Bug 655538 - Passwords for non root encrypted devices print during boot.
Summary: Passwords for non root encrypted devices print during boot.
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: plymouth
Version: 19
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Ray Strode [halfline]
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-21 15:53 UTC by Bruno Wolff III
Modified: 2018-04-11 12:51 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-02-17 13:28:51 UTC
Type: ---


Attachments (Terms of Use)
Ensure tty can be set into unbuffered mode during reconnect (1.55 KB, patch)
2011-02-18 18:31 UTC, Andrey Borzenkov
no flags Details | Diff

Description Bruno Wolff III 2010-11-21 15:53:13 UTC
Description of problem:
Previously (<= F14) when I booted I got asked for the password to my encrypted device once and asterisks displayed for the characters. Now I am getting asked separately for each device. The root device password still has asterisks show, but later in the boot process when the non-root devices get asked about the characters are echoed as themselves. Also if I make a mistake I don't get asked again for the password, the system attempts to come up without access to that device.


Version-Release number of selected component (if applicable):
systemd-13-1.fc15.i686
dracut-008-0.10.gitb2415f4.fc15.noarch


How reproducible:
Happens every boot.


Additional info:
I am not using the quiet or rhgb boot parameters.

Comment 1 Bruno Wolff III 2010-12-11 16:55:29 UTC
When I rebooted using upstart to test another issue, I was only asked for the password once.

Comment 2 Lennart Poettering 2011-01-04 23:46:31 UTC
Hmm, seems we do not support caching passphrases yet.

Presumably you are using the same passphrase on multiple disks, right?

Comment 3 Lennart Poettering 2011-01-04 23:53:31 UTC
Hmm, are you prompted for the passwords using plymouth? or using the text cryptsetup tools?

Comment 4 Bruno Wolff III 2011-01-05 04:42:38 UTC
Yes, I use the same password on several devices (software raid binding partitions together).

I think the luks tools. It gets pretty messy since several things are running at once. There also seem to be timeouts that are relatively short and if I mess up, I don't always get the passwords entered in time.

Comment 5 Alon Levy 2011-01-15 16:50:08 UTC
I get the same problem. My home directory is encrypted, the password asked gets displayed on the console and asterisks appear briefly only after enter is pressed - looks to me like the wrong device is set to raw mode (or it isn't set at all because of permissions - didn't realize this worked correctly for root device since my root isn't encrypted, just home. Also, this fits with my proposed explanation).

Comment 6 Lennart Poettering 2011-01-21 02:36:53 UTC
Bruno, how have you configured plymouth? Are you passing any kernel arguments to disable Plymouth? Which ones exactly? I'd like to reproduce this here and hence would like to know how exactly I can trigger the problem you pointed out with multiple tools fighting for the console.

Comment 7 Bruno Wolff III 2011-01-21 07:34:32 UTC
kernel (hd0,0)/vmlinuz-2.6.36.2-12.rc1.fc15.i686.PAE ro root=/dev/mapper/luks-58
aa4879-4d9f-4074-ac4b-173be649c36d SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8 KE
YTABLE=us

This is missing rhgb and quiet if I remember correctly.

I see the same issues when booting later kernels, but on this machine my video card has extra issues with 2.6.37 kernels so I don't normally use them.

Comment 8 Andrey Borzenkov 2011-02-15 08:43:10 UTC
It looks like here two different problems may be mixed; I have the same as comment #5.

I was fighting with this problem through the last week. The problem happens when plymouth is started by dracut; in this case dracut immediately requests show-splash and plymouth starts to show details splash in case graphic was disabled.

Later during boot sequence something resets console terminal settings from what plymough had set it to. Which by itself is rather weird because plymouth locks them. But I have log that proves it :)

I was not able to find exact reason. On my system disabling fedora-readonly.service magically stopped screwing up terminal settings. Now, fedora-readonly is leftover from iniscripts and it calls /etc/init.d/functions which /may/ do something weird to terminal.

I am going to play with it a bit more after I am back from business trip(s) :)

BTW I'm using Mandriva but iniscripts are to large extent the same. The bug started to happen only after I built initscripts 9.24 and switched to booting without rc.sysinit.

Comment 9 Andrey Borzenkov 2011-02-17 20:26:50 UTC
(In reply to comment #8)
> It looks like here two different problems may be mixed; I have the same as
> comment #5.
> 

Well ... here is what happens. plymouth rebuilt with some extra debugging.

For some reason plymouth gets HUP on opened console (we use tty7 but should not matter):

[/home/bor/cooker/plymouth/BUILD/plymouth-0.8.3/src/libply/ply-event-loop.c]         ply_event_loop_process_pending_events:EPOLLHUP^M
[/home/bor/cooker/plymouth/BUILD/plymouth-0.8.3/src/libply/ply-event-loop.c]              ply_event_loop_disconnect_source:disconnecting source with fd 10^M
[/home/bor/cooker/plymouth/BUILD/plymouth-0.8.3/src/libply/ply-event-loop.c]   ply_event_loop_handle_disconnect_for_source:calling disconnected_handler 0x7fc78ae88140 for fd 10^M
[/home/bor/cooker/plymouth/BUILD/plymouth-0.8.3/src/libply-splash-core/ply-terminal.c]                           on_tty_disconnected:tty disconnected (fd 10)^M

Next it tries to reopen it:

[/home/bor/cooker/plymouth/BUILD/plymouth-0.8.3/src/libply-splash-core/ply-terminal.c]                           on_tty_disconnected:trying to reopen terminal '/dev/tty7'^M

After terminal is reopened, we have quite strange situation where settings are locked, but actually reset to cooked input mode:

[/home/bor/cooker/plymouth/BUILD/plymouth-0.8.3/src/libply-splash-core/ply-terminal.c]                      ply_terminal_open_device:locked attributes: iflag=ffffffff oflag=ffffffff clfag=ffffffff lflag=ffffffff line=ff ispeed=0 ospeed=e58666a8^M
[/home/bor/cooker/plymouth/BUILD/plymouth-0.8.3/src/libply-splash-core/ply-terminal.c]                      ply_terminal_open_device:attributes: iflag=4500 oflag=5 clfag=4bf lflag=8a3b line=0 ispeed=f ospeed=f^M

Later it calls ply_terminal_set_unbuffered_input() again but in this case it fails because terminal settings are locked.

I do not know what is causing HUP being sent to plymouth, nor what can reset tty settings under the hood. Unlocking them in ply_terminal_set_unbuffered_input() before setting does provide a workaround.

Comment 10 Lennart Poettering 2011-02-18 12:30:50 UTC
Andrey, thanks for tracking this down.

Hmm, tentatively reassigning to plymouth. Ray? any idea?

Comment 11 Ray Strode [halfline] 2011-02-18 15:44:03 UTC
i'm okay with adding code to forcefully unlock the terminal in after reopening it, but we should figure out why the settings are getting reset too.

Comment 12 Andrey Borzenkov 2011-02-18 18:31:24 UTC
Created attachment 479587 [details]
Ensure tty can be set into unbuffered mode during reconnect

This is almost certainly a kernel bug, more likely even two.

1. tty gets sporadically closed, very probably the same issue as in systemd commit f73f76

2. locked terminal settings get changed (or lock for changed settings is not cleared on reopen).

May be it is the same race. I am not sure what semantic of locked settings is, but I'd expect lock to be reset after tty was closed by process that had set lock.

Anyway I am currently pushing attach patch for plymouth in Mandriva as workaround. I do not think it has to go upstream, nor that any workaround should go upstream. We need to fix kernel for this.

Comment 13 Ray Strode [halfline] 2011-02-18 18:49:07 UTC
I agree we should figure out the root cause and fix it there, but we already have various work arounds in plymouth (including the whole reconnect tty thing) so adding one more won't hurt.

eventually I'd like to dump all this tty crap and switch to using /dev/input.

I just pushed this:

http://cgit.freedesktop.org/plymouth/commit/?id=bb3be6b60f6f0b8f8cea67b7817210b7e7164043

Comment 14 Lennart Poettering 2011-02-19 13:30:29 UTC
*** Bug 678720 has been marked as a duplicate of this bug. ***

Comment 15 Toshio Ernie Kuratomi 2011-02-23 15:46:48 UTC
I'm running plymouth-0.8.4-0.20110419.1.fc16.i686 in a VM.  The changelog implies that this is fixed: 
- unlock tty when reopening in case it spontaneously goes bonkers and we need to fix it up
Resolves: #655538

I'm still seeing the problems reported in  Bug 678720.  I'm also seeing other terminal problems that may be related to raw vs cooked mode.  Arrow keys don't work in the shell.  vim is unusable because keystrokes are echoed to the top line in the screen instead of affecting the buffer.  Control-L does not redraw the screen.  Etc.  This does not seem to be related to hitting the ESC key during bootup as I originally thought -- the symptoms occur even when the ESC key is not hit.  However, it does seem to be a race as every once in a while (maybe one in 10 boots) the system comes up with the terminal behaving as expected.

Should I reopen 678720 and retarget it against plymouth?  Or continue on here?

Comment 16 Lennart Poettering 2011-02-23 19:40:25 UTC
I think these are multiple issues in one.

I have recently made some changes to systemd to ensure that no getty is started before plymouth is gone

Comment 17 Toshio Ernie Kuratomi 2011-02-23 22:44:02 UTC
Okay, reopened and updated 678720.

Comment 18 Lennart Poettering 2011-02-24 01:14:22 UTC
Uh, really no need to open a bug for that, it's already fixed upstream.

Comment 19 Toshio Ernie Kuratomi 2011-02-24 01:47:17 UTC
People need to know when to test an updated package.  Having a bug allows that notification to happen.

Since we have to push F15 packages through bodhi now, you can just add the bug number in the bodhi update info and it will notify people and close the bug once the package goes to stable.

Comment 20 Bruno Wolff III 2011-03-05 15:18:51 UTC
I am seeing new behavior today. In two reboots I saw both the old F14 behavior where I entered a pass phrase once early in the boot that is needed for a few different encrypted devices and everything worked. I also saw a case where there was an selinux denial and the system hung for a minute or two and then continued with a few encrypted devices not being mounted which caused problems requiring me to reboot.

Comment 21 Bruno Wolff III 2011-03-20 16:16:27 UTC
I haven't seen the password echo issue for a while, so this bug can probably be closed. The other issue I started noticing after the fix has at least one bug open for it.

Comment 22 Fedora End Of Life 2013-04-03 19:01:46 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19

Comment 23 Fedora End Of Life 2015-01-09 16:26:15 UTC
This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 24 Fedora End Of Life 2015-02-17 13:28:51 UTC
Fedora 19 changed to end-of-life (EOL) status on 2015-01-06. Fedora 19 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.