The following patches implement overwriting a volume with zeros when
the volume is deleted. The zeroing happens before the delete, so it
works for storage backends that don't support actually deleting
volumes as well as the ones that do. The intent is that any future VM
assigned that volume will not be able to recover any data belonging to
the previous VM. It is not intended to prevent attackers with
physical access to the medium from recovering data--it simply writes a
single pass of zeros over the medium.
If the filesystem containing the volume supports the fiemap ioctl and
the volume is a sparse file, the volume zeroing code attempts to use
fiemap to locate the mapped extents. It does not attempt to zero a
sparse file if it cannot use fiemap. Such an operation could take an
essentially unbounded amount of time.
Since the volume is being deleted, zeroing has less value in the
context of backends that support delete, but does provide value with
storage backends that do not zero volumes if they are deleted and
recreated.
Dave