On Thu, Oct 11, 2018 at 2:47 PM Sandro Bonazzola <sbonazzo@redhat.com> wrote:
Hi,
we just got Bug 1638317 - "missing VDSM hook diskunmap in Node NG releases"
opened as a bug, not an RFE, because
"Pass discard from guest to underlying storage"  features introduced in oVirt 4.1 is not yet implemented for Cinder storage, for which Bug 1440230 - "[RFE] Allow "Pass discard from guest to underlying storage" for Cinder. " has been opened.

I'm writing to people involved in the hook introduction (https://gerrit.ovirt.org/#/c/29770/) to understand how safe is to include the hook in oVirt Node as default installed hook.

I understand that the hook is going to add "discard=unmap" always, not only on Cinder.

This is very wrong, and will lead to security issues.

Discarded blocks are not guaranteed to zero data, so the data from one VM may leak to another
disk. In the past the kernel lied about this, assuming that some storage will zero discarded data.
We disable discard for VMs if a user select "wipe after delete".

Idan worked on this, he can add more details if needed.

-1 on including this hook in node
+1 on removing the hook from vdsm.
 
I don't know the implications of it being enabled other than supposedly fix the issue with Cinder storage. Looking at the feature page looks like this won't work with NFS storage, but other than not working, will it cause issues?

I see Bug 1440230 is un-targeted, is there any plan to get it into oVirt 4.3?

We support Cinder/Ceph since 3.6 and pass discard is supported since 4.1, not sure about what prevented the pass discard to be implemented for Cinder as well in 4.1. Can someone elaborate?

Cinder/Ceph support was always tech preview, but same security issue apply.

 Nir