Chapter 2. New features in NetBSD 2.0

Table of Contents

2.1. What's new in NetBSD 2.0?
2.1.1. Native threads
2.1.2. Kernel events notification framework - kqueue
2.1.3. systrace
2.1.4. UFSv2
2.1.5. Java support
2.1.6. Verified Exec
2.1.7. Cryptographic disk driver
2.1.8. Non-executable stack and heap
2.1.9. New toolchain
2.1.10. Scalability improvements
2.2. New ports and enhancements to existing ports
2.2.1. amd64 - AMD Opteron
2.2.2. evbsh5 - Hitachi Super-H 5 based evaluation boards
2.2.3. i386 - PC hardware from i386 to Pentium IV
2.2.4. macppc - PowerPC based Macs
2.2.5. sparc - Sun hardware and clones
2.3. pkgsrc - The NetBSD Packages Collection

2.1. What's new in NetBSD 2.0?

It is impossible to list every single improvement to NetBSD since the previous release 1.6, or even since version 1.0. However, a summary of the major new features in NetBSD 2.0 are below.

2.1.1. Native threads

Besides SMP support for the NetBSD/i386 port (see below), native thread support was one of the major goals for NetBSD 2.0, and it was implemented via Scheduler Activations. Applications which support native threads can now take full advantage of the high-performance NetBSD POSIX threads implementation. See the pthread(3) manpage for more information.

Multi-threading provides application-level parallelism; multiple threads within the same process can run concurrently on different CPUs; concurrency requires kernel support for threads, which is what Scheduler Activations provides.

Scheduler Activations is an efficient method of mapping N userland threads to M kernel threads which avoids both the concurrency problems of N:1 implementations and the scalability problems of 1:1 implementations.

2.1.2. Kernel events notification framework - kqueue

kqueue provides a stateful and efficient event notification framework. Currently supported events include socket, file, directory, fifo, pipe, tty and device changes, and monitoring of processes and signals. See the kqueue(2) manpage for more information.

kqueue is supported by all writable filesystems in the NetBSD tree (with the exception of Coda) and all device drivers supporting poll(2).

2.1.3. systrace

The systrace facility monitors and controls application's access to the system by enforcing access policies for system calls. The systrace utility might be used to trace an untrusted application's access to the system. In addition, it can be used to protect the system from software bugs (such as buffer overflows) by constraining a daemon's access to the system. See the systrace(1) manpage for details.

The privilege elevation feature of systrace can be used to obviate the need to run large, untrusted programs as root when only one or two system calls require the elevated privilege, implementing a very flexible “jails”.

2.1.4. UFSv2

FreeBSD's UFS2 has been ported to NetBSD. UFS2 is an extension to FFS, adding 64 bit block pointers and support for extended file storage. Among other enhancements, UFS2 is better suited for file systems larger than 1 Terabyte.

2.1.5. Java support

Improvements have been made to NetBSD's Linux emulation to support the latest Sun JDK/JRE for Linux. Testing has shown that it now runs as well as it does on Linux natively.

2.1.6. Verified Exec

As the name suggests, Verified Exec verifies a cryptographic hash before allowing execution of binaries and scripts.

This can be used to prevent a system from running binaries or scripts which have been illegally modified or installed. In addition, Verified Exec can also be used to limit the use of script interpreters to authorized scripts only and disallow interactive use.

See the verifiedexec(4) and veriexecctl(8) manpages for more information.

2.1.7. Cryptographic disk driver

The cryptographic disk driver (cgd) can be used to encrypt disks or partitions, using some strong encryption algorithms, like AES (Rijndael) and Blowfish, and be configured to encrypt swap as well. See Chapter 14, The cryptographic device driver (CGD), and the cgd(4) and cgdconfig(8) manpages for more details.

2.1.8. Non-executable stack and heap

NetBSD 2.0 enforces non-executable mappings on many platforms. This means that parts of the stack and heap are made non-executable when they are marked writable. This makes exploiting potential buffer overflows harder.

2.1.9. New toolchain

NetBSD 2.0 supports a new toolchain based on gcc 3.3.3 and binutils 2.14. gcc 3.3.3 adds support for a number of CPU targets and greatly improved support for i386 and other targets. New platforms supported by gcc 3.3.3 has enabled the porting of NetBSD to even more architectures.

2.1.10. Scalability improvements

NetBSD 2.0 has been optimized heavily during the development process. These are some of the scalability improvements:

  • The memory allocation scheme for the buffer cache, which is used for caching file system meta data, has been rewritten. The buffer cache can now use up to 15% of the physical memory in the default configuration (tunable via sysctl(8)).

  • Socket buffer insertion is now O(C). This can provide a substantial performance boost to some applications which use large socket buffers.

  • i386 pmap(9) now uses a splay tree instead of linked lists, making fork(2) scale much better as the number of processes increases.

  • A red-black tree is now being used to find entries in vm_map. This speeds up memory allocation, and memory referencing if there are many vm_map entries.

2.2. New ports and enhancements to existing ports

2.2.1. amd64 - AMD Opteron

New port to AMD's 64-bit Opteron CPU, including SMP support.

2.2.2. evbsh5 - Hitachi Super-H 5 based evaluation boards

The Hitachi SuperH SH-5 is a bi-endian, 32 and 64-bit capable CPU, and this is a new port to the SH-5 Cayman evaluation board. Support for a number of generic, machine-independent device drivers including audio, SCSI and ethernet cards is present.

2.2.3. i386 - PC hardware from i386 to Pentium IV

Having Symmetrical Multiprocessing (SMP) available on the i386 port was the second major goal for the NetBSD 2.0 release (besides native threads), and it is achieved. The i386 also has a new ACPI and power management framework which takes advantage of Intel's ACPI implementation.

2.2.4. macppc - PowerPC based Macs

SMP is now supported on macppc. Hardware support for newer G4 models has been added.

2.2.5. sparc - Sun hardware and clones

SMP is now supported on SMP-capable SPARC hardware like Sun's SPARCstations 10 and 20.

2.3. pkgsrc - The NetBSD Packages Collection

pkgsrc has been significantly expanded and now contains over 5000 packages. A number of new platforms are supported, including Solaris, Linux, Darwin, FreeBSD, OpenBSD, DragonFlyBSD and Irix. Support for various other platforms (among them AIX, BSD/OS and HP-UX) is currently being worked on thanks to our new, portable bootstrap kit which makes it much simpler to port pkgsrc support to new operating systems.