tipc: fix NULL pointer dereference in tipc_disc_rcv()

mainline inclusion
from mainline-v5.8-rc1
commit 97982782
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IADGRO
CVE: CVE-2022-48865

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9798278260e8f61d04415342544a8f701bc5ace7



--------------------------------

When a bearer is enabled, we create a 'tipc_discoverer' object to store
the bearer related data along with a timer and a preformatted discovery
message buffer for later probing... However, this is only carried after
the bearer was set 'up', that left a race condition resulting in kernel
panic.

It occurs when a discovery message from a peer node is received and
processed in bottom half (since the bearer is 'up' already) just before
the discoverer object is created but is now accessed in order to update
the preformatted buffer (with a new trial address, ...) so leads to the
NULL pointer dereference.

We solve the problem by simply moving the bearer 'up' setting to later,
so make sure everything is ready prior to any message receiving.

Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

Conflicts:
	net/tipc/bearer.c
[The conflict occurs because the commit  2a7ee696"(tipc: add
reference counter to bearer") is not merged]
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>