<p>tnt <strong>submitted</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-bsc/+/18009">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Jenkins Builder: Verified
pespin: Looks good to me, but someone else must approve
tnt: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">bts_nokia_site: Fix LAPD segfault during reset procedure<br><br>The existing Nokia *Site code destroyed the LAPD SAP instance for OML<br>while processing an OML message. Once the stack frame returned back<br>to the LAPD code, the LAPD SAP was gone -> segfault.<br><br>Let's work around this by moving deletion of the LAPD SAP out-of-line<br>by starting a timer 0ms in the future. Not particularly nice, but<br>effective.<br><br>Change-Id: I6270c7210f600e53f845561898245d2fd30a368d<br>Closes: OS#1761<br>---<br>M include/osmocom/bsc/gsm_data.h<br>M src/osmo-bsc/bts_nokia_site.c<br>2 files changed, 32 insertions(+), 25 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/osmocom/bsc/gsm_data.h b/include/osmocom/bsc/gsm_data.h</span><br><span>index 6996905..1d02e39 100644</span><br><span>--- a/include/osmocom/bsc/gsm_data.h</span><br><span>+++ b/include/osmocom/bsc/gsm_data.h</span><br><span>@@ -1143,7 +1143,7 @@</span><br><span> no_loc_rel_cnf:1, /* don't wait for RSL REL CONF */</span><br><span> bts_reset_timer_cnf, /* timer for BTS RESET */</span><br><span> did_reset:1, /* we received a RESET ACK */</span><br><span style="color: hsl(0, 100%, 40%);">- wait_reset:1; /* we are waiting for reset to complete */</span><br><span style="color: hsl(120, 100%, 40%);">+ wait_reset:2; /* we are waiting for reset to complete */</span><br><span> struct osmo_timer_list reset_timer;</span><br><span> } nokia;</span><br><span> };</span><br><span>diff --git a/src/osmo-bsc/bts_nokia_site.c b/src/osmo-bsc/bts_nokia_site.c</span><br><span>index 66972c2..cde0afa 100644</span><br><span>--- a/src/osmo-bsc/bts_nokia_site.c</span><br><span>+++ b/src/osmo-bsc/bts_nokia_site.c</span><br><span>@@ -41,6 +41,12 @@</span><br><span> </span><br><span> #include <osmocom/abis/lapd.h></span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+enum reset_timer_state {</span><br><span style="color: hsl(120, 100%, 40%);">+ RESET_T_NONE = 0,</span><br><span style="color: hsl(120, 100%, 40%);">+ RESET_T_STOP_LAPD = 1, /* first timer expiration: stop LAPD SAP */</span><br><span style="color: hsl(120, 100%, 40%);">+ RESET_T_RESTART_LAPD = 2, /* second timer expiration: restart LAPD SAP */</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /* TODO: put in a separate file ? */</span><br><span> </span><br><span> extern int abis_nm_sendmsg(struct gsm_bts *bts, struct msgb *msg);</span><br><span>@@ -1461,18 +1467,28 @@</span><br><span> struct gsm_e1_subslot *e1_link = &bts->oml_e1_link;</span><br><span> struct e1inp_line *line;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- bts->nokia.wait_reset = 0;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> /* OML link */</span><br><span> line = e1inp_line_find(e1_link->e1_nr);</span><br><span> if (!line) {</span><br><span style="color: hsl(0, 100%, 40%);">- LOGP(DLINP, LOGL_ERROR, "BTS %u OML link referring to "</span><br><span style="color: hsl(0, 100%, 40%);">- "non-existing E1 line %u\n", bts->nr, e1_link->e1_nr);</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DLINP, LOGL_ERROR, "BTS %u OML link referring to non-existing E1 line %u\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ bts->nr, e1_link->e1_nr);</span><br><span> return;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- start_sabm_in_line(line, 0, -1); /* stop all first */</span><br><span style="color: hsl(0, 100%, 40%);">- start_sabm_in_line(line, 1, SAPI_OML); /* start only OML */</span><br><span style="color: hsl(120, 100%, 40%);">+ switch (bts->nokia.wait_reset) {</span><br><span style="color: hsl(120, 100%, 40%);">+ case RESET_T_NONE: /* shouldn't happen */</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ case RESET_T_STOP_LAPD:</span><br><span style="color: hsl(120, 100%, 40%);">+ start_sabm_in_line(line, 0, -1); /* stop all first */</span><br><span style="color: hsl(120, 100%, 40%);">+ bts->nokia.wait_reset = RESET_T_RESTART_LAPD;</span><br><span style="color: hsl(120, 100%, 40%);">+ osmo_timer_schedule(&bts->nokia.reset_timer, bts->nokia.bts_reset_timer_cnf, 0);</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ case RESET_T_RESTART_LAPD:</span><br><span style="color: hsl(120, 100%, 40%);">+ bts->nokia.wait_reset = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ start_sabm_in_line(line, 0, -1); /* stop all first */</span><br><span style="color: hsl(120, 100%, 40%);">+ start_sabm_in_line(line, 1, SAPI_OML); /* start only OML */</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> }</span><br><span> </span><br><span> /* TODO: put in a separate file ? */</span><br><span>@@ -1574,25 +1590,16 @@</span><br><span> (function handle_ts1_read()) and ignoring the received data.</span><br><span> It seems to be necessary for the MetroSite too.</span><br><span> */</span><br><span style="color: hsl(0, 100%, 40%);">- bts->nokia.wait_reset = 1;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- osmo_timer_setup(&bts->nokia.reset_timer,</span><br><span style="color: hsl(0, 100%, 40%);">- reset_timer_cb, bts);</span><br><span style="color: hsl(0, 100%, 40%);">- osmo_timer_schedule(&bts->nokia.reset_timer, bts->nokia.bts_reset_timer_cnf, 0);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- struct gsm_e1_subslot *e1_link = &bts->oml_e1_link;</span><br><span style="color: hsl(0, 100%, 40%);">- struct e1inp_line *line;</span><br><span style="color: hsl(0, 100%, 40%);">- /* OML link */</span><br><span style="color: hsl(0, 100%, 40%);">- line = e1inp_line_find(e1_link->e1_nr);</span><br><span style="color: hsl(0, 100%, 40%);">- if (!line) {</span><br><span style="color: hsl(0, 100%, 40%);">- LOGP(DLINP, LOGL_ERROR,</span><br><span style="color: hsl(0, 100%, 40%);">- "BTS %u OML link referring to "</span><br><span style="color: hsl(0, 100%, 40%);">- "non-existing E1 line %u\n", bts->nr,</span><br><span style="color: hsl(0, 100%, 40%);">- e1_link->e1_nr);</span><br><span style="color: hsl(0, 100%, 40%);">- return -ENOMEM;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- start_sabm_in_line(line, 0, -1); /* stop all first */</span><br><span style="color: hsl(120, 100%, 40%);">+ /* we cannot delete / stop the OML LAPD SAP right here, as we are in</span><br><span style="color: hsl(120, 100%, 40%);">+ * the middle of processing an LAPD I frame and are subsequently returning</span><br><span style="color: hsl(120, 100%, 40%);">+ * back to the LAPD I frame processing code that assumes the SAP is still</span><br><span style="color: hsl(120, 100%, 40%);">+ * active. So we first schedule the timer at 0ms in the future, where we</span><br><span style="color: hsl(120, 100%, 40%);">+ * kill all LAPD SAP and re-arm the timer for the reset duration, after which</span><br><span style="color: hsl(120, 100%, 40%);">+ * we re-create them */</span><br><span style="color: hsl(120, 100%, 40%);">+ bts->nokia.wait_reset = RESET_T_STOP_LAPD;</span><br><span style="color: hsl(120, 100%, 40%);">+ osmo_timer_setup(&bts->nokia.reset_timer, reset_timer_cb, bts);</span><br><span style="color: hsl(120, 100%, 40%);">+ osmo_timer_schedule(&bts->nokia.reset_timer, 0, 0);</span><br><span> }</span><br><span> </span><br><span> /* ACK for CONF DATA message ? */</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-bsc/+/18009">change 18009</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-bsc/+/18009"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-bsc </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I6270c7210f600e53f845561898245d2fd30a368d </div>
<div style="display:none"> Gerrit-Change-Number: 18009 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-Reviewer: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: tnt <tnt@246tNt.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>