sysmocom
/
open5gs
forked from acouzens/open5gs
11
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[MME/AMF] fix the crash during timeout (#1122)

This commit is contained in:
Sukchan Lee 2021-08-08 12:38:15 +09:00
parent 831b29973f
commit af5b3aa931
7 changed files with 113 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/amf/gmm-sm.c
View File

@ -591,9 +591,13 @@ void gmm_state_authentication(ogs_fsm_t *s, amf_event_t *e)
nas_5gs_send_authentication_reject(amf_ue));
OGS_FSM_TRAN(&amf_ue->sm, &gmm_state_exception);
} else {
amf_ue->t3560.retry_count++;
ogs_assert(OGS_OK ==
nas_5gs_send_authentication_request(amf_ue));
rv = nas_5gs_send_authentication_request(amf_ue);
if (rv == OGS_OK) {
amf_ue->t3560.retry_count++;
} else {
ogs_error("nas_5gs_send_authentication_request() failed");
OGS_FSM_TRAN(&amf_ue->sm, &gmm_state_exception);
}
}
break;
default:
@ -832,9 +836,13 @@ void gmm_state_security_mode(ogs_fsm_t *s, amf_event_t *e)
OGS_5GMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED));
OGS_FSM_TRAN(&amf_ue->sm, &gmm_state_exception);
} else {
amf_ue->t3560.retry_count++;
ogs_assert(OGS_OK ==
nas_5gs_send_security_mode_command(amf_ue));
rv = nas_5gs_send_security_mode_command(amf_ue);
if (rv == OGS_OK) {
amf_ue->t3560.retry_count++;
} else {
ogs_error("nas_5gs_send_security_mode_command() failed");
OGS_FSM_TRAN(&amf_ue->sm, &gmm_state_exception);
}
}
break;
default:
@ -1126,9 +1134,13 @@ void gmm_state_initial_context_setup(ogs_fsm_t *s, amf_event_t *e)
amf_ue->suci);
OGS_FSM_TRAN(&amf_ue->sm, &gmm_state_exception);
} else {
amf_ue->t3550.retry_count++;
ogs_assert(OGS_OK ==
nas_5gs_send_registration_accept(amf_ue));
rv = nas_5gs_send_registration_accept(amf_ue);
if (rv == OGS_OK) {
amf_ue->t3550.retry_count++;
} else {
ogs_error("nas_5gs_send_registration_accept() failed");
OGS_FSM_TRAN(&amf_ue->sm, &gmm_state_exception);
}
}
break;
default:

10
src/mme/emm-handler.c
View File

@ -296,15 +296,15 @@ int emm_handle_attach_complete(
network_daylight_saving_time->length = 1;
emmbuf = nas_eps_security_encode(mme_ue, &message);
if (emmbuf) {
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
}
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect_or_return_val(rv == OGS_OK, rv);
ogs_debug("EMM information");
ogs_debug(" IMSI[%s]", mme_ue->imsi_bcd);
return OGS_OK;
return rv;
}
int emm_handle_identity_response(

52
src/mme/emm-sm.c
View File

@ -617,9 +617,13 @@ static void common_register_state(ogs_fsm_t *s, mme_event_t *e)
"Stop retransmission");
OGS_FSM_TRAN(&mme_ue->sm, &emm_state_exception);
} else {
mme_ue->t3470.retry_count++;
ogs_assert(OGS_OK ==
nas_eps_send_identity_request(mme_ue));
rv = nas_eps_send_identity_request(mme_ue);
if (rv == OGS_OK) {
mme_ue->t3470.retry_count++;
} else {
ogs_error("nas_eps_send_identity_request() failed");
OGS_FSM_TRAN(&mme_ue->sm, &emm_state_exception);
}
}
break;
@ -777,12 +781,16 @@ void emm_state_authentication(ogs_fsm_t *s, mme_event_t *e)
"Stop retransmission", mme_ue->imsi_bcd);
OGS_FSM_TRAN(&mme_ue->sm, &emm_state_exception);
ogs_assert(OGS_OK ==
ogs_expect(OGS_OK ==
nas_eps_send_authentication_reject(mme_ue));
} else {
mme_ue->t3460.retry_count++;
ogs_assert(OGS_OK ==
nas_eps_send_authentication_request(mme_ue));
rv = nas_eps_send_authentication_request(mme_ue);
if (rv == OGS_OK) {
mme_ue->t3460.retry_count++;
} else {
ogs_error("nas_eps_send_authentication_request() failed");
OGS_FSM_TRAN(&mme_ue->sm, &emm_state_exception);
}
}
break;
default:
@ -945,14 +953,18 @@ void emm_state_security_mode(ogs_fsm_t *s, mme_event_t *e)
"Stop retransmission", mme_ue->imsi_bcd);
OGS_FSM_TRAN(&mme_ue->sm, &emm_state_exception);
ogs_assert(OGS_OK ==
ogs_expect(OGS_OK ==
nas_eps_send_attach_reject(mme_ue,
EMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED,
ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED));
} else {
mme_ue->t3460.retry_count++;
ogs_assert(OGS_OK ==
nas_eps_send_security_mode_command(mme_ue));
rv = nas_eps_send_security_mode_command(mme_ue);
if (rv == OGS_OK) {
mme_ue->t3460.retry_count++;
} else {
ogs_error("nas_eps_send_security_mode_command() failed");
OGS_FSM_TRAN(&mme_ue->sm, &emm_state_exception);
}
}
break;
default:
@ -1141,14 +1153,18 @@ void emm_state_initial_context_setup(ogs_fsm_t *s, mme_event_t *e)
emmbuf = mme_ue->t3450.pkbuf;
ogs_expect_or_return(emmbuf);
mme_ue->t3450.pkbuf = ogs_pkbuf_copy(emmbuf);
ogs_assert(mme_ue->t3450.pkbuf);
ogs_timer_start(mme_ue->t3450.timer,
mme_timer_cfg(MME_TIMER_T3450)->duration);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
if (rv == OGS_OK) {
mme_ue->t3450.pkbuf = ogs_pkbuf_copy(emmbuf);
ogs_assert(mme_ue->t3450.pkbuf);
ogs_timer_start(mme_ue->t3450.timer,
mme_timer_cfg(MME_TIMER_T3450)->duration);
} else {
ogs_error("nas_eps_send_to_downlink_nas_transport() "
"failed");
OGS_FSM_TRAN(&mme_ue->sm, &emm_state_exception);
}
}
break;
default:

3
src/mme/esm-handler.c
View File

@ -84,8 +84,7 @@ int esm_handle_pdn_connectivity_request(mme_bearer_t *bearer,
if (security_protected_required) {
CLEAR_BEARER_TIMER(bearer->t3489);
ogs_assert(OGS_OK ==
nas_eps_send_esm_information_request(bearer));
ogs_assert(OGS_OK == nas_eps_send_esm_information_request(bearer));
return OGS_OK;
}

13
src/mme/esm-sm.c
View File

@ -223,17 +223,20 @@ void esm_state_inactive(ogs_fsm_t *s, mme_event_t *e)
if (bearer->t3489.retry_count >=
mme_timer_cfg(MME_TIMER_T3489)->max_count) {
ogs_warn("Retransmission of IMSI[%s] failed. "
"Stop retransmission",
mme_ue->imsi_bcd);
"Stop retransmission", mme_ue->imsi_bcd);
OGS_FSM_TRAN(&bearer->sm, &esm_state_exception);
ogs_assert(OGS_OK ==
nas_eps_send_pdn_connectivity_reject(sess,
ESM_CAUSE_ESM_INFORMATION_NOT_RECEIVED));
} else {
bearer->t3489.retry_count++;
ogs_assert(OGS_OK ==
nas_eps_send_esm_information_request(bearer));
rv = nas_eps_send_esm_information_request(bearer);
if (rv == OGS_OK) {
bearer->t3489.retry_count++;
} else {
ogs_error("nas_eps_send_esm_information_request() failed");
OGS_FSM_TRAN(&bearer->sm, &esm_state_exception);
}
}
break;
default:

76
src/mme/nas-path.c
View File

@ -72,7 +72,7 @@ int nas_eps_send_to_downlink_nas_transport(mme_ue_t *mme_ue, ogs_pkbuf_t *pkbuf)
ogs_assert(mme_ue);
enb_ue = enb_ue_cycle(mme_ue->enb_ue);
if (!enb_ue) {
ogs_warn("S1 context has already been removed");
ogs_error("S1 context has already been removed");
ogs_pkbuf_free(pkbuf);
return OGS_ERROR;
@ -147,7 +147,7 @@ int nas_eps_send_attach_reject(mme_ue_t *mme_ue,
emmbuf = emm_build_attach_reject(emm_cause, esmbuf);
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
return rv;
}
@ -169,14 +169,14 @@ int nas_eps_send_identity_request(mme_ue_t *mme_ue)
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
}
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect_or_return_val(rv == OGS_OK, rv);
mme_ue->t3470.pkbuf = ogs_pkbuf_copy(emmbuf);
ogs_expect_or_return_val(mme_ue->t3470.pkbuf, OGS_ERROR);
ogs_timer_start(mme_ue->t3470.timer,
mme_timer_cfg(MME_TIMER_T3470)->duration);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
return rv;
}
@ -197,14 +197,14 @@ int nas_eps_send_authentication_request(mme_ue_t *mme_ue)
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
}
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect_or_return_val(rv == OGS_OK, rv);
mme_ue->t3460.pkbuf = ogs_pkbuf_copy(emmbuf);
ogs_expect_or_return_val(mme_ue->t3460.pkbuf, OGS_ERROR);
ogs_timer_start(mme_ue->t3460.timer,
mme_timer_cfg(MME_TIMER_T3460)->duration);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
return rv;
}
@ -225,14 +225,14 @@ int nas_eps_send_security_mode_command(mme_ue_t *mme_ue)
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
}
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect_or_return_val(rv == OGS_OK, rv);
mme_ue->t3460.pkbuf = ogs_pkbuf_copy(emmbuf);
ogs_expect_or_return_val(mme_ue->t3460.pkbuf, OGS_ERROR);
ogs_timer_start(mme_ue->t3460.timer,
mme_timer_cfg(MME_TIMER_T3460)->duration);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
return rv;
}
@ -249,7 +249,7 @@ int nas_eps_send_authentication_reject(mme_ue_t *mme_ue)
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
return rv;
}
@ -273,7 +273,7 @@ int nas_eps_send_detach_accept(mme_ue_t *mme_ue)
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect_or_return_val(rv == OGS_OK, OGS_ERROR);
ogs_expect_or_return_val(rv == OGS_OK, rv);
}
rv = s1ap_send_ue_context_release_command(enb_ue,
@ -306,7 +306,7 @@ int nas_eps_send_pdn_connectivity_reject(
ogs_expect_or_return_val(esmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, esmbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
}
return rv;
@ -330,14 +330,14 @@ int nas_eps_send_esm_information_request(mme_bearer_t *bearer)
ogs_expect_or_return_val(esmbuf, OGS_ERROR);
}
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, esmbuf);
ogs_expect_or_return_val(rv == OGS_OK, rv);
bearer->t3489.pkbuf = ogs_pkbuf_copy(esmbuf);
ogs_expect_or_return_val(bearer->t3489.pkbuf, OGS_ERROR);
ogs_timer_start(bearer->t3489.timer,
mme_timer_cfg(MME_TIMER_T3489)->duration);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, esmbuf);
ogs_expect(rv == OGS_OK);
return rv;
}
@ -424,10 +424,10 @@ int nas_eps_send_modify_bearer_context_request(
ogs_expect_or_return_val(s1apbuf, OGS_ERROR);
rv = nas_eps_send_to_enb(mme_ue, s1apbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
} else {
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, esmbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
}
return rv;
@ -472,7 +472,7 @@ int nas_eps_send_bearer_resource_allocation_reject(
ogs_expect_or_return_val(esmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, esmbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
return rv;
}
@ -491,7 +491,7 @@ int nas_eps_send_bearer_resource_modification_reject(
ogs_expect_or_return_val(esmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, esmbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
return rv;
}
@ -509,6 +509,19 @@ int nas_eps_send_tau_accept(
emmbuf = emm_build_tau_accept(mme_ue);
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
if (procedureCode == S1AP_ProcedureCode_id_InitialContextSetup) {
ogs_pkbuf_t *s1apbuf = NULL;
s1apbuf = s1ap_build_initial_context_setup_request(mme_ue, emmbuf);
ogs_expect_or_return_val(s1apbuf, OGS_ERROR);
rv = nas_eps_send_to_enb(mme_ue, s1apbuf);
ogs_expect_or_return_val(rv == OGS_OK, rv);
} else if (procedureCode == S1AP_ProcedureCode_id_downlinkNASTransport) {
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect_or_return_val(rv == OGS_OK, rv);
} else
ogs_assert_if_reached();
if (mme_ue->next.m_tmsi) {
CLEAR_MME_UE_TIMER(mme_ue->t3450);
mme_ue->t3450.pkbuf = ogs_pkbuf_copy(emmbuf);
@ -517,19 +530,6 @@ int nas_eps_send_tau_accept(
mme_timer_cfg(MME_TIMER_T3450)->duration);
}
if (procedureCode == S1AP_ProcedureCode_id_InitialContextSetup) {
ogs_pkbuf_t *s1apbuf = NULL;
s1apbuf = s1ap_build_initial_context_setup_request(mme_ue, emmbuf);
ogs_expect_or_return_val(s1apbuf, OGS_ERROR);
rv = nas_eps_send_to_enb(mme_ue, s1apbuf);
ogs_expect(rv == OGS_OK);
} else if (procedureCode == S1AP_ProcedureCode_id_downlinkNASTransport) {
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
} else
ogs_assert_if_reached();
return rv;
}
@ -547,7 +547,7 @@ int nas_eps_send_tau_reject(mme_ue_t *mme_ue, ogs_nas_emm_cause_t emm_cause)
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
return rv;
}
@ -567,7 +567,7 @@ int nas_eps_send_service_reject(mme_ue_t *mme_ue,
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
return rv;
}
@ -585,7 +585,7 @@ int nas_eps_send_cs_service_notification(mme_ue_t *mme_ue)
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
return rv;
}
@ -606,7 +606,7 @@ int nas_eps_send_downlink_nas_transport(
ogs_expect_or_return_val(emmbuf, OGS_ERROR);
rv = nas_eps_send_to_downlink_nas_transport(mme_ue, emmbuf);
ogs_expect(rv == OGS_OK);
ogs_expect_or_return_val(rv == OGS_OK, rv);
return rv;
}

6
src/mme/s1ap-build.c
View File

@ -466,6 +466,12 @@ ogs_pkbuf_t *s1ap_build_initial_context_setup_request(
}
}
if (emmbuf && emmbuf->len) {
ogs_error("NAS message without session/bearer");
ogs_pkbuf_free(emmbuf);
emmbuf = NULL;
}
ogs_assert(E_RABToBeSetupListCtxtSUReq->list.count);
ie = CALLOC(1, sizeof(S1AP_InitialContextSetupRequestIEs_t));