Hi ! kern.version=OpenBSD 6.9-beta (GENERIC.MP) #429: ...
I've been doing some tests recently in order to retrieve kernel dumps. Using my Thinkpad T480 - 16Gb RAM, I did a very basic test install with the simplest layout ever: a= / 40G (more than enough for /var/crash to hold the entire dump) b= swap 17G In order to trigger a dump, I used reboot(8) (# reboot -d) and I also tested ddb> boot crash (modifying ddb.console=1 before securelevel change and triggering ddb with CTRL+ALT+ESC as in ddb(4) man page). Dump ended successfully ( ##### .... Succeeded ) Now the issue I encountered was retrieving this dump using savecore (manually in singleusermode or automatically with the rc script). By default, vm.swapencrypt.enable=1 so swap (by default) is encrypted with a "one time password". Now: 1) If dump is triggered from userland (in standard user session), although I'm seeing dump taking place before rebooting, there is absolutely NO WAY for me to retrieve it after rebooting. ==> # savecore -f /var/crash (booting in single usermode with >boot -s) => No dumps found ==> Letting rc script do it's thing: No core dump found 2) If dump is triggered while in singleusermode (>boot -s), then, core dump can be retrieved as expected with both method above. 3) If changing vm.swapencrypt.enable to 0 => Crash dumps can then be retrieved as expected even when triggered in user console session. Something must be wrong with my default-encrypted swap then right? Reading the mailing list, I was under the impression that, as crash dump appears late (after destroying the onetime encryption swap) and as savecore appears early in the boot process (before swap is onetime encrypted) there should not be any problem retrieving those dumps. However, without turning off default swap encryption, I am not able to retrieve those crash dumps when triggered in a standard user session. Do you have any explanations / suggestions on how I could solve this issue? Do we absolutely need to turn off manually default swap encryption before triggering a crash dump if we are NOT in single user mode? Thanks!
