Project

General

Profile

Bug #5169

ctrl_cmd_make crash MSC

Added by tompsonKo 14 days ago. Updated 7 days ago.

Status:
Feedback
Priority:
High
Assignee:
Category:
libosmoctrl
Target version:
-
Start date:
06/03/2021
Due date:
% Done:

90%

Spec Reference:

Description

When I try to get a list of users (70+) through the MSC control interface with the "subscriber-list-active-v1" function, the service crashes with message "Not enough tailroom msgb_put ..."

Problem in https://github.com/osmocom/libosmocore/blob/442ff64ad4b27864a0259681b53e5607b9aadfe7/src/ctrl/control_cmd.c#L526

msg = msgb_alloc_headroom(4096, 128, "ctrl command make");

4096 is not enough

Can we change the constant to a dynamic value and won't it affect anything in other places?


Related issues

Has duplicate OsmoMSC - Bug #5175: CTRL command crashes osmo-msc (libosmocore)New06/10/202106/11/2021

Associated revisions

Revision f5b8ed14 (diff)
Added by pespin 1 day ago

ctrl: Pre-calculate required size before allocating msgb

This commit fixes crash when response is more than ~4096 chars.
Furthermore, we now allocate only the required memory, not 4096 for all
messages, which usually don't require it.
Test needs to be adapted since it assumed there was more available space
at the end of the msgb.

Related: OS#5169
Change-Id: I0b8f370f7b08736207f9efed13a0663b5e482824

Revision d1b07162 (diff)
Added by pespin 1 day ago

ctrl: Support recovering from short write

osmo_wqueue has support for it, so simply handle it correctly in the
callback (updating buffer and returning -EAGAIN).

Related: OS#5169
Change-Id: I6cbc7ec6ae6832e61cddf4402332ba09b142a7d4

History

#1 Updated by laforge 13 days ago

When I try to get a list of users (70+) through the MSC control interface with the "subscriber-list-active-v1" function, the service crashes with message "Not enough tailroom msgb_put ..."

That's of course not nice at all. Thanks for the report!

Can we change the constant to a dynamic value and won't it affect anything in other places?

The problem is that the libosmocore/ctrl doesn't know upfront what size to allocate.

CTRL was defined as an interface to get or set small parameters, and not for obtaining
comprehensive lists or larger data structures. Think of changing some small configuration
value or the like.

So we have multiple issues here:

  • CTRL is used in a way it shouldn't be used (exporting the whole subscriber list)
  • no matter the above, it shouldn't crash but fail gracefully

#2 Updated by keith 7 days ago

  • Related to Bug #5175: CTRL command crashes osmo-msc (libosmocore) added

#3 Updated by keith 7 days ago

  • Related to deleted (Bug #5175: CTRL command crashes osmo-msc (libosmocore))

#4 Updated by keith 7 days ago

  • Has duplicate Bug #5175: CTRL command crashes osmo-msc (libosmocore) added

#5 Updated by keith 7 days ago

I just realised that this is a massive problem for TIC/Rhizomatica as the REST API that supplies subscriber details to the web admin interface uses this CTRL command to get the list of connected MSISDNs

As far as I can see there is no other way to know who's connected, other than maybe some clunky query on the HLR database checking for recent LURs (ugh)

#6 Updated by laforge 7 days ago

  • Assignee set to pespin
  • Priority changed from Low to High

#7 Updated by pespin 7 days ago

  • Status changed from New to Feedback
  • Assignee changed from pespin to keith
  • % Done changed from 0 to 90

The crash should be fixed by:
https://gerrit.osmocom.org/c/libosmocore/+/24639 ctrl: Pre-calculate required size before allocating msgb

I also did some related fixes/improvements:
https://gerrit.osmocom.org/c/libosmocore/+/24640 ctrl: Support recovering from short write
https://gerrit.osmocom.org/c/libosmocore/+/24641 msgb_alloc_headroom: Change size args to be uint16_t

keith please give a try again with all those applied and share your experience.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)