Commit 77d8c8d0 authored Mar 31, 2026 by Anas Iqbal Committed by Jens Axboe Apr 01, 2026

io_uring: cast id to u64 before shifting in io_allocate_rbuf_ring()



Smatch warns:
io_uring/zcrx.c:393 io_allocate_rbuf_ring() warn: should 'id << 16' be a 64 bit type?

The expression 'id << IORING_OFF_PBUF_SHIFT' is evaluated using 32-bit
arithmetic because id is a u32. This may overflow before being promoted
to the 64-bit mmap_offset.

Cast id to u64 before shifting to ensure the shift is performed in
64-bit arithmetic.

Signed-off-by: Anas Iqbal <mohd.abd.6602@gmail.com>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://patch.msgid.link/52400e1b343691416bef3ed3ae287fb1a88d407f.1774780198.git.asml.silence@gmail.com


Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent a9d00848

io_uring/zcrx.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -384,7 +384,7 @@ static int io_allocate_rbuf_ring(struct io_ring_ctx *ctx,
		return -EINVAL;

		mmap_offset = IORING_MAP_OFF_ZCRX_REGION;
		mmap_offset += id << IORING_OFF_PBUF_SHIFT;
		mmap_offset += (u64)id << IORING_OFF_PBUF_SHIFT;

		ret = io_create_region(ctx, &ifq->rq_region, rd, mmap_offset);
		if (ret < 0)