Wanted Coccinelle scripts

[pchaigno]

We are using a couple Coccinelle scripts for the BPF code. Linux has a lot more, some of which may be useful in the context of Cilium.

This issue lists both scripts from Linux that might be useful and other specific things we'd like to detect and/or patch with Coccinelle in our BPF code. Feel free to add items!

• Find places where ARRAY_SIZE can be used.
• Find functionally identical if and else branches.
• Check all ep_tail_call() calls are followed by return DROP_MISSED_TAIL_CALL. cocci: Detect unlogged missed tail calls #11808
• Check all return DROP_CT_CREATE_FAILED are preceded by send_signal_ct_fill_up().
• Find missing calls to cilium_dbg_capture().
• Find helper calls for which we fail to check the return code.
• Check all assignments to ct_state->backend_id are appropriately guarded.
• Ensure we are using identity_is_remote_node and identity_is_node whenever possible. (from Support policy matching against kube-apiserver #17823). cocci: New test to find missing identity_is_{remote_,}node #18385
• Check that second-to-last send_trace_notify argument is of correct type. (from hubble: Fix misclassification of to-network reply packets #18196 (comment)).

If you'd like to detect some specific and problematic code pattern, but are unsure whether Coccinelle is able, please post below to discuss it.

[borkmann]

Two more:

• csum_diff() -> in/out input buffers must be guaranteed to be multiple of 4 bytes (err checking can be removed and should not be done once guaranteed, see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/core/filter.c#n1970)
• Convert all C++ comments to C ones and bail out in CI on new C++ ones

[pchaigno]

• csum_diff() -> in/out input buffers must be guaranteed to be multiple of 4 bytes (err checking can be removed and should not be done once guaranteed, see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/core/filter.c#n1970)

How do you envision that one? We sometimes use sizeof() to specify from_size/to_size. In such cases, Coccinelle won't be able to deduce the size so we could either hardcode to the known result of sizeof as we do in other places or whitelist structures for which we allow sizeof.

• Convert all C++ comments to C ones and bail out in CI on new C++ ones

That's going to be out of scope for Coccinelle unfortunately. According to the documentation, it can't match on comments:

Some kinds of terms can only appear in + code. These include comments, ifdefs, and attributes (__attribute__((...))).

[borkmann]

• csum_diff() -> in/out input buffers must be guaranteed to be multiple of 4 bytes (err checking can be removed and should not be done once guaranteed, see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/core/filter.c#n1970)

How do you envision that one? We sometimes use sizeof() to specify from_size/to_size. In such cases, Coccinelle won't be able to deduce the size so we could either hardcode to the known result of sizeof as we do in other places or whitelist structures for which we allow sizeof.

Ah, good point, given it's compiler dependent! Fair enough, we could do a build_bug_on() to assert it.

• Convert all C++ comments to C ones and bail out in CI on new C++ ones

That's going to be out of scope for Coccinelle unfortunately. According to the documentation, it can't match on comments:

Some kinds of terms can only appear in + code. These include comments, ifdefs, and attributes (__attribute__((...))).

Ok, I wasn't aware of it. Too bad, but probably solvable through other means (not high prio though).