fix(uffd): propagate Removed pages into DiffMetadata.Empty

Read the Removed bitmap from PageTracker and emit it as DiffMetadata.Empty
so REMOVE'd pages become uuid.Nil mappings in the snapshot header (read as
zero on resume). Defensively AndNot the empty set out of dirty: settle drains
make these disjoint in practice (Removed pages have no PTE, WP-async only
sees present pages with WP cleared), but if the invariant ever breaks the
guest's last intent for a Removed page is "free, read zero on restore" — so
empty must win, not stale dirty content.

Author: ValentaTomas

packages/orchestrator/pkg/sandbox/uffd/uffd.go

@@ -217,7 +217,33 @@ func (u *Uffd) Exit() *utils.ErrorOnce {
 //
 // It *MUST* be only called after the sandbox was successfully paused via API and after the snapshot endpoint was called.
 func (u *Uffd) DiffMetadata(ctx context.Context, f *fc.Process) (*header.DiffMetadata, error) {
-	return f.DirtyMemory(ctx, u.memfile.BlockSize())
+	handler, err := u.handler.WaitWithContext(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get uffd: %w", err)
+	}
+
+	diff, err := f.DirtyMemory(ctx, u.memfile.BlockSize())
+	if err != nil {
+		return nil, fmt.Errorf("failed to get dirty memory: %w", err)
+	}
+
+	// Without this, REMOVE'd pages stay attributed to the previous layer's BuildId in
+	// the merged mapping and leak their stale contents on resume; with it, those ranges
+	// become uuid.Nil sentinels (read as zero, matching guest free-page intent).
+	_, empty := handler.ExportPageStates()
+
+	// dirty ∩ empty should be empty after settle (Removed pages have no PTE,
+	// FC's WP-async dirty scan only sees present pages with WP cleared), but
+	// AndNot here means "empty wins" if the invariant ever breaks: the guest's
+	// most recent intent for a Removed page is "free, read zero on restore",
+	// so we must not let stale dirty content shadow it in this diff layer.
+	diff.Dirty.AndNot(empty)
+
+	return &header.DiffMetadata{
+		BlockSize: diff.BlockSize,
+		Dirty:     diff.Dirty,
+		Empty:     empty,
+	}, nil
 }
 
 // PrefetchData returns page fault data for prefetch mapping.

packages/orchestrator/pkg/sandbox/uffd/userfaultfd/userfaultfd.go

@@ -11,6 +11,7 @@ import (
 	"time"
 	"unsafe"
 
+	"github.com/RoaringBitmap/roaring/v2"
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/trace"
@@ -130,6 +131,14 @@ func NewUserfaultfdFromFd(fd uintptr, src block.Slicer, m *memory.Mapping, logge
 	return u, nil
 }
 
+// ExportPageStates returns snapshots of the faulted and removed
+// page-index bitmaps. The diff-snapshot writer uses the removed
+// bitmap to mark freed pages as DiffMetadata.Empty so they resolve
+// to uuid.Nil (zero-on-restore) in the snapshot header.
+func (u *Userfaultfd) ExportPageStates() (faulted, removed *roaring.Bitmap) {
+	return u.pageTracker.Export()
+}
+
 func (u *Userfaultfd) readEvents(ctx context.Context) ([]*UffdRemove, []*UffdPagefault, error) {
 	buf := make([]byte, unsafe.Sizeof(UffdMsg{}))