[PATCH] hw/ufs: Ensure DBC of PRDT uses only lower 18 bits

Jeuk Kim Wed, 13 Aug 2025 23:07:38 -0700

The UFS spec defines the PRDT data byte count as an 18-bit field. This
commit masks the value to the lower 18 bits to prevent incorrect
transfer lengths and ensure compliance.


Signed-off-by: Jeuk Kim <jeuk20....@samsung.com>
---
 hw/ufs/ufs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c
index 0577747f46..401aca311f 100644
--- a/hw/ufs/ufs.c
+++ b/hw/ufs/ufs.c
@@ -224,7 +224,8 @@ static MemTxResult ufs_dma_read_prdt(UfsRequest *req)
 
     for (uint16_t i = 0; i < prdt_len; ++i) {
         hwaddr data_dma_addr = le64_to_cpu(prd_entries[i].addr);
-        uint32_t data_byte_count = le32_to_cpu(prd_entries[i].size) + 1;
+        uint32_t data_byte_count =
+            le32_to_cpu(prd_entries[i].size & 0x3ffff) + 1;
         qemu_sglist_add(req->sg, data_dma_addr, data_byte_count);
         req->data_len += data_byte_count;
     }
-- 
2.43.0

[PATCH] hw/ufs: Ensure DBC of PRDT uses only lower 18 bits

Reply via email to