[PATCH] security: add LSM hook at the memfd_create point

[Li Qiang]

memfd_create is often used in the fileless attack.
Let's create a LSM hook so that we can detect and prevent
anonymous file creation.

Signed-off-by: Li Qiang <liq3ea at 163.com>
---
 include/linux/lsm_hook_defs.h |  4 ++++
 include/linux/lsm_hooks.h     |  5 +++++
 include/linux/security.h      | 15 +++++++++++++++
 mm/memfd.c                    |  6 ++++++
 security/security.c           |  7 +++++++
 5 files changed, 37 insertions(+)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 04c01794de83..955556d0d084 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -403,3 +403,7 @@ LSM_HOOK(void, LSM_RET_VOID, perf_event_free, struct perf_event *event)
 LSM_HOOK(int, 0, perf_event_read, struct perf_event *event)
 LSM_HOOK(int, 0, perf_event_write, struct perf_event *event)
 #endif /* CONFIG_PERF_EVENTS */
+
+#ifdef CONFIG_MEMFD_CREATE
+LSM_HOOK(int, 0, memfd_create, const char *name, unsigned int flags)
+#endif /* CONFIG_MEMFD_CREATE */
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 5c4c5c0602cb..e9c31dbb2783 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1557,6 +1557,11 @@
  * 	Read perf_event security info if allowed.
  * @perf_event_write:
  * 	Write perf_event security info if allowed.
+ *
+ * Security hooks for anonymous file
+ *
+ * @memfd_create:
+ *	Check whether anonymous file creation is allowed
  */
 union security_list_options {
 	#define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__);
diff --git a/include/linux/security.h b/include/linux/security.h
index 06f7c50ce77f..44b43a7569b5 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -2037,4 +2037,19 @@ static inline int security_perf_event_write(struct perf_event *event)
 #endif /* CONFIG_SECURITY */
 #endif /* CONFIG_PERF_EVENTS */
 
+#ifdef CONFIG_MEMFD_CREATE
+#ifdef CONFIG_SECURITY
+
+extern int security_memfd_create(const char *name, unsigned int flags);
+
+#else
+
+static inline int security_memfd_create(const char *name, unsigned int flags)
+{
+	return 0;
+}
+
+#endif /* CONFIG_SECURITY */
+#endif /* CONFIG_MEMFD_CREATE */
+
 #endif /* ! __LINUX_SECURITY_H */
diff --git a/mm/memfd.c b/mm/memfd.c
index 2647c898990c..dbd309e455d2 100644
--- a/mm/memfd.c
+++ b/mm/memfd.c
@@ -18,6 +18,7 @@
 #include <linux/hugetlb.h>
 #include <linux/shmem_fs.h>
 #include <linux/memfd.h>
+#include <linux/security.h>
 #include <uapi/linux/memfd.h>
 
 /*
@@ -290,6 +291,11 @@ SYSCALL_DEFINE2(memfd_create,
 		goto err_name;
 	}
 
+	if (security_memfd_create(name, flags)) {
+		error = -EPERM;
+		goto err_name;
+	}
+
 	fd = get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0);
 	if (fd < 0) {
 		error = fd;
diff --git a/security/security.c b/security/security.c
index b38155b2de83..5723408c5d0b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2624,3 +2624,10 @@ int security_perf_event_write(struct perf_event *event)
 	return call_int_hook(perf_event_write, 0, event);
 }
 #endif /* CONFIG_PERF_EVENTS */
+
+#ifdef CONFIG_MEMFD_CREATE
+int security_memfd_create(const char *name, unsigned int flags)
+{
+	return call_int_hook(memfd_create, 0, name, flags);
+}
+#endif /* CONFIG_MEMFD_CREATE */
-- 
2.25.1