add "secret_free" parameter to /machine-config endpoint

roypat · roypat · commit 823b376c274f · 2025-04-07T12:50:12.000+01:00
This will later indicate to Firecracker that guest memory should be
backed by guest_memfd.

Signed-off-by: Patrick Roy &lt;roypat@amazon.co.uk&gt;
diff --git a/src/vmm/src/resources.rs b/src/vmm/src/resources.rs
@@ -217,6 +217,11 @@ impl VmResources {
                         BalloonConfigError::IncompatibleWith("huge pages"),
                     ));
                 }
+                if self.machine_config.mem_config.secret_free {
+                    return Err(ResourcesError::BalloonDevice(
+                        BalloonConfigError::IncompatibleWith("secret freedom"),
+                    ));
+                }
             }
 
             SharedDeviceType::Vsock(vsock) => {
@@ -262,6 +267,12 @@ impl VmResources {
                 "huge pages",
             ));
         }
+        if self.balloon.get().is_some() && updated.mem_config.secret_free {
+            return Err(MachineConfigError::Incompatible(
+                "balloon device",
+                "secret freedom",
+            ));
+        }
         self.machine_config = updated;
 
         Ok(())
@@ -319,6 +330,9 @@ impl VmResources {
         if self.machine_config.huge_pages != HugePageConfig::None {
             return Err(BalloonConfigError::IncompatibleWith("huge pages"));
         }
+        if self.machine_config.mem_config.secret_free {
+            return Err(BalloonConfigError::IncompatibleWith("secret freedom"));
+        }
 
         self.balloon.set(config)
     }
diff --git a/src/vmm/src/vmm_config/machine_config.rs b/src/vmm/src/vmm_config/machine_config.rs
@@ -99,6 +99,11 @@ pub struct MemoryConfig {
     #[cfg(target_arch = "aarch64")]
     #[serde(default)]
     pub initial_swiotlb_size: usize,
+    /// Whether guest_memfd should be used to back normal guest memory. If this is enabled
+    /// and any devices are attached to the VM, then initial_swiotlb_size must be non-zero,
+    /// as I/O into secret free memory is not possible.
+    #[serde(default)]
+    pub secret_free: bool,
 }
 
 /// Struct used in PUT `/machine-config` API call.
@@ -301,6 +306,13 @@ impl MachineConfig {
             return Err(MachineConfigError::InvalidSwiotlbRegionSize);
         }
 
+        if mem_config.secret_free && page_config != HugePageConfig::None {
+            return Err(MachineConfigError::Incompatible(
+                "secret freedom",
+                "huge pages",
+            ));
+        }
+
         let cpu_template = match update.cpu_template {
             None => self.cpu_template.clone(),
             Some(StaticCpuTemplate::None) => None,
