Swap: Difference between revisions

(25 intermediate revisions by 2 users not shown)

Line 1:

[[Category:Configuration]]

Swap ~~provides additional~~ virtual memory ~~by extending~~ physical RAM. This can be accomplished by using space on disk, such as [[#Swap file|swap file]] or [[#Swap partition|swap partition]], or through compression based methods like [[#Zram swap|zram]]. Additionally, [[#Zswap swap cache|zswap]] can act as a RAM-based compressed cache sitting in front of a traditional disk-based swap device.

Swap allows "cold" pages of virtual memory to be stored in places other than directly in the physical RAM, effectively allowing more pages to be stored. This can be accomplished by using space on disk, such as [[#Swap file|swap file]] or [[#Swap partition|swap partition]], or through compression based methods like [[#Zram swap|zram]]. Additionally, [[#Zswap swap cache|zswap]] can act as a RAM-based compressed cache sitting in front of a traditional disk-based swap device.

= Configuration =

Line 28:

}}

The <code>size</code> value [https://search.nixos.org/options?~~channel=24.11&~~show=swapDevices.*.size is specified in megabytes]

This will create a 16GB swapfile at <code>/var/lib/swapfile</code>. The <code>size</code> value [https://search.nixos.org/options?show=swapDevices.*.size is specified in megabytes]. This will cause a swap file to be generated and an entry to be set up in <code>/etc/fstab</code>.

== Swap partition ==

Swap partitions are typically created during the initial disk partitioning phase of a NixOS installation. For instructions on creating swap partitions, see the relevant NixOS manual sections for [https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning-UEFI UEFI]/[https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning-MBR MBR] partition schemes and [https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning-formatting formatting].

Swap partitions can be defined in <code>configuration.nix</code> like above or (if GPT) be automatically discovered by <code>systemd-gpt-auto-generator(8)</code>. Using the former allows you to have some control over swap mounting options and to enable features such as encrypted swap.

== Zram swap ==

Line 67:

Line 69:

cat /sys/block/zram0/backing_dev

</syntaxhighlight>

If you see an error entry like

<pre>

Jul 08 17:14:50 COMPUTER zram-generator[3056]: Error: Failed to configure write-back device into /sys/block/zram0/backing_dev

Jul 08 17:14:50 COMPUTER zram-generator[3056]: Caused by:

Jul 08 17:14:50 COMPUTER zram-generator[3056]: Device or resource busy (os error 16)

</pre>

This is probably because the writeback device has already been mounted elsewhere (e.g. as swap). To avoid this you need to do as the [[#Disable swap]] section says and make sure your writeback device is not being mounted as swap (this can happen due to <code>systemd-gpt-auto-generator(8)</code>). Do note that zram writeback does ''not'' respect the swap on-disk format and will destroy your existing swap header.

== Zswap swap cache ==

[https://docs.kernel.org/admin-guide/mm/zswap.html Zswap] is a ~~compress~~ RAM cache for swap pages. It acts as a middle layer between system memory and a traditional disk-based swap device, storing compressed pages in RAM before optionally writing them out to disk-based swap if necessary.

[https://docs.kernel.org/admin-guide/mm/zswap.html Zswap] is a compressed RAM cache for swap pages. It acts as a middle layer between system memory and a traditional disk-based swap device, storing compressed pages in RAM before optionally writing them out to disk-based swap if necessary. It acts as an LRU cache.

Unlike zram, zswap requires a disk-based swap device to back it.

Unlike zram, zswap requires a disk-based swap device or file to back it.

Zswap is controlled by kernel parameters and can be enabled in your NixOS configuration by setting appropriate options through <code>boot.kernelParams</code>.

Line 82:

Line 93:

"zswap.compressor=lz4" # compression algorithm

"zswap.max_pool_percent=20" # maximum percentage of RAM that zswap is allowed to use

"zswap.shrinker_enabled=1" # whether to shrink the pool proactively on high memory pressure

];

</nowiki>

}}

{{note|If you use the <code>lz4</code> algorithm, you will also need to set {{nixos:option|boot.initrd.systemd.enable}} to true}}

You can verify zswap's runtime status via <code>cat /sys/module/zswap/parameters/enabled</code> and inspect usage statistics with <code># grep -r . /sys/kernel/debug/zswap/</code>

Line 96:

Line 110:

</syntaxhighlight>

If you are using GPT partitioning tables, <code>systemd-gpt-auto-generator(8)</code> will still mount your swap partition automatically. You must therefore turn on attribute 63 on ~~your~~ partition in the partition table. This can be done with gptfdisk or similar:

If you are using GPT partitioning tables, <code>systemd-gpt-auto-generator(8)</code> will still mount your swap partition automatically. You must therefore turn on attribute 63 ("no-auto") on ''each'' swap partition partition in the partition table. This can be done with gptfdisk or similar:

Line 106:

Line 120:

<enter>

w

</syntaxhighlight>

Alternatively, <code>systemd-gpt-auto-generator(8)</code> for swap can be disabled globally through a kernel cmdline <code>systemd.swap=0</code>:

boot.kernelParams = [ "systemd.swap=0" ];

</syntaxhighlight>

= Tips and Tricks =

== Mount options ==

=== discard ===

Solid state drives have fast random access times, which make them great for swap if you ignore the limited lifespan. Enabling TRIM (discard) on the swap files can help avoid unnecessary copy actions on the SSD, reducing wear and potentially helping increase performance.

swapDevices = [{

device = "/dev/sdXY";

options = [ "discard" ]; # equivalent to swapon --discard

}];

</syntaxhighlight>

A lower-impact option is <code>"discard=once"</code>, which runs discard exactly once when the swap is enabled, but does not continually issue discard commands as pages are being overwritten. This could make more sense depending on your hardware.

<code>systemd-gpt-auto-generator(8)</code> does not automatically enable <code>discard</code>. Also, never enable <code>discard</code> on mdadm RAID setups, as ArchWiki reports that it causes lockup.

== Encrypt swap with random key ==

~~Swap~~ can ~~be automatically encrypted~~ with a ~~new~~ key ~~on every boot~~. ~~This can be used~~ to ~~simplify certain disk layouts~~, ~~such as securing~~ a ~~swap file~~ on ~~a filesystem partition without an encryption container (such as LUKS).~~

Because data from memory is evicted into swap, any secret data in memory can also end up in swap. Because the disks backing the swap is often nonvolatile (data is not lost after power cut), this can represent another way for data to end up in the wrong hands if you computer is seized.

By encrypting the swap with a random key kept in memory, we make sure that the contents of the swap become unreadable as soon as the data in memory has been lost. NixOS contains a handy helper to help you do this, generating a new key on each boot:

swapDevices = [{

device = "/dev/~~sdXY~~";

device = "/dev/disk/by-partuuid/aaaaaaaaa-bbbb-cccc-dddd-0123456789ab";

randomEncryption.enable = true;

}];

</syntaxhighlight>

The selected device will have all its content made unusuable at every boot. Using a partuuid or partlabel is recommended because it is less subject to change when the overall partition scheme changes.

If you want to use TRIM, set <code>randomEncryption.allowDiscards</code> in addition to the <code>options</code>. This has the security implication of:

* telling whoever gets ahold of your swap drive which parts are being actually used (bad),

* telling your SSD to not give out the data in unused parts and to not try to keep them around during garbage collection (good).

You will need to weigh between the two.

Using a random key makes hibernation impossible. If you want to use hibernation, use a regular [[Full Disk Encryption]] (or partial disk encryption with LUKS) scheme with an unchanging key.

== Adjusting swap usage behaviour ==

[https://docs.kernel.org/admin-guide/sysctl/vm.html#swappiness Swappiness] controls how aggressibely swap space is used. By default, Linux uses a swappiness value of 60. Higher values will make the kernel prefer swapping out idle processes ~~sooner~~. Conversely lower values will try to avoid swapping as much as possible, keeping processes in RAM unless absolutely necessary. An optimal value is workload dependent and will will require experimentation.

[https://docs.kernel.org/admin-guide/sysctl/vm.html#swappiness Swappiness] controls how aggressibely swap space is used, specifically how to free up memory when needed. By default, Linux uses a swappiness value of 60. Higher values will make the kernel prefer swapping out idle processes over dropping caches. Conversely lower values will try to avoid swapping as much as possible, keeping processes in RAM unless absolutely necessary. An optimal value is workload dependent and will will require experimentation.

{{file|/etc/nixos/configuration.nix|nix|

Line 133:

Line 181:

}}

You can see your current swappiness level by <code>cat /proc/sys/vm/swappiness</code>.

You can see your current swappiness level by <code>cat /proc/sys/vm/swappiness</code>. The lowest accepted value is 0 while the maximum value is 200. The lowest sane value is 1 (0 causes the system to not scan for unused anonymous pages, i.e. memory freed by processes, at all).

For more on tuning the swap, start with [https://wiki.archlinux.org/title/Swap#swappiness ArchWiki]'s description.

== ZFS and swap ==

@@ Line 1: / Line 1: @@
 [[Category:Configuration]]
-Swap provides additional virtual memory by extending physical RAM. This can be accomplished by using space on disk, such as [[#Swap file|swap file]] or [[#Swap partition|swap partition]], or through compression based methods like [[#Zram swap|zram]]. Additionally, [[#Zswap swap cache|zswap]] can act as a RAM-based compressed cache sitting in front of a traditional disk-based swap device.
+Swap allows "cold" pages of virtual memory to be stored in places other than directly in the physical RAM, effectively allowing more pages to be stored. This can be accomplished by using space on disk, such as [[#Swap file|swap file]] or [[#Swap partition|swap partition]], or through compression based methods like [[#Zram swap|zram]]. Additionally, [[#Zswap swap cache|zswap]] can act as a RAM-based compressed cache sitting in front of a traditional disk-based swap device.
 = Configuration =
@@ Line 28: / Line 28: @@
 }}
-The <code>size</code> value [https://search.nixos.org/options?channel=24.11&show=swapDevices.*.size is specified in megabytes]
+This will create a 16GB swapfile at <code>/var/lib/swapfile</code>. The <code>size</code> value [https://search.nixos.org/options?show=swapDevices.*.size is specified in megabytes]. This will cause a swap file to be generated and an entry to be set up in <code>/etc/fstab</code>.
 == Swap partition ==
 Swap partitions are typically created during the initial disk partitioning phase of a NixOS installation. For instructions on creating swap partitions, see the relevant NixOS manual sections for [https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning-UEFI UEFI]/[https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning-MBR MBR] partition schemes and [https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning-formatting formatting].
+Swap partitions can be defined in <code>configuration.nix</code> like above or (if GPT) be automatically discovered by <code>systemd-gpt-auto-generator(8)</code>. Using the former allows you to have some control over swap mounting options and to enable features such as encrypted swap.
 == Zram swap ==
@@ Line 67: / Line 69: @@
 cat /sys/block/zram0/backing_dev
 </syntaxhighlight>
+If you see an error entry like
+<pre>
+Jul 08 17:14:50 COMPUTER zram-generator[3056]: Error: Failed to configure write-back device into /sys/block/zram0/backing_dev
+Jul 08 17:14:50 COMPUTER zram-generator[3056]: Caused by:
+Jul 08 17:14:50 COMPUTER zram-generator[3056]:     Device or resource busy (os error 16)
+</pre>
+This is probably because the writeback device has already been mounted elsewhere (e.g. as swap). To avoid this you need to do as the [[#Disable swap]] section says and make sure your writeback device is not being mounted as swap (this can happen due to <code>systemd-gpt-auto-generator(8)</code>). Do note that zram writeback does ''not'' respect the swap on-disk format and will destroy your existing swap header.
 == Zswap swap cache ==
-[https://docs.kernel.org/admin-guide/mm/zswap.html Zswap] is a compress RAM cache for swap pages. It acts as a middle layer between system memory and a traditional disk-based swap device, storing compressed pages in RAM before optionally writing them out to disk-based swap if necessary.
+[https://docs.kernel.org/admin-guide/mm/zswap.html Zswap] is a compressed RAM cache for swap pages. It acts as a middle layer between system memory and a traditional disk-based swap device, storing compressed pages in RAM before optionally writing them out to disk-based swap if necessary. It acts as an LRU cache.
-Unlike zram, zswap requires a disk-based swap device to back it.
+Unlike zram, zswap requires a disk-based swap device or file to back it.
 Zswap is controlled by kernel parameters and can be enabled in your NixOS configuration by setting appropriate options through <code>boot.kernelParams</code>.
@@ Line 82: / Line 93: @@
      "zswap.compressor=lz4" # compression algorithm
      "zswap.max_pool_percent=20" # maximum percentage of RAM that zswap is allowed to use
+    "zswap.shrinker_enabled=1" # whether to shrink the pool proactively on high memory pressure
    ];
 </nowiki>
 }}
+{{note|If you use the <code>lz4</code> algorithm, you will also need to set {{nixos:option|boot.initrd.systemd.enable}} to true}}
 You can verify zswap's runtime status via <code>cat /sys/module/zswap/parameters/enabled</code> and inspect usage statistics with <code># grep -r . /sys/kernel/debug/zswap/</code>
@@ Line 96: / Line 110: @@
 </syntaxhighlight>
-If you are using GPT partitioning tables, <code>systemd-gpt-auto-generator(8)</code> will still mount your swap partition automatically. You must therefore turn on attribute 63 on your partition in the partition table. This can be done with gptfdisk or similar:
+If you are using GPT partitioning tables, <code>systemd-gpt-auto-generator(8)</code> will still mount your swap partition automatically. You must therefore turn on attribute 63 ("no-auto") on ''each'' swap partition partition in the partition table. This can be done with gptfdisk or similar:
 <syntaxhighlight lang="console">
@@ Line 106: / Line 120: @@
 <enter>
 w
+</syntaxhighlight>
+Alternatively, <code>systemd-gpt-auto-generator(8)</code> for swap can be disabled globally through a kernel cmdline <code>systemd.swap=0</code>:
+<syntaxhighlight lang="nix">
+boot.kernelParams = [ "systemd.swap=0" ];
 </syntaxhighlight>
 = Tips and Tricks =
+== Mount options ==
+=== discard ===
+Solid state drives have fast random access times, which make them great for swap if you ignore the limited lifespan. Enabling TRIM (discard) on the swap files can help avoid unnecessary copy actions on the SSD, reducing wear and potentially helping increase performance.
+<syntaxhighlight lang="nix">
+swapDevices = [{
+  device = "/dev/sdXY";
+  options = [ "discard" ]; # equivalent to swapon --discard
+}];
+</syntaxhighlight>
+A lower-impact option is <code>"discard=once"</code>, which runs discard exactly once when the swap is enabled, but does not continually issue discard commands as pages are being overwritten. This could make more sense depending on your hardware.
+<code>systemd-gpt-auto-generator(8)</code> does not automatically enable <code>discard</code>. Also, never enable <code>discard</code> on mdadm RAID setups, as ArchWiki reports that it causes lockup.
 == Encrypt swap with random key ==
-Swap can be automatically encrypted with a new key on every boot.  This can be used to simplify certain disk layouts, such as securing a swap file on a filesystem partition without  an encryption container (such as LUKS).
+Because data from memory is evicted into swap, any secret data in memory can also end up in swap. Because the disks backing the swap is often nonvolatile (data is not lost after power cut), this can represent another way for data to end up in the wrong hands if you computer is seized.
+By encrypting the swap with a random key kept in memory, we make sure that the contents of the swap become unreadable as soon as the data in memory has been lost. NixOS contains a handy helper to help you do this, generating a new key on each boot:
 <syntaxhighlight lang="nix">
 swapDevices = [{
-   device = "/dev/sdXY";
+   device = "/dev/disk/by-partuuid/aaaaaaaaa-bbbb-cccc-dddd-0123456789ab";
    randomEncryption.enable = true;
 }];
 </syntaxhighlight>
+The selected device will have all its content made unusuable at every boot. Using a partuuid or partlabel is recommended because it is less subject to change when the overall partition scheme changes.
+If you want to use TRIM, set <code>randomEncryption.allowDiscards</code> in addition to the <code>options</code>. This has the security implication of:
+* telling whoever gets ahold of your swap drive which parts are being actually used (bad),
+* telling your SSD to not give out the data in unused parts and to not try to keep them around during garbage collection (good).
+You will need to weigh between the two.
+Using a random key makes hibernation impossible. If you want to use hibernation, use a regular [[Full Disk Encryption]] (or partial disk encryption with LUKS) scheme with an unchanging key.
 == Adjusting swap usage behaviour ==
-[https://docs.kernel.org/admin-guide/sysctl/vm.html#swappiness Swappiness] controls how aggressibely swap space is used. By default, Linux uses a swappiness value of 60. Higher values will make the kernel prefer swapping out idle processes sooner. Conversely lower values will try to avoid swapping as much as possible, keeping processes in RAM unless absolutely necessary. An optimal value is workload dependent and will will require experimentation.
+[https://docs.kernel.org/admin-guide/sysctl/vm.html#swappiness Swappiness] controls how aggressibely swap space is used, specifically how to free up memory when needed. By default, Linux uses a swappiness value of 60. Higher values will make the kernel prefer swapping out idle processes over dropping caches. Conversely lower values will try to avoid swapping as much as possible, keeping processes in RAM unless absolutely necessary. An optimal value is workload dependent and will will require experimentation.
 {{file|/etc/nixos/configuration.nix|nix|
@@ Line 133: / Line 181: @@
 }}
-You can see your current swappiness level by <code>cat /proc/sys/vm/swappiness</code>.
+You can see your current swappiness level by <code>cat /proc/sys/vm/swappiness</code>. The lowest accepted value is 0 while the maximum value is 200. The lowest sane value is 1 (0 causes the system to not scan for unused anonymous pages, i.e. memory freed by processes, at all).
+For more on tuning the swap, start with [https://wiki.archlinux.org/title/Swap#swappiness ArchWiki]'s description.
 == ZFS and swap ==