refactor: move KVM_SET_TSS_ADDR call into Vm::arch_create

Since we issue this ioctl with a constant address, it doesn't really
matter _when_ we do it. Internally, it causes a hidden memslot of size 3
pages to be created. If we create it _after_ all other memslots, then
this ioctl can fail with EEXIST if it would overlap some pre-existing
memslot. Now, instead the creation of the overlapping memslot would fail
with EEXIST. But this is a moot point, because if Firecracker ever tried
to create a memslot that overlaps this one, something is fundamentally
broken.

Signed-off-by: Patrick Roy <[email protected]>

Author: roypat

src/vmm/src/vstate/vm/aarch64.rs

@@ -1,6 +1,7 @@
 // Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
+use kvm_ioctls::VmFd;
 use serde::{Deserialize, Serialize};
 
 use super::Vm;
@@ -26,7 +27,7 @@ pub enum ArchVmError {
 }
 
 impl Vm {
-    pub(super) fn arch_create(_: &Kvm) -> Result<ArchVm, ArchVmError> {
+    pub(super) fn arch_create(_: &Kvm, _: &VmFd) -> Result<ArchVm, ArchVmError> {
         Ok(ArchVm {
             irqchip_handle: None,
         })

src/vmm/src/vstate/vm/mod.rs

@@ -9,8 +9,6 @@ use kvm_bindings::{kvm_userspace_memory_region, KVM_MEM_LOG_DIRTY_PAGES};
 use kvm_ioctls::VmFd;
 use vmm_sys_util::eventfd::EventFd;
 
-#[cfg(target_arch = "x86_64")]
-use crate::utils::u64_to_usize;
 use crate::vstate::kvm::Kvm;
 use crate::vstate::memory::{Address, GuestMemory, GuestMemoryMmap, GuestMemoryRegion};
 
@@ -58,7 +56,7 @@ impl Vm {
     /// Create a new `Vm` struct.
     pub fn new(kvm: &Kvm) -> Result<Self, VmError> {
         let fd = kvm.fd.create_vm().map_err(VmError::VmFd)?;
-        let arch = Vm::arch_create(kvm)?;
+        let arch = Vm::arch_create(kvm, &fd)?;
 
         Ok(Vm { fd, arch })
     }
@@ -85,13 +83,7 @@ impl Vm {
 
     /// Initializes the guest memory.
     pub fn memory_init(&self, guest_mem: &GuestMemoryMmap) -> Result<(), VmError> {
-        self.set_kvm_memory_regions(guest_mem)?;
-        #[cfg(target_arch = "x86_64")]
-        self.fd
-            .set_tss_address(u64_to_usize(crate::arch::x86_64::layout::KVM_TSS_ADDRESS))
-            .map_err(VmError::VmSetup)?;
-
-        Ok(())
+        self.set_kvm_memory_regions(guest_mem)
     }
 
     pub(crate) fn set_kvm_memory_regions(

src/vmm/src/vstate/vm/x86_64.rs

@@ -7,9 +7,11 @@ use kvm_bindings::{
     kvm_clock_data, kvm_irqchip, kvm_pit_config, kvm_pit_state2, MsrList, KVM_CLOCK_TSC_STABLE,
     KVM_IRQCHIP_IOAPIC, KVM_IRQCHIP_PIC_MASTER, KVM_IRQCHIP_PIC_SLAVE, KVM_PIT_SPEAKER_DUMMY,
 };
+use kvm_ioctls::VmFd;
 use serde::{Deserialize, Serialize};
 
 use crate::arch::x86_64::msr::MsrError;
+use crate::utils::u64_to_usize;
 use crate::vstate::kvm::Kvm;
 use crate::Vm;
 
@@ -42,6 +44,8 @@ pub enum ArchVmError {
     VmSetIrqChip(kvm_ioctls::Error),
     /// Failed to get MSR index list to save into snapshots: {0}
     GetMsrsToSave(MsrError),
+    /// Failed during KVM_SET_TSS_ADDRESS: {0}
+    SetTssAddress(kvm_ioctls::Error),
 }
 
 /// Structure representing the current architecture's understand of what a "virtual machine" is.
@@ -51,9 +55,12 @@ pub struct ArchVm {
 }
 
 impl Vm {
-    pub(super) fn arch_create(kvm: &Kvm) -> Result<ArchVm, ArchVmError> {
+    pub(super) fn arch_create(kvm: &Kvm, fd: &VmFd) -> Result<ArchVm, ArchVmError> {
         let msrs_to_save = kvm.msrs_to_save().map_err(ArchVmError::GetMsrsToSave)?;
 
+        fd.set_tss_address(u64_to_usize(crate::arch::x86_64::layout::KVM_TSS_ADDRESS))
+            .map_err(ArchVmError::SetTssAddress)?;
+
         Ok(ArchVm { msrs_to_save })
     }