Make sure that IMS private identity is a valid UTF8 string before
setting sim->impi field. Otherwise ofono may crash on dbus assert
when SIM properties are reported via org.ofono.SimManager interface.
In case of error in sim_pin_query_cb function. pin_type is set
to -1. This is causing segmentation fault in function
sim_passwd_name due to invalid index pin_type = -1. Fixing this
issue by handling error case before calling sim_passwd_name
function.
While adding the sim pin cache feature, pin_name could cause issue in
cases when sim pin is not there.
log:
ofonod[27810]: drivers/atmodem/sim.c:at_cpin_cb() crsm_pin_cb: READY
ofonod[27810]: src/sim.c:sim_pin_query_cb() sim->pin_type: 0, pin_type: 0
ofonod[27810]: Aborting (signal 11) [./src/ofonod]
ofonod[27810]: ++++++++ backtrace ++++++++
ofonod[27810]: #0 0x7fb7a7586cb0 in /lib/x86_64-linux-gnu/libc.so.6
ofonod[27810]: #1 0x7fb7a7693cd8 in /lib/x86_64-linux-gnu/libc.so.6
ofonod[27810]: #2 0x4d899b in sim_pin_query_cb() at src/sim.c:3174
ofonod[27810]: #3 0x4649e7 in at_cpin_cb() at drivers/atmodem/sim.c:1304
ofonod[27810]: #4 0x4a5d70 in at_chat_finish_command() at gatchat/gatchat.c:462
Adding SIM PIN caching feature to oFono. oFono now caches the SIM PIN1
type against the ICCID throughout its lifetime in a link list and
enters implicitly upon modem reset/crash.
Note, that this behavior can violate 3GPP spec 21.111, section 5.3 -
User Data stored in ME if that section is interpreted very strictly.
However, our interpretation is that firmware resets are allowed, based
on historic precedent. Helps in user experience by not barring out
cellular services unless pin is entered manually.
Handles cases of incorrect pin and sim pin changed externally.
Clear cached PIN incase modem disabled manually and selectively when
sim is removed.
Seperate 'pin_cache_enter_cb' added without dbus calls to handle
implict entering of cached pin.
For now this behavior is applicable to all modems by default. In the
future it may be needed to make this behavior opt in or otherwise
configurable.
Switch various conversions from GSM/UCS2 to UTF8 from glib based
implementation over to ell.
This also converts all related g_free calls to l_free calls (though in
the end they are equivalent calls to free)
There are a large number of files in the tree that define _GNU_SOURCE
despite not actually using features hidden behind this flag. This patch
removes all these definitions in one fell swoop...
In case we try to enter the PIN/PUK and fail to enter a correct code,
the PIN/PUK retries are not rechecked as they should be.
Reported by: Florent Beillonnet <florent.beillonnet@gmail.com>
==31530== 366 (48 direct, 318 indirect) bytes in 3 blocks are definitely lost in loss record 165 of 186
==31530== at 0x4C2BF8F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31530== by 0x50BB3A3: g_malloc (gmem.c:94)
==31530== by 0x50D62B4: g_slice_alloc (gslice.c:1025)
==31530== by 0x50D7A1E: g_slist_prepend (gslist.c:254)
==31530== by 0x4DD0B3: sim_parse_app_template_entries (simutil.c:1590)
==31530== by 0x4D2242: discover_apps_cb (sim.c:1509)
==31530== by 0x45E364: at_discover_apps_cb (sim.c:1579)
==31530== by 0x49CB5F: at_chat_finish_command (gatchat.c:459)
==31530== by 0x49DAC7: at_chat_handle_command_response (gatchat.c:521)
==31530== by 0x49DAC7: have_line (gatchat.c:600)
==31530== by 0x49DAC7: new_bytes (gatchat.c:759)
==31530== by 0x49FCEF: received_data (gatio.c:122)
==31530== by 0x510C2F3: g_io_unix_dispatch (giounix.c:165)
==31530== by 0x50B2D44: g_main_dispatch (gmain.c:3203)
aid_sessions was not properly reset to NULL when freed:
Program received signal SIGSEGV, Segmentation fault.
__ofono_watchlist_free (watchlist=0x0) at src/watch.c:91
91 for (l = watchlist->items; l; l = l->next) {
(gdb) bt
func=0x4ceca0 <aid_session_free>, user_data=0x0)
at /var/tmp/portage/dev-libs/glib-2.50.3-r1/work/glib-2.50.3/glib/gslist.c:878
free_func=0x4ceca0 <aid_session_free>)
at /var/tmp/portage/dev-libs/glib-2.50.3-r1/work/glib-2.50.3/glib/gslist.c:172
at src/sim.c:2605
user_data=<optimized out>) at plugins/phonesim.c:511
func=0x49c8a0 <at_notify_call_callback>, user_data=0x7fffffffdbc0)
at /var/tmp/portage/dev-libs/glib-2.50.3-r1/work/glib-2.50.3/glib/gslist.c:878
chat=0x7b70b0) at gatchat/gatchat.c:417
In addition to not doing unnecessary SIM I/O, this fixes memory leaks
like this one:
==10096== 74 (56 direct, 18 indirect) bytes in 2 blocks are definitely lost in loss record 1,252 of 1,342
==10096== at 0x4841BF0: calloc (vg_replace_malloc.c)
==10096== by 0x4B03117: g_malloc0 (gmem.c)
==10096== by 0xF83DF: concat_lang_prefs (sim.c)
==10096== by 0xF8697: sim_efpl_read_cb (sim.c)
==10096== by 0x12CBF7: sim_fs_op_read_block_cb (simfs.c)
This change is likely to break multiple drivers. One can easily emulate
the current behavior (pre-this commit) by calling
ofono_sim_initialized_notify after ofono_sim_inserted_notify.
API to create a sim context for the ISIM application, if found.
During AID discovery, if an ISIM AID is found, a new fs object is
initialized for the ISIM which will be used for any future
ISIM context creation.
Accessing an AID requires opening a channel to that application.
This patch implements session management API's so that other atoms
can access a given AID. Now any atom can get a session ID from the
sim atom. This will either reuse an existing session or open a new
channel. Once done, the atom should release the session which will
automatically close the channel when no atoms are using it.
The major functional change to the sim atom is the AID discovery
phase of initialization. Now, the sim atom is not 'ready' until AID
discovery finishes where before, the sim was 'ready' after the IMSI
had been obtained. If application discovery is not supported then
the the sim atom behaves as it did before.
The state needs to be checked prior to calling __ofono_atom_register
because atom registration calls OFONO_ATOM_WATCH_CONDITION_REGISTERED
callbacks each of which may call ofono_sim_inserted_notify. Should
that happen, by the time __ofono_atom_register returns, ofono_sim
will be in OFONO_SIM_STATE_INSERTED state and sim_initialize will
be called twice if the initial state was OFONO_SIM_STATE_NOT_PRESENT.
If nothing else, that results in memory leaks like this one (because
IMSI will be queried twice, among other things):
==3017== 16 bytes in 1 blocks are definitely lost in loss record 187 of 475
==3017== at 0x483F380: malloc (vg_replace_malloc.c:296)
==3017== by 0x4AFB0DF: g_malloc (gmem.c:94)
==3017== by 0x4B12185: g_strdup (gstrfuncs.c:363)
==3017== by 0xF79D3: sim_imsi_obtained (sim.c:1535)
==3017== by 0xF7BB3: sim_imsi_cb (sim.c:1594)
==3017== by 0x66C23: at_cimi_cb (sim.c:441)
==3017== by 0xA6B53: at_chat_finish_command (gatchat.c:459)
==3017== by 0xA6D9F: at_chat_handle_command_response (gatchat.c:521)
==3017== by 0xA70AF: have_line (gatchat.c:600)
==3017== by 0xA76DF: new_bytes (gatchat.c:759)
==3017== by 0xABACF: received_data (gatio.c:122)
==3017== by 0xAD093: watch_dispatch (gatmux.c:461)
==3017== by 0xAC5D3: dispatch_sources (gatmux.c:180)
==3017== by 0xAC98F: received_data (gatmux.c:265)
==3017== by 0x4AF606F: g_main_dispatch (gmain.c:3154)
==3017== by 0x4AF606F: g_main_context_dispatch (gmain.c:3769)
==3017== by 0x4AF631D: g_main_context_iterate.isra.4 (gmain.c:3840)
==3017== by 0x4AF658F: g_main_loop_run (gmain.c:4034)
==3017== by 0xBE8AF: main (main.c:261)
The existing service check API takes both SST and UST services
and could inadvertently return success on a service if one
(SST or UST) service did not exist. This adds an API specifically
for checking for a UST service, and if the UST dir is not available
it will return FALSE, rather than possibly returning true on some
other SST service.
SIM card can be removed while the query is in progress. There's
still a remote possibility that SIM card is removed and inserted
back while the query is pending, that would start the second query
sequence and end up invoking sim_initialize() twice. But at least
these checks reduce the probability of something like that happening.
query facility during initialization is modified from back
to back invocation to chain manner to keep it inline with
RIL design. All vendor RIL does not support back to back
handling since RIL telephony framework sends the request
synchronously.
After input PIN wrong 3 times, sim main state (include spn_watches)
is freed. but the watch id still be kept by other atoms (network and
gprs), when remove the atom, it will try to remove the watch from
spn_watches, ofono daemon will crash.
On some architectures the SimManager.Retries property was getting bogus
values. This is because we were sending an array which pointed to int
values instead of the expected unsigned char values.
This fix allocates a temporary array of unsigned chars to hold the
actual D-Bus values being sent. Additionally, the dictionary array is
changed to point to the temporary unsigned char based values instead of
the raw 'int' based retry values.
ofonod[32055]: ++++++++ backtrace ++++++++
ofonod[32055]: #0 0x7f6af0ee3b30 in /lib64/libc.so.6
ofonod[32055]: #1 0x4c2466 in __ofono_watchlist_remove_item() at
src/watch.c:57
ofonod[32055]: #2 0x4b5b73 in ofono_sim_remove_spn_watch() at
src/sim.c:2715
ofonod[32055]: #3 0x497c30 in netreg_unregister() at src/network.c:1817
ofonod[32055]: #4 0x4912e1 in __ofono_atom_unregister() at
src/modem.c:277
ofonod[32055]: #5 0x491387 in flush_atoms() at src/modem.c:425
ofonod[32055]: #6 0x4b6cb8 in __ofono_sim_refresh() at src/sim.c:3154
ofonod[32055]: #7 0x4b8c41 in handle_command_refresh() at
src/stk.c:2302
ofonod[32055]: #8 0x4baf0d in
ofono_stk_proactive_command_handled_notify() at src/stk.c:3048
ofonod[32055]: #9 0x46c60f in satn_notify() at
drivers/ifxmodem/stk.c:229
ofonod[32055]: #10 0x7f6af1711455 in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #11 0x43e729 in at_chat_match_notify() at
gatchat/gatchat.c:421
ofonod[32055]: #12 0x440da8 in received_data() at gatchat/gatio.c:125
ofonod[32055]: #13 0x441834 in dispatch_sources() at
gatchat/gatmux.c:157
ofonod[32055]: #14 0x441bbd in received_data() at gatchat/gatmux.c:215
ofonod[32055]: #15 0x7f6af173dfc3 in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #16 0x7f6af16ef065 in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #17 0x7f6af16efd0f in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #18 0x7f6af16efef9 in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #19 0x7f6af16f032f in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #20 0x48f5f8 in main() at src/main.c:249
ofonod[32055]: #21 0x7f6af0ed04bd in /lib64/libc.so.6
ofonod[32055]: +++++++++++++++++++++++++++
When modem is brought online, then sim removed and re-inserted. We
crash when going online again due to the spn related data-structures not
being initialized properly
When the SIM is being refreshed, we try to access the SIM too fast after
the SIM REFRESH proactive command is received. Instead set the sim atom
into the 'RESETTING' state and wait until the modem driver signals the
sim insertion again.
Sergey Matyukevich
Antara Borwankar
Denis Kenzior
Anirudh Gargi
Nandini Rebello
Jonas Bonn
Slava Monich
James Prestwood
Christophe Ronco
Samrat Guha Niyogi
John Ernberg
Caiwen Zhang
Tommi Kenakkala
August Mayer