Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: second ue release uecontext without authetication #136

Merged
merged 2 commits into from
Aug 13, 2024
Merged

fix: second ue release uecontext without authetication #136

merged 2 commits into from
Aug 13, 2024

Conversation

donald1218
Copy link
Contributor

No description provided.

@ianchen0119
Copy link
Contributor

Hi @ss920386

Could you please help to review this PR?

Tks.

@ianchen0119 ianchen0119 mentioned this pull request Jul 29, 2024
Closed
@andy89923 andy89923 requested a review from ianchen0119 August 7, 2024 05:00
linouxis9
linouxis9 reviewed Aug 11, 2024
View reviewed changes
Copy link

@linouxis9 linouxis9 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @ianchen0119, @donald1218,

As requested, I have tested this PR with PacketRusher !

This PR seems to help, but a malicious gNodeB is now able to crash the AMF.
It can be reproduced by running the following commands:

  • ./packetrusher multi-ue -n 1 --loop --tr 1000
  • Wait a few seconds then CTRL-C
  • ./packetrusher multi-ue -n 1 --loop --tr 100
amf       | 2024-08-11T20:33:42.778544949Z [FATA][AMF][Ngap] panic: runtime error: invalid memory address or nil pointer dereference
amf       | goroutine 2659 [running]:
amf       | runtime/debug.Stack()
amf       |     /usr/local/go/src/runtime/debug/stack.go:24 +0x5e
amf       | github.com/free5gc/amf/internal/ngap/service.handleConnection.func1()
amf       |     /go/src/free5gc/NFs/amf/internal/ngap/service/service.go:186 +0x45
amf       | panic({0xc7aa00?, 0x145a4f0?})
amf       |     /usr/local/go/src/runtime/panic.go:914 +0x21f
amf       | github.com/free5gc/amf/internal/context.(*RanUe).DetachAmfUe(...)
amf       |     /go/src/free5gc/NFs/amf/internal/context/ran_ue.go:95
amf       | github.com/free5gc/amf/internal/gmm/common.ClearHoldingRanUe(0xc00020a600?)
amf       |     /go/src/free5gc/NFs/amf/internal/gmm/common/user_profile.go:73 +0x12
amf       | github.com/free5gc/amf/internal/nas.HandleNAS(0xc0002c68c0, 0xc00061de60?, {0xc00072adc0, 0x33, 0x40}, 0xa0?)
amf       |     /go/src/free5gc/NFs/amf/internal/nas/handler.go:40 +0x22d
amf       | github.com/free5gc/amf/internal/ngap.handleUplinkNASTransportMain(0xc0002162a0?, 0xc0002c68c0, 0xc000011008?, 0x100?)
amf       |     /go/src/free5gc/NFs/amf/internal/ngap/handler.go:120 +0x65
amf       | github.com/free5gc/amf/internal/ngap.handlerUplinkNASTransport(0xc0009e5580, 0xc0004b4fc0)
amf       |     /go/src/free5gc/NFs/amf/internal/ngap/handler_generated.go:11251 +0x131f
amf       | github.com/free5gc/amf/internal/ngap.dispatchMain(0xc0009e5580, 0x5e?)
amf       |     /go/src/free5gc/NFs/amf/internal/ngap/dispatcher_generated.go:112 +0x2cd
amf       | github.com/free5gc/amf/internal/ngap.Dispatch({0xf0aa30?, 0xc00049db50}, {0xc00091a000, 0x5e, 0x40000})
amf       |     /go/src/free5gc/NFs/amf/internal/ngap/dispatcher.go:49 +0x1ff
amf       | github.com/free5gc/amf/internal/ngap/service.handleConnection(0xc00049db50, 0x40000, {0xe0c2e0?, 0xe0c2f0?, 0xe0c2e8?})
amf       |     /go/src/free5gc/NFs/amf/internal/ngap/service/service.go:239 +0x3e4
amf       | created by github.com/free5gc/amf/internal/ngap/service.listenAndServe in goroutine 26
amf       |     /go/src/free5gc/NFs/amf/internal/ngap/service/service.go:160 +0x997

This won't fix the issue, but for reliability purposes, I would recommend adding some recover() when handling a connection to a gNodeB, as well as when handling messages as well, so a local panic does not make the whole AMF crashes.
You probably need some kind of locking (eg. mutex) on the UE to fix this issue.

If I can be of any help, please reach out !

Thanks and cheers,
Valentin

@donald1218
Copy link
Contributor Author

Hi @linouxis9 , thank you for helping with the testing. The reason AMF was panicking is that I didn’t check if RanUE was nil before detach. I’ve already fixed this issue.

Tks.

@ianchen0119 ianchen0119 merged commit 6c3f75b into free5gc:main Aug 13, 2024
3 checks passed
@donald1218 donald1218 deleted the fix/second-ue-release-context branch August 15, 2024 03:29
@andy89923 andy89923 mentioned this pull request Aug 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@linouxis9 linouxis9 linouxis9 left review comments

@ianchen0119 ianchen0119 ianchen0119 approved these changes

@ss920386 ss920386 ss920386 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@donald1218 @ianchen0119 @linouxis9 @ss920386