io_uring: fix early fdput() of file

A previous commit shuffled some code around, and inadvertently used
struct file after fdput() had been called on it. As we can't touch
the file post fdput() dropping our reference, move the fdput() to
after that has been done.

Cc: Pavel Begunkov <[email protected]>
Cc: [email protected]
Link: https://lore.kernel.org/io-uring/[email protected]/
Fixes: f2a48dd ("io_uring: refactor io_sq_offload_create()")
Reported-by: Al Viro <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>

Author: axboe

fs/io_uring.c

@@ -7991,9 +7991,11 @@ static int io_sq_offload_create(struct io_ring_ctx *ctx,
 		f = fdget(p->wq_fd);
 		if (!f.file)
 			return -ENXIO;
-		fdput(f);
-		if (f.file->f_op != &io_uring_fops)
+		if (f.file->f_op != &io_uring_fops) {
+			fdput(f);
 			return -EINVAL;
+		}
+		fdput(f);
 	}
 	if (ctx->flags & IORING_SETUP_SQPOLL) {
 		struct task_struct *tsk;