Fix: UE_list access conflict.(Reestablishment sequence duplication)

(cherry picked from commit 71f2905c71d97530f45be3daf6ba167775abe827)

openair2/LAYER2/MAC/eNB_scheduler.c

@@ -329,6 +329,7 @@ schedule_SR (module_id_t module_idP,
   UE_list_t *UE_list = &eNB->UE_list;
   nfapi_ul_config_request_t      *ul_req = NULL;
   nfapi_ul_config_request_body_t *ul_req_body = NULL;
+  LTE_PhysicalConfigDedicated_t *physicalConfigDedicated = NULL;
   LTE_SchedulingRequestConfig_t  *SRconfig = NULL;
   nfapi_ul_config_sr_information sr;
 
@@ -340,10 +341,11 @@ schedule_SR (module_id_t module_idP,
         continue;
       }
 
-      if (UE_list->UE_template[CC_id][UE_id].physicalConfigDedicated == NULL) continue;
-
-      if ((SRconfig = UE_list->UE_template[CC_id][UE_id].physicalConfigDedicated->schedulingRequestConfig) != NULL) {
-        if (SRconfig->present == LTE_SchedulingRequestConfig_PR_setup) {
+      physicalConfigDedicated = UE_list->UE_template[CC_id][UE_id].physicalConfigDedicated;
+      if (physicalConfigDedicated == NULL) continue;
+      SRconfig = UE_list->UE_template[CC_id][UE_id].physicalConfigDedicated->schedulingRequestConfig;
+      //if ((SRconfig = UE_list->UE_template[CC_id][UE_id].physicalConfigDedicated->schedulingRequestConfig) != NULL) {
+        if ((physicalConfigDedicated != NULL) && (SRconfig != NULL) && (SRconfig->present == LTE_SchedulingRequestConfig_PR_setup)) {
           if (SRconfig->choice.setup.sr_ConfigIndex <= 4) {          // 5 ms SR period
             if ((subframeP % 5) != SRconfig->choice.setup.sr_ConfigIndex) continue;
           } else if (SRconfig->choice.setup.sr_ConfigIndex <= 14) {  // 10 ms SR period
@@ -356,7 +358,11 @@ schedule_SR (module_id_t module_idP,
             if ((10 * (frameP & 7) + subframeP) != (SRconfig->choice.setup.sr_ConfigIndex - 75)) continue;
           }
         }  // SRconfig->present == SchedulingRequestConfig_PR_setup)
-      }  // SRconfig = UE_list->UE_template[CC_id][UE_id].physicalConfigDedicated->schedulingRequestConfig)!=NULL)
+        else{
+          LOG_E(MAC,"schedule_SR : frame %d subframe %d UE_id %d physicalConfigDedicated SRconfig %p\n",frameP,subframeP,UE_id,SRconfig);
+          continue;
+        }
+      //}  // SRconfig = UE_list->UE_template[CC_id][UE_id].physicalConfigDedicated->schedulingRequestConfig)!=NULL)
 
       /* If we get here there is some PUCCH1 reception to schedule for SR */
       ul_req = &(eNB->UL_req[CC_id]);
@@ -1156,7 +1162,7 @@ void update_ue_timers(module_id_t module_idP,frame_t frameP, sub_frame_t subfram
       ue_context_p->ue_context.ue_rrc_inactivity_timer++;
     }
 
-    if (ue_context_p->ue_context.ue_reestablishment_timer > 0) {
+    if ((ue_context_p->ue_context.ue_reestablishment_timer > 0) && (ue_context_p->ue_context.ue_reestablishment_timer_thres > 0)) {
       ue_context_p->ue_context.ue_reestablishment_timer++;
   }
 

openair2/LAYER2/MAC/eNB_scheduler_RA.c

@@ -1119,6 +1119,7 @@ generate_Msg4(module_id_t module_idP,
           dl_req_body->number_dci++;
           dl_req_body->number_pdu++;
           ra->state = WAITMSG4ACK;
+          ra->msg4_count = 1;
           LOG_D(MAC,"[eNB %d][RAPROC] Frame %d, Subframe %d: state:WAITMSG4ACK\n", module_idP, frameP, subframeP);
           // increment Absolute subframe by 8 for Msg4 retransmission
           LOG_D(MAC,
@@ -1389,6 +1390,11 @@ check_Msg4_retransmission(module_id_t module_idP, int CC_idP,
       if ((ra->Msg4_frame == frameP)
           && (ra->Msg4_subframe == subframeP)) {
         //ra->wait_ack_Msg4++;
+        if(ra->msg4_count > 4){
+          LOG_I(MAC, "Msg4 Retransmission count reach max, put UE %x into freeList\n", ra->rnti);
+          put_UE_in_freelist(module_idP, ra->rnti, 1);
+          return;
+        }
         // we have to schedule a retransmission
         dl_req->sfn_sf = frameP<<4 | subframeP;
         first_rb = 0;
@@ -1466,6 +1472,7 @@ check_Msg4_retransmission(module_id_t module_idP, int CC_idP,
                               dci_dl_pdu_rel8.cce_idx);
         // prepare frame for retransmission
         get_retransmission_timing(mac->common_channels[CC_idP].tdd_Config,&ra->Msg4_frame,&ra->Msg4_subframe);
+        ra->msg4_count++;
         LOG_W(MAC,
               "[eNB %d][RAPROC] CC_id %d Frame %d, subframeP %d: Msg4 not acknowledged, adding ue specific dci (rnti %x) for RA (Msg4 Retransmission round %d in %d.%d)\n",
               module_idP, CC_idP, frameP, subframeP, ra->rnti,
@@ -1712,6 +1719,7 @@ cancel_ra_proc(module_id_t module_idP, int CC_id, frame_t frameP,
       ra[i].RRC_timer = 20;
       ra[i].rnti = 0;
       ra[i].msg3_round = 0;
+      ra[i].msg4_count = 0;
       LOG_D(MAC,"[eNB %d][RAPROC] CC_id %d Frame %d Canceled RA procedure for UE rnti %x\n", module_idP, CC_id, frameP, rnti);
     }
   }
@@ -1728,5 +1736,6 @@ void clear_ra_proc(module_id_t module_idP, int CC_id, frame_t frameP) {
     ra[i].RRC_timer = 20;
     ra[i].rnti = 0;
     ra[i].msg3_round = 0;
+    ra[i].msg4_count = 0;
   }
 }

openair2/LAYER2/MAC/eNB_scheduler_ulsch.c

@@ -774,13 +774,16 @@ rx_sdu(const module_id_t enb_mod_idP,
               UE_template_ptr = &(UE_list->UE_template[CC_idP][UE_id]);
             }
           } else {
-            LOG_D(MAC, "[eNB %d][RAPROC] CC_id %d Frame %d CCCH: Received Msg3 from already registered UE %d: length %d, offset %ld\n",
+            LOG_E(MAC, "[eNB %d][RAPROC] CC_id %d Frame %d CCCH: Received Msg3 from already registered UE %d: length %d, offset %ld\n",
                   enb_mod_idP,
                   CC_idP,
                   frameP,
                   UE_id,
                   rx_lengths[i],
                   payload_ptr - sduP);
+            cancel_ra_proc(enb_mod_idP, CC_idP, frameP, current_rnti);
+            fill_nfapi_rnti_release(enb_mod_idP, current_rnti);
+            break;
             // kill RA proc
           }
 

openair2/LAYER2/MAC/mac.h

@@ -1170,6 +1170,7 @@ typedef struct {
   int msg4_TBsize;
   /// MCS used for Msg4
   int msg4_mcs;
+  uint8_t msg4_count;
 #if (LTE_RRC_VERSION >= MAKE_VERSION(14, 0, 0))
   uint8_t rach_resource_type;
   uint8_t msg2_mpdcch_repetition_cnt;

openair2/RRC/LTE/rrc_eNB.c

@@ -977,7 +977,9 @@ rrc_eNB_free_mem_UE_context(
   memset(ue_context_pP->ue_context.DRB_active, 0, sizeof(ue_context_pP->ue_context.DRB_active));
 
   if (ue_context_pP->ue_context.physicalConfigDedicated) {
-    ASN_STRUCT_FREE(asn_DEF_LTE_PhysicalConfigDedicated, ue_context_pP->ue_context.physicalConfigDedicated);
+    ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_LTE_PhysicalConfigDedicated, ue_context_pP->ue_context.physicalConfigDedicated);
+    memset(ue_context_pP->ue_context.physicalConfigDedicated,0,sizeof(struct LTE_PhysicalConfigDedicated));
+    free(ue_context_pP->ue_context.physicalConfigDedicated);
     ue_context_pP->ue_context.physicalConfigDedicated = NULL;
   }
 
@@ -2374,7 +2376,7 @@ rrc_eNB_generate_RRCConnectionRelease(
   T(T_ENB_RRC_CONNECTION_RELEASE, T_INT(ctxt_pP->module_id), T_INT(ctxt_pP->frame),
     T_INT(ctxt_pP->subframe), T_INT(ctxt_pP->rnti));
   size = do_RRCConnectionRelease(ctxt_pP->module_id, buffer,rrc_eNB_get_next_transaction_identifier(ctxt_pP->module_id));
-  ue_context_pP->ue_context.ue_reestablishment_timer = 0;
+  //ue_context_pP->ue_context.ue_reestablishment_timer = 0;
   ue_context_pP->ue_context.ue_release_timer = 0;
   ue_context_pP->ue_context.ue_rrc_inactivity_timer = 0;
   LOG_I(RRC,
@@ -7909,7 +7911,7 @@ rrc_eNB_decode_ccch(
             LOG_E(RRC,
                   PROTOCOL_RRC_CTXT_UE_FMT" LTE_RRCConnectionReestablishmentRequest without UE context, let's reject the UE\n",
                   PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP));
-            rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, ue_context_p, CC_id);
+            rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, NULL, CC_id);
             break;
           }
 
@@ -7919,7 +7921,7 @@ rrc_eNB_decode_ccch(
                   PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP),
                   rrcConnectionReestablishmentRequest->ue_Identity.physCellId,
                   RC.rrc[ctxt_pP->module_id]->carrier[CC_id].physCellId);
-            rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, ue_context_p, CC_id);
+            rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, NULL, CC_id);
             break;
           }
 
@@ -7935,7 +7937,7 @@ rrc_eNB_decode_ccch(
             LOG_E(RRC,
                   PROTOCOL_RRC_CTXT_UE_FMT" LTE_RRCConnectionReestablishmentRequest c_RNTI range error, let's reject the UE\n",
                   PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP));
-            rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, ue_context_p, CC_id);
+            rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, NULL, CC_id);
             break;
           }
 
@@ -7945,7 +7947,7 @@ rrc_eNB_decode_ccch(
             LOG_E(RRC,
                   PROTOCOL_RRC_CTXT_UE_FMT" LTE_RRCConnectionReestablishmentRequest without UE_id(MAC) rnti %x, let's reject the UE\n",
                   PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP),c_rnti);
-            rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, ue_context_p, CC_id);
+            rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, NULL, CC_id);
             break;
           }
       if((RC.mac[ctxt_pP->module_id]->UE_list.UE_sched_ctrl[UE_id].ue_reestablishment_reject_timer > 0) &&
@@ -7971,7 +7973,7 @@ rrc_eNB_decode_ccch(
             LOG_E(RRC,
                   PROTOCOL_RRC_CTXT_UE_FMT" RRCConnectionReestablishmentRequest without UE_id(MAC) previous rnti %x, let's reject the UE\n",
                   PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP),previous_rnti);
-            rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, ue_context_p, CC_id);
+            rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, NULL, CC_id);
             break;
         }
           if((RC.mac[ctxt_pP->module_id]->UE_list.UE_sched_ctrl[UE_id].ue_reestablishment_reject_timer > 0) &&
@@ -7990,11 +7992,12 @@ rrc_eNB_decode_ccch(
         LOG_E(RRC,
              PROTOCOL_RRC_CTXT_UE_FMT" LTE_RRCConnectionReestablishmentRequest (UE %x c-plane is not end), let's reject the UE\n",
              PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP),c_rnti);
-        rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, ue_context_p, CC_id);
+        rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, NULL, CC_id);
         break;
       }
 
           if(ue_context_p->ue_context.ue_reestablishment_timer > 0) {
+            if(ue_context_p->ue_context.ue_reestablishment_timer < 960){
             LOG_E(RRC,
                   PROTOCOL_RRC_CTXT_UE_FMT" RRRCConnectionReconfigurationComplete(Previous) don't receive, delete the Previous UE\n",
                   PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP));
@@ -8017,6 +8020,13 @@ rrc_eNB_decode_ccch(
                 ue_context_p->ue_context.e_rab[e_rab].status = E_RAB_STATUS_FAILED;
               }
             }
+            }else{
+                LOG_E(RRC,
+                      PROTOCOL_RRC_CTXT_UE_FMT" RRRCConnectionReconfigurationComplete(Previous) will wait timeout, let's reject the UE\n",
+                      PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP));
+                rrc_eNB_generate_RRCConnectionReestablishmentReject(ctxt_pP, NULL, CC_id);
+                break;
+            }
           }
 
           LOG_D(RRC,
@@ -8290,11 +8300,12 @@ rrc_eNB_decode_ccch(
                   PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP),
                   random_value);
             if (NODE_IS_MONOLITHIC(RC.rrc[ctxt_pP->module_id]->node_type)) {
-              if (rrc_mac_remove_ue(ctxt_pP->module_id,ctxt_pP->rnti) == -1) {
-                LOG_E(RRC, "rrc_mac_remove_ue failed\n");
-                ASN_STRUCT_FREE(asn_DEF_LTE_UL_CCCH_Message,ul_ccch_msg);
-                return -1;
-              }
+              //if (rrc_mac_remove_ue(ctxt_pP->module_id,ctxt_pP->rnti) == -1) {
+              //  LOG_E(RRC, "rrc_mac_remove_ue failed\n");
+              //  ASN_STRUCT_FREE(asn_DEF_LTE_UL_CCCH_Message,ul_ccch_msg);
+              //  return -1;
+              //}
+              put_UE_in_freelist(ctxt_pP->module_id,ctxt_pP->rnti,0);
             }
             else if (NODE_IS_CU(RC.rrc[ctxt_pP->module_id]->node_type)) {
               MessageDef *m = itti_alloc_new_message(TASK_RRC_ENB, F1AP_UE_CONTEXT_RELEASE_CMD);
@@ -9485,13 +9496,14 @@ void rrc_subframe_process(protocol_ctxt_t *const ctxt_pP, const int CC_id)
       }
     }
 
-    if (ue_context_p->ue_context.ue_reestablishment_timer > 0) {
+    if ((ue_context_p->ue_context.ue_reestablishment_timer > 0)&&(ue_context_p->ue_context.ue_reestablishment_timer_thres > 0)) {
       if (ue_context_p->ue_context.ue_reestablishment_timer >= ue_context_p->ue_context.ue_reestablishment_timer_thres) {
         LOG_I(RRC, "Removing UE %x instance because of reestablishment_timer timeout\n",
               ue_context_p->ue_context.rnti);
         ue_context_p->ue_context.ul_failure_timer = 20000; // lead to send S1 UE_CONTEXT_RELEASE_REQ
         removed_ue_count = add_ue_to_remove(ue_to_be_removed, removed_ue_count, ue_context_p);
-        ue_context_p->ue_context.ue_reestablishment_timer = 0;
+        //ue_context_p->ue_context.ue_reestablishment_timer = 0;
+        ue_context_p->ue_context.ue_reestablishment_timer_thres = 0;
         break; // break RB_FOREACH
       }
     }
@@ -9519,7 +9531,7 @@ void rrc_subframe_process(protocol_ctxt_t *const ctxt_pP, const int CC_id)
       ue_to_be_removed[cur_ue]->ue_context.ue_release_timer_s1 = 1;
       ue_to_be_removed[cur_ue]->ue_context.ue_release_timer_thres_s1 = 100;
       ue_to_be_removed[cur_ue]->ue_context.ue_release_timer = 0;
-      ue_to_be_removed[cur_ue]->ue_context.ue_reestablishment_timer = 0;
+      //ue_to_be_removed[cur_ue]->ue_context.ue_reestablishment_timer = 0;
     }
 
     rrc_eNB_free_UE(ctxt_pP->module_id, ue_to_be_removed[cur_ue]);