From 6bf2b03aa461c35ec7bf724cafe3caa3792eaefd Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 12 Oct 2018 20:58:04 +0100
Subject: [PATCH] ppp: Fix null pointer dereference on registration failure

register_netdevice() will call the device's ndo_uninit operation if
registration fails after it calls the ndo_init operation.  However
ppp_dev_uninit() uses ppp->ppp_net which is currently not set until
after register_netdevice() returns.

This was fixed upstream as part of commit 96d934c70db6 "ppp: add
rtnetlink device creation support".

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 drivers/net/ppp/ppp_generic.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 0a47788a4fc8..b88886f0d103 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -2732,6 +2732,7 @@ static struct ppp *ppp_create_interface(struct net *net, int unit,
 
 	ppp = netdev_priv(dev);
 	ppp->dev = dev;
+	ppp->ppp_net = net;
 	ppp->mru = PPP_MRU;
 	init_ppp_file(&ppp->file, INTERFACE);
 	ppp->file.hdrlen = PPP_HDRLEN - 2;	/* don't count proto bytes */
@@ -2801,8 +2802,6 @@ static struct ppp *ppp_create_interface(struct net *net, int unit,
 		goto out2;
 	}
 
-	ppp->ppp_net = net;
-
 	atomic_inc(&ppp_unit_count);
 	mutex_unlock(&pn->all_ppp_mutex);
 	rtnl_unlock();
-- 
2.39.5