Expand description
§duende-mlock
Memory locking for swap-critical daemons.
§DT-007: Swap Deadlock Prevention
When a daemon serves as a swap device (e.g., trueno-ublk), a deadlock occurs if:
- Kernel needs memory → initiates swap-out to the daemon
- Daemon needs memory to process I/O
- Kernel tries to swap daemon’s pages → to the same daemon
- Deadlock: daemon blocked waiting for itself
This crate provides mlockall() to pin daemon memory, preventing the kernel
from swapping it out.
§Quick Start
use duende_mlock::{lock_all, MlockError};
fn main() -> Result<(), MlockError> {
// Lock all current and future memory allocations
let status = lock_all()?;
println!("Locked {} bytes", status.bytes_locked());
Ok(())
}§Configuration
use duende_mlock::{MlockConfig, lock_with_config};
let config = MlockConfig::builder()
.current(true) // Lock existing pages
.future(true) // Lock future allocations
.required(false) // Don't fail if mlock fails
.build();
match lock_with_config(config) {
Ok(status) => println!("Locked: {}", status.is_locked()),
Err(e) => eprintln!("Warning: {}", e),
}§Platform Support
| Platform | Support | Notes |
|---|---|---|
| Linux | Full | Requires CAP_IPC_LOCK or root |
| macOS | Limited | Requires entitlements |
| Others | None | Returns MlockStatus::Unsupported |
§Container Requirements
# Docker
docker run --cap-add=IPC_LOCK --ulimit memlock=-1:-1 ...
# docker-compose.yml
cap_add:
- IPC_LOCK
ulimits:
memlock:
soft: -1
hard: -1Structs§
- Mlock
Config - Configuration for memory locking operations.
- Mlock
Config Builder - Builder for
MlockConfig.
Enums§
- Mlock
Error - Error type for memory locking operations.
- Mlock
Status - Result of a memory locking operation.
Functions§
- is_
locked - Check if process memory is currently locked.
- lock_
all - Lock all current and future memory allocations.
- lock_
with_ config - Lock memory with custom configuration.
- locked_
bytes - Get the number of bytes currently locked.
- unlock_
all - Unlock all locked memory.