<p>laforge <strong>submitted</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-bts/+/25674">View Change</a></p><div style="white-space:pre-wrap">Approvals:
laforge: Looks good to me, approved
pespin: Looks good to me, but someone else must approve
Jenkins Builder: Verified
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">rsl: prevent race condition during timeslot re-configuration<br><br>It may happen that the BSC requests logical channel activation on a<br>dynamic timeslot, which is in a process of switching from one pchan<br>type to another due to a preceding channel activation request.<br><br>In this case 'struct gsm_bts_trx_ts' already holds an msgb with the<br>preceding RSL CHANnel ACTIVation message, that is normally handled<br>once the PHY completes the process of timeslot re-configuration.<br><br>On receipt of subsequent RSL CHANnel ACTIVation messages, in function<br>dyn_ts_l1_reconnect() we overwrite the preceeding msgb (memleak), by<br>the most recent one. And once the timeslot re-configuration is done,<br>only the most recent CHANnel ACTIVation message gets ACKed.<br><br>In order to avoid this, let's move the msgb ownership to 'struct<br>gsm_lchan', so it cannot be overwritten by the CHANnel ACTIVation<br>message that is related to a different lchan on the same timeslot.<br><br>Change-Id: Ia625c2827fca883ea712076706d5ef21ed793ba6<br>Related: I3b602ac9dbe0ab3e80eb30de573c9b48a79872d8<br>Fixes: OS#5245<br>---<br>M include/osmo-bts/gsm_data.h<br>M include/osmo-bts/lchan.h<br>M src/common/rsl.c<br>3 files changed, 22 insertions(+), 19 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/osmo-bts/gsm_data.h b/include/osmo-bts/gsm_data.h</span><br><span>index ad0f78d..dcb357f 100644</span><br><span>--- a/include/osmo-bts/gsm_data.h</span><br><span>+++ b/include/osmo-bts/gsm_data.h</span><br><span>@@ -83,7 +83,6 @@</span><br><span> struct {</span><br><span> enum gsm_phys_chan_config pchan_is;</span><br><span> enum gsm_phys_chan_config pchan_want;</span><br><span style="color: hsl(0, 100%, 40%);">- struct msgb *pending_chan_activ;</span><br><span> } dyn;</span><br><span> </span><br><span> unsigned int flags;</span><br><span>diff --git a/include/osmo-bts/lchan.h b/include/osmo-bts/lchan.h</span><br><span>index 4cf957a..fdb3144 100644</span><br><span>--- a/include/osmo-bts/lchan.h</span><br><span>+++ b/include/osmo-bts/lchan.h</span><br><span>@@ -278,6 +278,8 @@</span><br><span> int s;</span><br><span> /* Kind of the release/activation. E.g. RSL or PCU */</span><br><span> enum lchan_rel_act_kind rel_act_kind;</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Pending RSL CHANnel ACTIVation message */</span><br><span style="color: hsl(120, 100%, 40%);">+ struct msgb *pending_chan_activ;</span><br><span> /* RTP header Marker bit to indicate beginning of speech after pause */</span><br><span> bool rtp_tx_marker;</span><br><span> </span><br><span>diff --git a/src/common/rsl.c b/src/common/rsl.c</span><br><span>index f03d510..229a2af 100644</span><br><span>--- a/src/common/rsl.c</span><br><span>+++ b/src/common/rsl.c</span><br><span>@@ -1523,7 +1523,7 @@</span><br><span> * Store the CHAN_ACTIV msg, connect the L1 timeslot in the proper type and</span><br><span> * then invoke rsl_rx_chan_activ() with msg.</span><br><span> */</span><br><span style="color: hsl(0, 100%, 40%);">-static int dyn_ts_l1_reconnect(struct gsm_bts_trx_ts *ts, struct msgb *msg)</span><br><span style="color: hsl(120, 100%, 40%);">+static int dyn_ts_l1_reconnect(struct gsm_bts_trx_ts *ts)</span><br><span> {</span><br><span> DEBUGP(DRSL, "%s dyn_ts_l1_reconnect\n", gsm_ts_and_pchan_name(ts));</span><br><span> </span><br><span>@@ -1544,9 +1544,6 @@</span><br><span> return -EINVAL;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- /* We will feed this back to rsl_rx_chan_activ() later */</span><br><span style="color: hsl(0, 100%, 40%);">- ts->dyn.pending_chan_activ = msg;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> /* Disconnect, continue connecting from cb_ts_disconnected(). */</span><br><span> DEBUGP(DRSL, "%s Disconnect\n", gsm_ts_and_pchan_name(ts));</span><br><span> return bts_model_ts_disconnect(ts);</span><br><span>@@ -1652,9 +1649,12 @@</span><br><span> * mode than this activation needs it to be.</span><br><span> * Re-connect, then come back to rsl_rx_chan_activ().</span><br><span> */</span><br><span style="color: hsl(0, 100%, 40%);">- rc = dyn_ts_l1_reconnect(ts, msg);</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = dyn_ts_l1_reconnect(ts);</span><br><span> if (rc)</span><br><span> return rsl_tx_chan_act_nack(lchan, RSL_ERR_NORMAL_UNSPEC);</span><br><span style="color: hsl(120, 100%, 40%);">+ /* will be fed back to rsl_rx_chan_activ() later */</span><br><span style="color: hsl(120, 100%, 40%);">+ OSMO_ASSERT(lchan->pending_chan_activ == NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ lchan->pending_chan_activ = msg;</span><br><span> /* indicate that the msgb should not be freed. */</span><br><span> return 1;</span><br><span> }</span><br><span>@@ -3181,8 +3181,7 @@</span><br><span> </span><br><span> static void osmo_dyn_ts_connected(struct gsm_bts_trx_ts *ts, int rc)</span><br><span> {</span><br><span style="color: hsl(0, 100%, 40%);">- struct msgb *msg = ts->dyn.pending_chan_activ;</span><br><span style="color: hsl(0, 100%, 40%);">- ts->dyn.pending_chan_activ = NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+ unsigned int ln;</span><br><span> </span><br><span> if (rc) {</span><br><span> LOGP(DRSL, LOGL_NOTICE, "%s PDCH ACT OSMO operation failed (%d) in bts model\n",</span><br><span>@@ -3191,20 +3190,23 @@</span><br><span> return;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (!msg) {</span><br><span style="color: hsl(0, 100%, 40%);">- LOGP(DRSL, LOGL_ERROR,</span><br><span style="color: hsl(0, 100%, 40%);">- "%s TS re-connected, but no chan activ msg pending\n",</span><br><span style="color: hsl(0, 100%, 40%);">- gsm_ts_and_pchan_name(ts));</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> ts->dyn.pchan_is = ts->dyn.pchan_want;</span><br><span> DEBUGP(DRSL, "%s Connected\n", gsm_ts_and_pchan_name(ts));</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- /* continue where we left off before re-connecting the TS. */</span><br><span style="color: hsl(0, 100%, 40%);">- rc = rsl_rx_chan_activ(msg);</span><br><span style="color: hsl(0, 100%, 40%);">- if (rc != 1)</span><br><span style="color: hsl(0, 100%, 40%);">- msgb_free(msg);</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Handle postponed RSL CHANnel ACTIVation messages (if any) */</span><br><span style="color: hsl(120, 100%, 40%);">+ for (ln = 0; ln < ARRAY_SIZE(ts->lchan); ln++) {</span><br><span style="color: hsl(120, 100%, 40%);">+ struct gsm_lchan *lchan = &ts->lchan[ln];</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (lchan->pending_chan_activ == NULL)</span><br><span style="color: hsl(120, 100%, 40%);">+ continue;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ struct msgb *msg = lchan->pending_chan_activ;</span><br><span style="color: hsl(120, 100%, 40%);">+ lchan->pending_chan_activ = NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Continue where we left off before re-connecting the TS */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (rsl_rx_chan_activ(msg) != 1)</span><br><span style="color: hsl(120, 100%, 40%);">+ msgb_free(msg);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> }</span><br><span> </span><br><span> void cb_ts_connected(struct gsm_bts_trx_ts *ts, int rc)</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-bts/+/25674">change 25674</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-bts/+/25674"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-bts </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ia625c2827fca883ea712076706d5ef21ed793ba6 </div>
<div style="display:none"> Gerrit-Change-Number: 25674 </div>
<div style="display:none"> Gerrit-PatchSet: 5 </div>
<div style="display:none"> Gerrit-Owner: fixeria <vyanitskiy@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: dexter <pmaier@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-Reviewer: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-CC: neels <nhofmeyr@sysmocom.de> </div>
<div style="display:none"> Gerrit-CC: osmith <osmith@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>