Firecracker v1.1.2

Fixed

• Fixed a self-DoS scenario in the virtio-queue code by reporting and
  terminating execution when the number of available descriptors reported
  by the driver is higher than the queue size.

Firecracker v1.0.1

Fixed

• Fixed a self-DoS scenario in the virtio-queue code by reporting and
  terminating execution when the number of available descriptors reported
  by the driver is higher than the queue size.

Firecracker v1.1.1

Added

• Add a new CPU template called T2S. This exposes the same CPUID as T2
  to the Guest and also overwrites the ARCH_CAPABILITIES MSR to expose a
  reduced set of capabilities. With regards to hardware vulnerabilities
  and mitigations, the Guest vCPU will apear to look like a Skylake CPU,
  making it safe to snapshot uVMs running on a newer host CPU (Cascade Lake)
  and restore on a host that has a Skylake CPU.

Fixed

• Make the T2 template more robust by explicitly disabling additional
  CPUID flags that should be off but were missed initially or that were
  not available in the spec when the template was created.

Firecracker v1.1.0

Added

• The API PATCH methods for machine-config can now be used to reset
  the cpu_template to "None". Until this change there was no way to
  reset the cpu_template once it was set.
• Added a rebase-snap tool for rebasing a diff snapshot over a base
  snapshot.
• Mmds version is persisted across snapshot-restore. Snapshot compatibility is
  preserved bidirectionally, to and from a Firecracker version that does not
  support persisting the Mmds version. In such cases, the default V1 option is
  used.
• Added --mmds-size-limit for limiting the mmds data store size instead of
  piggy-backing on --http-api-max-payload-size. If left unconfigured it
  defaults to the value of --http-api-max-payload-size, to provide backwards
  compatibility.
• Added optional mem_backend body field in PUT requests on /snapshot/load.
  This new parameter is an object that defines the configuration of the backend
  responsible for handling memory loading during snapshot restore. The
  mem_backend parameter contains backend_type and backend_path required
  fields. backend_type is an enum that can take either File or Uffd as
  value. Interpretation of backend_path field depends on the value of
  backend_type. If File, then the user must provide the path to file that
  contains the guest memory to be loaded. Otherwise, if backend_type is Uffd,
  then backend_path is the path to a unix domain socket where a custom page
  fault handler process is listening and expecting a UFFD to be sent by
  Firecracker. The UFFD is used to handle the guest memory page faults in the
  separate process.
• Added logging for the snapshot/restore and async block device IO engine
  features to indicate they are in development preview.

Changed

• The API PATCH method for /machine-config can be now used to change
  track_dirty_pages on aarch64.
• MmdsV2 is now Generally Available.
• MmdsV1 is now deprecated and will be removed in Firecracker v2.0.0.
  Use MmdsV2 instead.
• Deprecated mem_file_path body field in PUT on /snapshot/load request.

Fixed

• Fixed inconsistency that allowed the start of a microVM from a JSON file
  without specifying the vcpu_count and mem_size_mib parameters for
  machine-config although they are mandatory when configuring via the API.
  Now these fields are mandatory when specifying machine-config in the JSON
  file and when using the PUT request on /machine-config.
• Fixed inconsistency that allowed a user to specify the cpu_template
  parameter and set smt to True in machine-config when starting from a
  JSON file on aarch64 even though they are not permitted when using PUT or
  PATCH in the API. Now Firecracker will return an error on aarch64 if smt
  is set to True or if cpu_template is specified.
• Fixed inconsistent behaviour of the PUT method for /machine-config that
  would reset the track_dirty_pages parameter to false if it was not
  specified in the JSON body of the request, but left the cpu_template
  parameter intact if it was not present in the request. Now a PUT request
  for /machine-config will reset all optional parameters (smt,
  cpu_template, track_dirty_pages) to their default values if they are
  not specified in the PUT request.
• Fixed incosistency in the swagger definition with the current state of the
  /vm/config endpoint.

Firecracker v1.0.0

Added

• Added jailer option --parent-cgroup <relative_path> to allow the placement
  of microvm cgroups in custom cgroup nested hierarchies. The default value is
  <exec-file> which is backwards compatible to the behavior before this
  change.
• Added jailer option --cgroup-version <1|2> to support running the jailer
  on systems that have cgroup-v2. Default value is 1 which means that if
  --cgroup-version is not specified, the jailer will try to create cgroups
  on cgroup-v1 hierarchies only.
• Added --http-api-max-payload-size parameter to configure the maximum payload
  size for PUT and PATCH requests.
• Limit MMDS data store size to --http-api-max-payload-size.
• Cleanup all environment variables in Jailer.
• Added metrics for accesses to deprecated HTTP and command line API endpoints.
• Added permanent HTTP endpoint for GET on /version for getting the
  Firecracker version.
• Added --metadata parameter to enable MMDS content to be supplied from a file
  allowing the MMDS to be used when using --no-api to disable the API server.
• Checksum file for the release assets.
• Added support for custom headers to MMDS requests. Accepted headers are:
  X-metadata-token, which accepts a string value that provides a session
  token for MMDS requests; and X-metadata-token-ttl-seconds, which
  specifies the lifetime of the session token in seconds.
• Support and validation for host and guest kernel 5.10.
• A kernel support policy.
• Added io_engine to the pre-boot block device configuration.
  Possible values: Sync (the default option) or Async (only available for
  kernels newer than 5.10.51). The Async variant introduces a block device
  engine that uses io_uring for executing requests asynchronously, which is in
  developer preview (NOT for production use).
  See docs/api_requests/block-io-engine.md.
• Added block.io_engine_throttled_events metric for measuring the number of
  virtio events throttled because of the IO engine.
• New optional version field to PUT requests towards /mmds/config to
  configure MMDS version. Accepted values are V1 and V2 and default is
  V1. MMDS V2 is developer preview only (NOT for production use) and
  it does not currently work after snapshot load.
• Mandatory network_interfaces field to PUT requests towards
  /mmds/config which contains a list of network interface IDs capable of
  forwarding packets to MMDS.

Changed

• Removed the --node jailer parameter.
• Deprecated vsock_id body field in PUTs on /vsock.
• Removed the deprecated the --seccomp-level parameter.
• GET requests to MMDS require a session token to be provided through
  X-metadata-token header when using V2.
• Allow PUT requests to MMDS in order to generate a session token
  to be used for future GET requests when version 2 is used.
• Remove allow_mmds_requests field from the request body that attaches network
  interfaces. Specifying interfaces that allow forwarding requests to MMDS is done
  by adding the network interface's ID to the network_interfaces field of PUT
  /mmds/config request's body.
• Renamed /machine-config ht_enabled to smt.
• smt field is now optional on PUT /machine-config, defaulting to
  false.
• Configuring smt: true on aarch64 via the API is forbidden.

Fixed

• Fixed incorrect propagation of init parameters in kernel commandline.
  Related to:
  #2709.
• Adapt T2 and C3 CPU templates for kernel 5.10. Firecracker was not previously
  masking some CPU features of the host or emulated by KVM, introduced in more
  recent kernels: umip, vmx, avx512_vnni.
• Fix jailer's cgroup implementation to accept properties that contain multiple
  dots.

Firecracker v0.25.2

Fixed

• Adapt T2 and C3 CPU templates for kernel 5.10. Firecracker was not previously
  masking some CPU features of the host or emulated by KVM, introduced in more
  recent kernels: umip, vmx, avx512_vnni.
• Fixed incorrect propagation of init parameters in kernel commandline.
  Related to:
  #2709.

Firecracker v0.25.1

Added

• Added --http-api-max-payload-size parameter to configure the maximum payload
  size for PUT and PATCH requests.
• Limit MMDS data store size to --http-api-max-payload-size.
• Cleanup all environment variables in Jailer.

Firecracker v0.24.6

Fixed

• Updated version of yanked third party dependency.

Firecracker v0.25.0

Added

• Added devtool build --ssh-keys flag to support fetching from private
  git repositories.
• Added option to configure block device flush.
• Added --new-pid-ns flag to the Jailer in order to spawn the Firecracker
  process in a new PID namespace.
• Added API metrics for GET, PUT and PATCH requests on /mmds endpoint.
• Added --describe-snapshot flag to Firecracker to fetch the data format
  version of a snapshot state file provided as argument.
• Added --no-seccomp parameter for disabling the default seccomp filters.
• Added --seccomp-filter parameter for supplying user-provided, custom filters.
• Added the seccompiler-bin binary that is used to compile JSON seccomp filters
  into serialized BPF for Firecracker consumption.
• Snapshotting support for GICv2 enabled guests.
• Added devtool install to deploy built binaries in /usr/local/bin or a
  given path.
• Added code logic to send VIRTIO_VSOCK_EVENT_TRANSPORT_RESET on snapshot
  creation, when the Vsock device is active. The event will close active
  connections on the guest.
• Added GET request on /vm/config that provides full microVM configuration
  as a JSON HTTP response.
• Added --resource-limit flag to jailer to limit resources such as: number of
  file descriptors allowed at a time (with a default value of 2048) and maximum
  size of files created by the process.

Changed

• Changed Docker images repository from DockerHub to Amazon ECR.
• Fixed off-by-one error in virtio-block descriptor address validation.
• Changed the PATCH request on /balloon/statistics to schedule the first
  statistics update immediately after processing the request.
• Deprecated the --seccomp-level parameter. It will be removed in a future
  release. Using it logs a runtime warning.
• Experimental gnu libc builds use empty default seccomp filters, allowing all
  system calls.

Fixed

• Fixed non-compliant check for the RTC device ensuring a fixed
  4-sized data buffer.
• Unnecessary interrupt assertion was removed from the RTC.
  However, a dummy interrupt is still allocated for snapshot
  compatibility reasons.
• Fixed the SIGPIPE signal handler so Firecracker no longer exits. The signal
  is still recorded in metrics and logs.
• Fixed ballooning API definitions by renaming all fields which mentioned "MB"
  to use "MiB" instead.
• Snapshot related host files (vm-state, memory, block backing files) are now
  flushed to their backing mediums as part of the CreateSnapshot operation.
• Fixed the SSBD mitigation not being enabled on aarch64 with the provided
  prod-host-setup.md.
• Fixed the balloon statistics not working after a snapshot restore event.
• The utc_timestamp_ms now reports the timestamp in ms from the UTC UNIX
  Epoch, as the name suggests. It was previously using a monotonic clock with
  an undefined starting point.

Firecracker v0.24.5

Fixed

• Fixed seccomp blocking syscalls necessary for Rust panics.