diff options
author | Clemens Ladisch <clemens@ladisch.de> | 2011-02-16 04:32:11 -0500 |
---|---|---|
committer | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2011-02-26 09:11:03 -0500 |
commit | e81cbebdfc384f9c2ae91225f16ef994118e5e2c (patch) | |
tree | 7bdb493f5bbb2d175966a8bd5336145c9e871ac3 | |
parent | 5aaffc65a27dd9db65455c2c9ab3ede57238d2f5 (diff) |
firewire: ohci: prevent iso completion callbacks after context stop
To prevent the iso packet callback from being called after
fw_iso_context_stop() has returned, make sure that the
context's tasklet has finished executing before that.
This fixes access-after-free bugs that have so far been
observed only in the upcoming snd-firewire-speakers driver,
but can theoretically also happen in the firedtv driver.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
-rw-r--r-- | drivers/firewire/ohci.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c index c7394361afcb..f1497b1fcf2e 100644 --- a/drivers/firewire/ohci.c +++ b/drivers/firewire/ohci.c | |||
@@ -2764,6 +2764,7 @@ static int ohci_stop_iso(struct fw_iso_context *base) | |||
2764 | } | 2764 | } |
2765 | flush_writes(ohci); | 2765 | flush_writes(ohci); |
2766 | context_stop(&ctx->context); | 2766 | context_stop(&ctx->context); |
2767 | tasklet_kill(&ctx->context.tasklet); | ||
2767 | 2768 | ||
2768 | return 0; | 2769 | return 0; |
2769 | } | 2770 | } |