Skip to content

Tags: vincechanhoi/firecracker

Tags

v0.21.1

Toggle v0.21.1's commit message 
Fixed

* Added --version flag to both Firecracker and Jailer

v0.21.0

Toggle v0.21.0's commit message 
Added

- Support for booting with an initial RAM disk image. This image can be
  specified through the new `initrd_path` field of the `/boot-source` API
  request.

Fixed

- Fixed firecracker-microvm#1469 - Broken GitHub location for Firecracker release binary.
- The jailer allows changing the default api socket path by using the extra
  arguments passed to firecracker.
- Fixed firecracker-microvm#1456 - Occasional KVM_EXIT_SHUTDOWN and bad syscall (14) during
  VM shutdown.
- Updated the production host setup guide with steps for addressing
  CVE-2019-18960.
- The HTTP header parsing is now case insensitive.
- The `put_api_requests` and `patch_api_requests` metrics for net devices were
  un-swapped.

Changed

- Removed redundant `--seccomp-level` jailer parameter since it can be
  simply forwarded to the Firecracker executable using "end of command
  options" convention.
- Removed `memory.dirty_pages` metric.
- Removed `options` field from the logger configuration.
- Decreased release binary size by ~15%.
- Changed default API socket path to `/run/firecracker.socket`. This path
  also applies when running with the jailer.
- Disabled KVM dirty page tracking by default.
- Removed redundant RescanBlockDevice action from the /actions API.
  The functionality is available through the PATCH /drives API.
  See `docs/api_requests/patch-block.md`.

v0.20.0

Toggle v0.20.0's commit message 
Added

- Added support for GICv2.

Fixed

- Fixed CVE-2019-18960 - Fixed a logical error in bounds checking performed
  on vsock virtio descriptors.
- Fixed firecracker-microvm#1283 - Can't start a VM in AARCH64 with vcpus number more than 16.
- Fixed firecracker-microvm#1088 - The backtrace are printed on `panic`, no longer causing a
  seccomp fault.
- Fixed firecracker-microvm#1375 - Change logger options type from Value to Vec<LogOption> to
  prevent potential unwrap on None panics.
- Fixed firecracker-microvm#1436 - Raise interrupt for TX queue used descriptors
- Fixed firecracker-microvm#1439 - Prevent achieving 100% cpu load when the net device rx is
  throttled by the ratelimiter
- Fixed firecracker-microvm#1437 - Invalid fields in rate limiter related API requests are
  now failing with a proper error message.
- Fixed firecracker-microvm#1316 - correctly determine the size of a virtio device backed
  by a block device.
- Fixed firecracker-microvm#1383 - Log failed api requests.

Changed

- Decreased release binary size by 10%.

v0.19.1

Toggle v0.19.1's commit message 
Fixed

* Fixed a logical error in bounds checking performed on vsock virtio
  descriptors (CVE-2019-18960).

v0.18.1

Toggle v0.18.1's commit message 
Fixed

* Fixed a logical error in bounds checking performed on vsock virtio
  descriptors (CVE-2019-18960).

v0.19.0

Toggle v0.19.0's commit message 
Added

* New command-line parameter for `firecracker`, named `--no-api`, which
  will disable the API server thread. If set, the user won't be able to send
  any API requests, neither before, nor after the vm has booted. It must be
  paired with `--config-file` parameter. Also, when API server is disabled,
  MMDS is no longer available now.
* New command-line parameter for `firecracker`, named `--config-file`, which
  represents the path to a file that contains a JSON which can be used for
  configuring and starting a microVM without sending any API requests.
* The jailer adheres to the "end of command options" convention, meaning
  all parameters specified after `--` are forwarded verbatim to Firecracker.
* Added `KVM_PTP` support to the recommended guest kernel config.
* Added entry in FAQ.md for Firecracker Guest timekeeping.

Changed

* Vsock API call: `PUT /vsocks/{id}` changed to `PUT /vsock` and no longer
  appear to support multiple vsock devices. Any subsequent calls to this API
  endpoint will override the previous vsock device configuration.
* Removed unused 'Halting' and 'Halted' instance states.

Fixed

* Fixed serial console on aarch64 (GitHub issue firecracker-microvm#1147).
* Upon panic, the terminal is now reset to canonical mode.
* Explicit error upon failure of vsock device creation.
* The failure message returned by an API call is flushed in the log FIFOs.
* Insert virtio devices in the FDT in order of their addresses sorted from
  low to high.
* Enforce the maximum length of the network interface name to be 16 chars as
  specified in the Linux Kernel.
* Changed the vsock property `id` to `vsock_id` so that the API client can be
  successfully generated from the swagger definition.

v0.18.0

Toggle v0.18.0's commit message 
Added

* New device: virtio-vsock, backed by Unix domain sockets (GitHub issue firecracker-microvm#650).
  See `docs/vsock.md`.

Fixed

* Updated the documentation for integration tests.
* Fixed high CPU usage before guest network interface is brought up (GitHub
  issue firecracker-microvm#1049).
* Fixed an issue that caused the wrong date (month) to appear in the log.
* Fixed a bug that caused the seccomp filter to reject legit syscalls in some
  rare cases (GitHub issue firecracker-microvm#1206).
* Docs: updated the production host setup guide.
* Docs: updated the rootfs and kernel creation guide.

Removed
* Removed experimental support for vhost-based vsock devices.

v0.17.0

Toggle v0.17.0's commit message 
Added

* New API call: `PATCH /machine-config/`, used to update VM configuration,
  before the microVM boots.
* Added an experimental swagger definition that includes the specification for
  the vsock API call.
* Added a signal handler for `SIGBUS` and `SIGSEGV` that immediately terminates
  the process upon intercepting the signal.
* Added documentation for signal handling utilities.
* Added [alpha] aarch64 support.
* Added metrics for successful read and write operations of MMDS, Net and Block devices.

Changed

* `vcpu_count`, `mem_size_mib` and `ht_enabled` have been changed to be mandatory
  for `PUT` requests on `/machine-config/`.
* Disallow invalid seccomp levels by exiting with error.

Fixed

* Incorrect handling of bind mounts within the jailed rootfs.
* Corrected the guide for `Alpine` guest setup.

v0.16.0

Toggle v0.16.0's commit message 
Added

* Added [alpha] AMD support.
* New `devtool` command: `prepare_release`. This updates the Firecracker
  version, crate dependencies and credits in preparation for a new release.
* New `devtool` command: `tag`. This creates a new git tag for the specified
  release number, based on the changelog contents.
* New doc section about building with glibc.

Changed

* Dropped the JSON-formatted `context` command-line parameter from Firecracker
  in favor of individual classic command-line parameters.
* When running with `jailer` the location of the API socket has changed to
  `<jail-root-path>/api.socket` (API socket was moved _inside_ the jail).
* `PUT` and `PATCH` requests on `/mmds` with data containing any value type other
  than `String`, `Array`, `Object` will return status code 400.
* Improved multiple error messages.
* Removed all kernel modules from the recommended kernel config.

Fixed

* Corrected the seccomp filter when building with glibc.

Removed

* Removed the `seccomp.bad_syscalls` metric.

v0.15.2

Toggle v0.15.2's commit message 
Fixed

* Corrected the conditional compilation of the seccomp rule for madvise.