diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-01-18 14:35:50 +0100 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-01-19 08:31:30 +0100 |
| commit | c51611c27f766bb4f413485bf8a12bca02e98669 (patch) | |
| tree | 61fe6a862d550aa1cbd6c9d7c964f171ebe84afa /src | |
| parent | 60b04305d70614580b4f883c0a147507edef3779 (diff) | |
| download | ouroboros-c51611c27f766bb4f413485bf8a12bca02e98669.tar.gz ouroboros-c51611c27f766bb4f413485bf8a12bca02e98669.zip | |
lib: Call mlock() on the shared memory buffers
This prevents them from swapping to disk and killing performance. It
also enhances security a little bit by reducing the risk of sensitive
(even encrypted) data being paged out and captured.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src')
| -rw-r--r-- | src/irmd/main.c | 3 | ||||
| -rw-r--r-- | src/irmd/reg/flow.c | 6 | ||||
| -rw-r--r-- | src/lib/shm_rbuff.c | 7 | ||||
| -rw-r--r-- | src/lib/shm_rdrbuff.c | 7 |
4 files changed, 23 insertions, 0 deletions
diff --git a/src/irmd/main.c b/src/irmd/main.c index 57703254..8a2c143d 100644 --- a/src/irmd/main.c +++ b/src/irmd/main.c @@ -1905,6 +1905,9 @@ static int irm_init(void) goto fail_rdrbuff; } + if (shm_rdrbuff_mlock(irmd.rdrb) < 0) + log_warn("Failed to mlock rdrbuff."); + irmd.tpm = tpm_create(IRMD_MIN_THREADS, IRMD_ADD_THREADS, mainloop, NULL); if (irmd.tpm == NULL) { diff --git a/src/irmd/reg/flow.c b/src/irmd/reg/flow.c index 4d091b23..d6f6437f 100644 --- a/src/irmd/reg/flow.c +++ b/src/irmd/reg/flow.c @@ -107,6 +107,9 @@ static int create_rbuffs(struct reg_flow * flow, if (flow->n_rb == NULL) goto fail_n_rb; + if (shm_rbuff_mlock(flow->n_rb) < 0) + log_warn("Failed to mlock n_rb for flow %d.", info->id); + assert(flow->info.n_1_pid == 0); assert(flow->n_1_rb == NULL); @@ -115,6 +118,9 @@ static int create_rbuffs(struct reg_flow * flow, if (flow->n_1_rb == NULL) goto fail_n_1_rb; + if (shm_rbuff_mlock(flow->n_1_rb) < 0) + log_warn("Failed to mlock n_1_rb for flow %d.", info->id); + return 0; fail_n_1_rb: diff --git a/src/lib/shm_rbuff.c b/src/lib/shm_rbuff.c index ec3bd152..ce432efb 100644 --- a/src/lib/shm_rbuff.c +++ b/src/lib/shm_rbuff.c @@ -455,3 +455,10 @@ size_t shm_rbuff_queued(struct shm_rbuff * rb) return ret; } + +int shm_rbuff_mlock(struct shm_rbuff * rb) +{ + assert(rb != NULL); + + return mlock(rb->shm_base, SHM_RBUFF_FILESIZE); +} diff --git a/src/lib/shm_rdrbuff.c b/src/lib/shm_rdrbuff.c index 7ad1bd2e..5cdeba9e 100644 --- a/src/lib/shm_rdrbuff.c +++ b/src/lib/shm_rdrbuff.c @@ -278,6 +278,13 @@ void shm_rdrbuff_purge(void) free(shm_rdrb_fn); } +int shm_rdrbuff_mlock(struct shm_rdrbuff * rdrb) +{ + assert(rdrb != NULL); + + return mlock(rdrb->shm_base, SHM_FILE_SIZE); +} + ssize_t shm_rdrbuff_alloc(struct shm_rdrbuff * rdrb, size_t len, uint8_t ** ptr, |