cellular-infrastructure
/
osmo-hnbgw
mirror of https://gerrit.osmocom.org/osmo-hnbgw
9
0
Fork 0
Code Issues Releases Wiki Activity
Osmocom Home NodeB Gateway, for attaching femtocells to the 3G CN (OsmoMSC, OsmoSGSN) https://osmocom.org/projects/osmohnbgw
87 Commits 20 Branches 6 Tags 4.4 MiB
C 94.5%
M4 1.9%
Shell 1.8%
Makefile 1.6%
Python 0.2%
Go to file
Neels Hofmeyr 28619961a9 fix segfault on MGCP timeout 
bisect shows that the segfault was introduced by using the MGCP client
pool:

 e62af4d46a is the first bad commit
 Author: Pau Espin Pedrol <pespin@sysmocom.de>
    Introduce support for libosmo-mgcp-client MGW pooling
    Change-Id I371dc773b58788ee21037dc25d77f556c89c6b61

The segfault:

 20230117224550365 DLMGCP DEBUG MGCP_CONN(to-HNB)[0x612000003ca0]{ST_CRCX_RESP}: Timeout of T1 (fsm.c:317)
 [...]
 20230117224550366 DLMGCP DEBUG mgw-endp(mgw-fsm-14429752-0)[0x612000003b20]{WAIT_MGW_RESPONSE}: Deallocated (fsm.c:568)
 20230117224550366 DMGW DEBUG mgw(mgw-fsm-14429752-0)[0x612000003820]{MGW_ST_CRCX_HNB}: Received Event MGW_EV_MGCP_TERM (mgcp_client_endpoint_fsm.c:869)
 =================================================================
 ==255699==ERROR: AddressSanitizer: heap-use-after-free on address 0x62b000000260 at pc 0x7f282a6ee143 bp 0x7fff0d9bcae0 sp 0x7fff0d9bcad8
 READ of size 8 at 0x62b000000260 thread T0
     #0 0x7f282a6ee142 in osmo_mgcpc_ep_client ../../../../src/osmo-mgw/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:223
     #1 0x55e2a84f1889 in mgw_fsm_allstate_action ../../../../src/osmo-hnbgw/src/osmo-hnbgw/mgw_fsm.c:504
     #2 0x7f2829d50c56 in _osmo_fsm_inst_dispatch ../../../src/libosmocore/src/fsm.c:863
     #3 0x7f2829d55a08 in _osmo_fsm_inst_term ../../../src/libosmocore/src/fsm.c:962
     #4 0x7f282a72679a in osmo_mgcpc_ep_fsm_check_state_chg_after_response ../../../../src/osmo-mgw/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:869
     #5 0x7f282a6f1869 in on_failure ../../../../src/osmo-mgw/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:414
     #6 0x7f282a727ac6 in osmo_mgcpc_ep_fsm_handle_ci_events ../../../../src/osmo-mgw/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:935
 [...]

When a CRCX times out, MGCP_CONN fsm terminates (libosmo-mgcp-client).
In turn the parent mgw-endp fsm terminates (libosmo-mgcp-client).
This generates an MGW_EV_MGCP_TERM event to the mgw_fsm (osmo-ttcn3-hacks).
This attempts to retrieve a pointer from mgw_fsm state:
mgw_fsm_priv->mgcpc_ep->mgcp_client
where the middle one, mgcpc_ep, is the 'mgw-endp' that already deallocated above.

To fix, add to /osmo-hnbgw/mgw_fsm.c a separate pointer to the
mgcp_client, to call mgcp_client_pool_put() on it. Do not use mgcpc_ep
to get the mgcp_client, because mgcpc_ep deallocates independently.

Related: OS#5862
Change-Id: I460d7249f4fc7edcfd94f6084fc8f933b491520c
 		2023-01-17 23:39:46 +01:00
contrib Set working directory in systemd service file 2022-08-30 19:48:37 +07:00
debian debian,RPM: package with PFCP support 2022-08-27 16:02:51 +00:00
doc doc: Include mgwpool.adoc from osmo-gsm-manuals 2022-10-20 17:15:16 +02:00
include Introduce support for libosmo-mgcp-client MGW pooling 2022-10-20 17:03:06 +02:00
src fix segfault on MGCP timeout 2023-01-17 23:39:46 +01:00
tests Introduce support for libosmo-mgcp-client MGW pooling 2022-10-20 17:03:06 +02:00
.gitignore Initial structure + import code from osmo-iuh.git 2022-01-04 19:48:52 +01:00
.gitreview Initial structure + import code from osmo-iuh.git 2022-01-04 19:48:52 +01:00
AUTHORS Initial structure + import code from osmo-iuh.git 2022-01-04 19:48:52 +01:00
COPYING Initial structure + import code from osmo-iuh.git 2022-01-04 19:48:52 +01:00
Makefile.am Initial structure + import code from osmo-iuh.git 2022-01-04 19:48:52 +01:00
README.md update URLs (git -> https; gitea) 2022-06-18 14:02:41 +02:00
TODO-RELEASE Clear SCTP tx queue upon SCTP RESTART notification 2022-10-17 13:57:17 +02:00
configure.ac do not depend on libosmo-gtlv 2022-09-14 13:27:27 +02:00
git-version-gen Initial structure + import code from osmo-iuh.git 2022-01-04 19:48:52 +01:00
osmoappdesc.py Initial structure + import code from osmo-iuh.git 2022-01-04 19:48:52 +01:00

README.md

osmo-hnbgw - Osmocom hNodeB Implementation

This repository contains a C-language implementation of a 3G Home NodeB Gateway (OsmoHNBGW). It is part of the Osmocom Open Source Mobile Communications project.

You can use it to interface Iuh-speaking Home NodeB (HnodeB), such as osmo-hnodeb or ip.access nano3g, to Iu-speaking MSCs and SGSNs.

Homepage

The official homepage of the project is https://osmocom.org/projects/osmohnbgw/wiki

GIT Repository

You can clone from the official osmo-hnbgw.git repository using

git clone https://gitea.osmocom.org/cellular-infrastructure/osmo-hnbgw

There is a web interface at https://gitea.osmocom.org/cellular-infrastructure/osmo-hnbgw

Documentation

User Manuals and VTY reference manuals are [optionally] built in PDF form as part of the build process.

Pre-rendered PDF version of the current "master" can be found at User Manual as well as the VTY Reference Manual

Mailing List

Discussions related to osmo-hnbgw are happening on the openbsc@lists.osmocom.org mailing list, please see https://lists.osmocom.org/mailman/listinfo/openbsc for subscription options and the list archive.

Please observe the Osmocom Mailing List Rules when posting.

Contributing

Our coding standards are described at https://osmocom.org/projects/cellular-infrastructure/wiki/Coding_standards

We us a gerrit based patch submission/review process for managing contributions. Please see https://osmocom.org/projects/cellular-infrastructure/wiki/Gerrit for more details

The current patch queue for osmo-hnbgw can be seen at https://gerrit.osmocom.org/#/q/project:osmo-hnbgw+status:open