Re: Re: Re: [usb-storage] Re:Re:[PATCH] usb: storage: Fix `us->iobuf` size for BOT transmission to prevent memory overflow

From: Alan Stern
Date: Sat Mar 15 2025 - 14:40:59 EST


On Sat, Mar 15, 2025 at 07:20:37PM +0800, daixin_tkzc wrote:
> I'm sorry you may have misunderstood me.
>
>
> HCTSIZ register only reflects the transfer size for the Host Channel (between host and device). The dwc_otg manual explains it as follows:
> Non-Scatter/Gather DMA Mode:
> Transfer Size (XferSize)
> For an OUT, this field is the number of data bytes the host sends
> during the transfer.
> For an IN, this field is the buffer size that the application has
> Reserved for the transfer. The application is expected to program
> this field as an integer multiple of the maximum packet size for IN
> transactions (periodic and non-periodic).

In that case, the dwc_otg driver needs to use a 512-byte bounce buffer.

The driver must _guarantee_ that no more than 13 bytes will be written
to the URB's transfer_buffer if the URB's transfer_length is 13. If the
hardware cannot provide this guarantee then the driver must work around
the hardware's deficiencies. That is how the kernel's USB API is
designed.

Alan Stern