Age | Commit message (Collapse) | Author | Files | Lines |
|
If unit/test-qmimodem-qmi times out while running under valgrind,
valgrind complains about an uninitialized value being printed during
abort signal logging. dladdr fails on the valgrind address
(0x580BCE37 in the example below) but print_backtrace still tries to
access the Dl_info structure which is not initialized. The fix is to
handle the dladdr failure gracefully.
==36318== Conditional jump or move depends on uninitialised value(s)
==36318== at 0x4A862F8: __printf_buffer (vfprintf-process-arg.c:408)
==36318== by 0x4AA8067: __vsnprintf_internal (vsnprintf.c:96)
==36318== by 0x4B1D62B: __vsyslog_internal (syslog.c:220)
==36318== by 0x4B1DB83: vsyslog (syslog.c:100)
==36318== by 0x407C3F: ofono_error (log.c:92)
==36318== by 0x407FEB: print_backtrace (log.c:201)
==36318== by 0x40816B: signal_handler (log.c:228)
==36318== by 0x580BCE37: ??? (in /usr/libexec/valgrind/memcheck-arm64-linux)
|
|
|
|
Only qmux needs to asynchronously create service clients so the list
of pending clients should move there. At the same time flatten the
hashmap of queues of pending clients into a single queue that is
linearly searched--the number of pending clients will be small so
there is no need for any extra hashmap overhead or complexity.
|
|
The family_list hashmap is keyed by the client ID and service type,
unless qmux is creating the first client for a service type. In that
case the high bytes are 0x8000 instead of the client ID, and the
value is a queue of clients waiting for that service instead of the
service_family.
This commit moves the pending clients into thir own hashmap to ensure
that each hashmap contains a consistent type and eliminates the need
for marking pending keys with 0x80000000.
|
|
Modem ME310G1 sometimes add incomplete result lines to first AT+CRSM
command. Example:
AT+CRSM=192,12258
+CRSM: 0
+CRSM: 144,0,62178202412183022FE28A01058B032F06068002000A880110
OK
Parse all result lines starting with prefix until a line with at least sw1
and sw2 parameters is found.
|
|
I noticed this leak when I terminated ofonod while gobi was retrying
discovery on an unresponsive QMUX device.
==8257== 20 (16 direct, 4 indirect) bytes in 1 blocks are definitely lost in loss record 31 of 154
==8257== at 0x4885118: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-arm64-linux.so)
==8257== by 0x5A4737: l_malloc (util.c:49)
==8257== by 0x4669E3: qmi_param_new (qmi.c:2374)
==8257== by 0x466D73: qmi_param_new_uint8 (qmi.c:2449)
==8257== by 0x47D717: gobi_disable (gobi.c:482)
==8257== by 0x51BAD7: set_powered (modem.c:986)
==8257== by 0x51E8FB: __ofono_modem_shutdown (modem.c:2279)
==8257== by 0x518233: signal_handler (main.c:85)
==8257== by 0x496D14F: ??? (in /usr/lib/aarch64-linux-gnu/libglib-2.0.so.0.7800.0)
==8257== by 0x49CDE47: ??? (in /usr/lib/aarch64-linux-gnu/libglib-2.0.so.0.7800.0)
==8257== by 0x496DBFF: g_main_loop_run (in /usr/lib/aarch64-linux-gnu/libglib-2.0.so.0.7800.0)
==8257== by 0x518A23: main (main.c:314)
|
|
.read_settings is used by the core to setup the network interface for
the initial bearer. This initial bearer is typically an internet
context, but can be something else, depending on the carrier. The
initial bearer might also be configured by the network itself, and can
be IPv4, IPv6 or dual stack. Have the gprs-context driver query the
initial attach parameters to obtain this information, and only then
invoke the WDS Start Network command.
Supporting Dual Stack contexts requires multiple WDS handles to be
allocated, with each handle issuing a Start Network request with a
different IP family preference. This is currently not supported by the
underlying QMUX/QRTR transport. For now, choose invoke Start Network
with IPv4 family preference for IPV4 and Dual Stack contexts, and IPv6
famiily preference for IPv6 contexts.
|
|
Similarly to get_settings_ipv4, add get_settings_ipv6 function which
will parse the relevant TLVs present when GET_SETTINGS response
indicates IPv6 family is in use.
|
|
Prepare to support IPv6 bearers by moving IPv4 bearer context processing
into its own function. get_settings_ipv4() will be called if the
reported IP Family TLV reports ipv4.
|
|
|
|
This code was only used to print a message to log. Remove it for now.
The IP type will actually be used by gprs-context driver to determine
whether IPv4, IPv6 or Dual IP family interface should be activated.
|
|
Since gprs driver no longer uses DATA_CAPABILITY_STATUS TLV to report
the bearer to the core, move the parsing of this element to
network-registration atom driver. Introduce a new utility to convert
the DATA_CAPABILITY_STATUS TLV to a string list. For now, simply print
the capability when this TLV is received.
While here, eliminate CDMA specific enumerations as they're now
obsolete.
|
|
This TLV is reported by WDS "Event Report" indication and contains a
better representation of the current bearer compared to the Data Service
Capability TLV reported in the NAS Serving System indication.
TLV:
type = "Extended Data Bearer Technology" (0x2a)
length = 16
value = 00:00:00:00:03:00:00:00:00:10:00:00:00:00:00:00
translated = [ data_bearer_technology = '3gpp'
radio_access_technology = '3gpp-lte'
extended_data_bearer_technology_3gpp = 'lte-fdd'
...]
TLV:
type = "Data Service Capability" (0x11)
length = 2
value = 01:0B
translated = { [0] = 'lte '}
Some of the 5G and more esoteric technologies are not yet handled in
this commit. Support for these technologies needs to be added in the
core first.
Modify the logic in the gprs driver to use this new mechanism.
|
|
Fixes: e075175baff2 ("qmi: wds: add utility to parse Data System Status tlv")
|
|
Fixes: 34d0183a9ff7 ("qmi: Introduce shutdown operation")
|
|
Fixes: a11e3942354c ("qmi: Introduce discover() driver method")
|
|
|
|
This change was missing from commit c3da88e1
("drivers: adding support for the SIMCom A7605E-H"). Add it now to allow
radio-settings support for SIMCom A76XX modems.
|
|
Register the 1e0e:9011 usb id as a specialization of the sim7100 driver.
Use a new setup() function to handle the different order (and amount) of
USB endpoint numbers without introducing too much complexity to the
existing setup() function.
|
|
Use the recently added detection of modem model to apply the even more
recently added SIMCom sub-vendor id when creating atoms.
The "old" SIMCom vendor id is shared between the sim7100 and sim900
drivers, and so changing the 0 vendor id's for the existing
ofono_*_create() calls might have unexpected side-effects. Avoid such
changes by calling the needed ofono_*_create() functions separately for
each model instead.
|
|
As a preparation for adding support for the SIMCom A7672 modem, certain
quirks are needed in the atmodem driver. The OFONO_VENDOR_SIMCOM enum is
already shared by the existing sim7100 and sim900 drivers, so a new
"sub-vendor" enum is needed.
The new sub-vendor enum allows adding A7672 support to the sim7100
driver without changing behavior for other devices already supported.
A few of the existing simcom vendor quirks are replaced by the new
sub-vendor enum instead of making them apply to both. These places were
introduced in commit c3da88e1
("drivers: adding support for the SIMCom A7605E-H"), which should apply
to the A7672E modem too.
|
|
When tearing down the PPP context, the SIMCom A7672 modem issues a NO
CARRIER event on the control channel, which is detected as an error when
processing the AT+CFUN=4 respones.
Make the set_online(false) call succeed by ignoring the NO CARRIER
event.
|
|
Enter pre-sim state using AT+CFUN=4, and move the AT+CFUN=1 call into
the added set_online() callback. The modem (at least the A7672E variant)
generously issues unsolicited events between the CFUN command and the OK
response, so match on the +CFUN: prefix only in set_online().
|
|
Adding support for more simcom modems in the sim7100 driver requires
certain variants handlings based on the present modem model.
Default to an "unknown" variant to keep the existing behaviour, and
introduce the A76XX model to use when later adding support for the A7672
vartiant.
|
|
The sim7100_enable() returns 0 just after queuing the AT+CFUN=1 command,
which ofono core interprets as the modem being powered up and in pre-sim
state. In fact, the pre-sim state isn't reached until the modem returns
OK, which is caught in cfun_set_on_cb() in sim7100.c.
Delay the transition from off to pre-sim until the respone is received
by return EINPROGRESS instead, and let the (existing)
ofono_modem_set_powered() call signal pre-sim to ofono core.
|
|
Replace the g_at_{tty,syntax,chat} dance with a single call to
g_at_util_open_device().
|
|
It seems this TLV/Indication combination is needed in order for the
GET_LTE_ATTACH_PARAMETERS command to succeed:
ofonod[3257238]: Failed to query LTE attach params: 74
ofonod[3257238]: LTE bearer established but APN not set
|
|
|
|
Register for additional notifications via Indication Register command.
|
|
This is mostly useful to obtain inter and intra RAT changes, data bearer
changes, data transfer statistics, etc.
|
|
This will allow request to be re-arranged into a new sequence
easier in the future.
|
|
We can register to NAS indications much earlier, as soon as the NAS
service handle is created. Since the handle is now a 'lightweight'
handle, all service registrations are automatically unregistered when
the handle is destroyed. There's no need to track the registered
indication id and to remove it separately.
|
|
|
|
PERSIST_LOW_POWER setting is supposed to tell the device that it should
not enter online state at the next bootup. Unfortunately, no USB
devices tested seem to honor this setting.
Telit devices in particular will turn off the SIM and become unusable
until set back into online mode. Use low-power instead of persistent
low power state instead. AlwaysOnline support is now no longer needed.
|
|
send_one_dtmf() allocates cb_data, but does not properly clean it up on
the (rather unlikely) error path.
|
|
|
|
The send_dtmf function sets up a call to send_one_dtmf, which will call
the QMI_VOICE_START_CONTINUOUS_DTMF service function. The parameters to
this call are a hard coded call-id and the DTMF character to send.
start_cont_dtmf_cb will then be called which will set up a call to
QMI_VOICE_STOP_CONTINUOUS_DTMF to stop the tone. Finally,
stop_cont_dtmf_cb will check the final status.
|
|
[37312.033140] usb 4-1: New USB device found, idVendor=2c7c, idProduct=0800, bcdDevice= 4.14
[37312.033149] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[37312.033151] usb 4-1: Product: RM502Q-AE
[37312.033153] usb 4-1: Manufacturer: Quectel
|
|
This makes sure that any tty ports that are managed / created by the
"option" module can still be utilized by the gobi driver.
|
|
The current logic queries the default profile id every time the driver
believes the default bearer has been attached. However, oFono does not
modify the default profile number during its runtime. Query the default
profile id at initialization time instead.
While here, remove some magic numbers in favor of defined constants.
|
|
Add support for setting APN Type (IPV4, IPV6 or Dual), Username and
Password attributes of the profile used for the default bearer.
|
|
Introduce a new wds.c file which will house various utilities, such as
enumeration conversion, that could be shared between multiple QMI based
atom drivers. Move ofono_gprs_auth_method conversion here.
|
|
Several commands were invoked using magic numbers, even though they're
defined inside wds.h. Remove magic numbers from enumerations by
introducing appropriate enums to wds.h. Similarly, use defined
constants for parameter and result ids.
|
|
|
|
|
|
|
|
The gprs context probe function has logic to detect whether CGDATA is
supported by the modem, or if ATD*99 should be used instead. However, it
seems like this logic was wrongly placed after registering for CGEV
notification, which did an early return in case the passed chat did not
have a slave.
Thus the ATD*99 detection was skipped for USB modems using separate
"virtual" serial ports for command and data channels (i.e. ttyUSB0 for
AT and ttyUSB1 for PPP).
Fix USB modem case by moving the check for a slave chat (and the
registraion for CGEV notifications) to after the CGDATA check, which
lets the ATD*99 check run uncodionally.
|
|
The parameter structure was built, but not included into the
qmi_service_send call resulting in a memory leak.
Fixes: b6ced6c5c4c9 ("qmi: gprs-context: Request certain TLVs to be included")
|
|
gobi was the final user of these functions in its disable function. It
would perform this cleanup before sending a final message. This is not
necessary because gobi does not register for any notifications and the
only sends that might be in progress should only occur during
initialization. If a client actually needs this functionality it should
free the service and create a new one.
These functions are still used internally in qmi.
|
|
Now that each client gets its own qmi_service object, there is no need
to perform reference counting. qmi_service_ref has been removed and
qmi_service_unref has been renamed to qmi_service_free.
|
|
Some of the qmimodem drivers were calling qmi_service_unregister_all
before decrementing the reference count to 0. This is unnecessary
because the service will unregister all as it is being destroyed.
|
|
param was needlessly initialized to NULL in answer() and
release_specific(). Since all error paths free both cbd and param,
declare & initialize these variables at the start of the function.
Handle dial() similarly for consistency.
|
|
Simplify the code a bit by removing the use of ternary conditional
operation and replace it with a 'remote_number_tlv' variable. This also
removed a slight coding violation where a mix of spaces and tabs was
used for indentation.
|
|
Fix up some style violations:
- > 80 character lines
- Redundant parenthesis
Also, while here, fix up a typo: "informations" -> "information"
|
|
l_new cannot fail, and thus cannot return NULL. Remove the check and
simplify the code.
|
|
hangup_active iterates the current list of calls, looking for the first
active call and then calls release_specific. This then sets up the
parameters for a call to QMI_VOICE_END_CALL, with the only parameters
being the call-id.
end_call_cb will then be called and will parse out the call-id and check
for success.
|
|
The answer function setup the parameters for a call to the service
function QMI_VOICE_ANSWER_CALL. The only parameter is the call-id.
answer_cb will then be called which retrieves the call-id and checks
the status of the result.
|
|
Add voicecall dialling to the qmimodem driver
Includes required infrastructure and setup of the QMI services
Call State Handling
===================
On initialisation, register the all_call_status_ind callback to be
called for QMI_VOICE_IND_ALL_STATUS. This will handle notification of
call status to the rest of the system
Dial Handling
=============
The dial function sets up the parameters for the QMI_VOICE_DIAL_CALL
service. The parameters are the number to be called and the call type,
which is currently hard coded to be QMI_VOICE_CALL_TYPE_VOICE. The
dial_cb callback will then be called and will receive the call-id.
|
|
Destroying one service should not affect notifications for different
services of the same type.
|
|
Confirm that client notifications do occur after unref'ing (destroying)
the service.
|
|
Confirm that there are no problems when clients create services for
the same qmi type.
|
|
qmi_service_unregister was removing the registration that matched an
integer ID. This would allow a client to unregister a different
client's notification. While this is unlikely it could lead to very
confusing bugs. This is easy to prevent by checking both the ID and
the service handle.
|
|
uint16_t values were copied into unsigned ints before being passed to
L_UINT_TO_PTR. Perhaps this was necessary when the glib macro
GUINT_TO_POINTER was used, but it is not necessary now with the ell macro.
|
|
Currently any client can cancel any other client's requests and
notifications. This change separates out the service "family" which is
shared among clients that create services for the same qmi service
type. The qmi_service gets its own unique handle so that clients
are more independent and cannot interfere with other clients as
easily.
|
|
This code is single-threaded so there is no need to use atomics.
While here simplify qmi_service_ref.
|
|
One of my VMs was getting a linker error when building
test-qmimodem-qmi in maintainer mode:
undefined reference to `dladdr'
Add -ldl to fix this.
|
|
|
|
Clean up the functions so that they can be used to send indications
in addition to responses in the future.
|
|
Now the qmi_device_shutdown() function can return a failure. It will
do this if the qmi_device type does not support shutdown. When this
happens gobi should immediately proceed with shutdown instead of
waiting until the timeout occurs.
|
|
Explicitly ask WDS service to include certain TLVs in its response.
This is mainly needed to obtain the value of the negotiated MTU between
the modem and the network. MTU is not included in the response
otherwise.
|
|
This structure is defined in wds.h but only used once inside
packet_status_notify(). It is unlikely to be used elsewhere since this
TLV is specific to the connection status indication. Define/declare
this structure directly in the handler instead.
|
|
|
|
QMI uses authentication type as a bitmap, with both PAP and CHAP support
being selectable independently. Convert QMI_WDS_AUTHENTICATION* defines
to an enumeration, removing QMI_WDS_AUTHENTICATION_NONE.
|
|
These defines are used only a single time, either as an enumeration for
a parameter or result. Move them to be closer to the actual call site
and do not use a QMI_WDS prefix.
|
|
In start_net_cb, a new cb_data object is allocated which contains the
exact same information as the cb_data object being passed in as
userdata. Use cb_data_ref/unref instead.
While here, also fix an erroneous invocation of CALLBACK_WITH_SUCCESS if
the GET_CURRENT_SETTINGS request was not queued successfully. An error
should be generated instead.
|
|
|
|
Tools such as busctl use EXTERNAL authentication to DBus and get
confused if EXTERNAL authentication is not enabled. For this, the root
user must also exist inside /etc/passwd, or dbus-daemon is unable to
accept auth requests using EXTERNAL authentication mechanism.
|
|
Embedded QMI QRTR modems use an endpoint ID of 1. This will not be set
by udevng, so gprs-context must handle this case.
|
|
Embedded qmi QRTR modems are identified by the existence of
rmnet_ipaX and rmnet_dataX devices. Add a new "embedded" modem type
so that these devices can be collected during enumeration and then
configured for use by the gobi plugin. Modems of this type will be
exposed as /gobiqrtr_X.
|
|
Sometimes the test server will receive a QRTR_TYPE_DEL_CLIENT control
packet which is broadcast when the prior test client is destroyed. It
is entirely schdeduler-dependent as to whether this broadcast will
occur before or after the subsequent test's servers are created. If
the test server receives a control packet, then test_send_data will
fail. There is no need for the tests to be aware of any control
packets at this time so it should simply ignore them.
Fixes: 728db12daa68 ("qmi: Add unit test for QRTR qmi_service_send")
|
|
valgrind reports many use-after-free errors inside hfp_ag_bluez5.c
when oFono is being shutdown. This is caused by hfp_ag plugin not
tracking atom watches properly. Fix this by correctly removing both sim
and voicecall atom watches appropriately. Since all modems are now
tracked, remove the 'sim_hash' hash table and the 'modems' doubly-linked
list.
ofonod[29]: src/voicecall.c:voicecall_remove() atom: 0x5697140
==29== Invalid read of size 8
==29== at 0x48E28C9: g_list_remove (in /usr/lib/libglib-2.0.so.0.7800.3)
==29== by 0x4E8B84: sim_state_watch (hfp_ag_bluez5.c:353)
==29== by 0x4E8CDE: sim_watch (hfp_ag_bluez5.c:396)
==29== by 0x502F65: call_watches (modem.c:314)
==29== by 0x502FE2: __ofono_atom_unregister (modem.c:334)
==29== by 0x503381: flush_atoms (modem.c:483)
==29== by 0x50366D: modem_change_state (modem.c:586)
==29== by 0x504225: set_powered (modem.c:974)
==29== by 0x506966: modem_unregister (modem.c:2154)
==29== by 0x506BD2: ofono_modem_remove (modem.c:2220)
==29== by 0x4C8753: phonesim_exit (phonesim.c:1177)
==29== by 0x502925: __ofono_plugin_cleanup (plugin.c:201)
==29== Address 0x56c3350 is 0 bytes inside a block of size 24 free'd
==29== at 0x484488F: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29== by 0x49093C0: g_slice_free_chain_with_offset (in /usr/lib/libglib-2.0.so.0.7800.3)
==29== by 0x4E90A3: hfp_ag_exit (hfp_ag_bluez5.c:514)
==29== by 0x502925: __ofono_plugin_cleanup (plugin.c:201)
==29== by 0x5015F8: main (main.c:315)
==29== Block was alloc'd at
==29== at 0x4841828: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29== by 0x48EE762: g_malloc (in /usr/lib/libglib-2.0.so.0.7800.3)
==29== by 0x48E0FE8: g_list_append (in /usr/lib/libglib-2.0.so.0.7800.3)
==29== by 0x4E8BDD: sim_state_watch (hfp_ag_bluez5.c:365)
==29== by 0x53274E: call_state_watches (sim.c:374)
==29== by 0x535D1E: sim_set_ready (sim.c:1784)
==29== by 0x53611A: sim_imsi_obtained (sim.c:1885)
==29== by 0x536280: sim_imsi_cb (sim.c:1934)
==29== by 0x489FAA: at_cimi_cb (sim.c:455)
==29== by 0x4ED979: at_chat_finish_command (gatchat.c:465)
==29== by 0x4EDB84: at_chat_handle_command_response (gatchat.c:527)
==29== by 0x4EDE3F: have_line (gatchat.c:606)
==29==
...
ofonod[29]: plugins/bluez5.c:bt_unregister_profile() Bluetooth: Unregistering profile /bluetooth/profile/hfp_ag
==29== Invalid read of size 8
==29== at 0x48C8076: g_hash_table_lookup (in /usr/lib/libglib-2.0.so.0.7800.3)
==29== by 0x4E8CF4: sim_watch (hfp_ag_bluez5.c:398)
==29== by 0x502F65: call_watches (modem.c:314)
==29== by 0x502FE2: __ofono_atom_unregister (modem.c:334)
==29== by 0x503381: flush_atoms (modem.c:483)
==29== by 0x50366D: modem_change_state (modem.c:586)
==29== by 0x504225: set_powered (modem.c:974)
==29== by 0x506966: modem_unregister (modem.c:2154)
==29== by 0x506BD2: ofono_modem_remove (modem.c:2220)
==29== by 0x4C8753: phonesim_exit (phonesim.c:1177)
==29== by 0x502925: __ofono_plugin_cleanup (plugin.c:201)
==29== by 0x5015F8: main (main.c:315)
==29== Address 0x5133f58 is 56 bytes inside a block of size 96 free'd
==29== at 0x484488F: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29== by 0x4E90CB: hfp_ag_exit (hfp_ag_bluez5.c:516)
==29== by 0x502925: __ofono_plugin_cleanup (plugin.c:201)
==29== by 0x5015F8: main (main.c:315)
==29== Block was alloc'd at
==29== at 0x4841828: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29== by 0x48EE762: g_malloc (in /usr/lib/libglib-2.0.so.0.7800.3)
==29== by 0x48D3182: g_hash_table_new_full (in /usr/lib/libglib-2.0.so.0.7800.3)
==29== by 0x4E8FEB: hfp_ag_init (hfp_ag_bluez5.c:489)
==29== by 0x50286D: __ofono_plugin_init (plugin.c:175)
==29== by 0x5015C6: main (main.c:309)
...
==29== Invalid read of size 4
==29== at 0x48D0483: g_hash_table_remove (in /usr/lib/libglib-2.0.so.0.7800.3)
==29== by 0x4E8D21: sim_watch (hfp_ag_bluez5.c:399)
==29== by 0x502F65: call_watches (modem.c:314)
==29== by 0x502FE2: __ofono_atom_unregister (modem.c:334)
==29== by 0x503381: flush_atoms (modem.c:483)
==29== by 0x50366D: modem_change_state (modem.c:586)
==29== by 0x504225: set_powered (modem.c:974)
==29== by 0x506966: modem_unregister (modem.c:2154)
==29== by 0x506BD2: ofono_modem_remove (modem.c:2220)
==29== by 0x4C8753: phonesim_exit (phonesim.c:1177)
==29== by 0x502925: __ofono_plugin_cleanup (plugin.c:201)
==29== by 0x5015F8: main (main.c:315)
==29== Address 0x5133f28 is 8 bytes inside a block of size 96 free'd
==29== at 0x484488F: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29== by 0x4E90CB: hfp_ag_exit (hfp_ag_bluez5.c:516)
==29== by 0x502925: __ofono_plugin_cleanup (plugin.c:201)
==29== by 0x5015F8: main (main.c:315)
==29== Block was alloc'd at
==29== at 0x4841828: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29== by 0x48EE762: g_malloc (in /usr/lib/libglib-2.0.so.0.7800.3)
==29== by 0x48D3182: g_hash_table_new_full (in /usr/lib/libglib-2.0.so.0.7800.3)
==29== by 0x4E8FEB: hfp_ag_init (hfp_ag_bluez5.c:489)
==29== by 0x50286D: __ofono_plugin_init (plugin.c:175)
==29== by 0x5015C6: main (main.c:309)
|
|
In __ofono_atom_free, the atom is removed from the list prior to
invoking __ofono_atom_unregister. This ensures that any invocation of
__ofono_atom_find or __ofono_modem_find_atom() will fail to find the
just-removed object when invoked from the atom watch.
The above does not hold in flush_atoms() implementation, which can lead
to surprising results. Make sure that the atom is removed from the
modem's atom list prior to invoking __ofono_atom_unregister in all
cases.
|
|
|
|
BlueZ 5 is now up to release 5.73, with the 5.0 release date being in
late 2012. There's very little chance that anyone is using BlueZ 4
anymore. Remove it.
|
|
The unit test causes a qmi request to be sent to the test QRTR service
and echos the data back in its response.
|
|
Use actual AF_QIPCRTR sockets to create test QRTR services that may be
utilized to validate the functionality of the QRTR implementation of
qmi_device.
These initial tests validate that the qmi code is performing service
lookup and instantiation properly.
|
|
Replace the XYZ operator contexts with a set of two. One tagged as
'lte' and one tagged as '5g'. Add logic to the provision unit test to
support filter tags.
|
|
The emulator example plugin does not track modem powered watches, and
thus leaks them. Additionally, the plugin opens ports for both HFP and
DUN emulators. However, only a single server watch is tracked, leading
to the other watch being leaked.
Since the modem powered watches are not tracked, they are never
unregistered. This can lead to situations where emulator plugin is
destroyed (and thus all data associated with it is freed) before all
modems have been removed. When modems are removed subsequently,
registered powered watches will be invoked. This will result in
use-after-free errors being reported by valgrind.
|
|
oFono main.conf configuration file can now contain an entry with group
'Provision' and key 'TagsFilter'. This entry is treated as a comma
separated list of all tags that are accepted during context
auto-provisioning. This can help to filter duplicate context entries
from the provisioning database such that context auto-provisioning is
successful without user intervention.
|
|
It would be useful to support some oFono wide configuration settings
that can be configured for the system. Introduce a new
__ofono_get_config() function that will obtain the parsed settings file
as a pointer to l_settings. The settings will be parsed from the
configuration directory set using CONFIGURATION_DIRECTORY environment
variable, or the default CONFIGDIR variable set during
configuration/compilation.
|
|
AT&T uses several APNs, one for lte/4g devices, one for 5G capable
devices and one for M2M. Use the newly introduced tags field to tag
them appropriately.
Similarly, for T-mobile, add "iot" tag to the iot specific APN
configuration.
|
|
|
|
Also update unit tests and other users of provisiondb APIs due to the
API change.
|
|
Since this changes the size of the context structure, bump the version
number generated by provisiontool.
|
|
This seems to be yet another MVNO, remove it for now.
|
|
|
|
Most likely these MVNOs use GID1/GID2 or some other magic to be
auto-detected properly. Mark them using the SPN tag so major US
carriers can be autodetected easier.
|
|
It has the same MCC/MNC and APN settings as AT&T
|
|
The current implementation kicks off reading of the SPN only if an spn
watch has been registered. This made sense at the time since the only
atoms that used spn were netreg and gprs. Typically they were
initialized in the post_online state, which in effect delayed SPN
reading until that time.
With the introduction of provisioning inside the LTE atom, the spn watch
is always registered for LTE modems (nearly all modems now and going
forward). Simplify the SPN reading logic by reading it once the sim has
been initialized by kicking off the read procedure inside sim_ready().
While here, remove tracking of cphs_spn_watch, ef_spn_watch and
cphs_spn_short_watch. All sim file watches are automatically destroyed
once the ofono_sim_context is destroyed.
|
|
While here, also remove sim_eons_optimize() as it is no longer needed.
The ell queue implementation natively supports pushing to the back of a
linked list. Also tighten up some length checks and make 'length'
arguments unsigned.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The Capabilities property is made available via GetProperties() D-Bus
method. It is also emitted prior to emitting the PropertyChanged signal
for the Powered property. This ensures that any clients that might use
the capability information, will obtain it prior to the modem being
enabled / powered up.
|
|
The intent of this property is to give an early hint to external
clients, such as ConnMan, about this modem's capabilities such that the
clients can modify their behavior accordingly. For example, ConnMan
might choose to drive the modem slightly differently if it knows that a
modem is LTE capable.
|
|
This code was repeated in multiple places, factor it out into a common
function.
|
|
This code was repeated in multiple places, factor it out into a common
function.
|
|
If use_mux code path was used, certain commands (like querying of the
SIM status) were not sent, resulting in incomplete modem initialization.
Fix that.
|
|
ofonod[2670789]: drivers/qmimodem/sms.c:get_msg_protocol_cb()
==2670789== Conditional jump or move depends on uninitialised value(s)
==2670789== at 0x46552A: get_msg_protocol_cb (sms.c:565)
==2670789== by 0x45D5C1: service_send_callback (qmi.c:2762)
==2670789== by 0x4594F5: __rx_message (qmi.c:846)
==2670789== by 0x45A6A4: received_qmux_data (qmi.c:1393)
==2670789== by 0x58D71C: io_callback (io.c:105)
==2670789== by 0x58C073: l_main_iterate (main.c:461)
==2670789== by 0x500EC0: event_check (main.c:190)
==2670789== by 0x48FC09D: ??? (in /usr/lib/libglib-2.0.so.0.7800.3)
==2670789== by 0x49591CF: ??? (in /usr/lib/libglib-2.0.so.0.7800.3)
==2670789== by 0x48FBB96: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.7800.3)
==2670789== by 0x5011F5: main (main.c:284)
==2670789==
ofonod[2670789]: drivers/qmimodem/sms.c:get_msg_list()
The warning is triggered because GET_MSG_PROTOCOL command succeeds and
qmi_result_set_error() returns false. It seems the intent in this case
is to use the msg_mode reported by the device by obtaining it using
qmi_result_get_uint8. In case GET_MSG_PROTOCOL command fails, both CDMA
and WCDMA messages should be queried.
|
|
Port the retry logic from glib based implementation that uses
g_timeout_add to use l_timeout instead. While here, fix the existing
logic to not leak memory when a retry is performed. This happens in one
of two ways:
- When retry_cbd is allocated via cb_data_new, it is never freed when
the timeout GSource fires.
- If the timeout GSource is removed early (i.e. due to remove() being
called), the associated retry_cbd is not freed
Fix this by using cb_data_ref / cb_data_unref and utilize destroy
callbacks properly.
|
|
valgrind found that for control requests, the group_id was not being
set. The requests are being allocated using l_malloc which does not
initialize memory to 0, unlike l_new. The impact is that cleanup of
the requests during service closure or modem shutdown might
incorrectly remove a control request from the queue. The fix is to
always initialize this field to 0.
Fixes: 0a4591e439ba ("qmi: Add an abstract group id to services and requests")
|
|
QRTR services were never being destroyed because they were being
created with a reference count of 1 and immediately incrementing the
count to 2.
|
|
The __debug_msg refactoring introduced a bug where the service
transactions would not display the correct type in the log. The service
transaction type is shifted to the left by one bit compared to the
control transaction type so we need to perform a shift to be able to
share a common debug logging function.
Fixes: afa96ae4fa99 ("qmi: Clean up the __debug_msg function")
|
|
Sometimes the QRTR discover timeout would occur simply because the
control packets are being processed slowly. Handle this by extending
the timeout each time a service is discovered. Then ensure the
discover data on the queue exists before processing it, just in
case there was an actual timeout.
|
|
|
|
glib use is retained by sim and sim-legacy drivers since these drivers
utilize sim related utilities that have not yet been ported to ell.
Also, sim driver uses a single glib timeout source
|
|
|
|
Convert from using GLib g_new0 / g_free to use ell
|
|
|
|
|
|
|
|
For simplicity the QRTR write method simply skips the QMUX
header. In the future it might make sense to add another ops
function that would allocate a larger buffer and populate
the QMUX header in the QMUX implementation.
|
|
There was a lot of redundancy in the function and it was also not
ready to handle QRTR messages that do not have a QMUX header.
|
|
QRTR will need this to write to the appropriate node and port.
While here create helper functions to simplify request allocation.
|
|
This will allow services and requests to be matched without using
the QMUX client id which does not exist in QRTR.
|
|
|
|
string_to_phone_number is used to convert a sanitized phone number
string to struct ofono_phone_number. An unsafe strcpy is used for the
conversion. Change string_to_phone_number in two ways:
- Add a '__' prefix to make it clear that this API is private and care
must be taken when using it. In this case, by sanitizing the input
first
- Use a safer strcpy version, namely l_strlcpy
While here, add a sanitizing version of string_to_phone_number that can
be used to sanitize and convert the input string in one operation.
Also take the opportunity to convert some of the functions involved from
GLib gboolean type to stdbool.
|
|
sms_address_from_string is meant as private API, to be used with string
form addresses that have already been sanitized. However, to be safe,
use a safe version of strcpy to avoid overflowing the buffer in case the
input was not sanitized properly. While here, add a '__' prefix to the
function name to help make it clearer that this API is private and
should be used with more care.
|
|
|
|
It is better to explicitly check the return value of cbs_dcs_decode
instead of relying on udhi not being changed due to side-effects.
|
|
If a specially formatted SMS is received, it is conceivable that the
address length might overflow the structure it is being parsed into.
Ensure that the length in bytes of the address never exceeds 10.
|
|
GError return variables would possibly be allocated by g_key_file_get_*
functions, but never used and never freed. Fix that.
|
|
QRTR does not require client ID allocation requests.
|
|
Only QMUX has client ids and they fit into 8 bits.
|
|
QRTR will need to know the node and port for writes.
|
|
|
|
|
|
There may be circumstances when 'n' or 'o' are NULL. Make sure the next
member is not dereferenced in this case.
|
|
|
|
|
|
In case any new ofono_error types are added, make sure the compiler
warns if they're not handled properly.
|
|
|
|
On QMUX, service information is static. It is obtained via a CTL
request and remains static for the duration of the connection. With
QRTR, services can appear and disappear dynamically. Support this by
converting the existing version_list / version_count member into a
queue. struct qmi_version is now replaced by struct qmi_service_info
with additional qrtr specific attributes.
|
|
QRTR service discovery works by sending QRTR_TYPE_NEW_LOOKUP to
the special socket of type AF_QIPCRTR. Then the services are received
one-by-one. Soon they will be stored and made available for use by the
qmi client.
There was a re-entrancy problem where the qmi_device could be
destroyed in a callback, but then the code running would still try
to access that device. This was solved by creating a common macro
that would do things in the right order so that the qmi_device was
not accessed again after calling back into the client.
QRTR modem discovery and instantiation will be implemented later.
|
|
The intent was to have l_free apply to the settings variable, not the
const ap variable. Also, while here, fix dereferencing ap if it is
NULL.
Fixes: 69adffb51633 ("lte: Add provisioning support")
|
|
If voicecall_dbus_register is not successful, it will invoke
voicecall_destroy, which frees the voicecall and associated data. Make
sure to return early if this happens.
While here, convert g_memdup2 and g_try_new0 use to ell.
|
|
'number' is obtained using g_key_file_get_string (which returns a newly
allocated string), but is never freed.
|
|
Transaction identifier for QMI service messages was always read in as
LE16 value, however when allocating a request it was set in host byte
order. Fix that.
|
|
control_queue is only used by the QMUX transport. Move it out from the
qmi_device structure into the QMUX specific qmi_device_qmux structure.
|
|
Introduce a new write driver method which will abstract away the
details of submitting a QMI message to the underlying device / protocol.
qmi_device will continue managing the request queue and setup the l_io
write handler accordingly.
|
|
handle_packet currently handles both CTL and generic service messages
coming from the device. In all cases, QMUX framing is assumed. Split
up this function into two, one for parsing and handling the CTL packets,
and one for all other service messages.
As a result, the reader handler is renamed to received_qmux_data() and
set into l_io inside qmi_device_new_qmux() constructor.
|
|
__request_submit was handling both CTL and non-CTL requests. Split this
function into two, one for submitting CTL requests, and one that handles
normal service traffic. This allows CTL requests to be isolated into
QMUX specific driver methods that use them. While here, also move
next_control_tid member into the QMUX qmi_device subclass.
|
|
This logic is QMUX only, move it to be spatially near the rest of QMUX
specific logic and just above where these functions are used.
|
|
When the qmi_request structure is allocated, the tid member is never
initialized properly. This is usually okay since the request is
submitted afterwards, but it is still better to initialize this member
properly.
|
|
Instead of allocating a separate buffer inside the request object, use a
flexible array member (FAM). This allows the request metadata and data
to be allocated within the same memory region. The only downside is
that the data buffer is not released once the request has been sent over
the socket. Since most requests are quite small, this shouldn't affect
performance.
|
|
Replace with l_strdup
|
|
Replace with l_strdup
|
|
Replace by l_strdup
|
|
Replace with l_strdup
|
|
Replace with l_strdup
|
|
Replace by l_strdup
|
|
Replace with l_strlcpy
|
|
Replace with l_strlcpy
|
|
Replace with l_str_has_prefix
|
|
|
|
|
|
|
|
Replace with l_strdup_printf. While here also replace use of g_free
with free() where data returned by the invocation of standard C
functions needs to be freed.
|
|
Replace with l_strdup_printf
|
|
Replace with l_strdup_printf
|
|
Replace with l_strdup_printf instead
|
|
Replace by l_strv_free
|
|
Replace by fprintf(stderr, ...)
|
|
Replace by l_strv_free and l_strv_copy
|
|
Replace by l_strv_free
|
|
Replace by l_strv_free
|
|
Replace by l_strv_free and l_strv_copy
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If discovery has been completed successfully, tell the caller right away
by returning a -EALREADY return code instead of scheduling for the
discover callback to be invoked via the idle callback. Such logic has
no real effect as the underlying CTL service is not queried again.
|
|
If qmi_device_discover attempt fails, fail right away.
|
|
On QMUX the discover operation queries all available services by sending
a QMUX Control message and processing its reply. The reply contains a
list of services and the corresponding major / minor version number.
QRTR has a similar, but much more dynamic mechanism utilizing the QRTR
nameserver. Services on QRTR can appear and disappear freely compared
to services on QMUX.
Abstract the discovery operation behind a discover() method in the ops
structure, and move the QMUX specific implementation there. While here,
change the return signature of qmi_device_discover() to return an int,
such that better error reporting can be supported.
|
|
On QMUX, before using a particular QMI service, a client must first be
created. Client creation is accomplished by sending a specific message
to the control service and waiting for the reply.
On QRTR, no such round trip is required. A QRTR socket can immediately
access all services by virtue of creating a socket, with each QMI
service allocating an implicit client identifier.
Abstract away the client creation details behind the client_create()
driver method. Rename the service_create_data structure to
qmux_client_create_data in order to make it clear that this operation is
QMUX specific.
|
|
When shutting down, any requested QMUX clients must be released
properly. This is handled by sending a QMUX Control message with the
service type and client id. QRTR doesn't have such a concept, a client
is closed by virtue of closing the socket. Abstract away the
implementation details behind client_release() driver method.
|
|
Since reference counting wasn't used, rename qmi_device_unref to
qmi_device_free.
|
|
This API isn't being used, drop it.
|
|
Eliminate the final gchar* as well.
|
|
|
|
|
|
|
|
|
|
|
|
If for some reason the qmux device creation fails, indicate failure
early and do not rely on the 5 second modem powered timeout.
|