[VM runtime] Do not leak file descriptors of dual mappings to child processes.
This applies to linux only and is a suggested precaution.
Change-Id: I81cc345eb2c316530de1fd779cdf392804a68490
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/96982
Reviewed-by: Ryan Macnak <rmacnak@google.com>
Commit-Queue: Régis Crelier <regis@google.com>
diff --git a/runtime/vm/virtual_memory_posix.cc b/runtime/vm/virtual_memory_posix.cc
index 985d5b6..5751e7f 100644
--- a/runtime/vm/virtual_memory_posix.cc
+++ b/runtime/vm/virtual_memory_posix.cc
@@ -83,6 +83,11 @@
}
#if defined(DUAL_MAPPING_SUPPORTED)
+// Do not leak file descriptors to child processes.
+#if !defined(MFD_CLOEXEC)
+#define MFD_CLOEXEC 0x0001U
+#endif
+
// Wrapper to call memfd_create syscall.
static inline int memfd_create(const char* name, unsigned int flags) {
#if !defined(__NR_memfd_create)
@@ -143,7 +148,7 @@
const bool dual_mapping =
is_executable && FLAG_write_protect_code && FLAG_dual_map_code;
if (dual_mapping) {
- fd = memfd_create("dart_vm", 0);
+ fd = memfd_create("dart_vm", MFD_CLOEXEC);
if (fd == -1) {
return NULL;
}