cellular-infrastructure
/
osmo-bsc
mirror of https://gerrit.osmocom.org/osmo-bsc
9
0
Fork 0
Code Issues Releases Wiki Activity

lchan/gscon: always clear both cross ref pointers 

During specific release scenarios, it became clear that an lchan still
pointed at a conn even after it had been deallocated. That was due to
setting conn->lchan = NULL but not lchan->conn = NULL. Fix that.

Do lchan_forget_conn() first, because during gscon_forget_lchan() we may
enter the gscon clearing dance, which in case of no SCCP conn being
present will soon / should immediately deallocate the conn.

Related: OS#5337
Related: I8c8537acf6b47b121903197608636c43ae601a57 (osmo-bsc)
Change-Id: Idbfe4672233ba8105eff5ba77ee07fd871358255
This commit is contained in:
Neels Hofmeyr 2021-12-13 17:00:05 +01:00 committed by laforge
parent 9aed5f541f
commit 3b4b7c1efd
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/osmo-bsc/lchan_fsm.c
View File

@ -478,8 +478,11 @@ static void lchan_reset(struct gsm_lchan *lchan)
{
LOG_LCHAN(lchan, LOGL_DEBUG, "Clearing lchan state\n");
if (lchan->conn)
gscon_forget_lchan(lchan->conn, lchan);
if (lchan->conn) {
struct gsm_subscriber_connection *conn = lchan->conn;
lchan_forget_conn(lchan);
gscon_forget_lchan(conn, lchan);
}
if (lchan->rqd_ref) {
talloc_free(lchan->rqd_ref);
@ -1392,8 +1395,9 @@ static void lchan_fsm_wait_rf_release_ack_onenter(struct osmo_fsm_inst *fi, uint
* lchan_reset(), we make sure it does. But in case of releases from error handling, the
* conn might as well notice now already that its lchan is becoming unusable. */
if (lchan->conn) {
gscon_forget_lchan(lchan->conn, lchan);
struct gsm_subscriber_connection *conn = lchan->conn;
lchan_forget_conn(lchan);
gscon_forget_lchan(conn, lchan);
}
rc = rsl_tx_rf_chan_release(lchan);