We check the padding of other uAPI v2 structures but not that of line
config attributes. Add the missing check.

Fixes: 3c0d9c635ae2 ("gpiolib: cdev: support GPIO_V2_GET_LINE_IOCTL and GPIO_V2_LINE_GET_VALUES_IOCTL")
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
---
 drivers/gpio/gpiolib-cdev.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
index f36b7c06996d70b2286edbd181899e4c572b9086..f6f49376a36288cdf44493334e766d6340294ed7 100644
--- a/drivers/gpio/gpiolib-cdev.c
+++ b/drivers/gpio/gpiolib-cdev.c
@@ -1184,6 +1184,7 @@ static int gpio_v2_line_flags_validate(u64 flags)
 static int gpio_v2_line_config_validate(struct gpio_v2_line_config *lc,
 					unsigned int num_lines)
 {
+	struct gpio_v2_line_config_attribute *attr;
 	unsigned int i;
 	u64 flags;
 	int ret;
@@ -1194,6 +1195,13 @@ static int gpio_v2_line_config_validate(struct gpio_v2_line_config *lc,
 	if (!mem_is_zero(lc->padding, sizeof(lc->padding)))
 		return -EINVAL;
 
+	for (i = 0; i < GPIO_V2_LINE_NUM_ATTRS_MAX; i++) {
+		attr = &lc->attrs[i];
+
+		if (!mem_is_zero(&attr->attr.padding, sizeof(attr->attr.padding)))
+			return -EINVAL;
+	}
+
 	for (i = 0; i < num_lines; i++) {
 		flags = gpio_v2_line_config_flags(lc, i);
 		ret = gpio_v2_line_flags_validate(flags);

---
base-commit: 6a50ba100ace43f43c87384367eb2d2605fcc16c
change-id: 20260519-gpio-cdev-attr-padding-check-7e52c98a3de7

Best regards,
-- 
Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>

On Tue, May 19, 2026 at 03:14:53PM +0200, Bartosz Golaszewski wrote:
> We check the padding of other uAPI v2 structures but not that of line
> config attributes. Add the missing check.
> 
> Fixes: 3c0d9c635ae2 ("gpiolib: cdev: support GPIO_V2_GET_LINE_IOCTL and GPIO_V2_LINE_GET_VALUES_IOCTL")
> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
> ---
>  drivers/gpio/gpiolib-cdev.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
> index f36b7c06996d70b2286edbd181899e4c572b9086..f6f49376a36288cdf44493334e766d6340294ed7 100644
> --- a/drivers/gpio/gpiolib-cdev.c
> +++ b/drivers/gpio/gpiolib-cdev.c
> @@ -1184,6 +1184,7 @@ static int gpio_v2_line_flags_validate(u64 flags)
>  static int gpio_v2_line_config_validate(struct gpio_v2_line_config *lc,
>  					unsigned int num_lines)
>  {
> +	struct gpio_v2_line_config_attribute *attr;
>  	unsigned int i;
>  	u64 flags;
>  	int ret;
> @@ -1194,6 +1195,13 @@ static int gpio_v2_line_config_validate(struct gpio_v2_line_config *lc,
>  	if (!mem_is_zero(lc->padding, sizeof(lc->padding)))
>  		return -EINVAL;
>  
> +	for (i = 0; i < GPIO_V2_LINE_NUM_ATTRS_MAX; i++) {
> +		attr = &lc->attrs[i];
> +
> +		if (!mem_is_zero(&attr->attr.padding, sizeof(attr->attr.padding)))
> +			return -EINVAL;
> +	}
> +

To be really pedantic, how about checking that all the unused attrs are zeroed?
With the loop here reduced to checking the padding of the used attrs.

Also, the attr padding is a u32, so is mem_is_zero() is overkill?

Cheers,
Kent.

>  	for (i = 0; i < num_lines; i++) {
>  		flags = gpio_v2_line_config_flags(lc, i);
>  		ret = gpio_v2_line_flags_validate(flags);
> 
> ---
> base-commit: 6a50ba100ace43f43c87384367eb2d2605fcc16c
> change-id: 20260519-gpio-cdev-attr-padding-check-7e52c98a3de7
> 
> Best regards,
> -- 
> Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
>

On Tue, May 19, 2026 at 3:44 PM Kent Gibson <warthog618@gmail.com> wrote:
>
> On Tue, May 19, 2026 at 03:14:53PM +0200, Bartosz Golaszewski wrote:
> > We check the padding of other uAPI v2 structures but not that of line
> > config attributes. Add the missing check.
> >
> > Fixes: 3c0d9c635ae2 ("gpiolib: cdev: support GPIO_V2_GET_LINE_IOCTL and GPIO_V2_LINE_GET_VALUES_IOCTL")
> > Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
> > ---
> >  drivers/gpio/gpiolib-cdev.c | 8 ++++++++
> >  1 file changed, 8 insertions(+)
> >
> > diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
> > index f36b7c06996d70b2286edbd181899e4c572b9086..f6f49376a36288cdf44493334e766d6340294ed7 100644
> > --- a/drivers/gpio/gpiolib-cdev.c
> > +++ b/drivers/gpio/gpiolib-cdev.c
> > @@ -1184,6 +1184,7 @@ static int gpio_v2_line_flags_validate(u64 flags)
> >  static int gpio_v2_line_config_validate(struct gpio_v2_line_config *lc,
> >                                       unsigned int num_lines)
> >  {
> > +     struct gpio_v2_line_config_attribute *attr;
> >       unsigned int i;
> >       u64 flags;
> >       int ret;
> > @@ -1194,6 +1195,13 @@ static int gpio_v2_line_config_validate(struct gpio_v2_line_config *lc,
> >       if (!mem_is_zero(lc->padding, sizeof(lc->padding)))
> >               return -EINVAL;
> >
> > +     for (i = 0; i < GPIO_V2_LINE_NUM_ATTRS_MAX; i++) {
> > +             attr = &lc->attrs[i];
> > +
> > +             if (!mem_is_zero(&attr->attr.padding, sizeof(attr->attr.padding)))
> > +                     return -EINVAL;
> > +     }
> > +
>
> To be really pedantic, how about checking that all the unused attrs are zeroed?
> With the loop here reduced to checking the padding of the used attrs.
>

Good point.

> Also, the attr padding is a u32, so is mem_is_zero() is overkill?
>

The intention is a bit more clearer this way IMO but I'm not going to
die on this hill. I can change it in v2.

Bartosz

> Cheers,
> Kent.
>
> >       for (i = 0; i < num_lines; i++) {
> >               flags = gpio_v2_line_config_flags(lc, i);
> >               ret = gpio_v2_line_flags_validate(flags);
> >
> > ---
> > base-commit: 6a50ba100ace43f43c87384367eb2d2605fcc16c
> > change-id: 20260519-gpio-cdev-attr-padding-check-7e52c98a3de7
> >
> > Best regards,
> > --
> > Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
> >