diff options
| author | Daniel Mueller <deso@posteo.net> | 2017-04-09 21:24:38 -0700 |
|---|---|---|
| committer | Daniel Mueller <deso@posteo.net> | 2017-04-09 21:24:38 -0700 |
| commit | 5744889d0d3a9c033913bdce499064a4760a1249 (patch) | |
| tree | dd5744f2a25fddb15882483e8fb07de8bbc62a06 | |
| parent | 3ce72e0ce1a0442786bc2600a7f276ae1994d90e (diff) | |
| download | nitrocli-5744889d0d3a9c033913bdce499064a4760a1249.tar.gz nitrocli-5744889d0d3a9c033913bdce499064a4760a1249.tar.bz2 | |
Flush filesystem caches before closing encrypted volume
When closing the encrypted volume we could potentially cause the volume
to be in an inconsistent state if writes to it were cached by the
operating system.
To mitigate this case this patch causes an invocation to the sync(2)
system call to flush outstanding writes to disk.
| -rw-r--r-- | nitrocli/src/main.rs | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/nitrocli/src/main.rs b/nitrocli/src/main.rs index f3f7d7f..5c8856e 100644 --- a/nitrocli/src/main.rs +++ b/nitrocli/src/main.rs @@ -288,11 +288,22 @@ fn open() -> Result<()> { } +#[link(name = "c")] +extern "C" { + fn sync(); +} + /// Close the previously opened encrypted volume. fn close() -> Result<()> { type Response = nitrokey::Response<nitrokey::StorageResponse>; return nitrokey_do(&|handle| { + // Flush all filesystem caches to disk. We are mostly interested in + // making sure that the encrypted volume on the nitrokey we are + // about to close is not closed while not all data was written to + // it. + unsafe { sync() }; + let payload = nitrokey::DisableEncryptedVolumeCommand::new(); let report = nitrokey::Report::from(payload); |