Uploaded image for project: 'MCUboot'
  1. MCUB-59

mcuboot doesn't detect partial swap type correctly when resumed

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: High
    • Resolution: Done
    • Affects versions: None
    • Fix versions: 0.9
    • Components: None
    • Labels:
      None

      Description

      In boot/bootutil/src/loader.c, mcuboot contains a table named boot_swap_trans_table, which "indicates the next swap type that should be performed". It contains:

      {noformat}
      /**
       * This table indicates the next swap type that should be performed. The first
       * column contains the current swap type. The second column contains the swap
       * type that should be effected after the first completes.
       */
      static const uint8_t boot_swap_trans_table[][2] = {
          /* From To */
          { BOOT_SWAP_TYPE_REVERT, BOOT_SWAP_TYPE_NONE },
          { BOOT_SWAP_TYPE_PERM, BOOT_SWAP_TYPE_NONE },
          { BOOT_SWAP_TYPE_TEST, BOOT_SWAP_TYPE_REVERT },
      };
      {noformat}

      However, the only user is a function, boot_previous_swap_type(), which doesn't investigate the *next* swap type, but rather attempts to compute the *previous* swap type which was in progress when mcuboot was interrupted:

      {noformat}
      /**
       * Calculates the type of swap that just completed.
       */
      static int
      boot_previous_swap_type(void)
      {
          int post_swap_type;
          int i;

          post_swap_type = boot_swap_type();

          for (i = 0; i < BOOT_SWAP_TRANS_TABLE_SIZE; i++){
              if (boot_swap_trans_table[i][1] == post_swap_type) {
                  return boot_swap_trans_table[i][0];
              }
          }

          /* XXX: Temporary assert. */
          assert(0);

          return BOOT_SWAP_TYPE_REVERT;
      }
      {noformat}

      (This is called from boot_swap_if_needed() if mcuboot detects a partial swap.)

      This cannot be correct: for example, boot_previous_swap_type() can never return BOOT_SWAP_TYPE_PERM.

      This is true since boot_previous_swap_type() only checks:

      {noformat}
      post_swap_type == boot_swap_trans_table[i][1]
      {noformat}

      so if post_swap_type is BOOT_SWAP_TYPE_NONE, boot_previous_swap_type() will always return BOOT_SWAP_TYPE_REVERT, never BOOT_SWAP_TYPE_PERM.

      So something is wrong here, and mcuboot might not be correctly handling an interrupted swap as a result.

      This ticket tracks figuring out what the right behavior is.

        Attachments

          Activity

            People

            • Assignee:
              utzig Fabio Utzig
              Reporter:
              marti.bolivar Marti Bolivar (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Backbone Issue Sync