From 6c5e453f9ee8363e970c7b5e2be503879089c3c3 Mon Sep 17 00:00:00 2001
From: Jaegeuk Kim <jaegeuk@google.com>
Date: Thu, 8 Aug 2019 09:07:58 -0700
Subject: [PATCH] secdiscard: should call fsync to avoid reordering IOs

Don't make stale zero'ing IO in block device after unlink, since filesystem
can reuse the block addresses and issue some IOs. If block layer reordered
two IOs, filesystem will see zero data, which crashes filesystem consistency.

Bug: 136964285
Test: run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.CrossProfileAppsHostSideTest
Change-Id: I43c13622d094cecda1c53468adc240002111d605
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
---
 secdiscard.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/secdiscard.cpp b/secdiscard.cpp
index 0ff05d6..4659eed 100644
--- a/secdiscard.cpp
+++ b/secdiscard.cpp
@@ -147,6 +147,10 @@ bool secdiscard_path(const std::string& path) {
             if (!overwrite_with_zeros(fs_fd.get(), range[0], range[1])) return false;
         }
     }
+    // Should wait for overwrites completion. Otherwise after unlink(),
+    // filesystem can allocate these blocks and IO can be reordered, resulting
+    // in making zero blocks to filesystem blocks.
+    fsync(fs_fd.get());
     return true;
 }