| From: Ben Hutchings <ben@decadent.org.uk> |
| Date: Fri, 12 Oct 2018 20:58:04 +0100 |
| Subject: ppp: Fix null pointer dereference on registration failure |
| |
| register_netdevice() will call the device's ndo_uninit operation if |
| registration fails after it calls the ndo_init operation. However |
| ppp_dev_uninit() uses ppp->ppp_net which is currently not set until |
| after register_netdevice() returns. |
| |
| This was fixed upstream as part of commit 96d934c70db6 "ppp: add |
| rtnetlink device creation support". |
| |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| --- a/drivers/net/ppp/ppp_generic.c |
| +++ b/drivers/net/ppp/ppp_generic.c |
| @@ -2732,6 +2732,7 @@ static struct ppp *ppp_create_interface( |
| |
| ppp = netdev_priv(dev); |
| ppp->dev = dev; |
| + ppp->ppp_net = net; |
| ppp->mru = PPP_MRU; |
| init_ppp_file(&ppp->file, INTERFACE); |
| ppp->file.hdrlen = PPP_HDRLEN - 2; /* don't count proto bytes */ |
| @@ -2801,8 +2802,6 @@ static struct ppp *ppp_create_interface( |
| goto out2; |
| } |
| |
| - ppp->ppp_net = net; |
| - |
| atomic_inc(&ppp_unit_count); |
| mutex_unlock(&pn->all_ppp_mutex); |
| rtnl_unlock(); |
