Comment 50 for bug 953875

What if the system were to use the unencrypted swap (since there's a valid header for it) and the encrypted swap (since an encrypted device with offset was created for it) at the same time? The two swaps would overlap and overwrite each others memory, and the system goes *ka-boom*.

Now, that's an unrealistic scenario because it's unlikely to ever happen, and there's even a check in the kernel that prevents overlapping devices from being accepted as valid swap devices. So an explicit 'swapon /dev/sda3' currently fails with an invalid device message.

Still, this seems a bit like a damocles sword to me.

As a lower risk, the system may end up using unencrypted swap since the header is there and looks valid.

Swap partitions also have a size recorded in the header; if it only serves as an UUID provider, maybe it should be set to the smallest possible size, so it won't overlap with the encrypted side of things and nothing terribly bad could happen even if both were somehow to be used at the same time.

The minimum size seems to be 40 so you could prepare the partition with (mkswap --uuid="$uuid" "$dev" 40) or something like that (assuming the unencrypted swap is not in use at this stage).

On a side note, the offset should probably be a multiple of MiB (2048), to retain MiB alignment on the partition/block layer which seems to be the standard nowadays (regardless of what the underlying filesystem/swap makes of it).