msm:ADSPRPC :Fix to avoid Use after free in fastrpc_internal_munmap

Added a check to validate map before freeing it to avoid Use after
free scenario.

Bug id: A-179040600
CVE-Fixed: CVE-2021-1927
Crs-fixed: 2827356
Mot-CRs-fixed: (CR)

Change-Id: Ic723a4fe964a4909119663500018f2a07976105b
Signed-off-by: Vamsi krishna Gattupalli <vgattupa@codeaurora.org>
Signed-off-by: Srkanth A R <arsrikan@motorola.com>
Reviewed-on: https://gerrit.mot.com/1931280
SME-Granted: SME Approvals Granted
SLTApproved: Slta Waiver
Tested-by: Jira Key
Reviewed-by: Vijayakumar Gn <vijaygn@motorola.com>
Reviewed-by: Ravikumar Vembu <raviv@motorola.com>
Submit-Approved: Jira Key

Author: Srikanth A R

drivers/char/adsprpc.c

@@ -2670,13 +2670,15 @@ static int fastrpc_internal_munmap(struct fastrpc_file *fl,
 	mutex_unlock(&fl->map_mutex);
 	if (err)
 		goto bail;
-	VERIFY(err, !fastrpc_munmap_on_dsp(fl, map->raddr,
-				map->phys, map->size, map->flags));
-	if (err)
-		goto bail;
-	mutex_lock(&fl->map_mutex);
-	fastrpc_mmap_free(map, 0);
-	mutex_unlock(&fl->map_mutex);
+	if (map) {
+		VERIFY(err, !fastrpc_munmap_on_dsp(fl, map->raddr,
+					map->phys, map->size, map->flags));
+		if (err)
+			goto bail;
+		mutex_lock(&fl->map_mutex);
+		fastrpc_mmap_free(map, 0);
+		mutex_unlock(&fl->map_mutex);
+	}
 bail:
 	if (err && map) {
 		mutex_lock(&fl->map_mutex);