Loading ng_socket at runtime?
Max Laier
max at love2party.net
Thu Jul 30 15:10:00 UTC 2009
On Thursday 30 July 2009 11:39:00 Robert Watson wrote:
> On Wed, 29 Jul 2009, Matthew Fleming wrote:
> > I'm doing a migration from releng/6.1 to stable/7, and one of the many
> > new things is that I get a warning when doing things with ng_socket that
> > didn't used to happen.
> >
> > WARNING: attempt to net_add_domain(netgraph) after domainfinalize()
>
> I've wondered about these warnings also, and am not sure they're justified
> -- any protocol loading after domainfinalize() should expect that timers
> are already started, etc, and loadable protocols are clearly desirable.
>
> > - ignore the warning (usually a bad idea...)
>
> Probably remove the warning. Some more synchronization is likely required
> in domain registration than is currently there -- on the other hand, it's
> probably not a big issue that it's missing as write operations on the
> domain list are conservative and extremely rare.
>
> I've CC'd Max Laier, who added the warnings -- perhaps he could lend some
> insight into the types of problems he anticipated. The main one I'm aware
> of is that mutating the domain list on a live system is risky because it's
> not well-synchronized -- however, adding domains should be pretty safe in
> practice.
This originated from http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/72772 -
if I remember correctly. As usual, the devil is in the details. In the case
of the PR there was a race for if_afdata contents. The specific problem
described in that PR is a static initialization order problem, but - as I
recall - we did see a similar issue with runtime loading of domains as well.
The waring was added as a compromise. We didn't want to remove the ability to
add netgraph at runtime, but would want to discourage more domains with module
capabilities. A full fix was way out of reach at the time as it means a lot
of synchronization around otherwise very static data (e.g. if_afdata). Maybe
it is time to revisit as we now have read-mostly locks and there is more
locking in place for things like address-lists (which was also an area of
concern).
In any case and my opinion, removing a domain should never be allowed at
runtime. Unless we add proper synchronization around the protosw, that is.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-stable
mailing list