firewire: ohci: prevent iso completion callbacks after context stop · e81cbebdfc - Gogs

firewire: ohci: prevent iso completion callbacks after context stop

To prevent the iso packet callback from being called after
fw_iso_context_stop() has returned, make sure that the
context's tasklet has finished executing before that.

This fixes access-after-free bugs that have so far been
observed only in the upcoming snd-firewire-speakers driver,
but can theoretically also happen in the firedtv driver.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

Clemens Ladisch 14 년 전

부모

5aaffc65a2

커밋

e81cbebdfc

1개의 변경된 파일과 1개의 추가작업 그리고 0개의 파일을 삭제

분할 보기 변경상태 보기

						
							+ 1
							
							- 0
						
drivers/firewire/ohci.c
							 
								파일 보기
							
				@@ -2764,6 +2764,7 @@ static int ohci_stop_iso(struct fw_iso_context *base)
			
				 	}
			
				 	flush_writes(ohci);
			
				 	context_stop(&ctx->context);
			
				+	tasklet_kill(&ctx->context.tasklet);
			
				 	return 0;
			
				 }