svn commit: r266806 - head/sys/netgraph
glebius at FreeBSD.org
Wed May 28 14:56:24 UTC 2014
On Wed, May 28, 2014 at 10:12:32PM +0800, Julian Elischer wrote:
J> On 5/28/14, 9:15 PM, Gleb Smirnoff wrote:
J> > Author: glebius
J> > Date: Wed May 28 13:15:14 2014
J> > New Revision: 266806
J> > URL: http://svnweb.freebsd.org/changeset/base/266806
J> > Log:
J> > Use M_WAITOK for the NGM_PIPE_SET_CFG control message. We expect it to
J> > arrive from userland only.
J> > Submitted by: Dmitry Luhtionov <dmitryluhtionov gmail.com>
J> what's to stop another node from generating it and sending it on?
J> generally a message may come from anywhere.
J> Just becasue YOU don't have module that
J> sends messages to ng_pipe, doesn't mean there never will be..
J> also there are cases when the locking may force a message to be
J> delivered asynchronously.
I know that. After resolving many issues with netgraph, I feel that
our policy should be towards putting some invariants on what events
SHOULD come from userland only and which events SHOULD be serviced
without memory failures.
Current paradigma that messages are fully symmetrical and can come
from anywhere are quite a curious thought experiment. I liked that
for a long time. But in practice if we want to build a robust software
we should make more strict rules of using it.
You could disagree, but if you try to fix this particular one liner
in the paradigma of "messages come from anywhere", then you will end
up with smth like 20 lines of code to this particular module. Next
comes the need to fix any software or script that sends NGM_PIPE_SET_CFG,
it now should be taught of dealing with ENOMEM. So, instead of one
liner you will bury yourself under tons of work.
Totus tuus, Glebius.
More information about the svn-src-head