summary refs log tree commit diff
path: root/src/linux.rs
diff options
context:
space:
mode:
authorStephen Barber <smbarber@chromium.org>2018-02-21 14:17:27 -0800
committerchrome-bot <chrome-bot@chromium.org>2018-02-21 22:26:53 -0800
commitc79de2d0b2b75c18adf1b9f1779a6b482247531e (patch)
treea77ca1e92c813453ebe03f6d26d47be0533d858f /src/linux.rs
parent859b5d9d147fc59e42d3eeccd9b7bc7f857a2b01 (diff)
downloadcrosvm-c79de2d0b2b75c18adf1b9f1779a6b482247531e.tar
crosvm-c79de2d0b2b75c18adf1b9f1779a6b482247531e.tar.gz
crosvm-c79de2d0b2b75c18adf1b9f1779a6b482247531e.tar.bz2
crosvm-c79de2d0b2b75c18adf1b9f1779a6b482247531e.tar.lz
crosvm-c79de2d0b2b75c18adf1b9f1779a6b482247531e.tar.xz
crosvm-c79de2d0b2b75c18adf1b9f1779a6b482247531e.tar.zst
crosvm-c79de2d0b2b75c18adf1b9f1779a6b482247531e.zip
crosvm: add advisory locking for disk images
Disk images should never be mounted as writable by multiple VMs at once.
Add advisory locking to prevent this.

BUG=chromium:810576
TEST=run crosvm twice with same rwdisk, check that second VM fails to start

Change-Id: I5e6c178515eafa570812a093449eef5a4edc1740
Reviewed-on: https://chromium-review.googlesource.com/929994
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Diffstat (limited to 'src/linux.rs')
-rw-r--r--src/linux.rs10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/linux.rs b/src/linux.rs
index c0b9094..b4c76d9 100644
--- a/src/linux.rs
+++ b/src/linux.rs
@@ -53,6 +53,7 @@ pub enum Error {
     DeviceJail(io_jail::Error),
     DevicePivotRoot(io_jail::Error),
     Disk(io::Error),
+    DiskImageLock(sys_util::Error),
     GetWaylandGroup(sys_util::Error),
     LoadCmdline(kernel_loader::Error),
     LoadKernel(kernel_loader::Error),
@@ -107,6 +108,7 @@ impl fmt::Display for Error {
             &Error::DeviceJail(ref e) => write!(f, "failed to jail device: {}", e),
             &Error::DevicePivotRoot(ref e) => write!(f, "failed to pivot root device: {}", e),
             &Error::Disk(ref e) => write!(f, "failed to load disk image: {}", e),
+            &Error::DiskImageLock(ref e) => write!(f, "failed to lock disk image: {:?}", e),
             &Error::GetWaylandGroup(ref e) => {
                 write!(f, "could not find gid for wayland group: {:?}", e)
             }
@@ -303,6 +305,14 @@ fn setup_mmio_bus(cfg: &Config,
                             .write(disk.writable)
                             .open(&disk.path)
                             .map_err(|e| Error::Disk(e))?;
+        // Lock the disk image to prevent other crosvm instances from using it.
+        let lock_op = if disk.writable {
+            FlockOperation::LockExclusive
+        } else {
+            FlockOperation::LockShared
+        };
+        flock(&raw_image, lock_op, true).map_err(Error::DiskImageLock)?;
+
         let block_box: Box<devices::virtio::VirtioDevice> = match disk.disk_type {
             DiskType::FlatFile => { // Access as a raw block device.
                 Box::new(devices::virtio::Block::new(raw_image)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-03 04:16:18 +0000