Commit a88c33b1 authored by Thomas Laurent's avatar Thomas Laurent
Browse files

fix array overflow and wrong LCID

parent 763f0341
......@@ -44,6 +44,7 @@
#include "common/utils/LOG/vcd_signal_dumper.h"
#include "common/utils/LOG/log.h"
#include <syscall.h>
#include <openair2/UTIL/OPT/opt.h>
//#define DEBUG_DLSCH_CODING
//#define DEBUG_DLSCH_FREE 1
......@@ -266,6 +267,8 @@ int nr_dlsch_encoding(PHY_VARS_gNB *gNB,
VCD_SIGNAL_DUMPER_DUMP_FUNCTION_BY_NAME(VCD_SIGNAL_DUMPER_FUNCTIONS_gNB_DLSCH_ENCODING, VCD_FUNCTION_IN);
A = rel15->TBSize[0]<<3;
if ( dlsch->rnti != SI_RNTI )
trace_NRpdu(DIRECTION_DOWNLINK, a, rel15->TBSize[0], 0, WS_C_RNTI, dlsch->rnti, frame, slot,0, 0);
NR_gNB_SCH_STATS_t *stats=NULL;
int first_free=-1;
......
......@@ -299,7 +299,7 @@ typedef struct f1ap_initial_ul_rrc_message_s {
uint16_t crnti;
uint8_t *rrc_container;
int rrc_container_length;
uint8_t *du2cu_rrc_container;
int8_t *du2cu_rrc_container;
int du2cu_rrc_container_length;
} f1ap_initial_ul_rrc_message_t;
......
......@@ -799,7 +799,7 @@ int DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(module_id_t module_idP,
rnti_t rntiP,
const uint8_t *sduP,
sdu_size_t sdu_lenP,
const uint8_t *sdu2P,
const int8_t *sdu2P,
sdu_size_t sdu2_lenP) {
F1AP_F1AP_PDU_t pdu;
F1AP_InitialULRRCMessageTransfer_t *out;
......
......@@ -50,7 +50,7 @@ int DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(module_id_t module_idP,
rnti_t rntiP,
const uint8_t *sduP,
sdu_size_t sdu_lenP,
const uint8_t *sdu2P,
const int8_t *sdu2P,
sdu_size_t sdu2_lenP);
#endif /* F1AP_DU_RRC_MESSAGE_TRANSFER_H_ */
......@@ -190,7 +190,7 @@ void *F1AP_DU_task(void *arg) {
DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(0,0,0,msg->crnti,
msg->rrc_container,
msg->rrc_container_length,
msg->du2cu_rrc_container,
(char*)msg->du2cu_rrc_container,
msg->du2cu_rrc_container_length
);
break;
......
......@@ -1012,7 +1012,7 @@ NR_UE_L2_STATE_t nr_ue_scheduler(nr_downlink_indication_t *dl_info, nr_uplink_in
//Give the first byte a dummy value (a value not corresponding to any valid LCID based on 38.321, Table 6.2.1-2)
//in order to distinguish the PHY random packets at the MAC layer of the gNB receiver from the normal packets that should
//have a valid LCID (nr_process_mac_pdu function)
ulsch_input_buffer[0] = 0x31;
ulsch_input_buffer[0] = UL_SCH_LCID_PADDING;
for (int i = 1; i < TBS_bytes; i++) {
ulsch_input_buffer[i] = (unsigned char) rand();
......@@ -1914,6 +1914,7 @@ void nr_ue_prach_scheduler(module_id_t module_idP, frame_t frameP, sub_frame_t s
} // if is_nr_UL_slot
}
#define MAX_LCID 8 //Fixme: also defined in LCID table
uint8_t
nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
sub_frame_t subframe, uint8_t eNB_index,
......@@ -1921,16 +1922,15 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
uint8_t total_rlc_pdu_header_len = 0;
int16_t buflen_remain = 0;
uint8_t lcid = 0;
uint16_t sdu_lengths[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
uint8_t sdu_lcids[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
uint16_t sdu_lengths[MAX_LCID] = { 0 };
uint8_t sdu_lcids[MAX_LCID] = { 0 };
uint16_t payload_offset = 0, num_sdus = 0;
uint8_t ulsch_sdus[MAX_ULSCH_PAYLOAD_BYTES];
uint16_t sdu_length_total = 0;
//unsigned short post_padding = 0;
NR_UE_MAC_INST_t *mac = get_mac_inst(module_idP);
rlc_buffer_occupancy_t lcid_buffer_occupancy_old =
0, lcid_buffer_occupancy_new = 0;
rlc_buffer_occupancy_t lcid_buffer_occupancy_new = 0;
LOG_D(NR_MAC,
"[UE %d] MAC PROCESS UL TRANSPORT BLOCK at frame%d subframe %d TBS=%d\n",
module_idP, frameP, subframe, buflen);
......@@ -1940,12 +1940,9 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
// Check for DCCH first
// TO DO: Multiplex in the order defined by the logical channel prioritization
for (lcid = UL_SCH_LCID_SRB1;
lcid < NR_MAX_NUM_LCID; lcid++) {
lcid < MAX_LCID; lcid++) {
lcid_buffer_occupancy_old = mac_rlc_get_buffer_occupancy_ind(module_idP, mac->crnti, eNB_index, frameP, subframe, ENB_FLAG_NO, lcid);
lcid_buffer_occupancy_new = lcid_buffer_occupancy_old;
if(lcid_buffer_occupancy_new){
if( mac_rlc_get_buffer_occupancy_ind(module_idP, mac->crnti, eNB_index, frameP, subframe, ENB_FLAG_NO, lcid) ) {
buflen_remain =
buflen - (total_rlc_pdu_header_len + sdu_length_total + MAX_RLC_SDU_SUBHEADER_SIZE);
......@@ -1983,14 +1980,6 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
num_sdus++;
}
/* Get updated BO after multiplexing this PDU */
lcid_buffer_occupancy_new = mac_rlc_get_buffer_occupancy_ind(module_idP,
mac->crnti,
eNB_index,
frameP,
subframe,
ENB_FLAG_NO,
lcid);
buflen_remain =
buflen - (total_rlc_pdu_header_len + sdu_length_total + MAX_RLC_SDU_SUBHEADER_SIZE);
}
......
......@@ -32,6 +32,8 @@
#include "LAYER2/NR_MAC_gNB/mac_proto.h"
#include "executables/softmodem-common.h"
#include "common/utils/nr/nr_common.h"
#include <openair2/UTIL/OPT/opt.h>
//38.321 Table 6.1.3.1-1
const uint32_t NR_SHORT_BSR_TABLE[32] = {
......@@ -83,6 +85,8 @@ void nr_process_mac_pdu(
LOG_E(NR_MAC, "%s() UE_id == -1\n",__func__);
return;
}
trace_NRpdu(DIRECTION_UPLINK, pduP, mac_pdu_len ,UE_id, WS_C_RNTI, rnti, frameP, 0,0, 0);
NR_UE_sched_ctrl_t *sched_ctrl = &UE_info->UE_sched_ctrl[UE_id];
// For both DL/UL-SCH
// Except:
......
......@@ -249,7 +249,7 @@ boolean_t gtpv_data_req_new (
return result;
} else { /* It is from from epc message */
/* in the source enb, UE in RRC_HO_EXECUTION mode */
MessageDef *msg;
//MessageDef *msg;
// ?????
return true;
}
......
......@@ -44,7 +44,6 @@
#include "NR_BCCH-BCH-Message.h"
#include "rrc_gNB_UE_context.h"
#include <openair2/RRC/NR/MESSAGES/asn1_msg.h>
#include <openair2/UTIL/OPT/opt.h>
extern RAN_CONTEXT_t RC;
......@@ -208,7 +207,6 @@ nr_rrc_data_req(
message_p);
LOG_I(NR_RRC,"send RRC_DCCH_DATA_REQ to PDCP\n");
//trace_NRpdu(DIRECTION_DOWNLINK, message_buffer, sdu_sizeP, 0, WS_M_RNTI, ctxt_pP->rnti, ctxt_pP->frame, ctxt_pP->subframe,0, 0);
/* Hack: only trigger PDCP if in CU, otherwise it is triggered by RU threads
* Ideally, PDCP would not neet to be triggered like this but react to ITTI
* messages automatically */
......
......@@ -1034,7 +1034,7 @@ void fill_initial_SpCellConfig(rnti_t rnti,
AssertFatal(scc->downlinkConfigCommon->initialDownlinkBWP->genericParameters.subcarrierSpacing==NR_SubcarrierSpacing_kHz30,
"SCS != 30kHz\n");
AssertFatal(scc->tdd_UL_DL_ConfigurationCommon->pattern1.dl_UL_TransmissionPeriodicity==NR_TDD_UL_DL_Pattern__dl_UL_TransmissionPeriodicity_ms5,
"TDD period != 5ms : %d\n",scc->tdd_UL_DL_ConfigurationCommon->pattern1.dl_UL_TransmissionPeriodicity);
"TDD period != 5ms : %ld\n",scc->tdd_UL_DL_ConfigurationCommon->pattern1.dl_UL_TransmissionPeriodicity);
schedulingRequestResourceConfig->periodicityAndOffset->choice.sl40 = 10*((rnti>>1)&3) + (rnti&2);
schedulingRequestResourceConfig->resource = calloc(1,sizeof(*schedulingRequestResourceConfig->resource));
......
......@@ -441,10 +441,15 @@ teid_t newGtpuCreateTunnel(instance_t instance, rnti_t rnti, int bearer_id, teid
tmp->outgoing_port=port;
tmp->teid_outgoing= outgoing_teid;
pthread_mutex_unlock(&globGtp.gtp_lock);
LOG_I(GTPU, "Created tunnel for RNTI %x, teid for DL: %d, teid for UL %d\n",
char ip4[INET_ADDRSTRLEN];
char ip6[INET6_ADDRSTRLEN];
LOG_I(GTPU, "Created tunnel for RNTI %x, teid for DL: %d, teid for UL %d to remote IPv4: %s, IPv6 %s\n",
rnti,
tmp->teid_incoming,
tmp->teid_outgoing);
tmp->teid_outgoing,
inet_ntop(AF_INET,(void*)&tmp->outgoing_ip_addr, ip4,INET_ADDRSTRLEN ),
inet_ntop(AF_INET6,(void*)&tmp->outgoing_ip6_addr.s6_addr, ip6, INET6_ADDRSTRLEN));
return incoming_teid;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment