mess revision 1.1
1 $NetBSD: mess,v 1.1 2017/01/13 10:14:58 dholland Exp $ 2 3 NetBSD Messes and Tentacular Horrors Roadmap 4 ============================================ 5 6 There are a number of places in NetBSD where the code is substandard, 7 or messy, or badly structured, or just excessively complicated. These 8 are liabilities. Fixing them is a goal, not just because they 9 themselves cause problems but because every pile of glop in the system 10 functions as an implicit excuse to not clean up others. 11 12 There are two kinds of these messes: with some, the consequences are 13 relatively localized, and while dealing with that particular area of 14 the code may be nasty the issues are otherwise mostly not visible. 15 With others, the horror spreads and contaminates everything that comes 16 near it. The latter are particularly important to clean out. 17 18 The things listed here are listed here because they have been cited as 19 problems; some of these are regularly cited as problems. The goal of 20 this file is not to criticize the code or point fingers (some of these 21 messes come down to us all the way from 4.3 and are the result of 22 always patching and never fixing; but some of them have been 23 self-inflicted because they seemed like a good idea at the time, or 24 they were what we had, or whatever) but to document areas that could 25 use a good rototill or two. 26 27 These are listed in a perceived order of priority based on how bad the 28 mess is, how toxic it is to things around it, how much it's 29 interfering with other development, and how unreliable the affected 30 code is as a result. 31 32 1. namei, ufs_lookup, vfs_rename 33 2. buffercache 34 3. network interfaces 35 4. mbufs 36 5. tty code 37 6. nsswitch code in libc 38 7. proplib 39 8. kauth 40 9. sysmon_envsys 41 10. atf 42 11. pam 43 44 45 Explanations 46 ============ 47 48 49 1. namei, ufs_lookup, vfs_rename 50 51 namei is central to everything and it's been horrible since at least 52 4.3 and maybe longer. A fair amount of work has been put into it, and 53 a number of the particular horrors have been eliminated, but there's 54 still quite a bit left to do. 55 56 The immediate next step is to introduce VOP_PARSEPATH (a new VOP call 57 to allow the two filesystems we have that consume more than one 58 directory component at a time to do so in a more tractable way) and 59 then it's time to start implementing namei_parent, a version that 60 stops at the parent with one component name left to go. This will 61 allow a much saner interface to directory ops, including rename, and 62 once those are done a lot of the complexity currently in namei and in 63 the VOP_LOOKUP interface can be removed. 64 65 - dholland is working on this intermittently. 66 - VOP_PARSEPATH is ready to commit and is expected to make 8.0. 67 There is currently no clear timeframe for anything beyond that. 68 - Responsible: dholland 69 70 71 2. buffercache 72 73 The buffercache code is messy and full of flag words that filesystems 74 muck with freely and not necessarily with correct locking. It is 75 suspected that there is a lot of incorrect locking. Also, a lot of the 76 naming and terminology (things like BO_DELWRI) is really ancient and 77 reflects non-current assumptions about the way file system buffers 78 should work. 79 80 - As of January 2017 nobody is currently working on this. 81 - There is currently no clear timeframe or release target. 82 - Contact dholland for further information. 83 84 85 3. network interfaces 86 87 The network interface structure and its associated support code has no 88 abstraction, no encapsulation, and no safety. It badly needs 89 rationalization. 90 91 - As of January 2017 nobody is currently working on this directly, 92 though some aspects fall under the multiprocessor network stack 93 project. 94 - There is currently no clear timeframe or release target. 95 - Contact rmind for further information. 96 97 98 4. mbufs 99 100 The mbuf code has some concept of an interface, but lots of the code 101 manipulating mbufs doesn't use that interface, and there's still no 102 encapsulation and no safety. 103 104 - As of January 2017 nobody is currently working on this directly, 105 though some aspects fall under the multiprocessor network stack 106 project. 107 - There is currently no clear timeframe or release target. 108 - Contact rmind or dholland for further information. 109 110 111 5. tty code 112 113 The tty subsystem has no concept of an interface at all, and there are 114 large wodges of code cutpasted all over everywhere in gazillions of 115 tty client drivers. There's no encapsulation either and absolutely no 116 safety. Furthermore the locking model is bodgy. 117 118 In addition to this the division of responsibility between "tty" and 119 "serial port" is wrong. There are a number of drivers (e.g. for mice) 120 that are partially ttys because they're things that are more or less 121 serial ports, but they were never meant to be used for logins and 122 can't be. These should be disentangled from the tty layer. 123 124 Finally, the notion of line disciplines is a legacy mess that ought to 125 get turned into a system of device attachments - a line discipline is 126 a driver attached on top of the line, except that the concept appeared 127 long before anyone really thought up device attachments as we know 128 them now. 129 130 - As of January 2017 nobody is currently working on this. 131 - There is currently no clear timeframe or release target. 132 - Contact dholland for further information. 133 134 135 6. nsswitch code in libc 136 137 The nsswitch code in libc is not all that bad in the sense of being 138 horrible code you lose sanity points to look at, but it's structured 139 all wrong. It can't be cleaned up without doing a libc bump, which is 140 a big deal, but if we do ever manage to get that libc bump done it's 141 important that the nsswitch code get revised then. 142 143 - As of January 2017 nobody is currently working on this. 144 - There is currently no clear timeframe or release target. 145 - Contact dholland or joerg for further information. 146 147 148 7. proplib 149 150 Removal of proplib is and has been a goal of several developers for 151 some time, but there's not been any consensus on a replacement. Much 152 has been written on this elsewhere so I'm not going to repeat it all 153 here. 154 155 - As of January 2017 nobody is currently working on this, but several 156 partly-finished proplib replacement candidates exist. 157 - There is currently no clear timeframe or release target. 158 - Contact dholland, rmind, riastradh, or any of a number of other 159 people for further information. 160 161 162 8. kauth 163 164 kauth is far too complicated for security code and its API is full of 165 void pointers and horribly unsafe. There is no consensus on what to do 166 about it, though. Part of the problem is that kauth itself is at least 167 three different things that need to be disentangled: (a) an API for 168 random kernel code to issue security checks; (b) an implementation of 169 security check logic; and (c) an extensibility framework for that 170 security check logic. 171 172 - As of January 2017 nobody is currently working on this. 173 - There is currently no clear timeframe or release target. 174 - Contact dholland for further information. 175 176 177 9. sysmon_envsys 178 179 sysmon_envsys is also too complicated. XXX: someone fill in more here 180 please. 181 182 - As of January 2017 nobody is currently working on this. 183 - There is currently no clear timeframe or release target. 184 - Contact: ? (XXX) 185 186 187 10. atf 188 189 atf is horribly complicated and very expensive (apparently it takes 190 all day to compile just atf on an sgimips) and doesn't provide a whole 191 lot of bang for the buck. It is also frequently cited as an impediment 192 to getting new tests written and deployed. It is not at all clear what 193 to do about it. 194 195 - As of January 2017 nobody is currently working on this. 196 - There is currently no clear timeframe or release target. 197 - Contact: ? (XXX) 198 199 200 11. pam 201 202 pam, though a more or less standard API/interface, has a range of 203 problems, one being that after the manner of sysvinit it works by 204 exposing a mechanism and you configure it by mucking with the 205 mechanism until it produces the behavior you want. (Except that if you 206 muck with its mechanism, you end up locking yourself out.) In practice 207 editing pam configs seems to be limited to specialists, and that's 208 really not suitable for security software. 209 210 It is very unclear what to do about it though. It's a standard API and 211 there are a number of 3rd-party pam modules, some of which people need 212 to be able to use. Once upon a time there was a similar thing called 213 bsdauth, but it never really seems to have been a credible alternative. 214 Probably the right thing to do is to completely redesign 215 how logging in works, but that's a Big Deal. 216 217 - As of January 2017 nobody is currently working on this. 218 - There is currently no clear timeframe or release target. 219 - Contact: ? (XXX) 220
Indexes created Mon Sep 22 21:09:42 GMT 2025