Cinder

don't secure delete thin provisioned volumes or snapshots

Series grizzly
Bug #1240299

Bug #1240299 reported by John Griffith on 2013-10-16

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Cinder	Fix Released	High	John Griffith	Cinder 2014.1 "icehouse"
Grizzly	Fix Released	High	Eric Harney	Cinder 2013.1.5
Havana	Fix Released	High	Eric Harney	Cinder 2013.2.1

Bug Description

Performing the secure delete operation on volumes and snapshots writes zeros (or other patterns) across the entire surface of an LVM volume on delete calls. This is pointless with thin provisioning, and in fact results in defeating the purpose of thin provisioning as it requires actual allocation of all of the blocks.

Add a check before calling lvm.clear_volume and skip this step if thin provisioning is configured.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-16: Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/51990

Changed in cinder:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-16: Fix merged to cinder (master)

Reviewed: https://review.openstack.org/51990
Committed: http://github.com/openstack/cinder/commit/de4392314f9b0def8fab65679ec5668aec98fbee
Submitter: Jenkins
Branch: master

commit de4392314f9b0def8fab65679ec5668aec98fbee
Author: John Griffith <email address hidden>
Date: Tue Oct 15 19:39:22 2013 -0600

Don't zero out thin provisioned LV's on delete

    Thin provisioned LV's don't need secure delete to protect
    from data leakage. Also, zeroing these out kinda defeats
    the purpose of using thing provisioning.

This patch add a check for the lvm type and if it's thin simply
returns from the lvm.clear_volume() method.

Change-Id: Ie6764209018152565295291efc6fbba553698ae6
Closes-Bug: #1240299

Changed in cinder:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-12: Fix proposed to cinder (stable/havana)

Fix proposed to branch: stable/havana
Review: https://review.openstack.org/56081

Revision history for this message

Eric Harney (eharney) wrote on 2013-11-12:

Suggest this as a backport to Havana because outside of the original reasons for the change, LVM versions that are relevant for Havana have changed the behavior so that these devices may not exist, causing the delete operation to fail anyway.

From LVM2 2.02.99 changelog:
"Automatically flag thin snapshots to be skipped during activation. "

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-12: Fix proposed to cinder (stable/grizzly)

Fix proposed to branch: stable/grizzly
Review: https://review.openstack.org/56083

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-13: Fix merged to cinder (stable/grizzly)

Reviewed: https://review.openstack.org/56083
Committed: http://github.com/openstack/cinder/commit/c9c9eaac573b65df671aab5c0f9ab4411557b926
Submitter: Jenkins
Branch: stable/grizzly

commit c9c9eaac573b65df671aab5c0f9ab4411557b926
Author: Eric Harney <email address hidden>
Date: Tue Nov 12 14:34:44 2013 -0500

Don't zero out thin provisioned LV's on delete

    Thin provisioned LV's don't need secure delete to protect
    from data leakage. Also, zeroing these out kinda defeats
    the purpose of using thing provisioning.

This patch add a check for the lvm type and if it's thin simply
returns from the lvm.clear_volume() method.

    Conflicts:
     cinder/tests/test_volume.py
     cinder/volume/drivers/lvm.py

    Change-Id: Ie6764209018152565295291efc6fbba553698ae6
    Closes-Bug: #1240299
    (cherry picked from commit de4392314f9b0def8fab65679ec5668aec98fbee)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-13: Fix merged to cinder (stable/havana)

Reviewed: https://review.openstack.org/56081
Committed: http://github.com/openstack/cinder/commit/709130b4777d059b9300f9f5d5614a4ed9c633b2
Submitter: Jenkins
Branch: stable/havana

commit 709130b4777d059b9300f9f5d5614a4ed9c633b2
Author: John Griffith <email address hidden>
Date: Tue Oct 15 19:39:22 2013 -0600

Don't zero out thin provisioned LV's on delete

    Thin provisioned LV's don't need secure delete to protect
    from data leakage. Also, zeroing these out kinda defeats
    the purpose of using thing provisioning.

This patch add a check for the lvm type and if it's thin simply
returns from the lvm.clear_volume() method.

    Change-Id: Ie6764209018152565295291efc6fbba553698ae6
    Closes-Bug: #1240299
    (cherry picked from commit de4392314f9b0def8fab65679ec5668aec98fbee)

Thierry Carrez (ttx) on 2013-12-04

Changed in cinder:
milestone:	none → icehouse-1
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-04-17

Changed in cinder:
milestone:	icehouse-1 → 2014.1

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1240298

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.