Imagine following scenario:
1- client connects to CTRL iface, a new conn is created with POLL_READ
enabled.
2- A non-related event happens which triggers a TRAP to be sent. As a
result, the wqueue for the conn has now enabled POLL_WRITE, and message
will be sent next time we go through osmo_main_select().
3- At the same time, we receive the GET cmd from the CTRL client, which
means POLL_READ event will be also triggered next time we call
osmo_main_select().
4- osmo_main_select triggers osmo_wqueue_bfd_cb with both READ/WRITE
flags set.
5- The read_cb of wqueue is executed first. The handler closes the CTRL
conn for some reason, freeing the osmo_fd struct and returns.
6- osmo_qeueue_bfd_cb keeps using the already freed osmo_fd and calls
write_cb.
So in step 6 we get a heap-use-after-free catched by AddressSanitizer:
[0;m20180424135406115 [1;32mDLCTRL[0;m <0018> control_if.c:506 accept()ed new CTRL connection from (r=10.42.42.1:53910<->l=10.42.42.7:4249)
[0;m20180424135406116 [1;34mDLCTRL[0;m <0018> control_cmd.c:378 Command: GET bts.0.oml-connection-state
[0;m20180424135406117 [1;34mDLINP[0;m <0013> bts_ipaccess_nanobts.c:417 Identified BTS 1/0/0
[0;m[1;36m20180424135406118 [1;34mDNM[0;m[1;36m <0005> abis_nm.c:1628 Get Attr (bts=0)
[0;m[1;36m20180424135406118 [1;34mDNM[0;m[1;36m <0005> abis_nm.c:1628 Get Attr (bts=0)
[0;m20180424135406118 [1;34mDCTRL[0;m <000e> osmo_bsc_ctrl.c:158 BTS connection (re)established, sending TRAP.
[0;m20180424135406119 [1;32mDLCTRL[0;m <0018> control_if.c:173 close()d CTRL connection (r=10.42.42.1:53910<->l=10.42.42.7:4249)
[0;m=================================================================
==12301==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000003e04 at pc 0x7f23091c3a2f bp 0x7ffc0cb73ff0 sp 0x7ffc0cb73fe8
READ of size 4 at 0x611000003e04 thread T0
#0 0x7f23091c3a2e in osmo_wqueue_bfd_cb /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/libosmocore/src/write_queue.c:65
#1 0x7f23091ad5d8 in osmo_fd_disp_fds /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/libosmocore/src/select.c:216
#2 0x7f23091ad5d8 in osmo_select_main /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/libosmocore/src/select.c:256
#3 0x56538bdb7a26 in main /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:532
#4 0x7f23077532e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#5 0x56538bdb8999 in _start (/home/jenkins/workspace/osmo-gsm-tester_run-prod/trial-896/inst/osmo-bsc/bin/osmo-bsc+0x259999)
Fixes: OS#3206
Change-Id: I84d10caaadcfa6bd46ba8756ca89aa0badcfd2e3
The number used in debian packaging is actually current-age, which is
still 0 in this case after it was bumped a while ago.
As a result, we had a libosmoctrl1_*.deb package installing a
libosmoctrl.so.0 file.
Fixes: OS#3175
Change-Id: I771f6c68570bc3b2bab68e1165c7284fd43e904d
Before this commit, for library projects (containing LIBVERSION in some
Makefile), the entire commit list was not stored into the changelog, but
only a few lines from TODO-RELEASE files.
This is a bad approach for several reasons. First, because that file was
only aimed at containing API/ABI breaks, and not the full relevant
changeset (like bugfixes, new features, etc.). Second, because it relies
on every developer making API/ABI changes to remember to store the
change in there during commit break time.
Let's instead always store the entire commit list in changelog, and
let's use TODO-RELEASE only as a list of hints for the maintainer to
help him evaluate how LIBVERSION needs to be bumped for each library.
Other tools such as osmo-abi-check.git can be used to help with the
process of decission too.
Let's take the opportunity too to only commit stuff already added to the
staging area, as it proved easier to manage from my personal experinece
making latest releases.
Change-Id: Ibf662173ce2b4ff3966e9ad5f56c65dfb13607ff
It turns out git status doesn't return an error code in any of the
modified/unmodified cases. It's not clear anyway why we check
TODO-RELEASE when we actually care about the file containing the
LIBVERSION (non-)change.
Change-Id: I2320d6ee29cd528e55c0609be1af350655123b85
If no line is provided, then the xargs line doesn't call dch (due to -r
param) and as a result no new version entry is created in the log, and
the old one is updated.
Change-Id: I17894f669e6d3d6d31203a4522dce7fa01da323f
gnutls_global_init must be called at least once for
gnutls < 3.3.0. It doesn't hurt calling it twice, except
a reference counter is increased.
gnutls >= 3.3.0 will call it automatic.
Fixes: OS#2986
Change-Id: I241b6ae5aa8df13dd78f04658cf0953e9561c9e2
In recent Iaa20c59f624fbdc69a018cabd0f7e9c5a1389519 I fixed one missing init
issue and didn't notice the N other similar ones right next to it. Also fix the
remaining missing inits.
Fixes:
../../../../src/libosmocore/src/gsm/gsm0808_utils.c:187:8: runtime error: load of value 13, which is not a valid value for type '_Bool'
../../../../src/libosmocore/src/gsm/gsm0808_utils.c:191:8: runtime error: load of value 119, which is not a valid value for type '_Bool'
Related: OS#3148
Change-Id: Ie8a1a9b3132024135ca70390eae4d21c907b2edc
Ericsson supports a RSL command to page and immediate assign
as single command. For paging a MS the BTS must know the
paging group.
Change-Id: I9194500e307ad69f8da07510bc965a7a5cd82a2a
We are alredy doing the same way for ip.access and siemens ones, and
this way we avoid using the hardcoded value in osmo-bsc.
Change-Id: I7cb65f3ff1cfdbe4eee97b7545bcd13a38c72e25
3GPP TS 48.058 has a very clear definition of which messages are
"transparent" and hence have the T-bit == 1. This is *not* just
all RLL messages, but basically only RLL_DATA.{ind,req} and
RLL_UNITDATA.{ind,req}. All other messages are non-transparent.
Change-Id: I9f83654af189d818563d799bf623325b7fee8e70
Closes: OS#3188
Catched by AddressSanitizer in osmo-bts-trx while running tests in
osmo-gsm-tester:
==31738==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 5744 byte(s) in 1 object(s) allocated from:
#0 0x7ff7ec789ed0 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1ed0)
#1 0x7ff7e952697c (/lib/x86_64-linux-gnu/libc.so.6+0x10297c)
#2 0x7ff7e95274df in getifaddrs (/lib/x86_64-linux-gnu/libc.so.6+0x1034df)
#3 0x7ff7eadcdc8f in osmo_sockaddr_is_local libosmocore/src/socket.c:537
Change-Id: I778d3c1f162abce0595e62670c29c5134bccd28d
Catched by address sanitizer in osmo-bts-trx during osmo-gsm-tester test
run.
==25503==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55b4e8468780 at pc 0x7fd824f543ba bp 0x7fffc21009f0 sp 0x7fffc21009e8
READ of size 16 at 0x55b4e8468780 thread T0
#0 0x7fd824f543b9 in osmo_get_macaddr libosmocore/src/macaddr.c:132
#1 0x55b4e842df33 in abis_open osmo-bts/src/common/abis.c:256
#2 0x55b4e84286c9 in bts_main osmo-bts/src/common/main.c:342
#3 0x7fd8235ab2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#4 0x55b4e838e759 in _start (/home/jenkins/workspace/osmo-gsm-tester_run-prod/trial-807/inst/osmo-bts/bin/osmo-bts-trx+0xfc759)
Change-Id: I3727ef339279c8eeb85908735467bfd0e02ca259
Provide comprehensive API to obtain string representations of Cell Identifiers
and -Lists.
Change gsm0808_test.c to use the new functions (which simplifies the output a
bit), so that we don't duplicate printing code in gsm0808_test.c, and so that
the not-so-trivial printing code is also tested.
In gsm0808_test, also test gsm0808_cell_id_list_name_buf()'s return value and
truncation behavior.
The rationale for gsm0808_cell_id_list_name(), i.e. printing an entire list of
cell identifiers, is that even though the maximum is 127 elements, a list of
more than a few elements is hardly ever expected in practice (even more than
one element isn't actually expected: either "entire BSS" or a single LAC). It
is thus useful to log the entire list when it shows up in Paging and Handover.
Change-Id: I9b2106805422f96c5cc96ebb9178451355582df3
Rationale: so far we use code like
if (TLVP_PRESENT(&tp, VERY_LONG_ENUM_VALUE_NAME_THAT_NEVER_ENDS)) {
val = TLVP_VAL(&tp, VERY_LONG_ENUM_VALUE_NAME_THAT_NEVER_ENDS);
len = TLVP_LEN(&tp, VERY_L0NG_ENUM_VALUE_NAME_TH4T_NEVER_EMDS);
}
This is a) very long and b) prone to picking the wrong name one of the three
times, which would use the wrong length or val without necessarily being
noticed. A safer and shorter, more readable pattern is:
struct tlv_p_entry *e = TVLP_GET(&tp, VERY_LONG_ENUM_VALUE_NAME_THAT_NEVER_ENDS);
if (!e)
return -ENOENT;
hexdump(e->val, e->len);
Change-Id: I445de17fc2daa3ab051f5708dd0cc185b23dc048
According to the GSM TS 04.07, section 11.2.3.1.1 "Protocol
discriminator", bits 1 to 4 of the first octet of a standard
L3 message contain the protocol discriminator IE.
Meanwhile, the GSM48_PDISC_USSD represents value 0x11, i.e.
0b10001, that requires 5 bits, and moreover it is not
documented anywhere. Let's drop it.
Change-Id: Ic4eb8a6db4ff1dfd535bd0c84e7acf1908422f64
don't blindly trust the tag-length value in an IPA CCM ID GET
message. This could result in a remotely-triggered integer underflow.
Change-Id: I4723361e1094b358310541a7dc4c5c921c778a15
The uninitialized members of enc_sc sporadically hit address sanitizer failure
during gsm0808_test, like:
../../../../src/libosmocore/src/gsm/gsm0808_utils.c:187:8: runtime error: load of value 13, which is not a valid value for type '_Bool'
../../../../src/libosmocore/src/gsm/gsm0808_utils.c:191:8: runtime error: load of value 119, which is not a valid value for type '_Bool'
How the test survived so long is a mystery to me; as soon as some uninitialized
members would by coincidence not be zero, the test should always have failed at
OSMO_ASSERT(memcmp(&enc_sc, &dec_sc, sizeof(enc_sc)) == 0).
Related: OS#3148
Change-Id: Iaa20c59f624fbdc69a018cabd0f7e9c5a1389519
Clarify semantics and micro-optimise for the case of single Cell Identifer IEs.
Test in gsm0808_test.c
So far we have gsm0808_enc_cell_id_list2(), but there also exist instances of
single Cell Identifiers (3GPP TS 48.008 3.2.2.17).
It is possible to decode the same using the cell identifier list API, but this
forces the caller to also keep a full struct gsm0808_cell_id_list2 with all its
127 entries around.
E.g. for handover, there are two Cell Identifiers (Serving and Target); I'd
need two full cell id lists for each, and these would be dynamically allocated
for each handover operation, whether it uses them or not.
Related: OS#2283 (inter-BSC HO, BSC side)
Change-Id: I9f9c528965775698ab62ac386af0516192c4b0cc
Allow passing multiple struct tlv_parsed in an array, to allow parsing as many
repeated IEs as are expected by the caller.
From tlv_parse(), call tlv_parse2() with dec_multiple = 1 to yield the previous
behavior. tlv_parse() remains valid API.
An example of multiple IEs is the BSSMAP Handover Request, containing Cell
Identifier (Serving) and Cell Identifier (Target), both defined by 3GPP TS
48.008 3.2.2.17 with identical IE tags; both are mandatory.
Related: OS#2283 (inter-BSC HO, BSC side)
Change-Id: Id04008eaf0a1cafdbdc11b7efc556e3035b1c84d
This will be used by the upcoming neighbor_ident API in osmo-bsc, where the vty
interface allows composing neihbor BSS cell identifier lists, and we want to
allow adding individual items from individual user commands.
It will also be useful to accumulate cell identifiers in case a subscriber sees
multiple alternative cells from a neighboring BSS, and we want to pass these on
to the MSC in a Handover Required.
Related: OS#2283 (inter-BSC HO, BSC side)
Change-Id: I5781f5fa5339c92ab2e2620489b002829d206925
This will be used by cell idenitifier list code, like upcoming neighbor_ident
VTY in osmo-bsc and regression tests.
Change-Id: Iebc5cdf61b697b1603900993fc265af3eca0cedf
All our projects have seen patches to move to 3-digit MNC handling.
Furthermore, since our builds no longer break from deprecation warnings, I shall
no longer refrain from deprecating old API.
Change-Id: I55dfaf7ce74870de44120b26c42d45bb7b184341
OSMO_IS_LITTLE_ENDIAN is always defined and has a value of
either 0 or 1
as a result in byteswap.h the corresponding swap functions
will be always called, independent of the endianess
Signed-off-by: Thorsten Alteholz <osmocom@alteholz.de>
Change-Id: I4a09d2d8ccf155e70a3977ae1747758b6bc5125e
There seems to be quite some confusion / overlap between enum
gsm48_reject_value, gsm48_gsm_cause and gsm48_gmm_cause. I tried to go with
gsm48_gsm_cause_names[], but e.g. GSM48_REJECT_CONGESTION is not represented.
Instead of attempting to mix/merge those enums, provide a separate value string
array for enum gsm48_reject_value.
This will be used by osmo-msc's libvlr (refactoring of FSM result handling),
I27bf8d68737ff1f8dc6d11fb1eac3d391aab0cb1.
Change-Id: I6661f139e68a498fb1bef10c266c2f064b72774a
In the osmo-msc, I would like to set the subscr conn FSM identifier by a string
format, to include the type of Complete Layer 3 that is taking place. I could
each time talloc a string and free it again. This API is more convenient.
From osmo_fsm_inst_update_id(), call osmo_fsm_inst_update_id_f() with "%s" (or
pass NULL).
Put the name updating into separate static update_name() function to clarify.
Adjust the error message for erratic ID: don't say "allocate", it might be from
an update. Adjust test expectation.
Change-Id: I76743a7642f2449fd33350691ac8ebbf4400371d
On erratic id in osmo_fsm_inst_update_id(), don't say "Attempting to allocate
FSM instance".
Escape the invalid id using osmo_quote_str().
Change-Id: I770fc460de21faa42b403f694e853e8da01c4bef
Since alloc relies on osmo_fsm_inst_update_id() to set the name, never skip
that.
In osmo_fsm_inst_alloc(), we allow passing a NULL id, and in
osmo_fsm_inst_update_id(), we set the name without id if id is NULL.
Change-Id: I6d6b09a811b82770818f19b189a57d9fc4a8133b
Place id and name testing in its separate section, test_id_api().
Add a test that actually allocates an FSM instance with a NULL id, which is
allowed, but uncovers a bug of an unset FSM instance name. osmo_fsm_inst_name()
falls back to the fsm struct's name on NULL, but osmo_fsm_inst_find_by_name()
fails to match if the instance's name is NULL (and until recently even
crashed). Show this in fsm_test.c with loud comments.
Add test to clear the id by passing NULL.
Add test for setting an empty id.
Add test for setting an invalid identifier (osmo_identifier_valid() == false).
Change-Id: I646ed918576ce196c395dc5f42a1507c52ace2c5
strcmp() *must not* be passed NULL pointers, or we hit:
../../../src/libosmocore/src/fsm.c:123:8: runtime error: null pointer passed as argument 2, which is declared to never be null
ASAN:DEADLYSIGNAL
(Or, alternatively, a segfault.)
If any of the search string or an FSM instance's name string should be NULL,
simply never match.
Technically, an FSM should never have a NULL name, but a current bug actually
allows this (pass NULL id to alloc), which will be addressed by an upcoming
patch. To test for it, we need to first make sure this here doesn't segfault.
Change-Id: I2e5f82c06d1a4727bd93e955366e3b62b2df1b32
In fsm_test.c, we have FSM instance cleanup after the select main loop, but we
exit(0) in the timer cb; hence the final code is never called.
Rather clean up the instance and hence also test that, by using a global flag
to exit the main loop upon timeout.
Adjust expected stderr output.
BTW, in a subsequent commit, I want to move the fsm instance id testing to
below the main loop, to more clearly group the tested bits.
Change-Id: Ia47811ffcc1bd68d2630c86be7ab98fc1f338773
Rationale: with osmo_escape_str(), you get the escaped contents of the string,
but not so graceful handling of NULL strings. The caller needs to quote it, and
for NULL strings not quote it.
osmo_quote_str() is like osmo_escape_str() but always quotes a non-NULL string,
and for a NULL string returns a literal NULL, i.e. it should (tm) give the
exact C representation of a string.
That's useful in testing, to show exactly what char* situation we have, without
jumping through hoops like
if (str)
printf("\"%s\"", osmo_escape_str(str, -1));
else
printf("NULL");
Copy the unit test for osmo_escape_str() and adjust. To indicate that the
double quotes are returned by osmo_quote_str(), use single quotes in the test
printf()s.
I considered allowing to pick the quoting characters by further arguments, but
that complicates things: we'd need to escape the quoting characters. Just
hardcode double quotes like C.
Change-Id: I6f1b3709b32c23fc52f70ad9ecc9439c62b02a12
fix for some spelling issues found by lintian
Signed-off-by: Thorsten Alteholz <osmocom@alteholz.de>
Change-Id: I69976ecae6939d9ff51bfe4ce7374890c6563b82
Ironically, when deprecating osmo_init_logging() in
I216837780e9405fdaec8059c63d10699c695b360, I forgot to change the callers
within libosmocore itself, i.e. in the various regression tests.
Change-Id: Ia36c248f99353d5baaa2533f46a2f60a8579bdf8
After investigating osmo-msc showing this log message and looking at the
code, it's a bit difficult to find out what's going on in the code:
socket.c:224 unable to bind socket: (null):0: Protocol not supported
The root cause was not yet found, but probably SCTP is not enabled in
the kernel of the host running it.
The cod eis most probably failing during socket() and not due to bind
error as the log says, so let's print an error if socket() fails.
Then, if setsockopt fails, we want to still keep trying in case an extra
addr was offered by addrinfo_helper. It is definetly wrong to continue
if setsockopt fails, because then we are skipping the bind(), which is a
fundamental part of what osmo_sock_init2 does.
Then, let's print the bind error when it really happens, and re-write
the extra log at the end if we reach the point at which no suitable addr
is found.
Change-Id: I1854422ad92dadf33ed4d849e15c0380c3bf1626
Add logging to root ctx, add msgb ctx to root ctx, free wqueue to simulate the
msgb being sent, and assert final talloc size.
Change-Id: Ief3d5e7b6c4d781b3854e230e45a67d5281b94cd