system/nxinit: fix parser edge cases, SIGCHLD race and build warnings (pick from open-vela)#3520
Merged
xiaoxiang781216 merged 10 commits intoJun 5, 2026
Merged
Conversation
When ETC_ROMFS is disabled to reduce the bin size, we can provide the init.rc
file via a pseudo-file in the boards/vendor directory. For example:
- CONFIG_ETC_ROMFS=n
- CONFIG_PSEUDOFS_FILE=y
- CONFIG_DISABLE_PSEUDOFS_OPERATIONS=n
```C
FAR const char *init_rc =
"on init\n"
" start console\n";
"service console sh\n"
" restart_period 100\n";
int fd = open("/etc/init.d/init.rc", O_WRONLY | O_CREAT);
/* ... */
ssize_t n = write(fd, init_rc, strlen(init_rc) + 1);
/* ... */
close(fd);
```
The last character '\0' in the file content will be treated as a new line,
and the number of parsed parameters will be zero (abnormal, there should be
at least one keyword).
Signed-off-by: wangjianyu3 <wangjianyu3@xiaomi.com>
linguini1
previously approved these changes
Jun 3, 2026
Contributor
linguini1
left a comment
linguini1
left a comment
There was a problem hiding this comment.
Thank you @JianyuWang0623 !
Member
|
FYI: I restarted the CI Build to fix the Docker Image |
xiaoxiang781216
previously approved these changes
Jun 4, 2026
JianyuWang0623
dismissed stale reviews from xiaoxiang781216 and linguini1
via
05a4594
JianyuWang0623
force-pushed
the
system-nxinit-fixes
branch
from
ee1d0dc to
05a4594
Compare
xiaoxiang781216
approved these changes
Jun 4, 2026
jerpelea
approved these changes
Jun 4, 2026
acassis
approved these changes
Jun 4, 2026
Contributor
|
@jerpelea could you please add this fix to the v13 back port log? |
action.c uses clock_gettime(CLOCK_MONOTONIC, ...) but did not pull in <nuttx/clock.h> directly, which fails to build on configurations where the header is not transitively included. Add the missing #include. Signed-off-by: fangpeina <fangpeina@xiaomi.com>
reap_process() referenced an undeclared identifier 'wtatus' on the WIFSIGNALED branch (typo of 'wstatus'). Some toolchains then flagged a -Wmaybe-uninitialized on the surrounding wstatus use. Correct the typo so WIFSIGNALED/WTERMSIG operate on the actual wstatus value returned by waitpid(). Signed-off-by: fangpeina <fangpeina@xiaomi.com>
/.../apps/system/nxinit/action.h:72:19: error: field 'time_run' has incomplete type
72 | struct timespec time_run;
| ^~~~~~~~
Signed-off-by: wangjianyu3 <wangjianyu3@xiaomi.com>
Any string ending with whitespace passed to init_parse_arguments() could cause the parser to advance past the string boundary and read unintended memory content. - " echo "A" \0& echo "B" should be parsed as a command with two argvs instand of five. - "command arg " may lead to uncertain results. Signed-off-by: fangpeina <fangpeina@xiaomi.com>
Pending all signals(SIGCHLD) when ppoll() is not invoked to
avoid race conditions.
Case reproduction
Set examples/hello as a service that exits immediately after startup.
```init.rc
on boot
start hello
service hello hello
restart_period 0
```
Log - without this patch:
# Service hello only restarts about 100 times, ppoll is not woken up
# after the hello process with PID 119 exits.
[ 4.391274] [ 2] [ 0] init_main: service 'hello' pid 118 exited status 0
[ 4.401423] [ 2] [ 0] init_main: started service 'hello' pid 119
Log - with this patch:
# ppoll() can still be woken up normally after tens of thousands of
# restarts of service hello in stress test.
[ 268.447747] [ 2] [ 0] init_main: service 'hello' pid 34503 exited status 0
Signed-off-by: wangjianyu3 <wangjianyu3@xiaomi.com>
fix the unused variable warnings for name and status in init.c. Signed-off-by: v-maomingju <v-maomingju@xiaomi.com>
Add missing return value check for init_parse_arguments function. Signed-off-by: wangjianyu3 <wangjianyu3@xiaomi.com>
The init process has blocked all signals, spawned services would inherit that mask. This could cause services to miss important signals like SIGTERM during graceful shutdown. Signed-off-by: wangjianyu3 <wangjianyu3@xiaomi.com>
Fix argument parsing in init_parse_arguments() to properly handle multiple quoted arguments like 'echo "arg1" "arg2"' by skipping quote characters after processing them. Signed-off-by: fangpeina <fangpeina@xiaomi.com>
JianyuWang0623
force-pushed
the
system-nxinit-fixes
branch
from
05a4594 to
5804544
Compare
xiaoxiang781216
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note: Please adhere to Contributing Guidelines.
Pick from open-vela: https://github.com/open-vela/nuttx-apps/commits/dev/system/init
Summary
A bundle of fixes and small improvements for
system/nxinit, accumulatedwhile bringing it up on real hardware (esp32s3) and porting it to upstream
NuttX. Each commit is self-contained; together they address parser
robustness, signal-handling races, action/import edge cases, and a few
build warnings.
Commits (oldest first):
Handle trailing file '\0'fix compilation errors in action.cfix uninitialized 'wstatus' warningFix timespec incomplete error in action.hprevent parser from reading past string boundaryAvoid SIGCHLD race with ppoll()fix unused variable warningFix missing check for import argumentFix signal mask inheritancefix init parser to handle multiple quoted argumentsCumulative diff: 7 files, +122/-25.
Impact
init.rcare more robustly parsed (quotedargs, trailing
\0, string-boundary safety) and the SIGCHLD race in theinit main loop is fixed; child signal masks are no longer inherited
unintentionally.
-Wuninitialized/ unused-variable warnings and atimespecincomplete-type error on some toolchains.edge cases that previously misbehaved or were unsafe.
Testing
Host: Ubuntu 22.04,
xtensa-esp32s3-elf-gcc,esptool.py 4.8.1.Target:
lckfb-szpi-esp32s3:adbwithCONFIG_SYSTEM_NXINIT=y(companionPR in apache/nuttx switches the defconfig to
init_main).Build & flash:
Runtime check after boot —
init.rcdefinesconsole (sh)andadbdservices, both spawned and reaped by
init_main:init_main(PID 3) is the parent of bothsh(PID 4) andadbd(PID 5);
adb shellis fully interactive. Killingsh(e.g.exiton the console) is recovered within the configured
restart_period(1 s), exercising the service auto-restart path covered by the
SIGCHLD/ppoll race fix.
No regressions observed on default
nxinittest runs (action triggers,import, quoted-arg parsing) on the device.