FreeBSD 11.0-RELEASE Release Notes
Abstract
The release notes for FreeBSD 11.0-RELEASE contain a summary of the changes made to the FreeBSD base system on the 11.0-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
Table of Contents
Introduction
This document contains the release notes for FreeBSD 11.0-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 11.0-RELEASE is a release
distribution. It can be found at https://www.FreeBSD.org/releases/ or any of its
mirrors. More information on obtaining this (or other) release
distributions of FreeBSD can be found in the Obtaining
FreeBSD' appendix to the FreeBSD
Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.0-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 10.3-RELEASE. In general, changes described here are unique to the 11.0-STABLE branch unless specifically marked as MERGED features.
Typical release note items document recent security advisories issued after 10.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
Important Notes
This section lists important information for those upgrading from prior FreeBSD releases.
User-facing Changes
As of r303719, OpenSSH DSA key
generation has been disabled by default. It is important to update
OpenSSH keys prior to upgrading. Additionally, Protocol
1 support has been removed.
Upgrading from Previous Releases of FreeBSD
[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are supported,
using the instructions in /usr/src/UPDATING.
For information on upgrading via 
freebsd-update(8), please see the binary upgrading
section in the Installation page.
Important:
Upgrading FreeBSD should only be attempted after backing up
all data and configuration files.
Userland
This section covers changes and additions to userland applications, contributed software, and system utilities.
Userland Configuration Changes
The default 
newsyslog.conf(5) now includes files in the
/etc/newsyslog.conf.d/ and
/usr/local/etc/newsyslog.conf.d/ directories for
newsyslog(8). 
(r266463)
The 
mailwrapper(8) utility has been updated to use 
mailer.conf(5) from the LOCALBASE environment
variable, which defaults to /usr/local if unset.
(r270675)
The MK_ARM_EABI 
src.conf(5) option has been removed and is now the only
supported ABI for FreeBSD/arm. 
(r272350)
The ntp suite has been updated to version 4.2.8p8. (r301247)
/etc/ntp/leap-seconds has been updated to version
3676752000. 
(r301247)
The WITH_SYSTEM_COMPILER 
src.conf(5) option is enabled by default. 
(r302177)
Userland Application Changes
When unable to load a kernel module with kldload(8), a message informing to view output of dmesg(8) is now printed, opposed to the previous output "Exec format error.". (r260594)
The 
pciconf(8) utility can now identify PCI devices that are
attached to a driver to be identified by their device name instead
of just the selector. Additionally, the -l flag now
accepts an optional device argument to list details about a single
device. 
(r260910)
A new flag, "onifconsole" has been added to
/etc/ttys. This allows the system to provide a login
prompt via serial console if the device is an active kernel
console, otherwise it is equivalent to off. 
(r260913)
Support for displaying VPD for PCI devices via pciconf(8) has been added. (r260926)
The ping(8) utility has been updated to use the Capsicum framework to drop priviliges, protecting against malicious network packets. (r261498)
The 
ps(1) utility has been updated to include the -J
flag, used to filter output by matching 
jail(8) IDs and names. Additionally, argument 0
can be used to -J to only list processes running on
the host system. 
(r265229)
The 
top(1) utility has been updated to filter by 
jail(8) ID or name, in followup to the 
ps(1) change in r265229. 
(r265249)
The 
pmcstat(8) utility has been updated to include a new flag,
-l, which ends event collection after the specified
number of seconds. 
(r266209)
The ps(1) utility has been updated to include a new keyword, "tracer", which displays the PID of the tracing process. (r270745)
The 
primes(6) utility has been updated to correctly enumerate prime
numbers between 4295098369 and
3825123056546413050. Prior to this change, it was
possible for returned values to be incorrectly identified as prime
numbers. 
(r272166)
The mkimg(1) utility has been updated to include three options used to print information about mkimg(1) itself: (r272198)
| Option | Output | 
|---|---|
| 
 | The current version of the mkimg(1) utility | 
| 
 | The disk image file formats supported by mkimg(1) | 
| 
 | The partition schemes supported by mkimg(1) | 
Userland ctf(5) support in dtrace(1) has been added. With this change, dtrace(1) is able to resolve type info for function and USDT probe arguments, and function return values. (r272488)
The elfdump(1) utility has been updated to support capability mode provided by capsicum(4). (r274960)
The fstyp(8) utility has been added, which is used to determine the filesystem on a specified device. (r275680) (Sponsored by The FreeBSD Foundation)
The libedit library has been updated to support
UTF-8, which additionally provides unicode support to 
sh(1). 
(r276881)
The mkimg(1) utility has been updated to support the MBR EFI partition type. (r276893) (Sponsored by The FreeBSD Foundation)
The ptrace(2) system call has been updated include support for Altivec registers on FreeBSD/powerpc. (r277166)
A new device control utility, devctl(8) has been added, which allows making administrative changes to individual devices, such as attaching and detaching drivers, and enabling and disabling devices. The devctl(8) utility uses the new devctl(3) library. (r278320)
The netstat(1) utility has been updated to use libxo(3) to optionally generate machine-readable output. (r279122) (Sponsored by Juniper Networks, Inc.)
A new flag, -c, has been added to the 
mkimg(1) utility, which allows specifying the capacity of the
target disk image. 
(r279139)
The UEFI Secure Boot signing utility, uefisign(8) utility has been added. (r279315) (Sponsored by The FreeBSD Foundation)
The freebsd-update(8) utility has been updated to prevent fetching updated binary patches when a previous upgrade has not been thoroughly completed. (r279571) (Sponsored by ScaleEngine, Inc.)
A regression in the 
libarchive(3) library that would prevent a directory from being
included in the archive when --one-file-system is used
has been fixed. 
(r280870)
The 
ar(1) utility has been updated to set
ARCHIVE_EXTRACT_SECURE_SYMLINKS and
ARCHIVE_EXTRACT_SECURE_NODOTDOT to disallow directory
traversal when extracting an archive, similar to 
tar(1). 
(r281311) (Sponsored by The FreeBSD
Foundation)
A race condition in 
wc(1) that would cause final results to be sent to 
stderr(4) when receiving the SIGINFO signal has
been fixed. 
(r281617)
The 
chflags(1), 
chgrp(1), 
chmod(1), and 
chown(8) utilities now affect symbolic links when the
-R flag is specified, as documented in 
symlink(7). 
(r282208) (Sponsored by
Multiplay)
The 
date(1) utility has been updated to print the modification time
of the file passed as an argument to the -r flag,
improving compatibility with the GNU 
date(1) utility behavior. 
(r282608)
The 
pw(8) utility has been updated with a new flag,
-R, that sets the root directory within which the
utility will operate. 
(r283961)
The lockstat(1) utility has been updated with several improvements: (r284297) (Sponsored by ClusterHQ)
- 
Spin locks are now reported as the amount of time spinning, instead of loop iterations. 
- 
Reader locks are now recognized as adaptive that can spin on FreeBSD. 
- 
Lock aquisition events for successful reader try-lock events are now reported. 
- 
Spin and block events are now reported before lock acquisition events. 
The fstyp(8) utility has been updated to be able to detect zfs(8) and geli(8) filesystems. (r284589) (Sponsored by ScaleEngine, Inc.)
The 
mkimg(1) utility has been updated to include support for
NTFS filesystems in both MBR and GPT partitioning
schemes. 
(r284883)
The 
jexec(8) utility has been updated to include a new flag,
-l, which ensures a clean environment in the target
jail when used. Additionally, 
jexec(8) will run a shell within the target jail when run no
commands are specified. 
(r285420)
The w(1) utility has been updated to display the full IPv6 remote address of the host from which a user is connected. (r285550)
The jail(8) framework has been updated to allow mounting linprocfs(5) and linsysfs(5) within a jail. (r285685)
The 
patch(1) utility has been updated to include a new option to
the -V flag, none, which disables backup
file creation when applying a patch. 
(r285772) (Sponsored by EMC / Isilon
Storage Division)
The 
ar(1) utility now enables deterministic mode (-D)
by default. This behavior can be disabled by specifying the
-U flag. 
(r286010) (Sponsored by The FreeBSD
Foundation)
The 
xargs(1) utility has been updated to allow specifying
0 as an argument to the -P (parallel
mode) flag, which allows creating as many concurrent processes as
possible. 
(r286289) (Sponsored by ScaleEngine,
Inc.)
The wireless network stack has been modified to no longer show
physical wireless devices by default. In order to view available
wireless devices on the system, run sysctl
net.wlan.devices. 
(r287197) (Sponsored by Netflix, Nginx,
Inc.)
A new utility, sesutil(8), has been added, which is used to manage ses(4) (SCSI Environmental Services) devices. (r287473) (Sponsored by Gandi.net)
The 
pciconf(8) utility has been updated to use the PCI ID database
from the misc/pciids package, if present, falling back
to the PCI ID database in the FreeBSD base system. 
(r287522)
The resolver library has been updated to reload
/etc/resolv.conf if the modification time has changed.
(r289315) (Sponsored by Dell,
Inc.)
The 
uuencode(1) utility has been updated to include a new flag,
-r, which when used will generate raw output similar
the 
uudecode(1) -r flag. 
(r297678)
By default the 
ifconfig(8) utility will set the default regulatory domain to
FCC on wireless interfaces. As a result, newly created
wireless interfaces with default settings will have less chance to
violate country-specific regulations. 
(r300738)
Contributed Software
The binutils suite of utilities has been updated to include upstream patches that add new relocations for powerpc support. (r275718)
The ELF Tool Chain has been updated to upstream revision r3477. (r300698) (Sponsored by The FreeBSD Foundation)
The texinfo utility and info pages were removed
from the base system. The print/texinfo port should be
installed on systems where info pages are needed.
(r276551)
The ELF object manipulation tools addr2line, c++filt, objcopy, nm, readelf, size, strip, and strings were switched to the versions from the ELF Tool Chain project. (r276796) (Sponsored by The FreeBSD Foundation)
The wpa_supplicant(8) and hostapd(8) utilities have been updated to version 2.4. (r281806)
bmake has been updated to version 20150606. (r284254)
Sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0
and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by
default, i.e., they will not contain "::". For example, instead of
"::1", it will be "0:0:0:0:0:0:0:1". This permits a zero subnet to
have a more specific match, such as different map entries for
IPv6:0:0 versus IPv6:0. This change requires that configuration
data (including maps, files, classes, custom ruleset, etc.) must
use the same format, so make certain such configuration data is in
place before upgrading. As a very simple check search for patterns
like 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old
behavior, set the m4 option
confUSE_COMPRESSED_IPV6_ADDRESSES or the cf option
UseCompressedIPv6Addresses. 
(r285229)
The tcpdump(1) utility has been updated to version 4.7.4. (r285275)
The 
ssh(1) utility has been updated to re-implement hostname
canonicalization before locating the host in
known_hosts. 
(r285642) (Sponsored by Dell,
Inc.)
The libarchive(3) library has been updated to properly skip a sparse file entry in a tar(1) file, which would previously produce errors. (r285972)
The apr library used by svnlite(1) has been updated to version 1.5.2. (r286503)
The serf library used by svnlite(1) has been updated to version 1.3.8. (r286505)
The unbound(8) utility has been updated to version 1.5.4. (r287917)
Timezone data files have been updated to version 2015g. (r290697)
OpenBSM has been updated to version 1.2 alpha 4. (r292432)
Clang has been updated to version 3.8.0. (r296417)
LLVM has been updated to version 3.8.0. (r296417)
LLDB has been updated to version 3.8.0. (r296417)
libc++ has been updated to version 3.8.0. (r296417)
The compiler_rt utility has been updated to version 3.8.0. (r296417)
The resolvconf(8) utility has been updated to version 3.7.3. (r296190) (Sponsored by The FreeBSD Foundation)
OpenSSH has been updated to 7.2p2. (r296633)
The sqlite3 library used by svnlite(1) and kerberos(8) has been updated to version 3.12.1. (r298161)
libucl has been updated to version 0.8.0. (r298166)
The svnlite(1) utility has been updated to version 1.9.4. (r298845)
ACPICA has been updated to version 20160527. (r300879)
The libblacklist(3) library and applications have been ported from the NetBSD Project. Packet filtering support for the pf(4) packet filtering systems has been implemented. The blacklist system provides the blacklistd daemon, the helper script blacklistd-helper to make changes to the running packet filter system and the blacklistctl control program. A selection of system daemons, including: fingerd, ftpd, rlogind, and rshd have been modified to support sending notifications to the blacklistd daemon. (r301169) (Sponsored by The FreeBSD Foundation)
The jemalloc(3) library has been updated to version 4.2.1. (r301718)
Support for the ipfw(4) packet filter has been added to the blacklistd-helper script. (r301736) (Sponsored by The FreeBSD Foundation)
Support for the ipfilter(4) packet filter has been added to the blacklistd-helper script. (r301843) (Sponsored by The FreeBSD Foundation)
SSHv1 support has been removed from OpenSSH. (r303716)
Support for DSA is disabled by default in OpenSSH. (r303719)
OpenSSL has been updated to version 1.0.2i. (r306198)
Installation and Configuration Tools
The bsdinstall(8) partition editor and sade(8) utility have been updated to include native ZFS support. (r271539)
The FreeBSD installation utility, 
bsdinstall(8), has been updated to set the
canmount 
zfs(8) property to off for the /var
dataset, preventing the contents of directories within
/var from conflicting when using multiple boot
environments, such as that provided by sysutils/beadm.
(r272274)
The 
bsdconfig(8) utility has been updated to skip the initial
tzsetup(8) UTC versus wall-clock time prompt when run in a
virtual machine, determined when the kern.vm_guest
sysctl(8) is set to 1. 
(r274394)
The bsdinstall(8) utility has been updated to use the new dpv(3) library to display progress when extracting the FreeBSD distributions. (r275874)
Support for detecting and implementing aligning partitions on 1Mb boundaries has been added to bsdinstall(8). (r285557) (Sponsored by ScaleEngine, Inc.)
Support for detecting and implementing a workaround for various
laptops and motherboards that do not boot properly from
GPT-partitioned disks has been added to 
bsdinstall(8). Additionally, the active flag will
be set on the partition when needed. 
(r285679) (Sponsored by ScaleEngine,
Inc.)
Support for selecting the partitioning scheme when installing on the UFS filesystem has been added to bsdinstall(8). (r285679) (Sponsored by ScaleEngine, Inc.)
The bsdinstall(8) utility now supports a "BIOS+UEFI option during installation, supporting systems with UEFI or BIOS/CSM capability. (r298243)
The bsdinstall(8) utility has been updated to include various system hardening options during installation. (r303447)
/etc/rc.d
Scripts
The 
rc(8) subsystem has been updated to allow configuring services
in ${LOCALBASE}/etc/rc.conf.d/. If
LOCALBASE is unset, it defaults to
/usr/local. 
(r270676)
A new 
rc(8) script, growfs, has been added, which will
resize the root filesystem to fill the device on boot if
/firstboot exists and growfs_enable is
enabled in 
rc.conf(5). 
(r273955)
The mrouted 
rc(8) script has been removed from the base system. An
equivalent script is available from the net/mrouted
port. 
(r275299)
The 
service(8) utility has been updated to honor entries within
/etc/rc.conf.d/. 
(r287576) (Sponsored by ScaleEngine,
Inc.)
/etc/periodic Scripts
The daily 
periodic(8) script 110.clean-tmps has been updated
to avoid crossing filesystem mount boundaries when cleaning files
in /tmp. 
(r271321)
A new 
periodic(8) script, 510.status-world-kernel, has
been added, which evaluates the running userland and kernel
versions from the 
uname(1) -U and -K arguments, and
prints an error if the system userland and kernel are not in sync.
(r277216) (Sponsored by The FreeBSD
Foundation)
Runtime Libraries and API
The readline(3) library is now statically linked in software within the base system, and the shared library is no longer installed, allowing the Ports Collection to use a modern version of the library. (r268461)
The 
strptime(3) library has been updated to add support for
POSIX-2001 features %U and %W. 
(r272273)
The 
dl_iterate_phdr(3) library has been changed to always return
the path name of the ELF object in the dlpi_name
structure member. 
(r272848) (Sponsored by The FreeBSD
Foundation)
The libxo(3) library has been imported to the base system. (r273562) (Sponsored by Juniper Networks, Inc.)
A userland library for Chelsio Terminator 5 based iWARP cards has been added, allowing userland RDMA applications to work over compatible NICs. (r273806) (Sponsored by Chelsio Communications)
The gpio(3) library has been added, providing a wrapper around the gpio(4) kernel interface. (r274987)
The procctl(2) system call has been updated to include a facility for non-http://www.FreeBSD.org/cgi/man.cgi?query=init&sektion=8&manpath=freebsd-release-ports[init(8)] processes to be declared as the reaper of child processes and their decendants. (r275800) (Sponsored by The FreeBSD Foundation)
The futimens() and utimensat() system
calls have been added. See 
utimensat(2) for more information. 
(r277610)
The 
elf(3) compile-time dependency has been removed from
dtri.o, which allows adding DTrace probes to userland
applications and libraries without also linking against 
elf(3). 
(r278934)
The 
setmode(3) function has been updated to consistently set
errno on failure. 
(r279186)
The qsort(3)-related functions have been updated to be able to handle 32-bit aligned data on 64-bit platforms, also providing a significant improvement in 32-bit workloads. (r279663)
Several standard include headers have been updated to make use
of gcc attributes, such as
result_use_check(),
alloc_size(), and __nonnull().
(r281130]
Support for file verification in MAC has been added. (r281845)
The libgomp library is now only built when building
GCC from the base system. An up-to-date version is available in the
Ports Collection as devel/libiomp5-devel. 
(r282973) (Sponsored by The FreeBSD
Foundation)
The stdlib.h and malloc.h headers have
been updated to make use of the gcc alloc_align()
attribute. 
(r282988)
ABI Compatibility
The Linux® compatibility version has been updated to
2.6.18. The compat.linux.osrelease
sysctl(8) is evaluated when building the
emulators/linux-c6 and related ports. 
(r271982)
The stack protector has been upgraded to the "strong" level, elevating the protection against buffer overflows. While this significantly improves the security of the system, extensive testing was done to ensure there are no measurable side effects in performance or functionality. (r288669)
Kernel
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
Kernel Bug Fixes
A kernel bug that inhibited proper functionality of the
dev.cpu.0.freq 
sysctl(8) on Intel® processors with Turbo Boost™ enabled has
been fixed. 
(r265876)
Support for 
dtrace(1) stack tracing has been fixed for FreeBSD/powerpc,
using the trapexit() and asttrapexit()
functions instead of checking within addressed kernel space.
(r271697)
A kernel panic triggered when destroying a vnet(9) jail(8) configured with gif(4) has been fixed. (r271917)
A kernel panic triggered when destroying a vnet(9) jail(8) configured with gre(4) has been fixed. (r271918)
A bug in ipfw(4) that could potentially lead to a kernel panic when using dummynet(4) at layer 2 has been fixed. (r272089)
The kernel RPC has been updated to include several enhancements: (r280930) (Sponsored by MIT Computer Science & Artificial Intelligence Laboratory)
- 
The 45 MiB limit on requests queued for nfsd(8) threads has been removed. 
- 
Avoids unnecessary throttling by not deferring accounting for completed requests. 
- 
Fixes an integer overflow and signedness bugs. 
Kernel Configuration
The IMAGACT_BINMISC kernel configuration option has
been enabled by default, which enables application execution
through emulators, such as QEMU via 
binmiscctl(8). 
(r266531)
The VT kernel configuration file has been removed,
and the 
vt(4) driver is included in the GENERIC kernel. To
enable 
vt(4), enter set kern.vty=vt at the 
loader(8) prompt during boot, or add kern.vty=vt
to 
loader.conf(5) and reboot the system. 
(r268045)
The 
config(8) utility has been updated to allow using a
non-standard src/ tree, specified as an argument to
the -s flag. 
(r277904)
The FreeBSD/powerpc64 kernel now builds as a position-independent executable, allowing the kernel to be loaded into and run from any physical or virtual address. (r277990)
Important:
This change requires an update to 
loader(8). The userland and kernel must be updated before
rebooting the system.
A new module for creating rpi.dtb has been added
for the Raspberry Pi. 
(r278338)
[arm] The rpi.dtb module is now installed to
/boot/dtb/ by default for the Raspberry Pi system.
(r278340)
Kernel support for Vector-Scalar eXtension (VSX) found on POWER7 and POWER8 hardware has been added. (r279189) (Sponsored by The FreeBSD Foundation)
The pmap(9) implementation for 64-bit PowerPC® processors has been overhaulded to improve concurrency. (r279252) (Sponsored by The FreeBSD Foundation)
A new module for creating the dtb module for ARM
AM335x systems has been added. 
(r279824)
The PAE_TABLES kernel configuration option has been
added for FreeBSD/i386, which instructs 
pmap(9) to use PAE format for page tables while maintaining a
32-bit physical address size elsewhere in the kernel. The use of
this option can enhance application-level security by enabling the
creation of "no execute" mappings on modern i386 processors. Unlike
the PAE option, PAE_TABLES preserves
kernel binary interface (KBI) compatibility with
non-PAE kernels, allowing non-PAE kernel
modules and drivers to work with a PAE_TABLES-enabled
kernel. Additionally, system limits are tuned for 4GB maximum RAM,
avoiding kernel virtual address space (KVA) exhaustion. 
(r281495) (Sponsored by The FreeBSD
Foundation)
The SIFTR kernel configuration has been added,
allowing building 
siftr(4) statically into the kernel. 
(r282215)
The ARM boot loader, ubldr, is now relocatable. In
addition, ubldr.bin is now created during build time,
which is a stripped binary with an entry point of 0,
providing the ability to specify the load address by running
go ${loadaddr} in u-boot. 
(r282731)
[amd64,i386] The 
nvd(4) and 
nvme(4) drivers are now included in the GENERIC
kernel configuration by default. 
(r282921) (Sponsored by Intel
Corporation)
A new kernel configuration option, EM_MULTIQUEUE,
has been added which enables multi-queue support in the 
em(4) driver. 
(r283959) (Sponsored by Limelight
Networks)
Note:
Multi-queue support in the 
em(4) driver is not officially supported by Intel®.
The GENERIC kernel configuration has been updated
to include the IPSEC option by default. 
(r285142) (Sponsored by
Netgate)
Initial NUMA affinity and policy configuration has been added. See numactl(1), and numa_getaffinity(2), for usage details. (r285387) (Sponsored by Norse Corporation, Dell, Inc.)
Note:
If the system BIOS generates an invalid ACPI SRAT table, the kernel
will ignore it, effectively disabling NUMA. If dmesg shows "SRAT:
Duplicate local APIC ID", try updating the BIOS to fix NUMA
support.
Support for running CloudABI executables on amd64 and arm64 has been added. CloudABI is a runtime environment that uses capability-based security exclusively, similar to capsicum(4) always being enabled. It allows designing, implementing and testing strongly sandboxed applications more easily. (r285307)
The 
pms(4) driver has been added to the GENERIC kernel
configuration for supported architectures. 
(r286231)
The CUBIEBOARD2 kernel configuration has been
renamed to A20 to add support for other boards with
the A20 processor, such as the Banana Pi. 
(r287306)
Kernel debugging symbols are now installed to
/usr/lib/debug/boot/kernel/. To retain the previous
behavior, add KERN_DEBUGDIR="" to 
src.conf(5). 
(r288176) (Sponsored by The FreeBSD
Foundation)
Support for POSIX asynchronous I/O is now included in the kernel
by default. The VFS_AIO kernel option and
aio.ko kernel module have been removed. Asynchronous
I/O operations on sockets, local files, and disk devices are
permitted by default. However, operations on other file types are
disabled. See the 
aio(4) manual page for more details. 
(r296277) (Sponsored by Chelsio
Communications)
[arm64] arm64 has been switched over to using
INTRNG by default. 
(r301565) (Sponsored by The FreeBSD
Foundation)
System Tuning and Controls
The hwpmc(4) default and maximum callchain depths have been increased. The default has been increased from 16 to 32, and the maximum increased from 32 to 128. (r275140) (Sponsored by The FreeBSD Foundation)
The 
devfs(5) device filesystem has been changed to update
timestamps for read/write operations using seconds precision. A new
sysctl(8), vfs.devfs.dotimes has been added, which
when set to a non-zero value, enables default precision timestamps
for these operations. 
(r280949) (Sponsored by iXsystems, The
FreeBSD Foundation)
A new 
sysctl(8), kern.racct.enable, has been added,
which when set to a non-zero value allows using 
rctl(8) with the GENERIC kernel. A new kernel
configuration option, RACCT_DISABLED has also been
added. 
(r282213) (Sponsored by The FreeBSD
Foundation)
The GENERIC kernel configuration now includes
RACCT and RCTL by default. 
(r282901) (Sponsored by The FreeBSD
Foundation)
Note:
To enable RACCT and RCTL on a system
using the GENERIC kernel configuration, add
kern.racct.enable=1 to 
loader.conf(5), and reboot the system.
Devices and Drivers
This section covers changes and additions to devices and device drivers since 10.3-RELEASE.
Device Drivers
The 
full(4) device has been added, and the lindev(4)
device has been removed. Prior to this change,
lindev(4) provided only the /dev/full
character device, returning ENOSPC on write attempts.
As this device is not specific to Linux®, a native FreeBSD version
has been added. 
(r265132)
Hardware context support has been added to the
drm/i915 driver, adding support for Mesa 9.2 and
later. 
(r271705)
The 
vt(4) driver has been updated, replacing the bitmapped
kern.vt.spclkeys 
sysctl(8) with individual kern.vt.kbd_* variants.
(r273178)
The 
hpet(4) driver has been updated to create a
/dev/hpetN device, providing access to HPET from
userspace. 
(r273598)
The drm code has been updated to match Linux®
version 3.8.13. 
(r280183)
The psm(4) driver has been updated to include improved support for newer Synaptics® touchpads and the ClickPad® mouse on newer Lenovo™ laptops. (r281440)
Support for the Freescale PCI Root Complex device has been added to FreeBSD/powerpc. (r282783)
Storage Drivers
The mpr(4) device has been added, providing support for LSI Fusion-MPT 3 12Gb SCSI/SATA controllers. (r265236) (Sponsored by LSI, Spectra Logic)
The 
mrsas(4) driver has been added, providing support for LSI
MegaRAID SAS controllers. The 
mfi(4) driver will attach to the controller, by default. To
enable 
mrsas(4) add hw.mfi.mrsas_enable=1 to
/boot/loader.conf, which turns off 
mfi(4) device probing. 
(r265555) (Sponsored by LSI)
Note:
At this time, the 
mfiutil(8) utility and the FreeBSD version of MegaCLI and
StorCli do not work with 
mrsas(4).
The 
ctl(4) subsystem has been updated, increasing the ports limit
from 128 to 256, and LUN limit from
256 to 1024. 
(r275461) (Sponsored by
iXsystems)
The asr(4) driver has been removed, and is no
longer supported. 
(r276526)
The pms(4) driver has been added, providing support for the PMC Sierra line of SAS/SATA host bus adapters. (r285662)
The ioat(4) driver has been added, providing support for the PSE (Platform Storage Extension). (r287117) (Sponsored by EMC / Isilon Storage Division)
The CTL High Availability implementation has been rewritten. (r287621) (Sponsored by iXsystems)
The isp(4) driver has been updated and improved: added support for 16Gbps FC cards, improved target mode support, completed Multi-ID (NPIV) functionality. (Sponsored by iXsystems)
Network Drivers
Support for Broadcom chipsets BCM57764, BCM57767, BCM57782, BCM57786 and BCM57787 has been added to bge(4). (r258830)
The deprecated nve(4) driver has been removed. Users of NVIDIA nForce MCP network adapters are advised to use the nfe(4) driver instead, which has been the default driver for this hardware since FreeBSD 7.0. (r261975)
The if_nf10bmac(4) device has been added, providing
support for NetFPGA-10G Embedded CPU Ethernet Core. 
(r264601) (Sponsored by DARPA,
AFRL)
Note:
The if_nf10bmac(4) driver operates on the FPGA, and is
not suited for the PCI host interface.
The ath_hal(4) driver has been updated to support the Atheros AR1111 chipset. (r265348) (Sponsored by Netgate)
The iwn(4) driver was added, providing support for the Intel® Centrino™ Wireless-N 105 and 135 chipsets. (r266770)
Support for the cxgbe(4) Terminator 5 (T5) 10G/40G cards has been added to netmap(4). (r266757) (Sponsored by Chelsio Communications)
The 
pf(4) packet filter default hash has been changed from
Jenkins to Murmur3, providing a 3-percent
performance increase in packets-per-second. 
(r272906)
The vxlan(4) driver has been added, which creates a virtual Layer 2 (Ethernet) network overlaid in a Layer 3 (IP/UDP) network. The vxlan(4) driver is analogous to vlan(4), but is designed to be better suited for large, multiple-tenant datacenter environments. (r273331)
The gre(4) driver has been significantly overhauled, and has been split into two separate modules, gre(4) and me(4). (r274246) (Sponsored by Yandex LLC)
The sfxge(4) driver has been updated to support Solarflare Flareon Ultra 7000-series chipsets. (r283514) (Sponsored by Solarflare Communications, Inc.)
The em(4) driver has been updated with improved transmission queue hang detection. (r283923) (Sponsored by Limelight Networks)
The iwm(4) driver has been imported from OpenBSD, providing support for Intel® 3160/7260/7265 wireless chipsets. (r286441)
The em(4) driver has been updated to allow disabling CRC stripping. (r286829) (Sponsored by Limelight Networks)
The 
pf(4) implementation has been updated to remove support for the
scrub fragment crop|drop-ovl filtering rule. Systems
with this rule in 
pf.conf(5) will implicitly be converted to the scrub
fragment reassemble filtering rule, without necessary
intervention. 
(r287222)
The dummynet(4) driver has been updated to include support for AQM (Active Queue Management), adding support for PIE (Proportional Integral controller Enhanced) and FQ-PIE (Fair Queueing Proportional Integral controller Enhanced). (r300779)
Hardware Support
This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.
Hardware Support
Support for FreeBSD/ia64 (Itanium) has been dropped as of FreeBSD 11. (r268351)
An issue that could cause a system to hang when entering ACPI
S3 state (suspend to RAM) has been corrected in the
acpi(4) and 
pci(4) drivers. 
(r274386)
The power management unit subsystem has been updated to support power button events on certain PowerPC hardware, such as aluminum PowerBook . (r274733)
The hwpmc(4) driver has been updated to correct performance counter sampling on PowerPC G4 (MPC74xxx) and G5 class processors. (r275190)
The OpenCrypto framework has been updated to include
AES-ICM and AES-GCM modes, both of which
have also been added to the 
aesni(4) driver. 
(r275732) (Sponsored by The FreeBSD
Foundation,Netgate)
The ig4(4) driver has been added, providing support for the fourth generation Intel® I2C SMBus. (r283766)
The uart(4) driver has been updated to support AMT devices on newer systems.
[arm64] Initial SMP support has been added to the FreeBSD/arm64 port. (r285316) (Sponsored by The FreeBSD Foundation)
The enc(4) driver has updated to allow creating an interface via kldload(8) during runtime without requiring additional kernel and/or userland changes. (r291292) (Sponsored by Yandex LLC)
The dtsec(4) driver for Freescale QorIQ SoCs has
been added, supporting P2041, P3041, P5010, and P5020 systems.
(r296177)
Freescale PowerQUICC and QorIQ systems now support larger address spaces, equivalent to PAE mode on i386. (r297001)
The e500mc and e5500 PowerPC cores are now supported, supporting most QorIQ systems. (r297977)
SMP for Multicore Freescale QorIQ systems now works correctly for SoCs with the AP cores in boot holdoff mode (not in spinloop wait mode). (r298237)
Native PCI-express HotPlug support is enabled by default on
amd64, arm64, and powerpc. This feature has exposed compatibility
issues on some hardware that result in missing devices or a hang
during boot. To work around such issues, run set
hw.pci.enable_pcie_hp=0 in the boot loader, and add
hw.pci.enable_pcie_hp=0 to
/boot/loader.conf. 
(r299142)
Virtualization Support
Support for the "Virtual Interrupt Delivery" feature of Intel®
VT-x is enabled if supported by the CPU. This feature can be
disabled by running sysctl hw.vmm.vmx.use_apic_vid=0.
Additionally, to persist this setting across reboots, add
hw.vmm.vmx.use_apic_vid=0 to
/etc/sysctl.conf. 
(r260410)
Support for "Posted Interrupt Processing" is enabled if
supported by the CPU. This feature can be disabled by running
sysctl hw.vmm.vmx.use_apic_pir=0. Additionally, to
persist this setting across reboots, add
hw.vmm.vmx.use_apic_pir=0 to
/etc/sysctl.conf. 
(r260532)
Unmapped IO support has been added to virtio_blk(4). (r260582)
Unmapped IO support has been added to virtio_scsi(4). (r260583)
The virtio_random(4) driver has been added to harvest entropy from the host system. (r260847)
FreeBSD/i386 guests can be run under bhyve. (r261504)
Support for running a FreeBSD/amd64 Xen guest instance as PVH guest has been added. PVH mode, short for "Para-Virtualized Hardware", uses para-virtualized drivers for boot and I/O, and uses hardware virtualization extensions for all other tasks, without the need for emulation. (r267536) (Sponsored by Citrix Systems R&D)
The bhyve(8) hypervisor has been updated to support AMD® processors with SVM and AMD-V hardware extensions. (r273375)
The virtio_console(4) driver has been added, which provides an interface to VirtIO console devices through a tty(4) device. (r273515)
Support for PCI Single Root I/O Virtualization (SR-IOV) has been introduced, allowing the creation of PCI Virtual Functions (VFs) for device drivers that support SR-IOV. See iovctl(8) for details on creating and configuring VFs. (r279463) (Sponsored by Sandvine, Inc.)
The 
bhyve(8) hypervisor has been updated to support DSM
TRIM commands for virtual AHCI disks. 
(r279957)
[arm] Support for the QEMU virt system has been
added. 
(r281439)
The Hyper-V™ drivers have been updated with several enhancements: (r282212) (Sponsored by Microsoft Open Source Technology Center)
- 
The hv_vmbus(4) driver now has multi-channel support. 
- 
The hv_storvsc(4) driver now has scatter/gather support, in addition to performance improvements. 
- 
The hv_kvp(4) driver has received several bug fixes. 
The hv_netvsc(4) driver has been updated to support checksum offloading and TSO. (r284746) (Sponsored by Microsoft Open Source Technology Center)
The 
xen(4) blkfront driver has been updated to include support for
blkif indirect segment I/O. 
(r286062)
Indirect segment I/O is enabled by default in the Xen blkfront driver when running on AWS EC2. (r302288)
ARM Support
Support for the Exynos 5420 Octa system has been added. (r266943)
The SMP option has been enabled for all Exynos 5 systems supported by FreeBSD. (r267390)
Support for the Toradex Apalis i.MX6 development board has been added. (r268838)
An issue that could cause instability when detecting SD cards on the Raspberry Pi SOC has been fixed. (r273264)
The bcm2835_cpufreq driver has been added, which
supports CPU frequency and voltage control on the Raspberry Pi SOC.
(r275963)
Support to turn off the BeagleBone Black system with the
shutdown(8) -p flag or by invoking 
poweroff(8) has been added. 
(r277042)
Audio transmission drivers have been added for Digital Audio Multiplexer (AUDMUXM), Smart Direct Memory Access Controller (SDMA), and Syncronous Serial Interface (SSI). (r277644)
Initial support for the ARM AArch64 architecture has been added. (r280259) (Sponsored by The FreeBSD Foundation)
Kernel support for Thumb-2 userland has been added. (r282779)
Support for the hardware power button on the BeagleBone Black system has been added. (r282827)
Initial ACPI support has been added for FreeBSD/arm64. (r284273) (Sponsored by The FreeBSD Foundation)
Support for 1-Wire devices has been added, providing support for 1-Wire hardware through gpio(4). See ow(4), owc(4), and ow_temp(4) for more information. (r287225)
Support for the HiSilicon HI6220 SoC has been added. (r287371) (Sponsored by ABT Systems, Ltd.)
The second CPU core on Allwinner A20 SoC have been enabled. (r263698)
Support for the Allwinner H3 SoC has been added. (r299688)
Support for X-Powers AXP813 and AXP818 power management integrated circuits have been added. (r299786)
Support for the Allwinner Reduced Serial Bus (RSB) has been added. (r299781)
Support for Allwinner A20 HDMI has been added. (r296064)
Support for GPIO, Sensors and interrupts on AXP209 power management integrated circuits have been added. (r300777)
Storage
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
General Storage
The ctl(4) LUN mapping has been rewritten, replacing iSCSI-specific mapping mechanisms with a new mechanism that works for any port. (r278037) (Sponsored by iXsystems)
The ctld(8) utility has been updated to allow controlling non-iSCSI ctl(4) ports. (r278354) (Sponsored by iXsystems)
The 
autofs(5) subsystem has been updated to include a new 
auto_master(5) map, -media, which allows
automatically mounting removable media, such as CD drives or USB
flash drives. 
(r275681) (Sponsored by The FreeBSD
Foundation)
The 
autofs(5) subsystem has been updated to include a new 
auto_master(5) map, -noauto, which handles
fstab(5) entries set to noauto. 
(r279955) (Sponsored by The FreeBSD
Foundation)
The GELI class has been updated to support the
BIO_DELETE 
g_bio(9) bio_cmd field, providing TRIM/UNMAP
support on GELI-backed SSD storage providers. 
(r286444)
The camdd(8) utility has been added, which allows copying data sequentially to and from SCSI devices, files, block devices and tape drives. If the source and/or destination is a SCSI disk, camdd(8) can use the asynchronous pass(4) interface to queue multiple I/Os for improved speed. (ATA passthrough support for camdd(8) is in development.) (r291716) (Sponsored by Spectra Logic)
The pass(4) SCSI/ATA passthrough driver now has an asynchronous interface. User applications may queue many requests, get notification of completion via kqueue(2) and retrieve status later. camdd(8) is an example application using the interface. (r291716) (Sponsored by Spectra Logic)
Support for parsing libucl-based configuration files has been added to ctld(8). (r295212) (Sponsored by iXsystems)
The ahci(4) driver has been updated to add NCQ TRIM support for drives that support it. (r298002) (Sponsored by Netflix)
Note:
Drives that advertise this feature but do not properly support it
have been blacklisted. Systems experiencing traffic problems with
NCQ TRIM enabled can set the kern.cam.ada.%d.quirks
tunable to 2 for 512k sectors or 3 for
4096k sectors, replacing %d with the drive number.
The 
cam(4) driver has been updated to allow I/O scheduling tuning
to fit workload and drive characteristics. This option is off by
default, and can be enabled by adding option
CAM_IOSCHED_ADAPTIVE option to the kernel configuration and
recompiling the kernel. 
(r298002) (Sponsored by
Netflix)
The camcontrol(8) command can manually force updating capacity data after a disk gets resized using the reprobe subcommand. (r299371) (Sponsored by The FreeBSD Foundation)
Leading spaces are now stripped off SCSI disk serial numbers
when populating the CAM serial number. This affects the output of
diskinfo(8) and the names of /dev/diskid/DISK-*
device nodes, among other things. 
(r300880) (Sponsored by Spectra
Logic)
Support for managing Shingled Magnetic Recording (SMR) drives has been added. (r300207) (Sponsored by Spectra Logic)
Networked Storage
The new filesystem automount facility, autofs(5), has been added. The new autofs(5) facility is similar to that found in other UNIX®-like operating systems, such as OS X™ and Solaris™. The autofs(5) facility uses a Sun™-compatible auto_master(5) configuration file, and is administered with the automount(8) userland utility, and the automountd(8) and autounmountd(8) daemons. (r270096) (Sponsored by The FreeBSD Foundation)
Support for the timeo, actimeo,
noac, and proto options have been added
to 
mount_nfs(8). 
(r273849) (Sponsored by The FreeBSD
Foundation)
The Mellanox implementation of iSER (iSCSI Extensions for RDMA) has been imported. (r300723)
The ability to discover iSCSI targets without having to attach to a target has been added to the iscsictl(8) command. (r301033) (Sponsored by The FreeBSD Foundation)
ZFS
The arc_meta_limit statistics are now visible
through the kstat 
sysctl(8). As a result of this change, the
vfs.zfs.arc_meta_used 
sysctl(8) has been removed, and replaced with the
kstat.zfs.misc.arcstats.arc_meta_used 
sysctl(8). 
(r275748)
The 
zfs(8) l2arc code has been updated to take
ashift into account when gathering buffers to be
written to the l2arc device. 
(r287099) (Sponsored by
ClusterHQ)
Four new resources have been added to rctl(8) to allow throttles to be set on filesystem IO. (r297633) (Sponsored by The FreeBSD Foundation)
The zfsd daemon has been added, which manages hotspares and replements in drive slots that publish physical paths. (r300906) (Sponsored by iXsystems, Spectra Logic)
The minimum and maximum values for the ZFS adaptive replacement cache can be modified at runtime. (r302265) (Sponsored by Multiplay)
geom(4)
Boot Loader Changes
This section covers the boot loader, boot menu, and other boot-related changes.
Boot Loader Changes
The memory test run at boot time on FreeBSD/amd64 platforms has been disabled by default. (r258431) (Sponsored by The FreeBSD Foundation)
A new 
ttys(5) class, 3wire, has been added. This is
similar to the existing terminal classes, but does not have a
defined baudrate. 
(r262955)
The 
vt(4) driver has been made the default system console driver.
The 
syscons(4) driver is still available, and can be enabled by
adding kern.vty=sc in 
loader.conf(5). Alternatively, 
syscons(4) can be enabled at boot time by entering set
kern.vty=sc at the 
loader(8) prompt. 
(r274085)
Support for bzipfs has been added to the EFI
loader. 
(r279950)
The boot loader has been updated to support entering the GELI
passphrase before loading the kernel. To enable this behavior, add
geom_eli_passphrase_prompt="YES" to 
loader.conf(5). 
(r281616)
[arm] The 
ttys(5) file for FreeBSD/arm has been updated to enable
ttyu1, ttyu2, and ttyu3 by
default, if the callin port is an active console port. 
(r284683) (Sponsored by The FreeBSD
Foundation)
The default installation directory for modules has been changed
to /boot/modules. 
(r299393)
Networking
This section describes changes that affect networking in FreeBSD.
Network Protocols
Support for the IPX network transport protocol has been removed, and will not be supported in FreeBSD 11 and later releases. (r263140)
Support for PLPMTUD blackhole detection (RFC 4821) has been added to the tcp(4) stack, disabled by default. New control tunables have been added: (r272720) (Sponsored by Limelight Networks)
| Tunable | Description | 
|---|---|
| 
 | Enables or disables PLPMTUD blackhole detection | 
| 
 | MSS to try for IPv4 | 
| 
 | MSS to try for IPv6 | 
New monitoring sysctl(8)s haven been added:
| Tunable | Description | 
|---|---|
| 
 | Number of times the code was activated to attempt downshifting the MSS | 
| 
 | Number of times the blackhole MSS was used in an attempt to downshift | 
| 
 | Number of times that the blackhole failed to connect after downshifting the MSS | 
Support for IP identification for atomic datagrams (RFC 6864)
has been added. Support for this feature can be toggled with the
net.inet.ip.rfc6864 
sysctl(8), which is enabled by default. 
(r280971) (Sponsored by Netflix, Nginx,
Inc.)
The IPSEC has been updated to include support for AES modes on both software-only and hardware-backed (aesni(4)) systems. (r285336) (Sponsored by Netgate)
The network stack has been updated to fix handling of IPv6 On-Link redirects. (r287798) (Sponsored by Dell, Inc.)
Support to be able to reroot into a NFSv4 volume has been added. (r299848) (Sponsored by The FreeBSD Foundation)
The net.inet.tcp.ecn.enable sysctl mib has been changed from a binary off/on control to a three way setting. (r300240)
| Value | Description | 
|---|---|
| 
 | Totally disable ECN. | 
| 
 | Enable ECN if incoming connections request it. Outgoing connections will request ECN. | 
| 
 | Enable ECN if incoming connections request it. Outgoing conections will not request ECN. | 
Dummynet AQM, an independent implementation of CoDel and FQ-CoDel for ipfw/dummynet has been imported to the base system. (r300779)
The unused SIOCSIFALIFETIME_IN6 ioctl has been
removed. 
(r301875)
Release Engineering and Integration
This section convers changes that are specific to the FreeBSD Release Engineering processes.
Integration Changes
The Release Engineering build tools have been updated to include support for producing virtual machine disk images for various cloud hosting providers. (r277458) (Sponsored by The FreeBSD Foundation)
The Release Engineering build tools have been updated to use multi-threaded xz(1). By default, the number of xz(1) threads is set to the number of cores available. (r278926)
The Release Engineering build tools have been updated to include support for building FreeBSD/arm64 virtual machine and memory stick installation images. (r281802) (Sponsored by The FreeBSD Foundation)
The Release Engineering build tools have been updated to support
building FreeBSD/arm images without external utilities for
supported boards where a corresponding u-boot port
exists in the Ports Collection. 
(r282693) (Sponsored by The FreeBSD
Foundation)
