Fix multiple Coverity Out-of-bounds access false postive issues in CAM

The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used.  All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero().  Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).

In addition, this idiom is difficult for humans to understand and
it is error prone.  The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation.  I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.

A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used.  The latter can
normally be seen in the nearby code.  This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.

Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.

Reported by:	Coverity
CID:		1007578, 1008684, 1009724, 1009773, 1011304, 1011306
CID:		1011307, 1011308, 1011309, 1011310, 1011311, 1011312
CID:		1011313, 1011314, 1011315, 1011316, 1011317, 1011318
CID:		1011319, 1011320, 1011321, 1011322, 1011324, 1011325
CID:		1011326, 1011327, 1011328, 1011329, 1011330, 1011374
CID:		1011390, 1011391, 1011392, 1011393, 1011394, 1011395
CID:		1011396, 1011397, 1011398, 1011399, 1011400, 1011401
CID:		1011402, 1011403, 1011404, 1011405, 1011406, 1011408
CID:		1011409, 1011410, 1011411, 1011412, 1011413, 1011414
CID:		1017461, 1018387, 1086860, 1086874, 1194257, 1229897
CID:		1229968, 1306229, 1306234, 1331282, 1331283, 1331294
CID:		1331295, 1331535, 1331536, 1331539, 1331540, 1341623
CID:		1341624, 1341637, 1341638, 1355264, 1355324
Reviewed by:	scottl, ken, delphij, imp
MFH:		1 month
Differential Revision:	https://reviews.freebsd.org/D6496
This commit is contained in:
truckman 2016-05-24 00:57:11 +00:00
parent 9ae9e7f9e0
commit a4774d8f19
9 changed files with 53 additions and 96 deletions

View File

@ -619,7 +619,7 @@ cam_real_open_device(const char *path, int flags, struct cam_device *device,
/*
* Zero the payload, the kernel does look at the flags.
*/
bzero(&(&ccb.ccb_h)[1], sizeof(struct ccb_trans_settings));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb.cts);
/*
* Get transfer settings for this device.

View File

@ -137,8 +137,7 @@ scsiattrib(struct cam_device *device, int argc, char **argv, char *combinedopt,
goto bailout;
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
STAILQ_INIT(&write_attr_list);

View File

@ -842,8 +842,7 @@ scsiinquiry(struct cam_device *device, int retry_count, int timeout)
}
/* cam_getccb cleans up the header, caller has to zero the payload */
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
inq_buf = (struct scsi_inquiry_data *)malloc(
sizeof(struct scsi_inquiry_data));
@ -958,8 +957,7 @@ scsiserial(struct cam_device *device, int retry_count, int timeout)
}
/* cam_getccb cleans up the header, caller has to zero the payload */
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
serial_buf = (struct scsi_vpd_unit_serial_number *)
malloc(sizeof(*serial_buf));
@ -1051,8 +1049,7 @@ camxferrate(struct cam_device *device)
return(1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_trans_settings) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cts);
ccb->ccb_h.func_code = XPT_GET_TRAN_SETTINGS;
ccb->cts.type = CTS_TYPE_CURRENT_SETTINGS;
@ -1605,8 +1602,7 @@ ata_do_pass_16(struct cam_device *device, union ccb *ccb, int retries,
ata_flags |= AP_FLAG_TLEN_NO_DATA;
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
scsi_ata_pass_16(&ccb->csio,
retries,
@ -1667,8 +1663,7 @@ ata_do_28bit_cmd(struct cam_device *device, union ccb *ccb, int retries,
timeout, quiet);
}
bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_ataio) -
sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->ataio);
cam_fill_ataio(&ccb->ataio,
retries,
NULL,
@ -1737,8 +1732,7 @@ ata_do_cmd(struct cam_device *device, union ccb *ccb, int retries,
return (error);
}
bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_ataio) -
sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->ataio);
cam_fill_ataio(&ccb->ataio,
retries,
NULL,
@ -3187,8 +3181,7 @@ rescan_or_reset_bus(path_id_t bus, int rescan)
* no-op, sending a rescan to the xpt bus would result in a status of
* CAM_REQ_INVALID.
*/
bzero(&(&matchccb.ccb_h)[1],
sizeof(struct ccb_dev_match) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&matchccb.cdm);
matchccb.ccb_h.func_code = XPT_DEV_MATCH;
matchccb.ccb_h.path_id = CAM_BUS_WILDCARD;
bufsize = sizeof(struct dev_match_result) * 20;
@ -3536,8 +3529,7 @@ readdefects(struct cam_device *device, int argc, char **argv,
* cam_getccb() zeros the CCB header only. So we need to zero the
* payload portion of the ccb.
*/
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
scsi_read_defects(&ccb->csio,
/*retries*/ retry_count,
@ -3990,8 +3982,7 @@ mode_sense(struct cam_device *device, int mode_page, int page_control,
if (ccb == NULL)
errx(1, "mode_sense: couldn't allocate CCB");
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
scsi_mode_sense(&ccb->csio,
/* retries */ retry_count,
@ -4040,8 +4031,7 @@ mode_select(struct cam_device *device, int save_pages, int retry_count,
if (ccb == NULL)
errx(1, "mode_select: couldn't allocate CCB");
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
scsi_mode_select(&ccb->csio,
/* retries */ retry_count,
@ -4158,8 +4148,7 @@ scsicmd(struct cam_device *device, int argc, char **argv, char *combinedopt,
return(1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(ccb);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch(c) {
@ -4660,8 +4649,7 @@ tagcontrol(struct cam_device *device, int argc, char **argv,
cam_path_string(device, pathstr, sizeof(pathstr));
if (numtags >= 0) {
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_relsim) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->crs);
ccb->ccb_h.func_code = XPT_REL_SIMQ;
ccb->ccb_h.flags = CAM_DEV_QFREEZE;
ccb->crs.release_flags = RELSIM_ADJUST_OPENINGS;
@ -4688,8 +4676,7 @@ tagcontrol(struct cam_device *device, int argc, char **argv,
pathstr, ccb->crs.openings);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_getdevstats) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cgds);
ccb->ccb_h.func_code = XPT_GDEV_STATS;
@ -4889,8 +4876,7 @@ get_cpi(struct cam_device *device, struct ccb_pathinq *cpi)
warnx("get_cpi: couldn't allocate CCB");
return(1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_pathinq) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cpi);
ccb->ccb_h.func_code = XPT_PATH_INQ;
if (cam_send_ccb(device, ccb) < 0) {
warn("get_cpi: error sending Path Inquiry CCB");
@ -4928,8 +4914,7 @@ get_cgd(struct cam_device *device, struct ccb_getdev *cgd)
warnx("get_cgd: couldn't allocate CCB");
return(1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_pathinq) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cgd);
ccb->ccb_h.func_code = XPT_GDEV_TYPE;
if (cam_send_ccb(device, ccb) < 0) {
warn("get_cgd: error sending Path Inquiry CCB");
@ -4974,8 +4959,7 @@ dev_has_vpd_page(struct cam_device *dev, uint8_t page_id, int retry_count,
}
/* cam_getccb cleans up the header, caller has to zero the payload */
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
bzero(&sup_pages, sizeof(sup_pages));
@ -5449,8 +5433,7 @@ get_print_cts(struct cam_device *device, int user_settings, int quiet,
return(1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_trans_settings) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cts);
ccb->ccb_h.func_code = XPT_GET_TRAN_SETTINGS;
@ -5590,8 +5573,7 @@ ratecontrol(struct cam_device *device, int retry_count, int timeout,
break;
}
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_pathinq) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cpi);
/*
* Grab path inquiry information, so we can determine whether
* or not the initiator is capable of the things that the user
@ -5617,8 +5599,7 @@ ratecontrol(struct cam_device *device, int retry_count, int timeout,
goto ratecontrol_bailout;
}
bcopy(&ccb->cpi, &cpi, sizeof(struct ccb_pathinq));
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_trans_settings) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cts);
if (quiet == 0) {
fprintf(stdout, "%s parameters:\n",
user_settings ? "User" : "Current");
@ -5871,8 +5852,7 @@ scsiformat(struct cam_device *device, int argc, char **argv,
return(1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch(c) {
@ -6020,8 +6000,7 @@ scsiformat(struct cam_device *device, int argc, char **argv,
do {
cam_status status;
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
/*
* There's really no need to do error recovery or
@ -6168,8 +6147,7 @@ scsisanitize(struct cam_device *device, int argc, char **argv,
return(1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch(c) {
@ -6430,8 +6408,7 @@ scsisanitize(struct cam_device *device, int argc, char **argv,
do {
cam_status status;
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
/*
* There's really no need to do error recovery or
@ -6573,8 +6550,7 @@ scsireportluns(struct cam_device *device, int argc, char **argv,
return (1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
countonly = 0;
lunsonly = 0;
@ -6822,8 +6798,7 @@ scsireadcapacity(struct cam_device *device, int argc, char **argv,
return (1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch (c) {
@ -7027,8 +7002,7 @@ smpcmd(struct cam_device *device, int argc, char **argv, char *combinedopt,
return (1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch (c) {
@ -7221,8 +7195,7 @@ smpreportgeneral(struct cam_device *device, int argc, char **argv,
return (1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch (c) {
@ -7284,8 +7257,7 @@ smpreportgeneral(struct cam_device *device, int argc, char **argv,
if ((response->long_response & SMP_RG_LONG_RESPONSE)
&& (long_response == 0)) {
ccb->ccb_h.status = CAM_REQ_INPROG;
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
long_response = 1;
goto try_long;
}
@ -7367,8 +7339,7 @@ smpphycontrol(struct cam_device *device, int argc, char **argv,
return (1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch (c) {
@ -7625,8 +7596,7 @@ smpmaninfo(struct cam_device *device, int argc, char **argv,
return (1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch (c) {
@ -7720,8 +7690,7 @@ getdevid(struct cam_devitem *item)
goto bailout;
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cdai);
/*
* On the first try, we just probe for the size of the data, and
@ -8006,8 +7975,7 @@ smpphylist(struct cam_device *device, int argc, char **argv,
return (1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
STAILQ_INIT(&devlist.dev_queue);
rgrequest = malloc(sizeof(*rgrequest));
@ -8111,8 +8079,7 @@ smpphylist(struct cam_device *device, int argc, char **argv,
char tmpstr[256];
int j;
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
ccb->ccb_h.status = CAM_REQ_INPROG;
ccb->ccb_h.flags |= CAM_DEV_QFRZDIS;
@ -8401,8 +8368,7 @@ scsigetopcodes(struct cam_device *device, int opcode_set, int opcode,
}
/* cam_getccb cleans up the header, caller has to zero the payload */
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
if (opcode_set != 0) {
options |= RSO_OPTIONS_OC;
@ -8841,8 +8807,7 @@ scsireprobe(struct cam_device *device)
return (1);
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
ccb->ccb_h.func_code = XPT_REPROBE_LUN;

View File

@ -459,8 +459,7 @@ fw_validate_ibm(struct cam_device *dev, int retry_count, int timeout, int fd,
}
/* cam_getccb cleans up the header, caller has to zero the payload */
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
bzero(&vpd_page, sizeof(vpd_page));
@ -666,8 +665,7 @@ fw_check_device_ready(struct cam_device *dev, camcontrol_devtype devtype,
goto bailout;
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(ccb);
if (devtype != CC_DT_SCSI) {
dxfer_len = sizeof(struct ata_params);
@ -798,8 +796,7 @@ fw_download_img(struct cam_device *cam_dev, struct fw_vendor *vp,
goto bailout;
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(ccb);
max_pkt_size = vp->max_pkt_size;
if (max_pkt_size == 0)
@ -830,8 +827,7 @@ fw_download_img(struct cam_device *cam_dev, struct fw_vendor *vp,
vp->cdb_byte2;
cdb.buffer_id = vp->inc_cdb_buffer_id ? pkt_count : 0;
/* Zero out payload of ccb union after ccb header. */
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
/*
* Copy previously constructed cdb into ccb_scsiio
* struct.

View File

@ -450,8 +450,7 @@ scsipersist(struct cam_device *device, int argc, char **argv, char *combinedopt,
goto bailout;
}
bzero(&(&ccb->ccb_h)[1],
sizeof(union ccb) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch (c) {

View File

@ -372,7 +372,7 @@ doCAM(isess_t *sess)
debug(2, "pathstr=%s", pathstr);
ccb = cam_getccb(sess->camdev);
bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_relsim) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->crs);
ccb->ccb_h.func_code = XPT_REL_SIMQ;
ccb->crs.release_flags = RELSIM_ADJUST_OPENINGS;
ccb->crs.openings = sess->op->tags;

View File

@ -1230,6 +1230,10 @@ union ccb {
struct ccb_async casync;
};
#define CCB_CLEAR_ALL_EXCEPT_HDR(ccbp) \
bzero((char *)(ccbp) + sizeof((ccbp)->ccb_h), \
sizeof(*(ccbp)) - sizeof((ccbp)->ccb_h))
__BEGIN_DECLS
static __inline void
cam_fill_csio(struct ccb_scsiio *csio, u_int32_t retries,

View File

@ -1305,8 +1305,7 @@ camdd_probe_pass(struct cam_device *cam_dev, struct camdd_io_opts *io_opts,
goto bailout;
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
scsi_read_capacity(&ccb->csio,
/*retries*/ probe_retry_count,
@ -1387,8 +1386,7 @@ camdd_probe_pass(struct cam_device *cam_dev, struct camdd_io_opts *io_opts,
goto bailout_error;
}
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cpi);
ccb->ccb_h.func_code = XPT_PATH_INQ;
ccb->ccb_h.flags = CAM_DIR_NONE;
@ -2439,8 +2437,7 @@ camdd_pass_run(struct camdd_dev *dev)
data = &buf->buf_type_spec.data;
ccb = &data->ccb;
bzero(&(&ccb->ccb_h)[1],
sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
/*
* In almost every case the number of blocks should be the device

View File

@ -241,8 +241,7 @@ fetch_scsi_capacity(struct cam_device *dev, struct mpt_standalone_disk *disk)
return (ENOMEM);
/* Zero the rest of the ccb. */
bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_scsiio) -
sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
scsi_read_capacity(&ccb->csio, 1, NULL, MSG_SIMPLE_Q_TAG, &rcap,
SSD_FULL_SIZE, 5000);
@ -273,8 +272,7 @@ fetch_scsi_capacity(struct cam_device *dev, struct mpt_standalone_disk *disk)
}
/* Zero the rest of the ccb. */
bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_scsiio) -
sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
scsi_read_capacity_16(&ccb->csio, 1, NULL, MSG_SIMPLE_Q_TAG, 0, 0, 0,
(uint8_t *)&rcaplong, sizeof(rcaplong), SSD_FULL_SIZE, 5000);
@ -355,8 +353,7 @@ fetch_scsi_inquiry(struct cam_device *dev, struct mpt_standalone_disk *disk)
return (ENOMEM);
/* Zero the rest of the ccb. */
bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_scsiio) -
sizeof(struct ccb_hdr));
CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
inq_buf = calloc(1, sizeof(*inq_buf));
if (inq_buf == NULL) {