Tags: cloud-hypervisor/cloud-hypervisor
Tags
v51.0 This release has been tracked in [v51.0 group](https://github.com/orgs/cloud-hypervisor/projects/6/views/6?filterQuery=release%3A%22Release+51%22) of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/). Security Fixes -------------- This release fixes a security vulnerability in disk image handling. Details can be found in [GHSA-jmr4-g2hv-mjj6](GHSA-jmr4-g2hv-mjj6). * A new `backing_files=on|off` option has been added to `--disk` to explicitly control whether QCOW2 backing files are permitted. This defaults to `off` to prevent the loading of backing files entirely. (#7685) * Explicit image type specification via the user interface, removing reliance on format autodetection (#7728). * Prevent sector-zero writes for autodetected raw images (#7728). Significant QCOW2 v3 Improvements --------------------------------- A large number of QCOW2 v3 specification features have been implemented: * RAW backing file support for QCOW2 overlays (#7570) * Zero bit in L2 entries (#7627) * Incompatible feature bit validation (#7612) * Dirty bit support (#7636) * Variable refcount widths (1 to 64-bit) (#7633) * Corrupt bit detection and marking (#7639) * Autoclear feature bits handling (#7648) * Thread safety fix for multiple virtio queues (`num_queues > 1`) (#7661) * Correct zero-fill for reads beyond backing file size (#7678) * Live disk resize support (#7687) ACPI Generic Initiator Support ------------------------------ ACPI Generic Initiator Affinity (SRAT Type 5) support has been added to associate VFIO-PCI devices with dedicated memory/CPU-less NUMA nodes. This enables the guest OS to make NUMA-aware memory allocation decisions for device workloads. A new `device_id` parameter has been added to `--numa` for specifying VFIO devices. (#7626) Block Device DISCARD and WRITE_ZEROES Support --------------------------------------------- The `virtio-blk` device now supports `DISCARD` and `WRITE_ZEROES` operations for QCOW2 and RAW image formats. This enables thin provisioning and efficient space reclamation when guests trim filesystems. A new `sparse=on|off` option has been added to `--disk` to control disk space management: `sparse=on` (default) enables thin provisioning with space reclamation, while `sparse=off` provides thick provisioning with consistent I/O latency. (#7666) Notable Performance Improvements -------------------------------- * Transparent Huge Pages (THP) support has been extended to cover anonymous shared memory (`shared=on`) via `madvise`. Previously, THP was only used for non-shared memory. (#7646) * The `vhost-user-net` device now uses the default set of vhost-user virtio features, including `VIRTIO_F_RING_INDIRECT_DESC`, which provides a performance improvement. (#7653) MSHV Support Improvements ------------------------- * Optimize CPU state update after emulation by only updating special registers when changed (#7603) * Enable SMT for guests with `threads_per_core > 1` (#7668) * Stub `save_data_tables()` to unblock VM pause/resume (#7692) * Handle `GHCB_INFO_SPECIAL_DBGPRINT` VMG exit in SEV-SNP guest exit handler (#7703) * Fix CVM boot failure on MSHV (#7548) * Fix CPU topology detection for multithreaded configurations (#7576) Notable Bug Fixes ----------------- * Fix VFIO device hot-remove leaving group and container file descriptors open, preventing re-add (#7676) * Fix snapshot restore when backing file is on read-only storage with `shared=false` (#7674) * Enforce `VIRTIO_BLK_F_RO` even if guest does not negotiate it (#7705) * Fix read-only block device FLUSH requests from OVMF preventing VMs from booting (#7706) * Fix vhost-user device not properly dropping unowned file descriptors (#7679) * Fix `vhost-user-block` `get_config` interoperability (#7617) * Fix vsock TOCTOU race condition by copying packet header from guest memory before processing (#7530) * Fix vsock handling of large TX packets spanning multiple data descriptors (#7680) * Add `gettid()` to all seccomp filters (#7596) * Fix MAC address parsing that wrongly allowed `+` instead of hex characters (#7579) * Improve UUID parse error message and `--net` fd help text (#7702) * Fix various inconsistencies in our OpenAPI specification file (#7716, #7726) * Various documentation fixes (#7602, #7606) Contributors ------------ Many thanks to everyone who has contributed to our release: * Aastha Rawat <aastharawat@microsoft.com> * Alyssa Ross <hi@alyssa.is> * Anatol Belski <anbelski@linux.microsoft.com> * Anirudh Rayabharam <anrayabh@microsoft.com> * Bo Chen <bchen@crusoe.ai> * Champ-Goblem <cameron@northflank.com> * Changyuan Lyu <changyuanl@google.com> * Damian Barabonkov <dbctl@pm.me> * Demi Marie Obenour <demiobenour@gmail.com> * Leander Kohler <leander.kohler@cyberus-technology.de> * Muminul Islam <muislam@microsoft.com> * Philipp Schuster <philipp.schuster@cyberus-technology.de> * Rob Bradford <rbradford@meta.com> * Rowen-Ye <rowenye1@gmail.com> * Saravanan D <saravanand@crusoe.ai> * Stanislav Kinsburskii <skinsburskii@linux.microsoft.com> * Thomas Leroy <thomas.leroy.mp@gmail.com> * Wei Liu <liuwe@microsoft.com> * Yi Wang <foxywang@tencent.com> * Zhibin Li <banlu.lzb@antgroup.com> * stevenhorsman <steven@uk.ibm.com>
v50.1 This is a point release containing security fixes and bug fixes. Security Fixes -------------- This release fixes a security vulnerability in disk image handling. Details can be found in [GHSA-jmr4-g2hv-mjj6](GHSA-jmr4-g2hv-mjj6). * A new `backing_files=on|off` option has been added to `--disk` to explicitly control whether QCOW2 backing files are permitted. This defaults to `off` to prevent the loading of backing files entirely. (#7685) * Explicit image type specification via the user interface, removing reliance on format autodetection (#7728). * Prevent sector-zero writes for autodetected raw images (#7728). Bug Fixes --------- * Fix various inconsistencies in our OpenAPI specification file (#7716, #7726) * Fix QCOW2 thread safety for multiple virtio queues (`num_queues > 1`) (#7661)
v50.0 This release has been tracked in [v50.0 group](https://github.com/orgs/cloud-hypervisor/projects/6/views/6?filterQuery=release%3A%22Release+50%22) of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/). Configurable Nested Virtualization Option on x86_64 --------------------------------------------------- The `nested=on|off` option has been added to `--cpu` to allow users to configure nested virtualization support in the guest on x86_64 hosts (for both KVM and MSHV). The default value is `on` to maintain consistency with existing behavior. (#7408) Compression Support for QCOW2 ----------------------------- QCOW2 support has been extended to handle compression clusters based on zlib and zstd. (#7462) Notable Performance Improvements -------------------------------- Performance of live migration has been improved via an optimized implementation of dirty bitmap maintenance. (#7468) Live Disk Resizing Support for Raw Images ----------------------------------------- The `/vm.resize-disk` API has been introduced to allow users to resize block devices backed by raw images while a guest is running. (#7476) Developer Experience Improvements --------------------------------- Significant improvements have been made to developer experience and productivity. These include a simplified root manifest, codified and tightened Clippy lints, and streamlined workflows for `cargo clippy` and `cargo test`. (#7489) Improved File-level Locking Support ----------------------------------- Block devices now use byte-range advisory locks instead of whole-file locks. While both approaches prevent multiple Cloud Hypervisor instances from simultaneously accessing the same disk image with write permissions, byte-range locks provide better compatibility with network storage backends. (#7494) Logging Improvements -------------------- Logs now include event information generated by the event-monitor module. (#7512) Notable Bug Fixes ----------------- * Fix several issues around CPUID in the guest (#7485, #7495, #7508) * Fix snapshot/restore for Windows Guest (#7492) * Respect queue size in block performance tests (#7515) * Fix several Serial Manager issues (#7502) * Fix several seccomp violation issues (#7477, #7497, #7518) * Fix various issues around block and qcow (#7526, #7528, #7537, #7546, #7549) * Retrieve MSRs list correctly on MSHV (#7543) * Fix live migration (and snapshot/restore) with AMX state (#7534) Contributors ------------ Many thanks to everyone who has contributed to our release: * Anatol Belski <anbelski@linux.microsoft.com> * Anirudh Rayabharam <anrayabh@microsoft.com> * Bo Chen <bchen@crusoe.ai> * Changyuan Lyu <changyuanl@google.com> * Chengyu Fu <chengyu.fu@linux.alibaba.com> * Connor Brewster <cbrewster@hey.com> * Demi Marie Obenour <demiobenour@gmail.com> * Eugene Korenevsky <ekorenevsky@aliyun.com> * Julian Stecklina <julian.stecklina@cyberus-technology.de> * Matt Moriarity <matt@mattmoriarity.com> * Muminul Islam <muislam@microsoft.com> * Oliver Anderson <oliver.anderson@cyberus-technology.de> * Pascal Scholz <pascal.scholz@cyberus-technology.de> * Philipp Schuster <philipp.schuster@cyberus-technology.de> * Praveen K Paladugu <prapal@linux.microsoft.com> * Rob Bradford <rbradford@rivosinc.com> * Sebastien Boeuf <seb@rivosinc.com> * Songqian Li <sionli@tencent.com> * Stefan Nürnberger <stefan.nuernberger@cyberus-technology.de> * Thomas Prescher <thomas.prescher@cyberus-technology.de> * Wei Liu <liuwe@microsoft.com>
v49.0 This release has been tracked in [v49.0 group](https://github.com/orgs/cloud-hypervisor/projects/6/views/4?filterQuery=release%3A%22Release+49%22) of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/). MSHV Support Improvements ------------------------- On AArch64 with MSHV, firmware boot (#7391) and graceful guest shutdown (#7354) are now supported, and CI coverage has been added (#7381). Logging Improvements -------------------- Logs now use an improved timestamp format (#7355), emit an explicit message on graceful shutdown (#7346), and reduce noisy warnings with newer guest kernels (#7423). Removed Default IP and Mask for `virtio-net` Devices ---------------------------------------------------- The implicit default IP (192.168.249.1) and netmask (255.255.255.0) for `virtio-net` devices have been removed, as previously announced in the deprecation notice two releases ago (#7365). Users now can create `virtio-net` devices with no IP and netmask assigned. Notable Bug Fixes ----------------- * Prevent crash on malformed vsock connect requests (#7310) * Fix vCPU hotplug when the vCPU count exceeds 255 (#7349) * Drop the VFIO container when no VFIO devices are active (#7364) * Gracefully close preserved file descriptors on hot device removal (#7371) * Fix race condition in pause–resume cycles (#7397) * Add NetConfig offload parameters to the OpenAPI spec file (#7445) * Fix seccomp filter violation from the http-server thread (#7454) Contributors ------------ Many thanks to everyone who has contributed to our release: * Aastha Rawat <aastharawat@microsoft.com> * Alyssa Ross <hi@alyssa.is> * Anirudh Rayabharam <anrayabh@microsoft.com> * Ariel Chenet <apchenet@gmail.com> * Bo Chen <bchen@crusoe.ai> * Can Zhang <icloud9957@gmail.com> * Eugene Korenevsky <ekorenevsky@aliyun.com> * Maximilian Güntner <code@mguentner.de> * Muminul Islam <muislam@microsoft.com> * Oliver Anderson <oliver.anderson@cyberus-technology.de> * Philipp Schuster <philipp.schuster@cyberus-technology.de> * Rob Bradford <rbradford@rivosinc.com> * Ruoqing He <heruoqing@iscas.ac.cn> * Wei Liu <liuwe@microsoft.com> * Yi Wang <foxywang@tencent.com>
v48.0 This release has been tracked in [v48.0 group](https://github.com/orgs/cloud-hypervisor/projects/6/views/4?filterQuery=release%3A%22Release+48%22) of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/). Experimental `fw_cfg` Device Support ------------------------------------ This feature enables passing configuration data and files, such as VM boot configurations (kernel, kernel cmdline, e820 memory map, and ACPI tables), from the host to the guest. (#7117) Experimental `ivshmem` Device Support ------------------------------------- Support for inter-VM shared memory has been added. For more information, please refer to the [ivshmem documentation](docs/ivshmem.md). (#6703) Firmware Boot Support on `riscv64` --------------------------------- In addition to direct kernel boot, firmware boot support has been added on `riscv64` hosts. (#7249) Increased vCPU Limit on x86_64/kvm ---------------------------------- The maximum number of supported vCPUs on x86_64 hosts using KVM has been raised from 254 to 8192. (#7299) Improved Block Performance with Small Block Sizes ------------------------------------------------- Performance for `virtio-blk` with small block sizes (16KB and below) is enhanced via submitting async IO requests in batches. (#7146) Faster VM Pause Operation ------------------------- The VM pause operation now is significantly faster particularly for VMs with a large number of vCPUs. (#7290) Updated Documentation on Windows Guest Support ---------------------------------------------- Our Windows documentation now includes instructions to run Windows 11 guests, in addition to Windows Server guests. (#7218) Policy on AI Generated Code --------------------------- We will decline any contributions known to contain contents generated or derived from using Large Language Models (LLMs). Details can be found in our [contributing documentation](CONTRIBUTING.md). (#7162) Removed SGX Support ------------------- The SGX support has been removed, as announced in the deprecation notice two release cycles ago. (#7093) Notable Bug Fixes ----------------- * Seccomp filter fixes with glibc v2.42 (#7327) * Various fixes related to (#7331, #7334, #7335)
v47.0 This release has been tracked in [v47.0 group](https://github.com/orgs/cloud-hypervisor/projects/6/views/4?filterQuery=release%3A%22Release+47%22) of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/). Block Device Error Reporting to the Guest ----------------------------------------- Instead of exiting on I/O errors, the `virtio-block` device now reports errors to the guest using `VIRTIO_BLK_S_IOERR`. It improves the user experience particularly when the guest rootfs is not backed by the affected block device. (#7107) Nice Error Messages on Exit --------------------------- We now have the chain of errors being reported and printed nicely, when Cloud Hypervisor or ch-remote exits on errors. (#7066) Alphabetically Sorted CLI Options for ch-remote ----------------------------------------------- To improve readability, ch-remote now prints help information in alphabetical order. (#7130) Notable Bug Fixes ----------------- * Error out early when block device serial is too long (#7124) * Fix partial commands being discarded for `virtio-vsock` (#7195) * Disable the broken interrupt support for the `rtc_pl031` device to prevent spurious guest interrupts (#7199) Deprecations ------------ * A default IP (`192.168.249.1`) and mask (`255.255.255.0`) are currently assigned to the `virtio-net` device if no value is specified by users. Such behavior is now deprecated. Users of this behavior will receive a warning message and should make adjustments. The behavior will be removed in two release cycles (v49.0).
v46.0 This release has been tracked in [v46.0 group](https://github.com/orgs/cloud-hypervisor/projects/6/views/4?filterQuery=release%3A%22Release+46%22) of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/). File-level Locking Support with `--disk` ---------------------------------------- Now file-level locking is enforced for disk images, provided by users with `--disk`. This ensures that only a single Cloud Hypervisor instance can obtain write access to a given disk image at any time, preventing misconfiguration and avoiding potential data corruption. (#6974) Improved Error Reporting with VM Resizing ----------------------------------------- Instead of returning a generic error `400` (e.g. `BadRequest`), users now get a more specific error `429` (e.g. `TooManyRequests`) when a pending VM resizing is not completed. This allows users to better handle different errors, say retrying the request when applicable. (#7043) IPv6 Address Support with `--net` --------------------------------- It is now possible to specify an IPv6 address and mask when creating a network interface with `--net`. (#7048) Experimental AArch64 Support with the MSHV Hypervisor ----------------------------------------------------- It is now possible to start VMs on AArch64 platforms when using MSHV hypervisor. (#7055) Deprecated SGX Support ---------------------- The SGX support now is deprecated with a warning message if it being used, with the intention to remove its support from our code base in two release cycles (e.g. v48.0). (#7090) Notable Bug Fixes ----------------- * Remove `path` as required for `DiskConfig` from the OpenAPI spec file (#7017) * Properly parse PCI capabilities (#7018) * Reprogram PCI device BAR when its MSE bit is set (#7063) * Update IOMMU mappings of MMIO regions with BAR reprogram for VFIO devices (#7064) * Avoid resizing VMs to zero vCPUs (#7086) * Fix extended topology enumeration leaf exposed to the guest (#7087) Contributors ------------ Many thanks to everyone who has contributed to our release: * Bingxin Li <bl497@cam.ac.uk> * Bo Chen <bchen@crusoe.ai> * Fabiano Fidêncio <fidencio@northflank.com> * Gregory Anders <ganders@cloudflare.com> * Jinank Jain <jinankjain@microsoft.com> * Julian Stecklina <julian.stecklina@cyberus-technology.de> * Muminul Islam <muislam@microsoft.com> * Paolo Bonzini <pbonzini@redhat.com> * Philipp Schuster <philipp.schuster@cyberus-technology.de> * Rob Bradford <rbradford@rivosinc.com> * Ruoqing He <heruoqing@iscas.ac.cn> * Thomas Prescher <thomas.prescher@cyberus-technology.de> * abm-77 <andrewmiller77@protonmail.com>
v45.0 This release has been tracked in [v45.0 group](https://github.com/orgs/cloud-hypervisor/projects/6/views/4?filterQuery=release%3A%22Release+45%22) of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/). Experimental `riscv64` Architecture Support ------------------------------------------- Cloud Hypervisor now has experimental `riscv64` architecture support. Details can be found from the [riscv documentation](docs/riscv.md). Alphabetically Sorted CLI Options --------------------------------- To improve the readability of CLI options, the output of the `--help` now is alphabetically sorted. (#6988) Improved Downtime of VM Live Migration -------------------------------------- The downtime of VM live migration is reduced via delaying some of the tearing down process of the source VM after the destination VM is up and running. (#6987) Notable Bug Fixes ----------------- * Fix seccomp filters related to http-api thread (#6967) * Handle cross-page access in the emulator for mshv (#6968) Contributors ------------ Many thanks to everyone who has contributed to our release: * Anatol Belski <anbelski@linux.microsoft.com> * Andrew Consroe <aconz2@gmail.com> * Bo Chen <bchen@crusoe.ai> * Jinank Jain <jinankjain@microsoft.com> * Jinrong Liang <cloudliang@tencent.com> * Philipp Schuster <philipp.schuster@cyberus-technology.de> * Ruoqing He <heruoqing@iscas.ac.cn> * Stefan Kober <stefan.kober@cyberus-technology.de> * Wei Liu <liuwe@microsoft.com>
PreviousNext