1. 04 Mar, 2021 1 commit
  2. 02 Mar, 2021 2 commits
  3. 01 Mar, 2021 3 commits
  4. 28 Feb, 2021 3 commits
    • Michael Cook's avatar
      lte-ue.c: Allocate bigger arrays · 034d2cfe
      Michael Cook authored
      This code allocates memory from the heap:
      
      ```
      static void *UE_phy_stub_standalone_pnf_task(void *arg)
      {
      ...
        UL_INFO->crc_ind.crc_indication_body.crc_pdu_list =
        calloc(NB_UE_INST, sizeof(nfapi_crc_indication_pdu_t));
      ```
      
      I see NB_UE_INST==1.
      
      Then this code:
      
      ```
      void fill_crc_indication_UE_MAC(int Mod_id,
                                      int frame,
                                      int subframe,
                                      UL_IND_t *UL_INFO,
                                      uint8_t crc_flag,
                                      int index,
                                      uint16_t rnti,
                                      nfapi_ul_config_request_t
                                      *ul_config_req) {
      ...
        nfapi_crc_indication_pdu_t *pdu =
            &UL_INFO->crc_ind.crc_indication_body
                 .crc_pdu_list[UL_INFO->crc_ind.crc_indication_body.number_of_crcs];
      ```
      
      used .number_of_crcs to index into .crc_pdu_list without first
      checking if .number_of_crcs is in range.
      
      When run with multiple UEs, sometimes .number_of_crcs==1 and then
      -fsanitize=address complains.
      
      Change is to use NUMBER_OF_UE_MAX instead of NB_UE_INST.
      
      With this change, -fsanitize=address stopping complaining.
      034d2cfe
    • Michael Cook's avatar
      eNB_scheduler_ulsch.c: Range checking on array access · 11270af8
      Michael Cook authored
      -fsanitize=address complained about this code.
      11270af8
    • Michael Cook's avatar
      pdcp_fifo_flush_sdus: Fix message size calculation · 706f0e44
      Michael Cook authored
      -fsanitize=address detected that we were trying to access bytes
      past the end of a block of malloc'ed memory.
      
      Specifically, in this code:
      
      ```
          } else if (ENB_NAS_USE_TUN) {
            if( LOG_DEBUGFLAG(DEBUG_PDCP) )
              log_dump(PDCP, pdcpData, sizeToWrite, LOG_DUMP_CHAR,"PDCP
            output to be sent to TUN interface: \n");
            ret = write(nas_sock_fd[0], pdcpData, sizeToWrite);
      ```
      
      -fsanitize=address said:
      
      ```
      ==80==ERROR: AddressSanitizer: heap-buffer-overflow on address
      0x61100004ffdc at pc 0x7f57c5f576a5 bp 0x7f57bb53c240 sp
      0x7f57bb53b9e8
      READ of size 108 at 0x61100004ffdc thread T7
      
      0x61100004ffdc is located 0 bytes to the right of 220-byte region
      [0x61100004ff00,0x61100004ffdc)
      ```
      
      So, the code was trying to access the first byte after a block of
      heap memory.
      
      sizeToWrite was calculated like this:
      
      ```
          int sizeToWrite= sizeof (pdcp_data_ind_header_t) +
            pdcpHead->data_size;
      ```
      
      There were a few other similar invocations of write() in the same
      function used the wrong size.  That sizeToWrite calculation
      should be used only when the header is being sent, too, which
      happens in only one place in this function.
      
      With this commit, our tests pass and -fsanitize=address is happy.
      706f0e44
  5. 27 Feb, 2021 4 commits
  6. 26 Feb, 2021 3 commits
  7. 24 Feb, 2021 5 commits
    • Melissa Elkadi's avatar
      Merge remote-tracking branch 'origin/develop' into episys-merge · 98c8ddb6
      Melissa Elkadi authored
      Removing references to memcpy_dl_config_req and
      memcpy_tx_req because these functions are leaking
      memory. For our standalone mode we have created
      new/modified memcpy_dl/tx_req functions.
      98c8ddb6
    • Remi Hardy's avatar
      Integration 2021 wk08 · 17d4c5c2
      Remi Hardy authored
      MR1046 : Add support for NR UL SC-FDMA up to 100 MHz
      
      MR1053Nr : pdcp nea2 security
      
      MR1049 : improve rfsim
      -Fix a regression 
      Earlier parameter reading was moved to an external thread,  
      Eventually the check at the end of the main was too early, 
      Declaration of  some extra parameters are now on command line
      -Enhancement: 
      use the rfsim as a server on UE side, so we can connect two xNB to one UE
      -Simplification: 
      remove rfsim flags that have been made for convergence with replay function in usrp driver, but this is useless as they changed their code
      -Fix a bug in ubuntu 20.04 (now the code is ready in whole OAI)
      
      
      MR1056 : Bugfix: NR BSR calculation
      Fixes a bug in the scheduler for BSR calculation. 
      Before, we might wrongly track the BSR of a UE and not schedule it anymore although it has data. 
      Should be fixed now and improve UL throughput. 
      
      MR963 : Nr mac multi rach global edge
      -Handling of Multiple Users triggering RACH request in different RACH Occasions in same slot
      -Providing Random Access Response according to RACH request
      
      17d4c5c2
    • Melissa Elkadi's avatar
      4dcb32c1
    • Melissa Elkadi's avatar
      Updating incorrect logic in phy_stub_ue.c · 125e0aa1
      Melissa Elkadi authored
      125e0aa1
    • Saankhya's avatar
      following coding guideline · 37a2ce7d
      Saankhya authored
      fixing the RE offset for each Rx antenna in pusch channel estimation
      37a2ce7d
  8. 23 Feb, 2021 6 commits
  9. 21 Feb, 2021 1 commit
  10. 19 Feb, 2021 6 commits
  11. 18 Feb, 2021 5 commits
  12. 17 Feb, 2021 1 commit
    • Robert Schmidt's avatar
      Fixup sched_ul_bytes logic · a3b1216b
      Robert Schmidt authored
      1) Only count new transmission as scheduled bytes (which is then
      compared against the BSR)
      
      2) When subtracting scheduled bytes after successful reception, subtract
      TBsize from correct HARQ process
      a3b1216b