From: Clemens Ladisch Date: Wed, 16 Feb 2011 09:32:11 +0000 (+0100) Subject: firewire: ohci: prevent iso completion callbacks after context stop X-Git-Tag: firefly_0821_release~3680^2~4548^2~30 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=e81cbebdfc384f9c2ae91225f16ef994118e5e2c;p=firefly-linux-kernel-4.4.55.git firewire: ohci: prevent iso completion callbacks after context stop To prevent the iso packet callback from being called after fw_iso_context_stop() has returned, make sure that the context's tasklet has finished executing before that. This fixes access-after-free bugs that have so far been observed only in the upcoming snd-firewire-speakers driver, but can theoretically also happen in the firedtv driver. Signed-off-by: Clemens Ladisch Signed-off-by: Stefan Richter --- diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c index c7394361afcb..f1497b1fcf2e 100644 --- a/drivers/firewire/ohci.c +++ b/drivers/firewire/ohci.c @@ -2764,6 +2764,7 @@ static int ohci_stop_iso(struct fw_iso_context *base) } flush_writes(ohci); context_stop(&ctx->context); + tasklet_kill(&ctx->context.tasklet); return 0; }