Reject executables with non-matching machine type

Whenever an ELF file is loaded, its machine identifier is now compared to the kernel's. If they differ, the executable is rejected. Fixes #1104 Signed-off-by: Samuel Laberge <[email protected]> Message-Id: <[email protected]>
cloudius-systems · Dec 9, 2020 · 8a2339e · 8a2339e
1 parent fa6c5c4
commit 8a2339e
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 0 deletions.
diff --git a/arch/aarch64/arch-elf.hh b/arch/aarch64/arch-elf.hh
@@ -20,4 +20,6 @@ enum {
 #define ARCH_JUMP_SLOT R_AARCH64_JUMP_SLOT
 #define ARCH_TLSDESC R_AARCH64_TLSDESC
 
+#define ELF_KERNEL_MACHINE_TYPE 183
+
 #endif /* ARCH_ELF_HH */
diff --git a/arch/x64/arch-elf.hh b/arch/x64/arch-elf.hh
@@ -39,4 +39,6 @@ enum {
 #define ARCH_JUMP_SLOT R_X86_64_JUMP_SLOT
 #define ARCH_TLSDESC R_X86_64_TLSDESC
 
+#define ELF_KERNEL_MACHINE_TYPE 62
+
 #endif /* ARCH_ELF_HH */
diff --git a/core/elf.cc b/core/elf.cc
@@ -30,6 +30,7 @@
 #include <deque>
 
 #include "arch.hh"
+#include "arch-elf.hh"
 
 #if CONF_debug_elf
 #define elf_debug(format,...) kprintf("ELF [tid:%d, mod:%d, %s]: " format, sched::thread::current()->id(), _module_index, _pathname.c_str(), ##__VA_ARGS__)
@@ -316,6 +317,9 @@ void file::load_elf_header()
         throw osv::invalid_elf_error(
                 "bad executable type (only shared-object, PIE or non-PIE executable supported)");
     }
+    if(_ehdr.e_machine != ELF_KERNEL_MACHINE_TYPE) {
+        throw osv::invalid_elf_error("machine type for " + _pathname + " differs from the kernel");
+    }
 }
 
 void file::read(Elf64_Off offset, void* data, size_t size)