dsp-kernel: Do not search the global map in the process-specific list

If a user makes the ioctl call for the fastrpc_internal_mmap with the
global map flag, fd, and va corresponding to some map already present
in the process-specific list, then this map present in the process-
specific list could be added to the global list. Because global maps
are also searched in the process-specific list. If a map gets removed
from the global list and another concurrent thread is using the same
map for a process-specific use case, it could lead to a use-after-free.
Avoid searching the global map in the process-specific list.

Change-Id: I59c820eb984945d39cd6e4b163307ea43ee4d2f4
Signed-off-by: Abhishek Singh <[email protected]>

dsp/adsprpc.c

@@ -852,7 +852,10 @@ static int fastrpc_mmap_find(struct fastrpc_file *fl, int fd,
 
 	if ((va + len) < va)
 		return -EFAULT;
-	if (mflags == ADSP_MMAP_DMA_BUFFER) {
+	if ((mflags == ADSP_MMAP_HEAP_ADDR) ||
+		(mflags == ADSP_MMAP_REMOTE_HEAP_ADDR)) {
+		return -EFAULT;
+	} else if (mflags == ADSP_MMAP_DMA_BUFFER) {
 		hlist_for_each_entry_safe(map, n, &fl->maps, hn) {
 			if (map->buf == buf) {
 				if (refs) {