...
> +/* CXL r3.0 Section 7.6.7.1.2: Get Physical Port State (Opcode 5101h) */
> +static CXLRetCode cmd_get_physical_port_state(const struct cxl_cmd *cmd,
> + uint8_t *payload_in,
> + size_t len_in,
> + uint8_t *payload_out,
> + size_t *len_out,
> + CXLCCI *cci)
> +{
> + /* CXL r3.0 Table 7-18: Get Physical Port State Request Payload */
> + struct cxl_fmapi_get_phys_port_state_req_pl {
> + uint8_t num_ports;
> + uint8_t ports[];
> + } QEMU_PACKED *in;
> +
> + /*
> + * CXL r3.0 Table 7-20: Get Physical Port State Port Information Block
> + * Format
> + */
> + struct cxl_fmapi_port_state_info_block {
> + uint8_t port_id;
> + uint8_t config_state;
> + uint8_t connected_device_cxl_version;
> + uint8_t rsv1;
> + uint8_t connected_device_type;
> + uint8_t port_cxl_version_bitmask;
> + uint8_t max_link_width;
> + uint8_t negotiated_link_width;
> + uint8_t supported_link_speeds_vector;
> + uint8_t max_link_speed;
> + uint8_t current_link_speed;
> + uint8_t ltssm_state;
> + uint8_t first_lane_num;
> + uint16_t link_state;
> + uint8_t supported_ld_count;
> + } QEMU_PACKED;
> +
> + /* CXL r3.0 Table 7-19: Get Physical Port State Response Payload */
> + struct cxl_fmapi_get_phys_port_state_resp_pl {
> + uint8_t num_ports;
> + uint8_t rsv1[3];
> + struct cxl_fmapi_port_state_info_block ports[];
> + } QEMU_PACKED *out;
...
> +
> + pl_size = sizeof(out) + sizeof(*out->ports) * in->num_ports;
In cleaning up up my tests I added a missing check on the pl size.
First term should be sizeof(*out)
> +
> + *len_out = pl_size;
> +
> + return CXL_MBOX_SUCCESS;
> +}
> +
