|
4 | 4 |
|
5 | 5 | ### Added |
6 | 6 |
|
7 | | -- Add a new CPU template called `T2S`. This exposes the same CPUID as `T2` |
8 | | - to the Guest and also overwrites the `ARCH_CAPABILITIES` MSR to expose a |
9 | | - reduced set of capabilities. With regards to hardware vulnerabilities |
10 | | - and mitigations, the Guest vCPU will apear to look like a Skylake CPU, |
11 | | - making it safe to snapshot uVMs running on a newer host CPU (Cascade Lake) |
12 | | - and restore on a host that has a Skylake CPU. |
| 7 | +- Added a new CPU template called `T2S`. This exposes the same CPUID as `T2` to |
| 8 | + the Guest and also overwrites the `ARCH_CAPABILITIES` MSR to expose a reduced |
| 9 | + set of capabilities. With regards to hardware vulnerabilities and mitigations, |
| 10 | + the Guest vCPU will apear to look like a Skylake CPU, making it safe to |
| 11 | + snapshot uVMs running on a newer host CPU (Cascade Lake) and restore on a host |
| 12 | + that has a Skylake CPU. |
13 | 13 | - Added a new CLI option `--metrics-path PATH`. It accepts a file parameter |
14 | 14 | where metrics will be sent to. |
15 | 15 | - Added baselines for m6i.metal and m6a.metal for all long running performance |
16 | 16 | tests. |
| 17 | +- Releases now include debuginfo files. |
17 | 18 |
|
18 | 19 | ### Changed |
19 | 20 |
|
20 | 21 | - Changed the jailer option `--exec-file` to fail if the filename does not |
21 | 22 | contain the string `firecracker` to prevent from running non-firecracker |
22 | 23 | binaries. |
23 | | -- Rust toolchain upgraded from 1.52.1 to 1.64.0. |
| 24 | +- Upgraded Rust toolchain from 1.52.1 to 1.64.0. |
24 | 25 | - Switched to specifying our dependencies using caret requirements instead |
25 | 26 | of comparison requirements. |
26 | 27 | - Updated all dependencies to their respective newest versions. |
27 | 28 |
|
28 | 29 | ### Fixed |
29 | 30 |
|
30 | | -- Make the `T2` template more robust by explicitly disabling additional |
| 31 | +- Made the `T2` template more robust by explicitly disabling additional |
31 | 32 | CPUID flags that should be off but were missed initially or that were |
32 | 33 | not available in the spec when the template was created. |
33 | 34 | - Now MAC address is correctly displayed when queried with GET `/vm/config` |
34 | 35 | if left unspecified in both pre and post snapshot states. |
35 | 36 | - Fixed a self-DoS scenario in the virtio-queue code by reporting and |
36 | 37 | terminating execution when the number of available descriptors reported |
37 | 38 | by the driver is higher than the queue size. |
38 | | -- Fixed the bad handling of kernel cmdline parameters when init arguments |
39 | | - where provided in the `boot_args` field of the JSON body of the |
40 | | - PUT `/boot-source` request. |
| 39 | +- Fixed the bad handling of kernel cmdline parameters when init arguments were |
| 40 | + provided in the `boot_args` field of the JSON body of the PUT `/boot-source` |
| 41 | + request. |
41 | 42 | - Fixed a bug on ARM64 hosts where the upper 64bits of the V0-V31 FL/SIMD |
42 | 43 | registers were not saved correctly when taking a snapshot, potentially |
43 | 44 | leading to data loss. This change invalidates all ARM64 snapshots taken |
44 | 45 | with versions of Firecracker <= 1.1.3. |
| 46 | +- Improved stability and security when saving CPU MSRs in snapshots. |
45 | 47 |
|
46 | 48 | ## [1.1.0] |
47 | 49 |
|
|
0 commit comments