From patchwork Fri Sep 14 08:46:53 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Hajnoczi X-Patchwork-Id: 183844 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id AFE372C0080 for ; Fri, 14 Sep 2012 18:48:04 +1000 (EST) Received: from localhost ([::1]:40762 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TCRZC-00054T-Mw for incoming@patchwork.ozlabs.org; Fri, 14 Sep 2012 04:48:02 -0400 Received: from eggs.gnu.org ([208.118.235.92]:50245) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TCRYk-0004dU-0d for qemu-devel@nongnu.org; Fri, 14 Sep 2012 04:47:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TCRYe-0000tg-7E for qemu-devel@nongnu.org; Fri, 14 Sep 2012 04:47:33 -0400 Received: from mail-wi0-f181.google.com ([209.85.212.181]:45676) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TCRYd-0000rq-SB for qemu-devel@nongnu.org; Fri, 14 Sep 2012 04:47:28 -0400 Received: by mail-wi0-f181.google.com with SMTP id hm2so3391128wib.10 for ; Fri, 14 Sep 2012 01:47:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references; bh=QhOsFAWTylpBgIcTsWrgotOSBZoA4WnBZhpChF18qAM=; b=iro0pPw8sHe2E8MkGB7b8NypvC+96Yl4A40ItUGBpc9hVacx889FSP+ARrrQEJJS/v ukRUKSokV3Xt2xPs4YV8lkcFj6oaMRl7kETsqatEzweRaQrYRB2VVY4g6Dc7VreIBiT8 pOupkBuVJF541MA7BV2Ct0DNZ+8+AuyOG0kNUfdSXPZzPwMw+yPB3eTCPA7mKCSVActI 6hfXtFrqX/osdwTtPB9lYXHzLqQcEu4p78CSt8DTEZ+AjZ4DW0GKdmPD8A4KeMSqZLvF dUzlWbMgO2VNFhZWThNrdVxwNdx9BPrUDc9n10VUluSav+SKOMFArh+zD+uItzk2qWYs K1wg== Received: by 10.180.103.4 with SMTP id fs4mr4407892wib.16.1347612447449; Fri, 14 Sep 2012 01:47:27 -0700 (PDT) Received: from localhost ([109.224.133.37]) by mx.google.com with ESMTPS id l6sm17863072wiz.4.2012.09.14.01.47.26 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 14 Sep 2012 01:47:27 -0700 (PDT) From: Stefan Hajnoczi To: Anthony Liguori Date: Fri, 14 Sep 2012 09:46:53 +0100 Message-Id: <1347612420-5704-7-git-send-email-stefanha@gmail.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1347612420-5704-1-git-send-email-stefanha@gmail.com> References: <1347612420-5704-1-git-send-email-stefanha@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 209.85.212.181 Cc: qemu-devel@nongnu.org, Stefan Hajnoczi Subject: [Qemu-devel] [PATCH 06/13] net: do not report queued packets as sent X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org From: Stefan Hajnoczi Net send functions have a return value where 0 means the packet has not been sent and will be queued. A non-zero value means the packet was sent or an error caused the packet to be dropped. This patch fixes two instances where packets are queued but we return their size. This causes callers to believe the packets were sent. When the caller uses the async send interface this creates a real problem because the callback will be invoked for a packet that the caller believed to be already sent. This bug can cause double-frees in the caller. Signed-off-by: Stefan Hajnoczi --- net/queue.c | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/net/queue.c b/net/queue.c index 6e64091..254f280 100644 --- a/net/queue.c +++ b/net/queue.c @@ -83,12 +83,12 @@ void qemu_del_net_queue(NetQueue *queue) g_free(queue); } -static ssize_t qemu_net_queue_append(NetQueue *queue, - NetClientState *sender, - unsigned flags, - const uint8_t *buf, - size_t size, - NetPacketSent *sent_cb) +static void qemu_net_queue_append(NetQueue *queue, + NetClientState *sender, + unsigned flags, + const uint8_t *buf, + size_t size, + NetPacketSent *sent_cb) { NetPacket *packet; @@ -100,16 +100,14 @@ static ssize_t qemu_net_queue_append(NetQueue *queue, memcpy(packet->data, buf, size); QTAILQ_INSERT_TAIL(&queue->packets, packet, entry); - - return size; } -static ssize_t qemu_net_queue_append_iov(NetQueue *queue, - NetClientState *sender, - unsigned flags, - const struct iovec *iov, - int iovcnt, - NetPacketSent *sent_cb) +static void qemu_net_queue_append_iov(NetQueue *queue, + NetClientState *sender, + unsigned flags, + const struct iovec *iov, + int iovcnt, + NetPacketSent *sent_cb) { NetPacket *packet; size_t max_len = 0; @@ -133,8 +131,6 @@ static ssize_t qemu_net_queue_append_iov(NetQueue *queue, } QTAILQ_INSERT_TAIL(&queue->packets, packet, entry); - - return packet->size; } static ssize_t qemu_net_queue_deliver(NetQueue *queue, @@ -177,7 +173,8 @@ ssize_t qemu_net_queue_send(NetQueue *queue, ssize_t ret; if (queue->delivering || !qemu_can_send_packet(sender)) { - return qemu_net_queue_append(queue, sender, flags, data, size, sent_cb); + qemu_net_queue_append(queue, sender, flags, data, size, sent_cb); + return 0; } ret = qemu_net_queue_deliver(queue, sender, flags, data, size); @@ -201,8 +198,8 @@ ssize_t qemu_net_queue_send_iov(NetQueue *queue, ssize_t ret; if (queue->delivering || !qemu_can_send_packet(sender)) { - return qemu_net_queue_append_iov(queue, sender, flags, - iov, iovcnt, sent_cb); + qemu_net_queue_append_iov(queue, sender, flags, iov, iovcnt, sent_cb); + return 0; } ret = qemu_net_queue_deliver_iov(queue, sender, flags, iov, iovcnt);