Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-30872

[2222008] Cloned VM using PVC of another VM can cause data corruption

XMLWordPrintable

    • Urgent
    • None

      Description of problem:

      The source VM is using the below dataVolume:

      ~~~

      1. oc get vm rhel8-b0w0qr4bgx7txkuf -o yaml |yq '.spec.template.spec.volumes'
      • dataVolume:
        name: rhel8-b0w0qr4bgx7txkuf
        name: rootdisk
        ~~~

      A new virtual machine (VM) was then cloned from the rhel8-b0w0qr4bgx7txkuf VM using the clone button in the OpenShift Console. This created a new persistent volume claim (PVC) and data volume (DV) by appending "volume-clone" to the name of the source DV.

      ~~~
      oc get vm rhel8-b0w0qr4bgx7txkuf-first-clone -o yaml |yq '.spec.template.spec.volumes'

      • dataVolume:
        name: rhel8-b0w0qr4bgx7txkuf-volume-clone
        name: rootdisk
      1. oc get pod virt-launcher-rhel8-b0w0qr4bgx7txkuf-first-clone-f6rfk -o yaml|yq '.spec.volumes' |grep -A 3 rootdisk
      • name: rootdisk
        persistentVolumeClaim:
        claimName: rhel8-b0w0qr4bgx7txkuf-volume-clone
        ~~~

      The source VM, rhel8-b0w0qr4bgx7txkuf, was cloned again. However, the new cloned VM ended up using the same persistent volume claim (PVC) as the previous clone, rhel8-b0w0qr4bgx7txkuf-first-clone.

      ~~~

      1. oc get vm rhel8-b0w0qr4bgx7txkuf-second-clone -o yaml |yq '.spec.template.spec.volumes'
      • dataVolume:
        name: rhel8-b0w0qr4bgx7txkuf-volume-clone
        name: rootdisk
      1. oc get pod virt-launcher-rhel8-b0w0qr4bgx7txkuf-second-clone-65bk7 -o yaml|yq '.spec.volumes' |grep -A 3 rootdisk
      • name: rootdisk
        persistentVolumeClaim:
        claimName: rhel8-b0w0qr4bgx7txkuf-volume-clone
        ~~~

      This can easily lead to data corruption, as both VMs will be writing to the same PV.

      By looking updateClonedDataVolumes[1], it appears that it is getting the data volume (DV) name from the source VM's volumes/ Data Volume Templates, appending "volume-clone" to the name, and using it as the DV name for the new cloned VM. It does not check if this persistent volume claim (PVC) is already in use and simply assumes that it does not exist and begins using it.

      Version-Release number of selected component (if applicable):

      OpenShift Virtualization 4.13.1

      How reproducible:

      100%

      Steps to Reproduce:

      1. Create two cloned VMs from a VM using the OpenShift Console clone button.
      2. Both the cloned VMs will be using the same PVC.

      Actual results:

      Cloned VM using PVC of another VM can cause data corruption

      Expected results:

      While generating the PVC name of the cloned VM, it should create a unique name and should check if it already exists before start using it.

      Additional info:

      [1] https://github.com/kubevirt-ui/kubevirt-plugin/blob/main/src/views/virtualmachines/actions/components/CloneVMModal/utils/helpers.tsx#L154

            rh-ee-dorr Dana Orr
            rhn-support-nashok Nijin Ashok
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: