fgraph: Add READ_ONCE() when accessing fgraph_array[]

JIRA: https://issues.redhat.com/browse/RHEL-86682

commit d654740
Author: Zilin Guan <zilin@seu.edu.cn>
Date:   Tue Dec 31 11:37:31 2024 +0000

    fgraph: Add READ_ONCE() when accessing fgraph_array[]

    In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[]
    elements, which are fgraph_ops. The loop checks if an element is a
    fgraph_stub to prevent using a fgraph_stub afterward.

    However, if the compiler reloads fgraph_array[] after this check, it might
    race with an update to fgraph_array[] that introduces a fgraph_stub. This
    could result in the stub being processed, but the stub contains a null
    "func_hash" field, leading to a NULL pointer dereference.

    To ensure that the gops compared against the fgraph_stub matches the gops
    processed later, add a READ_ONCE(). A similar patch appears in commit
    63a8dfb ("function_graph: Add READ_ONCE() when accessing fgraph_array[]").

    Cc: stable@vger.kernel.org
    Fixes: 37238ab ("ftrace/function_graph: Pass fgraph_ops to function graph callbacks")
    Link: https://lore.kernel.org/20241231113731.277668-1-zilin@seu.edu.cn
    Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
    Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>

Signed-off-by: Jerome Marchand <jmarchan@redhat.com>

Author: jeromemarchand

kernel/trace/fgraph.c

@@ -802,7 +802,7 @@ static unsigned long __ftrace_return_to_handler(struct fgraph_ret_regs *ret_regs
 #endif
 	{
 		for_each_set_bit(i, &bitmap, sizeof(bitmap) * BITS_PER_BYTE) {
-			struct fgraph_ops *gops = fgraph_array[i];
+			struct fgraph_ops *gops = READ_ONCE(fgraph_array[i]);
 
 			if (gops == &fgraph_stub)
 				continue;