11.2Sdholland$NetBSD: mess,v 1.2 2017/01/14 20:50:15 dholland Exp $
21.1Sdholland
31.1SdhollandNetBSD Messes and Tentacular Horrors Roadmap
41.1Sdholland============================================
51.1Sdholland
61.1SdhollandThere are a number of places in NetBSD where the code is substandard,
71.1Sdhollandor messy, or badly structured, or just excessively complicated. These
81.1Sdhollandare liabilities. Fixing them is a goal, not just because they
91.1Sdhollandthemselves cause problems but because every pile of glop in the system
101.1Sdhollandfunctions as an implicit excuse to not clean up others.
111.1Sdholland
121.1SdhollandThere are two kinds of these messes: with some, the consequences are
131.1Sdhollandrelatively localized, and while dealing with that particular area of
141.1Sdhollandthe code may be nasty the issues are otherwise mostly not visible.
151.1SdhollandWith others, the horror spreads and contaminates everything that comes
161.1Sdhollandnear it. The latter are particularly important to clean out.
171.1Sdholland
181.1SdhollandThe things listed here are listed here because they have been cited as
191.1Sdhollandproblems; some of these are regularly cited as problems. The goal of
201.1Sdhollandthis file is not to criticize the code or point fingers (some of these
211.1Sdhollandmesses come down to us all the way from 4.3 and are the result of
221.1Sdhollandalways patching and never fixing; but some of them have been
231.1Sdhollandself-inflicted because they seemed like a good idea at the time, or
241.1Sdhollandthey were what we had, or whatever) but to document areas that could
251.1Sdhollanduse a good rototill or two.
261.1Sdholland
271.1SdhollandThese are listed in a perceived order of priority based on how bad the
281.1Sdhollandmess is, how toxic it is to things around it, how much it's
291.1Sdhollandinterfering with other development, and how unreliable the affected
301.1Sdhollandcode is as a result.
311.1Sdholland
321.1Sdholland 1. namei, ufs_lookup, vfs_rename
331.1Sdholland 2. buffercache
341.1Sdholland 3. network interfaces
351.1Sdholland 4. mbufs
361.1Sdholland 5. tty code
371.1Sdholland 6. nsswitch code in libc
381.1Sdholland 7. proplib
391.1Sdholland 8. kauth
401.1Sdholland 9. sysmon_envsys
411.1Sdholland 10. atf
421.1Sdholland 11. pam
431.1Sdholland	
441.1Sdholland
451.1SdhollandExplanations
461.1Sdholland============
471.1Sdholland
481.1Sdholland
491.1Sdholland1. namei, ufs_lookup, vfs_rename
501.1Sdholland
511.1Sdhollandnamei is central to everything and it's been horrible since at least
521.1Sdholland4.3 and maybe longer. A fair amount of work has been put into it, and
531.1Sdhollanda number of the particular horrors have been eliminated, but there's
541.1Sdhollandstill quite a bit left to do.
551.1Sdholland
561.1SdhollandThe immediate next step is to introduce VOP_PARSEPATH (a new VOP call
571.1Sdhollandto allow the two filesystems we have that consume more than one
581.1Sdhollanddirectory component at a time to do so in a more tractable way) and
591.1Sdhollandthen it's time to start implementing namei_parent, a version that
601.1Sdhollandstops at the parent with one component name left to go. This will
611.1Sdhollandallow a much saner interface to directory ops, including rename, and
621.1Sdhollandonce those are done a lot of the complexity currently in namei and in
631.1Sdhollandthe VOP_LOOKUP interface can be removed.
641.1Sdholland
651.1Sdholland - dholland is working on this intermittently.
661.1Sdholland - VOP_PARSEPATH is ready to commit and is expected to make 8.0.
671.1Sdholland   There is currently no clear timeframe for anything beyond that.
681.1Sdholland - Responsible: dholland
691.1Sdholland
701.1Sdholland
711.1Sdholland2. buffercache
721.1Sdholland
731.1SdhollandThe buffercache code is messy and full of flag words that filesystems
741.1Sdhollandmuck with freely and not necessarily with correct locking. It is
751.1Sdhollandsuspected that there is a lot of incorrect locking. Also, a lot of the
761.1Sdhollandnaming and terminology (things like BO_DELWRI) is really ancient and
771.1Sdhollandreflects non-current assumptions about the way file system buffers
781.1Sdhollandshould work.
791.1Sdholland
801.2SdhollandThe first step on this is to disentangle the buffer cache
811.2Sdholland(buffercache(9)) from the buffer I/O path (bufferio(9)) -- right now
821.2Sdhollandthey both abusively share the same struct buf.
831.2Sdholland
841.1Sdholland - As of January 2017 nobody is currently working on this.
851.1Sdholland - There is currently no clear timeframe or release target.
861.1Sdholland - Contact dholland for further information.
871.1Sdholland
881.1Sdholland
891.1Sdholland3. network interfaces
901.1Sdholland
911.1SdhollandThe network interface structure and its associated support code has no
921.1Sdhollandabstraction, no encapsulation, and no safety. It badly needs
931.1Sdhollandrationalization.
941.1Sdholland
951.1Sdholland - As of January 2017 nobody is currently working on this directly,
961.1Sdholland   though some aspects fall under the multiprocessor network stack
971.1Sdholland   project.
981.1Sdholland - There is currently no clear timeframe or release target.
991.1Sdholland - Contact rmind for further information.
1001.1Sdholland
1011.1Sdholland
1021.1Sdholland4. mbufs
1031.1Sdholland
1041.1SdhollandThe mbuf code has some concept of an interface, but lots of the code
1051.1Sdhollandmanipulating mbufs doesn't use that interface, and there's still no
1061.1Sdhollandencapsulation and no safety.
1071.1Sdholland
1081.1Sdholland - As of January 2017 nobody is currently working on this directly,
1091.1Sdholland   though some aspects fall under the multiprocessor network stack
1101.1Sdholland   project.
1111.1Sdholland - There is currently no clear timeframe or release target.
1121.1Sdholland - Contact rmind or dholland for further information.
1131.1Sdholland
1141.1Sdholland
1151.1Sdholland5. tty code
1161.1Sdholland
1171.1SdhollandThe tty subsystem has no concept of an interface at all, and there are
1181.1Sdhollandlarge wodges of code cutpasted all over everywhere in gazillions of
1191.1Sdhollandtty client drivers. There's no encapsulation either and absolutely no
1201.1Sdhollandsafety. Furthermore the locking model is bodgy.
1211.1Sdholland
1221.1SdhollandIn addition to this the division of responsibility between "tty" and
1231.1Sdholland"serial port" is wrong. There are a number of drivers (e.g. for mice)
1241.1Sdhollandthat are partially ttys because they're things that are more or less
1251.1Sdhollandserial ports, but they were never meant to be used for logins and
1261.1Sdhollandcan't be. These should be disentangled from the tty layer.
1271.1Sdholland
1281.1SdhollandFinally, the notion of line disciplines is a legacy mess that ought to
1291.1Sdhollandget turned into a system of device attachments - a line discipline is
1301.1Sdhollanda driver attached on top of the line, except that the concept appeared
1311.1Sdhollandlong before anyone really thought up device attachments as we know
1321.1Sdhollandthem now.
1331.1Sdholland
1341.1Sdholland - As of January 2017 nobody is currently working on this.
1351.1Sdholland - There is currently no clear timeframe or release target.
1361.1Sdholland - Contact dholland for further information.
1371.1Sdholland
1381.1Sdholland
1391.1Sdholland6. nsswitch code in libc
1401.1Sdholland
1411.1SdhollandThe nsswitch code in libc is not all that bad in the sense of being
1421.1Sdhollandhorrible code you lose sanity points to look at, but it's structured
1431.1Sdhollandall wrong. It can't be cleaned up without doing a libc bump, which is
1441.1Sdhollanda big deal, but if we do ever manage to get that libc bump done it's
1451.1Sdhollandimportant that the nsswitch code get revised then.
1461.1Sdholland
1471.1Sdholland - As of January 2017 nobody is currently working on this.
1481.1Sdholland - There is currently no clear timeframe or release target.
1491.1Sdholland - Contact dholland or joerg for further information.
1501.1Sdholland
1511.1Sdholland
1521.1Sdholland7. proplib
1531.1Sdholland
1541.1SdhollandRemoval of proplib is and has been a goal of several developers for
1551.1Sdhollandsome time, but there's not been any consensus on a replacement. Much
1561.1Sdhollandhas been written on this elsewhere so I'm not going to repeat it all
1571.1Sdhollandhere.
1581.1Sdholland
1591.1Sdholland - As of January 2017 nobody is currently working on this, but several
1601.1Sdholland   partly-finished proplib replacement candidates exist.
1611.1Sdholland - There is currently no clear timeframe or release target.
1621.1Sdholland - Contact dholland, rmind, riastradh, or any of a number of other
1631.1Sdholland   people for further information.
1641.1Sdholland
1651.1Sdholland
1661.1Sdholland8. kauth
1671.1Sdholland
1681.1Sdhollandkauth is far too complicated for security code and its API is full of
1691.1Sdhollandvoid pointers and horribly unsafe. There is no consensus on what to do
1701.1Sdhollandabout it, though. Part of the problem is that kauth itself is at least
1711.1Sdhollandthree different things that need to be disentangled: (a) an API for
1721.1Sdhollandrandom kernel code to issue security checks; (b) an implementation of
1731.1Sdhollandsecurity check logic; and (c) an extensibility framework for that
1741.1Sdhollandsecurity check logic.
1751.1Sdholland
1761.1Sdholland - As of January 2017 nobody is currently working on this.
1771.1Sdholland - There is currently no clear timeframe or release target.
1781.1Sdholland - Contact dholland for further information.
1791.1Sdholland
1801.1Sdholland
1811.1Sdholland9. sysmon_envsys
1821.1Sdholland
1831.1Sdhollandsysmon_envsys is also too complicated. XXX: someone fill in more here
1841.1Sdhollandplease.
1851.1Sdholland
1861.1Sdholland - As of January 2017 nobody is currently working on this.
1871.1Sdholland - There is currently no clear timeframe or release target.
1881.1Sdholland - Contact: ? (XXX)
1891.1Sdholland
1901.1Sdholland
1911.1Sdholland10. atf
1921.1Sdholland
1931.1Sdhollandatf is horribly complicated and very expensive (apparently it takes
1941.1Sdhollandall day to compile just atf on an sgimips) and doesn't provide a whole
1951.1Sdhollandlot of bang for the buck. It is also frequently cited as an impediment
1961.1Sdhollandto getting new tests written and deployed. It is not at all clear what
1971.1Sdhollandto do about it.
1981.1Sdholland
1991.1Sdholland - As of January 2017 nobody is currently working on this.
2001.1Sdholland - There is currently no clear timeframe or release target.
2011.1Sdholland - Contact: ? (XXX)
2021.1Sdholland
2031.1Sdholland
2041.1Sdholland11. pam
2051.1Sdholland
2061.1Sdhollandpam, though a more or less standard API/interface, has a range of
2071.1Sdhollandproblems, one being that after the manner of sysvinit it works by
2081.1Sdhollandexposing a mechanism and you configure it by mucking with the
2091.1Sdhollandmechanism until it produces the behavior you want. (Except that if you
2101.1Sdhollandmuck with its mechanism, you end up locking yourself out.) In practice
2111.1Sdhollandediting pam configs seems to be limited to specialists, and that's
2121.1Sdhollandreally not suitable for security software.
2131.1Sdholland
2141.1SdhollandIt is very unclear what to do about it though. It's a standard API and
2151.1Sdhollandthere are a number of 3rd-party pam modules, some of which people need
2161.1Sdhollandto be able to use. Once upon a time there was a similar thing called
2171.1Sdhollandbsdauth, but it never really seems to have been a credible alternative.  
2181.1SdhollandProbably the right thing to do is to completely redesign
2191.1Sdhollandhow logging in works, but that's a Big Deal.
2201.1Sdholland
2211.1Sdholland - As of January 2017 nobody is currently working on this.
2221.1Sdholland - There is currently no clear timeframe or release target.
2231.1Sdholland - Contact: ? (XXX)
224