view cdg211/prim/mon.pdf @ 516:1ed9de6c90bd

src/g23m-gsm/sms/sms_for.c: bogus malloc removed The new error handling code that was not present in TCS211 blob version contains a malloc call that is bogus for 3 reasons: 1) The memory allocation in question is not needed in the first place; 2) libc malloc is used instead of one of the firmware's proper ways; 3) The memory allocation is made inside a function and then never freed, i.e., a memory leak. This bug was caught in gcc-built FreeCalypso fw projects (Citrine and Selenite) because our gcc environment does not allow any use of libc malloc (any reference to malloc produces a link failure), but this code from TCS3.2 is wrong even for Magnetite: if this code path is executed repeatedly over a long time, the many small allocations made by this malloc call without a subsequent free will eventually exhaust the malloc heap provided by the TMS470 environment, malloc will start returning NULL, and the bogus code will treat it as an error. Because the memory allocation in question is not needed at all, the fix entails simply removing it.
author Mychaela Falconia <falcon@freecalypso.org>
date Sun, 22 Jul 2018 06:04:49 +0000
parents 56abf6cf8a0b
children
line wrap: on
line source

;********************************************************************************
;*** File           : mon.pdf
;*** Creation       : Fri Jun 08 13:58:04 CST 2007
;*** XSLT Processor : Apache Software Foundation / http://xml.apache.org/xalan-j / supports XSLT-Ver: 1
;*** Copyright      : (c) Texas Instruments AG, Berlin Germany 2002
;********************************************************************************
;*** Document Type  : Service Access Point Specification
;*** Document Name  : mon
;*** Document No.   : 8304.129.96.103
;*** Document Date  : 2003-02-04
;*** Document Status: BEING_PROCESSED
;*** Document Author: LG
;********************************************************************************



PRAGMA 	SRC_FILE_TIME 	"Mon Nov 24 15:50:24 2003"
PRAGMA 	LAST_MODIFIED 	"2003-02-04"
PRAGMA 	ID_AND_VERSION 	"8304.129.96.103"



CONST 	SIZE_MCC 	3 	; 
CONST 	SIZE_MNC 	3 	; 



VALTAB 	VAL_arfcn
VAL 	1 - 124 	"GSM 900 without extension band"
VAL 	0 - 124 	"GSM 900 with extension band"
VAL 	975 - 1023 	"GSM 900 with extension band"
VAL 	512 - 1023 	"DCS 1800"
VAL 	0xFFFF 	 	"not present"

VALTAB 	VAL_att_flag
VAL 	0 	ATT_NOT_ALLOW 	"attach / detach not allowed"
VAL 	1 	ATT_ALLOW 	"attach / detach allowed"

VALTAB 	VAL_conf_ccch
VAL 	0 	CCCH_NOT_COMB_1_CHAN 	"CCCH not combined with SDCCH, 1 channel"
VAL 	1 	CCCH_COMB_1_CHAN 	"CCCH combined with SDCCH, 1 channel"
VAL 	2 	CCCH_NOT_COMB_2_CHAN 	"CCCH not combined with SDCCH, 2 channels"
VAL 	4 	CCCH_NOT_COMB_3_CHAN 	"CCCH not combined with SDCCH, 3 channels"
VAL 	6 	CCCH_NOT_COMB_4_CHAN 	"CCCH not combined with SDCCH, 4 channels"

VALTAB 	VAL_tn
VAL 	0 - 7 	"timeslot number 0-7"

VALTAB 	VAL_dlt
VAL 	8 - 45 	"initial value"

VALTAB 	VAL_pg
VAL 	0 - 80 	"paging group number"

VALTAB 	VAL_bs_pa_mfrms
VAL 	0 	 	"2 Multiframe Periods"
VAL 	1 	 	"3 Multiframe Periods"
VAL 	2 	 	"4 Multiframe Periods"
VAL 	3 	 	"5 Multiframe Periods"
VAL 	4 	 	"6 Multiframe Periods"
VAL 	5 	 	"7 Multiframe Periods"
VAL 	6 	 	"8 Multiframe Periods"
VAL 	7 	 	"9 Multiframe Periods"

VALTAB 	VAL_power
VAL 	0 - 31 	"power level"

VALTAB 	VAL_rx_lev
VAL 	0 - 63 	"received field strength"

VALTAB 	VAL_rx_qual_full
VAL 	0 - 7 	"received quality"

VALTAB 	VAL_bsic
VAL 	0 - 63 	"base station identification code"
VAL 	0xFF 	 	"not present"

VALTAB 	VAL_ch_type
VAL 	1 	CH_TCH_F 	"TCH/F"
VAL 	2 	CH_TCH_H_1 	"TCH/H(1)"
VAL 	3 	CH_TCH_H_2 	"TCH/H(2)"
VAL 	4 	CH_SDCCH_4_0 	"SDCCH/4(0)"
VAL 	5 	CH_SDCCH_4_1 	"SDCCH/4(1)"
VAL 	6 	CH_SDCCH_4_2 	"SDCCH/4(2)"
VAL 	7 	CH_SDCCH_4_3 	"SDCCH/4(3)"
VAL 	8 	CH_SDCCH_8_0 	"SDCCH/8(0)"
VAL 	9 	CH_SDCCH_8_1 	"SDCCH/8(1)"
VAL 	10 	CH_SDCCH_8_2 	"SDCCH/8(2)"
VAL 	11 	CH_SDCCH_8_3 	"SDCCH/8(3)"
VAL 	12 	CH_SDCCH_8_4 	"SDCCH/8(4)"
VAL 	13 	CH_SDCCH_8_5 	"SDCCH/8(5)"
VAL 	14 	CH_SDCCH_8_6 	"SDCCH/8(6)"
VAL 	15 	CH_SDCCH_8_7 	"SDCCH/8(7)"

VALTAB 	VAL_ch_mode
VAL 	0 	MODE_SIG_ONLY 	"signalling only"
VAL 	1 	MODE_SPEECH_FULL 	"speech full rate"
VAL 	5 	MODE_SPEECH_HALF 	"speech half rate"
VAL 	3 	MODE_DATA_12 	"data 12 kBits/s"
VAL 	11 	MODE_DATA_6_FULL 	"data 6 kBits/s fullrate"
VAL 	15 	MODE_DATA_6_HALF 	"data 6 kBits/s halfrate"
VAL 	19 	MODE_DATA_3_6_FULL 	"data 3.6 kBits/s fullrate"
VAL 	23 	MODE_DATA_3_6_HALF 	"data 3.6 kBits/s halfrate"
VAL 	33 	MODE_ENHANCED_FULL 	"enhanced full rate"

VALTAB 	VAL_hop
VAL 	0 	 	"no frequency hopping"
VAL 	1 	 	"with frequency hopping"




VAR 	arfcn 	"channel number" 	S

VAL 	@p_mon - VAL_arfcn@ 	

VAR 	arfcn_nc 	"channel number" 	S


VAR 	att_flag 	"attach flag" 	B

VAL 	@p_mon - VAL_att_flag@ 	

VAR 	conf_ccch 	"CCCH configuration" 	B

VAL 	@p_mon - VAL_conf_ccch@ 	

VAR 	tn 	"timeslot number" 	B

VAL 	@p_mon - VAL_tn@ 	

VAR 	dlt 	"downlink initial value" 	B

VAL 	@p_mon - VAL_dlt@ 	

VAR 	pg 	"paging group" 	B

VAL 	@p_mon - VAL_pg@ 	

VAR 	bs_ag_blocks_res 	"Blocks reserved for AGCH" 	B


VAR 	bs_pa_mfrms 	"Multiframe Period" 	B

VAL 	@p_mon - VAL_bs_pa_mfrms@ 	

VAR 	power 	"Power Level" 	B

VAL 	@p_mon - VAL_power@ 	

VAR 	rx_lev 	"received field strength" 	B

VAL 	@p_mon - VAL_rx_lev@ 	

VAR 	rx_lev_full 	"received field strength" 	B


VAR 	rx_lev_sub 	"received field strength" 	B


VAR 	rx_lev_nc 	"received field strength" 	B


VAR 	rx_qual_full 	"received quality" 	B

VAL 	@p_mon - VAL_rx_qual_full@ 	

VAR 	rx_qual_sub 	"received quality" 	B


VAR 	bsic 	"base station identification code" 	B

VAL 	@p_mon - VAL_bsic@ 	

VAR 	bsic_nc 	"base station identification code" 	B


VAR 	tav 	"timing advance" 	B


VAR 	tav_nc 	"timing advance" 	B


VAR 	ch_type 	"channel type" 	B

VAL 	@p_mon - VAL_ch_type@ 	

VAR 	ch_mode 	"channel mode" 	B

VAL 	@p_mon - VAL_ch_mode@ 	

VAR 	v_plmn 	"valid flag" 	B


VAR 	mcc 	"mobile country code" 	B


VAR 	mnc 	"mobile network code" 	B


VAR 	cell_id 	"cell identity" 	S


VAR 	lac 	"location area code" 	S


VAR 	c1 	"path loss criterion C1" 	B


VAR 	c2_nc 	"reselection criterion C2" 	B


VAR 	max_dlt 	"maximum downlink timeout counter" 	B


VAR 	act_dlt 	"actual downlink timeout counter" 	B


VAR 	max_rlt 	"maximum radiolink timeout counter" 	B


VAR 	act_rlt 	"actual radiolink timeout counter" 	B


VAR 	tsc 	"training sequence code" 	B


VAR 	hop 	"frequency hopping flag" 	B

VAL 	@p_mon - VAL_hop@ 	

VAR 	hsn 	"hopping sequence number" 	B


VAR 	maio 	"mobile allocation offset" 	B





COMP 	plmn 	 "PLMN identification"
{
 	v_plmn 	 ; valid flag
 	mcc 	[SIZE_MCC] 	 ; mobile country code
 	mnc 	[SIZE_MNC] 	 ; mobile network code
}






; MON_CHAN_IDLE_IND 	0x0F00
; MON_MEAS_IDLE_IND 	0x0F01
; MON_COUNTER_IDLE_IND 	0x0F02
; MON_CHAN_DEDI_IND 	0x0F03
; MON_MEAS_DEDI_IND 	0x0F05
; MON_COUNTER_DEDI_IND 	0x0F06
; MON_COVERAGE_IND 	0x0F07



PRIM 	MON_CHAN_IDLE_IND 	0x0F00
{
 	arfcn 	 ; channel number
 	att_flag 	 ; IMSI attach flag
 	conf_ccch 	 ; CCCH configuration
 	tn 	 ; timeslot
 	dlt 	 ; downlink timeout
 	pg 	 ; paging group
 	bs_ag_blocks_res 	 ; AGCH blocks reserved
 	bs_pa_mfrms 	 ; Multiframe Period
 	power 	 ; MS TXPWR MAX CCCH
 	plmn 	 ; PLMN Identification
 	lac 	 ; Location Area Code
 	cell_id 	 ; Cell Identity
}






PRIM 	MON_MEAS_IDLE_IND 	0x0F01
{
 	arfcn 	 ; BCCH serving cell
 	bsic 	 ; BSIC serving cell
 	rx_lev 	 ; Rxlev serving cell
 	c1 	 ; C1 serving cell
 	arfcn_nc 	[6] 	 ; BCCH neighbour cell
 	bsic_nc 	[6] 	 ; BSIC neighbour cell
 	rx_lev_nc 	[6] 	 ; Rxlev neigbour cell
 	tav_nc 	[6] 	 ; Timing Advance neighbour cell
 	c2_nc 	[6] 	 ; C2 neigbour cell
}






PRIM 	MON_COUNTER_IDLE_IND 	0x0F02
{
 	max_dlt 	 ; Maximum Downlink Counter
 	act_dlt 	 ; Actual Downlink Counter
}






PRIM 	MON_CHAN_DEDI_IND 	0x0F03
{
 	ch_type 	 ; channel type
 	arfcn 	 ; channel number
 	tsc 	 ; training sequence code
 	tn 	 ; timeslot
 	ch_mode 	 ; channel mode
 	hop 	 ; frequency hopping flag
 	hsn 	 ; hopping sequence number
 	maio 	 ; mobile allocation offset
 	power 	 ; power level
}






PRIM 	MON_MEAS_DEDI_IND 	0x0F05
{
 	rx_lev_full 	 ; Rxlev full serving cell
 	rx_lev_sub 	 ; Rxlev sub serving cell
 	rx_qual_full 	 ; Rxqual full serving cell
 	rx_qual_sub 	 ; Rxqual sub serving cell
 	tav 	 ; Timing advance serving cell
 	arfcn_nc 	[6] 	 ; BCCH neighbour cell
 	bsic_nc 	[6] 	 ; BSIC neighbour cell
 	rx_lev_nc 	[6] 	 ; Rxlev neigbour cell
 	tav_nc 	[6] 	 ; Timing Advance neighbour cell
}






PRIM 	MON_COUNTER_DEDI_IND 	0x0F06
{
 	max_rlt 	 ; Maximum Radiolink Timeout Counter
 	act_rlt 	 ; Actual Radiolink Timeout Counter
}






PRIM 	MON_COVERAGE_IND 	0x0F07
{
 	rx_lev 	[124] 	 ; fieldstrength
 	bsic 	[124] 	 ; bsic
}