aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeels Hofmeyr <neels@hofmeyr.de>2018-03-13 18:03:15 +0100
committerNeels Hofmeyr <neels@hofmeyr.de>2018-03-13 18:10:32 +0100
commitd78d9d5553ef2e0bd086d2e1d38058965d08f93a (patch)
treeaf2ad1d99928d5411dda21d4c5fdd63728153226
parent621c729d8d557c82d92b12fe1d1df872697bbd6e (diff)
trans_free: safeguard against a still running CC timer on free
Make sure to deactivate trans.cc.timer when freeing a CC transaction. Log an error if should be necessary. This prevents a segfault when we receive a BSSMAP Clear Request from BSC during an ongoing CC operation. The BSSMAP Clear Request currently triggers immediate freeing of the conn, while we should still do a graceful release first. While this patch does not fix the underlying error, it does prevent the MSC from crashing due to a stale timer, whatever the cause might be. Related: OS#3062 Change-Id: I86b666f23402a6d94af2d903e514770d1fd5157f
-rw-r--r--src/libmsc/transaction.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/libmsc/transaction.c b/src/libmsc/transaction.c
index f500326c9..cdaba9c79 100644
--- a/src/libmsc/transaction.c
+++ b/src/libmsc/transaction.c
@@ -121,6 +121,15 @@ void trans_free(struct gsm_trans *trans)
switch (trans->protocol) {
case GSM48_PDISC_CC:
_gsm48_cc_trans_free(trans);
+ if (osmo_timer_pending(&trans->cc.timer)) {
+ LOGP(DCC, LOGL_ERROR,
+ "%s Timer 0x%x is still running while discarding transaction"
+ " -- this is a bug: we were still expecting a response but"
+ " are freeing the transaction anyway\n",
+ vlr_subscr_name(trans->conn->vsub), trans->cc.Tcurrent);
+ osmo_timer_del(&trans->cc.timer);
+ trans->cc.Tcurrent = 0;
+ }
conn_usage_token = MSC_CONN_USE_TRANS_CC;
break;
case GSM48_PDISC_SMS: