From: Gabríel Arthúr Pétursson <gabriel.petursson@marel.com>
Date: Thu, 4 Jan 2024 08:34:40 +0000 (+0000)
Subject: cryptenroll: Lock memory pages before operating on the device
X-Git-Tag: v256-rc1~936^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=97fb1fc4b10153bac96814c424008939a66507d0;p=thirdparty%2Fsystemd.git

cryptenroll: Lock memory pages before operating on the device

This is what systemd-cryptsetup does. We will be unlocking the device,
working with sensitive cryptographic material as well.
---

diff --git a/src/cryptenroll/cryptenroll.c b/src/cryptenroll/cryptenroll.c
index e1fdc3f5f02..0674116ec8c 100644
--- a/src/cryptenroll/cryptenroll.c
+++ b/src/cryptenroll/cryptenroll.c
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include <getopt.h>
+#include <sys/mman.h>
 
 #include "ask-password-api.h"
 #include "build.h"
@@ -706,6 +707,9 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
+        /* A delicious drop of snake oil */
+        (void) mlockall(MCL_FUTURE);
+
         cryptsetup_enable_logging(NULL);
 
         if (arg_enroll_type < 0)