In the Linux kernel, the following vulnerability has been resolved:
clocksource/drivers/sh_tmu: Always leave device running after probe
The TMU device can be used as both a clocksource and a clockevent
provider. The driver tries to be smart and power itself on and off, as
well as enabling and disabling its clock when it's not in operation.
This behavior is slightly altered if the TMU is used as an early
platform device in which case the device is left powered on after probe,
but the clock is still enabled and disabled at runtime.
This has worked for a long time, but recent improvements in PREEMPT_RT
and PROVE_LOCKING have highlighted an issue. As the TMU registers itself
as a clockevent provider, clockevents_register_device(), it needs to use
raw spinlocks internally as this is the context of which the clockevent
framework interacts with the TMU driver. However in the context of
holding a raw spinlock the TMU driver can't really manage its power
state or clock with calls to pm_runtime_*() and clk_*() as these calls
end up in other platform drivers using regular spinlocks to control
power and clocks.
This mix of spinlock contexts trips a lockdep warning.
=============================
[ BUG: Invalid wait context ]
6.18.0-arm64-renesas-09926-gee959e7c5e34 #1 Not tainted
-----------------------------
swapper/0/0 is trying to lock:
ffff000008c9e180 (&dev->power.lock){-...}-{3:3}, at: __pm_runtime_resume+0x38/0x88
other info that might help us debug this:
context-{5:5}
1 lock held by swapper/0/0:
ccree e6601000.crypto: ARM CryptoCell 630P Driver: HW version 0xAF400001/0xDCC63000, Driver version 5.0
#0: ffff8000817ec298
ccree e6601000.crypto: ARM ccree device initialized
(tick_broadcast_lock){-...}-{2:2}, at: __tick_broadcast_oneshot_control+0xa4/0x3a8
stack backtrace:
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.18.0-arm64-renesas-09926-gee959e7c5e34 #1 PREEMPT
Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)
Call trace:
show_stack+0x14/0x1c (C)
dump_stack_lvl+0x6c/0x90
dump_stack+0x14/0x1c
__lock_acquire+0x904/0x1584
lock_acquire+0x220/0x34c
_raw_spin_lock_irqsave+0x58/0x80
__pm_runtime_resume+0x38/0x88
sh_tmu_clock_event_set_oneshot+0x84/0xd4
clockevents_switch_state+0xfc/0x13c
tick_broadcast_set_event+0x30/0xa4
__tick_broadcast_oneshot_control+0x1e0/0x3a8
tick_broadcast_oneshot_control+0x30/0x40
cpuidle_enter_state+0x40c/0x680
cpuidle_enter+0x30/0x40
do_idle+0x1f4/0x280
cpu_startup_entry+0x34/0x40
kernel_init+0x0/0x130
do_one_initcall+0x0/0x230
__primary_switched+0x88/0x90
For non-PREEMPT_RT builds this is not really an issue, but for
PREEMPT_RT builds where normal spinlocks can sleep this might be an
issue. Be cautious and always leave the power and clock running after
probe.
A Linux kernel vulnerability in the sh_tmu clocksource driver allows improper power management of the TMU device, potentially causing system instability when used as a clocksource or clockevent provider. The issue manifests when PREEMPT_RT and PROVE_LOCKING features are enabled, affecting real-time kernel operations.
ثغرة في برنامج تشغيل sh_tmu بنواة Linux تتعلق بإدارة الطاقة والساعة للجهاز المستخدم كمصدر ساعة وموفر أحداث ساعة. المشكلة تظهر عند استخدام ميزات PREEMPT_RT و PROVE_LOCKING، مما قد يؤثر على استقرار النظام في العمليات الحساسة للوقت.
A vulnerability in the Linux kernel's sh_tmu clocksource driver affects power management of the TMU device used for timekeeping and clock events. This issue becomes apparent with real-time kernel features enabled, potentially impacting system stability in time-critical operations.
Update the Linux kernel to the latest patched version that resolves the sh_tmu power management issue. Ensure the TMU device remains powered on after probe completion and properly manages clock enabling/disabling at runtime. Apply kernel security patches from your distribution's repository.
قم بتحديث نواة Linux إلى أحدث إصدار مصحح يحل مشكلة إدارة الطاقة في sh_tmu. تأكد من بقاء جهاز TMU مشغلاً بعد اكتمال الفحص وإدارة تفعيل/تعطيل الساعة بشكل صحيح في وقت التشغيل. طبق تصحيحات أمان النواة من مستودع التوزيعة الخاصة بك.