Change in osmo-pcu[master]: NACC: Send only Pkt Cell Chg Continue if SI retrieve fails

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

pespin gerrit-no-reply at lists.osmocom.org
Fri Jan 29 14:05:01 UTC 2021


pespin has submitted this change. ( https://gerrit.osmocom.org/c/osmo-pcu/+/22451 )

Change subject: NACC: Send only Pkt Cell Chg Continue if SI retrieve fails
......................................................................

NACC: Send only Pkt Cell Chg Continue if SI retrieve fails

If fore some reason we fail to fetch SI of target cell, we move
directly to NACC_ST_TX_CELL_CHG_CONTINUE in order to submit a Cell
Change Continue against the MS without providing any Packet Neighbor
Cell Data beforehand, as per spec that's probably the best we can do
in this scenario (TS 44.060):
"""
1)  The network responds with a PACKET CELL CHANGE CONTINUE message.
If a mobile station as response to a PACKET CELL CHANGE NOTIFICATION
message receives a PACKET CELL CHANGE CONTINUE message without receiving
any neighbour cell system information, the mobile station shall stop timer
T3208, stop timer T3210 if still running, leave CCN mode and continue cell
reselection in NC0/NC1 mode.
"""

This commit also fixes a use-after-free triggered by TTCN3 test
TC_nacc_outbound_rac_ci-resolve_fail_parse_response, where the "cmd"
pointer passed to nacc_fsm_ctrl_reply_cb() was freed during FSM
termination (its talloc ctx was under ctx->neigh_ctrl_conn) and the
libosmocore code calling that callback was later on accessing
cmd->defer.
Since due to this change the FSM is no longer syncrhonously freed, the
issue is gone.

Related: SYS#4909
Change-Id: Ie3f12a08ad611b1086d3f4ab7c3d34af43c07961
---
M src/nacc_fsm.c
1 file changed, 5 insertions(+), 5 deletions(-)

Approvals:
  Jenkins Builder: Verified
  pespin: Looks good to me, approved
  fixeria: Looks good to me, but someone else must approve
  laforge: Looks good to me, but someone else must approve



diff --git a/src/nacc_fsm.c b/src/nacc_fsm.c
index 85e29c5..fcf4b58 100644
--- a/src/nacc_fsm.c
+++ b/src/nacc_fsm.c
@@ -342,7 +342,7 @@
 
 err_term:
 	talloc_free(cmd);
-	osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL);
+	nacc_fsm_state_chg(fi, NACC_ST_TX_CELL_CHG_CONTINUE);
 }
 
 
@@ -383,14 +383,14 @@
 
 	/* SI info not in cache, resolve it using RIM procedure against SGSN */
 	if (fill_rim_ran_info_req(ctx, &pdu) < 0) {
-		osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL);
+		nacc_fsm_state_chg(fi, NACC_ST_TX_CELL_CHG_CONTINUE);
 		return;
 	}
 
 	rc = bssgp_tx_rim(&pdu, gprs_ns2_nse_nsei(ctx->ms->bts->nse));
 	if (rc < 0) {
 		LOGPFSML(fi, LOGL_ERROR, "Failed transmitting RIM PDU: %d\n", rc);
-		osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL);
+		nacc_fsm_state_chg(fi, NACC_ST_TX_CELL_CHG_CONTINUE);
 		return;
 	}
 }
@@ -578,7 +578,7 @@
 		 cmd->type, cmd->variable, osmo_escape_str(cmd->reply, -1));
 
 	if (cmd->type != CTRL_TYPE_GET_REPLY || !cmd->reply) {
-		osmo_fsm_inst_term(ctx->fi, OSMO_FSM_TERM_ERROR, NULL);
+		nacc_fsm_state_chg(ctx->fi, NACC_ST_TX_CELL_CHG_CONTINUE);
 		return;
 	}
 
@@ -618,7 +618,7 @@
 
 free_ret:
 	talloc_free(tmp);
-	osmo_fsm_inst_term(ctx->fi, OSMO_FSM_TERM_ERROR, NULL);
+	nacc_fsm_state_chg(ctx->fi, NACC_ST_TX_CELL_CHG_CONTINUE);
 	return;
 }
 

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-pcu/+/22451
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-pcu
Gerrit-Branch: master
Gerrit-Change-Id: Ie3f12a08ad611b1086d3f4ab7c3d34af43c07961
Gerrit-Change-Number: 22451
Gerrit-PatchSet: 4
Gerrit-Owner: pespin <pespin at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanitskiy at sysmocom.de>
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210129/7566a8ab/attachment.htm>


More information about the gerrit-log mailing list