This is a note to let you know that I've just added the patch titled scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: scsi-ncr5380-initialize-buffer-for-msg-in-and-status.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 0aabaa1b24c2430191d169f3ff08a288b703cde3 Author: Finn Thain <fthain@xxxxxxxxxxxxxx> Date: Wed Aug 7 13:36:28 2024 +1000 scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers [ Upstream commit 1c71065df2df693d208dd32758171c1dece66341 ] Following an incomplete transfer in MSG IN phase, the driver would not notice the problem and would make use of invalid data. Initialize 'tmp' appropriately and bail out if no message was received. For STATUS phase, preserve the existing status code unless a new value was transferred. Tested-by: Stan Johnson <userm57@xxxxxxxxx> Signed-off-by: Finn Thain <fthain@xxxxxxxxxxxxxx> Link: https://lore.kernel.org/r/52e02a8812ae1a2d810d7f9f7fd800c3ccc320c4.1723001788.git.fthain@xxxxxxxxxxxxxx Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c index ecd24af4b3f29..196ee417d10f4 100644 --- a/drivers/scsi/NCR5380.c +++ b/drivers/scsi/NCR5380.c @@ -1807,8 +1807,11 @@ static void NCR5380_information_transfer(struct Scsi_Host *instance) return; case PHASE_MSGIN: len = 1; + tmp = 0xff; data = &tmp; NCR5380_transfer_pio(instance, &phase, &len, &data, 0); + if (tmp == 0xff) + break; ncmd->message = tmp; switch (tmp) { @@ -1996,6 +1999,7 @@ static void NCR5380_information_transfer(struct Scsi_Host *instance) break; case PHASE_STATIN: len = 1; + tmp = ncmd->status; data = &tmp; NCR5380_transfer_pio(instance, &phase, &len, &data, 0); ncmd->status = tmp;