Loading ng_socket at runtime?

Max Laier max at love2party.net
Thu Jul 30 15:10:00 UTC 2009 

On Thursday 30 July 2009 11:39:00 Robert Watson wrote:
> On Wed, 29 Jul 2009, Matthew Fleming wrote:
> > I'm doing a migration from releng/6.1 to stable/7, and one of the many
> > new things is that I get a warning when doing things with ng_socket that
> > didn't used to happen.
> >
> > WARNING: attempt to net_add_domain(netgraph) after domainfinalize()
>
> I've wondered about these warnings also, and am not sure they're justified
> -- any protocol loading after domainfinalize() should expect that timers
> are already started, etc, and loadable protocols are clearly desirable.
>
> > - ignore the warning (usually a bad idea...)
>
> Probably remove the warning.  Some more synchronization is likely required
> in domain registration than is currently there -- on the other hand, it's
> probably not a big issue that it's missing as write operations on the
> domain list are conservative and extremely rare.
>
> I've CC'd Max Laier, who added the warnings -- perhaps he could lend some
> insight into the types of problems he anticipated.  The main one I'm aware
> of is that mutating the domain list on a live system is risky because it's
> not well-synchronized -- however, adding domains should be pretty safe in
> practice.

This originated from http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/72772 - 
if I remember correctly.  As usual, the devil is in the details.  In the case 
of the PR there was a race for if_afdata contents.  The specific problem 
described in that PR is a static initialization order problem, but - as I 
recall - we did see a similar issue with runtime loading of domains as well.

The waring was added as a compromise.  We didn't want to remove the ability to 
add netgraph at runtime, but would want to discourage more domains with module 
capabilities.  A full fix was way out of reach at the time as it means a lot 
of synchronization around otherwise very static data (e.g. if_afdata).  Maybe 
it is time to revisit as we now have read-mostly locks and there is more 
locking in place for things like address-lists (which was also an area of 
concern).

In any case and my opinion, removing a domain should never be allowed at 
runtime.  Unless we add proper synchronization around the protosw, that is.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

More information about the freebsd-stable mailing list