[PATCH] fs/binfmt_elf.c: disallow zero entry point address

From: H.J. Lu
Date: Sat Dec 11 2021 - 12:34:53 EST

Next message: Bjorn Helgaas: "Re: [PATCH v1 1/1] pci_ids: Keep Intel PCI IDs sorted by value"
Previous message: pr-tracker-bot: "Re: [GIT PULL] Devicetree fixes for v5.16, take 2"
Next in thread: Alexey Dobriyan: "Re: [PATCH] fs/binfmt_elf.c: disallow zero entry point address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

According to gABI, the entry point address in the ELF header gives the
virtual address to which the system first transfers control, thus
starting the process. If the file has no associated entry point, this
member holds zero. Update the ELF loader to disallow an ELF binary
with zero entry point address. This fixes:

https://bugzilla.kernel.org/show_bug.cgi?id=215303

Tested by booting Fedora 35 and running a shared library with zero entry
point address:

$ readelf -h load.so | grep "Entry point address:"
Entry point address: 0x0
$ ./load.so
bash: ./load.so: cannot execute binary file: Exec format error
$

Signed-off-by: H.J. Lu <hjl.tools@xxxxxxxxx>
---
fs/binfmt_elf.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index bd78587194dc..bb427c97dc02 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -850,6 +850,8 @@ static int load_elf_binary(struct linux_binprm *bprm)

if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
goto out;
+ if (elf_ex->e_entry == 0)
+ goto out;
if (!elf_check_arch(elf_ex))
goto out;
if (elf_check_fdpic(elf_ex))
--
2.33.1

Next message: Bjorn Helgaas: "Re: [PATCH v1 1/1] pci_ids: Keep Intel PCI IDs sorted by value"
Previous message: pr-tracker-bot: "Re: [GIT PULL] Devicetree fixes for v5.16, take 2"
Next in thread: Alexey Dobriyan: "Re: [PATCH] fs/binfmt_elf.c: disallow zero entry point address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]