ScaleIO: Prevent usage of unsafe volumes

It is possible for thick volumes, created from storage pools which have zero-padding disabled, to contain previous data. This change prevents these volumes from being created by default. A user can override this behavior by acknowleding the possibility with a configuration option. Change-Id: I62f8f48b1624fc9abb7427bd4ca51f7873d35b96 Closes-bug: #1699573
2018-03-22 20:24:01 -04:00 · 2018-03-22 20:24:01 -04:00 · 7feb62197d
commit 7feb62197d
parent 04fc01bb32
3 changed files with 72 additions and 3 deletions
--- a/cinder/volume/drivers/dell_emc/scaleio/driver.py
+++ b/cinder/volume/drivers/dell_emc/scaleio/driver.py
@ -101,7 +101,13 @@ scaleio_opts = [
                      'driver. This replaces the general '
                      'max_over_subscription_ratio which has no effect '
                      'in this driver.'
-                      'Maximum value allowed for ScaleIO is 10.0.')
+                      'Maximum value allowed for ScaleIO is 10.0.'),
+    cfg.BoolOpt('sio_allow_non_padded_thick_volumes',
+                default=False,
+                help='Allow thick volumes to be created in Storage Pools '
+                     'when zero padding is disabled. This option should '
+                     'not be enabled if multiple tenants will utilize '
+                     'thick volumes from a shared Storage Pool.'),
 ]

 CONF.register_opts(scaleio_opts, group=configuration.SHARED_CONF_GROUP)
@ -481,6 +487,38 @@ class ScaleIODriver(driver.VolumeDriver):
                  {'id': id, 'name': encoded_name})
        return encoded_name

+    def _is_volume_creation_safe(self,
+                                 protection_domain,
+                                 storage_pool,
+                                 provision_type):
+        """Checks if volume creation is safe or not
+
+           using thick volumes with zero padding disabled can lead
+           to existing data being read off of a newly created volume
+        """
+        # if we have been told to allow unsafe volumes
+        if self.configuration.sio_allow_non_padded_thick_volumes:
+            return True
+
+        # all thin volumes are safe
+        if provision_type == 'ThinProvisioned':
+            return True
+
+        try:
+            properties = self._get_storage_pool_properties(protection_domain,
+                                                           storage_pool)
+            padded = properties['zeroPaddingEnabled']
+        except Exception:
+            msg = (_("Unable to retrieve properties for pool, %(pool)s") %
+                   {'pool': storage_pool})
+            raise exception.InvalidInput(reason=msg)
+
+        # zero padded storage pools are safe
+        if padded:
+            return True
+        # if we got here, it's unsafe
+        return False
+
    def create_volume(self, volume):
        """Creates a scaleIO volume."""
        self._check_volume_size(volume.size)
@ -560,6 +598,23 @@ class ScaleIODriver(driver.VolumeDriver):
        else:
            provisioning = "ThickProvisioned"

+        allowed = self._is_volume_creation_safe(protection_domain_name,
+                                                storage_pool_name,
+                                                provisioning)
+        if not allowed:
+            # Do not allow thick volume creation on this backend.
+            # Volumes may leak data between tenants.
+            LOG.error("Volume creation rejected due to "
+                      "zero padding being disabled for pool, %s:%s. "
+                      "This behaviour can be changed by setting "
+                      "the configuration option "
+                      "sio_allow_non_padded_thick_volumes = True.",
+                      protection_domain_name,
+                      storage_pool_name)
+            msg = _("Volume creation rejected due to "
+                    "unsafe backend configuration.")
+            raise exception.VolumeBackendAPIException(data=msg)
+
        # units.Mi = 1024 ** 2
        volume_size_kb = volume.size * units.Mi
        params = {'protectionDomainId': domain_id,
--- a/doc/source/configuration/tables/cinder-emc_sio.inc
+++ b/doc/source/configuration/tables/cinder-emc_sio.inc
@ -17,8 +17,12 @@
   * - Configuration option = Default value
     - Description

-   * - **[DEFAULT]**
-     -
+   * - ``sio_allow_non_padded_thick_volumes`` = ``False``
+
+     - (Boolean) Allow thick volumes to be created in Storage Pools
+       when zero padding is disabled. This option should
+       not be enabled if multiple tenants will utilize
+       thick volumes from a shared Storage Pool.

   * - ``sio_max_over_subscription_ratio`` = ``10.0``

--- a/releasenotes/notes/scaleio-zeropadding-a0273c56c4d14fca.yaml
+++ b/releasenotes/notes/scaleio-zeropadding-a0273c56c4d14fca.yaml
@ -0,0 +1,10 @@
+---
+
+security:
+  - |
+    Removed the ability to create thick volumes in a ScaleIO Storage Pool
+    that has zero-padding disabled; creation of thin volumes from these
+    pools is allowed. A new configuration option has been added to
+    override this new behavior and allow thick volumes, but should not
+    be enabled if multiple tenants will utilize thick volumes from a shared
+    Storage Pool.