FreeBSD Foundation Work in the 13.1 Release

FreeBSD 13.1, which was released on Monday May 16, is the culmination of 13 months of development since 13.0.  The work involved 5678¹ new commits and of those, 831² or about 15% identified sponsorship by the FreeBSD Foundation. Part of the FreeBSD Foundation’s mission is to support the development of the FreeBSD operating system.  In this post we will highlight some of the Foundation-sponsored work that went into 13.1.

Since 13.0, 99 Foundation-sponsored commits to improve arm64 support were included in 13.1³.  For example, Arm-optimized routines for mem* & str* are part of 13.1.  These are updated versions from the older Cortex string library we previously used. The Arm optimized routines also support CPU features that are currently in development on FreeBSD such as Branch Target Identification (BTI). Moreover, Arm-specific fixes to DTrace were added to work with BTI.

Other arm64 improvements include:

– Adding support to decode either BTI- or PAC-tagged arm64 binaries to the elftoolchain readelf.

– Adding support for the R_AARCH64_IRELATIVE relocation type in static binaries on arm64.  The solution is based on the powerpc code, updating it to use the arm64 resolver ABI, and to use the arm64 relocation type.

– Teaching the arm64 kernel to identify the Arm AEM, the Arm Architecture Envelope Model.  The AEM is a simulator that models the architecture rather than any specific implementation. Add its part ID macro and add it to the list of Arm CPUs we can decode.

The 802.11 Linux KPI layer has been developed to facilitate the import of dual-licensed wireless drivers from Linux.  Just under 107 Foundation-sponsored commits were made to the Linux KPI layer since 13.0⁴. That work includes improvements to the state machine for handling de-association and de-authorization and always creating a new station as net80211 does to avoid firmware crashes.  Other changes were included to support newer drivers.  For example, implementing ieee80211_beacon_loss(), using cfg80211_chandef_create(), making make lkpi_ic_set_channel() unconditional, improving hw_scan fallback to sw_scan, advertising full offload scanning based on hw_scan only, and improving the handling of connection loss.

The UEFI boot under amd64 has been improved in 13.1. The loader now detects whether the loaded kernel can handle the in-place staging area (non-copying mode). The default is copy_staging auto. Auto-detection can be overridden, for example: with copy_staging enable, the loader will unconditionally copy the staging area to 2M, regardless of kernel capabilities. Also, the code to grow the staging area is more robust.  For growth to occur, it is no longer necessary to hand-tune and recompile the loader.

Foundation-sponsored work to better support the WireGuard driver was included in 13.1. This includes extensions to the existing Chacha20-Poly1305 cipher in the Open Crypto Framework (OCF) to support both 8 and 12 byte nonces.  Support was also added for all of the AES-CCM NIST KAT vectors, many of which use non-default nonce and tag lengths. This was part of an approach developed to better fit the existing OCF model where nonce and MAC lengths are properties of a session (similar to key lengths).

The ssh package has been updated to OpenSSH v8.8p1, which includes a security update and bug fixes. Other updates include these changes:

– ssh(1): When prompting whether to record a new host key, accept that key’s fingerprint as a synonym for “yes.”

– ssh-keygen(1): When acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm.

– ssh(1): UpdateHostkeys is enabled by default, subject to some conservative preconditions.

– scp(1): The behavior of remote to remote copies (e.g. scp host-a:/path host-b:) has been changed to transfer through the local host by default.

– scp(1) has experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used.

The use of FIDO/U2F hardware authenticators has been enabled in ssh, using the new public key types ecdsa-sk and ed25519-sk, along with corresponding certificate types. FIDO/U2F support is described in https://www.openssh.com/txt/release-8.2.

FreeBSD 13.1 includes LLDB, the debugger included in the LLVM family, version 13.0.0.  Since LLDB 11.0.1, which was part of FreeBSD 13.0, a tremendous amount of work to modernize LLDB on FreeBSD and other systems has been completed by Moritz Systems under sponsorship by the FreeBSD Foundation.

A new plugin system that uses the more modern client-server layout was completed.  Under this plugging system, the debugged program runs as part of the lldb-server, while LLDB’s UI runs remotely. This makes the LLDB code easier (or even possible) to reuse as a library with third party code as the debugger.  As part of the implementation of the new plugin system, many bugs were fixed along the way.  Some examples are:

Other LLDB work by Moritz Systems which users will first find in FreeBSD 13.1 is 1. support for tracing fork(2) and vfork(2) syscalls using a model that is compatible with the follow-fork-mode setting from GDB and 2. SaveCore functionality for FreeBSD, allowing users to create core dump files on demand.  You can read more about Moritz Systems’ LLDB work in the Articles section of their site.

As one would expect, the first point release of a new major version fixes many bugs.  Of the Foundation-sponsored commits, 80 include a reference to a bug report (PR) in the commit log⁵. Memory management problems were corrected in, e.g., FreeBSD’s rename VOP implementation, in the fget*() and getvnode*() functions, and in a clock calibration function.  Input validation bugs were corrected in libradius and cryptodev, and a problem that caused -gz=zlib option for clang’s linker to have no effect on the generated executable or shared library was corrected.

A sampling of other fixes included in 13.1 are:

– 7b03cfcb24c2 fstyp: detect Raspberry Pi Pico boot filesystem as FAT

– aef190f298af mpr/mps/mpt: verify cfg page ioctl lengths

– 9f83c6fa52fb Handle interrupts racing with device suspend

– 946a297fbd9a sort: Fix random sort

– 367d0c7d6617 pf: Initialize the table entry zone limit at initialization time

– ed1acef3fe30 ipfw: Update the pfil mbuf pointer in ipfw_check_frame()

– 207f42897114 readelf: do not trucate section name with -W

The above work includes both internal staff and Foundation funded work. Many software development grant projects are still in progress, including work on Arm64, and on Linux KPI/wifi. For a full list of ongoing development projects, please visit our projects page. https://freebsdfoundation.org/our-work/projects/.

^{1. git log –first-parent –oneline remotes/freebsd/releng/13.0..remotes/freebsd/releng/13.1 | wc -l↩}

^{2. git log -i –first-parent –oneline –grep=’Sponsored by.*FreeBSD Foundation.*’ freebsd/releng/13.0..freebsd/releng/13.1 | wc -l↩}

^{3. git log -i –first-parent –oneline –grep=’Sponsored by.*FreeBSD Foundation.*’ –grep=arm64 –all-match freebsd/releng/13.0..freebsd/releng/13.1 | wc -l↩}

^{4. git log -i –first-parent –oneline –grep=’Sponsored by.*FreeBSD Foundation.*’ –grep=LinuxKPI –all-match freebsd/releng/13.0..freebsd/releng/13.1 | wc -l↩}

^{5. git log -i –first-parent –oneline –grep=’Sponsored by.*FreeBSD Foundation.*’ –grep=’PR:’ –all-match freebsd/releng/13.0..freebsd/releng/13.1 | wc -l↩}