crosvm: accept pmem disks via FD

This essentially duplicates the same implicit fd-passing support in
create_block_device. By accepting the FD directly instead of opening the
file under `/proc/self/fd/...` we can inherit the same permissions that
a caller to concierge, for example, gets. This simultaneously allows
crosvm to access files it might not otherwise be able to, and prevents
it from misusing its privileges to potentially elevate a read-only FD to
wa read/write FD.

BUG=b:181347894
TEST=Start pmem VM passed from concierge via FD. Ensured the FD itself
was used instead of crosvm re-opening the file under `/proc/self/fd...`.

Change-Id: Ic4d4e6155a1978b45e82141609fdadff45ca987b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2724473
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Mike Gerow <gerow@google.com>

src/linux.rs

@@ -1173,11 +1173,17 @@ fn create_pmem_device(
     index: usize,
     pmem_device_socket: VmMsyncRequestSocket,
 ) -> DeviceResult {
-    let fd = OpenOptions::new()
-        .read(true)
-        .write(!disk.read_only)
-        .open(&disk.path)
-        .map_err(|e| Error::Disk(disk.path.to_path_buf(), e))?;
+    // Special case '/proc/self/fd/*' paths. The FD is already open, just use it.
+    let fd: File = if disk.path.parent() == Some(Path::new("/proc/self/fd")) {
+        // Safe because we will validate |raw_fd|.
+        unsafe { File::from_raw_descriptor(raw_descriptor_from_path(&disk.path)?) }
+    } else {
+        OpenOptions::new()
+            .read(true)
+            .write(!disk.read_only)
+            .open(&disk.path)
+            .map_err(|e| Error::Disk(disk.path.to_path_buf(), e))?
+    };
 
     let arena_size = {
         let metadata =