Hello,
I want to use the local sims having different MNC/MCC for implementing GPRS
using osmocoms with OpenBTS same as I have used them for GSM calls and sms
using only openBTS. But your site
http://openbsc.osmocom.org/trac/wiki/OpenBSC_GPRS says, "it is currently
not possible". As it is long when posted on this site so I want to ask is
it possible *now* to use the local sims? Hope you have understood my
question. Waiting for your reply. Thanks.
Regards,
Saba Arshad
On Thu, Dec 22, 2016 at 10:15:36AM -0800, scan-admin(a)coverity.com wrote:
> *** CID 158969: Null pointer dereferences (FORWARD_NULL)
> /source-Osmocom/osmo-pcu/src/gprs_rlcmac_sched.cpp: 131 in sched_select_ctrl_msg(unsigned char, unsigned char, unsigned int, unsigned char, gprs_rlcmac_pdch *, gprs_rlcmac_tbf *, gprs_rlcmac_tbf *, gprs_rlcmac_ul_tbf *)()
> 125 struct msgb *msg = NULL;
> 126 struct gprs_rlcmac_tbf *tbf = NULL;
> 127 struct gprs_rlcmac_tbf *next_list[3] = { ul_ass_tbf, dl_ass_tbf, ul_ack_tbf };
> 128
> 129 for (size_t i = 0; i < ARRAY_SIZE(next_list); ++i) {
> 130 tbf = next_list[(pdch->next_ctrl_prio + i) % 3];
> >>> CID 158969: Null pointer dereferences (FORWARD_NULL)
> >>> Comparing "tbf" to null implies that "tbf" might be null.
> 131 if (!tbf)
> 132 continue;
> 133
> 134 /*
> 135 * Assignments for the same direction have lower precedence,
> 136 * because they may kill the TBF when the CONTROL ACK is
Even though coverity triggered on the recent addition of
tbf->ms()->update_dl_ctrl_msg();
in osmo-pcu da7250ad2c1cd5ddc7d3c6e10435a00b357ef8f7, this problem has existed
before. This function is handling the tbf pointer improperly. Let's take a
look:
static struct msgb *sched_select_ctrl_msg(
uint8_t trx, uint8_t ts, uint32_t fn,
uint8_t block_nr, struct gprs_rlcmac_pdch *pdch,
struct gprs_rlcmac_tbf *ul_ass_tbf,
struct gprs_rlcmac_tbf *dl_ass_tbf,
struct gprs_rlcmac_ul_tbf *ul_ack_tbf)
{
struct msgb *msg = NULL;
struct gprs_rlcmac_tbf *tbf = NULL;
This NULL init would only make sense if ARRAY_SIZE(next_list) were zero.
Will not happen.
struct gprs_rlcmac_tbf *next_list[3] = { ul_ass_tbf, dl_ass_tbf, ul_ack_tbf };
for (size_t i = 0; i < ARRAY_SIZE(next_list); ++i) {
tbf = next_list[(pdch->next_ctrl_prio + i) % 3];
if (!tbf)
continue;
/*
* Assignments for the same direction have lower precedence,
* because they may kill the TBF when the CONTROL ACK is
* received, thus preventing the others from being processed.
*/
if (tbf == ul_ass_tbf && tbf->direction == GPRS_RLCMAC_DL_TBF)
if (tbf->ul_ass_state ==
GPRS_RLCMAC_UL_ASS_SEND_ASS_REJ)
msg = ul_ass_tbf->create_packet_access_reject();
else
msg = ul_ass_tbf->create_ul_ass(fn, ts);
else if (tbf == dl_ass_tbf && tbf->direction == GPRS_RLCMAC_UL_TBF)
msg = dl_ass_tbf->create_dl_ass(fn, ts);
else if (tbf == ul_ack_tbf)
msg = ul_ack_tbf->create_ul_ack(fn, ts);
if (!msg) {
tbf = NULL;
If this is not the last for() iteration, setting tbf = NULL makes no sense, it
will be set to next_list[..] at the start of the next iteration.
If this *is* the last iteration, tbf = NULL makes no sense either, because msg
is NULL and tbf will be set to dl_ass_tbf or ul_ass_tbf in the if (!msg) {}
case below.
continue;
}
pdch->next_ctrl_prio += 1;
pdch->next_ctrl_prio %= 3;
break;
}
if (!msg) {
/*
* If one of these is left, the response (CONTROL ACK) from the
* MS will kill the current TBF, only one of them can be
* non-NULL
*/
if (dl_ass_tbf) {
tbf = dl_ass_tbf;
msg = dl_ass_tbf->create_dl_ass(fn, ts);
} else if (ul_ass_tbf) {
tbf = ul_ass_tbf;
msg = ul_ass_tbf->create_ul_ass(fn, ts);
}
}
At this point, tbf may be NULL, either from 'if (!tbf) continue;' in the last
iteration, or because dl_ass_tbf or ul_ass_tbf were NULL. Below code assumes
that tbf is non-NULL and will segfault. Add 'if (!tbf) return NULL' here?
/* any message */
if (msg) {
tbf->rotate_in_list();
LOGP(DRLCMACSCHED, LOGL_DEBUG, "Scheduling control "
"message at RTS for %s (TRX=%d, TS=%d)\n",
tbf_name(tbf), trx, ts);
/* Updates the dl ctrl msg counter for ms */
tbf->ms()->update_dl_ctrl_msg();
return msg;
}
/* schedule PACKET PAGING REQUEST */
msg = pdch->packet_paging_request();
if (msg) {
LOGP(DRLCMACSCHED, LOGL_DEBUG, "Scheduling paging request "
"message at RTS for (TRX=%d, TS=%d)\n", trx, ts);
/* Updates the dl ctrl msg counter for ms */
tbf->ms()->update_dl_ctrl_msg();
return msg;
}
return NULL;
}
@osmo-pcu tbf folks, please fix this potential segmentation fault ASAP.
Thanks!
~N
--
- Neels Hofmeyr <nhofmeyr(a)sysmocom.de> http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschäftsführer / Managing Directors: Harald Welte
Today I looked at enum egprs_puncturing_values by coincidence:
/*
* Valid puncturing scheme values
* TS 44.060 10.4.8a.3.1, 10.4.8a.2.1, 10.4.8a.1.1
*/
enum egprs_puncturing_values {
EGPRS_PS_1,
EGPRS_PS_2,
EGPRS_PS_3,
EGPRS_PS_INVALID,
};
I notice that TS 44.060 10.4.8a.3.1 defines further items besides PS_1, 2 and
3, and that our EGPRS_PS_INVALID occupies the value the spec defines as
"MCS-3/P1". I believe that this is rather unfortunate.
[[[
Table 10.4.8a.3.1: Coding and Puncturing Scheme indicator field for Header type 3
bits
4321 First block CPS
----------------------------
0000 MCS-4/P1
0001 MCS-4/P2
0010 MCS-4/P3
0011 MCS-3/P1
0100 MCS-3/P2
0101 MCS-3/P3
0110 MCS-3/P1 with padding (MCS-8 retransmission)
0111 MCS-3/P2 with padding (MCS-8 retransmission)
1000 MCS-3/P3 with padding (MCS-8 retransmission)
1001 MCS-2/P1
1010 MCS-2/P2
1011 MCS-1/P1
1100 MCS-1/P2
NOTE: All the other values are reserved for future use
The bit numbering is relative to the field position.
]]]
I would prefer EGPRS_PS_INVALID=-1 (i.e. outside the spec's value range) and
the other enum values named appropriately, like EGPRS_MSC4_P1, so that our enum
actually reflects the spec as advertised. Is there something I'm missing?
These enum values were added in:
commit 7a05b039c835868eff34308d861edfeb28d1763b
Author: Aravind Sirsikar <arvind.sirsikar(a)radisys.com>
Date: Wed Mar 23 18:29:45 2016 +0530
Thanks,
~N
--
- Neels Hofmeyr <nhofmeyr(a)sysmocom.de> http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschäftsführer / Managing Directors: Harald Welte
Hi,
in the wake of https://gerrit.osmocom.org/1411 I have some more comments on the
code that seem to large for the gerrit edit field.
I said in that patch comment that gprs_rlc_mcs_cps() must check that it isn't
using INVALID enum values in its bitfield calculations. Furthermore:
The bit fields are obtained by modulo calculation on enum values. This seems
unnecessarily complex and error prone, it is hard to figure out for a reader.
The relation is quite direct though, e.g. for EGPRS_MAX_PS_NUM_2 it means that
PS_1 and PS_3 mean + 0, PS_2 means + 1. I wish that were easier to see. It
would be good to prepare that above the switch() and use it below instead of
duplicating the same calculation numerous times.
Thirdly, for enum egprs_puncturing_values, the comment refers to TS 44.060
10.4.8a.3.1, 10.4.8a.2.1, 10.4.8a.1.1. When reading the first time, I saw table
10.4.8a.3.1 reflecting the names found in the table: PS1, PS2 and PS3. And it
appeared that there are values missing. Typically, when we place a spec
reference on an enum in Osmocom code, it means that this enum *exactly*
represents the given table. This enum, however, is "merely" an internal
indicator, later translated into the table's bit values. The enum definitions
should have a comment sort of like "Puncturing scheme values. See
gprs_rlc_mcs_cps()" without TS table references, and TS refs should be with
that function.
It's also not helpful to place references to two more tables in the comment:
the reader is left guessing what the exact relation is. If more than one TS
table is involved, the comment should explain the relation.
Cosmetic: the switch() statement in that function has line breaking
that doesn't match Osmocom coding style, making it even harder to read.
These are things we missed when accepting these changes. It would be nice to
get them fixed at some point.
Thanks!
~N
--
- Neels Hofmeyr <nhofmeyr(a)sysmocom.de> http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschäftsführer / Managing Directors: Harald Welte
Dear Osmocom Community,
[please respect the Reply-To and post all follow-up discussion to this
to openbsc(a)lists.osmocom.org, so we avoid having long threads
cross-posted to several mailing lists.]
>From 2012 to 2016 we were running a series of small, invitation-only
Osmocom Developer Conferences. Access was intentionally restricted
to those community members who have demonstrated an existing track
record of contribution to any of the projects under the Osmocom
umbrella.
This format of a small, tightly knit group of about 20 people has been
successful over the years, and I have received a lot of positive
feedback from past participants.
On the other hand, the Osmocom project has grown in scope and diversity,
and some of those projects don't have all that much relationship to each
other - except being started by people from within the same group.
There's the cellular communications (GSM/GPRS/EDGE/UMTS and hopefully at
some point LTE) protocols which is attracting a lot of professional
users. And then there's pure community projects like rtl-sdr,
OsmocomBB, OsmocomGMR and many other efforts.
Particularly the cellular infrastructure projects (OsmoBTS, OsmoPCU,
OsmoBTS, OsmoNITB, OsmoSGSN, OpenGGSN, OsmoIuh & co) are somehow
"standing out" of the othe projects in the context of having a wider
user bsae, and in that user base also primarily commercial users.
So I'd like to start a discussion on how to possibly change the event
format to accomodate the various interests and parties. I definitely
don't want to loose the "annual meeting of old friends" atmosphere,
while at the same time also opening up to other interested parties.
One idea would be to keep OsmoDevCon as-is and have a separate event
where non-contributing/developing users / sysadmins / system integrators
could also be attending.
Another idea would be to split into a 'user day' and 'developer days'
format. This is something the netfilter developer workshops have been
using for many years, and from my limited insight quite successfully so.
The "user day" is more like a traditional tech conference, with a large
auditorium and talks oriented towards users / sysadmins / integrators of
the software. The "developer days" are the invitation-only part, for
known contributing developers only, similar to what we have at
OsmoDevCon.
Having both events (or both parts of an event) back-to-back has the
advantage that a large number of potential speakers for the 'user day'
are already present, and they don't have to travel yet another time.
One could even structure it further and say we have one user day, one
public 'Osmocom cellular developer day' and then the closed 'OsmoDevCon
classic', maybe reduced from 4 days to 3 or even 2 days only?
What is the general opinion about this?
Are there people lurking on this list who would be interested in
attending a public 'user day' or even 'developer day' about the Osmocom
cellular projects, with presentations and workshops around topics such
as running Osmocom based cellular networks?
In terms of when/where, I would suggest to keep the tradition of April
in Berlin/Germany. But I'm of course very happy if somebody wants to
host it some place else...
Regards, and looking forward to meeting you [again] in 2017,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)