From 99985b5ea8e2d69d1e63a9423fbe40b872b0c0f5 Mon Sep 17 00:00:00 2001 From: Jacob Erlbeck Date: Mon, 13 Oct 2014 10:32:00 +0200 Subject: sgsn: Delete PDP contexts properly Currently the PDP contexts are hard freed (via sgsn_pdp_ctx_free) at some places in gprs_gmm.c on the reception of a Detach Req and on re-use of an IMSI that is already associated with an MM context. This can lead to segfaults when there is a pending request or a data indication at libgtp. This patch add a new function sgsn_pdp_ctx_terminate that de-associates the PTP context from the MM context, deactivates SNDCP, sets pdp->mm to NULL and then calls sgsn_delete_pdp_ctx. sgsn_libgtp is updated to check for pdp->mm being non-NULL before dereferencing it. The sgsn_pdp_ctx_terminate function will be called for each PDP context of an MM context before this context is going to be deleted via sgsn_mm_ctx_free. To ensure, that the ctx->llme (which is accessed during the deactivation of SNDCP) remains valid, the call to gprs_llgmm_assign is moved after the call to sgsn_mm_ctx_free. The handling of re-used IMSIs is changed to mimic the processing of a Detach Req. Addresses: <0002> gprs_gmm.c:654 MM(/f6b31ab0) Deleting old MM Context for same IMSI p_tmsi_old=0xc6f19134 <000f> gprs_sgsn.c:259 PDP freeing PDP context that still has a libgtp handle attached to it, this shouldn't happen! [...] SEGFAULT Ticket: OW#1311 Sponsored-by: On-Waves ehf --- openbsc/include/openbsc/gprs_sgsn.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'openbsc/include') diff --git a/openbsc/include/openbsc/gprs_sgsn.h b/openbsc/include/openbsc/gprs_sgsn.h index a04ab91c2..c9df82444 100644 --- a/openbsc/include/openbsc/gprs_sgsn.h +++ b/openbsc/include/openbsc/gprs_sgsn.h @@ -180,7 +180,8 @@ struct sgsn_pdp_ctx { }; #define LOGPDPCTXP(level, pdp, fmt, args...) \ - LOGP(DGPRS, level, "PDP(%s/%u) " fmt, (pdp)->mm->imsi, (pdp)->ti, ## args) + LOGP(DGPRS, level, "PDP(%s/%u) " \ + fmt, (pdp)->mm ? (pdp)->mm->imsi : "---", (pdp)->ti, ## args) /* look up PDP context by MM context and NSAPI */ struct sgsn_pdp_ctx *sgsn_pdp_ctx_by_nsapi(const struct sgsn_mm_ctx *mm, @@ -191,6 +192,7 @@ struct sgsn_pdp_ctx *sgsn_pdp_ctx_by_tid(const struct sgsn_mm_ctx *mm, struct sgsn_pdp_ctx *sgsn_pdp_ctx_alloc(struct sgsn_mm_ctx *mm, uint8_t nsapi); +void sgsn_pdp_ctx_terminate(struct sgsn_pdp_ctx *pdp); void sgsn_pdp_ctx_free(struct sgsn_pdp_ctx *pdp); -- cgit v1.2.3