> "The copy functions return 0 on success or EFAULT if a bad address is
> encountered."
> 
> I read this to mean that if an invalid user address is specified (e.g. a
> kernel space address is used instead) that EFAULT should be returned.
> 

In these cases you have two options:

	1) Validate all input arguments before using them
	2) Just use the supplied values, but make sure you catch the errors

If you opt for (1) you'd have to validate the entire address range presented,
not just the start address, e.g [addr, addr+len> including any overflow
situations.

copyin et.al. are designed to use method (2), since it's much easier and
quicker in the no-fail case.

I guess the manual page could explicitly state that passing a 0 length
argument shall cause "no bad address to be encountered".

-pk