Stop relying on validate functions, i.e. adding copy_from_user etc.

The kernel should neither use &T nor &mut T when accessing user data, such as slices passed as syscall arguments. Not only may the compiler rely on invariants that cannot be upheld (other threads sharing the same address space, can write to both &[u8] and &mut [u8], which may be UB), and pages may even be remapped in between, possibly causing all sorts of problems. Page faults can thus occur in kernel mode, even after Ok has been returned from a validate function. Letting the processor check that memory is valid, is also generally faster than manually checking a range of pages.

The solution would be to wrap user pointers in some newtype, check that address ranges are canonical and only usermode, and define certain functions that can access user memory, such as copy_from_user, copy_to_user, read_user_word, read_user_word_atomic, write_user_word, etc. The kernel page fault handler can thus manually cause those functions to return with EFAULT, should the memory not be properly mapped.

Adding x86_64 SMAP support would also be trivial.