luck/tmp_suning_uos_patched
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

firewire: ohci: prevent iso completion callbacks after context stop

Browse Source 
To prevent the iso packet callback from being called after
fw_iso_context_stop() has returned, make sure that the
context's tasklet has finished executing before that.

This fixes access-after-free bugs that have so far been
observed only in the upcoming snd-firewire-speakers driver,
but can theoretically also happen in the firedtv driver.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
This commit is contained in:
Clemens Ladisch 2011-02-16 10:32:11 +01:00 committed by Stefan Richter
parent 5aaffc65a2
commit e81cbebdfc
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
drivers/firewire/ohci.c
View File

@ -2764,6 +2764,7 @@ static int ohci_stop_iso(struct fw_iso_context *base)
} }
flush_writes(ohci); flush_writes(ohci);
context_stop(&ctx->context); context_stop(&ctx->context);
tasklet_kill(&ctx->context.tasklet);
return 0; return 0;
} }