Revert "net/socket: convert sock_map_fd() to FD_ADD()"

This reverts commit 245f0d1c622b0183ce4f44b3e39aeacf78fae594.

When allocating a file sock_alloc_file() consumes the socket reference
unconditionally which isn't correctly handled in the conversion. This
can be fixed by massaging this appropriately but this is best left for
next cycle.

Reported-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/CADvbK_ewub4ZZK-tZg8GBQbDFHWhd9a48C+AFXZ93pMsssCrUg@mail.gmail.com
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/net/socket.c b/net/socket.c
index e1bf93508f05187406744576b5d053606661a397..acd8fa6ffa66e02ec91813c8c15e2d7ce3addb9f 100644 (file)
--- a/net/socket.c
+++ b/net/socket.c
@@ -503,12 +503,21 @@ EXPORT_SYMBOL(sock_alloc_file);
 
 static int sock_map_fd(struct socket *sock, int flags)
 {
-       int fd;
-
-       fd = FD_ADD(flags, sock_alloc_file(sock, flags, NULL));
-       if (fd < 0)
+       struct file *newfile;
+       int fd = get_unused_fd_flags(flags);
+       if (unlikely(fd < 0)) {
                sock_release(sock);
-       return fd;
+               return fd;
+       }
+
+       newfile = sock_alloc_file(sock, flags, NULL);
+       if (!IS_ERR(newfile)) {
+               fd_install(fd, newfile);
+               return fd;
+       }
+
+       put_unused_fd(fd);
+       return PTR_ERR(newfile);
 }
 
 /**