>>> ! 				NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF,
>>> ! 				    UIO_USERSPACE, "/dev/console", p);
>>> ! 				error = namei(&nd);
>> Um, shouldn't that be UIO_SYSSPACE?
> why?  i basically copied the code from access(2).

Because when access() calls NDINIT, it passes an address supplied by
the process which invoked the syscall.  If you were to arrange for the
"/dev/console" string to be in user-land address space, UIO_USERSPACE
would be entirely correct.  But since it's in the kernel text segment,
user-land can't access it and namei() will - or at least should -
return EFAULT since you told it (by passing UIO_USERSPACE) that it is
supposed to check that the string is at an address which is legal for
the process you passed to access.

Of course, this is a run-time check, and you did say you hadn't tested
it, which is why I felt confident enough to toss out my remark without
testing it myself either.  I will happily defer to anyone who _has_
actually tested it. :-)

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu