diff options
-rw-r--r-- | pkg/sentry/arch/arch.go | 4 | ||||
-rw-r--r-- | pkg/sentry/loader/elf.go | 17 |
2 files changed, 18 insertions, 3 deletions
diff --git a/pkg/sentry/arch/arch.go b/pkg/sentry/arch/arch.go index ace7d5b18..498ca4669 100644 --- a/pkg/sentry/arch/arch.go +++ b/pkg/sentry/arch/arch.go @@ -33,6 +33,8 @@ type Arch int const ( // AMD64 is the x86-64 architecture. AMD64 Arch = iota + // ARM64 is the aarch64 architecture. + ARM64 ) // String implements fmt.Stringer. @@ -40,6 +42,8 @@ func (a Arch) String() string { switch a { case AMD64: return "amd64" + case ARM64: + return "arm64" default: return fmt.Sprintf("Arch(%d)", a) } diff --git a/pkg/sentry/loader/elf.go b/pkg/sentry/loader/elf.go index fba2f27fe..bc5b841fb 100644 --- a/pkg/sentry/loader/elf.go +++ b/pkg/sentry/loader/elf.go @@ -148,12 +148,17 @@ func parseHeader(ctx context.Context, f *fs.File) (elfInfo, error) { } binary.Unmarshal(hdrBuf, byteOrder, &hdr) - // We only support amd64. - if machine := elf.Machine(hdr.Machine); machine != elf.EM_X86_64 { + // We support amd64 and arm64. + var a arch.Arch + switch machine := elf.Machine(hdr.Machine); machine { + case elf.EM_X86_64: + a = arch.AMD64 + case elf.EM_AARCH64: + a = arch.ARM64 + default: log.Infof("Unsupported ELF machine %d", machine) return elfInfo{}, syserror.ENOEXEC } - a := arch.AMD64 var sharedObject bool elfType := elf.Type(hdr.Type) @@ -560,6 +565,12 @@ func loadInitialELF(ctx context.Context, m *mm.MemoryManager, fs *cpuid.FeatureS return loadedELF{}, nil, err } + // Check Image Compatibility. + if arch.Host != info.arch { + ctx.Warningf("Found mismatch for platform %s with ELF type %s", arch.Host.String(), info.arch.String()) + return loadedELF{}, nil, syserror.ENOEXEC + } + // Create the arch.Context now so we can prepare the mmap layout before // mapping anything. ac := arch.New(info.arch, fs) |