allow creation of snapshots of secret hidden VMs

To take snapshots of secret hidden VMs, we need to bounce guest memory
through a userspace buffer. Reuse the `Bounce` wrapper type that is
already in use for loading the guest kernel / initrd.

Signed-off-by: Patrick Roy <[email protected]>

Author: roypat

src/vmm/src/vstate/memory.rs

@@ -6,7 +6,7 @@
 // found in the THIRD-PARTY file.
 
 use std::fs::File;
-use std::io::{Read, Seek, SeekFrom};
+use std::io::{Read, Seek, SeekFrom, Write};
 use std::mem::ManuallyDrop;
 use std::os::fd::{AsFd, AsRawFd};
 use std::ptr::null_mut;
@@ -86,6 +86,23 @@ impl<T: Read + AsFd> ReadVolatile for Bounce<T> {
     }
 }
 
+impl<T: Write + AsFd> WriteVolatile for Bounce<T> {
+    fn write_volatile<B: BitmapSlice>(
+        &mut self,
+        buf: &VolatileSlice<B>,
+    ) -> Result<usize, VolatileMemoryError> {
+        if self.1 {
+            let mut bbuf = vec![0; buf.len()];
+            buf.copy_to(bbuf.as_mut_slice());
+            self.0
+                .write(bbuf.as_slice())
+                .map_err(VolatileMemoryError::IOError)
+        } else {
+            self.0.as_fd().write_volatile(buf)
+        }
+    }
+}
+
 impl<R: Read> Read for Bounce<R> {
     fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> {
         self.0.read(buf)

src/vmm/src/vstate/vm.rs

@@ -25,7 +25,7 @@ use crate::persist::{CreateSnapshotError, GuestRegionUffdMapping};
 use crate::utils::u64_to_usize;
 use crate::vmm_config::snapshot::SnapshotType;
 use crate::vstate::memory::{
-    GuestMemory, GuestMemoryExtension, GuestMemoryMmap, GuestMemoryRegion, GuestRegionMmap,
+    Bounce, GuestMemory, GuestMemoryExtension, GuestMemoryMmap, GuestMemoryRegion, GuestRegionMmap,
     KvmRegion,
 };
 use crate::vstate::vcpu::VcpuError;
@@ -429,8 +429,12 @@ impl Vm {
                     .and_then(|_| self.swiotlb_regions().dump_dirty(&mut file, &dirty_bitmap))?;
             }
             SnapshotType::Full => {
+                let secret_hidden = self
+                    .guest_memory()
+                    .iter()
+                    .any(|r| r.inner().guest_memfd != 0);
                 self.guest_memory()
-                    .dump(&mut file)
+                    .dump(&mut Bounce(&file, secret_hidden))
                     .and_then(|_| self.swiotlb_regions().dump(&mut file))?;
                 self.reset_dirty_bitmap();
                 self.guest_memory().reset_dirty();