commit db5bd3c1866775a4e0bb7a8462b5a02b0164a2fc
author Fabio Utzig <utzig@apache.org> Thu Jul 13 22:20:22 2017 -0300
committer Fabio Utzig <utzig@apache.org> Thu Jul 13 22:20:22 2017 -0300
tree 898e3f3805608e406e2e5cd3b1369c9f3bb40aab
parent d7d20756aa84a5e642681a68a8d854e50903377b

Refactor finalize swap handling

After a swap operation is finished trailer control flags are written
according to the type of swap that was performed. The function names
that execute those operations were renamed to explicity reflect what
they do, and all "less deterministic" behaviors, of the type
"if flash is not set, set it", were removed.

Signed-off-by: Fabio Utzig <utzig@apache.org>

boot/bootutil/src/loader.c

diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index 205422d..cc2a7ae 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -1077,10 +1077,10 @@
 #endif
 
 /**
- * Marks a test image in slot 0 as fully copied.
+ * Marks the image in slot 0 as fully copied.
  */
 static int
-boot_finalize_test_swap(void)
+boot_set_copy_done(void)
 {
     const struct flash_area *fap;
     int rc;
@@ -1091,11 +1091,8 @@
     }
 
     rc = boot_write_copy_done(fap);
-    if (rc != 0) {
-        return rc;
-    }
-
-    return 0;
+    flash_area_close(fap);
+    return rc;
 }
 
 /**
@@ -1104,10 +1101,9 @@
  * subsequent boot.
  */
 static int
-boot_finalize_revert_swap(void)
+boot_set_image_ok(void)
 {
     const struct flash_area *fap;
-    struct boot_swap_state state_slot0;
     int rc;
 
     rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
@@ -1115,33 +1111,9 @@
         return BOOT_EFLASH;
     }
 
-    rc = boot_read_swap_state(fap, &state_slot0);
-    if (rc != 0) {
-        return BOOT_EFLASH;
-    }
-
-    if (state_slot0.magic == BOOT_MAGIC_UNSET) {
-        rc = boot_write_magic(fap);
-        if (rc != 0) {
-            return rc;
-        }
-    }
-
-    if (state_slot0.copy_done == BOOT_FLAG_UNSET) {
-        rc = boot_write_copy_done(fap);
-        if (rc != 0) {
-            return rc;
-        }
-    }
-
-    if (state_slot0.image_ok == BOOT_FLAG_UNSET) {
-        rc = boot_write_image_ok(fap);
-        if (rc != 0) {
-            return rc;
-        }
-    }
-
-    return 0;
+    rc = boot_write_image_ok(fap);
+    flash_area_close(fap);
+    return rc;
 }
 
 /**
@@ -1257,6 +1229,14 @@
         if (rc != 0) {
             goto out;
         }
+
+        /*
+         * The following states need image_ok be explicitly set after the
+         * swap was finished to avoid a new revert.
+         */
+        if (swap_type == BOOT_SWAP_TYPE_REVERT || swap_type == BOOT_SWAP_TYPE_FAIL) {
+            boot_set_image_ok();
+        }
     } else {
         swap_type = BOOT_SWAP_TYPE_NONE;
     }
@@ -1268,14 +1248,9 @@
 
     case BOOT_SWAP_TYPE_TEST:
     case BOOT_SWAP_TYPE_PERM:
-        slot = 1;
-        boot_finalize_test_swap();
-        reload_headers = true;
-        break;
-
     case BOOT_SWAP_TYPE_REVERT:
         slot = 1;
-        boot_finalize_revert_swap();
+        boot_set_copy_done();
         reload_headers = true;
         break;
 
@@ -1285,21 +1260,16 @@
          * we just reverted back to slot 0.
          */
         slot = 0;
-        boot_finalize_revert_swap();
         reload_headers = true;
         break;
 
     case BOOT_SWAP_TYPE_PANIC:
+    default:
         /* TODO: what to do it a fatal error like flash read/write error
          *       happened?
          */
         assert(0);
         break;
-
-    default:
-        assert(0);
-        slot = 0;
-        break;
     }
 
 #ifdef MCUBOOT_VALIDATE_SLOT0