Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3099381imm; Fri, 19 Oct 2018 05:13:03 -0700 (PDT) X-Google-Smtp-Source: ACcGV61OyaVxig8SZIQ3flj2KcOh4XBBhcmUNC3Ic0/fSm7+svNOsCUVLtGX42PHV2pJ+T8c2omB X-Received: by 2002:a63:5153:: with SMTP id r19-v6mr32558236pgl.419.1539951183444; Fri, 19 Oct 2018 05:13:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539951183; cv=none; d=google.com; s=arc-20160816; b=bn9KAH/LCdNlLc8eG+XxxjCnQcQG3IClG2rUMAYu04HDfg0TLyuLIPGWHFa+jH1LV/ rpOXwbREhaccYrhfCBVEWySp1RkM06F6He3Luqjqlded1SIDLQo+eW+9nkE12FyF879n M9F2DHZQYQNgWqA/uReyCDDMsU8mG29LSNH4RgEeIR+J+BjZtptRkO9XYlg2Jl9G4G5F ngoO1Sx2Y8jmCnKZ7+QeM2PDb6wcay8bF9/HqrRECS6WElhv0K4dbU00PNHHDiSTIqcq DAClFAMxxsAnGFtZFAIupEyQXMmaWE+es0zQppAeC2hgQb6esq6s2WJpsER5cBnuTR44 sHhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=uAuCZYOkaT0zeh7O5qKL3aImwuHl32XMvxjOTu5a7uw=; b=k5GCnM40HmoLmx6KR/2zaChYDt2a0fOhrW01SQ6JfV8Gven7DLzrhXc4cFv+SgUuen bB5Via3YnAKYobsO6SMJr+7TH8m0H13oohPZZeBky6LwQzfbWkceREo+BvtOEAqy1S2C UY6Cmu8PJz0NpM0d2Q5FTcNCqU7DeswMH9Sk5Npw/lZVASLa8BOExri15ER1nJgO4pxw jBbrpm6N3zzmwXfGLMIldTxZRnGUq1ryDPKF3oIcBqMGkAP0RlxzgdZoBw/f0AZ/k03n C2wxWul6TatMT/TPkqM1n5NQLfDvXFikrLoFGDEyhUG8kxcmBO9KQURbkp9coFCiUnl3 NeCg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b41-v6si23374738pla.306.2018.10.19.05.12.48; Fri, 19 Oct 2018 05:13:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727583AbeJSURN (ORCPT + 99 others); Fri, 19 Oct 2018 16:17:13 -0400 Received: from vmicros1.altlinux.org ([194.107.17.57]:60350 "EHLO vmicros1.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727170AbeJSURN (ORCPT ); Fri, 19 Oct 2018 16:17:13 -0400 Received: from imap.altlinux.org (imap.altlinux.org [194.107.17.38]) by vmicros1.altlinux.org (Postfix) with ESMTP id 7299572CC59; Fri, 19 Oct 2018 15:11:21 +0300 (MSK) Received: from sole.flsd.net (sole.flsd.net [185.75.180.6]) by imap.altlinux.org (Postfix) with ESMTPSA id 5D8D74A4A16; Fri, 19 Oct 2018 15:11:21 +0300 (MSK) Date: Fri, 19 Oct 2018 15:11:21 +0300 From: Vitaly Chikunov To: Christoph Hellwig Cc: Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, Jonathan Corbet , Shaohua Li , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org Subject: Re: [dm-devel] [PATCH] dm: add secdel target Message-ID: <20181019121121.k6nv6we37y52ymuc@sole.flsd.net> References: <20181014112439.8119-1-vt@altlinux.org> <20181019061945.GA7403@infradead.org> <20181019114944.syemvziebwfuruof@sole.flsd.net> <20181019120033.GA7869@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20181019120033.GA7869@infradead.org> User-Agent: NeoMutt/20171215-106-ac61c7 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 19, 2018 at 05:00:33AM -0700, Christoph Hellwig wrote: > On Fri, Oct 19, 2018 at 02:49:44PM +0300, Vitaly Chikunov wrote: > > On Thu, Oct 18, 2018 at 11:19:45PM -0700, Christoph Hellwig wrote: > > > Just as a note: the name is a complete misowner, a couple overwrite > > > are not in any way secure deletion. So naming it this way and exposing > > > this as erase is a problem that is going to get back to bite us. > > > > In what way it's not secure deletion? > > > > It's secure deletion by overwriting discarded data instead of leaving it > > as is. > > Overwriting data does not delete data. Most certainly not in Flash based > SSDs, but also not in many storage arrays, or for that matter many modern > disks that have sectore remapping and various kinds of non-volatile > caches. There is a reason why devices tend to have special commands to > perform secure erase - depending on the media they might or might not > overwrite internally, but at least they do it in a way that actually > works for the given media and device configuration. I know that. This is why it says "The target does not try to determine if the underlying drive reliably support data overwrites, this decision is solely on the discretion of a user. Please note that not all drivers support this ability." > > dm-erase or dm-wipe? dm-discerase? > > dm-overwrite? These are all good to me. > > > But still provide REQ_OP_SECURE_ERASE support? > > On the one hand that is highly misleading and would warrant a warning > (see above), on the other hand discard is purely advisory and can be > skipped any time, including by intermediate layers. So I don't think > you can actually do what you want without major changes to the whole > I/O stack. Probably, a concerned user should test his setup to be sure discards reach dm-secdel (after that they go as writes), and data he thinks should be erased is erased.