From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3DE8F17A305; Mon, 23 Mar 2026 15:00:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774278035; cv=none; b=Oa/+qBj5Td1Isfd15Xc2SvrCAUT8L8+neZrd1MrTYS6T91oZnnecwME+birHZKfJSb8/6Erp7yMmvclkyi+8U15KzG1RmCY259Im5AWiPf+gLahmn8xurCVeX38vDe7xORTsl8RLr9GTnE3AWcUVaGyXP9/Dik4bqFpMBKLGCh0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774278035; c=relaxed/simple; bh=ozL/j//4DJpcBCEaMywKlEdfYa44q9UKhbYsCA55yiQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rBs8Wo9lTz/o4XGE4X0rByrkV3RFLIT1XYHnw7E9cpPVky0avVtpf24NiS9JCxf7pZt/DtCYKoc4dUc5tk7Q+Bu6xsRialkVjHFFarAujRhASTjV/Q/nDNbhI+kvXku9ssy3DQldiahQb4BRhAYH1tIWTWrZjkt6PagB5ZO/vcM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=tffxYFEb; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="tffxYFEb" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B54C2C4CEF7; Mon, 23 Mar 2026 15:00:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1774278035; bh=ozL/j//4DJpcBCEaMywKlEdfYa44q9UKhbYsCA55yiQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tffxYFEb4KZkfMTJp4AvnRiX0XW4xMtQNVnwB35PkvUg2kUqaYidUdWwxPrE7h+0G uwMMjtwcw8dYedNrtKZy6mxDRYPKSdajZH3XrOgjBId6Vr9HPm5uGckiWyaqCkHNV5 hc7qmFnRnrDxLiw4vl6dYyoiCQ2Unp0Gkfy9+6UA= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, syzbot+5b11eccc403dd1cea9f8@syzkaller.appspotmail.com, Oliver Hartkopp , Marc Kleine-Budde , Sasha Levin Subject: [PATCH 6.6 143/567] can: bcm: fix locking for bcm_op runtime updates Date: Mon, 23 Mar 2026 14:41:03 +0100 Message-ID: <20260323134537.358653389@linuxfoundation.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260323134533.749096647@linuxfoundation.org> References: <20260323134533.749096647@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.6-stable review patch. If anyone has any objections, please let me know. ------------------ From: Oliver Hartkopp [ Upstream commit c35636e91e392e1540949bbc67932167cb48bc3a ] Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") added a locking for some variables that can be modified at runtime when updating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup(). Usually the RX_SETUP only handles and filters incoming traffic with one exception: When the RX_RTR_FRAME flag is set a predefined CAN frame is sent when a specific RTR frame is received. Therefore the rx bcm_op uses bcm_can_tx() which uses the bcm_tx_lock that was only initialized in bcm_tx_setup(). Add the missing spin_lock_init() when allocating the bcm_op in bcm_rx_setup() to handle the RTR case properly. Fixes: c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") Reported-by: syzbot+5b11eccc403dd1cea9f8@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-can/699466e4.a70a0220.2c38d7.00ff.GAE@google.com/ Signed-off-by: Oliver Hartkopp Link: https://patch.msgid.link/20260218-bcm_spin_lock_init-v1-1-592634c8a5b5@hartkopp.net Signed-off-by: Marc Kleine-Budde Signed-off-by: Sasha Levin --- net/can/bcm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/can/bcm.c b/net/can/bcm.c index 75653584f31b9..35039645c4629 100644 --- a/net/can/bcm.c +++ b/net/can/bcm.c @@ -1128,6 +1128,7 @@ static int bcm_rx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg, if (!op) return -ENOMEM; + spin_lock_init(&op->bcm_tx_lock); op->can_id = msg_head->can_id; op->nframes = msg_head->nframes; op->cfsiz = CFSIZ(msg_head->flags); -- 2.51.0