fix(vmm): propagate errors in secret freedom

Return errors up the stack instead of panicking.

Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>

Author: kalyazin

src/vmm/src/builder.rs

@@ -59,7 +59,9 @@ use crate::vmm_config::machine_config::MachineConfigError;
 use crate::vmm_config::memory_hotplug::MemoryHotplugConfig;
 use crate::vmm_config::snapshot::{LoadSnapshotParams, MemBackendType};
 use crate::vstate::kvm::{Kvm, KvmError};
-use crate::vstate::memory::{GuestMemoryState, MaybeBounce, bitmap_size, create_memfd};
+use crate::vstate::memory::{
+    GuestMemoryState, MaybeBounce, MemoryError, bitmap_size, create_memfd,
+};
 #[cfg(target_arch = "aarch64")]
 use crate::vstate::resources::ResourceAllocator;
 use crate::vstate::vcpu::VcpuError;
@@ -517,10 +519,10 @@ pub enum BuildMicrovmFromSnapshotError {
     /// Failed to load guest memory: {0}
     GuestMemory(#[from] BuildMicrovmFromSnapshotErrorGuestMemoryError),
     /// Userfault bitmap memfd error: {0}
-    UserfaultBitmapMemfd(#[from] crate::vstate::memory::MemoryError),
+    UserfaultBitmapMemfd(#[from] MemoryError),
 }
 
-fn memfd_to_slice(memfd: &mut Option<File>) -> Option<&mut [u8]> {
+fn memfd_to_slice(memfd: &mut Option<File>) -> Result<Option<&mut [u8]>, MemoryError> {
     if let Some(bitmap_file) = memfd {
         let len = u64_to_usize(
             bitmap_file
@@ -542,16 +544,15 @@ fn memfd_to_slice(memfd: &mut Option<File>) -> Option<&mut [u8]> {
         };
 
         if bitmap_addr == libc::MAP_FAILED {
-            panic!(
-                "Failed to mmap userfault bitmap file: {}",
-                std::io::Error::last_os_error()
-            );
+            return Err(MemoryError::Mmap(std::io::Error::last_os_error()));
         }
 
         // SAFETY: `bitmap_addr` is a valid memory address returned by `mmap`.
-        Some(unsafe { std::slice::from_raw_parts_mut(bitmap_addr.cast(), len) })
+        Ok(Some(unsafe {
+            std::slice::from_raw_parts_mut(bitmap_addr.cast(), len)
+        }))
     } else {
-        None
+        Ok(None)
     }
 }
 
@@ -656,7 +657,7 @@ pub fn build_microvm_from_snapshot(
         }
     };
 
-    let mut userfault_bitmap_slice = memfd_to_slice(&mut userfault_bitmap_memfd);
+    let mut userfault_bitmap_slice = memfd_to_slice(&mut userfault_bitmap_memfd)?;
     if let Some(ref mut slice) = userfault_bitmap_slice {
         // Set all bits so a fault on any page will cause a VM exit
         slice.fill(0xffu8);

src/vmm/src/lib.rs

@@ -923,7 +923,7 @@ impl MutEventSubscriber for Vmm {
         if let Some(uffd_socket) = self.uffd_socket.as_ref()
             && let Err(err) = ops.add(Events::new(uffd_socket, EventSet::IN))
         {
-            panic!("Failed to register UFFD socket: {}", err);
+            error!("Failed to register UFFD socket: {}", err);
         }
     }
 }

src/vmm/src/persist.rs

@@ -627,9 +627,7 @@ fn send_uffd_handshake(
     let backend_mappings = serde_json::to_string(backend_mappings).unwrap();
 
     let socket = UnixStream::connect(mem_uds_path)?;
-    socket
-        .set_nonblocking(true)
-        .expect("Cannot set non-blocking");
+    socket.set_nonblocking(true)?;
 
     socket.send_with_fds(
         &[backend_mappings.as_bytes()],

src/vmm/src/vstate/memory.rs

@@ -64,6 +64,8 @@ pub enum MemoryError {
     Unaligned,
     /// Error protecting memory slot: {0}
     Mprotect(std::io::Error),
+    /// Error calling mmap: {0}
+    Mmap(std::io::Error),
 }
 
 /// Type of the guest region