From dd6fb23a9e66cbc406904afa6470851f368fdcf5 Mon Sep 17 00:00:00 2001
From: Aaron Kaiser <a_kaiser@posteo.de>
Date: Wed, 25 Sep 2024 14:00:59 +0200
Subject: [PATCH] add mlockall to lock secret_mem

---
 src/main.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 700026e..feb8f9b 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,6 +1,7 @@
 use libc::{
-    c_int, c_void, mmap, prctl, MAP_FAILED, MAP_SHARED, PROT_READ, PROT_WRITE, PR_SET_DUMPABLE,
-    PR_SET_SPECULATION_CTRL, PR_SPEC_FORCE_DISABLE, PR_SPEC_STORE_BYPASS,
+    c_int, c_void, mlockall, mmap, prctl, MAP_FAILED, MAP_SHARED, MCL_FUTURE, PROT_READ,
+    PROT_WRITE, PR_SET_DUMPABLE, PR_SET_SPECULATION_CTRL, PR_SPEC_FORCE_DISABLE,
+    PR_SPEC_STORE_BYPASS,
 };
 use std::fs::File;
 use std::os::fd::AsRawFd;
@@ -70,6 +71,10 @@ fn main() {
         .open(&args[2])
         .expect("Cannot open KEY_FILE");
 
+    unsafe {
+        assert!(mlockall(MCL_FUTURE) == 0);
+    }
+
     unsafe {
         agent_start(
             shared_memory,