boot: bootutil: Refactor erase functionality to fix watchdog feeding

Refactors the erase functionality in bootutil so that it can be used
alongside feeding the watchdog. This has also optimised some
functions out.

Signed-off-by: Jamie McCrae <[email protected]>

Author: nordicjm

boot/boot_serial/src/boot_serial.c

@@ -856,7 +856,7 @@ static off_t erase_range(const struct flash_area *fap, off_t start, off_t end)
     BOOT_LOG_DBG("Erasing range 0x%jx:0x%jx", (intmax_t)start,
 		 (intmax_t)(start + size - 1));
 
-    rc = boot_erase_region(fap, start, size);
+    rc = boot_erase_region(fap, start, size, false);
     if (rc != 0) {
         BOOT_LOG_ERR("Error %d while erasing range", rc);
         return -EINVAL;
@@ -1000,7 +1000,7 @@ bs_upload(char *buf, int len)
         /* Non-progressive erase erases entire image slot when first chunk of
          * an image is received.
          */
-        rc = boot_erase_region(fap, 0, area_size);
+        rc = boot_erase_region(fap, 0, area_size, false);
         if (rc) {
             goto out_invalid_data;
         }

boot/boot_serial/src/boot_serial_encryption.c

@@ -187,7 +187,7 @@ decrypt_region_inplace(struct boot_loader_state *state,
                     (off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
                     blk_off, &buf[idx]);
         }
-        rc = boot_erase_region(fap, off + bytes_copied, chunk_sz);
+        rc = boot_erase_region(fap, off + bytes_copied, chunk_sz, false);
         if (rc != 0) {
             return BOOT_EFLASH;
         }

boot/bootutil/src/bootutil_priv.h

@@ -346,11 +346,9 @@ int boot_copy_region(struct boot_loader_state *state,
 /* Prepare for write device that requires erase prior to write. This will
  * do nothing on devices without erase requirement.
  */
-int boot_erase_region(const struct flash_area *fap, uint32_t off, uint32_t sz);
+int boot_erase_region(const struct flash_area *fap, uint32_t off, uint32_t sz, bool backwards);
 /* Similar to boot_erase_region but will always remove data */
-int boot_scramble_region(const struct flash_area *fap, uint32_t off, uint32_t sz);
-/* Similar to boot_scramble_region but works backwards */
-int boot_scramble_region_backwards(const struct flash_area *fap, uint32_t off, uint32_t sz);
+int boot_scramble_region(const struct flash_area *fap, uint32_t off, uint32_t sz, bool backwards);
 /* Makes slot unbootable, either by scrambling header magic, header sector
  * or entire slot, depending on settings.
  * Note: slot is passed here becuase at this point there is no function

boot/bootutil/src/loader.c

@@ -1233,20 +1233,100 @@ boot_validated_swap_type(struct boot_loader_state *state,
  * Erases a region of device that requires erase prior to write; does
  * nothing on devices without erase.
  *
- * @param fap                   The flash_area containing the region to erase.
+ * @param fa                    The flash_area containing the region to erase.
  * @param off                   The offset within the flash area to start the
  *                              erase.
- * @param sz                    The number of bytes to erase.
+ * @param size                  The number of bytes to erase.
+ * @param backwards             If set to true will erase from end to start
+ *                              addresses, otherwise erases from start to end
+ *                              addresses.
  *
  * @return                      0 on success; nonzero on failure.
  */
 int
-boot_erase_region(const struct flash_area *fap, uint32_t off, uint32_t sz)
+boot_erase_region(const struct flash_area *fa, uint32_t off, uint32_t size, bool backwards)
 {
-    if (device_requires_erase(fap)) {
-        return flash_area_erase(fap, off, sz);
+    int rc = 0;
+
+    if (device_requires_erase(fa)) {
+//        return flash_area_erase(fap, off, sz);
+        uint32_t end_offset = 0;
+        struct flash_sector sector;
+
+        if (backwards) {
+            /* Get the lowest erased page offset first */
+            rc = flash_area_get_sector(fa, off, &sector);
+
+            if (rc < 0) {
+                goto end;
+            }
+
+            end_offset = flash_sector_get_off(&sector);
+
+            /* Set boundary condition, the highest probable offset to erase, within
+             * last sector to erase
+             */
+            off += size - 1;
+        } else {
+        /* Get the lowest erased page offset first */
+            rc = flash_area_get_sector(fa, (off + size - 1), &sector);
+
+            if (rc < 0) {
+                goto end;
+            }
+
+            end_offset = flash_sector_get_off(&sector);
+        }
+
+        while (true) {
+            /* Size to read in this iteration */
+            size_t csize;
+
+            /* Get current sector and, also, correct offset */
+            rc = flash_area_get_sector(fa, off, &sector);
+
+            if (rc < 0) {
+                goto end;
+            }
+
+            /* Corrected offset and size of current sector to erase */
+            off = flash_sector_get_off(&sector);
+            csize = flash_sector_get_size(&sector);
+
+            rc = flash_area_erase(fa, off, csize);
+
+            if (rc < 0) {
+                goto end;
+            }
+
+            MCUBOOT_WATCHDOG_FEED();
+
+            if (backwards) {
+                if (end_offset >= off) {
+                    /* Reached the first offset in range and already erased it */
+                    break;
+                }
+
+                /* Move down to previous sector, the flash_area_get_sector will
+                 * correct the value to real page offset
+                 */
+                off -= 1;
+            } else {
+            /* Move down to previous sector, the flash_area_get_sector will
+             * correct the value to real page offset
+             */
+                off += csize;
+
+                if (off > end_offset) {
+                /* Reached the first offset in range and already erased it */
+                    break;
+                }
+            }
+        }
     }
-    return 0;
+
+end:
+    return rc;
 }
 
 /**
@@ -1259,36 +1339,70 @@ boot_erase_region(const struct flash_area *fap, uint32_t off, uint32_t sz)
  * @param off                   The offset within the flash area to start the
  *                              erase.
  * @param size                  The number of bytes to erase.
+ * @param backwards             If set to true will erase from end to start
+ *                              addresses, otherwise erases from start to end
+ *                              addresses.
  *
  * @return                      0 on success; nonzero on failure.
  */
 int
-boot_scramble_region(const struct flash_area *fa, uint32_t off, uint32_t size)
+boot_scramble_region(const struct flash_area *fa, uint32_t off, uint32_t size, bool backwards)
 {
-    int ret = 0;
+    int rc = 0;
 
     if (size == 0) {
-        return 0;
+        goto done;
+    } else if (off >= flash_area_get_size(fa) || (flash_area_get_size(fa) - off) < size) {
+        rc = -1;
+        goto done;
     }
 
     if (device_requires_erase(fa)) {
-        return flash_area_erase(fa, off, size);
+        rc = boot_erase_region(fa, off, size, backwards);
     } else {
         uint8_t buf[BOOT_MAX_ALIGN];
-        size_t size_done = 0;
         const size_t write_block = flash_area_align(fa);
+        uint32_t end_offset;
 
         memset(buf, flash_area_erased_val(fa), sizeof(buf));
 
-        while (size_done < size) {
-            ret = flash_area_write(fa, size_done + off, buf, write_block);
-            if (ret != 0) {
+        if (backwards) {
+            end_offset = ALIGN_DOWN(off, write_block);
+            /* Starting at the last write block in range */
+            off += size - write_block;
+        } else {
+            end_offset = ALIGN_DOWN((off + size), write_block);
+        }
+
+        while (true) {
+            /* Write over the area to scramble data that is there */
+            rc = flash_area_write(fa, off, buf, write_block);
+            if (rc != 0) {
                 break;
             }
-            size_done += write_block;
+
+            MCUBOOT_WATCHDOG_FEED();
+
+            if (backwards) {
+                if (end_offset >= off) {
+                    /* Reached the first offset in range and already scrambled it */
+                    break;
+                }
+
+                off -= write_block;
+            } else {
+                if (end_offset < off) {
+/* Reached the first offset in range and already scrambled it */
+                    break;
+                }
+
+                off += write_block;
+            }
         }
     }
-    return ret;
+
+done:
+    return rc;
 }
 
 /**
@@ -1304,90 +1418,6 @@ boot_scramble_region(const struct flash_area *fa, uint32_t off, uint32_t size)
  *
  * @return                      0 on success; nonzero on failure.
  */
-int boot_scramble_region_backwards(const struct flash_area *fa, uint32_t off, uint32_t size)
-{
-    int ret = 0;
-    uint32_t first_offset = 0;
-
-    if (size == 0) {
-        return 0;
-    }
-
-    if (off >= flash_area_get_size(fa) || (flash_area_get_size(fa) - off) < size) {
-        return -1;
-    }
-
-    if (device_requires_erase(fa)) {
-        struct flash_sector sector;
-
-        /* Get the lowest erased page offset first */
-        ret = flash_area_get_sector(fa, off, &sector);
-        if (ret < 0) {
-            return ret;
-        }
-        first_offset = flash_sector_get_off(&sector);
-
-        /* Set boundary condition, the highest probable offset to erase, within
-         * last sector to erase
-         */
-        off += size - 1;
-
-        while (true) {
-            /* Size to read in this iteration */
-            size_t csize;
-
-            /* Get current sector and, also, correct offset */
-            ret = flash_area_get_sector(fa, off, &sector);
-            if (ret < 0) {
-                return ret;
-            }
-
-            /* Corrected offset and size of current sector to erase */
-            off = flash_sector_get_off(&sector);
-            csize = flash_sector_get_size(&sector);
-
-            ret = flash_area_erase(fa, off, csize);
-            if (ret < 0) {
-                return ret;
-            }
-
-            if (first_offset >= off) {
-                /* Reached the first offsset in range and already erased it */
-                break;
-            }
-
-            /* Move down to previous sector, the flash_area_get_sector will
-             * correct the value to real page offset
-             */
-            off -= 1;
-        }
-    } else {
-        uint8_t buf[BOOT_MAX_ALIGN];
-        const size_t write_block = flash_area_align(fa);
-        uint32_t first_offset = ALIGN_DOWN(off, write_block);
-
-        memset(buf, flash_area_erased_val(fa), sizeof(buf));
-
-        /* Starting at the last write block in range */
-        off += size - write_block;
-
-        while (true) {
-            /* Write over the area to scramble data that is there */
-            ret = flash_area_write(fa, off, buf, write_block);
-            if (ret != 0) {
-                break;
-            }
-
-            if (first_offset >= off) {
-                /* Reached the first offset in range and already scrambled it */
-                break;
-            }
-
-            off -= write_block;
-        }
-    }
-    return ret;
-}
 
 /**
  * Remove enough data from slot to mark is as unused
@@ -1412,7 +1442,7 @@ boot_scramble_slot(const struct flash_area *fa, int slot)
     /* Without minimal entire area needs to be scrambled */
 #if !defined(MCUBOOT_MINIMAL_SCRAMBLE)
     size = flash_area_get_size(fa);
-    ret = boot_scramble_region(fa, 0, size);
+    ret = boot_scramble_region(fa, 0, size, false);
 #else
     size_t off = 0;
 
@@ -1421,7 +1451,7 @@ boot_scramble_slot(const struct flash_area *fa, int slot)
         return ret;
     }
 
-    ret = boot_scramble_region(fa, off, size);
+    ret = boot_scramble_region(fa, off, size, false);
     if (ret < 0) {
         return ret;
     }
@@ -1431,7 +1461,7 @@ boot_scramble_slot(const struct flash_area *fa, int slot)
         return ret;
     }
 
-    ret = boot_scramble_region_backwards(fa, off, flash_area_get_size(fa) - off);
+    ret = boot_scramble_region(fa, off, (flash_area_get_size(fa) - off), true);
 #endif
     return ret;
 }
@@ -1663,7 +1693,7 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs)
     sect_count = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT);
     for (sect = 0, size = 0; sect < sect_count; sect++) {
         this_size = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, sect);
-        rc = boot_erase_region(fap_primary_slot, size, this_size);
+        rc = boot_erase_region(fap_primary_slot, size, this_size, false);
         assert(rc == 0);
 
 #if defined(MCUBOOT_OVERWRITE_ONLY_FAST)
@@ -1687,7 +1717,7 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs)
         sector--;
     } while (sz < trailer_sz);
 
-    rc = boot_erase_region(fap_primary_slot, off, sz);
+    rc = boot_erase_region(fap_primary_slot, off, sz, false);
     assert(rc == 0);
 #endif
 
@@ -1759,7 +1789,7 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs)
     BOOT_LOG_DBG("erasing secondary header");
     rc = boot_erase_region(fap_secondary_slot,
                            boot_img_sector_off(state, BOOT_SECONDARY_SLOT, 0),
-                           boot_img_sector_size(state, BOOT_SECONDARY_SLOT, 0));
+                           boot_img_sector_size(state, BOOT_SECONDARY_SLOT, 0), false);
     assert(rc == 0);
 #endif
 
@@ -1769,7 +1799,7 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs)
                            boot_img_sector_off(state, BOOT_SECONDARY_SLOT,
                                last_sector),
                            boot_img_sector_size(state, BOOT_SECONDARY_SLOT,
-                               last_sector));
+                               last_sector), false);
     assert(rc == 0);
 
     /* TODO: Perhaps verify the primary slot's signature again? */
@@ -2937,9 +2967,8 @@ boot_select_or_erase(struct boot_loader_state *state)
          */
         BOOT_LOG_DBG("Erasing faulty image in the %s slot.",
                      (active_slot == BOOT_PRIMARY_SLOT) ? "primary" : "secondary");
-        rc = flash_area_erase(fap, 0, flash_area_get_size(fap));
+        rc = boot_scramble_region(fap, off, flash_area_get_size(fap), false);
         assert(rc == 0);
-
         rc = -1;
     } else {
         if (active_swap_state->copy_done != BOOT_FLAG_SET) {