Re: [PATCH] io_uring: cast id to u64 before shifting in io_allocate_rbuf_ring()

Next message: Dmitry Baryshkov: "Re: [PATCH] arm64: dts: qcom: hamoa: Fix OPP tables for all DisplayPort controllers"
Previous message: Mathieu Desnoyers: "Re: [RFC PATCH] futex: Introduce __vdso_robust_futex_unlock"
In reply to: Anas Iqbal: "[PATCH] io_uring: cast id to u64 before shifting in io_allocate_rbuf_ring()"
Next in thread: Pavel Begunkov: "Re: [PATCH] io_uring: cast id to u64 before shifting in io_allocate_rbuf_ring()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jens Axboe

Date: Mon Mar 16 2026 - 15:37:54 EST

On 3/16/26 9:06 AM, Anas Iqbal wrote:
> Smatch warns:
> io_uring/zcrx.c:393 io_allocate_rbuf_ring() warn: should 'id << 16' be a 64 bit type?
>
> The expression 'id << IORING_OFF_PBUF_SHIFT' is evaluated using 32-bit
> arithmetic because id is a u32. This may overflow before being promoted
> to the 64-bit mmap_offset.
>
> Cast id to u64 before shifting to ensure the shift is performed in
> 64-bit arithmetic.

I'd be impressed if 'id' could be large enough to cause this to
overflow. AFAICT, you'd need more than 64K interface queues registered
to hit this. So I think this should be reframed as a cleanup, to appease
smatch.

I'll defer to Pavel on that one.

--
Jens Axboe