Releases: firecracker-microvm/firecracker
Releases · firecracker-microvm/firecracker
Firecracker v0.22.2
Fixed
Fixed inconsistency in YAML file InstanceInfo definition
Firecracker v0.23.0
Added
- Added full support for AMD CPUs (General Availability). More details here.
- Added snapshot-restore functionality (Developer preview). More details here.
- Added metric for throttled block device events.
- Added metrics for counting rate limiter throttling events.
- Added metric for counting MAC address updates.
- Added metrics for counting TAP read and write errors.
- Added metrics for counting RX and TX partial writes.
- Added metrics that measure the duration of pausing and resuming the microVM,
from the VMM perspective. - Added metric for measuring the duration of the last full snapshot created,
from the VMM perspective. - Added metric for measuring the duration of loading a snapshot, from the VMM
perspective. - Added metrics that measure the duration of pausing and resuming the microVM,
from the API (user) perspective. - Added metric for measuring the duration of the last full snapshot created,
from the API (user) perspective. - Added metric for measuring the duration of loading a snapshot, from the API
(user) perspective. - Added
track_dirty_pages
field tomachine-config
. If enabled, Firecracker
can create incremental guest memory snapshots by saving the dirty guest pages
in a sparse file. - Added a new API call,
PATCH /vm
, for changing the microVM state (to
Paused
orResumed
). - Added a new API call,
PUT /snapshot/create
, for creating a full snapshot. - Added a new API call,
PUT /snapshot/load
, for loading a snapshot. - Added new jailer command line argument
--cgroup
which allow the user to
specify the cgroups that are going to be set by the Jailer.
Fixed
- Boot time on AMD achieves the desired performance (i.e under 150ms).
Changed
- The logger
level
field is now case-insensitive. - Disabled boot timer device after restoring a snapshot.
- Enabled boot timer device only when specifically requested, by using the
--boot-timer
dedicated cmdline parameter. - firecracker and jailer
--version
now gets updated on each devtool
build to the output ofgit describe --dirty
, if the git repo is available. - MicroVM process is only attached to the cgroups defined by using
--cgroups
or the ones defined indirectly by using--node
.
Firecracker v0.22.1
Fixed
- Limited serial device buffer size to maximum 64 bytes.
Firecracker v0.21.3
Fixed
- Limited serial device buffer size to maximum 64 bytes.
Firecracker v0.22.0
Added
- Added a new API call,
PUT /metrics
, for configuring the metrics system. - Added
app_name
field in InstanceInfo struct for storing the application
name. - New command-line parameters for
firecracker
, named--log-path
,
--level
,--show-level
and--show-log-origin
that can be used
for configuring the Logger when starting the process. When using
this method for configuration, only--log-path
is mandatory. - Added a guide for updating the dev container image.
- Added a new API call,
PUT /mmds/config
, for configuring the
MMDS
with a custom valid link-local IPv4 address. - Added experimental JSON response format support for MMDS guest applications
requests. - Added metrics for the vsock device.
- Added devtool strip command which removes debug symbols from the release
- Added the
tx_malformed_frames
metric for the virtio net device, emitted
when a TX frame missing the VNET header is encountered.
Fixed
- Added
--version
flag to both Firecracker and Jailer. - Return
405 Method Not Allowed
MMDS response for non HTTPGET
MMDS
requests originating from guest. - Fixed folder permissions in the jail (#1802).
- Any number of whitespace characters are accepted after ":" when parsing HTTP
headers. - Potential panic condition caused by the net device expecting to find a VNET
header in every frame. - Potential crash scenario caused by "Content-Length" HTTP header field
accepting negative values. - Fixed #1754 - net: traffic blocks when running ingress UDP performance tests
with very large buffers.
Changed
- Updated CVE-2019-3016 mitigation information in
Production Host Setup - In case of using an invalid JSON as a 'config-file' for Firecracker,
the process will exit with return code 152. - Removed the
testrun.sh
wrapper. - Removed
metrics_fifo
field from the logger configuration. - Renamed
log_fifo
field from LoggerConfig tolog_path
and
metrics_fifo
field from MetricsConfig tometrics_path
. PATCH /drives/{id}
only allowed post-boot. UsePUT
for pre-boot
updates to existing configurations.PATCH /network-interfaces/{id}
only allowed post-boot. UsePUT
for
pre-boot updates to existing configurations.- Changed returned status code from
500 Internal Server Error
to
501 Not Implemented
, for queries on the MMDS endpoint in IMDS format, when
the requested resource value type is unsupported. - Allowed the MMDS data store to be initialized with all supported JSON types.
Retrieval of these values within the guest, besides String, Array, and
Dictionary, is only possible in JSON mode. PATCH
request on/mmds
before the data store is initialized returns
403 BadRequest
.- Segregated MMDS documentation in MMDS design documentation and MMDS user
guide documentation.
Firecracker v0.21.2
Fixed
- Fixed #1754 - net: traffic blocks when running ingress UDP performance tests
with very large buffers.
Firecracker v0.20.1
Fixed
- Fixed #1754 - net: traffic blocks when running ingress UDP performance tests
with very large buffers.
Firecracker v0.21.1
Fixed
- Added
--version
flag to both Firecracker and Jailer.
Firecracker v0.21.0
Added
- Support for booting with an initial RAM disk image. This image can be
specified through the newinitrd_path
field of the/boot-source
API
request.
Fixed
- Fixed #1469 - Broken GitHub location for Firecracker release binary.
- The jailer allows changing the default api socket path by using the extra
arguments passed to firecracker. - Fixed #1456 - Occasional KVM_EXIT_SHUTDOWN and bad syscall (14) during
VM shutdown. - Updated the production host setup guide with steps for addressing
CVE-2019-18960. - The HTTP header parsing is now case insensitive.
- The
put_api_requests
andpatch_api_requests
metrics for net devices were
un-swapped.
Changed
- Removed redundant
--seccomp-level
jailer parameter since it can be
simply forwarded to the Firecracker executable using "end of command
options" convention. - Removed
memory.dirty_pages
metric. - Removed
options
field from the logger configuration. - Decreased release binary size by ~15%.
- Changed default API socket path to
/run/firecracker.socket
. This path
also applies when running with the jailer. - Disabled KVM dirty page tracking by default.
- Removed redundant RescanBlockDevice action from the /actions API.
The functionality is available through the PATCH /drives API.
Seedocs/api_requests/patch-block.md
.
Firecracker v0.20.0
Added
- Added support for GICv2.
Fixed
- Fixed CVE-2019-18960 - Fixed a logical error in bounds checking performed
on vsock virtio descriptors. - Fixed #1283 - Can't start a VM in AARCH64 with vcpus number more than 16.
- Fixed #1088 - The backtrace are printed on
panic
, no longer causing a
seccomp fault. - Fixed #1375 - Change logger options type from Value to Vec to
prevent potential unwrap on None panics. - Fixed #1436 - Raise interrupt for TX queue used descriptors
- Fixed #1439 - Prevent achieving 100% cpu load when the net device rx is
throttled by the ratelimiter - Fixed #1437 - Invalid fields in rate limiter related API requests are
now failing with a proper error message. - Fixed #1316 - correctly determine the size of a virtio device backed
by a block device. - Fixed #1383 - Log failed api requests.
Changed
- Decreased release binary size by 10%.