... >>> What ensures that the mapping referenced by src can't be changed >>> to an entirely different one (with a different vm_file) between >>> the time of check (here) and the time of use? >> >> Nothing. Holding mmap_sem across copy_from_user() would suffice, >> correct? > > I don't believe you can do that; copy_from_user() could stall > indefinitely. Not sure how to do what you want here or if it requires > changing the interface. Holding mmap_sem for *read* is OK since you can handle page faults underneath it. Holding it for write is not. But, holding it for read also locks out the writers which might be messing with vm_file or other parts of the VMA. Holding it for read for a long time is OK. It's obviously not ideal, but it is something we do widely today.
