From c51611c27f766bb4f413485bf8a12bca02e98669 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Sun, 18 Jan 2026 14:35:50 +0100 Subject: lib: Call mlock() on the shared memory buffers This prevents them from swapping to disk and killing performance. It also enhances security a little bit by reducing the risk of sensitive (even encrypted) data being paged out and captured. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/irmd/reg/flow.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/irmd/reg') diff --git a/src/irmd/reg/flow.c b/src/irmd/reg/flow.c index 4d091b23..d6f6437f 100644 --- a/src/irmd/reg/flow.c +++ b/src/irmd/reg/flow.c @@ -107,6 +107,9 @@ static int create_rbuffs(struct reg_flow * flow, if (flow->n_rb == NULL) goto fail_n_rb; + if (shm_rbuff_mlock(flow->n_rb) < 0) + log_warn("Failed to mlock n_rb for flow %d.", info->id); + assert(flow->info.n_1_pid == 0); assert(flow->n_1_rb == NULL); @@ -115,6 +118,9 @@ static int create_rbuffs(struct reg_flow * flow, if (flow->n_1_rb == NULL) goto fail_n_1_rb; + if (shm_rbuff_mlock(flow->n_1_rb) < 0) + log_warn("Failed to mlock n_1_rb for flow %d.", info->id); + return 0; fail_n_1_rb: -- cgit v1.2.3