This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHello Max, Neels Hofmeyr, Jenkins Builder,
I'd like you to reexamine a change. Please visit
https://gerrit.osmocom.org/5030
to look at the new patch set (#4).
DTX: avoid illegal character contained in DTX FSM allocation which causes BTS crash
Problem:
lchan->tch.dtx.dl_amr_fsm struct failed to allocate in l1sap_chan_act routine
in l1sap.c due to illegal characters contained in lchan->name which are passed to
osmo_fsm_inst_alloc routine. As a result, lchan->tch.dtx.dl_amr_fsm is NULL
causing BTS crashed (SEG FAULT) when trying to access this struct.
Below is snapshot of crash log obtained by GDB:
...
Fri Nov 24 18:13:55 2017 <0000> rsl.c:1653 payload type: 98
Fri Nov 24 18:13:55 2017 <0000> rsl.c:1463 (bts=0,trx=0,ts=2,ss=0)
RSL Tx IPAC_MDCX_ACK (local 127.0.0.1:11538, remote 127.0.0.1:30012)
Program received signal SIGSEGV, Segmentation fault.
0x00031930 in dtx_dl_amr_fsm_step (lchan=lchan at entry=0xb69592a8,
rtp_pl=rtp_pl at entry=0x87ae8 " \024\351Y\363_\337\345\351f\177\373\300\210\201\200\210",
rtp_pl_len=17, fn=1728481, l1_payload=0x10dd25 "", marker=marker at entry=true,
len=len at entry=0x10ddc4 "\024", ft_out=0xbefff7d7 "\002",
ft_out at entry=0xbefff7cf "\276\341_\032") at msg_utils.c:233
233 msg_utils.c: No such file or directory.
...
Fix:
* Use different formatting for lchan name passed to osmo_fsm_inst_alloc routine
* Refuse channel activation if FSM could not be generated (as opposed to crash)
Related: OS#2606
Reported-by: Minh-Quang Nguyen <minh-quang.nguyen at nutaq.com>
Change-Id: I929ce3703dc57acf8db569ae0e346265644d0b3c
---
M src/common/l1sap.c
1 file changed, 10 insertions(+), 2 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/30/5030/4
diff --git a/src/common/l1sap.c b/src/common/l1sap.c
index d294110..18aee93 100644
--- a/src/common/l1sap.c
+++ b/src/common/l1sap.c
@@ -1354,12 +1354,20 @@
return -RSL_ERR_EQUIPMENT_FAIL;
/* Init DTX DL FSM if necessary */
- if (trx->bts->dtxd && lchan->type != GSM_LCHAN_SDCCH)
+ if (trx->bts->dtxd && lchan->type != GSM_LCHAN_SDCCH) {
+ char name[32];
+ snprintf(name, sizeof(name), "bts%u-trx%u-ts%u-ss%u", lchan->ts->trx->bts->nr,
+ lchan->ts->trx->nr, lchan->ts->nr, lchan->nr);
lchan->tch.dtx.dl_amr_fsm = osmo_fsm_inst_alloc(&dtx_dl_amr_fsm,
tall_bts_ctx,
lchan,
LOGL_DEBUG,
- lchan->name);
+ name);
+ if (!lchan->tch.dtx.dl_amr_fsm) {
+ l1sap_chan_act_dact_modify(trx, chan_nr, PRIM_INFO_DEACTIVATE, 0);
+ return -RSL_ERR_EQUIPMENT_FAIL;
+ }
+ }
return 0;
}
--
To view, visit https://gerrit.osmocom.org/5030
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I929ce3703dc57acf8db569ae0e346265644d0b3c
Gerrit-PatchSet: 4
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Owner: Minh-Quang Nguyen <minh-quang.nguyen at nutaq.com>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Minh-Quang Nguyen <minh-quang.nguyen at nutaq.com>
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>