mirror of
https://github.com/torvalds/linux.git
synced 2024-11-18 10:01:43 +00:00
2b4eae95c7
After FS_IOC_REMOVE_ENCRYPTION_KEY removes a key, it syncs the
filesystem and tries to get and put all inodes that were unlocked by the
key so that unused inodes get evicted via fscrypt_drop_inode().
Normally, the inodes are all clean due to the sync.
However, after the filesystem is sync'ed, userspace can modify and close
one of the files. (Userspace is *supposed* to close the files before
removing the key. But it doesn't always happen, and the kernel can't
assume it.) This causes the inode to be dirtied and have i_count == 0.
Then, fscrypt_drop_inode() failed to consider this case and indicated
that the inode can be dropped, causing the write to be lost.
On f2fs, other problems such as a filesystem freeze could occur due to
the inode being freed while still on f2fs's dirty inode list.
Fix this bug by making fscrypt_drop_inode() only drop clean inodes.
I've written an xfstest which detects this bug on ext4, f2fs, and ubifs.
Fixes:
|
||
---|---|---|
.. | ||
bio.c | ||
crypto.c | ||
fname.c | ||
fscrypt_private.h | ||
hkdf.c | ||
hooks.c | ||
Kconfig | ||
keyring.c | ||
keysetup_v1.c | ||
keysetup.c | ||
Makefile | ||
policy.c |