x86/string: fix memmove when size is 0

ubsan in clang 5.0 complains with:

(XEN) UBSAN: Undefined behaviour in string.c:50:28
(XEN) pointer overflow:
(XEN) addition of unsigned offset to ffff830000100000 overflowed to ffff8300000fffff
[...]
(XEN) Xen call trace:
(XEN)    [<ffff82d0802dce0d>] ubsan.c#ubsan_epilogue+0xd/0xc0
(XEN)    [<ffff82d0802de145>] __ubsan_handle_pointer_overflow+0xa5/0xe0
(XEN)    [<ffff82d0803bf627>] memmove+0x67/0x80
(XEN)    [<ffff82d080679f87>] page_alloc.c#bootmem_region_add+0x157/0x220
(XEN)    [<ffff82d080679c66>] init_boot_pages+0x56/0x220
(XEN)    [<ffff82d0806bcb9d>] __start_xen+0x2c2d/0x4b50
(XEN)    [<ffff82d0802000f3>] __high_start+0x53/0x60

This is due to memmove doing a n-1+addr when n is 0. This is harmless
because the loop is bounded to 0. Fix this by returning earlier when n
is 0.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
[jb: add return value and unlikely()]
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Release-acked-by: Julien Grall <julien.grall@linaro.org>

diff --git a/xen/arch/x86/string.c b/xen/arch/x86/string.c
index cd85a38e6d7713351fa79ccc24bd2385845fe7f1..e2f84638c4b2921fecbca4141b8ee9c63c976144 100644 (file)
--- a/xen/arch/x86/string.c
+++ b/xen/arch/x86/string.c
@@ -39,6 +39,9 @@ void *(memmove)(void *dest, const void *src, size_t n)
 {
     long d0, d1, d2;
 
+    if ( unlikely(!n) )
+        return dest;
+
     if ( dest < src )
         return memcpy(dest, src, n);