Forwarded: Re: [PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+23d7fcd204e3837866ff@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Forwarded: Re: [PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen
Date: Sun, 03 May 2026 15:02:58 -0700	[thread overview]
Message-ID: <69f7c612.050a0220.1584b9.0050.GAE@google.com> (raw)
In-Reply-To: <69e4ee46.a00a0220.1bd0ca.0058.GAE@google.com>

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: [PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen
Author: pardhuvarma.kernel@gmail.com

#syz test

KMSAN reports an uninitialized-value use in encrypted_key_alloc()
due to dlen being referenced in a compound condition when kstrtol()
fails.

Split the condition to ensure dlen is only accessed after successful
initialization.

Preserve original error handling semantics.

Reported-by: syzbot+23d7fcd204e3837866ff@syzkaller.appspotmail.com
Signed-off-by: PardhuVarma Konduru <pardhuvarma.kernel@gmail.com>
---
 security/keys/encrypted-keys/encrypted.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/keys/encrypted-keys/encrypted.c
b/security/keys/encrypted-keys/encrypted.c
index 56b531587a1e..4bf4b4e8f7b5 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -588,7 +588,9 @@ static struct encrypted_key_payload
*encrypted_key_alloc(struct key *key,
  int ret;

  ret = kstrtol(datalen, 10, &dlen);
- if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
+ if (ret < 0)
+ return ERR_PTR(-EINVAL);
+ if (dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
  return ERR_PTR(-EINVAL);

  format_len = (!format) ? strlen(key_format_default) : strlen(format);
-- 
2.54.0

On Mon, May 4, 2026 at 3:22 AM PardhuVarma Konduru <
pardhuvarma.kernel@gmail.com> wrote:

> KMSAN reports an uninitialized-value use in encrypted_key_alloc()
> due to dlen being referenced in a compound condition when kstrtol()
> fails.
>
> Split the condition to ensure dlen is only accessed after successful
> initialization.
>
> Preserve original error handling semantics.
>
> Reported-by: syzbot+23d7fcd204e3837866ff@syzkaller.appspotmail.com
> Signed-off-by: PardhuVarma Konduru <pardhuvarma.kernel@gmail.com>
> ---
>  security/keys/encrypted-keys/encrypted.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/security/keys/encrypted-keys/encrypted.c
> b/security/keys/encrypted-keys/encrypted.c
> index 56b531587a1e..4bf4b4e8f7b5 100644
> --- a/security/keys/encrypted-keys/encrypted.c
> +++ b/security/keys/encrypted-keys/encrypted.c
> @@ -588,7 +588,9 @@ static struct encrypted_key_payload
> *encrypted_key_alloc(struct key *key,
>         int ret;
>
>         ret = kstrtol(datalen, 10, &dlen);
> -       if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
> +       if (ret < 0)
> +               return ERR_PTR(-EINVAL);
> +       if (dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
>                 return ERR_PTR(-EINVAL);
>
>         format_len = (!format) ? strlen(key_format_default) :
> strlen(format);
> --
> 2.54.0
>
>

next prev parent reply	other threads:[~2026-05-03 22:02 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-19 15:01 [syzbot] [kernel?] KMSAN: uninit-value in irqentry_exit_to_kernel_mode_preempt syzbot
2026-05-03 13:01 ` syzbot
2026-05-03 16:52 ` Forwarded: " syzbot
2026-05-03 22:02 ` syzbot [this message]
2026-05-04 14:16 ` Forwarded: Re: [PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen syzbot

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:56b531587a1 dfblob:4bf4b4e8f7b )
 OR (
bs:"Forwarded: Re: [PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69f7c612.050a0220.1584b9.0050.GAE@google.com \
    --to=syzbot+23d7fcd204e3837866ff@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox