[pve-devel] [PATCH v5 pve-storage 2/2] fix #6941 : lvmplugin : fix volume activation of raw disk before secure delete

[Alexandre Derumier via pve-devel <pve-devel@lists.proxmox.com>]

[-- Attachment #1: Type: message/rfc822, Size: 5663 bytes --]

From: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH v5 pve-storage 2/2] fix #6941 : lvmplugin : fix volume activation of raw disk before secure delete
Date: Thu, 23 Oct 2025 14:23:31 +0200
Message-ID: <20251023122331.477027-3-alexandre.derumier@groupe-cyllene.com>

The volume activate before secure delete was lost in qcow2 snapshot implementation
in commit eda88c94ed150e61bc60a89037d37b320a31a9d4.

This re-add activation just before the the delete, to be sure to not write zero
to not existing /dev/.. (so in memory instead the device)

Signed-off-by: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
---
 src/PVE/Storage/LVMPlugin.pm | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/src/PVE/Storage/LVMPlugin.pm b/src/PVE/Storage/LVMPlugin.pm
index 1eeeec0..428d28c 100644
--- a/src/PVE/Storage/LVMPlugin.pm
+++ b/src/PVE/Storage/LVMPlugin.pm
@@ -362,6 +362,17 @@ my sub free_lvm_volumes {
             my $lvmpath = "/dev/$vg/del-$name";
             print "zero-out data on image $name ($lvmpath)\n";
 
+            my $cmd_activate = ['/sbin/lvchange', '-aly', $lvmpath];
+            run_command(
+                $cmd_activate,
+                errmsg => "can't activate LV '$lvmpath' to zero-out its data",
+            );
+            $cmd_activate = ['/sbin/lvchange', '--refresh', $lvmpath];
+            run_command(
+                $cmd_activate,
+                errmsg => "can't refresh LV '$lvmpath' to zero-out its data",
+            );
+
             $secure_delete_cmd->($lvmpath);
 
             $class->cluster_lock_storage(
@@ -737,13 +748,6 @@ my sub alloc_snap_image {
 my sub free_snap_image {
     my ($class, $storeid, $scfg, $volname, $snap) = @_;
 
-    #activate only the snapshot volume
-    my $path = $class->path($scfg, $volname, $storeid, $snap);
-    my $cmd = ['/sbin/lvchange', '-aly', $path];
-    run_command($cmd, errmsg => "can't activate LV '$path' to zero-out its data");
-    $cmd = ['/sbin/lvchange', '--refresh', $path];
-    run_command($cmd, errmsg => "can't refresh LV '$path' to zero-out its data");
-
     my $snap_volname = get_snap_name($class, $volname, $snap);
     return free_lvm_volumes($class, $scfg, $storeid, [$snap_volname]);
 }
@@ -756,14 +760,8 @@ sub free_image {
     my $volnames = [$volname];
 
     if ($format eq 'qcow2') {
-        #activate volumes && snapshot volumes
-        my $path = $class->path($scfg, $volname, $storeid);
-        $path = "\@pve-$name" if $format && $format eq 'qcow2';
-        my $cmd = ['/sbin/lvchange', '-aly', $path];
-        run_command($cmd, errmsg => "can't activate LV '$path' to zero-out its data");
-        $cmd = ['/sbin/lvchange', '--refresh', $path];
-        run_command($cmd, errmsg => "can't refresh LV '$path' to zero-out its data");
-
+        #activate volumes to read snapshots chain
+        $class->activate_volume($storeid, $scfg, $volname);
         my $snapshots = $class->volume_snapshot_info($scfg, $storeid, $volname);
         for my $snapid (
             sort { $snapshots->{$a}->{order} <=> $snapshots->{$b}->{order} }
-- 
2.47.3



[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel