Linux Kernel Clocksource Vulnerability in PREEMPT_RT Context

A vulnerability in the Linux kernel's clocksource handling has been identified, specifically within PREEMPT_RT kernels. The issue arises because the function 'clocksource_verify_choose_cpus()' is called with preemption disabled, leading to the invocation of 'get_random_u32()' in an atomic context. This situation causes a conflict with the local locks used by the random number generator, which are sleeping locks that cannot be held in atomic context. The vulnerability was revealed through a bug report detailing a 'sleeping function called from invalid context' error, triggered by the 'clocksource_watchdog_kthread' process.

Impact

The vulnerability can lead to improper handling of CPU selection in clocksource management, potentially causing system instability or performance issues.

Remediation

The vulnerability has been addressed by modifying the 'clocksource_verify_choose_cpus()' function to use 'migrate_disable()', allowing for a safe retrieval of CPU information without disrupting the atomic context. This change prevents the introduction of unexpected latency during clocksource measurements.