Forwarded: Re: [PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen
From: syzbot
Date: Mon May 04 2026 - 10:19:56 EST
For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx, syzkaller-bugs@xxxxxxxxxxxxxxxx.
***
Subject: Re: [PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen
Author: pardhuvarma.kernel@xxxxxxxxx
#syz test
On Mon, May 4, 2026 at 7:45 PM PardhuVarma Konduru <
pardhuvarma.kernel@xxxxxxxxx> wrote:
> KMSAN reports an uninitialized-value use in encrypted_key_alloc()
> due to dlen being referenced in a compound condition when kstrtol()
> fails.
>
> Split the condition to ensure dlen is only accessed after successful
> initialization.
>
> Preserve original error handling semantics.
>
> Reported-by: syzbot+23d7fcd204e3837866ff@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: PardhuVarma Konduru <pardhuvarma.kernel@xxxxxxxxx>
> ---
> security/keys/encrypted-keys/encrypted.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/security/keys/encrypted-keys/encrypted.c
> b/security/keys/encrypted-keys/encrypted.c
> index 56b531587a1e..4bf4b4e8f7b5 100644
> --- a/security/keys/encrypted-keys/encrypted.c
> +++ b/security/keys/encrypted-keys/encrypted.c
> @@ -588,7 +588,9 @@ static struct encrypted_key_payload
> *encrypted_key_alloc(struct key *key,
> int ret;
>
> ret = kstrtol(datalen, 10, &dlen);
> - if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
> + if (ret < 0)
> + return ERR_PTR(-EINVAL);
> + if (dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
> return ERR_PTR(-EINVAL);
>
> format_len = (!format) ? strlen(key_format_default) :
> strlen(format);
> --
> 2.54.0
>
>