From 7e45cd719edcd8489ccbe283e0dec762434c21ee Mon Sep 17 00:00:00 2001
From: Aaron Kaiser <a_kaiser@posteo.de>
Date: Wed, 25 Sep 2024 11:11:12 +0200
Subject: [PATCH] disable speculative store bypass

---
 src/main.rs | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index d22eebc..daef7e3 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,6 @@
 use libc::{
-    c_int, c_void, mmap, MAP_FAILED, MAP_SHARED, PROT_READ, PROT_WRITE,
+    c_int, c_void, mmap, prctl, MAP_FAILED, MAP_SHARED, PROT_READ, PROT_WRITE,
+    PR_SET_SPECULATION_CTRL, PR_SPEC_FORCE_DISABLE, PR_SPEC_STORE_BYPASS,
 };
 use std::fs::File;
 use std::os::fd::AsRawFd;
@@ -13,6 +14,18 @@ extern "C" {
 }
 
 fn main() {
+    unsafe {
+        assert!(
+            prctl(
+                PR_SET_SPECULATION_CTRL,
+                PR_SPEC_STORE_BYPASS,
+                PR_SPEC_FORCE_DISABLE,
+                0,
+                0,
+            ) >= 0,
+        );
+    }
+
     let args: Vec<String> = env::args().collect();
 
     let shared_fd: c_int = args[0]
@@ -54,7 +67,11 @@ fn main() {
         .expect("Cannot open KEY_FILE");
 
     unsafe {
-        agent_start(shared_memory, sync_memory, private_file.as_raw_fd().try_into().unwrap());
+        agent_start(
+            shared_memory,
+            sync_memory,
+            private_file.as_raw_fd().try_into().unwrap(),
+        );
     }
 
     drop(private_file); // don't drop (and close) private file before here