December 19, 2023
It’s the time of year again to reflect back on the Foundation-sponsored FreeBSD development work. We do this for one key reason. It’s essential to engage with the community – developers, users, or anyone who values FreeBSD. More engagement from a broader community simply makes us better. If you read through this piece and have suggestions, concerns, or any constructive feedback, please let us know. With motivations out of the way, let’s get to it. With over 15 contracted development projects begun or completed in 2023, we have a lot to tell you about!
As with past year-end reviews, let’s begin by reporting the broadest metric, commit data. From January 1 until mid-December, 1082 of the 7060 commits to the src repository identify the FreeBSD Foundation as a sponsor. That’s about 15% of the total src commits and about 34% of all sponsored commits, percentages that very closely match those from 2022.
Traditionally, nearly all of the Foundation-sponsored work that finds its way into FreeBSD ends up in the src tree. This year marked an exception, though, as we funded one dedicated ports project. While sponsored contributions constitute a modest portion of ports development, in 2023, approximately half of the sponsored ports commits originated from the Foundation.
Summary statistics provide a sweeping overview of the Foundation’s commitment to directly improving FreeBSD. To gain a comprehensive understanding, let’s explore the projects undertaken this year that advance us toward achieving the objectives outlined in our technology roadmap.
Improving the kinst DTrace provider
DTrace is a framework that gives administrators and kernel developers the ability to observe kernel behavior in real time. It includes kernel modules called “providers” that perform particular instrumentation in the kernel using “probes”. kinst is a new low-level DTrace provider co-authored by Christos Margiolis and Mark Johnston for FreeBSD. It allows the user to trace arbitrary instructions and is part of the base system as of FreeBSD 14.0. Christos completed a project in 2023 to implement a much-requested DTrace feature, inline function tracing. For inline tracing, kinst makes use of the DWARF debugging standard to be able to detect inline calls and create probes for each one of them. In the future, this functionality could be leveraged to address some of the shortcomings of FBT, such as the tail-call optimization problem and the absence of inline tracing capabilities. Christos also ported kinst to riscv and arm64. Those interested in Christos’s work can learn more from his EuroBSDCon 2023 talk.
RAID-Z expansion enables the gradual addition of disks to a RAID-Z group so storage capacity can be expanded incrementally. This functionality will be particularly valuable for smaller pools when it may be impractical to add enough disks to incorporate an entire new RAID-Z group at once. It’s been a long road since the Foundation first sponsored Matt Ahrens to begin this project, but 2023 marks a major milestone: the merging of the pull request to the main branch of the OpenZFS repository and from there into FreeBSD main. Matt recently shared his thoughts on the milestone.
“The OpenZFS community is grateful for the contributions of everyone who made RAIDZ for ZFS a reality. This feature is going to have a broad impact on many storage use cases due to its positive design implications, including compatibility with RAIDZ-1, RAIDZ-2, and RAIDZ-3 configurations. We are particularly grateful for the support of the FreeBSD Foundation and iXSystems in making this feature generally available.”
Snapshots on Filesystems Using Journaled Soft Updates
The UFS/FFS filesystem has long permitted snapshots, even when using softupdates. However, snapshots could not be taken on filesystems using journaled soft updates until this year when the Foundation sponsored Marshall Kirk McKusick to implement the feature. This project involved substantial modifications to the UFS/FFS soft updates and snapshot kernel code, as well as adjustments to the fsck_ffs utility. Two scenarios highlight the importance of UFS snapshots. First, they enable reliable dumps of live filesystem dumps, avoiding potentially prolonged periods of downtime. Second, they facilitate the execution of background fsck, akin to the need for ZFS scrubbing. Periodic fsck runs are essential for uncovering undetected disk failures, and snapshots allow fsck to operate on live filesystems without the need for scheduled downtime. You can read the 2022Q4 status report Kirk prepared around the project’s outset.
FreeBSD General Development
In September, Olivier Certner joined the FreeBSD Foundation as a general FreeBSD developer. Olivier has extensive expertise in concurrent, parallel, distributed, and asynchronous programming and brings valuable experience from various roles in the finance sector. During his relatively short time with the Foundation, Olivier has already made meaningful contributions to FreeBSD, including:
- reviewing, fixing, and hardening several security policies aimed at limiting process visibility, policies that are based on user identity, group membership, or sub-jail membership
- committing fixes in the login class code, including one that allowed unprivileged users to bypass resource limits
- implementing a secure hardware fix for the Zenbleed issue affecting AMD Zen2 processors.
The Foundation also maintains long-term contracts with four other developers: John Baldwin, Konstantin Belousov, Mitchell Horne, and Mark Johnston. Our contract with John is narrow in scope, focusing on fixing pressing security issues. For example, in 2023, John addressed bugs in netsmb (SMB protocol communicator), bhyve, and cd9660 (driver to access cd9660 file system). As of the time of writing, Konstantin committed 247 fixes and improvements to various parts of the src tree, including libcxx, bhyve, memory management, dtrace, and kqueue, to name a few. Mitchell continued to improve our support for RISC-V hardware but also contributed work to other parts of the tree, including pmc (performance monitoring counter), dtrace, and mac (mandatory access control). Mitchell also dedicated time to improving documentation, including overhauling manual pages and writing other kernel and developer documentation. Like the others, Mark contributed to many different parts of the src tree, such as vmm (bhyve virtual machine monitor), makefs (file system image generator), and netlink (kernel network configuration protocol). All four developers allocated significant time to reviewing work from fellow developers and contributors, and Mark mentored and acted as a technical monitor for other projects.
Improving Wireless Networking
Probably the most common request we hear from users is for better wireless networking on FreeBSD. They want support for the latest chipsets, faster speeds, and improved stability. While Foundation contractor Bjoern Zeeb has made significant improvements to the net80211 LinuxKPI and the drivers that use it, such as iwlwifi, one person on a limited, part-time contract is insufficient to make the timely improvements that FreeBSD users expect. As such, the FreeBSD Foundation contracted two new developers to focus solely on wireless improvements. En-Wei Wu, a 2022 Google Summer of Code Contributor, began an internship with the FreeBSD Foundation in early 2023. The main focus was to continue work to extend wtap(4), a net80211(4) Wi-Fi simulator, with added capabilities. As wtap(4) becomes a more general 802.11 simulator, it becomes increasingly more useful for net80211(4) development and debugging. In the fourth quarter of this year, the Foundation began contracting FreeBSD developer Cheng Cui to work full-time on wireless networking. A main goal for Cheng’s project is to integrate 802.11ac infrastructure required to support iwlwifi. Look for more wireless work from Bjoern and new work from Cheng to hit the tree in the coming months.
Porting the Vector Packet Processor to FreeBSD
Vector Packet Processing (VPP) is an open-source, high-performance user space networking stack that provides fast packet processing suitable for software-defined networking and network function virtualization applications. VPP aims to optimize packet processing through vectorized operations and parallelism, making it well-suited for high-speed networking applications. In November of this year, the Foundation began a contract with Tom Jones, a FreeBSD developer specializing in network performance, to port VPP to FreeBSD. Under the contract, Tom will also allocate time for other tasks such as testing FreeBSD on common virtualization platforms to improve the desktop experience, improving hardware support on arm64 platforms, and adding support for low power idle on Intel and arm64 hardware.
For the summer of 2023, Jake Freeland interned with the Foundation to work on Capsicum, FreeBSD’s sandbox framework. Capsicum was built to limit the capabilities given to applications and libraries. The internship involved working on different projects with the primary goal of improving the developer experience when Capsicumizing their existing programs. The biggest enemy of Capsicum is its large learning curve. Refactoring a program to support capability mode often requires the developer to know the causes of Capsicum violations and how to restructure the program to avoid the violations. Sometimes this process is trivial, but larger programs often need resources on demand, and figuring out how to serve these needs can be difficult. Jake extended the number of tools available to the developer to make Capsicumization easier, and the hope is that more developers will adopt it. For those interested in Capsicum, check out Jake’s blog post, Sandbox Your Program Using FreeBSD’s Capsicum.
OpenSSL 3 in Base
The FreeBSD Foundation contracted Pierre Pronchery as a Userland Software Developer, and his first task was to import OpenSSL v3 into our base system in preparation for FreeBSD 14.0. OpenSSL is a library for general-purpose cryptography and secure communication. It provides an open source implementation of the SSL and TLS network protocols, which are widely used in applications such as e-mail, instant messaging, Voice over IP (VoIP), or, more prominently, the global Web (aka HTTPS). To describe OpenSSL 3 as a major release is an understatement, and Pierre dedicated significant time not only on importing the new library but dealing with many required changes to other parts of the tree.
With the update of OpenSSL to version 3, many new build errors were introduced to the ports tree. To fix these issues before the release of FreeBSD 14.0, the Foundation contracted Muhammad Moinur (Moin) Rahman to complete the time-consuming and tedious work of fixing all port issues related to the update to OpenSSL 3.
Documentation and Testing Internship
In July 2023, Yan-Hao Wang began a summer internship with the Foundation to work on a variety of tasks. He improved our testing framework by adding new tests, such as one for gunion(8), and he created new documentation tools, such as an online editor for translating documents and man pages.
Modern computer architectures provide SIMD (single instruction multiple data) instruction set extensions to operate on multiple data at once. Commonly used for numerical applications such as video codecs, graphics rendering, and scientific computing, the use of SIMD techniques also aids in basic data processing tasks such as those implemented by libc functions. While other libc implementations already provide SIMD-enhanced variants of standard libc functions, the FreeBSD libc largely does not. The objective of the project completed by Robert Clausecker was to provide such SIMD-enhanced versions of relevant libc library functions and thus improve the performance of software linked against it. As these libc functions are used by most software available for FreeBSD, these enhancements give a broad benefit for a wide range of programs. You can read more information about the project in Robert’s recent blog post.
Networking Summer Internship
Naman Sood was a FreeBSD Foundation summer intern. They began the internship by submitting improvements to one of the firewalls included with FreeBSD, pf. For example, they completed work started by Luiz Amaral to allow traffic for pfsync, pf’s state table synchronization interface, to be carried over IPv6. They also submitted work to implement RFC 4787 REQs 1 and 3 for pf full cone NAT. Full cone NAT means all requests from an internal IP/port are mapped to the same external IP/port, which allows certain devices like the Nintendo Switch to work behind pf running on FreeBSD. Naman also took on miscellaneous tasks, such as exploring how to extract tcp checkpoint and failover work from a project called VPS for FreeBSD started by Klaus P. Ohrhallinger and submitting bug fixes for pw(8) and du(1).
To conclude, our gratitude goes out to the developers mentioned here and to the broader development community. We would also like to thank all those entities, whether they are private companies, academic institutions, or another type of organization, for sponsoring FreeBSD development and infrastructure maintenance. We appreciate the efforts of bug reporters, speakers, and bloggers who are critical to making FreeBSD what it is. Finally, thank you to all those who donated to the Foundation in 2023; your support makes all this work possible. We look forward to another busy year in 2024.