From: "H.J. Lu" <hjl.tools@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH] fs/binfmt_elf.c: disallow zero entry point address
Date: Sat, 11 Dec 2021 09:34:47 -0800 [thread overview]
Message-ID: <20211211173447.4155374-1-hjl.tools@gmail.com> (raw)
According to gABI, the entry point address in the ELF header gives the
virtual address to which the system first transfers control, thus
starting the process. If the file has no associated entry point, this
member holds zero. Update the ELF loader to disallow an ELF binary
with zero entry point address. This fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=215303
Tested by booting Fedora 35 and running a shared library with zero entry
point address:
$ readelf -h load.so | grep "Entry point address:"
Entry point address: 0x0
$ ./load.so
bash: ./load.so: cannot execute binary file: Exec format error
$
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
---
fs/binfmt_elf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index bd78587194dc..bb427c97dc02 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -850,6 +850,8 @@ static int load_elf_binary(struct linux_binprm *bprm)
if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
goto out;
+ if (elf_ex->e_entry == 0)
+ goto out;
if (!elf_check_arch(elf_ex))
goto out;
if (elf_check_fdpic(elf_ex))
--
2.33.1
next reply other threads:[~2021-12-11 17:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-11 17:34 H.J. Lu [this message]
2021-12-12 7:38 ` [PATCH] fs/binfmt_elf.c: disallow zero entry point address Alexey Dobriyan
2021-12-12 13:52 ` H.J. Lu
2021-12-12 18:29 ` Linus Torvalds
2021-12-12 19:05 ` H.J. Lu
2021-12-12 19:15 ` Linus Torvalds
2021-12-12 19:30 ` H.J. Lu
2021-12-12 19:35 ` Linus Torvalds
2021-12-12 20:43 ` H.J. Lu
2021-12-12 19:33 ` Linus Torvalds
2021-12-13 18:34 ` Alexey Dobriyan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211211173447.4155374-1-hjl.tools@gmail.com \
--to=hjl.tools@gmail.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox