__cvdso_clock_gettime_common() and __cvdso_clock_getres_common() build a
u32 bitmask from clockid_t using "1U << clock". This requires the shift
amount to be < 32, otherwise leading to undefined behaviour.

Add a guard to reject out-of-range clockids before building the bitmask.
This avoids undefined shifts and silences sparse "shift too big" warnings.

No functional change intended.

Signed-off-by: Sun Jian <sun.jian.kdev@gmail.com>
---
 lib/vdso/gettimeofday.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/vdso/gettimeofday.c b/lib/vdso/gettimeofday.c
index 95df0153f05a..eee30f2bc6c6 100644
--- a/lib/vdso/gettimeofday.c
+++ b/lib/vdso/gettimeofday.c
@@ -298,6 +298,9 @@ __cvdso_clock_gettime_common(const struct vdso_time_data *vd, clockid_t clock,
 	 * Convert the clockid to a bitmask and use it to check which
 	 * clocks are handled in the VDSO directly.
 	 */
+	if ((u32)clock >= 32)
+		return false;
+
 	msk = 1U << clock;
 	if (likely(msk & VDSO_HRES))
 		vc = &vc[CS_HRES_COARSE];
@@ -440,6 +443,9 @@ bool __cvdso_clock_getres_common(const struct vdso_time_data *vd, clockid_t cloc
 	 * Convert the clockid to a bitmask and use it to check which
 	 * clocks are handled in the VDSO directly.
 	 */
+	if ((u32)clock >= 32)
+		return false;
+
 	msk = 1U << clock;
 	if (msk & (VDSO_HRES | VDSO_RAW)) {
 		/*
-- 
2.43.0

On Wed, Jan 14, 2026 at 04:45:29PM +0800, Sun Jian wrote:
> __cvdso_clock_gettime_common() and __cvdso_clock_getres_common() build a
> u32 bitmask from clockid_t using "1U << clock". This requires the shift
> amount to be < 32, otherwise leading to undefined behaviour.
> 
> Add a guard to reject out-of-range clockids before building the bitmask.
> This avoids undefined shifts and silences sparse "shift too big" warnings.
> 
> No functional change intended.
> 
> Signed-off-by: Sun Jian <sun.jian.kdev@gmail.com>
> ---
>  lib/vdso/gettimeofday.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/lib/vdso/gettimeofday.c b/lib/vdso/gettimeofday.c
> index 95df0153f05a..eee30f2bc6c6 100644
> --- a/lib/vdso/gettimeofday.c
> +++ b/lib/vdso/gettimeofday.c
> @@ -298,6 +298,9 @@ __cvdso_clock_gettime_common(const struct vdso_time_data *vd, clockid_t clock,
>  	 * Convert the clockid to a bitmask and use it to check which
>  	 * clocks are handled in the VDSO directly.
>  	 */
> +	if ((u32)clock >= 32)
> +		return false;

Right above is this check:

if (!vdso_clockid_valid(clock))
	return false;


where:

static __always_inline bool vdso_clockid_valid(clockid_t clock)
{
	/* Check for negative values or invalid clocks */
	/* CLOCK_AUX_LAST == 23 */
	return likely((u32) clock <= CLOCK_AUX_LAST);
}


So this looks like a false-positive. Can you post the sparse warning?


Thomas

On Wed, Jan 14, 2026 at 4:56 PM Thomas Weißschuh
<thomas.weissschuh@linutronix.de> wrote:
> So this looks like a false-positive. Can you post the sparse warning?
Here is the sparse warning I saw:

  arch/x86/entry/vdso/vdso32/../../../../../lib/vdso/gettimeofday.c:454:26:
    warning: shift too big (40) for type unsigned long

It is emitted when checking the vdso32 include path via vclock_gettime.c.

Given that vdso_clockid_valid() bounds clock to <= CLOCK_AUX_LAST (23),
the shift cannot reach that value in practice. So I agree this is a sparse
false positive in this analysis context.

I'll drop this patch rather than adding a redundant runtime check.

Thanks,
Sun

On Wed, Jan 14, 2026 at 05:31:48PM +0800, sun jian wrote:
> On Wed, Jan 14, 2026 at 4:56 PM Thomas Weißschuh
> <thomas.weissschuh@linutronix.de> wrote:
> > So this looks like a false-positive. Can you post the sparse warning?
> Here is the sparse warning I saw:
> 
>   arch/x86/entry/vdso/vdso32/../../../../../lib/vdso/gettimeofday.c:454:26:
>     warning: shift too big (40) for type unsigned long
> 
> It is emitted when checking the vdso32 include path via vclock_gettime.c.

On which specific kernel commit are you?

The message points to '} else if (msg & VDSO_AUX) {'. This means that it probably
complains about the shift in '#define VDSO_AUX __GENMASK(CLOCK_AUX_LAST, CLOCK_AUX)'.
We had problems in that area before, so I'd like to get all the details.

Which sparse version are you using?

(...)


Thomas

On Wed, Jan 14, 2026 at 5:53 PM Thomas Weißschuh
<thomas.weissschuh@linutronix.de> wrote:
> On which specific kernel commit are you?
I'm on:
  b71e635feefc852405b14620a7fc58c4c80c0f73
  ("Merge tag 'cgroup-for-6.19-rc5-fixes'")
, no tags available.
> The message points to '} else if (msg & VDSO_AUX) {'. This means that it probably
> complains about the shift in '#define VDSO_AUX __GENMASK(CLOCK_AUX_LAST, CLOCK_AUX)'.
> We had problems in that area before, so I'd like to get all the details.
>
> Which sparse version are you using?
Sparse version:

  v0.6.4-73-gfbdde312

The warning was reproduced with gcc + CHECK=sparse on x86, via the vdso32
include path (arch/x86/entry/vdso/vdso32/vclock_gettime.c).

Thanks,
Sun

On Wed, Jan 14, 2026 at 06:26:17PM +0800, sun jian wrote:
> On Wed, Jan 14, 2026 at 5:53 PM Thomas Weißschuh
> <thomas.weissschuh@linutronix.de> wrote:
> > On which specific kernel commit are you?
> I'm on:
>   b71e635feefc852405b14620a7fc58c4c80c0f73
>   ("Merge tag 'cgroup-for-6.19-rc5-fixes'")
> , no tags available.
> > The message points to '} else if (msg & VDSO_AUX) {'. This means that it probably
> > complains about the shift in '#define VDSO_AUX __GENMASK(CLOCK_AUX_LAST, CLOCK_AUX)'.
> > We had problems in that area before, so I'd like to get all the details.
> >
> > Which sparse version are you using?
> Sparse version:
> 
>   v0.6.4-73-gfbdde312
> 
> The warning was reproduced with gcc + CHECK=sparse on x86, via the vdso32
> include path (arch/x86/entry/vdso/vdso32/vclock_gettime.c).

I was able to reproduce the warning. It is a false positive due to the way
sparse is configured. The 32-bit compat vDSO is using the 64-bit sparse flags.

See also:
https://lore.kernel.org/lkml/20251107155158-90fb8c9c-59bf-47b3-8756-7c406166db70@linutronix.de/


Thomas