<p>pespin <strong>submitted</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-bsc/+/25693">View Change</a></p><div style="white-space:pre-wrap">Approvals:
  osmith: Looks good to me, but someone else must approve
  pespin: Looks good to me, approved; Verified

</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">bts_trx: Fix timeslot_fsm not properly freed during trx free() [1/4]<br><br>osmo_fsm_inst_free() must be called explicitly, otherwise the instance<br>is kept in the llist of instances and produces heap-use-after-free.<br><br>Note: This fix is required by follow-up patches where some stubs are removed<br>and hence some tests start using FSMs internally. Due to this bug, tests<br>will crash due to reason explain in previous paragraph.<br><br>This patch itself may introduced failures to build due to some new<br>interdependencies being introduced in same follow-up patches mentioned<br>above, which are in turn fixed by this present patch.<br>So they are expected to be merged together.<br><br>Change-Id: Ib0e5560efe518833f76f846d7269e82d85c186a1<br>---<br>M include/osmocom/bsc/timeslot_fsm.h<br>M src/osmo-bsc/bts_trx.c<br>M src/osmo-bsc/timeslot_fsm.c<br>3 files changed, 10 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/osmocom/bsc/timeslot_fsm.h b/include/osmocom/bsc/timeslot_fsm.h</span><br><span>index f5e4b4c..1831537 100644</span><br><span>--- a/include/osmocom/bsc/timeslot_fsm.h</span><br><span>+++ b/include/osmocom/bsc/timeslot_fsm.h</span><br><span>@@ -45,6 +45,7 @@</span><br><span> void ts_fsm_init();</span><br><span> </span><br><span> void ts_fsm_alloc(struct gsm_bts_trx_ts *ts);</span><br><span style="color: hsl(120, 100%, 40%);">+void ts_fsm_free(struct gsm_bts_trx_ts *ts);</span><br><span> </span><br><span> bool ts_is_capable_of_pchan(struct gsm_bts_trx_ts *ts, enum gsm_phys_chan_config pchan);</span><br><span> bool ts_is_capable_of_lchant(struct gsm_bts_trx_ts *ts, enum gsm_chan_t type);</span><br><span>diff --git a/src/osmo-bsc/bts_trx.c b/src/osmo-bsc/bts_trx.c</span><br><span>index 9f8837b..9b90c91 100644</span><br><span>--- a/src/osmo-bsc/bts_trx.c</span><br><span>+++ b/src/osmo-bsc/bts_trx.c</span><br><span>@@ -50,6 +50,7 @@</span><br><span>                       osmo_fsm_inst_free(ts->mo.fi);</span><br><span>                    ts->mo.fi = NULL;</span><br><span>                 }</span><br><span style="color: hsl(120, 100%, 40%);">+             ts_fsm_free(ts);</span><br><span>     }</span><br><span>    return 0;</span><br><span> }</span><br><span>diff --git a/src/osmo-bsc/timeslot_fsm.c b/src/osmo-bsc/timeslot_fsm.c</span><br><span>index adca31d..8d256bb 100644</span><br><span>--- a/src/osmo-bsc/timeslot_fsm.c</span><br><span>+++ b/src/osmo-bsc/timeslot_fsm.c</span><br><span>@@ -66,6 +66,14 @@</span><br><span>         ts_fsm_update_id(ts);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+void ts_fsm_free(struct gsm_bts_trx_ts *ts)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+        if (ts->fi) {</span><br><span style="color: hsl(120, 100%, 40%);">+              osmo_fsm_inst_free(ts->fi);</span><br><span style="color: hsl(120, 100%, 40%);">+                ts->fi = NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+     }</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> enum lchan_sanity {</span><br><span>        LCHAN_IS_INSANE = -1,</span><br><span>        LCHAN_IS_READY_TO_GO,</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-bsc/+/25693">change 25693</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-bsc/+/25693"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: osmo-bsc </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ib0e5560efe518833f76f846d7269e82d85c186a1 </div>
<div style="display:none"> Gerrit-Change-Number: 25693 </div>
<div style="display:none"> Gerrit-PatchSet: 4 </div>
<div style="display:none"> Gerrit-Owner: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: dexter <pmaier@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: fixeria <vyanitskiy@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: osmith <osmith@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>