[PATCH master 1/4] commands: stat: fix leaking file descriptors on early exit

[PATCH master 1/4] commands: stat: fix leaking file descriptors on early exit

[Ahmad Fatoum]

We currently leak the dirfd if we encounter an error during option
parsing. Fix this by only recording the path at first and opening the
dirfd once all options have been parsed.

Fixes: 5b175c52b53b ("commands: stat: add option for statat")
Signed-off-by: Ahmad Fatoum <a.fatoum@barebox.org>
---
 commands/stat.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/commands/stat.c b/commands/stat.c
index 8a96bf77b0f1..581cefad871d 100644
--- a/commands/stat.c
+++ b/commands/stat.c
@@ -14,6 +14,7 @@ static int do_stat(int argc, char *argv[])
 {
 	int (*statfn)(int dirfd, const char *, struct stat *) = lstatat;
 	int ret, opt, dirfd = AT_FDCWD, extra_flags = 0, exitcode = 0;
+	const char *dir = NULL;
 	char **filename;
 	struct stat st;
 
@@ -26,9 +27,7 @@ static int do_stat(int argc, char *argv[])
 			extra_flags |= O_CHROOT;
 			fallthrough;
 		case 'c':
-			dirfd = open(optarg, O_PATH | O_DIRECTORY | extra_flags);
-			if (dirfd < 0)
-				return dirfd;
+			dir = optarg;
 			break;
 		default:
 			return COMMAND_ERROR_USAGE;
@@ -38,6 +37,12 @@ static int do_stat(int argc, char *argv[])
 	if (optind == argc)
 		return COMMAND_ERROR_USAGE;
 
+	if (dir) {
+		dirfd = open(dir, O_PATH | O_DIRECTORY | extra_flags);
+		if (dirfd < 0)
+			return dirfd;
+	}
+
 	for (filename = &argv[optind]; *filename; filename++) {
 		ret = statfn(dirfd, *filename, &st);
 
-- 
2.39.5

[PATCH master 2/4] lib: idr: make idr_for_each_entry removal safe

[Ahmad Fatoum]

There's no idr_for_each_entry_safe and the Linux implementation of
idr_for_each_entry already allows to free while iterating and indeed,
the newly introduced 9P file system makes use of exactly that.

The barebox implementation is home-grown, because we didn't yet import
radix tree support and it did not allow freeing during iteration.

Rework our macro to allow this.

Fixes: d28d3d9159a1 ("include: linux/idr.h: implement more Linux API")
Signed-off-by: Ahmad Fatoum <a.fatoum@barebox.org>
---
 include/linux/idr.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/linux/idr.h b/include/linux/idr.h
index 07adde713477..e726d17b591f 100644
--- a/include/linux/idr.h
+++ b/include/linux/idr.h
@@ -37,9 +37,10 @@ struct idr {
  */
 #define idr_for_each_entry(_idr, _entry, _id)				\
 	for (struct idr *iter =						\
-	     list_first_entry_or_null(&(_idr)->list, struct idr, list);	\
-	     (iter && iter != (_idr)) || (_entry = NULL);	\
-	     iter = list_next_entry(iter, list))			\
+	     list_first_entry_or_null(&(_idr)->list, struct idr, list), \
+	     *tmp = iter ? list_next_entry(iter, list) : NULL;		\
+	     (iter && iter != (_idr)) || (_entry = NULL);		\
+	     iter = tmp, tmp = tmp ?  list_next_entry(tmp, list) : NULL)\
 	if ((_entry = iter->ptr, _id = iter->id, true))
 
 struct idr *__idr_find(struct idr *head, int lookup_id);
-- 
2.39.5

[PATCH master 3/4] startup: track system state with regards to initcall/exitcalls

[Ahmad Fatoum]

The operating system reclaims the barebox malloc area fully after it's
booted, so there is no point freeing memory while executing exitcalls.

To allow skipping memory freeing in that situation, maintain this
information in a new barebox_system_state variable.

Signed-off-by: Ahmad Fatoum <a.fatoum@barebox.org>
---
 common/startup.c  |  5 +++++
 include/barebox.h | 12 ++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/common/startup.c b/common/startup.c
index 560a00c5699b..8d36ffceb47e 100644
--- a/common/startup.c
+++ b/common/startup.c
@@ -51,6 +51,7 @@ extern initcall_t __barebox_initcalls_start[], __barebox_early_initcalls_end[],
 
 extern exitcall_t __barebox_exitcalls_start[], __barebox_exitcalls_end[];
 
+enum system_states barebox_system_state;
 
 #if defined CONFIG_FS_RAMFS && defined CONFIG_FS_DEVFS
 static int mount_root(void)
@@ -404,8 +405,10 @@ void __noreturn start_barebox(void)
 					ERR_PTR(result));
 	}
 
+	barebox_system_state = BAREBOX_RUNNING;
 	pr_debug("initcalls done\n");
 
+
 	if (IS_ENABLED(CONFIG_SELFTEST_AUTORUN))
 		selftests_run();
 
@@ -435,6 +438,8 @@ void shutdown_barebox(void)
 {
 	exitcall_t *exitcall;
 
+	barebox_system_state = BAREBOX_EXITING;
+
 	for (exitcall = __barebox_exitcalls_start;
 			exitcall < __barebox_exitcalls_end; exitcall++) {
 		pr_debug("exitcall-> %pS\n", *exitcall);
diff --git a/include/barebox.h b/include/barebox.h
index 02228451c26e..1b291129e982 100644
--- a/include/barebox.h
+++ b/include/barebox.h
@@ -48,4 +48,16 @@ void shutdown_barebox(void);
 
 long get_ram_size(volatile long *base, long size);
 
+enum system_states {
+	BAREBOX_STARTING,
+	BAREBOX_RUNNING,
+	BAREBOX_EXITING,
+};
+
+#if IN_PROPER
+extern enum system_states barebox_system_state;
+#else
+#define barebox_system_state	BAREBOX_STARTING
+#endif
+
 #endif
-- 
2.39.5

[PATCH master 4/4] fs: do not skip fs_remove when calling umount ramfs

[Ahmad Fatoum]

There's usually only a single ramfs mounted at / and given that the OS
will reclaim the memory anyway, we skip removal of ramfs.

Should further ramfs be mounted though, e.g. by tests, we run into a
use after free: fs_remove is skipped, but the unmount deallocates
the fs_device.

Fix this by only skipping removal for mounted file systems without a
remove callback when barebox_shutdown has been called.

Fixes: cf7b19df6541 ("fs: ramfs: do not bother unmounting ramfs on shutdown")
Signed-off-by: Ahmad Fatoum <a.fatoum@barebox.org>
---
 fs/fs.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/fs.c b/fs/fs.c
index 763f1b617460..3580bff6f5a6 100644
--- a/fs/fs.c
+++ b/fs/fs.c
@@ -835,9 +835,11 @@ static void fs_remove(struct device *dev)
 	int ret;
 
 	if (fsdev->dev.driver) {
-		if (!dev->driver->remove)
+		if (barebox_system_state == BAREBOX_EXITING
+		    && !dev->driver->remove)
 			return;
-		dev->driver->remove(dev);
+		if (dev->driver->remove)
+			dev->driver->remove(dev);
 		list_del(&fsdev->list);
 	}
 
-- 
2.39.5

Re: [PATCH master 1/4] commands: stat: fix leaking file descriptors on early exit

[Sascha Hauer]

On Mon, 23 Jun 2025 08:20:29 +0200, Ahmad Fatoum wrote:
> We currently leak the dirfd if we encounter an error during option
> parsing. Fix this by only recording the path at first and opening the
> dirfd once all options have been parsed.
> 
> 

Applied, thanks!

[1/4] commands: stat: fix leaking file descriptors on early exit
      https://git.pengutronix.de/cgit/barebox/commit/?id=c7179f4d267a (link may not be stable)
[2/4] lib: idr: make idr_for_each_entry removal safe
      https://git.pengutronix.de/cgit/barebox/commit/?id=4cee126abc0d (link may not be stable)
[3/4] startup: track system state with regards to initcall/exitcalls
      https://git.pengutronix.de/cgit/barebox/commit/?id=18993a87a236 (link may not be stable)
[4/4] fs: do not skip fs_remove when calling umount ramfs
      https://git.pengutronix.de/cgit/barebox/commit/?id=8dbe672c662b (link may not be stable)

Best regards,
-- 
Sascha Hauer <s.hauer@pengutronix.de>