Index: head/en_US.ISO8859-1/htdocs/news/status/report-2020-01-2020-03.xml =================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2020-01-2020-03.xml (revision 54052) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2020-01-2020-03.xml (revision 54053) @@ -1,1910 +1,1910 @@ 01-03 2020
Introduction

Welcome, to the quarterly reports, of the future! Well, at least the first quarterly report from 2020. The new timeline, mentioned in the last few reports, still holds, which brings us to this report, which covers the period of January 2020 - March 2020.

As you will see from this report, we've had quite an active quarter with big changes to both kernel, userland, documentation, ports, and third-party projects in the form of everything from bug and security fixes over new features to speed improvements and optimizations.

As this report also covers the start of the epidemic, it's also interesting to note that a quick glance at the svn logs reveal that there has been no overall drop in number of source commits, that docs commits have also stayed constant, and that ports have seen an upwards trend.

We hope that all of you are and yours are as safe as can be managed, and that we get through this together by working together.

-- Daniel Ebdrup Jensen, debdrup@freebsd.org

FreeBSD Foundation Deb Goodkin deb@FreeBSDFoundation.org

The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting and promoting the FreeBSD Project and community worldwide. Funding comes from individual and corporate donations and is used to fund and manage software development projects, conferences and developer summits, and provide travel grants to FreeBSD contributors. The Foundation purchases and supports hardware to improve and maintain FreeBSD infrastructure and provides resources to improve security, quality assurance, and release engineering efforts; publishes marketing material to promote, educate, and advocate for the FreeBSD Project; facilitates collaboration between commercial vendors and FreeBSD developers; and finally, represents the FreeBSD Project in executing contracts, license agreements, and other legal arrangements that require a recognized legal entity.

Here are some highlights of what we did to help FreeBSD last quarter:

General

We moved! Our new address is: The FreeBSD Foundation 3980 Broadway St. STE #103-107 Boulder, CO 80304 USA

In February, the board of directors had an all-day board meeting in Berkely, CA, where FreeBSD began! We put together our strategic plans for the next 2 years, which includes software developments projects we want to support and some educational initiatives.

COVID-19 impacts the Foundation. We put policies in place for all of our staff members to work from home. We also put a temporary ban on travel for staff members. We are continuing our work supporting the community and Project, but some of our work and responses are delayed because of changes in some of our priorities and the impact of limited childcare for a few of our staff members.

Partnerships and Commercial User Support

We help facilitate collaboration between commercial users and FreeBSD developers. We also meet with companies to discuss their needs and bring that information back to the Project. In Q1, Deb Goodkin met with commercial users at LinuxConfAu in Australia, FOSDEM in Belgium, and SCALE18x in the US. These venues provide an excellent opportunity to meet with commercial and individual users and contributors to FreeBSD. It's not only beneficial for the above, but it also helps us understand some of the applications where FreeBSD is used. In addition to meeting with commercial users at conferences, we continued discussions over email or on calls over the quarter.

Fundraising Efforts

Last quarter we raised $57,000! Thank you to everyone who came through, especially in this economic crisis we have found ourselves in. It heartens us deeply that individuals and organizations have supported our efforts, when there are so many people, animals, and businesses in need right now. We also want to extend a big thank you to Tarsnap, VMWare, and Stormshield for leading the way with Silver level donations. We hope other organizations will follow their lead and give back to help us continue supporting FreeBSD.

We are 100% funded by donations, and those funds go towards software development work to improve FreeBSD, FreeBSD advocacy around the world, keeping FreeBSD secure, continuous integration improvements, sponsoring BSD-related and computing conferences, legal support for the Project, and many other areas.

Please consider making a donation to help us continue and increase our support for FreeBSD: https://www.FreeBSDfoundation.org/donate/.

We also have the Partnership Program, to provide more benefits for our larger commercial donors. Find out more information at https://www.FreeBSDfoundation.org/FreeBSD-foundation-partnership-program/ and share with your companies!

OS Improvements

The Foundation supports software development projects to improve the FreeBSD operating system through our full time technical staff, contractors, and project grant recipients. They maintain and improve critical kernel subsystems, add new features and functionality, and fix problems.

Over the last quarter there were 273 commits to the FreeBSD base system source repository tagged with FreeBSD Foundation sponsorship, about 12% of base system commits over the quarter. Many of these are part of sponsored or staff projects that have their own entries in this FreeBSD Quarterly Report, but Foundation staff and contractors (Ed Maste, Konstantin Belousov, Mark Johnston, Li-Wen Hsu) also support the project with an ongoing series of bug fixes, build fixes, and miscellaneous improvements that don't warrant a separate entry.

Ed committed miscellaneous improvements to various parts of FreeBSD's build infrastructure, largely prompted by the work to retire the obsolete GCC 4.2.1. This included removal of the LLVM_LIBUNWIND option (now always set), and the removal of unused gperf, gcov, and the GPL devicetree compiler (dtc). Ed committed sendfile support for the Linuxulator, submitted by previous intern Bora Özarslan, and tested and committed a number of submitted bug fixes for the Microchip USB-Ethernet controller if_muge driver. Ed also updated the copy of OpenSSH in the base system to 7.9p1, with additional updates in progress, and worked on a number of security advisories released during the quarter.

Konstantin Belousov and Mark Johnston both performed a large number of code reviews during the quarter under Foundation sponsorship. This work helps developers in the FreeBSD community and those working at companies using FreeBSD to integrate their work into FreeBSD.

In addition to work described elsewhere in this report Konstantin also continued his usual series of bug fixes and improvements. This quarter this included low-level x86 support, fixing sendfile bugs, file system and vfs bug fixes, and dozens of other miscellaneous improvements. Additional work included a variety of commits to support Hygon x86 CPUs and improvements to the runtime linker (rtld)'s direct execution mode.

Mark Johnston continued his work on the Syzkaller system-call fuzzer, and committed fixes for many issues reported by Syzkaller. Mark triaged a large number of submitted bug reports and in many cases committed attached patches or developed fixes. Mark also addressed dozens of Coverity Scan reports.

Mark's other changes included arm64 Large System Extensions (LSE) atomic operations, low-level arm64 and x86 work, virtual memory (VM) work, and bug fixes or other improvements to syslog, the lagg(4) link aggregation driver, and build reproducibility.

Li-Wen Hsu committed many changes to tests in the base system, such as turning off known failing tests tracked by PRs, test-related pkgbase fixes, and other improvements.

Continuous Integration and Quality Assurance

The Foundation provides a full-time staff member who is working on improving our automated testing, continuous integration, and overall quality assurance efforts.

During the first quarter of 2020, Foundation staff continued to improve the Project's CI infrastructure, worked with contributors to fix the failing build and test cases. The building of a CI staging environment is in progress on the new machine purchased by the Foundation. We are also working with other teams in the Project for their testing needs. For example, we added a new job for running LTP (Linux Testing Project) on the Linuxulator, to validate improvements in the Foundation's sponsored Linux emulation work. We are also working with many external projects and companies to improve their support of FreeBSD.

See the FreeBSD CI section of this report for completed work items and detailed information.

Supporting FreeBSD Infrastructure

The Foundation provides hardware and support to improve the FreeBSD infrastructure. Last quarter, we continued supporting FreeBSD hardware located around the world. We purchased one server for a mirror in Malaysia, and signed the MOU for the new NYI colocation facility in Illinois. NYI generously provides this as an in-kind donation to the Project.

FreeBSD Advocacy and Education

A large part of our efforts are dedicated to advocating for the Project. This includes promoting work being done by others with FreeBSD; producing advocacy literature to teach people about FreeBSD and help make the path to starting using FreeBSD or contributing to the Project easier; and attending and getting other FreeBSD contributors to volunteer to run FreeBSD events, staff FreeBSD tables, and give FreeBSD presentations.

The FreeBSD Foundation sponsors many conferences, events, and summits around the globe. These events can be BSD-related, open source, or technology events geared towards underrepresented groups. We support the FreeBSD-focused events to help provide a venue for sharing knowledge, to work together on projects, and to facilitate collaboration between developers and commercial users. This all helps provide a healthy ecosystem. We support the non-FreeBSD events to promote and raise awareness of FreeBSD, to increase the use of FreeBSD in different applications, and to recruit more contributors to the Project.

Check out some of the advocacy and education work we did last quarter:

We continued producing FreeBSD advocacy material to help people promote FreeBSD.

Learn more about our efforts in 2019 to advocate for FreeBSD.

In addition to the information found in the Development Projects update section of this report, take a minute to check out the latest update blogs:

Read more about our conference adventures in the conference recaps and trip

reports in our monthly newsletters.

We help educate the world about FreeBSD by publishing the professionally produced FreeBSD Journal. As we mentioned previously, the FreeBSD Journal is now a free publication. Find out more and access the latest issues.

You can find out more about events we attended and upcoming events here. As is the case for most of us in this industry, SCALE was the last event we will be attending for a few months. However, we're already working on how we can make more on-line tutorials and how-to guides available to facilitate getting more folks to try out FreeBSD. In the meantime, please check out the how-to guides we already have available!

We have continued our work with a new website developer to help us improve our website. Work has begun to make it easier for community members to find information more easily and to make the site more efficient.

Legal/FreeBSD IP

The Foundation owns the FreeBSD trademarks, and it is our responsibility to protect them. We also provide legal support for the core team to investigate questions that arise.

Go to http://www.FreeBSDfoundation.org/ to find out how we support FreeBSD and how we can help you!

FreeBSD Core Team FreeBSD Core Team core@FreeBSD.org

The FreeBSD Core Team is the governing body of FreeBSD.

FreeBSD Release Engineering Team FreeBSD Release Engineering Team re@FreeBSD.org FreeBSD 11.4-RELEASE schedule FreeBSD 12.2-RELEASE schedule FreeBSD development snapshots

The FreeBSD Release Engineering Team is responsible for setting and publishing release schedules for official project releases of FreeBSD, announcing code freezes and maintaining the respective branches, among other things.

The FreeBSD Release Engineering Team published the schedules for the upcoming 11.4-RELEASE and 12.2-RELEASE cycles.

Much time was spent by Glen Barber working on updates to the various build tools adding support for builds from both Subversion and Git. This is very much a work in progress, as there are a number of inter-connected moving parts.

Additionally throughout the quarter, several development snapshots builds were released for the head, stable/12, and stable/11 branches.

Much of this work was sponsored by Rubicon Communications, LLC (netgate.com) and the FreeBSD Foundation.

Cluster Administration Team Cluster Administration Team clusteradm@FreeBSD.org Cluster Administration Team members

The FreeBSD Cluster Administration Team consists of the people responsible for administering the machines that the Project relies on for its distributed work and communications to be synchronised. In this quarter, the team has worked on the following:

Work in progress: Continuous Integration FreeBSD Jenkins Instance FreeBSD Hardware Testing Lab FreeBSD CI artifact archive FreeBSD CI weekly report FreeBSD Jenkins wiki Hosted CI wiki 3rd Party Software CI Tickets related to freebsd-testing@ FreeBSD CI Repository Jenkins Admin jenkins-admin@FreeBSD.org Li-Wen Hsu lwhsu@FreeBSD.org

Contact: freebsd-testing Mailing List Contact: IRC #freebsd-ci channel on EFNet

The FreeBSD CI team maintains the continuous integration system and related tasks for the FreeBSD project. The CI system regularly checks the committed changes can be successfully built, then performs various tests and analysis of the results. The artifacts from the build jobs are archived in the artifact server for further testing and debugging needs. The CI team members examine the failing builds and unstable tests and work with the experts in that area to fix the codes or adjust test infrastructure. The details of these efforts are available in the weekly CI reports.

During the first quarter of 2020, we continue working with the contributors and developers in the project for their testing needs and also keep working with external projects and companies to improve their support of FreeBSD.

Important changes:

New jobs added: Work in progress: Please see freebsd-testing@ related tickets for more WIP information, and join the efforts

Sponsor: The FreeBSD Foundation

Ports Collection About FreeBSD Ports Contributing to Ports FreeBSD Ports Monitoring Ports Management Team René Ladan portmgr-secretary@FreeBSD.org FreeBSD Ports Management Team portmgr@FreeBSD.org

The Ports Management Team is responsible for overseeing the overall direction of the Ports Tree, building packages, and personnel matters. Below is what happened in the last quarter.

During the last quarter the number of ports settled in at 39,000. There are currently just over 2,400 open PRs of which 640 are unassigned. The last quarter saw 8146 commits by 173 committers to the HEAD branch and 357 commits by 52 committers to the 2020Q1 branch. This means the number of PRs grew although the committer activity remained more or less constant.

As always, people come and go. This time we welcomed Loïc Bartoletti (lbartoletti@), Mikael Urankar (mikael@), Kyle Evans (kevans@, who is already a src committer), and Lorenzo Salvadore (salvadore@, who we already know for compiling these reports you are reading right now). We said goodbye to dbn@ and theraven@, who we hope to see back in the future.

On the infrastructure side, USES=qca was added and USES=zope was removed. The latter was also due to it was incompatible with Python 3, and portmgr is in the process of removing Python 2.7 from the Ports Tree. This means that all ports that currently rely on Python 2.7 need to be updated to work with Python 3 or be removed.

After a long period of work by multiple people, Xorg got updated from the 1.18 to the 1.20 release series. Also, the web browsers were updated: Firefox to version 75.0, Firefox ESR to 68.7.0, and Chromium to 80.0.3987.149. The package manager itself got updated to version 1.13.2.

antoine@ ran 29 exp-runs during the last quarter for various updates to KDE, poppler, pkg and build tools; and test compatibility with src changes: removing procfs-based debugging, fixing TLS alignment, and only including libssp_nonshared.a in libc for the i386 and Power architectures.

FreeBSD Graphics Team status report Project GitHub page FreeBSD Graphics Team x11@freebsd.org Niclas Zeising zeising@freebsd.org

The FreeBSD X11/Graphics team maintains the lower levels of the FreeBSD graphics stack. This includes graphics drivers, graphics libraries such as the MESA OpenGL implementation, the X.org xserver with related libraries and applications, and Wayland with related libraries and applications.

The biggest highlight by far during the previous quarter was the long awaited update of xorg-server to version 1.20. After years of work by many people, this update finally landed in the form of xorg-server 1.20.7. With this update came a couple of new things, most notably, FreeBSD 12 and later was switched to use the udev/evdev backend by default for handling input devices, such as mice and keyboards. Together with this release, the OpenGL library implementation mesa was switched to use DRI3 by default, instead of the older DRI2.

These updates caused some fallout when they first were comitted, most notably issues with keyboards. But with help from Michael Gmelin and others on the mailing lists, most issues were sorted fast. Unfortunately version 304 of the nVidia graphics driver is no longer supported as of this release.

Since this update, xorg-server has also been bumped to 1.20.8, which is the latest upstream release.

Apart from this update, there has also been ongoing work to keep the various drm-kmod ports and packages up to date, mostly in response to changes in FreeBSD CURRENT and to security issues found in the Intel i915 driver.

We have also done updates as needed to keep the graphics and input stack up to date and working, and deprecated and removed several old and no longer used drivers, applications and libraries.

We have also continued our regularly scheduled bi-weekly meetings.

People who are interested in helping out can find us on the x11@FreeBSD.org mailing list, or on our gitter chat: (https://gitter.im/FreeBSDDesktop/Lobby). We are also available in #freebsd-xorg on EFNet.

We also have a team area on GitHub where our work repositories can be found: (https://github.com/FreeBSDDesktop)

NFS over TLS implementation Rick Macklem rmacklem@freebsd.org

In an effort to improve NFS security, an internet draft which I expect will become and RFC soon specifies the use of TLS 1.3 to encrypt all data traffic on a Sun RPC connection used for NFS.

Although NFS has been able to use sec=krb5p to encrypt data on the wire, this requires a Kerberos environment and, as such, has not been widely adopted. It also required that encryption/decryption be done in software, since only the RPC message NFS arguments are encrypted. Since Kernel TLS is capable of using hardware assist to improve performance and does not require Kerberos, NFS over TLS may be more widely adopted, once implementations are available.

Since FreeBSD's kernel TLS requires that data be in ext_pgs mbufs for transmission, most of the work so far has been modifying the NFS code that builds the protocol arguments to optionally use ext_pgs mbufs. Coding changes to handle received ext_pgs mbufs has also been done, although this may not be required by the receive kernel TLS.

The kernel RPC has also been modified to do the STARTTLS Null RPC and to do upcalls to userland daemons that perform the SSL_connect()/SSL_accept(), since the kernel TLS does not do this initial handshake. So far only a self signed certificate on the server, with no requirement for the client to have a certificate has been implemented.

Work is still needed to be done for the case where the NFS client is expected to have a signed certificate. In particular, it is not obvious to me what the correct solution is for clients that do not have a fixed IP address/DNS name. The code now is about ready for testing, but requires that the kernel TLS be able to support receive as well as transmit. Patches to the kernel TLS for receive are being worked on by jhb@freebsd.org.

Once receive side kernel TLS becomes available, the code in subversion under base/projects/nfs-over-tls will need third party testing and a security evaluation by someone familiar with TLS.

Import of the Kyua test framework The FreeBSD Test Suite Brooks Davis brooks@FreeBSD.org

The FreeBSD test suite uses the Kyua test framework to run tests.

Historically Kyua has been installed from the ports collection (devel/kyua). While this is fine for mainstream architectures, it can pose bootstrapping issues on new architectures and package installation is quite slow under emulation or on FPGA based systems. By including it in the FreeBSD base system we can avoid these issues.

We hope that this inclusion will spur testing of embedded platforms and simplify the process of testing within continuous integration systems.

We currently plan to retain the devel/kyua port to serve FreeBSD versions without and to serve as a development version.

Sponsor: DARPA

Linux compatibility layer update Edward Tomasz Napierala trasz@FreeBSD.org

Work during this quarter focused on source code cleanup and making it easier to debug missing functionality. There were, however, some user-visible changes: added support for TCP_CORK as required by Nginx, added support MAP_32BIT flag, which fixes Mono binaries from Ubuntu Bionic, and a fix for DNS resolution with glibc newer than 2.30, which affected CentOS 8.

The Linux Test Project tests that are being run as part of the the FreeBSD Continuous Integration infrastructure now include the Open POSIX test suite.

There's still a lot to do:

Sponsor: The FreeBSD Foundation syzkaller on FreeBSD Mark Johnston markj@FreeBSD.org Michael Tuexen tuexen@FreeBSD.org

See the syzkaller entry in the 2019q1 quarterly report for an introduction to syzkaller.

A number of kernel bugs have been found by syzkaller and fixed this quarter, mostly in the network stack and file descriptor table code. Bug investigations have led to improvements in debugging facilities and assertions, for example in the SCTP stack. Syzkaller reproducers have been added to Peter Holm's stress2 suite, helping ensure that regressions are found quickly.

The syzkaller instance hosted by backtrace.io (see the 2019q3 report) has been very useful in testing syzkaller improvements and finding bugs. Though Google runs a dedicated syzkaller instance targeting FreeBSD, it has proved fruitful to run multiple instances since they end up building different corpuses and thus discover different, though overlapping, sets of bugs.

Support for fuzzing a number of new system calls has been added, including the new copy_file_range() and __realpathat() system calls, and the Capsicum system calls. Some work was also done to audit existing system call definitions to ensure that FreeBSD-specific extensions of POSIX system calls are covered. Work is ongoing to target the Linux emulation layer, and to collect kernel dumps so that one-off crashes with no reproducer have a chance at being diagnosed and fixed.

Sponsor: backtrace.io Sponsor: The FreeBSD Foundation

if_bridge Kristof Provost kp@FreeBSD.org

The current implementation of if_bridge uses a single mutex to protect its internal data structures. As a result it’s nowhere near as fast as it could be. This is relevant for users who want to run many vnet jails or virtual machines bridged together, for example.

As part of this project several new tests have already been added for if_bridge. These are generally very useful for validating any locking changes, and will also help to prevent regressions for other future changes. These tests live in /usr/tests/sys/net/if_bridge_test.

The current work is concentrating on investigating if it's possible to leverage the ConcurrencyKit epoch code for the datapath (i.e. bridge_input(), bridge_output(), bridge_forward(), ...).

Sponsor: The FreeBSD Foundation

sigfastblock(2) Konstantin Belousov kib@FreeBSD.org

Rtld services need to be async signal safe. This is needed, for instance, to provide working symbol bindings in signal handlers.

For threaded processes, libthr interposes all user-installed signal handlers and saves the signals and related context if signal is delivered while rtld or libthr are in protected section of code.

In non-threaded processes, the async safety is provided by changing signal mask for the thread. It is actually better than the interposing done by libthr, since signals are delivered in the right context, instead of libthr attempt of recreate it later. But the unfortunate side-effect is that each rtld entry requires two syscalls, one to set mask, and one to restore it. Typically this adds around 40 or more syscalls on each process startup. Worse, rtld services used by typical language runtime exception handling systems also have the cost of signal mask manipulation.

The new sigfastblock(2) syscall was added that allows thread to designate a memory location as fast signal block. If this word contains non-zero value, kernel interprets the thread state same as if all blockable signals are blocked. The facility drastically improves exception handling speed on FreeBSD.

Since signals might abort interruptible sleeps, initial implementation read the blocking word on each syscall entry. This is needed to ensure that userspace does not see spurious EINTR/ERESTART if the signals are blocked by the word. Since if kernel cached outdated value for the block word, it would abort sleep, but then ast sees the correct mask and does not deliver the pending signal.

There were concerns that this read of the word causes slowdown in syscalls microbenchmarks, esp. on machines with SMAP. The reason is that SMAP requires all userspace access bracketed by STAC/CLAC pair of instructions, which are de-facto serializing (this is not architectural, but all current microarchitectures do it). The decision was made to eliminate the word read, at the cost of possibly returning spurious EINTR. The impact should be minimal, since sigfastblock(2) is not supposed to be the service available to users, it is only assumed for rtld and libthr implementations.

Sponsor: The FreeBSD Foundation

arm64 LSE atomic instructions Mark Johnston markj@FreeBSD.org

An investigation of some performance oddities on EC2 Graviton 2 instances resulted in support for the use of Large System Extension (LSE) atomic instructions in the FreeBSD kernel.

LSE is an mandatory ISA extension specified in ARMv8.1. It consists of a number of new atomic instructions, superseding the Load-Linked/Store-Conditional (LL/SC) instruction pairs use when LSE is not implemented. The extension is present in a number of ARMv8 server platforms, including the Cavium ThunderX2 and AWS Graviton 2. The new instructions provide significantly better scalability.

A recent set of patches modified the FreeBSD kernel to detect support for LSE and dynamically select an atomic(9) implementation based on the new instructions when all CPUs implement the extension. The initial atomic(9) implementations were provided by Ali Saidi. Some benchmarking on a 64-vCPU Graviton 2 instance shows a ~4% reduction in wall clock time for a kernel build, and a ~15% reduction in system CPU time.

Some ARMv8 multi-processor systems implement a heterogenous CPU architecture, referred to as big.LITTLE, in which multiple processor types are used. Surprisingly, such systems may implement the LSE on only a subset of its CPUs, in which case LSE instructions cannot be used by the kernel. As a result, FreeBSD currently waits until all processors are online before selecting the atomic(9) implementation, which precludes the use of ifuncs to provide dynamic selection.

Currently atomic(9)'s use of LSE is limited to the kernel. A future project would extend this to userspace, so that FreeBSD system libraries can leverage the LSE instructions when they are available.

Sponsor: The FreeBSD Foundation Sponsor: Amazon

FreeBSD on Microsoft HyperV and Azure FreeBSD on MicrosoftAzure wiki FreeBSD on Microsoft HyperV FreeBSD Integration Services Team bsdic@microsoft.com Wei Hu whu@FreeBSD.org Li-Wen Hsu lwhsu@FreeBSD.org

Wei is working on HyperV Socket support for FreeBSD. HyperV Socket provides a way for the HyperV host and guest to communicate using a common socket interface without networking required. Some features in Azure require HyperV Socket support in the guest.

Details of HyperV Socket is available here.

The work-in-progress is available here

This project is sponsored by Microsoft.

Li-Wen is working on the FreeBSD release code related to Azure for the -CURRENT and 12-STABLE branches. The release of 12.1-RELEASE on Azure is also in progress.

The work-in-progress is available here

This project is sponsored by The FreeBSD Foundation.

FreeBSD on the ARM Morello platform The Arm Morello Board The CHERI Project Andrew Turner andrew@FreeBSD.org Ruslan Bukin br@FreeBSD.org Brooks Davis brooks@FreeBSD.org John Baldwin jhb@FreeBSD.org Robert Watson rwatson@FreeBSD.org

CHERI (Capability Hardware Enhanced RISC Instructions) extends conventional hardware Instruction-Set Architectures (ISAs) with new architectural features to enable fine-grained memory protection and highly scalable software compartmentalization. The CHERI memory-protection features allow historically memory-unsafe programming languages such as C and C++ to be adapted to provide strong, compatible, and efficient protection against many currently widely exploited vulnerabilities. The CHERI scalable compartmentalization features enable the fine-grained decomposition of operating-system (OS) and application code, to limit the effects of security vulnerabilities in ways that are not supported by current architectures. CHERI is a hybrid capability architecture in that it is able to blend architectural capabilities with conventional MMU-based architectures and microarchitectures, and with conventional software stacks based on virtual memory and C/C++. This approach allows incremental deployment within existing ecosystems, which we have demonstrated through hardware and software prototyping.

On 18 October 2019, Arm announced Morello, an experimental CHERI-extended, multicore, superscalar ARMv8-A processor, System-on-Chip (SoC), and prototype board to be available from late 2021. Morello is a part of the UKRI £187M Digital Security by Design Challenge (DSbD) supported by the UK Industrial Strategy Challenge Fund, including a commitment of over £50M commitment by Arm. The aim is to test and validate CHERI extensions to the Arm ISA at scale with the idea that "successful concepts are expected to be carried forward into the architecture." The Morello board is scheduled to ship in the third quarter of 2021.

Over the past decade we have developed CheriBSD, a version of FreeBSD supporting CHERI. Our public facing work has been performed on MIPS64 and more recently on RISC-V. Andrew has also developed a port to an earlier version of the Morello ISA which we will be merging into our public repository as simulators and compilers become available.

The Morello board is based on the Arm Neoverse N1 platform and derived from the N1SDP development platform. (The AWS Graviton2 systems are also based on the N1 core.) Ruslan and Andrew are currently working to enable all relevant features of the N1 and the N1SDP to give us a solid baseline for work on Morello. These features include the PCI root complex, system memory management unit (SMMU), and CoreSight. To the extent practical we are upstreaming these features to FreeBSD.

Sponsor: DARPA, UKRI

NXP ARM64 SoC support Marcin Wojtas mw@semihalf.com Artur Rojek ar@semihalf.com Dawid Gorecki dgr@semihalf.com

The Semihalf team initiated working on FreeBSD support for the NXP LS1046A SoC

LS1046A are quad-core 64-bit ARMv8 Cortex-A72 processors with integrated packet processing acceleration and high speed peripherals including 10 Gb Ethernet, PCIe 3.0, SATA 3.0 and USB 3.0 for a wide range of networking, storage, security and industrial applications.

Completed since the last update:

Todo: Sponsor: Alstom Group ENA FreeBSD Driver Update ENA README Michal Krawczyk mk@semihalf.com Maciej Bielski mba@semihalf.com Marcin Wojtas mw@semihalf.com

ENA (Elastic Network Adapter) is the smart NIC available in the virtualized environment of Amazon Web Services (AWS). The ENA driver supports multiple transmit and receive queues and can handle up to 100 Gb/s of network traffic, depending on the instance type on which it is used.

Completed since the last update:

Work in progress: Sponsor: Amazon.com Inc FreeBSD/powerpc Project Mark Linimon linimon@FreeBSD.org Justin Hibbits jhibbits@FreeBSD.org Piotr Kubaj pkubaj@FreeBSD.org

The FreeBSD/powerpc project continues to mature.

In addition to the above listed people, we want to acknowledge contributions from adalava, bdragon, luporl, and mikael, among others.

Key points:

Hardware status: Software status: Package status: The team would like to thank IBM for the loan of two POWER8 and one

POWER9 machines, and Oregon State University (OSU) for providing the hosting. As well, we would like to thank the clusteradm team for keeping the Tyan POWER8 machines online that are hosted at NYI.

Also, Piotr would like to thank the FreeBSD Foundation for funding his personal Talos, and Raptor (via its IntegriCloud subsidiary) for loaning a server on which talos.anongoth.pl runs.

FreeBSD/RISC-V Project Wiki Ruslan Bukin br@FreeBSD.org Mitchell Horne mhorne@FreeBSD.org John Baldwin jhb@FreeBSD.org Kristof Provost kp@FreeBSD.org Philip Paeps philip@FreeBSD.org

Contact: freebsd-riscv Mailing List Contact: IRC #freebsd-riscv channel on freenode

It has been a year since the RISC-V project's last status report. In that time, the RISC-V port has benefited from increased attention, and received improvements of all kinds.

The RISC-V project has brought in two new src committers. We'd like to welcome Jessica Clarke (jrtc27@), who is a member of CheriBSD, and Nick O'Brien (nick@) of Axiado to the team.

Some highlights from last year:

Last quarter, the default compiler and linker was switched to clang/lld. This

required a small number of integration changes on our side, but was mainly enabled by the upstream improvements to the RISC-V LLVM back-end. LLVM's RISC-V support became "official" with LLVM 9, and LLVM 10 has brought further improvements. The LLVM back-end is expected to continue to mature, as there are now many parties actively involved in its development. GCC remains supported as an external toolchain for RISC-V.

The CI job for HEAD has been updated to use the clang/lld toolchain, and a GCC job will be added in the future. The RISC-V disk image built in the CI system now contains the full base system and is available on the CI artifact server for further testing. The CI test job was updated to use OpenSBI in qemu. Work on running the FreeBSD test suite for RISC-V in the CI system is in progress.

Some progress has been made on supporting the ports framework on RISC-V, which was mostly untested until recently. First, emulators/qemu-user-static-devel received an update adding support for the RISC-V 64-bit ABI, allowing ports to be cross-compiled via poudiere(8). Second, improvements were made to the detection of the soft-float ABI, riscv64sf. Systems running either of the hard-float or soft-float ABIs can now compile and run ports natively. At the moment a small subset of ports can be built successfully, and in the coming months we will look to improve that to include a base set of crucial ports (e.g. python or perl).

The CheriBSD project saw an initial port to RISC-V this quarter. Preliminary support for the CHERI ISA has been added to the Spike and QEMU emulators, as well as the necessary changes on the CheriBSD side. Currently, the CheriBSD RISC-V kernel boots, and most statically compiled CHERI binaries run without issue.

Although real RISC-V hardware is still scarce, any users with an interest trying out or contributing to the RISC-V port are encouraged to do so. Please visit the recently updated wiki page for information on getting set up, or check out "Getting Started with FreeBSD/RISC-V" in the January/February edition of The FreeBSD Journal.

Sponsor: DARPA, AFRL, Axiado, the FreeBSD Foundation

GCC 4.2.1 Retirement Ed Maste emaste@freebsd.org Warner Losh imp@freebsd.org

In 2007 the GNU Compiler Collection (GCC) migrated to GPLv3, which prompted discussions about the future of the FreeBSD tool chain. We held a Tool Chain Summit at BSDCan 2010. Roman Divacky gave an update on the ClangBSD project, building FreeBSD using the new and rapidly improving Clang compiler.

Since that time Clang was imported into the FreeBSD base system and was used more and more widely - first being installed but not the default cc, then used by default on i386 and amd64, and later used on more and more targets. In the years since Dimitry Andric has been keeping our copy of Clang up-to-date.

GCC 4.2.1 was kept in the tree for a few FreeBSD targets that hadn't migrated to Clang, such as MIPS and Sparc64. By early this year all remaning targets had migrated to external toolchain (contemporary GCC from ports or packages), or had been deprecated.

With no in-tree consumers remaining, GCC 4.2.1 was removed from FreeBSD in r358454 on February 29, 2020.

Sponsor: The FreeBSD Foundation

elfctl utility Ed Maste emaste@freebsd.org

In r340076 Ed added the NT_FREEBSD_FEATURE_CTL ELF note, used to allow binaries to opt out of, or in to, vulnerability mitigation and other features. FreeBSD Foundation intern Bora Özarslan later added a tool to decode and modify the ELF note, but it had yet to be installed by default.

In the previous quarter Ed renamed the tool to elfctl, and installed it in /usr/bin. Ed also committed a number of minor bug fixes, code style improvements, etc.

Usage examples - list known feature flags: 


 $ elfctl -l
 Known features are:
 aslr            Disable ASLR
 protmax         Disable implicit PROT_MAX
 stackgap        Disable stack gap
 wxneeded        Requires W+X mappings

List feature tags set on a binary: 


 $ elfctl /bin/ls
 File '/bin/ls' features:
 aslr            'Disable ASLR' is unset.
 protmax         'Disable implicit PROT_MAX' is unset.
 stackgap        'Disable stack gap' is unset.
 wxneeded        'Requires W+X mappings' is unset.

Indicate that a binary requests to opt-out of address randomization: 


 $ elfctl -e +aslr binary

Sponsor: The FreeBSD Foundation

ELF Tool Chain Ed Maste emaste@freebsd.org

A number of performance and functional improvements were committed to ELF Tool Chain tools over the last quarter.

FreeBSD Foundation intern Tiger Gao added DWARF Debug Information Entry (DIE) caching to addr2line which provided a substantial improvement when translating many entries (even surpassing GNU addr2line with a large list).

Tiger also rebased and updated an upstream ELF Tool Chain submission to handle DW_AT_ranges and addressed two elfcopy/objcopy bugs: setting the OS/ABI field correctly when converting a binary file to ELF, and correctly adding new sections when there is no .shstrtab section.

Ed committed several readelf improvements, including decoding the PROTMAX_DISABLE, STKGAP_DISABLE, and WXNEEDED ELF feature control flags, decoding Xen and GNU Build-ID ELF notes, and improved input validation.

Mark Johnston addressed many memory and file descriptor leaks and similar issues reported by Coverity Scan.

Sponsor: The FreeBSD Foundation

FreeBSD Translations on Weblate Translate FreeBSD on Weblate wiki FreeBSD Weblate Instance Danilo G. Baio dbaio@FreeBSD.org Edson Brandi ebrandi@FreeBSD.org

As announced on January, The FreeBSD Project is adopting Weblate as its web-based continuous localization platform.

We are getting new volunteers to the effort and so far these are the numbers:

Q1 2020 Status

Languages

1 - Already had an effort in the past.

We want to thank everyone that contributed, translating or reviewing documents.

And please, help promote this effort on your local user group, we always need more volunteers.

FreeBSD Manpages overhaul Gordon Bergling gbergling@gmail.com

I am currently working on an overhaul for the FreeBSD manpages by updating the HISTORY and STANDARDS sections and while here creating new manpages for parts of the system that missing documentation. FreeBSD has already one of the best documentation available for an UNIX-like operation system, but there are parts that could be improved.

For the parts that have been already improved you can have a look at my Phabricator account.

If you would like to help on improving the documentation effort, please contact Benedict Reuschling bcr@freebsd.org or me at gbergling@gmail.com.

KDE on FreeBSD KDE FreeBSD KDE Community FreeBSD Adriaan de Groot kde@FreeBSD.org

The KDE on FreeBSD project packages the software produced by the KDE Community for FreeBSD. The software includes a full desktop environment KDE Plasma, the art application Krita, video editor Kdenlive and hundreds of other applications that can be used on any FreeBSD desktop machine.

The quarter opened with a new kstars (amateur astronomy application) release landing in ports, and then had the usual regular updates:

There were no substantial Qt updates but four bugfix releases for

devel/cmake, and regular work all over the ports tree.

The SDDM login manager was updated to a much newer -- by over a year -- release and patched to support more FreeBSD features.

One update to devel/qca dropped compatibility with FreeBSD 11 because upstream no longer supports older OpenSSL versions. There is infrastructure in the ports tree now that adds a USES=qca for Qt applications needing crypto support.

The open bugs list remains stable around 28 open issues, with some interesting xkb issues as a highlight. We welcome detailed bug reports and patches. KDE packaging updates are prepared in a copy of the ports repository on GitHub and then merged in SVN. We welcome pull requests there as well.

XFCE Guido Falsi xfce@FreeBSD.org

After the XFCE update to 4.14 a regression was observed in the XFCE window manager xfwm4. It caused window decorations to be drawn wrong or missing with certain graphic hardware setups. It has been reported that the recent update to Xorg server in the ports tree fixes this issue. The updated Xorg server will be available in the next qurterly branch.

Wine on FreeBSD Wine homepage Gerald Pfeifer gerald@FreeBSD.org Lorenzo Salvadore salvadore@FreeBSD.org

The standard Wine port has moved from Wine 4.0.3 to Wine 5.0 which represents over 7,400 individual changes including built-in modules in PE format, multi-monitor support, Vulkan 1.1 support, and an XAudio2 re-implementation.

After our request for help in the last quarterly report the i386 wine ports have been adopted by salvadore who immediately started resolving existing bugs and improving the ports. Most of this work is ready and we began committing first pieces in March. Since it takes more time than initially expected, we will also update the i386-wine-devel port during this process so that users needing a more recent version can easily get it from the ports tree (or binary packages). On the other hand, we plan on backporting these improvements to i386-wine after i386-wine-devel is done and only then update that port, so that we always guarantee a stable version of i386-wine.

Go on freebsd/arm64 Go 1.14 Release Notes Mikaël Urankar mikael@FreeBSD.org Dmitri Goutnik dmgk@FreeBSD.org

Starting from the recently released version 1.14, Go now officially supports 64-bit ARM architecture on FreeBSD 12.0 or later. This porting effort was initially started by Greg V (aka myfreeweb) and resumed by Shigeru Yamamoto, Dmitri Goutnik and Mikaël Urankar. Dmitry has set up a CI builder to catch regression on FreeBSD aarch64 (it's required by the golang policy for adding a new port to the main Go repository)

Work in progress:

sysctlmibinfo2 API sysctlmibinfo2 Alfonso Sabato Siciliano alfonso.siciliano@email.com

In the previous third and fouth quarterly status reports 2019, the sysctlinfo interface and an extension to improve the sysctlbyname() syscall were described, they can access to the sysctl MIB and pass the properties of an object to the userland, but both are quite low level and kernel related.

The sysctlmibinfo2 library provides an API to explore the sysctl MIB, to convert an object name in its corresponding Object Identifier and to find an object to get its properties, therefore it is useful to handle an object correctly and to build a sysctl-like utility.

Primarily sysctlmibinfo2 wraps the low level interface to provide an easy API, some example: sysctlmif_desc() retrieves the description of an object, sysctlmif_kind() gets the type (string, integer, etc) and sysctlmif_fmt() specifies the format (an integer could represent a deciKelvin, milliKelvin, etc), then it is possible to print properly an object value.

Moreover sysctlmibinfo2 provides a high level API: a struct sysctlmif_object definition and functions to build data structures of objects. Example, let's say we want to manage the sound system, sysctlmif_grouplistbyname("hw.snd") returns the list of the Sound Driver objects and sysctlmif_treebyname("dev.pcm") returns a tree where "dev.pcm" is the root node and each subtree represents an audio device.

Obviously sysctlmibinfo2 benefits of the features of sysctlinfo: handles OIDs up to CTL_MAXNAME levels, supports capability mode, can seek an object by its name (avoiding to explore the MIB just to find the corresponding OID), gets all info about an object in a time, manages a name with a NULL level or expanded with an input for the sysctl handler.

The library can be installed via the devel/libsysctlmibinfo2 port, a manual page and examples in the Public Domain are available for getting started your projects.

pot and the nomad pot driver pot project pot on github Nomad pot driver minipot Luca Pizzamiglio pizzamig@FreeBSD.org Esteban Barrios esteban.barrios@trivago.com

An initial effort to write proper documentation and guides for the pot project has started. The documentation, even if incomplete, is available at here. A F.A.Q. page is available and waiting for users to submit their questions.

During the last quarter, some bugs were reported on pot and on the nomad-pot-driver. Both projects released a new bug fix version. Many thanks to 'grembo' and 'Crest' that reported issues, tested and tried our solutions. Thanks also to Mateusz (0mp) for his Pull Requests!

pot will have a new release soon (0.11.0), focused on network:

Contributions are welcome! Label "good first issue" has been added to issues to invite newcomers to contribute to the project! NomadBSD NomadBSD Website NomadBSD Github NomadBSD Forum NomadBSD Team info@NomadBSD.org

NomadBSD is a persistent live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or testing FreeBSD's hardware compatibility.

In March we released a new minor version 1.3.1 which improves the configuration of the network interfaces, fixed some bugs and added nomadbsd-chusr and nomadbsd-sysinfo. Further some new features found their way into the release.

Some days later the channel explainingcomputers on YouTube released a review video of NomadBSD. The explainingcomputers has almost 600,000 followers and the review was positive so we saw the highest peak in downloads ever! Along with it came a lot of people looking for help on our mailing list and on Twitter so we decided to set up a new support forum.

We are looking for people to help the project. Help is much appreciated in all areas:

Open tasks: team &os; Team Reports

Entries from the various official and semi-official teams, as found in the Administration Page.

 proj Projects

Projects that span multiple categories, from the kernel and userspace to the Ports Collection or external projects.

 kern Kernel

Updates to kernel subsystems/features, driver support, filesystems, and more.

 arch Architectures

Updating platform-specific features and bringing in support for new hardware platforms.

. bin Userland Programs

Changes affecting the base system and programs in it.

 ports Ports

Changes affecting the Ports Collection, whether sweeping changes that touch most of the tree, or individual ports themselves.

 doc Documentation

Noteworthy changes in the documentation tree, in manpages, or in external books/documents.

 third Third-Party Projects

Many projects build upon &os; or incorporate components of &os; into their project. As these projects may be of interest to the broader &os; community, we sometimes include brief updates submitted by these projects in our quarterly report. The &os; project makes no representation as to the accuracy or veracity of any claims in these submissions.