mess revision 1.1 
1$NetBSD: mess,v 1.1 2017/01/13 10:14:58 dholland Exp $
2
3NetBSD Messes and Tentacular Horrors Roadmap
4============================================
5
6There are a number of places in NetBSD where the code is substandard,
7or messy, or badly structured, or just excessively complicated. These
8are liabilities. Fixing them is a goal, not just because they
9themselves cause problems but because every pile of glop in the system
10functions as an implicit excuse to not clean up others.
11
12There are two kinds of these messes: with some, the consequences are
13relatively localized, and while dealing with that particular area of
14the code may be nasty the issues are otherwise mostly not visible.
15With others, the horror spreads and contaminates everything that comes
16near it. The latter are particularly important to clean out.
17
18The things listed here are listed here because they have been cited as
19problems; some of these are regularly cited as problems. The goal of
20this file is not to criticize the code or point fingers (some of these
21messes come down to us all the way from 4.3 and are the result of
22always patching and never fixing; but some of them have been
23self-inflicted because they seemed like a good idea at the time, or
24they were what we had, or whatever) but to document areas that could
25use a good rototill or two.
26
27These are listed in a perceived order of priority based on how bad the
28mess is, how toxic it is to things around it, how much it's
29interfering with other development, and how unreliable the affected
30code is as a result.
31
32 1. namei, ufs_lookup, vfs_rename
33 2. buffercache
34 3. network interfaces
35 4. mbufs
36 5. tty code
37 6. nsswitch code in libc
38 7. proplib
39 8. kauth
40 9. sysmon_envsys
41 10. atf
42 11. pam
43	
44
45Explanations
46============
47
48
491. namei, ufs_lookup, vfs_rename
50
51namei is central to everything and it's been horrible since at least
524.3 and maybe longer. A fair amount of work has been put into it, and
53a number of the particular horrors have been eliminated, but there's
54still quite a bit left to do.
55
56The immediate next step is to introduce VOP_PARSEPATH (a new VOP call
57to allow the two filesystems we have that consume more than one
58directory component at a time to do so in a more tractable way) and
59then it's time to start implementing namei_parent, a version that
60stops at the parent with one component name left to go. This will
61allow a much saner interface to directory ops, including rename, and
62once those are done a lot of the complexity currently in namei and in
63the VOP_LOOKUP interface can be removed.
64
65 - dholland is working on this intermittently.
66 - VOP_PARSEPATH is ready to commit and is expected to make 8.0.
67   There is currently no clear timeframe for anything beyond that.
68 - Responsible: dholland
69
70
712. buffercache
72
73The buffercache code is messy and full of flag words that filesystems
74muck with freely and not necessarily with correct locking. It is
75suspected that there is a lot of incorrect locking. Also, a lot of the
76naming and terminology (things like BO_DELWRI) is really ancient and
77reflects non-current assumptions about the way file system buffers
78should work.
79
80 - As of January 2017 nobody is currently working on this.
81 - There is currently no clear timeframe or release target.
82 - Contact dholland for further information.
83
84
853. network interfaces
86
87The network interface structure and its associated support code has no
88abstraction, no encapsulation, and no safety. It badly needs
89rationalization.
90
91 - As of January 2017 nobody is currently working on this directly,
92   though some aspects fall under the multiprocessor network stack
93   project.
94 - There is currently no clear timeframe or release target.
95 - Contact rmind for further information.
96
97
984. mbufs
99
100The mbuf code has some concept of an interface, but lots of the code
101manipulating mbufs doesn't use that interface, and there's still no
102encapsulation and no safety.
103
104 - As of January 2017 nobody is currently working on this directly,
105   though some aspects fall under the multiprocessor network stack
106   project.
107 - There is currently no clear timeframe or release target.
108 - Contact rmind or dholland for further information.
109
110
1115. tty code
112
113The tty subsystem has no concept of an interface at all, and there are
114large wodges of code cutpasted all over everywhere in gazillions of
115tty client drivers. There's no encapsulation either and absolutely no
116safety. Furthermore the locking model is bodgy.
117
118In addition to this the division of responsibility between "tty" and
119"serial port" is wrong. There are a number of drivers (e.g. for mice)
120that are partially ttys because they're things that are more or less
121serial ports, but they were never meant to be used for logins and
122can't be. These should be disentangled from the tty layer.
123
124Finally, the notion of line disciplines is a legacy mess that ought to
125get turned into a system of device attachments - a line discipline is
126a driver attached on top of the line, except that the concept appeared
127long before anyone really thought up device attachments as we know
128them now.
129
130 - As of January 2017 nobody is currently working on this.
131 - There is currently no clear timeframe or release target.
132 - Contact dholland for further information.
133
134
1356. nsswitch code in libc
136
137The nsswitch code in libc is not all that bad in the sense of being
138horrible code you lose sanity points to look at, but it's structured
139all wrong. It can't be cleaned up without doing a libc bump, which is
140a big deal, but if we do ever manage to get that libc bump done it's
141important that the nsswitch code get revised then.
142
143 - As of January 2017 nobody is currently working on this.
144 - There is currently no clear timeframe or release target.
145 - Contact dholland or joerg for further information.
146
147
1487. proplib
149
150Removal of proplib is and has been a goal of several developers for
151some time, but there's not been any consensus on a replacement. Much
152has been written on this elsewhere so I'm not going to repeat it all
153here.
154
155 - As of January 2017 nobody is currently working on this, but several
156   partly-finished proplib replacement candidates exist.
157 - There is currently no clear timeframe or release target.
158 - Contact dholland, rmind, riastradh, or any of a number of other
159   people for further information.
160
161
1628. kauth
163
164kauth is far too complicated for security code and its API is full of
165void pointers and horribly unsafe. There is no consensus on what to do
166about it, though. Part of the problem is that kauth itself is at least
167three different things that need to be disentangled: (a) an API for
168random kernel code to issue security checks; (b) an implementation of
169security check logic; and (c) an extensibility framework for that
170security check logic.
171
172 - As of January 2017 nobody is currently working on this.
173 - There is currently no clear timeframe or release target.
174 - Contact dholland for further information.
175
176
1779. sysmon_envsys
178
179sysmon_envsys is also too complicated. XXX: someone fill in more here
180please.
181
182 - As of January 2017 nobody is currently working on this.
183 - There is currently no clear timeframe or release target.
184 - Contact: ? (XXX)
185
186
18710. atf
188
189atf is horribly complicated and very expensive (apparently it takes
190all day to compile just atf on an sgimips) and doesn't provide a whole
191lot of bang for the buck. It is also frequently cited as an impediment
192to getting new tests written and deployed. It is not at all clear what
193to do about it.
194
195 - As of January 2017 nobody is currently working on this.
196 - There is currently no clear timeframe or release target.
197 - Contact: ? (XXX)
198
199
20011. pam
201
202pam, though a more or less standard API/interface, has a range of
203problems, one being that after the manner of sysvinit it works by
204exposing a mechanism and you configure it by mucking with the
205mechanism until it produces the behavior you want. (Except that if you
206muck with its mechanism, you end up locking yourself out.) In practice
207editing pam configs seems to be limited to specialists, and that's
208really not suitable for security software.
209
210It is very unclear what to do about it though. It's a standard API and
211there are a number of 3rd-party pam modules, some of which people need
212to be able to use. Once upon a time there was a similar thing called
213bsdauth, but it never really seems to have been a credible alternative.  
214Probably the right thing to do is to completely redesign
215how logging in works, but that's a Big Deal.
216
217 - As of January 2017 nobody is currently working on this.
218 - There is currently no clear timeframe or release target.
219 - Contact: ? (XXX)
220