Merge branch 'main' into test/sanitizer-integration-pipeline

Author: zulinx86

.cargo/audit.toml

@@ -1,7 +1,18 @@
 [advisories]
-# The `paste` dependency is transitively included via `gdbstub`.
-# While the crate is archived/unmaintained, the author considers it feature-complete
-# and functionally stable. gdbstub will be update once they migrate
-# to an alternative solution.
-# See https://github.com/daniel5151/gdbstub/issues/168
-ignore = ["RUSTSEC-2024-0436"]
+ignore = [
+    # The `paste` dependency is transitively included via `gdbstub`.
+    # While the crate is archived/unmaintained, the author considers it feature-complete
+    # and functionally stable. gdbstub will be update once they migrate
+    # to an alternative solution.
+    # See https://github.com/daniel5151/gdbstub/issues/168
+    "RUSTSEC-2024-0436",
+
+    # `rand` unsoundness when a custom logger re-enters `rand::rng()`/`thread_rng()`
+    # during ThreadRng reseeding. Firecracker is not affected:
+    # - uuid (1.23.0): does not enable `fast-rng` or `rng-rand` features, so it uses
+    #   `getrandom` directly and never calls into rand.
+    # - proptest: uses rand 0.9 with `default-features = false` and does not enable
+    #   the `thread_rng` feature, so the affected functions are not compiled in.
+    # See https://rustsec.org/advisories/RUSTSEC-2026-0097.html
+    "RUSTSEC-2026-0097",
+]

.github/CODEOWNERS

@@ -1,19 +1,19 @@
 # All markdown files
-*.md @xmarcalx @kalyazin @pb8o @Manciukic
+*.md @kalyazin @Manciukic @micz010
 
 # But not the ones in docs/
 docs/*.md
 
 # Except these specific ones
-docs/getting-started.md @xmarcalx @kalyazin @pb8o @Manciukic
-docs/prod-host-setup.md @xmarcalx @kalyazin @pb8o @Manciukic
+docs/getting-started.md @kalyazin @Manciukic @micz010
+docs/prod-host-setup.md @kalyazin @Manciukic @micz010
 
 # Also cover all "*policy*.md" documents
-**/*policy*.md @xmarcalx @kalyazin @pb8o @Manciukic
-**/*POLICY*.md @xmarcalx @kalyazin @pb8o @Manciukic
+**/*policy*.md @kalyazin @Manciukic @micz010
+**/*POLICY*.md @kalyazin @Manciukic @micz010
 
 # Also these non-md files in the repository root
-THIRD_PARTY @xmarcalx @kalyazin @pb8o @Manciukic
-LICENSE @xmarcalx @kalyazin @pb8o @Manciukic
-NOTICE @xmarcalx @kalyazin @pb8o @Manciukic
-PGP-KEY.asc @xmarcalx @kalyazin @pb8o @Manciukic
+THIRD-PARTY @kalyazin @Manciukic @micz010
+LICENSE @kalyazin @Manciukic @micz010
+NOTICE @kalyazin @Manciukic @micz010
+PGP-KEY.asc @kalyazin @Manciukic @micz010

CHANGELOG.md

@@ -14,6 +14,16 @@ and this project adheres to
   support for Vsock Unix domain socket path overriding on snapshot restore. More
   information can be found in the
   [docs](docs/vsock.md/#unix-domain-socket-renaming).
+- [#5824](https://github.com/firecracker-microvm/firecracker/pull/5824): Add
+  optional rate limiting to serial console output, configurable via the
+  `rate_limiter` field on `PUT /serial`. A new metric is exposed under `uart`:
+  `rate_limiter_dropped_bytes`.
+- [#5799](https://github.com/firecracker-microvm/firecracker/pull/5799): Add
+  per-callsite rate limiting for error, warn, and info level log messages. Each
+  callsite independently allows up to 10 messages per 5-second window. When
+  logging resumes after suppression, a warn-level summary reports the count of
+  suppressed messages. A new `rate_limited_log_count` metric tracks the total
+  number of suppressed messages.
 
 ### Changed
 
@@ -32,6 +42,12 @@ and this project adheres to
   HID (Hardware ID) of VMGenID device so that it aligns with the upstream Linux
   kernel. This caused the driver not to be bound correctly to the device prior
   to Linux kernel 6.10.
+- [#5764](https://github.com/firecracker-microvm/firecracker/pull/5764): Fixed a
+  bug that caused the guest UART driver to get stuck and stop transmitting after
+  snapshot restore. The bug was triggered by taking a snapshot while a serial
+  transmission was taking place. On restore the driver would wait for a TX
+  interrupt that would never arrive and no output would appear in the serial
+  console.
 - [#5780](https://github.com/firecracker-microvm/firecracker/pull/5780): Fixed
   missing `/sys/devices/system/cpu/cpu*/cache/*` in aarch64 guests when running
   on host kernels >= 6.3 with guest kernels >= 6.1.156.
@@ -44,6 +60,27 @@ and this project adheres to
   balloon statistics descriptor length to prevent a guest-controlled oversized
   descriptor from temporarily stalling the VMM event loop. Only affects microVMs
   with `stats_polling_interval_s > 0`.
+- [#5809](https://github.com/firecracker-microvm/firecracker/pull/5809): Fixed a
+  bug on host Linux >= 5.16 for x86_64 guests using the `kvm-clock` clock source
+  causing the monotonic clock to jump on restore by the wall-clock time elapsed
+  since the snapshot was taken. Users using `kvm-clock` that want to explicitly
+  advance the clock with `KVM_CLOCK_REALTIME` can opt back in using the new
+  `clock_realtime` flag in `LoadSnapshot` API.
+- [#5738](https://github.com/firecracker-microvm/firecracker/pull/5738): Fixed
+  x86_64 snapshot serialization to cover the full KVM custom MSR range
+  (0x4b564d00-0x4b564dff) instead of a small subset. Previously, some KVM MSRs
+  such as MSR_KVM_ASYNC_PF_INT and MSR_KVM_ASYNC_PF_ACK were missing from
+  snapshots, which could cause issues on restore.
+- [#5818](https://github.com/firecracker-microvm/firecracker/pull/5818): Enforce
+  the virtio device initialization sequence in the PCI transport, matching the
+  existing MMIO transport behavior. The PCI transport now validates device
+  status transitions, rejects queue configuration writes outside the FEATURES_OK
+  to DRIVER_OK window, rejects feature negotiation outside the DRIVER state,
+  blocks re-initialization after a failed reset, and sets DEVICE_NEEDS_RESET
+  when device activation fails.
+- [#5818](https://github.com/firecracker-microvm/firecracker/pull/5818): Reject
+  device status writes that clear previously set bits in the MMIO transport,
+  except for reset.
 
 ## [1.15.0]