Date: Thu, 3 Jan 2008 07:45:19 GMT From: Keve Nagy <wforms@safe-mail.net> To: freebsd-gnats-submit@FreeBSD.org Subject: i386/119293: gdbe swap encryption forces gmirror to rebuild upon each system restart Message-ID: <200801030745.m037jJOY086724@www.freebsd.org> Resent-Message-ID: <200801030750.m037o100097310@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 119293 >Category: i386 >Synopsis: gdbe swap encryption forces gmirror to rebuild upon each system restart >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 03 07:50:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Keve Nagy >Release: FreeBSD 6.2-STABLE >Organization: N/A >Environment: FreeBSD i386 6.2-STABLE >Description: I experienced an issue under FreeBSD 6.2-STABLE between GBDE and GMIRROR, where a BDE encrypted swap causes the mirror to be rebuilt every single time the system is rebooted. I believe the problem is hiding somewhere around the point where gbde gets stopped/unloaded during shutdown, which probably writes some little data back on disk AFTER gmirror stops syncing the providers. This way, when the system is booted gmirror finds the providers being out of sync, and it triggers itself to rebuild the secondary provider from the primary. This has been tested and proven on multiple systems for consistency. A swapoff before shutdown does not eliminate the problem. I had to comment out the swap.bde line from fstab, boot the system this way so that a bde encrypted swap didn't get created/loaded and then the mirror stopped rebuilding itself after reboot. Using GELI to encrypt the swap space does not produce this problem. Until this issue with GBDE and GMIRROR gets fixed, a note or comment in the handbook should be placed, practically for both GBDE "Chapter 18.17.3" and GMIRROR "Chapter 19.4 or 19.4.1", warning users that using bde to encrypt swap inside a gmirror may produce this problem and for the time being this can be quickly solved by using geli instead of gbde. >How-To-Repeat: My systems had two physical disks of the same type. One single FreeBSD slice spanning the entire disk, and separate partitions for /, swap, /var, /tmp and /usr in this order. Only the swap space was encrypted. Encryption and mirroring was set up according to the handbook and man pages, no extra settings or options were used. >Fix: Until gbde gets fixed, use geli to encrypt your swap space inside a gmirror. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801030745.m037jJOY086724>