From: Stuart Gathman <stuart@gathman.org>
To: linux-lvm@redhat.com
Subject: Re: [linux-lvm] Snapshots & data security
Date: Wed, 27 Jul 2016 15:17:35 -0400 [thread overview]
Message-ID: <aa376169-db61-4b17-06cf-10e6495e8b15@gathman.org> (raw)
In-Reply-To: <CAOXD2Kufsndmiian5NwV5Cmg+CAZeiKRyzDRQdazbkOzs0LL9Q@mail.gmail.com>
On 07/19/2016 11:28 AM, Scott Sullivan wrote:
>
> Could someone please clarify if there is a legitimate reason to worry
> about data security of a old (removed) LVM snapshot?
>
> For example, when you lvremove a LVM snapshot, is it possible for data
> to be recovered if you create another LVM and it happens to go into
> the same area as the old snapshot we lvremoved?
>
> If this helps clarify, do we have to worry about security scrubbing a
> LVM snapshot for data security ?
>
Another idea: if your VG is on SSD, and properly aligned, then DISCARD
on the new LV will effectively zero it as far as any guest VMs are
concerned. (The data is still on the flash until erased by the
firmware, of course.) If VG and PE size do not align with the SSD erase
block, then you can still zero the "edges" of the new LV, which is much
faster (and less wear on the SSD) than zeroing the whole thing. You
could always read-verify that the data is actually all zero.
next prev parent reply other threads:[~2016-07-27 21:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-19 15:28 [linux-lvm] Snapshots & data security Scott Sullivan
2016-07-20 12:01 ` Stuart Gathman
2016-07-20 13:50 ` Zdenek Kabelac
2016-07-27 19:17 ` Stuart Gathman [this message]
2016-08-16 9:44 ` Zdenek Kabelac
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aa376169-db61-4b17-06cf-10e6495e8b15@gathman.org \
--to=stuart@gathman.org \
--cc=linux-lvm@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).