From: Paul Ponchon <pponchon@cisco.com>
Date: Fri, 3 Oct 2025 14:23:10 +0000 (+0200)
Subject: vppinfra: add CLOEXEC flag to memfd create calls
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F35%2F43835%2F3;p=vpp.git

vppinfra: add CLOEXEC flag to memfd create calls

This commit adds a MFD_CLOEXEC flag to avoid memory leaks through child process
when VPP crashes.

Type: fix
Change-Id: Icd155102884f6e96bbe62149cc07f7cbfca77854
Signed-off-by: Paul Ponchon <pponchon@cisco.com>
---

diff --git a/src/vppinfra/linux/mem.c b/src/vppinfra/linux/mem.c
index 651ea107b4d..bc7e0470dc1 100644
--- a/src/vppinfra/linux/mem.c
+++ b/src/vppinfra/linux/mem.c
@@ -248,6 +248,10 @@ clib_mem_vm_create_fd (clib_mem_page_sz_t log2_page_size, char *fmt, ...)
       memfd_flags = MFD_HUGETLB | log2_page_size << MFD_HUGE_SHIFT;
     }
 
+  /* Set FD_CLOEXEC flag on memory file descriptor, such that mapped memory
+   * doesn't leak through child processes if VPP crashes. */
+  memfd_flags |= MFD_CLOEXEC;
+
   va_start (va, fmt);
   s = va_format (0, fmt, &va);
   va_end (va);