FreeBSD 11.0-RELEASE Release Notes
Abstract
The release notes for FreeBSD 11.0-RELEASE contain a summary of the changes made to the FreeBSD base system on the 11.0-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
Table of Contents
Introduction
This document contains the release notes for FreeBSD 11.0-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 11.0-RELEASE is a release
distribution. It can be found at https://www.FreeBSD.org/releases/
or any of its
mirrors. More information on obtaining this (or other) release
distributions of FreeBSD can be found in the Obtaining
FreeBSD' appendix to the FreeBSD
Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.0-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 10.3-RELEASE. In general, changes described here are unique to the 11.0-STABLE branch unless specifically marked as MERGED features.
Typical release note items document recent security advisories issued after 10.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
Important Notes
This section lists important information for those upgrading from prior FreeBSD releases.
User-facing Changes
As of r303719
, OpenSSH DSA
key
generation has been disabled by default. It is important to update
OpenSSH keys prior to upgrading. Additionally, Protocol
1
support has been removed.
Upgrading from Previous Releases of FreeBSD
[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are supported,
using the instructions in /usr/src/UPDATING
.
For information on upgrading via
freebsd-update(8), please see the binary upgrading
section
in the Installation page.
Important:
Upgrading FreeBSD should only be attempted after backing up
all data and configuration files.
Userland
This section covers changes and additions to userland applications, contributed software, and system utilities.
Userland Configuration Changes
The default
newsyslog.conf(5) now includes files in the
/etc/newsyslog.conf.d/
and
/usr/local/etc/newsyslog.conf.d/
directories for
newsyslog(8).
(r266463)
The
mailwrapper(8) utility has been updated to use
mailer.conf(5) from the LOCALBASE
environment
variable, which defaults to /usr/local
if unset.
(r270675)
The MK_ARM_EABI
src.conf(5) option has been removed and is now the only
supported ABI for FreeBSD/arm.
(r272350)
The ntp suite has been updated to version 4.2.8p8. (r301247)
/etc/ntp/leap-seconds
has been updated to version
3676752000.
(r301247)
The WITH_SYSTEM_COMPILER
src.conf(5) option is enabled by default.
(r302177)
Userland Application Changes
When unable to load a kernel module with kldload(8), a message informing to view output of dmesg(8) is now printed, opposed to the previous output "Exec format error.". (r260594)
The
pciconf(8) utility can now identify PCI devices that are
attached to a driver to be identified by their device name instead
of just the selector. Additionally, the -l
flag now
accepts an optional device argument to list details about a single
device.
(r260910)
A new flag, "onifconsole" has been added to
/etc/ttys
. This allows the system to provide a login
prompt via serial console if the device is an active kernel
console, otherwise it is equivalent to off
.
(r260913)
Support for displaying VPD for PCI devices via pciconf(8) has been added. (r260926)
The ping(8) utility has been updated to use the Capsicum framework to drop priviliges, protecting against malicious network packets. (r261498)
The
ps(1) utility has been updated to include the -J
flag, used to filter output by matching
jail(8) IDs and names. Additionally, argument 0
can be used to -J
to only list processes running on
the host system.
(r265229)
The
top(1) utility has been updated to filter by
jail(8) ID or name, in followup to the
ps(1) change in r265229
.
(r265249)
The
pmcstat(8) utility has been updated to include a new flag,
-l
, which ends event collection after the specified
number of seconds.
(r266209)
The ps(1) utility has been updated to include a new keyword, "tracer", which displays the PID of the tracing process. (r270745)
The
primes(6) utility has been updated to correctly enumerate prime
numbers between 4295098369
and
3825123056546413050
. Prior to this change, it was
possible for returned values to be incorrectly identified as prime
numbers.
(r272166)
The mkimg(1) utility has been updated to include three options used to print information about mkimg(1) itself: (r272198)
Option | Output |
---|---|
|
The current version of the mkimg(1) utility |
|
The disk image file formats supported by mkimg(1) |
|
The partition schemes supported by mkimg(1) |
Userland ctf(5) support in dtrace(1) has been added. With this change, dtrace(1) is able to resolve type info for function and USDT probe arguments, and function return values. (r272488)
The elfdump(1) utility has been updated to support capability mode provided by capsicum(4). (r274960)
The fstyp(8) utility has been added, which is used to determine the filesystem on a specified device. (r275680) (Sponsored by The FreeBSD Foundation)
The libedit
library has been updated to support
UTF-8, which additionally provides unicode support to
sh(1).
(r276881)
The mkimg(1) utility has been updated to support the MBR EFI partition type. (r276893) (Sponsored by The FreeBSD Foundation)
The ptrace(2) system call has been updated include support for Altivec registers on FreeBSD/powerpc. (r277166)
A new device control utility, devctl(8) has been added, which allows making administrative changes to individual devices, such as attaching and detaching drivers, and enabling and disabling devices. The devctl(8) utility uses the new devctl(3) library. (r278320)
The netstat(1) utility has been updated to use libxo(3) to optionally generate machine-readable output. (r279122) (Sponsored by Juniper Networks, Inc.)
A new flag, -c
, has been added to the
mkimg(1) utility, which allows specifying the capacity of the
target disk image.
(r279139)
The UEFI Secure Boot signing utility, uefisign(8) utility has been added. (r279315) (Sponsored by The FreeBSD Foundation)
The freebsd-update(8) utility has been updated to prevent fetching updated binary patches when a previous upgrade has not been thoroughly completed. (r279571) (Sponsored by ScaleEngine, Inc.)
A regression in the
libarchive(3) library that would prevent a directory from being
included in the archive when --one-file-system
is used
has been fixed.
(r280870)
The
ar(1) utility has been updated to set
ARCHIVE_EXTRACT_SECURE_SYMLINKS
and
ARCHIVE_EXTRACT_SECURE_NODOTDOT
to disallow directory
traversal when extracting an archive, similar to
tar(1).
(r281311) (Sponsored by The FreeBSD
Foundation)
A race condition in
wc(1) that would cause final results to be sent to
stderr(4) when receiving the SIGINFO
signal has
been fixed.
(r281617)
The
chflags(1),
chgrp(1),
chmod(1), and
chown(8) utilities now affect symbolic links when the
-R
flag is specified, as documented in
symlink(7).
(r282208) (Sponsored by
Multiplay)
The
date(1) utility has been updated to print the modification time
of the file passed as an argument to the -r
flag,
improving compatibility with the GNU
date(1) utility behavior.
(r282608)
The
pw(8) utility has been updated with a new flag,
-R
, that sets the root directory within which the
utility will operate.
(r283961)
The lockstat(1) utility has been updated with several improvements: (r284297) (Sponsored by ClusterHQ)
-
Spin locks are now reported as the amount of time spinning, instead of loop iterations.
-
Reader locks are now recognized as adaptive that can spin on FreeBSD.
-
Lock aquisition events for successful reader try-lock events are now reported.
-
Spin and block events are now reported before lock acquisition events.
The fstyp(8) utility has been updated to be able to detect zfs(8) and geli(8) filesystems. (r284589) (Sponsored by ScaleEngine, Inc.)
The
mkimg(1) utility has been updated to include support for
NTFS
filesystems in both MBR and GPT partitioning
schemes.
(r284883)
The
jexec(8) utility has been updated to include a new flag,
-l
, which ensures a clean environment in the target
jail when used. Additionally,
jexec(8) will run a shell within the target jail when run no
commands are specified.
(r285420)
The w(1) utility has been updated to display the full IPv6 remote address of the host from which a user is connected. (r285550)
The jail(8) framework has been updated to allow mounting linprocfs(5) and linsysfs(5) within a jail. (r285685)
The
patch(1) utility has been updated to include a new option to
the -V
flag, none
, which disables backup
file creation when applying a patch.
(r285772) (Sponsored by EMC / Isilon
Storage Division)
The
ar(1) utility now enables deterministic mode (-D
)
by default. This behavior can be disabled by specifying the
-U
flag.
(r286010) (Sponsored by The FreeBSD
Foundation)
The
xargs(1) utility has been updated to allow specifying
0
as an argument to the -P
(parallel
mode) flag, which allows creating as many concurrent processes as
possible.
(r286289) (Sponsored by ScaleEngine,
Inc.)
The wireless network stack has been modified to no longer show
physical wireless devices by default. In order to view available
wireless devices on the system, run sysctl
net.wlan.devices
.
(r287197) (Sponsored by Netflix, Nginx,
Inc.)
A new utility, sesutil(8), has been added, which is used to manage ses(4) (SCSI Environmental Services) devices. (r287473) (Sponsored by Gandi.net)
The
pciconf(8) utility has been updated to use the PCI ID database
from the misc/pciids
package, if present, falling back
to the PCI ID database in the FreeBSD base system.
(r287522)
The resolver library has been updated to reload
/etc/resolv.conf
if the modification time has changed.
(r289315) (Sponsored by Dell,
Inc.)
The
uuencode(1) utility has been updated to include a new flag,
-r
, which when used will generate raw output similar
the
uudecode(1) -r
flag.
(r297678)
By default the
ifconfig(8) utility will set the default regulatory domain to
FCC
on wireless interfaces. As a result, newly created
wireless interfaces with default settings will have less chance to
violate country-specific regulations.
(r300738)
Contributed Software
The binutils suite of utilities has been updated to include upstream patches that add new relocations for powerpc support. (r275718)
The ELF Tool Chain has been updated to upstream revision r3477. (r300698) (Sponsored by The FreeBSD Foundation)
The texinfo utility and info
pages were removed
from the base system. The print/texinfo
port should be
installed on systems where info
pages are needed.
(r276551)
The ELF object manipulation tools addr2line, c++filt, objcopy, nm, readelf, size, strip, and strings were switched to the versions from the ELF Tool Chain project. (r276796) (Sponsored by The FreeBSD Foundation)
The wpa_supplicant(8) and hostapd(8) utilities have been updated to version 2.4. (r281806)
bmake has been updated to version 20150606. (r284254)
Sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0
and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by
default, i.e., they will not contain "::". For example, instead of
"::1", it will be "0:0:0:0:0:0:0:1". This permits a zero subnet to
have a more specific match, such as different map entries for
IPv6:0:0 versus IPv6:0. This change requires that configuration
data (including maps, files, classes, custom ruleset, etc.) must
use the same format, so make certain such configuration data is in
place before upgrading. As a very simple check search for patterns
like 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old
behavior, set the m4 option
confUSE_COMPRESSED_IPV6_ADDRESSES
or the cf option
UseCompressedIPv6Addresses
.
(r285229)
The tcpdump(1) utility has been updated to version 4.7.4. (r285275)
The
ssh(1) utility has been updated to re-implement hostname
canonicalization before locating the host in
known_hosts
.
(r285642) (Sponsored by Dell,
Inc.)
The libarchive(3) library has been updated to properly skip a sparse file entry in a tar(1) file, which would previously produce errors. (r285972)
The apr library used by svnlite(1) has been updated to version 1.5.2. (r286503)
The serf library used by svnlite(1) has been updated to version 1.3.8. (r286505)
The unbound(8) utility has been updated to version 1.5.4. (r287917)
Timezone data files have been updated to version 2015g. (r290697)
OpenBSM has been updated to version 1.2 alpha 4. (r292432)
Clang has been updated to version 3.8.0. (r296417)
LLVM has been updated to version 3.8.0. (r296417)
LLDB has been updated to version 3.8.0. (r296417)
libc++ has been updated to version 3.8.0. (r296417)
The compiler_rt utility has been updated to version 3.8.0. (r296417)
The resolvconf(8) utility has been updated to version 3.7.3. (r296190) (Sponsored by The FreeBSD Foundation)
OpenSSH has been updated to 7.2p2. (r296633)
The sqlite3 library used by svnlite(1) and kerberos(8) has been updated to version 3.12.1. (r298161)
libucl has been updated to version 0.8.0. (r298166)
The svnlite(1) utility has been updated to version 1.9.4. (r298845)
ACPICA has been updated to version 20160527. (r300879)
The libblacklist(3) library and applications have been ported from the NetBSD Project. Packet filtering support for the pf(4) packet filtering systems has been implemented. The blacklist system provides the blacklistd daemon, the helper script blacklistd-helper to make changes to the running packet filter system and the blacklistctl control program. A selection of system daemons, including: fingerd, ftpd, rlogind, and rshd have been modified to support sending notifications to the blacklistd daemon. (r301169) (Sponsored by The FreeBSD Foundation)
The jemalloc(3) library has been updated to version 4.2.1. (r301718)
Support for the ipfw(4) packet filter has been added to the blacklistd-helper script. (r301736) (Sponsored by The FreeBSD Foundation)
Support for the ipfilter(4) packet filter has been added to the blacklistd-helper script. (r301843) (Sponsored by The FreeBSD Foundation)
SSHv1 support has been removed from OpenSSH. (r303716)
Support for DSA is disabled by default in OpenSSH. (r303719)
OpenSSL has been updated to version 1.0.2i. (r306198)
Installation and Configuration Tools
The bsdinstall(8) partition editor and sade(8) utility have been updated to include native ZFS support. (r271539)
The FreeBSD installation utility,
bsdinstall(8), has been updated to set the
canmount
zfs(8) property to off
for the /var
dataset, preventing the contents of directories within
/var
from conflicting when using multiple boot
environments, such as that provided by sysutils/beadm
.
(r272274)
The
bsdconfig(8) utility has been updated to skip the initial
tzsetup(8) UTC versus wall-clock time prompt when run in a
virtual machine, determined when the kern.vm_guest
sysctl(8) is set to 1
.
(r274394)
The bsdinstall(8) utility has been updated to use the new dpv(3) library to display progress when extracting the FreeBSD distributions. (r275874)
Support for detecting and implementing aligning partitions on 1Mb boundaries has been added to bsdinstall(8). (r285557) (Sponsored by ScaleEngine, Inc.)
Support for detecting and implementing a workaround for various
laptops and motherboards that do not boot properly from
GPT-partitioned disks has been added to
bsdinstall(8). Additionally, the active
flag will
be set on the partition when needed.
(r285679) (Sponsored by ScaleEngine,
Inc.)
Support for selecting the partitioning scheme when installing on the UFS filesystem has been added to bsdinstall(8). (r285679) (Sponsored by ScaleEngine, Inc.)
The bsdinstall(8) utility now supports a "BIOS+UEFI option during installation, supporting systems with UEFI or BIOS/CSM capability. (r298243)
The bsdinstall(8) utility has been updated to include various system hardening options during installation. (r303447)
/etc/rc.d
Scripts
The
rc(8) subsystem has been updated to allow configuring services
in ${LOCALBASE}/etc/rc.conf.d/
. If
LOCALBASE
is unset, it defaults to
/usr/local
.
(r270676)
A new
rc(8) script, growfs
, has been added, which will
resize the root filesystem to fill the device on boot if
/firstboot
exists and growfs_enable
is
enabled in
rc.conf(5).
(r273955)
The mrouted
rc(8) script has been removed from the base system. An
equivalent script is available from the net/mrouted
port.
(r275299)
The
service(8) utility has been updated to honor entries within
/etc/rc.conf.d/
.
(r287576) (Sponsored by ScaleEngine,
Inc.)
/etc/periodic
Scripts
The daily
periodic(8) script 110.clean-tmps
has been updated
to avoid crossing filesystem mount boundaries when cleaning files
in /tmp
.
(r271321)
A new
periodic(8) script, 510.status-world-kernel
, has
been added, which evaluates the running userland and kernel
versions from the
uname(1) -U
and -K
arguments, and
prints an error if the system userland and kernel are not in sync.
(r277216) (Sponsored by The FreeBSD
Foundation)
Runtime Libraries and API
The readline(3) library is now statically linked in software within the base system, and the shared library is no longer installed, allowing the Ports Collection to use a modern version of the library. (r268461)
The
strptime(3) library has been updated to add support for
POSIX-2001 features %U
and %W
.
(r272273)
The
dl_iterate_phdr(3) library has been changed to always return
the path name of the ELF object in the dlpi_name
structure member.
(r272848) (Sponsored by The FreeBSD
Foundation)
The libxo(3) library has been imported to the base system. (r273562) (Sponsored by Juniper Networks, Inc.)
A userland library for Chelsio Terminator 5 based iWARP cards has been added, allowing userland RDMA applications to work over compatible NICs. (r273806) (Sponsored by Chelsio Communications)
The gpio(3) library has been added, providing a wrapper around the gpio(4) kernel interface. (r274987)
The procctl(2) system call has been updated to include a facility for non-http://www.FreeBSD.org/cgi/man.cgi?query=init&sektion=8&manpath=freebsd-release-ports[init(8)] processes to be declared as the reaper of child processes and their decendants. (r275800) (Sponsored by The FreeBSD Foundation)
The futimens()
and utimensat()
system
calls have been added. See
utimensat(2) for more information.
(r277610)
The
elf(3) compile-time dependency has been removed from
dtri.o
, which allows adding DTrace probes to userland
applications and libraries without also linking against
elf(3).
(r278934)
The
setmode(3) function has been updated to consistently set
errno
on failure.
(r279186)
The qsort(3)-related functions have been updated to be able to handle 32-bit aligned data on 64-bit platforms, also providing a significant improvement in 32-bit workloads. (r279663)
Several standard include headers have been updated to make use
of gcc attributes, such as
result_use_check()
,
alloc_size()
, and __nonnull()
.
(r281130]
Support for file verification in MAC has been added. (r281845)
The libgomp
library is now only built when building
GCC from the base system. An up-to-date version is available in the
Ports Collection as devel/libiomp5-devel
.
(r282973) (Sponsored by The FreeBSD
Foundation)
The stdlib.h
and malloc.h
headers have
been updated to make use of the gcc alloc_align()
attribute.
(r282988)
ABI Compatibility
The Linux® compatibility version has been updated to
2.6.18
. The compat.linux.osrelease
sysctl(8) is evaluated when building the
emulators/linux-c6
and related ports.
(r271982)
The stack protector has been upgraded to the "strong" level, elevating the protection against buffer overflows. While this significantly improves the security of the system, extensive testing was done to ensure there are no measurable side effects in performance or functionality. (r288669)
Kernel
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
Kernel Bug Fixes
A kernel bug that inhibited proper functionality of the
dev.cpu.0.freq
sysctl(8) on Intel® processors with Turbo Boost™ enabled has
been fixed.
(r265876)
Support for
dtrace(1) stack tracing has been fixed for FreeBSD/powerpc,
using the trapexit()
and asttrapexit()
functions instead of checking within addressed kernel space.
(r271697)
A kernel panic triggered when destroying a vnet(9) jail(8) configured with gif(4) has been fixed. (r271917)
A kernel panic triggered when destroying a vnet(9) jail(8) configured with gre(4) has been fixed. (r271918)
A bug in ipfw(4) that could potentially lead to a kernel panic when using dummynet(4) at layer 2 has been fixed. (r272089)
The kernel RPC has been updated to include several enhancements: (r280930) (Sponsored by MIT Computer Science & Artificial Intelligence Laboratory)
-
The 45 MiB limit on requests queued for nfsd(8) threads has been removed.
-
Avoids unnecessary throttling by not deferring accounting for completed requests.
-
Fixes an integer overflow and signedness bugs.
Kernel Configuration
The IMAGACT_BINMISC
kernel configuration option has
been enabled by default, which enables application execution
through emulators, such as QEMU via
binmiscctl(8).
(r266531)
The VT
kernel configuration file has been removed,
and the
vt(4) driver is included in the GENERIC
kernel. To
enable
vt(4), enter set kern.vty=vt
at the
loader(8) prompt during boot, or add kern.vty=vt
to
loader.conf(5) and reboot the system.
(r268045)
The
config(8) utility has been updated to allow using a
non-standard src/
tree, specified as an argument to
the -s
flag.
(r277904)
The FreeBSD/powerpc64 kernel now builds as a position-independent executable, allowing the kernel to be loaded into and run from any physical or virtual address. (r277990)
Important:
This change requires an update to
loader(8). The userland and kernel must be updated before
rebooting the system.
A new module for creating rpi.dtb
has been added
for the Raspberry Pi.
(r278338)
[arm] The rpi.dtb
module is now installed to
/boot/dtb/
by default for the Raspberry Pi system.
(r278340)
Kernel support for Vector-Scalar eXtension (VSX) found on POWER7 and POWER8 hardware has been added. (r279189) (Sponsored by The FreeBSD Foundation)
The pmap(9) implementation for 64-bit PowerPC® processors has been overhaulded to improve concurrency. (r279252) (Sponsored by The FreeBSD Foundation)
A new module for creating the dtb
module for ARM
AM335x systems has been added.
(r279824)
The PAE_TABLES
kernel configuration option has been
added for FreeBSD/i386, which instructs
pmap(9) to use PAE format for page tables while maintaining a
32-bit physical address size elsewhere in the kernel. The use of
this option can enhance application-level security by enabling the
creation of "no execute" mappings on modern i386 processors. Unlike
the PAE
option, PAE_TABLES
preserves
kernel binary interface (KBI) compatibility with
non-PAE
kernels, allowing non-PAE
kernel
modules and drivers to work with a PAE_TABLES
-enabled
kernel. Additionally, system limits are tuned for 4GB maximum RAM,
avoiding kernel virtual address space (KVA) exhaustion.
(r281495) (Sponsored by The FreeBSD
Foundation)
The SIFTR
kernel configuration has been added,
allowing building
siftr(4) statically into the kernel.
(r282215)
The ARM boot loader, ubldr
, is now relocatable. In
addition, ubldr.bin
is now created during build time,
which is a stripped binary with an entry point of 0
,
providing the ability to specify the load address by running
go ${loadaddr}
in u-boot
.
(r282731)
[amd64,i386] The
nvd(4) and
nvme(4) drivers are now included in the GENERIC
kernel configuration by default.
(r282921) (Sponsored by Intel
Corporation)
A new kernel configuration option, EM_MULTIQUEUE
,
has been added which enables multi-queue support in the
em(4) driver.
(r283959) (Sponsored by Limelight
Networks)
Note:
Multi-queue support in the
em(4) driver is not officially supported by Intel®.
The GENERIC
kernel configuration has been updated
to include the IPSEC
option by default.
(r285142) (Sponsored by
Netgate)
Initial NUMA affinity and policy configuration has been added. See numactl(1), and numa_getaffinity(2), for usage details. (r285387) (Sponsored by Norse Corporation, Dell, Inc.)
Note:
If the system BIOS generates an invalid ACPI SRAT table, the kernel
will ignore it, effectively disabling NUMA. If dmesg shows "SRAT:
Duplicate local APIC ID", try updating the BIOS to fix NUMA
support.
Support for running CloudABI executables on amd64 and arm64 has been added. CloudABI is a runtime environment that uses capability-based security exclusively, similar to capsicum(4) always being enabled. It allows designing, implementing and testing strongly sandboxed applications more easily. (r285307)
The
pms(4) driver has been added to the GENERIC
kernel
configuration for supported architectures.
(r286231)
The CUBIEBOARD2
kernel configuration has been
renamed to A20
to add support for other boards with
the A20
processor, such as the Banana Pi.
(r287306)
Kernel debugging symbols are now installed to
/usr/lib/debug/boot/kernel/
. To retain the previous
behavior, add KERN_DEBUGDIR=""
to
src.conf(5).
(r288176) (Sponsored by The FreeBSD
Foundation)
Support for POSIX asynchronous I/O is now included in the kernel
by default. The VFS_AIO
kernel option and
aio.ko
kernel module have been removed. Asynchronous
I/O operations on sockets, local files, and disk devices are
permitted by default. However, operations on other file types are
disabled. See the
aio(4) manual page for more details.
(r296277) (Sponsored by Chelsio
Communications)
[arm64] arm64 has been switched over to using
INTRNG
by default.
(r301565) (Sponsored by The FreeBSD
Foundation)
System Tuning and Controls
The hwpmc(4) default and maximum callchain depths have been increased. The default has been increased from 16 to 32, and the maximum increased from 32 to 128. (r275140) (Sponsored by The FreeBSD Foundation)
The
devfs(5) device filesystem has been changed to update
timestamps for read/write operations using seconds precision. A new
sysctl(8), vfs.devfs.dotimes
has been added, which
when set to a non-zero value, enables default precision timestamps
for these operations.
(r280949) (Sponsored by iXsystems, The
FreeBSD Foundation)
A new
sysctl(8), kern.racct.enable
, has been added,
which when set to a non-zero value allows using
rctl(8) with the GENERIC
kernel. A new kernel
configuration option, RACCT_DISABLED
has also been
added.
(r282213) (Sponsored by The FreeBSD
Foundation)
The GENERIC
kernel configuration now includes
RACCT
and RCTL
by default.
(r282901) (Sponsored by The FreeBSD
Foundation)
Note:
To enable RACCT
and RCTL
on a system
using the GENERIC
kernel configuration, add
kern.racct.enable=1
to
loader.conf(5), and reboot the system.
Devices and Drivers
This section covers changes and additions to devices and device drivers since 10.3-RELEASE.
Device Drivers
The
full(4) device has been added, and the lindev(4)
device has been removed. Prior to this change,
lindev(4)
provided only the /dev/full
character device, returning ENOSPC
on write attempts.
As this device is not specific to Linux®, a native FreeBSD version
has been added.
(r265132)
Hardware context support has been added to the
drm/i915
driver, adding support for Mesa 9.2 and
later.
(r271705)
The
vt(4) driver has been updated, replacing the bitmapped
kern.vt.spclkeys
sysctl(8) with individual kern.vt.kbd_*
variants.
(r273178)
The
hpet(4) driver has been updated to create a
/dev/hpetN
device, providing access to HPET from
userspace.
(r273598)
The drm
code has been updated to match Linux®
version 3.8.13.
(r280183)
The psm(4) driver has been updated to include improved support for newer Synaptics® touchpads and the ClickPad® mouse on newer Lenovo™ laptops. (r281440)
Support for the Freescale PCI Root Complex device has been added to FreeBSD/powerpc. (r282783)
Storage Drivers
The mpr(4) device has been added, providing support for LSI Fusion-MPT 3 12Gb SCSI/SATA controllers. (r265236) (Sponsored by LSI, Spectra Logic)
The
mrsas(4) driver has been added, providing support for LSI
MegaRAID SAS controllers. The
mfi(4) driver will attach to the controller, by default. To
enable
mrsas(4) add hw.mfi.mrsas_enable=1
to
/boot/loader.conf
, which turns off
mfi(4) device probing.
(r265555) (Sponsored by LSI)
Note:
At this time, the
mfiutil(8) utility and the FreeBSD version of MegaCLI and
StorCli do not work with
mrsas(4).
The
ctl(4) subsystem has been updated, increasing the ports limit
from 128
to 256
, and LUN limit from
256
to 1024
.
(r275461) (Sponsored by
iXsystems)
The asr(4)
driver has been removed, and is no
longer supported.
(r276526)
The pms(4) driver has been added, providing support for the PMC Sierra line of SAS/SATA host bus adapters. (r285662)
The ioat(4) driver has been added, providing support for the PSE (Platform Storage Extension). (r287117) (Sponsored by EMC / Isilon Storage Division)
The CTL High Availability implementation has been rewritten. (r287621) (Sponsored by iXsystems)
The isp(4) driver has been updated and improved: added support for 16Gbps FC cards, improved target mode support, completed Multi-ID (NPIV) functionality. (Sponsored by iXsystems)
Network Drivers
Support for Broadcom chipsets BCM57764, BCM57767, BCM57782, BCM57786 and BCM57787 has been added to bge(4). (r258830)
The deprecated nve(4) driver has been removed. Users of NVIDIA nForce MCP network adapters are advised to use the nfe(4) driver instead, which has been the default driver for this hardware since FreeBSD 7.0. (r261975)
The if_nf10bmac(4)
device has been added, providing
support for NetFPGA-10G Embedded CPU Ethernet Core.
(r264601) (Sponsored by DARPA,
AFRL)
Note:
The if_nf10bmac(4)
driver operates on the FPGA, and is
not suited for the PCI host interface.
The ath_hal(4) driver has been updated to support the Atheros AR1111 chipset. (r265348) (Sponsored by Netgate)
The iwn(4) driver was added, providing support for the Intel® Centrino™ Wireless-N 105 and 135 chipsets. (r266770)
Support for the cxgbe(4) Terminator 5 (T5) 10G/40G cards has been added to netmap(4). (r266757) (Sponsored by Chelsio Communications)
The
pf(4) packet filter default hash has been changed from
Jenkins
to Murmur3
, providing a 3-percent
performance increase in packets-per-second.
(r272906)
The vxlan(4) driver has been added, which creates a virtual Layer 2 (Ethernet) network overlaid in a Layer 3 (IP/UDP) network. The vxlan(4) driver is analogous to vlan(4), but is designed to be better suited for large, multiple-tenant datacenter environments. (r273331)
The gre(4) driver has been significantly overhauled, and has been split into two separate modules, gre(4) and me(4). (r274246) (Sponsored by Yandex LLC)
The sfxge(4) driver has been updated to support Solarflare Flareon Ultra 7000-series chipsets. (r283514) (Sponsored by Solarflare Communications, Inc.)
The em(4) driver has been updated with improved transmission queue hang detection. (r283923) (Sponsored by Limelight Networks)
The iwm(4) driver has been imported from OpenBSD, providing support for Intel® 3160/7260/7265 wireless chipsets. (r286441)
The em(4) driver has been updated to allow disabling CRC stripping. (r286829) (Sponsored by Limelight Networks)
The
pf(4) implementation has been updated to remove support for the
scrub fragment crop|drop-ovl
filtering rule. Systems
with this rule in
pf.conf(5) will implicitly be converted to the scrub
fragment reassemble
filtering rule, without necessary
intervention.
(r287222)
The dummynet(4) driver has been updated to include support for AQM (Active Queue Management), adding support for PIE (Proportional Integral controller Enhanced) and FQ-PIE (Fair Queueing Proportional Integral controller Enhanced). (r300779)
Hardware Support
This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.
Hardware Support
Support for FreeBSD/ia64 (Itanium) has been dropped as of FreeBSD 11. (r268351)
An issue that could cause a system to hang when entering ACPI
S3
state (suspend to RAM) has been corrected in the
acpi(4) and
pci(4) drivers.
(r274386)
The power management unit subsystem has been updated to support power button events on certain PowerPC hardware, such as aluminum PowerBook . (r274733)
The hwpmc(4) driver has been updated to correct performance counter sampling on PowerPC G4 (MPC74xxx) and G5 class processors. (r275190)
The OpenCrypto framework has been updated to include
AES-ICM
and AES-GCM
modes, both of which
have also been added to the
aesni(4) driver.
(r275732) (Sponsored by The FreeBSD
Foundation,Netgate)
The ig4(4) driver has been added, providing support for the fourth generation Intel® I2C SMBus. (r283766)
The uart(4) driver has been updated to support AMT devices on newer systems.
[arm64] Initial SMP support has been added to the FreeBSD/arm64 port. (r285316) (Sponsored by The FreeBSD Foundation)
The enc(4) driver has updated to allow creating an interface via kldload(8) during runtime without requiring additional kernel and/or userland changes. (r291292) (Sponsored by Yandex LLC)
The dtsec(4)
driver for Freescale QorIQ SoCs has
been added, supporting P2041, P3041, P5010, and P5020 systems.
(r296177)
Freescale PowerQUICC and QorIQ systems now support larger address spaces, equivalent to PAE mode on i386. (r297001)
The e500mc and e5500 PowerPC cores are now supported, supporting most QorIQ systems. (r297977)
SMP for Multicore Freescale QorIQ systems now works correctly for SoCs with the AP cores in boot holdoff mode (not in spinloop wait mode). (r298237)
Native PCI-express HotPlug support is enabled by default on
amd64, arm64, and powerpc. This feature has exposed compatibility
issues on some hardware that result in missing devices or a hang
during boot. To work around such issues, run set
hw.pci.enable_pcie_hp=0
in the boot loader, and add
hw.pci.enable_pcie_hp=0
to
/boot/loader.conf
.
(r299142)
Virtualization Support
Support for the "Virtual Interrupt Delivery" feature of Intel®
VT-x is enabled if supported by the CPU. This feature can be
disabled by running sysctl hw.vmm.vmx.use_apic_vid=0
.
Additionally, to persist this setting across reboots, add
hw.vmm.vmx.use_apic_vid=0
to
/etc/sysctl.conf
.
(r260410)
Support for "Posted Interrupt Processing" is enabled if
supported by the CPU. This feature can be disabled by running
sysctl hw.vmm.vmx.use_apic_pir=0
. Additionally, to
persist this setting across reboots, add
hw.vmm.vmx.use_apic_pir=0
to
/etc/sysctl.conf
.
(r260532)
Unmapped IO support has been added to virtio_blk(4). (r260582)
Unmapped IO support has been added to virtio_scsi(4). (r260583)
The virtio_random(4) driver has been added to harvest entropy from the host system. (r260847)
FreeBSD/i386 guests can be run under bhyve. (r261504)
Support for running a FreeBSD/amd64 Xen guest instance as PVH guest has been added. PVH mode, short for "Para-Virtualized Hardware", uses para-virtualized drivers for boot and I/O, and uses hardware virtualization extensions for all other tasks, without the need for emulation. (r267536) (Sponsored by Citrix Systems R&D)
The bhyve(8) hypervisor has been updated to support AMD® processors with SVM and AMD-V hardware extensions. (r273375)
The virtio_console(4) driver has been added, which provides an interface to VirtIO console devices through a tty(4) device. (r273515)
Support for PCI Single Root I/O Virtualization (SR-IOV) has been introduced, allowing the creation of PCI Virtual Functions (VFs) for device drivers that support SR-IOV. See iovctl(8) for details on creating and configuring VFs. (r279463) (Sponsored by Sandvine, Inc.)
The
bhyve(8) hypervisor has been updated to support DSM
TRIM
commands for virtual AHCI disks.
(r279957)
[arm] Support for the QEMU virt
system has been
added.
(r281439)
The Hyper-V™ drivers have been updated with several enhancements: (r282212) (Sponsored by Microsoft Open Source Technology Center)
-
The hv_vmbus(4) driver now has multi-channel support.
-
The hv_storvsc(4) driver now has scatter/gather support, in addition to performance improvements.
-
The hv_kvp(4) driver has received several bug fixes.
The hv_netvsc(4) driver has been updated to support checksum offloading and TSO. (r284746) (Sponsored by Microsoft Open Source Technology Center)
The
xen(4) blkfront driver has been updated to include support for
blkif
indirect segment I/O.
(r286062)
Indirect segment I/O is enabled by default in the Xen blkfront driver when running on AWS EC2. (r302288)
ARM Support
Support for the Exynos 5420 Octa system has been added. (r266943)
The SMP option has been enabled for all Exynos 5 systems supported by FreeBSD. (r267390)
Support for the Toradex Apalis i.MX6 development board has been added. (r268838)
An issue that could cause instability when detecting SD cards on the Raspberry Pi SOC has been fixed. (r273264)
The bcm2835_cpufreq
driver has been added, which
supports CPU frequency and voltage control on the Raspberry Pi SOC.
(r275963)
Support to turn off the BeagleBone Black system with the
shutdown(8) -p
flag or by invoking
poweroff(8) has been added.
(r277042)
Audio transmission drivers have been added for Digital Audio Multiplexer (AUDMUXM), Smart Direct Memory Access Controller (SDMA), and Syncronous Serial Interface (SSI). (r277644)
Initial support for the ARM AArch64 architecture has been added. (r280259) (Sponsored by The FreeBSD Foundation)
Kernel support for Thumb-2 userland has been added. (r282779)
Support for the hardware power button on the BeagleBone Black system has been added. (r282827)
Initial ACPI support has been added for FreeBSD/arm64. (r284273) (Sponsored by The FreeBSD Foundation)
Support for 1-Wire devices has been added, providing support for 1-Wire hardware through gpio(4). See ow(4), owc(4), and ow_temp(4) for more information. (r287225)
Support for the HiSilicon HI6220 SoC has been added. (r287371) (Sponsored by ABT Systems, Ltd.)
The second CPU core on Allwinner A20 SoC have been enabled. (r263698)
Support for the Allwinner H3 SoC has been added. (r299688)
Support for X-Powers AXP813 and AXP818 power management integrated circuits have been added. (r299786)
Support for the Allwinner Reduced Serial Bus (RSB) has been added. (r299781)
Support for Allwinner A20 HDMI has been added. (r296064)
Support for GPIO, Sensors and interrupts on AXP209 power management integrated circuits have been added. (r300777)
Storage
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
General Storage
The ctl(4) LUN mapping has been rewritten, replacing iSCSI-specific mapping mechanisms with a new mechanism that works for any port. (r278037) (Sponsored by iXsystems)
The ctld(8) utility has been updated to allow controlling non-iSCSI ctl(4) ports. (r278354) (Sponsored by iXsystems)
The
autofs(5) subsystem has been updated to include a new
auto_master(5) map, -media
, which allows
automatically mounting removable media, such as CD drives or USB
flash drives.
(r275681) (Sponsored by The FreeBSD
Foundation)
The
autofs(5) subsystem has been updated to include a new
auto_master(5) map, -noauto
, which handles
fstab(5) entries set to noauto
.
(r279955) (Sponsored by The FreeBSD
Foundation)
The GELI class has been updated to support the
BIO_DELETE
g_bio(9) bio_cmd
field, providing TRIM/UNMAP
support on GELI-backed SSD storage providers.
(r286444)
The camdd(8) utility has been added, which allows copying data sequentially to and from SCSI devices, files, block devices and tape drives. If the source and/or destination is a SCSI disk, camdd(8) can use the asynchronous pass(4) interface to queue multiple I/Os for improved speed. (ATA passthrough support for camdd(8) is in development.) (r291716) (Sponsored by Spectra Logic)
The pass(4) SCSI/ATA passthrough driver now has an asynchronous interface. User applications may queue many requests, get notification of completion via kqueue(2) and retrieve status later. camdd(8) is an example application using the interface. (r291716) (Sponsored by Spectra Logic)
Support for parsing libucl-based configuration files has been added to ctld(8). (r295212) (Sponsored by iXsystems)
The ahci(4) driver has been updated to add NCQ TRIM support for drives that support it. (r298002) (Sponsored by Netflix)
Note:
Drives that advertise this feature but do not properly support it
have been blacklisted. Systems experiencing traffic problems with
NCQ TRIM enabled can set the kern.cam.ada.%d.quirks
tunable to 2
for 512k sectors or 3
for
4096k sectors, replacing %d
with the drive number.
The
cam(4) driver has been updated to allow I/O scheduling tuning
to fit workload and drive characteristics. This option is off by
default, and can be enabled by adding option
CAM_IOSCHED_ADAPTIVE
option to the kernel configuration and
recompiling the kernel.
(r298002) (Sponsored by
Netflix)
The camcontrol(8) command can manually force updating capacity data after a disk gets resized using the reprobe subcommand. (r299371) (Sponsored by The FreeBSD Foundation)
Leading spaces are now stripped off SCSI disk serial numbers
when populating the CAM serial number. This affects the output of
diskinfo(8) and the names of /dev/diskid/DISK-*
device nodes, among other things.
(r300880) (Sponsored by Spectra
Logic)
Support for managing Shingled Magnetic Recording (SMR) drives has been added. (r300207) (Sponsored by Spectra Logic)
Networked Storage
The new filesystem automount facility, autofs(5), has been added. The new autofs(5) facility is similar to that found in other UNIX®-like operating systems, such as OS X™ and Solaris™. The autofs(5) facility uses a Sun™-compatible auto_master(5) configuration file, and is administered with the automount(8) userland utility, and the automountd(8) and autounmountd(8) daemons. (r270096) (Sponsored by The FreeBSD Foundation)
Support for the timeo
, actimeo
,
noac
, and proto
options have been added
to
mount_nfs(8).
(r273849) (Sponsored by The FreeBSD
Foundation)
The Mellanox implementation of iSER (iSCSI Extensions for RDMA) has been imported. (r300723)
The ability to discover iSCSI targets without having to attach to a target has been added to the iscsictl(8) command. (r301033) (Sponsored by The FreeBSD Foundation)
ZFS
The arc_meta_limit
statistics are now visible
through the kstat
sysctl(8). As a result of this change, the
vfs.zfs.arc_meta_used
sysctl(8) has been removed, and replaced with the
kstat.zfs.misc.arcstats.arc_meta_used
sysctl(8).
(r275748)
The
zfs(8) l2arc
code has been updated to take
ashift
into account when gathering buffers to be
written to the l2arc
device.
(r287099) (Sponsored by
ClusterHQ)
Four new resources have been added to rctl(8) to allow throttles to be set on filesystem IO. (r297633) (Sponsored by The FreeBSD Foundation)
The zfsd daemon has been added, which manages hotspares and replements in drive slots that publish physical paths. (r300906) (Sponsored by iXsystems, Spectra Logic)
The minimum and maximum values for the ZFS adaptive replacement cache can be modified at runtime. (r302265) (Sponsored by Multiplay)
geom(4)
Boot Loader Changes
This section covers the boot loader, boot menu, and other boot-related changes.
Boot Loader Changes
The memory test run at boot time on FreeBSD/amd64 platforms has been disabled by default. (r258431) (Sponsored by The FreeBSD Foundation)
A new
ttys(5) class, 3wire
, has been added. This is
similar to the existing terminal classes, but does not have a
defined baudrate.
(r262955)
The
vt(4) driver has been made the default system console driver.
The
syscons(4) driver is still available, and can be enabled by
adding kern.vty=sc
in
loader.conf(5). Alternatively,
syscons(4) can be enabled at boot time by entering set
kern.vty=sc
at the
loader(8) prompt.
(r274085)
Support for bzipfs
has been added to the EFI
loader.
(r279950)
The boot loader has been updated to support entering the GELI
passphrase before loading the kernel. To enable this behavior, add
geom_eli_passphrase_prompt="YES"
to
loader.conf(5).
(r281616)
[arm] The
ttys(5) file for FreeBSD/arm has been updated to enable
ttyu1
, ttyu2
, and ttyu3
by
default, if the callin port is an active console port.
(r284683) (Sponsored by The FreeBSD
Foundation)
The default installation directory for modules has been changed
to /boot/modules
.
(r299393)
Networking
This section describes changes that affect networking in FreeBSD.
Network Protocols
Support for the IPX network transport protocol has been removed, and will not be supported in FreeBSD 11 and later releases. (r263140)
Support for PLPMTUD blackhole detection (RFC 4821) has been added to the tcp(4) stack, disabled by default. New control tunables have been added: (r272720) (Sponsored by Limelight Networks)
Tunable | Description |
---|---|
|
Enables or disables PLPMTUD blackhole detection |
|
MSS to try for IPv4 |
|
MSS to try for IPv6 |
New monitoring sysctl(8)s haven been added:
Tunable | Description |
---|---|
|
Number of times the code was activated to attempt downshifting the MSS |
|
Number of times the blackhole MSS was used in an attempt to downshift |
|
Number of times that the blackhole failed to connect after downshifting the MSS |
Support for IP identification for atomic datagrams (RFC 6864)
has been added. Support for this feature can be toggled with the
net.inet.ip.rfc6864
sysctl(8), which is enabled by default.
(r280971) (Sponsored by Netflix, Nginx,
Inc.)
The IPSEC has been updated to include support for AES modes on both software-only and hardware-backed (aesni(4)) systems. (r285336) (Sponsored by Netgate)
The network stack has been updated to fix handling of IPv6 On-Link redirects. (r287798) (Sponsored by Dell, Inc.)
Support to be able to reroot into a NFSv4 volume has been added. (r299848) (Sponsored by The FreeBSD Foundation)
The net.inet.tcp.ecn.enable sysctl mib has been changed from a binary off/on control to a three way setting. (r300240)
Value | Description |
---|---|
|
Totally disable ECN. |
|
Enable ECN if incoming connections request it. Outgoing connections will request ECN. |
|
Enable ECN if incoming connections request it. Outgoing conections will not request ECN. |
Dummynet AQM, an independent implementation of CoDel and FQ-CoDel for ipfw/dummynet has been imported to the base system. (r300779)
The unused SIOCSIFALIFETIME_IN6
ioctl has been
removed.
(r301875)
Release Engineering and Integration
This section convers changes that are specific to the FreeBSD Release Engineering processes.
Integration Changes
The Release Engineering build tools have been updated to include support for producing virtual machine disk images for various cloud hosting providers. (r277458) (Sponsored by The FreeBSD Foundation)
The Release Engineering build tools have been updated to use multi-threaded xz(1). By default, the number of xz(1) threads is set to the number of cores available. (r278926)
The Release Engineering build tools have been updated to include support for building FreeBSD/arm64 virtual machine and memory stick installation images. (r281802) (Sponsored by The FreeBSD Foundation)
The Release Engineering build tools have been updated to support
building FreeBSD/arm images without external utilities for
supported boards where a corresponding u-boot
port
exists in the Ports Collection.
(r282693) (Sponsored by The FreeBSD
Foundation)
Last modified on: June 19, 2021 by Danilo G. Baio