lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAKTNdwG=He3iJ8cPo4fFbcEwQQRrt_SGzoviMhi2a3kMXAO8hA@mail.gmail.com>
Date: Thu, 29 Jan 2026 21:10:13 +0400
From: Alexey Charkov <alchark@...pper.net>
To: Bean Huo <huobean@...il.com>
Cc: Alim Akhtar <alim.akhtar@...sung.com>, Avri Altman <avri.altman@....com>, 
	Bart Van Assche <bvanassche@....org>, 
	"James E.J. Bottomley" <James.Bottomley@...senpartnership.com>, 
	"Martin K. Petersen" <martin.petersen@...cle.com>, Bean Huo <beanhuo@...ron.com>, 
	Can Guo <can.guo@....qualcomm.com>, linux-scsi@...r.kernel.org, 
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] scsi: ufs: core: Fix RPMB region size detection for UFS 2.2

On Thu, Jan 29, 2026 at 8:53 PM Bean Huo <huobean@...il.com> wrote:
>
> On Thu, 2026-01-29 at 11:38 +0400, Alexey Charkov wrote:
> > +                       hba->dev_info.rpmb_region_size[0] =
> > +                               get_unaligned_be64(desc_buf
> > +                                       +
> > RPMB_UNIT_DESC_PARAM_LOGICAL_BLK_COUNT)
> > +                               <<
> > desc_buf[RPMB_UNIT_DESC_PARAM_LOGICAL_BLK_SIZE]
> > +                               >> 17; /* convert to 128 kBytes units */
> > +               }
> >         }
>
> Hi Alexey,
>
> thanks for your fix, I didn't notice there is UFS 2.x on the market which will
> use UFS OP-TEE RPMB framework.

Hi Bean, it turns out many of the UFS modules for Rockchip RK3576
based devices are 2.2. I'm poking around the OP-TEE support on that
platform, and discovered that the existing driver didn't see the RPMB
at all, spent quite a bit of time trying to figure it out before
spotting the difference between the two spec versions :)

> here is potential u8 Overflow, since for the UFS3.x+, it is u8 in unit
> descriptor, but
>
>
> The calculation can overflow for larger RPMB regions (>32MB):
>   - A u8 can only represent up to 255 × 128KB = ~32MB
>   - The shift result is assigned directly without bounds checking

The spec says it can only be up to 16MB maximum (see section 12.4.3.1
RPMB Resources), so it should always fit. Happy to add a comment about
that.

Best regards,
Alexey

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ