rv: Fix out-of-bound memory access in rv_is_container_monitor()

JIRA: https://issues.redhat.com/browse/RHEL-92308

commit 8d7861a
Author: Nam Cao <[email protected]>
Date:   Fri Apr 11 09:37:17 2025 +0200

    rv: Fix out-of-bound memory access in rv_is_container_monitor()

    When rv_is_container_monitor() is called on the last monitor in
    rv_monitors_list, KASAN yells:

      BUG: KASAN: global-out-of-bounds in rv_is_container_monitor+0x101/0x110
      Read of size 8 at addr ffffffff97c7c798 by task setup/221

      The buggy address belongs to the variable:
       rv_monitors_list+0x18/0x40

    This is due to list_next_entry() is called on the last entry in the list.
    It wraps around to the first list_head, and the first list_head is not
    embedded in struct rv_monitor_def.

    Fix it by checking if the monitor is last in the list.

    Cc: [email protected]
    Cc: Gabriele Monaco <[email protected]>
    Fixes: cb85c66 ("rv: Add option for nested monitors and include sched")
    Link: https://lore.kernel.org/e85b5eeb7228bfc23b8d7d4ab5411472c54ae91b.1744355018.git.namcao@linutronix.de
    Signed-off-by: Nam Cao <[email protected]>
    Signed-off-by: Steven Rostedt (Google) <[email protected]>

Signed-off-by: Gabriele Monaco <[email protected]>

Author: glemco

kernel/trace/rv/rv.c

@@ -225,7 +225,12 @@ bool rv_is_nested_monitor(struct rv_monitor_def *mdef)
  */
 bool rv_is_container_monitor(struct rv_monitor_def *mdef)
 {
-	struct rv_monitor_def *next = list_next_entry(mdef, list);
+	struct rv_monitor_def *next;
+
+	if (list_is_last(&mdef->list, &rv_monitors_list))
+		return false;
+
+	next = list_next_entry(mdef, list);
 
 	return next->parent == mdef->monitor || !mdef->monitor->enable;
 }