Assert flash ops succeed during swap.
Previously, the return of boot_swap_sectors() was discarded. If a flash
operation failed, this information was lost.
Now, boot_swap_sectors() returns void. Rather than returning a result,
success is asserted for all flash operations during function execution
(boot_copy_sector() and boot_erase_sector()).
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index 7766d87..89b4e13 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -787,7 +787,7 @@
*
* @return 0 on success; nonzero on failure.
*/
-static int
+static void
boot_swap_sectors(int idx, uint32_t sz, struct boot_status *bs)
{
uint32_t copy_sz;
@@ -800,24 +800,19 @@
if (bs->state == 0) {
rc = boot_erase_sector(FLASH_AREA_IMAGE_SCRATCH, 0, sz);
- if (rc != 0) {
- return rc;
- }
+ assert(rc == 0);
rc = boot_copy_sector(FLASH_AREA_IMAGE_1, FLASH_AREA_IMAGE_SCRATCH,
img_off, 0, sz);
- if (rc != 0) {
- return rc;
- }
+ assert(rc == 0);
bs->state = 1;
- (void)boot_write_status(bs);
+ rc = boot_write_status(bs);
+ assert(rc == 0);
}
if (bs->state == 1) {
rc = boot_erase_sector(FLASH_AREA_IMAGE_1, img_off, sz);
- if (rc != 0) {
- return rc;
- }
+ assert(rc == 0);
copy_sz = sz;
if (boot_data.imgs[0].sectors[idx].fa_off + sz >=
@@ -831,31 +826,25 @@
rc = boot_copy_sector(FLASH_AREA_IMAGE_0, FLASH_AREA_IMAGE_1,
img_off, img_off, copy_sz);
- if (rc != 0) {
- return rc;
- }
+ assert(rc == 0);
bs->state = 2;
- (void)boot_write_status(bs);
+ rc = boot_write_status(bs);
+ assert(rc == 0);
}
if (bs->state == 2) {
rc = boot_erase_sector(FLASH_AREA_IMAGE_0, img_off, sz);
- if (rc != 0) {
- return rc;
- }
+ assert(rc == 0);
rc = boot_copy_sector(FLASH_AREA_IMAGE_SCRATCH, FLASH_AREA_IMAGE_0,
0, img_off, sz);
- if (rc != 0) {
- return rc;
- }
+ assert(rc == 0);
bs->idx++;
bs->state = 0;
- (void)boot_write_status(bs);
+ rc = boot_write_status(bs);
+ assert(rc == 0);
}
-
- return 0;
}
/**