diff options
author | Jacob Erlbeck <jerlbeck@sysmocom.de> | 2014-10-13 10:32:00 +0200 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2014-10-27 10:25:13 +0100 |
commit | 99985b5ea8e2d69d1e63a9423fbe40b872b0c0f5 (patch) | |
tree | 06257bc6fdf1bfbc1f260fdf2e54e448746eba52 /openbsc/src/gprs/sgsn_vty.c | |
parent | ae20b4b31b679d7ea057f4db8427b99293068ec5 (diff) |
sgsn: Delete PDP contexts properly
Currently the PDP contexts are hard freed (via sgsn_pdp_ctx_free)
at some places in gprs_gmm.c on the reception of a Detach Req and on
re-use of an IMSI that is already associated with an MM context. This
can lead to segfaults when there is a pending request or a data
indication at libgtp.
This patch add a new function sgsn_pdp_ctx_terminate that de-associates
the PTP context from the MM context, deactivates SNDCP, sets pdp->mm
to NULL and then calls sgsn_delete_pdp_ctx. sgsn_libgtp is updated to
check for pdp->mm being non-NULL before dereferencing it. The
sgsn_pdp_ctx_terminate function will be called for each PDP context of
an MM context before this context is going to be deleted via
sgsn_mm_ctx_free. To ensure, that the ctx->llme (which is accessed
during the deactivation of SNDCP) remains valid, the call to
gprs_llgmm_assign is moved after the call to sgsn_mm_ctx_free. The
handling of re-used IMSIs is changed to mimic the processing of a
Detach Req.
Addresses:
<0002> gprs_gmm.c:654 MM(/f6b31ab0) Deleting old MM Context for same
IMSI p_tmsi_old=0xc6f19134
<000f> gprs_sgsn.c:259 PDP freeing PDP context that still has a
libgtp handle attached to it, this shouldn't happen!
[...]
SEGFAULT
Ticket: OW#1311
Sponsored-by: On-Waves ehf
Diffstat (limited to 'openbsc/src/gprs/sgsn_vty.c')
-rw-r--r-- | openbsc/src/gprs/sgsn_vty.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c index 31c94f796..bfd5333d3 100644 --- a/openbsc/src/gprs/sgsn_vty.c +++ b/openbsc/src/gprs/sgsn_vty.c @@ -222,8 +222,9 @@ const struct value_string gprs_mm_st_strs[] = { static void vty_dump_pdp(struct vty *vty, const char *pfx, struct sgsn_pdp_ctx *pdp) { + const char *imsi = pdp->mm ? pdp->mm->imsi : "(detaching)"; vty_out(vty, "%sPDP Context IMSI: %s, SAPI: %u, NSAPI: %u%s", - pfx, pdp->mm->imsi, pdp->sapi, pdp->nsapi, VTY_NEWLINE); + pfx, imsi, pdp->sapi, pdp->nsapi, VTY_NEWLINE); vty_out(vty, "%s APN: %s%s", pfx, gprs_apn2str(pdp->lib->apn_use.v, pdp->lib->apn_use.l), VTY_NEWLINE); |