==14399== 16 bytes in 8 blocks are definitely lost in loss record 132 of 390
==14399== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==14399== by 0x59E03D9: strndup (strndup.c:43)
==14399== by 0x18277E: qmi_result_get_string (qmi.c:1794)
==14399== by 0x184221: get_ids_cb (devinfo.c:129)
==14399== by 0x18353B: service_send_callback (qmi.c:2286)
==14399== by 0x18093C: handle_packet (qmi.c:831)
==14399== by 0x180ADD: received_data (qmi.c:880)
==14399== by 0x4E826A9: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5000.3)
==14399== by 0x4E82A5F: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5000.3)
==14399== by 0x4E82D81: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5000.3)
==14399== by 0x201900: main (main.c:306)
When an LTE modem registers with the network, a default bearer is
automatically established. The APN used for this bearer is taken from
whatever default settings the modem has.
The LTE atom takes cares of setting up the default context/profile with
the APN to use. From there, a default bearer will be established when
the modem registers with the network. This results in a call to 'Get
LTE Attach Parameters' which tells us what APN the gateway negotiated
with us.
If we can't get the APN, we do what the AT driver does: pretend the
bearer wasn't established. This is a reasonable fallback, currently,
because connman can't handle zero-length APN's anyway; the previous
approach of setting the APN to 'automatic' breaks connman badly when it
needs to switch between LTE and non-LTE networks.
This patch adds an LTE atom for QMI modems.
This atom sets the APN that the LTE default bearer should use when
establishing its PDP context. This APN needs to be set on the 'default'
profile so the atom queries which profile is the default and resets
it before allowing the APN to be set.
Once configured, the default profile settings are used when the
modem connects to the network; for this reason, the LTE atom needs
to be instantiated in post_sim, before the modem is set online.
Certain modems doesn't support manual registering (gobi 2000).
Translate the error code into ofono error to report a
more detailed debug error message.
The IP Configuration data structure does not match any of the existing
data structure serialization conventions in the rest of the MBIM
specification. So add IPv4 / v6 specific extractors for IPV4 address
and IPV4 Element structures.
Instead of delaying the cpin entry callback until the sim is found to be
'ready', call back into the core right away. The core will wait until
the initialized notification is called from the driver before proceeding
with the rest of the initialization procedure.
The sim state query is now being done in the background and potential
leaking of cbd is now fixed.
SMS_SEND uses an embedded databuffer inside MBIM_SET_SMS_SEND which
wants to use a local offset (local to the databuffer structure) as
opposed to the offset from the start of the static buffer.
For zero element arrays we might inadvertently run past the end of the
iov buffer. Fix this by adding additional checks that n_elem > 0 and
don't call _iter_get_data unless needed.
In SimManager, the Retries property isn't used for gemalto modems.
The at command AT^SPIC is used to get the remaining retries left
for the current required password type.
This commit adds the implementation in the SIM driver of the retries
queries.
When modem does not answer or answers slowly to a discovery request,
a timeout occurs.
In timeout callback, request should be removed from queues to avoid
treating answer if it arrives later.
The Quectel EC21 does not provide the SMS PDU on the message event
notification.
This patch adds a call to 'raw read' on the message ID from the event
notification if the event notification does not already contain the
message data.
The message data begins with the SMSC length, type, and address so
the TPDU length is adjusted accordingly in the raw_read callback. This
differs from the way the raw message data is handled in the case
that it is included in the event notification itself. As I don't have
access to any other QMI modem at this time, I'm can not confirm that
this difference is reasonable.
Implemented the core API's needed for sim-auth:
list_apps: already implemented
open_channel: Opens a logical channel with +CCHO
close_channel: Closes logical channel with +CCHC
logical_access: Access an opened channel with +CGLA
==2941== Invalid read of size 4
==2941== at 0x69338: sim_state_cb (sim.c:1301)
==2941== by 0x71DCB: cpin_check_cb (atutil.c:567)
==2941== by 0xA602B: at_chat_finish_command (gatchat.c:459)
==2941== by 0xA6277: at_chat_handle_command_response (gatchat.c:521)
==2941== by 0xA6587: have_line (gatchat.c:600)
==2941== by 0xA6BB7: new_bytes (gatchat.c:759)
==2941== by 0xAAFAF: received_data (gatio.c:124)
==2941== by 0x4AF606F: g_main_dispatch (gmain.c:3154)
==2941== by 0x4AF606F: g_main_context_dispatch (gmain.c:3769)
==2941== by 0x4AF658F: g_main_loop_run (gmain.c:4034)
==2941== by 0xBDDBB: main (main.c:261)
==2941== Address 0x519c344 is 4 bytes inside a block of size 12 free'd
==2941== at 0x4840B28: free (vg_replace_malloc.c:530)
==2941== by 0x71F33: at_util_sim_state_query_free (atutil.c:613)
==2941== by 0x6930B: sim_state_cb (sim.c:1297)
==2941== by 0x71DCB: cpin_check_cb (atutil.c:567)
==2941== by 0xA602B: at_chat_finish_command (gatchat.c:459)
==2941== by 0xA6277: at_chat_handle_command_response (gatchat.c:521)
==2941== by 0xA6587: have_line (gatchat.c:600)
==2941== by 0xA6BB7: new_bytes (gatchat.c:759)
==2941== by 0xAAFAF: received_data (gatio.c:124)
==2941== by 0x4AF606F: g_main_dispatch (gmain.c:3154)
==2941== by 0x4AF606F: g_main_context_dispatch (gmain.c:3769)
==2941== by 0x4AF658F: g_main_loop_run (gmain.c:4034)
==2941== by 0xBDDBB: main (main.c:261)
Huawei LTE modems use AT^SYSCFGEX and AT^SYSINFOEX instead of
AT^SYSCFG and AT^SYSINFO.
If we want to be able to attach on LTE with this modem, we must use
AT^SYSCFGEX to configure rat mode and band. Using AT^SYSCFG, mode any
means UMTS or GSM.
Add support for automatic context activation by adding read_settings.
It also adds detach_shutdown to make sure context is cleaned up when
network registration is lost.
This is a rudimentary implementation that contains technology and RSSI
and BitErrorRate, plus RSRQ/RSRP for LTE networks. More data can be
added as needed.
This implementations uses the 'Get Signal Strength' QMI method to retrieve
the data. Operator fields (MNC, LAC, etc) can be gotten from the 'Serving
Cell' method if needed, but since this data is already provided in the
NetworkRegistration object it doesn't seem necessary to repeat it here
when an additional communication to the modem is required.
When registering callbacks before ofono_netreg_register(), callbacks
will use the netreg api which might lead into undefined behaviour,
because certain fields aren't yet initilized.
This provides the list of available technologies in the radio-settings
atom. The list is queried by the DMS Get Capabilities method; ofono
takes care of caching the available technologies for us so we don't need
to worry about this method being called excessively.
The QMI radio-settings atom was just a skeleton and did not even implement
the mandtory property TechnologyPreference. As such, it probably should
never even have been registered for the modem. Nonetheless, this patch
puts this mandatory property into place.
This is implemented via the 'Set System Selection' method by way of the
'mode' parameter. This seems to best reflect the intention of the Ofono
API and works as expected when tested with a Quectel EC21.
Some notes:
i) There is an alternative function called 'Set Technology Preference'
which provides similar functionality. This 'technology preference'
is updated automatically when the 'system selection mode' is modified
so everything seems to be in order.
ii) For the EC21, switching the underlying technology works seamlessly.
There are indications, however, that some modems _might_ require a
reset before changes take effect; that bridge will need to be crossed
if reached.
Previously, these drivers would check /sys/devices/virtual/misc/tun to
see if TUN is supported, and bail out otherwise. However, the tun module
can sometimes be autoloaded by opening the /dev/net/tun file. In this
case the /dev file already exists, but the /sys file only gets created
after the modul is loaded.
Additionally, the ppp code does not use the /sys file, but only the
/dev file, so checking for the existence of the latter seems a better
indicator of expected success.
When registering to an operator ofono uses the old RAT.
In the case the modem is not connected to any network, this would use
QMI_NAS_NETWORK_RAT_NONE which results in the error OP_DEVICE_UNSUPPORTED.
Use QMI_NAS_NETWORK_RAT_NO_CHANGE instead to not define any preference.
If the ME storage is full, the modem will reject new messages
with a SMPP RP-Error 'Protocol error, unspecific'.
It seems the qmimodem is first checking the ME storage for
free space, then deliver the SMS via QMI and not saving it
to the ME anyway.
Using QMI_WMS_STORAGE_TYPE_NONE it doesn't check for free space.
Tested-on: Quectel EC20
When qmi_device_shutdown is used and the callback provided utilizes
qmi_device_unref, an access into already freed memory is triggered.
Sequence of events is:
1. timeout fires
2. glib calls timeout callback (e.g. shutdown_callback) which in turn
calls shutdown_func (gobi shutdown_cb) which in turn calls
qmi_device_unref()
3. qmi_device_unref calls g_source_remove, which doesn't call the
destroy callback (it is blocked)
4. qmi_device_unref then frees the memory used by device
5. glib then calls the source destroy callback (e.g. shutdown_destroy)
which results in just freed memory being used.
glib appears to always call the destroy callback, even if the source has
been removed previously. So to work around the issue, delay the actual
g_free until the destroy callback is invoked.
Apparently, an empty APN in an ofono context means that that the context
cannot be activated. connman definitely interprets it this way.
This patch sets a default name of "automatic" for the default bearer if
no other LTE APN is supplied (which is currently the case as the LTE
atom is not in place yet). Without this, connman happily ignores the
context, even though it has been activated by ofono.
When the modem attaches to an LTE network, a default bearer is
automatically negotiated using the "defalt profile" settings. The
QMI modem, however, does not given any explicit indication that
the bearer exists; instead, we must assume its existence based on
the network registration state.
This patch extends the GPRS atom to signal the presence of a
default bearer when it detects network connectivity on an LTE
network.
Apparently it's not legal to create a QMI service multiple times for
a device. I've been testing with a Quectel EC21 and here it works fine
to do so, but the general case would require "shared" services across
atoms.
This patch switches the users of the NAS and WDS services over to using
a "shared" service instead of each instatiating their own instance.
There are three principal ways for a context to become disconnected:
i) deactivate_primary() is called
ii) the network registration is lost and the context is cleaned up
via _detach_shutdown() (via release_all_contexts())
iii) the network decides to disconnect the context
We need to watch the packet status in order to detect case iii). For
case i) and ii), stop_net will be called, the pkt_handle will be
cleared, and subsequent packet status notifications be ignored.
This patch makes it so that the packet status "disconnected" event
is only propagated when the pkt_handle has not been cleared, indicating
an unrequested disconnection.
This should fix a race reported by Christophe Ronco whereby the packet
status disconnect notification is called between activate_primary
(start_net) and it's callback (start_net_cb).
SMS reception is not working for Gemalto modems because of +CMT parsing.
PDU length is the first argument of +CMT URCs in Gemalto modems.
Add a switch case on vendor info to handle Gemalto case.
Also handle acknowledgment, +CNMA takes only one parameter.
CMT parsing is moved from at_parse_cmt() to at_cmt_notify(). This
function is modified to match the style of at_cmgr_notify() and it
includes a switch case for CINTERION modems.
The detach_shutdown method is invoked to unconditionally release
an active context. For QMI, this is equivalent to a call to
deactivate_primary.
This patch makes the callback to deactivate_primary optional and
implements detach_shutdown to simply call it. When there is no
callback, the stop_net callback notifies ofono about the context
release via an asynchronous ofono_gprs_context_deactivated() call.
For LTE networks, a default bearer is automatically activated when
the modem registers to the network. QMI modems, however, do not
automatically enable the network interface just because the bearer
exists; a call to "start network" needs to be made in order to
get the packet handle before get_settings will return any data and
the network interface can be configured.
This patch makes read_settings call "start network" in order to
enable the interface for the default bearer. No new bearer will
be created with this call and the settings for the bearer will come
from the default profile, irregardless of what parameters are passed
to the "start network" method.
For LTE, a context is created automatically when the modem registers
to the network. The read_settings function is called for these
automatic contexts to get their configuration.