On 1/15/26 15:53, Jeuk Kim wrote:
The UFS spec defines the PRDT data byte count as an 18-bit field. This
commit masks the value to the lower 18 bits to prevent incorrect
transfer lengths and ensure compliance.
Signed-off-by: Jeuk Kim <[email protected]>
---
hw/ufs/ufs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c
index cab42ae7b6..4ee6755d82 100644
--- a/hw/ufs/ufs.c
+++ b/hw/ufs/ufs.c
@@ -224,7 +224,8 @@ static MemTxResult ufs_dma_read_prdt(UfsRequest *req)
for (uint16_t i = 0; i < prdt_len; ++i) {
hwaddr data_dma_addr = le64_to_cpu(prd_entries[i].addr);
- uint32_t data_byte_count = le32_to_cpu(prd_entries[i].size) + 1;
+ uint32_t data_byte_count =
+ le32_to_cpu(prd_entries[i].size & 0x3ffff) + 1;
qemu_sglist_add(req->sg, data_dma_addr, data_byte_count);
req->data_len += data_byte_count;
}
This fails on a big-endian host:
https://gitlab.com/qemu-project/qemu/-/jobs/12725280508
You need to move the mask outside of the le32_to_cpu.
r~
