There is bug in __copy_user (arch/mips*/lib/memcpy.S). Tested for 2.4.18
kernels, but versions 2.2, 2.4, and 2.5 for both mips and mips64 seems
to have similar bug.
For kernel 2.4.18 and mips
__copy_user returns wrong value if len = 4...7 and dst isn't accessible.
Other versions behave almost the same, just borders differ.
getsockopt/ioctl(fd, *GET*, NULL, sizeof(int))
returns success. Fortunately, they don't write to at address 0.
The following patch seems to be OK for 2.4.18:
* rem = len % NBYTES
beq rem, len, copy_bytes
EXC( LOAD t0, 0(src), l_exc)
ADD src, src, NBYTES
SUB len, len, NBYTES
-EXC( STORE t0, 0(dst), s_exc)
+EXC( STORE t0, 0(dst), s_exc_p1u)
bne rem, len, 1b
ADD dst, dst, NBYTES