CVE-2025-21767

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context<br /> <br /> The following bug report happened with a PREEMPT_RT kernel:<br /> <br /> BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48<br /> in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog<br /> preempt_count: 1, expected: 0<br /> RCU nest depth: 0, expected: 0<br /> get_random_u32+0x4f/0x110<br /> clocksource_verify_choose_cpus+0xab/0x1a0<br /> clocksource_verify_percpu.part.0+0x6b/0x330<br /> clocksource_watchdog_kthread+0x193/0x1a0<br /> <br /> It is due to the fact that clocksource_verify_choose_cpus() is invoked with<br /> preemption disabled. This function invokes get_random_u32() to obtain<br /> random numbers for choosing CPUs. The batched_entropy_32 local lock and/or<br /> the base_crng.lock spinlock in driver/char/random.c will be acquired during<br /> the call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot<br /> be acquired in atomic context.<br /> <br /> Fix this problem by using migrate_disable() to allow smp_processor_id() to<br /> be reliably used without introducing atomic context. preempt_disable() is<br /> then called after clocksource_verify_choose_cpus() but before the<br /> clocksource measurement is being run to avoid introducing unexpected<br /> latency.