tmp: swap in memory before taking snapshot

Signed-off-by: Patrick Roy <[email protected]>

Author: roypat

resources/seccomp/aarch64-unknown-linux-musl.json

@@ -31,6 +31,12 @@
             {
                 "syscall": "mincore"
             },
+            {
+                "syscall": "mlock2"
+            },
+            {
+                "syscall": "munlock"
+            },
             {
                 "syscall": "writev",
                 "comment": "Used by the VirtIO net device to write to tap"

resources/seccomp/x86_64-unknown-linux-musl.json

@@ -31,6 +31,12 @@
             {
                 "syscall": "mincore"
             },
+            {
+                "syscall": "mlock2"
+            },
+            {
+                "syscall": "munlock"
+            },
             {
                 "syscall": "writev",
                 "comment": "Used by the VirtIO net device to write to tap"

src/vmm/src/persist.rs

@@ -145,6 +145,8 @@ pub enum CreateSnapshotError {
     SerializeMicrovmState(#[from] crate::snapshot::SnapshotError),
     /// Cannot perform {0} on the snapshot backing file: {1}
     SnapshotBackingFile(&'static str, io::Error),
+    /// Error locking memory into RAM for snapshotting
+    Mlock(#[from] io::Error),
 }
 
 /// Snapshot version

src/vmm/src/vstate/vm.rs

@@ -25,7 +25,7 @@ use crate::vstate::memory::{
     Address, GuestMemory, GuestMemoryExtension, GuestMemoryMmap, GuestMemoryRegion, GuestRegionMmap,
 };
 use crate::vstate::vcpu::VcpuError;
-use crate::{DirtyBitmap, Vcpu, mem_size_mib};
+use crate::{DirtyBitmap, Vcpu, logger, mem_size_mib};
 
 /// Architecture independent parts of a VM.
 #[derive(Debug)]
@@ -285,6 +285,20 @@ impl Vm {
 /// Use `mincore(2)` to overapproximate the dirty bitmap for the given memslot. To be used
 /// if a diff snapshot is requested, but dirty page tracking wasn't enabled.
 fn mincore_bitmap(region: &GuestRegionMmap) -> Result<Vec<u64>, vmm_sys_util::errno::Error> {
+    // SAFETY: GuestRegionMmap ensures the pointer+len pair is valid. `flags` has no impact
+    // on safety from the rust perspective.
+    let r = unsafe {
+        libc::mlock2(
+            region.as_ptr().cast(),
+            u64_to_usize(region.len()),
+            libc::MLOCK_ONFAULT,
+        )
+    };
+
+    if r != 0 {
+        return vmm_sys_util::errno::errno_result();
+    }
+
     // Mincore always works at PAGE_SIZE granularity, even if the VMA we are dealing with
     // is a hugetlbfs VMA (e.g. to report a single hugepage as "present", mincore will
     // give us 512 4k markers with the lowest bit set).
@@ -314,6 +328,14 @@ fn mincore_bitmap(region: &GuestRegionMmap) -> Result<Vec<u64>, vmm_sys_util::er
         bitmap[page_idx / 64] |= (*b as u64 & 0x1) << (page_idx as u64 % 64);
     }
 
+    // SAFETY: GuestRegionMmap ensures the pointer+len pair is valid
+    let r = unsafe { libc::munlock(region.as_ptr().cast(), u64_to_usize(region.len())) };
+
+    if r != 0 {
+        // Not ideal, but nothing to fail snapshot creation over.
+        logger::error!("Failed to munlock guest memory after mincore snapshot!");
+    }
+
     Ok(bitmap)
 }