msm:ADSPRPC :Fix to avoid Use after free in fastrpc_internal_munmap Added a check to validate map before freeing it to avoid Use after free scenario. Change-Id: Ic723a4fe964a4909119663500018f2a07976105b Signed-off-by: Vamsi krishna Gattupalli <vgattupa@codeaurora.org>

commit: 3fed6e393d5c040e75f818687fb8b2850dc40da4 [log] [tgz]
author: Vamsi krishna Gattupalli <vgattupa@codeaurora.org> Wed Dec 02 12:59:03 2020 +0530
committer: Luca Weiss <luca.weiss@fairphone.com> Thu Jul 15 13:18:12 2021 +0200
tree: c9d53eb15a17efbfa614f7a6bbd5fb2c84e8ccaf
parent: b835067880b2635dcff6ec2c39daf1ae09ac5972 [diff]
diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c
index 03ccd6c..4069e2e 100644
--- a/drivers/char/adsprpc.c
+++ b/drivers/char/adsprpc.c

@@ -2728,13 +2728,15 @@
 	mutex_unlock(&fl->fl_map_mutex);
 	if (err)
 		goto bail;
-	VERIFY(err, !fastrpc_munmap_on_dsp(fl, map->raddr,
-				map->phys, map->size, map->flags));
-	if (err)
-		goto bail;
-	mutex_lock(&fl->fl_map_mutex);
-	fastrpc_mmap_free(map, 0);
-	mutex_unlock(&fl->fl_map_mutex);
+	if (map) {
+		VERIFY(err, !fastrpc_munmap_on_dsp(fl, map->raddr,
+					map->phys, map->size, map->flags));
+		if (err)
+			goto bail;
+		mutex_lock(&fl->fl_map_mutex);
+		fastrpc_mmap_free(map, 0);
+		mutex_unlock(&fl->fl_map_mutex);
+	}
 bail:
 	if (err && map) {
 		mutex_lock(&fl->fl_map_mutex);
commit	3fed6e393d5c040e75f818687fb8b2850dc40da4	[log] [tgz]
author	Vamsi krishna Gattupalli <vgattupa@codeaurora.org>	Wed Dec 02 12:59:03 2020 +0530
committer	Luca Weiss <luca.weiss@fairphone.com>	Thu Jul 15 13:18:12 2021 +0200
tree	c9d53eb15a17efbfa614f7a6bbd5fb2c84e8ccaf
parent	b835067880b2635dcff6ec2c39daf1ae09ac5972 [diff]