<p>fixeria <strong>submitted</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-bsc/+/18907">View Change</a></p><div style="white-space:pre-wrap">Approvals:
daniel: Looks good to me, approved
pespin: Looks good to me, but someone else must approve
Jenkins Builder: Verified
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">fix crashes due to OSMO_ASSERT(conn->lchan)<br><br>Starting from ttcn3-bsc-test-sccplite build #777, it was noticed<br>that osmo-bsc crashes with the following message:<br><br> Assert failed conn->lchan include/osmocom/bsc/gsm_data.h:1376<br><br>The cause of this is a recently merged patch that calls conn_get_bts() during<br>assignment_fsm rate counter dispatch:<br>"Count assignment rates per BTS as well"<br>commit b5ccf09fc4042c7fb1fdaaa6263961c40b32564e<br>Change-Id I0009e51d4caf68e762138d98e2e23d49acc3cc1a<br><br>The root cause being that the assignment_fsm attempts to count an Assignment<br>event for a BTS after the lchan has already been released and disassociated<br>from the conn.<br><br>The assertion is found in conn_get_bts(), which is used in various places. In<br>fact, each caller is a potential DoS risk -- though most are in code paths that<br>are guaranteed to have an lchan and bts present, having an OSMO_ASSERT() on the<br>relatively volatile presence of an lchan is not a good idea for osmo-bsc's<br>stability and error resilience.<br><br>- Change conn_get_bts() to return NULL in the lack of an lchan.<br>- Adjust all callers of conn_get_bts() to gracefully handle a NULL return val.<br>- Same for cgi_for_msc() and callers, closely related.<br><br>Here is a backtrace:<br><br> Program received signal SIGABRT<br> pwndbg> bt<br> 0x0000555555be6e52 in conn_get_bts (conn=0x622000057160) at include/osmocom/bsc/gsm_data.h:1376<br> 0x0000555555c1edc8 in assignment_fsm_timer_cb (fi=0x612000060220) at assignment_fsm.c:758<br> 0x00007ffff72b1104 in fsm_tmr_cb (data=0x612000060220) at libosmocore/src/fsm.c:325<br> 0x00007ffff72ab062 in osmo_timers_update () at libosmocore/src/timer.c:257<br> 0x00007ffff72ab5d2 in _osmo_select_main (polling=0) at libosmocore/src/select.c:260<br> 0x00007ffff72abd2f in osmo_select_main_ctx (polling=<optimized out>) at libosmocore/src/select.c:291<br> 0x0000555555e1b81b in main (argc=3, argv=0x7fffffffe1b8) at osmo_bsc_main.c:953<br> 0x00007ffff6752002 in __libc_start_main () from /usr/lib/libc.so.6<br> 0x0000555555b61bbe in _start ()<br><br>In the case of the assignment_fsm counter, we now miss a chance to increase a<br>BTS counter for a failed Assignment, but this is a separate problem. The main<br>point of this patch is that osmo-bsc must not crash.<br><br>Related: OS#4620, OS#4619<br>Patch-by: fixeria<br>Tweaked-by: neels<br>Fixes: I0009e51d4caf68e762138d98e2e23d49acc3cc1a<br>Change-Id: Id681dfb0ad654bdb4b71805d1ad4f39a8bf6bbd1<br>---<br>M include/osmocom/bsc/gsm_data.h<br>M src/osmo-bsc/assignment_fsm.c<br>M src/osmo-bsc/bsc_vty.c<br>M src/osmo-bsc/gsm_08_08.c<br>M src/osmo-bsc/gsm_data.c<br>M src/osmo-bsc/osmo_bsc_bssap.c<br>M src/osmo-bsc/osmo_bsc_filter.c<br>M src/osmo-bsc/osmo_bsc_msc.c<br>M src/osmo-bsc/osmo_bsc_sigtran.c<br>9 files changed, 72 insertions(+), 25 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/osmocom/bsc/gsm_data.h b/include/osmocom/bsc/gsm_data.h</span><br><span>index 8c1c545..ce18d1b 100644</span><br><span>--- a/include/osmocom/bsc/gsm_data.h</span><br><span>+++ b/include/osmocom/bsc/gsm_data.h</span><br><span>@@ -1373,7 +1373,8 @@</span><br><span> </span><br><span> </span><br><span> static inline struct gsm_bts *conn_get_bts(struct gsm_subscriber_connection *conn) {</span><br><span style="color: hsl(0, 100%, 40%);">- OSMO_ASSERT(conn->lchan);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!conn || !conn->lchan)</span><br><span style="color: hsl(120, 100%, 40%);">+ return NULL;</span><br><span> return conn->lchan->ts->trx->bts;</span><br><span> }</span><br><span> </span><br><span>diff --git a/src/osmo-bsc/assignment_fsm.c b/src/osmo-bsc/assignment_fsm.c</span><br><span>index 94dd359..cd5abc8 100644</span><br><span>--- a/src/osmo-bsc/assignment_fsm.c</span><br><span>+++ b/src/osmo-bsc/assignment_fsm.c</span><br><span>@@ -80,7 +80,8 @@</span><br><span> bsc_ctr_description[BSC_##counter].name, \</span><br><span> bsc_ctr_description[BSC_##counter].description); \</span><br><span> rate_ctr_inc(&conn->network->bsc_ctrs->ctr[BSC_##counter]); \</span><br><span style="color: hsl(0, 100%, 40%);">- rate_ctr_inc(&bts->bts_ctrs->ctr[BTS_##counter]); \</span><br><span style="color: hsl(120, 100%, 40%);">+ if (bts) \</span><br><span style="color: hsl(120, 100%, 40%);">+ rate_ctr_inc(&bts->bts_ctrs->ctr[BTS_##counter]); \</span><br><span> } while(0)</span><br><span> </span><br><span> #define assignment_count_result(counter) do { \</span><br><span>diff --git a/src/osmo-bsc/bsc_vty.c b/src/osmo-bsc/bsc_vty.c</span><br><span>index 9896bff..2941e5b 100644</span><br><span>--- a/src/osmo-bsc/bsc_vty.c</span><br><span>+++ b/src/osmo-bsc/bsc_vty.c</span><br><span>@@ -1776,7 +1776,10 @@</span><br><span> </span><br><span> /* Find the connection/lchan that we want to handover */</span><br><span> llist_for_each_entry(conn, &net->subscr_conns, entry) {</span><br><span style="color: hsl(0, 100%, 40%);">- if (conn_get_bts(conn)->nr == bts_nr &&</span><br><span style="color: hsl(120, 100%, 40%);">+ struct gsm_bts *bts = conn_get_bts(conn);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!bts)</span><br><span style="color: hsl(120, 100%, 40%);">+ continue;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (bts->nr == bts_nr &&</span><br><span> conn->lchan->ts->trx->nr == trx_nr &&</span><br><span> conn->lchan->ts->nr == ts_nr && conn->lchan->nr == ss_nr) {</span><br><span> vty_out(vty, "starting %s for lchan %s...%s", action, conn->lchan->name, VTY_NEWLINE);</span><br><span>diff --git a/src/osmo-bsc/gsm_08_08.c b/src/osmo-bsc/gsm_08_08.c</span><br><span>index 3703c76..e288506 100644</span><br><span>--- a/src/osmo-bsc/gsm_08_08.c</span><br><span>+++ b/src/osmo-bsc/gsm_08_08.c</span><br><span>@@ -222,8 +222,9 @@</span><br><span> /* Has the subscriber been paged from a connected MSC? */</span><br><span> if (pdisc == GSM48_PDISC_RR && mtype == GSM48_MT_RR_PAG_RESP) {</span><br><span> subscr = bsc_subscr_find_by_mi(conn->network->bsc_subscribers, &mi);</span><br><span style="color: hsl(0, 100%, 40%);">- if (subscr) {</span><br><span style="color: hsl(0, 100%, 40%);">- msc_target = paging_get_msc(conn_get_bts(conn), subscr);</span><br><span style="color: hsl(120, 100%, 40%);">+ struct gsm_bts *bts = conn_get_bts(conn);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (bts && subscr) {</span><br><span style="color: hsl(120, 100%, 40%);">+ msc_target = paging_get_msc(bts, subscr);</span><br><span> bsc_subscr_put(subscr);</span><br><span> if (is_msc_usable(msc_target, is_emerg)) {</span><br><span> LOG_COMPL_L3(pdisc, mtype, LOGL_DEBUG, "%s matches earlier Paging from msc %d\n",</span><br><span>@@ -356,6 +357,13 @@</span><br><span> {</span><br><span> struct osmo_mobile_identity mi;</span><br><span> struct bsc_subscr *subscr = NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+ struct gsm_bts *bts = conn_get_bts(conn);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!bts) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* should never happen */</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DRSL, LOGL_ERROR, "Paging Response without lchan\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> </span><br><span> if (osmo_mobile_identity_decode_from_l3(&mi, msg, false)) {</span><br><span> LOGP(DRSL, LOGL_ERROR, "Unable to extract Mobile Identity from Paging Response\n");</span><br><span>@@ -370,8 +378,7 @@</span><br><span> return -1;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- paging_request_stop(&conn->network->bts_list, conn_get_bts(conn), subscr, conn,</span><br><span style="color: hsl(0, 100%, 40%);">- msg);</span><br><span style="color: hsl(120, 100%, 40%);">+ paging_request_stop(&conn->network->bts_list, bts, subscr, conn, msg);</span><br><span> bsc_subscr_put(subscr);</span><br><span> return 0;</span><br><span> }</span><br><span>@@ -385,6 +392,11 @@</span><br><span> int8_t rc8;</span><br><span> struct gsm_bts *bts = conn_get_bts(conn);</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ if (!bts) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* should never happen */</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DRSL, LOGL_ERROR, "LU Request without lchan\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> </span><br><span> if (msgb_l3len(msg) < sizeof(*gh) + sizeof(*lu)) {</span><br><span> LOGP(DMSC, LOGL_ERROR, "LU too small to look at: %u\n", msgb_l3len(msg));</span><br><span>@@ -415,6 +427,12 @@</span><br><span> int8_t rc8;</span><br><span> struct gsm_bts *bts = conn_get_bts(conn);</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ if (!bts) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* should never happen */</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DRSL, LOGL_ERROR, "CM Service Request without lchan\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> if (msgb_l3len(msg) < sizeof(*gh) + sizeof(*serv_req)) {</span><br><span> LOGP(DMSC, LOGL_ERROR, "CM Serv Req too small to look at: %u\n", msgb_l3len(msg));</span><br><span> return;</span><br><span>@@ -462,6 +480,15 @@</span><br><span> struct msgb *resp;</span><br><span> struct gsm0808_speech_codec_list scl;</span><br><span> int rc = -2;</span><br><span style="color: hsl(120, 100%, 40%);">+ struct gsm_bts *bts = conn_get_bts(conn);</span><br><span style="color: hsl(120, 100%, 40%);">+ struct osmo_cell_global_id *cgi = cgi_for_msc(conn->sccp.msc, bts);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!bts || !cgi) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* should never happen */</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DMSC, LOGL_ERROR, "Compl L3 without lchan\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ goto early_fail;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> </span><br><span> log_set_context(LOG_CTX_BSC_SUBSCR, conn->bsub);</span><br><span> </span><br><span>@@ -482,9 +509,9 @@</span><br><span> bsc_scan_bts_msg(conn, msg);</span><br><span> </span><br><span> if (gscon_is_aoip(conn)) {</span><br><span style="color: hsl(0, 100%, 40%);">- gen_bss_supported_codec_list(&scl, msc, conn_get_bts(conn));</span><br><span style="color: hsl(120, 100%, 40%);">+ gen_bss_supported_codec_list(&scl, msc, bts);</span><br><span> if (scl.len > 0)</span><br><span style="color: hsl(0, 100%, 40%);">- resp = gsm0808_create_layer3_2(msg, cgi_for_msc(conn->sccp.msc, conn_get_bts(conn)), &scl);</span><br><span style="color: hsl(120, 100%, 40%);">+ resp = gsm0808_create_layer3_2(msg, cgi, &scl);</span><br><span> else {</span><br><span> /* Note: 3GPP TS 48.008 3.2.1.32, COMPLETE LAYER 3 INFORMATION clearly states that</span><br><span> * Codec List (BSS Supported) shall be included, if the radio access network</span><br><span>@@ -492,10 +519,10 @@</span><br><span> * current configuration does not support any voice codecs, in those cases the</span><br><span> * network does not support an IP based user plane interface, and therefore the</span><br><span> * Codec List (BSS Supported) IE can be left out in those situations. */</span><br><span style="color: hsl(0, 100%, 40%);">- resp = gsm0808_create_layer3_2(msg, cgi_for_msc(conn->sccp.msc, conn_get_bts(conn)), NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ resp = gsm0808_create_layer3_2(msg, cgi, NULL);</span><br><span> }</span><br><span> } else</span><br><span style="color: hsl(0, 100%, 40%);">- resp = gsm0808_create_layer3_2(msg, cgi_for_msc(conn->sccp.msc, conn_get_bts(conn)), NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ resp = gsm0808_create_layer3_2(msg, cgi, NULL);</span><br><span> </span><br><span> if (resp)</span><br><span> rc = osmo_fsm_inst_dispatch(conn->fi, GSCON_EV_A_CONN_REQ, resp);</span><br><span>@@ -537,6 +564,12 @@</span><br><span> struct msgb *resp;</span><br><span> struct gsm_bts *bts = conn_get_bts(conn);</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ if (!bts) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* should never happen */</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DMSC, LOGL_ERROR, "Classmark Update without lchan\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> rc8 = osmo_gsm48_rfpowercap2powerclass(bts->band, cm2_parsed->pwr_lev);</span><br><span> if (rc8 < 0) {</span><br><span> LOGP(DMSC, LOGL_NOTICE,</span><br><span>diff --git a/src/osmo-bsc/gsm_data.c b/src/osmo-bsc/gsm_data.c</span><br><span>index 9bf6f82..2098f13 100644</span><br><span>--- a/src/osmo-bsc/gsm_data.c</span><br><span>+++ b/src/osmo-bsc/gsm_data.c</span><br><span>@@ -1721,7 +1721,7 @@</span><br><span> </span><br><span> /* If there's an associated lchan, attempt to update its max power to be</span><br><span> on track with band maximum values */</span><br><span style="color: hsl(0, 100%, 40%);">- if (conn->lchan)</span><br><span style="color: hsl(120, 100%, 40%);">+ if (bts && conn->lchan)</span><br><span> lchan_update_ms_power_ctrl_level(conn->lchan, bts->ms_max_power);</span><br><span> }</span><br><span> </span><br><span>diff --git a/src/osmo-bsc/osmo_bsc_bssap.c b/src/osmo-bsc/osmo_bsc_bssap.c</span><br><span>index 6b225e4..2deb7f4 100644</span><br><span>--- a/src/osmo-bsc/osmo_bsc_bssap.c</span><br><span>+++ b/src/osmo-bsc/osmo_bsc_bssap.c</span><br><span>@@ -478,7 +478,6 @@</span><br><span> struct msgb *msg, unsigned int payload_length)</span><br><span> {</span><br><span> uint16_t len;</span><br><span style="color: hsl(0, 100%, 40%);">- struct gsm_network *network = NULL;</span><br><span> const uint8_t *data;</span><br><span> struct tlv_parsed tp;</span><br><span> struct msgb *resp;</span><br><span>@@ -522,7 +521,6 @@</span><br><span> goto reject;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- network = conn_get_bts(conn)->network;</span><br><span> data = TLVP_VAL(&tp, GSM0808_IE_ENCRYPTION_INFORMATION);</span><br><span> enc_bits_msc = data[0];</span><br><span> enc_key = &data[1];</span><br><span>@@ -540,10 +538,10 @@</span><br><span> /* The bit-mask of permitted ciphers from the MSC (sent in ASSIGNMENT COMMAND) is intersected</span><br><span> * with the vty-configured mask a the BSC. Finally, the best (highest) possible cipher is</span><br><span> * chosen. */</span><br><span style="color: hsl(0, 100%, 40%);">- chosen_cipher = select_best_cipher(enc_bits_msc, network->a5_encryption_mask);</span><br><span style="color: hsl(120, 100%, 40%);">+ chosen_cipher = select_best_cipher(enc_bits_msc, bsc_gsmnet->a5_encryption_mask);</span><br><span> if (chosen_cipher < 0) {</span><br><span> LOGP(DMSC, LOGL_ERROR, "Reject: no overlapping A5 ciphers between BSC (0x%02x) "</span><br><span style="color: hsl(0, 100%, 40%);">- "and MSC (0x%02x)\n", network->a5_encryption_mask, enc_bits_msc);</span><br><span style="color: hsl(120, 100%, 40%);">+ "and MSC (0x%02x)\n", bsc_gsmnet->a5_encryption_mask, enc_bits_msc);</span><br><span> reject_cause = GSM0808_CAUSE_CIPHERING_ALGORITHM_NOT_SUPPORTED;</span><br><span> goto reject;</span><br><span> }</span><br><span>@@ -663,17 +661,23 @@</span><br><span> {</span><br><span> int rc, i, nc = 0;</span><br><span> struct bsc_msc_data *msc;</span><br><span style="color: hsl(120, 100%, 40%);">+ struct gsm_bts *bts = conn_get_bts(conn);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!bts) {</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DMSC, LOGL_ERROR, "No lchan, cannot select codecs\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return -EINVAL;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> </span><br><span> msc = conn->sccp.msc;</span><br><span> </span><br><span> switch (ct->ch_rate_type) {</span><br><span> case GSM0808_SPEECH_FULL_BM:</span><br><span style="color: hsl(0, 100%, 40%);">- rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, conn_get_bts(conn),</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, bts,</span><br><span> RATE_PREF_FR);</span><br><span> nc += (rc == 0);</span><br><span> break;</span><br><span> case GSM0808_SPEECH_HALF_LM:</span><br><span style="color: hsl(0, 100%, 40%);">- rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, conn_get_bts(conn),</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, bts,</span><br><span> RATE_PREF_HR);</span><br><span> nc += (rc == 0);</span><br><span> break;</span><br><span>@@ -681,19 +685,19 @@</span><br><span> case GSM0808_SPEECH_PERM_NO_CHANGE:</span><br><span> case GSM0808_SPEECH_FULL_PREF_NO_CHANGE:</span><br><span> case GSM0808_SPEECH_FULL_PREF:</span><br><span style="color: hsl(0, 100%, 40%);">- rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, conn_get_bts(conn),</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, bts,</span><br><span> RATE_PREF_FR);</span><br><span> nc += (rc == 0);</span><br><span style="color: hsl(0, 100%, 40%);">- rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, conn_get_bts(conn),</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, bts,</span><br><span> RATE_PREF_HR);</span><br><span> nc += (rc == 0);</span><br><span> break;</span><br><span> case GSM0808_SPEECH_HALF_PREF_NO_CHANGE:</span><br><span> case GSM0808_SPEECH_HALF_PREF:</span><br><span style="color: hsl(0, 100%, 40%);">- rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, conn_get_bts(conn),</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, bts,</span><br><span> RATE_PREF_HR);</span><br><span> nc += (rc == 0);</span><br><span style="color: hsl(0, 100%, 40%);">- rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, conn_get_bts(conn),</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = match_codec_pref(&req->ch_mode_rate[nc], ct, &conn->codec_list, msc, bts,</span><br><span> RATE_PREF_FR);</span><br><span> nc += (rc == 0);</span><br><span> break;</span><br><span>diff --git a/src/osmo-bsc/osmo_bsc_filter.c b/src/osmo-bsc/osmo_bsc_filter.c</span><br><span>index 98b5148..08c3a50 100644</span><br><span>--- a/src/osmo-bsc/osmo_bsc_filter.c</span><br><span>+++ b/src/osmo-bsc/osmo_bsc_filter.c</span><br><span>@@ -132,11 +132,12 @@</span><br><span> msc = conn->sccp.msc;</span><br><span> </span><br><span> if (mtype == GSM48_MT_MM_LOC_UPD_ACCEPT) {</span><br><span style="color: hsl(0, 100%, 40%);">- if (has_core_identity(msc)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ struct gsm_bts *bts = conn_get_bts(conn);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (bts && has_core_identity(msc)) {</span><br><span> if (msgb_l3len(msg) >= sizeof(*gh) + sizeof(*lai)) {</span><br><span> /* overwrite LAI in the message */</span><br><span> lai = (struct gsm48_loc_area_id *) &gh->data[0];</span><br><span style="color: hsl(0, 100%, 40%);">- gsm48_generate_lai2(lai, bts_lai(conn_get_bts(conn)));</span><br><span style="color: hsl(120, 100%, 40%);">+ gsm48_generate_lai2(lai, bts_lai(bts));</span><br><span> }</span><br><span> }</span><br><span> return 0;</span><br><span>diff --git a/src/osmo-bsc/osmo_bsc_msc.c b/src/osmo-bsc/osmo_bsc_msc.c</span><br><span>index 9b00ffc..f969146 100644</span><br><span>--- a/src/osmo-bsc/osmo_bsc_msc.c</span><br><span>+++ b/src/osmo-bsc/osmo_bsc_msc.c</span><br><span>@@ -266,6 +266,10 @@</span><br><span> struct osmo_cell_global_id *cgi_for_msc(struct bsc_msc_data *msc, struct gsm_bts *bts)</span><br><span> {</span><br><span> static struct osmo_cell_global_id cgi;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!bts)</span><br><span style="color: hsl(120, 100%, 40%);">+ return NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> cgi.lai.plmn = msc->network->plmn;</span><br><span> if (msc->core_plmn.mcc != GSM_MCC_MNC_INVALID)</span><br><span> cgi.lai.plmn.mcc = msc->core_plmn.mcc;</span><br><span>diff --git a/src/osmo-bsc/osmo_bsc_sigtran.c b/src/osmo-bsc/osmo_bsc_sigtran.c</span><br><span>index f5489e4..43ffae0 100644</span><br><span>--- a/src/osmo-bsc/osmo_bsc_sigtran.c</span><br><span>+++ b/src/osmo-bsc/osmo_bsc_sigtran.c</span><br><span>@@ -311,7 +311,7 @@</span><br><span> return BSC_CON_REJECT_NO_LINK;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (!bsc_grace_allow_new_connection(bts->network, bts)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if (bts && !bsc_grace_allow_new_connection(bts->network, bts)) {</span><br><span> LOGP(DMSC, LOGL_NOTICE, "BSC in grace period. No new connections.\n");</span><br><span> return BSC_CON_REJECT_RF_GRACE;</span><br><span> }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-bsc/+/18907">change 18907</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-bsc/+/18907"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-bsc </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Id681dfb0ad654bdb4b71805d1ad4f39a8bf6bbd1 </div>
<div style="display:none"> Gerrit-Change-Number: 18907 </div>
<div style="display:none"> Gerrit-PatchSet: 6 </div>
<div style="display:none"> Gerrit-Owner: fixeria <vyanitskiy@sysmocom.de> </div>
<div style="display:none"> Gerrit-Assignee: neels <nhofmeyr@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: daniel <dwillmann@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: dexter <pmaier@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: fixeria <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: fixeria <vyanitskiy@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-Reviewer: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-CC: neels <nhofmeyr@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>