Re: [PATCH] crypto: zero initialize memory allocated via sock_kmalloc

On Tue, Sep 23, 2025 at 12:45:15AM -0700, Shivani Agarwal wrote:

diff --git a/crypto/af_alg.c b/crypto/af_alg.c index ca6fdcc6c54a..6c271e55f44d 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -1212,15 +1212,14 @@ struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk, if (unlikely(!areq)) return ERR_PTR(-ENOMEM);

• memset(areq, 0, areqlen);
• ctx->inflight = true;

areq->areqlen = areqlen; areq->sk = sk; areq->first_rsgl.sgl.sgt.sgl = areq->first_rsgl.sgl.sgl;

• areq->last_rsgl = NULL; INIT_LIST_HEAD(&areq->rsgl_list);
• areq->tsgl = NULL;
• areq->tsgl_entries = 0;

return areq; } diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c index e3f1a4852737..4d3dfc60a16a 100644 --- a/crypto/algif_hash.c +++ b/crypto/algif_hash.c @@ -416,9 +416,8 @@ static int hash_accept_parent_nokey(void *private, struct sock *sk) if (!ctx) return -ENOMEM;

• ctx->result = NULL;

• memset(ctx, 0, len); ctx->len = len;

• ctx->more = false; crypto_init_wait(&ctx->wait);

ask->private = ctx; diff --git a/crypto/algif_rng.c b/crypto/algif_rng.c index 10c41adac3b1..1a86e40c8372 100644 --- a/crypto/algif_rng.c +++ b/crypto/algif_rng.c @@ -248,9 +248,8 @@ static int rng_accept_parent(void *private, struct sock *sk) if (!ctx) return -ENOMEM;

• memset(ctx, 0, len); ctx->len = len;

• ctx->addtl = NULL;
• ctx->addtl_len = 0;

/* * No seeding done at that point -- if multiple accepts are

These changes look good.

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index 125d395c5e00..f4ce5473324f 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -70,6 +70,7 @@ static int algif_skcipher_export(struct sock *sk, struct skcipher_request *req) if (!ctx->state) return -ENOMEM;

• memset(ctx->state, 0, statesize); err = crypto_skcipher_export(req, ctx->state); if (err) { sock_kzfree_s(sk, ctx->state, statesize);

But this one should be dropped. The ctx->state will immediately be overwritten by crypto_skcipher_export. Even if it fails, the memory is immediately freed so no harm is done.

Thanks,