Skip to content

Commit

Permalink
firewire: ohci: prevent iso completion callbacks after context stop
Browse files Browse the repository at this point in the history 
To prevent the iso packet callback from being called after
fw_iso_context_stop() has returned, make sure that the
context's tasklet has finished executing before that.

This fixes access-after-free bugs that have so far been
observed only in the upcoming snd-firewire-speakers driver,
but can theoretically also happen in the firedtv driver.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
  • Loading branch information
Clemens Ladisch authored and Stefan Richter committed Feb 26, 2011
1 parent 5aaffc6 commit e81cbeb
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions drivers/firewire/ohci.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2764,6 +2764,7 @@ static int ohci_stop_iso(struct fw_iso_context *base)
}
flush_writes(ohci);
context_stop(&ctx->context);
tasklet_kill(&ctx->context.tasklet);

return 0;
}
Expand Down

0 comments on commit e81cbeb

Please sign in to comment.