Releases: bitstreamout/showconsole
Release list
Implement Plymouth-compatible commands and use signalfd
Implement Plymouth-compatible display-message and hide-message commands
This commit adds support for the display-message and hide-message
Plymouth commands, allowing external tools to print status updates
directly to the boot console via blogctl.
Key changes:
- Add
MAGIC_SHOW_MSGandMAGIC_HIDE_MSGprotocols to blogctl and
parse the--text=argument usinggetopt_long_only(). - Broadcast
display-messagepayloads to all active hardware consoles
viac->out()to ensure immediate visual feedback, while simultaneously
logging it to/var/log/boot.logviacopylog(). - Add
\r\nline endings to printed messages to prevent the staircase
effect on serial terminals operating in raw mode. - Handle
hide-messageas a visual no-op (replying with an ACK only)
to deliberately avoid ANSI clear-screen sequences that would corrupt
the output on line-based, half-duplex consoles like the s390x 3215. - Update the blogctl.8 manual page to document the new commands and
their specific behavior regarding screen clearing.
Implement Plymouth-compatible ask-for-password and ask-question commands
This commit extends blogctl to act as a lightweight, fully functional
replacement for Plymouth's interactive prompt commands, allowing scripts
to securely ask for passwords or questions on the system console.
Key changes:
- Add support for
ask-for-passwordandask-questionin blogctl. - Use
getopt_long_only()to robustly parse GNU-style long options
(--prompt, --command, --number-of-tries, --dont-pause-progress). - Offload the retry-loop and command execution (
popen) entirely to
the blogctl client, keeping the blogd daemon simple and secure. - Fix an epoll
EEXISTcrash in console.c by separating the daemon's
process state (asking) from the requested prompt type (ask_mode),
resolving a race condition during socket handler registration. - Comply strictly with the Plymouth protocol: enforce 1-byte prompt
length limits, handle little-endian length headers (le32toh),
and ensure null-terminated payloads viaasprintf. - Update the blogctl.8 manual page to document the new commands.
Back to use constructor for initial seed
for the process lifetime and inherited across fork()
Make tty wait logic real and fix SIGHUP/inotify cleanup
Better in-memory reversible obfuscation for cached passwords
This is not cryptographic protection against a memory-reading attacker.
It is only meant to avoid trivial/plaintext exposure in memory.
Fix resource leaks and harden IPC validations
This commit addresses several issues found by static code analysis,
focusing on memory hygiene, file descriptor management, and robust
error handling.
Key changes:
- Fix memory and file descriptor leaks in error paths (proc.c, shm.c, tty.c)
and ensure all pending coldstart requests are freed on shutdown. - Harden the systemd ask-password interface by adding boundary checks
for UNIX socket paths, verifyingsendtopayloads, and gracefully
handling missing directories during early boot without fatal errors. - Improve IPC protocol safety by strictly validating the MAGIC_CHROOT
argument (must be an absolute path) and sending an explicit NACK on failure. - Prevent stale terminal states on s390x by clearing the VMCP cache
prior to parsing a new QUERY TERMINAL reply.
User the --wait option of the blogctl quit command
Add an --wait option specially for quit of blogctl
Fix gh##7
setting blog.silent=true causes it to be non-silent
Make shared library a executable
Refactor daemon to use synchronous signalfd and epoll event loop
This commit migrates the core architecture from traditional, asynchronous
signal handling to a modern, synchronous event loop using signalfd. By
integrating signal handling directly into the epoll multiplexer, we eliminate
race conditions, unexpected EINTR interruptions during I/O operations, and
complex reentrancy issues.
Key changes:
- Add
setup_signalfd()to block essential signals (SIGINT, SIGQUIT, SIGTERM,
SIGSYS, SIGIO, SIGCHLD) globally and route them through a dedicated file
descriptor monitored by epoll. - Shield
epoll_pwait()using a fully populated signal mask (omask) to
guarantee uninterrupted I/O processing. - Prevent socket handlers (MAGIC_SYS_INIT, MAGIC_CLOSE) from accidentally
unblocking signals and resetting dispositions when signalfd is active. - Sanitize the inherited signal mask in forked child processes
(e.g., systemd password prompts on tty) by resetting it to an empty
mask viasigprocmask(), ensuring agents run without restrictions. - Replace the
ALIGNED_SIZEOFmacro with a cleaneralign_up(type, boundary)
macro and fixmemset()sizes to correctly zero out trailing padding bytes. - Update the Makefile to compile a stripped-down fallback object
(signals_stripped.ocompiled with -DNO_SIGNALFD) to ensure the passive
libblogger.solibrary remains unaffected by the signalfd architecture.
Some minor changes in quit and umount unit services
The HVC consoles are like sclp console
and can do colours as well
Harden blog and use shims units to handle plymouth
Disable coldstart requests via epoll
Avoid handling fd twice in epoll loop
Make sure that if blog is running it is identified as plymouth
also add conflicts to systemd-ask-password-console units in
the systemd-ask-password-blog units. This should avoid
conflicting password agents asking the same question in s390x.
Fix possible memory leaks, eliminate type punning, and resolve I/O blocking
This update implements a series of systemic improvements to stability,
security, and performance:
1. Memory Safety & Leak Resolution:
- Implemented lcons_shutdown destructor to automatically purge the console
list and close FDs on exit.
- Fixed password buffer leak by replacing free() with munmap() in closeIO,
correctly matching the mmap allocation in shm_malloc.
- Added cleanup for pwprompt in closeIO.
2. Elimination of Dangerous Type Punning:
- Replaced the unreliable &cons->node pattern with a type-safe list_t lcons
sentinel across the codebase.
- Added attribute((may_alias)) to list_t in listing.h to prevent
compiler strict aliasing optimizations from corrupting list traversals.
3. I/O Responsiveness & Stability:
- Removed tcdrain() from the high-frequency epoll_console_in path to
eliminate daemon freezes during heavy output.
- Updated consinitIO to ensure CON_SERIAL devices remain in O_NONBLOCK
mode, preventing freezes on slow serial lines.
- Extended the tcdrain skip-list in closeIO to include CON_SERIAL, ensuring
a hang-free shutdown.
4. Architectural Improvements:
- Redesigned shm_malloc to use a tiered mapping strategy: prefers
file-backed shared memory in /dev/shm with a graceful fallback
to MAP_ANONYMOUS.
- Optimized listing.h with always_inline attributes, __builtin_prefetch
for cache efficiency, and list poisoning for safer debugging.
Some fixes added
The attribute((noreturn)) for error() in libconsole.h added
The variable err with 0 initialized in thread_poll()
The variable cp.parity with {0} initialized in readpw()
Protect password data stream on 3270 console as well
On S390 the 3270 console is also logged and the passwords,
even if hidden on the 3270 console, would be logged as well
New feature to protect passwords to be logged
On S390 now blogd use for 3215 console the command
#CP SPOOL CONSOLE STOP
to stop logging the plain password at prompting for the password.
Also a warning is written out to warn the user that the password
will be visible. With getting the password the CONSOLE log is
enabled again if it was enabled before.
Make it work on 3215 console of s390
means no tcdrain() for 3215, no blocking writes, not more then 130 characters per line, no \r, finalize lines with \n. Nevertheless use a blocking read for password requests.
Make automatic CLEAR an kernel command line option with the parameter blog.timeout=0
Correct Version now v2.37
- Release: bump version to 2.37
- Make release.sh active
- Run klogctl with console massages off only once
in the password asking processes on the main console device only
Rework password asking method to be asynchronous
- If SYS_pidfd_open is not defined use a fallback
Include <asm/unistd.h> to get __NR_pidfd_open for
the definition of SYS_pidfd_open. - Changes to let systemd find plymouth replacements
which means to add the appropiate Alias in systemd-ask-password-blog.path
and also in systemd-ask-password-blog.service with new Install
sections. Also change description in systemd-ask-password-blog.path
to hint for blogd as replacement. - Rework password asking method to be asynchronous
Make s390 3215 console work
that is use EPOLLOUT|EPOLLONESHOT to control if we can write to ttyS0 in nonblocking mode and if not reenable EPOLLOUT|EPOLLONESHOT.
At boot set for ttyS0 via vmcp API nonblocking MORE mode with `0 0'. It beeps but boots.
Increase patch level
Make it work on s390x (still no 3215 console)
This is a bug fix release. But still no support in conmode 3215 as there is a race triggered by using conmode 3215. The order of the systemd units seems to change with this console mode.
Better 3270 console support
Use uevent below /sys file system