slip: stop double free sl->dev in slip_open

After include 3b5a39979daf ("slip: Fix memory leak in slip_open error path")
and e58c19124189 ("slip: Fix use-after-free Read in slip_open") with 4.4.y/4.9.y.
We will trigger a bug since we can double free sl->dev in slip_open. Actually,
we should backport cf124db566e6 ("net: Fix inconsistent teardown and release
of private netdev state.") too since it has delete free_netdev from sl_free_netdev.
Fix it by delete free_netdev from slip_open.

Signed-off-by: yangerkun <yangerkun@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/net/slip/slip.c b/drivers/net/slip/slip.c
index 2af09c3851a5e1b3d3382aeef0d68ab0ef3a90ab..cc841126147ec36327912ad2fb254fb378d62e86 100644 (file)
--- a/drivers/net/slip/slip.c
+++ b/drivers/net/slip/slip.c
@@ -868,7 +868,6 @@ err_free_chan:
        tty->disc_data = NULL;
        clear_bit(SLF_INUSE, &sl->flags);
        sl_free_netdev(sl->dev);
-       free_netdev(sl->dev);
 
 err_exit:
        rtnl_unlock();