After input PIN wrong 3 times, sim main state (include spn_watches)
is freed. but the watch id still be kept by other atoms (network and
gprs), when remove the atom, it will try to remove the watch from
spn_watches, ofono daemon will crash.
On some architectures the SimManager.Retries property was getting bogus
values. This is because we were sending an array which pointed to int
values instead of the expected unsigned char values.
This fix allocates a temporary array of unsigned chars to hold the
actual D-Bus values being sent. Additionally, the dictionary array is
changed to point to the temporary unsigned char based values instead of
the raw 'int' based retry values.
ofonod[32055]: ++++++++ backtrace ++++++++
ofonod[32055]: #0 0x7f6af0ee3b30 in /lib64/libc.so.6
ofonod[32055]: #1 0x4c2466 in __ofono_watchlist_remove_item() at
src/watch.c:57
ofonod[32055]: #2 0x4b5b73 in ofono_sim_remove_spn_watch() at
src/sim.c:2715
ofonod[32055]: #3 0x497c30 in netreg_unregister() at src/network.c:1817
ofonod[32055]: #4 0x4912e1 in __ofono_atom_unregister() at
src/modem.c:277
ofonod[32055]: #5 0x491387 in flush_atoms() at src/modem.c:425
ofonod[32055]: #6 0x4b6cb8 in __ofono_sim_refresh() at src/sim.c:3154
ofonod[32055]: #7 0x4b8c41 in handle_command_refresh() at
src/stk.c:2302
ofonod[32055]: #8 0x4baf0d in
ofono_stk_proactive_command_handled_notify() at src/stk.c:3048
ofonod[32055]: #9 0x46c60f in satn_notify() at
drivers/ifxmodem/stk.c:229
ofonod[32055]: #10 0x7f6af1711455 in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #11 0x43e729 in at_chat_match_notify() at
gatchat/gatchat.c:421
ofonod[32055]: #12 0x440da8 in received_data() at gatchat/gatio.c:125
ofonod[32055]: #13 0x441834 in dispatch_sources() at
gatchat/gatmux.c:157
ofonod[32055]: #14 0x441bbd in received_data() at gatchat/gatmux.c:215
ofonod[32055]: #15 0x7f6af173dfc3 in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #16 0x7f6af16ef065 in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #17 0x7f6af16efd0f in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #18 0x7f6af16efef9 in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #19 0x7f6af16f032f in /usr/lib64/libglib-2.0.so.0
ofonod[32055]: #20 0x48f5f8 in main() at src/main.c:249
ofonod[32055]: #21 0x7f6af0ed04bd in /lib64/libc.so.6
ofonod[32055]: +++++++++++++++++++++++++++
When modem is brought online, then sim removed and re-inserted. We
crash when going online again due to the spn related data-structures not
being initialized properly
When the SIM is being refreshed, we try to access the SIM too fast after
the SIM REFRESH proactive command is received. Instead set the sim atom
into the 'RESETTING' state and wait until the modem driver signals the
sim insertion again.
In certain circumstances, when the image has been cached but EFimg has
not been read yet, we might end up accessing an unitialized variable.
Fix this by always failing if EFimg has not been read yet.
We should not tear down the SIM state if PIN2 is being asked for, or if
PIN2 is blocked and PUK2 is being asked.
We also want to continue with SIM initialization if the modem requires
PIN2 / PUK2 for some reason.