> Now maybe copy_to_user() should *always* work this way, but I’m not convinced. > Certainly put_user() shouldn’t — the result wouldn’t even be well defined. And I’m > unconvinced that it makes much sense for the majority of copy_to_user() callers > that are also directly accessing the source structure. One case that might work is copy_to_user() that's copying from the kernel page cache to the user in response to a read(2) system call. Action would be to check if we could re-read from the file system to a different page. If not, return -EIO. Either way ditch the poison page from the page cache. -Tony
