From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44627)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <marc.mari.barcelo@gmail.com>) id 1WtvNN-0003U5-2N
	for qemu-devel@nongnu.org; Mon, 09 Jun 2014 04:56:30 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <marc.mari.barcelo@gmail.com>) id 1WtvND-0002t8-Vq
	for qemu-devel@nongnu.org; Mon, 09 Jun 2014 04:56:20 -0400
Received: from mail-wg0-x22d.google.com ([2a00:1450:400c:c00::22d]:56292)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <marc.mari.barcelo@gmail.com>) id 1WtvND-0002t4-Of
	for qemu-devel@nongnu.org; Mon, 09 Jun 2014 04:56:11 -0400
Received: by mail-wg0-f45.google.com with SMTP id m15so5338966wgh.28
	for <qemu-devel@nongnu.org>; Mon, 09 Jun 2014 01:56:10 -0700 (PDT)
From: =?UTF-8?q?Marc=20Mar=C3=AD?= <marc.mari.barcelo@gmail.com>
Date: Mon,  9 Jun 2014 10:55:31 +0200
Message-Id: <1402304133-29620-2-git-send-email-marc.mari.barcelo@gmail.com>
In-Reply-To: <1402304133-29620-1-git-send-email-marc.mari.barcelo@gmail.com>
References: <1402304133-29620-1-git-send-email-marc.mari.barcelo@gmail.com>
Subject: [Qemu-devel] [PATCH 1/3] smbus: fix writes
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>, =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>, Stefan Hajnoczi <stefanha@redhat.com>

From: Paolo Bonzini <pbonzini@redhat.com>

SMBus protocol sends offset and length before the actual data that
is transferred.  So we need to skip two bytes rather than one.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i2c/smbus.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/i2c/smbus.c b/hw/i2c/smbus.c
index 6e27ae8..173a533 100644
--- a/hw/i2c/smbus.c
+++ b/hw/i2c/smbus.c
@@ -59,9 +59,12 @@ static void smbus_do_write(SMBusDevice *dev)
     } else {
         dev->command = dev->data_buf[0];
         DPRINTF("Command %d len %d\n", dev->command, dev->data_len - 1);
+        if (dev->data_buf[1] > dev->data_len - 2) {
+            fprintf(stderr, "SMBus data transfer overrun!\n");
+        }
         if (sc->write_data) {
-            sc->write_data(dev, dev->command, dev->data_buf + 1,
-                           dev->data_len - 1);
+            sc->write_data(dev, dev->command, dev->data_buf + 2,
+                           MIN(dev->data_buf[1], dev->data_len - 2));
         }
     }
 }
-- 
1.7.10.4