From: Eric Sandeen <sandeen@redhat.com>
To: djwong@us.ibm.com
Cc: Allison Henderson <achender@linux.vnet.ibm.com>,
linux-ext4@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [Ext4 Secure Delete 7/7v4] ext4/jbd2: Secure Delete: Secure delete journal blocks
Date: Fri, 07 Oct 2011 14:54:39 -0500 [thread overview]
Message-ID: <4E8F58FF.7020401@redhat.com> (raw)
In-Reply-To: <20111007183531.GI12447@tux1.beaverton.ibm.com>
On 10/7/11 1:35 PM, Darrick J. Wong wrote:
> On Fri, Oct 07, 2011 at 12:11:05AM -0700, Allison Henderson wrote:
>> This patch modifies both ext4 and jbd2 such that the journal
>> blocks which may contain file data, are securely deleted
>> after the files data blocks are deleted.
>>
>> Because old journal blocks may contain file data, we need
>> a way to find those blocks again when it comes time to secure
>> delete the file. This patch adds a new list to the journal
>> structure to keep track of which vfs blocks the journal blocks
>> contain.
>>
>> After a truncate or a punch hole operation has completed, a
>> new function ext4_secure_delete_jblks is called that flushes
>> the journal, and then searches the list for any journal blocks
>> that were used to journal the blocks that were just removed.
>> The found journal blocks are then secure deleted.
And what about directory data? Those would appear to remain in the
journal at least... And xattrs?
#!/bin/bash
rm -f testsecdel
truncate --size 256m testsecdel
mkfs.ext4 -F testsecdel &>/dev/null
mount -o loop testsecdel mnt/
echo securedata > mnt/securefilename
setfattr -n user.securexattrname -v securexattrvalue mnt/securefilename
LONGATTR=`for I in 1 2 3 4 5 6 7 8 9 0; do echo -n veryveryveryveryveryveryverylongsecurexattrvalue; done`
setfattr -n user.longsecurexattrname -v $LONGATTR mnt/securefilename
sync
rm -f mnt/securefilename
umount mnt
strings testsecdel
yields:
/mnt/test2/mnt
lost+found
securexattrname
Ylongsecurexattrname
mselinux
veryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvaluesecurexattrvalueunconfined_u:object_r:file_t:s0
lost+found
securefilename
/mnt/test2/mnt
(this was with ext4.ko hacked to always enable secure delete)
-Eric
next prev parent reply other threads:[~2011-10-07 19:54 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-07 7:10 [Ext4 Secure Delete 0/7 v4] Ext4 secure delete Allison Henderson
2011-10-07 7:10 ` [Ext4 Secure Delete 1/7v4] ext4: Secure Delete: Add new EXT4_SECRM_RANDOM_FL flag Allison Henderson
2011-10-07 17:02 ` Darrick J. Wong
2011-10-07 17:14 ` Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 2/7v4] ext4: Secure Delete: Add ext4_ind_hole_lookup function Allison Henderson
2011-10-07 17:47 ` Darrick J. Wong
2011-10-07 23:10 ` Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 3/7v4] ext4: Secure Delete: Add secure delete functions Allison Henderson
2011-10-07 17:19 ` Allison Henderson
2011-10-07 18:07 ` Darrick J. Wong
2011-10-07 23:08 ` Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 4/7v4] ext4: Secure Delete: Secure delete file data Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 5/7v4] ext4: Secure Delete: Secure delete directory entry Allison Henderson
2011-10-07 17:22 ` Darrick J. Wong
2011-10-07 17:59 ` Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 6/7v4] ext4: Secure Delete: Secure delete meta data blocks Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 7/7v4] ext4/jbd2: Secure Delete: Secure delete journal blocks Allison Henderson
2011-10-07 18:35 ` Darrick J. Wong
2011-10-07 19:31 ` Sunil Mushran
2011-10-07 19:54 ` Eric Sandeen [this message]
2011-10-07 20:14 ` Allison Henderson
2011-10-07 19:55 ` Allison Henderson
2011-10-07 20:58 ` Darrick J. Wong
2011-10-08 0:06 ` Allison Henderson
2011-10-10 19:47 ` Jonathan Corbet
2011-10-10 23:35 ` Allison Henderson
2011-10-10 23:41 ` Jonathan Corbet
2011-10-11 0:54 ` Allison Henderson
2011-10-10 20:00 ` Jonathan Corbet
2011-10-10 23:36 ` Allison Henderson
2011-10-07 15:21 ` [Ext4 Secure Delete 0/7 v4] Ext4 secure delete Andreas Dilger
2011-10-07 17:07 ` Allison Henderson
2011-10-10 17:20 ` Allison Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E8F58FF.7020401@redhat.com \
--to=sandeen@redhat.com \
--cc=achender@linux.vnet.ibm.com \
--cc=djwong@us.ibm.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.