HID: check empty report_list in hid_validate_values()

stable inclusion
from stable-v5.10.166
commit 5dc3469a1170dd1344d262a332b26994214eeb58
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6KCIO
CVE: CVE-2023-1073

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5dc3469a1170dd1344d262a332b26994214eeb58

--------------------------------

Add a check for empty report_list in hid_validate_values().
The missing check causes a type confusion when issuing a list_entry()
on an empty report_list.
The problem is caused by the assumption that the device must
have valid report_list. While this will be true for all normal HID
devices, a suitably malicious device can violate the assumption.

Fixes: 1b15d2e5 ("HID: core: fix validation of report id 0")
Signed-off-by: NPietro Borrello <borrello@diag.uniroma1.it>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>
Signed-off-by: NLin Yujun <linyujun809@huawei.com>
Reviewed-by: NZhang Jianhua <chris.zjh@huawei.com>
Reviewed-by: NLiao Chang <liaochang1@huawei.com>
Signed-off-by: NJialin Zhang <zhangjialin11@huawei.com>

drivers/hid/hid-core.c

@@ -988,8 +988,8 @@ struct hid_report *hid_validate_values(struct hid_device *hid,
 		 * Validating on id 0 means we should examine the first
 		 * report in the list.
 		 */
-		report = list_entry(
-				hid->report_enum[type].report_list.next,
+		report = list_first_entry_or_null(
+				&hid->report_enum[type].report_list,
 				struct hid_report, list);
 	} else {
 		report = hid->report_enum[type].report_id_hash[id];