Bug 119293 - [gbde] gbde swap encryption forces gmirror to rebuild upon each system restart
Summary: [gbde] gbde swap encryption forces gmirror to rebuild upon each system restart
Status: Closed Overcome By Events
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 6.2-STABLE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-03 07:50 UTC by Keve Nagy
Modified: 2017-08-27 01:18 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Keve Nagy 2008-01-03 07:50:01 UTC
I experienced an issue under FreeBSD 6.2-STABLE between GBDE and GMIRROR,
where a BDE encrypted swap causes the mirror to be rebuilt every single
time the system is rebooted. I believe the problem is hiding somewhere
around the point where gbde gets stopped/unloaded during shutdown, which
probably writes some little data back on disk AFTER gmirror stops syncing
the providers. This way, when the system is booted gmirror finds the
providers being out of sync, and it triggers itself to rebuild the
secondary provider from the primary.

This has been tested and proven on multiple systems for consistency.
A swapoff before shutdown does not eliminate the problem. I had to comment
out the swap.bde line from fstab, boot the system this way so that a bde
encrypted swap didn't get created/loaded and then the mirror stopped
rebuilding itself after reboot. Using GELI to encrypt the swap space
does not produce this problem.

Until this issue with GBDE and GMIRROR gets fixed, a note or comment
in the handbook should be placed, practically for both GBDE
"Chapter 18.17.3" and GMIRROR "Chapter 19.4 or 19.4.1", warning users
that using bde to encrypt swap inside a gmirror may produce this problem
and for the time being this can be quickly solved by using geli instead
of gbde.

Fix: 

Until gbde gets fixed, use geli to encrypt your swap space inside a gmirror.
How-To-Repeat: My systems had two physical disks of the same type. One single FreeBSD
slice spanning the entire disk, and separate partitions for /, swap,
/var, /tmp and /usr in this order. Only the swap space was encrypted.
Encryption and mirroring was set up according to the handbook and man
pages, no extra settings or options were used.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2008-01-07 06:16:31 UTC
Responsible Changed
From-To: freebsd-i386->freebsd-bugs

This does not sound i386-specific.