On Wed, Jun 14, 2023 at 04:27:46PM -0400, Nick Desaulniers wrote: > On Tue, Jun 13, 2023 at 5:22 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > On Sat, Jun 10, 2023 at 12:58:23AM +0800, kernel test robot wrote: > > > First bad commit (maybe != root cause): > > > > > > tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master > > > head: 53ab6975c12d1ad86c599a8927e8c698b144d669 > > > commit: df8fc4e934c12b906d08050d7779f292b9c5c6b5 [3357/8413] kbuild: Enable -fstrict-flex-arrays=3 > > > config: powerpc-allmodconfig (https://download.01.org/0day-ci/archive/20230610/202306100035.VTusNhm4-lkp@xxxxxxxxx/config) > > ^ I just checked this config. CONFIG_KASAN=y is not set, so this is > not a case of > https://github.com/ClangBuiltLinux/linux/issues/39 > > UBSAN is though (maybe a red herring) as well as GCOV and TSAN/KCSAN. > > Disabling GCOV did not change the stack usage from allmodconfig. > > Disable KCSAN dropped it down from 2272 to 2160. > > Disabling UBSAN produced no warnings, and changed the inlining > behavior such that FlashPoint_HandleInterrupt only uses 656B rather > than 2272 via allmodconfig. > > Seems specific to: > ``` > CONFIG_UBSAN=y > CONFIG_CC_HAS_UBSAN_ARRAY_BOUNDS=y > CONFIG_UBSAN_BOUNDS=y > CONFIG_UBSAN_ARRAY_BOUNDS=y > # CONFIG_UBSAN_SHIFT is not set > # CONFIG_UBSAN_UNREACHABLE is not set > # CONFIG_UBSAN_BOOL is not set > # CONFIG_UBSAN_ENUM is not set > CONFIG_UBSAN_SANITIZE_ALL=y > ``` > but adding these on top of powernv_defconfig I couldn't reproduce. So > perhaps we can do a config bisection between allmodconfig and > powernv_defconfig to see what combination of configs in allmodconfig > is causing this to blow up. I think you're missing: CONFIG_SCSI_BUSLOGIC=y CONFIG_SCSI_FLASHPOINT=y Or the function doesn't get built. I'm using powernv_defconfig plus your UBSAN configs and the 2 above: make -j128 O=clang-ppc LLVM=1 ARCH=powerpc \ KCFLAGS=-Rpass-analysis=stack-frame-layout \ drivers/scsi/BusLogic.o And I see the huge stack usage. Having -fstrict-flex-arrays=3's seems to contribute about 200B: Enabled: Offset: [SP-2032], Type: Spill, Align: 8, Size: 8 Disabled: Offset: [SP-1808], Type: Spill, Align: 8, Size: 8 Even just a quick check of structs, I see several that gain UBSAN_BOUNDS coverage as a result (i.e. that have trailing arrays): struct sccb_mgr_tar_info struct nvram_info struct sccb_card So everything is working "as intended" from that perspective. Is this just the result of inlining? Some of the called functions are short, but FPT_sres() is not and has comical indentation. If everything got inlined into FlashPoint_HandleInterrupt() and all the array indexes get instrumented, maybe that's it? Though I'd expect stack slot reuse for array index instrumentation... so maybe it's similar to what is mentioned in: https://github.com/ClangBuiltLinux/linux/issues/39#issuecomment-1273688761 -Kees -- Kees Cook
