bootutil: fix random upgrade failure using swap move
Fix an issue where an upgrade could fail to execute.
This happened randomly in the "perm_with_fails" test in the simulator;
for it to happen the first reset had to occur just after writing the
metadata to mark the start of a new upgrade, but before any swap happened;
if followed by a new reset happening at a point where the metadata was
erased and rewritten, it would result in an upgrade failure. The images
would still be valid though although in their original slots.
The fix stores the detected boot status source in the state. When
metadata was found in the primary slot we assume a swap has already
started (even though no sector swap has happened) and avoid
erasing/rewriting it.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/boot/bootutil/src/swap_misc.c b/boot/bootutil/src/swap_misc.c
index f194538..9db3299 100644
--- a/boot/bootutil/src/swap_misc.c
+++ b/boot/bootutil/src/swap_misc.c
@@ -133,12 +133,11 @@
const struct flash_area *fap;
uint32_t off;
uint8_t swap_info;
- int status_loc;
int area_id;
int rc;
- status_loc = swap_status_source(state);
- switch (status_loc) {
+ bs->source = swap_status_source(state);
+ switch (bs->source) {
case BOOT_STATUS_SOURCE_NONE:
return 0;