[alsa-devel] [PATCH] ak4117: Do not free priv until timer handler hasn't actually stopped using it
Takashi Iwai
tiwai at suse.de
Fri Feb 14 14:17:18 CET 2014
At Fri, 14 Feb 2014 15:47:57 +0400,
Kirill Tkhai wrote:
>
> Function del_timer() does not guarantee that timer was really deleted.
> If the timer handler is beeing executed at the moment, the function
> does nothing. So, it's possible to use already freed memory in the handler:
>
> [ref: Documentation/DocBook/kernel-locking.tmpl]
>
> This was found using grep and compile-tested only.
Thanks, applied.
Takashi
>
> Signed-off-by: Kirill Tkhai <ktkhai at parallels.com>
> CC: Jaroslav Kysela <perex at perex.cz>
> CC: Takashi Iwai <tiwai at suse.de>
> ---
> sound/i2c/other/ak4117.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sound/i2c/other/ak4117.c b/sound/i2c/other/ak4117.c
> index 40e33c9..88452e8 100644
> --- a/sound/i2c/other/ak4117.c
> +++ b/sound/i2c/other/ak4117.c
> @@ -62,7 +62,7 @@ static void reg_dump(struct ak4117 *ak4117)
>
> static void snd_ak4117_free(struct ak4117 *chip)
> {
> - del_timer(&chip->timer);
> + del_timer_sync(&chip->timer);
> kfree(chip);
> }
>
>
>
>
More information about the Alsa-devel
mailing list