
<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 10, 2018 at 9:08 PM, Jim Rollenhagen <span dir="ltr"><<a href="mailto:jim@jimrollenhagen.com" target="_blank">jim@jimrollenhagen.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class="gmail-">On Tue, Jul 10, 2018 at 3:28 PM, Martin Chlumsky <span dir="ltr"><<a href="mailto:martin.chlumsky@gmail.com" target="_blank">martin.chlumsky@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">It is the workaround that is right and the discussion part that is wrong.<div><br>I am familiar with this bug. Using thin volumes <u>and/or</u> enabling zero padding DOES ensure data contained<span><div>in a volume is actually deleted.</div></span></div></div></blockquote><div><br></div></span><div>Great, that's super helpful. Thanks!</div><div><br></div><div>Is there someone (Luke?) on the list that can send a correction for this OSSN to all the lists it needs to go to?</div><span class="gmail-HOEnZb"><font color="#888888"><div><br></div><div>// jim</div></font></span></div></div></div></blockquote><div><br></div><div>It can, but I would want to be sure we get an agreed consensus. The note has already gone through a review cycle where a cinder core approved the contents:<br><br><a href="https://review.openstack.org/#/c/579094/">https://review.openstack.org/#/c/579094/</a><br><br></div><div>If someone wants to put forward a patch with the needed amendments , I can send out a correction to the lists.<br> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div class="gmail-h5"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="gmail-m_-7507044785861391530HOEnZb"><div class="gmail-m_-7507044785861391530h5"><br><div class="gmail_quote"><div dir="ltr">On Tue, Jul 10, 2018 at 10:41 AM Jim Rollenhagen <<a href="mailto:jim@jimrollenhagen.com" target="_blank">jim@jimrollenhagen.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Jul 10, 2018 at 4:20 AM, Luke Hinds <span dir="ltr"><<a href="mailto:lhinds@redhat.com" target="_blank">lhinds@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Data retained after deletion of a ScaleIO volume<br>

---<br>

<br>

### Summary ###<br>

Certain storage volume configurations allow newly created volumes to<br>

contain previous data. This could lead to leakage of sensitive<br>

information between tenants.<br>

<br>

### Affected Services / Software ###<br>

Cinder releases up to and including Queens with ScaleIO volumes<br>

using thin volumes and zero padding.<br></blockquote><div><br></div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>According to discussion in the bug, this bug occurs with ScaleIO volumes using thick volumes and with zero padding disabled.</div><div><br></div><div>If the bug is with thin volumes and zero padding, then the workaround seems quite wrong. :)</div><div><br></div><div>I'm not super familiar with Cinder, so could some Cinder folks check this out and re-issue a more accurate OSSN, please?</div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br></div><div>// jim</div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<br>

### Discussion ###<br>

Using both thin volumes and zero padding does not ensure data contained<br>

in a volume is actually deleted. The default volume provisioning rule is<br>

set to thick so most installations are likely not affected. Operators<br>

can check their configuration in `cinder.conf` or check for zero padding<br>

with this command `scli --query_all`.<br>

<br>

#### Recommended Actions ####<br>

<br>

Operators can use the following two workarounds, until the release of<br>

Rocky (planned 30th August 2018) which resolves the issue.<br>

<br>

1. Swap to thin volumes<br>

<br>

2. Ensure ScaleIO storage pools use zero-padding with:<br>

<br>

`scli --modify_zero_padding_policy<br>

    (((--protection_domain_id <ID> |<br>

    --protection_domain_name <NAME>)<br>

    --storage_pool_name <NAME>) | --storage_pool_id <ID>)<br>

    (--enable_zero_padding | --disable_zero_padding)`<br>

<br>

### Contacts / References ###<br>

Author: Nick Tait<br>

This OSSN : <a href="https://wiki.openstack.org/wiki/OSSN/OSSN-0084" rel="noreferrer" target="_blank">https://wiki.openstack.org/wik<wbr>i/OSSN/OSSN-0084</a><br>

Original LaunchPad Bug : <a href="https://bugs.launchpad.net/ossn/+bug/1699573" rel="noreferrer" target="_blank">https://bugs.launchpad.net/oss<wbr>n/+bug/1699573</a><br>

Mailing List : [Security] tag on <a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.<wbr>org</a><br>

OpenStack Security Project : <a href="https://launchpad.net/~openstack-ossg" rel="noreferrer" target="_blank">https://launchpad.net/~opensta<wbr>ck-ossg</a><br>

<br>

<br>______________________________<wbr>______________________________<wbr>______________<br>

OpenStack Development Mailing List (not for usage questions)<br>

Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>

<br></blockquote></div></div></div>

______________________________<wbr>______________________________<wbr>______________<br>

OpenStack Development Mailing List (not for usage questions)<br>

Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>

</blockquote></div>

</div></div><br>______________________________<wbr>______________________________<wbr>______________<br>

OpenStack Development Mailing List (not for usage questions)<br>

Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>

<br></blockquote></div></div></div><br></div></div>

<br>______________________________<wbr>______________________________<wbr>______________<br>

OpenStack Development Mailing List (not for usage questions)<br>

Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>

<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span style="font-size:12.8px">Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat</span><br style="font-size:12.8px"><span style="font-size:12.8px">e: </span><a href="mailto:lhinds@redhat.com" style="color:rgb(17,85,204);font-size:12.8px" target="_blank">lhinds@redhat.com</a><span style="font-size:12.8px"> | irc: lhinds @freenode |</span><span style="font-size:12.8px"> t: </span>+44 12 52 36 2483<br style="font-size:12.8px"></div></div></div></div></div></div>

</div></div>