https://projects.osmocom.org/https://projects.osmocom.org/favicon.ico?16647414092022-11-25T02:49:58ZOpen Source Mobile CommunicationsOsmocomBB - Bug #5791: mobile: "DLLAPD NOTICE lapdm.c:769 (dl=0x62c000000ef0) EA bit 0 is not allowed in GSM"https://projects.osmocom.org/issues/5791?journal_id=255912022-11-25T02:49:58Zfixeria
<ul><li><strong>% Done</strong> changed from <i>0</i> to <i>10</i></li></ul><p>fixeria wrote:</p>
<blockquote>
<p>Looks like the <code>S, func=RR</code> frames are encoded incorrectly by the network side? <code>SAPI: SMS/SS (3)</code> is also suspicious.</p>
</blockquote>
<p>Actually it's not a coding problem on the network side:</p>
<ul>
<li>I added assert()s to libosmocore checking <code>EA == 1</code>, and osmo-bts did <strong>not</strong> crash,</li>
<li>I was unable to reproduce the problem with trxcon, only with the Calypso PHY,</li>
</ul>
<p>so it's more likely a problem in osmocom-bb.</p> OsmocomBB - Bug #5791: mobile: "DLLAPD NOTICE lapdm.c:769 (dl=0x62c000000ef0) EA bit 0 is not allowed in GSM"https://projects.osmocom.org/issues/5791?journal_id=255922022-11-25T03:05:50Zfixeria
<ul></ul><p>I attached to mobile with gdb and here is some more insight:</p>
<pre>
(gdb) bt
#0 rsl_rll_error (cause=cause@entry=12 '\f', mctx=mctx@entry=0x7fffffffd9a0) at ../../../../src/libosmocore/src/gsm/lapdm.c:546
#1 0x00007ffff7822a42 in l2_ph_data_ind (link_id=0 '\000', chan_nr=<optimized out>, le=0x62c000000d60, msg=0x616000013be0)
at ../../../../src/libosmocore/src/gsm/lapdm.c:819
#2 lapdm_phsap_up (oph=<optimized out>, le=0x62c000000d60) at ../../../../src/libosmocore/src/gsm/lapdm.c:910
#3 0x000055555595d33e in rx_ph_data_ind (msg=0x616000013be0, ms=<optimized out>) at l1ctl.c:340
#4 l1ctl_recv (ms=<optimized out>, msg=msg@entry=0x616000013be0) at l1ctl.c:1002
#5 0x0000555555962a24 in layer2_read (fd=0x62c000000278) at l1l2_interface.c:82
#6 0x00007ffff78c551b in osmo_wqueue_bfd_cb (fd=0x62c000000278, what=1) at ../../../src/libosmocore/src/write_queue.c:47
#7 0x00007ffff78bec40 in poll_disp_fds (n_fd=<optimized out>) at ../../../src/libosmocore/src/select.c:361
#8 _osmo_select_main (polling=polling@entry=0) at ../../../src/libosmocore/src/select.c:399
#9 0x00007ffff78bed1e in osmo_select_main (polling=polling@entry=0) at ../../../src/libosmocore/src/select.c:438
#10 0x00005555557dc627 in main (argc=<optimized out>, argv=<optimized out>) at main.c:277
(gdb) frame 3
#3 0x000055555595d33e in rx_ph_data_ind (msg=0x616000013be0, ms=<optimized out>) at l1ctl.c:340
340 return lapdm_phsap_up(&pp.oph, le);
(gdb) p/s msgb_hexdump(msg)
$13 = 0x7ffff6032684 "[L1]> 41 00 00 49 00 1e 23 de 3f 00 00 00 [L2]> 0e 00 03 03 2d 06 1e 00 00 09 f1 07 00 01 27 ff 2b 2b 2b 2b 2b 2b 2b "
(gdb) p *(struct l1ctl_info_dl *)msg->l1h
$14 = {chan_nr = 65 'A', link_id = 0 '\000', band_arfcn = 18688, frame_nr = 3726843392, rx_level = 63 '?',
snr = 0 '\000', num_biterr = 0 '\000', fire_crc = 0 '\000', payload = 0x616000013c98 "\016"}
</pre>
<p>Looking closely at the output of msgb_hexdump(), I started to understand what's happening:</p>
<pre>
[L1]> 41 00 00 49 00 1e 23 de 3f 00 00 00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
struct l1ctl_info_dl
[L2]> 0e 00 03 03 2d 06 1e 00 00 09 f1 07 00 01 27 ff 2b 2b 2b 2b 2b 2b 2b
~~~~~ ~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SACCH L1H LAPDm SYSTEM INFORMATION TYPE 6 (!)
</pre>
<p>The layer1 firmware gives us SACCH, but does not mark it as such (<code>link_id = 0</code>). The LAPDm code tries to parse the <code>SACCH L1H</code> as LAODm header, and get confused.</p> OsmocomBB - Bug #5791: mobile: "DLLAPD NOTICE lapdm.c:769 (dl=0x62c000000ef0) EA bit 0 is not allowed in GSM"https://projects.osmocom.org/issues/5791?journal_id=255932022-11-25T03:13:14Zfixeria
<ul><li><strong>Category</strong> changed from <i>OsmocomBB mobile (host)</i> to <i>OsmocomBB Firmware</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>% Done</strong> changed from <i>10</i> to <i>80</i></li></ul><p>And here is the reason, in the layer1 firmware (<code>layer1/prim_rx_nb.c</code>):</p>
<pre>
a955cfd4e (Harald Welte 2010-04-09 21:25:13 +0200 122) /* Set SACCH indication in Link IDentifier */
a955cfd4e (Harald Welte 2010-04-09 21:25:13 +0200 123) if (mf_task_flags & MF_F_SACCH)
f4fbafded (Harald Welte 2010-05-29 12:57:48 +0200 124) rxnb.dl->link_id = 0x40;
67c49ba66 (Vadim Yanitskiy 2020-03-09 15:42:33 +0700 125) if (mf_task_flags & MF_F_PTCCH)
67c49ba66 (Vadim Yanitskiy 2020-03-09 15:42:33 +0700 126) rxnb.dl->link_id = 0x80;
a955cfd4e (Harald Welte 2010-04-09 21:25:13 +0200 127) else
f4fbafded (Harald Welte 2010-05-29 12:57:48 +0200 128) rxnb.dl->link_id = 0x00;
</pre>
<p>If <code>MF_F_PTCCH</code> is not set, then the <code>rxnb.dl->link_id</code> gets reset to <code>0x00</code>. Booom! And look who did this:</p>
<pre>
commit 67c49ba664f7d7d7f07986a20e6d6363a27e3fc4
Author: Vadim Yanitskiy <axilirator@gmail.com>
Date: Mon Mar 9 15:42:33 2020 +0700
firmware/layer1: introduce experimental PDCH support
This change implements basic (receive only) support of the PDCH
channels that are used in GPRS. Several coding schemes are
defined by 3GPP TS 45.003, however we can only do CS-1
for now, since it's basically an equivalent of xCCH.
In order to support the other schemes (CS2-4), we would need to
know how to configure the DSP (look at Freecalypso code?).
Change-Id: I44531bbe8743c188cc5d4a6ca2a63000e41d6189
</pre>
<p>SACCH is broken for nearly three years, and nobody even complained about that.</p> OsmocomBB - Bug #5791: mobile: "DLLAPD NOTICE lapdm.c:769 (dl=0x62c000000ef0) EA bit 0 is not allowed in GSM"https://projects.osmocom.org/issues/5791?journal_id=255952022-11-25T11:06:13ZHoernchen
<ul></ul><p>But I complained about it! <a class="external" href="https://osmocom.org/issues/5133">https://osmocom.org/issues/5133</a></p> OsmocomBB - Bug #5791: mobile: "DLLAPD NOTICE lapdm.c:769 (dl=0x62c000000ef0) EA bit 0 is not allowed in GSM"https://projects.osmocom.org/issues/5791?journal_id=255972022-11-25T11:13:17Zfixeria
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-3 priority-2 priority-default closed" href="/issues/5133">Bug #5133</a>: mishandling of the sacch l1 header</i> added</li></ul> OsmocomBB - Bug #5791: mobile: "DLLAPD NOTICE lapdm.c:769 (dl=0x62c000000ef0) EA bit 0 is not allowed in GSM"https://projects.osmocom.org/issues/5791?journal_id=255982022-11-25T11:16:10Zfixeria
<ul></ul><p>Hoernchen wrote in <a href="#note-4">#note-4</a>:</p>
<blockquote>
<p>But I complained about it! <a class="external" href="https://osmocom.org/issues/5133">https://osmocom.org/issues/5133</a></p>
</blockquote>
<p>I thought this was in the context of using trxcon, not the layer1 firmware? Marking as related anyway.</p> OsmocomBB - Bug #5791: mobile: "DLLAPD NOTICE lapdm.c:769 (dl=0x62c000000ef0) EA bit 0 is not allowed in GSM"https://projects.osmocom.org/issues/5791?journal_id=256042022-11-25T13:16:30Zfixeria
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>80</i> to <i>100</i></li></ul><p>This patch fixes the problem:</p>
<p><a class="external" href="https://gerrit.osmocom.org/c/osmocom-bb/+/30306">https://gerrit.osmocom.org/c/osmocom-bb/+/30306</a> fixup: firmware/layer1: introduce experimental PDCH support [NEW]</p> OsmocomBB - Bug #5791: mobile: "DLLAPD NOTICE lapdm.c:769 (dl=0x62c000000ef0) EA bit 0 is not allowed in GSM"https://projects.osmocom.org/issues/5791?journal_id=256052022-11-25T14:06:55Zfixeria
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>Applied in changeset <a class="changeset" title="fixup: firmware/layer1: introduce experimental PDCH support This regression was introduced with ..." href="https://projects.osmocom.org/projects/baseband/repository/osmocombb/revisions/edc12b2a5ca798384181ee21199d56746ba520dd">osmocombb|edc12b2a5ca798384181ee21199d56746ba520dd</a>.</p>