CVE-2022-49744

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/uffd: fix pte marker when fork() without fork event<br /> <br /> Patch series "mm: Fixes on pte markers".<br /> <br /> Patch 1 resolves the syzkiller report from Pengfei.<br /> <br /> Patch 2 further harden pte markers when used with the recent swapin error<br /> markers. The major case is we should persist a swapin error marker after<br /> fork(), so child shouldn&amp;#39;t read a corrupted page.<br /> <br /> <br /> This patch (of 2):<br /> <br /> When fork(), dst_vma is not guaranteed to have VM_UFFD_WP even if src may<br /> have it and has pte marker installed. The warning is improper along with<br /> the comment. The right thing is to inherit the pte marker when needed, or<br /> keep the dst pte empty.<br /> <br /> A vague guess is this happened by an accident when there&amp;#39;s the prior patch<br /> to introduce src/dst vma into this helper during the uffd-wp feature got<br /> developed and I probably messed up in the rebase, since if we replace<br /> dst_vma with src_vma the warning &amp; comment it all makes sense too.<br /> <br /> Hugetlb did exactly the right here (copy_hugetlb_page_range()). Fix the<br /> general path.<br /> <br /> Reproducer:<br /> <br /> https://github.com/xupengfe/syzkaller_logs/blob/main/221208_115556_copy_page_range/repro.c<br /> <br /> Bugzilla report: https://bugzilla.kernel.org/show_bug.cgi?id=216808