This is a bug fix release. The following issues have been addressed:

• Fix image_type in OpenAPI definition (#7734)

This is a bug fix release. The following issues have been addressed:

• Fix image_type in OpenAPI definition (#7734)

This release has been tracked in v51.0 group of our roadmap project.

Security Fixes

This release fixes a security vulnerability in disk image handling.
Details can be found in GHSA-jmr4-g2hv-mjj6.

• A new backing_files=on|off option has been added to --disk to
  explicitly control whether QCOW2 backing files are permitted. This
  defaults to off to prevent the loading of backing files entirely.
  (#7685)
• Explicit image type specification via the user interface, removing
  reliance on format autodetection (#7728).
• Prevent sector-zero writes for autodetected raw images (#7728).

Significant QCOW2 v3 Improvements

A large number of QCOW2 v3 specification features have been implemented:

• RAW backing file support for QCOW2 overlays (#7570)
• Zero bit in L2 entries (#7627)
• Incompatible feature bit validation (#7612)
• Dirty bit support (#7636)
• Variable refcount widths (1 to 64-bit) (#7633)
• Corrupt bit detection and marking (#7639)
• Autoclear feature bits handling (#7648)
• Thread safety fix for multiple virtio queues (num_queues > 1)
  (#7661)
• Correct zero-fill for reads beyond backing file size (#7678)
• Live disk resize support (#7687)

ACPI Generic Initiator Support

ACPI Generic Initiator Affinity (SRAT Type 5) support has been added
to associate VFIO-PCI devices with dedicated memory/CPU-less NUMA
nodes. This enables the guest OS to make NUMA-aware memory allocation
decisions for device workloads. A new device_id parameter has been
added to --numa for specifying VFIO devices. (#7626)

Block Device DISCARD and WRITE_ZEROES Support

The virtio-blk device now supports DISCARD and WRITE_ZEROES
operations for QCOW2 and RAW image formats. This enables thin
provisioning and efficient space reclamation when guests trim
filesystems. A new sparse=on|off option has been added to --disk to
control disk space management: sparse=on (default) enables thin
provisioning with space reclamation, while sparse=off provides thick
provisioning with consistent I/O latency. (#7666)

Notable Performance Improvements

• Transparent Huge Pages (THP) support has been extended to cover
  anonymous shared memory (shared=on) via madvise. Previously, THP
  was only used for non-shared memory. (#7646)
• The vhost-user-net device now uses the default set of vhost-user
  virtio features, including VIRTIO_F_RING_INDIRECT_DESC, which
  provides a performance improvement. (#7653)

MSHV Support Improvements

• Optimize CPU state update after emulation by only updating special
  registers when changed (#7603)
• Enable SMT for guests with threads_per_core > 1 (#7668)
• Stub save_data_tables() to unblock VM pause/resume (#7692)
• Handle GHCB_INFO_SPECIAL_DBGPRINT VMG exit in SEV-SNP guest exit
  handler (#7703)
• Fix CVM boot failure on MSHV (#7548)
• Fix CPU topology detection for multithreaded configurations (#7576)

Notable Bug Fixes

• Fix VFIO device hot-remove leaving group and container file
  descriptors open, preventing re-add (#7676)
• Fix snapshot restore when backing file is on read-only storage with
  shared=false (#7674)
• Enforce VIRTIO_BLK_F_RO even if guest does not negotiate it
  (#7705)
• Fix read-only block device FLUSH requests from OVMF preventing VMs
  from booting (#7706)
• Fix vhost-user device not properly dropping unowned file descriptors
  (#7679)
• Fix vhost-user-block get_config interoperability (#7617)
• Fix vsock TOCTOU race condition by copying packet header from guest
  memory before processing (#7530)
• Fix vsock handling of large TX packets spanning multiple data
  descriptors (#7680)
• Add gettid() to all seccomp filters (#7596)
• Fix MAC address parsing that wrongly allowed + instead of hex
  characters (#7579)
• Improve UUID parse error message and --net fd help text (#7702)
• Fix various inconsistencies in our OpenAPI specification file
  (#7716, #7726)
• Various documentation fixes (#7602, #7606)

Contributors

Many thanks to everyone who has contributed to our release:

• Aastha Rawat aastharawat@microsoft.com
• Alyssa Ross hi@alyssa.is
• Anatol Belski anbelski@linux.microsoft.com
• Anirudh Rayabharam anrayabh@microsoft.com
• Bo Chen bchen@crusoe.ai
• Champ-Goblem cameron@northflank.com
• Changyuan Lyu changyuanl@google.com
• Damian Barabonkov dbctl@pm.me
• Demi Marie Obenour demiobenour@gmail.com
• Leander Kohler leander.kohler@cyberus-technology.de
• Muminul Islam muislam@microsoft.com
• Philipp Schuster philipp.schuster@cyberus-technology.de
• Rob Bradford rbradford@meta.com
• Rowen-Ye rowenye1@gmail.com
• Saravanan D saravanand@crusoe.ai
• Stanislav Kinsburskii skinsburskii@linux.microsoft.com
• Thomas Leroy thomas.leroy.mp@gmail.com
• Wei Liu liuwe@microsoft.com
• Yi Wang foxywang@tencent.com
• Zhibin Li banlu.lzb@antgroup.com
• stevenhorsman steven@uk.ibm.com

This is a point release containing security fixes and bug fixes.

Security Fixes

This release fixes a security vulnerability in disk image handling.
Details can be found in GHSA-jmr4-g2hv-mjj6.

• A new backing_files=on|off option has been added to --disk to
  explicitly control whether QCOW2 backing files are permitted. This
  defaults to off to prevent the loading of backing files entirely.
  (#7685)
• Explicit image type specification via the user interface, removing
  reliance on format autodetection (#7728).
• Prevent sector-zero writes for autodetected raw images (#7728).

Bug Fixes

• Fix various inconsistencies in our OpenAPI specification file
  (#7716, #7726)
• Fix QCOW2 thread safety for multiple virtio queues
  (num_queues > 1) (#7661)

This release has been tracked in v50.0 group of our roadmap project.

Configurable Nested Virtualization Option on x86_64

The nested=on|off option has been added to --cpu to allow users
to configure nested virtualization support in the guest on x86_64
hosts (for both KVM and MSHV). The default value is on to maintain
consistency with existing behavior. (#7408)

Compression Support for QCOW2

QCOW2 support has been extended to handle compression clusters based on
zlib and zstd. (#7462)

Notable Performance Improvements

Performance of live migration has been improved via an optimized
implementation of dirty bitmap maintenance. (#7468)

Live Disk Resizing Support for Raw Images

The /vm.resize-disk API has been introduced to allow users to resize block
devices backed by raw images while a guest is running. (#7476)

Developer Experience Improvements

Significant improvements have been made to developer experience and
productivity. These include a simplified root manifest, codified and
tightened Clippy lints, and streamlined workflows for cargo clippy and
cargo test. (#7489)

Improved File-level Locking Support

Block devices now use byte-range advisory locks instead of whole-file
locks. While both approaches prevent multiple Cloud Hypervisor instances
from simultaneously accessing the same disk image with write
permissions, byte-range locks provide better compatibility with network
storage backends. (#7494)

Logging Improvements

Logs now include event information generated by the event-monitor
module. (#7512)

Notable Bug Fixes

• Fix several issues around CPUID in the guest (#7485, #7495, #7508)
• Fix snapshot/restore for Windows Guest (#7492)
• Respect queue size in block performance tests (#7515)
• Fix several Serial Manager issues (#7502)
• Fix several seccomp violation issues (#7477, #7497, #7518)
• Fix various issues around block and qcow (#7526, #7528, #7537, #7546,
  #7549)
• Retrieve MSRs list correctly on MSHV (#7543)
• Fix live migration (and snapshot/restore) with AMX state (#7534)

Contributors

Many thanks to everyone who has contributed to our release:

• Anatol Belski anbelski@linux.microsoft.com
• Anirudh Rayabharam anrayabh@microsoft.com
• Bo Chen bchen@crusoe.ai
• Changyuan Lyu changyuanl@google.com
• Chengyu Fu chengyu.fu@linux.alibaba.com
• Connor Brewster cbrewster@hey.com
• Demi Marie Obenour demiobenour@gmail.com
• Eugene Korenevsky ekorenevsky@aliyun.com
• Julian Stecklina julian.stecklina@cyberus-technology.de
• Matt Moriarity matt@mattmoriarity.com
• Muminul Islam muislam@microsoft.com
• Oliver Anderson oliver.anderson@cyberus-technology.de
• Pascal Scholz pascal.scholz@cyberus-technology.de
• Philipp Schuster philipp.schuster@cyberus-technology.de
• Praveen K Paladugu prapal@linux.microsoft.com
• Rob Bradford rbradford@rivosinc.com
• Sebastien Boeuf seb@rivosinc.com
• Songqian Li sionli@tencent.com
• Stefan Nürnberger stefan.nuernberger@cyberus-technology.de
• Thomas Prescher thomas.prescher@cyberus-technology.de
• Wei Liu liuwe@microsoft.com

This release has been tracked in v49.0 group of our roadmap project.

MSHV Support Improvements

On AArch64 with MSHV, firmware boot (#7391) and graceful guest shutdown
(#7354) are now supported, and CI coverage has been added (#7381).

Logging Improvements

Logs now use an improved timestamp format (#7355), emit an explicit
message on graceful shutdown (#7346), and reduce noisy warnings with
newer guest kernels (#7423).

Removed Default IP and Mask for virtio-net Devices

The implicit default IP (192.168.249.1) and netmask (255.255.255.0) for
virtio-net devices have been removed, as previously announced in the
deprecation notice two releases ago (#7365). Users now can create
virtio-net devices with no IP and netmask assigned.

Notable Bug Fixes

• Prevent crash on malformed vsock connect requests (#7310)
• Drop the VFIO container when no VFIO devices are active (#7364)
• Gracefully close preserved file descriptors on hot device removal (#7371)
• Fix race condition in pause–resume cycles (#7397)
• Add NetConfig offload parameters to the OpenAPI spec file (#7445)
• Fix seccomp filter violation from the http-server thread (#7454)

Contributors

Many thanks to everyone who has contributed to our release:

• Aastha Rawat aastharawat@microsoft.com
• Alyssa Ross hi@alyssa.is
• Anirudh Rayabharam anrayabh@microsoft.com
• Ariel Chenet apchenet@gmail.com
• Bo Chen bchen@crusoe.ai
• Can Zhang icloud9957@gmail.com
• Eugene Korenevsky ekorenevsky@aliyun.com
• Maximilian Güntner code@mguentner.de
• Muminul Islam muislam@microsoft.com
• Oliver Anderson oliver.anderson@cyberus-technology.de
• Philipp Schuster philipp.schuster@cyberus-technology.de
• Rob Bradford rbradford@rivosinc.com
• Ruoqing He heruoqing@iscas.ac.cn
• Wei Liu liuwe@microsoft.com
• Yi Wang foxywang@tencent.com

This release has been tracked in v48.0 group of our roadmap project.

Experimental fw_cfg Device Support

This feature enables passing configuration data and files, such as VM
boot configurations (kernel, kernel cmdline, e820 memory map, and ACPI
tables), from the host to the guest. (#7117)

Experimental ivshmem Device Support

Support for inter-VM shared memory has been added. For more information,
please refer to the ivshmem documentation. (#6703)

Firmware Boot Support on riscv64

In addition to direct kernel boot, firmware boot support has been added
on riscv64 hosts. (#7249)

Increased vCPU Limit on x86_64/kvm

The maximum number of supported vCPUs on x86_64 hosts using KVM has been
raised from 254 to 8192. (#7299)

Improved Block Performance with Small Block Sizes

Performance for virtio-blk with small block sizes (16KB and below)
is enhanced via submitting async IO requests in batches. (#7146)

Faster VM Pause Operation

The VM pause operation now is significantly faster particularly for VMs
with a large number of vCPUs. (#7290)

Updated Documentation on Windows Guest Support

Our Windows documentation now includes instructions to run Windows 11
guests, in addition to Windows Server guests. (#7218)

Policy on AI Generated Code

We will decline any contributions known to contain contents generated or
derived from using Large Language Models (LLMs). Details can be found
in our contributing documentation. (#7162)

Removed SGX Support

The SGX support has been removed, as announced in the deprecation notice two
release cycles ago. (#7093)

Notable Bug Fixes

• Seccomp filter fixes with glibc v2.42 (#7327)
• Various fixes related to (#7331, #7334, #7335)

Contributors

Many thanks to everyone who has contributed to our release:

• Alex Orozco alexorozco@google.com
• Alyssa Ross hi@alyssa.is
• Anirudh Rayabharam anrayabh@microsoft.com
• Bo Chen bchen@crusoe.ai
• Demi Marie Obenour demiobenour@gmail.com
• Lucas Grosche lucas.grosche@cyberus-technology.de
• Muminul Islam muislam@microsoft.com
• Oliver Anderson oliver.anderson@cyberus-technology.de
• Peter Oskolkov posk@google.com
• Philipp Schuster philipp.schuster@cyberus-technology.de
• Ruoqing He heruoqing@iscas.ac.cn
• Shubham Chakrawar schakrawar@crusoe.ai
• Songqian Li sionli@tencent.com
• Wei Liu liuwe@microsoft.com

This release has been tracked in v47.0 group of our roadmap project.

Block Device Error Reporting to the Guest

Instead of exiting on I/O errors, the virtio-block device now reports
errors to the guest using VIRTIO_BLK_S_IOERR. It improves the user
experience particularly when the guest rootfs is not backed by the
affected block device. (#7107)

Nice Error Messages on Exit

We now have the chain of errors being reported and printed nicely, when
Cloud Hypervisor or ch-remote exits on errors. (#7066)

Alphabetically Sorted CLI Options for ch-remote

To improve readability, ch-remote now prints help information in
alphabetical order. (#7130)

Notable Bug Fixes

• Error out early when block device serial is too long (#7124)
• Fix partial commands being discarded for virtio-vsock (#7195)
• Disable the broken interrupt support for the rtc_pl031 device to
  prevent spurious guest interrupts (#7199)

Deprecations

• A default IP (192.168.249.1) and mask (255.255.255.0) are
  currently assigned to the virtio-net device if no value is specified
  by users. Such behavior is now deprecated. Users of this behavior will
  receive a warning message and should make adjustments. The behavior
  will be removed in two release cycles (v49.0).

Contributors

Many thanks to everyone who has contributed to our release:

• Alyssa Ross hi@alyssa.is
• Bo Chen bchen@crusoe.ai
• Demi Marie Obenour demiobenour@gmail.com
• Gauthier Jolly contact@gjolly.fr
• Hengqi Chen hengqi.chen@gmail.com
• Jinank Jain jinankjain@microsoft.com
• Jinrong Liang cloudliang@tencent.com
• Jean-Philippe Brucker jean-philippe@linaro.org
• Maximilian Güntner code@mguentner.de
• Muminul Islam muislam@microsoft.com
• Nuno Das Neves nunodasneves@linux.microsoft.com
• Philipp Schuster philipp.schuster@cyberus-technology.de
• Ruoqing He heruoqing@iscas.ac.cn
• Songqian Li sionli@tencent.com
• Wei Liu liuwe@microsoft.com
• Yi Wang foxywang@tencent.com
• ninollei ninollx@hotmail.com

This release has been tracked in v46.0 group of our roadmap project.

File-level Locking Support with --disk

Now file-level locking is enforced for disk images, provided by users
with --disk. This ensures that only a single Cloud Hypervisor instance
can obtain write access to a given disk image at any time, preventing
misconfiguration and avoiding potential data corruption. (#6974)

Improved Error Reporting with VM Resizing

Instead of returning a generic error 400 (e.g. BadRequest), users
now get a more specific error 429 (e.g. TooManyRequests) when a
pending VM resizing is not completed. This allows users to better handle
different errors, say retrying the request when applicable. (#7043)

IPv6 Address Support with --net

It is now possible to specify an IPv6 address and mask when creating a
network interface with --net. (#7048)

Experimental AArch64 Support with the MSHV Hypervisor

It is now possible to start VMs on AArch64 platforms when using MSHV
hypervisor. (#7055)

Deprecated SGX Support

The SGX support now is deprecated with a warning message if it being
used, with the intention to remove its support from our code base in two
release cycles (e.g. v48.0). (#7090)

Notable Bug Fixes

• Remove path as required for DiskConfig from the OpenAPI spec file
  (#7017)
• Properly parse PCI capabilities (#7018)
• Reprogram PCI device BAR when its MSE bit is set (#7063)
• Update IOMMU mappings of MMIO regions with BAR reprogram for VFIO
  devices (#7064)
• Avoid resizing VMs to zero vCPUs (#7086)
• Fix extended topology enumeration leaf exposed to the guest (#7087)

Contributors

Many thanks to everyone who has contributed to our release:

• Bingxin Li bl497@cam.ac.uk
• Bo Chen bchen@crusoe.ai
• Fabiano Fidêncio fidencio@northflank.com
• Gregory Anders ganders@cloudflare.com
• Jinank Jain jinankjain@microsoft.com
• Julian Stecklina julian.stecklina@cyberus-technology.de
• Muminul Islam muislam@microsoft.com
• Paolo Bonzini pbonzini@redhat.com
• Philipp Schuster philipp.schuster@cyberus-technology.de
• Rob Bradford rbradford@rivosinc.com
• Ruoqing He heruoqing@iscas.ac.cn
• Thomas Prescher thomas.prescher@cyberus-technology.de
• abm-77 andrewmiller77@protonmail.com

This release has been tracked in v45.0 group of our roadmap project.

Experimental riscv64 Architecture Support

Cloud Hypervisor now has experimental riscv64 architecture
support. Details can be found from the riscv
documentation.

Alphabetically Sorted CLI Options

To improve the readability of CLI options, the output of the --help
now is alphabetically sorted. (#6988)

Improved Downtime of VM Live Migration

The downtime of VM live migration is reduced via delaying some of the
tearing down process of the source VM after the destination VM is up and
running. (#6987)

Notable Bug Fixes

• Fix seccomp filters related to http-api thread (#6967)
• Handle cross-page access in the emulator for mshv (#6968)

Contributors

Many thanks to everyone who has contributed to our release:

• Anatol Belski anbelski@linux.microsoft.com
• Andrew Consroe aconz2@gmail.com
• Bo Chen bchen@crusoe.ai
• Jinank Jain jinankjain@microsoft.com
• Jinrong Liang cloudliang@tencent.com
• Philipp Schuster philipp.schuster@cyberus-technology.de
• Ruoqing He heruoqing@iscas.ac.cn
• Stefan Kober stefan.kober@cyberus-technology.de
• Wei Liu liuwe@microsoft.com