aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2018-06-08 10:26:16 +0100
committerPeter Maydell <peter.maydell@linaro.org>2018-06-08 10:26:16 +0100
commitbac5ba3dc5da706f52c149fa6c0bd1dc96899bec (patch)
tree791b3a42ac44e8cb87ecff103288b9bb61a55f70
parenta674da0ab7eae704c3f91749114ec6ca00c663d7 (diff)
parentc22098c74a09164797fae6511c5eaf68f32c4dd8 (diff)
downloadqemu-arm-bac5ba3dc5da706f52c149fa6c0bd1dc96899bec.tar.gz
Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging
slirp updates Prasad J Pandit (2): slirp: Fix buffer overflow on packet reassembling Samuel Thibault (3): slirp: Add Samuel Thibault's staging tree for slirp slirp: fix domainname version availability # gpg: Signature made Fri 08 Jun 2018 07:12:24 BST # gpg: using RSA key 996849C1CF560478 # gpg: Good signature from "Samuel Thibault <samuel.thibault@aquilenet.fr>" # gpg: aka "Samuel Thibault <sthibault@debian.org>" # gpg: aka "Samuel Thibault <samuel.thibault@gnu.org>" # gpg: aka "Samuel Thibault <samuel.thibault@inria.fr>" # gpg: aka "Samuel Thibault <samuel.thibault@labri.fr>" # gpg: aka "Samuel Thibault <samuel.thibault@ens-lyon.org>" # gpg: aka "Samuel Thibault <samuel.thibault@u-bordeaux.fr>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 900C B024 B679 31D4 0F82 304B D017 8C76 7D06 9EE6 # Subkey fingerprint: 3A3A 5D46 4660 E867 610C A427 9968 49C1 CF56 0478 * remotes/thibault/tags/samuel-thibault: slirp: reformat m_inc routine slirp: correct size computation while concatenating mbuf slirp: fix domainname version availability slirp: Add Samuel Thibault's staging tree for slirp slirp: Fix spurious error report when sending directly Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-rw-r--r--MAINTAINERS1
-rw-r--r--qapi/net.json2
-rw-r--r--slirp/mbuf.c39
-rw-r--r--slirp/mbuf.h8
-rw-r--r--slirp/socket.c14
5 files changed, 30 insertions, 34 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index 41cd3736a9..4c73c16fee 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1675,6 +1675,7 @@ S: Maintained
F: slirp/
F: net/slirp.c
F: include/net/slirp.h
+T: git https://people.debian.org/~sthibault/qemu.git slirp
T: git git://git.kiszka.org/qemu.git queues/slirp
Stubs
diff --git a/qapi/net.json b/qapi/net.json
index 32681a1af7..6b7d93cb59 100644
--- a/qapi/net.json
+++ b/qapi/net.json
@@ -161,7 +161,7 @@
# to the guest
#
# @domainname: guest-visible domain name of the virtual nameserver
-# (since 2.12)
+# (since 3.0)
#
# @ipv6-prefix: IPv6 network prefix (default is fec0::) (since
# 2.6). The network prefix is given in the usual
diff --git a/slirp/mbuf.c b/slirp/mbuf.c
index 5ff24559fd..0c189e1a7b 100644
--- a/slirp/mbuf.c
+++ b/slirp/mbuf.c
@@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
* If there's no room, realloc
*/
if (M_FREEROOM(m) < n->m_len)
- m_inc(m,m->m_size+MINCSIZE);
+ m_inc(m, m->m_len + n->m_len);
memcpy(m->m_data+m->m_len, n->m_data, n->m_len);
m->m_len += n->m_len;
@@ -147,32 +147,29 @@ m_cat(struct mbuf *m, struct mbuf *n)
}
-/* make m size bytes large */
+/* make m 'size' bytes large from m_data */
void
m_inc(struct mbuf *m, int size)
{
- int datasize;
+ int datasize;
- /* some compiles throw up on gotos. This one we can fake. */
- if(m->m_size>size) return;
-
- if (m->m_flags & M_EXT) {
- datasize = m->m_data - m->m_ext;
- m->m_ext = g_realloc(m->m_ext, size);
- m->m_data = m->m_ext + datasize;
- } else {
- char *dat;
- datasize = m->m_data - m->m_dat;
- dat = g_malloc(size);
- memcpy(dat, m->m_dat, m->m_size);
-
- m->m_ext = dat;
- m->m_data = m->m_ext + datasize;
- m->m_flags |= M_EXT;
- }
+ /* some compilers throw up on gotos. This one we can fake. */
+ if (m->m_size > size) {
+ return;
+ }
- m->m_size = size;
+ if (m->m_flags & M_EXT) {
+ datasize = m->m_data - m->m_ext;
+ m->m_ext = g_realloc(m->m_ext, size + datasize);
+ } else {
+ datasize = m->m_data - m->m_dat;
+ m->m_ext = g_malloc(size + datasize);
+ memcpy(m->m_ext, m->m_dat, m->m_size);
+ m->m_flags |= M_EXT;
+ }
+ m->m_data = m->m_ext + datasize;
+ m->m_size = size + datasize;
}
diff --git a/slirp/mbuf.h b/slirp/mbuf.h
index 893601ff9d..33b84485d6 100644
--- a/slirp/mbuf.h
+++ b/slirp/mbuf.h
@@ -33,8 +33,6 @@
#ifndef MBUF_H
#define MBUF_H
-#define MINCSIZE 4096 /* Amount to increase mbuf if too small */
-
/*
* Macros for type conversion
* mtod(m,t) - convert mbuf pointer to data pointer of correct type
@@ -72,11 +70,11 @@ struct mbuf {
struct mbuf *m_prevpkt; /* Flags aren't used in the output queue */
int m_flags; /* Misc flags */
- int m_size; /* Size of data */
+ int m_size; /* Size of mbuf, from m_dat or m_ext */
struct socket *m_so;
- caddr_t m_data; /* Location of data */
- int m_len; /* Amount of data in this mbuf */
+ caddr_t m_data; /* Current location of data */
+ int m_len; /* Amount of data in this mbuf, from m_data */
Slirp *slirp;
bool resolution_requested;
diff --git a/slirp/socket.c b/slirp/socket.c
index e2a71c9b04..08fe98907d 100644
--- a/slirp/socket.c
+++ b/slirp/socket.c
@@ -340,7 +340,7 @@ sosendoob(struct socket *so)
struct sbuf *sb = &so->so_rcv;
char buff[2048]; /* XXX Shouldn't be sending more oob data than this */
- int n, len;
+ int n;
DEBUG_CALL("sosendoob");
DEBUG_ARG("so = %p", so);
@@ -359,7 +359,7 @@ sosendoob(struct socket *so)
* send it all
*/
uint32_t urgc = so->so_urgc;
- len = (sb->sb_data + sb->sb_datalen) - sb->sb_rptr;
+ int len = (sb->sb_data + sb->sb_datalen) - sb->sb_rptr;
if (len > urgc) {
len = urgc;
}
@@ -374,13 +374,13 @@ sosendoob(struct socket *so)
len += n;
}
n = slirp_send(so, buff, len, (MSG_OOB)); /* |MSG_DONTWAIT)); */
- }
-
#ifdef DEBUG
- if (n != len) {
- DEBUG_ERROR((dfd, "Didn't send all data urgently XXXXX\n"));
- }
+ if (n != len) {
+ DEBUG_ERROR((dfd, "Didn't send all data urgently XXXXX\n"));
+ }
#endif
+ }
+
if (n < 0) {
return n;
}