[PATCH 4.9 005/222] Input: ff-memless - kill timer in destroy()

From: Greg Kroah-Hartman
Date: Fri Nov 22 2019 - 05:39:40 EST


From: Oliver Neukum <oneukum@xxxxxxxx>

commit fa3a5a1880c91bb92594ad42dfe9eedad7996b86 upstream.

No timer must be left running when the device goes away.

Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx>
Reported-and-tested-by: syzbot+b6c55daa701fc389e286@xxxxxxxxxxxxxxxxxxxxxxxxx
Cc: stable@xxxxxxxxxxxxxxx
Link: https://lore.kernel.org/r/1573726121.17351.3.camel@xxxxxxxx
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/input/ff-memless.c | 9 +++++++++
1 file changed, 9 insertions(+)

--- a/drivers/input/ff-memless.c
+++ b/drivers/input/ff-memless.c
@@ -501,6 +501,15 @@ static void ml_ff_destroy(struct ff_devi
{
struct ml_device *ml = ff->private;

+ /*
+ * Even though we stop all playing effects when tearing down
+ * an input device (via input_device_flush() that calls into
+ * input_ff_flush() that stops and erases all effects), we
+ * do not actually stop the timer, and therefore we should
+ * do it here.
+ */
+ del_timer_sync(&ml->timer);
+
kfree(ml->private);
}