github firecracker-microvm/firecracker v1.16.0
Firecracker v1.16.0
on GitHub

5 hours ago

Added

  • #5786: Added developer preview support for hotplugging and hot-unplugging PCI virtio devices (block, pmem, net) on a running microVM. The guest must manually rescan the PCI bus after hotplug and remove the device before unplug since no automatic notification mechanism is implemented yet. More information can be found in the Device Hotplugging documentation page.
  • #5323: Add support for Vsock Unix domain socket path overriding on snapshot restore. More information can be found in the docs.
  • #5824: Add optional rate limiting to serial console output, configurable via the rate_limiter field on PUT /serial. A new metric is exposed under uart: rate_limiter_dropped_bytes.
  • #5799: Add per-callsite rate limiting for error, warn, and info level log messages. Each callsite independently allows up to 10 messages per 5-second window. When logging resumes after suppression, a warn-level summary reports the count of suppressed messages. A new rate_limited_log_count metric tracks the total number of suppressed messages.
  • #5789: Add rate-limiter support to virtio-pmem device to allow control over I/O bandwidth generated by the FLUSH requests from the guest.
  • #5872: Add notification suppression support in the virtio-vsock device via the EVENT_IDX virtio feature to reduce device overhead.
  • #5828: Advertise MTU to the guest via VIRTIO_NET_F_MTU using a new optional mtu field in the network-interfaces API. When set, a compatible guest driver will configure the interface with the specified MTU.
  • #5906: Add rng-seed FDT node for aarch64 guests which provides an initial random seed for the guest to use. This helps older aarch64 machines which do not have hardware random generators.
  • Added support for Linux 6.18 host kernels alongside the existing 5.10 and 6.1 host kernels. See the kernel support policy for details.

Fixed

  • #5762: Cap virtio-rng per-request entropy to 64 KiB. Previously, a guest could construct a descriptor chain that caused Firecracker to allocate more host memory than the guest actually provided, potentially leading to excessive host memory consumption.
  • #5760: Fixed HID (Hardware ID) of VMGenID device so that it aligns with the upstream Linux kernel. This caused the driver not to be bound correctly to the device prior to Linux kernel 6.10.
  • #5764: Fixed a bug that caused the guest UART driver to get stuck and stop transmitting after snapshot restore. The bug was triggered by taking a snapshot while a serial transmission was taking place. On restore the driver would wait for a TX interrupt that would never arrive and no output would appear in the serial console.
  • #5780: Fixed missing /sys/devices/system/cpu/cpu*/cache/* in aarch64 guests when running on host kernels >= 6.3 with guest kernels >= 6.1.156.
  • #5793: Fixed virtio-mem plug/unplug skipping KVM slot updates for memory blocks not aligned to a slot boundary. On plug, this could leave hotplugged memory inaccessible to the guest. On unplug, the guest could retain access to memory that Firecracker considered freed.
  • #5794: Bound balloon statistics descriptor length to prevent a guest-controlled oversized descriptor from temporarily stalling the VMM event loop. Only affects microVMs with stats_polling_interval_s > 0.
  • #5809: Fixed a bug on host Linux >= 5.16 for x86_64 guests using the kvm-clock clock source causing the monotonic clock to jump on restore by the wall-clock time elapsed since the snapshot was taken. Users using kvm-clock that want to explicitly advance the clock with KVM_CLOCK_REALTIME can opt back in using the new clock_realtime flag in LoadSnapshot API.
  • #5738: Fixed x86_64 snapshot serialization to cover the full KVM custom MSR range (0x4b564d00-0x4b564dff) instead of a small subset. Previously, some KVM MSRs such as MSR_KVM_ASYNC_PF_INT and MSR_KVM_ASYNC_PF_ACK were missing from snapshots, which could cause issues on restore.
  • #5818: Enforce the virtio device initialization sequence in the PCI transport, matching the existing MMIO transport behavior. The PCI transport now validates device status transitions, rejects queue configuration writes outside the FEATURES_OK to DRIVER_OK window, rejects feature negotiation outside the DRIVER state, blocks re-initialization after a failed reset, and sets DEVICE_NEEDS_RESET when device activation fails.
  • #5818: Reject device status writes that clear previously set bits in the MMIO transport, except for reset.
  • #5884: Corrected the OpenAPI spec for PATCH /balloon/hinting/start and PATCH /balloon/hinting/stop to declare 204 No Content instead of 200, matching the actual runtime response.
  • #5882: Fixed a race in the vsock device where, after snapshot restore, the RX queue could deliver data to the guest before it had acknowledged the TRANSPORT_RESET event, causing established connections to break.
Check out latest releases or
releases around firecracker-microvm/firecracker v1.16.0

Don't miss a new firecracker release

NewReleases is sending notifications on new releases.

Get notifications