OpenBSC November 2014

openbsc@lists.osmocom.org

6 participants
16 discussions

by Ciaby

I'm trying to build debian packages of OpenBSC. The test suite is failing on the gbproxy test (core dump). Attached is the testsuite.log file. Cheers Ciaby

10 years, 7 months

[PATCH] Fix debian packaging

by Ciaby

- Added debian/libosmosim0.install - Added libosmosim definition in debian/control --- debian/control | 6 ++++++ debian/libosmosim0.install | 1 + 2 files changed, 7 insertions(+) create mode 100644 debian/libosmosim0.install diff --git a/debian/control b/debian/control index cde3713..ccc7331 100644 --- a/debian/control +++ b/debian/control @@ -50,6 +50,12 @@ Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Osmo control library +Package: libosmosim0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Osmo SIM library + Package: libosmocore-dev Section: libdevel Architecture: any diff --git a/debian/libosmosim0.install b/debian/libosmosim0.install new file mode 100644 index 0000000..8f29c4d --- /dev/null +++ b/debian/libosmosim0.install @@ -0,0 +1 @@ +usr/lib/libosmosim*.so.* -- 1.7.9.5

10 years, 7 months

Possible crash/malfunction in the handover code

by Ciaby

We have been experiencing problems with osmo-nitb since we enabled handover. Sometimes osmo-nitb crashes, and our users have reported the fact that sometimes they end up listening to someone's else conversation. This started to happen since we enabled handover. This is the backtrace i got from a core dump of osmo-nitb: (gdb) bt #0 subscr_name (subscr=0x0) at gsm_subscriber_base.c:47 #1 0x00000000004079e3 in ho_gsm48_ho_compl (new_lchan=0x7fb1a80dd0b0) at handover_logic.c:259 #2 ho_logic_sig_cb (signal_data=<optimized out>, signal=<optimized out>, subsys=<optimized out>, handler_data=<optimized out>) at handover_logic.c:353 #3 ho_logic_sig_cb (subsys=<optimized out>, signal=<optimized out>, handler_data=<optimized out>, signal_data=<optimized out>) at handover_logic.c:335 #4 0x00007fb1a76dccec in osmo_signal_dispatch (subsys=4, signal=3, signal_data=0x7ffffe668090) at signal.c:105 #5 0x0000000000408d25 in handle_rr_ho_compl (msg=<optimized out>) at bsc_api.c:524 #6 dispatch_dtap (msg=0x2436980, link_id=<optimized out>, conn=0xc8e070) at bsc_api.c:583 #7 gsm0408_rcvmsg (msg=0x2436980, link_id=<optimized out>) at bsc_api.c:657 #8 0x000000000041fde1 in abis_rsl_rx_rll (msg=0x2436980) at abis_rsl.c:1682 #9 abis_rsl_rcvmsg (msg=0x2436980) at abis_rsl.c:2093 #10 0x00007fb1a74cce5a in handle_ts1_read (bfd=0x90d6b8) at input/ipaccess.c:469 #11 ipaccess_fd_cb (bfd=0x90d6b8, what=1) at input/ipaccess.c:603 #12 0x00007fb1a76dca11 in osmo_select_main (polling=0) at select.c:158 #13 0x0000000000406e34 in main (argc=<optimized out>, argv=0x7ffffe6684f8) at bsc_hack.c:354 Any clue about why this is happening? Cheers Ciaby

10 years, 7 months

Possible crash/malfunction in the handover code

by Ciaby

10 years, 7 months

[PATCH] bsc: Fix use-after-free on OML NM messages from the BTS

by Jacob Erlbeck

Currently the sign_link pointer is dereferenced after a call to osmo_signal_dispatch, which can indirectly call e1inp_sign_link_destroy. If that happens, accessing *sign_link is illegal and can lead to a segmentation violation. Since only the bts pointer is needed from sign_link after the call to osmo_signal_dispatch, this patch changes abis_nm_rcvmsg_fom to save that pointer to a local variable earlier. Addresses: <0019> input/ipa.c:250 accept()ed new link from 192.168.1.101 to port 3002 SET ATTR NACK CAUSE=Message cannot be performed <0005> bsc_init.c:52 Got a NACK going to drop the OML links. <001b> bsc_init.c:319 Lost some E1 TEI link: 1 0xb351a830 ================================================================= ==13198== ERROR: AddressSanitizer: heap-use-after-free on address 0xb5d1bc70 at pc 0x80a6e3d bp 0xbfbb33d8 sp 0xbfbb33cc Sponsored-by: On-Waves ehf --- openbsc/src/libbsc/abis_nm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/openbsc/src/libbsc/abis_nm.c b/openbsc/src/libbsc/abis_nm.c index 3bf55ec..89ffea4 100644 --- a/openbsc/src/libbsc/abis_nm.c +++ b/openbsc/src/libbsc/abis_nm.c @@ -565,6 +565,8 @@ static int abis_nm_rcvmsg_fom(struct msgb *mb) struct abis_om_fom_hdr *foh = msgb_l3(mb); struct e1inp_sign_link *sign_link = mb->dst; uint8_t mt = foh->msg_type; + /* sign_link might get deleted via osmo_signal_dispatch -> save bts */ + struct gsm_bts *bts = sign_link->trx->bts; int ret = 0; /* check for unsolicited message */ @@ -593,7 +595,7 @@ static int abis_nm_rcvmsg_fom(struct msgb *mb) nack_data.mt = mt; nack_data.bts = sign_link->trx->bts; osmo_signal_dispatch(SS_NM, S_NM_NACK, &nack_data); - abis_nm_queue_send_next(sign_link->trx->bts); + abis_nm_queue_send_next(bts); return 0; } #if 0 @@ -636,7 +638,7 @@ static int abis_nm_rcvmsg_fom(struct msgb *mb) break; } - abis_nm_queue_send_next(sign_link->trx->bts); + abis_nm_queue_send_next(bts); return ret; } -- 1.9.1

10 years, 7 months

[PATCH] bssgp: Fix VTY command 'show bssgp nsei N'

by Jacob Erlbeck

Currently this command segfaults (at least when ASAN is enabled), because when getting the NSEI the index to argv is wrong and out of bounds. This patch fixes the offset. Sponsored-by: On-Waves ehf --- src/gb/gprs_bssgp_vty.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gb/gprs_bssgp_vty.c b/src/gb/gprs_bssgp_vty.c index 656c05e..88ae49f 100644 --- a/src/gb/gprs_bssgp_vty.c +++ b/src/gb/gprs_bssgp_vty.c @@ -135,7 +135,7 @@ DEFUN(show_bvc, show_bvc_cmd, "show bssgp nsei <0-65535> [stats]", "The NSEI\n" "Include Statistics\n") { struct bssgp_bvc_ctx *bvc; - uint16_t nsei = atoi(argv[1]); + uint16_t nsei = atoi(argv[0]); int show_stats = 0; if (argc >= 2) -- 1.9.1

10 years, 7 months

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

OpenBSC November 2014