diff options
Diffstat (limited to 'pkg/sentry/loader/elf.go')
-rw-r--r-- | pkg/sentry/loader/elf.go | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/pkg/sentry/loader/elf.go b/pkg/sentry/loader/elf.go index fba2f27fe..bc5b841fb 100644 --- a/pkg/sentry/loader/elf.go +++ b/pkg/sentry/loader/elf.go @@ -148,12 +148,17 @@ func parseHeader(ctx context.Context, f *fs.File) (elfInfo, error) { } binary.Unmarshal(hdrBuf, byteOrder, &hdr) - // We only support amd64. - if machine := elf.Machine(hdr.Machine); machine != elf.EM_X86_64 { + // We support amd64 and arm64. + var a arch.Arch + switch machine := elf.Machine(hdr.Machine); machine { + case elf.EM_X86_64: + a = arch.AMD64 + case elf.EM_AARCH64: + a = arch.ARM64 + default: log.Infof("Unsupported ELF machine %d", machine) return elfInfo{}, syserror.ENOEXEC } - a := arch.AMD64 var sharedObject bool elfType := elf.Type(hdr.Type) @@ -560,6 +565,12 @@ func loadInitialELF(ctx context.Context, m *mm.MemoryManager, fs *cpuid.FeatureS return loadedELF{}, nil, err } + // Check Image Compatibility. + if arch.Host != info.arch { + ctx.Warningf("Found mismatch for platform %s with ELF type %s", arch.Host.String(), info.arch.String()) + return loadedELF{}, nil, syserror.ENOEXEC + } + // Create the arch.Context now so we can prepare the mmap layout before // mapping anything. ac := arch.New(info.arch, fs) |