[U-Boot] [PATCH] fw_printenv: Don't bail out directly after one env read error

Wolfgang Denk wd at denx.de
Sat Jun 30 10:35:49 UTC 2018 

Dear Tom,

In message <20180629181550.GG18596 at bill-the-cat> you wrote:
> 
> > This patch can lead to reading incorrect (old, no longer valid)
> > values without any way for the user to see what is happening.
> > 
> > This must not be done!
>
> I'm not 100% sure, after reading all of the code, if there's a problem.

There is.

> What we indeed do not want to do is be silent in seeing that the first
> environment location we read from failed.  But AFAICT if flash_io
> returns non-zero we also output something useful to stderr, so it should
> be visible to the user that something went wrong.

But there is no indication about the problem in the return code, so
any tools using this have no way to determine there was a problem.

> The next question is,
> if half of the redundant environment has failed, is the other half
> considered valid (so long as the crc passes) or would only the built-in
> be valid?  I would think the other half is the valid one.

It may be valid, but it is still not what we want.

redundant environment is used to provide a fall-back in case of
poblems when _writing_ the environment, i. e. like a power-off while
a "saveenv" is running.  The purpose is to make sute that even then
we will always have a valid environment, with correct checksum.

But as soon as the saveenv has succesfully completed, we do not have
to equal, exchangable copies - instead, we have one which holds the
current data (and only this is what represents the "correct" state),
and another copy, which holds the old state, i. e. which is
obsolete.

Sielntly swapping the current and the obsolete data is a serious
bug, which must never happen.  It may be OK as part of some recovery
procedure to limit the damage, but it must never ever go unnoticed.

Assume you switch to another boot device / boot partion as part of a
system update procedure.  Then booting the wrong system is
definitely not what you want.

Please revert!

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
It's not an optical illusion, it just looks like one.   -- Phil White

More information about the U-Boot mailing list