Releases: firecracker-microvm/firecracker
Releases · firecracker-microvm/firecracker
Firecracker v1.4.0
Added
- Added support for custom CPU templates allowing users to adjust vCPU features
exposed to the guest via CPUID, MSRs and ARM registers. - Introduced V1N1 static CPU template for ARM to represent Neoverse V1 CPU
as Neoverse N1. - Added support for the
virtio-rngentropy device. The device is optional. A
single device can be enabled per VM using the/entropyendpoint. - Added a
cpu-template-helpertool for assisting with creating and managing
custom CPU templates.
Changed
- Set FDP_EXCPTN_ONLY bit (CPUID.7h.0:EBX[6]) and ZERO_FCS_FDS bit
(CPUID.7h.0:EBX[13]) in Intel's CPUID normalization process.
Fixed
- Fixed feature flags in T2S CPU template on Intel Ice Lake.
- Fixed CPUID leaf 0xb to be exposed to guests running on AMD host.
- Fixed a performance regression in the jailer logic for closing open file
descriptors. Related to:
#3542. - A race condition that has been identified between the API thread and the VMM
thread due to a misconfiguration of theapi_event_fd. - Fixed CPUID leaf 0x1 to disable perfmon and debug feature on x86 host.
- Fixed passing through cache information from host in CPUID leaf 0x80000006.
- Fixed the T2S CPU template to set the RRSBA bit of the IA32_ARCH_CAPABILITIES
MSR to 1 in accordance with an Intel microcode update. - Fixed the T2CL CPU template to pass through the RSBA and RRSBA bits of the
IA32_ARCH_CAPABILITIES MSR from the host in accordance with an Intel microcode
update. - Fixed passing through cache information from host in CPUID leaf 0x80000005.
- Fixed the T2A CPU template to disable SVM (nested virtualization).
- Fixed the T2A CPU template to set EferLmsleUnsupported bit
(CPUID.80000008h:EBX[20]), which indicates that EFER[LMSLE] is not supported.
Firecracker v1.3.3
Fixed
- Fixed passing through cache information from host in CPUID leaf 0x80000006.
Firecracker v1.2.1
Changed
- Upgraded Rust toolchain from 1.64.0 to 1.66.1.
Fixed
- A race condition that has been identified between the API thread and the VMM
thread due to a misconfiguration of theapi_event_fd.
Firecracker v1.3.2
Fixed
- A race condition that has been identified between the API thread and the VMM
thread due to a misconfiguration of theapi_event_fd.
Firecracker v1.3.1
Fixed
- Fixed taking a snapshot with
target_version = 1.3.0failing with the
message "Cannot translate microVM version to snapshot data version".
Firecracker v1.3.0
Update 03-03: This release contains a bug when trying to snapshot with target_version=1.3.0, which results in an error and no snapshot taken. To mitigate this bug, leave target_version empty or use target_version=1.2.0 We are currently working on a fix.
Added
- Introduced T2CL (Intel) and T2A (AMD) CPU templates to provide
instruction set feature parity between Intel and AMD CPUs when using
these templates. - Added Graviton3 support (c7g instance type).
Changed
- Improved error message when invalid network backend provided.
- Improved TCP throughput by between 5% and 15% (depending on CPU) by using
scatter-gather I/O in the net device's TX path. - Upgraded Rust toolchain from 1.64.0 to 1.66.0.
- Made seccompiler output bit-reproducible.
Fixed
- Fixed feature flags in T2 CPU template on Intel Ice Lake.
Firecracker v1.1.4
Fixed
- Fixed a bug on ARM64 hosts where the upper 64bits of the V0-V31 FL/SIMD
registers were not saved correctly when taking a snapshot, potentially leading
to data loss. This change invalidates all ARM64 snapshots taken with versions
of Firecracker <= 1.1.3.
Firecracker v1.2.0
Added
- Added a new CPU template called
T2S. This exposes the same CPUID asT2to
the Guest and also overwrites theARCH_CAPABILITIESMSR to expose a reduced
set of capabilities. With regards to hardware vulnerabilities and mitigations,
the Guest vCPU will apear to look like a Skylake CPU, making it safe to
snapshot uVMs running on a newer host CPU (Cascade Lake) and restore on a host
that has a Skylake CPU. - Added a new CLI option
--metrics-path PATH. It accepts a file parameter
where metrics will be sent to. - Added baselines for m6i.metal and m6a.metal for all long running performance
tests. - Releases now include debuginfo files.
Changed
- Changed the jailer option
--exec-fileto fail if the filename does not
contain the stringfirecrackerto prevent from running non-firecracker
binaries. - Upgraded Rust toolchain from 1.52.1 to 1.64.0.
- Switched to specifying our dependencies using caret requirements instead
of comparison requirements. - Updated all dependencies to their respective newest versions.
Fixed
- Made the
T2template more robust by explicitly disabling additional
CPUID flags that should be off but were missed initially or that were
not available in the spec when the template was created. - Now MAC address is correctly displayed when queried with GET
/vm/config
if left unspecified in both pre and post snapshot states. - Fixed a self-DoS scenario in the virtio-queue code by reporting and
terminating execution when the number of available descriptors reported
by the driver is higher than the queue size. - Fixed the bad handling of kernel cmdline parameters when init arguments were
provided in theboot_argsfield of the JSON body of the PUT/boot-source
request. - Fixed a bug on ARM64 hosts where the upper 64bits of the V0-V31 FL/SIMD
registers were not saved correctly when taking a snapshot, potentially
leading to data loss. This change invalidates all ARM64 snapshots taken
with versions of Firecracker <= 1.1.3. - Improved stability and security when saving CPU MSRs in snapshots.
Firecracker v1.0.2
Fixed
- Fixed the bad handling of kernel cmdline parameters when init arguments were
provided in theboot_argsfield of the JSON body of the PUT/boot-source
request.
Firecracker v1.1.3
Changed
- Upgraded Rust version to 1.64. This enables us to keep supporting v1.1. [not reflected in CHANGELOG.md]
Fixed
- Fixed the bad handling of kernel cmdline parameters when init arguments were
provided in theboot_argsfield of the JSON body of the PUT/boot-source
request.