cellular-infrastructure
/
osmo-bsc
mirror of https://gerrit.osmocom.org/osmo-bsc
9
0
Fork 0
Code Issues Releases Wiki Activity
6,653 Commits 65 Branches 117 Tags 59 MiB
Commit Graph

4 Commits

Author SHA1 Message Date
Pau Espin 889e0169a7 abis_nm: Fix heap-use-after-free in abis_nm_set_channel_attr 
LOGPFOH uses the msgb through "foh", so we have to free msgb after
calling it, not before.

Fixes following ASAN report:
20180822120155990 DNM <0004> abis_nm.c:1889 OC=CHANNEL(03) INST=(00,01,06): Set Chan Attr (bts=0,trx=1,ts=6)
=================================================================
==16465==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a00002b3f0 at pc 0x7f587f44c0db bp 0x7ffc59e31df0 sp 0x7ffc59e31de8
READ of size 1 at 0x61a00002b3f0 thread T0
    #0 0x7f587f44c0da in abis_nm_dump_foh libosmocore/src/gsm/abis_nm.c:937
    #1 0x561e09e1532c in abis_nm_set_channel_attr osmo-bsc/src/osmo-bsc/abis_nm.c:1892
    #2 0x561e09efd269 in nm_statechg_event osmo-bsc/src/osmo-bsc/bts_ipaccess_nanobts.c:168
    #3 0x561e09efd269 in bts_ipa_nm_sig_cb osmo-bsc/src/osmo-bsc/bts_ipaccess_nanobts.c:335
    #4 0x7f587efb3d16 in osmo_signal_dispatch libosmocore/src/signal.c:120
    #5 0x561e09e18e31 in abis_nm_rx_statechg_rep osmo-bsc/src/osmo-bsc/abis_nm.c:255
    #6 0x561e09e18e31 in abis_nm_rcvmsg_report osmo-bsc/src/osmo-bsc/abis_nm.c:380
    #7 0x561e09e18e31 in abis_nm_rcvmsg_fom osmo-bsc/src/osmo-bsc/abis_nm.c:778
    #8 0x561e09e1dc19 in abis_nm_rcvmsg osmo-bsc/src/osmo-bsc/abis_nm.c:926
    #9 0x7f587ec90cc2 in handle_ts1_read input/ipaccess.c:274
    #10 0x7f587ec90cc2 in ipaccess_fd_cb input/ipaccess.c:389
    #11 0x7f587efb1ca8 in osmo_fd_disp_fds libosmocore/src/select.c:217
    #12 0x7f587efb1ca8 in osmo_select_main libosmocore/src/select.c:257
    #13 0x561e09e049d6 in main osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:922
    #14 0x7f587d53a2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
    #15 0x561e09e054e9 in _start (/bin/osmo-bsc+0x34d4e9)

Fixes: OS#3494
Change-Id: I030117abfdcee387516a4dea7e1e6a9bae8055f6
 2018-08-22 12:25:44 +02:00
Neels Hofmeyr 629a43a4c2 various logging: fix missing/extra newlines 
Change-Id: Id2619d0d45eb2686246c03643b4a578392a54cfe
 2018-07-23 01:29:23 +02:00
Neels Hofmeyr f0ff9a6711 fix dyn TS init: properly identify BTS on OML OPSTART ACK 
Commit "dyn ts, bts_ipaccess_nanobts.c: init PDCH on Chan OPSTART ACK"
bf7099262a Icf6e25ff068e8a2600562d52726ead65e864ec02
introduced signal S_NM_OPSTART_ACK and passed the FOM header to identify the BTS
by. But the FOM header's BTS number is zero on each Abis/IP link, and the BTS
and TRX are actually identified by msgb->dst == e1inp_sign_link, member trx. So
the initial implementation associated *all* Channel OPSTART ACKs with BTS 0.

Pass the entire msgb as S_NM_OPSTART_ACK signal argument, implement a
abis_nm_get_ts() to retrieve the proper timeslot and use that during timeslot
init.

Related: OS#3351 OS#3205
Change-Id: I45ce5c24cb62d00f350df1af1be6c11104d74193
 2018-06-15 21:00:31 +02:00
Neels Hofmeyr 958f259f95 dissolve libbsc: move all to src/osmo-bsc, link .o files 
Move all of libbsc/ into osmo-bsc/, and separate/move some implementations to
allow linking from utils/* and ipaccess/* without pulling in unccessary
dependencies.

Some utilities use gsm_network and gsm_bts structs, which already include data
structures for fairly advanced uses. Move initialization that only osmo-bsc
needs into new bsc_network_init() and bsc_bts_alloc_register() functions, so
that the leaner tools can use the old gsm_* versions without the need to link
everything (e.g. handover and lchan alloc code).

In some instances, there need to be stubs if to cut off linking "just before
the RSL level" and prevent dependencies from creeping in.
- abis_rsl_rcvmsg(): the only program currently interpreting RSL messages is
  osmo-bsc, the utils are merely concerned with OML, if at all.
- paging_flush_bts(): ip.access nanobts models call this when the RSL link is
  dropped. Only osmo-bsc actually needs to do anything there.
- on_gsm_ts_init(): the mechanism to trigger timeslot initialization is related
  to OML, while this action to take on init would pull in RSL dependencies.
utils/ and ipaccess/ each have a stubs.c file to implement these stubs. Tests
implement stubs inline where required.

From src/utils/, src/ipaccess/ and tests/*/, link in .o files from osmo-bsc/.
In order for this to work, the osmo-bsc subdir must be built before the other
source trees. (An alternative would be to include the .c files as sources, but
that would re-compile them in every source tree. Not a large burden really, but
unless linking .o files gives problems, let's have the quicker build.)

Minor obvious cleanups creep in with this patch, I will not bother to name them
individually now unless code review asks me to.

Rationale:

1) libbsc has been separate to use it for osmo-nitb and osmo-bsc in the old
openbsc.git. This is no longer required, and spreading over libbsc and osmo-bsc
is distracting.

2) Recently, ridiculous linking requirements have made adding new functions
cumbersome, because libbsc has started depending on osmo-bsc/*.c
implementations: on gscon FSM and bssap functions. For example, neither
bs11_config nor ipaccess-config nor bts_test need handover_cfg or BSSMAP
message composition. It makes no sense to link the entire osmo-bsc to it, nor
do we want to keep adding stubs to each linking realm.

Change-Id: I36a586726f5818121abe54d25654819fc451d3bf
 2018-06-07 19:09:06 +02:00