From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:35500) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RxZze-0006gd-0K for qemu-devel@nongnu.org; Wed, 15 Feb 2012 03:13:43 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RxZzX-0008Nr-69 for qemu-devel@nongnu.org; Wed, 15 Feb 2012 03:13:37 -0500 Received: from e36.co.us.ibm.com ([32.97.110.154]:54999) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RxZzW-0008Nf-V1 for qemu-devel@nongnu.org; Wed, 15 Feb 2012 03:13:31 -0500 Received: from /spool/local by e36.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 15 Feb 2012 01:13:28 -0700 Received: from d03relay05.boulder.ibm.com (d03relay05.boulder.ibm.com [9.17.195.107]) by d03dlp03.boulder.ibm.com (Postfix) with ESMTP id 7DF3719D804A for ; Wed, 15 Feb 2012 01:13:17 -0700 (MST) Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d03relay05.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q1F8DKT8151842 for ; Wed, 15 Feb 2012 01:13:20 -0700 Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q1F8DKiW015670 for ; Wed, 15 Feb 2012 01:13:20 -0700 From: zwu.kernel@gmail.com Date: Wed, 15 Feb 2012 16:13:07 +0800 Message-Id: <1329293587-16246-1-git-send-email-zwu.kernel@gmail.com> Subject: [Qemu-devel] [PATCH 2/2] slirp: fix packet requeue issue in batchq List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: aliguori@us.ibm.com, Zhi Yong Wu , jan.kiszka@web.de, stefanha@linux.vnet.ibm.com, mst@redhat.com From: Zhi Yong Wu This patch fixes the slirp crash in current QEMU upstream. Signed-off-by: Zhi Yong Wu --- slirp/if.c | 37 ++++++++++++++++++++++++++++++------- slirp/mbuf.c | 3 +-- 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/slirp/if.c b/slirp/if.c index 8e0cac2..f7f8577 100644 --- a/slirp/if.c +++ b/slirp/if.c @@ -20,8 +20,15 @@ ifs_insque(struct mbuf *ifm, struct mbuf *ifmhead) static void ifs_remque(struct mbuf *ifm) { - ifm->ifs_prev->ifs_next = ifm->ifs_next; - ifm->ifs_next->ifs_prev = ifm->ifs_prev; + if (ifm->ifs_next->ifs_next == ifm + && ifm->ifs_next->ifs_prev == ifm) { + ifs_init(ifm->ifs_next); + } else { + ifm->ifs_prev->ifs_next = ifm->ifs_next; + ifm->ifs_next->ifs_prev = ifm->ifs_prev; + } + + ifs_init(ifm); } void @@ -154,14 +161,18 @@ if_start(Slirp *slirp) { uint64_t now = qemu_get_clock_ns(rt_clock); int requeued = 0; - struct mbuf *ifm, *ifqt; + struct mbuf *ifm, *ifqt, *ifm_next; - DEBUG_CALL("if_start"); + DEBUG_CALL("if_start"); - if (slirp->if_queued == 0) - return; /* Nothing to do */ + if (slirp->if_queued == 0) + return; /* Nothing to do */ + + slirp->next_m = &slirp->if_batchq; again: + ifm_next = NULL; + /* check if we can really output */ if (!slirp_can_output(slirp->opaque)) return; @@ -190,6 +201,7 @@ if_start(Slirp *slirp) /* If there are more packets for this session, re-queue them */ if (ifm->ifs_next != /* ifm->ifs_prev != */ ifm) { insque(ifm->ifs_next, ifqt); + ifm_next = ifm->ifs_next; ifs_remque(ifm); } @@ -209,7 +221,18 @@ if_start(Slirp *slirp) m_free(ifm); } else { /* re-queue */ - insque(ifm, ifqt); + if (ifm_next) { + /*restore the original state of bachq*/ + remque(ifm_next); + insque(ifm, ifqt); + ifm_next->ifs_prev->ifs_next = ifm; + ifm->ifs_prev = ifm_next->ifs_prev; + ifm->ifs_next = ifm_next; + ifm_next->ifs_prev = ifm; + } else { + insque(ifm, ifqt); + } + requeued++; } } diff --git a/slirp/mbuf.c b/slirp/mbuf.c index c699c75..f429c0a 100644 --- a/slirp/mbuf.c +++ b/slirp/mbuf.c @@ -68,8 +68,7 @@ m_get(Slirp *slirp) m->m_size = SLIRP_MSIZE - offsetof(struct mbuf, m_dat); m->m_data = m->m_dat; m->m_len = 0; - m->m_nextpkt = NULL; - m->m_prevpkt = NULL; + ifs_init(m); m->arp_requested = false; m->expiration_date = (uint64_t)-1; end_error: -- 1.7.6