sync will hang on luksSuspend'ed device
Issue 207 by raphael.d... on 2014-03-10 13:14:22:
In the context of a regular luks-encrypted file which is loop-mounted.
If it is suspended :
1) You may later sync what will apply to all devices included suspended ones.
As a consequence sync will hang.
2) you may want to clear the filesystem cache in order to avoid this problem:
$ ll dir/rep1
blah
$ cryptsetup luksSuspend dir
$ ll dir/rep1
blah
$ ll dir/rep2
# no cache, so here it hangs until luksResume
In order to avoid cold-boot attacks, you may want to
echo 1 >> /proc/sys/vm/drop_caches # or echo 3
But this won't work after luksSuspend (not sure if this is because no sync happened first)
One's workaround could be to issue a sync + drop_caches *first* and only then luksSuspend.
But this pattern wouldn't apply very well in the case an application constantly uses the filesystem thus recaching information between the sync/drop_cache and the effective luksSuspend.
A way to solve that would be to allow sync/drop_caches to :
1) apply on a per-filesystem basics (see drop_pagecache_sb in kernel/fs/drop_caches.c)
2) allow drop_cache on a luksSuspend'ed filesystem (if this is possible)
While not exactly cryptsetup-responsibility, maybe something could be done about that.