[PR] rpmsg: fix struct alignment issue by removing flexible array member [nuttx]

via GitHub Mon, 26 Jan 2026 00:24:12 -0800


CV-Bowen opened a new pull request, #18156:
URL: https://github.com/apache/nuttx/pull/18156


   ## Summary
   
   This PR fixes a memory alignment issue in the rpmsg subsystem that could 
cause pointer mismatch between `rpmsg->rdev` and the transport layer's actual 
rdev address.
   
   ### Problem
   
   The previous implementation used a flexible array member (`rdev[0]`) at the 
end of `struct rpmsg_s`:
   
   ```c
   struct rpmsg_s
   {
     struct rpmsg_device rdev[0];
   };
   ```
   
   Due to automatic 8-byte structure padding, rpmsg->rdev could differ from the 
transport layer's rdev address (e.g., rpmsg_virtio->rvdev.rdev), potentially 
causing memory corruption or incorrect behavior.
   
   ### Solution
   - Remove the rdev[0] flexible array member from struct rpmsg_s
   - Add rpmsg_get_rdev_by_rpmsg() inline helper function that calculates the 
rdev address as (rpmsg + 1), ensuring correct pointer arithmetic regardless of 
structure padding
   - Update all rpmsg->rdev references to use the new helper function
   - Fix rpmsg_virtio_notify_wait() to use the correct metal_container_of macro
   
   ## Impact
   - Stability: Fixes potential memory corruption on platforms with strict 
alignment requirements
   - Compatibility: No API changes, internal implementation only
   - Code Quality: Cleaner separation between rpmsg core and transport layer
   
   ## Testing
   
   Build Configuration:
   cmake -B cmake_out/v8a_server -DBOARD_CONFIG=qemu-armv8a:v8a_server -GNinja
   cmake --build cmake_out/v8a_server
   
   cmake -B cmake_out/v8a_proxy -DBOARD_CONFIG=qemu-armv8a:v8a_proxy -GNinja
   cmake --build cmake_out/v8a_proxy
   
   LOG:
   ```c
   ❯ qemu-system-aarch64 -cpu cortex-a53 -nographic \
   -machine virt,virtualization=on,gic-version=3 \
   -chardev stdio,id=con,mux=on -serial chardev:con \
   -object 
memory-backend-file,discard-data=on,id=shmmem-shmem0,mem-path=/dev/shm/my_shmem0,size=4194304,share=yes
 \
   -device ivshmem-plain,id=shmem0,memdev=shmmem-shmem0,addr=0xb \
   -device virtio-serial-device,bus=virtio-mmio-bus.0 \
   -chardev socket,path=/tmp/rpmsg_port_uart_socket,server=on,wait=off,id=foo \
   -device virtconsole,chardev=foo \
   -mon chardev=con,mode=readline -kernel ./nuttx/cmake_out/v8a_server/nuttx \
   -gdb tcp::7775
   [    0.000000] [ 0] [  INFO] [server] pci_register_rptun_ivshmem_driver: 
Register ivshmem driver, id=0, cpuname=proxy, master=1
   [    0.000000] [ 3] [  INFO] [server] pci_scan_bus: pci_scan_bus for bus 0
   [    0.000000] [ 3] [  INFO] [server] pci_scan_bus: class = 00000600, 
hdr_type = 00000000
   [    0.000000] [ 3] [  INFO] [server] pci_scan_bus: 00:00 [1b36:0008]
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar0 set bad mask
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar1 set bad mask
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar2 set bad mask
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar3 set bad mask
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar4 set bad mask
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar5 set bad mask
   [    0.000000] [ 3] [  INFO] [server] pci_scan_bus: class = 00000200, 
hdr_type = 00000000
   [    0.000000] [ 3] [  INFO] [server] pci_scan_bus: 00:08 [1af4:1000]
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar0: 
mask64=fffffffe 32bytes
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar1: 
mask64=fffffff0 4096bytes
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar2 set bad mask
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar3 set bad mask
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar4: 
mask64=fffffffffffffff0 16384bytes
   [    0.000000] [ 3] [  INFO] [server] pci_scan_bus: class = 00000500, 
hdr_type = 00000000
   [    0.000000] [ 3] [  INFO] [server] pci_scan_bus: 00:58 [1af4:1110]
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar0: 
mask64=fffffff0 256bytes
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar1 set bad mask
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar2: 
mask64=fffffffffffffff0 4194304bytes
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar4 set bad mask
   [    0.000000] [ 3] [  INFO] [server] pci_setup_device: pbar5 set bad mask
   [    0.000000] [ 3] [  INFO] [server] ivshmem_probe: shmem addr=0x10400000 
size=4194304 reg=0x10008000
   [    0.000000] [ 3] [  INFO] [server] rptun_ivshmem_probe: shmem 
addr=0x10400000 size=4194304
   
   NuttShell (NSH) NuttX-12.10.0
   server> [    0.000000] [ 0] [  INFO] [proxy] 
pci_register_rptun_ivshmem_driver: Register ivshmem driver, id=0, 
cpuname=server, master=0
   [    0.000000] [ 3] [  INFO] [proxy] pci_scan_bus: pci_scan_bus for bus 0
   [    0.000000] [ 3] [  INFO] [proxy] pci_scan_bus: class = 00000600, 
hdr_type = 00000000
   [    0.000000] [ 3] [  INFO] [proxy] pci_scan_bus: 00:00 [1b36:0008]
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar0 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar1 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar2 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar3 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar4 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar5 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] pci_scan_bus: class = 00000200, 
hdr_type = 00000000
   [    0.000000] [ 3] [  INFO] [proxy] pci_scan_bus: 00:08 [1af4:1000]
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar0: 
mask64=fffffffe 32bytes
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar1: 
mask64=fffffff0 4096bytes
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar2 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar3 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar4: 
mask64=fffffffffffffff0 16384bytes
   [    0.000000] [ 3] [  INFO] [proxy] pci_scan_bus: class = 00000500, 
hdr_type = 00000000
   [    0.000000] [ 3] [  INFO] [proxy] pci_scan_bus: 00:58 [1af4:1110]
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar0: 
mask64=fffffff0 256bytes
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar1 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar2: 
mask64=fffffffffffffff0 4194304bytes
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar4 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] pci_setup_device: pbar5 set bad mask
   [    0.000000] [ 3] [  INFO] [proxy] ivshmem_probe: shmem addr=0x10400000 
size=4194304 reg=0x10008000
   [    0.000000] [ 3] [  INFO] [proxy] rptun_ivshmem_probe: shmem 
addr=0x10400000 size=4194304
   [    0.000000] [ 3] [  INFO] [proxy] rptun_ivshmem_probe: Start the wdog
   
   server> 
   server> 
   server> uname -a
   NuttX server 12.10.0 ff29c1ca6f9 Jan 26 2026 16:22:34 arm64 qemu-armv8a
   server> rpmsg dump all
   [    0.000000] [ 7] [ EMERG] [server] Local: server Remote: proxy Headrx 7
   [    0.000000] [ 7] [ EMERG] [server] Dump rpmsg info between cpu (master: 
yes)server <==> proxy:
   [    0.000000] [ 7] [ EMERG] [server] rpmsg vq RX:
   [    0.000000] [ 7] [ EMERG] [server] rpmsg vq TX:
   [    0.000000] [ 7] [ EMERG] [server]   rpmsg ept list:
   [    0.000000] [ 7] [ EMERG] [server]     ept NS
   [    0.000000] [ 7] [ EMERG] [server]     ept rpmsg-sensor
   [    0.000000] [ 7] [ EMERG] [server]     ept rpmsg-ping
   [    0.000000] [ 7] [ EMERG] [server]     ept rpmsg-syslog
   [    0.000000] [ 7] [ EMERG] [server]   rpmsg buffer list:
   [    0.000000] [ 7] [ EMERG] [server]     RX buffer, total 8, pending 0
   [    0.000000] [ 7] [ EMERG] [server]     TX buffer, total 8, pending 0
   [    0.000000] [ 7] [ EMERG] [server] Remote: proxy2 state: 1
   [    0.000000] [ 7] [ EMERG] [server] ept NS
   [    0.000000] [ 7] [ EMERG] [server] ept rpmsg-sensor
   [    0.000000] [ 7] [ EMERG] [server] ept rpmsg-ping
   [    0.000000] [ 7] [ EMERG] [server] rpmsg_port queue RX: {used: 0, avail: 
8}
   [    0.000000] [ 7] [ EMERG] [server] rpmsg buffer list:
   [    0.000000] [ 7] [ EMERG] [server] rpmsg_port queue TX: {used: 0, avail: 
8}
   [    0.000000] [ 7] [ EMERG] [server] rpmsg buffer list:
   server> rpmsg ping all 1 1 1 1
   [    0.000000] [ 7] [ EMERG] [server] ping times: 1
   [    0.000000] [ 7] [ EMERG] [server] buffer_len: 1520, send_len: 17
   [    0.000000] [ 7] [ EMERG] [server] avg: 0 s, 16812224 ns
   [    0.000000] [ 7] [ EMERG] [server] min: 0 s, 16812224 ns
   [    0.000000] [ 7] [ EMERG] [server] max: 0 s, 16812224 ns
   [    0.000000] [ 7] [ EMERG] [server] rate: 0.008089 Mbits/sec
   [    0.000000] [ 7] [ EMERG] [server] ping times: 1
   [    0.000000] [ 7] [ EMERG] [server] buffer_len: 2024, send_len: 17
   [    0.000000] [ 7] [ EMERG] [server] avg: 0 s, 7287808 ns
   [    0.000000] [ 7] [ EMERG] [server] min: 0 s, 7287808 ns
   [    0.000000] [ 7] [ EMERG] [server] max: 0 s, 7287808 ns
   [    0.000000] [ 7] [ EMERG] [server] rate: 0.018661 Mbits/sec
   server> 
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[PR] rpmsg: fix struct alignment issue by removing flexible array member [nuttx]

Reply via email to