inet_ntoa was called twice in a row and as a result both primay and
secondary DNS were pointing to same static buffer containing last
value (secondary DNS).
As a result, ofono always advertised the secondary DNS twice through
DBus ConnectionContext.GetProperties 'DomainNameServers'.
Related: https://osmocom.org/issues/3031
CC drivers/mbimmodem/mbim.o
drivers/mbimmodem/mbim.c: In function ‘command_write_handler’:
drivers/mbimmodem/mbim.c:490:3: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 6 has type ‘size_t’ [-Wformat=]
l_info("n_iov: %lu, %lu", n_iov + 1, (size_t) written);
^
drivers/mbimmodem/mbim.c:490:3: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 7 has type ‘unsigned int’ [-Wformat=]
drivers/mbimmodem/mbim.c: In function ‘command_read_handler’:
drivers/mbimmodem/mbim.c:649:2: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 6 has type ‘size_t’ [-Wformat=]
l_info("header_offset: %lu", device->header_offset);
^
drivers/mbimmodem/mbim.c:650:2: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 6 has type ‘size_t’ [-Wformat=]
l_info("segment_bytes_remaining: %lu", device->segment_bytes_remaining);
^
The ofono phone number max length is 80 so a buffer size of 64 is
obviously insufficient. Expanding the buffer to 128 prevents a
potential failure and suppresses the folowing compiler warning:
../drivers/atmodem/sms.c: In function ‘at_csca_set’:
../drivers/atmodem/sms.c:108:40: warning: ‘%s’ directive output may be truncated writing up to 80 bytes into a region of size 55 [-Wformat-truncation=]
snprintf(buf, sizeof(buf), "AT+CSCA=\"%s\",%d", sca->number, sca->type);
^~
../drivers/atmodem/sms.c:108:2: note: ‘snprintf’ output between 13 and 103 bytes into a destination of size 64
snprintf(buf, sizeof(buf), "AT+CSCA=\"%s\",%d", sca->number, sca->type);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The ofono_lte_default_attach_info now handles also the protocol and the
authentication method, username and password.
Co-authored-by: Martin Baschin <martin.baschin@googlemail.com>
the cb_data can be used by creating the structure with cb_data_new,
and then there are two possibilities:
- use it in a single callback function, and destroy it with a call to
g_free.
Example:
- calling function:
struct cb_data *cbd = cb_data_new(cb, data);
if (g_at_chat_send(chat, buf, NULL, at_cgatt_cb, cbd, g_free) > 0)
return;
g_free(cbd);
- called function (here at_cgatt_cb):
static void at_cgatt_cb(gboolean ok, GAtResult *result,
gpointer user_data)
{
struct cb_data *cbd = user_data;
ofono_gprs_cb_t cb = cbd->cb;
struct ofono_error error;
decode_at_error(&error,
g_at_result_final_response(result));
cb(&error, cbd->data);
}
note the absence of explicit g_free(cbd);
- pass it through a train of callback functions, adding a reference at
each pass cb_data_ref, and removing it with cb_data_unref.
the use of cb_data_ref would replace a new object creation, while the
use of cb_data_unref the use of g_free.
Example:
- calling function:
struct cb_data *cbd = cb_data_new(cb, data);
// no cb_ref at the creation
if (g_at_chat_send(chat, buf, NULL,
at_lte_set_default_attach_info_cb,
cbd, cb_data_unref) > 0)
goto end;
cb_data_unref(cbd);
- called function 1 (at_lte_set_default_attach_info_cb):
static void at_lte_set_default_attach_info_cb(gboolean ok,
GAtResult *result, gpointer user_data)
{
struct cb_data *cbd = user_data;
cbd = cb_data_ref(cbd);
if (g_at_chat_send(chat, buf, NULL,
at_cgatt_cb, cbd, cb_data_unref) > 0)
return;
cb_data_unref(cbd);
}
- called function 2 (at_cgatt_cb):
like above. no call to g_free or cb_data_unref. The terminal function
doesn't need to know about the reference scheme.
The function at_util_get_cgdcont_command computes the AT+CGDCONT
string, as per 3GPP 27.007.
It uses a second function, at_util_gprs_proto_to_pdp_type,
that returns the pdp_type string for the command
This function converts the ofono enum ofono_gprs_auth_method
into the value of the 3GPP 27.007 'auth_proto' variable of +CGAUTH so
that it can be passed directly to the AT command.
This atom uses the URC ^SLCC to monitor the call status, as well as
incoming calls.
Note the use in the atom of the variable GemaltoVtsQuotes: this is
needed to support future modules, as of today not yet available in the
plugin.
There are a large number of files in the tree that define _GNU_SOURCE
despite not actually using features hidden behind this flag. This patch
removes all these definitions in one fell swoop...
The driver vtables are read-only structures. This patch declares them as
'const' allowing the compiler to (optionally) put them in the RELRO
section. RELRO pages may be marked as read-only by the linker after
the relocations have been done ensuring that they aren't inadvertently
or maliciously altered at runtime.
Added the explicit support for auth NONE.
It needs to be added in all drivers/*/gprs-context.c atoms.
This method is already supported by all atoms that support
authentication (ie, all but Sierra' swmodem driver).
The behavior is left unchanged in case of inconsistent parameters:
if username is empty, then fallback to auth NONE.
The AT command reference for Quectel M95 specifies that remaining SIM
pin retires can be queried using AT+QTRPIN, which responds with one
count for each pin-type:
+QTRPIN: 3,3,10,10
After entering the PIN code, enable an extra AT+CPIN? for the M95
vendor.
When ofono dies while connected using PPP, modem AT channel is not put
back to command mode (tested with HUAWEI modems E3372 and MS2372).
If ofono is restarted, it won't be able to connect as it gets no answer
to AT commands on this AT channel.
This patch adds a quirk to immediately send escape sequence on modem
channel when gprs-context atom is removed.
It seems that the function at_pin_send_puk should have been changed
along with at_pin_send, because it's also refering to the
at_pin_send_cb callback
See this commit : ba9f126716
On the SIMCom SIM7100E, setting AT+COLP=1 causes there to be no
response at all from "ATD...;" commands until the call is answered.
The results in oFono stalling rather than creating a new VoiceCall
object.
We fix this by adding SIMCOM to the list of vendors for whom we set
AT+COLP=0 rather than AT+COLP=1.
QMI_UIM_GET_CARD_STATUS is retried in more error cases
when trying to get password type.
In case of failure, driver report an error instead of
OFONO_SIM_PASSWORD_INVALID. This avoids a crash.
Use right slot and application to get card status, PIN status and PIN
retries. Without this patch, SIMs where selected application and slot
numbers are different are not detected.
The way things are currently coded, the gobi plugin calls
qmi_device_discover and does nothing else until it succeeds. As such,
we can safely assume that the version_list is set up when we go to
create a service.
The only thing this output parameter is being used for now is for
getting the transaction ID. Return the TID directly from
__submit_requesta and drop the 'head' parameter altogether.
The only way request_alloc can fail is if one of the memory allocation
routines fail to allocate memory. However, Linux memory allocation
doesn't really fail in this manner; memory can be overcommited and the
out-of-memory reaper will take care of re-establishing the balance when
excess memory is actually accessed.
Given this, request_alloc will never return anything other than success
and the failure paths will never be exercised.
The service and control requests differ slightly in their headers, but
this difference is minor enough that we can handle it directly in the
request submission routine. This patch unifies the header setup for the
two request types.
After setting up the request structure, qmi_service_send makes no
further use of the 'param' and 'service' fields of the service_send_data
structure. This patch removes those fields and frees 'param'
immediately after the request has been allocated and the parameter data
thereby copied into the send buffer.
==2870== Conditional jump or move depends on uninitialised value(s)
==2870== at 0x4C2ED31: __memcmp_sse4_1 (vg_replace_strmem.c:972)
==2870== by 0x4F451A: sim_pin_retries_query_cb (sim.c:462)
==2870== by 0x459BDD: query_pin_retries_cb (sim.c:544)
==2870== by 0x45544A: service_send_callback (qmi.c:2143)
==2870== by 0x452D00: handle_packet (qmi.c:815)
==2870== by 0x452E85: received_data (qmi.c:863)
==2870== by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x4C680B: main (main.c:256)
==2870== Uninitialised value was created by a stack allocation
==2870== at 0x459B1A: query_pin_retries_cb (sim.c:531)
==2870==
==2870== Conditional jump or move depends on uninitialised value(s)
==2870== at 0x4F451D: sim_pin_retries_query_cb (sim.c:462)
==2870== by 0x459BDD: query_pin_retries_cb (sim.c:544)
==2870== by 0x45544A: service_send_callback (qmi.c:2143)
==2870== by 0x452D00: handle_packet (qmi.c:815)
==2870== by 0x452E85: received_data (qmi.c:863)
==2870== by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x4C680B: main (main.c:256)
==2870== Uninitialised value was created by a stack allocation
==2870== at 0x459B1A: query_pin_retries_cb (sim.c:531)
==2870==
==2870== Conditional jump or move depends on uninitialised value(s)
==2870== at 0x4F3DFB: get_pin_retries (sim.c:278)
==2870== by 0x4F4553: sim_pin_retries_query_cb (sim.c:467)
==2870== by 0x459BDD: query_pin_retries_cb (sim.c:544)
==2870== by 0x45544A: service_send_callback (qmi.c:2143)
==2870== by 0x452D00: handle_packet (qmi.c:815)
==2870== by 0x452E85: received_data (qmi.c:863)
==2870== by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x4C680B: main (main.c:256)
==2870== Uninitialised value was created by a stack allocation
==2870== at 0x459B1A: query_pin_retries_cb (sim.c:531)
==2870==
==2870== Conditional jump or move depends on uninitialised value(s)
==2870== at 0x4F3E65: get_pin_retries (sim.c:288)
==2870== by 0x4F4553: sim_pin_retries_query_cb (sim.c:467)
==2870== by 0x459BDD: query_pin_retries_cb (sim.c:544)
==2870== by 0x45544A: service_send_callback (qmi.c:2143)
==2870== by 0x452D00: handle_packet (qmi.c:815)
==2870== by 0x452E85: received_data (qmi.c:863)
==2870== by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870== by 0x4C680B: main (main.c:256)
==2870== Uninitialised value was created by a stack allocation
==2870== at 0x459B1A: query_pin_retries_cb (sim.c:531)
==14399== 28 bytes in 4 blocks are definitely lost in loss record 151 of 390
==14399== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==14399== by 0x209065: convert_gsm_to_utf8_with_lang (util.c:651)
==14399== by 0x2091D1: convert_gsm_to_utf8 (util.c:690)
==14399== by 0x22DDA7: ussd_decode (smsutil.c:4738)
==14399== by 0x18BF71: qmi_ussd_request (ussd.c:233)
==14399== by 0x2183EA: ussd_initiate (ussd.c:614)
==14399== by 0x27B6C8: process_message (object.c:259)
==14399== by 0x27D1CD: generic_message (object.c:1070)
==14399== by 0x5170732: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.14)
==14399== by 0x5161D83: dbus_connection_dispatch (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.14)
==14399== by 0x27907C: message_dispatch (mainloop.c:72)
==14399== by 0x4E826A9: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5000.3)
==14399== 16 bytes in 8 blocks are definitely lost in loss record 132 of 390
==14399== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==14399== by 0x59E03D9: strndup (strndup.c:43)
==14399== by 0x18277E: qmi_result_get_string (qmi.c:1794)
==14399== by 0x184221: get_ids_cb (devinfo.c:129)
==14399== by 0x18353B: service_send_callback (qmi.c:2286)
==14399== by 0x18093C: handle_packet (qmi.c:831)
==14399== by 0x180ADD: received_data (qmi.c:880)
==14399== by 0x4E826A9: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5000.3)
==14399== by 0x4E82A5F: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5000.3)
==14399== by 0x4E82D81: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5000.3)
==14399== by 0x201900: main (main.c:306)
When an LTE modem registers with the network, a default bearer is
automatically established. The APN used for this bearer is taken from
whatever default settings the modem has.
The LTE atom takes cares of setting up the default context/profile with
the APN to use. From there, a default bearer will be established when
the modem registers with the network. This results in a call to 'Get
LTE Attach Parameters' which tells us what APN the gateway negotiated
with us.
If we can't get the APN, we do what the AT driver does: pretend the
bearer wasn't established. This is a reasonable fallback, currently,
because connman can't handle zero-length APN's anyway; the previous
approach of setting the APN to 'automatic' breaks connman badly when it
needs to switch between LTE and non-LTE networks.
This patch adds an LTE atom for QMI modems.
This atom sets the APN that the LTE default bearer should use when
establishing its PDP context. This APN needs to be set on the 'default'
profile so the atom queries which profile is the default and resets
it before allowing the APN to be set.
Once configured, the default profile settings are used when the
modem connects to the network; for this reason, the LTE atom needs
to be instantiated in post_sim, before the modem is set online.
Certain modems doesn't support manual registering (gobi 2000).
Translate the error code into ofono error to report a
more detailed debug error message.
The IP Configuration data structure does not match any of the existing
data structure serialization conventions in the rest of the MBIM
specification. So add IPv4 / v6 specific extractors for IPV4 address
and IPV4 Element structures.
Instead of delaying the cpin entry callback until the sim is found to be
'ready', call back into the core right away. The core will wait until
the initialized notification is called from the driver before proceeding
with the rest of the initialization procedure.
The sim state query is now being done in the background and potential
leaking of cbd is now fixed.
SMS_SEND uses an embedded databuffer inside MBIM_SET_SMS_SEND which
wants to use a local offset (local to the databuffer structure) as
opposed to the offset from the start of the static buffer.
For zero element arrays we might inadvertently run past the end of the
iov buffer. Fix this by adding additional checks that n_elem > 0 and
don't call _iter_get_data unless needed.
In SimManager, the Retries property isn't used for gemalto modems.
The at command AT^SPIC is used to get the remaining retries left
for the current required password type.
This commit adds the implementation in the SIM driver of the retries
queries.
When modem does not answer or answers slowly to a discovery request,
a timeout occurs.
In timeout callback, request should be removed from queues to avoid
treating answer if it arrives later.
The Quectel EC21 does not provide the SMS PDU on the message event
notification.
This patch adds a call to 'raw read' on the message ID from the event
notification if the event notification does not already contain the
message data.
The message data begins with the SMSC length, type, and address so
the TPDU length is adjusted accordingly in the raw_read callback. This
differs from the way the raw message data is handled in the case
that it is included in the event notification itself. As I don't have
access to any other QMI modem at this time, I'm can not confirm that
this difference is reasonable.
Implemented the core API's needed for sim-auth:
list_apps: already implemented
open_channel: Opens a logical channel with +CCHO
close_channel: Closes logical channel with +CCHC
logical_access: Access an opened channel with +CGLA
==2941== Invalid read of size 4
==2941== at 0x69338: sim_state_cb (sim.c:1301)
==2941== by 0x71DCB: cpin_check_cb (atutil.c:567)
==2941== by 0xA602B: at_chat_finish_command (gatchat.c:459)
==2941== by 0xA6277: at_chat_handle_command_response (gatchat.c:521)
==2941== by 0xA6587: have_line (gatchat.c:600)
==2941== by 0xA6BB7: new_bytes (gatchat.c:759)
==2941== by 0xAAFAF: received_data (gatio.c:124)
==2941== by 0x4AF606F: g_main_dispatch (gmain.c:3154)
==2941== by 0x4AF606F: g_main_context_dispatch (gmain.c:3769)
==2941== by 0x4AF658F: g_main_loop_run (gmain.c:4034)
==2941== by 0xBDDBB: main (main.c:261)
==2941== Address 0x519c344 is 4 bytes inside a block of size 12 free'd
==2941== at 0x4840B28: free (vg_replace_malloc.c:530)
==2941== by 0x71F33: at_util_sim_state_query_free (atutil.c:613)
==2941== by 0x6930B: sim_state_cb (sim.c:1297)
==2941== by 0x71DCB: cpin_check_cb (atutil.c:567)
==2941== by 0xA602B: at_chat_finish_command (gatchat.c:459)
==2941== by 0xA6277: at_chat_handle_command_response (gatchat.c:521)
==2941== by 0xA6587: have_line (gatchat.c:600)
==2941== by 0xA6BB7: new_bytes (gatchat.c:759)
==2941== by 0xAAFAF: received_data (gatio.c:124)
==2941== by 0x4AF606F: g_main_dispatch (gmain.c:3154)
==2941== by 0x4AF606F: g_main_context_dispatch (gmain.c:3769)
==2941== by 0x4AF658F: g_main_loop_run (gmain.c:4034)
==2941== by 0xBDDBB: main (main.c:261)