nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0272-Verify-modules-on-build-time-rather-than-failing-in-.patch

28f7f8
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
28f7f8
From: Vladimir Serbinenko <phcoder@gmail.com>
28f7f8
Date: Thu, 31 Dec 2015 13:09:15 +0100
28f7f8
Subject: [PATCH] Verify modules on build-time rather than failing in runtime.
28f7f8
28f7f8
---
28f7f8
 util/grub-module-verifier.c    | 122 ++++++++++++++++
28f7f8
 util/grub-module-verifier32.c  |   2 +
28f7f8
 util/grub-module-verifier64.c  |   2 +
28f7f8
 util/grub-module-verifierXX.c  | 315 +++++++++++++++++++++++++++++++++++++++++
28f7f8
 include/grub/module_verifier.h |  19 +++
28f7f8
 grub-core/Makefile.am          |   6 +-
28f7f8
 grub-core/genmod.sh.in         |   5 +-
28f7f8
 7 files changed, 468 insertions(+), 3 deletions(-)
28f7f8
 create mode 100644 util/grub-module-verifier.c
28f7f8
 create mode 100644 util/grub-module-verifier32.c
28f7f8
 create mode 100644 util/grub-module-verifier64.c
28f7f8
 create mode 100644 util/grub-module-verifierXX.c
28f7f8
 create mode 100644 include/grub/module_verifier.h
28f7f8
28f7f8
diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c
28f7f8
new file mode 100644
28f7f8
index 00000000000..d2d6984033c
28f7f8
--- /dev/null
28f7f8
+++ b/util/grub-module-verifier.c
28f7f8
@@ -0,0 +1,122 @@
28f7f8
+#include <stdio.h>
28f7f8
+#include <string.h>
28f7f8
+
28f7f8
+#include <grub/elf.h>
28f7f8
+#include <grub/module_verifier.h>
28f7f8
+#include <grub/misc.h>
28f7f8
+#include <grub/util/misc.h>
28f7f8
+
28f7f8
+struct grub_module_verifier_arch archs[] = {
28f7f8
+  { "i386", 4, 0, EM_386, GRUB_MODULE_VERIFY_SUPPORTS_REL, (int[]){
28f7f8
+      R_386_32,
28f7f8
+      R_386_PC32,
28f7f8
+      -1
28f7f8
+    } },
28f7f8
+  { "x86_64", 8, 0, EM_X86_64, GRUB_MODULE_VERIFY_SUPPORTS_RELA, (int[]){
28f7f8
+      R_X86_64_64,
28f7f8
+      R_X86_64_PC64,
28f7f8
+      /* R_X86_64_32, R_X86_64_32S, R_X86_64_PC32 are supported but shouldn't be used because of their limited range.  */
28f7f8
+      -1
28f7f8
+    } },
28f7f8
+  { "powerpc", 4, 1, EM_PPC, GRUB_MODULE_VERIFY_SUPPORTS_RELA, (int[]){
28f7f8
+      GRUB_ELF_R_PPC_ADDR16_LO,
28f7f8
+      GRUB_ELF_R_PPC_REL24, /* It has limited range but GRUB adds trampolines when necessarry.  */
28f7f8
+      GRUB_ELF_R_PPC_ADDR16_HA,
28f7f8
+      GRUB_ELF_R_PPC_ADDR32,
28f7f8
+      GRUB_ELF_R_PPC_REL32,
28f7f8
+      -1
28f7f8
+    } },
28f7f8
+  { "sparc64", 8, 1, EM_SPARCV9, GRUB_MODULE_VERIFY_SUPPORTS_RELA, (int[]){
28f7f8
+      R_SPARC_WDISP30, /* It has limited range but GRUB adds trampolines when necessarry. */
28f7f8
+      R_SPARC_HH22,
28f7f8
+      R_SPARC_HM10,
28f7f8
+      R_SPARC_LM22,
28f7f8
+      R_SPARC_LO10,
28f7f8
+      R_SPARC_64,
28f7f8
+      R_SPARC_OLO10,
28f7f8
+      /* R_SPARC_32, R_SPARC_HI22  are supported but shouldn't be used because of their limited range.  */
28f7f8
+      -1
28f7f8
+    } },
28f7f8
+  { "ia64", 8, 0, EM_IA_64, GRUB_MODULE_VERIFY_SUPPORTS_RELA, (int[]){
28f7f8
+      R_IA64_PCREL21B, /* We should verify that it's pointing either
28f7f8
+			  to a function or to a section in the same module.  */
28f7f8
+      R_IA64_SEGREL64LSB,
28f7f8
+      R_IA64_FPTR64LSB,
28f7f8
+      R_IA64_DIR64LSB,
28f7f8
+      R_IA64_PCREL64LSB,
28f7f8
+      R_IA64_GPREL22,  /* We should verify that it's pointing  to a section in the same module.  */
28f7f8
+      R_IA64_LTOFF22X,
28f7f8
+      R_IA64_LTOFF22,
28f7f8
+      R_IA64_LTOFF_FPTR22,
28f7f8
+      R_IA64_LDXMOV,
28f7f8
+      -1
28f7f8
+    } },
28f7f8
+  { "mipsel", 4, 0, EM_MIPS, GRUB_MODULE_VERIFY_SUPPORTS_REL | GRUB_MODULE_VERIFY_SUPPORTS_RELA, (int[]){
28f7f8
+      R_MIPS_HI16,
28f7f8
+      R_MIPS_LO16,
28f7f8
+      R_MIPS_32,
28f7f8
+      R_MIPS_GPREL32,
28f7f8
+      R_MIPS_26,
28f7f8
+      R_MIPS_GOT16,
28f7f8
+      R_MIPS_CALL16,
28f7f8
+      R_MIPS_JALR,
28f7f8
+      -1
28f7f8
+    } },
28f7f8
+  { "mips", 4, 1, EM_MIPS, GRUB_MODULE_VERIFY_SUPPORTS_REL | GRUB_MODULE_VERIFY_SUPPORTS_RELA, (int[]){
28f7f8
+      R_MIPS_HI16,
28f7f8
+      R_MIPS_LO16,
28f7f8
+      R_MIPS_32,
28f7f8
+      R_MIPS_GPREL32,
28f7f8
+      R_MIPS_26,
28f7f8
+      R_MIPS_GOT16,
28f7f8
+      R_MIPS_CALL16,
28f7f8
+      R_MIPS_JALR,
28f7f8
+      -1
28f7f8
+    } },
28f7f8
+  { "arm", 4, 0, EM_ARM, GRUB_MODULE_VERIFY_SUPPORTS_REL, (int[]){
28f7f8
+      /* Some relocations are range-limited but trampolines are added when necessarry. */
28f7f8
+      R_ARM_ABS32,
28f7f8
+      R_ARM_CALL,
28f7f8
+      R_ARM_JUMP24,
28f7f8
+      R_ARM_THM_CALL,
28f7f8
+      R_ARM_THM_JUMP24,
28f7f8
+      R_ARM_V4BX,
28f7f8
+      R_ARM_THM_MOVW_ABS_NC,
28f7f8
+      R_ARM_THM_MOVT_ABS,
28f7f8
+      R_ARM_THM_JUMP19,
28f7f8
+      -1
28f7f8
+    } },
28f7f8
+  { "arm64", 8, 0, EM_AARCH64, GRUB_MODULE_VERIFY_SUPPORTS_REL | GRUB_MODULE_VERIFY_SUPPORTS_RELA, (int[]){
28f7f8
+      R_AARCH64_ABS64,
28f7f8
+      R_AARCH64_CALL26,
28f7f8
+      R_AARCH64_JUMP26,
28f7f8
+      -1
28f7f8
+    } },
28f7f8
+};
28f7f8
+
28f7f8
+
28f7f8
+int
28f7f8
+main (int argc, char **argv)
28f7f8
+{
28f7f8
+  size_t module_size;
28f7f8
+  unsigned arch;
28f7f8
+  char *module_img;
28f7f8
+  if (argc != 3) {
28f7f8
+    fprintf (stderr, "usage: %s FILE ARCH\n", argv[0]);
28f7f8
+    return 1;
28f7f8
+  }
28f7f8
+
28f7f8
+  for (arch = 0; arch < ARRAY_SIZE(archs); arch++)
28f7f8
+    if (strcmp(archs[arch].name, argv[2]) == 0)
28f7f8
+      break;
28f7f8
+  if (arch == ARRAY_SIZE(archs))
28f7f8
+    grub_util_error("unknown arch: %s", argv[2]);
28f7f8
+
28f7f8
+  module_size = grub_util_get_image_size (argv[1]);
28f7f8
+  module_img = grub_util_read_image (argv[1]);
28f7f8
+  if (archs[arch].voidp_sizeof == 8)
28f7f8
+    grub_module_verify64(module_img, module_size, &archs[arch]);
28f7f8
+  else
28f7f8
+    grub_module_verify32(module_img, module_size, &archs[arch]);
28f7f8
+  return 0;
28f7f8
+}
28f7f8
diff --git a/util/grub-module-verifier32.c b/util/grub-module-verifier32.c
28f7f8
new file mode 100644
28f7f8
index 00000000000..257229f8f08
28f7f8
--- /dev/null
28f7f8
+++ b/util/grub-module-verifier32.c
28f7f8
@@ -0,0 +1,2 @@
28f7f8
+#define MODULEVERIFIER_ELF32 1
28f7f8
+#include "grub-module-verifierXX.c"
28f7f8
diff --git a/util/grub-module-verifier64.c b/util/grub-module-verifier64.c
28f7f8
new file mode 100644
28f7f8
index 00000000000..4db6b4bedd1
28f7f8
--- /dev/null
28f7f8
+++ b/util/grub-module-verifier64.c
28f7f8
@@ -0,0 +1,2 @@
28f7f8
+#define MODULEVERIFIER_ELF64 1
28f7f8
+#include "grub-module-verifierXX.c"
28f7f8
diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c
28f7f8
new file mode 100644
28f7f8
index 00000000000..904be27d39b
28f7f8
--- /dev/null
28f7f8
+++ b/util/grub-module-verifierXX.c
28f7f8
@@ -0,0 +1,315 @@
28f7f8
+#include <string.h>
28f7f8
+
28f7f8
+#include <grub/elf.h>
28f7f8
+#include <grub/module_verifier.h>
28f7f8
+#include <grub/util/misc.h>
28f7f8
+
28f7f8
+#if defined(MODULEVERIFIER_ELF32)
28f7f8
+# define SUFFIX(x)	x ## 32
28f7f8
+# define ELFCLASSXX	ELFCLASS32
28f7f8
+# define Elf_Ehdr	Elf32_Ehdr
28f7f8
+# define Elf_Phdr	Elf32_Phdr
28f7f8
+# define Elf_Nhdr	Elf32_Nhdr
28f7f8
+# define Elf_Addr	Elf32_Addr
28f7f8
+# define Elf_Sym	Elf32_Sym
28f7f8
+# define Elf_Off	Elf32_Off
28f7f8
+# define Elf_Shdr	Elf32_Shdr
28f7f8
+# define Elf_Rela       Elf32_Rela
28f7f8
+# define Elf_Rel        Elf32_Rel
28f7f8
+# define Elf_Word       Elf32_Word
28f7f8
+# define Elf_Half       Elf32_Half
28f7f8
+# define Elf_Section    Elf32_Section
28f7f8
+# define ELF_R_SYM(val)		ELF32_R_SYM(val)
28f7f8
+# define ELF_R_TYPE(val)		ELF32_R_TYPE(val)
28f7f8
+# define ELF_ST_TYPE(val)		ELF32_ST_TYPE(val)
28f7f8
+#elif defined(MODULEVERIFIER_ELF64)
28f7f8
+# define SUFFIX(x)	x ## 64
28f7f8
+# define ELFCLASSXX	ELFCLASS64
28f7f8
+# define Elf_Ehdr	Elf64_Ehdr
28f7f8
+# define Elf_Phdr	Elf64_Phdr
28f7f8
+# define Elf_Nhdr	Elf64_Nhdr
28f7f8
+# define Elf_Addr	Elf64_Addr
28f7f8
+# define Elf_Sym	Elf64_Sym
28f7f8
+# define Elf_Off	Elf64_Off
28f7f8
+# define Elf_Shdr	Elf64_Shdr
28f7f8
+# define Elf_Rela       Elf64_Rela
28f7f8
+# define Elf_Rel        Elf64_Rel
28f7f8
+# define Elf_Word       Elf64_Word
28f7f8
+# define Elf_Half       Elf64_Half
28f7f8
+# define Elf_Section    Elf64_Section
28f7f8
+# define ELF_R_SYM(val)		ELF64_R_SYM(val)
28f7f8
+# define ELF_R_TYPE(val)		ELF64_R_TYPE(val)
28f7f8
+# define ELF_ST_TYPE(val)		ELF64_ST_TYPE(val)
28f7f8
+#else
28f7f8
+#error "I'm confused"
28f7f8
+#endif
28f7f8
+
28f7f8
+#define grub_target_to_host32(x) (grub_target_to_host32_real (arch, (x)))
28f7f8
+#define grub_host_to_target32(x) (grub_host_to_target32_real (arch, (x)))
28f7f8
+#define grub_target_to_host64(x) (grub_target_to_host64_real (arch, (x)))
28f7f8
+#define grub_host_to_target64(x) (grub_host_to_target64_real (arch, (x)))
28f7f8
+#define grub_host_to_target_addr(x) (grub_host_to_target_addr_real (arch, (x)))
28f7f8
+#define grub_target_to_host16(x) (grub_target_to_host16_real (arch, (x)))
28f7f8
+#define grub_host_to_target16(x) (grub_host_to_target16_real (arch, (x)))
28f7f8
+#define grub_target_to_host(val) grub_target_to_host_real(arch, (val))
28f7f8
+
28f7f8
+static inline grub_uint32_t
28f7f8
+grub_target_to_host32_real (const struct grub_module_verifier_arch *arch,
28f7f8
+			    grub_uint32_t in)
28f7f8
+{
28f7f8
+  if (arch->bigendian)
28f7f8
+    return grub_be_to_cpu32 (in);
28f7f8
+  else
28f7f8
+    return grub_le_to_cpu32 (in);
28f7f8
+}
28f7f8
+
28f7f8
+static inline grub_uint64_t
28f7f8
+grub_target_to_host64_real (const struct grub_module_verifier_arch *arch,
28f7f8
+			    grub_uint64_t in)
28f7f8
+{
28f7f8
+  if (arch->bigendian)
28f7f8
+    return grub_be_to_cpu64 (in);
28f7f8
+  else
28f7f8
+    return grub_le_to_cpu64 (in);
28f7f8
+}
28f7f8
+
28f7f8
+static inline grub_uint64_t
28f7f8
+grub_host_to_target64_real (const struct grub_module_verifier_arch *arch,
28f7f8
+			    grub_uint64_t in)
28f7f8
+{
28f7f8
+  if (arch->bigendian)
28f7f8
+    return grub_cpu_to_be64 (in);
28f7f8
+  else
28f7f8
+    return grub_cpu_to_le64 (in);
28f7f8
+}
28f7f8
+
28f7f8
+static inline grub_uint32_t
28f7f8
+grub_host_to_target32_real (const struct grub_module_verifier_arch *arch,
28f7f8
+			    grub_uint32_t in)
28f7f8
+{
28f7f8
+  if (arch->bigendian)
28f7f8
+    return grub_cpu_to_be32 (in);
28f7f8
+  else
28f7f8
+    return grub_cpu_to_le32 (in);
28f7f8
+}
28f7f8
+
28f7f8
+static inline grub_uint16_t
28f7f8
+grub_target_to_host16_real (const struct grub_module_verifier_arch *arch,
28f7f8
+			    grub_uint16_t in)
28f7f8
+{
28f7f8
+  if (arch->bigendian)
28f7f8
+    return grub_be_to_cpu16 (in);
28f7f8
+  else
28f7f8
+    return grub_le_to_cpu16 (in);
28f7f8
+}
28f7f8
+
28f7f8
+static inline grub_uint16_t
28f7f8
+grub_host_to_target16_real (const struct grub_module_verifier_arch *arch,
28f7f8
+			    grub_uint16_t in)
28f7f8
+{
28f7f8
+  if (arch->bigendian)
28f7f8
+    return grub_cpu_to_be16 (in);
28f7f8
+  else
28f7f8
+    return grub_cpu_to_le16 (in);
28f7f8
+}
28f7f8
+
28f7f8
+static inline grub_uint64_t
28f7f8
+grub_host_to_target_addr_real (const struct grub_module_verifier_arch *arch, grub_uint64_t in)
28f7f8
+{
28f7f8
+  if (arch->voidp_sizeof == 8)
28f7f8
+    return grub_host_to_target64_real (arch, in);
28f7f8
+  else
28f7f8
+    return grub_host_to_target32_real (arch, in);
28f7f8
+}
28f7f8
+
28f7f8
+static inline grub_uint64_t
28f7f8
+grub_target_to_host_real (const struct grub_module_verifier_arch *arch, grub_uint64_t in)
28f7f8
+{
28f7f8
+  if (arch->voidp_sizeof == 8)
28f7f8
+    return grub_target_to_host64_real (arch, in);
28f7f8
+  else
28f7f8
+    return grub_target_to_host32_real (arch, in);
28f7f8
+}
28f7f8
+
28f7f8
+
28f7f8
+static Elf_Shdr *
28f7f8
+find_section (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e, const char *name)
28f7f8
+{
28f7f8
+  Elf_Shdr *s;
28f7f8
+  const char *str;
28f7f8
+  unsigned i;
28f7f8
+
28f7f8
+  s = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff) + grub_target_to_host16 (e->e_shstrndx) * grub_target_to_host16 (e->e_shentsize));
28f7f8
+  str = (char *) e + grub_target_to_host (s->sh_offset);
28f7f8
+
28f7f8
+  for (i = 0, s = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff));
28f7f8
+       i < grub_target_to_host16 (e->e_shnum);
28f7f8
+       i++, s = (Elf_Shdr *) ((char *) s + grub_target_to_host16 (e->e_shentsize)))
28f7f8
+    if (strcmp (str + grub_target_to_host32 (s->sh_name), name) == 0)
28f7f8
+      return s;
28f7f8
+  return NULL;
28f7f8
+}
28f7f8
+
28f7f8
+static void
28f7f8
+check_license (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
28f7f8
+{
28f7f8
+  Elf_Shdr *s = find_section (arch, e, ".module_license");
28f7f8
+  if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0
28f7f8
+	    || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0
28f7f8
+	    || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0))
28f7f8
+    return;
28f7f8
+  grub_util_error ("incompatible license");
28f7f8
+}
28f7f8
+
28f7f8
+static void
28f7f8
+check_symbols (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
28f7f8
+{
28f7f8
+  unsigned i;
28f7f8
+  Elf_Shdr *s, *sections;
28f7f8
+  Elf_Sym *sym;
28f7f8
+  const char *str;
28f7f8
+  Elf_Word size, entsize;
28f7f8
+
28f7f8
+  sections = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff));
28f7f8
+  for (i = 0, s = sections;
28f7f8
+       i < grub_target_to_host16 (e->e_shnum);
28f7f8
+       i++, s = (Elf_Shdr *) ((char *) s + grub_target_to_host16 (e->e_shentsize)))
28f7f8
+    if (grub_target_to_host32 (s->sh_type) == SHT_SYMTAB)
28f7f8
+      break;
28f7f8
+
28f7f8
+  if (i == grub_target_to_host16 (e->e_shnum))
28f7f8
+    grub_util_error ("no symbol table");
28f7f8
+
28f7f8
+  sym = (Elf_Sym *) ((char *) e + grub_target_to_host (s->sh_offset));
28f7f8
+  size = grub_target_to_host (s->sh_size);
28f7f8
+  entsize = grub_target_to_host (s->sh_entsize);
28f7f8
+
28f7f8
+  s = (Elf_Shdr *) ((char *) sections + grub_target_to_host16 (e->e_shentsize) * grub_target_to_host32 (s->sh_link));
28f7f8
+  str = (char *) e + grub_target_to_host (s->sh_offset);
28f7f8
+
28f7f8
+  for (i = 0;
28f7f8
+       i < size / entsize;
28f7f8
+       i++, sym = (Elf_Sym *) ((char *) sym + entsize))
28f7f8
+    {
28f7f8
+      unsigned char type = ELF_ST_TYPE (sym->st_info);
28f7f8
+
28f7f8
+      switch (type)
28f7f8
+	{
28f7f8
+	case STT_NOTYPE:
28f7f8
+	case STT_OBJECT:
28f7f8
+	case STT_FUNC:
28f7f8
+	case STT_SECTION:
28f7f8
+	case STT_FILE:
28f7f8
+	  break;
28f7f8
+
28f7f8
+	default:
28f7f8
+	  return grub_util_error ("unknown symbol type `%d'", (int) type);
28f7f8
+	}
28f7f8
+    }
28f7f8
+}
28f7f8
+
28f7f8
+/* Relocate symbols.  */
28f7f8
+static void
28f7f8
+section_check_relocations (const struct grub_module_verifier_arch *arch, void *ehdr,
28f7f8
+			   Elf_Shdr *s, size_t target_seg_size)
28f7f8
+{
28f7f8
+  Elf_Rel *rel, *max;
28f7f8
+
28f7f8
+  for (rel = (Elf_Rel *) ((char *) ehdr + grub_target_to_host (s->sh_offset)),
28f7f8
+	 max = (Elf_Rel *) ((char *) rel + grub_target_to_host (s->sh_size));
28f7f8
+       rel < max;
28f7f8
+       rel = (Elf_Rel *) ((char *) rel + grub_target_to_host (s->sh_entsize)))
28f7f8
+    {
28f7f8
+      Elf_Word *addr;
28f7f8
+      Elf_Sym *sym;
28f7f8
+      unsigned i;
28f7f8
+
28f7f8
+      if (target_seg_size < grub_target_to_host (rel->r_offset))
28f7f8
+	grub_util_error ("reloc offset is out of the segment");
28f7f8
+
28f7f8
+      grub_uint32_t type = ELF_R_TYPE (grub_target_to_host (rel->r_info));
28f7f8
+
28f7f8
+      if (arch->machine == EM_SPARCV9)
28f7f8
+	type &= 0xff;
28f7f8
+
28f7f8
+      for (i = 0; arch->supported_relocations[i] != -1; i++)
28f7f8
+	if (type == arch->supported_relocations[i])
28f7f8
+	  break;
28f7f8
+      if (arch->supported_relocations[i] == -1)
28f7f8
+	grub_util_error ("unsupported relocation 0x%x", type);
28f7f8
+    }
28f7f8
+}
28f7f8
+
28f7f8
+static void
28f7f8
+check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
28f7f8
+{
28f7f8
+  Elf_Shdr *s;
28f7f8
+  unsigned i;
28f7f8
+
28f7f8
+  for (i = 0, s = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff));
28f7f8
+       i < grub_target_to_host16 (e->e_shnum);
28f7f8
+       i++, s = (Elf_Shdr *) ((char *) s + grub_target_to_host16 (e->e_shentsize)))
28f7f8
+    if (grub_target_to_host32 (s->sh_type) == SHT_REL || grub_target_to_host32 (s->sh_type) == SHT_RELA)
28f7f8
+      {
28f7f8
+	Elf_Shdr *ts;
28f7f8
+
28f7f8
+	if (grub_target_to_host32 (s->sh_type) == SHT_REL && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_REL))
28f7f8
+	  grub_util_error ("unsupported SHT_REL");
28f7f8
+	if (grub_target_to_host32 (s->sh_type) == SHT_RELA && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_RELA))
28f7f8
+	  grub_util_error ("unsupported SHT_RELA");
28f7f8
+
28f7f8
+	/* Find the target segment.  */
28f7f8
+	if (grub_target_to_host32 (s->sh_info) >= grub_target_to_host16 (e->e_shnum))
28f7f8
+	  grub_util_error ("orphaned reloc section");
28f7f8
+	ts = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff) + grub_target_to_host32 (s->sh_info) * grub_target_to_host16 (e->e_shentsize));
28f7f8
+
28f7f8
+	section_check_relocations (arch, e, s, grub_target_to_host (ts->sh_size));
28f7f8
+      }
28f7f8
+}
28f7f8
+
28f7f8
+void
28f7f8
+SUFFIX(grub_module_verify) (void *module_img, size_t size, const struct grub_module_verifier_arch *arch)
28f7f8
+{
28f7f8
+  Elf_Ehdr *e = module_img;
28f7f8
+
28f7f8
+  /* Check the header size.  */
28f7f8
+  if (size < sizeof (Elf_Ehdr))
28f7f8
+    grub_util_error ("ELF header smaller than expected");
28f7f8
+
28f7f8
+  /* Check the magic numbers.  */
28f7f8
+  if (e->e_ident[EI_MAG0] != ELFMAG0
28f7f8
+      || e->e_ident[EI_MAG1] != ELFMAG1
28f7f8
+      || e->e_ident[EI_MAG2] != ELFMAG2
28f7f8
+      || e->e_ident[EI_MAG3] != ELFMAG3
28f7f8
+      || e->e_ident[EI_VERSION] != EV_CURRENT
28f7f8
+      || grub_target_to_host32 (e->e_version) != EV_CURRENT)
28f7f8
+    grub_util_error ("invalid arch-independent ELF magic");
28f7f8
+
28f7f8
+  if (e->e_ident[EI_CLASS] != ELFCLASSXX
28f7f8
+      || e->e_ident[EI_DATA] != (arch->bigendian ? ELFDATA2MSB : ELFDATA2LSB)
28f7f8
+      || grub_target_to_host16 (e->e_machine) != arch->machine)
28f7f8
+    grub_util_error ("invalid arch-dependent ELF magic");
28f7f8
+
28f7f8
+  if (grub_target_to_host16 (e->e_type) != ET_REL)
28f7f8
+    {
28f7f8
+      grub_util_error ("this ELF file is not of the right type");
28f7f8
+    }
28f7f8
+
28f7f8
+  /* Make sure that every section is within the core.  */
28f7f8
+  if (size < grub_target_to_host (e->e_shoff)
28f7f8
+      + grub_target_to_host16 (e->e_shentsize) * grub_target_to_host16(e->e_shnum))
28f7f8
+    {
28f7f8
+      grub_util_error ("ELF sections outside core");
28f7f8
+    }
28f7f8
+
28f7f8
+  check_license (arch, e);
28f7f8
+
28f7f8
+  Elf_Shdr *s;
28f7f8
+
28f7f8
+  s = find_section (arch, e, ".modname");
28f7f8
+  if (!s)
28f7f8
+    grub_util_error ("no module name found");
28f7f8
+
28f7f8
+  check_symbols(arch, e);
28f7f8
+  check_relocations(arch, e);
28f7f8
+}
28f7f8
diff --git a/include/grub/module_verifier.h b/include/grub/module_verifier.h
28f7f8
new file mode 100644
28f7f8
index 00000000000..9e3a2ba720f
28f7f8
--- /dev/null
28f7f8
+++ b/include/grub/module_verifier.h
28f7f8
@@ -0,0 +1,19 @@
28f7f8
+#include <stdint.h>
28f7f8
+#include <stdlib.h>
28f7f8
+
28f7f8
+#include <grub/types.h>
28f7f8
+
28f7f8
+#define GRUB_MODULE_VERIFY_SUPPORTS_REL 1
28f7f8
+#define GRUB_MODULE_VERIFY_SUPPORTS_RELA 2
28f7f8
+
28f7f8
+struct grub_module_verifier_arch {
28f7f8
+  const char *name;
28f7f8
+  int voidp_sizeof;
28f7f8
+  int bigendian;
28f7f8
+  int machine;
28f7f8
+  int flags;
28f7f8
+  const int *supported_relocations;
28f7f8
+};
28f7f8
+
28f7f8
+void grub_module_verify64(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch);
28f7f8
+void grub_module_verify32(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch);
28f7f8
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
28f7f8
index be29e327f77..77205f16358 100644
28f7f8
--- a/grub-core/Makefile.am
28f7f8
+++ b/grub-core/Makefile.am
28f7f8
@@ -39,6 +39,10 @@ gentrigtables$(BUILD_EXEEXT): gentrigtables.c
28f7f8
 	$(BUILD_CC) -o $@ -I$(top_srcdir)/include $(BUILD_CFLAGS) $(BUILD_CPPFLAGS) $(BUILD_LDFLAGS) $< $(BUILD_LIBM)
28f7f8
 CLEANFILES += gentrigtables$(BUILD_EXEEXT)
28f7f8
 
28f7f8
+build-grub-module-verifier$(BUILD_EXEEXT): $(top_srcdir)/util/grub-module-verifier.c $(top_srcdir)/util/grub-module-verifier32.c $(top_srcdir)/util/grub-module-verifier64.c $(top_srcdir)/grub-core/kern/emu/misc.c $(top_srcdir)/util/misc.c
28f7f8
+	$(BUILD_CC) -o $@ -I$(top_srcdir)/include $(BUILD_CFLAGS) $(BUILD_CPPFLAGS) $(BUILD_LDFLAGS) -DGRUB_BUILD=1 -DGRUB_UTIL=1 -DGRUB_BUILD_PROGRAM_NAME=\"build-grub-module-verifier\" $^
28f7f8
+CLEANFILES += build-grub-module-verifier$(BUILD_EXEEXT)
28f7f8
+
28f7f8
 # trigtables.c
28f7f8
 trigtables.c: gentrigtables$(BUILD_EXEEXT) gentrigtables.c $(top_srcdir)/configure.ac
28f7f8
 	./gentrigtables$(BUILD_EXEEXT) > $@
28f7f8
@@ -387,7 +391,7 @@ moddep.lst: syminfo.lst genmoddep.awk video.lst
28f7f8
 platform_DATA += moddep.lst
28f7f8
 CLEANFILES += config.log syminfo.lst moddep.lst
28f7f8
 
28f7f8
-$(MOD_FILES): %.mod : genmod.sh moddep.lst %.module$(EXEEXT)
28f7f8
+$(MOD_FILES): %.mod : genmod.sh moddep.lst %.module$(EXEEXT) build-grub-module-verifier
28f7f8
 	TARGET_OBJ2ELF=@TARGET_OBJ2ELF@ sh $^ $@
28f7f8
 platform_DATA += $(MOD_FILES)
28f7f8
 platform_DATA += modinfo.sh
28f7f8
diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in
28f7f8
index 789732b108b..7dcafd9d370 100644
28f7f8
--- a/grub-core/genmod.sh.in
28f7f8
+++ b/grub-core/genmod.sh.in
28f7f8
@@ -15,12 +15,12 @@ set -e
28f7f8
 #
28f7f8
 # Example:
28f7f8
 #
28f7f8
-# genmod.sh moddep.lst normal.module normal.mod
28f7f8
+# genmod.sh moddep.lst normal.module build-grub-module-verifier normal.mod
28f7f8
 #
28f7f8
 
28f7f8
 moddep=$1
28f7f8
 infile=$2
28f7f8
-outfile=$3
28f7f8
+outfile=$4
28f7f8
 
28f7f8
 tmpfile=${outfile}.tmp
28f7f8
 modname=`echo $infile | sed -e 's@\.module.*$@@'`
28f7f8
@@ -93,4 +93,5 @@ else
28f7f8
 	    -wd1106 -nu -nd $tmpfile.bin $tmpfile || exit 1
28f7f8
 	rm -f $name.bin
28f7f8
 fi
28f7f8
+./build-grub-module-verifier $tmpfile @target_cpu@
28f7f8
 mv $tmpfile $outfile