Update qemu test scripts and images (#1529)

.gitignore

@@ -76,6 +76,11 @@ tests/**/binaries/div_zero_binary/core
 tests/**/binaries/div_zero_binary/binary
 !tests/**/binaries/*.go
 
+# QEMU test files
+tests/qemu-tests/Image*
+tests/qemu-tests/bzImage*
+tests/qemu-tests/rootfs*.img
+
 # VS Code files
 .vscode/
 

tests/qemu-tests/download_images.sh

@@ -1,7 +1,13 @@
 #!/bin/bash
 
-wget https://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/machines/qemu/qemux86-64/bzImage-qemux86-64.bin
-wget https://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/machines/qemu/qemux86-64/core-image-minimal-dev-qemux86-64-20221114164338.rootfs.ext4
+set -o errexit
 
-wget https://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/machines/qemu/qemuarm64/Image-qemuarm64.bin
-wget https://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/machines/qemu/qemuarm64/core-image-minimal-dev-qemuarm64-20221114170418.rootfs.ext4
+URL="https://github.com/gsingh93/linux-exploit-dev-env/releases/latest/download"
+
+wget "$URL/rootfs-x86_64.img"
+wget "$URL/rootfs-arm64.img"
+
+wget "$URL/bzImage-linux-x86_64"
+wget "$URL/bzImage-ack-x86_64"
+wget "$URL/Image-linux-arm64"
+wget "$URL/Image-ack-arm64"

tests/qemu-tests/test_qemu.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+make -C binaries
+
 qemu-aarch64 \
     -g 1234 \
     -L /usr/aarch64-linux-gnu/ \

tests/qemu-tests/test_qemu_system.sh

@@ -2,27 +2,36 @@
 
 ARCH="$1"
 
-if [[ "$ARCH" == aarch64 ]]; then
+if [ -z "$ARCH" ]; then
+    echo "usage: $0 ARCH"
+    exit 1
+fi
+
+if [ "$ACK" == 1 ]; then
+    KERNEL_TYPE=ack
+else
+    KERNEL_TYPE=linux
+fi
+
+if [ "$ARCH" == arm64 ] || [ "$ARCH" == aarch64 ]; then
     QEMU_BIN=qemu-system-aarch64
-    KERNEL=Image-qemuarm64.bin
-    ROOTFS=core-image-minimal-dev-qemuarm64-20221114170418.rootfs.ext4
+    KERNEL=Image-${KERNEL_TYPE}-arm64
+    ROOTFS=rootfs-arm64.img
 
     QEMU_ARGS=(
         -cpu cortex-a53
         -machine virt
-        -append "console=ttyAMA0 root=/dev/vda"
+        -append "console=ttyAMA0 root=/dev/vda nokaslr"
     )
-
-elif [[ "$ARCH" == "x86_64" ]]; then
+elif [ "$ARCH" == "x86_64" ]; then
     QEMU_BIN=qemu-system-x86_64
-    KERNEL=bzImage-qemux86-64.bin
-    ROOTFS=core-image-minimal-dev-qemux86-64-20221114164338.rootfs.ext4
+    KERNEL=bzImage-${KERNEL_TYPE}-x86_64
+    ROOTFS=rootfs-x86_64.img
 
     QEMU_ARGS=(
         -accel kvm
-        -append "8250.nr_uarts=1 console=ttyS0 root=/dev/vda"
+        -append "8250.nr_uarts=1 console=ttyS0 root=/dev/vda nokaslr"
     )
-
 else
     echo "No arch specified"
     exit 1
@@ -33,7 +42,7 @@ tmux splitw -h -p 60 gdb-multiarch -ex "target remote :1234" -ex continue
 QEMU_ARGS+=(
     -kernel $KERNEL
     -nographic
-    -drive file=$ROOTFS,if=virtio,format=raw
+    -drive file=$ROOTFS,if=virtio,format=qcow2
     -S -s
 )
 

tests/qemu-tests/tests/test_qemu_user_aarch64.py

@@ -3,18 +3,26 @@ import gdb
 import pwndbg
 
 gdb.execute("break break_here")
-print(pwndbg.gdblib.symbol.address("main"))
+assert pwndbg.gdblib.symbol.address("main") == 0x5500000A1C
 gdb.execute("continue")
 
-gdb.execute("argv")
-gdb.execute("argc")
-gdb.execute("auxv")
-gdb.execute("cpsr")
-gdb.execute("context")
-gdb.execute("hexdump")
-gdb.execute("retaddr")
-gdb.execute("piebase")
-gdb.execute("telescope")
-gdb.execute("procinfo")
-gdb.execute("vmmap")
-gdb.execute("nextret")
+gdb.execute("argv", to_string=True)
+assert gdb.execute("argc", to_string=True) == 1
+gdb.execute("auxv", to_string=True)
+assert gdb.execute("cpsr", to_string=True) == "cpsr 0x60000000 [ n Z C v q pan il d a i f el sp ]"
+gdb.execute("context", to_string=True)
+gdb.execute("hexdump", to_string=True)
+gdb.execute("telescope", to_string=True)
+
+# TODO: Broken
+gdb.execute("retaddr", to_string=True)
+
+# Broken
+gdb.execute("procinfo", to_string=True)
+
+# Broken
+gdb.execute("vmmap", to_string=True)
+
+gdb.execute("piebase", to_string=True)
+
+gdb.execute("nextret", to_string=True)