Bug 213481

Summary: SMbus ioctls don't transfer the struct smbcmd's rdata back to userland
Product: Base System Reporter: Lewis Donzis <lew>
Component: kernAssignee: Andriy Gapon <avg>
Status: Closed FIXED    
Severity: Affects Some People Keywords: patch
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description Lewis Donzis 2016-10-14 16:03:03 UTC 
Commands that return data in rdata don't work as documented.

As an example, SMB_READW is documented as returning the word read from the device in rdata.word.  However, this doesn’t happen, because the ioctl request value is defined using _IOW(), so the kernel doesn’t copy the data it read back out.

In prior versions, the structure had only a pointer to the data, and the smb.c code used copyout() to transfer the data back to userland.

A temporary work-around is to set rbuf to point to rdata.word and rcount to two.
Comment 1 Andriy Gapon freebsd_committer freebsd_triage 2016-11-03 08:17:06 UTC 
Could you please test and review a patch in https://reviews.freebsd.org/D8430 ?
Thank you.
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-11-11 14:41:12 UTC 
A commit references this bug:

Author: avg
Date: Fri Nov 11 14:41:02 UTC 2016
New revision: 308527
URL: https://svnweb.freebsd.org/changeset/base/308527

Log:
  smb: fix SMB_READB, SMB_READW, SMB_PCALL to work as documented

  Previously, those ioctls were defined as 'in' only, so rdata.byte and
  rdata.word were never updated in the userland.  The read data went only
  to rbuf if it was provided.  Thus, consumers were forced to always use it.

  Now the ioctls are marked as in-out.
  Compatibility handlers are provided for old ioctls.

  PR:		213481
  Reported by:	Lewis Donzis <lew@perftech.com>
  MFC after:	2 weeks
  Relnotes:	maybe
  Differential Revision: https://reviews.freebsd.org/D8430

Changes:
  head/sys/dev/smbus/smb.c
  head/sys/dev/smbus/smb.h