ProHoster > Blog > internet news > FreeBSD Development Report Q2019 XNUMX

FreeBSD Development Report Q2019 XNUMX

Published report on the development of the FreeBSD project from April to June 2019. Changes include:

  • General and system questions
    • The Core team decided to establish a working group to explore the possibility of translating source codes from the centralized source code management system Subversion to the decentralized Git system.
    • Fuzzing tested the FreeBSD kernel using the system syzkaller and corrected a number of identified errors. Added layer for fuzzing testing of libraries for compatibility with 32-bit environment on systems with 64-bit kernel. Implemented the ability to run syzkaller in virtual machines based on bhyve. At the next stage, it is planned to expand the coverage of system calls testing, use LLVM sanitizer to check the kernel, use netdump to save core dumps during crashes during fuzzing testing, etc.
    • Work has begun on updating the zlib implementation at the kernel level. For kernel access to zlib code, the contrib/zlib directory has been renamed to sys/contrib/zlib, and the crc.h header file has also been renamed to avoid conflict with zlib/crc.h. Cleaned up obsolete code dependent on zlib and inflate. Further, it is planned to provide the ability to build the kernel simultaneously with the old and new zlib for a gradual transition to the new version of the functions that use compression;
    • Updated Linux environment emulation infrastructure (Linuxulator). Extended support for Linux debugging tools such as the strace utility. The linux-c7-strace package has been added to the ports, which can be used to trace Linux executable files instead of the standard utilities truss and ktrace, which cannot yet decode some Linux-specific flags and structures. Also added the linux-ltp package with Linux Test Project executables and resolved compatibility issues with executables linked against new versions of glibc;
    • Implementation of operations of delayed cleaning of bindings to physical pages of memory (delayed invalidation) in the pmap mechanism was transferred to the use of a queue processing algorithm that works without blocking, which made it possible to solve problems with scalability when performing a large number of parallel unmap operations;
    • The vnode blocking mechanism has been changed during the execution of system calls of the execve() family, which made it possible to increase the efficiency of work when execve() is executed simultaneously for the same file (for example, when performing assembly operations with parallelization of the compiler launch);
  • Security
    • The bhyve hypervisor continues to improve support for live migration of guest environments from one host to another and the Save / Restore functionality, which allows you to freeze the guest system with saving state to a file, and then resume execution.
    • Through the use of the libvdsk library, bhyve has added support for disk images in the QCOW2 format. Requires installation to work
      specially modified version of bhyve that has been translated to use libvdsk-based file operation handlers. During the reporting period, libvdsk also carried out work to simplify the integration of support for new formats, improved read and write performance, added support for Copy-On-Write. Of the remaining tasks, the integration of libvdsk into the main composition of bhyve is noted;

    • A system for collecting information about traffic has been added to the ports
      Maltrail, which allows you to create traps for malicious network requests (IPs and domains from black lists are checked) and send information about detected activity to a centralized server for subsequent blocking or analysis of attack attempts;

    • Platforms added to ports to detect attacks, analyze logs and track file integrity Wazuh (a fork of Ossec with support for integration with ELK Stack);
  • Network subsystem
    • The ena driver has been updated to support the second generation of ENAv2 (Elastic Network Adapter) network adapters used in the Elastic Compute Cloud (EC2) infrastructure to organize communication between EC2 nodes at speeds up to 25 Gb/s. Added NETMAP support to the ena driver.
    • FreeBSD HEAD has adopted a new MMC/SD stack based on the CAM framework that allows you to connect SDIO (Secure Digital I/O) devices. For example, SDIO is used in WiFi and Bluetooth modules for many boards, such as the Raspberry Pi 3. The new stack also allows the CAM interface to be used to send SD commands from user-space applications, making it possible to create user-level device drivers. Work has begun on creating drivers for Broadcom wireless chips operating in FullMAC mode (on the side of the chip, a similarity of its own operating system is performed with implementations of its 802.11 wireless stack);
    • Work is underway to implement NFSv4.2 (RFC-7862) for FreeBSD. The new version of NFS adds support for the posix_fadvise, posix_fallocate functions, SEEKHOLE/SEEKDATA modes in lseek, local copying of file parts on the server (without transfer to the client).

      FreeBSD currently has basic support for the LayoutError, IOAdvise, Allocate, and Copy operations. It remains to implement the Seek operation needed to use lseek(SEEKHOLE/SEEKDATA) with NFS. Support for NFSv4.2 is planned for FreeBSD 13;

  • Storage and file systems
    • Nearing completion is a project to redesign the FUSE (File system in USErspace) subsystem driver, which allows creating implementations of file systems in user space. The initially supplied driver is outdated and contains many bugs. As part of the driver modernization project, we implemented support for the FUSE 7.23 protocol (previously supported version 7.8, released 11 years ago), added code for checking permissions on the kernel side ("-o default_permissions"), added calls to VOP_MKNOD, VOP_BMAP and VOP_ADVLOCK, provided the ability to interrupt FUSE operations, added support for unnamed pipes and unix sockets in fusefs, added the ability to use kqueue for /dev/fuse, allowed updating mount options via "mount -u", added support for exporting fusefs via NFS, implemented RLIMIT_FSIZE accounting, added FOPEN_KEEP_CACHE flags and FUSE_ASYNC_READ, made significant performance optimizations and improved caching organization;
    • Support for the BIO_DELETE operation has been added to the swap pager code, which allows you to use the TRIM command in the process of deleting blocks from SSDs to increase their life.
  • Hardware Support
    • Work continued on implementing support for the ARM64 SoC Broadcom BCM5871X with ARMv8 Cortex-A57 processors aimed at use in routers, gateways, and NAS. During the reporting period, support for internal and external iProc PCIe buses was improved, support for BNXT Ethernet was added, and work is underway to use the built-in crypto engine to speed up IPsec. Integration of the code into the HEAD branch is expected in the second half of the year;
    • Work has begun on support for the NXP LS64A 1046-bit SoC based on an ARMv8 Cortex-A72 processor with an integrated network packet acceleration engine, 10 Gb Ethernet, PCIe 3.0, SATA 3.0 and USB 3.0. Support for the base platform (multi-user SMP) and SATA 3.0 has already been implemented. Support for USB 3.0, SD/MMC and I2C is under development. There are plans to support Ethernet, GPIO and QSPI. Completion and inclusion in the HEAD branch is expected in Q4 2019.
    • Updated mlx5en and mlx5ib drivers for Mellanox ConnectX-4 [Lx], ConnectX-5 [Ex], and ConnectX-6 [Dx] Ethernet and InfiniBand adapters. Added support for Mellanox Socket Direct (ConnectX-6) adapters, allowing for up to 200Gb/s throughput on PCIe Gen 3.0 bus. Added RShim driver support for multi-core "BlueField" chips. The mstflint package with a set of diagnostic utilities for Mellanox adapters has been added to the ports;
  • Applications and ports system
    • Updated graphics stack components. The drm.ko driver (Direct Rendering Manager) has been ported from the Linux 5.0 kernel. This driver is considered experimental and added to the ports tree as graphics/drm-devel-kmod. Since the driver uses an updated Linux KPI framework to be compatible with the Linux kernel DRM API, FreeBSD CURRENT is required to work. The vboxvideo.ko drm driver for the VirtualBox virtual GPU has also been ported from Linux. The Mesa package has been updated to release 18.3.2 to use LLVM from the devel/llvm80 port instead of devel/llvm60.
    • The FreeBSD ports tree has crossed the milestone of 37000 ports, the number of open PRs remains at 2146. During the reporting period, 7837 changes were made from 172 developers. Three new contributors received committer rights. Significant version updates in ports include: MySQL 5.7, Python 3.6, Ruby 2.5, Samba 4.8, Julia 1.0, Firefox 68.0, Chromium 75.0.3770.100. All Go ports have been translated to use the "USES=go" flag. Added "USES=cabal" flag to the Cabal package manager used for Haskell code. Strict stack protection mode is enabled. The default version of Python is 3.6 instead of 2.7.
    • Utility release prepared nsysctl 1.0, which offers an analogue of /sbin/sysctl using libxo for output and providing an extended set of options. Nsysctl can be used to visually monitor the state of sysctl values ​​and present information about objects in a structured way. Output in XML, JSON and HTML formats is possible;

Source: opennet.ru

Add a comment