> 	-       error = copyout(bp, SCARG(uap, bufp), lenused);
> 	+       error = 0;
> 	+       bcopy (bp, SCARG(uap, bufp), lenused);

Won't that make it illegal to call from user space instead?
or more likely a way of allowing a user to:
- crash the kernel by passing a illegal (even paged out or cow) address
- overwrite kernel memory bu passing a kernel address

	David

-- 
David Laight: david@l8s.co.uk