Commit cbf92ac9 authored by Leah Rumancik's avatar Leah Rumancik Committed by Zheng Zengkai
Browse files

ext4: wipe ext4_dir_entry2 upon file deletion 

mainline inclusion
from mainline-5.13-rc1
commit 6c091273
category: bugfix
bugzilla: 176545 https://gitee.com/openeuler/kernel/issues/I4DDEL

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6c0912739699d8e4b6a87086401bf3ad3c59502d



-------------------------------------------------

Upon file deletion, zero out all fields in ext4_dir_entry2 besides rec_len.
In case sensitive data is stored in filenames, this ensures no potentially
sensitive data is left in the directory entry upon deletion. Also, wipe
these fields upon moving a directory entry during the conversion to an
htree and when splitting htree nodes.

The data wiped may still exist in the journal, but there are future
commits planned to address this.

Signed-off-by: default avatarLeah Rumancik <leah.rumancik@gmail.com>
Link: https://lore.kernel.org/r/20210422180834.2242353-1-leah.rumancik@gmail.com


Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Signed-off-by: default avatarBaokun Li <libaokun1@huawei.com>
Reviewed-by: default avatarZhang Yi <yi.zhang@huawei.com>
Signed-off-by: default avatarChen Jun <chenjun102@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 0a6cfcc1

fs/ext4/namei.c

+22 −2
Original line number Diff line number Diff line
@@ -1776,7 +1776,14 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count, 
		memcpy (to, de, rec_len);

		((struct ext4_dir_entry_2 *) to)->rec_len =

				ext4_rec_len_to_disk(rec_len, blocksize);



		/* wipe dir_entry excluding the rec_len field */

		de->inode = 0;

		memset(&de->name_len, 0, ext4_rec_len_from_disk(de->rec_len,

								blocksize) -

					 offsetof(struct ext4_dir_entry_2,

								name_len));



		map++;

		to += rec_len;

	}
@@ -2101,6 +2108,7 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname, 
	data2 = bh2->b_data;



	memcpy(data2, de, len);

	memset(de, 0, len); /* wipe old data */

	de = (struct ext4_dir_entry_2 *) data2;

	top = data2 + len;

	while ((char *)(de2 = ext4_next_entry(de, blocksize)) < top)
@@ -2481,15 +2489,27 @@ int ext4_generic_delete_entry(struct inode *dir, 
					 entry_buf, buf_size, i))

			return -EFSCORRUPTED;

		if (de == de_del)  {

			if (pde)

			if (pde) {

				pde->rec_len = ext4_rec_len_to_disk(

					ext4_rec_len_from_disk(pde->rec_len,

							       blocksize) +

					ext4_rec_len_from_disk(de->rec_len,

							       blocksize),

					blocksize);

			else



				/* wipe entire dir_entry */

				memset(de, 0, ext4_rec_len_from_disk(de->rec_len,

								blocksize));

			} else {

				/* wipe dir_entry excluding the rec_len field */

				de->inode = 0;

				memset(&de->name_len, 0,

					ext4_rec_len_from_disk(de->rec_len,

								blocksize) -

					offsetof(struct ext4_dir_entry_2,

								name_len));

			}



			inode_inc_iversion(dir);

			return 0;

		}