Re: [PATCH] scsi: ufs: core: Fix RPMB region size detection for UFS 2.2

Next message: Tommaso Merciai: "[PATCH v7 4/4] reset: rzv2h-usb2phy: Add support for VBUS mux controller registration"
Previous message: Tommaso Merciai: "[PATCH v7 3/4] reset: rzv2h-usb2phy: Keep PHY clock enabled for entire device lifetime"
In reply to: Alexey Charkov: "[PATCH] scsi: ufs: core: Fix RPMB region size detection for UFS 2.2"
Next in thread: Alexey Charkov: "Re: [PATCH] scsi: ufs: core: Fix RPMB region size detection for UFS 2.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Bean Huo

Date: Thu Jan 29 2026 - 11:57:23 EST

On Thu, 2026-01-29 at 11:38 +0400, Alexey Charkov wrote:
> +                       hba->dev_info.rpmb_region_size[0] =
> +                               get_unaligned_be64(desc_buf
> +                                       +
> RPMB_UNIT_DESC_PARAM_LOGICAL_BLK_COUNT)
> +                               <<
> desc_buf[RPMB_UNIT_DESC_PARAM_LOGICAL_BLK_SIZE]
> +                               >> 17; /* convert to 128 kBytes units */
> +               }
>         }

Hi Alexey,

thanks for your fix, I didn't notice there is UFS 2.x on the market which will
use UFS OP-TEE RPMB framework.

here is potential u8 Overflow, since for the UFS3.x+, it is u8 in unit
descriptor, but

The calculation can overflow for larger RPMB regions (>32MB):
- A u8 can only represent up to 255 × 128KB = ~32MB
- The shift result is assigned directly without bounds checking

Kind regards,
Bean