tipc: fix missing spinlock init in broadcast code

After commit 3c294cb3 "tipc: remove the bearer congestion mechanism",
we try to grab the broadcast bearer lock when sending multicast
messages over the broadcast link. This will cause an oops because
the lock is never initialized. This is an old bug, but the lock
was never actually used before commit 3c294cb3, so that why it was
not visible until now.  The oops will look something like:

	BUG: spinlock bad magic on CPU#2, daemon/147
	lock: bcast_bearer+0x48/0xffffffffffffd19a [tipc],
	.magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
	Pid: 147, comm: daemon Not tainted 3.8.0-rc3+ #206
	Call Trace:
	spin_dump+0x8a/0x8f
	spin_bug+0x21/0x26
	do_raw_spin_lock+0x114/0x150
	_raw_spin_lock_bh+0x19/0x20
	tipc_bearer_blocked+0x1f/0x40 [tipc]
	tipc_link_send_buf+0x82/0x280 [tipc]
	? __alloc_skb+0x9f/0x2b0
	tipc_bclink_send_msg+0x77/0xa0 [tipc]
	tipc_multicast+0x11b/0x1b0 [tipc]
	send_msg+0x225/0x530 [tipc]
	sock_sendmsg+0xca/0xe0

The above can be triggered by running the multicast demo program.

Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 1 insertions, 0 deletions

diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c
index 54f89f90ac33..2655c9f4ecad 100644
--- a/net/tipc/bcast.c
+++ b/net/tipc/bcast.c
@@ -774,6 +774,7 @@ void tipc_bclink_init(void)
 	bcl->owner = &bclink->node;
 	bcl->max_pkt = MAX_PKT_DEFAULT_MCAST;
 	tipc_link_set_queue_limits(bcl, BCLINK_WIN_DEFAULT);
+	spin_lock_init(&bcbearer->bearer.lock);
 	bcl->b_ptr = &bcbearer->bearer;
 	bcl->state = WORKING_WORKING;
 	strlcpy(bcl->name, tipc_bclink_name, TIPC_MAX_LINK_NAME);