aboutsummaryrefslogtreecommitdiff
path: root/slirp/slirp.h
diff options
context:
space:
mode:
authorKevin Cernekee <cernekee@chromium.org>2017-09-20 13:42:04 -0700
committerSamuel Thibault <samuel.thibault@ens-lyon.org>2017-09-24 20:04:09 +0200
commite2aad34d73a9bd2b95275598daf05f190a02b899 (patch)
treef911799e05a3e706203052c469bae73117916bf5 /slirp/slirp.h
parent0e7e4fb0a6b8f1043182dcccc91a7b984587d1ae (diff)
downloadqemu-e2aad34d73a9bd2b95275598daf05f190a02b899.zip
qemu-e2aad34d73a9bd2b95275598daf05f190a02b899.tar.gz
qemu-e2aad34d73a9bd2b95275598daf05f190a02b899.tar.bz2
slirp: Fix intermittent send queue hangs on a socket
if_output() originally sent one mbuf per call and used the slirp->next_m variable to keep track of where it left off. But nowadays it tries to send all of the mbufs from the fastq, and one mbuf from each session on the batchq. The next_m variable is both redundant and harmful: there is a case[0] involving delayed packets in which next_m ends up pointing to &slirp->if_batchq when an active session still exists, and this blocks all traffic for that session until qemu is restarted. The test case was created to reproduce a problem that was seen on long-running Chromium OS VM tests[1] which rapidly create and destroy ssh connections through hostfwd. [0] https://pastebin.com/NNy6LreF [1] https://bugs.chromium.org/p/chromium/issues/detail?id=766323 Signed-off-by: Kevin Cernekee <cernekee@chromium.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Diffstat (limited to 'slirp/slirp.h')
-rw-r--r--slirp/slirp.h1
1 files changed, 0 insertions, 1 deletions
diff --git a/slirp/slirp.h b/slirp/slirp.h
index 5af4f48..898ec95 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -183,7 +183,6 @@ struct Slirp {
/* if states */
struct quehead if_fastq; /* fast queue (for interactive data) */
struct quehead if_batchq; /* queue for non-interactive data */
- struct mbuf *next_m; /* pointer to next mbuf to output */
bool if_start_busy; /* avoid if_start recursion */
/* ip states */