Re: [linux-lvm] Snapshots and disk re-use

[Jonathan Tripathy <jonnyt@abpni.co.uk>]

On 24/02/11 19:45, Stuart D. Gathman wrote:
> On Thu, 24 Feb 2011, Jonathan Tripathy wrote:
>
>>> Yes.  When you make the snapshot, there is only one copy, and the COW table
>>> is empty.  AS YOU WRITE to the origin, each chunk written is saved to
>>> *-cow first before being written to *-real.
>> Got ya. So data that is being written to the origin, while the snapshot
>> exists, is the data that may leak, as it's saved to the COW first, then copied
>> over to real.
>>
>> Hopefully an expert will let me know weather its safe to zero the COW after
>> I've finished with the snapshot.
> What *is* safe is to zero the snapshot.  This will overwrite any blocks
> in the COW copied from the origin.  The problem is that if the snapshot runs
> out of room, it is invalidated, and you may or may not have overwritten
> all blocks copied from the origin.
>
> So if you don't hear from an expert, a safe prodecure is to allocate
> snapshots for backup that are as big as the origin + 1 PP (which should
> be enough for the COW table as well unless we are talking terabytes).  Then you
> can zero the snapshot (not the COW) after making a backup. That will overwrite
> any data copied from the origin.  The only leftover data will just be the COW
> table which is a bunch of block #s, so shouldn't be a security problem.
>
> This procedure is less efficient than zeroing LVs on allocation, and takes
> extra space for worst case snapshot allocation.  But if you want allocation
> to be "instant", and can pay for it when recycling, that should solve your
> problem.  You should still zero all free space (by allocating a huge LV
> with all remaining space and zeroing it) periodically in case anything
> got missed.
Hmm this sounds like it would work. However I would rather zero the LVs 
on allocation than do this, as we would run many backups, and it would 
be highly inefficient to zero out all the snapshots (unless I made the 
snapshot really small, but that would cause other problems, wouldn't it?)


> IDEA, since you are on raid1, reads are faster than writes (twice as fast),
> and your snapshots will be mostly unused (the COW will only have a few blocks
> copied from the origin).  So you can write a "clear" utility that scans
> a block device for non-zero chunks, and only writes over those with zeros.
> This might be a good application for mmap().
This would be a fantastic idea. Since LVM is very commonily used in 
shared tennant environments, if would be a fantastic feature if LVM 
could make sure that snapshots didn't cause data leakage

Hopefully an expert will help me out with my zeroing issues