-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-8770ce788c 2023-11-09 01:24:51.354212 -------------------------------------------------------------------------------- Name : rust-userfaultfd Product : Fedora 38 Version : 0.7.0 Release : 1.fc38 URL : https://crates.io/crates/userfaultfd Summary : Rust bindings for the Linux userfaultfd functionality Description : Rust bindings for the Linux userfaultfd functionality. -------------------------------------------------------------------------------- Update Information: - Added official support for Linux 6.1. See prod-host-setup.md for some security and performance considerations. - Added `snapshot-editor` tool for modifications of snapshot files. It allows for rebasing of memory snapshot files, printing and removing aarch64 registers from the vmstate and obtaining snapshot version. - Added new fields to the custom CPU templates. (aarch64 only) `vcpu_features` field allows modifications of vCPU features enabled during vCPU initialization. `kvm_capabilities` field allows modifications of KVM capability checks that Firecracker performs during boot. If any of these fields are in use, minimal target snapshot version is restricted to 1.5. - Updated deserialization of `bitmap` for custom CPU templates to allow usage of '_' as a separator. - Changed the strip feature of `cpu-template-helper` tool to operate bitwise. - Better logs during validation of CPU ID in snapshot restoration path. Also Firecracker now does not fail if it can't get CPU ID from the host or can't find CPU ID in the snapshot. - Changed the serial device to only try to initialize itself if stdin is a terminal or a FIFO pipe. This fixes logged warnings about the serial device failing to initialize if the process is daemonized (in which case stdin is /dev/null instead of a terminal). - Changed to show a warning message when launching a microVM with C3 template on a processor prior to Intel Cascade Lake, because the guest kernel does not apply the mitigation against MMIO stale data vulnerability when it is running on a processor that does not enumerate FBSDP_NO, PSDP_NO and SBDR_SSDP_NO on IA32_ARCH_CAPABILITIES MSR. - Made Firecracker resize its file descriptor table on process start. It now preallocates the in-kernel fdtable to hold `RLIMIT_NOFILE` many fds (or 2048 if no limit is set). This avoids the kernel reallocating the fdtable during Firecracker operations, resulting in a 30ms to 70ms reduction of snapshot restore times for medium to large microVMs with many devices attached. - Changed the dump feature of `cpu-template-helper` tool not to enumerate program counter (PC) on ARM because it is determined by the given kernel image and it is useless in the custom CPU template context. - The ability to create snapshots for an older version of Firecracker is now deprecated. As a result, the `version` body field in `PUT` on `/snapshot/create` request in deprecated. - Added support for the /dev/userfaultfd device available on linux kernels >= 6.1. This is the default for creating UFFD handlers on these kernel versions. If it is unavailable, Firecracker falls back to the userfaultfd syscall. - Deprecated `cpu_template` field in `PUT` and `PATCH` requests on `/machine-config` API, which is used to set a static CPU template. Custom CPU templates added in v1.4.0 are available as an improved iteration of the static CPU templates. - Changed default log level from Warn to Info. This results in more logs being output by default. - Fixed a change in behavior of normalize host brand string that breaks Firecracker on external instances. - Fixed the T2A CPU template not to unset the MMX bit (CPUID.80000001h:EDX[23]) and the FXSR bit (CPUID.80000001h:EDX[24]). - Fixed the T2A CPU template to set the RstrFpErrPtrs bit (CPUID.80000008h:EBX[2]). - Fixed a bug where Firecracker would crash during boot if a guest set up a virtio queue that partially overlapped with the MMIO gap. Now Firecracker instead correctly refuses to activate the corresponding virtio device. - Fixed the T2CL CPU template to pass through security mitigation bits that are listed by KVM as bits able to be passed through. By making the most use of the available hardware security mitigations on a processor that a guest is running on, the guest might be able to benefit from performance improvements. - Fixed the T2S CPU template to set the GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR to 1 in accordance with an Intel microcode update. To use the template securely, users should apply the latest microcode update on the host. - Fixed the spelling of the `nomodule` param passed in the default kernel command line parameters. This is a **breaking change** for setups that use the default kernel command line which also depend on being able to load kernel modules at runtime. This may also break setups which use the default kernel command line and which use an init binary that inadvertently depends on the misspelled param ("nomodules") being present at the command line, since this param will no longer be passed. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 31 2023 David Michael <fedora.dm0@xxxxxxxxx> - 0.7.0-1 - Update to version 0.7.0 (rhbz#2218024) * Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2243788 - firecracker-1.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2243788 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-8770ce788c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue