[libvirt] [PATCH] storage: Support different wiping algorithms
Daniel P. Berrange
berrange at redhat.com
Thu Jan 26 11:47:34 UTC 2012
On Mon, Jan 09, 2012 at 05:56:19PM +0100, Michal Privoznik wrote:
> Currently, we support only filling a volume with zeroes on wiping.
> However, it is not enough as data might still be readable by
> experienced and equipped attacker. Many technical papers have been
> written, therefore we should support other wiping algorithms.
> ---
> diff to v1:
> -Daniel's suggestions taken in (notably, moved to new API)
> configure.ac | 27 ++++++++++-
> include/libvirt/libvirt.h.in | 30 ++++++++++++
> src/driver.h | 5 ++
> src/libvirt.c | 49 +++++++++++++++++++
> src/libvirt_public.syms | 5 ++
> src/remote/remote_driver.c | 1 +
> src/remote/remote_protocol.x | 9 +++-
> src/remote_protocol-structs | 6 ++
> src/storage/storage_driver.c | 105 ++++++++++++++++++++++++++++++++++--------
> tools/virsh.c | 37 +++++++++++++--
> tools/virsh.pod | 26 ++++++++++-
> 11 files changed, 271 insertions(+), 29 deletions(-)
Sorry I missed this before - it is better to start a new top level
thread, and include "v2" in the subject line to make it stand out,
otherwise it gets threaded in with old archived mail.
> diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
> index ad6fcce..15ba928 100644
> --- a/include/libvirt/libvirt.h.in
> +++ b/include/libvirt/libvirt.h.in
> @@ -2118,6 +2118,33 @@ typedef enum {
> VIR_STORAGE_VOL_DELETE_ZEROED = 1, /* Clear all data to zeros (slow) */
> } virStorageVolDeleteFlags;
>
> +typedef enum {
> + VIR_STORAGE_VOL_WIPE_ALG_ZERO = 0, /* 1-pass, all zeroes */
q> + VIR_STORAGE_VOL_WIPE_ALG_NNSA = 1, /* 4-pass NNSA Policy Letter
> + NAP-14.1-C (XVI-8) */
> + VIR_STORAGE_VOL_WIPE_ALG_DOD = 2, /* 4-pass DoD 5220.22-M section
> + 8-306 procedure */
> + VIR_STORAGE_VOL_WIPE_ALG_BSI = 3, /* 9-pass method recommended by the
> + German Center of Security in
> + Information Technologies */
> + VIR_STORAGE_VOL_WIPE_ALG_GUTMANN = 4, /* The canonical 35-pass sequence */
> + VIR_STORAGE_VOL_WIPE_ALG_SCHNEIER = 5, /* 7-pass method described by
> + Bruce Schneier in "Applied
> + Cryptography" (1996) */
> + VIR_STORAGE_VOL_WIPE_ALG_PFITZNER7 = 6, /* 7-pass random */
> +
> + VIR_STORAGE_VOL_WIPE_ALG_PFITZNER33 = 7, /* 33-pass random */
> +
> + VIR_STORAGE_VOL_WIPE_ALG_RANDOM = 8, /* 1-pass random */
> +
With eric's recent change you can add
#ifdef VIR_ENUM_SENTINELS
> + /*
> + * NB: this enum value will increase over time as new algorithms are
> + * added to the libvirt API. It reflects the last algorithm supported
> + * by this version of the libvirt API.
> + */
> + VIR_STORAGE_VOL_WIPE_ALG_LAST
#endif
> +} virStorageVolWipeAlgorithm;
> +
> /**
> + * virStorageVolWipePattern:
> + * @vol: pointer to storage volume
> + * @algorithm: one of virStorageVolWipeAlgorithm
> + * @flags: future flags, use 0 for now
> + *
> + * Similar to virStorageVolWipe, but one can choose
> + * between different wiping algorithms.
> + *
> + * Returns 0 on success, or -1 on error.
> + */
> +int
> +virStorageVolWipePattern(virStorageVolPtr vol,
> + unsigned int algorithm,
> + unsigned int flags)
> +{
> + virConnectPtr conn;
> + VIR_DEBUG("vol=%p, algorithm=%d, flags=%x", vol, algorithm, flags);
%u for algorithm since it is unsigned now
> +
> + virResetLastError();
> +
> + if (!VIR_IS_CONNECTED_STORAGE_VOL(vol)) {
> + virLibStorageVolError(VIR_ERR_INVALID_STORAGE_VOL, __FUNCTION__);
> + virDispatchError(NULL);
> + return -1;
> + }
> +
> + conn = vol->conn;
> + if (conn->flags & VIR_CONNECT_RO) {
> + virLibStorageVolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
> + goto error;
> + }
> +
> + if (conn->storageDriver && conn->storageDriver->volWipePattern) {
> + int ret;
> + ret = conn->storageDriver->volWipePattern(vol, algorithm, flags);
> + if (ret < 0) {
> + goto error;
> + }
> + return ret;
> + }
> +
> + virLibConnError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
> +
> +error:
> + virDispatchError(vol->conn);
> + return -1;
> +}
> +
> +/**
> * virStorageVolFree:
> * @vol: pointer to storage volume
> *
> diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
> index 4ca7216..09dd17c 100644
> --- a/src/libvirt_public.syms
> +++ b/src/libvirt_public.syms
> @@ -516,4 +516,9 @@ LIBVIRT_0.9.9 {
> virDomainSetNumaParameters;
> } LIBVIRT_0.9.8;
>
> +LIBVIRT_0.9.10 {
> + global:
> + virStorageVolWipePattern;
> +} LIBVIRT_0.9.9;
Trivial rebase to avoid conflict
> diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
> index 8c2d6e1..bbaf22f 100644
> --- a/src/storage/storage_driver.c
> +++ b/src/storage/storage_driver.c
> @@ -1801,14 +1801,17 @@ out:
>
>
> static int
> -storageVolumeWipeInternal(virStorageVolDefPtr def)
> +storageVolumeWipeInternal(virStorageVolDefPtr def,
> + unsigned int algorithm)
> {
> int ret = -1, fd = -1;
> struct stat st;
> char *writebuf = NULL;
> size_t bytes_wiped = 0;
> + virCommandPtr cmd = NULL;
>
> - VIR_DEBUG("Wiping volume with path '%s'", def->target.path);
> + VIR_DEBUG("Wiping volume with path '%s' and algorithm %d",
> + def->target.path, algorithm);
%u here too
ACK if those minor fixes are done + obvious rebase conflict resolution
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list