ata: libata-scsi: Fix ata_msense_control_spgt2()

ata_msense_control_spgt2() can be called even for devices that do not
support CDL when the user requests the ALL_SUB_MPAGES mode sense page,
but for such device, this will cause a NULL pointer dereference as
dev->cdl is NULL. Similarly, we should not return any data if
ata_msense_control_spgt2() is called when the user requested the
CDL_T2A_SUB_MPAGE or CDL_T2B_SUB_MPAGE pages for a device that does not
support CDL.

Avoid this potential NULL pointer dereference by checking if the device
support CDL on entry to ata_msense_control_spgt2() and return 0 if it
does not support CDL.

Reported-by: [email protected]
Tested-by: [email protected]
Fixes: 602bcf2 ("ata: libata: Improve CDL resource management")
Signed-off-by: Damien Le Moal <[email protected]>
Reviewed-by: Hannes Reinecke <[email protected]>

Author: damien-lemoal

drivers/ata/libata-scsi.c

@@ -2245,10 +2245,15 @@ static inline u16 ata_xlat_cdl_limit(u8 *buf)
 static unsigned int ata_msense_control_spgt2(struct ata_device *dev, u8 *buf,
 					     u8 spg)
 {
-	u8 *b, *cdl = dev->cdl->desc_log_buf, *desc;
+	u8 *b, *cdl, *desc;
 	u32 policy;
 	int i;
 
+	if (!(dev->flags & ATA_DFLAG_CDL) || !dev->cdl)
+		return 0;
+
+	cdl = dev->cdl->desc_log_buf;
+
 	/*
 	 * Fill the subpage. The first four bytes of the T2A/T2B mode pages
 	 * are a header. The PAGE LENGTH field is the size of the page