From 36a53b9cfc29e89120e80c102a222c8c99e4576f Mon Sep 17 00:00:00 2001 From: Andre Puschmann Date: Thu, 1 Feb 2018 15:44:42 +0100 Subject: [PATCH 1/6] fix coverity issue --- srsenb/test/upper/ip_test.cc | 33 ++++++++++++--------------------- srsue/hdr/metrics_stdout.h | 1 - 2 files changed, 12 insertions(+), 22 deletions(-) diff --git a/srsenb/test/upper/ip_test.cc b/srsenb/test/upper/ip_test.cc index 1d8423b9d..deceb486e 100644 --- a/srsenb/test/upper/ip_test.cc +++ b/srsenb/test/upper/ip_test.cc @@ -590,15 +590,15 @@ int main(int argc, char *argv[]) /******************* This is copied from srsue gw **********************/ int setup_if_addr(char *ip_addr) { - char *dev = (char*) "tun_srsenb"; + int sock = 0; // Construct the TUN device int tun_fd = open("/dev/net/tun", O_RDWR); if(0 > tun_fd) { perror("open"); - return(-1); + return SRSLTE_ERROR; } struct ifreq ifr; @@ -609,30 +609,23 @@ int setup_if_addr(char *ip_addr) if(0 > ioctl(tun_fd, TUNSETIFF, &ifr)) { perror("ioctl1"); - close(tun_fd); - return -1; + goto clean_exit; } // Bring up the interface - int sock = socket(AF_INET, SOCK_DGRAM, 0); + sock = socket(AF_INET, SOCK_DGRAM, 0); if(0 > ioctl(sock, SIOCGIFFLAGS, &ifr)) { perror("socket"); - close(sock); - close(tun_fd); - return -1; + goto clean_exit; } ifr.ifr_flags |= IFF_UP | IFF_RUNNING; if(0 > ioctl(sock, SIOCSIFFLAGS, &ifr)) { perror("ioctl2"); - close(sock); - close(tun_fd); - return -1; + goto clean_exit; } - close(sock); - // Setup the IP address sock = socket(AF_INET, SOCK_DGRAM, 0); ifr.ifr_addr.sa_family = AF_INET; @@ -640,21 +633,19 @@ int setup_if_addr(char *ip_addr) if(0 > ioctl(sock, SIOCSIFADDR, &ifr)) { perror("ioctl"); - close(sock); - close(tun_fd); - return -1; + goto clean_exit; } ifr.ifr_netmask.sa_family = AF_INET; ((struct sockaddr_in *)&ifr.ifr_netmask)->sin_addr.s_addr = inet_addr("255.255.255.0"); if(0 > ioctl(sock, SIOCSIFNETMASK, &ifr)) { perror("ioctl"); - close(sock); - close(tun_fd); - return -1; + goto clean_exit; } - - close(sock); return(tun_fd); + +clean_exit: + close(tun_fd); + return SRSLTE_ERROR; } diff --git a/srsue/hdr/metrics_stdout.h b/srsue/hdr/metrics_stdout.h index cd19e7f16..01f28f35e 100644 --- a/srsue/hdr/metrics_stdout.h +++ b/srsue/hdr/metrics_stdout.h @@ -57,7 +57,6 @@ private: std::string float_to_eng_string(float f, int digits); std::string int_to_eng_string(int f, int digits); - float metrics_report_period; bool do_print; uint8_t n_reports; ue_metrics_interface* ue; From 8e1aa0edd81b5e347712d5a1cb6e2d59e9eb4dd4 Mon Sep 17 00:00:00 2001 From: Andre Puschmann Date: Thu, 1 Feb 2018 15:44:58 +0100 Subject: [PATCH 2/6] temporary mod to print RLC config in warning mode --- lib/src/upper/rlc.cc | 2 +- lib/src/upper/rlc_am.cc | 2 +- lib/src/upper/rlc_um.cc | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/src/upper/rlc.cc b/lib/src/upper/rlc.cc index e9c84e456..a626f3002 100644 --- a/lib/src/upper/rlc.cc +++ b/lib/src/upper/rlc.cc @@ -248,7 +248,7 @@ void rlc::add_bearer(uint32_t lcid, srslte_rlc_config_t cnfg) } if (!rlc_array[lcid].active()) { - rlc_log->info("Adding radio bearer %s with mode %s\n", + rlc_log->warning("Adding radio bearer %s with mode %s\n", rrc->get_rb_name(lcid).c_str(), liblte_rrc_rlc_mode_text[cnfg.rlc_mode]); switch(cnfg.rlc_mode) { diff --git a/lib/src/upper/rlc_am.cc b/lib/src/upper/rlc_am.cc index f668b18d4..6905151f0 100644 --- a/lib/src/upper/rlc_am.cc +++ b/lib/src/upper/rlc_am.cc @@ -83,7 +83,7 @@ void rlc_am::init(srslte::log *log_, void rlc_am::configure(srslte_rlc_config_t cfg_) { cfg = cfg_.am; - log->info("%s configured: t_poll_retx=%d, poll_pdu=%d, poll_byte=%d, max_retx_thresh=%d, " + log->warning("%s configured: t_poll_retx=%d, poll_pdu=%d, poll_byte=%d, max_retx_thresh=%d, " "t_reordering=%d, t_status_prohibit=%d\n", rrc->get_rb_name(lcid).c_str(), cfg.t_poll_retx, cfg.poll_pdu, cfg.poll_byte, cfg.max_retx_thresh, cfg.t_reordering, cfg.t_status_prohibit); diff --git a/lib/src/upper/rlc_um.cc b/lib/src/upper/rlc_um.cc index 6990a2798..213e8c840 100644 --- a/lib/src/upper/rlc_um.cc +++ b/lib/src/upper/rlc_um.cc @@ -81,18 +81,18 @@ void rlc_um::configure(srslte_rlc_config_t cnfg_) switch(cnfg_.rlc_mode) { case LIBLTE_RRC_RLC_MODE_UM_BI: - log->info("%s configured in %s mode: " + log->warning("%s configured in %s mode: " "t_reordering=%d ms, rx_sn_field_length=%u bits, tx_sn_field_length=%u bits\n", rrc->get_rb_name(lcid).c_str(), liblte_rrc_rlc_mode_text[cnfg_.rlc_mode], cfg.t_reordering, rlc_umd_sn_size_num[cfg.rx_sn_field_length], rlc_umd_sn_size_num[cfg.rx_sn_field_length]); break; case LIBLTE_RRC_RLC_MODE_UM_UNI_UL: - log->info("%s configured in %s mode: tx_sn_field_length=%u bits\n", + log->warning("%s configured in %s mode: tx_sn_field_length=%u bits\n", rrc->get_rb_name(lcid).c_str(), liblte_rrc_rlc_mode_text[cnfg_.rlc_mode], rlc_umd_sn_size_num[cfg.rx_sn_field_length]); break; case LIBLTE_RRC_RLC_MODE_UM_UNI_DL: - log->info("%s configured in %s mode: " + log->warning("%s configured in %s mode: " "t_reordering=%d ms, rx_sn_field_length=%u bits\n", rrc->get_rb_name(lcid).c_str(), liblte_rrc_rlc_mode_text[cnfg_.rlc_mode], cfg.t_reordering, rlc_umd_sn_size_num[cfg.rx_sn_field_length]); From 8258c28a4c7de249477fb3c93770f73444e4eb26 Mon Sep 17 00:00:00 2001 From: Andre Puschmann Date: Thu, 1 Feb 2018 15:53:09 +0100 Subject: [PATCH 3/6] Revert "fix coverity issue in macro returning negative nof symbols per subframe" This reverts commit ed46abbad0e63ef141cec4567a06b3f44e833b36. --- lib/include/srslte/phy/common/phy_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/include/srslte/phy/common/phy_common.h b/lib/include/srslte/phy/common/phy_common.h index 2800e7db6..c55713cfc 100644 --- a/lib/include/srslte/phy/common/phy_common.h +++ b/lib/include/srslte/phy/common/phy_common.h @@ -110,7 +110,7 @@ typedef enum {SRSLTE_SF_NORM, SRSLTE_SF_MBSFN} srslte_sf_t; #define SRSLTE_SF_LEN_MAX (SRSLTE_SF_LEN(SRSLTE_SYMBOL_SZ_MAX)) #define SRSLTE_SLOT_LEN_PRB(nof_prb) (SRSLTE_SLOT_LEN(srslte_symbol_sz(nof_prb))) -#define SRSLTE_SF_LEN_PRB(nof_prb) (nof_prb > 0 ? SRSLTE_SF_LEN(srslte_symbol_sz(nof_prb)) : 0) +#define SRSLTE_SF_LEN_PRB(nof_prb) (SRSLTE_SF_LEN(srslte_symbol_sz(nof_prb))) #define SRSLTE_SLOT_LEN_RE(nof_prb, cp) (nof_prb*SRSLTE_NRE*SRSLTE_CP_NSYMB(cp)) #define SRSLTE_SF_LEN_RE(nof_prb, cp) (2*SRSLTE_SLOT_LEN_RE(nof_prb, cp)) From 07cd9ae52882987e1bf20366e274df6527540173 Mon Sep 17 00:00:00 2001 From: Andre Puschmann Date: Thu, 1 Feb 2018 16:34:38 +0100 Subject: [PATCH 4/6] fix coverity issues --- lib/examples/pdsch_enodeb.c | 3 ++- lib/src/asn1/liblte_s1ap.cc | 6 +++--- srsue/src/phy/phch_worker.cc | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/examples/pdsch_enodeb.c b/lib/examples/pdsch_enodeb.c index c95fd50a9..87ecfe6f1 100644 --- a/lib/examples/pdsch_enodeb.c +++ b/lib/examples/pdsch_enodeb.c @@ -185,7 +185,8 @@ void parse_args(int argc, char **argv) { cell.id = atoi(argv[optind]); break; case 'x': - strncpy(mimo_type_str, argv[optind], 32); + strncpy(mimo_type_str, argv[optind], 31); + mimo_type_str[31] = 0; break; case 'b': multiplex_pmi = (uint32_t) atoi(argv[optind]); diff --git a/lib/src/asn1/liblte_s1ap.cc b/lib/src/asn1/liblte_s1ap.cc index 530767c2f..e6a8fe575 100644 --- a/lib/src/asn1/liblte_s1ap.cc +++ b/lib/src/asn1/liblte_s1ap.cc @@ -2243,9 +2243,9 @@ LIBLTE_ERROR_ENUM liblte_s1ap_pack_imsi( if(ie != NULL && ptr != NULL) { - // max length of IE buffer is 32, so limit - if (ie->n_octets > 31) { - printf("Length in struct exceeds buffer (%d > 31).\n", ie->n_octets); + // max length of IE buffer is 8, so limit + if (ie->n_octets > 7) { + printf("Length in struct exceeds buffer (%d > 7).\n", ie->n_octets); return LIBLTE_ERROR_ENCODE_FAIL; } diff --git a/srsue/src/phy/phch_worker.cc b/srsue/src/phy/phch_worker.cc index 1569b0860..ebb8710d5 100644 --- a/srsue/src/phy/phch_worker.cc +++ b/srsue/src/phy/phch_worker.cc @@ -232,8 +232,8 @@ void phch_worker::work_imp() /** Calculate RSSI on the input signal before generating the output */ - // Average RSSI over all symbols - float rssi_dbm = 10*log10(srslte_vec_avg_power_cf(signal_buffer[0], SRSLTE_SF_LEN_PRB(cell.nof_prb))) + 30; + // Average RSSI over all symbols (make sure SF length is non-zero) + float rssi_dbm = SRSLTE_SF_LEN_PRB(cell.nof_prb) > 0 ? (10*log10(srslte_vec_avg_power_cf(signal_buffer[0], SRSLTE_SF_LEN_PRB(cell.nof_prb))) + 30) : 0; if (isnormal(rssi_dbm)) { phy->avg_rssi_dbm = SRSLTE_VEC_EMA(rssi_dbm, phy->avg_rssi_dbm, phy->args->snr_ema_coeff); } From ffb076b2c5a0519b0b37e79206ba4524ba14c98d Mon Sep 17 00:00:00 2001 From: Ismael Gomez Date: Thu, 1 Feb 2018 16:43:56 +0100 Subject: [PATCH 5/6] Buffer is deallocated for tx_window but tx_window object is not removed from map. Next time is accessed buffer is null. --- lib/src/upper/rlc_am.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/src/upper/rlc_am.cc b/lib/src/upper/rlc_am.cc index 6905151f0..d87d1240c 100644 --- a/lib/src/upper/rlc_am.cc +++ b/lib/src/upper/rlc_am.cc @@ -471,7 +471,7 @@ int rlc_am::build_retx_pdu(uint8_t *payload, uint32_t nof_bytes) if (!retx_queue.empty()) { retx = retx_queue.front(); } else { - log->error("In build_retx_pdu(): retx_queue is empty during sanity check\n"); + log->error("In build_retx_pdu(): retx_queue is empty during sanity check, sn=%d\n", retx.sn); return -1; } } @@ -549,7 +549,7 @@ int rlc_am::build_segment(uint8_t *payload, uint32_t nof_bytes, rlc_amd_retx_t r rrc->get_rb_name(lcid).c_str(), nof_bytes, head_len); return 0; } - pdu_space = nof_bytes-head_len; + pdu_space = nof_bytes-head_len-2; if(pdu_space < (retx.so_end-retx.so_start)) retx.so_end = retx.so_start+pdu_space; @@ -568,7 +568,7 @@ int rlc_am::build_segment(uint8_t *payload, uint32_t nof_bytes, rlc_amd_retx_t r upper += old_header.li[i]; head_len = rlc_am_packed_length(&new_header); - pdu_space = nof_bytes-head_len; + pdu_space = nof_bytes-head_len-2; if(pdu_space < (retx.so_end-retx.so_start)) retx.so_end = retx.so_start+pdu_space; @@ -1014,10 +1014,11 @@ void rlc_am::handle_control_pdu(uint8_t *payload, uint32_t nof_bytes) if(it->second.buf) { pool->deallocate(it->second.buf); it->second.buf = 0; + log->info("SN=%d removed from tx_window\n", i); } + tx_window.erase(it); if(update_vt_a) { - tx_window.erase(it); vt_a = (vt_a + 1)%MOD; vt_ms = (vt_ms + 1)%MOD; } From 0d65c48105d19e74b1b1e37ebcec0bf96e82191b Mon Sep 17 00:00:00 2001 From: Ismael Gomez Date: Thu, 1 Feb 2018 17:17:18 +0100 Subject: [PATCH 6/6] When RLC retx queue is empty, do not error and transmit a new tx --- lib/src/upper/rlc_am.cc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/src/upper/rlc_am.cc b/lib/src/upper/rlc_am.cc index d87d1240c..a5d7f19e7 100644 --- a/lib/src/upper/rlc_am.cc +++ b/lib/src/upper/rlc_am.cc @@ -315,8 +315,10 @@ int rlc_am::read_pdu(uint8_t *payload, uint32_t nof_bytes) // RETX if required if(retx_queue.size() > 0) { int ret = build_retx_pdu(payload, nof_bytes); - pthread_mutex_unlock(&mutex); - return ret; + if (ret) { + pthread_mutex_unlock(&mutex); + return ret; + } } // Build a PDU from SDUs @@ -471,8 +473,8 @@ int rlc_am::build_retx_pdu(uint8_t *payload, uint32_t nof_bytes) if (!retx_queue.empty()) { retx = retx_queue.front(); } else { - log->error("In build_retx_pdu(): retx_queue is empty during sanity check, sn=%d\n", retx.sn); - return -1; + log->info("In build_retx_pdu(): retx_queue is empty during sanity check, sn=%d\n", retx.sn); + return 0; } }