Merge branch 'main' into fix-kib-name

Author: roypat

CHANGELOG.md

@@ -10,6 +10,11 @@ and this project adheres to
 
 ### Added
 
+- [#5048](https://github.com/firecracker-microvm/firecracker/pull/5048): Added
+  support for [PVH boot mode](docs/pvh.md). This is used when an x86 kernel
+  provides the appropriate ELF Note to indicate that PVH boot mode is supported.
+  Linux kernels newer than 5.0 compiled with `CONFIG_PVH=y` set this ELF Note,
+  as do FreeBSD kernels.
 - [#5065](https://github.com/firecracker-microvm/firecracker/pull/5065) Added
   support for Intel AMX (Advanced Matrix Extensions).
 - [#4731](https://github.com/firecracker-microvm/firecracker/pull/4731): Added
@@ -45,11 +50,6 @@ and this project adheres to
   kernels. For older kernels physical counter will still be passed to the guest
   unmodified. See more info
   [here](https://github.com/firecracker-microvm/firecracker/blob/main/docs/prod-host-setup.md#arm-only-vm-physical-counter-behaviour)
-- [#5048](https://github.com/firecracker-microvm/firecracker/pull/5048): Added
-  support for [PVH boot mode](docs/pvh.md). This is used when an x86 kernel
-  provides the appropriate ELF Note to indicate that PVH boot mode is supported.
-  Linux kernels newer than 5.0 compiled with `CONFIG_PVH=y` set this ELF Note,
-  as do FreeBSD kernels.
 - [#5088](https://github.com/firecracker-microvm/firecracker/pull/5088): Added
   AMD Genoa as a supported and tested platform for Firecracker.
 

CREDITS.md

@@ -36,6 +36,7 @@ Contributors to the Firecracker repository:
 - Alexandru Cihodaru <[email protected]>
 - Alexandru-Cezar Sardan <[email protected]>
 - Alin Dima <[email protected]>
+- Anatoli Babenia <[email protected]>
 - Andrea Manzini <[email protected]>
 - Andreea Florescu <[email protected]>
 - Andrei Casu-Pop <[email protected]>
@@ -73,6 +74,7 @@ Contributors to the Firecracker repository:
 - Chris Christensen <[email protected]>
 - Christian González <[email protected]>
 - Christopher Diehl <[email protected]>
+- Christos Katsakioris <[email protected]>
 - cneira <[email protected]>
 - Colin Percival <[email protected]>
 - Colton J. McCurdy <[email protected]>
@@ -125,6 +127,7 @@ Contributors to the Firecracker repository:
 - Iulian Barbu <[email protected]>
 - Ives van Hoorne <[email protected]>
 - Jack Thomson <[email protected]>
+- jackabald <[email protected]>
 - James Curtis <[email protected]>
 - James Turnbull <[email protected]>
 - Javier Romero <[email protected]>
@@ -142,6 +145,7 @@ Contributors to the Firecracker repository:
 - Julian Stecklina <[email protected]>
 - Justus Adam <[email protected]>
 - Ján Mochňak <[email protected]>
+- kanpov <[email protected]>
 - karthik nedunchezhiyan <[email protected]>
 - KarthikVelayutham <[email protected]>
 - Kazuyoshi Kato <[email protected]>
@@ -156,6 +160,7 @@ Contributors to the Firecracker repository:
 - Liviu Berciu <[email protected]>
 - Lloyd <[email protected]>
 - lloydmeta <[email protected]>
+- longxiangqiao <[email protected]>
 - Lorenzo Fontana <[email protected]>
 - LOU Xun <[email protected]>
 - Lucas Zanela <[email protected]>
@@ -172,6 +177,7 @@ Contributors to the Firecracker repository:
 - Massimiliano Torromeo <[email protected]>
 - Matias Teragni <[email protected]>
 - Matt Wilson <[email protected]>
+- Matthew Buckingham-Bishop <[email protected]>
 - Matthew Schlebusch <[email protected]>
 - Max Wittek <[email protected]>
 - Mehrdad Arshad Rad <[email protected]>
@@ -212,6 +218,7 @@ Contributors to the Firecracker repository:
 - Ria <[email protected]>
 - Riccardo Mancini <[email protected]>
 - Richard Case <[email protected]>
+- River Phillips <[email protected]>
 - Rob Devereux <[email protected]>
 - Robert Grimes <[email protected]>
 - Rodrigue Chakode <[email protected]>
@@ -234,6 +241,7 @@ Contributors to the Firecracker repository:
 - Sripracha <[email protected]>
 - Stefan Nita <[email protected]>
 - StemCll <[email protected]>
+- Steven Wirges <[email protected]>
 - Sudan Landge <[email protected]>
 - [email protected] <[email protected]>
 - Takahiro Itazuri <[email protected]>
@@ -245,6 +253,7 @@ Contributors to the Firecracker repository:
 - timvisee <[email protected]>
 - Tobias Pfandzelter <[email protected]>
 - Tomas Valenta <[email protected]>
+- tommady <[email protected]>
 - Tomoya Iwata <[email protected]>
 - Trăistaru Andrei Cristian <[email protected]>
 - Tyler Anton <[email protected]>

FAQ.md

@@ -196,9 +196,9 @@ mapping:
 
 ### How can I gracefully reboot the guest? How can I gracefully poweroff the guest?
 
-Firecracker does not implement ACPI and PM devices, therefore operations like
-gracefully rebooting or powering off the guest are supported in unconventional
-ways.
+Firecracker does not virtualize guest power management, therefore operations
+like gracefully rebooting or powering off the guest are supported in
+unconventional ways.
 
 Running the `poweroff` or `halt` commands inside a Linux guest will bring it
 down but Firecracker process remains unaware of the guest shutdown so it lives

docs/RELEASE_POLICY.md

@@ -90,8 +90,9 @@ v3.1 will be patched since were the last two Firecracker releases and less than
 
 | Release | Release Date | Latest Patch | Min. end of support | Official end of Support         |
 | ------: | -----------: | -----------: | ------------------: | :------------------------------ |
+|   v1.11 |   2025-03-18 |      v1.11.0 |          2025-09-18 | Supported                       |
 |   v1.10 |   2024-11-07 |      v1.10.1 |          2025-05-07 | Supported                       |
-|    v1.9 |   2024-09-02 |       v1.9.1 |          2025-03-02 | Supported                       |
+|    v1.9 |   2024-09-02 |       v1.9.1 |          2025-03-02 | 2025-03-18 (v1.11 released)     |
 |    v1.8 |   2024-07-10 |       v1.8.0 |          2025-01-10 | 2025-01-10 (end of 6mo support) |
 |    v1.7 |   2024-03-18 |       v1.7.0 |          2024-09-18 | 2024-09-18 (end of 6mo support) |
 |    v1.6 |   2023-12-20 |       v1.6.0 |          2024-06-20 | 2024-07-10 (v1.8 released)      |

docs/getting-started.md

@@ -94,29 +94,44 @@ For simplicity, this guide will not use the [`jailer`](../src/jailer/).
 ### Getting a rootfs and Guest Kernel Image
 
 To successfully start a microVM, you will need an uncompressed Linux kernel
-binary, and an ext4 file system image (to use as rootfs). This guide uses a 5.10
-kernel image with a Ubuntu 24.04 rootfs from our CI:
+binary, and an ext4 file system image (to use as rootfs). This guide uses the
+latest kernel image and Ubuntu rootfs available in our CI for the latest
+release.
 
 ```bash
 ARCH="$(uname -m)"
-
-latest=$(wget "http://spec.ccfc.min.s3.amazonaws.com/?prefix=firecracker-ci/v1.11/$ARCH/vmlinux-5.10&list-type=2" -O - 2>/dev/null | grep -oP "(?<=<Key>)(firecracker-ci/v1.11/$ARCH/vmlinux-5\.10\.[0-9]{1,3})(?=</Key>)")
+release_url="https://github.com/firecracker-microvm/firecracker/releases"
+latest_version=$(basename $(curl -fsSLI -o /dev/null -w  %{url_effective} ${release_url}/latest))
+CI_VERSION=${latest_version%.*}
+latest_kernel_key=$(curl "http://spec.ccfc.min.s3.amazonaws.com/?prefix=firecracker-ci/$CI_VERSION/$ARCH/vmlinux-&list-type=2" \
+    | grep -oP "(?<=<Key>)(firecracker-ci/$CI_VERSION/$ARCH/vmlinux-[0-9]+\.[0-9]+\.[0-9]{1,3})(?=</Key>)" \
+    | sort -V | tail -1)
 
 # Download a linux kernel binary
-wget "https://s3.amazonaws.com/spec.ccfc.min/${latest}"
+wget "https://s3.amazonaws.com/spec.ccfc.min/${latest_kernel_key}"
+
+latest_ubuntu_key=$(curl "http://spec.ccfc.min.s3.amazonaws.com/?prefix=firecracker-ci/$CI_VERSION/$ARCH/ubuntu-&list-type=2" \
+    | grep -oP "(?<=<Key>)(firecracker-ci/$CI_VERSION/$ARCH/ubuntu-[0-9]+\.[0-9]+\.squashfs)(?=</Key>)" \
+    | sort -V | tail -1)
+ubuntu_version=$(basename $latest_ubuntu_key .sqashfs | grep -oE '[0-9]+\.[0-9]+')
 
 # Download a rootfs
-wget -O ubuntu-24.04.squashfs.upstream "https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.11/${ARCH}/ubuntu-24.04.squashfs"
+wget -O ubuntu-$ubuntu_version.squashfs.upstream "https://s3.amazonaws.com/spec.ccfc.min/$latest_ubuntu_key"
 
 # Create an ssh key for the rootfs
-unsquashfs ubuntu-24.04.squashfs.upstream
+unsquashfs ubuntu-$ubuntu_version.squashfs.upstream
 ssh-keygen -f id_rsa -N ""
 cp -v id_rsa.pub squashfs-root/root/.ssh/authorized_keys
-mv -v id_rsa ./ubuntu-24.04.id_rsa
+mv -v id_rsa ./ubuntu-$ubuntu_version.id_rsa
 # create ext4 filesystem image
 sudo chown -R root:root squashfs-root
-truncate -s 400M ubuntu-24.04.ext4
-sudo mkfs.ext4 -d squashfs-root -F ubuntu-24.04.ext4
+truncate -s 400M ubuntu-$ubuntu_version.ext4
+sudo mkfs.ext4 -d squashfs-root -F ubuntu-$ubuntu_version.ext4
+
+# Verify everything was correctly set up and print versions
+echo "Kernel: $(ls vmlinux-* | tail -1)"
+echo "Rootfs: $(ls *.ext4 | tail -1)"
+echo "SSH Key: $(ls *.id_rsa | tail -1)"
 ```
 
 ### Getting a Firecracker Binary
@@ -241,7 +256,7 @@ sudo curl -X PUT --unix-socket "${API_SOCKET}" \
     }" \
     "http://localhost/boot-source"
 
-ROOTFS="./ubuntu-24.04.ext4"
+ROOTFS="./$(ls *.ext4 | tail -1)"
 
 # Set rootfs
 sudo curl -X PUT --unix-socket "${API_SOCKET}" \
@@ -282,14 +297,16 @@ sudo curl -X PUT --unix-socket "${API_SOCKET}" \
 # started before we attempt to SSH into it.
 sleep 2s
 
+KEY_NAME=./$(ls *.id_rsa | tail -1)
+
 # Setup internet access in the guest
-ssh -i ./ubuntu-24.04.id_rsa [email protected]  "ip route add default via 172.16.0.1 dev eth0"
+ssh -i $KEY_NAME [email protected]  "ip route add default via 172.16.0.1 dev eth0"
 
 # Setup DNS resolution in the guest
-ssh -i ./ubuntu-24.04.id_rsa [email protected]  "echo 'nameserver 8.8.8.8' > /etc/resolv.conf"
+ssh -i $KEY_NAME [email protected]  "echo 'nameserver 8.8.8.8' > /etc/resolv.conf"
 
 # SSH into the microVM
-ssh -i ./ubuntu-24.04.id_rsa [email protected]
+ssh -i $KEY_NAME [email protected]
 
 # Use `root` for both the login and password.
 # Run `reboot` to exit.

docs/kernel-policy.md

@@ -7,26 +7,31 @@ related changes.
 
 We are continuously validating the currently supported Firecracker releases (as
 per [Firecracker’s release policy](../docs/RELEASE_POLICY.md)) using a
-combination of:
-
-- host linux kernel versions 5.10, and 6.1;
-- guest linux kernel versions 5.10 and 6.1. Guest linux kernels 4.14 are
-  deprecated with Firecracker v1.9 and we will drop support for them with
-  Firecracker v1.10.
+combination of all supported host and guest kernel versions in the table below.
 
 While other versions and other kernel configs might work, they are not
 periodically validated in our test suite, and using them might result in
 unexpected behaviour. Starting with release `v1.0` each major and minor release
 will specify the supported kernel versions.
 
-Once a kernel version is officially enabled, it is supported for a **minimum of
-2 years**. Adding support for a new kernel version will result in a Firecracker
-release only if compatibility changes are required.
+Once a kernel version is officially added, it is supported for a **minimum of 2
+years**. At least 2 major guest and host versions will be supported at any time.
+When support is added for a third kernel version, the oldest will be deprecated
+and removed in a following release, after its minimum end of support date.
+
+### Host Kernel
+
+| Host kernel | Min. version | Min. end of support |
+| ----------: | -----------: | ------------------: |
+|       v5.10 |       v1.0.0 |          2024-01-31 |
+|        v6.1 |       v1.5.0 |          2025-10-12 |
+
+### Guest Kernel
 
-| Host kernel | Guest kernel v4.14 (deprecated) | Guest kernel v5.10 | Guest kernel v6.1 | Min. end of support |
-| ----------: | :-----------------------------: | :----------------: | :---------------: | ------------------: |
-|       v5.10 |         Y (deprecated)          |         Y          |         Y         |          2024-01-31 |
-|        v6.1 |         Y (deprecated)          |         Y          |         Y         |          2025-10-12 |
+| Guest kernel | Min. version | Min. end of support |
+| -----------: | -----------: | ------------------: |
+|        v5.10 |       v1.0.0 |          2024-01-31 |
+|         v6.1 |       v1.9.0 |          2026-09-02 |
 
 The guest kernel configs used in our validation pipelines can be found
 [here](../resources/guest_configs/) while a breakdown of the relevant guest

docs/snapshotting/snapshot-support.md

@@ -126,17 +126,6 @@ The snapshot functionality is still in developer preview due to the following:
 
 ### Limitations
 
-- Currently on aarch64 platforms only lower 128 bits of any register are saved
-  due to the limitations of `get/set_one_reg` from `kvm-ioctls` crate that
-  Firecracker uses to interact with KVM. This creates an issue with newer
-  aarch64 CPUs with support for registers with width greater than 128 bits,
-  because these registers will be truncated before being stored in the snapshot.
-  This can lead to uVM failure if restored from such snapshot. Because registers
-  wider than 128 bits are usually used in SVE instructions, the best way to
-  mitigate this issue is to ensure that the software run in uVM does not use SVE
-  instructions during snapshot creation. An alternative way is to use
-  [CPU templates](../cpu_templates/cpu-templates.md) to disable SVE related
-  features in uVM.
 - High snapshot latency on 5.4+ host kernels due to cgroups V1. We strongly
   recommend to deploy snapshots on cgroups V2 enabled hosts for the implied
   kernel versions -

tools/release-notes.py

@@ -21,14 +21,14 @@
     iterator = iter(changelog_lines)
 
     for line in iterator:
-        if line.startswith(f"## \\[{cur_version}\\]"):
+        if line.startswith(f"## [{cur_version}]"):
             break
     else:
         print(f"Could not find changelog entry for version {cur_version}!")
         sys.exit(1)
 
     for line in iterator:
-        if line.startswith("## \\["):
+        if line.startswith("## ["):
             break
 
         if line.startswith("#"):