Re: [PATCH] io_uring: cast id to u64 before shifting in io_allocate_rbuf_ring()

Next message: Paul Moore: "Re: [PATCH v2 17/23] mm: convert do_brk_flags() to use vma_flags_t"
Previous message: Google: "Re: [PATCH v9 0/4] ring-buffer: Making persistent ring buffers robust"
In reply to: Jens Axboe: "Re: [PATCH] io_uring: cast id to u64 before shifting in io_allocate_rbuf_ring()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pavel Begunkov

Date: Mon Mar 16 2026 - 19:23:03 EST

On 3/16/26 19:37, Jens Axboe wrote:

On 3/16/26 9:06 AM, Anas Iqbal wrote:

Smatch warns:
io_uring/zcrx.c:393 io_allocate_rbuf_ring() warn: should 'id << 16' be a 64 bit type?

The expression 'id << IORING_OFF_PBUF_SHIFT' is evaluated using 32-bit
arithmetic because id is a u32. This may overflow before being promoted
to the 64-bit mmap_offset.

Cast id to u64 before shifting to ensure the shift is performed in
64-bit arithmetic.

I'd be impressed if 'id' could be large enough to cause this to
overflow. AFAICT, you'd need more than 64K interface queues registered
to hit this. So I think this should be reframed as a cleanup, to appease
smatch.

Pretty much so. I'll queue up the patch targeting 7.1, thanks

--
Pavel Begunkov