Re: [PATCH] scsi: ufs: core: Fix RPMB region size detection for UFS 2.2

[Bean Huo]

On Thu, 2026-01-29 at 21:10 +0400, Alexey Charkov wrote:
> On Thu, Jan 29, 2026 at 8:53 PM Bean Huo <huobean@xxxxxxxxx> wrote:
> > 
> > On Thu, 2026-01-29 at 11:38 +0400, Alexey Charkov wrote:
> > > +                       hba->dev_info.rpmb_region_size[0] =
> > > +                               get_unaligned_be64(desc_buf
> > > +                                       +
> > > RPMB_UNIT_DESC_PARAM_LOGICAL_BLK_COUNT)
> > > +                               <<
> > > desc_buf[RPMB_UNIT_DESC_PARAM_LOGICAL_BLK_SIZE]
> > > +                               >> 17; /* convert to 128 kBytes units */
> > > +               }
> > >          }
> > 
> > Hi Alexey,
> > 
> > thanks for your fix, I didn't notice there is UFS 2.x on the market which
> > will
> > use UFS OP-TEE RPMB framework.
> 
> Hi Bean, it turns out many of the UFS modules for Rockchip RK3576
> based devices are 2.2. I'm poking around the OP-TEE support on that
> platform, and discovered that the existing driver didn't see the RPMB
> at all, spent quite a bit of time trying to figure it out before
> spotting the difference between the two spec versions :)
> 
> > here is potential u8 Overflow, since for the UFS3.x+, it is u8 in unit
> > descriptor, but
> > 
> > 
> > The calculation can overflow for larger RPMB regions (>32MB):
> >    - A u8 can only represent up to 255 × 128KB = ~32MB
> >    - The shift result is assigned directly without bounds checking
> 
> The spec says it can only be up to 16MB maximum (see section 12.4.3.1
> RPMB Resources), so it should always fit. Happy to add a comment about
> that.
> 
> Best regards,
> Alexey

Hi Alexey,

Thanks for the clarification on the 16MB RPMB limit - that addresses the
overflow concern.


In your above operation, why not use SZ_128K to avoid the magic number?
BTW, please update your comment.



Kind regards,
Bean