[PATCH AUTOSEL 6.17-6.1] lkdtm: fortify: Fix potential NULL dereference on kmalloc failure

[Sasha Levin <sashal@kernel.org>]

From: Junjie Cao <junjie.cao@intel.com>

[ Upstream commit 01c7344e21c2140e72282d9d16d79a61f840fc20 ]

Add missing NULL pointer checks after kmalloc() calls in
lkdtm_FORTIFY_STR_MEMBER() and lkdtm_FORTIFY_MEM_MEMBER() functions.

Signed-off-by: Junjie Cao <junjie.cao@intel.com>
Link: https://lore.kernel.org/r/20250814060605.5264-1-junjie.cao@intel.com
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

LLM Generated explanations, may be completely bogus:

Based on my comprehensive analysis of this commit and the lkdtm
subsystem, here is my assessment:

## **Backport Status: YES**

### Extensive Analysis:

#### 1. **Nature of the Bug**
The commit fixes potential NULL pointer dereferences in
`lkdtm_FORTIFY_STR_MEMBER()` and `lkdtm_FORTIFY_MEM_MEMBER()` functions
at **drivers/misc/lkdtm/fortify.c:46** and
**drivers/misc/lkdtm/fortify.c:111**.

Without this fix, if `kmalloc(size, GFP_KERNEL)` fails and returns NULL,
the code immediately calls:
- `strscpy(src, "over ten bytes", size)` - dereferencing NULL pointer
- `strlen(src)` - dereferencing NULL pointer again

This will cause a kernel crash when running these lkdtm tests under
memory pressure.

#### 2. **Code Changes Analysis**
The fix is minimal and defensive:
```c
src = kmalloc(size, GFP_KERNEL);
+if (!src)
+    return;
+
strscpy(src, "over ten bytes", size);
```

This pattern is consistent with existing code in the same file -
`lkdtm_FORTIFY_STRSCPY()` at line 151-154 already has this exact NULL
check pattern for `kstrdup()`.

#### 3. **Strong Historical Precedent**
I found compelling evidence that similar lkdtm NULL check fixes ARE
backported:

- **Commit 4a9800c81d2f3** ("lkdtm/bugs: Check for the NULL pointer
  after calling kmalloc") from 2022 was backported to multiple stable
  versions:
  - linux-5.19.y
  - linux-6.0.y
  - linux-6.1.y
  - linux-6.17.y

- **This exact commit (01c7344e21c21) has ALREADY been backported** as
  commit 7309ca99f3b2a by Sasha Levin using the AUTOSEL system,
  confirming automated tooling deemed it backport-worthy.

#### 4. **LKDTM Subsystem Context**
LKDTM (Linux Kernel Dump Test Module) is documented in
`Documentation/fault-injection/provoke-crashes.rst` as a critical
testing framework used to:
- Evaluate kernel exception handling reliability
- Test crash dumps from different dumping solutions
- Validate kernel hardening features (FORTIFY_SOURCE in this case)

While it's "test code," it's actively used by kernel developers and
testers on stable kernels to validate backported hardening features.

#### 5. **Backporting Criteria Assessment**

✅ **Small and contained**: Only 6 lines added across 2 functions
✅ **Fixes a real bug**: Prevents NULL dereference crashes
✅ **Minimal regression risk**: Pure defensive check, cannot break
existing functionality
✅ **Historical precedent**: Similar fixes backported
✅ **Already selected by AUTOSEL**: Strong automated signal
✅ **Consistency**: Matches existing patterns in same file
❌ **No explicit stable tag**: Commit message doesn't mention Cc: stable
⚠️ **Test code only**: Only affects developers running lkdtm tests

#### 6. **Impact and Risk**

**Impact**: Makes lkdtm fortify tests robust against memory allocation
failures, preventing test crashes that could interfere with kernel
testing and validation work on stable kernels.

**Risk**: Essentially zero - the change only adds early returns on
allocation failure, which is the correct behavior. No functional changes
to test logic when allocations succeed.

### Conclusion

This commit should be backported to stable trees. The evidence is
overwhelming:
1. Identical pattern to previously backported lkdtm NULL check fixes
2. Already selected by AUTOSEL automated backporting system
3. Fixes a clear bug with zero regression risk
4. Improves testing reliability on stable kernels
5. Small, obvious, and correct fix

The fact that this HAS already been backported by AUTOSEL (commit
7309ca99f3b2a) provides strong confirmation that this analysis aligns
with established backporting practices for the lkdtm subsystem.

 drivers/misc/lkdtm/fortify.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/misc/lkdtm/fortify.c b/drivers/misc/lkdtm/fortify.c
index 0159276656780..00ed2147113e6 100644
--- a/drivers/misc/lkdtm/fortify.c
+++ b/drivers/misc/lkdtm/fortify.c
@@ -44,6 +44,9 @@ static void lkdtm_FORTIFY_STR_MEMBER(void)
 	char *src;
 
 	src = kmalloc(size, GFP_KERNEL);
+	if (!src)
+		return;
+
 	strscpy(src, "over ten bytes", size);
 	size = strlen(src) + 1;
 
@@ -109,6 +112,9 @@ static void lkdtm_FORTIFY_MEM_MEMBER(void)
 	char *src;
 
 	src = kmalloc(size, GFP_KERNEL);
+	if (!src)
+		return;
+
 	strscpy(src, "over ten bytes", size);
 	size = strlen(src) + 1;
 
-- 
2.51.0