cinder wrote unencrypted data to encrypted volumes when creating from a source volume

Bug #1572007 reported by Lisa Li
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
Undecided
Lisa Li

Bug Description

Cinder has problems in following scenario:
One backend.
Two volume types, one is encrypted and the other is not encryped.
Create volume A from unenctyped type.
Create another volume from volume A with enctyped volume type.

Current result:
Cinder allows the creation, but creates the new volume B which has same data as volume A in backend storage.

Expected result:
This is not incorrect. As B should include encrypted data in storage.

Similar to bug https://bugs.launchpad.net/cinder/+bug/1482464

Tags: encryption
Revision history for this message
Cao ShuFeng (caosf-fnst) wrote :

Sorry, I can't reproduce this bug.
Did I take some wrong steps?
http://paste.openstack.org/show/494934/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/405086

Changed in cinder:
status: New → In Progress
Changed in cinder:
assignee: Lisa Li (lisali) → Dave Chen (wei-d-chen)
Changed in cinder:
assignee: Dave Chen (wei-d-chen) → Lisa Li (lisali)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/405086
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=55fe4a2d736917618df5a3f3b37a76acb9d317d3
Submitter: Jenkins
Branch: master

commit 55fe4a2d736917618df5a3f3b37a76acb9d317d3
Author: lisali <email address hidden>
Date: Fri Dec 9 10:28:10 2016 +0800

    Prohibit creating volume from source with dif encryptions

    Cinder creates volume from source volume or snapshot by cloning
    volume in backend storage without considering whether two volumes
    have same encryptions. This leads that an encryption volume may
    have unencrypted data, or vice visa.

    Currently we have a solution that creating different volumes with
    different encryptions by creating and retyping.

    In Ocata release we won't implement function that creating volume
    from source with different encryptions, whether to do it needs to
    discuss.

    Change-Id: I0c562fbbcfe62c4ac499aa0dec26f5dc52338948
    Closes-bug: #1572007
    Closes-bug: #1572009

Changed in cinder:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 10.0.0.0rc1

This issue was fixed in the openstack/cinder 10.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.