From: Allison Henderson <achender@linux.vnet.ibm.com>
To: Eric Sandeen <sandeen@redhat.com>
Cc: djwong@us.ibm.com, linux-ext4@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: Re: [Ext4 Secure Delete 7/7v4] ext4/jbd2: Secure Delete: Secure delete journal blocks
Date: Fri, 07 Oct 2011 13:14:26 -0700 [thread overview]
Message-ID: <4E8F5DA2.7060608@linux.vnet.ibm.com> (raw)
In-Reply-To: <4E8F58FF.7020401@redhat.com>
On 10/07/2011 12:54 PM, Eric Sandeen wrote:
> On 10/7/11 1:35 PM, Darrick J. Wong wrote:
>> On Fri, Oct 07, 2011 at 12:11:05AM -0700, Allison Henderson wrote:
>>> This patch modifies both ext4 and jbd2 such that the journal
>>> blocks which may contain file data, are securely deleted
>>> after the files data blocks are deleted.
>>>
>>> Because old journal blocks may contain file data, we need
>>> a way to find those blocks again when it comes time to secure
>>> delete the file. This patch adds a new list to the journal
>>> structure to keep track of which vfs blocks the journal blocks
>>> contain.
>>>
>>> After a truncate or a punch hole operation has completed, a
>>> new function ext4_secure_delete_jblks is called that flushes
>>> the journal, and then searches the list for any journal blocks
>>> that were used to journal the blocks that were just removed.
>>> The found journal blocks are then secure deleted.
>
> And what about directory data? Those would appear to remain in the
> journal at least... And xattrs?
>
> #!/bin/bash
>
> rm -f testsecdel
> truncate --size 256m testsecdel
> mkfs.ext4 -F testsecdel&>/dev/null
> mount -o loop testsecdel mnt/
> echo securedata> mnt/securefilename
> setfattr -n user.securexattrname -v securexattrvalue mnt/securefilename
> LONGATTR=`for I in 1 2 3 4 5 6 7 8 9 0; do echo -n veryveryveryveryveryveryverylongsecurexattrvalue; done`
> setfattr -n user.longsecurexattrname -v $LONGATTR mnt/securefilename
> sync
>
> rm -f mnt/securefilename
> umount mnt
> strings testsecdel
>
> yields:
>
> /mnt/test2/mnt
> lost+found
> securexattrname
> Ylongsecurexattrname
> mselinux
> veryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvaluesecurexattrvalueunconfined_u:object_r:file_t:s0
> lost+found
> securefilename
> /mnt/test2/mnt
>
> (this was with ext4.ko hacked to always enable secure delete)
>
> -Eric
alrighty, I will need to figure out how to get those out of there too.
I will add this to my test case. Thx!
next prev parent reply other threads:[~2011-10-07 20:14 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-07 7:10 [Ext4 Secure Delete 0/7 v4] Ext4 secure delete Allison Henderson
2011-10-07 7:10 ` [Ext4 Secure Delete 1/7v4] ext4: Secure Delete: Add new EXT4_SECRM_RANDOM_FL flag Allison Henderson
2011-10-07 17:02 ` Darrick J. Wong
2011-10-07 17:14 ` Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 2/7v4] ext4: Secure Delete: Add ext4_ind_hole_lookup function Allison Henderson
2011-10-07 17:47 ` Darrick J. Wong
2011-10-07 23:10 ` Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 3/7v4] ext4: Secure Delete: Add secure delete functions Allison Henderson
2011-10-07 17:19 ` Allison Henderson
2011-10-07 18:07 ` Darrick J. Wong
2011-10-07 23:08 ` Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 4/7v4] ext4: Secure Delete: Secure delete file data Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 5/7v4] ext4: Secure Delete: Secure delete directory entry Allison Henderson
2011-10-07 17:22 ` Darrick J. Wong
2011-10-07 17:59 ` Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 6/7v4] ext4: Secure Delete: Secure delete meta data blocks Allison Henderson
2011-10-07 7:11 ` [Ext4 Secure Delete 7/7v4] ext4/jbd2: Secure Delete: Secure delete journal blocks Allison Henderson
2011-10-07 18:35 ` Darrick J. Wong
2011-10-07 19:31 ` Sunil Mushran
2011-10-07 19:54 ` Eric Sandeen
2011-10-07 20:14 ` Allison Henderson [this message]
2011-10-07 19:55 ` Allison Henderson
2011-10-07 20:58 ` Darrick J. Wong
2011-10-08 0:06 ` Allison Henderson
2011-10-10 19:47 ` Jonathan Corbet
2011-10-10 23:35 ` Allison Henderson
2011-10-10 23:41 ` Jonathan Corbet
2011-10-11 0:54 ` Allison Henderson
2011-10-10 20:00 ` Jonathan Corbet
2011-10-10 23:36 ` Allison Henderson
2011-10-07 15:21 ` [Ext4 Secure Delete 0/7 v4] Ext4 secure delete Andreas Dilger
2011-10-07 17:07 ` Allison Henderson
2011-10-10 17:20 ` Allison Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E8F5DA2.7060608@linux.vnet.ibm.com \
--to=achender@linux.vnet.ibm.com \
--cc=djwong@us.ibm.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sandeen@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.