slirp: Fix requeuing of batchq packets in if_start

In case we requeued a packet that was the head of a longer session queue, we failed to restore this ordering. Also, we did not properly deal with changes to Slirp::next_m. Instead of a cumbersome roll back, this fix simply avoids any changes until we know if the packet was actually sent. Both fixes crashes due to inconsistent queues and simplifies the logic. Thanks to Zhi Yong Wu who found the reason for these crashes. CC: Zhi Yong Wu <[email protected]> CC: Fabien Chouteau <[email protected]> Signed-off-by: Jan Kiszka <[email protected]>
0x3h · Feb 27, 2012 · b248ede · b248ede
1 parent 79e7e93
commit b248ede
Showing 1 changed file with 19 additions and 16 deletions.
diff --git a/slirp/if.c b/slirp/if.c
@@ -154,6 +154,7 @@ if_start(Slirp *slirp)
 {
     uint64_t now = qemu_get_clock_ns(rt_clock);
     int requeued = 0;
+    bool from_batchq = false;
 	struct mbuf *ifm, *ifqt;
 
 	DEBUG_CALL("if_start");
@@ -179,13 +180,26 @@ if_start(Slirp *slirp)
 		else
 		   ifm = slirp->if_batchq.ifq_next;
 
-		/* Set which packet to send on next iteration */
-		slirp->next_m = ifm->ifq_next;
+                from_batchq = true;
 	}
+
+        slirp->if_queued--;
+
+        /* Try to send packet unless it already expired */
+        if (ifm->expiration_date >= now && !if_encap(slirp, ifm)) {
+            /* Packet is delayed due to pending ARP resolution */
+            requeued++;
+            goto out;
+        }
+
+        if (from_batchq) {
+            /* Set which packet to send on next iteration */
+            slirp->next_m = ifm->ifq_next;
+        }
+
 	/* Remove it from the queue */
 	ifqt = ifm->ifq_prev;
 	remque(ifm);
-	slirp->if_queued--;
 
 	/* If there are more packets for this session, re-queue them */
 	if (ifm->ifs_next != /* ifm->ifs_prev != */ ifm) {
@@ -200,20 +214,9 @@ if_start(Slirp *slirp)
 		   ifm->ifq_so->so_nqueued = 0;
 	}
 
-        if (ifm->expiration_date < now) {
-            /* Expired */
-            m_free(ifm);
-        } else {
-            /* Encapsulate the packet for sending */
-            if (if_encap(slirp, ifm)) {
-                m_free(ifm);
-            } else {
-                /* re-queue */
-                insque(ifm, ifqt);
-                requeued++;
-            }
-        }
+        m_free(ifm);
 
+ out:
 	if (slirp->if_queued)
 	   goto again;