yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix #6941: lvmplugin: fix volume activation of raw disk before secure delete

Browse Source 
The volume activate before secure delete was lost in qcow2 snapshot implementation
in commit eda88c94ed.

This re-add activation just before the the delete, to be sure to not write zero
to not existing /dev/.. (so in memory instead the device)

Signed-off-by: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
Link: https://lore.proxmox.com/mailman.251.1761222222.362.pve-devel@lists.proxmox.com
[FE: Remove extra space before colons in commit title
     Slightly improve code comment]
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
This commit is contained in:
Alexandre Derumier via pve-devel
2025-10-23 14:23:31 +02:00
committed by Fiona Ebner
parent 728d8f3992
commit d5995ffbf7
1 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/PVE/Storage/LVMPlugin.pm
View File

@ -358,6 +358,17 @@ my sub free_lvm_volumes {
my $lvmpath = "/dev/$vg/del-$name";
print "zero-out data on image $name ($lvmpath)\n";
my $cmd_activate = ['/sbin/lvchange', '-aly', $lvmpath];
run_command(
$cmd_activate,
errmsg => "can't activate LV '$lvmpath' to zero-out its data",
);
$cmd_activate = ['/sbin/lvchange', '--refresh', $lvmpath];
run_command(
$cmd_activate,
errmsg => "can't refresh LV '$lvmpath' to zero-out its data",
);
$secure_delete_cmd->($lvmpath);
$class->cluster_lock_storage(
@ -733,13 +744,6 @@ my sub alloc_snap_image {
my sub free_snap_image {
my ($class, $storeid, $scfg, $volname, $snap) = @_;
#activate only the snapshot volume
my $path = $class->path($scfg, $volname, $storeid, $snap);
my $cmd = ['/sbin/lvchange', '-aly', $path];
run_command($cmd, errmsg => "can't activate LV '$path' to zero-out its data");
$cmd = ['/sbin/lvchange', '--refresh', $path];
run_command($cmd, errmsg => "can't refresh LV '$path' to zero-out its data");
my $snap_volname = get_snap_name($class, $volname, $snap);
return free_lvm_volumes($class, $scfg, $storeid, [$snap_volname]);
}
@ -752,14 +756,8 @@ sub free_image {
my $volnames = [$volname];
if ($format eq 'qcow2') {
#activate volumes && snapshot volumes
my $path = $class->path($scfg, $volname, $storeid);
$path = "\@pve-$name" if $format && $format eq 'qcow2';
my $cmd = ['/sbin/lvchange', '-aly', $path];
run_command($cmd, errmsg => "can't activate LV '$path' to zero-out its data");
$cmd = ['/sbin/lvchange', '--refresh', $path];
run_command($cmd, errmsg => "can't refresh LV '$path' to zero-out its data");
# Activate the volume to read its snapshot chain.
$class->activate_volume($storeid, $scfg, $volname);
my $snapshots = $class->volume_snapshot_info($scfg, $storeid, $volname);
for my $snapid (
sort { $snapshots->{$a}->{order} <=> $snapshots->{$b}->{order} }