This patch modifies punch hole and truncate to securely delete the data blocks of a file. During a truncate or punch hole, files that have the EXT4_SECRM_FL attribute flag on will have their blocks secure deleted before they are released. Signed-off-by: Allison Henderson <achender@xxxxxxxxxxxxxxxxxx> --- :100644 100644 40d4e50... 984fac2... M fs/ext4/extents.c :100644 100644 0a526c4... bd1facd... M fs/ext4/inode.c fs/ext4/extents.c | 7 +++++++ fs/ext4/inode.c | 12 ++++++++++++ 2 files changed, 19 insertions(+), 0 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 40d4e50..984fac2 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -4201,6 +4201,13 @@ int ext4_ext_punch_hole(struct file *file, loff_t offset, loff_t length) /* finish any pending end_io work */ ext4_flush_completed_IO(inode); + if (EXT4_I(inode)->i_flags & EXT4_SECRM_FL) { + err = ext4_secure_delete_lblks(inode, first_block, + last_block - first_block); + if (err) + return err; + } + credits = ext4_writepage_trans_blocks(inode); handle = ext4_journal_start(inode, credits); if (IS_ERR(handle)) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 0a526c4..bd1facd 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3420,6 +3420,8 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) */ void ext4_truncate(struct inode *inode) { + int err = 0; + ext4_lblk_t last_block; trace_ext4_truncate_enter(inode); if (!ext4_can_truncate(inode)) @@ -3430,6 +3432,16 @@ void ext4_truncate(struct inode *inode) if (inode->i_size == 0 && !test_opt(inode->i_sb, NO_AUTO_DA_ALLOC)) ext4_set_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE); + last_block = (inode->i_size + EXT4_BLOCK_SIZE(inode->i_sb)-1) + >> EXT4_BLOCK_SIZE_BITS(inode->i_sb); + + if (EXT4_I(inode)->i_flags & EXT4_SECRM_FL) { + err = ext4_secure_delete_lblks(inode, + last_block, EXT_MAX_BLOCKS); + if (err) + return; + } + if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) ext4_ext_truncate(inode); else -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html