Browse Source

ScaleIO: Prevent usage of unsafe volumes

It is possible for thick volumes, created from storage pools
which have zero-padding disabled, to contain previous data. This
change prevents these volumes from being created by default. A
user can override this behavior by acknowleding the possibility
with a configuration option.

Change-Id: I62f8f48b1624fc9abb7427bd4ca51f7873d35b96
Closes-bug: #1699573
tags/13.0.0.0b1
Eric Young 1 year ago
parent
commit
7feb62197d
3 changed files with 72 additions and 3 deletions
  1. +56
    -1
      cinder/volume/drivers/dell_emc/scaleio/driver.py
  2. +6
    -2
      doc/source/configuration/tables/cinder-emc_sio.inc
  3. +10
    -0
      releasenotes/notes/scaleio-zeropadding-a0273c56c4d14fca.yaml

+ 56
- 1
cinder/volume/drivers/dell_emc/scaleio/driver.py View File

@@ -101,7 +101,13 @@ scaleio_opts = [
'driver. This replaces the general '
'max_over_subscription_ratio which has no effect '
'in this driver.'
'Maximum value allowed for ScaleIO is 10.0.')
'Maximum value allowed for ScaleIO is 10.0.'),
cfg.BoolOpt('sio_allow_non_padded_thick_volumes',
default=False,
help='Allow thick volumes to be created in Storage Pools '
'when zero padding is disabled. This option should '
'not be enabled if multiple tenants will utilize '
'thick volumes from a shared Storage Pool.'),
]

CONF.register_opts(scaleio_opts, group=configuration.SHARED_CONF_GROUP)
@@ -481,6 +487,38 @@ class ScaleIODriver(driver.VolumeDriver):
{'id': id, 'name': encoded_name})
return encoded_name

def _is_volume_creation_safe(self,
protection_domain,
storage_pool,
provision_type):
"""Checks if volume creation is safe or not

using thick volumes with zero padding disabled can lead
to existing data being read off of a newly created volume
"""
# if we have been told to allow unsafe volumes
if self.configuration.sio_allow_non_padded_thick_volumes:
return True

# all thin volumes are safe
if provision_type == 'ThinProvisioned':
return True

try:
properties = self._get_storage_pool_properties(protection_domain,
storage_pool)
padded = properties['zeroPaddingEnabled']
except Exception:
msg = (_("Unable to retrieve properties for pool, %(pool)s") %
{'pool': storage_pool})
raise exception.InvalidInput(reason=msg)

# zero padded storage pools are safe
if padded:
return True
# if we got here, it's unsafe
return False

def create_volume(self, volume):
"""Creates a scaleIO volume."""
self._check_volume_size(volume.size)
@@ -560,6 +598,23 @@ class ScaleIODriver(driver.VolumeDriver):
else:
provisioning = "ThickProvisioned"

allowed = self._is_volume_creation_safe(protection_domain_name,
storage_pool_name,
provisioning)
if not allowed:
# Do not allow thick volume creation on this backend.
# Volumes may leak data between tenants.
LOG.error("Volume creation rejected due to "
"zero padding being disabled for pool, %s:%s. "
"This behaviour can be changed by setting "
"the configuration option "
"sio_allow_non_padded_thick_volumes = True.",
protection_domain_name,
storage_pool_name)
msg = _("Volume creation rejected due to "
"unsafe backend configuration.")
raise exception.VolumeBackendAPIException(data=msg)

# units.Mi = 1024 ** 2
volume_size_kb = volume.size * units.Mi
params = {'protectionDomainId': domain_id,

+ 6
- 2
doc/source/configuration/tables/cinder-emc_sio.inc View File

@@ -17,8 +17,12 @@
* - Configuration option = Default value
- Description

* - **[DEFAULT]**
-
* - ``sio_allow_non_padded_thick_volumes`` = ``False``

- (Boolean) Allow thick volumes to be created in Storage Pools
when zero padding is disabled. This option should
not be enabled if multiple tenants will utilize
thick volumes from a shared Storage Pool.

* - ``sio_max_over_subscription_ratio`` = ``10.0``


+ 10
- 0
releasenotes/notes/scaleio-zeropadding-a0273c56c4d14fca.yaml View File

@@ -0,0 +1,10 @@
---

security:
- |
Removed the ability to create thick volumes in a ScaleIO Storage Pool
that has zero-padding disabled; creation of thin volumes from these
pools is allowed. A new configuration option has been added to
override this new behavior and allow thick volumes, but should not
be enabled if multiple tenants will utilize thick volumes from a shared
Storage Pool.

Loading…
Cancel
Save