summaryrefslogtreecommitdiffstats
path: root/include/osmocom/core/write_queue.h
Commit message (Collapse)AuthorAgeFilesLines
* control_if: Avoid heap-use-after-free in osmo_wqueue_bfd_cbPau Espin Pedrol2018-05-041-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Imagine following scenario: 1- client connects to CTRL iface, a new conn is created with POLL_READ enabled. 2- A non-related event happens which triggers a TRAP to be sent. As a result, the wqueue for the conn has now enabled POLL_WRITE, and message will be sent next time we go through osmo_main_select(). 3- At the same time, we receive the GET cmd from the CTRL client, which means POLL_READ event will be also triggered next time we call osmo_main_select(). 4- osmo_main_select triggers osmo_wqueue_bfd_cb with both READ/WRITE flags set. 5- The read_cb of wqueue is executed first. The handler closes the CTRL conn for some reason, freeing the osmo_fd struct and returns. 6- osmo_qeueue_bfd_cb keeps using the already freed osmo_fd and calls write_cb. So in step 6 we get a heap-use-after-free catched by AddressSanitizer: 20180424135406115 DLCTRL <0018> control_if.c:506 accept()ed new CTRL connection from (r=10.42.42.1:53910<->l=10.42.42.7:4249) 20180424135406116 DLCTRL <0018> control_cmd.c:378 Command: GET bts.0.oml-connection-state 20180424135406117 DLINP <0013> bts_ipaccess_nanobts.c:417 Identified BTS 1/0/0 20180424135406118 DNM <0005> abis_nm.c:1628 Get Attr (bts=0) 20180424135406118 DNM <0005> abis_nm.c:1628 Get Attr (bts=0) 20180424135406118 DCTRL <000e> osmo_bsc_ctrl.c:158 BTS connection (re)established, sending TRAP. 20180424135406119 DLCTRL <0018> control_if.c:173 close()d CTRL connection (r=10.42.42.1:53910<->l=10.42.42.7:4249) ================================================================= ==12301==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000003e04 at pc 0x7f23091c3a2f bp 0x7ffc0cb73ff0 sp 0x7ffc0cb73fe8 READ of size 4 at 0x611000003e04 thread T0 #0 0x7f23091c3a2e in osmo_wqueue_bfd_cb /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/libosmocore/src/write_queue.c:65 #1 0x7f23091ad5d8 in osmo_fd_disp_fds /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/libosmocore/src/select.c:216 #2 0x7f23091ad5d8 in osmo_select_main /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/libosmocore/src/select.c:256 #3 0x56538bdb7a26 in main /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:532 #4 0x7f23077532e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0) #5 0x56538bdb8999 in _start (/home/jenkins/workspace/osmo-gsm-tester_run-prod/trial-896/inst/osmo-bsc/bin/osmo-bsc+0x259999) Fixes: OS#3206 Change-Id: I84d10caaadcfa6bd46ba8756ca89aa0badcfd2e3
* doxygen: unify use of \file across the boardNeels Hofmeyr2017-06-231-5/+3
| | | | | | | | | | | | | | | | | Considering the various styles and implications found in the sources, edit scores of files to follow the same API doc guidelines around the doxygen grouping and the \file tag. Many files now show a short description in the generated API doc that was so far only available as C comment. The guidelines and reasoning behind it is documented at https://osmocom.org/projects/cellular-infrastructure/wiki/Guidelines_for_API_documentation In some instances, remove file comments and add to the corresponding group instead, to be shared among several files (e.g. bitvec). Change-Id: Ifa70e77e90462b5eb2b0457c70fd25275910c72b
* doxygen: enable AUTOBRIEF, drop \briefNeels Hofmeyr2017-06-231-7/+7
| | | | | | | | | | Especially for short descriptions, it is annoying to have to type \brief for every single API doc. Drop all \brief and enable the AUTOBRIEF feature of doxygen, which always takes the first sentence of an API doc as the brief description. Change-Id: I11a8a821b065a128108641a2a63fb5a2b1916e87
* include: Switch to #pragma once patternSylvain Munaut2014-06-161-4/+1
| | | | Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
* doc: Fix the Doxygen section endingsSylvain Munaut2012-04-181-1/+1
| | | | Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
* doxygen: Add 'write_queue' moduleHarald Welte2011-08-171-24/+6
|
* start to add doxygen documentation to libosmocore headersHarald Welte2011-08-161-0/+35
|
* write-queue: use namespace prefix osmo_wqueue*Pablo Neira Ayuso2011-05-071-7/+7
| | | | | | | | | | Summary of changes: s/struct write_queue/struct osmo_wqueue/g s/write_queue_init/osmo_wqueue_init/g s/void write_queue_clear/osmo_wqueue_clear/g s/write_queue_enqueue/osmo_wqueue_enqueue/g s/write_queue_bfd_cb/osmo_wqueue_bfd_cb/g
* select: use namespace prefix osmo_fd* and osmo_select*Pablo Neira Ayuso2011-05-071-5/+5
| | | | | | | | | Summary of changes: s/struct bsc_fd/struct osmo_fd/g s/bsc_register_fd/osmo_fd_register/g s/bsc_unregister_fd/osmo_fd_unregister/g s/bsc_select_main/osmo_select_main/g
* write_queue: use full path of includes in osmocom/core/write_queue.hPablo Neira Ayuso2011-03-281-2/+2
|
* include: reorganize headers file to include/osmocom/[gsm|core]Pablo Neira Ayuso2011-03-231-0/+46
This patch moves all GSM-specific definitions to include/osmocom/gsm. Moreover, the headers in include/osmocore/ have been moved to include/osmocom/core. This has been proposed by Harald Welte and Sylvain Munaunt. Tested with `make distcheck'. Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 18:42:27 +0000