diff options
author | Clemens Ladisch <clemens@ladisch.de> | 2011-02-16 10:32:11 +0100 |
---|---|---|
committer | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2011-02-26 15:11:03 +0100 |
commit | e81cbebdfc384f9c2ae91225f16ef994118e5e2c (patch) | |
tree | 7bdb493f5bbb2d175966a8bd5336145c9e871ac3 /drivers/firewire | |
parent | 5aaffc65a27dd9db65455c2c9ab3ede57238d2f5 (diff) | |
download | op-kernel-dev-e81cbebdfc384f9c2ae91225f16ef994118e5e2c.zip op-kernel-dev-e81cbebdfc384f9c2ae91225f16ef994118e5e2c.tar.gz |
firewire: ohci: prevent iso completion callbacks after context stop
To prevent the iso packet callback from being called after
fw_iso_context_stop() has returned, make sure that the
context's tasklet has finished executing before that.
This fixes access-after-free bugs that have so far been
observed only in the upcoming snd-firewire-speakers driver,
but can theoretically also happen in the firedtv driver.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Diffstat (limited to 'drivers/firewire')
-rw-r--r-- | drivers/firewire/ohci.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c index c739436..f1497b1 100644 --- a/drivers/firewire/ohci.c +++ b/drivers/firewire/ohci.c @@ -2764,6 +2764,7 @@ static int ohci_stop_iso(struct fw_iso_context *base) } flush_writes(ohci); context_stop(&ctx->context); + tasklet_kill(&ctx->context.tasklet); return 0; } |