Commit 1201d308 authored by Samuel Thibault's avatar Samuel Thibault Committed by Peter Maydell
Browse files

slirp: fix clearing ifq_so from pending packets 



The if_fastq and if_batchq contain not only packets, but queues of packets
for the same socket. When sofree frees a socket, it thus has to clear ifq_so
from all the packets from the queues, not only the first.

Signed-off-by: default avatarSamuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: default avatarPhilippe Mathieu-Daudé <f4bug@amsat.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parent 29c8564a

slirp/socket.c

+23 −16
Original line number Diff line number Diff line
@@ -60,30 +60,37 @@ socreate(Slirp *slirp) 
}



/*

 * remque and free a socket, clobber cache

 * Remove references to so from the given message queue.

 */

void

sofree(struct socket *so)

static void

soqfree(struct socket *so, struct quehead *qh)

{

  Slirp *slirp = so->slirp;

  struct mbuf *ifm;

    struct mbuf *ifq;



  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;

       (struct quehead *) ifm != &slirp->if_fastq;

       ifm = ifm->ifq_next) {

    if (ifm->ifq_so == so) {

    for (ifq = (struct mbuf *) qh->qh_link;

             (struct quehead *) ifq != qh;

             ifq = ifq->ifq_next) {

        if (ifq->ifq_so == so) {

            struct mbuf *ifm;

            ifq->ifq_so = NULL;

            for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {

                ifm->ifq_so = NULL;

            }

        }



  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;

       (struct quehead *) ifm != &slirp->if_batchq;

       ifm = ifm->ifq_next) {

    if (ifm->ifq_so == so) {

      ifm->ifq_so = NULL;

    }

}



/*

 * remque and free a socket, clobber cache

 */

void

sofree(struct socket *so)

{

  Slirp *slirp = so->slirp;



  soqfree(so, &slirp->if_fastq);

  soqfree(so, &slirp->if_batchq);



  if (so->so_emu==EMU_RSH && so->extra) {

	sofree(so->extra);

	so->extra=NULL;