CVE-2012-5625

@@ -172,8 +172,55 @@ def logical_volume_info(path):
     return dict(zip(*info))
 
 
+def logical_volume_size(path):
+    """Get logical volume size in bytes.
+
+    :param path: logical volume path
+    """
+    # TODO(p-draigbrady) POssibly replace with the more general
+    # use of blockdev --getsize64 in future
+    out, _err = execute('lvs', '-o', 'lv_size', '--noheadings', '--units',
+                        'b', '--nosuffix', path, run_as_root=True)
+
+    return int(out)
+
+
+def clear_logical_volume(path):
+    """Obfuscate the logical volume.
+
+    :param path: logical volume path
+    """
+    # TODO(p-draigbrady): We currently overwrite with zeros
+    # but we may want to make this configurable in future
+    # for more or less security conscious setups.
+
+    vol_size = logical_volume_size(path)
+    bs = 1024 * 1024
+    direct_flags = ('oflag=direct',)
+    remaining_bytes = vol_size
+
+    # The loop caters for versions of dd that
+    # don't support the iflag=count_bytes option.
+    while remaining_bytes:
+        zero_blocks = remaining_bytes / bs
+        seek_blocks = (vol_size - remaining_bytes) / bs
+        zero_cmd = ('dd', 'bs=%s' % bs,
+                    'if=/dev/zero', 'of=%s' % path,
+                    'seek=%s' % seek_blocks, 'count=%s' % zero_blocks)
+        zero_cmd += direct_flags
+        if zero_blocks:
+            utils.execute(*zero_cmd, run_as_root=True)
+        remaining_bytes %= bs
+        bs /= 1024  # Limit to 3 iterations
+        direct_flags = ()  # Only use O_DIRECT with initial block size
+
+
 def remove_logical_volumes(*paths):
     """Remove one or more logical volume."""
+
+    for path in paths:
+        clear_logical_volume(path)
+
     if paths:
         lvremove = ('lvremove', '-f') + paths
         execute(*lvremove, attempts=3, run_as_root=True)

@@ -149,8 +149,52 @@ def list_logical_volumes(vg):
     return [line.strip() for line in out.splitlines()]
 
 
+def logical_volume_size(path):
+    """Get logical volume size in bytes.
+
+    :param path: logical volume path
+    """
+    # TODO(p-draigbrady) POssibly replace with the more general
+    # use of blockdev --getsize64 in future
+    out, _err = execute('lvs', '-o', 'lv_size', '--noheadings', '--units',
+                        'b', '--nosuffix', path, run_as_root=True)
+
+    return int(out)
+
+
+def clear_logical_volume(path):
+    """Obfuscate the logical volume.
+
+    :param path: logical volume path
+    """
+    # TODO(p-draigbrady): We currently overwrite with zeros
+    # but we may want to make this configurable in future
+    # for more or less security conscious setups.
+
+    vol_size = logical_volume_size(path)
+    bs = 1024 * 1024
+    remaining_bytes = vol_size
+
+    # The loop caters for versions of dd that
+    # don't support the iflag=count_bytes option.
+    while remaining_bytes:
+        zero_blocks = remaining_bytes / bs
+        seek_blocks = (vol_size - remaining_bytes) / bs
+        zero_cmd = ('dd', 'bs=%s' % bs,
+                    'if=/dev/zero', 'of=%s' % path,
+                    'seek=%s' % seek_blocks, 'count=%s' % zero_blocks)
+        if zero_blocks:
+            utils.execute(*zero_cmd, run_as_root=True)
+        remaining_bytes %= bs
+        bs /= 1024  # Limit to 3 iterations
+
+
 def remove_logical_volumes(*paths):
     """Remove one or more logical volume."""
+
+    for path in paths:
+        clear_logical_volume(path)
+
     if paths:
         lvremove = ('lvremove', '-f') + paths
         execute(*lvremove, attempts=3, run_as_root=True)