Page MenuHomeFreeBSD

Create swap before root partition in bsdinstall
Needs RevisionPublic

Authored by dim on May 5 2016, 12:29 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 11 2024, 4:28 AM
Unknown Object (File)
Jan 6 2024, 1:46 AM
Unknown Object (File)
Dec 20 2023, 5:59 AM
Unknown Object (File)
Nov 15 2023, 12:47 AM
Unknown Object (File)
Aug 12 2023, 1:52 AM
Unknown Object (File)
Aug 10 2023, 2:45 PM
Unknown Object (File)
Jul 5 2023, 12:49 AM
Unknown Object (File)
Jun 15 2023, 12:08 AM

Details

Summary

The "Auto UFS" wizard partitions the disk by default as follows:

p1. freebsd-boot
p2. freebsd-ufs
p3. freebsd-swap

As trasz noted on IRC, this is rather suboptimal if you want to enlarge
your root filesystem later on. Let's move the swap partition to before
the root partition, similar to what the Auto ZFS wizard already does.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 3581
Build 3621: arc lint + arc unit

Event Timeline

dim retitled this revision from to Create swap before root partition in bsdinstall.
dim updated this object.
dim edited the test plan for this revision. (Show Details)
dim added reviewers: allanjude, dteske, nwhitehorn.
dim added a subscriber: trasz.
trasz added a reviewer: trasz.
This revision is now accepted and ready to land.May 5 2016, 12:35 PM
imp added a reviewer: imp.

I love this! NanoBSD has been doing something similar in its embedded config for a while now.

But why aren't we also always creating a UEFI boot partition by default too? It's cheap on all but the tiniest disks (that would get a custom build anyway), and it future proofs our uses that may want to transport the disk to a new machine. I'd create it just after the first boot partition. We do this at work since we need one firmware to boot on a whole fleet of servers ranging from a few year old low-end box that will never boot UEFI, to the latest box that only boots UEFI with the hardware we have in it. The boot media already is created this way...

Let's put this on hold for now, as the auto GPT partitioner now puts the boot partition after the swap partition:

┌──────────────────Partition Editor────────────────────┐
│ Create partitions for FreeBSD. No changes will be    │
│ made until you select Finish.                        │
│┌────────────────────────────────────────────────^(-)┐│
││md0             20 GB   GPT                         ││
││  md0p1         1.0 GB  freebsd-swap   none         ││
││  md0p2         512 KB  freebsd-boot                ││
││  md0p3         19 GB   freebsd-ufs    /            ││
││                                                    ││
││                                                    ││
││                                                    ││
││                                                    ││
│└────────────────────────────────────────────────────┘│
├──────────────────────────────────────────────────────┤
│<Create> <Delete> <Modify> <Revert> < Auto > <Finish> │
└──────────────────────────────────────────────────────┘

It is not completely clear to me where in the code the boot partition is placed...

Looks like gpart_create() implicitly adds a boot partition if needed when you first add a filesystem (it sticks the partition before the filesystem and then moves the filesystem forward).

Also, it looks like partedit hardcodes the idea of a single boot partition, so doing a dual EFI + freebsd-boot install is not trivial.

Putting swap first would be nice though for growing VMs so I'm a fan of that idea. For GPT on x86 freebsd-boot should be free to be anywhere on the disk, so after swap shouldn't really hurt. (/boot/pmbr uses 64-bit LBAs to find and load freebsd-boot)

I am working on this, give me another few minutes

Swap first on MBR will likely not boot properly

nwhitehorn edited edge metadata.

This will break a large number of systems. On large disks, the whole disk may not be accessible to the boot loader and it may not be able to find /. Moreover, some versions of loader(8) and earlier bootstrap code rely on the first UFS partition in nested MBR+label disks being /.

We could condition this on EFI+GPT, but that breaks a lot of platform logic encapsulation. A just GPT check might be sufficient, but I'm still hesitant there. For one thing, it has some potential security risks on EFI systems since boot1.efi runs through the disk to find the first mountable UFS partition and decides it is /. A random swap partition is unlikely to be a mountable UFS partition, but you could presumably engineer a program that uses a great deal of specially crafted memory and is swapped out, creating the appropriate structures.

Given all of this, I think this change should be put on ice for the time being.

This revision now requires changes to proceed.May 16 2016, 3:32 AM

In my version of this patch, I made it specific to GPT because MBR requires / be adaXsYa

I think the usability gain of putting swap before / is of more value than the security consideration.

I disagree strongly that convenience is more important than the security issue, which allows a way to install root kits. Fixing it only involves having boot1.efi check the partition type (and gptboot, if it does not already), which is not such a huge issue. That should definitely happen before this patch goes in.

allanjude removed a reviewer: allanjude.