1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 2017 Joyent, Inc.
25 */
26
27/*
28 * modctl system call for loadable module support.
29 */
30
31#include <sys/param.h>
32#include <sys/user.h>
33#include <sys/systm.h>
34#include <sys/exec.h>
35#include <sys/file.h>
36#include <sys/stat.h>
37#include <sys/conf.h>
38#include <sys/time.h>
39#include <sys/reboot.h>
40#include <sys/fs/ufs_fsdir.h>
41#include <sys/kmem.h>
42#include <sys/sysconf.h>
43#include <sys/cmn_err.h>
44#include <sys/ddi.h>
45#include <sys/sunddi.h>
46#include <sys/sunndi.h>
47#include <sys/ndi_impldefs.h>
48#include <sys/ddi_impldefs.h>
49#include <sys/ddi_implfuncs.h>
50#include <sys/bootconf.h>
51#include <sys/dc_ki.h>
52#include <sys/cladm.h>
53#include <sys/dtrace.h>
54#include <sys/kdi.h>
55
56#include <sys/devpolicy.h>
57#include <sys/modctl.h>
58#include <sys/kobj.h>
59#include <sys/devops.h>
60#include <sys/autoconf.h>
61#include <sys/hwconf.h>
62#include <sys/callb.h>
63#include <sys/debug.h>
64#include <sys/cpuvar.h>
65#include <sys/sysmacros.h>
66#include <sys/sysevent.h>
67#include <sys/sysevent_impl.h>
68#include <sys/instance.h>
69#include <sys/modhash.h>
70#include <sys/modhash_impl.h>
71#include <sys/dacf_impl.h>
72#include <sys/vfs.h>
73#include <sys/pathname.h>
74#include <sys/console.h>
75#include <sys/policy.h>
76#include <ipp/ipp_impl.h>
77#include <sys/fs/dv_node.h>
78#include <sys/strsubr.h>
79#include <sys/fs/sdev_impl.h>
80
81static int		mod_circdep(struct modctl *);
82static int		modinfo(modid_t, struct modinfo *);
83
84static void		mod_uninstall_all(void);
85static int		mod_getinfo(struct modctl *, struct modinfo *);
86static struct modctl	*allocate_modp(const char *, const char *);
87
88static int		mod_load(struct modctl *, int);
89static void		mod_unload(struct modctl *);
90static int		modinstall(struct modctl *);
91static int		moduninstall(struct modctl *);
92
93static struct modctl	*mod_hold_by_name_common(struct modctl *, const char *);
94static struct modctl	*mod_hold_next_by_id(modid_t);
95static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
96static struct modctl	*mod_hold_installed_mod(char *, int, int, int *);
97
98static void		mod_release(struct modctl *);
99static void		mod_make_requisite(struct modctl *, struct modctl *);
100static int		mod_install_requisites(struct modctl *);
101static void		check_esc_sequences(char *, char *);
102static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
103
104/*
105 * module loading thread control structure. Calls to kobj_load_module()() are
106 * handled off to a separate thead using this structure.
107 */
108struct loadmt {
109	ksema_t		sema;
110	struct modctl	*mp;
111	int		usepath;
112	kthread_t	*owner;
113	int		retval;
114};
115
116static void	modload_thread(struct loadmt *);
117
118kcondvar_t	mod_cv;
119kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
120					/* and the uninstall daemon. */
121kmutex_t	mod_lock;		/* protects &modules insert linkage, */
122					/* mod_busy, mod_want, and mod_ref. */
123					/* blocking operations while holding */
124					/* mod_lock should be avoided */
125kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
126kthread_id_t	mod_aul_thread;
127
128int		modunload_wait;
129kmutex_t	modunload_wait_mutex;
130kcondvar_t	modunload_wait_cv;
131int		modunload_active_count;
132int		modunload_disable_count;
133
134int	isminiroot;		/* set if running as miniroot */
135int	modrootloaded;		/* set after root driver and fs are loaded */
136int	moddebug = 0x0;		/* debug flags for module writers */
137int	swaploaded;		/* set after swap driver and fs are loaded */
138int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
139int	last_module_id;
140clock_t	mod_uninstall_interval = 0;
141int	mod_uninstall_pass_max = 6;
142int	mod_uninstall_ref_zero;	/* # modules that went mod_ref == 0 */
143int	mod_uninstall_pass_exc;	/* mod_uninstall_all left new stuff */
144
145int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
146
147int	devcnt_incr	= 256;		/* allow for additional drivers */
148int	devcnt_min	= 512;		/* and always at least this number */
149
150struct devnames *devnamesp;
151struct devnames orphanlist;
152
153krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
154
155#define	MAJBINDFILE "/etc/name_to_major"
156#define	SYSBINDFILE "/etc/name_to_sysnum"
157
158static char	majbind[] = MAJBINDFILE;
159static char	sysbind[] = SYSBINDFILE;
160static uint_t	mod_autounload_key;	/* for module autounload detection */
161
162extern int obpdebug;
163
164#define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
165
166static int minorperm_loaded = 0;
167
168void
169mod_setup(void)
170{
171	struct sysent *callp;
172	int callnum, exectype;
173	int	num_devs;
174	int	i;
175
176	/*
177	 * Initialize the list of loaded driver dev_ops.
178	 * XXX - This must be done before reading the system file so that
179	 * forceloads of drivers will work.
180	 */
181	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
182	/*
183	 * Since read_binding_file is common code, it doesn't enforce that all
184	 * of the binding file entries have major numbers <= MAXMAJ32.	Thus,
185	 * ensure that we don't allocate some massive amount of space due to a
186	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
187	 * until file system support for larger major numbers exists.
188	 */
189
190	/*
191	 * Leave space for expansion, but not more than L_MAXMAJ32
192	 */
193	devcnt = MIN(num_devs + devcnt_incr, L_MAXMAJ32);
194	devcnt = MAX(devcnt, devcnt_min);
195	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
196	for (i = 0; i < devcnt; i++)
197		devopsp[i] = &mod_nodev_ops;
198
199	init_devnamesp(devcnt);
200
201	/*
202	 * Sync up with the work that the stand-alone linker has already done.
203	 */
204	(void) kobj_sync();
205
206	if (boothowto & RB_DEBUG)
207		kdi_dvec_modavail();
208
209	make_aliases(mb_hashtab);
210
211	/*
212	 * Initialize streams device implementation structures.
213	 */
214	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
215
216	/*
217	 * If the cl_bootstrap module is present,
218	 * we should be configured as a cluster. Loading this module
219	 * will set "cluster_bootflags" to non-zero.
220	 */
221	(void) modload("misc", "cl_bootstrap");
222
223	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
224	init_syscallnames(NSYSCALL);
225
226	/*
227	 * Start up dynamic autoconfiguration framework (dacf).
228	 */
229	mod_hash_init();
230	dacf_init();
231
232	/*
233	 * Start up IP policy framework (ipp).
234	 */
235	ipp_init();
236
237	/*
238	 * Allocate loadable native system call locks.
239	 */
240	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
241	    callnum++, callp++) {
242		if (LOADABLE_SYSCALL(callp)) {
243			if (mod_getsysname(callnum) != NULL) {
244				callp->sy_lock =
245				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
246				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
247			} else {
248				callp->sy_flags &= ~SE_LOADABLE;
249				callp->sy_callc = nosys;
250			}
251#ifdef DEBUG
252		} else {
253			/*
254			 * Do some sanity checks on the sysent table
255			 */
256			switch (callp->sy_flags & SE_RVAL_MASK) {
257			case SE_32RVAL1:
258				/* only r_val1 returned */
259			case SE_32RVAL1 | SE_32RVAL2:
260				/* r_val1 and r_val2 returned */
261			case SE_64RVAL:
262				/* 64-bit rval returned */
263				break;
264			default:
265				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
266				    callnum, callp->sy_flags);
267			}
268#endif
269		}
270	}
271
272#ifdef _SYSCALL32_IMPL
273	/*
274	 * Allocate loadable system call locks for 32-bit compat syscalls
275	 */
276	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
277	    callnum++, callp++) {
278		if (LOADABLE_SYSCALL(callp)) {
279			if (mod_getsysname(callnum) != NULL) {
280				callp->sy_lock =
281				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
282				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
283			} else {
284				callp->sy_flags &= ~SE_LOADABLE;
285				callp->sy_callc = nosys;
286			}
287#ifdef DEBUG
288		} else {
289			/*
290			 * Do some sanity checks on the sysent table
291			 */
292			switch (callp->sy_flags & SE_RVAL_MASK) {
293			case SE_32RVAL1:
294				/* only r_val1 returned */
295			case SE_32RVAL1 | SE_32RVAL2:
296				/* r_val1 and r_val2 returned */
297			case SE_64RVAL:
298				/* 64-bit rval returned */
299				break;
300			default:
301				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
302				    callnum, callp->sy_flags);
303				goto skip;
304			}
305
306			/*
307			 * Cross-check the native and compatibility tables.
308			 */
309			if (callp->sy_callc == nosys ||
310			    sysent[callnum].sy_callc == nosys)
311				continue;
312			/*
313			 * If only one or the other slot is loadable, then
314			 * there's an error -- they should match!
315			 */
316			if ((callp->sy_callc == loadable_syscall) ^
317			    (sysent[callnum].sy_callc == loadable_syscall)) {
318				cmn_err(CE_WARN, "sysent[%d] loadable?",
319				    callnum);
320			}
321			/*
322			 * This is more of a heuristic test -- if the
323			 * system call returns two values in the 32-bit
324			 * world, it should probably return two 32-bit
325			 * values in the 64-bit world too.
326			 */
327			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
328			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
329				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
330				    callnum);
331			}
332skip:;
333#endif	/* DEBUG */
334		}
335	}
336#endif	/* _SYSCALL32_IMPL */
337
338	/*
339	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
340	 */
341	for (exectype = 0; exectype < nexectype; exectype++) {
342		execsw[exectype].exec_lock =
343		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
344		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
345	}
346
347	read_class_file();
348
349	/* init thread specific structure for mod_uninstall_all */
350	tsd_create(&mod_autounload_key, NULL);
351}
352
353static int
354modctl_modload(int use_path, char *filename, int *rvp)
355{
356	struct modctl *modp;
357	int retval = 0;
358	char *filenamep;
359	int modid;
360
361	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
362
363	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
364		retval = EFAULT;
365		goto out;
366	}
367
368	filenamep[MOD_MAXPATH - 1] = 0;
369	modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
370
371	if (modp == NULL)
372		goto out;
373
374	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
375	modid = modp->mod_id;
376	mod_release_mod(modp);
377	CPU_STATS_ADDQ(CPU, sys, modload, 1);
378	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
379		retval = EFAULT;
380out:
381	kmem_free(filenamep, MOD_MAXPATH);
382
383	return (retval);
384}
385
386static int
387modctl_modunload(modid_t id)
388{
389	int rval = 0;
390
391	if (id == 0) {
392#ifdef DEBUG
393		/*
394		 * Turn on mod_uninstall_daemon
395		 */
396		if (mod_uninstall_interval == 0) {
397			mod_uninstall_interval = 60;
398			modreap();
399			return (rval);
400		}
401#endif
402		mod_uninstall_all();
403	} else {
404		rval = modunload(id);
405	}
406	return (rval);
407}
408
409static int
410modctl_modinfo(modid_t id, struct modinfo *umodi)
411{
412	int retval;
413	struct modinfo modi;
414#if defined(_SYSCALL32_IMPL)
415	int nobase;
416	struct modinfo32 modi32;
417#endif
418
419	nobase = 0;
420	if (get_udatamodel() == DATAMODEL_NATIVE) {
421		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
422			return (EFAULT);
423	}
424#ifdef _SYSCALL32_IMPL
425	else {
426		bzero(&modi, sizeof (modi));
427		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
428			return (EFAULT);
429		modi.mi_info = modi32.mi_info;
430		modi.mi_id = modi32.mi_id;
431		modi.mi_nextid = modi32.mi_nextid;
432		nobase = modi.mi_info & MI_INFO_NOBASE;
433	}
434#endif
435	/*
436	 * This flag is -only- for the kernels use.
437	 */
438	modi.mi_info &= ~MI_INFO_LINKAGE;
439
440	retval = modinfo(id, &modi);
441	if (retval)
442		return (retval);
443
444	if (get_udatamodel() == DATAMODEL_NATIVE) {
445		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
446			retval = EFAULT;
447#ifdef _SYSCALL32_IMPL
448	} else {
449		int i;
450
451		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
452			return (EOVERFLOW);
453
454		modi32.mi_info = modi.mi_info;
455		modi32.mi_state = modi.mi_state;
456		modi32.mi_id = modi.mi_id;
457		modi32.mi_nextid = modi.mi_nextid;
458		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
459		modi32.mi_size = modi.mi_size;
460		modi32.mi_rev = modi.mi_rev;
461		modi32.mi_loadcnt = modi.mi_loadcnt;
462		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
463		for (i = 0; i < MODMAXLINK32; i++) {
464			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
465			bcopy(modi.mi_msinfo[i].msi_linkinfo,
466			    modi32.mi_msinfo[i].msi_linkinfo,
467			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
468		}
469		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
470			retval = EFAULT;
471#endif
472	}
473
474	return (retval);
475}
476
477/*
478 * Return the last major number in the range of permissible major numbers.
479 */
480/*ARGSUSED*/
481static int
482modctl_modreserve(modid_t id, int *data)
483{
484	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
485		return (EFAULT);
486	return (0);
487}
488
489/* Add/Remove driver and binding aliases */
490static int
491modctl_update_driver_aliases(int add, int *data)
492{
493	struct modconfig	mc;
494	int			i, n, rv = 0;
495	struct aliases		alias;
496	struct aliases		*ap;
497	char			name[MAXMODCONFNAME];
498	char			cname[MAXMODCONFNAME];
499	char			*drvname;
500	int			resid;
501	struct alias_info {
502		char	*alias_name;
503		int	alias_resid;
504	} *aliases, *aip;
505
506	aliases = NULL;
507	bzero(&mc, sizeof (struct modconfig));
508	if (get_udatamodel() == DATAMODEL_NATIVE) {
509		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
510			return (EFAULT);
511	}
512#ifdef _SYSCALL32_IMPL
513	else {
514		struct modconfig32 modc32;
515		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
516			return (EFAULT);
517		else {
518			bcopy(modc32.drvname, mc.drvname,
519			    sizeof (modc32.drvname));
520			bcopy(modc32.drvclass, mc.drvclass,
521			    sizeof (modc32.drvclass));
522			mc.major = modc32.major;
523			mc.flags = modc32.flags;
524			mc.num_aliases = modc32.num_aliases;
525			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
526		}
527	}
528#endif
529
530	/*
531	 * If the driver is already in the mb_hashtab, and the name given
532	 * doesn't match that driver's name, fail.  Otherwise, pass, since
533	 * we may be adding aliases.
534	 */
535	drvname = mod_major_to_name(mc.major);
536	if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
537		return (EINVAL);
538
539	/*
540	 * Precede alias removal by unbinding as many devices as possible.
541	 */
542	if (add == 0) {
543		(void) i_ddi_unload_drvconf(mc.major);
544		i_ddi_unbind_devs(mc.major);
545	}
546
547	/*
548	 * Add/remove each supplied driver alias to/from mb_hashtab
549	 */
550	ap = mc.ap;
551	if (mc.num_aliases > 0)
552		aliases = kmem_zalloc(
553		    mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
554	aip = aliases;
555	for (i = 0; i < mc.num_aliases; i++) {
556		bzero(&alias, sizeof (struct aliases));
557		if (get_udatamodel() == DATAMODEL_NATIVE) {
558			if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
559				rv = EFAULT;
560				goto error;
561			}
562			if (alias.a_len > MAXMODCONFNAME) {
563				rv = EINVAL;
564				goto error;
565			}
566			if (copyin(alias.a_name, name, alias.a_len) != 0) {
567				rv = EFAULT;
568				goto error;
569			}
570			if (name[alias.a_len - 1] != '\0') {
571				rv = EINVAL;
572				goto error;
573			}
574		}
575#ifdef _SYSCALL32_IMPL
576		else {
577			struct aliases32 al32;
578			bzero(&al32, sizeof (struct aliases32));
579			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
580				rv = EFAULT;
581				goto error;
582			}
583			if (al32.a_len > MAXMODCONFNAME) {
584				rv = EINVAL;
585				goto error;
586			}
587			if (copyin((void *)(uintptr_t)al32.a_name,
588			    name, al32.a_len) != 0) {
589				rv = EFAULT;
590				goto error;
591			}
592			if (name[al32.a_len - 1] != '\0') {
593				rv = EINVAL;
594				goto error;
595			}
596			alias.a_next = (void *)(uintptr_t)al32.a_next;
597		}
598#endif
599		check_esc_sequences(name, cname);
600		aip->alias_name = strdup(cname);
601		ap = alias.a_next;
602		aip++;
603	}
604
605	if (add == 0) {
606		ap = mc.ap;
607		resid = 0;
608		aip = aliases;
609		/* attempt to unbind all devices bound to each alias */
610		for (i = 0; i < mc.num_aliases; i++) {
611			n = i_ddi_unbind_devs_by_alias(
612			    mc.major, aip->alias_name);
613			resid += n;
614			aip->alias_resid = n;
615		}
616
617		/*
618		 * If some device bound to an alias remains in use,
619		 * and override wasn't specified, no change is made to
620		 * the binding state and we fail the operation.
621		 */
622		if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
623			rv = EBUSY;
624			goto error;
625		}
626
627		/*
628		 * No device remains bound of any of the aliases,
629		 * or force was requested.  Mark each alias as
630		 * inactive via delete_mbind so no future binds
631		 * to this alias take place and that a new
632		 * binding can be established.
633		 */
634		aip = aliases;
635		for (i = 0; i < mc.num_aliases; i++) {
636			if (moddebug & MODDEBUG_BINDING)
637				cmn_err(CE_CONT, "Removing binding for %s "
638				    "(%d active references)\n",
639				    aip->alias_name, aip->alias_resid);
640			delete_mbind(aip->alias_name, mb_hashtab);
641			aip++;
642		}
643		rv = 0;
644	} else {
645		aip = aliases;
646		for (i = 0; i < mc.num_aliases; i++) {
647			if (moddebug & MODDEBUG_BINDING)
648				cmn_err(CE_NOTE, "Adding binding for '%s'\n",
649				    aip->alias_name);
650			(void) make_mbind(aip->alias_name,
651			    mc.major, NULL, mb_hashtab);
652			aip++;
653		}
654		/*
655		 * Try to establish an mbinding for mc.drvname, and add it to
656		 * devnames. Add class if any after establishing the major
657		 * number.
658		 */
659		(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
660		if ((rv = make_devname(mc.drvname, mc.major,
661		    (mc.flags & MOD_ADDMAJBIND_UPDATE) ?
662		    DN_DRIVER_INACTIVE : 0)) != 0) {
663			goto error;
664		}
665
666		if (mc.drvclass[0] != '\0')
667			add_class(mc.drvname, mc.drvclass);
668		if ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0) {
669			(void) i_ddi_load_drvconf(mc.major);
670		}
671	}
672
673	/*
674	 * Ensure that all nodes are bound to the most appropriate driver
675	 * possible, attempting demotion and rebind when a more appropriate
676	 * driver now exists.  But not when adding a driver update-only.
677	 */
678	if ((add == 0) || ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0)) {
679		i_ddi_bind_devs();
680		i_ddi_di_cache_invalidate();
681	}
682
683error:
684	if (mc.num_aliases > 0) {
685		aip = aliases;
686		for (i = 0; i < mc.num_aliases; i++) {
687			if (aip->alias_name != NULL)
688				strfree(aip->alias_name);
689			aip++;
690		}
691		kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
692	}
693	return (rv);
694}
695
696static int
697modctl_add_driver_aliases(int *data)
698{
699	return (modctl_update_driver_aliases(1, data));
700}
701
702static int
703modctl_remove_driver_aliases(int *data)
704{
705	return (modctl_update_driver_aliases(0, data));
706}
707
708static int
709modctl_rem_major(major_t major)
710{
711	struct devnames *dnp;
712
713	if (major >= devcnt)
714		return (EINVAL);
715
716	/* mark devnames as removed */
717	dnp = &devnamesp[major];
718	LOCK_DEV_OPS(&dnp->dn_lock);
719	if (dnp->dn_name == NULL ||
720	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
721		UNLOCK_DEV_OPS(&dnp->dn_lock);
722		return (EINVAL);
723	}
724	dnp->dn_flags |= DN_DRIVER_REMOVED;
725	pm_driver_removed(major);
726	UNLOCK_DEV_OPS(&dnp->dn_lock);
727
728	(void) i_ddi_unload_drvconf(major);
729	i_ddi_unbind_devs(major);
730	i_ddi_bind_devs();
731	i_ddi_di_cache_invalidate();
732
733	/* purge all the bindings to this driver */
734	purge_mbind(major, mb_hashtab);
735	return (0);
736}
737
738static struct vfs *
739path_to_vfs(char *name)
740{
741	vnode_t *vp;
742	struct vfs *vfsp;
743
744	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
745		return (NULL);
746
747	vfsp = vp->v_vfsp;
748	VN_RELE(vp);
749	return (vfsp);
750}
751
752static int
753new_vfs_in_modpath()
754{
755	static int n_modpath = 0;
756	static char *modpath_copy;
757	static struct pathvfs {
758		char *path;
759		struct vfs *vfsp;
760	} *pathvfs;
761
762	int i, new_vfs = 0;
763	char *tmp, *tmp1;
764	struct vfs *vfsp;
765
766	if (n_modpath != 0) {
767		for (i = 0; i < n_modpath; i++) {
768			vfsp = path_to_vfs(pathvfs[i].path);
769			if (vfsp != pathvfs[i].vfsp) {
770				pathvfs[i].vfsp = vfsp;
771				if (vfsp)
772					new_vfs = 1;
773			}
774		}
775		return (new_vfs);
776	}
777
778	/*
779	 * First call, initialize the pathvfs structure
780	 */
781	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
782	tmp = modpath_copy;
783	n_modpath = 1;
784	tmp1 = strchr(tmp, ' ');
785	while (tmp1) {
786		*tmp1 = '\0';
787		n_modpath++;
788		tmp = tmp1 + 1;
789		tmp1 = strchr(tmp, ' ');
790	}
791
792	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
793	tmp = modpath_copy;
794	for (i = 0; i < n_modpath; i++) {
795		pathvfs[i].path = tmp;
796		vfsp = path_to_vfs(tmp);
797		pathvfs[i].vfsp = vfsp;
798		tmp += strlen(tmp) + 1;
799	}
800	return (1);	/* always reread driver.conf the first time */
801}
802
803static int
804modctl_load_drvconf(major_t major, int flags)
805{
806	int ret;
807
808	/*
809	 * devfsadm -u - read all new driver.conf files
810	 * and bind and configure devices for new drivers.
811	 */
812	if (flags & MOD_LOADDRVCONF_RECONF) {
813		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
814		i_ddi_bind_devs();
815		i_ddi_di_cache_invalidate();
816		return (0);
817	}
818
819	/*
820	 * update_drv <drv> - reload driver.conf for the specified driver
821	 */
822	if (major != DDI_MAJOR_T_NONE) {
823		ret = i_ddi_load_drvconf(major);
824		if (ret == 0)
825			i_ddi_bind_devs();
826		return (ret);
827	}
828
829	/*
830	 * We are invoked to rescan new driver.conf files. It is
831	 * only necessary if a new file system was mounted in the
832	 * module_path. Because rescanning driver.conf files can
833	 * take some time on older platforms (sun4m), the following
834	 * code skips unnecessary driver.conf rescans to optimize
835	 * boot performance.
836	 */
837	if (new_vfs_in_modpath()) {
838		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
839		/*
840		 * If we are still initializing io subsystem,
841		 * load drivers with ddi-forceattach property
842		 */
843		if (!i_ddi_io_initialized())
844			i_ddi_forceattach_drivers();
845	}
846	return (0);
847}
848
849/*
850 * Unload driver.conf file and follow up by attempting
851 * to rebind devices to more appropriate driver.
852 */
853static int
854modctl_unload_drvconf(major_t major)
855{
856	int ret;
857
858	if (major >= devcnt)
859		return (EINVAL);
860
861	ret = i_ddi_unload_drvconf(major);
862	if (ret != 0)
863		return (ret);
864	(void) i_ddi_unbind_devs(major);
865	i_ddi_bind_devs();
866
867	return (0);
868}
869
870static void
871check_esc_sequences(char *str, char *cstr)
872{
873	int i;
874	size_t len;
875	char *p;
876
877	len = strlen(str);
878	for (i = 0; i < len; i++, str++, cstr++) {
879		if (*str != '\\') {
880			*cstr = *str;
881		} else {
882			p = str + 1;
883			/*
884			 * we only handle octal escape sequences for SPACE
885			 */
886			if (*p++ == '0' && *p++ == '4' && *p == '0') {
887				*cstr = ' ';
888				str += 3;
889			} else {
890				*cstr = *str;
891			}
892		}
893	}
894	*cstr = 0;
895}
896
897static int
898modctl_getmodpathlen(int *data)
899{
900	int len;
901	len = strlen(default_path);
902	if (copyout(&len, data, sizeof (len)) != 0)
903		return (EFAULT);
904	return (0);
905}
906
907static int
908modctl_getmodpath(char *data)
909{
910	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
911		return (EFAULT);
912	return (0);
913}
914
915static int
916modctl_read_sysbinding_file(void)
917{
918	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
919	return (0);
920}
921
922static int
923modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
924{
925	char name[256];
926	int retval;
927	major_t major;
928
929	if (ulen == 0)
930		return (EINVAL);
931	if ((retval = copyinstr(uname, name,
932	    (ulen < 256) ? ulen : 256, 0)) != 0)
933		return (retval);
934	if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
935		return (ENODEV);
936	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
937		return (EFAULT);
938	return (0);
939}
940
941static char **
942convert_constraint_string(char *constraints, size_t len)
943{
944	int	i;
945	int	n;
946	char	*p;
947	char	**array;
948
949	ASSERT(constraints != NULL);
950	ASSERT(len > 0);
951
952	for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
953		;
954
955	n = i;
956
957	if (n == 0) {
958		kmem_free(constraints, len);
959		return (NULL);
960	}
961
962	array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
963
964	for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
965		array[i] = i_ddi_strdup(p, KM_SLEEP);
966	}
967	array[n] = NULL;
968
969	kmem_free(constraints, len);
970
971	return (array);
972}
973/*ARGSUSED*/
974static int
975modctl_retire(char *path, char *uconstraints, size_t ulen)
976{
977	char	*pathbuf;
978	char	*devpath;
979	size_t	pathsz;
980	int	retval;
981	char	*constraints;
982	char	**cons_array;
983
984	if (path == NULL)
985		return (EINVAL);
986
987	if ((uconstraints == NULL) ^ (ulen == 0))
988		return (EINVAL);
989
990	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
991	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
992	if (retval != 0) {
993		kmem_free(pathbuf, MAXPATHLEN);
994		return (retval);
995	}
996	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
997	kmem_free(pathbuf, MAXPATHLEN);
998
999	/*
1000	 * First check if the device is already retired.
1001	 * If it is, then persist the retire anyway, just in case the retire
1002	 * store has got out of sync with the boot archive.
1003	 */
1004	if (e_ddi_device_retired(devpath)) {
1005		cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
1006		(void) e_ddi_retire_persist(devpath);
1007		kmem_free(devpath, strlen(devpath) + 1);
1008		return (0);
1009	}
1010
1011	cons_array = NULL;
1012	if (uconstraints) {
1013		constraints = kmem_alloc(ulen, KM_SLEEP);
1014		if (copyin(uconstraints, constraints, ulen)) {
1015			kmem_free(constraints, ulen);
1016			kmem_free(devpath, strlen(devpath) + 1);
1017			return (EFAULT);
1018		}
1019		cons_array = convert_constraint_string(constraints, ulen);
1020	}
1021
1022	/*
1023	 * Try to retire the device first. The following
1024	 * routine will return an error only if the device
1025	 * is not retireable i.e. retire constraints forbid
1026	 * a retire. A return of success from this routine
1027	 * indicates that device is retireable.
1028	 */
1029	retval = e_ddi_retire_device(devpath, cons_array);
1030	if (retval != DDI_SUCCESS) {
1031		cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
1032		kmem_free(devpath, strlen(devpath) + 1);
1033		return (ENOTSUP);
1034	}
1035
1036	/*
1037	 * Ok, the retire succeeded. Persist the retire.
1038	 * If retiring a nexus, we need to only persist the
1039	 * nexus retire. Any children of a retired nexus
1040	 * are automatically covered by the retire store
1041	 * code.
1042	 */
1043	retval = e_ddi_retire_persist(devpath);
1044	if (retval != 0) {
1045		cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1046		    "%s", retval, devpath);
1047		kmem_free(devpath, strlen(devpath) + 1);
1048		return (retval);
1049	}
1050	if (moddebug & MODDEBUG_RETIRE)
1051		cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1052
1053	kmem_free(devpath, strlen(devpath) + 1);
1054	return (0);
1055}
1056
1057static int
1058modctl_is_retired(char *path, int *statep)
1059{
1060	char	*pathbuf;
1061	char	*devpath;
1062	size_t	pathsz;
1063	int	error;
1064	int	status;
1065
1066	if (path == NULL || statep == NULL)
1067		return (EINVAL);
1068
1069	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1070	error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1071	if (error != 0) {
1072		kmem_free(pathbuf, MAXPATHLEN);
1073		return (error);
1074	}
1075	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1076	kmem_free(pathbuf, MAXPATHLEN);
1077
1078	if (e_ddi_device_retired(devpath))
1079		status = 1;
1080	else
1081		status = 0;
1082	kmem_free(devpath, strlen(devpath) + 1);
1083
1084	return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1085}
1086
1087static int
1088modctl_unretire(char *path)
1089{
1090	char	*pathbuf;
1091	char	*devpath;
1092	size_t	pathsz;
1093	int	retired;
1094	int	retval;
1095
1096	if (path == NULL)
1097		return (EINVAL);
1098
1099	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1100	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1101	if (retval != 0) {
1102		kmem_free(pathbuf, MAXPATHLEN);
1103		return (retval);
1104	}
1105	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1106	kmem_free(pathbuf, MAXPATHLEN);
1107
1108	/*
1109	 * We check if a device is retired (first) before
1110	 * unpersisting the retire, because we use the
1111	 * retire store to determine if a device is retired.
1112	 * If we unpersist first, the device will always appear
1113	 * to be unretired. For the rationale behind unpersisting
1114	 * a device that is not retired, see the next comment.
1115	 */
1116	retired = e_ddi_device_retired(devpath);
1117
1118	/*
1119	 * We call unpersist unconditionally because the lookup
1120	 * for retired devices (e_ddi_device_retired()), skips "bypassed"
1121	 * devices. We still want to be able remove "bypassed" entries
1122	 * from the persistent store, so we unpersist unconditionally
1123	 * i.e. whether or not the entry is found on a lookup.
1124	 *
1125	 * e_ddi_retire_unpersist() returns 1 if it found and cleared
1126	 * an entry from the retire store or 0 otherwise.
1127	 */
1128	if (e_ddi_retire_unpersist(devpath))
1129		if (moddebug & MODDEBUG_RETIRE) {
1130			cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1131			    devpath);
1132		}
1133
1134	/*
1135	 * Check if the device is already unretired. If so,
1136	 * the unretire becomes a NOP
1137	 */
1138	if (!retired) {
1139		cmn_err(CE_NOTE, "Not retired: %s", devpath);
1140		kmem_free(devpath, strlen(devpath) + 1);
1141		return (0);
1142	}
1143
1144	retval = e_ddi_unretire_device(devpath);
1145	if (retval != 0) {
1146		cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1147		    retval, devpath);
1148	}
1149
1150	kmem_free(devpath, strlen(devpath) + 1);
1151
1152	return (retval);
1153}
1154
1155static int
1156modctl_getname(char *uname, uint_t ulen, int *umajorp)
1157{
1158	char *name;
1159	major_t major;
1160
1161	if (copyin(umajorp, &major, sizeof (major)) != 0)
1162		return (EFAULT);
1163	if ((name = mod_major_to_name(major)) == NULL)
1164		return (ENODEV);
1165	if ((strlen(name) + 1) > ulen)
1166		return (ENOSPC);
1167	return (copyoutstr(name, uname, ulen, NULL));
1168}
1169
1170static int
1171modctl_devt2instance(dev_t dev, int *uinstancep)
1172{
1173	int	instance;
1174
1175	if ((instance = dev_to_instance(dev)) == -1)
1176		return (EINVAL);
1177
1178	return (copyout(&instance, uinstancep, sizeof (int)));
1179}
1180
1181/*
1182 * Return the sizeof of the device id.
1183 */
1184static int
1185modctl_sizeof_devid(dev_t dev, uint_t *len)
1186{
1187	uint_t		sz;
1188	ddi_devid_t	devid;
1189
1190	/* get device id */
1191	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1192		return (EINVAL);
1193
1194	sz = ddi_devid_sizeof(devid);
1195	ddi_devid_free(devid);
1196
1197	/* copyout device id size */
1198	if (copyout(&sz, len, sizeof (sz)) != 0)
1199		return (EFAULT);
1200
1201	return (0);
1202}
1203
1204/*
1205 * Return a copy of the device id.
1206 */
1207static int
1208modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1209{
1210	uint_t		sz;
1211	ddi_devid_t	devid;
1212	int		err = 0;
1213
1214	/* get device id */
1215	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1216		return (EINVAL);
1217
1218	sz = ddi_devid_sizeof(devid);
1219
1220	/* Error if device id is larger than space allocated */
1221	if (sz > len) {
1222		ddi_devid_free(devid);
1223		return (ENOSPC);
1224	}
1225
1226	/* copy out device id */
1227	if (copyout(devid, udevid, sz) != 0)
1228		err = EFAULT;
1229	ddi_devid_free(devid);
1230	return (err);
1231}
1232
1233/*
1234 * return the /devices paths associated with the specified devid and
1235 * minor name.
1236 */
1237/*ARGSUSED*/
1238static int
1239modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1240    size_t *ulensp, char *upaths)
1241{
1242	ddi_devid_t	devid = NULL;
1243	int		devid_len;
1244	char		*minor_name = NULL;
1245	dev_info_t	*dip = NULL;
1246	int		circ;
1247	struct ddi_minor_data	*dmdp;
1248	char		*path = NULL;
1249	int		ulens;
1250	int		lens;
1251	int		len;
1252	dev_t		*devlist = NULL;
1253	int		ndevs;
1254	int		i;
1255	int		ret = 0;
1256
1257	/*
1258	 * If upaths is NULL then we are only computing the amount of space
1259	 * needed to hold the paths and returning the value in *ulensp. If we
1260	 * are copying out paths then we get the amount of space allocated by
1261	 * the caller. If the actual space needed for paths is larger, or
1262	 * things are changing out from under us, then we return EAGAIN.
1263	 */
1264	if (upaths) {
1265		if (ulensp == NULL)
1266			return (EINVAL);
1267		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1268			return (EFAULT);
1269	}
1270
1271	/*
1272	 * copyin enough of the devid to determine the length then
1273	 * reallocate and copy in the entire devid.
1274	 */
1275	devid_len = ddi_devid_sizeof(NULL);
1276	devid = kmem_alloc(devid_len, KM_SLEEP);
1277	if (copyin(udevid, devid, devid_len)) {
1278		ret = EFAULT;
1279		goto out;
1280	}
1281	len = devid_len;
1282	devid_len = ddi_devid_sizeof(devid);
1283	kmem_free(devid, len);
1284	devid = kmem_alloc(devid_len, KM_SLEEP);
1285	if (copyin(udevid, devid, devid_len)) {
1286		ret = EFAULT;
1287		goto out;
1288	}
1289
1290	/* copyin the minor name if specified. */
1291	minor_name = uminor_name;
1292	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1293	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1294	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1295		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1296		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1297			ret = EFAULT;
1298			goto out;
1299		}
1300	}
1301
1302	/*
1303	 * Use existing function to resolve the devid into a devlist.
1304	 *
1305	 * NOTE: there is a loss of spectype information in the current
1306	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
1307	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1308	 * node forms in the loop processing the devlist below. It would be
1309	 * best if at some point the use of this interface here was replaced
1310	 * with a path oriented call.
1311	 */
1312	if (ddi_lyr_devid_to_devlist(devid,
1313	    (minor_name == DEVID_MINOR_NAME_ALL) ?
1314	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
1315	    &ndevs, &devlist) != DDI_SUCCESS) {
1316		ret = EINVAL;
1317		goto out;
1318	}
1319
1320	/*
1321	 * loop over the devlist, converting each devt to a path and doing
1322	 * a copyout of the path and computation of the amount of space
1323	 * needed to hold all the paths
1324	 */
1325	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1326	for (i = 0, lens = 0; i < ndevs; i++) {
1327
1328		/* find the dip associated with the dev_t */
1329		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1330			continue;
1331
1332		/* loop over all the minor nodes, skipping ones we don't want */
1333		ndi_devi_enter(dip, &circ);
1334		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1335			if ((dmdp->ddm_dev != devlist[i]) ||
1336			    (dmdp->type != DDM_MINOR))
1337				continue;
1338
1339			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1340			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1341			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1342			    strcmp(minor_name, dmdp->ddm_name))
1343				continue;
1344			else {
1345				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1346				    (dmdp->ddm_spec_type != S_IFCHR))
1347					continue;
1348				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1349				    (dmdp->ddm_spec_type != S_IFBLK))
1350					continue;
1351			}
1352
1353			(void) ddi_pathname_minor(dmdp, path);
1354			len = strlen(path) + 1;
1355			*(path + len) = '\0';	/* set double termination */
1356			lens += len;
1357
1358			/* copyout the path with double terminations */
1359			if (upaths) {
1360				if (lens > ulens) {
1361					ret = EAGAIN;
1362					goto out;
1363				}
1364				if (copyout(path, upaths, len + 1)) {
1365					ret = EFAULT;
1366					goto out;
1367				}
1368				upaths += len;
1369			}
1370		}
1371		ndi_devi_exit(dip, circ);
1372		ddi_release_devi(dip);
1373		dip = NULL;
1374	}
1375	lens++;		/* add one for double termination */
1376
1377	/* copy out the amount of space needed to hold the paths */
1378	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1379		ret = EFAULT;
1380		goto out;
1381	}
1382	ret = 0;
1383
1384out:	if (dip) {
1385		ndi_devi_exit(dip, circ);
1386		ddi_release_devi(dip);
1387	}
1388	if (path)
1389		kmem_free(path, MAXPATHLEN);
1390	if (devlist)
1391		ddi_lyr_free_devlist(devlist, ndevs);
1392	if (minor_name &&
1393	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1394	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1395	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1396		kmem_free(minor_name, MAXPATHLEN);
1397	if (devid)
1398		kmem_free(devid, devid_len);
1399	return (ret);
1400}
1401
1402/*
1403 * Return the size of the minor name.
1404 */
1405static int
1406modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1407{
1408	uint_t	sz;
1409	char	*name;
1410
1411	/* get the minor name */
1412	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1413		return (EINVAL);
1414
1415	sz = strlen(name) + 1;
1416	kmem_free(name, sz);
1417
1418	/* copy out the size of the minor name */
1419	if (copyout(&sz, len, sizeof (sz)) != 0)
1420		return (EFAULT);
1421
1422	return (0);
1423}
1424
1425/*
1426 * Return the minor name.
1427 */
1428static int
1429modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1430{
1431	uint_t	sz;
1432	char	*name;
1433	int	err = 0;
1434
1435	/* get the minor name */
1436	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1437		return (EINVAL);
1438
1439	sz = strlen(name) + 1;
1440
1441	/* Error if the minor name is larger than the space allocated */
1442	if (sz > len) {
1443		kmem_free(name, sz);
1444		return (ENOSPC);
1445	}
1446
1447	/* copy out the minor name */
1448	if (copyout(name, uname, sz) != 0)
1449		err = EFAULT;
1450	kmem_free(name, sz);
1451	return (err);
1452}
1453
1454/*
1455 * Return the size of the (dev_t,spectype) devfspath name.
1456 */
1457static int
1458modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1459{
1460	uint_t	sz;
1461	char	*name;
1462
1463	/* get the path name */
1464	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1465	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1466		kmem_free(name, MAXPATHLEN);
1467		return (EINVAL);
1468	}
1469
1470	sz = strlen(name) + 1;
1471	kmem_free(name, MAXPATHLEN);
1472
1473	/* copy out the size of the path name */
1474	if (copyout(&sz, len, sizeof (sz)) != 0)
1475		return (EFAULT);
1476
1477	return (0);
1478}
1479
1480/*
1481 * Return the (dev_t,spectype) devfspath name.
1482 */
1483static int
1484modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1485{
1486	uint_t	sz;
1487	char	*name;
1488	int	err = 0;
1489
1490	/* get the path name */
1491	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1492	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1493		kmem_free(name, MAXPATHLEN);
1494		return (EINVAL);
1495	}
1496
1497	sz = strlen(name) + 1;
1498
1499	/* Error if the path name is larger than the space allocated */
1500	if (sz > len) {
1501		kmem_free(name, MAXPATHLEN);
1502		return (ENOSPC);
1503	}
1504
1505	/* copy out the path name */
1506	if (copyout(name, uname, sz) != 0)
1507		err = EFAULT;
1508	kmem_free(name, MAXPATHLEN);
1509	return (err);
1510}
1511
1512/*
1513 * Return the size of the (major,instance) devfspath name.
1514 */
1515static int
1516modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1517{
1518	uint_t	sz;
1519	char	*name;
1520
1521	/* get the path name */
1522	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1523	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1524		kmem_free(name, MAXPATHLEN);
1525		return (EINVAL);
1526	}
1527
1528	sz = strlen(name) + 1;
1529	kmem_free(name, MAXPATHLEN);
1530
1531	/* copy out the size of the path name */
1532	if (copyout(&sz, len, sizeof (sz)) != 0)
1533		return (EFAULT);
1534
1535	return (0);
1536}
1537
1538/*
1539 * Return the (major_instance) devfspath name.
1540 * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1541 * return a path - it uses the instance tree.
1542 */
1543static int
1544modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1545{
1546	uint_t	sz;
1547	char	*name;
1548	int	err = 0;
1549
1550	/* get the path name */
1551	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1552	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1553		kmem_free(name, MAXPATHLEN);
1554		return (EINVAL);
1555	}
1556
1557	sz = strlen(name) + 1;
1558
1559	/* Error if the path name is larger than the space allocated */
1560	if (sz > len) {
1561		kmem_free(name, MAXPATHLEN);
1562		return (ENOSPC);
1563	}
1564
1565	/* copy out the path name */
1566	if (copyout(name, uname, sz) != 0)
1567		err = EFAULT;
1568	kmem_free(name, MAXPATHLEN);
1569	return (err);
1570}
1571
1572static int
1573modctl_get_fbname(char *path)
1574{
1575	extern dev_t fbdev;
1576	char *pathname = NULL;
1577	int rval = 0;
1578
1579	/* make sure fbdev is set before we plunge in */
1580	if (fbdev == NODEV)
1581		return (ENODEV);
1582
1583	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1584	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1585	    pathname)) == DDI_SUCCESS) {
1586		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1587			rval = EFAULT;
1588		}
1589	}
1590	kmem_free(pathname, MAXPATHLEN);
1591	return (rval);
1592}
1593
1594/*
1595 * modctl_reread_dacf()
1596 *	Reread the dacf rules database from the named binding file.
1597 *	If NULL is specified, pass along the NULL, it means 'use the default'.
1598 */
1599static int
1600modctl_reread_dacf(char *path)
1601{
1602	int rval = 0;
1603	char *filename, *filenamep;
1604
1605	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1606
1607	if (path == NULL) {
1608		filenamep = NULL;
1609	} else {
1610		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1611			rval = EFAULT;
1612			goto out;
1613		}
1614		filenamep = filename;
1615		filenamep[MAXPATHLEN - 1] = '\0';
1616	}
1617
1618	rval = read_dacf_binding_file(filenamep);
1619out:
1620	kmem_free(filename, MAXPATHLEN);
1621	return (rval);
1622}
1623
1624/*ARGSUSED*/
1625static int
1626modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1627    uint_t flag)
1628{
1629	int error = 0;
1630	char *filenamep;
1631
1632	switch (subcmd) {
1633
1634	case MODEVENTS_FLUSH:
1635		/* flush all currently queued events */
1636		log_sysevent_flushq(subcmd, flag);
1637		break;
1638
1639	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1640		/*
1641		 * bind door_upcall to filename
1642		 * this should only be done once per invocation
1643		 * of the event daemon.
1644		 */
1645
1646		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1647
1648		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1649			error = EFAULT;
1650		} else {
1651			error = log_sysevent_filename(filenamep);
1652		}
1653		kmem_free(filenamep, MOD_MAXPATH);
1654		break;
1655
1656	case MODEVENTS_GETDATA:
1657		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1658		    (size_t)a3, (caddr_t)a4);
1659		break;
1660
1661	case MODEVENTS_FREEDATA:
1662		error = log_sysevent_free_data((sysevent_id_t *)a2);
1663		break;
1664	case MODEVENTS_POST_EVENT:
1665		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1666		    (sysevent_id_t *)a4);
1667		break;
1668	case MODEVENTS_REGISTER_EVENT:
1669		error = log_sysevent_register((char *)a2, (char *)a3,
1670		    (se_pubsub_t *)a4);
1671		break;
1672	default:
1673		error = EINVAL;
1674	}
1675
1676	return (error);
1677}
1678
1679static void
1680free_mperm(mperm_t *mp)
1681{
1682	int len;
1683
1684	if (mp->mp_minorname) {
1685		len = strlen(mp->mp_minorname) + 1;
1686		kmem_free(mp->mp_minorname, len);
1687	}
1688	kmem_free(mp, sizeof (mperm_t));
1689}
1690
1691#define	MP_NO_DRV_ERR	\
1692	"/etc/minor_perm: no driver for %s\n"
1693
1694#define	MP_EMPTY_MINOR	\
1695	"/etc/minor_perm: empty minor name for driver %s\n"
1696
1697#define	MP_NO_MINOR	\
1698	"/etc/minor_perm: no minor matching %s for driver %s\n"
1699
1700/*
1701 * Remove mperm entry with matching minorname
1702 */
1703static void
1704rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1705{
1706	mperm_t **mp_head;
1707	mperm_t *freemp = NULL;
1708	struct devnames *dnp = &devnamesp[major];
1709	mperm_t **wildmp;
1710
1711	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1712
1713	LOCK_DEV_OPS(&dnp->dn_lock);
1714	if (strcmp(mp->mp_minorname, "*") == 0) {
1715		wildmp = ((is_clone == 0) ?
1716		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1717		if (*wildmp)
1718			freemp = *wildmp;
1719		*wildmp = NULL;
1720	} else {
1721		mp_head = &dnp->dn_mperm;
1722		while (*mp_head) {
1723			if (strcmp((*mp_head)->mp_minorname,
1724			    mp->mp_minorname) != 0) {
1725				mp_head = &(*mp_head)->mp_next;
1726				continue;
1727			}
1728			/* remove the entry */
1729			freemp = *mp_head;
1730			*mp_head = freemp->mp_next;
1731			break;
1732		}
1733	}
1734	if (freemp) {
1735		if (moddebug & MODDEBUG_MINORPERM) {
1736			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1737			    drvname, freemp->mp_minorname,
1738			    freemp->mp_mode & 0777,
1739			    freemp->mp_uid, freemp->mp_gid);
1740		}
1741		free_mperm(freemp);
1742	} else {
1743		if (moddebug & MODDEBUG_MINORPERM) {
1744			cmn_err(CE_CONT, MP_NO_MINOR,
1745			    drvname, mp->mp_minorname);
1746		}
1747	}
1748
1749	UNLOCK_DEV_OPS(&dnp->dn_lock);
1750}
1751
1752/*
1753 * Add minor perm entry
1754 */
1755static void
1756add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1757{
1758	mperm_t **mp_head;
1759	mperm_t *freemp = NULL;
1760	struct devnames *dnp = &devnamesp[major];
1761	mperm_t **wildmp;
1762
1763	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1764
1765	/*
1766	 * Note that update_drv replace semantics require
1767	 * replacing matching entries with the new permissions.
1768	 */
1769	LOCK_DEV_OPS(&dnp->dn_lock);
1770	if (strcmp(mp->mp_minorname, "*") == 0) {
1771		wildmp = ((is_clone == 0) ?
1772		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1773		if (*wildmp)
1774			freemp = *wildmp;
1775		*wildmp = mp;
1776	} else {
1777		mperm_t *p, *v = NULL;
1778		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1779			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1780				if (v == NULL)
1781					dnp->dn_mperm = mp;
1782				else
1783					v->mp_next = mp;
1784				mp->mp_next = p->mp_next;
1785				freemp = p;
1786				goto replaced;
1787			}
1788		}
1789		if (p == NULL) {
1790			mp_head = &dnp->dn_mperm;
1791			if (*mp_head == NULL) {
1792				*mp_head = mp;
1793			} else {
1794				mp->mp_next = *mp_head;
1795				*mp_head = mp;
1796			}
1797		}
1798	}
1799replaced:
1800	if (freemp) {
1801		if (moddebug & MODDEBUG_MINORPERM) {
1802			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1803			    drvname, freemp->mp_minorname,
1804			    freemp->mp_mode & 0777,
1805			    freemp->mp_uid, freemp->mp_gid);
1806		}
1807		free_mperm(freemp);
1808	}
1809	if (moddebug & MODDEBUG_MINORPERM) {
1810		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1811		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1812		    mp->mp_uid, mp->mp_gid);
1813	}
1814	UNLOCK_DEV_OPS(&dnp->dn_lock);
1815}
1816
1817
1818static int
1819process_minorperm(int cmd, nvlist_t *nvl)
1820{
1821	char *minor;
1822	major_t major;
1823	mperm_t *mp;
1824	nvpair_t *nvp;
1825	char *name;
1826	int is_clone;
1827	major_t minmaj;
1828
1829	ASSERT(cmd == MODLOADMINORPERM ||
1830	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1831
1832	nvp = NULL;
1833	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1834		name = nvpair_name(nvp);
1835
1836		is_clone = 0;
1837		(void) nvpair_value_string(nvp, &minor);
1838		major = ddi_name_to_major(name);
1839		if (major != DDI_MAJOR_T_NONE) {
1840			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1841			if (minor == NULL || strlen(minor) == 0) {
1842				if (moddebug & MODDEBUG_MINORPERM) {
1843					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1844				}
1845				minor = "*";
1846			}
1847
1848			/*
1849			 * The minor name of a node using the clone
1850			 * driver must be the driver name.  To avoid
1851			 * multiple searches, we map entries in the form
1852			 * clone:<driver> to <driver>:*.  This also allows us
1853			 * to filter out some of the litter in /etc/minor_perm.
1854			 * Minor perm alias entries where the name is not
1855			 * the driver kept on the clone list itself.
1856			 * This all seems very fragile as a driver could
1857			 * be introduced with an existing alias name.
1858			 */
1859			if (strcmp(name, "clone") == 0) {
1860				minmaj = ddi_name_to_major(minor);
1861				if (minmaj != DDI_MAJOR_T_NONE) {
1862					if (moddebug & MODDEBUG_MINORPERM) {
1863						cmn_err(CE_CONT,
1864						    "mapping %s:%s to %s:*\n",
1865						    name, minor, minor);
1866					}
1867					major = minmaj;
1868					name = minor;
1869					minor = "*";
1870					is_clone = 1;
1871				}
1872			}
1873
1874			if (mp) {
1875				mp->mp_minorname =
1876				    i_ddi_strdup(minor, KM_SLEEP);
1877			}
1878		} else {
1879			mp = NULL;
1880			if (moddebug & MODDEBUG_MINORPERM) {
1881				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1882			}
1883		}
1884
1885		/* mode */
1886		nvp = nvlist_next_nvpair(nvl, nvp);
1887		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1888		if (mp)
1889			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1890		/* uid */
1891		nvp = nvlist_next_nvpair(nvl, nvp);
1892		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1893		if (mp)
1894			(void) nvpair_value_uint32(nvp, &mp->mp_uid);
1895		/* gid */
1896		nvp = nvlist_next_nvpair(nvl, nvp);
1897		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1898		if (mp) {
1899			(void) nvpair_value_uint32(nvp, &mp->mp_gid);
1900
1901			if (cmd == MODREMMINORPERM) {
1902				rem_minorperm(major, name, mp, is_clone);
1903				free_mperm(mp);
1904			} else {
1905				add_minorperm(major, name, mp, is_clone);
1906			}
1907		}
1908	}
1909
1910	if (cmd == MODLOADMINORPERM)
1911		minorperm_loaded = 1;
1912
1913	/*
1914	 * Reset permissions of cached dv_nodes
1915	 */
1916	(void) devfs_reset_perm(DV_RESET_PERM);
1917
1918	return (0);
1919}
1920
1921static int
1922modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1923{
1924	int error;
1925	nvlist_t *nvl;
1926	char *buf = kmem_alloc(buflen, KM_SLEEP);
1927
1928	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1929		kmem_free(buf, buflen);
1930		return (error);
1931	}
1932
1933	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1934	kmem_free(buf, buflen);
1935	if (error)
1936		return (error);
1937
1938	error = process_minorperm(cmd, nvl);
1939	nvlist_free(nvl);
1940	return (error);
1941}
1942
1943struct walk_args {
1944	char		*wa_drvname;
1945	list_t		wa_pathlist;
1946};
1947
1948struct path_elem {
1949	char		*pe_dir;
1950	char		*pe_nodename;
1951	list_node_t	pe_node;
1952	int		pe_dirlen;
1953};
1954
1955/*ARGSUSED*/
1956static int
1957modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1958{
1959	struct walk_args *wargs = (struct walk_args *)arg;
1960	struct path_elem *pe;
1961	char *nodename;
1962
1963	/*
1964	 * Search may be restricted to a single driver in the case of rem_drv
1965	 */
1966	if (wargs->wa_drvname &&
1967	    strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1968		return (INST_WALK_CONTINUE);
1969
1970	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1971	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1972	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1973	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1974	nodename = strrchr(pe->pe_dir, '/');
1975	*nodename++ = 0;
1976	pe->pe_nodename = nodename;
1977	list_insert_tail(&wargs->wa_pathlist, pe);
1978
1979	return (INST_WALK_CONTINUE);
1980}
1981
1982/*
1983 * /devices attribute nodes clean-up optionally performed
1984 * when removing a driver (rem_drv -C).
1985 *
1986 * Removing attribute nodes allows a machine to be reprovisioned
1987 * without the side-effect of inadvertently picking up stale
1988 * device node ownership or permissions.
1989 *
1990 * Preserving attributes (not performing cleanup) allows devices
1991 * attribute changes to be preserved across upgrades, as
1992 * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1993 */
1994static int
1995modctl_remdrv_cleanup(const char *u_drvname)
1996{
1997	struct walk_args *wargs;
1998	struct path_elem *pe;
1999	char *drvname;
2000	int err, rval = 0;
2001
2002	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
2003	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
2004		kmem_free(drvname, MAXMODCONFNAME);
2005		return (err);
2006	}
2007
2008	/*
2009	 * First go through the instance database.  For each
2010	 * instance of a device bound to the driver being
2011	 * removed, remove any underlying devfs attribute nodes.
2012	 *
2013	 * This is a two-step process.	First we go through
2014	 * the instance data itself, constructing a list of
2015	 * the nodes discovered.  The second step is then
2016	 * to find and remove any devfs attribute nodes
2017	 * for the instances discovered in the first step.
2018	 * The two-step process avoids any difficulties
2019	 * which could arise by holding the instance data
2020	 * lock with simultaneous devfs operations.
2021	 */
2022	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2023
2024	wargs->wa_drvname = drvname;
2025	list_create(&wargs->wa_pathlist,
2026	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2027
2028	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2029
2030	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2031	    pe = list_next(&wargs->wa_pathlist, pe)) {
2032		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2033		    (const char *)pe->pe_nodename);
2034		if (rval == 0)
2035			rval = err;
2036	}
2037
2038	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2039		list_remove(&wargs->wa_pathlist, pe);
2040		kmem_free(pe->pe_dir, pe->pe_dirlen);
2041		kmem_free(pe, sizeof (*pe));
2042	}
2043	kmem_free(wargs, sizeof (*wargs));
2044
2045	/*
2046	 * Pseudo nodes aren't recorded in the instance database
2047	 * so any such nodes need to be handled separately.
2048	 */
2049	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2050	if (rval == 0)
2051		rval = err;
2052
2053	kmem_free(drvname, MAXMODCONFNAME);
2054	return (rval);
2055}
2056
2057/*
2058 * Perform a cleanup of non-existent /devices attribute nodes,
2059 * similar to rem_drv -C, but for all drivers/devices.
2060 * This is also optional, performed as part of devfsadm -C.
2061 */
2062void
2063dev_devices_cleanup()
2064{
2065	struct walk_args *wargs;
2066	struct path_elem *pe;
2067	dev_info_t *devi;
2068	char *path;
2069	int err;
2070
2071	/*
2072	 * It's expected that all drivers have been loaded and
2073	 * module unloading disabled while performing cleanup.
2074	 */
2075	ASSERT(modunload_disable_count > 0);
2076
2077	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2078	wargs->wa_drvname = NULL;
2079	list_create(&wargs->wa_pathlist,
2080	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2081
2082	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2083
2084	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2085
2086	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2087	    pe = list_next(&wargs->wa_pathlist, pe)) {
2088		(void) snprintf(path, MAXPATHLEN, "%s/%s",
2089		    pe->pe_dir, pe->pe_nodename);
2090		devi = e_ddi_hold_devi_by_path(path, 0);
2091		if (devi != NULL) {
2092			ddi_release_devi(devi);
2093		} else {
2094			err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2095			    (const char *)pe->pe_nodename);
2096			if (err) {
2097				cmn_err(CE_CONT,
2098				    "devfs: %s: clean-up error %d\n",
2099				    path, err);
2100			}
2101		}
2102	}
2103
2104	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2105		list_remove(&wargs->wa_pathlist, pe);
2106		kmem_free(pe->pe_dir, pe->pe_dirlen);
2107		kmem_free(pe, sizeof (*pe));
2108	}
2109	kmem_free(wargs, sizeof (*wargs));
2110	kmem_free(path, MAXPATHLEN);
2111}
2112
2113static int
2114modctl_allocpriv(const char *name)
2115{
2116	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2117	int error;
2118
2119	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2120		kmem_free(pstr, PRIVNAME_MAX);
2121		return (error);
2122	}
2123	error = priv_getbyname(pstr, PRIV_ALLOC);
2124	if (error < 0)
2125		error = -error;
2126	else
2127		error = 0;
2128	kmem_free(pstr, PRIVNAME_MAX);
2129	return (error);
2130}
2131
2132static int
2133modctl_devexists(const char *upath, int pathlen)
2134{
2135	char	*path;
2136	int	ret;
2137
2138	/*
2139	 * copy in the path, including the terminating null
2140	 */
2141	pathlen++;
2142	if (pathlen <= 1 || pathlen > MAXPATHLEN)
2143		return (EINVAL);
2144	path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2145	if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2146		ret = sdev_modctl_devexists(path);
2147	}
2148
2149	kmem_free(path, pathlen + 1);
2150	return (ret);
2151}
2152
2153static int
2154modctl_devreaddir(const char *udir, int udirlen,
2155    char *upaths, int64_t *ulensp)
2156{
2157	char	*paths = NULL;
2158	char	**dirlist = NULL;
2159	char	*dir;
2160	int64_t	ulens;
2161	int64_t	lens;
2162	int	i, n;
2163	int	ret = 0;
2164	char	*p;
2165	int	npaths;
2166	int	npaths_alloc;
2167
2168	/*
2169	 * If upaths is NULL then we are only computing the amount of space
2170	 * needed to return the paths, with the value returned in *ulensp. If we
2171	 * are copying out paths then we get the amount of space allocated by
2172	 * the caller. If the actual space needed for paths is larger, or
2173	 * things are changing out from under us, then we return EAGAIN.
2174	 */
2175	if (upaths) {
2176		if (ulensp == NULL)
2177			return (EINVAL);
2178		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2179			return (EFAULT);
2180	}
2181
2182	/*
2183	 * copyin the /dev path including terminating null
2184	 */
2185	udirlen++;
2186	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2187		return (EINVAL);
2188	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2189	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2190		goto err;
2191
2192	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2193	    &npaths, &npaths_alloc, 0)) != 0) {
2194		ASSERT(dirlist == NULL);
2195		goto err;
2196	}
2197
2198	lens = 0;
2199	for (i = 0; i < npaths; i++) {
2200		lens += strlen(dirlist[i]) + 1;
2201	}
2202	lens++;		/* add one for double termination */
2203
2204	if (upaths) {
2205		if (lens > ulens) {
2206			ret = EAGAIN;
2207			goto out;
2208		}
2209
2210		paths = kmem_alloc(lens, KM_SLEEP);
2211
2212		p = paths;
2213		for (i = 0; i < npaths; i++) {
2214			n = strlen(dirlist[i]) + 1;
2215			bcopy(dirlist[i], p, n);
2216			p += n;
2217		}
2218		*p = 0;
2219
2220		if (copyout(paths, upaths, lens)) {
2221			ret = EFAULT;
2222			goto err;
2223		}
2224	}
2225
2226out:
2227	/* copy out the amount of space needed to hold the paths */
2228	if (copyout(&lens, ulensp, sizeof (lens)))
2229		ret = EFAULT;
2230
2231err:
2232	if (dirlist)
2233		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2234	if (paths)
2235		kmem_free(paths, lens);
2236	kmem_free(dir, udirlen + 1);
2237	return (ret);
2238}
2239
2240static int
2241modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2242{
2243	char	*dir;
2244	int	ret;
2245	char	**dirlist = NULL;
2246	int	npaths;
2247	int	npaths_alloc;
2248	int	empty;
2249
2250	/*
2251	 * copyin the /dev path including terminating null
2252	 */
2253	udirlen++;
2254	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2255		return (EINVAL);
2256	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2257	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2258		goto err;
2259
2260	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2261	    &npaths, &npaths_alloc, 1)) != 0) {
2262		goto err;
2263	}
2264
2265	empty = npaths ? 0 : 1;
2266	if (copyout(&empty, uempty, sizeof (empty)))
2267		ret = EFAULT;
2268
2269err:
2270	if (dirlist)
2271		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2272	kmem_free(dir, udirlen + 1);
2273	return (ret);
2274}
2275
2276static int
2277modctl_hp(int subcmd, const char *path, char *cn_name, uintptr_t arg,
2278    uintptr_t rval)
2279{
2280	int error = 0;
2281	size_t pathsz, namesz;
2282	char *devpath, *cn_name_str;
2283
2284	if (path == NULL)
2285		return (EINVAL);
2286
2287	devpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
2288	error = copyinstr(path, devpath, MAXPATHLEN, &pathsz);
2289	if (error != 0) {
2290		kmem_free(devpath, MAXPATHLEN);
2291		return (EFAULT);
2292	}
2293
2294	cn_name_str = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2295	error = copyinstr(cn_name, cn_name_str, MAXNAMELEN, &namesz);
2296	if (error != 0) {
2297		kmem_free(devpath, MAXPATHLEN);
2298		kmem_free(cn_name_str, MAXNAMELEN);
2299
2300		return (EFAULT);
2301	}
2302
2303	switch (subcmd) {
2304	case MODHPOPS_CHANGE_STATE:
2305		error = ddihp_modctl(DDI_HPOP_CN_CHANGE_STATE, devpath,
2306		    cn_name_str, arg, 0);
2307		break;
2308	case MODHPOPS_CREATE_PORT:
2309		/* Create an empty PORT */
2310		error = ddihp_modctl(DDI_HPOP_CN_CREATE_PORT, devpath,
2311		    cn_name_str, 0, 0);
2312		break;
2313	case MODHPOPS_REMOVE_PORT:
2314		/* Remove an empty PORT */
2315		error = ddihp_modctl(DDI_HPOP_CN_REMOVE_PORT, devpath,
2316		    cn_name_str, 0, 0);
2317		break;
2318	case MODHPOPS_BUS_GET:
2319		error = ddihp_modctl(DDI_HPOP_CN_GET_PROPERTY, devpath,
2320		    cn_name_str, arg, rval);
2321		break;
2322	case MODHPOPS_BUS_SET:
2323		error = ddihp_modctl(DDI_HPOP_CN_SET_PROPERTY, devpath,
2324		    cn_name_str, arg, rval);
2325		break;
2326	default:
2327		error = ENOTSUP;
2328		break;
2329	}
2330
2331	kmem_free(devpath, MAXPATHLEN);
2332	kmem_free(cn_name_str, MAXNAMELEN);
2333
2334	return (error);
2335}
2336
2337int
2338modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2339{
2340	int error = 0;
2341
2342	switch (subcmd) {
2343	case MODDEVNAME_LOOKUPDOOR:
2344		error = devname_filename_register((char *)a1);
2345		break;
2346	case MODDEVNAME_PROFILE:
2347		error = devname_profile_update((char *)a1, (size_t)a2);
2348		break;
2349	case MODDEVNAME_RECONFIG:
2350		i_ddi_set_reconfig();
2351		break;
2352	case MODDEVNAME_SYSAVAIL:
2353		i_ddi_set_sysavail();
2354		break;
2355	default:
2356		error = EINVAL;
2357		break;
2358	}
2359
2360	return (error);
2361}
2362
2363/*ARGSUSED5*/
2364int
2365modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2366    uintptr_t a5)
2367{
2368	int	error = EINVAL;
2369	dev_t	dev;
2370
2371	if (secpolicy_modctl(CRED(), cmd) != 0)
2372		return (set_errno(EPERM));
2373
2374	switch (cmd) {
2375	case MODLOAD:		/* load a module */
2376		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2377		break;
2378
2379	case MODUNLOAD:		/* unload a module */
2380		error = modctl_modunload((modid_t)a1);
2381		break;
2382
2383	case MODINFO:		/* get module status */
2384		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2385		break;
2386
2387	case MODRESERVED:	/* get last major number in range */
2388		error = modctl_modreserve((modid_t)a1, (int *)a2);
2389		break;
2390
2391	case MODSETMINIROOT:	/* we are running in miniroot */
2392		isminiroot = 1;
2393		error = 0;
2394		break;
2395
2396	case MODADDMAJBIND:	/* add major / driver alias bindings */
2397		error = modctl_add_driver_aliases((int *)a2);
2398		break;
2399
2400	case MODGETPATHLEN:	/* get modpath length */
2401		error = modctl_getmodpathlen((int *)a2);
2402		break;
2403
2404	case MODGETPATH:	/* get modpath */
2405		error = modctl_getmodpath((char *)a2);
2406		break;
2407
2408	case MODREADSYSBIND:	/* read system call binding file */
2409		error = modctl_read_sysbinding_file();
2410		break;
2411
2412	case MODGETMAJBIND:	/* get major number for named device */
2413		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2414		break;
2415
2416	case MODGETNAME:	/* get name of device given major number */
2417		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2418		break;
2419
2420	case MODDEVT2INSTANCE:
2421		if (get_udatamodel() == DATAMODEL_NATIVE) {
2422			dev = (dev_t)a1;
2423		}
2424#ifdef _SYSCALL32_IMPL
2425		else {
2426			dev = expldev(a1);
2427		}
2428#endif
2429		error = modctl_devt2instance(dev, (int *)a2);
2430		break;
2431
2432	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
2433		if (get_udatamodel() == DATAMODEL_NATIVE) {
2434			dev = (dev_t)a1;
2435		}
2436#ifdef _SYSCALL32_IMPL
2437		else {
2438			dev = expldev(a1);
2439		}
2440#endif
2441		error = modctl_sizeof_devid(dev, (uint_t *)a2);
2442		break;
2443
2444	case MODGETDEVID:	/* get device id of device given dev_t */
2445		if (get_udatamodel() == DATAMODEL_NATIVE) {
2446			dev = (dev_t)a1;
2447		}
2448#ifdef _SYSCALL32_IMPL
2449		else {
2450			dev = expldev(a1);
2451		}
2452#endif
2453		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2454		break;
2455
2456	case MODSIZEOF_MINORNAME:	/* sizeof minor nm (dev_t,spectype) */
2457		if (get_udatamodel() == DATAMODEL_NATIVE) {
2458			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2459			    (uint_t *)a3);
2460		}
2461#ifdef _SYSCALL32_IMPL
2462		else {
2463			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2464			    (uint_t *)a3);
2465		}
2466
2467#endif
2468		break;
2469
2470	case MODGETMINORNAME:		/* get minor name of (dev_t,spectype) */
2471		if (get_udatamodel() == DATAMODEL_NATIVE) {
2472			error = modctl_get_minorname((dev_t)a1, (int)a2,
2473			    (uint_t)a3, (char *)a4);
2474		}
2475#ifdef _SYSCALL32_IMPL
2476		else {
2477			error = modctl_get_minorname(expldev(a1), (int)a2,
2478			    (uint_t)a3, (char *)a4);
2479		}
2480#endif
2481		break;
2482
2483	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of (dev_t,spectype) */
2484		if (get_udatamodel() == DATAMODEL_NATIVE) {
2485			error = modctl_devfspath_len((dev_t)a1, (int)a2,
2486			    (uint_t *)a3);
2487		}
2488#ifdef _SYSCALL32_IMPL
2489		else {
2490			error = modctl_devfspath_len(expldev(a1), (int)a2,
2491			    (uint_t *)a3);
2492		}
2493
2494#endif
2495		break;
2496
2497	case MODGETDEVFSPATH:		/* get path name of (dev_t,spec) type */
2498		if (get_udatamodel() == DATAMODEL_NATIVE) {
2499			error = modctl_devfspath((dev_t)a1, (int)a2,
2500			    (uint_t)a3, (char *)a4);
2501		}
2502#ifdef _SYSCALL32_IMPL
2503		else {
2504			error = modctl_devfspath(expldev(a1), (int)a2,
2505			    (uint_t)a3, (char *)a4);
2506		}
2507#endif
2508		break;
2509
2510	case MODGETDEVFSPATH_MI_LEN:	/* sizeof path nm of (major,instance) */
2511		error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2512		    (uint_t *)a3);
2513		break;
2514
2515	case MODGETDEVFSPATH_MI:	/* get path name of (major,instance) */
2516		error = modctl_devfspath_mi((major_t)a1, (int)a2,
2517		    (uint_t)a3, (char *)a4);
2518		break;
2519
2520
2521	case MODEVENTS:
2522		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2523		break;
2524
2525	case MODGETFBNAME:	/* get the framebuffer name */
2526		error = modctl_get_fbname((char *)a1);
2527		break;
2528
2529	case MODREREADDACF:	/* reread dacf rule database from given file */
2530		error = modctl_reread_dacf((char *)a1);
2531		break;
2532
2533	case MODLOADDRVCONF:	/* load driver.conf file for major */
2534		error = modctl_load_drvconf((major_t)a1, (int)a2);
2535		break;
2536
2537	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
2538		error = modctl_unload_drvconf((major_t)a1);
2539		break;
2540
2541	case MODREMMAJBIND:	/* remove a major binding */
2542		error = modctl_rem_major((major_t)a1);
2543		break;
2544
2545	case MODREMDRVALIAS:	/* remove a major/alias binding */
2546		error = modctl_remove_driver_aliases((int *)a2);
2547		break;
2548
2549	case MODDEVID2PATHS:	/* get paths given devid */
2550		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2551		    (uint_t)a3, (size_t *)a4, (char *)a5);
2552		break;
2553
2554	case MODSETDEVPOLICY:	/* establish device policy */
2555		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2556		break;
2557
2558	case MODGETDEVPOLICY:	/* get device policy */
2559		error = devpolicy_get((int *)a1, (size_t)a2,
2560		    (devplcysys_t *)a3);
2561		break;
2562
2563	case MODALLOCPRIV:
2564		error = modctl_allocpriv((const char *)a1);
2565		break;
2566
2567	case MODGETDEVPOLICYBYNAME:
2568		error = devpolicy_getbyname((size_t)a1,
2569		    (devplcysys_t *)a2, (char *)a3);
2570		break;
2571
2572	case MODLOADMINORPERM:
2573	case MODADDMINORPERM:
2574	case MODREMMINORPERM:
2575		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2576		break;
2577
2578	case MODREMDRVCLEANUP:
2579		error = modctl_remdrv_cleanup((const char *)a1);
2580		break;
2581
2582	case MODDEVEXISTS:	/* non-reconfiguring /dev lookup */
2583		error = modctl_devexists((const char *)a1, (size_t)a2);
2584		break;
2585
2586	case MODDEVREADDIR:	/* non-reconfiguring /dev readdir */
2587		error = modctl_devreaddir((const char *)a1, (size_t)a2,
2588		    (char *)a3, (int64_t *)a4);
2589		break;
2590
2591	case MODDEVEMPTYDIR:	/* non-reconfiguring /dev emptydir */
2592		error = modctl_devemptydir((const char *)a1, (size_t)a2,
2593		    (int *)a3);
2594		break;
2595
2596	case MODDEVNAME:
2597		error = modctl_moddevname((int)a1, a2, a3);
2598		break;
2599
2600	case MODRETIRE:	/* retire device named by physpath a1 */
2601		error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2602		break;
2603
2604	case MODISRETIRED:  /* check if a device is retired. */
2605		error = modctl_is_retired((char *)a1, (int *)a2);
2606		break;
2607
2608	case MODUNRETIRE:	/* unretire device named by physpath a1 */
2609		error = modctl_unretire((char *)a1);
2610		break;
2611
2612	case MODHPOPS:	/* hotplug operations */
2613		/* device named by physpath a2 and Connection name a3 */
2614		error = modctl_hp((int)a1, (char *)a2, (char *)a3, a4, a5);
2615		break;
2616
2617	default:
2618		error = EINVAL;
2619		break;
2620	}
2621
2622	return (error ? set_errno(error) : 0);
2623}
2624
2625/*
2626 * Calls to kobj_load_module()() are handled off to this routine in a
2627 * separate thread.
2628 */
2629static void
2630modload_thread(struct loadmt *ltp)
2631{
2632	/* load the module and signal the creator of this thread */
2633	kmutex_t	cpr_lk;
2634	callb_cpr_t	cpr_i;
2635
2636	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2637	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2638	/* borrow the devi lock from thread which invoked us */
2639	pm_borrow_lock(ltp->owner);
2640	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2641	pm_return_lock();
2642	sema_v(&ltp->sema);
2643	mutex_enter(&cpr_lk);
2644	CALLB_CPR_EXIT(&cpr_i);
2645	mutex_destroy(&cpr_lk);
2646	thread_exit();
2647}
2648
2649/*
2650 * load a module, adding a reference if caller specifies rmodp.  If rmodp
2651 * is specified then an errno is returned, otherwise a module index is
2652 * returned (-1 on error).
2653 */
2654static int
2655modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2656{
2657	struct modctl *modp;
2658	size_t size;
2659	char *fullname;
2660	int retval = EINVAL;
2661	int id = -1;
2662
2663	if (rmodp)
2664		*rmodp = NULL;			/* avoid garbage */
2665
2666	if (subdir != NULL) {
2667		/*
2668		 * refuse / in filename to prevent "../" escapes.
2669		 */
2670		if (strchr(filename, '/') != NULL)
2671			return (rmodp ? retval : id);
2672
2673		/*
2674		 * allocate enough space for <subdir>/<filename><NULL>
2675		 */
2676		size = strlen(subdir) + strlen(filename) + 2;
2677		fullname = kmem_zalloc(size, KM_SLEEP);
2678		(void) sprintf(fullname, "%s/%s", subdir, filename);
2679	} else {
2680		fullname = (char *)filename;
2681	}
2682
2683	modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2684	if (modp != NULL) {
2685		id = modp->mod_id;
2686		if (rmodp) {
2687			/* add mod_ref and return *rmodp */
2688			mutex_enter(&mod_lock);
2689			modp->mod_ref++;
2690			mutex_exit(&mod_lock);
2691			*rmodp = modp;
2692		}
2693		mod_release_mod(modp);
2694		CPU_STATS_ADDQ(CPU, sys, modload, 1);
2695	}
2696
2697done:	if (subdir != NULL)
2698		kmem_free(fullname, size);
2699	return (rmodp ? retval : id);
2700}
2701
2702/*
2703 * This is the primary kernel interface to load a module. It loads and
2704 * installs the named module.  It does not hold mod_ref of the module, so
2705 * a module unload attempt can occur at any time - it is up to the
2706 * _fini/mod_remove implementation to determine if unload will succeed.
2707 */
2708int
2709modload(const char *subdir, const char *filename)
2710{
2711	return (modrload(subdir, filename, NULL));
2712}
2713
2714/*
2715 * Load a module using a series of qualified names from most specific to least
2716 * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2717 *			Value returned in *chosen
2718 * foo/bar.baz.1.2.3	3
2719 * foo/bar.baz.1.2	2
2720 * foo/bar.baz.1	1
2721 * foo/bar.baz		0
2722 *
2723 * Return the module ID on success; -1 if no module was loaded.  On success
2724 * and if 'chosen' is not NULL we also return the number of suffices that
2725 * were in the module we chose to load.
2726 */
2727int
2728modload_qualified(const char *subdir, const char *p1,
2729    const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2730{
2731	char path[MOD_MAXPATH];
2732	size_t n, resid = sizeof (path);
2733	char *p = path;
2734
2735	char **dotv;
2736	int i, rc, id;
2737	modctl_t *mp;
2738
2739	if (p2 != NULL)
2740		n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2741	else
2742		n = snprintf(p, resid, "%s/%s", subdir, p1);
2743
2744	if (n >= resid)
2745		return (-1);
2746
2747	p += n;
2748	resid -= n;
2749	dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2750
2751	for (i = 0; i < suffc; i++) {
2752		dotv[i] = p;
2753		n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2754
2755		if (n >= resid) {
2756			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2757			return (-1);
2758		}
2759
2760		p += n;
2761		resid -= n;
2762	}
2763
2764	dotv[suffc] = p;
2765
2766	for (i = suffc; i >= 0; i--) {
2767		dotv[i][0] = '\0';
2768		mp = mod_hold_installed_mod(path, 1, 1, &rc);
2769
2770		if (mp != NULL) {
2771			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2772			id = mp->mod_id;
2773			mod_release_mod(mp);
2774			if (chosen != NULL)
2775				*chosen = i;
2776			return (id);
2777		}
2778	}
2779
2780	kmem_free(dotv, sizeof (char *) * (suffc + 1));
2781	return (-1);
2782}
2783
2784/*
2785 * Load a module.
2786 */
2787int
2788modloadonly(const char *subdir, const char *filename)
2789{
2790	struct modctl *modp;
2791	char *fullname;
2792	size_t size;
2793	int id, retval;
2794
2795	if (subdir != NULL) {
2796		/*
2797		 * allocate enough space for <subdir>/<filename><NULL>
2798		 */
2799		size = strlen(subdir) + strlen(filename) + 2;
2800		fullname = kmem_zalloc(size, KM_SLEEP);
2801		(void) sprintf(fullname, "%s/%s", subdir, filename);
2802	} else {
2803		fullname = (char *)filename;
2804	}
2805
2806	id = -1;
2807	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2808	if (modp) {
2809		id = modp->mod_id;
2810		mod_release_mod(modp);
2811	}
2812
2813	if (subdir != NULL)
2814		kmem_free(fullname, size);
2815
2816	if (retval == 0)
2817		return (id);
2818	return (-1);
2819}
2820
2821/*
2822 * Try to uninstall and unload a module, removing a reference if caller
2823 * specifies rmodp.
2824 */
2825static int
2826modunrload(modid_t id, struct modctl **rmodp, int unload)
2827{
2828	struct modctl	*modp;
2829	int		retval;
2830
2831	if (rmodp)
2832		*rmodp = NULL;			/* avoid garbage */
2833
2834	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2835		return (EINVAL);
2836
2837	if (rmodp) {
2838		mutex_enter(&mod_lock);
2839		modp->mod_ref--;
2840		if (modp->mod_ref == 0)
2841			mod_uninstall_ref_zero++;
2842		mutex_exit(&mod_lock);
2843		*rmodp = modp;
2844	}
2845
2846	if (unload) {
2847		retval = moduninstall(modp);
2848		if (retval == 0) {
2849			mod_unload(modp);
2850			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2851		} else if (retval == EALREADY)
2852			retval = 0;	/* already unloaded, not an error */
2853	} else
2854		retval = 0;
2855
2856	mod_release_mod(modp);
2857	return (retval);
2858}
2859
2860/*
2861 * Uninstall and unload a module.
2862 */
2863int
2864modunload(modid_t id)
2865{
2866	int		retval;
2867
2868	/* synchronize with any active modunload_disable() */
2869	modunload_begin();
2870	if (ddi_root_node())
2871		(void) devfs_clean(ddi_root_node(), NULL, 0);
2872	retval = modunrload(id, NULL, 1);
2873	modunload_end();
2874	return (retval);
2875}
2876
2877/*
2878 * Return status of a loaded module.
2879 */
2880static int
2881modinfo(modid_t id, struct modinfo *modinfop)
2882{
2883	struct modctl	*modp;
2884	modid_t		mid;
2885	int		i;
2886
2887	mid = modinfop->mi_id;
2888	if (modinfop->mi_info & MI_INFO_ALL) {
2889		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2890			if ((modinfop->mi_info & MI_INFO_CNT) ||
2891			    modp->mod_installed)
2892				break;
2893			mod_release_mod(modp);
2894		}
2895		if (modp == NULL)
2896			return (EINVAL);
2897	} else {
2898		modp = mod_hold_by_id(id);
2899		if (modp == NULL)
2900			return (EINVAL);
2901		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2902		    (modp->mod_installed == 0)) {
2903			mod_release_mod(modp);
2904			return (EINVAL);
2905		}
2906	}
2907
2908	modinfop->mi_rev = 0;
2909	modinfop->mi_state = 0;
2910	for (i = 0; i < MODMAXLINK; i++) {
2911		modinfop->mi_msinfo[i].msi_p0 = -1;
2912		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2913	}
2914	if (modp->mod_loaded) {
2915		modinfop->mi_state = MI_LOADED;
2916		kobj_getmodinfo(modp->mod_mp, modinfop);
2917	}
2918	if (modp->mod_installed) {
2919		modinfop->mi_state |= MI_INSTALLED;
2920
2921		(void) mod_getinfo(modp, modinfop);
2922	}
2923
2924	modinfop->mi_id = modp->mod_id;
2925	modinfop->mi_loadcnt = modp->mod_loadcnt;
2926	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2927
2928	mod_release_mod(modp);
2929	return (0);
2930}
2931
2932static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2933static char no_err[] = "No error function for weak stub %s";
2934
2935/*
2936 * used by the stubs themselves to load and hold a module.
2937 * Returns  0 if the module is successfully held;
2938 *	    the stub needs to call mod_release_stub().
2939 *	    -1 if the stub should just call the err_fcn.
2940 * Note that this code is stretched out so that we avoid subroutine calls
2941 * and optimize for the most likely case.  That is, the case where the
2942 * module is loaded and installed and not held.  In that case we just inc
2943 * the mod_ref count and continue.
2944 */
2945int
2946mod_hold_stub(struct mod_stub_info *stub)
2947{
2948	struct modctl *mp;
2949	struct mod_modinfo *mip;
2950
2951	mip = stub->mods_modinfo;
2952
2953	mutex_enter(&mod_lock);
2954
2955	/* we do mod_hold_by_modctl inline for speed */
2956
2957mod_check_again:
2958	if ((mp = mip->mp) != NULL) {
2959		if (mp->mod_busy == 0) {
2960			if (mp->mod_installed) {
2961				/* increment the reference count */
2962				mp->mod_ref++;
2963				ASSERT(mp->mod_ref && mp->mod_installed);
2964				mutex_exit(&mod_lock);
2965				return (0);
2966			} else {
2967				mp->mod_busy = 1;
2968				mp->mod_inprogress_thread =
2969				    (curthread == NULL ?
2970				    (kthread_id_t)-1 : curthread);
2971			}
2972		} else {
2973			/*
2974			 * wait one time and then go see if someone
2975			 * else has resolved the stub (set mip->mp).
2976			 */
2977			if (mod_hold_by_modctl(mp,
2978			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2979				goto mod_check_again;
2980
2981			/*
2982			 * what we have now may have been unloaded!, in
2983			 * that case, mip->mp will be NULL, we'll hit this
2984			 * module and load again..
2985			 */
2986			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2987		}
2988		mutex_exit(&mod_lock);
2989	} else {
2990		/* first time we've hit this module */
2991		mutex_exit(&mod_lock);
2992		mp = mod_hold_by_name(mip->modm_module_name);
2993		mip->mp = mp;
2994	}
2995
2996	/*
2997	 * If we are here, it means that the following conditions
2998	 * are satisfied.
2999	 *
3000	 * mip->mp != NULL
3001	 * this thread has set the mp->mod_busy = 1
3002	 * mp->mod_installed = 0
3003	 *
3004	 */
3005	ASSERT(mp != NULL);
3006	ASSERT(mp->mod_busy == 1);
3007
3008	if (mp->mod_installed == 0) {
3009		/* Module not loaded, if weak stub don't load it */
3010		if (stub->mods_flag & MODS_WEAK) {
3011			if (stub->mods_errfcn == NULL) {
3012				mod_release_mod(mp);
3013				cmn_err(CE_PANIC, no_err,
3014				    mip->modm_module_name);
3015			}
3016		} else {
3017			/* Not a weak stub so load the module */
3018
3019			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
3020				/*
3021				 * If mod_load() was successful
3022				 * and modinstall() failed, then
3023				 * unload the module.
3024				 */
3025				if (mp->mod_loaded)
3026					mod_unload(mp);
3027
3028				mod_release_mod(mp);
3029				if (stub->mods_errfcn == NULL) {
3030					cmn_err(CE_PANIC, mod_stub_err,
3031					    mip->modm_module_name);
3032				} else {
3033					return (-1);
3034				}
3035			}
3036		}
3037	}
3038
3039	/*
3040	 * At this point module is held and loaded. Release
3041	 * the mod_busy and mod_inprogress_thread before
3042	 * returning. We actually call mod_release() here so
3043	 * that if another stub wants to access this module,
3044	 * it can do so. mod_ref is incremented before mod_release()
3045	 * is called to prevent someone else from snatching the
3046	 * module from this thread.
3047	 */
3048	mutex_enter(&mod_lock);
3049	mp->mod_ref++;
3050	ASSERT(mp->mod_ref &&
3051	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3052	mod_release(mp);
3053	mutex_exit(&mod_lock);
3054	return (0);
3055}
3056
3057void
3058mod_release_stub(struct mod_stub_info *stub)
3059{
3060	struct modctl *mp = stub->mods_modinfo->mp;
3061
3062	/* inline mod_release_mod */
3063	mutex_enter(&mod_lock);
3064	ASSERT(mp->mod_ref &&
3065	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3066	mp->mod_ref--;
3067	if (mp->mod_ref == 0)
3068		mod_uninstall_ref_zero++;
3069	if (mp->mod_want) {
3070		mp->mod_want = 0;
3071		cv_broadcast(&mod_cv);
3072	}
3073	mutex_exit(&mod_lock);
3074}
3075
3076static struct modctl *
3077mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
3078{
3079	struct modctl *modp;
3080	int retval;
3081
3082	/*
3083	 * Hold the module.
3084	 */
3085	modp = mod_hold_by_name_requisite(dep, filename);
3086	if (modp) {
3087		retval = mod_load(modp, 1);
3088		if (retval != 0) {
3089			mod_release_mod(modp);
3090			modp = NULL;
3091		}
3092		*status = retval;
3093	} else {
3094		*status = ENOSPC;
3095	}
3096
3097	/*
3098	 * if dep is not NULL, clear the module dependency information.
3099	 * This information is set in mod_hold_by_name_common().
3100	 */
3101	if (dep != NULL && dep->mod_requisite_loading != NULL) {
3102		ASSERT(dep->mod_busy);
3103		dep->mod_requisite_loading = NULL;
3104	}
3105
3106	return (modp);
3107}
3108
3109/*
3110 * hold, load, and install the named module
3111 */
3112static struct modctl *
3113mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3114{
3115	struct modctl *modp;
3116	int retval;
3117
3118	/*
3119	 * Verify that that module in question actually exists on disk
3120	 * before allocation of module structure by mod_hold_by_name.
3121	 */
3122	if (modrootloaded && swaploaded || forcecheck) {
3123		if (!kobj_path_exists(name, usepath)) {
3124			*r = ENOENT;
3125			return (NULL);
3126		}
3127	}
3128
3129	/*
3130	 * Hold the module.
3131	 */
3132	modp = mod_hold_by_name(name);
3133	if (modp) {
3134		retval = mod_load(modp, usepath);
3135		if (retval != 0) {
3136			mod_release_mod(modp);
3137			modp = NULL;
3138			*r = retval;
3139		} else {
3140			if ((*r = modinstall(modp)) != 0) {
3141				/*
3142				 * We loaded it, but failed to _init() it.
3143				 * Be kind to developers -- force it
3144				 * out of memory now so that the next
3145				 * attempt to use the module will cause
3146				 * a reload.  See 1093793.
3147				 */
3148				mod_unload(modp);
3149				mod_release_mod(modp);
3150				modp = NULL;
3151			}
3152		}
3153	} else {
3154		*r = ENOSPC;
3155	}
3156	return (modp);
3157}
3158
3159static char mod_excl_msg[] =
3160	"module %s(%s) is EXCLUDED and will not be loaded\n";
3161static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3162
3163/*
3164 * This routine is needed for dependencies.  Users specify dependencies
3165 * by declaring a character array initialized to filenames of dependents.
3166 * So the code that handles dependents deals with filenames (and not
3167 * module names) because that's all it has.  We load by filename and once
3168 * we've loaded a file we can get the module name.
3169 * Unfortunately there isn't a single unified filename/modulename namespace.
3170 * C'est la vie.
3171 *
3172 * We allow the name being looked up to be prepended by an optional
3173 * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3174 */
3175struct modctl *
3176mod_find_by_filename(char *subdir, char *filename)
3177{
3178	struct modctl	*mp;
3179	size_t		sublen;
3180
3181	ASSERT(!MUTEX_HELD(&mod_lock));
3182	if (subdir != NULL)
3183		sublen = strlen(subdir);
3184	else
3185		sublen = 0;
3186
3187	mutex_enter(&mod_lock);
3188	mp = &modules;
3189	do {
3190		if (sublen) {
3191			char *mod_filename = mp->mod_filename;
3192
3193			if (strncmp(subdir, mod_filename, sublen) == 0 &&
3194			    mod_filename[sublen] == '/' &&
3195			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3196				mutex_exit(&mod_lock);
3197				return (mp);
3198			}
3199		} else if (strcmp(filename, mp->mod_filename) == 0) {
3200			mutex_exit(&mod_lock);
3201			return (mp);
3202		}
3203	} while ((mp = mp->mod_next) != &modules);
3204	mutex_exit(&mod_lock);
3205	return (NULL);
3206}
3207
3208/*
3209 * Check for circular dependencies.  This is called from do_dependents()
3210 * in kobj.c.  If we are the thread already loading this module, then
3211 * we're trying to load a dependent that we're already loading which
3212 * means the user specified circular dependencies.
3213 */
3214static int
3215mod_circdep(struct modctl *modp)
3216{
3217	struct modctl	*rmod;
3218
3219	ASSERT(MUTEX_HELD(&mod_lock));
3220
3221	/*
3222	 * Check the mod_inprogress_thread first.
3223	 * mod_inprogress_thread is used in mod_hold_stub()
3224	 * directly to improve performance.
3225	 */
3226	if (modp->mod_inprogress_thread == curthread)
3227		return (1);
3228
3229	/*
3230	 * Check the module circular dependencies.
3231	 */
3232	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3233		/*
3234		 * Check if there is a module circular dependency.
3235		 */
3236		if (rmod->mod_requisite_loading == modp)
3237			return (1);
3238	}
3239	return (0);
3240}
3241
3242static int
3243mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3244{
3245	int (*func)(struct modinfo *);
3246	int retval;
3247
3248	ASSERT(modp->mod_busy);
3249
3250	/* primary modules don't do getinfo */
3251	if (modp->mod_prim)
3252		return (0);
3253
3254	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3255
3256	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3257		cmn_err(CE_WARN, "_info() not defined properly in %s",
3258		    modp->mod_filename);
3259		/*
3260		 * The semantics of mod_info(9F) are that 0 is failure
3261		 * and non-zero is success.
3262		 */
3263		retval = 0;
3264	} else
3265		retval = (*func)(modinfop);	/* call _info() function */
3266
3267	if (moddebug & MODDEBUG_USERDEBUG)
3268		printf("Returned from _info, retval = %x\n", retval);
3269
3270	return (retval);
3271}
3272
3273static void
3274modadd(struct modctl *mp)
3275{
3276	ASSERT(MUTEX_HELD(&mod_lock));
3277
3278	mp->mod_id = last_module_id++;
3279	mp->mod_next = &modules;
3280	mp->mod_prev = modules.mod_prev;
3281	modules.mod_prev->mod_next = mp;
3282	modules.mod_prev = mp;
3283}
3284
3285/*ARGSUSED*/
3286static struct modctl *
3287allocate_modp(const char *filename, const char *modname)
3288{
3289	struct modctl *mp;
3290
3291	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3292	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3293	(void) strcpy(mp->mod_modname, modname);
3294	return (mp);
3295}
3296
3297/*
3298 * Get the value of a symbol.  This is a wrapper routine that
3299 * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3300 * wrapper will prevent callers from noticing.
3301 */
3302uintptr_t
3303modgetsymvalue(char *name, int kernelonly)
3304{
3305	return (kobj_getsymvalue(name, kernelonly));
3306}
3307
3308/*
3309 * Get the symbol nearest an address.  This is a wrapper routine that
3310 * calls kobj_getsymname().  kobj_getsymname() may go away but this
3311 * wrapper will prevent callers from noticing.
3312 */
3313char *
3314modgetsymname(uintptr_t value, ulong_t *offset)
3315{
3316	return (kobj_getsymname(value, offset));
3317}
3318
3319/*
3320 * Lookup a symbol in a specified module.  These are wrapper routines that
3321 * call kobj_lookup().	kobj_lookup() may go away but these wrappers will
3322 * prevent callers from noticing.
3323 */
3324uintptr_t
3325modlookup(const char *modname, const char *symname)
3326{
3327	struct modctl *modp;
3328	uintptr_t val;
3329
3330	if ((modp = mod_hold_by_name(modname)) == NULL)
3331		return (0);
3332	val = kobj_lookup(modp->mod_mp, symname);
3333	mod_release_mod(modp);
3334	return (val);
3335}
3336
3337uintptr_t
3338modlookup_by_modctl(modctl_t *modp, const char *symname)
3339{
3340	ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3341
3342	return (kobj_lookup(modp->mod_mp, symname));
3343}
3344
3345/*
3346 * Ask the user for the name of the system file and the default path
3347 * for modules.
3348 */
3349void
3350mod_askparams()
3351{
3352	static char s0[64];
3353	intptr_t fd;
3354
3355	if ((fd = kobj_open(systemfile)) != -1L)
3356		kobj_close(fd);
3357	else
3358		systemfile = self_assembly = NULL;
3359
3360	/*CONSTANTCONDITION*/
3361	while (1) {
3362		printf("Name of system file [%s]:  ",
3363		    systemfile ? systemfile : "/dev/null");
3364
3365		console_gets(s0, sizeof (s0));
3366
3367		if (s0[0] == '\0')
3368			break;
3369		else if (strcmp(s0, "/dev/null") == 0) {
3370			systemfile = self_assembly = NULL;
3371			break;
3372		} else {
3373			if ((fd = kobj_open(s0)) != -1L) {
3374				kobj_close(fd);
3375				systemfile = s0;
3376				self_assembly = NULL;
3377				break;
3378			}
3379		}
3380		printf("can't find file %s\n", s0);
3381	}
3382}
3383
3384static char loading_msg[] = "loading '%s' id %d\n";
3385static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3386
3387/*
3388 * Common code for loading a module (but not installing it).
3389 * Handoff the task of module loading to a separate thread
3390 * with a large stack if possible, since this code may recurse a few times.
3391 * Return zero if there are no errors or an errno value.
3392 */
3393static int
3394mod_load(struct modctl *mp, int usepath)
3395{
3396	int		retval;
3397	struct modinfo	*modinfop = NULL;
3398	struct loadmt	lt;
3399
3400	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3401	ASSERT(mp->mod_busy);
3402
3403	if (mp->mod_loaded)
3404		return (0);
3405
3406	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3407	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3408		if (moddebug & MODDEBUG_LOADMSG) {
3409			printf(mod_excl_msg, mp->mod_filename,
3410			    mp->mod_modname);
3411		}
3412		return (ENXIO);
3413	}
3414	if (moddebug & MODDEBUG_LOADMSG2)
3415		printf(loading_msg, mp->mod_filename, mp->mod_id);
3416
3417	if (curthread != &t0) {
3418		lt.mp = mp;
3419		lt.usepath = usepath;
3420		lt.owner = curthread;
3421		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3422
3423		/* create thread to hand of call to */
3424		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
3425		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3426
3427		/* wait for thread to complete kobj_load_module */
3428		sema_p(&lt.sema);
3429
3430		sema_destroy(&lt.sema);
3431		retval = lt.retval;
3432	} else
3433		retval = kobj_load_module(mp, usepath);
3434
3435	if (mp->mod_mp) {
3436		ASSERT(retval == 0);
3437		mp->mod_loaded = 1;
3438		mp->mod_loadcnt++;
3439		if (moddebug & MODDEBUG_LOADMSG) {
3440			printf(load_msg, mp->mod_filename, mp->mod_id,
3441			    (void *)((struct module *)mp->mod_mp)->text,
3442			    (void *)((struct module *)mp->mod_mp)->data,
3443			    ((struct module *)mp->mod_mp)->text_size,
3444			    ((struct module *)mp->mod_mp)->data_size);
3445		}
3446
3447		/*
3448		 * XXX - There should be a better way to get this.
3449		 */
3450		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3451		modinfop->mi_info = MI_INFO_LINKAGE;
3452		if (mod_getinfo(mp, modinfop) == 0)
3453			mp->mod_linkage = NULL;
3454		else {
3455			mp->mod_linkage = (void *)modinfop->mi_base;
3456			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3457		}
3458
3459		/*
3460		 * DCS: bootstrapping code. If the driver is loaded
3461		 * before root mount, it is assumed that the driver
3462		 * may be used before mounting root. In order to
3463		 * access mappings of global to local minor no.'s
3464		 * during installation/open of the driver, we load
3465		 * them into memory here while the BOP_interfaces
3466		 * are still up.
3467		 */
3468		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3469			retval = clboot_modload(mp);
3470		}
3471
3472		kmem_free(modinfop, sizeof (struct modinfo));
3473		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3474		retval = install_stubs_by_name(mp, mp->mod_modname);
3475
3476		/*
3477		 * Perform hotinlines before module is started.
3478		 */
3479		do_hotinlines(mp->mod_mp);
3480
3481		/*
3482		 * Now that the module is loaded, we need to give DTrace
3483		 * a chance to notify its providers.  This is done via
3484		 * the dtrace_modload function pointer.
3485		 */
3486		if (strcmp(mp->mod_modname, "dtrace") != 0) {
3487			struct modctl *dmp = mod_hold_by_name("dtrace");
3488
3489			if (dmp != NULL && dtrace_modload != NULL)
3490				(*dtrace_modload)(mp);
3491
3492			mod_release_mod(dmp);
3493		}
3494
3495	} else {
3496		/*
3497		 * If load failed then we need to release any requisites
3498		 * that we had established.
3499		 */
3500		ASSERT(retval);
3501		mod_release_requisites(mp);
3502
3503		if (moddebug & MODDEBUG_ERRMSG)
3504			printf("error loading '%s', error %d\n",
3505			    mp->mod_filename, retval);
3506	}
3507	return (retval);
3508}
3509
3510static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3511
3512static void
3513mod_unload(struct modctl *mp)
3514{
3515	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3516	ASSERT(mp->mod_busy);
3517	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3518	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3519
3520	if (moddebug & MODDEBUG_LOADMSG)
3521		printf(unload_msg, mp->mod_modname,
3522		    mp->mod_id, mp->mod_loadcnt);
3523
3524	/*
3525	 * If mod_ref is not zero, it means some modules might still refer
3526	 * to this module. Then you can't unload this module right now.
3527	 * Instead, set 1 to mod_delay_unload to notify the system of
3528	 * unloading this module later when it's not required any more.
3529	 */
3530	if (mp->mod_ref > 0) {
3531		mp->mod_delay_unload = 1;
3532		if (moddebug & MODDEBUG_LOADMSG2) {
3533			printf("module %s not unloaded,"
3534			    " non-zero reference count (%d)",
3535			    mp->mod_modname, mp->mod_ref);
3536		}
3537		return;
3538	}
3539
3540	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3541	    (mp->mod_ref || mp->mod_prim)) {
3542		/*
3543		 * A DEBUG kernel would ASSERT panic above, the code is broken
3544		 * if we get this warning.
3545		 */
3546		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3547		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3548		    mp->mod_ref);
3549		return;
3550	}
3551
3552	/* reset stub functions to call the binder again */
3553	reset_stubs(mp);
3554
3555	/*
3556	 * mark module as unloaded before the modctl structure is freed.
3557	 * This is required not to reuse the modctl structure before
3558	 * the module is marked as unloaded.
3559	 */
3560	mp->mod_loaded = 0;
3561	mp->mod_linkage = NULL;
3562
3563	/* free the memory */
3564	kobj_unload_module(mp);
3565
3566	if (mp->mod_delay_unload) {
3567		mp->mod_delay_unload = 0;
3568		if (moddebug & MODDEBUG_LOADMSG2) {
3569			printf("deferred unload of module %s"
3570			    " (id %d) successful",
3571			    mp->mod_modname, mp->mod_id);
3572		}
3573	}
3574
3575	/* release hold on requisites */
3576	mod_release_requisites(mp);
3577
3578	/*
3579	 * Now that the module is gone, we need to give DTrace a chance to
3580	 * remove any probes that it may have had in the module.  This is
3581	 * done via the dtrace_modunload function pointer.
3582	 */
3583	if (strcmp(mp->mod_modname, "dtrace") != 0) {
3584		struct modctl *dmp = mod_hold_by_name("dtrace");
3585
3586		if (dmp != NULL && dtrace_modunload != NULL)
3587			(*dtrace_modunload)(mp);
3588
3589		mod_release_mod(dmp);
3590	}
3591}
3592
3593static int
3594modinstall(struct modctl *mp)
3595{
3596	int val;
3597	int (*func)(void);
3598
3599	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3600	ASSERT(mp->mod_busy && mp->mod_loaded);
3601
3602	if (mp->mod_installed)
3603		return (0);
3604	/*
3605	 * If mod_delay_unload is on, it means the system chose the deferred
3606	 * unload for this module. Then you can't install this module until
3607	 * it's unloaded from the system.
3608	 */
3609	if (mp->mod_delay_unload)
3610		return (ENXIO);
3611
3612	if (moddebug & MODDEBUG_LOADMSG)
3613		printf("installing %s, module id %d.\n",
3614		    mp->mod_modname, mp->mod_id);
3615
3616	ASSERT(mp->mod_mp != NULL);
3617	if (mod_install_requisites(mp) != 0) {
3618		/*
3619		 * Note that we can't call mod_unload(mp) here since
3620		 * if modinstall() was called by mod_install_requisites(),
3621		 * we won't be able to hold the dependent modules
3622		 * (otherwise there would be a deadlock).
3623		 */
3624		return (ENXIO);
3625	}
3626
3627	if (moddebug & MODDEBUG_ERRMSG) {
3628		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3629		    mp->mod_filename, mp->mod_id,
3630		    (void *)((struct module *)mp->mod_mp)->text,
3631		    (void *)((struct module *)mp->mod_mp)->data,
3632		    ((struct module *)mp->mod_mp)->text_size,
3633		    ((struct module *)mp->mod_mp)->data_size);
3634	}
3635
3636	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3637
3638	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3639		cmn_err(CE_WARN, "_init() not defined properly in %s",
3640		    mp->mod_filename);
3641		return (EFAULT);
3642	}
3643
3644	if (moddebug & MODDEBUG_USERDEBUG) {
3645		printf("breakpoint before calling %s:_init()\n",
3646		    mp->mod_modname);
3647		if (DEBUGGER_PRESENT)
3648			debug_enter("_init");
3649	}
3650
3651	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3652	ASSERT(mp->mod_busy && mp->mod_loaded);
3653	val = (*func)();		/* call _init */
3654
3655	if (moddebug & MODDEBUG_USERDEBUG)
3656		printf("Returned from _init, val = %x\n", val);
3657
3658	if (val == 0) {
3659		/*
3660		 * Set the MODS_INSTALLED flag to enable this module
3661		 * being called now.
3662		 */
3663		install_stubs(mp);
3664		mp->mod_installed = 1;
3665	} else if (moddebug & MODDEBUG_ERRMSG)
3666		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3667
3668	return (val);
3669}
3670
3671int	detach_driver_unconfig = 0;
3672
3673static int
3674detach_driver(char *name)
3675{
3676	major_t major;
3677	int error;
3678
3679	/*
3680	 * If being called from mod_uninstall_all() then the appropriate
3681	 * driver detaches (leaf only) have already been done.
3682	 */
3683	if (mod_in_autounload())
3684		return (0);
3685
3686	major = ddi_name_to_major(name);
3687	if (major == DDI_MAJOR_T_NONE)
3688		return (0);
3689
3690	error = ndi_devi_unconfig_driver(ddi_root_node(),
3691	    NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3692	return (error == NDI_SUCCESS ? 0 : -1);
3693}
3694
3695static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3696
3697static int
3698moduninstall(struct modctl *mp)
3699{
3700	int status = 0;
3701	int (*func)(void);
3702
3703	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3704	ASSERT(mp->mod_busy);
3705
3706	/*
3707	 * Verify that we need to do something and can uninstall the module.
3708	 *
3709	 * If we should not uninstall the module or if the module is not in
3710	 * the correct state to start an uninstall we return EBUSY to prevent
3711	 * us from progressing to mod_unload.  If the module has already been
3712	 * uninstalled and unloaded we return EALREADY.
3713	 */
3714	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3715		return (EBUSY);
3716	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3717		return (EALREADY);
3718
3719	/*
3720	 * To avoid devinfo / module deadlock we must release this module
3721	 * prior to initiating the detach_driver, otherwise the detach_driver
3722	 * might deadlock on a devinfo node held by another thread
3723	 * coming top down and involving the module we have locked.
3724	 *
3725	 * When we regrab the module we must reverify that it is OK
3726	 * to proceed with the uninstall operation.
3727	 */
3728	mod_release_mod(mp);
3729	status = detach_driver(mp->mod_modname);
3730	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3731
3732	/* check detach status and reverify state with lock */
3733	mutex_enter(&mod_lock);
3734	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3735		mutex_exit(&mod_lock);
3736		return (EBUSY);
3737	}
3738	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3739		mutex_exit(&mod_lock);
3740		return (EALREADY);
3741	}
3742	mutex_exit(&mod_lock);
3743
3744	if (moddebug & MODDEBUG_LOADMSG2)
3745		printf("uninstalling %s\n", mp->mod_modname);
3746
3747	/*
3748	 * lookup _fini, return EBUSY if not defined.
3749	 *
3750	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3751	 * detach(9E) - it allows bufctl addresses to be resolved.
3752	 */
3753	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3754	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3755	    (moddebug & MODDEBUG_FINI_EBUSY))
3756		return (EBUSY);
3757
3758	/* verify that _fini is in this module */
3759	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3760		cmn_err(CE_WARN, "_fini() not defined properly in %s",
3761		    mp->mod_filename);
3762		return (EFAULT);
3763	}
3764
3765	/* call _fini() */
3766	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3767	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3768
3769	status = (*func)();
3770
3771	if (status == 0) {
3772		/* _fini returned success, the module is no longer installed */
3773		if (moddebug & MODDEBUG_LOADMSG)
3774			printf("uninstalled %s\n", mp->mod_modname);
3775
3776		/*
3777		 * Even though we only set mod_installed to zero here, a zero
3778		 * return value means we are committed to a code path were
3779		 * mod_loaded will also end up as zero - we have no other
3780		 * way to get the module data and bss back to the pre _init
3781		 * state except a reload. To ensure this, after return,
3782		 * mod_busy must stay set until mod_loaded is cleared.
3783		 */
3784		mp->mod_installed = 0;
3785
3786		/*
3787		 * Clear the MODS_INSTALLED flag not to call functions
3788		 * in the module directly from now on.
3789		 */
3790		uninstall_stubs(mp);
3791	} else {
3792		if (moddebug & MODDEBUG_USERDEBUG)
3793			printf(finiret_msg, mp->mod_filename, status);
3794		/*
3795		 * By definition _fini is only allowed to return EBUSY or the
3796		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
3797		 * that a driver returns EALREADY we convert this to EINVAL
3798		 * since to our caller EALREADY means module was already
3799		 * removed.
3800		 */
3801		if (status == EALREADY)
3802			status = EINVAL;
3803	}
3804
3805	return (status);
3806}
3807
3808/*
3809 * Uninstall all modules.
3810 */
3811static void
3812mod_uninstall_all(void)
3813{
3814	struct modctl	*mp;
3815	int		pass;
3816	modid_t		modid;
3817
3818	/* synchronize with any active modunload_disable() */
3819	modunload_begin();
3820
3821	/* mark this thread as doing autounloading */
3822	(void) tsd_set(mod_autounload_key, (void *)1);
3823
3824	(void) devfs_clean(ddi_root_node(), NULL, 0);
3825	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3826
3827	/*
3828	 * Loop up to max times if we keep producing unreferenced modules.
3829	 * A new unreferenced module is an opportunity to unload.
3830	 */
3831	for (pass = 0; pass < mod_uninstall_pass_max; pass++) {
3832
3833		/* zero count of modules that go unreferenced during pass */
3834		mod_uninstall_ref_zero = 0;
3835
3836		modid = 0;
3837		while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3838			modid = mp->mod_id;
3839
3840			/*
3841			 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3842			 */
3843			if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3844				mod_release_mod(mp);
3845				continue;
3846			}
3847
3848			if (moduninstall(mp) == 0) {
3849				mod_unload(mp);
3850				CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3851			}
3852			mod_release_mod(mp);
3853		}
3854
3855		/* break if no modules went unreferenced during pass */
3856		if (mod_uninstall_ref_zero == 0)
3857			break;
3858	}
3859	if (pass >= mod_uninstall_pass_max)
3860		mod_uninstall_pass_exc++;
3861
3862	(void) tsd_set(mod_autounload_key, NULL);
3863	modunload_end();
3864}
3865
3866/* wait for unloads that have begun before registering disable */
3867void
3868modunload_disable(void)
3869{
3870	mutex_enter(&modunload_wait_mutex);
3871	while (modunload_active_count) {
3872		modunload_wait++;
3873		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3874		modunload_wait--;
3875	}
3876	modunload_disable_count++;
3877	mutex_exit(&modunload_wait_mutex);
3878}
3879
3880/* mark end of disable and signal waiters */
3881void
3882modunload_enable(void)
3883{
3884	mutex_enter(&modunload_wait_mutex);
3885	modunload_disable_count--;
3886	if ((modunload_disable_count == 0) && modunload_wait)
3887		cv_broadcast(&modunload_wait_cv);
3888	mutex_exit(&modunload_wait_mutex);
3889}
3890
3891/* wait for disables to complete before begining unload */
3892void
3893modunload_begin()
3894{
3895	mutex_enter(&modunload_wait_mutex);
3896	while (modunload_disable_count) {
3897		modunload_wait++;
3898		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3899		modunload_wait--;
3900	}
3901	modunload_active_count++;
3902	mutex_exit(&modunload_wait_mutex);
3903}
3904
3905/* mark end of unload and signal waiters */
3906void
3907modunload_end()
3908{
3909	mutex_enter(&modunload_wait_mutex);
3910	modunload_active_count--;
3911	if ((modunload_active_count == 0) && modunload_wait)
3912		cv_broadcast(&modunload_wait_cv);
3913	mutex_exit(&modunload_wait_mutex);
3914}
3915
3916void
3917mod_uninstall_daemon(void)
3918{
3919	callb_cpr_t	cprinfo;
3920	clock_t		ticks;
3921
3922	mod_aul_thread = curthread;
3923
3924	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3925	for (;;) {
3926		mutex_enter(&mod_uninstall_lock);
3927		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3928		/*
3929		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3930		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3931		 * be disabled by setting mod_uninstall_interval to 0 which is
3932		 * the default for a non-DEBUG kernel.
3933		 */
3934		if (mod_uninstall_interval) {
3935			ticks = drv_usectohz(mod_uninstall_interval * 1000000);
3936			(void) cv_reltimedwait(&mod_uninstall_cv,
3937			    &mod_uninstall_lock, ticks, TR_CLOCK_TICK);
3938		} else {
3939			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3940		}
3941		/*
3942		 * The whole daemon is safe for CPR except we don't want
3943		 * the daemon to run if FREEZE is issued and this daemon
3944		 * wakes up from the cv_wait above. In this case, it'll be
3945		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3946		 *
3947		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3948		 * mod_uninstall_lock is used to protect cprinfo and
3949		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3950		 * called.
3951		 */
3952		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3953		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3954		mutex_exit(&mod_uninstall_lock);
3955		if ((modunload_disable_count == 0) &&
3956		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3957			mod_uninstall_all();
3958		}
3959	}
3960}
3961
3962/*
3963 * Unload all uninstalled modules.
3964 */
3965void
3966modreap(void)
3967{
3968	mutex_enter(&mod_uninstall_lock);
3969	cv_broadcast(&mod_uninstall_cv);
3970	mutex_exit(&mod_uninstall_lock);
3971}
3972
3973/*
3974 * Hold the specified module. This is the module holding primitive.
3975 *
3976 * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3977 *
3978 * Return values:
3979 *	 0 ==> the module is held
3980 *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3981 *		to determine how to retry.
3982 */
3983int
3984mod_hold_by_modctl(struct modctl *mp, int f)
3985{
3986	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3987	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3988	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3989	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3990	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3991	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3992	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3993
3994	if (f & MOD_LOCK_NOT_HELD)
3995		mutex_enter(&mod_lock);
3996
3997	while (mp->mod_busy) {
3998		mp->mod_want = 1;
3999		cv_wait(&mod_cv, &mod_lock);
4000		/*
4001		 * Module may be unloaded by daemon.
4002		 * Nevertheless, modctl structure is still in linked list
4003		 * (i.e., off &modules), not freed!
4004		 * Caller is not supposed to assume "mp" is valid, but there
4005		 * is no reasonable way to detect this but using
4006		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
4007		 *   (or similar check depending on calling context)
4008		 * DON'T free modctl structure, it will be very very
4009		 * problematic.
4010		 */
4011		if (f & MOD_WAIT_ONCE) {
4012			if (f & MOD_LOCK_NOT_HELD)
4013				mutex_exit(&mod_lock);
4014			return (1);	/* caller decides how to retry */
4015		}
4016	}
4017
4018	mp->mod_busy = 1;
4019	mp->mod_inprogress_thread =
4020	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
4021
4022	if (f & MOD_LOCK_NOT_HELD)
4023		mutex_exit(&mod_lock);
4024	return (0);
4025}
4026
4027static struct modctl *
4028mod_hold_by_name_common(struct modctl *dep, const char *filename)
4029{
4030	const char	*modname;
4031	struct modctl	*mp;
4032	char		*curname, *newname;
4033	int		found = 0;
4034
4035	mutex_enter(&mod_lock);
4036
4037	if ((modname = strrchr(filename, '/')) == NULL)
4038		modname = filename;
4039	else
4040		modname++;
4041
4042	mp = &modules;
4043	do {
4044		if (strcmp(modname, mp->mod_modname) == 0) {
4045			found = 1;
4046			break;
4047		}
4048	} while ((mp = mp->mod_next) != &modules);
4049
4050	if (found == 0) {
4051		mp = allocate_modp(filename, modname);
4052		modadd(mp);
4053	}
4054
4055	/*
4056	 * if dep is not NULL, set the mp in mod_requisite_loading for
4057	 * the module circular dependency check. This field is used in
4058	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
4059	 */
4060	if (dep != NULL) {
4061		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
4062		dep->mod_requisite_loading = mp;
4063	}
4064
4065	/*
4066	 * If the module was held, then it must be us who has it held.
4067	 */
4068	if (mod_circdep(mp))
4069		mp = NULL;
4070	else {
4071		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4072
4073		/*
4074		 * If the name hadn't been set or has changed, allocate
4075		 * space and set it.  Free space used by previous name.
4076		 *
4077		 * Do not change the name of primary modules, for primary
4078		 * modules the mod_filename was allocated in standalone mode:
4079		 * it is illegal to kobj_alloc in standalone mode and kobj_free
4080		 * in non-standalone mode.
4081		 */
4082		curname = mp->mod_filename;
4083		if (curname == NULL ||
4084		    ((mp->mod_prim == 0) &&
4085		    (curname != filename) &&
4086		    (modname != filename) &&
4087		    (strcmp(curname, filename) != 0))) {
4088			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
4089			(void) strcpy(newname, filename);
4090			mp->mod_filename = newname;
4091			if (curname != NULL)
4092				kobj_free(curname, strlen(curname) + 1);
4093		}
4094	}
4095
4096	mutex_exit(&mod_lock);
4097	if (mp && moddebug & MODDEBUG_LOADMSG2)
4098		printf("Holding %s\n", mp->mod_filename);
4099	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
4100		printf("circular dependency loading %s\n", filename);
4101	return (mp);
4102}
4103
4104static struct modctl *
4105mod_hold_by_name_requisite(struct modctl *dep, char *filename)
4106{
4107	return (mod_hold_by_name_common(dep, filename));
4108}
4109
4110struct modctl *
4111mod_hold_by_name(const char *filename)
4112{
4113	return (mod_hold_by_name_common(NULL, filename));
4114}
4115
4116struct modctl *
4117mod_hold_by_id(modid_t modid)
4118{
4119	struct modctl	*mp;
4120	int		found = 0;
4121
4122	mutex_enter(&mod_lock);
4123	mp = &modules;
4124	do {
4125		if (mp->mod_id == modid) {
4126			found = 1;
4127			break;
4128		}
4129	} while ((mp = mp->mod_next) != &modules);
4130
4131	if ((found == 0) || mod_circdep(mp))
4132		mp = NULL;
4133	else
4134		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4135
4136	mutex_exit(&mod_lock);
4137	return (mp);
4138}
4139
4140static struct modctl *
4141mod_hold_next_by_id(modid_t modid)
4142{
4143	struct modctl	*mp;
4144	int		found = 0;
4145
4146	if (modid < -1)
4147		return (NULL);
4148
4149	mutex_enter(&mod_lock);
4150
4151	mp = &modules;
4152	do {
4153		if (mp->mod_id > modid) {
4154			found = 1;
4155			break;
4156		}
4157	} while ((mp = mp->mod_next) != &modules);
4158
4159	if ((found == 0) || mod_circdep(mp))
4160		mp = NULL;
4161	else
4162		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4163
4164	mutex_exit(&mod_lock);
4165	return (mp);
4166}
4167
4168static void
4169mod_release(struct modctl *mp)
4170{
4171	ASSERT(MUTEX_HELD(&mod_lock));
4172	ASSERT(mp->mod_busy);
4173
4174	mp->mod_busy = 0;
4175	mp->mod_inprogress_thread = NULL;
4176	if (mp->mod_want) {
4177		mp->mod_want = 0;
4178		cv_broadcast(&mod_cv);
4179	}
4180}
4181
4182void
4183mod_release_mod(struct modctl *mp)
4184{
4185	if (moddebug & MODDEBUG_LOADMSG2)
4186		printf("Releasing %s\n", mp->mod_filename);
4187	mutex_enter(&mod_lock);
4188	mod_release(mp);
4189	mutex_exit(&mod_lock);
4190}
4191
4192modid_t
4193mod_name_to_modid(char *filename)
4194{
4195	char		*modname;
4196	struct modctl	*mp;
4197
4198	mutex_enter(&mod_lock);
4199
4200	if ((modname = strrchr(filename, '/')) == NULL)
4201		modname = filename;
4202	else
4203		modname++;
4204
4205	mp = &modules;
4206	do {
4207		if (strcmp(modname, mp->mod_modname) == 0) {
4208			mutex_exit(&mod_lock);
4209			return (mp->mod_id);
4210		}
4211	} while ((mp = mp->mod_next) != &modules);
4212
4213	mutex_exit(&mod_lock);
4214	return (-1);
4215}
4216
4217
4218int
4219mod_remove_by_name(char *name)
4220{
4221	struct modctl *mp;
4222	int retval;
4223
4224	mp = mod_hold_by_name(name);
4225
4226	if (mp == NULL)
4227		return (EINVAL);
4228
4229	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4230		/*
4231		 * Do not unload forceloaded modules
4232		 */
4233		mod_release_mod(mp);
4234		return (0);
4235	}
4236
4237	if ((retval = moduninstall(mp)) == 0) {
4238		mod_unload(mp);
4239		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4240	} else if (retval == EALREADY)
4241		retval = 0;		/* already unloaded, not an error */
4242	mod_release_mod(mp);
4243	return (retval);
4244}
4245
4246/*
4247 * Record that module "dep" is dependent on module "on_mod."
4248 */
4249static void
4250mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4251{
4252	struct modctl_list **pmlnp;	/* previous next pointer */
4253	struct modctl_list *mlp;
4254	struct modctl_list *new;
4255
4256	ASSERT(dependent->mod_busy && on_mod->mod_busy);
4257	mutex_enter(&mod_lock);
4258
4259	/*
4260	 * Search dependent's requisite list to see if on_mod is recorded.
4261	 * List is ordered by id.
4262	 */
4263	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4264	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4265		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4266			break;
4267
4268	/* Create and insert if not already recorded */
4269	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4270		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4271		new->modl_modp = on_mod;
4272		new->modl_next = mlp;
4273		*pmlnp = new;
4274
4275		/*
4276		 * Increment the mod_ref count in our new requisite module.
4277		 * This is what keeps a module that has other modules
4278		 * which are dependent on it from being uninstalled and
4279		 * unloaded. "on_mod"'s mod_ref count decremented in
4280		 * mod_release_requisites when the "dependent" module
4281		 * unload is complete.	"on_mod" must be loaded, but may not
4282		 * yet be installed.
4283		 */
4284		on_mod->mod_ref++;
4285		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4286	}
4287
4288	mutex_exit(&mod_lock);
4289}
4290
4291/*
4292 * release the hold associated with mod_make_requisite mod_ref++
4293 * as part of unload.
4294 */
4295void
4296mod_release_requisites(struct modctl *modp)
4297{
4298	struct modctl_list *modl;
4299	struct modctl_list *next;
4300	struct modctl *req;
4301	struct modctl_list *start = NULL, *mod_garbage;
4302
4303	ASSERT(!quiesce_active);
4304	ASSERT(modp->mod_busy);
4305	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4306
4307	mutex_enter(&mod_lock);		/* needed for manipulation of req */
4308	for (modl = modp->mod_requisites; modl; modl = next) {
4309		next = modl->modl_next;
4310		req = modl->modl_modp;
4311		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4312		req->mod_ref--;
4313		if (req->mod_ref == 0)
4314			mod_uninstall_ref_zero++;
4315
4316		/*
4317		 * Check if the module has to be unloaded or not.
4318		 */
4319		if (req->mod_ref == 0 && req->mod_delay_unload) {
4320			struct modctl_list *new;
4321			/*
4322			 * Allocate the modclt_list holding the garbage
4323			 * module which should be unloaded later.
4324			 */
4325			new = kobj_zalloc(sizeof (struct modctl_list),
4326			    KM_SLEEP);
4327			new->modl_modp = req;
4328
4329			if (start == NULL)
4330				mod_garbage = start = new;
4331			else {
4332				mod_garbage->modl_next = new;
4333				mod_garbage = new;
4334			}
4335		}
4336
4337		/* free the list as we go */
4338		kobj_free(modl, sizeof (*modl));
4339	}
4340	modp->mod_requisites = NULL;
4341	mutex_exit(&mod_lock);
4342
4343	/*
4344	 * Unload the garbage modules.
4345	 */
4346	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4347		struct modctl_list *old = mod_garbage;
4348		struct modctl *mp = mod_garbage->modl_modp;
4349		ASSERT(mp != NULL);
4350
4351		/*
4352		 * Hold this module until it's unloaded completely.
4353		 */
4354		(void) mod_hold_by_modctl(mp,
4355		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4356		/*
4357		 * Check if the module is not unloaded yet and nobody requires
4358		 * the module. If it's unloaded already or somebody still
4359		 * requires the module, don't unload it now.
4360		 */
4361		if (mp->mod_loaded && mp->mod_ref == 0)
4362			mod_unload(mp);
4363		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4364		    (mp->mod_ref > 0));
4365		mod_release_mod(mp);
4366
4367		mod_garbage = mod_garbage->modl_next;
4368		kobj_free(old, sizeof (struct modctl_list));
4369	}
4370}
4371
4372/*
4373 * Process dependency of the module represented by "dep" on the
4374 * module named by "on."
4375 *
4376 * Called from kobj_do_dependents() to load a module "on" on which
4377 * "dep" depends.
4378 */
4379struct modctl *
4380mod_load_requisite(struct modctl *dep, char *on)
4381{
4382	struct modctl *on_mod;
4383	int retval;
4384
4385	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4386		mod_make_requisite(dep, on_mod);
4387	} else if (moddebug & MODDEBUG_ERRMSG) {
4388		printf("error processing %s on which module %s depends\n",
4389		    on, dep->mod_modname);
4390	}
4391	return (on_mod);
4392}
4393
4394static int
4395mod_install_requisites(struct modctl *modp)
4396{
4397	struct modctl_list *modl;
4398	struct modctl *req;
4399	int status = 0;
4400
4401	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4402	ASSERT(modp->mod_busy);
4403
4404	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4405		req = modl->modl_modp;
4406		(void) mod_hold_by_modctl(req,
4407		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4408		status = modinstall(req);
4409		mod_release_mod(req);
4410
4411		if (status != 0)
4412			break;
4413	}
4414	return (status);
4415}
4416
4417/*
4418 * returns 1 if this thread is doing autounload, 0 otherwise.
4419 * see mod_uninstall_all.
4420 */
4421int
4422mod_in_autounload()
4423{
4424	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4425}
4426
4427/*
4428 * gmatch adapted from libc, stripping the wchar stuff
4429 */
4430#define	popchar(p, c)	{ \
4431		c = *p++; \
4432		if (c == 0) { \
4433			return (0); \
4434		} \
4435	}
4436
4437int
4438gmatch(const char *s, const char *p)
4439{
4440	int c, sc;
4441	int ok, lc, notflag;
4442
4443	sc = *s++;
4444	c = *p++;
4445	if (c == 0)
4446		return (sc == c);	/* nothing matches nothing */
4447
4448	switch (c) {
4449	case '\\':
4450		/* skip to quoted character */
4451		popchar(p, c);
4452		/*FALLTHRU*/
4453
4454	default:
4455		/* straight comparison */
4456		if (c != sc)
4457			return (0);
4458		/*FALLTHRU*/
4459
4460	case '?':
4461		/* first char matches, move to remainder */
4462		return (sc != '\0' ? gmatch(s, p) : 0);
4463
4464
4465	case '*':
4466		while (*p == '*')
4467			p++;
4468
4469		/* * matches everything */
4470		if (*p == 0)
4471			return (1);
4472
4473		/* undo skip at the beginning & iterate over substrings */
4474		--s;
4475		while (*s) {
4476			if (gmatch(s, p))
4477				return (1);
4478			s++;
4479		}
4480		return (0);
4481
4482	case '[':
4483		/* match any char within [] */
4484		if (sc == 0)
4485			return (0);
4486
4487		ok = lc = notflag = 0;
4488
4489		if (*p == '!') {
4490			notflag = 1;
4491			p++;
4492		}
4493		popchar(p, c);
4494
4495		do {
4496			if (c == '-' && lc && *p != ']') {
4497				/* test sc against range [c1-c2] */
4498				popchar(p, c);
4499				if (c == '\\') {
4500					popchar(p, c);
4501				}
4502
4503				if (notflag) {
4504					/* return 0 on mismatch */
4505					if (lc <= sc && sc <= c)
4506						return (0);
4507					ok++;
4508				} else if (lc <= sc && sc <= c) {
4509					ok++;
4510				}
4511				/* keep going, may get a match next */
4512			} else if (c == '\\') {
4513				/* skip to quoted character */
4514				popchar(p, c);
4515			}
4516			lc = c;
4517			if (notflag) {
4518				if (sc == lc)
4519					return (0);
4520				ok++;
4521			} else if (sc == lc) {
4522				ok++;
4523			}
4524			popchar(p, c);
4525		} while (c != ']');
4526
4527		/* recurse on remainder of string */
4528		return (ok ? gmatch(s, p) : 0);
4529	}
4530	/*NOTREACHED*/
4531}
4532
4533
4534/*
4535 * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4536 *
4537 * Pure wild-carded patterns are handled separately so the ordering of
4538 * these patterns doesn't matter.  We're still dependent on ordering
4539 * however as the first matching entry is the one returned.
4540 * Not ideal but all existing examples and usage do imply this
4541 * ordering implicitly.
4542 *
4543 * Drivers using the clone driver are always good for some entertainment.
4544 * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4545 * perm entries have the form clone:<driver>, others use <driver>:*
4546 * Examples are clone:llc1 vs. llc2:*, for example.
4547 *
4548 * Minor perms in the clone:<driver> form are mapped to the drivers's
4549 * mperm list, not the clone driver, as wildcard entries for clone
4550 * reference only.  In other words, a clone wildcard will match
4551 * references for clone@0:<driver> but never <driver>@<minor>.
4552 *
4553 * Additional minor perms in the standard form are also supported,
4554 * for mixed usage, ie a node with an entry clone:<driver> could
4555 * provide further entries <driver>:<minor>.
4556 *
4557 * Finally, some uses of clone use an alias as the minor name rather
4558 * than the driver name, with the alias as the minor perm entry.
4559 * This case is handled by attaching the driver to bring its
4560 * minor list into existence, then discover the alias via DDI_ALIAS.
4561 * The clone device's minor perm list can then be searched for
4562 * that alias.
4563 */
4564
4565static int
4566dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4567{
4568	major_t			major;
4569	struct devnames		*dnp;
4570	mperm_t			*mp;
4571	char			*alias = NULL;
4572	dev_info_t		*cdevi;
4573	int			circ;
4574	struct ddi_minor_data	*dmd;
4575
4576	major = ddi_name_to_major(minor_name);
4577
4578	ASSERT(dip == clone_dip);
4579	ASSERT(major != DDI_MAJOR_T_NONE);
4580
4581	/*
4582	 * Attach the driver named by the minor node, then
4583	 * search its first instance's minor list for an
4584	 * alias node.
4585	 */
4586	if (ddi_hold_installed_driver(major) == NULL)
4587		return (1);
4588
4589	dnp = &devnamesp[major];
4590	LOCK_DEV_OPS(&dnp->dn_lock);
4591
4592	if ((cdevi = dnp->dn_head) != NULL) {
4593		ndi_devi_enter(cdevi, &circ);
4594		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4595			if (dmd->type == DDM_ALIAS) {
4596				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4597				break;
4598			}
4599		}
4600		ndi_devi_exit(cdevi, circ);
4601	}
4602
4603	UNLOCK_DEV_OPS(&dnp->dn_lock);
4604	ddi_rele_driver(major);
4605
4606	if (alias == NULL) {
4607		if (moddebug & MODDEBUG_MINORPERM)
4608			cmn_err(CE_CONT, "dev_minorperm: "
4609			    "no alias for %s\n", minor_name);
4610		return (1);
4611	}
4612
4613	major = ddi_driver_major(clone_dip);
4614	dnp = &devnamesp[major];
4615	LOCK_DEV_OPS(&dnp->dn_lock);
4616
4617	/*
4618	 * Go through the clone driver's mperm list looking
4619	 * for a match for the specified alias.
4620	 */
4621	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4622		if (strcmp(alias, mp->mp_minorname) == 0) {
4623			break;
4624		}
4625	}
4626
4627	if (mp) {
4628		if (moddebug & MODDEBUG_MP_MATCH) {
4629			cmn_err(CE_CONT,
4630			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4631			    minor_name, alias, mp->mp_mode,
4632			    mp->mp_uid, mp->mp_gid);
4633		}
4634		rmp->mp_uid = mp->mp_uid;
4635		rmp->mp_gid = mp->mp_gid;
4636		rmp->mp_mode = mp->mp_mode;
4637	}
4638	UNLOCK_DEV_OPS(&dnp->dn_lock);
4639
4640	kmem_free(alias, strlen(alias)+1);
4641
4642	return (mp == NULL);
4643}
4644
4645int
4646dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4647{
4648	major_t major;
4649	char *minor_name;
4650	struct devnames *dnp;
4651	mperm_t *mp;
4652	int is_clone = 0;
4653
4654	if (!minorperm_loaded) {
4655		if (moddebug & MODDEBUG_MINORPERM)
4656			cmn_err(CE_CONT,
4657			    "%s: minor perm not yet loaded\n", name);
4658		return (1);
4659	}
4660
4661	minor_name = strchr(name, ':');
4662	if (minor_name == NULL)
4663		return (1);
4664	minor_name++;
4665
4666	/*
4667	 * If it's the clone driver, search the driver as named
4668	 * by the minor.  All clone minor perm entries other than
4669	 * alias nodes are actually installed on the real driver's list.
4670	 */
4671	if (dip == clone_dip) {
4672		major = ddi_name_to_major(minor_name);
4673		if (major == DDI_MAJOR_T_NONE) {
4674			if (moddebug & MODDEBUG_MINORPERM)
4675				cmn_err(CE_CONT, "dev_minorperm: "
4676				    "%s: no such driver\n", minor_name);
4677			return (1);
4678		}
4679		is_clone = 1;
4680	} else {
4681		major = ddi_driver_major(dip);
4682		ASSERT(major != DDI_MAJOR_T_NONE);
4683	}
4684
4685	dnp = &devnamesp[major];
4686	LOCK_DEV_OPS(&dnp->dn_lock);
4687
4688	/*
4689	 * Go through the driver's mperm list looking for
4690	 * a match for the specified minor.  If there's
4691	 * no matching pattern, use the wild card.
4692	 * Defer to the clone wild for clone if specified,
4693	 * otherwise fall back to the normal form.
4694	 */
4695	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4696		if (gmatch(minor_name, mp->mp_minorname) != 0) {
4697			break;
4698		}
4699	}
4700	if (mp == NULL) {
4701		if (is_clone)
4702			mp = dnp->dn_mperm_clone;
4703		if (mp == NULL)
4704			mp = dnp->dn_mperm_wild;
4705	}
4706
4707	if (mp) {
4708		if (moddebug & MODDEBUG_MP_MATCH) {
4709			cmn_err(CE_CONT,
4710			    "minor perm defaults: %s %s 0%o %d %d\n",
4711			    name, mp->mp_minorname, mp->mp_mode,
4712			    mp->mp_uid, mp->mp_gid);
4713		}
4714		rmp->mp_uid = mp->mp_uid;
4715		rmp->mp_gid = mp->mp_gid;
4716		rmp->mp_mode = mp->mp_mode;
4717	}
4718	UNLOCK_DEV_OPS(&dnp->dn_lock);
4719
4720	/*
4721	 * If no match can be found for a clone node,
4722	 * search for a possible match for an alias.
4723	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4724	 * with minor perm entry clone:ptmx.
4725	 */
4726	if (mp == NULL && is_clone) {
4727		return (dev_alias_minorperm(dip, minor_name, rmp));
4728	}
4729
4730	return (mp == NULL);
4731}
4732
4733/*
4734 * dynamicaly reference load a dl module/library, returning handle
4735 */
4736/*ARGSUSED*/
4737ddi_modhandle_t
4738ddi_modopen(const char *modname, int mode, int *errnop)
4739{
4740	char		*subdir;
4741	char		*mod;
4742	int		subdirlen;
4743	struct modctl	*hmodp = NULL;
4744	int		retval = EINVAL;
4745
4746	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4747	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4748		goto out;
4749
4750	/* find last '/' in modname */
4751	mod = strrchr(modname, '/');
4752
4753	if (mod) {
4754		/* for subdir string without modification to argument */
4755		mod++;
4756		subdirlen = mod - modname;
4757		subdir = kmem_alloc(subdirlen, KM_SLEEP);
4758		(void) strlcpy(subdir, modname, subdirlen);
4759	} else {
4760		subdirlen = 0;
4761		subdir = "misc";
4762		mod = (char *)modname;
4763	}
4764
4765	/* reference load with errno return value */
4766	retval = modrload(subdir, mod, &hmodp);
4767
4768	if (subdirlen)
4769		kmem_free(subdir, subdirlen);
4770
4771out:	if (errnop)
4772		*errnop = retval;
4773
4774	if (moddebug & MODDEBUG_DDI_MOD)
4775		printf("ddi_modopen %s mode %x: %s %p %d\n",
4776		    modname ? modname : "<unknown>", mode,
4777		    hmodp ? hmodp->mod_filename : "<unknown>",
4778		    (void *)hmodp, retval);
4779
4780	return ((ddi_modhandle_t)hmodp);
4781}
4782
4783/* lookup "name" in open dl module/library */
4784void *
4785ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4786{
4787	struct modctl	*hmodp = (struct modctl *)h;
4788	void		*f;
4789	int		retval;
4790
4791	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4792	if ((hmodp == NULL) || (name == NULL) ||
4793	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4794		f = NULL;
4795		retval = EINVAL;
4796	} else {
4797		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4798		if (f)
4799			retval = 0;
4800		else
4801			retval = ENOTSUP;
4802	}
4803
4804	if (moddebug & MODDEBUG_DDI_MOD)
4805		printf("ddi_modsym in %s of %s: %d %p\n",
4806		    hmodp ? hmodp->mod_modname : "<unknown>",
4807		    name ? name : "<unknown>", retval, f);
4808
4809	if (errnop)
4810		*errnop = retval;
4811	return (f);
4812}
4813
4814/* dynamic (un)reference unload of an open dl module/library */
4815int
4816ddi_modclose(ddi_modhandle_t h)
4817{
4818	struct modctl	*hmodp = (struct modctl *)h;
4819	struct modctl	*modp = NULL;
4820	int		retval;
4821
4822	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4823	if ((hmodp == NULL) ||
4824	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4825		retval = EINVAL;
4826		goto out;
4827	}
4828
4829	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4830	if (retval == EBUSY)
4831		retval = 0;	/* EBUSY is not an error */
4832
4833	if (retval == 0) {
4834		ASSERT(hmodp == modp);
4835		if (hmodp != modp)
4836			retval = EINVAL;
4837	}
4838
4839out:	if (moddebug & MODDEBUG_DDI_MOD)
4840		printf("ddi_modclose %s: %d\n",
4841		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
4842
4843	return (retval);
4844}
4845