Switch to CodeQL to detect prohibited function use #15819

ryao · 2024-01-25T01:34:16Z

Motivation and Context

The LLVM/Clang developers pointed out that using the CPP to detect use of functions that our QA policies prohibit risks invoking undefined behavior.

Description

We remove the CPP macros from automake in favor of adding a custom CodeQL query.

How Has This Been Tested?

I have tested this in my fork of the openzfs/zfs github repository with an experimental patch that added strncpy() to the codebase:

diff --git a/module/zfs/arc.c b/module/zfs/arc.c
index 3bcffb3c7ede..75a104251336 100644
--- a/module/zfs/arc.c
+++ b/module/zfs/arc.c
@@ -4432,6 +4432,11 @@ arc_kmem_reap_soon(void)
 	kmem_cache_t		*prev_data_cache = NULL;
 
 #ifdef _KERNEL
+	char source[] = "example";
+	char destination[10];
+
+	strncpy(destination, source, sizeof(destination));
+	destination[sizeof(destination) - 1] = '\0';
 #if defined(_ILP32)
 	/*
 	 * Reclaim unused memory from all kmem caches.

The issue was detected and the appropriate message was shown in the security tab. I did not test a PR to see what would be displayed, but I assume that the message would also show there, just as it does for the stock CodeQL queries. I can push a test commit to this PR to verify that if people feel it is necessary.

Types of changes

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Performance enhancement (non-breaking change which improves efficiency)
Code cleanup (non-breaking change which makes code smaller or more readable)
Breaking change (fix or feature that would cause existing functionality to change)
Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
Documentation (a change to man pages or other documentation)

Checklist:

My code follows the OpenZFS code style requirements.
I have updated the documentation accordingly.
I have read the contributing document.
I have added tests to cover my changes.
I have run the ZFS Test Suite with this change applied.
All commit messages are properly formatted and contain Signed-off-by.

The LLVM/Clang developers pointed out that using the CPP to detect use of functions that our QA policies prohibit risks invoking undefined behavior. To resolve this, we configure CodeQL to detect forbidden function usage. Note that cpp in the context of CodeQL refers to C/C++, rather than the C PreProcessor, which C++ also uses. It really should have been written cxx, but that ship sailed a long time ago. This misuse of the term cpp is retained in the CodeQL configuration for consistency with upstream CodeQL. As a side benefit, verbose make no longer is a wall of text showing a bunch of CPP macros, which can make debugging slightly easier. Signed-off-by: Richard Yao <[email protected]> Closes openzfs#14134

The LLVM/Clang developers pointed out that using the CPP to detect use of functions that our QA policies prohibit risks invoking undefined behavior. To resolve this, we configure CodeQL to detect forbidden function usage. Note that cpp in the context of CodeQL refers to C/C++, rather than the C PreProcessor, which C++ also uses. It really should have been written cxx, but that ship sailed a long time ago. This misuse of the term cpp is retained in the CodeQL configuration for consistency with upstream CodeQL. As a side benefit, verbose make no longer is a wall of text showing a bunch of CPP macros, which can make debugging slightly easier. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Richard Yao <[email protected]> Closes openzfs#15819 Closes openzfs#14134

The LLVM/Clang developers pointed out that using the CPP to detect use of functions that our QA policies prohibit risks invoking undefined behavior. To resolve this, we configure CodeQL to detect forbidden function usage. Note that cpp in the context of CodeQL refers to C/C++, rather than the C PreProcessor, which C++ also uses. It really should have been written cxx, but that ship sailed a long time ago. This misuse of the term cpp is retained in the CodeQL configuration for consistency with upstream CodeQL. As a side benefit, verbose make no longer is a wall of text showing a bunch of CPP macros, which can make debugging slightly easier. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Richard Yao <[email protected]> Closes #15819 Closes #14134

The LLVM/Clang developers pointed out that using the CPP to detect use of functions that our QA policies prohibit risks invoking undefined behavior. To resolve this, we configure CodeQL to detect forbidden function usage. Note that cpp in the context of CodeQL refers to C/C++, rather than the C PreProcessor, which C++ also uses. It really should have been written cxx, but that ship sailed a long time ago. This misuse of the term cpp is retained in the CodeQL configuration for consistency with upstream CodeQL. As a side benefit, verbose make no longer is a wall of text showing a bunch of CPP macros, which can make debugging slightly easier. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Richard Yao <[email protected]> Closes openzfs#15819 Closes openzfs#14134

behlendorf approved these changes Jan 26, 2024

View reviewed changes

behlendorf added the Status: Accepted Ready to integrate (reviewed, tested) label Jan 26, 2024

behlendorf merged commit e7af89d into openzfs:master Jan 26, 2024
22 of 25 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Switch to CodeQL to detect prohibited function use #15819

Switch to CodeQL to detect prohibited function use #15819

ryao commented Jan 25, 2024

Switch to CodeQL to detect prohibited function use #15819

Switch to CodeQL to detect prohibited function use #15819

Conversation

ryao commented Jan 25, 2024

Motivation and Context

Description

How Has This Been Tested?

Types of changes

Checklist: