From 50ae2d0cb625a5c122f27ee69fc2f81479eee33e Mon Sep 17 00:00:00 2001
From: Xi Wang <xi@mit.edu>
Date: Fri, 15 Mar 2013 10:26:17 +0100
Subject: [PATCH] x86/mm: avoid undefined behavior in IS_NIL()

Since pointer overflow is undefined behavior in C, some compilers such
as clang optimize away the check !((ptr) + 1) in the macro IS_NIL().

This patch fixes the issue by casting the pointer type to uintptr_t,
the operations of which are well-defined.

Signed-off-by: Xi Wang <xi@mit.edu>

With that, we also need to avoid the overflow in NIL().

Note that either part of the change results in the respective macros to
become unsuitable for use with "void".

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
 xen/include/asm-x86/mm.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h
index fd9d654433..41d3209264 100644
--- a/xen/include/asm-x86/mm.h
+++ b/xen/include/asm-x86/mm.h
@@ -573,8 +573,8 @@ int donate_page(
 
 int map_ldt_shadow_page(unsigned int);
 
-#define NIL(type) ((type *)NULL - 1)
-#define IS_NIL(ptr) (!((ptr) + 1))
+#define NIL(type) ((type *)-sizeof(type))
+#define IS_NIL(ptr) (!((uintptr_t)(ptr) + sizeof(*(ptr))))
 
 int create_perdomain_mapping(struct domain *, unsigned long va,
                              unsigned int nr, l1_pgentry_t **,
-- 
2.30.2