pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-hnbgw/+/29336 )

Change subject: hnb_context_release(): Make sure assigned conn is freed ......................................................................

hnb_context_release(): Make sure assigned conn is freed

Otherwise, some paths calling hnb_context_release() (like failing to transmit HNB-REGISTER-REJECT) would end up with a conn object alive with no assigned hnb_context, which is something not wanted.

This way life conn object always has an associated hnb_context, and they are only disassociated during synchronous release path.

Related: OS#5676 Change-Id: I44fea7ec74f14e0458861c92da4acf685ff695c1 --- M src/osmo-hnbgw/hnbgw.c 1 file changed, 13 insertions(+), 3 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-hnbgw refs/changes/36/29336/1

diff --git a/src/osmo-hnbgw/hnbgw.c b/src/osmo-hnbgw/hnbgw.c index 3e94e7f..15f3d27 100644 --- a/src/osmo-hnbgw/hnbgw.c +++ b/src/osmo-hnbgw/hnbgw.c @@ -300,9 +300,14 @@ static int hnb_closed_cb(struct osmo_stream_srv *conn) { struct hnb_context *hnb = osmo_stream_srv_get_data(conn); + if (!hnb) + return 0; /* hnb_context is being freed, nothing do be done */

- if (hnb) - hnb_context_release(hnb); + /* hnb: conn became broken, let's release the associated hnb. + * conn object is being freed after closed_cb(), so unassign it from hnb + * if available to avoid it freeing it again: */ + hnb->conn = NULL; + hnb_context_release(hnb);

return 0; } @@ -364,7 +369,12 @@ context_map_deactivate(map); } ue_context_free_by_hnb(ctx->gw, ctx); - osmo_stream_srv_set_data(ctx->conn, NULL); + + if (ctx->conn) { /* we own a conn, we must free it: */ + /* Avoid our closed_cb to call hnb_context_release() again: */ + osmo_stream_srv_set_data(ctx->conn, NULL); + osmo_stream_srv_destroy(ctx->conn); + } /* else: we are called from closed_cb, so conn is being freed separately */

talloc_free(ctx); }