add mlockall to lock secret_mem

src/main.rs

@@ -1,6 +1,7 @@
 use libc::{
-    c_int, c_void, mmap, prctl, MAP_FAILED, MAP_SHARED, PROT_READ, PROT_WRITE, PR_SET_DUMPABLE,
+    c_int, c_void, mlockall, mmap, prctl, MAP_FAILED, MAP_SHARED, MCL_FUTURE, PROT_READ,
-    PR_SET_SPECULATION_CTRL, PR_SPEC_FORCE_DISABLE, PR_SPEC_STORE_BYPASS,
+    PROT_WRITE, PR_SET_DUMPABLE, PR_SET_SPECULATION_CTRL, PR_SPEC_FORCE_DISABLE,
+    PR_SPEC_STORE_BYPASS,
 };
 use std::fs::File;
 use std::os::fd::AsRawFd;
@@ -70,6 +71,10 @@ fn main() {
         .open(&args[2])
         .expect("Cannot open KEY_FILE");
 
+    unsafe {
+        assert!(mlockall(MCL_FUTURE) == 0);
+    }
+
     unsafe {
         agent_start(
             shared_memory,