FreeBSD 11.0-RELEASE Release Notes
Abstract
The release notes for FreeBSD 11.0-RELEASE contain a summary of the changes made to the FreeBSD base system on the 11.0-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
Table of Contents
Introduction
This document contains the release notes for FreeBSD 11.0-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 11.0-RELEASE is a release distribution. It can be found at https://www.FreeBSD.org/releases/
or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the Obtaining FreeBSD' appendix to the FreeBSD Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.0-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 10.3-RELEASE. In general, changes described here are unique to the 11.0-STABLE branch unless specifically marked as MERGED features.
Typical release note items document recent security advisories issued after 10.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
Important Notes
This section lists important information for those upgrading from prior FreeBSD releases.
User-facing Changes
As of r303719
, OpenSSH DSA
key generation has been disabled by default. It is important to update OpenSSH keys prior to upgrading. Additionally, Protocol 1
support has been removed.
Upgrading from Previous Releases of FreeBSD
[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, using the instructions in /usr/src/UPDATING
.
For information on upgrading via freebsd-update(8), please see the binary upgrading section
in the Installation page.
Important:
Upgrading FreeBSD should only be attempted after backing up all data and configuration files.
Userland
This section covers changes and additions to userland applications, contributed software, and system utilities.
Userland Configuration Changes
The default newsyslog.conf(5) now includes files in the /etc/newsyslog.conf.d/
and /usr/local/etc/newsyslog.conf.d/
directories for newsyslog(8). (r266463)
The mailwrapper(8) utility has been updated to use mailer.conf(5) from the LOCALBASE
environment variable, which defaults to /usr/local
if unset. (r270675)
The MK_ARM_EABI
src.conf(5) option has been removed and is now the only supported ABI for FreeBSD/arm. (r272350)
The ntp suite has been updated to version 4.2.8p8. (r301247)
/etc/ntp/leap-seconds
has been updated to version 3676752000. (r301247)
The WITH_SYSTEM_COMPILER
src.conf(5) option is enabled by default. (r302177)
Userland Application Changes
When unable to load a kernel module with kldload(8), a message informing to view output of dmesg(8) is now printed, opposed to the previous output "Exec format error.". (r260594)
The pciconf(8) utility can now identify PCI devices that are attached to a driver to be identified by their device name instead of just the selector. Additionally, the -l
flag now accepts an optional device argument to list details about a single device. (r260910)
A new flag, "onifconsole" has been added to /etc/ttys
. This allows the system to provide a login prompt via serial console if the device is an active kernel console, otherwise it is equivalent to off
. (r260913)
Support for displaying VPD for PCI devices via pciconf(8) has been added. (r260926)
The ping(8) utility has been updated to use the Capsicum framework to drop priviliges, protecting against malicious network packets. (r261498)
The ps(1) utility has been updated to include the -J
flag, used to filter output by matching jail(8) IDs and names. Additionally, argument 0
can be used to -J
to only list processes running on the host system. (r265229)
The top(1) utility has been updated to filter by jail(8) ID or name, in followup to the ps(1) change in r265229
. (r265249)
The pmcstat(8) utility has been updated to include a new flag, -l
, which ends event collection after the specified number of seconds. (r266209)
The ps(1) utility has been updated to include a new keyword, "tracer", which displays the PID of the tracing process. (r270745)
The primes(6) utility has been updated to correctly enumerate prime numbers between 4295098369
and 3825123056546413050
. Prior to this change, it was possible for returned values to be incorrectly identified as prime numbers. (r272166)
The mkimg(1) utility has been updated to include three options used to print information about mkimg(1) itself: (r272198)
Option | Output |
---|---|
|
The current version of the mkimg(1) utility |
|
The disk image file formats supported by mkimg(1) |
|
The partition schemes supported by mkimg(1) |
Userland ctf(5) support in dtrace(1) has been added. With this change, dtrace(1) is able to resolve type info for function and USDT probe arguments, and function return values. (r272488)
The elfdump(1) utility has been updated to support capability mode provided by capsicum(4). (r274960)
The fstyp(8) utility has been added, which is used to determine the filesystem on a specified device. (r275680) (Sponsored by The FreeBSD Foundation)
The libedit
library has been updated to support UTF-8, which additionally provides unicode support to sh(1). (r276881)
The mkimg(1) utility has been updated to support the MBR EFI partition type. (r276893) (Sponsored by The FreeBSD Foundation)
The ptrace(2) system call has been updated include support for Altivec registers on FreeBSD/powerpc. (r277166)
A new device control utility, devctl(8) has been added, which allows making administrative changes to individual devices, such as attaching and detaching drivers, and enabling and disabling devices. The devctl(8) utility uses the new devctl(3) library. (r278320)
The netstat(1) utility has been updated to use libxo(3) to optionally generate machine-readable output. (r279122) (Sponsored by Juniper Networks, Inc.)
A new flag, -c
, has been added to the mkimg(1) utility, which allows specifying the capacity of the target disk image. (r279139)
The UEFI Secure Boot signing utility, uefisign(8) utility has been added. (r279315) (Sponsored by The FreeBSD Foundation)
The freebsd-update(8) utility has been updated to prevent fetching updated binary patches when a previous upgrade has not been thoroughly completed. (r279571) (Sponsored by ScaleEngine, Inc.)
A regression in the libarchive(3) library that would prevent a directory from being included in the archive when --one-file-system
is used has been fixed. (r280870)
The ar(1) utility has been updated to set ARCHIVE_EXTRACT_SECURE_SYMLINKS
and ARCHIVE_EXTRACT_SECURE_NODOTDOT
to disallow directory traversal when extracting an archive, similar to tar(1). (r281311) (Sponsored by The FreeBSD Foundation)
A race condition in wc(1) that would cause final results to be sent to stderr(4) when receiving the SIGINFO
signal has been fixed. (r281617)
The chflags(1), chgrp(1), chmod(1), and chown(8) utilities now affect symbolic links when the -R
flag is specified, as documented in symlink(7). (r282208) (Sponsored by Multiplay)
The date(1) utility has been updated to print the modification time of the file passed as an argument to the -r
flag, improving compatibility with the GNU date(1) utility behavior. (r282608)
The pw(8) utility has been updated with a new flag, -R
, that sets the root directory within which the utility will operate. (r283961)
The lockstat(1) utility has been updated with several improvements: (r284297) (Sponsored by ClusterHQ)
-
Spin locks are now reported as the amount of time spinning, instead of loop iterations.
-
Reader locks are now recognized as adaptive that can spin on FreeBSD.
-
Lock aquisition events for successful reader try-lock events are now reported.
-
Spin and block events are now reported before lock acquisition events.
The fstyp(8) utility has been updated to be able to detect zfs(8) and geli(8) filesystems. (r284589) (Sponsored by ScaleEngine, Inc.)
The mkimg(1) utility has been updated to include support for NTFS
filesystems in both MBR and GPT partitioning schemes. (r284883)
The jexec(8) utility has been updated to include a new flag, -l
, which ensures a clean environment in the target jail when used. Additionally, jexec(8) will run a shell within the target jail when run no commands are specified. (r285420)
The w(1) utility has been updated to display the full IPv6 remote address of the host from which a user is connected. (r285550)
The jail(8) framework has been updated to allow mounting linprocfs(5) and linsysfs(5) within a jail. (r285685)
The patch(1) utility has been updated to include a new option to the -V
flag, none
, which disables backup file creation when applying a patch. (r285772) (Sponsored by EMC / Isilon Storage Division)
The ar(1) utility now enables deterministic mode (-D
) by default. This behavior can be disabled by specifying the -U
flag. (r286010) (Sponsored by The FreeBSD Foundation)
The xargs(1) utility has been updated to allow specifying 0
as an argument to the -P
(parallel mode) flag, which allows creating as many concurrent processes as possible. (r286289) (Sponsored by ScaleEngine, Inc.)
The wireless network stack has been modified to no longer show physical wireless devices by default. In order to view available wireless devices on the system, run sysctl net.wlan.devices
. (r287197) (Sponsored by Netflix, Nginx, Inc.)
A new utility, sesutil(8), has been added, which is used to manage ses(4) (SCSI Environmental Services) devices. (r287473) (Sponsored by Gandi.net)
The pciconf(8) utility has been updated to use the PCI ID database from the misc/pciids
package, if present, falling back to the PCI ID database in the FreeBSD base system. (r287522)
The resolver library has been updated to reload /etc/resolv.conf
if the modification time has changed. (r289315) (Sponsored by Dell, Inc.)
The uuencode(1) utility has been updated to include a new flag, -r
, which when used will generate raw output similar the uudecode(1) -r
flag. (r297678)
By default the ifconfig(8) utility will set the default regulatory domain to FCC
on wireless interfaces. As a result, newly created wireless interfaces with default settings will have less chance to violate country-specific regulations. (r300738)
Contributed Software
The binutils suite of utilities has been updated to include upstream patches that add new relocations for powerpc support. (r275718)
The ELF Tool Chain has been updated to upstream revision r3477. (r300698) (Sponsored by The FreeBSD Foundation)
The texinfo utility and info
pages were removed from the base system. The print/texinfo
port should be installed on systems where info
pages are needed. (r276551)
The ELF object manipulation tools addr2line, c++filt, objcopy, nm, readelf, size, strip, and strings were switched to the versions from the ELF Tool Chain project. (r276796) (Sponsored by The FreeBSD Foundation)
The wpa_supplicant(8) and hostapd(8) utilities have been updated to version 2.4. (r281806)
bmake has been updated to version 20150606. (r284254)
Sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by default, i.e., they will not contain "::". For example, instead of "::1", it will be "0:0:0:0:0:0:0:1". This permits a zero subnet to have a more specific match, such as different map entries for IPv6:0:0 versus IPv6:0. This change requires that configuration data (including maps, files, classes, custom ruleset, etc.) must use the same format, so make certain such configuration data is in place before upgrading. As a very simple check search for patterns like 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES
or the cf option UseCompressedIPv6Addresses
. (r285229)
The tcpdump(1) utility has been updated to version 4.7.4. (r285275)
The ssh(1) utility has been updated to re-implement hostname canonicalization before locating the host in known_hosts
. (r285642) (Sponsored by Dell, Inc.)
The libarchive(3) library has been updated to properly skip a sparse file entry in a tar(1) file, which would previously produce errors. (r285972)
The apr library used by svnlite(1) has been updated to version 1.5.2. (r286503)
The serf library used by svnlite(1) has been updated to version 1.3.8. (r286505)
The unbound(8) utility has been updated to version 1.5.4. (r287917)
Timezone data files have been updated to version 2015g. (r290697)
OpenBSM has been updated to version 1.2 alpha 4. (r292432)
Clang has been updated to version 3.8.0. (r296417)
LLVM has been updated to version 3.8.0. (r296417)
LLDB has been updated to version 3.8.0. (r296417)
libc++ has been updated to version 3.8.0. (r296417)
The compiler_rt utility has been updated to version 3.8.0. (r296417)
The resolvconf(8) utility has been updated to version 3.7.3. (r296190) (Sponsored by The FreeBSD Foundation)
OpenSSH has been updated to 7.2p2. (r296633)
The sqlite3 library used by svnlite(1) and kerberos(8) has been updated to version 3.12.1. (r298161)
libucl has been updated to version 0.8.0. (r298166)
The svnlite(1) utility has been updated to version 1.9.4. (r298845)
ACPICA has been updated to version 20160527. (r300879)
The libblacklist(3) library and applications have been ported from the NetBSD Project. Packet filtering support for the pf(4) packet filtering systems has been implemented. The blacklist system provides the blacklistd daemon, the helper script blacklistd-helper to make changes to the running packet filter system and the blacklistctl control program. A selection of system daemons, including: fingerd, ftpd, rlogind, and rshd have been modified to support sending notifications to the blacklistd daemon. (r301169) (Sponsored by The FreeBSD Foundation)
The jemalloc(3) library has been updated to version 4.2.1. (r301718)
Support for the ipfw(4) packet filter has been added to the blacklistd-helper script. (r301736) (Sponsored by The FreeBSD Foundation)
Support for the ipfilter(4) packet filter has been added to the blacklistd-helper script. (r301843) (Sponsored by The FreeBSD Foundation)
SSHv1 support has been removed from OpenSSH. (r303716)
Support for DSA is disabled by default in OpenSSH. (r303719)
OpenSSL has been updated to version 1.0.2i. (r306198)
Installation and Configuration Tools
The bsdinstall(8) partition editor and sade(8) utility have been updated to include native ZFS support. (r271539)
The FreeBSD installation utility, bsdinstall(8), has been updated to set the canmount
zfs(8) property to off
for the /var
dataset, preventing the contents of directories within /var
from conflicting when using multiple boot environments, such as that provided by sysutils/beadm
. (r272274)
The bsdconfig(8) utility has been updated to skip the initial tzsetup(8) UTC versus wall-clock time prompt when run in a virtual machine, determined when the kern.vm_guest
sysctl(8) is set to 1
. (r274394)
The bsdinstall(8) utility has been updated to use the new dpv(3) library to display progress when extracting the FreeBSD distributions. (r275874)
Support for detecting and implementing aligning partitions on 1Mb boundaries has been added to bsdinstall(8). (r285557) (Sponsored by ScaleEngine, Inc.)
Support for detecting and implementing a workaround for various laptops and motherboards that do not boot properly from GPT-partitioned disks has been added to bsdinstall(8). Additionally, the active
flag will be set on the partition when needed. (r285679) (Sponsored by ScaleEngine, Inc.)
Support for selecting the partitioning scheme when installing on the UFS filesystem has been added to bsdinstall(8). (r285679) (Sponsored by ScaleEngine, Inc.)
The bsdinstall(8) utility now supports a "BIOS+UEFI option during installation, supporting systems with UEFI or BIOS/CSM capability. (r298243)
The bsdinstall(8) utility has been updated to include various system hardening options during installation. (r303447)
/etc/rc.d
Scripts
The rc(8) subsystem has been updated to allow configuring services in ${LOCALBASE}/etc/rc.conf.d/
. If LOCALBASE
is unset, it defaults to /usr/local
. (r270676)
A new rc(8) script, growfs
, has been added, which will resize the root filesystem to fill the device on boot if /firstboot
exists and growfs_enable
is enabled in rc.conf(5). (r273955)
The mrouted
rc(8) script has been removed from the base system. An equivalent script is available from the net/mrouted
port. (r275299)
The service(8) utility has been updated to honor entries within /etc/rc.conf.d/
. (r287576) (Sponsored by ScaleEngine, Inc.)
/etc/periodic
Scripts
The daily periodic(8) script 110.clean-tmps
has been updated to avoid crossing filesystem mount boundaries when cleaning files in /tmp
. (r271321)
A new periodic(8) script, 510.status-world-kernel
, has been added, which evaluates the running userland and kernel versions from the uname(1) -U
and -K
arguments, and prints an error if the system userland and kernel are not in sync. (r277216) (Sponsored by The FreeBSD Foundation)
Runtime Libraries and API
The readline(3) library is now statically linked in software within the base system, and the shared library is no longer installed, allowing the Ports Collection to use a modern version of the library. (r268461)
The strptime(3) library has been updated to add support for POSIX-2001 features %U
and %W
. (r272273)
The dl_iterate_phdr(3) library has been changed to always return the path name of the ELF object in the dlpi_name
structure member. (r272848) (Sponsored by The FreeBSD Foundation)
The libxo(3) library has been imported to the base system. (r273562) (Sponsored by Juniper Networks, Inc.)
A userland library for Chelsio Terminator 5 based iWARP cards has been added, allowing userland RDMA applications to work over compatible NICs. (r273806) (Sponsored by Chelsio Communications)
The gpio(3) library has been added, providing a wrapper around the gpio(4) kernel interface. (r274987)
The procctl(2) system call has been updated to include a facility for non-http://www.FreeBSD.org/cgi/man.cgi?query=init&sektion=8&manpath=freebsd-release-ports[init(8)] processes to be declared as the reaper of child processes and their decendants. (r275800) (Sponsored by The FreeBSD Foundation)
The futimens()
and utimensat()
system calls have been added. See utimensat(2) for more information. (r277610)
The elf(3) compile-time dependency has been removed from dtri.o
, which allows adding DTrace probes to userland applications and libraries without also linking against elf(3). (r278934)
The setmode(3) function has been updated to consistently set errno
on failure. (r279186)
The qsort(3)-related functions have been updated to be able to handle 32-bit aligned data on 64-bit platforms, also providing a significant improvement in 32-bit workloads. (r279663)
Several standard include headers have been updated to make use of gcc attributes, such as result_use_check()
, alloc_size()
, and __nonnull()
. (r281130]
Support for file verification in MAC has been added. (r281845)
The libgomp
library is now only built when building GCC from the base system. An up-to-date version is available in the Ports Collection as devel/libiomp5-devel
. (r282973) (Sponsored by The FreeBSD Foundation)
The stdlib.h
and malloc.h
headers have been updated to make use of the gcc alloc_align()
attribute. (r282988)
ABI Compatibility
The Linux® compatibility version has been updated to 2.6.18
. The compat.linux.osrelease
sysctl(8) is evaluated when building the emulators/linux-c6
and related ports. (r271982)
The stack protector has been upgraded to the "strong" level, elevating the protection against buffer overflows. While this significantly improves the security of the system, extensive testing was done to ensure there are no measurable side effects in performance or functionality. (r288669)
Kernel
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
Kernel Bug Fixes
A kernel bug that inhibited proper functionality of the dev.cpu.0.freq
sysctl(8) on Intel® processors with Turbo Boost™ enabled has been fixed. (r265876)
Support for dtrace(1) stack tracing has been fixed for FreeBSD/powerpc, using the trapexit()
and asttrapexit()
functions instead of checking within addressed kernel space. (r271697)
A kernel panic triggered when destroying a vnet(9) jail(8) configured with gif(4) has been fixed. (r271917)
A kernel panic triggered when destroying a vnet(9) jail(8) configured with gre(4) has been fixed. (r271918)
A bug in ipfw(4) that could potentially lead to a kernel panic when using dummynet(4) at layer 2 has been fixed. (r272089)
The kernel RPC has been updated to include several enhancements: (r280930) (Sponsored by MIT Computer Science & Artificial Intelligence Laboratory)
-
The 45 MiB limit on requests queued for nfsd(8) threads has been removed.
-
Avoids unnecessary throttling by not deferring accounting for completed requests.
-
Fixes an integer overflow and signedness bugs.
Kernel Configuration
The IMAGACT_BINMISC
kernel configuration option has been enabled by default, which enables application execution through emulators, such as QEMU via binmiscctl(8). (r266531)
The VT
kernel configuration file has been removed, and the vt(4) driver is included in the GENERIC
kernel. To enable vt(4), enter set kern.vty=vt
at the loader(8) prompt during boot, or add kern.vty=vt
to loader.conf(5) and reboot the system. (r268045)
The config(8) utility has been updated to allow using a non-standard src/
tree, specified as an argument to the -s
flag. (r277904)
The FreeBSD/powerpc64 kernel now builds as a position-independent executable, allowing the kernel to be loaded into and run from any physical or virtual address. (r277990)
Important:
This change requires an update to loader(8). The userland and kernel must be updated before rebooting the system.
A new module for creating rpi.dtb
has been added for the Raspberry Pi. (r278338)
[arm] The rpi.dtb
module is now installed to /boot/dtb/
by default for the Raspberry Pi system. (r278340)
Kernel support for Vector-Scalar eXtension (VSX) found on POWER7 and POWER8 hardware has been added. (r279189) (Sponsored by The FreeBSD Foundation)
The pmap(9) implementation for 64-bit PowerPC® processors has been overhaulded to improve concurrency. (r279252) (Sponsored by The FreeBSD Foundation)
A new module for creating the dtb
module for ARM AM335x systems has been added. (r279824)
The PAE_TABLES
kernel configuration option has been added for FreeBSD/i386, which instructs pmap(9) to use PAE format for page tables while maintaining a 32-bit physical address size elsewhere in the kernel. The use of this option can enhance application-level security by enabling the creation of "no execute" mappings on modern i386 processors. Unlike the PAE
option, PAE_TABLES
preserves kernel binary interface (KBI) compatibility with non-PAE
kernels, allowing non-PAE
kernel modules and drivers to work with a PAE_TABLES
-enabled kernel. Additionally, system limits are tuned for 4GB maximum RAM, avoiding kernel virtual address space (KVA) exhaustion. (r281495) (Sponsored by The FreeBSD Foundation)
The SIFTR
kernel configuration has been added, allowing building siftr(4) statically into the kernel. (r282215)
The ARM boot loader, ubldr
, is now relocatable. In addition, ubldr.bin
is now created during build time, which is a stripped binary with an entry point of 0
, providing the ability to specify the load address by running go ${loadaddr}
in u-boot
. (r282731)
[amd64,i386] The nvd(4) and nvme(4) drivers are now included in the GENERIC
kernel configuration by default. (r282921) (Sponsored by Intel Corporation)
A new kernel configuration option, EM_MULTIQUEUE
, has been added which enables multi-queue support in the em(4) driver. (r283959) (Sponsored by Limelight Networks)
Note:
Multi-queue support in the em(4) driver is not officially supported by Intel®.
The GENERIC
kernel configuration has been updated to include the IPSEC
option by default. (r285142) (Sponsored by Netgate)
Initial NUMA affinity and policy configuration has been added. See numactl(1), and numa_getaffinity(2), for usage details. (r285387) (Sponsored by Norse Corporation, Dell, Inc.)
Note:
If the system BIOS generates an invalid ACPI SRAT table, the kernel will ignore it, effectively disabling NUMA. If dmesg shows "SRAT: Duplicate local APIC ID", try updating the BIOS to fix NUMA support.
Support for running CloudABI executables on amd64 and arm64 has been added. CloudABI is a runtime environment that uses capability-based security exclusively, similar to capsicum(4) always being enabled. It allows designing, implementing and testing strongly sandboxed applications more easily. (r285307)
The pms(4) driver has been added to the GENERIC
kernel configuration for supported architectures. (r286231)
The CUBIEBOARD2
kernel configuration has been renamed to A20
to add support for other boards with the A20
processor, such as the Banana Pi. (r287306)
Kernel debugging symbols are now installed to /usr/lib/debug/boot/kernel/
. To retain the previous behavior, add KERN_DEBUGDIR=""
to src.conf(5). (r288176) (Sponsored by The FreeBSD Foundation)
Support for POSIX asynchronous I/O is now included in the kernel by default. The VFS_AIO
kernel option and aio.ko
kernel module have been removed. Asynchronous I/O operations on sockets, local files, and disk devices are permitted by default. However, operations on other file types are disabled. See the aio(4) manual page for more details. (r296277) (Sponsored by Chelsio Communications)
[arm64] arm64 has been switched over to using INTRNG
by default. (r301565) (Sponsored by The FreeBSD Foundation)
System Tuning and Controls
The hwpmc(4) default and maximum callchain depths have been increased. The default has been increased from 16 to 32, and the maximum increased from 32 to 128. (r275140) (Sponsored by The FreeBSD Foundation)
The devfs(5) device filesystem has been changed to update timestamps for read/write operations using seconds precision. A new sysctl(8), vfs.devfs.dotimes
has been added, which when set to a non-zero value, enables default precision timestamps for these operations. (r280949) (Sponsored by iXsystems, The FreeBSD Foundation)
A new sysctl(8), kern.racct.enable
, has been added, which when set to a non-zero value allows using rctl(8) with the GENERIC
kernel. A new kernel configuration option, RACCT_DISABLED
has also been added. (r282213) (Sponsored by The FreeBSD Foundation)
The GENERIC
kernel configuration now includes RACCT
and RCTL
by default. (r282901) (Sponsored by The FreeBSD Foundation)
Note:
To enable RACCT
and RCTL
on a system using the GENERIC
kernel configuration, add kern.racct.enable=1
to loader.conf(5), and reboot the system.
Devices and Drivers
This section covers changes and additions to devices and device drivers since 10.3-RELEASE.
Device Drivers
The full(4) device has been added, and the lindev(4)
device has been removed. Prior to this change, lindev(4)
provided only the /dev/full
character device, returning ENOSPC
on write attempts. As this device is not specific to Linux®, a native FreeBSD version has been added. (r265132)
Hardware context support has been added to the drm/i915
driver, adding support for Mesa 9.2 and later. (r271705)
The vt(4) driver has been updated, replacing the bitmapped kern.vt.spclkeys
sysctl(8) with individual kern.vt.kbd_*
variants. (r273178)
The hpet(4) driver has been updated to create a /dev/hpetN
device, providing access to HPET from userspace. (r273598)
The drm
code has been updated to match Linux® version 3.8.13. (r280183)
The psm(4) driver has been updated to include improved support for newer Synaptics® touchpads and the ClickPad® mouse on newer Lenovo™ laptops. (r281440)
Support for the Freescale PCI Root Complex device has been added to FreeBSD/powerpc. (r282783)
Storage Drivers
The mpr(4) device has been added, providing support for LSI Fusion-MPT 3 12Gb SCSI/SATA controllers. (r265236) (Sponsored by LSI, Spectra Logic)
The mrsas(4) driver has been added, providing support for LSI MegaRAID SAS controllers. The mfi(4) driver will attach to the controller, by default. To enable mrsas(4) add hw.mfi.mrsas_enable=1
to /boot/loader.conf
, which turns off mfi(4) device probing. (r265555) (Sponsored by LSI)
Note:
At this time, the mfiutil(8) utility and the FreeBSD version of MegaCLI and StorCli do not work with mrsas(4).
The ctl(4) subsystem has been updated, increasing the ports limit from 128
to 256
, and LUN limit from 256
to 1024
. (r275461) (Sponsored by iXsystems)
The asr(4)
driver has been removed, and is no longer supported. (r276526)
The pms(4) driver has been added, providing support for the PMC Sierra line of SAS/SATA host bus adapters. (r285662)
The ioat(4) driver has been added, providing support for the PSE (Platform Storage Extension). (r287117) (Sponsored by EMC / Isilon Storage Division)
The CTL High Availability implementation has been rewritten. (r287621) (Sponsored by iXsystems)
The isp(4) driver has been updated and improved: added support for 16Gbps FC cards, improved target mode support, completed Multi-ID (NPIV) functionality. (Sponsored by iXsystems)
Network Drivers
Support for Broadcom chipsets BCM57764, BCM57767, BCM57782, BCM57786 and BCM57787 has been added to bge(4). (r258830)
The deprecated nve(4) driver has been removed. Users of NVIDIA nForce MCP network adapters are advised to use the nfe(4) driver instead, which has been the default driver for this hardware since FreeBSD 7.0. (r261975)
The if_nf10bmac(4)
device has been added, providing support for NetFPGA-10G Embedded CPU Ethernet Core. (r264601) (Sponsored by DARPA, AFRL)
Note:
The if_nf10bmac(4)
driver operates on the FPGA, and is not suited for the PCI host interface.
The ath_hal(4) driver has been updated to support the Atheros AR1111 chipset. (r265348) (Sponsored by Netgate)
The iwn(4) driver was added, providing support for the Intel® Centrino™ Wireless-N 105 and 135 chipsets. (r266770)
Support for the cxgbe(4) Terminator 5 (T5) 10G/40G cards has been added to netmap(4). (r266757) (Sponsored by Chelsio Communications)
The pf(4) packet filter default hash has been changed from Jenkins
to Murmur3
, providing a 3-percent performance increase in packets-per-second. (r272906)
The vxlan(4) driver has been added, which creates a virtual Layer 2 (Ethernet) network overlaid in a Layer 3 (IP/UDP) network. The vxlan(4) driver is analogous to vlan(4), but is designed to be better suited for large, multiple-tenant datacenter environments. (r273331)
The gre(4) driver has been significantly overhauled, and has been split into two separate modules, gre(4) and me(4). (r274246) (Sponsored by Yandex LLC)
The sfxge(4) driver has been updated to support Solarflare Flareon Ultra 7000-series chipsets. (r283514) (Sponsored by Solarflare Communications, Inc.)
The em(4) driver has been updated with improved transmission queue hang detection. (r283923) (Sponsored by Limelight Networks)
The iwm(4) driver has been imported from OpenBSD, providing support for Intel® 3160/7260/7265 wireless chipsets. (r286441)
The em(4) driver has been updated to allow disabling CRC stripping. (r286829) (Sponsored by Limelight Networks)
The pf(4) implementation has been updated to remove support for the scrub fragment crop|drop-ovl
filtering rule. Systems with this rule in pf.conf(5) will implicitly be converted to the scrub fragment reassemble
filtering rule, without necessary intervention. (r287222)
The dummynet(4) driver has been updated to include support for AQM (Active Queue Management), adding support for PIE (Proportional Integral controller Enhanced) and FQ-PIE (Fair Queueing Proportional Integral controller Enhanced). (r300779)
Hardware Support
This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.
Hardware Support
Support for FreeBSD/ia64 (Itanium) has been dropped as of FreeBSD 11. (r268351)
An issue that could cause a system to hang when entering ACPI S3
state (suspend to RAM) has been corrected in the acpi(4) and pci(4) drivers. (r274386)
The power management unit subsystem has been updated to support power button events on certain PowerPC hardware, such as aluminum PowerBook . (r274733)
The hwpmc(4) driver has been updated to correct performance counter sampling on PowerPC G4 (MPC74xxx) and G5 class processors. (r275190)
The OpenCrypto framework has been updated to include AES-ICM
and AES-GCM
modes, both of which have also been added to the aesni(4) driver. (r275732) (Sponsored by The FreeBSD Foundation,Netgate)
The ig4(4) driver has been added, providing support for the fourth generation Intel® I2C SMBus. (r283766)
The uart(4) driver has been updated to support AMT devices on newer systems.
[arm64] Initial SMP support has been added to the FreeBSD/arm64 port. (r285316) (Sponsored by The FreeBSD Foundation)
The enc(4) driver has updated to allow creating an interface via kldload(8) during runtime without requiring additional kernel and/or userland changes. (r291292) (Sponsored by Yandex LLC)
The dtsec(4)
driver for Freescale QorIQ SoCs has been added, supporting P2041, P3041, P5010, and P5020 systems. (r296177)
Freescale PowerQUICC and QorIQ systems now support larger address spaces, equivalent to PAE mode on i386. (r297001)
The e500mc and e5500 PowerPC cores are now supported, supporting most QorIQ systems. (r297977)
SMP for Multicore Freescale QorIQ systems now works correctly for SoCs with the AP cores in boot holdoff mode (not in spinloop wait mode). (r298237)
Native PCI-express HotPlug support is enabled by default on amd64, arm64, and powerpc. This feature has exposed compatibility issues on some hardware that result in missing devices or a hang during boot. To work around such issues, run set hw.pci.enable_pcie_hp=0
in the boot loader, and add hw.pci.enable_pcie_hp=0
to /boot/loader.conf
. (r299142)
Virtualization Support
Support for the "Virtual Interrupt Delivery" feature of Intel® VT-x is enabled if supported by the CPU. This feature can be disabled by running sysctl hw.vmm.vmx.use_apic_vid=0
. Additionally, to persist this setting across reboots, add hw.vmm.vmx.use_apic_vid=0
to /etc/sysctl.conf
. (r260410)
Support for "Posted Interrupt Processing" is enabled if supported by the CPU. This feature can be disabled by running sysctl hw.vmm.vmx.use_apic_pir=0
. Additionally, to persist this setting across reboots, add hw.vmm.vmx.use_apic_pir=0
to /etc/sysctl.conf
. (r260532)
Unmapped IO support has been added to virtio_blk(4). (r260582)
Unmapped IO support has been added to virtio_scsi(4). (r260583)
The virtio_random(4) driver has been added to harvest entropy from the host system. (r260847)
FreeBSD/i386 guests can be run under bhyve. (r261504)
Support for running a FreeBSD/amd64 Xen guest instance as PVH guest has been added. PVH mode, short for "Para-Virtualized Hardware", uses para-virtualized drivers for boot and I/O, and uses hardware virtualization extensions for all other tasks, without the need for emulation. (r267536) (Sponsored by Citrix Systems R&D)
The bhyve(8) hypervisor has been updated to support AMD® processors with SVM and AMD-V hardware extensions. (r273375)
The virtio_console(4) driver has been added, which provides an interface to VirtIO console devices through a tty(4) device. (r273515)
Support for PCI Single Root I/O Virtualization (SR-IOV) has been introduced, allowing the creation of PCI Virtual Functions (VFs) for device drivers that support SR-IOV. See iovctl(8) for details on creating and configuring VFs. (r279463) (Sponsored by Sandvine, Inc.)
The bhyve(8) hypervisor has been updated to support DSM TRIM
commands for virtual AHCI disks. (r279957)
[arm] Support for the QEMU virt
system has been added. (r281439)
The Hyper-V™ drivers have been updated with several enhancements: (r282212) (Sponsored by Microsoft Open Source Technology Center)
-
The hv_vmbus(4) driver now has multi-channel support.
-
The hv_storvsc(4) driver now has scatter/gather support, in addition to performance improvements.
-
The hv_kvp(4) driver has received several bug fixes.
The hv_netvsc(4) driver has been updated to support checksum offloading and TSO. (r284746) (Sponsored by Microsoft Open Source Technology Center)
The xen(4) blkfront driver has been updated to include support for blkif
indirect segment I/O. (r286062)
Indirect segment I/O is enabled by default in the Xen blkfront driver when running on AWS EC2. (r302288)
ARM Support
Support for the Exynos 5420 Octa system has been added. (r266943)
The SMP option has been enabled for all Exynos 5 systems supported by FreeBSD. (r267390)
Support for the Toradex Apalis i.MX6 development board has been added. (r268838)
An issue that could cause instability when detecting SD cards on the Raspberry Pi SOC has been fixed. (r273264)
The bcm2835_cpufreq
driver has been added, which supports CPU frequency and voltage control on the Raspberry Pi SOC. (r275963)
Support to turn off the BeagleBone Black system with the shutdown(8) -p
flag or by invoking poweroff(8) has been added. (r277042)
Audio transmission drivers have been added for Digital Audio Multiplexer (AUDMUXM), Smart Direct Memory Access Controller (SDMA), and Syncronous Serial Interface (SSI). (r277644)
Initial support for the ARM AArch64 architecture has been added. (r280259) (Sponsored by The FreeBSD Foundation)
Kernel support for Thumb-2 userland has been added. (r282779)
Support for the hardware power button on the BeagleBone Black system has been added. (r282827)
Initial ACPI support has been added for FreeBSD/arm64. (r284273) (Sponsored by The FreeBSD Foundation)
Support for 1-Wire devices has been added, providing support for 1-Wire hardware through gpio(4). See ow(4), owc(4), and ow_temp(4) for more information. (r287225)
Support for the HiSilicon HI6220 SoC has been added. (r287371) (Sponsored by ABT Systems, Ltd.)
The second CPU core on Allwinner A20 SoC have been enabled. (r263698)
Support for the Allwinner H3 SoC has been added. (r299688)
Support for X-Powers AXP813 and AXP818 power management integrated circuits have been added. (r299786)
Support for the Allwinner Reduced Serial Bus (RSB) has been added. (r299781)
Support for Allwinner A20 HDMI has been added. (r296064)
Support for GPIO, Sensors and interrupts on AXP209 power management integrated circuits have been added. (r300777)
Storage
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
General Storage
The ctl(4) LUN mapping has been rewritten, replacing iSCSI-specific mapping mechanisms with a new mechanism that works for any port. (r278037) (Sponsored by iXsystems)
The ctld(8) utility has been updated to allow controlling non-iSCSI ctl(4) ports. (r278354) (Sponsored by iXsystems)
The autofs(5) subsystem has been updated to include a new auto_master(5) map, -media
, which allows automatically mounting removable media, such as CD drives or USB flash drives. (r275681) (Sponsored by The FreeBSD Foundation)
The autofs(5) subsystem has been updated to include a new auto_master(5) map, -noauto
, which handles fstab(5) entries set to noauto
. (r279955) (Sponsored by The FreeBSD Foundation)
The GELI class has been updated to support the BIO_DELETE
g_bio(9) bio_cmd
field, providing TRIM/UNMAP support on GELI-backed SSD storage providers. (r286444)
The camdd(8) utility has been added, which allows copying data sequentially to and from SCSI devices, files, block devices and tape drives. If the source and/or destination is a SCSI disk, camdd(8) can use the asynchronous pass(4) interface to queue multiple I/Os for improved speed. (ATA passthrough support for camdd(8) is in development.) (r291716) (Sponsored by Spectra Logic)
The pass(4) SCSI/ATA passthrough driver now has an asynchronous interface. User applications may queue many requests, get notification of completion via kqueue(2) and retrieve status later. camdd(8) is an example application using the interface. (r291716) (Sponsored by Spectra Logic)
Support for parsing libucl-based configuration files has been added to ctld(8). (r295212) (Sponsored by iXsystems)
The ahci(4) driver has been updated to add NCQ TRIM support for drives that support it. (r298002) (Sponsored by Netflix)
Note:
Drives that advertise this feature but do not properly support it have been blacklisted. Systems experiencing traffic problems with NCQ TRIM enabled can set the kern.cam.ada.%d.quirks
tunable to 2
for 512k sectors or 3
for 4096k sectors, replacing %d
with the drive number.
The cam(4) driver has been updated to allow I/O scheduling tuning to fit workload and drive characteristics. This option is off by default, and can be enabled by adding option CAM_IOSCHED_ADAPTIVE
option to the kernel configuration and recompiling the kernel. (r298002) (Sponsored by Netflix)
The camcontrol(8) command can manually force updating capacity data after a disk gets resized using the reprobe subcommand. (r299371) (Sponsored by The FreeBSD Foundation)
Leading spaces are now stripped off SCSI disk serial numbers when populating the CAM serial number. This affects the output of diskinfo(8) and the names of /dev/diskid/DISK-*
device nodes, among other things. (r300880) (Sponsored by Spectra Logic)
Support for managing Shingled Magnetic Recording (SMR) drives has been added. (r300207) (Sponsored by Spectra Logic)
Networked Storage
The new filesystem automount facility, autofs(5), has been added. The new autofs(5) facility is similar to that found in other UNIX®-like operating systems, such as OS X™ and Solaris™. The autofs(5) facility uses a Sun™-compatible auto_master(5) configuration file, and is administered with the automount(8) userland utility, and the automountd(8) and autounmountd(8) daemons. (r270096) (Sponsored by The FreeBSD Foundation)
Support for the timeo
, actimeo
, noac
, and proto
options have been added to mount_nfs(8). (r273849) (Sponsored by The FreeBSD Foundation)
The Mellanox implementation of iSER (iSCSI Extensions for RDMA) has been imported. (r300723)
The ability to discover iSCSI targets without having to attach to a target has been added to the iscsictl(8) command. (r301033) (Sponsored by The FreeBSD Foundation)
ZFS
The arc_meta_limit
statistics are now visible through the kstat
sysctl(8). As a result of this change, the vfs.zfs.arc_meta_used
sysctl(8) has been removed, and replaced with the kstat.zfs.misc.arcstats.arc_meta_used
sysctl(8). (r275748)
The zfs(8) l2arc
code has been updated to take ashift
into account when gathering buffers to be written to the l2arc
device. (r287099) (Sponsored by ClusterHQ)
Four new resources have been added to rctl(8) to allow throttles to be set on filesystem IO. (r297633) (Sponsored by The FreeBSD Foundation)
The zfsd daemon has been added, which manages hotspares and replements in drive slots that publish physical paths. (r300906) (Sponsored by iXsystems, Spectra Logic)
The minimum and maximum values for the ZFS adaptive replacement cache can be modified at runtime. (r302265) (Sponsored by Multiplay)
geom(4)
Boot Loader Changes
This section covers the boot loader, boot menu, and other boot-related changes.
Boot Loader Changes
The memory test run at boot time on FreeBSD/amd64 platforms has been disabled by default. (r258431) (Sponsored by The FreeBSD Foundation)
A new ttys(5) class, 3wire
, has been added. This is similar to the existing terminal classes, but does not have a defined baudrate. (r262955)
The vt(4) driver has been made the default system console driver. The syscons(4) driver is still available, and can be enabled by adding kern.vty=sc
in loader.conf(5). Alternatively, syscons(4) can be enabled at boot time by entering set kern.vty=sc
at the loader(8) prompt. (r274085)
Support for bzipfs
has been added to the EFI loader. (r279950)
The boot loader has been updated to support entering the GELI passphrase before loading the kernel. To enable this behavior, add geom_eli_passphrase_prompt="YES"
to loader.conf(5). (r281616)
[arm] The ttys(5) file for FreeBSD/arm has been updated to enable ttyu1
, ttyu2
, and ttyu3
by default, if the callin port is an active console port. (r284683) (Sponsored by The FreeBSD Foundation)
The default installation directory for modules has been changed to /boot/modules
. (r299393)
Networking
This section describes changes that affect networking in FreeBSD.
Network Protocols
Support for the IPX network transport protocol has been removed, and will not be supported in FreeBSD 11 and later releases. (r263140)
Support for PLPMTUD blackhole detection (RFC 4821) has been added to the tcp(4) stack, disabled by default. New control tunables have been added: (r272720) (Sponsored by Limelight Networks)
Tunable | Description |
---|---|
|
Enables or disables PLPMTUD blackhole detection |
|
MSS to try for IPv4 |
|
MSS to try for IPv6 |
New monitoring sysctl(8)s haven been added:
Tunable | Description |
---|---|
|
Number of times the code was activated to attempt downshifting the MSS |
|
Number of times the blackhole MSS was used in an attempt to downshift |
|
Number of times that the blackhole failed to connect after downshifting the MSS |
Support for IP identification for atomic datagrams (RFC 6864) has been added. Support for this feature can be toggled with the net.inet.ip.rfc6864
sysctl(8), which is enabled by default. (r280971) (Sponsored by Netflix, Nginx, Inc.)
The IPSEC has been updated to include support for AES modes on both software-only and hardware-backed (aesni(4)) systems. (r285336) (Sponsored by Netgate)
The network stack has been updated to fix handling of IPv6 On-Link redirects. (r287798) (Sponsored by Dell, Inc.)
Support to be able to reroot into a NFSv4 volume has been added. (r299848) (Sponsored by The FreeBSD Foundation)
The net.inet.tcp.ecn.enable sysctl mib has been changed from a binary off/on control to a three way setting. (r300240)
Value | Description |
---|---|
|
Totally disable ECN. |
|
Enable ECN if incoming connections request it. Outgoing connections will request ECN. |
|
Enable ECN if incoming connections request it. Outgoing conections will not request ECN. |
Dummynet AQM, an independent implementation of CoDel and FQ-CoDel for ipfw/dummynet has been imported to the base system. (r300779)
The unused SIOCSIFALIFETIME_IN6
ioctl has been removed. (r301875)
Release Engineering and Integration
This section convers changes that are specific to the FreeBSD Release Engineering processes.
Integration Changes
The Release Engineering build tools have been updated to include support for producing virtual machine disk images for various cloud hosting providers. (r277458) (Sponsored by The FreeBSD Foundation)
The Release Engineering build tools have been updated to use multi-threaded xz(1). By default, the number of xz(1) threads is set to the number of cores available. (r278926)
The Release Engineering build tools have been updated to include support for building FreeBSD/arm64 virtual machine and memory stick installation images. (r281802) (Sponsored by The FreeBSD Foundation)
The Release Engineering build tools have been updated to support building FreeBSD/arm images without external utilities for supported boards where a corresponding u-boot
port exists in the Ports Collection. (r282693) (Sponsored by The FreeBSD Foundation)
Last modified on: June 19, 2021 by Danilo G. Baio