Resource icon

Resource How to: Wipe free space in ZFS

Occasionally the subject comes up on how to wipe free space in ZFS. Read the whole resource before attempting the procedure.

ZFS does not include any built in method to clear free space. However, since ZFS is a COW, Copy On Write, file system, this means prior data can hang around in un-allocated space for a long time. The amount of time depends on the size of the pool and the amount of space currently being used.

ZFS does have native encryption, which if used, any freed up blocks of data will still be encrypted. This protects the user in that if they return a disk for warranty support, any blocks, in-use or freed, that were encrypted, stay encrypted. Plus, if the user wants to wipe the entire dataset, simply destroying the dataset will leave the newly freed up blocks still encrypted.

There can be several reasons to want free space cleared:
  • Sensitive data was accidentally stored un-encrypted
  • Moving a dataset from un-encypted to encrypted dataset
Clearing free space in ZFS does NOT do;
  • Optimize data locations
  • Improve speed to data
Before starting, note that there are risks:
  • Backups are highly recommended, (even 2 backups)
  • Pools with only 1 disk of redundancy, (like RAID-Z1 or 2 way Mirror), should use the replace in place with a spare disk, (see below)
  • This will take time, because this is done 1 disk at a time, with complete re-silver

For the moment, this is given as a rough set of steps. If you don't have the skill to follow these rough steps, either ask for assistance. Or, do not perform the procedure as you may loose your data.
  1. Verify your backups of the pool in question
  2. Scrub the pool, and verify there are no errors
  3. If their are any disk problems, take care of them first.
  4. Wiping disks
    1. Select one disk, remove from pool
    2. Carefully find the disk and run your wiping procedure against that disk
    3. Re-install that disk in your pool, wait for re-silver to complete
    4. Verify you have no pool errors
    5. Repeat wiping disks until all are complete
  5. Verify your pool is good, perhaps running a new scrub
  6. You are done
This would clear any free space of prior data that you wish to wipe completely. However, some ZFS history might still reference the name of any destroyed dataset, or some attributes changed. But no data.

If your pool is made up of RAID-Z1 or 2 way Mirrors, you should use the replace in place method. This requires a spare disk and disk bay for the duration of the procedure. If this disk is not intended to be removed when done, then you may want to pre-wipe it. To use, install this spare disk and use something like this to remove the first pool disk;

zpool replace POOL 1st_DISK SPARE_DISK

When the replacement is complete, you can then wipe the former first disk in the pool. After the wiping is done, replace in place again for the second disk, using the newly freed up first disk. Repeat until done.

Obviously you can use this replace in place using a spare disk for pools made up of RAID-Z2/3 or 3 way Mirrors. Doing so reduces the chance of problems and maintains full redundancy during the procedure.

Sometimes when people upgrade their disks, or simply replace a disk that is failing but not yet failed, they want to wipe the entire disk. This procedure does not cover that use case.

Note about wiping method. Some people find using a single pass of writing zeros acceptable. Others want random numbers in one pass. U.S. DOD wants a lot more, depending on the security classification of the data.

What you choose has both implications on how long the procedure will take. And the level of security you get.