ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf

[ Upstream commit 816be86c7993d3c5832c3017c0056297e86f978c ]

qc->result_tf contents are only valid when the ATA_QCFLAG_RTF_FILLED flag
is set. The ATA_QCFLAG_RTF_FILLED flag should be always set for commands
that failed or for commands that have the ATA_QCFLAG_RESULT_TF flag set.

Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Niklas Cassel <cassel@kernel.org>
Signed-off-by: Igor Pylypiv <ipylypiv@google.com>
Link: https://lore.kernel.org/r/20240702024735.1152293-8-ipylypiv@google.com
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index 27e0c87236ac041128586362a01d654c374a7696..c91f8746289f4a22ef804a49bb4614b5a5ec0de6 100644 (file)
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -242,10 +242,17 @@ void ata_scsi_set_sense_information(struct ata_device *dev,
  */
 static void ata_scsi_set_passthru_sense_fields(struct ata_queued_cmd *qc)
 {
+       struct ata_device *dev = qc->dev;
        struct scsi_cmnd *cmd = qc->scsicmd;
        struct ata_taskfile *tf = &qc->result_tf;
        unsigned char *sb = cmd->sense_buffer;
 
+       if (!(qc->flags & ATA_QCFLAG_RTF_FILLED)) {
+               ata_dev_dbg(dev,
+                           "missing result TF: can't set ATA PT sense fields\n");
+               return;
+       }
+
        if ((sb[0] & 0x7f) >= 0x72) {
                unsigned char *desc;
                u8 len;
@@ -924,10 +931,17 @@ static void ata_to_sense_error(unsigned id, u8 drv_stat, u8 drv_err, u8 *sk,
  */
 static void ata_gen_passthru_sense(struct ata_queued_cmd *qc)
 {
+       struct ata_device *dev = qc->dev;
        struct scsi_cmnd *cmd = qc->scsicmd;
        struct ata_taskfile *tf = &qc->result_tf;
        u8 sense_key, asc, ascq;
 
+       if (!(qc->flags & ATA_QCFLAG_RTF_FILLED)) {
+               ata_dev_dbg(dev,
+                           "missing result TF: can't generate ATA PT sense data\n");
+               return;
+       }
+
        /*
         * Use ata_to_sense_error() to map status register bits
         * onto sense key, asc & ascq.
@@ -979,6 +993,13 @@ static void ata_gen_ata_sense(struct ata_queued_cmd *qc)
                ata_scsi_set_sense(dev, cmd, NOT_READY, 0x04, 0x21);
                return;
        }
+
+       if (!(qc->flags & ATA_QCFLAG_RTF_FILLED)) {
+               ata_dev_dbg(dev,
+                           "missing result TF: can't generate sense data\n");
+               return;
+       }
+
        /* Use ata_to_sense_error() to map status register bits
         * onto sense key, asc & ascq.
         */