Index: head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml =================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml (revision 47072) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml (revision 47073) @@ -1,3141 +1,3142 @@ April-June 2015
Introduction This is a draft of the April–June 2015 status report. Please check back after it is finalized, and an announcement email is sent to the &os;-Announce mailing list.

?>

The second quarter of 2015, from April to June, was another period of busy activity for &os;. This report is the largest we have published so far.

The cluster and release engineering teams continued to improve the structures that support &os;'s build, maintenance, and installation. Projects ran the gamut from security and speed improvements to virtualization and storage appliances. New kernel drivers and capabilities were added, while work to make &os; run on various ARM architectures continued at a rapid pace. The Ports Collection grew, even while adding capabilities and fixing problems. Outside projects like pkgsrc have become interested in adding support. Documentation was a major focus, one that is often complimented by people new to &os;. BSDCan 2015 was a great success, turning many hours of sleep deprivation into an even greater amount of inspiration.

As always, a great deal of this activity was directly sponsored by the Foundation. The project's status as a first-class operating system owes a great deal to the Foundation's past and ongoing work.

The number and detail of these reports really gives only a tiny glimpse of all that is happening. A huge portion of &os; development takes place all the time, including bug fixes, feature improvements, rewrites, and imports of new code. This ongoing work is difficult, time-consuming, and, far too often, unrecognized. We should take a moment to consider and thank not just the contributors listed here, but also the end users, bug submitters, port maintainers, coders, security analysts, infrastructure defenders, tinkerers, scientists, designers, questioners, answerers, rule makers, testers, documenters, sysadmins, dogmatists, iconoclasts, and crazed geniuses who make &os; such an effective and useful operating system. If you are reading this, you are one of these people, too. Thank you.

—Warren Block

This status report was compiled by Benjamin Kaduk and Warren Block. Please submit status reports for the third quarter of 2015 (July to September) by October 1, 2015.

team &os; Team Reports proj Projects kern Kernel arch Architectures bin Userland Programs ports Ports doc Documentation gsoc Google Summer of Code misc Miscellaneous New Documentation Committers &os; Documentation Engineering Team doceng@FreeBSD.org &os; Porter's Handbook &os; Web Site FreeBSD Foundation Web Site

Two new documentation committers were added to the team in the second quarter of 2015.

Mathieu Arnold is a member of the &os; Ports Management Team. Over the past year, he has worked on many large and complex updates to keep the Porter's Handbook current, and continues to update this important document.

Anne Dickison is Marketing Director for the FreeBSD Foundation. She will focus on updating and improving the &os; main web site.

We welcome both new committers and look forward to their additional contributions!

 Documentation Working Group at BSDCan &os; Documentation Team freebsd-doc@FreeBSD.org BSDCan reStructured Text Markdown AsciiDoc &os; Wiki &os; Web Site Annotator Annotator Backend Stores

During the Developer Summit held in the two days before BSDCan, a documentation working group meeting was held. We discussed some of the biggest opportunities available to the documentation team.

Modernizing our translation system was, again, a major topic. Making it easier for translators to do their work is vitally important. Translations make &os; much more accessible for non-English speakers, and those people and the translators themselves often become valuable technical contributors in other areas. Progress was made in this area, and we hope to have more news soon.

Methods of making it easier for people to contribute to documentation was another major topic. At present, we use DocBook XML for articles and books, and mdoc(7) for man pages. These markup languages are not very welcoming for new users. There are simpler documentation markup languages like reStructured Text (RST), Markdown, and AsciiDoc that take less time to learn and use. In fact, these markup systems are all similar to each other. These systems tend to be more oriented towards visual appearance rather than the semantic markup of our present systems, although there might be ways to work around that.

Following the theme of making contributing easier, we also discussed whether access to the &os; Wiki can be more easily granted, facilitating user contributions. After the wiki was set up, automated account creation abuse forced access to be limited. It is tricky to allow submissions yet keep the quality of submitted information usefully high.

Due to the markup systems used, it is difficult to review documents for the quality of their information. Annotator is a Javascript system that allows adding notes to an existing web page. This would allow us to hold content-only reviews of documentation web pages. Reviewers would not see markup, so they could concentrate only on whether the information was accurate and complete. To use this as desired, we need some help with ports and testing.

Complete a port for the backend storage component of Annotator. Preferably this would be the lowest overhead and most open-licensed version available. Assistance from those familiar with Python and Javascript web development is welcome.

 &os; Support in <tt>pkgsrc</tt> Sevan Janiyan venture37@geeklan.co.uk pkgsrc home page BulkTracker: Track bulk build status Blog posts on pkgsrc

pkgsrc is a fork of the &os; Ports Collection by the NetBSD project with a focus on portability and multi-platform support. At present, pkgsrc supports building packages on 23 different platforms from a single tree, including &os;

While pkgsrc is not a replacement for ports in most use cases, it holds a unique position in mixed-platform environments where software needs to be the same version across all systems and built in a consistent manner, saving the user from having to resort to manually building programs or re-implementing a mechanism to do so.

With the recent 2015Q2 release earlier this month, it is now possible to generate over 14000 packages on FreeBSD 10.1-RELEASE (up from 12800 last quarter).

Work is in progress to add pkg support to pkgsrc.

Improve platform support to skip libusb on &os; where libusb is bundled in base. This is causing the biggest breakage at the moment.

Expand the effort to the -STABLE and -CURRENT branches and, if possible, architectures other than amd64. Contributing shell access to such machines would be helpful (an unprivileged account is sufficient).

 ZFS Support for UEFI Boot/Loader Eric McCorkle emc2@metricspace.net

UEFI-enabled boot1.efi and loader.efi have been modified to support loading and booting from a ZFS filesystem. The patch currently works with buildworld, and successfully boots on a test machine with a ZFS partition. In addition, the ZFS-enabled loader.efi can be treated as a chainloader using ZFS-enabled GRUB.

The work on boot1.efi also reorganizes the code somewhat, splitting out the filesystem-specific parts into a modular framework.

More testing is needed for the following use cases: ZFS with GRUB+loader.efi, ZFS with boot1+loader.efi, UFS with boot1+loader.efi (to test the modularization of boot1.efi)

Have boot1.efi check partition type GUIDs before probing for filesystems.

Get patch accepted upstream and committed.

 Xfce on FreeBSD &os; Xfce Team xfce@FreeBSD.org &os; Xfce Project &os; Xfce Repository

Xfce is a free software desktop environment for Unix and Unix-like platforms, such as &os;. It aims to be fast and lightweight, while still being visually appealing and easy to use.

During this quarter, the team has kept these applications up-to-date:

Mathieu Arnold (mat@) committed PR 197878, updating the Xfce section in the Porter's Handbook.

We also follow the unstable releases (available in our experimental repository) of:

Create documentation for the usage of sysutils/xfce4-power-manager (it needs some love, PR 199166).

Some hidden features were introduced in the 1.5.1 release, and as we also support ConsoleKit2 (a fork of sysutils/consolekit), help for users is required.

 FreeBSD Mastery: ZFS Now Available Michael Lucas mwlucas@michaelwlucas.com FreeBSD Mastery: ZFS Michael W. Lucas

The first ZFS book is now available at your favorite bookstore. Find a whole bunch of links at zfsbook.com.

Work is proceeding apace on "FreeBSD Mastery: Advanced ZFS" and "FreeBSD Mastery: Specialty Filesystems." Lucas hopes to have FMAZ complete and available before the next status report.

 The FreeBSD German Documentation Project Björn Heidotting bhd@FreeBSD.org Johann Kois jkois@FreeBSD.org Benedict Reuschling bcr@FreeBSD.org Main German Documentation Project page How you can help with German translations

The &os; German Documentation project maintains the German translations of &os;'s documents such as the Handbook and the website.

In the second quarter of 2015, we managed to catch up with the translation work of the Handbook. Two chapters are now back in sync with their English reference chapters: filesystems and ZFS. The former was mainly done by Björn Heidotting as part of his mentee process. The latter was done by Benedict Reuschling, with valuable corrections by Björn.

Additionally, we updated many of our translation markers from pre-SVN times. This will help us get an overview of the outstanding work in each chapter. We are working on integrating this into our website using a script, so people can see which chapters need the most work or are most up-to-date.

Johann made efforts to update the &os; Documentation Project Primer as well, so that translators willing to help us can read the information in German. He also made efforts to revive the Documentation Project website, which was previously hosted elsewhere, but disappeared. Now, it is tied into the German FreeBSD.org website again and has the same look and feel.

Occasionally, people contact us and offer their help with the translation effort. We are happy to help newcomers get to know everything about the translation process and look forward to more contributions. Even small updates make a big difference and if you are considering helping, please contact us.

Continue translating the Handbook and website into German.

Integrate a script that shows outstanding work into the German documentation webpages.

 Multiqueue Testing Tiwei Bie btw@FreeBSD.org Hiren Panchasara hiren@FreeBSD.org Multiqueue Testing Project

The aim of this project is to design and implement an infrastructure to validate that a number of the network stack's multiqueue behaviours are as expected.

It mainly consists of extending tap(4) to provide the same RSS behaviours as the hardware multiqueue network cards, developing simple test applications using multiqueue tap(4) and socket(2), adding hooks in each layer of the network stack to collect the per-ring per-cpu per-layer statistics, and extending netstat(1) to report these statistics.

At present, most parts of this project have been implemented. The focus is on the code review, and API/KPI freeze.

Google Summer Of Code 2015 &os; Release Engineering Team &os; Release Engineering Team re@FreeBSD.org &os; 10.2-RELEASE schedule &os; development snapshots &os; development snapshots announcements list

The &os; Release Engineering Team is responsible for setting and publishing release schedules for official project releases of &os;, announcing code freezes, and maintaining the respective branches, among other things.

The &os; 10.2-RELEASE cycle began in mid-June, with the final release expected to be available in late August, and as this quarterly status update shows, &os; 10.2-RELEASE is going to be a very exciting release.

The &os; Release Engineering Team has been extremely busy this quarter, with much of the focus targeted at adding support for additional hardware and integration with third-party hosting providers (aka "cloud" hosting).

Following up on the work done by &a.andrew; to port &os; to the arm64 (aarch64) architecture, the Release Engineering build tools were updated to produce &os;/aarch64 memory stick images and virtual machine images for use with Qemu (emulators/qemu-devel). At present, the Qemu virtual machine images require an external EFI file to boot. Details on how to boot &os;/aarch64 virtual machine images are available in the linked &os; development snapshot announcement email archives.

Last quarter, several parts of the build tools were rewritten to allow greater extensibility and granularity, which has simplified the code required for new virtual machine images.

In collaboration with several developers, the Release Engineering build tools were updated to provide new support for several hosting providers, as well as provide mechanisms to automatically upload (and publish, where possible) &os; virtual machine images.

This quarter, in addition to the existing support for the Microsoft Azure platform, the build tools also natively support:

The &os; Release Engineering Team would like to thank these developers for all of the work that went into making this possible, and would like to especially thank &a.marcel; for all of his work on the mkimg(1) utility, especially for adding support for the various file formats requested.

In addition to the enhancements to the virtual machine build tools, a significant amount of work went into refactoring the build code used to produce &os;/arm images.

With much of the logic resembling how the Crochet utility (written by &a.kientzle;) works, and a significant amount of work, input, and advice from &a.ian;, &a.imp;, &a.andrew;, &a.loos;, and a large number of contributors on the freebsd-arm@FreeBSD.org mailing list, the &os; Release Engineering tools now natively support producing &os;/arm images without external build tools.

At present, the build tools support building &os;/arm images for:

The &os; Release Engineering Team would like to thank each of these people for their support and input, and would like to especially thank &a.kientzle; for his work on Crochet. Without it, we might not have been able to produce images for the various boards that we are able to now.

For more information on what else has changed in &os; since 10.1-RELEASE, see the &os; 10.1-STABLE release notes (which will become the release notes for 10.2-RELEASE).

Additionally, &a.gjb; would like to thank Jim Thompson for providing a BeagleBone Black board (replacing one that no longer worked), and Benjamin Perrault for providing a PandaBoard ES, both of which are used for locally testing the images produced by the build tools.

Last, and certainly not least, &a.gjb; would also like to thank the &os; Foundation for their support, and for providing the resources (time and hardware) required to make all of the items mentioned in this status report possible.

The FreeBSD Foundation BSDCan 2015 Dan Langille dvl@FreeBSD.org BSDCan 2015 BSDCan 2015 Video Playlist

BSDCan, a conference for people working on and with 4.4BSD-based operating systems and related projects, was held in Ottawa, Ontario on June 12 and 13. A two-day &os; developer summit event preceded it on June 10 and 11.

This was the largest BSDCan ever, with over 280 attendees, up by more than 40 people over the 2014 event. There were a record number of speakers and talks. An additional room and "track" was added to provide even more choices for concurrent talks on both days of the conference. Social media response to the whole conference has been very positive.

The keynote talk by Stephen Bourne was very popular. So popular, in fact, that the main conference room could not hold all the attendees. An overflow room with live video was set up to hold the extra people. The video of the presentation has had over 6300 views in the first twelve days.

Andrew Tanenbaum's talk on reimplementing NetBSD using a MicroKernel was so well-attended it was standing room only.

There were many other excellent talks, and we recommend browsing through the playlist in the links above.

Activity was not limited to the talks. Each night, the "Hacker Lounge" was used by developers to cooperate and interact on projects. Embedded projects were popular this year, as FreeBSD was installed directly on wireless routers.

The very successful and well-attended closing event, held at the Lowerton Brewery, provided an elegant closure to the whole conference.

We would like to thank everyone who made BSDCan 2015 such a success, and look forward to next year!

 Adding PCIe Hot-plug Support John-Mark Gurney jmg@FreeBSD.org PCIe Hot-plug P4 Branch Commit adding bridge save/restore. Github branch with patches

PCI Express (PCIe) hot-plug is used on both laptops and servers to allow peripheral devices to be added or removed while the system is running. Laptops commonly include hot-pluggable PCIe as either an ExpressCard slot or a Thunderbolt interface. ExpressCard has built in USB support that is already supported by &os;, but ExpressCard PCIe devices like Gigabit Ethernet adapters and eSATA cards are only supported when they are present at boot, and removal may cause &os; to crash.

The goal of this project is to allow these devices to be inserted and removed while &os; is running. The work will provide the basic infrastructure to support adding and removing devices, though it is expected that additional work will be needed to update individual drivers to support hot-plug.

Current testing is focused on getting a simple UART device functional. Basic hot swap is functional.

A set of the patches is now available on github.com.

The FreeBSD Foundation

Get suspend/resume functional by save/restoring necessary registers. This should be addressed by r281874.

Make sure that upon suspend, devices are removed so that any hardware changes made while the machine is suspended are correctly handled.

Improve how state transitions are handled, possibly by using a proper state machine.

 Leap Seconds Article Warren Block wblock@FreeBSD.org Leap Seconds Article

As the leap second scheduled for the end of June approached, Bartek Rutkowski and others raised questions about how &os; handled leap seconds. Leap seconds have caused serious problems for other operating systems in the last few years, and there was understandable concern.

It was reasonably pointed out that &os; had encountered leap seconds before, and would be fine this time also. Still, the absence of reported problems is not really a substitute for a description of what to expect and how to know if a system is prepared.

To address concerns and also provide a resource for future leap seconds, several experts were pestered relentlessly, with the results compiled into a short article. Beyond merely allaying fears about what might happen, this article received positive responses on the web for how it demonstrated &os;'s maturity and preparedness.

Great thanks for their patience and expertise are owed to Peter Jeremy, Poul-Henning Kamp, Ian Lepore, Xin LI, Warner Losh, and George Neville-Neil.

Compile other short articles on things that &os; does really well. Of particular interest are features that make life easier for sysadmins, or how problems on other systems are dealt with or even made non-problems on &os;.

 The &os; Core Team &os; Core Team core@FreeBSD.org

The &os; Core Team constitutes the project's "Board of Directors", responsible for deciding the project's overall goals and direction as well as managing specific areas of the &os; project landscape.

In order to help attract fresh developer talent to &os;, Core has a general policy to make available an up-to-the-minute suite of developer tools and services. Core has long been encouraging &os; committers to make full use of the project's Phabricator instance at https://reviews.FreeBSD.org, and now has supported the Phabricator admins in opening access to anyone interested enough to sign up for an account.

Further developments under consideration include setting up a FreeBSD.org OAuth 2 provider and permitting OAuth-style Single Sign-On access to most FreeBSD web-based services. Developers and members of the public would additionally be able to use credentials from other providers such as GitHub, Twitter, or Google to authenticate themselves to &os; web services.

Mark Murray raised a problem he has been having for some time with getting adequate security review of his proposed changes to random(9). This is an extremely security sensitive area of the kernel where errors can have disastrous consequences. Core has been able to drum up a number of reviewers and they have made significant progress in simplifying the design, eliminating some difficult portions of code, and reducing any potential attack surface. Work is still ongoing and Core remains open to the idea of bringing in external reviewers with specialist cryptographic knowledge.

Dag-Erling Smørgrav resigned as Security Officer towards the end of May. Core was sorry to see him step down, but unanimously pleased to welcome his nominee and former deputy, Xin Li, as his successor. Xin has since appointed Gleb Smirnoff (who also happens to be a current member of core) as his new deputy. Between them and Core they have some fairly radical ideas under discussion about how to improve the project's responsiveness to security issues.

In mid-June, a change to style(9) was proposed, and resulted in much lively discussion. Warner Losh conducted an informal poll with Phabricator and the change was approved and committed within a couple of days. Unfortunately, complaints were raised about the timing and voting methods and Core was called upon to arbitrate. The change was backed out voluntarily, a new poll was held with more time to vote, and the change was approved.

During this period we had two new commit bits awarded, and one taken in for safekeeping. Welcome aboard to Chris Torek and Mariusz Zaborski, and we were very sorry indeed to see Steve Kargl decide to call it a day.

 CloudABI: Capability-Based Runtime Environment Ed Schouten ed@FreeBSD.org CloudABI on GitHub FreeBSD patchset on GitHub

CloudABI is a compact UNIX-like runtime environment that is purely based on capability-based security (Capsicum). All features that are incompatible with this model have been removed. Advantages of using a pure capability-based environment include improved security, testability, and reusability. CloudABI should make it possible to run arbitrary third-party executables directly on top of &os; without any impact on system security, making it a good building block for a cluster/cloud computing setup. See the project on GitHub for a more detailed explanation.

Last month I added a number of packages for the &os; Ports tree. We now have a full C/C++ cross compiler that can be installed very easily (devel/cloudabi-toolchain). I also imported a tool called cloudabi-run that can be used to start programs safely, only granting access to files and network sockets listed in the program's configuration file (sysutils/cloudabi-utils).

I have also imported some kernelspace modifications into the &os; source tree for executing CloudABI programs. After all of these changes have been imported, just loading a kernel module will allow executing CloudABI programs. Right now, the "cloudabi" branch on GitHub is still required.

Nuxi, the Netherlands

Polish up the kernelspace modifications and send them out for review.

Complete the Linux and NetBSD kernel patchsets and send those out to the respective maintainers.

 Sleep States Enhancements on <tt>x86</tt> Konstantin Belousov kib@FreeBSD.org Commit r282678

The ACPI specication defines CPU Cx states, which are idle states. Methods to enter the state and miscellaneous information like the state-leave latency are returned by the _CST ACPI method. To save energy and reduce useless heating, the operating system enters a Cx state when the CPU has no work to do. C0 is the non-idle state, while C1, C2, and C3 (defined by ACPI) each represent an idle state with sequentially more energy saving, but also with higher latency of leave and possibly greater secondary costs. For example, C1 is entered by executing the HLT instruction and has no architecturally visible side effects, while entering C3 drops the CPU cache and usually requires special chipset programming to correctly handle requests from I/O devices to the CPU. Do not confuse Cx, Px and Sx: Cx states are only meaningful when the system is in the fully operational state S0; Px states are only meaningful when the system is not in the idle state, C0.

Modern Intel CPUs enter Cx (x >= 1) states with the dedicated instruction MWAIT, which enters a specified low-power state until a specific write is observed by the CPU bus logic. There is a complimentary MONITOR instruction to set the monitored bus address. The legacy port I/O method of entering Cx state is emulated by CPU microcode, which intercepts the port I/O and executes MWAIT internally. Using MWAIT as the method of entering Cx requires following processor-specific procedures, which are communicated to the operating system by the vendor-specific extensions in _CST. The operating system must indicate readiness to support MWAIT when calling _CST. Claimed benefits of using MWAIT are reduced latencies of leaving the idle state, and visibility of more deep states than defined by the common ACPI specification. Still, modern Intel platforms report deep states as C2 to avoid the not needed bus-mastering avoidance.

The new code asks ACPI for the Intel vendor-specific _CST extensions, parses them, and uses MWAIT Cx entrance methods when available. The change was committed as r282678 to HEAD.

For Linux, Intel provides a driver which does not depend on the ACPI tables to use MWAIT for entering Cx states. For all Intel CPUs after Core2, the driver contains the description of the Cx mode latencies and quirks, eliminating dependency on correct BIOS information, since the BIOS information is often incorrect. The approach of porting the Linux driver was considered by several people, but all evaluators independently concluded that the project cannot maintain such an approach without direct involvement from Intel.

During the work, around 500 lines of identical code between the i386 and amd64 versions of idle handling were moved to a common location x86/x86/cpu_machdep.c. Now the i386 and amd64 machdep.c files contain only unique machine-dependent routines. This advance depended on John Baldwin's elimination of the unmaintained Xen PVM i386 port.

The FreeBSD Foundation Rewritten PCID Support Konstantin Belousov kib@FreeBSD.org Commit r282684

A Process-Context Identifier (PCID) is a performance-enhancing feature of the Translation Lookaside Buffer (TLB) on Intel processors, introduced with the Sandy Bridge micro-architecture. It allows the TLB to simultaneously cache translation information for several address spaces, and gives an opportunity for the operating system context switch code to avoid flushing the TLB upon process switch. Each cached translation is tagged with some context identifier, and at context switch time, the operating system instructs the processor which context is becoming active. The feature slightly reduces context switch time by avoiding TLB flushes, and more importantly, reduces the warm-up period for a thread after context switch.

&os; already used PCID, but the existing implementation had several shortcomings. The amd64 pmap (the machine-dependent portion of the virtual memory subsystem) maintained a bitmap of all CPUs which ever loaded a translation for the given address space, and avoided TLB flush on the context switch. The bitmap was used to direct Inter-Processor Interrupts to the marked CPU when the operating system needed to perform TLB invalidation. The most significant deficiency of the old implementation was the increase of TLB invalidation IPIs, since the bitmap could only grow until a full TLB shootdown was performed. It increased the TLB rate, which negated the positive effects of avoiding TLB flushes on large machines. Secondarily, the bitmap maintenance in both the pmap and the context code was quite complicated, leading to bugs. These issues resulted in the PCID feature being disabled by default.

The new PCID implementation uses an algorithm described in the U. Vahalia book "UNIX Internals: The New Frontiers". The algorithm is already used, for example, by the MIPS pmap for assigning Address Space Identifiers (ASIDs) to software-managed TLB entries. The pmap maintains a per-CPU generation count, which is assigned to the next unused PCID when the context is activated on CPU. TLB invalidation includes resetting the generation count, which causes reallocation of the PCID when a context switch is performed. As result, the new implementation issues exactly the same amount of shootdown IPIs as a pmap which does not utilize PCID.

Another change included with the PCID rewrite is a move of the address space switching code from assembler to C source, making the algorithm easier to understand and validate.

Measurements done with hwpmc(4) on a Haswell machine indicated that the new implementation reduced the TLB miss rate by up to 10 times, without an increase in TLB shootdown IPIs.

The rewrite was committed to HEAD at r282684.

Note: AMD processors do not have the PCID feature for host paging (AMD provides ASIDs for SVM use). But it is likely that AMD processors do cache TLB translations for different address spaces transparently, and snoop writes to the page tables to invalidate the caches.

The FreeBSD Foundation Mellanox iSCSI Extensions For RDMA (iSER) Support Max Gurtovoy maxg@mellanox.com Sagi Grimberg sagig@mellanox.com iser-freebsd on GitHub

Building on the new in-kernel iSCSI initiator stack released in &os; 10.0 and the recently added iSCSI offload interface, Mellanox Technologies has begun developing iSCSI extensions for RDMA (iSER) initiator support to enable efficient data movement using the hardware offload capabilities of Mellanox's 10, 40, 56 and 100 Gigabit IB/Ethernet adapters.

Remote Direct Memory Access (RDMA) has been shown to have a great value for storage applications. RDMA infrastructure provides benefits such as Zero-Copy, CPU offload, Reliable transport, Fabric consolidation, and many more. The iSER protocol eliminates some of the bottlenecks in the traditional iSCSI/TCP stack, provides low latency and high throughput, and is well suited for latency aware workloads.

This work includes a new ICL module that implements the iSER initiator. The iSCSI stack is slightly modified to support some extra features such as asynchronous IO completions, unmapped data buffers, and data-transfer offloads. The user will be able to choose iSER as the iSCSI transport with iscsictl.

The project is in its beta phase. Recent additions include:

In addition, the iser driver has been and continues to be thoroughly tested. The test suite includes:

The code is ready for inclusion and will be released under the BSD license.

Mellanox Technologies Root Remount Edward Tomasz Napierała trasz@FreeBSD.org

One of the long missing features of &os; was the ability to boot with a temporary rootfs, configure the kernel to be able to access the real rootfs, and then replace the temporary root with the real one. In Linux, the functionality is known as pivot_root. The reroot project aims to provide similar functionality in a different, slightly more user-friendly way: rerooting. Simply put, from the user point of view it looks like the system performs a partial shutdown, killing all processes and unmounting the rootfs, and then partial bringup, mounting the new rootfs, running init, and running the startup scripts as usual.

The project is in the late implementation phase. A working prototype was written, and work is in process to rewrite it in an architecturally nicer way.

The FreeBSD Foundation

Complete debugging

 Ports Collection Frederic Culot portmgr-secretary@FreeBSD.org &os; Ports Management Team portmgr@FreeBSD.org The Ports Collection Contributing to Ports &os; Ports Monitoring System Ports Management Team portmgr Blog portmgr on Twitter portmgr on Facebook portmgr on Google+

As of the end of the second quarter, the ports tree holds nearly 25,000 ports and the PR count is about 1,800. Once again, the tree saw more activity than during the previous quarter, with almost 8,000 commits performed by 153 active committers. On the other hand, the number of problem reports closed decreased slightly, with a bit less than 1,700 problem reports fixed.

In the second quarter, several commit bits were taken in for safekeeping, following an inactivity period of more than 18 months (clsung, dhn, obrien, tmseck), or on committer's request (sahil). Two new developers were granted a ports commit bit (Michael Moll - mmoll@, and Bernard Spil - brnrd@).

On the management side, pgollucci@ started his four-month term as portmgr-lurker in June, and no changes were made to the portmgr team during the second quarter.

This quarter also saw the release of the second quarterly branch, namely 2015Q2. On this branch, 39 committers applied 305 patches, which is more than twice as many updates as during the last quarter.

On the quality assurance side, 30 exp-runs were performed to validate sensitive updates or cleanups. Amongst those noticeable changes are the update to pkg 1.5.4, three new USES (waf, gnustep, jpeg), the Perl default switch to 5.20, Ruby to 2.1.6, Firefox 38.0.6, and Chromium 43.0.2357.130.

As in the previous quarter, a tremendous amount of work was done on the tree to update major ports and to close even more PRs than in 2015 Q1, but as always, any additional help is greatly appreciated!

 OpenBSM Robert Watson rwatson@FreeBSD.org Christian Brueffer brueffer@FreeBSD.org TrustedBSD audit mailing list trustedbsd-audit@TrustedBSD.org OpenBSM: Open Source Basic Security Module (BSM) Audit Implementation openbsm on GitHub

OpenBSM is a BSD-licensed implementation of Sun's Basic Security Module (BSM) API and file format. It is the user space side of the CAPP Audit implementations in &os; and Mac OS X. Additionally, the audit trail processing tools are expected to work on Linux.

After a period of dormancy, the project is slowly picking up steam again. The OpenBSM source code repository was migrated from &os;'s Perforce server to GitHub. We hope this will make the code more accessible and stimulate outside contributions. In addition to the repository migration, automated build testing using Travis CI has been enabled, and initial steps towards a new test release have been made.

Test the code on GitHub on different releases of Mac OS X - and Linux

+ and Linux. Especially testing on Mac OS X 10.9 (Mavericks) + and newer would be greatly appreciated.

 Address Space Layout Randomization (ASLR) Shawn Webb shawn.webb@hardenedbsd.org Oliver Pinter oliver.pinter@hardenedbsd.org HardenedBSD core@hardenedbsd.org HardenedBSD True Stack Randomization Announcing ASLR Completion Call for Donations SoldierX

HardenedBSD is a downstream distribution of &os; aimed at implementing exploit mitigation and security technologies. The HardenedBSD development team has focused on several key features, one being Address Space Layout Randomization (ASLR). ASLR is a computer security technique that aids in mitigating low-level vulnerabilities such as buffer overflows. ASLR randomizes the memory layout of running applications to prevent an attacker from knowing where a given vulnerability lies in memory.

This last quarter, the HardenedBSD team has finalized the core implementation of ASLR. We implemented true stack randomization along with a random stack gap. This change allows us to apply 42 bits of entropy to the stack, the highest of any operating system. We bumped the hardening.pax.aslr.stack_len sysctl(8) to 42 by default on amd64.

We also now randomize the Virtual Dynamic Shared Object (VDSO). The VDSO is one or more pages of memory shared between the kernel and the userland. On amd64, it contains the signal trampoline and timing code (gettimeofday(4), for example).

With these two changes, the ASLR implementation is now complete. There are still tasks to work on, however. We need to update our documentation and enhance a few pieces of code. Our ASLR implementation is in use in production by HardenedBSD and is performing robustly.

Additionally, we are currently running a fundraiser to help us establish a not-for-profit organization and for hardware updates. We have received a lot of help from the community and we greatly appreciate the help. We need further help to take the project to the next level. We look forward to working with the &os; project in providing excellent security.

SoldierX

Update the aslr(4) manpage and the wiki page.

Improve the Shared Object load order feature with Michael Zandi's improvements.

Re-port the ASLR work to vanilla &os;. Include the custom work requested by &os; developers.

Close the existing review on Phabricator.

Open multiple smaller reviews for pieces of the ASLR patch that can be split out logically.

Perform a special backport to HardenedBSD 10-STABLE for OPNSense to pull in.

golang segfaults in HardenedBSD. Help would be nice in debugging.

 OPNsense Franco Fichtner franco@opnsense.org Ad Schellevis ad@opnsense.org Jos Schellevis jos@opnsense.org OPNsense website OPNsense source code

OPNsense is a fork of pfSense that aims to follow &os;'s code base and ecosystem quickly and closely while retaining the parent's powerful firewall capabilities. The new 15.7 release includes efforts such as firmware upgrades and packaging fully based on pkg, weekly security updates, the replacement of ALTQ-based traffic shaping with IPFW/dummynet, and production-ready LibreSSL integration as an alternative to OpenSSL.

Contributors and testers are welcome as we work on redesigning plugin support, rework the GUI according to modern coding standards (MVC) and privilege separation.

Deciso Linux Binary Emulation Layer Upgrade Allan Jude AllanJude@FreeBSD.org Dmitry Chagin dchagin@FreeBSD.org Ed Maste emaste@FreeBSD.org Edward Tomasz Napierała trasz@FreeBSD.org Johannes Meixner xmj@FreeBSD.org FreeBSD Emulation Team emulation@FreeBSD.org Emulation team on &os; wiki

The &os; emulation team has done extensive work on polishing &os;'s Linux emulation layer. After more than a year and a half, Dmitry Chagin's changes to the Linux binary emulation layer were merged into &os; 11.0-CURRENT. Before merging the more than 115 individual changes into base/head, Ed Maste and Edward Tomasz Napierała were able to help by reviewing and improving the code quality.

Work has begun on backporting these changes into &os; 10-STABLE, with the current 10.2 release cycle in mind. We hope to have that backport ready before 10.2-PRERELEASE turns into 10.2-RELEASE.

In that same vein, Allan Jude was able to upload and improve a recent Differential Revision that will eventually lead to our having both 32-bit and 64-bit ports for CentOS 6. Port review activity started during the BSDCan conference's developer summit, and will be continued extensively during the Cambridge Developer Summit.

We are currently expecting to have both Fedora 10, Centos 6 32-bit- and CentOS 6 64-bit-compatible frameworks available by Q4/2015.

Call for Help: Contributing

People can contribute to the Emulation team's efforts by testing the CentOS 64-bit changes on a &os; 11.0-CURRENT system. Please use Bugzilla to report any bugs or oddities encountered.

For the ambitious: we are planning to start working on a CentOS 7 framework. CentOS7 is 64-bit only, uses a newer kernel, and has systemd, so this work is highly experimental. We hope to have a usable port by Q2/2016.

Perceivon Hosting Inc. ScaleEngine Inc. The FreeBSD Foundation

Test 64-bit Linux emulation on 11.0-CURRENT

Backport 64-bit Linux emulation to 10-STABLE

Review 64-bit CentOS 6 ports and merge changes

Create/heavily update existing 64-bit CentOS 7 ports

Anyone who would like to get in touch should not hesitate to contact any of the emulation@ team members. Similarly, a mail to emulation@FreeBSD.org is always welcome.

 &os; Cluster Administration Team &os; Cluster Administration Team clusteradm@

The &os; Cluster Administration Team consists of the people responsible for administering the machines that the project relies on for its distributed work and communications to be synchronised. In this quarter, the team has been extremely busy with work both visible and invisible from outside of the &os; infrastructure.

While an enormous amount of this work was volunteer-driven, resources (time and hardware) were generously provided by the &os; Foundation.

The FreeBSD Foundation (time and hardware) <tt>bhyve</tt> Peter Grehan grehan@FreeBSD.org Neel Natu neel@FreeBSD.org Tycho Nightingale tychon@FreeBSD.org Allan Jude freebsd@allanjude.com Alexander Motin mav@FreeBSD.org Marcelo Araujo araujo@FreeBSD.org bhyve FAQ and talks

bhyve is a hypervisor that runs on the FreeBSD/amd64 platform. At present, it runs FreeBSD (8.x or later), Linux i386/x64, OpenBSD i386/amd64, and NetBSD/amd64 guests. Current development is focused on enabling additional guest operating systems and implementing features found in other hypervisors.

bhyve BoF at BSDCan 2015

A bhyve BoF was held during lunch hour at BSDCan 2015. It was attended by approximately 60 people.

Michael Dexter showed Windows Server 2012 running inside bhyve.

Common themes that came up during the discussion were: bhyve configuration, libvirt and OpenStack integration, best practices, bhyve with ZFS, additional guest support and live migration.

Google Summer of Code 2015

A number of bhyve-related proposals were submitted for GSoC 2015 and these four were accepted:

A number of improvements were made to bhyve this quarter:

Marcelo Araujo and Allan Jude created a rough patch to make bhyve parse a config file to replace the existing method of configuration by command line invocation. The rapid pace of advancement in bhyve resulted in requiring a much more complex config file. A new design for the config file, with support for the plugin architecture that will eventually be introduced into bhyve, is now being discussed.

Improve documentation. bhyveucl is a script for starting bhyve instances based on a libUCL config file. More information at https://github.com/allanjude/bhyveucl. Add support for virtio-scsi. Flexible networking backend: wanproxy, vhost-net Support running bhyve as non-root. Add filters for popular VM file formats (VMDK, VHD, QCOW2). Implement an abstraction layer for video (no X11 or SDL in base system). Suspend/resume support. Live Migration. Nested VT-x support (bhyve in bhyve). Support for other architectures (ARM, MIPS, PPC). Cleanup on <tt>pw(8)</tt> Baptiste Daroussin bapt@FreeBSD.org

pw(8) is the utility to create, delete, and modify users. This tool has remained mostly untouched since its creation, but needed updating.

Lots of cleanup has been done:

A new feature was added: pw -R rootdir cmd which allows cross manipulation of users.

More cleanup.

More regression tests.

LDAP support?

 1-Wire Kernel Driver Implementation Warner Losh imp@FreeBSD.org 1-Wire Stuff: Basics and Temperature

This is a kernel driver implemetation of the Dallas Semiconductor 1-Wire bus in a generic fashion. While temperature sensors are the only devices initially supported, other devices should be easy to add. Multiple devices on one bus are supported. Both normal and overdrive modes are supported.

Multiple temperature sensors have been well tested, but there is a high bit error rate. There are indications that this is due to bad bit-read times. The code is written with enough resilience to cope with the problem by retrying, and the error rate is low enough that a couple of retries paper over many marginal issues.

Implement the overdrive device. Add overdrive capability to owc and provide an own method to allow the presentation drivers to know when it is safe to use the overdrive ROM commands.

Implement the Identification device. This device just has a class of 1 and no registers.

Implement non-FDT gpiobus attachment.

Test overdrive timings.

Implement other attachments for things like serial port or specialized 1-Wire controllers.

Use the system clock to implement more precise delays to improve the error rate.

Use interrupt mode for GPIO pins to time the transitions of the line to determine the bit values without busy waiting. Use &os;'s fine-grained sleeping to do the same for write-one and write-zero routines.

Review the code at the URL above.

Test the code on a device other than a RPi, RPi 2, or BeagleBone Black.

Test the code on architectures besides armv6.

Implement streamlined temperature mode where the convert_t command is broadcast and a callback reads the values for all the devices detected on the bus.

Implement parasitic power mode.

 &os; on Cavium ThunderX (<tt>arm64</tt>) Dominik Ermel der@semihalf.com Wojciech Macek wma@semihalf.com Michal Stanek mst@semihalf.com Zbigniew Bodek zbb@semihalf.com &os; Wiki: arm64 page Video: &os; on the 48-core ThunderX (ARMv8)

Since the previous report, ThunderX gained SMP support and &os; is now running on 48 real-life ARMv8 CPU cores! The newly introduced functionality was based on initial foundational work submitted by Andrew Turner and Robin Randhawa, with emulation as the primary target.

Semihalf's efforts focused on hardware, and include:

This support was introduced to the public at the &os; 2015 Developer Summit in Ottawa at a demo held by Semihalf and the FreeBSD Foundation. Cavium's ThunderX server CRB (Customer Reference Board) is now capable of booting SMP &os; from both the hard disk and from an NFS root using a PCIe networking card. The example setup is now available on the &os; test cluster hosted at Sentex Communications.

ThunderX support changes are currently being reviewed and integrated into mainline &os;.

The FreeBSD Foundation ARM Ltd. Cavium Semihalf

Upstream ThunderX support to &os; HEAD

Support for multi-socket configuration of ThunderX (96 CPUs connected through coherent fabric)

Implement VNIC support (ThunderX networking controller)

 ZFSguru Jason Edwards sub.mesa@gmail.com ZFSguru

ZFSguru is a multifunctional server appliance with a strong emphasis on storage. ZFSguru began as simple web-interface frontend to ZFS, but has since grown into a &os; derivative with its own infrastructure. The scope of the project has also grown with the inclusion of add-on packages that add functionality beyond the traditional NAS functionality found in similar product like FreeNAS and NAS4Free. ZFSguru aims to be a true multifunctional server appliance that is extremely easy to set up and can unite both novice and more experienced users in a single user interface. The modular nature of the project combats the danger of bloat, whilst still allowing extended functionality to be easily deployed.

The ZFSguru project is nearing the release of version 0.3, a major milestone for the project. In this new version, major work has been done on fundamentals. An overview:

ZFSguru version 0.3 will be released on the first of August.

 &os;/arm64 Andrew Turner andrew@FreeBSD.org Ed Maste emaste@FreeBSD.org Ruslan Bukin br@FreeBSD.org &os; arm64 wiki

Since the last status report, support for building &os; for AArch64 (arm64) has been committed to Subversion. This has initially been targeting qemu, with more hardware support being added after review.

Support for ACPI, SMP, DTrace, and hwpmc has been added. ACPI is able to enumerate devices and get to the mountroot prompt. Further work is needed to get into userland. SMP has been tested on qemu with two cores, and work is under way to support SMP on hardware. The hwpmc driver includes support for the Cortex-A53, Cortex-A57, and Cortex-A72 cores from ARM.

Poudriere has been used with user-mode qemu to test building packages. Over 14,000 ports were successfully built. A number of issues have been found and fixed from this first run. These fixes should unblock about 5,000 additional ports.

The FreeBSD Foundation ABT Systems Ltd ARM Ltd

Port to more SoCs

Test Poudriere on native hardware

 The FreeBSD Foundation Deb Goodkin deb@FreeBSDFoundation.org Foundation website &os; Journal

The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting and promoting the &os; Project and community worldwide. Funding comes from individual and corporate donations and is used to fund and manage development projects, conferences and developer summits, and provide travel grants to &os; developers. The Foundation purchases hardware to improve and maintain &os; infrastructure and publishes &os; white papers and marketing material to promote, educate, and advocate for the &os; Project. The Foundation also represents the &os; Project in executing contracts, license agreements, and other legal arrangements that require a recognized legal entity.

Here are some highlights of what we did to help &os; during the last quarter:

 Wine/&os; Gerald Pfeifer gerald@FreeBSD.org David Naylor dbn@FreeBSD.org Wine wiki Wine on amd64 wiki Wine homepage

This quarter has seen seven updates to the wine-devel port that closely tracks upstream development as well as updates to its helper ports (wine-gecko-devel and wine-mono-devel):

The i386-wine-devel port has packages built for amd64 for &os; 8.4, 9.1+, 10.1+ and CURRENT.

Accomplishments include:

Future development on Wine will focus on:

Maintaining and improving Wine is a major undertaking that directly impacts end-users on &os; (including many gamers). If you are interested in helping please contact us. We will happily accept patches, suggest areas of focus or have a chat.

Open Tasks and Known Problems (see the Wine wiki)

&os;/amd64 integration (see the i386-Wine wiki)

Porting Windows 32-bit on Windows 64-bit (WoW64)

 KDE on &os; KDE on &os; team kde@FreeBSD.org KDE on &os; website KDE ports staging area KDE on &os; wiki KDE/&os; mailing list Development repository for integrating KDE 5

The KDE on &os; team focuses on packaging and making sure that the experience of KDE and Qt on &os; is as good as possible.

Brad Davis has been working on CMake, resulting in an update to version 3.2.3 being committed to ports.

Overall, we have updated the following ports in this quarter:

Put more effort into the Qt5-related ports: KDE Frameworks 5 (currently worked on by Tobias Berner) and PyQt 5.

 Warner's ARMv6 Hard Float Experiment Warner Losh imp@FreeBSD.org Moving armv6 from Soft Float to Hard Float

The plan for the transition to hard float on ARMv6 involved having a new MACHINE_ARCH. That seemed expedient, but inelegant to me. The kernel can easily run both soft and hard floating point binaries, assuming that the proper libraries are available.

As an experiment, I have been investigating how hard it would be to just start generating hard float binaries starting with &os; 11.0 and what issues this causes. I am most interested in the source, the effects on ports, and any binary/package upgrade issues from &os; 10.X to 11.

If successful, this will allow the project to move more quickly away from a soft-floating point default. Users upgrading from &os; 10 will automatically be upgraded to hard float. All supported ARMv6 and ARMv7 processors have hardware floating point, so this will not be a problem for the vast majority of users. In addition, many of the build scripts know about all values of MACHINE_ARCH, and not changing the MACHINE_ARCH will allow those scripts to continue to function without additional changes.

I am about three fourths of the way through investigating this possibility and coding up solutions to the problems encountered so far.

The risks from this experiment are that it will encounter unforseen dependencies. This could force us to go with the original plan for migration to hard floating point.

The hope for this experiment is to pave the way for using the superior hard floating point in &os; 11 with minimal impact to our users and their current build scripts and processes. Backwards compatibility will be ensured with the libsoft tasks if users need to run &os; 10.X ARMv6 softfloat binaries on &os; 11.0 with its new hardfloat libraries. Packages should automatically update once the new hardfloat packages are put into place.

Building seat belts into ld.so to not cross-thread libraries of differing floating point implementations.

Clang should properly mark hard versus soft floating point .os. This is a minor issue, since ld handles things correctly.

libsoft, the analog of lib32, needs to be completed.

Patches to flip the switch from soft to hard for builds for armv6. Some additional code needed to build soft float may be needed for the prior task.

 Official Packages Bryan Drewery bdrewery@FreeBSD.org Ports Management Team portmgr@FreeBSD.org Sean Bruno sbruno@FreeBSD.org Package Status

x86 Packages

With the help of the FreeBSD Foundation providing more build servers, we have increased the build frequency of packages from weekly to about every other day. Packages are provided for all currently supported releases and head on i386 and amd64 from the ports head branch, and quarterly packages for &os; 10.1 and 9.3 release branches.

We are using eight different systems for building packages. The build process has been fully automated and is more fault tolerant now. More details on this will be available in an upcoming &os; Journal article. About eleven servers are used for daily test builds. To make it simpler for everyone to find the status and results of these builds, pkg-status.FreeBSD.org has been developed by Bryan Drewery. Its intent is to show all systems and builds in nearly real-time. It is currently in a beta stage and will be improved over time. At the time of this writing, it is temporarily down, but will be restored soon.

ARM/MIPS Packages

The FreeBSD Foundation purchased servers for the project to begin building and providing ARM and MIPS packages. These packages are currently built from x86 systems using QEMU. More details on this can be found in the BSDCan 2015 Presentation. The work to do this has been shepherded by Sean Bruno and has had help from many people including but not limited to Juergen Lock, Stacey Son, Ed Maste, Peter Wemm, Alexander Kabaev, Adrian Chadd, Baptiste Daroussin, Bryan Drewery, Dimitry Andric, Andrew Turner, Warner Losh, Ian Lapore, and Brooks Davis.

We are currently targeting packages for head on mips, mips64 and armv6. Each set takes one to two weeks to build on QEMU. They will be provided on a best effort basis for now on the default repository of pkg.FreeBSD.org.

FreeBSD Foundation (package building hardware)

Portmgr met at BSDCan and decided that the default package set should be provided based on the Ports Quarterly branch. This will provide more stable packages by default and allow users who wish to have the bleeding edge to use the head packages. The Quarterly branch is currently updated in full every three months from head and otherwise receives security and critical fixes. Moving towards this plan will also require a change to how we update the Quarterly branch. More details will be provided later.

Performance and stability of QEMU continues to improve. Native cross-building support in ports needs more work and testing to be viable.

The package builds currently run from a crontab every other day. Some of the builds take two hours (incremental), while others can take up to 30 hours for a full build. An open task here is to implement a better OS ABI check to see if incremental builds can be done, or if a full rebuild is needed when an SA/EN comes out. The plan for this is detailed at https://lists.freebsd.org/pipermail/freebsd-arch/2015-April/017025.html.

Another open task is to implement a master queue coordinator to start the next builds as soon as all others are done. This will also allow improving the pkg-status site's view of everything.

 GSoC 2015: <tt>libc</tt> Security Extensions Pedro Giffuni pfg@FreeBSD.org Oliver Pinter op@FreeBSD.org Project Wiki Page Code Review Differential

As part of this year's Google Summer of Code, we have been adding support for the _FORTIFY_SOURCE extension to libc. This extension uses the GCC builtin_object_size information to prevent buffer overflows in existing code. The compiler and the C library can effectively detect a set of common programming mistakes.

A mixed version of the NetBSD and Android implementations has been ported and is currently undergoing heavy testing. On &os;, this code has already found two small bugs. On the other hand, the &os; codebase is extremely useful to test the framework.

Google Summer of Code Program

Code review and more buildworld testing with GCC.

Integration tests, especially on non-x86 platforms.

Documentation: the framework is relatively popular on GNU libc but we still have to work on better documentation.

Testing and possibly integrating with ports.

We will have to re-schedule the GSoC project, as we were expecting to spend less time on this.

 The Graphics Stack on &os; FreeBSD Graphics Team freebsd-x11@FreeBSD.org Graphics stack roadmap and supported hardware matrix Graphics stack team blog Ports development tree on GitHub

The members of the graphics team were lacking spare time during this quarter, and only few things could be improved.

Our ports development tree still holds an update to Mesa 10.6 along with many cleanups and bug fixes. (It was 10.5 in the previous quarterly report.) Initially, we planned to commit it in early July, just after the &os; 8.4-RELEASE end-of-life date, but the EOL was delayed to the 31st of July. Therefore, we will send a Call For Testers near the end of July, with the update to be committed in early August. Of course, the update can still be obtained and tested directly from the Ports development tree by using the mesa-next branch.

Several smaller updates to X.Org-related ports were committed to the Ports tree.

The work on the i915 kernel driver update made no progress during this quarter due to the lack of free time. Fortunately, it can resume in Q3 with the hope to have something ready to test in September 2015.

The update to the DRM device-independent code was merged to stable/10. This means it will be available in the upcoming &os; 10.2-RELEASE.

Recently, the website hosting our blog has been down frequently. It is again the case at the time of this writing. We exported the data the last time it was up, so we will probably move to another system. Of course, the URL will change as well.

See the Graphics wiki page for up-to-date information.