search

ngoquang2708 / android_device_samsung_vivalto3gvn

Device tree for Samsung Galaxy V SM-G313HZ
7 stars 8 forks source link

reference-ril send some strange onRequestComplete messages #103

Open ngoquang2708 opened 6 years ago

ngoquang2708 commented 6 years ago

reference-ril some how send some mysterious response that has invalid pointer value of CommandInterface. Guessing the invalid value range is from 0 to 0xff and ignore it.

Commit https://github.com/ngoquang2708/android_hardware_sprd/commit/5188e8e980ef0244bf41147542d45a8213c18c22 address this issue. Radio logcat:

07-09 22:49:20.516   167   336 V RILClient: [*] RecordReqHistory(): token(1), ID(59)
07-09 22:49:20.516   167   336 V RILClient: [*] RecordReqHistory(): token(1), ID(59)
07-09 22:49:20.516   167   336 V RILClient: SendOemRequestHookRaw(): token = 1
07-09 22:49:20.516   167   336 V RILClient: [*] FindReqHandler(): token(1)
07-09 22:49:20.517   167   336 V RILClient: [*] ClearReqHistory(): token(1)
07-09 22:49:20.524   191   391 E secril-shim: pRI->pCI is invalid: 14
07-09 22:49:20.524   191   391 E RILC    : RIL_onRequestComplete: invalid RIL_Token
07-09 22:49:20.525   167  1702 V RILClient: processRxBuffer: status 0 response_type 0
07-09 22:49:20.525   167  1702 V RILClient: processSolicited()
07-09 22:49:20.525   167  1702 E RILClient: processSolicited: Invalid Token
07-09 22:49:20.525   167  1702 E RILClient: RxReaderFunc: processRXBuffer returns 3
07-09 22:49:20.525   167  1702 V RILClient: [*] RxReaderFunc() b_connect=1
diepquynh commented 6 years ago

I guess RIL will crash after this

ngoquang2708 commented 6 years ago

Verry true.

ngoquang2708 commented 6 years ago

libril impl of onRequestComplete has a guard check on invalid token value. Unfortunately, our shim do not have necessarily requirement to perform that check so I just ignore it and let libril handle it. We do not have interest on these response though.

diepquynh commented 6 years ago

There must be something that sends and invokes RIL_REQUEST_OEM_HOOK_RAW, and that thing is a request. Could you try to dig the full logcat or send it here so I can have a look at it?

This is like RIL_REQUEST_LAST_CALL_FAIL_CAUSE's responseLen bug, which also throws some invalid pointer and kills the RIL, so I had to revert its shim which I removed before

ngoquang2708 commented 6 years ago

onRequestComplete is a callback func that libril pass to ref ril. So I dont think that is a req. I think it more like a resp from ref ril.

diepquynh commented 6 years ago

Yes, exactly

diepquynh commented 6 years ago

Btw after this, could you please look at this: "Go to Settings -> Mobile network -> Press on Advanced, RIL will crash after that if your preferred network mode is 3G"

The reason I thought was the RAF value being invalid from logcat

ngoquang2708 commented 6 years ago

Confirmed. It is not happen if I am not use shim before. There is another thing. The Network field is set to sim one carrier on both sim.

diepquynh commented 6 years ago

You didn't face it before because IMEI was NULL, and you can't even change your preferred network type. It'll stay on HSPA or EDGE forever

And yes, the second thing is confirmed