[U-Boot] [PATCH] bootm: fdt: Use panic() instead of hang() when presented with a bad image

[Wolfgang Denk]

Dear Alex,

In message <20180918081013.26660-1-alex.kiernan at gmail.com> you wrote:
> When the image which bootm is given can't be booted, call panic with
> the error message rather than printf/hang so that we can recover from
> broken images via a bootcount mechanism. If hang on failure is still
> required then CONFIG_PANIC_HANG can still be enabled.

I wonder if the failing of the FDT creation is a reason to panic /
reboot at all?  The point of no return is architecture dependent -
for example, on Power architecture it is usuallywhen the kernel
image gests decompressed/written to RAM, as then the exception
vectors get overwritten, so no return to U-Boot is possible.

But the FDT is always (I think ?) just written to an area of RAM
that is not critical for the execution of U-Boot itself - so when
this fails, why can we not simply return to U-Boot with an eroor
indication?

I feel we should use panic/hang only as a last resort, when no other
recovery is possible?

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
"Have you lived in this village all your life?"        "No, not yet."