linux-ext4.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3] ext4: wipe filename upon file deletion
@ 2021-04-19 16:21 Leah Rumancik
  2021-04-19 22:53 ` Eric Biggers
  0 siblings, 1 reply; 6+ messages in thread
From: Leah Rumancik @ 2021-04-19 16:21 UTC (permalink / raw)
  To: linux-ext4; +Cc: tytso, Leah Rumancik

Upon file deletion, zero out all fields in ext4_dir_entry2 besides inode
and rec_len. In case sensitive data is stored in filenames, this ensures
no potentially sensitive data is left in the directory entry upon deletion.
Also, wipe these fields upon moving a directory entry during the conversion
to an htree and when splitting htree nodes.

Signed-off-by: Leah Rumancik <leah.rumancik@gmail.com>
---
 fs/ext4/namei.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 883e2a7cd4ab..df7809a4821f 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -1778,6 +1778,11 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count,
 		((struct ext4_dir_entry_2 *) to)->rec_len =
 				ext4_rec_len_to_disk(rec_len, blocksize);
 		de->inode = 0;
+
+		/* wipe name_len through and name field */
+		memset(&de->name_len, 0, ext4_rec_len_from_disk(de->rec_len,
+						blocksize) - 6);
+
 		map++;
 		to += rec_len;
 	}
@@ -2102,6 +2107,7 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname,
 	data2 = bh2->b_data;
 
 	memcpy(data2, de, len);
+	memset(de, 0, len); /* wipe old data */
 	de = (struct ext4_dir_entry_2 *) data2;
 	top = data2 + len;
 	while ((char *)(de2 = ext4_next_entry(de, blocksize)) < top)
@@ -2492,6 +2498,11 @@ int ext4_generic_delete_entry(struct inode *dir,
 			else
 				de->inode = 0;
 			inode_inc_iversion(dir);
+
+			/* wipe name_len through name field */
+			memset(&de->name_len, 0,
+				ext4_rec_len_from_disk(de->rec_len, blocksize) - 6);
+
 			return 0;
 		}
 		i += ext4_rec_len_from_disk(de->rec_len, blocksize);
-- 
2.31.1.368.gbe11c130af-goog


^ permalink raw reply related	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-04-22 19:58 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-19 16:21 [PATCH v3] ext4: wipe filename upon file deletion Leah Rumancik
2021-04-19 22:53 ` Eric Biggers
2021-04-20  1:59   ` Theodore Ts'o
2021-04-20 14:55     ` Leah Rumancik
2021-04-22 17:44     ` Andreas Dilger
2021-04-22 19:58       ` Theodore Ts'o

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).