firecracker-microvm/firecracker v1.12.0

Firecracker v1.12.0

on GitHub

Added

• #5048: Added support for PVH boot mode. This is used when an x86 kernel provides the appropriate ELF Note to indicate that PVH boot mode is supported. Linux kernels newer than 5.0 compiled with CONFIG_PVH=y set this ELF Note, as do FreeBSD kernels.
• #5065 Added support for Intel AMX (Advanced Matrix Extensions). To be able to take and restore a snapshot of Intel AMX state, Xsave is used instead of kvm_xsave, so users need to regenerate snapshots.
• #4731: Added support for modifying the host TAP device name during snapshot restore.
• #5146: Added Intel Sapphire Rapids as a supported and tested platform for Firecracker.
• #5148: Added ARM Graviton4 as a supported and tested platform for Firecracker.

Changed

• #5118: Cleared WAITPKG CPUID bit in CPUID normalization. The feature enables a guest to put a physical processor into an idle state, which is undesirable in a FaaS environment since that is what the host wants to decide.
• #5142: Clarified what CPU models are supported by each existing CPU template. Firecracker exits with an error if a CPU template is used on an unsupported CPU model.

Deprecated

• #4948: Deprecated the page_size_kib field in the UFFD handshake, and replaced it with a page_size field. The page_size_kib field is misnamed, as the value Firecracker sets it to is actually the page size in bytes, not KiB. It will be removed in Firecracker 2.0.

Fixed

• #5074 Fix the SendCtrlAltDel command not working for ACPI-enabled guest kernels, by dropping the i8042.nopnp argument from the default kernel command line Firecracker constructs.
• #5122: Keep the UFFD Unix domain socket open to prevent the race condition between the guest memory mappings message and the shutdown event that was sometimes causing arrival of an empty message on the UFFD handler side.
• #5143: Fixed to report process_startup_time_us and process_startup_time_cpu_us metrics for api_server right after the API server starts, while previously reported before applying seccomp filter and starting the API server. Users may observe a bit longer startup time metrics.