io_uring: cast id to u64 before shifting in io_allocate_rbuf_ring()

Smatch warns:
io_uring/zcrx.c:393 io_allocate_rbuf_ring() warn: should 'id << 16' be a 64 bit type?

The expression 'id << IORING_OFF_PBUF_SHIFT' is evaluated using 32-bit
arithmetic because id is a u32. This may overflow before being promoted
to the 64-bit mmap_offset.

Cast id to u64 before shifting to ensure the shift is performed in
64-bit arithmetic.

Signed-off-by: Anas Iqbal <mohd.abd.6602@gmail.com>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://patch.msgid.link/52400e1b343691416bef3ed3ae287fb1a88d407f.1774780198.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/zcrx.c b/io_uring/zcrx.c
index 1ce867c68446b1c7aa767adcddf306cf05cb3731..b8f15439d5df6bfac32f320310ce639e746b84f1 100644 (file)
--- a/io_uring/zcrx.c
+++ b/io_uring/zcrx.c
@@ -384,7 +384,7 @@ static int io_allocate_rbuf_ring(struct io_ring_ctx *ctx,
                return -EINVAL;
 
        mmap_offset = IORING_MAP_OFF_ZCRX_REGION;
-       mmap_offset += id << IORING_OFF_PBUF_SHIFT;
+       mmap_offset += (u64)id << IORING_OFF_PBUF_SHIFT;
 
        ret = io_create_region(ctx, &ifq->rq_region, rd, mmap_offset);
        if (ret < 0)