Attention is currently required from: fixeria, fixeria, laforge, pespin.

pespin uploaded patch set #6 to the change originally created by fixeria.

View Change

The following approvals got outdated and were removed: Code-Review+1 by fixeria, Verified+1 by Jenkins Builder

trx_if: Allow calling trx_if_flush/close from within TRXC callback (v2)

- If the llist is flushed during rx rsp callback, when the flow is
  returned to trx_ctrl_read_cb() it would access tcm which was in the
llist and end up in use-after-free.
- We need to store state on whether code path is inside the read_cb in
  order to:
-- Delay transmission of new message if callback calls trx_if_flush()
   followed by trx_ctrl_send(), since the trx_ctrl_send() at the end of
   trx_ctrl_read_cb would retransmit it again immediatelly.
-- Avoid accessing tcm pointer if the callback called trx_if_flush(),
   since it has been freed.

Related: OS#6020
Change-Id: Ibdffa4644aa3a7d219452644d3e74b411734f1df
---
M src/osmo-bts-trx/l1_if.h
M src/osmo-bts-trx/trx_if.c
2 files changed, 52 insertions(+), 7 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/52/32552/6

To view, visit change 32552. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Change-Id: Ibdffa4644aa3a7d219452644d3e74b411734f1df
Gerrit-Change-Number: 32552
Gerrit-PatchSet: 6
Gerrit-Owner: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <axilirator@gmail.com>
Gerrit-Reviewer: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>
Gerrit-CC: daniel <dwillmann@sysmocom.de>
Gerrit-Attention: laforge <laforge@osmocom.org>
Gerrit-Attention: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Attention: pespin <pespin@sysmocom.de>
Gerrit-Attention: fixeria <axilirator@gmail.com>
Gerrit-MessageType: newpatchset