diff --git a/src/agent.rs b/src/agent.rs index 9e9fa62..d3d81be 100644 --- a/src/agent.rs +++ b/src/agent.rs @@ -1,10 +1,11 @@ use anyhow::{bail, Result}; use libc::{ - c_char, c_void, close, execve, fork, ftruncate, memfd_create, mmap, perror, syscall, - SYS_memfd_secret, MAP_FAILED, MAP_SHARED, PROT_READ, PROT_WRITE, + c_char, c_void, close, execve, fcntl, fork, ftruncate, memfd_create, mmap, perror, syscall, + SYS_futex, FUTEX_WAIT, FUTEX_WAKE, F_ADD_SEALS, F_SEAL_FUTURE_WRITE, MAP_FAILED, MAP_SHARED, + MFD_ALLOW_SEALING, PROT_READ, PROT_WRITE, }; use shared_memory_heap::get_shared_mem_fd; -use std::{arch::x86_64::_mm_mfence, ffi::CString, path::Path, ptr}; +use std::{ffi::CString, path::Path, ptr, usize}; pub struct Agent { sync_mem: *mut usize, @@ -15,7 +16,7 @@ unsafe impl Send for Agent {} impl Agent { pub(crate) unsafe fn new(agent_path: &Path, keyfile_path: &Path) -> Result { let data_fd = get_shared_mem_fd(); - let sync_fd = syscall(SYS_memfd_secret, 0) as i32; + let sync_fd = memfd_create("sync\x00".as_ptr() as *const c_char, MFD_ALLOW_SEALING); if sync_fd <= 0 { bail!("creating memfd failed"); @@ -35,6 +36,8 @@ impl Agent { 0, ) as *mut usize; + fcntl(sync_fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE); + if sync_mem == MAP_FAILED as *mut usize { bail!("mmap failed"); } @@ -63,7 +66,7 @@ impl Agent { execve(path.as_ptr() as *const c_char, args.as_ptr(), ptr::null()); - perror(r#"execve:\0"#.as_ptr() as *const c_char); + perror("execve:\x00".as_ptr() as *const c_char); panic!("execve failed"); } @@ -80,12 +83,29 @@ impl Agent { *self.sync_mem.add(i + 2) = *ptr; } - *self.sync_mem = 1; - - _mm_mfence(); - #[allow(clippy::while_immutable_condition)] - while *self.sync_mem == 1 { - _mm_mfence(); + // wake agent + let mut woken_up = 0; + while woken_up == 0 { + woken_up = syscall( + SYS_futex, + self.sync_mem, + FUTEX_WAKE, + 1, + ptr::null::(), + ptr::null::(), + 0, + ); } + + // wait for agent to be finished + syscall( + SYS_futex, + self.sync_mem, + FUTEX_WAIT, + 0, + ptr::null::(), + ptr::null::(), + 0, + ); } }