On Mon, 12 Aug 2019 16:44:35 +0200, Julian Wiedmann wrote: > Callbacks for a cmd reply run outside the protection of card->lock, to > allow for additional cmds to be issued & enqueued in parallel. > > When qeth_send_control_data() bails out for a cmd without having > received a reply (eg. due to timeout), its callback may concurrently be > processing a reply that just arrived. In this case, the callback > potentially accesses a stale reply->reply_param area that eg. was > on-stack and has already been released. > > To avoid this race, add some locking so that qeth_send_control_data() > can (1) wait for a concurrently running callback, and (2) zap any > pending callback that still wants to run. > > Signed-off-by: Julian Wiedmann <jwi@xxxxxxxxxxxxx> Applied to net, thank you. Please consider adding the Fixes tag for net submissions.
