On Tue, Mar 11, 2025 at 04:41:11PM +0800, Xin Dai wrote: > When the DWC2 controller detects a packet Babble Error, where a device > transmits more data over USB than the host controller anticipates for a > transaction. It follows this process: > > 1. The interrupt handler marks the transfer result of the URB as > `OVERFLOW` and returns it to the USB storage driver. > 2. The USB storage driver interprets the data phase transfer result of > the BOT (Bulk-Only Transport) as `USB_STOR_XFER_LONG`. > 3. The USB storage driver initiates the CSW (Command Status Wrapper) > phase of the BOT, requests an IN transaction, and retrieves the > execution status of the corresponding CBW (Command Block Wrapper) > command. > 4. The USB storage driver evaluates the CSW and finds it does not meet > expectations. It marks the entire BOT transfer result as > `USB_STOR_XFER_ERROR` and notifies the SCSI layer that a `DID_ERROR` > has occurred during the transfer. > 5. The USB storage driver requests the DWC2 controller to initiate a > port reset, notifying the device of an issue with the previous > transmission. > 6. The SCSI layer implements a retransmission mechanism. > > In step 3, the device remains unaware of the Babble Error until the > connected port is reset. We observed that the device continues to send > 512 bytes of data to the host (according to the BBB Transport protocol, > it should send only 13 bytes). However, the USB storage driver > pre-allocates a default buffer size of 64 bytes for CBW/CSW, posing a > risk of memory overflow. To mitigate this risk, we have adjusted the > buffer size to 512 bytes to prevent potential errors. There is no risk of memory overflow. The length of the transfer for the CSW is limited to US_BULK_CS_WRAP_LEN, which is 13. And the length of a CBW transfer is limited to US_BULK_CB_WRAP_LEN, which is 31 (or to 32 if the US_FL_BULK32 quirk flag is set). Therefore a 64-byte buffer is more than enough. Alan Stern
