Bug#717313: lvm2: Enable issue_discards = 1 automatically on non-rotational (SSD) disks?

[Matt Taggart]

I agree that "issue_discards = 1" should become the default in lvm on 
Debian.

There is a case where you might not want TRIM/discards, there are security 
implications to enabling it with dm-crypt.  In the commit message which 
added this support, the author states:

  Note that discard will be never enabled by default because
  of security consequences, it is up to administrator
  to enable it for encrypted devices.

and in the added documentation:

  WARNING: allowing discard on encrypted device has serious irreversible
  security consequences, discarded blocks can be easily located on device
  later. This can lead to leak of information from ciphertext device
  (unique pattern for detecting filesystem type, used space etc).

https://www.redhat.com/archives/dm-devel/2011-July/msg00042.html

But if I understand it correctly, as long as dm-crypt defaults to not 
enabling it, it would still be fine if LVM did have it enabled, you just 
wouldn't have it all the way down the stack to the hardware and would lose 
the benefit but still be safe. It might be worth documenting that, 
something like:

  The option "issue_discards" is enabled by default on LVM in Debian.
  Note that in order to get the benefits of discard, it needs to be
  enabled in each block layer down to the actual hardware. Due to
  security implications, discard is disabled by default in dm-crypt,
  so if you are using that you should first consult the dm-crypt
  documentation to understand the implications before enabling.

Sound ok?

-- 
Matt Taggart
taggart at debian.org