I think that access validation currently done by msync(2) is not enough
for rare case of unaligned access at the end of the page with next page
unmapped.
Also, mincore(2) looks like as a better way to test the presence of a
mapping at some address. I use the patch below.
The reason why I picked msync instead of mincore had to do with minor faults. If the address can be accessed with a minor fault, mincore returns false and we end up doing validation that was not strictly necessary.
The linux kernel implementation of mincore() involves:
/* ..and we need to be passed a valid user-space range */
if (!access_ok(VERIFY_READ, (void __user *) start, len))
return -ENOMEM;
In the ideal world, what validate_mem() wants is the access_ok(VERIFY_READ,..) syscall.
Perhaps we can ignore the output value (mvec) and just test for errno == ENOMEM. Wait, that's what your patch is doing (mostly) :)
Another corner case we need to test: check if the technique works for PROT_NONE regions (msync says its ok to access when in fact it isn't safe).
-Arun