rv: Reset per-task DA monitors before releasing the slot

Per-task monitors use task_mon_slot to determine which slot in the array
to use for the monitor. During destruction, this slot is returned but
this is done before resetting the monitor. As a result, the monitor's
reset is in fact resetting a slot that is outside of the array
(RV_PER_TASK_MONITOR_INIT).

Release the slot only after the reset to avoid out-of-bound memory
access.

Fixes: f5587d1b6ec93 ("rv: Add Hybrid Automata monitor type")
Cc: stable@vger.kernel.org
Suggested-by: Wen Yang <wen.yang@linux.dev>
Reviewed-by: Wen Yang <wen.yang@linux.dev>
Reviewed-by: Nam Cao <namcao@linutronix.de>
Link: https://lore.kernel.org/r/20260601153840.124372-3-gmonaco@redhat.com
Signed-off-by: Gabriele Monaco <gmonaco@redhat.com>

diff --git a/include/rv/da_monitor.h b/include/rv/da_monitor.h
index 39765ff6f0985b1c8b3a05f37b5a59ce54287151..1459fb3dfee62d7c96515f8958ef5fa4a7f88933 100644 (file)
--- a/include/rv/da_monitor.h
+++ b/include/rv/da_monitor.h
@@ -309,10 +309,11 @@ static inline void da_monitor_destroy(void)
                WARN_ONCE(1, "Disabling a disabled monitor: " __stringify(MONITOR_NAME));
                return;
        }
-       rv_put_task_monitor_slot(task_mon_slot);
-       task_mon_slot = RV_PER_TASK_MONITOR_INIT;
 
        da_monitor_reset_all();
+
+       rv_put_task_monitor_slot(task_mon_slot);
+       task_mon_slot = RV_PER_TASK_MONITOR_INIT;
 }
 
 #elif RV_MON_TYPE == RV_MON_PER_OBJ