increase mmap size

.envrc

@@ -1 +0,0 @@
-use nix

.gitignore

@@ -1,2 +1,3 @@
 /target
 result
+.direnv

default.nix

@@ -1,14 +1,7 @@
-{ pkgs ? import <nixpkgs> { } }:
+{ pkgs ? import <nixpkgs> { }
+, agent
+}:
 with pkgs;
-let
-  agent_src = fetchgit {
-    url = "https://gitea.rixxc.de/rixxc/x25519_agent.git";
-    rev = "36ae72a8d90d94b5b0d1fd01adf50a33edd80e80";
-    hash = "sha256-SxXZ/1CRi4J6Neq1uXIbue0bFa8WzdXPBnoXCjekOy8=";
-  };
-
-  agent = callPackage "${agent_src}/default.nix" { };
-in
 rustPlatform.buildRustPackage {
   name = "agent-harness";
   src = nix-gitignore.gitignoreSource [ ] ./.;
@@ -17,5 +10,5 @@ rustPlatform.buildRustPackage {
   
   buildInputs = [ agent ];
 
-  cargoSha256 = "sha256-ZgwQr1goz9yPws0P1eQwhHEv2WbcJeTCLEPYOUADOtE=";
+  cargoHash = "sha256-ZgwQr1goz9yPws0P1eQwhHEv2WbcJeTCLEPYOUADOtE=";
 }

src/main.rs

@@ -1,18 +1,36 @@
 use libc::{
-    c_char, c_int, c_void, mmap, perror, MAP_FAILED, MAP_PRIVATE, MAP_SHARED, PROT_READ, PROT_WRITE,
+    c_int, c_void, mlockall, mmap, prctl, MAP_FAILED, MAP_SHARED, MCL_FUTURE, PROT_READ,
+    PROT_WRITE, PR_SET_DUMPABLE, PR_SET_SPECULATION_CTRL, PR_SPEC_FORCE_DISABLE,
+    PR_SPEC_STORE_BYPASS,
 };
 use std::fs::File;
 use std::os::fd::AsRawFd;
 use std::{env, ptr};
 
-const SHARED_MEMORY_SIZE: usize = 1024;
+const SHARED_MEMORY_SIZE: usize = 1024 * 1024;
 
 #[link(name = "agent")]
 extern "C" {
-    fn agent_start(shared_memory: *mut u8, sync_memory: *mut u8, private_mem: *mut u8);
+    fn agent_start(shared_memory: *mut u8, sync_memory: *mut u8, private_mem_fd: u64);
 }
 
 fn main() {
+    unsafe {
+        assert!(
+            prctl(
+                PR_SET_SPECULATION_CTRL,
+                PR_SPEC_STORE_BYPASS,
+                PR_SPEC_FORCE_DISABLE,
+                0,
+                0,
+            ) >= 0,
+        );
+    }
+
+    unsafe {
+        assert!(prctl(PR_SET_DUMPABLE, 0) == 0);
+    }
+
     let args: Vec<String> = env::args().collect();
 
     let shared_fd: c_int = args[0]
@@ -21,7 +39,7 @@ fn main() {
 
     let sync_fd: c_int = args[1]
         .parse()
-        .expect("Please provide a valid file descriptor as first argument");
+        .expect("Please provide a valid file descriptor as second argument");
 
     let shared_memory = unsafe {
         mmap(
@@ -53,19 +71,17 @@ fn main() {
         .open(&args[2])
         .expect("Cannot open KEY_FILE");
 
-    let private_mem = unsafe {
+    unsafe {
-        mmap(
+        assert!(mlockall(MCL_FUTURE) == 0);
-            ptr::null_mut() as *mut c_void,
+    }
-            32 * 100,
-            PROT_READ | PROT_WRITE,
-            MAP_SHARED,
-            private_file.as_raw_fd(),
-            0,
-        )
-    } as *mut u8;
-    assert_ne!(private_mem, MAP_FAILED as *mut u8);
 
     unsafe {
-        agent_start(shared_memory, sync_memory, private_mem);
+        agent_start(
+            shared_memory,
+            sync_memory,
+            private_file.as_raw_fd().try_into().unwrap(),
+        );
     }
+
+    drop(private_file); // don't drop (and close) private file before here
 }