Tags

v50.2

v50.2

This is a bug fix release. The following issues have been addressed:

* Fix image_type in OpenAPI definition (#7734)

v51.1

v51.1

This is a bug fix release. The following issues have been addressed:

* Fix image_type in OpenAPI definition (#7734)

v50.1

v50.1

This is a point release containing security fixes and bug fixes.

Security Fixes
--------------

This release fixes a security vulnerability in disk image handling.
Details can be found in
[GHSA-jmr4-g2hv-mjj6](https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-jmr4-g2hv-mjj6).

* A new `backing_files=on|off` option has been added to `--disk` to
  explicitly control whether QCOW2 backing files are permitted. This
  defaults to `off` to prevent the loading of backing files entirely.
  (#7685)
* Explicit image type specification via the user interface, removing
  reliance on format autodetection (#7728).
* Prevent sector-zero writes for autodetected raw images (#7728).

Bug Fixes
---------

* Fix various inconsistencies in our OpenAPI specification file
  (#7716, #7726)
* Fix QCOW2 thread safety for multiple virtio queues
  (`num_queues > 1`) (#7661)

v51.0

v51.0

This release has been tracked in [v51.0
group](https://github.com/orgs/cloud-hypervisor/projects/6/views/6?filterQuery=release%3A%22Release+51%22)
of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/).

Security Fixes
--------------

This release fixes a security vulnerability in disk image handling.
Details can be found in
[GHSA-jmr4-g2hv-mjj6](https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-jmr4-g2hv-mjj6).

* A new `backing_files=on|off` option has been added to `--disk` to
  explicitly control whether QCOW2 backing files are permitted. This
  defaults to `off` to prevent the loading of backing files entirely.
  (#7685)
* Explicit image type specification via the user interface, removing
  reliance on format autodetection (#7728).
* Prevent sector-zero writes for autodetected raw images (#7728).

Significant QCOW2 v3 Improvements
---------------------------------

A large number of QCOW2 v3 specification features have been implemented:

* RAW backing file support for QCOW2 overlays (#7570)
* Zero bit in L2 entries (#7627)
* Incompatible feature bit validation (#7612)
* Dirty bit support (#7636)
* Variable refcount widths (1 to 64-bit) (#7633)
* Corrupt bit detection and marking (#7639)
* Autoclear feature bits handling (#7648)
* Thread safety fix for multiple virtio queues (`num_queues > 1`)
  (#7661)
* Correct zero-fill for reads beyond backing file size (#7678)
* Live disk resize support (#7687)

ACPI Generic Initiator Support
------------------------------

ACPI Generic Initiator Affinity (SRAT Type 5) support has been added
to associate VFIO-PCI devices with dedicated memory/CPU-less NUMA
nodes. This enables the guest OS to make NUMA-aware memory allocation
decisions for device workloads. A new `device_id` parameter has been
added to `--numa` for specifying VFIO devices. (#7626)

Block Device DISCARD and WRITE_ZEROES Support
---------------------------------------------

The `virtio-blk` device now supports `DISCARD` and `WRITE_ZEROES`
operations for QCOW2 and RAW image formats. This enables thin
provisioning and efficient space reclamation when guests trim
filesystems. A new `sparse=on|off` option has been added to `--disk` to
control disk space management: `sparse=on` (default) enables thin
provisioning with space reclamation, while `sparse=off` provides thick
provisioning with consistent I/O latency. (#7666)

Notable Performance Improvements
--------------------------------

* Transparent Huge Pages (THP) support has been extended to cover
  anonymous shared memory (`shared=on`) via `madvise`. Previously, THP
  was only used for non-shared memory. (#7646)
* The `vhost-user-net` device now uses the default set of vhost-user
  virtio features, including `VIRTIO_F_RING_INDIRECT_DESC`, which
  provides a performance improvement. (#7653)

MSHV Support Improvements
-------------------------

* Optimize CPU state update after emulation by only updating special
  registers when changed (#7603)
* Enable SMT for guests with `threads_per_core > 1` (#7668)
* Stub `save_data_tables()` to unblock VM pause/resume (#7692)
* Handle `GHCB_INFO_SPECIAL_DBGPRINT` VMG exit in SEV-SNP guest exit
  handler (#7703)
* Fix CVM boot failure on MSHV (#7548)
* Fix CPU topology detection for multithreaded configurations (#7576)

Notable Bug Fixes
-----------------

* Fix VFIO device hot-remove leaving group and container file
  descriptors open, preventing re-add (#7676)
* Fix snapshot restore when backing file is on read-only storage with
  `shared=false` (#7674)
* Enforce `VIRTIO_BLK_F_RO` even if guest does not negotiate it
  (#7705)
* Fix read-only block device FLUSH requests from OVMF preventing VMs
  from booting (#7706)
* Fix vhost-user device not properly dropping unowned file descriptors
  (#7679)
* Fix `vhost-user-block` `get_config` interoperability (#7617)
* Fix vsock TOCTOU race condition by copying packet header from guest
  memory before processing (#7530)
* Fix vsock handling of large TX packets spanning multiple data
  descriptors (#7680)
* Add `gettid()` to all seccomp filters (#7596)
* Fix MAC address parsing that wrongly allowed `+` instead of hex
  characters (#7579)
* Improve UUID parse error message and `--net` fd help text (#7702)
* Fix various inconsistencies in our OpenAPI specification file
  (#7716, #7726)
* Various documentation fixes (#7602, #7606)

Contributors
------------

Many thanks to everyone who has contributed to our release:

* Aastha Rawat <aastharawat@microsoft.com>
* Alyssa Ross <hi@alyssa.is>
* Anatol Belski <anbelski@linux.microsoft.com>
* Anirudh Rayabharam <anrayabh@microsoft.com>
* Bo Chen <bchen@crusoe.ai>
* Champ-Goblem <cameron@northflank.com>
* Changyuan Lyu <changyuanl@google.com>
* Damian Barabonkov <dbctl@pm.me>
* Demi Marie Obenour <demiobenour@gmail.com>
* Leander Kohler <leander.kohler@cyberus-technology.de>
* Muminul Islam <muislam@microsoft.com>
* Philipp Schuster <philipp.schuster@cyberus-technology.de>
* Rob Bradford <rbradford@meta.com>
* Rowen-Ye <rowenye1@gmail.com>
* Saravanan D <saravanand@crusoe.ai>
* Stanislav Kinsburskii <skinsburskii@linux.microsoft.com>
* Thomas Leroy <thomas.leroy.mp@gmail.com>
* Wei Liu <liuwe@microsoft.com>
* Yi Wang <foxywang@tencent.com>
* Zhibin Li <banlu.lzb@antgroup.com>
* stevenhorsman <steven@uk.ibm.com>

v50.0

v50.0

This release has been tracked in [v50.0
group](https://github.com/orgs/cloud-hypervisor/projects/6/views/6?filterQuery=release%3A%22Release+50%22)
of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/).

Configurable Nested Virtualization Option on x86_64
---------------------------------------------------

The `nested=on|off` option has been added to `--cpu` to allow users
to configure nested virtualization support in the guest on x86_64
hosts (for both KVM and MSHV). The default value is `on` to maintain
consistency with existing behavior. (#7408)

Compression Support for QCOW2
-----------------------------

QCOW2 support has been extended to handle compression clusters based on
zlib and zstd. (#7462)

Notable Performance Improvements
--------------------------------

Performance of live migration has been improved via an optimized
implementation of dirty bitmap maintenance. (#7468)

Live Disk Resizing Support for Raw Images
-----------------------------------------

The `/vm.resize-disk` API has been introduced to allow users to resize block
devices backed by raw images while a guest is running. (#7476)

Developer Experience Improvements
---------------------------------

Significant improvements have been made to developer experience and
productivity. These include a simplified root manifest, codified and
tightened Clippy lints, and streamlined workflows for `cargo clippy` and
`cargo test`. (#7489)

Improved File-level Locking Support
-----------------------------------

Block devices now use byte-range advisory locks instead of whole-file
locks. While both approaches prevent multiple Cloud Hypervisor instances
from simultaneously accessing the same disk image with write
permissions, byte-range locks provide better compatibility with network
storage backends. (#7494)

Logging Improvements
--------------------

Logs now include event information generated by the event-monitor
module. (#7512)

Notable Bug Fixes
-----------------

* Fix several issues around CPUID in the guest (#7485, #7495, #7508)
* Fix snapshot/restore for Windows Guest (#7492)
* Respect queue size in block performance tests (#7515)
* Fix several Serial Manager issues (#7502)
* Fix several seccomp violation issues (#7477, #7497, #7518)
* Fix various issues around block and qcow (#7526, #7528, #7537, #7546,
  #7549)
* Retrieve MSRs list correctly on MSHV (#7543)
* Fix live migration (and snapshot/restore) with AMX state (#7534)

Contributors
------------

Many thanks to everyone who has contributed to our release:

* Anatol Belski <anbelski@linux.microsoft.com>
* Anirudh Rayabharam <anrayabh@microsoft.com>
* Bo Chen <bchen@crusoe.ai>
* Changyuan Lyu <changyuanl@google.com>
* Chengyu Fu <chengyu.fu@linux.alibaba.com>
* Connor Brewster <cbrewster@hey.com>
* Demi Marie Obenour <demiobenour@gmail.com>
* Eugene Korenevsky <ekorenevsky@aliyun.com>
* Julian Stecklina <julian.stecklina@cyberus-technology.de>
* Matt Moriarity <matt@mattmoriarity.com>
* Muminul Islam <muislam@microsoft.com>
* Oliver Anderson <oliver.anderson@cyberus-technology.de>
* Pascal Scholz <pascal.scholz@cyberus-technology.de>
* Philipp Schuster <philipp.schuster@cyberus-technology.de>
* Praveen K Paladugu <prapal@linux.microsoft.com>
* Rob Bradford <rbradford@rivosinc.com>
* Sebastien Boeuf <seb@rivosinc.com>
* Songqian Li <sionli@tencent.com>
* Stefan Nürnberger <stefan.nuernberger@cyberus-technology.de>
* Thomas Prescher <thomas.prescher@cyberus-technology.de>
* Wei Liu <liuwe@microsoft.com>

v49.0

v49.0

This release has been tracked in [v49.0
group](https://github.com/orgs/cloud-hypervisor/projects/6/views/4?filterQuery=release%3A%22Release+49%22)
of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/).

MSHV Support Improvements
-------------------------

On AArch64 with MSHV, firmware boot (#7391) and graceful guest shutdown
(#7354) are now supported, and CI coverage has been added (#7381).

Logging Improvements
--------------------

Logs now use an improved timestamp format (#7355), emit an explicit
message on graceful shutdown (#7346), and reduce noisy warnings with
newer guest kernels (#7423).

Removed Default IP and Mask for `virtio-net` Devices
----------------------------------------------------

The implicit default IP (192.168.249.1) and netmask (255.255.255.0) for
`virtio-net` devices have been removed, as previously announced in the
deprecation notice two releases ago (#7365).  Users now can create
`virtio-net` devices with no IP and netmask assigned.

Notable Bug Fixes
-----------------

* Prevent crash on malformed vsock connect requests (#7310)
* Fix vCPU hotplug when the vCPU count exceeds 255 (#7349)
* Drop the VFIO container when no VFIO devices are active (#7364)
* Gracefully close preserved file descriptors on hot device removal (#7371)
* Fix race condition in pause–resume cycles (#7397)
* Add NetConfig offload parameters to the OpenAPI spec file (#7445)
* Fix seccomp filter violation from the http-server thread (#7454)

Contributors
------------

Many thanks to everyone who has contributed to our release:

* Aastha Rawat <aastharawat@microsoft.com>
* Alyssa Ross <hi@alyssa.is>
* Anirudh Rayabharam <anrayabh@microsoft.com>
* Ariel Chenet <apchenet@gmail.com>
* Bo Chen <bchen@crusoe.ai>
* Can Zhang <icloud9957@gmail.com>
* Eugene Korenevsky <ekorenevsky@aliyun.com>
* Maximilian Güntner <code@mguentner.de>
* Muminul Islam <muislam@microsoft.com>
* Oliver Anderson <oliver.anderson@cyberus-technology.de>
* Philipp Schuster <philipp.schuster@cyberus-technology.de>
* Rob Bradford <rbradford@rivosinc.com>
* Ruoqing He <heruoqing@iscas.ac.cn>
* Wei Liu <liuwe@microsoft.com>
* Yi Wang <foxywang@tencent.com>

v48.0

v48.0

This release has been tracked in [v48.0
group](https://github.com/orgs/cloud-hypervisor/projects/6/views/4?filterQuery=release%3A%22Release+48%22)
of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/).

Experimental `fw_cfg` Device Support
------------------------------------

This feature enables passing configuration data and files, such as VM
boot configurations (kernel, kernel cmdline, e820 memory map, and ACPI
tables), from the host to the guest. (#7117)

Experimental `ivshmem` Device Support
-------------------------------------

Support for inter-VM shared memory has been added. For more information,
please refer to the [ivshmem documentation](docs/ivshmem.md). (#6703)

Firmware Boot Support on `riscv64`
---------------------------------

In addition to direct kernel boot, firmware boot support has been added
on `riscv64` hosts. (#7249)

Increased vCPU Limit on x86_64/kvm
----------------------------------

The maximum number of supported vCPUs on x86_64 hosts using KVM has been
raised from 254 to 8192. (#7299)

Improved Block Performance with Small Block Sizes
-------------------------------------------------

Performance for `virtio-blk` with small block sizes (16KB and below)
is enhanced via submitting async IO requests in batches. (#7146)

Faster VM Pause Operation
-------------------------

The VM pause operation now is significantly faster particularly for VMs
with a large number of vCPUs. (#7290)

Updated Documentation on Windows Guest Support
----------------------------------------------

Our Windows documentation now includes instructions to run Windows 11
guests, in addition to Windows Server guests. (#7218)

Policy on AI Generated Code
---------------------------

We will decline any contributions known to contain contents generated or
derived from using Large Language Models (LLMs). Details can be found
in our [contributing documentation](CONTRIBUTING.md). (#7162)

Removed SGX Support
-------------------

The SGX support has been removed, as announced in the deprecation notice two
release cycles ago. (#7093)

Notable Bug Fixes
-----------------

* Seccomp filter fixes with glibc v2.42 (#7327)
* Various fixes related to  (#7331, #7334, #7335)

v47.0

v47.0

This release has been tracked in [v47.0
group](https://github.com/orgs/cloud-hypervisor/projects/6/views/4?filterQuery=release%3A%22Release+47%22)
of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/).

Block Device Error Reporting to the Guest
-----------------------------------------

Instead of exiting on I/O errors, the `virtio-block` device now reports
errors to the guest using `VIRTIO_BLK_S_IOERR`. It improves the user
experience particularly when the guest rootfs is not backed by the
affected block device. (#7107)

Nice Error Messages on Exit
---------------------------

We now have the chain of errors being reported and printed nicely, when
Cloud Hypervisor or ch-remote exits on errors. (#7066)

Alphabetically Sorted CLI Options for ch-remote
-----------------------------------------------

To improve readability, ch-remote now prints help information in
alphabetical order. (#7130)

Notable Bug Fixes
-----------------

* Error out early when block device serial is too long (#7124)
* Fix partial commands being discarded for `virtio-vsock` (#7195)
* Disable the broken interrupt support for the `rtc_pl031` device to
  prevent spurious guest interrupts (#7199)

Deprecations
------------

* A default IP (`192.168.249.1`) and mask (`255.255.255.0`) are
 currently assigned  to the `virtio-net` device if no value is specified
 by users. Such behavior is now deprecated.  Users of this behavior will
 receive a warning message and should make adjustments. The behavior
 will be removed in two release cycles (v49.0).

v46.0

v46.0

This release has been tracked in [v46.0
group](https://github.com/orgs/cloud-hypervisor/projects/6/views/4?filterQuery=release%3A%22Release+46%22)
of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/).

File-level Locking Support with `--disk`
----------------------------------------

Now file-level locking is enforced for disk images, provided by users
with `--disk`. This ensures that only a single Cloud Hypervisor instance
can obtain write access to a given disk image at any time, preventing
misconfiguration and avoiding potential data corruption. (#6974)

Improved Error Reporting with VM Resizing
-----------------------------------------

Instead of returning a generic error `400` (e.g. `BadRequest`), users
now get a more specific error `429` (e.g. `TooManyRequests`) when a
pending VM resizing is not completed. This allows users to better handle
different errors, say retrying the request when applicable. (#7043)

IPv6 Address Support with `--net`
---------------------------------

It is now possible to specify an IPv6 address and mask when creating a
network interface with `--net`. (#7048)

Experimental AArch64 Support with the MSHV Hypervisor
-----------------------------------------------------

It is now possible to start VMs on AArch64 platforms when using MSHV
hypervisor. (#7055)

Deprecated SGX Support
----------------------

The SGX support now is deprecated with a warning message if it being
used, with the intention to remove its support from our code base in two
release cycles (e.g. v48.0). (#7090)

Notable Bug Fixes
-----------------

* Remove `path` as required for `DiskConfig` from the OpenAPI spec file
  (#7017)
* Properly parse PCI capabilities (#7018)
* Reprogram PCI device BAR when its MSE bit is set (#7063)
* Update IOMMU mappings of MMIO regions with BAR reprogram for VFIO
  devices (#7064)
* Avoid resizing VMs to zero vCPUs (#7086)
* Fix extended topology enumeration leaf exposed to the guest (#7087)

Contributors
------------

Many thanks to everyone who has contributed to our release:

* Bingxin Li <bl497@cam.ac.uk>
* Bo Chen <bchen@crusoe.ai>
* Fabiano Fidêncio <fidencio@northflank.com>
* Gregory Anders <ganders@cloudflare.com>
* Jinank Jain <jinankjain@microsoft.com>
* Julian Stecklina <julian.stecklina@cyberus-technology.de>
* Muminul Islam <muislam@microsoft.com>
* Paolo Bonzini <pbonzini@redhat.com>
* Philipp Schuster <philipp.schuster@cyberus-technology.de>
* Rob Bradford <rbradford@rivosinc.com>
* Ruoqing He <heruoqing@iscas.ac.cn>
* Thomas Prescher <thomas.prescher@cyberus-technology.de>
* abm-77 <andrewmiller77@protonmail.com>

v45.0

v45.0

This release has been tracked in [v45.0
group](https://github.com/orgs/cloud-hypervisor/projects/6/views/4?filterQuery=release%3A%22Release+45%22)
of our [roadmap project](https://github.com/orgs/cloud-hypervisor/projects/6/).

Experimental `riscv64` Architecture Support
-------------------------------------------

Cloud Hypervisor now has experimental `riscv64` architecture
support. Details can be found from the [riscv
documentation](docs/riscv.md).

Alphabetically Sorted CLI Options
---------------------------------

To improve the readability of CLI options, the output of the `--help`
now is alphabetically sorted. (#6988)

Improved Downtime of VM Live Migration
--------------------------------------

The downtime of VM live migration is reduced via delaying some of the
tearing down process of the source VM after the destination VM is up and
running. (#6987)

Notable Bug Fixes
-----------------

* Fix seccomp filters related to http-api thread (#6967)
* Handle cross-page access in the emulator for mshv (#6968)

Contributors
------------

Many thanks to everyone who has contributed to our release:

* Anatol Belski <anbelski@linux.microsoft.com>
* Andrew Consroe <aconz2@gmail.com>
* Bo Chen <bchen@crusoe.ai>
* Jinank Jain <jinankjain@microsoft.com>
* Jinrong Liang <cloudliang@tencent.com>
* Philipp Schuster <philipp.schuster@cyberus-technology.de>
* Ruoqing He <heruoqing@iscas.ac.cn>
* Stefan Kober <stefan.kober@cyberus-technology.de>
* Wei Liu <liuwe@microsoft.com>

v44.0

v44.0

This release has been tracked in our [roadmap
project](https://github.com/orgs/cloud-hypervisor/projects/6) as iteration
v44.0. The following user visible changes have been made:

Configurable `virtio-iommu` Address Width
-----------------------------------------

The `iommu_address_width` option has been added to `--platform` to allow users
to limit the `virtio-iommu` address space in the guest. (#6900)

Notable Performance Improvements
--------------------------------

The `VIRTIO_BLK_F_SEG_MAX` feature has been enabled for `virtio-block` devices,
which brings significant performance improvements on throughput. (#6885)

The `io_uring` entries are no longer forced to use async helper workers,
delegating the decision to the kernel. This change resolved the issue of having
excessive amount of worker threads when `io_uring` is being used, which is
expected to improve performance, such as reducing memory usage and reduce CPU
contention.

New Fuzzers
-----------

Our continuous fuzzing infrastructure is augmented with two new fuzzers to cover
x86 instruction emulator and `virtio-vsock`.

Notable Bug Fixes
-----------------

* Fix short read and short write that impact QCOW and VHDX support. (#6884)
* Various bug fixes on VHDX support. (#6890, #6899)

Contributors
------------

Many thanks to everyone who has contributed to our release:

* Arvind Vasudev <avasudev@crusoeenergy.com>
* Bo Chen <bo.arvin.chen@gmail.com>
* Nikolay Edigaryev <edigaryev@gmail.com>
* Rob Bradford <rbradford@rivosinc.com>
* Ruoqing He <heruoqing@iscas.ac.cn>
* Wei Liu <liuwe@microsoft.com>

v43.99-test

v43.0

v43.0

This release has been tracked in our [roadmap
project](https://github.com/orgs/cloud-hypervisor/projects/6) as iteration
v43.0. The following user visible changes have been made:

Live Migration over TCP Connections
---- --------- ---- --- -----------

Support has been added to enable direct live migration from two hosts via TCP
connections. This supplements the existing support for migrating over a UNIX
socket which can then be tunnelled as desired. The documentation has been
updated. (#6850)

Notable Performance Improvements
------- ----------- ------------

The `VIRTIO_RING_F_INDIRECT_DESC` feature has been enabled for `virtio-block`
devices. This significantly increases the throughput of the devices with a
small negative impact on latency. (#6826)

Notable Bug Fixes
------- --- -----

* Cloud Hypervisor now accepts VFIO devices that use I/O PCI BARs on non x86-64
  architectures. Whether they function depends on the host PCI host bridge
  support - previously they would be rejected even if the driver did not use
  these BARs. (#6871)
* Command line groups were adjusted to ensure that at least one payload
  parameter was provided if any other VM parameters provided. (#6832)

Contributors
------------
Many thanks to everyone who has contributed to our release:

* Alyssa Ross <hi@alyssa.is>
* Andrew Consroe <aconz2@gmail.com>
* Bo Chen <bo.arvin.chen@gmail.com>
* Jinrong Liang <cloudliang@tencent.com>
* Julian Stecklina <julian.stecklina@cyberus-technology.de>
* Muminul Islam <muislam@microsoft.com>
* Rob Bradford <rbradford@rivosinc.com>
* Ruoqing He <heruoqing@iscas.ac.cn>
* Wojtek Czekalski <wczekalski@me.com>

v42.0

v42.0

This release has been tracked in our [roadmap
project](https://github.com/orgs/cloud-hypervisor/projects/6) as iteration
v42.0. The following user visible changes have been made:

SVE/SVE2 Support on AArch64
-------- ------- -- -------

The SVE and SVE2 feature bits are now propagated through to the guest on
AArch64. (#6678, #6691)

Notable Bug Fixes
------- --- -----

* Reduce latency notification when rate limited (#6672)
* Fix `virtio-console` resizing (#6704)
* Fix resizing when console uses TTY (#6754)
* Avoid deadlock in PCI BAR reprogramming that can occur when adding a new
  `virtio` device to a VM that has been restored (#6775)
* Fix console resizing after VM restore (#6748)
* Fix memory resize error due to incorrect bounds checks (#6736)

Sponsorships
------------

During this release cycle a new VFIO CI worker has been provided by Crusoe
Energy and a new ARM64 CI worker has been provided by Ubicloud.

Contributors
------------

Many thanks to everyone who has contributed to our release:

* Alexandru Matei <alexandru.matei@uipath.com>
* Alyssa Ross <hi@alyssa.is>
* Anirudh Rayabharam <anrayabh@microsoft.com>
* BharatNarasimman <bharatn@microsoft.com>
* Bo Chen <chen.bo@intel.com>
* Jinank Jain <jinankjain@microsoft.com>
* Jonas Scholz <Jonas.Scholz@bbscholz.de>
* Nuno Das Neves <nudasnev@microsoft.com>
* Praveen K Paladugu <prapal@linux.microsoft.com>
* Purna Pavan Chandra <paekkaladevi@microsoft.com>
* Rob Bradford <rbradford@rivosinc.com>
* Ruoqing He <heruoqing@iscas.ac.cn>
* Songqian Li <sionli@tencent.com>
* Tom Dohrmann <erbse.13@gmx.de>
* Wei Liu <liuwe@microsoft.com>
* Wenyu Huang <huangwenyuu@outlook.com>
* Yuhong Zhong <yz@cs.columbia.edu>
* wuxinyue <wuxinyue.wxy@antgroup.com>

v41.0

v41.0

This release has been tracked in our [roadmap
project](https://github.com/orgs/cloud-hypervisor/projects/6) as iteration
v41.0. The following user visible changes have been made:

Experimental "Pvmemcontrol" Support
------------ -------------- -------

VMM support has been added for this experimental functionality (requires
currently out of tree Linux kernel patches) to allow guests to control its
physical memory properties to allow optimisations and security features.
(#6318, #6467)

Sandboxing With Landlock Support
---------- ---- -------- -------

Support for restricting the VMM process using the Linux kernel "Landlock" API
has been added  - this can be used to restrict the files (and the read/write
permissions) that the VMM process can access. This adds another layer of
security alongside the existing sycall filters (`seccomp`) - this can be
enabled with `--landlock` and [fully documentated](docs/landlock.md). (#5170)

Notable Performance Improvements
------- ----------- ------------

* Reduced heap allocations in `virtio-net` via the use of a cache of `Iovec`
  structures (#6636)
* Notification suppression ("`EVENT_IDX`") support has been added to
  `virtio-block` giving a 60% improvement in single queue block throughput and
  IOPs performance (#6580)
* Correct size used for `status` field in `virtio-block` state (#6586)

Notable Bug Fixes
------- --- -----

* Avoid panic on out-of-bounds PCI MSI-X access (#6657)
* Fix undefined behaviour on AArch64 leading to wrong optimisation on KVM API
  access (#6647)
* Rust v1.80.0 added use of `fcntl` syscall on debug assertions so this is now
  included in the virtio-device seccomp filters for tests that use this (#6648)
* Short reads are now handled correctly in the `virtio-vsock` device (#6621)
* Fix undefined behaviour on TTY ioctl leading to wrong optimisation (#6568)

Contributors
------------

Many thanks to everyone who has contributed to our release:

* Alyssa Ross <hi@alyssa.is>
* Bo Chen <chen.bo@intel.com>
* Changyuan Lyu <changyuanl@google.com>
* Jinank Jain <jinankjain@microsoft.com>
* Julian Stecklina <julian.stecklina@cyberus-technology.de>
* Muminul Islam <muislam@microsoft.com>
* Nuno Das Neves <nudasnev@microsoft.com>
* Praveen K Paladugu <prapal@linux.microsoft.com>
* Rob Bradford <rbradford@rivosinc.com>
* Songqian Li <sionli@tencent.com>
* Wei Liu <liuwe@microsoft.com>
* Yuanchu Xie <yuanchu@google.com>
* ihciah <ihciah@gmail.com>
* wuxinyue <wuxinyue.wxy@antgroup.com>

v40.0

v40.0

This release has been tracked in our [roadmap
project](https://github.com/orgs/cloud-hypervisor/projects/6) as iteration
v40.0. The following user visible changes have been made:

Support for Restoring File Descriptor Backed Network Devices
------- --- --------- ---- ---------- ------ ------- -------

It is now possible to pass file descriptors over the HTTP API (and using
`ch-remote`) when restoring to update the file descriptors for network devices.
This enables snapshot & restore functionality for guests using `macvtap` or
other file descriptor backed network devices. (#6286)

Notable Bug Fixes
------- --- -----

* Default values have been removed from required fields in the OpenAPI metadata
  (#6495)
* The help syntax of `ch-remote remove-device` has been improved (#6456)
* A double close of file descriptors has been fixed when using `--serial`
  (#6486)
* To prevent loops a limit on the nesting level for QCOW2 backing files has
  been introduced (#6482)
* Boot time performance has been improved with multiple cores by avoiding
  `cpuid` instructions and by seeding the in kernel file descriptor table
  (#6498, #6478)
* L1 cache details are more likely to be propagated into the guest (#6523)
* The default topology for guests now uses multiple cores rather than sockets
  (#6504)

Contributors
------------

Many thanks to everyone who has contributed to our release:

* Alexandru Matei <alexandru.matei@uipath.com>
* Bo Chen <chen.bo@intel.com>
* Jinank Jain <jinankjain@microsoft.com>
* Josh Soref <2119212+jsoref@users.noreply.github.com>
* Muminul Islam <muislam@microsoft.com>
* Nuno Das Neves <nudasnev@microsoft.com>
* Omer Faruk Bayram <omer.faruk@sartura.hr>
* Praveen K Paladugu <prapal@linux.microsoft.com>
* Purna Pavan Chandra <paekkaladevi@linux.microsoft.com>
* Rob Bradford <rbradford@rivosinc.com>
* SamrutGadde <samrut.gadde@gmail.com>
* Sean Banko <sbanko@crusoe.ai>
* Songqian Li <sionli@tencent.com>
* Wei Liu <liuwe@microsoft.com>
* Yi Wang <foxywang@tencent.com>
* Yu Li <liyu.yukiteru@bytedance.com>

v39.0

v39.0

This release has been tracked in our [roadmap
project](https://github.com/orgs/cloud-hypervisor/projects/6) as iteration
v39.0. The following user visible changes have been made:

Variable Sizing of PCI Apertures for Segments
-------- ------ -- --- --------- --- --------

It is now possible to use `--pci-segment` to adjust the aperture size that
devices 32-bit and 64-bit PCI device BARs will be allocated from. Previously
the address space was equally distributed across all the segments which may
leave insufficient space for devices that require a large 32-bit space. With
this change the weighting per segment can be adjusted. (#6387)

Direct Booting with bzImages
------ ------- ---- --------

Support for directly booting Linux from bzImages has been added.(#6200)

Support for NVIDIA GPUDirect P2P Support
------- --- ------ --------- --- -------

The `x_nv_gpudirect_clique` option was added to `--device` to allow the
configuration of device P2P support with NVIDIA GPUs. (#6235)

Guest NMI Injection Support
----- --- --------- -------
A new API endpoint and `ch-remote` option added for injecting an NMI into the
guest. (#6047)

Notable Bug Fixes
------- --- -----

* Workaround for kernel bug affecting guest IRQ masking on AMD (#6353)
* Correctly cleanup `sigwinch_listener` process (#6208)
* Graceful shutdown of HTTP API thread (#6248, #6247)
* Fix `queue_affinity` option in OpenAPI metadata (#6268)
* Fix documentation to indicate only stream mode is supported by `virtio-vsock`
  (#6306)
* Fix `virtio-fs` tag validation (#6358, #6359)
* Add missing `pvpanic` device to OpenAPI metadata (#6372)
* Fixes for nested virtualization with VFIO devices (#6110, #6298, #6297,
  #6319)
* Fix for backing file for `virtio-mem` regions with snapshot/restore (#6337,
  #6338)
* Explicitly mark FDs used for network devices as invalid across
  snapshot/restore (#6332, #6286)
* Improve `event-monitor` events around reboot (#6277, #6274)
* Fix potential deadlock around paused devices during live migration (#6293)
* Fix panic when running `ch-remote` with no subcommand (#6230)
* Fix hotplug of `virtio` devices after snapshot/restore and live migration
  (#6326, #6265)

Contributors
------------

Many thanks to everyone who has contributed to our release:

* Alexandru Matei <alexandru.matei@uipath.com>
* Andrew Carp <acarp@crusoeenergy.com>
* Bo Chen <chen.bo@intel.com>
* Bouke van der Bijl <i@bou.ke>
* Chris Webb <chris@arachsys.com>
* Jinank Jain <jinankjain@microsoft.com>
* Lucas Jacques <contact@lucasjacques.com>
* Muminul Islam <muislam@microsoft.com>
* Nuno Das Neves <nudasnev@microsoft.com>
* Ravi kumar Veeramally <ravikumar.veeramally@intel.com>
* Rob Bradford <rbradford@rivosinc.com>
* Ruslan Mstoi <ruslan.mstoi@intel.com>
* Stefan Nuernberger <stefan.nuernberger@cyberus-technology.de>
* Thomas Barrett <tbarrett@crusoeenergy.com>
* Wei Liu <liuwe@microsoft.com>
* Yi Wang <foxywang@tencent.com>

v37.1

This is a bug fix release. The following issues have been addressed:

* Fix several security advisories from dependencies (#6134, #6141)
* Enable HTT flag to avoid crashing cpu topology enumeration software
such as hwloc in the guest (#6146)
* Enable nested virtualization on AMD if supported (#6106)
* Handle non-power-of-two CPU topology properly (#6062)
* Various bug fixes around virtio-vsock(#6080, #6091, #6095)
* Align VFIO devices PCI BARs naturally (#6196)

v38.0

v38.0

This release has been tracked in our [roadmap
project](https://github.com/orgs/cloud-hypervisor/projects/6) as iteration
v38.0. The following user visible changes have been made:

Group Rate Limiter on Block Devices
-----------------------------------

Users now can throttle a group of block devices with the new
`--rate-limiter-group` option. Details can be found from the [I/O
Throttling documentation](docs/io_throttling.md)

CPU Pinning Support for Block Device Worker Thread
--------------------------------------------------

Users now have the option to pin virt-queue threads for block devices
to specific host cpus.

Optimized Boot Time with Parallel Memory Prefault
-------------------------------------------------

The boot time with `prefault` option enabled is optimized via parallel
memory prefault.

New 'debug-console' Device
--------------------------

A 'debug-console' device is added to provide a user-configurable debug
port for logging guest information. Details can be found from the [Debug
IO Ports documentation](docs/debug-port.md).

Improved VFIO Device Support
----------------------------

All non-emulated MMIO regions of VFIO devices are now mapped to the VFIO
container, allowing PCIe P2P between all VFIO devices on the same
VM. This is required for a wide variety of multi-GPU workloads involving
GPUDirect P2P (DMA between two GPUs), GPUDirect RDMA (DMA between a GPU
and an IB device).

Extended CPU Affinity Support
-----------------------------

Users now can set the vcpu affinity to a host CPU with index larger
than 255.

Notable Bug Fixes
-----------------

* Enable HTT flag to avoid crashing cpu topology enumeration software
such as hwloc in the guest (#6146)
* Fix several security advisories from dependencies (#6134, #6141)
* Handle non-power-of-two CPU topology properly (#6062)
* Various bug fixes around `virtio-vsock`(#6080, #6091, #6095)
* Enable nested virtualization on AMD if supported (#6106)
* Align VFIO devices PCI BARs naturally (#6196)

Contributors
------------

Many thanks to everyone who has contributed to our release:
* Alyssa Ross <hi@alyssa.is>
* Bo Chen <chen.bo@intel.com>
* Daniel Farina <daniel@ubicloud.com>
* Jinank Jain <jinankjain@microsoft.com>
* Muminul Islam <muislam@microsoft.com>
* Peteris Rudzusiks <rye@stripe.com>
* Philipp Schuster <philipp.schuster@cyberus-technology.de>
* Ravi kumar Veeramally <ravikumar.veeramally@intel.com>
* Rob Bradford <rbradford@rivosinc.com>
* Ruslan Mstoi <ruslan.mstoi@intel.com>
* Sean Banko <sbanko@crusoeenergy.com>
* Thomas Barrett <tbarrett@crusoeenergy.com>
* Wei Liu <liuwe@microsoft.com>
* Yi Wang <foxywang@tencent.com>
* acarp <acarp@crusoeenergy.com>

v28.4

v28.4

This is a bug fix release. The following issues have been addressed:

* Fix VFIO on platforms with non-4k page size (#5450)
* Fix seccomp filter lists related to virtio-console, serial and pty
(#5506, #5524)
* Populate APIC ID properly (#5512)
* Ignore and warn TAP FDs in more situations (#5522)
* Disallow concurrent CPU resizing (#5668)
* Use wrapping add for memory offset from instruction emulator (#5719)
* Replace unsound `static mut` with `once_cell` (#5772)
* Fix a deadlock when TDX is enabled (#5845)
* Bug fix to OpenAPI specification file (#5967)
* Error out early for live migration when TDX is enabled (#6025)