ALSA: ak4117: Do not free priv until timer handler hasn't actually stopped using it

Function del_timer() does not guarantee that timer was really deleted.
If the timer handler is beeing executed at the moment, the function
does nothing. So, it's possible to use already freed memory in the handler:

[ref: Documentation/DocBook/kernel-locking.tmpl]

This was found using grep and compile-tested only.

Signed-off-by: Kirill Tkhai <ktkhai@parallels.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

diff --git a/sound/i2c/other/ak4117.c b/sound/i2c/other/ak4117.c
index 40e33c9f2b095f1eb7488729afe20f1f991d994f..88452e899bd94124ddffe1ad3485d7b9896aeddf 100644 (file)
--- a/sound/i2c/other/ak4117.c
+++ b/sound/i2c/other/ak4117.c
@@ -62,7 +62,7 @@ static void reg_dump(struct ak4117 *ak4117)
 
 static void snd_ak4117_free(struct ak4117 *chip)
 {
-       del_timer(&chip->timer);
+       del_timer_sync(&chip->timer);
        kfree(chip);
 }