Skip to content

Releases: bitstreamout/showconsole

Implement Plymouth-compatible commands and use signalfd

Choose a tag to compare

@bitstreamout bitstreamout released this 09 Jul 13:39

Implement Plymouth-compatible display-message and hide-message commands

This commit adds support for the display-message and hide-message
Plymouth commands, allowing external tools to print status updates
directly to the boot console via blogctl.

Key changes:

  • Add MAGIC_SHOW_MSG and MAGIC_HIDE_MSG protocols to blogctl and
    parse the --text= argument using getopt_long_only().
  • Broadcast display-message payloads to all active hardware consoles
    via c->out() to ensure immediate visual feedback, while simultaneously
    logging it to /var/log/boot.log via copylog().
  • Add \r\n line endings to printed messages to prevent the staircase
    effect on serial terminals operating in raw mode.
  • Handle hide-message as a visual no-op (replying with an ACK only)
    to deliberately avoid ANSI clear-screen sequences that would corrupt
    the output on line-based, half-duplex consoles like the s390x 3215.
  • Update the blogctl.8 manual page to document the new commands and
    their specific behavior regarding screen clearing.

Implement Plymouth-compatible ask-for-password and ask-question commands

This commit extends blogctl to act as a lightweight, fully functional
replacement for Plymouth's interactive prompt commands, allowing scripts
to securely ask for passwords or questions on the system console.

Key changes:

  • Add support for ask-for-password and ask-question in blogctl.
  • Use getopt_long_only() to robustly parse GNU-style long options
    (--prompt, --command, --number-of-tries, --dont-pause-progress).
  • Offload the retry-loop and command execution (popen) entirely to
    the blogctl client, keeping the blogd daemon simple and secure.
  • Fix an epoll EEXIST crash in console.c by separating the daemon's
    process state (asking) from the requested prompt type (ask_mode),
    resolving a race condition during socket handler registration.
  • Comply strictly with the Plymouth protocol: enforce 1-byte prompt
    length limits, handle little-endian length headers (le32toh),
    and ensure null-terminated payloads via asprintf.
  • Update the blogctl.8 manual page to document the new commands.

Back to use constructor for initial seed
for the process lifetime and inherited across fork()
Make tty wait logic real and fix SIGHUP/inotify cleanup

Better in-memory reversible obfuscation for cached passwords
This is not cryptographic protection against a memory-reading attacker.
It is only meant to avoid trivial/plaintext exposure in memory.

Fix resource leaks and harden IPC validations
This commit addresses several issues found by static code analysis,
focusing on memory hygiene, file descriptor management, and robust
error handling.

Key changes:

  • Fix memory and file descriptor leaks in error paths (proc.c, shm.c, tty.c)
    and ensure all pending coldstart requests are freed on shutdown.
  • Harden the systemd ask-password interface by adding boundary checks
    for UNIX socket paths, verifying sendto payloads, and gracefully
    handling missing directories during early boot without fatal errors.
  • Improve IPC protocol safety by strictly validating the MAGIC_CHROOT
    argument (must be an absolute path) and sending an explicit NACK on failure.
  • Prevent stale terminal states on s390x by clearing the VMCP cache
    prior to parsing a new QUERY TERMINAL reply.

User the --wait option of the blogctl quit command
Add an --wait option specially for quit of blogctl

Fix gh##7

setting blog.silent=true causes it to be non-silent
Make shared library a executable

Refactor daemon to use synchronous signalfd and epoll event loop
This commit migrates the core architecture from traditional, asynchronous
signal handling to a modern, synchronous event loop using signalfd. By
integrating signal handling directly into the epoll multiplexer, we eliminate
race conditions, unexpected EINTR interruptions during I/O operations, and
complex reentrancy issues.

Key changes:

  • Add setup_signalfd() to block essential signals (SIGINT, SIGQUIT, SIGTERM,
    SIGSYS, SIGIO, SIGCHLD) globally and route them through a dedicated file
    descriptor monitored by epoll.
  • Shield epoll_pwait() using a fully populated signal mask (omask) to
    guarantee uninterrupted I/O processing.
  • Prevent socket handlers (MAGIC_SYS_INIT, MAGIC_CLOSE) from accidentally
    unblocking signals and resetting dispositions when signalfd is active.
  • Sanitize the inherited signal mask in forked child processes
    (e.g., systemd password prompts on tty) by resetting it to an empty
    mask via sigprocmask(), ensuring agents run without restrictions.
  • Replace the ALIGNED_SIZEOF macro with a cleaner align_up(type, boundary)
    macro and fix memset() sizes to correctly zero out trailing padding bytes.
  • Update the Makefile to compile a stripped-down fallback object
    (signals_stripped.o compiled with -DNO_SIGNALFD) to ensure the passive
    libblogger.so library remains unaffected by the signalfd architecture.

Some minor changes in quit and umount unit services

The HVC consoles are like sclp console
and can do colours as well

Harden blog and use shims units to handle plymouth

Choose a tag to compare

@bitstreamout bitstreamout released this 30 Jun 14:10

Disable coldstart requests via epoll
Avoid handling fd twice in epoll loop

Make sure that if blog is running it is identified as plymouth
also add conflicts to systemd-ask-password-console units in
the systemd-ask-password-blog units. This should avoid
conflicting password agents asking the same question in s390x.
Fix possible memory leaks, eliminate type punning, and resolve I/O blocking

This update implements a series of systemic improvements to stability,
security, and performance:
1. Memory Safety & Leak Resolution:
- Implemented lcons_shutdown destructor to automatically purge the console
list and close FDs on exit.
- Fixed password buffer leak by replacing free() with munmap() in closeIO,
correctly matching the mmap allocation in shm_malloc.
- Added cleanup for pwprompt in closeIO.
2. Elimination of Dangerous Type Punning:
- Replaced the unreliable &cons->node pattern with a type-safe list_t lcons
sentinel across the codebase.
- Added attribute((may_alias)) to list_t in listing.h to prevent
compiler strict aliasing optimizations from corrupting list traversals.
3. I/O Responsiveness & Stability:
- Removed tcdrain() from the high-frequency epoll_console_in path to
eliminate daemon freezes during heavy output.
- Updated consinitIO to ensure CON_SERIAL devices remain in O_NONBLOCK
mode, preventing freezes on slow serial lines.
- Extended the tcdrain skip-list in closeIO to include CON_SERIAL, ensuring
a hang-free shutdown.
4. Architectural Improvements:
- Redesigned shm_malloc to use a tiered mapping strategy: prefers
file-backed shared memory in /dev/shm with a graceful fallback
to MAP_ANONYMOUS.
- Optimized listing.h with always_inline attributes, __builtin_prefetch
for cache efficiency, and list poisoning for safer debugging.

Some fixes added
The attribute((noreturn)) for error() in libconsole.h added
The variable err with 0 initialized in thread_poll()
The variable cp.parity with {0} initialized in readpw()

Protect password data stream on 3270 console as well

Choose a tag to compare

@bitstreamout bitstreamout released this 24 Apr 07:48

On S390 the 3270 console is also logged and the passwords,
even if hidden on the 3270 console, would be logged as well

New feature to protect passwords to be logged

Choose a tag to compare

@bitstreamout bitstreamout released this 22 Apr 13:37

On S390 now blogd use for 3215 console the command
#CP SPOOL CONSOLE STOP
to stop logging the plain password at prompting for the password.
Also a warning is written out to warn the user that the password
will be visible. With getting the password the CONSOLE log is
enabled again if it was enabled before.

Make it work on 3215 console of s390

Choose a tag to compare

@bitstreamout bitstreamout released this 13 Apr 12:45

means no tcdrain() for 3215, no blocking writes, not more then 130 characters per line, no \r, finalize lines with \n. Nevertheless use a blocking read for password requests.

Make automatic CLEAR an kernel command line option with the parameter blog.timeout=0

Correct Version now v2.37

Choose a tag to compare

@bitstreamout bitstreamout released this 18 Mar 12:05
  • Release: bump version to 2.37
  • Make release.sh active
  • Run klogctl with console massages off only once
    in the password asking processes on the main console device only

Rework password asking method to be asynchronous

Choose a tag to compare

@bitstreamout bitstreamout released this 17 Mar 09:15
  • If SYS_pidfd_open is not defined use a fallback
    Include <asm/unistd.h> to get __NR_pidfd_open for
    the definition of SYS_pidfd_open.
  • Changes to let systemd find plymouth replacements
    which means to add the appropiate Alias in systemd-ask-password-blog.path
    and also in systemd-ask-password-blog.service with new Install
    sections. Also change description in systemd-ask-password-blog.path
    to hint for blogd as replacement.
  • Rework password asking method to be asynchronous

Make s390 3215 console work

Choose a tag to compare

@bitstreamout bitstreamout released this 28 Apr 13:38

that is use EPOLLOUT|EPOLLONESHOT to control if we can write to ttyS0 in nonblocking mode and if not reenable EPOLLOUT|EPOLLONESHOT.

At boot set for ttyS0 via vmcp API nonblocking MORE mode with `0 0'. It beeps but boots.

Increase patch level

Make it work on s390x (still no 3215 console)

Choose a tag to compare

@bitstreamout bitstreamout released this 16 Apr 13:01

This is a bug fix release. But still no support in conmode 3215 as there is a race triggered by using conmode 3215. The order of the systemd units seems to change with this console mode.

Better 3270 console support

Choose a tag to compare

@bitstreamout bitstreamout released this 03 Apr 14:19

Use uevent below /sys file system