MAAS

Secure erase may false-fail due to Linux page cache

  1. Series 2.8
  2. Bug #1900623
Bug #1900623 reported by Guilherme G. Piccoli
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Fix Released
High
Guilherme G. Piccoli
MAAS 2.9.0rc1
2.7
Triaged
High
Unassigned
2.8
Triaged
High
Unassigned

Bug Description

Currently, secure erase performs a data check to be sure the procedure works. This data check is basically write a buffer to disk, do secure erase and read the disk, comparing the read data with the first buffer written (it should differ when secure erase is successful).

But...Linux has page cache, and Python default primitives for read/write files rely on regular read/write syscalls, going through the page cache and potentially showing false failures of secure erase (that despite working, may fail due to the data check reading the buffer from the page cache instead of the just secure-erased disk).

We could argue that hdparm (when doing secure erase) should either reset the device or clear the page cache, and this argument seems valid. But, in the short-term, let's fix MAAS by using direct I/O to perform the data check.

Tags: sts

Related branches

~gpiccoli/maas:sec_erase_direct_io
Björn Tillenius: Approve
MAAS Lander: Approve
Diff: 55 lines (+23/-6)
1 file modified
src/metadataserver/user_data/templates/snippets/maas_wipe.py (+23/-6)
Guilherme G. Piccoli (gpiccoli)
Changed in maas:
assignee: nobody → Guilherme G. Piccoli (gpiccoli)
status: New → Confirmed
Revision history for this message
Igor Gnip (igorgnip) wrote :

Note - this was tested on real bare metal hardware and I can confirm that the fix results secure operation consistently succeeding as opposed to prviously (falsely) detecting failure to secure erase and then proceeding with a falback method. Speedup should be noticable as secure erasing an SSD drive takes under 15 seconds whilst zero-filling one takes 15-30 minutes.
For usual magnetic media, at least not both procedures are done so speedup should be at least 50%.

Revision history for this message
Guilherme G. Piccoli (gpiccoli) wrote :

Great feedback Igor, thank you! I'm glad that MAAS CI tests "passed", so we are just waiting on some review from MAAS team.
Cheers,

Guilherme

Björn Tillenius (bjornt)
Changed in maas:
status: Confirmed → In Progress
importance: Undecided → High
milestone: none → 2.9.0rc1
MAAS Lander (maas-lander)
Changed in maas:
status: In Progress → Fix Committed
Revision history for this message
Guilherme G. Piccoli (gpiccoli) wrote :

Fix was just merged in MAAS master branch: https://git.launchpad.net/maas/commit/?id=527d185c

Lee Trager (ltrager)
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.