Linux kernel: erroneous error handling after fd_install()

We discussed this vulnerability during Episode 116 on 01 February 2022

There is a bit of a race condition in some areas of kernel code a file that has been closed by userspace will still be accessed by the kernel.

The issue is whenfd_install(fd, file) is called, which exposes the file to the userland and then any further work on fd or file is attempted. The problem is that as it has been exposed to the userspace, it can be closed by userspace immediately leading to a use-after-free.