[pbs-devel] [PATCH backup v2 1/2] fix #5946: disks: wipe: ensure GPT header backup is wiped

[Filip Schauer <f.schauer@proxmox.com>]

When wiping a block device with a GUID partition table, the header
backup might get left behind at the end of the disk. This commit also
wipes the last 4096 bytes of the disk, making sure that a GPT header
backup is erased, even from disks with 4k sector sizes.

Co-authored-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
 src/tools/disks/mod.rs | 49 +++++++++++++++++++++++-------------------
 1 file changed, 27 insertions(+), 22 deletions(-)

diff --git a/src/tools/disks/mod.rs b/src/tools/disks/mod.rs
index 571446db..ad9df0b5 100644
--- a/src/tools/disks/mod.rs
+++ b/src/tools/disks/mod.rs
@@ -4,11 +4,11 @@ use std::collections::{HashMap, HashSet};
 use std::ffi::{OsStr, OsString};
 use std::io;
 use std::os::unix::ffi::{OsStrExt, OsStringExt};
-use std::os::unix::fs::MetadataExt;
+use std::os::unix::fs::{FileExt, MetadataExt, OpenOptionsExt};
 use std::path::{Path, PathBuf};
 use std::sync::{Arc, LazyLock};
 
-use anyhow::{bail, format_err, Error};
+use anyhow::{bail, format_err, Context as _, Error};
 use libc::dev_t;
 use once_cell::sync::OnceCell;
 
@@ -1145,7 +1145,7 @@ pub fn inititialize_gpt_disk(disk: &Disk, uuid: Option<&str>) -> Result<(), Erro
     Ok(())
 }
 
-/// Wipes all labels and the first 200 MiB of a disk/partition (or the whole if it is smaller).
+/// Wipes all labels, the first 200 MiB and the last 4096 bytes of a disk/partition.
 /// If called with a partition, also sets the partition type to 0x83 'Linux filesystem'.
 pub fn wipe_blockdev(disk: &Disk) -> Result<(), Error> {
     let disk_path = match disk.device_path() {
@@ -1176,25 +1176,7 @@ pub fn wipe_blockdev(disk: &Disk) -> Result<(), Error> {
     let wipefs_output = proxmox_sys::command::run_command(wipefs_command, None)?;
     info!("wipefs output: {wipefs_output}");
 
-    let size = disk.size().map(|size| size / 1024 / 1024)?;
-    let count = size.min(200);
-
-    let mut dd_command = std::process::Command::new("dd");
-    let mut of_path = OsString::from("of=");
-    of_path.push(disk_path);
-    let mut count_str = OsString::from("count=");
-    count_str.push(count.to_string());
-    let args = [
-        "if=/dev/zero".into(),
-        of_path,
-        "bs=1M".into(),
-        "conv=fdatasync".into(),
-        count_str,
-    ];
-    dd_command.args(args);
-
-    let dd_output = proxmox_sys::command::run_command(dd_command, None)?;
-    info!("dd output: {dd_output}");
+    zero_disk_start_and_end(disk)?;
 
     if is_partition {
         // set the partition type to 0x83 'Linux filesystem'
@@ -1204,6 +1186,29 @@ pub fn wipe_blockdev(disk: &Disk) -> Result<(), Error> {
     Ok(())
 }
 
+pub fn zero_disk_start_and_end(disk: &Disk) -> Result<(), Error> {
+    let disk_path = match disk.device_path() {
+        Some(path) => path,
+        None => bail!("disk {:?} has no node in /dev", disk.syspath()),
+    };
+
+    let disk_size = disk.size()?;
+    let file = std::fs::OpenOptions::new()
+        .write(true)
+        .custom_flags(libc::O_CLOEXEC | libc::O_DSYNC)
+        .open(disk_path)
+        .with_context(|| "failed to open device {disk_path:?} for writing")?;
+    let write_size = disk_size.min(200 * 1024 * 1024);
+    let zeroes = proxmox_io::boxed::zeroed(write_size as usize);
+    file.write_all_at(&zeroes, 0)
+        .with_context(|| "failed to wipe start of device {disk_path:?}")?;
+    if disk_size > write_size {
+        file.write_all_at(&zeroes[0..4096], disk_size - 4096)
+            .with_context(|| "failed to wipe end of device {disk_path:?}")?;
+    }
+    Ok(())
+}
+
 pub fn change_parttype(part_disk: &Disk, part_type: &str) -> Result<(), Error> {
     let part_path = match part_disk.device_path() {
         Some(path) => path,
-- 
2.39.5



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel