[pbs-devel] [PATCH backup v3 0/2] fix #5946: disks: wipe: ensure GPT header backup is wiped

[pbs-devel] [PATCH backup v3 0/2] fix #5946: disks: wipe: ensure GPT header backup is wiped

[Filip Schauer]

When wiping a block device with a GUID partition table, the header
backup might get left behind at the end of the disk. This commit also
wipes the last 4096 bytes of the disk, making sure that a GPT header
backup is erased, even from disks with 4k sector sizes.

Changed since v2:
* Split changes related to replacing calls to dd with direct file writes
  and changes related to wiping the end of the disk into two commits.
* Remove change to only zero out the first 1 MiB instead of the first
  200 MiB

Changed since v1:
* Use `std::os::unix::fs::FileExt::write_all_at` instead of calling `dd`
* only zero out the first 1 MiB

Filip Schauer (2):
  disks: wipe: replace dd with write_all_at for zeroing disk
  fix #5946: disks: wipe: ensure GPT header backup is wiped

 src/tools/disks/mod.rs | 49 +++++++++++++++++++++++-------------------
 1 file changed, 27 insertions(+), 22 deletions(-)

-- 
2.39.5



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel

[pbs-devel] [PATCH backup v3 1/2] disks: wipe: replace dd with write_all_at for zeroing disk

[Filip Schauer]

Replace the external invocation of `dd` with direct file writes using
`std::os::unix::fs::FileExt::write_all_at` to zero out the start of the
disk.

Co-authored-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
 src/tools/disks/mod.rs | 43 +++++++++++++++++++++---------------------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/src/tools/disks/mod.rs b/src/tools/disks/mod.rs
index 571446db..4429eef3 100644
--- a/src/tools/disks/mod.rs
+++ b/src/tools/disks/mod.rs
@@ -4,11 +4,11 @@ use std::collections::{HashMap, HashSet};
 use std::ffi::{OsStr, OsString};
 use std::io;
 use std::os::unix::ffi::{OsStrExt, OsStringExt};
-use std::os::unix::fs::MetadataExt;
+use std::os::unix::fs::{FileExt, MetadataExt, OpenOptionsExt};
 use std::path::{Path, PathBuf};
 use std::sync::{Arc, LazyLock};
 
-use anyhow::{bail, format_err, Error};
+use anyhow::{bail, format_err, Context as _, Error};
 use libc::dev_t;
 use once_cell::sync::OnceCell;
 
@@ -1176,25 +1176,7 @@ pub fn wipe_blockdev(disk: &Disk) -> Result<(), Error> {
     let wipefs_output = proxmox_sys::command::run_command(wipefs_command, None)?;
     info!("wipefs output: {wipefs_output}");
 
-    let size = disk.size().map(|size| size / 1024 / 1024)?;
-    let count = size.min(200);
-
-    let mut dd_command = std::process::Command::new("dd");
-    let mut of_path = OsString::from("of=");
-    of_path.push(disk_path);
-    let mut count_str = OsString::from("count=");
-    count_str.push(count.to_string());
-    let args = [
-        "if=/dev/zero".into(),
-        of_path,
-        "bs=1M".into(),
-        "conv=fdatasync".into(),
-        count_str,
-    ];
-    dd_command.args(args);
-
-    let dd_output = proxmox_sys::command::run_command(dd_command, None)?;
-    info!("dd output: {dd_output}");
+    zero_disk_start(disk)?;
 
     if is_partition {
         // set the partition type to 0x83 'Linux filesystem'
@@ -1204,6 +1186,25 @@ pub fn wipe_blockdev(disk: &Disk) -> Result<(), Error> {
     Ok(())
 }
 
+pub fn zero_disk_start(disk: &Disk) -> Result<(), Error> {
+    let disk_path = match disk.device_path() {
+        Some(path) => path,
+        None => bail!("disk {:?} has no node in /dev", disk.syspath()),
+    };
+
+    let disk_size = disk.size()?;
+    let file = std::fs::OpenOptions::new()
+        .write(true)
+        .custom_flags(libc::O_CLOEXEC | libc::O_DSYNC)
+        .open(disk_path)
+        .with_context(|| "failed to open device {disk_path:?} for writing")?;
+    let write_size = disk_size.min(200 * 1024 * 1024);
+    let zeroes = proxmox_io::boxed::zeroed(write_size as usize);
+    file.write_all_at(&zeroes, 0)
+        .with_context(|| "failed to wipe start of device {disk_path:?}")?;
+    Ok(())
+}
+
 pub fn change_parttype(part_disk: &Disk, part_type: &str) -> Result<(), Error> {
     let part_path = match part_disk.device_path() {
         Some(path) => path,
-- 
2.39.5



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel

[pbs-devel] [PATCH backup v3 2/2] fix #5946: disks: wipe: ensure GPT header backup is wiped

[Filip Schauer]

When wiping a block device with a GUID partition table, the header
backup might get left behind at the end of the disk. This commit also
wipes the last 4096 bytes of the disk, making sure that a GPT header
backup is erased, even from disks with 4k sector sizes.

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
 src/tools/disks/mod.rs | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/tools/disks/mod.rs b/src/tools/disks/mod.rs
index 4429eef3..e08ea8ca 100644
--- a/src/tools/disks/mod.rs
+++ b/src/tools/disks/mod.rs
@@ -1145,7 +1145,7 @@ pub fn inititialize_gpt_disk(disk: &Disk, uuid: Option<&str>) -> Result<(), Erro
     Ok(())
 }
 
-/// Wipes all labels and the first 200 MiB of a disk/partition (or the whole if it is smaller).
+/// Wipes all labels, the first 200 MiB, and the last 4096 bytes of a disk/partition.
 /// If called with a partition, also sets the partition type to 0x83 'Linux filesystem'.
 pub fn wipe_blockdev(disk: &Disk) -> Result<(), Error> {
     let disk_path = match disk.device_path() {
@@ -1176,7 +1176,7 @@ pub fn wipe_blockdev(disk: &Disk) -> Result<(), Error> {
     let wipefs_output = proxmox_sys::command::run_command(wipefs_command, None)?;
     info!("wipefs output: {wipefs_output}");
 
-    zero_disk_start(disk)?;
+    zero_disk_start_and_end(disk)?;
 
     if is_partition {
         // set the partition type to 0x83 'Linux filesystem'
@@ -1186,7 +1186,7 @@ pub fn wipe_blockdev(disk: &Disk) -> Result<(), Error> {
     Ok(())
 }
 
-pub fn zero_disk_start(disk: &Disk) -> Result<(), Error> {
+pub fn zero_disk_start_and_end(disk: &Disk) -> Result<(), Error> {
     let disk_path = match disk.device_path() {
         Some(path) => path,
         None => bail!("disk {:?} has no node in /dev", disk.syspath()),
@@ -1202,6 +1202,10 @@ pub fn zero_disk_start(disk: &Disk) -> Result<(), Error> {
     let zeroes = proxmox_io::boxed::zeroed(write_size as usize);
     file.write_all_at(&zeroes, 0)
         .with_context(|| "failed to wipe start of device {disk_path:?}")?;
+    if disk_size > write_size {
+        file.write_all_at(&zeroes[0..4096], disk_size - 4096)
+            .with_context(|| "failed to wipe end of device {disk_path:?}")?;
+    }
     Ok(())
 }
 
-- 
2.39.5



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel

[pbs-devel] applied-series: [PATCH backup v3 0/2] fix #5946: disks: wipe: ensure GPT header backup is wiped

[Thomas Lamprecht]

Am 12.02.25 um 11:58 schrieb Filip Schauer:
> When wiping a block device with a GUID partition table, the header
> backup might get left behind at the end of the disk. This commit also
> wipes the last 4096 bytes of the disk, making sure that a GPT header
> backup is erased, even from disks with 4k sector sizes.
> 
> Changed since v2:
> * Split changes related to replacing calls to dd with direct file writes
>   and changes related to wiping the end of the disk into two commits.
> * Remove change to only zero out the first 1 MiB instead of the first
>   200 MiB
> 
> Changed since v1:
> * Use `std::os::unix::fs::FileExt::write_all_at` instead of calling `dd`
> * only zero out the first 1 MiB
> 
> Filip Schauer (2):
>   disks: wipe: replace dd with write_all_at for zeroing disk
>   fix #5946: disks: wipe: ensure GPT header backup is wiped
> 
>  src/tools/disks/mod.rs | 49 +++++++++++++++++++++++-------------------
>  1 file changed, 27 insertions(+), 22 deletions(-)
> 


applied, thanks!


_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel