This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
laforge gerrit-no-reply at lists.osmocom.orglaforge has submitted this change. ( https://gerrit.osmocom.org/c/osmo-sgsn/+/20790 ) Change subject: Fix crash rx DeactPdpReq while waiting for DeactPdpAck after gtp side is freed ...................................................................... Fix crash rx DeactPdpReq while waiting for DeactPdpAck after gtp side is freed Scenario: 1- For an unknwon reason, sgsn sends DeletePdpCtxReq on GTP towards GGSN. 2- GGSN answers with Error Indication to that pdp ctx which calls gtp_freepdp() 3- gtp_freepdp() calls libgtp callback cb_delete_context() before freeing the pointer, in osmo-sgsn callback points to cb_delete_context(), which removes pctx->ggsn and tries to drop the pdp on the NS side by sending a DeactPdpReq. 4- While waiting for DeactPdpAck, the MS/PCU sends a DeactPdpReq, and code was unconditionalyl trying to release the gtp side without checking if it was alreay released, using pctx->ggsn==NULL and crashing. This is basically the same logic already in place in regular path gsm48_rx_gsm_deact_pdp_ack. Related: OS#4817 Change-Id: I02587a3dc812823d893fc00b904142b75fd190b9 --- M src/sgsn/gprs_sm.c 1 file changed, 5 insertions(+), 1 deletion(-) Approvals: laforge: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/sgsn/gprs_sm.c b/src/sgsn/gprs_sm.c index f8019ab..3bdad3b 100644 --- a/src/sgsn/gprs_sm.c +++ b/src/sgsn/gprs_sm.c @@ -639,7 +639,11 @@ return _gsm48_tx_gsm_deact_pdp_acc(mm, transaction_id); } - return sgsn_delete_pdp_ctx(pdp); + if (pdp->ggsn) + return sgsn_delete_pdp_ctx(pdp); + /* GTP side already detached, freeing */ + sgsn_pdp_ctx_free(pdp); + return 0; } /* 3GPP TS 24.008 § 9.5.9: Deactivate PDP Context Accept */ -- To view, visit https://gerrit.osmocom.org/c/osmo-sgsn/+/20790 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-sgsn Gerrit-Branch: master Gerrit-Change-Id: I02587a3dc812823d893fc00b904142b75fd190b9 Gerrit-Change-Number: 20790 Gerrit-PatchSet: 2 Gerrit-Owner: pespin <pespin at sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge at osmocom.org> Gerrit-MessageType: merged -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20201019/26750c83/attachment.htm>