More correctly handle I²C exec ioctls with both a command and write data

phase. Previously the data phase of ioctl writes was sending uninitialized
kernel stack to the addressed device.

sys/dev/i2c/i2c.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: i2c.c,v 1.45 2014/12/07 00:32:35 jmcneill Exp $	*/
+/*	$NetBSD: i2c.c,v 1.46 2015/01/22 17:56:35 jakllsch Exp $	*/
 
 /*
  * Copyright (c) 2003 Wasabi Systems, Inc.
@@ -40,7 +40,7 @@
 #endif
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: i2c.c,v 1.45 2014/12/07 00:32:35 jmcneill Exp $");
+__KERNEL_RCSID(0, "$NetBSD: i2c.c,v 1.46 2015/01/22 17:56:35 jakllsch Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -525,6 +525,13 @@ iic_ioctl_exec(struct iic_softc *sc, i2c_ioctl_exec_t *iie, int flag)
 		}
 	}
 
+	if (iie->iie_buf != NULL && I2C_OP_WRITE_P(iie->iie_op)) {
+		error = copyin(iie->iie_buf, buf, iie->iie_buflen);
+		if (error) {
+			return error;
+		}
+	}
+
 	iic_acquire_bus(ic, 0);
 	error = iic_exec(ic, iie->iie_op, iie->iie_addr, cmd, iie->iie_cmdlen,
 	    buf, iie->iie_buflen, 0);
@@ -542,7 +549,7 @@ iic_ioctl_exec(struct iic_softc *sc, i2c_ioctl_exec_t *iie, int flag)
 	if (error)
 		return error;
 
-	if (iie->iie_buf)
+	if (iie->iie_buf != NULL && I2C_OP_READ_P(iie->iie_op))
 		error = copyout(buf, iie->iie_buf, iie->iie_buflen);
 
 	return error;