_callc == nosys ||
 310                             sysent[callnum].sy_callc == nosys)
 311                                 continue;
 312                         /*
 313                          * If only one or the other slot is loadable, then
 314                          * there's an error -- they should match!
 315                          */
 316                         if ((callp->sy_callc == loadable_syscall) ^
 317                             (sysent[callnum].sy_callc == loadable_syscall)) {
 318                                 cmn_err(CE_WARN, "sysent[%d] loadable?",
 319                                     callnum);
 320                         }
 321                         /*
 322                          * This is more of a heuristic test -- if the
 323                          * system call returns two values in the 32-bit
 324                          * world, it should probably return two 32-bit
 325                          * values in the 64-bit world too.
 326                          */
 327                         if (((callp->sy_flags & SE_32RVAL2) == 0) ^
 328                             ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
 329                                 cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
 330                                     callnum);
 331                         }
 332 skip:;
 333 #endif  /* DEBUG */
 334                 }
 335         }
 336 #endif  /* _SYSCALL32_IMPL */
 337 
 338         /*
 339          * Allocate loadable exec locks.  (Assumes all execs are loadable)
 340          */
 341         for (exectype = 0; exectype < nexectype; exectype++) {
 342                 execsw[exectype].exec_lock =
 343                     kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
 344                 rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
 345         }
 346 
 347         read_class_file();
 348 
 349         /* init thread specific structure for mod_uninstall_all */
 350         tsd_create(&mod_autounload_key, NULL);
 351 }
 352 
 353 static int
 354 modctl_modload(int use_path, char *filename, int *rvp)
 355 {
 356         struct modctl *modp;
 357         int retval = 0;
 358         char *filenamep;
 359         int modid;
 360 
 361         filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
 362 
 363         if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
 364                 retval = EFAULT;
 365                 goto out;
 366         }
 367 
 368         filenamep[MOD_MAXPATH - 1] = 0;
 369         modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
 370 
 371         if (modp == NULL)
 372                 goto out;
 373 
 374         modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
 375         modid = modp->mod_id;
 376         mod_release_mod(modp);
 377         CPU_STATS_ADDQ(CPU, sys, modload, 1);
 378         if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
 379                 retval = EFAULT;
 380 out:
 381         kmem_free(filenamep, MOD_MAXPATH);
 382 
 383         return (retval);
 384 }
 385 
 386 static int
 387 modctl_modunload(modid_t id)
 388 {
 389         int rval = 0;
 390 
 391         if (id == 0) {
 392 #ifdef DEBUG
 393                 /*
 394                  * Turn on mod_uninstall_daemon
 395                  */
 396                 if (mod_uninstall_interval == 0) {
 397                         mod_uninstall_interval = 60;
 398                         modreap();
 399                         return (rval);
 400                 }
 401 #endif
 402                 mod_uninstall_all();
 403         } else {
 404                 rval = modunload(id);
 405         }
 406         return (rval);
 407 }
 408 
 409 static int
 410 modctl_modinfo(modid_t id, struct modinfo *umodi)
 411 {
 412         int retval;
 413         struct modinfo modi;
 414 #if defined(_SYSCALL32_IMPL)
 415         int nobase;
 416         struct modinfo32 modi32;
 417 #endif
 418 
 419         nobase = 0;
 420         if (get_udatamodel() == DATAMODEL_NATIVE) {
 421                 if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
 422                         return (EFAULT);
 423         }
 424 #ifdef _SYSCALL32_IMPL
 425         else {
 426                 bzero(&modi, sizeof (modi));
 427                 if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
 428                         return (EFAULT);
 429                 modi.mi_info = modi32.mi_info;
 430                 modi.mi_id = modi32.mi_id;
 431                 modi.mi_nextid = modi32.mi_nextid;
 432                 nobase = modi.mi_info & MI_INFO_NOBASE;
 433         }
 434 #endif
 435         /*
 436          * This flag is -only- for the kernels use.
 437          */
 438         modi.mi_info &= ~MI_INFO_LINKAGE;
 439 
 440         retval = modinfo(id, &modi);
 441         if (retval)
 442                 return (retval);
 443 
 444         if (get_udatamodel() == DATAMODEL_NATIVE) {
 445                 if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
 446                         retval = EFAULT;
 447 #ifdef _SYSCALL32_IMPL
 448         } else {
 449                 int i;
 450 
 451                 if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
 452                         return (EOVERFLOW);
 453 
 454                 modi32.mi_info = modi.mi_info;
 455                 modi32.mi_state = modi.mi_state;
 456                 modi32.mi_id = modi.mi_id;
 457                 modi32.mi_nextid = modi.mi_nextid;
 458                 modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
 459                 modi32.mi_size = modi.mi_size;
 460                 modi32.mi_rev = modi.mi_rev;
 461                 modi32.mi_loadcnt = modi.mi_loadcnt;
 462                 bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
 463                 for (i = 0; i < MODMAXLINK32; i++) {
 464                         modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
 465                         bcopy(modi.mi_msinfo[i].msi_linkinfo,
 466                             modi32.mi_msinfo[i].msi_linkinfo,
 467                             sizeof (modi32.mi_msinfo[0].msi_linkinfo));
 468                 }
 469                 if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
 470                         retval = EFAULT;
 471 #endif
 472         }
 473 
 474         return (retval);
 475 }
 476 
 477 /*
 478  * Return the last major number in the range of permissible major numbers.
 479  */
 480 /*ARGSUSED*/
 481 static int
 482 modctl_modreserve(modid_t id, int *data)
 483 {
 484         if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
 485                 return (EFAULT);
 486         return (0);
 487 }
 488 
 489 /* Add/Remove driver and binding aliases */
 490 static int
 491 modctl_update_driver_aliases(int add, int *data)
 492 {
 493         struct modconfig        mc;
 494         int                     i, n, rv = 0;
 495         struct aliases          alias;
 496         struct aliases          *ap;
 497         char                    name[MAXMODCONFNAME];
 498         char                    cname[MAXMODCONFNAME];
 499         char                    *drvname;
 500         int                     resid;
 501         struct alias_info {
 502                 char    *alias_name;
 503                 int     alias_resid;
 504         } *aliases, *aip;
 505 
 506         aliases = NULL;
 507         bzero(&mc, sizeof (struct modconfig));
 508         if (get_udatamodel() == DATAMODEL_NATIVE) {
 509                 if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
 510                         return (EFAULT);
 511         }
 512 #ifdef _SYSCALL32_IMPL
 513         else {
 514                 struct modconfig32 modc32;
 515                 if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
 516                         return (EFAULT);
 517                 else {
 518                         bcopy(modc32.drvname, mc.drvname,
 519                             sizeof (modc32.drvname));
 520                         bcopy(modc32.drvclass, mc.drvclass,
 521                             sizeof (modc32.drvclass));
 522                         mc.major = modc32.major;
 523                         mc.flags = modc32.flags;
 524                         mc.num_aliases = modc32.num_aliases;
 525                         mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
 526                 }
 527         }
 528 #endif
 529 
 530         /*
 531          * If the driver is already in the mb_hashtab, and the name given
 532          * doesn't match that driver's name, fail.  Otherwise, pass, since
 533          * we may be adding aliases.
 534          */
 535         drvname = mod_major_to_name(mc.major);
 536         if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
 537                 return (EINVAL);
 538 
 539         /*
 540          * Precede alias removal by unbinding as many devices as possible.
 541          */
 542         if (add == 0) {
 543                 (void) i_ddi_unload_drvconf(mc.major);
 544                 i_ddi_unbind_devs(mc.major);
 545         }
 546 
 547         /*
 548          * Add/remove each supplied driver alias to/from mb_hashtab
 549          */
 550         ap = mc.ap;
 551         if (mc.num_aliases > 0)
 552                 aliases = kmem_zalloc(
 553                     mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
 554         aip = aliases;
 555         for (i = 0; i < mc.num_aliases; i++) {
 556                 bzero(&alias, sizeof (struct aliases));
 557                 if (get_udatamodel() == DATAMODEL_NATIVE) {
 558                         if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
 559                                 rv = EFAULT;
 560                                 goto error;
 561                         }
 562                         if (alias.a_len > MAXMODCONFNAME) {
 563                                 rv = EINVAL;
 564                                 goto error;
 565                         }
 566                         if (copyin(alias.a_name, name, alias.a_len) != 0) {
 567                                 rv = EFAULT;
 568                                 goto error;
 569                         }
 570                         if (name[alias.a_len - 1] != '\0') {
 571                                 rv = EINVAL;
 572                                 goto error;
 573                         }
 574                 }
 575 #ifdef _SYSCALL32_IMPL
 576                 else {
 577                         struct aliases32 al32;
 578                         bzero(&al32, sizeof (struct aliases32));
 579                         if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
 580                                 rv = EFAULT;
 581                                 goto error;
 582                         }
 583                         if (al32.a_len > MAXMODCONFNAME) {
 584                                 rv = EINVAL;
 585                                 goto error;
 586                         }
 587                         if (copyin((void *)(uintptr_t)al32.a_name,
 588                             name, al32.a_len) != 0) {
 589                                 rv = EFAULT;
 590                                 goto error;
 591                         }
 592                         if (name[al32.a_len - 1] != '\0') {
 593                                 rv = EINVAL;
 594                                 goto error;
 595                         }
 596                         alias.a_next = (void *)(uintptr_t)al32.a_next;
 597                 }
 598 #endif
 599                 check_esc_sequences(name, cname);
 600                 aip->alias_name = strdup(cname);
 601                 ap = alias.a_next;
 602                 aip++;
 603         }
 604 
 605         if (add == 0) {
 606                 ap = mc.ap;
 607                 resid = 0;
 608                 aip = aliases;
 609                 /* attempt to unbind all devices bound to each alias */
 610                 for (i = 0; i < mc.num_aliases; i++) {
 611                         n = i_ddi_unbind_devs_by_alias(
 612                             mc.major, aip->alias_name);
 613                         resid += n;
 614                         aip->alias_resid = n;
 615                 }
 616 
 617                 /*
 618                  * If some device bound to an alias remains in use,
 619                  * and override wasn't specified, no change is made to
 620                  * the binding state and we fail the operation.
 621                  */
 622                 if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
 623                         rv = EBUSY;
 624                         goto error;
 625                 }
 626 
 627                 /*
 628                  * No device remains bound of any of the aliases,
 629                  * or force was requested.  Mark each alias as
 630                  * inactive via delete_mbind so no future binds
 631                  * to this alias take place and that a new
 632                  * binding can be established.
 633                  */
 634                 aip = aliases;
 635                 for (i = 0; i < mc.num_aliases; i++) {
 636                         if (moddebug & MODDEBUG_BINDING)
 637                                 cmn_err(CE_CONT, "Removing binding for %s "
 638                                     "(%d active references)\n",
 639                                     aip->alias_name, aip->alias_resid);
 640                         delete_mbind(aip->alias_name, mb_hashtab);
 641                         aip++;
 642                 }
 643                 rv = 0;
 644         } else {
 645                 aip = aliases;
 646                 for (i = 0; i < mc.num_aliases; i++) {
 647                         if (moddebug & MODDEBUG_BINDING)
 648                                 cmn_err(CE_NOTE, "Adding binding for '%s'\n",
 649                                     aip->alias_name);
 650                         (void) make_mbind(aip->alias_name,
 651                             mc.major, NULL, mb_hashtab);
 652                         aip++;
 653                 }
 654                 /*
 655                  * Try to establish an mbinding for mc.drvname, and add it to
 656                  * devnames. Add class if any after establishing the major
 657                  * number.
 658                  */
 659                 (void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
 660                 if ((rv = make_devname(mc.drvname, mc.major,
 661                     (mc.flags & MOD_ADDMAJBIND_UPDATE) ?
 662                     DN_DRIVER_INACTIVE : 0)) != 0) {
 663                         goto error;
 664                 }
 665 
 666                 if (mc.drvclass[0] != '\0')
 667                         add_class(mc.drvname, mc.drvclass);
 668                 if ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0) {
 669                         (void) i_ddi_load_drvconf(mc.major);
 670                 }
 671         }
 672 
 673         /*
 674          * Ensure that all nodes are bound to the most appropriate driver
 675          * possible, attempting demotion and rebind when a more appropriate
 676          * driver now exists.  But not when adding a driver update-only.
 677          */
 678         if ((add == 0) || ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0)) {
 679                 i_ddi_bind_devs();
 680                 i_ddi_di_cache_invalidate();
 681         }
 682 
 683 error:
 684         if (mc.num_aliases > 0) {
 685                 aip = aliases;
 686                 for (i = 0; i < mc.num_aliases; i++) {
 687                         if (aip->alias_name != NULL)
 688                                 strfree(aip->alias_name);
 689                         aip++;
 690                 }
 691                 kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
 692         }
 693         return (rv);
 694 }
 695 
 696 static int
 697 modctl_add_driver_aliases(int *data)
 698 {
 699         return (modctl_update_driver_aliases(1, data));
 700 }
 701 
 702 static int
 703 modctl_remove_driver_aliases(int *data)
 704 {
 705         return (modctl_update_driver_aliases(0, data));
 706 }
 707 
 708 static int
 709 modctl_rem_major(major_t major)
 710 {
 711         struct devnames *dnp;
 712 
 713         if (major >= devcnt)
 714                 return (EINVAL);
 715 
 716         /* mark devnames as removed */
 717         dnp = &devnamesp[major];
 718         LOCK_DEV_OPS(&dnp->dn_lock);
 719         if (dnp->dn_name == NULL ||
 720             (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
 721                 UNLOCK_DEV_OPS(&dnp->dn_lock);
 722                 return (EINVAL);
 723         }
 724         dnp->dn_flags |= DN_DRIVER_REMOVED;
 725         pm_driver_removed(major);
 726         UNLOCK_DEV_OPS(&dnp->dn_lock);
 727 
 728         (void) i_ddi_unload_drvconf(major);
 729         i_ddi_unbind_devs(major);
 730         i_ddi_bind_devs();
 731         i_ddi_di_cache_invalidate();
 732 
 733         /* purge all the bindings to this driver */
 734         purge_mbind(major, mb_hashtab);
 735         return (0);
 736 }
 737 
 738 static struct vfs *
 739 path_to_vfs(char *name)
 740 {
 741         vnode_t *vp;
 742         struct vfs *vfsp;
 743 
 744         if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
 745                 return (NULL);
 746 
 747         vfsp = vp->v_vfsp;
 748         VN_RELE(vp);
 749         return (vfsp);
 750 }
 751 
 752 static int
 753 new_vfs_in_modpath()
 754 {
 755         static int n_modpath = 0;
 756         static char *modpath_copy;
 757         static struct pathvfs {
 758                 char *path;
 759                 struct vfs *vfsp;
 760         } *pathvfs;
 761 
 762         int i, new_vfs = 0;
 763         char *tmp, *tmp1;
 764         struct vfs *vfsp;
 765 
 766         if (n_modpath != 0) {
 767                 for (i = 0; i < n_modpath; i++) {
 768                         vfsp = path_to_vfs(pathvfs[i].path);
 769                         if (vfsp != pathvfs[i].vfsp) {
 770                                 pathvfs[i].vfsp = vfsp;
 771                                 if (vfsp)
 772                                         new_vfs = 1;
 773                         }
 774                 }
 775                 return (new_vfs);
 776         }
 777 
 778         /*
 779          * First call, initialize the pathvfs structure
 780          */
 781         modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
 782         tmp = modpath_copy;
 783         n_modpath = 1;
 784         tmp1 = strchr(tmp, ' ');
 785         while (tmp1) {
 786                 *tmp1 = '\0';
 787                 n_modpath++;
 788                 tmp = tmp1 + 1;
 789                 tmp1 = strchr(tmp, ' ');
 790         }
 791 
 792         pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
 793         tmp = modpath_copy;
 794         for (i = 0; i < n_modpath; i++) {
 795                 pathvfs[i].path = tmp;
 796                 vfsp = path_to_vfs(tmp);
 797                 pathvfs[i].vfsp = vfsp;
 798                 tmp += strlen(tmp) + 1;
 799         }
 800         return (1);     /* always reread driver.conf the first time */
 801 }
 802 
 803 static int
 804 modctl_load_drvconf(major_t major, int flags)
 805 {
 806         int ret;
 807 
 808         /*
 809          * devfsadm -u - read all new driver.conf files
 810          * and bind and configure devices for new drivers.
 811          */
 812         if (flags & MOD_LOADDRVCONF_RECONF) {
 813                 (void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
 814                 i_ddi_bind_devs();
 815                 i_ddi_di_cache_invalidate();
 816                 return (0);
 817         }
 818 
 819         /*
 820          * update_drv <drv> - reload driver.conf for the specified driver
 821          */
 822         if (major != DDI_MAJOR_T_NONE) {
 823                 ret = i_ddi_load_drvconf(major);
 824                 if (ret == 0)
 825                         i_ddi_bind_devs();
 826                 return (ret);
 827         }
 828 
 829         /*
 830          * We are invoked to rescan new driver.conf files. It is
 831          * only necessary if a new file system was mounted in the
 832          * module_path. Because rescanning driver.conf files can
 833          * take some time on older platforms (sun4m), the following
 834          * code skips unnecessary driver.conf rescans to optimize
 835          * boot performance.
 836          */
 837         if (new_vfs_in_modpath()) {
 838                 (void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
 839                 /*
 840                  * If we are still initializing io subsystem,
 841                  * load drivers with ddi-forceattach property
 842                  */
 843                 if (!i_ddi_io_initialized())
 844                         i_ddi_forceattach_drivers();
 845         }
 846         return (0);
 847 }
 848 
 849 /*
 850  * Unload driver.conf file and follow up by attempting
 851  * to rebind devices to more appropriate driver.
 852  */
 853 static int
 854 modctl_unload_drvconf(major_t major)
 855 {
 856         int ret;
 857 
 858         if (major >= devcnt)
 859                 return (EINVAL);
 860 
 861         ret = i_ddi_unload_drvconf(major);
 862         if (ret != 0)
 863                 return (ret);
 864         (void) i_ddi_unbind_devs(major);
 865         i_ddi_bind_devs();
 866 
 867         return (0);
 868 }
 869 
 870 static void
 871 check_esc_sequences(char *str, char *cstr)
 872 {
 873         int i;
 874         size_t len;
 875         char *p;
 876 
 877         len = strlen(str);
 878         for (i = 0; i < len; i++, str++, cstr++) {
 879                 if (*str != '\\') {
 880                         *cstr = *str;
 881                 } else {
 882                         p = str + 1;
 883                         /*
 884                          * we only handle octal escape sequences for SPACE
 885                          */
 886                         if (*p++ == '0' && *p++ == '4' && *p == '0') {
 887                                 *cstr = ' ';
 888                                 str += 3;
 889                         } else {
 890                                 *cstr = *str;
 891                         }
 892                 }
 893         }
 894         *cstr = 0;
 895 }
 896 
 897 static int
 898 modctl_getmodpathlen(int *data)
 899 {
 900         int len;
 901         len = strlen(default_path);
 902         if (copyout(&len, data, sizeof (len)) != 0)
 903                 return (EFAULT);
 904         return (0);
 905 }
 906 
 907 static int
 908 modctl_getmodpath(char *data)
 909 {
 910         if (copyout(default_path, data, strlen(default_path) + 1) != 0)
 911                 return (EFAULT);
 912         return (0);
 913 }
 914 
 915 static int
 916 modctl_read_sysbinding_file(void)
 917 {
 918         (void) read_binding_file(sysbind, sb_hashtab, make_mbind);
 919         return (0);
 920 }
 921 
 922 static int
 923 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
 924 {
 925         char name[256];
 926         int retval;
 927         major_t major;
 928 
 929         if (ulen == 0)
 930                 return (EINVAL);
 931         if ((retval = copyinstr(uname, name,
 932             (ulen < 256) ? ulen : 256, 0)) != 0)
 933                 return (retval);
 934         if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
 935                 return (ENODEV);
 936         if (copyout(&major, umajorp, sizeof (major_t)) != 0)
 937                 return (EFAULT);
 938         return (0);
 939 }
 940 
 941 static char **
 942 convert_constraint_string(char *constraints, size_t len)
 943 {
 944         int     i;
 945         int     n;
 946         char    *p;
 947         char    **array;
 948 
 949         ASSERT(constraints != NULL);
 950         ASSERT(len > 0);
 951 
 952         for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
 953                 ;
 954 
 955         n = i;
 956 
 957         if (n == 0) {
 958                 kmem_free(constraints, len);
 959                 return (NULL);
 960         }
 961 
 962         array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
 963 
 964         for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
 965                 array[i] = i_ddi_strdup(p, KM_SLEEP);
 966         }
 967         array[n] = NULL;
 968 
 969         kmem_free(constraints, len);
 970 
 971         return (array);
 972 }
 973 /*ARGSUSED*/
 974 static int
 975 modctl_retire(char *path, char *uconstraints, size_t ulen)
 976 {
 977         char    *pathbuf;
 978         char    *devpath;
 979         size_t  pathsz;
 980         int     retval;
 981         char    *constraints;
 982         char    **cons_array;
 983 
 984         if (path == NULL)
 985                 return (EINVAL);
 986 
 987         if ((uconstraints == NULL) ^ (ulen == 0))
 988                 return (EINVAL);
 989 
 990         pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
 991         retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
 992         if (retval != 0) {
 993                 kmem_free(pathbuf, MAXPATHLEN);
 994                 return (retval);
 995         }
 996         devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
 997         kmem_free(pathbuf, MAXPATHLEN);
 998 
 999         /*
1000          * First check if the device is already retired.
1001          * If it is, then persist the retire anyway, just in case the retire
1002          * store has got out of sync with the boot archive.
1003          */
1004         if (e_ddi_device_retired(devpath)) {
1005                 cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
1006                 (void) e_ddi_retire_persist(devpath);
1007                 kmem_free(devpath, strlen(devpath) + 1);
1008                 return (0);
1009         }
1010 
1011         cons_array = NULL;
1012         if (uconstraints) {
1013                 constraints = kmem_alloc(ulen, KM_SLEEP);
1014                 if (copyin(uconstraints, constraints, ulen)) {
1015                         kmem_free(constraints, ulen);
1016                         kmem_free(devpath, strlen(devpath) + 1);
1017                         return (EFAULT);
1018                 }
1019                 cons_array = convert_constraint_string(constraints, ulen);
1020         }
1021 
1022         /*
1023          * Try to retire the device first. The following
1024          * routine will return an error only if the device
1025          * is not retireable i.e. retire constraints forbid
1026          * a retire. A return of success from this routine
1027          * indicates that device is retireable.
1028          */
1029         retval = e_ddi_retire_device(devpath, cons_array);
1030         if (retval != DDI_SUCCESS) {
1031                 cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
1032                 kmem_free(devpath, strlen(devpath) + 1);
1033                 return (ENOTSUP);
1034         }
1035 
1036         /*
1037          * Ok, the retire succeeded. Persist the retire.
1038          * If retiring a nexus, we need to only persist the
1039          * nexus retire. Any children of a retired nexus
1040          * are automatically covered by the retire store
1041          * code.
1042          */
1043         retval = e_ddi_retire_persist(devpath);
1044         if (retval != 0) {
1045                 cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1046                     "%s", retval, devpath);
1047                 kmem_free(devpath, strlen(devpath) + 1);
1048                 return (retval);
1049         }
1050         if (moddebug & MODDEBUG_RETIRE)
1051                 cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1052 
1053         kmem_free(devpath, strlen(devpath) + 1);
1054         return (0);
1055 }
1056 
1057 static int
1058 modctl_is_retired(char *path, int *statep)
1059 {
1060         char    *pathbuf;
1061         char    *devpath;
1062         size_t  pathsz;
1063         int     error;
1064         int     status;
1065 
1066         if (path == NULL || statep == NULL)
1067                 return (EINVAL);
1068 
1069         pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1070         error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1071         if (error != 0) {
1072                 kmem_free(pathbuf, MAXPATHLEN);
1073                 return (error);
1074         }
1075         devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1076         kmem_free(pathbuf, MAXPATHLEN);
1077 
1078         if (e_ddi_device_retired(devpath))
1079                 status = 1;
1080         else
1081                 status = 0;
1082         kmem_free(devpath, strlen(devpath) + 1);
1083 
1084         return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1085 }
1086 
1087 static int
1088 modctl_unretire(char *path)
1089 {
1090         char    *pathbuf;
1091         char    *devpath;
1092         size_t  pathsz;
1093         int     retired;
1094         int     retval;
1095 
1096         if (path == NULL)
1097                 return (EINVAL);
1098 
1099         pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1100         retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1101         if (retval != 0) {
1102                 kmem_free(pathbuf, MAXPATHLEN);
1103                 return (retval);
1104         }
1105         devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1106         kmem_free(pathbuf, MAXPATHLEN);
1107 
1108         /*
1109          * We check if a device is retired (first) before
1110          * unpersisting the retire, because we use the
1111          * retire store to determine if a device is retired.
1112          * If we unpersist first, the device will always appear
1113          * to be unretired. For the rationale behind unpersisting
1114          * a device that is not retired, see the next comment.
1115          */
1116         retired = e_ddi_device_retired(devpath);
1117 
1118         /*
1119          * We call unpersist unconditionally because the lookup
1120          * for retired devices (e_ddi_device_retired()), skips "bypassed"
1121          * devices. We still want to be able remove "bypassed" entries
1122          * from the persistent store, so we unpersist unconditionally
1123          * i.e. whether or not the entry is found on a lookup.
1124          *
1125          * e_ddi_retire_unpersist() returns 1 if it found and cleared
1126          * an entry from the retire store or 0 otherwise.
1127          */
1128         if (e_ddi_retire_unpersist(devpath))
1129                 if (moddebug & MODDEBUG_RETIRE) {
1130                         cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1131                             devpath);
1132                 }
1133 
1134         /*
1135          * Check if the device is already unretired. If so,
1136          * the unretire becomes a NOP
1137          */
1138         if (!retired) {
1139                 cmn_err(CE_NOTE, "Not retired: %s", devpath);
1140                 kmem_free(devpath, strlen(devpath) + 1);
1141                 return (0);
1142         }
1143 
1144         retval = e_ddi_unretire_device(devpath);
1145         if (retval != 0) {
1146                 cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1147                     retval, devpath);
1148         }
1149 
1150         kmem_free(devpath, strlen(devpath) + 1);
1151 
1152         return (retval);
1153 }
1154 
1155 static int
1156 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1157 {
1158         char *name;
1159         major_t major;
1160 
1161         if (copyin(umajorp, &major, sizeof (major)) != 0)
1162                 return (EFAULT);
1163         if ((name = mod_major_to_name(major)) == NULL)
1164                 return (ENODEV);
1165         if ((strlen(name) + 1) > ulen)
1166                 return (ENOSPC);
1167         return (copyoutstr(name, uname, ulen, NULL));
1168 }
1169 
1170 static int
1171 modctl_devt2instance(dev_t dev, int *uinstancep)
1172 {
1173         int     instance;
1174 
1175         if ((instance = dev_to_instance(dev)) == -1)
1176                 return (EINVAL);
1177 
1178         return (copyout(&instance, uinstancep, sizeof (int)));
1179 }
1180 
1181 /*
1182  * Return the sizeof of the device id.
1183  */
1184 static int
1185 modctl_sizeof_devid(dev_t dev, uint_t *len)
1186 {
1187         uint_t          sz;
1188         ddi_devid_t     devid;
1189 
1190         /* get device id */
1191         if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1192                 return (EINVAL);
1193 
1194         sz = ddi_devid_sizeof(devid);
1195         ddi_devid_free(devid);
1196 
1197         /* copyout device id size */
1198         if (copyout(&sz, len, sizeof (sz)) != 0)
1199                 return (EFAULT);
1200 
1201         return (0);
1202 }
1203 
1204 /*
1205  * Return a copy of the device id.
1206  */
1207 static int
1208 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1209 {
1210         uint_t          sz;
1211         ddi_devid_t     devid;
1212         int             err = 0;
1213 
1214         /* get device id */
1215         if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1216                 return (EINVAL);
1217 
1218         sz = ddi_devid_sizeof(devid);
1219 
1220         /* Error if device id is larger than space allocated */
1221         if (sz > len) {
1222                 ddi_devid_free(devid);
1223                 return (ENOSPC);
1224         }
1225 
1226         /* copy out device id */
1227         if (copyout(devid, udevid, sz) != 0)
1228                 err = EFAULT;
1229         ddi_devid_free(devid);
1230         return (err);
1231 }
1232 
1233 /*
1234  * return the /devices paths associated with the specified devid and
1235  * minor name.
1236  */
1237 /*ARGSUSED*/
1238 static int
1239 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1240     size_t *ulensp, char *upaths)
1241 {
1242         ddi_devid_t     devid = NULL;
1243         int             devid_len;
1244         char            *minor_name = NULL;
1245         dev_info_t      *dip = NULL;
1246         int             circ;
1247         struct ddi_minor_data   *dmdp;
1248         char            *path = NULL;
1249         int             ulens;
1250         int             lens;
1251         int             len;
1252         dev_t           *devlist = NULL;
1253         int             ndevs;
1254         int             i;
1255         int             ret = 0;
1256 
1257         /*
1258          * If upaths is NULL then we are only computing the amount of space
1259          * needed to hold the paths and returning the value in *ulensp. If we
1260          * are copying out paths then we get the amount of space allocated by
1261          * the caller. If the actual space needed for paths is larger, or
1262          * things are changing out from under us, then we return EAGAIN.
1263          */
1264         if (upaths) {
1265                 if (ulensp == NULL)
1266                         return (EINVAL);
1267                 if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1268                         return (EFAULT);
1269         }
1270 
1271         /*
1272          * copyin enough of the devid to determine the length then
1273          * reallocate and copy in the entire devid.
1274          */
1275         devid_len = ddi_devid_sizeof(NULL);
1276         devid = kmem_alloc(devid_len, KM_SLEEP);
1277         if (copyin(udevid, devid, devid_len)) {
1278                 ret = EFAULT;
1279                 goto out;
1280         }
1281         len = devid_len;
1282         devid_len = ddi_devid_sizeof(devid);
1283         kmem_free(devid, len);
1284         devid = kmem_alloc(devid_len, KM_SLEEP);
1285         if (copyin(udevid, devid, devid_len)) {
1286                 ret = EFAULT;
1287                 goto out;
1288         }
1289 
1290         /* copyin the minor name if specified. */
1291         minor_name = uminor_name;
1292         if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1293             (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1294             (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1295                 minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1296                 if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1297                         ret = EFAULT;
1298                         goto out;
1299                 }
1300         }
1301 
1302         /*
1303          * Use existing function to resolve the devid into a devlist.
1304          *
1305          * NOTE: there is a loss of spectype information in the current
1306          * ddi_lyr_devid_to_devlist implementation. We work around this by not
1307          * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1308          * node forms in the loop processing the devlist below. It would be
1309          * best if at some point the use of this interface here was replaced
1310          * with a path oriented call.
1311          */
1312         if (ddi_lyr_devid_to_devlist(devid,
1313             (minor_name == DEVID_MINOR_NAME_ALL) ?
1314             DEVID_MINOR_NAME_ALL_CHR : minor_name,
1315             &ndevs, &devlist) != DDI_SUCCESS) {
1316                 ret = EINVAL;
1317                 goto out;
1318         }
1319 
1320         /*
1321          * loop over the devlist, converting each devt to a path and doing
1322          * a copyout of the path and computation of the amount of space
1323          * needed to hold all the paths
1324          */
1325         path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1326         for (i = 0, lens = 0; i < ndevs; i++) {
1327 
1328                 /* find the dip associated with the dev_t */
1329                 if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1330                         continue;
1331 
1332                 /* loop over all the minor nodes, skipping ones we don't want */
1333                 ndi_devi_enter(dip, &circ);
1334                 for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1335                         if ((dmdp->ddm_dev != devlist[i]) ||
1336                             (dmdp->type != DDM_MINOR))
1337                                 continue;
1338 
1339                         if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1340                             (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1341                             (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1342                             strcmp(minor_name, dmdp->ddm_name))
1343                                 continue;
1344                         else {
1345                                 if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1346                                     (dmdp->ddm_spec_type != S_IFCHR))
1347                                         continue;
1348                                 if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1349                                     (dmdp->ddm_spec_type != S_IFBLK))
1350                                         continue;
1351                         }
1352 
1353                         (void) ddi_pathname_minor(dmdp, path);
1354                         len = strlen(path) + 1;
1355                         *(path + len) = '\0';   /* set double termination */
1356                         lens += len;
1357 
1358                         /* copyout the path with double terminations */
1359                         if (upaths) {
1360                                 if (lens > ulens) {
1361                                         ret = EAGAIN;
1362                                         goto out;
1363                                 }
1364                                 if (copyout(path, upaths, len + 1)) {
1365                                         ret = EFAULT;
1366                                         goto out;
1367                                 }
1368                                 upaths += len;
1369                         }
1370                 }
1371                 ndi_devi_exit(dip, circ);
1372                 ddi_release_devi(dip);
1373                 dip = NULL;
1374         }
1375         lens++;         /* add one for double termination */
1376 
1377         /* copy out the amount of space needed to hold the paths */
1378         if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1379                 ret = EFAULT;
1380                 goto out;
1381         }
1382         ret = 0;
1383 
1384 out:    if (dip) {
1385                 ndi_devi_exit(dip, circ);
1386                 ddi_release_devi(dip);
1387         }
1388         if (path)
1389                 kmem_free(path, MAXPATHLEN);
1390         if (devlist)
1391                 ddi_lyr_free_devlist(devlist, ndevs);
1392         if (minor_name &&
1393             (minor_name != DEVID_MINOR_NAME_ALL) &&
1394             (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1395             (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1396                 kmem_free(minor_name, MAXPATHLEN);
1397         if (devid)
1398                 kmem_free(devid, devid_len);
1399         return (ret);
1400 }
1401 
1402 /*
1403  * Return the size of the minor name.
1404  */
1405 static int
1406 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1407 {
1408         uint_t  sz;
1409         char    *name;
1410 
1411         /* get the minor name */
1412         if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1413                 return (EINVAL);
1414 
1415         sz = strlen(name) + 1;
1416         kmem_free(name, sz);
1417 
1418         /* copy out the size of the minor name */
1419         if (copyout(&sz, len, sizeof (sz)) != 0)
1420                 return (EFAULT);
1421 
1422         return (0);
1423 }
1424 
1425 /*
1426  * Return the minor name.
1427  */
1428 static int
1429 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1430 {
1431         uint_t  sz;
1432         char    *name;
1433         int     err = 0;
1434 
1435         /* get the minor name */
1436         if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1437                 return (EINVAL);
1438 
1439         sz = strlen(name) + 1;
1440 
1441         /* Error if the minor name is larger than the space allocated */
1442         if (sz > len) {
1443                 kmem_free(name, sz);
1444                 return (ENOSPC);
1445         }
1446 
1447         /* copy out the minor name */
1448         if (copyout(name, uname, sz) != 0)
1449                 err = EFAULT;
1450         kmem_free(name, sz);
1451         return (err);
1452 }
1453 
1454 /*
1455  * Return the size of the (dev_t,spectype) devfspath name.
1456  */
1457 static int
1458 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1459 {
1460         uint_t  sz;
1461         char    *name;
1462 
1463         /* get the path name */
1464         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1465         if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1466                 kmem_free(name, MAXPATHLEN);
1467                 return (EINVAL);
1468         }
1469 
1470         sz = strlen(name) + 1;
1471         kmem_free(name, MAXPATHLEN);
1472 
1473         /* copy out the size of the path name */
1474         if (copyout(&sz, len, sizeof (sz)) != 0)
1475                 return (EFAULT);
1476 
1477         return (0);
1478 }
1479 
1480 /*
1481  * Return the (dev_t,spectype) devfspath name.
1482  */
1483 static int
1484 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1485 {
1486         uint_t  sz;
1487         char    *name;
1488         int     err = 0;
1489 
1490         /* get the path name */
1491         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1492         if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1493                 kmem_free(name, MAXPATHLEN);
1494                 return (EINVAL);
1495         }
1496 
1497         sz = strlen(name) + 1;
1498 
1499         /* Error if the path name is larger than the space allocated */
1500         if (sz > len) {
1501                 kmem_free(name, MAXPATHLEN);
1502                 return (ENOSPC);
1503         }
1504 
1505         /* copy out the path name */
1506         if (copyout(name, uname, sz) != 0)
1507                 err = EFAULT;
1508         kmem_free(name, MAXPATHLEN);
1509         return (err);
1510 }
1511 
1512 /*
1513  * Return the size of the (major,instance) devfspath name.
1514  */
1515 static int
1516 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1517 {
1518         uint_t  sz;
1519         char    *name;
1520 
1521         /* get the path name */
1522         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1523         if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1524                 kmem_free(name, MAXPATHLEN);
1525                 return (EINVAL);
1526         }
1527 
1528         sz = strlen(name) + 1;
1529         kmem_free(name, MAXPATHLEN);
1530 
1531         /* copy out the size of the path name */
1532         if (copyout(&sz, len, sizeof (sz)) != 0)
1533                 return (EFAULT);
1534 
1535         return (0);
1536 }
1537 
1538 /*
1539  * Return the (major_instance) devfspath name.
1540  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1541  * return a path - it uses the instance tree.
1542  */
1543 static int
1544 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1545 {
1546         uint_t  sz;
1547         char    *name;
1548         int     err = 0;
1549 
1550         /* get the path name */
1551         name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1552         if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1553                 kmem_free(name, MAXPATHLEN);
1554                 return (EINVAL);
1555         }
1556 
1557         sz = strlen(name) + 1;
1558 
1559         /* Error if the path name is larger than the space allocated */
1560         if (sz > len) {
1561                 kmem_free(name, MAXPATHLEN);
1562                 return (ENOSPC);
1563         }
1564 
1565         /* copy out the path name */
1566         if (copyout(name, uname, sz) != 0)
1567                 err = EFAULT;
1568         kmem_free(name, MAXPATHLEN);
1569         return (err);
1570 }
1571 
1572 static int
1573 modctl_get_fbname(char *path)
1574 {
1575         extern dev_t fbdev;
1576         char *pathname = NULL;
1577         int rval = 0;
1578 
1579         /* make sure fbdev is set before we plunge in */
1580         if (fbdev == NODEV)
1581                 return (ENODEV);
1582 
1583         pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1584         if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1585             pathname)) == DDI_SUCCESS) {
1586                 if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1587                         rval = EFAULT;
1588                 }
1589         }
1590         kmem_free(pathname, MAXPATHLEN);
1591         return (rval);
1592 }
1593 
1594 /*
1595  * modctl_reread_dacf()
1596  *      Reread the dacf rules database from the named binding file.
1597  *      If NULL is specified, pass along the NULL, it means 'use the default'.
1598  */
1599 static int
1600 modctl_reread_dacf(char *path)
1601 {
1602         int rval = 0;
1603         char *filename, *filenamep;
1604 
1605         filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1606 
1607         if (path == NULL) {
1608                 filenamep = NULL;
1609         } else {
1610                 if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1611                         rval = EFAULT;
1612                         goto out;
1613                 }
1614                 filenamep = filename;
1615                 filenamep[MAXPATHLEN - 1] = '\0';
1616         }
1617 
1618         rval = read_dacf_binding_file(filenamep);
1619 out:
1620         kmem_free(filename, MAXPATHLEN);
1621         return (rval);
1622 }
1623 
1624 /*ARGSUSED*/
1625 static int
1626 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1627     uint_t flag)
1628 {
1629         int error = 0;
1630         char *filenamep;
1631 
1632         switch (subcmd) {
1633 
1634         case MODEVENTS_FLUSH:
1635                 /* flush all currently queued events */
1636                 log_sysevent_flushq(subcmd, flag);
1637                 break;
1638 
1639         case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1640                 /*
1641                  * bind door_upcall to filename
1642                  * this should only be done once per invocation
1643                  * of the event daemon.
1644                  */
1645 
1646                 filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1647 
1648                 if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1649                         error = EFAULT;
1650                 } else {
1651                         error = log_sysevent_filename(filenamep);
1652                 }
1653                 kmem_free(filenamep, MOD_MAXPATH);
1654                 break;
1655 
1656         case MODEVENTS_GETDATA:
1657                 error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1658                     (size_t)a3, (caddr_t)a4);
1659                 break;
1660 
1661         case MODEVENTS_FREEDATA:
1662                 error = log_sysevent_free_data((sysevent_id_t *)a2);
1663                 break;
1664         case MODEVENTS_POST_EVENT:
1665                 error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1666                     (sysevent_id_t *)a4);
1667                 break;
1668         case MODEVENTS_REGISTER_EVENT:
1669                 error = log_sysevent_register((char *)a2, (char *)a3,
1670                     (se_pubsub_t *)a4);
1671                 break;
1672         default:
1673                 error = EINVAL;
1674         }
1675 
1676         return (error);
1677 }
1678 
1679 static void
1680 free_mperm(mperm_t *mp)
1681 {
1682         int len;
1683 
1684         if (mp->mp_minorname) {
1685                 len = strlen(mp->mp_minorname) + 1;
1686                 kmem_free(mp->mp_minorname, len);
1687         }
1688         kmem_free(mp, sizeof (mperm_t));
1689 }
1690 
1691 #define MP_NO_DRV_ERR   \
1692         "/etc/minor_perm: no driver for %s\n"
1693 
1694 #define MP_EMPTY_MINOR  \
1695         "/etc/minor_perm: empty minor name for driver %s\n"
1696 
1697 #define MP_NO_MINOR     \
1698         "/etc/minor_perm: no minor matching %s for driver %s\n"
1699 
1700 /*
1701  * Remove mperm entry with matching minorname
1702  */
1703 static void
1704 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1705 {
1706         mperm_t **mp_head;
1707         mperm_t *freemp = NULL;
1708         struct devnames *dnp = &devnamesp[major];
1709         mperm_t **wildmp;
1710 
1711         ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1712 
1713         LOCK_DEV_OPS(&dnp->dn_lock);
1714         if (strcmp(mp->mp_minorname, "*") == 0) {
1715                 wildmp = ((is_clone == 0) ?
1716                     &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1717                 if (*wildmp)
1718                         freemp = *wildmp;
1719                 *wildmp = NULL;
1720         } else {
1721                 mp_head = &dnp->dn_mperm;
1722                 while (*mp_head) {
1723                         if (strcmp((*mp_head)->mp_minorname,
1724                             mp->mp_minorname) != 0) {
1725                                 mp_head = &(*mp_head)->mp_next;
1726                                 continue;
1727                         }
1728                         /* remove the entry */
1729                         freemp = *mp_head;
1730                         *mp_head = freemp->mp_next;
1731                         break;
1732                 }
1733         }
1734         if (freemp) {
1735                 if (moddebug & MODDEBUG_MINORPERM) {
1736                         cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1737                             drvname, freemp->mp_minorname,
1738                             freemp->mp_mode & 0777,
1739                             freemp->mp_uid, freemp->mp_gid);
1740                 }
1741                 free_mperm(freemp);
1742         } else {
1743                 if (moddebug & MODDEBUG_MINORPERM) {
1744                         cmn_err(CE_CONT, MP_NO_MINOR,
1745                             drvname, mp->mp_minorname);
1746                 }
1747         }
1748 
1749         UNLOCK_DEV_OPS(&dnp->dn_lock);
1750 }
1751 
1752 /*
1753  * Add minor perm entry
1754  */
1755 static void
1756 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1757 {
1758         mperm_t **mp_head;
1759         mperm_t *freemp = NULL;
1760         struct devnames *dnp = &devnamesp[major];
1761         mperm_t **wildmp;
1762 
1763         ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1764 
1765         /*
1766          * Note that update_drv replace semantics require
1767          * replacing matching entries with the new permissions.
1768          */
1769         LOCK_DEV_OPS(&dnp->dn_lock);
1770         if (strcmp(mp->mp_minorname, "*") == 0) {
1771                 wildmp = ((is_clone == 0) ?
1772                     &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1773                 if (*wildmp)
1774                         freemp = *wildmp;
1775                 *wildmp = mp;
1776         } else {
1777                 mperm_t *p, *v = NULL;
1778                 for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1779                         if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1780                                 if (v == NULL)
1781                                         dnp->dn_mperm = mp;
1782                                 else
1783                                         v->mp_next = mp;
1784                                 mp->mp_next = p->mp_next;
1785                                 freemp = p;
1786                                 goto replaced;
1787                         }
1788                 }
1789                 if (p == NULL) {
1790                         mp_head = &dnp->dn_mperm;
1791                         if (*mp_head == NULL) {
1792                                 *mp_head = mp;
1793                         } else {
1794                                 mp->mp_next = *mp_head;
1795                                 *mp_head = mp;
1796                         }
1797                 }
1798         }
1799 replaced:
1800         if (freemp) {
1801                 if (moddebug & MODDEBUG_MINORPERM) {
1802                         cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1803                             drvname, freemp->mp_minorname,
1804                             freemp->mp_mode & 0777,
1805                             freemp->mp_uid, freemp->mp_gid);
1806                 }
1807                 free_mperm(freemp);
1808         }
1809         if (moddebug & MODDEBUG_MINORPERM) {
1810                 cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1811                     drvname, mp->mp_minorname, mp->mp_mode & 0777,
1812                     mp->mp_uid, mp->mp_gid);
1813         }
1814         UNLOCK_DEV_OPS(&dnp->dn_lock);
1815 }
1816 
1817 
1818 static int
1819 process_minorperm(int cmd, nvlist_t *nvl)
1820 {
1821         char *minor;
1822         major_t major;
1823         mperm_t *mp;
1824         nvpair_t *nvp;
1825         char *name;
1826         int is_clone;
1827         major_t minmaj;
1828 
1829         ASSERT(cmd == MODLOADMINORPERM ||
1830             cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1831 
1832         nvp = NULL;
1833         while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1834                 name = nvpair_name(nvp);
1835 
1836                 is_clone = 0;
1837                 (void) nvpair_value_string(nvp, &minor);
1838                 major = ddi_name_to_major(name);
1839                 if (major != DDI_MAJOR_T_NONE) {
1840                         mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1841                         if (minor == NULL || strlen(minor) == 0) {
1842                                 if (moddebug & MODDEBUG_MINORPERM) {
1843                                         cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1844                                 }
1845                                 minor = "*";
1846                         }
1847 
1848                         /*
1849                          * The minor name of a node using the clone
1850                          * driver must be the driver name.  To avoid
1851                          * multiple searches, we map entries in the form
1852                          * clone:<driver> to <driver>:*.  This also allows us
1853                          * to filter out some of the litter in /etc/minor_perm.
1854                          * Minor perm alias entries where the name is not
1855                          * the driver kept on the clone list itself.
1856                          * This all seems very fragile as a driver could
1857                          * be introduced with an existing alias name.
1858                          */
1859                         if (strcmp(name, "clone") == 0) {
1860                                 minmaj = ddi_name_to_major(minor);
1861                                 if (minmaj != DDI_MAJOR_T_NONE) {
1862                                         if (moddebug & MODDEBUG_MINORPERM) {
1863                                                 cmn_err(CE_CONT,
1864                                                     "mapping %s:%s to %s:*\n",
1865                                                     name, minor, minor);
1866                                         }
1867                                         major = minmaj;
1868                                         name = minor;
1869                                         minor = "*";
1870                                         is_clone = 1;
1871                                 }
1872                         }
1873 
1874                         if (mp) {
1875                                 mp->mp_minorname =
1876                                     i_ddi_strdup(minor, KM_SLEEP);
1877                         }
1878                 } else {
1879                         mp = NULL;
1880                         if (moddebug & MODDEBUG_MINORPERM) {
1881                                 cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1882                         }
1883                 }
1884 
1885                 /* mode */
1886                 nvp = nvlist_next_nvpair(nvl, nvp);
1887                 ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1888                 if (mp)
1889                         (void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1890                 /* uid */
1891                 nvp = nvlist_next_nvpair(nvl, nvp);
1892                 ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1893                 if (mp)
1894                         (void) nvpair_value_uint32(nvp, &mp->mp_uid);
1895                 /* gid */
1896                 nvp = nvlist_next_nvpair(nvl, nvp);
1897                 ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1898                 if (mp) {
1899                         (void) nvpair_value_uint32(nvp, &mp->mp_gid);
1900 
1901                         if (cmd == MODREMMINORPERM) {
1902                                 rem_minorperm(major, name, mp, is_clone);
1903                                 free_mperm(mp);
1904                         } else {
1905                                 add_minorperm(major, name, mp, is_clone);
1906                         }
1907                 }
1908         }
1909 
1910         if (cmd == MODLOADMINORPERM)
1911                 minorperm_loaded = 1;
1912 
1913         /*
1914          * Reset permissions of cached dv_nodes
1915          */
1916         (void) devfs_reset_perm(DV_RESET_PERM);
1917 
1918         return (0);
1919 }
1920 
1921 static int
1922 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1923 {
1924         int error;
1925         nvlist_t *nvl;
1926         char *buf = kmem_alloc(buflen, KM_SLEEP);
1927 
1928         if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1929                 kmem_free(buf, buflen);
1930                 return (error);
1931         }
1932 
1933         error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1934         kmem_free(buf, buflen);
1935         if (error)
1936                 return (error);
1937 
1938         error = process_minorperm(cmd, nvl);
1939         nvlist_free(nvl);
1940         return (error);
1941 }
1942 
1943 struct walk_args {
1944         char            *wa_drvname;
1945         list_t          wa_pathlist;
1946 };
1947 
1948 struct path_elem {
1949         char            *pe_dir;
1950         char            *pe_nodename;
1951         list_node_t     pe_node;
1952         int             pe_dirlen;
1953 };
1954 
1955 /*ARGSUSED*/
1956 static int
1957 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1958 {
1959         struct walk_args *wargs = (struct walk_args *)arg;
1960         struct path_elem *pe;
1961         char *nodename;
1962 
1963         /*
1964          * Search may be restricted to a single driver in the case of rem_drv
1965          */
1966         if (wargs->wa_drvname &&
1967             strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1968                 return (INST_WALK_CONTINUE);
1969 
1970         pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1971         pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1972         pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1973         ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1974         nodename = strrchr(pe->pe_dir, '/');
1975         *nodename++ = 0;
1976         pe->pe_nodename = nodename;
1977         list_insert_tail(&wargs->wa_pathlist, pe);
1978 
1979         return (INST_WALK_CONTINUE);
1980 }
1981 
1982 /*
1983  * /devices attribute nodes clean-up optionally performed
1984  * when removing a driver (rem_drv -C).
1985  *
1986  * Removing attribute nodes allows a machine to be reprovisioned
1987  * without the side-effect of inadvertently picking up stale
1988  * device node ownership or permissions.
1989  *
1990  * Preserving attributes (not performing cleanup) allows devices
1991  * attribute changes to be preserved across upgrades, as
1992  * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1993  */
1994 static int
1995 modctl_remdrv_cleanup(const char *u_drvname)
1996 {
1997         struct walk_args *wargs;
1998         struct path_elem *pe;
1999         char *drvname;
2000         int err, rval = 0;
2001 
2002         drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
2003         if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
2004                 kmem_free(drvname, MAXMODCONFNAME);
2005                 return (err);
2006         }
2007 
2008         /*
2009          * First go through the instance database.  For each
2010          * instance of a device bound to the driver being
2011          * removed, remove any underlying devfs attribute nodes.
2012          *
2013          * This is a two-step process.  First we go through
2014          * the instance data itself, constructing a list of
2015          * the nodes discovered.  The second step is then
2016          * to find and remove any devfs attribute nodes
2017          * for the instances discovered in the first step.
2018          * The two-step process avoids any difficulties
2019          * which could arise by holding the instance data
2020          * lock with simultaneous devfs operations.
2021          */
2022         wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2023 
2024         wargs->wa_drvname = drvname;
2025         list_create(&wargs->wa_pathlist,
2026             sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2027 
2028         (void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2029 
2030         for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2031             pe = list_next(&wargs->wa_pathlist, pe)) {
2032                 err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2033                     (const char *)pe->pe_nodename);
2034                 if (rval == 0)
2035                         rval = err;
2036         }
2037 
2038         while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2039                 list_remove(&wargs->wa_pathlist, pe);
2040                 kmem_free(pe->pe_dir, pe->pe_dirlen);
2041                 kmem_free(pe, sizeof (*pe));
2042         }
2043         kmem_free(wargs, sizeof (*wargs));
2044 
2045         /*
2046          * Pseudo nodes aren't recorded in the instance database
2047          * so any such nodes need to be handled separately.
2048          */
2049         err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2050         if (rval == 0)
2051                 rval = err;
2052 
2053         kmem_free(drvname, MAXMODCONFNAME);
2054         return (rval);
2055 }
2056 
2057 /*
2058  * Perform a cleanup of non-existent /devices attribute nodes,
2059  * similar to rem_drv -C, but for all drivers/devices.
2060  * This is also optional, performed as part of devfsadm -C.
2061  */
2062 void
2063 dev_devices_cleanup()
2064 {
2065         struct walk_args *wargs;
2066         struct path_elem *pe;
2067         dev_info_t *devi;
2068         char *path;
2069         int err;
2070 
2071         /*
2072          * It's expected that all drivers have been loaded and
2073          * module unloading disabled while performing cleanup.
2074          */
2075         ASSERT(modunload_disable_count > 0);
2076 
2077         wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2078         wargs->wa_drvname = NULL;
2079         list_create(&wargs->wa_pathlist,
2080             sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2081 
2082         (void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2083 
2084         path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2085 
2086         for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2087             pe = list_next(&wargs->wa_pathlist, pe)) {
2088                 (void) snprintf(path, MAXPATHLEN, "%s/%s",
2089                     pe->pe_dir, pe->pe_nodename);
2090                 devi = e_ddi_hold_devi_by_path(path, 0);
2091                 if (devi != NULL) {
2092                         ddi_release_devi(devi);
2093                 } else {
2094                         err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2095                             (const char *)pe->pe_nodename);
2096                         if (err) {
2097                                 cmn_err(CE_CONT,
2098                                     "devfs: %s: clean-up error %d\n",
2099                                     path, err);
2100                         }
2101                 }
2102         }
2103 
2104         while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2105                 list_remove(&wargs->wa_pathlist, pe);
2106                 kmem_free(pe->pe_dir, pe->pe_dirlen);
2107                 kmem_free(pe, sizeof (*pe));
2108         }
2109         kmem_free(wargs, sizeof (*wargs));
2110         kmem_free(path, MAXPATHLEN);
2111 }
2112 
2113 static int
2114 modctl_allocpriv(const char *name)
2115 {
2116         char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2117         int error;
2118 
2119         if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2120                 kmem_free(pstr, PRIVNAME_MAX);
2121                 return (error);
2122         }
2123         error = priv_getbyname(pstr, PRIV_ALLOC);
2124         if (error < 0)
2125                 error = -error;
2126         else
2127                 error = 0;
2128         kmem_free(pstr, PRIVNAME_MAX);
2129         return (error);
2130 }
2131 
2132 static int
2133 modctl_devexists(const char *upath, int pathlen)
2134 {
2135         char    *path;
2136         int     ret;
2137 
2138         /*
2139          * copy in the path, including the terminating null
2140          */
2141         pathlen++;
2142         if (pathlen <= 1 || pathlen > MAXPATHLEN)
2143                 return (EINVAL);
2144         path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2145         if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2146                 ret = sdev_modctl_devexists(path);
2147         }
2148 
2149         kmem_free(path, pathlen + 1);
2150         return (ret);
2151 }
2152 
2153 static int
2154 modctl_devreaddir(const char *udir, int udirlen,
2155     char *upaths, int64_t *ulensp)
2156 {
2157         char    *paths = NULL;
2158         char    **dirlist = NULL;
2159         char    *dir;
2160         int64_t ulens;
2161         int64_t lens;
2162         int     i, n;
2163         int     ret = 0;
2164         char    *p;
2165         int     npaths;
2166         int     npaths_alloc;
2167 
2168         /*
2169          * If upaths is NULL then we are only computing the amount of space
2170          * needed to return the paths, with the value returned in *ulensp. If we
2171          * are copying out paths then we get the amount of space allocated by
2172          * the caller. If the actual space needed for paths is larger, or
2173          * things are changing out from under us, then we return EAGAIN.
2174          */
2175         if (upaths) {
2176                 if (ulensp == NULL)
2177                         return (EINVAL);
2178                 if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2179                         return (EFAULT);
2180         }
2181 
2182         /*
2183          * copyin the /dev path including terminating null
2184          */
2185         udirlen++;
2186         if (udirlen <= 1 || udirlen > MAXPATHLEN)
2187                 return (EINVAL);
2188         dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2189         if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2190                 goto err;
2191 
2192         if ((ret = sdev_modctl_readdir(dir, &dirlist,
2193             &npaths, &npaths_alloc, 0)) != 0) {
2194                 ASSERT(dirlist == NULL);
2195                 goto err;
2196         }
2197 
2198         lens = 0;
2199         for (i = 0; i < npaths; i++) {
2200                 lens += strlen(dirlist[i]) + 1;
2201         }
2202         lens++;         /* add one for double termination */
2203 
2204         if (upaths) {
2205                 if (lens > ulens) {
2206                         ret = EAGAIN;
2207                         goto out;
2208                 }
2209 
2210                 paths = kmem_alloc(lens, KM_SLEEP);
2211 
2212                 p = paths;
2213                 for (i = 0; i < npaths; i++) {
2214                         n = strlen(dirlist[i]) + 1;
2215                         bcopy(dirlist[i], p, n);
2216                         p += n;
2217                 }
2218                 *p = 0;
2219 
2220                 if (copyout(paths, upaths, lens)) {
2221                         ret = EFAULT;
2222                         goto err;
2223                 }
2224         }
2225 
2226 out:
2227         /* copy out the amount of space needed to hold the paths */
2228         if (copyout(&lens, ulensp, sizeof (lens)))
2229                 ret = EFAULT;
2230 
2231 err:
2232         if (dirlist)
2233                 sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2234         if (paths)
2235                 kmem_free(paths, lens);
2236         kmem_free(dir, udirlen + 1);
2237         return (ret);
2238 }
2239 
2240 static int
2241 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2242 {
2243         char    *dir;
2244         int     ret;
2245         char    **dirlist = NULL;
2246         int     npaths;
2247         int     npaths_alloc;
2248         int     empty;
2249 
2250         /*
2251          * copyin the /dev path including terminating null
2252          */
2253         udirlen++;
2254         if (udirlen <= 1 || udirlen > MAXPATHLEN)
2255                 return (EINVAL);
2256         dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2257         if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2258                 goto err;
2259 
2260         if ((ret = sdev_modctl_readdir(dir, &dirlist,
2261             &npaths, &npaths_alloc, 1)) != 0) {
2262                 goto err;
2263         }
2264 
2265         empty = npaths ? 0 : 1;
2266         if (copyout(&empty, uempty, sizeof (empty)))
2267                 ret = EFAULT;
2268 
2269 err:
2270         if (dirlist)
2271                 sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2272         kmem_free(dir, udirlen + 1);
2273         return (ret);
2274 }
2275 
2276 static int
2277 modctl_hp(int subcmd, const char *path, char *cn_name, uintptr_t arg,
2278     uintptr_t rval)
2279 {
2280         int error = 0;
2281         size_t pathsz, namesz;
2282         char *devpath, *cn_name_str;
2283 
2284         if (path == NULL)
2285                 return (EINVAL);
2286 
2287         devpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
2288         error = copyinstr(path, devpath, MAXPATHLEN, &pathsz);
2289         if (error != 0) {
2290                 kmem_free(devpath, MAXPATHLEN);
2291                 return (EFAULT);
2292         }
2293 
2294         cn_name_str = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2295         error = copyinstr(cn_name, cn_name_str, MAXNAMELEN, &namesz);
2296         if (error != 0) {
2297                 kmem_free(devpath, MAXPATHLEN);
2298                 kmem_free(cn_name_str, MAXNAMELEN);
2299 
2300                 return (EFAULT);
2301         }
2302 
2303         switch (subcmd) {
2304         case MODHPOPS_CHANGE_STATE:
2305                 error = ddihp_modctl(DDI_HPOP_CN_CHANGE_STATE, devpath,
2306                     cn_name_str, arg, 0);
2307                 break;
2308         case MODHPOPS_CREATE_PORT:
2309                 /* Create an empty PORT */
2310                 error = ddihp_modctl(DDI_HPOP_CN_CREATE_PORT, devpath,
2311                     cn_name_str, 0, 0);
2312                 break;
2313         case MODHPOPS_REMOVE_PORT:
2314                 /* Remove an empty PORT */
2315                 error = ddihp_modctl(DDI_HPOP_CN_REMOVE_PORT, devpath,
2316                     cn_name_str, 0, 0);
2317                 break;
2318         case MODHPOPS_BUS_GET:
2319                 error = ddihp_modctl(DDI_HPOP_CN_GET_PROPERTY, devpath,
2320                     cn_name_str, arg, rval);
2321                 break;
2322         case MODHPOPS_BUS_SET:
2323                 error = ddihp_modctl(DDI_HPOP_CN_SET_PROPERTY, devpath,
2324                     cn_name_str, arg, rval);
2325                 break;
2326         default:
2327                 error = ENOTSUP;
2328                 break;
2329         }
2330 
2331         kmem_free(devpath, MAXPATHLEN);
2332         kmem_free(cn_name_str, MAXNAMELEN);
2333 
2334         return (error);
2335 }
2336 
2337 int
2338 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2339 {
2340         int error = 0;
2341 
2342         switch (subcmd) {
2343         case MODDEVNAME_LOOKUPDOOR:
2344                 error = devname_filename_register((char *)a1);
2345                 break;
2346         case MODDEVNAME_PROFILE:
2347                 error = devname_profile_update((char *)a1, (size_t)a2);
2348                 break;
2349         case MODDEVNAME_RECONFIG:
2350                 i_ddi_set_reconfig();
2351                 break;
2352         case MODDEVNAME_SYSAVAIL:
2353                 i_ddi_set_sysavail();
2354                 break;
2355         default:
2356                 error = EINVAL;
2357                 break;
2358         }
2359 
2360         return (error);
2361 }
2362 
2363 /*ARGSUSED5*/
2364 int
2365 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2366     uintptr_t a5)
2367 {
2368         int     error = EINVAL;
2369         dev_t   dev;
2370 
2371         if (secpolicy_modctl(CRED(), cmd) != 0)
2372                 return (set_errno(EPERM));
2373 
2374         switch (cmd) {
2375         case MODLOAD:           /* load a module */
2376                 error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2377                 break;
2378 
2379         case MODUNLOAD:         /* unload a module */
2380                 error = modctl_modunload((modid_t)a1);
2381                 break;
2382 
2383         case MODINFO:           /* get module status */
2384                 error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2385                 break;
2386 
2387         case MODRESERVED:       /* get last major number in range */
2388                 error = modctl_modreserve((modid_t)a1, (int *)a2);
2389                 break;
2390 
2391         case MODSETMINIROOT:    /* we are running in miniroot */
2392                 isminiroot = 1;
2393                 error = 0;
2394                 break;
2395 
2396         case MODADDMAJBIND:     /* add major / driver alias bindings */
2397                 error = modctl_add_driver_aliases((int *)a2);
2398                 break;
2399 
2400         case MODGETPATHLEN:     /* get modpath length */
2401                 error = modctl_getmodpathlen((int *)a2);
2402                 break;
2403 
2404         case MODGETPATH:        /* get modpath */
2405                 error = modctl_getmodpath((char *)a2);
2406                 break;
2407 
2408         case MODREADSYSBIND:    /* read system call binding file */
2409                 error = modctl_read_sysbinding_file();
2410                 break;
2411 
2412         case MODGETMAJBIND:     /* get major number for named device */
2413                 error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2414                 break;
2415 
2416         case MODGETNAME:        /* get name of device given major number */
2417                 error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2418                 break;
2419 
2420         case MODDEVT2INSTANCE:
2421                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2422                         dev = (dev_t)a1;
2423                 }
2424 #ifdef _SYSCALL32_IMPL
2425                 else {
2426                         dev = expldev(a1);
2427                 }
2428 #endif
2429                 error = modctl_devt2instance(dev, (int *)a2);
2430                 break;
2431 
2432         case MODSIZEOF_DEVID:   /* sizeof device id of device given dev_t */
2433                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2434                         dev = (dev_t)a1;
2435                 }
2436 #ifdef _SYSCALL32_IMPL
2437                 else {
2438                         dev = expldev(a1);
2439                 }
2440 #endif
2441                 error = modctl_sizeof_devid(dev, (uint_t *)a2);
2442                 break;
2443 
2444         case MODGETDEVID:       /* get device id of device given dev_t */
2445                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2446                         dev = (dev_t)a1;
2447                 }
2448 #ifdef _SYSCALL32_IMPL
2449                 else {
2450                         dev = expldev(a1);
2451                 }
2452 #endif
2453                 error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2454                 break;
2455 
2456         case MODSIZEOF_MINORNAME:       /* sizeof minor nm (dev_t,spectype) */
2457                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2458                         error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2459                             (uint_t *)a3);
2460                 }
2461 #ifdef _SYSCALL32_IMPL
2462                 else {
2463                         error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2464                             (uint_t *)a3);
2465                 }
2466 
2467 #endif
2468                 break;
2469 
2470         case MODGETMINORNAME:           /* get minor name of (dev_t,spectype) */
2471                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2472                         error = modctl_get_minorname((dev_t)a1, (int)a2,
2473                             (uint_t)a3, (char *)a4);
2474                 }
2475 #ifdef _SYSCALL32_IMPL
2476                 else {
2477                         error = modctl_get_minorname(expldev(a1), (int)a2,
2478                             (uint_t)a3, (char *)a4);
2479                 }
2480 #endif
2481                 break;
2482 
2483         case MODGETDEVFSPATH_LEN:       /* sizeof path nm of (dev_t,spectype) */
2484                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2485                         error = modctl_devfspath_len((dev_t)a1, (int)a2,
2486                             (uint_t *)a3);
2487                 }
2488 #ifdef _SYSCALL32_IMPL
2489                 else {
2490                         error = modctl_devfspath_len(expldev(a1), (int)a2,
2491                             (uint_t *)a3);
2492                 }
2493 
2494 #endif
2495                 break;
2496 
2497         case MODGETDEVFSPATH:           /* get path name of (dev_t,spec) type */
2498                 if (get_udatamodel() == DATAMODEL_NATIVE) {
2499                         error = modctl_devfspath((dev_t)a1, (int)a2,
2500                             (uint_t)a3, (char *)a4);
2501                 }
2502 #ifdef _SYSCALL32_IMPL
2503                 else {
2504                         error = modctl_devfspath(expldev(a1), (int)a2,
2505                             (uint_t)a3, (char *)a4);
2506                 }
2507 #endif
2508                 break;
2509 
2510         case MODGETDEVFSPATH_MI_LEN:    /* sizeof path nm of (major,instance) */
2511                 error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2512                     (uint_t *)a3);
2513                 break;
2514 
2515         case MODGETDEVFSPATH_MI:        /* get path name of (major,instance) */
2516                 error = modctl_devfspath_mi((major_t)a1, (int)a2,
2517                     (uint_t)a3, (char *)a4);
2518                 break;
2519 
2520 
2521         case MODEVENTS:
2522                 error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2523                 break;
2524 
2525         case MODGETFBNAME:      /* get the framebuffer name */
2526                 error = modctl_get_fbname((char *)a1);
2527                 break;
2528 
2529         case MODREREADDACF:     /* reread dacf rule database from given file */
2530                 error = modctl_reread_dacf((char *)a1);
2531                 break;
2532 
2533         case MODLOADDRVCONF:    /* load driver.conf file for major */
2534                 error = modctl_load_drvconf((major_t)a1, (int)a2);
2535                 break;
2536 
2537         case MODUNLOADDRVCONF:  /* unload driver.conf file for major */
2538                 error = modctl_unload_drvconf((major_t)a1);
2539                 break;
2540 
2541         case MODREMMAJBIND:     /* remove a major binding */
2542                 error = modctl_rem_major((major_t)a1);
2543                 break;
2544 
2545         case MODREMDRVALIAS:    /* remove a major/alias binding */
2546                 error = modctl_remove_driver_aliases((int *)a2);
2547                 break;
2548 
2549         case MODDEVID2PATHS:    /* get paths given devid */
2550                 error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2551                     (uint_t)a3, (size_t *)a4, (char *)a5);
2552                 break;
2553 
2554         case MODSETDEVPOLICY:   /* establish device policy */
2555                 error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2556                 break;
2557 
2558         case MODGETDEVPOLICY:   /* get device policy */
2559                 error = devpolicy_get((int *)a1, (size_t)a2,
2560                     (devplcysys_t *)a3);
2561                 break;
2562 
2563         case MODALLOCPRIV:
2564                 error = modctl_allocpriv((const char *)a1);
2565                 break;
2566 
2567         case MODGETDEVPOLICYBYNAME:
2568                 error = devpolicy_getbyname((size_t)a1,
2569                     (devplcysys_t *)a2, (char *)a3);
2570                 break;
2571 
2572         case MODLOADMINORPERM:
2573         case MODADDMINORPERM:
2574         case MODREMMINORPERM:
2575                 error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2576                 break;
2577 
2578         case MODREMDRVCLEANUP:
2579                 error = modctl_remdrv_cleanup((const char *)a1);
2580                 break;
2581 
2582         case MODDEVEXISTS:      /* non-reconfiguring /dev lookup */
2583                 error = modctl_devexists((const char *)a1, (size_t)a2);
2584                 break;
2585 
2586         case MODDEVREADDIR:     /* non-reconfiguring /dev readdir */
2587                 error = modctl_devreaddir((const char *)a1, (size_t)a2,
2588                     (char *)a3, (int64_t *)a4);
2589                 break;
2590 
2591         case MODDEVEMPTYDIR:    /* non-reconfiguring /dev emptydir */
2592                 error = modctl_devemptydir((const char *)a1, (size_t)a2,
2593                     (int *)a3);
2594                 break;
2595 
2596         case MODDEVNAME:
2597                 error = modctl_moddevname((int)a1, a2, a3);
2598                 break;
2599 
2600         case MODRETIRE: /* retire device named by physpath a1 */
2601                 error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2602                 break;
2603 
2604         case MODISRETIRED:  /* check if a device is retired. */
2605                 error = modctl_is_retired((char *)a1, (int *)a2);
2606                 break;
2607 
2608         case MODUNRETIRE:       /* unretire device named by physpath a1 */
2609                 error = modctl_unretire((char *)a1);
2610                 break;
2611 
2612         case MODHPOPS:  /* hotplug operations */
2613                 /* device named by physpath a2 and Connection name a3 */
2614                 error = modctl_hp((int)a1, (char *)a2, (char *)a3, a4, a5);
2615                 break;
2616 
2617         default:
2618                 error = EINVAL;
2619                 break;
2620         }
2621 
2622         return (error ? set_errno(error) : 0);
2623 }
2624 
2625 /*
2626  * Calls to kobj_load_module()() are handled off to this routine in a
2627  * separate thread.
2628  */
2629 static void
2630 modload_thread(struct loadmt *ltp)
2631 {
2632         /* load the module and signal the creator of this thread */
2633         kmutex_t        cpr_lk;
2634         callb_cpr_t     cpr_i;
2635 
2636         mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2637         CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2638         /* borrow the devi lock from thread which invoked us */
2639         pm_borrow_lock(ltp->owner);
2640         ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2641         pm_return_lock();
2642         sema_v(&ltp->sema);
2643         mutex_enter(&cpr_lk);
2644         CALLB_CPR_EXIT(&cpr_i);
2645         mutex_destroy(&cpr_lk);
2646         thread_exit();
2647 }
2648 
2649 /*
2650  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2651  * is specified then an errno is returned, otherwise a module index is
2652  * returned (-1 on error).
2653  */
2654 static int
2655 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2656 {
2657         struct modctl *modp;
2658         size_t size;
2659         char *fullname;
2660         int retval = EINVAL;
2661         int id = -1;
2662 
2663         if (rmodp)
2664                 *rmodp = NULL;                  /* avoid garbage */
2665 
2666         if (subdir != NULL) {
2667                 /*
2668                  * refuse / in filename to prevent "../" escapes.
2669                  */
2670                 if (strchr(filename, '/') != NULL)
2671                         return (rmodp ? retval : id);
2672 
2673                 /*
2674                  * allocate enough space for <subdir>/<filename><NULL>
2675                  */
2676                 size = strlen(subdir) + strlen(filename) + 2;
2677                 fullname = kmem_zalloc(size, KM_SLEEP);
2678                 (void) sprintf(fullname, "%s/%s", subdir, filename);
2679         } else {
2680                 fullname = (char *)filename;
2681         }
2682 
2683         modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2684         if (modp != NULL) {
2685                 id = modp->mod_id;
2686                 if (rmodp) {
2687                         /* add mod_ref and return *rmodp */
2688                         mutex_enter(&mod_lock);
2689                         modp->mod_ref++;
2690                         mutex_exit(&mod_lock);
2691                         *rmodp = modp;
2692                 }
2693                 mod_release_mod(modp);
2694                 CPU_STATS_ADDQ(CPU, sys, modload, 1);
2695         }
2696 
2697 done:   if (subdir != NULL)
2698                 kmem_free(fullname, size);
2699         return (rmodp ? retval : id);
2700 }
2701 
2702 /*
2703  * This is the primary kernel interface to load a module. It loads and
2704  * installs the named module.  It does not hold mod_ref of the module, so
2705  * a module unload attempt can occur at any time - it is up to the
2706  * _fini/mod_remove implementation to determine if unload will succeed.
2707  */
2708 int
2709 modload(const char *subdir, const char *filename)
2710 {
2711         return (modrload(subdir, filename, NULL));
2712 }
2713 
2714 /*
2715  * Load a module using a series of qualified names from most specific to least
2716  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2717  *                      Value returned in *chosen
2718  * foo/bar.baz.1.2.3    3
2719  * foo/bar.baz.1.2      2
2720  * foo/bar.baz.1        1
2721  * foo/bar.baz          0
2722  *
2723  * Return the module ID on success; -1 if no module was loaded.  On success
2724  * and if 'chosen' is not NULL we also return the number of suffices that
2725  * were in the module we chose to load.
2726  */
2727 int
2728 modload_qualified(const char *subdir, const char *p1,
2729     const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2730 {
2731         char path[MOD_MAXPATH];
2732         size_t n, resid = sizeof (path);
2733         char *p = path;
2734 
2735         char **dotv;
2736         int i, rc, id;
2737         modctl_t *mp;
2738 
2739         if (p2 != NULL)
2740                 n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2741         else
2742                 n = snprintf(p, resid, "%s/%s", subdir, p1);
2743 
2744         if (n >= resid)
2745                 return (-1);
2746 
2747         p += n;
2748         resid -= n;
2749         dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2750 
2751         for (i = 0; i < suffc; i++) {
2752                 dotv[i] = p;
2753                 n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2754 
2755                 if (n >= resid) {
2756                         kmem_free(dotv, sizeof (char *) * (suffc + 1));
2757                         return (-1);
2758                 }
2759 
2760                 p += n;
2761                 resid -= n;
2762         }
2763 
2764         dotv[suffc] = p;
2765 
2766         for (i = suffc; i >= 0; i--) {
2767                 dotv[i][0] = '\0';
2768                 mp = mod_hold_installed_mod(path, 1, 1, &rc);
2769 
2770                 if (mp != NULL) {
2771                         kmem_free(dotv, sizeof (char *) * (suffc + 1));
2772                         id = mp->mod_id;
2773                         mod_release_mod(mp);
2774                         if (chosen != NULL)
2775                                 *chosen = i;
2776                         return (id);
2777                 }
2778         }
2779 
2780         kmem_free(dotv, sizeof (char *) * (suffc + 1));
2781         return (-1);
2782 }
2783 
2784 /*
2785  * Load a module.
2786  */
2787 int
2788 modloadonly(const char *subdir, const char *filename)
2789 {
2790         struct modctl *modp;
2791         char *fullname;
2792         size_t size;
2793         int id, retval;
2794 
2795         if (subdir != NULL) {
2796                 /*
2797                  * allocate enough space for <subdir>/<filename><NULL>
2798                  */
2799                 size = strlen(subdir) + strlen(filename) + 2;
2800                 fullname = kmem_zalloc(size, KM_SLEEP);
2801                 (void) sprintf(fullname, "%s/%s", subdir, filename);
2802         } else {
2803                 fullname = (char *)filename;
2804         }
2805 
2806         id = -1;
2807         modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2808         if (modp) {
2809                 id = modp->mod_id;
2810                 mod_release_mod(modp);
2811         }
2812 
2813         if (subdir != NULL)
2814                 kmem_free(fullname, size);
2815 
2816         if (retval == 0)
2817                 return (id);
2818         return (-1);
2819 }
2820 
2821 /*
2822  * Try to uninstall and unload a module, removing a reference if caller
2823  * specifies rmodp.
2824  */
2825 static int
2826 modunrload(modid_t id, struct modctl **rmodp, int unload)
2827 {
2828         struct modctl   *modp;
2829         int             retval;
2830 
2831         if (rmodp)
2832                 *rmodp = NULL;                  /* avoid garbage */
2833 
2834         if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2835                 return (EINVAL);
2836 
2837         if (rmodp) {
2838                 mutex_enter(&mod_lock);
2839                 modp->mod_ref--;
2840                 if (modp->mod_ref == 0)
2841                         mod_uninstall_ref_zero++;
2842                 mutex_exit(&mod_lock);
2843                 *rmodp = modp;
2844         }
2845 
2846         if (unload) {
2847                 retval = moduninstall(modp);
2848                 if (retval == 0) {
2849                         mod_unload(modp);
2850                         CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2851                 } else if (retval == EALREADY)
2852                         retval = 0;     /* already unloaded, not an error */
2853         } else
2854                 retval = 0;
2855 
2856         mod_release_mod(modp);
2857         return (retval);
2858 }
2859 
2860 /*
2861  * Uninstall and unload a module.
2862  */
2863 int
2864 modunload(modid_t id)
2865 {
2866         int             retval;
2867 
2868         /* synchronize with any active modunload_disable() */
2869         modunload_begin();
2870         if (ddi_root_node())
2871                 (void) devfs_clean(ddi_root_node(), NULL, 0);
2872         retval = modunrload(id, NULL, 1);
2873         modunload_end();
2874         return (retval);
2875 }
2876 
2877 /*
2878  * Return status of a loaded module.
2879  */
2880 static int
2881 modinfo(modid_t id, struct modinfo *modinfop)
2882 {
2883         struct modctl   *modp;
2884         modid_t         mid;
2885         int             i;
2886 
2887         mid = modinfop->mi_id;
2888         if (modinfop->mi_info & MI_INFO_ALL) {
2889                 while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2890                         if ((modinfop->mi_info & MI_INFO_CNT) ||
2891                             modp->mod_installed)
2892                                 break;
2893                         mod_release_mod(modp);
2894                 }
2895                 if (modp == NULL)
2896                         return (EINVAL);
2897         } else {
2898                 modp = mod_hold_by_id(id);
2899                 if (modp == NULL)
2900                         return (EINVAL);
2901                 if (!(modinfop->mi_info & MI_INFO_CNT) &&
2902                     (modp->mod_installed == 0)) {
2903                         mod_release_mod(modp);
2904                         return (EINVAL);
2905                 }
2906         }
2907 
2908         modinfop->mi_rev = 0;
2909         modinfop->mi_state = 0;
2910         for (i = 0; i < MODMAXLINK; i++) {
2911                 modinfop->mi_msinfo[i].msi_p0 = -1;
2912                 modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2913         }
2914         if (modp->mod_loaded) {
2915                 modinfop->mi_state = MI_LOADED;
2916                 kobj_getmodinfo(modp->mod_mp, modinfop);
2917         }
2918         if (modp->mod_installed) {
2919                 modinfop->mi_state |= MI_INSTALLED;
2920 
2921                 (void) mod_getinfo(modp, modinfop);
2922         }
2923 
2924         modinfop->mi_id = modp->mod_id;
2925         modinfop->mi_loadcnt = modp->mod_loadcnt;
2926         (void) strcpy(modinfop->mi_name, modp->mod_modname);
2927 
2928         mod_release_mod(modp);
2929         return (0);
2930 }
2931 
2932 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2933 static char no_err[] = "No error function for weak stub %s";
2934 
2935 /*
2936  * used by the stubs themselves to load and hold a module.
2937  * Returns  0 if the module is successfully held;
2938  *          the stub needs to call mod_release_stub().
2939  *          -1 if the stub should just call the err_fcn.
2940  * Note that this code is stretched out so that we avoid subroutine calls
2941  * and optimize for the most likely case.  That is, the case where the
2942  * module is loaded and installed and not held.  In that case we just inc
2943  * the mod_ref count and continue.
2944  */
2945 int
2946 mod_hold_stub(struct mod_stub_info *stub)
2947 {
2948         struct modctl *mp;
2949         struct mod_modinfo *mip;
2950 
2951         mip = stub->mods_modinfo;
2952 
2953         mutex_enter(&mod_lock);
2954 
2955         /* we do mod_hold_by_modctl inline for speed */
2956 
2957 mod_check_again:
2958         if ((mp = mip->mp) != NULL) {
2959                 if (mp->mod_busy == 0) {
2960                         if (mp->mod_installed) {
2961                                 /* increment the reference count */
2962                                 mp->mod_ref++;
2963                                 ASSERT(mp->mod_ref && mp->mod_installed);
2964                                 mutex_exit(&mod_lock);
2965                                 return (0);
2966                         } else {
2967                                 mp->mod_busy = 1;
2968                                 mp->mod_inprogress_thread =
2969                                     (curthread == NULL ?
2970                                     (kthread_id_t)-1 : curthread);
2971                         }
2972                 } else {
2973                         /*
2974                          * wait one time and then go see if someone
2975                          * else has resolved the stub (set mip->mp).
2976                          */
2977                         if (mod_hold_by_modctl(mp,
2978                             MOD_WAIT_ONCE | MOD_LOCK_HELD))
2979                                 goto mod_check_again;
2980 
2981                         /*
2982                          * what we have now may have been unloaded!, in
2983                          * that case, mip->mp will be NULL, we'll hit this
2984                          * module and load again..
2985                          */
2986                         cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2987                 }
2988                 mutex_exit(&mod_lock);
2989         } else {
2990                 /* first time we've hit this module */
2991                 mutex_exit(&mod_lock);
2992                 mp = mod_hold_by_name(mip->modm_module_name);
2993                 mip->mp = mp;
2994         }
2995 
2996         /*
2997          * If we are here, it means that the following conditions
2998          * are satisfied.
2999          *
3000          * mip->mp != NULL
3001          * this thread has set the mp->mod_busy = 1
3002          * mp->mod_installed = 0
3003          *
3004          */
3005         ASSERT(mp != NULL);
3006         ASSERT(mp->mod_busy == 1);
3007 
3008         if (mp->mod_installed == 0) {
3009                 /* Module not loaded, if weak stub don't load it */
3010                 if (stub->mods_flag & MODS_WEAK) {
3011                         if (stub->mods_errfcn == NULL) {
3012                                 mod_release_mod(mp);
3013                                 cmn_err(CE_PANIC, no_err,
3014                                     mip->modm_module_name);
3015                         }
3016                 } else {
3017                         /* Not a weak stub so load the module */
3018 
3019                         if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
3020                                 /*
3021                                  * If mod_load() was successful
3022                                  * and modinstall() failed, then
3023                                  * unload the module.
3024                                  */
3025                                 if (mp->mod_loaded)
3026                                         mod_unload(mp);
3027 
3028                                 mod_release_mod(mp);
3029                                 if (stub->mods_errfcn == NULL) {
3030                                         cmn_err(CE_PANIC, mod_stub_err,
3031                                             mip->modm_module_name);
3032                                 } else {
3033                                         return (-1);
3034                                 }
3035                         }
3036                 }
3037         }
3038 
3039         /*
3040          * At this point module is held and loaded. Release
3041          * the mod_busy and mod_inprogress_thread before
3042          * returning. We actually call mod_release() here so
3043          * that if another stub wants to access this module,
3044          * it can do so. mod_ref is incremented before mod_release()
3045          * is called to prevent someone else from snatching the
3046          * module from this thread.
3047          */
3048         mutex_enter(&mod_lock);
3049         mp->mod_ref++;
3050         ASSERT(mp->mod_ref &&
3051             (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3052         mod_release(mp);
3053         mutex_exit(&mod_lock);
3054         return (0);
3055 }
3056 
3057 void
3058 mod_release_stub(struct mod_stub_info *stub)
3059 {
3060         struct modctl *mp = stub->mods_modinfo->mp;
3061 
3062         /* inline mod_release_mod */
3063         mutex_enter(&mod_lock);
3064         ASSERT(mp->mod_ref &&
3065             (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3066         mp->mod_ref--;
3067         if (mp->mod_ref == 0)
3068                 mod_uninstall_ref_zero++;
3069         if (mp->mod_want) {
3070                 mp->mod_want = 0;
3071                 cv_broadcast(&mod_cv);
3072         }
3073         mutex_exit(&mod_lock);
3074 }
3075 
3076 static struct modctl *
3077 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
3078 {
3079         struct modctl *modp;
3080         int retval;
3081 
3082         /*
3083          * Hold the module.
3084          */
3085         modp = mod_hold_by_name_requisite(dep, filename);
3086         if (modp) {
3087                 retval = mod_load(modp, 1);
3088                 if (retval != 0) {
3089                         mod_release_mod(modp);
3090                         modp = NULL;
3091                 }
3092                 *status = retval;
3093         } else {
3094                 *status = ENOSPC;
3095         }
3096 
3097         /*
3098          * if dep is not NULL, clear the module dependency information.
3099          * This information is set in mod_hold_by_name_common().
3100          */
3101         if (dep != NULL && dep->mod_requisite_loading != NULL) {
3102                 ASSERT(dep->mod_busy);
3103                 dep->mod_requisite_loading = NULL;
3104         }
3105 
3106         return (modp);
3107 }
3108 
3109 /*
3110  * hold, load, and install the named module
3111  */
3112 static struct modctl *
3113 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3114 {
3115         struct modctl *modp;
3116         int retval;
3117 
3118         /*
3119          * Verify that that module in question actually exists on disk
3120          * before allocation of module structure by mod_hold_by_name.
3121          */
3122         if (modrootloaded && swaploaded || forcecheck) {
3123                 if (!kobj_path_exists(name, usepath)) {
3124                         *r = ENOENT;
3125                         return (NULL);
3126                 }
3127         }
3128 
3129         /*
3130          * Hold the module.
3131          */
3132         modp = mod_hold_by_name(name);
3133         if (modp) {
3134                 retval = mod_load(modp, usepath);
3135                 if (retval != 0) {
3136                         mod_release_mod(modp);
3137                         modp = NULL;
3138                         *r = retval;
3139                 } else {
3140                         if ((*r = modinstall(modp)) != 0) {
3141                                 /*
3142                                  * We loaded it, but failed to _init() it.
3143                                  * Be kind to developers -- force it
3144                                  * out of memory now so that the next
3145                                  * attempt to use the module will cause
3146                                  * a reload.  See 1093793.
3147                                  */
3148                                 mod_unload(modp);
3149                                 mod_release_mod(modp);
3150                                 modp = NULL;
3151                         }
3152                 }
3153         } else {
3154                 *r = ENOSPC;
3155         }
3156         return (modp);
3157 }
3158 
3159 static char mod_excl_msg[] =
3160         "module %s(%s) is EXCLUDED and will not be loaded\n";
3161 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3162 
3163 /*
3164  * This routine is needed for dependencies.  Users specify dependencies
3165  * by declaring a character array initialized to filenames of dependents.
3166  * So the code that handles dependents deals with filenames (and not
3167  * module names) because that's all it has.  We load by filename and once
3168  * we've loaded a file we can get the module name.
3169  * Unfortunately there isn't a single unified filename/modulename namespace.
3170  * C'est la vie.
3171  *
3172  * We allow the name being looked up to be prepended by an optional
3173  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3174  */
3175 struct modctl *
3176 mod_find_by_filename(char *subdir, char *filename)
3177 {
3178         struct modctl   *mp;
3179         size_t          sublen;
3180 
3181         ASSERT(!MUTEX_HELD(&mod_lock));
3182         if (subdir != NULL)
3183                 sublen = strlen(subdir);
3184         else
3185                 sublen = 0;
3186 
3187         mutex_enter(&mod_lock);
3188         mp = &modules;
3189         do {
3190                 if (sublen) {
3191                         char *mod_filename = mp->mod_filename;
3192 
3193                         if (strncmp(subdir, mod_filename, sublen) == 0 &&
3194                             mod_filename[sublen] == '/' &&
3195                             strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3196                                 mutex_exit(&mod_lock);
3197                                 return (mp);
3198                         }
3199                 } else if (strcmp(filename, mp->mod_filename) == 0) {
3200                         mutex_exit(&mod_lock);
3201                         return (mp);
3202                 }
3203         } while ((mp = mp->mod_next) != &modules);
3204         mutex_exit(&mod_lock);
3205         return (NULL);
3206 }
3207 
3208 /*
3209  * Check for circular dependencies.  This is called from do_dependents()
3210  * in kobj.c.  If we are the thread already loading this module, then
3211  * we're trying to load a dependent that we're already loading which
3212  * means the user specified circular dependencies.
3213  */
3214 static int
3215 mod_circdep(struct modctl *modp)
3216 {
3217         struct modctl   *rmod;
3218 
3219         ASSERT(MUTEX_HELD(&mod_lock));
3220 
3221         /*
3222          * Check the mod_inprogress_thread first.
3223          * mod_inprogress_thread is used in mod_hold_stub()
3224          * directly to improve performance.
3225          */
3226         if (modp->mod_inprogress_thread == curthread)
3227                 return (1);
3228 
3229         /*
3230          * Check the module circular dependencies.
3231          */
3232         for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3233                 /*
3234                  * Check if there is a module circular dependency.
3235                  */
3236                 if (rmod->mod_requisite_loading == modp)
3237                         return (1);
3238         }
3239         return (0);
3240 }
3241 
3242 static int
3243 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3244 {
3245         int (*func)(struct modinfo *);
3246         int retval;
3247 
3248         ASSERT(modp->mod_busy);
3249 
3250         /* primary modules don't do getinfo */
3251         if (modp->mod_prim)
3252                 return (0);
3253 
3254         func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3255 
3256         if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3257                 cmn_err(CE_WARN, "_info() not defined properly in %s",
3258                     modp->mod_filename);
3259                 /*
3260                  * The semantics of mod_info(9F) are that 0 is failure
3261                  * and non-zero is success.
3262                  */
3263                 retval = 0;
3264         } else
3265                 retval = (*func)(modinfop);     /* call _info() function */
3266 
3267         if (moddebug & MODDEBUG_USERDEBUG)
3268                 printf("Returned from _info, retval = %x\n", retval);
3269 
3270         return (retval);
3271 }
3272 
3273 static void
3274 modadd(struct modctl *mp)
3275 {
3276         ASSERT(MUTEX_HELD(&mod_lock));
3277 
3278         mp->mod_id = last_module_id++;
3279         mp->mod_next = &modules;
3280         mp->mod_prev = modules.mod_prev;
3281         modules.mod_prev->mod_next = mp;
3282         modules.mod_prev = mp;
3283 }
3284 
3285 /*ARGSUSED*/
3286 static struct modctl *
3287 allocate_modp(const char *filename, const char *modname)
3288 {
3289         struct modctl *mp;
3290 
3291         mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3292         mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3293         (void) strcpy(mp->mod_modname, modname);
3294         return (mp);
3295 }
3296 
3297 /*
3298  * Get the value of a symbol.  This is a wrapper routine that
3299  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3300  * wrapper will prevent callers from noticing.
3301  */
3302 uintptr_t
3303 modgetsymvalue(char *name, int kernelonly)
3304 {
3305         return (kobj_getsymvalue(name, kernelonly));
3306 }
3307 
3308 /*
3309  * Get the symbol nearest an address.  This is a wrapper routine that
3310  * calls kobj_getsymname().  kobj_getsymname() may go away but this
3311  * wrapper will prevent callers from noticing.
3312  */
3313 char *
3314 modgetsymname(uintptr_t value, ulong_t *offset)
3315 {
3316         return (kobj_getsymname(value, offset));
3317 }
3318 
3319 /*
3320  * Lookup a symbol in a specified module.  These are wrapper routines that
3321  * call kobj_lookup().  kobj_lookup() may go away but these wrappers will
3322  * prevent callers from noticing.
3323  */
3324 uintptr_t
3325 modlookup(const char *modname, const char *symname)
3326 {
3327         struct modctl *modp;
3328         uintptr_t val;
3329 
3330         if ((modp = mod_hold_by_name(modname)) == NULL)
3331                 return (0);
3332         val = kobj_lookup(modp->mod_mp, symname);
3333         mod_release_mod(modp);
3334         return (val);
3335 }
3336 
3337 uintptr_t
3338 modlookup_by_modctl(modctl_t *modp, const char *symname)
3339 {
3340         ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3341 
3342         return (kobj_lookup(modp->mod_mp, symname));
3343 }
3344 
3345 /*
3346  * Ask the user for the name of the system file and the default path
3347  * for modules.
3348  */
3349 void
3350 mod_askparams()
3351 {
3352         static char s0[64];
3353         intptr_t fd;
3354 
3355         if ((fd = kobj_open(systemfile)) != -1L)
3356                 kobj_close(fd);
3357         else
3358                 systemfile = self_assembly = NULL;
3359 
3360         /*CONSTANTCONDITION*/
3361         while (1) {
3362                 printf("Name of system file [%s]:  ",
3363                     systemfile ? systemfile : "/dev/null");
3364 
3365                 console_gets(s0, sizeof (s0));
3366 
3367                 if (s0[0] == '\0')
3368                         break;
3369                 else if (strcmp(s0, "/dev/null") == 0) {
3370                         systemfile = self_assembly = NULL;
3371                         break;
3372                 } else {
3373                         if ((fd = kobj_open(s0)) != -1L) {
3374                                 kobj_close(fd);
3375                                 systemfile = s0;
3376                                 self_assembly = NULL;
3377                                 break;
3378                         }
3379                 }
3380                 printf("can't find file %s\n", s0);
3381         }
3382 }
3383 
3384 static char loading_msg[] = "loading '%s' id %d\n";
3385 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3386 
3387 /*
3388  * Common code for loading a module (but not installing it).
3389  * Handoff the task of module loading to a separate thread
3390  * with a large stack if possible, since this code may recurse a few times.
3391  * Return zero if there are no errors or an errno value.
3392  */
3393 static int
3394 mod_load(struct modctl *mp, int usepath)
3395 {
3396         int             retval;
3397         struct modinfo  *modinfop = NULL;
3398         struct loadmt   lt;
3399 
3400         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3401         ASSERT(mp->mod_busy);
3402 
3403         if (mp->mod_loaded)
3404                 return (0);
3405 
3406         if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3407             mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3408                 if (moddebug & MODDEBUG_LOADMSG) {
3409                         printf(mod_excl_msg, mp->mod_filename,
3410                             mp->mod_modname);
3411                 }
3412                 return (ENXIO);
3413         }
3414         if (moddebug & MODDEBUG_LOADMSG2)
3415                 printf(loading_msg, mp->mod_filename, mp->mod_id);
3416 
3417         if (curthread != &t0) {
3418                 lt.mp = mp;
3419                 lt.usepath = usepath;
3420                 lt.owner = curthread;
3421                 sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3422 
3423                 /* create thread to hand of call to */
3424                 (void) thread_create(NULL, DEFAULTSTKSZ * 2,
3425                     modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3426 
3427                 /* wait for thread to complete kobj_load_module */
3428                 sema_p(&lt.sema);
3429 
3430                 sema_destroy(&lt.sema);
3431                 retval = lt.retval;
3432         } else
3433                 retval = kobj_load_module(mp, usepath);
3434 
3435         if (mp->mod_mp) {
3436                 ASSERT(retval == 0);
3437                 mp->mod_loaded = 1;
3438                 mp->mod_loadcnt++;
3439                 if (moddebug & MODDEBUG_LOADMSG) {
3440                         printf(load_msg, mp->mod_filename, mp->mod_id,
3441                             (void *)((struct module *)mp->mod_mp)->text,
3442                             (void *)((struct module *)mp->mod_mp)->data,
3443                             ((struct module *)mp->mod_mp)->text_size,
3444                             ((struct module *)mp->mod_mp)->data_size);
3445                 }
3446 
3447                 /*
3448                  * XXX - There should be a better way to get this.
3449                  */
3450                 modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3451                 modinfop->mi_info = MI_INFO_LINKAGE;
3452                 if (mod_getinfo(mp, modinfop) == 0)
3453                         mp->mod_linkage = NULL;
3454                 else {
3455                         mp->mod_linkage = (void *)modinfop->mi_base;
3456                         ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3457                 }
3458 
3459                 /*
3460                  * DCS: bootstrapping code. If the driver is loaded
3461                  * before root mount, it is assumed that the driver
3462                  * may be used before mounting root. In order to
3463                  * access mappings of global to local minor no.'s
3464                  * during installation/open of the driver, we load
3465                  * them into memory here while the BOP_interfaces
3466                  * are still up.
3467                  */
3468                 if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3469                         retval = clboot_modload(mp);
3470                 }
3471 
3472                 kmem_free(modinfop, sizeof (struct modinfo));
3473                 (void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3474                 retval = install_stubs_by_name(mp, mp->mod_modname);
3475 
3476                 /*
3477                  * Perform hotinlines before module is started.
3478                  */
3479                 do_hotinlines(mp->mod_mp);
3480 
3481                 /*
3482                  * Now that the module is loaded, we need to give DTrace
3483                  * a chance to notify its providers.  This is done via
3484                  * the dtrace_modload function pointer.
3485                  */
3486                 if (strcmp(mp->mod_modname, "dtrace") != 0) {
3487                         struct modctl *dmp = mod_hold_by_name("dtrace");
3488 
3489                         if (dmp != NULL && dtrace_modload != NULL)
3490                                 (*dtrace_modload)(mp);
3491 
3492                         mod_release_mod(dmp);
3493                 }
3494 
3495         } else {
3496                 /*
3497                  * If load failed then we need to release any requisites
3498                  * that we had established.
3499                  */
3500                 ASSERT(retval);
3501                 mod_release_requisites(mp);
3502 
3503                 if (moddebug & MODDEBUG_ERRMSG)
3504                         printf("error loading '%s', error %d\n",
3505                             mp->mod_filename, retval);
3506         }
3507         return (retval);
3508 }
3509 
3510 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3511 
3512 static void
3513 mod_unload(struct modctl *mp)
3514 {
3515         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3516         ASSERT(mp->mod_busy);
3517         ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3518             ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3519 
3520         if (moddebug & MODDEBUG_LOADMSG)
3521                 printf(unload_msg, mp->mod_modname,
3522                     mp->mod_id, mp->mod_loadcnt);
3523 
3524         /*
3525          * If mod_ref is not zero, it means some modules might still refer
3526          * to this module. Then you can't unload this module right now.
3527          * Instead, set 1 to mod_delay_unload to notify the system of
3528          * unloading this module later when it's not required any more.
3529          */
3530         if (mp->mod_ref > 0) {
3531                 mp->mod_delay_unload = 1;
3532                 if (moddebug & MODDEBUG_LOADMSG2) {
3533                         printf("module %s not unloaded,"
3534                             " non-zero reference count (%d)",
3535                             mp->mod_modname, mp->mod_ref);
3536                 }
3537                 return;
3538         }
3539 
3540         if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3541             (mp->mod_ref || mp->mod_prim)) {
3542                 /*
3543                  * A DEBUG kernel would ASSERT panic above, the code is broken
3544                  * if we get this warning.
3545                  */
3546                 cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3547                     mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3548                     mp->mod_ref);
3549                 return;
3550         }
3551 
3552         /* reset stub functions to call the binder again */
3553         reset_stubs(mp);
3554 
3555         /*
3556          * mark module as unloaded before the modctl structure is freed.
3557          * This is required not to reuse the modctl structure before
3558          * the module is marked as unloaded.
3559          */
3560         mp->mod_loaded = 0;
3561         mp->mod_linkage = NULL;
3562 
3563         /* free the memory */
3564         kobj_unload_module(mp);
3565 
3566         if (mp->mod_delay_unload) {
3567                 mp->mod_delay_unload = 0;
3568                 if (moddebug & MODDEBUG_LOADMSG2) {
3569                         printf("deferred unload of module %s"
3570                             " (id %d) successful",
3571                             mp->mod_modname, mp->mod_id);
3572                 }
3573         }
3574 
3575         /* release hold on requisites */
3576         mod_release_requisites(mp);
3577 
3578         /*
3579          * Now that the module is gone, we need to give DTrace a chance to
3580          * remove any probes that it may have had in the module.  This is
3581          * done via the dtrace_modunload function pointer.
3582          */
3583         if (strcmp(mp->mod_modname, "dtrace") != 0) {
3584                 struct modctl *dmp = mod_hold_by_name("dtrace");
3585 
3586                 if (dmp != NULL && dtrace_modunload != NULL)
3587                         (*dtrace_modunload)(mp);
3588 
3589                 mod_release_mod(dmp);
3590         }
3591 }
3592 
3593 static int
3594 modinstall(struct modctl *mp)
3595 {
3596         int val;
3597         int (*func)(void);
3598 
3599         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3600         ASSERT(mp->mod_busy && mp->mod_loaded);
3601 
3602         if (mp->mod_installed)
3603                 return (0);
3604         /*
3605          * If mod_delay_unload is on, it means the system chose the deferred
3606          * unload for this module. Then you can't install this module until
3607          * it's unloaded from the system.
3608          */
3609         if (mp->mod_delay_unload)
3610                 return (ENXIO);
3611 
3612         if (moddebug & MODDEBUG_LOADMSG)
3613                 printf("installing %s, module id %d.\n",
3614                     mp->mod_modname, mp->mod_id);
3615 
3616         ASSERT(mp->mod_mp != NULL);
3617         if (mod_install_requisites(mp) != 0) {
3618                 /*
3619                  * Note that we can't call mod_unload(mp) here since
3620                  * if modinstall() was called by mod_install_requisites(),
3621                  * we won't be able to hold the dependent modules
3622                  * (otherwise there would be a deadlock).
3623                  */
3624                 return (ENXIO);
3625         }
3626 
3627         if (moddebug & MODDEBUG_ERRMSG) {
3628                 printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3629                     mp->mod_filename, mp->mod_id,
3630                     (void *)((struct module *)mp->mod_mp)->text,
3631                     (void *)((struct module *)mp->mod_mp)->data,
3632                     ((struct module *)mp->mod_mp)->text_size,
3633                     ((struct module *)mp->mod_mp)->data_size);
3634         }
3635 
3636         func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3637 
3638         if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3639                 cmn_err(CE_WARN, "_init() not defined properly in %s",
3640                     mp->mod_filename);
3641                 return (EFAULT);
3642         }
3643 
3644         if (moddebug & MODDEBUG_USERDEBUG) {
3645                 printf("breakpoint before calling %s:_init()\n",
3646                     mp->mod_modname);
3647                 if (DEBUGGER_PRESENT)
3648                         debug_enter("_init");
3649         }
3650 
3651         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3652         ASSERT(mp->mod_busy && mp->mod_loaded);
3653         val = (*func)();                /* call _init */
3654 
3655         if (moddebug & MODDEBUG_USERDEBUG)
3656                 printf("Returned from _init, val = %x\n", val);
3657 
3658         if (val == 0) {
3659                 /*
3660                  * Set the MODS_INSTALLED flag to enable this module
3661                  * being called now.
3662                  */
3663                 install_stubs(mp);
3664                 mp->mod_installed = 1;
3665         } else if (moddebug & MODDEBUG_ERRMSG)
3666                 printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3667 
3668         return (val);
3669 }
3670 
3671 int     detach_driver_unconfig = 0;
3672 
3673 static int
3674 detach_driver(char *name)
3675 {
3676         major_t major;
3677         int error;
3678 
3679         /*
3680          * If being called from mod_uninstall_all() then the appropriate
3681          * driver detaches (leaf only) have already been done.
3682          */
3683         if (mod_in_autounload())
3684                 return (0);
3685 
3686         major = ddi_name_to_major(name);
3687         if (major == DDI_MAJOR_T_NONE)
3688                 return (0);
3689 
3690         error = ndi_devi_unconfig_driver(ddi_root_node(),
3691             NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3692         return (error == NDI_SUCCESS ? 0 : -1);
3693 }
3694 
3695 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3696 
3697 static int
3698 moduninstall(struct modctl *mp)
3699 {
3700         int status = 0;
3701         int (*func)(void);
3702 
3703         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3704         ASSERT(mp->mod_busy);
3705 
3706         /*
3707          * Verify that we need to do something and can uninstall the module.
3708          *
3709          * If we should not uninstall the module or if the module is not in
3710          * the correct state to start an uninstall we return EBUSY to prevent
3711          * us from progressing to mod_unload.  If the module has already been
3712          * uninstalled and unloaded we return EALREADY.
3713          */
3714         if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3715                 return (EBUSY);
3716         if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3717                 return (EALREADY);
3718 
3719         /*
3720          * To avoid devinfo / module deadlock we must release this module
3721          * prior to initiating the detach_driver, otherwise the detach_driver
3722          * might deadlock on a devinfo node held by another thread
3723          * coming top down and involving the module we have locked.
3724          *
3725          * When we regrab the module we must reverify that it is OK
3726          * to proceed with the uninstall operation.
3727          */
3728         mod_release_mod(mp);
3729         status = detach_driver(mp->mod_modname);
3730         (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3731 
3732         /* check detach status and reverify state with lock */
3733         mutex_enter(&mod_lock);
3734         if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3735                 mutex_exit(&mod_lock);
3736                 return (EBUSY);
3737         }
3738         if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3739                 mutex_exit(&mod_lock);
3740                 return (EALREADY);
3741         }
3742         mutex_exit(&mod_lock);
3743 
3744         if (moddebug & MODDEBUG_LOADMSG2)
3745                 printf("uninstalling %s\n", mp->mod_modname);
3746 
3747         /*
3748          * lookup _fini, return EBUSY if not defined.
3749          *
3750          * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3751          * detach(9E) - it allows bufctl addresses to be resolved.
3752          */
3753         func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3754         if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3755             (moddebug & MODDEBUG_FINI_EBUSY))
3756                 return (EBUSY);
3757 
3758         /* verify that _fini is in this module */
3759         if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3760                 cmn_err(CE_WARN, "_fini() not defined properly in %s",
3761                     mp->mod_filename);
3762                 return (EFAULT);
3763         }
3764 
3765         /* call _fini() */
3766         ASSERT(MUTEX_NOT_HELD(&mod_lock));
3767         ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3768 
3769         status = (*func)();
3770 
3771         if (status == 0) {
3772                 /* _fini returned success, the module is no longer installed */
3773                 if (moddebug & MODDEBUG_LOADMSG)
3774                         printf("uninstalled %s\n", mp->mod_modname);
3775 
3776                 /*
3777                  * Even though we only set mod_installed to zero here, a zero
3778                  * return value means we are committed to a code path were
3779                  * mod_loaded will also end up as zero - we have no other
3780                  * way to get the module data and bss back to the pre _init
3781                  * state except a reload. To ensure this, after return,
3782                  * mod_busy must stay set until mod_loaded is cleared.
3783                  */
3784                 mp->mod_installed = 0;
3785 
3786                 /*
3787                  * Clear the MODS_INSTALLED flag not to call functions
3788                  * in the module directly from now on.
3789                  */
3790                 uninstall_stubs(mp);
3791         } else {
3792                 if (moddebug & MODDEBUG_USERDEBUG)
3793                         printf(finiret_msg, mp->mod_filename, status);
3794                 /*
3795                  * By definition _fini is only allowed to return EBUSY or the
3796                  * result of mod_remove (EBUSY or EINVAL).  In the off chance
3797                  * that a driver returns EALREADY we convert this to EINVAL
3798                  * since to our caller EALREADY means module was already
3799                  * removed.
3800                  */
3801                 if (status == EALREADY)
3802                         status = EINVAL;
3803         }
3804 
3805         return (status);
3806 }
3807 
3808 /*
3809  * Uninstall all modules.
3810  */
3811 static void
3812 mod_uninstall_all(void)
3813 {
3814         struct modctl   *mp;
3815         int             pass;
3816         modid_t         modid;
3817 
3818         /* synchronize with any active modunload_disable() */
3819         modunload_begin();
3820 
3821         /* mark this thread as doing autounloading */
3822         (void) tsd_set(mod_autounload_key, (void *)1);
3823 
3824         (void) devfs_clean(ddi_root_node(), NULL, 0);
3825         (void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3826 
3827         /*
3828          * Loop up to max times if we keep producing unreferenced modules.
3829          * A new unreferenced module is an opportunity to unload.
3830          */
3831         for (pass = 0; pass < mod_uninstall_pass_max; pass++) {
3832 
3833                 /* zero count of modules that go unreferenced during pass */
3834                 mod_uninstall_ref_zero = 0;
3835 
3836                 modid = 0;
3837                 while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3838                         modid = mp->mod_id;
3839 
3840                         /*
3841                          * Skip modules with the MOD_NOAUTOUNLOAD flag set
3842                          */
3843                         if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3844                                 mod_release_mod(mp);
3845                                 continue;
3846                         }
3847 
3848                         if (moduninstall(mp) == 0) {
3849                                 mod_unload(mp);
3850                                 CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3851                         }
3852                         mod_release_mod(mp);
3853                 }
3854 
3855                 /* break if no modules went unreferenced during pass */
3856                 if (mod_uninstall_ref_zero == 0)
3857                         break;
3858         }
3859         if (pass >= mod_uninstall_pass_max)
3860                 mod_uninstall_pass_exc++;
3861 
3862         (void) tsd_set(mod_autounload_key, NULL);
3863         modunload_end();
3864 }
3865 
3866 /* wait for unloads that have begun before registering disable */
3867 void
3868 modunload_disable(void)
3869 {
3870         mutex_enter(&modunload_wait_mutex);
3871         while (modunload_active_count) {
3872                 modunload_wait++;
3873                 cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3874                 modunload_wait--;
3875         }
3876         modunload_disable_count++;
3877         mutex_exit(&modunload_wait_mutex);
3878 }
3879 
3880 /* mark end of disable and signal waiters */
3881 void
3882 modunload_enable(void)
3883 {
3884         mutex_enter(&modunload_wait_mutex);
3885         modunload_disable_count--;
3886         if ((modunload_disable_count == 0) && modunload_wait)
3887                 cv_broadcast(&modunload_wait_cv);
3888         mutex_exit(&modunload_wait_mutex);
3889 }
3890 
3891 /* wait for disables to complete before begining unload */
3892 void
3893 modunload_begin()
3894 {
3895         mutex_enter(&modunload_wait_mutex);
3896         while (modunload_disable_count) {
3897                 modunload_wait++;
3898                 cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3899                 modunload_wait--;
3900         }
3901         modunload_active_count++;
3902         mutex_exit(&modunload_wait_mutex);
3903 }
3904 
3905 /* mark end of unload and signal waiters */
3906 void
3907 modunload_end()
3908 {
3909         mutex_enter(&modunload_wait_mutex);
3910         modunload_active_count--;
3911         if ((modunload_active_count == 0) && modunload_wait)
3912                 cv_broadcast(&modunload_wait_cv);
3913         mutex_exit(&modunload_wait_mutex);
3914 }
3915 
3916 void
3917 mod_uninstall_daemon(void)
3918 {
3919         callb_cpr_t     cprinfo;
3920         clock_t         ticks;
3921 
3922         mod_aul_thread = curthread;
3923 
3924         CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3925         for (;;) {
3926                 mutex_enter(&mod_uninstall_lock);
3927                 CALLB_CPR_SAFE_BEGIN(&cprinfo);
3928                 /*
3929                  * In DEBUG kernels, unheld drivers are uninstalled periodically
3930                  * every mod_uninstall_interval seconds.  Periodic uninstall can
3931                  * be disabled by setting mod_uninstall_interval to 0 which is
3932                  * the default for a non-DEBUG kernel.
3933                  */
3934                 if (mod_uninstall_interval) {
3935                         ticks = drv_usectohz(mod_uninstall_interval * 1000000);
3936                         (void) cv_reltimedwait(&mod_uninstall_cv,
3937                             &mod_uninstall_lock, ticks, TR_CLOCK_TICK);
3938                 } else {
3939                         cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3940                 }
3941                 /*
3942                  * The whole daemon is safe for CPR except we don't want
3943                  * the daemon to run if FREEZE is issued and this daemon
3944                  * wakes up from the cv_wait above. In this case, it'll be
3945                  * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3946                  *
3947                  * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3948                  * mod_uninstall_lock is used to protect cprinfo and
3949                  * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3950                  * called.
3951                  */
3952                 CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3953                 CALLB_CPR_SAFE_BEGIN(&cprinfo);
3954                 mutex_exit(&mod_uninstall_lock);
3955                 if ((modunload_disable_count == 0) &&
3956                     ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3957                         mod_uninstall_all();
3958                 }
3959         }
3960 }
3961 
3962 /*
3963  * Unload all uninstalled modules.
3964  */
3965 void
3966 modreap(void)
3967 {
3968         mutex_enter(&mod_uninstall_lock);
3969         cv_broadcast(&mod_uninstall_cv);
3970         mutex_exit(&mod_uninstall_lock);
3971 }
3972 
3973 /*
3974  * Hold the specified module. This is the module holding primitive.
3975  *
3976  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3977  *
3978  * Return values:
3979  *       0 ==> the module is held
3980  *       1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3981  *              to determine how to retry.
3982  */
3983 int
3984 mod_hold_by_modctl(struct modctl *mp, int f)
3985 {
3986         ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3987             ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3988             (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3989         ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3990             ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3991             (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3992         ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3993 
3994         if (f & MOD_LOCK_NOT_HELD)
3995                 mutex_enter(&mod_lock);
3996 
3997         while (mp->mod_busy) {
3998                 mp->mod_want = 1;
3999                 cv_wait(&mod_cv, &mod_lock);
4000                 /*
4001                  * Module may be unloaded by daemon.
4002                  * Nevertheless, modctl structure is still in linked list
4003                  * (i.e., off &modules), not freed!
4004                  * Caller is not supposed to assume "mp" is valid, but there
4005                  * is no reasonable way to detect this but using
4006                  * mp->mod_modinfo->mp == NULL check (follow the back pointer)
4007                  *   (or similar check depending on calling context)
4008                  * DON'T free modctl structure, it will be very very
4009                  * problematic.
4010                  */
4011                 if (f & MOD_WAIT_ONCE) {
4012                         if (f & MOD_LOCK_NOT_HELD)
4013                                 mutex_exit(&mod_lock);
4014                         return (1);     /* caller decides how to retry */
4015                 }
4016         }
4017 
4018         mp->mod_busy = 1;
4019         mp->mod_inprogress_thread =
4020             (curthread == NULL ? (kthread_id_t)-1 : curthread);
4021 
4022         if (f & MOD_LOCK_NOT_HELD)
4023                 mutex_exit(&mod_lock);
4024         return (0);
4025 }
4026 
4027 static struct modctl *
4028 mod_hold_by_name_common(struct modctl *dep, const char *filename)
4029 {
4030         const char      *modname;
4031         struct modctl   *mp;
4032         char            *curname, *newname;
4033         int             found = 0;
4034 
4035         mutex_enter(&mod_lock);
4036 
4037         if ((modname = strrchr(filename, '/')) == NULL)
4038                 modname = filename;
4039         else
4040                 modname++;
4041 
4042         mp = &modules;
4043         do {
4044                 if (strcmp(modname, mp->mod_modname) == 0) {
4045                         found = 1;
4046                         break;
4047                 }
4048         } while ((mp = mp->mod_next) != &modules);
4049 
4050         if (found == 0) {
4051                 mp = allocate_modp(filename, modname);
4052                 modadd(mp);
4053         }
4054 
4055         /*
4056          * if dep is not NULL, set the mp in mod_requisite_loading for
4057          * the module circular dependency check. This field is used in
4058          * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
4059          */
4060         if (dep != NULL) {
4061                 ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
4062                 dep->mod_requisite_loading = mp;
4063         }
4064 
4065         /*
4066          * If the module was held, then it must be us who has it held.
4067          */
4068         if (mod_circdep(mp))
4069                 mp = NULL;
4070         else {
4071                 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4072 
4073                 /*
4074                  * If the name hadn't been set or has changed, allocate
4075                  * space and set it.  Free space used by previous name.
4076                  *
4077                  * Do not change the name of primary modules, for primary
4078                  * modules the mod_filename was allocated in standalone mode:
4079                  * it is illegal to kobj_alloc in standalone mode and kobj_free
4080                  * in non-standalone mode.
4081                  */
4082                 curname = mp->mod_filename;
4083                 if (curname == NULL ||
4084                     ((mp->mod_prim == 0) &&
4085                     (curname != filename) &&
4086                     (modname != filename) &&
4087                     (strcmp(curname, filename) != 0))) {
4088                         newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
4089                         (void) strcpy(newname, filename);
4090                         mp->mod_filename = newname;
4091                         if (curname != NULL)
4092                                 kobj_free(curname, strlen(curname) + 1);
4093                 }
4094         }
4095 
4096         mutex_exit(&mod_lock);
4097         if (mp && moddebug & MODDEBUG_LOADMSG2)
4098                 printf("Holding %s\n", mp->mod_filename);
4099         if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
4100                 printf("circular dependency loading %s\n", filename);
4101         return (mp);
4102 }
4103 
4104 static struct modctl *
4105 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
4106 {
4107         return (mod_hold_by_name_common(dep, filename));
4108 }
4109 
4110 struct modctl *
4111 mod_hold_by_name(const char *filename)
4112 {
4113         return (mod_hold_by_name_common(NULL, filename));
4114 }
4115 
4116 struct modctl *
4117 mod_hold_by_id(modid_t modid)
4118 {
4119         struct modctl   *mp;
4120         int             found = 0;
4121 
4122         mutex_enter(&mod_lock);
4123         mp = &modules;
4124         do {
4125                 if (mp->mod_id == modid) {
4126                         found = 1;
4127                         break;
4128                 }
4129         } while ((mp = mp->mod_next) != &modules);
4130 
4131         if ((found == 0) || mod_circdep(mp))
4132                 mp = NULL;
4133         else
4134                 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4135 
4136         mutex_exit(&mod_lock);
4137         return (mp);
4138 }
4139 
4140 static struct modctl *
4141 mod_hold_next_by_id(modid_t modid)
4142 {
4143         struct modctl   *mp;
4144         int             found = 0;
4145 
4146         if (modid < -1)
4147                 return (NULL);
4148 
4149         mutex_enter(&mod_lock);
4150 
4151         mp = &modules;
4152         do {
4153                 if (mp->mod_id > modid) {
4154                         found = 1;
4155                         break;
4156                 }
4157         } while ((mp = mp->mod_next) != &modules);
4158 
4159         if ((found == 0) || mod_circdep(mp))
4160                 mp = NULL;
4161         else
4162                 (void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4163 
4164         mutex_exit(&mod_lock);
4165         return (mp);
4166 }
4167 
4168 static void
4169 mod_release(struct modctl *mp)
4170 {
4171         ASSERT(MUTEX_HELD(&mod_lock));
4172         ASSERT(mp->mod_busy);
4173 
4174         mp->mod_busy = 0;
4175         mp->mod_inprogress_thread = NULL;
4176         if (mp->mod_want) {
4177                 mp->mod_want = 0;
4178                 cv_broadcast(&mod_cv);
4179         }
4180 }
4181 
4182 void
4183 mod_release_mod(struct modctl *mp)
4184 {
4185         if (moddebug & MODDEBUG_LOADMSG2)
4186                 printf("Releasing %s\n", mp->mod_filename);
4187         mutex_enter(&mod_lock);
4188         mod_release(mp);
4189         mutex_exit(&mod_lock);
4190 }
4191 
4192 modid_t
4193 mod_name_to_modid(char *filename)
4194 {
4195         char            *modname;
4196         struct modctl   *mp;
4197 
4198         mutex_enter(&mod_lock);
4199 
4200         if ((modname = strrchr(filename, '/')) == NULL)
4201                 modname = filename;
4202         else
4203                 modname++;
4204 
4205         mp = &modules;
4206         do {
4207                 if (strcmp(modname, mp->mod_modname) == 0) {
4208                         mutex_exit(&mod_lock);
4209                         return (mp->mod_id);
4210                 }
4211         } while ((mp = mp->mod_next) != &modules);
4212 
4213         mutex_exit(&mod_lock);
4214         return (-1);
4215 }
4216 
4217 
4218 int
4219 mod_remove_by_name(char *name)
4220 {
4221         struct modctl *mp;
4222         int retval;
4223 
4224         mp = mod_hold_by_name(name);
4225 
4226         if (mp == NULL)
4227                 return (EINVAL);
4228 
4229         if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4230                 /*
4231                  * Do not unload forceloaded modules
4232                  */
4233                 mod_release_mod(mp);
4234                 return (0);
4235         }
4236 
4237         if ((retval = moduninstall(mp)) == 0) {
4238                 mod_unload(mp);
4239                 CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4240         } else if (retval == EALREADY)
4241                 retval = 0;             /* already unloaded, not an error */
4242         mod_release_mod(mp);
4243         return (retval);
4244 }
4245 
4246 /*
4247  * Record that module "dep" is dependent on module "on_mod."
4248  */
4249 static void
4250 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4251 {
4252         struct modctl_list **pmlnp;     /* previous next pointer */
4253         struct modctl_list *mlp;
4254         struct modctl_list *new;
4255 
4256         ASSERT(dependent->mod_busy && on_mod->mod_busy);
4257         mutex_enter(&mod_lock);
4258 
4259         /*
4260          * Search dependent's requisite list to see if on_mod is recorded.
4261          * List is ordered by id.
4262          */
4263         for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4264             mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4265                 if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4266                         break;
4267 
4268         /* Create and insert if not already recorded */
4269         if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4270                 new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4271                 new->modl_modp = on_mod;
4272                 new->modl_next = mlp;
4273                 *pmlnp = new;
4274 
4275                 /*
4276                  * Increment the mod_ref count in our new requisite module.
4277                  * This is what keeps a module that has other modules
4278                  * which are dependent on it from being uninstalled and
4279                  * unloaded. "on_mod"'s mod_ref count decremented in
4280                  * mod_release_requisites when the "dependent" module
4281                  * unload is complete.  "on_mod" must be loaded, but may not
4282                  * yet be installed.
4283                  */
4284                 on_mod->mod_ref++;
4285                 ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4286         }
4287 
4288         mutex_exit(&mod_lock);
4289 }
4290 
4291 /*
4292  * release the hold associated with mod_make_requisite mod_ref++
4293  * as part of unload.
4294  */
4295 void
4296 mod_release_requisites(struct modctl *modp)
4297 {
4298         struct modctl_list *modl;
4299         struct modctl_list *next;
4300         struct modctl *req;
4301         struct modctl_list *start = NULL, *mod_garbage;
4302 
4303         ASSERT(!quiesce_active);
4304         ASSERT(modp->mod_busy);
4305         ASSERT(MUTEX_NOT_HELD(&mod_lock));
4306 
4307         mutex_enter(&mod_lock);             /* needed for manipulation of req */
4308         for (modl = modp->mod_requisites; modl; modl = next) {
4309                 next = modl->modl_next;
4310                 req = modl->modl_modp;
4311                 ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4312                 req->mod_ref--;
4313                 if (req->mod_ref == 0)
4314                         mod_uninstall_ref_zero++;
4315 
4316                 /*
4317                  * Check if the module has to be unloaded or not.
4318                  */
4319                 if (req->mod_ref == 0 && req->mod_delay_unload) {
4320                         struct modctl_list *new;
4321                         /*
4322                          * Allocate the modclt_list holding the garbage
4323                          * module which should be unloaded later.
4324                          */
4325                         new = kobj_zalloc(sizeof (struct modctl_list),
4326                             KM_SLEEP);
4327                         new->modl_modp = req;
4328 
4329                         if (start == NULL)
4330                                 mod_garbage = start = new;
4331                         else {
4332                                 mod_garbage->modl_next = new;
4333                                 mod_garbage = new;
4334                         }
4335                 }
4336 
4337                 /* free the list as we go */
4338                 kobj_free(modl, sizeof (*modl));
4339         }
4340         modp->mod_requisites = NULL;
4341         mutex_exit(&mod_lock);
4342 
4343         /*
4344          * Unload the garbage modules.
4345          */
4346         for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4347                 struct modctl_list *old = mod_garbage;
4348                 struct modctl *mp = mod_garbage->modl_modp;
4349                 ASSERT(mp != NULL);
4350 
4351                 /*
4352                  * Hold this module until it's unloaded completely.
4353                  */
4354                 (void) mod_hold_by_modctl(mp,
4355                     MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4356                 /*
4357                  * Check if the module is not unloaded yet and nobody requires
4358                  * the module. If it's unloaded already or somebody still
4359                  * requires the module, don't unload it now.
4360                  */
4361                 if (mp->mod_loaded && mp->mod_ref == 0)
4362                         mod_unload(mp);
4363                 ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4364                     (mp->mod_ref > 0));
4365                 mod_release_mod(mp);
4366 
4367                 mod_garbage = mod_garbage->modl_next;
4368                 kobj_free(old, sizeof (struct modctl_list));
4369         }
4370 }
4371 
4372 /*
4373  * Process dependency of the module represented by "dep" on the
4374  * module named by "on."
4375  *
4376  * Called from kobj_do_dependents() to load a module "on" on which
4377  * "dep" depends.
4378  */
4379 struct modctl *
4380 mod_load_requisite(struct modctl *dep, char *on)
4381 {
4382         struct modctl *on_mod;
4383         int retval;
4384 
4385         if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4386                 mod_make_requisite(dep, on_mod);
4387         } else if (moddebug & MODDEBUG_ERRMSG) {
4388                 printf("error processing %s on which module %s depends\n",
4389                     on, dep->mod_modname);
4390         }
4391         return (on_mod);
4392 }
4393 
4394 static int
4395 mod_install_requisites(struct modctl *modp)
4396 {
4397         struct modctl_list *modl;
4398         struct modctl *req;
4399         int status = 0;
4400 
4401         ASSERT(MUTEX_NOT_HELD(&mod_lock));
4402         ASSERT(modp->mod_busy);
4403 
4404         for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4405                 req = modl->modl_modp;
4406                 (void) mod_hold_by_modctl(req,
4407                     MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4408                 status = modinstall(req);
4409                 mod_release_mod(req);
4410 
4411                 if (status != 0)
4412                         break;
4413         }
4414         return (status);
4415 }
4416 
4417 /*
4418  * returns 1 if this thread is doing autounload, 0 otherwise.
4419  * see mod_uninstall_all.
4420  */
4421 int
4422 mod_in_autounload()
4423 {
4424         return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4425 }
4426 
4427 /*
4428  * gmatch adapted from libc, stripping the wchar stuff
4429  */
4430 #define popchar(p, c)   { \
4431                 c = *p++; \
4432                 if (c == 0) { \
4433                         return (0); \
4434                 } \
4435         }
4436 
4437 int
4438 gmatch(const char *s, const char *p)
4439 {
4440         int c, sc;
4441         int ok, lc, notflag;
4442 
4443         sc = *s++;
4444         c = *p++;
4445         if (c == 0)
4446                 return (sc == c);       /* nothing matches nothing */
4447 
4448         switch (c) {
4449         case '\\':
4450                 /* skip to quoted character */
4451                 popchar(p, c);
4452                 /*FALLTHRU*/
4453 
4454         default:
4455                 /* straight comparison */
4456                 if (c != sc)
4457                         return (0);
4458                 /*FALLTHRU*/
4459 
4460         case '?':
4461                 /* first char matches, move to remainder */
4462                 return (sc != '\0' ? gmatch(s, p) : 0);
4463 
4464 
4465         case '*':
4466                 while (*p == '*')
4467                         p++;
4468 
4469                 /* * matches everything */
4470                 if (*p == 0)
4471                         return (1);
4472 
4473                 /* undo skip at the beginning & iterate over substrings */
4474                 --s;
4475                 while (*s) {
4476                         if (gmatch(s, p))
4477                                 return (1);
4478                         s++;
4479                 }
4480                 return (0);
4481 
4482         case '[':
4483                 /* match any char within [] */
4484                 if (sc == 0)
4485                         return (0);
4486 
4487                 ok = lc = notflag = 0;
4488 
4489                 if (*p == '!') {
4490                         notflag = 1;
4491                         p++;
4492                 }
4493                 popchar(p, c);
4494 
4495                 do {
4496                         if (c == '-' && lc && *p != ']') {
4497                                 /* test sc against range [c1-c2] */
4498                                 popchar(p, c);
4499                                 if (c == '\\') {
4500                                         popchar(p, c);
4501                                 }
4502 
4503                                 if (notflag) {
4504                                         /* return 0 on mismatch */
4505                                         if (lc <= sc && sc <= c)
4506                                                 return (0);
4507                                         ok++;
4508                                 } else if (lc <= sc && sc <= c) {
4509                                         ok++;
4510                                 }
4511                                 /* keep going, may get a match next */
4512                         } else if (c == '\\') {
4513                                 /* skip to quoted character */
4514                                 popchar(p, c);
4515                         }
4516                         lc = c;
4517                         if (notflag) {
4518                                 if (sc == lc)
4519                                         return (0);
4520                                 ok++;
4521                         } else if (sc == lc) {
4522                                 ok++;
4523                         }
4524                         popchar(p, c);
4525                 } while (c != ']');
4526 
4527                 /* recurse on remainder of string */
4528                 return (ok ? gmatch(s, p) : 0);
4529         }
4530         /*NOTREACHED*/
4531 }
4532 
4533 
4534 /*
4535  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4536  *
4537  * Pure wild-carded patterns are handled separately so the ordering of
4538  * these patterns doesn't matter.  We're still dependent on ordering
4539  * however as the first matching entry is the one returned.
4540  * Not ideal but all existing examples and usage do imply this
4541  * ordering implicitly.
4542  *
4543  * Drivers using the clone driver are always good for some entertainment.
4544  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4545  * perm entries have the form clone:<driver>, others use <driver>:*
4546  * Examples are clone:llc1 vs. llc2:*, for example.
4547  *
4548  * Minor perms in the clone:<driver> form are mapped to the drivers's
4549  * mperm list, not the clone driver, as wildcard entries for clone
4550  * reference only.  In other words, a clone wildcard will match
4551  * references for clone@0:<driver> but never <driver>@<minor>.
4552  *
4553  * Additional minor perms in the standard form are also supported,
4554  * for mixed usage, ie a node with an entry clone:<driver> could
4555  * provide further entries <driver>:<minor>.
4556  *
4557  * Finally, some uses of clone use an alias as the minor name rather
4558  * than the driver name, with the alias as the minor perm entry.
4559  * This case is handled by attaching the driver to bring its
4560  * minor list into existence, then discover the alias via DDI_ALIAS.
4561  * The clone device's minor perm list can then be searched for
4562  * that alias.
4563  */
4564 
4565 static int
4566 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4567 {
4568         major_t                 major;
4569         struct devnames         *dnp;
4570         mperm_t                 *mp;
4571         char                    *alias = NULL;
4572         dev_info_t              *cdevi;
4573         int                     circ;
4574         struct ddi_minor_data   *dmd;
4575 
4576         major = ddi_name_to_major(minor_name);
4577 
4578         ASSERT(dip == clone_dip);
4579         ASSERT(major != DDI_MAJOR_T_NONE);
4580 
4581         /*
4582          * Attach the driver named by the minor node, then
4583          * search its first instance's minor list for an
4584          * alias node.
4585          */
4586         if (ddi_hold_installed_driver(major) == NULL)
4587                 return (1);
4588 
4589         dnp = &devnamesp[major];
4590         LOCK_DEV_OPS(&dnp->dn_lock);
4591 
4592         if ((cdevi = dnp->dn_head) != NULL) {
4593                 ndi_devi_enter(cdevi, &circ);
4594                 for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4595                         if (dmd->type == DDM_ALIAS) {
4596                                 alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4597                                 break;
4598                         }
4599                 }
4600                 ndi_devi_exit(cdevi, circ);
4601         }
4602 
4603         UNLOCK_DEV_OPS(&dnp->dn_lock);
4604         ddi_rele_driver(major);
4605 
4606         if (alias == NULL) {
4607                 if (moddebug & MODDEBUG_MINORPERM)
4608                         cmn_err(CE_CONT, "dev_minorperm: "
4609                             "no alias for %s\n", minor_name);
4610                 return (1);
4611         }
4612 
4613         major = ddi_driver_major(clone_dip);
4614         dnp = &devnamesp[major];
4615         LOCK_DEV_OPS(&dnp->dn_lock);
4616 
4617         /*
4618          * Go through the clone driver's mperm list looking
4619          * for a match for the specified alias.
4620          */
4621         for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4622                 if (strcmp(alias, mp->mp_minorname) == 0) {
4623                         break;
4624                 }
4625         }
4626 
4627         if (mp) {
4628                 if (moddebug & MODDEBUG_MP_MATCH) {
4629                         cmn_err(CE_CONT,
4630                             "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4631                             minor_name, alias, mp->mp_mode,
4632                             mp->mp_uid, mp->mp_gid);
4633                 }
4634                 rmp->mp_uid = mp->mp_uid;
4635                 rmp->mp_gid = mp->mp_gid;
4636                 rmp->mp_mode = mp->mp_mode;
4637         }
4638         UNLOCK_DEV_OPS(&dnp->dn_lock);
4639 
4640         kmem_free(alias, strlen(alias)+1);
4641 
4642         return (mp == NULL);
4643 }
4644 
4645 int
4646 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4647 {
4648         major_t major;
4649         char *minor_name;
4650         struct devnames *dnp;
4651         mperm_t *mp;
4652         int is_clone = 0;
4653 
4654         if (!minorperm_loaded) {
4655                 if (moddebug & MODDEBUG_MINORPERM)
4656                         cmn_err(CE_CONT,
4657                             "%s: minor perm not yet loaded\n", name);
4658                 return (1);
4659         }
4660 
4661         minor_name = strchr(name, ':');
4662         if (minor_name == NULL)
4663                 return (1);
4664         minor_name++;
4665 
4666         /*
4667          * If it's the clone driver, search the driver as named
4668          * by the minor.  All clone minor perm entries other than
4669          * alias nodes are actually installed on the real driver's list.
4670          */
4671         if (dip == clone_dip) {
4672                 major = ddi_name_to_major(minor_name);
4673                 if (major == DDI_MAJOR_T_NONE) {
4674                         if (moddebug & MODDEBUG_MINORPERM)
4675                                 cmn_err(CE_CONT, "dev_minorperm: "
4676                                     "%s: no such driver\n", minor_name);
4677                         return (1);
4678                 }
4679                 is_clone = 1;
4680         } else {
4681                 major = ddi_driver_major(dip);
4682                 ASSERT(major != DDI_MAJOR_T_NONE);
4683         }
4684 
4685         dnp = &devnamesp[major];
4686         LOCK_DEV_OPS(&dnp->dn_lock);
4687 
4688         /*
4689          * Go through the driver's mperm list looking for
4690          * a match for the specified minor.  If there's
4691          * no matching pattern, use the wild card.
4692          * Defer to the clone wild for clone if specified,
4693          * otherwise fall back to the normal form.
4694          */
4695         for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4696                 if (gmatch(minor_name, mp->mp_minorname) != 0) {
4697                         break;
4698                 }
4699         }
4700         if (mp == NULL) {
4701                 if (is_clone)
4702                         mp = dnp->dn_mperm_clone;
4703                 if (mp == NULL)
4704                         mp = dnp->dn_mperm_wild;
4705         }
4706 
4707         if (mp) {
4708                 if (moddebug & MODDEBUG_MP_MATCH) {
4709                         cmn_err(CE_CONT,
4710                             "minor perm defaults: %s %s 0%o %d %d\n",
4711                             name, mp->mp_minorname, mp->mp_mode,
4712                             mp->mp_uid, mp->mp_gid);
4713                 }
4714                 rmp->mp_uid = mp->mp_uid;
4715                 rmp->mp_gid = mp->mp_gid;
4716                 rmp->mp_mode = mp->mp_mode;
4717         }
4718         UNLOCK_DEV_OPS(&dnp->dn_lock);
4719 
4720         /*
4721          * If no match can be found for a clone node,
4722          * search for a possible match for an alias.
4723          * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4724          * with minor perm entry clone:ptmx.
4725          */
4726         if (mp == NULL && is_clone) {
4727                 return (dev_alias_minorperm(dip, minor_name, rmp));
4728         }
4729 
4730         return (mp == NULL);
4731 }
4732 
4733 /*
4734  * dynamicaly reference load a dl module/library, returning handle
4735  */
4736 /*ARGSUSED*/
4737 ddi_modhandle_t
4738 ddi_modopen(const char *modname, int mode, int *errnop)
4739 {
4740         char            *subdir;
4741         char            *mod;
4742         int             subdirlen;
4743         struct modctl   *hmodp = NULL;
4744         int             retval = EINVAL;
4745 
4746         ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4747         if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4748                 goto out;
4749 
4750         /* find last '/' in modname */
4751         mod = strrchr(modname, '/');
4752 
4753         if (mod) {
4754                 /* for subdir string without modification to argument */
4755                 mod++;
4756                 subdirlen = mod - modname;
4757                 subdir = kmem_alloc(subdirlen, KM_SLEEP);
4758                 (void) strlcpy(subdir, modname, subdirlen);
4759         } else {
4760                 subdirlen = 0;
4761                 subdir = "misc";
4762                 mod = (char *)modname;
4763         }
4764 
4765         /* reference load with errno return value */
4766         retval = modrload(subdir, mod, &hmodp);
4767 
4768         if (subdirlen)
4769                 kmem_free(subdir, subdirlen);
4770 
4771 out:    if (errnop)
4772                 *errnop = retval;
4773 
4774         if (moddebug & MODDEBUG_DDI_MOD)
4775                 printf("ddi_modopen %s mode %x: %s %p %d\n",
4776                     modname ? modname : "<unknown>", mode,
4777                     hmodp ? hmodp->mod_filename : "<unknown>",
4778                     (void *)hmodp, retval);
4779 
4780         return ((ddi_modhandle_t)hmodp);
4781 }
4782 
4783 /* lookup "name" in open dl module/library */
4784 void *
4785 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4786 {
4787         struct modctl   *hmodp = (struct modctl *)h;
4788         void            *f;
4789         int             retval;
4790 
4791         ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4792         if ((hmodp == NULL) || (name == NULL) ||
4793             (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4794                 f = NULL;
4795                 retval = EINVAL;
4796         } else {
4797                 f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4798                 if (f)
4799                         retval = 0;
4800                 else
4801                         retval = ENOTSUP;
4802         }
4803 
4804         if (moddebug & MODDEBUG_DDI_MOD)
4805                 printf("ddi_modsym in %s of %s: %d %p\n",
4806                     hmodp ? hmodp->mod_modname : "<unknown>",
4807                     name ? name : "<unknown>", retval, f);
4808 
4809         if (errnop)
4810                 *errnop = retval;
4811         return (f);
4812 }
4813 
4814 /* dynamic (un)reference unload of an open dl module/library */
4815 int
4816 ddi_modclose(ddi_modhandle_t h)
4817 {
4818         struct modctl   *hmodp = (struct modctl *)h;
4819         struct modctl   *modp = NULL;
4820         int             retval;
4821 
4822         ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4823         if ((hmodp == NULL) ||
4824             (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4825                 retval = EINVAL;
4826                 goto out;
4827         }
4828 
4829         retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4830         if (retval == EBUSY)
4831                 retval = 0;     /* EBUSY is not an error */
4832 
4833         if (retval == 0) {
4834                 ASSERT(hmodp == modp);
4835                 if (hmodp != modp)
4836                         retval = EINVAL;
4837         }
4838 
4839 out:    if (moddebug & MODDEBUG_DDI_MOD)
4840                 printf("ddi_modclose %s: %d\n",
4841                     hmodp ? hmodp->mod_modname : "<unknown>", retval);
4842 
4843         return (retval);
4844 }