Message ID | 1360889013-4394-1-git-send-email-paul.gortmaker@windriver.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Paul Gortmaker <paul.gortmaker@windriver.com> Date: Thu, 14 Feb 2013 19:43:33 -0500 > From: Erik Hugne <erik.hugne@ericsson.com> > > After commit 3c294cb3 "tipc: remove the bearer congestion mechanism", > we try to grab the broadcast bearer lock when sending multicast > messages over the broadcast link. This will cause an oops because > the lock is never initialized. This is an old bug, but the lock > was never actually used before commit 3c294cb3, so that why it was > not visible until now. The oops will look something like: > > BUG: spinlock bad magic on CPU#2, daemon/147 > lock: bcast_bearer+0x48/0xffffffffffffd19a [tipc], > .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 > Pid: 147, comm: daemon Not tainted 3.8.0-rc3+ #206 > Call Trace: > spin_dump+0x8a/0x8f > spin_bug+0x21/0x26 > do_raw_spin_lock+0x114/0x150 > _raw_spin_lock_bh+0x19/0x20 > tipc_bearer_blocked+0x1f/0x40 [tipc] > tipc_link_send_buf+0x82/0x280 [tipc] > ? __alloc_skb+0x9f/0x2b0 > tipc_bclink_send_msg+0x77/0xa0 [tipc] > tipc_multicast+0x11b/0x1b0 [tipc] > send_msg+0x225/0x530 [tipc] > sock_sendmsg+0xca/0xe0 > > The above can be triggered by running the multicast demo program. > > Signed-off-by: Erik Hugne <erik.hugne@ericsson.com> > Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c index 54f89f9..2655c9f 100644 --- a/net/tipc/bcast.c +++ b/net/tipc/bcast.c @@ -774,6 +774,7 @@ void tipc_bclink_init(void) bcl->owner = &bclink->node; bcl->max_pkt = MAX_PKT_DEFAULT_MCAST; tipc_link_set_queue_limits(bcl, BCLINK_WIN_DEFAULT); + spin_lock_init(&bcbearer->bearer.lock); bcl->b_ptr = &bcbearer->bearer; bcl->state = WORKING_WORKING; strlcpy(bcl->name, tipc_bclink_name, TIPC_MAX_LINK_NAME);