This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wishlist:david [2016/01/24 16:09] dcvmoole SUSPEND/EDONTREPLY |
wishlist:david [2017/10/11 18:13] (current) dcvmoole networking project is merged |
||
---|---|---|---|
Line 82: | Line 82: | ||
* reason: the current approach requires extra IPC and extra state to be kept in the file system | * reason: the current approach requires extra IPC and extra state to be kept in the file system | ||
* reason: seek behavior can be combined with posix_fadvise/madvise to provide hints | * reason: seek behavior can be combined with posix_fadvise/madvise to provide hints | ||
- | |||
- | === Look into setuid/seteuid behavior === | ||
- | |||
- | * reason: this is causing problems with openssh server privilege separation, possibly openntpd (#61), possibly others | ||
- | * complication: uid/gid management is so convoluted that a paper was published about it | ||
- | * complication: lots of services other than PM and VFS (eg UDS, IPC..) are probably also doing the wrong thing | ||
=== Implement true vector support for readv/writev/sendmsg/recvmsg === | === Implement true vector support for readv/writev/sendmsg/recvmsg === | ||
Line 149: | Line 143: | ||
* complication: (lots of complications, TBD) | * complication: (lots of complications, TBD) | ||
- | === Move the BSD socket API into VFS === | + | === Add SEM_UNDO support to SysV IPC semaphores === |
- | * status: **IN PROGRESS** | + | * reason: missing functionality |
- | * reason: libc should not need to test or track socket types, it violates the light-libc minix philosophy | + | * complication: tricky in many ways, may end up doubling sem.c code size |
- | * reason: the individual writes to implement sendto (etc) probably violate posix signal atomicity | + | * complication: needs an extensive test set to match (adding to test88 or separate) |
- | * benefit: this allows for proper socket call support in trace(1) | + | |
- | * complication: this will break everything, require INET's retirement and a substantial UDS rewrite | + | === Add support for SysV IPC message queues === |
- | * note: this is probably best done along with many other network stack related changes | + | |
+ | * reason: ipcs/ipcrm expect this to be supported | ||
+ | * note: this will require that the process-is-blocked-on table be split from sem.c | ||
+ | |||
+ | === Make procfs no longer import other services' headers and tables === | ||
+ | |||
+ | * reason: where needed, this kind of stuff should now be handled by the MIB service | ||
+ | * reason: there are rare cases where recompiling procfs is not desirable | ||
+ | * complication: especially for /proc/services this will require moving a lot into MIB | ||
+ | |||
+ | === Make procfs optional === | ||
+ | |||
+ | * reason: essentially the same role is now fulfilled by the MIB service, making procfs somewhat redundant | ||
+ | * reason: we want to allow footprint reduction in general | ||
+ | * complication: not all of the information is available through the MIB service as it is | ||
+ | * complication: /etc/mtab is currently a symlink to /proc/mounts, this needs to be dealt with | ||
+ | * note: ideally, procfs should no longer be needed on the ramdisk | ||
+ | |||
+ | === Rework the DS publish/subscribe API === | ||
+ | |||
+ | * reason: the current implementation is heavyweight (libc regex) and uses malloc through regcomp(3) | ||
+ | * reason: at the same time it does not fulfill needs of services, which want to have multiple independent subscriptions | ||
+ | * complication: this requires a proper look at all current DS publish/subscribe usage scenarios | ||
+ | * note: an example use case is RMIB, which wants to detect MIB-service restarts independent of the main code | ||
+ | * note: a solution based on multiple possible subscriptions to sets of service classes would probably suffice | ||
+ | * note: libsys should probably have a DS notification dispatcher, possibly as part of SEF | ||
+ | * note: this probably a good time to introduce a system-wide constant for service label sizes | ||
+ | |||
+ | === Make the MIB service's RMIB calls asynchronous === | ||
+ | |||
+ | * reason: a RMIB call to a deadlocked service may currently deadlock MIB, and with that the entire system | ||
+ | * complication: this may or may not require the MIB service to sign up for PM process events | ||
+ | * note: this depends on RMIB being notified about service deaths through DS, rather than via ipc_sendrec() | ||
+ | |||
+ | === Extend RMIB functionality/robustness to match service requirements === | ||
+ | |||
+ | * problem: it is not possible to modify (= bump the version number of) already-mounted RMIB subtrees (e.g., net.interface) | ||
+ | * problem: it is not possible to mount RMIB subtrees using a name only (e.g. minix.lwip) | ||
+ | * problem: it is currently possible to mess up the MIB tree with bad name+id combos in RMIB mount requests | ||
+ | |||
+ | === Disallow killing processes in an uninterruptible system call === | ||
+ | |||
+ | * reason: processes may currently be terminated while in an uninterruptible system call, possibly triggering poorly-tested scenarios in other services (safecopy failures, etc) | ||
+ | * complication: this will require changes to the PM signal state machine, with subtle side effects | ||
+ | * complication: involving all user-facing system services in exit notification is a performance problem | ||
+ | * note: the most obvious solution would be kernel support for notification (to PM) when a process system call has completed, comparable to SIGNDELAY, and a PREEXIT process state in PM | ||
+ | * note: ideally the same idea would be applied to signal handler invocation, because the current approach makes dangerous and already-incorrect(?) assumptions about "retreg" there | ||
+ | |||
+ | === Add support for pselect(2) === | ||
+ | |||
+ | * reason: pselect(2) is required by dhcpcd(8) and various other parts of userland | ||
+ | * complication: pselect(2) is supposed to be atomic and thus cannot be implemented as a select(2) wrapper | ||
+ | * complication: a proper implementation will require a non-trivial extension to the PM/VFS protocol | ||
+ | * subsequent project: also implement paccept(2); this will require storing more call state in VFS | ||
=== Implement job control === | === Implement job control === | ||
Line 174: | Line 221: | ||
* complication: different file system will require different small exceptions | * complication: different file system will require different small exceptions | ||
* complication: no neat way to model orphan management in the edge (directory) layer | * complication: no neat way to model orphan management in the edge (directory) layer | ||
+ | |||
+ | === Move the BSD socket API into VFS === | ||
+ | |||
+ | * status: **MERGED** | ||
+ | * reason: libc should not need to test or track socket types, it violates the light-libc minix philosophy | ||
+ | * reason: the individual writes to implement sendto (etc) probably violate posix signal atomicity | ||
+ | * benefit: this allows for proper socket call support in trace(1) | ||
+ | * complication: this will break everything, require INET's retirement and a substantial UDS rewrite | ||
+ | * note: this is probably best done along with many other network stack related changes | ||
+ | |||
+ | === Look into setuid/seteuid behavior === | ||
+ | |||
+ | * status: **MERGED** | ||
+ | * reason: this is causing problems with openssh server privilege separation, possibly openntpd (#61), possibly others | ||
+ | * complication: uid/gid management is so convoluted that a paper was published about it | ||
+ | * complication: lots of services other than PM and VFS (eg UDS, IPC..) are probably also doing the wrong thing | ||
=== Resolve the issue of soft faults versus partial success in file systems === | === Resolve the issue of soft faults versus partial success in file systems === |