switch flush_unauthorized_files() to replace_fd()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

security/selinux/hooks.c

@@ -2126,8 +2126,6 @@ static inline void flush_unauthorized_files(const struct cred *cred,
 	spin_lock(&files->file_lock);
 	for (;;) {
 		unsigned long set, i;
-		int fd;
-
 		j++;
 		i = j * BITS_PER_LONG;
 		fdt = files_fdtable(files);
@@ -2138,38 +2136,23 @@ static inline void flush_unauthorized_files(const struct cred *cred,
 			continue;
 		spin_unlock(&files->file_lock);
 		for ( ; set ; i++, set >>= 1) {
-			if (set & 1) {
-				file = fget(i);
-				if (!file)
-					continue;
-				if (file_has_perm(cred,
-						  file,
-						  file_to_av(file))) {
-					sys_close(i);
-					fd = get_unused_fd();
-					if (fd != i) {
-						if (fd >= 0)
-							put_unused_fd(fd);
-						fput(file);
-						continue;
-					}
-					if (devnull) {
-						get_file(devnull);
-					} else {
-						devnull = dentry_open(
-							&selinux_null,
-							O_RDWR, cred);
-						if (IS_ERR(devnull)) {
-							devnull = NULL;
-							put_unused_fd(fd);
-							fput(file);
-							continue;
-						}
-					}
-					fd_install(fd, devnull);
+			if (!(set & 1))
+				continue;
+			file = fget(i);
+			if (!file)
+				continue;
+			if (file_has_perm(cred, file, file_to_av(file))) {
+				if (devnull) {
+					get_file(devnull);
+				} else {
+					devnull = dentry_open(&selinux_null,
+								O_RDWR, cred);
+					if (IS_ERR(devnull))
+						devnull = NULL;
 				}
-				fput(file);
+				replace_fd(i, devnull, 0);
 			}
+			fput(file);
 		}
 		spin_lock(&files->file_lock);