cellular-infrastructure
/
osmo-bsc
mirror of https://gerrit.osmocom.org/osmo-bsc
9
0
Fork 0
Code Issues Releases Wiki Activity
6,700 Commits 65 Branches 117 Tags 59 MiB
Commit Graph

6700 Commits

Author SHA1 Message Date
Philipp Maier 67e47c6076 codec_pref: Add Codec List to COMPLETE LAYER 3 INFORMATION 
The COMPLETE LAYER 3 INFORMATION message lacks the Codec List (BSS Supported)
information element. This information element is mandatory for networks
that use an IP based user plane (AoIP).

- Add function to generate the speech codec list from the current codec
  settings (Available codecs)
- Generate and embed information element in L3 Compl. message

Depends: libosmocore I4e656731b16621736c7a2f4e64d9ce63b1064e98

Change-Id: Id6f2af3fdab45bf05f06aec03e222734d7a4cf70
Related: OS#3548
 2018-09-24 11:35:52 +02:00
Philipp Maier 5a43b55a8e gsm_data.c: Set reasonable AMR codec defaults in gsm_bts_alloc() 
At the moment we do not initalize the struct members mr_full and mr_half
in struct gsm_bts. The user still has the option to configure reasonable
values via vty, but when not VTY configuration is made, the flags for
the AMR rates will be all zero. Lets initalize the struct members with
reasonable defaults.

- Make sure gsm_bts_alloc() populates fr_half and fr_full with
  reasonable defaults.

Change-Id: I68747ae6dd2582e2a7d60337d9f2c43bd06ac525
Related: OS#3548
 2018-09-24 11:35:52 +02:00
Philipp Maier 878954a1b3 assignment_fsm: only include speech codec (choosen) on AoIP networks 
The field speech codec (choosen) in the ASSIGNMENT COMPLETE message
has been specified with AoIP. Since sccp-lite has been specified before
AoIP, we should not include the speech codec (choosen) field in the
ASSIGNMENT COMPLETE, when osmo-bsc is connected to an sccp-lite based
network.

- make sure speech codec (choosen) is only included on AoIP based
  networks

Change-Id: Ic7f28aacc953d96ebf3aa04f3e1810475458c1a8
 2018-09-24 09:25:13 +02:00
Neels Hofmeyr e2209c20c5 Implement RR Classmark Enquiry 
If the MSC sends a BSSMAP Classmark Request, send an RR Classmark Enquiry to
the MS.

(The reverse direction, i.e. sending a BSSMAP Classmark Update back to the MSC,
is already implemented.)

Related: OS#3043 (A5/3 encryption)
Related: osmo-ttcn3-hacks Idaab4d568cf986b4897ba008f6262c839d1592fb
Change-Id: If5db638fd6e8d9c2ef9e139e99f0fabe1ef16ddf
 2018-09-18 14:34:32 +02:00
Philipp Maier ef121b2408 gsm_data: remove unused struct member chan_mode 
Remove unused gsm_subscriber_connection.user_plane.chan_mode.
There is only one VTY command that displays it along other
parameters, but it is used no where else. Lets remove it.

It was forgotten to be removed in:

commit 31f525e756
Date   Mon May 14 18:14:15 2018 +0200
"large refactoring: use FSMs for lchans; add inter-BSC HO"
change-id I82e3f918295daa83274a4cf803f046979f284366

Change-Id: I10049c14ea206a4daafbdad01634d57c72a79d7c
 2018-09-17 14:55:13 +02:00
Philipp Maier 7f52bdadbd gsm_data: remove unused struct member full_rate. 
Remove unused member gsm_subscriber_connection.user_plane.full_rate.

It was forgotten to be removed in:

commit 31f525e756
Date   Mon May 14 18:14:15 2018 +0200
"large refactoring: use FSMs for lchans; add inter-BSC HO"
change-id I82e3f918295daa83274a4cf803f046979f284366

Change-Id: I3a14efe0039ff4690e27e3b083eb23c1b2a616c3
 2018-09-17 14:54:40 +02:00
Philipp Maier bf39996dd0 LCLS: fix codec mismatch detection 
gsm_subscriber_connection.user_plane.chan_mode and .full_rate were unused
since and forgotten to be removed in:

commit 31f525e756
Date   Mon May 14 18:14:15 2018 +0200
"large refactoring: use FSMs for lchans; add inter-BSC HO"

Instead of above unused struct members, use lchan->{full_rate,tch_mode}.

When not explicitly allowed via VTY settings, the LCLS mechanisms will
avoid to locally switch connections with different codecs/rates. For
example GSM HR and GSM FR would not be locally switched.

Change-Id: Idd7117092b1f170d5029303ae5ba0a49e02a8bfb
Related: OS#1602
 2018-09-17 12:48:29 +00:00
Philipp Maier 63c81ef0ef codec_pref: fix missing breaks in switch-case statement 
In function test_codec_support_bts() the switch case statement lacks
break; statements for some cases. This may lead into messed up codec
decisions.

- Add missing break statements

Change-Id: Ib5400a0a0a8a39fa714bd087df345160bed5cc61
 2018-09-14 20:05:18 +02:00
Philipp Maier f96c04a198 codec_pref: add AMR configuration bits to make_scl_config() in unit-test 
The the function make_scl_config() is used to generate realistically
looking speech codec lists to perform the unit tests for codec_pref.c.
This function does not yet populate the S0-S15 bits for AMR codecs. Lets
make sure that at least the default configuration is populated here.

Change-Id: I534239416c038ea856c128659f314aa521f85c15
 2018-09-14 20:05:02 +02:00
Philipp Maier 5a87137aad codec_pref: fix typo in comment 
Change-Id: Ie4ea8179395cd331dad4b62227debb026b5b008c
 2018-09-14 09:03:41 +02:00
Pau Espin f552166c62 Install sample cfg file to /etc/osmocom 
Change-Id: I87bc40fafa6269d99ccbfe49a61fc7ae4da62e80
 2018-09-13 13:58:26 +00:00
Pau Espin d58ddb2c4e Install systemd services with autotools 
Change-Id: I015ac3fbe5adc551b76bac5c15ad93d30d0d2b6e
 2018-09-13 13:58:26 +00:00
Neels Hofmeyr 526b4a5f35 ts,lchan_fsm: do not attempt to allocate CBCH subslots 
In case a given channel combination contains a CBCH, it replaces sub-slot 2
with a CBCH, i.e. we must not attempt to allocate the same for SDCCH.

On timeslot initialization, immediately place such an lchan FSM into new state
LCHAN_ST_CBCH, so that it never appears unused and never is picked during
lchan_select(). Also set lchan->type = GSM_LCHAN_CBCH.

Verified by configuring CBCH timeslots and watching 'show lchan summary'.

Immediately after RSL and OML are up, these pchan types show lchan 2 in state
CBCH:

  BTS 0, TRX 0, Timeslot 0 CCCH+SDCCH4+CBCH, Lchan 2, Type CBCH, State CBCH - L1 MS Power: 0 dBm RXL-FULL-dl: -110 dBm RXL-FULL-ul: -110 dBm
  BTS 0, TRX 0, Timeslot 1 SDCCH8+CBCH, Lchan 2, Type CBCH, State CBCH - L1 MS Power: 0 dBm RXL-FULL-dl: -110 dBm RXL-FULL-ul: -110 dBm

With a 'phys_chan_config ccch+sdcch4+cbch' and three phones simultaneously
requesting USSD, I see:

  BTS 0, TRX 0, Timeslot 0 CCCH+SDCCH4+CBCH, Lchan 0, Type SDCCH, State ESTABLISHED - L1 MS Power: 14 dBm RXL-FULL-dl:  -53 dBm RXL-FULL-ul:  -47 dBm
  BTS 0, TRX 0, Timeslot 0 CCCH+SDCCH4+CBCH, Lchan 1, Type SDCCH, State ESTABLISHED - L1 MS Power: 30 dBm RXL-FULL-dl:  -47 dBm RXL-FULL-ul:  -47 dBm
  BTS 0, TRX 0, Timeslot 0 CCCH+SDCCH4+CBCH, Lchan 2, Type CBCH, State CBCH - L1 MS Power: 0 dBm RXL-FULL-dl: -110 dBm RXL-FULL-ul: -110 dBm
  BTS 0, TRX 0, Timeslot 0 CCCH+SDCCH4+CBCH, Lchan 3, Type SDCCH, State ESTABLISHED - L1 MS Power: 16 dBm RXL-FULL-dl:  -47 dBm RXL-FULL-ul:  -47 dBm

With 'phys_chan_config SDCCH8+CBCH' and three phones simultaneously attaching,
I see:

  BTS 0, TRX 0, Timeslot 1 SDCCH8+CBCH, Lchan 0, Type SDCCH, State WAIT_RLL_RTP_ESTABLISH - L1 MS Power: 0 dBm RXL-FULL-dl: -110 dBm RXL-FULL-ul: -110 dBm
  BTS 0, TRX 0, Timeslot 1 SDCCH8+CBCH, Lchan 1, Type SDCCH, State WAIT_RLL_RTP_ESTABLISH - L1 MS Power: 0 dBm RXL-FULL-dl: -110 dBm RXL-FULL-ul: -110 dBm
  BTS 0, TRX 0, Timeslot 1 SDCCH8+CBCH, Lchan 2, Type CBCH, State CBCH - L1 MS Power: 0 dBm RXL-FULL-dl: -110 dBm RXL-FULL-ul: -110 dBm
  BTS 0, TRX 0, Timeslot 1 SDCCH8+CBCH, Lchan 3, Type SDCCH, State WAIT_RLL_RTP_ESTABLISH - L1 MS Power: 0 dBm RXL-FULL-dl: -110 dBm RXL-FULL-ul: -110 dBm

i.e. in all cases the CBCH lchan remains occupied and is not allocated as
SDCCH.

Detaching and re-attaching the BTS reliably brings back the CBCH state. Also
verified that changing the osmo-bsc config from telnet vty and dropping oml
followed by the BTS re-attaching brings back the CBCH state.

Change-Id: I2bafc5f696e818e38f8907ad0c8f38494df0623d
 2018-09-11 02:08:41 +02:00
Neels Hofmeyr 021971781d lchan_fsm: allow late RTP release events without erroring 
Change-Id: Ia463f97402b957bd13a95d18d291d1c1f006f089
 2018-09-10 00:51:35 +00:00
Neels Hofmeyr c21681d870 ho fsm: handle RR HO Failure for inter-BSC outgoing 
Before, this would ignore the failure and hit a timeout instead. Rather handle
the event directly.

Change-Id: I21c43d2907d0413ef18ec43cf27f680ebecf9e82
 2018-09-10 00:51:35 +00:00
Harald Welte 981f8b9347 CBCH: Fix gsm_bts_get_cbch() 
When the timeslot FSMs were introduced, the function gsm_bts_get_cbch()
was ported to use 'pchan_is'.  However, the function is called very
early, before pchan_is is actually initialized.

Let's make sure we're using the _configured_ channel combination
when resolving where the CBCH is (if any) in the BTS.

Ever since merging the timeslot FSMs and before this patch, SI4 would
never indicate the presence of a CBCH.

Change-Id: I6251b5f3e1180ad466e9349a1845e1b91f661c0b
Related: OS#3532
 2018-09-09 17:23:56 +02:00
Harald Welte 20703eb9dc CBCH: Fix SI4 CBCH IE generation 
When a CBCH is present in the cell, SI4 contains the channel description
of the CBCH.  As SI4 may be generated at a time when the underlying
timeslot is not configured yet, we need to generate the channel
description for the _configured_ channel combination, not the currently
used one.

Change-Id: Idbf9b8e4b1ef0e0348580b83f91355b3236d8609
Closes: OS#3532
 2018-09-09 17:23:56 +02:00
Harald Welte 24286f37b7 Introduce gsm48_lchan2chan_desc_as_configured() 
gsm48_lchan2chan_desc_as_configured() is similar to gsm48_lchan2chan_desc(),
but uses the *configured* channel combination, rather than the currently
active one.

Change-Id: Id4043218fb770e8420f19a4ef9428680ecdfd286
Related: OS#3532
 2018-09-09 17:23:56 +02:00
Harald Welte 251bec1e5d gsm48_lchan2chan_desc() belongs to gsm_data.h 
The function is defined in gsm_data.c, so it should be declared
in gsm_data.h and not in gsm_04_08_rr.h

Change-Id: I5200063fb43c857a984ea8e41a8485d796e49cde
 2018-09-09 17:23:56 +02:00
Harald Welte 0bc5365241 cbch: Don't send cell-broadcast command on BTS without CBCH channel 
Change-Id: I83d6b0b3eafd83e2c0fbdec81d9677ff0118db92
 2018-09-09 14:51:36 +02:00
Neels Hofmeyr 5ac4d800e5 inter-BSC HO outgoing: fix L3 forwarding 
Set msgb->l3h when composing the L3 message. Before this, the unset l3h
resulted in erratic size in the RSL L3 Info IE. This likely fixes inter-BSC
Handover on the outgoing side, to properly forward the RR Handover Command.

Change-Id: Ice37242c90c19adbf0795618fd16fe75f0809317
 2018-09-07 16:24:32 +02:00
Neels Hofmeyr a15dd1f9bd inter-BSC HO incoming: send BSSMAP HO Complete directly 
Before Handover is fully completed, the gscon remains in an INIT state. To send
back the BSSMAP Handover Complete message, use osmo_bsc_sigtran_send() directly
to not thwart the message due to the gscon state.

(The gscon state will change to ACTIVE right after that, once the handover FSM
is done.)

Change-Id: Ic48ae2bb23565015d5e2ccb56308fad09347b51a
 2018-09-07 16:24:32 +02:00
Neels Hofmeyr 320352f510 SCCPlite Assignment Complete: include Speech Codec (Chosen) 
Compose the Speech Codec (Chosen) IE not only for AoIP, but also for SCCPlite:
place the code that assigns the codec to sc_ptr outside of the gscon_is_aoip()
if scope.

This way the MSC is told the chosen speech codec, which is mandatory for IP
based user plane, and was missing until now.

Related: OS#3528
Change-Id: Ibedade8d71a7994d25a63bc2faa2a24a10bfffa1
 2018-09-07 16:24:32 +02:00
Pau Espin c3751a3897 codec_pref.c: Add comment in expected switch case without break 
Change-Id: I568353f070f049003326306106dce89b35deb92f
 2018-09-07 09:10:59 +00:00
Philipp Maier 5aac651cee assignment: remove unnecessary call to gsm0808_speech_codec_from_chan_type() 
There is a function call to gsm0808_speech_codec_from_chan_type() after
an if construct that checks if we need voice and if we need it if it is
related to an AoIP connection.

However, at the moment we call gsm0808_speech_codec_from_chan_type() all
the time, even when just figured out that we don't need to. Presumably
this is a refactory leftover. Lets remove the excess function call.

Change-Id: I34d9281944b36cd89ad8e1c5774f0ea80fdfadc8
 2018-09-06 11:34:28 +00:00
Pau Espin 9134d330f6 codec_pref: Log HR2 specifically as never specified 
Change-Id: Ia7d6545710b4bf609c2872e13dcb3b44abfc604e
 2018-09-04 17:43:41 +00:00
Pau Espin c0b6dd000e codec_pref: Log unsupported codec name used 
Change-Id: If3ed8ba3bad7c927ed0efc908c005cd308e304e6
 2018-09-04 13:08:03 +00:00
Neels Hofmeyr dd6849da18 lchan: pick proper power and ta values 
When activating an lchan, the power levels should be maximum and TA zero. Only
if a new lchan is assigned within the same cell does it make sense to take over
the previous power and TA levels.

In LCHAN_EV_ACTIVATE:

- Separate the code that copies previous encryption data. This should happen
  regardless of whether we're staying in the same cell or not.

- For the power,TA levels, take over an old lchan's values only when it is
  assigning a new lchan in the same cell.

Change-Id: I360b003398487fa6f934296ff03643c33ec61a35
 2018-08-29 14:14:32 +02:00
Neels Hofmeyr f213fcbd43 cosmetic: lchan activ: drop todo comments 
Drop the todo comments about "for_conn->encr". I have intended that as an idea
to store encryption info in the conn instead of the lchan, which might make
sense, but there's no use in these comments.

Change-Id: I47e90062c784dd7919fff3115e2bee3314b30cd5
 2018-08-29 14:13:44 +02:00
Neels Hofmeyr 8d4faf10cd cosmetic: lchan activ: no need to clear mr again 
In lchan state UNUSED, on activating an lchan, we zero out the lchan->mr_ms_lv
and mr_bts_lv. However, in UNUSED's onenter function, we already called
lchan_reset(), clearing out the lchan completely.

Drop two lines of unnecessary code.

Change-Id: I8b38f222f1c8c822e8e5e776850dbc60e30e8b8d
 2018-08-29 13:58:42 +02:00
Neels Hofmeyr 6ba4058d56 fix dependency bug: include mgcp_client/, not mgcp/ 
In osmo_bsc_sigtran.c, instead of osmocom/mgcp/mgcp_common.h, include the same
file from mgcp_client/. (mgcp_common.h is identically installed both by
libosmo-mgcp and libosmo-mgcp-client, in their respective include dir.)

Trying to include from mgcp/ breaks the debian package builds, since only
libosmo-mgcp-client is installed as per osmo-bsc dependencies. The error was
introduced by:

commit d8f46c0074
"MGCP: add 'X-Osmo-IGN: C' for SCCPlite by default"
change id I257ad574d8060fef19afce9798bd8a5a7f8c99fe

Change-Id: I917b0c08ed91172ecb68c946aecb02c5109fcced
 2018-08-29 13:31:57 +02:00
Neels Hofmeyr e706a15e33 log: tweaks and more context in osmo_bsc_sigtran_send() 
Change-Id: I3d51f17b0f6ceb0e5237b4d6d5252c701fc2fe6b
 2018-08-29 02:02:10 +02:00
Neels Hofmeyr 128600c561 inter-BSC HO: send failure msg directly 
If inter-BSC HO failed, the conn is by definition not in an active state, and
hence it makes no sense to verify the gscon FSM state before sending. Directly
call osmo_bsc_sigtran_send().

Change-Id: Ic49c94462041800674fa961c4d19c0c045bfe0c0
 2018-08-29 02:02:10 +02:00
Neels Hofmeyr 721c762e3b log: 'sending BSSMAP HO Request ACK' 
Change-Id: Ie472c32861d9c9ca9ebec0221837030ffd83c73a
 2018-08-29 02:02:10 +02:00
Neels Hofmeyr 1752ab3285 log: lchan_rtp_fsm: add missing '\n' 
Change-Id: Ifa46295ef23cf3728bc946fe27b34f0607a24c9e
 2018-08-29 02:02:10 +02:00
Neels Hofmeyr 193c1e3ab0 lchan_fsm: safer 'concluded' flag 
The flag lchan->activate.concluded prevents entering the
lchan_on_fully_established()/lchan_on_activation_failure() more than once. So
far it was checked by callers, instead place in the functions themselves.

There is a potential functional change here, since during lchan_fail(), the
concluded flag was set only after entering lchan_on_activation_failure(). Now
it is already set at the start and prevents multiple re-entry beyond doubt.

This patch is not a result of an actual observed faulty behavior, just from
reading the code and seeing the slight loophole.

Change-Id: I0c906438b05442d66255203eb816453b7193a6d8
 2018-08-29 02:02:10 +02:00
Neels Hofmeyr e23e1aeec2 cosmetic: lchan_fsm failure: log about state transitions 
Early on during failure, log which state transition is intended after failure
handling.

If such state is already reached after failure handling, do not log "state
transition not permitted", but rather skip the state change and log "Already in
state X".

Change-Id: I81f53b38637823e62860cb773b7573bb5c21fdb0
 2018-08-29 02:02:10 +02:00
Neels Hofmeyr 3ea8baeab0 lchan_fsm: lchan_fail_to(): store target state early 
lchan_fail_to() is a macro to preserve useful source file:line information in
logging. But a side effect is that its target state argument might evaluate
differently at the end of the macro, if, say, the fi->state has changed.

I hit such an instance on timeout of WAIT_RLL_RTP_ESTABLISH:
lchan_fsm_timer_cb() calls macro lchan_fail(), which calls
lchan_fail_to(lchan_fsm_on_error[fi->state]). Unlike for normal function
invocation, this argument changes as fi->state changes. Since releasing the
lchan_rtp_fsm already transitions the lchan fi into WAIT_RF_RELEASE_ACK, the
final state change of lchan_fail_to() suddenly evaluates to the broken state
instead of the intended WAIT_RF_RELEASE_ACK.

Early in lchan_fail_to(), store the argument's value as of macro invocation.

Change-Id: Id9bf4580a112ee5629f553a8bcb6b5b03b1c5f53
 2018-08-29 02:02:10 +02:00
Neels Hofmeyr d8b41fc677 inter-BSC HO incoming: drop old/wrong RTP port code 
Drop nonsensical legacy code.

The Circuit Identifier Code in A/SCCPlite does *not* indicate the RTP port to
use. Rather, it indicates the MGW endpoint name to use when configuring the
BSC's side of the MGW endpoint, and only the MGW will ever know the RTP port.

Change-Id: I471bd5e5cc2a083dd37290aeaae5c334ca5f7eed
 2018-08-29 02:02:10 +02:00
Neels Hofmeyr 4c6d3ea513 inter-BSC HO incoming: continue despite missing Classmark 
3GPP mandates either Classmark Information 1 or 2 in BSSMAP Handover Request,
but an SCCPlite MSC currently tested does not pass either of them. Make this
missing IE a non-fatal error, continuing anyway should work out.

See 3GPP TS 48.008, 3.2.1.8 HANDOVER REQUEST, where it says "Classmark
Information 1 or Classmark Information 2" with note 6: "One of these two
elements is sent."

Change-Id: I34d64b028210b4df8652fee1a8830ec4a4e3ac11
 2018-08-29 02:02:10 +02:00
Neels Hofmeyr 4122c15ea9 neighbor_ident_vty.c: fix CI format, should be 16bit 
In the 'lac-ci' and 'cgi' neighbor identity VTY parameters, fix the CI part to
<0-65535>.

Use 65535 as CI in the neighbor_ident.vty test to verify the range.

Change-Id: Ie93bfe176b9d2d9445966e4ab0b928b9aa62a77f
 2018-08-29 02:00:33 +02:00
Neels Hofmeyr a7b88414fb cosmetic: neighbor_ident_vty.c: add and use common string defs 
The "bts", "lac" and "lac-ci" VTY parameters and documentation are used more
than once in this file. Define once and re-use.

Prepares cosmetically for a fix of the CI format in upcoming
Ie93bfe176b9d2d9445966e4ab0b928b9aa62a77f.

Change-Id: I88a377c6d77c5f18877343f84f7a26f851a427ff
 2018-08-27 00:48:26 +02:00
Neels Hofmeyr d8f46c0074 MGCP: add 'X-Osmo-IGN: C' for SCCPlite by default 
Use libosmo-mgcp-client's new X-Osmo-IGN header to indicate that CallIDs are
allowed to mismatch.

Add VTY commands 'msc' / 'mgw x-osmo-ign call-id' and 'no mgw x-osmo-ign' to
switch this behavior explicitly.

For SCCPlite MSCs, unless a specific config was issued, always send
'X-Osmo-IGN: C' by default, to ignore CallID mismatches.

Depends: Id7ae275ffde8ea9389270cfe3db087ee8db00b51 (osmo-mgw)
Change-Id: I257ad574d8060fef19afce9798bd8a5a7f8c99fe
 2018-08-25 17:07:20 +02:00
Pau Espin 24f2f55132 abis_nm_ipaccess_rsl_connect: Log bts and trx nr 
Change-Id: I0c895a44527d5396d3dabb273e000acd86aece1c
 2018-08-23 17:20:09 +02:00
Pau Espin 9862bcb5cd Fix heap-use-after-free due to OML link destruction 
ipaccess_drop_oml was being called inside an osmo_fd cb context, were
-EBADF must be returned if the structure holding the osmo_fd is freed.
In the middle of the path (see OS#3495 for path tree) it goes through a
signal dispatch, so it's impossible to make sure we return some value to
the osmo_fd cb. As a result, it is required to defer dropping the OML
Link from current code path and do it through a timer.

Fixes following ASan report:
20180822124927913  <0004> abis_nm.c:787 OC=RADIO-CARRIER(02) INST=(00,00,ff): CHANGE ADMINISTRATIVE STATE NACK CAUSE=Message cannot be performed
20180822124927913  <0004> osmo_bsc_main.c:186 Got CHANGE ADMINISTRATIVE STATE NACK going to drop the OML links.
20180822124927913  <0015> bts_ipaccess_nanobts.c:406 (bts=0) Dropping OML link.
...
=================================================================
==17607==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e000060a68 at pc 0x7f5ea8e27086 bp 0x7ffde92b6d80 sp 0x7ffde92b6d78
READ of size 8 at 0x62e000060a68 thread T0
    #0 0x7f5ea8e27085 in handle_ts1_write input/ipaccess.c:371
    #1 0x7f5ea8e27085 in ipaccess_fd_cb input/ipaccess.c:391
    #2 0x7f5ea9147ca8 in osmo_fd_disp_fds libosmocore/src/select.c:217
    #3 0x7f5ea9147ca8 in osmo_select_main libosmocore/src/select.c:257
    #4 0x555813ab79d6 in main osmo-bsc/osmo_bsc_main.c:922
    #5 0x7f5ea76d02e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
    #6 0x555813ab84e9 in _start (/bin/osmo-bsc+0x34d4e9)

Fixes: OS#3495
Change-Id: I7c794c763481c28e8c35dc9b11d27969e16feb3c
 2018-08-23 16:47:30 +02:00
Neels Hofmeyr 5f0a63d678 fix lchan_rtp_fsm: missing event handling 
Release and Rollback events are allowed but unhandled in states
WAIT_MGW_CONFIGURED and ROLLBACK, and hence would result in an assertion. Add
handling in these states.

Change-Id: Iab233c592384902098644eee27bb8445fde3aa6f
 2018-08-22 19:56:35 +00:00
Pau Espin dcbcbad374 abis_nm: Fix trailing whitespacing 
Change-Id: Ia434b349e85019d2224a6f9a699058dccc6072dc
 2018-08-22 12:25:44 +02:00
Pau Espin 889e0169a7 abis_nm: Fix heap-use-after-free in abis_nm_set_channel_attr 
LOGPFOH uses the msgb through "foh", so we have to free msgb after
calling it, not before.

Fixes following ASAN report:
20180822120155990 DNM <0004> abis_nm.c:1889 OC=CHANNEL(03) INST=(00,01,06): Set Chan Attr (bts=0,trx=1,ts=6)
=================================================================
==16465==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a00002b3f0 at pc 0x7f587f44c0db bp 0x7ffc59e31df0 sp 0x7ffc59e31de8
READ of size 1 at 0x61a00002b3f0 thread T0
    #0 0x7f587f44c0da in abis_nm_dump_foh libosmocore/src/gsm/abis_nm.c:937
    #1 0x561e09e1532c in abis_nm_set_channel_attr osmo-bsc/src/osmo-bsc/abis_nm.c:1892
    #2 0x561e09efd269 in nm_statechg_event osmo-bsc/src/osmo-bsc/bts_ipaccess_nanobts.c:168
    #3 0x561e09efd269 in bts_ipa_nm_sig_cb osmo-bsc/src/osmo-bsc/bts_ipaccess_nanobts.c:335
    #4 0x7f587efb3d16 in osmo_signal_dispatch libosmocore/src/signal.c:120
    #5 0x561e09e18e31 in abis_nm_rx_statechg_rep osmo-bsc/src/osmo-bsc/abis_nm.c:255
    #6 0x561e09e18e31 in abis_nm_rcvmsg_report osmo-bsc/src/osmo-bsc/abis_nm.c:380
    #7 0x561e09e18e31 in abis_nm_rcvmsg_fom osmo-bsc/src/osmo-bsc/abis_nm.c:778
    #8 0x561e09e1dc19 in abis_nm_rcvmsg osmo-bsc/src/osmo-bsc/abis_nm.c:926
    #9 0x7f587ec90cc2 in handle_ts1_read input/ipaccess.c:274
    #10 0x7f587ec90cc2 in ipaccess_fd_cb input/ipaccess.c:389
    #11 0x7f587efb1ca8 in osmo_fd_disp_fds libosmocore/src/select.c:217
    #12 0x7f587efb1ca8 in osmo_select_main libosmocore/src/select.c:257
    #13 0x561e09e049d6 in main osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:922
    #14 0x7f587d53a2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
    #15 0x561e09e054e9 in _start (/bin/osmo-bsc+0x34d4e9)

Fixes: OS#3494
Change-Id: I030117abfdcee387516a4dea7e1e6a9bae8055f6
 2018-08-22 12:25:44 +02:00
Neels Hofmeyr c649c3fe8e use __FILE__, not __BASE_FILE__ 
The intention was to use the file's basename, but __BASE_FILE__ means "the root
file that is being parsed and contains #include statements".

If we had a function using __BASE_FILE__ and that was defined in an #included
file, __BASE_FILE__ would indicate the first file where the #include is, and
not the file where the function is defined. __BASE_FILE__ works for us because
we don't ever include function definitions that log something, so __BASE_FILE__
always coincides with __FILE__ for our logging; but still __BASE_FILE__ is
semantically the wrong constant.

Related: OS#2740
Change-Id: Ic6d9dafc96c9d467ae53be2cd41adcf26a4e5125
 2018-08-20 12:40:43 +02:00
Pau Espin 4db98554fd bsc: Use libosmocore API to track osmo_signal structs 
libosmocore recently had the new API introduced for this purpose.

Depends: libosmocore Change-Id Id58ca18eb826b8f4183a7cf0dbb2b38cba702a09
Change-Id: Id07260635327617f8da5050af1e906891a89c530
 2018-08-17 07:06:08 +00:00