From eea6f0f11bca737a56cca9d1d1b49b27db9c0ac8 Mon Sep 17 00:00:00 2001 From: Andre Puschmann Date: Thu, 10 Dec 2020 10:37:48 +0100 Subject: [PATCH] enb: fix potential invalid access in stdout metrics this fixes a potential access of invalid PHY or MAC metrics by checking the user entry actually exists. the RFCI has shown this error: ------DL--------------------------------UL------------------------------------ rnti cqi ri mcs brate ok nok (%) snr phr mcs brate ok nok (%) bsr ASAN:DEADLYSIGNAL ================================================================= m==31838==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x555d482b6893 bp 0x7f6ac32d1160 sp 0x7f6ac32d0bc0 T21) ==31838==The signal is caused by a READ memory access. ==31838==Hint: address points to the zero page. #0 0x555d482b6892 in srsenb::metrics_stdout::set_metrics(srsenb::enb_metrics_t const&, unsigned int) /mnt/data/jenkins/workspace/srslte_dev_ogt_zmq_nightly/srsLTE/srsenb/src/metrics_stdout.cc:101 #1 0x555d482865f1 in srslte::metrics_hub::run_period() /mnt/data/jenkins/workspace/srslte_dev_ogt_zmq_nightly/srsLTE/lib/include/srslte/common/metrics_hub.h:88 #2 0x555d482865f1 in srslte::periodic_thread::run_thread() /mnt/data/jenkins/workspace/srslte_dev_ogt_zmq_nightly/srsLTE/lib/include/srslte/common/threads.h:143 #3 0x555d4826813d in srslte::thread::thread_function_entry(void*) /mnt/data/jenkins/workspace/srslte_dev_ogt_zmq_nightly/srsLTE/lib/include/srslte/common/threads.h:102 #4 0x7f6b0dc546da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da) #5 0x7f6b0bf0171e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12171e) --- srsenb/src/metrics_stdout.cc | 6 ++++++ srsenb/test/enb_metrics_test.cc | 21 ++++++++++++++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/srsenb/src/metrics_stdout.cc b/srsenb/src/metrics_stdout.cc index 76b9e7cbc..554a6d943 100644 --- a/srsenb/src/metrics_stdout.cc +++ b/srsenb/src/metrics_stdout.cc @@ -88,6 +88,12 @@ void metrics_stdout::set_metrics(const enb_metrics_t& metrics, const uint32_t pe } for (size_t i = 0; i < metrics.stack.rrc.ues.size(); i++) { + // make sure we have stats for MAC and PHY layer too + if (metrics.stack.mac.size() == 0 || metrics.phy.size() == 0 || i > metrics.stack.mac.size() || + i > metrics.phy.size()) { + break; + } + if (metrics.stack.mac[i].tx_errors > metrics.stack.mac[i].tx_pkts) { printf("tx caution errors %d > %d\n", metrics.stack.mac[i].tx_errors, metrics.stack.mac[i].tx_pkts); } diff --git a/srsenb/test/enb_metrics_test.cc b/srsenb/test/enb_metrics_test.cc index 46e363553..a08f4277e 100644 --- a/srsenb/test/enb_metrics_test.cc +++ b/srsenb/test/enb_metrics_test.cc @@ -27,7 +27,7 @@ namespace srsenb { char* csv_file_name = NULL; -#define NUM_METRICS (3) +#define NUM_METRICS (4) // fake classes class enb_dummy : public enb_metrics_interface @@ -100,6 +100,25 @@ public: metrics[2].phy[0].dl.mcs = 28.0; metrics[2].phy[0].ul.mcs = 20.2; metrics[2].phy[0].ul.sinr = 14.2; + + // fourth entry with incomple PHY and MAC stats + metrics[3].rf.rf_o = 10; + metrics[3].stack.rrc.ues.resize(2); + metrics[3].stack.mac.resize(metrics[3].stack.rrc.ues.size()); + metrics[3].stack.mac[0].rnti = 0x1; + metrics[3].stack.mac[0].tx_pkts = 9999; + metrics[3].stack.mac[0].tx_errors = 1; + metrics[3].stack.mac[0].tx_brate = 776; + metrics[3].stack.mac[0].rx_pkts = 50; + metrics[3].stack.mac[0].rx_errors = 0; + metrics[3].stack.mac[0].rx_brate = 1e3; + metrics[3].stack.mac[0].ul_buffer = 100; + metrics[3].stack.mac[0].dl_buffer = 200; + metrics[3].stack.mac[0].dl_cqi = 15.9; + metrics[3].stack.mac[0].dl_ri = 1.5; + metrics[3].stack.mac[0].dl_pmi = 1.0; + metrics[3].stack.mac[0].phr = 12.0; + metrics[3].phy.resize(0); // no PHY metrics for this UE } bool get_metrics(enb_metrics_t* m)