>
> For RPMB, block count is a non-zero 16 bit wide number. Reject invalid
Actually this is not what limits the number of rpmb frames to be read,
As those are not indicated in the block_count field of the rpmb frame,
But in CMD23.
While it is true that by eMMCv52 RPMB_SIZE_MULT max value is 0x80,
Which limits the RPMB are to 16M, or 65535 rpmb frames,
I don't think that it is up to the host to validate the rpmb frame content -
The device will return the appropriate error should such an error occur.
Also, specs are changing from time to time, so hard-coding 65535 is less appropriate.
> values from userspace instead of just masking the unneeded bits. Tested
> with a modified 'mmc-utils' package.
>
> Signed-off-by: Wolfram Sang <wsa+renesas@xxxxxxxxxxxxxxxxxxxx>
> ---
> drivers/mmc/core/block.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> index c35b5b08bb33..9e0f7e4aa8c6 100644
> --- a/drivers/mmc/core/block.c
> +++ b/drivers/mmc/core/block.c
> @@ -550,6 +550,9 @@ static int __mmc_blk_ioctl_cmd(struct mmc_card
> *card, struct mmc_blk_data *md,
> }
>
> if (idata->rpmb) {
> + if (data.blocks > 65535 || !data.blocks)
> + return -EINVAL;
> +
Other than my comment above, this series looks fine to me.
Thanks,
Avri
