the Msg3 UL grant requires the TTI in which the RAR has been received
to calcualte the correct timing. There was a race between PHY and Stack
thread.
This patch circumvents the issue by removing a PHY state member that only holds
the RAR Rx timing. In the new interface the RA proc passes the Rx TTI
to the PHY again when setting the UL grant so the PHY can calculate the
correct timing without any state.
fixes stack use after free detected by ASAN
2021-08-31T17:21:44.885938 [MAC-NR ] [D] [ 0] Building new MAC PDU (9 B)
==10908==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffc481b5340 at pc 0x563c0486d489 bp 0x7ffc481b4470 sp 0x7ffc481b4460
READ of size 1 at 0x7ffc481b5340 thread T0
#0 0x563c0486d488 in srsran::mac_sch_subpdu_nr::to_string(fmt::v7::basic_memory_buffer<char, 500ul, std::allocator<char> >&) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x139488)
#1 0x563c0486db87 in srsran::mac_sch_pdu_nr::to_string(fmt::v7::basic_memory_buffer<char, 500ul, std::allocator<char> >&) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x139b87)
#2 0x563c0481c127 in srsue::mux_nr::get_pdu(unsigned int) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0xe8127)
#3 0x563c0484e62b in srsue::ul_harq_entity_nr::ul_harq_process_nr::new_grant_ul(srsue::mac_interface_phy_nr::mac_nr_grant_ul_t const&, bool const&, srsue::mac_interface_phy_nr::tb_action_ul_t*) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x11a62b)
#4 0x563c04850de4 in srsue::ul_harq_entity_nr::new_grant_ul(srsue::mac_interface_phy_nr::mac_nr_grant_ul_t const&, srsue::mac_interface_phy_nr::tb_action_ul_t*) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x11cde4)
#5 0x563c047bb004 in srsue::mac_nr::new_grant_ul(unsigned int, srsue::mac_interface_phy_nr::mac_nr_grant_ul_t const&, srsue::mac_interface_phy_nr::tb_action_ul_t*) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x87004)
#6 0x563c04760cdc in msg3_test() (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x2ccdc)
#7 0x563c0475f762 in main (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x2b762)
#8 0x7fae1cf400b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#9 0x563c047601bd in _start (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x2c1bd)
Address 0x7ffc481b5340 is located in stack of thread T0 at offset 320 in frame
#0 0x563c0486d78f in srsran::mac_sch_pdu_nr::to_string(fmt::v7::basic_memory_buffer<char, 500ul, std::allocator<char> >&) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x13978f)
some commands were executed from the calling thread which may lead
to concurrent access to members. Detected by TSAN. The patch
moves all remaining calls (the majority was alread moved) to the
Stack task queue.
* Protect PHY SR signal management in a class
* Protect intra_freq_meas vector
* Protect cell and srate shared variables in thread-safe classes
* srsue,srsenb: include TSAN options header
* Protect ue_rnti_t and rnti scheduling windows behind thread-safe classes
* Protect access to state variable in sync_state
* Protect access to metrics configuration
* Protect access to is_pending_sr
* Protect access to UE prach worker
* Protect UE mux
* Avoid unlocking mutex twice
* Fix data races in RF/ZMQ
* Fix data races in intra_measure and PHY
* Fix minor data races in MAC
* Make TSAN default behaviour to not halt on error
* Fix blocking in intra cell measurement
* Address comments
Co-authored-by: Andre Puschmann <andre@softwareradiosystems.com>
the EPS bearer manager was only informed when a single DRB
was removed but not when entering idle which requires to
remove all bearers.
This cause the service request to fail.
this is a rather large commit that is hard to split because
it touches quite a few components.
It's a preparation patch for adding NR split bearers in the next
step.
We realized that managing RLC and PDCP bearers for both NR and LTE
in the same entity doesn't work. This is because we use the LCID
as a key for all accesses. With NR dual connectivity however we
can have the same LCID active at the same time for both LTE and NR
carriers.
The patch solves that by creating a dedicated NR instance for RLC/PDCP
in the stack. But then the question arises for UL traffic on, e.g. LCID 4
what PDCP instance the GW should use for pushing SDUs. It doesnt' know
that. And in fact it doesn't need to. It just needs to know EPS
bearer IDs. So the next change was to remove the knowledge of what
LCIDs are from the GW. Make is agnostic and only work on EPS bearer IDs.
The handling and mapping between EPS bearer IDs and LCIDs for LTE
or NR (mainly PDCP for pushing data) is done in the Stack because
it has access to both.
The NAS also has a EPS bearer map but only knows about default and
dedicated bearers. It doesn't know on which logical channels they
are transmitted.
this patch mainly modernizes the bearer creation to use smart pointers.
that allows to simplify the error handling.
ue_stack is changed to match new interface. This commit compiles
but doesn't work.
the issue let to unwanted log warning at the end of the UE
execution when the PHY was still pushing DL PDUs while MAC
was already stopped.
This fixes#3003
we had it returning int but had a bug in using the return value properly,
i.e. handling when -1 was returned in RLC TM.
Thinking about it more, it doesn't make sense to have a negative return
value here anyway. Either the RLC can return a PDU or not. If it can't the
returned lenght is zero.
general-purpose method for lower layers to signal protocol
failures to higher layers, i.e. RRC.
In the current case, implement a direct release of the UE (enb) or
a reestablishment (UE).
in the mac_test the tb_decoded() method was called twice for
the 2nd codeword, causig TSAN to complain about an unlocked mutex
being unlocked.
The patch resolves the potential issue only calling tb_decoded
for a grant/tb thas has a non-zero MCS.
The patch also adjusts the reset function to have a safe and "unsafe"
version to be called from inside the class, similar to other
classes where we do the same.
this is an attempt to fix#2850 by defering the transmission of
the connection setup complete until the PHY has applied
the dedicated config in the connection setup.
- the consumer does multi-staged waiting:
1. spins first across all queues in a RR fashion
2. each queue access is done with a try_lock.
3. if the try_lock fails, it increases the number of spins needed
2. if no queue had data, the consumer sleeps for 100 usec.
- no differentiation between queues, in terms of notification features
preperation for Split bearer support. This patch is needed to allow
split bearer. Otherwise, even if the config is set in the eNB, it
will not enable split bearers.
With the new design, each queue created in the multiqueue object has its own mutex.
Pushing tasks to separate queues will, therefore, not cause contention.
There will be, however, still contention between the popping thread and the pushing threads.
this fixes a linking problem with RPi 3 (and probably others) running
with Raspbian (new Raspberry Pi OS) that can't use the inline
atomic functions but instead require linking against the lib -latomic.
The CMake code is based on SoapyRTLSdr file (licensed under MIT)
https://github.com/pothosware/SoapyRTLSDR/blob/master/CheckAtomic.cmake
- use const char* instead of std::string in enumerated<>::to_string() to avoid mallocs.
- Remove the use of "typedef", and use "using" keyword instead.
- Fix rrc_nr::setup_release_c<>::to_string() broken linkage.
the low timout of 10ms was:
1) causing too frequent measurement reports
2) causes a MO ping test to fail where the ICMP request
was sent on the LTE carrier but never got a reply because
the MCG addition was inbetween
this commit adds a complete DL HARQ entity to the MAC of the UE.
It also refactors demux into an own class and adapts the PHY-MAC
interface to use the new MAC capabilities.
this patch adds a basic UL HARQ entity for NR.
The patch also updates some interfaces between MAC/RA/HARQ,
i.e. get_temp_crnti().
It also adds a Msg3 unit test.
the created RLC PDU was too large to fit inside the MAC grant
because only the header room for the short L field was used.
The patch determines the correct size before passing the opportunity to RLC.
It also improves logging in error case by using the MAC logger instead of
stderr/stdout when error occurs.
building on the previous refactor this patch now adds support
for peridoic BSR reporting (using short BSR). It furthermore does
the following changes:
* add BSR packing
* add proc_bsr_nr unit test
* move mac_nr test code into test folder under src (needs to be done with other test code too)
this should fix log warnings then demux was trying to feed MAC CEs
to RLC:
10:50:54.845116 [MAC ] [I] [ 1153] Handling subPDU 1/2: rnti=0x0 lcid=61, sdu_len=1
10:50:54.845117 [RLC ] [E] Radio bearer id must be in [0:11] - 61
10:50:54.845118 [RLC ] [W] LCID 61 doesn't exist. Dropping PDU.
10:50:54.845119 [MAC ] [I] [ 1153] Handling subPDU 2/2: rnti=0x0 lcid=63, sdu_len=33
10:50:54.845119 [RLC ] [E] Radio bearer id must be in [0:11] - 63
* refactor some common methods to mac_common.cc
* add common mux_base class
* move UL PDU generation to mux class
* add logical channel registration to MAC, MUX, BSR
* add initial proc BSR
* add basic MAC NR test
* rework MAC interfaces