The file handle will be created without any errors. It seems like holding a section with PAGE_READONLY does not cause sharing violations while holding the section with PAGE_READWRITE does cause a sharing violation.
The reason I’m asking is that I’m trying to understand how creating a section object influences file APIs. For example, I know that the file size cannot be reduced with SetEndOfFile. Are there any more cases where creating a section can fail APIs? (I guess creating a file object with WRITE_THROUGH…?)
I know that FltCreateSectionForDataScan handles these kind of cases by holding off requests that conflict with the section object. Is is safe to scan a file using FltCreateSectionForDataScan asynchronously while other processes use the file?
The file handle will be created without any errors. It seems like holding a section with PAGE_READONLY does not cause sharing violations while holding the section with PAGE_READWRITE does cause a sharing violation.
Makes sense: if I get a “no share write” handle I don’t expect the content of the file to be changing. From that perspective a writeable HANDLE or a writeable mapping are equivalent and should lead to a sharing violation.
So much stuff in the file system space is driven by way of implementation. FAT is a good place to map out a lot of behaviors because the other file systems will at least do what FAT does. Good APIs to look for are:
MmFlushImageSection
MmDoesFileHaveUserWritableReferences
MmCanFileBeTruncated
CcPurgeCacheSection - Note that this ultimately calls MmPurgeSection. Most file systems just always call CcPurgeCacheSection even if the file is purely memory mapped
The reason I’m asking is that I’m trying to understand how creating a section object influences file APIs. For example, I know that the file size cannot be reduced with SetEndOfFile. Are there any more cases where creating a section can fail APIs? (I guess creating a file object with WRITE_THROUGH…?)
I know that FltCreateSectionForDataScan handles these kind of cases by holding off requests that conflict with the section object. Is is safe to scan a file using FltCreateSectionForDataScan asynchronously while other processes use the file?
It’s more reactive than proactive…So, if something fails FltMgr will retry the operation after the sections are closed. Note that the file systems have to actively participate in this (search the FAT source for PurgeFailureModeEnableCount)
But, to answer your question: yes, generally speaking it’s safe to scan the file asynchronously. Though if you’re going to be asynchronously scanning things why not just do it in user mode?