Re: Re: Re: [usb-storage] Re:Re:[PATCH] usb: storage: Fix `us->iobuf` size for BOT transmission to prevent memory overflow

[Alan Stern]

On Sat, Mar 15, 2025 at 07:20:37PM +0800, daixin_tkzc wrote:
> I'm sorry you may have misunderstood me.
> 
> 
> HCTSIZ register only reflects the transfer size for the Host Channel (between host and device). The dwc_otg manual explains it as follows：
> Non-Scatter/Gather DMA Mode:
> Transfer Size (XferSize)
> For an OUT, this field is the number of data bytes the host sends 
> during the transfer.
> For an IN, this field is the buffer size that the application has 
> Reserved for the transfer. The application is expected to program 
> this field as an integer multiple of the maximum packet size for IN 
> transactions (periodic and non-periodic).

In that case, the dwc_otg driver needs to use a 512-byte bounce buffer.  

The driver must _guarantee_ that no more than 13 bytes will be written 
to the URB's transfer_buffer if the URB's transfer_length is 13.  If the 
hardware cannot provide this guarantee then the driver must work around 
the hardware's deficiencies.  That is how the kernel's USB API is 
designed.

Alan Stern