Merge "Don't drop as many caches when evicting CE key"
diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index ea8bb73..c3455a0 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -411,11 +411,18 @@
return true;
}
+// "Lock" all encrypted directories whose key has been removed. This is needed
+// because merely removing the keyring key doesn't affect inodes in the kernel's
+// inode cache whose per-file key was already set up. So to remove the per-file
+// keys and make the files "appear encrypted", these inodes must be evicted.
+//
+// To do this, sync() to clean all dirty inodes, then drop all reclaimable slab
+// objects systemwide. This is overkill, but it's the best available method
+// currently. Don't use drop_caches mode "3" because that also evicts pagecache
+// for in-use files; all files relevant here are already closed and sync'ed.
static void drop_caches() {
- // Clean any dirty pages (otherwise they won't be dropped).
sync();
- // Drop inode and page caches.
- if (!writeStringToFile("3", "/proc/sys/vm/drop_caches")) {
+ if (!writeStringToFile("2", "/proc/sys/vm/drop_caches")) {
PLOG(ERROR) << "Failed to drop caches during key eviction";
}
}