aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-03-30sms-part-3gpp: avoid underflow in tp_user_data_size_elementsAleksander Morgado
==101461== Command: ./build/test/mmsmspdu --pdu=004100010100014B00002E --verbose ==101461== [debug] parsing PDU (0)... [debug] no SMSC address given [debug] submit type PDU detected [debug] message reference: 0 [debug] address size: 1 digits (1 bytes) [debug] number parsed: 00 [debug] PID: 1 [debug] user data encoding is GSM7 [debug] user data length: 0 elements [debug] user data length: 0 bytes [debug] decoding SMS text with 4294967294 elements Based on a patch from Michal Mazur <mkm@semihalf.com>.
2023-03-30sms-part-3gpp: fix invalid memory read due to wrong size check when reading ↵Aleksander Morgado
address Before the actual number digits there is always a Type of Address byte that we were not considering during the size check. [debug] parsing PDU (0)... [debug] no SMSC address given [debug] deliver type PDU detected [debug] address size: 1 digits (1 bytes) ==90832== Command: ./build/test/mmsmspdu --pdu=001C011C --verbose ==90832== ==90832== Invalid read of size 1 ==90832== at 0x10AC90: sms_semi_octets_to_bcd_string (mm-sms-part-3gpp.c:71) ==90832== by 0x10AC90: sms_decode_address (mm-sms-part-3gpp.c:157) ==90832== by 0x10B0C5: mm_sms_part_3gpp_new_from_binary_pdu (mm-sms-part-3gpp.c:512) ==90832== by 0x10BF77: mm_sms_part_3gpp_new_from_pdu (mm-sms-part-3gpp.c:368) ==90832== by 0x10A44D: main (mmsmspdu.c:242) ==90832== Address 0x5199874 is 0 bytes after a block of size 4 alloc'd ==90832== at 0x48455EF: calloc (vg_replace_malloc.c:1328) ==90832== by 0x49DF6C0: g_malloc0 (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7400.2) ==90832== by 0x48ABD24: mm_utils_hexstr2bin (mm-common-helpers.c:1884) ==90832== by 0x10BF56: mm_sms_part_3gpp_new_from_pdu (mm-sms-part-3gpp.c:362) ==90832== by 0x10A44D: main (mmsmspdu.c:242)
2023-03-30sms-part-3gpp: fix invalid memory read parsing addressAleksander Morgado
[debug] parsing PDU (0)... [debug] no SMSC address given [debug] status report type PDU detected [debug] message reference: 191 [debug] address size: 0 digits (0 bytes) ==78906== Command: ./build/test/mmsmspdu --pdu=000ABF00 --verbose ==78906== ==78906== Invalid read of size 1 ==78906== at 0x10AA80: sms_decode_address (mm-sms-part-3gpp.c:132) ==78906== by 0x10AF7C: mm_sms_part_3gpp_new_from_binary_pdu (mm-sms-part-3gpp.c:507) ==78906== by 0x10BE17: mm_sms_part_3gpp_new_from_pdu (mm-sms-part-3gpp.c:368) ==78906== by 0x10A44D: main (mmsmspdu.c:202) ==78906== Address 0x5199874 is 0 bytes after a block of size 4 alloc'd ==78906== at 0x48455EF: calloc (vg_replace_malloc.c:1328) ==78906== by 0x49DF6C0: g_malloc0 (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7400.2) ==78906== by 0x48ABD24: mm_utils_hexstr2bin (mm-common-helpers.c:1884) ==78906== by 0x10BDF6: mm_sms_part_3gpp_new_from_pdu (mm-sms-part-3gpp.c:362) ==78906== by 0x10A44D: main (mmsmspdu.c:202)
2023-03-30test-sms-part-3gpp: prepare common invalid PDU tester operationAleksander Morgado
2023-03-30test,mmsmspdu: fix verbose logging supportAleksander Morgado
2023-03-30bearer-mbim: use mobile equipment error only if setMichal Mazur
Always prefer the operation error when the nw_error is not set (has value MBIM_NW_ERROR_NONE). If the activation state is ACTIVATED or ACTIVATING then the behavior doesn't change.
2023-03-30sms-part-3gpp|cdma: new fuzzer testsAleksander Morgado
2023-03-27sierra: add EM7455 port type hintsAleksander Morgado
2023-03-27port-probe: don't assume port is QCDM when QCDM is not requiredAleksander Morgado
When QCDM is not required we don't run an explicit QCDM port probing operation. In this case, though, we should not assume that the port is QCDM capable, even if it is also flagged as ignored. Instead, we'll flag the port as QCDM capable and ignored only if there was a udev port type hint associated to the port. Otherwise, we'll report the port as not being QCDM capable, and the port won't even be reported in the list of ports as its type is unknown.
2023-03-27port-probe: minor refactor in QCDM probingAleksander Morgado
2023-03-27quectel: no real requirement for QCDMAleksander Morgado
The supported Quectel modules are usually QMI based and therefore very new, there is no real requirement to support QCDM based management.
2023-03-27broadmobi: no real requirement for QCDMAleksander Morgado
The supported broadmobi modules are usually QMI based and therefore very new, there is no real requirement to support QCDM based management.
2023-03-27sierra: no real requirement for QCDMAleksander Morgado
The QCDM ports are not strictly required in the Sierra plugin, as this plugin deals exclusively with QMI and MBIM capable devices.
2023-03-27iface-modem-3gpp: avoid to connect signal on NULL SIM objectAleksander Morgado
Happens when we boot without a SIM card inserted: ModemManager[12065]: <dbg> [1679912011.887410] [ttyACM2/at] --> 'AT+CLCK="PC",2<CR>' ModemManager[12065]: <dbg> [1679912011.905401] [ttyACM2/at] <-- '<CR><LF>+CLCK: 0<CR><LF><CR><LF>OK<CR><LF>' (ModemManager:12065): GLib-GObject-CRITICAL **: 12:13:31.905: invalid (NULL) pointer instance
2023-03-24build: unstable release version bump to 1.21.5Aleksander Morgado
2023-03-24broadband-modem-qmi: avoid duplicating code in operating mode update logicAleksander Morgado
2023-03-24broadband-modem-qmi: fix return type of GSourceFunc callbackAleksander Morgado
2023-03-24mm-broadband-modem-qmi: run explicit DMS Get Operating Mode query if timeout ↵Akash Aggarwal
reached Fixes https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/issues/646
2023-03-24port-qmi: read checksum offload link flags to use from kernel rmnet driverAleksander Morgado
The feature/rx_offload and feature/tx_offload sysfs attributes specify which offload settings should be used when creating new links.
2023-03-22broadband-modem-qmi: ignore profile updates during 100ms after our own updatesAleksander Morgado
2023-03-22Revert "broadband-modem-qmi: disable profile changed indications during our ↵Aleksander Morgado
operations" This reverts commit dad3e8274723805e3957f166ba158a37cf6a96ec. Disabling profile change indications just before doing our profile updates and re-enabling them just after is not enough. The modem may still emit the profile change indication right after, so all this logic is unnecessary.
2023-03-21base-manager: improve logging of manager DBus requestsAleksander Morgado
2023-03-15cinterion: don't assume GError structure always initializedKirill Buksha
GError structure may not be initialized after execution of mm_3gpp_parse_cgdcont_read_response() and accessing it's fields will cause a segmentation fault.
2023-03-15ci: test build without deprecated symbols supportAleksander Morgado
2023-03-15iface-modem-signal: remove unused variableAleksander Morgado
src/mm-iface-modem-signal.c:99:27: warning: unused variable 'current_time' [-Wunused-variable] g_autoptr(GDateTime) current_time = NULL; ^
2023-03-15sim-mbim: remove unused variableAleksander Morgado
src/mm-sim-mbim.c:1134:30: warning: unused variable 'request' [-Wunused-variable] g_autoptr(MbimMessage) request = NULL; ^
2023-03-10broadband-modem-qmi: disable profile changed indications during our operationsAleksander Morgado
Just ignoring the received indications is not enough, because they could arrive after the operation response has been processed. We now explicitly disable the indications by reconfiguring the modem before and after every profile update operation triggered by our own logic.
2023-03-07cli: remove unneeded EOLs when printing PCOsAleksander Morgado
E.g. in the key-value output: modem.3gpp.pco.length : 2 modem.3gpp.pco.value[1] : session-id: 1, complete: yes, data: 270180\n modem.3gpp.pco.value[2] : session-id: 2, complete: yes, data: 271480802110030100108106503A3DFA8306503A3DFE\n Or in the human output: ---------------------------------- 3GPP | | pco: 1: (complete) '270180' | 2: (complete) '271480802110030100108106503A3DFA8306503A3DFE' ---------------------------------- 3GPP EPS | ue mode of operation: csps-2
2023-03-07telit: ignore composition 0x1075Daniele Palmas
When Telit FN990 is integrated through PCIe, but also USB lines are available, ModemManager will consider the port on the USB composition as a different modem: oem@sw-test:~$ mmcli -L /org/freedesktop/ModemManager1/Modem/1 [telit] FN990A40 /org/freedesktop/ModemManager1/Modem/0 [Telit] FN990A40 oem@sw-test:~$ mmcli -m 0 <snip> | equipment id: 359172390022295 -------------------------------- System | device: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-5 | drivers: option | plugin: telit | primary port: ttyUSB0 | ports: ttyUSB0 (at) oem@sw-test:~$ mmcli -m 1 <snip> | equipment id: 359172390022295 ----------------------------------- System | device: /sys/devices/pci0000:00/0000:00:1c.0/0000:01:00.0 | drivers: mhi-pci-generic | plugin: telit | primary port: wwan0mbim0 | ports: wwan0 (net), wwan0at0 (at), wwan0at1 (at), | wwan0mbim0 (mbim), wwan0nmea0 (ignored), wwan0qcdm0 (ignored) Ignore composition 0x1075, since it should not be used by ModemManager and can only show when PCIe is used.
2023-03-03quectel: add support for EG12-EA type usb modulesdchard
2023-02-28broadband-modem-mbim: add support for setting up thresholds on v1 MBIM modemsNagi Marupaka
On MBIM modems that do not support mbimex v2, extra steps are required to retrieve 3G/4G signal quality markers from the modem when using thresholds to trigger signal quality indications.
2023-02-24base-manager: remove shadowing variableAleksander Morgado
[1/2] Compiling C object src/ModemManager.p/mm-base-manager.c.o ../src/mm-base-manager.c: In function ‘remove_device_inhibition’: ../src/mm-base-manager.c:1127:20: warning: declaration of ‘l’ shadows a previous local [-Wshadow] 1127 | GList *l; | ^ ../src/mm-base-manager.c:1116:16: note: shadowed declaration is here 1116 | GList *l; | ^
2023-02-23build: unstable release version bump to 1.21.4Aleksander Morgado
2023-02-23quectel: add support for EC21-EUX usb modulesQuectelDuke
Signed-off-by: QuectelDuke <duke.xin@quectel.com>
2023-02-21xmm: fix crash parsing XACT? responseAleksander Morgado
Ensure we don't assert when processing an unexpected response. We were not correctly handling the case where g_match_info_matches() was not succeeding. 0x00007d8be96cc462 (libc.so.6 + 0x00028462) abort 0x00007d8be995ff01 (libglib-2.0.so.0 - gtestutils.c: 3253) g_assertion_message 0x00007d8be995ff64 (libglib-2.0.so.0 - gtestutils.c: 3279) g_assertion_message_expr 0x00007d8be858086a (libmm-shared-xmm.so - mm-modem-helpers-xmm.c: 467) mm_xmm_parse_xact_query_response 0x00007d8be857d4e0 (libmm-shared-xmm.so - mm-shared-xmm.c: 310) xact_query_bands_ready 0x00007d8be9a79463 (libgio-2.0.so.0 - gsimpleasyncresult.c: 802) g_simple_async_result_complete 0x00005c8d2a11e9b9 (ModemManager - mm-base-modem-at.c: 538) at_command_ready 0x00007d8be9a79463 (libgio-2.0.so.0 - gsimpleasyncresult.c: 802) g_simple_async_result_complete 0x00005c8d2a19376b (ModemManager - mm-port-serial-at.c) serial_command_ready 0x00007d8be9a79463 (libgio-2.0.so.0 - gsimpleasyncresult.c: 802) g_simple_async_result_complete 0x00005c8d2a18f93f (ModemManager - mm-port-serial.c: 139) command_context_complete_and_free 0x00005c8d2a192985 (ModemManager - mm-port-serial.c: 753) port_serial_got_response 0x00005c8d2a192dff (ModemManager - mm-port-serial.c: 924) common_input_available 0x00007d8be993e3fc (libglib-2.0.so.0 - gmain.c: 3417) g_main_context_dispatch 0x00007d8be993e704 (libglib-2.0.so.0 - gmain.c: 4211) g_main_context_iterate 0x00007d8be993e978 (libglib-2.0.so.0 - gmain.c: 4411) g_main_loop_run 0x00005c8d2a105e66 (ModemManager - main.c: 217) main 0x00007d8be96cc6c5 (libc.so.6 + 0x000286c5) __libc_init_first 0x00007d8be96cc781 (libc.so.6 + 0x00028781) __libc_start_main 0x00005c8d2a105b80 (ModemManager + 0x00061b80) _start
2023-02-21base-manager: fix crash when uninhibiting partially removed deviceAleksander Morgado
If the device is not fully removed from the system during inhibition and port additions happen, we reach a state where the MMDevice object is still tracked by ModemManager and we also have new port additions tracked that will require explicit port probings before a new modem object can be created. Solve this mixup by faking the removal of all existing device ports, which will end up completely removing hte MMDevice, so that new port additions reported afterwards also involve the full device probing process triggered by the plugin manager. The issue could be reproduced easily on a MBIM device that also exposed TTYs, as follows: * mmcli -m a --inhibit, leave it running * rmmod cdc_mbim && sleep 5 && modprobe cdc_mbim (so that the cdc-wdm and net ports go away from the system but NOT the TTYs.) * Cltr+C to stop the inhibit in the mmcli call. ModemManager would assert as follows: 0x000079918bcf2a3f (libc.so.6 + 0x00087a3f) pthread_key_delete 0x000079918bca7c6c (libc.so.6 + 0x0003cc6c) gsignal 0x000079918bc93462 (libc.so.6 + 0x00028462) abort 0x000079918bf26f03 (libglib-2.0.so.0 - gtestutils.c: 3253) g_assertion_message 0x000079918bf26f66 (libglib-2.0.so.0 - gtestutils.c: 3279) g_assertion_message_expr 0x0000594ff1093d0c (ModemManager - mm-base-manager.c: 1110) remove_device_inhibition 0x0000594ff1093968 (ModemManager - mm-base-manager.c: 1247) inhibit_device_auth_ready 0x000079918c0536a8 (libgio-2.0.so.0 - gtask.c: 1230) g_task_return_now 0x000079918c0536db (libgio-2.0.so.0 - gtask.c: 1244) complete_in_idle_cb 0x000079918bf053fc (libglib-2.0.so.0 - gmain.c: 3417) g_main_context_dispatch 0x000079918bf05704 (libglib-2.0.so.0 - gmain.c: 4211) g_main_context_iterate 0x000079918bf05978 (libglib-2.0.so.0 - gmain.c: 4411) g_main_loop_run 0x0000594ff108de66 (ModemManager - main.c: 217) main 0x000079918bc936c5 (libc.so.6 + 0x000286c5) __libc_init_first 0x000079918bc93781 (libc.so.6 + 0x00028781) __libc_start_main 0x0000594ff108db80 (ModemManager + 0x00061b80) _start
2023-02-20broadband-modem-mbim: limit the use of context types defined in MBIMExAleksander Morgado
The Tethering context type UUID was defined by Microsoft in its extensions as `5e4e0601-48dc-4e2b-acb8-08b4016bbaac` (along with others like Admin, Xcap, App and EmergencyCalling), see https://learn.microsoft.com/en-us/windows-hardware/drivers/network/mb-provisioned-context-operations. These UUIDs are expected to be usable only if the modem supports `MBIM_CID_MS_PROVISIONED_CONTEXT_V2` (CID=1) in the Basic Connect Extensions service (3d01dcc5-fef5-4d05-0d3abef7058e9aaf). If the modem doesn't support these, we should try to fallback to a more generic APN type automatically, e.g. "Internet", which was defined in MBIM 1.0 and should always be supported. There should be no problem in a modem to have 2 separate PDN connections with the same context type.
2023-02-17modem-helpers-mbim: add missing support for 'emergency' APN typeAleksander Morgado
2023-02-17libmm-glib,common-helpers: Add multiple apn-type managementFrederic Martinsons
Fixes #676 Signed-off-by: Frederic Martinsons <frederic.martinsons@gmail.com>
2023-02-17libmm-glib,tests: extend tests for common helpers (string conversion)Frederic Martinsons
Signed-off-by: Frederic Martinsons <frederic.martinsons@gmail.com>
2023-02-17modem-helpers-mbim: small refactor in the EARFCN/NRARFCN to frequency convertersAleksander Morgado
2023-02-17broadband-modem-mbim: avoid using already freed element during iterationAleksander Morgado
If we remove the current element being iterated in the GList, we can no longer call g_list_next() on it. Ensure we keep a valid pointer to the next element in the list before removing the current one.
2023-02-17broadband-modem-mbim: cell-info core logic implementationsom
Handling of gdbus interface changes for additional properties(service cell type and bandwidth) in broadband modem mbim. Co-author: Shilpa Shivakumar
2023-02-17modem-cellinfo: adding bandwidth and serving cell typesom
adding bandwidth information in mm-dbus interface for the serving cell. In serving cell, the details on whether the pcell/scell are from MCS or SCG is also updated. Co-author: Shilpa Shivakumar
2023-02-17cli,output: coding style fixesAleksander Morgado
2023-02-17cli,output: print valid json for network scan resultFlorian Eckert
A network scan with json output currently returns the following: root@G3-10940 ~ # mmcli -m 0 -J --3gpp-scan --timeout=300 | jq { "modem": { "3gpp": { "scan-networks": [ "operator-code: 26201, operator-name: TDG, access-technologies: lte, availability: forbidden", "operator-code: 26203, operator-name: o2 - de, access-technologies: lte, availability: forbidden", "operator-code: 26202, operator-name: vodafone.de, access-technologies: lte, availability: current" ] } } } This is a valid JSON, but in order to be able to access the individual data elements more easily, the line can also be dumped as a json object. The following commit converts the lines into a JSON obejct, so that it looks like this: root@G3-10940 ~ # mmcli -m 0 -J --3gpp-scan --timeout=300 | jq { "modem": { "3gpp": { "scan-networks": [ { "operator-code": "26201", "operator-name": "TDG", "access-technologies": "lte", "availability": "forbidden" }, { "operator-code": "26203", "operator-name": "o2 - de", "access-technologies": "lte", "availability": "forbidden" }, { "operator-code": "26202", "operator-name": "vodafone.de", "access-technologies": "lte", "availability": "current" } ] } } } Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2023-02-15iface-modem-3gpp: enable reading of IMEI in FAILED stateMichal Mazur
It was not possible to read IMEI of modem when SIM was not inserted or initialization failed due to modem facility locks. To load IMEI, the 3gpp interface need to be initialized before going to FALLBACK_LIMITED.
2023-02-12build: allow installing examples to be disabledAlyssa Ross
In Nixpkgs, sysconfdir is not writeable in the sandbox in which packages are built, so it's important for us to be able to disable installing example files. (We create configuration files and install them into /etc separately through our "module system".) Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-02-06mm-broadband-modem-qmi: update signal values while processing NAS signal ↵Akash Aggarwal
info indication
2023-02-03mm-iface-modem-3gpp: reject unspecified values for 5G reg settingsEric Caruso
It seems like users can put the "unsupported" value for both DRX cycle and MICO mode, so we should reject that.