Skip to content

Tags: sooids/firecracker

Tags

v1.1.0

Toggle v1.1.0's commit message
Added

* The API `PATCH` methods for `machine-config` can now be used to reset
  the `cpu_template` to `"None"`. Until this change there was no way to
  reset the `cpu_template` once it was set.
* Added a `rebase-snap` tool for rebasing a diff snapshot over a base
  snapshot.
* Mmds version is persisted across snapshot-restore. Snapshot compatibility is
  preserved bidirectionally, to and from a Firecracker version that does not
  support persisting the Mmds version. In such cases, the default V1 option is
  used.
* Added `--mmds-size-limit` for limiting the mmds data store size instead of
  piggy-backing on `--http-api-max-payload-size`. If left unconfigured it
  defaults to the value of `--http-api-max-payload-size`, to provide backwards
  compatibility.
* Added optional `mem_backend` body field in `PUT` requests on `/snapshot/load`.
  This new parameter is an object that defines the configuration of the backend
  responsible for handling memory loading during snapshot restore. The
  `mem_backend` parameter contains `backend_type` and `backend_path` required
  fields. `backend_type` is an enum that can take either `File` or `Uffd` as
  value. Interpretation of `backend_path` field depends on the value of
  `backend_type`. If `File`, then the user must provide the path to file that
  contains the guest memory to be loaded. Otherwise, if `backend_type` is `Uffd`,
  then `backend_path` is the path to a unix domain socket where a custom page
  fault handler process is listening and expecting a UFFD to be sent by
  Firecracker. The UFFD is used to handle the guest memory page faults in the
  separate process.
* Added logging for the snapshot/restore and async block device IO engine
  features to indicate they are in development preview.

Changed

* The API `PATCH` method for `/machine-config` can be now used to change
  `track_dirty_pages` on aarch64.
* MmdsV2 is now Generally Available.
* MmdsV1 is now deprecated and will be removed in Firecracker v2.0.0.
  Use MmdsV2 instead.
* Deprecated `mem_file_path` body field in `PUT` on `/snapshot/load` request.

Fixed

* Fixed inconsistency that allowed the start of a microVM from a JSON file
  without specifying the `vcpu_count` and `mem_size_mib` parameters for
  `machine-config` although they are mandatory when configuring via the API.
  Now these fields are mandatory when specifying `machine-config` in the JSON
  file and when using the `PUT` request on `/machine-config`.
* Fixed inconsistency that allowed a user to specify the `cpu_template`
  parameter and set `smt` to `True` in `machine-config` when starting from a
  JSON file on aarch64 even though they are not permitted when using `PUT` or
  `PATCH` in the API. Now Firecracker will return an error on aarch64 if `smt`
  is set to `True` or if `cpu_template` is specified.
* Fixed inconsistent behaviour of the `PUT` method for `/machine-config` that
  would reset the `track_dirty_pages` parameter to `false` if it was not
  specified in the JSON body of the request, but left the `cpu_template`
  parameter intact if it was not present in the request. Now a `PUT` request
  for `/machine-config` will reset all optional parameters (`smt`,
  `cpu_template`, `track_dirty_pages`) to their default values if they are
  not specified in the `PUT` request.
* Fixed incosistency in the swagger definition with the current state of the
  `/vm/config` endpoint.

v1.0.0

Toggle v1.0.0's commit message
Added

* Added jailer option `--parent-cgroup <relative_path>` to allow the placement
  of microvm cgroups in custom cgroup nested hierarchies. The default value is
  `<exec-file>` which is backwards compatible to the behavior before this
  change.
* Added jailer option `--cgroup-version <1|2>` to support running the jailer
  on systems that have cgroup-v2. Default value is `1` which means that if
  `--cgroup-version` is not specified, the jailer will try to create cgroups
  on cgroup-v1 hierarchies only.
* Added `--http-api-max-payload-size` parameter to configure the maximum payload
  size for PUT and PATCH requests.
* Limit MMDS data store size to `--http-api-max-payload-size`.
* Cleanup all environment variables in Jailer.
* Added metrics for accesses to deprecated HTTP and command line API endpoints.
* Added permanent HTTP endpoint for `GET` on `/version` for getting the
  Firecracker version.
* Added `--metadata` parameter to enable MMDS content to be supplied from a file
  allowing the MMDS to be used when using `--no-api` to disable the API server.
* Checksum file for the release assets.
* Added support for custom headers to MMDS requests. Accepted headers are:
  `X-metadata-token`, which accepts a string value that provides a session
  token for MMDS requests; and `X-metadata-token-ttl-seconds`, which
  specifies the lifetime of the session token in seconds.
* Support and validation for host and guest kernel 5.10.
* A [kernel support policy](docs/kernel-policy.md).
* Added `io_engine` to the pre-boot block device configuration.
  Possible values: `Sync` (the default option) or `Async` (only available for
  kernels newer than 5.10.51). The `Async` variant introduces a block device
  engine that uses io_uring for executing requests asynchronously, which is in
  **developer preview** (NOT for production use).
  See `docs/api_requests/block-io-engine.md`.
* Added `block.io_engine_throttled_events` metric for measuring the number of
  virtio events throttled because of the IO engine.
* New optional `version` field to PUT requests towards `/mmds/config` to
  configure MMDS version. Accepted values are `V1` and `V2` and default is
  `V1`. MMDS `V2` is **developer preview only** (NOT for production use) and
  it does not currently work after snapshot load.
* Mandatory `network_interfaces` field to PUT requests towards
  `/mmds/config` which contains a list of network interface IDs capable of
  forwarding packets to MMDS.

Changed

* Removed the `--node` jailer parameter.
* Deprecated `vsock_id` body field in `PUT`s on `/vsock`.
* Removed the deprecated the `--seccomp-level parameter`.
* `GET` requests to MMDS require a session token to be provided through
  `X-metadata-token` header when using V2.
* Allow `PUT` requests to MMDS in order to generate a session token
  to be used for future `GET` requests when version 2 is used.
* Remove `allow_mmds_requests` field from the request body that attaches network
  interfaces. Specifying interfaces that allow forwarding requests to MMDS is done
  by adding the network interface's ID to the `network_interfaces` field of PUT
  `/mmds/config` request's body.
* Renamed `/machine-config` `ht_enabled` to `smt`.
* `smt` field is now optional on PUT `/machine-config`, defaulting to
  `false`.
* Configuring `smt: true` on aarch64 via the API is forbidden.

Fixed

* Fixed incorrect propagation of init parameters in kernel commandline.
  Related to:
  [firecracker-microvm#2709](firecracker-microvm#2709).
* Adapt T2 and C3 CPU templates for kernel 5.10. Firecracker was not previously
  masking some CPU features of the host or emulated by KVM, introduced in more
  recent kernels: `umip`, `vmx`, `avx512_vnni`.
* Fix jailer's cgroup implementation to accept properties that contain multiple
  dots.

v0.25.2

Toggle v0.25.2's commit message
Fixed

* Adapt T2 and C3 CPU templates for kernel 5.10. Firecracker was not previously
  masking some CPU features of the host or emulated by KVM, introduced in more
  recent kernels: `umip`, `vmx`, `avx512_vnni`.
* Fixed incorrect propagation of init parameters in kernel commandline.
  Related to:
  [firecracker-microvm#2709](firecracker-microvm#2709).

v0.25.1

Toggle v0.25.1's commit message
Added

* Added `--http-api-max-payload-size` parameter to configure the maximum payload
  size for PUT and PATCH requests.
* Limit MMDS data store size to `--http-api-max-payload-size`.
* Cleanup all environment variables in Jailer.

v0.24.6

Toggle v0.24.6's commit message
Fixed

* Updated version of yanked third party dependency.

v0.25.0

Toggle v0.25.0's commit message
Added

* Added devtool build `--ssh-keys` flag to support fetching from private
  git repositories.
* Added option to configure block device flush.
* Added `--new-pid-ns` flag to the Jailer in order to spawn the Firecracker
  process in a new PID namespace.
* Added API metrics for `GET`, `PUT` and `PATCH` requests on `/mmds` endpoint.
* Added `--describe-snapshot` flag to Firecracker to fetch the data format
  version of a snapshot state file provided as argument.
* Added `--no-seccomp` parameter for disabling the default seccomp filters.
* Added `--seccomp-filter` parameter for supplying user-provided, custom filters.
* Added the `seccompiler-bin` binary that is used to compile JSON seccomp filters
  into serialized BPF for Firecracker consumption.
* Snapshotting support for GICv2 enabled guests.
* Added `devtool install` to deploy built binaries in `/usr/local/bin` or a
  given path.
* Added code logic to send `VIRTIO_VSOCK_EVENT_TRANSPORT_RESET` on snapshot
  creation, when the Vsock device is active. The event will close active
  connections on the guest.
* Added `GET` request on `/vm/config` that provides full microVM configuration
  as a JSON HTTP response.
* Added `--resource-limit` flag to jailer to limit resources such as: number of
  file descriptors allowed at a time (with a default value of 2048) and maximum
  size of files created by the process.

Changed

* Changed Docker images repository from DockerHub to Amazon ECR.
* Fixed off-by-one error in virtio-block descriptor address validation.
* Changed the `PATCH` request on `/balloon/statistics` to schedule the first
  statistics update immediately after processing the request.
* Deprecated the `--seccomp-level parameter`. It will be removed  in a future
  release. Using it logs a runtime warning.
* Experimental gnu libc builds use empty default seccomp filters, allowing all
  system calls.

Fixed

* Fixed non-compliant check for the RTC device ensuring a fixed
  4-sized data buffer.
* Unnecessary interrupt assertion was removed from the RTC.
  However, a dummy interrupt is still allocated for snapshot
  compatibility reasons.
* Fixed the SIGPIPE signal handler so Firecracker no longer exits. The signal
  is still recorded in metrics and logs.
* Fixed ballooning API definitions by renaming all fields which mentioned "MB"
  to use "MiB" instead.
* Snapshot related host files (vm-state, memory, block backing files) are now
  flushed to their backing mediums as part of the CreateSnapshot operation.
* Fixed the SSBD mitigation not being enabled on `aarch64` with the provided
  `prod-host-setup.md`.
* Fixed the balloon statistics not working after a snapshot restore event.
* The `utc_timestamp_ms` now reports the timestamp in ms from the UTC UNIX
  Epoch, as the name suggests. It was previously using a monotonic clock with
  an undefined starting point.

v0.24.5

Toggle v0.24.5's commit message
Fixed

* Fixed seccomp blocking syscalls necessary for Rust panics.

v0.23.5

Toggle v0.23.5's commit message
Fixed

* Fixed seccomp blocking syscalls necessary for Rust panics.

v0.25-wip

Toggle v0.25-wip's commit message
Firecracker v0.25 work in progress

v0.26-wip

Toggle v0.26-wip's commit message
Firecracker v0.26 work in progress