scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers

[ Upstream commit 1c71065df2df693d208dd32758171c1dece66341 ]

Following an incomplete transfer in MSG IN phase, the driver would not
notice the problem and would make use of invalid data. Initialize 'tmp'
appropriately and bail out if no message was received. For STATUS phase,
preserve the existing status code unless a new value was transferred.

Tested-by: Stan Johnson <userm57@yahoo.com>
Signed-off-by: Finn Thain <fthain@linux-m68k.org>
Link: https://lore.kernel.org/r/52e02a8812ae1a2d810d7f9f7fd800c3ccc320c4.1723001788.git.fthain@linux-m68k.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c
index 00e245173320c30cdfc42e6392e943f7a1459726..4fcb73b727aa5d850346336e64e4405547dc60e1 100644 (file)
--- a/drivers/scsi/NCR5380.c
+++ b/drivers/scsi/NCR5380.c
@@ -1807,8 +1807,11 @@ static void NCR5380_information_transfer(struct Scsi_Host *instance)
                                return;
                        case PHASE_MSGIN:
                                len = 1;
+                               tmp = 0xff;
                                data = &tmp;
                                NCR5380_transfer_pio(instance, &phase, &len, &data, 0);
+                               if (tmp == 0xff)
+                                       break;
                                ncmd->message = tmp;
 
                                switch (tmp) {
@@ -1996,6 +1999,7 @@ static void NCR5380_information_transfer(struct Scsi_Host *instance)
                                break;
                        case PHASE_STATIN:
                                len = 1;
+                               tmp = ncmd->status;
                                data = &tmp;
                                NCR5380_transfer_pio(instance, &phase, &len, &data, 0);
                                ncmd->status = tmp;