[PATCH 3/3] startup: mount ps only on policy FS_EXTERNAL

Ahmad Fatoum a.fatoum at pengutronix.de
Tue Oct 28 05:56:14 PDT 2025 

Hi,

On 10/28/25 1:18 PM, Fabian Pflug wrote:
> Without the SCONFIG_FS_EXTERNAL, the bus of the driver for pstore will
> not load, resulting in a missing driver for pstore and an error during
> bootup.
> Only mount the /pstore if FS_EXTERNAL is allowed by the security policy.
> > Signed-off-by: Fabian Pflug <f.pflug at pengutronix.de>
> ---
>  common/startup.c | 22 ++++++++++++++++++++--
>  1 file changed, 20 insertions(+), 2 deletions(-)
> 
> diff --git a/common/startup.c b/common/startup.c
> index ea5436afa6..f16a99f7e4 100644
> --- a/common/startup.c
> +++ b/common/startup.c
> @@ -55,6 +55,19 @@ extern exitcall_t __barebox_exitcalls_start[], __barebox_exitcalls_end[];
>  enum system_states barebox_system_state;
>  
>  #if defined CONFIG_FS_RAMFS && defined CONFIG_FS_DEVFS
> +static struct sconfig_notifier_block sconfig_notifier;
> +static void u_mount_pstore(struct sconfig_notifier_block *nb,
> +			   enum security_config_option opt, bool allowed)
> +{
> +	if (allowed) {
> +		mkdir("/pstore", 0);

I think we should create the directory unconditionally without paying
respect to whether we can mount or not.

> +		mount("none", "pstore", "/pstore", NULL);
> +	} else {
> +		umount("/pstore");

The harm is already done when loosening security mode, so I don't think
we want to start unmounting things.

As mentioned, I'd prefer replacing SCONFIG_FS_EXTERNAL altogether with a
whitelist of mounts, so common code calls:

  allow_mount("none", "ramfs", "/", NULL);
  allow_mount("none", "devfs", "/dev", NULL);

and board code can call:

  allow_mount("non", "pstore", "/pstore", NULL);

and we won't need any special handling here. Waiting to see what Sascha
thinks.

Cheers,
Ahmad

> +		rmdir("/pstore");
> +	}
> +}
> +
>  static int mount_root(void)
>  {
>  	mount("none", "ramfs", "/", NULL);
> @@ -69,8 +82,13 @@ static int mount_root(void)
>  	}
>  
>  	if (IS_ENABLED(CONFIG_FS_PSTORE)) {
> -		mkdir("/pstore", 0);
> -		mount("none", "pstore", "/pstore", NULL);
> +		if (IS_ALLOWED(SCONFIG_FS_EXTERNAL)) {
> +			mkdir("/pstore", 0);
> +			mount("none", "pstore", "/pstore", NULL);
> +		}
> +		sconfig_register_handler_filtered(&sconfig_notifier,
> +						  u_mount_pstore,
> +						  SCONFIG_FS_EXTERNAL);
>  	}
>  
>  	if (IS_ENABLED(CONFIG_9P_FS))

-- 
Pengutronix e.K.                  |                             |
Steuerwalder Str. 21              | http://www.pengutronix.de/  |
31137 Hildesheim, Germany         | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686  | Fax:   +49-5121-206917-5555 |

More information about the barebox mailing list