Re: [bug report] io_uring: add support for fixed wait regions

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jens Axboe <axboe@kernel.dk>
To: Dan Carpenter <dan.carpenter@linaro.org>
Cc: io-uring@vger.kernel.org
Subject: Re: [bug report] io_uring: add support for fixed wait regions
Date: Wed, 30 Oct 2024 07:22:49 -0600	[thread overview]
Message-ID: <eebde978-cf9b-4586-9dcf-0ff62e535a2d@kernel.dk> (raw)
In-Reply-To: <3191af58-8707-4916-a657-ee376b36810a@stanley.mountain>

On 10/30/24 5:40 AM, Dan Carpenter wrote:
> Hello Jens Axboe,
> 
> Commit 4b926ab18279 ("io_uring: add support for fixed wait regions")
> from Oct 22, 2024 (linux-next), leads to the following Smatch static
> checker warning:
> 
> 	io_uring/register.c:616 io_register_cqwait_reg()
> 	warn: was expecting a 64 bit value instead of '~(~(((1) << 12) - 1))'
> 
> io_uring/register.c
>     594 static int io_register_cqwait_reg(struct io_ring_ctx *ctx, void __user *uarg)
>     595 {
>     596         struct io_uring_cqwait_reg_arg arg;
>     597         struct io_uring_reg_wait *reg;
>     598         struct page **pages;
>     599         unsigned long len;
>     600         int nr_pages, poff;
>     601         int ret;
>     602 
>     603         if (ctx->cq_wait_page || ctx->cq_wait_arg)
>     604                 return -EBUSY;
>     605         if (copy_from_user(&arg, uarg, sizeof(arg)))
>     606                 return -EFAULT;
>     607         if (!arg.nr_entries || arg.flags)
>     608                 return -EINVAL;
>     609         if (arg.struct_size != sizeof(*reg))
>     610                 return -EINVAL;
>     611         if (check_mul_overflow(arg.struct_size, arg.nr_entries, &len))
>     612                 return -EOVERFLOW;
>     613         if (len > PAGE_SIZE)
>     614                 return -EINVAL;
>     615         /* offset + len must fit within a page, and must be reg_wait aligned */
> --> 616         poff = arg.user_addr & ~PAGE_MASK;
> 
> This is a harmless thing, but on 32 bit systems you can put whatever you want in
> the high 32 bits of arg.user_addr and it won't affect anything.

That is certainly true, it'll get masked away. I suspect this kind of
thing is everywhere, though? What do you suggest?

-- 
Jens Axboe

next prev parent reply	other threads:[~2024-10-30 13:22 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-30 11:40 [bug report] io_uring: add support for fixed wait regions Dan Carpenter
2024-10-30 13:22 ` Jens Axboe [this message]
2024-10-30 13:58   ` Dan Carpenter
2024-10-30 14:17     ` Jens Axboe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=eebde978-cf9b-4586-9dcf-0ff62e535a2d@kernel.dk \
    --to=axboe@kernel.dk \
    --cc=dan.carpenter@linaro.org \
    --cc=io-uring@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.