fix for #1934
This fixes a race condition between Stack thread and DL
PDU processing that lead to updates of the RLC buffer that
are undetected by the BSR routine.
What happens is that in a UL SCH PDU all outstanding data is transmitted
and and a LBSR with all zero buffers is sent.
14:39:47.327301 [MAC ] [D] [ 3793] BSR: LCID=3 old_buffer=59
14:39:47.330600 [MAC ] [I] [ 3793] UL LCID=3 len=58 LBSR: b=0 0 0 0
Note that "old_buffer" isn't set to zero here.
At the same time (same TTI), the MAC PDU processing thread handles DL-SCH PDUs
that may generate new UL PDUs:
14:39:47.330749 [RLC ] [I] DRB1 Tx SDU (54 B, tx_sdu_queue_len=1)
14:39:47.330762 [RLC ] [I] DRB1 Tx SDU (54 B, tx_sdu_queue_len=2)
14:39:47.330775 [RLC ] [I] DRB1 Tx SDU (54 B, tx_sdu_queue_len=3)
..
Those PDUs are "new data" since the previous buffer state was zero.
Here is the race now between the threads, at the end of the bsr::step() function
old_buffer of each LCG is updated with the previous new_buffer, so
the buffer state of LCG=2 is now 59.
Now MAC starts the next TTI:
14:39:47.331910 [MAC ] [D] [ 3794] Running MAC tti=3794
14:39:47.331928 [MAC ] [D] [ 3794] Update Bj: lcid=0, Bj=0
14:39:47.331934 [MAC ] [D] [ 3794] Update Bj: lcid=1, Bj=0
14:39:47.331938 [MAC ] [D] [ 3794] Update Bj: lcid=2, Bj=0
14:39:47.331941 [MAC ] [D] [ 3794] Update Bj: lcid=3, Bj=-1752
14:39:47.331951 [MAC ] [D] [ 3794] BSR: LCID=0 update new buffer=0
14:39:47.331960 [MAC ] [D] [ 3794] BSR: LCID=1 update new buffer=0
14:39:47.331964 [MAC ] [D] [ 3794] BSR: LCID=2 update new buffer=0
14:39:47.331971 [MAC ] [D] [ 3794] BSR: LCID=3 update new buffer=335
14:39:47.331976 [MAC ] [D] [ 3794] BSR: check_new_data() -> get_buffer_state_lcg(0)=0
14:39:47.331980 [MAC ] [D] [ 3794] BSR: check_new_data() -> get_buffer_state_lcg(1)=0
14:39:47.331984 [MAC ] [D] [ 3794] BSR: check_new_data() -> get_buffer_state_lcg(2)=59
14:39:47.331988 [MAC ] [D] [ 3794] BSR: check_new_data() -> get_buffer_state_lcg(3)=0
14:39:47.331993 [MAC ] [D] [ 3794] BSR: LCID=0 old_buffer=0
14:39:47.332000 [MAC ] [D] [ 3794] BSR: LCID=1 old_buffer=0
14:39:47.332003 [MAC ] [D] [ 3794] BSR: LCID=2 old_buffer=0
14:39:47.332007 [MAC ] [D] [ 3794] BSR: LCID=3 old_buffer=335
And since the buffer state of LCG=2 isn't zero, the new data for LCID=3 of that LCG is considered.
So effectivly, the BSR missed the "empty" buffer state for a fraction of time and doesn't
consider the outgoing data generated in the same TTI as new. It therefore
doesn't transmit a BSR.
in which a BSR wasn't
this was a very noisy log that was printed in pretty much
every TTI because the BSR procedure starts a SR whenever
it needs to send a regular BSR. The SR is canceled when a UL
grant arrives but the log line stays there.
Since we are printing a log when we actually signal a SR
to the PHY, this line is not needed.
this fixes the trigger logic for periodic BSRs. Previously we
would always trigger the "new data for highest priority LCID"
whenever new data becomes available for a LCID for which
a BSR has already been sent.
However, a BSR should only be sent if the priority is in fact higher
(lower int number).
in ZMQ runs we've seen that entering idle could take quite
a bit of time depending how quickly workers get their samples
sent or reconfigurations done.
In one example up to ~160ms
this patch increases the maximum wait time to 2s.
the BSR trigger wasn't reset after includinga regular or periodic
BSR inside a PDU. This caused the muxing to include another BSR in the
next UL grant. For very small grants, for example with 6 PRBs, this
causes the UE to send way too many BSRs.
when releasing PUCCH/SRS (see 5.3.13 in 36.331) we need to reset the SR config as well.
In our case, SR is handled by MAC so we need to (re-)configure MAC, not all of
MAC though, just SR.
this avoid logging a warning on UE shutdown if the MAC is already reset
but one of the PHY workers still decodes an UL grant for the old RTNI
21:30:29.254844 [RRC ] [I] Going RRC_IDLE
21:30:29.254848 [RRC ] [I] Proc "Go Idle" - Left connected state
21:30:29.259499 [PHY0] [I] [ 3865] Finished setting new PHY configuration cc_idx=0
21:30:29.259512 [PHY0] [I] [ 3865] Setting new PHY configuration cc_idx=0...
21:30:29.264190 [PHY0] [I] [ 3867] Finished setting new PHY configuration cc_idx=0
21:30:29.275036 [PHY1] [I] [ 3872] PHICH: hi=1, corr=1.0, I_lowest=1, n_dmrs=0, I_phich=0
21:30:29.275050 [MAC ] [W] [ 3872] Received grant for unknown rnti=0x46
this fixes issue #1846 that appears to be related
to the enter/exit state for measurements that is kept
even after a cell disappears from the neighbor list
this fixes#1791 which was caused by a race between
the PHY workers preparing a new UL-SCH PDU and the Stack resetting
the MAC, which in turn resets the HARQ processeses, which cleared
the buffer and set the length to zero.
Not explicitly clearing the buffer on a HARQ reset seems to be
fine since the PHY worker clears the buffer before starting to
pack a new PDU anyway.
* Fix deadlock caused by update_measurements calling in_sync
* Fix overlapping SRS condition
* Do not use shortened PUSCH in transmissions and retx from RAR
* Revert "Fix deadlock caused by update_measurements calling in_sync"
This reverts commit f58c8c8c766f8f95baa3a3bf8287d8e25b2057ba.
* Take into account CRS from neigbhour cells when measuring interference
* fix std::isnormal compilation
* Fixed compilation of test
* Address comments
* Remove unused overrides
* Make PHY non-blocking and fefactor HO procedure
* makes entire PHY non-blocking through command interface
* adds dedicated queue for cell_search/cell_select commands
* refactor HO procedure to run faster, in one stack cycle. Looks closer to the specs
* force ue to always apply SIB2 configuration during reestablishment
* Run update_measurements in all workers
Co-authored-by: Ismael Gomez <ismagom@gmail.com>
this was preventing that the Temp-CRNTI used in the RAR to be identical
to the currently configured C-RNTI of the UE.
The issue simply was that the RACH procedure was declared successful too
early, even before the Msg3 UL grant was filled with the Msg3 content.
The patch moves the logic that detects the successful completion of
the RACH procedure below the Msg3 packing.
* Removed magic numbers.
* Reduced indentation of statements with early exists.
* Removed elses after a return statement.
* Trimmed unnecessary include files.
* Default initialized members in the class.
we fix a number of very related issues for HO/reestablishment
in the success/error case:
* this patch removes the hard-coded check that intra-cell HO aren't
allowed. There are cases where eNBs use this method to update
the security context.
* the patch also fixes an issue after failed HO where the security context
of the source eNB should be used for the reestablishment.
* update security keys according to specs when mobilitycontrol
indicated change of key
stopping the UE in ZMQ mode caused a dead-lock because the Stack was
stopped before the PHY causing the sync queue to overflow. Since we
use a queue-length of 1 in ZMQ, mode, the PHY sync thread was blocking to
push a new sync event while the stack thread was already stopped.
this patch makes sure no new sync events are queued after the stack has
been terminated.
this patch fixes the UL BSR as per TS 36.321, it includes following
main changes:
* report UL buffer state to reflect the UEs transmit buffer after
the MAC UL PDU containing the BSR has been built.
In other words, if the UE, for example, can transmit all outstanding
data in an UL grant, it will not report any pending data to transmit.
* refactor MUX routines and subheader space calculation
simplify logic to check whether a BSR fits and, if so, which type.
before the check has been done in two places.
we now also accomodate for the CE subheader size.
we've not checked the return value when adding a new CE, like BSR or PHR,
for a UL MAC PDU. For very small UL grants, this could fail and
we need to remove the subheader again before packing the PDU.
This fixes issue #1649.
all calls that manipulate the RLC and/or PDCP arrays suffer
from a high deadlock risk if a PHY worker holds the RLC
AM Rx mutex at the same time when the stack wants to carry
out this reconfiguration.
this applies to RRC Reconfigs, but potentially also to RRC Connection
Reestablishment or even RRC Connection Setup, although this should
seldom be the case.
By breaking the call stack between RLC->PDCP->RRC->RCL and
carrying out the reconfig as a single task without holding the
RLC readlock the deadlock should not happen anymore.
This should fix issue #1593
- Import the srslog project into srslte.
- Ported srsue app to use the new logging framework.
- Implemented a wrapper that dispatches log entries to srslog.
- Renamed an existing log test to be more specific to avoid name clashes.
* add locked and unlocked version of has_data() since one is
called from stack and one from PHY threads
* add comments in each interface section as to why locking
is required or not
* remove RLC rwlock when not required
* move calls only used by RRC to RRC section
this patch refactors the SDU queuing and dropping policy of the RLC and PDCP layer.
the previous design had issues when packets have been generated at a higher
rate above the PDCP than they could be consumed below the RLC.
When the RLC SDU queues were full, we allowed two policies, one to block on the write
and the other to drop the SDU. Both options are not ideal because they either
lead to a blocking stack thread or to lost PDCP PDUs.
To avoid this, this patch makes the following changes:
* PDCP monitors RLC's SDU queue and drops packets on its north-bound SAP if queues are full
* a new method sdu_queue_is_full() has been added to the RLC interface for PDCP
* remove blocking write from pdcp and rlc write_sdu() interface
* all writes into queues need to be non-blocking
* if Tx queues are overflowing, SDUs are dropped above PDCP, not RLC
* log warning if RLC still needs to drop SDUs
* this case should be avoided with the monitoring mechanism
apply same change that we've done on the eNB also on the UE
to avoid the PHY processing TTIs faster than the stack.
Without that, we see lots of those in the logs:
...
08:39:17.580325 [STCK] [W] Detected slow task processing (sync_queue_len=7).
...
before entering RRC idle, after receiving a RRC connection release for example,
we need to wait until the RLC for SRB1 or SRB2 have been flushed, i.e.
the RLC has acknowledged the reception of the message.
Previously we have only waited for SRB1 but the message can also be received on SRB2
and in this case both bearers need to be checked.
The method is now streamlined to check both SRBs and is also used when
checking the msg transmission of an detach request.
* Added the appropriate code for handling and sending the
re-establishment procedure messages to rrc_ue.c/.h.
* Triggered RRC reconfiguration after the reception of RRC
re-establishment complete
* Refreshed K_eNB at the reception of re-establishment
request
* Changed the mapping of TEIDs to RNTIs in the GTP-U layer,
as the RNTI might change with reestablishment.
Bugfix the wrong ra_rnti calculation in ra_proc::state_pdcch_setup.
According to TS 36.321 Subsection 5.1.4 Random Access Response reception, we can see the formula on RA-RNTI, which is,
RA-RNTI= 1 + t_id + 10*f_id,
where t_id is the index of the first subframe of the specified PRACH (0≤ t_id <10), and f_id is the index of the specified PRACH within that subframe, in ascending order of frequency domain (0≤ f_id< 6). Then, reading the srslte source code, we can see that, the code should bugfix.
BTW, the wrong code can run normal for LTE_FDD, causing of the info_f_id = 0; but it should be wrong, when it is LTE_TDD.
if no cell/PLMN can be found if the UE is switched on, the UE was never
trying again.
In theory this would be handled by T3410, but the timer
is not started in case the PLMN search isn't done yet.
The current TTI gap calculation assumes strict continuity
of radio time stamps, even when retuning, changing sample rate, etc.
This is certainly desireble but not necessaritly the case and may cause
issues when negative time gaps or too large gaps are detected and reported
to the stack.
this patch makes the assumption that valid TTI jumps are between 1ms
and 1s and that larger gaps are the result of screwed time-stamps
or too long radio operations.
extend GW-NAS interface to signal test mode activation.
The method is a noop in the normal GW but is implemented in
the TTCN3 DUT according to TS 36.509 for Mode B
This commit implements support for the CLOSE_UE_TEST_LOOP message.
Currently the mode is not saved and looping the data is not implemented.
Only the *_COMPLETE message is sent back as a response.
First of all, with this the NAS conformance tests pass with ciphering and
integrity turned on. Before only integrity was working.
Mainly the NAS was applying the integrity protection and/or ciphering
incorrectly because it wasn't taking the secuirty status of the PDUs
into account. Some where already correct, some not. The patch
streamlines the handling for all outgoing messages.
during deinit of the UE/eNB it could happen that the log_ptr
was already set to null but the stack thread was still accessing
it through log_h->info()
i've moved the old macro into a new header and used as as much
as possible. there are still places in the code where similar
macros are used but we would need to change the variable name
to replace them
previously the NAS would cancel a attach request procedure if the PLMN
is already selected. PLMN selection, however, in not necessarily happening
before requesting RRC to establish a connection.
this is to better differentiate from "send_attach_request" that
only packs and send the actual attach request message. The
entire attach procedure may include PLMN search, etc.
t3402, t3410 and t3411 are now managed in the sender
function of the attach request. previosly they were only
correctly started in the high-level NAS call start_attach_request()
which may not be called if NAS itself resends the request
* Use task id to track old background tasks in RA procedure
* Improve robustness against RF overflow in PHY
* Increase SNR out-of-sync threshold
* Do not change frequency if it's the same
* Increase sync priority
* Increase time to start receiving to reduce input buffer occupation
* Use scoped lock in sf_worker
- move handling to NAS
- use switch off to enable airplane mode (don't wait for EPC response)
- add tiny FSM to control airplane mode activation/deactivation
- only start on/off counter after state has been entered
the signal handler is the same for all three apps. The "running" flag
as well as the file_logger object are in the common header in order
to allow the signal handler to flush the file if the alarm goes off.
previously PDCP security (integrity and ciphering) could only
be enabled for both Rx and Tx at the same time.
this, however, caused an issue during the conformance testing in which,
in TC_8_2_1_1() for example, the eNB sends a SecModeCommand and a
RRC Reconfiguration in the same MAC TB. In this case, the eNB
needs to be able to enable DL security right after sending the SecModeCmd
in order to send the RRCReconfig encrypted. However, enabling UL security needs
to be postponed until after the SecModeComplete is received.
This patch allows to enable PDCP security for rx/tx independently if
that is needed. The default way is like before, enabling it for tx/rx at
the same time.
this fixes an issue in the step() function of the connection_request_proc
in which the dedicated_info_nas message was passed to RRC without
checking if its actually valid or not, i.e. contains a message at all.
because this check was missing and the step() function could be called
multiple-times, the function would overwrite the dedicated_info_nas
in RRC, and therefore causing the connection setup complete to fail
this fixes a bug in which the contention resolution timer expired
and the RA proc entered the BACKOFF state.
In the same TTI, a MAC PDU with the contention reslution ID is received
and the already aborted RA procedure succeeds. Unfortunatly with the
wront c-rnti which has already been reset before. See log excerpt
below:
16:16:36.909687 [RRC ] [D] MEAS: Processing measurement of 1 cells
16:16:36.909706 [RRC ] [I] MEAS: New measurement serving cell: rsrp=-85.00 dBm.
16:16:36.909732 [MAC ] [I] [ 6283] RA: ConRes: Contention Resolution Timer expired. Stopping PDCCH Search and going to Response Error
16:16:36.909749 [MAC ] [D] [ 6283] RA: ConRes: Backoff wait interval 143
16:16:36.909771 [MAC ] [D] [ 6282] Delivering PDU=27 bytes to Dissassemble and Demux unit (Temporal C-RNTI)
16:16:36.909799 [MAC ] [D] [ 6283] Found Contention Resolution ID CE
16:16:36.909814 [MAC ] [D] [ 6283] RA: Backof: MAC PDU Contains Contention Resolution ID CE
16:16:36.909826 [MAC ] [D] [ 6283] Msg3 buffer flushed
16:16:36.909858 [MAC ] [I] [ 6283] RA: Backof: Random Access Complete. c-rnti=0x0, ta=0
16:16:36.909871 [MAC ] [D] [ 6283] Saved MAC PDU with Temporal C-RNTI in buffer
this patch adds a buffer len paramter to the receive_samples() call
that protects the (also) provided buffer from overflowing.
currently each call to srslte_ue_sync_zerocopy() which then calls receive_samples()
relies on a buffer that is "big enough". But that buffer is sometimes
2 subframes, sometimes 3 or 5, sometimes has space for the maximum PRB size, sometimes
only for 6 PRBs (i.e. during cell search).
By extending the interface to pass the buffer size we can make sure that
only samples are received that actually fit inside the provided buffer.
If a process exits and has a controlling terminal, everything under
it gets a SIGHUP by the kernel. That's the case for instance when
running a srsUE over ssh with some specific parameters. As a result,
when the ssh client is killed, SIGHUP is sent to srsUE, which will be
killed immediatelly without proper release, which means in turn that log
buffers are not flushed.
Let's do proper shutdown when SIGHUP is received so that everyone can
get log files.
this fixes an issue in which, during cell search, the sync code
itself would set the serving cell whenever it found a new cell.
instead, only report the found cell to RRC and keep the sample
rate at 1.92 MHz. RRC may select a new serving cell and then tell
PHY to camp on it.
rrc_meas refactor. Need to split commit
Fix typo
Temporal commit
Apply rx_gain_offset to neighbour cell measurements
srsLTE: modify TESTASSERT Macro to follow codeline
SRSUE: prevent RRC from having serving cell in neighbour list
SRSUE: DL HARQ does not need Time Aligment Timer. UL is disabled using PUCCH resources release
SRSUE: extend intra-frequency to CA SCell
SRSUE: fix confusing/ambiguous code in the RRC measurements and fix concurrency issue
SRSUE: remove RRC measurement report triggers when measurements are modified or HO succesful
SRSUE: fix compilation issues and Reest SIB indexes
Fixes sync using incorrect cell configuration when search cell does not find a correct cell
Small refactor to remove measurement report triggers always after removing measurement
SRSUE: Removed SIC PSS from UE
SRSUE: fix inter-frequency reestablishment and added more traces
SRSUE: Fix compilation issue
in the UE conformance testing we've spotted an issue
where an event was evaluated even though the trigger type for
the report was periodic which caused an exception in RRC
there were two defaults and one was shadowing the other. This
commit removes both defaults and uses blocking-mode for RRC
calls to PDCP in the UE. The eNB write_sdu() uses the non-blocking
mode by default. We have to review the eNB's RRC perhaps and use blocking
there too and non-blocking only for data plane
previously we've returned the init() function when a sublayer
init failed. This leaves the pointers to the layers unset which, in turn,
breaks the stop() call for the UE
adding a cond variable and mutex to protect init and (re-)config of PHY
currently this is only used during init. If the stack couldn't be
initialized but the PHY init thread was already started, we need to
properly wait until this is done
with the stack refactor we've introduced a regression in which
the GUI was started too early when no cell was found yet.
this caused the GUI to be initilized with only one Tx port. When connecting
to a cell with ports, the GUI plotter would then write
into unitialized memory.
* Clang-formated UE, eNB and lib.
* Fixed compiling errors from clang-format.
* Fix linking issues introduced by clang-format
* Fix poor formating in initializing arrays of arrays.
* Fix mistake in conflict resolution on rm_turbo.c
* Re-apply clang format to gtpc_ies.h
before the type of some message wasn't displayed correctly,
like SIBs, for example because the logger didn't
know the filed to retrieve the type string
the in_sync flag has been misused in some parts of the code
receiving a PHY measurement for a cell does not automatically
mean that we are "in sync", as it is used in RRC as a condition
to indicate if we are camping on cell
the in_sync/out_of_sync condition should only be altered by the
corresponding functions sent from the PHY for the currently selected
cell (and not automatically for all cells)
the commit also removes the deletion of cells which are not "in sync"
from the list of neighbor cells. Instead, RRC calls a clean-up function
peridically that deletes old cells eventually.
move non-type-specific methods of proc_t to its base class.
procedure state machine was simplified via a future-type. Now procedures dont get stuck until the user reads the procedure outcome.
made the NAS procedures more event trigger/reaction-based.
before cell reselection was postponed to the next TTI but this is not possible in
the case where the serving cell changes.
if the "old" serving cell is no longer suitable, we would directly go to RRC IDLE below.
Therefore we need to select the new serving cell before sending the reestablishment
request.
this is tested in TC_8_5_1_1
this allows a simpler main that just signals NAS to switch on the UE
but doesn't block until the action is completed.
For making sure the UE also attached if the first attempt failed
the NAS needs to be extended to support the correct timers.
the main issue was the plmn_selected variable. the solution
was to create a function to enter the deregistered state that resets the variable
and performs all other actions that need to be performed, like clearing
EPS bearers.
The patch also extends the SS to support AT commands to enable/disable
data services and now succesfully passes TC_9_2_2_1_7
using the local rx count has caused issues when our UE
missed one NAS message was therefore out-of-sync and then
dropped all following NAS messages due to integrity failure
the NAS spec clearly states that the UE should use the
count received as an input for the integrity check calculation
when going RRC idle, NAS gets informed and currently
clears all registered EPS bearers. This is wrong because
the EPS can outlive a RRC session.
Also in the conformance tests it's clearly seen
that after a RRC release a dedicatated EPS bearer is
created with a linked EPS bearer ID that has been
created _before_ RRC went idle.
* Calling tx_end() from radio_reset() causes long execution time in B210. Using boolean to call later instead. Fixes RLF failing in B210. Checked in X300
* Fix issue #655
if phy measurements are received and processes before a serving cell
is selected, an invalid neighbor cell is added because the uninitlized
serving cell is used.
fix the issue by checking if the serving cell is valid
RRC-PHY interface refactor. Moved RRC-MAC interface to rrc_asn1_utils and created RRC-PHY interface also in rrc_asn1_utils. All ASN1 includes should be made from rrc_asn1_utils only keeping ue_interfaces clean of ASN1
Tested with different common and dedicated configurations (64QAM UL, 256QAM, CA, SRS enabled/disabled, etc)
* first step towards moving MAC timers to stack. Mac is still using its own timers. srslte::timers class can be restructured.
* moved timers out of the UE MAC
this fixes the issue when the stack is torn down if, for example,
the radio couldn't be loaded correctly. it will hence call stop() on all stack
components which are not initialzized yet, and logging therefore doesn't work.
the log object is know during contruction time and therefore can be passed
in as soon as possible.