Linux Kernel TMU Driver Improper Power Management Vulnerability

A vulnerability exists in the Linux kernel's TMU (Timer Management Unit) driver, specifically in versions prior to 6.18.0. The issue arises from the driver's handling of power states and clock management when the TMU is registered as a clockevent provider. The driver attempts to intelligently power itself on and off and manage its clock, but recent enhancements in the PREEMPT_RT scheduling and locking verification have exposed a conflict. When the TMU uses raw spinlocks to interact with the clockevent framework, it cannot properly control its power or clock states using the standard runtime power management and clock functions, leading to a mix of spinlock contexts that triggers a locking dependency warning. This problem is particularly relevant for PREEMPT_RT builds, where normal spinlocks can sleep, creating potential issues with how the driver manages its resources.

Impact

The vulnerability can cause a locking dependency warning, indicating an improper handling of wait contexts, which could lead to resource management issues within the kernel.

Reproduction

To reproduce this vulnerability, load the TMU driver on a platform that uses the PREEMPT_RT kernel configuration. The driver will power itself on and off and manage its clock based on its operational state. However, when the TMU is registered as a clockevent provider, it will use raw spinlocks, preventing proper management of its power and clock states. This conflict will trigger a lockdep warning about an invalid wait context, indicating that the driver is not handling its resources correctly under the current spinlock conditions.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version of the kernel to apply the fix.