My Layered FS driver do not expect any write to reach it, and it is currently using its user mode component to ensure that all it handles is read request. (For same reason this driver does not register for filter callbacks)
It was working fine with several application BUT recently with Word 2003, I saw a BSOD, call stack is generating from MiMappedPageWriter, which trying to write a modified page and for that calling FsRtlAcquireFileForModWriteEx which in turns is calling NTFS::NtfsAcquireFileForModWrite and it is crashing while trying to acquire PagingResource.
Now in my case; I shouldn’t have reached here but I did. Which means some one got write permission on the file; which was not expected by my driver.
So my question is how can I ensure that only Read only access is allowed on files opened by my driver. I am already calling
IoSetShareAccess( GENERIC_READ,
FILE_SHARE_READ,
FileObject,
&Fcb->ShareAccess );
while creating the FCB; but that does not seems to do the trick. So how can I make it a read only driver.
Thanks
Aditya
(There are no other driver installed on the stack, so some other driver grabbing the FO and using it for write is not a possibility, plus I have verified all calls to CreateFile, CreateFileMapping and MapViewOfFile in user mode at NT Layer, and am sure that they have not asked for write access at all)