fix(uffd): propagate Removed pages into DiffMetadata.Empty

Read the Removed bitmap from PageTracker and emit it as DiffMetadata.Empty
so REMOVE'd pages become uuid.Nil mappings in the snapshot header (read as
zero on resume). Defensively AndNot the empty set out of dirty: settle drains
make these disjoint in practice (Removed pages have no PTE, WP-async only
sees present pages with WP cleared), but if the invariant ever breaks the
guest's last intent for a Removed page is "free, read zero on restore" — so
empty must win, not stale dirty content.

Author: ValentaTomas

packages/orchestrator/pkg/sandbox/uffd/uffd.go

@@ -217,7 +217,30 @@ func (u *Uffd) Exit() *utils.ErrorOnce {
 //
 // It *MUST* be only called after the sandbox was successfully paused via API and after the snapshot endpoint was called.
 func (u *Uffd) DiffMetadata(ctx context.Context, f *fc.Process) (*header.DiffMetadata, error) {
-	return f.DirtyMemory(ctx, u.memfile.BlockSize())
+	handler, err := u.handler.WaitWithContext(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get uffd: %w", err)
+	}
+
+	diff, err := f.DirtyMemory(ctx, u.memfile.BlockSize())
+	if err != nil {
+		return nil, fmt.Errorf("failed to get dirty memory: %w", err)
+	}
+
+	_, empty := handler.PageTracker.Export()
+
+	// dirty ∩ empty should be empty after settle (Removed pages have no PTE,
+	// FC's WP-async dirty scan only sees present pages with WP cleared), but
+	// AndNot here means "empty wins" if the invariant ever breaks: the guest's
+	// most recent intent for a Removed page is "free, read zero on restore",
+	// so we must not let stale dirty content shadow it in this diff layer.
+	diff.Dirty.AndNot(empty)
+
+	return &header.DiffMetadata{
+		BlockSize: diff.BlockSize,
+		Dirty:     diff.Dirty,
+		Empty:     empty,
+	}, nil
 }
 
 // PrefetchData returns page fault data for prefetch mapping.