Skip to content

[v1.14] Expose memory mapping & dirty pages; Make memfile dump optional #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
bchalios wants to merge 54 commits into
base: firecracker-v1.14
Choose a base branch
from
Draft

[v1.14] Expose memory mapping & dirty pages; Make memfile dump optional #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
54 commits
Select commit Hold shift + click to select a range
5585532
fix: open files with `read` modifier
ShadowCurse Feb 18, 2026
51c8692
cleanup: remove redundant std::result::Result imports
ShadowCurse Feb 18, 2026
3a12ebf
changelog: add note about FIFO fix
ShadowCurse Feb 19, 2026
07fd784
vmm: memory.rs: Do not panic in dump_dirty()
ilstam Feb 24, 2026
881e4b8
tests: memory.rs: Improve documentation in test_dump_dirty()
ilstam Feb 19, 2026
0b8725e
vmm: memory.rs: Fail dump_dirty() when bitmap size is wrong
ilstam Feb 24, 2026
5156f7d
fix(diff-snapshot): Advance file cursor when trailing pages are clean
ilstam Feb 19, 2026
beba51f
tests: memory.rs: Extend test_dump_dirty() with trailing clean case
ilstam Feb 20, 2026
70ecd2a
tests: integration: Make test_diff_snapshot_overlay test multi-slot VMs
ilstam Feb 20, 2026
cdbcdd6
CHANGELOG: 1.14.2: Mention diff snapshot memory corruption bugfix
ilstam Feb 25, 2026
ba56cd2
devtool: move ensure_kvm into devtool
ShadowCurse Feb 24, 2026
18d533e
devtool: more robust logic for tweaking kvm module
ShadowCurse Feb 18, 2026
26b4c55
chore: release v1.14.2
Manciukic Feb 26, 2026
b115e08
chore(deps): bump aws-lc-rs
JackThomson2 Mar 5, 2026
d57d169
fix(mmds): validate tcp opt len
JackThomson2 Mar 6, 2026
8e72c3d
test(mmds): assert opt length validation
JackThomson2 Mar 6, 2026
2471ae0
chore(changelog): add MMDS tcp option length entry
JackThomson2 Mar 10, 2026
9154cfe
chore: release v1.14.3
JackThomson2 Mar 13, 2026
8a00171
fix(entropy): cap per-request entropy allocation to 64 KiB
kalyazin Mar 13, 2026
2e1a4c0
chore: Update aws-lc-rs 1.16.2
zulinx86 Mar 23, 2026
253140c
fix(tests/spectre-meltdown-checker): pin due to bugs in tip
Manciukic Apr 2, 2026
f47fb0f
refactor(pci): Move device status constants to pci/mod.rs
zulinx86 Mar 18, 2026
baa7c26
chore(pci): Remove redundant FAILED check in is_driver_ready()
zulinx86 Mar 19, 2026
931e6a9
refactor(pci): Replace raw hex offsets with named constants
zulinx86 Mar 19, 2026
7b51f81
fix(pci): Check device status before virtqueue config writes
zulinx86 Mar 18, 2026
5f791c1
test: Use queue_select instead of device_status for PCI config cap test
zulinx86 Mar 20, 2026
4242cb5
fix(pci): Enforce device status state machine
zulinx86 Mar 18, 2026
5d9bf8b
fix(mmio): Reject missing cumulative bits in device status
zulinx86 Mar 19, 2026
e5bb827
test(pci): Add realistic guest-side test for queue config immutability
zulinx86 Mar 19, 2026
5c8b847
test(mmio): Add unit test for queue config immutability
zulinx86 Mar 20, 2026
608d9dd
fix(pci): Block device re-initialization after unsupported reset
zulinx86 Mar 19, 2026
92e61fa
fix(pci): Set DEVICE_NEEDS_RESET on activation failure
zulinx86 Mar 19, 2026
1152982
fix(pci): Check device status for feature negotiation
zulinx86 Mar 19, 2026
a213b3d
docs: Add CHANGELOG entries for virtio transport fixes
zulinx86 Mar 20, 2026
1dd26ef
fix(aarch64): override fabricated CLIDR_EL1 to match host cache topology
kalyazin Mar 20, 2026
4acbb53
fix(virtio-mem): interval intersection in slots_intersecting_range
kalyazin Mar 25, 2026
fd18613
fix(balloon): bound stats descriptor length
kalyazin Mar 25, 2026
4e860cb
fix(balloon): make duplicate stats buffer visible to guest
kalyazin Mar 26, 2026
cc4bef8
fix(kvm-clock): do not jump monotonic clock on restore
Manciukic Apr 2, 2026
ce5ef6c
doc: fix line in design about only kvm-clock being available
Manciukic Apr 2, 2026
97e1199
chore: release v1.14.4
Manciukic Apr 2, 2026
567170a
chore: Fill placefolder for PR number of virtio PCI transport fix
zulinx86 Apr 8, 2026
cd35b5a
swagger: add APIs for getting guest memory info
bchalios Feb 5, 2026
2035236
snapshot: make memory path optional in snapshot creation
bchalios Feb 4, 2026
160c3af
api: implement API for getting guest memory mappings
bchalios Feb 5, 2026
cd3fe9a
api: implement API for resident and zero memory
bchalios Feb 5, 2026
92eacbd
api: implement API for dirty memory
bchalios Feb 5, 2026
e9febb1
feat: enable write-protection on guest memory
bchalios Feb 12, 2026
fff6fd9
ci: remove dependency changes test
bchalios Feb 14, 2026
a284adf
feat: make network device snapshots backwards compatible
bchalios Feb 24, 2026
7a2ef60
snapshot: add state types for previous versions
bchalios Feb 26, 2026
ee3f6fa
feat: allow loading older snapshots
bchalios Feb 27, 2026
458ca91
fix: compilation in aarch64
bchalios Mar 23, 2026
9b2c7b5
feat(memfd): allow using memfd to back guest memory
bchalios Apr 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 0 additions & 17 deletions .github/workflows/dependency_modification_check.yml
View file
Open in desktop

This file was deleted.

57 changes: 57 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,63 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to
[Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [1.14.4]

### Fixed

- [#5762](https://github.com/firecracker-microvm/firecracker/pull/5762): Cap
virtio-rng per-request entropy to 64 KiB. Previously, a guest could construct
a descriptor chain that caused Firecracker to allocate more host memory than
the guest actually provided, potentially leading to excessive host memory
consumption.
- [#5818](https://github.com/firecracker-microvm/firecracker/pull/5818): Enforce
the virtio device initialization sequence in the PCI transport, matching the
existing MMIO transport behavior. The PCI transport now validates device
status transitions, rejects queue configuration writes outside the FEATURES_OK
to DRIVER_OK window, rejects feature negotiation outside the DRIVER state,
blocks re-initialization after a failed reset, and sets DEVICE_NEEDS_RESET
when device activation fails.
- [#5818](https://github.com/firecracker-microvm/firecracker/pull/5818): Reject
device status writes that clear previously set bits in the MMIO transport,
except for reset.
- [#5780](https://github.com/firecracker-microvm/firecracker/pull/5780): Fixed
missing `/sys/devices/system/cpu/cpu*/cache/*` in aarch64 guests when running
on host kernels >= 6.3 with guest kernels >= 6.1.156.
- [#5793](https://github.com/firecracker-microvm/firecracker/pull/5793): Fixed
virtio-mem plug/unplug skipping KVM slot updates for memory blocks not aligned
to a slot boundary. On plug, this could leave hotplugged memory inaccessible
to the guest. On unplug, the guest could retain access to memory that
Firecracker considered freed.
- [#5794](https://github.com/firecracker-microvm/firecracker/pull/5794): Bound
balloon statistics descriptor length to prevent a guest-controlled oversized
descriptor from temporarily stalling the VMM event loop. Only affects microVMs
with `stats_polling_interval_s > 0`.
- [#5809](https://github.com/firecracker-microvm/firecracker/pull/5809): Fixed a
bug on host Linux >= 5.16 for x86_64 guests using the `kvm-clock` clock source
causing the monotonic clock to jump on restore by the wall-clock time elapsed
since the snapshot was taken. Users using `kvm-clock` that want to explicitly
advance the clock with `KVM_CLOCK_REALTIME` can opt back in using the new
`clock_realtime` flag in `LoadSnapshot` API.

## [1.14.3]

### Fixed

- [#5739](https://github.com/firecracker-microvm/firecracker/pull/5739): Fixed
validation of TCP SYN options length when MMDS is enabled.

## [1.14.2]

### Fixed

- [#5698](https://github.com/firecracker-microvm/firecracker/pull/5698): Fixed
the possible ENXIO error which could occur during file open operation if the
underlying file is FIFO without active readers already attached.
- [#5705](https://github.com/firecracker-microvm/firecracker/pull/5705): Fixed a
bug that caused Firecracker to corrupt the memory files of differential
snapshots for VMs with multiple memory slots. This affected VMs using memory
hot-plugging or any x86 VMs with a memory size larger than 3GiB.

## [1.14.1]

### Changed
Expand Down
1 change: 1 addition & 0 deletions CREDITS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,7 @@ Contributors to the Firecracker repository:
- huang-jl <1046678590@qq.com>
- Iggy Jackson <iggy@theiggy.com>
- ihciah <ihciah@gmail.com>
- Ilias Stamatis <ilstam@amazon.com>
- Ioana Chirca <chioana@amazon.com>
- Ishwor Gurung <me@ishworgurung.com>
- Iulian Barbu <iul@amazon.com>
Expand Down
111 changes: 41 additions & 70 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,7 @@ allow = [
"Apache-2.0",
"BSD-3-Clause",
"ISC",
"Unicode-3.0",
"OpenSSL"
"Unicode-3.0"
]

[[bans.deny]]
Expand Down
4 changes: 2 additions & 2 deletions docs/RELEASE_POLICY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,8 @@ v3.1 will be patched since were the last two Firecracker releases and less than

| Release | Release Date | Latest Patch | Min. end of support | Official end of Support |
| ------: | -----------: | -----------: | ------------------: | :------------------------------ |
| v1.14 | 2025-12-17 | v1.14.0 | 2026-06-17 | Supported |
| v1.13 | 2025-08-28 | v1.13.1 | 2026-02-28 | Supported |
| v1.14 | 2025-12-17 | v1.14.2 | 2026-06-17 | Supported |
| v1.13 | 2025-08-28 | v1.13.2 | 2026-02-28 | Supported |
| v1.12 | 2025-05-07 | v1.12.1 | 2025-11-07 | 2025-12-17 (v1.14 released) |
| v1.11 | 2025-03-18 | v1.11.0 | 2025-09-18 | 2025-09-18 (end of 6mo support) |
| v1.10 | 2024-11-07 | v1.10.1 | 2025-05-07 | 2025-05-07 (v1.12 released) |
Expand Down
6 changes: 5 additions & 1 deletion docs/design.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,11 @@ and/or creating their own custom CPU templates.

#### Clocksources available to guests

Firecracker only exposes kvm-clock to customers.
Firecracker exposes the following clock sources to guests:

- x86_64: kvm-clock and tsc. Linux guests >=5.10 will pick tsc by default if
stable.
- aarch64: arch_sys_counter

### I/O: Storage, Networking and Rate Limiting

Expand Down
5 changes: 5 additions & 0 deletions docs/snapshotting/snapshot-support.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -492,6 +492,11 @@ resumed with the guest OS wall-clock continuing from the moment of the snapshot
creation. For this reason, the wall-clock should be updated to the current time,
on the guest-side. More details on how you could do this can be found at a
[related FAQ](../../FAQ.md#my-guest-wall-clock-is-drifting-how-can-i-fix-it).
When using `kvm-clock` as clock source on `x86_64`, it's possible to optionally
set the `clock_realtime: true` in the `LoadSnapshot` request to advance the
clock on the guest at restore time (host Linux >= 5.16 is required to support
this feature). Note that this may cause issues within the guest as the clock
will appear to suddenly jump.

## Provisioning host disk space for snapshots

Expand Down
3 changes: 3 additions & 0 deletions resources/seccomp/x86_64-unknown-linux-musl.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@
{
"syscall": "mincore"
},
{
"syscall": "pread64"
},
Copy link
Copy Markdown

@cursor cursor Bot Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing pread64 syscall in aarch64 seccomp filter

High Severity

The pread64 syscall is added to the x86_64 seccomp filter but not to the aarch64 one. The new memory info features use libc::pread in pagemap.rs which runs on both architectures. Calling the /memory/dirty or /memory endpoints on aarch64 will trigger a seccomp violation and crash the VMM.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 81d5796. Configure here.

{
"syscall": "writev",
"comment": "Used by the VirtIO net device to write to tap"
Expand Down
2 changes: 1 addition & 1 deletion src/cpu-template-helper/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "cpu-template-helper"
version = "1.14.1"
version = "1.14.4"
authors = ["Amazon Firecracker team <firecracker-devel@amazon.com>"]
edition = "2024"
license = "Apache-2.0"
Expand Down
Loading
Loading