-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c9e0a7600c 2024-04-04 00:45:10.065700 -------------------------------------------------------------------------------- Name : firecracker Product : Fedora 39 Version : 1.7.0 Release : 1.fc39 URL : https://firecracker-microvm.github.io/ Summary : Secure and fast microVMs for serverless computing Description : Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models. Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine the security and isolation properties provided by hardware virtualization technology with the speed and flexibility of containers. This package does not include all of the security features of an official release. It is not production ready without additional sandboxing. -------------------------------------------------------------------------------- Update Information: Added - Added support to emit aggregate (minimum/maximum/sum) latency for VcpuExit::MmioRead, VcpuExit::MmioWrite, VcpuExit::IoIn and VcpuExit::IoOut. The average for these VM exits is not emitted since it can be deduced from the available emitted metrics. - Added dev-preview support for backing a VM's guest memory by 2M hugetlbfs pages. - Added block and net device metrics for file/tap access latencies and queue backlog lengths, which can be used to analyse saturation of the Firecracker VMM thread and underlying layers. Queue backlog length metrics are flushed periodically. They can be used to esimtate an average queue length by request by dividing its value by the number of requests served. Changed - Changed microVM snapshot format version strategy. Firecracker snapshot format now has a version that is independent of Firecracker version. The current version of the snapshot format is v1.0.0. From now on, the Firecracker binary will define the snapshot format version it supports and it will only be able to load snapshots with format that is backwards compatible with that version. Users can pass the --snapshot-version flag to the Firecracker binary to see its supported snapshot version format. This change renders all previous Firecracker snapshots (up to Firecracker version v1.6.0) incompatible with the current Firecracker version. - Added information about page size to the payload Firecracker sends to the UFFD handler. Each memory region object now contains a page_size_kib field. - Only use memfd to back guest memory if a vhost-user-blk device is configured, otherwise use anonymous private memory. This is because serving page faults of shared memory used by memfd is slower and may impact workloads. Fixed - Fixed a bug in the cpu-template-helper that made it panic during conversion of cpu configuration with SVE registers to the cpu template on aarch64 platform. Now cpu-template-helper will print warnings if it encounters SVE registers during the conversion process. This is because cpu templates are limited to only modify registers less than 128 bits. - Fixed a bug in the Firecracker that prevented it to restore snapshots of VMs that had SVE enabled. - Made PATCH requests to the /machine-config endpoint transactional, meaning Firecracker's configuration will be unchanged if the request returns an error. This fixes a bug where a microVM with incompatible balloon and guest memory size could be booted, due to the check for this condition happening after Firecracker's configuration was updated. - Added a double fork mechanism in the Jailer to avoid setsid() failures occurred while running Jailer as the process group leader. However, this changed the behaviour of Jailer and now the Firecracker process will always have a different PID than the Jailer process. - Added a "Known Limitations" section in the Jailer docs to highlight the above change in behaviour. - Provided a mechanism to reliably fetch Firecracker PID. With this change, Firecracker process's PID will always be available in the Jailer's root directory regardless of whether new_pid_ns was set. - Fixed a bug where a client would hang or timeout when querying for an MMDS path whose content is empty, because the 'Content-Length' header field was missing in a response. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 18 2024 David Michael <fedora.dm0@xxxxxxxxx> - 1.7.0-1 - Update to the 1.7.0 release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2270248 - firecracker-1.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2270248 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c9e0a7600c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue