diff mbox

Crashing in tcp_close

Message ID 20161112104415.GR2417@var.home
State New
Headers show

Commit Message

Samuel Thibault Nov. 12, 2016, 10:44 a.m. UTC 
Hello,

Brian Candler, on Sat 12 Nov 2016 09:33:55 +0000, wrote:
> On 11/11/2016 22:09, Samuel Thibault wrote:
> >Ooh, I see.  Now it's obvious, now that it's not coming from the tcb
> >loop:)  Could you try the attached patch?
> 
> It looks like it now goes into an infinite loop when a connection is closed.

Oops, sorry, my patch was completely bogus, here is a proper one.

Samuel

Comments

Brian Candler Nov. 13, 2016, 11:55 a.m. UTC | #1 
On 12/11/2016 10:44, Samuel Thibault wrote:
> Oops, sorry, my patch was completely bogus, here is a proper one.

Excellent.

I've run the original build process 18 times (each run takes about 25 
minutes) without valgrind, and it hasn't crashed once. So this looks 
good. Thank you!

Regards,

Brian.
Stefan Hajnoczi Nov. 14, 2016, 1:47 p.m. UTC | #2 
On Sun, Nov 13, 2016 at 11:55:16AM +0000, Brian Candler wrote:
> On 12/11/2016 10:44, Samuel Thibault wrote:
> > Oops, sorry, my patch was completely bogus, here is a proper one.
> 
> Excellent.
> 
> I've run the original build process 18 times (each run takes about 25
> minutes) without valgrind, and it hasn't crashed once. So this looks good.
> Thank you!

Excellent work guys!  Glad that the issue was solved.

Thanks for sticking around to debug this issue, Brian!

Stefan
diff mbox

Patch

diff --git a/slirp/socket.c b/slirp/socket.c
index 280050a..6c18971 100644
--- a/slirp/socket.c
+++ b/slirp/socket.c
@@ -66,6 +66,23 @@  void
 sofree(struct socket *so)
 {
   Slirp *slirp = so->slirp;
+  struct mbuf *ifm;
+
+  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
+       (struct quehead *) ifm != &slirp->if_fastq;
+       ifm = ifm->ifq_next) {
+    if (ifm->ifq_so == so) {
+      ifm->ifq_so = NULL;
+    }
+  }
+
+  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
+       (struct quehead *) ifm != &slirp->if_batchq;
+       ifm = ifm->ifq_next) {
+    if (ifm->ifq_so == so) {
+      ifm->ifq_so = NULL;
+    }
+  }
 
   if (so->so_emu==EMU_RSH && so->extra) {
 	sofree(so->extra);