2019-05-23Add ringer support to built-in MNCC application of mobilelaforge/jolly_handover_rebasedAndreas Eversberg4-0/+97
Change-Id: Id824f7c9d9d6110b4dc443653a14bfcd2e0cc2b3
2019-05-23Add ringer support to L1CTL interface and layer1Andreas Eversberg5-0/+42
Change-Id: I67cb04cfacdc4f2efa8bd829ecf66f0040bf430a
2019-05-23mobile: VTY provides two options to disable neighbor cell measurementsAndreas Eversberg4-16/+56
1. "no neighbor-measurement idle": neighbor cell measurement for cell re-selection 2. "no neighbor-measurement dedicated": neighbor cell measurement for handover Change-Id: Icc5ff58aee3a1a4705e38839bd5cdf6bf7e30f03
2019-05-23mobile: Fixes of frequency redefinition handlingAndreas Eversberg1-2/+2
Change-Id: I4897ed2c71ddf30afd057389ca67a9b9d6d88ace
2019-05-23mobile/gsm48_rr.c: Show "cipher 0", if ciphering is disabledAndreas Eversberg1-2/+2
Change-Id: Ic184772a57451d53797370d2cbac6653ec7b9847
2019-05-23mobile: Keep track of cell channel description during dedicated modeAndreas Eversberg2-23/+45
The initial cell channel decription is received via SI1. During a call this description may change due to handover, assignment, frequency redefinition. Whenever it changes, the last received cell channel description is used to handle messages that do not include this information element. Example of one call with handover inbetween. The assignments do not include a cell channel description: IMMEDIATE ASSIGNMENT: Use cell channel description from SI1. ASSIGNMENT COMMAND: Re-use cell channel description from SI1. HANDOVER COMMAND: Use new cell channel description from HANDOVER COMMAND. ASSIGNMENT COMMAND: Re-use cell channel description from HANDOVER COMMAND. Change-Id: I4981b0a2a3f896a75e624d07c2d3628442f13ecf
2019-05-23mobile: Use only sel_si for informations about the current cellAndreas Eversberg4-41/+62
sel_si structure tracks content of SI5* and SI6 messages. The informations will change after handover, so they do not refer to the origin cell. The list of scanned cells is not affected. The sel_si structure will be overwritten with the selected cell after leaving dedicated mode. Change-Id: Idd6a35c13de56115645e0861d95c256ebf9257f8
2019-05-23[WIP] HO: VTY test option to fake a better neighbor cell to force handoverAndreas Eversberg3-1/+86
The handover is forced by reporting perfect measurement results of a given neighbor cell. All other neighbor cells and the serving cell is reported as poor. The falke report will sustain until the connection is released or a new 'better' cell is specified. Change-Id: Ie9245dbbb9142f14459ed13b2ff29a6c2dbf3d6c
2019-05-23[WIP] HO: Completed handover process at mobile (layer 3).Andreas Eversberg3-185/+467
The implementation supports: - Non-synchronised handover - Synchronized handover - Pre-sychronized handover - Pseudo-synchronized handover Change-Id: I0aebe1adfddcc3ff794b980ea4e3651ff616c032
2019-05-23[WIP] HO: Transmit access bursts on DCCH of TCH channelsAndreas Eversberg1-2/+15
Change-Id: I1a972d9bac5749c67c1b139825400854f7cf1490
2019-05-23[WIP] HO: Add RX only mode for handoverAndreas Eversberg3-0/+17
When establishing dedicate mode, a flag is used to disable transitter. When transmitter is disabled, access bursts are allowed. After sending a L1CTL_PARAM_REQ, the transmitter is enabled with given parameters. Change-Id: I43b14089e0b8988db6a73dd143c8ea806284ab7a
2019-05-23[WIP] HO: Add new parameters to L1CTL_DM_EST_REQAndreas Eversberg5-17/+49
* Flag to enter dedicated mode with TX disabled * Flag to use sync info of neighbor cell * Flag to use sync info of previous serving cell * Index of neighbor cell All these parameters are required to handover to a new channel. Change-Id: Iadbc47f006d1f8a019822aedee180814de13cb2d
2019-05-23[WIP] HO: Add SCH read of neighbor cells to TCH channelsAndreas Eversberg8-0/+185
The task will try to sync to neighbor cell during search (idle) frame. Change-Id: I7f2c6b5438676a816c546cb9dce404762ee5d5b5
2019-05-23[WIP] HO: Add power measurement of neighbor cells to TCH channelsAndreas Eversberg5-50/+212
The task will measure power between TX and RX of successive TCH frames. Change-Id: I0c5a1714249799ff0f2031ca0585ec051c61cc6b
2019-05-23[WIP] HO: Add BSIC and TOA to L1CTL_NEIGH_PM_INDAndreas Eversberg3-3/+10
Change-Id: I792b52d9bf115a2def9720eed3d62982d8cdbe00
2019-05-23[WIP] Change TPU offset on TS change or sync changeAndreas Eversberg6-27/+88
When TPU offset must be changed (assignment to different timeslot or handover to a different cell), all tasks will be disabled until new TPU offset has been applied. Currently scheduled tasks are finished before the new TPU offset is applied. On change of TPU offset, the TPU's interrupt may skip one frame when changing backwards in time. Also it may generate two interrupts when changing significantly forward in time. This is compensated by changing the GSM time. Change-Id: If858484a9cf497e0f6e8d84593ab3637c2668869
2019-05-23layer23: fix tons of compiler warnings, mostly OSMO_DEPRECATED relatedHarald Welte7-26/+36
Change-Id: I03918bd864c711b377a795186123c85bb6f4dc4a
2019-05-23sap_fsm: Fix what appears to be a missing pointer dereferenceHarald Welte1-1/+1
sap_fsm.c: In function ‘sap_negotiate_msg_size’: sap_fsm.c:103:15: warning: passing argument 1 of ‘__bswap_16’ makes integer from pointer without a cast [-Wint-conversion] size = ntohs((uint16_t *) param->value); ^~~~~~~~~~~~~~~~~~~~~~~~~ Change-Id: Ie58af6162c67ae377809b42daa897ca3f3d72af1
2019-05-23contrib/ Build gprsdecode + laye23 with 'make distcheck'Harald Welte1-1/+10
Change-Id: I17c4dfb7bbfcf8da78d688939ee8c0b916cb6b1a
2019-05-23layer23: Fix 'make distcheck'Harald Welte6-6/+65
Change-Id: Ic48e240ee1484aaa793af23c62a24d2949900b86
2019-05-23bcch_scan: Fix compiler warning about undefined functionsHarald Welte3-1/+10
Change-Id: I435ef2032b9cefe844c37f395d9087be6af8934a
2019-05-17trx_toolkit/ avoid logging \0-terminatorVadim Yanitskiy1-1/+1
Change-Id: I93da2e8ba9d3fda944b8171bc42e49063c925f9c
2019-05-14common/sim.c: add missing break to sim_apdu_resp()Vadim Yanitskiy1-0/+1
Change-Id: Id5c325ffcfea8175bc5d5499a0904c0984e00349 Fixes: OS#198542
2019-05-13firmware/Makefile: clarify toolchain configuration includeVadim Yanitskiy1-1/+1
Change-Id: I77ce68d5904ff623f10f6475309052666bab7742
2019-05-13firmware/ fix sections with overlapping VMAHarald Welte2-4/+4
Starting from [1], not only LMA but also VMA areas are now checked for overlaps (see also [2]). This results into linking errors: arm-none-eabi-ld: section .text.exceptions VMA [000000000080001c,0000000000800037] overlaps section .compal.reservedram VMA [0000000000800000,00000000008000fe] arm-none-eabi-ld: section .text.exceptions VMA [000000000080001c,0000000000800037] overlaps section .compal.loader VMA [0000000000800000,00000000008000ff] Let's try to work around this. [1];h=a87dd97a2098b7e18ff2574a4e81ae521ef7e6f2 [2] Change-Id: I098ddd33aabd7ec27981e2f09d8582f167bb649b Fixes: OS#1917
2019-05-09trxcon/trx_if.c: use ssize_t for return value of read()Vadim Yanitskiy1-13/+14
Change-Id: I4a489be6fafcd057c3edc4f3d5f76d645899f884
2019-05-09trxcon/trx_if.c: print error message if read() call failsVadim Yanitskiy1-2/+6
Change-Id: If3aaa730c306e703d1d430a8920284aa592c999c
2019-05-09trxcon/trx_if.c: use read() call instead of recv()Vadim Yanitskiy1-2/+2
According to the man page of recv(), the only difference of this call from read() is the presence of flags. With a zero flags argument, recv() is generally equivalent to read(). Change-Id: I6d43bbf8d52c5fbb8ee0592b7d1c1dfd2dd1548e
2019-05-09trxcon/l1ctl.c: init DL info header in l1ctl_tx_rach_conf()Vadim Yanitskiy1-0/+2
Since we only set both ARFCN and TDMA frame number of the DL info header, other fields remain uninitialized. Let's memset() them. Change-Id: Ib39c333f1724fefa5d8bd8a2315b77a5612f7fa9
2019-05-09trxcon/l1ctl.c: pass band_arfcn to l1ctl_tx_rach_conf()Vadim Yanitskiy3-5/+6
This would allow to abstract both L1CTL and TRX interfaces from each other in the upcoming refactoring. Change-Id: I74a23c73b03bad822272b9cfe76c2501666912b7
2019-05-03mobile/gsm48_mm.c: use proper types for gsm48_rr_hdrVadim Yanitskiy1-5/+5
Change-Id: I29ed122b8956260b9f847cc0e3e81a28d6762632
2019-05-03mobile/gsm48_rr.h: mark gsm48_rr_hdr struct as packedVadim Yanitskiy1-1/+1
In both gsm48_mm.c and gsm48_rr.c we put / push 'gsm48_rr_hdr' structure into the message buffers, so then it's retrieved by the message receivers. The AddressSanitizer complains about unaligned pointer access and potentially unexpected behaviour. Change-Id: I8aa2c0074b405afd0e76044ef076b6819fe1083b
2019-05-03mobile/gsm322.c: fix heap-use-after-free in gsm322_unselect_cell()Vadim Yanitskiy1-0/+2
In gsm322_l1_signal(), if S_L1CTL_FBSB_ERR is received, we free stored System Information of the current cell, but cs->si may still point to it. Let's set it to NULL. Found with AddressSanitizer: DL1C ERROR l1ctl.c:96 FBSB RESP: result=255 DCS INFO gsm322.c:2995 Channel sync error, try again DCS INFO gsm322.c:467 Sync to ARFCN=860(DCS) rxlev=-106 DRR INFO gsm48_rr.c:665 MON: no cell info DRR INFO gsm48_rr.c:665 MON: no cell info DRR INFO gsm48_rr.c:665 MON: no cell info DRR INFO gsm48_rr.c:665 MON: no cell info DL1C ERROR l1ctl.c:96 FBSB RESP: result=255 DCS INFO gsm322.c:3008 Channel sync error. DCS DEBUG gsm322.c:3013 free sysinfo ARFCN=860(DCS) DCS INFO gsm322.c:3020 Unselect cell due to sync error! DCS INFO gsm322.c:509 Unselecting serving cell. ================================================================= ==6014==ERROR: AddressSanitizer: heap-use-after-free on address 0x61b0000000e6 at pc 0x00000050d6dd bp 0x7fff7f84aa60 sp 0x7fff7f84aa58 Change-Id: I9cc526c18d69695d810de98703579818408de011
2019-04-27lua: Add a sentinel for the fd function tableHolger Hans Peter Freyther1-0/+1
Change-Id: I4fe2fd6584a453a951361e1b67fb986583b176be
2019-04-24trx_toolkit/ fix TOA256 MIN/MAX constantsVadim Yanitskiy1-3/+3
The old TOA256 range was bigger than we can actually store: struct.error: 'h' format requires -32768 <= number <= 32767 Change-Id: I5d4e1fea9d07f2c49f01e6644d1c0d1dc8cf4e40
2019-04-22trxcon: introduce extended (11-bit) RACH supportVadim Yanitskiy2-52/+128
According to 3GPP TS 05.03, section 5.3, two coding schemes are specified for access bursts: one for regular 8-bit bursts, another - for extended 11-bit packet access bursts. According to 3GPP TS 05.02, section 5.2.7, there are two additional training (synchronization) sequences for RACH bursts: TS1 & TS2. By default, TS0 synch. sequence is used, unless explicitly stated otherwise (see 3GPP TS 04.60). According to 3GPP TS 04.60, section 11.2.5a, the EGPRS capability can be indicated by the MS using an alternative training sequence (i.e. TS1 or TS2) and the 11-bit RACH coding scheme. Change-Id: I36fd20cd5502ce33c52f644ee4c22abb83350df8
2019-04-22l1ctl_proto.h: add extended RACH (11-bit) request messageVadim Yanitskiy1-0/+12
According to 3GPP TS 04.60, section 11.2.5a, the extended (11-bit) Access Burst on RACH/PRACH is used by the MS to indicate its EGPRS capability. One of the alternative synch. sequences (see 3GPP TS 05.02, TS1 and TS2) shall be used. Change-Id: Iae0267a31b3314c990eb41acb2f570ca3219021c
2019-03-21trxcon: use static helper to prepare FBSBMax1-12/+15
Use static helper to prepare l1ctl_fbsb_conf - this simplifies fbsb-related functions and make difference between timer callback and regular response more obvious. Change-Id: I43832d6a912a32ea5795ed0110981e0b714a7a61
2019-03-21trxcon: log FBSB timer eventsMax1-1/+2
Change-Id: I0168d43951494f4010df891f391ddad4b57493d7
2019-03-21trxcon: use helper to add l1ctl_info_dlMax1-24/+18
Use static helpers to add l1ctl_info_dl to msgb - this simplifies l1ctl_* routines and reduce code duplication. Change-Id: I0b5b81f1fcd2984136e553a93735ea5456d2b3df
2019-03-21trxcon: use bool for fbsb_conf_sentMax2-4/+4
It's only used as a boolean value so let's set proper type for it. Change-Id: Iaf50cdd19ac2139ee2d625671410a486edae2999
2019-03-10trxcon/scheduler: clarify decoding of incomplete xCCH blocksVadim Yanitskiy1-0/+4
Inspired by Sylvain's message at #osmocom. Change-Id: I3f499837413e1dbd0ca62229dc9cb6f0f7475a42
2019-03-06target/firmware/tiffs: update copyright statementsVadim Yanitskiy2-6/+8
In OS#3582, the autor of TIFFS code, Mychaela Falconia, has noted: ... all of my code contributions are in the public domain and are NOT copyrighted by me, and I strenuously object to anyone taking it upon themselves to insert a copyright notice with my name in it. Let's update the copyright statements as recommended by the author. Change-Id: If115991425372a4cdbcfefa115532c9c410e58c4
2019-02-21trxcon/scheduler: count number of measurementsVadim Yanitskiy6-14/+8
Instead of counting both RSSI and ToA measurements separately, let's have a single counter in trx_lchan_state.meas struct. Change-Id: I45454a3ac92b8cc85dd74092e4ab6eb350f20c9a
2019-02-19firmware/lib: introduce TIFFS filesystem supportMychaela Falconia17-2/+496
All known TI GSM firmwares implement some kind of flash file system, or FFS. We call it TIFFS (Texas Instruments FFS) because it is TI's invention. TIFFS is a file system with a hierarchical directory tree structure, and with Unixy forward-slash-separated, case-sensitive pathnames; the semantics of "what is a file" and "what is a directory" are exactly the same as in UNIX; and TIFFS even supports symlinks, although that support is a little under-developed, and apparently no FFS symlinks were ever used in any production GSM device. Thus the FFS implemented in TI-based GSM devices (modems and "dumbphone" handsets) is really no different from, for example, JFFS2 in embedded Linux systems. The FFS in a GSM device typically stores two kinds of content: - Factory data: IMEI, RF calibration values, device make/model/revision ID strings etc. These files are expected to be programmed on the factory production line and not changed afterward. - Dynamic data written into the FFS in normal device operation: contacts, settings / preferences, call history, received SMS, etc. It should be noted that both Compal (Mot C1xx) and Foxconn (Pirelli DP-L10) vendors moved their vital per-unit factory data out of the FFS into their own ad hoc flash data structures, leaving their FFS only for less critical data. However, we do enable TIFFS access for them anyway. The location of TIFFS within the flash memory of a given GSM device is defined by the firmware design of that device, but is always some integral number of contiguous flash sectors. - On Motorola/Compal C139/140 phones, the FFS used by the original proprietary firmware occupies 5 sectors of 64 KiB each (320 KiB in total), starting at 0x370000. C11x/123 use smaller FFS configurations, whereas C155/156 seem to have switched to some other FFS format, different from our familiar TIFFS. - On the Pirelli DP-L10, the FFS used by the original proprietary firmware occupies 18 sectors of 256 KiB each (for 4.5 MiB in total), starting at the beginning of the 2nd flash chip select (0x02000000 in the ARM7 address space). - On FCDEV3B (FreeCalypso hardware), the FFS is located in the first 8 sectors (of 256 KiB each) in the 2nd flash chip select bank, which appears at 0x01800000 in the ARM7 address space. - On the GTA01/02 GSM modem, FFS occupies 7 sectors of 64 KiB each, starting at flash offset 0x380000. For more information, please refer to the FreeCalypso project documentation, from where this great contribution comes from. Please note that existing MediaTek targets most likely use different storage format as they have nothing from TI Calypso. Also, we don't (yet) know the location of TIFFS on SE J100i and Compal E99 targets. The TIFFS support is needed for the follow-up change, that implements reading of the factory RF calibration values. Tweaked (coding style changes) by Vadim Yanitskiy <> Change-Id: If6e212baeb10953129fb0d5253d263567f5e12d6 Related: OS#3582
2019-02-19firmware/board: introduce new FCDEV3B (FreeCalypso) targetMychaela Falconia2-1/+148
FCDEV3B (stands for "FreeCalypso development board, triband") is a GSM mobile station development board by FreeCalypso project. The board features the same legendary TI Calypso GSM MS chipset that was used in commercial GSM/GPRS modems such as Openmoko's, and functions as a standalone (or "bare") GSM modem. For more information, please see the project's web side: Change-Id: I09bd35a18d3ea094000050169a62fd82ba6eccfe Related: OS#3581
2019-02-13firmware/board/compal_e99: enable reading the second half of flashMychaela Falconia1-0/+6
The ability to read the second half of flash on E99 is needed for the follow-up change, that implements reading of the factory RF calibration values. Change-Id: Ia677ebdc1ada9fd41daf211fd9da06cd118365fa Related: OS#3582
2019-02-13firmware/board/compal: indicate both DCS and PCS Rx ports as connectedMychaela Falconia2-4/+44
Each given Mot C1xx phone is made either for 900+1800 MHz, in which case only the DCS Rx port is connected, or for 850+1900 MHz, in which case only the PCS Rx port is connected. Let's tell the TRF6151 driver that both DCS and PCS ports are connected, so that the same binary build can be used on both EU-band and US-band C1xx phones. If one needs to tune the TRF6151 receiver out of spec, or at least outside of the DCS/PCS Rx SAW filter's legitimate passband (or if the SAW filter was changed or removed), then the rffe_get_rx_ports() function might be changed to indicate which Rx port is physically connected: PORT_DCS1800 only or PORT_PCS1900 only. Change-Id: I620084c33ad165faffbbfc45923faedad77aafb2
2019-02-12firmware/board/gta0x: fix GPIO and ASIC_CONF_REG configurationMychaela Falconia1-13/+10
Most Calypso peripheral interface signals are unconnected on Openmoko GTA0x. Let's configure them to be GPIOs in IO_CONF_REG, then configure them to be outputs in IO_CNTL_REG, then set the outputs to 0 in ARMIO_LATCH_OUT. Change-Id: I306ffacb623d2b06a188f84026ccadab408d1676
2019-02-12firmware/board/pirelli_dpl10: fix ASIC_CONF_REG settingMychaela Falconia1-2/+2
Set LPG and PWL pin mux like Pirelli's firmware does. Change-Id: I099e13800b7821a8fb274c5264c9823153afe564