Unless explicitly paired with access_w/rok() checks, all copy to/from
helpers should implement the safe form, testing for the basic sanity
of the address range.

cobalt_copy_to/from_user() implement the safe call form in replacement
of __xn_safe_copy_to/from_user(). __xn_copy_to/from_user() still
implement the unchecked variant, assuming the address range will be
checked separately.

Drivers should stick with the rtdm_copy_to/from_user() helpers.