Revert "net/socket: convert sock_map_fd() to FD_ADD()"

This reverts commit 245f0d1c622b0183ce4f44b3e39aeacf78fae594.

When allocating a file sock_alloc_file() consumes the socket reference
unconditionally which isn't correctly handled in the conversion. This
can be fixed by massaging this appropriately but this is best left for
next cycle.

Reported-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/CADvbK_ewub4ZZK-tZg8GBQbDFHWhd9a48C+AFXZ93pMsssCrUg@mail.gmail.com
Signed-off-by: Christian Brauner <brauner@kernel.org>

1 files changed, 14 insertions, 5 deletions

diff --git a/net/socket.c b/net/socket.c
index e1bf93508f05..acd8fa6ffa66 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -503,12 +503,21 @@ EXPORT_SYMBOL(sock_alloc_file);
 
 static int sock_map_fd(struct socket *sock, int flags)
 {
-	int fd;
-
-	fd = FD_ADD(flags, sock_alloc_file(sock, flags, NULL));
-	if (fd < 0)
+	struct file *newfile;
+	int fd = get_unused_fd_flags(flags);
+	if (unlikely(fd < 0)) {
 		sock_release(sock);
-	return fd;
+		return fd;
+	}
+
+	newfile = sock_alloc_file(sock, flags, NULL);
+	if (!IS_ERR(newfile)) {
+		fd_install(fd, newfile);
+		return fd;
+	}
+
+	put_unused_fd(fd);
+	return PTR_ERR(newfile);
 }
 
 /**