On Thu, Mar 13, 2025 at 7:28 PM daixin_tkzc <daixin_tkzc@xxxxxxx> wrote: > > When the urb complete (babble error occurs), the sg_complete function of urb(s) will notify the mass storage driver that the data phase of the BOT transfer is over. The rest is done by the mass storage driver, such us: You appear very focused on a specific sequence of events which causes the babble error, but we are telling you that you are looking in the wrong place. If the DWC_otc driver does, in fact, handle packet babble properly, then it will never overflow the buffer. For example, forget the specifics of usb-storage. Consider a BULK IN request to an arbitrary device with an URB that provides an iobuf of only 32 bytes, but the device sends 512 bytes -- the reason the device sends too much data is not important; this is a babble condition. The controller and controller driver is *required* NOT to overflow the 32-byte buffer. The remaining bytes received by the host are required to be discarded. Thus, even when a usb-storage device gets "out of sync" (i.e. is sending data instead of a CSW), a buffer overflow is NOT POSSIBLE if the controller is functioning properly. If the controller writes data beyond the end of the buffer, then that is an error of the controller and/or controller driver software. The design of the Linux USB stack places this requirement on the controllers. Matt
