[linux-next:master 3357/8413] drivers/scsi/FlashPoint.c:1712:12: warning: stack frame size (1056) exceeds limit (1024) in 'FlashPoint_HandleInterrupt'

[linux-next:master 3357/8413] drivers/scsi/FlashPoint.c:1712:12: warning: stack frame size (1056) exceeds limit (1024) in 'FlashPoint_HandleInterrupt'

[kernel test robot]

Hi Kees,

First bad commit (maybe != root cause):

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head:   53ab6975c12d1ad86c599a8927e8c698b144d669
commit: df8fc4e934c12b906d08050d7779f292b9c5c6b5 [3357/8413] kbuild: Enable -fstrict-flex-arrays=3
config: powerpc-allmodconfig (https://download.01.org/0day-ci/archive/20230610/202306100035.VTusNhm4-lkp@intel.com/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project.git 4a5ac14ee968ff0ad5d2cc1ffa0299048db4c88a)
reproduce (this is a W=1 build):
        mkdir -p ~/bin
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install powerpc cross compiling tool for clang build
        # apt-get install binutils-powerpc-linux-gnu
        # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=df8fc4e934c12b906d08050d7779f292b9c5c6b5
        git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
        git fetch --no-tags linux-next master
        git checkout df8fc4e934c12b906d08050d7779f292b9c5c6b5
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang ~/bin/make.cross W=1 O=build_dir ARCH=powerpc olddefconfig
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang ~/bin/make.cross W=1 O=build_dir ARCH=powerpc SHELL=/bin/bash drivers/

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202306100035.VTusNhm4-lkp@intel.com/

All warnings (new ones prefixed by >>):

   In file included from drivers/scsi/BusLogic.c:51:
>> drivers/scsi/FlashPoint.c:1712:12: warning: stack frame size (1056) exceeds limit (1024) in 'FlashPoint_HandleInterrupt' [-Wframe-larger-than]
    1712 | static int FlashPoint_HandleInterrupt(void *pcard)
         |            ^
   1 warning generated.


vim +/FlashPoint_HandleInterrupt +1712 drivers/scsi/FlashPoint.c

^1da177e4c3f41 Linus Torvalds  2005-04-16  1702  
^1da177e4c3f41 Linus Torvalds  2005-04-16  1703  /*---------------------------------------------------------------------
^1da177e4c3f41 Linus Torvalds  2005-04-16  1704   *
d8b6b8bd8a99ee Alexey Dobriyan 2006-03-08  1705   * Function: FlashPoint_HandleInterrupt
^1da177e4c3f41 Linus Torvalds  2005-04-16  1706   *
^1da177e4c3f41 Linus Torvalds  2005-04-16  1707   * Description: This is our entry point when an interrupt is generated
^1da177e4c3f41 Linus Torvalds  2005-04-16  1708   *              by the card and the upper level driver passes it on to
^1da177e4c3f41 Linus Torvalds  2005-04-16  1709   *              us.
^1da177e4c3f41 Linus Torvalds  2005-04-16  1710   *
^1da177e4c3f41 Linus Torvalds  2005-04-16  1711   *---------------------------------------------------------------------*/
391e2f25601e34 Khalid Aziz     2013-05-16 @1712  static int FlashPoint_HandleInterrupt(void *pcard)
^1da177e4c3f41 Linus Torvalds  2005-04-16  1713  {
69eb2ea4779336 Alexey Dobriyan 2006-03-08  1714  	struct sccb *currSCCB;
554b117e8fab4f Colin Ian King  2022-07-30  1715  	unsigned char thisCard, result, bm_status;
c823feeb33161c Alexey Dobriyan 2006-03-08  1716  	unsigned short hp_int;
db038cf86fc63d Alexey Dobriyan 2006-03-08  1717  	unsigned char i, target;
391e2f25601e34 Khalid Aziz     2013-05-16  1718  	struct sccb_card *pCurrCard = pcard;
391e2f25601e34 Khalid Aziz     2013-05-16  1719  	u32 ioport;
^1da177e4c3f41 Linus Torvalds  2005-04-16  1720  
391e2f25601e34 Khalid Aziz     2013-05-16  1721  	thisCard = pCurrCard->cardIndex;
391e2f25601e34 Khalid Aziz     2013-05-16  1722  	ioport = pCurrCard->ioPort;
^1da177e4c3f41 Linus Torvalds  2005-04-16  1723  
^1da177e4c3f41 Linus Torvalds  2005-04-16  1724  	MDISABLE_INT(ioport);
^1da177e4c3f41 Linus Torvalds  2005-04-16  1725  
554b117e8fab4f Colin Ian King  2022-07-30  1726  	if (RD_HARPOON(ioport + hp_int_status) & EXT_STATUS_ON)
391e2f25601e34 Khalid Aziz     2013-05-16  1727  		bm_status = RD_HARPOON(ioport + hp_ext_status) &
391e2f25601e34 Khalid Aziz     2013-05-16  1728  					(unsigned char)BAD_EXT_STATUS;
^1da177e4c3f41 Linus Torvalds  2005-04-16  1729  	else
^1da177e4c3f41 Linus Torvalds  2005-04-16  1730  		bm_status = 0;
^1da177e4c3f41 Linus Torvalds  2005-04-16  1731  
^1da177e4c3f41 Linus Torvalds  2005-04-16  1732  	WR_HARPOON(ioport + hp_int_mask, (INT_CMD_COMPL | SCSI_INTERRUPT));
^1da177e4c3f41 Linus Torvalds  2005-04-16  1733  
391e2f25601e34 Khalid Aziz     2013-05-16  1734  	while ((hp_int = RDW_HARPOON((ioport + hp_intstat)) &
391e2f25601e34 Khalid Aziz     2013-05-16  1735  				FPT_default_intena) | bm_status) {
^1da177e4c3f41 Linus Torvalds  2005-04-16  1736  
391e2f25601e34 Khalid Aziz     2013-05-16  1737  		currSCCB = pCurrCard->currentSCCB;
^1da177e4c3f41 Linus Torvalds  2005-04-16  1738  
^1da177e4c3f41 Linus Torvalds  2005-04-16  1739  		if (hp_int & (FIFO | TIMEOUT | RESET | SCAM_SEL) || bm_status) {
5c04a7b8981f28 Alexey Dobriyan 2006-03-08  1740  			result =
391e2f25601e34 Khalid Aziz     2013-05-16  1741  			    FPT_SccbMgr_bad_isr(ioport, thisCard, pCurrCard,
5c04a7b8981f28 Alexey Dobriyan 2006-03-08  1742  						hp_int);
5c04a7b8981f28 Alexey Dobriyan 2006-03-08  1743  			WRW_HARPOON((ioport + hp_intstat),
5c04a7b8981f28 Alexey Dobriyan 2006-03-08  1744  				    (FIFO | TIMEOUT | RESET | SCAM_SEL));
^1da177e4c3f41 Linus Torvalds  2005-04-16  1745  			bm_status = 0;
^1da177e4c3f41 Linus Torvalds  2005-04-16  1746  
^1da177e4c3f41 Linus Torvalds  2005-04-16  1747  			if (result) {
^1da177e4c3f41 Linus Torvalds  2005-04-16  1748  
^1da177e4c3f41 Linus Torvalds  2005-04-16  1749  				MENABLE_INT(ioport);
5c1b85e209af41 Alexey Dobriyan 2006-03-08  1750  				return result;
^1da177e4c3f41 Linus Torvalds  2005-04-16  1751  			}
^1da177e4c3f41 Linus Torvalds  2005-04-16  1752  		}
^1da177e4c3f41 Linus Torvalds  2005-04-16  1753  
^1da177e4c3f41 Linus Torvalds  2005-04-16  1754  		else if (hp_int & ICMD_COMP) {
^1da177e4c3f41 Linus Torvalds  2005-04-16  1755  
^1da177e4c3f41 Linus Torvalds  2005-04-16  1756  			if (!(hp_int & BUS_FREE)) {
^1da177e4c3f41 Linus Torvalds  2005-04-16  1757  				/* Wait for the BusFree before starting a new command.  We
^1da177e4c3f41 Linus Torvalds  2005-04-16  1758  				   must also check for being reselected since the BusFree
^1da177e4c3f41 Linus Torvalds  2005-04-16  1759  				   may not show up if another device reselects us in 1.5us or
^1da177e4c3f41 Linus Torvalds  2005-04-16  1760  				   less.  SRR Wednesday, 3/8/1995.
^1da177e4c3f41 Linus Torvalds  2005-04-16  1761  				 */
5c04a7b8981f28 Alexey Dobriyan 2006-03-08  1762  				while (!
5c04a7b8981f28 Alexey Dobriyan 2006-03-08  1763  				       (RDW_HARPOON((ioport + hp_intstat)) &
5c04a7b8981f28 Alexey Dobriyan 2006-03-08  1764  					(BUS_FREE | RSEL))) ;
^1da177e4c3f41 Linus Torvalds  2005-04-16  1765  			}
^1da177e4c3f41 Linus Torvalds  2005-04-16  1766  
391e2f25601e34 Khalid Aziz     2013-05-16  1767  			if (pCurrCard->globalFlags & F_HOST_XFER_ACT)
^1da177e4c3f41 Linus Torvalds  2005-04-16  1768  
47b5d69c4aa753 James Bottomley 2005-04-24  1769  				FPT_phaseChkFifo(ioport, thisCard);
^1da177e4c3f41 Linus Torvalds  2005-04-16  1770  

:::::: The code at line 1712 was first introduced by commit
:::::: 391e2f25601e34a7d7e5dc155e487bc58dffd8c6 [SCSI] BusLogic: Port driver to 64-bit.

:::::: TO: Khalid Aziz <khalid.aziz@oracle.com>
:::::: CC: James Bottomley <JBottomley@Parallels.com>

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [linux-next:master 3357/8413] drivers/scsi/FlashPoint.c:1712:12: warning: stack frame size (1056) exceeds limit (1024) in 'FlashPoint_HandleInterrupt'

[Kees Cook]

On Sat, Jun 10, 2023 at 12:58:23AM +0800, kernel test robot wrote:
> First bad commit (maybe != root cause):
> 
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> head:   53ab6975c12d1ad86c599a8927e8c698b144d669
> commit: df8fc4e934c12b906d08050d7779f292b9c5c6b5 [3357/8413] kbuild: Enable -fstrict-flex-arrays=3
> config: powerpc-allmodconfig (https://download.01.org/0day-ci/archive/20230610/202306100035.VTusNhm4-lkp@intel.com/config)
> compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project.git 4a5ac14ee968ff0ad5d2cc1ffa0299048db4c88a)
> reproduce (this is a W=1 build):
>         mkdir -p ~/bin
>         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
>         chmod +x ~/bin/make.cross
>         # install powerpc cross compiling tool for clang build
>         # apt-get install binutils-powerpc-linux-gnu
>         # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=df8fc4e934c12b906d08050d7779f292b9c5c6b5
>         git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
>         git fetch --no-tags linux-next master
>         git checkout df8fc4e934c12b906d08050d7779f292b9c5c6b5
>         # save the config file
>         mkdir build_dir && cp config build_dir/.config
>         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang ~/bin/make.cross W=1 O=build_dir ARCH=powerpc olddefconfig
>         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang ~/bin/make.cross W=1 O=build_dir ARCH=powerpc SHELL=/bin/bash drivers/
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202306100035.VTusNhm4-lkp@intel.com/
> 
> All warnings (new ones prefixed by >>):
> 
>    In file included from drivers/scsi/BusLogic.c:51:
> >> drivers/scsi/FlashPoint.c:1712:12: warning: stack frame size (1056) exceeds limit (1024) in 'FlashPoint_HandleInterrupt' [-Wframe-larger-than]
>     1712 | static int FlashPoint_HandleInterrupt(void *pcard)
>          |            ^
>    1 warning generated.

I wasn't able to generate the warning with my Clang, but it sure is
close! Building with KCFLAGS=-Rpass-analysis=stack-frame-layout I see:


In file included from ../drivers/scsi/BusLogic.c:51:
../drivers/scsi/FlashPoint.c:1713:1: remark:
Function: FlashPoint_HandleInterrupt
Offset: [SP-4], Type: Protector, Align: 4, Size: 4
Offset: [SP-8], Type: Spill, Align: 8, Size: 4
Offset: [SP-12], Type: Spill, Align: 4, Size: 4
Offset: [SP-16], Type: Spill, Align: 16, Size: 4
Offset: [SP-20], Type: Spill, Align: 4, Size: 4
Offset: [SP-24], Type: Spill, Align: 8, Size: 4
Offset: [SP-28], Type: Spill, Align: 4, Size: 4
Offset: [SP-32], Type: Spill, Align: 16, Size: 4
Offset: [SP-36], Type: Spill, Align: 4, Size: 4
Offset: [SP-40], Type: Spill, Align: 8, Size: 4
Offset: [SP-44], Type: Spill, Align: 4, Size: 4
Offset: [SP-48], Type: Spill, Align: 16, Size: 4
Offset: [SP-52], Type: Spill, Align: 4, Size: 4
Offset: [SP-56], Type: Spill, Align: 8, Size: 4
Offset: [SP-60], Type: Spill, Align: 4, Size: 4
Offset: [SP-64], Type: Spill, Align: 16, Size: 4
Offset: [SP-68], Type: Spill, Align: 4, Size: 4
Offset: [SP-72], Type: Spill, Align: 8, Size: 4
Offset: [SP-76], Type: Variable, Align: 4, Size: 4
Offset: [SP-80], Type: Spill, Align: 4, Size: 4
Offset: [SP-84], Type: Spill, Align: 4, Size: 4
...[4 byte spills]...
Offset: [SP-1012], Type: Variable, Align: 4, Size: 4
Offset: [SP-1016], Type: Variable, Align: 4, Size: 4
[-Rpass-analysis=stack-frame-layout]

So something is very weird in FlashPoint_HandleInterrupt -- it has a
single while loop with an internal if/else if/.../else chain. So I don't
see why it would need such extensive spills...

This seems like a missed optimization in Clang, maybe?

-- 
Kees Cook

Re: [linux-next:master 3357/8413] drivers/scsi/FlashPoint.c:1712:12: warning: stack frame size (1056) exceeds limit (1024) in 'FlashPoint_HandleInterrupt'

[Nick Desaulniers]

On Tue, Jun 13, 2023 at 5:22 PM Kees Cook <keescook@chromium.org> wrote:
>
> On Sat, Jun 10, 2023 at 12:58:23AM +0800, kernel test robot wrote:
> > First bad commit (maybe != root cause):
> >
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> > head:   53ab6975c12d1ad86c599a8927e8c698b144d669
> > commit: df8fc4e934c12b906d08050d7779f292b9c5c6b5 [3357/8413] kbuild: Enable -fstrict-flex-arrays=3
> > config: powerpc-allmodconfig (https://download.01.org/0day-ci/archive/20230610/202306100035.VTusNhm4-lkp@intel.com/config)

^ I just checked this config. CONFIG_KASAN=y is not set, so this is
not a case of
https://github.com/ClangBuiltLinux/linux/issues/39

UBSAN is though (maybe a red herring) as well as GCOV and TSAN/KCSAN.

Disabling GCOV did not change the stack usage from allmodconfig.

Disable KCSAN dropped it down from 2272 to 2160.

Disabling UBSAN produced no warnings, and changed the inlining
behavior such that FlashPoint_HandleInterrupt only uses 656B rather
than 2272 via allmodconfig.

Seems specific to:
```
CONFIG_UBSAN=y
CONFIG_CC_HAS_UBSAN_ARRAY_BOUNDS=y
CONFIG_UBSAN_BOUNDS=y
CONFIG_UBSAN_ARRAY_BOUNDS=y
# CONFIG_UBSAN_SHIFT is not set
# CONFIG_UBSAN_UNREACHABLE is not set
# CONFIG_UBSAN_BOOL is not set
# CONFIG_UBSAN_ENUM is not set
CONFIG_UBSAN_SANITIZE_ALL=y
```
but adding these on top of powernv_defconfig I couldn't reproduce.  So
perhaps we can do a config bisection between allmodconfig and
powernv_defconfig to see what combination of configs in allmodconfig
is causing this to blow up.

> > compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project.git 4a5ac14ee968ff0ad5d2cc1ffa0299048db4c88a)
> > reproduce (this is a W=1 build):
> >         mkdir -p ~/bin
> >         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
> >         chmod +x ~/bin/make.cross
> >         # install powerpc cross compiling tool for clang build
> >         # apt-get install binutils-powerpc-linux-gnu
> >         # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=df8fc4e934c12b906d08050d7779f292b9c5c6b5
> >         git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> >         git fetch --no-tags linux-next master
> >         git checkout df8fc4e934c12b906d08050d7779f292b9c5c6b5
> >         # save the config file
> >         mkdir build_dir && cp config build_dir/.config
> >         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang ~/bin/make.cross W=1 O=build_dir ARCH=powerpc olddefconfig
> >         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang ~/bin/make.cross W=1 O=build_dir ARCH=powerpc SHELL=/bin/bash drivers/
> >
> > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > the same patch/commit), kindly add following tags
> > | Reported-by: kernel test robot <lkp@intel.com>
> > | Closes: https://lore.kernel.org/oe-kbuild-all/202306100035.VTusNhm4-lkp@intel.com/
> >
> > All warnings (new ones prefixed by >>):
> >
> >    In file included from drivers/scsi/BusLogic.c:51:
> > >> drivers/scsi/FlashPoint.c:1712:12: warning: stack frame size (1056) exceeds limit (1024) in 'FlashPoint_HandleInterrupt' [-Wframe-larger-than]
> >     1712 | static int FlashPoint_HandleInterrupt(void *pcard)
> >          |            ^
> >    1 warning generated.
>
> I wasn't able to generate the warning with my Clang, but it sure is
> close! Building with KCFLAGS=-Rpass-analysis=stack-frame-layout I see:
>
>
> In file included from ../drivers/scsi/BusLogic.c:51:
> ../drivers/scsi/FlashPoint.c:1713:1: remark:
> Function: FlashPoint_HandleInterrupt
> Offset: [SP-4], Type: Protector, Align: 4, Size: 4
> Offset: [SP-8], Type: Spill, Align: 8, Size: 4
> Offset: [SP-12], Type: Spill, Align: 4, Size: 4
> Offset: [SP-16], Type: Spill, Align: 16, Size: 4

Perhaps alignment 16B for a 4B variable leads to excessive padding?
Perhaps this config changes the alignment of a type?  No, looks like
most spills are the 4B w/ 4B alignment and the 16B alignment spills
are insignificant.

> Offset: [SP-20], Type: Spill, Align: 4, Size: 4
> Offset: [SP-24], Type: Spill, Align: 8, Size: 4
> Offset: [SP-28], Type: Spill, Align: 4, Size: 4
> Offset: [SP-32], Type: Spill, Align: 16, Size: 4
> Offset: [SP-36], Type: Spill, Align: 4, Size: 4
> Offset: [SP-40], Type: Spill, Align: 8, Size: 4
> Offset: [SP-44], Type: Spill, Align: 4, Size: 4
> Offset: [SP-48], Type: Spill, Align: 16, Size: 4
> Offset: [SP-52], Type: Spill, Align: 4, Size: 4
> Offset: [SP-56], Type: Spill, Align: 8, Size: 4
> Offset: [SP-60], Type: Spill, Align: 4, Size: 4
> Offset: [SP-64], Type: Spill, Align: 16, Size: 4
> Offset: [SP-68], Type: Spill, Align: 4, Size: 4
> Offset: [SP-72], Type: Spill, Align: 8, Size: 4
> Offset: [SP-76], Type: Variable, Align: 4, Size: 4
> Offset: [SP-80], Type: Spill, Align: 4, Size: 4
> Offset: [SP-84], Type: Spill, Align: 4, Size: 4
> ...[4 byte spills]...
> Offset: [SP-1012], Type: Variable, Align: 4, Size: 4
> Offset: [SP-1016], Type: Variable, Align: 4, Size: 4
> [-Rpass-analysis=stack-frame-layout]
>
> So something is very weird in FlashPoint_HandleInterrupt -- it has a
> single while loop with an internal if/else if/.../else chain. So I don't
> see why it would need such extensive spills...
>
> This seems like a missed optimization in Clang, maybe?
>
> --
> Kees Cook
>


-- 
Thanks,
~Nick Desaulniers

Re: [linux-next:master 3357/8413] drivers/scsi/FlashPoint.c:1712:12: warning: stack frame size (1056) exceeds limit (1024) in 'FlashPoint_HandleInterrupt'

[Kees Cook]

On Wed, Jun 14, 2023 at 04:27:46PM -0400, Nick Desaulniers wrote:
> On Tue, Jun 13, 2023 at 5:22 PM Kees Cook <keescook@chromium.org> wrote:
> >
> > On Sat, Jun 10, 2023 at 12:58:23AM +0800, kernel test robot wrote:
> > > First bad commit (maybe != root cause):
> > >
> > > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> > > head:   53ab6975c12d1ad86c599a8927e8c698b144d669
> > > commit: df8fc4e934c12b906d08050d7779f292b9c5c6b5 [3357/8413] kbuild: Enable -fstrict-flex-arrays=3
> > > config: powerpc-allmodconfig (https://download.01.org/0day-ci/archive/20230610/202306100035.VTusNhm4-lkp@intel.com/config)
> 
> ^ I just checked this config. CONFIG_KASAN=y is not set, so this is
> not a case of
> https://github.com/ClangBuiltLinux/linux/issues/39
> 
> UBSAN is though (maybe a red herring) as well as GCOV and TSAN/KCSAN.
> 
> Disabling GCOV did not change the stack usage from allmodconfig.
> 
> Disable KCSAN dropped it down from 2272 to 2160.
> 
> Disabling UBSAN produced no warnings, and changed the inlining
> behavior such that FlashPoint_HandleInterrupt only uses 656B rather
> than 2272 via allmodconfig.
> 
> Seems specific to:
> ```
> CONFIG_UBSAN=y
> CONFIG_CC_HAS_UBSAN_ARRAY_BOUNDS=y
> CONFIG_UBSAN_BOUNDS=y
> CONFIG_UBSAN_ARRAY_BOUNDS=y
> # CONFIG_UBSAN_SHIFT is not set
> # CONFIG_UBSAN_UNREACHABLE is not set
> # CONFIG_UBSAN_BOOL is not set
> # CONFIG_UBSAN_ENUM is not set
> CONFIG_UBSAN_SANITIZE_ALL=y
> ```
> but adding these on top of powernv_defconfig I couldn't reproduce.  So
> perhaps we can do a config bisection between allmodconfig and
> powernv_defconfig to see what combination of configs in allmodconfig
> is causing this to blow up.

I think you're missing:

CONFIG_SCSI_BUSLOGIC=y
CONFIG_SCSI_FLASHPOINT=y

Or the function doesn't get built. I'm using powernv_defconfig plus your
UBSAN configs and the 2 above:

make -j128 O=clang-ppc LLVM=1 ARCH=powerpc \
	KCFLAGS=-Rpass-analysis=stack-frame-layout \
	drivers/scsi/BusLogic.o

And I see the huge stack usage.

Having -fstrict-flex-arrays=3's seems to contribute about 200B:

Enabled:
	Offset: [SP-2032], Type: Spill, Align: 8, Size: 8
Disabled:
	Offset: [SP-1808], Type: Spill, Align: 8, Size: 8

Even just a quick check of structs, I see several that gain UBSAN_BOUNDS
coverage as a result (i.e. that have trailing arrays):

	struct sccb_mgr_tar_info
	struct nvram_info
	struct sccb_card

So everything is working "as intended" from that perspective.

Is this just the result of inlining? Some of the called functions are
short, but FPT_sres() is not and has comical indentation. If everything
got inlined into FlashPoint_HandleInterrupt() and all the array indexes
get instrumented, maybe that's it? Though I'd expect stack slot reuse
for array index instrumentation... so maybe it's similar to what is
mentioned in:
https://github.com/ClangBuiltLinux/linux/issues/39#issuecomment-1273688761

-Kees

-- 
Kees Cook