Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e81cbebd authored by Clemens Ladisch's avatar Clemens Ladisch Committed by Stefan Richter
Browse files

firewire: ohci: prevent iso completion callbacks after context stop 



To prevent the iso packet callback from being called after
fw_iso_context_stop() has returned, make sure that the
context's tasklet has finished executing before that.

This fixes access-after-free bugs that have so far been
observed only in the upcoming snd-firewire-speakers driver,
but can theoretically also happen in the firedtv driver.

Signed-off-by: default avatarClemens Ladisch <clemens@ladisch.de>
Signed-off-by: default avatarStefan Richter <stefanr@s5r6.in-berlin.de>
parent 5aaffc65

drivers/firewire/ohci.c

+1 −0
Original line number Diff line number Diff line
@@ -2764,6 +2764,7 @@ static int ohci_stop_iso(struct fw_iso_context *base) 
	}

	flush_writes(ohci);

	context_stop(&ctx->context);

	tasklet_kill(&ctx->context.tasklet);



	return 0;

}