use correct vm type for guest_memfd

roypat · roypat · commit 3fb048221dd6 · 2025-04-08T15:09:33.000+01:00
On x86, only KVM_X86_SW_PROTECTED_VM VMs support guest_memfd, so we have
to explicitly specify this VM type. On Arm, all VMs support it.

Signed-off-by: Patrick Roy &lt;roypat@amazon.co.uk&gt;
diff --git a/src/vmm/src/arch/aarch64/vm.rs b/src/vmm/src/arch/aarch64/vm.rs
@@ -8,6 +8,14 @@ use crate::arch::aarch64::gic::GicState;
 use crate::vstate::memory::{GuestMemoryExtension, GuestMemoryState};
 use crate::vstate::vm::{VmCommon, VmError};
 
+/// The VM type for this architecture that allows us to use guest_memfd. On ARM, all VMs
+/// support guest_memfd and no special type is needed (in fact, no concept of vm types really
+/// exists, and the correspoding field of the CREATE_VM ioctl determines IPA size instead,
+/// e.g. the size of the guest physical address space. This value cannot be hardcoded, hence
+/// `None` to let the `Vm` constructor now that just normal [`Kvm::create_vm`] should be called,
+/// which internally determines the preferred IPA size.
+pub const VM_TYPE_FOR_SECRET_FREEDOM: Option<u64> = None;
+
 /// Structure representing the current architecture's understand of what a "virtual machine" is.
 #[derive(Debug)]
 pub struct ArchVm {
@@ -30,8 +38,8 @@ pub enum ArchVmError {
 
 impl ArchVm {
     /// Create a new `Vm` struct.
-    pub fn new(kvm: &Kvm) -> Result<ArchVm, VmError> {
-        let common = Self::create_common(kvm)?;
+    pub fn new(kvm: &Kvm, vm_type: Option<u64>) -> Result<ArchVm, VmError> {
+        let common = Self::create_common(kvm, vm_type)?;
         Ok(ArchVm {
             common,
             irqchip_handle: None,
diff --git a/src/vmm/src/arch/mod.rs b/src/vmm/src/arch/mod.rs
@@ -17,7 +17,7 @@ pub use aarch64::kvm::{Kvm, KvmArchError, OptionalCapabilities};
 #[cfg(target_arch = "aarch64")]
 pub use aarch64::vcpu::*;
 #[cfg(target_arch = "aarch64")]
-pub use aarch64::vm::{ArchVm, ArchVmError, VmState};
+pub use aarch64::vm::{ArchVm, ArchVmError, VM_TYPE_FOR_SECRET_FREEDOM, VmState};
 #[cfg(target_arch = "aarch64")]
 pub use aarch64::{
     ConfigurationError, MMIO_MEM_SIZE, MMIO_MEM_START, arch_memory_regions,
@@ -35,7 +35,7 @@ pub use x86_64::kvm::{Kvm, KvmArchError};
 #[cfg(target_arch = "x86_64")]
 pub use x86_64::vcpu::*;
 #[cfg(target_arch = "x86_64")]
-pub use x86_64::vm::{ArchVm, ArchVmError, VmState};
+pub use x86_64::vm::{ArchVm, ArchVmError, VM_TYPE_FOR_SECRET_FREEDOM, VmState};
 
 #[cfg(target_arch = "x86_64")]
 pub use crate::arch::x86_64::{
diff --git a/src/vmm/src/arch/x86_64/vm.rs b/src/vmm/src/arch/x86_64/vm.rs
@@ -5,16 +5,21 @@ use std::fmt;
 
 use kvm_bindings::{
     KVM_CLOCK_TSC_STABLE, KVM_IRQCHIP_IOAPIC, KVM_IRQCHIP_PIC_MASTER, KVM_IRQCHIP_PIC_SLAVE,
-    KVM_PIT_SPEAKER_DUMMY, MsrList, kvm_clock_data, kvm_irqchip, kvm_pit_config, kvm_pit_state2,
+    KVM_PIT_SPEAKER_DUMMY, KVM_X86_SW_PROTECTED_VM, MsrList, kvm_clock_data, kvm_irqchip,
+    kvm_pit_config, kvm_pit_state2,
 };
 use kvm_ioctls::Cap;
 use serde::{Deserialize, Serialize};
 
+use crate::arch::Kvm;
 use crate::arch::x86_64::msr::MsrError;
 use crate::utils::u64_to_usize;
 use crate::vstate::memory::{GuestMemoryExtension, GuestMemoryState};
 use crate::vstate::vm::{VmCommon, VmError};
 
+/// The VM type for this architecture that allows us to use guest_memfd.
+pub const VM_TYPE_FOR_SECRET_FREEDOM: Option<u64> = Some(KVM_X86_SW_PROTECTED_VM as u64);
+
 /// Error type for [`Vm::restore_state`]
 #[allow(missing_docs)]
 #[cfg(target_arch = "x86_64")]
@@ -60,8 +65,8 @@ pub struct ArchVm {
 
 impl ArchVm {
     /// Create a new `Vm` struct.
-    pub fn new(kvm: &crate::vstate::kvm::Kvm) -> Result<ArchVm, VmError> {
-        let common = Self::create_common(kvm)?;
+    pub fn new(kvm: &Kvm, vm_type: Option<u64>) -> Result<ArchVm, VmError> {
+        let common = Self::create_common(kvm, vm_type)?;
 
         let msrs_to_save = kvm.msrs_to_save().map_err(ArchVmError::GetMsrsToSave)?;
 
diff --git a/src/vmm/src/builder.rs b/src/vmm/src/builder.rs
@@ -20,7 +20,9 @@ use vm_superio::Rtc;
 use vm_superio::Serial;
 use vmm_sys_util::eventfd::EventFd;
 
-use crate::arch::{ConfigurationError, configure_system_for_boot, load_kernel};
+use crate::arch::{
+    ConfigurationError, VM_TYPE_FOR_SECRET_FREEDOM, configure_system_for_boot, load_kernel,
+};
 #[cfg(target_arch = "aarch64")]
 use crate::construct_kvm_mpidrs;
 use crate::cpu_config::templates::{
@@ -142,11 +144,12 @@ fn create_vmm_and_vcpus(
     event_manager: &mut EventManager,
     vcpu_count: u8,
     kvm_capabilities: Vec<KvmCapability>,
+    vm_type: Option<u64>,
 ) -> Result<(Vmm, Vec<Vcpu>), VmmError> {
     let kvm = Kvm::new(kvm_capabilities)?;
     // Set up Kvm Vm and register memory regions.
     // Build custom CPU config if a custom template is provided.
-    let mut vm = Vm::new(&kvm)?;
+    let mut vm = Vm::new(&kvm, vm_type)?;
 
     let resource_allocator = ResourceAllocator::new()?;
 
@@ -227,12 +230,17 @@ pub fn build_microvm_for_boot(
         .get_cpu_template()?;
 
     let secret_free = vm_resources.machine_config.mem_config.secret_free;
+    let vm_type = match secret_free {
+        true => VM_TYPE_FOR_SECRET_FREEDOM,
+        false => None,
+    };
 
     let (mut vmm, mut vcpus) = create_vmm_and_vcpus(
         instance_info,
         event_manager,
         vm_resources.machine_config.vcpu_count,
         cpu_template.kvm_capabilities.clone(),
+        vm_type,
     )?;
 
     let guest_memfd = match secret_free {
@@ -472,6 +480,7 @@ pub fn build_microvm_from_snapshot(
         event_manager,
         vm_resources.machine_config.vcpu_count,
         microvm_state.kvm_state.kvm_cap_modifiers.clone(),
+        None, // TODO: secret freedom support post snapshot restore
     )
     .map_err(StartMicrovmError::Internal)?;
 
diff --git a/src/vmm/src/device_manager/mmio.rs b/src/vmm/src/device_manager/mmio.rs
@@ -655,7 +655,7 @@ mod tests {
         let start_addr2 = GuestAddress(0x1000);
         let guest_mem = multi_region_mem_raw(&[(start_addr1, 0x1000), (start_addr2, 0x1000)]);
         let kvm = Kvm::new(vec![]).expect("Cannot create Kvm");
-        let mut vm = Vm::new(&kvm).unwrap();
+        let mut vm = Vm::new(&kvm, None).unwrap();
         vm.register_memory_regions(guest_mem, false).unwrap();
         let mut device_manager = MMIODeviceManager::new();
         let mut resource_allocator = ResourceAllocator::new().unwrap();
@@ -686,7 +686,7 @@ mod tests {
         let start_addr2 = GuestAddress(0x1000);
         let guest_mem = multi_region_mem_raw(&[(start_addr1, 0x1000), (start_addr2, 0x1000)]);
         let kvm = Kvm::new(vec![]).expect("Cannot create Kvm");
-        let mut vm = Vm::new(&kvm).unwrap();
+        let mut vm = Vm::new(&kvm, None).unwrap();
         vm.register_memory_regions(guest_mem, false).unwrap();
         let mut device_manager = MMIODeviceManager::new();
         let mut resource_allocator = ResourceAllocator::new().unwrap();
@@ -742,7 +742,7 @@ mod tests {
         let start_addr2 = GuestAddress(0x1000);
         let guest_mem = multi_region_mem_raw(&[(start_addr1, 0x1000), (start_addr2, 0x1000)]);
         let kvm = Kvm::new(vec![]).expect("Cannot create Kvm");
-        let mut vm = Vm::new(&kvm).unwrap();
+        let mut vm = Vm::new(&kvm, None).unwrap();
         vm.register_memory_regions(guest_mem, false).unwrap();
 
         #[cfg(target_arch = "x86_64")]
diff --git a/src/vmm/src/vstate/vm.rs b/src/vmm/src/vstate/vm.rs
@@ -18,8 +18,8 @@ use kvm_ioctls::{Cap, VmFd};
 use userfaultfd::{FeatureFlags, Uffd, UffdBuilder};
 use vmm_sys_util::eventfd::EventFd;
 
-use crate::arch::host_page_size;
 pub use crate::arch::{ArchVm as Vm, ArchVmError, VmState};
+use crate::arch::{Kvm, host_page_size};
 use crate::logger::info;
 use crate::persist::{CreateSnapshotError, GuestRegionUffdMapping};
 use crate::utils::u64_to_usize;
@@ -73,7 +73,7 @@ pub enum VmError {
 /// Contains Vm functions that are usable across CPU architectures
 impl Vm {
     /// Create a KVM VM
-    pub fn create_common(kvm: &crate::vstate::kvm::Kvm) -> Result<VmCommon, VmError> {
+    pub fn create_common(kvm: &Kvm, vm_type: Option<u64>) -> Result<VmCommon, VmError> {
         // It is known that KVM_CREATE_VM occasionally fails with EINTR on heavily loaded machines
         // with many VMs.
         //
@@ -97,7 +97,12 @@ impl Vm {
         const MAX_ATTEMPTS: u32 = 5;
         let mut attempt = 1;
         let fd = loop {
-            match kvm.fd.create_vm() {
+            let vm_res = match vm_type {
+                Some(r#type) => kvm.fd.create_vm_with_type(r#type),
+                None => kvm.fd.create_vm(),
+            };
+
+            match vm_res {
                 Ok(fd) => break fd,
                 Err(e) if e.errno() == libc::EINTR && attempt < MAX_ATTEMPTS => {
                     info!("Attempt #{attempt} of KVM_CREATE_VM returned EINTR");
@@ -464,7 +469,7 @@ pub(crate) mod tests {
     // Auxiliary function being used throughout the tests.
     pub(crate) fn setup_vm() -> (Kvm, Vm) {
         let kvm = Kvm::new(vec![]).expect("Cannot create Kvm");
-        let vm = Vm::new(&kvm).expect("Cannot create new vm");
+        let vm = Vm::new(&kvm, None).expect("Cannot create new vm");
         (kvm, vm)
     }
 
@@ -480,7 +485,7 @@ pub(crate) mod tests {
     fn test_new() {
         // Testing with a valid /dev/kvm descriptor.
         let kvm = Kvm::new(vec![]).expect("Cannot create Kvm");
-        Vm::new(&kvm).unwrap();
+        Vm::new(&kvm, None).unwrap();
     }
 
     #[test]
