From 4a1d823f70ac8182cbc5a4bd3c76beeb952e9683 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
Date: Fri, 20 Oct 2017 09:27:23 +0200
Subject: [PATCH] x86/string: fix memmove when size is 0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

ubsan in clang 5.0 complains with:

(XEN) UBSAN: Undefined behaviour in string.c:50:28
(XEN) pointer overflow:
(XEN) addition of unsigned offset to ffff830000100000 overflowed to ffff8300000fffff
[...]
(XEN) Xen call trace:
(XEN)    [<ffff82d0802dce0d>] ubsan.c#ubsan_epilogue+0xd/0xc0
(XEN)    [<ffff82d0802de145>] __ubsan_handle_pointer_overflow+0xa5/0xe0
(XEN)    [<ffff82d0803bf627>] memmove+0x67/0x80
(XEN)    [<ffff82d080679f87>] page_alloc.c#bootmem_region_add+0x157/0x220
(XEN)    [<ffff82d080679c66>] init_boot_pages+0x56/0x220
(XEN)    [<ffff82d0806bcb9d>] __start_xen+0x2c2d/0x4b50
(XEN)    [<ffff82d0802000f3>] __high_start+0x53/0x60

This is due to memmove doing a n-1+addr when n is 0. This is harmless
because the loop is bounded to 0. Fix this by returning earlier when n
is 0.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
[jb: add return value and unlikely()]
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Release-acked-by: Julien Grall <julien.grall@linaro.org>
---
 xen/arch/x86/string.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/xen/arch/x86/string.c b/xen/arch/x86/string.c
index cd85a38e6d..e2f84638c4 100644
--- a/xen/arch/x86/string.c
+++ b/xen/arch/x86/string.c
@@ -39,6 +39,9 @@ void *(memmove)(void *dest, const void *src, size_t n)
 {
     long d0, d1, d2;
 
+    if ( unlikely(!n) )
+        return dest;
+
     if ( dest < src )
         return memcpy(dest, src, n);
 
-- 
2.30.2