Skip to content

feat(memory): use fallocate(PUNCH_HOLE) for guest_memfd discard#5792

Open
JackThomson2 wants to merge 5 commits intofirecracker-microvm:feature/secret-hidingfrom
JackThomson2:sh/support_punch_hole
Open

feat(memory): use fallocate(PUNCH_HOLE) for guest_memfd discard#5792
JackThomson2 wants to merge 5 commits intofirecracker-microvm:feature/secret-hidingfrom
JackThomson2:sh/support_punch_hole

Conversation

@JackThomson2
Copy link
Copy Markdown
Contributor

@JackThomson2 JackThomson2 commented Mar 25, 2026

Add support for fallocate(PUNCH_HOLE) this will expand our tests to also include balloon and memory hotplugging tests

...

Reason

...

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • I have read and understand CONTRIBUTING.md.
  • I have run tools/devtool checkbuild --all to verify that the PR passes
    build checks on all supported architectures.
  • I have run tools/devtool checkstyle to verify that the PR passes the
    automated style checks.
  • I have described what is done in these changes, why they are needed, and
    how they are solving the problem in a clear and encompassing way.
  • I have updated any relevant documentation (both in code and in the docs)
    in the PR.
  • I have mentioned all user-facing changes in CHANGELOG.md.
  • If a specific issue led to this PR, this PR closes the issue.
  • When making API changes, I have followed the
    Runbook for Firecracker API changes.
  • I have tested all new and changed functionalities in unit tests and/or
    integration tests.
  • I have linked an issue to every new TODO.
  • This functionality cannot be added in rust-vmm.

MADV_DONTNEED is a no-op for MAP_SHARED mappings, which means
discard_range() previously did nothing for guest_memfd-backed memory.
This prevented virtio-mem unplug and balloon inflate from actually
freeing physical pages back to the host when secret_free is enabled.

Add a fallocate(FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE) path for
MAP_SHARED file-backed regions, which punches holes in the guest_memfd
backing file and releases the pages from the page cache.

Signed-off-by: Jack Thomson jackabt@amazon.com

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 25, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.31%. Comparing base (102d665) to head (eab0a13).

Files with missing lines Patch % Lines
src/vmm/src/vstate/memory.rs 0.00% 14 Missing ⚠️
Additional details and impacted files 
@@                    Coverage Diff                    @@
##           feature/secret-hiding    #5792      +/-   ##
=========================================================
- Coverage                  81.34%   81.31%   -0.03%     
=========================================================
  Files                        279      279              
  Lines                      30446    30451       +5     
=========================================================
- Hits                       24766    24762       -4     
- Misses                      5680     5689       +9
Flag Coverage Δ
5.10-m5n.metal 81.41% <0.00%> (-0.03%) ⬇️
5.10-m6a.metal 80.69% <0.00%> (-0.04%) ⬇️
5.10-m6g.metal 78.27% <0.00%> (-0.03%) ⬇️
5.10-m6i.metal 81.40% <0.00%> (-0.04%) ⬇️
5.10-m7a.metal-48xl 80.68% <0.00%> (-0.04%) ⬇️
5.10-m7g.metal 78.27% <0.00%> (-0.03%) ⬇️
5.10-m7i.metal-24xl 81.37% <0.00%> (-0.04%) ⬇️
5.10-m7i.metal-48xl 81.37% <0.00%> (-0.04%) ⬇️
5.10-m8g.metal-24xl 78.27% <0.00%> (-0.03%) ⬇️
5.10-m8g.metal-48xl 78.26% <0.00%> (-0.04%) ⬇️
6.1-m5n.metal 81.42% <0.00%> (-0.03%) ⬇️
6.1-m6a.metal 80.72% <0.00%> (-0.03%) ⬇️
6.1-m6g.metal 78.26% <0.00%> (-0.04%) ⬇️
6.1-m6i.metal 81.43% <0.00%> (-0.04%) ⬇️
6.1-m7a.metal-48xl 80.70% <0.00%> (-0.04%) ⬇️
6.1-m7g.metal 78.26% <0.00%> (-0.04%) ⬇️
6.1-m7i.metal-24xl 81.47% <0.00%> (+<0.01%) ⬆️
6.1-m7i.metal-48xl 81.44% <0.00%> (-0.04%) ⬇️
6.1-m8g.metal-24xl 78.26% <0.00%> (-0.04%) ⬇️
6.1-m8g.metal-48xl 78.26% <0.00%> (-0.04%) ⬇️
6.18-m5n.metal 81.42% <0.00%> (-0.04%) ⬇️
6.18-m6a.metal 80.72% <0.00%> (-0.04%) ⬇️
6.18-m6g.metal 78.26% <0.00%> (-0.03%) ⬇️
6.18-m6i.metal 81.47% <0.00%> (+0.01%) ⬆️
6.18-m7a.metal-48xl 80.70% <0.00%> (-0.04%) ⬇️
6.18-m7g.metal 78.26% <0.00%> (-0.04%) ⬇️
6.18-m7i.metal-24xl 81.44% <0.00%> (-0.08%) ⬇️
6.18-m7i.metal-48xl 81.44% <0.00%> (-0.04%) ⬇️
6.18-m8g.metal-24xl 78.26% <0.00%> (-0.03%) ⬇️
6.18-m8g.metal-48xl 78.26% <0.00%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@JackThomson2 JackThomson2 force-pushed the sh/support_punch_hole branch from b63370c to 334ae94 Compare March 25, 2026 18:02
@JackThomson2
feat(memory): use fallocate(PUNCH_HOLE) for guest_memfd discard
7696718 
MADV_DONTNEED is a no-op for MAP_SHARED mappings, which means
discard_range() previously did nothing for guest_memfd-backed memory.
This prevented virtio-mem unplug and balloon inflate from actually
freeing physical pages back to the host when secret_free is enabled.

Add a fallocate(FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE) path for
MAP_SHARED file-backed regions, which punches holes in the guest_memfd
backing file and releases the pages from the page cache.

Signed-off-by: Jack Thomson <jackabt@amazon.com>
@JackThomson2
feat(balloon): allow balloon device with secret_free
17560a5 
Now that discard_range() uses fallocate(PUNCH_HOLE) for MAP_SHARED
guest_memfd regions, the balloon can properly reclaim memory when
secret_free is enabled. Remove the restriction that prevented
combining balloon with secret_free.

Signed-off-by: Jack Thomson <jackabt@amazon.com>
@JackThomson2
feat(utils): use guest meminfo for secret_free memory readings
160e374 
When secret_free is enabled, guest memory is backed by guest_memfd
(MAP_SHARED). Host RSS doesn't reflect pages freed by
fallocate(PUNCH_HOLE) — they're removed from the page cache, not RSS.

Make get_stable_rss_mem() return guest-side memory usage
(total - available) when uvm.secret_free is set. This is a closed
system unaffected by host noise and correctly reflects balloon and
virtio-mem operations.

Signed-off-by: Jack Thomson <jackabt@amazon.com>
@JackThomson2 JackThomson2 force-pushed the sh/support_punch_hole branch from 334ae94 to fa4fe9d Compare March 26, 2026 11:31
@JackThomson2
test(balloon): enable secret_free on all balloon tests
8161213 
Add the secret_free fixture parameter to all balloon functional tests,
so they run with both SF_OFF and SF_ON variants. This exercises the
fallocate(PUNCH_HOLE) discard path for guest_memfd-backed memory during
balloon inflate/deflate.

Signed-off-by: Jack Thomson <jackabt@amazon.com>
@JackThomson2
test(hotplug): enable RSS assertion for secret_free and fix VM leak
eab0a13 
Now that discard_range() uses fallocate(PUNCH_HOLE) for guest_memfd,
and get_resident_memory() uses guest meminfo for secret_free VMs,
the RSS decrease assertion in check_hotunplug works correctly for
secret_free. Remove the skip.

Signed-off-by: Jack Thomson <jackabt@amazon.com>
@JackThomson2 JackThomson2 force-pushed the sh/support_punch_hole branch from fa4fe9d to eab0a13 Compare March 26, 2026 12:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JackThomson2