Bugme bug 4326: http://bugme.osdl.org/show_bug.cgi?id=4326 reports:

> Problem Description: 
> On executing the systemcall readv with Bad argument
> (iovec->len == -1) it gives out error EFAULT instead of EINVAL 

This is not a serious bug, but is a slight behavior change.  This changeset:

	http://linus.bkbits.net:8080/linux-2.5/cset@4202616998ECZp5x5NfCDbX9JcEG7g?nav=index.html|src/|src/fs|related/fs/read_write.c

does an access_ok() check before the 'len < 0' check, in
do_readv_writev() so it now does an EFAULT instead of EVINAL for the -1
length argument. 

>  	for (seg = 0; seg < nr_segs; seg++) {
...
> +		if (unlikely(!access_ok(vrfy_dir(type), buf, len)))
> +			goto Efault;
>  		if (len < 0)	/* size_t not fitting an ssize_t .. */
>  			goto out;
>  		tot_len += len;

The attached path moves the access check to after the len check, to make
it behave a little more like it did before.

-- Dave