TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 695d5647971aecb15feeeeb45dea014ba62105a3^! / . / boot / bootutil / src / loader.c
commit695d5647971aecb15feeeeb45dea014ba62105a3[log] [tgz]
authorFabio Utzig <utzig@apache.org>Thu Jul 20 09:47:16 2017 -0300
committerFabio Utzig <utzig@apache.org>Thu Jul 20 12:31:48 2017 -0300
tree72db0989305b859bf8499e256e6d2801aaf574ad
parent1e56fcc4471a5b32e7fc8a8c50f6df4bab082e25 [diff] [blame]
Add handling for failure setting slot flags

This adds a check for failure writing flags after a swap. For now a
failure just panics the bootloader.

Signed-off-by: Fabio Utzig <utzig@apache.org>

diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index 99ff638..ca75a96 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c

@@ -1250,7 +1250,10 @@
          * swap was finished to avoid a new revert.
          */
         if (swap_type == BOOT_SWAP_TYPE_REVERT || swap_type == BOOT_SWAP_TYPE_FAIL) {
-            boot_set_image_ok();
+            rc = boot_set_image_ok();
+            if (rc != 0) {
+                swap_type = BOOT_SWAP_TYPE_PANIC;
+            }
         }
     } else {
         swap_type = BOOT_SWAP_TYPE_NONE;
@@ -1261,12 +1264,15 @@
         slot = 0;
         break;
 
-    case BOOT_SWAP_TYPE_TEST:
-    case BOOT_SWAP_TYPE_PERM:
+    case BOOT_SWAP_TYPE_TEST:          /* fallthrough */
+    case BOOT_SWAP_TYPE_PERM:          /* fallthrough */
     case BOOT_SWAP_TYPE_REVERT:
         slot = 1;
-        boot_set_copy_done();
         reload_headers = true;
+        rc = boot_set_copy_done();
+        if (rc != 0) {
+            swap_type = BOOT_SWAP_TYPE_PANIC;
+        }
         break;
 
     case BOOT_SWAP_TYPE_FAIL:
@@ -1278,13 +1284,16 @@
         reload_headers = true;
         break;
 
-    case BOOT_SWAP_TYPE_PANIC:
     default:
-        /* TODO: what to do it a fatal error like flash read/write error
-         *       happened?
-         */
+        swap_type = BOOT_SWAP_TYPE_PANIC;
+    }
+
+    if (swap_type == BOOT_SWAP_TYPE_PANIC) {
+        BOOT_LOG_ERR("panic!");
         assert(0);
-        break;
+
+        /* Loop forever... */
+        while (1) {}
     }
 
 #ifdef MCUBOOT_VALIDATE_SLOT0