[continued from previous message]
Wiki page URL: https://wiki.freebsd.org/SummerOfCode2025Projects
MacDoAndMDoImprovements
Commit to mdo(1) enabling fine-grained credentials transition requests URL:
https://cgit.freebsd.org/src/commit/?id=3ca1e69028ac
Contact: Kushagra Srivastava
Contact: Olivier Certner
The mac_do(4)/mdo(1) project aims at allowing controlled process credentials
transitions without using setuid executables but instead leveraging our MAC
framework. For more information, please consult the associated manual pages as
well as previous status reports from T3 2024 and T4 2024.
As part of Google Summer of Code 2025, Kushagra worked on extending mac_do(4)
(kernel) and mdo(1) (userland).
Worked-on mac_do(4) features:
• Per-jail configuration of authorized executables: Allow administrators to
specify a per-jail list of executables that are permitted to request
credential transitions, instead of being limited to the hardcoded /usr/bin/
mdo.
• Support for traditional credential-changing system calls: Allow mac_do(4)
to assess calls to setuid(2), setgid(2), setgroups(2), and related
functions as full credentials transitions on their own.
Worked-on new mdo(1) features:
• Allow finely specifying target groups (-g, -G, -s options), inheriting
from
current credentials or those of some user in the password and group
databases, and explicitly overriding any user and group IDs and
supplementary group.
• Provide a --print-rule option to switch to a mode that displays an
example
of the target part of a rule that would match the requested credentials.
Of these, the mdo(1)'s new fine-grained credentials transition requests change
has been committed and will appear in 15.0 and 14.4. The others most probably
will land in stable/14 before 14.4, but seem unlikely to appear in 15.0 as they
need more review and some amendments.
Together, these improvements will make mac_do(4) and mdo(1) more flexible and
practical, enabling safer credentials transitions without relying on setuid
executables and with strong jail integration.
Sponsor: Google LLC (Google Summer of Code 2025)
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━
Suspend/Resume Improvement
Links:
Blog URL: https://obiw.ac/s0ix/
BSDCan talk on s2idle/S0ix URL: https://youtu.be/RCjPc4X2Edc
Sleep testing image URL: https://people.freebsd.org/~obiwac/s0ix/
Working Repository URL: https://github.com/obiwac/freebsd-s0ix/tree/everything
Tip of the s2idle/S0ix + AMD SMU stack URL: https://reviews.freebsd.org/D48721
Contact: obiwac
Suspend-to-idle and support for S0ix sleep is in the process of being added to
FreeBSD.
This will allow modern Intel and AMD laptops, some of which do not support ACPI
S3 sleep, to enter low power states to increase battery life.
Entry to S0i3 is now working reliably on the Framework 13 AMD Ryzen 7040 series
laptops on FreeBSD 15. This required changes to LinuxKPI for DRM to know
whether the system intends to enter S3 or S0ix: D51591.
These changes in turn required the creation of generic sleep types, separate
from ACPI. Not all of these changes have yet been committed, but new hw.power.*
sysctls will be created to choose the sleep type for various sleep state
transition requests.
The amdsmu driver, some ACPI changes and fixes, and GPIO interrupt servicing in
amdgpio have been committed.
A pre-built sleep testing image is now available to easily testing S0i3 entry
on machines. Detailed instructions are on the webpage.
With respect to the links, the blog post entry is still outdated.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━
USB Kernel Debugging Improvements
Contact: Tom Jones
XHCI USB controllers offer a mode which allows them to be used as a system
debugging interface. XHCI debug uses a special USB 3 cable with VBUS, D+ and D-
disconnected. The feature can be used to live debug the FreeBSD kernel,
enabling investigation of issues which cause the system video console to lock
up and there is not an alternative such as a serial console. This can happen
when debugging issues with graphics drivers.
Hiroki Sato developed support for the XHCI debug interface and made it
available as some in progress git branches. This implementation enables FreeBSD
to operate as both a Debug Host and a Debug Target, with support for debugging
from the loader through to the kernel.
In this quarter the Debug Host side of the XHCI debug has been committed to
FreeBSD main and will be available in FreeBSD 15. The Debug Host driver enables
a FreeBSD machine to debug Linux and Windows systems acting as Debug Targets.
The Debug Host driver has been split from the patch series to enable debugging
of FreeBSD 16 and onwards from FreeBSD 15.
The Debug Target side of XHCI debug has progressed in this quarter, with an
improved interface between the loader and the kernel and a lock up sending data
from a Target resolved. The remaining work for the host implementation is to
enable XHCI debug as a console very early in boot and to convert some methods
to use bus space allocations.
In the coming quarter I plan to update the developers handbook section on
kernel debugging.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━
Architectures
Updating platform-specific features and bringing in support for new hardware
platforms.
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━
FreeBSD Driver Development for BananaPi-R64
Links:
Wiki URL: https://wiki.freebsd.org/arm/Bananapi
Contact: Martin Filla
Introduction
The Banana Pi R64 is a MediaTek MT7622-based development board (ARM Cortex-A53,
dual-core ~1.35 GHz) featuring 4× Gigabit LAN, 1× Gigabit WAN, Wi-Fi (4×4n),
Bluetooth 5.0, and multiple peripheral interfaces (UART, SPI, I²C, GPIO, SATA,
mini-PCIe, eMMC, etc.).
Current State of FreeBSD Support
• Implemented so far:
□ UART driver
□ Clock management (clocks)
□ Pinctrl/gpio driver – in active development gpio part
□ Storage controllers (eMMC/SD/MMC) driver
□ Ethernet Switch mt7531 driver
□ Ethernet mt7622 driver
Other essential components—Ethernet, USB, SATA, Wi-Fi, etc.—are not yet
implemented.
Technical Context and Significance
Support for Banana Pi R64 in FreeBSD is in the early stages—UART and clocks
drivers exist but ppl clock is under development, gpio is under
development — while most critical subsystems remain unimplemented.
Development roadmap
• Implement missing drivers
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
