aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorClemens Ladisch <clemens@ladisch.de>2011-02-16 04:32:11 -0500
committerStefan Richter <stefanr@s5r6.in-berlin.de>2011-02-26 09:11:03 -0500
commite81cbebdfc384f9c2ae91225f16ef994118e5e2c (patch)
tree7bdb493f5bbb2d175966a8bd5336145c9e871ac3
parent5aaffc65a27dd9db65455c2c9ab3ede57238d2f5 (diff)
firewire: ohci: prevent iso completion callbacks after context stop
To prevent the iso packet callback from being called after fw_iso_context_stop() has returned, make sure that the context's tasklet has finished executing before that. This fixes access-after-free bugs that have so far been observed only in the upcoming snd-firewire-speakers driver, but can theoretically also happen in the firedtv driver. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
-rw-r--r--drivers/firewire/ohci.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c
index c7394361afcb..f1497b1fcf2e 100644
--- a/drivers/firewire/ohci.c
+++ b/drivers/firewire/ohci.c
@@ -2764,6 +2764,7 @@ static int ohci_stop_iso(struct fw_iso_context *base)
2764 } 2764 }
2765 flush_writes(ohci); 2765 flush_writes(ohci);
2766 context_stop(&ctx->context); 2766 context_stop(&ctx->context);
2767 tasklet_kill(&ctx->context.tasklet);
2767 2768
2768 return 0; 2769 return 0;
2769} 2770}