8 files changed, 213 insertions, 88 deletions

diff --git a/sbin/geom/class/eli/geli.8 b/sbin/geom/class/eli/geli.8
index 0803480450f1..3cb1f211769f 100644
--- a/sbin/geom/class/eli/geli.8
+++ b/sbin/geom/class/eli/geli.8
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 28, 2012
+.Dd June 18, 2012
 .Dt GELI 8
 .Os
 .Sh NAME
@@ -186,14 +186,15 @@ one of the following algorithms:
 or
 .Nm HMAC/SHA512 .
 .It
-Can create a key from a couple of components (user entered passphrase, random
-bits from a file, etc.).
+Can create a User Key from up to two, piecewise components: a passphrase
+entered via prompt or read from one or more passfiles; a keyfile read from
+one or more files.
 .It
 Allows encryption of the root partition.
 The user will be asked for the
 passphrase before the root file system is mounted.
 .It
-The passphrase of the user is strengthened with:
+Strengthens the passphrase component of the User Key with:
 .Rs
 .%A B. Kaliski
 .%T "PKCS #5: Password-Based Cryptography Specification, Version 2.0."
@@ -201,7 +202,7 @@ The passphrase of the user is strengthened with:
 .%N 2898
 .Re
 .It
-Allows the use of two independent keys (e.g., a
+Allows the use of two independent User Keys (e.g., a
 .Qq "user key"
 and a
 .Qq "company key" ) .
@@ -210,8 +211,8 @@ It is fast -
 .Nm
 performs simple sector-to-sector encryption.
 .It
-Allows Master Keys to be backed up and restored,
-so that if a user has to quickly destroy his keys,
+Allows the encrypted Master Key to be backed up and restored,
+so that if a user has to quickly destroy key material,
 it is possible to get the data back by restoring keys from
 backup.
 .It
@@ -219,8 +220,8 @@ Providers can be configured to automatically detach on last close
 (so users do not have to remember to detach providers after unmounting
 the file systems).
 .It
-Allows attaching a provider with a random, one-time key - useful for swap
-partitions and temporary file systems.
+Allows attaching a provider with a random, one-time Master Key -
+useful for swap partitions and temporary file systems.
 .It
 Allows verification of data integrity (data authentication).
 .It
@@ -233,7 +234,8 @@ indicates an action to be performed:
 .Bl -tag -width ".Cm configure"
 .It Cm init
 Initialize the provider which needs to be encrypted.
-Here you can set up the cryptographic algorithm to use, key length, etc.
+Here you can set up the cryptographic algorithm to use, Data Key length,
+etc.
 The last sector of the provider is used to store metadata.
 The
 .Cm init
@@ -289,37 +291,58 @@ and
 The default and recommended algorithm is
 .Nm AES-XTS .
 .It Fl i Ar iterations
-Number of iterations to use with PKCS#5v2.
+Number of iterations to use with PKCS#5v2 when processing User Key
+passphrase component.
 If this option is not specified,
 .Nm
 will find the number of iterations which is equal to 2 seconds of crypto work.
 If 0 is given, PKCS#5v2 will not be used.
+PKCS#5v2 processing is performed once, after all parts of the passphrase
+component have been read.
 .It Fl J Ar newpassfile
-Specifies a file which contains the passphrase or its part.
+Specifies a file which contains the passphrase component of the User Key
+(or part of it).
 If
 .Ar newpassfile
 is given as -, standard input will be used.
 Only the first line (excluding new-line character) is taken from the given file.
-This argument can be specified multiple times.
+This argument can be specified multiple times, which has the effect of
+reassembling a single passphrase split across multiple files.
+Cannot be combined with the
+.Fl P
+option.
 .It Fl K Ar newkeyfile
-Specifies a file which contains part of the key.
+Specifies a file which contains the keyfile component of the User Key
+(or part of it).
 If
 .Ar newkeyfile
 is given as -, standard input will be used.
-This argument can be specified multiple times.
+This argument can be specified multiple times, which has the effect of
+reassembling a single keyfile split across multiple keyfile parts.
 .It Fl l Ar keylen
-Key length to use with the given cryptographic algorithm.
-If not given, the default key length for the given algorithm is used, which is:
-128 for
-.Nm AES-XTS ,
-.Nm AES-CBC ,
-.Nm Blowfish-CBC
-and
-.Nm Camellia-CBC
-and 192 for
-.Nm 3DES-CBC .
+Data Key length to use with the given cryptographic algorithm.
+If the length is not specified, the selected algorithm uses its
+.Em default
+key length.
+.Bl -ohang -offset indent
+.It Nm AES-XTS
+.Em 128 ,
+256
+.It Nm AES-CBC , Nm Camilla-CBC
+.Em 128 ,
+192,
+256
+.It Nm Blowfish-CBC
+.Em 128
++ n * 32, for n=[0..10]
+.It Nm 3DES-CBC
+.Em 192
+.El
 .It Fl P
-Do not use passphrase as the key component.
+Do not use a passphrase as a component of the User Key.
+Cannot be combined with the
+.Fl J
+option.
 .It Fl s Ar sectorsize
 Change decrypted provider's sector size.
 Increasing the sector size allows increased performance,
@@ -337,9 +360,9 @@ Note that using older metadata version may limit numer of features available.
 .El
 .It Cm attach
 Attach the given provider.
-The master key will be decrypted using the given
-passphrase/keyfile and a new GEOM provider will be created using the given
-provider's name with an
+The encrypted Master Key will be loaded from the metadata and decrypted
+using the given passphrase/keyfile and a new GEOM provider will be created
+using the given provider's name with an
 .Qq .eli
 suffix.
 .Pp
@@ -357,28 +380,33 @@ option for the
 .Cm detach
 subcommand.
 .It Fl j Ar passfile
-Specifies a file which contains the passphrase or its part.
+Specifies a file which contains the passphrase component of the User Key
+(or part of it).
 For more information see the description of the
 .Fl J
 option for the
 .Cm init
 subcommand.
 .It Fl k Ar keyfile
-Specifies a file which contains part of the key.
+Specifies a file which contains the keyfile component of the User Key
+(or part of it).
 For more information see the description of the
 .Fl K
 option for the
 .Cm init
 subcommand.
 .It Fl p
-Do not use passphrase as the key component.
+Do not use a passphrase as a component of the User Key.
+Cannot be combined with the
+.Fl j
+option.
 .It Fl r
 Attach read-only provider.
 It will not be opened for writing.
 .El
 .It Cm detach
 Detach the given providers, which means remove the devfs entry
-and clear the keys from memory.
+and clear the Master Key and Data Keys from memory.
 .Pp
 Additional options include:
 .Bl -tag -width ".Fl f"
@@ -391,7 +419,7 @@ while it is open, but will be automatically detached when it is closed for the
 last time even if it was only opened for reading.
 .El
 .It Cm onetime
-Attach the given providers with random, one-time keys.
+Attach the given providers with a random, one-time (ephemeral) Master Key.
 The command can be used to encrypt swap partitions or temporary file systems.
 .Pp
 Additional options include:
@@ -415,7 +443,7 @@ For more information, see the description of the
 .Cm attach
 subcommand.
 .It Fl l Ar keylen
-Key length to use with the given cryptographic algorithm.
+Data Key length to use with the given cryptographic algorithm.
 For more information, see the description of the
 .Cm init
 subcommand.
@@ -439,15 +467,18 @@ subcommand.
 Remove the BOOT flag from the given providers.
 .El
 .It Cm setkey
-Change or setup (if not yet initialized) selected key.
-There is one master key, which can be encrypted with two independent user keys.
+Install a copy of the Master Key into the selected slot, encrypted with
+a new User Key.
+If the selected slot is populated, replace the existing copy.
+A provider has one Master Key, which can be stored in one or both slots,
+each encrypted with an independent User Key.
 With the
 .Cm init
 subcommand, only key number 0 is initialized.
-The key can always be changed: for an attached provider,
+The User Key can be changed at any time: for an attached provider,
 for a detached provider, or on the backup file.
 When a provider is attached, the user does not have to provide
-an old passphrase/keyfile.
+an existing passphrase/keyfile.
 .Pp
 Additional options include:
 .Bl -tag -width ".Fl J Ar newpassfile"
@@ -458,44 +489,54 @@ To be able to use this option with the
 .Cm setkey
 subcommand, only one key has to be defined and this key must be changed.
 .It Fl j Ar passfile
-Specifies a file which contains the old passphrase or its part.
+Specifies a file which contains the passphrase component of a current User Key
+(or part of it).
 .It Fl J Ar newpassfile
-Specifies a file which contains the new passphrase or its part.
+Specifies a file which contains the passphrase component of the new User Key
+(or part of it).
 .It Fl k Ar keyfile
-Specifies a file which contains part of the old key.
+Specifies a file which contains the keyfile component of a current User Key
+(or part of it).
 .It Fl K Ar newkeyfile
-Specifies a file which contains part of the new key.
+Specifies a file which contains the keyfile component of the new User Key
+(or part of it).
 .It Fl n Ar keyno
-Specifies the number of the key to change (could be 0 or 1).
+Specifies the index number of the Master Key copy to change (could be 0 or 1).
 If the provider is attached and no key number is given, the key
 used for attaching the provider will be changed.
 If the provider is detached (or we are operating on a backup file)
-and no key number is given, the key decrypted with the passphrase/keyfile
-will be changed.
+and no key number is given, the first Master Key copy to be successfully
+decrypted with the provided User Key passphrase/keyfile will be changed.
 .It Fl p
-Do not use passphrase as the old key component.
+Do not use a passphrase as a component of the current User Key.
+Cannot be combined with the
+.Fl j
+option.
 .It Fl P
-Do not use passphrase as the new key component.
+Do not use a passphrase as a component of the new User Key.
+Cannot be combined with the
+.Fl J
+option.
 .El
 .It Cm delkey
-Destroy (overwrite with random data) the selected key.
+Destroy (overwrite with random data) the selected Master Key copy.
 If one is destroying keys for an attached provider, the provider
-will not be detached even if all keys are destroyed.
+will not be detached even if all copies of the Master Key are destroyed.
 It can even be rescued with the
 .Cm setkey
-subcommand.
+subcommand because the Master Key is still in memory.
 .Pp
 Additional options include:
 .Bl -tag -width ".Fl a Ar keyno"
 .It Fl a
-Destroy all keys (does not need
+Destroy all copies of the Master Key (does not need
 .Fl f
 option).
 .It Fl f
 Force key destruction.
-This option is needed to destroy the last key.
+This option is needed to destroy the last copy of the Master Key.
 .It Fl n Ar keyno
-Specifies the key number.
+Specifies the index number of the Master Key copy.
 If the provider is attached and no key number is given, the key
 used for attaching the provider will be destroyed.
 If provider is detached (or we are operating on a backup file) the key number
@@ -503,8 +544,8 @@ has to be given.
 .El
 .It Cm kill
 This command should be used only in emergency situations.
-It will destroy all the keys on a given provider and will detach it forcibly
-(if it is attached).
+It will destroy all copies of the Master Key on a given provider and will
+detach it forcibly (if it is attached).
 This is absolutely a one-way command - if you do not have a metadata
 backup, your data is gone for good.
 In case the provider was attached with the
@@ -542,8 +583,8 @@ and
 .El
 .It Cm suspend
 Suspend device by waiting for all inflight requests to finish, clearing all
-sensitive information (like keys) from kernel memory, and blocking all
-further I/O requests until the
+sensitive information (like the Master Key and Data Keys) from kernel memory,
+and blocking all further I/O requests until the
 .Cm resume
 subcommand is executed.
 This functionality is useful for laptops: when one wants to suspend a
@@ -553,8 +594,8 @@ on an encrypted device, unmounting the file system, and detaching the device,
 the
 .Cm suspend
 subcommand can be used.
-Any access to the encrypted device will be blocked until the keys are
-recovered through the
+Any access to the encrypted device will be blocked until the Master Key is
+reloaded through the
 .Cm resume
 subcommand.
 Thus there is no need to close nor unmount anything.
@@ -584,21 +625,26 @@ utility is stored is bad idea.
 Additional options include:
 .Bl -tag -width ".Fl j Ar passfile"
 .It Fl j Ar passfile
-Specifies a file which contains the passphrase or its part.
+Specifies a file which contains the passphrase component of the User Key
+(or part of it).
 For more information see the description of the
 .Fl J
 option for the
 .Cm init
 subcommand.
 .It Fl k Ar keyfile
-Specifies a file which contains part of the key.
+Specifies a file which contains the keyfile component of the User Key
+(or part of it).
 For more information see the description of the
 .Fl K
 option for the
 .Cm init
 subcommand.
 .It Fl p
-Do not use passphrase as the key component.
+Do not use a passphrase as a component of the User Key.
+Cannot be combined with the
+.Fl j
+option.
 .El
 .It Cm resize
 Inform
@@ -626,6 +672,9 @@ If GEOM providers are specified, the
 subcommand will print metadata version used by each of them.
 .It Cm clear
 Clear metadata from the given providers.
+.Em WARNING :
+This will erase with zeros the encrypted Master Key copies stored in the
+metadata.
 .It Cm dump
 Dump metadata stored on the given providers.
 .It Cm list
@@ -647,6 +696,36 @@ Additional options include:
 .It Fl v
 Be more verbose.
 .El
+.Sh KEY SUMMARY
+.Ss Master Key
+Upon
+.Cm init ,
+the
+.Nm
+utility generates a random Master Key for the provider.
+The Master Key never changes during the lifetime of the provider.
+Each copy of the provider metadata, active or backed up to a file, can store
+up to two, independently-encrypted copies of the Master Key.
+.Ss User Key
+Each stored copy of the Master Key is encrypted with a User Key, which
+is generated by the
+.Nm
+utility from a passphrase and/or a keyfile.
+The
+.Nm
+utility first reads all parts of the keyfile in the order specified on the
+command line, then reads all parts of the stored passphrase in the order
+specified on the command line.
+If no passphrase parts are specified, the system prompts the user to enter
+the passphrase.
+The passphrase is optionally strengthened by PKCS#5v2.
+The User Key is a digest computed over the concatenated keyfile and passphrase.
+.Ss Data Key
+During operation, one or more Data Keys are deterministically derived by
+the kernel from the Master Key and cached in memory.
+The number of Data Keys used by a given provider, and the way they are
+derived, depend on the GELI version and whether the provider is configured to
+use data authentication.
 .Sh SYSCTL VARIABLES
 The following
 .Xr sysctl 8
@@ -677,7 +756,7 @@ If set to 0, attaching providers on boot will be disabled.
 This variable should be set in
 .Pa /boot/loader.conf .
 .It Va kern.geom.eli.overwrites : No 5
-Specifies how many times the Master-Key will be overwritten
+Specifies how many times the Master Key will be overwritten
 with random values when it is destroyed.
 After this operation it is filled with zeros.
 .It Va kern.geom.eli.visible_passphrase : No 0
@@ -699,18 +778,19 @@ Batching reduces the number of interrupts by responding to a group of
 crypto requests with one interrupt.
 The crypto card and the driver has to support this feature.
 .It Va kern.geom.eli.key_cache_limit : No 8192
-Specifies how many encryption keys to cache.
+Specifies how many Data Keys to cache.
 The default limit
 (8192 keys) will allow caching of all keys for a 4TB provider with 512 byte
 sectors and will take around 1MB of memory.
 .It Va kern.geom.eli.key_cache_hits
-Reports how many times we were looking up a key and it was already in cache.
-This sysctl is not updated for providers that need less keys than the limit
-specified in
+Reports how many times we were looking up a Data Key and it was already in
+cache.
+This sysctl is not updated for providers that need fewer Data Keys than
+the limit specified in
 .Va kern.geom.eli.key_cache_limit .
 .It Va kern.geom.eli.key_cache_misses
-Reports how many times we were looking up a key and it was not in cache.
-This sysctl is not updated for providers that need fewer keys than the limit
+Reports how many times we were looking up a Data Key and it was not in cache.
+This sysctl is not updated for providers that need fewer Data Keys than the limit
 specified in
 .Va kern.geom.eli.key_cache_limit .
 .El
@@ -738,7 +818,7 @@ Enter passphrase:
 # geli detach da2.eli
 .Ed
 .Pp
-Create an encrypted provider, but use two keys:
+Create an encrypted provider, but use two User Keys:
 one for your employee and one for you as the company's security officer
 (so it's not a tragedy if the employee
 .Qq accidentally
@@ -760,7 +840,7 @@ forget their passphrases, so backup the Master Key with your own random key:
 # dd if=/dev/random of=/mnt/pendrive/keys/`hostname` bs=64 count=1
 # geli init -P -K /mnt/pendrive/keys/`hostname` /dev/ad0s1e
 # geli backup /dev/ad0s1e /mnt/pendrive/backups/`hostname`
-(use key number 0, so the encrypted Master Key will be overwritten by this)
+(use key number 0, so the encrypted Master Key will be re-encrypted by this)
 # geli setkey -n 0 -k /mnt/pendrive/keys/`hostname` /dev/ad0s1e
 (allow the user to enter his passphrase)
 Enter new passphrase:
@@ -776,8 +856,8 @@ Encrypted swap partition setup:
 .Pp
 The example below shows how to configure two providers which will be attached
 on boot (before the root file system is mounted).
-One of them is using passphrase and three keyfiles and the other is using only a
-keyfile:
+One of them is using passphrase and three keyfile parts and the other is
+using only a keyfile in one part:
 .Bd -literal -offset indent
 # dd if=/dev/random of=/dev/da0 bs=1m
 # dd if=/dev/random of=/boot/keys/da0.key0 bs=32k count=1
diff --git a/sbin/geom/class/multipath/geom_multipath.c b/sbin/geom/class/multipath/geom_multipath.c
index a821951d3bee..cdf35d0381ec 100644
--- a/sbin/geom/class/multipath/geom_multipath.c
+++ b/sbin/geom/class/multipath/geom_multipath.c
@@ -49,6 +49,7 @@ uint32_t version = G_MULTIPATH_VERSION;
 static void mp_main(struct gctl_req *, unsigned int);
 static void mp_label(struct gctl_req *);
 static void mp_clear(struct gctl_req *);
+static void mp_prefer(struct gctl_req *);
 
 struct g_command class_commands[] = {
 	{
@@ -87,6 +88,10 @@ struct g_command class_commands[] = {
 		"[-v] name prov"
 	},
 	{
+		"prefer", G_FLAG_VERBOSE, mp_main, G_NULL_OPTS,
+		"[-v] prov ..."
+	},
+	{
 		"fail", G_FLAG_VERBOSE, NULL, G_NULL_OPTS,
 		"[-v] name prov"
 	},
@@ -131,6 +136,8 @@ mp_main(struct gctl_req *req, unsigned int flags __unused)
 		mp_label(req);
 	} else if (strcmp(name, "clear") == 0) {
 		mp_clear(req);
+	} else if (strcmp(name, "prefer") == 0) {
+		mp_prefer(req);
 	} else {
 		gctl_error(req, "Unknown command: %s.", name);
 	}
@@ -294,3 +301,22 @@ mp_clear(struct gctl_req *req)
 	}
 }
 
+static void
+mp_prefer(struct gctl_req *req)
+{
+	const char *name, *comp, *errstr;
+	int nargs;
+
+	nargs = gctl_get_int(req, "nargs");
+	if (nargs != 2) {
+		gctl_error(req, "Usage: prefer GEOM PROVIDER");
+		return;
+	}
+	name = gctl_get_ascii(req, "arg0");
+	comp = gctl_get_ascii(req, "arg1");
+	errstr = gctl_issue (req);
+	if (errstr != NULL) {
+		fprintf(stderr, "Can't set %s preferred provider to %s: %s.\n",
+		    name, comp, errstr);
+	}
+}
diff --git a/sbin/geom/class/multipath/gmultipath.8 b/sbin/geom/class/multipath/gmultipath.8
index 55a86f339314..81b85ddbd642 100644
--- a/sbin/geom/class/multipath/gmultipath.8
+++ b/sbin/geom/class/multipath/gmultipath.8
@@ -66,6 +66,11 @@
 .Op Fl v
 .Ar name
 .Nm
+.Cm prefer
+.Op Fl v
+.Ar name
+.Ar prov
+.Nm
 .Cm getactive
 .Op Fl v
 .Ar name
@@ -171,7 +176,9 @@ If there are other paths present, new requests will be forwarded there.
 Mark specified provider as a path of the specified multipath device as
 operational, allowing it to handle requests.
 .It Cm rotate
-Change the active provider/path in Active/Passive mode.
+Change the active provider/path to the next available provider in Active/Passive mode.
+.It Cm prefer
+Change the active provider/path to the specified provider in Active/Passive mode.
 .It Cm getactive
 Get the currently active provider(s)/path(s).
 .It Cm destroy
diff --git a/sbin/geom/class/part/gpart.8 b/sbin/geom/class/part/gpart.8
index 2e745c40fca3..7a91d3dbc07c 100644
--- a/sbin/geom/class/part/gpart.8
+++ b/sbin/geom/class/part/gpart.8
@@ -1006,11 +1006,12 @@ or
 but smaller than 545 kB since the first-stage loader will load the
 entire partition into memory during boot, regardless of how much data
 it actually contains.
-This example uses 94 blocks (47 kB) so the next partition will be
+This example uses 88 blocks (44 kB) so the next partition will be
 aligned on a 64 kB boundary without the need to specify an explicit
 offset or alignment.
+The boot partition itself is aligned on a 4 kB boundary.
 .Bd -literal -offset indent
-/sbin/gpart add -b 34 -s 94 -t freebsd-boot ad0
+/sbin/gpart add -b 40 -s 88 -t freebsd-boot ad0
 /sbin/gpart bootcode -p /boot/gptboot -i 1 ad0
 .Ed
 .Pp
diff --git a/sbin/geom/class/raid/graid.8 b/sbin/geom/class/raid/graid.8
index 6b8cd61dbf56..630cd018e621 100644
--- a/sbin/geom/class/raid/graid.8
+++ b/sbin/geom/class/raid/graid.8
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 6, 2012
+.Dd September 13, 2012
 .Dt GRAID 8
 .Os
 .Sh NAME
@@ -85,7 +85,7 @@ utility is used to manage software RAID configurations, supported by the
 GEOM RAID class.
 GEOM RAID class uses on-disk metadata to provide access to software-RAID
 volumes defined by different RAID BIOSes.
-Depending on RAID BIOS type and it's metadata format, different subsets of
+Depending on RAID BIOS type and its metadata format, different subsets of
 configurations and features are supported.
 To allow booting from RAID volume, the metadata format should match the
 RAID BIOS type and its capabilities.
@@ -293,6 +293,8 @@ Mark volume as clean when idle for the specified number of seconds.
 Debug level of the
 .Nm RAID
 GEOM class.
+.It Va kern.geom.raid.enable : No 1
+Enable on-disk metadata taste.
 .It Va kern.geom.raid.idle_threshold : No 1000000
 Time in microseconds to consider a volume idle for rebuild purposes.
 .It Va kern.geom.raid.name_format : No 0
@@ -302,6 +304,8 @@ Number of read errors equated to disk failure.
 Write errors are always considered as disk failures.
 .It Va kern.geom.raid.start_timeout : No 30
 Time to wait for missing array components on startup.
+.It Va kern.geom.raid. Ns Ar X Ns Va .enable : No 1
+Enable taste for specific metadata or transformation module.
 .El
 .Sh EXIT STATUS
 Exit status is 0 on success, and non-zero if the command fails.
diff --git a/sbin/geom/class/sched/gsched.8 b/sbin/geom/class/sched/gsched.8
index bb3c1cfe5cb5..ae04865a21b1 100644
--- a/sbin/geom/class/sched/gsched.8
+++ b/sbin/geom/class/sched/gsched.8
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 29, 2010
+.Dd July 26, 2012
 .Dt GSCHED 8
 .Os
 .Sh NAME
@@ -135,19 +135,19 @@ maximum amount of debug information is printed.
 Exit status is 0 on success, and 1 if the command fails.
 .Sh EXAMPLES
 The following example shows how to create a scheduling provider for disk
-.Pa /dev/ad0 ,
+.Pa /dev/ada0 ,
 and how to destroy it.
 .Bd -literal -offset indent
 # Load the geom_sched module:
 kldload geom_sched
 # Load some scheduler classes used by geom_sched:
 kldload gsched_rr
-# Configure device ad0 to use scheduler "rr":
-geom sched insert -a rr ad0
-# Now provider ad0 uses the "rr" algorithm;
-# the new geom is ad0.sched.
+# Configure device ada0 to use scheduler "rr":
+geom sched insert -a rr ada0
+# Now provider ada0 uses the "rr" algorithm;
+# the new geom is ada0.sched.
 # Remove the scheduler on the device:
-geom sched destroy -v ad0.sched.
+geom sched destroy -v ada0.sched.
 .Ed
 .Sh SEE ALSO
 .Xr geom 4 ,
diff --git a/sbin/geom/class/virstor/gvirstor.8 b/sbin/geom/class/virstor/gvirstor.8
index cdb50b1d0f53..99eff52fe571 100644
--- a/sbin/geom/class/virstor/gvirstor.8
+++ b/sbin/geom/class/virstor/gvirstor.8
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 24, 2011
+.Dd August 3, 2012
 .Dt GVIRSTOR 8
 .Os
 .Sh NAME
@@ -43,6 +43,10 @@
 .Op Fl fv
 .Ar name ...
 .Nm
+.Cm destroy
+.Op Fl fv
+.Ar name ...
+.Nm
 .Cm add
 .Op Fl vh
 .Ar name prov ...
@@ -107,6 +111,9 @@ Turn off an existing virtual device with the given
 .Ar name .
 This command does not touch on-disk metadata.
 As with other GEOM classes, stopped geoms cannot be started manually.
+.It Cm destroy
+Same as
+.Cm stop.
 .It Cm add
 Adds new components to existing virtual device with the given
 .Ar name .
diff --git a/sbin/geom/core/geom.c b/sbin/geom/core/geom.c
index 770e960f3c05..8c15c2143e1e 100644
--- a/sbin/geom/core/geom.c
+++ b/sbin/geom/core/geom.c
@@ -74,7 +74,7 @@ static void std_status(struct gctl_req *req, unsigned flags);
 static void std_load(struct gctl_req *req, unsigned flags);
 static void std_unload(struct gctl_req *req, unsigned flags);
 
-struct g_command std_commands[] = {
+static struct g_command std_commands[] = {
 	{ "help", 0, std_help, G_NULL_OPTS, NULL },
 	{ "list", 0, std_list,
 	    {