On Fri, Jun 29, 2018 at 12:57:45PM +0200, Wolfgang Denk wrote:
Dear Joe,
In message CANr=Z=atFzdNO6gNhMgopCHaQ-KXPGMfaOz2+_KCVrKwkMOhuw@mail.gmail.com you wrote:
When using a redundant environment a read error should simply mean to not use that copy instead of giving up completely. The other copy may be just fine.
Signed-off-by: Joe Hershberger joe.hershberger@ni.com Signed-off-by: Ioan-Adrian Ratiu adrian.ratiu@ni.com
Hey Tom, can you pull this in?
NO! Please don't!!
NAK!!
This patch can lead to reading incorrect (old, no longer valid) values without any way for the user to see what is happening.
This must not be done!
I'm not 100% sure, after reading all of the code, if there's a problem. What we indeed do not want to do is be silent in seeing that the first environment location we read from failed. But AFAICT if flash_io returns non-zero we also output something useful to stderr, so it should be visible to the user that something went wrong. The next question is, if half of the redundant environment has failed, is the other half considered valid (so long as the crc passes) or would only the built-in be valid? I would think the other half is the valid one.