1$NetBSD: mess,v 1.2 2017/01/14 20:50:15 dholland Exp $ 2 3NetBSD Messes and Tentacular Horrors Roadmap 4============================================ 5 6There are a number of places in NetBSD where the code is substandard, 7or messy, or badly structured, or just excessively complicated. These 8are liabilities. Fixing them is a goal, not just because they 9themselves cause problems but because every pile of glop in the system 10functions as an implicit excuse to not clean up others. 11 12There are two kinds of these messes: with some, the consequences are 13relatively localized, and while dealing with that particular area of 14the code may be nasty the issues are otherwise mostly not visible. 15With others, the horror spreads and contaminates everything that comes 16near it. The latter are particularly important to clean out. 17 18The things listed here are listed here because they have been cited as 19problems; some of these are regularly cited as problems. The goal of 20this file is not to criticize the code or point fingers (some of these 21messes come down to us all the way from 4.3 and are the result of 22always patching and never fixing; but some of them have been 23self-inflicted because they seemed like a good idea at the time, or 24they were what we had, or whatever) but to document areas that could 25use a good rototill or two. 26 27These are listed in a perceived order of priority based on how bad the 28mess is, how toxic it is to things around it, how much it's 29interfering with other development, and how unreliable the affected 30code is as a result. 31 32 1. namei, ufs_lookup, vfs_rename 33 2. buffercache 34 3. network interfaces 35 4. mbufs 36 5. tty code 37 6. nsswitch code in libc 38 7. proplib 39 8. kauth 40 9. sysmon_envsys 41 10. atf 42 11. pam 43 44 45Explanations 46============ 47 48 491. namei, ufs_lookup, vfs_rename 50 51namei is central to everything and it's been horrible since at least 524.3 and maybe longer. A fair amount of work has been put into it, and 53a number of the particular horrors have been eliminated, but there's 54still quite a bit left to do. 55 56The immediate next step is to introduce VOP_PARSEPATH (a new VOP call 57to allow the two filesystems we have that consume more than one 58directory component at a time to do so in a more tractable way) and 59then it's time to start implementing namei_parent, a version that 60stops at the parent with one component name left to go. This will 61allow a much saner interface to directory ops, including rename, and 62once those are done a lot of the complexity currently in namei and in 63the VOP_LOOKUP interface can be removed. 64 65 - dholland is working on this intermittently. 66 - VOP_PARSEPATH is ready to commit and is expected to make 8.0. 67 There is currently no clear timeframe for anything beyond that. 68 - Responsible: dholland 69 70 712. buffercache 72 73The buffercache code is messy and full of flag words that filesystems 74muck with freely and not necessarily with correct locking. It is 75suspected that there is a lot of incorrect locking. Also, a lot of the 76naming and terminology (things like BO_DELWRI) is really ancient and 77reflects non-current assumptions about the way file system buffers 78should work. 79 80The first step on this is to disentangle the buffer cache 81(buffercache(9)) from the buffer I/O path (bufferio(9)) -- right now 82they both abusively share the same struct buf. 83 84 - As of January 2017 nobody is currently working on this. 85 - There is currently no clear timeframe or release target. 86 - Contact dholland for further information. 87 88 893. network interfaces 90 91The network interface structure and its associated support code has no 92abstraction, no encapsulation, and no safety. It badly needs 93rationalization. 94 95 - As of January 2017 nobody is currently working on this directly, 96 though some aspects fall under the multiprocessor network stack 97 project. 98 - There is currently no clear timeframe or release target. 99 - Contact rmind for further information. 100 101 1024. mbufs 103 104The mbuf code has some concept of an interface, but lots of the code 105manipulating mbufs doesn't use that interface, and there's still no 106encapsulation and no safety. 107 108 - As of January 2017 nobody is currently working on this directly, 109 though some aspects fall under the multiprocessor network stack 110 project. 111 - There is currently no clear timeframe or release target. 112 - Contact rmind or dholland for further information. 113 114 1155. tty code 116 117The tty subsystem has no concept of an interface at all, and there are 118large wodges of code cutpasted all over everywhere in gazillions of 119tty client drivers. There's no encapsulation either and absolutely no 120safety. Furthermore the locking model is bodgy. 121 122In addition to this the division of responsibility between "tty" and 123"serial port" is wrong. There are a number of drivers (e.g. for mice) 124that are partially ttys because they're things that are more or less 125serial ports, but they were never meant to be used for logins and 126can't be. These should be disentangled from the tty layer. 127 128Finally, the notion of line disciplines is a legacy mess that ought to 129get turned into a system of device attachments - a line discipline is 130a driver attached on top of the line, except that the concept appeared 131long before anyone really thought up device attachments as we know 132them now. 133 134 - As of January 2017 nobody is currently working on this. 135 - There is currently no clear timeframe or release target. 136 - Contact dholland for further information. 137 138 1396. nsswitch code in libc 140 141The nsswitch code in libc is not all that bad in the sense of being 142horrible code you lose sanity points to look at, but it's structured 143all wrong. It can't be cleaned up without doing a libc bump, which is 144a big deal, but if we do ever manage to get that libc bump done it's 145important that the nsswitch code get revised then. 146 147 - As of January 2017 nobody is currently working on this. 148 - There is currently no clear timeframe or release target. 149 - Contact dholland or joerg for further information. 150 151 1527. proplib 153 154Removal of proplib is and has been a goal of several developers for 155some time, but there's not been any consensus on a replacement. Much 156has been written on this elsewhere so I'm not going to repeat it all 157here. 158 159 - As of January 2017 nobody is currently working on this, but several 160 partly-finished proplib replacement candidates exist. 161 - There is currently no clear timeframe or release target. 162 - Contact dholland, rmind, riastradh, or any of a number of other 163 people for further information. 164 165 1668. kauth 167 168kauth is far too complicated for security code and its API is full of 169void pointers and horribly unsafe. There is no consensus on what to do 170about it, though. Part of the problem is that kauth itself is at least 171three different things that need to be disentangled: (a) an API for 172random kernel code to issue security checks; (b) an implementation of 173security check logic; and (c) an extensibility framework for that 174security check logic. 175 176 - As of January 2017 nobody is currently working on this. 177 - There is currently no clear timeframe or release target. 178 - Contact dholland for further information. 179 180 1819. sysmon_envsys 182 183sysmon_envsys is also too complicated. XXX: someone fill in more here 184please. 185 186 - As of January 2017 nobody is currently working on this. 187 - There is currently no clear timeframe or release target. 188 - Contact: ? (XXX) 189 190 19110. atf 192 193atf is horribly complicated and very expensive (apparently it takes 194all day to compile just atf on an sgimips) and doesn't provide a whole 195lot of bang for the buck. It is also frequently cited as an impediment 196to getting new tests written and deployed. It is not at all clear what 197to do about it. 198 199 - As of January 2017 nobody is currently working on this. 200 - There is currently no clear timeframe or release target. 201 - Contact: ? (XXX) 202 203 20411. pam 205 206pam, though a more or less standard API/interface, has a range of 207problems, one being that after the manner of sysvinit it works by 208exposing a mechanism and you configure it by mucking with the 209mechanism until it produces the behavior you want. (Except that if you 210muck with its mechanism, you end up locking yourself out.) In practice 211editing pam configs seems to be limited to specialists, and that's 212really not suitable for security software. 213 214It is very unclear what to do about it though. It's a standard API and 215there are a number of 3rd-party pam modules, some of which people need 216to be able to use. Once upon a time there was a similar thing called 217bsdauth, but it never really seems to have been a credible alternative. 218Probably the right thing to do is to completely redesign 219how logging in works, but that's a Big Deal. 220 221 - As of January 2017 nobody is currently working on this. 222 - There is currently no clear timeframe or release target. 223 - Contact: ? (XXX) 224