From: Jeuk Kim <[email protected]> The UFS spec defines the PRDT data byte count as an 18-bit field. This commit masks the value to the lower 18 bits to prevent incorrect transfer lengths and ensure compliance.
Signed-off-by: Jeuk Kim <[email protected]> (cherry picked from commit 289e6a3edf5041a9f96c3fb792845b94b5b3c666) Signed-off-by: Michael Tokarev <[email protected]> diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c index 542f13b10e..4482d7827b 100644 --- a/hw/ufs/ufs.c +++ b/hw/ufs/ufs.c @@ -224,7 +224,8 @@ static MemTxResult ufs_dma_read_prdt(UfsRequest *req) for (uint16_t i = 0; i < prdt_len; ++i) { hwaddr data_dma_addr = le64_to_cpu(prd_entries[i].addr); - uint32_t data_byte_count = le32_to_cpu(prd_entries[i].size) + 1; + uint32_t data_byte_count = + (le32_to_cpu(prd_entries[i].size) & 0x3ffff) + 1; qemu_sglist_add(req->sg, data_dma_addr, data_byte_count); req->data_len += data_byte_count; } -- 2.47.3
