<p>fixeria <strong>submitted</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-bts/+/24286">View Change</a></p><div style="white-space:pre-wrap">Approvals:
  Jenkins Builder: Verified
  pespin: Looks good to me, but someone else must approve
  dexter: Looks good to me, but someone else must approve
  fixeria: Looks good to me, approved

</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">osmo-bts-{trx,virtual}: fix: pinst->trx may be NULL<br><br>We assume that it's legal to have dangling PHY instances that are<br>not associated with any TRX instances in the configuration file.<br>Obviously, such PHY instances have pinst->trx set to NULL.<br><br>The DSP based models seem to handle dangling PHY instances without<br>any problems, so let's ensure that we always check pinst->trx<br>against NULL in the osmo-bts-{trx,virtual} specific code.<br><br>Change-Id: Ib7d9cb7ae47fead723fa46454cd64bf6e88756bb<br>Fixes: CID#236092 "Dereference before null check"<br>---<br>M include/osmo-bts/phy_link.h<br>M src/common/scheduler.c<br>M src/osmo-bts-trx/trx_if.c<br>M src/osmo-bts-trx/trx_provision_fsm.c<br>M src/osmo-bts-trx/trx_vty.c<br>M src/osmo-bts-virtual/l1_if.c<br>6 files changed, 24 insertions(+), 9 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/osmo-bts/phy_link.h b/include/osmo-bts/phy_link.h</span><br><span>index c4b60f3..becc442 100644</span><br><span>--- a/include/osmo-bts/phy_link.h</span><br><span>+++ b/include/osmo-bts/phy_link.h</span><br><span>@@ -97,7 +97,7 @@</span><br><span>       struct phy_link *phy_link;</span><br><span> </span><br><span>       /* back-pointer to the TRX to which we're associated */</span><br><span style="color: hsl(0, 100%, 40%);">-     struct gsm_bts_trx *trx;</span><br><span style="color: hsl(120, 100%, 40%);">+      struct gsm_bts_trx *trx; /* NOTE: may be NULL! */</span><br><span> </span><br><span>        union {</span><br><span>              struct {</span><br><span>diff --git a/src/common/scheduler.c b/src/common/scheduler.c</span><br><span>index f5a5b89..4af6457 100644</span><br><span>--- a/src/common/scheduler.c</span><br><span>+++ b/src/common/scheduler.c</span><br><span>@@ -578,6 +578,8 @@</span><br><span> {</span><br><span>     unsigned int tn, i;</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+       OSMO_ASSERT(trx != NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span>  LOGPTRX(trx, DL1C, LOGL_DEBUG, "Init scheduler structures\n");</span><br><span> </span><br><span>         for (tn = 0; tn < ARRAY_SIZE(trx->ts); tn++) {</span><br><span>diff --git a/src/osmo-bts-trx/trx_if.c b/src/osmo-bts-trx/trx_if.c</span><br><span>index ba30bb2..fcad75c 100644</span><br><span>--- a/src/osmo-bts-trx/trx_if.c</span><br><span>+++ b/src/osmo-bts-trx/trx_if.c</span><br><span>@@ -1235,7 +1235,9 @@</span><br><span>        if (!l1h)</span><br><span>            return -EINVAL;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-     trx_sched_init(pinst->trx);</span><br><span style="color: hsl(120, 100%, 40%);">+        /* PHY instance may be not associated with a TRX instance */</span><br><span style="color: hsl(120, 100%, 40%);">+  if (pinst->trx != NULL)</span><br><span style="color: hsl(120, 100%, 40%);">+            trx_sched_init(pinst->trx);</span><br><span> </span><br><span>   rc = trx_if_open(l1h);</span><br><span>       if (rc < 0) {</span><br><span>diff --git a/src/osmo-bts-trx/trx_provision_fsm.c b/src/osmo-bts-trx/trx_provision_fsm.c</span><br><span>index 1e5de2e..070037d 100644</span><br><span>--- a/src/osmo-bts-trx/trx_provision_fsm.c</span><br><span>+++ b/src/osmo-bts-trx/trx_provision_fsm.c</span><br><span>@@ -279,7 +279,10 @@</span><br><span>         l1h->config.trxd_pdu_ver_req = pinst->phy_link->u.osmotrx.trxd_pdu_ver_max;</span><br><span> </span><br><span>     /* Apply initial RFMUTE state */</span><br><span style="color: hsl(0, 100%, 40%);">-        trx_if_cmd_rfmute(l1h, pinst->trx->mo.nm_state.administrative != NM_STATE_UNLOCKED);</span><br><span style="color: hsl(120, 100%, 40%);">+    if (pinst->trx != NULL)</span><br><span style="color: hsl(120, 100%, 40%);">+            trx_if_cmd_rfmute(l1h, pinst->trx->mo.nm_state.administrative != NM_STATE_UNLOCKED);</span><br><span style="color: hsl(120, 100%, 40%);">+    else</span><br><span style="color: hsl(120, 100%, 40%);">+          trx_if_cmd_rfmute(l1h, true);</span><br><span> }</span><br><span> </span><br><span> static void st_open_poweroff(struct osmo_fsm_inst *fi, uint32_t event, void *data)</span><br><span>diff --git a/src/osmo-bts-trx/trx_vty.c b/src/osmo-bts-trx/trx_vty.c</span><br><span>index b85dcdc..2b0913f 100644</span><br><span>--- a/src/osmo-bts-trx/trx_vty.c</span><br><span>+++ b/src/osmo-bts-trx/trx_vty.c</span><br><span>@@ -99,17 +99,23 @@</span><br><span>      struct trx_l1h *l1h = pinst->u.osmotrx.hdl;</span><br><span>       struct gsm_bts_trx *trx = pinst->trx;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-    vty_out(vty, "PHY Instance %s%s",</span><br><span style="color: hsl(0, 100%, 40%);">-             phy_instance_name(pinst), VTY_NEWLINE);</span><br><span style="color: hsl(120, 100%, 40%);">+       vty_out(vty, "PHY Instance '%s': bound to %s%s",</span><br><span style="color: hsl(120, 100%, 40%);">+            phy_instance_name(pinst),</span><br><span style="color: hsl(120, 100%, 40%);">+             gsm_trx_name(trx),</span><br><span style="color: hsl(120, 100%, 40%);">+            VTY_NEWLINE);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+       if (trx != NULL) {</span><br><span style="color: hsl(120, 100%, 40%);">+            const int actual = get_p_actual_mdBm(trx, trx->power_params.p_total_tgt_mdBm);</span><br><span style="color: hsl(120, 100%, 40%);">+             const int max = get_p_max_out_mdBm(trx);</span><br><span style="color: hsl(120, 100%, 40%);">+              vty_out(vty, " tx-attenuation : %d dB%s",</span><br><span style="color: hsl(120, 100%, 40%);">+                   (max - actual) / 1000, VTY_NEWLINE);</span><br><span style="color: hsl(120, 100%, 40%);">+  }</span><br><span> </span><br><span>        if (l1h->config.rxgain_valid)</span><br><span>             vty_out(vty, " rx-gain        : %d dB%s",</span><br><span>                  l1h->config.rxgain, VTY_NEWLINE);</span><br><span>         else</span><br><span>                 vty_out(vty, " rx-gain        : undefined%s", VTY_NEWLINE);</span><br><span style="color: hsl(0, 100%, 40%);">-   vty_out(vty, " tx-attenuation : %d dB%s",</span><br><span style="color: hsl(0, 100%, 40%);">-             (get_p_max_out_mdBm(trx) - get_p_actual_mdBm(trx, trx->power_params.p_total_tgt_mdBm))/1000,</span><br><span style="color: hsl(0, 100%, 40%);">-         VTY_NEWLINE);</span><br><span>        if (l1h->config.maxdly_valid)</span><br><span>             vty_out(vty, " maxdly : %d%s", l1h->config.maxdly,</span><br><span>                      VTY_NEWLINE);</span><br><span>diff --git a/src/osmo-bts-virtual/l1_if.c b/src/osmo-bts-virtual/l1_if.c</span><br><span>index 0fbc35d..444d6ad 100644</span><br><span>--- a/src/osmo-bts-virtual/l1_if.c</span><br><span>+++ b/src/osmo-bts-virtual/l1_if.c</span><br><span>@@ -214,13 +214,15 @@</span><br><span> </span><br><span>       /* iterate over list of PHY instances and initialize the scheduler */</span><br><span>        llist_for_each_entry(pinst, &plink->instances, list) {</span><br><span style="color: hsl(120, 100%, 40%);">+         if (pinst->trx == NULL)</span><br><span style="color: hsl(120, 100%, 40%);">+                    continue;</span><br><span>            trx_sched_init(pinst->trx);</span><br><span>               /* Only start the scheduler for the transceiver on C0.</span><br><span>                * If we have multiple transceivers, CCCH is always on C0</span><br><span>             * and has to be auto active */</span><br><span>              /* Other TRX are activated via OML by a PRIM_INFO_MODIFY</span><br><span>              * / PRIM_INFO_ACTIVATE */</span><br><span style="color: hsl(0, 100%, 40%);">-              if (pinst->trx && pinst->trx == pinst->trx->bts->c0) {</span><br><span style="color: hsl(120, 100%, 40%);">+         if (pinst->trx == pinst->trx->bts->c0) {</span><br><span>                         vbts_sched_start(pinst->trx->bts);</span><br><span>                     /* init lapdm layer 3 callback for the trx on timeslot 0 == BCCH */</span><br><span>                  lchan_init_lapdm(&pinst->trx->ts[0].lchan[CCCH_LCHAN]);</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-bts/+/24286">change 24286</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-bts/+/24286"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: osmo-bts </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ib7d9cb7ae47fead723fa46454cd64bf6e88756bb </div>
<div style="display:none"> Gerrit-Change-Number: 24286 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: fixeria <vyanitskiy@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: dexter <pmaier@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: fixeria <vyanitskiy@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-Reviewer: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>