Commands that return data in rdata don't work as documented. As an example, SMB_READW is documented as returning the word read from the device in rdata.word. However, this doesn’t happen, because the ioctl request value is defined using _IOW(), so the kernel doesn’t copy the data it read back out. In prior versions, the structure had only a pointer to the data, and the smb.c code used copyout() to transfer the data back to userland. A temporary work-around is to set rbuf to point to rdata.word and rcount to two.
Could you please test and review a patch in https://reviews.freebsd.org/D8430 ? Thank you.
A commit references this bug: Author: avg Date: Fri Nov 11 14:41:02 UTC 2016 New revision: 308527 URL: https://svnweb.freebsd.org/changeset/base/308527 Log: smb: fix SMB_READB, SMB_READW, SMB_PCALL to work as documented Previously, those ioctls were defined as 'in' only, so rdata.byte and rdata.word were never updated in the userland. The read data went only to rbuf if it was provided. Thus, consumers were forced to always use it. Now the ioctls are marked as in-out. Compatibility handlers are provided for old ioctls. PR: 213481 Reported by: Lewis Donzis <lew@perftech.com> MFC after: 2 weeks Relnotes: maybe Differential Revision: https://reviews.freebsd.org/D8430 Changes: head/sys/dev/smbus/smb.c head/sys/dev/smbus/smb.h