Now maybe copy_to_user() should *always* work this way, but I’m not
Certainly put_user() shouldn’t — the result wouldn’t even be well defined. And I’m
unconvinced that it makes much sense for the majority of copy_to_user() callers
that are also directly accessing the source structure.
One case that might work is copy_to_user() that's copying from the kernel page cache
to the user in response to a read(2) system call. Action would be to check if we could
re-read from the file system to a different page. If not, return -EIO. Either way ditch
poison page from the page cache.