view src/g23m-gprs/grr/grr_tcf.h @ 516:1ed9de6c90bd

src/g23m-gsm/sms/sms_for.c: bogus malloc removed The new error handling code that was not present in TCS211 blob version contains a malloc call that is bogus for 3 reasons: 1) The memory allocation in question is not needed in the first place; 2) libc malloc is used instead of one of the firmware's proper ways; 3) The memory allocation is made inside a function and then never freed, i.e., a memory leak. This bug was caught in gcc-built FreeCalypso fw projects (Citrine and Selenite) because our gcc environment does not allow any use of libc malloc (any reference to malloc produces a link failure), but this code from TCS3.2 is wrong even for Magnetite: if this code path is executed repeatedly over a long time, the many small allocations made by this malloc call without a subsequent free will eventually exhaust the malloc heap provided by the TMS470 environment, malloc will start returning NULL, and the bogus code will treat it as an error. Because the memory allocation in question is not needed at all, the fix entails simply removing it.
author Mychaela Falconia <falcon@freecalypso.org>
date Sun, 22 Jul 2018 06:04:49 +0000
parents 219afcfc6250
children
line wrap: on
line source

/* 
+----------------------------------------------------------------------------- 
|  Project :  GPRS (8441)
|  Modul   :  GRR
+----------------------------------------------------------------------------- 
|  Copyright 2002 Texas Instruments Berlin, AG 
|                 All rights reserved. 
| 
|                 This file is confidential and a trade secret of Texas 
|                 Instruments Berlin, AG 
|                 The receipt of or possession of this file does not convey 
|                 any rights to reproduce or disclose its contents or to 
|                 manufacture, use, or sell anything it may describe, in 
|                 whole, or in part, without the specific written consent of 
|                 Texas Instruments Berlin, AG. 
+----------------------------------------------------------------------------- 
|  Purpose :  Definitions for service TC.
+----------------------------------------------------------------------------- 
*/ 

#ifndef GRR_TCF_H
#define GRR_TCF_H

/*
 * used in tc_gen_rand
 */
#define S_VALUE_RESERVED 0xff

typedef enum
{
  R_BUILD_2PHASE_ACCESS 
} T_REASON_BUILD;

typedef enum
{
  SRC_TBF_INFO_RE_ASSIGN,  /* channel reassignment */
  SRC_TBF_INFO_IMM_ASSIGN, /* immediate assignment */
  SRC_TBF_INFO_UL_ASSIGN   /* uplink assignment    */
} T_SRC_TBF_INFO;

typedef enum
{
  E_ACCESS_REJ_NULL,      /* unforeseen mesage  content*/
  E_ACCESS_REJ_IGNORE,    /* wrong address, faulty message */
  E_ACCESS_REJ_WAIT,      /* valid reject with wait indication */
  E_ACCESS_REJ_NO_WAIT,   /* valid reject without wait indication */
  E_ACCESS_REJ_ERROR_DUMMY
} T_EVAL_ACCESS_REJ;

typedef enum
{
  E_UL_ASSIGN_NULL,             /* unforeseen mesage content */
  E_UL_ASSIGN_SB_WITHOUT_TBF,   /* Single Block without TBF Establishment */
  E_UL_ASSIGN_SB_2PHASE_ACCESS, /* Allocation for 2 Phase of 2_Phase-Access */
  E_UL_ASSIGN_DYNAMIC,          /* Dynamic Allocation */
  E_UL_ASSIGN_FIXED,            /* Fixed Allocation */
  E_UL_ASSIGN_RE_ASSIGN,
  E_UL_ASSIGN_ERROR_RA,         /* because of to many PDCH assigned */
  E_UL_ASSIGN_IGNORE            /*Ignore UL Assignment*/ 
} T_EVAL_UL_ASSIGN;

typedef enum
{
  H_RA_CON_STOP_REQ,    /* stop sending of packet access request */
  H_RA_CON_CONTINUE   /* continue sending of packet access request */
} T_HANDLE_RA_CON;

typedef enum
{
  E_DL_ASSIGN_IGNORE,    /* no effect on current tbf */
  E_DL_ASSIGN_ERROR_RA,  /* release and start random access procedure*/ 
  E_DL_ASSIGN,           /* valid message */
  E_DL_ASSIGN_ABORT_DL
} T_EVAL_DL_ASSIGN;

typedef enum
{
  E_TS_IGNORE,                  /* no effect on current tbf(s) */
  E_TS_UL_REASSIG_NEW_DL,       /* reassignment of uplink  allocation and new downlink allocation*/
  E_TS_UL_REASSIG_DL_REASSIG,   /* reassignment of uplink  allocation and  reassignment downlink allocation*/
  E_TS_NEW_UL_DL_REASSIG,       /* new assignment of uplink  allocation and reassignment downlink allocation*/
  E_TS_RECONFIG_ERROR_RA        /* error in packet timeslot reconfigure */
} T_EVAL_TS_RECONFIG;

typedef enum
{
  E_PDCH_REL_NULL,        /* unforeseen mesage content, corrupt message */
  E_PDCH_REL_IGNORE,      /* no effect to current tbf */
  E_PDCH_REL_RELEASE_DL,  /* all timeslots for this tbf removed */
  E_PDCH_REL_RELEASE_UL,  /* all timeslots for this tbf removed */
  E_PDCH_REL_RELEASE_BOTH,/* all timeslots for this tbf removed */
  E_PDCH_REL_RECONF,      /* valid message */
  E_PDCH_REL_RELEASE_DL_RECONF_UL,  /* all timeslots for DL tbf removed, UL reconfigured */
  E_PDCH_REL_RELEASE_UL_RECONF_DL,  /* all timeslots for UL tbf removed  DL reconfigured*/
  E_PDCH_REL_ERROR_DUMMY
} T_EVAL_PDCH_REL;




typedef enum
{
  C_P_LEVEL_NULL,     
  C_P_LEVEL_SEND,   
  C_P_LEVEL_DO_NOT_SEND
} T_CHECK_P_LEVEL;



typedef enum
{
  CAC_OTHER,
  CAC_T3170_EXPIRED
} T_CHECK_ACCESS_CAUSE;


#define SET_STATE_TC_PIM_AFTER_ACCESS_DISABLED( cell_has_changed,   \
                                                enable_cause      ) \
  {                                                                 \
    tc_handle_new_cell( cell_has_changed, enable_cause );           \
                                                                    \
    SET_STATE( TC, TC_PIM );                                        \
    grr_data->tc.disable_class = CGRLC_DISABLE_CLASS_NULL;          \
  }


EXTERN void tc_cgrlc_ul_tbf_res ( UBYTE tbf_mode, UBYTE prim_status );
EXTERN void tc_cgrlc_dl_tbf_req ( void );
EXTERN void tc_cgrlc_tbf_rel_req(UBYTE tbf_type,UBYTE rel_cause,ULONG rel_fn);
EXTERN void tc_cgrlc_access_status_req  ( void );
EXTERN void tc_send_control_msg_to_grlc ( void );
EXTERN void tc_cgrlc_disable_req        ( UBYTE prim_st );
EXTERN void tc_cgrlc_tbf_rel_res        ( UBYTE tbf_type );

EXTERN void tc_cgrlc_enable_req         ( UBYTE queue_mode,
                                          UBYTE cu_cause,
                                          BOOL  cell_has_changed,
                                          UBYTE enable_cause      );


EXTERN void tc_check_access_is_needed ( T_CHECK_ACCESS_CAUSE cause );
EXTERN void tc_send_tbf_rel           ( T_TBF_TYPE );
EXTERN void tc_send_tbf_release_req   ( T_TBF_TYPE tbf_type, BOOL is_synchron );
EXTERN void tc_deactivate_tbf         ( T_TBF_TYPE );
EXTERN void tc_send_polling_res       (UBYTE poll_type_i,ULONG fn_i, UBYTE rrbp_i,UBYTE ctrl_ack_i );


/*************************************************************+*/





EXTERN USHORT tc_gen_rand ( void );
EXTERN USHORT tc_calc_req ( void );
EXTERN T_CHECK_P_LEVEL tc_check_p_level ( void );
EXTERN void tc_send_assign_req ( T_TBF_TYPE tbf_type_i );
EXTERN void tc_send_pdch_rel ( UBYTE ts_available );
EXTERN void tc_abort_tbf ( T_TBF_TYPE tbf_i );


EXTERN void tc_build_res_req (T_U_RESOURCE_REQ *ptr2res_req,
                              T_REASON_BUILD    reason_i,
                              T_SRC_TBF_INFO    src_info_i );
EXTERN T_EVAL_PDCH_REL tc_eval_pdch_rel ( UBYTE );
EXTERN T_EVAL_UL_ASSIGN tc_eval_ul_assign ( void );
EXTERN T_EVAL_DL_ASSIGN tc_eval_dl_assign ( void );
EXTERN T_EVAL_ACCESS_REJ tc_eval_access_rej ( ULONG * t3172_value_i);
EXTERN void tc_send_ra_req ( void );
EXTERN void tc_send_ra_stop_req ( void );
EXTERN void tc_send_single_block ( void );
EXTERN void tc_send_resource_request_p ( void );
EXTERN T_HANDLE_RA_CON tc_handle_ra_con ( void );
EXTERN void tc_init ( void );
EXTERN void tc_handle_error_pim ( void );
EXTERN void tc_handle_error_ra ( void );
EXTERN void tc_activate_tbf ( T_TBF_TYPE );
EXTERN void tc_start_timer_t3172 ( ULONG t3172_value_i );
EXTERN void tc_handle_tbf_start( T_TBF_TYPE tbf_type );
EXTERN void tc_prepare_handle_tbf_start( T_TBF_TYPE    tbf_type,
                                         UBYTE         new_state, 
                                         UBYTE         old_state );
EXTERN void tc_calc_fa_bitmap (ULONG tbf_start,
                               UBYTE blks_or_blkps, 
                               USHORT len,
                               UBYTE * ptr2_alloc_map, 
                               T_p_fixed_alloc  * ptr2_fix_alloc);

//EXTERN void tc_handle_final_alloc (UBYTE final_allocation);

EXTERN void tc_send_ul_repeat_alloc_req( void);
EXTERN USHORT tc_set_fa_bitmap( UBYTE ts_mask, T_FIX_ALLOC * ptr_alloc);
EXTERN T_EVAL_TS_RECONFIG tc_eval_ts_reconf ( void );
EXTERN BOOL tc_set_hopping_par(T_freq_par *freq_par  );
EXTERN void tc_stop_timer_t3172 ( void );

EXTERN BOOL   tc_store_ctrl_blk ( T_BLK_OWNER blk_owner, void *blk_struct );
EXTERN BOOL   tc_cancel_ctrl_blk ( T_BLK_OWNER blk_owner );
EXTERN UBYTE* tc_set_start_ctrl_blk ( UBYTE *index );
EXTERN T_BLK_INDEX tc_set_stop_ctrl_blk ( BOOL        is_tx_success,
                                          T_BLK_OWNER srch_owner,
                                          T_BLK_INDEX start_idx );
EXTERN void   tc_set_stop_tc_ctrl_blk ( void );
EXTERN void   tc_set_stop_all_ctrl_blk ( void );

EXTERN void tc_stop_normal_burst_req ( void );


EXTERN void tc_malloc_assign ( void );
EXTERN void tc_mfree_assign ( BOOL restore_data );

EXTERN T_TIME tc_get_t3170_value(void);

EXTERN T_MPHP_ASSIGNMENT_REQ * tc_set_freq (void);

EXTERN void tc_call_disable_callback_func ( void );


#endif /* !GRR_TCF_H */