Description of problem: The source VM is using the below dataVolume: ~~~ # oc get vm rhel8-b0w0qr4bgx7txkuf -o yaml |yq '.spec.template.spec.volumes' - dataVolume: name: rhel8-b0w0qr4bgx7txkuf name: rootdisk ~~~ A new virtual machine (VM) was then cloned from the rhel8-b0w0qr4bgx7txkuf VM using the clone button in the OpenShift Console. This created a new persistent volume claim (PVC) and data volume (DV) by appending "volume-clone" to the name of the source DV. ~~~ oc get vm rhel8-b0w0qr4bgx7txkuf-first-clone -o yaml |yq '.spec.template.spec.volumes' - dataVolume: name: rhel8-b0w0qr4bgx7txkuf-volume-clone name: rootdisk # oc get pod virt-launcher-rhel8-b0w0qr4bgx7txkuf-first-clone-f6rfk -o yaml|yq '.spec.volumes' |grep -A 3 rootdisk - name: rootdisk persistentVolumeClaim: claimName: rhel8-b0w0qr4bgx7txkuf-volume-clone ~~~ The source VM, rhel8-b0w0qr4bgx7txkuf, was cloned again. However, the new cloned VM ended up using the same persistent volume claim (PVC) as the previous clone, rhel8-b0w0qr4bgx7txkuf-first-clone. ~~~ # oc get vm rhel8-b0w0qr4bgx7txkuf-second-clone -o yaml |yq '.spec.template.spec.volumes' - dataVolume: name: rhel8-b0w0qr4bgx7txkuf-volume-clone name: rootdisk # oc get pod virt-launcher-rhel8-b0w0qr4bgx7txkuf-second-clone-65bk7 -o yaml|yq '.spec.volumes' |grep -A 3 rootdisk - name: rootdisk persistentVolumeClaim: claimName: rhel8-b0w0qr4bgx7txkuf-volume-clone ~~~ This can easily lead to data corruption, as both VMs will be writing to the same PV. By looking updateClonedDataVolumes[1], it appears that it is getting the data volume (DV) name from the source VM's volumes/ Data Volume Templates, appending "volume-clone" to the name, and using it as the DV name for the new cloned VM. It does not check if this persistent volume claim (PVC) is already in use and simply assumes that it does not exist and begins using it. Version-Release number of selected component (if applicable): OpenShift Virtualization 4.13.1 How reproducible: 100% Steps to Reproduce: 1. Create two cloned VMs from a VM using the OpenShift Console clone button. 2. Both the cloned VMs will be using the same PVC. Actual results: Cloned VM using PVC of another VM can cause data corruption Expected results: While generating the PVC name of the cloned VM, it should create a unique name and should check if it already exists before start using it. Additional info: [1] https://github.com/kubevirt-ui/kubevirt-plugin/blob/main/src/views/virtualmachines/actions/components/CloneVMModal/utils/helpers.tsx#L154
I could reproduce the issue on 4.13 and 4.14, in my opition, the PVC name should always be same with the VM name to avoid any potential issues.
verified on kubevirt-console-plugin-rhel9:v4.14.0-2359
Can we please also backport this to 4.13 since it can cause data corruption?
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Virtualization 4.14.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:6817