trxcon/l1sched: allocate primitives of fixed size (64 + 64)

When running trxcon with GSMTAP Um logging enabled (-g cmd line arg),
in handle_prim_rach_cnf() we msgb_put() one or two bytes to the given
msgb.  This causes a segfault, because the L1SCHED_PRIM_T_RACH prims
have 0 tailroom bytes available.

While we could allocate L1SCHED_PRIM_T_RACH with a few extra bytes,
a more fundamental approach is to allocate all l1sched primitives with
a fixed tailroom.

Change-Id: Ica87b147e11744a69dcd7c056376dcf6b98f9ca6
Fixes: ff9db9de "trxcon/l1sched: rework the primitive API"
Related: OS#5500

5 files changed, 13 insertions, 14 deletions

diff --git a/src/host/trxcon/include/osmocom/bb/l1sched/prim.h b/src/host/trxcon/include/osmocom/bb/l1sched/prim.h
index 0981dc98..0575ad80 100644
--- a/src/host/trxcon/include/osmocom/bb/l1sched/prim.h
+++ b/src/host/trxcon/include/osmocom/bb/l1sched/prim.h
@@ -114,8 +114,7 @@ void l1sched_prim_init(struct msgb *msg,
 		       enum osmo_prim_operation op);
 
 struct msgb *l1sched_prim_alloc(enum l1sched_prim_type type,
-				enum osmo_prim_operation op,
-				size_t extra_size);
+				enum osmo_prim_operation op);
 
 struct msgb *l1sched_lchan_prim_dequeue(struct l1sched_lchan_state *lchan, uint32_t fn);
 void l1sched_lchan_prim_assign_dummy(struct l1sched_lchan_state *lchan);
diff --git a/src/host/trxcon/src/sched_lchan_sch.c b/src/host/trxcon/src/sched_lchan_sch.c
index f433de68..e2420050 100644
--- a/src/host/trxcon/src/sched_lchan_sch.c
+++ b/src/host/trxcon/src/sched_lchan_sch.c
@@ -66,7 +66,7 @@ static int handle_sch_ind(struct l1sched_state *sched, uint32_t fn, uint8_t bsic
 	struct l1sched_prim *prim;
 	struct msgb *msg;
 
-	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_SCH, PRIM_OP_INDICATION, 0);
+	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_SCH, PRIM_OP_INDICATION);
 	OSMO_ASSERT(msg != NULL);
 
 	prim = l1sched_prim_from_msgb(msg);
diff --git a/src/host/trxcon/src/sched_prim.c b/src/host/trxcon/src/sched_prim.c
index 5f0ee29a..380d5a82 100644
--- a/src/host/trxcon/src/sched_prim.c
+++ b/src/host/trxcon/src/sched_prim.c
@@ -35,7 +35,8 @@
 #include <osmocom/bb/l1sched/l1sched.h>
 #include <osmocom/bb/l1sched/logging.h>
 
-#define L1SCHED_PRIM_HEADROOM	128
+#define L1SCHED_PRIM_HEADROOM	64
+#define L1SCHED_PRIM_TAILROOM	64
 
 osmo_static_assert(sizeof(struct l1sched_prim) <= L1SCHED_PRIM_HEADROOM, l1sched_prim_size);
 
@@ -61,12 +62,11 @@ void l1sched_prim_init(struct msgb *msg,
 }
 
 struct msgb *l1sched_prim_alloc(enum l1sched_prim_type type,
-				enum osmo_prim_operation op,
-				size_t extra_size)
+				enum osmo_prim_operation op)
 {
 	struct msgb *msg;
 
-	msg = msgb_alloc_headroom(L1SCHED_PRIM_HEADROOM + extra_size,
+	msg = msgb_alloc_headroom(L1SCHED_PRIM_HEADROOM + L1SCHED_PRIM_TAILROOM,
 				  L1SCHED_PRIM_HEADROOM, "l1sched_prim");
 	if (msg == NULL)
 		return NULL;
@@ -89,7 +89,7 @@ static struct msgb *prim_compose_mr(struct l1sched_lchan_state *lchan)
 	bool cached;
 
 	/* Allocate a new primitive */
-	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_DATA, PRIM_OP_REQUEST, GSM_MACBLOCK_LEN);
+	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_DATA, PRIM_OP_REQUEST);
 	OSMO_ASSERT(msg != NULL);
 
 	prim = l1sched_prim_from_msgb(msg);
@@ -469,7 +469,7 @@ void l1sched_lchan_prim_assign_dummy(struct l1sched_lchan_state *lchan)
 	if (!prim_len)
 		return;
 
-	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_DATA, PRIM_OP_REQUEST, prim_len);
+	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_DATA, PRIM_OP_REQUEST);
 	OSMO_ASSERT(msg != NULL);
 
 	prim = l1sched_prim_from_msgb(msg);
@@ -498,7 +498,7 @@ int l1sched_lchan_emit_data_ind(struct l1sched_lchan_state *lchan,
 
 	lchan_desc = &l1sched_lchan_desc[lchan->type];
 
-	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_DATA, PRIM_OP_INDICATION, data_len);
+	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_DATA, PRIM_OP_INDICATION);
 	OSMO_ASSERT(msg != NULL);
 
 	prim = l1sched_prim_from_msgb(msg);
diff --git a/src/host/trxcon/src/sched_trx.c b/src/host/trxcon/src/sched_trx.c
index bcd24f07..ccac32c5 100644
--- a/src/host/trxcon/src/sched_trx.c
+++ b/src/host/trxcon/src/sched_trx.c
@@ -74,7 +74,7 @@ static int l1sched_cfg_pchan_comb_ind(struct l1sched_state *sched,
 	struct l1sched_prim *prim;
 	struct msgb *msg;
 
-	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_PCHAN_COMB, PRIM_OP_INDICATION, 0);
+	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_PCHAN_COMB, PRIM_OP_INDICATION);
 	OSMO_ASSERT(msg != NULL);
 
 	prim = l1sched_prim_from_msgb(msg);
diff --git a/src/host/trxcon/src/trxcon_fsm.c b/src/host/trxcon/src/trxcon_fsm.c
index 598f2bd5..eabab3d2 100644
--- a/src/host/trxcon/src/trxcon_fsm.c
+++ b/src/host/trxcon/src/trxcon_fsm.c
@@ -286,7 +286,7 @@ static void handle_tx_access_burst_req(struct osmo_fsm_inst *fi,
 	struct l1sched_prim *prim;
 	struct msgb *msg;
 
-	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_RACH, PRIM_OP_REQUEST, 0);
+	msg = l1sched_prim_alloc(L1SCHED_PRIM_T_RACH, PRIM_OP_REQUEST);
 	OSMO_ASSERT(msg != NULL);
 
 	prim = l1sched_prim_from_msgb(msg);
@@ -492,7 +492,7 @@ static void trxcon_st_dedicated_action(struct osmo_fsm_inst *fi,
 		struct l1sched_prim *prim;
 		struct msgb *msg;
 
-		msg = l1sched_prim_alloc(L1SCHED_PRIM_T_DATA, PRIM_OP_REQUEST, req->data_len);
+		msg = l1sched_prim_alloc(L1SCHED_PRIM_T_DATA, PRIM_OP_REQUEST);
 		OSMO_ASSERT(msg != NULL);
 
 		prim = l1sched_prim_from_msgb(msg);
@@ -563,7 +563,7 @@ static void trxcon_st_packet_data_action(struct osmo_fsm_inst *fi,
 		if (l1gprs_handle_ul_block_req(trxcon->gprs, &block_req, msg) != 0)
 			return;
 
-		msg = l1sched_prim_alloc(L1SCHED_PRIM_T_DATA, PRIM_OP_REQUEST, block_req.data_len);
+		msg = l1sched_prim_alloc(L1SCHED_PRIM_T_DATA, PRIM_OP_REQUEST);
 		OSMO_ASSERT(msg != NULL);
 
 		prim = l1sched_prim_from_msgb(msg);