Added
- #5510, #5593, #5564: Add support for the VMClock device. The implementation supports the snapshot safety features proposed here, but doesn't provide currently any clock-specific information for helping the guest synchronize its clocks. More information can be found in docs.
- #5574, #5671, #5674 #5690 Added Intel Granite Rapids as a supported and tested platform for Firecracker on 6.1 host kernel versions.
Changed
- #5564: which added support for VMClock, uses one extra GSI for the VMClock device itself which reduces the available GSIs for VirtIO devices. New maximum values is 92 devices on Aarch64 and 17 devices on x86.
- #5631: Update binary copy process inside Jailer to disallow symlinks and hardlinks at the destination path and change ownership of the copied binary to the specified uid/gid.
Fixed
- #5698: Fixed the possible ENXIO error which could occur during file open operation if the underlying file is FIFO without active readers already attached.
- #5688: Fixed vsock local port reuse across snapshot restore by saving the last used local port into the snapshot, so users need to regenerate snapshots.
- #5705: Fixed a bug that caused Firecracker to corrupt the memory files of differential snapshots for VMs with multiple memory slots. This affected VMs using memory hot-plugging or any x86 VMs with a memory size larger than 3GiB.
- #5739: Fixed validation of TCP SYN options length when MMDS is enabled.