[PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen

From: PardhuVarma Konduru

Date: Sun May 03 2026 - 11:15:00 EST


KMSAN reports an uninitialized-value use in encrypted_key_alloc()
due to dlen being referenced in a compound condition when kstrtol()
fails.

Split the condition to ensure dlen is only accessed after successful
initialization.

Preserve original error handling semantics.

Reported-by: syzbot+23d7fcd204e3837866ff@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: PardhuVarma Konduru <pardhuvarma.kernel@xxxxxxxxx>
---
security/keys/encrypted-keys/encrypted.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/keys/encrypted-keys/encrypted.c
b/security/keys/encrypted-keys/encrypted.c
index 56b531587a1e..4bf4b4e8f7b5 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -588,7 +588,9 @@ static struct encrypted_key_payload
*encrypted_key_alloc(struct key *key,
int ret;

ret = kstrtol(datalen, 10, &dlen);
- if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
+ if (ret < 0)
+ return ERR_PTR(-EINVAL);
+ if (dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
return ERR_PTR(-EINVAL);

format_len = (!format) ? strlen(key_format_default) : strlen(format);
--
2.54.0