vmm: open backing file read-only when not shared

When restoring from snapshot with shared=false, write access to the backing file is not required. Opening it read-only allows restore to succeed on read-only media and overlay lower layers while preserving MAP_PRIVATE semantics. Signed-off-by: Rowen-Ye <rowenye1@gmail.com>
2026-02-06 19:07:43 +08:00 · 2026-02-06 19:07:43 +08:00 · 2c2f5d2431
commit 2c2f5d2431
parent 258f826027
1 changed files with 7 additions and 3 deletions
--- a/vmm/src/memory_manager.rs
+++ b/vmm/src/memory_manager.rs
@ -1356,13 +1356,17 @@ impl MemoryManager {
        Ok(FileOffset::new(f, 0))
    }

-    fn open_backing_file(backing_file: &PathBuf, file_offset: u64) -> Result<FileOffset, Error> {
+    fn open_backing_file(
+        backing_file: &PathBuf,
+        file_offset: u64,
+        shared: bool,
+    ) -> Result<FileOffset, Error> {
        if backing_file.is_dir() {
            Err(Error::DirectoryAsBackingFileForMemory)
        } else {
            let f = OpenOptions::new()
                .read(true)
-                .write(true)
+                .write(shared)
                .open(backing_file)
                .map_err(Error::SharedFileCreate)?;

@ -1397,7 +1401,7 @@ impl MemoryManager {
            } else {
                mmap_flags |= libc::MAP_PRIVATE;
            }
-            Some(Self::open_backing_file(backing_file, file_offset)?)
+            Some(Self::open_backing_file(backing_file, file_offset, shared)?)
        } else if shared || hugepages {
            // For hugepages we must also MAP_SHARED otherwise we will trigger #4805
            // because the MAP_PRIVATE will trigger CoW against the backing file with