You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This release has been tracked in our roadmap
project as iteration
v41.0. The following user visible changes have been made:
Experimental "Pvmemcontrol" Support
VMM support has been added for this experimental functionality (requires
currently out of tree Linux kernel patches) to allow guests to control its
physical memory properties to allow optimisations and security features.
(#6318, #6467)
Sandboxing With Landlock Support
Support for restricting the VMM process using the Linux kernel "Landlock" API
has been added - this can be used to restrict the files (and the read/write
permissions) that the VMM process can access. This adds another layer of
security alongside the existing sycall filters (seccomp) - this can be
enabled with --landlock and fully documentated. (#5170)
Notification suppression ("EVENT_IDX") support has been added to virtio-block giving a 60% improvement in single queue block throughput and
IOPs performance (EVENT_IDX support to virtio-block #6580)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
This release has been tracked in our roadmap
project as iteration
v41.0. The following user visible changes have been made:
Experimental "Pvmemcontrol" Support
VMM support has been added for this experimental functionality (requires
currently out of tree Linux kernel patches) to allow guests to control its
physical memory properties to allow optimisations and security features.
(#6318, #6467)
Sandboxing With Landlock Support
Support for restricting the VMM process using the Linux kernel "Landlock" API
has been added - this can be used to restrict the files (and the read/write
permissions) that the VMM process can access. This adds another layer of
security alongside the existing sycall filters (
seccomp) - this can beenabled with
--landlockand fully documentated. (#5170)Notable Performance Improvements
virtio-netvia the use of a cache ofIovecstructures (virtio-devices: net: reduce vec allocations for iovec conversion #6636)
EVENT_IDX") support has been added tovirtio-blockgiving a 60% improvement in single queue block throughput andIOPs performance (EVENT_IDX support to virtio-block #6580)
statusfield invirtio-blockstate (block: fixstatusvalue size #6586)Notable Bug Fixes
access (hypervisor: kvm: aarch64: fix get_device_attr() UB #6647)
fcntlsyscall on debug assertions so this is nowincluded in the virtio-device seccomp filters for tests that use this (virtio-devices: allow vsock to call fcntl in debug #6648)
virtio-vsockdevice (cloud-hypervisor vm is crashing if we connect to VSOCK socket from the host side with ncat/socat and kill the app with <ctrl>+c without connecting to any port #6621)Contributors
Many thanks to everyone who has contributed to our release:
This discussion was created from the release v41.0.
Beta Was this translation helpful? Give feedback.
All reactions