RFC: swapon(8) vnode-backed md and gbde/geli encryption support
swhetzel at gmail.com
Sun Jun 23 16:58:50 UTC 2013
On Sat, Jun 22, 2013 at 1:53 PM, Hiroki Sato <hrs at freebsd.org> wrote:
> I created a patchset to add support of automatic generation of
> vnode-backed md(4) devices and gbde/geli geom providers to swapon(8)
> via /etc/fstab. We already have equivalent functionality by using
> rc.d scripts. This simplifies rc.d scripts and fixes a race between
> mdconfig/gbde/geli and swapon/swapoff by using /etc/fstab.
> More specifically, the following specification will be supported:
> /dev/ada1p1.bde none swap sw 0 0
> /dev/ada1p2.eli none swap sw 0 0
> md none swap sw,file=/swap.bin 0 0
> md10 none swap sw,file=/swap10.bin 0 0
> md12 none swap sw,file=/usr/swap12.bin,late 0 0
> Currently, rc.d/swap1, rc.d/encswap handles entries with FSTAB_SW and
> then rc.d/addswap for additional swap space specified in rc.conf.
> The rc.d/addswap script runs before NETWORKING, so it is difficult to
> add a swap space by using a file via NFS on a diskless client. The
> "late" keyword in /etc/fstab will give more flexibility in such a
> So, the changes to rc.d scripts are the following:
> rc.d/encswap -> (removed)
> rc.d/swap1 -> rc.d/swap
> rc.d/swaplate -> (added)
> rc.d/addswap is not removed in the patchset, but is it still
> necessary? I do not think using combination of rc.d scripts to
> support md(4) device generation for swap spaces is robust, and I
> believe /etc/fstab is sufficient for the same functionality.
> Any comments are welcome. Thank you.
The only thing I see is that you are hard coding the geli_swap_flags
(i.e. -e aes -l 256 -s 4096 -d) into swapon. It would be better to
have swapon read the /etc/fstab file to get these values:
/dev/ada1p2.eli none swap
sw,ealgo=aes,keylen=256,sectorsize=4096 0 0
/dev/ada2p2.eli none swap sw 0 0
What you could do is that if no options are specified in the swap
file, swapon would then use default values for ealgo=aes, keylen=256
geli onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] [-s sectorsize] prov
The options for the geli encrypted swap file in /etc/fstab would then become:
Note: the '-d' option would still be hard coded.
No electrons were maimed while sending this message. Only slightly bruised.
More information about the freebsd-current