FreeBSD The Power to Serve

FreeBSD 11.0-RELEASE Release Notes

Abstract

The release notes for FreeBSD 11.0-RELEASE contain a summary of the changes made to the FreeBSD base system on the 11.0-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.

Introduction

This document contains the release notes for FreeBSD 11.0-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

This distribution of FreeBSD 11.0-RELEASE is a release distribution. It can be found at https://www.FreeBSD.org/releases/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the Obtaining FreeBSD' appendix to the FreeBSD Handbook.

All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.0-RELEASE can be found on the FreeBSD Web site.

This document describes the most user-visible new or changed features in FreeBSD since 10.3-RELEASE. In general, changes described here are unique to the 11.0-STABLE branch unless specifically marked as MERGED features.

Typical release note items document recent security advisories issued after 10.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

Important Notes

This section lists important information for those upgrading from prior FreeBSD releases.

User-facing Changes

As of r303719, OpenSSH DSA key generation has been disabled by default. It is important to update OpenSSH keys prior to upgrading. Additionally, Protocol 1 support has been removed.

Upgrading from Previous Releases of FreeBSD

[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, using the instructions in /usr/src/UPDATING.

For information on upgrading via freebsd-update(8), please see the binary upgrading section in the Installation page.

Important:
Upgrading FreeBSD should only be attempted after backing up all data and configuration files.

Userland

This section covers changes and additions to userland applications, contributed software, and system utilities.

Userland Configuration Changes

The default newsyslog.conf(5) now includes files in the /etc/newsyslog.conf.d/ and /usr/local/etc/newsyslog.conf.d/ directories for newsyslog(8). (r266463)

The mailwrapper(8) utility has been updated to use mailer.conf(5) from the LOCALBASE environment variable, which defaults to /usr/local if unset. (r270675)

The MK_ARM_EABI src.conf(5) option has been removed and is now the only supported ABI for FreeBSD/arm. (r272350)

The ntp suite has been updated to version 4.2.8p8. (r301247)

/etc/ntp/leap-seconds has been updated to version 3676752000. (r301247)

The WITH_SYSTEM_COMPILER src.conf(5) option is enabled by default. (r302177)

Userland Application Changes

When unable to load a kernel module with kldload(8), a message informing to view output of dmesg(8) is now printed, opposed to the previous output "Exec format error.". (r260594)

The pciconf(8) utility can now identify PCI devices that are attached to a driver to be identified by their device name instead of just the selector. Additionally, the -l flag now accepts an optional device argument to list details about a single device. (r260910)

A new flag, "onifconsole" has been added to /etc/ttys. This allows the system to provide a login prompt via serial console if the device is an active kernel console, otherwise it is equivalent to off. (r260913)

Support for displaying VPD for PCI devices via pciconf(8) has been added. (r260926)

The ping(8) utility has been updated to use the Capsicum framework to drop priviliges, protecting against malicious network packets. (r261498)

The ps(1) utility has been updated to include the -J flag, used to filter output by matching jail(8) IDs and names. Additionally, argument 0 can be used to -J to only list processes running on the host system. (r265229)

The top(1) utility has been updated to filter by jail(8) ID or name, in followup to the ps(1) change in r265229. (r265249)

The pmcstat(8) utility has been updated to include a new flag, -l, which ends event collection after the specified number of seconds. (r266209)

The ps(1) utility has been updated to include a new keyword, "tracer", which displays the PID of the tracing process. (r270745)

Support for adding empty partitions has been added to the mkimg(1) utility. (r271482)

The primes(6) utility has been updated to correctly enumerate prime numbers between 4295098369 and 3825123056546413050. Prior to this change, it was possible for returned values to be incorrectly identified as prime numbers. (r272166)

The mkimg(1) utility has been updated to include three options used to print information about mkimg(1) itself: (r272198)

Option Output

--version

The current version of the mkimg(1) utility

--formats

The disk image file formats supported by mkimg(1)

--schemes

The partition schemes supported by mkimg(1)

Userland ctf(5) support in dtrace(1) has been added. With this change, dtrace(1) is able to resolve type info for function and USDT probe arguments, and function return values. (r272488)

The elfdump(1) utility has been updated to support capability mode provided by capsicum(4). (r274960)

The fstyp(8) utility has been added, which is used to determine the filesystem on a specified device. (r275680) (Sponsored by The FreeBSD Foundation)

The libedit library has been updated to support UTF-8, which additionally provides unicode support to sh(1). (r276881)

The mkimg(1) utility has been updated to support the MBR EFI partition type. (r276893) (Sponsored by The FreeBSD Foundation)

The ptrace(2) system call has been updated include support for Altivec registers on FreeBSD/powerpc. (r277166)

A new device control utility, devctl(8) has been added, which allows making administrative changes to individual devices, such as attaching and detaching drivers, and enabling and disabling devices. The devctl(8) utility uses the new devctl(3) library. (r278320)

The netstat(1) utility has been updated to use libxo(3) to optionally generate machine-readable output. (r279122) (Sponsored by Juniper Networks, Inc.)

A new flag, -c, has been added to the mkimg(1) utility, which allows specifying the capacity of the target disk image. (r279139)

The UEFI Secure Boot signing utility, uefisign(8) utility has been added. (r279315) (Sponsored by The FreeBSD Foundation)

The freebsd-update(8) utility has been updated to prevent fetching updated binary patches when a previous upgrade has not been thoroughly completed. (r279571) (Sponsored by ScaleEngine, Inc.)

A regression in the libarchive(3) library that would prevent a directory from being included in the archive when --one-file-system is used has been fixed. (r280870)

The ar(1) utility has been updated to set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT to disallow directory traversal when extracting an archive, similar to tar(1). (r281311) (Sponsored by The FreeBSD Foundation)

A race condition in wc(1) that would cause final results to be sent to stderr(4) when receiving the SIGINFO signal has been fixed. (r281617)

The chflags(1), chgrp(1), chmod(1), and chown(8) utilities now affect symbolic links when the -R flag is specified, as documented in symlink(7). (r282208) (Sponsored by Multiplay)

The date(1) utility has been updated to print the modification time of the file passed as an argument to the -r flag, improving compatibility with the GNU date(1) utility behavior. (r282608)

The pw(8) utility has been updated with a new flag, -R, that sets the root directory within which the utility will operate. (r283961)

The lockstat(1) utility has been updated with several improvements: (r284297) (Sponsored by ClusterHQ)

  • Spin locks are now reported as the amount of time spinning, instead of loop iterations.

  • Reader locks are now recognized as adaptive that can spin on FreeBSD.

  • Lock aquisition events for successful reader try-lock events are now reported.

  • Spin and block events are now reported before lock acquisition events.

The fstyp(8) utility has been updated to be able to detect zfs(8) and geli(8) filesystems. (r284589) (Sponsored by ScaleEngine, Inc.)

The mkimg(1) utility has been updated to include support for NTFS filesystems in both MBR and GPT partitioning schemes. (r284883)

The quota(1) utility has been updated to include support for IPv6. (r285253)

The jexec(8) utility has been updated to include a new flag, -l, which ensures a clean environment in the target jail when used. Additionally, jexec(8) will run a shell within the target jail when run no commands are specified. (r285420)

The w(1) utility has been updated to display the full IPv6 remote address of the host from which a user is connected. (r285550)

The jail(8) framework has been updated to allow mounting linprocfs(5) and linsysfs(5) within a jail. (r285685)

The patch(1) utility has been updated to include a new option to the -V flag, none, which disables backup file creation when applying a patch. (r285772) (Sponsored by EMC / Isilon Storage Division)

The ar(1) utility now enables deterministic mode (-D) by default. This behavior can be disabled by specifying the -U flag. (r286010) (Sponsored by The FreeBSD Foundation)

The xargs(1) utility has been updated to allow specifying 0 as an argument to the -P (parallel mode) flag, which allows creating as many concurrent processes as possible. (r286289) (Sponsored by ScaleEngine, Inc.)

The patch(1) utility has been updated to remove the automatic checkout feature. (r286795)

The wireless network stack has been modified to no longer show physical wireless devices by default. In order to view available wireless devices on the system, run sysctl net.wlan.devices. (r287197) (Sponsored by Netflix, Nginx, Inc.)

A new utility, sesutil(8), has been added, which is used to manage ses(4) (SCSI Environmental Services) devices. (r287473) (Sponsored by Gandi.net)

The pciconf(8) utility has been updated to use the PCI ID database from the misc/pciids package, if present, falling back to the PCI ID database in the FreeBSD base system. (r287522)

The resolver library has been updated to reload /etc/resolv.conf if the modification time has changed. (r289315) (Sponsored by Dell, Inc.)

The uuencode(1) utility has been updated to include a new flag, -r, which when used will generate raw output similar the uudecode(1) -r flag. (r297678)

By default the ifconfig(8) utility will set the default regulatory domain to FCC on wireless interfaces. As a result, newly created wireless interfaces with default settings will have less chance to violate country-specific regulations. (r300738)

A bug in the ul(1) utility that caused lines to be truncated at 512 characters has been fixed. (r302558)

Contributed Software

The binutils suite of utilities has been updated to include upstream patches that add new relocations for powerpc support. (r275718)

The ELF Tool Chain has been updated to upstream revision r3477. (r300698) (Sponsored by The FreeBSD Foundation)

The texinfo utility and info pages were removed from the base system. The print/texinfo port should be installed on systems where info pages are needed. (r276551)

The ELF object manipulation tools addr2line, c++filt, objcopy, nm, readelf, size, strip, and strings were switched to the versions from the ELF Tool Chain project. (r276796) (Sponsored by The FreeBSD Foundation)

The xz(1) utility has been updated to support multi-threaded compression. (r278433)

The nvi(1) editor and related utilities have been updated to version 2.1.3. (r281373)

The wpa_supplicant(8) and hostapd(8) utilities have been updated to version 2.4. (r281806)

bmake has been updated to version 20150606. (r284254)

Sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by default, i.e., they will not contain "::". For example, instead of "::1", it will be "0:0:0:0:0:0:0:1". This permits a zero subnet to have a more specific match, such as different map entries for IPv6:0:0 versus IPv6:0. This change requires that configuration data (including maps, files, classes, custom ruleset, etc.) must use the same format, so make certain such configuration data is in place before upgrading. As a very simple check search for patterns like 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or the cf option UseCompressedIPv6Addresses. (r285229)

The tcpdump(1) utility has been updated to version 4.7.4. (r285275)

The ssh(1) utility has been updated to re-implement hostname canonicalization before locating the host in known_hosts. (r285642) (Sponsored by Dell, Inc.)

The libarchive(3) library has been updated to properly skip a sparse file entry in a tar(1) file, which would previously produce errors. (r285972)

The apr library used by svnlite(1) has been updated to version 1.5.2. (r286503)

The serf library used by svnlite(1) has been updated to version 1.3.8. (r286505)

The acpi(4) subsystem has been updated to version 20150818. (r287168)

The unbound(8) utility has been updated to version 1.5.4. (r287917)

The nc(1) utility has been updated to the OpenBSD 5.8 version. (r288303)

Timezone data files have been updated to version 2015g. (r290697)

The xz(1) utility has been updated to version 5.2.2. (r291125)

The mandoc(1) utility has been updated to version 20160116. (r292257)

OpenBSM has been updated to version 1.2 alpha 4. (r292432)

Clang has been updated to version 3.8.0. (r296417)

LLVM has been updated to version 3.8.0. (r296417)

LLDB has been updated to version 3.8.0. (r296417)

libc++ has been updated to version 3.8.0. (r296417)

The compiler_rt utility has been updated to version 3.8.0. (r296417)

The resolvconf(8) utility has been updated to version 3.7.3. (r296190) (Sponsored by The FreeBSD Foundation)

OpenSSH has been updated to 7.2p2. (r296633)

The byacc(1) utility has been updated to version 20160324. (r297276)

The sqlite3 library used by svnlite(1) and kerberos(8) has been updated to version 3.12.1. (r298161)

libucl has been updated to version 0.8.0. (r298166)

The svnlite(1) utility has been updated to version 1.9.4. (r298845)

ACPICA has been updated to version 20160527. (r300879)

The libblacklist(3) library and applications have been ported from the NetBSD Project. Packet filtering support for the pf(4) packet filtering systems has been implemented. The blacklist system provides the blacklistd daemon, the helper script blacklistd-helper to make changes to the running packet filter system and the blacklistctl control program. A selection of system daemons, including: fingerd, ftpd, rlogind, and rshd have been modified to support sending notifications to the blacklistd daemon. (r301169) (Sponsored by The FreeBSD Foundation)

The jemalloc(3) library has been updated to version 4.2.1. (r301718)

Support for the ipfw(4) packet filter has been added to the blacklistd-helper script. (r301736) (Sponsored by The FreeBSD Foundation)

Support for the ipfilter(4) packet filter has been added to the blacklistd-helper script. (r301843) (Sponsored by The FreeBSD Foundation)

The file(1) utility has been updated to version 5.28. (r302221)

SSHv1 support has been removed from OpenSSH. (r303716)

Support for DSA is disabled by default in OpenSSH. (r303719)

OpenSSL has been updated to version 1.0.2i. (r306198)

Installation and Configuration Tools

The bsdinstall(8) partition editor and sade(8) utility have been updated to include native ZFS support. (r271539)

The FreeBSD installation utility, bsdinstall(8), has been updated to set the canmount zfs(8) property to off for the /var dataset, preventing the contents of directories within /var from conflicting when using multiple boot environments, such as that provided by sysutils/beadm. (r272274)

The bsdconfig(8) utility has been updated to skip the initial tzsetup(8) UTC versus wall-clock time prompt when run in a virtual machine, determined when the kern.vm_guest sysctl(8) is set to 1. (r274394)

The bsdinstall(8) utility has been updated to use the new dpv(3) library to display progress when extracting the FreeBSD distributions. (r275874)

Support for detecting and implementing aligning partitions on 1Mb boundaries has been added to bsdinstall(8). (r285557) (Sponsored by ScaleEngine, Inc.)

Support for detecting and implementing a workaround for various laptops and motherboards that do not boot properly from GPT-partitioned disks has been added to bsdinstall(8). Additionally, the active flag will be set on the partition when needed. (r285679) (Sponsored by ScaleEngine, Inc.)

Support for selecting the partitioning scheme when installing on the UFS filesystem has been added to bsdinstall(8). (r285679) (Sponsored by ScaleEngine, Inc.)

The bsdinstall(8) utility now supports a "BIOS+UEFI option during installation, supporting systems with UEFI or BIOS/CSM capability. (r298243)

The bsdinstall(8) utility has been updated to include various system hardening options during installation. (r303447)

/etc/rc.d Scripts

The rc(8) subsystem has been updated to allow configuring services in ${LOCALBASE}/etc/rc.conf.d/. If LOCALBASE is unset, it defaults to /usr/local. (r270676)

A new rc(8) script, growfs, has been added, which will resize the root filesystem to fill the device on boot if /firstboot exists and growfs_enable is enabled in rc.conf(5). (r273955)

The mrouted rc(8) script has been removed from the base system. An equivalent script is available from the net/mrouted port. (r275299)

The service(8) utility has been updated to honor entries within /etc/rc.conf.d/. (r287576) (Sponsored by ScaleEngine, Inc.)

Two new subcommands have been added to the rc(8) subsystem. describe shows an rc script’s description, and extracommands shows any non-standard commands present in an rc script, like reload, configtest, or keygen. (r298515)

/etc/periodic Scripts

The daily periodic(8) script 110.clean-tmps has been updated to avoid crossing filesystem mount boundaries when cleaning files in /tmp. (r271321)

A new periodic(8) script, 510.status-world-kernel, has been added, which evaluates the running userland and kernel versions from the uname(1) -U and -K arguments, and prints an error if the system userland and kernel are not in sync. (r277216) (Sponsored by The FreeBSD Foundation)

Runtime Libraries and API

The Blowfish crypt(3) default format has been changed to $2b$. (r265995)

The readline(3) library is now statically linked in software within the base system, and the shared library is no longer installed, allowing the Ports Collection to use a modern version of the library. (r268461)

The strptime(3) library has been updated to add support for POSIX-2001 features %U and %W. (r272273)

The dl_iterate_phdr(3) library has been changed to always return the path name of the ELF object in the dlpi_name structure member. (r272848) (Sponsored by The FreeBSD Foundation)

The libxo(3) library has been imported to the base system. (r273562) (Sponsored by Juniper Networks, Inc.)

A userland library for Chelsio Terminator 5 based iWARP cards has been added, allowing userland RDMA applications to work over compatible NICs. (r273806) (Sponsored by Chelsio Communications)

The gpio(3) library has been added, providing a wrapper around the gpio(4) kernel interface. (r274987)

The procctl(2) system call has been updated to include a facility for non-http://www.FreeBSD.org/cgi/man.cgi?query=init&sektion=8&manpath=freebsd-release-ports[init(8)] processes to be declared as the reaper of child processes and their decendants. (r275800) (Sponsored by The FreeBSD Foundation)

The futimens() and utimensat() system calls have been added. See utimensat(2) for more information. (r277610)

The elf(3) compile-time dependency has been removed from dtri.o, which allows adding DTrace probes to userland applications and libraries without also linking against elf(3). (r278934)

The setmode(3) function has been updated to consistently set errno on failure. (r279186)

The qsort(3)-related functions have been updated to be able to handle 32-bit aligned data on 64-bit platforms, also providing a significant improvement in 32-bit workloads. (r279663)

Several standard include headers have been updated to make use of gcc attributes, such as result_use_check(), alloc_size(), and __nonnull(). (r281130]

Support for file verification in MAC has been added. (r281845)

The libgomp library is now only built when building GCC from the base system. An up-to-date version is available in the Ports Collection as devel/libiomp5-devel. (r282973) (Sponsored by The FreeBSD Foundation)

The stdlib.h and malloc.h headers have been updated to make use of the gcc alloc_align() attribute. (r282988)

The Blowfish crypt(3) library has been updated to support $2y$ hashes. (r284483) (Sponsored by ScaleEngine, Inc.)

The execl(3) and execlp(3) library functions have been updated to use the __sentinel gcc attribute. (r285277)

ABI Compatibility

The Linux® compatibility version has been updated to 2.6.18. The compat.linux.osrelease sysctl(8) is evaluated when building the emulators/linux-c6 and related ports. (r271982)

The stack protector has been upgraded to the "strong" level, elevating the protection against buffer overflows. While this significantly improves the security of the system, extensive testing was done to ensure there are no measurable side effects in performance or functionality. (r288669)

Kernel

This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.

Kernel Bug Fixes

A kernel bug that inhibited proper functionality of the dev.cpu.0.freq sysctl(8) on Intel® processors with Turbo Boost™ enabled has been fixed. (r265876)

Support for dtrace(1) stack tracing has been fixed for FreeBSD/powerpc, using the trapexit() and asttrapexit() functions instead of checking within addressed kernel space. (r271697)

A kernel panic triggered when destroying a vnet(9) jail(8) configured with gif(4) has been fixed. (r271917)

A kernel panic triggered when destroying a vnet(9) jail(8) configured with gre(4) has been fixed. (r271918)

A bug in ipfw(4) that could potentially lead to a kernel panic when using dummynet(4) at layer 2 has been fixed. (r272089)

The kernel RPC has been updated to include several enhancements: (r280930) (Sponsored by MIT Computer Science & Artificial Intelligence Laboratory)

  • The 45 MiB limit on requests queued for nfsd(8) threads has been removed.

  • Avoids unnecessary throttling by not deferring accounting for completed requests.

  • Fixes an integer overflow and signedness bugs.

Support for dtrace(1) has been added for the PowerPC Book-E™. (r281261)

The kqueue(2) system call has been updated to handle write events to files larger than 2 gigabytes. (r287886) (Sponsored by Multiplay)

Kernel Configuration

The IMAGACT_BINMISC kernel configuration option has been enabled by default, which enables application execution through emulators, such as QEMU via binmiscctl(8). (r266531)

The VT kernel configuration file has been removed, and the vt(4) driver is included in the GENERIC kernel. To enable vt(4), enter set kern.vty=vt at the loader(8) prompt during boot, or add kern.vty=vt to loader.conf(5) and reboot the system. (r268045)

The config(8) utility has been updated to allow using a non-standard src/ tree, specified as an argument to the -s flag. (r277904)

The FreeBSD/powerpc64 kernel now builds as a position-independent executable, allowing the kernel to be loaded into and run from any physical or virtual address. (r277990)

Important:
This change requires an update to loader(8). The userland and kernel must be updated before rebooting the system.

A new module for creating rpi.dtb has been added for the Raspberry Pi. (r278338)

[arm] The rpi.dtb module is now installed to /boot/dtb/ by default for the Raspberry Pi system. (r278340)

Kernel support for Vector-Scalar eXtension (VSX) found on POWER7 and POWER8 hardware has been added. (r279189) (Sponsored by The FreeBSD Foundation)

The pmap(9) implementation for 64-bit PowerPC® processors has been overhaulded to improve concurrency. (r279252) (Sponsored by The FreeBSD Foundation)

A new module for creating the dtb module for ARM AM335x systems has been added. (r279824)

The PAE_TABLES kernel configuration option has been added for FreeBSD/i386, which instructs pmap(9) to use PAE format for page tables while maintaining a 32-bit physical address size elsewhere in the kernel. The use of this option can enhance application-level security by enabling the creation of "no execute" mappings on modern i386 processors. Unlike the PAE option, PAE_TABLES preserves kernel binary interface (KBI) compatibility with non-PAE kernels, allowing non-PAE kernel modules and drivers to work with a PAE_TABLES-enabled kernel. Additionally, system limits are tuned for 4GB maximum RAM, avoiding kernel virtual address space (KVA) exhaustion. (r281495) (Sponsored by The FreeBSD Foundation)

The SIFTR kernel configuration has been added, allowing building siftr(4) statically into the kernel. (r282215)

The ARM boot loader, ubldr, is now relocatable. In addition, ubldr.bin is now created during build time, which is a stripped binary with an entry point of 0, providing the ability to specify the load address by running go ${loadaddr} in u-boot. (r282731)

[amd64,i386] The nvd(4) and nvme(4) drivers are now included in the GENERIC kernel configuration by default. (r282921) (Sponsored by Intel Corporation)

A new kernel configuration option, EM_MULTIQUEUE, has been added which enables multi-queue support in the em(4) driver. (r283959) (Sponsored by Limelight Networks)

Note:
Multi-queue support in the em(4) driver is not officially supported by Intel®.

The GENERIC kernel configuration has been updated to include the IPSEC option by default. (r285142) (Sponsored by Netgate)

Initial NUMA affinity and policy configuration has been added. See numactl(1), and numa_getaffinity(2), for usage details. (r285387) (Sponsored by Norse Corporation, Dell, Inc.)

Note:
If the system BIOS generates an invalid ACPI SRAT table, the kernel will ignore it, effectively disabling NUMA. If dmesg shows "SRAT: Duplicate local APIC ID", try updating the BIOS to fix NUMA support.

Support for running CloudABI executables on amd64 and arm64 has been added. CloudABI is a runtime environment that uses capability-based security exclusively, similar to capsicum(4) always being enabled. It allows designing, implementing and testing strongly sandboxed applications more easily. (r285307)

The pms(4) driver has been added to the GENERIC kernel configuration for supported architectures. (r286231)

The CUBIEBOARD2 kernel configuration has been renamed to A20 to add support for other boards with the A20 processor, such as the Banana Pi. (r287306)

Kernel debugging symbols are now installed to /usr/lib/debug/boot/kernel/. To retain the previous behavior, add KERN_DEBUGDIR="" to src.conf(5). (r288176) (Sponsored by The FreeBSD Foundation)

Support for POSIX asynchronous I/O is now included in the kernel by default. The VFS_AIO kernel option and aio.ko kernel module have been removed. Asynchronous I/O operations on sockets, local files, and disk devices are permitted by default. However, operations on other file types are disabled. See the aio(4) manual page for more details. (r296277) (Sponsored by Chelsio Communications)

[arm64] arm64 has been switched over to using INTRNG by default. (r301565) (Sponsored by The FreeBSD Foundation)

System Tuning and Controls

The hwpmc(4) default and maximum callchain depths have been increased. The default has been increased from 16 to 32, and the maximum increased from 32 to 128. (r275140) (Sponsored by The FreeBSD Foundation)

The kern.osrelease and kern.osreldate are now configurable jail(8) parameters. (r279361)

The devfs(5) device filesystem has been changed to update timestamps for read/write operations using seconds precision. A new sysctl(8), vfs.devfs.dotimes has been added, which when set to a non-zero value, enables default precision timestamps for these operations. (r280949) (Sponsored by iXsystems, The FreeBSD Foundation)

A new sysctl(8), kern.racct.enable, has been added, which when set to a non-zero value allows using rctl(8) with the GENERIC kernel. A new kernel configuration option, RACCT_DISABLED has also been added. (r282213) (Sponsored by The FreeBSD Foundation)

The GENERIC kernel configuration now includes RACCT and RCTL by default. (r282901) (Sponsored by The FreeBSD Foundation)

Note:
To enable RACCT and RCTL on a system using the GENERIC kernel configuration, add kern.racct.enable=1 to loader.conf(5), and reboot the system.

A new sysctl(8), net.inet.tcp.hostcache.purgenow, has been added, which when set to 1 during runtime will flush all net.inet.tcp.hostcache entries. (r283136) (Sponsored by Limelight Networks)

A new sysctl(8), hw.model, has been added, which displays CPU model information. (r285524)

The uart(4) driver has been updated to allow tuning pulses per second captured in the CTS line during runtime, whereas previously only the DCD line could be used without rebuilding the kernel. (r286591)

Devices and Drivers

This section covers changes and additions to devices and device drivers since 10.3-RELEASE.

Device Drivers

Support for GPS ports has been added to uhso(4). (r260903)

The full(4) device has been added, and the lindev(4) device has been removed. Prior to this change, lindev(4) provided only the /dev/full character device, returning ENOSPC on write attempts. As this device is not specific to Linux®, a native FreeBSD version has been added. (r265132)

Hardware context support has been added to the drm/i915 driver, adding support for Mesa 9.2 and later. (r271705)

The vt(4) driver has been updated, replacing the bitmapped kern.vt.spclkeys sysctl(8) with individual kern.vt.kbd_* variants. (r273178)

The hpet(4) driver has been updated to create a /dev/hpetN device, providing access to HPET from userspace. (r273598)

The drm code has been updated to match Linux® version 3.8.13. (r280183)

The psm(4) driver has been updated to include improved support for newer Synaptics® touchpads and the ClickPad® mouse on newer Lenovo™ laptops. (r281440)

Support for the Freescale PCI Root Complex device has been added to FreeBSD/powerpc. (r282783)

The cyapa(4) driver has been added, supporting the Cypress APA I2C trackpad. (r285876)

The isl(4) driver has been added, supporting the Intersil I2C ISL29018 digital ambient light sensor. (r285883)

Storage Drivers

The mpr(4) device has been added, providing support for LSI Fusion-MPT 3 12Gb SCSI/SATA controllers. (r265236) (Sponsored by LSI, Spectra Logic)

The mrsas(4) driver has been added, providing support for LSI MegaRAID SAS controllers. The mfi(4) driver will attach to the controller, by default. To enable mrsas(4) add hw.mfi.mrsas_enable=1 to /boot/loader.conf, which turns off mfi(4) device probing. (r265555) (Sponsored by LSI)

Note:
At this time, the mfiutil(8) utility and the FreeBSD version of MegaCLI and StorCli do not work with mrsas(4).

The ctl(4) subsystem has been updated, increasing the ports limit from 128 to 256, and LUN limit from 256 to 1024. (r275461) (Sponsored by iXsystems)

The asr(4) driver has been removed, and is no longer supported. (r276526)

The hptnr(4) driver has been updated to version 1.1.1. (r281387)

The pms(4) driver has been added, providing support for the PMC Sierra line of SAS/SATA host bus adapters. (r285662)

The ioat(4) driver has been added, providing support for the PSE (Platform Storage Extension). (r287117) (Sponsored by EMC / Isilon Storage Division)

The CTL High Availability implementation has been rewritten. (r287621) (Sponsored by iXsystems)

The ctl(4) driver has been updated to support CD-ROM and removable devices. (r288310)

The isp(4) driver has been updated and improved: added support for 16Gbps FC cards, improved target mode support, completed Multi-ID (NPIV) functionality. (Sponsored by iXsystems)

Network Drivers

Support for Broadcom chipsets BCM57764, BCM57767, BCM57782, BCM57786 and BCM57787 has been added to bge(4). (r258830)

The deprecated nve(4) driver has been removed. Users of NVIDIA nForce MCP network adapters are advised to use the nfe(4) driver instead, which has been the default driver for this hardware since FreeBSD 7.0. (r261975)

The if_nf10bmac(4) device has been added, providing support for NetFPGA-10G Embedded CPU Ethernet Core. (r264601) (Sponsored by DARPA, AFRL)

Note:
The if_nf10bmac(4) driver operates on the FPGA, and is not suited for the PCI host interface.

The ath_hal(4) driver has been updated to support the Atheros AR1111 chipset. (r265348) (Sponsored by Netgate)

The iwn(4) driver was added, providing support for the Intel® Centrino™ Wireless-N 105 and 135 chipsets. (r266770)

Support for the cxgbe(4) Terminator 5 (T5) 10G/40G cards has been added to netmap(4). (r266757) (Sponsored by Chelsio Communications)

The alc(4) driver has been updated to support AR816x and AR817x ethernet controllers. (r272730)

The pf(4) packet filter default hash has been changed from Jenkins to Murmur3, providing a 3-percent performance increase in packets-per-second. (r272906)

The vxlan(4) driver has been added, which creates a virtual Layer 2 (Ethernet) network overlaid in a Layer 3 (IP/UDP) network. The vxlan(4) driver is analogous to vlan(4), but is designed to be better suited for large, multiple-tenant datacenter environments. (r273331)

The gre(4) driver has been significantly overhauled, and has been split into two separate modules, gre(4) and me(4). (r274246) (Sponsored by Yandex LLC)

The ral(4) driver has been updated to support the RT5390 and RT5392 chipsets. (r278551)

The sfxge(4) driver has been updated to support Solarflare Flareon Ultra 7000-series chipsets. (r283514) (Sponsored by Solarflare Communications, Inc.)

The em(4) driver has been updated with improved transmission queue hang detection. (r283923) (Sponsored by Limelight Networks)

The cdce(4) driver has been updated to include support for the RTL8153 chipset. (r284125)

The iwm(4) driver has been imported from OpenBSD, providing support for Intel® 3160/7260/7265 wireless chipsets. (r286441)

The em(4) driver has been updated to allow disabling CRC stripping. (r286829) (Sponsored by Limelight Networks)

The pf(4) implementation has been updated to remove support for the scrub fragment crop|drop-ovl filtering rule. Systems with this rule in pf.conf(5) will implicitly be converted to the scrub fragment reassemble filtering rule, without necessary intervention. (r287222)

The lagg(4) driver has been updated to remove support for the fec protocol. (r288654)

The dummynet(4) driver has been updated to include support for AQM (Active Queue Management), adding support for PIE (Proportional Integral controller Enhanced) and FQ-PIE (Fair Queueing Proportional Integral controller Enhanced). (r300779)

Hardware Support

This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.

Hardware Support

The asmc(4) driver has been updated to support the Apple® MacMini 3,1. (r268303)

Support for FreeBSD/ia64 (Itanium) has been dropped as of FreeBSD 11. (r268351)

An issue that could cause a system to hang when entering ACPI S3 state (suspend to RAM) has been corrected in the acpi(4) and pci(4) drivers. (r274386)

The power management unit subsystem has been updated to support power button events on certain PowerPC hardware, such as aluminum PowerBook . (r274733)

The hwpmc(4) driver has been updated to correct performance counter sampling on PowerPC G4 (MPC74xxx) and G5 class processors. (r275190)

The OpenCrypto framework has been updated to include AES-ICM and AES-GCM modes, both of which have also been added to the aesni(4) driver. (r275732) (Sponsored by The FreeBSD Foundation,Netgate)

[powerpc] The hwpmc(4) driver has been updated to support the Freescale e500 core. (r281713)

The ig4(4) driver has been added, providing support for the fourth generation Intel® I2C SMBus. (r283766)

The uart(4) driver has been updated to support AMT devices on newer systems.

[arm64] Initial SMP support has been added to the FreeBSD/arm64 port. (r285316) (Sponsored by The FreeBSD Foundation)

The enc(4) driver has updated to allow creating an interface via kldload(8) during runtime without requiring additional kernel and/or userland changes. (r291292) (Sponsored by Yandex LLC)

The dtsec(4) driver for Freescale QorIQ SoCs has been added, supporting P2041, P3041, P5010, and P5020 systems. (r296177)

Freescale PowerQUICC and QorIQ systems now support larger address spaces, equivalent to PAE mode on i386. (r297001)

The e500mc and e5500 PowerPC cores are now supported, supporting most QorIQ systems. (r297977)

SMP for Multicore Freescale QorIQ systems now works correctly for SoCs with the AP cores in boot holdoff mode (not in spinloop wait mode). (r298237)

Native PCI-express HotPlug support is enabled by default on amd64, arm64, and powerpc. This feature has exposed compatibility issues on some hardware that result in missing devices or a hang during boot. To work around such issues, run set hw.pci.enable_pcie_hp=0 in the boot loader, and add hw.pci.enable_pcie_hp=0 to /boot/loader.conf. (r299142)

Virtualization Support

Support for the "Virtual Interrupt Delivery" feature of Intel® VT-x is enabled if supported by the CPU. This feature can be disabled by running sysctl hw.vmm.vmx.use_apic_vid=0. Additionally, to persist this setting across reboots, add hw.vmm.vmx.use_apic_vid=0 to /etc/sysctl.conf. (r260410)

Support for "Posted Interrupt Processing" is enabled if supported by the CPU. This feature can be disabled by running sysctl hw.vmm.vmx.use_apic_pir=0. Additionally, to persist this setting across reboots, add hw.vmm.vmx.use_apic_pir=0 to /etc/sysctl.conf. (r260532)

Unmapped IO support has been added to virtio_blk(4). (r260582)

Unmapped IO support has been added to virtio_scsi(4). (r260583)

The virtio_random(4) driver has been added to harvest entropy from the host system. (r260847)

FreeBSD/i386 guests can be run under bhyve. (r261504)

Support for running a FreeBSD/amd64 Xen guest instance as PVH guest has been added. PVH mode, short for "Para-Virtualized Hardware", uses para-virtualized drivers for boot and I/O, and uses hardware virtualization extensions for all other tasks, without the need for emulation. (r267536) (Sponsored by Citrix Systems R&D)

The bhyve(8) hypervisor has been updated to support AMD® processors with SVM and AMD-V hardware extensions. (r273375)

The virtio_console(4) driver has been added, which provides an interface to VirtIO console devices through a tty(4) device. (r273515)

Support for PCI Single Root I/O Virtualization (SR-IOV) has been introduced, allowing the creation of PCI Virtual Functions (VFs) for device drivers that support SR-IOV. See iovctl(8) for details on creating and configuring VFs. (r279463) (Sponsored by Sandvine, Inc.)

The bhyve(8) hypervisor has been updated to support DSM TRIM commands for virtual AHCI disks. (r279957)

[arm] Support for the QEMU virt system has been added. (r281439)

The Hyper-V™ drivers have been updated with several enhancements: (r282212) (Sponsored by Microsoft Open Source Technology Center)

  • The hv_vmbus(4) driver now has multi-channel support.

  • The hv_storvsc(4) driver now has scatter/gather support, in addition to performance improvements.

  • The hv_kvp(4) driver has received several bug fixes.

Support for xen(4) para-virtualized domU kernels has been removed. (r282274)

The hv_netvsc(4) driver has been updated to support checksum offloading and TSO. (r284746) (Sponsored by Microsoft Open Source Technology Center)

The xen(4) blkfront driver has been updated to include support for blkif indirect segment I/O. (r286062)

Indirect segment I/O is enabled by default in the Xen blkfront driver when running on AWS EC2. (r302288)

Native graphics support has been added to the bhyve(8) hypervisor. (r302332)

ARM Support

The nand(4) device is enabled for ARM devices by default. (r260921)

Support for the Exynos 5420 Octa system has been added. (r266943)

The SMP option has been enabled for all Exynos 5 systems supported by FreeBSD. (r267390)

Support for the Toradex Apalis i.MX6 development board has been added. (r268838)

An issue that could cause instability when detecting SD cards on the Raspberry Pi SOC has been fixed. (r273264)

The bcm2835_cpufreq driver has been added, which supports CPU frequency and voltage control on the Raspberry Pi SOC. (r275963)

Support to turn off the BeagleBone Black system with the shutdown(8) -p flag or by invoking poweroff(8) has been added. (r277042)

Audio transmission drivers have been added for Digital Audio Multiplexer (AUDMUXM), Smart Direct Memory Access Controller (SDMA), and Syncronous Serial Interface (SSI). (r277644)

Initial support for the ARM AArch64 architecture has been added. (r280259) (Sponsored by The FreeBSD Foundation)

Kernel support for Thumb-2 userland has been added. (r282779)

Support for the hardware power button on the BeagleBone Black system has been added. (r282827)

Initial ACPI support has been added for FreeBSD/arm64. (r284273) (Sponsored by The FreeBSD Foundation)

Support for 1-Wire devices has been added, providing support for 1-Wire hardware through gpio(4). See ow(4), owc(4), and ow_temp(4) for more information. (r287225)

Support for the HiSilicon HI6220 SoC has been added. (r287371) (Sponsored by ABT Systems, Ltd.)

The second CPU core on Allwinner A20 SoC have been enabled. (r263698)

Support for the Allwinner H3 SoC has been added. (r299688)

Support for X-Powers AXP813 and AXP818 power management integrated circuits have been added. (r299786)

Support for the Allwinner Reduced Serial Bus (RSB) has been added. (r299781)

Support for Allwinner A20 HDMI has been added. (r296064)

Support for GPIO, Sensors and interrupts on AXP209 power management integrated circuits have been added. (r300777)

Storage

This section covers changes and additions to file systems and other storage subsystems, both local and networked.

General Storage

The ctl(4) LUN mapping has been rewritten, replacing iSCSI-specific mapping mechanisms with a new mechanism that works for any port. (r278037) (Sponsored by iXsystems)

The ctld(8) utility has been updated to allow controlling non-iSCSI ctl(4) ports. (r278354) (Sponsored by iXsystems)

The autofs(5) subsystem has been updated to include a new auto_master(5) map, -media, which allows automatically mounting removable media, such as CD drives or USB flash drives. (r275681) (Sponsored by The FreeBSD Foundation)

The autofs(5) subsystem has been updated to include a new auto_master(5) map, -noauto, which handles fstab(5) entries set to noauto. (r279955) (Sponsored by The FreeBSD Foundation)

The GELI class has been updated to support the BIO_DELETE g_bio(9) bio_cmd field, providing TRIM/UNMAP support on GELI-backed SSD storage providers. (r286444)

The camdd(8) utility has been added, which allows copying data sequentially to and from SCSI devices, files, block devices and tape drives. If the source and/or destination is a SCSI disk, camdd(8) can use the asynchronous pass(4) interface to queue multiple I/Os for improved speed. (ATA passthrough support for camdd(8) is in development.) (r291716) (Sponsored by Spectra Logic)

The pass(4) SCSI/ATA passthrough driver now has an asynchronous interface. User applications may queue many requests, get notification of completion via kqueue(2) and retrieve status later. camdd(8) is an example application using the interface. (r291716) (Sponsored by Spectra Logic)

Support for parsing libucl-based configuration files has been added to ctld(8). (r295212) (Sponsored by iXsystems)

The ahci(4) driver has been updated to add NCQ TRIM support for drives that support it. (r298002) (Sponsored by Netflix)

Note:
Drives that advertise this feature but do not properly support it have been blacklisted. Systems experiencing traffic problems with NCQ TRIM enabled can set the kern.cam.ada.%d.quirks tunable to 2 for 512k sectors or 3 for 4096k sectors, replacing %d with the drive number.

The cam(4) driver has been updated to allow I/O scheduling tuning to fit workload and drive characteristics. This option is off by default, and can be enabled by adding option CAM_IOSCHED_ADAPTIVE option to the kernel configuration and recompiling the kernel. (r298002) (Sponsored by Netflix)

The camcontrol(8) command can manually force updating capacity data after a disk gets resized using the reprobe subcommand. (r299371) (Sponsored by The FreeBSD Foundation)

Leading spaces are now stripped off SCSI disk serial numbers when populating the CAM serial number. This affects the output of diskinfo(8) and the names of /dev/diskid/DISK-* device nodes, among other things. (r300880) (Sponsored by Spectra Logic)

Support for managing Shingled Magnetic Recording (SMR) drives has been added. (r300207) (Sponsored by Spectra Logic)

Networked Storage

The new filesystem automount facility, autofs(5), has been added. The new autofs(5) facility is similar to that found in other UNIX®-like operating systems, such as OS X™ and Solaris™. The autofs(5) facility uses a Sun™-compatible auto_master(5) configuration file, and is administered with the automount(8) userland utility, and the automountd(8) and autounmountd(8) daemons. (r270096) (Sponsored by The FreeBSD Foundation)

Support for the timeo, actimeo, noac, and proto options have been added to mount_nfs(8). (r273849) (Sponsored by The FreeBSD Foundation)

The Mellanox implementation of iSER (iSCSI Extensions for RDMA) has been imported. (r300723)

The ability to discover iSCSI targets without having to attach to a target has been added to the iscsictl(8) command. (r301033) (Sponsored by The FreeBSD Foundation)

ZFS

The arc_meta_limit statistics are now visible through the kstat sysctl(8). As a result of this change, the vfs.zfs.arc_meta_used sysctl(8) has been removed, and replaced with the kstat.zfs.misc.arcstats.arc_meta_used sysctl(8). (r275748)

The zfs(8) l2arc code has been updated to take ashift into account when gathering buffers to be written to the l2arc device. (r287099) (Sponsored by ClusterHQ)

Four new resources have been added to rctl(8) to allow throttles to be set on filesystem IO. (r297633) (Sponsored by The FreeBSD Foundation)

The zfsd daemon has been added, which manages hotspares and replements in drive slots that publish physical paths. (r300906) (Sponsored by iXsystems, Spectra Logic)

The minimum and maximum values for the ZFS adaptive replacement cache can be modified at runtime. (r302265) (Sponsored by Multiplay)

geom(4)

Support for the disklabel64 partitioning scheme has been added to gpart(8). (r267359)

Support for the apple-boot, apple-hfs, and apple-ufs MBR partitioning schemes have been added to gpart(8). (r282465)

The gpart(8) utility has been updated to include a new attribute for GPT partitions, lenovofix, which when set, which works around BIOS compatibility issues reported on several Lenovo™ laptops. (r285594) (Sponsored by ScaleEngine, Inc.)

Boot Loader Changes

This section covers the boot loader, boot menu, and other boot-related changes.

Boot Loader Changes

The memory test run at boot time on FreeBSD/amd64 platforms has been disabled by default. (r258431) (Sponsored by The FreeBSD Foundation)

A new ttys(5) class, 3wire, has been added. This is similar to the existing terminal classes, but does not have a defined baudrate. (r262955)

The vt(4) driver has been made the default system console driver. The syscons(4) driver is still available, and can be enabled by adding kern.vty=sc in loader.conf(5). Alternatively, syscons(4) can be enabled at boot time by entering set kern.vty=sc at the loader(8) prompt. (r274085)

Support for bzipfs has been added to the EFI loader. (r279950)

The boot loader has been updated to support entering the GELI passphrase before loading the kernel. To enable this behavior, add geom_eli_passphrase_prompt="YES" to loader.conf(5). (r281616)

[arm] The ttys(5) file for FreeBSD/arm has been updated to enable ttyu1, ttyu2, and ttyu3 by default, if the callin port is an active console port. (r284683) (Sponsored by The FreeBSD Foundation)

The default installation directory for modules has been changed to /boot/modules. (r299393)

Networking

This section describes changes that affect networking in FreeBSD.

Network Protocols

Support for the IPX network transport protocol has been removed, and will not be supported in FreeBSD 11 and later releases. (r263140)

Support for PLPMTUD blackhole detection (RFC 4821) has been added to the tcp(4) stack, disabled by default. New control tunables have been added: (r272720) (Sponsored by Limelight Networks)

Tunable Description

net.inet.tcp.pmtud_blackhole_detection

Enables or disables PLPMTUD blackhole detection

net.inet.tcp.pmtud_blackhole_mss

MSS to try for IPv4

net.inet.tcp.v6pmtud_blackhole_mss

MSS to try for IPv6

New monitoring sysctl(8)s haven been added:

Tunable Description

net.inet.tcp.pmtud_blackhole_activated

Number of times the code was activated to attempt downshifting the MSS

net.inet.tcp.pmtud_blackhole_min_activated

Number of times the blackhole MSS was used in an attempt to downshift

net.inet.tcp.pmtud_blackhole_failed

Number of times that the blackhole failed to connect after downshifting the MSS

Support for IP identification for atomic datagrams (RFC 6864) has been added. Support for this feature can be toggled with the net.inet.ip.rfc6864 sysctl(8), which is enabled by default. (r280971) (Sponsored by Netflix, Nginx, Inc.)

The IPSEC has been updated to include support for AES modes on both software-only and hardware-backed (aesni(4)) systems. (r285336) (Sponsored by Netgate)

The network stack has been updated to fix handling of IPv6 On-Link redirects. (r287798) (Sponsored by Dell, Inc.)

Support to be able to reroot into a NFSv4 volume has been added. (r299848) (Sponsored by The FreeBSD Foundation)

The net.inet.tcp.ecn.enable sysctl mib has been changed from a binary off/on control to a three way setting. (r300240)

Value Description

0

Totally disable ECN.

1

Enable ECN if incoming connections request it. Outgoing connections will request ECN.

2

Enable ECN if incoming connections request it. Outgoing conections will not request ECN.

Dummynet AQM, an independent implementation of CoDel and FQ-CoDel for ipfw/dummynet has been imported to the base system. (r300779)

The unused SIOCSIFALIFETIME_IN6 ioctl has been removed. (r301875)

Release Engineering and Integration

This section convers changes that are specific to the FreeBSD Release Engineering processes.

Integration Changes

The Release Engineering build tools have been updated to include support for producing virtual machine disk images for various cloud hosting providers. (r277458) (Sponsored by The FreeBSD Foundation)

The Release Engineering build tools have been updated to use multi-threaded xz(1). By default, the number of xz(1) threads is set to the number of cores available. (r278926)

The Release Engineering build tools have been updated to include support for building FreeBSD/arm64 virtual machine and memory stick installation images. (r281802) (Sponsored by The FreeBSD Foundation)

The Release Engineering build tools have been updated to support building FreeBSD/arm images without external utilities for supported boards where a corresponding u-boot port exists in the Ports Collection. (r282693) (Sponsored by The FreeBSD Foundation)

The FreeBSD/i386 memory stick installation images are now created using the mkimg(1) utility, matching the way the FreeBSD/amd64 images are created. (r283307) (Sponsored by The FreeBSD Foundation)


Last modified on: June 19, 2021 by Danilo G. Baio