Thank you, Stuart, Sebastien and Aaron (and others, off-list). Indeed, `sysctl kern.securelevel=-1` allows entering DDB with `sysctl ddb.trigger=1`. (Yes, I am logged in over serial, and that works well). That was not clear from the ddb manpage, nor from the securelevel manpage (admittedly, I didn't read that until after the replies to my mail, since I didn't think securelevel played into this).
I suggest the below diffs to document this requirement. Paul PS: sending BREAK over uplcom still doesn't work, but if I'm reading Stuart correctly, I think this is because my serial getty runs on tty00, not on console: [weerd@pom] $ grep -e console -e tty00 /etc/ttys console "/usr/libexec/getty std.9600" vt220 off secure tty00 "/usr/libexec/getty std.115200" vt220 on secure On this machine, I often switch between `set tty pc0` and `set tty com0` for debugging purposes, but I always want a getty running on the serial port. Index: ddb.4 =================================================================== RCS file: /cvs/src/share/man/man4/ddb.4,v retrieving revision 1.105 diff -u -p -r1.105 ddb.4 --- ddb.4 22 Dec 2022 19:53:22 -0000 1.105 +++ ddb.4 30 May 2023 06:34:19 -0000 @@ -46,7 +46,9 @@ is invoked upon a kernel panic when the is set to 1. It may be invoked from the console when the sysctl .Va ddb.console -is set to 1, using any of the following methods: +is set to 1 and +.Va kern.securelevel +is set to 0 or -1, using any of the following methods: .Bl -dash -offset 3n .It Using the key sequence Index: securelevel.7 =================================================================== RCS file: /cvs/src/share/man/man7/securelevel.7,v retrieving revision 1.31 diff -u -p -r1.31 securelevel.7 --- securelevel.7 21 Aug 2019 20:44:09 -0000 1.31 +++ securelevel.7 30 May 2023 06:36:30 -0000 @@ -73,6 +73,7 @@ raw disk devices of mounted file systems system immutable and append-only file flags may not be removed .It the +.Va ddb.trigger , .Va fs.posix.setuid , .Va hw.allowpowerdown , .Va kern.allowkmem , On Mon, May 29, 2023 at 07:56:51AM -0000, Stuart Henderson wrote: | On 2023-05-29, Sebastien Marie <sema...@online.fr> wrote: | > On Mon, May 29, 2023 at 02:41:00PM +1000, Aaron Mason wrote: | >> On Mon, May 29, 2023 at 4:08 AM Paul de Weerd <we...@weirdnet.nl> wrote: | >> > | >> > (for the record, BREAK doesn't work either to enter ddb, I | >> > guessed it was due to the USB-to-serial dongle I'm using (uplcom(4) | >> > lacking support for sending a proper BREAK .. but this may be the same | >> > issue?) | | fwiw BREAK does usually work in uplcom. It's uark that is known not to work. | (but since a BREAK is just holding the line at 0 for longer than a normal | character transmission time, if the console port speed is fairly high, | it's easy to send something that will be interpreted as break by setting | a low speed on the transmitting port and sending a char with enough 0 bits | in it). | | > From the code, to use ddb.trigger (aka DBCTL_TRIGGER), you need: | > | > - kern.securelevel < 1 (on a running system, kern.securelevel = -1) | > OR | > - something related to the console (I suppose "having the tty of the current | > process being the same than the console") | > | > If you are connected to serial, but your console is on VGA, it might be related. | | If that's the case, 1) it would also prevent BREAK on the serial port | from working, and 2) it probably wouldn't help to be able to trigger | ddb anyway, because ddb output will go to the system console, not the | console where ddb.trigger=1 was used. | | > So you might need to set kern.securelevel to lower value ("sysctl kern.securelevel=-1" | > in /etc/rc.securelevel), or make your console on serial (with "set tty com0" on | > bootloader). | | If 'set tty comX' isn't already used, the answer is almost certainly to | set that. | -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/