secret_freedom: Use fixed size bounce buffer for loading kernel

roypat · roypat · commit c5eea10bdf52 · 2025-05-08T08:56:48.000Z
By using a MaybeBounce with N=0 we are allocating a bounce buffer that
matches exactly the number of bytes that need to be copied into guest
memory, e.g. the size of the kernel file. This is fairly expensive
performance wise, and the spike in memory usage from the firecracker
process is also unwanted. Thus, just use a 4096 byte fixed size buffer
through which we repeatedly read+memcpy.

Signed-off-by: Patrick Roy &lt;roypat@amazon.co.uk&gt;
diff --git a/src/vmm/src/builder.rs b/src/vmm/src/builder.rs
@@ -267,7 +267,10 @@ pub fn build_microvm_for_boot(
     vmm.vm.set_memory_private().map_err(VmmError::Vm)?;
 
     let entry_point = load_kernel(
-        MaybeBounce::new(boot_config.kernel_file.try_clone().unwrap(), secret_free),
+        MaybeBounce::<_, 4096>::new_persistent(
+            boot_config.kernel_file.try_clone().unwrap(),
+            secret_free,
+        ),
         vmm.vm.guest_memory(),
     )?;
     let initrd = match &boot_config.initrd_file {
@@ -279,7 +282,7 @@ pub fn build_microvm_for_boot(
 
             Some(InitrdConfig::from_reader(
                 vmm.vm.guest_memory(),
-                MaybeBounce::new(initrd_file.as_fd(), secret_free),
+                MaybeBounce::<_, 4096>::new_persistent(initrd_file.as_fd(), secret_free),
                 u64_to_usize(size),
             )?)
         }
