On Sat, 20 Dec 2025 14:15:19 +0800
Junlong Wang <[email protected]> wrote:
> +static int
> +vf_recv_bar_msg(void *payload, uint16_t len __rte_unused, void *reps_buffer,
> + uint16_t *reps_len, void *eth_dev __rte_unused)
> +{
> + struct zxdh_msg_info *msg_payload = (struct zxdh_msg_info *)payload;
> + uint16_t pcieid = msg_payload->msg_to_vf.pcieid;
> + uint16_t opcode = msg_payload->msg_to_vf.opcode;
> + struct rte_eth_dev *dev = (struct rte_eth_dev *)eth_dev;
eth_dev is used, remove the __rte_unused attribute.
> + struct zxdh_ifc_msg_reply_body_bits *reply_body;
> + reply_body = (struct zxdh_ifc_msg_reply_body_bits *)
> + ZXDH_ADDR_OF(msg_reply_body, reps_buffer, flag);
> + int32_t ret = 0;
> +
> + if (dev == NULL) {
> + PMD_DRV_LOG(ERR, "param invalid, dev is NULL");
> + ret = -2;
> + return ret;
> + }
Since there is a len in the message, why not validate that len ==
sizeof(*msg_payload)
to avoid dereferencing outside of message.
> +
> + switch (opcode) {
> + case ZXDH_SET_VF_LINK_STATE:
> + PMD_DRV_LOG(DEBUG, "PF(pcieid:%d ) set VF's link state",
> pcieid);
> + vf_recv_link_state_msg(dev, &msg_payload->data, reps_buffer,
> reps_len);
> + reply_body->flag[0] = ZXDH_REPS_SUCC;
> + break;
> + default:
> + ZXDH_SET(msg_reply_body, reps_buffer, flag, ZXDH_REPS_INVALID);
> + PMD_DRV_LOG(ERR, "[VF GET MSG FROM PF]--unknown msg opcode:%d",
> opcode);
> + ret = -1;
> + break;
> + }
> + return ret;
> +}
> +
