[ovirt-devel] Re: diskunmap hooks and oVirt Node
On Thu, Oct 11, 2018 at 2:47 PM Sandro Bonazzola <sbonazzo(a)redhat.com>
wrote:
Hi,
we just got Bug 1638317
<https://bugzilla.redhat.com/show_bug.cgi?id=1638317> - "missing VDSM
hook diskunmap in Node NG releases"
opened as a bug, not an RFE, because
"Pass discard from guest to underlying storage
<https://www.ovirt.org/develop/release-management/features/storage/pass-di...
features introduced in oVirt 4.1 is not yet implemented for Cinder storage,
for which Bug 1440230
<https://bugzilla.redhat.com/show_bug.cgi?id=1440230> - "[RFE] Allow
"Pass discard from guest to underlying storage" for Cinder. " has been
opened.
I'm writing to people involved in the hook introduction (
https://gerrit.ovirt.org/#/c/29770/) to understand how safe is to include
the hook in oVirt Node as default installed hook.
I understand that the hook is going to add "discard=unmap" always, not
only on Cinder.
This is very wrong, and will lead to security issues.
Discarded blocks are not guaranteed to zero data, so the data from one VM
may leak to another
disk. In the past the kernel lied about this, assuming that some storage
will zero discarded data.
We disable discard for VMs if a user select "wipe after delete".
Idan worked on this, he can add more details if needed.
-1 on including this hook in node
+1 on removing the hook from vdsm.
I don't know the implications of it being enabled other than
supposedly
fix the issue with Cinder storage. Looking at the feature page looks like
this won't work with NFS storage, but other than not working, will it cause
issues?
I see Bug 1440230 <https://bugzilla.redhat.com/show_bug.cgi?id=1440230> is
un-targeted, is there any plan to get it into oVirt 4.3?
We support Cinder/Ceph since 3.6 and pass discard is supported since 4.1,
not sure about what prevented the pass discard to be implemented for Cinder
as well in 4.1. Can someone elaborate?
Cinder/Ceph support was always tech preview, but same security issue apply.
Nir
Attachments:
- attachment.html (text/html — 3.2 KB)