From: Xi Wang <xi@mit.edu>
Date: Fri, 15 Mar 2013 09:26:17 +0000 (+0100)
Subject: x86/mm: avoid undefined behavior in IS_NIL()
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~7105
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=50ae2d0cb625a5c122f27ee69fc2f81479eee33e;p=xen.git

x86/mm: avoid undefined behavior in IS_NIL()

Since pointer overflow is undefined behavior in C, some compilers such
as clang optimize away the check !((ptr) + 1) in the macro IS_NIL().

This patch fixes the issue by casting the pointer type to uintptr_t,
the operations of which are well-defined.

Signed-off-by: Xi Wang <xi@mit.edu>

With that, we also need to avoid the overflow in NIL().

Note that either part of the change results in the respective macros to
become unsuitable for use with "void".

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h
index fd9d654433..41d3209264 100644
--- a/xen/include/asm-x86/mm.h
+++ b/xen/include/asm-x86/mm.h
@@ -573,8 +573,8 @@ int donate_page(
 
 int map_ldt_shadow_page(unsigned int);
 
-#define NIL(type) ((type *)NULL - 1)
-#define IS_NIL(ptr) (!((ptr) + 1))
+#define NIL(type) ((type *)-sizeof(type))
+#define IS_NIL(ptr) (!((uintptr_t)(ptr) + sizeof(*(ptr))))
 
 int create_perdomain_mapping(struct domain *, unsigned long va,
                              unsigned int nr, l1_pgentry_t **,