DragonFly BSD

release28

DragonFly Release 2.8

30 October 2010 (2.8.2)

The DragonFly 2.8 release is here!

Big-ticket items

Return of the GUI - The 2.8 release includes a larger 4G USB image with a working X environment and full sources in addition to the standard 700M ISO and 1G USB images.

Crypto support - A cryptsetup compatible cryptographic device mapper target was written for DragonFly. This means that it is now possible to encrypt DragonFly partitions (e.g., HAMMER and UFS). While it is possible to only encrypt any partition like /home/, it is also possible to encrypt the whole root file system. The latter is especially useful for mobile devices. It is also possible to encrypt the swap partition while still being able to dump a kernel core. Further, the code is SMP aware, so expect a speedup if using multi-core machines and don't have cryptographic hardware support.

Packet Filter (pf) - Pf was updated to a version based upon OpenBSD 4.2. The previous version of pf in DragonFly was based on OpenBSD 3.5. This, in addition to laying the ground for further following OpenBSD's implementation, introduced several performance gains: Information like route-to, altq, tags, etc are now stored in the mbuf header directly. This was partially already the case up to DragonFly 2.6, but now the implementation corresponds to OpenBSD's.

Furthermore an often unnecessary checksumming was removed, which gains another 10% performance. Also state tables and interface bound states were reimplemented and the pf_test_*() functions where fold into pf_test_rule() to make things clearer. DragonFly-specific additions, support for fairq packet queueing and pickups, have remained intact.

WiFi Stack Update - FreeBSD's WiFi (802.11) network stack has been ported. While not all WiFi drivers have been ported the ability to port drivers from FreeBSD much more easily will allow us to ultimately add support for more and newer WiFi devices in the near future.

MP Performance - The multiprocessor work that has been ongoing in DragonFly is really starting to bear fruit. The MPLOCK (The primary lock, that when held ensures only a single cpu is operating within the kernel) has been pushed back significantly with this release. Most of the frontend code now uses soft tokens instead of the MPLOCK, though for safety these particular soft tokens still acquire the MPLOCK. We will be phasing out the safety feature as work progresses.

More importantly, HAMMER now runs with a per-mount lock and has specific optimizations to run 100% MPSAFE in the cached read & stat paths.

Much of the system backend including the buffer cache, the networking subsystem (protocol stacks and netif drivers), and the AHCI disk driver are now completely MP-safe and do not acquire the MPLOCK at all. For most intents and purposes the system is running MP-safe. I don't want to sell this short because large portions of the core infrastructure have been MP-safe for years. But now those MP-safe paths for the first time can reach all the way from userland to the device drivers on the backend.

Availability

Three release options are now available for 32-bit as well as for 64-bit.

The release ISO images should be available on most of the mirrors. If the ISO is not available on a certain mirror, please try another one or download it from the DragonFly master site. Each image is in the "Live CD" format, meaning that it boots into a running and fully functional DragonFly system, which can be used for testing or system recovery tasks as well as installation

MD5 sums

pkgsrc packages

We offer thousands of pre-built pkgsrc packages for this release. The pkg_radd(1) utility may be used to download pre-built binary packages. The path can be overridden by setting BINPKG_BASE in /etc/settings.conf.

To get a list of all packages, let pkg_search(1) download the summary file for that release:

# pkg_search -d

We supply a Makefile in /usr to track the pkgsrc tree and we supply a Git mirror of the NetBSD pkgsrc CVS repo at git://git.dragonflybsd.org/pkgsrcv2.git. We recommend that users use it, instead of pulling from NetBSD with CVS. Our Git mirror is updated several times a day.

DragonFly 2.8.x Special Installation and Upgrade Notes

New Loader - The forth loader is no longer in the system. The new loader, 'dloader', has to be installed before an 'installkernel'. If you are updating from an older system such as DragonFly 2.6 it is recommended to run an installworld before the installkernel to update the loader. Otherwise you can simply do the following before the 'installkernel'.

# cd /usr/src/sys/boot
# make all install

BIND removal - BIND is no longer in the base system. If you are using BIND or any of the associated utilities (host, nslookup, etc.), this method will allow you to transition to the version in pkgsrc:

# cd /usr/pksrc/net/bind96
# bmake all install clean

or

# pkg_radd bind96

# cp /usr/pkg/share/examples/rc.d/named9 /etc/rc.d/
# /etc/rc.d/named stop

edit /etc/rc.conf, and remove

named_enable="YES"

then add

named9_enable="YES"
named_chrootdir="/etc/namedb"
named_flags="-c named.conf"
named_program="/usr/pkg/sbin/named"

# chown -R named /etc/namedb
# /etc/rc.d/named9 start

Test your setup with host, dig and so on. Check for a running named process with ps. Error messages should go to /var/log/messages.

OpenSSL upgrade - OpenSSL has been upgraded, and SHLIB_MAJOR was bumped for libssh and libcrypto. This shouldn't break any 3rd-party software, but you'll need to recompile your 3rd-party software if you want it to link against the new version of OpenSSL.

libevent removal - Any previously installed applications depending on the libevent library in base will require recompilation, as this library is no longer supplied as standard.

VirtualBox, Virtual PC, and VMWare users - Unless your virtual hard disk is 50G or larger, we recommend doing a UFS install and not the default HAMMER install. We also recommend installing from the CD ISO and not the GUI IMG. A more serious installation should use HAMMER with at least a 50G disk image and can install from the GUI IMG.

Virtual PC users - Virtual PC does not supply serial numbers for the virtual disks. The system may need to be manually directed in the boot loader if the disk identifier changes. (Hit ? in the boot loader for a list of available volumes.)

DragonFly 2.8 Release Notes

Release Improvements

Kernel changes

  • dsched, an IO Scheduler framework and dsched_fq, a Fair Queuing I/O scheduler policy.
  • Device Mapper imported from NetBSD.
  • stripe and crypt targets for the Device Mapper (stripe is further enhanced as well).
  • select(2), poll(2) and kqueue/kevent(2) implementations were unified on top of the existing kqueue implementation.
  • Device polling API's and selrecord/selwakeup were dropped, in favor of kqueue's knote API, simplifying device implementation.
  • LWKT tokens reworked to improve efficiency, especially in recursive scenarios.
  • Direct acquisition of MPLOCK removed from VM and pmaps, now under a global VM token.
  • VM: Idle time page zeroing.
  • Major update of pf from OpenBSD 3.5 to 4.2, keeping DragonFly specific additions (support for pickups and fairq).
  • Network socket flags were made atomic.
  • Many minor bug fixes and improvements to HAMMER.
  • Additional major portions of the network stack were removed from under the MPLOCK.
  • Major performance improvements to softcrypto on SMP systems.
  • kern_udev - A framework to associate optional information with device nodes.
  • initrd (initial ramdisk/malloc disk) support.
  • Removal of shared spinlocks and renaming of the spinlock API.
  • Added support for AES-XTS and AES-CTR to the opencrypto framework.
  • proplib imported from NetBSD.
  • Removal of the forth loader in favor of a C-only loader, 'dloader'.
  • Fixing of {MADV,MAP}_NOSYNC, resulting in a great performance improvement for vkernels.
  • TCP-MD5 (RFC 2385) was ported from FreeBSD.
  • LWKT scheduler's priority mechanism was rewritten
  • Linux Emulation mostly MPSAFE.
  • Added renameat syscall
  • kfree() IPIs dramatically reduced.
  • Add support for cdevs as virtual disks for vkernels.
  • nullfs gained support for the noexec flag.
  • It is now possible to dump to dm disks.
  • Sync amdpm(4) with FreeBSD (and bring in amdsmb(4)).
  • Sync alpm(4) with FreeBSD.
  • New swapoff utility to turn off swap space.
  • APIC_IO now works a whole lot better.
  • Release ISOs and IMGs now start up with emergency interrupt polling turned on to improve the chances of being able to boot on a wider range of systems.
  • Numerous issues with NFS have been resolved.
  • Diskless NFS booting now attaches using NFSv3.
  • Much better scaling in low-memory systems (aka VMs), as little as 64M of physical memory with a recommended minimum of 128M.
  • Much better KVM efficiency on systems with large amounts of ram. 2.6 had some issues with KVM filling up on 32 bit systems. Those issues should now be gone. 64-bit systems now run with 128G of KVM.

Hardware changes (non-networking)

  • Driver for Areca RAID controllers (arcmsr).
  • aesni crypto driver.
  • AHCI support for recent AMD SATA chipsets.
  • VIA Padlock support fixed.
  • The uguru(4) driver for ABIT temperature, voltage and fan sensors was ported from OpenBSD.
  • twa(4) was synced with FreeBSD version 3.80.06.003.
  • SMP cpu startup code now tries to work around BIOS SMI bugs which cause AP cpu inits to fail.

Hardware changes (networking)

  • New wireless network card framework has been ported from FreeBSD.
  • Wireless cards utilizing the following drivers are supported in this release: ath, iwi, iwn, ral, wi, wpi.
  • The following drivers have not been ported and will not yet work: acx, an, bwi, ndis, rtw, rum, ural.

New Multiprocessor Safe Work

  • HAMMER VFS API is now MPSAFE, HAMMER uses per-mount locks and optimizes the read/stat paths.
  • tmpfs.
  • The network protocol stack and most of the backend drivers. The path from userland all the way through to the backend driver is now MPSAFE.
  • PF packet filter gets its own lock.
  • kqueue/kevent (and thus also select/poll).
  • The AHCI and SILI drivers.
  • The BUF/BIO subsystem.
  • TTYs have their own lock.

Userland changes

  • A catastrophic recovery command was added to the hammer(8) utility, allowing data to be recovered from physically damaged media.
  • Power/CPU frequency management daemon named powerd(8).
  • libdevattr - A library giving access to additional information about kernel device nodes with an API that is mostly compatible with Linux' libudev.
  • udevd - A support daemon for libdevattr.
  • Kernel programming guide (section 9 man pages) updated and extended.
  • mkinitrd - A tool to generate an initrd image to be able to boot from crypto, lvm and other devices.
  • crashinfo, a tool to automatically extract some useful information from kernel dumps in a text format.
  • proplib imported from NetBSD.
  • Added sha512 support to libmd.
  • ftp-proxy and bthcid were ported from libevent to kqueue(2)/kevent(2) and libevent was removed from the base system.
  • FreeBSD's stress2 stress testing suite was imported.
  • ioprio, a utility to change the I/O priority of a process doing I/O on a disk with the dsched_fq policy.
  • lt, a 'tree'-like utility.
  • Ported savecore(1) from FreeBSD used to gather info from crash dumps.
  • Installer now uses tmpfs instead of mfs.
  • Several fixes for the DragonFly Mail Agent (dma).
  • top(1) prints now Proportional RSS (PRES) instead of RSS.
  • pf(4) OS fingerprints for all DragonFly versions.
  • OpenSSL can now load engines at run-time.
  • Various vkernel updates including support for diskless operation.
  • nmalloc (libc malloc) gained a per-thread magazine layer for improved scalability.

x86_64-specific changes

  • A number of rare race conditions was fixed. This improves overall stability.
  • It is now possible to use powernow(4).
  • It is now possible to boot an SMP kernel without having to enable APIC_IO.
  • The kernel now configures 128GB of KVM and memory scaling has been tuned. Among other things this means that a well-endowed system will cache significantly more vnodes and configure a larger buffer cache.
  • The kernel now supports up to 512G of swap by default.

Removals

  • BIND is no longer in the base system. See Special Upgrade notes above for a migration path.
  • libevent.

Contributed Software

  • Shipping with pkgsrc-2010Q3 built packages.
  • Imported drill and libldns as a resolving utility in base as BIND has gone.
  • Imported lvm (Logical Volume Manager).
  • Imported cryptsetup for use with the new device mapper crypto target, dm_target_crypt.
  • Updated awk to 20100523.
  • Updated bzip2 to 1.0.6 which fixes CVE-2010-0405.
  • Updated OpenSSH to 5.6p1 (with HPN patch).
  • Updated OpenSSL to 1.0.0a.
  • Updated tzdata to 2010n.

Security related

  • Improved stability of tmpfs so that a user can't panic the system due to malloc zone exhaustion.
  • A security issue in libopie was fixed.
  • A security issue in the libc globbing code was fixed.