we've seen a heap-buffer overflow in fmt because printf wasn't using
the right formtter for size_t, which should be %zu
this patch fixes it for the PDCP LTE entity but we might have it elsewhere too
[1m[31m==7595==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x629000e6f1fc at pc 0x562273a45289 bp 0x7f35567641f0 sp 0x7f35567641e0
[1m[0m[1m[34mREAD of size 4 at 0x629000e6f1fc thread T12 (STACK)[1m[0m
0 0x562273a45288 in fmt::v7::basic_format_arg<fmt::v7::basic_printf_context<std::back_insert_iterator<fmt::v7::detail::buffer<char> >, char> > fmt::v7::detail::make_arg<fmt::v7::basic_printf_context<std::back_insert_iterator<fmt::v7::detail::buffer<char> >, char>, unsigned int>(unsigned int const&) (/osmo-gsm-tester-srsue/srslte/bin/srsue+0x9dc288)
1 0x562273a3aa86 in void fmt::v7::dynamic_format_arg_store<fmt::v7::basic_printf_context<std::back_insert_iterator<fmt::v7::detail::buffer<char> >, char> >::emplace_arg<unsigned int>(unsigned int const&) (/osmo-gsm-tester-srsue/srslte/bin/srsue+0x9d1a86)
2 0x562273a308e7 in void fmt::v7::dynamic_format_arg_store<fmt::v7::basic_printf_context<std::back_insert_iterator<fmt::v7::detail::buffer<char> >, char> >::push_back<unsigned int>(unsigned int const&) /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/lib/include/srslte/srslog/bundled/fmt/core.h:1548
3 0x562274361541 in void srslog::log_channel::operator()<unsigned int&, unsigned int&, unsigned long>(char const*, unsigned int&, unsigned int&, unsigned long&&) /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/lib/include/srslte/srslog/log_channel.h:101
4 0x56227430d9e7 in srslte::pdcp_entity_lte::update_rx_counts_queue(unsigned int) /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/lib/src/upper/pdcp_entity_lte.cc:451
the patch refactor the logging when a new PDCP SDU is enqueued for
transmission at RLC.
If the SN is already present, only a warning is logged. From the RLC
perspective operation continues and the SDU will be transmitted.
The patch also changes the order of logs. When the SN cannot be inserted
inside the queue of undelivered SDUs, only one message is logged.
since the tests are random we sometimes hit the maxRetx threshold
with 8 retx allowed that made the unit test fail.
increase threshold to lower the likelihood for this to happen.
undeliverd_sdus_queue. Added a queue to store information about
rx_counts received.
Added unit test for when the SNs wrap-around in status report genaration
this patch replaces the std::vector type used in the interface between
PDCP and RLC to signal delivery status between both layers. The new
data type is a configurable but fixed-size vector.
The RLC AM doesn't need to dynamically allocate the vector for every SN but
uses the tx_window for storage.
this patch fixes the actions/handling after RLC detected
maxRetx reached for a given SN.
According to the TS, RLC should only inform upper layers and
not try to recover from the event itself.
As a consequence, we won't manipulate the Tx or Rx window.
As a result of this, we might retransmit a SN more than
the specified amount of times.
It's the task of RRC to reestablish the bearer to recover
from that.
the PDCP SN was used to fill the SDU with data. But since
the max value isn't devisable by 256 it didn't always increment
correctly. Use a normal byte now that wraps correctly.
* optimize processing of status PDU (SN is removed from window immediately)
* fix maxRetx signaling for segments
* make tx_window_t a template class, rename and use for rx_window as well
among cleaning up the the stress test, it does:
* remove optional pedantic flag and make it the default to catch resegmentation issues
* use random SDU and MAC grant size the default
* use factory functions to create RLC configs (make maxretx configurable)
* remove reestablishment and print error when maxRetx is triggered
* fix NR PCAP usage and removes PCAP ifdef