From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1JJu0I-0003yz-FY
	for qemu-devel@nongnu.org; Tue, 29 Jan 2008 12:12:10 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1JJu0G-0003yN-4N
	for qemu-devel@nongnu.org; Tue, 29 Jan 2008 12:12:09 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1JJu0G-0003yK-1w
	for qemu-devel@nongnu.org; Tue, 29 Jan 2008 12:12:08 -0500
Received: from mailwasher.lanl.gov ([204.121.3.2])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <pakin@lanl.gov>) id 1JJu0F-0001fh-Og
	for qemu-devel@nongnu.org; Tue, 29 Jan 2008 12:12:08 -0500
Message-ID: <479F5E3A.6030506@lanl.gov>
Date: Tue, 29 Jan 2008 10:11:22 -0700
From: Scott Pakin <pakin@lanl.gov>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------090306000900070101040101"
Subject: [Qemu-devel] [PATCH] Making SLIRP code more 64-bit clean
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org, kvm-devel@lists.sourceforge.net

This is a multi-part message in MIME format.
--------------090306000900070101040101
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

The attached patch corrects a bug in qemu/slirp/tcp_var.h that defines
the seg_next field in struct tcpcb to be 32 bits wide regardless of
32/64-bitness.  seg_next is assigned a pointer value in
qemu/slirp/tcp_subr.c, then cast back to a pointer in qemu/slirp/tcp_input.c
and dereferenced.  That produces a SIGSEGV on my system.

For more information, see the thread "[ 1881532 ] Network access seg faults
KVM on large-memory machine" on the KVM Bugs page on SourceForge
(http://tinyurl.com/2fxfbx).

Regards,
-- Scott

P.S.  Note: This message was sent to both qemu-devel and kvm-devel.

--------------090306000900070101040101
Content-Type: text/x-patch;
 name="tcp_seg_next.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="tcp_seg_next.patch"

--- qemu/slirp/tcp_var.h.ORIG   2008-01-28 17:27:09.000000000 -0700
+++ qemu/slirp/tcp_var.h        2008-01-28 17:27:20.000000000 -0700
@@ -40,11 +40,7 @@
 #include "tcpip.h"
 #include "tcp_timer.h"

-#if SIZEOF_CHAR_P == 4
- typedef struct tcpiphdr *tcpiphdrp_32;
-#else
- typedef u_int32_t tcpiphdrp_32;
-#endif
+typedef struct tcpiphdr *tcpiphdrp_32;

 /*
  * Tcp control block, one per tcp; fields:

--------------090306000900070101040101--