diff options
| author | Gabriele Monaco <gmonaco@redhat.com> | 2026-06-01 17:38:29 +0200 |
|---|---|---|
| committer | Gabriele Monaco <gmonaco@redhat.com> | 2026-06-03 12:33:23 +0200 |
| commit | e32d7f404d7d9dac307c1cd9a1fe132fa62ab6d6 (patch) | |
| tree | 69b03fe4d1af6bea77c7fb8ccffe41a7599cebfa /include | |
| parent | 4793e8a6e20e4c17ed4e755ea40e5912cc3539af (diff) | |
rv: Reset per-task DA monitors before releasing the slot
Per-task monitors use task_mon_slot to determine which slot in the array
to use for the monitor. During destruction, this slot is returned but
this is done before resetting the monitor. As a result, the monitor's
reset is in fact resetting a slot that is outside of the array
(RV_PER_TASK_MONITOR_INIT).
Release the slot only after the reset to avoid out-of-bound memory
access.
Fixes: f5587d1b6ec93 ("rv: Add Hybrid Automata monitor type")
Cc: stable@vger.kernel.org
Suggested-by: Wen Yang <wen.yang@linux.dev>
Reviewed-by: Wen Yang <wen.yang@linux.dev>
Reviewed-by: Nam Cao <namcao@linutronix.de>
Link: https://lore.kernel.org/r/20260601153840.124372-3-gmonaco@redhat.com
Signed-off-by: Gabriele Monaco <gmonaco@redhat.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/rv/da_monitor.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/include/rv/da_monitor.h b/include/rv/da_monitor.h index 39765ff6f098..1459fb3dfee6 100644 --- a/include/rv/da_monitor.h +++ b/include/rv/da_monitor.h @@ -309,10 +309,11 @@ static inline void da_monitor_destroy(void) WARN_ONCE(1, "Disabling a disabled monitor: " __stringify(MONITOR_NAME)); return; } - rv_put_task_monitor_slot(task_mon_slot); - task_mon_slot = RV_PER_TASK_MONITOR_INIT; da_monitor_reset_all(); + + rv_put_task_monitor_slot(task_mon_slot); + task_mon_slot = RV_PER_TASK_MONITOR_INIT; } #elif RV_MON_TYPE == RV_MON_PER_OBJ |