From 448e07d5a9afabccf837237c68a65297bd7b6f31 Mon Sep 17 00:00:00 2001 From: Sukchan Lee Date: Tue, 30 Nov 2021 22:22:41 +0900 Subject: [PATCH] [AMF/MME] fix the crash during reset (#1268) --- src/amf/ngap-handler.c | 49 +++++++++++---------------------------- src/amf/nsmf-handler.c | 1 + src/mme/mme-s11-handler.c | 1 + src/mme/s1ap-handler.c | 24 ++++++++----------- 4 files changed, 25 insertions(+), 50 deletions(-) diff --git a/src/amf/ngap-handler.c b/src/amf/ngap-handler.c index 152beaff7a..f1aae60ac1 100644 --- a/src/amf/ngap-handler.c +++ b/src/amf/ngap-handler.c @@ -3921,6 +3921,13 @@ void ngap_handle_ng_reset( partOfNG_Interface = ResetType->choice.partOfNG_Interface; ogs_assert(partOfNG_Interface); + + if (gnb->ng_reset_ack) + ogs_pkbuf_free(gnb->ng_reset_ack); + + gnb->ng_reset_ack = ogs_ngap_build_ng_reset_ack(partOfNG_Interface); + ogs_expect_or_return(gnb->ng_reset_ack); + for (i = 0; i < partOfNG_Interface->list.count; i++) { NGAP_UE_associatedLogicalNG_connectionItem_t *item = NULL; uint64_t amf_ue_ngap_id; @@ -3932,24 +3939,14 @@ void ngap_handle_ng_reset( partOfNG_Interface->list.array[i]; if (!item) { ogs_error("No ResetType"); - ogs_assert(OGS_OK == - ngap_send_error_indication( - gnb, NULL, NULL, - NGAP_Cause_PR_protocol, - NGAP_CauseProtocol_semantic_error)); - return; + continue; } if (item->aMF_UE_NGAP_ID) { if (asn_INTEGER2ulong(item->aMF_UE_NGAP_ID, (unsigned long *)&amf_ue_ngap_id) != 0) { ogs_error("Invalid AMF_UE_NGAP_ID"); - ogs_assert(OGS_OK == - ngap_send_error_indication( - gnb, NULL, NULL, - NGAP_Cause_PR_protocol, - NGAP_CauseProtocol_semantic_error)); - return; + continue; } ran_ue = ran_ue_find_by_amf_ue_ngap_id(amf_ue_ngap_id); @@ -3957,12 +3954,7 @@ void ngap_handle_ng_reset( if (!ran_ue) { ogs_error("No RAN UE Context : AMF_UE_NGAP_ID[%lld]", (long long)amf_ue_ngap_id); - ogs_assert(OGS_OK == - ngap_send_error_indication( - gnb, NULL, &amf_ue_ngap_id, - NGAP_Cause_PR_radioNetwork, - NGAP_CauseRadioNetwork_unknown_local_UE_NGAP_ID)); - return; + continue; } } else if (item->rAN_UE_NGAP_ID) { @@ -3973,21 +3965,11 @@ void ngap_handle_ng_reset( if (!ran_ue) { ogs_error("No RAN UE Context : RAN_UE_NGAP_ID[%d]", (int)*item->rAN_UE_NGAP_ID); - ogs_assert(OGS_OK == - ngap_send_error_indication( - gnb, NULL, NULL, - NGAP_Cause_PR_radioNetwork, - NGAP_CauseRadioNetwork_unknown_local_UE_NGAP_ID)); - return; + continue; } } else { ogs_error("No UE NGAP ID"); - ogs_assert(OGS_OK == - ngap_send_error_indication( - gnb, NULL, NULL, - NGAP_Cause_PR_protocol, - NGAP_CauseProtocol_semantic_error)); - return; + continue; } ogs_assert(ran_ue); @@ -4004,12 +3986,6 @@ void ngap_handle_ng_reset( NGAP_CauseRadioNetwork_failure_in_radio_interface_procedure); } - if (gnb->ng_reset_ack) - ogs_pkbuf_free(gnb->ng_reset_ack); - - gnb->ng_reset_ack = ogs_ngap_build_ng_reset_ack(partOfNG_Interface); - ogs_expect_or_return(gnb->ng_reset_ack); - ogs_list_for_each(&gnb->ran_ue_list, iter) { if (iter->part_of_ng_reset_requested == true) { /* The GNB_UE context @@ -4022,6 +3998,7 @@ void ngap_handle_ng_reset( /* All GNB_UE context * where PartOfNG_interface was requested * REMOVED */ + ogs_assert(gnb->ng_reset_ack); ngap_send_to_gnb(gnb, gnb->ng_reset_ack, NGAP_NON_UE_SIGNALLING); /* Clear NG-Reset Ack Buffer */ diff --git a/src/amf/nsmf-handler.c b/src/amf/nsmf-handler.c index 466e79b8d3..9d4632f808 100644 --- a/src/amf/nsmf-handler.c +++ b/src/amf/nsmf-handler.c @@ -631,6 +631,7 @@ int amf_nsmf_pdusession_handle_update_sm_context( /* All GNB_UE context * where PartOfNG_interface was requested * REMOVED */ + ogs_assert(gnb->ng_reset_ack); ngap_send_to_gnb( gnb, gnb->ng_reset_ack, NGAP_NON_UE_SIGNALLING); diff --git a/src/mme/mme-s11-handler.c b/src/mme/mme-s11-handler.c index 122e69fbe6..48686077f1 100644 --- a/src/mme/mme-s11-handler.c +++ b/src/mme/mme-s11-handler.c @@ -887,6 +887,7 @@ void mme_s11_handle_release_access_bearers_response( /* All ENB_UE context * where PartOfS1_interface was requested * REMOVED */ + ogs_assert(enb->s1_reset_ack); s1ap_send_to_enb(enb, enb->s1_reset_ack, S1AP_NON_UE_SIGNALLING); /* Clear S1-Reset Ack Buffer */ diff --git a/src/mme/s1ap-handler.c b/src/mme/s1ap-handler.c index 56c37abaf5..72e9e23d6a 100644 --- a/src/mme/s1ap-handler.c +++ b/src/mme/s1ap-handler.c @@ -2906,6 +2906,13 @@ void s1ap_handle_s1_reset( partOfS1_Interface = ResetType->choice.partOfS1_Interface; ogs_assert(partOfS1_Interface); + + if (enb->s1_reset_ack) + ogs_pkbuf_free(enb->s1_reset_ack); + + enb->s1_reset_ack = ogs_s1ap_build_s1_reset_ack(partOfS1_Interface); + ogs_expect_or_return(enb->s1_reset_ack); + for (i = 0; i < partOfS1_Interface->list.count; i++) { S1AP_UE_associatedLogicalS1_ConnectionItemRes_t *ie2 = NULL; S1AP_UE_associatedLogicalS1_ConnectionItem_t *item = NULL; @@ -2917,19 +2924,13 @@ void s1ap_handle_s1_reset( partOfS1_Interface->list.array[i]; if (!ie2) { ogs_error("No S1AP_UE_associatedLogicalS1_ConnectionItemRes_t"); - ogs_assert(OGS_OK == - s1ap_send_error_indication(enb, NULL, NULL, - S1AP_Cause_PR_protocol, S1AP_CauseProtocol_semantic_error)); - return; + continue; } item = &ie2->value.choice.UE_associatedLogicalS1_ConnectionItem; if (!item) { ogs_error("No UE_associatedLogicalS1_ConnectionItem"); - ogs_assert(OGS_OK == - s1ap_send_error_indication(enb, NULL, NULL, - S1AP_Cause_PR_protocol, S1AP_CauseProtocol_semantic_error)); - return; + continue; } ogs_warn(" MME_UE_S1AP_ID[%d] ENB_UE_S1AP_ID[%d]", @@ -2976,12 +2977,6 @@ void s1ap_handle_s1_reset( * for new UE-associated logical S1-connections over the S1 interface, * the MME shall respond with the RESET ACKNOWLEDGE message. */ - if (enb->s1_reset_ack) - ogs_pkbuf_free(enb->s1_reset_ack); - - enb->s1_reset_ack = ogs_s1ap_build_s1_reset_ack(partOfS1_Interface); - ogs_expect_or_return(enb->s1_reset_ack); - ogs_list_for_each(&enb->enb_ue_list, iter) { if (iter->part_of_s1_reset_requested == true) { /* The ENB_UE context @@ -2994,6 +2989,7 @@ void s1ap_handle_s1_reset( /* All ENB_UE context * where PartOfS1_interface was requested * REMOVED */ + ogs_assert(enb->s1_reset_ack); s1ap_send_to_enb(enb, enb->s1_reset_ack, S1AP_NON_UE_SIGNALLING); /* Clear S1-Reset Ack Buffer */