Wednesday Jun 14, 2006

OpenSolaris Birthday Festivities

We mobilized our community to throw OpenSolaris a blog party. For a rundown of what's going on today, check out Jim's Announcement.

Here is a collection of blog entries thus far. Note that I expect to update this entry a number of times today, so please check back. Of particular note in my mind are the entries from the people who have contributed code to the project:

Sun's OpenSolaris team (the team busy changing the way we do things in order to make things like the website, SCMs, etc. possible) has also started to post their thoughts (I've included OpenSolaris Marketing here, too): We're also lucky to have some celebrity bloggers checking in: And we wouldn't really be anywhere without dedicated community members: Note: if you're not included here, don't worry-- I'll be adding you later in the day!

Technorati Tag:

The Butterfly Effect Revisited

What a difference a year makes. A year ago this evening, I was up until about 3am helping others to put the finishing touches on the launch of Life was different... OpenSolaris advocates were beseiged by charges of vaporware. Critics used phrases like "Put up or Shut up," "There is no OpenSolaris," and "You Sun people are pathetic." It was an ugly time which I documented in a blog entry entitled: Beyond My Wildest Expectations: The Butterfly Effect.

Most of us know the butterfly effect: "Small variations of the initial condition of a dynamical system may produce large variations in the long term behavior of the system. ... Had the butterfly not flapped its wings, the trajectory of the system might have been vastly different." [Source: Wikipedia] I often think of this effect when I consider why something surprising happened.

Then at about 8am on June 14th, 2005, we opened and invited the world in for a look, and to join us in developing a world class operating system. At the time I felt like part of a volcano of activity-- today it seems like another flap of the butterfly's wings.

So today I'm contemplating the butterfly effect of our actions last June 14. Who could have predicted a year ago what today would be like? How will this year's accomplishments be amplified in years to come? Just today we've reached 100 contributions-- I wonder if that milestone number serve to attract new developers? We've seen new faces and new perspectives emerge in the community. Several active distributions with different and interesting missions have arrived. User groups have sprouted up-- and attending SVOSUG meetings has been one of my favorite activities this year.

That's not to say we're done. There's a long list of things yet to be accomplished-- mostly summarized on the roadmap. But we've delivered a lot, and I hope that counts for something. As for me: In the next year I hope to sponsor more fixes, and help out with some redesign of the website look and feel (I helped to author today's redress of the home page, mostly assembled over the last 48 hours). The butterfly effect leaves me optimistic-- and fairly sure that the next year will bring new surprises...

Technorati Tag:

Monday Jun 12, 2006

Reminder: Blog Party & IRC Chat Party Tomorrow (Weds June 14)

Don't forget: We're throwing OpenSolaris a blog birthday party and an IRC party tomorrow, June 14.

To check out the chat party, check out our new java based chat, here:

And please, support the blog party by writing a blog entry and posting it at around 9am PDT (16:00 UTC) on June 14th. See you then!

Wednesday Jun 07, 2006

Blog Birthday Party 2006

We're planning a Blog Birthday Party for OpenSolaris! The event will be on June 14th, 2006, to mark the one year anniversary of our launch. Looking back, it's amazing how much we wrote as part of the launch. See Bryan and Liane's chronicles of that event here, here, here, here, and here. I think that Tim Bray put it best:
They told me they were going to try to get lots of people to blog about the launch, but this is remarkable: this morning they knew about 132 bloggers and 215,000 words, and there’s another dozen pieces every time I turn on my aggregator. The communications and culture shift happening here is maybe just as interesting as OpenSolaris itself. Herewith observations, and pointers to some particularly sharp-edged samples. A new thing is in the world.

So in short, I'm trying to harness that same energy to celebrate the birthday of OpenSolaris. If you are reading, you are invited too: Join us by blogging or just reading on June 14th!

PS: I'm also hoping that we can celebrate with a 24-hour party in the #opensolaris IRC channel on Come for a chat!

Technorati Tag:

Friday May 19, 2006

JavaOne Pictures

Here are some pictures I took at JavaOne 2006. Click the image for more.

Sunday May 14, 2006

Off to JavaOne

I'll be at JavaOne Monday and Tuesday of this week. On Monday, I'm going to try to attend Netbeans Day SF, and on Tuesday I'll be manning the OpenSolaris booth on the exhibition floor and watching the fun at the DTrace Challenge. Tuesday night I'm expecting to go to whatever SVOSUG meeting materializes. I hope to see you there!

Friday Apr 28, 2006

What's New in Solaris Express 4/06 (Nevada Build 36)

Today marks the release of Solaris Express 4/06 (or Nevada Build 36). I missed blogging about 3/06, and I feel guilty.

Anyway, you can look at the 3/06 What's New Doc for a summary of 3/06, so I'll just pretend I wasn't a slacker last month.

Among other things, about 750 bugs were fixed.

Notable New Features in Solaris "Nevada", Build 36 (SX 4/2006)


  • The DTrace JNI binding project integrated. This means that you can now control DTrace from Java programs; the author, Tom Erickson, has subsequently released Chime, a client program which uses this facility.


  • ZFS persistent offline was added; this changes the behavior of zfs offline to persist across reboot. offline -t is available as a "temporary" offline.
  • ls -V was introduced, which provides a new ACL display mode to ls which is more compatible with NFSv4/ZFS ACLs. This produces ACLs in a compact format, which some users prefer.
  • Disk write caches are enabled if ZFS owns the disk. [6322205]
  • The fsstat utility was added, providing vfs-level observability.
  • The ZFS FMA Phase 1 project integrated, bringing a sophisticated approach to I/O fault handling to the system. Eric wrote a nice blog entry about this.
  • zfs mountroot phase 1 was implemented, which allows you to hand-assemble a system which boots from ZFS. See Tabriz's Blog for details.
  • The .zfs/ feature of ZFS is now supported over NFSv3 (it was supported over NFSv4 already).



  • libumem now uses significantly less memory on some workloads. Jonathan wrote a nice blog entry about this. [6304072]
  • getrusage() is now faster. [6381512]


  • FMA for Athlon 64 and Opteron Processors was integrated. This brings sophisticated error telemetry and diagnosis to Opteron and Athlon 64 systems of all shapes and sizes (not just those made by Sun). Here are the highlights:
    • CPU & Memory error detection
    • ChipKill is on by default
    • Offlining of CPUs and Cores
    • Memory retire
    All of this should add up to additional improvements in the uptime of Opteron and Athlon systems running Solaris.
  • Hotplug support for PCI Express was added; the front-end for this is the cfgadm command.
  • Hotpluggable drives are now better able to accomodate EFI-labels and device IDs, both of which are very important to supporting ZFS on USB and Firewire disk drives. [6348407]
  • It's now possible to offline CPU 0 on x86 systems, a long standing annoyance. [6342823]
  • The AMD64 kernel now emulates two Intel-invented instructions, lahf and sahf. [6219321]
  • A closed-source disassembler for x86 was purged from the system and replaced with open code.
  • An audio driver for the ATI IXP400 chip was added.
  • The Intel ACPI interpreter was updated to 20060217.

Free Software

  • PostreSQL has been integrated and is available in /usr/bin
  • Samba has been converted to an SMF service: svc:/network/samba:default [6310561]
  • Samba is now compiled with LDAP support. [6174211]
  • Apache has been updated to 2.0.55.


  • The "Coolstart" project has landed. See Jan's Blog Entry for more information about how to turn on fancy boot-time graphics. CDE, JDS, dtlogin and gdm have all been reskinned to match. (dtlogin in particular looks really nice now).
  • dtlogin and the various CDE daemons have been converted to SMF services: svc:/application/graphical-login/cde-login, svc:/network/cde-spc, svc:/network/rpc/cde-calendar-manager, and svc:/network/rpc/cde-ttdbserver
  • Fixes to the USB mouse driver mean better compatibility with the latest mice [5083593] [6328758]
  • A video driver for the AST 2000 chip was added to XSun.
  • The OpenGL vendor switching project was integrated. The goal here is to allow multiple different implementations of OpenGL to co-exist on a machine at one time, and provide boot time selection of the best implementation for the hardware present. man -M /usr/X11/man ogl-select for details.
  • Font handling in JDS was improved. [5099951]
  • Xorg now works properly if the system has no mouse connected. [6245431]
  • ATI mach64 driver performance has been significantly improved. [6303855]
  • Xorg auto-configuration has been improved to more accurately detect monitor characteristics. [6385111]

Community Contributions

  • Juergen Keil contributed:
    [6368142] sd: unaligned write memory corruption; zfs on dvdram media: panic
    [6311025] build_reserved_irqlist ignores irq15 information from ELCR register
    [6372009] dma_mem_alloc failures when free memory is low; zfs panic on usb mass storage
    [6388096] NULL pointer dereference panic in sd_range_lock()
  • Rich Lowe contributed:
    PSARC 2006/134 logadm(1m) $zonename keyword
    [4823583] crontab command prints incorrect usage
    [6352485] RFE: add $zonename to the list of macros supported by logadm
    [6357132] DHCP server should not open /dev/ip
    [4844685] gratuitous "in.ndpd: terminated" printed during shutdown.

This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.

Technorati Tag:

Monday Apr 24, 2006

Zones Boot Arguments PSARC Case

Today I submitted a proposal to our ARC Process (specifically, to PSARC), entitled Zone Boot Arguments II. While this isn't the best sample of my writing, I do think it demonstrates the value of writing such documents carefully and of trying as hard as you can to fully understand the problem space.

While each project team is free to make its own choices, the zones team is choosing to share as much of this design rationale with our community as possible. We want to hear from the widest possible set of voices in order to validate our design work. I've set a timer for May 1, 2006. If you have comments, please send them to me by that time.

Technorati Tag:

Friday Apr 21, 2006

Installing "Sun Java System Web Proxy Server"

At Sun we have a corporate firewall which does not do transparent web proxying to the outside world. All traffic is directed through traditional proxy servers.

For many years, I've run my own proxy server, deployed on recent versions of Solaris, and always on x86 or x64 based hardware. Most recently this has been on a 2-cpu Opteron Server. When it works well, a couple of dozen people use it, although I've always wanted to have more users.

The early years: Squid

Since the early days (ok, 1999), I ran the Squid proxy cache. Frankly, I'm fed up with Squid: it is hard to make the right choices at compile time, hard to make the right choices at run-time, has many bugs, and just doesn't feel like a very modern piece of software.

From Squid to Apache

Last week I attempted to replace Squid with Apache 2.2.0's mod_proxy and mod_cache subsystems. However, we started seeing a lot of Apache core dumps (> 150 per day), and have hit problems in which Apache serves up .css (style sheet) content as text/plain instead of text/css. Unfortunately, firefox doesn't like that, and so sites like fail to render properly. I posted to apache's users alias but received no help. I spent some time trying to track down the core dump problem, but I just don't have time to debug this to root cause.

What now?

So what other proxy servers are there? I surveyed what was available on freshmeat but had no luck finding anything that seemed to fill my list of requirements:

  • Provides Caching
  • Web correctness (see apache above, which fails on this point)
  • Scales to many users
  • Robust
  • Easy (at least sort of) to configure and administer
  • Free
  • Open Source
  • Helpful Community

From Apache to Sun's Proxy

Finally I decided to try my own company's product: Sun Java System Web Proxy Server 4.0. I had avoided this in the past, because it did not run on x86. Thankfully, that has now been corrected. Also it is definitely the proxy with the biggest (and silliest) name. But is it useful? Unlike the other proxies, it is not Open Source, which as far as I'm concerned is a negative. But from my limited testing thus far it scores well on my other requirements: it was simple to set up, and appears to be pretty robust. Hopefully it will someday be released into open source, since as you'll see, it's pretty nice, and I think a lot of folks would find this a nice project to hack on.


Sun Java System Web Proxy Server 4.0 is free to use, as long as you don't want support. You can download it from Sun's website. It is available for Solaris (x86, x64 and SPARC), Linux, and Windows. The download interface is a bit clunky-- but hey, it's free. The download is about 130MB, which seemed like a lot to me, but it carries with it various patches you need. Once you have it downloaded, you can use a graphical installer provided you have an X server. In this example, I'll be installing onto a machine called "webhop", and I unpacked the provided .zip file into /sunproxy
myhost $ xhost + webhop

webhop # export DISPLAY=myhost:0
webhop # cd /sunproxy/java_es_05Q4_webproxy
webhop # cd Solaris_x86
webhop # ./installer
This popped up the installer GUI on my machine "myhost". Unlike many programs, the installer is polite if can't remotely display the GUI:
webhop # ./installer
Unable to access a usable display on the remote system.
Continue in command-line mode?(y/n)
I briefly examined the command line installer and wasn't too impressed, but the graphical one is nice. Here's a sequence of images from my installation:
screenshot screenshot screenshot screenshot screenshot screenshot screenshot screenshot screenshot screenshot screenshot

There were a couple of nice features here which I appreciated: I could enter some basic configuration settings at installation time, and I felt that I wasn't asked many esoteric questions.
One hiccup I did hit was that the proxy didn't install itself as an SMF service. Hopefully in the next version that will be fixed. Also, in the final panel, the wizard offered to load me up some additional documentation (a nice touch), but that didn't seem to work for me.


It would have been nice if the installation GUI could have reminded me, at the end of installation, of the URL I would need to configure the server. In this case. But I soon worked out that it was port 8888 on my server. Logging in there, I used the "admin" account and the password I had supplied earlier. At this point, a rather slick looking web based interface launched itself. Here are some of the pages I looked at:
screenshot screenshot screenshot screenshot screenshot
With a little unguided fiddling, I was able to get the proxy to listen on the port of my choice, with a cache sized the way I wanted. There are definitely some rough edges but overall I was usually able to find the features I wanted. Here are some things we could do better:
  • One rather obvious improvement would be to the Reporting section, which produces a textual summary of cache usage-- surely some charts would make a big difference here. The good news is that with configurable log files, it should be easy to reuse an existing package such as AWStats to roll my own. The default log file looks pretty much like apache's.
  • I'll also need to work on an SMF service conversion so that if the proxy does crash, it is automatically restarted (it does seem to have a "watchdog" process which fulfills that function but at some point in my testing the watchdog itself crashed).
  • The proxy server outputs a fairly pedestrian message to client browsers when it can't find some host you've typed in. Isn't this an opportunity for branding?
  • I was surprised that my connection to the administration GUI for the server was insecure by default. There is a complex "security" section which allows the installation of certificates, but I couldn't make heads or tails of it. There should be a basic security mode enabled by default.
  • "Expert" mode and "Simple" mode-- My configuration isn't very complex, so an administration mode which guides me through the configuration would really help.
  • Integrated status display: it would be nice to have a single "console" which had basic statistics, server status, errors, etc. all integrated together on a single panel. Something to tell you at a glance how things were going. This should be the default view.
  • The proxy includes a GUI for generating a proxy autoconfiguration file, which web browsers can utilitize-- but unfortunately this didn't seem to work for me.
  • I had trouble convincing the proxy to use the cache directory I wanted-- it took me a lot of digging to understand that the cache was made up of "partitions." In my opinion, modern filesystems like ZFS eliminate the need for this sort of thing (i.e. spreading your cache out across multiple filesystems), so it would be nice to not see this complexity if it is not required.
  • It is often important to restart the server to get configuration changes to be applied. Sometimes the GUI doesn't seem to notice that the restart has succeeded, and so you need to reload it.

Anyway, nits aside, I am surprised by and impressed with this product. So far we've served 55,000 requests, and it has "just worked" to a degree which has surprised me. Nice work, Sun Java System Web Proxy Server (urp) team! Technorati Tag:

Wednesday Apr 05, 2006

CPU Caps Alpha Release and Zones

Andrei just released a public Beta of his latest project-- CPU Caps, which is a new and very useful resource management feature for Solaris, and for zones.

Unlike CPU shares, CPU caps let you naturally limit CPU usage for a project or for a zone. My favorite part is that you talk to the system about these caps in terms of percentage of a CPU. So, a cap of "150" means "150%" or "never use more than 1 and 1/2 CPUs". Here's how to set a cap for a zone:

# zonecfg -z myzone
zonecfg:myzone> add rctl
zonecfg:myzone:rctl> set name=zone.cpu-cap
zonecfg:myzone:rctl> add value (priv=privileged,limit=150,action=deny)
zonecfg:myzone:rctl> end
zonecfg:myzone> exit
(As an aside, I think we need to make this syntax in zonecfg much easier, both for shares and caps. This is 6222025 RFE: make cpu shares a global property)

Another advantage of CPU caps is that they are active for all scheduling classes except for "RT" (realtime). We're really excited to have this feature (which hopefully will integrate soon) since we think it will make resouce management configurations for zones quite a bit simpler in many cases.

The CPU Caps website includes complete directions on how to try this feature out.

Technorati Tag: ,

Tuesday Mar 28, 2006

DTrace + Zones = Crazy Delicious

Last week I finished what was for me a tough piece of technical work-- making DTrace and Zones play nicely together.

This is pretty cool because it brings some of the observational power of DTrace to the folks deploying applications inside of non-global zones. In future Solaris Express and Community Release builds (those based on Nevada b37 and higher), you can use a subset of DTrace functionality as follows:

        # zonecfg -z myzone
        zonecfg:myzone> set limitpriv=default,dtrace_proc,dtrace_user
        zonecfg:myzone> \^D

        # zoneadm -z myzone boot

        # zlogin myzone
        myzone# dtrace -l

        myzone# plockstat -Ap `pgrep startd`

Note that either or both of the dtrace_proc and dtrace_user privileges may be granted to a zone, but dtrace_kernel may not be (zoneadm will enforce this). The lack of dtrace_kernel means that not every DTrace script will work, since kernel state is not available to DTrace inside of a zone; but we think this represents a good start.

Additional virtualization work has been done to ensure that data from other zones is not visible inside the zone, and to ensure that the interactions with other relevant privileges (proc_owner and proc_zone) behave as expected.

For those interested in how this was accomplished, the following bugs should be helpful:

4970596 RFE: should be able to run some DTrace programs in a zone
6356708 libdtrace should interrogate providers, open devices via /dev.
6388070 non-root non-global zone users can't get dtrace provider modules to load
6393431 dtrace_proc + proc_owner doesn't sufficiently enable destructive actions
All of this rests on David's work to make zone privileges configurable.
Configurable Privileges for Zones
4966416 RFE: zone privileges should be configurable
I'm also very grateful to Adam and Jonathan who codereviewed this work numerous times and patiently explained the intricacies of the DTrace privilege model...

Technorati Tag: , ,

Monday Mar 27, 2006

Nevada at 37

My talk at last week's SVOSUG meeting went well, I hope. At least, there was a good turnout. Thanks to everyone who stuck around! I've posted the presentation pretty much as given. Click the thumbnail below for the PDF version. Click here for the staroffice version.

PDF slides

It turns out to be a difficult talk for the presenter because it covers such a breadth of stuff. It demands a lot of the audience, as well: a lot of state about what Solaris is before Nevada. As I noted to the audience, this presentation attempts to be complete, but surely falls short. Hopefully I'll be able to fill in more information the next time I do an update.

Technorati Tag:

Tuesday Mar 21, 2006

Me, at SVOSUG, This Week

I'll be the featured speaker this month-- that's this Thursday at SVOSUG, speaking about What is Solaris Nevada? I plan to give a broad overview of the contents so far of the Nevada release. I'll also talk as much as I can about future work we have planned (I'm limited not by secrecy but by personal ability to absorb so much diverse material).

If you're looking for a broad overview of what's going on in the Solaris community, this talk might appeal to you. There's sure to be something for just about every UNIX interest, and I'll do my best to field whatever hard questions get tossed at me...

Here is the announcement with details. Or to quote Alan:

When: Thursday, March 23, 2006
Where: Sun's Santa Clara Campus Auditorium (upstairs)
What: "What is Solaris Nevada?"
Time: 7:30pm-10:00pm

After the talk, I plan to post the slides... so, watch this spot.

Thursday Mar 09, 2006

Zones Development: You're invited

On Friday, the Zones team met with an important ISV, one which is already supporting Solaris Zones. This ISV does a significant amount of what I'd call "deep" integration with the system: kernel code, user code, etc.

They (engineers, directors, managers were all present) seemed surprised to learn that we had started an OpenSolaris Zones Community at which we were regularly posting design proposals for our newest Zones features. We talked them through the following work:

While the meeting was in its way productive, I couldn't help but wonder: Why don't they just hang out (or point their feedreader at) zones-discuss AT opensolaris DOT org? Why isn't this an ongoing discussion? At some point during the meeting, the ISV requested that we add them to the mailing list (progress!). We told them that they could subscribe themselves just as easily. I wonder if they'll dare to have a conversation with us in the open?

Anyway, I think this ISV was really surprised when we invited them to participate in the conversation around new features, and help to define them. Honestly, I don't think they believed us.

So there you go-- tens of millions (I guesstimate) of dollars spent to bring Solaris into Open Source, and to create and maintain, and some of our biggest ISVs aren't present. If you were a customer of said ISV, wouldn't that upset you?. Please demand that your ISVs join the OpenSolaris community!

I think the surprise we were met with just further highlights that most traditional software vendors just "don't get" what they can gain from participation in open communities. Here's a chance to closely track emerging OS features and to influence them. Here's a place to rapidly raise and resolve issues with the people who can most efficiently address them. Here's a place where they can even contribute their own design proposals and code. That is to say, this is a way to save money and deliver features, performance and integration to the customer.

This also points up a failing in Sun's strategy-- as a company we need to be more engaged in bringing our partners to these communities. All too often, ISVs relay to us "things Sun told them" that sound like something you'd get from playing the telephone game. And as an engineering team, we need to constantly work to make it easy for folks to participate. To whit, we've added a new page to our site: Zones Project Documents, which points to the design docs themselves, as well as providing status about each.

Like I said: We've invited you to our house. Please come on over!

Friday Feb 17, 2006

What's New in Solaris Express 2/06 (Nevada Build 31)

Yesterday marked the release of Solaris Express 2/06 (or Nevada Build 31). Get it here. Among other things, about 1150 bugs were fixed. Wow. This release is pretty vast, with new and interesting features everywhere. If you're a desktop user, there's a lot to love: Realplayer, improved USB support, USB pilot sync, DVD burning support, much improved font handling and WiFi support. Let's dive in...

Notable New Features in Solaris "Nevada", Build 31 (2/2006)


  • The Solaris version of Real's RealPlayer was added for both SPARC and x86 platforms, in /usr/bin/realplay.
  • The dvd+rw-tools package was added [6346516]
  • The Gnome-pilot project integrated, and it is now possible to Sync PDAs via USB, including from Evolution [6262077] gpilotd is also provided.
  • Changes in the X client code have yielded much nicer looking fonts for JDS applications. (I'm a big fan of this fix!)
  • was upgraded to X11R6.9 RC 4
  • The nautilus cd-burner finally works [6210267]
  • In the printing subsystem, 'localhost' can now be used as a hostname for lpadmin instead of using a hardwired hostname-- this is useful if your laptop changes names (say, via DHCP) [6236627] [6222929] [6275641].

Storage Technologies

  • The st(7d) driver gets several updates: support for the StorageTek T10000 tape drive [6325893], and the IBM 3592 drive [6252753].
  • Support was added for the for Summit-E HBA, Emulex's PCI-E 4G Fibre Channel HBA [6333059] and the Pyramid-E HBA, Emulex's PCI-X 4G Fibre Channel HBA [6333054].
  • UFS picks up support for posix_fallocate(3c), a standard interface to reserve disk space for a file [4517427].
  • The ZFS team delivered numerous performance fixes, including:
    • [6297285] znode prefetching in zfs_readdir causes 5x performance degradation for 'ls'
    • [6347448] non ZFS_DEBUG kernels shouldn't call empty verify functions
    • [6347493] tar of 25K empty directory entries in ZFS takes 30+ seconds ...
    • [6347134] zfs_zaccess() is killing ZFS stat() performance
  • Many other ZFS bugs were fixed, including [6344651], [6344659], [6344695], [6345773], [6345826], [6347492], [6347421], [6348240], [6344272], [6366265], [6347491], [6347855], [6350421], [6345875] and quite a number more.
  • Additionally, a number of bugs in the ZFS gui were fixed.

x86/x64 Platform Support

  • A 64-bit glm driver for x64 was delivered. This driver supports LSI 53c810, 53c875, 53c876, 53C896 and 53C1010 SCSI chips. [5026812]
  • Compatibility with the USB controller on the Sony Z1WA, Sony Vaio PCG-V505DX and Acer Ferrari 4005 laptops (and probably on others) was improved-- in particular USB 2.0 ports should now work at full speed, rather than a USB 1.x speed. [6235370]
  • The ACPI interpreter was updated to the Intel ACPI CA 20050930 source drop
  • The gfx_private module was delivered for x86/x64. This module will be able to provide services to future graphics card drivers; it provides the ability to allocate buffers for DMA, to find PCI/AGP/PCI-E devices by a combination of vendor-id/device-id or PCI bus/device/fucntion, to read and write to PCI config spaces for devices not owned by the graphics driver, the ability to create a KVA mapping to an arbitrary contigous physical address range with the correct cache attributes, and the The ability to translate a KVA/UVA to physical address.

SPARC Platforms

  • LSI SAS 1064 support was enabled on Ontario (T2000) systems. Additionally, raidctl(1m) now supports RAID 0 on hardware controllers which support it.
  • libc_psr (processor-specific libc) was delivered for UltraSPARC-IV+ processors, providing a speed boost to memmove(), memcpy() and other memory intensive operations. memmove() is in some cases twice as fast.

Resource Management/Zones

  • A significant complaint about zones has been corrected with the fix for [5063672]. It is now easier to construct a minimized system which includes zones, without pulling in Java and other toolkits.
  • The Resource pools facility has been brought under the control of SMF via two new services, svc:/system/pools and svc:/system/pools/dynamic.


  • The Greyhound project integrated, providing an in-kernel SSL proxy. Greyhound simplifies and significantly accelerates the SSL/TLS protocol implementation by pushing the handshake and records processing into the kernel. The proxy supports the most commonly used cipher suites. Applications (e.g. web servers) may be enabled to off-load the handling of the SSL operations with those cipher suites to the proxy, and seamlessly fall-back to their existing user level SSL library for the others.
  • dirname and basename were rewritten as C programs, providing much improved performance.
  • A performance enhancement for multiprocessor systems called "soft rings" was implemented in the network driver framework ("Nemo"). This helps to spread the load of an incoming workload out across multiple CPUs more effectively.
  • MediaLib now provides libraries tuned for the UltraSPARC-T1 CPU, and MediaLib and libmvec received faster versions of sinf, cosf, sincosf and others.

Device Support

  • Support for Keyspan USB serial adapters was added. [6314455] [6357654]
  • Support for Prolific USB serial adapters was added. [6314504]
  • The ixgb (Intel 10 Gigabit) driver was updated to support Jumbo frames and hardware checksum offload. Additionally, the driver was ported to the Nemo Framework, so it picks up all of the benefits thereof, including vlans, etc. [6326737] [6326764] [6330766]
  • The chs(7d) and dbri(7d) drivers were EOF'd (removed).
  • The WiFi project, previously available on, was folded into the mainline release. This includes the command line wificonfig and the Atheros AR5212 802.11b/g driver (I'm using the wifi support to type this blog entry...).
  • The USB hub driver now includes support for power budgeting [4108775].
  • Support for Logitech mx900 mice was added.
  • Power management for the new Sun optical mouse was added. [6321149]
  • Ipod shuffle's should work again. [6346769]


  • The pktool (which manages PKCS#11 token object storage) command line interface has been updated to include alternate token support (such as is proved by the SCA-4000 card) and pktool's command line interface has been reworked.
  • Support for the Sun Crypto Accelerator 500 and 1000 cards was added via the dca(7d) driver was added. Previously, support for these cards was unbundled.
  • The kernel cryptographic API was updated to provide support for session based cryptographic functions.
  • The AES kernel cryptographic provider now supports CTR (counter) mode operation.

Fault Management Architecture (FMA)

  • The FMA Transport Layer was integrated; this extends the scope of FMA beyond a single fault region, and allows fault managers to cooperate with each other. This allows e.g. coordination between a fault manager running on a service processor with one in a Solaris instance. This is important because some error telemetry may be visible to the SP, and some to Solaris-- accurately diagnosing the fault requires access to all of the information.
  • FMA support for the UltraSPARC-T1 CPU and Memory subsystems was integrated. The T1 supports diagnosis of failures at the thread and core level, and the OS can offline failing components of the CPU as needed.
  • A more sophisticated page-retire system was implemented for big Sun-Fire servers (V1280, 2900, 4800, 4900, 6800, 6900, 15K, 25K). In particular, Solaris and the Service processor can now cooperate to track the serial numbers of DIMMs, so that more automated diagnosis and tracking of DIMM faults can be achieved. Additionally, information available from the service processor about UniBoard data path faults can now be gathered by Solaris and used by the fault manager to aid diagnosis, and to guide the isolation of the fault. On relevant platforms, a new datapath-retire diagnosis agent is provided.

OpenSolaris related activity

We have lots of community contributions this time around-- here's a rundown:
  • We're in the final stretches of our effort to clean up the source code to be cleanly compilable using gcc. In this release we've got 74 more bugs worth of gcc cleanup taken care of.
  • The long-awaited source tree split, which internally restructures the code based into "open" and "closed" trees, is complete. This is important because it makes it much easier to deliver the OpenSolaris source base to the community quickly and accurately. Mike Kupfer, who did this work, has written an extensive blog entry describing the work.
  • Contributed by Juergen Keil:
    [6304206] runtime linker may respect LANG and LC_MESSAGE more than LC_ALL
    [6311029] update pci interrupt line information after configuring pci interrupts
    [6337131] ehci_detach panics debug kernel with a failed assertion with ALi USB2.0 PCI card
    [6339683] SUNWvolr preinstall script broken, smf "smserver" service disabled
    [6366097] hidparser shouldn't use signed chars when computing max packet size
    [6317107] # key cannot be used in polled mode with a german layout ps/2 keyboard
  • Contributed by Rich Lowe:
    [4877457] dhcpconfig usage message incorrect
    [4931580] ufs_directio_kstat should be made KSTAT_TYPE_NAMED
    [6269833] ::prtconf -D
    [6294890] ::setenv dcmd dumps core if no target specified
    [6298859] server filtering in PPPoE is damaged
  • Contributed by Michael Berger:
    [6324600] comments in /usr/src/uts/i86pc/io/agpgart/agptarget.c are not correct

This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.

Technorati Tag:


Kernel Gardening.


« June 2016