Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 6 Jul 2016 17:45:38 +0000 (UTC)
From:      Don Lewis <truckman@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r302377 - in stable/10: lib/libcam sbin/camcontrol sbin/iscontrol sys/cam usr.sbin/camdd usr.sbin/mptutil
Message-ID:  <201607061745.u66Hjc5v019740@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: truckman
Date: Wed Jul  6 17:45:38 2016
New Revision: 302377
URL: https://svnweb.freebsd.org/changeset/base/302377

Log:
  MFC r300547
  
  Fix multiple Coverity Out-of-bounds access false postive issues in CAM
  
  The currently used idiom for clearing the part of a ccb after its
  header generates one or two Coverity errors for each time it is
  used.  All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
  error because of the treatment of the header as a two element array,
  with a pointer to the non-existent second element being passed as
  the starting address to bzero().  Some instances also alsp generate
  Out-of-bounds access (OVERRUN) errors, probably because the space
  being cleared is larger than the sizeofstruct ccb_hdr).
  
  In addition, this idiom is difficult for humans to understand and
  it is error prone.  The user has to chose the proper struct ccb_*
  type (which does not appear in the surrounding code) for the sizeof()
  in the length calculation.  I found several instances where the
  length was incorrect, which could cause either an actual out of
  bounds write, or incompletely clear the ccb.
  
  A better way is to write the code to clear the ccb itself starting
  at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
  the length based on the specific type of struct ccb_* being cleared
  as specified by the union ccb member being used.  The latter can
  normally be seen in the nearby code.  This is friendlier for Coverity
  and other static analysis tools because they will see that the
  intent is to clear the trailing part of the ccb.
  
  Wrap all of the boilerplate code in a convenient macro that only
  requires a pointer to the desired union ccb member (or a pointer
  to the union ccb itself) as an argument.
  
  Reported by:	Coverity
  CID:		1007578, 1008684, 1009724, 1009773, 1011304, 1011306
  CID:		1011307, 1011308, 1011309, 1011310, 1011311, 1011312
  CID:		1011313, 1011314, 1011315, 1011316, 1011317, 1011318
  CID:		1011319, 1011320, 1011321, 1011322, 1011324, 1011325
  CID:		1011326, 1011327, 1011328, 1011329, 1011330, 1011374
  CID:		1011390, 1011391, 1011392, 1011393, 1011394, 1011395
  CID:		1011396, 1011397, 1011398, 1011399, 1011400, 1011401
  CID:		1011402, 1011403, 1011404, 1011405, 1011406, 1011408
  CID:		1011409, 1011410, 1011411, 1011412, 1011413, 1011414
  CID:		1017461, 1018387, 1086860, 1086874, 1194257, 1229897
  CID:		1229968, 1306229, 1306234, 1331282, 1331283, 1331294
  CID:		1331295, 1331535, 1331536, 1331539, 1331540, 1341623
  CID:		1341624, 1341637, 1341638, 1355264, 1355324
  Reviewed by:	scottl, ken, delphij, imp
  MFH:		1 month
  Differential Revision:	https://reviews.freebsd.org/D6496

Modified:
  stable/10/lib/libcam/camlib.c
  stable/10/sbin/camcontrol/attrib.c
  stable/10/sbin/camcontrol/camcontrol.c
  stable/10/sbin/camcontrol/fwdownload.c
  stable/10/sbin/camcontrol/persist.c
  stable/10/sbin/iscontrol/fsm.c
  stable/10/sys/cam/cam_ccb.h
  stable/10/usr.sbin/camdd/camdd.c
  stable/10/usr.sbin/mptutil/mpt_cam.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/lib/libcam/camlib.c
==============================================================================
--- stable/10/lib/libcam/camlib.c	Wed Jul  6 17:42:09 2016	(r302376)
+++ stable/10/lib/libcam/camlib.c	Wed Jul  6 17:45:38 2016	(r302377)
@@ -619,7 +619,7 @@ cam_real_open_device(const char *path, i
 	/*
 	 * Zero the payload, the kernel does look at the flags.
 	 */
-	bzero(&(&ccb.ccb_h)[1], sizeof(struct ccb_trans_settings));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb.cts);
 
 	/*
 	 * Get transfer settings for this device.

Modified: stable/10/sbin/camcontrol/attrib.c
==============================================================================
--- stable/10/sbin/camcontrol/attrib.c	Wed Jul  6 17:42:09 2016	(r302376)
+++ stable/10/sbin/camcontrol/attrib.c	Wed Jul  6 17:45:38 2016	(r302377)
@@ -137,8 +137,7 @@ scsiattrib(struct cam_device *device, in
 		goto bailout;
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	STAILQ_INIT(&write_attr_list);
 

Modified: stable/10/sbin/camcontrol/camcontrol.c
==============================================================================
--- stable/10/sbin/camcontrol/camcontrol.c	Wed Jul  6 17:42:09 2016	(r302376)
+++ stable/10/sbin/camcontrol/camcontrol.c	Wed Jul  6 17:45:38 2016	(r302377)
@@ -838,8 +838,7 @@ scsiinquiry(struct cam_device *device, i
 	}
 
 	/* cam_getccb cleans up the header, caller has to zero the payload */
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	inq_buf = (struct scsi_inquiry_data *)malloc(
 		sizeof(struct scsi_inquiry_data));
@@ -954,8 +953,7 @@ scsiserial(struct cam_device *device, in
 	}
 
 	/* cam_getccb cleans up the header, caller has to zero the payload */
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	serial_buf = (struct scsi_vpd_unit_serial_number *)
 		malloc(sizeof(*serial_buf));
@@ -1047,8 +1045,7 @@ camxferrate(struct cam_device *device)
 		return(1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_trans_settings) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cts);
 
 	ccb->ccb_h.func_code = XPT_GET_TRAN_SETTINGS;
 	ccb->cts.type = CTS_TYPE_CURRENT_SETTINGS;
@@ -1601,8 +1598,7 @@ ata_do_pass_16(struct cam_device *device
 		ata_flags |= AP_FLAG_TLEN_NO_DATA;
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	scsi_ata_pass_16(&ccb->csio,
 			 retries,
@@ -1663,8 +1659,7 @@ ata_do_28bit_cmd(struct cam_device *devi
 				      timeout, quiet);
 	}
 
-	bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_ataio) -
-	      sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->ataio);
 	cam_fill_ataio(&ccb->ataio,
 		       retries,
 		       NULL,
@@ -1733,8 +1728,7 @@ ata_do_cmd(struct cam_device *device, un
 		return (error);
 	}
 
-	bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_ataio) -
-	      sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->ataio);
 	cam_fill_ataio(&ccb->ataio,
 		       retries,
 		       NULL,
@@ -3184,8 +3178,7 @@ rescan_or_reset_bus(path_id_t bus, int r
 	 * no-op, sending a rescan to the xpt bus would result in a status of
 	 * CAM_REQ_INVALID.
 	 */
-	bzero(&(&matchccb.ccb_h)[1],
-	      sizeof(struct ccb_dev_match) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&matchccb.cdm);
 	matchccb.ccb_h.func_code = XPT_DEV_MATCH;
 	matchccb.ccb_h.path_id = CAM_BUS_WILDCARD;
 	bufsize = sizeof(struct dev_match_result) * 20;
@@ -3533,8 +3526,7 @@ next_batch:
 	 * cam_getccb() zeros the CCB header only.  So we need to zero the
 	 * payload portion of the ccb.
 	 */
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	scsi_read_defects(&ccb->csio,
 			  /*retries*/ retry_count,
@@ -3987,8 +3979,7 @@ mode_sense(struct cam_device *device, in
 	if (ccb == NULL)
 		errx(1, "mode_sense: couldn't allocate CCB");
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	scsi_mode_sense(&ccb->csio,
 			/* retries */ retry_count,
@@ -4037,8 +4028,7 @@ mode_select(struct cam_device *device, i
 	if (ccb == NULL)
 		errx(1, "mode_select: couldn't allocate CCB");
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	scsi_mode_select(&ccb->csio,
 			 /* retries */ retry_count,
@@ -4155,8 +4145,7 @@ scsicmd(struct cam_device *device, int a
 		return(1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(ccb);
 
 	while ((c = getopt(argc, argv, combinedopt)) != -1) {
 		switch(c) {
@@ -4657,8 +4646,7 @@ tagcontrol(struct cam_device *device, in
 	cam_path_string(device, pathstr, sizeof(pathstr));
 
 	if (numtags >= 0) {
-		bzero(&(&ccb->ccb_h)[1],
-		      sizeof(struct ccb_relsim) - sizeof(struct ccb_hdr));
+		CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->crs);
 		ccb->ccb_h.func_code = XPT_REL_SIMQ;
 		ccb->ccb_h.flags = CAM_DEV_QFREEZE;
 		ccb->crs.release_flags = RELSIM_ADJUST_OPENINGS;
@@ -4685,8 +4673,7 @@ tagcontrol(struct cam_device *device, in
 				pathstr, ccb->crs.openings);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_getdevstats) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cgds);
 
 	ccb->ccb_h.func_code = XPT_GDEV_STATS;
 
@@ -4886,8 +4873,7 @@ get_cpi(struct cam_device *device, struc
 		warnx("get_cpi: couldn't allocate CCB");
 		return(1);
 	}
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_pathinq) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cpi);
 	ccb->ccb_h.func_code = XPT_PATH_INQ;
 	if (cam_send_ccb(device, ccb) < 0) {
 		warn("get_cpi: error sending Path Inquiry CCB");
@@ -4925,8 +4911,7 @@ get_cgd(struct cam_device *device, struc
 		warnx("get_cgd: couldn't allocate CCB");
 		return(1);
 	}
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_pathinq) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cgd);
 	ccb->ccb_h.func_code = XPT_GDEV_TYPE;
 	if (cam_send_ccb(device, ccb) < 0) {
 		warn("get_cgd: error sending Path Inquiry CCB");
@@ -4971,8 +4956,7 @@ dev_has_vpd_page(struct cam_device *dev,
 	}
 	
 	/* cam_getccb cleans up the header, caller has to zero the payload */
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	bzero(&sup_pages, sizeof(sup_pages));
 
@@ -5286,8 +5270,7 @@ get_print_cts(struct cam_device *device,
 		return(1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_trans_settings) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cts);
 
 	ccb->ccb_h.func_code = XPT_GET_TRAN_SETTINGS;
 
@@ -5427,8 +5410,7 @@ ratecontrol(struct cam_device *device, i
 			break;
 		}
 	}
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_pathinq) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cpi);
 	/*
 	 * Grab path inquiry information, so we can determine whether
 	 * or not the initiator is capable of the things that the user
@@ -5454,8 +5436,7 @@ ratecontrol(struct cam_device *device, i
 		goto ratecontrol_bailout;
 	}
 	bcopy(&ccb->cpi, &cpi, sizeof(struct ccb_pathinq));
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_trans_settings) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cts);
 	if (quiet == 0) {
 		fprintf(stdout, "%s parameters:\n",
 		    user_settings ? "User" : "Current");
@@ -5708,8 +5689,7 @@ scsiformat(struct cam_device *device, in
 		return(1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	while ((c = getopt(argc, argv, combinedopt)) != -1) {
 		switch(c) {
@@ -5857,8 +5837,7 @@ doreport:
 	do {
 		cam_status status;
 
-		bzero(&(&ccb->ccb_h)[1],
-		      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+		CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 		/*
 		 * There's really no need to do error recovery or
@@ -6005,8 +5984,7 @@ scsisanitize(struct cam_device *device, 
 		return(1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	while ((c = getopt(argc, argv, combinedopt)) != -1) {
 		switch(c) {
@@ -6267,8 +6245,7 @@ doreport:
 	do {
 		cam_status status;
 
-		bzero(&(&ccb->ccb_h)[1],
-		      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+		CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 		/*
 		 * There's really no need to do error recovery or
@@ -6410,8 +6387,7 @@ scsireportluns(struct cam_device *device
 		return (1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	countonly = 0;
 	lunsonly = 0;
@@ -6659,8 +6635,7 @@ scsireadcapacity(struct cam_device *devi
 		return (1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	while ((c = getopt(argc, argv, combinedopt)) != -1) {
 		switch (c) {
@@ -6864,8 +6839,7 @@ smpcmd(struct cam_device *device, int ar
 		return (1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
 
 	while ((c = getopt(argc, argv, combinedopt)) != -1) {
 		switch (c) {
@@ -7058,8 +7032,7 @@ smpreportgeneral(struct cam_device *devi
 		return (1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
 
 	while ((c = getopt(argc, argv, combinedopt)) != -1) {
 		switch (c) {
@@ -7121,8 +7094,7 @@ try_long:
 	if ((response->long_response & SMP_RG_LONG_RESPONSE)
 	 && (long_response == 0)) {
 		ccb->ccb_h.status = CAM_REQ_INPROG;
-		bzero(&(&ccb->ccb_h)[1],
-		      sizeof(union ccb) - sizeof(struct ccb_hdr));
+		CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
 		long_response = 1;
 		goto try_long;
 	}
@@ -7204,8 +7176,7 @@ smpphycontrol(struct cam_device *device,
 		return (1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
 
 	while ((c = getopt(argc, argv, combinedopt)) != -1) {
 		switch (c) {
@@ -7462,8 +7433,7 @@ smpmaninfo(struct cam_device *device, in
 		return (1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
 
 	while ((c = getopt(argc, argv, combinedopt)) != -1) {
 		switch (c) {
@@ -7557,8 +7527,7 @@ getdevid(struct cam_devitem *item)
 		goto bailout;
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cdai);
 
 	/*
 	 * On the first try, we just probe for the size of the data, and
@@ -7843,8 +7812,7 @@ smpphylist(struct cam_device *device, in
 		return (1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
 	STAILQ_INIT(&devlist.dev_queue);
 
 	rgrequest = malloc(sizeof(*rgrequest));
@@ -7948,8 +7916,7 @@ smpphylist(struct cam_device *device, in
 		char tmpstr[256];
 		int j;
 
-		bzero(&(&ccb->ccb_h)[1],
-		      sizeof(union ccb) - sizeof(struct ccb_hdr));
+		CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->smpio);
 
 		ccb->ccb_h.status = CAM_REQ_INPROG;
 		ccb->ccb_h.flags |= CAM_DEV_QFRZDIS;
@@ -8238,8 +8205,7 @@ scsigetopcodes(struct cam_device *device
 	}
 
 	/* cam_getccb cleans up the header, caller has to zero the payload */
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	if (opcode_set != 0) {
 		options |= RSO_OPTIONS_OC;
@@ -8678,8 +8644,7 @@ scsireprobe(struct cam_device *device)
 		return (1);
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	ccb->ccb_h.func_code = XPT_REPROBE_LUN;
 

Modified: stable/10/sbin/camcontrol/fwdownload.c
==============================================================================
--- stable/10/sbin/camcontrol/fwdownload.c	Wed Jul  6 17:42:09 2016	(r302376)
+++ stable/10/sbin/camcontrol/fwdownload.c	Wed Jul  6 17:45:38 2016	(r302377)
@@ -459,8 +459,7 @@ fw_validate_ibm(struct cam_device *dev, 
 	}
 
 	/* cam_getccb cleans up the header, caller has to zero the payload */
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	bzero(&vpd_page, sizeof(vpd_page));
 
@@ -666,8 +665,7 @@ fw_check_device_ready(struct cam_device 
 		goto bailout;
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(ccb);
 
 	if (devtype != CC_DT_SCSI) {
 		dxfer_len = sizeof(struct ata_params);
@@ -789,8 +787,7 @@ fw_download_img(struct cam_device *cam_d
 		goto bailout;
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(ccb);
 
 	max_pkt_size = vp->max_pkt_size;
 	if (max_pkt_size == 0)
@@ -821,8 +818,7 @@ fw_download_img(struct cam_device *cam_d
 					       vp->cdb_byte2;
 			cdb.buffer_id = vp->inc_cdb_buffer_id ? pkt_count : 0;
 			/* Zero out payload of ccb union after ccb header. */
-			bzero(&(&ccb->ccb_h)[1],
-			    sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+			CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 			/*
 			 * Copy previously constructed cdb into ccb_scsiio
 			 * struct.

Modified: stable/10/sbin/camcontrol/persist.c
==============================================================================
--- stable/10/sbin/camcontrol/persist.c	Wed Jul  6 17:42:09 2016	(r302376)
+++ stable/10/sbin/camcontrol/persist.c	Wed Jul  6 17:45:38 2016	(r302377)
@@ -450,8 +450,7 @@ scsipersist(struct cam_device *device, i
 		goto bailout;
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(union ccb) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	while ((c = getopt(argc, argv, combinedopt)) != -1) {
 		switch (c) {

Modified: stable/10/sbin/iscontrol/fsm.c
==============================================================================
--- stable/10/sbin/iscontrol/fsm.c	Wed Jul  6 17:42:09 2016	(r302376)
+++ stable/10/sbin/iscontrol/fsm.c	Wed Jul  6 17:45:38 2016	(r302377)
@@ -371,7 +371,7 @@ doCAM(isess_t *sess)
 	  debug(2, "pathstr=%s", pathstr);
 
 	  ccb = cam_getccb(sess->camdev);
-	  bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_relsim) - sizeof(struct ccb_hdr));
+	  CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->crs);
 	  ccb->ccb_h.func_code = XPT_REL_SIMQ;
 	  ccb->crs.release_flags = RELSIM_ADJUST_OPENINGS;
 	  ccb->crs.openings = sess->op->tags;

Modified: stable/10/sys/cam/cam_ccb.h
==============================================================================
--- stable/10/sys/cam/cam_ccb.h	Wed Jul  6 17:42:09 2016	(r302376)
+++ stable/10/sys/cam/cam_ccb.h	Wed Jul  6 17:45:38 2016	(r302377)
@@ -1217,6 +1217,10 @@ union ccb {
 	struct	ccb_async		casync;
 };
 
+#define CCB_CLEAR_ALL_EXCEPT_HDR(ccbp)			\
+	bzero((char *)(ccbp) + sizeof((ccbp)->ccb_h),	\
+	    sizeof(*(ccbp)) - sizeof((ccbp)->ccb_h))
+
 __BEGIN_DECLS
 static __inline void
 cam_fill_csio(struct ccb_scsiio *csio, u_int32_t retries,

Modified: stable/10/usr.sbin/camdd/camdd.c
==============================================================================
--- stable/10/usr.sbin/camdd/camdd.c	Wed Jul  6 17:42:09 2016	(r302376)
+++ stable/10/usr.sbin/camdd/camdd.c	Wed Jul  6 17:45:38 2016	(r302377)
@@ -1305,8 +1305,7 @@ camdd_probe_pass(struct cam_device *cam_
 		goto bailout;
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	scsi_read_capacity(&ccb->csio,
 			   /*retries*/ probe_retry_count,
@@ -1387,8 +1386,7 @@ rcap_done:
 		goto bailout_error;
 	}
 
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->cpi);
 
 	ccb->ccb_h.func_code = XPT_PATH_INQ;
 	ccb->ccb_h.flags = CAM_DIR_NONE;
@@ -2439,8 +2437,7 @@ camdd_pass_run(struct camdd_dev *dev)
 	data = &buf->buf_type_spec.data;
 
 	ccb = &data->ccb;
-	bzero(&(&ccb->ccb_h)[1],
-	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	/*
 	 * In almost every case the number of blocks should be the device

Modified: stable/10/usr.sbin/mptutil/mpt_cam.c
==============================================================================
--- stable/10/usr.sbin/mptutil/mpt_cam.c	Wed Jul  6 17:42:09 2016	(r302376)
+++ stable/10/usr.sbin/mptutil/mpt_cam.c	Wed Jul  6 17:45:38 2016	(r302377)
@@ -241,8 +241,7 @@ fetch_scsi_capacity(struct cam_device *d
 		return (ENOMEM);
 
 	/* Zero the rest of the ccb. */
-	bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_scsiio) -
-	    sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	scsi_read_capacity(&ccb->csio, 1, NULL, MSG_SIMPLE_Q_TAG, &rcap,
 	    SSD_FULL_SIZE, 5000);
@@ -273,8 +272,7 @@ fetch_scsi_capacity(struct cam_device *d
 	}
 
 	/* Zero the rest of the ccb. */
-	bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_scsiio) -
-	    sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	scsi_read_capacity_16(&ccb->csio, 1, NULL, MSG_SIMPLE_Q_TAG, 0, 0, 0,
 	    (uint8_t *)&rcaplong, sizeof(rcaplong), SSD_FULL_SIZE, 5000);
@@ -355,8 +353,7 @@ fetch_scsi_inquiry(struct cam_device *de
 		return (ENOMEM);
 
 	/* Zero the rest of the ccb. */
-	bzero(&(&ccb->ccb_h)[1], sizeof(struct ccb_scsiio) -
-	    sizeof(struct ccb_hdr));
+	CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio);
 
 	inq_buf = calloc(1, sizeof(*inq_buf));
 	if (inq_buf == NULL) {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607061745.u66Hjc5v019740>