[S] Change in osmo-msc[master]: vlr: Stop silent call before deduping subscribers - gerrit-log

24 Oct 2025

osmith has submitted this change. ( https://gerrit.osmocom.org/c/osmo-msc/+/41131?usp=email )
Change subject: vlr: Stop silent call before deduping subscribers
......................................................................
vlr: Stop silent call before deduping subscribers
Before this fix, A use count mismatch could be reached by:
* Completing a location updating procedure with TMSI.
* Disconnecting from the BTS.
* Starting a silent call from the MSC.
* Registering again with the same IMSI but a different TMSI.
This would cause the a new subscriber to be created without
the silent call use count, which in turn would cause the
assert in `vlr_subscr_put` in `trans_free` to fail with use count of -1.
Change-Id: If23f8b0e42d4a3a8bf1c8f5ca81b045834b6cccd
---
M include/osmocom/msc/silent_call.h
M src/libmsc/silent_call.c
M src/libvlr/vlr.c
3 files changed, 18 insertions(+), 0 deletions(-)
Approvals:
  laforge: Looks good to me, but someone else must approve
  osmith: Looks good to me, approved
  Jenkins Builder: Verified

diff --git a/include/osmocom/msc/silent_call.h b/include/osmocom/msc/silent_call.h
index fb53e90..6aea4c6 100644
--- a/include/osmocom/msc/silent_call.h
+++ b/include/osmocom/msc/silent_call.h
@@ -10,6 +10,7 @@
    struct vty *vty);
extern int gsm_silent_call_stop(struct vlr_subscr *vsub);
+extern int gsm_silent_call_is_ongoing(struct vlr_subscr *vsub);
void trans_silent_call_free(struct gsm_trans *trans);
diff --git a/src/libmsc/silent_call.c b/src/libmsc/silent_call.c
index 327ed7f..9b89a62 100644
--- a/src/libmsc/silent_call.c
+++ b/src/libmsc/silent_call.c
@@ -186,3 +186,13 @@
    trans_free(trans);
    return 0;
 }
+
+/* Does the subscriber have an ongoing silent call transaction? */
+int gsm_silent_call_is_ongoing(struct vlr_subscr *vsub)
+{
+	struct msc_a *msc_a = msc_a_for_vsub(vsub, true);
+	if (!msc_a)
+		return false;
+
+	return trans_find_by_type(msc_a, TRANS_SILENT_CALL) != NULL;
+}
diff --git a/src/libvlr/vlr.c b/src/libvlr/vlr.c
index c9055dc..21f9fc6 100644
--- a/src/libvlr/vlr.c
+++ b/src/libvlr/vlr.c
@@ -36,6 +36,7 @@
 #include <osmocom/vlr/vlr.h>
 #include <osmocom/gsupclient/gsup_client_mux.h>
 #include <osmocom/msc/paging.h>
+#include <osmocom/msc/silent_call.h>
#include <netinet/in.h>
 #include <arpa/inet.h>
@@ -642,6 +643,12 @@
    if (!strcmp(vsub->imsi, imsi))
    	return;
+	/* If the same subscriber has silent call (probably pending) stop the silent call to prevent
+	 * use count mismatch when freeing the transaction. */
+	exists = vlr_subscr_find_by_imsi(vsub->vlr, imsi, NULL);
+	if (gsm_silent_call_is_ongoing(exists))
+		gsm_silent_call_stop(exists);
+
    /* We've just learned about this new IMSI, our primary key in the VLR. make sure to invalidate any prior VLR
     * entries for this IMSI. */
    exists = vlr_subscr_find_by_imsi(vsub->vlr, imsi, NULL);
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/41131?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: merged
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Change-Id: If23f8b0e42d4a3a8bf1c8f5ca81b045834b6cccd
Gerrit-Change-Number: 41131
Gerrit-PatchSet: 3
Gerrit-Owner: matanp matan1008@gmail.com
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria vyanitskiy@sysmocom.de
Gerrit-Reviewer: jolly andreas@eversberg.eu
Gerrit-Reviewer: laforge laforge@osmocom.org
Gerrit-Reviewer: lynxis lazus lynxis@fe80.eu
Gerrit-Reviewer: neels nhofmeyr@sysmocom.de
Gerrit-Reviewer: osmith osmith@sysmocom.de
Gerrit-CC: pespin pespin@sysmocom.de



    