Parent Directory
| 
Revision Log
| Links to HEAD: | (view) (download) (annotate) |
| Sticky Revision: |
/etc/services: attempt to bring the database to this century 2/2. This is the final half of splitting r358153 in two, in order to avoid a build system bugs and being able to merge an earlier change to previous releases. Add a note to UPDATING to avoid people building from very old systems from having issues with mergemaster MFC after: 3 days (only 12-stable) Differential Revision: https://reviews.freebsd.org/D23621
Retire obsolete GDB 6.1.1 GDB 6.1.1 was released in June 2004 and is long obsolete. It does not support all of the architectures that FreeBSD does, and imposes limitations on the FreeBSD kernel build, such as the continued use of DWARF2 debugging information. It was kept (in /usr/libexec/) only for use by crashinfo(8), which extracts some basic information from a kernel core dump after a crash. Crashinfo already prefers gdb from port/package if installed. Future work may add kernel debug support to LLDB or find another path for crashinfo's needs, but in any case we do not want to ship the excessively outdated GDB in FreeBSD 13. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D27610
Merge ping6 to ping There is now a single ping binary, which chooses to use ICMP or ICMPv4 based on the -4 and -6 options, and the format of the address. Submitted by: Ján Sučan <sucanjan@gmail.com> Sponsored by: Google LLC (Google Summer of Code 2019) MFC after: Never Differential Revision: https://reviews.freebsd.org/D21377
Switch net.add_addr_allfibs default to 0. The goal of the fib support is to provide multiple independent routing tables, isolated from each other. net.add_addr_allfibs default tries to shift gears in the opposite direction, unconditionally inserting all addresses to all of the fibs. There are use cases when this is necessary, however this is not a default expected behaviour, especially compared to other implementations. Provide WARNING message for the setups with multiple fibs to notify potential users of the feature. Differential Revision: https://reviews.freebsd.org/D26076
Also mention PORTS_MODULES PORTS_MODULES is also an effective way to update the tree. Also a minor rejustify on this an an adjacent paragraph. Suggested by: David Wolfskill
Be explicit about recompiling all the modules... Add a note about always recompiling all modules on every new kernel change / update. In addition, suggest using /usr/local/sys/modules so this happens automatically.
Fix year in 2 most recent entries (2010 -> 2020) Reported by: mack@macktronics.com (Dan Mack)
Mention the more strict consistency checks performed by calendar(), which can make the program abort with an error message on previously accepted but malformed input files.
Attempt to defuse a land mine before anyone else steps on it: The freebsd-boot partition is not always the first one. Following the instructions in UPDATING resulted in my overwriting the efiboot0 partition on my laptop with ZFS boot blocks, which had negative effects on the system's bootability. Reviewed by: allanjude Differential Revision: https://reviews.freebsd.org/D27002
calendar: remove all datafiles except freebsd one Move all the data files for the calendar(1) program, except calendar.freebsd to the calendar-data package. When a file can't be found, and /usr/local/share/calendar doesn't exist provide a helpful hint to install this package. Reviewed by: se@ Differential Revision: https://reviews.freebsd.org/D26926
Correct the primary to find(1) Sponsored by: The FreeBSD Foundation
Create in-tree LINT files Now that config(8) has supported include for 19 years, transition to including the NOTES files. include support didn't exist at the time, nor did the envvar stuff recently added. Now that it does, eliminate the building of LINT files by just including everything you need. Note: This may cause conflicts with updating in some cases. find sys -name LINT\* -rm is suggested across this commit to remove the generated LINT files. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D26540
fix typo imorted -> imported. Noticed by: Maigurs Stalidzans
Turn MALLOC_PRODUCTION into a regular src.conf(5) option For historical reasons, defining MALLOC_PRODUCTION in /etc/make.conf has been used to turn off potentially expensive debug checks and statistics gathering in the implementation of malloc(3). It seems more consistent to turn this into a regular src.conf(5) option, e.g. WITH_MALLOC_PRODUCTION / WITHOUT_MALLOC_PRODUCTION. This can then be toggled similar to any other source build option, and turned on or off by default for e.g. stable branches. Reviewed by: imp, #manpages MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D26337
Correct and expand on OpenZFS cache file and auto import Reported by: avg Sponsored by: iXsystems, Inc.
Add note about needing to manually import the zfs pools or update /etc/rc.d due to the cache file moving to /etc.
Add note about NO_CLEAN build. NO_CLEAN doesn't quite work for some scenarios when rebuilding older kernels, but the kernels build w/o NO_CLEAN.
Each entry in UPDATING needs a date It's rare for there to be two updating entries on the same day (once a decade or so), but we have that here. Add the date to the second one since devd and zfs are unrelated.
Give stronger guidance with regards to upgrading root pools
Mention OpenZFS merge in UPDATING
Document the kern -> kernel name change for resume events. MFC After: 3 days
Add an entry for r364475.
Add an entry to UPDATING for r364330.
Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp release/11.x llvmorg-11.0.0-rc1-47-gff47911ddfc. MFC after: 6 weeks
Add an UPDATING entry for r364092, since it did a version bump.
The practice of creating symbolic links is somewhat fragile. Always make copies instead. There's too many times that we can't run the new binaries with old libraries. Making the links when things are known to be 'safe' is a nice optimization, but a copy of all the binaries is only 30MB, so saving the copies at the cost of increased support when new symbols are added and used as part of the bootstrap seems to be unwise. There may be additional optimizations possible here, especially for !FreeBSD hosts. However, that's beyond the scope of the problem I'm trying to fix with make failing mid-way through an installworld across change r363679. This optimization there caused us to run a new binary with an old library once a new make was installed due to the symbolic link. One could just copy make, but then other binaries fail as well, so rather than play whack-a-mole, I opted to take us back to the old way. Before r340157 or so we did copies (thogh of a lot fewer artifacts), and we didn't have issues like this. Reviewed by: arichards@ Differential Revision: https://reviews.freebsd.org/D25967
UPDATING: Add a note about running installworld twice Some folks seem to be hitting issues with build orchestration; presumably some of our .WAIT-removal optimizations are going awry, and they're ending up with applications linked against new libc being installed before the new libc. Letting installworld complete the first time should ensure that the new libc is installed by the end of it, then the second installworld will ensure consistency as everything should succeed.
UPDATING / RELNOTES: Document new regcomp(3) behavior This is a breaking change that had a not-insignificant impact in ports, it is worth documenting it well.
Add a note regarding the introduction of the new bc and dc implementations that are built by default on -CURRENT after 2020-06-26.
Add an entry for r362639.
Add an entry to UPDATING for r362158.
RELNOTES and UPDATING: Document the new policy on read(2) of dirfd These changes have been completely flushed as of r361799; note it.
Add an UPDATING entry for r360964 Reported by: rpokala Sponsored by: Dell EMC Isilon
Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp llvmorg-10.0.1-rc1-0-gf79cd71e145 (aka 10.0.1 rc1). MFC after: 3 weeks
UPDATING: Fix the date of the closefrom(2) entry Apologies; my internal calendar says it's still February, but that doesn't seem to match reality where we've apparently advanced two months.
UPDATING: add a note about closefrom(2) marked COMPAT12 Some of the consumers in-base may make it enticing enough to ensure that COMPAT_FREEBSD12, which is notably a fairly light option at the moment, is included in custom kernel configs. Suggested by: netchild Casualty: mail jail
allwinner: aw_thermal: Cope with DTS changes The upstream DTS now include the thermal device node and the SID calibration entry. Update our driver to cope with this change and remove the DTB overlays that aren't needed anymore. MFC after: 2 months X-MFC-With: r359934
Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp 10.0.0-rc3 c290cb61fdc. Release notes for llvm, clang, lld and libc++ 10.0.0 will become available here: https://releases.llvm.org/10.0.0/docs/ReleaseNotes.html https://releases.llvm.org/10.0.0/tools/clang/docs/ReleaseNotes.html https://releases.llvm.org/10.0.0/tools/lld/docs/ReleaseNotes.html https://releases.llvm.org/10.0.0/projects/libcxx/docs/ReleaseNotes.html PR: 244251 MFC after: 6 weeks
retire amd(8) autofs was introduced with FreeBSD 10.1 and is the supported method for automounting filesystems. As of r296194 the amd man page claimed that it is deprecated. Remove it from base now; the sysutils/am-utils port is still available if necessary. Discussed with: cy Relnotes: Yes Sponsored by: The FreeBSD Foundation
Remove bktr(4) Remove the brooktree driver as discussed on arch@. Bump FreeBSD version to 1300082, though I doubt anything will care. Relnote: yes
retire in-tree GPL dtc devicetree compiler Now that we no longer have GCC 4.2.1 in the tree and can assume FreeBSD is being built with a C++11 compiler available, we can use BSDL dtc unconditionally and retire the GPL dtc. GPL dtc now has FreeBSD CI support via Cirrus-CI to help ensure it continues to build/work on FreeBSD and is available in the ports tree if needed. The copy of (copyfree licensed) libfdt that we actually use is in sys/contrib/libfdt so the extra copy under contrib/dtc/libfdt can be removed along with the rest of the GPL dtc. Reviewed by: kevans, ian, imp, manu, theraven Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D23192
retire the LLVM_LIBUNWIND option LLVM's libunwind is used on all FreeBSD-supported CPU architectures and is a required component. Reviewed by: brooks (earlier) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D23123
remove GCC 4.2.1 build infrastructure As described in Warner's email message[1] to the FreeBSD-arch mailing list we have reached GCC 4.2.1's retirement date. At this time all supported architectures either use in-tree Clang, or rely on external toolchain (i.e., a contemporary GCC version from ports). GCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later that year, in r171825. GCC has served us well, but version 4.2.1 is obsolete and not used by default on any architecture in FreeBSD. It does not support modern C and does not support arm64 or RISC-V. Thanks to everyone responsible for maintaining, updating, and testing GCC in the FreeBSD base system over the years. So long, and thanks for all the fish. [1] https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019823.html PR: 228919 Reviewed by: brooks, imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D23124
ncurses: set the proper version in the updating message Reported by: @jlduran (github)
Update the UPDATING information now that ncurses shlib has been bumped
Add a note about some fallouts due to the ncurses update
remove old perl entries from ObsoleteFiles.inc Each entry in ObsoleteFiles.inc adds to the time `make delete-old` and friends take to run. Perl was removed from the FreeBSD base system a very long time ago (FreeBSD 5); source updates have not been supported from that version for years. Perl was a single component responsible for thousands of entries so provides significant benefit with little effort/investigation required. We could still use a more comprehensive cleanup to remove old entries. Also add an UPDATING note (with wordsmithing by imp) indicating that `make delete-old` is required along each step of a source upgrade from an old, unsupported release. Discussed with: imp Sponsored by: The FreeBSD Foundation
Partially revert VNET change and expand VNET structure. Revert parts of r353274 replacing vnet_state with a shutdown flag. Not having the state flag for the current SI_SUB_* makes it harder to debug kernel or module panics related to VNET bringup or teardown. Not having the state also does not allow us to check for other dependency levels between components, e.g. for moving interfaces. Expand the VNET structure with the new boolean flag indicating that we are doing a shutdown of a given vnet and update the vnet magic cookie for the change. Update libkvm to compile with a bool in the kernel struct. Bump __FreeBSD_version for (external) module builds to more easily detect the change. Reviewed by: hselasky MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D23097
Make the warning for deprecated NO_ variables an error. Support for NO_CTF, NO_DEBUG_FILES, NO_INSTALLLIB, NO_MAN, NO_PROFILE, and NO_WARNS as deprecated in 2014 with a warning added for each one found. Turn these into error in preperation for removal of compatability support before FreeBSD 13. This was previously committed in r354909 and reverted in r355011 due to unforseen impacts on ports. I've since corrected all amd64 and i386 ports reported in prior runs as well as instance of these variables I found via grep.
Add notes for MAKE_OBSOLETE_GCC going away and riscv switching to clang/lld.
Do not build GCC 4.2.1 by default for any CPU architecture By default set to NO: GCC GCC_BOOTSTRAP GNUCXX As described by imp@ on the freebsd-arch mailing list Aug 13, 2019 with Subject: Gcc 4.2.1 to be removed before FreeBSD 13, a firm timeline https://lists.freebsd.org/pipermail/freebsd-arch/2019-August/019674.html Reviewed by: jhb, imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D23026
Remove arm/arm as a valid target. TARGET=arm now defaults to TARGET_ARCH=armv7 TARGET_ARCH=arm is no longer valid. Bump __FreeBSD_version to 1300073 Tested with make universe. Any stale LINT-V5 config files remaining in the tree will fail the universe build. However, LINT-V5 was removed in r355119. This retirement has been planned since last summer. The armv5 port is fragile: it works OK for some peeople, and fails badly for others. There's a number of subtle bugs in busdma, pmap and other MD parts of thee system that present themselves under load or in unusual circumstances (like fsck after a crash). stable/8, branched 10 years ago, was the last reliable release. Since the support burden is larger then the benefit, the consensus view is armv5 should be removed from the tree. Discussed with: arm@ mailing list and arm developer community.
Add a note to UPDATING on the move to clang for powerpc*
random(4): Simplify RANDOM_LOADABLE Simplify RANDOM_LOADABLE by removing the ability to unload a LOADABLE random(4) implementation. This allows one-time random module selection at boot, by loader(8). Swapping modules on the fly doesn't seem especially useful. This removes the need to hold a lock over the sleepable module calls read_random and read_random_uio. init/deinit have been pulled out of random_algorithm entirely. Algorithms can run their own sysinits to initialize; deinit is removed entirely, as algorithms can not be unloaded. Algorithms should initialize at SI_SUB_RANDOM:SI_ORDER_SECOND. In LOADABLE systems, algorithms install a pointer to their local random_algorithm context in p_random_alg_context at that time. Go ahead and const'ify random_algorithm objects; there is no need to mutate them at runtime. LOADABLE kernel NULL checks are removed from random_harvestq by ordering random_harvestq initialization at SI_SUB_RANDOM:SI_ORDER_THIRD, after algorithm init. Prior to random_harvestq init, hc_harvest_mask is zero and no events are forwarded to algorithms; after random_harvestq init, the relevant pointers will already have been installed. Remove the bulk of random_infra shim wrappers and instead expose the bare function pointers in sys/random.h. In LOADABLE systems, read_random(9) et al are just thin shim macros around invoking the associated function pointer. We do not provide a registration system but instead expect LOADABLE modules to register themselves at SI_SUB_RANDOM:SI_ORDER_SECOND. An example is provided in randomdev.c, as used in the random_fortuna.ko module. Approved by: csprng(markm) Discussed with: gordon Differential Revision: https://reviews.freebsd.org/D22512
Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp 9.0.1 final release c1a0a213378a458fbea1a5c77b315c7dce08fd05. Release notes for llvm, clang, lld and libc++ 9.0.1 will become available here: https://releases.llvm.org/9.0.1/docs/ReleaseNotes.html https://releases.llvm.org/9.0.1/tools/clang/docs/ReleaseNotes.html https://releases.llvm.org/9.0.1/tools/lld/docs/ReleaseNotes.html https://releases.llvm.org/9.0.1/projects/libcxx/docs/ReleaseNotes.html PR: 240629 MFC after: 1 month
UPDATING: remove outdated caution against make -j Reviewed by: imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D22836
Add an entry to UPDATING for r355677.
UPDATING: Add long-belated note about certs in base While the interaction between this and the ETCSYMLINK option of security/ca_root_nss isn't necessarily fatal, one should be aware and attempt to understand the ramifications of mixing the two. ports-secteam will be contacted to discuss the default option for branches where certs are being included in base.
Regularize my copyright notice o Remove All Rights Reserved from my notices o imp@FreeBSD.org everywhere o regularize punctiation, eliminate date ranges o Make sure that it's clear that I don't claim All Rights reserved by listing All Rights Reserved on same line as other copyright holders (but not me). Other such holders are also listed last where it's clear.
Revert r354909: Make the warning for deprecated NO_ variables an error. An unexpectidly large number of ports define NO_MAN (and sometimes the long-dead NOMAN). I'll fix ports and then re-commit.
Fix typo: deprected -> deprecated.
Make the warning for deprecated NO_ variables an error. Support for NO_CTF, NO_DEBUG_FILES, NO_INSTALLLIB, NO_MAN, NO_PROFILE, and NO_WARNS as deprecated in 2014 with a warning added for each one found. Turn these into error in preperation for removal of compatability support before FreeBSD 13. Reviewed by: imp Relnotes: yes Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D22448
disable amd(8) by default As of FreeBSD 10.1 the autofs(5) is available for automounting, and the amd man page has indicated that the in-tree copy of amd is obsolete. Disable it by default for now, with the expectation that it will be removed before FreeBSD 13.0. Reviewed by: kevans Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D22460
add a note about nctgpio and wbwd move to superio
Remove obsoleted KPIs that were used to access interface address lists.
tuntap(4): restrict scope of net.link.tap.user_open slightly net.link.tap.user_open has historically allowed non-root users to do devfs cloning and open /dev/tap* nodes based on permissions. Loosen this up to make it only allow users to do devfs cloning -- we no longer check it in tunopen. This allows tap devices to be created that can actually be opened by a user, rather than swiftly restricting them to root because the magic sysctl has not been set. The sysctl has not yet been completely deprecated, because more thought is needed for how to handle the devfs cloning case. There is not an easy suitable replacement for the sysctl there, and more care needs to be placed in determining whether that's OK or not. PR: 200185
Add UPDATING entry for universe changes Suggested by: emaste@
Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp 9.0.0 final release r372316. Release notes for llvm, clang, lld and libc++ 9.0.0 are available here: https://releases.llvm.org/9.0.0/docs/ReleaseNotes.html https://releases.llvm.org/9.0.0/tools/clang/docs/ReleaseNotes.html https://releases.llvm.org/9.0.0/tools/lld/docs/ReleaseNotes.html https://releases.llvm.org/9.0.0/projects/libcxx/docs/ReleaseNotes.html PR: 240629 MFC after: 1 month
Remove white-space at EOL.
Remove host binary object drivers from GENERIC Four drivers (hpt27xx, hptmv, hptnr, hptrr, hpt27xx) include precompiled binary objects; have users load them as modules if they are needed. Additional work (i.e., integrating devmatch) required before MFC. Reviewed by: markj Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D21865
Fix 20190507 UPDATING entry The rc mechanism for loading kernel modules is actually called 'kld_list', not 'kld_load' Reported by: yuripv
No longer mlock() ntpd pages by default in memory thus allowing its pages to page as necessary. To restore historic BSD behaviour add the following to ntp.conf: rlimit memlock 32 Discussed on: freebsd-current@ between Sept 6-9, 2019 Reported by: Users using ASLR with stack gap != 0 Reviewed by: ian, kib, rgrimes (all previous versions) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D21581
ping6: Rename options for better consistency with ping Now equivalent options have the same flags, and nonequivalent options have different flags. This is a prelude to merging the two commands. Submitted by: Ján Sučan <sucanjan@gmail.com> MFC: Never Sponsored by: Google LLC (Google Summer of Code 2019) Differential Revision: https://reviews.freebsd.org/D21345
fusefs: merge from projects/fuse2 This commit imports the new fusefs driver. It raises the protocol level from 7.8 to 7.23, fixes many bugs, adds a test suite for the driver, and adds many new features. New features include: * Optional kernel-side permissions checks (-o default_permissions) * Implement VOP_MKNOD, VOP_BMAP, and VOP_ADVLOCK * Allow interrupting FUSE operations * Support named pipes and unix-domain sockets in fusefs file systems * Forward UTIME_NOW during utimensat(2) to the daemon * kqueue support for /dev/fuse * Allow updating mounts with "mount -u" * Allow exporting fusefs file systems over NFS * Server-initiated invalidation of the name cache or data cache * Respect RLIMIT_FSIZE * Try to support servers as old as protocol 7.4 Performance enhancements include: * Implement FUSE's FOPEN_KEEP_CACHE and FUSE_ASYNC_READ flags * Cache file attributes * Cache lookup entries, both positive and negative * Server-selectable cache modes: writethrough, writeback, or uncached * Write clustering * Readahead * Use counter(9) for statistical reporting PR: 199934 216391 233783 234581 235773 235774 235775 PR: 236226 236231 236236 236291 236329 236381 236405 PR: 236327 236466 236472 236473 236474 236530 236557 PR: 236560 236844 237052 237181 237588 238565 Reviewed by: bcr (man pages) Reviewed by: cem, ngie, rpokala, glebius, kib, bde, emaste (post-commit review on project branch) MFC after: 3 weeks Relnotes: yes Sponsored by: The FreeBSD Foundation Pull Request: https://reviews.freebsd.org/D21110
Re-wrap the text at 80 columns after fixing the indent in the prior commit.
Fix indentation (spaces->tab). Reported by: garga@
Remove an old warning from UPDATING. The clang switchover happened long enough ago that we can garbage-collect this note. Reviewed by: emaste, imp Differential Revision: https://reviews.freebsd.org/D20978
Add an entry mentioning the permission/mode change to daily accounting files.
Fixup UPDATING text for r349253 Requested by: delphij
sys: Remove DEV_RANDOM device option Remove 'device random' from kernel configurations that reference it (most). Replace perhaps mistaken 'nodevice random' in two MIPS configs with 'options RANDOM_LOADABLE' instead. Document removal in UPDATING; update NOTES and random.4. Reviewed by: delphij, markm (previous version) Approved by: secteam(delphij) Differential Revision: https://reviews.freebsd.org/D19918
Upgrade our copies of clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp to the upstream release_80 branch r363030 (effectively, 8.0.1 rc2). The 8.0.1 release should follow this within a week or so. MFC after: 2 weeks
Fix dpcpu and vnet panics with complex types at the end of the section. Apply a linker script when linking i386 kernel modules to apply padding to a set_pcpu or set_vnet section. The padding value is kind-of random and is used to catch modules not compiled with the linker-script, so possibly still having problems leading to kernel panics. This is needed as the code generated on certain architectures for non-simple-types, e.g., an array can generate an absolute relocation on the edge (just outside) the section and thus will not be properly relocated. Adding the padding to the end of the section will ensure that even absolute relocations of complex types will be inside the section, if they are the last object in there and hence relocation will work properly and avoid panics such as observed with carp.ko or ipsec.ko. There is a rather lengthy discussion of various options to apply in the mentioned PRs and their depends/blocks, and the review. There seems no best solution working across multiple toolchains and multiple version of them, so I took the liberty of taking one, as currently our users (and our CI system) are hitting this on just i386 and we need some solution. I wish we would have a proper fix rather than another "hack". Also backout r340009 which manually, temporarily fixed CARP before 12.0-R "by chance" after a lead-up of various other link-elf.c and related fixes. PR: 230857,238012 With suggestions from: arichardson (originally last year) Tested by: lwhsu Event: Waterloo Hackathon 2019 Reported by: lwhsu, olivier MFC after: 6 weeks Differential Revision: https://reviews.freebsd.org/D17512
Move back group, master.passwd and shells to etc directory Use the .PATH mechanism instead so keep installing them from lib/libc/gen While here revert 347961 and 347893 which are no longer needed Discussed with: manu Tested by: manu ok manu@
Add note to UPDATING for users of mergemaster after the move of master.passwd and group in r347638. Approved by: allanjude (mentor)
Revert r346292 (permit_nonrandom_stackcookies) We have a better, more comprehensive knob for this now: kern.random.initial_seeding.bypass_before_seeding=1. Requested by: delphij Sponsored by: Dell EMC Isilon
Add an UPDATING entry and bump __FreeBSD_version for r347532. Reported by: rgrimes, Oliver Pinter <oliver.pinter@hardenedbsd.org>
Correct a handful of typos.
Remove IPSEC from GENERIC due to performance issues Having IPSEC compiled into the kernel imposes a non-trivial performance penalty on multi-threaded workloads due to IPSEC refcounting. In my benchmarks of multi-threaded UDP transmit (connected sockets), I've seen a roughly 20% performance penalty when the IPSEC option is included in the kernel (16.8Mpps vs 13.8Mpps with 32 senders on a 14 core / 28 HTT Xeon 2697v3)). This is largely due to key_addref() incrementing and decrementing an atomic reference count on the default policy. This cause all CPUs to stall on the same cacheline, as it bounces between different CPUs. Given that relatively few users use ipsec, and that it can be loaded as a module, it seems reasonable to ask those users to load the ipsec module so as to avoid imposing this penalty on the GENERIC kernel. Its my hope that this will make FreeBSD look better in "out of the box" benchmark comparisons with other operating systems. Many thanks to ae for fixing auto-loading of ipsec.ko when ifconfig tries to configure ipsec, and to cy for volunteering to ensure the the racoon ports will load the ipsec.ko module Reviewed by: cem, cy, delphij, gnn, jhb, jpaetzel Differential Revision: https://reviews.freebsd.org/D20163
tun/tap: merge and rename to `tuntap` tun(4) and tap(4) share the same general management interface and have a lot in common. Bugs exist in tap(4) that have been fixed in tun(4), and vice-versa. Let's reduce the maintenance requirements by merging them together and using flags to differentiate between the three interface types (tun, tap, vmnet). This fixes a couple of tap(4)/vmnet(4) issues right out of the gate: - tap devices may no longer be destroyed while they're open [0] - VIMAGE issues already addressed in tun by kp [0] emaste had removed an easy-panic-button in r240938 due to devdrn blocking. A naive glance over this leads me to believe that this isn't quite complete -- destroy_devl will only block while executing d_* functions, but doesn't block the device from being destroyed while a process has it open. The latter is the intent of the condvar in tun, so this is "fixed" (for certain definitions of the word -- it wasn't really broken in tap, it just wasn't quite ideal). ifconfig(8) also grew the ability to map an interface name to a kld, so that `ifconfig {tun,tap}0` can continue to autoload the correct module, and `ifconfig vmnet0 create` will now autoload the correct module. This is a low overhead addition. (MFC commentary) This may get MFC'd if many bugs in tun(4)/tap(4) are discovered after this, and how critical they are. Changes after this are likely easily MFC'd without taking this merge, but the merge will be easier. I have no plans to do this MFC as of now. Reviewed by: bcr (manpages), tuexen (testing, syzkaller/packetdrill) Input also from: melifaro Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20044
random(4): Restore availability tradeoff prior to r346250 As discussed in that commit message, it is a dangerous default. But the safe default causes enough pain on a variety of platforms that for now, restore the prior default. Some of this is self-induced pain we should/could do better about; for example, programmatic CI systems and VM managers should introduce entropy from the host for individual VM instances. This is considered a future work item. On modern x86 and Power9 systems, this may be wholly unnecessary after D19928 lands (even in the non-ideal case where early /boot/entropy is unavailable), because they have fast hardware random sources available early in boot. But D19928 is not yet landed and we have a host of architectures which do not provide fast random sources. This change adds several tunables and diagnostic sysctls, documented thoroughly in UPDATING and sys/dev/random/random_infra.c. PR: 230875 (reopens) Reported by: adrian, jhb, imp, and probably others Reviewed by: delphij, imp (earlier version), markm (earlier version) Discussed with: adrian Approved by: secteam(delphij) Relnotes: yeah Security: related Differential Revision: https://reviews.freebsd.org/D19944
stack_protector: Add tunable to bypass random cookies This is a stopgap measure to unbreak installer/VM/embedded boot issues introduced (or at least exposed by) in r346250. Add the new tunable, "security.stack_protect.permit_nonrandom_cookies," in order to continue boot with insecure non-random stack cookies if the random device is unavailable. For now, enable it by default. This is NOT safe. It will be disabled by default in a future revision. There is follow-on work planned to use fast random sources (e.g., RDRAND on x86 and DARN on Power) to seed when the early entropy file cannot be provided, for whatever reason. Please see D19928. Some better hacks may be used to make the non-random __stack_chk_guard slightly less predictable (from delphij@ and mjg@); those suggestions are left for a future revision. I think it may also be plausible to move stack guard initialization far later in the boot process; potentially it could be moved all the way to just before userspace is started. Reported by: many Reviewed by: delphij, emaste, imp (all w/ caveat: this is a stopgap fix) Security: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19927
random(4): Add is_random_seeded(9) KPI The imagined use is for early boot consumers of random to be able to make decisions based on whether random is available yet or not. One such consumer seems to be __stack_chk_init(), which runs immediately after random is initialized. A follow-up patch will attempt to address that. Reported by: many Reviewed by: delphij (except man page) Approved by: secteam(delphij) Differential Revision: https://reviews.freebsd.org/D19926
Add an entry to UPDATING for r345895, which affects the use of nfsuserd daemons built from head sources between July 6, 2017 and Aug. 22, 2018.
Add UPDATING note for geom_uzip(4)/xz, and bump geom_uzip(4) man page date. Sponsored by: The FreeBSD Foundation MFC after: 3 days
Rename fuse(4) to fusefs(4) This makes it more consistent with other filesystems, which all end in "fs", and more consistent with its mount helper, which is already named "mount_fusefs". Reviewed by: cem, rgrimes MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D19649
Tweak wording a little. Submitted by: peterj@
Augment ino64 entry When updating across this change (the introduction of ino64), the "fast and loose" practice of rebooting to multiuser and then doing an installworld fails with missing symbols. Recommend strongly that users do this in single user mode. The multiuser case only ever works by accident because its requirements are stronger than is supported accross this change. It usually works because critical symbols don't change their version number in libc, which wasn't the case here.
Fix a number of entries (almost all mine) that were > 80 columns. When reading UPDATING from single user in vi, I noticed a few wrapped, so fix them to not wrap. expand -8 UPDATING | awk 'length > 80' made this easy to find all the offenders.
Misc fixes based on upgrading a laptop from 11.1R to -current Add note about needing to start zfs because mount -a doesn't do that. Add the word 'supported' before 'older branches' for older binaries. Add note about options in custom config files as well.
Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to the upstream release_80 branch r355313 (effectively, 8.0.0 rc3). The release will follow very soon, but no more functional changes are expected. Release notes for llvm, clang and lld 8.0.0 will soon be available here: <https://releases.llvm.org/8.0.0/docs/ReleaseNotes.html> <https://releases.llvm.org/8.0.0/tools/clang/docs/ReleaseNotes.html> <https://releases.llvm.org/8.0.0/tools/lld/docs/ReleaseNotes.html> PR: 236062 Relnotes: yes MFC after: 1 month
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
| ViewVC Help | |
| Powered by ViewVC 1.1.27 |