From 322aeb4ef91aa2034de3068681fcb96a4d78400e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Barb=C3=A1chano?= <pablob@amazon.com>
Date: Mon, 22 Jan 2024 16:15:18 +0100
Subject: [PATCH 1/4] chore(doc): change notes to caution messages to make them
 more visible
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[Caution messages][1] are rendered nicely by GitHub's markdown renderer.

[1]: https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts

Signed-off-by: Pablo Barbáchano <pablob@amazon.com>
---
 docs/prod-host-setup.md | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/docs/prod-host-setup.md b/docs/prod-host-setup.md
index 00b65e48b89..63287ec77db 100644
--- a/docs/prod-host-setup.md
+++ b/docs/prod-host-setup.md
@@ -259,17 +259,20 @@ echo "swap partitions present (Recommendation: no swap)" \
 
 ### Mitigating hardware vulnerabilities
 
-> **Note** Firecracker is not able to mitigate host's hardware vulnerabilities.
-Adequate mitigations need to be put in place when configuring the host.
-
-> **Note** Firecracker is designed to provide isolation boundaries between
-microVMs running in different Firecracker processes. It is strongly recommended
-that each Firecracker process corresponds to a workload of a single tenant.
-
-> **Note** For security and stability reasons it is highly recommended to load
-updated microcode as soon as possible. Aside from keeping the system firmware
-up-to-date, when the kernel is used to load updated microcode of the CPU this
-should be done as early as possible in the boot process.
+> [!CAUTION]
+> Firecracker is not able to mitigate host's hardware vulnerabilities.
+> Adequate mitigations need to be put in place when configuring the host.
+
+> [!CAUTION]
+> Firecracker is designed to provide isolation boundaries between microVMs
+> running in different Firecracker processes. It is strongly recommended that
+> each Firecracker process corresponds to a workload of a single tenant.
+
+> [!CAUTION]
+> For security and stability reasons it is highly recommended to load updated
+> microcode as soon as possible. Aside from keeping the system firmware
+> up-to-date, when the kernel is used to load updated microcode of the CPU this
+> should be done as early as possible in the boot process.
 
 #### Side channel attacks
 

From c00925d50d89fb095afd5a793f6ab8a868e5780a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Barb=C3=A1chano?= <pablob@amazon.com>
Date: Mon, 22 Jan 2024 16:16:59 +0100
Subject: [PATCH 2/4] chore(doc): move links to their section
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For some reason they got moved out of place.

Signed-off-by: Pablo Barbáchano <pablob@amazon.com>
---
 docs/prod-host-setup.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/prod-host-setup.md b/docs/prod-host-setup.md
index 63287ec77db..37c8599ff05 100644
--- a/docs/prod-host-setup.md
+++ b/docs/prod-host-setup.md
@@ -315,6 +315,9 @@ merging this change [upstream][2], this seems like a conscious design decision
 of the ARM code contributors, giving precedence to performance over the ability
 to trap and control this in the hypervisor.
 
+[1]: https://elixir.free-electrons.com/linux/v4.14.203/source/virt/kvm/arm/hyp/timer-sr.c#L63
+[2]: https://lists.cs.columbia.edu/pipermail/kvmarm/2017-January/023323.html
+
 ##### Verification
 
 [spectre-meltdown-checker script](https://github.com/speed47/spectre-meltdown-checker)
@@ -329,9 +332,6 @@ downloaded and executed like:
 wget -O - https://meltdown.ovh | bash
 ```
 
-[1]: https://elixir.free-electrons.com/linux/v4.14.203/source/virt/kvm/arm/hyp/timer-sr.c#L63
-[2]: https://lists.cs.columbia.edu/pipermail/kvmarm/2017-January/023323.html
-
 ### Linux 6.1 boot time regressions
 
 Linux 6.1 introduced some regressions in the time it takes to boot a VM, for the

From a1a3d7faf12eefb183e3f68e44d3669a70868629 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Barb=C3=A1chano?= <pablob@amazon.com>
Date: Mon, 22 Jan 2024 16:17:19 +0100
Subject: [PATCH 3/4] chore(doc): fix footnotes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Remove one footnote that is no longer relevant, and fix the formatting
of the other one.

Signed-off-by: Pablo Barbáchano <pablob@amazon.com>
---
 docs/prod-host-setup.md | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/docs/prod-host-setup.md b/docs/prod-host-setup.md
index 37c8599ff05..5e15927bc47 100644
--- a/docs/prod-host-setup.md
+++ b/docs/prod-host-setup.md
@@ -387,18 +387,14 @@ sudo mount -o remount,favordynmods /sys/fs/cgroup
 ```
 
 For cgroupsv1, remounting with `favordynmods` is not supported, so it has to be
-done at boot time, through a kernel command line option[^1]. Add
+done at boot time, through a kernel command line option. Add
 `cgroup_favordynmods=true` to your kernel command line in GRUB. Refer to your
-distribution's documentation for where to make this change[^2]
+distribution's documentation for where to make this change[^1]
 
-[^2] Look for `GRUB_CMDLINE_LINUX` in file `/etc/default/grub` in RPM-based
+[^1]: Look for `GRUB_CMDLINE_LINUX` in file `/etc/default/grub` in RPM-based
 systems, and [this doc for
 Ubuntu](https://wiki.ubuntu.com/Kernel/KernelBootParameters).
 
-[^1]: this command line option is still unreleased at the moment of writing, but
-will be part of 6.7 and may be backported to 6.1:
-<https://lore.kernel.org/lkml/ZR2zsZIung0-mWii@slm.duckdns.org/>
-
 #### Mitigation 2: `kvm.nx_huge_pages=never`
 
 This mitigation is preferred to the previous one as it is less invasive (it

From cc2d85314b4b5a9422c453ef6a06d45eb0d6c3f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Barb=C3=A1chano?= <pablob@amazon.com>
Date: Tue, 23 Jan 2024 13:16:54 +0100
Subject: [PATCH 4/4] chore(doc): fix supported kernel version table
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fix a typo of `linux_4.1` which should read `linux_4.14`.

Signed-off-by: Pablo Barbáchano <pablob@amazon.com>
---
 README.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 32cb10bb422..b2d277fb467 100644
--- a/README.md
+++ b/README.md
@@ -130,13 +130,13 @@ The **API endpoint** can be used to:
 
 We test all combinations of:
 
-| Instance   | Host OS & Kernel   | Guest Rootfs   | Guest Kernel   |
-| :--------- | :----------------- | :------------- | :------------- |
-| m5d.metal  | al2    linux_4.1   | ubuntu 22.04   | linux_4.14     |
-| m6i.metal  | al2    linux_5.10  |                | linux_5.10     |
-| m6a.metal  | al2023 linux_6.1   |                |                |
-| m6g.metal  |                    |                |                |
-| c7g.metal  |                    |                |                |
+| Instance  | Host OS & Kernel  | Guest Rootfs | Guest Kernel |
+|:----------|:------------------|:-------------|:-------------|
+| m5d.metal | al2    linux_4.14 | ubuntu 22.04 | linux_4.14   |
+| m6i.metal | al2    linux_5.10 |              | linux_5.10   |
+| m6a.metal | al2023 linux_6.1  |              |              |
+| m6g.metal |                   |              |              |
+| c7g.metal |                   |              |              |
 
 ## Known issues and Limitations