xref: /illumos-gate/usr/src/uts/common/os/modctl.c (revision 5f61829a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright (c) 2017 Joyent, Inc.
25  */
26 
27 /*
28  * Copyright 2023 Oxide Computer Company
29  */
30 
31 /*
32  * modctl system call for loadable module support.
33  */
34 
35 #include <sys/param.h>
36 #include <sys/user.h>
37 #include <sys/systm.h>
38 #include <sys/exec.h>
39 #include <sys/file.h>
40 #include <sys/stat.h>
41 #include <sys/conf.h>
42 #include <sys/time.h>
43 #include <sys/reboot.h>
44 #include <sys/fs/ufs_fsdir.h>
45 #include <sys/kmem.h>
46 #include <sys/sysconf.h>
47 #include <sys/cmn_err.h>
48 #include <sys/ddi.h>
49 #include <sys/sunddi.h>
50 #include <sys/sunndi.h>
51 #include <sys/ndi_impldefs.h>
52 #include <sys/ddi_impldefs.h>
53 #include <sys/ddi_implfuncs.h>
54 #include <sys/bootconf.h>
55 #include <sys/dc_ki.h>
56 #include <sys/cladm.h>
57 #include <sys/dtrace.h>
58 #include <sys/kdi.h>
59 
60 #include <sys/devpolicy.h>
61 #include <sys/modctl.h>
62 #include <sys/kobj.h>
63 #include <sys/devops.h>
64 #include <sys/autoconf.h>
65 #include <sys/hwconf.h>
66 #include <sys/callb.h>
67 #include <sys/debug.h>
68 #include <sys/cpuvar.h>
69 #include <sys/sysmacros.h>
70 #include <sys/sysevent.h>
71 #include <sys/sysevent_impl.h>
72 #include <sys/instance.h>
73 #include <sys/modhash.h>
74 #include <sys/modhash_impl.h>
75 #include <sys/dacf_impl.h>
76 #include <sys/vfs.h>
77 #include <sys/pathname.h>
78 #include <sys/console.h>
79 #include <sys/policy.h>
80 #include <ipp/ipp_impl.h>
81 #include <sys/fs/dv_node.h>
82 #include <sys/strsubr.h>
83 #include <sys/fs/sdev_impl.h>
84 
85 static int		mod_circdep(struct modctl *);
86 static int		modinfo(modid_t, struct modinfo *);
87 
88 static void		mod_uninstall_all(void);
89 static int		mod_getinfo(struct modctl *, struct modinfo *);
90 static struct modctl	*allocate_modp(const char *, const char *);
91 
92 static int		mod_load(struct modctl *, int);
93 static void		mod_unload(struct modctl *);
94 static int		modinstall(struct modctl *);
95 static int		moduninstall(struct modctl *);
96 
97 static struct modctl	*mod_hold_by_name_common(struct modctl *, const char *);
98 static struct modctl	*mod_hold_next_by_id(modid_t);
99 static struct modctl	*mod_hold_loaded_mod(struct modctl *, char *, int *);
100 static struct modctl	*mod_hold_installed_mod(char *, int, int, int *);
101 
102 static void		mod_release(struct modctl *);
103 static void		mod_make_requisite(struct modctl *, struct modctl *);
104 static int		mod_install_requisites(struct modctl *);
105 static void		check_esc_sequences(char *, char *);
106 static struct modctl	*mod_hold_by_name_requisite(struct modctl *, char *);
107 
108 /*
109  * module loading thread control structure. Calls to kobj_load_module()() are
110  * handled off to a separate thead using this structure.
111  */
112 struct loadmt {
113 	ksema_t		sema;
114 	struct modctl	*mp;
115 	int		usepath;
116 	kthread_t	*owner;
117 	int		retval;
118 };
119 
120 static void	modload_thread(struct loadmt *);
121 
122 kcondvar_t	mod_cv;
123 kcondvar_t	mod_uninstall_cv;	/* Communication between swapper */
124 					/* and the uninstall daemon. */
125 kmutex_t	mod_lock;		/* protects &modules insert linkage, */
126 					/* mod_busy, mod_want, and mod_ref. */
127 					/* blocking operations while holding */
128 					/* mod_lock should be avoided */
129 kmutex_t	mod_uninstall_lock;	/* protects mod_uninstall_cv */
130 kthread_id_t	mod_aul_thread;
131 
132 int		modunload_wait;
133 kmutex_t	modunload_wait_mutex;
134 kcondvar_t	modunload_wait_cv;
135 int		modunload_active_count;
136 int		modunload_disable_count;
137 
138 int	isminiroot;		/* set if running as miniroot */
139 int	modrootloaded;		/* set after root driver and fs are loaded */
140 int	moddebug = 0x0;		/* debug flags for module writers */
141 int	swaploaded;		/* set after swap driver and fs are loaded */
142 int	bop_io_quiesced = 0;	/* set when BOP I/O can no longer be used */
143 int	last_module_id;
144 clock_t	mod_uninstall_interval = 0;
145 int	mod_uninstall_pass_max = 6;
146 int	mod_uninstall_ref_zero;	/* # modules that went mod_ref == 0 */
147 int	mod_uninstall_pass_exc;	/* mod_uninstall_all left new stuff */
148 
149 int	ddi_modclose_unload = 1;	/* 0 -> just decrement reference */
150 
151 int	devcnt_incr	= 256;		/* allow for additional drivers */
152 int	devcnt_min	= 512;		/* and always at least this number */
153 
154 struct devnames *devnamesp;
155 struct devnames orphanlist;
156 
157 krwlock_t	devinfo_tree_lock;	/* obsolete, to be removed */
158 
159 #define	MAJBINDFILE "/etc/name_to_major"
160 #define	SYSBINDFILE "/etc/name_to_sysnum"
161 
162 static char	majbind[] = MAJBINDFILE;
163 static char	sysbind[] = SYSBINDFILE;
164 static uint_t	mod_autounload_key;	/* for module autounload detection */
165 
166 extern int obpdebug;
167 
168 #define	DEBUGGER_PRESENT	((boothowto & RB_DEBUG) || (obpdebug != 0))
169 
170 static int minorperm_loaded = 0;
171 
172 void
mod_setup(void)173 mod_setup(void)
174 {
175 	struct sysent *callp;
176 	int callnum, exectype;
177 	int	num_devs;
178 	int	i;
179 
180 	/*
181 	 * Initialize the list of loaded driver dev_ops.
182 	 * XXX - This must be done before reading the system file so that
183 	 * forceloads of drivers will work.
184 	 */
185 	num_devs = read_binding_file(majbind, mb_hashtab, make_mbind);
186 	/*
187 	 * Since read_binding_file is common code, it doesn't enforce that all
188 	 * of the binding file entries have major numbers <= MAXMAJ32.	Thus,
189 	 * ensure that we don't allocate some massive amount of space due to a
190 	 * bad entry.  We can't have major numbers bigger than MAXMAJ32
191 	 * until file system support for larger major numbers exists.
192 	 */
193 
194 	/*
195 	 * Leave space for expansion, but not more than L_MAXMAJ32
196 	 */
197 	devcnt = MIN(num_devs + devcnt_incr, L_MAXMAJ32);
198 	devcnt = MAX(devcnt, devcnt_min);
199 	devopsp = kmem_alloc(devcnt * sizeof (struct dev_ops *), KM_SLEEP);
200 	for (i = 0; i < devcnt; i++)
201 		devopsp[i] = &mod_nodev_ops;
202 
203 	init_devnamesp(devcnt);
204 
205 	/*
206 	 * Sync up with the work that the stand-alone linker has already done.
207 	 */
208 	(void) kobj_sync();
209 
210 	if (boothowto & RB_DEBUG)
211 		kdi_dvec_modavail();
212 
213 	make_aliases(mb_hashtab);
214 
215 	/*
216 	 * Initialize streams device implementation structures.
217 	 */
218 	devimpl = kmem_zalloc(devcnt * sizeof (cdevsw_impl_t), KM_SLEEP);
219 
220 	/*
221 	 * If the cl_bootstrap module is present,
222 	 * we should be configured as a cluster. Loading this module
223 	 * will set "cluster_bootflags" to non-zero.
224 	 */
225 	(void) modload("misc", "cl_bootstrap");
226 
227 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
228 	init_syscallnames(NSYSCALL);
229 
230 	/*
231 	 * Start up dynamic autoconfiguration framework (dacf).
232 	 */
233 	mod_hash_init();
234 	dacf_init();
235 
236 	/*
237 	 * Start up IP policy framework (ipp).
238 	 */
239 	ipp_init();
240 
241 	/*
242 	 * Allocate loadable native system call locks.
243 	 */
244 	for (callnum = 0, callp = sysent; callnum < NSYSCALL;
245 	    callnum++, callp++) {
246 		if (LOADABLE_SYSCALL(callp)) {
247 			if (mod_getsysname(callnum) != NULL) {
248 				callp->sy_lock =
249 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
250 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
251 			} else {
252 				callp->sy_flags &= ~SE_LOADABLE;
253 				callp->sy_callc = nosys;
254 			}
255 #ifdef DEBUG
256 		} else {
257 			/*
258 			 * Do some sanity checks on the sysent table
259 			 */
260 			switch (callp->sy_flags & SE_RVAL_MASK) {
261 			case SE_32RVAL1:
262 				/* only r_val1 returned */
263 			case SE_32RVAL1 | SE_32RVAL2:
264 				/* r_val1 and r_val2 returned */
265 			case SE_64RVAL:
266 				/* 64-bit rval returned */
267 				break;
268 			default:
269 				cmn_err(CE_WARN, "sysent[%d]: bad flags %x",
270 				    callnum, callp->sy_flags);
271 			}
272 #endif
273 		}
274 	}
275 
276 #ifdef _SYSCALL32_IMPL
277 	/*
278 	 * Allocate loadable system call locks for 32-bit compat syscalls
279 	 */
280 	for (callnum = 0, callp = sysent32; callnum < NSYSCALL;
281 	    callnum++, callp++) {
282 		if (LOADABLE_SYSCALL(callp)) {
283 			if (mod_getsysname(callnum) != NULL) {
284 				callp->sy_lock =
285 				    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
286 				rw_init(callp->sy_lock, NULL, RW_DEFAULT, NULL);
287 			} else {
288 				callp->sy_flags &= ~SE_LOADABLE;
289 				callp->sy_callc = nosys;
290 			}
291 #ifdef DEBUG
292 		} else {
293 			/*
294 			 * Do some sanity checks on the sysent table
295 			 */
296 			switch (callp->sy_flags & SE_RVAL_MASK) {
297 			case SE_32RVAL1:
298 				/* only r_val1 returned */
299 			case SE_32RVAL1 | SE_32RVAL2:
300 				/* r_val1 and r_val2 returned */
301 			case SE_64RVAL:
302 				/* 64-bit rval returned */
303 				break;
304 			default:
305 				cmn_err(CE_WARN, "sysent32[%d]: bad flags %x",
306 				    callnum, callp->sy_flags);
307 				goto skip;
308 			}
309 
310 			/*
311 			 * Cross-check the native and compatibility tables.
312 			 */
313 			if (callp->sy_callc == nosys ||
314 			    sysent[callnum].sy_callc == nosys)
315 				continue;
316 			/*
317 			 * If only one or the other slot is loadable, then
318 			 * there's an error -- they should match!
319 			 */
320 			if ((callp->sy_callc == loadable_syscall) ^
321 			    (sysent[callnum].sy_callc == loadable_syscall)) {
322 				cmn_err(CE_WARN, "sysent[%d] loadable?",
323 				    callnum);
324 			}
325 			/*
326 			 * This is more of a heuristic test -- if the
327 			 * system call returns two values in the 32-bit
328 			 * world, it should probably return two 32-bit
329 			 * values in the 64-bit world too.
330 			 */
331 			if (((callp->sy_flags & SE_32RVAL2) == 0) ^
332 			    ((sysent[callnum].sy_flags & SE_32RVAL2) == 0)) {
333 				cmn_err(CE_WARN, "sysent[%d] rval2 mismatch!",
334 				    callnum);
335 			}
336 skip:;
337 #endif	/* DEBUG */
338 		}
339 	}
340 #endif	/* _SYSCALL32_IMPL */
341 
342 	/*
343 	 * Allocate loadable exec locks.  (Assumes all execs are loadable)
344 	 */
345 	for (exectype = 0; exectype < nexectype; exectype++) {
346 		execsw[exectype].exec_lock =
347 		    kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
348 		rw_init(execsw[exectype].exec_lock, NULL, RW_DEFAULT, NULL);
349 	}
350 
351 	read_class_file();
352 
353 	/* init thread specific structure for mod_uninstall_all */
354 	tsd_create(&mod_autounload_key, NULL);
355 }
356 
357 static int
modctl_modload(int use_path,char * filename,int * rvp)358 modctl_modload(int use_path, char *filename, int *rvp)
359 {
360 	struct modctl *modp;
361 	int retval = 0;
362 	char *filenamep;
363 	int modid;
364 
365 	filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
366 
367 	if (copyinstr(filename, filenamep, MOD_MAXPATH, 0)) {
368 		retval = EFAULT;
369 		goto out;
370 	}
371 
372 	filenamep[MOD_MAXPATH - 1] = 0;
373 	modp = mod_hold_installed_mod(filenamep, use_path, 0, &retval);
374 
375 	if (modp == NULL)
376 		goto out;
377 
378 	modp->mod_loadflags |= MOD_NOAUTOUNLOAD;
379 	modid = modp->mod_id;
380 	mod_release_mod(modp);
381 	CPU_STATS_ADDQ(CPU, sys, modload, 1);
382 	if (rvp != NULL && copyout(&modid, rvp, sizeof (modid)) != 0)
383 		retval = EFAULT;
384 out:
385 	kmem_free(filenamep, MOD_MAXPATH);
386 
387 	return (retval);
388 }
389 
390 static int
modctl_modunload(modid_t id)391 modctl_modunload(modid_t id)
392 {
393 	int rval = 0;
394 
395 	if (id == 0) {
396 #ifdef DEBUG
397 		/*
398 		 * Turn on mod_uninstall_daemon
399 		 */
400 		if (mod_uninstall_interval == 0) {
401 			mod_uninstall_interval = 60;
402 			modreap();
403 			return (rval);
404 		}
405 #endif
406 		mod_uninstall_all();
407 	} else {
408 		rval = modunload(id);
409 	}
410 	return (rval);
411 }
412 
413 static int
modctl_modinfo(modid_t id,struct modinfo * umodi)414 modctl_modinfo(modid_t id, struct modinfo *umodi)
415 {
416 	int retval;
417 	struct modinfo modi;
418 #if defined(_SYSCALL32_IMPL)
419 	int nobase;
420 	struct modinfo32 modi32;
421 #endif
422 
423 	nobase = 0;
424 	if (get_udatamodel() == DATAMODEL_NATIVE) {
425 		if (copyin(umodi, &modi, sizeof (struct modinfo)) != 0)
426 			return (EFAULT);
427 	}
428 #ifdef _SYSCALL32_IMPL
429 	else {
430 		bzero(&modi, sizeof (modi));
431 		if (copyin(umodi, &modi32, sizeof (struct modinfo32)) != 0)
432 			return (EFAULT);
433 		modi.mi_info = modi32.mi_info;
434 		modi.mi_id = modi32.mi_id;
435 		modi.mi_nextid = modi32.mi_nextid;
436 		nobase = modi.mi_info & MI_INFO_NOBASE;
437 	}
438 #endif
439 	/*
440 	 * This flag is -only- for the kernels use.
441 	 */
442 	modi.mi_info &= ~MI_INFO_LINKAGE;
443 
444 	retval = modinfo(id, &modi);
445 	if (retval)
446 		return (retval);
447 
448 	if (get_udatamodel() == DATAMODEL_NATIVE) {
449 		if (copyout(&modi, umodi, sizeof (struct modinfo)) != 0)
450 			retval = EFAULT;
451 #ifdef _SYSCALL32_IMPL
452 	} else {
453 		int i;
454 
455 		if (!nobase && (uintptr_t)modi.mi_base > UINT32_MAX)
456 			return (EOVERFLOW);
457 
458 		modi32.mi_info = modi.mi_info;
459 		modi32.mi_state = modi.mi_state;
460 		modi32.mi_id = modi.mi_id;
461 		modi32.mi_nextid = modi.mi_nextid;
462 		modi32.mi_base = (caddr32_t)(uintptr_t)modi.mi_base;
463 		modi32.mi_size = modi.mi_size;
464 		modi32.mi_rev = modi.mi_rev;
465 		modi32.mi_loadcnt = modi.mi_loadcnt;
466 		bcopy(modi.mi_name, modi32.mi_name, sizeof (modi32.mi_name));
467 		for (i = 0; i < MODMAXLINK32; i++) {
468 			modi32.mi_msinfo[i].msi_p0 = modi.mi_msinfo[i].msi_p0;
469 			bcopy(modi.mi_msinfo[i].msi_linkinfo,
470 			    modi32.mi_msinfo[i].msi_linkinfo,
471 			    sizeof (modi32.mi_msinfo[0].msi_linkinfo));
472 		}
473 		if (copyout(&modi32, umodi, sizeof (struct modinfo32)) != 0)
474 			retval = EFAULT;
475 #endif
476 	}
477 
478 	return (retval);
479 }
480 
481 /*
482  * Return the last major number in the range of permissible major numbers.
483  */
484 /*ARGSUSED*/
485 static int
modctl_modreserve(modid_t id,int * data)486 modctl_modreserve(modid_t id, int *data)
487 {
488 	if (copyout(&devcnt, data, sizeof (devcnt)) != 0)
489 		return (EFAULT);
490 	return (0);
491 }
492 
493 /* Add/Remove driver and binding aliases */
494 static int
modctl_update_driver_aliases(int add,int * data)495 modctl_update_driver_aliases(int add, int *data)
496 {
497 	struct modconfig	mc;
498 	int			i, n, rv = 0;
499 	struct aliases		alias;
500 	struct aliases		*ap;
501 	char			name[MAXMODCONFNAME];
502 	char			cname[MAXMODCONFNAME];
503 	char			*drvname;
504 	int			resid;
505 	struct alias_info {
506 		char	*alias_name;
507 		int	alias_resid;
508 	} *aliases, *aip;
509 
510 	aliases = NULL;
511 	bzero(&mc, sizeof (struct modconfig));
512 	if (get_udatamodel() == DATAMODEL_NATIVE) {
513 		if (copyin(data, &mc, sizeof (struct modconfig)) != 0)
514 			return (EFAULT);
515 	}
516 #ifdef _SYSCALL32_IMPL
517 	else {
518 		struct modconfig32 modc32;
519 		if (copyin(data, &modc32, sizeof (struct modconfig32)) != 0)
520 			return (EFAULT);
521 		else {
522 			bcopy(modc32.drvname, mc.drvname,
523 			    sizeof (modc32.drvname));
524 			bcopy(modc32.drvclass, mc.drvclass,
525 			    sizeof (modc32.drvclass));
526 			mc.major = modc32.major;
527 			mc.flags = modc32.flags;
528 			mc.num_aliases = modc32.num_aliases;
529 			mc.ap = (struct aliases *)(uintptr_t)modc32.ap;
530 		}
531 	}
532 #endif
533 
534 	/*
535 	 * If the driver is already in the mb_hashtab, and the name given
536 	 * doesn't match that driver's name, fail.  Otherwise, pass, since
537 	 * we may be adding aliases.
538 	 */
539 	drvname = mod_major_to_name(mc.major);
540 	if ((drvname != NULL) && strcmp(drvname, mc.drvname) != 0)
541 		return (EINVAL);
542 
543 	/*
544 	 * Precede alias removal by unbinding as many devices as possible.
545 	 */
546 	if (add == 0) {
547 		(void) i_ddi_unload_drvconf(mc.major);
548 		i_ddi_unbind_devs(mc.major);
549 	}
550 
551 	/*
552 	 * Add/remove each supplied driver alias to/from mb_hashtab
553 	 */
554 	ap = mc.ap;
555 	if (mc.num_aliases > 0)
556 		aliases = kmem_zalloc(
557 		    mc.num_aliases * sizeof (struct alias_info), KM_SLEEP);
558 	aip = aliases;
559 	for (i = 0; i < mc.num_aliases; i++) {
560 		bzero(&alias, sizeof (struct aliases));
561 		if (get_udatamodel() == DATAMODEL_NATIVE) {
562 			if (copyin(ap, &alias, sizeof (struct aliases)) != 0) {
563 				rv = EFAULT;
564 				goto error;
565 			}
566 			if (alias.a_len > MAXMODCONFNAME) {
567 				rv = EINVAL;
568 				goto error;
569 			}
570 			if (copyin(alias.a_name, name, alias.a_len) != 0) {
571 				rv = EFAULT;
572 				goto error;
573 			}
574 			if (name[alias.a_len - 1] != '\0') {
575 				rv = EINVAL;
576 				goto error;
577 			}
578 		}
579 #ifdef _SYSCALL32_IMPL
580 		else {
581 			struct aliases32 al32;
582 			bzero(&al32, sizeof (struct aliases32));
583 			if (copyin(ap, &al32, sizeof (struct aliases32)) != 0) {
584 				rv = EFAULT;
585 				goto error;
586 			}
587 			if (al32.a_len > MAXMODCONFNAME) {
588 				rv = EINVAL;
589 				goto error;
590 			}
591 			if (copyin((void *)(uintptr_t)al32.a_name,
592 			    name, al32.a_len) != 0) {
593 				rv = EFAULT;
594 				goto error;
595 			}
596 			if (name[al32.a_len - 1] != '\0') {
597 				rv = EINVAL;
598 				goto error;
599 			}
600 			alias.a_next = (void *)(uintptr_t)al32.a_next;
601 		}
602 #endif
603 		check_esc_sequences(name, cname);
604 		aip->alias_name = strdup(cname);
605 		ap = alias.a_next;
606 		aip++;
607 	}
608 
609 	if (add == 0) {
610 		ap = mc.ap;
611 		resid = 0;
612 		aip = aliases;
613 		/* attempt to unbind all devices bound to each alias */
614 		for (i = 0; i < mc.num_aliases; i++) {
615 			n = i_ddi_unbind_devs_by_alias(
616 			    mc.major, aip->alias_name);
617 			resid += n;
618 			aip->alias_resid = n;
619 		}
620 
621 		/*
622 		 * If some device bound to an alias remains in use,
623 		 * and override wasn't specified, no change is made to
624 		 * the binding state and we fail the operation.
625 		 */
626 		if (resid > 0 && ((mc.flags & MOD_UNBIND_OVERRIDE) == 0)) {
627 			rv = EBUSY;
628 			goto error;
629 		}
630 
631 		/*
632 		 * No device remains bound of any of the aliases,
633 		 * or force was requested.  Mark each alias as
634 		 * inactive via delete_mbind so no future binds
635 		 * to this alias take place and that a new
636 		 * binding can be established.
637 		 */
638 		aip = aliases;
639 		for (i = 0; i < mc.num_aliases; i++) {
640 			if (moddebug & MODDEBUG_BINDING)
641 				cmn_err(CE_CONT, "Removing binding for %s "
642 				    "(%d active references)\n",
643 				    aip->alias_name, aip->alias_resid);
644 			delete_mbind(aip->alias_name, mb_hashtab);
645 			aip++;
646 		}
647 		rv = 0;
648 	} else {
649 		aip = aliases;
650 		for (i = 0; i < mc.num_aliases; i++) {
651 			if (moddebug & MODDEBUG_BINDING)
652 				cmn_err(CE_NOTE, "Adding binding for '%s'\n",
653 				    aip->alias_name);
654 			(void) make_mbind(aip->alias_name,
655 			    mc.major, NULL, mb_hashtab);
656 			aip++;
657 		}
658 		/*
659 		 * Try to establish an mbinding for mc.drvname, and add it to
660 		 * devnames. Add class if any after establishing the major
661 		 * number.
662 		 */
663 		(void) make_mbind(mc.drvname, mc.major, NULL, mb_hashtab);
664 		if ((rv = make_devname(mc.drvname, mc.major,
665 		    (mc.flags & MOD_ADDMAJBIND_UPDATE) ?
666 		    DN_DRIVER_INACTIVE : 0)) != 0) {
667 			goto error;
668 		}
669 
670 		if (mc.drvclass[0] != '\0')
671 			add_class(mc.drvname, mc.drvclass);
672 		if ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0) {
673 			(void) i_ddi_load_drvconf(mc.major);
674 		}
675 	}
676 
677 	/*
678 	 * Ensure that all nodes are bound to the most appropriate driver
679 	 * possible, attempting demotion and rebind when a more appropriate
680 	 * driver now exists.  But not when adding a driver update-only.
681 	 */
682 	if ((add == 0) || ((mc.flags & MOD_ADDMAJBIND_UPDATE) == 0)) {
683 		i_ddi_bind_devs();
684 		i_ddi_di_cache_invalidate();
685 	}
686 
687 error:
688 	if (mc.num_aliases > 0) {
689 		aip = aliases;
690 		for (i = 0; i < mc.num_aliases; i++) {
691 			if (aip->alias_name != NULL)
692 				strfree(aip->alias_name);
693 			aip++;
694 		}
695 		kmem_free(aliases, mc.num_aliases * sizeof (struct alias_info));
696 	}
697 	return (rv);
698 }
699 
700 static int
modctl_add_driver_aliases(int * data)701 modctl_add_driver_aliases(int *data)
702 {
703 	return (modctl_update_driver_aliases(1, data));
704 }
705 
706 static int
modctl_remove_driver_aliases(int * data)707 modctl_remove_driver_aliases(int *data)
708 {
709 	return (modctl_update_driver_aliases(0, data));
710 }
711 
712 static int
modctl_rem_major(major_t major)713 modctl_rem_major(major_t major)
714 {
715 	struct devnames *dnp;
716 
717 	if (major >= devcnt)
718 		return (EINVAL);
719 
720 	/* mark devnames as removed */
721 	dnp = &devnamesp[major];
722 	LOCK_DEV_OPS(&dnp->dn_lock);
723 	if (dnp->dn_name == NULL ||
724 	    (dnp->dn_flags & (DN_DRIVER_REMOVED | DN_TAKEN_GETUDEV))) {
725 		UNLOCK_DEV_OPS(&dnp->dn_lock);
726 		return (EINVAL);
727 	}
728 	dnp->dn_flags |= DN_DRIVER_REMOVED;
729 	pm_driver_removed(major);
730 	UNLOCK_DEV_OPS(&dnp->dn_lock);
731 
732 	(void) i_ddi_unload_drvconf(major);
733 	i_ddi_unbind_devs(major);
734 	i_ddi_bind_devs();
735 	i_ddi_di_cache_invalidate();
736 
737 	/* purge all the bindings to this driver */
738 	purge_mbind(major, mb_hashtab);
739 	return (0);
740 }
741 
742 static struct vfs *
path_to_vfs(char * name)743 path_to_vfs(char *name)
744 {
745 	vnode_t *vp;
746 	struct vfs *vfsp;
747 
748 	if (lookupname(name, UIO_SYSSPACE, FOLLOW, NULLVPP, &vp))
749 		return (NULL);
750 
751 	vfsp = vp->v_vfsp;
752 	VN_RELE(vp);
753 	return (vfsp);
754 }
755 
756 static int
new_vfs_in_modpath()757 new_vfs_in_modpath()
758 {
759 	static int n_modpath = 0;
760 	static char *modpath_copy;
761 	static struct pathvfs {
762 		char *path;
763 		struct vfs *vfsp;
764 	} *pathvfs;
765 
766 	int i, new_vfs = 0;
767 	char *tmp, *tmp1;
768 	struct vfs *vfsp;
769 
770 	if (n_modpath != 0) {
771 		for (i = 0; i < n_modpath; i++) {
772 			vfsp = path_to_vfs(pathvfs[i].path);
773 			if (vfsp != pathvfs[i].vfsp) {
774 				pathvfs[i].vfsp = vfsp;
775 				if (vfsp)
776 					new_vfs = 1;
777 			}
778 		}
779 		return (new_vfs);
780 	}
781 
782 	/*
783 	 * First call, initialize the pathvfs structure
784 	 */
785 	modpath_copy = i_ddi_strdup(default_path, KM_SLEEP);
786 	tmp = modpath_copy;
787 	n_modpath = 1;
788 	tmp1 = strchr(tmp, ' ');
789 	while (tmp1) {
790 		*tmp1 = '\0';
791 		n_modpath++;
792 		tmp = tmp1 + 1;
793 		tmp1 = strchr(tmp, ' ');
794 	}
795 
796 	pathvfs = kmem_zalloc(n_modpath * sizeof (struct pathvfs), KM_SLEEP);
797 	tmp = modpath_copy;
798 	for (i = 0; i < n_modpath; i++) {
799 		pathvfs[i].path = tmp;
800 		vfsp = path_to_vfs(tmp);
801 		pathvfs[i].vfsp = vfsp;
802 		tmp += strlen(tmp) + 1;
803 	}
804 	return (1);	/* always reread driver.conf the first time */
805 }
806 
807 static int
modctl_load_drvconf(major_t major,int flags)808 modctl_load_drvconf(major_t major, int flags)
809 {
810 	int ret;
811 
812 	/*
813 	 * devfsadm -u - read all new driver.conf files
814 	 * and bind and configure devices for new drivers.
815 	 */
816 	if (flags & MOD_LOADDRVCONF_RECONF) {
817 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
818 		i_ddi_bind_devs();
819 		i_ddi_di_cache_invalidate();
820 		return (0);
821 	}
822 
823 	/*
824 	 * update_drv <drv> - reload driver.conf for the specified driver
825 	 */
826 	if (major != DDI_MAJOR_T_NONE) {
827 		ret = i_ddi_load_drvconf(major);
828 		if (ret == 0)
829 			i_ddi_bind_devs();
830 		return (ret);
831 	}
832 
833 	/*
834 	 * We are invoked to rescan new driver.conf files. It is
835 	 * only necessary if a new file system was mounted in the
836 	 * module_path. Because rescanning driver.conf files can
837 	 * take some time on older platforms (sun4m), the following
838 	 * code skips unnecessary driver.conf rescans to optimize
839 	 * boot performance.
840 	 */
841 	if (new_vfs_in_modpath()) {
842 		(void) i_ddi_load_drvconf(DDI_MAJOR_T_NONE);
843 		/*
844 		 * If we are still initializing io subsystem,
845 		 * load drivers with ddi-forceattach property
846 		 */
847 		if (!i_ddi_io_initialized())
848 			i_ddi_forceattach_drivers();
849 	}
850 	return (0);
851 }
852 
853 /*
854  * Unload driver.conf file and follow up by attempting
855  * to rebind devices to more appropriate driver.
856  */
857 static int
modctl_unload_drvconf(major_t major)858 modctl_unload_drvconf(major_t major)
859 {
860 	int ret;
861 
862 	if (major >= devcnt)
863 		return (EINVAL);
864 
865 	ret = i_ddi_unload_drvconf(major);
866 	if (ret != 0)
867 		return (ret);
868 	(void) i_ddi_unbind_devs(major);
869 	i_ddi_bind_devs();
870 
871 	return (0);
872 }
873 
874 static void
check_esc_sequences(char * str,char * cstr)875 check_esc_sequences(char *str, char *cstr)
876 {
877 	int i;
878 	size_t len;
879 	char *p;
880 
881 	len = strlen(str);
882 	for (i = 0; i < len; i++, str++, cstr++) {
883 		if (*str != '\\') {
884 			*cstr = *str;
885 		} else {
886 			p = str + 1;
887 			/*
888 			 * we only handle octal escape sequences for SPACE
889 			 */
890 			if (*p++ == '0' && *p++ == '4' && *p == '0') {
891 				*cstr = ' ';
892 				str += 3;
893 			} else {
894 				*cstr = *str;
895 			}
896 		}
897 	}
898 	*cstr = 0;
899 }
900 
901 static int
modctl_getmodpathlen(int * data)902 modctl_getmodpathlen(int *data)
903 {
904 	int len;
905 	len = strlen(default_path);
906 	if (copyout(&len, data, sizeof (len)) != 0)
907 		return (EFAULT);
908 	return (0);
909 }
910 
911 static int
modctl_getmodpath(char * data)912 modctl_getmodpath(char *data)
913 {
914 	if (copyout(default_path, data, strlen(default_path) + 1) != 0)
915 		return (EFAULT);
916 	return (0);
917 }
918 
919 static int
modctl_read_sysbinding_file(void)920 modctl_read_sysbinding_file(void)
921 {
922 	(void) read_binding_file(sysbind, sb_hashtab, make_mbind);
923 	return (0);
924 }
925 
926 static int
modctl_getmaj(char * uname,uint_t ulen,int * umajorp)927 modctl_getmaj(char *uname, uint_t ulen, int *umajorp)
928 {
929 	char name[256];
930 	int retval;
931 	major_t major;
932 
933 	if (ulen == 0)
934 		return (EINVAL);
935 	if ((retval = copyinstr(uname, name,
936 	    (ulen < 256) ? ulen : 256, 0)) != 0)
937 		return (retval);
938 	if ((major = mod_name_to_major(name)) == DDI_MAJOR_T_NONE)
939 		return (ENODEV);
940 	if (copyout(&major, umajorp, sizeof (major_t)) != 0)
941 		return (EFAULT);
942 	return (0);
943 }
944 
945 static char **
convert_constraint_string(char * constraints,size_t len)946 convert_constraint_string(char *constraints, size_t len)
947 {
948 	int	i;
949 	int	n;
950 	char	*p;
951 	char	**array;
952 
953 	ASSERT(constraints != NULL);
954 	ASSERT(len > 0);
955 
956 	for (i = 0, p = constraints; strlen(p) > 0; i++, p += strlen(p) + 1)
957 		;
958 
959 	n = i;
960 
961 	if (n == 0) {
962 		kmem_free(constraints, len);
963 		return (NULL);
964 	}
965 
966 	array = kmem_alloc((n + 1) * sizeof (char *), KM_SLEEP);
967 
968 	for (i = 0, p = constraints; i < n; i++, p += strlen(p) + 1) {
969 		array[i] = i_ddi_strdup(p, KM_SLEEP);
970 	}
971 	array[n] = NULL;
972 
973 	kmem_free(constraints, len);
974 
975 	return (array);
976 }
977 /*ARGSUSED*/
978 static int
modctl_retire(char * path,char * uconstraints,size_t ulen)979 modctl_retire(char *path, char *uconstraints, size_t ulen)
980 {
981 	char	*pathbuf;
982 	char	*devpath;
983 	size_t	pathsz;
984 	int	retval;
985 	char	*constraints;
986 	char	**cons_array;
987 
988 	if (path == NULL)
989 		return (EINVAL);
990 
991 	if ((uconstraints == NULL) ^ (ulen == 0))
992 		return (EINVAL);
993 
994 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
995 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
996 	if (retval != 0) {
997 		kmem_free(pathbuf, MAXPATHLEN);
998 		return (retval);
999 	}
1000 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1001 	kmem_free(pathbuf, MAXPATHLEN);
1002 
1003 	/*
1004 	 * First check if the device is already retired.
1005 	 * If it is, then persist the retire anyway, just in case the retire
1006 	 * store has got out of sync with the boot archive.
1007 	 */
1008 	if (e_ddi_device_retired(devpath)) {
1009 		cmn_err(CE_NOTE, "Device: already retired: %s", devpath);
1010 		(void) e_ddi_retire_persist(devpath);
1011 		kmem_free(devpath, strlen(devpath) + 1);
1012 		return (0);
1013 	}
1014 
1015 	cons_array = NULL;
1016 	if (uconstraints) {
1017 		constraints = kmem_alloc(ulen, KM_SLEEP);
1018 		if (copyin(uconstraints, constraints, ulen)) {
1019 			kmem_free(constraints, ulen);
1020 			kmem_free(devpath, strlen(devpath) + 1);
1021 			return (EFAULT);
1022 		}
1023 		cons_array = convert_constraint_string(constraints, ulen);
1024 	}
1025 
1026 	/*
1027 	 * Try to retire the device first. The following
1028 	 * routine will return an error only if the device
1029 	 * is not retireable i.e. retire constraints forbid
1030 	 * a retire. A return of success from this routine
1031 	 * indicates that device is retireable.
1032 	 */
1033 	retval = e_ddi_retire_device(devpath, cons_array);
1034 	if (retval != DDI_SUCCESS) {
1035 		cmn_err(CE_WARN, "constraints forbid retire: %s", devpath);
1036 		kmem_free(devpath, strlen(devpath) + 1);
1037 		return (ENOTSUP);
1038 	}
1039 
1040 	/*
1041 	 * Ok, the retire succeeded. Persist the retire.
1042 	 * If retiring a nexus, we need to only persist the
1043 	 * nexus retire. Any children of a retired nexus
1044 	 * are automatically covered by the retire store
1045 	 * code.
1046 	 */
1047 	retval = e_ddi_retire_persist(devpath);
1048 	if (retval != 0) {
1049 		cmn_err(CE_WARN, "Failed to persist device retire: error %d: "
1050 		    "%s", retval, devpath);
1051 		kmem_free(devpath, strlen(devpath) + 1);
1052 		return (retval);
1053 	}
1054 	if (moddebug & MODDEBUG_RETIRE)
1055 		cmn_err(CE_NOTE, "Persisted retire of device: %s", devpath);
1056 
1057 	kmem_free(devpath, strlen(devpath) + 1);
1058 	return (0);
1059 }
1060 
1061 static int
modctl_is_retired(char * path,int * statep)1062 modctl_is_retired(char *path, int *statep)
1063 {
1064 	char	*pathbuf;
1065 	char	*devpath;
1066 	size_t	pathsz;
1067 	int	error;
1068 	int	status;
1069 
1070 	if (path == NULL || statep == NULL)
1071 		return (EINVAL);
1072 
1073 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1074 	error = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1075 	if (error != 0) {
1076 		kmem_free(pathbuf, MAXPATHLEN);
1077 		return (error);
1078 	}
1079 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1080 	kmem_free(pathbuf, MAXPATHLEN);
1081 
1082 	if (e_ddi_device_retired(devpath))
1083 		status = 1;
1084 	else
1085 		status = 0;
1086 	kmem_free(devpath, strlen(devpath) + 1);
1087 
1088 	return (copyout(&status, statep, sizeof (status)) ? EFAULT : 0);
1089 }
1090 
1091 static int
modctl_unretire(char * path)1092 modctl_unretire(char *path)
1093 {
1094 	char	*pathbuf;
1095 	char	*devpath;
1096 	size_t	pathsz;
1097 	int	retired;
1098 	int	retval;
1099 
1100 	if (path == NULL)
1101 		return (EINVAL);
1102 
1103 	pathbuf = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1104 	retval = copyinstr(path, pathbuf, MAXPATHLEN, &pathsz);
1105 	if (retval != 0) {
1106 		kmem_free(pathbuf, MAXPATHLEN);
1107 		return (retval);
1108 	}
1109 	devpath = i_ddi_strdup(pathbuf, KM_SLEEP);
1110 	kmem_free(pathbuf, MAXPATHLEN);
1111 
1112 	/*
1113 	 * We check if a device is retired (first) before
1114 	 * unpersisting the retire, because we use the
1115 	 * retire store to determine if a device is retired.
1116 	 * If we unpersist first, the device will always appear
1117 	 * to be unretired. For the rationale behind unpersisting
1118 	 * a device that is not retired, see the next comment.
1119 	 */
1120 	retired = e_ddi_device_retired(devpath);
1121 
1122 	/*
1123 	 * We call unpersist unconditionally because the lookup
1124 	 * for retired devices (e_ddi_device_retired()), skips "bypassed"
1125 	 * devices. We still want to be able remove "bypassed" entries
1126 	 * from the persistent store, so we unpersist unconditionally
1127 	 * i.e. whether or not the entry is found on a lookup.
1128 	 *
1129 	 * e_ddi_retire_unpersist() returns 1 if it found and cleared
1130 	 * an entry from the retire store or 0 otherwise.
1131 	 */
1132 	if (e_ddi_retire_unpersist(devpath))
1133 		if (moddebug & MODDEBUG_RETIRE) {
1134 			cmn_err(CE_NOTE, "Unpersisted retire of device: %s",
1135 			    devpath);
1136 		}
1137 
1138 	/*
1139 	 * Check if the device is already unretired. If so,
1140 	 * the unretire becomes a NOP
1141 	 */
1142 	if (!retired) {
1143 		cmn_err(CE_NOTE, "Not retired: %s", devpath);
1144 		kmem_free(devpath, strlen(devpath) + 1);
1145 		return (0);
1146 	}
1147 
1148 	retval = e_ddi_unretire_device(devpath);
1149 	if (retval != 0) {
1150 		cmn_err(CE_WARN, "cannot unretire device: error %d, path %s\n",
1151 		    retval, devpath);
1152 	}
1153 
1154 	kmem_free(devpath, strlen(devpath) + 1);
1155 
1156 	return (retval);
1157 }
1158 
1159 static int
modctl_getname(char * uname,uint_t ulen,int * umajorp)1160 modctl_getname(char *uname, uint_t ulen, int *umajorp)
1161 {
1162 	char *name;
1163 	major_t major;
1164 
1165 	if (copyin(umajorp, &major, sizeof (major)) != 0)
1166 		return (EFAULT);
1167 	if ((name = mod_major_to_name(major)) == NULL)
1168 		return (ENODEV);
1169 	if ((strlen(name) + 1) > ulen)
1170 		return (ENOSPC);
1171 	return (copyoutstr(name, uname, ulen, NULL));
1172 }
1173 
1174 static int
modctl_devt2instance(dev_t dev,int * uinstancep)1175 modctl_devt2instance(dev_t dev, int *uinstancep)
1176 {
1177 	int	instance;
1178 
1179 	if ((instance = dev_to_instance(dev)) == -1)
1180 		return (EINVAL);
1181 
1182 	return (copyout(&instance, uinstancep, sizeof (int)));
1183 }
1184 
1185 /*
1186  * Return the sizeof of the device id.
1187  */
1188 static int
modctl_sizeof_devid(dev_t dev,uint_t * len)1189 modctl_sizeof_devid(dev_t dev, uint_t *len)
1190 {
1191 	uint_t		sz;
1192 	ddi_devid_t	devid;
1193 
1194 	/* get device id */
1195 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1196 		return (EINVAL);
1197 
1198 	sz = ddi_devid_sizeof(devid);
1199 	ddi_devid_free(devid);
1200 
1201 	/* copyout device id size */
1202 	if (copyout(&sz, len, sizeof (sz)) != 0)
1203 		return (EFAULT);
1204 
1205 	return (0);
1206 }
1207 
1208 /*
1209  * Return a copy of the device id.
1210  */
1211 static int
modctl_get_devid(dev_t dev,uint_t len,ddi_devid_t udevid)1212 modctl_get_devid(dev_t dev, uint_t len, ddi_devid_t udevid)
1213 {
1214 	uint_t		sz;
1215 	ddi_devid_t	devid;
1216 	int		err = 0;
1217 
1218 	/* get device id */
1219 	if (ddi_lyr_get_devid(dev, &devid) == DDI_FAILURE)
1220 		return (EINVAL);
1221 
1222 	sz = ddi_devid_sizeof(devid);
1223 
1224 	/* Error if device id is larger than space allocated */
1225 	if (sz > len) {
1226 		ddi_devid_free(devid);
1227 		return (ENOSPC);
1228 	}
1229 
1230 	/* copy out device id */
1231 	if (copyout(devid, udevid, sz) != 0)
1232 		err = EFAULT;
1233 	ddi_devid_free(devid);
1234 	return (err);
1235 }
1236 
1237 /*
1238  * return the /devices paths associated with the specified devid and
1239  * minor name.
1240  */
1241 /*ARGSUSED*/
1242 static int
modctl_devid2paths(ddi_devid_t udevid,char * uminor_name,uint_t flag,size_t * ulensp,char * upaths)1243 modctl_devid2paths(ddi_devid_t udevid, char *uminor_name, uint_t flag,
1244     size_t *ulensp, char *upaths)
1245 {
1246 	ddi_devid_t	devid = NULL;
1247 	int		devid_len;
1248 	char		*minor_name = NULL;
1249 	dev_info_t	*dip = NULL;
1250 	struct ddi_minor_data	*dmdp;
1251 	char		*path = NULL;
1252 	int		ulens;
1253 	int		lens;
1254 	int		len;
1255 	dev_t		*devlist = NULL;
1256 	int		ndevs;
1257 	int		i;
1258 	int		ret = 0;
1259 
1260 	/*
1261 	 * If upaths is NULL then we are only computing the amount of space
1262 	 * needed to hold the paths and returning the value in *ulensp. If we
1263 	 * are copying out paths then we get the amount of space allocated by
1264 	 * the caller. If the actual space needed for paths is larger, or
1265 	 * things are changing out from under us, then we return EAGAIN.
1266 	 */
1267 	if (upaths) {
1268 		if (ulensp == NULL)
1269 			return (EINVAL);
1270 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
1271 			return (EFAULT);
1272 	}
1273 
1274 	/*
1275 	 * copyin enough of the devid to determine the length then
1276 	 * reallocate and copy in the entire devid.
1277 	 */
1278 	devid_len = ddi_devid_sizeof(NULL);
1279 	devid = kmem_alloc(devid_len, KM_SLEEP);
1280 	if (copyin(udevid, devid, devid_len)) {
1281 		ret = EFAULT;
1282 		goto out;
1283 	}
1284 	len = devid_len;
1285 	devid_len = ddi_devid_sizeof(devid);
1286 	kmem_free(devid, len);
1287 	devid = kmem_alloc(devid_len, KM_SLEEP);
1288 	if (copyin(udevid, devid, devid_len)) {
1289 		ret = EFAULT;
1290 		goto out;
1291 	}
1292 
1293 	/* copyin the minor name if specified. */
1294 	minor_name = uminor_name;
1295 	if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1296 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1297 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK)) {
1298 		minor_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1299 		if (copyinstr(uminor_name, minor_name, MAXPATHLEN, 0)) {
1300 			ret = EFAULT;
1301 			goto out;
1302 		}
1303 	}
1304 
1305 	/*
1306 	 * Use existing function to resolve the devid into a devlist.
1307 	 *
1308 	 * NOTE: there is a loss of spectype information in the current
1309 	 * ddi_lyr_devid_to_devlist implementation. We work around this by not
1310 	 * passing down DEVID_MINOR_NAME_ALL here, but reproducing all minor
1311 	 * node forms in the loop processing the devlist below. It would be
1312 	 * best if at some point the use of this interface here was replaced
1313 	 * with a path oriented call.
1314 	 */
1315 	if (ddi_lyr_devid_to_devlist(devid,
1316 	    (minor_name == DEVID_MINOR_NAME_ALL) ?
1317 	    DEVID_MINOR_NAME_ALL_CHR : minor_name,
1318 	    &ndevs, &devlist) != DDI_SUCCESS) {
1319 		ret = EINVAL;
1320 		goto out;
1321 	}
1322 
1323 	/*
1324 	 * loop over the devlist, converting each devt to a path and doing
1325 	 * a copyout of the path and computation of the amount of space
1326 	 * needed to hold all the paths
1327 	 */
1328 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1329 	for (i = 0, lens = 0; i < ndevs; i++) {
1330 
1331 		/* find the dip associated with the dev_t */
1332 		if ((dip = e_ddi_hold_devi_by_dev(devlist[i], 0)) == NULL)
1333 			continue;
1334 
1335 		/* loop over all the minor nodes, skipping ones we don't want */
1336 		ndi_devi_enter(dip);
1337 		for (dmdp = DEVI(dip)->devi_minor; dmdp; dmdp = dmdp->next) {
1338 			if ((dmdp->ddm_dev != devlist[i]) ||
1339 			    (dmdp->type != DDM_MINOR))
1340 				continue;
1341 
1342 			if ((minor_name != DEVID_MINOR_NAME_ALL) &&
1343 			    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1344 			    (minor_name != DEVID_MINOR_NAME_ALL_BLK) &&
1345 			    strcmp(minor_name, dmdp->ddm_name))
1346 				continue;
1347 			else {
1348 				if ((minor_name == DEVID_MINOR_NAME_ALL_CHR) &&
1349 				    (dmdp->ddm_spec_type != S_IFCHR))
1350 					continue;
1351 				if ((minor_name == DEVID_MINOR_NAME_ALL_BLK) &&
1352 				    (dmdp->ddm_spec_type != S_IFBLK))
1353 					continue;
1354 			}
1355 
1356 			(void) ddi_pathname_minor(dmdp, path);
1357 			len = strlen(path) + 1;
1358 			*(path + len) = '\0';	/* set double termination */
1359 			lens += len;
1360 
1361 			/* copyout the path with double terminations */
1362 			if (upaths) {
1363 				if (lens > ulens) {
1364 					ret = EAGAIN;
1365 					goto out;
1366 				}
1367 				if (copyout(path, upaths, len + 1)) {
1368 					ret = EFAULT;
1369 					goto out;
1370 				}
1371 				upaths += len;
1372 			}
1373 		}
1374 		ndi_devi_exit(dip);
1375 		ddi_release_devi(dip);
1376 		dip = NULL;
1377 	}
1378 	lens++;		/* add one for double termination */
1379 
1380 	/* copy out the amount of space needed to hold the paths */
1381 	if (ulensp && copyout(&lens, ulensp, sizeof (lens))) {
1382 		ret = EFAULT;
1383 		goto out;
1384 	}
1385 	ret = 0;
1386 
1387 out:	if (dip) {
1388 		ndi_devi_exit(dip);
1389 		ddi_release_devi(dip);
1390 	}
1391 	if (path)
1392 		kmem_free(path, MAXPATHLEN);
1393 	if (devlist)
1394 		ddi_lyr_free_devlist(devlist, ndevs);
1395 	if (minor_name &&
1396 	    (minor_name != DEVID_MINOR_NAME_ALL) &&
1397 	    (minor_name != DEVID_MINOR_NAME_ALL_CHR) &&
1398 	    (minor_name != DEVID_MINOR_NAME_ALL_BLK))
1399 		kmem_free(minor_name, MAXPATHLEN);
1400 	if (devid)
1401 		kmem_free(devid, devid_len);
1402 	return (ret);
1403 }
1404 
1405 /*
1406  * Return the size of the minor name.
1407  */
1408 static int
modctl_sizeof_minorname(dev_t dev,int spectype,uint_t * len)1409 modctl_sizeof_minorname(dev_t dev, int spectype, uint_t *len)
1410 {
1411 	uint_t	sz;
1412 	char	*name;
1413 
1414 	/* get the minor name */
1415 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1416 		return (EINVAL);
1417 
1418 	sz = strlen(name) + 1;
1419 	kmem_free(name, sz);
1420 
1421 	/* copy out the size of the minor name */
1422 	if (copyout(&sz, len, sizeof (sz)) != 0)
1423 		return (EFAULT);
1424 
1425 	return (0);
1426 }
1427 
1428 /*
1429  * Return the minor name.
1430  */
1431 static int
modctl_get_minorname(dev_t dev,int spectype,uint_t len,char * uname)1432 modctl_get_minorname(dev_t dev, int spectype, uint_t len, char *uname)
1433 {
1434 	uint_t	sz;
1435 	char	*name;
1436 	int	err = 0;
1437 
1438 	/* get the minor name */
1439 	if (ddi_lyr_get_minor_name(dev, spectype, &name) == DDI_FAILURE)
1440 		return (EINVAL);
1441 
1442 	sz = strlen(name) + 1;
1443 
1444 	/* Error if the minor name is larger than the space allocated */
1445 	if (sz > len) {
1446 		kmem_free(name, sz);
1447 		return (ENOSPC);
1448 	}
1449 
1450 	/* copy out the minor name */
1451 	if (copyout(name, uname, sz) != 0)
1452 		err = EFAULT;
1453 	kmem_free(name, sz);
1454 	return (err);
1455 }
1456 
1457 /*
1458  * Return the size of the (dev_t,spectype) devfspath name.
1459  */
1460 static int
modctl_devfspath_len(dev_t dev,int spectype,uint_t * len)1461 modctl_devfspath_len(dev_t dev, int spectype, uint_t *len)
1462 {
1463 	uint_t	sz;
1464 	char	*name;
1465 
1466 	/* get the path name */
1467 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1468 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1469 		kmem_free(name, MAXPATHLEN);
1470 		return (EINVAL);
1471 	}
1472 
1473 	sz = strlen(name) + 1;
1474 	kmem_free(name, MAXPATHLEN);
1475 
1476 	/* copy out the size of the path name */
1477 	if (copyout(&sz, len, sizeof (sz)) != 0)
1478 		return (EFAULT);
1479 
1480 	return (0);
1481 }
1482 
1483 /*
1484  * Return the (dev_t,spectype) devfspath name.
1485  */
1486 static int
modctl_devfspath(dev_t dev,int spectype,uint_t len,char * uname)1487 modctl_devfspath(dev_t dev, int spectype, uint_t len, char *uname)
1488 {
1489 	uint_t	sz;
1490 	char	*name;
1491 	int	err = 0;
1492 
1493 	/* get the path name */
1494 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1495 	if (ddi_dev_pathname(dev, spectype, name) == DDI_FAILURE) {
1496 		kmem_free(name, MAXPATHLEN);
1497 		return (EINVAL);
1498 	}
1499 
1500 	sz = strlen(name) + 1;
1501 
1502 	/* Error if the path name is larger than the space allocated */
1503 	if (sz > len) {
1504 		kmem_free(name, MAXPATHLEN);
1505 		return (ENOSPC);
1506 	}
1507 
1508 	/* copy out the path name */
1509 	if (copyout(name, uname, sz) != 0)
1510 		err = EFAULT;
1511 	kmem_free(name, MAXPATHLEN);
1512 	return (err);
1513 }
1514 
1515 /*
1516  * Return the size of the (major,instance) devfspath name.
1517  */
1518 static int
modctl_devfspath_mi_len(major_t major,int instance,uint_t * len)1519 modctl_devfspath_mi_len(major_t major, int instance, uint_t *len)
1520 {
1521 	uint_t	sz;
1522 	char	*name;
1523 
1524 	/* get the path name */
1525 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1526 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1527 		kmem_free(name, MAXPATHLEN);
1528 		return (EINVAL);
1529 	}
1530 
1531 	sz = strlen(name) + 1;
1532 	kmem_free(name, MAXPATHLEN);
1533 
1534 	/* copy out the size of the path name */
1535 	if (copyout(&sz, len, sizeof (sz)) != 0)
1536 		return (EFAULT);
1537 
1538 	return (0);
1539 }
1540 
1541 /*
1542  * Return the (major_instance) devfspath name.
1543  * NOTE: e_ddi_majorinstance_to_path does not require the device to attach to
1544  * return a path - it uses the instance tree.
1545  */
1546 static int
modctl_devfspath_mi(major_t major,int instance,uint_t len,char * uname)1547 modctl_devfspath_mi(major_t major, int instance, uint_t len, char *uname)
1548 {
1549 	uint_t	sz;
1550 	char	*name;
1551 	int	err = 0;
1552 
1553 	/* get the path name */
1554 	name = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1555 	if (e_ddi_majorinstance_to_path(major, instance, name) != DDI_SUCCESS) {
1556 		kmem_free(name, MAXPATHLEN);
1557 		return (EINVAL);
1558 	}
1559 
1560 	sz = strlen(name) + 1;
1561 
1562 	/* Error if the path name is larger than the space allocated */
1563 	if (sz > len) {
1564 		kmem_free(name, MAXPATHLEN);
1565 		return (ENOSPC);
1566 	}
1567 
1568 	/* copy out the path name */
1569 	if (copyout(name, uname, sz) != 0)
1570 		err = EFAULT;
1571 	kmem_free(name, MAXPATHLEN);
1572 	return (err);
1573 }
1574 
1575 static int
modctl_get_fbname(char * path)1576 modctl_get_fbname(char *path)
1577 {
1578 	extern dev_t fbdev;
1579 	char *pathname = NULL;
1580 	int rval = 0;
1581 
1582 	/* make sure fbdev is set before we plunge in */
1583 	if (fbdev == NODEV)
1584 		return (ENODEV);
1585 
1586 	pathname = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1587 	if ((rval = ddi_dev_pathname(fbdev, S_IFCHR,
1588 	    pathname)) == DDI_SUCCESS) {
1589 		if (copyout(pathname, path, strlen(pathname)+1) != 0) {
1590 			rval = EFAULT;
1591 		}
1592 	}
1593 	kmem_free(pathname, MAXPATHLEN);
1594 	return (rval);
1595 }
1596 
1597 /*
1598  * modctl_reread_dacf()
1599  *	Reread the dacf rules database from the named binding file.
1600  *	If NULL is specified, pass along the NULL, it means 'use the default'.
1601  */
1602 static int
modctl_reread_dacf(char * path)1603 modctl_reread_dacf(char *path)
1604 {
1605 	int rval = 0;
1606 	char *filename, *filenamep;
1607 
1608 	filename = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1609 
1610 	if (path == NULL) {
1611 		filenamep = NULL;
1612 	} else {
1613 		if (copyinstr(path, filename, MAXPATHLEN, 0) != 0) {
1614 			rval = EFAULT;
1615 			goto out;
1616 		}
1617 		filenamep = filename;
1618 		filenamep[MAXPATHLEN - 1] = '\0';
1619 	}
1620 
1621 	rval = read_dacf_binding_file(filenamep);
1622 out:
1623 	kmem_free(filename, MAXPATHLEN);
1624 	return (rval);
1625 }
1626 
1627 /*ARGSUSED*/
1628 static int
modctl_modevents(int subcmd,uintptr_t a2,uintptr_t a3,uintptr_t a4,uint_t flag)1629 modctl_modevents(int subcmd, uintptr_t a2, uintptr_t a3, uintptr_t a4,
1630     uint_t flag)
1631 {
1632 	int error = 0;
1633 	char *filenamep;
1634 
1635 	switch (subcmd) {
1636 
1637 	case MODEVENTS_FLUSH:
1638 		/* flush all currently queued events */
1639 		log_sysevent_flushq(subcmd, flag);
1640 		break;
1641 
1642 	case MODEVENTS_SET_DOOR_UPCALL_FILENAME:
1643 		/*
1644 		 * bind door_upcall to filename
1645 		 * this should only be done once per invocation
1646 		 * of the event daemon.
1647 		 */
1648 
1649 		filenamep = kmem_zalloc(MOD_MAXPATH, KM_SLEEP);
1650 
1651 		if (copyinstr((char *)a2, filenamep, MOD_MAXPATH, 0)) {
1652 			error = EFAULT;
1653 		} else {
1654 			error = log_sysevent_filename(filenamep);
1655 		}
1656 		kmem_free(filenamep, MOD_MAXPATH);
1657 		break;
1658 
1659 	case MODEVENTS_GETDATA:
1660 		error = log_sysevent_copyout_data((sysevent_id_t *)a2,
1661 		    (size_t)a3, (caddr_t)a4);
1662 		break;
1663 
1664 	case MODEVENTS_FREEDATA:
1665 		error = log_sysevent_free_data((sysevent_id_t *)a2);
1666 		break;
1667 	case MODEVENTS_POST_EVENT:
1668 		error = log_usr_sysevent((sysevent_t *)a2, (uint32_t)a3,
1669 		    (sysevent_id_t *)a4);
1670 		break;
1671 	case MODEVENTS_REGISTER_EVENT:
1672 		error = log_sysevent_register((char *)a2, (char *)a3,
1673 		    (se_pubsub_t *)a4);
1674 		break;
1675 	default:
1676 		error = EINVAL;
1677 	}
1678 
1679 	return (error);
1680 }
1681 
1682 static void
free_mperm(mperm_t * mp)1683 free_mperm(mperm_t *mp)
1684 {
1685 	int len;
1686 
1687 	if (mp->mp_minorname) {
1688 		len = strlen(mp->mp_minorname) + 1;
1689 		kmem_free(mp->mp_minorname, len);
1690 	}
1691 	kmem_free(mp, sizeof (mperm_t));
1692 }
1693 
1694 #define	MP_NO_DRV_ERR	\
1695 	"/etc/minor_perm: no driver for %s\n"
1696 
1697 #define	MP_EMPTY_MINOR	\
1698 	"/etc/minor_perm: empty minor name for driver %s\n"
1699 
1700 #define	MP_NO_MINOR	\
1701 	"/etc/minor_perm: no minor matching %s for driver %s\n"
1702 
1703 /*
1704  * Remove mperm entry with matching minorname
1705  */
1706 static void
rem_minorperm(major_t major,char * drvname,mperm_t * mp,int is_clone)1707 rem_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1708 {
1709 	mperm_t **mp_head;
1710 	mperm_t *freemp = NULL;
1711 	struct devnames *dnp = &devnamesp[major];
1712 	mperm_t **wildmp;
1713 
1714 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1715 
1716 	LOCK_DEV_OPS(&dnp->dn_lock);
1717 	if (strcmp(mp->mp_minorname, "*") == 0) {
1718 		wildmp = ((is_clone == 0) ?
1719 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1720 		if (*wildmp)
1721 			freemp = *wildmp;
1722 		*wildmp = NULL;
1723 	} else {
1724 		mp_head = &dnp->dn_mperm;
1725 		while (*mp_head) {
1726 			if (strcmp((*mp_head)->mp_minorname,
1727 			    mp->mp_minorname) != 0) {
1728 				mp_head = &(*mp_head)->mp_next;
1729 				continue;
1730 			}
1731 			/* remove the entry */
1732 			freemp = *mp_head;
1733 			*mp_head = freemp->mp_next;
1734 			break;
1735 		}
1736 	}
1737 	if (freemp) {
1738 		if (moddebug & MODDEBUG_MINORPERM) {
1739 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1740 			    drvname, freemp->mp_minorname,
1741 			    freemp->mp_mode & 0777,
1742 			    freemp->mp_uid, freemp->mp_gid);
1743 		}
1744 		free_mperm(freemp);
1745 	} else {
1746 		if (moddebug & MODDEBUG_MINORPERM) {
1747 			cmn_err(CE_CONT, MP_NO_MINOR,
1748 			    drvname, mp->mp_minorname);
1749 		}
1750 	}
1751 
1752 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1753 }
1754 
1755 /*
1756  * Add minor perm entry
1757  */
1758 static void
add_minorperm(major_t major,char * drvname,mperm_t * mp,int is_clone)1759 add_minorperm(major_t major, char *drvname, mperm_t *mp, int is_clone)
1760 {
1761 	mperm_t **mp_head;
1762 	mperm_t *freemp = NULL;
1763 	struct devnames *dnp = &devnamesp[major];
1764 	mperm_t **wildmp;
1765 
1766 	ASSERT(mp->mp_minorname && strlen(mp->mp_minorname) > 0);
1767 
1768 	/*
1769 	 * Note that update_drv replace semantics require
1770 	 * replacing matching entries with the new permissions.
1771 	 */
1772 	LOCK_DEV_OPS(&dnp->dn_lock);
1773 	if (strcmp(mp->mp_minorname, "*") == 0) {
1774 		wildmp = ((is_clone == 0) ?
1775 		    &dnp->dn_mperm_wild : &dnp->dn_mperm_clone);
1776 		if (*wildmp)
1777 			freemp = *wildmp;
1778 		*wildmp = mp;
1779 	} else {
1780 		mperm_t *p, *v = NULL;
1781 		for (p = dnp->dn_mperm; p; v = p, p = p->mp_next) {
1782 			if (strcmp(p->mp_minorname, mp->mp_minorname) == 0) {
1783 				if (v == NULL)
1784 					dnp->dn_mperm = mp;
1785 				else
1786 					v->mp_next = mp;
1787 				mp->mp_next = p->mp_next;
1788 				freemp = p;
1789 				goto replaced;
1790 			}
1791 		}
1792 		if (p == NULL) {
1793 			mp_head = &dnp->dn_mperm;
1794 			if (*mp_head == NULL) {
1795 				*mp_head = mp;
1796 			} else {
1797 				mp->mp_next = *mp_head;
1798 				*mp_head = mp;
1799 			}
1800 		}
1801 	}
1802 replaced:
1803 	if (freemp) {
1804 		if (moddebug & MODDEBUG_MINORPERM) {
1805 			cmn_err(CE_CONT, "< %s %s 0%o %d %d\n",
1806 			    drvname, freemp->mp_minorname,
1807 			    freemp->mp_mode & 0777,
1808 			    freemp->mp_uid, freemp->mp_gid);
1809 		}
1810 		free_mperm(freemp);
1811 	}
1812 	if (moddebug & MODDEBUG_MINORPERM) {
1813 		cmn_err(CE_CONT, "> %s %s 0%o %d %d\n",
1814 		    drvname, mp->mp_minorname, mp->mp_mode & 0777,
1815 		    mp->mp_uid, mp->mp_gid);
1816 	}
1817 	UNLOCK_DEV_OPS(&dnp->dn_lock);
1818 }
1819 
1820 
1821 static int
process_minorperm(int cmd,nvlist_t * nvl)1822 process_minorperm(int cmd, nvlist_t *nvl)
1823 {
1824 	char *minor;
1825 	major_t major;
1826 	mperm_t *mp;
1827 	nvpair_t *nvp;
1828 	char *name;
1829 	int is_clone;
1830 	major_t minmaj;
1831 
1832 	ASSERT(cmd == MODLOADMINORPERM ||
1833 	    cmd == MODADDMINORPERM || cmd == MODREMMINORPERM);
1834 
1835 	nvp = NULL;
1836 	while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) {
1837 		name = nvpair_name(nvp);
1838 
1839 		is_clone = 0;
1840 		(void) nvpair_value_string(nvp, &minor);
1841 		major = ddi_name_to_major(name);
1842 		if (major != DDI_MAJOR_T_NONE) {
1843 			mp = kmem_zalloc(sizeof (*mp), KM_SLEEP);
1844 			if (minor == NULL || strlen(minor) == 0) {
1845 				if (moddebug & MODDEBUG_MINORPERM) {
1846 					cmn_err(CE_CONT, MP_EMPTY_MINOR, name);
1847 				}
1848 				minor = "*";
1849 			}
1850 
1851 			/*
1852 			 * The minor name of a node using the clone
1853 			 * driver must be the driver name.  To avoid
1854 			 * multiple searches, we map entries in the form
1855 			 * clone:<driver> to <driver>:*.  This also allows us
1856 			 * to filter out some of the litter in /etc/minor_perm.
1857 			 * Minor perm alias entries where the name is not
1858 			 * the driver kept on the clone list itself.
1859 			 * This all seems very fragile as a driver could
1860 			 * be introduced with an existing alias name.
1861 			 */
1862 			if (strcmp(name, "clone") == 0) {
1863 				minmaj = ddi_name_to_major(minor);
1864 				if (minmaj != DDI_MAJOR_T_NONE) {
1865 					if (moddebug & MODDEBUG_MINORPERM) {
1866 						cmn_err(CE_CONT,
1867 						    "mapping %s:%s to %s:*\n",
1868 						    name, minor, minor);
1869 					}
1870 					major = minmaj;
1871 					name = minor;
1872 					minor = "*";
1873 					is_clone = 1;
1874 				}
1875 			}
1876 
1877 			if (mp) {
1878 				mp->mp_minorname =
1879 				    i_ddi_strdup(minor, KM_SLEEP);
1880 			}
1881 		} else {
1882 			mp = NULL;
1883 			if (moddebug & MODDEBUG_MINORPERM) {
1884 				cmn_err(CE_CONT, MP_NO_DRV_ERR, name);
1885 			}
1886 		}
1887 
1888 		/* mode */
1889 		nvp = nvlist_next_nvpair(nvl, nvp);
1890 		ASSERT(strcmp(nvpair_name(nvp), "mode") == 0);
1891 		if (mp)
1892 			(void) nvpair_value_int32(nvp, (int *)&mp->mp_mode);
1893 		/* uid */
1894 		nvp = nvlist_next_nvpair(nvl, nvp);
1895 		ASSERT(strcmp(nvpair_name(nvp), "uid") == 0);
1896 		if (mp)
1897 			(void) nvpair_value_uint32(nvp, &mp->mp_uid);
1898 		/* gid */
1899 		nvp = nvlist_next_nvpair(nvl, nvp);
1900 		ASSERT(strcmp(nvpair_name(nvp), "gid") == 0);
1901 		if (mp) {
1902 			(void) nvpair_value_uint32(nvp, &mp->mp_gid);
1903 
1904 			if (cmd == MODREMMINORPERM) {
1905 				rem_minorperm(major, name, mp, is_clone);
1906 				free_mperm(mp);
1907 			} else {
1908 				add_minorperm(major, name, mp, is_clone);
1909 			}
1910 		}
1911 	}
1912 
1913 	if (cmd == MODLOADMINORPERM)
1914 		minorperm_loaded = 1;
1915 
1916 	/*
1917 	 * Reset permissions of cached dv_nodes
1918 	 */
1919 	(void) devfs_reset_perm(DV_RESET_PERM);
1920 
1921 	return (0);
1922 }
1923 
1924 static int
modctl_minorperm(int cmd,char * usrbuf,size_t buflen)1925 modctl_minorperm(int cmd, char *usrbuf, size_t buflen)
1926 {
1927 	int error;
1928 	nvlist_t *nvl;
1929 	char *buf = kmem_alloc(buflen, KM_SLEEP);
1930 
1931 	if ((error = ddi_copyin(usrbuf, buf, buflen, 0)) != 0) {
1932 		kmem_free(buf, buflen);
1933 		return (error);
1934 	}
1935 
1936 	error = nvlist_unpack(buf, buflen, &nvl, KM_SLEEP);
1937 	kmem_free(buf, buflen);
1938 	if (error)
1939 		return (error);
1940 
1941 	error = process_minorperm(cmd, nvl);
1942 	nvlist_free(nvl);
1943 	return (error);
1944 }
1945 
1946 struct walk_args {
1947 	char		*wa_drvname;
1948 	list_t		wa_pathlist;
1949 };
1950 
1951 struct path_elem {
1952 	char		*pe_dir;
1953 	char		*pe_nodename;
1954 	list_node_t	pe_node;
1955 	int		pe_dirlen;
1956 };
1957 
1958 /*ARGSUSED*/
1959 static int
modctl_inst_walker(const char * path,in_node_t * np,in_drv_t * dp,void * arg)1960 modctl_inst_walker(const char *path, in_node_t *np, in_drv_t *dp, void *arg)
1961 {
1962 	struct walk_args *wargs = (struct walk_args *)arg;
1963 	struct path_elem *pe;
1964 	char *nodename;
1965 
1966 	/*
1967 	 * Search may be restricted to a single driver in the case of rem_drv
1968 	 */
1969 	if (wargs->wa_drvname &&
1970 	    strcmp(dp->ind_driver_name, wargs->wa_drvname) != 0)
1971 		return (INST_WALK_CONTINUE);
1972 
1973 	pe = kmem_zalloc(sizeof (*pe), KM_SLEEP);
1974 	pe->pe_dir = i_ddi_strdup((char *)path, KM_SLEEP);
1975 	pe->pe_dirlen = strlen(pe->pe_dir) + 1;
1976 	ASSERT(strrchr(pe->pe_dir, '/') != NULL);
1977 	nodename = strrchr(pe->pe_dir, '/');
1978 	*nodename++ = 0;
1979 	pe->pe_nodename = nodename;
1980 	list_insert_tail(&wargs->wa_pathlist, pe);
1981 
1982 	return (INST_WALK_CONTINUE);
1983 }
1984 
1985 /*
1986  * /devices attribute nodes clean-up optionally performed
1987  * when removing a driver (rem_drv -C).
1988  *
1989  * Removing attribute nodes allows a machine to be reprovisioned
1990  * without the side-effect of inadvertently picking up stale
1991  * device node ownership or permissions.
1992  *
1993  * Preserving attributes (not performing cleanup) allows devices
1994  * attribute changes to be preserved across upgrades, as
1995  * upgrade rather heavy-handedly does a rem_drv/add_drv cycle.
1996  */
1997 static int
modctl_remdrv_cleanup(const char * u_drvname)1998 modctl_remdrv_cleanup(const char *u_drvname)
1999 {
2000 	struct walk_args *wargs;
2001 	struct path_elem *pe;
2002 	char *drvname;
2003 	int err, rval = 0;
2004 
2005 	drvname = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
2006 	if ((err = copyinstr(u_drvname, drvname, MAXMODCONFNAME, 0))) {
2007 		kmem_free(drvname, MAXMODCONFNAME);
2008 		return (err);
2009 	}
2010 
2011 	/*
2012 	 * First go through the instance database.  For each
2013 	 * instance of a device bound to the driver being
2014 	 * removed, remove any underlying devfs attribute nodes.
2015 	 *
2016 	 * This is a two-step process.	First we go through
2017 	 * the instance data itself, constructing a list of
2018 	 * the nodes discovered.  The second step is then
2019 	 * to find and remove any devfs attribute nodes
2020 	 * for the instances discovered in the first step.
2021 	 * The two-step process avoids any difficulties
2022 	 * which could arise by holding the instance data
2023 	 * lock with simultaneous devfs operations.
2024 	 */
2025 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2026 
2027 	wargs->wa_drvname = drvname;
2028 	list_create(&wargs->wa_pathlist,
2029 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2030 
2031 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2032 
2033 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2034 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2035 		err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2036 		    (const char *)pe->pe_nodename);
2037 		if (rval == 0)
2038 			rval = err;
2039 	}
2040 
2041 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2042 		list_remove(&wargs->wa_pathlist, pe);
2043 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2044 		kmem_free(pe, sizeof (*pe));
2045 	}
2046 	kmem_free(wargs, sizeof (*wargs));
2047 
2048 	/*
2049 	 * Pseudo nodes aren't recorded in the instance database
2050 	 * so any such nodes need to be handled separately.
2051 	 */
2052 	err = devfs_remdrv_cleanup("pseudo", (const char *)drvname);
2053 	if (rval == 0)
2054 		rval = err;
2055 
2056 	kmem_free(drvname, MAXMODCONFNAME);
2057 	return (rval);
2058 }
2059 
2060 /*
2061  * Perform a cleanup of non-existent /devices attribute nodes,
2062  * similar to rem_drv -C, but for all drivers/devices.
2063  * This is also optional, performed as part of devfsadm -C.
2064  */
2065 void
dev_devices_cleanup()2066 dev_devices_cleanup()
2067 {
2068 	struct walk_args *wargs;
2069 	struct path_elem *pe;
2070 	dev_info_t *devi;
2071 	char *path;
2072 	int err;
2073 
2074 	/*
2075 	 * It's expected that all drivers have been loaded and
2076 	 * module unloading disabled while performing cleanup.
2077 	 */
2078 	ASSERT(modunload_disable_count > 0);
2079 
2080 	wargs = kmem_zalloc(sizeof (*wargs), KM_SLEEP);
2081 	wargs->wa_drvname = NULL;
2082 	list_create(&wargs->wa_pathlist,
2083 	    sizeof (struct path_elem), offsetof(struct path_elem, pe_node));
2084 
2085 	(void) e_ddi_walk_instances(modctl_inst_walker, (void *)wargs);
2086 
2087 	path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
2088 
2089 	for (pe = list_head(&wargs->wa_pathlist); pe != NULL;
2090 	    pe = list_next(&wargs->wa_pathlist, pe)) {
2091 		(void) snprintf(path, MAXPATHLEN, "%s/%s",
2092 		    pe->pe_dir, pe->pe_nodename);
2093 		devi = e_ddi_hold_devi_by_path(path, 0);
2094 		if (devi != NULL) {
2095 			ddi_release_devi(devi);
2096 		} else {
2097 			err = devfs_remdrv_cleanup((const char *)pe->pe_dir,
2098 			    (const char *)pe->pe_nodename);
2099 			if (err) {
2100 				cmn_err(CE_CONT,
2101 				    "devfs: %s: clean-up error %d\n",
2102 				    path, err);
2103 			}
2104 		}
2105 	}
2106 
2107 	while ((pe = list_head(&wargs->wa_pathlist)) != NULL) {
2108 		list_remove(&wargs->wa_pathlist, pe);
2109 		kmem_free(pe->pe_dir, pe->pe_dirlen);
2110 		kmem_free(pe, sizeof (*pe));
2111 	}
2112 	kmem_free(wargs, sizeof (*wargs));
2113 	kmem_free(path, MAXPATHLEN);
2114 }
2115 
2116 static int
modctl_allocpriv(const char * name)2117 modctl_allocpriv(const char *name)
2118 {
2119 	char *pstr = kmem_alloc(PRIVNAME_MAX, KM_SLEEP);
2120 	int error;
2121 
2122 	if ((error = copyinstr(name, pstr, PRIVNAME_MAX, 0))) {
2123 		kmem_free(pstr, PRIVNAME_MAX);
2124 		return (error);
2125 	}
2126 	error = priv_getbyname(pstr, PRIV_ALLOC);
2127 	if (error < 0)
2128 		error = -error;
2129 	else
2130 		error = 0;
2131 	kmem_free(pstr, PRIVNAME_MAX);
2132 	return (error);
2133 }
2134 
2135 static int
modctl_devexists(const char * upath,int pathlen)2136 modctl_devexists(const char *upath, int pathlen)
2137 {
2138 	char	*path;
2139 	int	ret;
2140 
2141 	/*
2142 	 * copy in the path, including the terminating null
2143 	 */
2144 	pathlen++;
2145 	if (pathlen <= 1 || pathlen > MAXPATHLEN)
2146 		return (EINVAL);
2147 	path = kmem_zalloc(pathlen + 1, KM_SLEEP);
2148 	if ((ret = copyinstr(upath, path, pathlen, NULL)) == 0) {
2149 		ret = sdev_modctl_devexists(path);
2150 	}
2151 
2152 	kmem_free(path, pathlen + 1);
2153 	return (ret);
2154 }
2155 
2156 static int
modctl_devreaddir(const char * udir,int udirlen,char * upaths,int64_t * ulensp)2157 modctl_devreaddir(const char *udir, int udirlen,
2158     char *upaths, int64_t *ulensp)
2159 {
2160 	char	*paths = NULL;
2161 	char	**dirlist = NULL;
2162 	char	*dir;
2163 	int64_t	ulens;
2164 	int64_t	lens;
2165 	int	i, n;
2166 	int	ret = 0;
2167 	char	*p;
2168 	int	npaths;
2169 	int	npaths_alloc;
2170 
2171 	/*
2172 	 * If upaths is NULL then we are only computing the amount of space
2173 	 * needed to return the paths, with the value returned in *ulensp. If we
2174 	 * are copying out paths then we get the amount of space allocated by
2175 	 * the caller. If the actual space needed for paths is larger, or
2176 	 * things are changing out from under us, then we return EAGAIN.
2177 	 */
2178 	if (upaths) {
2179 		if (ulensp == NULL)
2180 			return (EINVAL);
2181 		if (copyin(ulensp, &ulens, sizeof (ulens)) != 0)
2182 			return (EFAULT);
2183 	}
2184 
2185 	/*
2186 	 * copyin the /dev path including terminating null
2187 	 */
2188 	udirlen++;
2189 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2190 		return (EINVAL);
2191 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2192 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2193 		goto err;
2194 
2195 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2196 	    &npaths, &npaths_alloc, 0)) != 0) {
2197 		ASSERT(dirlist == NULL);
2198 		goto err;
2199 	}
2200 
2201 	lens = 0;
2202 	for (i = 0; i < npaths; i++) {
2203 		lens += strlen(dirlist[i]) + 1;
2204 	}
2205 	lens++;		/* add one for double termination */
2206 
2207 	if (upaths) {
2208 		if (lens > ulens) {
2209 			ret = EAGAIN;
2210 			goto out;
2211 		}
2212 
2213 		paths = kmem_alloc(lens, KM_SLEEP);
2214 
2215 		p = paths;
2216 		for (i = 0; i < npaths; i++) {
2217 			n = strlen(dirlist[i]) + 1;
2218 			bcopy(dirlist[i], p, n);
2219 			p += n;
2220 		}
2221 		*p = 0;
2222 
2223 		if (copyout(paths, upaths, lens)) {
2224 			ret = EFAULT;
2225 			goto err;
2226 		}
2227 	}
2228 
2229 out:
2230 	/* copy out the amount of space needed to hold the paths */
2231 	if (copyout(&lens, ulensp, sizeof (lens)))
2232 		ret = EFAULT;
2233 
2234 err:
2235 	if (dirlist)
2236 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2237 	if (paths)
2238 		kmem_free(paths, lens);
2239 	kmem_free(dir, udirlen + 1);
2240 	return (ret);
2241 }
2242 
2243 static int
modctl_devemptydir(const char * udir,int udirlen,int * uempty)2244 modctl_devemptydir(const char *udir, int udirlen, int *uempty)
2245 {
2246 	char	*dir;
2247 	int	ret;
2248 	char	**dirlist = NULL;
2249 	int	npaths;
2250 	int	npaths_alloc;
2251 	int	empty;
2252 
2253 	/*
2254 	 * copyin the /dev path including terminating null
2255 	 */
2256 	udirlen++;
2257 	if (udirlen <= 1 || udirlen > MAXPATHLEN)
2258 		return (EINVAL);
2259 	dir = kmem_zalloc(udirlen + 1, KM_SLEEP);
2260 	if ((ret = copyinstr(udir, dir, udirlen, NULL)) != 0)
2261 		goto err;
2262 
2263 	if ((ret = sdev_modctl_readdir(dir, &dirlist,
2264 	    &npaths, &npaths_alloc, 1)) != 0) {
2265 		goto err;
2266 	}
2267 
2268 	empty = npaths ? 0 : 1;
2269 	if (copyout(&empty, uempty, sizeof (empty)))
2270 		ret = EFAULT;
2271 
2272 err:
2273 	if (dirlist)
2274 		sdev_modctl_readdir_free(dirlist, npaths, npaths_alloc);
2275 	kmem_free(dir, udirlen + 1);
2276 	return (ret);
2277 }
2278 
2279 static int
modctl_hp(int subcmd,const char * path,char * cn_name,uintptr_t arg,uintptr_t rval)2280 modctl_hp(int subcmd, const char *path, char *cn_name, uintptr_t arg,
2281     uintptr_t rval)
2282 {
2283 	int error = 0;
2284 	size_t pathsz, namesz;
2285 	char *devpath, *cn_name_str;
2286 
2287 	if (path == NULL)
2288 		return (EINVAL);
2289 
2290 	devpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
2291 	error = copyinstr(path, devpath, MAXPATHLEN, &pathsz);
2292 	if (error != 0) {
2293 		kmem_free(devpath, MAXPATHLEN);
2294 		return (EFAULT);
2295 	}
2296 
2297 	cn_name_str = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2298 	error = copyinstr(cn_name, cn_name_str, MAXNAMELEN, &namesz);
2299 	if (error != 0) {
2300 		kmem_free(devpath, MAXPATHLEN);
2301 		kmem_free(cn_name_str, MAXNAMELEN);
2302 
2303 		return (EFAULT);
2304 	}
2305 
2306 	switch (subcmd) {
2307 	case MODHPOPS_CHANGE_STATE:
2308 		error = ddihp_modctl(DDI_HPOP_CN_CHANGE_STATE, devpath,
2309 		    cn_name_str, arg, 0);
2310 		break;
2311 	case MODHPOPS_CREATE_PORT:
2312 		/* Create an empty PORT */
2313 		error = ddihp_modctl(DDI_HPOP_CN_CREATE_PORT, devpath,
2314 		    cn_name_str, 0, 0);
2315 		break;
2316 	case MODHPOPS_REMOVE_PORT:
2317 		/* Remove an empty PORT */
2318 		error = ddihp_modctl(DDI_HPOP_CN_REMOVE_PORT, devpath,
2319 		    cn_name_str, 0, 0);
2320 		break;
2321 	case MODHPOPS_BUS_GET:
2322 		error = ddihp_modctl(DDI_HPOP_CN_GET_PROPERTY, devpath,
2323 		    cn_name_str, arg, rval);
2324 		break;
2325 	case MODHPOPS_BUS_SET:
2326 		error = ddihp_modctl(DDI_HPOP_CN_SET_PROPERTY, devpath,
2327 		    cn_name_str, arg, rval);
2328 		break;
2329 	default:
2330 		error = ENOTSUP;
2331 		break;
2332 	}
2333 
2334 	kmem_free(devpath, MAXPATHLEN);
2335 	kmem_free(cn_name_str, MAXNAMELEN);
2336 
2337 	return (error);
2338 }
2339 
2340 int
modctl_moddevname(int subcmd,uintptr_t a1,uintptr_t a2)2341 modctl_moddevname(int subcmd, uintptr_t a1, uintptr_t a2)
2342 {
2343 	int error = 0;
2344 
2345 	switch (subcmd) {
2346 	case MODDEVNAME_LOOKUPDOOR:
2347 		error = devname_filename_register((char *)a1);
2348 		break;
2349 	case MODDEVNAME_PROFILE:
2350 		error = devname_profile_update((char *)a1, (size_t)a2);
2351 		break;
2352 	case MODDEVNAME_RECONFIG:
2353 		i_ddi_set_reconfig();
2354 		break;
2355 	case MODDEVNAME_SYSAVAIL:
2356 		i_ddi_set_sysavail();
2357 		break;
2358 	default:
2359 		error = EINVAL;
2360 		break;
2361 	}
2362 
2363 	return (error);
2364 }
2365 
2366 /*ARGSUSED5*/
2367 int
modctl(int cmd,uintptr_t a1,uintptr_t a2,uintptr_t a3,uintptr_t a4,uintptr_t a5)2368 modctl(int cmd, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4,
2369     uintptr_t a5)
2370 {
2371 	int	error = EINVAL;
2372 	dev_t	dev;
2373 
2374 	if (secpolicy_modctl(CRED(), cmd) != 0)
2375 		return (set_errno(EPERM));
2376 
2377 	switch (cmd) {
2378 	case MODLOAD:		/* load a module */
2379 		error = modctl_modload((int)a1, (char *)a2, (int *)a3);
2380 		break;
2381 
2382 	case MODUNLOAD:		/* unload a module */
2383 		error = modctl_modunload((modid_t)a1);
2384 		break;
2385 
2386 	case MODINFO:		/* get module status */
2387 		error = modctl_modinfo((modid_t)a1, (struct modinfo *)a2);
2388 		break;
2389 
2390 	case MODRESERVED:	/* get last major number in range */
2391 		error = modctl_modreserve((modid_t)a1, (int *)a2);
2392 		break;
2393 
2394 	case MODSETMINIROOT:	/* we are running in miniroot */
2395 		isminiroot = 1;
2396 		error = 0;
2397 		break;
2398 
2399 	case MODADDMAJBIND:	/* add major / driver alias bindings */
2400 		error = modctl_add_driver_aliases((int *)a2);
2401 		break;
2402 
2403 	case MODGETPATHLEN:	/* get modpath length */
2404 		error = modctl_getmodpathlen((int *)a2);
2405 		break;
2406 
2407 	case MODGETPATH:	/* get modpath */
2408 		error = modctl_getmodpath((char *)a2);
2409 		break;
2410 
2411 	case MODREADSYSBIND:	/* read system call binding file */
2412 		error = modctl_read_sysbinding_file();
2413 		break;
2414 
2415 	case MODGETMAJBIND:	/* get major number for named device */
2416 		error = modctl_getmaj((char *)a1, (uint_t)a2, (int *)a3);
2417 		break;
2418 
2419 	case MODGETNAME:	/* get name of device given major number */
2420 		error = modctl_getname((char *)a1, (uint_t)a2, (int *)a3);
2421 		break;
2422 
2423 	case MODDEVT2INSTANCE:
2424 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2425 			dev = (dev_t)a1;
2426 		}
2427 #ifdef _SYSCALL32_IMPL
2428 		else {
2429 			dev = expldev(a1);
2430 		}
2431 #endif
2432 		error = modctl_devt2instance(dev, (int *)a2);
2433 		break;
2434 
2435 	case MODSIZEOF_DEVID:	/* sizeof device id of device given dev_t */
2436 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2437 			dev = (dev_t)a1;
2438 		}
2439 #ifdef _SYSCALL32_IMPL
2440 		else {
2441 			dev = expldev(a1);
2442 		}
2443 #endif
2444 		error = modctl_sizeof_devid(dev, (uint_t *)a2);
2445 		break;
2446 
2447 	case MODGETDEVID:	/* get device id of device given dev_t */
2448 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2449 			dev = (dev_t)a1;
2450 		}
2451 #ifdef _SYSCALL32_IMPL
2452 		else {
2453 			dev = expldev(a1);
2454 		}
2455 #endif
2456 		error = modctl_get_devid(dev, (uint_t)a2, (ddi_devid_t)a3);
2457 		break;
2458 
2459 	case MODSIZEOF_MINORNAME:	/* sizeof minor nm (dev_t,spectype) */
2460 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2461 			error = modctl_sizeof_minorname((dev_t)a1, (int)a2,
2462 			    (uint_t *)a3);
2463 		}
2464 #ifdef _SYSCALL32_IMPL
2465 		else {
2466 			error = modctl_sizeof_minorname(expldev(a1), (int)a2,
2467 			    (uint_t *)a3);
2468 		}
2469 
2470 #endif
2471 		break;
2472 
2473 	case MODGETMINORNAME:		/* get minor name of (dev_t,spectype) */
2474 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2475 			error = modctl_get_minorname((dev_t)a1, (int)a2,
2476 			    (uint_t)a3, (char *)a4);
2477 		}
2478 #ifdef _SYSCALL32_IMPL
2479 		else {
2480 			error = modctl_get_minorname(expldev(a1), (int)a2,
2481 			    (uint_t)a3, (char *)a4);
2482 		}
2483 #endif
2484 		break;
2485 
2486 	case MODGETDEVFSPATH_LEN:	/* sizeof path nm of (dev_t,spectype) */
2487 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2488 			error = modctl_devfspath_len((dev_t)a1, (int)a2,
2489 			    (uint_t *)a3);
2490 		}
2491 #ifdef _SYSCALL32_IMPL
2492 		else {
2493 			error = modctl_devfspath_len(expldev(a1), (int)a2,
2494 			    (uint_t *)a3);
2495 		}
2496 
2497 #endif
2498 		break;
2499 
2500 	case MODGETDEVFSPATH:		/* get path name of (dev_t,spec) type */
2501 		if (get_udatamodel() == DATAMODEL_NATIVE) {
2502 			error = modctl_devfspath((dev_t)a1, (int)a2,
2503 			    (uint_t)a3, (char *)a4);
2504 		}
2505 #ifdef _SYSCALL32_IMPL
2506 		else {
2507 			error = modctl_devfspath(expldev(a1), (int)a2,
2508 			    (uint_t)a3, (char *)a4);
2509 		}
2510 #endif
2511 		break;
2512 
2513 	case MODGETDEVFSPATH_MI_LEN:	/* sizeof path nm of (major,instance) */
2514 		error = modctl_devfspath_mi_len((major_t)a1, (int)a2,
2515 		    (uint_t *)a3);
2516 		break;
2517 
2518 	case MODGETDEVFSPATH_MI:	/* get path name of (major,instance) */
2519 		error = modctl_devfspath_mi((major_t)a1, (int)a2,
2520 		    (uint_t)a3, (char *)a4);
2521 		break;
2522 
2523 
2524 	case MODEVENTS:
2525 		error = modctl_modevents((int)a1, a2, a3, a4, (uint_t)a5);
2526 		break;
2527 
2528 	case MODGETFBNAME:	/* get the framebuffer name */
2529 		error = modctl_get_fbname((char *)a1);
2530 		break;
2531 
2532 	case MODREREADDACF:	/* reread dacf rule database from given file */
2533 		error = modctl_reread_dacf((char *)a1);
2534 		break;
2535 
2536 	case MODLOADDRVCONF:	/* load driver.conf file for major */
2537 		error = modctl_load_drvconf((major_t)a1, (int)a2);
2538 		break;
2539 
2540 	case MODUNLOADDRVCONF:	/* unload driver.conf file for major */
2541 		error = modctl_unload_drvconf((major_t)a1);
2542 		break;
2543 
2544 	case MODREMMAJBIND:	/* remove a major binding */
2545 		error = modctl_rem_major((major_t)a1);
2546 		break;
2547 
2548 	case MODREMDRVALIAS:	/* remove a major/alias binding */
2549 		error = modctl_remove_driver_aliases((int *)a2);
2550 		break;
2551 
2552 	case MODDEVID2PATHS:	/* get paths given devid */
2553 		error = modctl_devid2paths((ddi_devid_t)a1, (char *)a2,
2554 		    (uint_t)a3, (size_t *)a4, (char *)a5);
2555 		break;
2556 
2557 	case MODSETDEVPOLICY:	/* establish device policy */
2558 		error = devpolicy_load((int)a1, (size_t)a2, (devplcysys_t *)a3);
2559 		break;
2560 
2561 	case MODGETDEVPOLICY:	/* get device policy */
2562 		error = devpolicy_get((int *)a1, (size_t)a2,
2563 		    (devplcysys_t *)a3);
2564 		break;
2565 
2566 	case MODALLOCPRIV:
2567 		error = modctl_allocpriv((const char *)a1);
2568 		break;
2569 
2570 	case MODGETDEVPOLICYBYNAME:
2571 		error = devpolicy_getbyname((size_t)a1,
2572 		    (devplcysys_t *)a2, (char *)a3);
2573 		break;
2574 
2575 	case MODLOADMINORPERM:
2576 	case MODADDMINORPERM:
2577 	case MODREMMINORPERM:
2578 		error = modctl_minorperm(cmd, (char *)a1, (size_t)a2);
2579 		break;
2580 
2581 	case MODREMDRVCLEANUP:
2582 		error = modctl_remdrv_cleanup((const char *)a1);
2583 		break;
2584 
2585 	case MODDEVEXISTS:	/* non-reconfiguring /dev lookup */
2586 		error = modctl_devexists((const char *)a1, (size_t)a2);
2587 		break;
2588 
2589 	case MODDEVREADDIR:	/* non-reconfiguring /dev readdir */
2590 		error = modctl_devreaddir((const char *)a1, (size_t)a2,
2591 		    (char *)a3, (int64_t *)a4);
2592 		break;
2593 
2594 	case MODDEVEMPTYDIR:	/* non-reconfiguring /dev emptydir */
2595 		error = modctl_devemptydir((const char *)a1, (size_t)a2,
2596 		    (int *)a3);
2597 		break;
2598 
2599 	case MODDEVNAME:
2600 		error = modctl_moddevname((int)a1, a2, a3);
2601 		break;
2602 
2603 	case MODRETIRE:	/* retire device named by physpath a1 */
2604 		error = modctl_retire((char *)a1, (char *)a2, (size_t)a3);
2605 		break;
2606 
2607 	case MODISRETIRED:  /* check if a device is retired. */
2608 		error = modctl_is_retired((char *)a1, (int *)a2);
2609 		break;
2610 
2611 	case MODUNRETIRE:	/* unretire device named by physpath a1 */
2612 		error = modctl_unretire((char *)a1);
2613 		break;
2614 
2615 	case MODHPOPS:	/* hotplug operations */
2616 		/* device named by physpath a2 and Connection name a3 */
2617 		error = modctl_hp((int)a1, (char *)a2, (char *)a3, a4, a5);
2618 		break;
2619 
2620 	default:
2621 		error = EINVAL;
2622 		break;
2623 	}
2624 
2625 	return (error ? set_errno(error) : 0);
2626 }
2627 
2628 /*
2629  * Calls to kobj_load_module()() are handled off to this routine in a
2630  * separate thread.
2631  */
2632 static void
modload_thread(struct loadmt * ltp)2633 modload_thread(struct loadmt *ltp)
2634 {
2635 	/* load the module and signal the creator of this thread */
2636 	kmutex_t	cpr_lk;
2637 	callb_cpr_t	cpr_i;
2638 
2639 	mutex_init(&cpr_lk, NULL, MUTEX_DEFAULT, NULL);
2640 	CALLB_CPR_INIT(&cpr_i, &cpr_lk, callb_generic_cpr, "modload");
2641 	/* borrow the devi lock from thread which invoked us */
2642 	pm_borrow_lock(ltp->owner);
2643 	ltp->retval = kobj_load_module(ltp->mp, ltp->usepath);
2644 	pm_return_lock();
2645 	sema_v(&ltp->sema);
2646 	mutex_enter(&cpr_lk);
2647 	CALLB_CPR_EXIT(&cpr_i);
2648 	mutex_destroy(&cpr_lk);
2649 	thread_exit();
2650 }
2651 
2652 /*
2653  * load a module, adding a reference if caller specifies rmodp.  If rmodp
2654  * is specified then an errno is returned, otherwise a module index is
2655  * returned (-1 on error).
2656  */
2657 static int
modrload(const char * subdir,const char * filename,struct modctl ** rmodp)2658 modrload(const char *subdir, const char *filename, struct modctl **rmodp)
2659 {
2660 	struct modctl *modp;
2661 	size_t size;
2662 	char *fullname;
2663 	int retval = EINVAL;
2664 	int id = -1;
2665 
2666 	if (rmodp)
2667 		*rmodp = NULL;			/* avoid garbage */
2668 
2669 	if (subdir != NULL) {
2670 		/*
2671 		 * refuse / in filename to prevent "../" escapes.
2672 		 */
2673 		if (strchr(filename, '/') != NULL)
2674 			return (rmodp ? retval : id);
2675 
2676 		/*
2677 		 * allocate enough space for <subdir>/<filename><NULL>
2678 		 */
2679 		size = strlen(subdir) + strlen(filename) + 2;
2680 		fullname = kmem_zalloc(size, KM_SLEEP);
2681 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2682 	} else {
2683 		fullname = (char *)filename;
2684 	}
2685 
2686 	modp = mod_hold_installed_mod(fullname, 1, 0, &retval);
2687 	if (modp != NULL) {
2688 		id = modp->mod_id;
2689 		if (rmodp) {
2690 			/* add mod_ref and return *rmodp */
2691 			mutex_enter(&mod_lock);
2692 			modp->mod_ref++;
2693 			mutex_exit(&mod_lock);
2694 			*rmodp = modp;
2695 		}
2696 		mod_release_mod(modp);
2697 		CPU_STATS_ADDQ(CPU, sys, modload, 1);
2698 	}
2699 
2700 	if (subdir != NULL)
2701 		kmem_free(fullname, size);
2702 	return (rmodp ? retval : id);
2703 }
2704 
2705 /*
2706  * This is the primary kernel interface to load a module. It loads and
2707  * installs the named module.  It does not hold mod_ref of the module, so
2708  * a module unload attempt can occur at any time - it is up to the
2709  * _fini/mod_remove implementation to determine if unload will succeed.
2710  */
2711 int
modload(const char * subdir,const char * filename)2712 modload(const char *subdir, const char *filename)
2713 {
2714 	return (modrload(subdir, filename, NULL));
2715 }
2716 
2717 /*
2718  * Load a module using a series of qualified names from most specific to least
2719  * specific, e.g. for subdir "foo", p1 "bar", p2 "baz", we might try:
2720  *			Value returned in *chosen
2721  * foo/bar.baz.1.2.3	3
2722  * foo/bar.baz.1.2	2
2723  * foo/bar.baz.1	1
2724  * foo/bar.baz		0
2725  *
2726  * Return the module ID on success; -1 if no module was loaded.  On success
2727  * and if 'chosen' is not NULL we also return the number of suffices that
2728  * were in the module we chose to load.
2729  */
2730 int
modload_qualified(const char * subdir,const char * p1,const char * p2,const char * delim,uint_t suffv[],int suffc,int * chosen)2731 modload_qualified(const char *subdir, const char *p1,
2732     const char *p2, const char *delim, uint_t suffv[], int suffc, int *chosen)
2733 {
2734 	char path[MOD_MAXPATH];
2735 	size_t n, resid = sizeof (path);
2736 	char *p = path;
2737 
2738 	char **dotv;
2739 	int i, rc, id;
2740 	modctl_t *mp;
2741 
2742 	if (p2 != NULL)
2743 		n = snprintf(p, resid, "%s/%s%s%s", subdir, p1, delim, p2);
2744 	else
2745 		n = snprintf(p, resid, "%s/%s", subdir, p1);
2746 
2747 	if (n >= resid)
2748 		return (-1);
2749 
2750 	p += n;
2751 	resid -= n;
2752 	dotv = kmem_alloc(sizeof (char *) * (suffc + 1), KM_SLEEP);
2753 
2754 	for (i = 0; i < suffc; i++) {
2755 		dotv[i] = p;
2756 		n = snprintf(p, resid, "%s%u", delim, suffv[i]);
2757 
2758 		if (n >= resid) {
2759 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2760 			return (-1);
2761 		}
2762 
2763 		p += n;
2764 		resid -= n;
2765 	}
2766 
2767 	dotv[suffc] = p;
2768 
2769 	for (i = suffc; i >= 0; i--) {
2770 		dotv[i][0] = '\0';
2771 		mp = mod_hold_installed_mod(path, 1, 1, &rc);
2772 
2773 		if (mp != NULL) {
2774 			kmem_free(dotv, sizeof (char *) * (suffc + 1));
2775 			id = mp->mod_id;
2776 			mod_release_mod(mp);
2777 			if (chosen != NULL)
2778 				*chosen = i;
2779 			return (id);
2780 		}
2781 	}
2782 
2783 	kmem_free(dotv, sizeof (char *) * (suffc + 1));
2784 	return (-1);
2785 }
2786 
2787 /*
2788  * Load a module.
2789  */
2790 int
modloadonly(const char * subdir,const char * filename)2791 modloadonly(const char *subdir, const char *filename)
2792 {
2793 	struct modctl *modp;
2794 	char *fullname;
2795 	size_t size;
2796 	int id, retval;
2797 
2798 	if (subdir != NULL) {
2799 		/*
2800 		 * allocate enough space for <subdir>/<filename><NULL>
2801 		 */
2802 		size = strlen(subdir) + strlen(filename) + 2;
2803 		fullname = kmem_zalloc(size, KM_SLEEP);
2804 		(void) sprintf(fullname, "%s/%s", subdir, filename);
2805 	} else {
2806 		fullname = (char *)filename;
2807 	}
2808 
2809 	id = -1;
2810 	modp = mod_hold_loaded_mod(NULL, fullname, &retval);
2811 	if (modp) {
2812 		id = modp->mod_id;
2813 		mod_release_mod(modp);
2814 	}
2815 
2816 	if (subdir != NULL)
2817 		kmem_free(fullname, size);
2818 
2819 	if (retval == 0)
2820 		return (id);
2821 	return (-1);
2822 }
2823 
2824 /*
2825  * Try to uninstall and unload a module, removing a reference if caller
2826  * specifies rmodp.
2827  */
2828 static int
modunrload(modid_t id,struct modctl ** rmodp,int unload)2829 modunrload(modid_t id, struct modctl **rmodp, int unload)
2830 {
2831 	struct modctl	*modp;
2832 	int		retval;
2833 
2834 	if (rmodp)
2835 		*rmodp = NULL;			/* avoid garbage */
2836 
2837 	if ((modp = mod_hold_by_id((modid_t)id)) == NULL)
2838 		return (EINVAL);
2839 
2840 	if (rmodp) {
2841 		mutex_enter(&mod_lock);
2842 		modp->mod_ref--;
2843 		if (modp->mod_ref == 0)
2844 			mod_uninstall_ref_zero++;
2845 		mutex_exit(&mod_lock);
2846 		*rmodp = modp;
2847 	}
2848 
2849 	if (unload) {
2850 		retval = moduninstall(modp);
2851 		if (retval == 0) {
2852 			mod_unload(modp);
2853 			CPU_STATS_ADDQ(CPU, sys, modunload, 1);
2854 		} else if (retval == EALREADY)
2855 			retval = 0;	/* already unloaded, not an error */
2856 	} else
2857 		retval = 0;
2858 
2859 	mod_release_mod(modp);
2860 	return (retval);
2861 }
2862 
2863 /*
2864  * Uninstall and unload a module.
2865  */
2866 int
modunload(modid_t id)2867 modunload(modid_t id)
2868 {
2869 	int		retval;
2870 
2871 	/* synchronize with any active modunload_disable() */
2872 	modunload_begin();
2873 	if (ddi_root_node())
2874 		(void) devfs_clean(ddi_root_node(), NULL, 0);
2875 	retval = modunrload(id, NULL, 1);
2876 	modunload_end();
2877 	return (retval);
2878 }
2879 
2880 /*
2881  * Return status of a loaded module.
2882  */
2883 static int
modinfo(modid_t id,struct modinfo * modinfop)2884 modinfo(modid_t id, struct modinfo *modinfop)
2885 {
2886 	struct modctl	*modp;
2887 	modid_t		mid;
2888 	int		i;
2889 
2890 	mid = modinfop->mi_id;
2891 	if (modinfop->mi_info & MI_INFO_ALL) {
2892 		while ((modp = mod_hold_next_by_id(mid++)) != NULL) {
2893 			if ((modinfop->mi_info & MI_INFO_CNT) ||
2894 			    modp->mod_installed)
2895 				break;
2896 			mod_release_mod(modp);
2897 		}
2898 		if (modp == NULL)
2899 			return (EINVAL);
2900 	} else {
2901 		modp = mod_hold_by_id(id);
2902 		if (modp == NULL)
2903 			return (EINVAL);
2904 		if (!(modinfop->mi_info & MI_INFO_CNT) &&
2905 		    (modp->mod_installed == 0)) {
2906 			mod_release_mod(modp);
2907 			return (EINVAL);
2908 		}
2909 	}
2910 
2911 	modinfop->mi_rev = 0;
2912 	modinfop->mi_state = 0;
2913 	for (i = 0; i < MODMAXLINK; i++) {
2914 		modinfop->mi_msinfo[i].msi_p0 = -1;
2915 		modinfop->mi_msinfo[i].msi_linkinfo[0] = 0;
2916 	}
2917 	if (modp->mod_loaded) {
2918 		modinfop->mi_state = MI_LOADED;
2919 		kobj_getmodinfo(modp->mod_mp, modinfop);
2920 	}
2921 	if (modp->mod_installed) {
2922 		modinfop->mi_state |= MI_INSTALLED;
2923 
2924 		(void) mod_getinfo(modp, modinfop);
2925 	}
2926 
2927 	modinfop->mi_id = modp->mod_id;
2928 	modinfop->mi_loadcnt = modp->mod_loadcnt;
2929 	(void) strcpy(modinfop->mi_name, modp->mod_modname);
2930 
2931 	mod_release_mod(modp);
2932 	return (0);
2933 }
2934 
2935 static char mod_stub_err[] = "mod_hold_stub: Couldn't load stub module %s";
2936 static char no_err[] = "No error function for weak stub %s";
2937 
2938 /*
2939  * used by the stubs themselves to load and hold a module.
2940  * Returns  0 if the module is successfully held;
2941  *	    the stub needs to call mod_release_stub().
2942  *	    -1 if the stub should just call the err_fcn.
2943  * Note that this code is stretched out so that we avoid subroutine calls
2944  * and optimize for the most likely case.  That is, the case where the
2945  * module is loaded and installed and not held.  In that case we just inc
2946  * the mod_ref count and continue.
2947  */
2948 int
mod_hold_stub(struct mod_stub_info * stub)2949 mod_hold_stub(struct mod_stub_info *stub)
2950 {
2951 	struct modctl *mp;
2952 	struct mod_modinfo *mip;
2953 
2954 	mip = stub->mods_modinfo;
2955 
2956 	mutex_enter(&mod_lock);
2957 
2958 	/* we do mod_hold_by_modctl inline for speed */
2959 
2960 mod_check_again:
2961 	if ((mp = mip->mp) != NULL) {
2962 		if (mp->mod_busy == 0) {
2963 			if (mp->mod_installed) {
2964 				/* increment the reference count */
2965 				mp->mod_ref++;
2966 				ASSERT(mp->mod_ref && mp->mod_installed);
2967 				mutex_exit(&mod_lock);
2968 				return (0);
2969 			} else {
2970 				mp->mod_busy = 1;
2971 				mp->mod_inprogress_thread =
2972 				    (curthread == NULL ?
2973 				    (kthread_id_t)-1 : curthread);
2974 			}
2975 		} else {
2976 			/*
2977 			 * wait one time and then go see if someone
2978 			 * else has resolved the stub (set mip->mp).
2979 			 */
2980 			if (mod_hold_by_modctl(mp,
2981 			    MOD_WAIT_ONCE | MOD_LOCK_HELD))
2982 				goto mod_check_again;
2983 
2984 			/*
2985 			 * what we have now may have been unloaded!, in
2986 			 * that case, mip->mp will be NULL, we'll hit this
2987 			 * module and load again..
2988 			 */
2989 			cmn_err(CE_PANIC, "mod_hold_stub should have blocked");
2990 		}
2991 		mutex_exit(&mod_lock);
2992 	} else {
2993 		/* first time we've hit this module */
2994 		mutex_exit(&mod_lock);
2995 		mp = mod_hold_by_name(mip->modm_module_name);
2996 		mip->mp = mp;
2997 	}
2998 
2999 	/*
3000 	 * If we are here, it means that the following conditions
3001 	 * are satisfied.
3002 	 *
3003 	 * mip->mp != NULL
3004 	 * this thread has set the mp->mod_busy = 1
3005 	 * mp->mod_installed = 0
3006 	 *
3007 	 */
3008 	ASSERT(mp != NULL);
3009 	ASSERT(mp->mod_busy == 1);
3010 
3011 	if (mp->mod_installed == 0) {
3012 		/* Module not loaded, if weak stub don't load it */
3013 		if (stub->mods_flag & MODS_WEAK) {
3014 			if (stub->mods_errfcn == NULL) {
3015 				mod_release_mod(mp);
3016 				cmn_err(CE_PANIC, no_err,
3017 				    mip->modm_module_name);
3018 			}
3019 		} else {
3020 			/* Not a weak stub so load the module */
3021 
3022 			if (mod_load(mp, 1) != 0 || modinstall(mp) != 0) {
3023 				/*
3024 				 * If mod_load() was successful
3025 				 * and modinstall() failed, then
3026 				 * unload the module.
3027 				 */
3028 				if (mp->mod_loaded)
3029 					mod_unload(mp);
3030 
3031 				mod_release_mod(mp);
3032 				if (stub->mods_errfcn == NULL) {
3033 					cmn_err(CE_PANIC, mod_stub_err,
3034 					    mip->modm_module_name);
3035 				} else {
3036 					return (-1);
3037 				}
3038 			}
3039 		}
3040 	}
3041 
3042 	/*
3043 	 * At this point module is held and loaded. Release
3044 	 * the mod_busy and mod_inprogress_thread before
3045 	 * returning. We actually call mod_release() here so
3046 	 * that if another stub wants to access this module,
3047 	 * it can do so. mod_ref is incremented before mod_release()
3048 	 * is called to prevent someone else from snatching the
3049 	 * module from this thread.
3050 	 */
3051 	mutex_enter(&mod_lock);
3052 	mp->mod_ref++;
3053 	ASSERT(mp->mod_ref &&
3054 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3055 	mod_release(mp);
3056 	mutex_exit(&mod_lock);
3057 	return (0);
3058 }
3059 
3060 void
mod_release_stub(struct mod_stub_info * stub)3061 mod_release_stub(struct mod_stub_info *stub)
3062 {
3063 	struct modctl *mp = stub->mods_modinfo->mp;
3064 
3065 	/* inline mod_release_mod */
3066 	mutex_enter(&mod_lock);
3067 	ASSERT(mp->mod_ref &&
3068 	    (mp->mod_loaded || (stub->mods_flag & MODS_WEAK)));
3069 	mp->mod_ref--;
3070 	if (mp->mod_ref == 0)
3071 		mod_uninstall_ref_zero++;
3072 	if (mp->mod_want) {
3073 		mp->mod_want = 0;
3074 		cv_broadcast(&mod_cv);
3075 	}
3076 	mutex_exit(&mod_lock);
3077 }
3078 
3079 static struct modctl *
mod_hold_loaded_mod(struct modctl * dep,char * filename,int * status)3080 mod_hold_loaded_mod(struct modctl *dep, char *filename, int *status)
3081 {
3082 	struct modctl *modp;
3083 	int retval;
3084 
3085 	/*
3086 	 * Hold the module.
3087 	 */
3088 	modp = mod_hold_by_name_requisite(dep, filename);
3089 	if (modp) {
3090 		retval = mod_load(modp, 1);
3091 		if (retval != 0) {
3092 			mod_release_mod(modp);
3093 			modp = NULL;
3094 		}
3095 		*status = retval;
3096 	} else {
3097 		*status = ENOSPC;
3098 	}
3099 
3100 	/*
3101 	 * if dep is not NULL, clear the module dependency information.
3102 	 * This information is set in mod_hold_by_name_common().
3103 	 */
3104 	if (dep != NULL && dep->mod_requisite_loading != NULL) {
3105 		ASSERT(dep->mod_busy);
3106 		dep->mod_requisite_loading = NULL;
3107 	}
3108 
3109 	return (modp);
3110 }
3111 
3112 /*
3113  * hold, load, and install the named module
3114  */
3115 static struct modctl *
mod_hold_installed_mod(char * name,int usepath,int forcecheck,int * r)3116 mod_hold_installed_mod(char *name, int usepath, int forcecheck, int *r)
3117 {
3118 	struct modctl *modp;
3119 	int retval;
3120 
3121 	/*
3122 	 * Verify that that module in question actually exists on disk
3123 	 * before allocation of module structure by mod_hold_by_name.
3124 	 */
3125 	if (modrootloaded && swaploaded || forcecheck) {
3126 		if (!kobj_path_exists(name, usepath)) {
3127 			*r = ENOENT;
3128 			return (NULL);
3129 		}
3130 	}
3131 
3132 	/*
3133 	 * Hold the module.
3134 	 */
3135 	modp = mod_hold_by_name(name);
3136 	if (modp) {
3137 		retval = mod_load(modp, usepath);
3138 		if (retval != 0) {
3139 			mod_release_mod(modp);
3140 			modp = NULL;
3141 			*r = retval;
3142 		} else {
3143 			if ((*r = modinstall(modp)) != 0) {
3144 				/*
3145 				 * We loaded it, but failed to _init() it.
3146 				 * Be kind to developers -- force it
3147 				 * out of memory now so that the next
3148 				 * attempt to use the module will cause
3149 				 * a reload.  See 1093793.
3150 				 */
3151 				mod_unload(modp);
3152 				mod_release_mod(modp);
3153 				modp = NULL;
3154 			}
3155 		}
3156 	} else {
3157 		*r = ENOSPC;
3158 	}
3159 	return (modp);
3160 }
3161 
3162 static char mod_excl_msg[] =
3163 	"module %s(%s) is EXCLUDED and will not be loaded\n";
3164 static char mod_init_msg[] = "loadmodule:%s(%s): _init() error %d\n";
3165 
3166 /*
3167  * This routine is needed for dependencies.  Users specify dependencies
3168  * by declaring a character array initialized to filenames of dependents.
3169  * So the code that handles dependents deals with filenames (and not
3170  * module names) because that's all it has.  We load by filename and once
3171  * we've loaded a file we can get the module name.
3172  * Unfortunately there isn't a single unified filename/modulename namespace.
3173  * C'est la vie.
3174  *
3175  * We allow the name being looked up to be prepended by an optional
3176  * subdirectory e.g. we can lookup (NULL, "fs/ufs") or ("fs", "ufs")
3177  */
3178 struct modctl *
mod_find_by_filename(char * subdir,char * filename)3179 mod_find_by_filename(char *subdir, char *filename)
3180 {
3181 	struct modctl	*mp;
3182 	size_t		sublen;
3183 
3184 	ASSERT(!MUTEX_HELD(&mod_lock));
3185 	if (subdir != NULL)
3186 		sublen = strlen(subdir);
3187 	else
3188 		sublen = 0;
3189 
3190 	mutex_enter(&mod_lock);
3191 	mp = &modules;
3192 	do {
3193 		if (sublen) {
3194 			char *mod_filename = mp->mod_filename;
3195 
3196 			if (strncmp(subdir, mod_filename, sublen) == 0 &&
3197 			    mod_filename[sublen] == '/' &&
3198 			    strcmp(filename, &mod_filename[sublen + 1]) == 0) {
3199 				mutex_exit(&mod_lock);
3200 				return (mp);
3201 			}
3202 		} else if (strcmp(filename, mp->mod_filename) == 0) {
3203 			mutex_exit(&mod_lock);
3204 			return (mp);
3205 		}
3206 	} while ((mp = mp->mod_next) != &modules);
3207 	mutex_exit(&mod_lock);
3208 	return (NULL);
3209 }
3210 
3211 /*
3212  * Check for circular dependencies.  This is called from do_dependents()
3213  * in kobj.c.  If we are the thread already loading this module, then
3214  * we're trying to load a dependent that we're already loading which
3215  * means the user specified circular dependencies.
3216  */
3217 static int
mod_circdep(struct modctl * modp)3218 mod_circdep(struct modctl *modp)
3219 {
3220 	struct modctl	*rmod;
3221 
3222 	ASSERT(MUTEX_HELD(&mod_lock));
3223 
3224 	/*
3225 	 * Check the mod_inprogress_thread first.
3226 	 * mod_inprogress_thread is used in mod_hold_stub()
3227 	 * directly to improve performance.
3228 	 */
3229 	if (modp->mod_inprogress_thread == curthread)
3230 		return (1);
3231 
3232 	/*
3233 	 * Check the module circular dependencies.
3234 	 */
3235 	for (rmod = modp; rmod != NULL; rmod = rmod->mod_requisite_loading) {
3236 		/*
3237 		 * Check if there is a module circular dependency.
3238 		 */
3239 		if (rmod->mod_requisite_loading == modp)
3240 			return (1);
3241 	}
3242 	return (0);
3243 }
3244 
3245 static int
mod_getinfo(struct modctl * modp,struct modinfo * modinfop)3246 mod_getinfo(struct modctl *modp, struct modinfo *modinfop)
3247 {
3248 	int (*func)(struct modinfo *);
3249 	int retval;
3250 
3251 	ASSERT(modp->mod_busy);
3252 
3253 	/* primary modules don't do getinfo */
3254 	if (modp->mod_prim)
3255 		return (0);
3256 
3257 	func = (int (*)(struct modinfo *))kobj_lookup(modp->mod_mp, "_info");
3258 
3259 	if (kobj_addrcheck(modp->mod_mp, (caddr_t)func)) {
3260 		cmn_err(CE_WARN, "_info() not defined properly in %s",
3261 		    modp->mod_filename);
3262 		/*
3263 		 * The semantics of mod_info(9F) are that 0 is failure
3264 		 * and non-zero is success.
3265 		 */
3266 		retval = 0;
3267 	} else
3268 		retval = (*func)(modinfop);	/* call _info() function */
3269 
3270 	if (moddebug & MODDEBUG_USERDEBUG)
3271 		printf("Returned from _info, retval = %x\n", retval);
3272 
3273 	return (retval);
3274 }
3275 
3276 static void
modadd(struct modctl * mp)3277 modadd(struct modctl *mp)
3278 {
3279 	ASSERT(MUTEX_HELD(&mod_lock));
3280 
3281 	mp->mod_id = last_module_id++;
3282 	mp->mod_next = &modules;
3283 	mp->mod_prev = modules.mod_prev;
3284 	modules.mod_prev->mod_next = mp;
3285 	modules.mod_prev = mp;
3286 }
3287 
3288 /*ARGSUSED*/
3289 static struct modctl *
allocate_modp(const char * filename,const char * modname)3290 allocate_modp(const char *filename, const char *modname)
3291 {
3292 	struct modctl *mp;
3293 
3294 	mp = kobj_zalloc(sizeof (*mp), KM_SLEEP);
3295 	mp->mod_modname = kobj_zalloc(strlen(modname) + 1, KM_SLEEP);
3296 	(void) strcpy(mp->mod_modname, modname);
3297 	return (mp);
3298 }
3299 
3300 /*
3301  * Get the value of a symbol.  This is a wrapper routine that
3302  * calls kobj_getsymvalue().  kobj_getsymvalue() may go away but this
3303  * wrapper will prevent callers from noticing.
3304  */
3305 uintptr_t
modgetsymvalue(char * name,int kernelonly)3306 modgetsymvalue(char *name, int kernelonly)
3307 {
3308 	return (kobj_getsymvalue(name, kernelonly));
3309 }
3310 
3311 /*
3312  * Get the symbol nearest an address.  This is a wrapper routine that
3313  * calls kobj_getsymname().  kobj_getsymname() may go away but this
3314  * wrapper will prevent callers from noticing.
3315  */
3316 char *
modgetsymname(uintptr_t value,ulong_t * offset)3317 modgetsymname(uintptr_t value, ulong_t *offset)
3318 {
3319 	return (kobj_getsymname(value, offset));
3320 }
3321 
3322 /*
3323  * Lookup a symbol in a specified module.  These are wrapper routines that
3324  * call kobj_lookup().	kobj_lookup() may go away but these wrappers will
3325  * prevent callers from noticing.
3326  */
3327 uintptr_t
modlookup(const char * modname,const char * symname)3328 modlookup(const char *modname, const char *symname)
3329 {
3330 	struct modctl *modp;
3331 	uintptr_t val;
3332 
3333 	if ((modp = mod_hold_by_name(modname)) == NULL)
3334 		return (0);
3335 	val = kobj_lookup(modp->mod_mp, symname);
3336 	mod_release_mod(modp);
3337 	return (val);
3338 }
3339 
3340 uintptr_t
modlookup_by_modctl(modctl_t * modp,const char * symname)3341 modlookup_by_modctl(modctl_t *modp, const char *symname)
3342 {
3343 	ASSERT(modp->mod_ref > 0 || modp->mod_busy);
3344 
3345 	return (kobj_lookup(modp->mod_mp, symname));
3346 }
3347 
3348 /*
3349  * Ask the user for the name of the system file and the default path
3350  * for modules.
3351  */
3352 void
mod_askparams()3353 mod_askparams()
3354 {
3355 	static char s0[64];
3356 	intptr_t fd;
3357 
3358 	if ((fd = kobj_open(systemfile)) != -1L)
3359 		kobj_close(fd);
3360 	else
3361 		systemfile = self_assembly = NULL;
3362 
3363 	/*CONSTANTCONDITION*/
3364 	while (1) {
3365 		printf("Name of system file [%s]:  ",
3366 		    systemfile ? systemfile : "/dev/null");
3367 
3368 		console_gets(s0, sizeof (s0));
3369 
3370 		if (s0[0] == '\0')
3371 			break;
3372 		else if (strcmp(s0, "/dev/null") == 0) {
3373 			systemfile = self_assembly = NULL;
3374 			break;
3375 		} else {
3376 			if ((fd = kobj_open(s0)) != -1L) {
3377 				kobj_close(fd);
3378 				systemfile = s0;
3379 				self_assembly = NULL;
3380 				break;
3381 			}
3382 		}
3383 		printf("can't find file %s\n", s0);
3384 	}
3385 }
3386 
3387 static char loading_msg[] = "loading '%s' id %d\n";
3388 static char load_msg[] = "load '%s' id %d loaded @ 0x%p/0x%p size %d/%d\n";
3389 
3390 /*
3391  * Common code for loading a module (but not installing it).
3392  * Handoff the task of module loading to a separate thread
3393  * with a large stack if possible, since this code may recurse a few times.
3394  * Return zero if there are no errors or an errno value.
3395  */
3396 static int
mod_load(struct modctl * mp,int usepath)3397 mod_load(struct modctl *mp, int usepath)
3398 {
3399 	int		retval;
3400 	struct modinfo	*modinfop = NULL;
3401 	struct loadmt	lt;
3402 
3403 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3404 	ASSERT(mp->mod_busy);
3405 
3406 	if (mp->mod_loaded)
3407 		return (0);
3408 
3409 	if (mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_modname) != 0 ||
3410 	    mod_sysctl(SYS_CHECK_EXCLUDE, mp->mod_filename) != 0) {
3411 		if (moddebug & MODDEBUG_LOADMSG) {
3412 			printf(mod_excl_msg, mp->mod_filename,
3413 			    mp->mod_modname);
3414 		}
3415 		return (ENXIO);
3416 	}
3417 	if (moddebug & MODDEBUG_LOADMSG2)
3418 		printf(loading_msg, mp->mod_filename, mp->mod_id);
3419 
3420 	if (curthread != &t0) {
3421 		lt.mp = mp;
3422 		lt.usepath = usepath;
3423 		lt.owner = curthread;
3424 		sema_init(&lt.sema, 0, NULL, SEMA_DEFAULT, NULL);
3425 
3426 		/* create thread to hand of call to */
3427 		(void) thread_create(NULL, DEFAULTSTKSZ * 2,
3428 		    modload_thread, &lt, 0, &p0, TS_RUN, maxclsyspri);
3429 
3430 		/* wait for thread to complete kobj_load_module */
3431 		sema_p(&lt.sema);
3432 
3433 		sema_destroy(&lt.sema);
3434 		retval = lt.retval;
3435 	} else
3436 		retval = kobj_load_module(mp, usepath);
3437 
3438 	if (mp->mod_mp) {
3439 		ASSERT(retval == 0);
3440 		mp->mod_loaded = 1;
3441 		mp->mod_loadcnt++;
3442 		if (moddebug & MODDEBUG_LOADMSG) {
3443 			printf(load_msg, mp->mod_filename, mp->mod_id,
3444 			    (void *)((struct module *)mp->mod_mp)->text,
3445 			    (void *)((struct module *)mp->mod_mp)->data,
3446 			    ((struct module *)mp->mod_mp)->text_size,
3447 			    ((struct module *)mp->mod_mp)->data_size);
3448 		}
3449 
3450 		/*
3451 		 * XXX - There should be a better way to get this.
3452 		 */
3453 		modinfop = kmem_zalloc(sizeof (struct modinfo), KM_SLEEP);
3454 		modinfop->mi_info = MI_INFO_LINKAGE;
3455 		if (mod_getinfo(mp, modinfop) == 0)
3456 			mp->mod_linkage = NULL;
3457 		else {
3458 			mp->mod_linkage = (void *)modinfop->mi_base;
3459 			ASSERT(mp->mod_linkage->ml_rev == MODREV_1);
3460 		}
3461 
3462 		/*
3463 		 * DCS: bootstrapping code. If the driver is loaded
3464 		 * before root mount, it is assumed that the driver
3465 		 * may be used before mounting root. In order to
3466 		 * access mappings of global to local minor no.'s
3467 		 * during installation/open of the driver, we load
3468 		 * them into memory here while the BOP_interfaces
3469 		 * are still up.
3470 		 */
3471 		if ((cluster_bootflags & CLUSTER_BOOTED) && !modrootloaded) {
3472 			retval = clboot_modload(mp);
3473 		}
3474 
3475 		kmem_free(modinfop, sizeof (struct modinfo));
3476 		(void) mod_sysctl(SYS_SET_MVAR, (void *)mp);
3477 		retval = install_stubs_by_name(mp, mp->mod_modname);
3478 
3479 		/*
3480 		 * Perform hotinlines before module is started.
3481 		 */
3482 		do_hotinlines(mp->mod_mp);
3483 
3484 		/*
3485 		 * Now that the module is loaded, we need to give DTrace
3486 		 * a chance to notify its providers.  This is done via
3487 		 * the dtrace_modload function pointer.
3488 		 */
3489 		if (strcmp(mp->mod_modname, "dtrace") != 0) {
3490 			struct modctl *dmp = mod_hold_by_name("dtrace");
3491 
3492 			if (dmp != NULL && dtrace_modload != NULL)
3493 				(*dtrace_modload)(mp);
3494 
3495 			mod_release_mod(dmp);
3496 		}
3497 
3498 	} else {
3499 		/*
3500 		 * If load failed then we need to release any requisites
3501 		 * that we had established.
3502 		 */
3503 		ASSERT(retval);
3504 		mod_release_requisites(mp);
3505 
3506 		if (moddebug & MODDEBUG_ERRMSG)
3507 			printf("error loading '%s', error %d\n",
3508 			    mp->mod_filename, retval);
3509 	}
3510 	return (retval);
3511 }
3512 
3513 static char unload_msg[] = "unloading %s, module id %d, loadcnt %d.\n";
3514 
3515 static void
mod_unload(struct modctl * mp)3516 mod_unload(struct modctl *mp)
3517 {
3518 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3519 	ASSERT(mp->mod_busy);
3520 	ASSERT((mp->mod_loaded && (mp->mod_installed == 0)) &&
3521 	    ((mp->mod_prim == 0) && (mp->mod_ref >= 0)));
3522 
3523 	if (moddebug & MODDEBUG_LOADMSG)
3524 		printf(unload_msg, mp->mod_modname,
3525 		    mp->mod_id, mp->mod_loadcnt);
3526 
3527 	/*
3528 	 * If mod_ref is not zero, it means some modules might still refer
3529 	 * to this module. Then you can't unload this module right now.
3530 	 * Instead, set 1 to mod_delay_unload to notify the system of
3531 	 * unloading this module later when it's not required any more.
3532 	 */
3533 	if (mp->mod_ref > 0) {
3534 		mp->mod_delay_unload = 1;
3535 		if (moddebug & MODDEBUG_LOADMSG2) {
3536 			printf("module %s not unloaded,"
3537 			    " non-zero reference count (%d)",
3538 			    mp->mod_modname, mp->mod_ref);
3539 		}
3540 		return;
3541 	}
3542 
3543 	if (((mp->mod_loaded == 0) || mp->mod_installed) ||
3544 	    (mp->mod_ref || mp->mod_prim)) {
3545 		/*
3546 		 * A DEBUG kernel would ASSERT panic above, the code is broken
3547 		 * if we get this warning.
3548 		 */
3549 		cmn_err(CE_WARN, "mod_unload: %s in incorrect state: %d %d %d",
3550 		    mp->mod_filename, mp->mod_installed, mp->mod_loaded,
3551 		    mp->mod_ref);
3552 		return;
3553 	}
3554 
3555 	/* reset stub functions to call the binder again */
3556 	reset_stubs(mp);
3557 
3558 	/*
3559 	 * mark module as unloaded before the modctl structure is freed.
3560 	 * This is required not to reuse the modctl structure before
3561 	 * the module is marked as unloaded.
3562 	 */
3563 	mp->mod_loaded = 0;
3564 	mp->mod_linkage = NULL;
3565 
3566 	/* free the memory */
3567 	kobj_unload_module(mp);
3568 
3569 	if (mp->mod_delay_unload) {
3570 		mp->mod_delay_unload = 0;
3571 		if (moddebug & MODDEBUG_LOADMSG2) {
3572 			printf("deferred unload of module %s"
3573 			    " (id %d) successful",
3574 			    mp->mod_modname, mp->mod_id);
3575 		}
3576 	}
3577 
3578 	/* release hold on requisites */
3579 	mod_release_requisites(mp);
3580 
3581 	/*
3582 	 * Now that the module is gone, we need to give DTrace a chance to
3583 	 * remove any probes that it may have had in the module.  This is
3584 	 * done via the dtrace_modunload function pointer.
3585 	 */
3586 	if (strcmp(mp->mod_modname, "dtrace") != 0) {
3587 		struct modctl *dmp = mod_hold_by_name("dtrace");
3588 
3589 		if (dmp != NULL && dtrace_modunload != NULL)
3590 			(*dtrace_modunload)(mp);
3591 
3592 		mod_release_mod(dmp);
3593 	}
3594 }
3595 
3596 static int
modinstall(struct modctl * mp)3597 modinstall(struct modctl *mp)
3598 {
3599 	int val;
3600 	int (*func)(void);
3601 
3602 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3603 	ASSERT(mp->mod_busy && mp->mod_loaded);
3604 
3605 	if (mp->mod_installed)
3606 		return (0);
3607 	/*
3608 	 * If mod_delay_unload is on, it means the system chose the deferred
3609 	 * unload for this module. Then you can't install this module until
3610 	 * it's unloaded from the system.
3611 	 */
3612 	if (mp->mod_delay_unload)
3613 		return (ENXIO);
3614 
3615 	if (moddebug & MODDEBUG_LOADMSG)
3616 		printf("installing %s, module id %d.\n",
3617 		    mp->mod_modname, mp->mod_id);
3618 
3619 	ASSERT(mp->mod_mp != NULL);
3620 	if (mod_install_requisites(mp) != 0) {
3621 		/*
3622 		 * Note that we can't call mod_unload(mp) here since
3623 		 * if modinstall() was called by mod_install_requisites(),
3624 		 * we won't be able to hold the dependent modules
3625 		 * (otherwise there would be a deadlock).
3626 		 */
3627 		return (ENXIO);
3628 	}
3629 
3630 	if (moddebug & MODDEBUG_ERRMSG) {
3631 		printf("init '%s' id %d loaded @ 0x%p/0x%p size %lu/%lu\n",
3632 		    mp->mod_filename, mp->mod_id,
3633 		    (void *)((struct module *)mp->mod_mp)->text,
3634 		    (void *)((struct module *)mp->mod_mp)->data,
3635 		    ((struct module *)mp->mod_mp)->text_size,
3636 		    ((struct module *)mp->mod_mp)->data_size);
3637 	}
3638 
3639 	func = (int (*)())kobj_lookup(mp->mod_mp, "_init");
3640 
3641 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3642 		cmn_err(CE_WARN, "_init() not defined properly in %s",
3643 		    mp->mod_filename);
3644 		return (EFAULT);
3645 	}
3646 
3647 	if (moddebug & MODDEBUG_USERDEBUG) {
3648 		printf("breakpoint before calling %s:_init()\n",
3649 		    mp->mod_modname);
3650 		if (DEBUGGER_PRESENT)
3651 			debug_enter("_init");
3652 	}
3653 
3654 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3655 	ASSERT(mp->mod_busy && mp->mod_loaded);
3656 	val = (*func)();		/* call _init */
3657 
3658 	if (moddebug & MODDEBUG_USERDEBUG)
3659 		printf("Returned from _init, val = %x\n", val);
3660 
3661 	if (val == 0) {
3662 		/*
3663 		 * Set the MODS_INSTALLED flag to enable this module
3664 		 * being called now.
3665 		 */
3666 		install_stubs(mp);
3667 		mp->mod_installed = 1;
3668 	} else if (moddebug & MODDEBUG_ERRMSG)
3669 		printf(mod_init_msg, mp->mod_filename, mp->mod_modname, val);
3670 
3671 	return (val);
3672 }
3673 
3674 int	detach_driver_unconfig = 0;
3675 
3676 static int
detach_driver(char * name)3677 detach_driver(char *name)
3678 {
3679 	major_t major;
3680 	int error;
3681 
3682 	/*
3683 	 * If being called from mod_uninstall_all() then the appropriate
3684 	 * driver detaches (leaf only) have already been done.
3685 	 */
3686 	if (mod_in_autounload())
3687 		return (0);
3688 
3689 	major = ddi_name_to_major(name);
3690 	if (major == DDI_MAJOR_T_NONE)
3691 		return (0);
3692 
3693 	error = ndi_devi_unconfig_driver(ddi_root_node(),
3694 	    NDI_DETACH_DRIVER | detach_driver_unconfig, major);
3695 	return (error == NDI_SUCCESS ? 0 : -1);
3696 }
3697 
3698 static char finiret_msg[] = "Returned from _fini for %s, status = %x\n";
3699 
3700 static int
moduninstall(struct modctl * mp)3701 moduninstall(struct modctl *mp)
3702 {
3703 	int status = 0;
3704 	int (*func)(void);
3705 
3706 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3707 	ASSERT(mp->mod_busy);
3708 
3709 	/*
3710 	 * Verify that we need to do something and can uninstall the module.
3711 	 *
3712 	 * If we should not uninstall the module or if the module is not in
3713 	 * the correct state to start an uninstall we return EBUSY to prevent
3714 	 * us from progressing to mod_unload.  If the module has already been
3715 	 * uninstalled and unloaded we return EALREADY.
3716 	 */
3717 	if (mp->mod_prim || mp->mod_ref || mp->mod_nenabled != 0)
3718 		return (EBUSY);
3719 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0))
3720 		return (EALREADY);
3721 
3722 	/*
3723 	 * To avoid devinfo / module deadlock we must release this module
3724 	 * prior to initiating the detach_driver, otherwise the detach_driver
3725 	 * might deadlock on a devinfo node held by another thread
3726 	 * coming top down and involving the module we have locked.
3727 	 *
3728 	 * When we regrab the module we must reverify that it is OK
3729 	 * to proceed with the uninstall operation.
3730 	 */
3731 	mod_release_mod(mp);
3732 	status = detach_driver(mp->mod_modname);
3733 	(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
3734 
3735 	/* check detach status and reverify state with lock */
3736 	mutex_enter(&mod_lock);
3737 	if ((status != 0) || mp->mod_prim || mp->mod_ref) {
3738 		mutex_exit(&mod_lock);
3739 		return (EBUSY);
3740 	}
3741 	if ((mp->mod_installed == 0) || (mp->mod_loaded == 0)) {
3742 		mutex_exit(&mod_lock);
3743 		return (EALREADY);
3744 	}
3745 	mutex_exit(&mod_lock);
3746 
3747 	if (moddebug & MODDEBUG_LOADMSG2)
3748 		printf("uninstalling %s\n", mp->mod_modname);
3749 
3750 	/*
3751 	 * lookup _fini, return EBUSY if not defined.
3752 	 *
3753 	 * The MODDEBUG_FINI_EBUSY is usefull in resolving leaks in
3754 	 * detach(9E) - it allows bufctl addresses to be resolved.
3755 	 */
3756 	func = (int (*)())kobj_lookup(mp->mod_mp, "_fini");
3757 	if ((func == NULL) || (mp->mod_loadflags & MOD_NOUNLOAD) ||
3758 	    (moddebug & MODDEBUG_FINI_EBUSY))
3759 		return (EBUSY);
3760 
3761 	/* verify that _fini is in this module */
3762 	if (kobj_addrcheck(mp->mod_mp, (caddr_t)func)) {
3763 		cmn_err(CE_WARN, "_fini() not defined properly in %s",
3764 		    mp->mod_filename);
3765 		return (EFAULT);
3766 	}
3767 
3768 	/* call _fini() */
3769 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
3770 	ASSERT(mp->mod_busy && mp->mod_loaded && mp->mod_installed);
3771 
3772 	status = (*func)();
3773 
3774 	if (status == 0) {
3775 		/* _fini returned success, the module is no longer installed */
3776 		if (moddebug & MODDEBUG_LOADMSG)
3777 			printf("uninstalled %s\n", mp->mod_modname);
3778 
3779 		/*
3780 		 * Even though we only set mod_installed to zero here, a zero
3781 		 * return value means we are committed to a code path were
3782 		 * mod_loaded will also end up as zero - we have no other
3783 		 * way to get the module data and bss back to the pre _init
3784 		 * state except a reload. To ensure this, after return,
3785 		 * mod_busy must stay set until mod_loaded is cleared.
3786 		 */
3787 		mp->mod_installed = 0;
3788 
3789 		/*
3790 		 * Clear the MODS_INSTALLED flag not to call functions
3791 		 * in the module directly from now on.
3792 		 */
3793 		uninstall_stubs(mp);
3794 	} else {
3795 		if (moddebug & MODDEBUG_USERDEBUG)
3796 			printf(finiret_msg, mp->mod_filename, status);
3797 		/*
3798 		 * By definition _fini is only allowed to return EBUSY or the
3799 		 * result of mod_remove (EBUSY or EINVAL).  In the off chance
3800 		 * that a driver returns EALREADY we convert this to EINVAL
3801 		 * since to our caller EALREADY means module was already
3802 		 * removed.
3803 		 */
3804 		if (status == EALREADY)
3805 			status = EINVAL;
3806 	}
3807 
3808 	return (status);
3809 }
3810 
3811 /*
3812  * Uninstall all modules.
3813  */
3814 static void
mod_uninstall_all(void)3815 mod_uninstall_all(void)
3816 {
3817 	struct modctl	*mp;
3818 	int		pass;
3819 	modid_t		modid;
3820 
3821 	/* synchronize with any active modunload_disable() */
3822 	modunload_begin();
3823 
3824 	/* mark this thread as doing autounloading */
3825 	(void) tsd_set(mod_autounload_key, (void *)1);
3826 
3827 	(void) devfs_clean(ddi_root_node(), NULL, 0);
3828 	(void) ndi_devi_unconfig(ddi_root_node(), NDI_AUTODETACH);
3829 
3830 	/*
3831 	 * Loop up to max times if we keep producing unreferenced modules.
3832 	 * A new unreferenced module is an opportunity to unload.
3833 	 */
3834 	for (pass = 0; pass < mod_uninstall_pass_max; pass++) {
3835 
3836 		/* zero count of modules that go unreferenced during pass */
3837 		mod_uninstall_ref_zero = 0;
3838 
3839 		modid = 0;
3840 		while ((mp = mod_hold_next_by_id(modid)) != NULL) {
3841 			modid = mp->mod_id;
3842 
3843 			/*
3844 			 * Skip modules with the MOD_NOAUTOUNLOAD flag set
3845 			 */
3846 			if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
3847 				mod_release_mod(mp);
3848 				continue;
3849 			}
3850 
3851 			if (moduninstall(mp) == 0) {
3852 				mod_unload(mp);
3853 				CPU_STATS_ADDQ(CPU, sys, modunload, 1);
3854 			}
3855 			mod_release_mod(mp);
3856 		}
3857 
3858 		/* break if no modules went unreferenced during pass */
3859 		if (mod_uninstall_ref_zero == 0)
3860 			break;
3861 	}
3862 	if (pass >= mod_uninstall_pass_max)
3863 		mod_uninstall_pass_exc++;
3864 
3865 	(void) tsd_set(mod_autounload_key, NULL);
3866 	modunload_end();
3867 }
3868 
3869 /* wait for unloads that have begun before registering disable */
3870 void
modunload_disable(void)3871 modunload_disable(void)
3872 {
3873 	mutex_enter(&modunload_wait_mutex);
3874 	while (modunload_active_count) {
3875 		modunload_wait++;
3876 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3877 		modunload_wait--;
3878 	}
3879 	modunload_disable_count++;
3880 	mutex_exit(&modunload_wait_mutex);
3881 }
3882 
3883 /* mark end of disable and signal waiters */
3884 void
modunload_enable(void)3885 modunload_enable(void)
3886 {
3887 	mutex_enter(&modunload_wait_mutex);
3888 	modunload_disable_count--;
3889 	if ((modunload_disable_count == 0) && modunload_wait)
3890 		cv_broadcast(&modunload_wait_cv);
3891 	mutex_exit(&modunload_wait_mutex);
3892 }
3893 
3894 /* wait for disables to complete before begining unload */
3895 void
modunload_begin()3896 modunload_begin()
3897 {
3898 	mutex_enter(&modunload_wait_mutex);
3899 	while (modunload_disable_count) {
3900 		modunload_wait++;
3901 		cv_wait(&modunload_wait_cv, &modunload_wait_mutex);
3902 		modunload_wait--;
3903 	}
3904 	modunload_active_count++;
3905 	mutex_exit(&modunload_wait_mutex);
3906 }
3907 
3908 /* mark end of unload and signal waiters */
3909 void
modunload_end()3910 modunload_end()
3911 {
3912 	mutex_enter(&modunload_wait_mutex);
3913 	modunload_active_count--;
3914 	if ((modunload_active_count == 0) && modunload_wait)
3915 		cv_broadcast(&modunload_wait_cv);
3916 	mutex_exit(&modunload_wait_mutex);
3917 }
3918 
3919 void
mod_uninstall_daemon(void)3920 mod_uninstall_daemon(void)
3921 {
3922 	callb_cpr_t	cprinfo;
3923 	clock_t		ticks;
3924 
3925 	mod_aul_thread = curthread;
3926 
3927 	CALLB_CPR_INIT(&cprinfo, &mod_uninstall_lock, callb_generic_cpr, "mud");
3928 	for (;;) {
3929 		mutex_enter(&mod_uninstall_lock);
3930 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3931 		/*
3932 		 * In DEBUG kernels, unheld drivers are uninstalled periodically
3933 		 * every mod_uninstall_interval seconds.  Periodic uninstall can
3934 		 * be disabled by setting mod_uninstall_interval to 0 which is
3935 		 * the default for a non-DEBUG kernel.
3936 		 */
3937 		if (mod_uninstall_interval) {
3938 			ticks = drv_usectohz(mod_uninstall_interval * 1000000);
3939 			(void) cv_reltimedwait(&mod_uninstall_cv,
3940 			    &mod_uninstall_lock, ticks, TR_CLOCK_TICK);
3941 		} else {
3942 			cv_wait(&mod_uninstall_cv, &mod_uninstall_lock);
3943 		}
3944 		/*
3945 		 * The whole daemon is safe for CPR except we don't want
3946 		 * the daemon to run if FREEZE is issued and this daemon
3947 		 * wakes up from the cv_wait above. In this case, it'll be
3948 		 * blocked in CALLB_CPR_SAFE_END until THAW is issued.
3949 		 *
3950 		 * The reason of calling CALLB_CPR_SAFE_BEGIN twice is that
3951 		 * mod_uninstall_lock is used to protect cprinfo and
3952 		 * CALLB_CPR_SAFE_BEGIN assumes that this lock is held when
3953 		 * called.
3954 		 */
3955 		CALLB_CPR_SAFE_END(&cprinfo, &mod_uninstall_lock);
3956 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
3957 		mutex_exit(&mod_uninstall_lock);
3958 		if ((modunload_disable_count == 0) &&
3959 		    ((moddebug & MODDEBUG_NOAUTOUNLOAD) == 0)) {
3960 			mod_uninstall_all();
3961 		}
3962 	}
3963 }
3964 
3965 /*
3966  * Unload all uninstalled modules.
3967  */
3968 void
modreap(void)3969 modreap(void)
3970 {
3971 	mutex_enter(&mod_uninstall_lock);
3972 	cv_broadcast(&mod_uninstall_cv);
3973 	mutex_exit(&mod_uninstall_lock);
3974 }
3975 
3976 /*
3977  * Hold the specified module. This is the module holding primitive.
3978  *
3979  * If MOD_LOCK_HELD then the caller already holds the mod_lock.
3980  *
3981  * Return values:
3982  *	 0 ==> the module is held
3983  *	 1 ==> the module is not held and the MOD_WAIT_ONCE caller needs
3984  *		to determine how to retry.
3985  */
3986 int
mod_hold_by_modctl(struct modctl * mp,int f)3987 mod_hold_by_modctl(struct modctl *mp, int f)
3988 {
3989 	ASSERT((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) &&
3990 	    ((f & (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)) !=
3991 	    (MOD_WAIT_ONCE | MOD_WAIT_FOREVER)));
3992 	ASSERT((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) &&
3993 	    ((f & (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)) !=
3994 	    (MOD_LOCK_HELD | MOD_LOCK_NOT_HELD)));
3995 	ASSERT((f & MOD_LOCK_NOT_HELD) || MUTEX_HELD(&mod_lock));
3996 
3997 	if (f & MOD_LOCK_NOT_HELD)
3998 		mutex_enter(&mod_lock);
3999 
4000 	while (mp->mod_busy) {
4001 		mp->mod_want = 1;
4002 		cv_wait(&mod_cv, &mod_lock);
4003 		/*
4004 		 * Module may be unloaded by daemon.
4005 		 * Nevertheless, modctl structure is still in linked list
4006 		 * (i.e., off &modules), not freed!
4007 		 * Caller is not supposed to assume "mp" is valid, but there
4008 		 * is no reasonable way to detect this but using
4009 		 * mp->mod_modinfo->mp == NULL check (follow the back pointer)
4010 		 *   (or similar check depending on calling context)
4011 		 * DON'T free modctl structure, it will be very very
4012 		 * problematic.
4013 		 */
4014 		if (f & MOD_WAIT_ONCE) {
4015 			if (f & MOD_LOCK_NOT_HELD)
4016 				mutex_exit(&mod_lock);
4017 			return (1);	/* caller decides how to retry */
4018 		}
4019 	}
4020 
4021 	mp->mod_busy = 1;
4022 	mp->mod_inprogress_thread =
4023 	    (curthread == NULL ? (kthread_id_t)-1 : curthread);
4024 
4025 	if (f & MOD_LOCK_NOT_HELD)
4026 		mutex_exit(&mod_lock);
4027 	return (0);
4028 }
4029 
4030 static struct modctl *
mod_hold_by_name_common(struct modctl * dep,const char * filename)4031 mod_hold_by_name_common(struct modctl *dep, const char *filename)
4032 {
4033 	const char	*modname;
4034 	struct modctl	*mp;
4035 	char		*curname, *newname;
4036 	int		found = 0;
4037 
4038 	mutex_enter(&mod_lock);
4039 
4040 	if ((modname = strrchr(filename, '/')) == NULL)
4041 		modname = filename;
4042 	else
4043 		modname++;
4044 
4045 	mp = &modules;
4046 	do {
4047 		if (strcmp(modname, mp->mod_modname) == 0) {
4048 			found = 1;
4049 			break;
4050 		}
4051 	} while ((mp = mp->mod_next) != &modules);
4052 
4053 	if (found == 0) {
4054 		mp = allocate_modp(filename, modname);
4055 		modadd(mp);
4056 	}
4057 
4058 	/*
4059 	 * if dep is not NULL, set the mp in mod_requisite_loading for
4060 	 * the module circular dependency check. This field is used in
4061 	 * mod_circdep(), but it's cleard in mod_hold_loaded_mod().
4062 	 */
4063 	if (dep != NULL) {
4064 		ASSERT(dep->mod_busy && dep->mod_requisite_loading == NULL);
4065 		dep->mod_requisite_loading = mp;
4066 	}
4067 
4068 	/*
4069 	 * If the module was held, then it must be us who has it held.
4070 	 */
4071 	if (mod_circdep(mp))
4072 		mp = NULL;
4073 	else {
4074 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4075 
4076 		/*
4077 		 * If the name hadn't been set or has changed, allocate
4078 		 * space and set it.  Free space used by previous name.
4079 		 *
4080 		 * Do not change the name of primary modules, for primary
4081 		 * modules the mod_filename was allocated in standalone mode:
4082 		 * it is illegal to kobj_alloc in standalone mode and kobj_free
4083 		 * in non-standalone mode.
4084 		 */
4085 		curname = mp->mod_filename;
4086 		if (curname == NULL ||
4087 		    ((mp->mod_prim == 0) &&
4088 		    (curname != filename) &&
4089 		    (modname != filename) &&
4090 		    (strcmp(curname, filename) != 0))) {
4091 			newname = kobj_zalloc(strlen(filename) + 1, KM_SLEEP);
4092 			(void) strcpy(newname, filename);
4093 			mp->mod_filename = newname;
4094 			if (curname != NULL)
4095 				kobj_free(curname, strlen(curname) + 1);
4096 		}
4097 	}
4098 
4099 	mutex_exit(&mod_lock);
4100 	if (mp && moddebug & MODDEBUG_LOADMSG2)
4101 		printf("Holding %s\n", mp->mod_filename);
4102 	if (mp == NULL && moddebug & MODDEBUG_LOADMSG2)
4103 		printf("circular dependency loading %s\n", filename);
4104 	return (mp);
4105 }
4106 
4107 static struct modctl *
mod_hold_by_name_requisite(struct modctl * dep,char * filename)4108 mod_hold_by_name_requisite(struct modctl *dep, char *filename)
4109 {
4110 	return (mod_hold_by_name_common(dep, filename));
4111 }
4112 
4113 struct modctl *
mod_hold_by_name(const char * filename)4114 mod_hold_by_name(const char *filename)
4115 {
4116 	return (mod_hold_by_name_common(NULL, filename));
4117 }
4118 
4119 struct modctl *
mod_hold_by_id(modid_t modid)4120 mod_hold_by_id(modid_t modid)
4121 {
4122 	struct modctl	*mp;
4123 	int		found = 0;
4124 
4125 	mutex_enter(&mod_lock);
4126 	mp = &modules;
4127 	do {
4128 		if (mp->mod_id == modid) {
4129 			found = 1;
4130 			break;
4131 		}
4132 	} while ((mp = mp->mod_next) != &modules);
4133 
4134 	if ((found == 0) || mod_circdep(mp))
4135 		mp = NULL;
4136 	else
4137 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4138 
4139 	mutex_exit(&mod_lock);
4140 	return (mp);
4141 }
4142 
4143 static struct modctl *
mod_hold_next_by_id(modid_t modid)4144 mod_hold_next_by_id(modid_t modid)
4145 {
4146 	struct modctl	*mp;
4147 	int		found = 0;
4148 
4149 	if (modid < -1)
4150 		return (NULL);
4151 
4152 	mutex_enter(&mod_lock);
4153 
4154 	mp = &modules;
4155 	do {
4156 		if (mp->mod_id > modid) {
4157 			found = 1;
4158 			break;
4159 		}
4160 	} while ((mp = mp->mod_next) != &modules);
4161 
4162 	if ((found == 0) || mod_circdep(mp))
4163 		mp = NULL;
4164 	else
4165 		(void) mod_hold_by_modctl(mp, MOD_WAIT_FOREVER | MOD_LOCK_HELD);
4166 
4167 	mutex_exit(&mod_lock);
4168 	return (mp);
4169 }
4170 
4171 static void
mod_release(struct modctl * mp)4172 mod_release(struct modctl *mp)
4173 {
4174 	ASSERT(MUTEX_HELD(&mod_lock));
4175 	ASSERT(mp->mod_busy);
4176 
4177 	mp->mod_busy = 0;
4178 	mp->mod_inprogress_thread = NULL;
4179 	if (mp->mod_want) {
4180 		mp->mod_want = 0;
4181 		cv_broadcast(&mod_cv);
4182 	}
4183 }
4184 
4185 void
mod_release_mod(struct modctl * mp)4186 mod_release_mod(struct modctl *mp)
4187 {
4188 	if (moddebug & MODDEBUG_LOADMSG2)
4189 		printf("Releasing %s\n", mp->mod_filename);
4190 	mutex_enter(&mod_lock);
4191 	mod_release(mp);
4192 	mutex_exit(&mod_lock);
4193 }
4194 
4195 modid_t
mod_name_to_modid(const char * filename)4196 mod_name_to_modid(const char *filename)
4197 {
4198 	const char	*modname;
4199 	struct modctl	*mp;
4200 
4201 	mutex_enter(&mod_lock);
4202 
4203 	if ((modname = strrchr(filename, '/')) == NULL)
4204 		modname = filename;
4205 	else
4206 		modname++;
4207 
4208 	mp = &modules;
4209 	do {
4210 		if (strcmp(modname, mp->mod_modname) == 0) {
4211 			mutex_exit(&mod_lock);
4212 			return (mp->mod_id);
4213 		}
4214 	} while ((mp = mp->mod_next) != &modules);
4215 
4216 	mutex_exit(&mod_lock);
4217 	return (-1);
4218 }
4219 
4220 
4221 int
mod_remove_by_name(char * name)4222 mod_remove_by_name(char *name)
4223 {
4224 	struct modctl *mp;
4225 	int retval;
4226 
4227 	mp = mod_hold_by_name(name);
4228 
4229 	if (mp == NULL)
4230 		return (EINVAL);
4231 
4232 	if (mp->mod_loadflags & MOD_NOAUTOUNLOAD) {
4233 		/*
4234 		 * Do not unload forceloaded modules
4235 		 */
4236 		mod_release_mod(mp);
4237 		return (0);
4238 	}
4239 
4240 	if ((retval = moduninstall(mp)) == 0) {
4241 		mod_unload(mp);
4242 		CPU_STATS_ADDQ(CPU, sys, modunload, 1);
4243 	} else if (retval == EALREADY)
4244 		retval = 0;		/* already unloaded, not an error */
4245 	mod_release_mod(mp);
4246 	return (retval);
4247 }
4248 
4249 /*
4250  * Record that module "dep" is dependent on module "on_mod."
4251  */
4252 static void
mod_make_requisite(struct modctl * dependent,struct modctl * on_mod)4253 mod_make_requisite(struct modctl *dependent, struct modctl *on_mod)
4254 {
4255 	struct modctl_list **pmlnp;	/* previous next pointer */
4256 	struct modctl_list *mlp;
4257 	struct modctl_list *new;
4258 
4259 	ASSERT(dependent->mod_busy && on_mod->mod_busy);
4260 	mutex_enter(&mod_lock);
4261 
4262 	/*
4263 	 * Search dependent's requisite list to see if on_mod is recorded.
4264 	 * List is ordered by id.
4265 	 */
4266 	for (pmlnp = &dependent->mod_requisites, mlp = *pmlnp;
4267 	    mlp; pmlnp = &mlp->modl_next, mlp = *pmlnp)
4268 		if (mlp->modl_modp->mod_id >= on_mod->mod_id)
4269 			break;
4270 
4271 	/* Create and insert if not already recorded */
4272 	if ((mlp == NULL) || (mlp->modl_modp->mod_id != on_mod->mod_id)) {
4273 		new = kobj_zalloc(sizeof (*new), KM_SLEEP);
4274 		new->modl_modp = on_mod;
4275 		new->modl_next = mlp;
4276 		*pmlnp = new;
4277 
4278 		/*
4279 		 * Increment the mod_ref count in our new requisite module.
4280 		 * This is what keeps a module that has other modules
4281 		 * which are dependent on it from being uninstalled and
4282 		 * unloaded. "on_mod"'s mod_ref count decremented in
4283 		 * mod_release_requisites when the "dependent" module
4284 		 * unload is complete.	"on_mod" must be loaded, but may not
4285 		 * yet be installed.
4286 		 */
4287 		on_mod->mod_ref++;
4288 		ASSERT(on_mod->mod_ref && on_mod->mod_loaded);
4289 	}
4290 
4291 	mutex_exit(&mod_lock);
4292 }
4293 
4294 /*
4295  * release the hold associated with mod_make_requisite mod_ref++
4296  * as part of unload.
4297  */
4298 void
mod_release_requisites(struct modctl * modp)4299 mod_release_requisites(struct modctl *modp)
4300 {
4301 	struct modctl_list *modl;
4302 	struct modctl_list *next;
4303 	struct modctl *req;
4304 	struct modctl_list *start = NULL, *mod_garbage;
4305 
4306 	ASSERT(!quiesce_active);
4307 	ASSERT(modp->mod_busy);
4308 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4309 
4310 	mutex_enter(&mod_lock);		/* needed for manipulation of req */
4311 	for (modl = modp->mod_requisites; modl; modl = next) {
4312 		next = modl->modl_next;
4313 		req = modl->modl_modp;
4314 		ASSERT(req->mod_ref >= 1 && req->mod_loaded);
4315 		req->mod_ref--;
4316 		if (req->mod_ref == 0)
4317 			mod_uninstall_ref_zero++;
4318 
4319 		/*
4320 		 * Check if the module has to be unloaded or not.
4321 		 */
4322 		if (req->mod_ref == 0 && req->mod_delay_unload) {
4323 			struct modctl_list *new;
4324 			/*
4325 			 * Allocate the modclt_list holding the garbage
4326 			 * module which should be unloaded later.
4327 			 */
4328 			new = kobj_zalloc(sizeof (struct modctl_list),
4329 			    KM_SLEEP);
4330 			new->modl_modp = req;
4331 
4332 			if (start == NULL)
4333 				mod_garbage = start = new;
4334 			else {
4335 				mod_garbage->modl_next = new;
4336 				mod_garbage = new;
4337 			}
4338 		}
4339 
4340 		/* free the list as we go */
4341 		kobj_free(modl, sizeof (*modl));
4342 	}
4343 	modp->mod_requisites = NULL;
4344 	mutex_exit(&mod_lock);
4345 
4346 	/*
4347 	 * Unload the garbage modules.
4348 	 */
4349 	for (mod_garbage = start; mod_garbage != NULL; /* nothing */) {
4350 		struct modctl_list *old = mod_garbage;
4351 		struct modctl *mp = mod_garbage->modl_modp;
4352 		ASSERT(mp != NULL);
4353 
4354 		/*
4355 		 * Hold this module until it's unloaded completely.
4356 		 */
4357 		(void) mod_hold_by_modctl(mp,
4358 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4359 		/*
4360 		 * Check if the module is not unloaded yet and nobody requires
4361 		 * the module. If it's unloaded already or somebody still
4362 		 * requires the module, don't unload it now.
4363 		 */
4364 		if (mp->mod_loaded && mp->mod_ref == 0)
4365 			mod_unload(mp);
4366 		ASSERT((mp->mod_loaded == 0 && mp->mod_delay_unload == 0) ||
4367 		    (mp->mod_ref > 0));
4368 		mod_release_mod(mp);
4369 
4370 		mod_garbage = mod_garbage->modl_next;
4371 		kobj_free(old, sizeof (struct modctl_list));
4372 	}
4373 }
4374 
4375 /*
4376  * Process dependency of the module represented by "dep" on the
4377  * module named by "on."
4378  *
4379  * Called from kobj_do_dependents() to load a module "on" on which
4380  * "dep" depends.
4381  */
4382 struct modctl *
mod_load_requisite(struct modctl * dep,char * on)4383 mod_load_requisite(struct modctl *dep, char *on)
4384 {
4385 	struct modctl *on_mod;
4386 	int retval;
4387 
4388 	if ((on_mod = mod_hold_loaded_mod(dep, on, &retval)) != NULL) {
4389 		mod_make_requisite(dep, on_mod);
4390 	} else if (moddebug & MODDEBUG_ERRMSG) {
4391 		printf("error processing %s on which module %s depends\n",
4392 		    on, dep->mod_modname);
4393 	}
4394 	return (on_mod);
4395 }
4396 
4397 static int
mod_install_requisites(struct modctl * modp)4398 mod_install_requisites(struct modctl *modp)
4399 {
4400 	struct modctl_list *modl;
4401 	struct modctl *req;
4402 	int status = 0;
4403 
4404 	ASSERT(MUTEX_NOT_HELD(&mod_lock));
4405 	ASSERT(modp->mod_busy);
4406 
4407 	for (modl = modp->mod_requisites; modl; modl = modl->modl_next) {
4408 		req = modl->modl_modp;
4409 		(void) mod_hold_by_modctl(req,
4410 		    MOD_WAIT_FOREVER | MOD_LOCK_NOT_HELD);
4411 		status = modinstall(req);
4412 		mod_release_mod(req);
4413 
4414 		if (status != 0)
4415 			break;
4416 	}
4417 	return (status);
4418 }
4419 
4420 /*
4421  * returns 1 if this thread is doing autounload, 0 otherwise.
4422  * see mod_uninstall_all.
4423  */
4424 int
mod_in_autounload()4425 mod_in_autounload()
4426 {
4427 	return ((int)(uintptr_t)tsd_get(mod_autounload_key));
4428 }
4429 
4430 /*
4431  * gmatch adapted from libc, stripping the wchar stuff
4432  */
4433 #define	popchar(p, c)	{ \
4434 		c = *p++; \
4435 		if (c == 0) { \
4436 			return (0); \
4437 		} \
4438 	}
4439 
4440 int
gmatch(const char * s,const char * p)4441 gmatch(const char *s, const char *p)
4442 {
4443 	int c, sc;
4444 	int ok, lc, notflag;
4445 
4446 	sc = *s++;
4447 	c = *p++;
4448 	if (c == 0)
4449 		return (sc == c);	/* nothing matches nothing */
4450 
4451 	switch (c) {
4452 	case '\\':
4453 		/* skip to quoted character */
4454 		popchar(p, c);
4455 		/*FALLTHRU*/
4456 
4457 	default:
4458 		/* straight comparison */
4459 		if (c != sc)
4460 			return (0);
4461 		/*FALLTHRU*/
4462 
4463 	case '?':
4464 		/* first char matches, move to remainder */
4465 		return (sc != '\0' ? gmatch(s, p) : 0);
4466 
4467 
4468 	case '*':
4469 		while (*p == '*')
4470 			p++;
4471 
4472 		/* * matches everything */
4473 		if (*p == 0)
4474 			return (1);
4475 
4476 		/* undo skip at the beginning & iterate over substrings */
4477 		--s;
4478 		while (*s) {
4479 			if (gmatch(s, p))
4480 				return (1);
4481 			s++;
4482 		}
4483 		return (0);
4484 
4485 	case '[':
4486 		/* match any char within [] */
4487 		if (sc == 0)
4488 			return (0);
4489 
4490 		ok = lc = notflag = 0;
4491 
4492 		if (*p == '!') {
4493 			notflag = 1;
4494 			p++;
4495 		}
4496 		popchar(p, c);
4497 
4498 		do {
4499 			if (c == '-' && lc && *p != ']') {
4500 				/* test sc against range [c1-c2] */
4501 				popchar(p, c);
4502 				if (c == '\\') {
4503 					popchar(p, c);
4504 				}
4505 
4506 				if (notflag) {
4507 					/* return 0 on mismatch */
4508 					if (lc <= sc && sc <= c)
4509 						return (0);
4510 					ok++;
4511 				} else if (lc <= sc && sc <= c) {
4512 					ok++;
4513 				}
4514 				/* keep going, may get a match next */
4515 			} else if (c == '\\') {
4516 				/* skip to quoted character */
4517 				popchar(p, c);
4518 			}
4519 			lc = c;
4520 			if (notflag) {
4521 				if (sc == lc)
4522 					return (0);
4523 				ok++;
4524 			} else if (sc == lc) {
4525 				ok++;
4526 			}
4527 			popchar(p, c);
4528 		} while (c != ']');
4529 
4530 		/* recurse on remainder of string */
4531 		return (ok ? gmatch(s, p) : 0);
4532 	}
4533 	/*NOTREACHED*/
4534 }
4535 
4536 
4537 /*
4538  * Get default perm for device from /etc/minor_perm. Return 0 if match found.
4539  *
4540  * Pure wild-carded patterns are handled separately so the ordering of
4541  * these patterns doesn't matter.  We're still dependent on ordering
4542  * however as the first matching entry is the one returned.
4543  * Not ideal but all existing examples and usage do imply this
4544  * ordering implicitly.
4545  *
4546  * Drivers using the clone driver are always good for some entertainment.
4547  * Clone nodes under pseudo have the form clone@0:<driver>.  Some minor
4548  * perm entries have the form clone:<driver>, others use <driver>:*
4549  * Examples are clone:llc1 vs. llc2:*, for example.
4550  *
4551  * Minor perms in the clone:<driver> form are mapped to the drivers's
4552  * mperm list, not the clone driver, as wildcard entries for clone
4553  * reference only.  In other words, a clone wildcard will match
4554  * references for clone@0:<driver> but never <driver>@<minor>.
4555  *
4556  * Additional minor perms in the standard form are also supported,
4557  * for mixed usage, ie a node with an entry clone:<driver> could
4558  * provide further entries <driver>:<minor>.
4559  *
4560  * Finally, some uses of clone use an alias as the minor name rather
4561  * than the driver name, with the alias as the minor perm entry.
4562  * This case is handled by attaching the driver to bring its
4563  * minor list into existence, then discover the alias via DDI_ALIAS.
4564  * The clone device's minor perm list can then be searched for
4565  * that alias.
4566  */
4567 
4568 static int
dev_alias_minorperm(dev_info_t * dip,char * minor_name,mperm_t * rmp)4569 dev_alias_minorperm(dev_info_t *dip, char *minor_name, mperm_t *rmp)
4570 {
4571 	major_t			major;
4572 	struct devnames		*dnp;
4573 	mperm_t			*mp;
4574 	char			*alias = NULL;
4575 	dev_info_t		*cdevi;
4576 	struct ddi_minor_data	*dmd;
4577 
4578 	major = ddi_name_to_major(minor_name);
4579 
4580 	ASSERT(dip == clone_dip);
4581 	ASSERT(major != DDI_MAJOR_T_NONE);
4582 
4583 	/*
4584 	 * Attach the driver named by the minor node, then
4585 	 * search its first instance's minor list for an
4586 	 * alias node.
4587 	 */
4588 	if (ddi_hold_installed_driver(major) == NULL)
4589 		return (1);
4590 
4591 	dnp = &devnamesp[major];
4592 	LOCK_DEV_OPS(&dnp->dn_lock);
4593 
4594 	if ((cdevi = dnp->dn_head) != NULL) {
4595 		ndi_devi_enter(cdevi);
4596 		for (dmd = DEVI(cdevi)->devi_minor; dmd; dmd = dmd->next) {
4597 			if (dmd->type == DDM_ALIAS) {
4598 				alias = i_ddi_strdup(dmd->ddm_name, KM_SLEEP);
4599 				break;
4600 			}
4601 		}
4602 		ndi_devi_exit(cdevi);
4603 	}
4604 
4605 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4606 	ddi_rele_driver(major);
4607 
4608 	if (alias == NULL) {
4609 		if (moddebug & MODDEBUG_MINORPERM)
4610 			cmn_err(CE_CONT, "dev_minorperm: "
4611 			    "no alias for %s\n", minor_name);
4612 		return (1);
4613 	}
4614 
4615 	major = ddi_driver_major(clone_dip);
4616 	dnp = &devnamesp[major];
4617 	LOCK_DEV_OPS(&dnp->dn_lock);
4618 
4619 	/*
4620 	 * Go through the clone driver's mperm list looking
4621 	 * for a match for the specified alias.
4622 	 */
4623 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4624 		if (strcmp(alias, mp->mp_minorname) == 0) {
4625 			break;
4626 		}
4627 	}
4628 
4629 	if (mp) {
4630 		if (moddebug & MODDEBUG_MP_MATCH) {
4631 			cmn_err(CE_CONT,
4632 			    "minor perm defaults: %s %s 0%o %d %d (aliased)\n",
4633 			    minor_name, alias, mp->mp_mode,
4634 			    mp->mp_uid, mp->mp_gid);
4635 		}
4636 		rmp->mp_uid = mp->mp_uid;
4637 		rmp->mp_gid = mp->mp_gid;
4638 		rmp->mp_mode = mp->mp_mode;
4639 	}
4640 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4641 
4642 	kmem_free(alias, strlen(alias)+1);
4643 
4644 	return (mp == NULL);
4645 }
4646 
4647 int
dev_minorperm(dev_info_t * dip,char * name,mperm_t * rmp)4648 dev_minorperm(dev_info_t *dip, char *name, mperm_t *rmp)
4649 {
4650 	major_t major;
4651 	char *minor_name;
4652 	struct devnames *dnp;
4653 	mperm_t *mp;
4654 	int is_clone = 0;
4655 
4656 	if (!minorperm_loaded) {
4657 		if (moddebug & MODDEBUG_MINORPERM)
4658 			cmn_err(CE_CONT,
4659 			    "%s: minor perm not yet loaded\n", name);
4660 		return (1);
4661 	}
4662 
4663 	minor_name = strchr(name, ':');
4664 	if (minor_name == NULL)
4665 		return (1);
4666 	minor_name++;
4667 
4668 	/*
4669 	 * If it's the clone driver, search the driver as named
4670 	 * by the minor.  All clone minor perm entries other than
4671 	 * alias nodes are actually installed on the real driver's list.
4672 	 */
4673 	if (dip == clone_dip) {
4674 		major = ddi_name_to_major(minor_name);
4675 		if (major == DDI_MAJOR_T_NONE) {
4676 			if (moddebug & MODDEBUG_MINORPERM)
4677 				cmn_err(CE_CONT, "dev_minorperm: "
4678 				    "%s: no such driver\n", minor_name);
4679 			return (1);
4680 		}
4681 		is_clone = 1;
4682 	} else {
4683 		major = ddi_driver_major(dip);
4684 		ASSERT(major != DDI_MAJOR_T_NONE);
4685 	}
4686 
4687 	dnp = &devnamesp[major];
4688 	LOCK_DEV_OPS(&dnp->dn_lock);
4689 
4690 	/*
4691 	 * Go through the driver's mperm list looking for
4692 	 * a match for the specified minor.  If there's
4693 	 * no matching pattern, use the wild card.
4694 	 * Defer to the clone wild for clone if specified,
4695 	 * otherwise fall back to the normal form.
4696 	 */
4697 	for (mp = dnp->dn_mperm; mp; mp = mp->mp_next) {
4698 		if (gmatch(minor_name, mp->mp_minorname) != 0) {
4699 			break;
4700 		}
4701 	}
4702 	if (mp == NULL) {
4703 		if (is_clone)
4704 			mp = dnp->dn_mperm_clone;
4705 		if (mp == NULL)
4706 			mp = dnp->dn_mperm_wild;
4707 	}
4708 
4709 	if (mp) {
4710 		if (moddebug & MODDEBUG_MP_MATCH) {
4711 			cmn_err(CE_CONT,
4712 			    "minor perm defaults: %s %s 0%o %d %d\n",
4713 			    name, mp->mp_minorname, mp->mp_mode,
4714 			    mp->mp_uid, mp->mp_gid);
4715 		}
4716 		rmp->mp_uid = mp->mp_uid;
4717 		rmp->mp_gid = mp->mp_gid;
4718 		rmp->mp_mode = mp->mp_mode;
4719 	}
4720 	UNLOCK_DEV_OPS(&dnp->dn_lock);
4721 
4722 	/*
4723 	 * If no match can be found for a clone node,
4724 	 * search for a possible match for an alias.
4725 	 * One such example is /dev/ptmx -> /devices/pseudo/clone@0:ptm,
4726 	 * with minor perm entry clone:ptmx.
4727 	 */
4728 	if (mp == NULL && is_clone) {
4729 		return (dev_alias_minorperm(dip, minor_name, rmp));
4730 	}
4731 
4732 	return (mp == NULL);
4733 }
4734 
4735 /*
4736  * dynamicaly reference load a dl module/library, returning handle
4737  */
4738 /*ARGSUSED*/
4739 ddi_modhandle_t
ddi_modopen(const char * modname,int mode,int * errnop)4740 ddi_modopen(const char *modname, int mode, int *errnop)
4741 {
4742 	char		*subdir;
4743 	char		*mod;
4744 	int		subdirlen;
4745 	struct modctl	*hmodp = NULL;
4746 	int		retval = EINVAL;
4747 
4748 	ASSERT(modname && (mode == KRTLD_MODE_FIRST));
4749 	if ((modname == NULL) || (mode != KRTLD_MODE_FIRST))
4750 		goto out;
4751 
4752 	/* find last '/' in modname */
4753 	mod = strrchr(modname, '/');
4754 
4755 	if (mod) {
4756 		/* for subdir string without modification to argument */
4757 		mod++;
4758 		subdirlen = mod - modname;
4759 		subdir = kmem_alloc(subdirlen, KM_SLEEP);
4760 		(void) strlcpy(subdir, modname, subdirlen);
4761 	} else {
4762 		subdirlen = 0;
4763 		subdir = "misc";
4764 		mod = (char *)modname;
4765 	}
4766 
4767 	/* reference load with errno return value */
4768 	retval = modrload(subdir, mod, &hmodp);
4769 
4770 	if (subdirlen)
4771 		kmem_free(subdir, subdirlen);
4772 
4773 out:	if (errnop)
4774 		*errnop = retval;
4775 
4776 	if (moddebug & MODDEBUG_DDI_MOD)
4777 		printf("ddi_modopen %s mode %x: %s %p %d\n",
4778 		    modname ? modname : "<unknown>", mode,
4779 		    hmodp ? hmodp->mod_filename : "<unknown>",
4780 		    (void *)hmodp, retval);
4781 
4782 	return ((ddi_modhandle_t)hmodp);
4783 }
4784 
4785 /* lookup "name" in open dl module/library */
4786 void *
ddi_modsym(ddi_modhandle_t h,const char * name,int * errnop)4787 ddi_modsym(ddi_modhandle_t h, const char *name, int *errnop)
4788 {
4789 	struct modctl	*hmodp = (struct modctl *)h;
4790 	void		*f;
4791 	int		retval;
4792 
4793 	ASSERT(hmodp && name && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4794 	if ((hmodp == NULL) || (name == NULL) ||
4795 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4796 		f = NULL;
4797 		retval = EINVAL;
4798 	} else {
4799 		f = (void *)kobj_lookup(hmodp->mod_mp, (char *)name);
4800 		if (f)
4801 			retval = 0;
4802 		else
4803 			retval = ENOTSUP;
4804 	}
4805 
4806 	if (moddebug & MODDEBUG_DDI_MOD)
4807 		printf("ddi_modsym in %s of %s: %d %p\n",
4808 		    hmodp ? hmodp->mod_modname : "<unknown>",
4809 		    name ? name : "<unknown>", retval, f);
4810 
4811 	if (errnop)
4812 		*errnop = retval;
4813 	return (f);
4814 }
4815 
4816 /* dynamic (un)reference unload of an open dl module/library */
4817 int
ddi_modclose(ddi_modhandle_t h)4818 ddi_modclose(ddi_modhandle_t h)
4819 {
4820 	struct modctl	*hmodp = (struct modctl *)h;
4821 	struct modctl	*modp = NULL;
4822 	int		retval;
4823 
4824 	ASSERT(hmodp && hmodp->mod_installed && (hmodp->mod_ref >= 1));
4825 	if ((hmodp == NULL) ||
4826 	    (hmodp->mod_installed == 0) || (hmodp->mod_ref < 1)) {
4827 		retval = EINVAL;
4828 		goto out;
4829 	}
4830 
4831 	retval = modunrload(hmodp->mod_id, &modp, ddi_modclose_unload);
4832 	if (retval == EBUSY)
4833 		retval = 0;	/* EBUSY is not an error */
4834 
4835 	if (retval == 0) {
4836 		ASSERT(hmodp == modp);
4837 		if (hmodp != modp)
4838 			retval = EINVAL;
4839 	}
4840 
4841 out:	if (moddebug & MODDEBUG_DDI_MOD)
4842 		printf("ddi_modclose %s: %d\n",
4843 		    hmodp ? hmodp->mod_modname : "<unknown>", retval);
4844 
4845 	return (retval);
4846 }
4847