Page 1 of 1

Aborting an OTA update

Posted: Thu Feb 02, 2017 3:00 pm
by aschweiz
Hi,

correct me if I'm wrong, but it seems there's no way to abort a running over-the-air update, for example if a write fails:

- just calling esp_ota_begin again will leak memory and crash the application after a few re-tries
- calling esp_ota_end doesn't release the memory if the secure bootloader is in use

IMO, esp_ota_end should either release the memory and return an error, or there should be another function like esp_ota_abort to cancel an ongoing OTA update.

@Espressif, could you please have a look at this?

Thanks and greetings
Andreas

Code from esp_ota_end:

Code: Select all

esp_err_t esp_ota_end(esp_ota_handle_t handle)
{
    ota_ops_entry_t *it;
    for (it = LIST_FIRST(&s_ota_ops_entries_head); it != NULL; it = LIST_NEXT(it, entries)) {
        if (it->handle == handle) {
            // an ota handle need to be ended after erased and wrote data in it
            if ((it->erased_size == 0) || (it->wrote_size == 0)) {
                return ESP_ERR_INVALID_ARG;
            }

#ifdef CONFIG_SECUREBOOTLOADER
            esp_err_t ret;
            size_t image_size;
            if (esp_image_basic_verify(it->part.address, &image_size) != ESP_OK) {
                return ESP_ERR_OTA_VALIDATE_FAILED;
            }
            ret = esp_secure_boot_verify_signature(it->part.address, image_size);
            if (ret != ESP_OK) {
                return ESP_ERR_OTA_VALIDATE_FAILED;
            }
#endif

            LIST_REMOVE(it, entries);
            break;
        }
    }

    if (it == NULL) {
        return ESP_ERR_NOT_FOUND;
    }

    free(it);
    return ESP_OK;
}

Re: Aborting an OTA update

Posted: Thu Feb 02, 2017 10:43 pm
by ESP_Angus
Hi Andreas,

Thanks for reporting this. The memory leak on esp_ota_end is indeed a bug, we'll look into it.

Angus