CVE-2025-22094

In the Linux kernel, the following vulnerability has been resolved:

powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'

Commit 176cda0619b6 ("powerpc/perf: Add perf interface to expose vpa counters") introduced 'vpapmu' to expose Book3s-HV nested APIv2 provided L1<->L2 context switch latency counters to L1 user-space via perf-events. However the newly introduced PMU named 'vpapmu' doesn't assign ownership of the PMU to the module 'vpapmu'. Consequently the module 'vpapmu' can be unloaded while one of the perf-events are still active, which can lead to kernel oops and panic of the form below on a Pseries-LPAR:

BUG: Kernel NULL pointer dereference on read at 0x00000058 <snip> NIP [c000000000506cb8] eventschedout+0x40/0x258 LR [c00000000050e8a4] _perfremovefromcontext+0x7c/0x2b0 Call Trace: [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (unreliable) [c00000025fc3fc80] [fffffffffffffee0] 0xfffffffffffffee0 [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120 <snip> Kernel panic - not syncing: Aiee, killing interrupt handler!

Fix this by adding the module ownership to 'vpapmu' so that the module 'vpapmu' is ref-counted and prevented from being unloaded when perf-events are initialized.