CVE-2025-40166

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/xe/guc: Check GuC running state before deregistering exec queue<br /> <br /> In normal operation, a registered exec queue is disabled and<br /> deregistered through the GuC, and freed only after the GuC confirms<br /> completion. However, if the driver is forced to unbind while the exec<br /> queue is still running, the user may call exec_destroy() after the GuC<br /> has already been stopped and CT communication disabled.<br /> <br /> In this case, the driver cannot receive a response from the GuC,<br /> preventing proper cleanup of exec queue resources. Fix this by directly<br /> releasing the resources when GuC is not running.<br /> <br /> Here is the failure dmesg log:<br /> "<br /> [ 468.089581] ---[ end trace 0000000000000000 ]---<br /> [ 468.089608] pci 0000:03:00.0: [drm] *ERROR* GT0: GUC ID manager unclean (1/65535)<br /> [ 468.090558] pci 0000:03:00.0: [drm] GT0: total 65535<br /> [ 468.090562] pci 0000:03:00.0: [drm] GT0: used 1<br /> [ 468.090564] pci 0000:03:00.0: [drm] GT0: range 1..1 (1)<br /> [ 468.092716] ------------[ cut here ]------------<br /> [ 468.092719] WARNING: CPU: 14 PID: 4775 at drivers/gpu/drm/xe/xe_ttm_vram_mgr.c:298 ttm_vram_mgr_fini+0xf8/0x130 [xe]<br /> "<br /> <br /> v2: use xe_uc_fw_is_running() instead of xe_guc_ct_enabled().<br /> As CT may go down and come back during VF migration.<br /> <br /> (cherry picked from commit 9b42321a02c50a12b2beb6ae9469606257fbecea)