/**
 * @file se050_mem_protect.h
 * @brief Memory Protection Utilities
 * 
 * Linux-specific memory protection functions to prevent:
 * - Swapping sensitive data to disk (mlock)
 * - Core dump leakage (MADV_DONTDUMP)
 * - Child process leakage after fork() (MADV_WIPEONFORK)
 * 
 * License: MIT
 */

#ifndef SE050_MEM_PROTECT_H
#define SE050_MEM_PROTECT_H

#include <stddef.h>
#include "se050_wireguard.h"

#ifdef __linux__
#include <sys/mman.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#endif

/**
 * @brief Protect sensitive memory from being swapped or dumped
 * 
 * Applies multiple security measures:
 * - mlock(): Prevent swapping to disk
 * - MADV_DONTDUMP: Exclude from core dumps
 * - MADV_WIPEONFORK: Clear in child processes after fork()
 * 
 * @param ptr Pointer to memory region to protect
 * @param size Size of memory region in bytes
 * @return SE050_OK on success, SE050_ERR_FAIL on failure
 * 
 * @note On Linux, mlock may fail due to permissions. If it fails,
 *       a warning is printed but the function continues (non-fatal).
 * @note On non-Linux platforms, this function is a no-op.
 */
static inline se050_status_t protect_sensitive_memory(void *ptr, size_t size)
{
#ifdef __linux__
    /* 1. Prevent swapping to disk (optional - may fail due to permissions) */
    if (mlock(ptr, size) != 0) {
        /* mlock may fail due to ulimit restrictions. Log warning but continue. */
        fprintf(stderr, "Warning: mlock failed (%s). Memory may be swapped.\n", strerror(errno));
        /* Continue without mlock - better than failing entirely */
    }
    
    /* 2. Exclude from core dumps */
    if (madvise(ptr, size, MADV_DONTDUMP) != 0) {
        perror("madvise MADV_DONTDUMP failed");
        /* Non-fatal, continue */
    }
    
    /* 3. Clear in child processes after fork() */
    if (madvise(ptr, size, MADV_WIPEONFORK) != 0) {
        perror("madvise MADV_WIPEONFORK failed");
        /* Non-fatal, continue */
    }
    
    return SE050_OK;
#else
    /* Non-Linux platforms: no special protection */
    (void)ptr;
    (void)size;
    return SE050_OK;
#endif
}

/**
 * @brief Release memory protection before freeing
 * 
 * Must be called before freeing protected memory.
 * 
 * @param ptr Pointer to memory region to release
 * @param size Size of memory region in bytes
 */
static inline void release_memory_protection(void *ptr, size_t size)
{
#ifdef __linux__
    /* Must unlock before freeing */
    munlock(ptr, size);
#else
    (void)ptr;
    (void)size;
#endif
}

#endif /* SE050_MEM_PROTECT_H */