CVE-2022-49393

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: fix list iterator in fastrpcreqmemunmapimpl

This is another instance of incorrect use of list iterator and checking it for NULL.

The list iterator value 'map' will always be set and non-NULL by listforeach_entry(), so it is incorrect to assume that the iterator value will be NULL if the list is empty (in this case, the check 'if (!map) {' will always be false and never exit as expected).

To fix the bug, use a new variable 'iter' as the list iterator, while use the original variable 'map' as a dedicated pointer to point to the found element.

Without this patch, Kernel crashes with below trace:

Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000ffff7fb03750 ... Call trace: fastrpcmapcreate+0x70/0x290 [fastrpc] fastrpcreqmemmap+0xf0/0x2dc [fastrpc] fastrpcdevice_ioctl+0x138/0xc60 [fastrpc] _arm64sysioctl+0xa8/0xec invokesyscall+0x48/0x114 el0svccommon.constprop.0+0xd4/0xfc doel0svc+0x28/0x90 el0svc+0x3c/0x130 el0t64synchandler+0xa4/0x130 el0t64sync+0x18c/0x190 Code: 14000016 f94000a5 eb05029f 54000260 (b94018a6) ---[ end trace 0000000000000000 ]---