Re: [linux-lvm] Fwd: Questions about residual data in LVM after delete the Logic Volume

[Zdenek Kabelac <zkabelac@redhat.com>]

Dne 27.11.2015 v 13:28 Young Yang napsal(a):
>
> ---------- Forwarded message ----------
> From: *Young Yang* <afe.young@gmail.com <mailto:afe.young@gmail.com>>
> Date: Thu, Nov 26, 2015 at 4:20 PM
> Subject: Questions about residual data in LVM after delete the Logic Volume
> To: linux-lvm@redhat.com <mailto:linux-lvm@redhat.com>
>
>
>
> Hi
>
> This is my LVM version
>
>     stack@DevStackOSDomU:~$ sudo lvm version
>        LVM version:     2.02.98(2) (2012-10-15)
>        Library version: 1.02.77 (2012-10-15)
>        Driver version:  4.27.0
>
>
> I created a 1GB physical volume with a block device setup by losetup,  and
> added it to my volume group.
> Then I created a 1GB logic volume  A  and  I can find my block device
> here /dev/stack-volumes-lvmdriver-1/volume-e31af77b-1bf4-43e3-ac1f-23e3e825e576.
>
> I mount this Logic volume and write some data containing a string PATTERN
>   into it.
> Then I grep the block device with  `sudo grep -zbl PATTERN
> /dev/stack-volumes-lvmdriver-1/volume-e31af77b-1bf4-43e3-ac1f-23e3e825e576`
>   and   It really have found the string  PATTERN
>
> Then I deleted this 1GB logic volume A  and created another  1GB logic volume.B.
> I expected  the residual data containing string PATTERN should appear in the
> 1GB logic volume B, because they both used all the same 1GB physical volume.
> However, when I grep the  1GB logic volume B's block device directly,  it
> return nothing.
>
>
>
> *So Here comes the quesions,*
>
> Does LVM have any mechanism to prevent the residual data in the previously
> deleted logical volume from  appearing in the new logical volume?
> If there is any, how can I config it?  How  does it work , where can I find
> the related  docs?



Nope - lvm2 as "L"ogical "V"olume "M"anager does not zero user's data.

If you do not want to 'leak' your data after use - simply 'zero'  LV before 
it's being removed (might be quite lengthy operation)

If you use 'SSD' and you have some kind of 'trust' into discard/trim - you
may setup sending of discard on deleted extents (however note - you cannot
revert back with  'vgcfgrestore' your LV removal operation.

You could also switch into 'thin-provisioning' - which does provide 'zeroing'
of new provisioned blocks - depends on your use-case - but then you are 
STRONGLY advised to switch to some modern distro and not 3 years old one....

And also the most secure option is - encrypt LV (dm-crypt)
this way you simply don't care what does exist in blocks since without proper 
key data are just white noice...

Regards

Zdenek