1. Field of the Invention
A method, system, program, and memory for erasing data at storage locations and, in particular, logically erasing the data.
2. Description of the Related Art
To perform a secure erase of data, a write operation must be performed to each addressable storage location, such as the records in a track or fixed block, which contains data. This write operation involves writing meaningless data, such as all zeros or ones, over the addressable storage locations to prevent any future access to the data at such addressable locations. For instance, various utility programs allow the recovery of deleted files. The data in apparently deleted files can be recovered because the deletion of the file does not cause the erasure of the underlying data, but merely removes from the user""s view the file object providing access to the underlying data. However, if a secure erase is performed, then the data cannot be subsequently recovered by such a utility program.
Performing a secure erase by writing data to the erased storage locations can take a substantial time and significantly degrade the performance of any applications seeking to access the storage device on which the secure erase is being performed. In fact, if a secure erase is performed on an entire volume of data, then the secure erase process can take from several minutes to a half-hour.
Certain systems, such as the IBM RAMAC Virtual Array or ICEBERG disk storage systems** provide for a virtual disk architecture, also referred to as Log Structured Array (LSA) system, in which mappings provide virtual locations of the data. LSA tables map host tracks to disk array storage locations where the data is stored. When data is written to the system, it is compressed and compacted, assembled into fixed blocks, and written to the DASD. All write operations in virtual disk architecture are always directed to a new place in the disk array. An erase operation in the LSA environment involves setting the pointers that provide the mapping from virtual to physical locations to zero and then freeing up the storage space that the pointers addressed. Any future attempt to access the erased track, or pointer to the track, would result in a determination that the pointer does not exist and must have been erased. The erase operation in LSA is substantially faster then secure erase operations that require I/Os to the storage device because the LSA erase just eliminates pointers maintained in a table in memory. However, the LSA erase is limited to the Virtual Disk Architecture, where tracks are logical tracks that map to different storage locations.
**ESA/390 is a trademark of IBM and RAMAC is a registered trademark of IBM; Iceberg is a registered trademark of Storage Technology Corporation. 
There is thus a need in the art for an improved system for securely erasing data.
To overcome the limitations in the prior art described above, preferred embodiments disclose a method, system, program, and memory for erasing data. A request to erase data in at least one storage location is received. In response, a data structure is generated indicating that each storage location subject to the erase request is in an erased state. Upon processing a request to access a storage location, a determination is made as to whether the requested storage location is indicated in the data structure. The data structure is processed to determine whether the requested storage location is in the erased state after determining that the requested storage location is indicated in the data structure. Access to the data at the requested storage location is denied after determining that the requested storage location is in the erased state.
The storage location may comprises a track, a CKD track, a fixed block address, or any other storage format known in the art.
In further embodiments, the data at one storage location indicated in the data structure is erased. In response, the data structure is modified to remove indication that the data at the storage location is in the erased state. The data at the requested storage location is returned after determining that the requested storage location is not in the erased state.
In still further embodiments, an update to one storage location is received. A determination is then made as to whether the storage location subject to the update is indicated in the data structure. If so, the data structure is processed to determine whether the storage location to update is in the erased state. The update is processed to update the data at the storage location. The data structure is modified to remove indication that the storage location is in the erased after determining that the storage location is in the erased state.
Preferred embodiments provide a data structure to logically erase data. If an application requests to access data at storage locations in an erased state, then the controller will prevent access to the data, even though the data remains at the storage location. The preferred system thus provides the security of a physical secure erase, as the application cannot access data in the logical erase state, without having to perform the disk input/output (I/O) operations to physically erase the data. Thus, the preferred logical erase provides security and at the same time has minimal impacts on system and application performance that typically accompanies a secure physical erase of large amounts of data.