1$NetBSD: mess,v 1.2 2017/01/14 20:50:15 dholland Exp $
2
3NetBSD Messes and Tentacular Horrors Roadmap
4============================================
5
6There are a number of places in NetBSD where the code is substandard,
7or messy, or badly structured, or just excessively complicated. These
8are liabilities. Fixing them is a goal, not just because they
9themselves cause problems but because every pile of glop in the system
10functions as an implicit excuse to not clean up others.
11
12There are two kinds of these messes: with some, the consequences are
13relatively localized, and while dealing with that particular area of
14the code may be nasty the issues are otherwise mostly not visible.
15With others, the horror spreads and contaminates everything that comes
16near it. The latter are particularly important to clean out.
17
18The things listed here are listed here because they have been cited as
19problems; some of these are regularly cited as problems. The goal of
20this file is not to criticize the code or point fingers (some of these
21messes come down to us all the way from 4.3 and are the result of
22always patching and never fixing; but some of them have been
23self-inflicted because they seemed like a good idea at the time, or
24they were what we had, or whatever) but to document areas that could
25use a good rototill or two.
26
27These are listed in a perceived order of priority based on how bad the
28mess is, how toxic it is to things around it, how much it's
29interfering with other development, and how unreliable the affected
30code is as a result.
31
32 1. namei, ufs_lookup, vfs_rename
33 2. buffercache
34 3. network interfaces
35 4. mbufs
36 5. tty code
37 6. nsswitch code in libc
38 7. proplib
39 8. kauth
40 9. sysmon_envsys
41 10. atf
42 11. pam
43	
44
45Explanations
46============
47
48
491. namei, ufs_lookup, vfs_rename
50
51namei is central to everything and it's been horrible since at least
524.3 and maybe longer. A fair amount of work has been put into it, and
53a number of the particular horrors have been eliminated, but there's
54still quite a bit left to do.
55
56The immediate next step is to introduce VOP_PARSEPATH (a new VOP call
57to allow the two filesystems we have that consume more than one
58directory component at a time to do so in a more tractable way) and
59then it's time to start implementing namei_parent, a version that
60stops at the parent with one component name left to go. This will
61allow a much saner interface to directory ops, including rename, and
62once those are done a lot of the complexity currently in namei and in
63the VOP_LOOKUP interface can be removed.
64
65 - dholland is working on this intermittently.
66 - VOP_PARSEPATH is ready to commit and is expected to make 8.0.
67   There is currently no clear timeframe for anything beyond that.
68 - Responsible: dholland
69
70
712. buffercache
72
73The buffercache code is messy and full of flag words that filesystems
74muck with freely and not necessarily with correct locking. It is
75suspected that there is a lot of incorrect locking. Also, a lot of the
76naming and terminology (things like BO_DELWRI) is really ancient and
77reflects non-current assumptions about the way file system buffers
78should work.
79
80The first step on this is to disentangle the buffer cache
81(buffercache(9)) from the buffer I/O path (bufferio(9)) -- right now
82they both abusively share the same struct buf.
83
84 - As of January 2017 nobody is currently working on this.
85 - There is currently no clear timeframe or release target.
86 - Contact dholland for further information.
87
88
893. network interfaces
90
91The network interface structure and its associated support code has no
92abstraction, no encapsulation, and no safety. It badly needs
93rationalization.
94
95 - As of January 2017 nobody is currently working on this directly,
96   though some aspects fall under the multiprocessor network stack
97   project.
98 - There is currently no clear timeframe or release target.
99 - Contact rmind for further information.
100
101
1024. mbufs
103
104The mbuf code has some concept of an interface, but lots of the code
105manipulating mbufs doesn't use that interface, and there's still no
106encapsulation and no safety.
107
108 - As of January 2017 nobody is currently working on this directly,
109   though some aspects fall under the multiprocessor network stack
110   project.
111 - There is currently no clear timeframe or release target.
112 - Contact rmind or dholland for further information.
113
114
1155. tty code
116
117The tty subsystem has no concept of an interface at all, and there are
118large wodges of code cutpasted all over everywhere in gazillions of
119tty client drivers. There's no encapsulation either and absolutely no
120safety. Furthermore the locking model is bodgy.
121
122In addition to this the division of responsibility between "tty" and
123"serial port" is wrong. There are a number of drivers (e.g. for mice)
124that are partially ttys because they're things that are more or less
125serial ports, but they were never meant to be used for logins and
126can't be. These should be disentangled from the tty layer.
127
128Finally, the notion of line disciplines is a legacy mess that ought to
129get turned into a system of device attachments - a line discipline is
130a driver attached on top of the line, except that the concept appeared
131long before anyone really thought up device attachments as we know
132them now.
133
134 - As of January 2017 nobody is currently working on this.
135 - There is currently no clear timeframe or release target.
136 - Contact dholland for further information.
137
138
1396. nsswitch code in libc
140
141The nsswitch code in libc is not all that bad in the sense of being
142horrible code you lose sanity points to look at, but it's structured
143all wrong. It can't be cleaned up without doing a libc bump, which is
144a big deal, but if we do ever manage to get that libc bump done it's
145important that the nsswitch code get revised then.
146
147 - As of January 2017 nobody is currently working on this.
148 - There is currently no clear timeframe or release target.
149 - Contact dholland or joerg for further information.
150
151
1527. proplib
153
154Removal of proplib is and has been a goal of several developers for
155some time, but there's not been any consensus on a replacement. Much
156has been written on this elsewhere so I'm not going to repeat it all
157here.
158
159 - As of January 2017 nobody is currently working on this, but several
160   partly-finished proplib replacement candidates exist.
161 - There is currently no clear timeframe or release target.
162 - Contact dholland, rmind, riastradh, or any of a number of other
163   people for further information.
164
165
1668. kauth
167
168kauth is far too complicated for security code and its API is full of
169void pointers and horribly unsafe. There is no consensus on what to do
170about it, though. Part of the problem is that kauth itself is at least
171three different things that need to be disentangled: (a) an API for
172random kernel code to issue security checks; (b) an implementation of
173security check logic; and (c) an extensibility framework for that
174security check logic.
175
176 - As of January 2017 nobody is currently working on this.
177 - There is currently no clear timeframe or release target.
178 - Contact dholland for further information.
179
180
1819. sysmon_envsys
182
183sysmon_envsys is also too complicated. XXX: someone fill in more here
184please.
185
186 - As of January 2017 nobody is currently working on this.
187 - There is currently no clear timeframe or release target.
188 - Contact: ? (XXX)
189
190
19110. atf
192
193atf is horribly complicated and very expensive (apparently it takes
194all day to compile just atf on an sgimips) and doesn't provide a whole
195lot of bang for the buck. It is also frequently cited as an impediment
196to getting new tests written and deployed. It is not at all clear what
197to do about it.
198
199 - As of January 2017 nobody is currently working on this.
200 - There is currently no clear timeframe or release target.
201 - Contact: ? (XXX)
202
203
20411. pam
205
206pam, though a more or less standard API/interface, has a range of
207problems, one being that after the manner of sysvinit it works by
208exposing a mechanism and you configure it by mucking with the
209mechanism until it produces the behavior you want. (Except that if you
210muck with its mechanism, you end up locking yourself out.) In practice
211editing pam configs seems to be limited to specialists, and that's
212really not suitable for security software.
213
214It is very unclear what to do about it though. It's a standard API and
215there are a number of 3rd-party pam modules, some of which people need
216to be able to use. Once upon a time there was a similar thing called
217bsdauth, but it never really seems to have been a credible alternative.  
218Probably the right thing to do is to completely redesign
219how logging in works, but that's a Big Deal.
220
221 - As of January 2017 nobody is currently working on this.
222 - There is currently no clear timeframe or release target.
223 - Contact: ? (XXX)
224