SMBus protocol sends offset and length before the actual data that is transferred. So we need to skip two bytes rather than one.
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> --- hw/smbus.c | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) diff --git a/hw/smbus.c b/hw/smbus.c index 77626f3..4ff2342 100644 --- a/hw/smbus.c +++ b/hw/smbus.c @@ -59,9 +59,12 @@ static void smbus_do_write(SMBusDevice *dev) } else { dev->command = dev->data_buf[0]; DPRINTF("Command %d len %d\n", dev->command, dev->data_len - 1); + if (dev->data_buf[1] > dev->data_len - 2) { + fprintf(stderr, "SMBus data transfer overrun!\n"); + } if (sc->write_data) { - sc->write_data(dev, dev->command, dev->data_buf + 1, - dev->data_len - 1); + sc->write_data(dev, dev->command, dev->data_buf + 2, + MIN(dev->data_buf[1], dev->data_len - 2)); } } } -- 1.7.7.6