Firecracker v1.14.3

Fixed

• #5739: Fixed validation of TCP SYN options length when MMDS is enabled.

Firecracker v1.15.0

Added

• #5510, #5593, #5564: Add support for the VMClock device. The implementation supports the snapshot safety features proposed here, but doesn't provide currently any clock-specific information for helping the guest synchronize its clocks. More information can be found in docs.
• #5574, #5671, #5674 #5690 Added Intel Granite Rapids as a supported and tested platform for Firecracker on 6.1 host kernel versions.

Changed

• #5564: which added support for VMClock, uses one extra GSI for the VMClock device itself which reduces the available GSIs for VirtIO devices. New maximum values is 92 devices on Aarch64 and 17 devices on x86.
• #5631: Update binary copy process inside Jailer to disallow symlinks and hardlinks at the destination path and change ownership of the copied binary to the specified uid/gid.

Fixed

• #5698: Fixed the possible ENXIO error which could occur during file open operation if the underlying file is FIFO without active readers already attached.
• #5688: Fixed vsock local port reuse across snapshot restore by saving the last used local port into the snapshot, so users need to regenerate snapshots.
• #5705: Fixed a bug that caused Firecracker to corrupt the memory files of differential snapshots for VMs with multiple memory slots. This affected VMs using memory hot-plugging or any x86 VMs with a memory size larger than 3GiB.
• #5739: Fixed validation of TCP SYN options length when MMDS is enabled.

Firecracker v1.14.2

Fixed

• #5698: Fixed the possible ENXIO error which could occur during file open operation if the underlying file is FIFO without active readers already attached.
• #5705: Fixed a bug that caused Firecracker to corrupt the memory files of differential snapshots for VMs with multiple memory slots. This affected VMs using memory hot-plugging or any x86 VMs with a memory size larger than 3GiB.

Firecracker v1.14.1

Changed

• #5631: Update binary copy process inside Jailer to disallow symlinks and hardlinks at the destination path and change ownership of the copied binary to the specified uid/gid.

Firecracker v1.13.2

Changed

• #5631: Update binary copy process inside Jailer to disallow symlinks and hardlinks at the destination path and change ownership of the copied binary to the specified uid/gid.

Firecracker v1.14.0

Added

• #5350: Added a /serial endpoint, which allows setting serial_out_path to the path of a pre-created file into which Firecracker should redirect output from the guest's serial console. Not configuring it means Firecracker will continue to print serial output to stdout. Similarly to the logger, this configuration is not persisted across snapshots.
• #5463: Added support for virtio-pmem devices. See documentation for more information.
• #5534: Added support for memory hot-plugging through the virtio-mem device. See documentation for more information.
• #5491: Added support for virtio-balloon free page reporting and hinting. Free page reporting is a developer preview not for production feature. See documentation for more information.

Changed

• #4028: Firecracker now creates the log and metrics files if they do not exist, simplifying the launch of Firecracker by removing a manual step.
• #5516: Balloon stats now supports guest kernel >= 6.12, adding metrics on guest OOM kills, memory allocation stalls, and memory scan/reclaim info.
• #5526: Specify IA32_MTRRdefType MSR on VM boot to allow it to set page attributes for memory regions.

Removed

• #5439: Removed the rx_partial_writes, tx_partial_reads, sync_response_fails, sync_vmm_send_timeout_count, deprecated_cmd_line_api_calls, log_fails and device_events metrics, as they were never incremented.

Fixed

• #5418: Fixed typo in Swagger definition of MmdsConfig, where the property imds_compat was spelled as imds_comat. This caused auto-generated clients to create bad requests.
• #5447: Fixed Intel AMX enabling for kernels that support dynamic XSTATE features for userspace applications but not for KVM guests (e.g. kernel versions >= 5.16 and < 5.17).
• #5485: Fixed a bug causing a read/write from an iovec to be duplicated when receiving an error on an iovec other than the first. This caused a data corruption issue in the vsock device starting from guest kernel 6.17.
• #5494: Fixed a watchdog soft lockup bug on microVMs restored from snapshots by calling KVM_KVMCLOCK_CTRL ioctl before resuming.
• #5538: Fixed a cache coherency issue on non-FWB aarch64 platforms by adding dma-coherent property to virtio-mmio nodes in the FDT.

Firecracker v1.13.1

Fixed

• #5418: Fixed typo in Swagger definition of MmdsConfig, where the property imds_compat was spelled as imds_comat. This caused auto-generated client to create bad requests.

Firecracker v1.13.0

Added

• #5139: Added support for PVTime. This is used to support steal time on ARM machines.
• #5175: Allow including a custom cpu template directly in the json configuration file passed to --config-file under the cpu_config key.
• #5274: Allow taking diff snapshots even if dirty page tracking is disabled, by using mincore(2) to overapproximate the set of dirty pages. Only works if swap is disabled.
• #5290: Extended MMDS to support the EC2 IMDS-compatible session token headers (i.e. "X-aws-ec2-metadata-token" and "X-aws-ec2-metadata-token-ttl-seconds") alongside the MMDS-specific ones.
• #5290: Added mmds.rx_invalid_token and mmds.rx_no_token metrics to track the number of GET requests that were rejected due to token validation failures in MMDS version 2. These metrics also count requests that would be rejected in MMDS version 2 when MMDS version 1 is configured. They helps users assess readiness for migrating to MMDS version 2.
• #5310: Added an optional imds_compat field (default to false if not provided) to PUT requests to /mmds/config to enforce MMDS to always respond plain text contents in the IMDS format regardless of the Accept header in requests. Users need to regenerate snapshots.
• #5364: Added PCI support in Firecracker. PCI support is optional. Users can enable it passing the --enable-pci flag when launching the Firecracker process. When Firecracker process is launched with PCI support, it will create all VirtIO devices using a PCI VirtIO transport. If not enabled, Firecracker will use the MMIO transport instead.

Changed

• #5165: Changed Firecracker snapshot feature from developer preview to generally available. Incremental snapshots remain in developer preview.
• #5282: Updated jailer to no longer require the executable file name to contain firecracker.
• #5290: Changed MMDS to validate the value of "X-metadata-token-ttl-seconds" header only if it is a PUT request to /latest/api/token, as in EC2 IMDS.
• #5290: Changed MMDS version 1 to support the session oriented method as in version 2, allowing easier migration to version 2. Note that MMDS version 1 accepts a GET request even with no token or an invalid token so that existing workloads continue to work.

Deprecated

• #5274: Deprecated the enable_diff_snapshots parameter of the /snapshot/load API. Use track_dirty_pages instead.

Removed

• #5411: Removed official support for Intel Skylake instances. Firecracker will continue to work on those instances, but we will no longer perform automated testing on them.

Fixed

• #5222: Fixed network and rng devices locking up on hosts with non 4K pages.
• #5226: Fixed MMDS to set Content-Type header correctly (i.e. Content-Type: text/plain for IMDS-formatted or error responses and Content-Type: application/json for JSON-formatted responses).
• #5260: Fixed a bug allowing the block device to starve all other devices when backed by a sufficiently slow drive.
• #4207: Fixed GSI numbering on aarch64 to correctly allow up to 96 devices being attached simultaneously.
• #5290: Fixed MMDS to reject PUT requests containing X-Forwarded-For header regardless of its casing (e.g. x-forwarded-for).
• #5328: Fixed MMDS to set the token TTL header (i.e. "X-metadata-token-ttl-seconds" or "X-aws-ec2-metadata-token-ttl-seconds") in the response to "PUT /latest/api/token", as EC2 IMDS does.

Firecracker v1.12.1

Fixed

• #5277: Fixed a bug allowing the block device to starve all other devices when backed by a sufficiently slow drive.

Firecracker v1.12.0

Added

• #5048: Added support for PVH boot mode. This is used when an x86 kernel provides the appropriate ELF Note to indicate that PVH boot mode is supported. Linux kernels newer than 5.0 compiled with CONFIG_PVH=y set this ELF Note, as do FreeBSD kernels.
• #5065 Added support for Intel AMX (Advanced Matrix Extensions). To be able to take and restore a snapshot of Intel AMX state, Xsave is used instead of kvm_xsave, so users need to regenerate snapshots.
• #4731: Added support for modifying the host TAP device name during snapshot restore.
• #5146: Added Intel Sapphire Rapids as a supported and tested platform for Firecracker.
• #5148: Added ARM Graviton4 as a supported and tested platform for Firecracker.

Changed

• #5118: Cleared WAITPKG CPUID bit in CPUID normalization. The feature enables a guest to put a physical processor into an idle state, which is undesirable in a FaaS environment since that is what the host wants to decide.
• #5142: Clarified what CPU models are supported by each existing CPU template. Firecracker exits with an error if a CPU template is used on an unsupported CPU model.

Deprecated

• #4948: Deprecated the page_size_kib field in the UFFD handshake, and replaced it with a page_size field. The page_size_kib field is misnamed, as the value Firecracker sets it to is actually the page size in bytes, not KiB. It will be removed in Firecracker 2.0.

Fixed

• #5074 Fix the SendCtrlAltDel command not working for ACPI-enabled guest kernels, by dropping the i8042.nopnp argument from the default kernel command line Firecracker constructs.
• #5122: Keep the UFFD Unix domain socket open to prevent the race condition between the guest memory mappings message and the shutdown event that was sometimes causing arrival of an empty message on the UFFD handler side.
• #5143: Fixed to report process_startup_time_us and process_startup_time_cpu_us metrics for api_server right after the API server starts, while previously reported before applying seccomp filter and starting the API server. Users may observe a bit longer startup time metrics.