From b99b2bc9909ec67df8b18910c96986d8e2cb339b Mon Sep 17 00:00:00 2001
From: Wei Liu <liuwe@microsoft.com>
Date: Wed, 26 Oct 2022 16:22:34 +0000
Subject: [PATCH] memory_manager: use MFD_CLOEXEC flag when creating memory fd

Until there is a need for sharing the memory fd with a child process, we
should err on the safe side to close it on exec.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
---
 vmm/src/memory_manager.rs | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/vmm/src/memory_manager.rs b/vmm/src/memory_manager.rs
index c1a794329..ed3dacbc7 100644
--- a/vmm/src/memory_manager.rs
+++ b/vmm/src/memory_manager.rs
@@ -1252,9 +1252,8 @@ impl MemoryManager {
                 }
             }
             None => {
-                let fd = Self::memfd_create(
-                    &ffi::CString::new("ch_ram").unwrap(),
-                    if hugepages {
+                let flags = libc::MFD_CLOEXEC
+                    | if hugepages {
                         libc::MFD_HUGETLB
                             | if let Some(hugepage_size) = hugepage_size {
                                 /*
@@ -1274,9 +1273,9 @@ impl MemoryManager {
                             }
                     } else {
                         0
-                    },
-                )
-                .map_err(Error::SharedFileCreate)?;
+                    };
+                let fd = Self::memfd_create(&ffi::CString::new("ch_ram").unwrap(), flags)
+                    .map_err(Error::SharedFileCreate)?;
 
                 let f = unsafe { File::from_raw_fd(fd) };
                 f.set_len(size as u64).map_err(Error::SharedFileSetLen)?;