sendfile.2: Document more ERRORS

sendfile(2) can return more error codes than are
documented in sendfile(2). This patch adds some details:

    - EINVAL can be returned if count is negative; from function
      rw_verify_area in fs/read_write.c, called from do_sendfile,
      called from sys_sendfile.
    - EOVERFLOW can be returned if count is too large; from
      rw_verify_area, called from do_sendfile, called from
      sys_sendfile, or directly from do_sendfile in one case
      (pos + count > max size of either in_fd or out_fd).
    - ESPIPE can be returned if offset is not a NULL pointer but
      the input file does not support FMODE_PREAD;
      from do_sendfile, called from sys_sendfile.

Signed-off-by: Laurent Georget <laurent.georget@supelec.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man2/sendfile.2

@@ -136,7 +136,10 @@ Bad address.
 Descriptor is not valid or locked, or an
 .BR mmap (2)-like
 operation is not available for
-.IR in_fd .
+.IR in_fd ,
+or
+.I count
+is negative.
 .TP
 .B EINVAL
 .I out_fd
@@ -153,6 +156,16 @@ Unspecified error while reading from
 .B ENOMEM
 Insufficient memory to read from
 .IR in_fd .
+.TP
+.B EOVERFLOW
+.I count
+is too large, the operation would result in exceeding the maximum size of either
+the input file or the output file.
+.TP
+.B ESPIPE
+.I offset
+is not NULL but the input file is not
+.BR seek (2)-able.
 .SH VERSIONS
 .BR sendfile ()
 first appeared in Linux 2.2.