From 5744889d0d3a9c033913bdce499064a4760a1249 Mon Sep 17 00:00:00 2001
From: Daniel Mueller <deso@posteo.net>
Date: Sun, 9 Apr 2017 21:24:38 -0700
Subject: Flush filesystem caches before closing encrypted volume

When closing the encrypted volume we could potentially cause the volume
to be in an inconsistent state if writes to it were cached by the
operating system.
To mitigate this case this patch causes an invocation to the sync(2)
system call to flush outstanding writes to disk.
---
 nitrocli/src/main.rs | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/nitrocli/src/main.rs b/nitrocli/src/main.rs
index f3f7d7f..5c8856e 100644
--- a/nitrocli/src/main.rs
+++ b/nitrocli/src/main.rs
@@ -288,11 +288,22 @@ fn open() -> Result<()> {
 }
 
 
+#[link(name = "c")]
+extern "C" {
+  fn sync();
+}
+
 /// Close the previously opened encrypted volume.
 fn close() -> Result<()> {
   type Response = nitrokey::Response<nitrokey::StorageResponse>;
 
   return nitrokey_do(&|handle| {
+    // Flush all filesystem caches to disk. We are mostly interested in
+    // making sure that the encrypted volume on the nitrokey we are
+    // about to close is not closed while not all data was written to
+    // it.
+    unsafe { sync() };
+
     let payload = nitrokey::DisableEncryptedVolumeCommand::new();
     let report = nitrokey::Report::from(payload);
 
-- 
cgit v1.2.1