disk: windows: restrict file sharing

This makes the behavior closer to Linux (which uses flock). Change-Id: Iff587b58647eec7378972e5442d4da95f3e2b7a8 Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5841071 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-by: Noah Gold <nkgold@google.com> Commit-Queue: Frederick Mayle <fmayle@google.com>
2024-10-22 20:36:34 +00:00 · 2024-09-06 14:54:02 -07:00 · 2024-09-06 14:54:02 -07:00 · 511af5a116
commit 511af5a116
parent e56281d449
2 changed files with 11 additions and 4 deletions
--- a/devices/src/virtio/block/asynchronous.rs
+++ b/devices/src/virtio/block/asynchronous.rs
@ -1598,6 +1598,9 @@ mod tests {
        // Create an empty disk image
        let f = tempfile::NamedTempFile::new().unwrap();
        f.as_file().set_len(0x1000).unwrap();
+        // Close the file so that it is possible for the disk implementation to take exclusive
+        // access when opening it.
+        let path: tempfile::TempPath = f.into_temp_path();

        // Create an empty guest memory
        let mem = GuestMemory::new(&[(GuestAddress(0u64), 4 * 1024 * 1024)])
@ -1612,7 +1615,7 @@ mod tests {
        let features = base_features(ProtectionType::Unprotected);
        let id = b"Block serial number\0";
        let disk_option = DiskOption {
-            path: f.path().to_owned(),
+            path: path.to_path_buf(),
            read_only: true,
            id: Some(*id),
            sparse: false,
--- a/disk/src/sys/windows.rs
+++ b/disk/src/sys/windows.rs
@ -14,7 +14,6 @@ use cros_async::Executor;
 use winapi::um::winbase::FILE_FLAG_NO_BUFFERING;
 use winapi::um::winbase::FILE_FLAG_OVERLAPPED;
 use winapi::um::winnt::FILE_SHARE_READ;
-use winapi::um::winnt::FILE_SHARE_WRITE;

 use crate::DiskFileParams;
 use crate::Error;
@ -33,8 +32,13 @@ pub fn open_raw_disk_image(params: &DiskFileParams) -> Result<File> {
    let mut options = File::options();
    options.read(true).write(!params.is_read_only);
    if params.lock {
-        // We only prevent file deletion and renaming right now.
-        options.share_mode(FILE_SHARE_READ | FILE_SHARE_WRITE);
+        if params.is_read_only {
+            // Shared read-only file access.
+            options.share_mode(FILE_SHARE_READ);
+        } else {
+            // Exclusive file access.
+            options.share_mode(0);
+        }
    }

    let mut flags = 0;