From: Al Viro <viro@zeniv.linux.org.uk>
Date: Wed, 10 Jan 2018 23:47:05 +0000 (-0500)
Subject: Fix a leak in socket(2) when we fail to allocate a file descriptor.
X-Git-Tag: v4.19~1592^2~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ce4bb04cae8924792ed92f4af2793b77fc986f0e;p=platform%2Fkernel%2Flinux-rpi.git

Fix a leak in socket(2) when we fail to allocate a file descriptor.

Got broken by "make sock_alloc_file() do sock_release() on failures" -
cleanup after sock_map_fd() failure got pulled all the way into
sock_alloc_file(), but it used to serve the case when sock_map_fd()
failed *before* getting to sock_alloc_file() as well, and that got
lost.  Trivial to fix, fortunately.

Fixes: 8e1611e23579 (make sock_alloc_file() do sock_release() on failures)
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

diff --git a/net/socket.c b/net/socket.c
index 42d8e9c..82433a2 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -432,8 +432,10 @@ static int sock_map_fd(struct socket *sock, int flags)
 {
 	struct file *newfile;
 	int fd = get_unused_fd_flags(flags);
-	if (unlikely(fd < 0))
+	if (unlikely(fd < 0)) {
+		sock_release(sock);
 		return fd;
+	}
 
 	newfile = sock_alloc_file(sock, flags, NULL);
 	if (likely(!IS_ERR(newfile))) {