Osmocom's Base Station Controller for 2G mobile networks
https://osmocom.org/projects/osmobsc
Pau Espin
9862bcb5cd
ipaccess_drop_oml was being called inside an osmo_fd cb context, were
-EBADF must be returned if the structure holding the osmo_fd is freed.
In the middle of the path (see OS#3495 for path tree) it goes through a
signal dispatch, so it's impossible to make sure we return some value to
the osmo_fd cb. As a result, it is required to defer dropping the OML
Link from current code path and do it through a timer.
Fixes following ASan report:
20180822124927913 <0004> abis_nm.c:787 OC=RADIO-CARRIER(02) INST=(00,00,ff): CHANGE ADMINISTRATIVE STATE NACK CAUSE=Message cannot be performed
20180822124927913 <0004> osmo_bsc_main.c:186 Got CHANGE ADMINISTRATIVE STATE NACK going to drop the OML links.
20180822124927913 <0015> bts_ipaccess_nanobts.c:406 (bts=0) Dropping OML link.
...
=================================================================
==17607==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e000060a68 at pc 0x7f5ea8e27086 bp 0x7ffde92b6d80 sp 0x7ffde92b6d78
READ of size 8 at 0x62e000060a68 thread T0
#0 0x7f5ea8e27085 in handle_ts1_write input/ipaccess.c:371
#1 0x7f5ea8e27085 in ipaccess_fd_cb input/ipaccess.c:391
#2 0x7f5ea9147ca8 in osmo_fd_disp_fds libosmocore/src/select.c:217
#3 0x7f5ea9147ca8 in osmo_select_main libosmocore/src/select.c:257
#4 0x555813ab79d6 in main osmo-bsc/osmo_bsc_main.c:922
#5 0x7f5ea76d02e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#6 0x555813ab84e9 in _start (/bin/osmo-bsc+0x34d4e9)
Fixes: OS#3495
Change-Id: I7c794c763481c28e8c35dc9b11d27969e16feb3c
|
||
|---|---|---|
| contrib | ||
| debian | ||
| doc | ||
| include | ||
| m4 | ||
| src | ||
| tests | ||
| .gitignore | ||
| .gitreview | ||
| .mailmap | ||
| AUTHORS | ||
| COPYING | ||
| Makefile.am | ||
| README | ||
| README.vty-tests | ||
| configure.ac | ||
| git-version-gen | ||
| osmoappdesc.py | ||
README
About OsmoBSC ============= OsmoBSC originated from the OpenBSC project, which started as a minimalistic all-in-one implementation of the GSM Network. In 2017, OpenBSC had reached maturity and diversity (including M3UA SIGTRAN and 3G support in the form of IuCS and IuPS interfaces) that naturally lead to a separation of the all-in-one approach to fully independent separate programs as in typical GSM networks. OsmoBSC was one of the parts split off from the old openbsc.git. Before, it worked as a standalone osmo-bsc binary as well as a combination of libbsc and libmsc, i.e. the old OsmoNITB. Since the standalone OsmoMSC with a true A interface (and IuCS for 3G support) is available, OsmoBSC exists only as a separate standalone entity. OsmoBSC exposes - A over IP towards an MSC (e.g. OsmoMSC); - Abis interfaces towards various kinds of BTS; - The Osmocom typical telnet VTY and CTRL interfaces. Find OsmoBSC issue tracker and wiki online at https://osmocom.org/projects/osmobsc https://osmocom.org/projects/osmobsc/wiki OsmoBSC-NAT is a specialized solution to navigating RTP streams through a NAT. (Todo: describe in more detail)