ALSA: ak4117: Do not free priv until timer handler hasn't actually stopped using it

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Function del_timer() does not guarantee that timer was really deleted.
If the timer handler is beeing executed at the moment, the function
does nothing. So, it's possible to use already freed memory in the handler:

[ref: Documentation/DocBook/kernel-locking.tmpl]

This was found using grep and compile-tested only.

Signed-off-by: Kirill Tkhai <ktkhai@parallels.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

authored by

Kirill Tkhai and committed by

Takashi Iwai 12 years ago 115b94d5 9ce50543

+1 -1

1 changed file

expand all

sound

i2c

other

ak4117.c

+1 -1

sound/i2c/other/ak4117.c

··· 62 62 63 63 static void snd_ak4117_free(struct ak4117 *chip) 64 64 { 65 - del_timer(&chip->timer); 65 + del_timer_sync(&chip->timer); 66 66 kfree(chip); 67 67 } 68 68