From 23ef30553e00618fd259c36b747b67f83dd5baa9 Mon Sep 17 00:00:00 2001 From: Spencer Sevilla Date: Thu, 14 Apr 2022 16:24:33 -0700 Subject: [PATCH 1/2] initial draft of sctp crash fix --- src/mme/mme-gtp-path.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/mme/mme-gtp-path.c b/src/mme/mme-gtp-path.c index 6825b2715..48f3c853d 100644 --- a/src/mme/mme-gtp-path.c +++ b/src/mme/mme-gtp-path.c @@ -461,7 +461,9 @@ void mme_gtp_send_release_all_ue_in_enb(mme_enb_t *enb, int action) if (mme_ue) { ogs_assert(OGS_OK == mme_gtp_send_release_access_bearers_request(mme_ue, action)); - + if (action == OGS_GTP_RELEASE_S1_CONTEXT_REMOVE_BY_LO_CONNREFUSED) { + enb_ue_remove(enb_ue); + } } else { ogs_warn("mme_gtp_send_release_all_ue_in_enb()"); ogs_warn(" ENB_UE_S1AP_ID[%d] MME_UE_S1AP_ID[%d] Action[%d]", From afc562f7d529b230061896d20357d95ebaaa411f Mon Sep 17 00:00:00 2001 From: Sukchan Lee Date: Sun, 15 May 2022 22:37:38 +0900 Subject: [PATCH 2/2] [MME] refine Pull Request (#1497) --- src/mme/mme-gtp-path.c | 28 ++++++++++++++++++++++++---- src/mme/mme-s11-handler.c | 13 +++---------- 2 files changed, 27 insertions(+), 14 deletions(-) diff --git a/src/mme/mme-gtp-path.c b/src/mme/mme-gtp-path.c index b26952da7..581799352 100644 --- a/src/mme/mme-gtp-path.c +++ b/src/mme/mme-gtp-path.c @@ -480,17 +480,37 @@ int mme_gtp_send_release_access_bearers_request(mme_ue_t *mme_ue, int action) void mme_gtp_send_release_all_ue_in_enb(mme_enb_t *enb, int action) { mme_ue_t *mme_ue = NULL; - enb_ue_t *enb_ue = NULL; + enb_ue_t *enb_ue = NULL, *next = NULL; - ogs_list_for_each(&enb->enb_ue_list, enb_ue) { + ogs_list_for_each_safe(&enb->enb_ue_list, next, enb_ue) { mme_ue = enb_ue->mme_ue; if (mme_ue) { - ogs_assert(OGS_OK == - mme_gtp_send_release_access_bearers_request(mme_ue, action)); if (action == OGS_GTP_RELEASE_S1_CONTEXT_REMOVE_BY_LO_CONNREFUSED) { + /* + * https://github.com/open5gs/open5gs/pull/1497 + * + * 1. eNB, SGW-U and UPF go offline at the same time. + * 2. MME sends Release Access Bearer Request to SGW-C + * 3. SGW-C/SMF sends PFCP modification, + * but SGW-U/UPF does not respond. + * 4. MME does not receive Release Access Bearer Response. + * 5. timeout() + * 6. MME sends Delete Session Request to the SGW-C/SMF + * 7. No SGW-U/UPF, so timeout() + * 8. MME sends UEContextReleaseRequest enb_ue. + * 9. But there is no enb_ue, so MME crashed. + * + * To solve this situation, + * Execute enb_ue_unlink(mme_ue) and enb_ue_remove(enb_ue) + * before mme_gtp_send_release_access_bearers_request() + */ + enb_ue_unlink(mme_ue); enb_ue_remove(enb_ue); } + + ogs_assert(OGS_OK == + mme_gtp_send_release_access_bearers_request(mme_ue, action)); } else { ogs_warn("mme_gtp_send_release_all_ue_in_enb()"); ogs_warn(" ENB_UE_S1AP_ID[%d] MME_UE_S1AP_ID[%d] Action[%d]", diff --git a/src/mme/mme-s11-handler.c b/src/mme/mme-s11-handler.c index 338adfb82..744757956 100644 --- a/src/mme/mme-s11-handler.c +++ b/src/mme/mme-s11-handler.c @@ -1152,16 +1152,10 @@ void mme_s11_handle_release_access_bearers_response( ogs_error("ENB-S1 Context has already been removed"); } } else if (action == OGS_GTP_RELEASE_S1_CONTEXT_REMOVE_BY_LO_CONNREFUSED) { - enb_ue = enb_ue_cycle(mme_ue->enb_ue); - - enb_ue_unlink(mme_ue); - - if (enb_ue) { - enb_ue_remove(enb_ue); - } else { - ogs_error("ENB-S1 Context has already been removed"); - } + /* enb_ue_unlink() and enb_ue_remove() has already been executed. + * So, there is no `enb_ue` context */ + } else if (action == OGS_GTP_RELEASE_S1_CONTEXT_REMOVE_BY_RESET_ALL) { /* * TS36.413 * 8.7.1.2.1 Reset Procedure Initiated from the MME @@ -1175,7 +1169,6 @@ void mme_s11_handle_release_access_bearers_response( * for new UE-associated logical S1-connections over the S1 interface, * the MME shall respond with the RESET ACKNOWLEDGE message. */ - } else if (action == OGS_GTP_RELEASE_S1_CONTEXT_REMOVE_BY_RESET_ALL) { enb_ue = enb_ue_cycle(mme_ue->enb_ue); enb_ue_unlink(mme_ue);