This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
pespin gerrit-no-reply at lists.osmocom.orgpespin has submitted this change. ( https://gerrit.osmocom.org/c/osmo-pcu/+/22451 ) Change subject: NACC: Send only Pkt Cell Chg Continue if SI retrieve fails ...................................................................... NACC: Send only Pkt Cell Chg Continue if SI retrieve fails If fore some reason we fail to fetch SI of target cell, we move directly to NACC_ST_TX_CELL_CHG_CONTINUE in order to submit a Cell Change Continue against the MS without providing any Packet Neighbor Cell Data beforehand, as per spec that's probably the best we can do in this scenario (TS 44.060): """ 1) The network responds with a PACKET CELL CHANGE CONTINUE message. If a mobile station as response to a PACKET CELL CHANGE NOTIFICATION message receives a PACKET CELL CHANGE CONTINUE message without receiving any neighbour cell system information, the mobile station shall stop timer T3208, stop timer T3210 if still running, leave CCN mode and continue cell reselection in NC0/NC1 mode. """ This commit also fixes a use-after-free triggered by TTCN3 test TC_nacc_outbound_rac_ci-resolve_fail_parse_response, where the "cmd" pointer passed to nacc_fsm_ctrl_reply_cb() was freed during FSM termination (its talloc ctx was under ctx->neigh_ctrl_conn) and the libosmocore code calling that callback was later on accessing cmd->defer. Since due to this change the FSM is no longer syncrhonously freed, the issue is gone. Related: SYS#4909 Change-Id: Ie3f12a08ad611b1086d3f4ab7c3d34af43c07961 --- M src/nacc_fsm.c 1 file changed, 5 insertions(+), 5 deletions(-) Approvals: Jenkins Builder: Verified pespin: Looks good to me, approved fixeria: Looks good to me, but someone else must approve laforge: Looks good to me, but someone else must approve diff --git a/src/nacc_fsm.c b/src/nacc_fsm.c index 85e29c5..fcf4b58 100644 --- a/src/nacc_fsm.c +++ b/src/nacc_fsm.c @@ -342,7 +342,7 @@ err_term: talloc_free(cmd); - osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL); + nacc_fsm_state_chg(fi, NACC_ST_TX_CELL_CHG_CONTINUE); } @@ -383,14 +383,14 @@ /* SI info not in cache, resolve it using RIM procedure against SGSN */ if (fill_rim_ran_info_req(ctx, &pdu) < 0) { - osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL); + nacc_fsm_state_chg(fi, NACC_ST_TX_CELL_CHG_CONTINUE); return; } rc = bssgp_tx_rim(&pdu, gprs_ns2_nse_nsei(ctx->ms->bts->nse)); if (rc < 0) { LOGPFSML(fi, LOGL_ERROR, "Failed transmitting RIM PDU: %d\n", rc); - osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL); + nacc_fsm_state_chg(fi, NACC_ST_TX_CELL_CHG_CONTINUE); return; } } @@ -578,7 +578,7 @@ cmd->type, cmd->variable, osmo_escape_str(cmd->reply, -1)); if (cmd->type != CTRL_TYPE_GET_REPLY || !cmd->reply) { - osmo_fsm_inst_term(ctx->fi, OSMO_FSM_TERM_ERROR, NULL); + nacc_fsm_state_chg(ctx->fi, NACC_ST_TX_CELL_CHG_CONTINUE); return; } @@ -618,7 +618,7 @@ free_ret: talloc_free(tmp); - osmo_fsm_inst_term(ctx->fi, OSMO_FSM_TERM_ERROR, NULL); + nacc_fsm_state_chg(ctx->fi, NACC_ST_TX_CELL_CHG_CONTINUE); return; } -- To view, visit https://gerrit.osmocom.org/c/osmo-pcu/+/22451 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-pcu Gerrit-Branch: master Gerrit-Change-Id: Ie3f12a08ad611b1086d3f4ab7c3d34af43c07961 Gerrit-Change-Number: 22451 Gerrit-PatchSet: 4 Gerrit-Owner: pespin <pespin at sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy at sysmocom.de> Gerrit-Reviewer: laforge <laforge at osmocom.org> Gerrit-Reviewer: pespin <pespin at sysmocom.de> Gerrit-MessageType: merged -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210129/7566a8ab/attachment.htm>