SIM hot swapping race condition
Dan Williams
dan at ioncontrol.co
Tue Apr 1 15:31:02 UTC 2025
On Thu, 2025-03-27 at 15:24 +0000, Yannick Serafini wrote:
> I've recently encountered race conditions related to SIM hot-swapping
> events and wanted to delve deeper into this mechanism.
>
> The race conditions occurred in scenarios where I failed to insert
> the SIM card correctly on the first attempt.
> Here's the problematic sequence:
> 0. URC for hot swap has been enabled in previous session (Fibocom
> MC610 modem memorizes this parameter in NVM)
> 1. Partial SIM insertion triggers "+SIM: Inserted" URC
> 2. ModemManager begins modem creation process
> 3. Before completion, a "+SIM: Removed" URC is received (due to
> unstable insertion)
> 4. SIM is finally inserted correctly
> 5. ModemManager completes modem setup with SIM apparently detected
>
> The issue is that the unsolicited message "+SIM: Removed" arrives
> before the hot-swap handler is registered, causing this URC data to
> end up in unrelated modem properties (like manufacturer information).
> Sometimes, the SIM state incorrectly shows "sim-failure" and I
> suspect it is related.
I would agree.
>
> To address this, I implemented a default unsolicited message handler
> in setup_port (same as in the Cinterion implementation) to catch URCs
> that arrive before the hot-swap handler is registered.
I think that's the right thing to do.
>
> This works initially, but fails when the SIM is activated because of
> the following sequence:
> 1. Modem is detected
> 2. port_setup() is called
> 3. hot swap setting is configured
> 4. SIM is unlocked
> 5. Modem is recreated
Note that this step should no longer be the case after
https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/merge_requests/1318
Does having that MR in the code you're running change behavior or the
sequence here?
I suspect it helps, but may just be papering over the underlying logic
issues.
> 6. port_setup() is called again
> 7. setup_sim_hot_swap() is NOT called because it's inhibited by the
> sim_hot_swap_configured flag in mm-iface-modem.c
Hmm. If the modem is in fact getting re-created, that should be a
completely new Modem object and MMIfaceModem though. Thus it should go
back to sim_hot_swap_configured=FALSE?
But I don't doubt that SIM events could go missing due to when the URCs
get enabled/disabled and parsed.
Thanks,
Dan
>
> At this point, only the general handler defined in port_setup()
> remains active, which overrides the specialized handler from the
> initial hot swap configuration.
> This causes SIM events to be ignored.
>
> I don't really understand why cleanup_sim_hot_swap is not supposed to
> disable the hot swap feature by sending the AT command to disable the
> URC from the modem and obviously clear the sim_hot_swap_configured
> flag, ideally with a cleanup_sim_hot_swap_finish.
> That would however not handle the case of a crash letting hot swap
> enabled in the modem so an approach to handle URC from the beginning
> (or least as soon as possible) would be probably ideal.
>
> I'm interested in your opinion here, I think my issue is mainly
> related to the fact the hot swap feature is persistent in the modem
> but more generally, do you see a good approach to fix this issue?
More information about the ModemManager-devel
mailing list