SGSN: Code to help debug / fix sgsn crash in cb_data_ind()
A crash was obsserved in cb_data_ind() when mm is dereferenced.
This patch adds some safeguards that try to prevent the library handle
back-pointer to the pdp_ctx to be NULL, and print a stack backtrace in
case we are free() ing the sgsn-side pdp_ctx while there's still a
library handle attached.
diff --git a/openbsc/src/gprs/sgsn_libgtp.c b/openbsc/src/gprs/sgsn_libgtp.c
index a19af36..7c17f9d 100644
--- a/openbsc/src/gprs/sgsn_libgtp.c
+++ b/openbsc/src/gprs/sgsn_libgtp.c
@@ -317,6 +317,10 @@
/* Confirm deactivation of PDP context to MS */
rc = gsm48_tx_gsm_deact_pdp_acc(pctx);
+ /* unlink the now non-existing library handle from the pdp
+ * context */
+ pctx->lib = NULL;
+
sgsn_pdp_ctx_free(pctx);
return rc;
@@ -422,10 +426,16 @@
pdp = lib->priv;
if (!pdp) {
- DEBUGP(DGPRS, "GTP DATA IND from GGSN for unknown PDP\n");
+ LOGP(DGPRS, LOGL_NOTICE,
+ "GTP DATA IND from GGSN for unknown PDP\n");
return -EIO;
}
mm = pdp->mm;
+ if (!mm) {
+ LOGP(DGPRS, LOGL_ERROR,
+ "PDP context (imsi=%s) without MM context!\n", mm->imsi);
+ return -EIO;
+ }
msg = msgb_alloc_headroom(len+256, 128, "GTP->SNDCP");
ud = msgb_put(msg, len);