Firecracker v0.22.2

Fixed

Fixed inconsistency in YAML file InstanceInfo definition

Firecracker v0.23.0

Added

• Added full support for AMD CPUs (General Availability). More details here.
• Added snapshot-restore functionality (Developer preview). More details here.
• Added metric for throttled block device events.
• Added metrics for counting rate limiter throttling events.
• Added metric for counting MAC address updates.
• Added metrics for counting TAP read and write errors.
• Added metrics for counting RX and TX partial writes.
• Added metrics that measure the duration of pausing and resuming the microVM,
  from the VMM perspective.
• Added metric for measuring the duration of the last full snapshot created,
  from the VMM perspective.
• Added metric for measuring the duration of loading a snapshot, from the VMM
  perspective.
• Added metrics that measure the duration of pausing and resuming the microVM,
  from the API (user) perspective.
• Added metric for measuring the duration of the last full snapshot created,
  from the API (user) perspective.
• Added metric for measuring the duration of loading a snapshot, from the API
  (user) perspective.
• Added track_dirty_pages field to machine-config. If enabled, Firecracker
  can create incremental guest memory snapshots by saving the dirty guest pages
  in a sparse file.
• Added a new API call, PATCH /vm, for changing the microVM state (to
  Paused or Resumed).
• Added a new API call, PUT /snapshot/create, for creating a full snapshot.
• Added a new API call, PUT /snapshot/load, for loading a snapshot.
• Added new jailer command line argument --cgroup which allow the user to
  specify the cgroups that are going to be set by the Jailer.

Fixed

• Boot time on AMD achieves the desired performance (i.e under 150ms).

Changed

• The logger level field is now case-insensitive.
• Disabled boot timer device after restoring a snapshot.
• Enabled boot timer device only when specifically requested, by using the
  --boot-timer dedicated cmdline parameter.
• firecracker and jailer --version now gets updated on each devtool
  build to the output of git describe --dirty, if the git repo is available.
• MicroVM process is only attached to the cgroups defined by using --cgroups
  or the ones defined indirectly by using --node.

Firecracker v0.22.1

Fixed

• Limited serial device buffer size to maximum 64 bytes.

Firecracker v0.21.3

Fixed

• Limited serial device buffer size to maximum 64 bytes.

Firecracker v0.22.0

Added

• Added a new API call, PUT /metrics, for configuring the metrics system.
• Added app_name field in InstanceInfo struct for storing the application
  name.
• New command-line parameters for firecracker, named --log-path,
  --level, --show-level and --show-log-origin that can be used
  for configuring the Logger when starting the process. When using
  this method for configuration, only --log-path is mandatory.
• Added a guide for updating the dev container image.
• Added a new API call, PUT /mmds/config, for configuring the
  MMDS with a custom valid link-local IPv4 address.
• Added experimental JSON response format support for MMDS guest applications
  requests.
• Added metrics for the vsock device.
• Added devtool strip command which removes debug symbols from the release
• Added the tx_malformed_frames metric for the virtio net device, emitted
  when a TX frame missing the VNET header is encountered.

Fixed

• Added --version flag to both Firecracker and Jailer.
• Return 405 Method Not Allowed MMDS response for non HTTP GET MMDS
  requests originating from guest.
• Fixed folder permissions in the jail (#1802).
• Any number of whitespace characters are accepted after ":" when parsing HTTP
  headers.
• Potential panic condition caused by the net device expecting to find a VNET
  header in every frame.
• Potential crash scenario caused by "Content-Length" HTTP header field
  accepting negative values.
• Fixed #1754 - net: traffic blocks when running ingress UDP performance tests
  with very large buffers.

Changed

• Updated CVE-2019-3016 mitigation information in
  Production Host Setup
• In case of using an invalid JSON as a 'config-file' for Firecracker,
  the process will exit with return code 152.
• Removed the testrun.sh wrapper.
• Removed metrics_fifo field from the logger configuration.
• Renamed log_fifo field from LoggerConfig to log_path and
  metrics_fifo field from MetricsConfig to metrics_path.
• PATCH /drives/{id} only allowed post-boot. Use PUT for pre-boot
  updates to existing configurations.
• PATCH /network-interfaces/{id} only allowed post-boot. Use PUT for
  pre-boot updates to existing configurations.
• Changed returned status code from 500 Internal Server Error to
  501 Not Implemented, for queries on the MMDS endpoint in IMDS format, when
  the requested resource value type is unsupported.
• Allowed the MMDS data store to be initialized with all supported JSON types.
  Retrieval of these values within the guest, besides String, Array, and
  Dictionary, is only possible in JSON mode.
• PATCH request on /mmds before the data store is initialized returns
  403 BadRequest.
• Segregated MMDS documentation in MMDS design documentation and MMDS user
  guide documentation.

Firecracker v0.21.2

Fixed

• Fixed #1754 - net: traffic blocks when running ingress UDP performance tests
  with very large buffers.

Firecracker v0.20.1

Fixed

• Fixed #1754 - net: traffic blocks when running ingress UDP performance tests
  with very large buffers.

Firecracker v0.21.1

Fixed

• Added --version flag to both Firecracker and Jailer.

Firecracker v0.21.0

Added

• Support for booting with an initial RAM disk image. This image can be
  specified through the new initrd_path field of the /boot-source API
  request.

Fixed

• Fixed #1469 - Broken GitHub location for Firecracker release binary.
• The jailer allows changing the default api socket path by using the extra
  arguments passed to firecracker.
• Fixed #1456 - Occasional KVM_EXIT_SHUTDOWN and bad syscall (14) during
  VM shutdown.
• Updated the production host setup guide with steps for addressing
  CVE-2019-18960.
• The HTTP header parsing is now case insensitive.
• The put_api_requests and patch_api_requests metrics for net devices were
  un-swapped.

Changed

• Removed redundant --seccomp-level jailer parameter since it can be
  simply forwarded to the Firecracker executable using "end of command
  options" convention.
• Removed memory.dirty_pages metric.
• Removed options field from the logger configuration.
• Decreased release binary size by ~15%.
• Changed default API socket path to /run/firecracker.socket. This path
  also applies when running with the jailer.
• Disabled KVM dirty page tracking by default.
• Removed redundant RescanBlockDevice action from the /actions API.
  The functionality is available through the PATCH /drives API.
  See docs/api_requests/patch-block.md.

Firecracker v0.20.0

Added

• Added support for GICv2.

Fixed

• Fixed CVE-2019-18960 - Fixed a logical error in bounds checking performed
  on vsock virtio descriptors.
• Fixed #1283 - Can't start a VM in AARCH64 with vcpus number more than 16.
• Fixed #1088 - The backtrace are printed on panic, no longer causing a
  seccomp fault.
• Fixed #1375 - Change logger options type from Value to Vec to
  prevent potential unwrap on None panics.
• Fixed #1436 - Raise interrupt for TX queue used descriptors
• Fixed #1439 - Prevent achieving 100% cpu load when the net device rx is
  throttled by the ratelimiter
• Fixed #1437 - Invalid fields in rate limiter related API requests are
  now failing with a proper error message.
• Fixed #1316 - correctly determine the size of a virtio device backed
  by a block device.
• Fixed #1383 - Log failed api requests.

Changed

• Decreased release binary size by 10%.