Changes
remsim-bankd: Don't pass on illegal TPDUs of illegal length
TPDUs with length < 5 bytes or > 260 bytes are illegal in T=0. It
doesn't make sense to send them to pcsc-lite, triggering bugs in either
pcsc-lite or the CCID firmware down the road. Let's filter them.
Change-Id: I5c9f1143b85470234acd2e2ffe3e0cf72bd2ae43
TPDUs with length < 5 bytes or > 260 bytes are illegal in T=0. It
doesn't make sense to send them to pcsc-lite, triggering bugs in either
pcsc-lite or the CCID firmware down the road. Let's filter them.
Change-Id: I5c9f1143b85470234acd2e2ffe3e0cf72bd2ae43
laforge
at
bankd: Avoid osmocom logging mutex deadlock in signal handling
The main thread communicates slotmap add + delete via POSIX signals
to the worker threads. As those signals interrupt the normal
processing of the worker thread, they might get delivered while the
thread is already logging something, causing a deadlock. This has
been observed in the real world in the following stack trace (where it's
actually two nested signals):
Thread 45 (Thread 0x7fa014ff96c0 (LWP 620753) "osmo-remsim-ban"):
#0 futex_wait (private=0, expected=2, futex_word=0x7fa0a992b360 <osmo_log_tgt_mutex>) at ../sysdeps/nptl/futex-internal.h:146
#1 __GI___lll_lock_wait (futex=futex@entry=0x7fa0a992b360 <osmo_log_tgt_mutex>, private=0) at ./nptl/lowlevellock.c:49
#2 0x00007fa0a9730482 in lll_mutex_lock_optimized (mutex=0x7fa0a992b360 <osmo_log_tgt_mutex>) at ./nptl/pthread_mutex_lock.c:48
#3 ___pthread_mutex_lock (mutex=0x7fa0a992b360 <osmo_log_tgt_mutex>) at ./nptl/pthread_mutex_lock.c:93
#4 0x00007fa0a98d878d in log_tgt_mutex_lock_impl () from /usr/local/lib/libosmocore.so.22
#5 0x00007fa0a98db9a1 in log_check_level () from /usr/local/lib/libosmocore.so.22
#6 0x0000559db6278e31 in handle_sig_mapadd (sig=<optimized out>) at bankd_main.c:558
#7 <signal handler called>
#8 0x00007fa0a9701548 in __vfprintf_internal (s=s@entry=0x7fa014fe3a50, format=format@entry=0x7fa0a991905a "%ld ", ap=ap@entry=0x7fa014fe3bd0, mode_flags=mode_flags@entry=0) at ./stdio-common/vfprintf-internal.c:983
#9 0x00007fa0a9722758 in __vsnprintf_internal (string=0x7fa014fe3eb0 "", maxlen=<optimized out>, format=0x7fa0a991905a "%ld ", args=args@entry=0x7fa014fe3bd0, mode_flags=mode_flags@entry=0) at ./libio/vsnprintf.c:114
#10 0x00007fa0a96fcca2 in __GI___snprintf (s=<optimized out>, maxlen=<optimized out>, format=<optimized out>) at ./stdio-common/snprintf.c:31
#11 0x00007fa0a98d91b4 in _output_buf () from /usr/local/lib/libosmocore.so.22
#12 0x00007fa0a98d9def in _output () from /usr/local/lib/libosmocore.so.22
#13 0x00007fa0a98da0ef in osmo_vlogp () from /usr/local/lib/libosmocore.so.22
#14 0x00007fa0a98da2bb in logp2 () from /usr/local/lib/libosmocore.so.22
#15 0x0000559db62790ba in handle_sig_mapdel (sig=35) at bankd_main.c:546
#16 <signal handler called>
#17 0x00007fa0a97a025f in __GI___poll (fds=0x7fa014fe5650, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#18 0x00007fa0a9892d53 in ?? () from /lib/x86_64-linux-gnu/libpcsclite.so.1
#19 0x00007fa0a988fd9e in SCardTransmit () from /lib/x86_64-linux-gnu/libpcsclite.so.1
#20 0x0000559db627c9ef in pcsc_transceive (worker=0x559dbd5c5750, out=<optimized out>, out_len=<optimized out>, in=<optimized out>, in_len=0x7fa014fe57b8) at bankd_pcsc.c:319
#21 0x0000559db627a479 in worker_handle_tpduModemToCard (pdu=0x7fa050003a50, worker=0x559dbd5c5750) at bankd_main.c:826
#22 worker_handle_rspro (pdu=0x7fa050003a50, worker=0x559dbd5c5750) at bankd_main.c:892
#23 worker_transceive_loop (worker=0x559dbd5c5750) at bankd_main.c:1005
#24 0x0000559db627aff2 in worker_main (arg=<optimized out>) at bankd_main.c:1079
#25 0x00007fa0a972d1f5 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#26 0x00007fa0a97ad8dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
As a hot-fix, let's avoid logging from the handle_sig_map{del,add}()
functions at all, making them safe against a deadlock around this mutex.
We should decide how to proceed in general with potentially some
architectural changes later on; any such changes are not suitable as a
hot fix due to their potential of introducing other regressions.
Change-Id: I5ea32886dfaf624b4dc5ad7924941c7b904c1d36
Related: SYS#7930
The main thread communicates slotmap add + delete via POSIX signals
to the worker threads. As those signals interrupt the normal
processing of the worker thread, they might get delivered while the
thread is already logging something, causing a deadlock. This has
been observed in the real world in the following stack trace (where it's
actually two nested signals):
Thread 45 (Thread 0x7fa014ff96c0 (LWP 620753) "osmo-remsim-ban"):
#0 futex_wait (private=0, expected=2, futex_word=0x7fa0a992b360 <osmo_log_tgt_mutex>) at ../sysdeps/nptl/futex-internal.h:146
#1 __GI___lll_lock_wait (futex=futex@entry=0x7fa0a992b360 <osmo_log_tgt_mutex>, private=0) at ./nptl/lowlevellock.c:49
#2 0x00007fa0a9730482 in lll_mutex_lock_optimized (mutex=0x7fa0a992b360 <osmo_log_tgt_mutex>) at ./nptl/pthread_mutex_lock.c:48
#3 ___pthread_mutex_lock (mutex=0x7fa0a992b360 <osmo_log_tgt_mutex>) at ./nptl/pthread_mutex_lock.c:93
#4 0x00007fa0a98d878d in log_tgt_mutex_lock_impl () from /usr/local/lib/libosmocore.so.22
#5 0x00007fa0a98db9a1 in log_check_level () from /usr/local/lib/libosmocore.so.22
#6 0x0000559db6278e31 in handle_sig_mapadd (sig=<optimized out>) at bankd_main.c:558
#7 <signal handler called>
#8 0x00007fa0a9701548 in __vfprintf_internal (s=s@entry=0x7fa014fe3a50, format=format@entry=0x7fa0a991905a "%ld ", ap=ap@entry=0x7fa014fe3bd0, mode_flags=mode_flags@entry=0) at ./stdio-common/vfprintf-internal.c:983
#9 0x00007fa0a9722758 in __vsnprintf_internal (string=0x7fa014fe3eb0 "", maxlen=<optimized out>, format=0x7fa0a991905a "%ld ", args=args@entry=0x7fa014fe3bd0, mode_flags=mode_flags@entry=0) at ./libio/vsnprintf.c:114
#10 0x00007fa0a96fcca2 in __GI___snprintf (s=<optimized out>, maxlen=<optimized out>, format=<optimized out>) at ./stdio-common/snprintf.c:31
#11 0x00007fa0a98d91b4 in _output_buf () from /usr/local/lib/libosmocore.so.22
#12 0x00007fa0a98d9def in _output () from /usr/local/lib/libosmocore.so.22
#13 0x00007fa0a98da0ef in osmo_vlogp () from /usr/local/lib/libosmocore.so.22
#14 0x00007fa0a98da2bb in logp2 () from /usr/local/lib/libosmocore.so.22
#15 0x0000559db62790ba in handle_sig_mapdel (sig=35) at bankd_main.c:546
#16 <signal handler called>
#17 0x00007fa0a97a025f in __GI___poll (fds=0x7fa014fe5650, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#18 0x00007fa0a9892d53 in ?? () from /lib/x86_64-linux-gnu/libpcsclite.so.1
#19 0x00007fa0a988fd9e in SCardTransmit () from /lib/x86_64-linux-gnu/libpcsclite.so.1
#20 0x0000559db627c9ef in pcsc_transceive (worker=0x559dbd5c5750, out=<optimized out>, out_len=<optimized out>, in=<optimized out>, in_len=0x7fa014fe57b8) at bankd_pcsc.c:319
#21 0x0000559db627a479 in worker_handle_tpduModemToCard (pdu=0x7fa050003a50, worker=0x559dbd5c5750) at bankd_main.c:826
#22 worker_handle_rspro (pdu=0x7fa050003a50, worker=0x559dbd5c5750) at bankd_main.c:892
#23 worker_transceive_loop (worker=0x559dbd5c5750) at bankd_main.c:1005
#24 0x0000559db627aff2 in worker_main (arg=<optimized out>) at bankd_main.c:1079
#25 0x00007fa0a972d1f5 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#26 0x00007fa0a97ad8dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
As a hot-fix, let's avoid logging from the handle_sig_map{del,add}()
functions at all, making them safe against a deadlock around this mutex.
We should decide how to proceed in general with potentially some
architectural changes later on; any such changes are not suitable as a
hot fix due to their potential of introducing other regressions.
Change-Id: I5ea32886dfaf624b4dc5ad7924941c7b904c1d36
Related: SYS#7930
laforge
at