> Date: Mon, 11 May 2020 21:37:12 +0100 > From: Alexander Nasonov <[email protected]> > > Taylor R Campbell wrote: > > At any given time, some pages may be encrypted while others are not. > > We don't keep track of how many pages are encrypted and how many pages > > are not, and it might be tricky to do so. All that is easy to do, > > without adding a lot more bookkeeping, is ascertain whether we have > > generated an encryption key at all, meaning that at least one page was > > swapped out while vm.swap_encrypt=1. > > I didn't realise that it can be a mix.
When you do `sysctl -w vm.swap_encrypt=1', there may be a lot of pages already written out in plaintext -- only pages newly swapped out will be encrypted. And if you later do `sysctl -w vm.swap_encrypt=0', there may be a lot of pages already written out in ciphertext for the same reason. Setting the sysctl knob does nothing to the pages that are already written out -- that would be a lot of work to implement and it's not clear it's worthwhile to do so; you can always just `swapctl -d /swap && swapctl -a /swap' bring everything back into RAM and start over. Or set it and forget it by putting `vm.swap_encrypt=1' in /etc/sysctl.conf and rebooting. > > If you find a compelling reason to make it per-swapdev and want to > > implement that, fine by me! > > I have no strong preference but if it was per-swapdev I could > use existing KAUTH_SYSTEM_SWAPCTL instead of introducing a new > KAUTH_SYSTEM_SWAP_ENCRYPT. I figure the value of making it easy to implement and set up in the first place outweighs the value of not having to introduce a new kauth frobnozzle. If anything, I would want any new swapctl option to _override_ the global default in vm.swap_encrypt if specified, and to inherit it if omitted -- which would require both kauth gizmos anyway.
