Forwarded: Re: [PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen

Posted by syzbot 1 month, 1 week ago
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: [PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen
Author: pardhuvarma.kernel@gmail.com

#syz test

KMSAN reports an uninitialized-value use in encrypted_key_alloc()
due to dlen being referenced in a compound condition when kstrtol()
fails.

Split the condition to ensure dlen is only accessed after successful
initialization.

Preserve original error handling semantics.

Reported-by: syzbot+23d7fcd204e3837866ff@syzkaller.appspotmail.com
Signed-off-by: PardhuVarma Konduru <pardhuvarma.kernel@gmail.com>
---
 security/keys/encrypted-keys/encrypted.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/keys/encrypted-keys/encrypted.c
b/security/keys/encrypted-keys/encrypted.c
index 56b531587a1e..4bf4b4e8f7b5 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -588,7 +588,9 @@ static struct encrypted_key_payload
*encrypted_key_alloc(struct key *key,
  int ret;

  ret = kstrtol(datalen, 10, &dlen);
- if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
+ if (ret < 0)
+ return ERR_PTR(-EINVAL);
+ if (dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
  return ERR_PTR(-EINVAL);

  format_len = (!format) ? strlen(key_format_default) : strlen(format);
-- 
2.54.0

On Mon, May 4, 2026 at 3:22 AM PardhuVarma Konduru <
pardhuvarma.kernel@gmail.com> wrote:

> KMSAN reports an uninitialized-value use in encrypted_key_alloc()
> due to dlen being referenced in a compound condition when kstrtol()
> fails.
>
> Split the condition to ensure dlen is only accessed after successful
> initialization.
>
> Preserve original error handling semantics.
>
> Reported-by: syzbot+23d7fcd204e3837866ff@syzkaller.appspotmail.com
> Signed-off-by: PardhuVarma Konduru <pardhuvarma.kernel@gmail.com>
> ---
>  security/keys/encrypted-keys/encrypted.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/security/keys/encrypted-keys/encrypted.c
> b/security/keys/encrypted-keys/encrypted.c
> index 56b531587a1e..4bf4b4e8f7b5 100644
> --- a/security/keys/encrypted-keys/encrypted.c
> +++ b/security/keys/encrypted-keys/encrypted.c
> @@ -588,7 +588,9 @@ static struct encrypted_key_payload
> *encrypted_key_alloc(struct key *key,
>         int ret;
>
>         ret = kstrtol(datalen, 10, &dlen);
> -       if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
> +       if (ret < 0)
> +               return ERR_PTR(-EINVAL);
> +       if (dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
>                 return ERR_PTR(-EINVAL);
>
>         format_len = (!format) ? strlen(key_format_default) :
> strlen(format);
> --
> 2.54.0
>
>